S3500-Command Manual v1 - 04

.
HUAWEI
1. Getting Started
2. Port
3. VLAN
4. Network Protocol
5. Routing Protocol
6. Multicast
7. QoS/ACL
8. Integrated Management
9. STP
10. Security
11. Reliability
12. System Management
13. Auto Detecting
14. Appendix
Quidway S3500 Series Ethernet Switches

Command Manual
Huawei Technologies Proprietary

Command Manual
Manual Version T2-081985-20050613-C-1.04
BOM 31190185
Huawei Technologies Co., Ltd. provides customers with comprehensive technical support
and service. If you purchase the products from the sales agent of Huawei Technologies Co.,
Ltd., please contact our sales agent. If you purchase the products from Huawei
Technologies Co., Ltd. directly, Please feel free to contact our local office, customer care
center or company headquarters.
Huawei Technologies Co., Ltd.
Address: Administration Building, Huawei Technologies Co., Ltd.,
Bantian, Longgang District, Shenzhen, P. R. China
Postal Code: 518129
Website: http://www.huawei.com

Copyright © 2005 Huawei Technologies Co., Ltd.
All Rights Reserved
No part of this manual may be reproduced or transmitted in any form or by any

means without prior written consent of Huawei Technologies Co., Ltd.
Trademarks
, HUAWEI, C&C08, EAST8000, HONET, , ViewPoint, INtess, ETS, DMC,

TELLIN, InfoLink, Netkey, Quidway, SYNLOCK, Radium, M900/M1800,
TELESIGHT, Quidview, Musa, Airbridge, Tellwin, Inmedia, VRP, DOPRA,
iTELLIN, HUAWEI OptiX, C&C08 iNET, NETENGINE, OptiX, iSite, U-SYS, iMUSE,
OpenEye, Lansway, SmartAX, infoX, and TopEng are trademarks of Huawei
Technologies Co., Ltd.
All other trademarks and trade names mentioned in this manual are the property of
their respective holders.
Notice
The information in this manual is subject to change without notice. Every effort has
been made in the preparation of this manual to ensure accuracy of the contents,
but all statements, information, and recommendations in this manual do not
constitute the warranty of any kind, express or implied.

About This Manual
Release Notes
This manual applies to S3526-0025/S3526EF-S3526C-0035/S3528-S3552-0017.
Related Manuals
The related manuals are listed in the following table.
Manual Content
Quidway S3528 Series Ethernet
It provides information for the system installation.
Switches Installation Manual
Quidway S3552F Ethernet
Switch Installation Manual
Quidway S3526 Ethernet
Quidway S3526E Ethernet
Quidway S3526 FM/FS
Ethernet Switches Installation It provides information for the system installation.
Manual
Quidway S3552 Ethernet

Quidway S3526C/S3526E
FM/S3526E FS Ethernet It provides information for the system installation.
Switches Installation Manual
Quidway S3500 Series Ethernet It is used for assisting the users in data
Switches Operation Manual configurations and typical applications.
Organization
There are 14 modules in the manual.
z Getting Started
This module introduces the commands used for accessing the Ethernet Switch.
z Port

This module introduces the commands used for configuring Ethernet port and link
aggregation.
z VLAN
This module introduces the commands used for configuring VLAN.
z Network Protocol
This module introduces the commands used for configuring network protocols.
z Routing Protocol
This module introduces the commands used for configuring routing protocols.
z Multicast
This module introduces the commands used for configuring multicast protocols.
z QoS/ACL
This module introduces the commands used for configuring QoS/ACL.
z Integrated Management
This module introduces the commands used for integrated management.
z STP
This module introduces the commands used for configuring STP.
z Security
This module introduces the commands used for configuring 802.1X, AAA & RADIUS,
HABP and system-guard.
z Reliability
This module introduces the commands used for configuring VRRP.
z System Management
This module introduces the commands used for system management and
maintenance.
z Auto Detecting
This module introduces the commands used for auto-detecting configuration.
z Appendix
This module includes all the commands in this command manual, which are arranged
alphabetically.
Intended Audience

The manual is intended for the following readers:
z Network engineers
z Network administrators
z Customers who are familiar with network fundamentals
Conventions
The manual uses the following conventions:
I. General conventions
Convention Description
Arial Normal paragraphs are in Arial.
Boldface Headings are in Boldface.

Courier New Terminal Display is in Courier New.
II. Command conventions
Boldface The keywords of a command line are in Boldface.
italic Command arguments are in italic.

Items (keywords or arguments) in square brackets [ ] are
[]
optional.
Alternative items are grouped in braces and separated by
{ x | y | ... }
vertical bars. One is selected.
Optional alternative items are grouped in square brackets
[ x | y | ... ]
and separated by vertical bars. One or none is selected.
Alternative items are grouped in braces and separated by
{ x | y | ... } * vertical bars. A minimum of one or a maximum of all can be
selected.
Optional alternative items are grouped in square brackets

[ x | y | ... ] * and separated by vertical bars. Many or none can be
selected.
# A line starting with the # sign is comments.

III. GUI conventions
Button names are inside angle brackets. For example, click
<>
the <OK> button.
Window names, menu items, data table and field names

[] are inside square brackets. For example, pop up the [New
User] window.
Multi-level menus are separated by forward slashes. For
/
example, [File/Create/Folder].
IV. Keyboard operation
Format Description
Press the key with the key name inside angle brackets. For
<Key>
example, <Enter>, <Tab>, <Backspace>, or <A>.
Press the keys concurrently. For example, <Ctrl+Alt+A>
<Key1+Key2>
means the three keys should be pressed concurrently.
Press the keys in turn. For example, <Alt, A> means the
<Key1, Key2>
two keys should be pressed in turn.
V. Mouse operation
Action Description
Press and hold the primary mouse button (left mouse

Select
button by default).
Select and release the primary mouse button without
Click
moving the pointer.
Press the primary mouse button twice continuously and
Double-Click
quickly without moving the pointer.
Press and hold the primary mouse button and move the
Drag
pointer to a certain position.
VI. Symbols
Eye-catching symbols are also used in the manual to highlight the points worthy of
special attention during the operation. They are defined as follows:
Caution, Warning, Danger: Means reader be extremely careful during the

operation.

Note, Comment, Tip, Knowhow, Thought: Means a complementary
description.

HUAWEI

Command Manual
Getting Started

Command Manual - Getting Started
Quidway S3500 Series Ethernet Switches Table of Contents
Table of Contents
Chapter 1 Logging in Switch Commands ................................................................................... 1-1

1.1 Logging in Switch Commands ........................................................................................... 1-1
1.1.1 authentication-mode................................................................................................ 1-1
1.1.2 auto-execute command........................................................................................... 1-1
1.1.3 command-privilege level ......................................................................................... 1-2
1.1.4 databits.................................................................................................................... 1-3
1.1.5 display history-command ........................................................................................ 1-4
1.1.6 display user-interface .............................................................................................. 1-5
1.1.7 display users ........................................................................................................... 1-6
1.1.8 flow-control .............................................................................................................. 1-7
1.1.9 free user-interface ................................................................................................... 1-7
1.1.10 header ................................................................................................................... 1-8
1.1.11 history-command max-size ................................................................................. 1-10
1.1.12 idle-timeout.......................................................................................................... 1-10
1.1.13 language-mode ................................................................................................... 1-11
1.1.14 lock ...................................................................................................................... 1-11
1.1.15 parity.................................................................................................................... 1-12
1.1.16 protocol inbound.................................................................................................. 1-13
1.1.17 quit....................................................................................................................... 1-13
1.1.18 return ................................................................................................................... 1-14
1.1.19 screen-length....................................................................................................... 1-14
1.1.20 send..................................................................................................................... 1-15
1.1.21 service-type ......................................................................................................... 1-15
1.1.22 set authentication password................................................................................ 1-17
1.1.23 shell ..................................................................................................................... 1-18
1.1.24 speed................................................................................................................... 1-19
1.1.25 stopbits ................................................................................................................ 1-19
1.1.26 super ................................................................................................................... 1-20
1.1.27 super password ................................................................................................... 1-21
1.1.28 sysname .............................................................................................................. 1-22
1.1.29 system-view......................................................................................................... 1-22
1.1.30 telnet.................................................................................................................... 1-23
1.1.31 user-interface ...................................................................................................... 1-23
1.1.32 user privilege level .............................................................................................. 1-24
i
Quidway S3500 Series Ethernet Switches Chapter 1 Logging in Switch Commands
Chapter 1 Logging in Switch Commands
1.1 Logging in Switch Commands

1.1.1 authentication-mode
Syntax
authentication-mode { password | scheme | none }
View
User interface view
Parameter
password: Perform local password authentication.

scheme: Perform local or remote authentication of username and password.
none: Perform no authentication.
Description
Using authentication-mode command, you can configure the authentication method

for login user.
This command with the password parameter indicates to perform local password
authentication, that is, you need to configure a login password using the set
authentication password { cipher | simple } password command.
This command with the scheme parameter indicates to perform authentication of local
or remote username and password. The type of the authentication depends on your
configuration. For detailed information, see “Security” section.
By default, users logging in via the Console port do not need to pass any terminal
authentication, whereas the password is required for authenticating the Modem and
Telnet users when they log in.
Example
# Configure local password authentication.

[Quidway-ui-aux0] authentication-mode password
1.1.2 auto-execute command
Syntax
auto-execute command text
1-1
undo auto-execute command
View
User interface view
Parameter
text: Specifies the command to be run automatically.
Description
Using auto-execute command command, you can configure to automatically run a

specified command. When a user logs in, the command configured will be executed
automatically. Using undo auto-execute command command, you can configure not
to run the command automatically.
This command is usually used to configure the telnet command on the terminal, which
will connect the user to a designated device automatically.
By default, auto run is disabled.
Caution:
z If you execute this command, the user-interface can no longer be used to perform
routine configurations on the local system. Therefore use caution when using this
command.
z Ensure that you will be able to log into the system in some other way to cancel the
configuration, before you configure the auto-execute command command and
save the configuration.
Example
# Configure to automatically telnet 10.110.100.1 after the user logs in via VTY 0.
[Quidway-ui-vty0] auto-execute command telnet 10.110.100.1
1.1.3 command-privilege level
Syntax
command-privilege level level view view command

undo command-privilege view view command
View
System view
1-2
Parameter
level: Specifies the command level, ranging from 0 to 3.

view: Specifies the command view, which can be any of the views supported by the
switch.
command: Specifies the command to be configured.
Description
Using command-privilege level command, you can configure the priority of the
specifically command of the specifically view. Using undo command-privilege view
command, you can restore the default command priority.
The command levels include visit, monitoring, system, and management, which are
identified as 0 through 3 respectively. The network administrator can customize the
command levels as needed.
When users log into the switch, the commands they can use depend jointly on the user
level settings and the command level settings on the user interface. If the two types of
settings differ,
z For the users using AAA/RADIUS authentication, the commands they can use are
determined by the user level settings. For example, if a use is set to level 3 and the
command level on the VTY 0 user interface is level 1, he or she can only use the
commands of level 3 or lower when logging into the switch from the VTY 0 user
interface.
z For the users using RSA public key authentication, the commands they can use
are determined by the command level settings on the user interface.
By default, ping, tracert, and telnet are at visit level (0); display and debugging are at
monitoring level (1); all configuration commands are at system level (2); and FTP,
XMODEM, TFTP and commands for file system operations are at management level
(3).
Example
# Configure the precedence of the command "interface" as 0.

[Quidway] command-privilege level 0 view system interface
1.1.4 databits
Syntax
databits { 7 | 8 }
undo databits
View
User interface view
1-3
Parameter
7: The data bits are 7.

8: The data bits are 8.
Description
Using databits command, you can configure the data bits for AUX (Console) port.
Using undo databits command, you can restore the default bits of the AUX (Console).
This command can only be performed in AUX user interface view.
By default, the value is 8.
Example
# Configure the data bits of AUX (Console) port to 7 bits.

[Quidway-ui-aux0] databits 7
1.1.5 display history-command
Syntax
display history-command
View
Any view
Parameter
None
Description
Using display history-command command, you can view the saved history
commands.
For the related command, see history-command max-size.
Example
# Display history commands.

<Quidway> display history-command
sys
quit
display his
1-4
1.1.6 display user-interface
Syntax
display user-interface [ type number ] [ number ]
View
Any view
Parameter
type: Specifies the type of a user interface.

number: Specifies the number of a user interface.
Description
Using display user-interface command, you can view the relational information of the
user interface. The displayed information includes user interface type, absolute/relative
index, transmission speed, priority, and authentication methods.
Example
# Display the relational information of user interface 0.

<Quidway> display user-interface 0
Idx Type Tx/Rx Modem Privi Auth
F 0 AUX 0 9600 3 N
+ : Current user-interface is active.

F : Current user-interface is active and work in async mode.
Idx : Absolute index of user-interface.
Type : Type and relative index of user-interface.
Privi: The privilege of user-interface.
Auth : The authentication mode of user-interface.
A: Authenticate use AAA.
N: Current user-interface need not authentication.
P: Authenticate use current UI's password.
Table 1-1 Output description of the display user-interface command
Field Description
+ Current user interface is in use
F Current user interface is in use and work in asynchronous mode
Idx Absolute index of user interface
Type Type and relative index of user interface
Tx/Rx User interface speed
1-5
Field Description
Modem Modem operation mode
Which levels of commands can be used after logging in from
Privi
the user interface
Auth User interface authentication method
1.1.7 display users
Syntax
display users [ all ]
View
Any view
Parameter
all: Display the information of all user interfaces.
Description
Using display users command, you can view the information of the user interface.
Example
# Display the information of the current user interface.

[Quidway] display users
UI Delay Type Ipaddress Username
F 0 AUX 0 00:00:00
Table 1-2 Output description of the display users command
Field Description
F Current user interface is in use and work in asynchronous mode.
Number of the first list is the absolute number of user interface.
UI
Number of the second list is the relative number of user interface.
Delay Indicates the interval from the latest input till now in seconds.
Type User type
Displays initial connection location, namely the host IP address of
IPaddress
the incoming connection.
Display the name of the user using this user interface, namely the
Username
login username of the user.
1-6
1.1.8 flow-control
Syntax
flow-control { hardware | none | software }

undo flow-control
View
User interface view
Parameter
hardware: Configures to perform hardware flow control.

none: Configures no flow control.
software: Configures to perform software flow control.
Description
Using flow-control command, you can configure the flow control mode on AUX
(Console) port. Using undo flow-control command, you can restore the default flow
control mode.
By default, the value is none. That is, no flow control will be performed.
Example
# Configure software flow control on AUX (Console) port.

[Quidway-ui-aux0] flow-control software
1.1.9 free user-interface
Syntax
free user-interface [ type ] number
View
User view
Parameter
type: Specifies the user interface type.

number: Specifies the absolute/relative number of the user interface. Configured
together with the type, it will specify the user interface number of the corresponding
type. If the type is not specified, number will specify an absolute user interface number.
1-7
Description
Using free user-interface command, you can clear a user of a specified user interface.
The user interface will be disconnected after the command is executed.
Note that the user of the current user interface cannot be cleared.
Example
# Clear the user of the user interface 1 after logging in to the switch via user interface 0.
<Quidway> free user-interface 1
After the command is executed, user interface 1 will be disconnected. It will not be
connected to the switch until you log in via the user interface 1 for the next time.
1.1.10 header
Syntax
header [ shell | incoming | login ] text

undo header [ shell | incoming | login ]
View
System view
Parameter
login: Login information in case of authentication. It is displayed before the user is

prompted to enter user name and password.
shell: User conversation established header, the information output after user
conversation has been established. If authentication is required, it is prompted after the
user passes authentication.
incoming: Login header, the information output after a Modem user logs in. If
authentication is required, it is prompted after the user passes authentication. In this
case, no shell information is output.
text: Specifies the title text. If you do not choose any keyword in the command, the
system displays the login information by default. The system supports two types of
input modes: one is to input all the text in one line, and altogether 256 characters can
be input; the other is to input all the text in several lines using the <Enter> key, and
altogether 1024 characters, excluding command key word, can be input. The text starts
and ends with the first character. After inputting the end character, press the <Enter>
key to exit the interact process.
Description
Using header command, you can configure to display header when user login. Using
undo header command, you can configure not to display the header.
1-8
When the users log in the switch, if a connection is activated, the login header will be
displayed. After the user successfully logs in the switch, the shell header will be
displayed.
Note that if you press <Enter> after typing any of the three keywords shell, login and
incoming in the command, then what you type after the word header is the contents of
the login information, instead of identifying header type.
You can judge whether the initial character can be used as the header contents this
way:
1) If there is only one character in the first line and it is used as the identifier, this
initial character pairs with the ending character and is not the header contents.
2) If there are many characters in the first line but the initial and ending characters
are different, this initial character pairs with the ending character and is the header
contents.
3) There are many characters in the first line and the initial character is identical with
the ending character, this initial character is not the header contents.
Example
# Configure the header of setting up a session.

Mode 1: Input in one line
[Quidway] header shell %SHELL: Hello! Welcome% (The starting and ending
characters must be the same, and press the <Enter> key to finish a line)
When you log on the switch again, the terminal displays the configured session
establishment title.
[Quidway] quit
<Quidway> quit
Please press ENTER
SHELL: Hello! Welcome (The initial character “%” is not the header contents)
<Quidway>
Mode 2: Input in several lines

[Quidway] header shell % SHELL: (After you pressing the <Enter> key, the system
prompts the following message:)
Input banner text, and quit with the character '%'.
Go on inputting the rest text and end your input with the first letter:
Hello! Welcome % (Press the <Enter> key)
[Quidway]
When you log on the switch again, the terminal displays the configured session
establishment title.
[Quidway] quit
<Quidway> quit
1-9
Please press ENTER

%SHELL: (The initial character “%” is the header contents)
Hello! Welcome
<Quidway>
1.1.11 history-command max-size
Syntax
history-command max-size value

undo history-command max-size
View
User interface view
Parameter
value: Defines the size of the history buffer, ranging from 0 to 256. By default, the size is
10, that is, 10 history commands can be saved.
Description
Using history-command max-size command, you can configure the size of the history
command buffer. Using undo history-command max-size command, you can restore
default size of the history command buffer.
Example
# Set the history buffer to 20, namely saving 20 history commands.

[Quidway-ui-aux0] history-command max-size 20
1.1.12 idle-timeout
Syntax
idle-timeout minutes [ seconds ]

undo idle-timeout
View
User interface view
Parameter
minutes: Specifies the minute, ranging from 0 to 35791.

seconds: Specifies the second, ranging from 0 to 59.
1-10
Description
Using idle-timeout command, you can configure the timeout function. If there is no
user operation performed before idle-timeout expires, the user interface will be
disconnected. Using undo idle-timeout command, you can restore the default
idle-timeout.
idle-timeout 0 means disabling idle-timeout.
By default, idle-timeout is set to 10 minutes.
Example
# Configure the timeout value to 1 minute on the AUX user interface.

[Quidway-ui-aux0] idle-timeout 1 0
1.1.13 language-mode
Syntax
language-mode { chinese | english }
View
User view
Parameter
chinese: Configures the language environment of command line interface as Chinese.

english: Configures the language environment of command line interface as English.
Description
Using language-mode command, you can switch between different language

environments of command line interface for convenience of different users.
By default, the value is English.
Example
# Switch from English mode to Chinese mode.

<Quidway> language-mode chinese
1.1.14 lock
Syntax
lock
View
User view
1-11
Parameter
None
Description
Using lock command, you can lock the user interface to prevent unauthorized user
from operating it.
Example
# Lock the current user interface.

<Quidway> lock
Password: xxxx
Again: xxxx
1.1.15 parity
Syntax
parity { even | mark | none | odd | space }

undo parity
View
User interface view
Parameter
even: Configures to perform even parity.

mark: Configures to perform mark parity.
none: Configures not to perform parity.
odd: Configures to perform odd parity.
space: Configures to perform space parity.
Description
Using parity command, you can configure the parity mode on AUX (Console) port.
Using undo parity command, you can restore the default parity mode.
By default, the mode is set to none.
Example
# Set mark parity on the AUX (Console) port.

[Quidway-ui-aux0] parity mark
1-12
1.1.16 protocol inbound
Syntax
protocol inbound { all | ssh | telnet }
View
VTY user interface view
Parameter
all: Supports both Telnet and SSH protocols.

ssh: Supports only SSH protocol (S3526, S3526 FS and S3526 FM not support the
parameter).
telnet: Supports only Telnet protocol.
Description
Using the protocol inbound command, you can configure the protocols supported by
a designated user interface.
By default, the user interface supports Telnet and SSH protocols.
For the related commands, see user-interface vty.
Example
# Configure SSH protocol supported by VTY0 user interface.

[Quidway-ui-vty0] protocol inbound ssh
1.1.17 quit
Syntax
quit
View
Any view
Parameter
None
Description
Using quit command, you can return to the lower level view from the current view. If the
current view is user view, you can quit the system.
There are three levels of views, which are listed from low to high as follows:
z User view
1-13
z System view
z VLAN view, Ethernet port view, and so on.
For the related commands, see return, system-view.
Example
# Return to user view from system view.

[Quidway] quit
<Quidway>
1.1.18 return
Syntax
return
View
System view or above
Parameter
None
Description
Using return command, you can return to user view from a view other than user view.
Combination key <Ctrl+Z> performs the same function with the return command.
For the related command, see quit.
Example
# Return to user view from system view.

[Quidway] return
<Quidway>
1.1.19 screen-length
Syntax
screen-length screen-length
undo screen-length
View
User interface view
1-14
Parameter
screen-length: Specifies how many lines can be displayed on a screen, ranging from 0
to 512. The default value is 24.
Description
Using screen-length command, you can configure how many lines that can be
displayed on a screen of the terminal. Using undo screen-length command, you can
restore the default number of terminal information lines displayed on the terminal
screen.
The screen-length 0 command is used to disable this function.
Example
# Configure the lines that can be displayed on a screen as 20 lines.

[Quidway-ui-aux0] screen-length 20
1.1.20 send
Syntax
send { all | number | type number }
View
User view
Parameter
all: Configures to send message to all user interfaces.

type: Specifies the user interface type, which can be aux or vty.
number: Specifies the absolute/relative number of the user interface.
Description
Using send command, you can send messages between different user interfaces.
Example
# Send message to all the user interfaces.

<Quidway> send all
1.1.21 service-type
Syntax
For S3552 series, S3528 series, S3526E series and S3526C:
1-15
service-type { ftp [ ftp-directory directory ] | lan-access | { ssh | telnet }* [ level

level ] }
undo service-type { ftp [ ftp-directory ] | lan-access | { ssh | telnet }* [ level level ] }
For S3526, S3526 FM and S3526 FS:
service-type { ftp [ ftp-directory directory ] | lan-access | telnet [ level level ] }
undo service-type { ftp [ ftp-directory ] | lan-access | telnet [ level level ] }
View
Local-user view
Parameter
telnet: Specifies user type as Telnet.

ssh: Specifies user type as SSH.
level level: Specifies the level of Telnet or SSH users. The argument level is an integer
in the range of 0 to 3 and defaults to 1.
ftp: Specifies user type as ftp.
ftp-directory directory: Specifies the directory of ftp users, directory is a character
string of up to 64 characters.
lan-access: Specifies user type to lan-access, which mainly refers to Ethernet
accessing users, 802.1x supplicants for example.
Description
Using service-type command, you can configure which level of command a user can
use after logon. Using undo service-type command, you can restore the default level
of command a user can use after logon.
Commands are classified into four levels, namely visit level, monitoring level, system
level and management level. They are introduced as follows:
z Visit level: Commands of this level involve command of network diagnosis tool
(such as ping and tracert), command of switch between different language
environments of user interface (language-mode), and telnet command etc. The
operation of saving configuration file is not allowed on this level of commands.
z Monitoring level: Commands of this level, including the display command and the
debugging command, are used for system maintenance, service fault diagnosis,
etc. The operation of saving the configuration file is not allowed on this level of
commands.
z System level: Service configuration commands, including routing command and
commands on each network layer, are used to provide direct network service to
the user.
z Management level: These are commands that influence the basic operation of the
system and system support module, which plays a supporting role on service.
1-16
Commands of this level involve file system commands, FTP commands, TFTP
commands, XModem downloading commands, user management commands,
and level setting commands.
Example
# Configure the user zbr to use commands at level 0 after logon.

[Quidway] local-user zbr
[Quidway-luser-zbr] service-type telnet level 0
# Quit the system and logs on with username “zbr” again. Now only the commands at
level 0 are listed on the terminal.
[Quidway] quit
<Quidway> ?
User view commands:
cluster Run cluster command
language-mode Specify the language environment
ping Ping function
quit Exit from current command view
super Privilege specified user priority level
telnet Establish one TELNET connection
tracert Trace route function
1.1.22 set authentication password
Syntax
set authentication password { cipher | simple } password

undo set authentication password
View
User interface view
Parameter
cipher: Configure encrypted text password.

simple: Configure plain text password.
password: If the authentication is in the simple mode, the password must be in plain
text. If the authentication is in the cipher mode, the password can be either in
encrypted text or in plain text. The result is determined by the input. A plain text
password is a sequential character string of no more than 16 digits, for example,
huawei918. The length of an encrypted password must be 24 digits and in encrypted
text, for example, _(TT8F]Y\5SQ=^Q`MAF4<1!!.
1-17
Description
Using set authentication password command, you can configure the password for
local authentication. Using undo set authentication password command, you can
cancel local authentication password.
The password in plain text is required when performing authentication, regardless
whether the configuration is plain text or encrypted text.
Note:
By default, password is required to be set for authenticating the users connecting via
Modem or Telnet. If no password has been set, the following prompt will be displayed
“Login password has not been set !”
Example
# Configure the local authentication password on VTY 0 to huawei.

[Quidway-ui-vty0] set authentication password simple huawei
1.1.23 shell
Syntax
shell
undo shell
View
User interface view
Parameter
None
Description
Using shell command, you can enable terminal service of a user interface. Using undo
shell command, you can disable the terminal service of a user interface.
By default, terminal service is enabled.
When using the undo shell command, note the following points.
z For the sake of security, the undo shell command can only be used on the user
interfaces other than the AUX user interface.
z You cannot use this command on the user interface via which you log in.
1-18
z You will be asked to confirm before executing this command on any legal user
interface.
Example
# Disable terminal service on the vty user interface 0 to 4 after logging in to the switch
via user interface 0.
[Quidway] user-interface vty 0 4
[Quidway-ui-vty0-4] undo shell
# The following message will be displayed on the Telnet terminal after logon.
Connection to host lost.
1.1.24 speed
Syntax
speed speed-value
undo speed
View
User interface view
Parameter
speed-value: Specifies the transmission rate on the AUX (Console) port in bit/s, which
can be 300, 600, 1200, 4800, 9600, 19200, 38400, 57600, or 115200. The default rate
is 9600bit/s.
Description
Using speed command, you can configure the transmission rate on the AUX (Console)
port. Using undo speed command, you can restore the default rate.
Example
# Configure the transmission speed on the AUX (Console) port as 9600bit/s.

[Quidway-ui-aux0] speed 9600
1.1.25 stopbits
Syntax
stopbits { 1 | 1.5 | 2 }
undo stopbits
1-19
View
User interface view
Parameter
1: Sets 1 stop bit.

1.5: Sets 1.5 stop bits.
2: Sets 2 stop bits.
Description
Using stopbits command, you can configure the stop bits on the AUX (Console) port.
Using undo stopbits command, you can restore the default stop bits.
Example
# Configure 2 stop bits on the AUX (Console) port.

[Quidway-ui-aux0] stopbits 2
1.1.26 super
Syntax
super [ level ]
View
User view
Parameter
level: User level, ranging 0 to 3. The default value is 3.
Description
Using super command, you can enable the user to change to user level from the
current user level. If the user has set the super password [ level level ] { simple |
cipher } password, then user password of the higher level is needed, or the former user
level will not change.
Login users are classified into four levels that correspond to the four command levels
respectively. After users of different levels log in, they can only use commands at the
levels that are equal to or lower than its own level.
For the related commands, see super password, quit.
1-20
Example
# change to user level 3 from the current user level.

<Quidway> super 3
Password:
1.1.27 super password
Syntax
super password [ level level ] { simple | cipher } password

undo super password [ level level ]
View
System view
Parameter
level: User level, ranging from 1 to 3. The default value is 3, i.e. do not specify user level.
It means the password to be set is used for entering level 3.
simple: Configure to display the password in plain text.
cipher: Configure to display the password in encrypted text.
password: If the authentication is in the simple mode, the password must be in plain
text. If the authentication is in the cipher mode, the password can either be in
encrypted text or in plain text. The result is determined by the input. A plain text
password is a sequential character string of no more than 16 digits, for example,
huawei918. The length of an encrypted password must be 24 digits and in encrypted
text, for example, (TT8F]Y\5SQ=^Q`MAF4<1!!.
Description
Using super password command, you can configure the password for changing the
user from a lower level to a higher level. In order to prevent unauthorized users from
illegal intrusion, user ID authentication is performed when users switch from a lower
level to a higher level. For the sake of confidentiality, on the screen the user cannot see
the password that he entered. Only when correct password is input for three times, can
the user switch to the higher level. Otherwise, the original user level will remain
unchanged. Using undo super password command, you can cancel the current
settings.
The password in plain text is required when performing authentication, regardless
whether the configuration is plain text or encrypted text.
Example
# Configure the password to zbr for changing the user from the current level to level 3.
1-21
[Quidway] super password level 3 simple zbr
1.1.28 sysname
Syntax
sysname text
undo sysname
View
System view
Parameter
text: Specifies the hostname with a character string, ranging from 1 to 30 characters.
The default name is Quidway.
Description
Using sysname command, you can configure the hostname of the switch. Using undo
sysname command, you can restore the default hostname.
Changing the hostname of the switch will affect the prompt of command line interface.
For example, if the hostname of the switch is Quidway, the prompt in user view will be
<Quidway>.
Example
# Configure the hostname of switch to Switch.

[Quidway] sysname Switch
[Switch]
1.1.29 system-view
Syntax
system-view
View
User view
Parameter
None
Description
Using system-view command, you can enter system view from user view.
For the related commands, see quit, return.
1-22
Example
# Enter system view from user view.

<Quidway> system-view
[Quidway]
1.1.30 telnet
Syntax
telnet { hostname | ip-address } [ service-port ]
View
User view
Parameter
hostname: Specifies the host name of the remote switch. It is configured using the ip
host command.
ip-address: Specifies the IP address of the remote switch.
service-port: Designates the TCP port on the remote switch providing Telnet service,
ranging from 0 to 65535.
Description
Using telnet command, you can log in to another switch from the current one via telnet
for remote management. To terminate the Telnet logon, press <Ctrl+]>.
By default, when the service-port is not specified, the default telnet port number is 23.
For the related command, see display tcp status.
Example
# Log in to switch Quidway2 at 129.102.0.1 from the current Quidway1 switch.

<Quidway1> telnet 129.102.0.1
<Quidway2>
1.1.31 user-interface
Syntax
user-interface [ type ] first-number [ last-number ]
View
System view
1-23
Parameter
type: Specifies the user interface type, which can be aux or vty.
first-number: Specifies the number of the first user interface to be configured.
last-number: Specifies the number of the last user interface to be configured.
Description
Using user-interface command, you can enter single user interface view or multiple
user interface views to configure the corresponding user interfaces.
Example
# Enter user interface view 0 through 5, that is, 1 AUX (Console) port user interface
view and 5 VTY user interface views.
[Quidway] user-interface 0 5
[Quidway-ui0-5]
1.1.32 user privilege level
Syntax
user privilege level level

undo user privilege level
View
User interface view
Parameter
level: Specifies which level of command a user can use after logon from the specifically
user interface, ranging from 0 to 3.
Description
Using user privilege level command, you can configure which level of command a
user can use after logon from the specifically user interface, so that a user can use all
the available commands at this level. Using undo user privilege level command, you
can restore the default level of command a user can use after logon from the
specifically user interface.
By default, a user can access the commands at Level 3 after logging in through the
AUX user interface, and the commands at Level 0 after logging in through the VTY user
interface.
Example
# Configure to use commands level 0 after logging in from VTY 0 user interface.
1-24
[Quidway-ui-vty0] user privilege level 0
# After you telnet from VTY 0 user interface to the switch, you will view the terminal only
displays commands at level 0.
<Quidway> ?
User view commands:
cluster Run cluster command
language-mode Specify the language environment
ping Ping function
quit Exit from current command view
super Privilege specified user priority level
telnet Establish one TELNET connection
tracert Trace route function
1-25
HUAWEI

Command Manual
Port

Command Manual - Port
Table of Contents
Chapter 1 Ethernet Port Configuration Commands................................................................... 1-1

1.1 Ethernet Port Configuration Commands............................................................................ 1-1
1.1.1 broadcast-suppression............................................................................................ 1-1
1.1.2 description ............................................................................................................... 1-1
1.1.3 display interface ...................................................................................................... 1-2
1.1.4 display loopback-detection...................................................................................... 1-5
1.1.5 display port .............................................................................................................. 1-6
1.1.6 duplex...................................................................................................................... 1-6
1.1.7 flow-constrain .......................................................................................................... 1-7
1.1.8 flow-constrain method ............................................................................................. 1-8
1.1.9 flow-control .............................................................................................................. 1-9
1.1.10 flow-interval ........................................................................................................... 1-9
1.1.11 interface............................................................................................................... 1-10
1.1.12 loopback .............................................................................................................. 1-11
1.1.13 loopback-detection control enable ...................................................................... 1-11
1.1.14 loopback-detection enable .................................................................................. 1-12
1.1.15 loopback-detection interval-time ......................................................................... 1-13
1.1.16 loopback-detection per-vlan enable .................................................................... 1-13
1.1.17 mdi....................................................................................................................... 1-14
1.1.18 port access vlan .................................................................................................. 1-15
1.1.19 port hybrid pvid vlan ............................................................................................ 1-15
1.1.20 port hybrid vlan.................................................................................................... 1-16
1.1.21 port link-type........................................................................................................ 1-17
1.1.22 port trunk permit vlan .......................................................................................... 1-18
1.1.23 port trunk pvid vlan.............................................................................................. 1-18
1.1.24 reset counters interface....................................................................................... 1-19
1.1.25 shutdown ............................................................................................................. 1-20
1.1.26 speed................................................................................................................... 1-20
1.1.27 virtual-cable-test.................................................................................................. 1-21
1.1.28 vlan-vpn enable ................................................................................................... 1-22
Chapter 2 Ethernet Port Link Aggregation Commands............................................................. 2-1

2.1 Ethernet Port Link Aggregation Commands ...................................................................... 2-1
2.1.1 display link-aggregation .......................................................................................... 2-1
2.1.2 link-aggregation....................................................................................................... 2-2
Chapter 3 Port Isolation Configuration Commands .................................................................. 3-1

3.1 Port Isolation Configuration Commands............................................................................ 3-1
3.1.1 port-isolate enable................................................................................................... 3-1
i
3.1.2 port-isolate uplink-port vlan ..................................................................................... 3-1
ii
Quidway S3500 Series Ethernet Switches Chapter 1 Ethernet Port Configuration Commands
Chapter 1 Ethernet Port Configuration Commands
1.1 Ethernet Port Configuration Commands

1.1.1 broadcast-suppression
Syntax
broadcast-suppression { ratio | bandwidth bandwidth }

undo broadcast-suppression
View
Ethernet port view
Parameter
ratio: Specifies the maximum bandwidth ratio of the broadcast traffic allowed on
Ethernet port, ranging form 1 to 100. By default, the value is 100. The smaller the ratio
is, the smaller the broadcast traffic is permitted.
bandwidth: Specifies the maximum bandwidth of the broadcast traffic on Ethernet port.
It ranges from 1 to 100 for 100Mbit/s port in Mbit/s.
Description
Using broadcast-suppression command, you can configure the broadcast traffic size
enabled on port. Once the broadcast traffic exceeds the value set by the user, the
system will discard some broadcast to ensure network service so that the traffic ratio of
broadcast is maintained in a proper range. Using undo broadcast-suppression
command, you can restore the default broadcast traffic enabled on port as 100. i.e.,
100% broadcast traffic is allowed to pass through.
Example
# Enable 20% broadcast cast to pass, i.e. 80% broadcast storm suppression is made
on broadcast traffic of port.
[Quidway-Ethernet0/1] broadcast-suppression 20
1.1.2 description
Syntax
description text
undo description
1-1
View
Ethernet port view
Parameter
text: Port description character string, with 80 characters at most.
Description
Using description command, you can configure the description character string for
Ethernet port. Using undo description command, you can cancel the port description
character string.
By default, the port description character string is null.
Example
# Configure the description character string of Ethernet port Ethernet0/1 as

lanswitch-interface.
[Quidway-Ethernet0/1] description lanswitch-interface
1.1.3 display interface
Syntax
display interface [ interface_type | interface_type interface_num | interface_name ]
View
Any view
Parameter
interface_type: Specifies the port type.

interface_num: Specifies the port number.
interface_name: Specifies the port name in the interface_name= interface_type
interface_num format.
For parameter description, refer to the interface command.
Description
Using display interface command, you can view the configuration information on the
port.
If the port type and number are not specified when displaying the port information, the
information of all the ports will be displayed. If only the port type is specified, all the
information of the ports of this type will be displayed. If both port type and port number
are specified, the information of the designated port will be displayed.
1-2
Example
# Display configuration information of Ethernet0/1.

<Quidway> display interface ethernet0/1
Ethernet0/1 current state : UP
IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is
00e0-fc00-0010
Description : aaa
The Maximum Transmit Unit is 1500
Media type is twisted pair, loopback not set
Port hardware type is 100_BASE_TX
100Mbps-speed mode, full-duplex mode
Link speed type is autonegotiation, link duplex type is autonegotiation
Flow-control is not supported
The Maximum Frame Length is 1536
Broadcast MAX-ratio: 100%
PVID: 1
Mdi type: auto
Port link-type: access
Tagged VLAN ID : none
Untagged VLAN ID : 1
Last 5 minutes input: 0 packets/sec 0 bytes/sec
Last 5 minutes output: 0 packets/sec 0 bytes/sec
input(total): 0 packets, 0 bytes
0 broadcasts, 0 multicasts
input(normal): - packets, - bytes
- broadcasts, - multicasts
input: 0 input errors, 0 runts, 0 giants, - throttles, 0 CRC
0 frame, - overruns, 0 aborts, 0 ignored, - parity errors
Output(total): 0 packets, 0 bytes
0 broadcasts, 0 multicasts, 0 pauses
Output(normal): - packets, - bytes
- broadcasts, - multicasts, - pauses
Output: 0 output errors, 0 underruns, - buffer failures
- aborts, 0 deferred, 0 collisions, 0 late collisions
- lost carrier, - no carrier
Table 1-1 Output description of the display interface command
Field Description
The current state of Ethernet port (enabled or
Ethernet0/1 current state
disabled)
IP Sending Frames' Format Ethernet frame format
1-3
Field Description
Hardware address Port hardware address
Description Port description character string
The Maximum Transmit Unit Maximum transmit unit
Media type Type of media
loopback not set Port loopback test state
Port hardware type Port hardware type
100Mbps-speed mode,
full-duplex mode Both the duplex mode and the rate are set to
auto-negotiation. The rate of 100Mbps and the
Link speed type is mode of full-duplex are adopted after negotiating
autonegotiation, link duplex type with its peer
is autonegotiation
Flow-control is not supported Port flow control state

Maximum length of the Ethernet frames that can
The Maximum Frame Length
pass through the port
Broadcast MAX-ratio Port broadcast storm suppression ratio
PVID Port default VLAN ID

Mdi type Cable type
Port link-type Port link type
Tagged VLAN ID The VLANs with packets tagged

Untagged VLAN ID The VLANs with packets untagged
Last 5 minutes output: 0
packets/sec 0 bytes/sec The input/output rate and the passing packet
Last 5 minutes input: 0 number on this port in the last 5 minutes.
packets/sec 0 bytes/sec
1-4
Field Description
input(total): 0 packets, 0 bytes
0 broadcasts, 0 multicasts
input(normal): - packets, - bytes
- broadcasts, - multicasts
input: 0 input errors, 0 runts, 0
giants, - throttles, 0 CRC
0 frame, - overruns, 0
aborts, 0 ignored, - parity errors
Output(total): 0 packets, 0 bytes
0 broadcasts, 0 multicasts, The statistics information of input/output packets
0 pauses and errors on this port
Output(normal): - packets, -
bytes
- broadcasts, - multicasts, -
pauses
Output: 0 output errors, 0
underruns, - buffer failures
- aborts, 0 deferred, 0
collisions, 0 late collisions
- lost carrier, - no carrier
1.1.4 display loopback-detection
Syntax
display loopback-detection
View
Any view
Parameter
None
Description
Using display loopback-detection command, you can view whether the port loopback
detection has been enabled. If it has been enabled, then the time interval of the
detection and the current port loopback information will also be displayed.
Note that S3526/S3526 FS/S3526 FM/S3526E/S3526C Ethernet Switches support this
command in S3500 series switches.
Example
# Display if the port loopback detection is enabled.
1-5
<Quidway> display loopback-detection

Loopback-detection is running
Detection interval time is 30 seconds
There is no port existing loopback link
Table 1-2 Output description of the display loopback-detection command
Field Description
Loopback-detection is running The loopback detection is enabled
Detection interval time is 30 seconds The detection interval is 30 seconds
There is no port existing loopback link No port is in the loopback state
1.1.5 display port
Syntax
display port { hybrid | trunk }
View
Any view
Parameter
hybrid: Display Hybrid port.

Trunk: Display Trunk port.
Description
Using display port command, you can view the ports in the current system, whose link
type is Hybrid or Trunk. If there is any such port, display the corresponding port name.
Example
# Display the Hybrid ports in the current system.

<Quidway> display port hybrid
Now, the following hybrid ports exist:
Ethernet0/1 Ethernet0/2
The above information displays that the current system has two Hybrid ports,
Ethernet0/1 and Ethernet0/2.
1.1.6 duplex
Syntax
duplex { auto | full | half }
1-6
undo duplex
View
Ethernet port view
Parameter
auto: Port auto-negotiation attribute.

full: Port full-duplex attribute.
half: Port half-duplex attribute.
Description
Using duplex command, you can configure the full-duplex/half-duplex attribute of the
Ethernet port. Using undo duplex command, you can restore the duplex attribute of
the port to default auto-negotiation mode.
By default, the duplex attribute is auto.
For the related command, see speed.
Example
# Configure the Ethernet port Ethernet0/1 as auto-negotiation attribute.

[Quidway-Ethernet0/1] duplex auto
1.1.7 flow-constrain
Syntax
flow-constrain time-value flow-value { bps | pps }

undo flow-constrain time-value flow-value { bps | pps }
View
Ethernet port view
Parameter
time-value: Time interval to detect traffic on the port, ranging from 5 to 300 (seconds)
and in steps of 5.
flow-value: Traffic threshold on the port, in the range of 0 to 4294967295. It defaults to
0.
bps: Bytes per second.
pps: Packets per second.
Description
Use the flow-constrain command to define traffic threshold on the port.
1-7
Use the undo flow-constrain command to remove the traffic threshold configuration
on the port.
By default, no traffic threshold is defined on the port.
After you define traffic threshold and handling pattern on the port, the system detects
and counts the traffic in a specified interval. If the actual traffic exceeds the threshold,
the system handles the port based on the defined pattern.
Example
# Configure the traffic threshold on the Ethernet0/1 port as 5000pps and detection
interval as 10 seconds.
System View: return to User View with Ctrl+Z.
[Quidway] interface ethernet0/1
[Quidway-Ethernet0/1] flow-constrain 10 5000 pps
1.1.8 flow-constrain method
Syntax
flow-constrain method { shutdown | trap }

undo flow-constrain method
View
Ethernet port view
Parameter
shutdown: Disables the port and sends trap messages.

trap: Sends trap messages only.
Description
Use the flow-constrain method command to define handling pattern when actual
traffic on the port exceeds the threshold.
Use the undo flow-constrain command to restore the default handling pattern.
By default, only trap messages are sent when actual traffic on the port exceeds the
threshold.
Example
# Configure the system to disable the port and send trap messages when actual traffic
on the port exceeds the threshold.
1-8

[Quidway-Ethernet0/1] flow-constrain method shutdown
1.1.9 flow-control
Syntax
flow-control
undo flow-control
View
Ethernet port view
Parameter
None
Description
Using flow-control command, you can enable flow control feature on the Ethernet port
to avoid discarding data packets due to congestion. Using undo flow-control
command, you can disable flow control feature.
By default, flow control on the Ethernet port is disabled.
Example
# Enable flow control on Ethernet0/1.

[Quidway-Ethernet0/1] flow-control
1.1.10 flow-interval
Syntax
flow-interval interval
undo flow-interval
View
Ethernet port view
Parameter
interval: Specifies time interval, ranging from 5 to 300 in seconds. The step is 5. The
default value is 300.
1-9
Description
Using the flow-interval command, you can configure a time interval. When calculating
port statistics information, the switch calculates the average port speed during the time
interval. Using the undo flow-interval command, you can restore the default value.
For the related command, see display interface.
Example
# Configure the time interval to 100 seconds on Ethernet0/1.

[Quidway-Ethernet0/1] flow-interval 100
1.1.11 interface
Syntax
interface { interface_type interface_num | interface_name }
View
System view
Parameter
interface_type: Specifies the port type. It can be Ethernet or GigabitEthernet.

interface_num: Specifies the port number. It adopts slot number/port number format.
For S3526, S3526E and S3526C Ethernet Switches, the slot number ranges from 0 to
2. Slot 0 contains the fixed Ethernet ports provided by the switch and the port number
ranges from 1 to 24. Slot 1 or 2 represents the extended Ethernet ports provided by the
two extended modules on the rear panel and the port number can only be 1. For S3526
FM and S3526 FS Ethernet Switches, the slot number ranges from 0 to 4. Slot 0
contains the fixed Ethernet ports provided by the switch and the port number ranges
from 1 to 12. Slot 1 or 2 represents the extended Ethernet ports provided by the two
extended modules on front panel respectively and the port number range from 1 to 6.
Slot 3 or 4 represents the extended Ethernet ports provided by the two extended
modules on rear panel respectively and the port number can only be 1. For S3552G
and S3552P Ethernet Switches, the slot number ranges from 0 to 1. Slot 0 contains the
100M Ethernet ports provided by the switch and the port number ranges from 1 to 48.
Slot 1 contains the 1000M Ethernet ports provided by the switch and the port number
ranges from 1 to 4. For S3528G and S3528P Ethernet Switches, the slot number
ranges from 0 to 1. Slot 0 contains the 100M Ethernet ports provided by the switch and
the port number ranges from 1 to 24. Slot 1 contains the 1000M Ethernet ports provided
by the switch and the port number ranges from 1 to 4. For S3552F Ethernet Switch, the
slot number ranges from 1 to 7. Slot 1 to 6 represent the 100M Ethernet ports provided
by the six modules on front panel respectively and the port number range from 1 to 8.
1-10
Slot 7 represents the 1000M Ethernet ports provided by the four GBIC modules on rear
panel respectively and the port number range from 1 to 4.
Description
Using interface command, you can enter the Ethernet port view.
If the user wants to configure the related parameters of the Ethernet port, he must first
use this command to enter the Ethernet port view.
Example
# Enter the Ethernet0/1 port view.

1.1.12 loopback
Syntax
loopback { external | internal }
View
Ethernet port view
Parameter
external: External loop test.

internal: Internal loop test.
Description
Using loopback command, you can configure the Ethernet port to perform the
loopback test to check whether the Ethernet port works normally and the loop test will
finish automatically after being performed for a while.
By default, the port will not perform the loopback test.
Example
# Perform the internal loop test for Ethernet0/1.

[Quidway-Ethernet0/1] loopback internal
1.1.13 loopback-detection control enable
Syntax
loopback-detection control enable
1-11
undo loopback-detection control enable
ViewSystem view/Ethernet port view
Parameter
None
Description
Using the command, you can enable loopback detection controlled function on Trunk
and Hybrid port, that is, when the system finds out that ports on a certain VLAN on
Trunk or Hybrid port is looped back, it then makes the Trunk and Hybrid port operate
under control, meantime, deletes the port corresponding MAC address entry. Using the
undo loopback-detection control enable command, you can disable this function,
that is, when the system finds out that port on a certain VLAN on Trunk or Hybrid port is
looped back, it only reports the Trap information. The Trunk or Hybrid port is still
operates in the normal state.
By default, loopback detection controlled function on Trunk or Hybrid port is enabled.
Note that, this command has no effect on Access ports.
Example
# Enable the port loopback detection controlled function.

[Quidway] loopback-detection control enable
1.1.14 loopback-detection enable
Syntax
loopback-detection enable
undo loopback-detection enable
View
System view/Ethernet port view
Parameter
None
Description
Using loopback-detection enable command, you can enable the port loopback
detection. If there is a loopback port found, the switch will put it under control. Using
undo loopback-detection enable command, you can disable the port loopback
detection.
1-12
Using this command in the system, you can enable/disable the port loopback detection
function of the entire device; using this command in Ethernet port view, you can
enable/disable the port loopback detection function of the current port.
By default, port loopback detection is enabled.
For the related command, see display loopback-detection.
Example
# Enable the port loopback detection.

[Quidway] loopback-detection enable
1.1.15 loopback-detection interval-time
Syntax
loopback-detection interval-time time

undo loopback-detection interval-time
View
System view
Parameter
time: Specifies the interval of monitoring external loopback conditions of the port. It
ranges from 5 to 300, measured in seconds. By default, the interval is 30 seconds.
Description
Using loopback-detection interval-time command, you can configure detection

interval for the external loopback condition of each port. Using undo
loopback-detection interval-time command, you can restore the default interval.
For the related command, see display loopback-detection.
Example
# Configure the detection interval for the external loopback condition of each port to 10
seconds.
[Quidway] loopback-detection interval-time 10
1.1.16 loopback-detection per-vlan enable
Syntax
loopback-detection per-vlan enable

undo loopback-detection per-vlan enable
1-13
View
Ethernet port view
Parameter
None
Description
Using the loopback-detection per-vlan enable command, you can configure that the
system performs loopback detection to all VLANs on Trunk and Hybrid ports. Using the
undo loopback-detection per-vlan enable command, you can configure that the
system only performs loopback detection to the default VLANs on the port.
By default, the system performs loopback detection to all VLANs on Trunk and Hybrid
ports.
Example
# Configure the detection interval for the external loopback condition of each port to 10
seconds.
[Quidway-Ethernet0/1] loopback-detection per-vlan enable
1.1.17 mdi
Syntax
mdi { across | auto | normal }

undo mdi
View
Ethernet port view
Parameter
across: The network cable type is cross-over cable.

auto: The network cable will be recognized whether it is straight-through cable or
cross-over cable.
normal: The network cable of the port is straight-through cable.
Description
Using mdi command, you can configure the network cable type of the Ethernet ports.
Using undo mdi command, you can restore the default type.
By default, the network cable type will be recognized automatically.
Note that this command only has effect 10/100Base-TX and 1000Base-T ports.
1-14
Example
# Configure the network cable type of Ethernet port Ethernet0/1 as auto.

[Quidway-Ethernet0/1] mdi auto
1.1.18 port access vlan
Syntax
port access vlan vlan_id

undo port access vlan
View
Ethernet port view
Parameter
vlan_id: VLAN ID defined in IEEE802.1Q, ranging from 2 to 4094.
Description
Using port access vlan command, you can join the access port to a specified VLAN.
Using undo port access vlan command, you can cancel the access port from the
VLAN.
The use condition of this command is the VLAN indicated in vlan_id must exist.
Example
# Join Ethernet0/1 port to VLAN3 (VLAN3 has existed).

[Quidway-Ethernet0/1] port access vlan 3
1.1.19 port hybrid pvid vlan
Syntax
port hybrid pvid vlan vlan_id

undo port hybrid pvid
View
Ethernet port view
Parameter
vlan_id: VLAN ID defined in IEEE802.1Q, ranging from1 to 4094 and the default
vlan_id is 1.
1-15
Description
Using port hybrid pvid vlan command, you can configure the default VLAN ID of the
hybrid port. Using undo port hybrid pvid command, you can restore the default VLAN
ID of the hybrid port.
Hybrid port can be configured together with the isolate-user-vlan. But if the default
VLAN has set mapping in the isolate-user-vlan, the default VLAN ID cannot be modified.
If you want to modify it, cancel the mapping first.
The default VLAN ID of local hybrid port shall be consistent with that of the peer one,
otherwise, the packet cannot be properly transmitted.
For the related command, see port link-type.
Example
# Configure the default VLAN of the hybrid port Ethernet0/1 to 100.

[Quidway-Ethernet0/1] port hybrid pvid vlan 100
1.1.20 port hybrid vlan
Syntax
port hybrid vlan vlan_id_list { tagged | untagged }

undo port hybrid vlan vlan_id_list
View
Ethernet port view
Parameter
vlan_id_list: vlan_id_list = [ vlan_id1 [ to vlan_id2 ] ]&<1-10> specifies which VLAN the

hybrid port will be added to. It can be discrete. The vlan_id ranges from 1 to 4094.
&<1-10> indicates that the former parameter can be input 10 times repeatedly at most.
tagged: The packet of specified VLAN will have tag.
untagged: The packet of specified VLAN will not have tag.
Description
Using port hybrid vlan command, you can join the hybrid port to specified existing
VLAN. Using undo port hybrid vlan command, you can cancel the hybrid port from
the specified VLAN.
Hybrid port can belong to multiple VLANs. If the port hybrid vlan vlan_id_list { tagged
| untagged } command is used for many times, the VLANs carried by the hybrid port is
the set of vlan_id_list.
1-16
This command can be used on condition that the VLAN specified with vlan_id must
have been existed.
Example
# Join hybrid port Ethernet0/1 to VLAN of 2, 4 and 50-100, and these VLAN will have
tags.
[Quidway-Ethernet0/1] port hybrid vlan 2 4 50 to 100 tagged
1.1.21 port link-type
Syntax
port link-type { access | hybrid | trunk }

undo port link-type
View
Ethernet port view
Parameter
access: Configure the port as access port.

hybrid: Configure the port as hybrid port.
trunk: Configure the port as trunk port
Description
Using port link-type command, you can configure the link type of Ethernet port. Using
undo port link-type command, you can restore the port as default status, i.e. access
port.
You can configure three types of ports concurrently on the same switch, but you cannot
switch between trunk port and hybrid port. You must turn it first into access port and
then set it as other type. For example, you cannot configure a trunk port directly as
hybrid port, but first set it as access port and then as hybrid port.
By default, the port is access port.
Example
# Configure Ethernet port Ethernet0/1 as trunk port.

[Quidway-Ethernet0/1] port link-type trunk
1-17
1.1.22 port trunk permit vlan
Syntax
port trunk permit vlan { vlan_id_list | all }

undo port trunk permit vlan { vlan_id_list | all }
View
Ethernet port view
Parameter
vlan_id_list: vlan_id_list = [ vlan_id1 [ to vlan_id2 ] ]&<1-10> is the VLAN range joined

by the trunk port. It can be discrete. The vlan_id ranges from 2 to 4094. &<1-10>
indicates that the former parameter can be input 10 times repeatedly at most.
all: Join the trunk port to all VLANs.
Description
Using port trunk permit vlan command, you can join trunk port to specified VLAN.
Using undo port trunk permit vlan command, you can cancel trunk port from
specified VLAN.
Trunk port can belong to multiple VLANs. If the port trunk permit vlan command is
used many times, then the VLAN enabled to pass on trunk port is the set of these
vlan_id_list.
This command can be used on condition that the VLAN specified with vlan_id is not the
default one.
Example
# Join the trunk port Ethernet0/1 to VLAN 2, 4 and 50-100.

[Quidway-Ethernet0/1] port trunk permit vlan 2 4 50 to 100
1.1.23 port trunk pvid vlan
Syntax
port trunk pvid vlan vlan_id

undo port trunk pvid
View
Ethernet port view
1-18
Parameter
vlan_id: VLAN ID defined in IEEE802.1Q, ranging from1 to 4094 and the default
vlan_id is 1.
Description
Using port trunk pvid vlan command, you can configure the default VLAN ID of trunk
port. Using undo port trunk pvid command, you can restore the default VLAN ID of
the port.
Trunk port and isolate-user-vlan cannot be configured simultaneously.
The default VLAN ID of local trunk port should be consistent with that of the peer one,
otherwise, the packet cannot be properly transmitted.
Example
# Configure the default VLAN of the trunk port Ethernet0/1 to 100.

[Quidway-Ethernet0/1] port trunk pvid vlan 100
1.1.24 reset counters interface
Syntax
reset counters interface [ interface_type | interface_type interface_num |

interface_name ]
View
User view
Parameter
interface_type: Specifies the port type.

interface_num: Specifies the port number.
For parameter description, refer to the interface command.
Description
Using reset counters interface command, you can reset the statistical information on
the port. and count the related information again on the port for the user.
If the port type and number are not specified when clearing the port information,
information of all ports on the switch will be cleared. If only the port type is specified, all
the information on the ports of this type will be cleared. If both port type and port
number are specified, the information on the designated port will be cleared.
1-19
After 802.1X is enabled, the port information cannot be reset.
Example
# Reset statistical information on Ethernet port Ethernet0/1.

<Quidway> reset counters interface ethernet0/1
1.1.25 shutdown
Syntax
shutdown
undo shutdown
View
Ethernet port view
Parameter
None
Description
Using shutdown command, you can disable the Ethernet port. Using undo shutdown
command, you can enable the Ethernet port.
By default, the Ethernet port is enabled.
Example
# Enable Ethernet port Ethernet0/1.

[Quidway-Ethernet0/1] undo shutdown
1.1.26 speed
Syntax
z For 100M Ethernet port, this command is in the following format:

speed { 10 | 100 | auto }
z For 1000M Ethernet port, this command is in the following format:
speed { 10 | 100 | 1000 | auto }
z The undo form of this command is:
undo speed
View
Ethernet port view
1-20
Parameter
10: The speed on the port is 10Mbps.

auto: The port speed is in peer auto-negotiation status.
Description
Using speed command, you can configure the port speed. Using undo speed
command, you can restore the default speed.
By default, the speed is auto.
For the related command, see duplex.
Example
# Configure Ethernet port Ethernet0/1 port speed as 10Mbps.

[Quidway-Ethernet0/1] speed 10
1.1.27 virtual-cable-test
Syntax
virtual-cable-test
View
Ethernet port view
Parameter
None
Description
Using virtual-cable-test command, you can get the information of the cable test in 5
seconds. The test information includes the condition of the cable ( open or short ) , and
the distance between the ethernet port and the cable with fault.
Note that S3552G/S3552P/S3528G/S3528P/S3552F Ethernet Switches support this
configuration in S3500 series switches.
Example
# Display the information of the cable test.

[Quidway-Ethernet0/1] virtual-cable-test
Cable pair: RX Status:Open Cable Error lenth:5 metres
Cable pair: TX Status:Open Cable Error lenth:5 metres
1-21
1.1.28 vlan-vpn enable
Syntax
vlan-vpn enable
undo vlan-vpn
View
Ethernet port view
Parameter
None
Description
Using vlan-vpn enable command, you can enable port VLAN VPN. Using undo
vlan-vpn command, you can disable port VLAN VPN.
By default, the port VLAN VPN is disabled.
Note that if anyone of GVRP, GMRP, STP, 802.1x, NTDP and NDP has been enabled
on a port, VLAN VPN cannot be enabled on it.
S3552G/S3552P/S3528G/S3528P/S3552F Ethernet Switches support this
configuration in S3500 series switches.
Example
# Enable VLAN VPN on Ethernet0/1.

[Quidway-Ethernet0/1] vlan-vpn enable
1-22
Quidway S3500 Series Ethernet Switches Chapter 2 Ethernet Port Link Aggregation Commands
Chapter 2 Ethernet Port Link Aggregation

Commands
2.1 Ethernet Port Link Aggregation Commands

2.1.1 display link-aggregation
Syntax
display link-aggregation [ master_port_num ]
View
Any view
Parameter
master_port_num: Master port number in an aggregation port group.
Description
Using display link-aggregation command, you can view the related information on
aggregation port.
If the master port number of an aggregation is specified, information on this link
aggregation will be displayed. If the master port number is not specified, information of
all link aggregations will be displayed.
For the related command, see link-aggregation.
Example
# Display the related information of the aggregation group with the master port number
as Ethernet0/1.
<Quidway> display link-aggregation ethernet0/1
Master port: Ethernet0/1
Other sub-ports:
Ethernet0/2
Mode: both
2-1
Table 2-1 The description of link aggregation
Field Description
Master port Master port
Other sub-ports Other member ports
Mode Aggregation mode
2.1.2 link-aggregation
Syntax
link-aggregation port_num1 to port_num2 { both | ingress }

undo link-aggregation { master_port_num | all }
View
System view
Parameter
port_num1: Starting range value of Ethernet port joined the Ethernet link aggregation.
port_num2: Last range value of Ethernet port joined the Ethernet link aggregation.
both: Configures that the sub-ports in the link aggregation share outgoing load on the
port depending on the source address and destination MAC address.
ingress: Configures that the sub-ports in the link aggregation share outgoing load on
the port depending on the source MAC addresses.
master_port_num: Master port number in link aggregation.
all: all aggregated ports.
Description
Using link-aggregation command, you can configure a series of ports to aggregation

port and the port with the smallest port number as master port. Using undo
link-aggregation command, you can cancel the Ethernet link aggregation.
The link aggregation limit of Quidway S3552F, S3552G, S3552P, S3528G, S3528P
Ethernet swtich is that the 1000M port and 100M port can not be in the same
aggregation group.
For satisfactory payload balance effect, it is recommended that you configure the
Ethernet ports to be aggregated to operate at the same speed and with the same
duplex attribute.
For the related command, see display link-aggregation.
2-2
Example
# Configure outgoing load balance on the port depending on the source and destination
MAC addresses.
[Quidway] link-aggregation ethernet0/1 to ethernet0/2 both
2-3
Quidway S3500 Series Ethernet Switches Chapter 3 Port Isolation Configuration Commands
Chapter 3 Port Isolation Configuration Commands
Note:
Quidway S3552F/S3552G/S3552P/3528G/3528P/S3526E/S3526E FM/S3526E
FS/S3526C Ethernet switches support the port isolation configuration.
3.1 Port Isolation Configuration Commands

3.1.1 port-isolate enable
Syntax
port-isolate enable
undo port-isolate enable
View
VLAN view
Parameter
None
Description
Using port-isolate enable command, you can enable port L2 isolation in a VLAN.
Using undo port-isolate enable command, you can disable port L2 isolation.
By default, port L2 isolation is not enabled in a VLAN, that is, L2 forwarding is available
between the ports in a VLAN.
Example
# Enable port L2 isolation in the VLAN.

[Quidway-vlan1] port-isolate enable
3.1.2 port-isolate uplink-port vlan
Syntax
port-isolate uplink-port vlan vlan-id

undo port-isolate uplink-port vlan vlan-id
3-1
Quidway S3500 Series Ethernet Switches Chapter 3 Port Isolation Configuration Commands
View
Ethernet port view
Parameter
vlan-id: VLAN the uplink port belong to, in the range of 1 to 4094.
Description
Using port-isolate uplink-port vlan command, you can configure an isolated port as
uplink port. Using undo port-isolate uplink-port vlan command, you can restore the
uplink port to common isolated port.
By default, no uplink port is configured.
Note that:
z After port L2 isolation is enabled in a VLAN, then you are allowed to configure a
port as uplink port. You can only configure one uplink port in a VLAN.
z You must first restore the uplink port to common isolated port before deleting it
from the VLAN.
z If a Trunk port is set as uplink port, then you are recommended to set that all VLAN
are allowed to pass through the Trunk port and that it is the only uplink port in that
VLAN.
z You cannot enable port isolation and link aggregation concurrently on a port.
Example
# Configure the Ethernet0/1 port as uplink port.

[Quidway-Ethernet0/1] port-isolate uplink-port vlan 1
3-2
HUAWEI

Command Manual
VLAN

Command Manual - VLAN
Table of Contents
Chapter 1 VLAN Configuration Commands................................................................................ 1-1

1.1 VLAN Common Configuration Commands........................................................................ 1-1
1.1.1 description ............................................................................................................... 1-1
1.1.2 display interface vlan-interface................................................................................ 1-1
1.1.3 display vlan.............................................................................................................. 1-2
1.1.4 interface vlan-interface............................................................................................ 1-3
1.1.5 ip address................................................................................................................ 1-4
1.1.6 name ....................................................................................................................... 1-4
1.1.7 port .......................................................................................................................... 1-5
1.1.8 shutdown ................................................................................................................. 1-6
1.1.9 vlan.......................................................................................................................... 1-7
1.1.10 vlan { enable | disable } ......................................................................................... 1-7
1.2 Protocol-Based VLAN Configuration Commands.............................................................. 1-8
1.2.1 display protocol-vlan interface................................................................................. 1-8
1.2.2 display protocol-vlan vlan........................................................................................ 1-9
1.2.3 port hybrid protocol-vlan vlan ................................................................................ 1-10
1.2.4 protocol-vlan.......................................................................................................... 1-11
Chapter 2 Isolate-User-Vlan Configuration Commands ............................................................ 2-1

2.1 isolate-user-vlan Configuration Commands ...................................................................... 2-1
2.1.1 display isolate-user-vlan.......................................................................................... 2-1
2.1.2 isolate-user-vlan ...................................................................................................... 2-2
2.1.3 isolate-user-vlan enable .......................................................................................... 2-3
Chapter 3 GARP/GVRP Configuration Commands.................................................................... 3-1

3.1 GARP Configuration Commands....................................................................................... 3-1
3.1.1 display garp statistics .............................................................................................. 3-1
3.1.2 display garp timer .................................................................................................... 3-2
3.1.3 garp timer ................................................................................................................ 3-2
3.1.4 garp timer leaveall ................................................................................................... 3-3
3.1.5 reset garp statistics ................................................................................................. 3-4
3.2 GVRP Configuration Command......................................................................................... 3-5
3.2.1 display gvrp statistics .............................................................................................. 3-5
3.2.2 display gvrp status .................................................................................................. 3-6
3.2.3 gvrp ......................................................................................................................... 3-6
3.2.4 gvrp registration....................................................................................................... 3-7
Chapter 4 Super VLAN Configuration Commands .................................................................... 4-1

4.1 Super VLAN Configuration Commands............................................................................. 4-1
4.1.1 display supervlan..................................................................................................... 4-1
i
4.1.2 subvlan .................................................................................................................... 4-3

4.1.3 supervlan................................................................................................................. 4-3
ii
Quidway S3500 Series Ethernet Switches Chapter 1 VLAN Configuration Commands
Chapter 1 VLAN Configuration Commands
1.1 VLAN Common Configuration Commands

1.1.1 description
Syntax
description string
undo description
View
VLAN view, VLAN interface view
Parameter
string: description character string of current VLAN or VLAN interface, with a length
ranging from 1 to 32 characters. The default description character string of current
VLAN is VLAN ID of the VLAN, e.g. VLAN 0001. The default description character
string of VLAN interface is the interface name, e.g. Vlan-interface1 Interface.
Description
Using description command, you can configure a description for the current VLAN or
VLAN interface. Using undo description command, you can restore the default
description of current VLAN or VLAN interface.
For the related command, see display vlan, display interface vlan-interface.
Example
# Specify a description character string “RESEARCH” for current VLAN.

[Quidway-vlan1] description RESEARCH
1.1.2 display interface vlan-interface
Syntax
display interface vlan-interface [ vlan_id ]
View
Any view
Parameter
vlan_id: ID of VLAN interface, ranging from 1 to 4094.
1-1
Description
Using display interface vlan-interface command, you can view the related
information about specified or all VLAN interfaces such as physical status and link
status of VLAN interface, Ethernet frame format, MAC address, IP address and sub-net
mask, description character string and MTU, etc.
With vlan_id specified, only the information about the specified VLAN interface will be
displayed. If no vlan_id is specified, the information about all the existing VLAN
interfaces will be displayed.
For the related command, see interface vlan-interface.
Example
# Display related information about VLAN-interface 1.

<Quidway> display interface vlan-interface 1
Vlan-interface1 current state : DOWN
Line protocol current state : DOWN
IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is
00e0-fc07-4101
Internet Address is 10.1.1.1/24 Primary
Description : Vlan-interface1 Interface
The Maximum Transmit Unit is 1500
1.1.3 display vlan
Syntax
display vlan [ vlan_id | all | static | dynamic ]
View
Any view
Parameter
vlan_id: Display information of specified VLAN.

all: Display information of all VLANs.
static: Display information of VLAN created statically by the system.
dynamic: Display information of VLAN created dynamically by the system.
Description
Using display vlan command, you can view related information about the specified or
all VLANs.
If vlan_id or all is specified, information of specified VLAN or all VLANs is displayed. It
includes: VLAN ID, VLAN state, whether the routing function has been enable on this
1-2
VLAN (i.e. whether the route interface exists. If it exists, display primary IP address and
mask), VLAN description, and the ports VLAN contains.
If parameter is not specified, information of the VLAN that has been created is
displayed. If the parameter dynamic or static is selected, information of VLAN created
dynamically or statically by the system is displayed.
For the related command, see vlan.
Example
# Display the information about VLAN1.

[Quidway] display vlan 1
VLAN ID: 1
VLAN Type: static
Route interface: not configured
Description: HUAWEI
Tagged Ports: none
Untagged Ports:
Ethernet0/1 Ethernet0/2 Ethernet0/3
1.1.4 interface vlan-interface
Syntax
interface vlan-interface vlan_id

undo interface vlan-interface vlan_id
View
System view
Parameter
vlan_id: ID of VLAN interface, ranging from 1 to 4094.
Description
Using interface vlan-interface command, you can configure VLAN interface or enter
VLAN interface view. Using undo interface vlan-interface command, you can cancel
one VLAN interface.
For the related command, see display interface vlan-interface.
Example
# Enter VLAN-interface 1 view of VLAN interface.

[Quidway] interface vlan-interface 1
1-3
1.1.5 ip address
Syntax
ip address ip-address net-mask [ sub ]

undo ip address [ ip-address net-mask [sub ] ]
View
VLAN interface view
Parameter
ip_address: IP address of the VLAN interface.

ip_netmask: IP address Mask of the VLAN interface.
sub: the secondary IP address of the VLAN interface.
Description
Using ip address command, you can configure the IP address and the mask for VLAN
interface. Using undo ip address command, you can cancel the IP address and the
mask of one VLAN interface.
Generally, it is enough to configure one IP address for an VLAN interface. You can also
configure 10 IP addresses for an VLAN interface, so that it can be connected to several
subnets. Among these IP addresses, one is the primary IP address and all others are
secondary. The relationship between primary and secondary addresses is:
z When you configure a primary IP address for an interface, which already has a
primary IP address, the newly configured one will replace the old one.
z If you input undo ip address command without any parameter, the switch will
delete both primary and secondary IP address of an interface. undo ip address
ip-address net-mask command can be used to delete the primary IP address,
while undo ip address ip-address net-mask sub command can be used to delete
the secondary IP address.
For the related command, see display vlan, display interface vlan-interface.
Example
# Specify IP address and mask for VLAN interface 1.

[Quidway-Vlan-interface1] ip address 1.1.1.1 255.0.0.0
1.1.6 name
Syntax
name string
undo name
1-4
View
VLAN view
Parameter
string: The name of the current VLAN, which consists of 1 to 32 characters. By default,
it is the VLAN ID of the current VLAN, e.g. VLAN 0001.
Description
Using name command, you can name the current VLAN. Using undo name command,
you can restore the default name of the current VLAN.
By default, the name is the VLAN ID of the current VLAN.
Note that: S3552F/S3552G/S3552P/3528G/3528P/S3526E/S3526E FM/S3526E
FS/S3526C support the command.
Example
# Name the VLAN1 hello.

[Quidway-vlan1] name hello
1.1.7 port
Syntax
port interface_list
undo port interface_list
View
VLAN view
Parameter
interface_list: list of Ethernet ports to be added to or deleted from a certain VLAN,

expressed as interface_list= {{ interface_type interface_num | interface_name } [ to
{ interface_type interface_num | interface_name } ] }&<1-10>. interface_type is
interface type, interface_numis interface number and interface_name is interface name.
For their meanings and value range, read Parameter of “Port” in this document. The
interface number after keyword to must be larger than or equal to the port number
before to. &<1-10>: Representing the repeatable times of parameters, 1 is the minimal
and 10 is the maximal.
Description
Using port command, you can add one port or one group of ports to VLAN. Using undo
port command, you can cancel one port or one group of ports from VLAN.
1-5
Note that you can add/delete trunk port and hybrid port to/from VLAN by port and undo
port commands in Ethernet port view, but not in VLAN view.
For the related command, see display vlan.
Example
# Add Ethernet0/4 through Ethernet0/7, Ethernet0/9 and Ethernet0/11 through

Ethernet0/15 to VLAN 2. The repeated time of command parameter is 3 times.
[Quidway-vlan2] port ethernet0/4 to ethernet0/7 ethernet0/9 ethernet0/11 to
ethernet0/15
1.1.8 shutdown
Syntax
shutdown
undo shutdown
View
VLAN interface view
Parameter
None
Description
Using shutdown command, you can disable the VLAN interface. Using undo
shutdown command, you can enable the VLAN interface.
By default, when all Ethernet ports are in DOWN status in VLAN interface, the VLAN
interface is in DOWN status, i.e. disabled status. When there is one or more Ethernet
ports in VLAN interface are in UP status, the VLAN interface is UP.
This command can be used to start interface after the related parameters and protocols
of VLAN interface are set well. Or when the VLAN interface fails, the interface can be
shut down first and then restarted, in this way, the interface may be restored to normal
status. Shutting down or starting VLAN interface will not take any effect on any Ethernet
port of this VLAN.
Example
# Restart interface after shutting down the interface.

[Quidway-Vlan-interface1] shutdown
[Quidway-Vlan-interface1] undo shutdown
1-6
1.1.9 vlan
Syntax
vlan vlan_id
undo vlan { vlan_id [ to vlan_id ] | all }
View
System view
Parameter
vlan_id: Specifies the ID of a VLAN to be created and/or entered, ranging from 1 to

4094.
all: Delete all VLANs.
Description
Using vlan command, you can enter VLAN view. If the specified VLAN is not created,
create it first. Using undo vlan command, you can cancel the specified VLAN.
VLAN 1 is default VLAN and cannot be deleted.
For the related commands, see display vlan.
Example
# Enter the view of VLAN 1.

[Quidway] vlan 1
1.1.10 vlan { enable | disable }
Syntax
vlan { enable | disable }
View
System view
Parameter
enable: Enable VLAN features of equipment.

disable: Disable the VLAN features of equipment.
Description
Using vlan { enable | disable } command, you can enable/disable the VLAN features
of equipment.
1-7
After the VLAN is disabled, the switch will not use VLAN ID during the packet exchange,
thereby losing the isolation function of VLAN domain.
Note that S3526E/S3526C switches support the command in S3500 series switches.
Example
# Enable the VLAN features of equipment.

[Quidway] vlan enable
1.2 Protocol-Based VLAN Configuration Commands
Note:
Currently, only Quidway S3552G/S3552P/S3528G/S3528P/S3552F Ethernet
Switches support the protocol-based VLAN configuration.
1.2.1 display protocol-vlan interface
Syntax
display protocol-vlan interface { { interface-type interface-num | interface-name } [ to

{ interface-type interface-num | interface-name } ] | all }
View
Any view
Parameter
{ interface_type interface_num | interface_name } [ to { interface_type interface_num |

interface_name } ]: Specifies ports. You can specify multiple sequential ports with the to
parameter, instead of specifying only one port. interface_name specifies port name, in
the format of interface_name = interface_type interface_num. interface_type specifies
port type and interface_num port number.
all: Displays the protocol information of all ports.
Description
Using the display protocol-vlan interface command, you can view the protocol
information and protocol index configured on the specific port, to which you can refer
when you use the protocol-based VLAN and add/delete a protocol.
For the related commands, see display interface.
1-8
Example
# Display the protocol information and protocol index configured on Ethernet0/1 and
Ethernet0/2.
[Quidway] display protocol-vlan interface ethernet0/1 to ethernet0/2
Interface: Ethernet0/1
VLAN ID Protocol-Index Protocol-type
50 1 ip 192.168.10.1 255.255.255.0
80 2 ip 101.120.34.0 255.255.0.0
100 1 ip 104.232.43.0 255.255.255.0
100 2 ipx ethernetii
VLAN ID Protocol-Index Protocol-type
50 5 ipx raw
80 1 at
100 3 mode snap etype 0x0abc
100 5 mode llc dsap 0xac ssap 0xbd
1.2.2 display protocol-vlan vlan
Syntax
display protocol-vlan vlan { vlan-id [ to vlan-id ] | all }
View
Any view
Parameter
vlan-id: Displays the protocol information of the specific VLAN, ranging from 1 to 4094.
all: Displays the protocol information of all VLANs.
Description
Using the display protocol-vlan vlan command, you can view the protocol
information and protocol index configured on a VLAN, to which you can refer when you
use the protocol-based VLAN and add/delete a protocol.
Example
# Display the protocol information and protocol index configured on the VLANs from
VLAN10 to VLAN20
[Quidway] display protocol-vlan vlan 10 to 20
VLAN ID: 10
VLAN Type: Protocol-based VLAN
1-9
Protocol-Index Protocol-Type
1 IP 101.120.34.0/24
2 IP 104.232.43.0/24
3 IPX ETH II
4 AT
VLAN ID: 15
VLAN Type: Protocol-based VLAN
Protocol-Index Protocol-Type
1 ip 192.168.10.1 255.255.255.0
2 mode snap etype 0x0abc
……..
1.2.3 port hybrid protocol-vlan vlan
Syntax
port hybrid protocol-vlan vlan vlan-id { protocol_index [ to protocol_end ] | all }

undo port hybrid protocol-vlan vlan vlan-id { protocol_index [ to protocol_end ] | all }
View
Ethernet port view
Parameter
vlan-id: ID of the VLAN which a protocol is added to or deleted from.

protocol_index: Value of the protocol index, ranging from 0 to 6. It must be smaller than
protocol_end.
protocol_end: End value of the protocol index, ranging form 0 to 6.
all: All protocols.
Description
Using the port hybrid protocol-vlan vlan command, you can associate a
protocol-based VLAN with the specified port. Using the undo port hybrid
protocol-vlan vlan command, you can delete the association between the port and the
protocol-based VLAN.
Note that only the Hybrid port supports this feature at present. The port must belong to
the VLAN before you associate it with the protocol-based VLAN. Otherwise, it cannot
be associated with the VLAN.
For the related commands, see display protocol-vlan interface.
Example
# Associate Ethernet0/1 with protocols 0 to 6 in VLAN 3

[Quidway-Ethernet0/1] port hybrid protocol-vlan vlan 3 0 to 6
1-10
1.2.4 protocol-vlan
Syntax
protocol-vlan [ procotol-index ] { at | ip [ ip_address [ net_mask ] ] | ipx { ethernetii |

llc | raw | snap } | mode { ethernetii [ etype etype_id ] | llc [ dsap dsap_id [ ssap
ssap_id ] | ssap ssap_id ] | snap [ etype etype_id ] } }
undo protocol-vlan { protocol_index [ to protocol_end ] | all }
View
VLAN view
Parameter
at: AT(Apple Talk) protocol based VLAN.

ip [ ip_address [ net_mask ]: IP protocol based VLAN. net_mask is the IP address mask;
if not specified, it defaults to 255.255.255.0.
ipx { ethernetii | llc | raw I snap }: IPX protocol based VLAN. ethernetii | llc | raw I
snap are four encapsulation types of the IPX.
mode: Specify the VLAN based on other protocols.
ethernetii [ etype etype_id ]: EthernetII protocol based VLAN. etype_id is the Ethernet
type of the incoming packet, ranging from 600 to FFFF.
llc [ dsap dsap_id ] [ssap ssap_id]: Logical link control protocol based VLAN. dsap_id
is the destination service access point, ranging from 0 to FF. ssap_id is source service
access point, ranging from 0 to FF.
snap [ etype etype_id ]: SNAP (Sub-Network Access Protocol) based protocol.
etype_id is the Ethernet type of the incoming packet, ranging from 600 to FFFF.
protocol_index: Protocol index value, ranging from 0 to 6. If not specified, it is
automatically allocated by the system.
protocol_end: Protocol index end value, ranging from 0 to 6, and must be greater than
the value of protocol_index.
all: All protocol indexes.
Description
Using the protocol-vlan command, you can configure a certain protocol type for the
specified VLAN. Using the undo protocol-vlan command, you can cancel this
configuration.
Note that the format of mode llc dsap ff ssap ff is the same as that of ipx raw, and the
system first matches ipx raw, so the configuration of vlan-type protocol mode llc
dsap ff ssap ff does not function.
For the related commands, see display protocol-vlan vlan.
1-11
Example
# Specify VLAN 3 to be based on IP protocol.

[Quidway-vlan3] protocol-vlan ip
# Specify VLAN 5 to be based on the 123.34.56.0 network segment.

[Quidway-vlan5] protocol-vlan ip 123.34.56.0
1-12
Quidway S3500 Series Ethernet Switches Chapter 2 Isolate-User-Vlan Configuration Commands
Chapter 2 Isolate-User-Vlan Configuration

Commands
2.1 isolate-user-vlan Configuration Commands

2.1.1 display isolate-user-vlan
Syntax
display isolate-user-vlan [ isolate-user-vlan_num ]
View
Any view
Parameter
isolate-user-vlan_num: VLAN ID of isolate-user-vlan, ranging from 1 to 4094.
Description
Using display isolate-user-vlan command, you can view the mapping relationship
and the ports identifying the mapping relationship between isolate-user-vlan and
Secondary VLAN.
For the related command, see isolate-user-vlan enable, isolate-user-vlan.
Example
# Display the mapping relationship between isolate-user-vlan and Secondary VLAN.

[Quidway] display isolate-user-vlan
Isolate-user-VLAN Vlan ID : 3
Secondary Vlan ID : 4-5
Vlan ID: 3
Vlan Type: static
Isolate-user-VLAN Type : Isolate-user-VLAN
Route Interface: not configured
Description: VLAN 0003
Tagged Ports: none
Untagged Ports:
Ethernet0/4 Ethernet0/8 Ethernet0/18
Vlan ID: 4
2-1
Vlan Type: static

Private-vlan Type : Secondary
Tagged Ports: none
Untagged Ports:
Vlan ID: 5
Vlan Type: static
Private-vlan Type : Secondary
Tagged Ports: none
Untagged Ports:
2.1.2 isolate-user-vlan
Syntax
isolate-user-vlan isolate-user-vlan_num secondary secondary_vlan_numlist [ to

secondary_vlan_numlist ]
undo isolate-user-vlan isolate-user-vlan_num [ secondary secondary_vlan_numlist
[ to secondary_vlan_numlist ]
View
System view
Parameter
isolate-user-vlan_num: VLAN ID of isolate-user-vlan, ranging from 1 to 4094.

secondary_vlan_numlist: VLAN ID of Secondary vlan, ranging from 1 to 4094.
Description
Using isolate-user-vlan command, you can associate isolate-user-vlan to Secondary

vlan and establish the mapping relationship between isolate-user-vlan and Secondary
VLAN. Using undo isolate-user-vlan command, you can cancel the mapping
relationship between isolate-user-vlan and Secondary VLAN.
By default, there is no any corresponding relationship between isolate-user-vlan and
Secondary vlan created by the user.
Before the command is run, isolate-user-vlan and Secondary vlan must include ports.
After the command is run, the mapping relationship between isolate-user-vlan and
2-2
Secondary VLAN is established. The actual operation include: add the ports of
isolate-user-vlan to every Secondary VLAN and add the ports of all Secondary VLANs
to isolate-user-vlan.
After undo command is run, the mapping relationship between isolate-user-vlan and
Secondary VLAN will be canceled. The actual operation include: delete the ports
included in isolate-user-vlan from Secondary VLAN and delete the ports included in
Secondary VLAN from isolate-user-vlan.
For the related command, see display isolate-user-vlan.
Example
# Associate isolate-user-vlan 10 with Secondary vlan2, 3, 4, 5 and 9.

[Quidway] isolate-user-vlan 10 secondary 2 to 5 9
2.1.3 isolate-user-vlan enable
Syntax
isolate-user-vlan enable
undo isolate-user-vlan enable
View
VLAN view
Parameter
None
Description
Using isolate-user-vlan enable command, you can configure the type of one VLAN as
isolate-user-vlan. Using undo isolate-user-vlan enable command, you can cancel the
isolate-user-vlan type of one VLAN.
By default, the type of the VLAN created by the user has not been specified.
isolate-user-vlan can contain many ports, including the uplink ports connected to other
switches. isolate-user-vlan and Trunk ports cannot be configured simultaneously, i.e., if
isolate-user-vlan is configured to the Ethernet switch, the Trunk port cannot be
configured. If the Trunk port is configured, then the isolate-user-vlan cannot be
configured.
For the related commands, see display isolate-user-vlan.
Example
# Configure VLAN 5 as isolate-user-vlan.

[Quidway-vlan5] isolate-user-vlan enable
2-3
Quidway S3500 Series Ethernet Switches Chapter 3 GARP/GVRP Configuration Commands
Chapter 3 GARP/GVRP Configuration Commands
3.1 GARP Configuration Commands

3.1.1 display garp statistics
Syntax
display garp statistics [ interface interface_list ]
View
Any view
Parameter
interface_list: List of Ethernet port to be displayed, expressed as interface _list =

{ { interface_type interface_num | interface_name } [ to { interface_type interface_num
| interface_name } ] }&<1-10>. interface_type is interface type, interface_numis
interface number and interface_name is interface name. For their meanings and value
range, read command parameters description of “Port” in this document.
&<1-10>: Representing the repeatable times of parameters, 1 is the minimal and 10 is
the maximal.
Description
Using display garp statistics command, you can view the GARP statistics information,
including the number of received/sent packet and the number of discarded packet by
GVRP/GMRP etc.
Example
# Display the GARP statistics information on Ethernet port Ethernet0/1.

<Quidway> display garp statistics interface ethernet0/1
GARP statistics on port Ethernet0/1
Number Of GMRP Frames Received : 0
Number Of GVRP Frames Received : 0
Number Of GMRP Frames Transmitted : 0
Number Of GVRP Frames Transmitted : 0
Number Of Frames Discarded : 0
The above information indicates that the numbers of GVRP/GMRP packets

received/sent and discarded on Ethernet0/1 are 0.
3-1
3.1.2 display garp timer
Syntax
display garp timer [ interface interface_list ]
View
Any view
Parameter

| interface_name } ] }&<1-10>. interface_type is interface type, interface_numis
the maximal.
Description
Using display garp timer command, you can view the value of GARP timer, including
Hold timer, Join timer, Leave timer and LeaveAll timer.
For the related command, see garp timer, garp timer leaveall.
Example
# Show GARP timer on Ethernet0/1.

<Quidway> display garp timer interface ethernet0/1
GARP timers on port Ethernet0/1
GARP JoinTime : 20 centiseconds
GARP Leave Time : 60 centiseconds
GARP LeaveAll Time : 1000 centiseconds
GARP Hold Time : 10 centiseconds
3.1.3 garp timer
Syntax
garp timer { hold | join | leave } timer_value

undo garp timer { hold | join | leave }
View
Ethernet port view
3-2
Parameter
hold: GARP Hold timer. After received certain registration information, the GARP
application entity will not send Join Message at once, instead, it starts the Hold timer.
All the registration information received within duration of the Hold timer will be
transmitted in the same frame after the Hold timer times out, thereby saving the
bandwidth resource.
join: GARP Join timer. GARP application entity will send out Join message after the
Join timer goes timeout to make other GARP application entity register its own
information.
leave: GARP Leave timer . When a GARP application entity wants to deregister certain
attribute information, it sends Leave message. The GARP application entity received
the message will starts Leave timer. If the entity receives no Join message before the
timer goes timeout, it will deregister the attribute information.
timer_value: Value of GARP hold timer, join timer and leave timer in centisecond. The
step is 5 centiseconds. The range is according to the following rule: the value of Join
timer should be no less than the doubled value of Hold timer, and the value of Leave
timer should be greater than the doubled value of Join timer and smaller than the
Leaveall timer value, and the minimal value of Join timer is 10 centiseconds. By default,
Hold timer is 10 centiseconds, Join timer is 20 centiseconds, Leave timer is 60
centiseconds.
Description
Using garp timer command, you can configure GARP timer value. Using undo garp
timer command, you can restore the default value of GARP timer.
For the related command, see display garp timer.
Example
# Set Join timer of GARP as 300ms.

[Quidway-Ethernet0/1] garp timer join 30
3.1.4 garp timer leaveall
Syntax
garp timer leaveall timer_value

undo garp timer leaveall
View
System view
3-3
Parameter
timer_value: Value of GARP leaveall timer in centisecond, ranging from 65 to 32765.

The step is 5 centiseconds. The value of Leaveall timer should be greater than the
value of Leave timer. By default, the value of LeaveAll timer is 1000 centiseconds, i.e.
10s.
Description
Using garp timer leaveall command, you can configure GARP leaveall timer. Using
undo garp timer leaveall command, you can restore the default value.
After every GARP application entity is started, the LeaveAll timer will be started
simultaneously. The GARP application entity will send LeaveAll message after the
timer times out to make other application entities re-register all attribute information on
themselves. Then, the LeaveAll timer is started and the new cycle begins.
For the related command, see display garp timer.
Example
# Set GARP LeaveAll timer as 1s.

[Quidway] garp timer leaveall 100
3.1.5 reset garp statistics
Syntax
reset garp statistics [ interface interface_list ]
View
User view
Parameter
interface_list: Specifies a list of Ethernet ports, on which the GARP statistics

information will be cleared, expressed as interface_list = { { interface_type
interface_num | interface_name } [ to { interface_type interface_num |
interface_name } ] }&<1-10>. interface_type is interface type, interface_num is
range, read Parameter Description of “Port” in this document.
the maximal.
Description
Using reset garp statistics command, you can reset the GARP statistics information
(such as the received/sent packets or discarded packets by GVRP/GMRP). If the
command has no parameter, it will clear the GARP statistics information of all the ports.
3-4
For the related command, see display garp statistics.
Example
# Clear GARP statistics information.

<Quidway> reset garp statistics
3.2 GVRP Configuration Command

3.2.1 display gvrp statistics
Syntax
display gvrp statistics [ interface interface_list ]
View
Any view
Parameter

| interface_name } ] }&<1-10>. interface_type is interface type, interface_num is
the maximal.
Description
Using display gvrp statistics command, you can view the GVRP statistics information
of all the Trunk ports, including the list of ports enabled with GVRP, GVRP status
information, failed GVRP registration entries and the last GVRP data unit origin etc.
Example
# Display the GVRP statistics information about Ethernet0/1.

<Quidway> display gvrp statistics interface ethernet0/1
GVRP statistics on port Ethernet0/1
GVRP Status : Enabled
GVRP Failed Registrations : 0
GVRP Last Pdu Origin : 0000-0000-0000
GVRP Registration Type : Normal
3-5
3.2.2 display gvrp status
Syntax
display gvrp status
View
Any view
Parameter
None
Description
Using display gvrp status command, you can view the global status information about
GVRP.
Example
# Display the global status information about GVRP.

<Quidway> display gvrp status
GVRP is enabled
3.2.3 gvrp
Syntax
gvrp
undo gvrp
View
Parameter
None
Description
Using gvrp command, you can enable GVRP. Using undo gvrp command, you can
restore the GVRP to default mode, i.e. disable GVRP.
By default, GVRP is disabled.
This command can be used to enable/disable global GVRP in System view or
enable/disable port GVRP in Ethernet port view.
Before enabling port GVRP, the user must enable global GVRP first and port GVRP
must be enabled/disabled on Trunk port.
3-6
For the related commands, see display gvrp status.
Example
# Enable global GVRP.

[Quidway] gvrp
3.2.4 gvrp registration
Syntax
gvrp registration { fixed | forbidden | normal }

undo gvrp registration
View
Ethernet port view
Parameter
fixed: Enable to create or register VLAN on the port manually and disable to register or
deregister VLAN dynamically.
forbidden: Deregisters all VLANs except VLAN 1 and disables to create or register any
other VLAN on the port.
normal: Enable to create, register and deregister VLAN on the port manually or
dynamically.
Description
Using gvrp registration command, you can configure GVRP registration type. Using
undo gvrp registration command, you can restore the default type.
By default, the registration type is normal.
This command can be only used on Trunk port.
For the related commands, see display gvrp statistics.
Example
# Set the GVRP registration type of Ethernet0/1 as fixed.

[Quidway-Ethernet0/1] gvrp registration fixed
3-7
Quidway S3500 Series Ethernet Switches Chapter 4 Super VLAN Configuration Commands
Chapter 4 Super VLAN Configuration Commands
Note:
FS/S3526C Ethernet switches support the super VLAN feature.
4.1 Super VLAN Configuration Commands

4.1.1 display supervlan
Syntax
display supervlan [ supervlan-id ]
View
Any view
Parameter
supervlan-id: ID of Super VLAN, range from 1 to 4094.
Description
Using display supervlan command, you can view the mapping relationship between
Super VLAN and Sub VLAN, and the ports identified mapping relationship super VLAN
and sub VLAN.
For the related commands, see supervlan, subvlan.
Example
# view the mapping relationship between Super VLAN and Sub VLAN.
[Quidway] display supervlan 2
Supervlan ID : 2
ARP proxy: enabled
Subvlan ID : 3-5
VLAN ID: 2
VLAN Type: static
It is a Super VLAN.
ARP proxy enabled.
4-1
Route Interface: configured

IP Address: 10.153.17.41
Subnet Mask: 255.255.252.0
Name: VLAN 0002
Tagged Ports: none
Untagged Ports: none
VLAN ID: 3
VLAN Type: static
It is a Sub VLAN.
Name: VLAN 0003
Tagged Ports: none
Untagged Ports:
Ethernet0/3
VLAN ID: 4
VLAN Type: static
It is a Sub VLAN.
Name: VLAN 0004
Tagged Ports: none
Untagged Ports:
Ethernet0/4
VLAN ID: 5
VLAN Type: static
It is a Sub VLAN.
Name: VLAN 0005
Tagged Ports: none
Untagged Ports:
Ethernet0/5
4-2
4.1.2 subvlan
Syntax
subvlan sub-vlan-list
undo subvlan [sub-vlan-list ]
View
VLAN view
Parameter
vlan-list: vlan-list = { vlan-id1 [ to vlan-id2 ] } &<1-10> is the VLAN range joined by the
trunk port. It can be discrete. The vlan-id ranges from 1 to 4094. &<1-10> indicates that
the former parameter can be input 10 times repeatedly at most.
Description
Using subvlan commmand, you can establish the mapping relationship between sub
VLAN and super VLAN. Using undo subvlan commmand, you can cancel the mapping
relationship between sub VLAN and super VLAN.
Note that:
z The sub VLAN must exist before you creat mapping between the sub VLAN and
the super VLAN.
z After creating mapping between the sub VLAN and the super VLAN, you can still
add (or delete) Ethernet ports to (from) the sub VLAN.
z When using the undo subvlan command without parameter, you can remove the
mapping between the specific super VLAN and all sub VLANs associated to it. If
choosing the parameter, you can remove the mapping between the specific super
VLAN and the specific sub VLAN.
For the related commands, see display supervlan.
Example
# Establish the mapping relationship between sub VLAN 3, 4, 5, 9 and super VLAN 10.
[Quidway-vlan10] subvlan 3 to 5 9
4.1.3 supervlan
Syntax
supervlan
undo supervlan
4-3
View
VLAN view
Parameter
None
Description
Using supervlan commmand, you can set current VLAN to super VLAN. Using undo
supervlan commmand, you can cancel the super VLAN type of current VLAN.
For the related commands, see display supervlan.
Example
# Set the VLAN 2 to super VLAN.

[Quidway-vlan2] supervlan
4-4
HUAWEI

Command Manual
Network Protocol

Command Manual - Network Protocol
Table of Contents
Chapter 1 IP Address Configuration Commands....................................................................... 1-1

1.1 IP Address Configuration Commands................................................................................ 1-1
1.1.1 display ip host.......................................................................................................... 1-1
1.1.2 display ip interface .................................................................................................. 1-1
1.1.3 ip address................................................................................................................ 1-2
1.1.4 ip host...................................................................................................................... 1-3
Chapter 2 ARP Configuration Commands .................................................................................. 2-1

2.1 ARP Configuration Commands.......................................................................................... 2-1
2.1.1 arp check enable ..................................................................................................... 2-1
2.1.2 arp probe ip ............................................................................................................. 2-1
2.1.3 arp source-suppression cache ................................................................................ 2-2
2.1.4 arp source-suppression enable............................................................................... 2-3
2.1.5 arp source-suppression limit ................................................................................... 2-3
2.1.6 arp timer probe ........................................................................................................ 2-4
2.1.7 arp static.................................................................................................................. 2-5
2.1.8 arp timer aging ........................................................................................................ 2-6
2.1.9 debugging arp packet.............................................................................................. 2-6
2.1.10 display arp ............................................................................................................. 2-7
2.1.11 display arp probe ................................................................................................... 2-8
2.1.12 display arp source-suppression ............................................................................ 2-9
2.1.13 display arp timer aging ........................................................................................ 2-10
2.1.14 reset arp .............................................................................................................. 2-10
2.2 Gratuitous ARP Configuration Commands ...................................................................... 2-11
2.2.1 arp send-gratuitous enable ................................................................................... 2-11
2.2.2 gratuitous-arp-learning enable .............................................................................. 2-12
Chapter 3 ARP Proxy Configuration Commands....................................................................... 3-1

3.1 ARP Proxy Configuration Commands................................................................................ 3-1
3.1.1 display arp proxy ..................................................................................................... 3-1
3.1.2 arp proxy ................................................................................................................. 3-1
Chapter 4 DHCP Client Configuration Commands .................................................................... 4-1

4.1 DHCP Client Configuration Commands............................................................................. 4-1
4.1.1 debugging dhcp client ............................................................................................. 4-1
4.1.2 display dhcp client................................................................................................... 4-2
4.1.3 ip address dhcp-alloc .............................................................................................. 4-2
Chapter 5 DHCP Relay Configuration Commands..................................................................... 5-1

5.1 DHCP Relay Configuration Commands............................................................................. 5-1
i
5.1.1 address-check ......................................................................................................... 5-1

5.1.2 debugging dhcp-relay.............................................................................................. 5-1
5.1.3 dhcp-security static.................................................................................................. 5-3
5.1.4 dhcp-server ............................................................................................................. 5-4
5.1.5 dhcp-server detect .................................................................................................. 5-4
5.1.6 dhcp-server ip.......................................................................................................... 5-5
5.1.7 display dhcp-security............................................................................................... 5-5
5.1.8 display dhcp-server ................................................................................................. 5-6
5.1.9 display dhcp-server interface vlan-interface ........................................................... 5-8
Chapter 6 DHCP Configuration Commands ............................................................................... 6-1

6.1 DHCP Public Configuration Commands ............................................................................ 6-1
6.1.1 dhcp enable............................................................................................................. 6-1
6.1.2 dhcp select .............................................................................................................. 6-2
6.1.3 dhcp server detect................................................................................................... 6-3
6.2 DHCP Server Configuration Commands ........................................................................... 6-3
6.2.1 debugging dhcp server............................................................................................ 6-3
6.2.2 dhcp server dns-list ................................................................................................. 6-4
6.2.3 dhcp server domain-name ...................................................................................... 6-5
6.2.4 dhcp server expired................................................................................................. 6-6
6.2.5 dhcp server forbidden-ip ......................................................................................... 6-7
6.2.6 dhcp server ip-pool.................................................................................................. 6-8
6.2.7 dhcp server nbns-list ............................................................................................... 6-8
6.2.8 dhcp server netbios-type......................................................................................... 6-9
6.2.9 dhcp server option................................................................................................. 6-10
6.2.10 dhcp server ping.................................................................................................. 6-11
6.2.11 dhcp server static-bind ........................................................................................ 6-12
6.2.12 display dhcp server conflict ................................................................................. 6-13
6.2.13 display dhcp server expired ................................................................................ 6-14
6.2.14 display dhcp server free-ip .................................................................................. 6-15
6.2.15 display dhcp server ip-in-use .............................................................................. 6-15
6.2.16 display dhcp server statistics .............................................................................. 6-16
6.2.17 display dhcp server tree ...................................................................................... 6-18
6.2.18 dns-list ................................................................................................................. 6-20
6.2.19 domain-name ...................................................................................................... 6-21
6.2.20 expired................................................................................................................. 6-22
6.2.21 gateway-list ......................................................................................................... 6-22
6.2.22 nbns-list ............................................................................................................... 6-23
6.2.23 netbios-type......................................................................................................... 6-24
6.2.24 network................................................................................................................ 6-25
6.2.25 option................................................................................................................... 6-25
6.2.26 reset dhcp server conflict .................................................................................... 6-26
6.2.27 reset dhcp server ip-in-use.................................................................................. 6-27
ii
6.2.28 reset dhcp server statistics.................................................................................. 6-27

6.2.29 static-bind ip-address .......................................................................................... 6-28
6.2.30 static-bind mac-address ...................................................................................... 6-28
6.3 DHCP Relay Configuration Commands........................................................................... 6-29
6.3.1 address-check dhcp-relay ..................................................................................... 6-29
6.3.2 address-check no-matched................................................................................... 6-30
6.3.3 debugging dhcp relay............................................................................................ 6-31
6.3.4 dhcp relay release................................................................................................. 6-31
6.3.5 dhcp relay security address-check........................................................................ 6-32
6.3.6 dhcp relay security ................................................................................................ 6-33
6.3.7 display dhcp relay address.................................................................................... 6-33
6.3.8 display dhcp relay statistics................................................................................... 6-34
6.3.9 display dhcprelay-security..................................................................................... 6-35
6.3.10 ip relay address ................................................................................................... 6-35
6.3.11 ip relay address cycle .......................................................................................... 6-36
6.3.12 reset dhcp relay statistics.................................................................................... 6-37
Chapter 7 DHCP Snooping Configuration Commands.............................................................. 7-1

7.1 DHCP Snooping Configuration Commands....................................................................... 7-1
7.1.1 dhcp-snooping......................................................................................................... 7-1
7.1.2 dhcp-snooping trust................................................................................................. 7-2
7.1.3 display dhcp-snooping ............................................................................................ 7-2
7.1.4 display dhcp-snooping trust .................................................................................... 7-3
Chapter 8 BOOTP Client Configuration Commands.................................................................. 8-1

8.1.1 debugging bootp client ............................................................................................ 8-1
8.1.2 display bootp client.................................................................................................. 8-1
8.1.3 ip address bootp-alloc ............................................................................................. 8-2
Chapter 9 Access Management Configuration Commands...................................................... 9-1

9.1 Access Management Configuration Commands ............................................................... 9-1
9.1.1 am enable................................................................................................................ 9-1
9.1.2 am ip-pool................................................................................................................ 9-1
9.1.3 am isolate ................................................................................................................ 9-2
9.1.4 am trap enable ........................................................................................................ 9-3
9.1.5 am user-bind ........................................................................................................... 9-4
9.1.6 display am ............................................................................................................... 9-4
9.1.7 display am user-bind ............................................................................................... 9-6
9.1.8 port-isolate enable................................................................................................... 9-6
9.1.9 port-isolate uplink-port vlan ..................................................................................... 9-7
Chapter 10 IP Performance Configuration Commands ........................................................... 10-1

10.1 IP Performance Configuration Commands .................................................................... 10-1
10.1.1 display fib ............................................................................................................ 10-1
10.1.2 display icmp statistics.......................................................................................... 10-2
iii
10.1.3 display ip socket.................................................................................................. 10-3

10.1.4 display ip statistics............................................................................................... 10-4
10.1.5 display tcp statistics............................................................................................. 10-6
10.1.6 display tcp status................................................................................................. 10-7
10.1.7 reset ip statistics.................................................................................................. 10-8
10.1.8 reset tcp statistics................................................................................................ 10-8
10.1.9 tcp timer fin-timeout............................................................................................. 10-9
10.1.10 tcp timer syn-timeout......................................................................................... 10-9
10.1.11 tcp window....................................................................................................... 10-10
iv
Quidway S3500 Series Ethernet Switches Chapter 1 IP Address Configuration Commands
Chapter 1 IP Address Configuration Commands
1.1 IP Address Configuration Commands

1.1.1 display ip host
Syntax
display ip host
View
Any view
Parameter
None
Description
Using display ip host command, you can view all the host names and the
corresponding IP addresses.
Example
# Display all hosts’ name and corresponding IP address of the hosts.

<Quidway> display ip host
Host Age Flags Address(es)
My 0 static 1.1.1.1
Aa 0 static 2.2.2.4
1.1.2 display ip interface
Syntax
display ip interface interface-type interface-number
View
Any view
Parameter
interface-type: Port type. Interface-number: Port number. See the description of the
interface command for details.
1-1
Description
Using display ip interface command, you can view the information of an IP interface.
By default, the information about all the IP interfaces will be displayed if undo interface
is specified. This command outputs all the information related to IP on the interface,
which is useful for troubleshooting.
Example
# Display the information related to interface VLAN-Interface 1.

<Quidway> display ip interface vlan-interface 1
Vlan-interface1 current state : DOWN
Line protocol current state : DOWN
Internet Address is 1.1.1.1/8 Primary
Broadcast address : 1.255.255.255
The Maximum Transmit Unit : 1500 bytes
input packets : 0, bytes : 0, multicasts : 0
output packets : 0, bytes : 0, multicasts : 0
DHCP packet deal mode: global
1.1.3 ip address
Syntax
ip address ip-address { mask | mask-length } [ sub ]

undo ip address [ ip-address { mask | mask-length } [ sub ] ]
View
VLAN interface view or LoopBack interface view
Parameter
ip-address: IP address of VLAN interface.

mask: Corresponding subnet mask.
mask-length: Mask length, i.e. the length of "1" in the IP address.
sub: the secondary IP address of the VLAN interface.
Description
Using ip address command, you can configure an IP address for VLAN or LookBack
interface. Using undo ip address command, you can cancel an IP address of the
VLAN or LookBack interface
By default, all interfaces’ IP addresses are null.
Generally, it is enough to configure one IP address for an interface. You can also
configure 10 IP addresses for an interface at most, so that it can be connected to
1-2
several subnets. Among these IP addresses, one is the primary IP address and all
others are secondary. The relationship between primary and secondary addresses is:
z When you configure a primary IP address for an interface, which already has a
primary IP address, the newly configured one will replace the old one.
z If you input undo ip address command without any parameter, the switch will
delete both primary and secondary IP address of an interface. undo ip address
[ ip-address { mask | mask-length } command can be used to delete the primary IP
address, while undo ip address [ ip-address { mask | mask-length } sub
command can be used to delete the secondary IP address.
Note that the VLAN interface cannot be configured with the secondary IP address if its
IP address is set to be allocated by BOOTP or DHCP.
For the related command, see display ip interface.
Example
# Configure the IP address of interface VLAN interface 1 as 202.38.10.66 and subnet

mask as 255.255.255.0.
[Quidway-vlan-interface1] ip address 202.38.10.66 255.255.255.0
1.1.4 ip host
Syntax
ip host hostname ip-address

undo ip host hostname [ ip-address ]
View
System view
Parameter
hostname: Name of the host, a character string consisting of 1 to 20 characters,

including letters, numbers, "_", and it must contain at least one letter.
ip-address: Host IP address (the corresponding IP address to the host name) in dotted
decimal notation.
Description
Using ip host command, you can configure the host name and the host IP address.
Using undo ip host command, you can cancel the host name and the host IP address.
By default, Host name and corresponding IP address are null.
For the related command, see display ip host.
1-3
Example
# Set Lanswtich1’s IP address to be 202.38.0.8.

[Quidway] ip host Lanswitch1 202.38.0.8
1-4
Quidway S3500 Series Ethernet Switches Chapter 2 ARP Configuration Commands
Chapter 2 ARP Configuration Commands
2.1 ARP Configuration Commands

2.1.1 arp check enable
Syntax
arp check enable

undo arp check enable
View
System view
Parameter
None
Description
Using arp check enable command, you can enable the checking of ARP entry, that is,
the device does not learn the ARP entry where the MAC address is multicast MAC
address. Using undo arp check enable command, you can disable the checking of
ARP entry, that is, the device learns the ARP entry where the MAC address is multicast
MAC address.
By default, the checking of ARP entry is enabled, that is, the device does not learn the
ARP entry where the MAC address is multicast MAC address.
Example
# Configure that the device learns the ARP entry where the MAC address is multicast
MAC address.
[Quidway] undo arp check enable
2.1.2 arp probe ip
Syntax
arp probe ip ip-address

undo arp probe ip [ ip-address ]
View
VLAN interface view
2-1
Parameter
ip-address: IP address requiring ARP timed probing.
Description
Using arp probe ip command, you can configure the IP address requiring ARP timed
probing. Using undo arp probe ip command, you can delete the IP address requiring
ARP timed probing.
By default, IP address requiring ARP timed probing is null.
In S3500 Series Ethernet Switches, only S3526, S3526 FM, S3526 FS supports this
command.
For the related command, see display arp probe.
Example
# Configure the IP address 202.38.10.2 requiring ARP timed probing on VLAN interface
1.
[Quidway-Vlan-interface1] arp probe ip 202.38.10.2
2.1.3 arp source-suppression cache
Syntax
arp source-suppression cache cache-value

undo arp source-suppression cache
View
System view
Parameter
cache-value: the number of source IP addresses to be suppressed, ranging from 2 to

1024. The default value is 16.
Description
Using arp source-suppression cache command, you can configure the number of
source IP addresses to be suppressed. Using undo arp source-suppression cache
command, you can restore the number of source IP addresses to default.
For the related command, see display arp source-suppression.
In S3500 Series Ethernet Switches, only S3552G, S3552P, S3528G, S3528P and
S3552F supports this command.
Example
# Configure the number of source IP addresses to be suppressed is 10.
2-2
[Quidway] arp source-suppression cache 10
2.1.4 arp source-suppression enable
Syntax
arp source-suppression enable

undo arp source-suppression enable
View
System view
Parameter
None
Description
Using arp source-suppression enable command, you can enable ARP source
address suppression. Using undo arp source-suppression enable command, you
can disable ARP source address suppression.
After ARP source address suppression is enabled, the system drops the packets with
the same source IP address on the port if a host on the network continuously sends the
IP packets whose destination IP address cannot be resolved and the traffic within five
seconds exceeds the predefined threshold. When the time interval (5 seconds) is
reached, the system resumes processing of IP packets. This feature can effectively
prevent malicious attacks.
By default, ARP source address suppression is not enabled.
Example
# Enable ARP source address suppression.

[Quidway] arp source-suppression enable
2.1.5 arp source-suppression limit
Syntax
arp source-suppression limit limit-value

undo arp source-suppression limit
2-3
View
System view
Parameter
limit-value: the maximum number of ARP requests within 5-second interval, ranging
from 2 to 1024. The default value is 10.
Description
Using arp source-suppression limit command, you can configure the maximum
number of ARP requests within 5-second interval. Using undo arp
source-suppression limit command, you can restore the maximum number of ARP
requests within 5 seconds to default.
Example
# Configure the maximum number of ARP requests within 5-second interval is 100.
[Quidway] arp source-suppression limit 100
2.1.6 arp timer probe
Syntax
arp timer probe time

undo arp timer probe
View
VLAN interface view
Parameter
time: Interval of ARP timed probing, which is in the range of 5 to 1200 seconds. By
default, the interval is 5 seconds.
Description
Using arp timer probe command, you can configure the ARP probing interval. Using
undo arp timer probe command, you can restore the default ARP probing interval.
command.
For the related command, see display arp probe.
2-4
Example
# Configure the ARP timed probing interval on VLAN interface 1 to 10 seconds.

[Quidway-Vlan-interface1] arp timer probe 10
2.1.7 arp static
Syntax
arp static ip-address mac-address [ vlan-id { interface-type interface-number |

interface-name } ]
undo arp ip-address
View
System view
Parameter
ip-address: IP address of the ARP mapping entry.

mac-address: MAC address of ARP mapping entry, whose format is H-H-H ( H
indicates a hexadecimal number).
vlan-id: VLAN to which the static ARP entry belongs, which is in the range of 1 to 4094.
interface-name: Port to which the static ARP entry belong, represented with
interface-name= interface-type interface-number. interface-type is port type and
interface-number is port number. For details about interface-type, interface-number
and interface-name, refer to the Port Command Manual.
Description
Using arp static command, you can configure the static ARP mapping entries in an
ARP mapping table. Using undo arp static command, you can cancel a static ARP
mapping entry from the ARP table
By default, the mapping table of the system ARP is empty and the switch can maintain
its address mapping by means of dynamic ARP.
Note that:
z Static ARP map entry will be always valid as long as Ethernet switch works
normally. But if the VLAN corresponding ARP mapping entry is deleted, the ARP
mapping entry will be also deleted. The valid period of dynamic ARP map entries
will last only 20 minutes by default.
z The parameter vlan-id must be the ID of a VLAN that has been created by the user,
and the Ethernet port specified behind this parameter must belong to the VLAN.
For the related command, see reset arp, display arp, debugging arp.
2-5
Example
# Associate the IP address 202.38.10.2 with the MAC address 00e0-fc01-0000, and the
ARP mapping entry belongs to the Ethernet port Ethernet0/1 on VLAN1.
[Quidway] arp static 202.38.0.10 00e0-fc01-0000 1 ethernet0/1
2.1.8 arp timer aging
Syntax
arp timer aging aging-time

undo arp timer aging
View
System view
Parameter
aging-time: Aging time of dynamic ARP aging timer, which is in the range of 1 to 1440
minutes. By default, the aging time is 20 minutes.
Description
Using arp timer aging command, you can configure the dynamic ARP aging timer.
Using undo arp timer aging command, you can restore the default dynamic ARP
aging time.
For the related command, see display arp timer aging.
Example
# Configure the dynamic ARP aging timer to 10 minutes.

[Quidway] arp timer aging 10
2.1.9 debugging arp packet
Syntax
debugging arp packet

undo debugging arp packet
View
User view
Parameter
None
2-6
Description
Using debugging arp packet command, you can enable ARP debugging. Using undo
debugging arp packet command, you can disable the corresponding ARP debugging.
By default, undo ARP debugging is enabled.
For the related command, see arp static, display arp.
Example
# Enable ARP packet debugging.

<Quidway> debugging arp packet
*0.771346-ARP-8-S1-arp_send:Send an ARP Packet, operation : 1,
sender_eth_addr :
00e0-fc00-3500,sender_ip_addr : 10.110.91.159, target_eth_addr :
0000-0000-0000
, target_ip_addr : 10.110.91.193
*0.771584-ARP-8-S1-arp_rcv:Receive an ARP Packet, operation : 2,
sender_eth_addr
: 0050-ba22-6fd7, sender_ip_addr : 10.110.91.193, target_eth_addr :
00e0-fc00-3
500, target_ip_addr : 10.110.91.159
Table 2-1 Output description of the debugging arp packet display
Field Description
Kind of ARP packets: 1 ARP request packet; 2 ARP reply
operation
packet
sender_eth_addr Ethernet address of the sender
sender_ip_addr IP address of the sender

Target Ethernet address. If the packet is ARP request packet,
target_eth_addr
the target IP address will be 0
target_ip_addr Target IP address
2.1.10 display arp
Syntax
display arp [ dynamic | static | ip-address ]
View
Any view
2-7
Parameter
dynamic: Display the dynamic ARP entries in ARP mapping table.

static: Display the static ARP entries in ARP mapping table.
ip-address: Display ARP mapping entries according to specified IP address.
Description
Using display arp command, you can view the ARP mapping table.
For the related command, see arp static, reset arp, debugging arp.
Example
# Display all the ARP entries.

<Quidway> display arp
IP Address MAC Address VLAN ID Port Name Aging Type
10.1.1.2 00e0-fc01-0102 N/A N/A N/A Static
10.110.91.175 0050-ba22-6fd7 1 Ethernet0/1 20 Dynamic
--- 2 entries found ---
Table 2-2 Output description of the display arp display
Field Description
IP Address IP address of the ARP mapping entry
MAC Address MAC address of the ARP mapping entry
VLAN ID VLAN to which the static ARP entry belongs
Port Name Port to which the static ARP entry belongs

Aging Aging time of dynamic ARP entry in minutes
Type Type of ARP entry
2.1.11 display arp probe
Syntax
display arp probe [ interface vlan-interface vlan-id ]
View
Any view
Parameter
vlan-id: VLAN interface.
2-8
Description
Using display arp probe command, you can view the ARP timed probing information,
including IP addresses requiring ARP probing and the probing interval.
command.
For the related commands, see arp probe ip, arp timer probe.
Example
# Display the ARP timed probing information on the interface VLAN1.

[Quidway] display arp probe interface vlan-interface 1
Interface Vlan-interface1
Probe Timer: 5 seconds
Probe IP address:
10.110.50.1
Table 2-3 Output description of the display arp probe display
Field Description
Interface Vlan-interface1 VLAN interface
Probe Timer Interval of ARP timed probing

Probe IP address IP address requiring ARP timed probing
2.1.12 display arp source-suppression
Syntax
display arp source-suppression
View
Any view
Parameter
None
Description
Using display arp source-suppression command, you can view ARP source
suppression information.
Example
# Display ARP source suppression information.

<Quidway> display arp source-suppression
2-9
ARP source suppression is enabled

Current suppression limit: 10
Current cache length: 16
2.1.13 display arp timer aging
Syntax
display arp timer aging
View
Any view
Parameter
Description
Using display arp timer aging command, you can view the current setting of the
dynamic ARP map aging timer.
For the related command, see arp timer aging.
Example
# Display the current setting of the ARP map aging timer.

[Quidway] display arp timer aging
Current ARP aging time is 10 minute(s)
2.1.14 reset arp
Syntax
reset arp [ dynamic | static | interface { interface-type interface-number |

interface-name } ]
View
User view
Parameter
dynamic: Clear the dynamic ARP mapping entries.

static: Clear the static ARP mapping entries
interface interface-name: Clear the ARP mapping entries that are related to the
specified. port, represented with interface-name= interface-type interface-number.
interface-type is port type and interface-number is port number. For details about
2-10
interface-type, interface-number and interface-name, refer to the Port Command

Manual.
Description
Using reset arp command, you can reset the ARP mapping entries.
For the related command, see arp static, display arp.
Example
# Reset the static ARP entries.

