Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Full spelling
Local Area Network Media Access Control Internet Group Management Protocol Virtual Local Area Network Spanning Tree Protocol Remote Monitor(SNMP) GARP Multicast Registration Protocol Access Control List Dynamic Host Configuration Protocol Open Shortest Path First Routing Information Protocol Address Resolution Protocol Authentication Authorization Accounting Rapid Spanning Tree Protocol Protocol Independent Multicast Longest Prefix Match Quality of Service Unshielded Twisted Paired Small Form-Factor Pluggable Gigabit Interface Converter
2011-09-27
Huawei Confidential
Page 1 of page141
Table of Contents
Version Information 5
Version Number 5 Version History5 Hardware and Software Compatibility Matrix6
Version Updates 22
Feature Updates 22 Command Line Updates 31 MIB Updates 99 Configuration Changes 102
XModem Protocol Overview 127 Modifying Serial Interface Parameters 127 Upgrading BootWare 130 Upgrading an Application Program Through a Serial Interface 131 Maintaining Application and Configuration Files 132 Displaying all files 132 Dealing with Password Loss 134 User Password Loss 134 BootWare Password Loss 135 Super Password Loss 135 Backing Up and Restoring BootWare 136
2011-09-27
Huawei Confidential
Page 3 of page141
List of Tables
Table 1 Version history.................................................................................................................................5 Table 2 Hardware and software compatibility matrix ...........................................................................6 Table 3 AR19-0X Series Hardware Features .............................................................................................7 Table 4 AR19-1X Series Hardware Features .............................................................................................8 Table 5 AR 19-61 Hardware Features .......................................................................................................9 Table 6 AR29 Series Hardware Features................................................................................................ 10 Table 7 AR 49-45/ AR49-45 MPUG2 Hardware Features ..................................................................... 12 Table 8 AR19_AR29_AR49 series Module List ........................................................................................ 12 Table 9 AR19_AR29_AR49 Series Software Features............................................................................ 17 Table 10 Feature updates ....................................................................................................................... 22 Table 11 Command line updates .......................................................................................................... 31 Table 12 MIB updates .............................................................................................................................. 99 Table 13 Documentation set ................................................................................................................ 108 Table 14 Acquire product documentation from the Huawei website .......................................... 109 Table 15 Default names and types of the boot files......................................................................... 110 Table 16 Main BootWare menu............................................................................................................ 120 Table 17 BootWare serial interface submenu .................................................................................... 121 Table 18 Ethernet interface submenu ................................................................................................. 121 Table 19 File control submenu.............................................................................................................. 122 Table 20 BootWare operation submenu............................................................................................. 123 Table 21 Ethernet parameters settings description........................................................................... 123
2011-09-27
Huawei Confidential
Page 4 of page141
Version Information
Version Number
VRP Software, Version 5.20, Release 2207L30 Note: You can see the version number with the command display version in any view. Please see Note.
Version History
Table 1 Version history Version Number
VRP520-R2207L30 VRP520-R2207P02 VRP520-R2207 VRP520-E2206 VRP520-E2103 VRP520-E1908 VRP520-R1719P06 VRP520-E1719P02 VRP520-E1719P01 VRP520-R1806 VRP520-E1804 VRP520-E1711 VRP520-R1710 VRP520-E1710 VRP520-B1707 VRP520-B1618P01 VRP520-B1618P01 VRP520-B1608P01 VRP520-R1509P02 2011-09-27
Release Date
2011-09-15 2011-06-23 2011-05-19 2011-04-07 2010-03-24 2009-08-28 2009-06-24 2009-04-13 2009-03-19 2009-06-13 2009-03-02 2008-08-26 2009-01-03 2008-08-04 2008-06-23 2008-06-18 2008-06-03 2008-01-16 2007-12-18
Remark
Only support AR 19-1X series Support AR19_29_49 series Support AR19_29_49 series Support AR19_29_49 series Support AR19_29_49 series Support AR19_29_49 series, include AR19-1X , AR19-0X and AR29-11 Only support AR 29-11 Only support AR 29-11 The first version of AR 29-11, and only support AR 29-11 Only support AR19_29 series Support AR19_29_49 series, include AR19-1X and AR19-0X The first version of AR19-0X, and only support AR19-0X Only support AR19-1X Support AR19_29_49 series, include AR19-1X Support AR19_29_49 series, include AR19-1X Only support AR19_29 series Only support AR19-1X series Only support AR19-1X Support AR19_29_49 series, except Page 5 of page141
Huawei Confidential
Version Number
Release Date
Remark
AR19-1X
Only support AR19-1X Only support AR19-1X Only support AR19-1X The first version
Specifications
AR19_29_49 series routers
AR19-1X series: 226 or higher (Note: Perform the command display version command in any view to view the version information. Please see Note) Hardware AR 19-1X series 4.27 Cards Name SIC-3G-GSM SIC-AP SIC-ADSL-I/SIC-ADSL-P Software Version 180 or higher R3200 or higher 170 or higher 230 or higher 200 or higher 200 or higher None None CPLD or FPGA version 200 or higher 200 or higher 100 or higher 100 or higher 100 or higher 100 or higher CPLD:200 or higher CPLD:100 or higher FPGA:400 or higher software AR191X-VRP520-R2207L30.BI N MD5 Check Sum 4ab1f6c707d7329a20c483b9d790 0bf8
Cards Version
Sample:To display the host software and Boot ROM version of the AR routers, perform the following:
2011-09-27 Huawei Confidential Page 6 of page141
CPU type: FREESCALE MPC8323E 333MHz 256M bytes DDR SDRAM Memory 16M bytes Flash Memory Pcb Logic Basic [SLOT [SLOT [SLOT [SLOT [SLOT [SLOT [SLOT [SLOT BootROM 0]AUX 0]ETH0/0 0]ETH0/1 0]ETH0/2 0]ETH0/3 0]ETH0/4 0]BRI0/0 0]G.SHDSL0/0 Version: Version: Version: Version: 3.0 1.0 2.21 2.26 (Driver)1.0, (Driver)1.0, (Driver)1.0, (Driver)1.0, (Driver)1.0, (Driver)1.0, (Driver)1.0, (Driver)1.0, ------ Note (Cpld)1.0 (Cpld)1.0 (Cpld)1.0 (Cpld)1.0 (Cpld)1.0 (Cpld)1.0 (Cpld)1.0 (Cpld)0.0
Extended BootROM
Feature List
Hardware Features
Table 3 AR19-0X Series Hardware Features Item
Dimensions (H x W x D) Weight Input AC voltage
AR 19-03-W
300mm240mm44.2mm 3Kg 100V a.c.240V
AR19-05-W
300mm240mm44.2mm 3Kg 100V a.c.240V a.c.;50Hz/60Hz Page 7 of page141
2011-09-27
Huawei Confidential
Item
Max power Operating temperature Relative humidity (noncondensing) Processor BootROM FLASH Memory Exter nal mod ule Inter nal mod ule DSIC/ SIC
AR 19-03-W
a.c.;50Hz/60Hz 25 W 0C to 40C (32F to 104F) 5% to 90% PowerPC 1 MB (in the Flash) 32 MB DDR: 256 MB
AR19-05-W
25 W 0C to 40C (32F to 104F) 5% to 90% PowerPC 1 MB (in the Flash) 32 MB DDR: 256 MB
VPM
Console/AUX USB FE Fixe d interf ace FE switching interface ADSL G.SHDSL.BIS SAE ISDN S/T AM E1/T1 opti onal Wlan
1 1 1 electrical interface 4 0 1 0 0 0 0 1
1 1 1 electrical interface 4 1 0 0 0 0 0 1
AR 19-10/ AR 19-10-W
300mm%240mm% 44.2mm 3Kg 50 Hz/60 Hz
AR19-13-I/ AR19-13-IW
300mm%240mm%44.2 mm 3Kg
AR19-15-I/ AR19-15-IW
300mm%240mm%44.2 mm 3Kg
2011-09-27
Huawei Confidential
Page 8 of page141
Item
Max power Operating temperature Relative humidity (noncondensing) Processor BootROM FLASH Memory External module Internal module SIC/ DSIC modul e VPM strip Consol e/AUX USB FE FE switchi ng interfa ce ADSL G.SHD SL SAE ISDN S/T AM E1/T1 optional Wlan
AR 19-10/ AR 19-10-W
25W 0C to 40C 5% to 90% PowerPC 1MB 16MB/32 MB 256MB
AR19-13-I/ AR19-13-IW
AR19-15-I/ AR19-15-IW
0 1 1 1 electrical interfaces
Fixed interface
AR 19-61 Description
360mm%287.1mm%44.2mm
2011-09-27
Huawei Confidential
Page 9 of page141
Item
Weight Input AC voltage Max power Operating temperature Relative humidity (noncondensing) Processor BootROM Memory
AR 19-61 Description
3.4Kg Rated voltage: 100 VAC to 240 VAC; 50/60 Hz 54W 0C to 40C (32oF to 104oF) 5% to 90% PowerPC 4MB SDRAM Default: 256MB Maximum: 384MB Default: 256MB Maximum: 1GB SIC module ESM module 2 1 0 0 1 1 1 2 electrical interfaces 0
Internal module
Fixed interfac e
AR29-01 Description
442mm%407.1 mm%44.2mm 5.4Kg
AR 29-11 Description
44236044.2m m 4.8kg
AR29-21 Description
442mm441.8m m44.2mm 6.9Kg
AR 29-41 Description
442mm422.3mm 88.2mm 11.9Kg
Rated voltage: 100 VAC to 240 VAC; 50 Hz/60 Hz Not support DC Rated voltage: -48V d.c.-60V Rated voltage: -48V d.c.-60V Rated voltage: -48V d.c.-60V
2011-09-27
Huawei Confidential
Page 10 of page141
Item
AR29-01 Description
100W 0C to 40C
AR 29-11 Description
d.c 54W
AR29-21 Description
d.c 125W
AR 29-41 Description
d.c 210W
Max power Operating temperature Relative humidity (noncondensi ng) Processor BootROM
5% to 90%
PowerPC 4MB SDRAM Default: 256MB Maximum: 384MB Default: 256MB Maximum: 1GB Not support
PowerPC 2MB SDRAM Default: 256MB Maximum: 256MB Not support 256MB 2 0 1 1 0 1 0 1 1 1 1 2 electrical interfaces 0
PowerPC 4MB DDR SDRAM Default: 256MB Maximum: 1GB Default: 256MB Maximum: 1GB Not support 4 2 2 0 0 2 1 2 1 1 2 0 2 electrical interfaces
PowerPC 4MB DDR SDRAM Default: 256MB Maximum: 1GB Default: 256MB Maximum: 1GB Not support 4 2 4 0 1 2 1 3 1 1 2 0 2 electrical interfaces
Memory
CF Flash FLASH SIC module Ext ern al mo dul e DSIC module MIM module XMIM module DMIM module Int ern al mo dul e ESM module VCPM module VPM strip Console Fix ed int erf ac e AUX USB FE GE
4 2 0 0 0 2 1 2 1 1 1 2 electrical interfaces 0
2011-09-27
Huawei Confidential
Page 11 of page141
AR49-45 Description
436.2mm424mm130.7mm 18Kg
Rated voltage: 100 VAC to 240 VAC; 50/60 Hz Rated voltage: 48 VDC to 60 VDC 350W 0C to 40C (32F to 104F) 5% to 90% PowerPC 4MB DDR SDRAM: Default: 512MB Max: 1GB Default: 256MB Max: 1GB DDR SDRAM II: Default: 1GB Max: 2GB
CF Flash SIC module External module FIC module MSCA module ESM module Internal module VCPM module VPM strip Console Fixed interfac e AUX USB FE GE
4 4 1 2 1 1 4 1 1 2 0 2 COMBO interfaces
3 COMBO interfaces
Description
Ethernet interface cards: Page 12 of page141
2011-09-27
Huawei Confidential
Module
Description