<Quidway> reset arp static
2.2 Gratuitous ARP Configuration Commands
Note:
This chapter only applies to S3552G, S3552P, S3528G, S3528P, S3552F, S3526E,
S3526E FM, S3526E FS and S3526C in S3500 series switches.
2.2.1 arp send-gratuitous enable
Syntax
arp send-gratuitous enable

undo arp send-gratuitous enable
View
System view
Parameter
None
Description
Use the arp send-gratuitous enable command to enable gratuitous ARP packet
sending, thus checking for the IP address conflict.
Use the undo arp send-gratuitous enable command to disable this function.
By default, the gratuitous ARP packet sending is enabled.
Gratuitous ARP function is to implement the following functions by sending out
gratuitous ARP packets:
2-11
z By sending gratuitous ARP packets, network devices can figure out whether the IP
addresses of other devices conflict with its own.
z If the device which sends the gratuitous ARP packet changed its hardware
address (probably, it turns off, has its interface card changed, and then reboots),
this packet can make old hardware address in the cache of other devices update
accordingly.
Related command: gratuitous-arp-learning enable.
Example
# Disable the gratuitous ARP packet sending on the switch Quidway A.

<QuidwayA> system-view
[QuidwayA] undo arp send-gratuitous enable
2.2.2 gratuitous-arp-learning enable
Syntax
gratuitous-arp-learning enable
undo gratuitous-arp-learning enable
View
System view
Parameter
None
Description
Use the gratuitous-arp-learning enable command to enable gratuitous ARP packet

learning.
Use the undo gratuitous-arp-learning enable command to disable this function.
By default, gratuitous ARP packet learning is disabled.
Related command: arp send-gratuitous enable, debugging arp packet.
Example
# Enable gratuitous ARP packet learning on the switch Quidway A.

<QuidwayA> system-view
[QuidwayA] gratuitous-arp-learning enable
2-12
Quidway S3500 Series Ethernet Switches Chapter 3 ARP Proxy Configuration Commands
Chapter 3 ARP Proxy Configuration Commands
3.1 ARP Proxy Configuration Commands

3.1.1 display arp proxy
Syntax
display arp proxy [ interface interface-type interface-number ]
View
Any view
Parameter
interface-type: Specifies the port type.

interface-number: Specifies the port number.
Description
Use the display arp proxy command to view the ARP proxy status: enabled or
disabled.
See arp proxy enable for related configuration.
Example
# Display the ARP proxy status of interface VLAN 2

[Quidway] display arp proxy
3.1.2 arp proxy
Syntax
arp proxy enable

undo arp proxy enable
View
VLAN virtual interface view
Parameter
None
3-1
Quidway S3500 Series Ethernet Switches Chapter 3 ARP Proxy Configuration Commands
Description
Use the arp proxy enable command to enable ARP proxy. Use the undo arp proxy
enable command to disable ARP proxy.
See display arp proxy for related configuration.
Example
# Enable the ARP proxy of VLAN 2 virtual interface.

[Quidway-Vlan-interface2] arp proxy enable
3-2
Quidway S3500 Series Ethernet Switches Chapter 4 DHCP Client Configuration Commands
Chapter 4 DHCP Client Configuration Commands
Note:
4.1 DHCP Client Configuration Commands

4.1.1 debugging dhcp client
Syntax
debugging dhcp client { all | error | event | packet }

undo debugging dhcp client { all | error | event | packet }
View
User view
Parameter
all: All DHCP client debugging.

error: DHCP client error (including packet unrecognizable ) debugging.
event: DHCP client event (including address allocation and data update) debugging.
packet: DHCP client packet debugging.
Description
Using the debugging dhcp client command, you can enable DHCP client debugging.
Using the undo debugging dhcp client command, you can disable DHCP client
debugging.
By default, all DHCP client debugging is disabled.
Example
# Enable DHCP client event debugging.

<Quidway> debugging dhcp client event
4-1
4.1.2 display dhcp client
Syntax
display dhcp client [ verbose ]
View
Any view
Parameter
verbose: Displays detailed information about address allocation at DHCP client.
Description
Using the display dhcp client command, you can view detailed information about
address allocation at DHCP client.
Example
# Display detailed information about address allocation at DHCP client.

[Quidway] display dhcp client verbose
DHCP client statistic information:
Vlan-interface1:
Current machine state: BOUND
Alloced IP: 169.254.0.2 255.255.0.0
Alloced lease: 86400 seconds, T1: 43200 seconds, T2: 75600 seconds
Lease from 2002.09.20 01:05:03 to 2002.09.21 01:05:03
Server IP: 169.254.0.1
Transaction ID = 0x3d8a7431
Default router: 2.2.2.2
DNS server: 1.1.1.1
Domain name: huawei.com
Client ID: HUAWEI-00e0.fc0a.c3ef-Ethernet0/0
Next timeout will happen after 0 days 11 hours 56 minutes 1 seconds.
4.1.3 ip address dhcp-alloc
Syntax
ip address dhcp-alloc
undo ip address dhcp-alloc
View
VLAN interface view
4-2
Parameter
None
Description
Using the ip address dhcp-alloc command, you can configure VLAN interface to
obtain IP address using DHCP. Using the undo ip address dhcp-alloc command, you
can remove the configuration.
By default, the VLAN interface doest not obtain IP address using DHCP.
Example
# Configure VLAN interface to obtain IP address using DHCP.

[Quidway-Vlan-interface1] ip address dhcp-alloc
4-3
Quidway S3500 Series Ethernet Switches Chapter 5 DHCP Relay Configuration Commands
Chapter 5 DHCP Relay Configuration Commands
Note:
This chapter only applies to S3526/S3526 FM/S3526 FS in S3500 series switches.
5.1 DHCP Relay Configuration Commands

5.1.1 address-check
Syntax
address-check enable
address-check disable
View
VLAN interface view
Parameter
None
Description
Using address-check enable command, you can enable the security features of
DHCP relay and enable the user address validity check on VLAN interface. Using
address-check disable command, you can disable the security features of DHCP
relay and disable the user address validity check on VLAN interface.
By default, the switch disables DHCP security features function.
Example
# Enable the security features of DHCP relay on VLAN1 interface.

[Quidway-Vlan-interface1] address-check enable
5.1.2 debugging dhcp-relay
Syntax
debugging dhcp-relay
undo debugging dhcp-relay
5-1
View
User view
Parameter
None
Description
Using debugging dhcp-relay command, you can enable DHCP relay debugging.
Using undo debugging dhcp-relay command, you can disable the DHCP relay
debugging.
By default, DHCP relay debugging is disabled.
For the related command, see dhcp-server ip, dhcp-server, display dhcp-server,
display dhcp-server interface vlan-interface.
Example
# Enable DHCP relay debugging.

<Quidway> debugging dhcp-relay
*0.7200205-DHCP-8-dhcp_debug:
From client to DHCP Server:
Interface: VLAN-Interface 1
ServerGroupNo: 0
Type: dhcp-request
ClientHardAddress: 0010-dc19-695d
DHCP ServerIpAddress: 192.168.1.2
*0.7200230-DHCP-8-dhcp_debug:
From DHCP Server to client:
Interface: VLAN-Interface 1
ServerGroupNo: 0
Type: dhcp-ack
ClientHardAddress: 0010-dc19-695d
AllocatedIpAddress: 10.1.1.1
*0.7200580-DHCP-8-largehop:
Discard DHCP request packet because of too large hop count!
*0.7200725-DHCP-8-invalidpkt:
Wrong DHCP packet!
5-2
Table 5-1 Description of information generated by the command debugging

dhcp-relay
Field Description
Interface Virtual interface of VLAN performing DHCP Relay
ServerGroupNo DHCP Server group number for Relay
Type DHCP packet type for Relay
ClientHardAddress Hardware address of Client
ServerIpAddress IP address of DHCP Server
AllocatedIpAddress IP address allocated to Client
5.1.3 dhcp-security static
Syntax
dhcp-security static ip_address mac_address

undo dhcp-security ip_address
View
System view
Parameter
ip_address: User IP address.

mac_address: User MAC address.
Description
Using dhcp-security static command, you can configure a user IP address for DHCP
Server group. Using undo dhcp-security command, you can cancel a user IP address
of DHCP Server group.
You can use the display dhcp-security command to view the user configuration of
DHCP Server group before you change corresponding IP address of the DHCP Server
group.
For the related command, see display dhcp-security.
Example
# Configure the user IP address and MAC address of DHCP Server group as 1.1.1.1
and 0005-5D02-F2B3 respectively.
[Quidway] dhcp-security static 1.1.1.1 0005-5D02-F2B3
5-3
5.1.4 dhcp-server
Syntax
dhcp-server groupNo
undo dhcp-server
View
VLAN interface view
Parameter
groupNo: DHCP Server group number; ranging from 0 to 19.
Description
Using dhcp-server command, you can configure the native DHCP Server group of
VLAN interface. Using undo dhcp-server command, you can cancel the VLAN
interface from its native DHCP Server group.
For the related command, see dhcp-server ip, display dhcp-server, display
dhcp-server interface vlan-interface, debugging dhcp-relay.
Example
# Add VLAN-Interface 1 to DHCP Server group1.

[Quidway-Vlan-interface1] dhcp-server 1
5.1.5 dhcp-server detect
Syntax
dhcp-server detect
undo dhcp-server detect
View
System view
Parameter
None
Description
Using dhcp-server detect command, you can enable DHCP pseudo-server detection.
Using undo dhcp-server detect command, you can disable DHCP pseudo-server
detection.
5-4
Example
# Enable DHCP pseudo-server detection.

[Quidway] dhcp-server detect
5.1.6 dhcp-server ip
Syntax
dhcp-server groupNo ip ipaddress1 [ ipaddress2 ]

undo dhcp-server groupNo
View
System view
Parameter
groupNo: DHCP Server group number; the valid groupNo ranges from 0 to 19.
ipaddress1: IP address of the master DHCP Server in the group.
ipaddress2: IP address of the slave DHCP Server in the group.
Description
Using dhcp-server ip command, you can configure the IP address of DHCP Server
adopted by the DHCP Server group. Using undo dhcp-server ip command, you can
cancel the IP addresses all the DHCP Servers in DHCP Server group.
For the related command, see dhcp-server, display dhcp-server, debugging
dhcp-relay.
Example
# Configure IP addresses of the master/slave DHCP Server of DHCP Server group1 as

1.1.1.1 and 2.2.2.2 respectively.
[Quidway] dhcp-server 1 ip 1.1.1.1 2.2.2.2
# Delete the IP addresses of the master/slave DHCP Server in DHCP Server group1.
[Quidway] undo dhcp-server 1
5.1.7 display dhcp-security
Syntax
display dhcp-security [ ip_address ]
View
Any view
5-5
Parameter
ip_address: User IP address.
Description
Using display dhcp-security command, you can view all the IP addresses in valid
user address table of DHCP Server group.
Example
# Display all the IP addresses in valid user address table of DHCP Server group.
<Quidway>display dhcp-security
IP Address MAC Address IP Address Type
2.2.2.2 0005-5d02-f2b2 Static
3.3.3.3 0005-5d02-f2b3 Dynamic
--- 2 dhcp-security item(s) found ---
Table 5-2 Output description of the display dhcp-security display
Field Description
IP Address IP address of the DHCP Server group
MAC Address User MAC address of DHCP Server group
Type of user address table entry, including dynamic address
IP Address Type
entry and static address entry
5.1.8 display dhcp-server
Syntax
display dhcp-server groupNo
View
Any view
Parameter
groupNo: DHCP Server group.
Description
Using display dhcp-server command, you can view the related information of DHCP
Server group.
For the related command, see dhcp-server ip, dhcp-server, display dhcp-server
interface vlan-interface, debugging dhcp-relay.
5-6
Example
# View the related information of DHCP Server group 0.

<Quidway> display dhcp-server 0
The first IP address of DHCP Server group 0: 1.1.1.1
The second IP address of DHCP Server group 0: 1.1.1.2
Messages from this server group: 0
Messages to this server group: 0
Messages from clients to this server group: 0
Messages from this server group to clients: 0
DHCP_OFFER messages: 0
DHCP_ACK messages: 0
DHCP_NAK messages: 0
DHCP_DECLINE messages: 0
DHCP_DISCOVER messages: 0
DHCP_REQUEST messages: 0
DHCP_INFORM messages: 0
DHCP_RELEASE messages: 0
Table 5-3 Output description of the display dhcp-server display
Field Description
The first IP address of DHCP IP address of the master DHCP Server in DHCP
Server group 0 Server group 0
The second IP address of DHCP IP address of the slave DHCP Server in DHCP
Server group 0 Server group0
Number of packets that DHCP relay received
Messages from this server group
from this DHCP Server group
Number of packets that DHCP relay sends to
Messages to this server group
this DHCP Server group
Messages from clients to this Number of packets that DHCP relay receives
server group from client.
Messages from this server group Number of packets that DHCP relay sends to
to clients client
Number of OFFER packets received by DHCP
DHCP_OFFER messages
relay
Number of ACK packets received by DHCP
DHCP_ACK messages
relay
Number of NAK packets received by DHCP
DHCP_NAK messages
relay
Number of DECLINE packets received by
DHCP_DECLINE messages
DHCP relay
5-7
Field Description
Number of DISCOVER packets received by
DHCP_DISCOVER messages
DHCP relay.
Number of REQUEST packets received by
DHCP_REQUEST messages
DHCP relay
Number of INFORM packets received by DHCP
DHCP_INFORM messages
relay
Number of RELEASE packets received by
DHCP_RELEASE messages
DHCP relay
5.1.9 display dhcp-server interface vlan-interface
Syntax
display dhcp-server interface vlan-interface vlan-id
View
Any view
Parameter
Description
Using display dhcp-server interface vlan-interface command, you can view the
information of the DHCP Server group corresponding to VLAN interface.
For the related command, see dhcp-server, display dhcp-server, debugging
dhcp-relay.
Example
# View the information of the DHCP Server group corresponding to VLAN-Interface 2.

<Quidway> display dhcp-server interface vlan-interface 2
The DHCP Server group of this interface is 0
The information shown above indicates that vlan-interface 2 is configured with a DHCP
Server group with ID as 0.
5-8
Quidway S3500 Series Ethernet Switches Chapter 6 DHCP Configuration Commands
Chapter 6 DHCP Configuration Commands
Note:
6.1 DHCP Public Configuration Commands

6.1.1 dhcp enable
Syntax
dhcp enable
undo dhcp enable
View
System view
Parameter
None
Description
Using the dhcp enable command, you can enable the DHCP service. Using the undo
dhcp enable command, you can disable the DHCP service.
By default, the DHCP service is enabled.
Only after the DHCP service is enabled can other DHCP configurations take effect. This
configuration is essential to both DHCP server and DHCP relay.
Example
# Enable the DHCP service.

[Quidway] dhcp enable
6-1
6.1.2 dhcp select
Syntax
Following is the command for configuring in VLAN interface view how DHCP messages
are handled on the current VLAN interface:
dhcp select { global | interface | relay }
undo dhcp select
Following is the command for configuring in system view how DHCP messages are
handled on multiple VLAN interfaces:
dhcp select { global | interface | relay } { interface vlan-interface vlan_id [ to
vlan-interface vlan_id ] | all }
undo dhcp select { interface vlan-interface vlan_id [ to vlan-interface vlan_id ] | all }
View
VLAN interface view, system view
Parameter
global: Configured to send DHCP messages to the local DHCP server where
addresses are to be allocated from a global address pool.
interface: Configured to send DHCP messages to the local DHCP server where
addresses are to be allocated from the appropriate VLAN interface address pool.
relay: Configured to relay DHCP messages to an external DHCP server where
addresses are to be allocated.
interface vlan-interface vlan_id [ to vlan-interface vlan_id ]: Specifies VLAN
interfaces.
all: All VLAN interfaces.
Description
Using the dhcp select command, you can configure how DHCP messages destined to
the current device are handled. Using the undo dhcp select command, you can
restore the default DHCP message handling method.
By default, DHCP message handling method is global, that is, DHCP messages
destined to the current device are sent to the local DHCP server where addresses are
to be allocated from a global address pool.
Example
# Allocate addresses selected from a global address pool on the local DHCP server to
the clients sending DHCP messages destined to the current device.
[Quidway-Vlan-interface1] dhcp select global
6-2
6.1.3 dhcp server detect
Syntax
dhcp server detect

undo dhcp server detect
View
System view
Parameter
None
Description
Using the dhcp server detect command, you can enable pseudo-DHCP server
detection. Using the undo dhcp server detect command, you can disable the
function.
By default, pseudo-DHCP server detection is disabled.
Example
# Enable pseudo-DHCP server detection.

[Quidway] dhcp server detect
6.2 DHCP Server Configuration Commands

6.2.1 debugging dhcp server
Syntax
debugging dhcp server { all | error | event | packet }

undo debugging dhcp server { all | error | event | packet }
View
User view
Parameter
all: All DHCP server debugging.

error: Debugging of the DHCP server on such errors as occurring in DHCP message
processing and address allocation.
events: Debugging of the DHCP server on such events as address allocation and
timeout of a ping attempt.
6-3
packet: Debugging on the messages received and transmitted by the DHCP server as
well as the transmitted ping packets and the response status.
Description
Using the debugging dhcp server command, you can enable DHCP server
debugging. Using the undo debugging dhcp server command, you can disable
DHCP server debugging.
By default, DHCP server debugging is disabled.
Example
# Enable event debugging of DHCP server.

<Quidway> debugging dhcp server event
6.2.2 dhcp server dns-list
Syntax
Following is the command for configuring in VLAN interface view a DNS server address
list in the DHCP address pool on the current VLAN interface:
dhcp server dns-list ip-address [ ip-address ]
undo dhcp server dns-list { ip-address | all }
Following is the command for configuring in system view a DNS server address list in
DHCP address pools on multiple VLAN interfaces:
dhcp server dns-list ip-address [ ip-address ] { interface vlan-interface vlan_id [ to
undo dhcp server dns-list { ip-address | all } { interface vlan-interface vlan_id [ to
View
Parameter
ip-address: IP address of DNS server. You can configure up to eight IP addresses

separated by spaces in a command.
interface vlan-interface vlan_id [ to vlan-interface vlan_id ]: specifies VLAN
interfaces.
all: All VLAN interfaces or IP addresses.
Description
Using the dhcp server dns-list command, you can define a list of DNS server
addresses in one or multiple DHCP address pools on the specified VLAN interface(s).
6-4
Using the undo dhcp server dns-list command, you can remove one or all DNS
server addresses from the DHCP address pool(s) on the current or multiple VLAN
interfaces.
By default, no DNS server address is configured.
If you configure DNS server list for multiple times, the latest DNS server list replaces
the previous one.
For the related command, see dns-list.
Example
# Assign the DNS server address 1.1.1.254 into the DHCP address pool on VLAN
interface 1.
[Quidway] interface Vlan-interface 1
[Quidway-Vlan-interface1] dhcp server dns-list 1.1.1.254
6.2.3 dhcp server domain-name
Syntax
Following is the command for configuring in VLAN interface view the domain name to
be allocated to the DHCP clients using the DHCP address pool on the current VLAN
interface:
dhcp server domain-name domain-name
undo dhcp server domain-name
Following is the command for configuring in system view the domain name to be
allocated to the DHCP clients using the DHCP address pools on multiple VLAN
interfaces:
dhcp server domain-name domain-name { interface vlan-interface vlan_id [ to
undo dhcp server domain-name domain-name { interface vlan-interface vlan_id
[ to vlan-interface vlan_id ] | all }
View
Parameter
domain-name: Domain name to be allocated to the clients using the DHCP address
pool on the VLAN interface, which is a string of 3 to 50 characters.
interfaces.
6-5
Description
Using the dhcp server domain-name command, you can specify the domain name to
be allocated to the clients using the DHCP address pool(s) on the specified VLAN
interface(s). Using the undo dhcp server domain-name command, you can delete
the domain name configuration of the DHCP address pool(s) on the specified VLAN
interface(s).
By default, no domain name of clients is configured.
For the related command, see domain-name.
Example
# Specify “vlan-interface1.com” as the domain name to be allocated to the clients using

the DHCP address pool on the current VLAN interface.
[Quidway-Vlan-interface1] dhcp server domain-name vlan-interface1.com
6.2.4 dhcp server expired
Syntax
Following is the command for configuring in VLAN interface view the address lease
duration to be adopted by the DHCP address pool on the current VLAN interface:
dhcp server expired { day day [ hour hour [ minute minute ] ] | unlimited }
undo dhcp server expired
Following is the command for configuring in system view the address lease duration to
be adopted by the DHCP address pools on multiple VLAN interfaces:
dhcp server expired { day day [ hour hour [ minute minute ] ] | unlimited } { interface
vlan-interface vlan_id [ to vlan-interface vlan_id ] | all }
undo dhcp server expired { interface vlan-interface vlan_id [ to vlan-interface
vlan_id ] | all }
View
Parameter
day day: Number of days in the range of 0 to 365.

hour hour: Number of hours in the range of 0 to 23.
minute minute: Number of minutes in the range of 0 to 59.
unlimited: Unlimited address lease.
interfaces.
6-6
Description
Using the dhcp server expired command, you can specify the duration that addresses
in the specified VLAN interface DHCP address pool(s) can be leased. Using the undo
dhcp server expired command, you can restore the default duration that addresses in
the specified VLAN interface DHCP address pool(s) can be leased.
By default, address lease duration is one day.
For the related command, see expired.
Example
# IP addresses from the DHCP address pool on VLAN interface 1 can be leased for an
unlimited period.
[Quidway-Vlan-interface1] dhcp server expired unlimited
6.2.5 dhcp server forbidden-ip
Syntax
dhcp server forbidden-ip low-ip-address [ high-ip-address ]

undo dhcp server forbidden-ip low-ip-address [ high-ip-address ]
View
System view
Parameter
low-ip-address: The lowest IP address forbidden in automatic address allocation.

high-ip-address: The highest IP address forbidden in automatic address allocation,
which cannot be lower than low-ip-address. If this parameter is not specified, there will
be only one IP address, that is, low-ip-address.
Description
Using the dhcp server forbidden-ip command, you can configure IP addresses
forbidden in automatic address allocation. Using the undo dhcp server forbidden-ip
command, you can cancel the configuration of addresses forbidden in automatic
address allocation.
By default, all IP addresses in address pools participate in automatic address
allocation.
For the related commands, see dhcp server ip-pool, network, static-bind
ip-address, and dhcp server static-bind.
6-7
Example
# Forbid the IP addresses in the range of 10.110.1.1 to 10.110.1.63 to participate in

automatic address allocation.
[Quidway] dhcp server forbidden-ip 10.110.1.1 10.110.1.63
6.2.6 dhcp server ip-pool
Syntax
dhcp server ip-pool pool-name

undo dhcp server ip-pool pool-name
View
System view
Parameter
pool-name: DHCP pool name, a string of 1 to 35 characters that uniquely identifies an

address pool.
Description
Using the dhcp server ip-pool command, you can create a DHCP address pool and
access the DHCP address pool view. Using the undo dhcp server ip-pool command,
you can delete the specified address pool.
By default, no DHCP global address pool is created.
For the related command, see dhcp enable.
Example
# Create DHCP address pool 0.

[Quidway] dhcp server ip-pool 0
[Quidway-dhcp-0]
6.2.7 dhcp server nbns-list
Syntax
Following is the command for configuring in VLAN interface view a NetBIOS server
address list in the DHCP address pool on the current VLAN interface:
dhcp server nbns-list ip-address [ ip-address ]
undo dhcp server nbns-list { ip-address | all }
Following is the command for configuring in system view a NetBIOS server address list
in DHCP address pools on multiple VLAN interfaces:
6-8
dhcp server nbns-list ip-address [ ip-address ] { interface vlan-interface vlan_id [ to

undo dhcp server nbns-list { ip-address | all } { interface vlan-interface vlan_id [ to
View
Parameter
ip-address: IP address of NetBIOS server. You can configure up to eight IP addresses

interfaces.
Description
Using the dhcp server nbns-list command, you can define a list of NetBIOS server
addresses in one or multiple VLAN interface DHCP address pools. Using the dhcp
server nbns-list command, you can remove one or all NetBIOS server addresses from
the VLAN interface DHCP address pool(s).
By default, no NetBIOS server address is configured.
If you configure NetBIOS server list for multiple times, the latest NetBIOS server list will
replace the previous one.
For the related commands, see nbns-list and dhcp server netbios-type.
Example
# Assign the NetBIOS server with the IP address 10.12.1.99 to the DHCP address pool
on VLAN interface 1.
[Quidway-Vlan-interface1] dhcp server nbns-list 10.12.1.99
6.2.8 dhcp server netbios-type
Syntax
Following is the command for configuring in VLAN interface view the NetBIOS node
type of the clients using the DHCP address pool on the current VLAN interface:
dhcp server netbios-type { b-node | h-node | m-node | p-node }
undo dhcp server netbios-type
Following is the command for configuring in system view the NetBIOS node type of the
clients using the DHCP address pools on multiple VLAN interfaces:
6-9
dhcp server netbios-type { b-node | h-node | m-node | p-node } { interface

vlan-interface vlan_id [ to vlan-interface vlan_id ] | all }
undo dhcp server netbios-type { interface vlan-interface vlan_id [ to vlan-interface
vlan_id ] | all }
View
Parameter
b-node: Broadcast mode where NetBIOS nodes get their hostname-IP maps through
broadcast.
p-node: Peer-to-peer mode, where NetBIOS nodes get their hostname-IP maps by
communicating with the NetBIOS server.
m-node: Mixed (m) mode, where NetBIOS nodes are p-nodes with the broadcast
feature.
h-node: Hybrid (h) mode, where NetBIOS nodes are b-nodes with the peer-to-peer
communications mechanism.
Description
Using the dhcp server netbios-type command, you can configure NetBIOS node type
of the clients using the specified VLAN interface DHCP address pool(s). Using the
undo dhcp server netbios-type command, you can delete the configuration of
NetBIOS node type in the specified VLAN interface DHCP address pool(s).
By default, clients are h-nodes.
For the related commands, see netbios-type and dhcp server nbns-list.
Example
# Specify clients using the DHCP address pool on VLAN interface 1 to be p-nodes.
[Quidway-Vlan-interface1] dhcp server netbios-type p-node
6.2.9 dhcp server option
Syntax
Following is the command for configuring in VLAN interface view a DHCP option for the
DHCP address pool on the current VLAN interface:
dhcp server option code { ascii ascii-string | hex hex-string | ip-address ip-address
[ ip-address ] }
undo dhcp server option code
6-10
Following is the command for configuring in system view a DHCP option for the DHCP
address pools on multiple VLAN interfaces:
dhcp server option code { ascii ascii-string | hex hex-string | ip-address ip-address
[ ip-address ] } { interface vlan-interface vlan_id [ to vlan-interface vlan_id ] | all }
undo dhcp server option code { interface vlan-interface vlan_id [ to vlan-interface
vlan_id ] | all }
View
Parameter
code: User-defined option value, in the range of 2 to 254.

ascii ascii-string: ASCII string comprising 1 to 63 characters.
hex hex-string: 2-digit or 4-digit hexadecimal string, such as hh or hhhh.
ip-address ip-address [ ip-address ]: Up to eight IP addresses separated by spaces.
interfaces.
Description
Using the dhcp server option command, you can configure a DHCP option for the
specified VLAN interface DHCP address pool(s). Using the undo dhcp server option
command, you can delete the DHCP option configured for the VLAN interface DHCP
address pool(s).
If you configure a DHCP option for multiple times, the latest one replaces the previous
one.
For the related command, see option.
Example
# Define the hexadecimal strings 0x11 and 0x22 with the code 100 in the DHCP
address pool on VLAN interface 1.
[Quidway-Vlan-interface1] dhcp server option 100 hex 11 22
6.2.10 dhcp server ping
Syntax
dhcp server ping { packets number | timeout milliseconds }

undo dhcp server ping { packets | timeout }
6-11
View
System view
Parameter
packets number: The maximum number of ping packets allowed to be sent, which is in
the range of 0 (no ping attempt) to 10 and defaults to 2.
timeout milliseconds: The longest time period that the DHCP server waits for the
response to each ping packet, which is in the range of 0 to 10000 milliseconds and
defaults to 500 milliseconds.
Description
Using the dhcp server ping command, you can configure the maximum number of
ping packets that the DHCP server is allowed to send and the longest time period that it
waits for the response to each ping. Using the undo dhcp server ping command, you
can restore the default settings.
Example
# Allow the DHCP server to send up to ten ping packets and wait 500 milliseconds
(default) for the response to each ping.
[Quidway] dhcp server ping packets 10
6.2.11 dhcp server static-bind
Syntax
dhcp server static-bind ip-address ip-address mac-address mac-address

undo dhcp server static-bind { ip-address ip-address | mac-address mac-address }
View
VLAN interface view
Parameter
ip-address: IP address in a static binding, a valid IP address selected from the address
pool on the current VLAN interface.
mac-address: MAC address in a static binding.
Description
Using the dhcp server static-bind command, you can configure a static address
binding in the DHCP address pool on the current VLAN interface. Using the undo dhcp
server static-bind command, you can remove the binding.
By default, no static address binding is configured in any VLAN interface address pool.
6-12
IP addresses and MAC addresses in all the static bindings on a VLAN interface must be
unique.
Example
# Statically bind the MAC address 0000-e03f-0305 with the IP address 10.1.1.1.
[Quidway-Vlan-interface1] dhcp server static-bind 10.1.1.1 0000-e03f-0305
6.2.12 display dhcp server conflict
Syntax
display dhcp server conflict { all | ip ip-address }
View
Any view
Parameter
all: All IP addresses.

ip-address: Specifies an IP address.
Description
Using the display dhcp server conflict command, you can view the statistics
information about DHCP address conflict.
For the related command, see reset dhcp server conflict.
Example
# Display the statistics information about DHCP address conflict.

<Quidway> display dhcp server conflict all
Address Discover Time
10.110.1.2 Jan 11 2003 11:57: 7 PM
Table 6-1 Description of the output information of display dhcp server conflict
Field Description
Address Conflicted IP address
Discover Time Time when the conflict is discovered
6-13
6.2.13 display dhcp server expired
Syntax
display dhcp server expired { ip ip-address | pool [ pool-name ] | interface

[ vlan-interface vlan_id ] | all }
View
Any view
Parameter
ip ip-address: Specifies an IP address.

pool [ pool-name ]: Name of a global address pool. If no address pool is specified, all
the global address pools apply.
interface [ vlan-interface vlan_id ]: Specifies a per-interface DHCP address pool by
specifying VLAN interface. If no interface is specified, address pools on all VLAN
interfaces apply.
all: All DHCP address pools.
Description
Using the display dhcp server expired command, you can view information of
expired leases in DHCP address pools. After all the available addresses in a DHCP
address pool are allocated, the DHCP server allocates addresses in the expired leases
to clients.
Example
# Display information of expired leases in DHCP address pools.

<Quidway> display dhcp server expired all
Global pool:
IP address Hardware address Lease expiration Type
Interface pool:
IP address Hardware address Lease expiration Type
Table 6-2 Description of the output of display dhcp server expired
Field Description
Global pool Information of expired address leases in global address pools
Information of expired address leases in VLAN interface
Interface pool
address pools
IP address IP address in a binding
Hardware address MAC address in a binding
Lease expiration Lease expiration time
6-14
Field Description
Type Address binding type
6.2.14 display dhcp server free-ip
Syntax
display dhcp server free-ip
View
Any view
Parameter
None
Description
Using the display dhcp server free-ip command, you can view the ranges of available
addresses in DHCP address pools, that is, information of unallocated IP addresses.
Example
# Display ranges of the available addresses in DHCP address pools.

<Quidway> display dhcp server free-ip
IP Range from 1.0.0.0 to 2.2.2.1
IP Range from 2.2.2.3 to 2.255.255.255
IP Range from 4.0.0.0 to 4.255.255.255
IP Range from 5.5.5.0 to 5.5.5.0
IP Range from 5.5.5.2 to 5.5.5.255
6.2.15 display dhcp server ip-in-use
Syntax
display dhcp server ip-in-use { ip ip-address | pool [ pool-name ] | interface

[ vlan-interface vlan_id ] | all }
View
Any view
Parameter
ip ip-address: Specifies an IP address.

6-15

interfaces apply.
Description
Using the display dhcp server ip-in-use command, you can view address bindings in
DHCP address pools.
For the related command, see reset dhcp server ip-in-use.
Example
# Display information of DHCP address bindings.

<Quidway> display dhcp server ip-in-use all
Global pool:
IP address Hardware address VlanId Lease expiration Type
Interface pool:
IP address Hardware address VlanId Lease expiration Type
6.6.6.1 00e0-fc00-1501 1 Feb 4 2005 07:00:49 AM Auto:COMMITTED
Table 6-3 Description of the output of display dhcp server ip-in-use
Field Description
Global pool Information of address bindings in global address pools
Information of address bindings in VLAN interface
Interface pool
address pools
IP address IP address in a binding

Hardware address MAC address in a binding
Lease expiration Lease expiration time

Type Address binding type
6.2.16 display dhcp server statistics
Syntax
display dhcp server statistics
View
Any view
6-16
Parameter
None
Description
Using the display dhcp server statistics command, you can view the statistics
information about the DHCP server.
For the related command, see reset dhcp server statistics.
Example
# Display statistic information about the DHCP server.

<Quidway> display dhcp server statistics
Global Pool:
Pool Number: 5
Binding
Auto: 0
Manual: 1
Expire: 0
Interface Pool:
Pool Number: 1
Binding
Auto: 1
Manual: 0
Expire: 0
Boot Request: 6
Dhcp Discover: 1
Dhcp Request: 4
Dhcp Decline: 0
Dhcp Release: 1
Dhcp Inform: 0
Boot Reply: 4
Dhcp Offer: 1
Dhcp Ack: 3
Dhcp Nak: 0
Bad Messages: 0
Table 6-4 Description of the output of display dhcp server statistics
Field Description
Global Pool Statistics information about global address pools
Statistics information about VLAN interface address
Interface Pool
pools
Pool Number Number of address pools
6-17
Field Description
Auto Number of automatic address bindings
Manual Number of manual address bindings
Expire Number of expired IP address leases
Boot Request: 6
Dhcp Discover: 1
Dhcp Request: 4
Messages sent by the DHCP clients to server
Dhcp Decline: 0
Dhcp Release: 1
Dhcp Inform: 0
Boot Reply: 4
Dhcp Offer: 1
Messages sent by the DHCP server to clients
Dhcp Ack: 3
Dhcp Nak: 0
Bad Messages Number of messages with errors
6.2.17 display dhcp server tree
Syntax
display dhcp server tree { pool [ pool-name ] | interface [ vlan-interface vlan_id ] |

all }
View
Any view
Parameter
interfaces apply.
Description
Using the display dhcp server tree command, you can view the tree of DHCP address
pools.
Example
# Display the tree of DHCP address pools.
6-18
<Quidway> display dhcp server tree all

Global pool:
Pool name: 5
network 10.10.1.0 mask 255.255.255.0
Child node:6
Sibling node:7
option 1 ip-address 255.0.0.0
expired 1 0 0
option 58 hex 00 00 A8 C0
option 59 hex 00 00 00 3C
Pool name: 6
static-bind ip-address 10.10.1.2 mask 255.0.0.0
static-bind mac-address 00e0-00fc-0001
Parent node:5
option 1 ip-address 255.255.0.
expired 1 0 0
Pool name: 7
network 10.10.1.64 mask 255.255.255.192
PrevSibling node:5
option 1 ip-address 255.0.0.0
gateway-list 2.2.2.2
dns-list 1.1.1.1
domain-name 444444
nbns-list 3.3.3.3
expired 1 0 0
Table 6-5 Description of the output of display dhcp server tree
Field Description
Global pool Information about global address pools
Interface pool Information about VLAN interface address pools

Pool Name Address pool name
network Address ranges available for allocation
6-19
Field Description
static-bind ip-address
10.10.1.2 mask 255.0.0.0
Static IP-MAC address bindings
static-bind mac-address
00e0-00fc-0001
The child node of the current node is address pool
6.
The node in this position can be:
Child node, which is the child node (subnet) of the
current address pool
Parent node, which is the father node (natural
child node:6 network segment) of the current node
Sibling node, which is the next sibling node
(another subnet on the same natural network
segment). The order of sibling nodes depends on
the order in which they are configured.
PrevSibling node, which is the previous sibling
node of the current node
Option DHCP option

Address lease duration indicated by days, hours,
expired
and minutes
gateway-list Egress gateways allocated to DHCP clients
dns-list DNS servers allocated to DHCP clients

domain-name Domain name specified for DHCP clients
nbns-list NetBIOS server allocated to DHCP clients
6.2.18 dns-list
Syntax
dns-list ip-address [ ip-address ]

undo dns-list { ip-address | all }
View
DHCP address pool view
Parameter
ip-address: IP address of DNS server. You can configure up to eight IP addresses

all: IP addresses of all the configured DNS servers.
6-20
Description
Using the dns-list command, you can configure a list of DNS servers in a global DHCP
address pool. Using the undo dns-list command, you can remove one or all DNS
server addresses from the global address pool.
By default, no DNS server address is configured.
If you configure DNS server list for multiple times, the latest DNS server list replaces
the previous one.
For the related commands, see dhcp server dns-list and dhcp server ip-pool.
Example
# Assign the DNS server address 1.1.1.254 to global DHCP address pool 0.
[Quidway-dhcp-0] dns-list 1.1.1.254
6.2.19 domain-name
Syntax
domain-name domain-name
undo domain-name
View
Parameter
domain-name: Domain name to be assigned to DHCP clients using the global DHCP
address pool, which is a string of 3 to 50 characters.
Description
Using the domain-name command, you can specify the domain name to be assigned
to clients using the DHCP address pool. Using the undo domain-name command, you
can delete the domain name configuration of the global DHCP address pool.
By default, no domain name is configured for clients.
For the related commands, see dhcp server ip-pool and dhcp server domain-name.
Example
# Specify “mydomain.com” as the domain name to be assigned to the clients using

global DHCP address pool 0.
[Quidway-dhcp-0] domain-name mydomain.com
6-21
6.2.20 expired
Syntax
expired { day day [ hour hour [ minute minute ] ] | unlimited }

undo expired
View
Parameter
day day: Number of days in the range of 0 to 365.

hour hour: Number of hours in the range of 0 to 23.
minute minute: Number of minutes in the range of 0 to 59.
unlimited: Unlimited lease (actually the system-defined lease duration is 25 years).
Description
Using the expired command, you can specify the duration that addresses in the global
DHCP address pool can be leased. Using the undo expired command, you can
restore the default address lease duration used by the DHCP address pools.
By default, address lease duration is one day.
The lease duration can be extended up to the year 2106.
For the related commands, see dhcp server ip-pool and dhcp server expired.
Example
# IP addresses from DHCP address pool 0 can be leased for 1 day, 2 hours, and 3
minutes.
[Quidway-dhcp-0] expired day 1 hour 2 minute 3
6.2.21 gateway-list
Syntax
gateway-list ip-address [ ip-address ]

undo gateway-list { ip-address | all }
View
6-22
Parameter
ip-address: IP address of egress gateway. You can configure up to eight IP addresses

all: All IP addresses of egress gateways.
Description
Using the gateway-list command, you can configure a list of egress gateways for
DHCP clients by specifying their IP addresses. Using the undo gateway-list command,
you can delete one or all egress gateways for DHCP clients.
By default, no IP address of egress gateway is configured for clients.
If egress gateway list is configured for multiple times, the latest one will replace the
previous one.
Example
# Assign the egress gateway with the IP address 10.110.1.99 to global DHCP address
pool 0.
[Quidway-dhcp-0] gateway-list 10.110.1.99
6.2.22 nbns-list
Syntax
nbns-list ip-address [ ip-address ]

undo nbns-list { ip-address | all }
View
Parameter
ip-address: IP address of NetBIOS server. You can configure up to eight IP addresses

all: IP addresses of all configured the NetBIOS servers.
Description
Using the nbns-list command, you can configure a list of NetBIOS servers in a global
DHCP address pool. Using the undo nbns-list command, you can remove one or all
NetBIOS server addresses from the global address pool.
By default, no NetBIOS server address is configured.
If you configure NetBIOS server list for multiple times, the latest NetBIOS server list will
replace the previous one.
6-23
For the related commands, see dhcp server ip-pool, dhcp server nbns-list, and
netbios-type.
Example
# Assign the NetBIOS server address 10.12.1.99 to global DHCP address pool 0.
[Quidway-dhcp-0] nbns-list 10.12.1.99
6.2.23 netbios-type
Syntax
netbios-type { b-node | h-node | m-node | p-node }

undo netbios-type
View
Parameter
b-node: Broadcast mode where NetBIOS nodes get their hostname-IP maps through
broadcast.
p-node: Peer-to-peer mode, where NetBIOS nodes get their hostname-IP maps by
communicating with the NetBIOS server.
m-node: Mixed (m) mode, where NetBIOS nodes are p-nodes with the broadcast
feature.
h-node: Hybrid (h) mode, where NetBIOS nodes are b-nodes with the peer-to-peer
communications mechanism.
Description
Using the netbios-type command, you can configure NetBIOS node type of the clients
using the global DHCP address pool. Using the undo netbios-type command, you can
delete the configuration of NetBIOS node type in the global DHCP address pool.
By default, clients are h-nodes.
For the related commands, see dhcp server ip-pool, dhcp server netbios-byte, and
nbns-list.
Example
# Specify clients using global DHCP address pool 0 to be b-nodes.

[Quidway-dhcp-0] netbios-type b-node
6-24
6.2.24 network
Syntax
network ip-address [ mask netmask ]

undo network
View
Parameter
ip-address: IP address range used for dynamic allocation in the address pool.
mask netmask: Network mask of the IP address pool. If this parameter is not specified,
natural mask applies.
Description
Using the network command, you can configure an IP address range for dynamic
allocation. Using the undo network command, you can delete the configured IP
address range for dynamic allocation.
By default, no IP address range is configured for dynamic allocation.
Each DHCP address pool can have only one network segment. If the network
command is configured for multiple times, the latest configuration replaces the previous
one.
For the related commands, see dhcp server ip-pool and dhcp server forbidden-ip.
Example
# Use 192.168.8.0/24 as the address range of global DHCP address pool 0.

[Quidway-dhcp-0] network 192.168.8.0 mask 255.255.255.0
6.2.25 option
Syntax
option code { ascii ascii-string | hex hex-string | ip-address ip-address [ ip-address ] }

undo option code
View
Parameter
code: User-defined option value, which is in the range of 2 to 254.

ascii ascii-string: ASCII string comprising 1 to 63 characters.
6-25
hex hex-string: 2-digit or 4-digit hexadecimal string, such as hh or hhhh.

ip-address ip-address [ ip-address ]: Up to eight IP addresses separated by spaces.
Description
Using the option command, you can define a DHCP option in the global DHCP
address pool. Using the undo option command, you can delete the DHCP option
configured in the DHCP address pool.
If you configure a DHCP option for multiple times, the latest one replaces the previous
one.
For the related commands, see dhcp server ip-pool and dhcp server option.
Example
# Define the hexadecimal strings 0x11 and 0x22 with the code 100 in the global DHCP
address pool.
[Quidway-dhcp-0] option 100 hex 11 22
6.2.26 reset dhcp server conflict
Syntax
reset dhcp server conflict { ip ip-address | all }
View
User view
Parameter
ip-address: Clears the statistics information about address conflicts of the specified IP
address.
all: Clears statistics information of all address conflicts.
Description
Using the reset dhcp server conflict command, you can clear the statistics
information about DHCP address conflict.
For the related command, see display dhcp server conflict.
Example
# Clear statistics information about all the address conflicts.

<Quidway> reset dhcp server conflict all
6-26
6.2.27 reset dhcp server ip-in-use
Syntax
reset dhcp server ip-in-use{ all | interface [ vlan-interface vlan_id ] | ip ip-address |

pool [ pool-name ] }
View
User view
Parameter
all: All IP address bindings.

ip-address: Binding information of the specified IP address.
pool-name: Global address pool. If it is not specified, all global address pools apply.
interface-name: Specifies a VLAN interface address pool. If it is not specified, all VLAN
interface address pools apply.
Description
Using the reset dhcp server ip-in-use command, you can clear DHCP dynamic
address bindings information.
For the related command, see display dhcp server ip-in-use.
Example
# Clear binding information of the address 10.110.1.1.

<Quidway> reset dhcp server ip-in-use ip 10.110.1.1
6.2.28 reset dhcp server statistics
Syntax
reset dhcp server statistics
View
User view
Parameter
None
Description
Using the reset dhcp server statistics command, you can clear statistic information
about the DHCP server, including such information as the number of DHCP address
pools, automatic and manual address bindings and expired ones, and the number of
unknown messages, DHCP requests, and responses.
6-27
For the related command, see display dhcp server statistics.
Example
# Clear statistic information about the DHCP server.

<Quidway> reset dhcp server statistics
6.2.29 static-bind ip-address
Syntax
static-bind ip-address ip-address [ mask netmask ]

undo static-bind ip-address
View
Parameter
ip-address: IP address to be bound.

mask netmask: Mask of the IP address to be bound. If it is not specified, the natural
mask applies.
Description
Using the static-bind ip-address command, you can configure the IP address to be
used in a static binding. Using the undo static-bind ip-address command, you can
delete the IP address in a binding.
By default, no IP address is bound statically.
The commands static-bind ip-address and static-bind mac-address must be used
in pairs to statically bind an IP address with a MAC address.
For the related commands, see dhcp server ip-pool and static-bind mac-address.
Example
# Bind the MAC address 0000-e03f-0305 with the IP address 10.1.1.1 using the mask
255.255.255.0.
[Quidway-dhcp-0] static-bind ip-address 10.1.1.1 mask 255.255.255.0
[Quidway-dhcp-0] static-bind mac-address 0000-e03f-0305
6.2.30 static-bind mac-address
Syntax
static-bind mac-address mac-address

undo static-bind mac-address
6-28
View
Parameter
mac-address: MAC address to be bound.
Description
Using the static-bind mac-address command, you can configure the MAC address to
be used in a static binding. Using the undo static-bind mac-address command, you
can delete the MAC address in a binding.
By default, no MAC address is bound statically.
The commands static-bind mac-address and static-bind ip-address must be used
in pairs to statically bind a MAC address with an IP address.
For the related commands, see dhcp server ip-pool and static-bind ip-address.
Example
# Bind the MAC address 0000-e03f-0305 with the IP address 10.1.1.1 using the mask
255.255.255.0.
[Quidway-dhcp-0] static-bind ip-address 10.1.1.1 mask 255.255.255.0
[Quidway-dhcp-0] static-bind mac-address 0000-e03f-0305
6.3 DHCP Relay Configuration Commands

6.3.1 address-check dhcp-relay
Syntax
address-check dhcp-relay enable

address-check dhcp-relay disable
View
VLAN interface view
Parameter
None
Description
Use the address-check dhcp-relay enable command to activate the dynamic entries
generated by the DHCP relay.
Use the address-check dhcp-relay disable command to deactivate the dynamic
entries generated by the DHCP relay
6-29
By default, the dynamic entries generated by the DHCP relay are activated.
Only when the dynamic entries are activated, the corresponding devices can pass the
DHCP security check.
This configuration takes effect only when the DHCP security feature is enabled on the
VLAN interface.
Example
# Deactivate the dynamic entries generated by the DHCP relay.

[Quidway-Vlan-interface1] dhcp relay security address-check enable
[Quidway-Vlan-interface1] address-check dhcp-relay disable
6.3.2 address-check no-matched
Syntax
address-check no-matched enable

address-check no-matched disable
View
VLAN interface view
Parameter
None
Description
Use the address-check no-matched enable command to inhibit unknown machines

from passing through the DHCP security check.
Use the address-check no-matched disable command to allow unknown machines
to pass through the DHCP security check.
By default, unknown machines are inhibited from passing through the DHCP security
check.
The so called unknown machine is a device which IP and MAC addresses are not
contained in any DHCP security table entry.
This configuration takes effect only when the DHCP security feature is enabled on the
VLAN interface.
6-30
Example
# Inhibit unknown machines from passing through the DHCP security check on a VLAN
interface.
[Quidway-Vlan-interface1] address-check no-matched enable
6.3.3 debugging dhcp relay
Syntax
debugging dhcp relay { error | event | packet [ client mac mac-address ] }

undo debugging dhcp relay { error | event | packet [ client mac mac-address ] }
View
User view
Parameter
error: Debugging on DHCP relay errors such as unknown messages.

event: DHCP relay event debugging.
packet: Debugging on transmitted and received packets by the DHCP relay.
client mac mac-address: MAC address of DHCP client.
Description
Using the debugging dhcp relay command, you can enable DHCP relay debugging.
Using the undo debugging dhcp relay command, you can disable DHCP relay
debugging.
By default, DHCP relay debugging is disabled.
Example
# Enable DHCP relay event debugging.

<Quidway> debugging dhcp relay event
6.3.4 dhcp relay release
Syntax
dhcp relay release client-ip mac-address [ server-ip ]
6-31
View
Parameter
client-ip: IP address of DHCP client.

mac-address: MAC address of DHCP client.
server-ip: IP address of DHCP server.
Description
Using the dhcp relay release command, you can send an IP address release request
to a DHCP server by using DHCP relay.
When no DHCP server is specified, the DHCP relay in system view sends release
requests to all the DHCP servers but in VLAN interface view only to the DHCP servers
on the VLAN interface.
After receiving an IP address release request from the DHCP relay, the DHCP server
releases the IP address from the IP-in-use address pool and moves it to the
lease-expired queue. Normally, this address will experience some time before
participating in allocation again. For the client, however, this address is not released
and will be used until its lease really expires.
Example
# Request the DHCP server at 10.110.91.174 to release the IP address 192.2.2.25

assigned to the client with the MAC address 0050-ba34-2000.
[Quidway] dhcp relay release 192.2.2.25 0050-ba34-2000 10.110.91.174
6.3.5 dhcp relay security address-check
Syntax
dhcp relay security address-check enable

dhcp relay security address-check disable
View
VLAN interface view
Parameter
None
Description
Using the dhcp relay security address-check enable command, you can enable the
security feature of DHCP relay to check the validity of user addresses on the VLAN
6-32
interface. Using the dhcp relay security address-check disable command, you can
disable the security feature of DHCP relay and thus disable check on the validity of user
addresses on the VLAN interface.
By default, the security feature of DHCP relay is disabled on VLAN interfaces.
Example
# Enable the security feature of DHCP relay on VLAN interface 1.

6.3.6 dhcp relay security
Syntax
dhcp relay security ip_address mac_address static

undo dhcp relay security ip_address
View
System view
Parameter
ip_address: IP address in an IP-MAC map entry for security check in DHCP relay.
mac_address: MAC address in the IP-MAC map entry for security check in DHCP relay.
Description
Using the dhcp relay security command, you can configure an IP-MAC map entry for
security check in DHCP relay. Using the undo dhcp relay security command, you can
delete an IP-MAC map entry for security check in DHCP relay.
For the related command, see display dhcprelay-security.
Example
# Map the IP address 1.1.1.1 to the MAC address 0005-5D02-F2B3 for security check
in DHCP relay.
[Quidway] dhcp relay security 1.1.1.1 0005-5D02-F2B3 static
6.3.7 display dhcp relay address
Syntax
display dhcp relay address [ interface vlan-interface vlan_id | all ]
View
Any view
6-33
Parameter
interface vlan-interface vlan_id: Specifies a VLAN interface.

Description
Using the display dhcp relay address command, you can view the DHCP relay
address configuration on one or all VLAN interfaces.
For the related command, see ip relay address.
Example
# Display the DHCP relay address configurations of all the VLAN interfaces.
<Quidway> display dhcp relay address all
** Vlan-interface1 DHCP Relay Address **
Relay Address [0] : 10.1.1.1
6.3.8 display dhcp relay statistics
Syntax
display dhcp relay statistics
View
Any view
Parameter
None
Description
Using the display dhcp relay statistics command, you can view the statistics
information about DHCP relay.
Example
# Display the statistics information about DHCP relay.

<Quidway> display dhcp relay statistics
Bad Packets recieved: 0
DHCP packets received from clients: 0
DHCP DISCOVER packets received: 0
DHCP REQUEST packets received: 0
DHCP INFORM packets received: 0
DHCP DECLINE packets received: 0
DHCP packets received from servers: 0
DHCP OFFER packets received: 0
6-34
DHCP ACK packets received: 0

DHCP NAK packets received: 0
DHCP packets sent to servers: 0
DHCP packets sent to clients: 0
Unicast packets sent to clients: 0
Broadcast packets sent to clients: 0
6.3.9 display dhcprelay-security
Syntax
display dhcprelay-security [ ip-address ]
View
Any view
Parameter
ip_address: Specifies security-specific address map entry to be viewed by specifying

the IP address in it.
Description
Using the display dhcprelay-security command, you can view information of address
map used for security check by DHCP relay.
Example
# Display information of the address map used for security check by DHCP relay.
<Quidway> display dhcprelay-security
IP Address MAC Address IP Address Type
1.1.1.1 00e0-0000-0000 Static
6.3.10 ip relay address
Syntax
Following is the command for configuring in VLAN interface view the DHCP server
address to which the current VLAN interface relays packets:
ip relay address ip-address
undo ip relay address { ip-address | all }
Following is the command for configuring in system view DHCP server address to
which multiple VLAN interfaces relay packets:
ip relay address ip-address { interface vlan-interface vlan_id [ to vlan-interface
vlan_id ] | all }
6-35
undo ip relay address { ip-address | all } { interface vlan-interface vlan_id [ to

View
Parameter
ip-address: IP address of DHCP server.

interfaces.
Description
Using the ip relay address command, you can specify the DHCP server address to
which the specified VLAN interface(s) relay packets. Using the undo ip relay address
command, you can delete the configured DHCP server address to which the specified
VLAN interface(s) relay packets.
Example
# Configure the DHCP server address 202.38.1.2, to which VLAN interface 1 relays
packets.
[Quidway-Vlan-interface1] ip relay address 202.38.1.2
6.3.11 ip relay address cycle
Syntax
ip relay address cycle

undo ip relay address cycle
View
System view
Parameter
None
Description
Using the ip relay address cycle command, you can enable DHCP servers to share
the load. Using the undo ip relay address cycle command, you can disable DHCP
servers to share the load.
By default, DHCP servers do not share the load and requests from DHCP clients are
only sent to the DHCP server configured first.
6-36
Example
# Enable DHCP servers to share the load.

[Quidway] ip relay address cycle
6.3.12 reset dhcp relay statistics
Syntax
reset dhcp relay statistics
View
User view
Parameter
None
Description
Using the reset dhcp relay statistics command, you can clear the statistics
information about DHCP relay.
For the related command, see display dhcp relay statistics.
Example
# Clear the statistics information about DHCP relay.

<Quidway> reset dhcp relay statistics
6-37
Quidway S3500 Series Ethernet Switches Chapter 7 DHCP Snooping Configuration Commands
Chapter 7 DHCP Snooping Configuration

Commands
Note:
7.1 DHCP Snooping Configuration Commands

7.1.1 dhcp-snooping
Syntax
dhcp-snooping
undo dhcp-snooping
View
System view
Parameter
None
Description
Use the dhcp-snooping command to enable DHCP snooping function on the switch.
Use the undo dhcp-snooping command to disable this function.
By default, DHCP snooping function is not enabled.
Related command: display dhcp-snooping.
Note that:
You must first disable DHCP relay (no DHCP server is configured on any Layer 3 port)
before enabling DHCP snooping on the switch.
Example
# Enable DHCP snooping.

7-1

[Quidway] dhcp-snooping
DHCP Relay has already been enabled, you can not config dhcp relay!
7.1.2 dhcp-snooping trust
Syntax
dhcp-snooping trust
undo dhcp-snooping trust
View
Ethernet port view
Parameter
None
Description
Using dhcp-snooping trust command, you can configure a trusted port. Using undo
dhcp-snooping trust command, you can restore the trusted port as distrusted.
By default, the switch ports are set as distrusted.
For the related command, see display dhcp-snooping trust.
Example
# Configure Ethernet0/1 as a trusted port.

[Quidway-Ethernet0/1] dhcp-snooping trust
7.1.3 display dhcp-snooping
Syntax
display dhcp-snooping
View
Any view
Parameter
None.
Description
Use the display dhcp-snooping command to view the association table recorded by
DHCP snooping, including the user IP address allocated by the DHCP server, MAC
address, lease time of the IP address, VLAN where the switch port for the user belong.
7-2
Related command: dhcp-snooping.
Example
# Display the association table recorded by DHCP snooping.

<Quidway> display dhcp-snooping
Type IP Address MAC Address Lease VLAN Interface
====================================================================
dynamic 202.38.12.45 00e0-fc00-0006 286 1 Ethernet1/0/1
Table 7-1 Description on the fields of the display dhcp-snooping command
Field Description
Type Binding type
IP Address User IP address allocated by the DHCP server
MAC Address MAC address
Lease Lease time of the IP address

VLAN VLAN where the switch port for the user belong
Interface The switch port to which the user is connected
7.1.4 display dhcp-snooping trust
Syntax
display dhcp-snooping trust
View
Any view
Parameter
None
Description
Using display dhcp-snooping trust command, you can view the status of the
DHCP-Snooping function and the information about the trusted ports.
For the related command, see dhcp-snooping trust.
Example
# Display the status of the DHCP-Snooping function and the information about the
trusted ports.
<Quidway> display dhcp-snooping trust
dhcp-snooping is enabled
7-3
dhcp-snooping trust become effective
Interface Trusted
=================================
Ethernet0/1 Trusted
7-4
Quidway S3500 Series Ethernet Switches Chapter 8 BOOTP Client Configuration Commands
Chapter 8 BOOTP Client Configuration Commands
Note:
8.1.1 debugging bootp client
Syntax
debugging bootp client

undo debugging bootp client
View
User view
Parameter
None
Description
Using the debugging bootp client command, you can enable BOOTP client
debugging. Using the undo debugging bootp client command, you can disable
BOOTP client debugging.
By default, BOOTP client debugging is disabled.
Example
# Enable BOOTP client debugging.

<Quidway> debugging bootp client
8.1.2 display bootp client
Syntax
display bootp client [ interface vlan-interface vlan-id ]
View
Any view
8-1
Parameter
vlan-id: VLAN interface ID.

vlan-interface vlan_id: Display BOOTP client information of specified VLAN interface.
Description
Using the display bootp client command, you can view the information about BOOTP
client, including its MAC address and the applied IP address etc.
Example
# Display the information about BOOTP client.

[Quidway] display bootp client interface vlan-interface 1
Vlan-interface1:
Allocated IP: 169.254.0.2 255.255.0.0
Transaction ID = 0x3d8a7431
Mac Address 00e0-fc0a-c3ef
Table 8-1 Display information description of display bootp client
Field Description
Vlan-interface1 Configure VLAN interface 1 to obtain IP address using BOOTP
Transaction ID XID filed value in BOOTP packet
8.1.3 ip address bootp-alloc
Syntax
ip address bootp-alloc
undo ip address bootp-alloc
View
VLAN interface view
Parameter
None
Description
Using the ip address bootp-alloc command, you can configure VLAN interface to
obtain IP address using BOOTP. Using the undo ip address bootp-alloc command,
you can remove the configuration.
By default, the VLAN interface does not obtain IP address using BOOTP.
For the related command, see display bootp client.
8-2
Example
# Configure VLAN interface 1 to obtain IP address using BOOTP.

[Quidway-Vlan-interface1] ip address bootp-alloc
8-3
Quidway S3500 Series Ethernet Switches Chapter 9 Access Management Configuration Commands
Chapter 9 Access Management Configuration

Commands
9.1 Access Management Configuration Commands

9.1.1 am enable
Syntax
am enable
undo am enable
View
System view
Parameter
None
Description
Using am enable command, you can enable the access management function. Using
undo am enable command, you can disable the function.
By default, Access management function disabled.
When using the access management function, It is recommended to cancel the static
ARP configuration to ensure that the binding of IP address and Ethernet switch take
effect. If you have configured the static ARP for an IP address in the current port IP
address pool from some other port, the system will prompt to cancel the static ARP
setting.
Example
# Enable the access management function.

[Quidway] am enable
9.1.2 am ip-pool
Syntax
am ip-pool address-list
undo am ip-pool { all | address-list }
9-1
View
Ethernet port view
Parameter
all: Configures to operate on all the IP addresses (or IP address pools).

ip-pool: Configures IP address pool for access management.
address-list: Specifies IP address list in the start_ip_address [ ip_address_num ] & <
1-10 > format. start_ip_address is the start address of an IP address range in the pool.
ip_address_num specifies how many IP addresses following start_ip_address in the
range. & < 1-10 > means you can specify ten IP address ranges at most.
Description
Using am ip-pool command, you can configure the IP address pool for access
management on a port. The packet whose source IP address is in the specified pool is
allowed to be forwarded on Layer 3 via the port of the switch. Using undo am ip-pool
command, you can cancel the access management IP pool of the port.
By default, All the IP address pools for access control on the port are null and all the
packets are permitted through.
Note that if the IP address pool to be configured contains the IP addresses configured
in the static ARP at other ports, then the system prompts you to delete the static ARP to
make the later binding effective.
Example
# Configure the access management IP address pool on Ethernet0/1 and permits the
addresses from 202.112.66.2 through 202.112.66.20 and the specified 202.112.65.1 to
access the port.
[Quidway-Ethernet0/1] am ip-pool 202.112.66.2 19 202.112.65.1
9.1.3 am isolate
Syntax
am isolate interface-list
undo am isolate interface-list
View
Ethernet port view
Parameter
interface-list: Specifies a list of ports isolated from the specified port in the
{ { interface-type interface-number | interface-name } [ to { interface-type
9-2
interface-number | interface-name } ] } &<1-10> format. interface-name: Specified the

port name, represented with interface-name= interface-type interface-number.
Manual. &<1-10> indicates the preceding parameter can be input up to 10 times.
Description
Using am isolate command, you can configure Layer 2 isolation on a port so as to

prevent the packets from being forwarded on Layer 2 between the specified port and
some other port (group). Using undo am isolate command, you can cancel the Layer 2
isolation on the port.
By default, The isolation port pool is null and the packets are allowed to be forwarded
between the specified port and all other ports on Layer 2.
The port isolation is bidirectional. Isolating the port itself does not make any sense.
Example
# Isolate Ethernet0/1 from Ethernet0/2, and Ethernet0/4 through Ethernet0/7.

[Quidway-Ethernet0/1] am isolate ethernet0/2 ethernet 0/4 to ethernet 0/7
9.1.4 am trap enable
Syntax
am trap enable
undo am trap enable
View
System view
Parameter
None
Description
Using am trap enable command, you can enable the access management trap
function. Using undo am trap enable command, you can disable the access
management trap function.
By default, The access management trap disabled.
Example
# Enable the access management trap.

[Quidway] am trap enable
9-3
9.1.5 am user-bind
Syntax
am user-bind { interface { interface-name | interface-type interface-number }

{ mac-addr mac | ip-addr ip }* | mac-addr mac { interface { interface-name |
interface-type interface-number } | ip-addr ip }* | ip-addr ip { interface { interface-name
| interface-type interface-number } | mac-addr mac }* }
undo am user-bind { interface { interface-name | interface-type interface-number }
{ mac-addr mac | ip-addr ip }* | mac-addr mac { interface { interface-name |
interface-type interface-number } | ip-addr ip }* | ip-addr ip { interface { interface-name
| interface-type interface-number } | mac-addr mac }* }
View
System view
Parameter
interface-name: Specifies the port name in the interface-name= interface-type

interface-number format. interface-type: Specifies the port type. interface-number:
Specifies the port number. For parameter description, refer to the interface command.
mac: MAC address.
ip: IP address.
Description
Using am user-bind command, you can bind port, IP address and MAC address.
Using undo am user-bind command, you can remove the binding of port, IP address
and MAC address binding.
Note that:
z One MAC address or one IP address cannot be bound more than once.
z The maximum binding number is 128.
z Do not perform “Port+IP+MAC” and “Port+IP” on the same port.
z S3526E/S3526C switches support this command.
Example
# Bind port Ethernet0/1 and IP address 192.10.1.1.

[Quidway] am user-bind interface ethenet0/1 ip-addr 192.10.1.1
9.1.6 display am
Syntax
display am [ interface-list ]
9-4
View
Any view
Parameter
interface-list: Specifies a list of ports isolated from the specified port in the
{ { interface-type interface-number | interface-name } [ to { interface-type
interface-number | interface-name } ] } &<1-10> format. interface-name: Specified the
port name, represented with interface-name= interface-type interface-number.
Manual. &<1-10> indicates the preceding parameter can be input up to 10 times.
Description
Using display am command, you can view the current access management
configurations on part or all of the ports.
Example
# Display the access management configurations on Ethernet0/1 and Ethernet0/2.

<Quidway> display am ethernet0/1 ethernet0/2
Ethernet0/1
Status : disabled
IP Pools : (NULL)
Isolate Ports: Ethernet0/2
Ethernet0/2
Status : disabled
IP Pools : (NULL)
Isolate Ports: Ethernet0/1
Table 9-1 Description of information generated by the command display am
Field Description
Ethernet Port to be displayed
Status AM state on the port: enabled or disabled
IP pools. NULL represents no configuration. Each IP address
section is represented in X.X.X.X (number), of these, “X.X.X.X”
IP Pools represents the first address, and “number” represents that
“number” consecutive IP addresses from the beginning of this
address are within the IP pools
Isolate Ports Isolate ports. NULL represents no configuration
9-5
9.1.7 display am user-bind
Syntax
display am user-bind [ interface { interface-name | interface-type interface-number } |

mac-addr mac | ip-addr ip ]
View
Any view
Parameter
interface-name: Specifies the port name in the interface-name= interface-type

interface-number format. interface-type: Specifies the port type. interface-number:
Specifies the port number. For parameter description, refer to the interface command.
mac: MAC address.
ip: IP address.
Description
Using display am user-bind command, you can view Port, IP address and MAC
address binding information.
Note that S3526E/S3526C switches support this command.
Example
# Display binding information of Ethernet0/1 port.

<Quidway> display am user-bind interface ethernet0/1
Mac IP Port
NULL 129.10.1.1 Ethernet0/1
9.1.8 port-isolate enable
Syntax
port-isolate enable
undo port-isolate enable
View
VLAN view
Parameter
None
9-6
Description
Using the port-isolate enable command, you can enable the Layer 2 isolation
between ports in the same VLAN.
Using the undo port-isolate enable command, you can to disable the Layer 2
isolation.
By default, the Layer 2 isolation between ports in the same VLAN is disabled, that is,
the Layer 2 forwarding is enabled between ports.
Note that the S3552G, S3552P, S3528G, S3528P, an S3552F support this command.
Example
# Enable the Layer 2 isolation between ports in the same VLAN.

[Quidway-vlan1] port-isolate enable
9.1.9 port-isolate uplink-port vlan
Syntax
port-isolate uplink-port vlan vlan-id

undo port-isolate uplink-port vlan vlan-id
View
Ethernet port view
Parameter
vlan-id: ID of the VLAN to which the uplink port belongs, ranging from 1 to 4094.
Description
Using the port-isolate uplink-port vlan command, you can configure the port as an
uplink port.
Using the undo port-isolate uplink-port vlan command, you can cancel the
configuration.
By default, no uplink port is configured.
Note that:
z The S3552G, S3552P, S3528G, S3528P, and S3552F support this command.
z You can configure an uplink port only after you enable the Layer 2 isolation
between ports in the same VLAN.
z If the uplink port is the kind of trunk port, it is recommended configure the trunk
port to allow all the VLAN traffic to pass through and configure it to be the only
uplink port in the VLAN where the port isolation is enabled.
9-7
Example
# Configure the port Ethernet1/0/1 as an uplink port.

[Quidway-Ethernet1/0/1] port-isolate uplink-port vlan 1
9-8
Quidway S3500 Series Ethernet Switches Chapter 10 IP Performance Configuration Commands
Chapter 10 IP Performance Configuration

Commands
10.1 IP Performance Configuration Commands

10.1.1 display fib
Syntax
display fib
View
Any view
Parameter
None
Description
Using display fib command, you can view the summary of the forwarding information
base. The information includes: destination address/mask length, next hop, current flag,
timestamp and outbound interface.
Example
# Display the summary of the Forwarding Information Base.

<Quidway> display fib
Destination/Mask Nexthop Flag Interface
127.0.0.0/8 127.0.0.1 D InLoopBack0
Table 10-1 Description of the output information of the display fib command
Field Description
The flag options include:
B – Blackhole route
D – Dynamic route
G – Gateway route
Flag H – Local host route
S – Static route
U – Route in UP status
R – Unreachable route
L – Route generated by ARP or ESIS
10-1
10.1.2 display icmp statistics
Syntax
display icmp statistics
View
Any view
Parameter
None
Description
Using display icmp statistics command, you can view the statistics information about
ICMP packets.
For the related command, see display ip interface, reset ip statistics.
Example
# View statistics about ICMP packets.

<Quidway> display icmp statistics
Input: bad formats 0 bad checksum 0
echo 5 destination unreachable 0
source quench 0 redirects 0
echo reply 10 parameter problem 0
timestamp 0 information request 0
mask requests 0 mask replies 0
time exceeded 0
Output:echo 10 destination unreachable 0
source quench 0 redirects 0
echo reply 5 parameter problem 0
timestamp 0 information reply 0
mask requests 0 mask replies 0
time exceeded 0
Table 10-2 Description of the output information of the display icmp statistics
command
Field Description
bad formats Number of input packets in bad format
bad checksum Number of input packets with wrong checksum
echo Number of input/output echo request packets
10-2
Field Description
Number of input/output packets with unreachable
destination unreachable
destination
source quench Number of input/output source quench packets
redirects Number of input/output redirected packets
echo reply Number of input/output echo reply packets
Number of input/output packets with parameter
parameter problem
problem
timestamp Number of input/output timestamp packets
information request Number of input information request packets
mask requests Number of input/output mask request packets
mask replies Number of input/output mask reply packets
information reply Number of output information reply packets
time exceeded Number of time exceeded packets
10.1.3 display ip socket
Syntax
display ip socket [ socktype sock-type ] [ task-id socket-id ]
View
Any view
Parameter
sock-type: The type of a socket: (tcp:1, udp 2, raw ip 3).

task-id: The ID of a task, with the value ranging from 1 to 100.
socket-id: The ID of a socket, with the value ranging from 0 to 3072.
Description
Using the display ip socket command, you can display the information about the
sockets in the current system.
Example
# Display the information about the socket of TCP type.

<Quidway> display ip socket socktype 1
SOCK_STREAM:
Task = VTYD(18), socketid = 1, Proto = 6,
10-3
LA = 0.0.0.0:23, FA = 0.0.0.0:0,
sndbuf = 8192, rcvbuf = 8192, sb_cc = 0, rb_cc = 0,
socket option = SO_ACCEPTCONN SO_KEEPALIVE SO_SENDVPNID SO_SETKEEPALIVE,
socket state = SS_PRIV SS_ASYNC

LA = 10.153.17.99:23, FA = 10.153.17.56:1161,
socket option = SO_KEEPALIVE SO_OOBINLINE SO_SENDVPNID SO_SETKEEPALIVE,
socket state = SS_ISCONNECTED SS_PRIV SS_ASYNC

LA = 10.153.17.99:23, FA = 10.153.17.82:1121,
socket option = SO_KEEPALIVE SO_OOBINLINE SO_SENDVPNID SO_SETKEEPALIVE,
socket state = SS_ISCONNECTED SS_PRIV SS_ASYNC
Table 10-3 Output description of the display ip socket display
Field Description
SOCK_STREAM The socket type
Task The ID of a task

socketid The ID of a socket
Proto The protocol number used by the socket
sndbuf The sending buffer size of the socket

rcvbuf The receiving buffer size of the socket
The current data size in the sending buffer. The value
sb_cc makes sense only for the socket of TCP type, because only
TCP is able to cache data
rb_cc The current data size in the receiving buffer

socket option The option of the socket
socket state The state of the socket
10.1.4 display ip statistics
Syntax
display ip statistics
View
Any view
10-4
Parameter
None
Description
Using display ip statistics command, you can view the statistics information about IP
packets.
For the related command, see display ip interface, reset ip statistics.
Example
# View statistics about IP packets.

<Quidway> display ip statistics
Input: sum 7120 local 112
bad protocol 0 bad format 0
bad checksum 0 bad options 0
Output: forwarding 0 local 27
dropped 0 no route 2
compress fails 0
Fragment:input 0 output 0
dropped 0
fragmented 0 couldn't fragment 0
Reassembling:sum 0 timeouts 0
Table 10-4 Description of the output information of the display ip statistics command
Field Description
sum Sum of input packets
Number of received packets whose destination is
local
the local device
Input: bad protocol Number of packets with wrong protocol number

bad format Number of packets in bad format
bad checksum Number of packets with wrong checksum
bad options Number of packets that has wrong options
forwarding Number of forwarded packets
local Number of packets that are sent by the local device
Output: dropped Number of dropped packets during transmission
no route Number of packets that cannot be routed
compress fails Number of packets that cannot be compressed
10-5
Field Description
input Number of input fragments
output Number of output fragments
dropped Number of dropped fragments
Fragment:
fragmented Number of packets that are fragmented
couldn't
Number of packets that cannot be fragmented
fragment
Reassembli sum Number of packets that are reassembled

ng: timeouts Number of packets that time out
10.1.5 display tcp statistics
Syntax
display tcp statistics
View
Any view
Parameter
None
Description
Using display tcp statistics command, you can view the statistics information about
TCP packets.
The statistics information about TCP packets are divided into two major kinds which are
Received packets and Sent packets. And each kind of packets are further divided into
different kinds such as window probe packets, window update packets, duplicate
packets, and out-of-order packets. Some statistics information that is closely related to
TCP connection, such as window probe packets, window update packets, and data
packets retransmitted is also displayed. All these displayed information are measured
in packet.
For the related commands, see display tcp status, reset tcp statistics.
Example
# View statistics about TCP packets.

[Quidway]display tcp statistics
Received packets:
Total: 753
10-6
packets in sequence: 412 (11032 bytes)

window probe packets: 0, window update packets: 0
checksum error: 0, offset error: 0, short error: 0
duplicate packets: 4 (88 bytes), partially duplicate packets: 5 (7 bytes)
out-of-order packets: 0 (0 bytes)
packets of data after window: 0 (0 bytes)
packets received after close: 0
ACK packets: 481 (8776 bytes)
duplicate ACK packets: 7, too much ACK packets: 0
Sent packets:
Total: 665
urgent packets: 0
control packets: 5 (including 1 RST)
window probe packets: 0, window update packets: 2
data packets: 618 (8770 bytes) data packets retransmitted: 0 (0 bytes)
ACK-only packets: 40 (28 delayed)
Retransmitted timeout: 0, connections dropped in retransmitted timeout: 0

Keepalive timeout: 0, keepalive probe: 0, keepalive timeout, so connections
disc
onnected : 0
Initiated connections: 0, accepted connections: 0, established connections:
0
Closed connections: 0 (dropped: 0, initiated dropped: 0)
10.1.6 display tcp status
Syntax
display tcp status
View
Any view
Parameter
None
Description
Using display tcp status command, you can view the TCP connection state.
Example
# Display the state of all TCP connections.
10-7
<Quidway> display tcp status

TCPCB Local Add:port Foreign Add:port State
03e37dc4 0.0.0.0:4001 0.0.0.0:0 Listening
04217174 100.0.0.204:23 100.0.0.253:65508 EstablishedOutput
description of the display tcp status display
Field Description
Local Add: port Local IP address: local port
Foreign Add: port Remote IP address; remote port
State State of the TCP link
10.1.7 reset ip statistics
Syntax
reset ip statistics
View
User view
Parameter
None
Description
Using reset ip statistics command, you can reset the IP statistics information.
For the related commands, see display ip interface, display ip statistics.
Example
# Reset the IP statistics information.

<Quidway> reset ip statistics
10.1.8 reset tcp statistics
Syntax
reset tcp statistics
View
User view
Parameter
None
10-8
Description
Using reset tcp statistics command, you can reset the TCP statistics information.
For the related command, see display tcp statistics.
Example
# Reset the TCP statistics information.

<Quidway> reset tcp statistics
10.1.9 tcp timer fin-timeout
Syntax
tcp timer fin-timeout time-value

undo tcp timer fin-timeout
View
System view
Parameter
time-value: TCP finwait timer value in second, with the value ranging from 76 to 3600;
By default, 675 seconds.
Description
Using tcp timer fin-timeout command, you can configure the TCP finwait timer. Using
undo tcp timer fin-timeout command, you can restore the default value of the TCP
finwait timer.
When the TCP connection state changes from FIN_WAIT_1 to FIN_WAIT_2, the
finwait timer is enabled. If the switch does not receive FIN packet before finwait timer
timeouts, the TCP connection will be terminated.
For the related command, see tcp timer syn-timeout, tcp window.
Example
# Configure the TCP finwait timer value as 800 seconds.

[Quidway] tcp timer fin-timeout 800
10.1.10 tcp timer syn-timeout
Syntax
tcp timer syn-timeout time-value

undo tcp timer syn-timeout
10-9
View
System view
Parameter
time-value: TCP synwait timer value measured in second, whose value ranges from 2
to 600. The default time-value is75 seconds.
Description
Using tcp timer syn-timeout command, you can configure the TCP synwait timer.
Using undo tcp timer syn-timeout command, you can restore the default value of the
timer.
TCP will enable the synwait timer, if a SYN packet is sent. The TCP connection will be
terminated If the response packet is not received.
For the related command, see tcp timer fin-timeout, tcp window.
Example
# Configure the TCP synwait timer value as 80 seconds.

[Quidway] tcp timer syn-timeout 80
10.1.11 tcp window
Syntax
tcp window window-size

undo tcp window
View
System view
Parameter
window-size: The size of the transmission and receiving buffers measured in kilobytes
(KB), whose value ranges from 1 to 32. By default, the window-size is 8KB.
Description
Using tcp window command, you can configure the size of the transmission and
receiving buffers of the connection-oriented Socket. Using undo tcp window
command, you can restore the default size of the buffer.
For the related command, see tcp timer fin-timeout, tcp timer syn-timeout.
Example
# Configure the size of the transmission and receiving buffers as 3KB.
10-10
[Quidway] tcp window 3
10-11
HUAWEI

Command Manual
Routing Protocol

Command Manual - Routing Protocol
Table of Contents
Chapter 1 Static Route Configuration Commands .................................................................... 1-1

1.1 Display Commands of the Routing Table .......................................................................... 1-1
1.1.1 display ip routing-table ............................................................................................ 1-1
1.1.2 display ip routing-table acl....................................................................................... 1-2
1.1.3 display ip routing-table ip_address.......................................................................... 1-6
1.1.4 display ip routing-table ip_address1 ip_address2................................................... 1-8
1.1.5 display ip routing-table ip-prefix .............................................................................. 1-9
1.1.6 display ip routing-table protocol ............................................................................ 1-10
1.1.7 display ip routing-table radix ................................................................................. 1-11
1.1.8 display ip routing-table statistics ........................................................................... 1-12
1.1.9 display ip routing-table verbose ............................................................................ 1-13
1.2 Static Route Configuration Commands ........................................................................... 1-15
1.2.1 ip route-static......................................................................................................... 1-15
1.2.2 ip route-static default-preference .......................................................................... 1-17
Chapter 2 RIP Configuration Commands.................................................................................... 2-1

2.1 RIP Configuration Commands ........................................................................................... 2-1
2.1.1 checkzero ................................................................................................................ 2-1
2.1.2 default cost .............................................................................................................. 2-2
2.1.3 display rip ................................................................................................................ 2-2
2.1.4 filter-policy export .................................................................................................... 2-3
2.1.5 filter-policy import .................................................................................................... 2-4
2.1.6 host-route ................................................................................................................ 2-5
2.1.7 import-route ............................................................................................................. 2-6
2.1.8 network.................................................................................................................... 2-7
2.1.9 peer ......................................................................................................................... 2-8
2.1.10 preference ............................................................................................................. 2-8
2.1.11 reset ...................................................................................................................... 2-9
2.1.12 rip .......................................................................................................................... 2-9
2.1.13 rip authentication-mode....................................................................................... 2-10
2.1.14 rip input................................................................................................................ 2-11
2.1.15 rip metricin........................................................................................................... 2-12
2.1.16 rip metricout......................................................................................................... 2-13
2.1.17 rip output ............................................................................................................. 2-13
2.1.18 rip split-horizon .................................................................................................... 2-14
2.1.19 rip version............................................................................................................ 2-15
2.1.20 rip work................................................................................................................ 2-16
2.1.21 summary.............................................................................................................. 2-16
i
Chapter 3 OSPF Configuration Commands................................................................................ 3-1

3.1 OSPF Configuration Commands ....................................................................................... 3-1
3.1.1 abr-summary ........................................................................................................... 3-1
3.1.2 area ......................................................................................................................... 3-2
3.1.3 asbr-summary ......................................................................................................... 3-2
3.1.4 authentication-mode................................................................................................ 3-3
3.1.5 default cost .............................................................................................................. 3-4
3.1.6 default interval ......................................................................................................... 3-5
3.1.7 default limit .............................................................................................................. 3-5
3.1.8 default tag................................................................................................................ 3-6
3.1.9 default type.............................................................................................................. 3-7
3.1.10 default-cost............................................................................................................ 3-7
3.1.11 default-route-advertise .......................................................................................... 3-8
3.1.12 display debugging ospf ......................................................................................... 3-9
3.1.13 display ospf abr-asbr............................................................................................. 3-9
3.1.14 display ospf asbr-summary ................................................................................. 3-10
3.1.15 display ospf brief ................................................................................................. 3-12
3.1.16 display ospf cumulative ....................................................................................... 3-13
3.1.17 display ospf error................................................................................................. 3-15
3.1.18 display ospf interface .......................................................................................... 3-18
3.1.19 display ospf lsdb.................................................................................................. 3-19
3.1.20 display ospf nexthop ........................................................................................... 3-21
3.1.21 display ospf peer ................................................................................................. 3-22
3.1.22 display ospf request-queue ................................................................................. 3-24
3.1.23 display ospf retrans-queue.................................................................................. 3-25
3.1.24 display ospf routing ............................................................................................. 3-26
3.1.25 display ospf vlink ................................................................................................. 3-27
3.1.26 filter-policy export ................................................................................................ 3-28
3.1.27 filter-policy import ................................................................................................ 3-29
3.1.28 import-route ......................................................................................................... 3-30
3.1.29 network................................................................................................................ 3-31
3.1.30 nssa..................................................................................................................... 3-32
3.1.31 ospf...................................................................................................................... 3-32
3.1.32 ospf authentication-mode.................................................................................... 3-33
3.1.33 ospf cost .............................................................................................................. 3-34
3.1.34 ospf dr-priority ..................................................................................................... 3-35
3.1.35 ospf mtu-enable .................................................................................................. 3-35
3.1.36 ospf network-type................................................................................................ 3-36
3.1.37 ospf timer dead.................................................................................................... 3-37
3.1.38 ospf timer hello .................................................................................................... 3-38
3.1.39 ospf timer poll ...................................................................................................... 3-39
3.1.40 ospf timer retransmit ........................................................................................... 3-39
ii
3.1.41 ospf trans-delay................................................................................................... 3-40

3.1.42 peer ..................................................................................................................... 3-41
3.1.43 preference ........................................................................................................... 3-41
3.1.44 reset ospf............................................................................................................. 3-42
3.1.45 router id ............................................................................................................... 3-43
3.1.46 silent-interface ..................................................................................................... 3-44
3.1.47 snmp-agent trap enable ospf .............................................................................. 3-45
3.1.48 spf-schedule-interval ........................................................................................... 3-46
3.1.49 stub...................................................................................................................... 3-46
3.1.50 vlink-peer............................................................................................................. 3-47
Chapter 4 BGP Configuration Commands.................................................................................. 4-1

4.1 BGP Configuration Commands ......................................................................................... 4-1
4.1.1 aggregate ................................................................................................................ 4-1
4.1.2 bgp .......................................................................................................................... 4-2
4.1.3 compare-different-as-med....................................................................................... 4-3
4.1.4 confederation id....................................................................................................... 4-4
4.1.5 confederation nonstandard ..................................................................................... 4-5
4.1.6 confederation peer-as ............................................................................................. 4-5
4.1.7 dampening............................................................................................................... 4-6
4.1.8 debugging bgp......................................................................................................... 4-7
4.1.9 default local-preference........................................................................................... 4-8
4.1.10 default med............................................................................................................ 4-9
4.1.11 display bgp group.................................................................................................. 4-9
4.1.12 display bgp network ............................................................................................ 4-10
4.1.13 display bgp paths ................................................................................................ 4-11
4.1.14 display bgp peer .................................................................................................. 4-12
4.1.15 display bgp routing-table ..................................................................................... 4-14
4.1.16 display bgp routing-table as-path-acl .................................................................. 4-15
4.1.17 display bgp routing-table cidr .............................................................................. 4-17
4.1.18 display bgp routing-table community .................................................................. 4-18
4.1.19 display bgp routing-table community-list............................................................. 4-18
4.1.20 display bgp routing-table dampened................................................................... 4-19
4.1.21 display bgp routing-table different-origin-as........................................................ 4-21
4.1.22 display bgp routing-table flap-info ....................................................................... 4-21
4.1.23 display bgp routing-table peer............................................................................. 4-23
4.1.24 display bgp routing-table regular-expression ...................................................... 4-24
4.1.25 filter-policy export ................................................................................................ 4-25
4.1.26 filter-policy import ................................................................................................ 4-25
4.1.27 group ................................................................................................................... 4-26
4.1.28 import-route ......................................................................................................... 4-27
4.1.29 ip as-path-acl....................................................................................................... 4-27
4.1.30 ip community-list.................................................................................................. 4-28
iii
4.1.31 network................................................................................................................ 4-29

4.1.32 peer advertise-community................................................................................... 4-29
4.1.33 peer allow-as-loop............................................................................................... 4-30
4.1.34 peer as-number ................................................................................................... 4-31
4.1.35 peer as-path-acl .................................................................................................. 4-31
4.1.36 peer connect-interface ........................................................................................ 4-32
4.1.37 peer default-route-advertise ................................................................................ 4-33
4.1.38 peer description................................................................................................... 4-33
4.1.39 peer ebgp-max-hop............................................................................................. 4-34
4.1.40 peer enable ......................................................................................................... 4-35
4.1.41 peer filter-policy................................................................................................... 4-35
4.1.42 peer group ........................................................................................................... 4-36
4.1.43 peer ip-prefix ....................................................................................................... 4-37
4.1.44 peer next-hop-local ............................................................................................. 4-37
4.1.45 peer password..................................................................................................... 4-38
4.1.46 peer public-as-only.............................................................................................. 4-39
4.1.47 peer reflect-client................................................................................................. 4-40
4.1.48 peer route-policy ................................................................................................. 4-40
4.1.49 peer route-update-interval................................................................................... 4-41
4.1.50 peer timer ............................................................................................................ 4-42
4.1.51 reflect between-clients ........................................................................................ 4-42
4.1.52 reflector cluster-id................................................................................................ 4-43
4.1.53 refresh bgp .......................................................................................................... 4-44
4.1.54 reset bgp ............................................................................................................. 4-44
4.1.55 reset bgp dampening .......................................................................................... 4-45
4.1.56 reset bgp flap-info ............................................................................................... 4-45
4.1.57 reset bgp group ................................................................................................... 4-46
4.1.58 summary automatic............................................................................................. 4-46
4.1.59 timer .................................................................................................................... 4-47
4.1.60 undo synchronization .......................................................................................... 4-48
Chapter 5 IP Routing Policy Configuration Commands............................................................ 5-1

5.1 IP Routing Policy Configuration Commands ..................................................................... 5-1
5.1.1 apply as-path........................................................................................................... 5-1
5.1.2 apply community ..................................................................................................... 5-2
5.1.3 apply cost ................................................................................................................ 5-3
5.1.4 apply cost-type ........................................................................................................ 5-3
5.1.5 apply ip next-hop ..................................................................................................... 5-4
5.1.6 apply local-preference............................................................................................. 5-5
5.1.7 apply origin .............................................................................................................. 5-5
5.1.8 apply tag.................................................................................................................. 5-6
5.1.9 display ip ip-prefix ................................................................................................... 5-7
5.1.10 display route-policy ............................................................................................... 5-7
iv
5.1.11 filter-policy export .................................................................................................. 5-8

5.1.12 filter-policy import .................................................................................................. 5-9
5.1.13 if-match { acl | ip-prefix }...................................................................................... 5-10
5.1.14 if-match as-path .................................................................................................. 5-11
5.1.15 if-match community ............................................................................................. 5-12
5.1.16 if-match cost ........................................................................................................ 5-12
5.1.17 if-match interface................................................................................................. 5-13
5.1.18 if-match ip next-hop............................................................................................. 5-14
5.1.19 if-match tag.......................................................................................................... 5-15
5.1.20 ip ip-prefix............................................................................................................ 5-15
5.1.21 route-policy.......................................................................................................... 5-16
Chapter 6 Route Capacity Configuration Commands ............................................................... 6-1

6.1 Route Capacity Configuration Commands ........................................................................ 6-1
6.1.1 display memory ....................................................................................................... 6-1
6.1.2 display memory limit................................................................................................ 6-2
6.1.3 memory auto-establish disable ............................................................................... 6-3
6.1.4 memory auto-establish enable ................................................................................ 6-4
6.1.5 memory { safety | limit } ........................................................................................... 6-4
v
Quidway S3500 Series Ethernet Switches Chapter 1 Static Route Configuration Commands
Chapter 1 Static Route Configuration Commands
Note:
When an Ethernet switch runs a routing protocol, it can perform the router functions.
Router that is referred to in the following and its icon represent a generalized router or
an Ethernet switch running routing protocols. To improve readability, this will not be
described in the other parts of the manual.
1.1 Display Commands of the Routing Table

1.1.1 display ip routing-table
Syntax
display ip routing-table
View
Any view
Parameter
None
Description
Using display ip routing-table command, you can view the routing table summary.
This command displays routing table information in summary form. Each line
represents one route. The contents include destination address/mask length, protocol,
preference, metric, next hop and output interface.
Only current used route, i.e., best route, is displayed using display ip routing-table
command.
Example
# View the summary of routing table.

<Quidway> display ip routing-table
Routing Table: public net
Destination/Mask Protocol Pre Cost Nexthop Interface
10.153.25.0/24 DIRECT 0 0 10.153.25.200 Vlan-interface1
1-1
10.153.25.200/32 DIRECT 0 0 127.0.0.1 InLoopBack0

Table 1-1 Description of information generated by the command display ip

routing-table
Field Description
Destination/Mask Destination address/Mask length
Protocol Routing protocol
Pre Routing preference
Cost Cost
Nexthop Next hop address
Output interface, through which the data packet destined for
Interface
the destination network segment is sent
1.1.2 display ip routing-table acl
Syntax
display ip routing-table acl { acl-number | acl-name } [ verbose ]
View
Any view
Parameter
acl-number: the number of basic ACL, ranging from 2000 to 2999.

acl-name: the basic ACL name introduced via names.
verbose: With the parameter, this command displays the verbose information of both
the active and inactive routes that passed filtering rules. Without the parameter, this
command only displays the summary of the active routes that passed filtering rules.
Description
Using display ip routing-table acl command, you can view the route filtered through
specified basic access control list (ACL).
This command is used in track display of route policy to display the route that passed
the filtering rule according the input basic ACL number or name.
The command is only applicable to display the route that passed basic ACL filtering
rules.
1-2
Example
# Display the summary of active routes that are filtered through basic acl 2000.
[Quidway] acl number 2000
[Quidway-acl-basic-2000] rule permit source 10.1.1.1 0.0.0.255
[Quidway-acl-basic-2000] rule deny source any
[Quidway-acl-basic-2000] display ip routing-table acl 2000
Routes matched by access-list 2000:
Summary count: 4
For detailed description of the output information, see Table 1-1.

# Display the verbose information of the active and inactive routes that are filtered
through basic acl 2000.
<Quidway> display ip routing-table acl 2000 verbose
Routes matched by access-list 2000:
Generate Default: no
+ = Active Route, - = Last Active, # = Both * = Next hop in use
Summary count: 2
**Destination: 10.1.1.0 Mask: 255.255.255.0

Protocol: #DIRECT Preference: 0
*NextHop: 10.1.1.2 Interface: 10.1.1.2(Vlan-interface1)
Vlinkindex: 0
State: <Int ActiveU Retain Unicast>
Age: 7:24 Cost: 0/0

*NextHop: 127.0.0.1 Interface: 127.0.0.1(InLoopBack0)
Vlinkindex: 0
State: <NoAdvise Int ActiveU Retain Gateway Unicast>
Age: 7:24 Cost: 0/0

routing-table acl verbose
Field Description
Destination Destination address
Mask Mask
1-3
Field Description
Protocol Routing protocol
Preference Routing preference
Nexthop Next hop address
Output interface, through which the data packet destined for the
Interface
destination network segment is sent
Vlinkindex Virtual link index
1-4
Field Description
Route state description:
ActiveU The route is selected and is optimum
Blackhole route is similar to Reject route, but it will not
Blackhole
send the ICMP unreachable message to the source end
Delete The route is deleted
Gateway Identifies that the route is not an interface route
The route exists, but it is unavailable temporarily for
some reasons (e.g., configured policy or interface is
Hidden
Down). Moreover, you do not wish to delete it. Therefore,
you need to hide it, so as to restore it again later
Holddown is one kind of route redistribution policy

adopted by some distance-vector (D-V) routing protocols
(e.g., RIP), through which these routing protocols can
avoid the flooding of error routes and deliver the routing
Holddown unreachable message accurately. For example, the RIP
redistributes a certain route every a period of time
regardless of whether the actually found routes destined
for the same destination change. For more details, refer
to the specific routing protocols.
The route is discovered by interior gateway protocol

State Int
(IGP).
The routing protocol does not redistribute NoAdvise
NoAdvise
route when it redistributes routes based on the policy.
The routing protocol generally selects the route with the

highest precedence from its routing table, then places it
NotInstall in its core routing table and redistributes it. Although the
NotInstall route cannot be placed in the core routing
table, it is possibly that it is selected and redistributed.
Unlike the normal routes, the Reject route will discard the
packets that select it as their route, and the router will
Reject
send ICMP unreachable message to the source end.
Reject route is usually used for the network test
When the routes from the routing table are deleted, the
routes with Retain flag will not be deleted. Using this
Retain
function you can set Retain flag for some static routes, so
that they can exist in the core routing table.
The route with Static flag will not be cleared from the
routing table after you save it and reboot the router.
Static
Generally, the static route configured manually in the
router belongs to a Static route.
Unicast Unicast route

Age Time to live
Cost Value of the cost
1-5
1.1.3 display ip routing-table ip_address
Syntax
display ip routing-table ip_address [ mask ] [ longer-match ] [ verbose ]
View
Any view
Parameter
ip_address: Destination IP address.

mask: IP address mask, length in dotted decimal notation or integer. It ranges from 0 to
32 when it is expressed with integer.
verbose: With the verbose parameter, this command displays the verbose information
of both the active and inactive routes. Without the parameter, this command only
displays the summary of active routes.
longer-match: Address route matching the destination address in natural mask range.
Description
Using display ip routing-table ip_address command, you can view the routing
information of the specified destination address.
With different parameters, the output of command is different. The following is the
output description for different forms of this command:
z display ip routing-table ip_address
If destination address, ip_address, has corresponding route in natural mask range, this
command will display all subnet routes or only the route best matching the destination
address, ip_address, is displayed. And only the active matching route is displayed.
z display ip routing-table ip_address mask,
This command only displays the route fully matching with specified destination address
and mask.
z display ip routing-table ip_address longer-match
This command displays all destination address route matching with destination
address in natural mask range.
Example
# There is corresponding route in natural mask range. Display the summary.

<Quidway> display ip routing-table 169.0.0.0
169.0.0.0/16 Static 60 0 2.1.1.1 LoopBack1
1-6
# There is no corresponding route (only the longest matching route is displayed) in

natural mask range and summary is displayed.
<Quidway> display ip routing-table 169.253.0.0
169.0.0.0/8 Static 60 0 2.1.1.1 LoopBack1
# There are corresponding routes in the natural mask range. Display the detailed
information.
<Quidway> display ip routing-table 169.0.0.0 verbose
Routing Tables:
Summary count:2
Protocol: #Static Preference: 60
*NextHop: 2.1.1.1 Interface: 2.1.1.1(LoopBack1)
Vlinkindex: 0
State: <Int ActiveU Static Unicast>
Age: 3:47 Cost: 0/0
Vlinkindex: 0
Age: 3:47 Cost: 0/0
# There are no corresponding routes in the natural mask range (only displaying the
longest matched route). Display the detailed information.
<Quidway> display ip routing-table 169.253.0.0 verbose
Routing Tables:
Summary count:2
Vlinkindex: 0
Age: 3:47 Cost: 0/0
Vlinkindex: 0
1-7

Age: 3:47 Cost: 0/0
1.1.4 display ip routing-table ip_address1 ip_address2
Syntax
display ip routing-table ip_address1 mask1 ip_address2 mask2 [ verbose ]
View
Any view
Parameter
ip_address1, ip_address2: Destination IP address in dotted decimal notation.

ip_address1 and ip_address2 determine one address range together to display the
route in this address range. ip_address1 anding with mask1 specifies the start of the
range while ip_address2 anding with mask2 specifies the end.
mask1, mask2: IP address mask, length in dotted decimal notation or integer form. It
ranges from 0 to 32 when it is presented in integer.
verbose: With the verbose parameter, this command displays the verbose information
of both the active and inactive routes. Without the parameter, this command only
displays the summary of active routes.
Description
Using display ip routing-table ip_address1 ip_address2 command, you can view

the route information in the specified address range.
Example
# Display the routing information of destination addresses ranging from 1.1.1.0 to

2.2.2.0.
<Quidway>display ip routing-table 1.1.1.0 24 2.2.2.0 24
Routing tables:
Summary count: 3
1-8
1.1.5 display ip routing-table ip-prefix
Syntax
display ip routing-table ip-prefix ip-prefix-name [ verbose ]
View
Any view
Parameter
ip-prefix-name: ip prefix list name.

verbose: With the parameter, this command displays the verbose information of both
the active and inactive routes that passed filtering rules. Without the parameter, this
command displays the summary of the active routes that passed filtering rules.
Description
Using display ip routing-table ip-prefix command, you can view the route information
that passed the filtering rule according the input ip prefix list name.
If there is no specified address prefix list, this command will display the verbose
information of all active and inactive routes with the parameter verbose and it will
display the summary of all active routes without the parameter verbose.
Example
# Display the summary of the active route that is filtered ip prefix list abc2.
[Quidway] ip ip-prefix abc2 permit 10.1.1.0 24 less-equal 32
[Quidway] display ip routing-table ip-prefix abc2
Routes matched by ip-prefix abc2:
Summary count: 2

# Display the verbose information of the active and inactive routes that are filtered
prefix list abc2.
[Quidway] display ip routing-table ip-prefix abc2 verbose
Routes matched by ip-prefix abc2:
Summary count: 2
1-9

Vlinkindex: 0
Age: 3:23:44 Cost: 0/0

Vlinkindex: 0
Age: 3:23:44 Cost: 0/0
1.1.6 display ip routing-table protocol
Syntax
display ip routing-table protocol protocol [ inactive | verbose ]
View
Any view
Parameter
inactive: With the parameter, this command displays the inactive route information.
Without the parameter, this command displays the active and inactive route
information.
verbose: With the verbose parameter, this command displays the verbose route
information. Without the parameter, this command displays the route summary.
protocol: the parameter has multiple selectable values:
z direct: Display direct connection route information
z static: Display the static route information.
z bgp: Display BGP route information.
z ospf: Display OSPF route information.
z ospf-ase: Display OSPF ASE route information.
z ospf-nssa: Display OSPF NSSA route information.
z rip: Display RIP route information.
Description
Using display ip routing-table protocol command, you can view the route information
of specified protocol.
1-10
Example
# Display all direct connection routes summary.

<Quidway> display ip routing-table protocol direct
DIRECT Routing tables:
Summary count: 8
DIRECT Routing table status:<active>:
Summary count: 7
102.1.1.0/24 DIRECT 0 0 102.1.1.1 LoopBack1
DIRECT Routing table status:<inactive>:
Summary count: 1
100.100.1.1/32 DIRECT 0 0 100.100.1.1 LoopBack0
# View the static routing table.

<Quidway> display ip routing-table protocol static
STATIC Routing tables:
Summary count: 1
STATIC Routing tables status:<active>:
Summary count: 0
STATIC Routing tables status:<inactive>:
Summary count: 1
1.2.3.0/24 STATIC 60 0 1.2.4.5 Vlan-interface10
1.1.7 display ip routing-table radix
Syntax
display ip routing-table radix
View
Any view
Parameter
None
1-11
Description
Using display ip routing-table radix command, you can view the route information in
a tree structure.
Example
<Quidway> display ip routing-table radix

Radix tree for INET (2) inodes 7 routes 5:
+-32+--{210.0.0.1
+--0+
| | +--8+--{127.0.0.0
| | | +-32+--{127.0.0.1
| +--1+
| +--8+--{20.0.0.0
| +-32+--{20.1.1.1

routing-table radix
Field Description
INET Address suite
inodes Number of nodes

routes Number of routes
1.1.8 display ip routing-table statistics
Syntax
display ip routing-table statistics
View
Any view
Parameter
None
Description
Using display ip routing-table statistics command, you can view the statistics of
routing information.
The statistics of routing information includes total route amount, the route amount
added or deleted by protocol, amount of the routes that are labeled deleted but not
deleted, the active route amount and inactive route amount.
1-12
Example
# Display the statistics of route information.

<Quidway> display ip routing-table statistics
Routing tables:
Proto route active added deleted freed
DIRECT 4 4 4 0 0
STATIC 0 0 0 0 0
BGP 0 0 0 0 0
RIP 0 0 0 0 0
OSPF 0 0 0 0 0
O_ASE 0 0 0 0 0
O_NSSA 0 0 0 0 0
AGGRE 0 0 0 0 0
Total 4 4 4 0 0

routing-table statistics
Field Description
Proto Routing protocol
route Number of routes

active Number of active routes
Number of added routes after the router is rebooted or the routing table is
added
cleared last time.
deleted Number of deleted routes (such routes will be freed in a period of time)
freed Number of freed routes
1.1.9 display ip routing-table verbose
Syntax
display ip routing-table verbose
View
Any view
Parameter
None
1-13
Description
Using display ip routing-table verbose command, you can view the verbose routing
table information.
With the verbose parameter, this command displays the verbose routing table
information. The descriptor describing the route state will be displayed first, then the
statistics of the entire routing table will be output and finally the verbose description of
each route will be output.
All current routes, including inactive route and invalid route, can be displayed using
display ip routing-table verbose command.
Example
# Display the verbose routing table information.

<Quidway> display ip routing-table verbose
Routing Tables:
Destinations: 4 Routes: 4
Holddown: 0 Delete: 0 Hidden: 0

Age: 33:42 Cost: 0/0

Age: 33:42 Cost: 0/0

State: <NoAdvise Int ActiveU Retain Unicast>

State: <NotInstall NoAdvise Int ActiveU Retain Gateway Unicast>
1-14
Age: 37:42 Cost: 0/0
First, display statistics of the whole routing table and then output detailed information of
every route entry in turn. The meaning of route status is shown in Table 1-2, and the
statistics of routing table is shown in the following table.

routing-table verbose
Field Description
Holddown Number of held-down routes
Delete Number of deleted routes
Hidden Number of hidden routes
1.2 Static Route Configuration Commands

1.2.1 ip route-static
Syntax
ip route-static ip-address { mask | mask-length } { interface-name | gateway-address }

[ preference preference-value ] [ reject | blackhole ]
undo ip route-static ip-address { mask | mask-length } [ interface-name |
gateway-address ] [ preference preference-value ]
View
system view
Parameter
ip-address: Destination IP address in dotted decimal notation.

mask: Mask.
mask-length: Mask length. Since "1" s in the 32-bit mask are required to be consecutive,
the mask in dotted decimal format can be replaced by mask-length, which is the
number of the consecutive "1" s in the mask.
interface-name: Specify the interface of the route. The packets that are sent to a NULL
interface, a kind of virtual interface, will be discarded immediately. Thus can decrease
the system load.
gateway-address: Specify the next hop IP address of the route.
preference-value: Preference level of the route in the range from 1 to 255.
reject: Indicate an unreachable route.
blackhole: Indicate a blackhole route.
1-15
Description
Using ip route-static command, you can configure a static route. Using undo ip
route-static command, you can delete the configured static route.
By default, the system can obtain the sub-net route directly connected with the router.
When configuring a static route, the default preference is 60. You can change the
default preference value of the static routes to be configured by using the command ip
route-static default-preference. If it is not specified as reject or blackhole, the route
will be reachable by default.
A static route is a special route. You can set up an interconnecting network with the
static route configuration. The problem for such configuration is when a fault occurs to
the network, the static route cannot change automatically to steer away from the node
causing the fault, if without the help of an administrator.
In a relatively simple network, you only need to configure the static routes to make the
router work normally. The proper configuration and usage of the static route can
improve the network performance and ensure the bandwidth of the important
applications.
All the following routes are static routes:
z Reachable route: A normal route is of this type. That is, the IP packet is sent to the
next hop via the route marked by the destination. It is a common type of static
routes.
z Unreachable route: When a static route to a destination has the "reject" attribute,
all the IP packets to this destination will be discarded, and the originating host will
be informed destination unreachable.
z Blackhole route: If a static route to a destination has the "blackhole" attribute, the
outgoing interface of this route is the Null 0 interface regardless of the next hop
address, and any IP packets addressed to this destination are dropped without
notifying the source host.
The attributes "reject" and "blackhole" are usually used to control the range of
reachable destinations of this router, and help troubleshooting the network.
Precautions when configuring static route:
z You cannot specify an interface address of the local switch as the next hop
address of an static route.
z In addition, when the destination IP address and the mask are both 0.0.0.0, it is the
configured default route. If it is failed to detect the routing table, a packet will be
forwarded along the default route.
z For different configuration of preference level, flexible routing management policy
can be adopted.
For the related commands, see display ip routing-table, delete static-routes all and
ip route-static default-preference.
1-16
Example
# Configure the next hop of the default route as 129.102.0.2.

[Quidway] ip route-static 0.0.0.0 0.0.0.0 129.102.0.2
1.2.2 ip route-static default-preference
Syntax
ip route-static default-preference default-preference-value

undo ip route-static default-preference
View
System view
Parameter
default-preference-value: The default preference value of static routes, which will be

the preference value of the static route if its preference is not specified when configured.
Its default value is 60.
Description
Using ip route-static default-preference command, you can configure the default

preference value of static routes. Using undo ip route-static default-preference
command, you can restore the default value.
A static route’s preference will be the default-preference-value set by this command if
its preference is not specified when configured by ip route-static command.
For the related commands, see display ip routing-table, ip route-static.
Example
# Configure the default preference of static routes as 120.

[Quidway] ip route-static default-preference 120
1-17
Quidway S3500 Series Ethernet Switches Chapter 2 RIP Configuration Commands
Chapter 2 RIP Configuration Commands
Note:
2.1 RIP Configuration Commands

2.1.1 checkzero
Syntax
checkzero
undo checkzero
View
RIP view
Parameter
None
Description
Using checkzero command, you can check the zero field of RIP-1 packet. Using undo
checkzero command, you can disable the checking of the zero fields.
By default, RIP-1 performs the zero field checking.
According to the protocol (RFC1058) specifications, some fields in RIP-1 packets must
be zero, called zero fields. With the checkzero command, the zero check operation of
RIP-1 can be enabled or disabled. During the zero check operation, if the RIP-1 packet
in which the zero fields are not zeros is received, it will be rejected.
This command is ineffective to RIP-2 since RIP-2 packets have no zero fields.
Example
# Configure not to perform zero check for RIP-1 packet.

[Quidway-rip] undo checkzero
2-1
2.1.2 default cost
Syntax
default cost value

undo default cost
View
RIP view
Parameter
value: the default routing cost to be set, ranging from 1 to 16. The default value is 1.
Description
Using default cost command, you can set the default routing cost of an imported route.
Using undo default cost command, you can restore the default value.
If no specific routing cost is specified when importing the route of another routing
protocol with the import-route command, the importing will be performed with the
default routing cost specified with the default cost command.
For the related commands, see import-route.
Example
# Set the default routing cost of the imported route of another routing protocol to 3.
[Quidway-rip] default cost 3
2.1.3 display rip
Syntax
display rip
View
Any view
Parameter
None
Description
Using display rip command, you can view the current RIP running state and its
configuration information.
Example
# Display the current running state and configuration information of the RIP.
2-2
<Quidway> display rip

RIP is turned on
public net VPN-Instance
Checkzero is on Default cost : 1
Summary is on Preference : 100
No peer router
Network :
10.0.0.0
Table 2-1 Description of information generated by the command display rip
Field Description
RIP is turned on RIP is active
Checkzero is on Enable zero field checking
Default cost : 1 The default route cost is 1
Summary is on Routes are summarized automatically
Preference : 100 The preference of RIP is 100

No peer router No destination address of a transmission is specified
Network : 10.0.0.0 Enable RIP on network segment 10.0.0.0
2.1.4 filter-policy export
Syntax
filter-policy { acl-number | ip-prefix ip-prefix-name | route-policy route-policy-name }

export [ routing-protocol ]
undo filter-policy { acl-number | ip-prefix ip-prefix-name | route-policy
route-policy-name } export [ routing-protocol ]
View
RIP view
Parameter
acl-number: Access control list number used for filtering the destination addresses of
the routing information.
ip-prefix-name: Name of address prefix list used for filtering the destination addresses
of the routing information.
route-policy-name: Route policy name that filters routing information. After enabling
RIP protocol, you can determine which routes are to be sent/received based on
acl/cost/interface/ip/ip-prefix/tag fields.
2-3
routing-protocol: Routing protocol whose routing information is to be filtered, including

direct, bgp, ospf, ospf-ase, ospf-nssa and static at present.
Description
Using filter-policy export command, you can configure to filter the advertised routing
information by RIP. Using undo filter-policy export command, you can configure not
to filter the advertised routing information.
By default, RIP does not filter the advertised routing information.
In some cases, it may be required that only the routing information meeting some
conditions can be advertised. Then, the filter-policy command can be used to set the
filtering conditions for the routing information to be advertised. Only the routing
information passing the filtration can be advertised.
For the related commands, see acl, filter-policy import, ip ip-prefix.
Example
# Filter the advertised route information according to ACL 2000.

[Quidway-rip] filter-policy 2000 export
2.1.5 filter-policy import
Syntax
filter-policy gateway ip-prefix-name import

undo filter-policy gateway ip-prefix-name import
filter-policy { acl-number | ip-prefix ip-prefix-name [ gateway ip-prefix-name ] |
route-policy route-policy-name } import
undo filter-policy { acl-number | ip-prefix ip-prefix-name [ gateway ip-prefix-name ] |
route-policy route-policy-name } import
View
RIP view
Parameter
gateway ip-prefix-name: Name of address prefix list used for filtering the addresses of
the neighboring routers advertising the routing information.
2-4
route-policy-name: Route policy name that filters routing information. After enabling
RIP protocol, you can determine which routes are to be sent/received based on
acl/cost/interface/ip/ip-prefix/tag fields.
Description
Using filter-policy gateway import command, you can configure to filter the received
routing information distributed from the specified address. Using undo filter-policy
gateway import command, you can configure not to filter the received routing
information distributed from the specified address.
Using filter-policy import command, you can configure the filtering to the received
global routing information. Using undo filter-policy import command, you can disable
filtering to the received global routing information
By default, RIP does not filter the received routing information.
For the related commands, see acl, filter-policy export, ip ip-prefix.
Example
# Configure the filtering of the global routing information according to acl 2000.
[Quidway-rip] filter-policy 2000 import
2.1.6 host-route
Syntax
host-route
undo host-route
View
RIP view
Parameter
None
Description
Using host-route command, you can control the RIP to accept the host route. Using
undo host-route command, you can reject the host route.
By default, RIP accepts the host route.
In some special cases, RIP receives a great number of host routes in the same network
segment. These routes cannot help the path searching much but occupy a lot of
resources. In this case, the undo host-route command can be used to reject a host
route.
2-5
Example
# Configure RIP to reject a host route.

[Quidway-rip] undo host-route
2.1.7 import-route
Syntax
import-route protocol [ cost value | route-policy route-policy-name ]*

undo import-route protocol
View
RIP view
Parameter
protocol: Specify the source routing protocol to be imported by RIP. At present, RIP can
import the following routes: direct, bgp, ospf, ospf-ase, ospf-nssa and static.
value: Cost value of the route to be imported.
route-policy route-policy-name: Configure to import the route matching the condition
of the specified Route-policy only.
Description
Using import-route command, you can import the routes of other protocols into RIP.
Using undo import-route command, you can cancel the routes imported from other
protocols.
By default, RIP does not import any other route.
The import-route command is used to import the route of another protocol by using a
certain cost value. RIP regards the imported route as its own route and transmits it with
the specified cost value. This command can greatly enhance the RIP capability of
obtaining routes, thus increases the RIP performance.
If the cost value is not specified, routes will be imported according to the default cost
ranging from 1 to 16. If the imported route cost value is 16, then RIP continues to
announce this cost to other routers running RIP, and marks this route with HOLDDOWN.
However, this router can still forward packets until the Garbage Collection timer times
out (defaults to 120 seconds).
For the related commands, see default cost.
Example
# Import a static route with cost 4.

[Quidway-rip] import-route static cost 4
2-6
# Set the default cost and import an OSPF route with the default cost.
[Quidway-rip] default cost 3
[Quidway-rip] import-route ospf
2.1.8 network
Syntax
network network-address
undo network network-address
View
RIP view
Parameter
network-address: Address of the network enabled/disabled. It can be the IP network

address of any interface.
Description
Using network command, you can enable Routing Information Protocol (RIP) for the
specified network connected to the router. Using undo network command, you can
disable the RIP on the interface.
By default, RIP is disabled on any interface.
After enabling RIP, RIP at a certain interface must be enabled with the network
command, since RIP works only on the interface of specified network segment. RIP
won’t receive or forward route on interfaces of non-specified network segments.
The undo network command is similar to the undo rip work command in terms of
function. But they are not identical. Their similarity is that the interface using either
command will not receive/transmit RIP routes. The difference between them is that, in
the case of undo rip work , other interfaces will still forward the routes of the interface
using the undo rip work command. In the case of undo network, other interfaces will
not forward the routes of the interface using this command and it seems that the
interface disappeared.
When the network command is used on an address, the effect is that the interface on
the network segment at this address is enabled. For example, the results of viewing the
network 129.102.1.1 with both the display current-configuration command and the
display rip command are shown as the network 129.102.0.0.
For the related commands, see rip work .
Example
# Enable the RIP on the interface with the network address as 129.102.0.0.
2-7
[Quidway-rip] network 129.102.0.0
2.1.9 peer
Syntax
peer ip-address
undo peer ip-address
View
RIP view
Parameter
ip-address: The interface IP address of the peer router, represented in the format of
dotted decimal.
Description
Using peer command, you can configure the sending destination address of the peer
device. Using undo peer command, you can cancel the set destination address.
By default, do not send RIP packet to any destination.
RIP exchanges routing information with non-broadcasting networks in unicast view.
This command specifies the sending destination address to fit some non-broadcast
networks. Usually, it is not recommended to use this command.
Example
# Specify the sending destination address 202.38.165.1.

[Quidway-rip] peer 202.38.165.1
2.1.10 preference
Syntax
preference value
undo preference
View
RIP view
Parameter
value: Preference level, ranging from 1 to 255. By default, the value is 100.
2-8
Description
Using preference command, you can configure the route preference of RIP. Using
undo preference command, you can restore the default preference.
Every routing protocol has its own preference. Its default value is determined by the
specific routing policy. The preference will finally determine the routing algorithm to
obtain the optimal route in the IP routing table. This command can be used to modify
the RIP preference manually.
Example
# Specify the RIP preference as 20.

[Quidway-rip] preference 20
2.1.11 reset
Syntax
reset
View
RIP view
Parameter
None
Description
Using reset command, you can reset the system configuration parameters of RIP.
When you need to re-configure parameters of RIP, this command can be used to
restore to the default setting.
Example
# Reset the RIP system.

[Quidway-rip] reset
2.1.12 rip
Syntax
rip
undo rip
View
system view
2-9
Parameter
None
Description
Using rip command, you can enable the RIP and enter the RIP view. Using undo rip
command, you can disable RIP.
By default, the system does not run RIP.
To enter the RIP view to configure various RIP global parameters, RIP should be
enabled first. Whereas the configuration of parameters related to the interfaces is not
restricted by enabling/disabling RIP.
Note:
Note that the interface parameters configured previously would be invalid when RIP is
disabled.
Example
# Enable the RIP and enter the RIP view.

[Quidway] rip
[Quidway-rip]
2.1.13 rip authentication-mode
Syntax
rip authentication-mode { simple password | md5 { type { usual | nonstandard } |

key-id key-id | key-string key-string } }
undo rip authentication-mode
View
Interface view
Parameter
simple: Simple text authentication mode.

password: Simple text authentication key.
md5: MD5 cipher text authentication mode.
usual: Specify the MD5 cipher text authentication packet to use the general packet
format (RFC1723 standard format).
2-10
nonstandard: Specify the MD5 cipher text authentication packet to use a nonstandard
packet format described in RFC2082.
key-id: MD5 cipher text authentication identifier, ranging from 1 to 255.
key-string: MD5 authentication key. If it is input in a plain text form, MD5 key is a
character string not exceeding 16 characters. And it will be displayed in a cipher text
form in a length of 24 characters when display current-configuration command is
executed. Inputting the MD5 key in a cipher text form with 24 characters long is also
supported.
Description
Using rip authentication-mode command, you can configure RIP-2 authentication

mode and its parameters. Using undo rip authentication-mode command, you can
cancel the RIP-2 authentication.
RIP-1 does not support authentication. There are two RIP authentication modes:
simple authentication and MD5 cipher text authentication for RIP-2 . When MD5 cipher
text authentication mode is used, there are two types of packet formats. One of them is
that described in RFC 1723, which was brought forward earlier. The other format is the
one described specially in RFC 2082. The router supports both of the packet formats
and the user can select either of them on demands.
For the related commands, see rip version.
Example
# Specify Interface Vlan-interface 1 to use the simple authentication with the key as
aaa.
[Quidway-Vlan-interface1] rip version 2
[Quidway-Vlan-interface1] rip authentication-mode simple aaa
# Set MD5 authentication at Vlan-interface 1 with the key string as aaa and the packet
type as usual.
[Quidway-Vlan-interface1] rip authentication-mode md5 usual aaa
2.1.14 rip input
Syntax
rip input
undo rip input
2-11
View
Interface view
Parameter
None
Description
Using rip input command, you can allow an interface to receive RIP packets. Using
undo rip input command, you can disable an interface to receive RIP packets.
By default, all interfaces except loopback interfaces are enabled to receive RIP
packets.
This command is used in cooperation with the other two commands: rip output and rip
work . Functionally, rip work is equivalent to rip input & rip output. The latter two
control the receipt and the transmission of RIP packets respectively on an interface.
The former command equals the functional combination of the latter two commands.
For the related commands, see rip output, rip work .
Example
# Specify Vlan-interface 1 not to receive RIP packets.

[Quidway-Vlan-interface1] undo rip input
2.1.15 rip metricin
Syntax
rip metricin value

undo rip metricin
View
Interface view
Parameter
value: Additional route metric added when receiving a packet, ranging from 0 to 16. By
default, the value is 0.
Description
Using rip metricin command, you can configure the additional route metric added to
the route when an interface receives RIP packets. Using undo rip metricin command,
you can restore the default value of this additional route metric.
For the related commands, see rip metricout.
2-12
Example
# Specify the additional route metric to 2 when the interface Vlan-interface 1 receives
RIP packets.
[Quidway-Vlan-interface1] rip metricin 2
2.1.16 rip metricout
Syntax
rip metricout value

undo rip metricout
View
Interface view
Parameter
value: Additional route metric added when transmitting a packet, ranging from 1 to 16.
Description
Using rip metricout command, you can configure the additional route metric to the
route when an interface transmits RIP packets. Using undo rip metricout command,
you can restore the default value of this additional route metric.
For the related commands, see rip metricin.
Example
# Set the additional route metric to 2 when the interface Vlan-interface 1 transmits RIP
packets.
[Quidway-Vlan-interface1] rip metricout 2
2.1.17 rip output
Syntax
rip output
undo rip output
View
Interface view
2-13
Parameter
None
Description
Using rip output command, you can allow an interface to transmit RIP packets to the
external. Using undo rip output command, you can disable an interface to transmit
RIP packets to the external.
By default, all interfaces except loopback interfaces are enabled to transmit RIP
packets to the external.
This command is used in cooperation with the other two commands: rip input and rip
work . Functionally, rip work is equivalent to rip input & rip output. The latter two
control the receipt and the transmission of RIP packets respectively on an interface.
The former command equals the functional combination of the latter two commands.
For the related commands, see rip input, rip work .
Example
# Disable the interface Vlan-interface 1 to transmit RIP packets.

[Quidway-Vlan-interface1] undo rip output
2.1.18 rip split-horizon
Syntax
rip split-horizon
undo rip split-horizon
View
Interface view
Parameter
None
Description
Using rip split-horizon command, you can configure an interface to use split horizon
when transmitting RIP packets. Using undo rip split-horizon command, you can
configure an interface not to use split horizon when transmitting RIP packets.
By default, an interface is enabled to use split horizon when transmitting RIP packets.
Normally, split horizon is necessary for reducing route loop. Only in some special cases,
split horizon should be disabled to ensure the correct execution of protocols.
2-14
Example
# Specify the interface Vlan-interface 1 not to use split horizon when processing RIP
packets.
[Quidway-Vlan-interface1] undo rip split-horizon
2.1.19 rip version
Syntax
rip version 1
rip version 2 [ broadcast | multicast ]
undo rip version
View
Interface view
Parameter
1: Interface version is RIP-1.

2: Interface version is RIP-2.
broadcast: Transmission mode of RIP-2 packet is broadcast.
multicast: Transmission mode of RIP-2 packet is multicast.
Description
Using rip version command, you can configure the version of RIP packets on an
interface. Using undo rip version command, you can restore the default value of RIP
packet version on the interface.
By default, the interface RIP version is RIP-1. RIP-1 transmits packets in broadcast
mode, while RIP-2 transmits packets in multicast mode by default.
When running RIP-1, the interface only receives and transmits RIP-1 broadcast
packets, and receives RIP-2 broadcast packets, but does not receive RIP-2 multicast
packets. When running RIP-2 in broadcast mode, the interface only receives and
transmits RIP-2 broadcast packets, receives RIP-1 packets and RIP-2 multicast
packets. When running RIP-2 in multicast mode, the interface only receives and
transmits RIP-2 multicast packets, receives RIP-2 broadcast packets, but does not
receive RIP-1 packets.
Example
# Configure the interface Vlan-interface 1 as RIP-2 broadcast mode.

[Quidway-Vlan-interface1] rip version 2 broadcast
2-15
2.1.20 rip work
Syntax
rip work
undo rip work
View
Interface view
Parameter
None
Description
Using rip work command, you can enable the running of RIP on an interface. Using
undo rip work command, you can disable the running of RIP on an interface.
By default, RIP is run on an interface.
This command is used in cooperation with rip input, rip output and network
commands. Refer to the usage guideline of the related commands.
For the related commands, see network, rip input, rip output.
Example
# Disable the interface Vlan-interface 1 to run the RIP.

[Quidway-Vlan-interface1] undo rip work
2.1.21 summary
Syntax
summary
undo summary
View
RIP view
Parameter
None
2-16
Description
Using summary command, you can configure to activate RIP-2 automatic route
summarization. Using undo summary command, you can disable RIP-2 automatic
route summarization.
By default, RIP-2 route summarization is used.
Route aggregation can be performed to reduce the routing traffic on the network as well
as to reduce the size of the routing table. RIP-1 does not support subnet mask.
Forwarding subnet route may cause ambiguity. Therefore, RIP-1 uses route
summarization all the time. If RIP-2 is used, route summarization function can be
disabled with the undo summary command, when it is necessary to broadcast the
subnet route.
For the related commands, see rip version.
Example
# Set RIP version on the interface Vlan-interface 1 as RIP-2 and disable the route
aggregation.
[Quidway-Vlan-interface1] quit
[Quidway] rip
[Quidway-rip] undo summary
2-17
Quidway S3500 Series Ethernet Switches Chapter 3 OSPF Configuration Commands
Chapter 3 OSPF Configuration Commands
Note:
3.1 OSPF Configuration Commands

3.1.1 abr-summary
Syntax
abr-summary ip-address mask [ advertise | not-advertise ]

undo abr-summary ip-address mask
View
OSPF Area view
Parameter
ip-address: Network segment address.

mask: Network mask.
advertise : Advertise only the summarized route.
not-advertise : Do not advertise routes matching the specified IP address and mask.
Description
Using abr-summary command, you can configure the route aggregation on the area
border router. Using undo abr-summary command, you can disable the function of
route aggregation on the area border router.
By default, the area border router doesn’t aggregate routes.
This command is applicable only to the area border router (ABR) and is used for the
route aggregation in an area. The ABR only transmits an aggregated route to other
areas. Route aggregation refers to that the routing information is processed in the ABR
and for each network segment configured with route aggregation, there is only one
route transmitted to other areas.
3-1
Example
# Aggregate the two network segments, 66.48.10.0 and 66.48.120.0, in OSPF area 1
into one summary route 66.48.0.0 and transmit it to other areas.
[Quidway-ospf] area 1
[Quidway-ospf-area-0.0.0.1] network 66.48.10.0 0.0.0.255
[Quidway-ospf-area-0.0.0.1] abr-summary 66.48.0.0 255.255.0.0
3.1.2 area
Syntax
area area-id
undo area area-id
View
OSPF view
Parameter
area-id: ID of the OSPF area, which can be a decimal integer or in IP address format.
Description
Using area command, you can enter OSPF Area view. Using undo area command,
you can cancel the designated area.
Example
# Enter OSPF Area 0 view.

[Quidway-ospf-area-0.0.0.0]
3.1.3 asbr-summary
Syntax
asbr-summary ip-address mask [ not-advertise | tag value ]

undo asbr-summary ip-address mask
View
OSPF view
Parameter
ip-address: Matched IP address.
3-2
mask: IP address mask in dotted decimal format.

not-advertise: Do not advertise routes matching the specified IP address and mask.
tag value: Tag value, which is mainly used to control advertisement of routes via
route-policy. It is in the range from 0 to 4294967295. If it is not specified, it is 1 by
default.
Description
Using asbr-summary command, you can configure summarization of imported routes

by OSPF. Using undo asbr-summary command, you can cancel the summarization.
By default, summarization of imported routes is disabled.
After the summarization of imported routes is configured, if the local router is an
autonomous system border router (ASBR), this command summarizes the imported
Type-5 LSAs in the summary address range. When NSSA is configured, this command
will also summarize the imported Type-7 LSAs in the summary address range.
If the local router acts as both an ABR and a router in the NSSA, this command
summarizes Type-5 LSAs transformed from Type-7 LSAs. If the router is not the router
in the NSSA, the summarization is disabled.
For the related commands, see display ospf asbr-summary.
Example
# Set summarization of Quidway imported routes.

[Quidway-ospf] asbr-summary 10.2.0.0 255.255.0.0 not-advertise
3.1.4 authentication-mode
Syntax
authentication-mode { simple | md5 }

undo authentication-mode
View
OSPF Area view
Parameter
simple: Use simple text authentication mode.

md5: Use MD5 cipher text authentication mode.
Description
Using authentication-mode command, you can configure one area of OSPF to

support the authentication attribute. Using undo authentication-mode command, you
can cancel the authentication attribute of this area.
3-3
By default, an area does not support authentication attribute.

All the routers in one area must use the same authentication mode (no authentication,
simple text authentication or MD5 cipher text authentication). If the mode of supporting
authentication is configured, all routers on the same segment must use the same
authentication key. To configure a simple text authentication key, use the ospf
authentication-mode simple command. And, use the ospf authentication-mode
md5 command to configure the MD5 cipher text authentication key if the area is
configured to support MD5 cipher text authentication mode.
For the related commands, see ospf authentication-mode.
Example
# Specify the OSPF area 0 to support MD5 cipher text authentication:

[Quidway-ospf-area-0.0.0.0] authentication-mode md5
3.1.5 default cost
Syntax
default cost value

undo default cost
View
OSPF view
Parameter
value: Default routing cost of external route imported by OSPF, ranging from 0 to
16777214. By default, its value is 1.
Description
Using default cost command, you can configure the default cost for OSPF to import
external routes. Using undo default cost command, you can restore the default value
of the default routing cost configured for OSPF to import external routes.
Since OSPF can import external routing information, whose routing cost can influence
routing selection and calculation, and propagate it to the entire autonomous system, it
is necessary to specify the default routing cost for the protocol to import external routes.
Example
# Specify the default routing cost for OSPF to import external routes as 10.
[Quidway-ospf] default cost 10
3-4
3.1.6 default interval
Syntax
default interval seconds

undo default interval
View
OSPF view
Parameter
seconds: Default interval for redistributing external routes. Its unit is second and the
value ranges from 1 to 2147483647. By default, the interval for OSPF to import external
routes is 1 second.
Description
Using default interval command, you can configure the default interval for OSPF to
import external routes. Using undo default interval command, you can restore the
default value of the default interval of redistributing external routes.
Because OSPF can import the external routing information and broadcast it to the
entire autonomous system, and importing routes too often will greatly affect the
performances of the device, it is necessary to specify the default interval for the
protocol to import external routes.
Example
# Specify the default interval for OSPF to import external routes as 10 seconds.
[Quidway-ospf] default interval 10
3.1.7 default limit
Syntax
default limit routes

undo default limit
View
OSPF view
Parameter
routes: Default value to the imported external routes in a unit time, ranging from 200 to
2147483647. By default, the value is 1000.
3-5
Description
Using default limit command, you can configure the default value of maximum number
of imported routes. Using undo default limit command, you can restore the default
value.
OSPF can import external routing information and advertise them to the whole AS.
Importing too much external routes once will greatly affect the performances of the
device.
For the related commands, see default interval.
Example
# Specify the default value of OSPF imported external routes as 200.

[Quidway-ospf] default limit 200
3.1.8 default tag
Syntax
default tag tag

undo default tag
View
OSPF view
Parameter
tag: Default tag, ranging from 0 to 4294967295.
Description
Using default tag command, you can configure the default tag of OSPF when it
redistributes an external route. Using undo default tag command, you can restore the
default tag of OSPF when it redistributes the external route.
When OSPF imports a route found by other routing protocols in the router and uses it
as the external routing information of its own autonomous system, some additional
parameters are required, including the default cost and the default tag of the route.
For the related commands, see default type.
Example
# Set the default tag of OSPF imported external route of the autonomous system as 10.
[Quidway-ospf] default tag 10
3-6
3.1.9 default type
Syntax
default type { 1 | 2 }
undo default type
View
OSPF view
Parameter
type 1: External routes of type 1.

type 2: External routes of type 2.
Description
Using default type command, you can configure the default type when OSPF
redistributes external routes. Using undo default type command, you can restore the
default type when OSPF redistributes external routes.
By default, the external routes of type 2 are imported.
OSPF specifies the two types of external routing information. The command described
in this section can be used to specify the default type when external routes are
imported.
For the related commands, see default tag.
Example
# Specify the default type as type 1 when OSPF imports an external route.
[Quidway-ospf] default type 1
3.1.10 default-cost
Syntax
default-cost value
undo default-cost
View
OSPF Area view
Parameter
value: Specify the cost value of the default route transmitted by OSPF to the STUB or
NSSA area, ranging from 0 to 16777214. The default value is 1.
3-7
Description
Using default-cost command, you can configure the cost of the default route
transmitted by OSPF to the STUB or NSSA area. Using undo default-cost command,
you can restore the cost of the default route transmitted by OSPF to the STUB or NSSA
area to the default value.
For the related commands, see stub, nssa.
Example
# Set the area 1 as the STUB area and the cost of the default route transmitted to this
STUB area to 60.
[Quidway-ospf-area-0.0.0.1] stub
[Quidway-ospf-area-0.0.0.1] default-cost 60
3.1.11 default-route-advertise
Syntax
default-route-advertise [ always | cost value | type type-value | route-policy

route-policy-name ]*
undo default-route-advertise [ always | cost | type | route-policy ]*
View
OSPF view
Parameter
always: The parameter will generate an ase lsa which describes the default route and
advertise it if the local router is not configured with the default route. If this parameter is
not set, the local router cannot import the ase lsa, which generates the default route
only when it is configured with the default route.
cost value: the cost value of this ase lsa. The metric-value ranges from 0 to 16777214.
If the parameter is not configured, the default value is 1.
type value: cost type of this ase lsa. It ranges from 1 to 2. If the parameter is not
configured, the default value is 2.
route-policy route-policy-name: if the default route match the route-policy specified by
route-policy-name, route-policy will affect the value in ase lsa. The length of
route-policy-name parameter ranges from 1 to 16 character string.
3-8
Description
Using default-route-advertise command, you can import default route to OSPF route
area. Using undo default-route-advertise command, you can cancel the import of
default route.
By default, OSPF does not import default route.
The import-route command cannot import the default route. To import the default route
to the route area, this command must be used. When local router is not configured with
default route, the keyword always should be used by ase lsa to generate default route.
For the related commands, see import-route.
Example
# If local route has no default route, the ase lsa of default route will be generated,
otherwise it won’t be generated.
[Quidway-ospf] default-route-advertise
# The ase lsa of default route will be generated and advertised to OSPF route area
even the local router has no default route.
[Quidway-ospf] default-route-advertise always
3.1.12 display debugging ospf
Syntax
display debugging ospf
View
Any view
Description
Using the display debugging ospf command, you can view the debugging states of
global OSPF and all processes.
For related commands, see debugging ospf.
Example
# Display the debugging states of global OSPF and all processes.

<Quidway> display debugging ospf
OSPF EVENT debugging switch is on
3.1.13 display ospf abr-asbr
Syntax
display ospf abr-asbr
3-9
View
Any view
Parameter
None
Description
Using display ospf abr-asbr command, you can view the information about the ABR
and ASBR of OSPF.
Example
# Display the information of the OSPF area border routers and autonomous system
border routers.
<Quidway> display ospf abr-asbr
Routing Table to ABR and ASBR
I = Intra i = Inter A = ASBR B = ABR S = SumASBR
Destination Area Cost Nexthop Interface
IA 2.2.2.2 0.0.0.0 10 10.153.17.89 Vlan-interface1
Table 3-1 Description of information generated by the command display ospf

abr-asbr
Field Description
Destination Router ID of the ABR or ASBR
Area Area where the router is connected with ASBR

Cost The routing overhead value of the route
Nexthop Nexthop address to the destination
Interface The local output interface
3.1.14 display ospf asbr-summary
Syntax
display ospf asbr-summary [ ip-address mask ]
View
Any view
Parameter
ip-address: Matched IP address in dotted decimal format.

mask: IP address mask in dotted decimal format.
3-10
Description
Using display ospf asbr-summary command, you can view the summary information
of OSPF imported route.
If the parameters are not set, the summary information of all OSPF imported routes will
be displayed.
For the related commands, see asbr-summary .
Example
# Display the summary information of all OSPF imported routes.

<Quidway> display ospf asbr-summary
Total summary address count: 2
Summary Address
net : 168.10.0.0
mask : 255.254.0.0
tag : 1
status : Advertise
The Count of Route is 0
Summary Address
net : 1.1.0.0
mask : 255.255.0.0
tag : 100
status : DoNotAdvertise
The Count of Route is 0

asbr-summary
Field Description
net Destination network segment
mask Mask
tag Tag
Status information, including two values:
The summary routing information to the network
DoNotAdvertise
status segment will not be advertised
The summary routing information to the network

Advertise
segment will be advertised
3-11
3.1.15 display ospf brief
Syntax
display ospf brief
View
Any view
Parameter
None
Description
Using display ospf brief command, you can view the main summary of OSPF.
Example
# Display the OSPF summary.

<Quidway> display ospf brief
RouterID: 10.110.95.189 Border Router: Area AS
spf-schedule-interval: 5
Routing preference: Inter/Intra: 10 External: 150
Default ASE parameters: Metric: 1 Tag: 0.0.0.1 Type: 2
SPF computation count: 16
Area Count: 1 Nssa Area Count: 0
Area 0.0.0.0:
Authtype: none Flags: <>
SPF scheduled: <>
Interface: 201.1.1.4 (Vlan-interface1)
Cost: 1 State: DR Type: Broadcast
Priority: 1
Designated Router: 201.1.1.4
Backup Designated Router: 201.1.1.3
Timers: Hello 10, Dead 40, Poll 0, Retransmit 5, Transmit Delay 1
Table 3-3 Description of information generated by the command display ospf brief
Field Description
RouterID Router ID of the router
Border routers for connection to the area, including
Border Router autonomous system border router (ASBR) and area
border router (ABR)
spf-schedule-interval Interval of SPF schedule
3-12
Field Description
Authtype Authentication type of OSPF
Routing preference of OSPF. The internal route of OSPF
includes intra/inter area route, and its default routing
Routing preference
preference is 10. While that of the external route of OSPF
is 150 by default
Default ASE Default ASE parameters of OSPF, including metric, type

parameters and tag
SPF computation
SPF computation count since OSPF is enabled
count
Area Count Areas for connection to this router

Nssa Area Count Number of NSSA areas
SPF scheduled SPF scheduled (flag)
Interface Interface name belonging to this area
Cost Cost of routes
State State information

Type Network type of OSPF interface
Priority Priority
Designated Router IP address of designated router (DR)

Backup Designated
IP address of backup designated router (BDR)
Router
OSPF timers, defining as follows:

Hello Interval of hello packet
Timers Dead Interval of dead neighbors
Poll Interval of poll
Retransmit Interval of retransmitting LSA
Transmit Delay Delay time of transmitting LSA
3.1.16 display ospf cumulative
Syntax
display ospf cumulative
View
Any view
3-13
Parameter
None
Description
Using display ospf cumulative command, you can view the OSPF cumulative
information.
Example
# Display the OSPF cumulative information.

<Quidway> display ospf cumulative
IO Statistics
Type Input Output
Hello 38 88
DB Description 4 3
Link-State Req 1 1
Link-State Update 6 7
Link-State Ack 6 5
ASE: 3 Checksum Sum: 195FC
LSAs originated by this router
Router: 11 Net: 2 SumNet: 5 SumASB: 3 ASE: 2
LSAs Originated: 23 LSAs Received: 5
Area 0.0.0.0:
Neighbors: 1 Interfaces: 1
Spf: 4 Checksum Sum 19260
rtr: 2 net: 1 sumasb: 0 sumnet: 1
Area 0.0.0.1:
Neighbors: 0 Interfaces: 1
Spf: 4 Checksum Sum DFC0
rtr: 1 net: 0 sumasb: 1 sumnet: 1
Routing Table:
Intra Area: 2 Inter Area: 0 ASE: 0

cumulative
Field Description
Type Type of input/output OSPF packet
IO Statistics Input Number of received packets
Output Number of transmitted packets
3-14
Field Description
ASE Number of all ASE LSAs
checksum sum Checksum of ASE LSA
originated Number of originated LSAs
LSAs Number of received LSAs generated by other
received
routers
Router Number of all Router LSAs
SumNet Number of all Sumnet LSAs
SumASB Number of all SumASB LSAs
Neighbors Number of neighbors in this area
Interfaces Number of interfaces in this area
Area Spf Number of SPF computation count in this area
rtr, net, sumasb,
Number of all LSAs in this area
sumnet
Intra Area Number of intra-area routes
Routing Table Inter Area Number of inter-area routes
ASE Number of external routes
3.1.17 display ospf error
Syntax
display ospf error
View
Any view
Parameter
None
Description
Using display ospf error command, you can view the OSPF error information.
Example
# Display the OSPF error information.

<Quidway> display ospf error
OSPF packet error statistics:
0: IP: received my own packet 0: OSPF: wrong packet type
3-15
0: OSPF: wrong version 0: OSPF: wrong checksum

0: OSPF: wrong area id 0: OSPF: area mismatch
0: OSPF: wrong virtual link 0: OSPF: wrong authentication type
0: OSPF: wrong authentication key 0: OSPF: too packet small
0: OSPF: packet size > ip length 0: OSPF: transmit error
0: OSPF: interface down 0: OSPF: unknown neighbor
0: HELLO: netmask mismatch 0: HELLO: hello timer mismatch
0: HELLO: dead timer mismatch 0: HELLO: extern option mismatch
0: HELLO: router id confusion 0: HELLO: virtual neighbor unknown
0: HELLO: NBMA neighbor unknown 0: DD: neighbor state low
0: DD: router id confusion 0: DD: extern option mismatch
0: DD: unknown LSA type 0: LS ACK: neighbor state low
0: LS ACK: wrong ack 0: LS ACK: duplicate ack
0: LS ACK: unknown LSA type 0: LS REQ: neighbor state low
0: LS REQ: empty request 0: LS REQ: wrong request
0: LS UPD: neighbor state low 0: LS UPD: newer self-generate LSA
0: LS UPD: LSA checksum bad 0: LS UPD: received less recent LSA
0: LS UPD: unknown LSA type 0: OSPF routing: next hop not exist
0: DD: MTU option mismatch
Table 3-5 Description of information generated by the command display ospf error
Field Description
IP: received my own packet Received my own packet
OSPF: wrong packet type OSPF packet type error

OSPF: wrong version OSPF version error
OSPF: wrong checksum OSPF checksum error
OSPF: wrong area id OSPF area ID error
OSPF: area mismatch OSPF area mismatch
OSPF: wrong virtual link OSPF virtual link error
OSPF: wrong authentication
OSPF authentication type error
type
OSPF: wrong authentication

OSPF authentication key error
key
OSPF: too small packet OSPF packet too small

OSPF: packet size > ip length OSPF packet size exceeds IP packet length
OSPF: transmit error OSPF transmission error
OSPF: interface down OSPF interface is down, unavailable
OSPF: unknown neighbor OSPF neighbors are unknown
HELLO: netmask mismatch Network mask mismatch
3-16
Field Description
HELLO: hello timer mismatch Interval of HELLO packet is mismatched
HELLO: dead timer mismatch Interval of dead neighbor packet is mismatched
HELLO: extern option
Extern option of Hello packet is mismatched
mismatch
HELLO: router id confusion Hello packet: Router ID confusion

HELLO: virtual neighbor
Hello packet: unknown virtual neighbor
unknown
HELLO: NBMA neighbor
Hello packet: unknown NBMA neighbor
unknown
Database description (DD) packet: asynchronous
DD: neighbor state low
neighbor state
DD: unknown LSA type DD packet: unknown LSA type
Link state acknowledgment (LS ACK) packet:

LS ACK: neighbor state low
asynchronous neighbor state
LS ACK: wrong ack Link state acknowledgment packet: ack error
Link state acknowledgment packet: ack
LS ACK: duplicate ack
duplication
Link state acknowledgment packet: unknown LSA

LS ACK: unknown LSA type
type
LS REQ: neighbor state low Link state request (LS REQ) packet
LS REQ: empty request Link state request packet: empty request
LS REQ: wrong request Link state request packet: erroneous request

Link state update packet: asynchronous neighbor
LS UPD: neighbor state low
state
LS UPD: newer self-generate Link state update packet: newer LSA generated by
LSA itself
LS UPD: LSA checksum bad Link state update packet: LSA checksum error
LS UPD:received less recent
Link state update packet: received less recent LSA
LSA
LS UPD: unknown LSA type Link state update packet: unknown LSA type
OSPF routing: next hop not
Next hop of OSPF routing does not exist
exist
DD: MTU option mismatch MTU option of DD packet is mismatched
3-17
3.1.18 display ospf interface
Syntax
display ospf interface [ interface-type interface-number ]
View
Any view
Parameter
interface-type interface-number: Specify an interface.
Description
Using display ospf interface command, you can view the OSPF interface information.
Example
# Display the OSPF interface information of Vlan-interface1.

<Quidway> display ospf interface vlan-interface 1
Interface: 10.110.10.2 (Vlan-interface1)
Cost: 1 State: BackupDR Type: Broadcast
Priority: 1
Designated Router: 10.110.10.1
Backup Designated Router: 10.110.10.2

interface
Field Description
Cost Cost of the interface
State State of the interface state machine
Type Network type of OSPF
Priority Priority of DR for interface election
Designated Router DR on the network in which the interface resides
Backup Designated Router BDR on the network in which the interface resides
3-18
Field Description
3.1.19 display ospf lsdb
Syntax
display ospf [ area-id ] lsdb [ brief | [ asbr | ase | network | nssa | router | summary ]
[ ip-address ] [ originate-router ip-address | self-originate ] ]
View
Any view
Parameter
area-id: ID of the OSPF area, which can be a decimal integer or in IP address format.
brief: View brief database information.
asbr: View the database information of summary-Asbr-LSA.
ase: View the database information of AS-external-LSA.
network: View the database information of Network-LSA
nssa: View the database information of NSSA-external-LSA
router: View the database information of Router-LSA
summary: View the database information of Summary-Net-LSA
ip-address: Link state ID in IP address format.
originate-router ip-address: View the database information of the LSA generator.
self-originate: View the database information of self-originated LSA.
Description
Using display ospf lsdb command, you can view the database information about
OSPF connecting state.
Example
# Display the database information about OSPF connecting state.

<Quidway> display ospf lsdb
Link State Database
Area: 0.0.0.0
Type LinkState ID AdvRouter Age Len Sequence Metric Where
Rtr 2.2.2.2 2.2.2.2 465 36 8000000c 0 SpfTree
Rtr 1.1.1.1 1.1.1.1 449 36 80000004 0 SpfTree
Net 10.153.17.89 2.2.2.2 465 32 80000004 0 SpfTree
3-19
SNet 10.153.18.0 1.1.1.1 355 28 80000003 10 Inter List

Area: 0.0.0.1
Rtr 1.1.1.1 1.1.1.1 449 36 80000004 0 SpfTree
Rtr 3.3.3.3 3.3.3.3 429 36 8000000a 0 Clist
Net 10.153.18.89 3.3.3.3 429 32 80000003 0 SpfTree
SNet 10.153.17.0 1.1.1.1 355 28 80000003 10 Inter List
ASB 2.2.2.2 1.1.1.1 355 28 80000003 10 SumAsb List
AS External Database:
ASE 10.153.18.0 1.1.1.1 1006 36 80000002 1 Ase List
ASE 10.153.16.0 2.2.2.2 798 36 80000002 1 Uninitialized
ASE 10.153.17.0 2.2.2.2 623 36 80000003 1 Uninitialized
ASE 10.153.17.0 1.1.1.1 1188 36 80000002 1 Ase List
Table 3-7 Description of information generated by the command display ospf lsdb
Field Description
Type Type of the LSA
LinkStateID Link state ID of the LSA

AdvRouter Router ID of the router originating the LSA
Age Age of the LSA
Len Length of the LSA

Sequence Sequence number of the LSA
Metric Cost from the router originating the LSA to LSA destination
Where location of the LSA
<Quidway> display ospf lsdb ase

Link State Data Base
type : ASE
ls id : 2.2.0.0
adv rtr: 1.1.1.1
ls age: 349
len: 36
seq#: 80000001
chksum: 0xfcaf
Options: (DC)
Net mask:255.255.0.0
Tos 0 metric: 1
E type : 2
Forwarding Address: 0.0.0.0
3-20
Tag: 1
Table 3-8 Description of information generated by the command display ospf lsdb
ase
Field Description
type Type of the LSA
ls id Link state ID of the LSA
adv rtr Router ID of the router originating the LSA
ls age Age of the LSA
len Length of the LSA
seq# Sequence number of the LSA
chksum Checksum of the LSA
Options Options of the LSA

Net mask Network mask
E type Type of external route
Forwarding Address Forwarding address

Tag Tag
3.1.20 display ospf nexthop
Syntax
display ospf nexthop
View
Any view
Parameter
None
Description
Using display ospf nexthop command, you can view the information about the
next-hop
Example
# Display the OSPF next-hop information.

<Quidway> display ospf nexthop
Next hops:
3-21
Address Type Refcount Intf Addr Intf Name

---------------------------------------------------------------------
202.38.160.1 Direct 3 202.38.160.1 Vlan-interface2
202.38.160.2 Neighbor 1 202.38.160.1 Vlan-interface2

nexthop
Field Description
Address Address of next hop
Type Type of next hop
Reference count of the next hop, i.g., number of routes using the
Refcount
next hop
Intf Addr IP address of the interface to the next hop

Intf Name The interface to the next hop
3.1.21 display ospf peer
Syntax
display ospf peer [ brief ]
View
Any view
Parameter
None
Description
Using display ospf peer command, you can view the information about OSPF peer.
Using display ospf peer brief command, you can view the brief information of every
peer in OSPF, mainly the peer number at all states in every area.
Example
# View the information of OSPF peer.

<Quidway> display ospf peer
Area 0.0.0.0 interface 10.153.17.88(Vlan-interface1)'s neighbor(s)
RouterID: 2.2.2.2 Address: 10.153.17.89
State: Full Mode: Nbr is Master Priority: 1
DR: 10.153.17.89 BDR: 10.153.17.88
Dead timer expires in 31s
3-22
Neighbor has been up for 01:14:14
Table 3-10 Description of information generated by the command display ospf peer
Field Description
RouterID Router ID of neighbor router
Address of the interface, through which neighbor router
Address
communicates with the router
State State of adjacency relation

Master/Slave mode formed by negotiation in exchanging
Mode
DD packet
Priority Priority of DR/BDR for neighbor election

DR IP address of the interface of elected DR
BDR IP address of the interface of elected BDR
Dead timer expires in If no hello packet received from the peer within this
31s interval, the peer will be considered to be invalid.
Neighbor has been up

Time of neighbor connection
for 01:14:14
# View the brief information of every peer.

<Quidway> display ospf peer brief
Neighbor Statistics
Area ID Down Attempt Init 2-Way ExStart Exchange Loading Full Total
0.0.0.0 0 0 0 0 0 0 0 1 1
0.0.0.1 0 0 0 0 0 0 0 1 1
Total 0 0 0 0 0 0 0 2 2
Table 3-11 Description of information generated by the command display ospf peer
brief
Field Description
Area ID Area ID
Initial state for OSPF to establish neighbor relation, which indicates that
Down OSPF router does not receive the message from a certain neighbor
router within a period of time
It is enabled in NBMA environment, such as Frame Relay, X.25 or

ATM. It indicates that OSPF router does not receive the message from
Attempt a certain neighbor router within a period of time, but still attempts to
send Hello packet to the adjacent routers for their communications with
a lower frequency.
3-23
Field Description
It indicates that OSPF router has received Hello packet from a neighbor
router, but its IP address is not contained in the Hello packet.
Init
Therefore, a two-way communication between them has not been
established.
It indicates that a two-way communication between OSPF router and

2-Way neighbor router has been established. DR and BDR can be selected in
this state (or higher state).
In this state, the router determines the sequence number of initial
ExStart database description (DD) packet used for data exchange, so that it
can obtain the latest link state information
It indicates that OSPF router sends DD packet to its neighbor routers to
Exchange
exchange link state information
In this state, OSPF router requests neighbor routers based on the

Loading updated link state information from neighbor routers and its expired
information, and waits for response from neighbor routers
It indicates that database synchronization between the routers that

Full have established neighbor relation has been completed, and their link
state databases have been consistent
3.1.22 display ospf request-queue
Syntax
display ospf request-queue
View
Any view
Parameter
None
Description
Using display ospf request-queue command, you can view the information about the
OSPF request-queue.
Example
# Display the information of OSPF request-queue.

<Quidway> display ospf request-queue
The Router's Neighbors is
Interface: 1.1.1.3 Area: 0.0.0.0
LSID:1.1.1.3 AdvRouter:1.1.1.3 Sequence:80000017 Age:35
3-24

request-queue
Field Description
Address of the interface, through which neighbor routers
Address
communicate with the router
Interface Address of the interface on the network segment
Area Area number of OSPF
LSID:1.1.1.3 Link State ID of the LSA
Sequence number of the LSA, used to discover old and repeated

Sequence
LSAs
Age Age of the LSA
3.1.23 display ospf retrans-queue
Syntax
display ospf retrans-queue
View
Any view
Parameter
None
Description
Using display ospf retrans-queue command, you can view the information about the
OSPF retransmission queue.
Example
# Display the information of OSPF retransmission queue.

<Quidway> display ospf retrans-queue
Retransmit List
The Router's Neighbors is

Interface: 103.169.2.5 Area: 0.0.0.1
Retrans list:
Type: ASE LSID:129.11.77.0 AdvRouter:103.160.1.1
3-25
Type: ASE LSID:129.11.108.0 AdvRouter:103.160.1.1

retrans-queue
Field Description
Address of the interface, through which neighbor routers
Address
communicate with the router
Interface Address of the interface on the network segment

Area Area number of OSPF
Type Type of the LSA
LSID Link State ID of the LSA

3.1.24 display ospf routing
Syntax
display ospf routing
View
Any view
Parameter
None
Description
Using display ospf routing command, you can view the information about OSPF
routing table.
Example
# View the routing information related to OSPF.

<Quidway> display ospf routing
Routing for Network
Destination Cost Type NextHop AdvRouter Area
10.110.0.0/16 1 Net 10.110.10.1 1.1.1.1 0
10.10.0.0/16 1 Stub 10.10.0.1 3.3.3.3 0
Total Nets: 2
Intra Area: 2 Inter Area: 0 ASE: 0 NSSA: 0
3-26

routing
Field Description
Destination Destination network segment
Cost Cost of route
Type Type of route
NextHop Next hop of route
AdvRouter Router ID of the router advertising the route
Area Area ID
Intra Area Number of intra-area routes
Inter Area Number of inter-area routes
ASE Number of external routes
NSSA Number of NSSA routes
3.1.25 display ospf vlink
Syntax
display ospf vlink
View
Any view
Parameter
None
Description
Using display ospf vlink command, you can view the information about OSPF virtual
links.
Example
# View OSPF virtual links information.

<Quidway> display ospf vlink
Virtual-link Neighbor-id -> 2.2.2.2, State: Full
Cost: 0 State: Full Type: Virtual
Transit Area: 0.0.0.2
3-27
Table 3-15 Description of information generated by the command display ospf vlink
Field Description
Virtual-link
Router ID of virtual-link neighbor router
Neighbor-id
State State
Interface IP address the interface on the virtual link
Cost Route cost of the interface
Type Type: virtual link
ID of transit area that the virtual link passes, and it cannot be
Transit Area
backbone area, STUB area and NSSA area

Syntax
filter-policy { acl-number | ip-prefix ip-prefix-name } export [ routing-protocol ]

undo filter-policy { acl-number | ip-prefix ip-prefix-name} export [ routing-protocol ]
View
OSPF view
Parameter
acl-number: Access control list number.

ip-prefix-name: Name of the address prefix list.
routing-protocol: Protocol advertising the routing information, including direct, bgp, rip
and static at present.
Description
Using filter-policy export command, you can configure the rule of OSPF filtering the
advertised routing information. Using undo filter-policy export command, you can
cancel the filtering rules that have been set.
By default, no filtering of the distributed routing information is performed.
3-28
For the related commands, see acl, ip ip-prefix.
Example
# Configure ospf only advertises the routing information permitted by acl 2000.
[Quidway-ospf] filter-policy 2000 export
Syntax
filter-policy { acl-number | ip-prefix ip-prefix-name | gateway ip-prefix-name } import

undo filter-policy { acl-number | ip-prefix ip-prefix-name | gateway ip-prefix-name }
import
View
OSPF view
Parameter
gateway ip-prefix-name: Name of address prefix list used for filtering the addresses of
the neighboring routers advertising the routing information.
Description
Using filter-policy import command, you can configure the OSPF rules of filtering the
routing information received. Using undo filter-policy import command, you can
cancel the filtering of the routing information received.
By default, no filtering of the received routing information is performed.
conditions can be received. Then, the filter-policy command can be used to set the
filtering conditions for the routing information to be received. Only the routing
information passing the filtration can be received.
3-29
Example
# Filter the received routing information according to the rule defined by the access
control list 2000.
[Quidway-ospf] filter-policy 2000 import
3.1.28 import-route
Syntax
import-route protocol [ cost value | type value | tag value | route-policy

View
OSPF view
Parameter
protocol: Specify the source routing protocol that can be imported. At present, it
includes direct, rip, bgp and static.
cost value: Specify the cost of imported route.
type value: Specify the cost type of imported external routes. The value ranges from 1
to 2. The default value is 2.
tag value: Specify the value of tag for imported external routes.
route-policy route-policy-name: Configure only to import the routes matching the
specified Route-policy.
Description
Using import-route command, you can import the information of another routing
protocol. Using undo import-route command, you can cancel the imported external
routing information.
By default, the routing information of other protocols is not imported.
Note:
You are recommended to configure the route type, cost and tag together in one
command; otherwise, the new configuration overwrites the old one.
3-30
Example
# Specify an imported RIP route as the route of type 2, with the route tag as 33 and the
route cost as 50.
[Quidway-ospf] import-route rip type 2 tag 33 cost 50
3.1.29 network
Syntax
network ip-address ip-mask

undo network ip-address ip-mask
View
OSPF Area view
Parameter
ip-address: Address of the network segment where the interface locates.

ip-mask: IP address wildcard shielded text (similar to the complement of the IP address
mask).
Description
Using network command, you can configure the interface running OSPF protocol to
which the interface belongs. Using undo network command, you can cancel the
interface running OSPF.
By default, the interface does not belong to any area.
With the two parameters, ip-address and ip-mask, one or more interfaces can be
configured as an area. To run the OSPF protocol on one interface, the master IP
address of this interface must be in the range of the network segment specified by this
command. If only the slave IP address of the interface is in the range of the network
segment specified by this command, this interface will not run OSPF protocol.
For the related commands, see ospf.
Example
# Specify the interfaces whose master IP addresses are in the segment range of
10.110.36.0 to run the OSPF protocol and specify the number of the OSPF area (where
these interfaces are located) as 6.
[Quidway-ospf-area-0.0.0.6] network 10.110.36.0.0 0.0.0.255
3-31
3.1.30 nssa
Syntax
nssa [ default-route-advertise ] [ no-import-route ] [ no-summary ]

undo nssa
View
OSPF Area view
Parameter
default-route-advertise: Import default route to NSSA area.

no-import-route: Configure not to import route to NSSA area.
no-summary: ABR is disabled to transmit summary_net LSAs to the NSSA area.
Description
Using nssa command, you can configure the type of an OSPF area as NSSA area.
Using undo nssa command, you can cancel the function.
By default, NSSA area is not configured.
For all the routers connected to the NSSA area, the command nssa must be used to
configure the area as the NSSA attribute.
The default-route-advertise parameter is used to generate default type-7 LSA. No
matter whether there is route 0.0.0.0 in routing table on ABR, type-7 LSA default route
will be generated always. Only when there is route 0.0.0.0 in routing table on ASBR, will
type-7 LSA default route be generated.
On ASBR, the no-import-route parameter enables the external route imported by
OSPF through import-route command not to be advertised to NSSA area.
Example
# Configure area 1 as NSSA area.

[Quidway-ospf-area-0.0.0.1] nssa
3.1.31 ospf
Syntax
ospf
undo ospf
3-32
View
System view
Parameter
None
Description
Using ospf command, you can enable the OSPF protocol. Using undo ospf command,
you can disable the OSPF protocol.
After starting OSPF protocol, the user can make the corresponding configuration under
the OSPF protocol view.
By default, the system does not run the OSPF protocol.
For the related commands, see network.
Example
# Enable the running of the OSPF protocol.

[Quidway] router id 10.110.1.8
[Quidway] ospf
[Quidway-ospf]
3.1.32 ospf authentication-mode
Syntax
ospf authentication-mode { simple password | md5 key-id key }

undo ospf authentication-mode { simple | md5 }
View
Interface view
Parameter
simple password: Character string not exceeding 8 characters using plain text
authentication.
key-id: ID of the authentication key in MD5 authentication mode in the range from 1 to
255.
key: MD5 authentication key. If it is input in a plain text form, MD5 key is a character
string not exceeding 16 characters. And it will be displayed in a cipher text form in a
length of 24 characters when display current-configuration command is executed.
Inputting the MD5 key in a cipher text form with 24 characters is also supported.
3-33
Description
Using ospf authentication-mode command, you can configure the authentication

mode and key between adjacent routers. Using undo ospf authentication-mode
command, you can cancel the authentication key that has been set.
By default, the interface does not authenticate the OSPF packets.
The passwords for authentication keys of the routers on the same network segment
must be identical. In addition, using authentication-mode command, you can set the
authentication type of the area so as to validate the configuration.
For the related commands, see authentication-mode.
Example
# Set the area 1 where the network segment 131.119.0.0 of Interface Vlan-interface 1 is
located to support MD5 cipher text authentication. The authentication key identifier is
set to 15 and the authentication key is Huawei.
[Quidway-ospf-area-0.0.0.1] authentication-mode md5
[Quidway-Vlan-interface1] ospf authentication-mode md5 15 Huawei
3.1.33 ospf cost
Syntax
ospf cost value

undo ospf cost
View
Interface view
Parameter
value: Cost for running OSPF protocol, ranging from 1 to 65535.
Description
Using ospf cost command, you can configure different message sending costs so as
to send messages from different interfaces. Using undo ospf cost command, you can
restore the default costs.
For S3500 series switches,the default cost for running OSPF protocol of on the VLAN
interface is 10.
Example
# Specify the cost spent when an interface runs OSPF as 33.
3-34

[Quidway-Vlan-interface1] ospf cost 33
3.1.34 ospf dr-priority
Syntax
ospf dr-priority value

undo ospf dr-priority
View
Interface view
Parameter
value: Interface priority for electing the "designated router", ranging from 0 to 255. The
default value is 1.
Description
Using ospf dr-priority command, you can configure the priority for electing the
"designated router" on an interface. Using undo ospf dr-priority command, you can
restore the default value.
The priority of the interface determines the qualification of the interface when the
"designated router" is elected. The interface with higher priority will be considered first
when the vote collision occurs.
Example
# Set the priority of the interface Vlan-interface 1 to 8, when electing the DR.
[Quidway-Vlan-interface1] ospf dr-priority 8
3.1.35 ospf mtu-enable
Syntax
ospf mtu-enable
undo ospf mtu-enable
View
Interface view
Parameter
None.
3-35
Description
Using ospf mtu-enable command, you can enable the interface to write MTU value
when sending DD packets. Using undo ospf mtu-enable command, you can restore
the default settings.
By default, The MTU value is 0 when sending DD packets, i.e. the actual MTU value of
the interface is not written.
Database Description (DD) packets are used to describe its own LSDB when the router
running OSPF protocol is synchronizing the database.
The default MTU value of DD packet is 0. With this command, the specified interface
can be set manually to write the MTU value area in DD packets when sending DD
packets, i.e. the actual MTU value of the interface is written in.
Example
# Set interface Vlan-interface 3 to write MTU value area when sending DD packets.
[Quidway-Vlan-interface3] ospf mtu-enable
3.1.36 ospf network-type
Syntax
ospf network-type { broadcast | nbma | p2mp | p2p }

undo ospf network-type
View
Interface view
Parameter
broadcast: Change the interface network type to broadcast.

nbma: Change the interface network type to NBMA.
p2mp: Change the interface network type to p2mp.
p2p: Change the interface network type to point-to-point.
Description
Using ospf network-type command, you can configure the network type of OSPF
interface. Using undo ospf network-type command, you can restore the default
network type of the OSPF interface.
OSPF divides networks into four types by link layer protocol:
z Broadcast: If Ethernet or FDDI is adopted, OSPF defaults the network type to
broadcast.
3-36
z Non-Broadcast Muli-access (nbma): If Frame Relay, ATM, HDLC or X.25 is

adopted, OSPF defaults the network type to NBMA.
z Point-to-Multipoint (p2mp): OSPF will not default the network type of any link layer
protocol to p2mp. The general undertaking is to change a partially connected
NBMA network to p2mp network if the NBMA network is not fully-meshed.
z Point-to-point (p2p): If PPP, LAPB or POS is adopted, OSPF defaults the network
type to p2p.
NBMA means that a network is non-broadcast and multi-accessible. ATM is a typical
example for it. The user can configure the polling interval to specify the interval of
sending polling hello packets before the adjacency of the neighboring routers is formed.
Configure the interface type to nonbroadcast on a broadcast network without
multi-access capability.
Configure the interface type to p2mp if not all the routers are directly accessible on an
NBMA network.
Change the interface type to p2p if the router has only one peer on the NBMA network.
Note: When the network type of an interface is NBMA or it is changed to NBMA
manually, the peer command must be used to configure the neighboring point.
For the related commands, see ospf dr-priority.
Example
# Set the interface Vlan-interface 1 to NBMA type.

[Quidway-Vlan-interface1] ospf network-type nbma
3.1.37 ospf timer dead
Syntax
ospf timer dead seconds

undo ospf timer dead
View
Interface view
Parameter
seconds: Dead interval of the OSPF neighbor. It is in second and ranges from 1 to
65535.
3-37
Description
Using ospf timer dead command, you can configure the dead interval of the OSPF
peer. Using undo ospf timer dead command, you can restore the default value of the
dead interval of the peer.
By default, the dead interval for the OSPF peers of p2p and broadcast interfaces are
40 seconds, and for those of p2mp and nbma interfaces is 120 seconds.
The dead of OSPF peers means that within this interval, if no Hello message is
received from the peer, the peer will be considered to be invalid. The value of dead
seconds should be at least 4 times of that of the Hello seconds. The dead seconds for
the routers on the same network segment must be identical.
For the related commands, see ospf timer hello.
Example
# Set the peer dead on the interface Vlan-interface 1 to 80 seconds.

[Quidway-Vlan-interface1] ospf timer dead 80
3.1.38 ospf timer hello
Syntax
ospf timer hello seconds

undo ospf timer hello
View
Interface view
Parameter
seconds: Interval in seconds for an interface to transmit hello packet. It ranges from 1 to
255.
Description
Using ospf timer hello command, you can configure the interval for transmitting Hello
messages on an interface. Using undo ospf timer hello command, you can restore
the interval to the default value.
By default, the interval is 10 seconds for an interface of p2p or broadcast type to
transmit Hello messages, and 30 seconds for an interface of nbma or p2mp type.
For the related commands, see ospf timer dead.
3-38
Example
# Configure the interval of transmitting Hello messages on the interface Vlan-interface

1 to 20 seconds.
[Quidway-Vlan-interface1] ospf timer hello 20
3.1.39 ospf timer poll
Syntax
ospf timer poll seconds

undo ospf timer poll
View
Interface view
Parameter
seconds: Specifies the poll Hello interval, ranging from 1 to 65535 and measured in
seconds. The default value is 40 seconds.
Description
Using ospf timer poll command, you can configure the poll Hello packet interval on
NBMA and p2mp network. Using undo ospf timer poll command, you can restore the
default poll interval.
On the NBMA and p2mp network, if a neighbor is invalid, the Hello packet will be
transmitted regularly according to the poll seconds. You can configure the poll
seconds to specify how often the interface transmits Hello packet before it establishes
adjacency with the adjacent router. Poll seconds should be no less than 3 times of
Hello.
Example
# Configure to transmit poll Hello packet from interface Vlan-interface 2 every 120
seconds.
[Quidway-Vlan-interface2] ospf timer poll 120
3.1.40 ospf timer retransmit
Syntax
ospf timer retransmit interval

undo ospf timer retransmit
3-39
View
Interface view
Parameter
interval: Interval in second for re-transmitting LSA on an interface. It ranges from 1 to

65535. The default value is 5 seconds.
Description
Using ospf timer retransmit command, you can configure the interval for LSA
re-transmitting on an interface. Using undo ospf timer retransmit command, you can
restore the default interval value for LSA re-transmitting on the interface.
If a router running OSPF transmits a "link state advertisement" (LSA) to the peer, it
needs to wait for the acknowledgement packet from the peer. If no acknowledgement is
received from the peer within the LSA retransmit, this LSA will be re-transmitted. This
command can change the interval of re-transmitting LSA. However, according to
RFC2328, the LSA retransmit between adjacent routers should not be set too short.
Otherwise, unexpected re-transmission will be caused.
Example
# Specify the retransmit for LSA transmitting between the interface Vlan-interface 1 and
the adjacent routers to 12 seconds.
[Quidway-Vlan-interface1] ospf timer retransmit 12
3.1.41 ospf trans-delay
Syntax
ospf trans-delay value

undo ospf trans-delay
View
Interface view
Parameter
value: Transmitting delay of LSA on an interface. It ranges from 1 to 3600. By default,

the value is 1 second.
Description
Using ospf trans-delay command, you can configure the LSA transmitting delay on an
interface. Using undo ospf trans-delay command, you can restore the default value of
the LSA transmitting delay on an interface.
3-40
LSA will age in the "link state database" (LSDB) of the router as time goes by (add 1 for
every second), but it will not age during network transmission. Therefore, it is
necessary to add a period of time set by this command to the aging time of LSA before
transmitting it.
Example
# Specify the trans-delay of transmitting LSA on the interface Vlan-interface 1 as 3

seconds.
[Quidway-Vlan-interface1] ospf trans-delay 3
3.1.42 peer
Syntax
peer ip-address [ dr-priority dr-priority-number ]

undo peer ip-address
View
OSPF view
Parameter
ip-address : IP address of the neighboring point.

dr-priority-number: Priority value represents the corresponding priority value of the
network neighbor. The range is from 0 to 255. The default value is 1.
Description
Using peer command, you can configure the neighboring point if a router is connected
to a network of NBMA type. Using undo peer command, you can cancel the configured
neighboring point.
Example
# Configure the IP address of neighboring router as 10.1.1.1.

[Quidway-ospf] peer 10.1.1.1
3.1.43 preference
Syntax
preference [ ase ] value

undo preference [ ase ]
3-41
View
OSPF view
Parameter
value: OSPF protocol route preference, ranging from 1 to 255.

ase: Indicate the preference of an imported external route of the AS.
Description
Using preference command, you can configure the preference of an OSPF protocol
route. Using undo preference command, you can restore the default value of the
OSPF protocol route.
By default, the preference of an OSPF protocol internal route is 10 and the preference
of an external route is 150.
Because multiple dynamic routing protocols could be running on a router, there is the
problem of routing information sharing among routing protocols and selection.
Therefore, a default preference is specified for each routing protocol. When a route is
identified by different protocols, the protocol with a high preference will play a decisive
role.
Example
# Specify the preference of an imported external route of the AS as 160.

[Quidway-ospf] preference ase 160
3.1.44 reset ospf
Syntax
reset ospf { all | statistics }
View
User view
Parameter
statistics: Reset OSPF statistics.

all: Reset all OSPF processes.
Description
Using reset ospf all command, you can reset all the OSPF process.
The reset ospf all command can be used to reset the OSPF process and the following
results are expected:
z Clear invalid LSA immediately without waiting for LSA timeout.
3-42
z If the Router ID changes, a new Router ID will take effect by executing the
command.
z Re-elect DR and BDR conveniently.
z OSPF configuration before the restart will not lose.
The system will require the user to confirm whether to re-enable the OSPF protocol
after execution of the command.
Example
# Reset all the OSPF processes.

<Quidway> reset ospf all
3.1.45 router id
Syntax
router id router-id
undo router id
View
System view
Parameter
router-id: Router ID that is a 32-bit unsigned integer.
Description
Using router id command, you can configure the ID of a router running the OSPF
protocol. Using undo router id command, you can cancel the router ID that has been
set.
By default, if the LoopBack interface address exists, the system chooses the LoopBack
address with the greatest IP address value as the router ID; if no LoopBack interface
configured, then the address of the physical interface with the greatest IP address
value will be the router ID.
Router ID is a 32-bit unsigned integer that uniquely identifies a router in an OSPF
autonomous system. The user can specify the ID for a router. If the user doesn’t specify
router ID, the router will automatically select one from configured IP address as the ID
of this router. If no IP address is configured for any interface of the router, the router ID
must be configured in OSPF view. Otherwise, OSPF protocol cannot be enabled.
When the router ID is configured manually, the IDs of any two routers cannot be same
in the autonomous system. So, the IP address of certain interface might as well be
selected as the ID of this router.
3-43
Note:
The modified router ID will not be valid unless OSPF is re-enabled.
For the related commands, see ospf.
Example
# Set the router ID to 10.1.1.3.

[Quidway] router id 10.1.1.3
3.1.46 silent-interface
Syntax
silent-interface silent-interface-type silent-interface-number

undo silent-interface silent-interface-type silent-interface-number
View
OSPF view
Parameter
silent-interface-type: Specify the interface type

silent-interface-number: Specify the interface number.
Description
Using silent-interface command, you can disable an interface to transmit OSPF

packet. Using undo silent-interface command, you can restore the default setting.
By default, the interface is enabled to transmit OSPF packet.
You can use this command to disable an interface to transmit OSPF packet, so as to
prevent the router on some network from receiving the OSPF routing information. On a
switch, this command can disable/enable the specified VLAN interface to send OSPF
packets
Example
# Disable interface Vlan-interface 2 to transmit OSPF packet.

[Quidway-ospf] silent-interface Vlan-interface 2
3-44
3.1.47 snmp-agent trap enable ospf
Syntax
snmp-agent trap enable ospf [ ifstatechange | virifstatechange | nbrstatechange |

virnbrstatechange | ifcfgerror | virifcfgerror | ifauthfail | virifauthfail | ifrxbadpkt |
virifrxbadpkt | txretransmit | viriftxretransmit | originatelsa | maxagelsa |
lsdboverflow | lsdbapproachoverflow ]
undo snmp-agent trap enable ospf [ ifstatechange | virifstatechange |
nbrstatechange | virnbrstatechange | ifcfgerror | virifcfgerror | ifauthfail |
virifauthfail | ifrxbadpkt | virifrxbadpkt | txretransmit | viriftxretransmit |
originatelsa | maxagelsa | lsdboverflow | lsdbapproachoverflow ]
View
System view
Parameter
process-id: Process ID of OSPF. The command is applied to all current OSPF

processes if you do not specify a process ID.
ifstatechange, virifstatechange, nbrstatechange, virnbrstatechange, ifcfgerror,
virifcfgerror, ifauthfail, virifauthfail, ifrxbadpkt, virifrxbadpkt, txretransmit,
viriftxretransmit, originatelsa, maxagelsa, lsdboverflow, lsdbapproachoverflow:
Types of TRAP packets that the switch produces in case of OSPF anomalies.
Description
Using the snmp-agent trap enable ospf command, you can enable the OSPF TRAP
function. Using the undo snmp-agent trap enable ospf command, you can disable
the OSPF TRAP function.
This command cannot be applied to the OSPF processes that are started after the
command is executed.
By default, the switch does not send TRAP packets in case of OSPF anomalies.
For detailed configuration of SNMP TRAP, refer to the module “System Management"
in this manual.
Example
# Enable the TRAP function for OSPF process 100.

[Quidway] snmp-agent trap enable ospf 100
3-45
3.1.48 spf-schedule-interval
Syntax
spf-schedule-interval interval
undo spf-schedule-interval
View
OSPF view
Parameter
interval: SPF calculation interval of OSPF, which is in second in the range of 1 to 10.
The default value is 5 seconds.
Description
Using spf-schedule-interval command, you can configure the route calculation

interval of OSPF. Using undo spf-schedule-interval command, you can restore the
default setting.
According to the Link State Database (LSDB), the router running OSPF can calculate
the shortest path tree taking itself as the root and determine the next hop to the
destination network according to the shortest path tree. By adjusting SPF calculation
interval, network frequently changing can be restrained, which may lead to that too
many bandwidth resources and router resources will be used.
Example
# Set the OSPF route calculation interval of Quidway to 6 seconds.

[Quidway-ospf] spf-schedule-interval 6
3.1.49 stub
Syntax
stub [ no-summary ]
undo stub
View
OSPF Area view
Parameter
no-summary: ABR is disabled to transmit Summary LSAs to the STUB area.
3-46
Description
Using stub command, you can configure the type of an OSPF area as “stub”. Using
undo stub command, you can cancel the settings.
By default, no area is set to be the STUB area.
If the router is an ABR, it will send a default route to the connected stub area . Using
default-cost command, you can configure the default route cost.
For the related commands, see default-cost.
Example
# Set the type of OSPF area 1 to the STUB area.

[Quidway-ospf-area-0.0.0.1] stub
3.1.50 vlink-peer
Syntax
vlink-peer router-id [ hello seconds | retransmit seconds | trans-delay seconds |

dead seconds | simple password | md5 keyid key ]*
undo vlink-peer router-id
View
OSPF Area view
Parameter
route-id: Router ID of virtual link peer.

hello seconds: Interval that router transmits hello packet. It ranges from 1 to 8192
seconds. This value must equal the hello seconds value of the router virtually linked to
the interface. The default value is 10 seconds,
retransmit seconds: Specify the interval for re-transmitting the LSA packets on an
interface. It ranges from 1 to 8192 seconds. The default value is 5 seconds.
trans-delay seconds: Specify the interval for delaying transmitting LSA packets on an
interface. It ranges from 1 to 8192 seconds. By default, the value is 1 second.
dead seconds: Specify the interval of death timer. It ranges from 1 to 8192 seconds.
This value must equal the dead seconds of the router virtually linked to it and must be
at least 4 times of the hello seconds. The default value is 40 seconds.
simple password: Specify the simple text authentication password, not exceeding 8
characters, of the interface. This value must equal the authentication key of the virtually
linked peer.
3-47
keyid: Specify the MD5 authentication key ID. Its value ranges from 1 to 255. It must be
equal to the authentication key ID of the virtually linked peer.
key: Specify the MD5 authentication key. If it is input in a plain text form, the key is a
character string not exceeding 16 characters. And it will be displayed in a cipher text
form in a length of 24 characters when display current-configuration command is
executed. Inputting the MD5 key in a cipher text form with 24 characters is also
supported.
Description
Using vlink-peer command, you can create and configure a virtual link. Using undo
vlink-peer command, you can cancel an existing virtual link.
According to RFC2328, the OSPF area should be connected with the backbone
network. You can use vlink-peer command to keep the connectivity. Virtual link can be
regarded as a common interface that uses OSPF so that you can easily understand
why to configure the parameters such as hello, retransmit, and trans-delay on it.
One thing should be mentioned. When configuring virtual link authentication,
authentication-mode command is used to set the authentication mode as MD5 cipher
text or simple text on the backbone network.
For the related commands, see authentication-mode, display ospf.
Example
# Create a virtual link to 10.110.0.3 and use the MD5 cipher authentication mode.
[Quidway-ospf] area 10.0.0.0
[Quidway-ospf-area-10.0.0.0] vlink-peer 10.110.0.3 md5 3 345
3-48
Quidway S3500 Series Ethernet Switches Chapter 4 BGP Configuration Commands
Chapter 4 BGP Configuration Commands
Note:
4.1 BGP Configuration Commands
Note:
For the commands defining routing policies in BGP, refer to the “Routing Policy" of the
next chapter.
4.1.1 aggregate
Syntax
aggregate address mask [ as-set | attribute-policy route-policy-name |

detail-suppressed | origin-policy route-policy-name | suppress-policy
undo aggregate address mask [ as-set | attribute-policy route-policy-name |
detail-suppressed | origin-policy route-policy-name | suppress-policy
View
BGP view
Parameter
address: Address of the aggregated route.

mask: Network mask of the aggregated route.
as-set: Create a route with segment of AS_SET.
4-1
detail-suppressed: Only advertise the aggregated route.

suppress-policy route-policy-name: Suppress the specific route selected.
origin-policy route-policy-name: Select the originate routes used for aggregation.
attribute-policy route-policy-name: Set the attributes of the aggregated route.
Description
Using aggregate command, you can establish an aggregated record in the BGP
routing table. Using undo aggregate command, you can disable the function.
By default, there is no route aggregation.
The keywords is explained as follows:
Table 4-1 The use of the keywords
keywords use
Used to produce an aggregated route whose AS path
information includes detailed routes. Use this keyword
as-set
carefully when many AS paths need to be aggregated, for the
frequent change of routes may lead to route vibration.
This keyword does not establish any aggregated route, but it

restrains the advertisement of all the specific routes. If only
detail-suppressed
some specific routes are to be restrained, use the peer
filter-policy command carefully.
Create an aggregated route with this keyword, at the same

time, the advertisement of the specified route is restrained. If
suppress-policy you want to restrain some specific routes selectively and
leaves other routes still being advertised, use the if-match
sub-statement of the route-policy command.
select only the specific routes that are in accordance with

origin-policy
route-policy to create an aggregated route.
set aggregated route attributes. The same work can be done

attribute-policy
by using peer route-policy, etc.
Example
# Create an aggregated record in BGP routing table.

[Quidway-bgp] aggregate 168.328.0.0 255.255.0.0
4.1.2 bgp
Syntax
bgp as-number
undo bgp [as-number ]
4-2
View
system view
Parameter
as-number: The specified local AS number.
Description
Using bgp command, you can enable BGP and enter the BGP view. Using undo bgp
command, you can disable BGP.
By default, the system does not run BGP.
This command is used to enable and disable BGP as well as to specify the local AS
number of BGP.
Example
# Enable BGP.
[Quidway] bgp 100
[Quidway-bgp]
4.1.3 compare-different-as-med
Syntax
compare-different-as-med
undo compare-different-as-med
View
BGP view
Parameter
None
Description
Using compare-different-as-med command, you can enable comparison of MED

values from different AS neighboring routes when determining the best route. Using
undo compare-different-as-med command, you can disable the comparison.
By default, it is disabled to compare the MED attribute values from the routing paths of
different AS peers.
If there are several routes available to one destination address, the route with smaller
MED parameter can be selected as the final route item.
Do not use this command unless it is determined that the same IGP and routing
selection mode are adopted by different autonomous systems.
4-3
Example
[Quidway-bgp] compare-different-as-med
4.1.4 confederation id
Syntax
confederation id as-number
undo confederation id
View
BGP view
Parameter
as-number: The ID of BGP AS confederation. It is equal to the AS number which

contains the AS numbers of multiple sub-ASs. The range is 1 to 65535.
Description
Using confederation id command, you can configure confederation identifier. Using

undo confederation id command, you can cancel the BGP confederation specified by
as-number parameter.
By default, the confederation ID is not configured.
Confederation can be adopted to solve the problem of too many IBGP full connections
in a large AS domain. The solution is, first dividing the AS domain into several smaller
sub-ASs, and each sub-ASs remains full-connected. These sub-ASs form a
confederation. Key BGP attributes of the route, such as next hop, MED, local
preference, are not discarded across each sub-ASs. The sub-ASs still look like a whole
from the point of view of a confederation although these sub-ASs have EBGP relations.
This can assure the integrality of the former AS domain, and ease the problem of too
many connections in the domain
For the related commands, see confederation nonstandard, confederation peer-as.
Example
# Confederation 9 consists of four sub-ASs, namely, 38, 39, 40 and 41. Here, the peer
10.1.1.1 is an internal member of the AS confederation while the peer 200.1.1.1 is an
external member of the AS confederation. For external members, Confederation 9 is a
unified AS domain.
[Quidway] bgp 41
[Quidway-bgp] confederation id 9
[Quidway-bgp] confederation peer-as 38 39 40
[Quidway-bgp] group Confed38 external
[Quidway-bgp] peer Confed38 as-number 38
4-4
[Quidway-bgp] peer 10.1.1.1 group Confed38

[Quidway-bgp] group Remote98 external
[Quidway-bgp] peer Remote98 as-number 98
[Quidway-bgp] peer 200.1.1.1 group Remote98
4.1.5 confederation nonstandard
Syntax
confederation nonstandard
undo confederation nonstandard
View
BGP view.
Parameter
None
Description
Using confederation nonstandard command, you can configure the router to be

compatible with routers not following RFC1965. Using undo confederation
nonstandard command, you can disable this function.
By default, it is in accordance with RFC1965.
For the related commands, see confederation id, confederation peer-as.
Example
# AS100 contains routers following nonstandard, which is composed of two sub-ASs,

64000 and 65000.
[Quidway] bgp 64000
[Quidway-bgp] confederation id 100
[Quidway-bgp] confederation peer-as 65000
[Quidway-bgp] confederation nonstandard
4.1.6 confederation peer-as
Syntax
confederation peer-as as-number-1 [... as-number-n ]

undo confederation peer-as [ as-number-1 ] [... as-number-n ]
View
BGP view
4-5
Parameter
as-number-1...as-number-n: Sub-AS number. The range is 1 to 65535. This command

can configure a maximum of 32 Sub-ASs belonging to a confederation.
Description
Using confederation peer-as command, you can configure a confederation consisting

of which Sub-ASs. Using undo confederation peer-as command, you can delete the
specified Sub-AS in the confederation.
By default, no autonomous system is configured as a member of the confederation.
Before this command is performed, the confederation ID should be configured by the
confederation id command. Otherwise this configuration is invalid. The configured
ASs in this command are inside the confederation and each AS uses fully meshed
network. The confederation appears as a single AS to the routers outside it.
For the related commands, see confederation nonstandard, confederation id.
Example
# Configure the confederation contains AS 2001 and 2002.

[Quidway-bgp]confederation peer-as 2000 2001
4.1.7 dampening
Syntax
dampening [ half-life-reachable half-life-unreachable reuse suppress ceiling ]

[ route-policy policy-name ]
undo dampening
View
BGP view
Parameter
half-life-reachable: Specify the semi-dampening when the route is reachable. The

range is 1 to 45 minutes. By default, the value is 15 minutes.
half-life-unreachable: Specify the semi-dampening when the route is unreachable. The
range is 1 to 45 minutes. By default, the value is 15 minutes.
reuse: The penalty value of a route when it start to be reused. The range is 1 to 20000.
suppress: The penalty threshold of a route when it start to be suppressed. The range is
1 to 20000. By default, the value is 2000.
4-6
ceiling: The upper threshold of the penalty. The range is 1001 to 20000. By default, the
value is 16000.
policy-name: Configure route policy name.
If the parameters are not set, the BGP route attenuation is valid and each parameter is
taken as the default value. The parameters are mutually dependent. Once configure
any parameter, all other parameters should also be specified.
Description
Using dampening command, you can make BGP route attenuation valid or modify
various BGP route attenuation parameters. Using undo dampening command, you
can make the characteristics invalid.
By default, no route attenuation is configured.
For the related commands, see reset bgp dampening, reset bgp flap-info, display
bgp routing-table dampened, display bgp routing-table flap-info.
Example
[Quidway-bgp] dampening 15 15 1000 2000 10000
4.1.8 debugging bgp
Syntax
debugging bgp { all | event | normal | { keepalive | open | packet | route-refresh |

update } [ receive | send ] [ verbose ] }
undo debugging bgp { all | event | normal | keepalive | open | packet |
route-refresh | update }
View
User view
Parameter
all: Indicating to enable all BGP information debugging.

event: Indicating to enable BGP event information debugging.
normal: Indicating to enable information debugging of BGP normal functions.
keepalive: Indicating to enable BGP Keepalive packet information debugging.
open: Indicating to enable BGP Open packet information debugging.
packet: Indicating to enable BGP packet information debugging.
route-refresh: Indicating to enable BGP route-refresh packet information debugging.
update: Indicating to enable BGP Update packet information debugging.
receive: Information of receiving packets.
4-7
send: Information of sending packets.

verbose: Detailed information.
Description
Using debugging bgp all command, you can enable all the information debugging of
BGP packet and events.
Using debugging bgp event command, you can enable the information debugging of
BGP events
Using debugging bgp keepalive command, you can enable the information
debugging of BGP Keepalive packets.
Using debugging bgp packet command, you can enable the information debugging of
BGP packets.
Using undo debugging bgp command, you can disable the debugging functions.
Example
# Enable the information debugging of BGP packets.

<Quidway> debugging bgp packet
4.1.9 default local-preference
Syntax
default local-preference value

undo default local-preference
View
BGP view
Parameter
value: Default local preference to be configured. The range is 0 to 4294967295. By

default, its value is 100.
Description
Using default local-preference command, you can configure the default local
preference. Using undo default local-preference command, you can restore the
default value.
Configuring different local preferences will affect BGP routing selection. When a router
running BGP gets routes with the same destination address but different next hops
through different internal peers, it will select the route of highest local preference to this
destination.
4-8
Example
# The two routers RTA and RTB in the same autonomous area use X.25 and Frame
Relay protocols separately to connect with external autonomous areas. The command
can be used to configure the default local preference of RTB as 180 so that the route
via RTB is selected first when the same route goes through RTA and RTB at the same
time.
[Quidway-bgp]default local-preference 180
4.1.10 default med
Syntax
default med med-value

undo default med
View
BGP view.
Parameter
med-value: MED value to be specified. The range is 0 to 4294967295. By default, the

med-value is 0.
Description
Using default med command, you can configure the default system metric. Using
undo default med command, you can restore the default metric of the system.
In the case that all other conditions are the same, the system first selects the route with
the smaller MED value as the external route of the autonomous system.
Example
# Routers RTA and RTB belong to AS100 and router RTC belongs to AS200. RTC is
the peer of RTA and RTB. The network between RTA and RTC is X.25 network and the
network between RTB and RTC is Ethernet. So the MED of RTA can be configured as
25 to allow RTC to select the route transmitted by RTB first.
[Quidway-bgp] default med 25
4.1.11 display bgp group
Syntax
display bgp group [ group-name ]
View
Any view
4-9
Parameter
group-name: Specified a peer group.
Description
Using display bgp group command, you can view the information of peer groups.
Example
# View the information of the peer group aaa.

<Quidway> display bgp group aaa
group : er no as-number still
members in this group :
1.1.1.1
configuration within the group :
no export policy route-policy
no export policy filter-policy
no export policy acl
no export policy ip-prefix
no import policy route-policy
no import policy filter-policy
no import policy acl
no import policy ip-prefix
no default route produce
Table 4-2 Description of information generated by the command display bgp group
Field Description
Group Name of peer group
type Type of peer group: IBGP or EBGP
as-number AS number of peer group
members in this group Members in this peer group
route-policy Name of configured route policy
filter-policy Configured export and import route filter for BGP
acl Configured access control list
ip-prefix Configured IP address prefix list
4.1.12 display bgp network
Syntax
display bgp network
4-10
View
Any view
Parameter
None
Description
Using display bgp network command, you can view the routing information that has
been configured.
Example
# Display the routing information that has been configured.

<Quidway> display bgp network
Network Mask Route-policy
--------------------------------------------------------
133.1.1.0 255.255.255.0 None
112.1.0.0 255.255.0.0 None
Table 4-3 Description of information generated by the command display bgp network
Field Description
Network Network address
Mask Mask
Route-policy Configured route policy
4.1.13 display bgp paths
Syntax
display bgp paths as-regular-expression
View
Any view
Parameter
as-regular-expression: Matched AS path regular expression.
Description
Using display bgp paths command, you can view the information about AS paths
4-11
Example
# Display the information about the AS paths.

<Quidway> display bgp paths 500
Id Hash-index References Aggregator Origin As-Path
---------------------------------------------------
3 214 1 <null> INC 500
Table 4-4 Description of information generated by the command display bgp paths
Field Description
Id Value of sequence number
Hash-Index Value of Hash-index
References Number of routes with reference
Aggregator Mask length of aggregate route
Origin attribute of route, which indicates that the route updates its
origin relative to the route originating it from AS. It has three
optional values:
The route belongs to inside of AS. BGP treats
IGP aggregate route and the route defined by the command
network as inside of AS, and origin type as IGP.
Origin
The route is learned from exterior gateway protocol
EGP
(EGP).
Short for INCOMPLETE: indicates that the original
source of the route information is unknown (learned by
INC
other methods). BGP sets the origin of the route
imported through other IGP protocols as INCOMPLETE
AS-path attribute of route, which records all AS areas that the
As-path
route passes. With it, route loop can be avoided
4.1.14 display bgp peer
Syntax
display bgp peer peer-address verbose

display bgp peer [ verbose ]
View
Any view
Parameter
peer-address: Specify the peer to be displayed.
4-12
Description
Using display bgp peer command, you can view the information about BGP peers.
Example
# Display the detail information of the peer 10.110.25.20.

<Quidway> display bgp peer 10.110.25.20 verbose
Peer: 1.1.1.1 Local: 1.1.1.1
Type: External
State: Active Flags: <>
Last State: Idle Last Event: Start
Last Error: Open Message Error
Options: <>
Configuration within the peer :

no export policy route-policy
no export policy ip-prefix
no export policy filter-policy
no export policy acl
no import policy route-policy
no import policy ip-prefix
no import policy filter-policy
no import policy acl
no default route produce
Table 4-5 Description of information generated by the command display bgp peer
verbose
Field Description
IP address of peer and port number used by the peer to establish TCP
Peer
connection
IP address and port number used to establish TCP connection of local

Local
end
Type Type of peer: Internal for IBGP, and External for EBGP
State State of peer
Flags Flags of peer

Last State Last state before entering current state
Last Event Last event of neighbor state machine
Last Error Last error of neighbor state machine

Options Options
4-13
4.1.15 display bgp routing-table
Syntax
display bgp routing-table [ ip-address [ mask ] ]
View
Any view
Parameter
ip-address: Destination of the network.

mask: Mask of the network.
Description
Using display bgp routing-table command, you can view all the BGP routing
information.
Example
# Display all the BGP routing information.

<Quidway> display bgp routing-table
Flags: # - valid, ^ - best,
D - damped, H - history,
I - internal, S – aggregate suppressed
Dest/Mask Next-hop Med Local-pref Origin As-path

-----------------------------------------------------------------------
#^ 129.1.1.0/24 5.5.5.5 IGP 600
#^ 129.1.2.0/24 5.5.5.5 IGP 600
#^ 129.1.3.0/24 5.5.5.5 IGP 600
#^ 129.1.4.0/24 5.5.5.5 IGP 600
#^ 129.1.5.0/24 5.5.5.5 IGP 600
#^ 129.1.6.0/24 5.5.5.5 IGP 600
#^ 129.1.7.0/24 5.5.5.5 IGP 600
#^ 129.1.8.0/24 5.5.5.5 IGP 600
#^ 129.1.9.0/24 5.5.5.5 IGP 600
#^ 129.1.10.0/24 5.5.5.5 IGP 600
4-14
Table 4-6 Description of information generated by the command display bgp

routing-table
Field Description
State flags:
# - valid (valid)
^ - best (selected)
Flags D – damped (discarded)
H – history (history)
I – internal (interior gateway protocol)
S - aggregate suppressed (suppressed)
Dest/Mask Destination address/Mask
Next Hop IP address of next hop
MULTI_EXIT_DISC attribute value, which ranges from 0 to
Med
4294967295
Local-Pref Local preference, which ranges from 0 to 4294967295
origin relative to the route originating it from AS. It has three
optional values:
The route belongs to inside of AS. BGP treats aggregate

IGP route and the route defined by the command network as
Origin inside of AS, and origin type as IGP.
EGP The route is learned from exterior gateway protocol (EGP).

Short for INCOMPLETE: indicates that the original source
of the route information is unknown (learned by other
INC
methods). BGP sets the origin of the route imported
through other IGP protocols as INCOMPLETE
AS-path attribute of route, which records all AS areas that the route
As-path
passes. With it, route loop can be avoided
4.1.16 display bgp routing-table as-path-acl
Syntax
display bgp routing-table as-path-acl acl-number
View
Any view
Parameter
acl-number: Specify matched AS path list number ranging from 1 to 199.
4-15
Description
Using display bgp routing-table as-path-acl command, you can view routes that
match an as-path acl.
Example
# Display routes that match the as-path-acl 1.

<Quidway> display bgp routing-table as-path-acl 1
Dest/Mask Pref Next-Hop Med Local-pref Origin As-path

--------------------------------------------------------------------
#^ 1.1.1.0/24 256 10.10.10.1 0 IGP 200
#^ 1.1.2.0/24 256 10.10.10.1 0 IGP 200
#^ 1.1.3.0/24 256 10.10.10.1 0 IGP 200
#^ 2.2.3.0/24 256 10.10.10.1 0 INC 200
#^ 4.4.4.0/24 256 10.10.10.1 0 INC 200
#^ 9.9.9.0/24 256 10.10.10.1 0 INC 200
#^ 10.10.10.0/24 256 10.10.10.1 0 IGP 200
#^ 22.1.0.0/16 256 200.1.7.2 100 INC 200
# 88.1.0.0/16 60 0.0.0.0 IGP

routing-table as-path-acl
Field Description
Dest/Mask Destination address/Mask
Pref Preference
Nexthop IP address of next hop

Med MULTI_EXIT_DISC attribute value
Local-pref Local preference
4-16
Field Description
origin relative to the route originating it from AS. It has three optional
values:


INC
As-path
4.1.17 display bgp routing-table cidr
Syntax
display bgp routing-table cidr
View
Any view
Parameter
None
Description
Using display bgp routing-table cidr command, you can view the routing information
about the non-natural mask (namely the classless interdomain routing, CIDR).
Example
<Quidway> display bgp routing-table cidr


--------------------------------------------------------------------
#^ 22.1.0.0/16 256 200.1.7.2 100 INC 200
# 88.1.0.0/16 60 0.0.0.0 IGP
4-17
4.1.18 display bgp routing-table community
Syntax
display bgp routing-table community [ aa:nn | no-export-subconfed |

no-advertise | no-export ]* [ whole-match ]
View
Any view
Parameter
aa:nn: Specify a community number.

no-export-subconfed: Not sending matched route outside AS.
no-advertise: Send matched route to no peers.
no-export: Does not announce the route to the AS or the association outside, but can
advertise to other sub-ASs.
whole-match: Configure to display the exactly matched routes.
Description
Using display bgp routing-table community command, you can view the routing
information related to the specified BGP community number in the routing table.
Example
# Display the routing information matching BGP community number 11:22.

<Quidway> display bgp routing-table community 11:22

--------------------------------------------------------------------
#^ 1.0.0.0/8 256 172.10.0.2 100 IGP
#^ 2.0.0.0/8 256 172.10.0.2 100 IGP
4.1.19 display bgp routing-table community-list
Syntax
display bgp routing-table community-list community-list-number [ whole-match ]
4-18
View
Any view
Parameter
community-list-number: Specify a community-list.

whole-match: Configure to display the exactly matched routes.
Description
Using display bgp routing-table community-list command, you can view the routing
information matching the specified BGP community list.
Example
# Display the routing information matching BGP community list 1.

[Quidway] display bgp routing-table community-list 1
Destination/Mask Pref Next-hop Med Local-Pref Origin As-Path

-------------------------------------------------------------------
1.1.1.0/24 256 10.10.10.1 0 IGP 200
1.1.2.0/24 256 10.10.10.1 0 IGP 200
1.1.3.0/24 256 10.10.10.1 0 IGP 200
2.2.3.0/24 256 10.10.10.1 0 INC 200
4.4.4.0/24 256 10.10.10.1 0 INC 200
9.9.9.0/24 256 10.10.10.1 0 INC 200
10.10.10.0/24 0 10.10.10.2 0 IGP
10.10.10.0/24 256 10.10.10.1 0 IGP 200
4.1.20 display bgp routing-table dampened
Syntax
display bgp routing-table dampened
View
Any view
Parameter
None
4-19
Description
Using display bgp routing-table dampened command, you can view BGP dampened
routes.
Example
# View BGP dampened information.

<Quidway> display bgp routing-table dampened
Dest/Mask Source Damping-limit Origin As-path

-----------------------------------------------------------------
#D 11.1.0.0/16 133.1.1.2 1:20:00 IGP 200

routing-table dampened
Item Description
State flags:
# - valid (valid)
^ - best (selected)
#D The valid and damped route
Dest/Mask The dampened route to the destination network 11.1.0.0
Source The nexthop of the route
Damping-li The time before dampening turns invalid and the route can be
mit reused.
values:


Short for INCOMPLETE: indicates that the original source of
the route information is unknown (learned by other methods).
INC
BGP sets the origin of the route imported through other IGP
protocols as INCOMPLETE
4-20
Item Description
As-path
4.1.21 display bgp routing-table different-origin-as
Syntax
display bgp routing-table different-origin-as
View
Any view
Parameter
None
Description
Using display bgp routing-table different-origin-as command, you can view routes
that have different source autonomous systems
Example
# View the routes that have different source ASs.

<Quidway> display bgp routing-table different-origin-as
Destination/Mask Pref Next-hop Med Local-Pref Origin As-Path

------------------------------------------------------------------
10.10.10.0/24 0 10.10.10.2 0 IGP
10.10.10.0/24 256 10.10.10.1 0 IGP 200
4.1.22 display bgp routing-table flap-info
Syntax
display bgp routing-table flap-info [ { regular-expression as-regular-expression } |

{ as-path-acl acl-number } | { network-address [ mask [ longer-match ] ] } ]
View
Any view
4-21
Parameter
as-regular-expression: The route flap-info matching AS path regular expression.

acl-number: Number of the specified AS path to be matched, ranging from 1 to 199.
network-address: Network IP address related to the dampening information to be
shown
mask: Network mask.
longer-match: Show the route flap-info that is more specific than address, mask.
Description
Using display bgp routing-table flap-info command, you can view BGP flap-info.
Example
# Display BGP flap-info.

<Quidway> display bgp routing-table flap-info
Dest/Mask Source Keepup-time Damping-limit Flap-times Origin As-path

--------------------------------------------------------------------
#D 11.1.0.0/16 133.1.1.2 48 1:20:30 4 IGP 200

routing-table flap-info
Item Description
State flags:
# - valid (valid)
^ - best (selected)
#D The valid and damped route

Dest/Mask The dampened route to the destination network 11.1.0.0
Source The nexthop of the route
Keepup-time The time that route damping has continued
Damping-lim The time before dampening turns invalid and the route can be
it reused.
Flap-times The times of the route flap
4-22
Item Description
values:


INC
As-path
4.1.23 display bgp routing-table peer
Syntax
display bgp routing-table peer peer-address { advertised | received }

[ network-address [ mask ] | statistic ]
View
Any view
Parameter
peer-address: Specifies the peer to be displayed.

advertised: Routing information advertised by the specified peer.
received: Routing information the specified peer received.
network-address mask : IP address and address mask of destination network.
statistic: Statistic routing information of peer.
Description
Using display bgp routing-table peer command, you can view the routing information
the specified BGP peer advertised or received.
Example
# Display the routing information advertised by BGP peer 10.10.10.1.

[Quidway] display bgp routing table peer 10.10.10.1 advertised
4-23
Dest/mask Next -Hop Med Local-pref Origin As-path

*> 10.10.10.0/24 0.0.0.0 INC
4.1.24 display bgp routing-table regular-expression
Syntax
display bgp routing-table regular-expression as-regular-expression
View
Any view
Parameter
as-regular-expression: Matched AS regular expression.
Description
Using display bgp routing-table regular-expression command, you can view the
routing information matching the specified AS regular expression
Example
# Display the routing information matched with ^200$.

<Quidway> display bgp routing-table regular-expression ^200$
Destination/Mask Pref Next-hop Med Local-Pref Origin Path

--------------------------------------------------------------------
1.1.1.0/24 256 10.10.10.1 0 IGP 200
1.1.2.0/24 256 10.10.10.1 0 IGP 200
1.1.3.0/24 256 10.10.10.1 0 IGP 200
2.2.3.0/24 256 10.10.10.1 0 INC 200
4.4.4.0/24 256 10.10.10.1 0 IGP 200
9.9.9.0/24 256 10.10.10.1 0 INC 200
10.10.10.0/24 256 10.10.10.1 0 IGP 200
4-24
Syntax
filter-policy { acl-number | ip-prefix ip-prefix-name } export [ protocol ]

undo filter-policy { acl-number | ip-prefix ip-prefix-name } export [ protocol ]
View
BGP view
Parameter
acl-number: Number of IP access control list.

ip-prefix-name: Name of ip prefix list.
protocol: Specified protocols advertising routing information which include direct, ospf,
ospf-ase, ospf-nssa, rip and static.
Description
Using filter-policy export command, you can filter the advertised routes and only the
routes passing the filter can be advertised by BGP. Using undo filter-policy export
command, you can cancel the filtration to the advertised routes.
By default, filtration to the received routing information is not configured.
If the parameter protocol is specified, only the imported route generated by the
specified protocol is filtered and the imported routes generated by other protocols are
not affected. If the parameter protocol is not specified, the imported route generated by
any protocol will be filtered.
Example
# Use ACL 2000 to filter the routing information advertised by BGP.

[Quidway-bgp] filter-policy 2000 export
Syntax

filter-policy { acl-number | ip-prefix ip-prefix-name } import
undo filter-policy { acl-number | ip-prefix ip-prefix-name } import
View
BGP view
4-25
Parameter
acl-number: Number of IP access control list.

ip-prefix-name: Name of address prefix list.
Description
Using filter-policy gateway import command, you can filter the learned routing
information advertised by the peer with the specified address. Using undo filter-policy
gateway import command, you can cancel the filtration to the routing information
advertised by the peer with specified address.
Using filter-policy import command, you can filter the received global routing
information. Using undo filter-policy import command, you can remove the filtration
to the received global routing information.
By default, filtration to the received routing information is not configured.
This command can be used to filter the routes received by BGP and determines
whether to add the routes to the BGP routing table.
Example
# Use ACL 2000 to filter the routing information received by BGP.

[Quidway-bgp] filter-policy 2000 import
4.1.27 group
Syntax
group group-name
undo group group-name
View
BGP view
Parameter
group-name: Specify the name of the peer group. group-name is locally significant.
Description
Using group group-name command, you can establish a peer group. Using undo
group group-name command, you can cancel the configured peer group.
The use of BGP peer group is for the convenience of the user’s configuration. When the
user starts several peers with the same configuration, a peer group can be established
first and be configured. Then add all the peers to the peer group so that they have the
same configuration as this peer group.
4-26
Example
# Create a BGP group named test.

[Quidway-bgp] group test
4.1.28 import-route
Syntax
import-route protocol [ med med-value | route-policy route-policy-name ]*

View
BGP view
Parameter
protocol: Specify source routing protocols which can be imported, which include direct,
ospf, ospf-nssa , ospf-ase, rip and static at present.
med med-value: Specify the MED value loaded by a redistributes route, ranging from 0
to 4294967295.
route-policy route-policy-name: Specify a route-policy.
Description
Using import-route command, you can import routes of other protocols. Using undo
import-route command, you can cancel redistributing routes of other protocols.
By default, BGP does not import routes of other protocols.
Example
# Import routes of RIP.

[Quidway-bgp] import-route rip
4.1.29 ip as-path-acl
Syntax
ip as-path-acl acl-number { permit | deny } as-regular-expression

undo ip as-path-acl acl-number
View
System view
Parameter
acl-number: Number of AS path list ranging from 1 to 199.
4-27
as-regular-expression: AS regular expression.
Description
Using ip as-path-acl command, you can configure an AS path regular express. Using
undo ip as-path-acl command, you can disable the defined regular expression.
The configured AS path list can be used in BGP policy.
For the related commands, see peer as-path-acl, display bgp routing-table
as-path-acl.
Example
# Configure an AS path list.

[Quidway] ip as-path-acl 10 permit 200,300
4.1.30 ip community-list
Syntax
ip community-list basic-comm-list-number { permit | deny } [ aa:nn | internet |

no-export-subconfed | no-advertise | no-export ]
ip community-list adv-comm-list-number { permit | deny } as-regular-expression
undo ip community-list { basic-comm-list-number | adv-comm-list-number }
View
System view
Parameter
basic-comm-list-number: Number of the basic community list ranging from 1 to 99.

adv-comm-list-number: Number of the advanced community list ranging from 100 to
199.
permit: Permit those that match conditions to access.
deny: Deny those that match conditions to access.
aa:nn: Community number.
internet: Advertise all routes.
no-export-subconfed: Used not to advertise the matched route beyond the
confederation.
no-advertise: Used not to send the matched route to any peer.
advertise to other sub-ASs.
as-regular-expression: Community attribute of the regular expression.
4-28
Description
Using ip community-list command, you can configure a BGP community list. Using
undo ip community-list command, you can cancel the configured BGP community
list.
The configured community list can be used in BGP policy.
For the related commands, see apply community, display bgp routing-table
community-list.
Example
# Define a community attribute list which does not advertise routes with the community
attribute beyond the confederation.
[Quidway] ip community-list 6 permit no-export-subconfed
4.1.31 network
Syntax
network ip-address [ address-mask ] [ route-policy route-policy-name ]

undo network ip-address [ address-mask ] [ route-policy route-policy-name ]
View
BGP view
Parameter
ip-address: Network address that BGP advertises.

address-mask: Mask of the network address.
route-policy-name: Route-policy applied to advertised routes.
Description
Using network command, you can configure the network routes advertised by the local
BGP. Using undo network command, you can cancel the existing configuration.
By default, there is no networks sent through BGP
Example
# Advertise routes to network segment 10.0.0.0/16.

[Quidway-bgp] network 10.0.0.0 255.255.0.0
4.1.32 peer advertise-community
Syntax
peer { group-name | peer-address } advertise-community
4-29
undo peer { group-name | peer-address } advertise-community
View
BGP view
Parameter
group-name: Name of peer group.

peer-address: IP address of the peer.
Description
Using peer advertise-community command, you can enable the transmission of the
community attribute to a peer/peer group. Using undo peer advertise-community
command, you can cancel the existing configuration.
By default, the community attribute is not transmitted to any peer/peer group.
For the related commands, see if-match community-list, apply community.
Example
# Transmit community attribute to the peer group name test.

[Quidway-bgp] peer test advertise-community
4.1.33 peer allow-as-loop
Syntax
peer { group-name | peer-address } allow-as-loop [ number ]

undo peer { group-name | peer-address } allow-as-loop
View
BGP view
Parameter
group-name: Specify name of the peer group.

peer-address: Specify IP address of the peer.
number: Specify the repeating times of local AS, ranging from 1 to 10.
Description
Using peer allow-as-loop command, you can configure the repeating time of local AS.
Using undo peer allow-as-loop command, you can remove the repeating time of local
AS.
For the related commands, see display current-configuration, display bgp
routing-table peer, display bgp routing-table group
4-30
Example
# Specify to configure the repeating times of local AS to 2.

[Quidway-bgp] peer 1.1.1.1 allow-as-loop 2
4.1.34 peer as-number
Syntax
peer { group-name | peer-address } as-number as-number

undo peer { group-name | peer-address } as-number as-number
View
BGP view
Parameter

as-number: The AS number of the peer/peer group, the range is 1 to 65535.
Description
Using peer as-number command, you can configure the AS number of peer
group/peer. Using undo peer as-number command, you can delete the AS number of
peer group/peer.
By default, no peer group, peer and AS number are configured.
Example
# Specify the peer AS number for the peer test as 100.

[Quidway-bgp] peer test as-number 100
4.1.35 peer as-path-acl
Syntax
peer { group-name | peer-address } as-path-acl acl-number { import | export }

undo peer { group-name | peer-address } as-path-acl acl-number { import | export }
View
BGP view
Parameter

4-31
acl-number: Specify the filter list number of an AS regular expression. The range is 1 to
199.
import: For the received routes.
export: For the advertised routes.
Description
Using peer as-path-acl command, you can configure BGP route filtering Policy based
on AS path list. Using undo peer as-path-acl command, you can cancel the existing
configuration.
By default, the peer/peer group has no AS path list.
For the related commands, see as-path-acl.
Example
# Set the AS path ACL of the peer group test.

[Quidway-bgp] peer test as-path-acl 3 export
4.1.36 peer connect-interface
Syntax
peer { group-name | peer-address } connect-interface interface-name

undo peer { group-name | peer-address } connect-interface interface-name
View
BGP view
Parameter
group-name: Specified peer group.

interface-name: Interface name.
Description
Using peer connect-interface command, you can specify the source interface of a
route update packet. Using undo peer connect-interface command, you can restore
the best source interface.
By default, BGP uses the best source interface.
Usually, BGP uses the optimal route to update the source interface of the packets.
However, you can set the mode of the interface to Loopback in order to send route
updates even if the interface is not work normally.
4-32
Example
# Specify Vlan-interface1 as the source interface of a route update packet.

[Quidway-bgp] peer test connect-interface vlan-interface 1
4.1.37 peer default-route-advertise
Syntax
peer { group-name | peer-address } default-route-advertise

undo peer { group-name | peer-address } default-route-advertise
View
BGP view
Parameter

Description
Using peer default-route-advertise command, you can configure a peer/peer group to

generate a default route for a peer. Using undo peer default-route-advertise
By default, a peer/peer group does not import the default route.
For this command, no default route needs to exist in the routing table. A default route is
sent unconditionally to a peer with the next hop as itself.
For the related commands, see default-route-advertise.
Example
# Configure a peer group named test to generate a default route.

[Quidway-bgp] peer test default-route-advertise
4.1.38 peer description
Syntax
peer { group-name | peer-address } description description-line

undo peer { group-name | peer-address } description
View
BGP view
4-33
Parameter
group-name: group name.

peer-address: address of the peer.
description-line: description information configured, which can be letters or figures.
Description
Using peer description command, you can configure the description information of the
peer/peer group. Using undo peer description command, you can cancel the
description information of the peer/peer group.
By default, description information of peers/peer group is not configured.
For the related commands, see display current-configuration, display bgp
routing-table peer, display bgp routing-table group.
Example
# Configure the description information of the peer whose name is group1 as beijing1.
[Quidway-bgp] peer group1 description beijing1
4.1.39 peer ebgp-max-hop
Syntax
peer { group-name | peer-address } ebgp-max-hop [ ttl ]

undo peer { group-name | peer-address } ebgp-max-hop
View
BGP view
Parameter
group-name: Specify Name of the peer group.

ttl: Maximum hop value. The range is 1 to 255. By default, the value is 64.
Description
Using peer ebgp-max-hop command, you can allow to establishing EBGP connection
with the peer on indirectly connected network. Using undo peer ebgp-max-hop
By default, this feature is disabled.
4-34
Example
# Allow to establishing EBGP connection with the peer group named test indirectly
connected.
[Quidway-bgp] peer test ebgp-max-hop
4.1.40 peer enable
Syntax
peer { group-name | peer-address } enable

undo peer { group-name | peer-address } enable
View
BGP view
Parameter
group-name: Specify the name of the peer group which specifies the entire peer group.
peer-address: IP address of a peer, which specifies a certain peer.
Description
Using peer enable command, you can enable the specified peer/peer group and
disable it by using undo peer enable command.
By default, BGP peer/peer group is enabled.
If the specified peer/peer group is disabled, the router will not exchange routing
information with the specified peer/peer group.
Example
# Disable the specified peer.

[Quidway-bgp] peer 18.10.0.9 group group1
[Quidway-bgp] undo peer 18.10.0.9 enable
4.1.41 peer filter-policy
Syntax
peer { group-name | peer-address } filter-policy list-number { import | export }

undo peer { group-name | peer-address } filter-policy list-number { import | export }
View
BGP view
4-35
Parameter
group-name: Specify the name of the peer group.

peer-address: Specify the IP address of the peer.
list-number: Specify an IP acl number.
import: Ingress filter policy.
export: Egress filter policy.
Description
Using peer filter-policy command, you can configure the filter-policy list of a peer/peer
group. Using undo peer filter-policy command, you can cancel the existing
configuration.
By default, a peer/peer group has no access control list (ACL).
For the related commands, see acl.
Example
# Set the filter-policy list of a peer group test.

[Quidway-bgp] peer test filter-policy 2000 export
4.1.42 peer group
Syntax
peer peer-address group group-name

undo peer peer-address group group-name
View
BGP view
Parameter

Description
Using peer group command, you can add a peer to the peer group. Using undo peer
group command, you can delete the specified peer in the peer group.
The use of BGP peer group is for the convenience of the user’s configuration. When the
user starts several peers with the same configuration, a peer group can be established
first and be configured. Then add all the peers to the peer group so that they have the
same configuration as this peer group.
4-36
Example
# Add a peer to the peer group TEST.

[Quidway-bgp] group TEST
[Quidway-bgp] peer 10.1.1.1 group TEST
4.1.43 peer ip-prefix
Syntax
peer { group-name | peer-address } ip-prefix prefixname { import | export }

undo peer { group-name | peer-address } ip-prefix prefixname { import | export }
View
BGP view
Parameter

prefixname: Name of the specified ip-prefix.
import: Apply the filtering policy on the route received by the specified peer/peer
group.
export: Apply the filtering policy on the route transmitted to the specified peer/peer
group.
Description
Using peer ip-prefix command, you can configure the route filtering policy of the
peer/peer group based on the ip-prefix. Using undo peer ip-prefix command, you can
cancel the route filtering policy of the peer/peer group based on the ip-prefix.
By default, the route filtering policy of the peer/peer group is not specified.
For the related commands, see ip ip-prefix.
Example
# Configure the route filtering policy of the peer group based on the ip-prefix 1.
[Quidway-bgp] peer group1 ip-prefix list1 export
4.1.44 peer next-hop-local
Syntax
peer { group-name | peer-address } next-hop-local

undo peer { group-name | peer-address } next-hop-local
4-37
View
BGP view
Parameter

Description
Using peer next-hop-local command, you can configure to perform the process of the
next hop in the route to be advertised to the peer/peer group and take the address of
itself as the next hop. Using undo peer next-hop-local command, you can cancel the
existing configuration.
Example
# When BGP distributes the routes to the peer group “test”, it will take its own address
as the next hop.
[Quidway-bgp] peer test next-hop-local
4.1.45 peer password
Syntax
peer { group-name | peer-address } password { cipher | simple } password

undo peer { group-name | peer-address } password
View
BGP view
Parameter
group-name: Name of the peer group.

peer-address: IP address of the peer, in dotted decimal format.
cipher: Displays the configured password in cipher text mode.
simple: Displays the configured password in simple text mode.
password: Password in character string form with 1 to 16 characters when parameter
simple is configured in the command or in the event of inputting the password in simple
text mode but parameter cipher is configured in the command; with 24 characters in
the event of inputting the password in cipher text mode when parameter cipher is
configured in the command.
4-38
Description
Using the peer password command, you can configure MD5 authentication for BGP
during TCP connection setup. Using the undo peer password command, you can
cancel the configuration.
By default, BGP does not perform MD5 authentication when TCP connection is set up.
Once MD5 authentication is enabled, both parties involved in the authentication must
be configured with identical authentication modes and passwords. Otherwise, TCP
connection will not be set up because of the failed authentication.
This command is used to configure MD5 authentication for the specific peer only when
the peer group to which the peer belongs is not configured with MD5 authentication.
Otherwise, the peer should be consistent with the peer group.
Example
# Adopt MD5 authentication on the TCP connection set up between the local router at
10.1.100.1 and the peer router at 10.1.100.2.
[Quidway-bgp] peer 10.1.100.2 password simple huawei
# Perform the similar configuration on the peer.

[Quidway-bgp] peer 10.1.100.1 password simple huawei
4.1.46 peer public-as-only
Syntax
peer { group-name | peer-address } public-as-only

undo peer { group-name | peer-address } public-as-only
View
BGP view
Parameter
group-name: Name of a peer group.

ip-address: IP address of a peer.
Description
Using peer public-as-only command, you can configure not to carry the AS number
when transmitting BGP update packets. Using undo peer public-as-only command,
you can configure to carry the AS number when transmitting BGP update packets.
By default, private AS number is carried when transmitting BGP update packets.
Generally, BGP transmits BGP update packets with the AS number (either public AS
number or private AS number). To enable some outbound routers to ignore the AS
4-39
number when transmitting update packets, you can configure not to carry the AS
number when transmitting BGP update packets.
Example
# Configure not to carry the private AS number when transmitting BGP update packets
to the peer named test.
[Quidway-bgp] peer test public-as-only
4.1.47 peer reflect-client
Syntax
peer { group-name | peer-address } reflect-client

undo peer { group-name | peer-address } reflect-client
View
BGP view
Parameter

Description
Using peer reflect-client command, you can configure a peer/peer group as the route
reflector client. Using undo peer reflect-client command, you can cancel the existing
configuration.
For the related commands, see reflect between-clients, reflector cluster-id.
Example
# Configure the peer group “test” as the route reflector client.

[Quidway-bgp] peer test reflect-client
4.1.48 peer route-policy
Syntax
peer { group-name | peer-address } route-policy route-policy-name { import | export }

undo peer { group-name | peer-address } route-policy route-policy-name { import |
export }
View
BGP view
4-40
Parameter

route-policy-name: The specified Route-policy.
import: Apply to the route policy coming from the peer/peer group.
export: Apply to the route policy advertised to the peer/peer group.
Description
Using peer route-policy command, you can assign the Route-policy to the route
coming from the peer/peer group or the route advertised to the peer/peer group. Using
undo peer route-policy command, you can delete the specified Route-policy.
By default, the peer/peer group has no Route-policy association.
Example
# Apply the Route-policy named test-policy to the route coming from the peer/peer
group test.
[Quidway-bgp] peer test route-policy test-policy export
4.1.49 peer route-update-interval
Syntax
peer { group-name | peer-address } route-update-interval seconds

undo peer { group-name | peer-address } route-update-interval
View
BGP view
Parameter
group-name: Specify the name of the configured peer group.

seconds: The minimum interval of sending BGP update packets route. The range is 0 to
600. By default, the advertisement interval is: 5 seconds for internal peer/peer group,
and 30 seconds for external peer/peer group.
Description
Using peer route-update-interval command, you can configure the interval for the
transmission route of a peer/peer group. Using undo peer route-update-interval
command, you can restore the interval to the default value.
4-41
Example
# Configure the interval of the BGP peer group “test” sending the route update packet
as 10 seconds.
[Quidway-bgp] peer test as-number 100
[Quidway-bgp] peer test route-update-interval 10
4.1.50 peer timer
Syntax
peer { group-name | peer-address } timer keep-alive keepalive-interval hold

holdtime-interval }
undo peer { group-name | peer-address } timer
View
BGP view
Parameter

keepalive-interval: Keepalive interval to be specified. The range is 1 to 65535. By
default, its value is 60 seconds.
holdtime-interval: Holdtime interval to be specified. The range is 3 to 65535. By default,
its value is 180 seconds.
Description
Using peer timer command, you can configure the timers for a peer/peer group. Using
undo peer timer command, you can restore the timer to the default value.
The timer configured by using this command has a higher priority than the one
configured by using the timer command.
Example
# Configure Keepalive and Holdtime intervals of the peer group “test”.

[Quidway-bgp] peer test timer keep-alive 60 hold 180
4.1.51 reflect between-clients
Syntax
reflect between-clients
undo reflect between-clients
4-42
View
BGP view
Parameter
None
Description
Using reflect between-clients command, you can configure the between-client

reflection of a route. Using undo reflect between-clients command, you can disable
this function.
By default, the reflection between clients is enabled.
For the related commands, see reflector cluster-id, peer reflect-client.
Example
# Disable the reflection between clients.

[Quidway-bgp] undo reflect between-clients
4.1.52 reflector cluster-id
Syntax
reflector cluster-id { cluster-id | address }

undo reflector cluster-id
View
BGP view
Parameter
cluster-id: Specify the cluster ID of the route reflector with the range from 1 to
4294967295.
address: Used as the interface address of the route reflector’s cluster ID.
Description
Using reflector cluster-id command, you can configure the cluster ID of the route
reflector. Using undo reflector cluster-id command, you can delete the cluster ID of
the route reflector.
By default, each route reflector uses its Router ID as the cluster ID.
For the related commands, see reflect between-clients, peer reflect-client.
Example
# Set the cluster ID of the route reflector as 80.
4-43
[Quidway-bgp] reflector cluster-id 80
4.1.53 refresh bgp
Syntax
refresh bgp { all | peer-address | group group-name } [ import ]
View
User view
Parameter
all: Reset all the connections with BGP.

peer-address: Reset connection with a specified BGP peer.
group-name: Reset connection with a specified BGP peer group.
import: Refresh the routes learned from the peers
Description
Using refresh bgp peer-address command, you can refresh general BGP routes.
When BGP routing policy changes, it is required to re-compute associated route
information. This command can refresh general BGP routes.
Example
# Refresh all BGP routes.

<Quidway>refresh bgp all
4.1.54 reset bgp
Syntax
reset bgp { all | peer-address [ flap-info ] }
View
User view
Parameter
peer-address: Reset connection with a specified BGP peer.

all: Reset all the connections with BGP.
flap-info: Reset the flap-info of a record at this peer address.
4-44
Description
Using reset bgp peer-address command, you can reset the connection of BGP with a
specified BGP peer.
Using reset bgp all command, you can reset all the connections with BGP.
Example
# Reset all the BGP connections to enable the new configuration (after configuring the
new Keepalive interval and Holdtime interval using the timer command).
<Quidway>reset bgp all
4.1.55 reset bgp dampening
Syntax
reset bgp dampening [ network-address [ mask ] ]
View
User view
Parameter
network-address: Network IP address related to the clearing attenuation information.

mask: Network mask.
Description
Using reset bgp dampening command, you can reset the attenuation information of a
route and release the suppression of a suppressed route.
For the related commands, see dampening, display bgp routing-table dampened.
Example
# Reset the route attenuation information of the specified route.

<Quidway>reset bgp dampening 20.1.0.0 255.255.0.0
4.1.56 reset bgp flap-info
Syntax
reset bgp flap-info [ regular-expression as-regular-expression | as-path-acl

acl-number } | network-address [ mask ] ]
View
User view
4-45
Parameter
regular-expression as-regular-expression: Reset the flap-info matching the AS path

regular expression.
as-path-acl acl-number: Reset the flap-info in consistency with a specified filter list.
The range of the parameter acl-number is 1 to 199.
network-address: Reset the flap-info of a record at this IP address.
mask: Network mask.
Description
Using reset bgp flap-info command, you can reset the flap-info of a route.
For the related commands, see dampening.
Example
# Reset the flap-info of all the routes that go through filter list 10.
<Quidway> reset bgp flap-info as-path-acl 10
4.1.57 reset bgp group
Syntax
reset bgp group group-name
View
User view
Parameter
Description
Using reset bgp group command, you can reset the connections between the BGP
and all the members of a group.
For the related commands, see peer group.
Example
# Reset BGP connections of all members from group1.

<Quidway> reset bgp group group1
4.1.58 summary automatic
Syntax
summary automatic
4-46
undo summary automatic
View
BGP view
Parameter
None
Description
Using summary automatic command, you can configure auto aggregation of

sub-network routes and disable it by using undo summary automatic command,
By default, no auto aggregation of sub-network routes is executed.
After the summary automatic is configured, BGP cannot receive the sub-network
routes imported from the IGP, so the amount of the routing information can be reduced.
Example
# Make the auto aggregation of the sub-network routes.

[Quidway-bgp] summary automatic
4.1.59 timer
Syntax
timer keep-alive keepalive-interval hold holdtime-interval

undo timer
View
BGP view
Parameter
keepalive-interval: Set the interval time value for keepalive time. The range is 1 to
65535. By default, its value is 60 seconds.
holdtime-interval: Set the interval time value for hold time. The range is 3 to 65535. By
default, its value is 180 seconds.
Description
Using timer command, you can configure the Keep-alive and Hold-time timer of BGP.
Using undo timer command, you can restore the default value of the Keep-alive and
Hold-time of the timer.
Example
# Configure the Keep-alive timer as 30 seconds and Hold-time timer as 90 seconds.
4-47
[Quidway-bgp] timer keep-alive 30 hold 90
4.1.60 undo synchronization
Syntax
undo synchronization
View
BGP view
Parameter
None
Description
Using undo synchronization command, you can cancel the synchronization of BGP
and IGP.
By default, BGP doesn’t synchronize with IGP.
If the local BGP is not set synchronous with the IGP and the next hop of the learned
BGP route is reachable, the local BGP will add this BGP route into its routing table
immediately after it learns the route, rather than waiting till the IGP also learns the
route.
This command means BGP does not synchronize with IGP in current system. You need
not configure it for S3500 Series Ethernet Switches don’t support synchronization of
BGP and IGP at present.
Example
# Cancel the synchronization of BGP and IGP.

[Quidway-bgp] undo synchronization
4-48
Quidway S3500 Series Ethernet Switches Chapter 5 IP Routing Policy Configuration Commands
Chapter 5 IP Routing Policy Configuration

Commands
Note:
5.1 IP Routing Policy Configuration Commands

The above describes the configuration commands in the routing policy, which are
independent of any specific routing protocol.
5.1.1 apply as-path
Syntax
apply as-path as-number-1 [ as-number-2 [ as-number-3 ... ] ]

undo apply as-path
View
Route policy view
Parameter
as-number-1... as-number-n: AS number to be added.
Description
Using apply as-path command, you can configure AS number to be added in front of
the original AS path in Route-policy. Using undo apply as-path command, you can
cancel the AS sequence number added in front of the original AS path.
By default, no AS number is set.
If the match condition of Route-policy is matched, the AS attribute of the transmitting
route will be changed.
5-1
Example
# Configure AS 200 to be added in front of the original AS path in Route-policy.

[Quidway-route-policy] apply as-path 200
5.1.2 apply community
Syntax
apply community { { { aa:nn | no-export-subconfed | no-export | no-advertise} …

[ additive ] } | additive | none }
undo apply community
View
Route policy view
Parameter
aa:nn: Community number.

no-export-subconfed: Not sending matched route outside AS.
no-advertise: Not sending matched route to any peer.
advertises to other sub-ASs.
additive: Additional known community attribute.
none: Deleted route community attribute.
Description
Using apply community command, you can configure the set BGP community
attribute of Route-policy. Using undo apply community command, you can cancel the
set BGP community attribute.
By default, BGP community attribute is not set.
For the related commands, see ip community-list, if-match community-list,
route-policy, display bgp routing-table community.
Example
# Configure one Route-policy applycommunity, whose node serial number is 16 and

match mode is permit, and enter Route policy view to set match conditions and attribute
modification actions to be executed.
[Quidway] route-policy applycommunity permit node 16
[Quidway-route-policy] if-match as-path 8
[Quidway-route-policy] apply community no-export
5-2
5.1.3 apply cost
Syntax
apply cost value

undo apply cost
View
Route policy view
Parameter
value: Specify the route cost value of route information.
Description
Using apply cost command, you can configure the route cost value of route
information. This command is one attribute apply sub-statements of Route-policy.
Using undo apply cost command, you can cancel the apply sub-statement.
For the related commands, see if-match interface, if-match acl, if-match ip-prefix,
if-match ip next-hop, if-match cost, if-match tag, route-policy, apply ip next-hop,
apply local-preference, apply origin and apply tag.
Example
# Define one apply sub-statement. When it is used for setting route information attribute,
it sets the route metric value of route information as 120.
[Quidway-route-policy] apply cost 120
5.1.4 apply cost-type
Syntax
apply cost-type [ internal | external ]

undo apply cost-type
View
Route policy View
Parameter
internal: Use the cost type of IGP as MED value of BGP to advertise route to EBGP
peer.
external: external cost type of IS-IS. S3500 series don’t support this parameter at
present.
5-3
Description
Using apply cost-type command, you can configure the route cost type of route
Using undo apply cost-type command, you can cancel the apply sub-statement.
By default, route cost type is not set.
Example
# Set the cost type of IGP as MED value of BGP to advertise route to EBGP peer.
[Quidway-route-policy] apply cost-type internal
5.1.5 apply ip next-hop
Syntax
apply ip next-hop ip-address

undo apply ip next-hop
View
Route policy view
Parameter
ip-address: The next-hop address.
Description
Using apply ip next-hop command, you can configure the next hop address of route
Using undo apply ip next-hop command, you can cancel the apply sub-statement.
By default, no apply sub-statement is defined.
When it is used for setting route information attribute, it sets the next hop address area
of route information passing filtration.
if-match ip next-hop, if-match cost, if-match tag, route-policy, apply
local-preference, apply cost, apply origin and apply tag.
Example
# Set the next hop address of route information as 193.1.1.8 when it is used for setting
route information attribute.
[Quidway-route-policy] apply ip next-hop 193.1.1.8
5-4
5.1.6 apply local-preference
Syntax
apply local-preference local-preference

undo apply local-preference
View
Route policy view
Parameter
local-preference: New set local preference.
Description
Using apply local-preference command, you can configure to apply the local
preference of route information. This command is one apply sub-statements of
Route-policy attribute set. Using undo apply local-preference command, you can
cancel the apply sub-statement.
Example
# Apply the local preference level of route information as 130 when this apply
sub-statement is used for setting route information attribute. .
[Quidway-route-policy] apply local-preference 130
5.1.7 apply origin
Syntax
apply origin { igp | egp as-number | incomplete }

undo apply origin
View
Route policy view
Parameter
igp: Set the BGP route information source as internal route

egp: Set the BGP route information source as external route
as-number: Specifies AS number of external route.
incomplete: Setting the BGP route information source as unknown source.
5-5
Description
Using apply origin command, which is one of attribute apply sub-statements of

Route-policy, you can configure to apply the route source. Using undo apply origin
command, you can cancel the apply sub-statement.
apply local-preference, apply cost and apply tag.
Example
it sets the route source of BGP route information as igp.
[Quidway-route-policy] apply origin igp
5.1.8 apply tag
Syntax
apply tag value

undo apply tag
View
Route policy view
Parameter
value: Specifies the tag value of route information.
Description
Using apply tag command, you can configure to set the tag area of OSPF route
information. This command is one of attribute apply sub-statements of Route-policy.
Using undo apply tag command, you can cancel the apply sub-statement.
apply local-preference, apply cost and apply origin.
Example
it sets the tag area of route information as 100.
[Quidway-route-policy] apply tag 100
5-6
5.1.9 display ip ip-prefix
Syntax
display ip ip-prefix [ ip-prefix-name ]
View
Any view
Parameter
ip-prefix-name: Specifies displayed address prefix list name.
Description
Using display ip ip-prefix command, you can view the address prefix list.
For the related commands, see ip ip-prefix.
Example
# Display the information of the address prefix list named as p1.

<Quidway> display ip ip-prefix p1
name index conditions ip-prefix / mask GE LE
p1 10 permit 10.1.0.0/16 17 18
Table 5-1 Description of information generated by the command display ip ip-prefix
Field Description
name Name of ip-prefix
index Internal sequence number of ip-prefix
conditions Mode: permit or deny
ip-prefix / mask Address and network segment length of ip-prefix
GE Greater-equal value of ip-prefix network segment length
LE Less-equal value of ip-prefix network segment length
5.1.10 display route-policy
Syntax
display route-policy [ route-policy-name ]
View
Any view
5-7
Parameter
route-policy-name: Specifies displayed Route-policy name.
Description
Using display route-policy command, you can view the configured Route-policy
For the related commands, see route-policy.
Example
# Display the information of Route-policy named as policy1.

<Quidway> display route-policy policy1
Route-policy : policy1
Permit 10 : if-match (prefixlist) p1
apply cost 100
matched : 0 denied : 0
Table 5-2 Description of information generated by the command display route-policy
Field Description
Route-policy Name of ip-prefix
Information of the route-policy with mode configured as permit and

node as 10:
if-match
The configured if-match clause
(prefixlist) p1
Apply routing cost 100 to the routes matching
Permit 10 apply cost 100
the conditions defined by if-match clause
Number of routes matching the conditions set

matched
by if-match clause
Number of routes not matching the conditions

denied
set by if-match clause
Syntax
filter-policy { acl-number | ip-prefix ip-prefix-name } export [ protocol ]

undo filter-policy { acl-number | ip-prefix ip-prefix-name } export [ protocol ]
View
Routing protocol view
5-8
Parameter
acl-number: Number of the access control list used for matching the destination
address field of the routing information.
ip-prefix-name: Address prefix list used for matching the routing information destination
address field.
protocol: The routing information of which kind of route protocol to be filtered.
Description
Using filter-policy export command, you can configure to set the filtering conditions of
the routing information advertised by a certain type of routing protocols. Using undo
filter-policy export command, you can cancel the filtering conditions set.
By default, the advertised routing information is not filtered.
For the related commands, see filter-policy import.
Example
# Define the filtering rules for advertising the routing information of RIP. Only the routing
information passing the filtering of address prefix list p1 will be advertised by RIP.
[Quidway-rip] filter-policy ip-prefix p1 export
Syntax

filter-policy { acl-number | ip-prefix ip-prefix-name } import
undo filter-policy { acl-number | ip-prefix ip-prefix-name } import
View
Routing protocol view
Parameter
acl-number: The access control list number used for matching the destination address
field of the routing information.
ip-prefix ip-prefix-name: The prefix address list name. Its matching object is the
destination address field of the routing information.
5-9
gateway ip-prefix-name: The prefix address list name of the neighbor router address.
Its matching object is the routing information advertised by the specified neighbor
router.
Description
Using filter-policy gateway import command, you can filter the received routing
information advertised by a specified router. Using undo filter-policy gateway import
command, you can cancel the setting of the filtering condition.
Using filter-policy import command, you can set the condition for filtering the routing
information. Using undo filter-policy import command, you can cancel the setting of
filter condition
By default, the received routing information is not filtered.
conditions can be received. Then, the filter-policy command can be used to set the
information passing the filtration can be received.
For the related commands, see filter-policy export.
Example
# Define the filtering rule for receiving routing information of RIP. Only the routing
information filtered through the address prefix list p1 can be received by RIP.
[Quidway-rip] filter-policy ip-prefix p1 import
5.1.13 if-match { acl | ip-prefix }
Syntax
if-match { acl acl-number | ip-prefix ip-prefix-name }

undo if-match { acl | ip-prefix }
View
Route policy view
Parameter
acl-number: Specify the number of the access control list used for filtration
ip-prefix-name: Specify the prefix address list used for filtration
Description
Using if-match { acl | ip-prefix } command, you can configure the IP address range to
match the Route-policy. Using undo if-match { acl | ip-prefix } command, you can
cancel the setting of the match rule.
5-10
Filtration is performed by quoting an ACL or a prefix address list.