1-port 10/100/1000 Mbps Ethernet electrical and optical interface card SIC module (SIC-1GEC) 4-port 10/100 Mbps Ethernet L2 switching module (RJ45) (SIC-4FSW) 1-port 10/100 Mbps Ethernet electrical SIC interface module (RJ45) (SIC-1FEA) 1-port 100 Mbps Ethernet electrical SIC interface module -SIC-1FEF WAN interface cards: 1-port enhanced synchronous/asynchronous serial SIC interface module (SIC-1SAE) 1-port fractional E1 SIC interface module (SIC-1E1-F) 1-port fractional T1 SIC interface module (SIC-1T1-F) 1-port E1/CE1/PRI SIC interface module (SIC-1EPRI) 1-port ADSL over ISDN SIC interface module (SIC-1ADSL-I) 1-port ADSL over POTS SIC interface module (SIC-1ADSL) 1-port analog modem SIC interface module (SIC-1AM-V3) 2-port analog modem SIC interface module (SIC-2AM-V3) 1-port ISDN BRI S/T interface card (SIC-1BS-V2) 2-port ISDN BRI S/T interface card (SIC-2BS-V2) 1-port ISDN BRI U interface card (SIC-1BU-V2) Voice interface cards: 1-port voice module subscriber circuit SIC interface module (SIC-1FXS-V2) 2-port voice module subscriber circuit SIC interface module (SIC-2FXS-V2) 1-port voice module FXO SIC interface module (SIC-1FXO-V2) 2-port voice module FXO SIC interface module (SIC-2FXO-V2) 1-port ISDN BRI S/T voice interface card (SIC-1BSV) 2-port ISDN BRI S/T voice interface card (SIC-2BSV) 1-channel E1 voice SIC interface module (SIC-1VE1) 2-port voice subscriber circuit & 1-port voice AT0 analog trunk interface card (SIC-2FXS1FXO) An input and output audio and DOOR RELAY control signal output interface card (SIC-AUDIO) 9-port 10/100 Mbps Ethernet L2 switching module (RJ45) (DSIC-9FSW)
DSIC
4-port voice subscriber circuit & 1-port voice AT0 analog trunk interface card -DSIC-4FXS1FXO High-performance network data encryption ESM module (ESM-ANDE) Standard network data encryption ESM module (ESM-SNDE) Ethernet interface cards: 1-port 10M100M Ethernet electrical MIM interface module (RJ45) (MIM-1FE) 2-port 10M/100M Ethernet electrical MIM interface module (RJ45) (MIM-2FE) 1-port 1000M Ethernet electrical MIM interface module (RJ45)
ESM
MIM
2011-09-27
Huawei Confidential
Page 13 of page141
Module
Description
(MIM-1GBE) 1-port 1000M Ethernet electrical MIM interface module (RJ45) (MIM-1GEF) 16-port 10M/100M Ethernet L2 switching module (MIM-16FSW) WAN interface cards: 2 channel enhanced synchronous/asynchronous interface module (MIM-2SAE) 4 channel enhanced synchronous/asynchronous interface module (MIM-4SAE) 8 channel enhanced synchronous/asynchronous interface module (MIM-8SAE) 8 port asynchronous serial interface panel (RJ45) (MIM-8ASE) 16 port asynchronous serial interface panel (RJ45) (MIM-16ASE) 1 port CE1/PRI interface module (MIM-1E1-V2) 2 port CE1/PRI interface module (MIM-2E1-V2) 4 port CE1/PRI interface module (MIM-4E1-V2) 8 port E1 interface module (75ohm) (MIM-8E1 (75)) 1-port fractional E1 interface module (MIM-1E1-F-V2) 2-port fractional E1 interface module (MIM-2E1-F-V2) 4-port fractional E1 interface module (MIM-4E1-F-V2) 8 port E1 interface module (75ohm) (MIM-8E1 (75)-F) 1-port G.SHDSL interface module (MIM-1G.SHDSL) 4-port enhanced ISDN S/T interface panel (MIM-4BSE) 1-port T3/CT3 compatible interface module (MIM-1CE3-V2) 1-port ATM/155M fiber interface(MIM-1ATM-OC3) 1-port ATM-E3 compatible interface module (MIM-1AE3) 1-port ATM-T3 compatible interface module (MIM-1AT3) 1-port POS interface module (MIM-1POS-V2) 1-port SDH/SONET interface module (MIM-1POS-V2) 1-port channelized SDH/SONET interface module (E1) (MIM-1CPOS (E)-V2) 8-port E1 ATM inverse multiplexing interface module (MIM-IMA-8E1(75)) 4-port E1 ATM inverse multiplexing interface module (MIM-IMA-4E1(75)) 1-port dual-pair G.SHDSL interface module (MIM-1SHL-4W) Voice interface card: 1 channel E1 voice MIM interface module (MIM -1VE1) 1 channel T1 voice MIM interface module (MIM -1VT1) 2-port voice module subscriber circuit interface board (MIM-2FXS) 4-port voice module subscriber circuit interface board (MIM-4FXS) 2-port voice module FXO interface module (MIM-2FXO) 4-port voice module FXO interface module (MIM-4FXO) 4 channel voice processing board E&M trunk interface module (MIM-4EM) Page 14 of page141
2011-09-27
Huawei Confidential
Module
Description
Encryption card: Network data encryption processing module (MIM-HNDE) 24-port 10M/100M and 2-port 1000BASE-T/1000BASE-X (COMBO) Ethernet layer 2 switching (DMIM-24FSW) Voice co-processing module (RT-VCPM) 8-channel voice processing module (RT-VPM8)
DMIM
VPM / VCPM
16-channel voice processing module (RT-VPM16) 24-channel voice processing module (RT-VPM24) 32-channel voice processing module (RT-VPM32) Ethernet interface cards: 16-port 10/100 Mbps and 1-port 1000BASE-T/1000BASE-X (COMBO) Ethernet L2 switching FIC interface module (FIC-16FSW) 1-port 10/100 Mbps Ethernet electrical FIC interface module (RJ45) (FIC-1FE-V2) 2-port 10/100 Mbps Ethernet electrical FIC interface module (RJ45) (FIC-2FE-V2) 1-port 1000 Mbps Ethernet electrical FIC interface module (RJ45) (FIC-1GBE) 2-port 1000 Mbps Ethernet electrical FIC interface module (RJ45) (FIC-2GBE) 1-port 1000 Mbps Ethernet fiber FIC interface module (FIC-1GEF) 2-port 1000 Mbps Ethernet fiber FIC interface module (FIC-2GEF) WAN interface cards: 2-port enhanced synchronous/asynchronous serial FIC interface module (FIC-2SAE-V2)
FIC
4-port enhanced synchronous/asynchronous serial FIC interface module (FIC-4SAE-V2) 8-port enhanced synchronous/asynchronous serial FIC interface module (FIC-8SAE-V2) 8-port asynchronous serial FIC interface module (RJ45) (FIC-8ASE-V2) 16-port asynchronous serial FIC interface module (RJ45) (FIC-16ASE-V2) 1-port E1/CE1/PRI FIC interface module (FIC-1E1-V3) 2-port E1/CE1/PRI FIC interface module (FIC-2E1-V3) 4-port E1/CE1/PRI FIC interface module (FIC-4E1-V3) 8-port E1/CE1/PRI FIC interface module (75 ohm) ((FIC-8E1) (75)-V2) 1-port fractional E1 FIC interface module (FIC-1E1-F-V3) 2-port fractional E1 FIC interface module (FIC-2E1-F-V3) 4-port fractional E1 FIC interface module (FIC-4E1-F-V3) 8-port fractional E1 FIC interface module (75 ohm) enhanced (FIC-8E1(75)-F-V2) 1-port E3/CE3 FIC interface module (FIC-1CE3-V3) 1-port ATM/155M fiber interface(FIC-1ATM-OC3) 1-port ATM-E3 interface moduel (FIC-1AE3)
2011-09-27
Huawei Confidential
Page 15 of page141
Module
Description
1-port POS interface module (FIC-1POS-V2) 1-port SDH/SONET interface module (FIC-1POS-V4) 1-port channelized SDH/SONET interface module (FIC-1CPOS) 1 port E1POS POS-terminal access module (FIC-E1POS) 1-port channelized SDH/SONET interface card (FIC-1CPOS (E)) 1-port dual-pair G.SHDSL interface card (FIC-1SHL-4W) Voice interface cards: 1-channel E1 voice FIC interface module (FIC-1VE1) 1-channel T1 voice FIC interface module (FIC-1VT1) 2-channel E1 voice FIC interface module (FIC-2VE1) 2-channel T1 voice FIC interface module (FIC-2VT1) 2-port voice module subscriber circuit FIC interface module (FIC-2FXS) 4-port voice module subscriber circuit FIC interface module (FIC-4FXS) 24-port voice subscriber circuit interface card (FIC-24FXS) 2-port ISDN BRI S/T voice interface card (FIC-2BSV) 4-port ISDN BRI S/T voice interface card (FIC-4BSV) 2-port voice module FXO interface module (FIC-2FXO) 4-port voice module FXO interface module (FIC-4FXO) 2-channel voice process board E&M trunk interface FIC module (FIC-2EM) 4-channel voice process board E&M trunk interface FIC module (FIC-4EM) 24-port voice subscriber circuit interface card (FIC-24FXS) Encryption card: High-performance network data encryption FIC interface module (FIC-HNDE) 24-port 10/100 Mbps and 2-port 1000BASE-T/1000BASE-X (COMBO) Ethernet L2 switching FIC interface module (DFIC-24FSW) 24-port voice subscriber circuit interface card & 24-port voice AT0 analog trunk interface card (DFIC-24FXO24FXS) WCDMA 3G Modem Huawei E170/E172/E226/E160/E169/E176/E156/E180/E1750/E176G /E1756/E1556/K3765/K4505/E1820/E367/E1553 (E226 is only supported on AR29/AR49 routers)
D-FIC
3G modules
CAUTION: The support and restriction of modules on AR please refer to Quidway AR 19/29/49/19-0x/19-1x Series Routers Interface Card and Interface Module Manual,
2011-09-27 Huawei Confidential Page 16 of page141
Software Features
Table 9 AR19_AR29_AR49 Series Software Features Attributes Description
ARP (proxy ARP, free ARP, authorization ARP) Ethernet_II Ethernet_SNAP VLAN (PORT-BASED VLAN/MAC-BASED VLAN/VLAN-BASED PORT ISOLATE/VLAN VPN/VOICE VLAN) 802.3x LAN protocol: LACP(802.3ad) 802.1p 802.1Q 802.1x RSTP(802.1w) MSTP(802.1s) GVRP PORT MUTILCAST suppression PPP,MP PPPoE Client,PPPoE Server PPP/MP over FR FR,MFR FR Fragment,FR Compress,FR over IP FRTS ATM(IPoA,IPoEoA,PPPoA,PPPoEoA) WAN protocols: DCC,Dialer Watch HDLC LAPB X25,X25 over TCP,X25 to TCP X25 PAD,X25 Huntgroup,X25 CUG DLSW(V1.0/2.0) ISDN,ISDN Network ISDN QSIG MODEM Fast forwarding (unicast/multicast) TCP IP services UDP IP Option IP unnumber 2011-09-27 Huawei Confidential Page 17 of page141
Attributes
Description
Policy routing (unicast/multicast) IPX Netstream Ping and Trace DHCP Server DHCP Relay DHCP Client DNS client DNS Static NQA IP Accounting UDP Helper NTP Telnet TFTP Client FTP Client FTP Server Static routing management Dynamic routing protocols: RIP/RIPng OSPF OSPFv3 BGP IS-IS Multicast routing protocols: IGMP PIM-DM PIM-SM MBGP MSDP Routing policy LDP LSPM MPLS TE MPLS FW MPLS/BGP VPN L2VPN IPv6 basic functions
Non-IP services:
IP application
IP route
MPLS
IPv6
2011-09-27
Huawei Confidential
Page 18 of page141
Attributes
Description
IPv6 FIB IPv6 ACL IPv6 transition technologies NAT-PT IPv6 tunneling 6PE IPv6 routing IPv6 static routing management Dynamic routing protocols RIPng OSPFv3 IS-ISv6 BGP4+ Multicast routing protocols MLD PIM-DM PIM-SM PIM-SSM PPPoE Client&Server
Port security
AAA
Radius HWTacacs ASPF ACL FILTER DDOS IKE IPSec Encryption card Portal/Portal+ L2TP NAT/NAPT PKI RSA SSH V1.5/2.0 SSL URPF GRE
Firewall
Data security
2011-09-27
Huawei Confidential
Page 19 of page141
Attributes
Description
DVPN Supports VRRP Supports the backup center SP WRED(Port) CAR LR Flow-base QOS Policy Port-Based Mirroring Flow-Based Mirroring Cos-Based HOLB(Head of Line Blocking)Prevention
Reliability
L2 QoS
Packet Remarking Flow Redirect Flow Accounting Priority Mapping Port Trust Mode Port Priority Flow Filter FlowControl ACL Supports CAR (Committed Access Rate) Supports LR (Line Rate) FIFO,PQ,CQ,WFQ,CBQ,RTPQ WRED/RED Supports GTS(Generic Traffic Shaping) FR QOS MPLS QOS MP QoS/LFI cRTP/IPHC ATM QOS Sub-interface QOS FXS FXO E&M E1VI/T1VI R2 DSS1 Q.sig Digital E&M
Voice Interfaces
Voice Signaling
2011-09-27
Huawei Confidential
Page 20 of page141
Attributes
H.323
Description
H.225 H.245
GK Client
GK Client
SIP
SIP SIP Operation G.711A law G.711U law G.723R53 G.723R63 G.729a G.729R8 RTP/cRTP
Codec
IPHC Voice Backup FAX Voice RADIUS VoFR SNMP V1/V2c/V3 MIB SYSLOG RMON Command line management
Network management
Local management
File system management Dual Image Supports console interface login Supports AUX interface login Supports TTY interface login Supports telnet (VTY) login Supports SSH login Supports FTP login Supports X25 PAD login XMODEM
2011-09-27
Huawei Confidential
Page 21 of page141
Version Updates
Feature Updates
Table 10 Feature updates Version Number
VRP520-R22 07L30
Item
Changed Hardware Features Changed Software Features
Description
None
VRP520-R22 07P02
New Features: 1. Support the statistics per classifier of nested QoS None
VRP520-R22 07
New Features: 1. Call forwarding authority control When performing call forwarding, the system checks both the calling number and the called number. If either of them is authorized to call the forwarded-to number, the call can be forwarded. 2. Support DAR MIB The statistics of the packets for the DAR can be acquired by the MIB.