For the related commands, see if-match interface, if-match ip next-hop, if-match
cost, if-match tag, route-policy, apply ip next-hop, apply cost, apply
local-preference, apply origin and apply tag.
Example
# Define one if-match sub-statement. When the sub-statement is used for filtering route
information, the route information filtered by route destination address through address
prefix list p1 is enable to pass the if-match sub-statement.
[Quidway-route-policy] if-match ip-prefix p1
5.1.14 if-match as-path
Syntax
if-match as-path acl-number

undo if-match as-path
View
Route policy view
Parameter
acl-number: AS path based access control list number, ranging from 1 to 199.
Description
Using the if-match as-path command, you can match the AS path domain of the BGP
routing information; using the undo if-match as-path command, you can cancel the
match of AS path domain.
By default, AS path list number is not matched.
Example
# An as-path numbered as 2 is defined first, allowing the routing information of AS 100

and 200. Then the route-policy named test is defined. The node No.10 of this
route-policy defines a if-match sub-statement, which quotes the definition of as-path.
[Quidway] ip as-path-acl 2 permit 100:200
[Quidway] route-policy test permit node 10
[Quidway-route-policy] if-match as-path 2
5-11
5.1.15 if-match community
Syntax
if-match community { basic-community-number [ whole-match ] |

adv-community-number }
undo if-match community
View
Route policy view
Parameter
basic-community-list-number: Basic community list number, ranging from 1 to 99.

adv-community-list-number: Advanced community list number, ranging from 100 to
199.
whole-match: Fully matching.
Description
Using if-match community command, you can match the community attribute of the
BGP information. Using undo if-match community command, you can cancel the
match of the community attribute.
This if-match sub-statement of route-policy is used to filter BGP routing information.
The match condition is specified according to the community attributes of the routing
information.
For the related commands, see route-policy, ip community-list.
Example
# A community-list numbered as 1 is defined first, allowing the autonomous system

number to contain the routing information of 100 and 200. Then, the route-policy
named test is defined. The node No.10 of the route-policy defines a if-match
sub-statement, which quotes the definition of the community-list.
[Quidway] ip community-list 1 permit 100:200
[Quidway] route-policy test permit node 10
[Quidway-route-policy] if-match community 1
5.1.16 if-match cost
Syntax
if-match cost value

undo if-match cost
5-12
View
Route policy view
Parameter
value: Specify the required route metric value, ranging from 0 to 4294967295.
Description
Using if-match cost command, you can configure one of the match rules of
route-policy to match the cost of the routing information. Using undo if-match cost
command, you can cancel the configuration of the match rule.
By default, no if-match sub-statement is defined.
if-match ip next-hop, if-match tag, route-policy, apply ip next-hop, apply
local-preference, apply cost, apply origin, apply tag.
Example
# A if-match sub-statement is defined, which allows the routing information with routing
cost 8 to pass this if-match sub-statement.
[Quidway-route-policy] if-match cost 8
5.1.17 if-match interface
Syntax
if-match interface { interface-name | interface-type interface-number }

undo if-match interface
View
Route policy view
Parameter
interface-type: Specify interface type.

interface-number: Specify interface number.
interface-name: Specify interface name.
Description
Using if-match interface command, you can configure to match the route whose next
hop is designated interface. Using undo if-match interface command, you can cancel
the setting of matching condition.
By default, no if-match sub-statement is defined.
It matches the corresponding interface of route next hop when filtering route.
5-13
For the related commands, see if-match acl, if-match ip-prefix, if-match ip next-hop,
if-match cost, if-match tag, route-policy, apply ip next-hop, apply cost, apply
Example
# Define one if-match sub-statement to match the route whose next hop interface is
Vlan-interface 1
[Quidway-route-policy] if-match interface Vlan-interface 1
5.1.18 if-match ip next-hop
Syntax
if-match ip next-hop { acl acl-number | ip-prefix ip-prefix-name }

undo if-match ip next-hop [ ip-prefix ]
View
Route policy view
Parameter
acl-number: Specify the number of the access control list used for filtration. The range
is 2000 to 2999.
ip-prefix-name: Specify the name of the prefix address list used for filtration.
Description
Using if-match ip next-hop command, you can configure one of the match rules of
route-policy on the next hop address of the routing information. Using undo if-match ip
next-hop command, you can cancel the setting of ACL matching condition. Using
undo if-match ip next-hop ip-prefix command, you can cancel the setting of address
prefix list matching condition.
Filtration is performed by quoting an ACL or a address prefix list.
if-match cost, if-match tag, route-policy, apply ip next-hop, apply cost, apply
Example
# Define a if-match sub-statement. It permits the routing information, whose route next
hop address passes the filtration of the prefix address list p1, to pass this if-match
sub-statement.
[Quidway-route-policy] if-match ip next-hop ip-prefix p1
5-14
5.1.19 if-match tag
Syntax
if-match tag value

undo if-match tag
View
Route policy view
Parameter
value: Specify the value in tag field of OSPF route information.
Description
Using if-match tag command, you can configure to match the tag field of OSPF route
information. Using undo if-match tag command, you can cancel the existing matching
rules.
if-match ip next-hop, if-match cost, route-policy, apply ip next-hop, apply cost,
Example
# Define one if-match sub-statement and enable the OSPF route information whose
value of tag is 8 to pass the if-match sub-statement.
[Quidway-route-policy] if-match tag 8
5.1.20 ip ip-prefix
Syntax
ip ip-prefix ip-prefix-name [ index index-number ] { permit | deny } network len

[ greater-equal greater-equal | less-equal less-equal ]
undo ip ip-prefix ip-prefix-name [ index index-number | permit | deny ]
View
System view
Parameter
ip-prefix-name: The specified address prefix list name. It identifies one address prefix
list uniquely.
index-number: Identify an item in the prefix address list. The item with smaller
index-number will be tested first.
5-15
permit: Specify the match mode of the defined address prefix list items as permit
mode.
deny: Specify the match mode of the defined address prefix list items as deny mode.
network: The IP address prefix range (IP address). If it is 0.0.0.0 0, all the IP addresses
are matched.
len: The IP address prefix range (mask length). If it is 0.0.0.0 0, all the IP addresses are
matched.
greater-equal, less-equal: The address prefix range [greater-equal, less-equal] to be
matched after the address prefix network len has been matched. The meaning of
greater-equal is "larger than or equal to" , and the meaning of less-equal is "less than
or equal to". The range is len <= greater-equal <= less-equal <= 32. When only
greater-equal is used, it denotes the prefix range [greater-equal, 32]. When only
less-equal is used, it denotes the prefix range [len, less-equal].
Description
Using ip ip-prefix command, you can configure an address prefix list or one of its items,
which can also be deleted with undo ip ip-prefix command.
By default, there’s no address prefix list.
The address prefix list is used for IP address filtering. An address prefix list may contain
several items, and each item specifies one address prefix range. The inter-item filtering
relation is "OR", i.e. passing an item means passing the filtering of this address prefix
list. Not passing the filtering of any item means not passing the filtration of this prefix
address list.
The address prefix range may contain two parts, which are determined by len and
[greater-equal, less-equal] respectively. If the prefix ranges of these two parts are both
specified, the IP to be filtered must match the prefix ranges of these two parts.
If you specify network len as 0.0.0.0 0, it only matches the default route.
Example
# The prefix address list of this address indicates to match the bits 1 to 8 and the bits 17
to 18 for filtering the IP address with the bits 1 to 8 and the bits 17 to 18 of the specified
IP network segment 10.0.192.0.
[Quidway] ip ip-prefix p1 permit 10.0.192.0 8 greater-equal 17 less-equal 18
5.1.21 route-policy
Syntax
route-policy route-policy-name { permit | deny } node { node-number }

undo route-policy route-policy-name [ permit | deny | node node-number ]
5-16
View
System view
Parameter
route-policy-name: Specify the Route-policy name to identify one Route-policy

uniquely.
permit: Specify the match mode of the defined Route-policy node as permit mode.
deny: Specify the match mode of the defined Route-policy node as deny mode.
node: Node of the route policy.
node-number: Index of the node in the route-policy. When this route-policy is used for
routing information filtration, the node with smaller node-number will be tested first.
Description
Using route-policy command, you can create and enter the Route-policy view. Using
undo route-policy command, you can delete the established Route-policy.
By default, no Route-policy is defined.
Route-policy is used for route information filtration or route policy. One Route-policy
comprises of some nodes and each node comprises of some match and apply
sub-statements. The if-match sub-statement defines the match rules of this node and
the apply sub-statement defines the actions after passing the filtration of this node. The
filtering relationship between the if-match sub-statements of the node is “and”, i.e., all
if-match sub-statements that meet the node. The filtering relation between Route-policy
nodes is "OR", i.e. passing the filtering of one node means passing the filtering of this
Route-policy. If the information doesn’t pass the filtration of any nodes, it cannot pass
the filtration of this Route-policy.
if-match ip next-hop, if-match cost, if-match tag, apply ip next-hop, apply
local-preference, apply cost, apply origin and apply tag.
Example
# Configured one Route-policy policy1, whose node number is 10 and if-match mode is
permit, and enter Route policy view.
[Quidway] route-policy policy1 permit node 10
[Quidway-route-policy]
5-17
Quidway S3500 Series Ethernet Switches Chapter 6 Route Capacity Configuration Commands
Chapter 6 Route Capacity Configuration

Commands
6.1 Route Capacity Configuration Commands

6.1.1 display memory
Syntax
display memory
Mode
Any view
Parameter
None
Description
Using display memory command, you can view the memory setting.
Example
# Display the current memory setting.

<Quidway> display memory
System Total Memory(bytes): 34189056
Total Used Memory(bytes): 18692804
Used Rate: 54%
The displayed information is described specifically in the following table:
Table 6-1 The description for the information displayed by the display memory
command
Item Description
System Total
The total number of the Ethernet switch memory in byte.
Memory(bytes)
Total Used
The total number of the used Ethernet switch memory in byte.
Memory(bytes)
Used Rate The used rate of the Ethernet switch memory
6-1
6.1.2 display memory limit
Syntax
display memory limit
Mode
Any view
Parameter
None
Description
Using display memory limit command, you can view the memory setting and state
information related to the Ethernet switch capacity, including available memory and
state information about connections such as times for disconnecting connections,
times for reestablishing connections and whether or not the current system is in the
emergent state.
Example
# Display the current memory setting and state information.

<Quidway> display memory limit
Current memory limit configuration information:
system memory safety: 4 (MBytes)
system memory limit: 2 (MBytes)
auto-establish enabled
Free Memory: 14798060 (Bytes)
The state information about connection:

The times of disconnect: 0
The times of reconnect: 0
The current state: Normal
The information displayed by this command includes the Ethernet switch memory limit,
the size of the idle memory, the times of the connection disconnecting, the times of the
connection reestablishment and the current state.
The displayed information is described specifically in the following table:
6-2
Table 6-2 The description for the information displayed by the display memory limit
command
Item Description
system memory
The safety value of the Ethernet switch memory.
safety
system memory limit The lower limit of the Ethernet switch memory.
The system allows recovering the connection
auto-establish
automatically. (If the automatic recover is disabled, the
enabled
"auto-establish disabled" will be displayed.)
Free Memory The size of the current idle memory.

The times of The times of the connection disconnecting of the Ethernet
disconnect: 0 switch is 0.
The times of The times of the connection reestablishment of the
reconnect: 0 Ethernet switch is 0.
The current state: The current state is normal. (If entering the emergent state,
Normal the system will display "Exigence" )
6.1.3 memory auto-establish disable
Syntax
memory auto-establish disable
View
System view
Parameter
None
Description
Using memory auto-establish disable command, you can disable the routing protocol
connection that is forcibly disconnected to recover automatically when the idle memory
of the Ethernet switch reaches this value. Thus, connections of all the routing protocols
will not recover when the idle memory of the Ethernet switch recovers to a safety value.
In this case, you need to restart the routing protocol to recover the connections.
By default, when the idle memory of the Ethernet switch recovers to a safety value,
connections of all the routing protocols will always recover (when the idle memory of
the Ethernet switch reduces to a lower limit, the connection will be disconnected
forcibly).
You shall use the command cautiously.
6-3
For the related commands, see memory auto-establish enable, memory { safety |
limit }, display memory limit.
Example
# Disable memory resume of the current Ethernet switch and recover connections of all
the protocols automatically.
[Quidway] memory auto-establish disable
6.1.4 memory auto-establish enable
Syntax
memory auto-establish enable
View
System view
Parameter
None
Description
Using memory auto-establish enable command, the routing protocol connection that
is forcibly disconnected to recover automatically when the idle memory of the Ethernet
switch reaches this value.
By default, when the idle memory of the Ethernet switch recovers to a safety value,
connections of all the routing protocols will always recover (when the idle memory of
the Ethernet switch reduces to a lower limit, the connection will be disconnected
forcibly).
For the related commands, see memory auto-establish disable, memory { safety |
limit }, display memory limit.
Example
# Enable memory resume of the current Ethernet switch and recover connections of all
the protocols automatically.
[Quidway] memory auto-establish enable
6.1.5 memory { safety | limit }
Syntax
memory { safety safety-value | limit limit-value }*

undo memory [ safety | limit ]
6-4
View
System view
Parameter
safety safety-value: The safety value of the Ethernet switch idle memory, in the unit of
Mbytes. Its value range depends on the idle memory of the active Ethernet switch.
limit limit-value: The lower limit of the Ethernet switch idle memory, in the unit of
Mbytes. Its value range depends on the idle memory of the active Ethernet switch.
Description
Using memory limit limit-value command, you can configure the lower limit of the
Ethernet switch idle memory. When the idle memory of the Ethernet switch is less than
this limit, all the routing protocol connections will be disconnected forcibly. The
limit-value in the command must be less than the current idle memory safety value, and
otherwise the configuration will fail.
Using memory safety safety-value command, you can configure the safety value of
the Ethernet switch idle memory. If you use the memory auto-establish enable
command (the default configuration), the routing protocol connection that is forcibly
disconnected will automatically recover when the idle memory of the Ethernet switch
reaches this value. The safety-value in the command must be more than the current
idle memory lower limit, and otherwise the configuration will fail.
Using memory safety safety-value limit limit-value command, you can change both of
the safety value and lower limit of the Ethernet switch idle memory. The safety-value
must be more than the limit-value, otherwise the configuration will fail.
Using undo memory command, you can configure the safety value and the lower limit
of the Ethernet switch idle memory to the default configuration.
For the related commands, see memory auto-establish disable, memory
auto-establish enable and display memory limit.
Example
# Set the lower limit of the Ethernet switch idle memory to 1Mbytes and the safety value
to 3Mbytes.
[Quidway] memory safety 3 limit 1
6-5
HUAWEI

Command Manual
Multicast

Command Manual - Multicast
Table of Contents
Chapter 1 GMRP Configuration Commands............................................................................... 1-1

1.1 GMRP Configuration Commands ...................................................................................... 1-1
1.1.1 debugging gmrp ...................................................................................................... 1-1
1.1.2 display gmrp statistics ............................................................................................. 1-1
1.1.3 display gmrp status ................................................................................................. 1-2
1.1.4 gmrp ........................................................................................................................ 1-3
Chapter 2 IGMP Snooping Configuration Commands............................................................... 2-1

2.1 IGMP Snooping Configuration Commands ....................................................................... 2-1
2.1.1 display igmp-snooping configuration....................................................................... 2-1
2.1.2 display igmp-snooping group .................................................................................. 2-2
2.1.3 display igmp-snooping statistics.............................................................................. 2-3
2.1.4 igmp-snooping......................................................................................................... 2-3
2.1.5 igmp-snooping fast-leave ........................................................................................ 2-4
2.1.6 igmp-snooping group-limit....................................................................................... 2-5
2.1.7 igmp-snooping group-policy .................................................................................... 2-5
2.1.8 igmp-snooping host-aging-time............................................................................... 2-7
2.1.9 igmp-snooping max-response-time......................................................................... 2-8
2.1.10 igmp-snooping router-aging-time .......................................................................... 2-9
2.1.11 reset igmp-snooping statistics............................................................................... 2-9
Chapter 3 Multicast Common Configuration Commands ......................................................... 3-1

3.1 Multicast Common Configuration Commands ................................................................... 3-1
3.1.1 debugging multicast forwarding .............................................................................. 3-1
3.1.2 debugging multicast kernel-routing ......................................................................... 3-1
3.1.3 debugging multicast status-forwarding ................................................................... 3-2
3.1.4 display multicast forwarding-table ........................................................................... 3-2
3.1.5 display multicast routing-table................................................................................. 3-4
3.1.6 display multicast vif ................................................................................................. 3-6
3.1.7 multicast routing-enable .......................................................................................... 3-6
Chapter 4 IGMP Configuration Commands ................................................................................ 4-1

4.1 IGMP Configuration Commands........................................................................................ 4-1
4.1.1 debugging igmp....................................................................................................... 4-1
4.1.2 display igmp group .................................................................................................. 4-1
4.1.3 display igmp interface ............................................................................................. 4-2
4.1.4 display igmp port ..................................................................................................... 4-3
4.1.5 igmp group-policy.................................................................................................... 4-4
4.1.6 igmp group-policy vlan ............................................................................................ 4-5
4.1.7 igmp host-join .......................................................................................................... 4-6
i
4.1.8 igmp host-join vlan .................................................................................................. 4-6

4.1.9 igmp max-response-time......................................................................................... 4-7
4.1.10 igmp timer other-querier-present........................................................................... 4-8
4.1.11 igmp timer query.................................................................................................... 4-9
4.1.12 igmp version .......................................................................................................... 4-9
Chapter 5 PIM Configuration Commands ................................................................................... 5-1

5.1 PIM Configuration Commands........................................................................................... 5-1
5.1.1 c-bsr ........................................................................................................................ 5-1
5.1.2 c-rp .......................................................................................................................... 5-2
5.1.3 debugging pim common.......................................................................................... 5-2
5.1.4 debugging pim dm................................................................................................... 5-3
5.1.5 debugging pim sm................................................................................................... 5-4
5.1.6 display pim bsr-info ................................................................................................. 5-5
5.1.7 display pim interface ............................................................................................... 5-5
5.1.8 display pim neighbor ............................................................................................... 5-6
5.1.9 display pim routing-table ......................................................................................... 5-7
5.1.10 display pim rp-info ................................................................................................. 5-8
5.1.11 pim......................................................................................................................... 5-9
5.1.12 pim bsr-boundary ................................................................................................ 5-10
5.1.13 pim dm................................................................................................................. 5-10
5.1.14 pim sm................................................................................................................. 5-11
5.1.15 pim timer hello ..................................................................................................... 5-12
5.1.16 register-policy ...................................................................................................... 5-12
5.1.17 spt-switch-threshold ............................................................................................ 5-13
5.1.18 static-rp................................................................................................................ 5-14
Chapter 6 Multicast VLAN Configuration Commands ............................................................... 6-1

6.1 Multicast VLAN Configuration Commands ........................................................................ 6-1
6.1.1 service-type multicast.............................................................................................. 6-1
Chapter 7 Multicast MAC Address Configuration Commands ................................................. 7-1

7.1 Multicast MAC Address Configuration Commands ........................................................... 7-1
7.1.1 mac-address multicast ............................................................................................ 7-1
ii
Quidway S3500 Series Ethernet Switches Chapter 1 GMRP Configuration Commands
Chapter 1 GMRP Configuration Commands
1.1 GMRP Configuration Commands

1.1.1 debugging gmrp
Syntax
debugging gmrp { event | packet }

undo debugging gmrp { event | packet }
View
User view
Parameter
event: GMRP event.

packet: GMRP packet.
Description
Using debugging gmrp command, you can enable GMRP debugging. Using undo
debugging gmrp you can disable GMRP debugging.
Example
# Enable GMRP event debugging.

<Quidway> debugging gmrp event
GMRP: Max number of GMRP entries reached
Table 1-1 Description of information generated by the command debugging gmrp

event
Field Description
GMRP: Max number of GMRP Maximum number of entries reached for GMRP
entries reached local database
1.1.2 display gmrp statistics
Syntax
display gmrp statistics [ interface interface-list ]
1-1
View
Any view
Parameter
interface interface-list: Specifies Ethernet port list, expressed as interface-list =

| interface_name } ]}&<1-10>. For meanings and value ranges of interface-type,
interface-number and interface-name, refer to the syntax description in the Port
Configuration of this manual.
Description
Using display gmrp statistics command, you can view the statistics information about
GMRP.
This command is used for displaying the statistics information about GMRP, including
the list of ports with GMRP enabled, GMRP status information, GMRP failed
registrations and last origin of GMRP packet data unit (PDU).
Example
# Display the statistics information about GMRP on Ethernet 0/1.

<Quidway> display gmrp statistics interface Ethernet 0/1
GMRP statistics on port Ethernet0/1
Gmrp Status : Enabled
Gmrp Failed Registrations : 0
Gmrp Last Pdu Origin : 0000-0000-0000
1.1.3 display gmrp status
Syntax
display gmrp status
View
Any view
Parameter
None
Description
Using display gmrp status command, you can view the status of global GMRP.
This command can be used for displaying the enabled/disabled status of global GMRP.
1-2
Example
# Display the status of global GMRP.

<Quidway> display gmrp status
GMRP is enabled
Table 1-2 Global GMRP status information
Field Description
GMRP is enabled GMRP is enabled globally.
1.1.4 gmrp
Syntax
gmrp
undo gmrp
View
Parameter
None
Description
Using gmrp command, you can enable global GMRP or enable GMRP on a port. Using
undo gmrp command, you can configure the GMRP back to the default setting,
namely disabled.
By default, GMRP is disabled
Executed in system view, this command will enable the global GMRP. After performing
this command in Ethernet port view, GMRP will be enabled on a port.
Before enabling GMRP on a port, you shall enable GMRP globally.
For the related command, see display gmrp status, display gmrp statistics.
Example
# Enable GMRP globally.

[Quidway] gmrp
1-3
Quidway S3500 Series Ethernet Switches Chapter 2 IGMP Snooping Configuration Commands
Chapter 2 IGMP Snooping Configuration

Commands
Note:
S3552G/S3552P/S3552F/S3528G/S3528P support IGMP Snooping.
2.1 IGMP Snooping Configuration Commands

2.1.1 display igmp-snooping configuration
Syntax
display igmp-snooping configuration
View
Any view
Parameter
None
Description
Using display igmp-snooping configuration command, you can view the IGMP
Snooping configuration information.
This command is used to display the IGMP Snooping configuration information of the
switch. The information displayed includes whether IGMP Snooping is enabled, router
port timeout, maximum response timeout of a query and the member port timeout.
For the related command, see igmp-snooping.
Example
# Display the IGMP Snooping configuration information of the switch.

<Quidway> display igmp-snooping configuration
Enable IGMP-Snooping.
The router port timeout is 300 second(s).
The max response timeout is 50 second(s).
The member port timeout is 500 second(s).
2-1
The information above tells us that: IGMP Snooping is enabled; the router port timer is
set to be 300 seconds; the max response timer is set to be 50 seconds; the aging timer
of multicast group member is set to be 500 seconds.
2.1.2 display igmp-snooping group
Syntax
display igmp-snooping group [ vlan vlanid ]
View
Any view
Parameter
vlan vlanid: Specifies the VLAN where the multicast group to be viewed is located.
When the parameter is omitted, the command will display the information about all the
multicast groups on the VLAN.
Description
Using display igmp-snooping group command, you can view the IP multicast groups
and MAC multicast groups under VLAN.
This command displays the IP multicast group and MAC multicast group information of
a VLAN or all the VLAN where the Ethernet switch is located. It displays the information
such as VLAN ID, router port, IP multicast group address, member ports in the IP
multicast group, MAC multicast group, MAC multicast group address, and the member
ports in the MAC multicast group.
Example
# Display the multicast group information about VLAN2.

<Quidway> display igmp-snooping group vlan 2
***************Multicast group table***************
Vlan(id):2.
Router port(s):Ethernet0/1
IP group(s):the following ip group(s) match to one mac group.
IP group address:230.45.45.1
Member port(s):Ethernet0/12
MAC group(s):
MAC group address:01-00-5e-2d-2d-01
Member port(s):Ethernet0/12
We can know from the information listed above that :

z There is a multicast group in VLAN 2;
z The router port is Ethernet 0/1;
2-2
z The address of the multicast group is 230.45.45.1;

z The member of the IP multicast group is Ethernet 0/12;
z MAC multicast group is 0100-5e2d-2d01;
z The member of the MAC multicast group is Ethernet 0/12.
2.1.3 display igmp-snooping statistics
Syntax
display igmp-snooping statistics
View
Any view
Parameter
None
Description
Using display igmp-snooping statistics command, you can view the statistics
information on IGMP Snooping.
This command displays the statistics information about IGMP Snooping of Ethernet
switch. It displays the information such as number of received general IGMP query
packets, received IGMP specific query packets, received IGMP Version 1 and Version 2
report packets, received IGMP leave packets and error packets, and sent IGMP
specific query packets.
Example
# Display statistics information about IGMP Snooping.

<Quidway> display igmp-snooping statistics
Received IGMP general query packet(s) number:0.
Received IGMP specific query packet(s) number:0.
Received IGMP V1 report packet(s) number:0.
Received IGMP V2 report packet(s) number:0.
Received IGMP leave packet(s) number:0.
Received error IGMP packet(s) number:0.
Sent IGMP specific query packet(s) number:0.
2.1.4 igmp-snooping
Syntax
igmp-snooping { enable | disable }
2-3
undo igmp-snooping
View
System view
Parameter
enable: Enable IGMP Snooping.

disable: Disables IGMP Snooping; By default, the switch disables IGMP Snooping
feature.
Description
Using igmp-snooping command, you can enable/disable IGMP Snooping. Using

undo igmp-snooping command, you can restore the default setting.
This command is used to enable or disable IGMP Snooping on the switch.
Example
# Enable IGMP Snooping.

[Quidway] igmp-snooping enable
2.1.5 igmp-snooping fast-leave
Syntax
igmp-snooping fast-leave
undo igmp-snooping fast-leave
View
Ethernet port view
Parameter
None
Description
Using the igmp-snooping fast-leave command, you can enable the function of fast
removing a port from a multicast group. Using the undo igmp-snooping fast-leave
command, you can cancel this configuration.
By default, the fast remove function is disabled.
Normally, at the receiving of the IGMP Leave packet, igmp-snooping sends out
group-specific query packet instead of directly removing a port from a multicast group.
After waiting for a period of time, if it receives no respond, igmp-snooping then
removes the port form the group. By configuring this command, igmp-snooping
2-4
removes the port from the multicast group directly at receiving the IGMP Leave packet.
The fast remove function saves bandwidth when only one user remaining at the port.
Note that, this function takes effect on condition that the client supports IGMP V2. After
configuring this command, when there are multiple users at one port, the leaving of one
user may cause the loss of multicast service of other users in this group.
Example
# Enable the the fast remove function on Ethernet 0/1.

[Quidway-Ethernet0/1] igmp-snooping fast-leave
2.1.6 igmp-snooping group-limit
Syntax
igmp-snooping group-limit limit

undo igmp-snooping group-limit
View
Ethernet port view
Parameter
limit: The maximum number of multicast groups on a port, in the range of 0 to 1000. The
default value is 1000.
Description
Using igmp-snooping group-limit command, you can set the maximum number of
multicast groups permited on a port. Using undo igmp-snooping group-limit
By default, the maximum number of multicast groups permited on a port is unlimited.
Example
# Set the maximum number of multicast groups permited on Ethernet0/1 is 256.

[Quidway-Ethernet0/1] igmp-snooping group-limit 256
2.1.7 igmp-snooping group-policy
Syntax
igmp-snooping group-policy acl_number vlan vlanid

undo igmp-snooping group-policy vlan vlanid
View
Ethernet port view
2-5
Parameter
acl_number: Number of basic access control list, in the range of 2000 to 2999.
vlanid: ID of VLAN to which the ethernet port belongs, ranging from 1 to 4094.
Description
Using igmp-snooping group-policy command, you can set the filtering of IGMP
Snooping to control the accessing to the multicast group. Using undo igmp-snooping
group-policy command, you can cancel the configured filtering.
By default, no filtering is configured on the switch.
IGMP snooping filter function can limit the programs that users can order, by
configuring some multicast filtering ACLs for users on the different switch ports, so that
different users can order different program sets.
In practice, when ordering a multicast program set, the user originates an IGMP report
packet. Upon receiving the packet, the switch first compares it against the multicast
ACLs configured on the inbound port. If allowed, the switch then adds the port to the
forward port list of the multicast group; otherwise, it drops the IGMP report packet and
no data flow then will be sent to this port. Thus the switch can control users’ multicast
program ordering.
User-defined ACL rule is a multicast address or multicast address range (224.0.0.1 to
239.255.255.255)
z If the rule is set as permit, the port can be added to the groups contained in the
permitted ACL range, but not to the groups outside the permitted ACL range.
z If the rule is set as deny and no other ACL is set as permit, the port cannot be
added to the groups within the denied ACL range, nor to the groups outside the
denied ACL range.
Note:
z Each VLAN of each port can only be configured with one ACL rule.
z If no ACL rule is configured or the configured port doesn’t belong to the specified
VLAN, the filtering configured by this command will not take effect.
z Most devices just broadcast unknown multicast packets, s o to prevent the case
where multicast data flow is sent as unknown multicast packets to the filtered ports,
this function is generally configured in combination with the unknown multicast
dropping function.
For the related command, see unknown-multicast drop enable.
2-6
Example
# Configure ACL 2000 to permit the accessing to multicast group

225.0.0.0~225.255.255.255.
z Configure ACL
z Create VLAN 2, and add Ethernet 0/1 to it.
[Quidway] vlan 2
[Quidway-vlan2] port Ethernet 0/1
z Set the filtering of IGMP Snooping Report packets applied to ACL 2000 of VLAN 2
on Ethernet 0/1.
[Quidway] interface Ethernet 0/1
[Quidway-Ethernet0/1] igmp-snooping group-policy 2000 vlan 2
# Configure ACL 2001 to deny the accessing to multicast group

225.0.0.0~225.255.255.255 and permit the accessing outside the range.
z Configure ACL
[Quidway-acl-basic-2001] rule deny source 225.0.0.0 0.0.0.255
[Quidway-acl-basic-2001] rule permint source any
z Create VLAN 2, and add Ethernet 0/2 to it.
[Quidway] vlan 2
[Quidway-vlan2] port Ethernet 0/2
z Set the filtering of IGMP Snooping Report packets applied to ACL 2001 of VLAN 2
on Ethernet 0/2.
[Quidway-Ethernet0/2] igmp-snooping group-policy 2001 vlan 2
2.1.8 igmp-snooping host-aging-time
Syntax
igmp-snooping host-aging-time seconds

undo igmp-snooping host-aging-time
View
System view
Parameter
seconds: Specifies the port aging time of the multicast group member, ranging from 200
to 1000 and measured in seconds; By default, 260.
2-7
Description
Using igmp-snooping host-aging-time command, you can configure the port aging
time of the multicast group members. Using undo igmp-snooping host-aging-time
This command is used to set the aging time of the multicast group member so that the
refresh frequency can be controlled. When the group members change frequently, the
aging time should be comparatively short, and vice versa.
Example
# Set the aging time to 300 seconds.

[Quidway] igmp-snooping host-aging-time 300
2.1.9 igmp-snooping max-response-time
Syntax
igmp-snooping max-response-time seconds

undo igmp-snooping max-response-time
View
System view
Parameter
seconds: Maximum response time for a query ranging from 1 to 100 and measured in
seconds; By default, 10.
Description
Using igmp-snooping max-response-time command, you can configure the

maximum response time for a query. Using undo igmp-snooping
max-response-time command, you can restore the default value.
The set maximum response time decides the time limit for the switch to respond to
IGMP Snooping general query packets.
For the related command, see igmp-snooping, igmp-snooping router-aging-time.
Example
# Configure to respond the IGMP Snooping packet within 50s.

[Quidway] igmp-snooping max-response-time 50
2-8
2.1.10 igmp-snooping router-aging-time
Syntax
igmp-snooping router-aging-time seconds

undo igmp-snooping router-aging-time
View
System view
Parameter
seconds: Specifies the router port aging time, ranging from 130 to 1000 measured in
seconds; By default, 260.
Description
Using igmp-snooping router-aging-time command, you can configure the router port
aging time of IGMP Snooping. Using undo igmp-snooping router-aging-time
The port here refers to the Ethernet switch port connected to the router. The Layer-2
Ethernet switch receives general query packets from the router via this port. The timer
should be set to about 2.5 times of the general query period of the router.
For the related command, see igmp-snooping, igmp-snooping
max-response-time.
Example
# Set the aging time of the IGMP Snooping router port to 500 seconds.
[Quidway] igmp-snooping router-aging-time 500
2.1.11 reset igmp-snooping statistics
Syntax
reset igmp-snooping statistics
View
User view
Parameter
None
Description
Using reset igmp-snooping statistics command, you can reset the IGMP Snooping
statistics information.
2-9
Example
# Clear IGMP Snooping statistics information.

<Quidway> reset igmp-snooping statistics
2-10
Quidway S3500 Series Ethernet Switches Chapter 3 Multicast Common Configuration Commands
Chapter 3 Multicast Common Configuration

Commands
3.1 Multicast Common Configuration Commands

3.1.1 debugging multicast forwarding
Syntax
debugging multicast forwarding

undo debugging multicast forwarding
View
User view
Parameter
None
Description
Using debugging multicast forwarding command, you can enable multicast packet
forwarding debugging functions. Using undo debugging multicast forwarding
command, you can disable the debugging functions.
By default, the debugging function is disabled.
Example
# Enable multicast packet forwarding debugging functions.

<Quidway> debugging multicast forwarding
3.1.2 debugging multicast kernel-routing
Syntax
debugging multicast kernel-routing

undo debugging multicast kernel-routing
View
User view
Parameter
None
3-1
Description
Using debugging multicast kernel-routing command, you can enable multicast

kernel routing debugging functions. Using undo debugging multicast kernel-routing
command, you can disable the debugging functions.
Example
# Enable multicast kernel routing debugging functions.

<Quidway> debugging multicast kernel-routing
3.1.3 debugging multicast status-forwarding
Syntax
debugging multicast status-forwarding

undo debugging multicast status-forwarding
View
User view
Parameter
None
Description
Using debugging multicast status-forwarding command, you can enable multicast

forwarding status debugging functions. Using undo debugging multicast
status-forwarding command, you can disable the debugging functions.
Example
# Enable multicast forwarding status debugging functions.

<Quidway> debugging multicast status-forwarding
3.1.4 display multicast forwarding-table
Syntax
display multicast forwarding-table [ group-address [ mask { mask | mask-length } ] |

source-address [ mask { mask | mask-length } ] | incoming-interface { interface-type
interface-number | register } ]*
View
Any view
3-2
Parameter
group-address: Multicast group address, used to specify a multicast group, ranging

from 224.0.0.0 to 239.255.255.255.
source-address: Unicast IP address of the multicast source.
incoming-interface: Incoming interface of the multicast forwarding table.
interface-type interface-number: Specifies the interface.
register: Register interface of PIM-SM.
Description
Using display multicast forwarding-table command, you can view the information of
IP multicast forwarding table.
For the related command, see display multicast routing-table.
Example
# View the multicast forwarding table information.

[Quidway] display multicast forwarding-table
Multicast Forwarding Cache Table
Total 2 entries
00001. (4.4.4.4, 224.2.254.84), iif Vlan-interface1, 0 oifs

Matched 240 pkts(11288 bytes), Wrong If 0 pkts
Forwarded 232 pkts(11288 bytes)
00002. (4.4.4.4, 224.2.149.17), iif Vlan-interface1, 1 oifs

List of outgoing interface:
01: Vlan-interface2
Matched 236 pkts(3267 bytes), Wrong If 0 pkts
Forwarded 233 pkts(3267 bytes)
Matched 2 entries
Table 3-1 Description of information generated by the command display multicast

forwarding-table
Field Description
Multicast Forwarding Cache Table Multicast forwarding cache table
Total 2 entries Total number of entries
00002 Sequence number of entries
(4.4.4.4, 224.2.149.17) (s,g)
3-3
Field Description
Multicast forwarding cache table has an
iif Vlan-interface1, 1 oifs incoming interface Vlan-interface 1 and one
outgoing interface
List of outgoing interface: List of outgoing interface has an outgoing

01: Vlan-interface2 interface Vlan-interface 2
Matched 236 pkts(3267 bytes),

Wrong If 0 pkts 236 matched packets (3267 bytes); 0
matched packets means wrong; 233
Forwarded 233 pkts(3267 forwarded packets (3267 bytes)
bytes)
Matched 2 entries 2 matched entries
3.1.5 display multicast routing-table
Syntax
display multicast routing-table [ group-address [ mask { mask | mask-length } ] |

source-address [ mask { mask | mask-length } ] | incoming-interface { interface-type
interface-number | register } ]*
View
Any view
Parameter
group-address: Multicast group address, used to specify a multicast group and display
the corresponding routing table information of the group. The value ranges from
224.0.0.0 to 239.255.255.255.
source-address: Unicast IP address of the multicast source.
incoming-interface: Incoming interface of the multicast route entry.
interface-type interface-number: Specifies the interface.
register: Register interface of PIM-SM.
Description
Using display multicast routing-table command, you can view the information of IP
multicast routing table.
This command displays the multicast routing table information, while the display
multicast forwarding-table command displays the multicast forwarding table
information.
3-4
Example
# View the route entry information in the multicast routing table.

[Quidway] display multicast routing-table
Multicast Routing Table
Total 3 entries
(4.4.4.4, 224.2.149.17)
Uptime: 00:15:16, Timeout in 272 sec
Upstream interface: Vlan-interface1(4.4.4.6)
Downstream interface list:
Vlan-interface2(2.2.2.4), Protocol 0x1: IGMP
(4.4.4.4, 224.2.254.84)
Downstream interface list: NULL
(4.4.4.4, 239.255.2.2)
Matched 3 entries
Table 3-2 Description of information generated by the command display multicast

routing-table
Field Description
Multicast Routing Table Multicast routing table
Total 3 entries 3 entries in total
(4.4.4.4, 224.2.149.17) (s, g)
Multicast routing table lasts 15’16” and
Uptime: 00:15:16, Timeout in 272 sec times out in 272 seconds.
Upstream interface: Upstream interface vlan-interface 1 (its
Vlan-interface1(4.4.4.6) IP address is 4.4.4.6).
Downstream interface list: Downstream interface list: has an
Vlan-interface2(2.2.2.4), Protocol interface Vlan-interface 2 (its IP address
0x1: IGMP is 2.2.2.4). The downstream interface is
configured with IGMP groups.
Matched 3 entries 3 entries in total meeting the requirement
3-5
3.1.6 display multicast vif
Syntax
display multicast vif
View
Any view
Parameter
None
Description
Using display multicast vif command, you can view the virtual interface information
for multicast.
Example
# View virtual interface information for multicast.

[Quidway] display multicast vif
1. Interface: Register, TTL:1, LclAddr:127.0.0.2, RmtAddr:127.0.0.3
In 0 pkts(0 bytes), Out 0 pkts(0 bytes)
2. Interface:Vlan-interface1, TTL:1, LclAddr:4.4.4.6, RmtAddr:0.0.0.0
3. Interface:Vlan-interface2, TTL:1, LclAddr:2.2.2.4, RmtAddr:0.0.0.0
Total 3 multicast vif(s)
Table 3-3 Description of information generated by the command display multicast vif
Field Description
Interface:Vlan-interface1, TTL:1, Multicast virtual interface Vlan-interface 1,
LclAddr:4.4.4.6, RmtAddr:0.0.0.0 (IP address 4.4.4.6)
In 16 pkts(18691 bytes), Out 0 pkts(0 16 received packets (18691 bytes); 0

bytes) forwarded packets (0 bytes)
3.1.7 multicast routing-enable
Syntax
multicast routing-enable
undo multicast routing-enable
3-6
View
System view
Parameter
None
Description
Using multicast routing-enable command, you can enable IP multicast routing. Using
undo multicast routing-enable command, you can disable IP multicast routing.
By default, IP multicast routing is disabled.
For the related commands, see pim dm and pim sm.
Example
# Enable IP multicast routing.

[Quidway] multicast routing-enable
3-7
Quidway S3500 Series Ethernet Switches Chapter 4 IGMP Configuration Commands
Chapter 4 IGMP Configuration Commands
4.1 IGMP Configuration Commands

4.1.1 debugging igmp
Syntax
debugging igmp { all | event | host | packet | mpm | timer }

undo debugging igmp { all | event | host | packet | mpm | timer }
View
User view
Parameter
all: all the debugging information of IGMP.

event: debugging information of IGMP event.
host: debugging information of IGMP host.
packet: debugging information of IGMP packets.
mpm: debugging information of IGMP multicast port management.
timer: debugging information of IGMP timers.
Description
Using debugging igmp command, you can enable IGMP debugging functions. Using
undo debugging igmp command, you can disable the debugging functions.
By default, IGMP debugging functions are disabled.
Example
# Enable all IGMP debugging functions

<Quidway> debugging igmp all
4.1.2 display igmp group
Syntax
display igmp group [ group-address | interface interface-type interface-number ]
View
Any view
4-1
Parameter
group-address: Address of the multicast group.

interface-type interface-number: Interface type and interface number of the router,
used to specify the specific interface.
Description
Using display igmp group command, you can view the member information of the
IGMP multicast group.
You can specify to show the information of a group or the member information of the
multicast group on an interface. The information displayed contains the multicast
groups which are joined by the downstream hosts through IGMP or through command
line.
For the related command, see igmp host-join.
Example
# View the member information of multicast group in the system.

<Quidway> display igmp group
LoopBack0 (20.20.20.20): Total 3 IGMP Groups reported:
Group Address Last Reporter Uptime Expires
225.1.1.1 20.20.20.20 00:02:04 00:01:15
225.1.1.3 20.20.20.20 00:02:04 00:01:15
225.1.1.2 20.20.20.20 00:02:04 00:01:17
Table 4-1 Output description of the display igmp group command
Field Description
Group address Multicast group address
Last Reporter The last host reporting to join in the multicast group
Uptime Time passed since multicast group is discovered (hh: mm: ss).
Specifies when the member will be removed from the multicast

Expires
group (hh: mm: ss).
4.1.3 display igmp interface
Syntax
display igmp interface [ interface-type interface-number ]
View
Any view
4-2
Parameter
interface-type interface-number: Interface type and interface number of the router,

used to specify the interface. If the parameters are omitted, information about all the
interfaces running IGMP will be displayed.
Description
Using display igmp interface command, you can view the IGMP configuration and
running information on an interface.
Example
# View the IGMP configuration and running information of all interfaces.

<Quidway> display igmp interface
VLAN-interface1:
IGMP is enabled on interface
Current IGMP version is 2
IGMP query interval is 60 seconds
IGMP querier timeout is 120 seconds
IGMP max query response time is 10 seconds
IGMP querying router is 10.110.91.129
No IGMP group reported
4.1.4 display igmp port
Syntax
display igmp port port-number [ vlan vlan-id ]
View
Any view
Parameter
port port-number: Specifies IGMP port number.

vlan vlan-id: Specifies the native VLAN ID of the port.
Description
Using display igmp port command, you can view the configuration information about
the multicast on the port.
If no parameter is specified, this command displays the information of all the ports. The
IGMP configuration information of all the ports will be displayed.
For the related command, see igmp host-join, igmp group-policy.
4-3
Example
# View the IGMP configuration and running information of Ethernet 0/1

[Quidway] display igmp port Ethernet 0/1
Ethernet0/1:
Vlan-interface2:
IGMP groups joined:
224.2.149.17
Table 4-2 Description of information generated by the command display igmp port
Field Description
Ethernet0/1: Port number: Ethernet0/1
Vlan-interface2: The port uses the virtual interface Vlan-interface2
IGMP groups joined: The port with an address 224.2.149.17 reports joining
224.2.149.17 IGMP group
4.1.5 igmp group-policy
Syntax
igmp group-policy acl-number [ 1 | 2 | port { interface_type interface_ num |

interface_name } [ to { interface_type interface_ num | interface_name } ] ]
undo igmp group-policy [ port { interface_type interface_ num | interface_name } [ to
{ interface_type interface_ num | interface_name } ] ]
View
Interface View
Parameter
acl-number: Number of the basic IP access control list number, defining a multicast
group range. The value ranges from 2000 to 2999.
1: IGMP version 1.
2: IGMP version 2. If IGMP version is not specified, version 2 will be used as default.
port: Packets received and sent by the port(s) and applied to the conditions set by the
ACL will be filtered. And the port(s) must belong to the VLAN interface being configured
by this command.
Description
Using igmp group-policy command, you can set the filter of multicast groups on an
interface to control the accessing to the IP multicast groups. Using undo igmp
group-policy command, you can remove the filter configured.
4-4
By default, no filter is configured, that is, a host can join any multicast group.
If you do not want the hosts on the network that the interface is on to join some
multicast groups and receive the packets from the multicast groups, you can use this
command to limit the range of the multicast groups serviced by the interface.
For the related command, see igmp host-join.
Example
# Configure the access-list 2000.

# Configure that only the hosts contained in the access-list 2000 connected to the
VLAN-interface10 can be added to the multicast group, which is configured to use
IGMP version 2.
[Quidway-Vlan-interface10] igmp group-policy 2000 2
4.1.6 igmp group-policy vlan
Syntax
igmp group-policy acl-number vlan vlanid

undo igmp group-policy vlan vlanid
View
Ethernet port view
Parameter
acl-number: Number of the basic IP access control list number, defining a multicast
group range. The value ranges from 2000 to 2999.
vlanid: Specify the ID for the VLAN to which the port belongs.
Description
Using igmp group-policy vlan command, you can set the filter of multicast groups on
an port to control the accessing to the IP multicast groups. Using undo igmp
group-policy vlan command, you can remove the configured filter.
By default, no filter is configured, that is, a host can join any multicast group.
This command has the same function with the igmp group-policy command. Note that
the configured port must belong to the specified VLAN, and the IGMP protocol must be
enabled on this port; otherwise, the configuration does not function.
For the related command, see igmp host-join, igmp host-join vlan, igmp host-join
port.
4-5
Example
# Configure that only the hosts contained in the access-list 2000 connected to the port
Ethernet0/1 in VLAN-interface10 can be added to the multicast group, which is
configured to use IGMP version 2.
[Quidway-Ethernet0/1] igmp group-policy 2000 vlan 10
4.1.7 igmp host-join
Syntax
igmp host-join group-address port { interface_type interface_ num | interface_name }

[ to { interface_type interface_ num | interface_name } ]
undo igmp host-join group-address port { interface_type interface_ num |
interface_name } [ to { interface_type interface_ num | interface_name } ]
View
VLAN interface view
Parameter
group-address: Multicast address of the multicast group that an interface will join.
port: Specify the port in the VLAN interface.
Description
Using igmp host-join command, you can enable an port in the VLAN interface of an
ethernet switch to join a multicast group. Using undo igmp host-join command, you
can disable the configuration.
By default, an interface does not join any multicast group.
On an ethernet switch, up to 64 interfaces can be configured with igmp host-join
command at best.
For the related command, see igmp group-policy.
Example
# Add port Ethernet 0/1 in VLAN-interface10 to the multicast group at 225.0.0.1.

[Quidway-Vlan-interface10] igmp host-join 225.0.0.1 port Ethernet 0/1
4.1.8 igmp host-join vlan
Syntax
igmp host-join group-address vlan vlanid

undo igmp host-join group-address vlan vlanid
4-6
View
Ethernet port view
Parameter
group-address: Multicast address of the multicast group that an interface will join.
vlanid: Specifies the ID for the VLAN to which the port belongs.
Description
Using igmp host-join vlan command, you can enable an port in the VLAN interface of
an ethernet switch to join a multicast group. Using undo igmp host-join vlan
command, you can disable the configuration.
By default, a port does not join any multicast group.
This command has the same function with the igmp host-join port command. Note
that the configured port must belong to the specified VLAN, and the IGMP protocol
must be enabled on this VLAN interface; otherwise, the configuration does not function.
For the related command, see igmp host-join port, igmp host-join, igmp
group-policy.
Example
# Add port Ethernet 0/1 in VLAN-interface10 to the multicast group at 225.0.0.1.

[Quidway-Vlan-interface10] igmp enable
[Quidway-Vlan-interface10] quit
[Quidway-Ethernet0/1] port access vlan 10
[Quidway-Ethernet0/1] igmp host-join 225.0.0.1 vlan 10
4.1.9 igmp max-response-time
Syntax
igmp max-response-time seconds

undo igmp max-response-time
View
Interface view
Parameter
seconds: Maximum response time in the IGMP query messages in second in the range
from 1 to 25. By default, the value is 10 seconds.
4-7
Description
Using igmp max-response-time command, you can configure the maximum response
time contained in the IGMP query messages. Using undo igmp max-response-time
The maximum query response time determines the period for a router to quickly detect
that there are no more directly connected group members in a LAN.
For the related command, see display igmp group.
Example
# Set the maximum response time carried in host-query message to 8 seconds.

[Quidway-Vlan-interface10] igmp max-response-time 8
4.1.10 igmp timer other-querier-present
Syntax
igmp timer other-querier-present seconds

undo igmp timer other-querier-present
View
Interface view
Parameter
seconds: IGMP querier present timer value in second ranging from 60 to 300. By
default, the value is twice the value of IGMP query message interval, i.e., 120 seconds.
Description
Using igmp timer other-querier-present command, you can configure the timer of
presence of the IGMP querier. Using undo igmp timer other-querier-present
On a shared network, i.e., there are multiple multicast routers on the same network
segment, the query router (querier for short) takes charge of sending query messages
periodically on the interface. If other non-queriers receive no query messages within
the valid period, the router will consider the previous query to be invalid and the router
itself becomes a querier.
In IGMP version 1, the selection of a query is determined by the multicast routing
protocol. In IGMP version 2, the router with the lowest IP address on the shared
network segment acts as the querier.
For the related commands, see igmp timer query and display igmp interface.
4-8
Example
# Set querier to expire after 300 seconds.

[Quidway-Vlan-interface10] igmp timer other-querier-present 300
4.1.11 igmp timer query
Syntax
igmp timer query seconds

undo igmp timer query
View
Interface view
Parameter
seconds: Interval at which a router transmits IGMP query messages in second in the
range from 1 to 65535. By default, the value is 60 seconds.
Description
Using igmp timer query command, you can configure the interval at which a router
interface sends IGMP query messages. Using undo igmp timer query command, you
can restore the default value.
A multicast router periodically sends out IGMP query messages to attached segments
to find hosts that belong to different multicast groups. The query interval can be
modified according to the practical conditions of the network.
For the related command, see igmp timer other-querier-present.
Example
# Configure to transmit the host-query message every 60 seconds via

VLAN-interface2.
[Quidway-Vlan-interface2] igmp timer query 60
4.1.12 igmp version
Syntax
igmp version { 1 | 2 }
undo igmp version
View
Interface view
4-9
Parameter
1: IGMP Version 1.
2: IGMP Version 2. By default, IGMP Version 2 is used.
Description
Using igmp version command, you can specify the version of IGMP that a router uses.
Using undo igmp version command, you can restore the default value.
All routers on a subnet must support the same version of IGMP. After detecting the
presence of IGMP Version 1 system, a router cannot automatically switch to Version 1.
Example
# Run IGMP Version 1 on VLAN-interface10.

[Quidway-Vlan-interface10] igmp version 1
4-10
Quidway S3500 Series Ethernet Switches Chapter 5 PIM Configuration Commands
Chapter 5 PIM Configuration Commands
5.1 PIM Configuration Commands

5.1.1 c-bsr
Syntax
c-bsr interface interface-type interface-number hash-mask-len [ priority ]

undo c-bsr
View
PIM view
Parameter
interface-type interface-number: Specifies the interface. The candidate BSR is

configured on the interface. PIM-SM must be enabled on the interface first.
hash-mask-len: Length of the mask. The value ranges from 0 to 32.
priority: Priority of the candidate BSR. The larger the value of the priority, the higher the
priority of the BSR. The value ranges from 0 to 255. By default, the priority is 0.
Description
Using c-bsr command, you can configure a candidate BSR. Using undo c-bsr
command, you can remove the candidate BSR configured.
By default, no candidate BSR is set.
When configure the candidate BSR, the larger bandwidth should be guaranteed since a
great amount of information will be exchanged between BSR and other devices in the
PIM domain.
For the related command, see pim sm.
Example
# Configure the Ethernet switch as C-BSR with priority 2 (and the C-BSR address is
designated as the IP address of VLAN-interface10).
[Quidway] pim
[Quidway-pim] c-bsr vlan-interface 10 24 2
5-1
5.1.2 c-rp
Syntax
c-rp interface interface-type interface-number [ group-policy acl-number ]

undo c-rp interface-type interface-number
View
PIM view
Parameter
interface-type interface-number: Specifies the interface with the IP address advertised

as a candidate RP address.
acl-number: Number of the basic ACL that defines a group range, which is the service
range of the advertised RP. The value ranges from 2000 to 2999.
Description
Using c-rp command, you can configure the router to advertise itself as a candidate RP.
Using undo c-rp command, you can remove the configuration.
By default, no candidate RP is configured.
When configuring the candidate RP, a relatively large bandwidth should be reserved for
the router and other devices in the PIM domain.
For the related command, see c-bsr.
Example
# Configure the Ethernet switch to advertise the BSR that he is the C-RP in the PIM.
The standard access list 2000 defines the groups related to the RP. The address of
C-RP is designated as the IP address of VLAN-interface10.
[Quidway] pim
[Quidway-pim] c-rp vlan-interface 10 group-policy 2000
5.1.3 debugging pim common
Syntax
debugging pim common { all | event | packet | timer }

undo debugging pim common { all | event | packet | timer }
View
User view
5-2
Parameter
all: all the common debugging information of PIM.

event: debugging information of common PIM event.
packet: debugging information of PIM hello packet.
timer: debugging information of common PIM timer.
Description
Using debugging pim common command, you can enable common PIM debugging
functions. Using undo debugging pim common command, you can disable the
debugging functions.
By default, common PIM debugging functions are disabled.
Example
# Enable all common PIM debugging functions

<Quidway> debugging pim common all
5.1.4 debugging pim dm
Syntax
debugging pim dm { alert | all | mrt | timer | warning | { recv | send } { all | assert |
graft | graft-ack | join | prune } }
undo debugging pim dm { alert | all | mrt | timer | warning | { recv | send } { all |
assert | graft | graft-ack | join | prune } }
View
User view
Parameter
all: all the debugging information of PIM-DM

alert: Interoperation event debugging information of PIM-DM..
mrt: debugging information of PIM-DM multicast routing table.
timer: debugging information of PIM-DM timer.
warning: debugging information of PIM-DM warning message.
recv: debugging information of PIM-DM receiving packets.
send: debugging information of PIM-DM sending packets.
assert | graft | graft-ack | join | prune: packets type.
5-3
Description
Using debugging pim dm command, you can enable PIM-DM debugging functions.
Using undo debugging pim dm command, you can disable the debugging functions.
By default, PIM-DM debugging functions are disabled.
Example
# Enable all PIM-DM debugging functions

<Quidway> debugging pim dm all
5.1.5 debugging pim sm
Syntax
debugging pim sm { all | mbr | verbose | mrt | timer | warning | { recv | send }
{ assert | bootstrap | crpadv | jp | reg | regstop } }
undo debugging pim sm { all | mbr | verbose | mrt | timer | warning | { recv | send }
{ assert | bootstrap | crpadv | jp | reg | regstop } }
View
User view
Parameter
mbr: debugging information of PIM-SM multicast border router event.

verbose: debugging detail information of PIM-SM.
mrt: debugging information of PIM-SM multicast routing table.
timer: debugging information of PIM-SM timer.
warning: debugging information of PIM-SM warning message.
recv: debugging information of PIM-SM receiving packets.
send: debugging information of PIM-SM sending packets.
assert | bootstrap | crpadv | jp | reg | regstop: packets type.
Description
Using debugging pim sm command, you can enable PIM-SM debugging functions.
Using undo debugging pim sm command, you can disable the debugging functions.
By default, PIM-SM debugging functions are disabled.
Example
# Enable all PIM-SM debugging functions

<Quidway> debugging pim sm all
5-4
5.1.6 display pim bsr-info
Syntax
display pim bsr-info
View
Any view
Parameter
None
Description
Using display pim bsr-info command, you can view the BSR information.
For the related commands, see c-bsr and c-rp.
Example
<Quidway> display pim bsr-info

Current BSR Address: 20.20.20.30
Priority: 0
Mask Length: 30
Expires: 00:01:55
Local host is BSR
Table 5-1 Output description of the display pim bsr-info command
Field Description
BSR Boot trap router
Priority Priority of BSR
Mask Length: 30 Length of mask

Expires: 00:01:55 Expire time
5.1.7 display pim interface
Syntax
display pim interface [ interface interface-type interface-number ]
View
Any view
5-5
Parameter
interface-type interface-number: Interface type and interface number, used to specify

the interface.
Description
Using display pim interface command, you can view the PIM interface configuration
information.
Example
<Quidway> display pim interface

PIM information of VLAN-interface 2:
IP address of the interface is 10.10.1.20
PIM is enabled on interface
PIM version is 2
PIM mode is Sparse
PIM query interval is 30 seconds
Total 1 PIM neighbor on interface
PIM DR(designated router) is 10.10.1.20
Table 5-2 Output description of the display pim interface command
Field Description
PIM version Version of PIM
PIM mode PIM mode enabled on the interface (DM or SM)
PIM query interval Hello packet interval

PIM DR Designated router
5.1.8 display pim neighbor
Syntax
display pim neighbor [ interface interface-type interface-number ]
View
Any view
Parameter
interface-type interface-number: Interface type and interface number, used to specify

the interface.
5-6
Description
Using display pim neighbor command, you can view the PIM neighbor information.
Example
<Quidway> display pim neighbor

Neighbor’s Address Interface Name Uptime Expires
8.8.8.6 VLAN-interface1 1637 89
Table 5-3 Output description about PIM neighbors
Field Description
Neighbor Address Neighbor address
Interface Interface where the neighbor has been discovered
Uptime Time passed since the multicast group has been discovered
Expires Specifies when the member will be removed from the group
5.1.9 display pim routing-table
Syntax
display pim routing-table [ { { *g [ group-address [ mask { mask-length | mask } ] ] |

**rp [ rp-address [ mask { mask-length | mask } ] ] } | { group-address [ mask
{ mask-length | mask } ] | source-address [ mask { mask-length | mask } ] } * } |
incoming-interface { interface-type interface-number | null } | { dense-mode |
sparse-mode } ] *
View
Any view
Parameter
**rp: (*, *, RP) route entry.

*g: (*, G) route entry.
group-address: Address of the multicast group.
source-address: IP address of the multicast source.
incoming-interface interface-type interface-number: Route entry with the specified
incoming interface.
null: Specifies the incoming interface type as Null.
dense-mode: Specifies the multicast routing protocol as PIM-DM.
sparse-mode: Specifies the multicast routing protocol as PIM-SM.
5-7
Description
Using display pim routing-table command, you can view the contents of the PIM
multicast routing table.
For the related command, see display multicast routing-table.
Example
# View the contents of the PIM multicast routing table on the router.
<Quidway> display pim routing-table
PIM-SM Routing Table
Total 0 (*,*,RP)entry, 0 (*,G)entry, 2 (S,G)entries
(192.168.1.2, 224.2.178.130),
Protocol 0x20: PIMSM, Flag 0x4: SPT
UpTime: 23:59, Timeout after 196 seconds
Upstream interface: VLAN-interface2, RPF neighbor: NULL
(192.168.1.2, 224.2.181.90),
Protocol 0x20: PIMSM, Flag 0x4: SPT
UpTime: 23:59, Timeout after 196 seconds
Upstream interface: VLAN-interface2, RPF neighbor: NULL
Total 2 entries listed
Table 5-4 Output description about PIM routing table
Field Description
RP Rendezvous Point
(S,G) (source address, multicast group)
PIM-SM PIM Sparse Mode
SPT Shortest Path Tree

RPF Reverse Path Forwarding
5.1.10 display pim rp-info
Syntax
display pim rp-info [ group-address ]
5-8
View
Any view
Parameter
group-address: Specify the group address to display. If no multicast group is specified,

the RP information about all multicast groups will be displayed.
Description
Using display pim rp-info command, you can view the RP information of multicast
group.
In addition, this command can also display the BSR and static RP information.
Example
# View the RP information of multicast group

[Quidway] display pim rp-info
PIM-SM RP-SET information:
BSR is: 4.4.4.6
Group/MaskLen: 224.0.0.0/4
RP 4.4.4.6
Version: 2
Priority: 0
Uptime: 00:39:50
Expires: 00:01:40
5.1.11 pim
Syntax
pim
undo pim
View
System view
Parameter
None
Description
Using pim command, you can enter the PIM view. Using undo pim command, you can
clear the configurations in PIM view.
5-9
Example
# Enable multicast and enter the PIM view.

[Quidway] pim
[Quidway-pim]
5.1.12 pim bsr-boundary
Syntax
pim bsr-boundary
undo pim bsr-boundary
View
Interface view
Parameter
None
Description
Using pim bsr-boundary command, you can configure an interface to be the PIM
domain border. Using undo pim bsr-boundary command, you can remove the border.
You can use this command to set border of bootstraps messages, that is to say,
bootstrap messages cannot pass interfaces that are configured with pim
bsr-boundary command while other PIM messages can. In this way, the network is
divided into different BSR domains.
By default, no domain border is set.
For the related command, see c-bsr.
Example
# Configure domain border on VLAN-interface10.

[Quidway-Vlan-interface10] pim bsr-boundary
5.1.13 pim dm
Syntax
pim dm
undo pim dm
5-10
View
Interface view
Parameter
None
Description
Using pim dm command, you can enable PIM-DM. Using undo pim dm command,
you can disable PIM-DM.
By default, PIM-DM is disabled.
Once enabled PIM-DM on an interface, PIM-SM cannot be enabled on the same
interface and vice versa.
Example
# Enable PIM DM on VLAN-interface10 of the Ethernet switch.

[Quidway-Vlan-interface10] pim dm
5.1.14 pim sm
Syntax
pim sm
undo pim sm
View
Interface view
Parameter
None
Description
Using pim sm command, you can enable the PIM-SM protocol on an interface. Using
undo pim sm command, you can disable the PIM-SM protocol.
By default, PIM-SM is disabled.
Once enabled PIM-SM on an interface, PIM-DM cannot be enabled on the same
interface and vice versa.
Example
# Enable PIM-SM on VLAN-interface10.

[Quidway-Vlan-interface10] pim sm
5-11
5.1.15 pim timer hello
Syntax
pim timer hello seconds

undo pim timer hello
View
Interface view
Parameter
seconds: Interval of sending Hello messages in second ranging from 1 to 18000. By

default, the interval value is 30 seconds.
Description
Using pim timer hello command, you can configure the interval of sending PIM router
Hello messages. Using undo pim timer hello command, you can restore the default
value.
Example
# Configure to transmit Hello packet via VLAN-interface10 every 40 seconds.

[Quidway-Vlan-interface10] pim timer hello 40
5.1.16 register-policy
Syntax
register-policy acl-number
undo register-policy
View
PIM view
Parameter
acl-number: Number of IP advanced ACL, defining the rule of filtering the source and
group addresses. The value ranges from 3000 to 3999.
Description
Using register-policy command, you can configure a RP to filter the register

messages sent by the DR in the PIM-SM network and to accept the specified
messages only. Using undo register-policy command, you can remove the
configured message filtering.
5-12
Example
# If the local device is the RP in the network, using the following command can only
accept multicast message register of the source sending multicast address in the range
of 225.1.0.0/16 on network segment 10.10.0.0/16.
[Quidway-acl-adv-3010] rule permit ip source 10.10.0.0 0.0.255.255
destination 225.1.0.0 0.0.255.255
[Quidway-acl-adv-3010] quit
[Quidway] pim
[Quidway-pim] register-policy 3010
5.1.17 spt-switch-threshold
Syntax
spt-switch-threshold { traffic-rate | infinity } [ group-policy acl-number ]

undo spt-switch-threshold { traffic-rate | infinity } [ group-policy acl-number ]
View
PIM view
Parameter
traffic-rate: Indicate switch rate threshold from RPT to SPT in Kbps. By default, the
switch threshold value is 0, i.e., switching starts when the RPT receives the first data
packet.
infinity: Indicate never to switch to SPT.
acl-number: Number of the IP basic ACL, defining a group of multicast ranges. The
value ranges from 2000 to 2999.
Description
Using spt-switch-threshold command, you can set the packet rate threshold when the
PIM leaf router switches from the RPT to the SPT. Using undo spt-switch-threshold
command, you can restore the default setting.
Example
# Configure the threshold for switching from RPT to source SPT as 0kbps.
[Quidway] pim
[Quidway-pim] spt-switch-threshold 0
5-13
5.1.18 static-rp
Syntax
static-rp rp-address [ acl-number ]

undo static-rp
View
PIM view
Parameter
rp-address: Static RP address, only being legal unicast IP address.

acl-number: Basic ACL, used to control the range of multicast group served by static RP,
which ranges from 2000 to 2999. If an ACL is not specified upon configuration, static
RP will serve all multicast groups; if an ACL is specified, static RP will only serve the
multicast group passing the ACL.
Description
Using static-rp command, you can configure static RP. Using undo static-rp
command, you can remove the configuration.
Static RP functions as the backup of dynamic RP so as to improve the network
robusticity. If the RP elected by BSR mechanism is valid, static RP will not work.
All routers in the PIM domain should be configured with this command and be specified
with the same RP address.
The new configuration overwrites the old one if you run the command for a second
time.
For related command, see display pim rp-info.
Example
# Configure 10.110.0.6 as a static RP.

[Quidway] pim
[Quidway-pim] static-rp 10.110.0.6
5-14
Quidway S3500 Series Ethernet Switches Chapter 6 Multicast VLAN Configuration Commands
Chapter 6 Multicast VLAN Configuration

Commands
6.1 Multicast VLAN Configuration Commands

6.1.1 service-type multicast
Syntax
service-type multicast
undo service-type multicast
View
VLAN view
Parameter
None
Description
Use the service-type multicast command to set the current VLAN to multicast VLAN.
Use the undo service-type multicast command to cancel the setting.
By default, no VLAN is a multicast VLAN.
You can configure a multicast VLAN, join related switch ports into this VLAN and enable
the IGMP Snooping function to make users in different VLANs share the same
multicast VLAN. After doing that, multicast streams are transmitted only through the
multicast VLAN, and therefore the bandwidth is saved. Additionally, the absolute
isolation between the multicast VLAN and the user VLANs guarantees the security of
the network.
Example
# Set VLAN 2 to multicast VLAN.

[Quidway] vlan 2
[Quidway-vlan2] service-type multicast
6-1
Quidway S3500 Series Ethernet Switches Chapter 7 Multicast MAC Address Configuration Commands
Chapter 7 Multicast MAC Address Configuration

Commands
7.1 Multicast MAC Address Configuration Commands

7.1.1 mac-address multicast
Syntax
mac-address multicast mac-address interface interface-list vlan vlan_id

undo mac-address multicast { mac-address interface interface-list vlan vlan_id |
[ mac-address ] | [ interface interface-list ] | [ vlan vlan_id ] }
View
System view
Parameter
mac-address: Multicast MAC address.

interface-list: Forwarding port list, in format of interface-list = { { interface-type
interface-num | interface-name } [ to { interface-type interface-num |
interface-name } ] }&<1-10>.
vlan_id: Specifies VLAN ID.
Description
Use the mac-address multicast command to add multicast MAC address entries.
Use the undo mac-address multicast command to delete multicast MAC address
entries.
A multicast entry includes multicast address, forwarding port, VLAN etc.
Related command: display mac-address multicast, display mac-address
multicast count.
Example
# Create a multicast MAC address entry on the switch, with its multicast address as
0100-5e0a-0805, forwarding port as Ethernet 1/0/1 and it belonging to VLAN1.
[Quidway] mac-address multicast 0100-5e0a-0805 interface Ethernet 1/0/1 vlan
1
7-1
HUAWEI

Command Manual
QoS/ACL

Command Manual - QoS/ACL
Table of Contents
Chapter 1 ACL Commands........................................................................................................... 1-1

1.1 ACL Configuration Command List of S3526 Series Switches........................................... 1-1
1.1.1 acl............................................................................................................................ 1-1
1.1.2 display acl config ..................................................................................................... 1-3
1.1.3 display acl running-packet-filter all .......................................................................... 1-4
1.1.4 display time-range ................................................................................................... 1-4
1.1.5 packet-filter.............................................................................................................. 1-6
1.1.6 reset acl counter...................................................................................................... 1-7
1.1.7 rule .......................................................................................................................... 1-8
1.1.8 time-range ............................................................................................................. 1-13
1.2 ACL Configuration Command List of S3526E and S3526C ............................................ 1-14
1.2.1 acl.......................................................................................................................... 1-14
1.2.2 display acl config ................................................................................................... 1-16
1.2.3 display acl running-packet-filter all ........................................................................ 1-17
1.2.4 display time-range ................................................................................................. 1-17
1.2.5 packet-filter............................................................................................................ 1-19
1.2.6 reset acl counter.................................................................................................... 1-20
1.2.7 rule ........................................................................................................................ 1-21
1.2.8 time-range ............................................................................................................. 1-24
1.3 ACL Configuration Command List of S3552 Series Switches......................................... 1-25
1.3.1 acl.......................................................................................................................... 1-25
1.3.2 display acl config ................................................................................................... 1-27
1.3.3 display acl running-packet-filter all ........................................................................ 1-28
1.3.4 display flow-template............................................................................................. 1-29
1.3.5 display time-range ................................................................................................. 1-29
1.3.6 flow-template user-defined.................................................................................... 1-31
1.3.7 flow-template user-defined template-info.............................................................. 1-31
1.3.8 packet-filter............................................................................................................ 1-33
1.3.9 reset acl counter.................................................................................................... 1-35
1.3.10 rule ...................................................................................................................... 1-36
1.3.11 time-range ........................................................................................................... 1-39
Chapter 2 QoS Commands........................................................................................................... 2-1

2.1 QoS Configuration Commands List of S3526 Series Switches......................................... 2-1
2.1.1 display qos cos-local-precedence-map................................................................... 2-1
2.1.2 display qos-global all............................................................................................... 2-1
2.1.3 display qos-global mirrored-to................................................................................. 2-3
2.1.4 display qos-global traffic-priority.............................................................................. 2-4
i
2.1.5 display qos-global traffic-statistic ............................................................................ 2-5

2.1.6 display qos-interface queue-scheduler ................................................................... 2-6
2.1.7 mirrored-to............................................................................................................... 2-7
2.1.8 priority...................................................................................................................... 2-8
2.1.9 priority trust.............................................................................................................. 2-8
2.1.10 qos cos-local-precedence-map ............................................................................. 2-9
2.1.11 queue-scheduler ................................................................................................. 2-11
2.1.12 reset traffic-statistic ............................................................................................. 2-12
2.1.13 traffic-priority........................................................................................................ 2-13
2.1.14 traffic-statistic ...................................................................................................... 2-14
2.2 QoS Configuration Commands List of S3526E and S3526C .......................................... 2-15
2.2.1 display qos cos-local-precedence-map................................................................. 2-15
2.2.2 display qos-global all............................................................................................. 2-15
2.2.3 display qos-global mirrored-to............................................................................... 2-17
2.2.4 display qos-global traffic-priority............................................................................ 2-18
2.2.5 display qos-global traffic-redirect .......................................................................... 2-19
2.2.6 display qos-global traffic-statistic .......................................................................... 2-20
2.2.7 display qos-interface all......................................................................................... 2-21
2.2.8 display qos-interface line-rate ............................................................................... 2-22
2.2.9 display qos-interface traffic-limit............................................................................ 2-23
2.2.10 display queue-scheduler ..................................................................................... 2-24
2.2.11 line-rate ............................................................................................................... 2-25
2.2.12 mirrored-to........................................................................................................... 2-25
2.2.13 priority.................................................................................................................. 2-27
2.2.14 priority trust.......................................................................................................... 2-27
2.2.15 qos cos-local-precedence-map ........................................................................... 2-28
2.2.16 queue-scheduler ................................................................................................. 2-30
2.2.18 traffic-limit ............................................................................................................ 2-32
2.2.20 traffic-redirect ...................................................................................................... 2-35
2.3 QoS Configuration Commands of S3552 Series Switches ............................................. 2-37
2.3.1 display mirror......................................................................................................... 2-37
2.3.2 display qos conform-level...................................................................................... 2-38
2.3.3 display qos cos-drop-precedence-map................................................................. 2-39
2.3.4 display qos cos-local-precedence-map................................................................. 2-39
2.3.5 display qos-global all............................................................................................. 2-40
2.3.6 display qos-interface all......................................................................................... 2-40
2.3.7 display qos-interface drop-mode........................................................................... 2-41
2.3.8 display qos-interface queue-scheduler ................................................................. 2-41
2.3.9 display qos-interface traffic-shape ........................................................................ 2-43
ii
2.3.10 display qos-interface mirrored-to......................................................................... 2-43

2.3.11 display qos-interface traffic-limit.......................................................................... 2-44
2.3.12 display qos-interface traffic-priority ..................................................................... 2-44
2.3.13 display qos-interface traffic-redirect .................................................................... 2-45
2.3.14 display qos-interface traffic-statistic .................................................................... 2-45
2.3.15 drop-mode ........................................................................................................... 2-46
2.3.16 dscp..................................................................................................................... 2-46
2.3.17 local-precedence ................................................................................................. 2-48
2.3.18 mirrored-to........................................................................................................... 2-49
2.3.19 mirroring-port....................................................................................................... 2-51
2.3.20 monitor-port ......................................................................................................... 2-52
2.3.21 priority.................................................................................................................. 2-53
2.3.22 priority trust.......................................................................................................... 2-53
2.3.23 qos conform-level................................................................................................ 2-54
2.3.24 qos cos-drop-precedence-map ........................................................................... 2-54
2.3.25 qos cos-local-precedence-map ........................................................................... 2-56
2.3.26 queue .................................................................................................................. 2-58
2.3.27 queue-scheduler ................................................................................................. 2-59
2.3.29 traffic-limit ............................................................................................................ 2-61
2.3.31 traffic-redirect ...................................................................................................... 2-66
2.3.32 traffic-shape......................................................................................................... 2-68
2.3.34 wred..................................................................................................................... 2-71
Chapter 3 Logon user’s ACL control commands ...................................................................... 3-1

3.1 Logon user’s ACL control commands................................................................................ 3-1
3.1.1 acl............................................................................................................................ 3-1
3.1.2 ip http acl ................................................................................................................. 3-1
3.1.3 snmp-agent community........................................................................................... 3-2
3.1.4 snmp-agent group ................................................................................................... 3-3
3.1.5 snmp-agent usm-user ............................................................................................. 3-4
iii
Quidway S3500 Series Ethernet Switches Chapter 1 ACL Commands
Chapter 1 ACL Commands
1.1 ACL Configuration Command List of S3526 Series

Switches
S3526 Series Ethernet Switches include S3526, S3526 FM, and S3526 FS switches.
1.1.1 acl
Syntax
acl { number acl-number | name acl-name [advanced | basic | link ] } [ match-order

{ config | auto } ]
undo acl { number acl-number | name acl-name | all }
View
System view
Parameter
number acl-number: Access list number, ranging from:

2000 to 2999: Basic ACL.
3000 to 3999: Advanced ACL.
4000 to 4999: L2 ACL.
name acl-name: Specifies an access list with a character string, beginning with English
letters [a-z, A-Z] only, excluding space and quotation marks, and not case sensitive.
The all and any keywords are not allowed.
advanced: Advanced ACL..
basic: Basic ACL..
link: L2 ACL..
config: Follow the user configuration order to match ACL rules.
auto: Follow the depth-first order to match ACL rules.
all: Configures to delete all the ACLs (including numbered and named ACLs).
Description
Using acl command, you can configure a numbered or named ACL, and enter the
corresponding ACL view. Using undo acl command, you can cancel all the rules of a
numbered or named ACL or all the ACLs.
By default, the ACLs are matched in config order.
1-1
You can use the acl command to create an ACL and specify its name with “acl-name”
and its type with the keywords “advanced”, ”basic”, ”link”. For both numbered and
named ACL, you can use the rule command to add rules for them after entering ACL
view. (Use the quit command to exit ACL view.) An ACL may contain multiple rules and
the traffic classification rules concern different ranges, which brings forward the issue of
match order when a data packet matches more than one rule.
Using the match-order parameter, you can configure to follow the user configuration
order (as defaulted) or depth-first order (matching the rule with smaller range first) to
match the rules. After specified the match order of an ACL, you cannot change it,
unless delete all its rules and specify the order again. Note that, the match order of ACL
can only be effective in the case ACL is cited by software to filter and classify data.
Due the chips installed, the hardware match order of ACL’s sub-rule is different in
different switch models. The details are listed in the following table.
Table 1-1 Hardware match order of ACL’s sub-rule
Switch Hardware match order of ACL’s sub-rule

An ACL is configured with multiple sub-rules. The deny sub-rules
are matched first, and then are the permit sub-rules. Exact match
mode is used for the permit sub-rules: the sub-rule with the more
accurate range is matched first, for example, ACL 3000 has rule 0
S3526
and rule 1, the definition of rule 0 is “rule 0 permit ip source 1.1.1.1
0.0.255.255 destination 2.2.2.2 0.0.255.255”, the definition of rule 1
is “rule 1 permit ip source 1.1.1.1 0.0.0.255 destination 2.2.2.2
0.0.0.255”, then the rule 1 is more accurate, it will be matched first.
Note:
For S3526 series switches, packet-filter function only supports rules which action is
deny, and other QoS functions such as configure priority marking, configure traffic
mirroring and configure traffic statistics supports rules which action is permit. But in
some case the permit ACL and deny ACL can be matched for the same time. For
example, ACL 3000 has rule 0 and rule 1, rule 0 is deny rule, rule 1 is permit rule.
Packet-filter function cites ACL 100 rule 0, traffic statistics cites ACL 100 rule 1, then
match order is first match the deny rule then permit rule.
For related configurations, refer to the command rule.
Example
# Configure to follow depth-first order to match the rules of ACL 1.

[Quidway] acl number 1 match-order auto
1-2
1.1.2 display acl config
Syntax
display acl config { all | acl-number | acl-name }
View
Any view
Parameter
all: Configures to display all the ACLs (including numbered and named ACLs).
acl-number: Specifies the sequence number of the ACL to be displayed with a number
between 2000 and 3999.
acl-name: Specifies the name of the ACL to be displayed with a character string starting
with English letters ([a-z, A-Z]) only and excluding space or quotation mark.
Description
Using display acl config command, you can view the detail configuration information
about the ACL, including all the statements and sequence numbers and how many
packets and bytes matched these statements. The matched information is the
information treated by switch’s CPU. The matched information of transmitted data can
be displayed by display qos-global traffic-statistic command.
Example
# Display the content of all the ACLs.

<Quidway> display acl config all
Basic ACL 2010, 1 rule,
rule 1 permit 10.0.0.1 0 (0 times matched)

Basic ACL std1, 2 rules,

1-3
Table 1-2 the display Information
Field Description
“Basic ACL” delegates the type of ACL, the type of ACL
Basic ACL 2010, 1 rule, can be “advanced ACL”, “Basic ACL”, “Interface based
rule 1 permit ACL” or “Link ACL”. “2010” indicates the number of ACL
10.0.0.1 0 (0 times ( in this location, it may be the name of the ACL) , “1 rule”
matched) indicates the rule number of the ACL. “ rule 1 permit
10.0.0.1 0 (0 times matched)” indicates the rule’s content
1.1.3 display acl running-packet-filter all
Syntax
display acl running-packet-filter all
View
Any view
Parameter
None
Description
Using display acl running-packet-filter all command, you can view the information
about the running state of the ACL. The displayed information includes ACL name, rule
name and running state.
Example
# Display the ACL running state on all the interfaces.

<Quidway> display acl running-packet-filter all
acl std1 rule 0 running
The display information shows all the activated ACLs of the switch.
1.1.4 display time-range
Syntax
display time-range { all | name }
View
Any view
1-4
Parameter
all: Configures to display all the time range.

name: Specifies the name of the time range.
Description
Using display time-range command, you can view the configuration and status of the
current time range. You will see the active or inactive state outputs respectively.
Note that the system has a delay of about 1 minute when updating the ACL state, while
the display time-range command applies the current time. Therefore when display
time-range displays that a time range is active, the ACL using it may not have been
activated. This is a kind of normal case.
Example
# Display the configuration of all the time ranges.

<Quidway> display time-range all
Current time is 14:36:36 4-3-2003 Thursday
Time-range : hhy ( Inactive )

from 08:30 2-5-2005 to 18:00 2-19-2005
Time-range : hhy1 ( Inactive )

from 08:30 2-5-2003 to 18:00 2-19-2003
Field Description
Current time is 14:36:36 Indicates the current time of the switch (according to
4-3-2003 Thursday the switch setting).
Indicates the name of the time-range. “( Inactive )”

Time-range: hhy ( Inactive ) indicates the status of this time-range is not active at
current time.
from 08:30 2-5-2005 to The content of time-range: the first time is the
18:00 2-19-2005 beginning time , the last time is the ending time.
# Display the time range named tm1.

<Quidway> display time-range tm1
Time-range : tm1 ( Inactive )

from 08:30 2-5-2005 to 18:00 2-19-2005
1-5
Field Description
Current time is 14:36:36 Indicates the current time of the switch (according
4-3-2003 Thursday to the switch setting).
Indicates the name of the time-range.

Time-range : tm1 ( Inactive ) “( Inactive )” indicates the status of this
time-range is not active at current time.
from 08:30 2-5-2005 to 18:00 The content of time-range: the first time is the
2-19-2005 beginning time , the last time is the ending time.
1.1.5 packet-filter
Syntax
packet-filter { ip-group { acl-number | acl-name } [ rule rule ] | link-group { acl-number

| acl-name } [ rule rule ] }
undo packet-filter { ip-group { acl-number | acl-name } [ rule rule ] | link-group
{ acl-number | acl-name } [ rule rule ] }
View
System view
Parameter
ip-group { acl-number | acl-name }:activate the IP ACLs. IP ACLs include basic,

advanced ACLs. acl-number: Specifies the ACL number, ranging from 2000 to 3999.
acl-name: Specifies the ACL name with a character string started with English letters
(that is [a to z, A to Z]), excluding space and quotation marks.
link-group { acl-number | acl-name }: activate the L2 ACL. acl-number: Specifies the
ACL number, ranging from 4000 to 4999. acl-name: Specifies the ACL name with a
character string started with English letters (that is [a to z, A to Z]), excluding space and
quotation marks.
rule rule: Specifies the rule in the ACL to be activated, ranging from 0 to 127. If it is not
specified, all the rules in the ACL will be activated.
Description
Using packet-filter command, you can activate the ACL. Using undo packet-filter
command, you can disable the ACL.
Example
# Activate ACL 2000.

[Quidway] packet-filter ip-group 2000
1-6
1.1.6 reset acl counter
Syntax
reset acl counter { all | acl-number | acl-name }
View
User view
Parameter
all: All the access lists (including numbered and named access lists).
acl-number: Specifies an access list with a number in the range of 2000 to 3999.
acl-name: Specifies an access list with a character string, beginning with English letters
[a-z, A-Z] only, excluding space and quotation marks, and not case sensitive. The all
and any keywords are not allowed.
Description
Using the reset acl counter command, you can reset the statistics information of the
ACL which is used to filter or classify the data treated by the software of switch. You can
clear the matched counters to zero using this command.
Table 1-5 The comparison between reset commands of statistics information
Command Function
Reset the statistics information of the ACL which is used in
the case of filtering or classifying the data treated by the
reset acl counter software of switch. The case includes: ACL cited by route
policy function, ACL used for control logon user, etc. The
ACL number ranges from 2000 to 3999.
Reset statistic information of traffic. This command is used

in the case of filtering or classifying the data transmitted by
reset traffic-statistic the hardware of switch. Commonly, this command is used
to reset the statistics information of the traffic-statistic
command.
Example
# Clear the statistics information of ACL 2000.

<Quidway> reset acl counter 2000
1-7
1.1.7 rule
Syntax
I. define/delete a rule for basic acl
rule [ rule-id ] { permit | deny } [source source-addr wildcard | any ] [ fragment ]

[ time-range name ]
undo rule rule-id [ source ] [ fragment ] [ time-range ]
II. define/delete a rule for advanced acl
rule [ rule-id ] { permit | deny } protocol [ source source-addr wildcard | any ]

[ destination dest-addr dest-mask | any ] [ source-port operator port1 [ port2 ] ]
[ destination-port operator port1 [ port2 ] ] [ icmp-type type code ] [ established ]
[ [ precedence precedence | tos tos ]* | dscp dscp ] [ fragment ] [ time-range name ]
undo rule rule-id [ source ] [ destination ] [ source-port ] [ destination-port ]
[ icmp-type ] [ precedence ] [ tos ] [ dscp ] [ fragment ] [ time-range ]
III. define/delete a rule for link acl
rule [ rule-id ] { permit | deny } [ ingress { { source-vlan-id | source-mac-addr |

interface { interface-name | interface-type interface-num } }* | any } ] [ egress
{ { destination-vlan-id | dest-mac-addr | interface { interface-name | interface-type
interface-num } }* | any } ] [ time-range name ]
undo rule rule-id
View
ACL view
Parameter
rule-id: Specifies a rule of an ACL with a number in the range of 0 to 127.

permit: Indicates to let the matched packets through.
deny: Indicates to reject the matched packets to pass through.
time-range name: Name of a time range, during which a rule takes effect.
Note:
The following parameters are attributes carried by the data packets. The ACL rules are
defined according to the values of these parameters.
z The parameter for define a basic ACL
1-8
source-addr wildcard | any: source-addr wildcard is the source IP address and source
address wildcard, expressed in dotted decimal notation. any represents any source
address.
fragment: Indicates that the rule takes effect on fragmented packets only and will be
ignored for other packets.
z The parameter of advanced ACL
protocol: This parameter is to define protocol type, which can be indicated by name, or
digit. This parameter can be icmp, igmp, tcp, udp, ip, gre, ospf or ipinip. If this
parameter takes ip, it means all the IP protocols. This parameter can be 1 ~ 255 if
indicated by digit.
Note:
For the rules of IP-any, any-IP, NET-any and any-NET, S3526 does not support packet
filtering of special protocols. You can only configure protocol type as IP (the value of the
parameter protocol in rule command can only be IP) in defining these types of rules in
S3526. Otherwise, error information will be returned when confirm the rule.
address.
dest-addr wildcard | any: dest-addr wildcard is the destination IP address and
destination address wildcard, expressed in dotted decimal notation. any represents
any destination address.
source-port operator port1 [ port2 ]: This parameter is to define the source TCP or
UDP port number. Here, operator represents port operation character, including eq
(equal to), gt (greater than), lt (less than), neq (not equal to), and range (in certain
range). Note: This parameter is available only when protocol parameter takes TCP or
UDP. port1 [ port2 ]: TCP or UDP port number of packets, expressed with characters or
numbers. The numbers are in the range of 0 to 65535 and refer to mnemonic symbol
table for character values.
destination-port operator port1 [ port2 ]: This parameter is to define the destination
TCP or UDP port number. The meaning of operator port1 [ port2 ] is same as upper
parameter.
icmp-type type code: Used when protocol is specified as icmp. type code specifies an
ICMP packet. type specifies the ICMP packet type with a number in the range of 0 to
255 or characters. code, ranging from 0 to 255, is used for icmp when ICMP packet
type are not specified with characters.
1-9
Note:
For S3526, S3526 FM, S3526 FS switches, parameter icmp-type is only supported
when user defines advance ACL. ICMP packet type and code (the parameter type code
in rule command) can’t be configured. Otherwise the system will prompt the
configuration is not available.
established: Used when protocol is tcp to indicate that the rule takes effect on the first
SYN packet to establish TCP connection.
precedence precedence: Specifies IP precedence with a number in the range of 0 to 7
or a name.
tos tos: Classifies the data packets with a number in the range of 0 to 15 or a name.
dscp dscp: Classifies the data packets with a number in the range of 0 to 63 or a name.
z The parameter of link ACL
ingress { { source-vlan-id | source-mac-addr | interface { interface-name |
interface-type interface-num } }* | any }: Source information of a data packet.
source-vlan-id specifies the source VLAN of the packet, and source-mac-addr specifies
the source MAC address of the data packets. interface { interface-name |
interface-type interface-num } represents the L2 port receiving the packets. any
represents all the packets received from all the ports.
egress { { destination-vlan-id | dest-mac-addr | interface { interface-name |
interface-type interface-num } }* | any }: Specifies the destination information of data
packets. destination-vlan-id specifies the destination VLAN of the packet.
dest-mac-addr specifies the destination MAC address of the data packets. interface
{ interface-name | interface-type interface-num } the L2 port forwarding the packets.
any represents all the packets forwarded by all the ports.
Description
Using rule command, you can add a rule to an ACL. Using undo rule command, you
can cancel a rule from an ACL.
You can add a lot of rules to an ACL. If you input the parameter when use the undo rule
command, the system will delete the corresponding content of the rule according to the
parameter input.
S3526 has some restrictions on ACL configuration in implementing QOS function using
traffic classification. The restriction details are listed in the following table.
1-10
Table 1-6 ACL configuration restriction for QoS function in S3526
QoS function Implementation Restrictions on ACL configuration

Packet filter only supports using the
ACL of deny operation.
packet-filter The Layer-2 ACL supports using the
{ ip-group { acl-number rules of MAC-MAC, MAC-PORT,
| acl-name } [ rule rule ] PORT-PORT, MAC-ANY, ANY-MAC,
Packet filter
| link-group PORT-ANY and ANY-PORT.
{ acl-number | The Layer-3 ACL supports using the
acl-name } [ rule rule ] } rules of IP-IP, IP-NET, NET-NET,
IP-ANY, ANY-IP, NET-ANY and
ANY-NET.
mirrored-to { ip-group Traffic mirroring only supports using

{ acl-number | the ACL of permit operation.
acl-name } [ rule rule ] | The Layer-2 ACL supports using the
link-group rules of MAC-MAC, MAC-PORT,
{ acl-number | PORT-PORT, MAC-ANY, ANY-MAC,
Traffic mirroring
acl-name } [ rule rule ] } PORT-ANY and ANY-PORT.
[ interface The Layer-3 ACL supports using the
{ interface-name | rules of IP-IP, IP-NET, NET-NET,
interface-type IP-ANY, ANY-IP, NET-ANY and
interface-num } ] ANY-NET.
Traffic statistics only supports using
traffic-statistic the ACL of permit operation.
{ ip-group { acl-number
The Layer-2 ACL supports using the
| acl-name } [ rule rule ]
Traffic statistic rules of MAC-MAC.
| link-group
{ acl-number | The Layer-3 ACL supports using the
acl-name } [ rule rule ] } rules of IP-IP, but not traffic statistics
of special protocols.
Priority tag function only supports

using the ACL of permit operation.
The Layer-2 ACL supports using the
rules of MAC-MAC, MAC-PORT,
traffic-priority PORT-PORT, MAC-ANY, ANY-MAC,
{ ip-group { acl-number PORT-ANY and ANY-PORT.
| acl-name } [ rule rule ]
| link-group The Layer-3 ACL supports using the
Priority tag rules of IP-IP, IP-NET, NET-NET,
{ acl-number |
acl-name } [ rule rule ] } IP-ANY, ANY-IP, NET-ANY and
local-precedence ANY-NET.
pre-value For the ACL used in priority tag, if the
destination IP addresses or
destination MAC addresses for two
rules are the same, the new rule will
overwrite the previous one.
1-11
Note:
z The Layer-3 ACL includes the advanced ACL.
z In the description of the rules: MAC----MAC address, PORT----the switch port,
IP----the host IP address, ANY----any MAC address in Layer-2 ACL and any IP
address in Layer-3 ACL, NET----the segment IP address. The MAC, IP, ANY, NET
and PORT before the character “-” represent the source addresses or receive port;
the ones behind are the destination addresses or transmit port.
z MAC-MAC stands for a Layer-2 ACL rule from source MAC address to destination
MAC address, such as “rule 0 permit ingress 00e0-fc01-0101 1 egress
00e0-fc01-0102 1 time-range huawei ”.
z PORT-PORT stands for a Layer-2 ACL rule from received ethernet port to sent
ethernet port, such as “rule 0 permit ingress interface ethernet0/1 egress interface
ethernet 0/2 time-range huawei ”.
z MAC-PORT stands for a Layer-2 ACL rule from source MAC address to sent
ethernet port, such as “rule 0 permit ingress 00e0-fc01-0101 1 egress interface
ethernet 0/1 time-range huawei ”.
z IP-IP stands for lay-3 ACL rules from source host IP address to destination host IP
address (the wildcard parameter can only be 0) , such as “rule 0 permit ip source
1.1.1.1 0 destination 2.2.2.2 0 time-range huawei”.
z NET-NET stands for lay-3 ACL rules from source segment IP address to destination
segment IP address (the wildcard parameter can not be 0), such as “rule 0 permit ip
source 1.1.1.1 0.0.255.255 destination 2.2.2.2 0.0.255.255 time-range huawei”.
z MAC-any stands for lay-2 ACL rule from source MAC address to any destination
MAC address, such as “rule 0 permit ingress 00e0-fc01-0101 1 egress any
time-range huawei”, and so do any-MAC, IP-any, any-IP, NET-any and any-NET
rules.
z For the MAC-MAC rule, the source and destination MAC addresses must be
configured in the same VLAN. That is, configure the same VLAN ID for the source
and destination MAC addresses in defining ACL.
z For the rules of IP-any, any-IP, NET-any and any-NET, S3526 does not support
packet filtering of special protocols. You can only configure protocol type as IP (the
value of the parameter protocol in rule command can only be IP) in defining these
types of rules in S3526. Otherwise, error information will be returned when confirm
the rule.
z IP-IP and MAC-MAC rules will function on the two directions, that is, user defines a
rule to filter packets from source address to destination address, the rule will also
filter the packets from the destination address to source address. For the rules of
IP-any, any-IP, NET-any, any-NET, MAC-any, any-MAC, they only function on one
direction which user defined.
1-12
z For S3526, S3526 FM, S3526 FS switches, parameter icmp-type is only supported
when user defines advance ACL. ICMP packet type and code (the parameter type
code in rule command) can’t be configured. Otherwise the system will prompt the
configuration is not available.
z The restrictions corresponding to each QoS function describe the ACL rule available
in configuring this function. Other ACL rules will not be used in implementing this
function in S3526. Otherwise, the system will return error prompts.
z Define the ACL rules to be used in it first before implementing a QoS function.
For related configurations, refer to command acl.
Example
# Add a rule to an advanced ACL.

[Quidway-acl-adv-3000] rule 1 permit tcp established source 1.1.1.1 0
destination 2.2.2.2 0
# Add a rule to a basic ACL.

[Quidway-acl-basic-2000] rule 1 permit source 1.1.1.1 0 fragment
# Add a rule to an L2 ACL.

[Quidway-acl-link-4000] rule 1 permit ingress 1 egress any
1.1.8 time-range
Syntax
time-range time-name { start-time to end-time days-of-the-week [ from start-time

start-date ] [ to end-time end-date ] | from start-time start-date [ to end-time end-date ] }
undo time-range time-name [ start-time to end-time days-of-the-week [ from
start-time start-date ] [ to end-time end-date ] | from start-time start-date [ to end-time
end-date ] ]
View
System view
Parameter
time-name: Name of a special time range to be referenced.

start-time: Start time of the special time range, format as hh:mm.
end-time: End time of the special time range, format as hh:mm.
days-of-the-week: Determines in which day(s) of a week in the special time range a
command takes effect. You can specify this parameter with any of the following values.
Numbers (ranging from 0 to 6);
1-13
Monday, Tuesday, Wednesday, Thursday, Friday, Saturday or Sunday;

working-day, representing 5 working days, from Monday to Friday;
off-day, representing Saturday and Sunday;
daily, representing everyday of the week.
from start-time start-date: Start time and date of the special time range, determining
effective days of the time range with the end-date, format as hh:mm MM-DD-YYYY.
to end-time end-date: End time and date of the special time range, determining
effective days of the time range with the start-date, format as hh:mm MM-DD-YYYY.
If the above two parameters are omitted, there is no limit to the effective date.
Description
Using time-range command, you can configure a time range. Using undo time-range
command, you can delete a time range.
If you input the parameter when use the undo time-range command, the system will
delete the corresponding content of the time range according to the parameter input.
Example
# Configure a time range being effective since zero hour on January 1, 2000 and
forever.
[Quidway] time-range test from 0:0 1-1-2000
1.2 ACL Configuration Command List of S3526E and S3526C

1.2.1 acl
Syntax
acl { number acl-number | name acl-name [ advanced | basic | link | user ] }

[ match-order { config | auto } ]
View
System view
Parameter

4000 to 4999: L2 ACL.
5000 to 5999: User-defined ACL.
1-14
basic: Basic ACL..
link: L2 ACL..
user: User-defined ACL..
Description
and its type with the keywords “advanced”, ”basic”, ”link”, or "user”. For both
numbered and named ACL, you can use the rule command to add rules for them after
entering ACL view. (Use the quit command to exit ACL view.) An ACL may contain
multiple rules and the traffic classification rules concern different ranges, which brings
forward the issue of match order when a data packet matches more than one rule.

An ACL is configured with multiple sub-rules. The latest
S3526E and S3526C
sub-rule will be matched first.
Example
1-15
Syntax
View
Any view
Parameter
Description
Example



1-16
Field Description
Basic ACL 2010, 1 “Basic ACL” delegates the type of ACL, the type of ACL
rule, can be “advanced ACL”, “Basic ACL”, “Interface based
ACL” or “Link ACL”. “2010” indicates the number of ACL
rule 1 permit ( in this location, it may be the name of the ACL) , “1 rule”
10.0.0.1 0 (0 times indicates the rule number of the ACL. “ rule 1 permit
matched) 10.0.0.1 0 (0 times matched)” indicates the rule’s content
Syntax
View
Any view
Parameter
None
Description
Example

Syntax
View
Any view
1-17
Parameter

Description
Example


from 08:30 2-5-2005 to 18:00 2-19-2005

from 08:30 2-5-2003 to 18:00 2-19-2003
Field Description

current time.


from 08:30 2-5-2005 to 18:00 2-19-2005
1-18
Field Description
Current time is 14:36:36 Indicates the current time of the switch (according
4-3-2003 Thursday to the switch setting).

Time-range : tm1 ( Inactive ) indicates the status of this time-range is not active
at current time.
from 08:30 2-5-2005 to 18:00 The content of time-range: the first time is the
2-19-2005 beginning time , the last time is the ending time.
1.2.5 packet-filter
Syntax
packet-filter { user-group { acl-number | acl-name } [ rule rule ] | { ip-group

{ acl-number | acl-name } [ rule rule ] | link-group { acl-number | acl-name } [ rule
rule ] }* }
undo packet-filter { user-group { acl-number | acl-name } [ rule rule ] | { ip-group
rule ] }* }
View
System view
Parameter
user-group { acl-number | acl-name }: activate the user-defined ACL. acl-number:

Specifies the ACL number, ranging from 5000 to 5999. acl-name: Specifies the ACL
name with a character string started with English letters (that is [a to z, A to Z]),
excluding space and quotation marks.
ip-group { acl-number | acl-name }:activate the IP ACLs. IP ACLs include basic,
advanced ACLs. acl-number: Specifies the ACL number, ranging from 2000 to 3999.
acl-name: Specifies the ACL name with a character string started with English letters
(that is [a to z, A to Z]), excluding space and quotation marks.
link-group { acl-number | acl-name }: activate the L2 ACL. acl-number: Specifies the
ACL number, ranging from 4000 to 4999. acl-name: Specifies the ACL name with a
character string started with English letters (that is [a to z, A to Z]), excluding space and
quotation marks.
rule rule: Specifies the rule in the ACL to be activated, ranging from 0 to 127. If it is not
specified, all the rules in the ACL will be activated.
1-19
Description
This command supports activating the Layer-2 and Layer-3 ACLs at the same time.
However the actions of the ACLs should be consistent. If the actions conflict (one is
permit and the other is deny), they cannot be activated.
Example
# Activate ACL 2000.

[Quidway] packet-filter ip-group 2000
Syntax
View
User view
Parameter
Description
Command Function
1-20
Command Function
Reset statistic information of traffic. This command is used in
the case of filtering or classifying the data transmitted by the
reset
hardware of switch. Commonly, this command is used to
traffic-statistic
reset the statistics information of the traffic-statistic
command.
Example

1.2.7 rule
Syntax

[ time-range name ]

rule [ rule-id ] { permit | deny } [ protocol ] [ cos vlan-pri ] [ ingress { { source-vlan-id |

source-mac-addr source-mac-wildcard | interface { interface-name | interface-type
interface-num } }* | any } ] [ egress { { dest-mac-addr dest-mac-wildcard | interface
{ interface-name | interface-type interface-num } }* | any } ] [ time-range name ]
undo rule rule-id
IV. define/delete a rule for user-defined acl
rule [ rule-id ] { permit | deny } { rule-string rule-mask offset }&<1-8> [ time-range

name ]
undo rule rule-id
1-21
View
ACL view
Parameter

Note:

address.
indicated by digit.
address.
1-22

parameter.
icmp-type type code: Used when protocol is specified as icmp. type code specifies an
ICMP packet. type specifies the ICMP packet type with a number in the range of 0 to
255 or characters. code, ranging from 0 to 255, is used for icmp when ICMP packet
type are not specified with characters.
or a name.
protocol: Protocol carried by an Ethernet frame, which can be ip, arp, rarp,
pppoe-control, or pppoe-data.
cos vlan-pri : 802.1p priority, ranging from 0 to 7.
ingress { { source-vlan-id | source-mac-addr source-mac-wildcard | interface
{ interface-name | interface-type interface-num } }* | any }: Source information of a data
packet. [ source-vlan-id ] specifies the source VLAN of the packet, and
[ source-mac-addr source-mac-wildcard ] specifies the source MAC address and MAC
address wildcard of the data packets. These two parameters give the source MAC
address range interested the users. For example, if source-mac-wildcard is specified
as 0.0.ffff, it indicates that the user is interested in the first 32 bits (corresponding to the
0s in wildcard) of the source MAC address. interface { interface-name | interface-type
interface-num } represents the L2 port receiving the packets. any represents all the
packets received from all the ports.
egress { { dest-mac-addr dest-mac-wildcard | interface { interface-name |
interface-type interface-num } }* | any }: Specifies the destination information of data
packets. dest-mac-addr dest-mac-wildcard specifies the destination MAC address and
destination MAC address wildcard of the data packets. For example, if
dest-mac-wildcard is specified as 0.0.ffff, it indicates that the user is interested in the
first 32 bits (corresponding to the 0s in wildcard) of the destination MAC address.
interface { interface-name | interface-type interface-num } the L2 port forwarding the
packets. any represents all the packets forwarded by all the ports.
z The parameter of user-defined ACL
1-23
{ rule-string rule-mask offset }&<1-8>: rule-string is a character string of a rule defined

by a user. It only consists of hexadecimal numbers of even digits. rule-mask offset is
used to extract the packet information. Here, rule-mask is rule mask, used for logical
AND operation with data packets, and offset determines to perform AND operation from
which bytes apart from the packet header. rule-mask offset extracts a character string
from the packet and compares it with the user-defined rule-string to get and process the
matched packets. &<1-8> indicates that you can define up to 8 such rules at a time.
This parameter is used for the user-defined ACL.
Description
parameter input.
Example



# Add a rule to a user-defined ACL.

[Quidway-acl-user-5000] rule 1 permit 88 ff 18
1.2.8 time-range
Syntax

end-date ] ]
View
System view
1-24
Parameter

Description
Example
forever.
1.3 ACL Configuration Command List of S3552 Series

Switches
S3552 Series Ethernet Switches include S3552G, S3552P, S3528G, and S3528P
Ethernet Switches.
1.3.1 acl
Syntax
acl { number acl-number | name acl-name [advanced | basic | link ] } [ match-order

{ config | auto } ]
1-25
View
System view
Parameter

4000 to 4999: L2 ACL.
basic: Basic ACL..
link: L2 ACL..
Description
and its type with the keywords “advanced”, ”basic”, ”link”. For both numbered and
named ACL, you can use the rule command to add rules for them after entering ACL
view. (Use the quit command to exit ACL view.) An ACL may contain multiple rules and
the traffic classification rules concern different ranges, which brings forward the issue of
match order when a data packet matches more than one rule.
1-26

S3552 Series Ethernet An ACL is configured with multiple sub-rules. The first
Switches sub-rule will be matched first.
Example

Syntax
View
Any view
Parameter
Description
Example

1-27

Field Description
“Basic ACL” delegates the type of ACL, the type of ACL
Basic ACL 2010, 1 rule, can be “advanced ACL”, “Basic ACL”, “Interface based
rule 1 permit ACL” or “Link ACL”. “2010” indicates the number of ACL
10.0.0.1 0 (0 times ( in this location, it may be the name of the ACL) , “1 rule”
matched) indicates the rule number of the ACL. “ rule 1 permit
10.0.0.1 0 (0 times matched)” indicates the rule’s content
Syntax
View
Any view
Parameter
None
Description
Example

1-28
1.3.4 display flow-template
Syntax
display flow-template [ default | interface interface-type interface-num |

user-defined ]
View
Any view
Parameter
default: Display the default flow template configuration of system.

user-defined: Display the configuration of user-defined flow template.
interface interface-type interface-num: Display the flow template applied on the
specified interface.
Description
Using the display flow-template command, you can view the configuration of flow
template. The configuration includes the defined information of flow template, the
interface for which the flow template has applied.
For the related command, see flow-template user-defined.
Example
# Display the default flow-template.

<Quidway> display flow-template default
System default flow template : This flow template has not been configured.
Syntax
View
Any view
Parameter

Description
1-29
Example


from 08:30 2-5-2005 to 18:00 2-19-2005

from 08:30 2-5-2003 to 18:00 2-19-2003
Field Description

current time.


from 08:30 2-5-2005 to 18:00 2-19-2005
Field Description

Time-range : tm1 ( Inactive ) indicates the status of this time-range is not active at
current time.
1-30
1.3.6 flow-template user-defined
Syntax
flow-template user-defined
undo flow-template user-defined
View
Ethernet port view
Parameter
None.
Description
Using the flow-template user-defined command, you can apply user-defined flow
template on the current port. Using the undo flow-template user-defined command,
you can cancel the user-defined flow template applying on the current port.
For the related command, see display flow-template.
Example
# Apply user-defined flow template on the current Ethernet0/1.

[Quidway-Ethernet0/1] flow-template user-defined
1.3.7 flow-template user-defined template-info
Syntax
flow-template user-defined template-info

undo flow-template user-defined
View
System view
Parameter
template-info: Information available in defining traffic classification, its value can be:
cos : 802.1p priority in the Ethernet packet header, in the length of 1 byte.
dip: Destination IP domain in the IP packet header, in the length of 4 bytes.
dmac: Destination MAC domain in the Ethernet packet header, in the length of 6 bytes.
dport: Destination port domain, in the length of 2 bytes.
dscp: DSCP domain in the IP packet header, in the length of 1 byte.
1-31
ethernet-protocol: Protocol type domain in the Ethernet packet header, in the length of
2 bytes.
fragments Fragment tag bit in the IP packet header.
icmp-code: ICMP code domain, in the length of 1 byte.
icmp-type: ICMP type domain, in the length of 1 byte.
ip-precedence: IP priority domain in the IP packet header, in the length of 1 byte.
ip-protocol: Protocol type domain in the IP packet header, in the length of 1 byte.
sip: Source IP domain in the IP packet header, in the length of 4 bytes.
smac: Source MAC domain in the Ethernet packet header, in the length of 6 bytes.
sport: Source port domain, in the length of 2 bytes.
tcp-flag: Flag domain in the TCP packet header, in the length of 1 byte.
tos: TOS (type of service) domain in the IP packet header, in the length of 1 byte.
vlanid: VLAN ID in the Ethernet packet header, in the length of 2 bytes.
Description
Using the flow-template user-defined template-info command, you can define a flow
template. Using the undo flow-template user-defined command, you can delete a
flow template.
In defining a flow template, the total length of all elements should not be more than 16
bytes.
Note:
The numbers listed in the table are not the actual length of these elements in IP packets,
but their length in flow template. DSCP field is one byte in flow template, but six bytes in
IP packets. You can judge the total length of template elements using these numbers.
The dscp, ip-precedence and tos fields jointly occupy one byte. One byte is occupied
no matter you define one, two or three of these fields.
The fragment field is 0 in length in flow template, so it can be ignored in calculating the
total length of template elements.
1-32
Note:
During self-defining flow-template configuration, if you configured any of the three
parameters: dport, sport or tcp-flag, you must configure the ip-protocol parameter at the
same time. Otherwise, the flow template fails to operate.
If you need to define the rule of layer 2 ACL by using parameter tagged or untagged,
you are required to configure the ethernet-protocol parameter in self-defining
flow-template configuration.
A flow template is defined by default, which includes the quintuple of source IP,
destination IP, source TCP/UDP port, destination TCP/UDP port, IP protocol code.
You cannot modify or delete the default flow template, but those you have defined.
For the related command, see display flow-template.
Example
# Define a flow template which classifies traffic by source and destination IP addresses,
source and destination TCP/UDP ports, DSCP domain in the IP packet header.
[Quidway] flow-template user-defined ip-protocol sip dip sport dport dscp
1.3.8 packet-filter
Syntax
I. Command Format in System View
packet-filter inbound acl-rule interface { interface-list | all }

undo packet-filter inbound acl-rule interface { interface-list | all }
II. Command Format in Ethernet Port View
packet-filter inbound acl-rule

undo packet-filter inbound acl-rule
View
System view/Ethernet Port view
Parameter
acl-rule: the rule of ACL, only the rules including these elements defined in template
can be sent to target hardware and referenced for such QoS functions as packet
filtering, traffic policing, priority re-labeling. Otherwise, the rules cannot be activated on
the hardware. The ACL combined mode is following.
1-33
Table 1-16 Combined Mode of ACL
Combined Mode Value

All rules in IP ACL ip-group { acl-number | acl-name }
Only one rule in IP ACL ip-group { acl-number | acl-name } rule rule
All rules in Link ACL link-group { acl-number | acl-name }
Only one rule in Link ACL link-group { acl-number | acl-name } rule rule
All rules in IP ACL and ip-group { acl-number | acl-name } link-group
one rule in Link ACL { acl-number | acl-name } rule rule
One rule in IP ACL and ip-group { acl-number | acl-name } rule rule link-group
all rules in Link ACL { acl-number | acl-name }
z ip-group { acl-number | acl-name }:activate the IP ACLs. IP ACLs include basic,

advanced ACLs. acl-number: Specifies the ACL number, ranging from 2000 to
3999. acl-name: Specifies the ACL name with a character string started with
English letters (that is [a to z, A to Z]), excluding space and quotation marks.
z link-group { acl-number | acl-name }: activate the L2 ACL. acl-number: Specifies
the ACL number, ranging from 4000 to 4999. acl-name: Specifies the ACL name
with a character string started with English letters (that is [a to z, A to Z]), excluding
space and quotation marks.
z rule rule: Specifies the rule in the ACL to be activated, ranging from 0 to 127. If it is
not specified, all the rules in the ACL will be activated.
interface { interface-list | all }: Activate the ACL on specified interface.
Description
This command supports activating the Layer-2 and Layer-3 ACLs. However the actions
of the ACLs should be consistent. If the actions conflict (one is permit and the other is
deny), they cannot be activated.
Example
# Activate ACL 2000 on Ethernet0/1.

[Quidway-Ethernet0/1] packet-filter ip-group 2000
1-34
Syntax
View
User view
Parameter
Description
Command Function
Reset the statistics information of the ACL which is used in the
case of filtering or classifying the data treated by the software of
reset acl
switch. The case includes: ACL cited by route policy function,
counter
ACL used for control logon user, etc. The ACL number ranges
from 2000 to 3999.
Reset statistic information of traffic. This command is used in the

reset case of filtering or classifying the data transmitted by the
traffic-statistic hardware of switch. Commonly, this command is used to reset
the statistics information of the traffic-statistic command.
Example

1-35
1.3.10 rule
Syntax

[ time-range name ]

rule [ rule-id ] { permit | deny } [ cos vlan-pri ] [ ingress { { source-vlan-id |

source-mac-addr source-mac-wildcard }* | any } ] [ egress { { dest-vlan-id |
dest-mac-addr dest-mac-wildcard }* | any } ] [ tagged | untagged ] [ time-range name ]
undo rule rule-id
View
ACL view
Parameter

Note:
1-36
address.
indicated by digit.
address.
parameter.
Note:
When you activate the rule with predefined TCP/UDP source and destination port
ranges on the S3552 series, the switches can automatically divide this rule into several
rules, ensuring the port ranges meet the requirement of [A*2^n , (A+1)*2^n - 1], where
both A and n are integers. If the rules are more than 64, the rule cannot be activated
and the switches prompt you of the failure.
S3552 series switch does not support icmp-type type code parameters when
configure ACL rules.
1-37

or a name.
ingress { { source-vlan-id | source-mac-addr source-mac-wildcard }* | any }: Source
information of a data packet. source-vlan-id specifies the source VLAN of the packet,
and source-mac-addr source-mac-wildcard specifies the source MAC address of the
data packets. any represents all the packets received from all the ports.
egress { { dest-vlan-id | dest-mac-addr dest-mac-wildcard }* | any }: Specifies the
destination information of data packets. dest-vlan-id specifies the destination VLAN of
the packet. dest-mac-addr dest-mac-wildcard specifies the destination MAC address of
the data packets. any represents all the packets forwarded by all the ports.
[ tagged | untagged ]: Specifies filtering the packets according the VLAN tag. Tagged
means filtering the packets which have VLAN tag. untagged means filtering the
packets which have no VLAN tag.
Description
parameter input.
Example



1-38
1.3.11 time-range
Syntax

end-date ] ]
View
System view
Parameter

Description
Example
forever.
1-39
Quidway S3500 Series Ethernet Switches Chapter 2 QoS Commands
Chapter 2 QoS Commands
2.1 QoS Configuration Commands List of S3526 Series

Switches
S3526 Series Ethernet Switches include S3526, S3526 FM, and S3526 FS switches.
2.1.1 display qos cos-local-precedence-map
Syntax
display qos cos-local-precedence-map
View
Any view
Parameter
None
Description
Using display qos cos-local-precedence-map command, you can view

“COS->Local-precedence” map.
Example
# Display “COS->Local -precedence” map.

<Quidway> display qos cos-local-precedence-map
cos-local-precedence-map:
cos : 0 1 2 3 4 5 6 7
-------------------------------------------------------------------------
local-precedence : 2 0 1 3 4 5 6 7
2.1.2 display qos-global all
Syntax
display qos-global all
View
Any view
Parameter
None
2-1
Description
Using display qos-global all command, you can view the settings of all the QoS
parameters.
This command is used for displaying the settings of all the QoS parameters, including
priority tag, redirection, traffic statistics and traffic mirror.
Example
# Display the settings of all the QoS parameters.

[Quidway] display qos-global all
traffic-priority
Matches: acl std1 rule 0 running
Priority action: Local precedence 0
traffic-statistic
0 byte
0 packet
0 byte
0 packet
mirrored-to
Mirrored to: Ethernet0/1
Field Description
Indicates the traffic-priority configuration of
the switch.
traffic-priority
“Matches: acl std1 rule 0 running”
Matches: acl std1 rule 0 running indicates the classification rule to the
Priority action: Local precedence 0 traffic.
Matches: acl std1 rule 1 running “Priority action: Local precedence 0”
Priority action: Local precedence 0 indicates the action of resetting the priority
of the packets matching the classification
rule.
2-2
Field Description
traffic-statistic Indicates the traffic-statistic configuration
Matches: acl std1 rule 0 running of the switch.
0 byte “Matches: acl std1 rule 0 running”
indicates the classification rule to the
0 packet
traffic.
“ 0 byte 0 packet” indicates the statistic
0 byte information for the packets matching the
0 packet classification rule.
Indicates the mirroring configuration of the

mirrored-to switch.
Matches: acl std1 rule 0 running “Matches: acl std1 rule 0 running”
indicates the classification rule to the
traffic.
“Mirrored to: Ethernet0/1” indicates the
Mirrored to: Ethernet0/1 monitor port for the packets matching the
classification rule.
2.1.3 display qos-global mirrored-to
Syntax
display qos-global mirrored-to
View
Any view
Parameter
None
Description
Using display qos-global mirrored-to command, you can view the settings of the
traffic mirror.
This command is used for displaying the settings of traffic mirror. The information
displayed includes the ACL of traffic to be mirrored and the observing port.
For the related command, see mirrored-to.
Example
# Display the settings of traffic mirror.

<Quidway> display qos-global mirrored-to
mirrored-to
2-3

Field Description
mirrored-to Indicates the mirroring configuration of the
Matches: acl std1 rule 0 running switch. “Matches: acl std1 rule 0 running”
indicates the classification rule to the traffic.
“Mirrored to: Ethernet0/1” indicates the
Matches: acl std1 rule 1 running monitor port for the packets matching the
Mirrored to: Ethernet0/1 classification rule.
2.1.4 display qos-global traffic-priority
Syntax
display qos-global traffic-priority
View
Any view
Parameter
None
Description
Using display qos-global traffic-priority command, you can view the settings of
traffic priority.
This command is used for displaying the settings of traffic priority. The information
displayed includes the ACL corresponding to the traffic tagged with priority, priority type
and value.
For the related command, see traffic-priority.
Example
# Display the settings of traffic priority.

<Quidway> display qos-global traffic-priority
traffic-priority
2-4
Field Description
the switch.
traffic-priority
“Matches: acl std1 rule 0 running”
Matches: acl std1 rule 0 running indicates the classification rule to the
Priority action: Local precedence 0 traffic.
Matches: acl std1 rule 1 running “Priority action: Local precedence 0”
Priority action: Local precedence 0 indicates the action of resetting the priority
of the packets matching the classification
rule.
2.1.5 display qos-global traffic-statistic
Syntax
display qos-global traffic-statistic
View
Any view
Parameter
None
Description
Using display qos-global traffic-statistic command, you can view the traffic statistics
information.
This command is used for displaying the traffic statistics information. The information
displayed includes the ACL corresponding to the traffic to be counted and the number
of packets counted.
The statistics information of traffic-statistic command includes the matched times of
the transmitted data by switch. User can use display qos-global traffic-statistic
command to display the statistics information.
For the related command, see traffic-statistic.
Example
# Display the traffic statistics information.

<Quidway> display qos-global traffic-statistic
traffic-statistic
0 packets
2-5
0 packets
Field Description
traffic-statistic
Indicates the traffic-statistic configuration of
Matches: acl std1 rule 0 running the switch.
0 byte “Matches: acl std1 rule 0 running” indicates
0 packet the classification rule to the traffic.
Matches: acl std1 rule 1 running “ 0 byte 0 packet” indicates the statistic
0 packet
2.1.6 display qos-interface queue-scheduler
Syntax
display qos-interface [ interface-name | interface-type interface-num ]

queue-scheduler
View
Any view
Parameter
interface-name | interface-type interface-num: Specifies a port of the switch. For

detailed information, refer to the port command manual.
Description
Using display qos-interface queue-scheduler command, you can view the queue
scheduling mode and parameters.
For the related command, see queue-scheduler.
Example
# Display the queue scheduling mode and parameters.

<Quidway> display qos-interface queue-scheduler
Queue scheduling mode: strict-priority
The display information shows the queue scheduling mode of the switch is
strict-priority.
2-6
2.1.7 mirrored-to
Syntax
mirrored-to { ip-group { acl-number | acl-name } [ rule rule ] | link-group { acl-number

| acl-name } [ rule rule ] } interface { interface-name | interface-type interface-num }
undo mirrored-to { ip-group { acl-number | acl-name } [ rule rule ] | link-group
View
System view
Parameter
ip-group { acl-number | acl-name } [ rule rule ]: Specifies a basic or advanced ACL.

acl-number: Specifies the ACL sequence number, ranging from 2000 to 3999. acl-name:
Specifies the ACL name with a character string starting with English letters ([a-z, A-Z])
and excluding space and quotation mark. rule rule: Specifies a rule of an ACL, ranging
from 0 to 127. If you do not set this parameter, all the rules will be considered.
link-group { acl-number | acl-name } [ rule rule ]: Specifies a Layer-2 ACL. acl-number:
Specifies the ACL sequence number, ranging from 4000 to 4999, acl-name: Specifies
the ACL name with a character string starting with English letters ([a-z, A-Z]) and
excluding space and quotation mark. rule rule: Specifies a rule of an ACL, ranging from
0 to 127. If you do not set this parameter, all the rules will be considered.
interface { interface-name | interface-type interface-num }: Specifies the destination
port where the traffic will be mirror. interface-num specifies the port number.
interface-num and interface-type specify a complete port name together.
interface-name is interface-type added with interface-num.
Description
Using mirrored-to command, you can enable ACL traffic identification and perform
traffic mirror. Using undo mirrored-to command, you can disable traffic mirror.
This command is used for mirroring the traffic matching the specified ACL (whose
action is permit). The observing port cannot be a Trunk port or aggregated port.
This command only supports one observing port. When you use the traffic mirror for the
first time, you have to designate the observing port.
For the related command, see display qos-global mirrored-to.
Example
# Mirrors the packets matching the ACL 2000 rules, whose action is permit, to the port
Ethernet0/1.
[Quidway] mirrored-to ip-group 2000 interface e0/1
2-7
2.1.8 priority
Syntax
priority priority-level
undo priority
View
Ethernet Port views
Parameter
priority-level: Specifies the priority level of the port, ranging from 0 to 7.
Description
Using priority command, you can configure the priority of Ethernet port. Using undo
priority command, you can restore the default port priority.
By default, the priority level of the port is 0 and switch replaces the 802.1p priority
carried by a packet with the port priority.
Every port of Ethernet switch supports four packet egress queues. The switch puts the
packets into different egress queues according to their priorities.
You can set a priority for a port and replace the 802.1p priority carried in the packet with
it. After transmitting a packet, the switch will replace the packet 802.1p priority with the
priority of the received port, according to which the packet will be put into the
corresponding egress queue.
Example
# Set the priority of Ethernet0/1 port to 7.

[Quidway-Ethernet0/1] priority 7
2.1.9 priority trust
Syntax
priority trust
undo priority
View
Ethernet port view
Parameter
None
2-8
Description
Using priority trust command, you can configure system trusting the packet 802.1p
priority and not replacing the 802.1p priorities carried by the packets with the port
priority. Using undo priority command, you can configure the system not trust packet
802.1p priority.
By default, the system replaces the 802.1p priority carried by a packet with the port
priority.
For the related command, see priority.
Example
# Configure system trusting the packet 802.1p priority and not replacing the 802.1p
priorities carried by the packets with the port priority.
[Quidway-Ethernet0/1] priority trust
2.1.10 qos cos-local-precedence-map
Syntax
qos cos-local-precedence-map cos0-map-local-prec cos1-map-local-prec

cos2-map-local-prec cos3-map-local-prec cos4-map-local-prec cos5-map-local-prec
cos6-map-local-prec cos7-map-local-prec
undo qos cos-local-precedence-map
View
System view
Parameter
cos0-map-local-prec: Specifies the mapping value of “COS 0->local-prec”, which

ranges from 0 to 7.
ranges from 0 to 7.
ranges from 0 to 7.
ranges from 0 to 7.
ranges from 0 to 7.
ranges from 0 to 7.
2-9

ranges from 0 to 7.
ranges from 0 to 7.
Description
Using qos cos-local-precedence-map command, you can configure “COS

->Local-precedence” map. Using undo qos cos-local-precedence-map command,
you can restore its default value.
By default, the system provides the default “COS ->Local-precedence” mapping
relationship.
Table 2-5 The default “COS ->Local-precedence” map
COS Value Local Precedence

0 2
1 0
2 1
3 3
4 4
5 5
6 6
7 7
If needed, you can change “COS->Local-precedence” map using the command.
Example
# Configure “COS->Local-precedence” map.

[Quidway] qos cos-local-precedence-map 0 1 2 3 4 5 6 7
After the configuration, the “COS->Local-precedence” map is shown in Table 1-6.
Table 2-6 “COS->Local-precedence” map

0 0
1 1
2 2
3 3
4 4
2-10

5 5
6 6
7 7
2.1.11 queue-scheduler
Syntax
queue-scheduler { strict-priority | wrr queue1-weight queue2-weight queue3-weight

queue4-weight }
undo queue-scheduler
View
Ethernet Port view
Parameter
strict-priority: Configures to perform strict priority scheduling.

wrr queue1-weight queue2-weight queue3-weight queue4-weight: Configures to
perform WRR scheduler. queue1-weight: Specifies the weight (percent of bandwidth
assigned) 1. queue2-weight: Specifies the weight of the queue 2. queue3-weight:
Specifies the weight of the queue 3. queue4-weight: Specifies the weight of the queue
4.
Description
Using queue-scheduler command, you can configure the queue scheduler and the
related parameters. Using undo queue-scheduler command, you can restore the
default queue scheduler.
By default, the value is strict-priority.
For WRR, the sum of all the weights should equal 100.
For the related command, see display qos-interface queue-scheduler.
Example
# Configure to perform WRR with the weights of the four queues as 20, 20, 30 and 30
respectively.
[Quidway-Ethernet0/1] queue-scheduler wrr 20 20 30 30
2-11
2.1.12 reset traffic-statistic
Syntax
reset traffic-statistic { all | ip-group { acl-number | acl-name } [ rule rule ] |

link-group { acl-number | acl-name } [ rule rule ] }
View
User view
Parameter
all: Indicates to clear all the traffic statistics information of the ACLs configured with this
function (including the combination items).
Description
Using reset traffic-statistic command, you can reset the traffic statistics information.
This command is used for clearing the statistics information about all the traffic or a
specified one.
Command Function
Reset the statistics information of the ACL which is used in the
case of filtering or classifying the data treated by the software
reset acl counter of switch. The case includes: ACL cited by route policy
function, ACL used for control logon user, etc. The ACL
number ranges from 2000 to 3999.
Reset statistic information of traffic. This command is used in

reset the case of filtering or classifying the data transmitted by the
traffic-statistic hardware of switch. Commonly, this command is used to reset
the statistics information of the traffic-statistic command.
2-12
Example
# Clear the statistics information about ACL 2000.

<Quidway> reset traffic-statistic ip-group 2000
2.1.13 traffic-priority
Syntax
traffic-priority { ip-group { acl-number | acl-name } [ rule rule ] | link-group

{ acl-number | acl-name } [ rule rule ] } local-precedence pre-value
undo traffic-priority { ip-group { acl-number | acl-name } [ rule rule ] | link-group
View
System view
Parameter

local-precedence pre-value: Specifies the local preference, ranging from 0 to 7.
Description
Using traffic-priority command, you can activate ACL and tag the traffic priority
(whose action is permit). Using undo traffic-priority command, you can cancel the
traffic priority settings.
For the related command, see display qos-global traffic-priority.
Example
# Marks the priority for the packets matching the permit rules of ACL 2000. It sets the
local preference to 0:
[Quidway] traffic-priority ip-group 2000 local-precedence 0
2-13
2.1.14 traffic-statistic
Syntax
traffic-statistic { ip-group { acl-number | acl-name } [ rule rule ] | link-group

undo traffic-statistic { ip-group { acl-number | acl-name } [ rule rule ] | link-group
View
System view
Parameter

Description
Using traffic-statistic command, you can activate the ACL to recognize and count the
traffic(whose action is permit). Using undo traffic-statistic command, you can cancel
the traffic statistics.
For the related command, see display qos-global traffic-statistic.
Note:
S3526, S3026 FM, S3026 FS only support the statistics for the data matching the IP-IP
or MAC-MAC rule.
Example
# Count the packets matching the ACL 2000 rules with action permit.
2-14
[Quidway] traffic-statistic ip-group 2000
2.2 QoS Configuration Commands List of S3526E and

S3526C
Syntax
View
Any view
Parameter
None
Description
Using display qos cos-local-precedence-map command, you can view

“COS->Local-precedence” map.
Example
# Display “COS->Local -precedence” map.

cos : 0 1 2 3 4 5 6 7
-------------------------------------------------------------------------
Syntax
View
Any view
Parameter
None
Description
Using display qos-global all command, you can view the settings of all the QoS
parameters.
2-15
This command is used for displaying the settings of all the QoS parameters, including
priority tag, redirection, traffic statistics and traffic mirror.
Example
# Display the settings of all the QoS parameters.

[Quidway] display qos-global all
traffic-priority
Priority action: dscp ef
traffic-redirect
Redirected to: interface Ethernet0/2
traffic-statistic
0 byte
0 packet
0 byte
0 packet
mirrored-to
Field Description
Indicates the traffic-priority configuration of the
traffic-priority switch.
Matches: acl std1 rule 0 running “Matches: acl std1 rule 0 running” indicates
Priority action: dscp ef the classification rule to the traffic.
Matches: acl std1 rule 1 running “Priority action: dscp ef” indicates the action of
Priority action: dscp ef resetting the priority of the packets matching
the classification rule.
2-16
Field Description
traffic-redirect Indicates the traffic-redirect configuration of
Redirected to: interface “Matches: acl std1 rule 0 running” indicates
Ethernet0/2 the classification rule to the traffic.
Matches: acl std1 rule 1 running “Redirected to: interface Ethernet0/2”
Redirected to: interface indicates the redirect port for the packets
Ethernet0/2 matching the classification rule.
traffic-statistic
0 packet

mirrored-to switch.
Mirrored to: Ethernet0/1 the classification rule to the traffic.
Matches: acl std1 rule 1 running “Mirrored to: Ethernet0/1” indicates the monitor
Mirrored to: Ethernet0/1 port for the packets matching the classification
rule.
2.2.3 display qos-global mirrored-to
Syntax
display qos-global mirrored-to
View
Any view
Parameter
None
Description
Using display qos-global mirrored-to command, you can view the settings of the
traffic mirror.
This command is used for displaying the settings of traffic mirror. The information
displayed includes the ACL of traffic to be mirrored and the observing port.
2-17
Example
# Display the settings of traffic mirror.

<Quidway> display qos-global mirrored-to
mirrored-to
Field Description
mirrored-to switch.
Mirrored to: Ethernet0/1 the classification rule to the traffic.
Matches: acl std1 rule 1 running “Mirrored to: Ethernet0/1” indicates the
Mirrored to: Ethernet0/1 monitor port for the packets matching the
2.2.4 display qos-global traffic-priority
Syntax
display qos-global traffic-priority
View
Any view
Parameter
None
Description
Using display qos-global traffic-priority command, you can view the settings of
traffic priority.
This command is used for displaying the settings of traffic priority. The information
displayed includes the ACL corresponding to the traffic tagged with priority, priority type
and value.
Example
# Display the settings of traffic priority.
2-18
<Quidway> display qos-global traffic-priority

traffic-priority
Field Description
traffic-priority the switch.
Priority action: dscp ef the classification rule to the traffic.
Matches: acl std1 rule 1 running “Priority action: dscp ef” indicates the action
Priority action: dscp ef of resetting the priority of the packets
matching the classification rule.
2.2.5 display qos-global traffic-redirect
Syntax
display qos-global traffic-redirect
View
Any view
Parameter
None
Description
Using display qos-global traffic-redirect command, you can view the settings of the
redirection.
This command is used for displaying the settings of the redirection. The information
displayed includes the ACL corresponding to the traffic to be redirected, the destination
port of redirection.
For the related command, see traffic-redirect.
Example
# Display the settings of the redirection.

<Quidway> display qos-global traffic-redirect
traffic-redirect
2-19

Field Description
traffic-redirect
Matches: acl std1 rule 0 Indicates the traffic-redirect configuration of the
running switch.
Redirected to: interface “Matches: acl 1 rule 0 running” indicates the
Ethernet0/2 classification rule to the traffic.
Matches: acl std1 rule 1 “Redirected to: interface Ethernet0/2” indicates the
running redirect port for the packets matching the
Redirected to: interface classification rule.
Ethernet0/2
2.2.6 display qos-global traffic-statistic
Syntax
display qos-global traffic-statistic
View
Any view
Parameter
None
Description
Using display qos-global traffic-statistic command, you can view the traffic statistics
information.
This command is used for displaying the traffic statistics information. The information
displayed includes the ACL corresponding to the traffic to be counted and the number
of packets counted.
Example
# Display the traffic statistics information.

<Quidway> display qos-global traffic-statistic
2-20
traffic-statistic
0 byte
0 packet
0 byte
0 packets
Field Description
traffic-statistic
0 packet
2.2.7 display qos-interface all
Syntax
display qos-interface [ interface-name | interface-type interface-num ] all
View
Any view
Parameter

Description
Using display qos-interface all command, you can view the QoS setting of all the
ports.
If you do not input the port parameters, the command will display all the QoS settings
on the switch, including traffic limit and line rate etc. If you set the port parameters, the
configuration information about the specified port will be displayed.
Example
# Display the QoS settings of all the ports.

<Quidway> display qos-interface all
2-21
Ethernet0/2: traffic-limit
Inbound:
Matches: acl 2000 rule 0 running
Target rate: 4 Mbps
Exceed action: drop
Ethernet0/2: line-rate
Line rate: 3 Mbps
Line rate: 5 Mbps
Field Description
Indicates the traffic-limit configuration of the port.
“Inbound:” indicates system only treats the traffic
Ethernet0/2: traffic-limit received by the port.
Inbound: “Matches: acl 2000 rule 0 running” indicates the
Matches: acl 1 rule 0 classification rule to the traffic.
running “Target rate: 4 Mbps” indicates the s the normal rate for
Target rate: 4 Mbps the packets matching the classification rule.
Exceed action: drop “Exceed action: drop” indicates the action to the traffic
which match the classification rule but exceed the
normal rate. The action can be “drop” or “remark-dscp”.
Indicates the line-rate configuration of the port.
“Line rate: 3 Mbps” indicates the general packet sending
Line rate: 3 Mbps
rate on a port.
2.2.8 display qos-interface line-rate
Syntax
display qos-interface [ interface-name | interface-type interface-num ] line-rate
View
Any view
Parameter

Description
Using display qos-interface line-rate command, you can view the settings of
outgoing line rate on the port.
2-22
If you do not input the port parameters, the command will display the outgoing line rate
settings on the port. If you set the port parameters, the configuration information about
the specified port will be displayed. The information displayed includes egress port and
the line rate.
Example
# Display the line rate settings on the port.

[Quidway-Ethernet0/4] display qos-interface line-rate
Line rate: 3 Mbps
Line rate: 5 Mbps
Field Description
Indicates the line-rate configuration of the port.
“Line rate: 3 Mbps” indicates the general packet sending
Line rate: 3 Mbps
rate on a port.
2.2.9 display qos-interface traffic-limit
Syntax
display qos-interface [ interface-name | interface-type interface-num ] traffic-limit
View
Any view
Parameter

Description
Using display qos-interface traffic-limit command, you can view the settings of traffic
limit.
If you do not input the port parameters, the command will display the traffic limit settings
on the switch. If you set the port parameters, the configuration information about the
specified port will be displayed. The information displayed includes the ACL of the
traffic to be limited, the limited average rate and the settings of some related policing
action.
For the related command, see traffic-limit.
2-23
Example
# Display the settings of traffic limit.

<Quidway> display qos-interface traffic-limit
Inbound:
Target rate: 10 Mbps
Inbound:
Target rate: 100 Mbps
Exceed action: drop
Field Description
Indicates the traffic-limit configuration of the port.
“Inbound:” indicates system only treats the traffic
Ethernet0/2: traffic-limit received by the port.
Inbound: “Matches: acl 2000 rule 0 running” indicates the
classification rule to the traffic.
Matches: acl 2000 rule 0
running “Target rate: 4 Mbps” indicates the s the normal rate
for the packets matching the classification rule.
Target rate: 4 Mbps
“Exceed action: drop” indicates the action to the
Exceed action: drop
traffic which match the classification rule but exceed
the normal rate. The action can be “drop” or
“remark-dscp”.
2.2.10 display queue-scheduler
Syntax
display queue-scheduler
View
Any view
Parameter
None
Description
Using display queue-scheduler command, you can view the queue scheduling mode
and parameters.
2-24
Example
# Display the queue scheduling mode and parameters.

<Quidway> display queue-scheduler
Queue scheduling mode: strict-priority
The display information shows the queue scheduling mode of the switch is
Strict-Priority.
2.2.11 line-rate
Syntax
line-rate target-rate
undo line-rate
View
Ethernet port view
Parameter
target-rate: Specifies the general packet sending rate on a port, ranging from 1 to 100
measured in Mbps.
Description
Using line-rate command, you can configure the limitation of the rate to restrict the
general speed of sending packets through the port. Using undo line-rate command,
you can cancel the limitation of the rate.
This command is used for configuring the general limitation of rate on the port for
sending packets.
Example
# Limit the rate on port e0/1 to 10Mbps.

[Quidway-Ethernet0/1] line-rate 10
2.2.12 mirrored-to
Syntax
mirrored-to { user-group acl-number | acl-name [ rule rule ] | { ip-group { acl-number

| acl-name } [ rule rule ] | link-group { acl-number | acl-name } [ rule rule ] }* } interface
{ interface-name | interface-type interface-num }
2-25
undo mirrored-to { user-group acl-number | acl-name [ rule rule ] | { ip-group

rule ] }* }
View
System view
Parameter
user-group { acl-number | acl-name } [ rule rule ]: Specifies a user-defined ACL.

interface { interface-name | interface-type interface-num }: Specifies the destination
port where the traffic will be mirror. interface-num specifies the port number.
interface-num and interface-type specify a complete port name together.
interface-name is interface-type added with interface-num.
Description
Using mirrored-to command, you can enable ACL traffic identification and perform
traffic mirror. Using undo mirrored-to command, you can cancel traffic mirror.
This command is used for mirroring the traffic matching the specified ACL (whose
action is permit). The observing port cannot be a Trunk port or aggregated port.
This command only supports one observing port. When you use the traffic mirror for the
first time, you have to designate the observing port.
For the related command, see display qos-global mirrored-to.
Example
# Mirrors the packets matching the ACL 2000 rules, whose action is permit, to the port
Ethernet0/1.
[Quidway] mirrored-to ip-group 2000 interface e0/1
2-26
2.2.13 priority
Syntax
undo priority
View
Ethernet Port views
Parameter
priority-level: Specifies the priority level of the port, ranging from 0 to 7.
Description
Using priority command, you can configure the priority of Ethernet port. Using undo
priority command, you can restore the default port priority.
By default, the priority level of the port is 0 and switch replaces the 802.1p priority
carried by a packet with the port priority.
Every port of Ethernet switch supports four packet egress queues. The switch puts the
packets into different egress queues according to their priorities.
You can set a priority for a port and replace the 802.1p priority carried in the packet with
it. After transmitting a packet, the switch will replace the packet 802.1p priority with the
priority of the received port, according to which the packet will be put into the
corresponding egress queue.
Example
# Set the priority of Ethernet0/1 port to 7.

Syntax
priority trust
undo priority
View
Ethernet port view
Parameter
None
2-27
Description
Using priority trust command, you can configure system trusting the packet 802.1p
priority and not replacing the 802.1p priorities carried by the packets with the port
priority. Using undo priority command, you can configure the system not trust packet
802.1p priority.
By default, the system replaces the 802.1p priority carried by a packet with the port
priority.
For the related command, see priority.
Example
# Configure system trusting the packet 802.1p priority and not replacing the 802.1p
priorities carried by the packets with the port priority.
Syntax

View
System view
Parameter

ranges from 0 to 7.
ranges from 0 to 7.
ranges from 0 to 7.
ranges from 0 to 7.
ranges from 0 to 7.
ranges from 0 to 7.
2-28

ranges from 0 to 7.
ranges from 0 to 7.
Description
Using qos cos-local-precedence-map command, you can configure “COS

->Local-precedence” map. Using undo qos cos-local-precedence-map command,
you can restore its default value.
By default, the system provides the default “COS ->Local-precedence” mapping
relationship.
Table 2-16 The default “COS ->Local-precedence” map

0 2
1 0
2 1
3 3
4 4
5 5
6 6
7 7
If needed, you can change “COS->Local-precedence” map using the command.
Example
# Configure “COS->Local-precedence” map.

After the configuration, the “COS->Local-precedence” map is shown in Table 1-6.
Table 2-17 “COS->Local-precedence” map

0 0
1 1
2 2
3 3
4 4
2-29

5 5
6 6
7 7
Syntax
queue-scheduler { strict-priority | wrr queue1-weight queue2-weight queue3-weight

queue4-weight | wrr-max-delay queue1-weight queue2-weight queue3-weight
queue4-weight maxdelay }
undo queue-scheduler
View
System view
Parameter
strict-priority: Configures to perform strict priority scheduling.

wrr queue1-weight queue2-weight queue3-weight queue4-weight: Configures to
perform WRR scheduler. queue1-weight: Specifies the weight (percent of bandwidth
assigned) 1. queue2-weight: Specifies the weight of the queue 2. queue3-weight:
Specifies the weight of the queue 3. queue4-weight: Specifies the weight of the queue
4.
wrr-max-delay queue1-weight queue2-weight queue3-weight queue4-weight
maxdelay: Configures to perform Delay bounded WRR scheduler. queue1-weight:
Specifies the weight (percent of bandwidth assigned) 1. queue2-weight: Specifies the
weight of the queue 2. queue3-weight: Specifies the weight of the queue 3.
queue4-weight: Specifies the weight of the queue 4. maxdelay: Specifies the maximum
delay, ranging from 1 to 255, unit is 16ms. The packets in the highest-priority queue will
be transmitted directly when the maximum delay expires.
Description
Using queue-scheduler command, you can configure the queue scheduler and the
related parameters. Using undo queue-scheduler command, you can restore the
default queue scheduler.
By default, the value is strict-priority.
For WRR and Delay bounded WRR, the sum of all the weights should equal 100.
For the related command, see display queue-scheduler.
2-30
Example
# Configure to perform WRR with the weights of the four queues as 20, 20, 30 and 30
respectively.
[Quidway] queue-scheduler wrr 20 20 30 30
Syntax
reset traffic-statistic { all | user-group { acl-number | acl-name } [ rule rule ] |

{ ip-group { acl-number | acl-name } [ rule rule ] | link-group { acl-number | acl-name }
[ rule rule ] }* }
View
User view
Parameter
all: Indicates to clear all the traffic statistics information of the ACLs configured with this
function (including the combination items).
Description
Using reset traffic-statistic command, you can reset the traffic statistics information.
This command is used for clearing the statistics information about all the traffic or a
specified one.
2-31
Command Function
Reset statistic information of traffic. This command is used

in the case of filtering or classifying the data transmitted by
reset traffic-statistic the hardware of switch. Commonly, this command is used
to reset the statistics information of the traffic-statistic
command.
Example
# Clear the statistics information about ACL 2000.

<Quidway> reset traffic-statistic ip-group 2000
2.2.18 traffic-limit
Syntax
traffic-limit inbound { user-group { acl-number | acl-name } [ rule rule ] | { ip-group

rule ] }* } target-rate [ exceed action ]
undo traffic-limit inbound { user-group { acl-number | acl-name } [ rule rule ] |
{ ip-group { acl-number | acl-name } [ rule rule ] | link-group { acl-number | acl-name }
[ rule rule ] }* }
View
Ethernet port view
Parameter
inbound: Configures to limit the rate of traffic received via the interface.
2-32
target-rate: Specifies the normal rate, measured in mbps, ranging from 1 to 100.
exceed action: Specifies the action executed when the traffic exceeds the set rate,
which include:
z drop: Drop the packet;
z remark-dscp value: Set a new DSCP value.
Description
Using traffic-limit command, you can enable ACL traffic identification and perform
limiting the rate of the traffic matching the specified ACL (whose action is permit). Using
undo traffic-limit command, you can cancel the traffic limit.
Example
# Limit rate of the traffic matching the ACL 2000 rules on Ethernet0/1, whose action is
permit. The normal traffic rate is set to 50Mbps. Drop the packets exceeding the traffic.
The local preference of the packets within the traffic range is set to 0.
[Quidway-Ethernet0/1] traffic-limit inbound ip-group 2000 50 exceed drop
Syntax
traffic-priority { user-group { acl-number | acl-name } [ rule rule ] | { ip-group

rule ] }* } { { dscp dscp-value | ip-precedence { pre-value | from-cos } } | cos
{ pre-value | from-ipprec } | local-precedence pre-value }*
undo traffic-priority { user-group { acl-number | acl-name } [ rule rule ] | { ip-group
rule ] }* }
View
System view
Parameter

2-33
dscp dscp-value: Specifies DSCP preference, ranging from 0 to 63.
ip-precedence { pre-value | from-cos }: Specifies IP preference. pre-value specifies
the IP preference, ranging from 0 to 7. from-cos indicates to set the IP preference to
the same as that of 802.1p of the packet.
cos { pre-value | from-ipprec }: Specifies 802.1p preference. pre-value specifies the
802.1p preference, ranging from 0 to 7. from-ipprec indicates to set the 802.1p
preference to the same as IP preference.
local-precedence pre-value: Specifies the local preference, ranging from 0 to 7.
Description
Using traffic-priority command, you can activate ACL and tag the traffic priority
(whose action is permit). Using undo traffic-priority command, you can cancel the
traffic priority settings.
It can mark three priorities (dscp/IP preference, and cos) for the packets. The switch
can put the packets into egress queue according to the cos value (namely the 802.1p
preference) or local preference. If both 802.1p preference and local preference are set,
the switch will use the 802.1p preference first.
For the related command, see display qos-global traffic-priority.
Example
# Marks the priority for the packets matching the permit rules of ACL 2000. It sets the
local preference to 0:
[Quidway] traffic-priority ip-group 2000 local-precedence 0
2-34
2.2.20 traffic-redirect
Syntax
traffic-redirect { user-group { acl-number | acl-name } [ rule rule ] | { ip-group

rule ] }* } { cpu | interface { interface-name | interface-type interface-num } }
undo traffic-redirect { user-group { acl-number | acl-name } [ rule rule ] | { ip-group
rule ] }* }
View
System view
Parameter

cpu: Configures to redirect the traffic to the CPU.
interface { interface-name | interface-type interface-num }: Specifies the Ethernet port
to which the packets will be redirected. interface-type specifies the port type, which can
be ethernet only. interface-num specifies the port number. interface-num and
interface-type specify a complete port name together. interface-name is interface-type
added with interface-num.
Description
Using traffic-redirect command, you can activate the ACL to recognize and redirect
the traffic(whose action is permit). Using undo traffic-redirect command, you can
cancel the redirection.
For the related command, see display qos-global traffic-redirection.
2-35
Example
# Redirects the packets matching the ACL 2000 rules with action permit to the port
Ethernet0/1.
[Quidway] traffic-redirect ip-group 2000 interface e0/1
Syntax
traffic-statistic { user-group { acl-number | acl-name } [ rule rule ] | { ip-group

rule ] }* }
undo traffic-statistic { user-group { acl-number | acl-name } [ rule rule ] | { ip-group
rule ] }* }
View
System view
Parameter

Description
Using traffic-statistic command, you can activate the ACL to recognize and count the
traffic(whose action is permit). Using undo traffic-statistic command, you can cancel
the traffic statistics.
2-36

For the related command, see display qos-global traffic-statistic.
Example
# Count the packets matching the ACL 2000 rules with action permit.
[Quidway] traffic-statistic ip-group 2000
2.3 QoS Configuration Commands of S3552 Series Switches

S3552 Series Ethernet Switches include S3552G, S3552P, S3528G, and S3528P
Ethernet Switches.
2.3.1 display mirror
Syntax
display mirror
View
Any view
Parameter
None
Description
Using the display mirror command, you can view port mirroring configuration,
including monitored ports, monitor port and monitor direction, etc.
For the related command, see mirroring-port, monitor-port.
Example
# Display port mirroring configuration.

[Quidway] display mirror
Monitor port:
Ethernet0/1
Mirroring port:
Ethernet0/3 inbound
Ethernet0/4 outbound
2-37
2.3.2 display qos conform-level
Syntax
display qos conform-level [ conform-level-value ] { dscp-policed-service-map

[ dscp-list ] | local-precedence-cos-map }
View
Any view
Parameter
conform-level-value: Conform level, in the range of 0~2.

dscp-policed-service-map [ dscp-list ]: Displays “DSCP + Conform-level → Service
group” mapping table. dscp-list: DSCP value, in the range of 0~63. You can input a
single value or a value range, for example, “46” or “0 8 10 16”, in which blank space
must be inserted between values. If you input nothing for it, the whole mapping table
will be displayed.
local-precedence-cos-map: Displays “Local-precedence + Conform-level → 802.1p
priority” mapping table.
Description
Using the display qos conform-level command, you can view “DSCP +
Conform-level → Service group” and “Local-precedence + Conform-level → 802.1p
priority” mapping tables.
Example
# Display “DSCP + Conform-level → Service group” mapping table.

<Quidway> display qos conform-level 0 dscp-policed-service-map
Conform-level 0 :
Dscp-policed-service Map :
dscp : dscp exp cos local-precedence drop-precedence
--------------------------------------------------------------------------
---------
0 : 0 0 0 0 0
8 : 8 1 1 1 0
10 : 10 1 1 1 0
16 : 16 2 2 2 0
18 : 18 2 2 2 0
24 : 24 3 3 3 0
26 : 26 3 3 3 0
32 : 32 4 4 4 0
34 : 34 4 4 4 0
2-38
40 : 40 5 5 5 0
46 : 46 5 5 5 0
48 : 48 6 6 6 0
56 : 56 7 7 7 0
# Display “Local-precedence + Conform-level → 802.1p priority mapping table.

<Quidway> display qos conform-level 0 local-precedence-cos-map
Conform-level 0 :
Local-precedence-cos-map :
Local-prec : 0 1 2 3 4 5 6 7
----------------------------------------------------------------
cos 2 0 1 3 4 5 6 7
2.3.3 display qos cos-drop-precedence-map
Syntax
display qos cos-drop-precedence-map
View
Any view
Parameter
None
Description
Using the display qos cos-drop-precedence-map command, you can view “CoS →
Drop-precedence” mapping table.
Example
# Display “CoS → Drop-precedence” mapping table.

<Quidway> display qos cos-drop-precedence-map
cos-drop-precedence-map:
cos : 0 1 2 3 4 5 6 7
-------------------------------------------------------------------
drop-precedence : 2 2 1 1 1 1 0 0
Syntax
2-39
View
Any view
Parameter
None
Description
Using the display qos cos-local-precedence-map command, you can view “CoS →
Local-precedence” mapping table.
Example
# Display “CoS → Local –precedence” mapping table.

cos : 0 1 2 3 4 5 6 7
--------------------------------------------------------------------------
Syntax
View
Any view
Parameter
None
Description
Using the display qos-global all command, you can view all QoS configuration items.
Example
# Display all QoS configuration items.

<Quidway> display qos-global all
2.3.6 display qos-interface all
Syntax
display qos-interface [ interface-name | interface-type interface-num ] all
2-40
View
Any view
Parameter
interface-name | interface-type interface-num: Port of the switch
Description
Using the display qos-interface all command, you can view port QoS configuration. If
you specify a port, only its configuration is displayed. Otherwise, QoS configuration
items of all ports will be displayed.
Example
# Display QoS configuration of all ports.

<Quidway> display qos-interface all
2.3.7 display qos-interface drop-mode
Syntax
display qos-interface [ interface-name | interface-type interface-num ] drop-mode
View
Any view
Parameter
Description
Using the display qos-interface drop-mode command, you can view drop mode for
outbound port queues. If you specify a port, only its drop mode is displayed. Otherwise,
drop mode of all ports will be displayed.
For the related command, see drop-mode.
Example
# Display drop mode of all ports.

<Quidway>display qos-interface drop-mode
2.3.8 display qos-interface queue-scheduler
Syntax

queue-scheduler
2-41
View
Any view
Parameter
Description
Using the display qos-interface queue-scheduler command, you can view queue
scheduling mode and corresponding parameter configuration. If you specify a port, only
its queue scheduling mode is displayed. Otherwise, queue scheduling mode of all ports
will be displayed.
Example
# Display queue scheduling mode.

<Quidway>display qos-interface queue-scheduler
Ethernet0/1 Port scheduling:
QID: scheduling-group weight
-----------------------------------
0 : sp 0
1 : sp 0
2 : sp 0
3 : wrr , group1 25
4 : sp 0
5 : wrr , group2 30
6 : sp 0
7 : sp 0
Ethernet0/2 Port scheduling:

QID: scheduling-group weight
-----------------------------------
0 : sp 0
1 : sp 0
2 : sp 0
3 : sp 0
4 : sp 0
5 : sp 0
6 : sp 0
…
2-42
2.3.9 display qos-interface traffic-shape
Syntax
display qos-interface [ interface-name | interface-type interface-num ] traffic-shape
View
Any view
Parameter
Description
Using the display qos-interface traffic-shape command, you can view traffic shaping
configuration, including maximum line rate, burst size (kbyte), maximum queue length.
If you specify a port, only its traffic shaping configuration is displayed. Otherwise, the
traffic shaping configuration of all ports will be displayed.
Example
# Display traffic shaping configuration of all ports.

[Quidway-Ethernet0/4] display qos-interface traffic-shape
2.3.10 display qos-interface mirrored-to
Syntax
display qos-interface [ interface-name | interface-type interface-num ] mirrored-to
View
Any view
Parameter
Description
Using the display qos-interface mirrored-to command, you can view traffic mirroring
configuration.
Example
# Display traffic mirroring configuration.

<Quidway>display qos-interface mirrored-to
2-43
2.3.11 display qos-interface traffic-limit
Syntax
display qos-interface [ interface-name | interface-type interface-num ] traffic-limit
View
Any view
Parameter
Description
Using the display qos-interface traffic-limit command, you can view traffic limit
configuration, including the corresponding ACL, committed information rate, committed
burst size, peak information rate and monitor action configuration.
For the related command, see traffic-limit.
Example
# Display traffic limit configuration.

<Quidway> display qos-interface traffic-limit
2.3.12 display qos-interface traffic-priority
Syntax
display qos-interface [ interface-name | interface-type interface-num ] traffic-priority
View
Any view
Parameter
Description
Using the display qos-interface traffic-priority command, you can view priority
re-labeling configuration, including the corresponding ACL, priority type and priority
level.
Example
# Display priority re-labeling configuration.

<Quidway> display qos-interface traffic-priority
2-44
2.3.13 display qos-interface traffic-redirect
Syntax
display qos-interface [ interface-name | interface-type interface-num ] traffic-redirect
View
Any view
Parameter
Description
Using the display qos-interface traffic-redirect command, you can view traffic
redirection configuration, including the corresponding ACL and port.
For the related command, see traffic-redirect.
Example
# Display traffic redirection configuration.

<Quidway> display qos-interface traffic-redirect
2.3.14 display qos-interface traffic-statistic
Syntax

traffic-statistic
View
Any view
Parameter
Description
Using the display qos-interface traffic-statistic command, you can view traffic
statistics, including the corresponding ACL and packet counts.
Example
# Display traffic statistics.

<Quidway> display qos-interface traffic-statistic
2-45
2.3.15 drop-mode
Syntax
drop-mode { tail-drop | wred } [ wred-index ]

undo drop-mode
View
Ethernet port view
Parameter
tail-drop: Tail-drop mode

wred: WRED drop mode
wred-index: WRED index, in the range of 0~3. By default, it is 0.
Description
Using the drop-mode command, you can specify drop mode at a port. Using the undo
drop-mode command, you can restore the default drop mode, i.e., tail-drop mode.
By default, a port is configured with tail-drop mode.
In the case of network congestion, the switch drops packets to release system
resources. And then no packets are put into long-delay queues. The following two drop
modes are available:
z Tail-drop mode: Different queues (red, yellow and red) are allocated with different
drop thresholds. When these thresholds are exceeded respectively, excessive
packets will be dropped.
z WRED drop mode: Drop precedence is taken into account in action. When only
min-thresholds of red, yellow and green packets are exceeded, excessive packets
are dropped randomly at given probability. But when max-thresholds of red, yellow
and green packets are exceeded, all excessive packets will be dropped.
Example
# Select WRED drop mode for the port Ethernet0/1, use the threshold of WRED 0.
[Quidway-Ethernet0/1] drop-mode wred 0
2.3.16 dscp
Syntax
dscp dscp-list : dscp-value cos-value local-precedence-value drop-precedence

undo dscp [ dscp-list ]
2-46
View
Conform-level view
Parameter
dscp-list: Original DSCP value, in the range of 0~63. You can input a single value or a
value range, for example, “46” or “0 8 10 16”, in which blank space must be inserted
between values.
dscp-value: Modified DSCP value, in the range of 0~63
cos-value: Modified 802.1p priority value, in the rage of 0~7
local-precedence-value: Modified local precedence value, in the range of 0~7
drop-precedence: Modified conform-level, in the range of 0~2
Description
Using the dscp command, you can configure the “DSCP + Conform-level → Service
group” mapping table of a conform-level. Using the undo dscp command, you can
restore its default values.
You must enter a specific conform-level view to configure the “DSCP + Conform-level
→ Service group” mapping table of that level. For example, when you enter
conform-level 0 view, you can only modify the mapping table of conform-level 0.
Example
# Configure the “DSCP + Conform-level → Service group” mapping table of

conform-level 0.
[Quidway-conform-level-0] dscp 0: 0 0 0 0 0
[Quidway-conform-level-0] dscp 8 10 : 8 1 1 0
[Quidway-conform-level-0] dscp 16 18: 16 2 2 0
[Quidway-conform-level-0] dscp 40 46: 40 5 5 0
[Quidway-conform-level-0] dscp 48 : 48 6 6 0
[Quidway-conform-level-0] dscp 56 : 56 7 7 0
The following is a configured “DSCP + Conform-level → Service group” mapping table.
Table 2-19 “DSCP + Conform-level → Service group” mapping table
Conform Policed-DS Policed-80 Policed-Loc Policed-Drop

DSCP
-level CP 2.1p alprec Precedence
0 0 0 0 0 0
8 0 8 1 1 0
10 0 8 1 1 0
2-47
Conform Policed-DS Policed-80 Policed-Loc Policed-Drop

DSCP
-level CP 2.1p alprec Precedence
16 0 16 2 2 0
18 0 16 2 2 0
24 0 24 3 3 0
26 0 24 3 3 0
32 0 32 4 4 0
34 0 32 4 4 0
40 0 40 5 5 0
46 0 40 5 5 0
48 0 48 6 6 0
56 0 56 7 7 0
2.3.17 local-precedence
Syntax
local-precedence cos-value0 cos-value1 cos-value2 cos-value3 cos-value4

cos-value5 cos-value6 cos-value7
undo local-precedence
View
Conform-level view
Parameter
cos-value0: 802.1p priority value corresponding to Local-precedence 0, in the range of

0~7
0~7
0~7
0~7
0~7
0~7
2-48

0~7
0~7
Description
Using the local-precedence command, you can configure the “Local-precedence +

Conform-level → 802.1p priority” mapping table of a conform-level. Using the undo
local-precedence command, you can restore its default values.
You must enter a specific conform-level view to configure the “Local-precedence +
Conform-level → 802.1p priority” mapping table of that level. For example, when you
enter conform-level 0 view, you can only modify the mapping table of conform-level 0.
Example
# Configure “Local-precedence + Conform-level → 802.1p priority” mapping table of

conform-level 0.
[Quidway-conform-level-0] local-precedence 0 1 2 3 5 5 6 7
The following is a configured “Local-precedence + Conform-level → 802.1p priority”

mapping table.
Table 2-20 “Local-precedence + Conform-level → 802.1p priority” mapping table
Local-precedence CL 802.1p
0 0 0
1 0 1
2 0 2
3 0 3
4 0 5
5 0 5
6 0 6
7 0 7
2.3.18 mirrored-to
Syntax
mirrored-to inbound acl-rule { cpu | monitor-interface }

undo mirrored-to inbound acl-rule
2-49
View
Ethernet port view
Parameter
inbound: Configures traffic mirroring to inbound packets.

Combined Mode Value



cpu: Mirrors the traffic to the CPU.
monitor-interface : Mirrors data stream to the monitoring port.
2-50
Description
Using the mirrored-to command, you can activate ACL and mirror the data stream to
CPU or to the specified monitoring port. Using the undo mirrored-to command, you
can remove traffic mirroring setting.
This configuration is only applicable to the packets which match the ACL rules and the
permitted rules.
Note:
You must use the monitor-port command to configure the monitoring port before you
mirror data stream to specified port. The switch only mirrors the packets received by
the traffic, when you use the monitor-port command to configure the monitoring port,
you must configure the direction of the monitored packets as inbound or both.
For the related command, see display qos-interface mirrored-to.
Example
# Mirror the packets which match the permitted rules in ACL 2000 to the CPU.
[Quidway-Ethernet0/1] mirrored-to inbound ip-group 2000 cpu
2.3.19 mirroring-port
Syntax
mirroring-port port-list { inbound | outbound | both }

undo mirroring-port port-list { inbound | outbound | both }
View
System view
Parameter
port-list: Ethernet port list, representing multiple ports, in the format of port-list =
| interface_name } ] }&<1-10>. &<1-10> means you can input those parameters for ten
times at most.
inbound | outbound | both: Indicates to monitor the packets of which direction.
Inbound means to monitor inbound packets; outbound means to monitor outbound
packets; both means to monitor packets of both directions.
2-51
Description
Using the mirroring-port command, you can configure a monitored port. Using the
undo mirroring-port command, you can remove setting of monitored port.
You can indicate to monitor the packets of which direction in configuring monitored port.
The switch supports multiple-to-one mirroring. You need to configure monitor port
before configuring monitored port.
For the related command, see display mirror.
Example
# Configure the port Ethernet0/1 as a monitored port, monitoring packets of both

directions.
[Quidway] mirroring-port ethernet 0/1 both
2.3.20 monitor-port
Syntax
monitor-port { interface_name | interface_type interface_num } { inbound | outbound

| both }
undo monitor-port { interface_name | interface_type interface_num } { inbound |
outbound | both }
View
System view
Parameter
{ interface_name | interface_type interface_num }: Port of the switch

inbound | outbound | both: Indicates to monitor the packets of which direction.
Inbound means to monitor inbound packets; outbound means to monitor outbound
packets; both means to monitor packets of both directions.
Description
Using the monitor-port command, you can configure a monitor port. Using the undo
monitor-port command, you can remove the setting of monitor port.
The switch supports multiple-to-one port mirroring, that is, duplicating the packets at
multiple ports to the monitor port. You can only specify one monitor port. You should
first remove the setting of all corresponding monitored ports before canceling the
configuration of the monitor port.
For the related command, see display mirror.
2-52
Example
# Configure the port Ethernet0/4 as a monitor port.

[Quidway] monitor-port ethernet 0/4 inbound
2.3.21 priority
Syntax
undo priority
View
Ethernet port view
Parameter
priority-level: Port priority value, in the range of 0~7. By default, it is 0.
Description
Using the priority command, you can configure the local precedence values at a port.
Using the undo priority command, you can restore the default values.
Upon receiving a packet, the switch allocates a service group set to it. The priority value
is allocated according to this: First obtain local precedence value based on “CoS →
Local-precedence” mapping table. If unsuccessful, the local precedence value of
receive port will be used as that for the packet.
Example
# Configure the port Ethernet0/1 with priority value 7.

Syntax
priority trust
undo priority
View
Ethernet port view
Parameter
None
2-53
Description
Using the priority trust command, you can set not to replace the packet 802.1p priority
value with port priority value, but to trust the packet 802.1p priority value. Using the
undo priority command, you can restore the default setting, replacing packet priority
value with port priority value.
By default, the switch replaces the packet 802.1p priority value with port priority value.
Example
# Set to trust packet priority value at the port Ethernet0/1.

2.3.23 qos conform-level
Syntax
qos conform-level conform-level-value
View
System view
Parameter
conform-level conform-level-value: Conform-level, in the range of 0~2
Description
Using the qos conform-level command, you can create a conform-level and enter it.
The switch supports three conform-levels, numbered respectively as 0, 1 and 2. Input
the corresponding number to enter the desired conform-level view, in which you can
configure the “DSCP + Conform-level → Service group” and “Local-precedence +
Conform-level → 802.1p priority” mapping tables.
Example
# Create and enter conform-level 0 view.

[Quidway] qos conform-level 0
[Quidway-conform-level-0]
2.3.24 qos cos-drop-precedence-map
Syntax
qos cos-drop-precedence-map cos0-map-drop-prec cos1-map-drop-prec

cos2-map-drop-prec cos3-map-drop-prec cos4-map-drop-prec cos5-map-drop-prec
cos6-map-drop-prec cos7-map-drop-prec
2-54
undo qos cos-drop-precedence-map
View
System view
Parameter
cos0-map-drop-prec: CoS 0 → drop precedence mapping value, in the range of 0~2.

Cos1-map-drop-prec: CoS 1 → drop precedence mapping value, in the range of 0~2.
Description
Using the qos cos-drop-precedence-map command, you can configure “CoS →

Drop-precedence” mapping table. Using the undo qos cos-drop-precedence-map
command, you can restore its default setting.
The following is the default “CoS → Drop-precedence” mapping table.
Table 2-22 Default “CoS → Drop-precedence” mapping table
CoS Value Drop-precedence

0 0
1 0
2 0
3 0
4 0
5 0
6 0
7 0
Upon receiving a packet, the switch allocates a service group set to it, including CoS
value, local precedence value, drop-precedence. The allocation rule is based on the
packet 802.1p priority: use the 802.1p priority value as the CoS value, obtain local
precedence value and drop-precedence respectively from “CoS → Local-precedence”
mapping table and “CoS → Drop-precedence” mapping table.
2-55
Example
# Configure “CoS → Drop-precedence” mapping table.

[Quidway] qos cos-drop-precedence-map 2 2 1 1 1 0 0 0
The following is the modified “CoS → Drop-precedence” mapping table.
Table 2-23 “CoS → Drop-precedence” mapping table
CoS Value Drop-precedence

0 2
1 2
2 1
3 1
4 1
5 0
6 0
7 0
Syntax

View
System view
Parameter
cos0-map-local-prec: CoS 0 → Local precedence mapping value, in the range of 0~7.

2-56
Description
Using the qos cos-local-precedence-map command, you can configure “CoS →

Local-precedence” mapping table. Using the undo qos cos-local-precedence-map
command, you can restore its default values.
The following is the default “CoS → Local-precedence” mapping table.
Table 2-24 Default “CoS → Local-precedence” mapping table
CoS Value Local Precedence

0 2
1 0
2 1
3 3
4 4
5 5
6 6
7 7
Upon receiving a packet, the switch allocates a service group set to it, including CoS
value, local precedence value, drop-precedence. The allocation rule is based on the
packet 802.1p priority: use the 802.1p priority value as the CoS value, obtain local
precedence value and drop-precedence respectively from “CoS → Local-precedence”
mapping table and “CoS → Drop-precedence” mapping table.
Example
# Configure “CoS → Local-precedence” mapping table.

The following is the configured "CoS → Local-precedence” mapping table.
2-57
Table 2-25 “CoS → Local-precedence” mapping table
CoS Value Local Precedence

0 0
1 1
2 2
3 3
4 4
5 5
6 6
7 7
2.3.26 queue
Syntax
queue queue-id green-min-threshold green-max-threshold green-max-prob

yellow-min-threshold yellow-max-threshold yellow-max-prob red-min-threshold
red-max-threshold red-max-prob exponent
undo queue queue-id
View
WRED index view
Parameter
queue-id: Outbound queue ID, in the range of 0~7.

green-min-threshold: Minimum average queue length to trigger random green packet
dropping, in the range of 0~65535.
green-max-threshold: Maximum average queue length to trigger complete green
packet dropping, in the range of 0~65535.
green-max-prob: Maximum drop probability for green packets, in the range of 1~15. It
indicates the drop probability of the green packets when the green queue length
reaches green-max-threshold.
yellow-min-threshold: Minimum average queue length to trigger random yellow packet
yellow-max-threshold: Maximum average queue length to trigger complete yellow
packet dropping, in the range of 0~65535.
2-58
yellow-max-prob: Maximum drop probability for yellow packets, in the range of 1~15. It
indicates the drop probability of the yellow packets when the yellow queue length
reaches yellow-max-threshold.
red-min-threshold: Minimum average queue length to trigger random red packet
red-max-threshold: Maximum average queue length to trigger complete red packet
red-max-prob: Maximum drop probability for red packets, in the range of 1~15. It
indicates the drop probability of the red packets when the red queue length reaches
red-max-threshold.
exponent: Weight for calculating average queue length, in the range of 1~15.If the
parameter is small, the average queue length follows the actual queue length quickly; if
it is large, the average queue length follows the actual queue length slowly. By default,
it is 9.
Description
Using the queue command, you can configure parameters for a WRED index. Using
the undo queue command, you can restore the default values for the WRED index.
The switch provides four sets of default WRED parameters, respectively numbered as
0~3. Each set includes 80 parameters, 10 parameters for each of the eight ports.
Example
# Configure parameters for WRED 0: queue-id is 7; green-min-threshold is 150;

green-max-threshold is 500; green-max-prob is 5; yellow-min-threshold is 100;
yellow-max-threshold is 150; yellow-max-prob is 10; red-min-threshold is 50;
red-max-threshold is 100; red-max-prob is 15; exponent is 10.
[Quidway-wred-0] queue 7 150 500 5 100 150 10 50 100 15 10
Syntax
queue-scheduler wrr { group1 { queue-id queue-weight } &<1-8> | group2 { queue-id

queue-weight } &<1-8> }*
undo queue-scheduler [ queue-id ] &<1-8>
View
Ethernet port view
Parameter
wrr: Weighted round Robin algorithm
2-59
group1: Adds the queue to WRR priority group 1.

group2: Adds the queue to WRR priority group 2.
queue-id: Outbound queue ID, in the range of 0~7.
queue-weight: Queue weight, in the range of 1~255.
&<1-8>: You can input the queue-id and queue-weight parameters eight times at most.
Description
Using the queue-scheduler command, you can choose queue scheduling algorithm
and parameters. Using the undo queue-scheduler command, you can restore the
default setting, SP algorithm.
By default, SP algorithm is selected for all outbound queues at a port.
The switch supports eight outbound queues at a port, with different scheduling
algorithms for them. You can configure these queues into different scheduling groups:
SP group, WRR priority group 1 and group 2. For example, you can set queues 6 and 7
into SP group, queues 3, 4 and 5 into WRR priority group 1 and queues 0, 1 and 2 into
WRR priority group 2. Then a queue will selected respectively from theses three groups
according to their own scheduling algorithms. Then these three selected queues will
scheduled in SP algorithm.
Note:
You must follow these rules to group eight outgoing queues at a port:
z The queues in one group must have consecutive queue numbers. For example,
queue 3, 4 and 5 have consecutive queue numbers and thus can be grouped in one
queue scheduling group; whereas queue 3, 4 and 7 cannot be grouped in one
group.
z You must group the queues with high priority in the SP group, the queues with
comparatively lower priority in the WRR1 group, and the queues with the lowest
priority in the WRR2 group. Ensure that the priorities of all the queues in SP are
higher than that of all the queues in WRR1, and the priorities of all the queues in
WRR1 are higher than that of all the queues in WRR2.
For the related command, see display queue-scheduler.
Example
# Set queues 0~5 in WRR algorithm, queues 0, 1 and 2 belong to group 2, with weight
respectively as 20, 20 and 10; queues 3, 4 and 5 belong to group 1, with weight
respectively as 20, 20 and 10. Set queues 6 and 7 in SP algorithm, the default one.
2-60
[Quidway-Ethernet0/1] queue-scheduler wrr group2 0 20 1 20 2 10 group1 3 20

4 20 5 10
Syntax
reset traffic-statistic inbound { link-group { acl-number | acl-name } [ rule rule ] |

ip-group { acl-number | acl-name } [ rule rule ] }
View
Ethernet port view
Parameter
inbound: Clears statistics of inbound packets at the port.

ip-group { acl-number | acl-name } [ rule rule ]: Basic and advanced ACL; acl-number:
ACL index, in the range of 2000~3999; acl-name: ACL name, a character string starting
with English alphabets (a-z, A-Z), without blank space or quotation marks between;
rule rule: Sub-item of the ACL, optional, in the range of 0~127. If you specify no rule, all
sub-items will be selected.
link-group { acl-number | acl-name } [ rule rule ]: L2 ACL; acl-number: ACL index, in
the range of 4000~4999; acl-name: ACL name, a character string starting with English
alphabets (a-z, A-Z), without blank space or quotation marks between; rule rule:
Sub-item of the ACL, optional, in the range of 0~127. If you specify no rule, all
sub-items will be selected.
Description
Using the reset traffic-statistic command, you can clear the all or designated traffic
statistics, as per your needs.
Example
# Clear traffic statistics of ACL 4000.

[Quidway-Ethernet0/1] reset traffic-statistic inbound link-group 4000
2.3.29 traffic-limit
Syntax
traffic-limit inbound acl-rule cir cbs ebs [ pir ] [ conform { { remark-cos |

remark-drop-priority }* | remark-policed-service } ] [ exceed { forward | drop } ]
undo traffic-limit inbound acl-rule
2-61
View
Ethernet port view
Parameter
inbound: Runs traffic limit on the inbound packets.

Combined Mode Value



cir: Committed information rate, in units of kbps, with the value ranging 8~1000000.
cbs: Committed burst size, in units of byte, with the value ranging 0~ 10000000.
ebs: Excess burst size, in units of byte, with the value ranging 0~10000000.
pir: Peak information rate, in units of kbps, with the value ranging 8~1000000.
remark-cos: Sets 802.1p priority based on conform-level and local precedence.
2-62
remark-drop-priority: Sets drop precedence based on conform-level.

remark-policed-service: Sets service groups based on conform-level and DSCP
priority.
exceed: Chooses action for over-threshold traffic, optional parameter.
z forward: Forwards packets.
z drop: Drops packets.
Description
Using the traffic-limit command, you can enable the ACL, initiate traffic limit and
specify different actions for in-threshold and over-threshold packets. Using the undo
traffic-limit command, you can remove traffic limit setting.
This configuration is only available to the permitted rules.
When setting the parameters of traffic policing, the following rule is recommended:
cir<pir, cbs=ebs=(cir/8)*(1~1.5). For example, if cir is set 1000Kbps, cbs=ebs
=(1000/8)*(1~1.5)= (125~180)Kbytes=(125000~180000)bytes. Note that, the
parameter unit of cbs and ebs is byte.
Note:
If you choose untrusted mode for a specific traffic in traffic-priority operation, that is,
you manually specify a service group for the designated traffic, then the traffic-limit
and traffic-statistic operations are invalid for this traffic. If you choose traffic-limit and
traffic-statistic, however, then the untrusted mode is invalid.
To the same data traffic, you cannot set both remark-cos and remark-policed-service
or both remark-drop-priority and remark-policed-service.
If you want to initiate remark-policed-service or remark-cos action, you must ensure
you have configured “DSCP+Conform-Level → Service group” mapping table or
“TC+Conform-Level → 802.1p priority” mapping table. For more information about
these two mapping tables, see the qos conform-level, dscp and local-precedence
commands.
Example
# Initiate traffic limit on the packets match the permitted rules in ACL 4000, the detailed
setting: CIR is 200 kbps; CBS is 25000 bytes; EBS is 25000bytes; drop the
over-threshold packets.
[Quidway-Ethernet0/1] traffic-limit inbound link-group 4000 200 25000 25000
conform remark-policed-service exceed-action drop
2-63
Syntax
traffic-priority inbound acl-rule { auto | remark-policed-service { trust-dscp | dscp

dscp-value | untrusted dscp dscp-value cos cos-value local-precedence
local-precedence drop-priority drop-level } }
undo traffic-priority inbound acl-rule
View
Ethernet port view
Parameter
inbound: Relabels priority for inbound packets.

Combined Mode Value



2-64
auto: Auto-allocates service groups by the switch.
remark-policed-service: Reallocates service groups.
trust-dscp: Reallocates service groups based on packet DSCP values.
dscp dscp-value: Reallocates service groups based on user-defined DSCP values.
dscp-value ranges 0~63.
untrusted dscp dscp-value cos cos-value local-precedence local-precedence
drop-priority drop-level: User-defines a set of service groups. dscp-value is DSCP
value, in digit (0~63) or name; local-precedence is local precedence value, in digit (0~7)
or name. cos-value is 802.1p priority value, in digits (0~7) or name; drop-level is
conform-level, in digit (0~2).
Description
Using the traffic-priority command, you can enable the ACL and configure traffic
classification and choose a set of service groups for the target traffics (only available to
the permitted rules in the ACL). Using the undo traffic-priority command, you can
cancel service groups for a designated traffic type.
The following modes are available in configuration service groups for a designated
traffic type:
1) The switch allocates service groups when it receives packets. You just select the
auto keyword in the command, for this mode.
2) Choose service groups for packets based on their DSCP values and
conform-levels and get them from “DSCP + Conform-Level → Service group”
mapping table. You just select the remark-policed-service trust-dscp keyword
in the command, for this mode.
3) Choose service groups for packets based on user-defined DSCP values and
conform-levels and get them from “DSCP + Conform-Level → Service group”
mapping table. You just select the remark-policed-service dscp dscp-value
parameter in the command, for this mode.
4) Customize a set of service groups. You just select the remark-policed-service
untrusted dscp dscp-value cos cos-value local-precedence local-precedence
drop-priority drop-level parameter in the command, for this mode.
If you want to choose the second or third mode, you must ensure you have configured
"DSCP + Conform-Level → Service group mapping table. For more information about
this mapping table, see the qos conform-level and dscp commands. In DSCP +
conform-level to service map used by packet priority remark function, the conform-level
equal 0.
2-65
Note:
For the related command, see display qos-interface traffic-priority.
Example
# Auto-allocate service groups for packets match the permitted rules in ACL 4000.
[Quidway-Ethernet0/1] traffic-priority inbound link-group 4000 auto
2.3.31 traffic-redirect
Syntax
traffic-redirect inbound acl-rule { cpu | interface { interface-name | interface-type

interface-num } | next-hop ip-addr1 ip-addr2 }
undo traffic-redirect inbound acl-rule
View
Ethernet port view
Parameter
Combined Mode Value

2-66
Combined Mode Value


cpu: Redirects packets to the CPU.
interface { interface-name | interface-type interface-num }: Redirects packets to the
designated Ethernet port. For interface-type, you can only choose Ethernet;
interface-num and interface-type together identify a port. In function, interface-name is
equivalent to interface-type plus interface-num.
next-hop ip-addr1 ip-addr2: Redirects packets to a designated IP address. You can
specify two IP addresses here, but the first with higher priority. Only if the first one is
unreachable will the switch forwards packets to the second one.
Description
Using the traffic-redirect command, you can enable the ACL and set traffic redirection
(only available to the permitted rules). Using the undo traffic-redirect command, you
can remove traffic redirection setting.
You can redirect packets to the CPU, designated Ethernet port or designated IP
address.
Note:
The redirection configuration is valid only when the action taken by ACLs is permit.
You can use the next-hop ip-addr1 ip-addr2 parameter realizing the policy routing
function.
For the related command, see display qos-interface traffic-redirection.
2-67
Example
# Redirect packets match the permitted rules in ACL 4000 to the port Ethernet0/1.
[Quidway-Ethernet0/1] traffic-redirect inbound link-group 4000 interface
ethernet0/1
2.3.32 traffic-shape
Syntax
traffic-shape [ queue queue-id ] max-rate burst-size [ queue-depth ]

undo traffic-shape [ queue queue-id ]
View
Ethernet port view
Parameter
queue queue-id: Specifies queue ID, in the range of 0~7.

max-rate: Maximum port rate, in the range of 650~10600000. It must be multiply of 650
kbps.
burst-size: Burst size, in units of kbyte, with the value ranging 4~16000 and being
multiply of 4.
queue-depth: The maximum depth of a queue, ranging from 128 to 2048 and must be
the multiple of 16. If the parameter queue queue-id is not specified in the command,
this parameter is used to specify the queue depth of a port; otherwise it specifies the
queue depth of the corresponding queue.
Description
Using the traffic-shape command, you can enable traffic shaping to transmit packets
at relatively average rate. Using the undo traffic-shape command, you can remove
traffic shaping.
The switch support port-based traffic shaping, that is, running traffic shaping to all the
traffic at a port. For this purpose, you do not select the queue queue-id parameter in the
command. You can also run traffic shaping for a specific outbound queue, i.e. all traffic
in this queue, by selecting the queue queue-id parameter in the command.
It is recommended to configure traffic shaping on all the traffic at the port.
2-68
Note:
z If you only configure the queue-based traffic shaping on a port, no limitation to the
parameter queue-depth.
z If you only configure the port-based traffic shaping on a port, the parameter
queue-depth must be greater than 128.
z If you configure the port-based and queue-based traffic shaping on a port at same
time, the parameter limitation of max-rate, burst-size and queue-depth must be as
following:
max-rate of the port must be greater than the sum of all queues’ max-rate.
burst-size of the port must be greater than the sum of all queues’ burst-size.
queue-depth of the port must be greater than the burst-size of queue.
Example
# Run traffic shaping on all traffic at the current port, with max-rate being 650kbps,
burst-size being 8 kbytes and queue-depth being 80 kbytes.
[Quidway-Ethernet0/1] traffic-shape 650 8 80
Syntax
traffic-statistic inbound acl-rule

undo traffic-statistic inbound acl-rule
View
Ethernet port view
Parameter
Combined Mode Value

2-69
Combined Mode Value


Description
Using the traffic-statistic command, you can enable the ACL and configure traffic
statistics (only available to the permitted rules in the ACL). Using the undo
traffic-statistic command, you can remove traffic statistics setting.
You can use the display qos-interface traffic-statistic command to view the
information result.
Note:
For the related command, see display qos-interface traffic-statistic.
Example
# Count the packets match the permitted rules in ACL 2000.

[Quidway-Ethernet0/1] traffic-statistic inbound ip-group 2000
2-70
2.3.34 wred
Syntax
wred wred-index
undo wred wred-index
View
System view
Parameter
wred-index: WRED index, in the range of 0~3.
Description
Using the wred command, you can create a WRED index view and enter it. Using the
undo wred command, you can restore default setting.
By default, the switch provides four sets of WRED parameters, respectively numbered
as 0~3. The WRED parameters include green-min-threshold, green-max-threshold,
green-max-prob, yellow-min-threshold, yellow-max-threshold, yellow-max-prob,
red-min-threshold, red-max-threshold, red-max-prob and exponent. See the QoS/ACL
module in Operation Manual for more information about red, yellow and green packets.
Example
# Create and enter WRED 0 view.

[Quidway] wred 0
[Quidway-wred-0]
2-71
Quidway S3500 Series Ethernet Switches Chapter 3 Logon user’s ACL control commands
Chapter 3 Logon user’s ACL control commands
3.1 Logon user’s ACL control commands

3.1.1 acl
Syntax
acl acl-number { inbound | outbound }
View
User-interface view
Parameter
acl-number: Specifies a basic ACL with a number in the range of 2000 to 2999.
inbound: Perform ACL control over the users that telnet to the local switch.
outbound: Perform ACL control over the users that telnet to other switches from the
local switch.
Description
Using acl command, you can call an ACL and perform ACL control over the TELNET
users.
This command calls numbered basic ACL only.
Example
# Performs ACL control over the users that telnet to the local switch. (Suppose ACL
2020 has been defined.)
[Quidway-user-interface-vty0-4] acl 2020 inbound
3.1.2 ip http acl
Syntax
ip http acl acl-number

undo ip http acl
View
System view
3-1
Parameter
acl-number: Specifies a basic ACL with a number in the range of 2000 to 2999.
Description
Using ip http acl command, you can call an ACL and perform ACL control over the
WEB network management users. Using undo ip http acl command, you can cancel
the ACL control over the WEB network management users.
This command calls numbered basic ACL only.
Example
# Performs ACL control over the WEB network management users. (Suppose ACL
2020 has been defined.)
[Quidway] ip http acl 2020
3.1.3 snmp-agent community
Syntax
snmp-agent community { read | write } community-name [ [ mib-view view-name ] |

[ acl acl-number ] ]
undo snmp-agent community community-name
View
System view
Parameter
read: Indicate that MIB object can only be read.

write: Indicate that MIB object can be read and written.
community-name: Community name character string.
mib-view view-name: MIB view name.
acl acl-number: the number of basic ACL, ranging from 2000 to 2999.
Description
Using snmp-agent community command, you can configure the community name,
and perform the ACL control over the network management user through the
parameter acl acl-number. Using undo snmp-agent community command, you can
cancel the configuration of community name.
3-2
Example
# Configures huawei as the community name, allows read-only access to the switch by
the name, meanwhile, performs the ACL control to the network management user by
ACL 2020. (Suppose ACL 2020 has been defined.)
[Quidway] snmp-agent community read huawei acl 2020
3.1.4 snmp-agent group
Syntax
snmp-agent group { v1 | v2c } group-name [ read-view read-view ] [ write-view

write-view ] [ notify-view notify-view ] [ acl acl-number ]
undo snmp-agent group { v1 | v2c } group-name
snmp-agent group v3 group-name [ authentication | privacy ] [ read-view
read-view ] [ write-view write-view ] [ notify-view notify-view ] [ acl acl-number ]
undo snmp-agent group v3 group-name [ authentication | privacy ]
View
System view
Parameter
v1: Configure to use V1 safe mode.

v2c: Configure to use V2c safe mode.
groupname: Group name, ranging from 1 to 32 bytes.
read-view: Configures to allow read-only view settings.
readview: Read-only view name, ranging from 1 to 32 bytes.
write-view: Configure to allow read-write view settings.
writeview: Name of read-write view, ranging from 1 to 32 bytes.
notify-view: Configure to allow notify view settings.
notifyview: Specify the notify view name, ranging from 1 to 32 bytes.
acl acl-number: the number of basic ACL, ranging from 2000 to 2999
authentication: If this parameter is added to configuration command, the system will
authenticate but not encrypt SNMP data packets..
privacy: Configure to authenticate and encrypt the packet.
3-3
Description
Using snmp-agent group command, you can configure a new SNMP group, and
perform the ACL control to the group through the parameter acl acl-number. Using
undo snmp-agent group command, you can cancel the SNMP group.
Example
# Creates a new SNMP group: huawei, and perform the ACL control to the group
through ACL 2021. (Suppose ACL 2021 has been defined.)
[Quidway] snmp-agent group v1 huawei acl 2021
3.1.5 snmp-agent usm-user
Syntax
snmp-agent usm-user { v1 | v2c } user-name group-name [ acl acl-number ]

undo snmp-agent usm-user { v1 | v2c } user-name group-name
snmp-agent usm-user v3 user-name group-name [ authentication-mode { md5 |
sha } auth-password ] [ privacy-mode des56 priv-password ] [ acl acl-number ]
undo snmp-agent usm-user v3 user-name group-name { local | engineid
engineid-string }
View
System view
Parameter

username: Specify the user name, ranging from 1 to 32 bytes.
groupname: Specify the group name corresponding to that user, a character string at
the length ranging from 1 to 32 bytes.
authentication-mode: Specify the safety level as authentication required.
md5: Specify the authentication protocol as HMAC-MD5-96.
sha: Specify the authentication protocol as HMAC-SHA-96.
authpassword: Specify the authentication password with a character string, ranging
from 1 to 64 bytes.
privacy-mode: Specify the safety level as encrypted.
des56: Specify the authentication protocol as DES.
3-4
privpassword: Specify the encryption password with a character string, ranging from 1
to 64 bytes.
acl acl-number: the number of basic ACL, ranging from 2000 to 2999.
local: Local entity user.
engineid: Specify the related engine ID of the user.
Description
Using snmp-agent usm-user command, you can add a new user to a SNMP group,
and perform the ACL control to the user through the parameter acl acl-number. Using
undo snmp-agent usm-user command, you can cancel a user from corresponding
SNMP group, meanwhile delete the configuration of ACL control.
Example
# Adds a user huawei for huaweigroup (an SNMP group), configures to authenticate
with HMAC-MD5-96 and sets authentication password as hello, meanwhile perform the
ACL control to the user through ACL 2020 . (Suppose ACL 2020 has been defined.)
[Quidway] snmp-agent usm-user v3 huawei huaweigroup authentication-mode md5
quidway acl 2020
3-5
HUAWEI

Command Manual
Integrated Management

Command Manual - Integrated Management
Table of Contents
Chapter 1 Stack Function Configuration Commands................................................................ 1-1

1.1 Stack Function Configuration Commands ......................................................................... 1-1
1.1.1 display stacking ....................................................................................................... 1-1
1.1.2 stacking ................................................................................................................... 1-2
1.1.3 stacking enable ....................................................................................................... 1-3
1.1.4 stacking ip-pool ....................................................................................................... 1-3
Chapter 2 HGMP V2 Configuration Commands ......................................................................... 2-1

2.1 NDP Configuration Commands ......................................................................................... 2-1
2.1.1 display ndp .............................................................................................................. 2-1
2.1.2 ndp enable............................................................................................................... 2-4
2.1.3 ndp timer hello......................................................................................................... 2-5
2.1.4 ndp timer aging........................................................................................................ 2-5
2.1.5 reset ndp statistics .................................................................................................. 2-6
2.2 NTDP Configuration Commands ....................................................................................... 2-7
2.2.1 display ntdp ............................................................................................................. 2-7
2.2.2 display ntdp device-list ............................................................................................ 2-8
2.2.3 ntdp enable.............................................................................................................. 2-9
2.2.4 ntdp explore........................................................................................................... 2-10
2.2.5 ntdp hop ................................................................................................................ 2-11
2.2.6 ntdp timer .............................................................................................................. 2-12
2.2.7 ntdp timer hop-delay ............................................................................................. 2-12
2.2.8 ntdp timer port-delay ............................................................................................. 2-13
2.3 Cluster Configuration Commands.................................................................................... 2-14
2.3.1 add-member .......................................................................................................... 2-14
2.3.2 administrator-address ........................................................................................... 2-15
2.3.3 auto-build............................................................................................................... 2-15
2.3.4 build....................................................................................................................... 2-16
2.3.5 cluster.................................................................................................................... 2-17
2.3.6 cluster enable ........................................................................................................ 2-17
2.3.7 cluster switch-to..................................................................................................... 2-18
2.3.8 delete-member ...................................................................................................... 2-19
2.3.9 display cluster........................................................................................................ 2-20
2.3.10 display cluster candidates ................................................................................... 2-22
2.3.11 display cluster members ..................................................................................... 2-23
2.3.12 ftp-server ............................................................................................................. 2-25
2.3.13 holdtime............................................................................................................... 2-26
2.3.14 ip-pool.................................................................................................................. 2-27
i
2.3.15 logging-host......................................................................................................... 2-27

2.3.16 port-tagged .......................................................................................................... 2-28
2.3.17 reboot member .................................................................................................... 2-29
2.3.18 snmp-host............................................................................................................ 2-29
2.3.19 tftp-server ............................................................................................................ 2-30
2.3.20 timer .................................................................................................................... 2-31
ii
Quidway S3500 Series Ethernet Switches Chapter 1 Stack Function Configuration Commands
Chapter 1 Stack Function Configuration

Commands
1.1 Stack Function Configuration Commands

1.1.1 display stacking
Syntax
display stacking [ members ]
View
Any view
Parameter
members: Display stack member information. It is omitted for the slave switches.
Description
Using display stacking command, you can view the stack status information of the
master switch or slave switches in a stack.
When using this command on the master switch without members, the displayed
information will indicate that the local switch is the master switch and indicate the
number of switches in the stack. Using the command with members, the member
information of the stack will be displayed, including stack number of master/slave
switches, stack name, stack device name, MAC address and status.
When using this command on a slave switch, the displayed information will indicate that
the local switch is a slave switch of the stack, indicate the stack number of the switch
and MAC address of the master switch in the stack.
Example
# Display the stack information on the master switch.

<stack_0.Quidway> display stacking
Main device for stack.
Total members:2
# Display the stack member information on the master switch.

<stack_0.Quidway> display stacking members
Member number: 0
Name:stack_0.Quidway
Device:Quidway S3526
1-1
MAC Address:00e0-fc07-0bc0
Member status: Admin
IP: 172.31.0.1/16
Member number: 1
Name:stack_1.Quidway
MAC Address:00e0-fc07-58a0
Member status:Up
IP: 172.31.0.2/16
Table 1-1 Display information
Field Description
The number of member switch, main device’s number is
Member number: 0
0
Name:stack_0.Quidway Name of member switch
Device Device type of member switch, such as S3526 etc.

MAC Address Mac address of member switch.
Status of member switch, the member switch can be
Member status
administrator or member.
IP: 172.31.0.1/16 IP address of member switch.
1.1.2 stacking
Syntax
stacking num
View
User view
Parameter
num: Number of the slave switch to be switched to.
Description
Using stacking command, you can switch from the master stack switch to a slave
switch to perform the configuration.
This command can only be used to switch from the master switch to a slave switch and
the user level remains the same while switching. To switch from a slave switch back to
a master switch, input <quit>.
1-2
Example
# Switch from master switch Quidway to slave Switch1, perform the configuration on
Switch1 and then switch back to the master switch.
<stack_0.Quidway> stacking 1
<stack_1.Quidway>
<stack_1.Quidway> quit
<stack_0.Quidway>
1.1.3 stacking enable
Syntax
stacking enable
undo stacking enable
View
System view
Parameter
None
Description
Using stacking enable command, you can establish a stack. Using undo stacking
enable command, you can cancel the stack.
After entering this command, the system will automatically add the switches connected
to the stack ports of the master switch to the stack. User can only operate on the master
switch to delete a stack.
After a stack has been established, the slave switch will exit the stack automatically if
the stack port is disconnected.
Example
# Establish a stack.
[Quidway] stacking enable
1.1.4 stacking ip-pool
Syntax
stacking ip-pool from-ip-address ip-address-number [ ip-mask ]

undo stacking ip-pool
1-3
View
System view
Parameter
from-ip-address: Starting address of the stack IP address pool.

ip-address-number: Number of IP address in the stack IP addresses pool.
ip-mask: Mask of the stack IP address.
Description
Using stacking ip-pool command, you can configure the optional IP address range in
public network for a stack. Using undo stacking ip-pool command, you can restore to
the default IP address configuration of the stack.
By default, no IP pool is configured.
Before establishing a stack, the user should firstly set the optional IP address range in
the public network for a stack. Then the master switch will automatically distribute the
applicable IP addresses for the slave switches to add to the stack.
This command can only be used on the non-stack switches. After a stack is
established, the user will not be able to modify its IP address range.
ip-address-number must be larger than or equal to the maximum-number of stack
switches. Otherwise, some switches cannot be added into the stack automatically.
Example
# Set the optional IP address range in public network for a stack.

[Quidway] stacking ip-pool 129.10.1.1 5
1-4
Quidway S3500 Series Ethernet Switches Chapter 2 HGMP V2 Configuration Commands
Chapter 2 HGMP V2 Configuration Commands
2.1 NDP Configuration Commands

2.1.1 display ndp
Syntax
display ndp [ interface port-list ]
View
Any view
Parameter
interface port-list: Specifies a list of ports isolated from the specified port. A list may
contain consecutive or separated ports, or the combination of consecutive and
separated ports. The parameter is expressed as { interface_type interface_num |
interface_name } [ to { interface_type interface_num | interface_name } ] } &<1-10>.
interface_type specifies the port type. interface_num specifies the port number,
expressed as slot number/port number. Key word to helps specify a port range.
Description
Using display ndp command, you can view global NDP configuration information,
including NDP packet interval, NDP information hold time and neighbor information of
all the ports.
Example
# Display global NDP configuration information.

[Quidway] display ndp
Neighbor Discovery Protocol is enabled.
Neighbor Discovery Protocol Ver: 1, Hello Timer: 60(s), Aging Timer: 180(s)
Status: Enabled, Pkts Snd: 0, Pkts Rvd: 0, Pkts Err: 0
2-1
2-2
Neighbor 1: Aging Time: 170(s)
MAC Address : 00e0-fc00-0003
Port Name : Ethernet0/23
Software Ver: VRP3.10
Device Name : Quidway S3526
Port Duplex : AUTO
Product Ver : 3526-0001C
Interface: GigabitEthernet2/1
Table 2-1 Information about NDP configuration the NDP neighbors discovered by a
port
Field Description
Neighbor Discovery
The system NDP is enabled on the switch
Protocol is enabled
Neighbor Discovery
The NDP version
Protocol Ver: 1
The current device transmits NDP packet every 60
Hello Timer: 60(s)
seconds.
A neighbor keeps the NDP information of the current
Aging Timer: 180(s)
device for 180 seconds.
Interface: Ethernet0/1 Port number, specify a port
Status: Enabled NDP is enabled on the port
2-3
Field Description
Pkts Snd: 89 Number of NDP packets transmitted from a port
Pkts Rvd: 262 Number of NDP packets received by a port
Pkts Err: 0 Number of error NDP packets received by a port
Neighbor 1: Aging The neighbor NDP information aging time connected by
Time: 170(s) the port
MAC Address MAC address of a neighbor device
Port Name Port name of a neighbor device
Software Ver The software version of a neighbor device
Device Name Device name of a neighbor device
Port Duplex Port duplex mode of a neighbor device
Product Ver The product version of a neighbor device
2.1.2 ndp enable
Syntax
ndp enable [ interface port-list ]

undo ndp enable [ interface port-list ]
View
System view or Ethernet port view
Parameter
interface port-list: Specifies a list of ports isolated from the specified port. A list may
Description
Using ndp enable command, you can enable NDP on a system in system view, or
enable it on a port in Ethernet port view. Using undo ndp enable command, you can
disable NDP on a system in system view, or disable it on a port in Ethernet port view.
Example
# Enable system NDP.

[Quidway] ndp enable
2-4
2.1.3 ndp timer hello
Syntax
ndp timer hello seconds

undo ndp timer hello
View
System view
Parameter
seconds: Specifies NDP packet interval and ranges from 5 to 254 in units of second. By
default, NDP packets are transmitted every 60 seconds.
Description
Using ndp timer hello command, you can configure how often to transmit the NDP
packets. Using undo ndp timer hello command, you can restore the default NDP
packet interval.
A device shall refresh the NDP information of its adjacent nodes in time to maintain
timely information as the adjacent nodes change. You can use configuration command
to adjust the NDP refreshing frequency.
Example
# Configure to transmit NDP packets every 80 seconds.

[Quidway] ndp timer hello 80
2.1.4 ndp timer aging
Syntax
ndp timer aging aging-in-secs

undo ndp timer aging
View
System view
Parameter
aging-in-secs: Specifies how often to refresh the neighbor node information on a port
and ranges from 5 to 255 in units of second. By default, NDP is aged in 180 seconds.
Description
Using ndp timer aging command, you can configure how long a device will hold the
NDP packets received from the local device. After the aging timer expires, the device
2-5
will discard the received NDP neighbor node information. Using undo timer aging
command, you can restore the default NDP information aging time.
A user can specify how long an adjacent device will hold the information of the local
device. The adjacent device learns how long it will hold the NDP information from the
aging time carried in NDP packets and discards the packets when the aging timer
expires.
Normally NDP aging time is longer than NDP packet interface. Otherwise, the neighbor
information table of an NDP port will become unstable.
Example
# Configure the aging time of NDP packet as 60, so that an adjacent device will discard
the NDP packets from the local device 60 seconds after receiving them.
[Quidway] ndp timer aging 60
2.1.5 reset ndp statistics
Syntax
reset ndp statistics [ interface port-list ]
View
User view
Parameter
interface port-list Specifies a list of ports isolated from the specified port. A list may
Description
Using reset ndp statistics command, you can reset the NDP counters to clear the
NDP statistics information.
Example
# Clear NDP statistics information.

<Quidway> reset ndp statistics
2-6
2.2 NTDP Configuration Commands

2.2.1 display ntdp
Syntax
display ntdp
View
Any view
Parameter
None
Description
Using display ntdp command, you can view the global NTDP information. The
displayed information includes collected hops, ntdp timer, hop-delay, port-delay and
time taken for last collection.
This command is used for displaying the global NTDP information.
Example
# Display the global NTDP information.

[Quidway] display ntdp
NTDP is running.
Hops : 3
Timer : 0 min
Hop Delay : 200 ms
Port Delay: 20 ms
Last collection total time: 2216ms
Table 2-2 Description of global NTDP configuration information
Field Description
NTDP is running. The global NTDP is enabled on the local device.
Hops Hops for topology collection.

Timer Interval of periodic topology collection.
Delay that the device forwards topology collection
Hop Delay
request.
Port Delay Delay that the port forwards topology collection request.
Last collection total time Time taken by last collection.
2-7
2.2.2 display ntdp device-list
Syntax
display ntdp device-list [ verbose ]
View
All view
Parameter
verbose: Display the detailed information about the device.
Description
Using display ntdp device-list command, you can view the device information
collected through NTDP.
Example
# Display the device list collected through NTDP.

<Quidway> display ntdp device-list
MAC HOP IP PLATFORM
00e0-fc10-0000 1 Quidway S3526
00e0-fc07-3c00 3 Quidway S3526
00e0-fc07-4de0 2 192.169.121.257/25 Quidway S3526
00e0-fc07-0bc0 0 Quidway S3526
Table 2-3 Description of device list information collected through NTDP
Field Description
MAC MAC address of the device
HOP Hops to the collecting device
PLATFORM Platform information about device

IP IP address and mask length of the VLAN1 on the device
# Display the detailed device information collected through NTDP.

<Quidway> display ntdp device-list verbose
Hostname : Quidway
MAC : 00e0-fc10-0000
Hop : 1
Platform : Quidway S3026
IP:
Version:
Huawei Versatile Routing Platform Software
2-8
VRP (tm) Software, Version 3.10

Quidway S3026 Software Version 3026-005, RELEASE SOFTWARE
Copyright (c) 2000-2002 By HUAWEI TECH CO., LTD.
Cluster : Candidate device

Stack : Candidate device
Peer MAC Peer Port ID Native Port ID Speed Duplex

00e0-fc07-0bc0 Ethernet0/23 Ethernet2/4 100 FULL
00e0-fc07-4de0 Ethernet0/12 Ethernet2/4 100 FULL
Hostname : Quidway
MAC : 00e0-fc07-3c00
Hop : 3
IP:
Version:
Cluster : Candidate device

Stack : Candidate device
Peer MAC Peer Port ID Native Port ID Speed Duplex

00e0-fc07-4de0 Ethernet0/14 Ethernet0/8 100 FULL
Table 2-4 Description of detail information of devices collected through NTDP
Field Description
Peer MAC MAC address of the peer device
Native Port ID Name of local port connected to the peer device

Peer Port ID Name of opposite port connected to the local device
Speed Speed of the local port connected to the peer
Duplex Duplex mode of the local port connected to the peer device
2.2.3 ntdp enable
Syntax
ntdp enable
2-9
undo ntdp enable
View
Parameter
None
Description
Using ntdp enable command, you can enable NTDP on switch or a port. Using undo
ntdp enable command, you can disable NTDP on switch or a port.
By default, NTDP is enabled on switch and the ports supporting NDP. If NTDP is
enabled on a port not supporting NDP, NTDP cannot run yet.
Before a device can process NTDP packet, the system NTDP must be enable first.
After disabling system NTDP, all the NTDP information on the switch will be cleared and
the switch will discard all the NTDP packets and stop transmitting NTDP request.
The user can use this command to enable/disable NTDP on a specified port to decide
through which port to transmit/receive and forward NTDP packets. After the global
NTDP and port NTDP have been enabled, the NTDP packets can be transmitted,
received and forwarded via the port. After the NTDP is disabled on the port, the port will
not process NTDP packets.
Sometimes it only needs collecting the topology connected to the downlink ports, not
caring about that connected to the uplink. In this case, NTDP is supposed to be
disabled on the uplink ports.
Example
# Enable NTDP on Ethernet0/1.

[Quidway-Ethernet0/1] ntdp enable
2.2.4 ntdp explore
Syntax
ntdp explore
View
User view
Parameter
None
2-10
Description
Using ntdp explore command, you can start topology information collection when you
wants to collect network topology information. NTDP will collect the NDP information of
every device and all of their neighboring connections in the specified network scope.
The administrator device or network management system will learn the network
topology according to the information to manage and monitor the devices.
Example
# Start the topology collection.

<Quidway> ntdp explore
2.2.5 ntdp hop
Syntax
ntdp hop hop-value

undo ntdp hop
View
System view
Parameter
hop-value: Indicate the maximum hops that the device collected can be away from the
topology collecting device, ranging from 1 to 16. By default, the value is 3.
Description
Using ntdp hop command, you can configure a limit to the hops for topology collection
to collect the topology information of the devices among determined range, so that
infinitive collection can be avoided. Using undo ntdp hop command, you can restore
the default value. The limit is performed through controlling permitted hops from the
originating of collection. For example, if you set a limit of 2 to the hop number, only the
switches 2 hops away from the first switch transmitting the topology collection request
will be collected.
This command is only effective on the topology-collecting device. The broader
collection scope requires more memory of the topology-collecting device.
Example
# Set a limit of 5 hops for topology collection.

[Quidway] ntdp hop 5
2-11
2.2.6 ntdp timer
Syntax
ntdp timer interval-in-mins

undo ntdp timer
View
System view
Parameter
Interval-in-mins: The interval of collecting topology information periodically, ranging

from 0 to 65535 in minutes. 0 indicates that no regular topology collection will be
performed.
Description
Using ntdp timer command, you can configure the topology collection interval. Using
undo ntdp timer command, you can restore the default topology collection interval.
By default, the interval of periodic topology collection is 0 minute, i.e. no regular
topology collection will be performed.
In order to learn the topology changes in time, it is necessary to regularly collect the
topology information throughout the whole scope specified. This can show any
topological changes, some of which may be omitted by the partial collection.
Example
# Configure the periodic topology connection interval is 30 minutes.

[Quidway] ntdp timer 30
2.2.7 ntdp timer hop-delay
Syntax
ntdp timer hop-delay time

undo ntdp timer hop-delay
View
System view
Parameter
time: The time that the collected device wait before forwarding the topology-collection
request, ranging from 1 to 1000 milliseconds. By default, the value is 200ms.
2-12
Description
Using ntdp timer hop-delay command, you can configure delay for collected device to
forward topology collection request. Using undo ntdp timer hop-delay command, you
can restore the default delay value.
To avoid network congestion resulted from collecting device’s receiving large amount of
responses simultaneously, you can configure each collected device to delay response
for a period of time after receiving the topology request. Then, the first port will start to
forward the topology request packet.
This command is executed on the collecting device. The topology request contains the
hop-delay time, according to which the collected device decides how long it shall wait
before the first port forwards the request.
Example
# Configure that the collected device receives NTDP request and delays for 300ms
before transmitting the NTDP packet to the first port.
[Quidway] ntdp timer hop-delay 300
2.2.8 ntdp timer port-delay
Syntax
ntdp timer port-delay time

undo ntdp timer port-delay
View
System view
Parameter
time: The delay before forwarding the topology request packet to the next port, ranging
from 1 to 100 in milliseconds. By default, the value is 20ms.
Description
Using ntdp timer port-delay command, you can configure the delay before the next
port’s forwarding packets on the collected device. Using undo ntdp timer port-delay
command, you can restore the default port-delay.
To avoid network congestion resulted from collecting device’s receiving large amount of
responses simultaneously, you can configure each collected device to delay response
for a period of time after receiving the topology request. Then, the first port will start to
forward the topology request packet.
2-13
This command is configured on the collecting device. The topology request contains
the port-delay time, according to which the collected device decides how long it shall
wait before the first port forwards the request.
Example
# Configure that the collected device shall delay for 40ms before the next port sends
the request.
[Quidway] ntdp timer port-delay 40
2.3 Cluster Configuration Commands

2.3.1 add-member
Syntax
add-member [member-num ] mac-address H-H-H [ password password ]
View
Cluster view
Parameter
member-num: Number of a member device, ranging from 1 to 256.

H-H-H: The hexadecimal MAC address of a member device.
password: The password of a candidate device. Before joining a cluster, the candidate
device should be authenticated. A candidate without password need not input
password. If password different from the password of the administrator device has
been configured on the candidate device, a user has to input that password before
adding the candidate device to the cluster.
Description
Using add-member command, you can add a candidate device to a cluster.

This command can be executed on the administrator device only. When adding a
cluster member, you can use the member-num parameter to assign a member number
to it at the same time. Remember to assign an unused number; otherwise, the system
will prompt error. If you do not specify the member number, the administrator device will
assign an unused one to the candidate.
A candidate with a password same as that of the administrator device or without
password can join the cluster free from password authentication. Otherwise, the user
has to input the password before adding the candidate.
Its device password will become the administrator device password if the candidate
device is added to the cluster system.
2-14
Example
# Add the candidate device, with MAC address 00E0-fc00-35e7 and super-password
huawei, to the cluster, and its member number is 6.
[Huawei_0.Quidway-cluster] add-member 6 mac-address 00E0-fc00-35e7 password
huawei
2.3.2 administrator-address
Syntax
administrator-address mac-address name name

undo administrator-address
View
Cluster view
Parameter
mac-address: This parameter is to define MAC address of the administrator device.

name: Name of an existing cluster with no more than 8 characters, including only letters,
digital, subtraction sign “-” and underline “_”.
Description
Using administrator-address command, you can store such information as

administrator device address and cluster name related to a cluster on a member device
and add a candidate to a cluster. Using undo administrator-address command, you
can cancel a member from the cluster and make it a candidate again.
This command is used for saving configuration information. Generally a user does not
need to use it. A member left the cluster through the undo administrator-address
command will not notify the administrator device, and therefore you can still see such
device on the administrator device yet it turns down. The right way to remove a cluster
member is to execute the delete-member command.
Example
# Delete the current member device from the cluster.

[Quidway-cluster] undo administrator-address
2.3.3 auto-build
Syntax
auto-build [ recover ]
2-15
View
Cluster view
Parameter
recover: automatic get back the members of a cluster for the administrator device
when it reboot.
Description
Using auto-build command, you can configure a cluster automatically.

This command can be used on a candidate device or an administrator device.
When you use this command on a candidate device, the system requires you to input a
cluster name and creates a cluster. And then the cluster uses NTDP to collect
candidates and adds them to the cluster upon your confirmation.
When you use this command on an administrator device, the system will collect the
candidates directly.
The recover parameter is used for recover a cluster. Using the auto-build recover
command, you can find the members left the member list and add them to the cluster
again.
Note: Ensure that NTDP is enabled, because it is the basis of candidate and member
collection. The collection range is also decided through NTDP. You can use hop
command to decide the collection range in System view.
If a member has been configured with an enable-password different from the password
of the administrator device, it cannot be added to a cluster automatically.
Example
# Set up a cluster automatically.

[Quidway-cluster] auto-build
2.3.4 build
Syntax
build name
undo build
View
Cluster view
Parameter
name: Cluster name with no more than 8 characters, including and only including
letters, numerals, subtraction sign “-” and underline “_”.
2-16
Description
Using build command, you can configure a cluster on a device. The name parameter
specifies the name of the cluster. Using undo build command, you can cancel a
cluster.
By default, all the devices supporting cluster are candidate devices.
After a cluster is created, the device on which the command is executed becomes the
administrator device and will be assigned with a fixed member number of 0.
This command can be executed on an administrator device or a command-capable
device. Using it on an administrator device, you can rename a cluster. Using it on a
candidate device, you can create a cluster.
Example
# Configure the current switch as the administrator device and specifies HUAWEI as
the cluster name.
[Quidway-cluster] build HUAWEI
2.3.5 cluster
Syntax
cluster
View
System view
Parameter
None
Description
Using cluster command, you can enter cluster view.
Example
# Enter cluster view.

[Quidway] cluster
[Quidway-cluster]
2.3.6 cluster enable
Syntax
cluster enable
undo cluster enable
2-17
View
System view
Parameter
None
Description
Using cluster enable command, you can enable the cluster function on a switch. Using
undo cluster enable command, you can disable the cluster function of a switch.
By default, the cluster function is enabled on all the devices supporting cluster.
Above commands can be used on any device supporting the cluster function. When
you use the undo cluster enable command on an administrator device, the system will
delete the cluster and disable the cluster function on it. When you use it on a member
device, the system will exit the cluster and disable the cluster function on it.
Note: If the cluster function is disabled, you cannot create a cluster on the device or add
it to a cluster.
Example
# Enable the cluster function of a switch.

[Quidway] cluster enable
2.3.7 cluster switch-to
Syntax
cluster switch-to { member-num | mac-address H-H-H | administrator }
View
User view
Parameter
member-num: Member number of member device, ranging from 1 to 256.

mac-address H-H-H: MAC address of a member device.
administrator: Redirect from a member device to the administrator device.
Description
Using cluster switch-to command, you can switch between administrator device and
member devices for convenient management.
A member device in a cluster can be managed through the administrator device. The
user can operate on an administrator device and switchover to a specified member
2-18
device for configuration management, or operate on a member device and switchover

to an administrator device.
Authentication is required when the user switch from the administrator device to a
member device. Upon passing the member device authentication, the switchover is
allowed. If the password of the member device is different from the administrator device,
the switchover will be rejected. The user level will be inherited from the administrator
device when switching to the member device from administrator device. For example,
the user view will remain as user view after switching from the administrator device to a
member device.
Authentication is also required when you switch from a member device to the
administrator device. After passing the authentication, the system will enter the user
view automatically.
When executed on the administrator device, if the specified member number n is
omitted, the error message will be on display. Enter quit to stop the switchover
operation.
Example
# Switch from the administrator device to member device 6 and then switches back to
the administrator device.
<Huawei_0.Quidway> cluster switch-to 6
<Huawei_6.Quidway> quit
<Huawei_0.Quidway>
2.3.8 delete-member
Syntax
delete-member member-num
View
Cluster view
Parameter
member-num: Number of a member device, ranging from 1 to 255.
Description
Using delete-member command, you can cancel a member from the cluster.
This command can be performed on administrator device. After performing this
command, the administrator device will notify a member device to exit cluster and
delete it from the member list. If the administrator device and the member device still
cannot intercommunicate, the member will be deleted, however, the cluster information
on the member device may not be deleted.
2-19
Example
# Delete the switch from cluster, its member number is 2.

[Huawei_0.Quidway-cluster] delete-member 2
2.3.9 display cluster
Syntax
display cluster
View
Any view
Parameter
None
Description
Using display cluster command, you can view the state and basic configuration
information of the cluster.
This command can be performed on both administrator device and member device, but
the displays are different. In the administrator device, there are cluster name, member
number, handshake interval, holdtime, address pool, and the server of cluster. In the
member device, there are member number, MAC address of administrator device, and
the state of administrator device.
Example
# Display information about cluster on the administrator device.

<Quidway> display cluster
Cluster name:"sss"
Role:Administrator
Handshake timer:10 sec

Handshake hold-time:60 sec
IP-Pool:1.1.1.1/20
No logging host configured
No SNMP host configured
No FTP server configured
No TFTP server configured.
2-20
Table 2-5 Description of cluster status and statistics information
Field Description
Cluster name Name of the cluster
Role Role of the cluster member
Handshake timer Value of handshake timer
Handshake hold-time Value of handshake hold-time
IP-Pool IP pool of the cluster
No logging host configured
No SNMP host configured
The corresponding configuration of the cluster
No FTP server configured
No TFTP server configured.
# Display information about cluster on the member device.

<Quidway> display cluster
Cluster name:"sss"
Role:Member
Member number:1
Handshake timer:10 sec

Handshake hold-time:60 sec
Administrator device mac address:00e0-fc00-0003

Administrator status:Up
Table 2-6 Description of cluster status and statistics information
Field Description
Cluster name Name of the cluster
Role Role of the cluster member
Member state Member status
Member number Number of member device

Handshake timer Value of handshake timer
Handshake hold-time Value of handshake hold-time
Administrator device mac address MAC address of administrator device
Administrator status Status of administrator device
2-21
2.3.10 display cluster candidates
Syntax
display cluster candidates [ mac-address H-H-H | verbose ]
View
Any view
Parameter
mac-address H-H-H: MAC address of candidate device.

verbose: Display the detailed information about the candidate device.
Description
Using display cluster candidates command, you can view candidate devices of the
cluster.
This command can only be performed on the administrator device.
The candidate devices are collected by NTDP. Execute hop command in System view
to specify the collection range.
This command displays the candidate device collected by NTDP last time. In order to
ensure the correctness of display, you can manually perform a collection first, or set the
NTDP to run collection periodically.
Example
# Display all the candidate devices lists.

<Quidway> display cluster candidates
MAC HOP IP PLATFORM
00e0-fc10-0000 1 Quidway S3526
00e0-fc07-3c00 3 Quidway S3526
00e0-fc07-4de0 2 192.169.121.257/25 Quidway S3526
00e0-fc07-0bc0 0 Quidway S3526
# Display the information about the specified candidate device.

<Quidway> display cluster candidates mac-address 00e0-fc61-c4c0
Hostname : LSW1
MAC : 00e0-fc61-c4c0
Hop : 1
IP: 1.5.6.9/16
# Display the detailed information about all the candidate devices.

<Quidway> display cluster candidates verbose
Hostname : Quidway
2-22
MAC : 00e0-fc00-a01f
Hop : 2
IP:
Hostname : LSW1
MAC : 00e0-fc07-4de0
Hop : 1
IP: 1.5.6.7/16
Table 2-7 Description of candidate device list information
Field Description
Hostname Name of the candidate device
MAC MAC address
Hop Hops to the administrator device
IP IP address
Platform Platform of the candidate device
2.3.11 display cluster members
Syntax
display cluster members [member-num | verbose ]
View
Any view
Parameter
member-num: Cluster member number, ranging from 0 to 255.

verbose: Display the detailed information about all the member devices.
Description
Using display cluster command, you can view the information of cluster member.
This command can only be performed on the administrator device. Using member-num
or verbose parameter to display detail information of a certain member or all the
members
Example
# Display configuration information about the member devices.
2-23
<Quidway> display cluster members

SN Device MAC Address Status Name
0 Quidway S3526 00e0-fc07-0bc0 Cmdr Huawei_0.Quidway
1 Quidway S3026 00e0-fc00.a01f Up Huawei_1.Quidway
2 Quidway S3526 00e0-fc07-4de0 Up Huawei_2.LSW1
Table 2-8 Description of detail information
Field Description
SN Device serial number
Device Device type
MAC Address MAC address of the device
Status Status of the device
Name Name of the device
# Display the detailed configuration information about the administrator device and all
member devices.
<Quidway> display cluster members verbose
Member number: 0
Name:Huawei_0.Quidway
MAC Address:00e0-fc07-0bc0
Member status:Cmdr
Hops to administrator device:0
IP: 1.1.200.210/16
Version:
Quidway S3526 3526-003
Member number: 1
Name:Huawei_1.Quidway
MAC Address:00e0-fc00-a01f
Member status:Up
IP:
Version:
2-24

Member number: 2
Name:Huawei_2.LSW1
MAC Address:00e0-fc07-4de0
Member status:Up
IP: 1.5.6.7/16
Version:
Quidway S3526 3526-003
Table 2-9 Description of detail information
Field Description
Member number: Device member number
Name: Name of the device

Device: Device type
MAC Address: MAC address of the device
Member Status: Status of the device

Hops to administrator The hops from current member device to the
device: administrator
IP: IP address of current member device

Version Software Version of current device
2.3.12 ftp-server
Syntax
ftp-server ip-address
undo ftp-server
View
Cluster view
Parameter
ip-address: IP address of FTP server configured for the cluster.
2-25
Description
Using ftp-server command, you can configure the public FTP server for the cluster
members on the administrator device. Using undo ftp-server command, you can
configure administrator device as FTP server.
By default, the administrator device acts as FTP Server.
The member device within cluster will access FTP server via administrator device.
Configure the IP address of FTP server for the cluster, then the member devices of the
cluster can access the server via the administrator device.
Example
# Configure the IP address of FTP server for the cluster on the administrator device.
[Huawei_0.Quidway-cluster] ftp-server 1.0.0.9
2.3.13 holdtime
Syntax
holdtime seconds
undo holdtime
View
Cluster view
Parameter
seconds: Valid holdtime in seconds, ranging from 1 to 255. By default, the valid
holdtime is 60 seconds.
Description
Using holdtime command, you can configure the valid holdtime of a switch. Using
undo holdtime command, you can restore the default value of holdtime . After missing
3 times of handshake, if the switch still cannot receive any information of the peer
device during holdtime, it will set the state of peer device to “down”. When the
communication resumes, the relevant member device will be re-added to the cluster
(automatically). If the downtime does not go beyond the valid holdtime specified by the
user, the member device will stays in the normal state and need not be added again.
The commands can only be executed on the administrator device, which will advertise
the cluster timer value to the member devices.
Example
# Set the cluster holdtime as 50 seconds.

[Huawei_0.Quidway-cluster] holdtime 50
2-26
2.3.14 ip-pool
Syntax
ip-pool administrator-ip-address { ip-mask | ip-mask-length }

undo ip-pool
View
Cluster view
Parameter
administrator-ip-address: IP address of the administrator device of the cluster.

ip-mask: Mask of the cluster IP address pool.
ip-mask-length: Mask length of the cluster IP address pool.
Description
Using ip-pool command, you can configure a private IP address range for a cluster on
the command-switch-to-be. Using undo ip-pool command, you can restore the default
IP address configuration of the cluster.
By default, no IP pool is configured.
Before setting up a cluster, the user should configure a private IP address pool for the
member devices of the cluster. When a candidate device is added, the administrator
device will dynamically assign a private IP address, which can be used for
communication inside the cluster. In this way, the user can use the administrator device
to manage and maintain the member devices.
The commands can only be executed on a switch of non-cluster member. The IP
address pool of an existing cluster cannot be modified.
Example
# Configure the IP address pool of a cluster.

[Quidway-cluster] ip-pool 10.200.0.1 20
2.3.15 logging-host
Syntax
logging-host ip-address
undo logging-host
View
Cluster view
2-27
Parameter
ip-address: IP address of logging host configured for the cluster.
Description
Using logging-host command, you can configure a public logging host for the member
devices on the administrator device. Using undo logging-host command, you can
cancel the logging host.
By default, there is no public logging host configured.
The commands are used to assign an IP address for the logging host of the cluster,
thereby the members can send log information to logging host via the administrator
device.
Example
# Configure the IP address of the logging host on the administrator device.

[Huawei_0.Quidway-cluster] logging-host 1.0.0.9
2.3.16 port-tagged
Syntax
port-tagged vlan vlanid

undo port-tagged
View
Cluster view
Parameter
vlanid: ID of management VLAN, which can be configured as 1 only.
Description
Using port-tagged command, you can configure VLAN check for the communication
inside a cluster on the administrator device. Using undo port-tagged command, you
can cancel VLAN check for the communication inside a cluster on the administrator
device.
By default, VLAN check is performed.
Example
# Configure VLAN check for the communication inside a cluster.

[Huawei_0.Quidway-cluster] port-tagged vlan 1
2-28
2.3.17 reboot member
Syntax
reboot member { member-num | mac-address H-H-H } [ eraseflash ]
View
Cluster view
Parameter
member-num: Cluster member number.

H-H-H: MAC address of the member device to be reset.
eraseflash: Delete the configuration file when resetting the member device.
Description
Using reboot member command, you can reset a specified member device on the
administrator device.
The communication between the administrator device and member devices may be
interrupted due to some configuration errors, the member device can be controlled via
the remote control function of member device. For example, you can delete the booting
configuration file and reset the member device to restore the normal communication
between administrator device and member device.
When using the reboot member command, the user can decide to delete the
configuration file or not with the eraseflash parameter when the member device is
resetting.
Example
# Reset the cluster member 2.

[Huawei_0.Quidway-cluster] reboot member 2
2.3.18 snmp-host
Syntax
snmp-host ip-address
undo snmp-host
View
Cluster view
Parameter
ip-address: IP address of the SNMP host configured for the cluster.
2-29
Description
Using snmp-host command, you can configure the public SNMP host for the members
inside a cluster on the administrator device. Using undo snmp-host command, you
can cancel the public SNMP host.
By default, there is no public SNMP host.
This command is used to configure the IP address of the network management site for
the cluster, thereby a cluster member can send the trap information to it via the
administrator device.
Example
# Configure the IP address of SNMP host for the cluster on the administrator device.
[Huawei_0.Quidway-cluster] snmp-host 1.0.0.9
2.3.19 tftp-server
Syntax
tftp-server ip-address
undo tftp-server
View
Cluster view
Parameter
ip-address: IP address of TFTP server configured for the cluster.
Description
Using tftp-server command, you can configure the public TFTP server for the cluster
members on the administrator device. Using undo tftp-server command, you can
cancel the public TFTP server.
By default, there is no public TFTP Server.
Assign an IP address for TFTP server of the cluster, then the member devices can
access the server via the administrator device.
Example
# Configure IP address for TFTP server on the administrator device.

[Huawei_0.Quidway-cluster] tftp-server 1.0.0.9
2-30
2.3.20 timer
Syntax
timer interval-in-secs
undo timer
View
Cluster view
Parameter
Interval-in-secs: This parameter is to set sending time interval of the handshake packet,
ranging of 1 ~ 255 seconds. By default ,the value is 10 seconds.
Description
Using timer command, you can configure the interval of handshake packets. Using
undo timer command, you can restore the default value of the interval.
Inside a cluster, the member devices communicate with the administrator device
through transmitting handshake packets. The regular handshake can help the user
monitor the states of cluster members and links.
This command can only be executed on the administrator device, which will advertise
the cluster timer value to the member devices.
Example
# Configure to send handshake packets once every 3 seconds.

[Huawei_0.Quidway-cluster] timer 5
2-31
HUAWEI

Command Manual
STP

Command Manual - STP
Table of Contents
Chapter 1 MSTP Configuration Commands ............................................................................... 1-1

1.1 MSTP Configuration Commands ....................................................................................... 1-1
1.1.1 active region-configuration ...................................................................................... 1-1
1.1.2 check region-configuration ...................................................................................... 1-1
1.1.3 display stp ............................................................................................................... 1-3
1.1.4 display stp region-configuration .............................................................................. 1-5
1.1.5 instance ................................................................................................................... 1-6
1.1.6 region-name ............................................................................................................ 1-6
1.1.7 reset stp................................................................................................................... 1-7
1.1.8 revision-level ........................................................................................................... 1-8
1.1.9 stp............................................................................................................................ 1-9
1.1.10 stp bpdu-protection ............................................................................................... 1-9
1.1.11 stp bridge-diameter ............................................................................................. 1-10
1.1.12 stp edged-port ..................................................................................................... 1-11
1.1.13 stp cost ................................................................................................................ 1-12
1.1.14 stp priority............................................................................................................ 1-13
1.1.15 stp port priority..................................................................................................... 1-14
1.1.16 stp root primary ................................................................................................... 1-15
1.1.17 stp root secondary............................................................................................... 1-16
1.1.18 stp interface......................................................................................................... 1-17
1.1.19 stp interface edged-port ...................................................................................... 1-18
1.1.20 stp interface cost ................................................................................................. 1-19
1.1.21 stp interface port priority...................................................................................... 1-21
1.1.22 stp interface loop-protection................................................................................ 1-22
1.1.23 stp interface mcheck ........................................................................................... 1-22
1.1.24 stp interface point-to-point................................................................................... 1-23
1.1.25 stp interface root-protection ................................................................................ 1-24
1.1.26 stp interface transit-limit ...................................................................................... 1-25
1.1.27 stp loop-protection............................................................................................... 1-26
1.1.28 stp max-hops....................................................................................................... 1-27
1.1.29 stp mcheck .......................................................................................................... 1-27
1.1.30 stp mode.............................................................................................................. 1-28
1.1.31 stp point-to-point ................................................................................................. 1-29
1.1.32 stp region-configuration....................................................................................... 1-30
1.1.33 stp root-protection ............................................................................................... 1-30
1.1.34 stp tc-protection................................................................................................... 1-31
1.1.35 stp timer forward-delay........................................................................................ 1-32
1.1.36 stp timer hello ...................................................................................................... 1-33
i
1.1.37 stp timer max-age ............................................................................................... 1-34

1.1.38 stp transit-limit ..................................................................................................... 1-35
1.1.39 vlan-mapping modulo.......................................................................................... 1-36
Chapter 2 BPDU TUNNEL Configuration Commands................................................................ 2-1

2.1 BPDU TUNNEL Configuration Commands ....................................................................... 2-1
2.1.1 vlan-vpn tunnel ........................................................................................................ 2-1
Chapter 3 Digest Snooping Configuration Commands............................................................. 3-1

3.1 Digest Snooping Configuration Commands ...................................................................... 3-1
3.1.1 stp config-digest-snooping ...................................................................................... 3-1
ii
Quidway S3500 Series Ethernet Switches Chapter 1 MSTP Configuration Commands
Chapter 1 MSTP Configuration Commands
1.1 MSTP Configuration Commands

1.1.1 active region-configuration
Syntax
active region-configuration
View
MST region view
Parameter
None
Description
Using active region-configuration command, you can activate the configurations of

MST region.
This command is used for manually activate the configurations of MST region.
Configuring the related parameters, especially the VLAN mapping table, of the MST
region, will lead to the recalculation of spanning tree and network topology flapping. To
bate such flapping, MSTP applies the configured parameters and launches
recalculation of the spanning tree only when you activate the configured MST region
parameters or enable MSTP.
After you entered this command, MSTP will apply the MST region parameters you
configured to the system and recalculate the spanning tree.
For the related command, see instance, region-name, revision-level, vlan-mapping
modulo, check region-configuration .
Example
# Manually activate MST region configurations.

[Quidway-mst-region] active region-configuration
1.1.2 check region-configuration
Syntax
check region-configuration
1-1
View
MST region view
Parameter
None
Description
Using check region-configuration command, you can view the configuration

information (including switch region name, revision level, and VLAN mapping table) to
be activated.
MSTP defines that the user must ensure the correct region configurations, especially
the VLAN mapping table configuration. The switches can be configured in the same
region only if their region names, VLAN mapping tables, and MSTP revision levels are
configured exactly the same. The switch may not be configured in the expected region
due to any slight deviation. You can use this command to display the MST region
configuration information to be activated to know to which MST regions the switch
belongs and check if the MST region configurations are correct.
For the related command, see instance, region-name, revision-level, vlan-mapping
modulo, active region-configuration .
Example
# Display the configuration information about the region.

[Quidway-mst-region] check region-configuration
Admin. Configuration:
Format selector :0
Region name :00b010000001
Revision level :0
Instance Vlans Mapped

0 1 to 9, 11 to 4094
16 10
Field Description
Format selector Factor to selelct protocol type prescribed in MSTP
Region name Region name of MST region
Revision level MSTP revision level of MST region
Instance Vlans Mapped VLAN mapping table of MST region
1-2
1.1.3 display stp
Syntax
display stp [ instance instance-id ] [ interface interface-list | slot slot-num ] [ brief ]
View
Any view
Parameter
instance-id: Specifies the spanning tree instance ID, ranging from 0 to 16, instance 0 is
CIST.
interface-list: Ethernet port list, containing multiple Ethernet ports and expressed as
interface _list = { { interface_type interface_num | interface_name } [ to { interface_type
interface_num | interface_name } ] }&<1-10>. For detail descriptions of interface_type,
interface_num and interface_name parameters, refer to the corresponding descriptions
in Port Command Manual. &<1-10> means that the preceding parameters can be
entered up to 10 times.
slot slot-num: Configure to display the STP configuration of specified slot.
brief: Configure to display the state and protection type of the port only, instead of any
other information.
Description
Using display stp command, you can view the state information and statistics
information of the spanning tree .
The MSTP state and statistics information can help analyze and maintain the network
topology and maintain the normal operation of MSTP.
If no STI ID or port list is specified, the command will display the spanning tree
information of all the instances on all the ports in port number order. If the instance ID is
specified, the command will display the spanning tree information of the specified
instance on all the port in port number order. If only the port list is specified, the
command will display the information about all the STIs on the port in port number order.
If both the STI ID and port list are specified, the command will displays the spanning
tree information of the specified instance on the specified port in instance ID order.
MSTP state information include:
z Global CIST parameter: Protocol operation mode, switch priority in the CIST
instance, MAC address, Hello Time, Max Age, Forward Delay, Max Hops, CIST
common root, external path cost of the switch to the CIST common root, region
root, internal path cost of the switch to the CIST common root, CIST root port of
the switch, and whether to enable BPDU protection;
1-3
z CIST port parameter: Port state, role, priority, path cost, designated bridge,
designated port, edge port/non-edge port, whether connected to the point-to-point
link, port transit limit, whether to enable Root protection, whether being a region
edge port, Hello Time, Max Age, Forward Delay, Message-age time, and
Remaining-hops;
z Global MSTIs parameter: MSTI instance ID, bridge priority of the instance, region
root, internal path cost, MSTI root port, and MASTER bridge;
z MSTIs port parameter: Port state, role, priority, path cost, designated bridge, and
Remaining Hops.
Statistics information: Count of TCN, CONFIG BPDU, RST, and MST BPDU
transmitted/received via the port.
For the related command, see reset stp.
Example
# Display the state and statistics information about the spanning tree.
<Quidway> display stp instance 0 interface ethernet0/1 to ethernet0/10 brief
MSTID Port STP State Guard Type
0 Ethernet0/1 DOWN none
The above information indicates that the MSTIDs of the ethernet0/1 through
ethernet0/10 are all 0, that is, all these ports belong to CIST.
Field Description
MSTID MST instance ID of the port
Port Port number
STP State STP State of the port, which can be up or down.
Guard Type Guard Type of the port, which can be
1-4
1.1.4 display stp region-configuration
Syntax
display stp region-configuration
View
Any view
Parameter
None
Description
Using display stp region-configuration command, you can view the effective MST
region configurations .
MST region configuration information includes: region name, region revision level, and
associations between VLANs and STIs. All these configurations together determine to
which MST region a switch belongs.
For the related command, see stp region-configuration .
Example
# Display the MST region configuration information.

<Quidway> display stp region-configuration
Oper. Configuration:
Format selector :0
Region name :huawei
Revision level :0
Instance Vlans Mapped

0 21 to 4094
1 1 to 10
2 11 to 20
Field Description
Format selector Selection factor descripted in the MSTP protocol
Region name Region name of MST region

Revision level MSTP revision level of MST region
Instance Vlans Mapped VLAN mapping table of MST region
1-5
1.1.5 instance
Syntax
instance instance-id vlan vlan-list

undo instance instance-id [ vlan vlan-list ]
View
MST region view
Parameter
CIST.
vlan-list: Specifies the VLAN list and expressed as vlan-list = { vlan-id [ to
vlan-id ] }&<1-10>. VLAN ID ranges from 1 to 4094. &<1-10> means that the preceding
parameters can be entered up to 10 times. The switch may support VLAN 4095, 4096
others, however, they can only be mapped to CIST (Instance 0).
Description
Using instance command, you can map the specified VLAN list to the specified STI.
Using undo instance command, you can cancel the specified VLAN list from the
specified STI, the removed VLAN will then be mapped to the CIST (i.e., the Instance 0).
If no VLAN is specified in the undo command, all the VLANs associated with the
specified STI will be mapped to CIST.
By default, all the VLANs are mapped to CIST, i.e., the Instance 0.
MSTP describes the association between VLANs and STIs with the VLAN mapping
table. You can use this command to configure this table. Every VLAN can be mapped to
an STI as per your configuration.
A VLAN cannot be mapped to different instances at the same time. The latter
configured association will replace the former one.
For the related command, see region-name, revision-level, check
region-configuration , vlan-mapping modulo, active region-configuration .
Example
# Map VLAN 2 to STI 1.

[Quidway-mst-region] instance 1 vlan 2
1.1.6 region-name
Syntax
region-name name
1-6
undo region-name
View
MST region view
Parameter
name: Specifies the MST region name of the switch with a character string not
exceeding 32 bytes.
Description
Using region-name command, you can configure the MST region name of a switch.
Using undo region-name command, you can restore the default MST region name.
By default, the MST region name of the switch is the first MAC address in hexadecimal
notation.
The switch region name, together with VLAN mapping table of the MST region and
MSTP revision level, is used for determining the region to which the switch belongs.
For the related command, see instance, revision-level, check region-configuration ,
vlan-mapping modulo, active region-configuration .
Example
# Set the MST region name of the switch as huawei.