VRP520-E22 06
None
New Features: 1. Authorization again for AAA For AAA scheme, if the device prompts you to enter another password of the specified type after you entering the correct username and password, you will be authenticated for the second time. In other words, to pass authentication, you must enter a correct password as prompted. 2. The feature supports the VPN could visit the other VPN by NAT 3. Support OSPF and NAT in bridge-template interface 4. Supports 3G modules: 1)WCDMA 3G Modem Huawei E170/E172/E226/E160/E169/E176/E156/E180/E1750/E176G /E1756/E1556/K3765/K4505/E1820/E367/E1553 (E226 is only supported Page 22 of page141
2011-09-27
Huawei Confidential
Version Number
Item
Description
on AR29/AR49 routers) 2) CDMA2000 3G Modem Huawei EC226/EC169/EC1260/EC1261 3) TD-SCDMA 3G Modem Huawei ET128/ET188/ET127 5. SIP TRUNKING As more enterprise IP-PBX networks run SIP and more Internet Telephone Service Providers (ITSPs) use SIP to provide basic voice communication structures, enterprises urgently need a technology that can connect the enterprise IP-PBX network to the ITSP over SIP. This technology is called SIP trunk. The SIP trunk function can be embedded into the voice gateway or the firewall deployed at the network edge. The device providing the SIP trunk function is called the SIP trunk device, or the SIP trunk gateway (TG). 6.SRTP As an enhancement of RTP, SRTP secures RTP packets through authentication, encryption, and integrity check. It can encrypt media packets between two SIP terminals. SIP TLS is used to encrypt audio and video signaling streams. 7. L2VPN connected to L3VPN An MPLS L2VPN can be used as an access network to connect users to an MPLS L3VPN or IP backbone. The conventional solution needs two devices to complete this task. This feature enables a single device to implement this function to reduce networking costs and complexity. 8. NAT DMZ host and related features 1) After you configure an internal server, NAT gives precedence to the service provided by the internal server. 2) Allow LAN users to access the internal server by using a public network destination address and a port number. 3) Allow you to configure the NAT DMZ host through web. 9. SIP support for non early media negotiation With this feature, a router that acts as the called party can send a 180 ringing response without media information to the calling party so that the calling party receives only tones played by the server. 10. IPsec RRI IPsec Reverse Route Inject (RRI) enables an IPsec tunnel gateway to automatically add static routes destined for protected private networks or peer IPsec tunnel gateways to a routing table. The next hop of the static routes specifies the IPsec tunnel peer. If it specifies the peer IPsec VPN gateway, traffic sent to the gateway is protected by IPsec. 11. Allows you to configure NAT address groups, NAT server, and attack protection through TR069. 12. Support of routing protocols for 6VPE Add the IPv6 VPN feature and enable BGP, ISIS, and RIPng to support IPv6 VPN. Page 23 of page141
2011-09-27
Huawei Confidential
Version Number
Item
Description
13. BIDIR-PIM In some many-to-many applications, such as multi-side video conference, there might be multiple receivers interested in multiple multicast sources simultaneously. With PIM-DM or PIM-SM, each router along the SPT must create an (S, G) entry for each multicast source, consuming a lot of system resources. BIDIR-PIM addresses the problem. Derived from PIM-SM, BIDIR-PIM builds and maintains bidirectional RPTs, each of which is rooted at an RP and connects multiple multicast sources with multiple receivers. Traffic from the multicast sources is forwarded through the RPs to the receivers along the bidirectional RPTs. Each router needs to maintain only one (*, G) multicast routing entry, saving system resources. BIDIR-PIM is suitable for networks with dense multicast sources and dense receivers. 14. OSPFv3 support for MCE With MCE, you can bind each VPN to a VLAN interface on a CE device. The CE creates and maintains a separate routing table (multi-VRF) for each VPN. This separates the forwarding paths of packets of different VPNs and, in conjunction with the PE, can correctly advertise the routes of each VPN to the peer PE, ensuring the normal transmission of VPN packets over the public network. 15. Voice support for TR104 TR104 specifies a list of objects and nodes a CPE device that acts as a VoIP endpoint should have and support. This feature supports some nodes in the list. 16. BGP, OSPFv3 and ISISv6 support for IPv6 VPN BFD Use BFD to detect links between IPv6 routing protocol neighbors to speed up network convergence. 17. Allows you to set a BGP update interval of 0. 18. Allows you to use domain names to specify SNMP trap and log hosts. 19. TR069 supports the following memory and CPU utilization nodes: InternetGatewayDevice.DeviceInfo.X_CT-COM_LoadInfo.ProcessorL oad InternetGatewayDevice.DeviceInfo.X_CT-COM_LoadInfo.MemoryLo ad 20. ACL configuration information display filtering Allows you to use command parameters to filter specific ACL configuration information in the display command output. 21. A routing policy name can contain up to 64 characters. 22. Allows you to use names as BGP community attributes 23. Permanent attribute for static routes Allows you to set a static route as a permanent static route. A permanent static route is active even when its output interface is down. 24. Continue feature for routing policy With this feature, a route that has matched the current policy node is
2011-09-27
Huawei Confidential
Page 24 of page141
Version Number
Item
Description
matched against the next policy node. This feature enables you combine the if-match and apply clauses of policy nodes as needed to increase routing policy flexibility. 25. E1POS and AM ports can send calling numbers. 26. POS terminal access can use the source address in the TPDU header to map POS packets to specific POS applications. 27. POS terminal access allows you to specify TCP source port numbers for POS applications. 28. Bloomberg AR Source NAT In NAT NOPAT mode (NOPAT dynamic entries exist), this feature provides ACL-based filtering for connections initiated from the external network to the internal network and for statically NATed connections. 29. NAT support for discontinuous address pools 30. ISDN support for sending the progress-indicator unit You can use the isdn progress-indicator command to configure the ISDN signaling packets to carry the progress indicator unit and set the value of the unit. 31. An ACL name can contain up to 63 characters. 32. POS MIB and E1 POS MIB 33. SIP support for SRV and NAPTR Enables the router to use SRV and NAPTR to perform domain name resolution during SIP calls and registrations. This feature also supports call failure triggered registrations and server keep-alive function. 34. TR098
VRP520-E21 03
New Features: Add new card: 1-port SDH/SONET interface module FIC-1POS-V4; 1-port SDH/SONET interface module MIM-1POS-V2; 1-port channelized SDH/SONET interface module FIC-1CPOS; 1 port E1POS POS-terminal access module FIC-E1POS; 4-port voice subscriber circuit & 1-port voice AT0 analog trunk interface card DSIC-4FXS1FXO
New Features: 1. Portal, RADIUS, and HWTACACS support for multi-VRF Portal, RADIUS, and HWTACACS support for multi-VRF, which allows a device in a VPN to act as the authentication client for RADIUS authentication and HWTACACS authentication of AAA, and to implement portal authentication. 2.L2TP Auto Client L2TP Auto Client, which allows the LAC to automatically initiate a tunnel connection request to the LNS to establish a L2TP tunnel for the virtual PPP user. 3.G729B audio codec, which supports G.729 Annex B 4.FXS interface support for calling name
2011-09-27
Huawei Confidential
Page 25 of page141
Version Number
Item
Description
FXS interface support for calling name, which allows you to configure, display, and send calling name information on an FXS interface. 5. NQA threshold alarming The NQA threshold alarm is to monitor the NQA test results. Once a threshold is violated, an alarm is generated to notify the user of the event. 6. Dot1p based remark for MPLS-EXP, which allows you to implement priority scheduling on an MPLS interface. 7.Virtual baudrate adjustment on the tunnel interface 8.Support for 63-bit SIP authentication username 9.ISDN trap, which provides the state change traps of ISDN Layer-2 10.MQC MIB Index Persist, which enables MQC MID indexes to survive reboots 11. Layer-3 interface support for LLDP, which enables Layer-3 Ethernet interfaces to support LLDP.
VRP520-E19 08
None.
New Features: 1. Support for EFM This feature implements Ethernet in the First Mile (EFM) function on the AR19-13-I/ AR19-13-IW routers. At the same time, this feature supports manual and automatic ATM/EFM switchover and automatic ATM 2/4 wire switchover. 2. Support for unidirectional media streams This feature complements the media re-negotiation processing, implements negotiation, sending, and receiving for unidirectional media streams, and authentically implements unidirectional transmission for media streams according to the media characteristics, thus enabling various media negotiations flexibly. 3. SIP-Ts support for basic QSIG call This feature uses a tunneling-like technology to transmit QSIG signaling in SIP messages. SIP-T translates the ISDN telephone network signaling into SIP messages through encapsulation and mapping, and implements QSIG signaling exchange through the original QSIG signaling carried in the SIP messages, thus enabling SIP to interconnect the ISDN network and the SIP network. 4. Support for enhanced fax and modem transparent transmission This feature enhances the intercommunication compatibility between the modem transparent transmission or fax transparent transmission and the SoftX3000 and voice gateways of other vendors. Deleted Features: None.
VRP520-E18 04
None.
2011-09-27
Huawei Confidential
Page 26 of page141
Version Number
Item
Changed Software Features
Description
New Features: 1.P2P flow control feature This feature is used to control the flows generated from P2P client, and avoid the normal operation of other businesses affecting by a network resources lacking. 2. Enhances for ARP anti-attack This feature enhances means for ARP anti-attack: ARP automatically scan; Fixed ARP; regularly send free ARP; ARP take the initiative to confirm function. ARP automatically scan match the use of Fixed ARP feature, you can effectively prevent the router amend its ARP cache table when an ARP attack is happening; When the feature of free ARP regularly sending is enabled, you can try to avoid the ARP attacks from some illegal gateway; The functional of ARP initiative confirmed improve the original validation function, and its very helpful to prevent ARP flooding attacks. 3. Configure a fixed sub interface through Web. 4. TEL_URL Supporting the characteristics of the URL address format analyzing, and support outputting a number configured with the sign "+" in the first position, and expands the meaning of the sing "+" in the same time, and enable a device can send and receive a number configured with the sing "+ " in the first position. 5. DDNS collaboration with VPN Enable a user to configure the gateway on the other side using a domain name. When the client device using DDNS address allocation approach, administrators can easily set up the gateway on the premise equipment using the domain name. 6. Customized IVR This feature supports customized interactive voice service system. Provided a customized voice services flow by users according to their actual business needs for routers. When number entities was called, system can provide different services according to the button pressed by the caller. 7. POS terminal access Enable the routers support on POS terminal access functions. 8.DMC Help you dynamic testing, managing and monitoring experimental equipment conveniently through Web. 9. DNS supported on voice features Enable SIP-based voice features, such as call forwarding, call hold, call forwarding, tripartite meeting and message instructions waiting using a domain name as the destination address for. 10.IPsec&IKE Monitor MIB Using HUAWEIs IVMS, a network management software based on Page 27 of page141
2011-09-27
Huawei Confidential
Version Number
Item
Description
SNMP, this feature can monitor the IKE/IPsec tunnels established on HUAWEIs devices in real time and receive tunnel-relevant trap information from the devices. 11.SIP session update This feature supports processing heartbeat packets (OPTIONS requests) from Softx3000 and performing medium negotiation of UPDATE requests 12.Enable the implementation of SIP on the router compatible with Huawei SoftX standard T38 fax, FAX \ MODEM pass through function. Deleted Features: None.
VRP520-E17 10
None
New Features: 1. 3G Modem: It supports to connect the 3G modem by USB interface. Deleted Features: None. New Features: Add new card: RT-MIM-1CE3-V2-H3 RT-MIM-1ATM-OC3-H3 RT-FIC-1CE3-V3-H3 RT-FIC-1ATM-OC3-H3 Deleted Features: None.