[Quidway-mst-region] region-name huawei
1.1.7 reset stp
Syntax
reset stp [ interface interface-list ]
View
User view
Parameter
Description
Using reset stp command, you can reset the spanning tree statistics information.
1-7
The spanning tree statistics information includes TCN, Config BPDU, RST, and MST
BPDU, received and transmitted on the port. Among them, STP BPDU and TCN BPDU
are counted on CIST.
When the spanning tree ID and port list are specified, the command clears the statistics
information of the specified spanning tree on the specified port. If no port is specified,
the command clears the statistics information of the specified spanning tree on all the
ports. If no spanning tree is specified, the command clears the statistics information of
all the spanning trees.
For the related command, see display stp.
Example
# Clear the statistics information on the ports from Ethernet0/1 through Ethernet0/3.
<Quidway> reset stp interface ethernet0/1 to ethernet0/3
1.1.8 revision-level
Syntax
revision-level level
undo revision-level
View
MST region view
Parameter
level: Specifies the MSTP revision level, ranging from 0 to 65535. By default, MSTP
revision level takes 0.
Description
Using revision-level command, you can configure MSTP revision level of the switch.
Using undo revision-level command, you can restore the default revision-level .
MSTP revision level, together with region name and VLAN mapping table, is used for
determining the MST region to which the switch belongs.
For the related command, see instance, region-name, check region-configuration ,
vlan-mapping modulo and active region-configuration .
Example
# Set the MSTP revision level of the switch MST region to 5.

[Quidway-mst-region] revision-level 5
1-8
1.1.9 stp
Syntax
stp { enable | disable }

undo stp
View
System view, Ethernet port view
Parameter
enable: Enables global or port MSTP.

disable: Disables global or port MSTP.
Description
Using stp command, you can enable or disable MSTP on a device or a port. Using
undo stp command, you can restore the default MSTP state on a device or a port.
By default, MSTP is disabled on the switch.
After MSTP is enabled, the switch determines to run MSTP in STP-compatible mode or
MSTP mode per your configurations. The switch serves as a transparent bridge after
MSTP is disabled.
After MSTP is enabled, it will dynamically maintain the spanning tree state of the
corresponding VLAN according to the received configuration BPDU until it is disabled.
For the related command, see stp mode, stp interface.
Example
# Enable MSTP globally.

[Quidway] stp enable
# Disable MSTP on Ethernet0/1.

[Quidway-Ethernet0/1] stp disable
1.1.10 stp bpdu-protection
Syntax
stp bpdu-protection
undo stp bpdu-protection
View
System view
1-9
Parameter
None
Description
Using stp bpdu-protection command, you can enable the BPDU protection on the
switch. Using undo stp bpdu-protection command, you can restore the default state
of BPDU protection.
By default, BPDU protection is disabled.
Generally, the access ports of the access layer devices are directly connected to user
terminals (such as PC) or file servers. In this case, the access ports are set to edge
ports to implement fast state transition. However, when such access ports receive
configuration BPDU, the system will automatically set them to non-edge ports and
recalculate the spanning tree, which makes the network topology flap. These ports will
not receive any STP configuration BPDU in normal cases. Anyway, if someone
maliciously attacks the switch with fake configuration BPDU, the network will flap.
MSTP provides BPDU protection function to avoid such attack: After configured with
BPDU protection, the switch will disable the edge port through MSTP, which receives a
BPDU, and notify the network manager at same time. These ports can be resumed by
the network manager only.
Example
# Enable BPDU protection on the switch.

[Quidway] stp bpdu-protection
1.1.11 stp bridge-diameter
Syntax
stp bridge-diameter bridgenum

undo stp bridge-diameter
View
System view
Parameter
bridgenum: Ranges from 2 to 7 and defaults to 7.
Description
Using stp bridge-diameter command, you can configure the switching network
diameter. Using undo stp bridge-diameter command, you can restore the default
network diameter.
1-10
The network diameter refers to the maximum count of switches on the path between
any two terminal devices.
The definition of network diameter: Maximum count of switches between the farthest
communication ends.
stp bridge-diameter command configures the switching network diameter and
determines the three time parameters of MSTP accordingly. This configuration takes
effect on CIST only but makes no sense for MSTI.
The spanning tree convergence can be speeded up, when Hello Time, Forward Delay,
and Max Age are well configured. These parameters are related to the network scale.
You can configure the network scale to get the time parameters. Upon the
user-configured bridge-diameter parameter, MSTP will automatically set Hello Time,
Forward Delay, and Max Age to moderate values. When bridge-diameter defaults to 7,
the time parameters also take their respective default values.
For the related command, see stp timer forward-delay, stp timer hello, stp timer
max-age.
Example
# Set the diameter of the switching network to 5.

[Quidway] stp bridge-diameter 5
1.1.12 stp edged-port
Syntax
stp edged-port { enable | disable }

undo stp edged-port
View
Ethernet port view
Parameter
enable: Configure the current port as an edge port.

disable: Configure the current port as a non-edge port.
Description
Using stp edged-port enable command, you can configure the current Ethernet port
as an edge port. Using stp edged-port disable command, you can configure the
current Ethernet port as a non-edge port. Using undo stp edged-port command, you
can restore the default state, i.e., non-edge port.
By default, all the switch ports are configured as non-edge port.
1-11
If the current Ethernet port is connected to other switch, you can use the stp
edged-port disable or undo stp edged-port command to configure it as a non-edge
port. The stp edged-port enable command is used for configuring the port as an edge
port.
A port is considered as an edge port when it is directly connected to the user terminal,
instead of any other switches or shared network segments. The edge port will not
cause loop upon network topology changes. Accordingly, you can configure a port as
an edge port, so that it can transit to forwarding state fast. For this purpose, please
configure the Ethernet port directly connected to the user terminal as an edge port.
Because the edge port is not connected to any other switches, it will not receive the
configuration BPDUs from them. Before BPDU PROTECTION is enabled on the switch,
the port received a BPDU runs as a non-edge port, even if it is configured as edge port.
For the related command, see stp interface edged-port.
Example
# Configure Ethernet 0/1 as an edge port.

[Quidway-Ethernet0/1] stp edged-port disable
1.1.13 stp cost
Syntax
stp [ instance instance-id ] cost cost

undo stp [ instance instance-id ] cost
View
Ethernet port view
Parameter
CIST.
cost cost: Specifies the port path cost, ranging from 1 to 200000.
Description
Using stp cost command, you can configure the port path cost on the specified STI for
the current port. Using undo stp cost command, you can restore the path cost on the
specified STI.
By default, the path costs of a port on different STIs take the values associated with the
port speeds. For more description, refer to the table offered in the configuration
guideline of the stp interface cost command.
1-12
You may specify the instance-id parameter as 0 to configure CIST path cost of the port.
The path cost has effect on the port role selection. A port can be configured with
different path costs on different MSTIs. Thus the traffic from different VLANs can run
over different physical links, thereby implementing the VLAN-based load-balancing.
MSTP will recalculate the port role and transit its state, upon the port path cost
changes.
If user doesn’t input parameter “instance instance-id“ when configuring switch, the
configuration will only be effective on CIST.
The default values of the path cost varies with the different port speeds, as described in
the following table.
Table 1-4 Cost corresponding to the port speed
Recommended Recommended
Link speed Value range
value value range
10Mbps 2,000 200- 20000 1-200000
100Mbps 200 20-2000 1-200000

1Gbps 20 2-200 1-200000
10G/s 2 2-20 1-200000
Above 10G/s 1 1-2 1-200000
For the related command, see stp interface cost .
Example
# Set the path cost of Ethernet 0/3 on STI 2 to 200.

[Quidway-Ethernet0/3] stp instance 2 cost 200
1.1.14 stp priority
Syntax
stp [ instance instance-id ] priority priority

undo stp [ instance instance-id ] priority
View
System view
Parameter
instance-id: Ranges from 0 to 16.
1-13
priority: Specifies the switch priority, ranging from 0 to 61440 with a step length of 4096.
That is, 16 priorities are available for the switch including 0, 4096, 8192, etc. By default,
the switch priority is 32768.
Description
Using stp priority command, you can configure the bridge priority in the specified STI.
Using undo stp priority command, you can restore the default value of bridge priority .
The switch priority takes part in the spanning tree calculation. It is configured separately
for every STI. Different STIs can be configured with different priorities.
If specifying the instance ID as 0, the command can configure the CIST priority.
Example
# Set the bridge priority of the switch in STI 1 to 4096.

[Quidway] stp instance 1 priority 4096
1.1.15 stp port priority
Syntax
stp [ instance instance-id ] port priority priority

undo stp [ instance instance-id ] port priority
View
Ethernet port view
Parameter
CIST.
port priority priority: Specifies the port priority, ranging from 0 to 240, with a step length
of 16, e.g., 0, 16, and 32. By default, the priorities of a port on the STIs are 128.
Description
Using stp port priority command, you can configure the priority of a port on a specified
STI. Using undo stp port priority command, you can restore the default priority of the
port on the specified STI.
You may specify the instance-id parameter as 0 to configure CIST priority of the port.
The port priority has effect on the port role selection. A port can be configured with
different priorities on different MSTIs. Thus the traffic from different VLANs can run over
different physical links, thereby implementing the VLAN-based load-balancing. MSTP
will recalculate the port role and transit its state, upon the port priority changes.
1-14
If user doesn’t input parameter “instance instance-id“ when configuring switch, the
For the related command, see stp interface port priority.
Example
# Set the priority of Ethernet 0/3 on STI 2 to 16.

[Quidway-Ethernet0/3] stp instance 2 port priority 16
1.1.16 stp root primary
Syntax
stp [ instance instance-id ] root primary [ bridge-diameter bridgenum ] [ hello-time

centi-senconds ]
undo stp [ instance instance-id ] root
View
System view
Parameter
CIST.
root primary: Configure the current switch as the primary root of the designated STI.
bridge-diameter bridgenum: Specify the network diameter of the spanning tree,
hello-time centi-senconds: Specifies the Hello Time of the spanning tree, ranging from
100 to 1000 and measured in centiseconds.
Description
Using stp root primary command, you can configure the current switch as the primary
root of the designated STI. Using undo stp root command, you can cancel the current
switch for the primary root of the designated STI. If user doesn’t input parameter
“instance instance-id“ when configuring switch, the configuration will only be effective
on CIST.
By default, the switch does not server as a root bridge.
You can configure a root bridge for every STI without concerning the switch priority.
When configuring the root bridge, you may also specify the network diameter of the
designated switching network, so that the switch will calculate and get three time
parameter values (Hello time, Forward Delay and Max Age). The Hello time got in this
way may not be as good as expected. You can specify the hello-time centi-senconds
1-15
parameter to overwrite it. Normally, you are recommended to set the network diameter
to get the other two time parameter of the switch accordingly.
Caution:
z In a switching network, you can configure only one root bridge for each STI and one
or more secondary switches. Do not configure more than one root bridge for an STI
at the same time, otherwise, the calculation result will be unpredictable.
z After a switch is configured as primary root switch or secondary root switch, user
can’t modify the bridge priority of the switch.
Example
# Designate the current switch as the root bridge of STI 1 and specifies the diameter of
the switching network as 4 and the Hello Time as 500 centiseconds.
[Quidway] stp instance 1 root primary bridge-diameter 4 hello-time 500
1.1.17 stp root secondary
Syntax
stp [ instance instance-id ] root secondary [ bridge-diameter bridgenum ]

[ hello-time centi-senconds ]
undo stp [ instance instance-id ] root
View
System view
Parameter
CIST.
root secondary: Configure the current switch as the secondary root of the designated
STI.
bridge-diameter bridgenum: Specify the network diameter of the spanning tree,
hello-time centi-senconds: Specify the Hello Time of the spanning tree, ranging from
100 to 1000 and measured in centiseconds.
1-16
Description
Using stp root secondary command, you can configure the current switch as the
secondary root bridge of a specified STI. Using undo stp root command, you can
cancel the current switch for the secondary root bridge of a specified STI. If user
doesn’t input parameter “instance instance-id“ when configuring switch, the
By default, the switch does not server as a secondary root bridge.
You can configure one or more secondary root bridges in an STI. If the primary root is
down or powered off, the secondary root will take its place. Among several secondary
root bridges, the one with the smallest MAC address takes the place of the failed
primary root.
When configuring the secondary root bridge, you may also specify the switching
network diameter and the Hello Time of the switch, so that the other two parameters,
Forward Delay and Max Age, of the switch can be determined. To configure the current
switch as the root bridge of CIST, simply specify instance-id as 0. You can configure
only one root bridge for an STI and one or more secondary root bridges for it.
After a switch is configured as primary root switch or secondary root switch, user can’t
modify the bridge priority of the switch.
Example
# Configure the current switch as the secondary root bridge of STI 4 and specify the
diameter of the switching network as 5 and the Hello Time of the switch as 300
centiseconds.
[Quidway] stp instance 4 root primary bridge-diameter 5 hello-time 300
1.1.18 stp interface
Syntax
stp interface interface-list { enable | disable }
View
System view
Parameter
1-17
enable: Enables MSTP on the port.

disable: Disables MSTP on the port.
Description
Using stp interface command, you can enable/disable MSTP on a switch port in
system view.
By default, if MSTP is enabled globally, it is enabled on every port; if MSTP is disabled
globally, it is also disabled on every port.
When MSTP is disabled, the corresponding port stays in forwarding state and does not
take part in any STI calculation.
Caution:
Loop may be generated, if you disable MSTP on the port.
For the related command, see stp mode, stp.
Example
# Enable MSTP on Ethernet 0/1 in system view.

[Quidway] stp interface ethernet 0/1 enable
1.1.19 stp interface edged-port
Syntax
stp interface interface-list edged-port {enable | disable }

undo stp interface interface-list edged-port
View
System view
Parameter
enable: Configure the current port as an edge port.
1-18
disable: Configure the current port as a non-edge port.
Description
Using stp interface edged-port enable command, you can configure a port as an
edge port in system view. Using stp interface edged-port disable command, you can
configure a port as a non-edge port in system view. Using undo stp interface
edged-port command, you can restore the non-edge port, as defaulted.
By default, all the switch ports are configured as non-edge port.
If the current Ethernet port is connected to other switch, you can use the stp interface
edged-port disable or no stp interface edged-port command to configure it as a
non-edge port. The stp interface edged-port enable command is used for configuring
the port as an edge port.
A port is considered as an edge port when it is directly connected to the user terminal,
instead of any other switches or shared network segments. The edge port will not
cause loop upon network topology changes. Accordingly, you can configure a port as
an edge port, so that it can transit to forwarding state fast. For this purpose, please
configure the Ethernet port directly connected to the user terminal as an edge port.
Because the edge port is not connected to any other switches, it will not receive the
configuration BPDUs from them. Before BPDU PROTECTION is enabled on the switch,
the port received a BPDU runs as a non-edge port, even if it is configured as edge port.
For the related command, see stp edged-port.
Example
# Configure Ethernet 0/3 as an edge port in system view.

[Quidway] stp interface ethernet 0/3 edged-port enable
1.1.20 stp interface cost
Syntax
stp interface interface-list [ instance instance-id ] cost cost

undo stp interface interface-list [ instance instance-id ] cost
View
System view
Parameter
1-19
CIST.
cost cost: Specifies the path cost of the port, ranging from 1 to 200000.
Description
Using stp interface cost command, you can configure the path cost of the specified
port on the specified STI in system view. Using undo stp interface cost command,
you can restore the path cost to default value. If user doesn’t input parameter “instance
instance-id“ when configuring switch, the configuration will only be effective on CIST.
By default, the path cost of the port on every STI is associated with the port speed. For
details, refer to the table in the configuration guideline.
You may specify the instance-id parameter as 0 to configure CIST path cost of the port.
The path cost has effect on the port role selection. A port can be configured with
different path costs on different MSTIs. Thus the traffic from different VLANs can run
over different physical links, thereby implementing the VLAN-based load-balancing.
MSTP will recalculate the port role and transit its state, upon the port path cost
changes.
The default values of the path cost varies with the different port speeds, as described in
the following table.
Table 1-5 Cost corresponding to the port speed
Recommended Recommended
Link speed Value range
value value range
10Mbps 2,000 200 - 20000 1-200000
100Mbps 200 20-2000 1-200000
1Gbps 20 2-200 1-200000
10G/s 2 2-20 1-200000
Above 10G/s 1 1-2 1-200000
For the related command, see stp cost .
Example
# Set the path cost of Ethernet 0/3 on STI 2 to 400 in system view.
[Quidway] stp interface ethernet 0/3 instance 2 cost 400
1-20
1.1.21 stp interface port priority
Syntax
stp interface interface-list [ instance instance-id ] port priority priority

undo stp interface interface-list [ instance instance-id ] port priority
View
System view
Parameter
CIST.
port priority priority: Specifies the port priority, ranging from 0 to 240 with a step length
of 16, e.g., 0, 16 and 32. By default, the port has a priority of 128 on every STI.
Description
Using stp interface port priority command, you can configure the priority of the
specified port on the specified STI in system view. Using undo stp interface port
priority command, you can restore the default priority. If user doesn’t input parameter
“instance instance-id“ when configuring switch, the configuration will only be effective
on CIST.
You may specify the instance-id parameter as 0 to configure CIST priority of the port.
The port priority has effect on the port role selection. A port can be configured with
different priorities on different MSTIs. Thus the traffic from different VLANs can run over
different physical links, thereby implementing the VLAN-based load-balancing. MSTP
will recalculate the port role and transit its state, upon the port priority changes.
For the related command, see stp port priority.
Example
# Set the priority of Ethernet 0/3 on STI 2 to 16 in system view.

[Quidway] stp interface ethernet 0/3 instance 2 port priority 16
1-21
1.1.22 stp interface loop-protection
Syntax
stp interface interface-list loop-protection

undo stp interface interface-list loop-protection
View
System view
Parameter
Description
Using stp interface loop-protection command, you can enable loop protection on the
switch in system view. Using undo stp interface loop-protection command, you can
restore the default loop protection state.
By default, loop protection is disabled.
For the related command, see stp loop-protection.
Example
# Enable loop protection on the Ethernet 0/1.

[Quidway] stp interface ethernet 0/1 loop-protection
1.1.23 stp interface mcheck
Syntax
stp interface interface-list mcheck
View
System view
Parameter
1-22
Description
Using stp interface mcheck command, you can perform mcheck operation on the port
in system view.
If a port of an MSTP switch on a switching network has ever been connected to an STP
switch, the port will automatically transit to operate in STP-compatible mode. However,
when the STP switch is removed, the port stays in STP-compatible mode and cannot
automatically transit back to MSTP mode. In this case, you can perform mCheck
operation to transit the port to MSTP mode by force.
For the related command, see stp mcheck, stp mode.
Example
# Set mcheck parameter of Ethernet 0/3 in system view.

[Quidway] stp interface ethernet 0/3 mcheck
1.1.24 stp interface point-to-point
Syntax
stp interface interface-list point-to-point { force-true | force-false | auto }

undo stp interface interface-list point-to-point
View
System view
Parameter
force-true: Indicates the Ethernet port connected to a point-to-point link.
force-false: Indicates the Ethernet port not connected to a point-to-point link.
auto: Configure to automatically check if the link to the Ethernet port is a point-to-point
link.
1-23
Description
Using stp interface point-to-point command, you can configure a port (not) to be
connected to a point-to-point link in system view. Using undo stp interface
point-to-point command, you can restore the default state of the link to the Ethernet
port.
By default, the parameter defaults to auto, that is, MSTP checks if the link to the
Ethernet port is a point-to-point link.
The port state can’t be rapidly transited if the port doesn’t connected with the
point-to-point link.
The master ports of the link aggregation and the ports operating in full-duplex mode are
connected to the point-to-point link. You are recommended to keep the default settings
and let MSTP detect the link state automatically.
This configuration takes effect on the CIST and all the MSTIs. The settings of a port
whether to connect the point-to-point link will be applied to all the STIs where the port
belongs. Note that a temporary loop may be redistributed if you configure a port not
physically connected with the point-to-point link as connected to such a link by force.
For the related command, see stp point-to-point.
Example
# Configure Ethernet 0/3 to be connected to the point-to-point link in system view.

[Quidway] stp interface ethernet 0/3 point-to-point force-true
1.1.25 stp interface root-protection
Syntax
stp interface interface-list root-protection

undo stp interface interface-list root-protection
View
System view
Parameter
1-24
Description
Using stp interface root-protection command, you can enable Root protection on the
switch in system view. Using undo stp interface root-protection command, you can
restore the default Root protection state.
By default, Root protection is disabled.
In case of configuration error or malicious attack, the legal primary root may receive the
BPDU with a higher priority and then loose its place, which causes network topology
change errors. Due to the illegal change, the traffic supposed to travel over the
high-speed link may be pulled to the low-speed link and congestion will occur on the
network.
Root protection function is used against such problem. The port configured with Root
protection only plays a role of designated port on every instance. Whenever such port
receives a higher-priority BPDU, that is, it is about to turn into non-designated port, it
will be set to listening state and not forward packets any more (as if the link to the port is
disconnected). If the port has not received any higher-priority BPDU for a certain period
of time thereafter, it will resume the normal state.
For the related command, see stp root-protection.
Example
# Enable Root protection on the Ethernet 0/1.

[Quidway] stp interface ethernet 0/1root-protection
1.1.26 stp interface transit-limit
Syntax
stp interface interface-list transit-limit packetnum

undo stp interface interface-list transit-limit
View
System view
Parameter
1-25
packetnum: Specifies the amount limit to the transmitted packets, ranging from 1 to 255
(expressed as a counter value without any units). By default, the transmission limit on
every port is 3.
Description
Using stp interface transit-limit command, you can configure an amount limit to the
configuration BPDU transmitted via a port during the Hello Time in system view. Using
undo stp interface transit-limit command, you can restore the default limit in system
view.
The larger the value is, the more packets can be transmitted in a time unit, yet the more
switch resources will be occupied. With a moderate value, the amount of the BPDUs
transmitted during Hello Time via every port can be limited and MSTP will not occupy
too many bandwidth resources when the network topology flaps.
For the related command, see stp transit-limit.
Example
# Set a limit of 5 to the packets transmitted via Ethernet 0/3 in system view.
[Quidway] stp interface ethernet 0/3 transit-limit 5
1.1.27 stp loop-protection
Syntax
stp loop-protection
undo stp loop-protection
View
Ethernet port view
Parameter
None
Description
Using stp loop-protection command, you can enable loop protection function. Using
undo stp loop-protection command, you can restore the restore setting.
By default, the loop protection function is not enabled.
Example
# Enable loop protection function in Ethernet 0/1.

[Quidway-Ethernet0/1] stp loop-protection
1-26
1.1.28 stp max-hops
Syntax
stp max-hops hop

undo stp max-hops
View
System view
Parameter
hop: Specifies the max hops, ranging from 1 to 40. By default, MST region Max Hops is
20.
Description
Using stp max-hops command, you can configure the Max Hops of an MST region.
Using undo stp max-hops command, you can restore the default Max Hops.
On CIST and MSTIs, the Max Hops configured on the region root determines the max
switching network diameter supported by the local MST region. As the BPDU traveling
from the spanning tree root, each time when it is forwarded by a switch, the max hops
will be reduced by 1. The switch discards the configuration BPDU with 0 hops left,
thereby limiting the network scale inside the region. If the current switch is a CIST root
bridge or MSTI root bridge in an MST region, the Max Hops configured on it will be the
network diameter of the spanning tree to limit its scale in the local MST region. The Max
Hops configured on the root bridge in an MST region will be adopted by other switches
in the same region.
Example
# Set the Max Hops of an MST region to 35.

[Quidway] stp max-hops 35
1.1.29 stp mcheck
Syntax
stp mcheck
View
System view\Ethernet port view
Parameter
None
1-27
Description
Using stp mcheck command, you can perform mcheck on the current port.
If a port of an MSTP switch on a switching network has ever been connected to an STP
switch, the port will automatically transit to operate in STP-compatible mode. However,
when the STP switch is removed, the port stays in STP-compatible mode and cannot
automatically transit back to MSTP mode. In this case, you can perform mCheck
operation to transit the port to MSTP mode by force.
For the related command, see stp mode, stp interface mcheck.
Example
# Set mcheck parameter for Ethernet0/1.

[Quidway-Ethernet0/1] stp mcheck
1.1.30 stp mode
Syntax
stp mode { stp | rstp | mstp }

undo stp mode
View
System view
Parameter
stp: Configure the MSTP operation mode as STP-compatible.

rstp: Configure the MSTP operation mode as RSTP.
mstp: Configure the MSTP operation mode as MSTP.
Description
Using stp mode command, you can configure MSTP operation mode of the switch.
Using undo stp mode command, you can restore the default MSTP operation mode.
By default, switch work in MSTP mode
MSTP and RSTP are compatible and they can recognize the packets of each other.
However, STP cannot recognize MSTP packets. To implement the compatibility, MSTP
provides two operation modes, STP-compatible mode and MSTP mode. In
STP-compatible mode, the switch sends STP BPDU packets via every port and serves
as a region itself. In MSTP mode, the switch ports send MSTP BPDU packets (when
connected to the STP switch) and the switch provides multiple spanning tree function.
For the related command, see stp mcheck, stp, stp interface, stp interface mcheck.
1-28
Example
# Set MSTP operation mode as STP-compatible.

[Quidway] stp mode stp
1.1.31 stp point-to-point
Syntax
stp point-to-point { force-true | force-false | auto }

undo stp point-to-point
View
Ethernet port view
Parameter
force-true: Indicates the Ethernet port connected to a point-to-point link.

force-false: Indicates the Ethernet port not connected to a point-to-point link.
auto: Configure to automatically check if the link to the Ethernet port is a point-to-point
link.
Description
Using stp point-to-point command, you can configure the current Ethernet port (not)
to connect with point-to-point link. Using undo stp point-to-point command, you can
configure the link state to the default state in which MSTP automatically detects if the
link to the Ethernet port is point-to-point link.
By default, switch adopts auto mode.
The port state can’t be rapidly transited if the port doesn’t connected with the
point-to-point link.
The master ports of the link aggregation and the ports operating in full-duplex mode are
connected to the point-to-point link. You are recommended to keep the default settings
and let MSTP detect the link state automatically.
This configuration takes effect on the CIST and all the MSTIs. The settings of a port
whether to connect the point-to-point link will be applied to all the STIs where the port
belongs. Note that a temporary loop may be redistributed if you configure a port not
physically connected with the point-to-point link as connected to such a link by force.
For the related command, see stp interface point-to-point.
Example
# Configure Ethernet 0/3 to be connected to the point-to-point link.

[Quidway-Ethernet0/3] stp point-to-point force-true
1-29
1.1.32 stp region-configuration
Syntax
stp region-configuration
undo stp region-configuration
View
System view
Parameter
None
Description
Using stp region-configuration command, you can enter MST region view. Using
undo stp region-configuration command, you can restore the default MSTP region
configurations.
By default, the three MST region parameters take the default values. The MST region
name of the switch is the first MAC address, all the VLANs are mapped to CIST, and
MSTP revision level takes 0.
You can enter MST region view, using the stp region-configuration command. And
then you can configure the parameters including region name, revision level, and VLAN
mapping table of the region.
Example
# Enter MST region view.

[Quidway] stp region-configuration
[Quidway-mst-region]
1.1.33 stp root-protection
Syntax
stp root-protection
undo stp root-protection
View
Ethernet port view
Parameter
None
1-30
Description
Using stp root-protection command, you can enable on Root protection the switch.
Using undo stp root-protection command, you can restore the default state of Root
protection.
By default, Root protection is disabled.
In case of configuration error or malicious attack, the legal primary root may receive the
BPDU with a higher priority and then loose its place, which causes network topology
change errors. Due to the illegal change, the traffic supposed to travel over the
high-speed link may be pulled to the low-speed link and congestion will occur on the
network.
MSTP provides Root protection function to protect the root bridge: The port configured
with Root protection only plays a role of designated port on every instance. Whenever
such port receives a higher-priority BPDU, it will be set to listening state and not forward
packets any more (as if the link to the port is disconnected). If the port has not received
any higher-priority BPDU for a certain period of time thereafter, it will resume the normal
state.
For the related command, see stp interface root-protection.
Example
# Enable Root protection on the Ethernet0/1 port of the switch.

[Quidway-Ethernet0/1] stp root-protection
1.1.34 stp tc-protection
Syntax
stp tc-protection enable

stp tc-protection disable
View
System view
Parameter
None
Description
Using the stp tc-protection enable command, you can enable the protection function
from being attacked by TC-BPDU packets on the switch. Using the stp tc-protection
disable command, you can disable the protection function.
By default, the protection from TC-BPDU packet attack is enabled.
1-31
As a general rule, the switch deletes the corresponding entries in the MAC address
table and ARP table upon receiving TC-BPDU packets. When under malicious attacks
of TC-BPDU packets, the switch shall receive a great number of TC-BPDU packets in a
very short period. Too frequent delete operations shall consume huge switch sources
and bring great risk to network stability.
When the protection from TC-BPDU packet attack is enabled, the switch just perform
one delete operation in a specified period after receiving TC-BPDU packets, as well as
monitoring whether it receives TC-BPDU packets during this period. Even if it detects a
TC-BPDU packet is received in a period shorter than the specified interval, the switch
shall not run the delete operation till the specified interval is reached. This can avoid
frequent delete operations to the MAC address table and ARP table.
Example
# Enable TC-BPDU protection on the switch.

[Quidway] stp tc-protection enable
1.1.35 stp timer forward-delay
Syntax
stp timer forward-delay centi-senconds

undo stp timer forward-delay
View
System view
Parameter
centi-senconds: Specifies Forward Delay, ranging from 400 to 3000 and measured in
centiseconds. By default, the Forward Delay of the switch is 1500 centiseconds.
Description
Using stp timer forward-delay command, you can configure Forward Delay for the
switch. Using undo stp timer forward-delay command, you can restore the default
Forward Delay .
To avoid temporary loop, MSTP defines a medium state, Learning, when the port
switches from the Discarding state to Forwarding state. There is also a delay before
state switchover to guarantee the synchronous switchover with the remote switch. The
Forward Delay configured on the root bridge determines the state transition time.
The root bridge will determine the state transition time according to the configured
values, while the other switches will apply the forward delay configured on it.
When configuring Hello time, Forward Delay and Max Age, please guarantee the
following equations:
1-32
2 * (Forward Delay - 1.0 seconds) >= Max Age

Max Age >= 2 * (Hello Time + 1.0 seconds)
Only if the above-mentioned formulas are equal can the MSTP normally operate on the
entire network, otherwise, the network may flap frequently. You are recommended to
use the stp root primary command to specify the diameter of the switching network,
so that MSTP can automatically calculate and give the moderate values for the time
parameters.
For the related command, see stp timer hello, stp timer max-age, stp
bridge-diameter.
Example
# Set the Forward Delay of the device to 2000 centiseconds.

[Quidway] stp timer forward-delay 2000
1.1.36 stp timer hello
Syntax
stp timer hello centi-senconds

undo stp timer hello
View
System view
Parameter
centi-senconds: Specifies Hello Time value with an integer in the range of 100 to 1000
in units of centiseconds. By default, the Hello Time of the switch is 200 centiseconds.
Description
Using stp timer hello command, you can configure Hello Time of the switch. Using
undo stp timer hello command, you can restore the default Hello Time.
The STP defines to transmit configuration BPDU regularly at an interval specified with
Hello Time to keep the spanning tree stable. If the switch receives no BPDU packets
for a period of time, it will recalculate the spanning tree upon the BPDU timeouts. The
root bridge transmits BPDU packets at an interval as you configured, while other
switches apply the Hello Time configured on the root bridge.
When configuring Hello time, Forward Delay and Max Age, remember to guarantee the
following equations:
2 * (Forward Delay -1.0 seconds) >= Max Age
1-33
parameters.
For the related command, see stp timer forward-delay, stp timer max-age, stp
bridge-diameter.
Example
# Set Hello Time of the switch 300 centiseconds.

[Quidway] stp timer hello 300
1.1.37 stp timer max-age
Syntax
stp timer max-age centi-senconds

undo stp timer max-age
View
System view
Parameter
centiseconds: Specifies the Max Age, ranging from 600 to 4000 and measured with
centiseconds. By default, the Max Age of the switch is 2000 centiseconds.
Description
Using stp timer max-age command, you can configure the Max Age of the switch.
Using undo stp timer max-age command, you can restore the default Max Age.
MSTP can detect the link fault and automatically resume the forwarding state of the
redundant link. On the CIST, the switch checks if the configuration BPDU received via
the port expires according to the Max Age. If the BPDU expires, the STI has to be
calculated again.
Max Age takes no effect on MSTIs. If the current switch is CIST root bridge, it will check
if the configuration BPDU expires according to the configured Max Age. Otherwise, the
switch adopts the Max Age configured on the CIST root bridge.
When you configure Hello time, Forward Delay and Max Age, ensure the following
formulas equal:
2 * (Forward Delay -1.0 seconds) >= Max Age
1-34
parameters.
For the related command, see stp timer forward-delay, stp timer hello, stp
bridge-diameter.
Example
# Set Max Age of the device to 1000 centiseconds.

[Quidway] stp timer max-age 1000
1.1.38 stp transit-limit
Syntax
stp transit-limit packetnum

undo stp transit-limit
View
Ethernet port view
Parameter
packetnum: Specifies the amount limit to the transmitted packets, ranging from 1 to 255
(expressed as a counter value without any units). By default, the value is 3.
Description
Using stp transit-limit command, you can configure an amount limit to the
configuration BPDU transmitted via a port during the Hello Time. Using undo stp
transit-limit command, you can restore the default limit.
The larger the value is, the more packets can be transmitted in a time unit, yet the more
switch resources will be occupied. With a moderate value, the amount of the BPDUs
transmitted during Hello Time via every port can be limited and MSTP will not occupy
too many bandwidth resources when the network topology flaps.
For the related command, see stp interface transit-limit.
Example
# Set a limit of 5 to the packets transmitted via Ethernet 0/1.

[Quidway-Ethernet0/1] stp transit-limit 5
1-35
1.1.39 vlan-mapping modulo
Syntax
vlan-mapping modulo modulo
View
MST region view
Parameter
modulo: Specifies the modulus, ranging from 1 to 16.
Description
Using vlan-mapping modulo command, you can map a VLAN list to an STI.
By default, all the VLANs are mapped to CIST, namely Instance 0.
MSTP describes the association between VLANs and STIs with the VLAN mapping
table. You can use this command to configure this table. Every VLAN can be mapped to
an STI as per your configuration.
A VLAN cannot be mapped to different MSTI at the same time. The latter configured
association will replace the former one.
The vlan-mapping modulo modulo command designates VLAN for every STI fast. It
maps the VLAN to an STI whose ID is (VLAN ID-1)%modulo+1. (Note: (VLAN ID-1)
%modulo performs modulo operation on (VLAN ID-1). Taking the operation modulo 16
as an example, vlan 1 maps to MSTI 1, vlan 2 maps to MSTI2 ...vlan 16 maps to
MSTI16, vlan 17 maps to MSTI 1, and so on.)
For the related command, see region-name, revision-level, display configuration,
active configuration, .
Example
# Map VLAN to STI modulo 16.

[Quidway-mst-region] vlan-mapping modulo 16
1-36
Quidway S3500 Series Ethernet Switches Chapter 2 BPDU TUNNEL Configuration Commands
Chapter 2 BPDU TUNNEL Configuration

Commands
Note:
S3552G/S3552P/S3552F/S3528G/S3528P support BPDU TUNNEL.
2.1 BPDU TUNNEL Configuration Commands

2.1.1 vlan-vpn tunnel
Syntax
vlan-vpn tunnel
undo vlan-vpn tunnel
View
System view
Parameter
None
Description
Use the vlan-vpn tunnel command to enable bridge protocol data unit (BPDU) Tunnel
on the switch.
Use the undo vlan-vpn tunnel command to disable BPDU Tunnel on the switch.
BPDU Tunnel enables geographically segmented user network to transmit BPDU
packets transparently over the specified VLAN VPN on the operator’s network. This
allows the user network to participate in a uniform spanning tree calculation while
maintaining a separate spanning tree from the operator network.
By default, BPDU Tunnel is disabled.
Example
# Enable BPDU Tunnel on the switch.

[Quidway] vlan-vpn tunnel
2-1
Quidway S3500 Series Ethernet Switches Chapter 3 Digest Snooping Configuration Commands
Chapter 3 Digest Snooping Configuration

Commands
3.1 Digest Snooping Configuration Commands

3.1.1 stp config-digest-snooping
Syntax
stp config-digest-snooping
undo stp config-digest-snooping
View
System view, Ethernet interface view
Parameter
None
Description
Using the stp config-digest-snooping command, you can enable digest snooping.
Using the undo stp config-digest-snooping command, you can disable digest
snooping.
Digest snooping is disabled by default.
According to IEEE 802.1s, two connected switches can communicate through MSTIs
(multiple spanning tree instances) in a MSTP (multiple spanning tree protocol) domain
only when they are configured with the same domain settings. With MSTP employed,
interconnected switches determine whether or not they are in the same domain by
checking the configuration IDs of the BPDUs between them. (Configuration ID
comprises information such as domain ID and configuration digest.)
As some switches come with some proprietary protocols concerning STP employed,
they cannot communicate with other switches in MSTP domains even both of them are
configured with the same domain configuration settings.
This can be overcome by implementing digest snooping. Digest snooping enables a
switch to track and maintain configuration digests of other switches that are in the same
domain by examining their BPDUs and insert corresponding configuration digests in its
BPDUs destined for these switches, through which switches of different type are
capable of communicating with each other in a MSTP domain.
3-1
Quidway S3500 Series Ethernet Switches Chapter 3 Digest Snooping Configuration Commands
Note:
z You must enable digest snooping on an interface first before enabling it globally.
z Digest snooping is unnecessay if the interconnected switches are from the same
vendor.
z To enable digest snooping, the interconneted switches must be configured with the
same settings.
z To enable digest snooping, all interfaces in a MSTP domain used to connect other
switches must have digest snooping enabled.
z Do not enable digest snooping on border interfaces of a MSTP domain.
z To change domain configuration, be sure to disable digest snooping first to prevent
broadcast storm.
Example
# Enable digest snooping on GigabitEthernet1/0/1 interface.

[Quidway] interface GigabitEthernet1/0/1
[Quidway-GigabitEthernet1/0/1] stp config-digest-snooping
[Quidway-GigabitEthernet1/0/1] quit
[Quidway] stp config-digest-snooping
3-2
HUAWEI

Command Manual
Security

Command Manual - Security
Table of Contents
Chapter 1 802.1x Configuration Commands .............................................................................. 1-1

1.1 802.1x Configuration Commands ...................................................................................... 1-1
1.1.1 display dot1x ........................................................................................................... 1-1
1.1.2 dot1x........................................................................................................................ 1-2
1.1.3 dot1x authentication-method................................................................................... 1-3
1.1.4 dot1x dhcp-launch................................................................................................... 1-5
1.1.5 dot1x guest-vlan ...................................................................................................... 1-5
1.1.6 dot1x max-user........................................................................................................ 1-6
1.1.7 dot1x port-control .................................................................................................... 1-7
1.1.8 dot1x port-method ................................................................................................... 1-9
1.1.9 dot1x quiet-period ................................................................................................. 1-10
1.1.10 dot1x re-authenticate .......................................................................................... 1-10
1.1.11 dot1x retry ........................................................................................................... 1-11
1.1.12 dot1x retry-version-max ...................................................................................... 1-12
1.1.13 dot1x supp-proxy-check ...................................................................................... 1-13
1.1.14 dot1x timer........................................................................................................... 1-14
1.1.15 dot1x version-check ............................................................................................ 1-16
1.1.16 reset dot1x statistics............................................................................................ 1-17
Chapter 2 Portal Configuration Commands ............................................................................... 2-1

2.1 Portal Configuration Commands........................................................................................ 2-1
2.1.1 debugging portal...................................................................................................... 2-1
2.1.2 display portal ........................................................................................................... 2-2
2.1.3 portal ....................................................................................................................... 2-5
2.1.4 portal arp-handshake .............................................................................................. 2-6
2.1.5 portal auth-network ................................................................................................. 2-7
2.1.6 portal delete-user .................................................................................................... 2-8
2.1.7 portal free-ip ............................................................................................................ 2-8
2.1.8 portal free-user ........................................................................................................ 2-9
2.1.9 portal method ........................................................................................................ 2-10
2.1.10 portal server ........................................................................................................ 2-11
2.1.11 portal upload........................................................................................................ 2-12
2.1.12 reset portal .......................................................................................................... 2-13
Chapter 3 AAA & RADIUS Protocol Configuration Commands................................................ 3-1

3.1 AAA Configuration Commands.......................................................................................... 3-1
3.1.1 access-limit.............................................................................................................. 3-1
3.1.2 attribute ................................................................................................................... 3-2
3.1.3 cut connection ......................................................................................................... 3-3
i
3.1.4 display connection................................................................................................... 3-4

3.1.5 display domain ........................................................................................................ 3-5
3.1.6 display local-user..................................................................................................... 3-6
3.1.7 domain..................................................................................................................... 3-8
3.1.8 idle-cut..................................................................................................................... 3-9
3.1.9 local-user............................................................................................................... 3-10
3.1.10 local-user password-display-mode...................................................................... 3-11
3.1.11 messenger........................................................................................................... 3-11
3.1.12 name ................................................................................................................... 3-12
3.1.13 password ............................................................................................................. 3-13
3.1.14 radius-scheme..................................................................................................... 3-14
3.1.15 self-service-url ..................................................................................................... 3-14
3.1.16 service-type ......................................................................................................... 3-15
3.1.17 state..................................................................................................................... 3-16
3.1.18 vlan-assignment-mode........................................................................................ 3-17
3.2 RADIUS Protocol Configuration Commands ................................................................... 3-18
3.2.1 accounting-on enable............................................................................................ 3-18
3.2.2 accounting optional ............................................................................................... 3-20
3.2.3 data-flow-format .................................................................................................... 3-20
3.2.4 display local-server statistics................................................................................. 3-21
3.2.5 display radius ........................................................................................................ 3-22
3.2.6 display radius statistics ......................................................................................... 3-23
3.2.7 display stop-accounting-buffer .............................................................................. 3-24
3.2.8 key......................................................................................................................... 3-25
3.2.9 local-server............................................................................................................ 3-26
3.2.10 nas-ip................................................................................................................... 3-27
3.2.11 primary accounting.............................................................................................. 3-28
3.2.12 primary authentication......................................................................................... 3-29
3.2.13 radius nas-ip........................................................................................................ 3-30
3.2.14 radius scheme ..................................................................................................... 3-31
3.2.15 reset radius statistics........................................................................................... 3-32
3.2.16 reset stop-accounting-buffer ............................................................................... 3-32
3.2.17 retry ..................................................................................................................... 3-33
3.2.18 retry realtime-accounting..................................................................................... 3-34
3.2.19 retry stop-accounting........................................................................................... 3-35
3.2.20 secondary accounting ......................................................................................... 3-36
3.2.21 secondary authentication .................................................................................... 3-36
3.2.22 server-type .......................................................................................................... 3-37
3.2.23 state..................................................................................................................... 3-38
3.2.24 stop-accounting-buffer enable............................................................................. 3-39
3.2.25 timer .................................................................................................................... 3-40
3.2.26 timer quiet............................................................................................................ 3-41
ii
3.2.27 timer realtime-accounting.................................................................................... 3-41

3.2.28 user-name-format................................................................................................ 3-42
Chapter 4 EAD Configuration Commands .................................................................................. 4-1

4.1 EAD Configuration Commands.......................................................................................... 4-1
4.1.1 session-control-server............................................................................................. 4-1
Chapter 5 HABP Configuration Commands ............................................................................... 5-1

5.1 HABP Commands.............................................................................................................. 5-1
5.1.1 display debugging habp .......................................................................................... 5-1
5.1.2 display habp ............................................................................................................ 5-1
5.1.3 display habp table ................................................................................................... 5-2
5.1.4 display habp traffic .................................................................................................. 5-2
5.1.5 habp enable............................................................................................................. 5-3
5.1.6 habp server vlan...................................................................................................... 5-4
5.1.7 habp timer ............................................................................................................... 5-4
Chapter 6 System-guard Configuration Commands ................................................................. 6-1

6.1 System-guard Configuration Commands .......................................................................... 6-1
6.1.1 display system-guard ip-record ............................................................................... 6-1
6.1.2 display system-guard state ..................................................................................... 6-2
6.1.3 system-guard enable............................................................................................... 6-3
6.1.4 system-guard detect-maxnum................................................................................. 6-4
6.1.5 system-guard detect-threshold................................................................................ 6-5
6.1.6 system-guard no-learn-dip enable .......................................................................... 6-5
iii
Quidway S3500 Series Ethernet Switches Chapter 1 802.1x Configuration Commands
Chapter 1 802.1x Configuration Commands
1.1 802.1x Configuration Commands

1.1.1 display dot1x
Syntax
display dot1x [ sessions | statistics ] [ interface interface-list ]
View
Any view
Parameter
sessions: Configures to display the session connection information of 802.1x.

statistics: Configures to display the relevant statistics information of 802.1x.
interface: Configures to display the 802.1x information on the specified interface.
interface-list: Ethernet interface list including several Ethernet interfaces, expressed in
the format interface-list = { interface-num [ to interface-num ] } & < 1-10 >.
interface-num specifies a single Ethernet interface in the format interface-num =
{ interface-type interface-num | interface-name }, where interface-type specifies the
interface type, interface-num specifies the interface number and interface-name
specifies the interface name. For the respective meanings and value ranges, read the
Parameter of the Port Command Manual section.
Description
Using display dot1x command, you can view the relevant information of 802.1x,
including configuration information, running state (session connection information) and
relevant statistics information.
By default, all the relevant 802.1x information about each interface will be displayed.
This command can be used to display the following information on the specified
interface: 802.1x configuration, state or statistics. If no port is specified when executing
this command, the system will display all 802.1x related information. For example,
802.1x configuration of all ports, 802.1x session connection information, and 802.1x
data statistical information. The output information of this command can help the user
to verify the current 802.1x configurations so as to troubleshoot 802.1x .
For the related commands, see reset dot1x statistics, dot1x, dot1x retry, dot1x
max-user, dot1x port-control, dot1x port-method, dot1x timer.
1-1
Example
# Display the configuration information of 802.1x. ( Take the S3552G as an example. )

<Quidway> display dot1x
Equipment 802.1X protocol is disabled
CHAP authentication is enabled
DHCP-launch is disabled
Proxy trap checker is disabled
Proxy logoff checker is disabled
Configure: Transmit Period 000030 s, Commit Period 000015 s

ReAuth Period 003600 s
Quiet Period 000060 s, Value of Quiet Period Timer is disabled
Supp Timeout 000030 s, Value of Server Timeout 000100 s
The maximal retransmitting times 000003
Handshake period 000015 s
Total maximum on-line user number is 1024

Total current on-line user number is 0
Ethernet0/1 is link-down
802.1X protocol is disabled
Proxy trap checker is disabled
Proxy logoff checker is disabled
Version-Check is disabled
The port is a(n) authenticator
Authenticate Mode is auto
Port Control Type is Mac-based
ReAuthenticate is disabled
Max on-line user number is 256
… (Omitted)
1.1.2 dot1x
Syntax
dot1x [ interface interface-list ]

undo dot1x [ interface interface-list ]
View
1-2
Parameter
interface interface-list: Ethernet port list including several Ethernet ports. interface-list
= { interface-num [ to interface-num ] } & < 1-10 >. interface-num specifies a single
Ethernet port in the format interface-num = { interface-type interface-num |
interface-name }, where interface-type specifies the port type, interface-num specifies
the port number and interface-name specifies the port name. For the respective
meanings and value ranges, read the Parameter of the Port Configuration section.
Description
Using dot1x command, you can enable 802.1x on the specified port or globally (i.e., on
the current device). Using undo dot1x command, you can disable the 802.1x on the
specified port or globally.
By default, 802.1x is disabled on all the ports and globally on the device.
This command is used to enable the 802.1x on the current device or on the specified
port. When it is used in system view, if the parameter ports-list is not specified, 802.1x
will be globally enabled. If the parameter ports-list is specified, 802.1x will be enabled
on the specified port. When this command is used in Ethernet port view, the parameter
interface-list cannot be input and 802.1x can only be enabled on the current port.
The configuration command can be used to configure the global or port 802.1x
performance parameters before or after 802.1x is enabled. Before 802.1x is enabled
globally, if the parameters are not configured globally or for a specified port, they will
maintain the default values.
After the global 802.1x performance is enabled, only when port 802.1x performance is
enabled will the configuration of 802.1x become effective on the port.
For the related commands, see display dot1x.
Example
# Enable 802.1x on Ethernet 0/1.

[Quidway] dot1x interface Ethernet 0/1
# Enable the 802.1x globally.

[Quidway] dot1x
1.1.3 dot1x authentication-method
Syntax
For S3552G, S3552P, S3528G, S3528P, S3526E, S3526E FM, S3526E FS and
S3526C:
dot1x authentication-method { chap | pap | eap }
undo dot1x authentication-method
1-3
For S3526, S3526 FM and S3526 FS:

dot1x authentication-method { chap | pap | eap md5-challenge }
undo dot1x authentication-method
View
System view
Parameter
chap: Use CHAP authentication method.

pap: Use PAP authentication method.
eap: Use EAP authentication method.
Description
Using dot1x authentication-method command, you can configure the authentication

method for 802.1x user. Using undo dot1x authentication-method command, you
can restore the default authentication method of 802.1x user.
By default, CHAP authentication is used for 802.1x user authentication.
Password Authentication Protocol (PAP) is a kind of authentication protocol with two
handshakes. It sends password in the form of simple text.
Challenge Handshake Authentication Protocol (CHAP) is a kind of authentication
protocol with three handshakes. It only transmits username but not password. CHAP is
more secure and reliable.
In the process of EAP authentication, switch directly sends authentication information
of 802.1x user to RADIUS server in the form of EAP packet. It is not necessary to
transfer the EAP packet to standard RADIUS packet first and then send it to RADIUS
server.
Note:
For EAP authentication, the S3552G, S3552P, S3528G, S3528P, S3526E, S3526E
FM, S3526E FS and S3526C switches support the PEAP, EAP-TLS, and EAP-MD5
authentication. To enable any of the three, you just need to enable the EAP
authentication. However, the S3526, S3526 FM, and S3526 FS switches support
EAP-MD5 authentication only.
Please note: To realize PAP, CHAP or EAP authentication, RADIUS server should
support PAP, CHAP or EAP authentication respectively.
For the related command, see display dot1x.
1-4
Example
# Configure 802.1x user to use PAP authentication.

[Quidway] dot1x authentication-method pap
1.1.4 dot1x dhcp-launch
Syntax
dot1x dhcp-launch
undo dot1x dhcp-launch
View
System view
Parameter
None
Description
Using dot1x dhcp-launch command, you can set 802.1x to disable the switch to
trigger the user ID authentication over the users who configure static IP addresses in
DHCP environment. Using undo dot1x dhcp-launch command, you can set 802.1x to
enable the switch to trigger the authentication over them.
By default, the switch can trigger the user ID authentication over the users who
configure static IP addresses in DHCP environment.
For the related command, see dot1x.
Example
# Disable the switch to trigger the authentication over the users who configure static IP
addresses in DHCP environment.
[Quidway] dot1x dhcp-launch
1.1.5 dot1x guest-vlan
Syntax
dot1x guest-vlan vlan-id [ interface interface-list ]

undo dot1x guest-vlan vlan-id [ interface interface-list ]
View
1-5
Parameter
vlan-id: ID of Guest VLAN, ranging from 1 to 4094.

interface_list: Enable the Guest VLAN interface list. interface_list = { interface_type
interface_num | interface_name } [ to { interface_type interface_num |
interface_name } ] &<1-10>. Note that after the key work to, the port number must be
equal to or greater than the port number before to. &<1-10> means the parameter
before it can be input repeatedly for 10 times.
Description
Using the dot1x guest-vlan command, you can enable the Guest VLAN function on
specified port. Using the undo dot1x guest-vlan command, you can disable this
function.
When you execute this command in system view, if you do not input the interface-list
parameter, it means that to enable Guest VLAN on all ports; if you specify this
parameter, it means that to enable Guest VLAN on the specified port.
When you execute this command in Ethernet port view, you can only enable Guest
VLAN on the current port, and the interface-list parameter cannot be input.
Note the following:
z Guest VLAN is only supported in the port-based authentication mode.
z A switch only can be configured with one Guest VLAN.
z Users who skip the authentication, fail in the authentication or get offline belong to
the Guest VLAN.
z If dot1x dhcp-launch is configured on the switch, the Guest VLAN function
cannot be implemented because the switch does not send active authentication
packet in this mode.
z Among S3500 series ethernet switches, S3552G, S3552P, S3528G, S3528P,
S3526E, S3526E FM, S3526E FS and S3526C support Guest VLAN, and S3526,
S3526 FM and S3526 FS don’t.
Example
# Set the authentication mode to port-based.

[Quidway] dot1x port-method portbased
# Enable Guest VLAN on all ports.

[Quidway] dot1x guest-vlan 1
1.1.6 dot1x max-user
Syntax
dot1x max-user user-number [ interface interface-list ]

undo dot1x max-user [ interface interface-list ]
1-6
View
Parameter
user-number: Specifies the limit to the amount of supplicants on the port, ranging from 1
to 256.
By default, the maximum user number is 256.
interface interface-list: Ethernet interface list including several Ethernet interfaces,
expressed in the format interface-list = { interface-num [ to interface-num ] } & < 1-10 >.
Description
Using dot1x max-user command, you can configure a limit to the amount of
supplicants on the specified interface of 802.1x. Using undo dot1x max-user
This command is used for setting a limit to the amount of supplicants that 802.1x can
hold on the specified interface. This command has effect on the interface specified by
the parameter interface-list when executed in system view. It has effect on all the
interfaces when no interface is specified. The parameter interface-list cannot be input
when the command is executed in Ethernet Port view and it has effect only on the
current interface.
Example
# Configure the interface Ethernet 0/1 to hold no more than 32 users.

[Quidway] dot1x max-user 32 interface Ethernet 0/1
1.1.7 dot1x port-control
Syntax
dot1x port-control { auto | authorized-force | unauthorized-force } [ interface

interface-list ]
undo dot1x port-control [ interface interface-list ]
View
1-7
Parameter
auto: Automatic identification mode, configuring the initial state of the interface as
unauthorized. The user is only allowed to receive or transmit EAPoL packets but not to
access the network resources. If the user passes the authentication flow, the interface
will switch over to the authorized state and then the user is allowed to access the
network resources. This is the most common case.
authorized-force: Forced authorized mode, configuring the interface to always stay in
authorized state and the user is allowed to access the network resources without
authentication/authorization.
unauthorized-force: Forced unauthorized mode, configuring the interface to always
stay in non-authorized mode and the user is not allowed to access the network
resources.
Description
Using dot1x port-control command, you can configure the mode for 802.1x to perform
access control on the specified interface. Using undo dot1x port-control command,
you can restore the default access control mode.
By default, the value is auto.
This command is used to set the mode, or the interface state, for 802.1x to perform
access control on the specified interface. This command has effect on the interface
specified by the parameter interface-list when executed in system view. It has effect on
all the interfaces when no interface is specified. The parameter interface-list cannot be
input when the command is executed in Ethernet port view and it has effect only on the
current interface.
Example
# Configure the interface Ethernet 0/1 to be in unauthorized-force state.

[Quidway] dot1x port-control unauthorized-force interface Ethernet 0/1
1-8
1.1.8 dot1x port-method
Syntax
dot1x port-method { macbased | portbased } [ interface interface-list ]

undo dot1x port-method [ interface interface-list ]
View
Parameter
macbased: Configures the 802.1x authentication system to perform authentication on

the supplicant based on MAC address.
portbased: Configures the 802.1x authentication system to perform authentication on
the supplicant based on interface number.
Description
Using dot1x port-method command, you can configure the base for 802.1x to perform
access control on the specified interface. Using undo dot1x port-method command,
you can restore the default access control base.
By default, the value is macbased.
This command is used to set the base for 802.1x to perform access control, namely
authenticate the users, on the specified interface. When macbased is adopted, the
user access this interface must be authenticated independently, and if one successful
authentication user is to finish network service, the other accessed users can still use
network service. When portbased is adopted, if only the first access user by this
interface can be authenticated successfully, the other access users followed can be
considered authenticated successfully automatically ,but if the first one finish the
network service , the other accessed users’ network service will be rejected . .
This command has effect on the interface specified by the parameter interface-list
when executed in system view. It has effect on all the interfaces when no interface is
specified. The parameter interface-list cannot be input when the command is executed
in Ethernet Port view and it has effect only on the current interface.
1-9
Example
# Authenticate the supplicant based on the interface number on Ethernet 0/1.

[Quidway] dot1x port-method portbased interface Ethernet 0/1
1.1.9 dot1x quiet-period
Command
dot1x quiet-period
undo dot1x quiet-period
View
System view
Parameter
None
Description
Using dot1x quiet-period command, you can enable the quiet-period timer. Using
undo dot1x quiet-period command, you can disable this timer.
If an 802.1x user has not passed the authentication, the Authenticator will keep quiet for
a while (which is specified by quiet-period timer) before launching the authentication
again. During the quiet period, the Authenticator does not do anything related to 802.1x
authentication.
By default, quiet-period timer is disabled.
For the related commands, see display dot1x , dot1x timer.
Example
# Enable quiet-period timer.

[Quidway] dot1x quiet-period
1.1.10 dot1x re-authenticate
Syntax
dot1x re-authenticate [ interface interface-list ]

undo dot1x re-authenticate [ interface interface-list ]
View
1-10
Parameter
interface interface-list: Ethernet interface list, represents multiple Ethernet interfaces,

in the format of interface-list = { interface-num [ to interface-num ] } & < 1-10 >.
interface-num is a single Ethernet port, in the format of interface-num = { interface-type
interface-num | interface-name }.
Description
Using the dot1x re-authenticate command, you can enable 802.1x re-authentication
on a specific port or all the authenticator ports on a device.
Using the undo dot1x re-authenticate command, you can disable 802.1x
re-authentication on a specific port or all the authenticator ports on a device.
By default, 802.1x re-authentication is disabled on all ports.
In system view, if the interface-list parameter is not specified, it means that to enable
the 802.1x re-authentication feature on all interfaces; if the interface-list parameter is
specified, it means that to enable the feature on the specified interfaces. In Ethernet
port view, the interface-list parameter cannot be specified, and you can use command
only to enable the feature on the current interface.
Before configuring 802.1x re-authentication feature on a port, you must enable the
feature both globally and on this port.
Among S3500 series ethernet switches, S3552G, S3552P, S3528G, S3528P, S3526E,
S3526E FM, S3526E FS and S3526C support this command, and S3526, S3526 FM
and S3526 FS don’t.
Example
# Enable 802.1x re-authentication on port Ethernet 0/1.

[Quidway-Ethernet0/1] dot1x re-authenticate
Re-authentication is enabled on port Ethernet 0/1
1.1.11 dot1x retry
Syntax
dot1x retry max-retry-value

undo dot1x retry
View
System view
Parameter
max-retry-value: Specifies the maximum times an Ethernet switch can retransmit the
authentication request frame to the supplicant, ranging from 1 to 10. By default, the
1-11
value is 3, that is, the switch can retransmit the authentication request frame to the
supplicant for 3 times.
Description
Using dot1x retry command, you can configure the maximum times an Ethernet switch
can retransmit the authentication request frame to the supplicant. Using undo dot1x
retry command, you can restore the default maximum retransmission time.
After the switch has transmitted authentication request frame to the user for the first
time, if no user response is received during the specified time-range, the switch will
re-transmit authentication request to the user. This command is used for specifying
how many times the switch can re-transmit the authentication request frame to the
supplicant. When the time is 1, the switch is configured to transmit authentication
request frame only once. 2 indicates that the switch is configured to transmit
authentication request frame once again when no response is received for the first time
and so on. This command has effect on all the port after configuration.
Example
# Configure the current device to transmit authentication request frame to the user for
no more than 9 times.
[Quidway] dot1x retry 9
1.1.12 dot1x retry-version-max
Syntax
dot1x retry-version-max max-retry-version-value

undo dot1x retry-version-max
View
System view
Parameter
max-retry-version-value: The maximum retry times for a device to send the version
request frame to an access user. The value ranges form 1 to 10, and defaults to 3.
Description
Using the dot1x retry-version-max command, you can set the maximum retry times
for an Ethernet switch to send version request frame to an access user. Using the undo
dot1x retry-version-max command, you can return the value to the defaults.
After sending client version request frame for the first time, if the switch receives no
response from the client response within a certain period of time (set by the version
1-12
authentication timeout timer), it resends version request again. When the switch
receives no response for the configured maximum times, it no longer authenticates the
version of the client, and perform the following authentications. If configured, this
command functions on all ports that enabled version authentication function.
S3526E FM, S3526E FS and S3526C support this function, and S3526, S3526 FM and
S3526 FS don’t.
See display dot1x and dot1x timer for related configuration.
Example
# Configure the switch to send version request frame to an access user 6 times at the
most.
[Quidway] dot1x retry-version-max 6
1.1.13 dot1x supp-proxy-check
Syntax
dot1x supp-proxy-check { logoff | trap } [ interface interface-list ]

undo dot1x supp-proxy-check { logoff | trap } [ interface interface-list ]
View
Parameter
logoff: Cuts network connection to a user upon detecting the use of proxy.
trap: Sends trap message upon detecting a user using proxy to access the switch.
Description
Using dot1x supp-proxy-check command, you can configure the control method for
802.1x access users via proxy logon the specified interface. Using undo dot1x
supp-proxy-check command, you can cancel the control method set for the 802.1x
access users via proxy.
1-13
Note that when performing this function, the user logging on via proxy need to run
Huawei 802.1x client program,( Huawei 802.1x client program version V1.29 or above
is needed).
This command is used to set on the specified interface when executed in system view.
The parameter interface-list cannot be input when the command is executed in
Ethernet Port view and it has effect only on the current interface. After globally enabling
proxy user detection and control in system view, only if you enable this feature on a
specific port can this configuration take effects on the port.
For the related command, see display dot1x.
Example
# Configure the switch cut network connection to a user upon detecting the use of proxy
on Ethernet 0/1 ~ Ethernet 0/8.
[Quidway] dot1x supp-proxy-check logoff
[Quidway] dot1x supp-proxy-check logoff interface Ethernet 0/1 to Ethernet 0/8
# Configure the switch to send trap message upon detecting the use of proxy on
Ethernet 0/9.
[Quidway] dot1x supp-proxy-check trap
[Quidway] dot1x supp-proxy-check trap interface Ethernet 0/9
or
[Quidway] dot1x supp-proxy-check trap
[Quidway-Ethernet0/9] dot1x supp-proxy-check trap
1.1.14 dot1x timer
Syntax
dot1x timer { handshake-period handshake-period-value | quiet-period

quiet-period-value | reauth-period reauth-period-value | server-timeout
server-timeout-value | supp-timeout supp-timeout-value | tx-period tx-period-value |
ver-period ver-period-value }
undo dot1x timer { handshake-period | quiet-period | reauth-period |
server-timeout | supp-timeout | tx-period | ver-period }
View
System view
Parameter
handshake-period: This timer begins after the user has passed the authentication.
After setting handshake-period, system will send the handshake packet by the period.
1-14
Suppose the dot1x retry time is configured as N, the system will consider the user
having logged off and set the user as logoff state if system doesn’t receive the response
from user for consecutive N times.
handshake-period-value: Handshake period. The value ranges from 1 to 1024 in units
of second and defaults to 15.
quiet-period: Specify the quiet timer. If an 802.1x user has not passed the
authentication, the Authenticator will keep quiet for a while (which is specified by
quiet-period timer) before launching the authentication again. During the quiet period,
the Authenticator does not do anything related to 802.1x authentication.
quiet-period-value: Specify how long the quiet period is. The value ranges from 10 to
120 in units of second and defaults to 60.
server-timeout: Specify the timeout timer of an Authentication Server. If an
Authentication Server has not responded before the specified period expires, the
Authenticator will resend the authentication request.
server-timeout-value: Specify how long the duration of a timeout timer of an
Authentication Server is. The value ranges from 100 to 300 in units of second and
defaults to 100 seconds.
supp-timeout: Specify the authentication timeout timer of a Supplicant. After the
Authenticator sends Request/Challenge request packet which requests the MD5
encrypted text, the supp-timeout timer of the Authenticator begins to run. If the
Supplicant does not respond back successfully within the time range set by this timer,
the Authenticator will resend the above packet.
supp-timeout-value: Specify how long the duration of an authentication timeout timer of
a Supplicant is. The value ranges from 10 to 120 in units of second and defaults to 30.
tx-period: Specify the transmission timeout timer. After the Authenticator sends the
Request/Identity request packet which requests the user name or user name and
password together, the tx-period timer of the Authenticator begins to run. If the
Supplicant does not respond back with authentication reply packet successfully, then
the Authenticator will resend the authentication request packet.
tx-period-value: Specify how long the duration of the transmission timeout timer is. The
value ranges from 10 to 120 in units of second and defaults to 30.
reauth-period: Re-authentication timeout timer. During the time limit set by this timer,
the supplicant device launches 802.1x re-authentication.
reauth-period-value: Period set by the re-authentication timeout timer, ranging from 1 to
86400, in seconds. By default, the value is 3600.
ver-period: Client version request timeout timer. If the supplicant device failed to send
the version response packet within the time set by this timer, then the authenticator
device will resend the version request packet.
1-15
ver-period-value: Period set by the version request timeout timer, ranging from 1 to 30,
in seconds. By default, the value is 1.
Description
Using dot1x timer command, you can configure the 802.1x timers. Using undo dot1x
timer command, you can restore the default values.
When it is run, 802.1x enables many timers to control the rational and orderly
interacting of the Supplicant, the Authenticator and the Authenticator Server. This
command can set some of the timers (while other timers cannot be set) to adapt the
interaction process. It could be necessary for some special and hard network
environment. Generally, the user should keep the default values of the timers.
Example
# Set the Authentication Server timeout timer as 150s.

[Quidway] dot1x timer server-timeout 150
1.1.15 dot1x version-check
Syntax
dot1x version-check [ interface interface-list ]

undo dot1x version-check [ interface interface-list ]
View
Parameter
interface interface-list: Ethernet interface list, represents multiple Ethernet interfaces,

in the format of interface-list = { interface-num [ to interface-num ] } & < 1-10 >.
interface-num is a single Ethernet port, in the format of interface-num = { interface-type
interface-num | interface-name }.
Description
Using the dot1x version-check command, you can enable the 802.1x client version
authentication feature on a specific port. Using the undo dot1x version-check
command, you can disable the feature on a specific port.
By default, 802.1x client version authentication feature is disabled on all ports.
In system view, if the interface-list parameter is not specified, it means that to enable
the 802.1x client version authentication feature on all interfaces; if the interface-list
parameter is specified, it means that to enable the feature on the specified interfaces. In
1-16
Ethernet port view, the interface-list parameter cannot be specified, and you can use
command only to enable the feature on the current interface.
S3526 FS don’t.
Example
# Configure the port Ethernet 0/1 to detect the version of the 802.1x client when it
receives an authentication packet.
[Quidway-Ethernet0/1] dot1x version-check
1.1.16 reset dot1x statistics
Syntax
reset dot1x statistics [ interface interface-list ]
View
User view
Parameter
interface interface-list: Ethernet port list including several Ethernet ports. interface-list
= { interface-num [ to interface-num ] } & < 1-10 >. interface-num specifies a single
Ethernet port in the format port-num = { interface-type interface-num | interface-name },
where interface-type specifies the port type, interface-num specifies the port number
and interface-name specifies the port name. For the respective meanings and value
ranges, read the Parameter of the Port Configuration section.
Description
Using reset dot1x statistics command, you can reset the statistics of 802.1x.
This command can be used to re-perform statistics if the user wants to delete the
former statistics of 802.1x.
When the original statistics is cleared, if no port type or port number is specified, the
global 802.1x statistics of the switch and 802.1x statistics on all the ports will be cleared.
If the port type and port number are specified, the 802.1x statistics on the specified port
will be cleared.
Example
# Clear the 802.1x statistics on Ethernet 0/1.

<Quidway> reset dot1x statistics interface Ethernet 0/1
1-17
Quidway S3500 Series Ethernet Switches Chapter 2 Portal Configuration Commands
Chapter 2 Portal Configuration Commands
Note:
Among Quidway S3500 series Ethernet switches, S3552G, S3552P, S3528G and
S3528P support Portal.
2.1 Portal Configuration Commands

2.1.1 debugging portal
Syntax
debugging portal { acm | all | arp-handshake | server | tcp-cheat }

undo debugging portal { acm | all | arp-handshake | server | tcp-cheat }
View
User view
Parameter
acm: Enables authentication connection management (ACM) debugging, that is the

debugging for transitions between states related to authentication, connection and
management.
all: Enables all Portal debugging.
arp-handshake: Enables address resolution protocol (ARP) handshake debugging.
server: Enables Portal server debugging.
tcp-cheat: Enables TCP spoofing debugging.
Description
Use the debugging portal command to enable Portal debugging.

Use the undo debugging portal command to disable Portal debugging.
Example
# Enable all Portal debugging.

<Quidway> debugging portal all
2-1
2.1.2 display portal
Syntax
display portal [ acm statistics | auth-network [ auth-vlan-id ] | free-ip | free-user |

server [ server-name | statistics ] | tcp-cheat statistics | user [ ip ipaddress | port
portIndex ] | vlan [ vlan-id ] ]
View
Any view
Parameter
acm statistics: Displays ACM statistics, that is, the statistics of the states related to
authentication, connection and management .
auth-network auth-vlan-id: Displays the authentication network segments.
auth-vlan-id is the ID of the VLAN where the port of a switch is located for an
authenticated user’s cross-segment access.
free-ip: Displays configured authentication-free IP addresses.
free-user: Displays configured authentication-free users.
server server-name: Displays the information about the specified Portal server.
server statistics: Displays the Portal server statistics.
tcp-cheat statistics: Displays TCP spoofing statistics.
ipaddress: Displays the information about a user with the specified IP address.
portIndex: Displays the user information about a specified logic port ID. Logic port 0
corresponds to physical port Ethernet 0/1; logic port 1 to physical port Ethernet 0/2. The
rest may be deduced by analogy.
vlan vlan-id: Displays the information about a user within a VLAN.
Description
Use the display portal command to display Portal information.
Example
# Display Portal information.

<Quidway> display portal
This operation may take few minutes ,please wait
Run Method:
Direct
Free IP:
1)IP = 192.168.0.200 Net Mask = 255.255.255.255
Authenticate network:
1)IP = 1.1.1.1 Net Mask = 255.255.0.0 VLAN = 3
2-2
Free User:
No Free User
Portal Server:
1)pt2:
IP = 192.168.0.200
Key = huawei
Port = 2000
URL = "http://192.168.0.200"
ARP-HandShake:
Interval: 60s Retry Times: 5
VLAN Portal Configuration:
VLAN 3 : Portal Started Portal Server: pt2
Index State MAC IP VLAN Port
Table 2-1 Description on the fields of the display portal command
Field Description
The operating modes for the Portal server fall into three
categories: direct authentication (the output displays Direct),
Run Method
re-DHCP authentication (the output displays ReDHCP) and
Layer 3 Portal authentication (the output displays Layer3).
Free IP addresses. The Portal server uses a free IP

Free IP
automatically.
Free User Authentication-free users
The basic information of the Portal server, including the IP
Portal Server address, communication key, port and URL for HTTP
redirection
ARP handshake information, including time interval and retry
ARP-HandShake
times
The following information about enabling Portal: whether to

enable Portal, the name of the Portal server to be enabled and
VLAN Portal
the information about the connected user (such as the user
Configuration
state, MAC address, IP address, connected port number and
others).
Note:
URL = uniform resource locator
HTTP = hypertext transfer protocol
ARP = address resolution protocol
MAC = media access control
# Display Portal ACM statistics.

<Quidway> display portal acm statistics
ACM Statistics Running State Statistics
WAIT_MAC_ACK 0
2-3
DISCOVERED 0
WAIT_AUTH_ACK 0
WAIT_LOGIN_ACK 0
WAIT_ACL_ACK 0
WAIT_NEW_IP 0
ONLINE 0
WAIT_LOGOUT_ACK 0
Message Statistics :
MSG NAME RCV MSG NUM
PT_MSG_AUTH_ACK 0
PT_MSG_LOGIN_ACK 0
PT_MSG_LOGOUT_ACK 0
PT_MSG_LEAVING_ACK 0
PT_MSG_CUT_REQ 0
PT_MSG_MAC_ACK 0
PT_MSG_ACL_ACK 0
PT_MSG_ARPPKT 77
PT_MSG_TMR_AUT 0
PT_MSG_TMR_LGN 0
PT_MSG_TMR_LGT 0
PT_MSG_TMR_LEV 0
PT_MSG_TMR_HDS 85249
PT_MSG_ARP_FAIL 0
PT_MSG_TMR_ACL 0
PT_MSG_TMR_MAC 0
PT_MSG_TMR_NIP 0
ERROR Statistics:
MEM Error: 0 RCV MSG ERR: 0 SND MSG ERR: 0
Table 2-2 Description on the fields of the display portal acm statistics command
Field Description
ACM Statistics ACM statistics
Timeout waiting for MAC address acknowledgement.
WAIT_MAC_ACK
For Layer 3 Portal authentication, it is 0.
DISCOVERED The number of discovered users

WAIT_AUTH_ACK Timeout waiting for authentication acknowledgement
WAIT_LOGIN_ACK Timeout waiting for login acknowledgement
Timeout waiting for ACL update. For re-DHCP
WAIT_ACL_ACK
authentication, it is 0.
Timeout waiting for NEW IP. For direct authentication

WAIT_NEW_IP
and Layer 3 Portal authentication, it is 0.
2-4
Field Description
ONLINE The number of online users
WAIT_LOGOUT_ACK Timeout waiting for logout acknowledgement
PT_MSG_AUTH_ACK Authentication acknowledgement message
PT_MSG_LOGIN_ACK Login acknowledgement message
PT_MSG_LOGOUT_ACK Logout acknowledgement message
PT_MSG_LEAVING_ACK Leaving acknowledgement message
PT_MSG_CUT_REQ Force users to logout
MAC acknowledgement messages. For Layer 3
PT_MSG_MAC_ACK
Portal authentication, it is 0.
Updating ACL acknowledgement messages. For

PT_MSG_ACL_ACK
re-DHCP authentication, it is 0.
ARP packet messages. For Layer 3 Portal

PT_MSG_ARPPKT
PT_MSG_TMR_AUT Authentication timer timeout count
PT_MSG_TMR_LGN Login timer timeout count
PT_MSG_TMR_LGT Logout timer timeout count
PT_MSG_TMR_LEV Leaving timer timeout count

Handshaking timer timeout count. For Layer 3 Portal
PT_MSG_TMR_HDS
ARP failure count. For Layer 3 Portal authentication, it

PT_MSG_ARP_FAIL
is always 0.
ACL timer timeout count. For re-DHCP

PT_MSG_TMR_ACL
MAC timer timeout count. For Layer 3 Portal

PT_MSG_TMR_MAC
New IP timer timeout count. For Direct authentication

PT_MSG_TMR_NIP
and Layer 3 Portal authentication, it is 0.
MEM Error/RCV MSG Error information statistics, including memory errors,
ERR/SND MSG ERR received and sent error messages
Note:
ACL = access control list
2.1.3 portal
Syntax
portal server-name
2-5
undo portal
View
VLAN interface view
Parameter
server-name: Portal server name, in the range of 1 to 32 characters.
Description
Use the portal command to enable Portal authentication on a VLAN port.

Use the undo portal command to remove Portal authentication on a VLAN port.
If Portal is configured to operate in Layer 3 Portal authentication mode, you must
configure authentication network segments before the Portal authentication is enabled
on a VLAN port.
Before enabling Portal authentication on a VLAN port, you should assure the VLAN
interface is configured with a legal IP address, and the specified Portal server exists.
Example
# Enable Portal authentication on Vlan-interface 10. Specify a Portal server named

Quidway.
[Quidway-Vlan-interface10] portal Quidway
2.1.4 portal arp-handshake
Syntax
portal arp-handshake { interval interval | retry-times retry-times }*

undo portal arp-handshake { interval | retry-times }
View
System view
Parameter
interval: ARP handshake time interval, in the range of 10 to 180. The unit is second,
and the step length is 10. By default, it is 60 seconds.
retry-times: Maximum number of retries for ARP handshaking, in the range of 3 to 10.
By default, it is 5.
Description
Use the portal arp-handshake command to configure time interval and maximum
times of retries for ARP handshaking between a Portal switch and a host.
2-6
Use the undo portal arp-handshake command to restore the default values.
When the direct authentication or re-DHCP authentication is adopted, a switch
handshakes with the host (user PC) passing the Portal authentication through ARP
packets. The switch sends periodically ARP packets at the specified time interval. If the
retry times exceed the allowed maximum number of retries and the user PC does not
give a response, the switch assumes abnormal handshake, disconnects from the user
PC, and notifies the Portal server.
This command is invalid for Layer 3 Portal authentication.
Example
# Set the time interval for the switch to handshake with the host to 120 seconds, and
the allowed maximum retry times to 6.
[Quidway] portal arp-handshake interval 120 retry-times 6
2.1.5 portal auth-network
Syntax
portal auth-network network-address net-mask vlan vlan_id

undo portal auth-network { network-address net-mask | vlan vlan_id | all }
View
System view
Parameter
network-address net-mask: Configures the address and subnet mask for an

authentication network segment.
vlan_id: VLAN ID, which indicates the VLAN where the port of the switch for
cross-segment access is located.
all: Removes all configured authentication network segments.
Description
Use the portal auth-network command to configure Portal authentication network

segments.
Use the undo portal auth-network command to remove the configuration.
By default, no authentication network segments are configured.
This command is only valid for Layer 3 Portal authentication.
Example
# Configure Portal authentication network segment 192.168.0.200/16.

[Quidway] portal auth-network 192.168.0.200 255.255.0.0 vlan 1
2-7
2.1.6 portal delete-user
Syntax
portal delete-user ip-address
View
System view
Parameter
ip-address: Deletes a Portal user with a specified IP address.
Description
Use the portal delete-user command to delete a Portal user with a specified IP
address.
Example
# Delete the user with IP address 10.153.94.8.

[Quidway] portal delete-user 10.153.94.8
2.1.7 portal free-ip
Syntax
portal free-ip ip-address

undo portal free-ip ip-address
View
System view
Parameter
ip-address: Free IP address.
Description
Use the portal free-ip command to specify free IP address for Portal.
Use the undo portal free-ip command to delete the free IP address.
By default, no free IP address is configured.
You can configure the IP address of the free access network site provided by an
Internet service provider (ISP) as a free IP address. All users can access these free IP
addresses without restriction.
You can configure up to 8 free IP addresses for the system. The Portal server uses
automatically a free IP address.
2-8
Example
# Configure IP address 10.1.1.0 as a free IP address.

[Quidway] portal free-ip 10.1.1.0
2.1.8 portal free-user
Syntax
portal free-user mac mac-address ip ip-address vlan vlan_id interface

{ interface_type interface_num | interface_name }
undo portal free-user { mac mac-address | all }
View
System view
Parameter
mac mac-address: MAC address for the authentication-free user.

ip ip-address: IP address for the authentication-free user. The IP address cannot be
0.0.0.0, loopback address, multicast address or broadcast address.
vlan vlan_id: VLAN for the authentication-free user, in the range of 1 to 4,094.
interface: Port of the switch where an authentication-free user locates. This port
should be in the VLAN specified by this command.
interface_type: Port type. Its value is Ethernet or GigabitEthernet.
interface_num: Port number. The port is numbered in slot/port format.
interface_name: Port name expressed in interface_name=interface_type
interface_num.
all: Deletes all the authentication-free users.
Description
Use the portal free-user command to configure Portal authentication-free users.

Use the undo portal free-user command, you can delete the specified or all
authentication-free users.
When networking, you can configure network devices connected to the switch and
some servers as authentication-free users. These devices can access all networks
without authentication.
Authentication-free user information contains the IP address, MAC address, connected
switch port, and VLAN. The user whose information matches all the authentication-free
user information is allowed to access the Internet without authentication.
2-9
Caution:
z In the re-DHCP authentication mode, the IP address of an authentication-free user

and the primary IP address of the VLAN interface must be in the same network
segment. In the direct authentication mode, the IP address of an authentication-free
user and the primary IP address of the VLAN interface must be in the same network
segment.
z This configuration takes effect only if the Portal is enabled in the VLAN where the
authentication-free user locates.
z Layer 3 Portal authentication does not support the configurations of
authentication-free users.
Example
# Configure Portal authentication-free users.

[Quidway] portal free-user mac 00e0-fc01-0101 ip 10.110.1.1 vlan 10 interface
ethernet 0/1
2.1.9 portal method
Syntax
portal method { direct | redhcp | layer3 }

undo portal method
View
System view
Parameter
direct: Direct authentication.

redhcp: Re-DHCP authentication.
layer3: Layer 3 Portal authentication, that is, Portal authentication across layer 3.
Description
Use the portal method command to specify authentication mode for Portal.
Use the undo portal method command to restore the default authentication mode.
By default, direct authentication is selected.
Example
# Set Portal authentication to redhcp.
2-10
[Quidway] portal method redhcp
2.1.10 portal server
Syntax
portal server server-name { ip ip-address | key key-string | port port | url url-string } *
undo portal server server-name [ key | port | url ]
View
System view
Parameter
server-name: Portal server name, in the range of 1 to 32 characters

ip-address: IP address for Portal server. It cannot be 0.0.0.0, loop address, multicast
address or broadcast address.
key-string: Shared key for communication with Portal server, in the range of 1 to 16
characters. By default, it is huawei.
port: Port from which packets are sent to Portal server, in the range of 1 to 65,534. By
default, it is 50100.
url-string: URL used in HTTP re-directing, which is the IP address in character form. If
an IP address is 10.110.100.100, then its default URL is “http://10.110.100.100”. The
character string must be put between double quotation marks.
Description
Use the portal server command to initiate or modify Portal server configuration.
Use the undo portal server command to delete a specified Portal server or restore the
default configuration for a specified Portal server.
Caution:
z The IP address of Portal server must be configured in the first-time configuration of

the server.
z If you want to modify the parameters of a configured Portal server which is enabled
on a VLAN interface, you must first remove the Portal server from the VLAN
interface.
z The Portal server automatically uses a free IP address. If the number of free IP
addresses reaches the maximum number, the Portal server configuration will fail.
2-11
Example
# Configure a Quidway Portal server as follows: IP address is 10.10.100.100;

communications key is lanswitch; port is 50101; URL of HTTP redirection is
http://www.huawei.com.
[Quidway] portal server Quidway ip 10.10.100.100 key lanswitch port 50101 url
http://www.huawei.com
2.1.11 portal upload
Syntax
portal upload interface { interface_type interface_num | interface_name }

undo portal upload
View
System view
Parameter
interface_type: Port type. Its value is Ethernet or GigabitEthernet.

interface_num: Port number. The port is numbered in slot/port format.
interface_name: Port name expressed in interface_name=interface_type
interface_num.
Description
Use the portal upload command to configure uplink port of Portal rate limitation.
Use the undo portal upload command to disable Portal rate limitation.
By default, Portal rate limitation is disabled.
Portal restriction works together with the bandwidth restriction service provided by
CAMS servers. The bandwidth restriction service refers to the specified bandwidth
available for Portal users when you configure the service available for users on CAMS
servers.
Portal rate limitation works on this principle: After receiving the rule to restrict Portal
users’ bandwidth from the CAMS servers, switches restrict traffic on the uplink ports
specified by the portal upload command. That is, the switches control the Portal users’
uplink rate. An uplink refers to the port by which a switch connects to an uplink network
device.
Example
# Configure the uplink port with Portal rate limitation as ethernet 0/1.
[Quidway] portal upload interface ethernet 0/1
2-12
2.1.12 reset portal
Syntax
reset portal { acm | server | tcp-cheat } statistics
View
User view
Parameter
acm: Clears Portal ACM statistics, that is, clear the information about authentication,
connection and management.
server: Clears Portal server statistics.
tcp-cheat: Clears TCP spoofing statistics.
Description
Use the reset portal command to clear Portal statistics.
Example
# Clear Portal ACM statistics.

<Quidway> reset portal acm statistics
2-13
Quidway S3500 Series Ethernet Switches Chapter 3 AAA & RADIUS Protocol Configuration Commands
Chapter 3 AAA & RADIUS Protocol Configuration

Commands
3.1 AAA Configuration Commands

3.1.1 access-limit
Syntax
access-limit { disable | enable max-user-number }

undo access-limit
View
ISP domain view
Parameter
disable: No limit to the supplicant number in the current ISP domain.

enable max-user-number: Specifies the maximum supplicant number in the current
ISP domain, ranging from 1 to 1024.
Description
Using access-limit command, you can configure a limit to the amount of supplicants in
the current ISP domain. Using undo access-limit command, you can restore the limit
to the default setting.
By default, there is no limit to the amount of supplicants in the current ISP domain.
The access-limit command limits the amount of supplicants contained in the current
ISP domain. The supplicants may contend for the network resources. So setting a
suitable limit to the amount will guarantee the reliable performance for the existing
supplicants.
Example
# Set a limit of 500 supplicants for the ISP domain named huawei163.net.
[Quidway-isp-huawei163.net] access-limit enable 500
3-1
3.1.2 attribute
Syntax
attribute { ip ip-address | mac mac-address | idle-cut second | access-limit

max-user-number | vlan vlanid | location { nas-ip ip-address port portnum | port
portnum }
undo attribute { ip | mac | idle-cut | access-limit | vlan | location }*
View
Local user view
Parameter
ip: Specifies the IP address of a user.

mac mac-address: Specifies the MAC address of a user. Where, mac-address takes on
the hexadecimal format of H-H-H.
idle-cut second: Allows/Disallows the local users to enable the idle-cut function. (The
specific data for this function depends on the configuration of the ISP domain where the
users locate.) The argument minute defines the idle-cut time, which is in the range of 60
to 7200 seconds.
access-limit max-user-number: Specifies the maximum number of access users who
access the device by using the current user name. The argument max-user-number is
in the range of 1 to 1024.
vlan vlanid: Sets the VLAN attribute of user, in other words, the VLAN to which a user
belong. The argument vlanid is an integer in the range of 1 to 4094.
location: Sets the port binding attribute of user.
nas-ip ip-address: The IP address of the access server in the event of binding a remote
port with a user. The argument ip-address is an IP address in dotted decimal format and
defaults to 127.0.0.1.
port portnum: Sets the port with which a user is bound. The argument portnum is
represented by “SlotNumber SubSlotNumber PortNumber”. If any of these three items
is absent, the value 0 can be used to replace it.
Description
Using attribute command, you can configure some attributes for specified local user.
Using undo attribute command, you can cancel the attributes that have been defined
for this local user.
It should be noted that the argument nas-ip must be defined for a user bound with a
remote port, which is unnecessary, however, in the event of a user bound with a local
port.
For the related command, see display local-user.
3-2
Example
# Configure the IP address 10.110.50.1 to the user huawei1.

[Quidway-luser-huawei1] attribute ip 10.110.50.1
3.1.3 cut connection
Syntax
cut connection { all | access-type { dot1x | portal } | domain domain-name |

interface interface-type interface-number | ip ip-address | mac mac-address |
radius-scheme radius-scheme-name | vlan vlanid | ucibindex ucib-index |
user-name user-name }
View
System view
Parameter
all: Configures to disconnect all connection.

access-type: Configures to cut a category of connections according to logon type.
dot1x means the 802.1x users. portal means the Portal users.
domain domain-name: Configures to cut the connection according to ISP domain.
domain-name specifies the ISP domain name with a character string not exceeding 24
characters. The specified ISP domain shall have been created.
mac mac-address: Configures to cut the connection of the supplicant whose MAC
address is mac-address. The argument mac-address is in the hexadecimal format
(H-H-H).
radius-scheme radius-scheme-name: Configures to cut the connection according to
RADIUS server name. radius-scheme-name specifies the RADIUS server name with a
character string not exceeding 32 characters
interface interface-type interface-number: Configures to cut the connection according
to the port.
ip ip-address: Configures to cut the connection according to IP address. The argument
ip-address is in the hexadecimal format (ip-address).
vlan vlanid: Configures to cut the connection according to VLAN ID. Here, vlanid
ranges from 1 to 4094.
ucibindex ucib-index: Configures to cut the connection according to ucib-index.
user-name user-name : Configures to cut the connection according to user name .
user-name is the argument specifying the username. It is a character string not
exceeding 80 characters, excluding “/”, “:”, “*”, “?”, “<” and “>”. The @ character can
3-3
only be used once in one username. The pure username (the part before @, namely
the user ID) cannot exceed 55 characters.
Description
Using cut connection command, you can disconnect a user or a category of users by
force.
For the related command, see display connection.
Example
# Cut all the connections in the ISP domain, huawei163.net.

[Quidway] cut connection domain huawei163.net
3.1.4 display connection
Syntax
display connection [ access-type { dot1x | portal } | domain domain-name |

interface interface-type interface-number | ip ip-address | mac mac-address |
radius-scheme radius-scheme-name | vlan vlanid | ucibindex ucib-index |
user-name user-name ]
View
Any view
Parameter
access-type: Configures to display the supplicants according to their logon type.

dot1x means the 802.1x users. portal means the Portal users.
domain domain-name: Configures to display all the users in an ISP domain.
domain-name specifies the ISP domain name with a character string not exceeding 24
mac mac-address: Configures to display the supplicant whose MAC address is
mac-address. The argument mac-address is in the hexadecimal format (H-H-H).
radius-scheme radius-scheme-name: Configures to display the supplicant according
to RADIUS server name. radius-scheme-name specifies the RADIUS server name with
a character string not exceeding 32 characters.
interface interface-type interface-number: Configures to display the supplicant
according the port.
ip ip-address: Configures to display the user specified with IP address. The argument
ip-address is in the hexadecimal format (ip-address).
vlan vlanid: Configures to display the user specified with VLAN ID. Here, vlanid ranges
from 1 to 4094.
3-4
ucibindex ucib-index: Configures to display the user specified with ucib-index.

user-name user-name : Configures to display a user specifies with user-name.
Description
Using display connection command, you can view the relevant information of all the
supplicants or the specified one(s). The output can help you with the user connection
diagnosis and troubleshooting.
If no parameter is specified, this command displays the related information about all
connected users.
For the related command, see cut connection.
Example
# Display the relevant information of all the users.

<Quidway> display connection
Total 0 connections matched ,0 listed.
3.1.5 display domain
Syntax
display domain [ isp-name ]
View
Any view
Parameter
isp-name: Specifies the ISP domain name, with a character string not exceeding 24
Description
Using display domain command, you can view the configuration of a specified ISP
domain or display the summary information of all ISP domains.
This command is used to output the configuration of a specified ISP domain or display
the summary information of all ISP domains. If an ISP domain is specified, the
configuration information will be displayed exactly the same, concerning the content
and format, as the displayed information of the display domain command. The output
information can help with ISP domain diagnosis and troubleshooting. Note that the
accounting scheme to be displayed should have been created.
3-5
For the related commands, see access-limit, domain, radius scheme, state, display
domain.
Example
# Display the summary information of all ISP domains of the system.

<Quidway> display domain
0 Domain = system
State = Active Access-limit = Disable
Vlan-assignment-mode = Integer
Domain User Template:
Idle-cut = Disable
Self-service = Disable
Messenger Time = Disable
Default Domain Name: system

Total 1 domain(s).1 listed.
3.1.6 display local-user
Syntax
display local-user [ domain isp-name | idle-cut { enable | disable } | service-type

{ telnet | ftp | ssh | lan-access } | state { active | block } | user-name user-name | vlan
vlanid ]
View
Any view
Parameter
domain isp-name: Configures to display all the local users in the specified ISP domain.
isp-name specifies the ISP domain name with a character string not exceeding 24
idle-cut: Configures to display the local users according to the state of idle-cut function.
disable means that the user disables the idle-cut function and enable means the user
enables the function. This parameter only takes effect on the users configured as
lan-access type. For other types of users, the display local-user idle-cut enable and
display local-user idle-cut disable commands will not display any information.
service-type: Configures to display local user of a specified type. telnet means that:
the specified user type is telnet. ftp means that: the specified user type is ftp.
lan-access means that the specified user type is lan-access which mainly refers to
Ethernet accessing users, 802.1x supplicants for example. ssh means that: the
specified user type is SSH. (S3526, S3526 FM and S3526 FS switches don’t support
SSH.)
3-6
state { active | block } Configures to display the local users in the specified state.
active means that the system allows the user requesting network service and block
means the system does not allow the user requesting network service.
user-name user-name : Configures to display a user specified with user-name .
vlan vlanid: Configures to display the users belonged to specified VLAN. vlanid is the
integer, ranging from 1 to 4094.
Description
Using display local-user command, you can view the relevant information of all the
local users or the specified one(s).
This command displays the relevant information about a specified or all the local users.
The output can help you with the fault diagnosis and troubleshooting related to local
user.
For the related command, see local-user.
Example
# Display the relevant information of all the local users.

<Quidway> display local-user
The contents of local user user1:
State: Active ServiceType Mask: T
Idle-cut: Disable
Access-limit: Disable Current AccessNum: 0
Bind location: Disable
Vlan ID: Disable
IP address: Disable
MAC address: Disable
User Privilege: 1
Total 1 local user(s) Matched, 1 listed.
Table 3-1 Output description of the display local-user command
Field Description
State The state of the user
Idle-Cut The state of the idle-cut switch
Access-Limit The limit to the number of access users.
Bind location Indicates whether the port is bound with or not
3-7
Field Description
VLAN ID The ID of the VLAN to which the user belongs
IP address The IP address of the user
MAC address The MAC address of the user
FTP Directory The directory authorized to FTP users
3.1.7 domain
Syntax
domain { isp-name | default { disable | enable isp-name } }

undo domain isp-name
View
System view
Parameter
isp-name: Specifies an ISP domain name. The name is expressed with a character
string not exceeding 24 characters, excluding “/”, “: ”, “*”, “? ”, “<”, and “>”.
default enable isp-name: Enables the default ISP domain specified by isp-name.
default disable: Restores the default ISP domain to system.
Description
Using domain command, you can configure an ISP domain or enter the view of an
existing ISP domain. Using undo domain command, you can cancel a specified ISP
domain.
By default, a domain named “system” has been created in the system. The attributes of
“system” are all default values.
ISP domain is a group of users belonging to the same ISP. Generally, for a username in
the userid@isp-name format, taking gw20010608@huawei163.net as an example, the
isp-name (i.e.huawei163.net) following the @ is the ISP domain name. When Quidway
Series Ethernet Switches control user access, as for an ISP user whose username is in
userid@isp-name format, the system will take userid part as username for identification
and take isp-name part as domain name.
The purpose of introducing ISP domain settings is to support the application
environment with several ISP domains. In this case, an access device may have
supplicants from different ISP domains. Because the attributes of ISP users, such as
username and password structures, service types, may be different, it is necessary to
separate them by setting ISP domains. In ISP domain view, you can configure a
3-8
complete set of exclusive ISP domain attributes for each ISP domain, which includes
AAA schemes ( RADIUS scheme applied and so forth.)
For a switch, each supplicant belongs to an ISP domain. The system supports to
configure up to 16 ISP domains. If a user has not reported its ISP domain name, the
system will put it into the default domain.
When this command is used, if the specified ISP domain does not exist, the system will
create a new ISP domain. All the ISP domains are in the active state when they are
created.
For the related commands, see access-limit, radius scheme, state, display domain.
Example
# Create a new ISP domain, huawei163.net, and enters its view.

[Quidway] domain huawei163.net
New Domain added.
[Quidway-isp-huawei163.net]
3.1.8 idle-cut
Syntax
idle-cut { disable | enable minute flow }
View
ISP domain view
Parameter
disable: means disabling the user to use idle-cut function .

enable: means enabling the user to use idle-cut function.
minute: Specifies the maximum idle time, ranging from 1 to 120 and measured in
minutes.
flow: The minimum data traffic, ranging from 1 to 10,240,000 and measured in bytes.
Description
Using idle-cut command, you can configure the user template in the current ISP
domain.
By default, after an ISP domain is created, this attribute in user template is disable, that
is, the user idle-cut is disabled.
The user template is a set of default user attributes. If a user requesting for the network
service does not have some required attributes, the corresponding attributes in the
template will be endeavored to him as default ones. The user template of the switch
you are using may only provide user idle-cut settings. After a user is authenticated, if
3-9
the idle-cut is configured to enable or disable by neither the user nor the RADIUS
server, the user will adopt the idle-cut state in the template.
Because a user template only works in one ISP domain, it is necessary to configure
user template attributes for users from different ISP domain respectively.
For the related command, see domain
Example
# Enable the user in the current ISP domain, huawei163.net, to use the idle-cut attribute
specified in the user template (that is, enabling the user to use the idle-cut function).
The maximum idle time is 50 minutes and the minimum data traffic is 500 bytes.
[Quidway-isp-huawei163.net] idle-cut enable 50 500
3.1.9 local-user
Syntax
local-user user-name
undo local-user { user-name | all [ service-type { telnet | ftp | lan-access | ssh } ] }
View
System view
Parameter
user-name: Specifies a local username with a character string not exceeding 80

characters, excluding “/”, “:”, “*”, “?”, “<” and “>”. The @ character can only be used
once in one username. The pure username (the part before @, namely the user ID)
cannot exceed 55 characters. The user-name is case-insensitive, so that UserA is the
same as usera.
service-type: Specifies the service type. telnet means that: the specified user type is
telnet. ftp means that: the specified user type is ftp. lan-access means that the
specified user type is lan-access which mainly refers to Ethernet accessing users,
802.1x supplicants for example. ssh means the specified user type is SSH. (S3526,
S3526 FM and S3526 FS switches don’t support SSH.)
all: All the users.
Description
Using local-user command, you can configure a local user and enter the local user
view. Using undo local-user command, you can cancel a specified local user.
By default, no local user.
For the related commands, see display local-user , service-type.
3-10
Example
# Add a local user named huawei1.

[Quidway] local-user huawei1
[Quidway-luser-huawei1]
3.1.10 local-user password-display-mode
Syntax
local-user password-display-mode { cipher-force | auto }

undo local-user password-display-mode
View
System view
Parameter
cipher-force: Forced cipher mode specifies that the passwords of all the accessed
users must be displayed in cipher text.
auto: The auto mode specifies that a user is allowed to use the password command to
set a password display mode.
Description
Using local-user password-display-mode command, you can configure the

password display mode of all the accessing users. Using undo local-user
password-display-mode command, you can cancel the password display mode that
has been set for all the accessing users.
If cipher-force has been adopted, the user efforts of specifying to display passwords in
simple text will render useless.
The password display mode of all the accessing users defaults to auto.
For the related commands, see display local-user , password.
Example
# Force all the accessing users to display passwords in cipher text.

[Quidway] local-user password-display-mode cipher-force
3.1.11 messenger
Syntax
messenger time { enable limit interval | disable }

undo messenger time
3-11
View
ISP domain view
Parameter
limit: Remaining-online-time threshold in minutes, in the range of 1 to 60. When the

remaining online time of a user is equal to this threshold, the switch begins to send alert
messages to the client.
interval: Sending interval of alert messages in minutes, in the range of 5 to 60.
Description
Use the messenger time enable command to enable messenger alert and configure
the related parameters.
Use the messenger time disable command to disable messenger alert.
Use the undo messenger time command to restore messenger alert to default
settings.
By default, the messenger alert is disabled on the switch.
This function allows the clients to inform the online users about their remaining online
time through message alert dialog box.
The implementation of this function is as follows:
z On the switch, use the messenger time enable command to enable this function
and to configure the remaining-online-time threshold (the limit argument) and the
alert message interval.
z If the threshold is reached, the switch sends messages containing the user’s
remaining online time to the client at the interval you configured.
z The client keeps the user informed of the remaining online time through a
message alert dialog box.
Example
# Configure to start the sending of alert messages when the user’s remaining online
time is 30 minutes and send the messages at an interval of five minutes.
[Quidway-isp-system] messenger time enable 30 5
3.1.12 name
Syntax
name string
undo name
3-12
View
VLAN view
Parameter
string: Name of the delivered VLAN.
Description
Using name command, you can configure name of the delivered VLAN.
S3526E FM, S3526E FS and S3526C support this command, and S3526, S3526 FM
and S3526 FS don’t.
For the related commands, see vlan-assignment-mode.
Example
# Configure name of the delivered VLAN

[Quidway-vlan100] name test
3.1.13 password
Syntax
password { simple | cipher } password

undo password
View
Local user view
Parameter
simple: Specifies to display passwords in simple text.

cipher: Specifies to display passwords in cipher text.
password: Defines a password, which is a character string of up to 16 characters if it is
in simple text and of up to 24 characters if it is in cipher text.
Description
Using password command, you can configure a password for local users. Using undo
password command, you can cancel the specified password.
If local-user password-display-mode cipher-force has been adopted, the user
efforts of using the password command to set the password display mode to simple
text (simple) will render useless.
3-13
Example
# Set the user huawei1 to display the password in simple text, given the password is
20030422.
[Quidway-luser-huawei1] password simple 20030422
3.1.14 radius-scheme
Syntax
radius-scheme radius-scheme-name
undo radius-scheme
View
ISP domain view
Parameter
radius-scheme-name: Specifies a RADIUS server group, with a character string not

exceeding 32 characters.
Description
Using radius-scheme command, you can configure the RADIUS server group used by
the current ISP domain. Using undo radius-scheme command, you can restore the
RADIUS server group used by the current ISP domain to the default RADIUS server
group.
After an ISP domain is created, it uses the default RADIUS server group (named as
system. For configuration of relevant parameters, read the RADIUS Configuration
section of this chapter ) of the system.
This command is used to specify the RADIUS server group for the current ISP domain.
The specified RADIUS server group shall have been created.
For the related commands, see radius scheme, display radius.
Example
! The following example designates the current ISP domain, huawei163.net, to use the
RADIUS server, huawei.
[Quidway-isp-huawei163.net] radius-scheme Huawei
3.1.15 self-service-url
Syntax
self-service-url enable url-string

self-service-url disable
3-14
View
ISP domain view
Parameter
url-string: The URL address of the page used to change the user password on the
self-service server, a string with 1 to 64 characters. This string cannot contain "?"
character. If "?" is contained in the URL address, you must replace it with "|" when
inputting the URL address in the command line.
Description
Use the self-service-url enable command to configure self-service server URL.

Use the self-service-url disable command to remove the configuration.
By default, self-service server URL is not configured on the switch.
This command must be incorporated with a RADIUS server (such as a CAMS server)
that supports self-service. Self-service means that users can manage their accounts
and card numbers by themselves. And a server with the self-service software is called a
self-service server.
Once this function is enabled on the switch, users can locate the self-service server
and perform self-management through the following operations:
z Select "Change user password" on the 802.1x client.
z After the client opens the default explorer (IE or NetScape), locate the specified
URL page used to change the user password on the self-service server.
z Change user password on this page.
The "Change user password" option is available only after the user passed the
authentication; otherwise, this option is in grey and unavailable.
Example
# In the default ISP domain "system", configure the URL address of the page used to
change the user password on the self-service server to
http://10.153.89.94/selfservice/modPasswd1x.jsp|userName.
[Quidway] domain system
[Quidway-isp-system] self-service-url enable
http://10.153.89.94/selfservice/modPasswd1x.jsp|userName
3.1.16 service-type
Syntax
For S3552G, S3552P, S3528G, S3528P, S3526E, S3526E FM, S3526E FS and
S3526C:
3-15
service-type { ftp [ ftp-directory directory ] | lan-access | { ssh | telnet }* [ level

level ] }
undo service-type { ftp [ ftp-directory ] | lan-access | { ssh | telnet }* [ level level ] }
For S3526, S3526 FM and S3526 FS:
service-type { ftp [ ftp-directory directory ] | lan-access | telnet [ level level ] }
undo service-type { ftp [ ftp-directory ] | lan-access | telnet [ level level ] }
View
Local user view
Parameter

ssh: Specifies user type as SSH.
level level: Specifies the level of Telnet or SSH users. The argument level is an integer
in the range of 0 to 3 and defaults to 1.
Description
Using service-type command, you can configure a service type for a particular user.
Using undo service-type command, you can cancel the specified service type for the
user.
Example
# Set to provide the lan-access service for the user huawei1.

[Quidway-luser-huawei1] service-type lan-access
3.1.17 state
Syntax
state { active | block }
View
ISP domain view/Local user view
3-16
Parameter
active: Configures the current ISP domain (ISP domain view)/current user (local user
view) as being in active state, that is, the system allows the users in the domain (ISP
domain view) or the current user (local user view) to request network service.
block: Configures the current ISP domain (ISP domain view)/current user (local user
view) as being in block state, that is, the system does not allow the users in the domain
(ISP domain view) or the current user (local user view) to request network service.
Description
Using state command, you can configure the state of the current ISP domain/ current
user.
By default, after an ISP domain is created, it is in the active state (in ISP domain view).
A local user will be active (in local user view) upon its creation.
In ISP domain view, every ISP can either be in active or block state. If an ISP domain is
configured to be active, the users in it can request for network service, while in block
state, its users cannot request for any network service, which will not affect the users
currently online.
For the related command, see domain.
Example
# Set the current ISP domain huawei163.net to be in the block state. The supplicants in
this domain cannot request for the network service.
[Quidway-isp-huawei163.net] state block
# Set the user huawei1 to be in the block state.

[Quidway-luser-huawei1] state block
3.1.18 vlan-assignment-mode
Syntax
vlan-assignment-mode { integer | string }
View
ISP domain view
Parameter
integer: Specify the dynamic VLAN delivery mode as integer.

string: Specify the dynamic VLAN delivery mode as string.
3-17
Description
Using vlan-assignment-mode command, you can specify the dynamic VLAN delivery
mode.
S3526 FS don’t.
Currently the switch supports RADIUS server delivers the integer type and string type
VLAN ID.
z Integer VLAN ID: The switch adds the port into the VLAN based on the integer ID
delivered from the server. If the VLAN does not exist, it first creates a VLAN and
then adds the port into the new VLAN.
z String ID: The switch compares the string ID delivered from the server with the
VLAN names existing on the switch. If a matching entry is found, the switch adds
the port into the corresponding VLAN. Otherwise, the delivery fails and the user
cannot pass the authentication.
By default, the integer mode is selected, that is, the switch supports the RADIUS server
delivering the integer VLAN ID.
For the related commands, see name.
Example
#.Specify the dynamic VLAN delivery mode as integer.

[Quidway-isp-ias] vlan-assignment-mode integer
3.2 RADIUS Protocol Configuration Commands

3.2.1 accounting-on enable
Syntax
accounting-on enable [ send times ] [ interval interval ]

undo accounting-on { enable | send | interval }
View
RADIUS Scheme view
Parameter
times: Maximum number for sending Accounting-On packets. It ranges from 1 to 256
and defaults to 15.
Interval: Time interval for sending Accounting-On packets. It ranges from 1 to 30 in
seconds and defaults to 3.
3-18
Description
Using the accounting-on enable command, you can enable user re-authentication at
reboot. Using the undo accounting-on enable command, you can disable this
function.
Using the undo accounting-on send command, you can restore the default number
for sending Accounting-On packets.
Using the undo accounting-on interval command, you can restore the default time
interval for sending Accounting-On packets.
By default, user re-authentication at reboot is disabled.
Exclusive users are those with its concurrent online number set to 1 on the CAMS. In
the AAA solution implemented jointly by the switch and CAMS, if the switch reboots
after a user passes the authentication/authorization begins being accounted, the switch
prompts that the user has been online when the user logs into the switch before CAMS
makes online detection. Therefore, the user cannot access network resources normally.
The user can access the network only after the network administrator deletes manually
the online information of the user.
To solve this problem, user re-authentication at reboot is designed. After this function is
enabled, each time the switch reboots,
z The switch generates an Accounting-On message, which mainly includes NAS-ID,
NAS-IP (source IP) and session ID;
z The switch sends to CAMS an Accounting-On message;
z Upon receiving the CAMS Accounting-On message, CAMS finds and deletes the
existing online information of the user based on the NAS-ID, NAS-IP (source IP)
and session ID in the Accounting-On message.
Note:
z The main attributes of the Accounting-On message –– NAS-ID, NAS-IP and session
ID are often generated automatically by the switch. However, you can configure the
NAS-IP using the nas-ip command. Make sure you set a correct and valid NAS-IP
address. Otherwise, the switch automatically selects the IP address of the virtual
VLAN interface as NAS-IP.
z Among S3500 series ethernet switches, S3552G, S3552P, S3528G, S3528P,
S3526E, S3526E FM, S3526E FS and S3526C support this function, and S3526,
S3526 FM and S3526 FS don’t.
Example
# Enable user reauthentication at reboot.
3-19
[Quidway] radius scheme CAMS
[Quidway-radius-CAMS] accounting-on enable
3.2.2 accounting optional
Syntax
accounting optional
undo accounting optional
View
RADIUS scheme view
Parameter
None
Description
Using the accounting optional command, you can enable the selection of RADIUS
accounting option. Using the undo accounting optional command, you can disable
the selection of RADIUS accounting option.
By default, selection of RADIUS accounting option is disabled.
If no RADIUS server is available or if RADIUS accounting server fails when the
accounting optional is configured, the user can still use the network resource,
otherwise, the user will be disconnected.
The user configured with accounting optional command in RADIUS scheme will no
longer send real-time accounting update packet or stop accounting packet.
Example
# Enable the selection of RADIUS accounting of the RADIUS scheme named as

CAMS.
[Quidway-radius-cams] accounting optional
3.2.3 data-flow-format
Syntax
data-flow-format data { byte | giga-byte | kilo-byte | mega-byte } packet

{ giga-packet | kilo-packet | mega-packet | one-packet }
undo data-flow-format
3-20
View
RADIUS scheme view
Parameter
data: Set data unit.

byte: Set 'byte' as the unit of data flow.
giga-byte: Set 'giga-byte' as the unit of data flow.
kilo-byte: Set 'kilo-byte' as the unit of data flow.
mega-byte: Set 'mega-byte' as the unit of data flow.
packet: Set data packet unit.
giga-packet: Set 'giga-packet' as the unit of packet flow.
kilo-packet: Set 'kilo-packet' as the unit of packet flow.
mega-packet: Set 'mega-packet' as the unit of packet flow.
one-packet: Set 'one-packet' as the unit of packet flow.
Description
Using data-flow-format command, you can configure the unit of data flow that send to
RADIUS Server. Using undo data-flow-format command, you can restore the unit to
the default setting.
By default, the data unit is byte and the data packet unit is one-packet.
For the related command, see display radius.
Example
# Set the unit of data flow that send to RADIUS Server Huawei is kilo-byte and the data
packet unit is kilo-packet.
[Quidway-radius-huawei] data-flow-format data kilo-byte packet kilo-packet
3.2.4 display local-server statistics
Syntax
display local-server statistics
View
Any view
Parameter
None
3-21
Description
Using display local-server statistics command, you can view the statistics of local
RADIUS authentication server.
For the related command, see local-server.
Example
# Display the statistics of local RADIUS authentication server.

<Quidway> display local-server statistics
The localserver packet statistics:
Receive: 0 Send: 0
Discard: 0 Receive Packet Error: 0
Auth Reveive: 0 Auth Send: 0
Acct Receive: 0 Acct Send: 0
3.2.5 display radius
Syntax
display radius [ radius-scheme-name ]
View
Any view
Parameter
radius-scheme-name: Specifies the RADIUS scheme name with a character string not
exceeding 32 characters. Display all RADIUS schemes when the parameter is not set.
Description
Using display radius command, you can view the configuration information of all
RADIUS schemes or a specified one.
By default, This command outputs the configuration information about the specified or
all the RADIUS schemes. The output can help with RADIUS diagnosis and
troubleshooting.
For the related command, see radius scheme.
Example
# Display the configuration information of all the RADIUS schemes.

<Quidway> display radius
------------------------------------------------------------------
SchemeName =system Index=0 Type=huawei
Primary Auth IP =127.0.0.1 Port=1645 State=block
Primary Acct IP =127.0.0.1 Port=1646 State=block
3-22
Second Auth IP =0.0.0.0 Port=1812 State=block

Second Acct IP =0.0.0.0 Port=1813 State=block
Auth Server Encryption Key= huawei
Acct Server Encryption Key= huawei
Accounting method = required
Accounting method = required
TimeOutValue(in second)=3 RetryTimes=3 RealtimeACCT(in minute)=12
Permitted send realtime PKT failed counts =5
Quiet-interval(min) =5
Retry sending times of noresponse acct-stop-PKT =500
Username format =without-domain
Data flow unit =Byte
Packet unit =1
------------------------------------------------------------------
Total 1 RADIUS scheme(s). 1 listed
3.2.6 display radius statistics
Syntax
display radius statistics
View
Any view
Parameter
None
Description
Using display radius statistics command, you can view the statistics information of
RADIUS packet.
This command outputs the statistics information about the RADIUS packets. The
displayed packet information can help with RADIUS diagnosis and troubleshooting.
Example
# Display the statistics information of RADIUS packets.

<Quidway> display radius statistics
state statistic(total=1048):
DEAD=1048 AuthProc=0 AuthSucc=0
AcctStart=0 RLTSend=0 RLTWait=0
AcctStop=0 OnLine=0 Stop=0
StateErr=0
3-23
Receive and Send packets statistic:

Send PKT total :0 Receive PKT total:0
RADIUS received packets statistic:
Code= 2,Num=0 ,Err=0
Code=11,Num=0 ,Err=0
Code=22,Num=0 ,Err=0
Running statistic:
RADIUS received messages statistic:
Normal auth request ,Num=0 ,Err=0 ,Succ=0
EAP auth request ,Num=0 ,Err=0 ,Succ=0
Account request ,Num=0 ,Err=0 ,Succ=0
Account off request ,Num=0 ,Err=0 ,Succ=0
Leaving request ,Num=0 ,Err=0 ,Succ=0
… (Omitted)
3.2.7 display stop-accounting-buffer
Syntax
display stop-accounting-buffer { radius-scheme radius-scheme-name | session-id

session-id | time-range start-time stop-time | user-name user-name }
View
Any view
Parameter
radius-scheme radius-scheme-name: Configures to display the saved stopping

accounting requests according to RADIUS server name. radius-scheme-name
specifies the RADIUS server name with a character string not exceeding 32 characters.
session-id session-id: Configures to display the saved stopping accounting requests
according to the session ID. session-id specifies the session ID with a character string
not exceeding 50 characters.
time-range start-time stop-time: Configures to display the saved stopping accounting
requests according to the saving time. start-time specifies the start time of the saving
time range and stop-time specifies the stop time of the saving time range. The time is
expressed in the format hh:mm:ss-yyyy/mm/dd. When this parameter is specified, all
the stopping accounting requests saved in the time range since start-time to stop-time
will be displayed.
3-24
user-name user-name: Configures to display the saved stopping accounting requests

according to the username. User-name specifies the username, a character string not
Description
Using display stop-accounting-buffer command, you can view the stopping

accounting requests, which have not been responded and saved in the buffer.
After transmitting the stopping accounting requests, if there is no response from the
RADIUS server, the switch will save the packet in the buffer and retransmit it for several
times, which is set through the retry realtime-accounting command.
This command is used to display the stopping accounting requests saved in the switch
buffer. You can select to display the packets sent to a certain RADIUS server, or display
the packets according to user session ID or username. You may also display the
request packets saved during a specified time range. The displayed packet information
can help with diagnosis and troubleshooting.
For the related commands, see reset stop-accounting-buffer,
stop-accounting-buffer enable, retry stop-accounting.
Example
# Display the stopping accounting requests saved in the system buffer since 0:0:0 to
23:59:59 on August 31, 2002.
<Quidway> display stop-accounting-buffer time-range 0:0:0-2002/08/31
23:59:59-2002/08/31
Total find 0 record
3.2.8 key
Syntax
key { accounting | authentication } string

undo key { accounting | authentication }
View
RADIUS scheme view
Parameter
accounting: Configures to set/delete the encryption key for RADIUS accounting

packet.
authentication: Configures to set/delete the encryption key for RADIUS
authentication/authorization packet.
string: Specifies the key with a character string not exceeding 16 characters. By default,
the key is “huawei”.
3-25
Description
Using key command, you can configure encryption key for RADIUS
authentication/authorization or accounting packet. Using undo key command, you can
restore the default key.
RADIUS client (switch system) and RADIUS server use MD5 algorithm to encrypt the
exchanged packets. The two ends verify the packet through setting the encryption key.
Only when the keys are identical can both ends accept the packets from each other and
give responses. So it is necessary to ensure that the keys set on the switch and the
RADIUS server are identical. If the authentication/authorization and accounting are
performed on two different servers with different encryption keys, you are supposed to
set two encryption keys respectively.
For the related commands, see primary accounting, primary authentication, radius
scheme.
Example
Example 1:
# Set the authentication/authorization key of the RADIUS scheme, huawei, to “hello”.
[Quidway-radius-huawei] key authentication hello
Example 2:
# Set the accounting packet key of the RADIUS scheme, huawei, to “ok”.
[Quidway-radius-huawei] key accounting ok
3.2.9 local-server
Syntax
local-server nas-ip ip-address key password

undo local-server nas-ip ip-address
View
System view
Parameter
nas-ip ip-address: set NAS-IP address of access server. ip-address is expressed in the
format of dotted decimal. By default, there is a local server with the NAS-IP address of
127.0.0.1.
key password: Set password of logon user. password is a character string containing
up to 16 characters.
3-26
Description
Using local-server command, you can configure the parameters of local RADIUS
server. Using undo local-server command, you can cancel a local RADIUS server.
RADIUS service, which adopts authentication/authorization/accounting servers to
manage users, is widely used in Quidway series switches. Besides, local
authentication/authorization service is also used in these products and it is called local
RADIUS function, i.e. realize basic RADIUS function on the switch.
Caution:
z When using local RADIUS server function of Huawei, remember the number of UDP
port used for authentication is 1645 and that for accounting is 1646.
z The password configured by this command must be the same as that of the
RADIUS authentication/authorization packet configured by the command key
authentication in RADIUS scheme view.
Quidway series switches support up to 16 local RADIUS authentication servers.

For the related commands, see radius scheme, state and key.
Example
# Set the IP address of local RADIUS authentication server to 10.110.1.2 and the
password to huawei.
[Quidway] local-server nas-ip 10.110.1.2 key huawei
3.2.10 nas-ip
Syntax
nas-ip ip-address
undo nas-ip
View
RADIUS scheme view
Parameter
ip-address: IP address in dotted decimal format.
3-27
Description
Using the nas-ip command, you can set the source IP address of the network access
server (NAS, the switch in this manual), so that all packets destined for the RADIUS
server carry the same source IP address. Using the undo nas-ip command, you can
cancel the configuration.
Specifying a source address for the RADIUS packets to be transmitted can avoid the
situation where the packets sent back by the RADIUS server cannot be received as the
result of a physical interface failure. The address of a loopback interface is usually used
as the source address.
By default, the source IP address of packets is the IP address of the output port.
For the related command, see display radius, radius nas-ip.
Example
# Set the source IP address that is carried in the RADIUS packets sent by the NAS (the
switch) to 10.1.1.1.
[Quidway] radius scheme test1
[Quidway-radius-test1] nas-ip 10.1.1.1
3.2.11 primary accounting
Syntax
primary accounting ip-address [ port-number ]

undo primary accounting
View
RADIUS scheme view
Parameter
ip-address: IP address, in dotted decimal format.

port-number: UDP port number. ranging from 1 to 65535.
Description
Using primary accounting command, you can configure the IP address and port
number for the primary accounting server. Using undo primary accounting command,
you can restore the default IP address and port number of the primary RADIUS
accounting server.
By default, as for the newly created RADIUS scheme, the IP address of the primary
accounting server is 0.0.0.0, and the UDP port number of this server is 1813; as for the
"system" RADIUS scheme created by the system, the IP address of the primary
accounting server is 127.0.0.1, and the UDP port number is 1646.
3-28
After creating a RADIUS scheme, you are supposed to set IP addresses and UDP port
numbers for the RADIUS servers, including primary/second
authentication/authorization servers and accounting servers. In real networking
environments, the above parameters shall be set according to the specific
requirements. However, at least you have to set one authentication/authorization
server and an accounting server. Besides, ensure that the RADIUS service port
settings on the Ethernet switch is consistent with the port settings on the RADIUS
server.
For the related commands, see key, radius scheme, state.
Example
# Set the IP address of the primary accounting server of RADIUS scheme, “huawei”, to
10.110.1.2 and the UDP port 1813 to provide RADIUS accounting service.
[Quidway-radius-huawei] primary accounting 10.110.1.2 1813
3.2.12 primary authentication
Syntax
primary authentication ip-address [ port-number ]

undo primary authentication
View
RADIUS scheme view
Parameter
ip-address: IP address, in dotted decimal format.

port-number: Specifies UDP port number. ranging from 1 to 65535.
Description
Using primary authentication command, you can configure the IP address and port
number for the primary RADIUS authentication/authorization. Using undo primary
authentication command, you can restore the default IP address and port number of
the primary RADIUS authentication/authorization.
By default, as for the newly created RADIUS scheme, the IP address of the primary
authentication server is 0.0.0.0, and the UDP port number of this server is 1812; as for
the "system" RADIUS scheme created by the system, the IP address of the primary
authentication server is 127.0.0.1, and the UDP port number is 1645.
After creating a RADIUS scheme, you are supposed to set IP addresses and UDP port
numbers for the RADIUS servers, including primary/second
authentication/authorization servers and accounting servers. In real networking
environments, the above parameters shall be set according to the specific
3-29
requirements. However, at least you have to set one authentication/authorization

server and an accounting server. Besides, ensure that the RADIUS service port
settings on the Ethernet switch is consistent with the port settings on the RADIUS
server.
For the related commands, see key, radius scheme , state.
Example
# Set the IP address of the primary authentication/authorization server of RADIUS

scheme, “huawei”, to 10.110.1.1 and the UDP port 1812 to provide RADIUS
authentication/authorization service.
[Quidway-radius-huawei] primary authentication 10.110.1.1 1812
3.2.13 radius nas-ip
Syntax
radius nas-ip ip-address

undo radius nas-ip
View
System view
Parameter
ip-address: IP address in dotted decimal format.
Description
Using the radius nas-ip command, you can specify the source address of the RADIUS
packet sent from NAS. Using the undo radius nas-ip command, you can restore the
default setting.
By specifying the source address of the RADIUS packet, you can avoid unreachable
packets as returned from the server upon interface failure. The source address is
normally recommended to be a loopback interface address..
By default, the source address is not specified, that is, the address of the interface
sending the packet serves as the source address.
This command specifies only one source address; therefore, the newly configured
source address may overwrite the original one.
Example
# Configure the switch to send RADIUS packets from 129.10.10.1.

[Quidway] radius nas-ip 129.10.10.1
3-30
3.2.14 radius scheme
Syntax
radius scheme radius-scheme-name

undo radius scheme radius-scheme-name
View
System view
Parameter
radius-scheme-name: Specifies the Radius server name with a character string not
Description
Using radius scheme command, you can configure a RADIUS scheme and enter its
view. Using undo radius scheme command, you can delete the specified RADIUS
scheme.
By default, a RADIUS scheme named as system has been created in the system. Its
attributes are all default values.
RADIUS protocol configuration is performed on a per-RADIUS-scheme basis. Every
RADIUS scheme shall at least have the specified IP address and UDP port number of
the RADIUS authentication/authorization/accounting server and some necessary
parameters exchanged with the RADIUS client end (switch system). So it is necessary
to create the RADIUS scheme and enter its view before performing other RADIUS
protocol configurations.
A RADIUS scheme can be used by several ISP domains at the same time. You can
configure up to 16 RADIUS server-groups, including the default scheme named as
system.
Although undo radius scheme can remove a specified RADIUS scheme. However,
the default one cannot be removed. Note that a scheme currently in use by the online
user cannot be removed.
For the related commands, see key, retry realtime-accounting, radius-scheme,
timer realtime-accounting, stop-accounting-buffer enable, retry stop-accounting,
server-type, state, user-name-format, retry , display radius, display radius
statistics .
Example
# Create a RADIUS scheme named “huawei” and enters its view.

[Quidway] radius scheme huawei
[Quidway-radius-huawei]
3-31
3.2.15 reset radius statistics
Syntax
reset radius statistics
View
User view
Parameter
None
Description
Using the reset radius statistics command, you can clear the statistic information
related to the RADIUS protocol.
For the related command, see display radius.
Example
# Clear the RADIUS protocol statistics.

<Quidway> reset radius statistics
3.2.16 reset stop-accounting-buffer
Syntax
reset stop-accounting-buffer { radius-scheme radius-scheme-name | session-id

session-id | time-range start-time stop-time | user-name user-name }
View
User view
Parameter
radius-scheme radius-scheme-name: Configures to delete the stopping accounting

requests from the buffer according to the specified RADIUS server name.
radius-scheme-name specifies the RADIUS server name with a character string not
session-id session-id: Configures to delete the stopping accounting requests from the
buffer according to the specified session ID. session-id specifies the session ID with a
character string not exceeding 50 characters.
time-range start-time stop-time: Configures to delete the stopping accounting requests
from the buffer according to the saving time. Start-time specifies the start time of the
saving time range and stop-time specifies the stop time of the saving time range. The
3-32
time is expressed in the format hh:mm:ss-yyyy/mm/dd. When this parameter is set, all
the stopping accounting requests saved since start-time to stop-time will be deleted.
user-name user-name : Configures to delete the stopping accounting requests from
the buffer according to the username. User-name specifies the username, a character
string not exceeding 80 characters.
Description
Using reset stop-accounting-buffer command, you can reset the stopping

accounting requests, which are saved in the buffer and have not been responded.
By default, after transmitting the stopping accounting requests, if there is no response
from the RADIUS server, the switch will save the packet in the buffer and retransmit it
for several times, which is set through the retry realtime-accounting command.
This command is used to delete the stopping accounting requests from the switch
buffer. You can select to delete the packets transmitted to a specified RADIUS server,
or according to the session-id or username, or delete the packets transmitted during the
specified time-range.
For the related commands, see stop-accounting-buffer enable, retry
stop-accounting, display stop-accounting-buffer.
Example
# Delete the stopping accounting requests saved in the system buffer by the user,
user0001@huawei163.net.
<Quidway> reset stop-accounting-buffer user-name user0001@huawei163.net
# Delete the stopping accounting requests saved in the system buffer since 0:0:0 to
23:59:59 on August 31, 2002.
<Quidway> reset stop-accounting-buffer time-range 0:0:0-2002/08/31
23:59:59-2002/08/31
3.2.17 retry
Syntax
retry retry-times
undo retry
View
RADIUS scheme view
Parameter
retry-times: Specifies the maximum times of retransmission, ranging from 1 to 20. By

default, the value is 3.
3-33
Description
Using retry command, you can configure retransmission times of RADIUS request
packet. Using undo retry command, you can restore the retransmission times to
default value.
Because RADIUS protocol uses UDP packets to carry the data, its communication
process is not reliable. If the RADIUS server has not responded NAS until timeout, NAS
has to retransmit RADIUS request packet. If it transmits more than the specified
retry-times, NAS considers the communication with the primary and secondary
RADIUS servers has been disconnected.
Setting a suitable retry-time according to the network situation can speed up the system
response.
Example
# Set to retransmit the RADIUS request packet no more than 5 times for the RADIUS
scheme huawei.
[Quidway-radius-huawei] retry 5
3.2.18 retry realtime-accounting
Syntax
retry realtime-accounting retry-times

undo retry realtime-accounting
View
RADIUS scheme view
Parameter
retry-times: Specifies the maximum times of real-time accounting request failing to be

responded, ranging from 1 to 255. By default, the accounting request can fail to be
responded up to 5 times.
Description
Using retry realtime-accounting command, you can configure the maximum times of
real-time accounting request failing to be responded. Using undo retry
realtime-accounting command, you can restore the maximum times of real-time
accounting request failing to be responded to the default value.
RADIUS server usually checks if a user is online with timeout timer. If the RADIUS
server has not received the real-time accounting packet from NAS, it will consider that
there is line or device failure and stop accounting. Accordingly, it is necessary to
3-34
disconnect the user at NAS end and on RADIUS server synchronously when some
unexpected failure occurs. Quidway Series Ethernet Switches support to set maximum
times of real-time accounting request failing to be responded. NAS will disconnect the
user if it has not received real-time accounting response from RADIUS server for some
specified times.
How to calculate the value of count? Suppose RADIUS server connection will timeout
in T and the real-time accounting interval of NAS is t, then the integer part of the result
from dividing T by t is the value of count. Therefore, when applied, T is suggested the
numbers which can be divided exactly by t.
For the related command, see radius scheme
Example
# Allow the real-time accounting request failing to be responded for up to 10 times.

[Quidway-radius-huawei] retry realtime-accounting 10
3.2.19 retry stop-accounting
Syntax
retry stop-accounting retry-times

undo retry stop-accounting
View
RADIUS scheme view
Parameter
retry-times: Specifies the maximal retransmission times after stopping accounting

request,. ranging from 10 to 65535. By default, the value is 500.
Description
Using retry stop-accounting command, you can configure the maximal

retransmission times after stopping accounting request . Using undo retry
stop-accounting command, you can restore the retransmission times to the default
value.
Because the stopping accounting request concerns account balance and will affect the
amount of charge, which is very important for both the user and ISP, NAS shall make its
best effort to send the message to RADIUS accounting server. Accordingly, if the
message from the switch to RADIUS accounting server has not been responded, the
switch shall save it in the local buffer and retransmit it until the server responds or
discard the messages after transmitting for specified times.
For the related commands, see reset stop-accounting-buffer , radius scheme,
display stop-accounting-buffer .
3-35
Example
# Indicate that, when stopping accounting request for the RADIUS scheme “Huawei”,
the switch will retransmit the packets for up to 1000 times.
[Quidway-radius-huawei] retry stop-accounting 1000
3.2.20 secondary accounting
Syntax
secondary accounting ip-address [ port-number ]

undo secondary accounting
View
RADIUS scheme view
Parameter
ip-address: IP address, in dotted decimal format. By default, the IP addresses of

second accounting server is at 0.0.0.0.
port-number: Specifies the UDP port number, ranging from 1 to 65535. By default, the
accounting service is provided via UDP 1813.
Description
Using secondary accounting command, you can configure the IP address and port
number for the second RADIUS accounting server. Using undo secondary
accounting command, you can restore the IP address and port number to default
values.
For detailed information, read the Description of the primary accounting command.
Example
# Set the IP address of the second accounting server of RADIUS scheme, huawei, to
10.110.1.1 and the UDP port 1813 to provide RADIUS accounting service.
[Quidway-radius-huawei] secondary accounting 10.110.1.1 1813
3.2.21 secondary authentication
Syntax
secondary authentication ip-address [ port-number ]

undo secondary authentication
3-36
View
RADIUS scheme view
Parameter
ip-address: IP address, in dotted decimal format. By default, the IP addresses of

second authentication/authorization is at 0.0.0.0.
port-number: Specifies the UDP port number, ranging from 1 to 65535. By default, the
authentication/authorization service is provided via UDP 1812
Description
Using secondary authentication command, you can configure the IP address and
port number for the second RADIUS authentication/authorization. Using undo
secondary authentication command, you can restore the IP address and port number
to default values.
For detailed information, read the Description of the primary authentication
command.
Example
# Set the IP address of the second authentication/authorization server of RADIUS

scheme, “huawei”, to 10.110.1.2 and the UDP port 1812 to provide RADIUS
authentication/authorization service.
[Quidway-radius-huawei] secondary authentication 10.110.1.2 1812
3.2.22 server-type
Syntax
server-type { huawei | iphotel | portal | standard }

undo server-type
View
RADIUS scheme view
Parameter
huawei: Configures the switch system to support the RADIUS server of Huawei type,
which requires the RADIUS client end (switch system) and RADIUS server to interact
according to the private RADIUS protocol regulation and packet format of Huawei
Technologies Co., Ltd.
iphotel: Configures the switch system to support the RADIUS server of IP Hotel type,
3-37
according to the regulation and packet format of IP Hotel (an extension of RADIUS
protocol).
portal: Configures the switch system to support the RADIUS server of portal type,
according to the regulation and packet format of Portal (an extension of RADIUS
protocol).
standard: Configures the switch system to support the RADIUS server of Standard
type, which requires the RADIUS client end (switch system) and RADIUS server to
interact according to the regulation and packet format of standard RADIUS protocol
(RFC 2138/2139 or newer).
Description
Using server-type command, you can configure the RADIUS server type supported by
the switch. Using undo server-type command, you can restore the RADIUS server
type to the default setting
By default, the newly created RADIUS scheme supports the server of standard type,
while the "system" RADIUS scheme created by the system supports the server of
huawei type.
Quidway Series Ethernet Switches support standard RADIUS protocol and the
extended RADIUS service platform developed by Huawei Technologies.
Example
# Set RADIUS server type of RADIUS scheme, “huawei” to huawei.

[Quidway-radius-huawei] server-type huawei
3.2.23 state
Syntax
state { primary | secondary } { accounting | authentication } { block | active }
View
RADIUS scheme view
Parameter
primary: Configures to set the state of the primary RADIUS server.

secondary: Configures to set the state of the second RADIUS server.
accounting: Configures to set the state of RADIUS accounting server.
authentication: Configures to set the state of RADIUS authentication/authorization.
block: Configures the RADIUS server to be in the state of block.
3-38
active: Configures the RADIUS server to be active, namely the normal operation state.
Description
Using state command, you can configure the state of RADIUS server.
By default, all the RADIUS servers in every RADIUS scheme are in the state of block.
For the primary and second servers (no matter an authentication/authorization or an
accounting server), if the primary server is disconnected to NAS for some fault, NAS
will automatically turn to exchange packets with the second server. However, after the
primary one recovers, NAS will not resume the communication with it at once, instead,
it continues communicating with the second one. When the second one fails to
communicate, NAS will turn to the primary one again. This command is used to set the
primary server to be active manually, in order that NAS can communicate with it right
after the troubleshooting.
When the primary and second servers are all active or block, NAS will send the
packets to the primary server only.
For the related commands, see radius scheme, primary authentication, secondary
authentication, primary accounting, secondary accounting.
Example
# Set the second authentication server of RADIUS scheme, “huawei”, to be active.

[Quidway-radius-huawei] state secondary authentication active
3.2.24 stop-accounting-buffer enable
Syntax
stop-accounting-buffer enable
undo stop-accounting-buffer enable
View
RADIUS scheme view
Parameter
None
Description
Using stop-accounting-buffer enable command, you can configure to save the

stopping accounting requests without response in the switch system buffer. Using
undo stop-accounting-buffer enable command, you can cancel the function of
saving the stopping accounting requests without response in the switch system buffer.
By default, enable to save the stopping accounting requests in the buffer.
3-39
Because the stopping accounting request concerns account balance and will affect the
amount of charge, which is very important for both the user and ISP, NAS shall make its
best effort to send the message to RADIUS accounting server. Accordingly, if the
message from the switch to RADIUS accounting server has not been responded, the
switch shall save it in the local buffer and retransmit it until the server responds or
discard the messages after transmitting for specified times.
For the related commands, see reset stop-accounting-buffer, radius scheme,
display stop-accounting-buffer.
Example
# Indicate that, for the RADIUS scheme “Huawei”, the switch will save the stopping
accounting request packets in the buffer
[Quidway-radius-huawei] stop-accounting-buffer enable
3.2.25 timer
Syntax
timer seconds
undo timer
View
RADIUS scheme view
Parameter
seconds: RADIUS server response timeout timer, ranging from 1 to 10 and measured
in seconds. By default, the value is 3.
Description
Using timer command, you can configure RADIUS server response timer. Using undo
timer command, you can restore the default value of the timer.
After RADIUS (authentication/authorization or accounting) request packet has been
transmitted for a period of time, if NAS has not received the response from RADIUS
server, it has to retransmit the message to guarantee RADIUS service for the user. The
period taken is called RADIUS server response timeout time, which is controlled by the
RADIUS server response timeout timer in the switch system. This command is used to
set this timer.
Setting a suitable timer according to the network situation will enhance the system
performance.
For the related commands, see radius scheme, retry.
3-40
Example
# Set the response timeout timer of RADIUS scheme, huawei, to 5 seconds.

[Quidway-radius-huawei] timer 5
3.2.26 timer quiet
Syntax
timer quiet minutes

undo timer quiet
View
RADIUS scheme view
Parameter
minutes: Quiet time interval, ranging from 1 to 255, in minutes. The default value is 5.
Description
Use the timer quiet command to set the quiet time interval after which the primary and
secondary RADIUS servers switch over.
Use the undo timer quiet command to set the quiet time interval to its default value.
The functions of the quiet time interval are as follows:
z The switch sends RADIUS packets to the primary RADIUS server.
z If the switch affirms that the primary server does not respond, it then sends
RADIUS packets to the secondary RADIUS server.
z After each quiet time interval, the switch sets the status of the primary RADIUS
server to active, and sends RADIUS packets to it next time.
S3526 FS don’t.
Example
# Set the quiet time interval of the RADIUS server group “huawei” to 3 minutes.
[Quidway] radius scheme huawei
[Quidway-radius-huawei] timer quiet 3
3.2.27 timer realtime-accounting
Syntax
timer realtime-accounting minute

undo timer realtime-accounting
3-41
View
RADIUS scheme view
Parameter
minute: Real-time accounting interval, ranging from 3 to 60 and measured in minutes.

By default, the value is 12. It must be a multiple of 3.
Description
Using timer realtime-accounting command, you can configure the real-time

accounting interval. Using undo timer realtime-accounting command, you can
restore the default interval.
To implement real-time accounting, it is necessary to set a real-time accounting interval.
After the attribute is set, NAS will transmit the accounting information of online users to
the RADIUS server regularly.
The value of minute is related to the performance of NAS and RADIUS server. The
smaller the value is, the higher the requirement for NAS and RADIUS server is. When
there are a large amount of users (more than 1000, inclusive), we suggest a larger
value. The following table recommends the ratio of minute value to number of users.
Table 3-2 Recommended ratio of minute to number of users
Number of users Real-time accounting interval (minute)

1 to 99 3
100 to 499 6
500 to 999 12
≥1000 ≥15
For the related commands, see retry realtime-accounting , radius scheme.
Example
# Set the real-time accounting interval of RADIUS scheme, “huawei”, to 15 minutes.

[Quidway-radius-huawei] timer realtime-accounting 15
3.2.28 user-name-format
Syntax
user-name-format { with-domain | without-domain }
View
RADIUS scheme view
3-42
Parameter
with-domain: Specifies to send the username with domain name to RADIUS server.
without-domain: Specifies to send the username without domain name to RADIUS
server.
Description
Using user-name-format command, you can configure the username format sent to
RADIUS server.
By default, as for the newly created RADIUS scheme, the username sent to RADIUS
servers includes an ISP domain name; as for the "system" RADIUS scheme created by
the system, the username sent to RADIUS servers excludes the ISP domain name.
The supplicants are generally named in userid@isp-name format. The part following
“@” is the ISP domain name. The switch will put the users into certain ISP domains
according to the domain names. However, some earlier RADIUS servers reject the
username including ISP domain name. In this case, the username will be sent to the
RADIUS server after its domain name is removed. Accordingly, the switch provides this
command to decide whether the username to be sent to RADIUS server carries ISP
domain name or not.
Note:
If a RADIUS scheme is configured to reject usernames including ISP domain names,
the RADIUS scheme shall not be simultaneously used in more than one ISP domains.
Otherwise, the RADIUS server will regard two users in different ISP domains as the
same user by mistake, if they have the same username (excluding their respective
domain names.)
Example
# Specify to send the username without domain name to RADIUS server.

[Quidway-radius-huawei] user-name-format without-domain
3-43
Quidway S3500 Series Ethernet Switches Chapter 4 EAD Configuration Commands
Chapter 4 EAD Configuration Commands
Note:
For the S3500 series, EAD feature is supported on the S3552G, S3552P, S3528G and
S3528P.
4.1 EAD Configuration Commands

4.1.1 session-control-server
Syntax
session-control-server ip-address
undo session-control-server [ ip-address | all ]
View
RADIUS scheme view
Parameter
ip-address: IP address of the security policy server.

all: IP addresses of all security policy servers.
Description
Use the session-control-server command to configure IP address for the security

policy server.
Use the undo session-control-server command to remove the IP address
configuration.
You can configure up to eight different IP addresses (for eight security policy servers) in
a RADIUS scheme. The switch only responds to packets from the authentication server
and security policy server after the user gets online.
Example
# Configure the security policy server with IP address 192.168.0.1.

<Quidway>system-view
[Quidway] radius scheme Quidway
4-1
Quidway S3500 Series Ethernet Switches Chapter 4 EAD Configuration Commands
[Quidway-radius-Quidway] session-control-server 192.168.0.1

[Quidway-radius-Quidway ] display current-configuration
radius scheme Quidway
primary authentication 1.1.11.29 1812
secondary authentication 127.0.0.1 1645
user-name-format without-domain
session-control-server 192.168.0.1
4-2
Quidway S3500 Series Ethernet Switches Chapter 5 HABP Configuration Commands
Chapter 5 HABP Configuration Commands
5.1 HABP Commands

5.1.1 display debugging habp
Syntax
display debugging habp
View
Any view
Parameter
None
Description
Using the display debugging habp command, you can view HAMP debugging state.
Example
# Display HABP debugging state.

[Quidway] display debugging habp
HABP Debugging switch is on
5.1.2 display habp
Syntax
display habp
View
Any view
Parameter
None
Description
Using the display habp command, you can view configuration information and state of
HABP attribute.
5-1
Example
# Display configuration information and state of HABP attribute.

[Quidway] display habp
Global HABP information:
HABP Mode: Server
Sending HABP request packets every 20 seconds
Bypass VLAN: 2
Field Description
HABP mode for the current switch, including server
HABP Mode
and client
Sending HABP request
Time interval to send HABP request packets
packets every 20 seconds
Bypass VLAN Send HABP packets in specified VLANs
5.1.3 display habp table
Syntax
display habp table
View
Any view
Parameter
None
Description
Using the display habp table command, you can view HABP MAC address table.
Example
# Display HABP MAC address table.

[Quidway] display habp table
MAC Holdtime Receive Port
001f-3c00-0030 53 Ethernet0/1
5.1.4 display habp traffic
Syntax
display habp traffic
5-2
View
Any view
Parameter
None
Description
Using the display habp traffic command, you can view HABP packet statistics.
Example
# Display HABP packet statistics.

[Quidway] display habp traffic
HABP counters :
Packets output: 0, Input: 0
ID error: 0, Type error: 0, Version error: 0
Sent failed: 0
5.1.5 habp enable
Syntax
habp enable
undo habp enable
View
System view
Parameter
None
Description
Using the habp enable command, you can enable HABP attribute at a switch. Using
the undo hapb enable command, you can disable HABP attribute at a switch.
By default, HABP attribute is disabled at a switch.
If 802.1x attribute is enabled on switch and HABP attribute is not enabled, for those
ports where 802.1x authentication is skipped, packets will be filtered by 802.1x attribute,
so the management over them is also impossible. When 802.1x attribute are enabled,
HABP attribute should be enabled meanwhile.
Example
# Enable HABP attribute at a switch.
5-3
[Quidway] habp enable
5.1.6 habp server vlan
Syntax
habp server vlan vlan-id

undo habp server
View
System view
Parameter
vlan-id: VLAN ID, in range of 1~4094
Description
Using the habp server vlan command, you can set HABP mode as server and specify
transmitting HABP packets in a specific VLAN. Using the undo hapb server vlan
command, you can restore the HABP mode to the default value.
By default, the HABP mode is client.
You must first enable HABP attribute at a switch using the habp enable command, and
then specify HABP mode as server.
Example
# Specify HABP mode as server and transmit HABP packets in VLAN2.

[Quidway] habp server vlan 2
5.1.7 habp timer
Syntax
habp timer interval

undo habp timer
View
System view
Parameter
interval: Time interval to send HABP request packets, in range of 5~600 seconds. By
default, the time interval is 20 seconds.
5-4
Description
Using the habp timer command, you can define time interval for a switch to send
HABP request packet. Using the undo habp timer command, you can restore the time
interval to the default value.
The command is only available on the switch whose HABP mode is set as server.
Example
# Define the time interval to send HABP request packets as 50 seconds.

[Quidway] habp timer 50
5-5
Quidway S3500 Series Ethernet Switches Chapter 6 System-guard Configuration Commands
Chapter 6 System-guard Configuration

Commands
Note:
Among S3500 series ethernet switches, S3526, S3526 FM, S3526 FS, S3526E,
S3526E FM, S3526E FS and S3526C support system-guard function.
6.1 System-guard Configuration Commands

6.1.1 display system-guard ip-record
Syntax
display system-guard ip-record
View
Any view
Parameter
None
Description
Using the display system-guard ip-record command, you can view the record of the
IP packets that the switch CPU receives during this detection interval.
Example
# Display the record of the IP packets that the switch CPU receives during this
detection interval..
[Quidway] display system-guard ip-record
SrcIP[00]: 0. 0. 0. 0 DstIP[00]: 0. 0. 0. 0 RxPortNum: 0
… (Omitted)
6-1
Table 6-1 Description of information generated by the command display

system-guard ip-record
Field Description
SrcIP[00] Source IP address[number],number ranges from 00 to 99.
DstIP[00] Destination IP address[number],number ranges from 00 to 99.
RxPortNum Ingress port number
6.1.2 display system-guard state
Syntax
display system-guard state
View
Any view
Parameter
None
Description
Using display system-guard state command, you can view current detection results
and parameters of system-guard.
Example
# View current detection results and parameters of system-guard.

[Quidway] display system-guard state
system-guard is running!
Ip-Attack threshold: 30
Deny threshold: 1
Infected virus Host Number: 0
Isolated times of Aging time: 3
Max Num of detection support: 30
Disable dest IP addr learning from all ip addr in the list
Table 6-2 Description of information generated by the command display

system-guard state
Field Description
Ip-Attack threshold The max number of the learned IP addresses
Deny threshold Threshold of consecutive detection time
6-2
Field Description
Infected virus Host Number The number of hosts infected by virus
Isolate time, unit in aging period of the MAC
Isolated times of Aging time
address
Max Num of detection support The max Number of detection

Disable dest IP addr learning Disable destination IP address learning from all
from all ip addr in the list the IP addresses in the list
6.1.3 system-guard enable
Syntax
system-guard enable
undo system-guard enable
View
System view
Parameter
None
Description
Using system-guard enable command, you can enable system-guard function. Using
undo system-guard enable, you can disable the state of system-guard function.
By default, system-guard function is disabled.
System-guard detects the source IP address featuring attacks and counts the number
of those IP packets by monitoring the packets that the CPU receives at the interval of 10
seconds. Once the number exceeds the preconfigured threshold, some measures are
taken to treat the host with this IP address:
z For S3526, S3526FM, and S3526FS: The switch applies the ACL automatically to
force the host with this IP address (affected host for short) to log off. And after a
specified time, the switch will recover normal forwarding of the affected host.
z For S3526E, S3526E FM, S3526E FS and S3526C: If the packets from the host
with the source IP address needs to be handled by the switch CPU, the switch
reduces the priority of the packets and drops the packets that has been sent to the
CPU.
6-3
Caution:
z For S3526E, S3526E FM S3526E FS and S3526C: Before enabling system-guard

function, be sure the port priority is default value 0 and the ethernet switch doesn’t
trust the cos priority of packets.
z For S3526, S3526 FM and S3526 FS: The system-guard function is enabled only
after two or more VLAN interfaces are created and configured with the IP
addresses.
z For S3526E, S3526E FM, S3526E FS and S3526C: After system-guard is enabled,
don’t change the port priority and the mode of queue-scheduling.
Example
# Enable system-guard function.

[Quidway] system-guard enable
Success to enable system-guard task
6.1.4 system-guard detect-maxnum
Syntax
system-guard detect-maxnum number

undo system-guard detect-maxnum
View
System view
Parameter
number: Max detection count of system guard, ranging from 1 to 100.
Description
Using system-guard detect-maxnum command, you can set the max detection count
of affected hosts. Using undo system-guard detect-maxnum command, you can set
the max detection count of affected hosts to the default value.
By default, the max detection count of affected hosts is 30.
Example
# Set the max detection count of affected hosts to 50.

[Quidway] system-guard detect-maxnum 50
6-4
6.1.5 system-guard detect-threshold
Syntax
system-guard detect-threshold IP-record-threshold record-times-threshold

isolate-time
undo system-guard detect-threshold
View
System view
Parameter
IP-record-threshold; the max number of the learned IP addresses, range from 1 to 100.
record-times-threshold: threshold of consecutive detection times which the learned
address number exceed the threshold of IP address learned for one time ,range from 1
to 10.
isolate-time: isolate time, range from 3 to 100, unit in aging period.
Description
Using system-guard detect-threshold command, you can set IP-record-threshold,

record-times-threshold, isolate-time of system-guard function. Using undo
system-guard detect-threshold, you can restore these three parameters to the
default values.
By default, IP-record-threshold, record-times-threshold, isolate-time of system-guard
function are 30, 1 and 3.
For example, set the IP-record-threshold, record-times-threshold, isolate-time of
system-guard function to 50, 3, 5. In this case, the system will consider to be attacked
and not learn the destination IP address of the packet from source IP address for 5
times of aging period if the number of the IP packets (not destined to the switch) the
system detected from one source IP address exceed 50 for consecutive 3 times.
Example
# Set the IP-record-threshold, record-times-threshold, isolate-time of system-guard

function to 50, 3, 5
[Quidway] system-guard detect-threshold 50 3 5
6.1.6 system-guard no-learn-dip enable
Syntax
system-guard no-learn-dip enable

undo system-guard no-learn-dip enable
6-5
View
System view
Parameter
None
Description
Using the system-guard no-learn-dip enable command, you can enable the switch
not to learn the destination IP address in the packets. Using the undo system-guard
no-learn-dip enable command, you can remove this configuration.
By default, the S3526, S3526 FM and S3526 FS need to learn the destination IP
address in the packets if the address is not reside in the non-directly connected network
segment. In this way, they can forward multiple times while learning once. When the
switch is enabled not to learn the destination address in the packets, it learns from the
source IP address in the response, thus preventing the hosts from the virus attacks of
destination address scanning.
This command is only effective to the S3526, S3526 FM and S3526 FS.
Example
# Enable the switch not to learn the destination IP address in the packets.
[Quidway] system-guard no-learn-dip enable
6-6
HUAWEI

Command Manual
Reliability

Command Manual - Reliability
Table of Contents
Chapter 1 VRRP Configuration Commands ............................................................................... 1-1

1.1 VRRP Configuration Commands ....................................................................................... 1-1
1.1.1 debugging vrrp ........................................................................................................ 1-1
1.1.2 display vrrp .............................................................................................................. 1-2
1.1.3 vrrp authentication-mode ........................................................................................ 1-3
1.1.4 vrrp method ............................................................................................................. 1-4
1.1.5 vrrp ping-enable ...................................................................................................... 1-5
1.1.6 vrrp vrid preempt-mode........................................................................................... 1-5
1.1.7 vrrp vrid priority........................................................................................................ 1-6
1.1.8 vrrp vrid timer .......................................................................................................... 1-7
1.1.9 vrrp vrid track........................................................................................................... 1-8
1.1.10 vrrp vrid virtual-ip................................................................................................... 1-8
i
Quidway S3500 Series Ethernet Switches Chapter 1 VRRP Configuration Commands
Chapter 1 VRRP Configuration Commands
1.1 VRRP Configuration Commands

1.1.1 debugging vrrp
Syntax
debugging vrrp { state | packet }

undo debugging vrrp { state | packet }
View
User view
Parameter
state: debugging VRRP state.

packet: debugging VRRP packets.
Description
Using debugging vrrp command, you can enable the VRRP debugging. Using undo
debugging vrrp command, you can disable the VRRP debugging. By default, the
VRRP debugging is disabled.
Example
# Enable VRRP state debugging.

<Quidway> debugging vrrp state
Vlan-interface1 | Virtual Router 1 : INITIALIZE --> MASTER
Table 1-1 Description of information generated by the command display vrrp
Field Description
Vlan-Interface1 Interface in which virtual router resides
Virtual Router1 VRID of virtual router

INITIALIZE Initial state
MASTER New state
1-1
1.1.2 display vrrp
Syntax
display vrrp [ { interface | statistics } vlan-interface interface-num ]

[ virtual-router-ID ]
View
Any view.
Parameter
interface-name: Interface name, the interface form is VLAN-interface interface-num.

virtual-router-ID: VRRP virtual router ID, ranging from 1 to 255.
Description
Using display vrrp command, you can view the information about the VRRP state.
This command is used to view the information about the VRRP state and configuration
parameters. If the interface name and virtual router ID are not specified, the state
information about all the virtual routers on the switch will be displayed. If only the
interface name is specified, the state information about all the virtual routers on the
interface will be displayed. If the interface name and virtual router ID are specified, the
state information about the specified virtual router on the interface will be displayed.
Example
# Display the information about the virtual routers on VLAN-interface 1 of the switch.
[Quidway-Vlan-interface1] display vrrp
Run Method : VIRTUAL-MAC Virtual Ip Ping : Disable
Interface : Vlan-interface1
VRID : 1 Adver. Timer : 1
Admin Status : UP State : Initialize
Config Pri : 100 Run Pri : 90
Preempt Mode : YES Delay Time : 0
Auth Type : NONE
Track IF : Vlan-interface2 Pri Reduced : 10
Virtual IP : 1.1.1.1
Master IP : 0.0.0.0
Table 1-2 Description of information generated by the command display vrrp
Field Description
Run Method Run method: real or virtual MAC method
Virtual IP ping Whether to enable to ping through virtual IP
1-2
Field Description
Interface Interface in which virtual router resides
VRID VRID of virtual router
Adver.Timer Time for sending broadcast packet
Admin Status Control status of virtual router
State Running state of virtual router
Config Pri Configured priority
Run Pri Run priority
Preempt Mode Preempt mode
Delay Time Delay time
Auth Type Authentication type
Track IF Track interface
Reduced priority value for virtual router when track
Pri Reduced
interface is Down
Virtual IP Virtual IP address list of virtual router

Master IP IP address of the master device in virtual router
1.1.3 vrrp authentication-mode
Syntax
vrrp authentication-mode type [ key ]

undo vrrp authentication-mode
View
VLAN interface view.
Parameter
type: Authentication type. There are following types:

z simple: Indicates to perform simple character authentication.
z md5: Indicates to perform the AH authentication with MD5 algorithm.
key: Authentication key. When simple authentication is configured, the key cannot
exceed 8 characters. When md5 authentication is configured, the key cannot exceed 8
characters.
1-3
Description
Using vrrp authentication-mode command, you can configure the authentication type
and key of a specified VRRP virtual router. Using undo vrrp authentication-mode
command, you can reset the authentication type and key of a specified VRRP virtual
router.
If the simple or md5 authentication is configured, it is required to set the authentication
key.
This command is used to configure the authentication type and key for all the VRRP
virtual routers on an interface. As defined in the protocol, all the virtual routers on an
interface shall use the same authentication type and key. And all the members joining
the same virtual router shall also use the same authentication type and key.
When the authentication type and key are set, the upper/lower cases are not necessary
to be matched.
Example
# Specify the authentication type and key for a VRRP virtual router.
[Quidway-vlan-interface2] vrrp authentication-mode simple huawei
1.1.4 vrrp method
Syntax
vrrp method { real-mac | virtual-mac }

undo vrrp method
View
System view
Parameter
real-mac: Use the real MAC address of the interface to match the virtual IP address of
the backup group in VRRP backup.
virtual-mac: Use the virtual MAC address of the interface to match the virtual IP
address of the backup group in VRRP backup.
Description
Using vrrp method command, you can set correspondence between the MAC address
and the virtual IP address of the backup group: matching the real MAC address or the
virtual address with the virtual IP address. Using undo vrrp method command, you
can reset the correspondence to the default value.
By default, the switch matches the virtual MAC address with the IP address of the
backup group.
1-4
Due to the chips installed, some switches support matching one IP address to multiple
MAC addresses. Then you may configure correspondence between the virtual IP
address of the backup group and the real/virtual MAC address.
You should set correspondence between the virtual IP address of the backup group
and the MAC address before configuring the backup group. Otherwise, you cannot
configure the correspondence.
S3526, S3526 FM, S3526 FS Ethernet switches don’t support this command.
Example
# Set the real MAC address of the interface match the virtual IP address of the backup
group.
[Quidway] vrrp method real-mac
1.1.5 vrrp ping-enable
Syntax
vrrp ping-enable
undo vrrp ping-enable
View
System view
Parameter
None
Description
Using vrrp ping-enable command, you can enable the function to ping the virtual IP
address of the backup group. Using undo vrrp ping-enable command, you can
disable the function to pin the virtual IP address of the backup group.
By default, the ping function is disabled.
You can only use the commands before configuring the backup group.
Example
# Enable the function to ping the virtual IP address of the backup group.
[Quidway] vrrp ping-enable
1.1.6 vrrp vrid preempt-mode
Syntax
vrrp vrid virtual-router-ID preempt-mode [ timer delay delay-value ]
1-5
undo vrrp vrid virtual-router-ID preempt-mode
View
Parameter

delay-value: Delay in seconds, ranging from 0 to 255.
Description
Using vrrp vrid preempt-mode command, you can configure the preemption and
delay of the virtual router. Using undo vrrp vrid preempt-mode command, you can
cancel the preemption.
By default, virtual router is in preempt mode and delay-value is 0 second.
If a higher-priority switch is required to preempt the Master, you need configure it as
preemption. You can also set a delay for the preemption. If you configure it not to
preempt, the delay will be set to 0 automatically.
Example
# Configure the switch to preempt.

[Quidway-vlan-interface2] vrrp vrid 1 preempt-mode
# Set a delay.
[Quidway-vlan-interface2] vrrp vrid 1 preempt-mode timer delay 5
# Configure the switch not to preempt.

[Quidway-vlan-interface2] undo vrrp vrid 1 preempt-mode
1.1.7 vrrp vrid priority
Syntax
vrrp vrid virtual-router-ID priority priority

undo vrrp vrid virtual-router-ID priority
View
Parameter

priority: Priority value, ranging from 1 to 254; By default, the priority value is 100.
1-6
Description
Using vrrp vrid priority command, you can configure the virtual router priority. Using
undo vrrp vrid priority command, you can reset the virtual router priority.
The priority decides the status of a switch in the virtual router. A higher-priority switch is
more likely to be a Master. Priority 0 is reserved for some special purpose. 255 is
reserved for the IP address owner. The priority of the IP address owner is always 255
and cannot be modified.
Example
# Set the virtual router priority on VLAN-interface2.

[Quidway-vlan-interface2] vrrp vrid 1 priority 150
1.1.8 vrrp vrid timer
Syntax
vrrp vrid virtual-router-ID timer advertise adver-interval

undo vrrp vrid virtual-router-ID timer advertise
View
Parameter

adver-interval: VRRP packet interval of the Master in the virtual router in seconds,
ranging from 1 to 255; By default, the value is 3s.
Description
Using vrrp vrid timer command, you can configure the virtual router timer. Using undo
vrrp vrid timer command, you can reset the virtual router timer.
This command is used to set the VRRP packet interval of the Master in the virtual router.
You are supposed to set the identical timer value for the switches in the same virtual
router to avoid improper configuration.
Example
# Configure the Master to transmit VRRP packets every 15 seconds.

[Quidway-vlan-interface2] vrrp vrid 1 timer advertise 15
1-7
1.1.9 vrrp vrid track
Syntax
vrrp vrid virtual-router-ID track vlan-interface interface-num [ reduced

value-reduced ]
undo vrrp vrid virtual-router-ID track [ vlan-interface interface-name ]
View
Parameter

interface-name: Interface which is to be tracked, the interface form is VLAN-interface
interface-num.
value-reduced: Reduced value of priority, ranging from 1 to 255; By default, the
reduced value of priority is 10.
Description
Using vrrp vrid track command, you can configure to track the interface. Using undo
vrrp vrid track command, you can stop tracking the interface.
VRRP interface track expends the backup function, which thereby can be implemented
not only when the switch fails, but also when a network interface is down. The user can
use this command to track or stop tracking an interface or all the interfaces. After the
configuration of the interface tracking, the priority of the switch will be reduced, if the
tracked interface turns down. Accordingly, some other switch in the virtual router will
have the comparatively highest priority and become the new Master, thereby
implementing the backup function. The IP address owner does not allow the
configuration of interface tracking.
A single virtual router supports up to 8 tracks.
Example
# Configure to track the interface.

[Quidway-vlan-interface2] vrrp vrid 1 track vlan-interface 1 reduced 50
1.1.10 vrrp vrid virtual-ip
Syntax
vrrp vrid virtual-router-ID virtual-ip ip-address

undo vrrp vrid virtual-router-ID [ virtual-ip virtual-address ]
1-8
View
Parameter

ip-address: Virtual IP address.
Description
Using vrrp vrid virtual-ip command, you can create a virtual router or add a virtual IP
address to an existing virtual router. Using undo vrrp vrid virtual-ip command, you
can cancel an existing virtual router or an address from the virtual router.
Example
# Create a virtual router

[Quidway-vlan-interface2] vrrp vrid 1 virtual-ip 10.10.10.10
# Add a virtual IP address to an existing virtual router.

[Quidway-vlan-interface2] vrrp vrid 1 virtual-ip 10.10.10.11
# Delete a virtual IP address.

[Quidway-vlan-interface2] undo vrrp vrid 1 virtual-ip 10.10.10.10
# Delete a virtual router.

[Quidway-vlan-interface2] undo vrrp vrid 1
1-9
HUAWEI

Command Manual
System Management

Command Manual - System Management
Table of Contents
Chapter 1 File System Management Commands ....................................................................... 1-1

1.1 File System ........................................................................................................................ 1-1
1.1.1 cd............................................................................................................................. 1-1
1.1.2 copy......................................................................................................................... 1-1
1.1.3 delete....................................................................................................................... 1-2
1.1.4 dir ............................................................................................................................ 1-3
1.1.5 file prompt................................................................................................................ 1-4
1.1.6 format ...................................................................................................................... 1-5
1.1.7 mkdir........................................................................................................................ 1-5
1.1.8 more ........................................................................................................................ 1-6
1.1.9 move........................................................................................................................ 1-6
1.1.10 pwd........................................................................................................................ 1-8
1.1.11 rename .................................................................................................................. 1-8
1.1.12 reset recycle-bin .................................................................................................... 1-9
1.1.13 rmdir .................................................................................................................... 1-10
1.1.14 undelete............................................................................................................... 1-10
1.2 Configuration File Management Commands ................................................................... 1-11
1.2.1 reset saved-configuration...................................................................................... 1-11
1.2.2 save....................................................................................................................... 1-12
1.3 FTP Server Configuration Commands............................................................................. 1-13
1.3.1 display ftp-server ................................................................................................... 1-13
1.3.2 display ftp-user ...................................................................................................... 1-14
1.3.3 ftp server ............................................................................................................... 1-14
1.3.4 ftp timeout.............................................................................................................. 1-15
1.3.5 local-user............................................................................................................... 1-15
1.3.6 password ............................................................................................................... 1-16
1.3.7 service-type ........................................................................................................... 1-17
1.4 FTP Client Commands .................................................................................................... 1-18
1.4.1 ascii ....................................................................................................................... 1-18
1.4.2 binary..................................................................................................................... 1-18
1.4.3 bye......................................................................................................................... 1-19
1.4.4 cd........................................................................................................................... 1-19
1.4.5 cdup....................................................................................................................... 1-20
1.4.6 close ...................................................................................................................... 1-20
1.4.7 debugging.............................................................................................................. 1-21
1.4.8 delete..................................................................................................................... 1-21
1.4.9 dir .......................................................................................................................... 1-22
1.4.10 disconnect ........................................................................................................... 1-22
i
1.4.11 ftp ........................................................................................................................ 1-23

1.4.12 get ....................................................................................................................... 1-23
1.4.13 lcd........................................................................................................................ 1-24
1.4.14 ls.......................................................................................................................... 1-24
1.4.15 mkdir.................................................................................................................... 1-25
1.4.16 open .................................................................................................................... 1-25
1.4.17 passive ................................................................................................................ 1-26
1.4.18 put ....................................................................................................................... 1-26
1.4.19 pwd...................................................................................................................... 1-27
1.4.20 quit....................................................................................................................... 1-27
1.4.21 remotehelp .......................................................................................................... 1-28
1.4.22 rmdir .................................................................................................................... 1-28
1.4.23 user ..................................................................................................................... 1-29
1.4.24 verbose................................................................................................................ 1-29
1.5 TFTP Configuration Commands ...................................................................................... 1-30
1.5.1 tftp ......................................................................................................................... 1-30
1.5.2 tftp get ................................................................................................................... 1-30
1.5.3 tftp put ................................................................................................................... 1-31
Chapter 2 MAC Address Table Management Commands ......................................................... 2-1

2.1 MAC Address Table Management Commands ................................................................. 2-1
2.1.1 display mac-address aging-time ............................................................................. 2-1
2.1.2 display mac-address ............................................................................................... 2-1
2.1.3 mac-address............................................................................................................ 2-2
2.1.4 mac-address max-mac-count.................................................................................. 2-3
2.1.5 mac-address timer .................................................................................................. 2-4
Chapter 3 Device Management Commands ............................................................................... 3-1

3.1 Device Management Commands ...................................................................................... 3-1
3.1.1 boot boot-loader ...................................................................................................... 3-1
3.1.2 boot bootrom ........................................................................................................... 3-1
3.1.3 display boot-loader.................................................................................................. 3-2
3.1.4 display cpu .............................................................................................................. 3-2
3.1.5 display device.......................................................................................................... 3-3
3.1.6 display fan ............................................................................................................... 3-4
3.1.7 display memory ....................................................................................................... 3-5
3.1.8 reboot ...................................................................................................................... 3-5
3.1.9 temperature-limit ..................................................................................................... 3-6
Chapter 4 System Maintenance Commands .............................................................................. 4-1

4.1 Basic System Configuration and Management Commands.............................................. 4-1
4.1.1 clock datetime ......................................................................................................... 4-1
4.1.2 clock summer-time .................................................................................................. 4-1
4.1.3 clock timezone......................................................................................................... 4-3
ii
4.1.4 sysname .................................................................................................................. 4-3

4.2 System Status and System Information Display Commands ............................................ 4-4
4.2.1 display clock ............................................................................................................ 4-4
4.2.2 display current-configuration ................................................................................... 4-5
4.2.3 display debugging ................................................................................................... 4-9
4.2.4 display saved-configuration..................................................................................... 4-9
4.2.5 display users ......................................................................................................... 4-12
4.2.6 display version....................................................................................................... 4-12
4.3 System Debug Commands.............................................................................................. 4-13
4.3.1 debugging.............................................................................................................. 4-13
4.3.2 display diagnostic-information............................................................................... 4-14
4.4 Network Connection Test Commands ............................................................................. 4-15
4.4.1 ping........................................................................................................................ 4-15
4.4.2 tracert .................................................................................................................... 4-17
4.5 Log Commands................................................................................................................ 4-19
4.5.1 display channel...................................................................................................... 4-19
4.5.2 display info-center ................................................................................................. 4-20
4.5.3 info-center channel name...................................................................................... 4-21
4.5.4 info-center console channel .................................................................................. 4-21
4.5.5 info-center enable ................................................................................................. 4-22
4.5.6 info-center logbuffer .............................................................................................. 4-23
4.5.7 info-center loghost................................................................................................. 4-23
4.5.8 info-center loghost source..................................................................................... 4-24
4.5.9 info-center monitor channel................................................................................... 4-25
4.5.10 info-center snmp channel.................................................................................... 4-26
4.5.11 info-center source ............................................................................................... 4-26
4.5.12 info-center timestamp.......................................................................................... 4-29
4.5.13 info-center trapbuffer........................................................................................... 4-29
4.5.14 reset logbuffer ..................................................................................................... 4-30
4.5.15 reset trapbuffer .................................................................................................... 4-31
4.5.16 terminal debugging.............................................................................................. 4-31
4.5.17 terminal logging ................................................................................................... 4-32
4.5.18 terminal monitor .................................................................................................. 4-32
4.5.19 terminal trapping ................................................................................................. 4-33
Chapter 5 SNMP Configuration Commands ............................................................................... 5-1

5.1 SNMP Configuration Commands....................................................................................... 5-1
5.1.1 display snmp-agent community............................................................................... 5-1
5.1.2 display snmp-agent ................................................................................................. 5-1
5.1.3 display snmp-agent group....................................................................................... 5-2
5.1.4 display snmp-agent mib-view.................................................................................. 5-3
5.1.5 display snmp-agent statistics .................................................................................. 5-4
5.1.6 display snmp-agent sys-info contact....................................................................... 5-5
iii
5.1.7 display snmp-agent sys-info location ...................................................................... 5-6

5.1.8 display snmp-agent sys-info version ....................................................................... 5-6
5.1.9 display snmp-agent usm-user ................................................................................. 5-7
5.1.10 snmp-agent local-engineid .................................................................................... 5-8
5.1.11 snmp-agent community......................................................................................... 5-8
5.1.12 snmp-agent group ................................................................................................. 5-9
5.1.13 snmp-agent mib-view .......................................................................................... 5-10
5.1.14 snmp-agent packet max-size .............................................................................. 5-11
5.1.15 snmp-agent sys-info............................................................................................ 5-11
5.1.16 snmp-agent target-host ....................................................................................... 5-12
5.1.17 snmp-agent trap enable ...................................................................................... 5-13
5.1.18 snmp-agent trap life ............................................................................................ 5-15
5.1.19 snmp-agent trap queue-size ............................................................................... 5-15
5.1.20 snmp-agent trap source ...................................................................................... 5-16
5.1.21 snmp-agent usm-user ......................................................................................... 5-16
5.1.22 undo snmp-agent ................................................................................................ 5-18
Chapter 6 RMON Configuration Commands .............................................................................. 6-1

6.1 RMON Configuration Commands ...................................................................................... 6-1
6.1.1 display rmon alarm.................................................................................................. 6-1
6.1.2 display rmon event .................................................................................................. 6-2
6.1.3 display rmon eventlog ............................................................................................. 6-3
6.1.4 display rmon history ................................................................................................ 6-4
6.1.5 display rmon prialarm.............................................................................................. 6-5
6.1.6 display rmon statistics ............................................................................................. 6-6
6.1.7 rmon alarm .............................................................................................................. 6-8
6.1.8 rmon event .............................................................................................................. 6-9
6.1.9 rmon history........................................................................................................... 6-10
6.1.10 rmon prialarm ...................................................................................................... 6-10
6.1.11 rmon statistics ..................................................................................................... 6-12
Chapter 7 NTP Configuration Commands .................................................................................. 7-1

7.1 NTP Configuration Commands.......................................................................................... 7-1
7.1.1 debugging ntp-service............................................................................................. 7-1
7.1.2 display ntp-service sessions ................................................................................... 7-2
7.1.3 display ntp-service status........................................................................................ 7-2
7.1.4 display ntp-service trace ......................................................................................... 7-4
7.1.5 ntp-service access .................................................................................................. 7-4
7.1.6 ntp-service authentication enable ........................................................................... 7-5
7.1.7 ntp-service authentication-keyid.............................................................................. 7-5
7.1.8 ntp-service broadcast-client .................................................................................... 7-6
7.1.9 ntp-service broadcast-server................................................................................... 7-7
7.1.10 ntp-service in-interface disable ............................................................................. 7-8
7.1.11 ntp-service max-dynamic-sessions ....................................................................... 7-8
iv
7.1.12 ntp-service multicast-client.................................................................................... 7-9

7.1.13 ntp-service multicast-server ................................................................................ 7-10
7.1.14 ntp-service refclock-master ................................................................................. 7-11
7.1.15 ntp-service reliable authentication-keyid............................................................. 7-11
7.1.16 ntp-service source-interface................................................................................ 7-12
7.1.17 ntp-service unicast-peer...................................................................................... 7-13
7.1.18 ntp-service unicast-server ................................................................................... 7-14
Chapter 8 SSH Configuration Commands .................................................................................. 8-1

8.1 SSH Configuration Commands.......................................................................................... 8-1
8.1.1 debugging ssh server.............................................................................................. 8-1
8.1.2 display rsa local-key-pair public .............................................................................. 8-2
8.1.3 display rsa peer-public-key ..................................................................................... 8-3
8.1.4 display ssh server ................................................................................................... 8-4
8.1.5 display ssh user-information ................................................................................... 8-4
8.1.6 peer-public-key end................................................................................................. 8-5
8.1.7 protocol inbound...................................................................................................... 8-6
8.1.8 public-key-code begin ............................................................................................. 8-6
8.1.9 public-key-code end ................................................................................................ 8-7
8.1.10 rsa local-key-pair create........................................................................................ 8-8
8.1.11 rsa local-key-pair destroy ...................................................................................... 8-9
8.1.12 rsa peer-public-key.............................................................................................. 8-10
8.1.13 ssh server authentication-retries ......................................................................... 8-10
8.1.14 ssh server rekey-interval ..................................................................................... 8-11
8.1.15 ssh server timeout............................................................................................... 8-12
8.1.16 ssh user assign rsa-key ...................................................................................... 8-12
8.1.17 ssh user username authentication-type .............................................................. 8-13
v
Quidway S3500 Series Ethernet Switches Chapter 1 File System Management Commands
Chapter 1 File System Management Commands
1.1 File System

1.1.1 cd
Syntax
cd directory
View
User view
Parameter
directory: Destination directory; By default, the directory is the working path configured
by the user when the system starts.
Description
Using cd command, you can change the current user configuration path on the
Ethernet Switch.
Example
# Change the current working directory of the switch to flash.

<Quidway>cd flash:
<Quidway>pwd
flash:
1.1.2 copy
Syntax
copy fileurl-source fileurl-dest
View
User view
Parameter
fileurl-source: Source file name.

fileurl-dest: Destination file name.
1-1
Description
Using copy command, you can copy a file.

When the destination filename is the same as that of an existing file, the system will ask
whether to overwrite it.
Example
# Display current directory information.

<Quidway> dir
Directory of *
0 -rw- 595 Jul 12 2001 19:41:50 test.txt
16125952 bytes total (13975552 bytes free)
# Copy the file test.txt and saves it as test.bak.

<Quidway> copy test.txt test.bak
Copy flash:/test/test.txt to flash:/test/test.bak ?[confirm]:y
% Copyed file flash:/test/test.txt flash:/test/test.bak
# Display current directory information.

<Quidway> dir
Directory of *
0 -rw- 595 Jul 12 2001 19:41:50 test.txt
1 -rw- 595 Jul 12 2001 19:46:50 test.bak
1.1.3 delete
Syntax
delete [ /unreserved ] file-url
View
User view
Parameter
file-url: path and name of the file you want to delete.
Description
Using delete command, you can cancel a specified file from the storage device of the
Ethernet Switch.
The deleted files are kept in the recycle bin and will not be displayed when you use the
dir command. However they will be displayed, using the dir /all command. The files
deleted by the delete command can be recovered with the undelete command or
deleted permanently from the recycle bin, using the reset recycle-bin command.
1-2
Note that, if two files with the same name in a directory are deleted, only the latest
deleted file will be kept in the recycle bin.
Example
# Delete the file flash:/test/test.txt

<Quidway> delete flash:/test/test.txt
Delete flash:/test/test.txt?[Y/N]:
1.1.4 dir
Syntax
dir [ /all ] [ file-url ]
View
User view
Parameter
/all: Display all the files (including the deleted ones).

file-url: File or directory name to be displayed. The file-url parameter supports “*”
matching. For example, using dir *.txt will display all the files with the extension txt in
the current directory.; By default, display the file information in current path.
Description
Using dir command, you can view the information about the specified file or directory in
storage device of Ethernet Switch.
Example
# Display the information about the file flash:/test/test.txt

<Quidway> dir flash:/test/test.txt
Directory of flash:/test/
-rwxrwxrwx 1 noone nogroup 971 Sep 20 2003 14:28:52 test.txt
# Display information of directory flash:/test/

<Quidway> dir flash:/test/
# Display all files with the names starting with "t" in the directory flash:/test/
<Quidway> dir flash:/test/t*
1-3

# Display information about all the files (including the deleted files) in the directory
flash:/test/
<Quidway> dir /all flash:/test/
# Display information of all the files (including the deleted files) with the names starting
with "t" in flash:/test/
<Quidway> dir /all flash:/test/t*
Directory of flash:/test/t*
-rwxrwxrwx 1 noone nogroup 971 Sep 20 2003 14:32:49 [text.txt]
1.1.5 file prompt
Syntax
file prompt { alert | quiet }
View
System view
Parameter
alert: Perform interactive confirmation on dangerous file operations; The default value
is alert, which configures to perform interactive confirmation on dangerous file
operations.
quiet: Do not prompt for the file operations.
Description
Using file prompt command, you can modify prompt modes of the file operation on the
Ethernet switch.
If the prompt mode is set as quiet, that is, no prompt for file operations, some
non-recoverable operations may lead to system damage.
Example
# Configure the prompt mode of file operation as quiet.

[Quidway] file prompt quiet
1-4
1.1.6 format
Syntax
format filesystem
View
User view
Parameter
filesystem: Device name.
Description
Using format command, you can format the storage device.

Format operation will cause non-recoverable loss of all the files on the device. Specially,
configuration files will be lost after formatting the flash memory.
Example
# Format flash:
<Quidway> format flash:
All data on Flash will be lost , proceed with format ? [Y/N] y
% Now begin to format flash, please wait for a while...
Format winc: completed
1.1.7 mkdir
Syntax
mkdir directory
View
User view
Parameter
directory: Directory name.
Description
Using mkdir command, you can create directory in the specified directory on the
storage device.
The directory to be created cannot have the same name as that of other directory or file
in the specified directory.
1-5
Example
# Create the directory dd.

<Quidway> mkdir dd
% Created dir dd
1.1.8 more
Syntax
more file-url
View
User view
Parameter
file-url: File name.
Description
Using more command, you can view content of specified file.

At present, file system can display files in the text format.
Example
# Display contents of file test.txt.

<Quidway> more test.txt
AppWizard has created this test application for you.
This file contains a summary of what you will find in each of the files that
make up your test application.
Test.dsp
This file (the project file) contains information at the project level and is
used to build a single project or subproject. Other users can share the project
(.dsp) file, but they should export the makefiles locally.
1.1.9 move
Syntax
move fileurl-source fileurl-dest
View
User view
Parameter
1-6
Description
Using move command, you can move files.

When the destination filename is the same as that of an existing file, the system will ask
whether to overwrite it.
Example
# Display the current directory information.

<Quidway> dir
Directory of flash:/
drwxrwxrwx 1 noone nogroup - Jun 22 2002 02:19:16 shit
-rwxrwxrwx 1 noone nogroup 971 Jun 30 2003 11:45:19 vrpcfg.txt
-rwxrwxrwx 1 noone nogroup 4 Aug 27 2003 16:56:56 snmpboots
-rwxrwxrwx 1 noone nogroup 2957562 Sep 20 2003 10:49:57 QX-S5516-VRP31
0-0030.app
drwxrwxrwx 1 noone nogroup - Sep 20 2003 14:27:58 test
drwxrwxrwx 1 noone nogroup - Sep 20 2003 14:36:11 dd
-rwxrwxrwx 1 noone nogroup 971 Sep 20 2003 14:40:05 sample.txt
# Move flash:/test/sample.txt to flash:/sample.txt.

<Quidway> move flash:/test/sample.txt flash:/sample.txt
Move flash:/test/sample.txt to flash:/sample.txt ?[Y/N]:y
% Moved file flash:/test/sample.txt to flash:/sample.txt
# Display the directory after moving a file.

<Quidway> dir
0-0030.app
drwxrwxrwx 1 noone nogroup - Sep 20 2003 14:36:11 dd
1-7
1.1.10 pwd
Syntax
pwd
View
User view
Parameter
None
Description
Using pwd command, you can view the current path.

Error may occur without setting the current path.
Example
# Display the current path.

<Quidway> pwd
flash:
1.1.11 rename
Syntax
rename fileurl-source fileurl-dest
View
User view
Parameter

Description
Using rename command, you can rename a file.

If the destination file name is the same as an existing directory name, operation fails. If
the destination file name is the same as an existing file name, prompt whether to
overwrite.
Example
# Display the current directory information.

<Quidway> dir
1-8
0-0030.app
# Rename the file sample.txt with sample.bak.

<Quidway> rename sample.txt sample.bak
Rename flash:/sample.txt to flash:/sample.bak ?[Y/N]:y
% Renamed file flash:/sample.txt to flash:/sample.bak
# Display the directory after renaming sample.txt with sample.bak.

<Quidway>dir
0-0030.app
-rwxrwxrwx 1 noone nogroup 971 Sep 20 2003 14:44:54 sample.bak
1.1.12 reset recycle-bin
Syntax
reset recycle-bin file-url
View
User view
Parameter
file-url: Name of the file to be deleted.
Description
Using reset recycle-bin command, you can permanently delete files from the recycle
bin.
The delete command only puts the file into the recycle bin, but reset recycle-bin
command will delete this file permanently.
1-9
Example
# Delete the file from the recycle bin.

<Quidway> reset recycle-bin flash:/p1h_logic.out
Clear flash:/plh_logic.out? [Y/N]:
1.1.13 rmdir
Syntax
rmdir directory
View
User view
Parameter
directory: Directory name.
Description
Using rmdir command, you can cancel a directory.

The directory to be deleted must be empty.
Example
# Delete the directory huawei.

<Quidway> rmdir huawei
Rmdir huawei?[Y/N]:y
% Removed directory huawei
1.1.14 undelete
Syntax
undelete file-url
View
User view
Parameter
file-url: Name of the file to be recovered.
Description
Using undelete command, you can recover deleted file.

The file name to be recovered cannot be the same as an existing directory name. If the
destination file name is the same as an existing file name, prompt whether to overwrite.
1-10
Example
# Display the information of all the files (including the deleted ones) in the current
directory.
<Quidway> dir /all
0-0030.app
-rwxrwxrwx 1 noone nogroup 971 Sep 20 2003 14:53:32 [sample.bak]
# Recover the deleted file sample.bak.

<Quidway> undelete sample.bak
Undelete flash:/sample.bak ?[Y/N]:y
% Undeleted file flash:/sample.bak
# Display the information of all the files (including the deleted ones) in the current
directory.
<Quidway> dir /all
0-0030.app
-rwxrwxrwx 1 noone nogroup 971 Sep 20 2003 14:54:16 sample.bak
1.2 Configuration File Management Commands

1.2.1 reset saved-configuration
Syntax
reset saved-configuration
View
User view
1-11
Parameter
None
Description
Using reset saved-configuration command, you can erase configuration files from
the flash memory of the Ethernet Switch.
Perform this command with cautious. It is suggested to consult technical support
personnel first.
Generally, this command is used in the following situations:
z After upgrade of software, configuration files in flash memory may not match the
new version's software. Perform reset saved-configuration command to erase
the old configuration files.
z If a used Ethernet Switch is applied to the new circumstance and the original
configuration files cannot meet the new requirements, the Ethernet Switch should
be configured again. Erase the original configuration files for reconfiguration.
If the configuration files do not exist in the flash memory when Ethernet Switch is
electrified and initialized, it will enter setup switch view automatically.
For the related commands, see save, display current-configuration, display
saved-configuration.
Example
# Erase the configuration files from the flash memory of Ethernet Switch.
<Quidway> reset saved-configuration
This will delete the configuration in the flash memory.
The switch configurations will be erased to reconfigure.
Are you sure?[Y/N]
1.2.2 save
Syntax
save
View
User view
Parameter
None
Description
Using save command, you can save the current configuration files to Flash memory.
1-12
After finishing a group of configurations and achieving corresponding functions, user

should remember to get the current configuration files stored in the flash memory.
For the related commands, see reset saved-configuration, display
current-configuration, display saved-configuration.
Example
# Get the current configuration files stored in the flash memory.

<Quidway> save
This will save the configuration in the flash memory.
The switch configurations will be written to flash.
Are you sure?[Y/N]
Now saving current configuration to flash memory.
Please wait for a while...
Save current configuration to flash memory successfully.
1.3 FTP Server Configuration Commands

1.3.1 display ftp-server
Syntax
display ftp-server
View
Any view
Parameter
None
Description
Using display ftp-server command, you can view the parameters of the current FTP
Server. You can perform this command to verify the configuration after setting FTP
parameters.
Example
# Display the configuration of FTP Server parameters.

<Quidway> display ftp-server
FTP server is running
Max user number 5
User count 0
Timeout value(in minute) 30
1-13
1.3.2 display ftp-user
Syntax
display ftp-user
View
Any view
Parameter
None
Description
Using display ftp-user command, you can view the parameters of current FTP user.
You can perform this command to examine the configuration after setting FTP
parameters.
Example
# Show the configuration of FTP user parameters.

<Quidway> display ftp-user
% No ftp user
1.3.3 ftp server
Syntax
ftp sever enable

undo ftp sever
View
System view
Parameter
enable: Start FTP Server.
Description
Using ftp server command, you can start FTP Server and enable FTP user logon.
Using undo ftp server command, you can close FTP Server and disable FTP user
logon.
By default, FTP Server is shut down.
Perform this command to easily start or shut down FTP Server, preventing Ethernet
Switch from being attacked by some unknown user.
1-14
Example
# Shut down FTP Server.

[Quidway] undo ftp server
1.3.4 ftp timeout
Syntax
ftp timeout minute

undo ftp timeout
View
System view
Parameter
minute: Connection timeouts (measured in minutes), ranging from 1 to 35791; By

default, the connection timeout time is 30 minutes.
Description
Using ftp timeout command, you can configure connection timeout interval. Using
undo ftp timeout command, you can restore the default connection timeout interval.
After a user logs on to an FTP Server and has established connection, if the connection
is interrupted or cut abnormally by the user, FTP Server will still hold the connection.
The connection timeout can avoid this problem. If the FTP server has no command
interaction with a client for a specific period of time, it considers the connection to be
failed and disconnect to the client.
Example
# Set the connection timeout to 36 minutes.

[Quidway] ftp timeout 36
1.3.5 local-user
Syntax
local-user user-name
undo local-user { user-name | all [ service-type { telnet | ftp | lan-access } ] }
View
System view
1-15
Parameter
user-name: Specifies a local username with a character string not exceeding 32

characters, excluding “/”, “:”, “*”, “?”, “<” and “>”. The @ character can only be used
once in one username. The pure username (the part before @, namely the user ID)
cannot exceed 24 characters.
service-type: Specifies the service type. telnet means that: the specified user type is
telnet. ftp means that: the specified user type is ftp. lan-access means that the
specified user type is lan-access which mainly refers to Ethernet accessing users,
802.1x supplicants for example.
all: All the users.
Description
Using local-user command, you can configure a local user and enter the local user
view. Using undo local-user command, you can cancel a specified local user.
By default, no local user.
For the related commands, see display local-user, server-type.
Example
# Add a local user named huawei1.

[Quidway] local-user huawei1
[Quidway-user-huawei1]
1.3.6 password
Syntax
password { simple | cipher } password

undo password
View
Local user view
Parameter
simple: Specifies to display passwords in simple text.

cipher: Specifies to display passwords in cipher text.
password: Defines a password, which is a character string of up to 16 characters if it is
in simple text and of up to 24 characters if it is in cipher text.
1-16
Description
Using password command, you can configure a password display mode for local users.
Using undo password command, you can cancel the specified password display
mode.
If local-user password-display-mode cipher-force has been adopted, the user
efforts of using the password command to set the password display mode to simple
text (simple) will render useless.
Example
# Set the user huawei1 to display the password in simple text, given the password is
20030422.
[Quidway-user-huawei1] password simple 20030422
1.3.7 service-type
Syntax
service-type { telnet [ level level ] | ftp [ ftp-directory directory ] | lan-access }

undo service-type { telnet [ level ] | ftp [ ftp-directory ] | lan-access }
View
Local user view
Parameter

level level: Specifies the level of Telnet users. The argument level is an integer in the
range of 0 to 3 and defaults to 3.
Description
Using service-type command, you can configure a service type for a particular user.
Using undo service-type command, you can cancel the specified service type for the
user.
Example
# Set to provide the lan-access service for the user huawei1.
1-17
[Quidway-user-huawei1] service-type lan-access
1.4 FTP Client Commands

1.4.1 ascii
Syntax
ascii
View
FTP Client view
Parameter
None
Description
Using ascii command, you can configure data transmission mode as ASCII mode.
By default, the file transmission mode is ASCII mode.
Perform this command if the user needs to change the file transmission mode to default
mode.
Example
# Configure to transmit data in the ASCII mode.

[ftp] ascii
200 Type set to A.
1.4.2 binary
Syntax
binary
View
FTP Client view
Parameter
None
Description
Using binary command, you can configure file transmission type as binary mode.
1-18
Example
# Configure to transmit data in the binary mode.

[ftp] binary
200 Type set to I.
1.4.3 bye
Syntax
bye
View
FTP Client view
Parameter
None
Description
Using bye command, you can disconnect with the remote FTP Server and return to
user view.
After performing this command, you can terminate the control connection and data
connection with the remote FTP Server.
Example
# Terminate connection with the remote FTP Server and return to user view.
[ftp] bye
1.4.4 cd
Syntax
cd pathname
View
FTP Client view
Parameter
pathname: Path name.
Description
Using cd command, you can change the working path on the remote FTP Server.
This command is used to access another directory on FTP Server. Note that the user
can only access the directories authorized by the FTP server.
1-19
Example
# Change the working path to flash:/temp

[ftp] cd flash:/temp
1.4.5 cdup
Syntax
cdup
View
FTP Client view
Parameter
None
Description
Using cdup command, you can change working path to the upper level directory.
This command is used to exit the current directory and return to the upper level
directory.
Example
# Change working path to the upper level directory.

[ftp] cdup
1.4.6 close
Syntax
close
View
FTP Client view
Parameter
None
Description
Using close command, user can disconnect FTP client side from FTP server side
without exiting FTP client side view. That is to say, you can terminate the control
connection and data connection with the remote FTP Server at the same time.
Related command: open.
1-20
Example
# Terminate connection with the remote FTP Server and stays in FTP Client view.
[ftp] close
1.4.7 debugging
Syntax
debugging
View
FTP Client view
Parameter
None
Description
Using debugging command, you can enable the system debugging functions.
Example
# Enable the system debugging functions.

[ftp] debugging
Debug is on.
1.4.8 delete
Syntax
delete remotefile
View
FTP Client view
Parameter
remotefile: File name.
Description
Using delete command, you can cancel the specified file.

This command is used to delete a file.
Example
# Delete the file temp.c

[ftp] delete temp.c
1-21
1.4.9 dir
Syntax
dir [ filename ] [ localfile ]
View
FTP Client view
Parameter
filename: File name to be queried.

localfile: Saved local file name.
Description
Using dir command, you can query a specified file.

If no parameter of this command is specified, then all the files in the directory will be
displayed.
Example
# Query the file temp.c and saves the results in the file temp1.
[ftp] dir temp.c temp1
1.4.10 disconnect
Syntax
disconnect
View
FTP Client view
Parameter
None
Description
Using disconnect command, subscribers can disconnect FTP client side from FTP
server side without exiting FTP client side view.
This command terminates the control connection and data connection with the remote
FTP Server at the same time.
Example
# Terminate connection with the remote FTP Server and stays in FTP Client view.
[ftp] disconnect
1-22
1.4.11 ftp
Syntax
ftp [ ip-address [ port ] ]
View
User view
Parameter
ip-address: The host name ( a string with a length of 1 to 20 characters ) or the IP

address of the remote FTP Server.
port: Port number of remote FTP Server, ranging from 0 to 65535. By default , it is 21.
Description
Using ftp command, you can establish control connection with the remote FTP Server
and enter FTP Client view.
Example
# Connect to FTP Server at the IP address 1.1.1.1

<Quidway> ftp 1.1.1.1
1.4.12 get
Syntax
get remotefile [ localfile ]
View
FTP Client view
Parameter
localfile: Local file name.

remotefile: Name of a file on the remote FTP Server.
Description
Using get command, you can download a remote file and save it locally.
If no local file name is specified, it will be considered the same as that on the remote
FTP Server.
Example
# Download the file temp1.c and saves it as temp.c

[ftp] get temp1.c temp.c
1-23
1.4.13 lcd
Syntax
lcd
View
FTP Client view
Parameter
None
Description
Using lcd command, you can view local working path of FTP Client.
Example
# Show local working path.

[ftp] lcd
% Local directory now flash:/temp
1.4.14 ls
Syntax
ls [ remotefile ] [ localfile ]
View
FTP Client view
Parameter
remotefile: Remote file to be queried.

localfile: Saved local file name.
Description
Using ls command, you can query a specified file.

If no parameter is specified, all the files will be shown.
Example
# Query file temp.c

[ftp] ls temp.c
1-24
1.4.15 mkdir
Syntax
mkdir pathname
View
FTP Client view
Parameter
pathname: Directory name.
Description
Using mkdir command, you can create a directory on the remote FTP Server.
User can perform this operation as long as the remote FTP server has authorized.
Example
# Create the directory flash:/lanswitch on the remote FTP Server.

[ftp] mkdir flash:/lanswitch
1.4.16 open
Syntax
open [ ip-address [ port ] ]
View
FTP Client view
Parameter
ip-address: The host name ( a string with a length of 1 to 20 characters ) or the IP

address of the remote FTP Server.
port: Port number of remote FTP Server, ranging from 0 to 65535. By default , it is 21.
Description
Using open command, you can establish control connection with the remote FTP
Server in the FTP Client view.
Related command: close.
Example
# Establish control connection with the FTP Server, which IP address is 1.1.1.1.
[ftp] open 1.1.1.1
Trying ...
1-25
Press CTRL+K to abort

Connected.
220-
220 WFTPD 2.0 service (by Texas Imperial Software) ready for new user
User(None):abc
331 Give me your password, please
Password:
230 Logged in successfully
1.4.17 passive
Syntax
passive
undo passive
View
FTP Client view
Parameter
None
Description
Using passive command, you can configure the data transmission mode as passive
mode. Using undo passive command, you can configure the data transmission mode
as active mode.
By default, the data transmission mode is passive mode
Example
# Set the data transmission to passive mode.

[ftp] passive
1.4.18 put
Syntax
put localfile [ remotefile ]
View
FTP Client view
Parameter
localfile: Local file name.
1-26
remotefile: File name on the remote FTP Server.
Description
Using put command, you can upload a local file to the remote FTP Server.
If the user does not specify the filename on the remote server, the system will consider
it the same as the local file name by default.
Example
# Upload the local file temp.c to the remote FTP Server and saves it as temp1.c.
[ftp] put temp.c temp1.c
1.4.19 pwd
Syntax
pwd
View
FTP Client view
Parameter
None
Description
Using pwd command, you can view the current directory on the remote FTP Server.
Example
# Show the current directory on the remote FTP Server.

[ftp] pwd
"flash:/temp" is current directory.
1.4.20 quit
Syntax
quit
View
FTP Client view
Parameter
None
1-27
Description
Using quit command, you can terminate the connection with the remote FTP Server
and return to user view.
Example
# Terminate connection with the remote FTP Server and returns to user view.
[ftp] quit
<Quidway>
1.4.21 remotehelp
Syntax
remotehelp [ protocol-command ]
View
FTP Client view
Parameter
protocol-command: FTP protocol command.
Description
Using remotehelp command, you can view help information about the FTP protocol
command.
Example
# Show the syntax of the protocol command user.

[ftp] remotehelp user
214 Syntax: USER <sp> <username>
1.4.22 rmdir
Syntax
rmdir pathname
View
FTP Client view
Parameter
pathname: Directory name of remote FTP Server.
1-28
Description
Using rmdir command, you can cancel the specified directory from FTP Server.
Example
# Delete the directory flash:/temp1 from FTP Server.

[ftp] rmdir flash:/temp1
1.4.23 user
Syntax
user username [ password ]
View
FTP Client view
Parameter
username: Logon username.

password: Logon password.
Description
Using user command, you can register an FTP user.
Example
# Log in the FTP Server with username tom and password bjhw.
[ftp] user tom bjhw
1.4.24 verbose
Syntax
verbose
undo verbose
View
FTP Client view
Parameter
None
Description
Using verbose command, you can enable verbose. Using undo verbose command,
you can disable verbose.
1-29
By default, verbose is enabled.
Example
# Enable verbose.
[ftp]verbose
1.5 TFTP Configuration Commands

1.5.1 tftp
Syntax
tftp { ascii | binary }
View
System view
Parameter
ascii: Text format.

binary: Binary format; By default, the transmission mode is binary.
Description
Using tftp command, you can configure the transmission mode of the TFTP files.
TFTP transmits files in two modes, binary mode for program files and ASCII mode for
text files. You can perform this command to configure the file transmission mode. By
default, TFTP transmits files in binary mode. Before resetting the mode and restarting
the switch, the set mode will not change.
For the related commands, see tftp get, tftp put.
Example
# Transmit the files in text format.

[Quidway] tftp ascii
1.5.2 tftp get
Syntax
tftp get //A.A.A.A/xxx.yyy mmm.nnn
View
System view
1-30
Parameter
//A.A.A.A/xxx.yyy: Information about the file to be downloaded from the TFTP server.
A.A.A.A: IP address of the TFTP server.
mmm.nnn: Specify the filename saved as after downloaded to the switch, which can be
different from xxx.yyy.
Description
Using tftp get command, you can download a file xxx.yyy from the specified directory
of the TFTP server (at A.A.A.A) and saving it as mmm.nnn on the switch.
For the related commands, see tftp, tftp put.
Example
# Download the file LANSwitch.app from the TFTP server at 1.1.3.214 and save it as
vxWorks.app on the local switch.
[Quidway] tftp binary
[Quidway] tftp get //1.1.3.214/ LANSwitch.app vxWorks.app
1.5.3 tftp put
Syntax
tftp put mmm.nnn //A.A.A.A/xxx.yyy
View
System view
Parameter
mmm.nnn: The file to be uploaded.

//A.A.A.A/xxx.yyy: IP address of the TFTP server and the filename to be saved as.
Description
Using tftp put command, you can upload a file from the switch to the specified directory
on the TFTP server (at A.A.A.A) and saving it as mmm.nnn.
For the related commands, see tftp, tftp get.
Example
# Upload the vrpcfg.txt to the TFTP server at 1.1.3.214 and save it as Temp.txt.
[Quidway] tftp ascii
[Quidway] tftp put vrpcfg.txt //1.1.3.214/temp.txt
1-31
Quidway S3500 Series Ethernet Switches Chapter 2 MAC Address Table Management Commands
Chapter 2 MAC Address Table Management

Commands
2.1 MAC Address Table Management Commands

2.1.1 display mac-address aging-time
Syntax
display mac-address aging-time
View
Any view
Parameter
None
Description
Using display mac-address aging-time command, you can view the aging time of the
dynamic entry in the MAC address table.
For the related commands, see mac-address, mac-address timer, display
mac-address.
Example
# Display the aging time of the dynamic entry in the MAC address table.
[Quidway] display mac-address aging-time
mac-address aging-time: 300s
The above information indicates that the aging time of the dynamic entry in the MAC
address is 300s.
2.1.2 display mac-address
Syntax
display mac-address [ mac-addr [ vlan vlan-id ] | [ static | dynamic ] [ interface

{ interface-name | interface-type interface-num } ] [ vlan vlan-id ] [ count ] ]
View
Any view
2-1
Parameter
mac-addr: Specify the MAC address.

vlan-id: Specify the VLAN ID.
static: Static table entry, lost after resetting switch.
dynamic: Dynamic table entry, which will be aged.
interface-type: Specify the interface type.
interface-num: Specify the interface number.
interface-name: Specify the interface name.
For details about the interface-type, interface-num and interface-name parameters,
refer to the Port Configuration in this manual.
count: the display information will only contain the sum number of MAC addresses in
the MAC address table if user choice this parameter when using this command.
Description
Using display mac-address command, you can view MAC address table information.
When managing the Layer-2 addresses of the switch, the administrator can Perform
this command to view such information as the Layer-2 address table, address status
(static or dynamic), Ethernet port of the MAC address, VLAN of the address, and
system address aging time.
For the related commands, see mac-address, mac-address timer.
Example
# Show the information of the entry with MAC address at 00e0-fc01-0101 on S3526E.
[Quidway] display mac-address 00e0-fc01-0101
MAC ADDR VLAN ID STATE PORT INDEX AGING TIME
00e0-fc01-0101 1 Learned Ethernet0/1 AGING
# Show the information of the entry with MAC address at 00e0-fc01-0101 on S3526.
[Quidway] display mac-address 00e0-fc01-0101
MAC ADDR VLAN ID STATE PORT INDEX AGING TIME(s)
00e0-fc01-0101 1 Learned Ethernet0/1 300
2.1.3 mac-address
Syntax
mac-address { static | dynamic } mac-addr interface { interface-name | interface-type

interface-num } vlan vlan-id
2-2
undo mac-address [ static | dynamic ] [ [ mac-addr ] interface {interface-name |

interface-type interface-num } vlan vlan-id ]
View
System view
Parameter
static: Static table entry, lost after resetting switch.

dynamic: Dynamic table entry, which will be aged.
mac-addr: Specify the MAC address.
interface-type: interface type;
interface-num: interface number;
interface-name: interface name;
vlan-id: Specify the VLAN ID.
Description
Using mac-address command, you can add/modify the MAC address table entry.
Using undo mac-address command, you can cancel MAC address table entry
If the input address has been existed in the address table, the original entry will be
modified. That is, replace the interface pointed by this address with the new interface
and the entry attribute with the new attribute (dynamic entry and static entry).
All the (MAC unicast) addresses on a certain interface can be deleted. User can choose
to delete any of the following addresses: address learned by system automatically,
dynamic address configured by user, static address configured by user.
Because the address table is shared in the VLAN domain, you need specify the VLAN
of the multicast address and the port of the unicast address, when adding entries to the
address table.
For the related commands, see display mac-address.
Example
# Configure the port number corresponding to the MAC address 00e0-fc01-0101 as

Ethernet0/1 in the address table, and sets this entry as static entry.
[Quidway] mac-address static 00e0-fc01-0101 interface ethernet 0/1 vlan 2
2.1.4 mac-address max-mac-count
Syntax
mac-address max-mac-count count

undo mac-address max-mac-count
2-3
View
Ethernet port view
Parameter
count: Specify the amount limit to the MAC addresses to be learned. 0 indicates that no
address can be learned via the port.
Description
Using mac-address max-mac-count command, you can set a limit to the MAC
addresses to be learned by the Ethernet port. Using undo mac-address
max-mac-count command, you can cancel the limit.
By default, there is no limit to the MAC addresses learned via the Ethernet port.
The port will stop learning MAC address when the amount reaches the limit specified
by the count parameter.
For the related commands, see mac-address, mac-address timer.
Example
# Configure Ethernet0/3 to learn at most 600 addresses.

[Quidway-Ethernet0/3] mac-address max-mac-count 600
# Configure no limit to the amount of addresses learned via Ethernet0/3.

[Quidway-Ethernet0/3] undo mac-address max-mac-count
2.1.5 mac-address timer
Syntax
mac-address timer { aging age | no-aging }

undo mac-address timer aging
View
System view
Parameter
aging age: Specifies the aging time (measured in seconds) of the Layer-2 dynamic
address table entry, ranging from 10 to 1000000. By default, the aging time is 300
seconds.
no-aging : No aging time.
2-4
Description
Using mac-address timer command, you can configure the aging time of the Layer-2
dynamic address table entry. Using undo mac-address timer command, you can
restore the default value.
Too long or too short aging time set by subscribers will cause the problem that the
Ethernet switch broadcasts a great mount of data packets without MAC addresses,
which will affect the switch operation performance.
If aging time is set too long, the Ethernet switch will store a great number of out-of-date
MAC address tables. This will consume MAC address table resources and the switch
will not be able to update MAC address table according to the network change.
If aging time is set too short, the Ethernet switch may delete valid MAC address table.
Example
# Configure the entry aging time of Layer-2 dynamic address table to be 500 seconds.
[Quidway] mac-address timer aging 500
2-5
Quidway S3500 Series Ethernet Switches Chapter 3 Device Management Commands
Chapter 3 Device Management Commands
3.1 Device Management Commands

3.1.1 boot boot-loader
Syntax
boot boot-loader file-url
View
User view
Parameter
file-url: Path and name of APP file.
Description
Using boot boot-loader command, you can configure the app file used for boot of the
next time.
Example
# Specify the APP application used for boot of next time.

<Quidway> boot boot-loader PLATV100R002B09D002.APP
The specifed file will be booted next time!
<Quidway>
3.1.2 boot bootrom
Syntax
boot bootrom file-url
View
User view
Parameter
file-url: File path and file name of Bootrom.
Description
Using boot bootrom command, you can upgrade bootrom.
3-1
Example
# Upgrade bootrom.
<Quidway> boot bootrom PLATV100R002B09D002.btm
3.1.3 display boot-loader
Syntax
display boot-loader
View
Any view
Parameter
None
Description
Using display boot-loader command, you can view APP file used next time.
Example
<Quidway> display boot-loader

The app to boot at the next time is: PLATV100R002B09D002.APP
3.1.4 display cpu
Syntax
display cpu
View
Any view
Parameter
None
Description
Using display cpu command, you can display CPU occupancy.
Example
# Display CPU occupancy.

<Quidway> display cpu
CPU busy status:
18% in last 5 seconds
3-2
19% in last 1 minute

19% in last 5 minutes
Field Description
CPU busy status. The busy status of switch
18% in last 5 seconds The CPU occupancy rate is 18% at last 5 seconds
19% in last 1 minute The CPU occupancy rate is 19% at last 1 minute
19% in last 5 minutes The CPU occupancy rate is 19% at last 5 minutes
3.1.5 display device
Syntax
display device
View
Any view
Parameter
None
Description
Using display device command, you can view module type and working status
information of each card (including main card and daughter-card).
Perform display device command to display the module type and working status
information of a card, including physical card number, physical daughter card number,
number of ports, hardware version number, FPGA version number, BOOTROM
software version number, application version number, address learning mode, interface
card type and interface card type description, etc.
Example
# Show the card information.

<Quidway> display device
SlotNo SubSNo PortNum PCBVer FPGAVer CPLDVer BootRomVer AddrLM Type
0 0 24 REV.0 001 002 360 IVL MAIN
The following table describes the displaying information.
3-3
Table 3-2 Output description of the display device command
Field Description
SlotNo Physical card number
SubSNo Sub physical card number (namely stack card number)
PortNum Number of ports
PCBVer PCB version number

FPGAVer FPGA version number
CPLDVer r Hardware version number
BootRomVer BootROM software version number

AddrLM Address learning mode
Type Interface card type
3.1.6 display fan
Syntax
display fan [ fan-id ]
View
Any view
Parameter
fan-id: the fan ID.
Description
Using display fan command, you can view the working state of the built-in fans. User
can Perform this command to see if they work normally.
Example
# Display the working state of the fans.

<Quidway> display fan
Fan 1 State: Normal
Fan 2 State: Normal
The above information indicates that all fans work normally.
3-4
3.1.7 display memory
Syntax
display memory slot slot-number
View
Any view
Parameter
slot-number: Specify slot number
Description
Using display memory command, you can display memory situation.
Example
# Display memory situation.

<Quidway> display memory
System Total Memory(bytes): 32491008
Total Used Memory(bytes): 13181348
Used Rate: 40%
Field Description
System Total Memory(bytes) The Total Memory of switch, unit in byte
Total Used Memory(bytes) The Total used Memory of switch, unit in byte
Used Rate The memory used rate
3.1.8 reboot
syntax
reboot
View
User view
Parameter
None.
3-5
Description
Using reboot command, you can reset the Ethernet Switch when failure occurs.
Example
# Reboots the Switch.

<Quidway> reboot
3.1.9 temperature-limit
Syntax
temperature-limit slot-num down-value up-value

undo temperature-limit slot-num
View
User view, system view
Parameter
slot-num: Physical card number, for S3552 series, the value is 0.

down-value: Lower temperature limit, ranging from 0 to 45, unit in ℃.
up-value: Upper temperature limit, ranging from 50 to 80, unit in℃.
Description
Using temperature-limit command, you can configure temperature limit. Using undo
temperature-limit command, you can restore temperature limit to default value.
Example
# Set the lower and upper temperature limit.

<Quidway> temperature-limit 0 10 75
3-6
Quidway S3500 Series Ethernet Switches Chapter 4 System Maintenance Commands
Chapter 4 System Maintenance Commands
4.1 Basic System Configuration and Management

Commands
4.1.1 clock datetime
Syntax
clock datetime HH:MM:SS YYYY/MM/DD
View
User view
Parameter
HH:MM:SS: Current clock. HH ranges from 0 to 23. MM and SS range from 0 to 59.
YYYY/MM/DD: Specify the current year, month and date. YYYY ranges from 1993 to
2035. MM ranges from 1 to 12 and DD ranges from 1 to 31.
Description
Using clock datetime command, you can configure the current date and clock of
Ethernet Switch.
By default, the date and clock of Ethernet Switch is set as 0:0:0, 2000/1/1.
The current date and clock of Ethernet Switch must be set in the circumstance that
absolute time is strictly required.
For the related commands, see display clock.
Example
# Set the current date of Ethernet Switch to 0:0:0, 2001/01/1.

<Quidway> clock datetime 0:0:0 2001/01/01
4.1.2 clock summer-time
Syntax
clock summer-time zone_name { one-off | repeating } start-time start-date end-time

end-date offset-time
undo clock summer-time
4-1
View
User view
Parameter
zone_name: Name of the summer time, which is a character with the length ranging 1
to 32.
one-off: Only set the summer time of a certain year.
repeating: Set the summer time of every year starting from a certain year.
start-time: Set start time of the summer time, input like HH:MM:SS
(hour/minute/second).
start-date: Set start time of the summer time, input like YYYY/MM/DD
(year/month/day).
end-time: Set end time of the summer time, input like HH:MM:SS
end-date: Set end time of the summer time, input like YYYY/MM/DD (year/month/day).
offset-time: Set offset time of the summer time, input like HH:MM:SS
Description
Using clock summer-time command, you can set the name, starting and ending time
of the summer time. Using undo clock summer-time command, you can remove the
configuration of the summer time.
After the configuration takes effect, the display clock command can be used to check
it. Besides, the time of the log or debug information uses the local time after the
adjustment of the time zone and summer time.
For the related command, see clock timezone.
Example
# Set the summer time for z2 that starts at 06:00:00 on 08/06/2002 and ends at
06:00:00 on 01/09/2002 with the time adding 1 hour.
<Quidway> clock summer-time z2 one-off 06:00:00 2002/06/08 06:00:00 2002/09/01
01:00:00
# Set the summer time for z2 that starts at 06:00:00 on 08/06 and ends at 06:00:00 on
01/09 in each year from 2002 on with the time adding 1 hour.
<Quidway> clock summer-time z2 repeating 06:00:00 2002/06/08 06:00:00
2002/09/01 01:00:00
4-2
4.1.3 clock timezone
Syntax
clock timezone zone_name { add | minus } HH:MM:SS

undo clock timezone
View
User view
Parameter
zone_name: Name of the time zone, which is a character with the length ranging 1 to
32.
add: The time is adding compared with the UTC.
minus: The time is minus compared with the UTC.
HH:MM:SS: Time (hour/minute/second).
Description
Using clock timezone command, you can set the information of the local time zone.
Using undo clock timezone command, you can restore to the default Universal Time
Coordinated (UTC) time zone.
After the configuration takes effect, the display clock command can be used to check
it. Besides, the time of the log or debug information uses the local time after the
adjustment of the time zone and summer time.
For the related command, see clock summer-time.
Example
# Set the name of the local time zone as Z5 with the time adding 5 hours compared with
the UTC.
<Quidway> clock timezone z5 add 05:00:00
4.1.4 sysname
Syntax
sysname sysname
undo sysname
View
System view
4-3
Parameter
sysname: Specify the hostname with a character string with the length ranging from1 to
30 characters.
Description
Using sysname command, you can configure the hostname of Ethernet Switch.
By default, the hostname of Ethernet Switch is Quidway.
Changing the hostname name of Ethernet Switch will affect the prompt of command
line interface. E.g. the host name of Ethernet Switch is Quidway, and the prompt in user
view is <Quidway>.
Example
# Set the hostname of the Ethernet Switch as QuidwayLANSwitch.

[Quidway] sysname QuidwayLANSwitch
[QuidwayLANSwitch]
4.2 System Status and System Information Display

Commands
4.2.1 display clock
Syntax
display clock
View
Any view
Parameter
None
Description
Using display clock command, subscribers can obtain information about system data
and time from the terminal display.
The maximum date and time the system can display is 23:59:59 9999/12/31.
For the related commands, see clock.
Example
# View the current system date and clock.

<Quidway> display clock
15:50:45 UTC Mon 2001/2/12
4-4
4.2.2 display current-configuration
Syntax
display current-configuration [ controller | interface interface-type

[ interface-number ] | configuration [ system | user-interface ] ] [ | { begin | exclude |
include } regular-expression ]
View
Any view
Parameter
controller: View the configuration information of controllers.

interface: View the configuration information of interfaces.
interface-type: Type of the interface.
interface-number: Number of the interface.
configuration: View the pre-positive and post-positive configuration information.
system: View the configuration information of sysname.
user-interface: View the configuration information of user-interface.
|: Filter the configuration information to be output via regular expression.
begin: Begin with the line that matches the regular expression.
exclude: Exclude lines that match the regular expression.
include: Include lines that match the regular expression.
regular-expression: Define the regular expression.
Description
Using display current-configuration command, you can display the currently

effective configuration parameters of the switch.
By default, if some running configuration parameters are the same with the default
operational parameters, they will not be displayed.
If a user needs to authenticate whether the configurations are correct after finishing a
set of configuration, the display current-configuration command can be used to
display the running parameters. Although the user has configured some parameters,
but the related functions are not effective, they are not displayed.
When there is much configuration information, you can use the regular expression to
filter the output information. For specific rules about the regular expression, refer to the
corresponding operation manual.
For the related command, see save, reset saved-configuration and display
saved-configuration.
4-5
Example
# View the running configuration parameters of the switch.

<Quidway> display current-configuration
#
sysname QX-S2026
#
radius scheme system
server-type nec
primary accounting 127.0.0.1 1646
domain system
radius-scheme system
access-limit disable
state active
idle-cut disable
messenger time disable
domain default enable system

#
local-server nas-ip 127.0.0.1 key nec
#
interface Aux0/0
#
vlan 1
#
interface Ethernet0/1
#
#
#
#
#
#
#
4-6
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
interface NULL0
#
user-interface aux 0
user-interface vty 0 4
#
return
# View the lines containing the character string “10*” in the configuration information.
The “*” indicates that the “0” before it can appear 0 times or multiple consecutive times.
4-7
<Quidway> display current-configuration | include 10*

vlan 1
# View configuration information begin with “user”.

<Quidway> display current-configuration | include ^user
# View the pre-positive and post-positive configuration information.

<Quidway> display current-configuration configuration
#
sysname Quidway
#
server-type nec
domain system
state active
idle-cut disable
4-8
#
#
vlan 1
#
#
return
4.2.3 display debugging
Syntax
display debugging [ interface { interface-name | interface-type interface-num } ]

[ module-name ]
View
Any view
Parameter
interface-name: Specify the Ethernet port name.

interface-type: Specify the Ethernet port type.
interface-num: Specify the Ethernet port number.
module-name: Specify the module name.
Description
Using display debugging command, you can view the enabled debugging process.
Show all the enabled debugging when there is no parameter.
For the related commands, see debugging.
Example
# Show all the enabled debugging.

<Quidway> display debugging
IP packet debugging switch is on.
4.2.4 display saved-configuration
Syntax
display saved-configuration
4-9
View
Any view
Parameter
None
Description
Using display saved-configuration command, you can view the configuration files in
the flash memory of Ethernet Switch.
If the Ethernet Switch works abnormally after electrified, execute the display
saved-configuration command to view the startup configuration of the Ethernet
Switch.
For the related commands, see save, reset saved-configuration, display
current-configuration.
Example
# Display configuration files in flash memory of Ethernet Switch.

<Quidway> display saved-configuration
#
sysname Quidway
#
server-type nec
domain system
state active
idle-cut disable

#
#
interface Aux0/0
#
4-10
vlan 1
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
4-11
#
#
#
#
interface NULL0
#
#
return
4.2.5 display users
Syntax
display users [ all ]
View
Any view
Parameter
all: display all users connected to the switch.
Description
Using display users command, you can view information about users connected to the
switch.
Example
# Display the status of the current users.

<Quidway> display users
UI Delay IPaddress Username
F 0 AUX 0 00:00:00
4.2.6 display version
Syntax
display version
4-12
View
Any view
Parameter
None
Description
Using display version command, you can view such information as software version,
issue date and the basic hardware configurations.
Example
# Display the information about the system version.

<Quidway> display version
Versatile Routing Platform Software
VRP (R) Software, Version 3.10, RELEASE 0014
Copyright (c) Reserved.
Quidway uptime is 0 week,0 day,3 hours,13 minutes
Quidway with 1 MIPS Processor

64M bytes SDRAM
8192K bytes Flash Memory
Config Register points to FLASH
Hardware Version is REV.0

CPLD Version is 000
Bootrom Version is 120
[Subslot 0] 24 FE Hardware Version is REV.0
4.3 System Debug Commands

4.3.1 debugging
Syntax
debugging { all | module-name [ debugging-option ] }

undo debugging { all | module-name [ debugging-option ] }
View
User view
Parameter
all: Enable or disable all the debugging.
4-13
module-name: Specify the module name.

debugging-option: Debugging option.
Description
Using debugging command, you can enable the system debugging. Using undo
debugging command, you can disable the system debugging.
By default, all the debugging processes are disabled.
Ethernet Switch provides various kinds of debugging functions for technical support
personnel and experienced maintenance staff to troubleshoot the network.
Enabling the debugging will generate a large amount of debugging information and
decrease the system efficiency. Specially, network system may collapse after all the
debugging is enabled by debugging all command. So it is not suggested to use the
debugging all command. It is convenient for the user to disable all the debugging with
undo debugging all command.
For the related commands, see display debugging.
Example
# Enable IP Packet debugging.

<Quidway> debugging ip packet
IP packet debugging switch is on.
4.3.2 display diagnostic-information
Syntax
display diagnostic-information
View
Any view
Parameter
None
Description
Using display diagnostic-information command, you can view the current

configuration information about all running modules. You can use all these information
to help diagnose and troubleshoot the Ethernet switch.
When the Ethernet switch does not run well, you can collect all sorts of information
about the switch to locate the source of fault. However, each module has its
corresponding display command, which make it difficult for you to collect all the
4-14
information needed. In this case, you can use display diagnostic-information

command.
Example
# Display all system configuration information

<Quidway> display diagnostic-information
This operation may take a few minutes, continue?[Y/N]y
---------------display clock---------------
20:12:39 UTC Mon 2000/5/8
---------------display version---------------
VRP (tm) software, Version 3.10
Copyright (c) 2000-2002 HUAWEI TECH CO., LTD.
4.4 Network Connection Test Commands

4.4.1 ping
Syntax
ping [ -a ip-address ] [-c count ] [ -d ] [ -f ] [ -h ttl ] [ -i {interface-type interface-num |

interface-name } ] [ ip ] [ -n ] [ - p pattern ] [ -q ] [ -r ] [ -s packetsize ] [ -t timeout ] [ -tos
tos ] [ -v ] host
View
Any view
Parameter
-a ip-address: Specify the source IP address to transmit ICMP ECHO-REQUEST.

-c: count specify how many times the ICMP ECHO-REQUEST packet will be
transmitted, ranging from 1 to 4294967295.
-d: Configure the socket to be in DEBUGGING mode.
-f: Drop the packets which are larger than the MTU instead of fragmenting them.
-h ttl: Configure TTL value for echo requests to be sent, range from 1 to 255.
ip: Choose IP ICMP packet.
-i: Configure to choose packet sent on the interface.
interface-type: Specify the interface type.
interface-num: Specify the interface number.
interface-name: Specify the interface name.
4-15
-n: Configure to take the host parameter as IP address without domain name
resolution.
-p: pattern is the hexadecimal padding of ICMP ECHO-REQUEST, e.g. -p ff pads the
packet completely with ff.
-q: Configure not to display any other detailed information except statistics.
-r: Record route.
-s packetsize: Specify the length of ECHO-REQUEST (excluding IP and ICMP packet
header) in bytes.
-t timeout: Maximum waiting time after sending the ECHO-REQUEST (measured in
ms).
-tos tos: Specify TOS value for echo requests to be sent, range from 0 to 255.
-v: Show other received ICMP packets (non ECHO-RESPONSE).
host: Destination host domain name or IP address of the destination host.
Description
Using ping command, you can check the IP network connection and the reachability of
the host.
By default, when the parameters are not specified:
z The ECHO-REQUEST message will be sent for 5 times.
z socket is not in DEBUGGING mode.
z The TTL value for echo requests is 255.
z host will be treated as IP address first. If it is not an IP address, perform domain
name resolution.
z The default padding operation starts from 0x01 and ends on 0x09 (progressively),
then performs again.
z Show all the information including statistics.
z Routes are not recorded.
z Send ECHO-REQUEST according to route selection.
z Default length of ECHO-REQUEST is 56 bytes.
z Default timeout of ECHO-RESPONSE is 2000ms.
z Do not display other ICMP packets (non ECHO-RESPONSE).
z The TOS value of echo requests is 0.
The ping command sends ICMP ECHO-REQUEST message to the destination. If the
network to the destination works well, then the destination host will send ICMP
ECHO-REPLY to the source host after receiving ICMP ECHO-REQUEST.
Perform ping command to troubleshoot the network connection and line quality. The
output information includes:
4-16
z Responses to each of the ECHO-REQUEST messages. If the response message

is not received until timeout, output "Request time out". Or display response
message bytes, packet sequence number, TTL and response time.
z The final statistics, including number of sent packets, number of response packets
received, percentage of non-response packets and minimal/maximum/average
value of response time.
If the network transmission rate is too low, you can increase the response message
timeout.
For the related commands, see tracert.
Example
# Check whether the host 202.38.160.244 is reachable.

<Quidway> ping 202.38.160.244
ping 202.38.160.244 : 56 data bytes
Reply from 202.38.160.244 : bytes=56 sequence=1 ttl=255 time = 1ms
--202.38.160.244 ping statistics--
5 packets transmitted
5 packets received
0% packet loss
round-trip min/avg/max = 1/2/3 ms
4.4.2 tracert
Syntax
tracert [ -a source-ip ] [ -f first-TTL ] [ -m max-TTL ] [ -p port ] [ -q nqueries ] [ -w timeout ]

host
View
Any view
Parameter
-a source-ip: Configure the source IP address used by tracert command.

-f: Configure to verify the -f switch, first-TTL specifies an initial TTL, ranging from 0 to
the maximum TTL.
-m: Configure to verify the -m switch, max-TTL specifies a maximum TTL larger than
the initial TTL.
4-17
-p: Configure to verify the -p switch, port is an integer host port number. Generally, user
need not modify this option.
-q: Configure to verify the -q switch, nqueries is an integer specifying the number of
query packets sent, larger than 0.
-w: Configure to verify the -wf switch, timeout is an integer specifying IP packet timeout
in seconds, larger than 0.
host: IP address of the destination host or the hostname of the remote system.
Description
Using tracert command, you can check the reachability of network connection and
troubleshoot the network. User can test gateways passed by the packets transmitted
from the host to the destination.
By default, when the parameters are not specified,
first-TTL is 1,
max-TTL is 30,
port is 33434,
nqueries is 3 and
timeout is 5s.
The tracert command sends a packet with TTL 1, and the first hop will send an ICMP
error message back to indicate this packet cannot be transmitted (because of TTL
timeout). Then this packet will be sent again with TTL 2, and the second hop will
indicate a TTL timeout error. Perform this operation repeatedly till reaching the
destination. These processes are operated to record the source address of each ICMP
TTL timeout so as to provide a path to the destination for an IP packet.
After ping command finds some error on the network, perform tracert to locate the
error.
The output of tracert command includes IP address of all the gateways to the
destination. If a certain gateway times out, output "***".
Example
# Test the gateways passed by the packets to the destination host at 18.26.0.115.
<Quidway> tracert 18.26.0.115
tracert to allspice.lcs.mit.edu (18.26.0.115), 30 hops max
1 helios.ee.lbl.gov (128.3.112.1) 0 ms 0 ms 0 ms
2 lilac-dmc.Berkeley.EDU (128.32.216.1) 19 ms 19 ms 19 ms
3 lilac-dmc.Berkeley.EDU (128.32.216.1) 39 ms 19 ms 19 ms
4 ccngw-ner-cc.Berkeley.EDU (128.32.136.23) 19 ms 39 ms 39 ms
5 ccn-nerif22.Berkeley.EDU (128.32.168.22) 20 ms 39 ms 39 ms
6 128.32.197.4 (128.32.197.4) 59 ms 119 ms 39 ms
4-18
7 131.119.2.5 (131.119.2.5) 59 ms 59 ms 39 ms
8 129.140.70.13 (129.140.70.13) 80 ms 79 ms 99 ms
9 129.140.71.6 (129.140.71.6) 139 ms 139 ms 159 ms
10 129.140.81.7 (129.140.81.7) 199 ms 180 ms 300 ms
11 129.140.72.17 (129.140.72.17) 300 ms 239 ms 239 ms
12 * * *
13 128.121.54.72 (128.121.54.72) 259 ms 499 ms 279 ms
14 * * *
15 * * *
16 * * *
17 * * *
18 ALLSPICE.LCS.MIT.EDU (18.26.0.115) 339 ms 279 ms 279 ms
4.5 Log Commands

4.5.1 display channel
Syntax
display channel [ channel-number | channel-name ]
View
Any view
Parameter
channel-number: Channel number, ranging from 0 to 9, that is, the system has ten
channels.
channel-name: Specify the channel name. the name can be channel6, channel7,
channel8, channel9, console, logbuffer, loghost, monitor, snmpagent,
trapbuffer.
Description
Using display channel command, you can view the details about the information
channel.
Without parameter, display channel command shows the configurations of all the
channels.
Example
# Show details about the information channel 0.

<Quidway> display channel 0
channel number:0, channel name:console
MODU_ID NAME ENABLE LOG LEVEL ENABLE TRAP LEVEL ENABLE DEBUGGING LEVEL
ffff0000 all Y warning Y debugging Y debugging
4-19
4.5.2 display info-center
Syntax
display info-center
View
Any view
Parameter
None
Description
Using display info-center command, you can view the configuration of system log and
the information recorded in the memory buffer.
If the information in the current log/trap buffer is less than the specified sizeval, display
the actual log/trap information.
For the related commands, see info-center enable,info-center loghost,info-center
logbuffer,info-center console channel,info-center monitor channel.
Example
# Show the system log information.

<Quidway> display info-center
Information Center:enabled
Log host:
173.168.1.10, channel number:2, channel name:loghost,
language:english , host facility local:7
Console:
channel number:0, channel name:console
Monitor:
channel number:1, channel name:monitor
SNMP Agent:
channel number:5, channel name:snmpagent
Log buffer:
enabled, max buffer size:1024, current buffer size:256
current messages:6, channel number:4, channel name:logbuffer
dropped messages:0, overwrote messages:0
Trap buffer:
enabled, max buffer size:1024, current buffer size:256
current messages:0, channel number:3, channel name:trapbuffer
dropped messages:0, overwrote messages:0
Information timestamp setting:
4-20
log - date, trap - date, debug - boot
4.5.3 info-center channel name
Syntax
info-center channel channel-number name channel-name

undo info-center channel channel-number
View
System view
Parameter
channel-number: Channel number, ranging from 0 to 9, that is, system has ten
channels.
channel-name: Specify the channel name with a character string not exceeding 30
characters, excluding "-", "/" or "\". .
Description
Using info-center channel name command, you can rename a channel specified by
the channel-number as channel-name. Using undo info-center channel command,
you can restore the channel name.
Note that the channel name cannot be duplicated.
Example
# Rename the channel 0 as execconsole.

[Quidway] info-center channel 0 name execconsole
4.5.4 info-center console channel
Syntax
info-center console channel { channel-number | channel-name }

undo info-center console channel
View
System view
Parameter
channels.
4-21
channel-name: Specify the channel name. The name can be channel6, channel7,
trapbuffer.
Description
Using info-center console channel command, you can configure the channel through
which the log information is output to the console.
By default, Ethernet switches do not output log information to the console.
This command takes effect only after system logging is started.
For the related commands, see info-center enable,display info-center.
Example
# Configure to output log information to the console through channel 0.

[Quidway] info-center console channel 0
4.5.5 info-center enable
Syntax
info-center enable
undo info-center enable
View
System view
Parameter
None
Description
Using info-center enable command, you can enable the system log function. Using
undo info-center enable command, you can disable system log function.
By default, system log function is enabled.
Only after the system log function is enabled can the system output the log information
to the info-center loghost and console, etc.
For the related commands, see info-center loghost, info-center logbuffer,
info-center console channel, info-center monitor channel, display info-center.
Example
# Enable the system log function.

[Quidway] info-center enable
4-22
4.5.6 info-center logbuffer
Syntax
info-center logbuffer [ channel { channel-number | channel-name } ] [ size

buffersize ]
undo info-center logbuffer [ channel | size ]
View
System view
Parameter
channel: Configure the channel to output information to buffer.

channels.
trapbuffer.
size: Configure the size of buffer.
buffersize: Size of buffer (number of messages which can be kept); By default, the size
of the buffer is 20.
Description
Using info-center logbuffer command, you can configure to output information to the
memory buffer. Using undo info-center logbuffer command, you can cancel the
information output to buffer
This command takes effect only after the system logging is enabled.
For the related commands, see info-center enable, display info-center.
Example
# Send log information to buffer and sets the size of buffer as 50.
[Quidway] info-center logbuffer size 50
4.5.7 info-center loghost
Syntax
info-center loghost host-ip-addr [ channel { channel-number | channel-name } ]

[ facility local-number ] [ language { chinese | english } ]
undo info-center loghost host-ip-addr
4-23
View
System view
Parameter
host-ip-addr: IP address of info-center loghost.

channel: Configure information channel of the info-center loghost.
channels.
trapbuffer.
facility: Configure the recording tool of info-center loghost.
local-number: Record tool of info-center loghost, ranging from local0 to local7.
language: Set the logging language.
chinese,english: Language used in log file.
Description
Using info-center loghost command, you can configure the IP address of the
info-center loghost to send information to it. Using undo info-center loghost
command, you can cancel output to info-center loghost.
By default, Ethernet switches do not output information to info-center loghost.
Example
# Configure to send log information to the UNIX workstation at 202.38.160.1.

[Quidway] info-center loghost 202.38.160.1
4.5.8 info-center loghost source
Syntax
info-center loghost source interface-name

undo info-center loghost source
View
System view
4-24
Parameter
source interface-name: set source address of the packets sent to loghost as the
address of the interface specified by the interface-name. Normally, the interface should
be VLAN interface.
Description
Using info-center loghost source command, you can set source address of the
packets sent to loghost as the address of the interface specified by the interface-name.
Using undo info-center loghost source command, you can cancel the setting source
address of the packets sent to loghost.
Example
# Set source address of the packets sent to loghost as the address of the VLAN
interface 1.
[Quidway] info-center loghost source vlan-interface 1
4.5.9 info-center monitor channel
Syntax
info-center monitor channel { channel-number | channel-name }

undo info-center monitor channel
View
System view
Parameter
channels.
trapbuffer.
Description
Using info-center monitor channel command, you can configure the channel to
output the log information to the user terminal. Using undo info-center monitor
channel command, you can restore the channel to output the log information to the
user terminal to default value.
By default, Ethernet switches do not output log information to user terminal.
4-25
This command takes effect only after system logging is started.

Example
# Configure channel 0 to output log information to user terminal.

[Quidway] info-center monitor channel 0
4.5.10 info-center snmp channel
Syntax
info-center snmp channel { channel-number | channel-name }

undo info-center snmp channel
View
System view
Parameter
channels. By default, channel 5 is used.
trapbuffer.
Description
Using info-center snmp channel command, you can configure new channel for
transmitting the SNMP information. Using undo info-center snmp channel command,
you can restore the channel for transmitting the SNMP information to default value.
For the related commands, see display snmp.
Example
# Configure channel 6 as the SNMP information channel.

[Quidway] info-center snmp channel 6
4.5.11 info-center source
Syntax
info-center source { modu-name | default } channel { channel-number |

channel-name } [ { log | trap | debug } * { level severity | state state } * ]
undo info-center source { modu-name | default } channel { channel-number |
channel-name }
4-26
View
System view
Parameter
modu-name: Module name.

default: All the modules.
log: Log information.
trap: Trap information.
debugging: Debugging information.
level: Level.
severity: Information level, do not output information below this level. By default, the log
information level is warnings, the trap information level is debugging, the debugging
information level is debugging.
Information at different levels is as follows:
emergencies: Level 1 information, which cannot be used by the system.
alerts: Level 2 information, to be reacted immediately.
critical: Level 3 information, critical information.
errors: Level 4 information, error information.
warnings: level 5 information, warning information.
notifications: Level 6 information, showed normally and important.
informational: Level 7 information, notice to be recorded.
debugging: Level 8 information, generated during the debugging progress.
Note:
If you only specify the level for one/two of the three types of information, the level(s) of
the unspecified two/one return(s) to the default. For example, if you only define the
level of the log information, then the levels of the trap and debugging information return
to the defaults.
channel-number: Channel number to be set.

channel-name: Channel name to be set. The name can be channel6, channel7,
trapbuffer.
state: Set the state of the information.
state: Specify the state as on or off.
4-27
Description
Using info-center source command, you can add/delete a record to the information
channel. Using undo info-center source command, you can cancel the contents of
the information channel.
For example, for the filter of IP module log output, you can configure to output the logs
at a level higher than warnings to the log host and output those higher than
informational to the log buffer. You can also configure to output the trap information on
the IP module to a specified trap host, etc.
The channels for filtering in all the directions are specified by this configuration
command. All the information will be sent to the corresponding directions through the
specified channels. You can configure the channels in the output direction, channel
filter information, filtering and redirecting of all kinds of information.
At present, the system distributes an information channel in each output direction by
default, shown as follows:
Table 4-1 Information Channel in Each Output Direction by Default
Output direction Information channel name

Console console
Monitor monitor
Info-center loghost loghost
Log buffer logbuffer
Trap buffer trapbuffer
snmp snmpagent
In addition, each information channel has a default record with the module name “all”
and module number as 0xffff0000. However, for different information channel, the
default log, trap and debugging settings in the records may be different with one
another. Use default configuration record if a module does not have any specific
configuration record in the channel.
Example
# Configure to enable the log information of VLAN module in SNMP channel and allows
the output of the information with a level higher than emergencies.
[Quidway] info-center source vlan channel snmp log level emergencies
4-28
4.5.12 info-center timestamp
Syntax
info-center timestamp { log | trap | debugging } { boot | date | None }

undo info-center timestamp { log | trap | debugging }
View
System view
Parameter
log: Log information.

trap: Trap information.
debugging: Debugging information.
boot: Time elapsing after system starts. Format: xxxxxx.yyyyyy, xxxxxx is the high 32
bits of the elapsed time (in milliseconds) after system starts, and yyyyyy is the low 32
bits.
date: Current system date and time. It shows as yyyy/mm/dd-hh:mm:ss in Chinese
environment and mm/dd/yyyy-hh:mm:ss in Western language environment.
None: No timestamp format.
Description
Using info-center timestamp command, you can configure the timestamp output
format in debugging/trap information. Using undo info-center timestamp command,
you can disable the output of timestamp field.
By default, datetime stamp is used.
Example
# Configure the debugging information timestamp format as boot.

[Quidway] info-center timestamp debugging boot
4.5.13 info-center trapbuffer
Syntax
info-center trapbuffer [ size buffersize ] [ channel { channel-number |

channel-name } ]
undo info-center trapbuffer [ channel | size ]
View
System view
4-29
Parameter
size: Configure the size of the trap buffer.

buffersize: Size of trap buffer (numbers of messages).
channel: Configure the channel to output information to trap buffer.
channels.
channel-name: Specify the channel name.
Description
Using info-center trapbuffer command, you can output information to the trap buffer.
Using undo info-center trapbuffer command, you can cancel output information to
trap buffer.
By default, output information is transmitted to trap buffer and size of trap buffer is 20.
Example
# Send information to the trap buffer and sets the size of buffer as 30.
[Quidway] info-center trapbuffer size 30
4.5.14 reset logbuffer
Syntax
reset logbuffer
View
User view
Parameter
None
Description
Using reset logbuffer command, you can reset information in log buffer.
Example
# Clear information in log buffer.