VRP520-B17 07
New Features: 1.QoS priority marking support on VLAN interfaces This feature allows you to perform priority marking for traffic entering a VLAN interface, so that you can classify the traffic on its outgoing interface based on the marked priority value. 2.Encryption of configuration file Encryption of configuration file on CF card feature realizes saving the configuration file and encrypting it on CF card. If the user want to read the configuration file encrypted on CF card, he must decrypt it by legal encryption key, thus protecting the configuration file well. Now the key has two types: private or public. 3.Enhanced Netstream Besides the functions supported by Netstream, enhanced Netstream supports normal traffic accounting and aggregate traffic accounting for IPv4 and IPv6 traffic, MPLS traffic accounting, and reporting traffic statistics based on the version-9 template. Additionally, enhanced Netstream supports outgoing traffic limiting, traffic filtering, and traffic sampling. 4.Traffic classification and queuing support on PPPoE-enabled interfaces in bridging mode This feature enables an outgoing interface in bridging mode to Page 28 of page141
2011-09-27
Huawei Confidential
Version Number
Item
Description
support QoS. 5.Embedding CBQ in QoS This function allows you to configure a child policy in a parent QoS policy, achieving finer traffic classification. 6.ISDN NAT Backup ISDN NAT supports In a ISDN link backup environment, if the master link fails, the backup link switches to the master state. If this feature is enabled, current NAT entries on the failed link will be aged out immediately, so that new NAT entries can be created for subsequent packets on the new master link, and thus NAT streams can be directed to the new link immediately. Deleted Features: None. Modified Features: None.
VRP520-B16 08
New Features: Add 2-port voice subscriber circuit & 1-port voice AT0 analog trunk interface card(SIC-2FXS1FXO); 1/2-port ISDN BRI S/T voice interface card. Deleted Features:None.
New Features: 1.Enhanced Call Recovery Function In the case of SIP call transfer failure, this feature enables the originator to recover the call with the recipient and then re-initiate a call transfer. 2.SIP Extensions for Caller Identity and Privacy This feature implements the SIP extensions for caller identity and privacy. When a PSTN user originates a call to another PSTN user over a SIP network, the caller identity presentation can be restricted at the called side or the caller identity can be transparently transmitted to the called PSTN user by configuring the SIP extension header fields. 3.RIP Metric Control by Route Policy This feature allows you to use a route policy to add an additional metric for the incoming or outgoing RIP routes matching the policy on an interface. 4.IP Terminal Access In the feature, a router acts as the access gateway of an IP terminal. The IP terminal establishes a Telnet connection with the front-end server through the router. You can configure the IP address-to-MAC address binding for the IP terminal on the router, and you can configure data encryption for each TCP connection separately, improving the access security of the IP terminal. 5.Web-Based Network Management Function This feature implements the network management through Web interfaces, including device summary, system file management, device reboot, software upgrade, network diagnosis, and static Page 29 of page141
2011-09-27
Huawei Confidential
Version Number
Item
Description
route management. 6.sFlow Based on packet sampling, Sampled Flow (sFlow) is a traffic monitoring technology mainly used to collect and analyze traffic statistics. Flow supports two sampling mechanisms: 1) Packet-based sampling: Samples one packet out of a specified number of packets from an sFlow-enabled port. 2) Time-based sampling: Samples interface statistics at a specified interval from an sFlow-enabled port. 7.Multicast BGP MBGP supports the multicast address family to allow for both IPv4 and IPv6 inter-AS multicast routing. 8.MPLS TE Tunnel Support for Multiple Explicit Paths An MPLS TE tunnel supports multiple explicit paths, each with a different priority. During CSPFs path calculation, the explicit path with the highest priority will be used first; if the calculation fails, the explicit path with a second-higher priority will be used, and so on, until the calculation succeeds. 9.SSM Mapping The SSM mapping feature extends the SSM feature. An IGMPv1, IGMPv2 or MLDv1 host can use the SSM function through the configuration of the static SSM mapping feature. 10.IGMP Snooping The IGMP snooping feature implements the Layer 2 multicast. Multicast implements point-to-multipoint data communication in a network, largely saving the network bandwidth and reducing the network load. 11.IP Source Guard By filtering packets on a per-port basis, IP source guard prevents illegal packets from traveling through, thus improving the network security. IP source guard filters packets based on the following types of binding entries: source IP address, source MAC address and VLAN tag. This feature provides static binding and dynamic binding. Static binding entries are configured manually, and dynamic binding entries are provided by DHCP snooping or DHCP Relay. 12.HDLC Compression HDLC compression includes STAC-LZS compression and STAC-LZ compression. Deleted Features: None. Modified Features: None.
2011-09-27
Huawei Confidential
Page 30 of page141
Item
New Comm ands
Description
1. Syntax eoapad enable undo eoapad enable View ATM interface view Parameters None Description Use the eoapad enable command to enable padding for Ethernet packets smaller than 60 bytes. Use the undo eoa pad enable command to restore the default. By default, the padding for Ethernet packets smaller than 60 bytes is disabled. This command enables the PVC to pad Ethernet packets smaller than 60 bytes on the PVC to prevent the packets from being discarded. Examples # Enable padding for Ethernet packets on interface ATM 1/0/1. <Sysname> system-view [Sysname] interface atm 1/0/1 [Sysname-Atm1/0/1] eoapad enable
Delete d Comm ands Modifi ed Comm ands VRP520-R 2207 New Comm ands Delete d Comm ands Modifi ed Comm ands VRP520-E 2206 2011-09-27 New Comm
None
None
1. address index-number { ipv4 ip-address | dns dns-name } [ port Huawei Confidential Page 31 of page141
Version Number
Item
ands
Description
port-number ] [ transport { udp | tcp | tls } ] [ url { sip | sips } ] undo address index-number 2. address sip server-group group-number undo address sip server-group 3. assign { host-name host-name | contact-user user-name } undo assign { host-name | contact-user } 4. account enable undo account enable 5. bind sip-trunk account account-index undo bind sip-trunk account 6. description text undo description 7. display voice sip-trunk account 8. display voice server-group [ group-number ] 9. group-name group-name undo group-name 10. hot-swap enable undo hot-swap enable 11. keepalive { options [ interval seconds ] | register } undo keepalive 12. match source host-prefix host-prefix undo match source host-prefix 13. match destination host-prefix host-prefix undo match destination host-prefix 14. match source address { ipv4 ip-address | dns dns-name | server-group group-number } undo match source address 15. Page 32 of page141
2011-09-27
Huawei Confidential
Version Number
Item
Description
proxy server-group group-number undo proxy server-group 16. registrar server-group group-number [ expires seconds ] undo registrar server-group 17. register enable undo register enable 18. redundancy mode { parking | homing } undo redundancy mode 19. server-group group-number undo server-group { group-number | all } 20. sip-trunk account account-index undo sip-trunk account { account-index | all } 21. sip-trunk enable undo sip-trunk enable 22. timer registration retry seconds undo timer registration retry 23. timer registration expires seconds undo timer registration expires 24. timer registration divider percentage undo timer registration divider 25. timer registration threshold seconds undo timer registration threshold 26. user username password { cipher | simple } password undo user 27. media-protocol { rtp | srtp } * undo media-protocol 28. display ve-group [ ve-group-id ] [ slot slot-number ] [ | { begin | exclude | include } regular-expression ]
2011-09-27
Huawei Confidential
Page 33 of page141
Version Number
Item
Description
29. ve-group ve-group-id { terminate | access } undo ve-group 30. early-media enable undo early-media enable 31. reverse-route tag tag-value undo reverse-route tag 32. reverse-route preference preference-value undo reverse-route preference 33. reverse-route [ remote-peer ip-address [ gateway | static ] | static ] undo reverse-route 34. display bgp vpnv6 all peer [ ipv4-address verbose | verbose ] [ | { begin | exclude | include } regular-expression ] 35. display bgp vpnv6 all routing-table [ network-address prefix-length [ longer-prefixes ] | peer ip-address { advertised-routes | received-routes } [ statistic ] | statistic ] [ | { begin | exclude | include } regular-expression ] 36. display bgp vpnv6 route-distinguisher route-distinguisher routing-table [ network-address prefix-length ] [ | { begin | exclude | include } regular-expression ] 37. display bgp vpnv6 vpn-instance vpn-instance-name peer [ ipv6-address verbose | verbose ] [ | { begin | exclude | include } regular-expression ] 38. display bgp vpnv6 vpn-instance vpn-instance-name routing-table [ network-address prefix-length [ longer-prefixes ] | peer ipv6-address { advertised-routes | received-routes } ] [ | { begin | exclude | include } regular-expression ] 39. display ipv6 fib vpn-instance vpn-instance-name [ acl6 acl6-number | ipv6-prefix ipv6-prefix-name ] [ | { begin | exclude | include } regular-expression ] 40. display ipv6 fib vpn-instance vpn-instance-name ipv6-address [ prefix-length ] [ | { begin | exclude | include } regular-expression ] 41. filter-policy { acl6-number | ipv6-prefix ipv6-prefix-name } export [ direct | isisv6 process-id | ospfv3 process-id | ripng process-id | static ] Page 34 of page141
2011-09-27
Huawei Confidential
Version Number
Item
Description
undo filter-policy export [ direct | isisv6 process-id | ospfv3 process-id | ripng process-id | static ] 42. filter-policy { acl6-number | ipv6-prefix ipv6-prefix-name } import undo filter-policy import 43. ipv4-family (VPN instance view) undo ipv4-family (VPN instance view) 44. ipv6-family { vpnv6 | vpn-instance vpn-instance-name } (BGP view) undo ipv6-family { vpnv6 | vpn-instance vpn-instance-name } (BGP view) 45. ipv6-family (VPN instance view) undo ipv6-family (VPN instance view) 46. peer ip-address enable (BGP-VPNv6 subaddress family view) undo peer ip-address enable(BGP-VPNv6 subaddress family view) 47. peer ip-address filter-policy acl6-number { export | import } (BGP-VPNv6 subaddress family view) undo peer ip-address filter-policy [ acl6-number ] { export | import } (BGP-VPNv6 subaddress family view) 48. peer ip-address ipv6-prefix prefix-name { export | import } undo peer ip-address ipv6-prefix { export | import } 49. peer ip-address preferred-value value (BGP-VPNv6 subaddress family view) undo peer ip-address preferred-value(BGP-VPNv6 subaddress family view) 50. peer ip-address public-as-only (BGP-VPNv6 subaddress family view) undo peer ip-address public-as-only (BGP-VPNv6 subaddress family view) 51. peer ip-address reflect-client (BGP-VPNv6 subaddress family view) undo peer ip-address reflect-client (BGP-VPNv6 subaddress family view) 52. peer ip-address route-policy route-policy-name { export | import } (BGP-VPNv6 subaddress family view) undo peer ip-address route-policy route-policy-name { export | import } (BGP-VPNv6 subaddress family view) 53. refresh bgp ipv6 vpn-instance vpn-instance-name { ipv6-address | all | external } { export | import } Page 35 of page141
2011-09-27
Huawei Confidential
Version Number
Item
Description
54. refresh bgp vpnv6 { ip-address | all | external | internal } { export | import } 55. reset bgp ipv6 vpn-instance vpn-instance-name { as-number | ipv6-address | all | external } 56. reset bgp vpnv6 { as-number | ip-address | all | external | internal } 57. display multicast [ all-instance | vpn-instance vpn-instance-name ] forwarding-table df-info [ rp-address ] [ | { begin | exclude | include } regular-expression ] 58. display multicast ipv6 forwarding-table df-info [ rp-address ] [ | { begin | exclude | include } regular-expression 59. bidir-pim enable undo bidir-pim enable 60. display pim [ all-instance | vpn-instance vpn-instance-name ] df-info [ rp-address ] [ | { begin | exclude | include } regular-expression ] 61. bidir-pim enable undo bidir-pim enable 62. display pim ipv6 df-info [ rp-address ] [ | { begin | exclude | include } regular-expression ] 63. isdn progress-indicator indicator undo isdn progress-indicator [ indicator ] 64. outbound-proxy { dns domain-name | ipv4 ip-address } [ port port-number ] undo outbound-proxy { dns | ipv4 } 65. uri user-info user-info [ domain domain-name ] undo uri All the commands please refer to AR 19_29_49_19-0X_19-1X Command Manual
Version Number
Item
ed Comm ands
Description
Original command: mpls l2vc destination vcid [ tunnel-policy tunnel-policy-name ] [ control-word | no-control-word ] undo mpls l2vc Modified command: mpls l2vc destination vcid [ { control-word | ethernet | ip-interworking | no-control-word | vlan } | [ tunnel-policy tunnel-policy-name ] [ backup-peer ip-address vcid [ backup-tunnel-policy tunnel-policy-name | revertive [ wtr-time wtr-time ] ] * ] ] * undo mpls l2vc Module of the command: MPLS Description: Change this command from [ tunnel-policy tunnel-policy-name ] [ control-word | no-control-word ] to [ { control-word | ethernet | ip-interworking | no-control-word | vlan } | [ tunnel-policy tunnel-policy-name ] [ backup-peer ip-address vcid [ backup-tunnel-policy tunnel-policy-name | revertive [ wtr-time wtr-time ] ] * ] ] *. Use the mpls l2vc command to create a Martini L2VPN connection. Use the undo mpls l2vc command to delete the Martini connection on the CE interface. If you do not specify the tunneling policy, or if you specify the tunneling policy name but do not configure the policy, the default policy is used for the VC. The default tunneling policy selects only one tunnel in this order: LSP tunnel, GRE tunnel, CR-LSP tunnel. Only L2VPNs that use ATM, PPP, FR, or HDLC encapsulation support the control word option. The PW encapsulation type can be Ethernet or VLAN. The device allows you to specify the PW encapsulation type for only Layer 3 Ethernet interfaces and subinterfaces, Layer 3 virtual Ethernet interfaces and subinterfaces, and VLAN interfaces. When not specified, the PW encapsulation type depends on the interface type: it is Ethernet on Layer 3 Ethernet interfaces and Layer 3 virtual Ethernet interfaces, and VLAN on Layer 3 Ethernet subinterfaces, Layer 3 virtual Ethernet subinterfaces, and VLAN interfaces. Parameters: destination: IP address of the peer PE. vc-id: VC ID of the L2VPN connection, in the range 1 to 4294967295. control-word: Enables the control word option. Support for this keyword depends on the device model. no-control-word: Disables the control word option. Support for this keyword depends on the device model. ethernet: Specifies the PW encapsulation type of Ethernet. In Ethernet mode, P-Tag is not transferred on the PW. If a packet from a CE contains the service delimiter, the PE removes the service delimiter and adds a PW label and tunnel label into the packet before sending the packet out. If a packet from a CE contains no delimiter, the PE directly adds a PW label and a tunnel label into the packet and then sends the packet out. For a packet to be sent downstream, you can configure the PE to add or not add the service delimiter into the packet, but rewriting and removing of existing tags are not allowed. Support for this keyword depends on the device model. Page 37 of page141
2011-09-27
Huawei Confidential
Version Number
Item
Description
ip-interworking: Enables support for the MPLS L2VPN interworking feature. Support for this keyword depends on the device model. vlan: Specifies the PW encapsulation type of VLAN. In VLAN mode, packets transmitted over the PW must carry a P-Tag. For a packet from a CE, if it contains the service delimiter, the PE keeps the P-TAG unchanged or changes the P-tag to the VLAN tag expected by the peer PE or to a null tag (the tag value is 0), and then adds a PW label and a tunnel label into the packet before sending the packet out. If the packet contains no service delimiter, the PE adds the VLAN tag expected by the peer PE or a null tag, and then a PW label and a tunnel label into the packet before sending the packet out. For a packet to be sent downstream, the PE rewrites, removes, or retains the service delimiter depending on your configuration. Support for this keyword depends on the device model. tunnel-policy tunnel-policy-name: Specifies the tunneling policy for the VC. The tunneling policy name is a case insensitive string of 1 to 19 characters. backup-peer ip-address vcid: Specifies the IP address of the backup links peer PE and the VC ID of the backup link. The VC ID ranges from 1 to 4294967295. Support for this keyword and argument combination depends on the device model. backup-tunnel-policy tunnel-policy-name: Specifies the tunneling policy for the backup link. The tunneling policy name is a case insensitive string of 1 to 19 characters. Support for this keyword and argument combination depends on the device model. revertive: Enables support for switchback. With this keyword specified, when the main link recovers, traffic is switched from the backup link back to the main link automatically. Traffic will not be switched back automatically if you do not specify this keyword. Support for this keyword depends on the device model. wtr-time wtr-time: Specifies switchback delay time. After the main link recovers, the device waits for a period of time dictated by the switchback delay time before switching the traffic from the backup link back to the main link. The wtr-time argument ranges from 1 to 720 and defaults to 30, in minutes. Support for this keyword and argument combination depends on the device model. Changes in default values: None. Changes in value ranges: None. 2. Original command: mpls static-l2vc destination destination-router-id transmit-vpn-label transmit-label-value receive-vpn-label receive-label-value [ tunnel-policy tunnel-policy-name ] [ control-word | no-control-word ] undo mpls static-l2vc Modified command: mpls static-l2vc destination destination-router-id transmit-vpn-label transmit-label-value receive-vpn-label receive-label-value [ { control-word | ethernet | ip-interworking | no-control-word | vlan } | tunnel-policy tunnel-policy-name ] * undo mpls static-l2vc Module of the command: MPLS
2011-09-27
Huawei Confidential
Page 38 of page141
Version Number
Item
Description
Description: Change this command from [ tunnel-policy tunnel-policy-name ] [ control-word | no-control-word ] to [ { control-word | ethernet | ip-interworking | no-control-word | vlan } | tunnel-policy tunnel-policy-name ] *. Use the mpls static-l2vc command to create a static VC between CEs connected to different PEs. Use the undo mpls static-l2vc command to delete the static VC. You must configure the command on both PEs. The destination address is the IP address of the peer PE. The outgoing label and incoming label are, respectively, the incoming label and outgoing label of the peer. If you do not specify the tunneling policy, or if you specify the tunneling policy name but do not configure the policy, the default policy is used for the VC. The default tunneling policy selects only one tunnel in this order: LSP tunnel, GRE tunnel, CR-LSP tunnel. Only L2VPNs using ATM, PPP, FR, or HDLC encapsulation supports the control word option. The PW encapsulation type can be Ethernet or VLAN. The device allows you to specify the PW encapsulation type for only Layer 3 Ethernet interfaces and subinterfaces, Layer 3 virtual Ethernet interfaces and subinterfaces, and VLAN interfaces. When not specified, the PW encapsulation type depends on the interface type: it is Ethernet on Layer 3 Ethernet interfaces and Layer 3 virtual Ethernet interfaces, and VLAN on Layer 3 Ethernet subinterfaces, Layer 3 virtual Ethernet subinterfaces, and VLAN interfaces. Parameters: destination dest-router-id: Specifies a destination router ID. transmit-vpn-label transmit-label-value: Specifies an outgoing label for the VPN, or, the outgoing label for the static level 2 VC. The value ranges from 16 to 1023. receive-vpn-label receive-label-value: Specifies an incoming label for the VPN, or, the incoming label for the static level 2 VC. The value ranges from 16 to 1023. control-word: Enables the control word option. Support for this keyword depends on the device model. ethernet: Specifies the PW encapsulation type of Ethernet. In Ethernet mode, P-Tag is not transferred on the PW. If a packet from a CE contains the service delimiter, the PE removes the service delimiter and adds a PW label and tunnel label into the packet before sending the packet out. If a packet from a CE contains no delimiter, the PE directly adds a PW label and a tunnel label into the packet and then sends the packet out. For a packet to be sent downstream, you can configure the PE to add or not add the service delimiter into the packet, but rewriting and removing of existing tags are not allowed. Support for this keyword depends on the device model. ip-interworking: Enables support for the MPLS L2VPN interworking feature. Support for this keyword depends on the device model. no-control-word: Disables the control word option. Support for this keyword depends on the device model. vlan: Specifies the PW encapsulation type of VLAN. In VLAN mode, packets transmitted over the PW must carry a P-Tag. For a packet from a CE, if it contains the service delimiter, the PE keeps the P-TAG unchanged or changes the P-tag to the VLAN tag expected by the peer PE or to a null tag
2011-09-27
Huawei Confidential
Page 39 of page141
Version Number
Item
Description
(the tag value is 0), and then adds a PW label and a tunnel label into the packet before sending the packet out. If the packet contains no service delimiter, the PE adds the VLAN tag expected by the peer PE or a null tag, and then a PW label and a tunnel label into the packet before sending the packet out. For a packet to be sent downstream, the PE rewrites, removes, or retains the service delimiter depending on your configuration. Support for this keyword depends on the device model. tunnel-policy tunnel-policy-name: Specifies an tunneling policy for the VC, a string of 1 to 19 characters. Changes in default values: None. Changes in value ranges: None. 3. Original command: static-rp rp-address [ acl-number ] [ preferred ] Modified command: static-rp rp-address [ acl-number ] [ preferred ] [ bidir ] Module of the command: PIM Description: Add a new parameter of bidir. bidir: Configures the static RP to serve multicast groups in BIDIR-PIM. Without this argument, the static RP serves groups in PIM-SM. Changes in default values: None. Changes in value ranges: None. 4. Original command: debugging pim [ all-instance | vpn-instance vpn-instance-name ] { all | assert [ advanced-acl-number ] [ receive | send ] | event [ advanced-acl-number ] | join-prune [ advanced-acl-number ] [ receive | send ] | msdp [ advanced-acl-number ] | neighbor [ basic-acl-number ] [ receive | send ] | register [ advanced-acl-number ] | routing-table [ advanced-acl-number ] | rp [ receive | send ] | state-refresh [ advanced-acl-number ] [ receive | send ] } undo debugging pim [ all-instance | vpn-instance vpn-instance-name ] { all | assert [ receive | send ] | event | join-prune [ receive | send ] | msdp | neighbor [ receive | send ] | register | routing-table | rp [ receive | send ] | state-refresh [ receive | send ] } Modified command: debugging pim [ all-instance | vpn-instance vpn-instance-name ] { all | assert [ advanced-acl-number ] [ receive | send ] | df | event [ advanced-acl-number ] | join-prune [ advanced-acl-number ] [ receive | send ] | msdp [ advanced-acl-number ] | neighbor [ basic-acl-number ] [ receive | send ] | register [ advanced-acl-number ] | routing-table [ advanced-acl-number ] | rp [ receive | send ] | state-refresh [ advanced-acl-number ] [ receive | send ] } undo debugging pim [ all-instance | vpn-instance vpn-instance-name ] { all | assert [ receive | send ] | df | event | join-prune [ receive | send ] | msdp | neighbor [ receive | send ] | register | routing-table | rp [ receive | send ] | state-refresh [ receive | send ] } Module of the command: PIM
2011-09-27
Huawei Confidential
Page 40 of page141
Version Number
Item
Description
Description: Add a new parameter of df. df: Debugging for DF information of PIM. Changes in default values: None. Changes in value ranges: None. 5. Original command: static-rp ipv6-rp-address [ acl6-number ] [ preferred ] Modified command: static-rp ipv6-rp-address [ acl6-number ] [ preferred ] [ bidir ] Module of the command: PIM Description: Add a new parameter of bidir. bidir: Configures the static RP to serve multicast groups in IPv6 BIDIR-PIM. Without this argument, the static RP serves groups in IPv6 PIM-SM. Changes in default values: None. Changes in value ranges: None. 6. Original command: debugging pim ipv6 { all | assert [ advanced-acl6-number ] [ receive | send ] | event [ advanced-acl6-number ] | join-prune [ advanced-acl6-number ] [ receive | send ] | neighbor [ basic-acl6-number ] [ receive | send ] | register [ advanced-acl6-number ] | routing-table [ advanced-acl6-number ] | rp [ receive | send ] | state-refresh [ advanced-acl6-number ] [ receive | send ] } undo debugging pim ipv6 { all | assert [ receive | send ] | event | join-prune [ receive | send ] | neighbor [ receive | send ] | register | routing-table | rp [ receive | send ] | state-refresh [ receive | send ] } Modified command: debugging pim ipv6 { all | assert [ advanced-acl6-number ] [ receive | send ] | df | event [ advanced-acl6-number ] | join-prune [ advanced-acl6-number ] [ receive | send ] | neighbor [ basic-acl6-number ] [ receive | send ] | register [ advanced-acl6-number ] | routing-table [ advanced-acl6-number ] | rp [ receive | send ] | state-refresh [ advanced-acl6-number ] [ receive | send ] } undo debugging pim ipv6 { all | assert [ receive | send ] | df | event | join-prune [ receive | send ] | neighbor [ receive | send ] | register | routing-table | rp [ receive | send ] | state-refresh [ receive | send ] } Module of the command: PIM Description: Add a new parameter of df. df: Debugging for DF information of IPv6 PIM. Changes in default values: None. Changes in value ranges: None. 7. Original command: defense icmp-flood ip ip-address [ max-rate rate-number ] Page 41 of page141
2011-09-27
Huawei Confidential
Version Number
Item
Description
undo defense icmp-flood ip ip-address [ max-rate ] Modified command: defense icmp-flood ip ip-address rate-threshold high rate-number [ low rate-number ] undo defense icmp-flood ip ip-address [ rate-threshold ] Module of the command: Security Description: Change the parameter of defense icmp-flood ip from [ max-rate rate-number ] to rate-threshold high rate-number [ low rate-number ]. And change the command of undo defense icmp-flood ip from [ max-rate ] to [ rate-threshold ]. Parameters: high rate-number: Sets the action threshold for ICMP flood attack protection of the specified IP address. rate-number indicates the number of ICMP packets sent to the specified IP address per second, and is in the range from 1 to 64000. With the ICMP flood attack protection enabled, the device enters the attack detection state. When the device detects that the sending rate of ICMP packets destined for the specified IP address constantly reaches or exceeds the specified action threshold, the device considers the IP address is under attack, enters the attack protection state, and takes protection actions as configured. low rate-number: Sets the silence threshold for ICMP flood attack protection of the specified IP address. rate-number indicates the number of ICMP packets sent to the specified IP address per second, and is in the range from 1 to 64000. The default value of the silence threshold is 3/4 of the action threshold. If the device, when in the attack protection state, detects that the sending rate of ICMP packets destined for the specified IP address drops below the silence threshold, it considers that the attack is over, returns to the attack detection state, and stops the protection actions. Changes in default values: None. Changes in value ranges: None. 8. Original command: defense icmp-flood max-rate rate-number undo defense icmp-flood max-rate Modified command: defense icmp-flood rate-threshold high rate-number [ low rate-number ] undo defense icmp-flood rate-threshold Module of the command: Security Description: Change the parameter of defense icmp-flood from max-rate rate-number to rate-threshold high rate-number [ low rate-number ]. Change the command of undo defense icmp-flood from max-rate to rate-threshold. Parameters: high rate-number: Sets the global action threshold for ICMP flood attack protection. rate-number indicates the number of ICMP packets sent to an IP address per second, and is in the range from 1 to 64000. With ICMP flood attack enabled, the device enters the attack detection state. When the Page 42 of page141