<Quidway> reset logbuffer
4-30
4.5.15 reset trapbuffer
Syntax
reset trapbuffer
View
User view
Parameter
None
Description
Using reset trapbuffer command, you can reset information in trap buffer.
Example
# Clear information in trap buffer.

<Quidway> reset trapbuffer
4.5.16 terminal debugging
Syntax
terminal debugging
undo terminal debugging
View
User view
Parameter
None
Description
Using terminal debugging command, you can configure to display the debugging
information on the terminal. Using undo terminal debugging command, you can
configure not to display the debugging information on the terminal.
By default, the displaying function is disabled.
For the related commands, see debugging.
Example
# Enable the terminal display debugging.

<Quidway> terminal debugging
4-31
4.5.17 terminal logging
Syntax
terminal logging
undo terminal logging
View
User view
Parameter
None
Description
Using terminal logging command, you can enable terminal log information display.
Using undo terminal logging command, you can disable terminal log information
display.
By default, this function is enabled.
Example
# Disable the terminal log display.

<Quidway> undo terminal logging
4.5.18 terminal monitor
Syntax
terminal monitor
undo terminal monitor
View
User view
Parameter
None
Description
Using terminal monitor command, you can enable the log debugging/log/trap on the
terminal monitor. Using undo terminal monitor command, you can disable these
functions.
By default, enable these functions for the console user and disable them for the
terminal user.
4-32
This command only takes effect on the current terminal where the commands are input.
The debugging/log/trap information can be output to the current terminal, beginning in
user view. When the terminal monitor is shut down, no debugging/log/trap information
will be displayed in local terminal, which is equals to having performed undo terminal
debugging,undo terminal logging,undo terminal trapping commands. When the
terminal monitor is enabled, you can use terminal debugging / undo terminal
debugging, terminal logging / terminal logging and terminal trapping / undo
terminal trapping respectively to enable or disable the corresponding functions.
Example
# Disable the terminal monitor.

<Quidway> undo terminal monitor
4.5.19 terminal trapping
Syntax
terminal trapping
undo terminal trapping
View
User view
Parameter
None
Description
Using terminal trapping command, you can enable terminal trap information display.
Using undo terminal trapping command, you can disable this function.
By default, this function is enabled.
Example
# Enable trap information display.

<Quidway> terminal trapping
4-33
Quidway S3500 Series Ethernet Switches Chapter 5 SNMP Configuration Commands
Chapter 5 SNMP Configuration Commands
5.1 SNMP Configuration Commands

5.1.1 display snmp-agent community
Syntax
display snmp-agent community [ read | write ]
View
Any view
Parameter
read: display read-only community information.

write: display read-write community information.
Description
Using display snmp-agent community command, you can view the currently
configured community names.
Example
# Display the currently configured community names.

<Quidway> display snmp-agent community
community name:public
group name:public
storage-type: nonVolatile
community name:tom
group name:huawei
storage-type: nonVolatile
5.1.2 display snmp-agent
Syntax
display snmp-agent { local-engineid | remote-engineid }
View
Any view
5-1
Parameter
local-engineid: local engine ID.

remote-engineid: remote engine ID.
Description
Using display snmp-agent engineid command, you can view engine ID of current
device.
SNMP engine is the core of SNMP entity. It performs the function of sending, receiving
and authenticating SNMP message, extracting PDU, packet encapsulation and the
communication with SNMP application, etc.
Example
# Display the engine ID of current device.

<Quidway> display snmp-agent local-engineid
SNMP local engineID: 00000009020000000C025808
5.1.3 display snmp-agent group
Syntax
display snmp-agent group [ group-name ]
View
Any view
Parameter
Description
Using display snmp-agent group command, you can view group name, safe mode,
state of various views and storage modes.
Example
# Display SNMP group name and safe mode.

<Quidway> display snmp-agent group
Group name: huawei
Security model: v2c noAuthnoPriv
Readview: ViewDefault
Writeview: <no specified>
Notifyview :<no specified>
Storage-type: nonVolatile
5-2
The following table describes the output fields.
Table 5-1 Output description of the display snmp-agent group command
Field Description
groupname SNMP Group name of the user
Security model The security model adopted by SNMP
readview Read-only MIB view name corresponding to that group

writeview Writable MIB view corresponding to that group
notifyview The name of the notify MIB view corresponding to that group
storage-type Storage type
5.1.4 display snmp-agent mib-view
Syntax
display snmp-agent mib-view [ exclude | include | { viewname mib-view } ]
View
Any view
Parameter
exclude: Display the SNMP mib view excluded.

Include: Display the SNMP mib view included.
viewname: Display the SNMP mib view according to the mib view name.
mib-view: Specify the mib view name.
Description
display snmp-agent mib-view command is used to view the MIB view configuration
information of the Ethernet switch.
Example
# Display the information about the currently configured MIB view.

<Quidway> display snmp-agent mib-view
View name:mv MIB Subtree:internet
Storage-type: nonVolatile -included active
View name:test MIB Subtree:internet

5-3
View name:ViewDefault MIB Subtree:internet

View name:ViewDefault MIB Subtree:snmpUsmMIB

Storage-type: nonVolatile -excluded active
View name:ViewDefault MIB Subtree:snmpVacmMIB

View name:ViewDefault MIB Subtree:snmpModules.18

Table 5-2 Output description of the display snmp-agent mib-view command
Field Description
View name View name
MIB Subtree MIB subtree
storage-type Storage type
included/excluded Permit or forbid access to an MIB object
active Indicate the line state in the table
Caution:
If the SNMP Agent is disabled, "Snmp Agent disabled" will be displayed after you
execute the above display commands.
5.1.5 display snmp-agent statistics
Syntax
display snmp-agent statistics
View
Any view
Parameter
None
5-4
Description
Using display snmp-agent statistics command, you can view current state of SNMP
communication.
This command provides a counter for SNMP operations.
Example
# Display the current state of SNMP communication.

<Quidway> display snmp-agent statistics
9 Messages delivered to the SNMP entity
0 Messages which were for an unsupported version
0 Messages which used a SNMP community name not known
0 Messages which represented an illegal operation for the community supplied
0 ASN.1 or BER errors in the process of decoding
9 Messages passed from the SNMP entity
0 SNMP PDUs which had badValue error-status
0 SNMP PDUs which had genErr error-status
0 SNMP PDUs which had noSuchName error-status
0 SNMP PDUs which had tooBig error-status (Maximum packet size 1500)
9 MIB objects retrieved successfully
0 MIB objects altered successfully
0 GetRequest-PDU accepted and processed
9 GetNextRequest-PDU accepted and processed
9 GetResponse-PDU accepted and processed
0 SetRequest-PDU accepted and processed
0 Trap PDUs accepted and processed
5.1.6 display snmp-agent sys-info contact
Syntax
display snmp-agent sys-info contact
View
Any view
Parameter
None
Description
Using display snmp-agent sys-info contact command, you can view the character
string sysContact (system contact).
5-5
Example
# Display the character string sysContact (system contact).

<Quidway> display snmp-agent sys-info contact
The contact person for this managed node:
Mr.Wang-Tel:3306
5.1.7 display snmp-agent sys-info location
Syntax
display snmp-agent sys-info location
View
Any view
Parameter
None
Description
Using display snmp-agent sys-info location command, you can view the character
string describing the system location.
Example
# Display the system location.

<Quidway> display snmp-agent sys-info location
The physical location of this node:
BeiJing China
5.1.8 display snmp-agent sys-info version
Syntax
display snmp-agent sys-info version
View
Any view
Parameter
None
Description
Using display snmp-agent sys-info version command, you can view the version
information about the running SMNMP in the system.
5-6
Example
# Display the version information of running SNMP

<Quidway> display snmp-agent sys-info version
SNMP version running in the system:
SNMPv3
5.1.9 display snmp-agent usm-user
Syntax
display snmp-agent usm-user [ engineid engineid ] [ group groupname ]

[ username username ]
View
Any view
Parameter
engineid: display user information with specified engine ID.

username:display user information with specified user name.
groupname:display user information of specified group.
Description
Using display snmp-agent usm-user command, you can view information of all the
SNMP usernames in the group username list.
Example
# Display the information of all the current users.

<Quidway> display snmp-agent usm-user
User name: authuser
Engine ID: 00000009020000000C025808
UserStatus: active
Table 5-3 Output description of the display snmp-agent usm-user command
Field Description
User name Name of SNMP user
Engine ID Character string identifying SNMP device
UserStatus The status of the user, may be active or inactive.
5-7
5.1.10 snmp-agent local-engineid
Syntax
snmp-agent local-engineid engineid

undo snmp-agent local-engineid
View
System view
Parameter
local-engineid: Specify an engineID for the local SNMPv3 entity

engineid: Specify the engine ID with a character string, only composed of hexadecimal
numbers between 5 and 32 including; By default, the value is "Enterprise Number +
device information".
Description
Using snmp-agent local-engineid command, you can configure a name for a local or
remote SNMP engine on the Ethernet Switch. Using undo snmp-agent
local-engineid command, you can restore the default setting of engine ID.
Device information is determined according to different products. It can be IP address,
MAC address or user defined text. However, you must use numbers in hexadecimal
form.
Example
# Configure the ID of a local or remote device as 12345.

<Quidway> display snmp-agent local-engineid
5.1.11 snmp-agent community
Syntax
snmp-agent community { read | write } community-name [ [ mib-view view-name ]

[ acl acl-list ] ]
undo snmp-agent community community-name
View
System view
Parameter
read: Indicate that MIB object can only be read.

write: Indicate that MIB object can be read and written.
5-8
community-name: Community name character string.

view-name: MIB view name.
acl acl-list:set access control list for specified community.
Description
Using snmp-agent community command, you can configure community access

name and enable the access to SNMP. Using undo snmp-agent community
command, you can cancel the settings of community access name.
Example
# Configure community name as huawei and permits read-only access by this

community name.
[Quidway] snmp-agent community read huawei
# Configure community name as mgr and permits read-write access.

[Quidway] snmp-agent community write mgr
5.1.12 snmp-agent group
Syntax
snmp-agent group { v1 | v2c } group-name [ read-view read-view ] [ write-view

write-view ] [ notify-view notify-view ] [ acl acl-list ]
undo snmp-agent group { v1 | v2c } group-name
snmp-agent group v3 group-name [ authentication | privacy ] [ read-view
read-view ] [ write-view write-view ] [notify-view notify-view ] [ acl acl-list ]
undo snmp-agent group v3 group-name [ authentication | privacy ]
View
System view
Parameter

authentication: Configure to authenticate the packet without encryption.
read-view: Configures to allow read-only view settings.
readview: Read-only view name, ranging from 1 to 32 bytes.
write-view: Configure to allow read-write view settings.
writeview: Name of read-write view, ranging from 1 to 32 bytes.
notify-view: Configure to allow notify view settings.
5-9
notifyview: Specify the notify view name, ranging from 1 to 32 bytes.

acl acl-list:Set access control list for this group name.
Description
Using snmp-agent group command, you can configure a new SNMP group, that is, to
map SNMP user to SNMP view. Using undo snmp-agent group command, you can
cancel a specified SNMP group.
For the following reasons:
z snmp-agent target-host command automatically generates a notifyview for user
and adds it to the corresponding group.
z Any change of the SNMP group notify view will affect all the users related to this
group.
Please do not specify the notify view when configuring SNMP group.
Example
# Create an SNMP group named huawei.

[Quidway] snmp-agent group v3 huawei.
5.1.13 snmp-agent mib-view
Syntax
snmp-agent mib-view { included | excluded } view-name oid-tree

undo snmp-agent mib-view view-name
View
System view
Parameter
included: Include this MIB subtree.

excluded: Exclude this MIB subtree.
view-name: Specify the view name, with a character string, ranging from 1 to 32
characters.
oid-tree: MIB object subtree. It can be a character string of the variable OID, or a
variable name, ranging from 1 to 255 characters.
Description
Using snmp-agent mib-view command, you can create or update the view information.
Using undo snmp-agent mib-view command, you can cancel the view information
By default, the view name is v1default. OID is 1.3.6.1.
5-10
Both the character string of OID and the node name can be input as parameter.
Example
# Create a view that consists of all the objects of MIB-II.

[Quidway] snmp-agent mib-view included mib2 5.6.1.3
5.1.14 snmp-agent packet max-size
Syntax
snmp-agent packet max-size byte-count

undo snmp-agent packet max-size
View
System view
Parameter
byte-count: Specify the size of SNMP packet (measured in bytes), ranging from 484 to
17940. By default, the size is 1500 bytes.
Description
Using snmp-agent packet max-size command, you can configure the size of SNMP
packet that the Agent can send/receive. Using undo snmp-agent packet max-size
command, you can restore the default size of SNMP packet.
The sizes of the SNMP packets received/sent by the Agent are different in different
network environment.
Example
# Set the size of SNMP packet to 1042 bytes.

[Quidway] snmp-agent packet max-size 1042
5.1.15 snmp-agent sys-info
Syntax
snmp-agent sys-info { contact sysContact | location syslocation | version { { v1 |

v2c | v3 } * | all } }
undo snmp-agent sys-info { [ contact ] [ location ] | version { { v1 | v2c | v3 } * |
all } }
View
System view
5-11
Parameter
sysContact: Specify a character string describing the system maintaining contact (in
bytes), with a length ranging from 1 to 255; By default, the contact information is
"HuaWei Beijing China".
sysLocation: Specify a character string to describe the system location; By default, the
character string is "Beijing China".
version: version of running SNMP. By default, the version is SNMP V3.
v1:SNMP V1.
v2c:SNMP V2C.
v3:SNMP V3.
all:all SNMP version (includes SNMP V1, SNMP V2C, SNMP V3).
Description
Using snmp-agent sys-info command, you can configure system information such as
geographical location of the device, contact information for system maintenance and
version information of running SNMP. Using undo snmp-agent sys-info location
By default, the contact information is "HuaWei Beijing China", the system location is
"Beijing China", the SNMP version is SNMP V3.
Example
# Set system location as Building 3/Room 214.

[Quidway] snmp-agent sys-info location Building 3/Room 214
5.1.16 snmp-agent target-host
Syntax
snmp-agent target-host trap address udp-domain host-addr [ udp-port

udp-port-number ] params securityname community-string [ v1 | v2c | v3
[ authentication | privacy ] ]
undo snmp-agent target-host host-addr securityname community-string
View
System view
Parameter
trap:Specify the host to receive traps or notifications

address:Specify the transport addresses to be used in the generation of SNMP
messages.
5-12
udp-domain:Specify transport domain over UDP for the target address

host-addr: IP address of destination host.
udp-port udp-port-number: Specify the UDP port number of the host to receive the
SNMP notification.
params:Specify SNMP target information to be used in the generation of SNMP
messages
v1: Represent the version of SNMPV1.
v2c: Represent the version of SNMPV2C.
v3: Represent the version of SNMPV3.
authentication: Configure to authenticate the packet without encryption.
community-string: Specify the community name. The character string ranges from 1 to
32 bytes.
Description
Using snmp-agent target-host command, you can configure destination of SNMP

notification. Using undo snmp-agent target-host command, you can cancel the host
that receives SNMP notification.
The snmp-agent target-host command and the snmp-agent trap enable command
should be used at the same time. Use the snmp-agent trap enable command to
enable the device to transmit Trap packets. snmp-agent trap enable command and
snmp-agent target-host command should be used at the same time on the host to
enable notify message sending.
Example
# Enable sending Trap message to myhost.huawei.com with community name huawei.

[Quidway] snmp-agent trap enable
[Quidway] snmp-agent target-host trap address udp-domain 2.2.2.2 params
securityname huawei
# Enable sending Trap packets to 2.2.2.2 with the community name public
[Quidway] snmp-agent trap enable
securityname public
5.1.17 snmp-agent trap enable
Syntax
snmp-agent trap enable [ standard [ authentication ] [ coldstart ] [ linkdown ]

[ linkup ] [ warmstart ] ]
5-13
undo snmp-agent trap enable [ standard [ authentication ] [ coldstart ] [ linkdown ]

[ linkup ] [ warmstart ] ]
View
System view
Parameter
standard [ authentication ] [ coldstart ] [ linkdown ] [ linkup ] [ warmstart ]:

Configure to send standard Trap messages.
authentication: Configure to send SNMP authentication Trap messages.
coldstart: Configure to send SNMP cold start Trap messages.
linkdown: Configure to send SNMP link down Trap messages.
linkup: Configure to send SNMP link up Trap messages.
warmstart: Configure to send SNMP warm start Trap messages.
Note:
z cold-start: Reboot operation caused by problems such as power failure.
z warm-start: Reboot operation caused by executing the reboot command.
Description
Using snmp-agent trap enable command, you can enable the device to send Trap
message. Using undo snmp-agent trap enable command, you can disable Trap
message sending.
By default, Trap message sending is disabled.
snmp-agent trap enable command and snmp-agent target-host command should
be used at the same time. snmp-agent target-host command specifies which hosts
can receive Trap message. However, to send Trap message, at least one snmp-agent
target-host command should be configured.
Example
# Enable to send the trap packet of SNMP authentication failure to 10.1.1.1. The
community name is huawei.
[Quidway] snmp-agent trap enable standard authentication
securityname huawei
5-14
5.1.18 snmp-agent trap life
Syntax
snmp-agent trap life seconds

undo snmp-agent trap life
View
System view
Parameter
seconds: Specify the timeouts, ranging from 1 to 2592000 seconds; By default, the
timeout interval is 120 seconds.
Description
Using snmp-agent trap life command, you can configure the timeout of Trap packets.
Using undo snmp-agent trap life command, you can restore the default value.
The set timeout of Trap packet is represented by seconds. If time exceeds seconds,
this Trap packet will be discarded.
For the related commands, see snmp-agent trap enable, snmp-agent target-host .
Example
# Configure the timeout interval of Trap packet as 60 seconds.

[Quidway] snmp-agent trap life 60
5.1.19 snmp-agent trap queue-size
Syntax
snmp-agent trap queue-size length

undo snmp-agent trap queue-size
View
System view
Parameter
length: Length of queue, ranging from 1 to 1000; By default, the length is 100.
Description
Using snmp-agent trap queue-size command, you can configure the information
queue length of Trap packet sent to destination host. Using undo snmp-agent trap
queue-size command, you can restore the default value.
5-15
For the related commands, see snmp-agent trap enable, snmp-agent target-host,
snmp-agent trap life.
Example
# Configure the queue length to 200.

[Quidway] snmp-agent trap queue-size 200
5.1.20 snmp-agent trap source
Syntax
snmp-agent trap source vlan-interface vlan-id

undo snmp-agent trap source
View
System view
Parameter
vlan-id: Specify the VLAN interface ID, ranging from 1 to 4000.
Description
Using snmp-agent trap source command, you can configure the source address for
sending Trap. Using undo snmp-agent trap source command, you can cancel the
source address for sending Trap.
Example
# Configure the IP address of the VLAN interface 1 as the source address for
transmitting the Trap packets.
[Quidway] snmp-agent trap source vlan-interface 1
5.1.21 snmp-agent usm-user
Syntax
snmp-agent usm-user { v1 | v2c } username groupname [ acl acl-list ]

undo snmp-agent usm-user { v1 | v2c } username groupname
snmp-agent usm-user v3 username groupname [ authentication-mode { md5 | sha }
authpassstring [ privacy-mode { des56 privpassstring } ] ] [ acl acl-list ]
undo snmp-agent usm-user v3 username groupname { local | engineid engine-id }
View
System view
5-16
Parameter
username: Specify the user name, ranging from 1 to 32 bytes.

groupname: Specify the group name corresponding to that user, a character string at
the length ranging from 1 to 32 bytes.
authentication-mode: Specify the safety level as authentication required.
md5: MD5 algorithm is adopted in authentication. MD5 authentication uses the
128-digit password. Computation speed of MD5 is faster than that of SHA
sha: SHA algorithm is adopted in authentication. SHA authentication uses the 160-digit
password. Computation speed of SHA is slower than that of MD5, but with higher
security.
authpassword: Specify the authentication password with a character string, ranging
from 1 to 64 bytes.
privacy-mode: Specify the safety level as encrypted.
des56: Specify the authentication protocol as DES.
privpassword: Specify the encryption password with a character string, ranging from 1
to 64 bytes.
acl acl-list:Set access control list for this user based on USM name
Description
Using snmp-agent usm-user command, you can add a new user to an SNMP group.
Using undo snmp-agent usm-user command, you can cancel a user from SNMP
group.
SNMP engineID (for authentication) is required when configuring remote user for an
agent. This command will not be effective without engineID configured.
For V1 and V2C, this command will add a new community name. For V3, it will add a
new user for an SNMP group.
Example
# Add a user wang for huawei (an SNMP group), configures to authenticate with MD5
and sets authentication password as pass.
[Quidway] snmp-agent usm-user v3 wang huawei authentication-mode md5 pass
5-17
5.1.22 undo snmp-agent
Syntax
undo snmp-agent
View
System view
Parameter
None
Description
Using undo snmp-agent command, you can disable all versions of SNMP running on
the server.
Perform any command of snmp-agent will enable SNMP Agent.
Example
# Disable the running SNMP agents of all SNMP versions.

[Quidway] undo snmp-agent
5-18
Quidway S3500 Series Ethernet Switches Chapter 6 RMON Configuration Commands
Chapter 6 RMON Configuration Commands
6.1 RMON Configuration Commands

6.1.1 display rmon alarm
Syntax
display rmon alarm [ alarm-table-entry ]
View
Any view
Parameter
alarm-table-entry: Alarm table entry index.
Description
Using display rmon alarm command, you can view RMON alarm information.
For the related commands, see rmon alarm.
Example
# Display the RMON alarm information.

<Quidway> display rmon alarm
Alarm table 1 owned by HUAWEI is VALID.
Samples absolute value : 1.3.6.1.2.1.16.1.1.1.4.1 <etherStatsOctets.1>
Sampling interval : 10(sec)
Rising threshold : 1000(linked with event 1)
Falling threshold : 100(linked with event 1)
When startup enables : risingOrFallingAlarm
Latest value : 0
Table 6-1 Output description of the display rmon alarm command
Field Description
Alarm table 1 Index 1 in the alarm table
HUAWEI Owner
VALID The entry corresponding to the index is valid
Samples absolute Sampling the absolute value of the node
value 1.3.6.1.2.1.16.1.1.1.4.1
Sampling interval The interval of sampling the value
6-1
Field Description
Rising threshold. When sampling value rises from normal
Rising threshold
value to this threshold, rising threshold alarm will be triggered.
Falling threshold. When sampling value decreases from

Falling threshold normal value to this threshold, falling threshold alarm will be
triggered.
startup The first trigger

risingOrFallingAla The type of the first alarm: Specifies to alarm when exceeding
rm the rising threshold or the falling threshold
6.1.2 display rmon event
Syntax
display rmon event [ event-table-entry ]
View
Any view
Parameter
event-table-entry: Entry index of event table.
Description
Using display rmon event command, you can view RMON events.
The display includes event index in event table, owner of the event, description to the
event, action caused by event (log or alarm information), and occurrence time of the
latest event (counted on system initiate/boot time in centiseconds).
For the related commands, see rmon event.
Example
# Show the RMON event.

<Quidway> display rmon event
Event table 1 owned by HUAWEI is VALID.
Description: null.
Will cause log-trap when triggered, last triggered at 0days 00h:02m:27s.
Table 6-2 Output description of the display rmon event command
Field Description
Event table 1 Index 1 in event table
HUAWEI Owner
6-2
Field Description
Description Event description
Will cause log-trap when triggered, When the event is triggered, it will cause the
last triggered at 0days log-trap. And the last triggered time is
00h:02m:27s 00h:02m:27s
6.1.3 display rmon eventlog
Syntax
display rmon eventlog [ event-number ]
View
Any view
Parameter
event-number: Entry index of event table.
Description
Using display rmon eventlog command, you can view RMON event log.
The display includes description about event index in event table, description to the
event, and occurrence time of the latest event (counted on system initiate/boot time in
centisecond).
Example
# Show event log of RMON.

<Quidway> display rmon eventlog 1
Event table 1 owned by HUAWEI is VALID.
Generates eventLog 1.1 at 0days 00h:01m:39s.
Description: The 1.3.6.1.2.1.16.1.1.1.4.1 defined in alarm table 1,
less than(or =) 100 with alarm value 0. Alarm sample type is absolute.
Generates eventLog 1.2 at 0days 00h:02m:27s.
Description: The alarm formula defined in private alarm table 1,
less than(or =) 100 with alarm value 0. Alarm sample type is absolute.
Table 6-3 Output description of the display rmon eventlog command
Field Description
Event table 1 Index 1 in event table
HUAWEI Owner
6-3
Field Description
Description Event description
less than(or =) 100 with alarm The alarm sample value is less than or equal to
value 0 100
Alarm sample type is absolute The type of alarm sampling is absolute

Generates eventLog 1.2 at The eventlog corresponding to the index 1.2 is
0days 00h:02m:27s generated at 0days 00h:02m:27s.
6.1.4 display rmon history
Syntax
display rmon history [ port-num ]
View
Any view
Parameter
port-num: Ethernet port name.
Description
Using display rmon history command, you can view latest RMON history sampling
information (including utility, error number and total packet number).
For the related commands, see rmon history.
Example
# Show the RMON history information.

<Quidway> display rmon history ethernet 2/1
History control entry 1 owned by HUAWEI is VALID
Samples interface : Ethernet2/1<ifEntry.642>
Sampling interval : 10(sec) with 10 buckets max
Latest sampled values :
Dropevents :0 , octets :0
packets :0 , broadcast packets :0
multicast packets :0 , CRC alignment errors :0
undersize packets :0 , oversize packets :0
fragments :0 , jabbers :0
collisions :0 , utilization :0
6-4
Table 6-4 Output description of the display rmon history command
Field Description
History control entry Index number in history control table
HUAWEI Owner
Samples interface The sampled interface

Sampling interval Sampling interval
buckets Records in history control table
dropevents Dropping packet events

octets Sent/Received octets in sampling time
packets Packets sent/received in sampling time
broadcast packets Number of broadcast packets

multicast packets Number of multicast packets
CRC alignment errors Number of CRC error packets
undersized packets Number of undersized packets
oversized packets Number of oversized packets
fragments Number of undersized and CRC error packets
jabbers Number of oversized and CRC error packets
collisions Number of collision packets
utilization Utilization
6.1.5 display rmon prialarm
Syntax
display rmon prialarm [ prialarm-table-entry ]
View
Any view
Parameter
prialarm-table-entry:entry of extended alarm table.
Description
Using display rmon prialarm command, you can view information about extended
alarm table.
6-5
For the related commands, see rmon prialarm.
Example
# display alarm information about extended RMON.

<Quidway> display rmon prialarm
Prialarm table 1 owned by HUAWEI is VALID.
Samples absolute value : .1.3.6.1.2.1.16.1.1.1.4.1
Sampling interval : 10(sec)
Rising threshold : 1000(linked with event 1)
Falling threshold : 100(linked with event 1)
When startup enables : risingOrFallingAlarm
This entry will exist : forever.
Latest value : 0
Table 6-5 Output description of the display rmon prialarm command
Field Description
Prialarm table 1 Index of extended alarm entry.
owned by HUAWEI Creator of the extended alarm entry.
VALID The entry corresponding to the index is valid.
Sampling the absolute value of the node
Samples absolute value
1.3.6.1.2.1.16.1.1.1.4.1
Rising threshold. When sampling value rises from
Rising threshold normal value to this threshold, rising threshold alarm will
be triggered.
Falling threshold. When sampling value decreases from

Falling threshold normal value to this threshold, falling threshold alarm will
be triggered.
Corresponding event index of ring and falling threshold

linked with event 1
alarm.
When startup enables: Kind of first alarm. It may trigger rising threshold alarm or
risingOrFallingAlarm falling threshold alarm or both.
This entry will exist The lifespan of this alarm entry which can be forever or a
forever specified period of time.
Latest value : 0 The value of the latest sampling.
6.1.6 display rmon statistics
Syntax
display rmon statistics [ port-num ]
6-6
View
Any view
Parameter
port-num: Ethernet port number.
Description
Using display rmon statistics command, you can view RMON statistics.
The displayed information includes collision, CRC (Cyclic Redundancy Check) and
queue, undersized or oversized packet, timeout, fragment, broadcast, multicast,
unicast, and bandwidth utility.
For the related commands, see rmon statistics.
Example
# Show RMON statistics.

<Quidway> display rmon statistics Ethernet 2/1
Statistics entry 1 owned by HUAWEI is VALID.
Interface : Ethernet2/1<ifEntry.642>
Received :
octets :0 , packets :0
broadcast packets :0 , multicast packets:0
undersized packets :0 , oversized packets:0
fragments packets :0 , jabbers packets :0
CRC alignment errors:0 , collisions :0
Dropped packet (insufficient resources):0
Packets received according to length (octets):
64 :0 , 65-127 :0 , 128-255 :0
256-511:0 , 512-1023:0 , 1024-1518:0
Table 6-6 Output description of the display rmon statistics command
Field Description
Interface Port
HUAWEI Owner
octets Received/Sent octets in sampling time
packets Packets received/sent in sampling time

broadcast packets Number of broadcast packets
multicast packets Number of multicast packets
undersized packets Number of undersized packets
6-7
Field Description
oversized packets Number of oversized packets
fragments packets Number of undersized and CRC error packets
jabbers Number of oversized and CRC error packets

CRC alignment errors Number of CRC error packets
collisions Number of collision packets
Dropped packet (insufficient

Dropping packet events
resources)
6.1.7 rmon alarm
Syntax
rmon alarm entry-number alarm-variable sampling-time { delta | absolute }

rising-threshold threshold-value1 event-entry1 falling-threshold threshold-value2
event-entry2 [ owner text ]
undo rmon alarm entry-number
View
System view
Parameter
entry-number: Number of the entry to be added/deleted, ranging from 1 to 65535.

alarm-variable: Specifies the alarm variable with a character string, ranging from 1 to
256, in the OID dotted format, like 1.3.6.1.2.1.2.1.10.1 (or ifInOctets.1).
sampling-time: Specifies the sampling interval, ranging from 5 to 65535 (measured in
seconds).
delta: Sampling type is delta.
absolute: Sampling type is absolute.
rising-threshold threshold-value1: Rising threshold, ranging from 0 to 2147483647.
event-entry1: Event number corresponding to the upper limit of threshold, ranging from
0 to 65535.
falling-threshold threshold-value2: Falling threshold, ranging from 0 to 2147483647.
event-entry2: Event number corresponding to the falling threshold, ranging from 0 to
65535.
owner text: Specifies the creator of the alarm. Length of the character string ranges
from 1 to 127.
6-8
Description
Using rmon alarm command, you can add an entry to the alarm table. Using undo
rmon alarm command, you can cancel an entry from this table.
In this way, the alarm event can be triggered in the abnormal situations and then
decides to log and send trap to the NM station.
Example
# Delete the information of entry 15 from the alarm table.

[Quidway] undo rmon alarm 15
6.1.8 rmon event
Syntax
rmon event event-entry [ description string ] { log | trap trap-community | log-trap

log-trapcommunity | None } [ owner rmon-station ]
undo rmon event event-entry
View
System view
Parameter
event-entry: Number of the entry to be added/deleted, ranging from 1 to 65535.

description string: Event description. Length of the character string ranges from 1 to
255.
log: Log event.
trap: Trap event.
trap-community: Name of the community that trap message is sent to.
log-trap: Log and trap event.
log-trapcommunity: Name of the community that trap message is sent to.
None: neither log nor trap event.
owner rmon-station: Name of the network management station that creates this entry.
The length of the character string ranges from 1 to 127.
Description
Using rmon event command, you can add an entry to the event table. Using undo
rmon event command, you can cancel an entry from this table.
Event management of RMON defines the way to deal with event number and event-log,
send trap message or log while sending trap message. In this way, alarm events may
obtain corresponding treatment
6-9
Example
# Add the entry 10 to the event table and marks it as log event.
[Quidway] rmon event 10 log
6.1.9 rmon history
Syntax
rmon history entry-number buckets number interval sampling-interval [ owner

text-string ]
undo rmon history entry-number
View
Ethernet port view
Parameter

buckets number: Capacity of the history table corresponding to the control line.
interval sampling-interval: Sampling interval, ranging from 5 to 3600 (measured in
seconds).
owner text-string: Creator of the line. Length of the character string ranges from 1
to127.
Description
Using rmon history command, you can add an entry to the history control table. Using
undo rmon history command, you can cancel an entry from history control table.
Perform this command to sample, set sample parameter (sample time interval) and
storage amounts for a port. RMON will periodically perform data collection and save for
query on this port. Sample information includes utility, error number and total packet
number.
Example
# Delete the entry 15 from the history control table.

[Quidway-Ethernet0/1] undo rmon history 15
6.1.10 rmon prialarm
Syntax
rmon prialarm entry-number alarm-var [ alarm-des ] sampling-timer { delta | absolute

| changeratio } rising-threshold threshold-value1 event-entry1 falling-threshold
threshold-value2 event-entry2 entrytype { forever | cycle cycle-period } [ owner text ]
6-10
undo rmon prialarm entry-number
View
System view
Parameter
entry-number: Specifies the entry number, ranging from 1 to 65535.

alarm-var: Specifies the alarm variable, which can be an arithmetic expression of
several integer MIB node instances. The node can be OID in dotted notation.
alarm-des: Specifies the alarm description with a length ranging from 0 to 0-127;
sampling-timer: Sets the sampling interval, ranging from 10 to 65535 and measured in
seconds.
delta | absolute | changeratio: Specifies the sampling type as delta ratio or absolute
ratio.
threshold-value1: Rising threshold value, specified with a number greater than 0.
event-entry1: Corresponding event number to the upper limit threshold value, ranging
from 0 to 65535.
threshold-value2: Falling threshold value, specified with a number greater than 0.
event-entry2: Event number corresponding to the falling threshold, ranging from 0 to
65535.
forever | cycle cycle-period: Specifies the type of the alarm instance line.
cycle-period specifies the functional cycle of the instance.
owner text: Specifies the creator of the line. Length of the character string ranges from
1 to 127.
Description
Using rmon prialarm command, you can add an entry to the extended RMON alarm
table. Using undo rmon prialarm command, you can cancel an entry from the
extended RMON alarm table.
The number of instances can be created in the table depends on the hardware
resource of the product.
Example
# Delete line 10 from the extended RMON alarm table.

[Quidway] undo rmon prialarm 10
6-11
6.1.11 rmon statistics
Syntax
rmon statistics entry-number [ owner text-string ]

undo rmon statistics entry-number
View
Ethernet port view
Parameter

owner text-string: Creator of the entry. Length of the character string ranges from 1
to127.
Description
Using rmon statistics command, you can add an entry to the statistic table. Using
undo rmon statistics command, you can cancel an entry from statistic table.
RMON statistic management concerns the statistics and monitoring of the usage and
error on a port. Statistics includes collision, CRC (Cyclic Redundancy Check) and
queue, undersized or oversized packet, timeout, fragment, broadcast, multicast,
unicast, and bandwidth utility.
Example
# Add the entry 20 to the statistics table of Ethernet1/1.

[Quidway-ethernet1/1] rmon statistic 20
6-12
Quidway S3500 Series Ethernet Switches Chapter 7 NTP Configuration Commands
Chapter 7 NTP Configuration Commands
7.1 NTP Configuration Commands

7.1.1 debugging ntp-service
Syntax
debugging ntp-service { access | adjustment | authentication | event | filter |

packet | parameter | refclock | selection | synchronization | validity | all }
undo debugging ntp-service { access | adjustment | authentication | event | filter |
packet | parameter | refclock | selection | synchronization | validity | all }
View
User view
Parameter
access: NTP access control debugging.

adjustment: NTP clock adjustment debugging.
all: All NTP debugging functions.
authentication: NTP authentication debugging.
event: NTP event debugging.
filter: NTP filter information debugging.
packet: NTP packet debugging.
parameter: NTP clock parameter debugging.
refclock: NTP reference clock debugging.
selection: NTP clock selection information debugging.
synchronization: NTP clock synchronization information debugging.
validity: NTP remote host validity debugging.
Description
Using debugging ntp-service command, you can debug different NTP services. Using
undo debugging ntp-service command, you can disable corresponding debugging
function.
By default, no debugging function is enabled.
7-1
Example
# Enable NTP access control debugging.

<Quidway> debugging ntp-service access
7.1.2 display ntp-service sessions
Syntax
display ntp-service sessions [ verbose ]
View
Any view
Parameter
verbose: Indicate to display the detail information about the sessions.
Description
Using display ntp-service sessions command, you can display the status of all the
sessions maintained by NTP service provided by the local equipment.
By default, the status of all the sessions maintained by NTP service provided by the
local equipment will be displayed.
When you configure this command without the verbose parameter, the Ethernet switch
will display the brief information about all the sessions it maintains.
With the verbose parameter configured, Ethernet switch will display the detail
information about all the sessions it maintains.
Example
<Quidway> display ntp-service sessions

source refid st now poll reach delay offset disp
********************************************************************
[12345]212.125.95.4 131.188.3.221 2 18 64 377 339.8 10.8 0.9
note: 1 source(master),2 source(peer),3 selected,4 candidate,5 configured
7.1.3 display ntp-service status
Syntax
display ntp-service status
View
Any view
7-2
Parameter
None
Description
Using command display ntp-service status, you can display the NTP service status.
Example
<Quidway> display ntp-service status

clock status: unsynchronized
clock stratum: 16
reference clock ID: None
nominal frequency: 100.0000 Hz
actual frequency: 100.0000 Hz
clock precision: 2^17
clock offset: 0.0000 ms
root delay: 0.00 ms
root dispersion: 0.00 ms
peer dispersion: 0.00 ms
reference time: 00:00:00.000 UTC Jan 1 1900(00000000.00000000)
The following table describes the outputs:
Table 7-1 NTP service status information
Output Meaning
clock status: Local clock status: do not synchronize to any remote NTP
unsynchronized server.
clock stratum: 16 Indicates the NTP stratum of local clock.
Indicates the address of a remote server of the reference ID, in

reference clock ID the case that the local system has been synchronized by a
remote NTP server or the ID of some clock source.
nominal frequency Nominal frequency of the local system hardware clock
actual frequency Actual frequency of the local system hardware clock.
clock precision Precision of local system clock
clock offset Offset of the local clock to the NTP server clock
root delay Root delay from local equipment to the master reference clock.
root dispersion Dispersion of the local clock relative to the NTP server clock
peer dispersion Dispersion of the remote NTP server.
reference time Reference timestamp
7-3
7.1.4 display ntp-service trace
Syntax
display ntp-service trace
View
Any view
Parameter
None
Description
Using display ntp-service trace command, you can display the brief information about
every NTP server on the way from the local equipment to the reference clock source.
Example
<Quidway> display ntp-service trace

server 127.0.0.1,stratum 8, offset 0.000000, synch distance 0.00000
refid 127.127.1.0
7.1.5 ntp-service access
Syntax
ntp-service access { query | synchronization | server | peer } acl-number

undo ntp-service access { query | synchronization | server | peer }
View
System view
Parameter
query: Allow to control query authority.

synchronization: Only allow the server to access.
server: Allow query to server and access.
peer: Full access authority.
acl-number: The IP address list number, ranging from 2000 to 2999.
Description
Using ntp-service access command, you can set the authority to access the local
equipment. Using undo ntp-service access command, you can cancel the access
authority settings.
7-4
By default, there is no limit to the access.

Set authority to access the NTP services on a local Ethernet Switch. This is a basic and
brief security measure, compared to authentication. An access request will be matched
with peer, server, server only, and query only in an ascending order of the limitation.
The first matched authority will be given.
Example
# Give the authority of time request, query control and synchronization with the local
equipment to the peer in ACL 2076.
[Quidway] ntp-service access peer 2076
# Give the authority of time request and query control of the local equipment to the peer
in ACL 2028.
[Quidway] ntp-service access synchronization 2028
7.1.6 ntp-service authentication enable
Syntax
ntp-service authentication enable

undo ntp-service authentication enable
View
System view
Parameter
None
Description
Using ntp-service authentication enable command, you can enable the NTP-service
authentication function. Using undo ntp-service authentication enable command,
you can disable this function.
By default, the authentication is disabled.
Example
# Enable NTP authentication function.

[Quidway] ntp-service authentication enable
7.1.7 ntp-service authentication-keyid
Syntax
ntp-service authentication-keyid number authentication-mode md5 value
7-5
undo ntp-service authentication-keyid number
View
System view
Parameter
number: Specify the key number and range from 1 to 4294967295.

value: Specify the value of the key with 1 to 32 ASCII characters.
Description
Using ntp-service authentication-keyid command, you can set NTP authentication

key. Using undo ntp-service authentication-keyid command, you can cancel the
NTP authentication key.
By default, there is no authentication key.
Only MD5 authentication is supported for the NTP authentication key settings.
Example
# Set MD5 authentication key 10 as BetterKey.

[Quidway] ntp-service authentication-keyid 10 authentication-mode md5
BetterKey
7.1.8 ntp-service broadcast-client
Syntax
ntp-service broadcast-client
undo ntp-service broadcast-client
View
VLAN interface view
Parameter
None
Description
Using ntp-service broadcast-client command, you can configure NTP broadcast

client mode. Using undo ntp-service broadcast-client command, you can disable the
NTP broadcast client mode.
By default, the NTP broadcast client mode is disabled.
Designate an interface on the local Ethernet Switch to receive NTP broadcast
messages and operate in broadcast client mode. The local Ethernet Switch listens to
7-6
the broadcast from the server. When it receives the first broadcast packet, it starts a
brief client/server mode to switch messages with a remote server for estimating the
network delay. Thereafter, the local Ethernet Switch enters broadcast client mode and
continues listening to the broadcast and synchronizes the local clock according to the
arrived broadcast message.
Example
# Configure to receive NTP broadcast packets via Vlan-Interface1.

[Quidway] interface vlan-interface1
[Quidway-Vlan-Interface1] ntp-service broadcast-client
7.1.9 ntp-service broadcast-server
Syntax
ntp-service broadcast-server [ authentication-keyid keyid version number ]

undo ntp-service broadcast-server
View
VLAN interface view
Parameter
authentication-keyid: Specify the authentication key.

keyid: Key ID used in broadcast, ranging from 0 to 4294967295.
version: Define NTP version number.
number: NTP version number, ranging from 1 to 3.
Description
Using ntp-service broadcast-server command, you can configure NTP broadcast

server mode. Using undo ntp-service broadcast-server command, you can disable
the NTP broadcast server mode.
By default, the broadcast service is disabled and number defaults to 3.
Designate an interface on the local equipment to broadcast NTP packets. The local
equipment runs in broadcast-server mode and regularly broadcasts packets to its
clients.
Example
# Configure to broadcast NTP packets via Vlan-Interface1 and encrypt them with Key 4
and set the NTP version number as 3.
7-7
[Quidway-Vlan-Interface1] ntp-service broadcast-server authentication-key 4

version 3
7.1.10 ntp-service in-interface disable
Syntax
ntp-service in-interface disable

undo ntp-service in-interface disable
View
VLAN interface view
Parameter
None
Description
Using ntp-service in-interface disable command, you can disable an interface to

receive NTP message. Using undo ntp-service in-interface disable command, you
can enable an interface to receive NTP message.
By default, an interface is enabled to receive NTP message.
Example
# Disable Vlan-Interface1 to receive NTP message.

[Quidway-Vlan-Interface1] ntp-service in-interface disable
7.1.11 ntp-service max-dynamic-sessions
Syntax
ntp-service max-dynamic-sessions number

undo ntp-service max-dynamic-sessions
View
System view
Parameter
number: The maximum sessions can be created locally, ranging from 0 to 100.
7-8
Description
Using ntp-service max-dynamic-sessions command, you can set how many

sessions can be created locally. Using undo ntp-service max-dynamic-sessions
command, you can resume the default maximum session number
By default, a local device allows up to 100 sessions.
Example
# Set the local equipment to allow up to 50 sessions.

[Quidway] ntp-service max-dynamic-sessions 50
7.1.12 ntp-service multicast-client
Syntax
ntp-service multicast-client [ ip-address ]

undo ntp-service multicast-client [ ip-address ]
View
VLAN interface view
Parameter
ip-address: Specify an multicast IP address of Class D.
Description
Using ntp-service multicast-client command, you can configure the NTP multicast
client mode. Using undo ntp-service multicast-client command, you can disable the
NTP multicast client mode.
By default, the multicast client service is disabled. ip-address defaults to 224.0.1.1.
Designate an interface on the local Ethernet Switch to receive NTP multicast messages
and operate in multicast client mode. The local Ethernet Switch listens to the multicast
from the server. When it receives the first multicast packet, it starts a brief client/server
mode to switch messages with a remote server for estimating the network delay.
Thereafter, the local Ethernet Switch enters multicast client mode and continues
listening to the multicast and synchronizes the local clock according to the arrived
multicast message.
Example
# Configure to receive NTP multicast packet via Vlan-Interface1 and the multicast
group corresponding to these packets located at 224.0.1.1.
[Quidway-Vlan-Interface1] ntp-service multicast-client 224.0.1.1
7-9
7.1.13 ntp-service multicast-server
Syntax
ntp-service multicast-server [ ip-address ] [ authentication-keyid keyid ] [ ttl

ttl-number ] [ version number ]
undo ntp-service multicast-server [ ip-address ]
View
VLAN interface view
Parameter
ip-address: Specify a multicast IP address of Class D and default to 224.0.1.1.

authentication-keyid: Specify authentication key.
keyid: Key ID used in multicast, ranging from 0 to 4294967295.
ttl: Define the time to live of a multicast packet.
ttl-number: Specify the ttl of a multicast packet and range from 1 to 255.
number: Specify NTP version number and range from 1 to 3.
Description
Using ntp-service multicast-server command, you can configure NTP multicast

server mode, if no IP address is specified, switch automatically choice the 224.0.1.1 as
the multicast IP address. Using undo ntp-service multicast-server command, you
can disable NTP multicast server mode, if no IP address is specified, the switch will
disable the configuration of the multicast IP address 224.0.1.1.
By default, the multicast service is disabled. IP address defaults to 224.0.1.1 and the
version number defaults to 3.
Designate an interface on the local equipment to transmit NTP multicast packet. The
local equipment operates in multicast-server mode and multicasts packets regularly to
its clients.
Example
# Configure to transmit NTP multicast packets encrypted with Key 4 via Vlan-Interface1
at 224.0.1.1 and use NTP version 3.
[Quidway-Vlan-Interface1] ntp-service multicast-server 224.0.1.1
authentication-keyid 4 version 3
7-10
7.1.14 ntp-service refclock-master
Syntax
ntp-service refclock-master [ ip-address ] [ stratum ]

undo ntp-service refclock-master [ ip-address ]
View
System view
Parameter
ip-address: Specify the reference clock IP address as 127.127.t.u. Here, t ranges from
0 to 37 and u ranges from 0 to 3.
stratum: Specify which stratum the local clock is located at and range from 1 to 15.
Description
Using ntp-service refclock-master command, you can configure an external

reference clock or the local clock as an NTP master clock. Using undo ntp-service
refclock-master command, you can cancel the NTP master clock settings.
By default, ip-address is not specified and stratum defaults to 1.
You can use this command to designate an NTP external reference clock or the local
clock as an NTP master clock to provide synchronized time for other equipment.
ip-address specifies the IP address of an external clock as 127.127.t.u. If no IP address
is specified, the local clock is set as the NTP master clock by default. You can also
specify the stratum of the NTP master clock.
Example
# Set the local clock as the NTP master clock to provide synchronized time for its peers
and locate it at stratum 3.
[Quidway] ntp-service refclock-master 3
7.1.15 ntp-service reliable authentication-keyid
Syntax
ntp-service reliable authentication-keyid number

undo ntp-service reliable authentication-keyid number
View
System view
7-11
Parameter
number: Specify the key number, ranging from 1 to 4294967295.
Description
Using ntp-service reliable authentication-keyid command, you can configure the

key as reliable. Using undo ntp-service reliable authentication-keyid command,
you can cancel the current setting.
By default, no key is configured as reliable.
When you enable the authentication, you can use this command to configure one or
more than one keys as reliable. In this case, a client will only get synchronized by a
server whichever can provide a reliable key.
Example
# Enable NTP authentication, adopt MD5 encryption, and designate Key 37 BetterKey
and configure it as reliable.
[Quidway] ntp-service authentication enable
[Quidway] ntp-service authentication-keyid 37 authentication-mode md5
BetterKey
[Quidway] ntp-service reliable authentication-keyid 37
7.1.16 ntp-service source-interface
Syntax
ntp-service source-interface { interface-name | interface-type interface-number }

undo ntp-service source-interface
View
System view
Parameter
interface-name: Specify an interface. The source IP address of the packets will be

taken from the address of the interface.
interface-type: Specify the interface type and determine an interface with the
interface-number parameter.
interface-number: Specify the interface number and determine an interface with the
interface-type parameter.
7-12
Description
Using ntp-service source-interface command, you can designate an interface to

transmit NTP message. Using undo ntp-service source-interface command, you can
cancel the current setting.
The source address specifies where the packets are transmitted from.
You can use this command to designate an interface to transmit all the NTP packets
and take the source address of these packets from its IP address. If you do not want
any other interface to receive the acknowledgement packets, use this command to
specify one interface to send all the NTP packets.
Example
# Configure all the outgoing NTP packets to use the IP address of Vlan-Interface1 as
their source IP address.
[Quidway] ntp-service source-interface Vlan-Interface 1
7.1.17 ntp-service unicast-peer
Syntax
ntp-service unicast-peer ip-address [ version number ] [ authentication-key keyid ]

[ source-interface { interface-name | interface-type interface-number } ] [ priority ]
undo ntp-service unicast-peer ip-address
View
System view
Parameter
ip-address: Specify the IP address of a remote server.

authentication-keyid: Define authentication key.
keyid: Key ID used for transmitting messages to a remote server, ranging from 0 to
4294967295.
source-interface: Specify the name of an interface.
interface-name: Specify the interface name. When a local device sends an NTP
message to a peer, the source IP address of the message is taken from the address of
the interface.
interface-type: Specify the interface type and determine an interface together with the
7-13
interface-number: Specify the interface number and determine an interface together

with the interface-type parameter.
priority: Designate a server as the first choice.
Description
Using ntp-service unicast-peer command, you can configure NTP peer mode. Using
undo ntp-service unicast-peer command, you can cancel NTP peer mode.
By default, version number number defaults to 3, the authentication is disabled, and the
local server is not the first choice.
This command sets the remote server at ip-address as a peer of the local equipment,
which operates in symmetric active mode. ip-address specifies a host address other
than an IP address of broadcast, multicast, or reference clock. By operating in this
mode, a local device can synchronize and be synchronized by a remote server.
Example
# Configure the local equipment to synchronize or synchronized by a peer at

128.108.22.44. Set the NTP version to 3. The IP address of the NTP packets are taken
from that of Vlan-Interface1.
[Quidway] ntp-service unicast-peer 131.108.22.33 version 3 source-interface
Vlan-Interface 1
7.1.18 ntp-service unicast-server
Syntax
ntp-service unicast-server ip-address [ version number ] [ authentication-keyid

keyid ] [ source-interface { interface-name | interface-type interface-number } ]
[ priority ]
undo ntp-service unicast-server ip-address
View
System view
Parameter
ip-address: Specify the IP address of a remote server.

authentication-keyid: Define authentication key.
keyid: Key ID used for transmitting messages to a remote server, ranging from 0 to
4294967295.
source-interface: Specify the name of an interface.
7-14
interface-name: Specify the interface name. When a local device sends an NTP
message to a peer, the source IP address of the message is taken from the address of
the interface.
interface-type: Specify the interface type and determine an interface together with the
interface-number: Specify the interface number and determine an interface together
with the interface-type parameter.
priority: Designate a server as the first choice.
Description
Using ntp-service unicast-server command, you can configure NTP server mode.
Using undo ntp-service unicast-server command, you can disable NTP server
mode.
By default, version number number defaults to 3, the authentication is disabled, and the
local server is not the first choice.
The command announces to use the remote server at ip-address as the local time
server. ip-address specifies a host address other than an IP address of broadcast,
multicast, or reference clock. By operating in client mode, a local device can be
synchronized by a remote server, but not synchronize any remote server.
Example
# Designate the server at 128.108.22.44 to synchronize the local device and use NTP
version 3.
[Quidway] ntp-service unicast-server 128.108.22.44 version 3
7-15
Quidway S3500 Series Ethernet Switches Chapter 8 SSH Configuration Commands
Chapter 8 SSH Configuration Commands
Note:
FS/S3526C support SSH.
8.1 SSH Configuration Commands

8.1.1 debugging ssh server
Command
debugging ssh server { all | vty index }

undo debugging ssh server { all | vty index }
View
User view
Parameter
all: All SSH channels

index: Debugged SSH channels. Optional values depend on the VTY number and they
are 0~4.
Description
Using the debugging ssh server command, you can send the negotiation process
defined in SSH1.5 protocol to the information center as debugging information and
debug a single user interface. Using the undo debugging ssh server command, you
can disable debugging function.
By default, debugging function is disabled.
For the related commands, see ssh server authentication-retries, ssh server
rekey-interval, ssh server timeout.
Example
# Print debugging information in running SSH

<Quidway> debugging ssh server vty 0
00:23:20: SSH0: starting SSH control process
8-1
00:23:20: SSH0: sent protocol version id SSH-1.5-Quidway-1.25

00:23:20: SSH0: protocol version id is - SSH-1.5-1.2.26
00:23:20: SSH0: SSH_SMSG_PUBLIC_KEY msg
00:23:21: SSH0: SSH_CMSG_SESSION_KEY msg - length 112, type 0x03
00:23:21: SSH: RSA decrypt started
00:23:21: SSH: RSA decrypt finished
00:23:21: SSH: RSA decrypt started
00:23:21: SSH: RSA decrypt finished
8.1.2 display rsa local-key-pair public
Command
display rsa local-key-pair public
View
Any view
Parameter
None
Description
Using the display rsa local-key-pair public command, you can display local key pair
and public key of the server. If no key is generated, corresponding information will be
prompted, for example, “RSA keys not found”.
For the related command, see rsa local-key-pair create.
Example
# Display local key pair and public key of the server

<Quidway> display rsa local-key-pair public
% Key pair was generated at: 12:26:33 UTC 2002/4/4
Key name: rtvrp_Host
Usage: Encryption Key
Key Data:
30470240 AF7DB1D0 DA78944F 53B7B59B 40D425D0 DC9C57D2 A60916C2 1F165807
08B84DDB 5F4DB8E7 A115B74E 2D41D96C AC61D276 AA027E41 DD48DE64 696E0934
EB872805 02030100 01
% Key pair was generated at: 12:26:45 UTC 2002/4/4
Key name: rtvrp_Server
Usage: Encryption Key
Key Data:
30670260 C05280D9 BA0D56C8 7BE43379 8634CDE7 83ABA9A2 3F36280E 25995487
4FF6AD7A 0E57871C 761E6D92 9914D8C5 CC577388 5B580B94 C2172C8F 36039EED
8-2
160A0478 651DED3A 9CCF1AAD D800AAF2 DF7FBEC4 A13ADA59 9E738319 AF366B8B

519D39F5 02030100 01
8.1.3 display rsa peer-public-key
Command
display rsa peer-public-key [ brief | name keyname ]
View
Any view
Parameter
brief: Displays brief information of the remote public key.

keyname: Specifies key name, a string including 0~32 characters.
Description
Using the display rsa peer-public-key command, you can display a designated RSA
public key. All public keys will be displayed if no key is specified.
For the related command, see rsa local-key-pair create.
Example
# Display a designated RSA public key

<Quidway> display rsa peer-public-key
Address Bits Name
1023 abcd
1024 hq
1024 wn1
1024 hq_all
<Quidway> display rsa peer-public-key name abcd
Key name:abcd
Key address:
Data:
30818602 8180739A 291ABDA7 04F5D93D C8FDF84C 42746319 91C164B0 DF178C55
FA833591 C7D47D53 81D09CE8 2913D7ED F9C08511 D83CA4ED 2B30B809 808EB0D1
F52D045D E40861B7 4A0E1355 23CCD74C AC61F8E5 8C452B2F 3F2DA0DC C48E3306
367FE187 BDD94401 8B3B69F3 CBB0A573 202C16BB 2FC1ACF3 EC8F828D 55A36F1C
DDC4BB45 504F0201 25
8-3
8.1.4 display ssh server
Command
display ssh server { session | status }
View
Any view
Parameter
session: Displays SSH sessions.

status: Displays SSH state information.
Description
Using the display ssh server command, you can display SSH state or session
information.
For the related commands, see ssh server authentication-retries, ssh server
rekey-interval, ssh server timeout.
Example
# Display SSH state and configuration parameters.

[Quidway] display ssh server status
SSH version : 1.5
SSH connection timeout : 60 seconds
SSH server key generating interval : 1 hours
SSH Authentication retries : 3 times
# Display SSH sessions.

[Quidway] display ssh server session
Conn Ver Encry State Retry Username
VTY0 1.5 DES Session started 1 Quidway
VTY3 1.5 DES Session started 1 switch
8.1.5 display ssh user-information
Command
display ssh user-information [ username ]
View
Any view
Parameter
username: Valid SSH user named defined by AAA
8-4
Description
Using the display ssh user-information command, you can display information of the
user, including username, corresponding key, authentication type. If a username is
specified, the system just gives its information.
For the related commands, see ssh user username assign rsa-key, ssh user
username authentication-type.
Example
# Display SSH user information.

[Quidway] display ssh user-information
Username authentication-type user-public-key-name
Jin rsa jin
hanqi1 password 816pub
8.1.6 peer-public-key end
Command
peer-public-key end
View
Public key view
Parameter
None
Description
Using the peer-public-key end command, you can finish editing peer public key and
quit from public key view to system view.
For the related commands, see rsa peer-public-key, public-key-code end.
Example
# Quit public key view.

[Quidway] rsa peer-public-key quidway003
[Quidway-rsa-public-key] peer-public-key end
[Quidway]
8-5
8.1.7 protocol inbound
Command
protocol inbound { all | ssh | telnet }
View
VTY user interface view
Parameter
all: Supports both Telnet and SSH protocols.

ssh: Supports only SSH protocol.
telnet: Supports only Telnet protocol.
Description
Using the protocol inbound command, you can configure the protocols supported by
a designated user interface.
By default, the system supports both Telnet and SSH protocols.
If SSH protocol is enabled and specified for the user interface, but no local RSA key is
configured, SSH cannot take effect yet till you log onto the system next time.
If SSH protocol is specified, to ensure a successful logon, you must configure the AAA
authentication using the authentication-mode scheme command. The protocol
inbound ssh configuration fails if you configure authentication-mode password and
authentication-mode None.
For the related commands, see user-interface vty.
Example
# Disable Telnet on vty0 through vty4, only SSH available.

[Quidway-ui-vty0-4] protocol inbound ssh
[Quidway-ui-vty0-4]
8.1.8 public-key-code begin
Command
public-key-code begin
View
Public key edit view
8-6
Parameter
None
Description
Using the public-key-code begin command, you can enter public key edit view.
Before using this command, you have to create a public key with the rsa
peer-public-key command. In the public key edit view, you can key in desired public
key, which consists of hexadecimal characters, with blank space allowed between them,
and is generated randomly by the client program supporting SSH.
For the related commands, see rsa peer-public-key, public-key-code end.
Example
# Enter public key view and key in public key.

[Quidway-rsa-public-key] public-key-code begin
[Quidway-rsa-key-code] 308186028180739A291ABDA704F5D93DC8FDF84C427463
[Quidway-rsa-key-code] 1991C164B0DF178C55FA833591C7D47D5381D09CE82913
[Quidway-rsa-key-code] D7EDF9C08511D83CA4ED2B30B809808EB0D1F52D045DE4
[Quidway-rsa-key-code] 0861B74A0E135523CCD74CAC61F8E58C452B2F3F2DA0DC
[Quidway-rsa-key-code] C48E3306367FE187BDD944018B3B69F3CBB0A573202C16
[Quidway-rsa-key-code] BB2FC1ACF3EC8F828D55A36F1CDDC4BB45504F020125
[Quidway-rsa-key-code] public-key-code end
[Quidway-rsa-public-key]
8.1.9 public-key-code end
Command
public-key-code end
View
Public key edit view
Parameter
None
Description
Using the public-key-code end command, you can save the configured public key and
return to the public key view from the public key edit view.
8-7
This command terminates the edit process of public key and checks its validity before
saving. If the public key contains invalid characters or violates coding rules,
corresponding information will be prompted and the current configuration fails. If you
have configured valid public key, the system will store it into the public key table.
For the related commands, see rsa peer-public-key, public-key-code begin.
Example
# Exit the public key edit view and save the configuration.
[Quidway-rsa-public-key] public-key-code begin
[Quidway-rsa-key-code] public-key-code end
8.1.10 rsa local-key-pair create
Command
rsa local-key-pair create
View
System view
Parameter
None
Description
Using the rsa local-key-pair create command, you can create local RSA host key pair
and server key pair.
If you have configured RSA key, the system gives an alarm after using this command
and prompts that the existing one will be replaced. The key naming format is switch
name plus server and switch name plus host, for example, Quidway_host and
Quidway_server. The configuration result of this command will not be stored in the
configuration file.
The system prompts you to key in bit range, for which, the server key pair must be at
least 128 bits longer than the host key pair. The maximum bit range of both key pairs is
2048 bits and the minimum is 512. If there have been key pairs, the system will prompts
you to decide whether to modify them.
For a successful SSH logon, you must configure and generate the local RSA key pairs.
To generate local key pairs, you just need to execute the command once, with no
further action required even after the system is rebooted.
8-8
For the related command, see rsa local-key-pair destroy.
Example
# Create local host key pair and server key pair.

[Quidway] rsa local-key-pair create
The key name will be: Quidway_Host
The range of public key size is (512 ~ 2048).
NOTES: If the key modulus is greater than 512,
It will take a few minutes.
Input the bits in the modulus[default = 512]:
Generating keys...
.....++++++++++++
........................++++++++++++
..........++++++++
............................++++++++
[Quidway]
8.1.11 rsa local-key-pair destroy
Command
rsa local-key-pair destroy
View
System view
Parameter
None
Description
Using the rsa local-key-pair destroy command, you can remove all RSA key pairs at
the server, including Host key pair and Server key pair.
Acknowledgement information will be promoted before the system clears all RSA key
pairs. This command is just a one-time instruction, so the result will not be stored in the
configuration file.
For the related commands, see rsa local-key-pair create.
Example
# Remove all key pairs at the server.

8-9

[Quidway] rsa local-key-pair destroy
% The name for the keys which will be destroyed is Quidway_Host .
% Confirm to destroy these keys? [Y/N]:y
[Quidway]
8.1.12 rsa peer-public-key
Command
rsa peer-public-key key-name
View
System view
Parameter
key-name: Public key name
Description
Using the rsa peer-public-key command, you can enter the public key view.
When using this command together with the public-key-code begin command, you
can configure the public key at the client, which is generated randomly by the client
program supporting SSH1.5.
For the related commands, see public-key-code begin, public-key-code end.
Example
# Enter the public key view.

8.1.13 ssh server authentication-retries
Command
ssh server authentication-retries times

undo ssh server authentication-retries
View
System view
8-10
Parameter
times: Specifies authentication retry times, in the range of 1~5.
Description
Using the ssh server authentication-retries command, you can define SSH
authentication retry times value, which takes effect at next logon. Using the undo ssh
server authentication-retries command, you can restore the default retry value.
By default, it is 3.
For the related command, see display ssh server.
Example
# Define the authentication retry times value as 4.

[Quidway] ssh server authentication-retries 4
[Quidway]
8.1.14 ssh server rekey-interval
Command
ssh server rekey-interval hours

undo ssh server rekey-interval
View
System view
Parameter
hours: Defines key update interval, in the range of 1~24 hours.
Description
Using the ssh server rekey-interval command, you can define update interval of
server key pair. Using the undo ssh server rekey-interval command, you can cancel
the current setting.
By default, system doesn’t update the server key.
For the related commands, see display ssh server.
Example
# Define update interval of server key pair as 3 hours.

8-11
[Quidway] ssh server rekey-interval 3

[Quidway]
8.1.15 ssh server timeout
Command
ssh server timeout seconds

undo ssh server timeout
View
System view
Parameter
seconds: Defines registration timeout value, in the range of 1~120 seconds.
Description
Using the ssh server timeout command, you can define timeout value for SSH
registration authentication, which takes effect at next logon. Using the undo ssh
server timeout command, you can restore the default value.
By default, the timeout value is 60 seconds.
For the related commands, see display ssh server.
Example
# Define the registration timeout value as 80 seconds.

[Quidway] ssh server timeout 80
[Quidway]
8.1.16 ssh user assign rsa-key
Command
ssh user username assign rsa-key keyname

undo ssh user username assign rsa-key
View
System view
Parameter
keyname: Configures client public key, consisting of 1~32 characters.

username: Valid local user name or user name defined by remote RADIUS system.
8-12
Description
Using the ssh user username assign rsa-key command, you can associate an
existing public key with a designated user. Using the undo ssh user username
assign rsa-key command, you can delete the association.
For a user who has been associated with a public key, the command associates
him/her with the new public key.
The newly configured users take effect at the next logon.
For the related command, see display ssh user-information.
Example
# Associate the key 1 with the zhangsan.

[Quidway] ssh user zhangsan assign rsa-key key1
[Quidway]
8.1.17 ssh user username authentication-type
Command
ssh user username authentication-type { all | password | rsa }

undo ssh user username authentication-type
View
System view
Parameter
username: Valid local user name or user name defined by remote RADIUS system.
all: Specifies authentication type as password and RSA.
password: Specifies authentication type as password.
rsa: Specifies authentication type as RSA.
Description
Using the ssh user username authentication-type command, you can define
authentication type for a designated user. Using the undo ssh user username
authentication-type command, you can restore the default mode in which logon fails.
By default, user can’t logon the switch through SSH or TELNET, so you have to specify
authentication type for a new user. The new configuration takes effects at the next
logon.
For the related commands, see display ssh user-information.
8-13
Example
# Specify zhangsan’s authentication type as password.

[Quidway] ssh user zhangsan authentication-type password
[Quidway]
8-14
HUAWEI

Command Manual
Auto Detecting

Command Manual - Auto Detecting
Table of Contents
Chapter 1 Auto Detect Configuration Commands ..................................................................... 1-1

1.1.1 detect-group ............................................................................................................ 1-1
1.1.2 detect-list ................................................................................................................. 1-1
1.1.3 display detect-group................................................................................................ 1-2
1.1.4 option....................................................................................................................... 1-4
1.1.5 retry ......................................................................................................................... 1-5
1.1.6 timer loop................................................................................................................. 1-5
1.1.7 timer wait ................................................................................................................. 1-6
Chapter 2 Auto Detect Implementation Commands .................................................................. 2-1

2.1.1 ip route-static........................................................................................................... 2-1
2.1.2 standby detect-group .............................................................................................. 2-2
2.1.3 vrrp vrid track detect-group ..................................................................................... 2-3
i
Quidway S3500 Series Ethernet Switches Chapter 1 Auto Detect Configuration Commands
Chapter 1 Auto Detect Configuration Commands
Note:
Quidway S3552F /S3552G /S3552P /3528G /3528P /S3526E /S3526E FM /S3526E
FS /S3526C Ethernet Switches support the Auto Detecting feature.
1.1.1 detect-group
Syntax
detect-group group-number
undo detect-group group-number
View
System view
Parameter
group-number: Specifies detecting group number, which ranges from 1 to 100.
Description
Use the detect-group command to create a detecting group and enter its view.
Use the undo detect-group command to remove a specified detecting group.
Example
# Create a detecting group numbered 10.

[Quidway] detect-group 10
[Quidway-detect-group-10]
1.1.2 detect-list
Syntax
detect-list list-number ip address ip-address [ nexthop ip-address ]

undo detect-list list-number ip address ip-address [ nexthop ip-address ]
1-1
View
Detecting group views
Parameter
list-number: Specifies the sequence number of the detecting address, which ranges
from 1 to 100.
ip-address: The IP address of the interface to be detected.
nexthop ip-address: Specifies the IP address of the interface taken as the next hop.
Description
Use the detect-list command to specify the IP address of the interface to be detected
in the detecting group. This command also specifies the order the interfaces are
detected.
Use the undo detect-list command to instruct the switch to skip the interface when
detecting, whose IP address is set by the ip address ip-address command.
Upon configuring the IP addresses of the interfaces to be detected, the switch detects
these interfaces one by one from those with smaller list-number value to those with
larger list-number value. Up to 100 IP addresses can be configured in a detecting group.
You can specify how the detecting result is generated by using the option command.
Related command: option.
Example
# Add an IP address 202.13.1.55 to the detecting group numbered 10 with list-number

set to 1, taking the interface with IP address of 1.1.1.1 as the next hop.
[Quidway-detect-group-10] detect-list 1 ip address 202.13.1.55 nexthop
1.1.1.1
1.1.3 display detect-group
Syntax
display detect-group [ group-number ]
View
Any view
Parameter
group-number: Specifies the detecting group number, which ranges from 1 to 100.
1-2
Description
Use the display detect-group command to display configuration information about a

specified detecting group or all detecting groups.
Example
# Display configuration information about detecting group 1.

[Quidway] display detect-group 1
detect-group 1 :
detect loop time(s): 15
ping wait time(s): 2
detect retry times: 2
detect ip option: and
group state: not detecting
register module num: 0
detect ip number: 1
detect-list ip address next-hop
1 1.1.1.1 1.1.1.5
Table 1-1 Description on the fields of the display detect-group command
Field Description
detect-group 1 Detecting group 1
detect loop time(s): 15 The detecting interval is 15 seconds.
ping wait time(s): 2 The timeout time is 2 seconds.

detect retry times: 2 The retry times is 2.
The detecting result is reachable only when all the
detect ip option: and
specified interfaces can be successfully pinged.
group state: not
The detecting group is not in use at present.
detecting
register module num: 0 Count of times the detect group has been referenced.
Number of IP addresses contained in the detecting
detect ip number: 1
group.
The number of an IP address contained in the

detect-list
detecting group.
ip address The IP address of the interface to be detected.
next-hop The IP address of the interface taken as the next hop.
1-3
1.1.4 option
Syntax
option [ and | or ]
undo option [ and | or ]
View
Parameter
and: Specifies the detecting result is reachable only when all the specified interfaces
can be successfully pinged.
or: Specifies the detecting result is reachable if one of the specified interfaces can be
successfully pinged.
Description
Use the option command to specify how the detecting result is generated.
Use the undo option command to specify the detecting result is reachable only when
all the specified interfaces can be successfully pinged, which is the same as the option
and command.
When a detecting operation is being carried out, the switch detects each interface for
their reachability whose IP address is contained in the detecting group one by one from
those with smaller list-number value to those with larger list-number value.
z If you specify the and keyword, the switch returns unreachable as the detecting
result when the switch fails to ping an IP address contained in the detecting group
and stops detecting.
z If you specify the or keyword, the switch returns reachable as the detecting result
if the switch succeeds in pinging an IP address contained in the detecting group
and stops detecting.
By default, the and keyword is specified.
Example
# Specify the or keyword for detecting group 10.

[Quidway-detect-group-10] option or
1-4
1.1.5 retry
Syntax
retry retry_times
View
Parameter
retry_times: Specifies the retry times during a detection, which ranges from 0 to 10 and
defaults to 2.
Description
Use the retry command to set the retry times during a detection.
Example
# Specify the maximum retires to 10 for detecting group 10.

[Quidway-detect-group-10] retry 3
1.1.6 timer loop
Syntax
timer loop seconds
View
Parameter
seconds: Specifies the detecting interval, which ranges form 5 to 86400 (in seconds)
and defaults to 15.
Description
Use the timer loop command to set the detecting interval, that is, the frequency to
perform auto detect.
Example
# Set the detecting interval of detecting group 10 to 60 seconds.

1-5

[Quidway-detect-group-10] timer loop 60
1.1.7 timer wait
Syntax
timer wait seconds
View
Parameter
seconds: Specifies the timeout time of a detection, which ranges from 1 to 30 (in
seconds) and defaults to 2.
Description
Use the timer wait command to set the timeout time of a detection.
Example
# Set the timeout time to 3 seconds for detecting group 3.

[Quidway-detect-group-10] timer wait 3
1-6
Quidway S3500 Series Ethernet Switches Chapter 2 Auto Detect Implementation Commands
Chapter 2 Auto Detect Implementation Commands
Note:
z Refer to the Routing Protocol part in this manual for more information ablout static
route.
z Refer to the Reliability part in this manual for more information about VRRP.
2.1.1 ip route-static
Syntax
ip route-static ip-address { mask | mask-length } { interface-type interface-number |

nexthop } [ preference preference-value ] [ reject | blackhole ] detect-group
group-number
undo ip route-static ip-address { mask | mask-length } [ interface-type
interface-number | nexthop ] [ preference preference-value ]
View
System view
Parameter
ip-address: Specifies the IP address in dotted decimal notation.

mask: Specifies the subnet mask.
mask-length: Specifies the length of the subnet mask, that is, the number of successive
bits in the subnet mask whose values are 1.
interface-type: Specifies the type of the next hop interface.
interface-number: Specifies the number of the next hop interface.
nexthop: Specifies the IP address of the next hop in dotted decimal notation.
preference-value: Specifies the preference value of the route, which ranges from 1 to
255.
reject: Specifies the route to be unreachable. If you specify this keyword when
executing this command, any IP packet transmitted along this route is discarded, and
the system informs the source that the destination is unreachable.
blackhole: Specifies the route to be a black hole. If you specify this keyword when
executing this command, all outbound interfaces are the Null 0 interfaces regardless of
2-1
the next hop. In addition, the system discards any IP packet transmitted along this route
without informing the source.
group-number: Specifies the number of the detecting group, which ranges from 1 to
100.
Description
Use the ip route-static command to configure a static route, whose validity depends
on detecting results as follows:
z Valid when the detecting result is reachable.
z Invalid when the detecting result is unreachable.
Use the undo ip route-static command to remove an existing static route.
Example
# Configure a static route to 192.168.0.5/24 with 192.168.0.2 as the next hop. The
route is to be enabled when the result of detecting group 10 is reachable.
[Quidway] ip route-static 192.168.0.5 24 192.168.0.2 detect-group 10
2.1.2 standby detect-group
Syntax
standby detect-group group-number

undo standby detect-group group-number
View
VLAN interface views
Parameter
Description
Use the standby detect-group command to specify to enable VLAN interface backup
function by using the auto detect function.
Use the undo standby detect-group command to disable VLAN interface backup
function.
You can enable VLAN interface backup function by auto detecting results in the
following ways:
z Enable the primary interface when the result of the detecting group is reachable.
2-2
z Enable the secondary interface when the result of the detecting group is
unreachable.
z When the link between the primary VLAN interface and the destination comes
back up, that is, the result of the detecting group is reachable again, the system
enables the primary VLAN interface and shuts down the secondary.
Example
# Specify to enable VLAN interface 2 when the result of detecting group 10 is

unreachable.
[Quidway-vlan-interface2] standby detect-group 10
2.1.3 vrrp vrid track detect-group
Syntax
vrrp vrid virtual-router-id track detect-group group-number [ reduced

value-reduced ]
undo vrrp vrid virtual-router-id track detect-group group-number
View
VLAN interface views
Parameter
virtual-router-id: Specifies the ID of the virtual router.

value-reduced: Specifies the increment by which the preference value is reduced. It
ranges from 1 to 255 and defaults to 10.
Description
Use the vrrp vrid command to enable detecting function when employing VRRP.
Use the undo vrrp vrid command to disable detecting function when employing VRRP.
You can control the preference value of a VRRP backup group according to the result of
a detecting group to enable automatic switch between the primary switch and the
secondary switch.
z Decrease the preference value of a backup group when the result of the detecting
group is unreachable.
z Restore the preference value of a backup group when the result of the detecting
group is reachable.
2-3
Example
# Create a detecting group numbered 10 and specify to detect the interface with an IP
address of 202.13.1.55.
[Quidway-detect-group-10] detect-list 1 ip 202.13.1.55
# Specify to decrease the preference value of backup group 1 by 20 when the result of
detecting group 10 is unreachable.
[Quidway- vlan-interface2] vrrp vrid 1 track detect-group 10 reduced 20
2-4
HUAWEI

Command Manual
Appendix

Command Manual - Appendix
Table of Contents
Appendix A Command Index .......................................................................................................A-1
i
Quidway S3500 Series Ethernet Switches Appendix A Command Index
Appendix A Command Index
The command index includes all the commands in the VRP Command Manual, which are arranged
alphabetically.
ABCDEFGHIJKLMNOPQRSTUVWXYZ
A
Integrated
abr-summary Management 3-1
Command
Reliability
access-limit 3-1
Command
Reliability
accounting optional 3-20
Command
Reliability
accounting-on enable 3-18
Command
acl Security Command 1-1
System
active region-configuration Management 1-1
Command
Multicast Protocol
add-member 2-14
Command
address-check QACL Command 5-1
address-check dhcp-relay QACL Command 6-29
address-check no-matched QACL Command 6-30
Multicast Protocol
administrator-address 2-15
Command
Integrated
aggregate Management 4-1
Command
am enable QACL Command 9-1
am ip-pool QACL Command 9-1
am isolate QACL Command 9-2
A-1
am trap enable QACL Command 9-3

am user-bind QACL Command 9-4
Integrated
apply as-path Management 5-1
Command
Integrated
apply community Management 5-2
Command
Integrated
apply cost Management 5-3
Command
Integrated
apply cost-type Management 5-3
Command
Integrated
apply ip next-hop Management 5-4
Command
Integrated
apply local-preference Management 5-5
Command
Integrated
apply origin Management 5-5
Command
Integrated
apply tag Management 5-6
Command
Integrated
area Management 3-2
Command
arp check enable QACL Command 2-1
arp probe ip QACL Command 2-1
arp proxy QACL Command 3-1
arp send-gratuitous enable QACL Command 2-11
arp source-suppression cache QACL Command 2-2
arp source-suppression enable QACL Command 2-3
arp source-suppression limit QACL Command 2-3
arp static QACL Command 2-5
arp timer aging QACL Command 2-6
arp timer probe QACL Command 2-4
Integrated
asbr-summary Management 3-2
Command
A-2
Auto Detecting
ascii 1-18
Command
Reliability
attribute 3-2
Command
authentication-mode Port Command 1-1
Integrated
authentication-mode Management 3-3
Command
Multicast Protocol
auto-build 2-15
Command
auto-execute command Port Command 1-1
B
Integrated
bgp Management 4-2
Command
Auto Detecting
binary 1-18
Command
Auto Detecting
boot boot-loader 3-1
Command
Auto Detecting
boot bootrom 3-1
Command
broadcast-suppression VLAN Command 1-1
Multicast Protocol
build 2-16
Command
Auto Detecting
bye 1-19
Command
C
c-bsr STP Command 5-1
Auto Detecting
cd 1-1
Command
Auto Detecting
cd 1-19
Command
Auto Detecting
cdup 1-20
Command
System
check region-configuration Management 1-1
Command
Integrated
checkzero Management 2-1
Command
A-3
Auto Detecting
clock datetime 4-1
Command
Auto Detecting
clock summer-time 4-1
Command
Auto Detecting
clock timezone 4-3
Command
Auto Detecting
close 1-20
Command
Multicast Protocol
cluster 2-17
Command
Multicast Protocol
cluster enable 2-17
Command
Multicast Protocol
cluster switch-to 2-18
Command
command-privilege level Port Command 1-2
Integrated
compare-different-as-med Management 4-3
Command
Integrated
confederation id Management 4-4
Command
Integrated
confederation nonstandard Management 4-5
Command
Integrated
confederation peer-as Management 4-5
Command
Getting Started
Conventions 5
Command
Auto Detecting
copy 1-1
Command
c-rp STP Command 5-2
Reliability
cut connection 3-3
Command
D
Integrated
dampening Management 4-6
Command
databits Port Command 1-3
Reliability
data-flow-format 3-20
Command
A-4
Auto Detecting
debugging 1-21
Command
Auto Detecting
debugging 4-13
Command
debugging arp packet QACL Command 2-6
Integrated
debugging bgp Management 4-7
Command
debugging bootp client QACL Command 8-1
debugging dhcp client QACL Command 4-1
debugging dhcp relay QACL Command 6-31
debugging dhcp server QACL Command 6-3
debugging dhcp-relay QACL Command 5-1
debugging gmrp STP Command 1-1
debugging igmp STP Command 4-1
debugging multicast forwarding STP Command 3-1
debugging multicast kernel-routing STP Command 3-1
debugging multicast status-forwarding STP Command 3-2
Auto Detecting
debugging ntp-service 7-1
Command
debugging pim common STP Command 5-2
debugging pim dm STP Command 5-3
debugging pim sm STP Command 5-4
Reliability
debugging portal 2-1
Command
Auto Detecting
debugging ssh server 8-1
Command
System
debugging vrrp Management 1-1
Command
Integrated
default cost Management 2-2
Command
Integrated
default cost Management 3-4
Command
Integrated
default interval Management 3-5
Command
A-5
Integrated
default limit Management 3-5
Command
Integrated
default local-preference Management 4-8
Command
Integrated
default med Management 4-9
Command
Integrated
default tag Management 3-6
Command
Integrated
default type Management 3-7
Command
Integrated
default-cost Management 3-7
Command
Integrated
default-route-advertise Management 3-8
Command
Auto Detecting
delete 1-2
Command
Auto Detecting
delete 1-21
Command
Multicast Protocol
delete-member 2-19
Command
description VLAN Command 1-1
Network Protocol
description 1-1
Command
detect-group 1-1
detect-list 1-1
dhcp enable QACL Command 6-1
dhcp relay release QACL Command 6-31
dhcp relay security QACL Command 6-33
dhcp relay security address-check QACL Command 6-32
dhcp select QACL Command 6-2
dhcp server detect QACL Command 6-3
dhcp server dns-list QACL Command 6-4
dhcp server domain-name QACL Command 6-5
dhcp server expired QACL Command 6-6
A-6
dhcp server forbidden-ip QACL Command 6-7

dhcp server ip-pool QACL Command 6-8
dhcp server nbns-list QACL Command 6-8
dhcp server netbios-type QACL Command 6-9
dhcp server option QACL Command 6-10
dhcp server ping QACL Command 6-11
dhcp server static-bind QACL Command 6-12
dhcp-security static QACL Command 5-3
dhcp-server QACL Command 5-4
dhcp-server detect QACL Command 5-4
dhcp-server ip QACL Command 5-5
dhcp-snooping QACL Command 7-1
dhcp-snooping trust QACL Command 7-2
Auto Detecting
dir 1-3
Command
Auto Detecting
dir 1-22
Command
Auto Detecting
disconnect 1-22
Command
display acl config Security Command 1-3
display acl running-packet-filter all Security Command 1-4
display am QACL Command 9-4
display am user-bind QACL Command 9-6
display arp QACL Command 2-7
display arp probe QACL Command 2-8
display arp proxy QACL Command 3-1
display arp source-suppression QACL Command 2-9
display arp timer aging QACL Command 2-10
Integrated
display bgp group Management 4-9
Command
A-7
Integrated
display bgp network Management 4-10
Command
Integrated
display bgp paths Management 4-11
Command
Integrated
display bgp peer Management 4-12
Command
Integrated
display bgp routing-table Management 4-14
Command
Integrated
display bgp routing-table as-path-acl Management 4-15
Command
Integrated
display bgp routing-table cidr Management 4-17
Command
Integrated
display bgp routing-table community Management 4-18
Command
Integrated
display bgp routing-table community-list Management 4-18
Command
Integrated
display bgp routing-table dampened Management 4-19
Command
Integrated
display bgp routing-table different-origin-as Management 4-21
Command
Integrated
display bgp routing-table flap-info Management 4-21
Command
Integrated
display bgp routing-table peer Management 4-23
Command
Integrated
display bgp routing-table regular-expression Management 4-24
Command
Auto Detecting
display boot-loader 3-2
Command
display bootp client QACL Command 8-1
Auto Detecting
display channel 4-19
Command
Auto Detecting
display clock 4-4
Command
A-8
Multicast Protocol
display cluster 2-20
Command
Multicast Protocol
display cluster candidates 2-22
Command
Multicast Protocol
display cluster members 2-23
Command
Reliability
display connection 3-4
Command
Auto Detecting
display cpu 3-2
Command
Auto Detecting
display current-configuration 4-5
Command
Auto Detecting
display debugging 4-9
Command
Reliability
display debugging habp 5-1
Command
Integrated
display debugging ospf Management 3-9
Command
display detect-group 1-2
Auto Detecting
display device 3-3
Command
display dhcp client QACL Command 4-2
display dhcp relay address QACL Command 6-33
display dhcp relay statistics QACL Command 6-34
display dhcp server conflict QACL Command 6-13
display dhcp server expired QACL Command 6-14
display dhcp server free-ip QACL Command 6-15
display dhcp server ip-in-use QACL Command 6-15
display dhcp server statistics QACL Command 6-16
display dhcp server tree QACL Command 6-18
display dhcprelay-security QACL Command 6-35
display dhcp-security QACL Command 5-5
display dhcp-server QACL Command 5-6
display dhcp-server interface vlan-interface QACL Command 5-8
display dhcp-snooping QACL Command 7-2
display dhcp-snooping trust QACL Command 7-3
Auto Detecting
display diagnostic-information 4-14
Command
A-9
Reliability
display domain 3-5
Command
Reliability
display dot1x 1-1
Command
Auto Detecting
display fan 3-4
Command
display fib QACL Command 10-1
display flow-template Security Command 1-29
Auto Detecting
display ftp-server 1-13
Command
Auto Detecting
display ftp-user 1-14
Command
Network Protocol
display garp statistics 3-1
Command
Network Protocol
display garp timer 3-2
Command
display gmrp statistics STP Command 1-1
display gmrp status STP Command 1-2
Network Protocol
display gvrp statistics 3-5
Command
Network Protocol
display gvrp status 3-6
Command
Reliability
display habp 5-1
Command
Reliability
display habp table 5-2
Command
Reliability
display habp traffic 5-2
Command
display history-command Port Command 1-4
display icmp statistics QACL Command 10-2
display igmp group STP Command 4-1
display igmp interface STP Command 4-2
display igmp port STP Command 4-3
display igmp-snooping configuration STP Command 2-1
display igmp-snooping group STP Command 2-2
display igmp-snooping statistics STP Command 2-3
Auto Detecting
display info-center 4-20
Command
display interface VLAN Command 1-2
A-10
Network Protocol
display interface vlan-interface 1-1
Command
display ip host QACL Command 1-1
display ip interface QACL Command 1-1
Integrated
display ip ip-prefix Management 5-7
Command
Integrated
display ip routing-table Management 1-1
Command
Integrated
display ip routing-table acl Management 1-2
Command
Integrated
display ip routing-table ip_address Management 1-6
Command
Integrated
display ip routing-table ip_address1 ip_address2 Management 1-8
Command
Integrated
display ip routing-table ip-prefix Management 1-9
Command
Integrated
display ip routing-table protocol Management 1-10
Command
Integrated
display ip routing-table radix Management 1-11
Command
Integrated
display ip routing-table statistics Management 1-12
Command
Integrated
display ip routing-table verbose Management 1-13
Command
display ip socket QACL Command 10-3
display ip statistics QACL Command 10-4
Network Protocol
display isolate-user-vlan 2-1
Command
display link-aggregation VLAN Command 2-1
Reliability
display local-server statistics 3-21
Command
Reliability
display local-user 3-6
Command
display loopback-detection VLAN Command 1-5
A-11
Auto Detecting
display mac-address 2-1
Command
Auto Detecting
display mac-address aging-time 2-1
Command
Integrated
display memory Management 6-1
Command
Auto Detecting
display memory 3-5
Command
Integrated
display memory limit Management 6-2
Command
display mirror Security Command 2-37
display multicast forwarding-table STP Command 3-2
display multicast routing-table STP Command 3-4
display multicast vif STP Command 3-6
Multicast Protocol
display ndp 2-1
Command
Multicast Protocol
display ntdp 2-7
Command
Multicast Protocol
display ntdp device-list 2-8
Command
Auto Detecting
display ntp-service sessions 7-2
Command
Auto Detecting
display ntp-service status 7-2
Command
Auto Detecting
display ntp-service trace 7-4
Command
Integrated
display ospf abr-asbr Management 3-9
Command
Integrated
display ospf asbr-summary Management 3-10
Command
Integrated
display ospf brief Management 3-12
Command
Integrated
display ospf cumulative Management 3-13
Command
Integrated
display ospf error Management 3-15
Command
A-12
Integrated
display ospf interface Management 3-18
Command
Integrated
display ospf lsdb Management 3-19
Command
Integrated
display ospf nexthop Management 3-21
Command
Integrated
display ospf peer Management 3-22
Command
Integrated
display ospf request-queue Management 3-24
Command
Integrated
display ospf retrans-queue Management 3-25
Command
Integrated
display ospf routing Management 3-26
Command
Integrated
display ospf vlink Management 3-27
Command
display pim bsr-info STP Command 5-5
display pim interface STP Command 5-5
display pim neighbor STP Command 5-6
display pim routing-table STP Command 5-7
display pim rp-info STP Command 5-8
display port VLAN Command 1-6
Reliability
display portal 2-2
Command
Network Protocol
display protocol-vlan interface 1-8
Command
Network Protocol
display protocol-vlan vlan 1-9
Command
display qos conform-level Security Command 2-38
display qos cos-drop-precedence-map Security Command 2-39
display qos cos-local-precedence-map Security Command 2-1
display qos-global all Security Command 2-1
A-13

display qos-global mirrored-to Security Command 2-3
display qos-global mirrored-to Security Command 2-17
display qos-global traffic-priority Security Command 2-4
display qos-global traffic-priority Security Command 2-18
display qos-global traffic-redirect Security Command 2-19
display qos-global traffic-statistic Security Command 2-5
display qos-global traffic-statistic Security Command 2-20
display qos-interface all Security Command 2-21
display qos-interface all Security Command 2-40
display qos-interface drop-mode Security Command 2-41
display qos-interface line-rate Security Command 2-22
display qos-interface mirrored-to Security Command 2-43
display qos-interface queue-scheduler Security Command 2-6
display qos-interface queue-scheduler Security Command 2-41
display qos-interface traffic-limit Security Command 2-23
display qos-interface traffic-limit Security Command 2-44
display qos-interface traffic-priority Security Command 2-44
display qos-interface traffic-redirect Security Command 2-45
display qos-interface traffic-shape Security Command 2-43
display qos-interface traffic-statistic Security Command 2-45
display queue-scheduler Security Command 2-24
Reliability
display radius 3-22
Command
Reliability
display radius statistics 3-23
Command
Integrated
display rip Management 2-2
Command
Auto Detecting
display rmon alarm 6-1
Command
Auto Detecting
display rmon event 6-2
Command
Auto Detecting
display rmon eventlog 6-3
Command
A-14
Auto Detecting
display rmon history 6-4
Command
Auto Detecting
display rmon prialarm 6-5
Command
Auto Detecting
display rmon statistics 6-6
Command
Integrated
display route-policy Management 5-7
Command
Auto Detecting
display rsa local-key-pair public 8-2
Command
Auto Detecting
display rsa peer-public-key 8-3
Command
Auto Detecting
display saved-configuration 4-9
Command
Auto Detecting
display snmp-agent 5-1
Command
Auto Detecting
display snmp-agent community 5-1
Command
Auto Detecting
display snmp-agent group 5-2
Command
Auto Detecting
display snmp-agent mib-view 5-3
Command
Auto Detecting
display snmp-agent statistics 5-4
Command
Auto Detecting
display snmp-agent sys-info contact 5-5
Command
Auto Detecting
display snmp-agent sys-info location 5-6
Command
Auto Detecting
display snmp-agent sys-info version 5-6
Command
Auto Detecting
display snmp-agent usm-user 5-7
Command
Auto Detecting
display ssh server 8-4
Command
Auto Detecting
display ssh user-information 8-4
Command
Multicast Protocol
display stacking 1-1
Command
Reliability
display stop-accounting-buffer 3-24
Command
A-15
System
display stp Management 1-3
Command
System
display stp region-configuration Management 1-5
Command
Network Protocol
display supervlan 4-1
Command
Reliability
display system-guard ip-record 6-1
Command
Reliability
display system-guard state 6-2
Command
display tcp statistics QACL Command 10-6
display tcp status QACL Command 10-7
display time-range Security Command 1-4
display user-interface Port Command 1-5
display users Port Command 1-6
Auto Detecting
display users 4-12
Command
Auto Detecting
display version 4-12
Command
Network Protocol
display vlan 1-2
Command
System
display vrrp Management 1-2
Command
dns-list QACL Command 6-20
Reliability
domain 3-8
Command
domain-name QACL Command 6-21
Reliability
dot1x 1-2
Command
Reliability
dot1x authentication-method 1-3
Command
Reliability
dot1x dhcp-launch 1-5
Command
Reliability
dot1x guest-vlan 1-5
Command
A-16
Reliability
dot1x max-user 1-6
Command
Reliability
dot1x port-control 1-7
Command
Reliability
dot1x port-method 1-9
Command
Reliability
dot1x quiet-period 1-10
Command
Reliability
dot1x re-authenticate 1-10
Command
Reliability
dot1x retry 1-11
Command
Reliability
dot1x retry-version-max 1-12
Command
Reliability
dot1x supp-proxy-check 1-13
Command
Reliability
dot1x timer 1-14
Command
Reliability
dot1x version-check 1-16
Command
drop-mode Security Command 2-46
dscp Security Command 2-46
duplex VLAN Command 1-6
E
expired QACL Command 6-22
F
Auto Detecting
file prompt 1-4
Command
Integrated
filter-policy export Management 2-3
Command
Integrated
Command
Integrated
Command
Integrated
Command
A-17
Integrated
filter-policy import Management 2-4
Command
Integrated
Command
Integrated
Command
Integrated
Command
flow-constrain VLAN Command 1-7
flow-constrain method VLAN Command 1-8
flow-control Port Command 1-7
flow-control VLAN Command 1-9
flow-interval VLAN Command 1-9
flow-template user-defined Security Command 1-31
flow-template user-defined template-info Security Command 1-31
Auto Detecting
format 1-5
Command
free user-interface Port Command 1-7
Auto Detecting
ftp 1-23
Command
Auto Detecting
ftp server 1-14
Command
Auto Detecting
ftp timeout 1-15
Command
Multicast Protocol
ftp-server 2-25
Command
G
Network Protocol
garp timer 3-2
Command
Network Protocol
garp timer leaveall 3-3
Command
gateway-list QACL Command 6-22
Auto Detecting
get 1-23
Command
gmrp STP Command 1-3
gratuitous-arp-learning enable QACL Command 2-12
A-18
Integrated
group Management 4-26
Command
Network Protocol
gvrp 3-6
Command
Network Protocol
gvrp registration 3-7
Command
H
Reliability
habp enable 5-3
Command
Reliability
habp server vlan 5-4
Command
Reliability
habp timer 5-4
Command
header Port Command 1-8
history-command max-size Port Command 1-10
Multicast Protocol
holdtime 2-26
Command
Integrated
host-route Management 2-5
Command
I
Reliability
idle-cut 3-9
Command
idle-timeout Port Command 1-10
Integrated
if-match { acl | ip-prefix } Management 5-10
Command
Integrated
if-match as-path Management 5-11
Command
Integrated
if-match community Management 5-12
Command
Integrated
if-match cost Management 5-12
Command
Integrated
if-match interface Management 5-13
Command
A-19
Integrated
if-match ip next-hop Management 5-14
Command
Integrated
if-match tag Management 5-15
Command
igmp group-policy STP Command 4-4
igmp group-policy vlan STP Command 4-5
igmp host-join STP Command 4-6
igmp host-join vlan STP Command 4-6
igmp max-response-time STP Command 4-7
igmp timer other-querier-present STP Command 4-8
igmp timer query STP Command 4-9
igmp version STP Command 4-9
igmp-snooping STP Command 2-3
igmp-snooping fast-leave STP Command 2-4
igmp-snooping group-limit STP Command 2-5
igmp-snooping group-policy STP Command 2-5
igmp-snooping host-aging-time STP Command 2-7
igmp-snooping max-response-time STP Command 2-8
igmp-snooping router-aging-time STP Command 2-9
Integrated
import-route Management 2-6
Command
Integrated
Command
Integrated
Command
Auto Detecting
info-center channel name 4-21
Command
Auto Detecting
info-center console channel 4-21
Command
Auto Detecting
info-center enable 4-22
Command
Auto Detecting
info-center logbuffer 4-23
Command
Auto Detecting
info-center loghost 4-23
Command
A-20
Auto Detecting
info-center loghost source 4-24
Command
Auto Detecting
info-center monitor channel 4-25
Command
Auto Detecting
info-center snmp channel 4-26
Command
Auto Detecting
info-center source 4-26
Command
Auto Detecting
info-center timestamp 4-29
Command
Auto Detecting
info-center trapbuffer 4-29
Command
System
instance Management 1-6
Command
Getting Started
Intended Audience 4
Command
interface VLAN Command 1-10
Network Protocol
interface vlan-interface 1-3
Command
Network Protocol
ip address 1-4
Command
ip address QACL Command 1-2
ip address bootp-alloc QACL Command 8-2
ip address dhcp-alloc QACL Command 4-2
Integrated
ip as-path-acl Management 4-27
Command
Integrated
ip community-list Management 4-28
Command
ip host QACL Command 1-3
ip http acl Security Command 3-1
Integrated
ip ip-prefix Management 5-15
Command
ip relay address QACL Command 6-35
ip relay address cycle QACL Command 6-36
Integrated
ip route-static Management 1-15
Command
ip route-static 2-1
A-21
Integrated
ip route-static default-preference Management 1-17
Command
Multicast Protocol
ip-pool 2-27
Command
Network Protocol
isolate-user-vlan 2-2
Command
Network Protocol
isolate-user-vlan enable 2-3
Command
J
K
Reliability
key 3-25
Command
L
language-mode Port Command 1-11
Auto Detecting
lcd 1-24
Command
line-rate Security Command 2-25
link-aggregation VLAN Command 2-2
local-precedence Security Command 2-48
Reliability
local-server 3-26
Command
Reliability
local-user 3-10
Command
Auto Detecting
local-user 1-15
Command
Reliability
local-user password-display-mode 3-11
Command
lock Port Command 1-11
Multicast Protocol
logging-host 2-27
Command
loopback VLAN Command 1-11
loopback-detection control enable VLAN Command 1-11
loopback-detection enable VLAN Command 1-12
loopback-detection interval-time VLAN Command 1-13
loopback-detection per-vlan enable VLAN Command 1-13
A-22
Auto Detecting
ls 1-24
Command
M
Auto Detecting
mac-address 2-2
Command
Auto Detecting
mac-address max-mac-count 2-3
Command
mac-address multicast STP Command 7-1
Auto Detecting
mac-address timer 2-4
Command
mdi VLAN Command 1-14
Integrated
memory { safety | limit } Management 6-4
Command
Integrated
memory auto-establish disable Management 6-3
Command
Integrated
memory auto-establish enable Management 6-4
Command
Reliability
messenger 3-11
Command
mirrored-to Security Command 2-7
mirroring-port Security Command 2-51
Auto Detecting
mkdir 1-5
Command
Auto Detecting
mkdir 1-25
Command
monitor-port Security Command 2-52
Auto Detecting
more 1-6
Command
Auto Detecting
move 1-6
Command
multicast routing-enable STP Command 3-6
N
Network Protocol
name 1-4
Command
A-23
Reliability
name 3-12
Command
Reliability
nas-ip 3-27
Command
nbns-list QACL Command 6-23
Multicast Protocol
ndp enable 2-4
Command
Multicast Protocol
ndp timer aging 2-5
Command
Multicast Protocol
ndp timer hello 2-5
Command
netbios-type QACL Command 6-24
network QACL Command 6-25
Integrated
network Management 2-7
Command
Integrated
Command
Integrated
Command
Integrated
nssa Management 3-32
Command
Multicast Protocol
ntdp enable 2-9
Command
Multicast Protocol
ntdp explore 2-10
Command
Multicast Protocol
ntdp hop 2-11
Command
Multicast Protocol
ntdp timer 2-12
Command
Multicast Protocol
ntdp timer hop-delay 2-12
Command
Multicast Protocol
ntdp timer port-delay 2-13
Command
Auto Detecting
ntp-service access 7-4
Command
Auto Detecting
ntp-service authentication enable 7-5
Command
Auto Detecting
ntp-service authentication-keyid 7-5
Command
A-24
Auto Detecting
ntp-service broadcast-client 7-6
Command
Auto Detecting
ntp-service broadcast-server 7-7
Command
Auto Detecting
ntp-service in-interface disable 7-8
Command
Auto Detecting
ntp-service max-dynamic-sessions 7-8
Command
Auto Detecting
ntp-service multicast-client 7-9
Command
Auto Detecting
ntp-service multicast-server 7-10
Command
Auto Detecting
ntp-service refclock-master 7-11
Command
Auto Detecting
ntp-service reliable authentication-keyid 7-11
Command
Auto Detecting
ntp-service source-interface 7-12
Command
Auto Detecting
ntp-service unicast-peer 7-13
Command
Auto Detecting
ntp-service unicast-server 7-14
Command
O
Auto Detecting
open 1-25
Command
option QACL Command 6-25
option 1-4
Getting Started
Organization 3
Command
Integrated
ospf Management 3-32
Command
Integrated
ospf authentication-mode Management 3-33
Command
Integrated
ospf cost Management 3-34
Command
Integrated
ospf dr-priority Management 3-35
Command
A-25
Integrated
ospf mtu-enable Management 3-35
Command
Integrated
ospf network-type Management 3-36
Command
Integrated
ospf timer dead Management 3-37
Command
Integrated
ospf timer hello Management 3-38
Command
Integrated
ospf timer poll Management 3-39
Command
Integrated
ospf timer retransmit Management 3-39
Command
Integrated
ospf trans-delay Management 3-40
Command
P
packet-filter Security Command 1-6
parity Port Command 1-12
Auto Detecting
passive 1-26
Command
Reliability
password 3-13
Command
Auto Detecting
password 1-16
Command
Integrated
peer Management 2-8
Command
Integrated
peer Management 3-41
Command
Integrated
peer advertise-community Management 4-29
Command
A-26
Integrated
peer allow-as-loop Management 4-30
Command
Integrated
peer as-number Management 4-31
Command
Integrated
peer as-path-acl Management 4-31
Command
Integrated
peer connect-interface Management 4-32
Command
Integrated
peer default-route-advertise Management 4-33
Command
Integrated
peer description Management 4-33
Command
Integrated
peer ebgp-max-hop Management 4-34
Command
Integrated
peer enable Management 4-35
Command
Integrated
peer filter-policy Management 4-35
Command
Integrated
peer group Management 4-36
Command
Integrated
peer ip-prefix Management 4-37
Command
Integrated
peer next-hop-local Management 4-37
Command
Integrated
peer password Management 4-38
Command
Integrated
peer public-as-only Management 4-39
Command
Integrated
peer reflect-client Management 4-40
Command
A-27
Integrated
peer route-policy Management 4-40
Command
Integrated
peer route-update-interval Management 4-41
Command
Integrated
peer timer Management 4-42
Command
Auto Detecting
peer-public-key end 8-5
Command
pim STP Command 5-9
pim bsr-boundary STP Command 5-10
pim dm STP Command 5-10
pim sm STP Command 5-11
pim timer hello STP Command 5-12
Auto Detecting
ping 4-15
Command
Network Protocol
port 1-5
Command
port access vlan VLAN Command 1-15
Network Protocol
port hybrid protocol-vlan vlan 1-10
Command
port hybrid pvid vlan VLAN Command 1-15
port hybrid vlan VLAN Command 1-16
port link-type VLAN Command 1-17
port trunk permit vlan VLAN Command 1-18
port trunk pvid vlan VLAN Command 1-18
Reliability
portal 2-5
Command
Reliability
portal arp-handshake 2-6
Command
Reliability
portal auth-network 2-7
Command
Reliability
portal delete-user 2-8
Command
Reliability
portal free-ip 2-8
Command
Reliability
portal free-user 2-9
Command
A-28
Reliability
portal method 2-10
Command
Reliability
portal server 2-11
Command
Reliability
portal upload 2-12
Command
port-isolate enable VLAN Command 3-1
port-isolate enable QACL Command 9-6
port-isolate uplink-port vlan VLAN Command 3-1
port-isolate uplink-port vlan QACL Command 9-7
Multicast Protocol
port-tagged 2-28
Command
Integrated
preference Management 2-8
Command
Integrated
preference Management 3-41
Command
Reliability
primary accounting 3-28
Command
Reliability
primary authentication 3-29
Command
priority Security Command 2-8
priority trust Security Command 2-8
protocol inbound Port Command 1-13
Auto Detecting
protocol inbound 8-6
Command
Network Protocol
protocol-vlan 1-11
Command
Auto Detecting
public-key-code begin 8-6
Command
Auto Detecting
public-key-code end 8-7
Command
Auto Detecting
put 1-26
Command
A-29
Auto Detecting
pwd 1-8
Command
Auto Detecting
pwd 1-27
Command
Q
qos conform-level Security Command 2-54
qos cos-drop-precedence-map Security Command 2-54
qos cos-local-precedence-map Security Command 2-9
queue Security Command 2-58
queue-scheduler Security Command 2-11
quit Port Command 1-13
Auto Detecting
quit 1-27
Command
R
Reliability
radius nas-ip 3-30
Command
Reliability
radius scheme 3-31
Command
Reliability
radius-scheme 3-14
Command
Auto Detecting
reboot 3-5
Command
Multicast Protocol
reboot member 2-29
Command
Integrated
reflect between-clients Management 4-42
Command
Integrated
reflector cluster-id Management 4-43
Command
Integrated
refresh bgp Management 4-44
Command
A-30
System
region-name Management 1-6
Command
register-policy STP Command 5-12
Getting Started
Related Manuals 3
Command
Getting Started
Release Notes 3
Command
Auto Detecting
remotehelp 1-28
Command
Auto Detecting
rename 1-8
Command
Integrated
reset Management 2-9
Command
reset acl counter Security Command 1-7
reset arp QACL Command 2-10
Integrated
reset bgp Management 4-44
Command
Integrated
reset bgp dampening Management 4-45
Command
Integrated
reset bgp flap-info Management 4-45
Command
Integrated
reset bgp group Management 4-46
Command
reset counters interface VLAN Command 1-19
reset dhcp relay statistics QACL Command 6-37
reset dhcp server conflict QACL Command 6-26
reset dhcp server ip-in-use QACL Command 6-27
reset dhcp server statistics QACL Command 6-27
Reliability
reset dot1x statistics 1-17
Command
Network Protocol
reset garp statistics 3-4
Command
reset igmp-snooping statistics STP Command 2-9
A-31
reset ip statistics QACL Command 10-8

Auto Detecting
reset logbuffer 4-30
Command
Multicast Protocol
reset ndp statistics 2-6
Command
Integrated
reset ospf Management 3-42
Command
Reliability
reset portal 2-13
Command
Reliability
reset radius statistics 3-32
Command
Auto Detecting
reset recycle-bin 1-9
Command
Auto Detecting
reset saved-configuration 1-11
Command
Reliability
reset stop-accounting-buffer 3-32
Command
System
reset stp Management 1-7
Command
reset tcp statistics QACL Command 10-8
reset traffic-statistic Security Command 2-12
Auto Detecting
reset trapbuffer 4-31
Command
Reliability
retry 3-33
Command
retry 1-5
Reliability
retry realtime-accounting 3-34
Command
Reliability
retry stop-accounting 3-35
Command
return Port Command 1-14
System
revision-level Management 1-8
Command
Integrated
rip Management 2-9
Command
A-32
Integrated
rip authentication-mode Management 2-10
Command
Integrated
rip input Management 2-11
Command
Integrated
rip metricin Management 2-12
Command
Integrated
rip metricout Management 2-13
Command
Integrated
rip output Management 2-13
Command
Integrated
rip split-horizon Management 2-14
Command
Integrated
rip version Management 2-15
Command
Integrated
rip work Management 2-16
Command
Auto Detecting
rmdir 1-10
Command
Auto Detecting
rmdir 1-28
Command
Auto Detecting
rmon alarm 6-8
Command
Auto Detecting
rmon event 6-9
Command
Auto Detecting
rmon history 6-10
Command
Auto Detecting
rmon prialarm 6-10
Command
Auto Detecting
rmon statistics 6-12
Command
Integrated
route-policy Management 5-16
Command
Integrated
router id Management 3-43
Command
A-33
Auto Detecting
rsa local-key-pair create 8-8
Command
Auto Detecting
rsa local-key-pair destroy 8-9
Command
Auto Detecting
rsa peer-public-key 8-10
Command
rule Security Command 1-8
S
Auto Detecting
save 1-12
Command
screen-length Port Command 1-14
Reliability
secondary accounting 3-36
Command
Reliability
secondary authentication 3-36
Command
Reliability
self-service-url 3-14
Command
send Port Command 1-15
Reliability
server-type 3-37
Command
service-type Port Command 1-15
Reliability
service-type 3-15
Command
Auto Detecting
service-type 1-17
Command
service-type multicast STP Command 6-1
Reliability
session-control-server 4-1
Command
set authentication password Port Command 1-17
shell Port Command 1-18
shutdown VLAN Command 1-20
Network Protocol
shutdown 1-6
Command
Integrated
silent-interface Management 3-44
Command
snmp-agent community Security Command 3-2
A-34
Auto Detecting
snmp-agent community 5-8
Command
snmp-agent group Security Command 3-3
Auto Detecting
snmp-agent group 5-9
Command
Auto Detecting
snmp-agent local-engineid 5-8
Command
Auto Detecting
snmp-agent mib-view 5-10
Command
Auto Detecting
snmp-agent packet max-size 5-11
Command
Auto Detecting
snmp-agent sys-info 5-11
Command
Auto Detecting
snmp-agent target-host 5-12
Command
Auto Detecting
snmp-agent trap enable 5-13
Command
Integrated
snmp-agent trap enable ospf Management 3-45
Command
Auto Detecting
snmp-agent trap life 5-15
Command
Auto Detecting
snmp-agent trap queue-size 5-15
Command
Auto Detecting
snmp-agent trap source 5-16
Command
snmp-agent usm-user Security Command 3-4
Auto Detecting
snmp-agent usm-user 5-16
Command
Multicast Protocol
snmp-host 2-29
Command
speed Port Command 1-19
speed VLAN Command 1-20
Integrated
spf-schedule-interval Management 3-46
Command
spt-switch-threshold STP Command 5-13
Auto Detecting
ssh server authentication-retries 8-10
Command
Auto Detecting
ssh server rekey-interval 8-11
Command
A-35
Auto Detecting
ssh server timeout 8-12
Command
Auto Detecting
ssh user assign rsa-key 8-12
Command
Auto Detecting
ssh user username authentication-type 8-13
Command
Multicast Protocol
stacking 1-2
Command
Multicast Protocol
stacking enable 1-3
Command
Multicast Protocol
stacking ip-pool 1-3
Command
standby detect-group 2-2
Reliability
state 3-16
Command
Reliability
state 3-38
Command
static-bind ip-address QACL Command 6-28
static-bind mac-address QACL Command 6-28
static-rp STP Command 5-14
Reliability
stop-accounting-buffer enable 3-39
Command
stopbits Port Command 1-19
System
stp Management 1-9
Command
System
stp bpdu-protection Management 1-9
Command
System
stp bridge-diameter Management 1-10
Command
System
stp config-digest-snooping Management 3-1
Command
System
stp cost Management 1-12
Command
System
stp edged-port Management 1-11
Command
A-36
System
stp interface Management 1-17
Command
System
stp interface cost Management 1-19
Command
System
stp interface edged-port Management 1-18
Command
System
stp interface loop-protection Management 1-22
Command
System
stp interface mcheck Management 1-22
Command
System
stp interface point-to-point Management 1-23
Command
System
stp interface port priority Management 1-21
Command
System
stp interface root-protection Management 1-24
Command
System
stp interface transit-limit Management 1-25
Command
System
stp loop-protection Management 1-26
Command
System
stp max-hops Management 1-27
Command
System
stp mcheck Management 1-27
Command
System
stp mode Management 1-28
Command
System
stp point-to-point Management 1-29
Command
System
stp port priority Management 1-14
Command
A-37
System
stp priority Management 1-13
Command
System
stp region-configuration Management 1-30
Command
System
stp root primary Management 1-15
Command
System
stp root secondary Management 1-16
Command
System
stp root-protection Management 1-30
Command
System
stp tc-protection Management 1-31
Command
System
stp timer forward-delay Management 1-32
Command
System
stp timer hello Management 1-33
Command
System
stp timer max-age Management 1-34
Command
System
stp transit-limit Management 1-35
Command
Integrated
stub Management 3-46
Command
Network Protocol
subvlan 4-3
Command
Integrated
summary Management 2-16
Command
Integrated
summary automatic Management 4-46
Command
super Port Command 1-20
super password Port Command 1-21
Network Protocol
supervlan 4-3
Command
A-38
sysname Port Command 1-22

Auto Detecting
sysname 4-3
Command
Reliability
system-guard detect-maxnum 6-4
Command
Reliability
system-guard detect-threshold 6-5
Command
Reliability
system-guard enable 6-3
Command
Reliability
system-guard no-learn-dip enable 6-5
Command
system-view Port Command 1-22
T
tcp timer fin-timeout QACL Command 10-9
tcp timer syn-timeout QACL Command 10-9
tcp window QACL Command 10-10
telnet Port Command 1-23
Auto Detecting
temperature-limit 3-6
Command
Auto Detecting
terminal debugging 4-31
Command
Auto Detecting
terminal logging 4-32
Command
Auto Detecting
terminal monitor 4-32
Command
Auto Detecting
terminal trapping 4-33
Command
Auto Detecting
tftp 1-30
Command
Auto Detecting
tftp get 1-30
Command
Auto Detecting
tftp put 1-31
Command
Multicast Protocol
tftp-server 2-30
Command
Integrated
timer Management 4-47
Command
Multicast Protocol
timer 2-31
Command
A-39
Reliability
timer 3-40
Command
timer loop 1-5
Reliability
timer quiet 3-41
Command
Reliability
timer realtime-accounting 3-41
Command
timer wait 1-6
time-range Security Command 1-13
Auto Detecting
tracert 4-17
Command
traffic-limit Security Command 2-32
traffic-limit Security Command 2-61
traffic-priority Security Command 2-13
traffic-redirect Security Command 2-35
traffic-redirect Security Command 2-66
traffic-shape Security Command 2-68
traffic-statistic Security Command 2-14
U
Auto Detecting
undelete 1-10
Command
Auto Detecting
undo snmp-agent 5-18
Command
Integrated
undo synchronization Management 4-48
Command
Auto Detecting
user 1-29
Command
user privilege level Port Command 1-24
user-interface Port Command 1-23
A-40
Reliability
user-name-format 3-42
Command
V
Auto Detecting
verbose 1-29
Command
virtual-cable-test VLAN Command 1-21
Network Protocol
vlan 1-7
Command
Network Protocol
vlan { enable | disable } 1-7
Command
Reliability
vlan-assignment-mode 3-17
Command
System
vlan-mapping modulo Management 1-36
Command
vlan-vpn enable VLAN Command 1-22
System
vlan-vpn tunnel Management 2-1
Command
Integrated
vlink-peer Management 3-47
Command
System
vrrp authentication-mode Management 1-3
Command
System
vrrp method Management 1-4
Command
System
vrrp ping-enable Management 1-5
Command
System
vrrp vrid preempt-mode Management 1-5
Command
System
vrrp vrid priority Management 1-6
Command
System
vrrp vrid timer Management 1-7
Command
System
vrrp vrid track Management 1-8
Command
A-41
vrrp vrid track detect-group 2-3

System
vrrp vrid virtual-ip Management 1-8
Command
W
wred Security Command 2-71
X
Y
Z
A-42

S3500-Command Manual v1 - 04

Caricato da

Informazioni sul documento

Titolo originale

Copyright

Formati disponibili

Condividi questo documento

Condividi o incorpora il documento

Opzioni di condivisione

Hai trovato utile questo documento?

Questo contenuto è inappropriato?

Copyright:

Formati disponibili

S3500-Command Manual v1 - 04

Caricato da

Copyright:

Formati disponibili

.

Quidway S3500 Series Ethernet Switches

Huawei Technologies Proprietary

Manual Version T2-081985-20050613-C-1.04

Huawei Technologies Co., Ltd.

Address: Administration Building, Huawei Technologies Co., Ltd.,

Bantian, Longgang District, Shenzhen, P. R. China

Postal Code: 518129

Huawei Technologies Proprietary

All Rights Reserved

No part of this manual may be reproduced or transmitted in any form or by any

, HUAWEI, C&C08, EAST8000, HONET, , ViewPoint, INtess, ETS, DMC,

Huawei Technologies Proprietary

This manual applies to S3526-0025/S3526EF-S3526C-0035/S3528-S3552-0017.

The related manuals are listed in the following table.

Quidway S3552 Ethernet

There are 14 modules in the manual.

Huawei Technologies Proprietary

This module introduces the commands used for configuring VLAN.

This module introduces the commands used for configuring QoS/ACL.

This module introduces the commands used for integrated management.

This module introduces the commands used for configuring STP.

This module introduces the commands used for configuring VRRP.

Huawei Technologies Proprietary

The manual uses the following conventions:

Boldface Headings are in Boldface.

II. Command conventions

Boldface The keywords of a command line are in Boldface.

italic Command arguments are in italic.

Optional alternative items are grouped in square brackets

# A line starting with the # sign is comments.

Huawei Technologies Proprietary

Window names, menu items, data table and field names

IV. Keyboard operation

Press and hold the primary mouse button (left mouse

Caution, Warning, Danger: Means reader be extremely careful during the

Huawei Technologies Proprietary

Huawei Technologies Proprietary

Quidway S3500 Series Ethernet Switches

Huawei Technologies Proprietary

Chapter 1 Logging in Switch Commands ................................................................................... 1-1

Huawei Technologies Proprietary

Chapter 1 Logging in Switch Commands

1.1 Logging in Switch Commands

authentication-mode { password | scheme | none }

User interface view

password: Perform local password authentication.

Using authentication-mode command, you can configure the authentication method

# Configure local password authentication.

1.1.2 auto-execute command

auto-execute command text

Huawei Technologies Proprietary

undo auto-execute command

User interface view

text: Specifies the command to be run automatically.

Using auto-execute command command, you can configure to automatically run a

1.1.3 command-privilege level

command-privilege level level view view command

Huawei Technologies Proprietary

level: Specifies the command level, ranging from 0 to 3.

# Configure the precedence of the command "interface" as 0.

User interface view

Huawei Technologies Proprietary