2011-09-27
Huawei Confidential
Version Number
Item
Description
device detects that the sending rate of ICMP packets destined for an IP address constantly reaches or exceeds the specified action threshold, the device considers the IP address is under attack, enters the attack protection state, and takes protection actions as configured. low rate-number: Sets the global silence threshold for ICMP flood attack protection. rate-number indicates the number of ICMP packets sent to an IP address per second, and is in the range from 1 to 64000. If the device, when in the attack protection state, detects that the sending rate of ICMP packets destined for an IP address drops below the silence threshold, it considers that the attack to the IP address is over, returns to the attack detection state, and stops the protection actions. Changes in default values: None. Changes in value ranges: None. 9. Original command: defense syn-flood ip ip-address [ max-half-connections half-connections | max-rate rate-number ] undo defense syn-flood ip ip-address [ max-half-connections | max-rate ] Modified command: defense syn-flood ip ip-address rate-threshold high rate-number [ low rate-number ] undo defense syn-flood ip ip-address [ rate-threshold ] Module of the command: Security Description: Change the parameter of defense syn-flood ip from [ max-half-connections half-connections | max-rate rate-number ] to rate-threshold high rate-number [ low rate-number ]. Change the command of undo defense syn-flood from [ max-half-connections | max-rate ] to [ rate-threshold ]. Parameters: ip-address: IP address to be protected. This IP address cannot be a broadcast address, 127.0.0.0/8, a class D address, or a class E address. high rate-number: Sets the action threshold for SYN flood attack protection of the specified IP address. rate-number indicates the number of SYN packets sent to the specified IP address per second, and is in the range 1 to 64000. With SYN flood attack protection enabled, the device enters the attack detection state. When the device detects that the sending rate of SYN packets destined for the specified IP address constantly reaches or exceeds the specified action threshold, the device considers the IP address is under attack, enters the attack protection state, and takes protection actions as configured. low rate-number: Sets the silence threshold for SYN flood attack protection of the specified IP address. rate-number indicates the number of SYN packets sent to the specified IP address per second, and is in the range 1 to 64000. The default value of the silence threshold is 3/4 of the action threshold. If the device, when in the attack protection state, detects that the sending rate of SYN packets destined for the specified IP address drops below the silence threshold, it considers that the attack is over, returns to the attack detection state and stops taking the protection measures. Changes in default values: None. Page 43 of page141
2011-09-27
Huawei Confidential
Version Number
Item
Description
Changes in value ranges: None. 10. Original command: defense syn-flood { max-half-connections half-connections | max-rate rate-number } * undo defense syn-flood { max-half-connections | max-rate } Modified command: defense syn-flood rate-threshold high rate-number [ low rate-number ] undo defense syn-flood rate-threshold Module of the command: Security Description: Change the parameter of defense syn-flood from { max-half-connections half-connections | max-rate rate-number } * to rate-threshold high rate-number [ low rate-number ]. Change the command of undo defense syn-flood from { max-half-connections | max-rate } to rate-threshold. Parameters: high rate-number: Sets the global action threshold for SYN flood attack protection. rate-number indicates the number of SYN packets sent to an IP address per second, and is in the range 1 to 64000. With the SYN flood attack protection enabled, the device enters the attack detection state. When the device detects that the sending rate of SYN packets destined for an IP address constantly reaches or exceeds the specified action threshold, the device considers the IP address is under attack, enters the attack protection state, and takes protection actions as configured. low rate-number: Sets the global silence threshold for SYN flood attack protection. rate-number indicates the number of SYN packets sent to an IP address per second, and is in the range 1 to 64000. If the device, when in the attack protection state, detects that the sending rate of SYN packets destined for an IP address drops below the silence threshold, it considers that the attack to the IP address is over, returns to the attack detection state and stops the protection actions. Changes in default values: None. Changes in value ranges: None. 11. Original command: defense udp-flood ip ip-address [ max-rate rate-number ] undo defense udp-flood ip ip-address [ max-rate ] Modified command: defense udp-flood ip ip-address rate-threshold high rate-number [ low rate-number ] undo defense udp-flood ip ip-address [ rate-threshold ] Module of the command: Security Description: Change the parameter of defense udp-flood ip from [ max-rate rate-number ] to rate-threshold high rate-number [ low rate-number ]. Change the command of undo defense udp-flood ip from [ max-rate ] to [ rate-threshold ]. Page 44 of page141
2011-09-27
Huawei Confidential
Version Number
Item
Description
Parameters: high rate-number: Sets the action threshold for UDP flood attack protection of the specified IP address. rate-number indicates the number of UDP packets sent to the specified IP address per second, and is in the range 1 to 64000. With the UDP flood attack protection enabled, the device enters the attack detection state. When the device detects that the sending rate of UDP packets destined for the specified IP address constantly reaches or exceeds the specified action threshold, the device considers the IP address is under attack, enters the attack protection state, and takes protection actions as configured. low rate-number: Sets the silence threshold for UDP flood attack protection of the specified IP address. rate-number indicates the number of UDP packets sent to the specified IP address per second, and is in the range 1 to 64000. The default value of the silence threshold is 3/4 of the action threshold. If the device, when in the attack protection state, detects that the sending rate of UDP packets destined for the specified IP address drops below the silence threshold, it considers that the attack is over, returns to the attack detection state, and stops the protection measures. Changes in default values: None. Changes in value ranges: None. 12. Original command: defense udp-flood max-rate rate-number undo defense udp-flood max-rate Modified command: defense udp-flood rate-threshold high rate-number [ low rate-number ] undo defense udp-flood rate-threshold Module of the command: Security Description: Change the parameter of defense udp-flood from Change the parameter of to rate-threshold high rate-number [ low rate-number ]. Change the command of undo defense udp-flood from max-rate to rate-threshold. Parameters: high rate-number: Sets the global action threshold for UDP flood attack protection. rate-number indicates the number of UDP packets sent to an IP address per second, and is in the range 1 to 64000. With the UDP flood attack protection enabled, the device enters the attack detection state. When the device detects that the sending rate of UDP packets destined for an IP address constantly reaches or exceeds the specified action threshold, the device considers the IP address is under attack, enters the attack protection state, and takes protection actions as configured. low rate-number: Sets the global silence threshold for UDP flood attack protection. rate-number indicates the number of UDP packets sent to an IP address per second, and is in the range 1 to 64000. If the device, when in the attack protection state, detects that the sending rate of UDP packets destined for an IP address drops below the silence threshold, it considers that the attack to the IP address is over, returns to the attack detection state, and stops the protection actions. Changes in default values: None.
2011-09-27
Huawei Confidential
Page 45 of page141
Version Number
Item
Description
Changes in value ranges: None. 13. Original command: ospfv3 [ process-id ] Modified command: ospfv3 [ process-id ] [ vpn-instance vpn-instance-name ] Module of the command: OSPFv3 Description: Add the new parameter of [ vpn-instance vpn-instance-name ]. vpn-instance vpn-instance-name: Specifies an MPLS L3VPN. vpn-instance-name is a case-sensitive string of 1 to 31 characters. If no VPN is specified, the OSPFv3 process belongs to the public network. Support for this keyword and argument combination depends on the device model. Changes in default values: None. Changes in value ranges: None. 14. Original command: vad-on undo vad-on Modified command: vad-on [ g723r53 | g723r63 | g729a | g729r8 ] * undo vad-on [ g723r53 | g723r63 | g729a | g729r8 ] * Module of the command: Voice Entity Description: Add the new parameters of [ g723r53 | g723r63 | g729a | g729r8 ] *. g723r53: Specifies the g723r53 codec. g723r63: Specifies the g723r63 codec. g729a: Specifies the g729a codec. g729r8: Specifies the g729r8 codec. Use the vad-on command to enable VAD.Use the undo vad-on command to disable VAD. By default, VAD is disabled.If you execute the vad-on or undo vad-on command without specifying a codec, VAD for all codecs is enabled or disabled.The G.711 and G.726 codecs do not support VAD.The G.729br8 codec always supports VAD. The VAD discriminates between silence and speech on a voice connection according to signal energies. VAD reduces the bandwidth requirements of a voice connection by not generating traffic during periods of silence in an active voice connection. Speech signals are generated and transmitted only when an active voice segment is detected. Researches show that VAD can save the transmission bandwidth by 50%.Related commands: cng-on. Changes in default values: None. Changes in value ranges: None. 15. Original command:
2011-09-27
Huawei Confidential
Page 46 of page141
Version Number
Item
Description
display dns dynamic-host display dns ipv6 dynamic-host Modified command: display dns host [ ip | ipv6 | naptr | srv ] Module of the command: Domain name resolution Description: Delete the commands of display dns dynamic-host and display dns ipv6 dynamic-host. Add a new command of display dns host [ ip | ipv6 | naptr | srv ] instead. View: Any view Parameters: ip: Displays the dynamic cache information of type A queries. A type A query resolves a domain name to the mapped IPv4 address. ipv6: Displays the dynamic cache information of type AAAA queries. A type AAAA query resolves a domain name to the mapped IPv6 address. For more information, see the Layer 3IP Services Configuration Guide. naptr: Displays the dynamic cache information of NAPTR queries. A NAPTR query offers the replacement rule of a character string to convert the character string to a domain name. For more information, see the Voice Configuration Guide. srv: Displays the dynamic cache information of SRV queries. An SRV query offers the domain name of a certain service site. For more information, see the Voice Configuration Guide. |: Filters command output by specifying a regular expression. For more information about regular expressions, see CLI configuration in the Fundamentals Configuration Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression. regular-expression: Specifies a regular expression, which is a case sensitive string of 1 to 256 characters. Description: Use the display dns host command to display the dynamic DNS cache information. Without any keyword specified, the dynamic DNS cache information of all query types will be displayed. Related commands: reset dns host. Examples: # Display the dynamic DNS cache information of all query types. <Sysname> display dns host No. Host 1 2 3 sample.com sample.net sip.sample.com TTL Type Reply Data 3132 IP 192.168.10.1 2925 IPv6 FE80::4904:4448 3122 NAPTR 100 10 u sip+E2U !^.*$!sip:info.se!i Page 47 of page141
2011-09-27
Huawei Confidential
Version Number
Item
Description
4 website.tcp.sample.com 3029 SRV 10 10 8080 iis.sample.com
Changes in default values: None. Changes in value ranges: None. 16. Original command: reset dns dynamic-host reset dns ipv6 dynamic-host Modified command: reset dns host [ ip | ipv6 | naptr | srv ] Module of the command: Domain name resolution Description: Delete the commands of reset dns dynamic-host and reset dns ipv6 dynamic-host. Add a new command of reset dns host [ ip | ipv6 | naptr | srv ] instead. View: User view Parameters: ip: Clears the dynamic cache information of type A queries. A type A query resolves a domain name to the mapped IPv4 address. ipv6: Clears the dynamic cache information of type AAAA queries. A type AAAA query resolves a domain name to the mapped IPv6 address. For more information, see the Layer 3IP Services Configuration Guide. naptr: Clears the dynamic cache information of NAPTR queries. A NAPTR query offers the replacement rule of a character string to convert the character string to a domain name. For more information, see the Voice Configuration Guide. srv: Clears the dynamic cache information of SRV queries. An SRV query offers the domain name of a certain service site. For more information, see the Voice Configuration Guide. Description: Use the reset dns host command to clear information of the dynamic DNS cache. Without any keyword specified, this command clears the dynamic DNS cache information of all query types. Related commands: display dns host. Examples: # Clear the dynamic DNS cache information of all query types. <Sysname> reset dns host Changes in default values: None. Changes in value ranges: None. 17. Original command: nat outbound [ acl-number ] [ address-group group-number [ no-pat [ reversible ] ] ] [ track vrrp virtual-router-id ] undo nat outbound [ acl-number ] [ address-group group-number [ no-pat 2011-09-27 Huawei Confidential Page 48 of page141
Version Number
Item
Description
[ reversible ] ] ] [ track vrrp virtual-router-id ] Modified command: nat outbound [ acl-number ] [ address-group group-number [ vpn-instance vpn-instance-name ] [ no-pat [ reversible ] ] ] [ track vrrp virtual-router-id ] undo nat outbound [ acl-number ] [ address-group group-number [ vpn-instance vpn-instance-name ] [ no-pat [ reversible ] ] ] [ track vrrp virtual-router-id ] Module of the command: NAT Description: Add a new parameter of vpn-instance vpn-instance-name. vpn-instance vpn-instance-name: Specifies the MPLS L3VPN to which the addresses of the address pool belong. The vpn-instance-name argument is a case-sensitive string of 1 to 31 characters. With this keyword and argument combination, inter-VPN access through NAT is supported. Without this keyword and argument combination, the addresses in the address pool do not belong to any VPN. Changes in default values: None. Changes in value ranges: None. 18. Original command: nat server protocol pro-type global { global-address | interface interface-type interface-number | current-interface } global-port1 global-port2 inside local-address1 local-address2 local-port [ vpn-instance local-name ] [ track vrrp virtual-router-id ] undo nat server protocol pro-type global { global-address | interface interface-type interface-number | current-interface } global-port1 global-port2 inside local-address1 local-address2 local-port [ vpn-instance local-name ] [ track vrrp virtual-router-id ] nat server index protocol pro-type global { global-address global-port1 global-port2 inside local-address1 local-address2 local-port [ vpn-instance local-name ] [ track vrrp virtual-router-id ] | current-interface [ global-port ] inside local-address [ local-port ] [ vpn-instance local-name ] [ remote-host host-address ] [ lease-duration lease-time ] [ description string ] } undo nat server index protocol pro-type global { global-address global-port1 global-port2 inside local-address1 local-address2 local-port [ vpn-instance local-name ] [ track vrrp virtual-router-id ] | current-interface [ global-port ] inside local-address [ local-port ] [ vpn-instance local-name ] [ remote-host host-address ] [ lease-duration lease-time ] [ description string ] } Modified command: nat server protocol pro-type global { global-address | interface interface-type interface-number | current-interface } global-port1 global-port2 [ vpn-instance global-name ] inside local-address1 local-address2 local-port [ vpn-instance local-name ] [ track vrrp virtual-router-id ] undo nat server protocol pro-type global { global-address | interface interface-type interface-number | current-interface } global-port1 global-port2 [ vpn-instance global-name ] inside local-address1 local-address2 local-port [ vpn-instance local-name ] [ track vrrp virtual-router-id ] nat server index protocol pro-type global { global-address global-port1
2011-09-27
Huawei Confidential
Page 49 of page141
Version Number
Item
Description
global-port2 inside local-address1 local-address2 local-port [ vpn-instance local-name ] [ track vrrp virtual-router-id ] | current-interface [ global-port ] inside local-address [ local-port ] [ vpn-instance local-name ] [ remote-host host-address ] [ lease-duration lease-time ] [ description string ] } undo nat server index protocol pro-type global { global-address global-port1 global-port2 inside local-address1 local-address2 local-port [ vpn-instance local-name ] [ track vrrp virtual-router-id ] | current-interface [ global-port ] inside local-address [ local-port ] [ vpn-instance local-name ] [ remote-host host-address ] [ lease-duration lease-time ] [ description string ] } Module of the command: NAT Description: Add a new parameter of vpn-instance global-name. vpn-instance global-name: Specifies the MPLS L3VPN to which the advertised external network address belongs. The global-name argument is a case-sensitive string of 1 to 31 characters. Without this keyword and argument combination, the advertised external IP address does not belong to any VPN. Support for this keyword and argument combination depends on the device model. Changes in default values: None. Changes in value ranges: None. 19. Original command: nat static [ acl-number ] local-ip [ vpn-instance local-name ] global-ip undo nat static [ acl-number ] local-ip [ vpn-instance local-name ] global-ip Modified command: nat static [ acl-number ] local-ip [ vpn-instance local-name ] global-ip [ vpn-instance global-name ] undo nat static [ acl-number ] local-ip [ vpn-instance local-name ] global-ip [ vpn-instance global-name ] Module of the command:NAT Description: Add a new parameter of vpn-instance global-name. vpn-instance global-name: case-sensitive string of 1 to 31 characters. Without this keyword and argument combination, the external IP address does not belong to any VPN. Changes in default values: None. Changes in value ranges: None.
VRP520-E 2103
1.Syntax vpn-instance vpn-instance-name undo vpn-instance View HWTACACS Solution view Parameters vpn-instance-name: VPN instance name, a string of 1 to 31 characters. It is case-sensitive. Description Use the vpn-instance command to specify a VPN instance of HWTACACS Solution.
2011-09-27
Huawei Confidential
Page 50 of page141
Version Number
Item
Description
Use the undo vpn-instance command to restore the default.
The VPN instances are effective to all the HWTACACS authentication, authorization and accounting server, but override the servers VPN instance.
Examples # specify the VPN instance of HWTACACS Solution hwt1 test. <Sysname> system-view [Sysname] hwtacacs scheme hwt1 [Sysname-hwtacacs-hwt1] vpn-instance test 2. Syntax vpn-instance vpn-instance-name undo vpn-instance View RADIUS Solution view Parameters vpn-instance-name: VPN instance name, a string of 1 to 31 characters. It is case sensitive. Description Use the vpn-instance command to specify a VPN instance of RADIUS Solution. Use the undo vpn-instance command to restore the default. The VPN instances are effective to all the RADIUS authentication, authorization and accounting server, but override the servers VPN instance. And its not effective to RADIUS of IPV6. Examples # specify the VPN instance of RADIUS Solution radius1 test <Sysname> system-view [Sysname] radius scheme radius1 [Sysname-radius-radius1] vpn-instance test 3.calling-name text undo calling-name View FXS Subscriber Line view Parameters text:calling name bind with the FXS Subscriber line, string of 1~50 characters, which include 0-9,a-z,A-Z,-,.,!,%,*,+, `,' and . Description calling-name is used to configure the name information of calling user. undo calling-name is used to delete the name information of calling user. Examples # To set the calling name as tony on FXS subscriber line: <Sysname> system-view [Sysname] subscriber-line 1/0 2011-09-27 Huawei Confidential Page 51 of page141
Version Number
Item
Description
[Sysname-subscriber-line1/0] calling-name tony
Delete d Comm ands Modifi ed Comm ands VRP520-E 1908 New Comm ands
None
None
1. Syntax interface efm interface-number View System view Parameters interface-number: The interface number of EFM. Description Use the interface efm command to enter the designated interface view of EFM. Examples # Enter 0/0 interface view of EFM. <Sysname> system-view [Sysname] interface efm 0/0 [Sysname-Efm0/0] 2. Syntax qsig-tunnel enable undo qsig-tunnel enable View Voice subscriber line view Parameters None Description Use the qsig-tunnel enable command to enable the QSIG tunneling function. Use the undo qsig-tunnel enable command to disable the function. By default, the QSIG tunneling function is disabled. Examples # Enable the QSIG tunneling function. <Sysname> system-view [Sysname] voice-setup [Sysname-voice] subscriber-line 1/0:15 [Sysname-voice-line1/1:15] qsig-tunnel enable
Delete 2011-09-27
Version Number
Item
d Comm ands Modifi ed Comm ands
Description
Original command: card-mode slot slot-number mode-name Modified command: card-mode slot slot-number mode-name Module of the command: Access Description: Add three new interface modes to mode-name: atm: Configure the work mode of interface to ATM auto: Configure the work mode of interface to automatic efm: Configure the work mode of interface to EFM( Ethernet First Mile) Changes in default values: None.
VRP520-E 1804
1.Syntax ip ip-address port port-number undo ip View POS application view Parameters ip-address: IP address of the corresponding FEP for the POS application in TCP access mode. port-number: Port number of the corresponding FEP for the POS application in TCP access mode, in the range of 1 to 65535. Description Use the ip command to configure the IP address and port number of the corresponding FEP for the POS application. Use the undo ip command to remove the configuration. By default, no IP address and port number are specified for the POS application. Note that: You can specify a Class A, B, or C address, but not a Class D address. Each POS application can be configured with one pair of IP address and port number only. Use the undo ip command to remove the existing IP address and port number before specifying the new ones for the POS application. You need to configure different IP addresses and port numbers for different POS applications. Examples # Create POS application 1 in TCP connection mode. <Sysname> system-view [Sysname] posa app 1 type tcp # Specify the IP address of the corresponding FEP for POS application 1 as 1.1.1.1, and the port number as 3000. Page 53 of page141
2011-09-27
Huawei Confidential
Version Number
Item
Description
[Sysname-posa-app1] i p 1.1.1.1 port 3000 2.Syntax map { destination des-code | default } undo map { destination des-code | default } View POS application view Parameters des-code: Destination address in the TPDU header of POS packets. It is a four-hexadecimal-digit string such as FFFF, used to identify different banks, and is generally assigned from the transaction center. default: Default POS application. Description Use the map command to configure a POS multi-application mapping table. Use the undo map command to remove the configuration. A POS packet is sent to the corresponding POS application based on a combination of the destination address in the packet TPDU header and the mapping table configured by using the map command. If the TPDU destination address maps a POS application in the mapping table, the packet is sent to the POS application. If no match is found, the packet is sent to the default POS application. By default, no POS multi-application mapping table is configured. Note that: A TPDU destination address can be mapped to one POS application only. Multiple TPDU destination addresses can map the same POS application. Up to 32 POS multi-application mappings are supported. Examples # Configure a multi-application mapping table where packets destined for 01f1 are sent to POS application 2. <Sysname> system-view [Sysname] posa app 2 type flow [Sysname-posa-app2] map destination 01f1 # Configure a multi-application mapping table where unmatched packets are sent to default POS application 1. <Sysname> system-view [Sysname] posa app 1 type tcp [Sysname-posa-app1] map default 3.Syntax posa app app-id type { flow | tcp } undo posa app app-id View System view Parameters
2011-09-27
Huawei Confidential
Page 54 of page141
Version Number
Item
Description
app-id: POS application ID, in the range of 1 to 31. type: Configures the connection type of the POS application, which can be flow: Indicates the flow connection mode tcp: Indicates the TCP connection mode Description Use the posa app command to create a POS application. Use the undo posa app command to remove the POS application. By default, no POS application is created. Note that, to change the connection mode of a POS application, you need to remove the POS application by using the undo posa app command, and then create the POS application with the other connection mode. Examples # Create POS application 1 in flow connection mode. <Sysname> system-view [Sysname] posa app 1 type flow # Create POS application 2 in TCP connection mode. <Sysname> system-view [Sysname] posa app 2 type tcp 4.Syntax posa server enable undo posa server enable View System view Parameters None Description Use the posa server enable command to enable the POS access service. Use the undo posa server enable to restore the default. By default, the POS access service is disabled. To implement POS access, you must enable the POS access service first. Examples # Enable the POS access service. <Sysname> system-view [Sysname] posa server enable 5.Syntax posa terminal terminal-id type { flow | fcm | tcp listen-port port } undo posa terminal terminal-id View System view Parameters terminal-id: POS terminal ID, in the range of 1 to 255. Page 55 of page141
2011-09-27
Huawei Confidential
Version Number
Item
Description
type: Configures the access mode of the POS terminal, which can be flow: Indicates the flow access mode fcm: Indicates the FCM synchronous access mode tcp: Indicates the TCP access mode listen-port port: Specifies the listening port number of the POS terminal in TCP access mode. The port number ranges from 1 to 65535. Description Use the posa terminal command to create a POS terminal. Use the undo posa terminal command to delete the POS terminal. By default, no POS terminal is created. Note that: To change the access mode of a POS terminal, you need to remove the POS terminal by using the undo posa terminal command first, and then create the POS terminal in the access mode as needed. Listening ports specified for POS terminals operating in TCP access mode cannot conflict. Examples # Create POS terminal 1 in TCP access mode, and configure its listening port number as 3000. <Sysname> system-view [Sysname] posa terminal 1 type tcp listen-port 3000 # Create POS terminal 2 in FCM access mode. <Sysname> system-view [Sysname] posa terminal 2 type fcm 6. Syntax posa bind terminal terminal-id [ app app-id ] undo posa bind terminal View Asynchronous interface view, synchronous/asynchronous interface view, AM interface view, FCM interface view, AUX interface view Parameters terminal-id: POS terminal ID, in the range of 1 to 255. app-id: POS application ID, in the range of 1 to 31. This parameter is used to identify the POS application to be associated with a POS terminal in transparent mode. Description Use the posa bind terminal command to bind a POS terminal to the interface. Use the undo posa bind terminal command to remove the POS terminal from the interface. By default, no POS terminal is bound to the interface. Note that: Before binding the POS terminal to an interface, you need to create Page 56 of page141
2011-09-27
Huawei Confidential
Version Number
Item
Description
the POS terminal in system view. You can use this command on an interface only when the interface is not occupied by any other services. You can use this command on a synchronous/asynchronous serial interface only when the interface operates in the asynchronous mode. The POS terminal bound to an FCM interface must operate in the FCM access mode. The POS terminal bound to an asynchronous interface must operate in the flow access mode. You can bind only one POS terminal to an interface. You cannot bind the same POS terminal to multiple interfaces.
You cannot bind a POS terminal and a POS application to the same interface. The POS terminal bound to an interface cannot be switched between the nontransparent mode and transparent mode. To bind a POS terminal in transparent mode to an interface, you must create a POS application in TCP connection mode to be associated with the POS terminal first. In transparent mode, you can associate only one POS application with a POS terminal, but can associate multiple POS terminals with one POS application. Examples # Create POS terminal 1 in flow access mode. <Sysname> system-view [Sysname] posa terminal 1 type flow # Configure Async 1/0/0 as the access interface of POS terminal 1. [Sysname] interface async 1/0/0 [Sysname-Async1/0/0] posa bind terminal 1 7.Syntax entity entity-number ivr undo entity { entity-number | all | ivr } View Voice dial program view Parameters entity-number: Number of an IVR voice entity, in the range 1 to 2147483647. ivr: Indicates that the voice entity type is IVR. all: All types of voice entities. Description Use the entity ivr command to create an IVR voice entity and enter IVR voice entity view. Use the undo entity ivr command to remove the specified IVR voice entity. By default, no IVR voice entity is created. Examples
2011-09-27
Huawei Confidential
Page 57 of page141
Version Number
Item
Description
#Create IVR voice entity 100 and enter voice entity view. <Sysname> system-view [Sysname] voice-setup [Sysname-voice] dial-program [Sysname-voice-dial] entity 100 ivr 8. Syntax ivr-root node-id undo ivr-root View IVR voice entity view Parameters node-id: Specifies the ID of the root node, in the range 1 to 256. Description Use the ivr-root command to specify the root node (the first node to be executed) of an IVR voice entity. Use the undo ivr-root command to remove the configuration. By default, the root node is not configured for an IVR voice entity. Examples # Configure the root node of IVR voice entity 100. <Sysname> system-view [Sysname] voice-setup [Sysname-voice] dial-program [Sysname-voice-dial] entity 100 ivr [Sysname-voice-dial-entity100] ivr-root 1 9.Syntax ivr-system View Voice view Default Level 2: System level Parameters Node Description Use the ivr-system command to enter IVR management view. Examples # Enter IVR management view. <Sysname> system-view [Sysname] voice-setup [Sysname-voice] ivr-system [Sysname-voice-ivr]
2011-09-27
Huawei Confidential
Page 58 of page141
Version Number
Item
Description
10.Syntax media-file { g711alaw | g711ulaw | g723r53 | g729r8 } View IVR management view Default Level 2: System level Parameters g711alaw: Enters g711alaw codec view. g711ulaw: Enters g711ulaw codec view. g723r53: Enters g723r53 codec view. g729r8: Enters g729r8 codec view. Description Use the media-file command to enter voice media resource management view. Related commands: ivr-system, set-media. Examples # Enters g729r8 codec view. <Sysname> system-view [Sysname] voice-setup [Sysname-voice] ivr-system [Sysname-voice-ivr] media-file g729r8 [Sysname-voice-ivr-g729r8] 11.Syntax set-media media-id filename undo set-media { media-id | all } View Voice media resource management view Default Level 2: System level Parameters media-id: Specifies the media resource file ID, in the range 1000 to 2147483647. filename: Media resource file name. Spaces are permitted, and the file name must be in double-quote marks. The maximum length of the value is 136 bytes, excluding the length of double-quote marks. all: All media resource file IDs. Description Use the set-media command to specify a media resource ID for a media resource file. Each codec can be configured with up to 256 media resource IDs. Use the undo set-media command to remove the configuration. By default, no customized media ID is specified for a media resource file.
2011-09-27
Huawei Confidential
Page 59 of page141
Version Number
Item
Description
Related commands: media-file. Examples # Specify 10001 as the media resource ID of the media resource file cf:/g729/ring.wav. <Sysname> system-view [Sysname] voice-setup [Sysname-voice] ivr-system [Sysname-voice-ivr] media-file g729r8 [Sysname-voice-ivr-g729r8] set-media 10001 cf:/g729/ring.wav 12. Syntax dmc acl acl-number undo dmc acl View System view Default level 2: System level Parameters acl-number: ACL number, in the range 2000 to 2999. Description Use the dmc acl command to use an ACL to control the users' access to the DMC web interface. Use the undo dmc acl command to restore the default. By default, no ACL is used to control the users' access to the DMC web interface. If no ACL is configured for the DMC, no access control is performed. If an ACL is configured for the DMC, there are two situations: if a user matches the ACL criterion, the access of the user to the DMC web interface is permitted or denied according to the ACL rule; if a user does not match the ACL criterion, the access of the user to the DMC web interface is denied. This command is available only after the DMC function is enabled. Examples # Use ACL 2008 to control the users' access to the DMC web interface, that is, only the users on the network segment 192.168.1.0/24 are permitted to access the web interface. <Sysname>system-view [Sysname] acl number 2008 [Sysname-acl-basic-2008] rule permit source 192.168.1.1 0.0.0.255 [Sysname-acl-basic-2008] quit [Sysname] dmc acl 2008 13.Syntax dmc device-type detect View Page 60 of page141
2011-09-27
Huawei Confidential
Version Number
Item
Description
System view Default level 2: System level Parameters None Description Use the dmc device-type detect command to enable detection of experimental devices. This command is available only after the DMC function is enabled. Related commands: dmc enable, display dmc device-type. Examples # Enable detection of experimental devices. <Sysname> system-view [Sysname] dmc device-type detect 14.Syntax dmc enable undo dmc enable View System view Default level 2: System level Parameters None Description Use the dmc enable command to enable the DMC function and the system will detect the experimental devices automatically. Use the undo dmc enable command to restore the default. By default, the DMC function is disabled. When you enabling or disabling the DMC function, the DMC web server is enabled or disabled simultaneously. Examples # Enable the DMC function. <Sysname> system-view [Sysname] dmc enable 15.Syntax redirect monitor-port port-number View AUX user interface view, TTY user interface view Parameters port-number: Specify DMC monitoring port number, in the range 3000 to 50000. Page 61 of page141
2011-09-27
Huawei Confidential
Version Number
Item
Description
Description Use the redirect monitor-port command to set the number of a DMC monitoring port. By default, the system automatically allocates a monitoring port number, which is usually 3000 plus the absolute number of the TTY user interface corresponding to the experimental device. Examples # Set the number for the DMC monitoring port to 3017. <Sysname> system-view [Sysname] user-interface tty 17 [Sysname-ui-tty17] redirect monitor-port 3017 16.Syntax timer session-expires seconds [ minimum min-seconds ] undo timer session-expires View SIP client view Default Level 2: System level Parameters seconds: Maximum session duration, in the range 90 to 65,535, in seconds. minimum min-seconds: Minimum session duration, in the range 90 to 65,535, in seconds. Description Use the timer session-expires command to enable periodic refresh of SIP sessions and set the maximum and minimum session durations. Use the undo timer session-expires command to restore the default. By default, the periodic refresh of SIP sessions is not enabled, namely, the maximum session duration of a SIP session is 0, but the minimum session duration (90 seconds by default) is still effective. Examples # Enable periodic refresh of SIP sessions; set the maximum session duration to 1,800 seconds and the minimum session duration to 1,000 seconds. <Sysname> system-view [Sysname] voice-setup [Sysname-voice] sip [Sysname-voice-sip] timer session-expires 1800 minimum 1000 17.Syntax sip-comp { callee | from | t38 | x-parameter } undo sip-comp { callee | from | t38 | x-parameter } View SIP client view Page 62 of page141
2011-09-27
Huawei Confidential
Version Number
Item
Description
Default Level 2: System level Parameters callee: Extracts the called number from the To header field. from: Configures the device to use the IP address or the DNS domain name in the To header field as the IP address in the From header field when sending a SIP request for interoperability with other vendors. By default, the From header field indicates the calling address and the To header field indicates the called address. t38: When a SIP standard T.38 fax operation is performed, fax parameters T38FaxTranscodingJBIG, T38FaxTranscodingMMR, and T38FaxFillBitRemoval, which are in the SDP fields of the re-INVITE requests and 200 OK responses, do not contain :0. x-parameter: For a fax pass-through operation, the SDP fields of the re-INVITE requests and 200 OK responses contain X-fax description; for a modem pass-through operation, the SDP fields of the re-INVITE requests and 200 OK responses contain X-modem description. Description Use the sip-comp command to configure SIP compatibility. Use the undo sip-comp command to restore the default. By default, the SIP compatibility option is not configured. Examples # Configure the device to use the IP address in the To field as the IP address in the From field when sending a SIP request. <Sysname> system-view [Sysname] voice-setup [Sysname-voice] sip [Sysname-voice-sip] sip-comp from # Configure the device to use the corresponding event description in the SDP field when sending a re-INVITE request in a fax pass-through or modem-pass-through operation. <Sysname> system-view [Sysname] voice-setup [Sysname-voice] sip [Sysname-voice-sip] sip-comp x-parameter All the commands please refer to AR 19_29_49_19-0X_19-1X Command Manual
None.
Original command: mwi-server ipv4 ip-address [ expires seconds ] [ port port-number ] [ retry seconds ] { bind | no-bind { loose | strict } } Page 63 of page141
2011-09-27
Huawei Confidential
Version Number
Item
ands
Description
undo mwi-server ipv4 Modified command: mwi-server {dns domain-name | ipv4 ip-address} [ expires seconds ] [ port port-number ] [ retry seconds ] { bind | no-bind { loose | strict } } undo mwi-server Module of the command: Call services Description: Add dns domain-name: dns domain-name: Specifies the domain name of the voice mailbox server. The value consists of 1 to 20 characters, which are not case-sensitive and include letters, numbers, hyphens (-), underlines (_), and dots (.).. Changes in default values: None.
VRP520-B 1707
1. Syntax configuration encrypt { private-key | public-key } undo configuration encrypt View System view Parameters private-key: Encrypts a configuration file with a private key. public-key: Encrypts a configuration file with a public key. Description Use the configuration encrypt command to enable configuration file encryption. Use the undo configuration encrypt command to restore the default. By default, configuration file encryption is disabled, that is, the current valid configurations are directly saved to the configuration file. With this feature enabled, a configuration file is encrypted every time before it is saved (by the save command). Encrypted by a private key, a configuration file can be decrypted and recognized only by the local device; encrypted by a public key, a configuration files can be decrypted and recognized by all devices supporting this feature. Examples # Configure to encrypt the configuration file with a public key before saving it. <Sysname> system-view [Sysname] configuration encrypt public-key
2.Syntax
display sampler [ sampler-name ]
View
Any view
Parameters
sampler-name: Specifies the sampler name, a string of up to 32 characters.
2011-09-27
Huawei Confidential
Page 64 of page141
Version Number
Item
Description
slot slot-id: Displays sampler entry of the specified slot.
Description
Use the display sampler command to view configuration and status information about a sampler. Executing the command with no argument, the configuration and status information about all samplers is displayed. On a distributed device, executing the command with the slot-id argument, the configuration and status information about the sampler of the card that resides in the specified slot is displayed.
Examples
# Display the configuration and status information about the specified sampler on a router.
<Sysname> display sampler abc slot 1 Sampler name: abc Index: 1, Mode: Random, Packet-interval: 8 Packet counter: 100, Random number: 200
# Display the configuration and status information about the specified sampler on a switch.
<Sysname> display sampler abc slot 1 Sampler name: abc Index: 1, Mode: Random, Packet-interval: 8
3.Syntax
reset sampler statistics [ sampler-name ]
View
User view
Parameters
sampler-name: Specifies the sampler name, a string of up to 32 characters.
Description
Use the reset sampler statistics command to clear the running information of a sampler, including the counter, total number of packets processed and number of selected packets. With no sampler-name specified, this command clears the running information of all samplers. On a distributed device, this command is effective for all cards.
Examples
# Clear the running information of the specified sampler.
<Sysname> reset sampler statistics abc
4.Syntax
sampler sampler-name mode { fixed | random } packet-interval rate undo sampler sampler-name
2011-09-27
Huawei Confidential
Page 65 of page141
Version Number
Item
Description
View
System view
Parameters
sampler-name: Specifies the sampler name, a string of up to 32 characters. fixed: Sets the sampling mode to fixed. random: Sets the sampling mode to random. rate: Specifies the sampling rate.
Description
Use the sampler command to create or modify a sampler. Use the undo sampler command to delete a sampler. On a distributed device, this command is effective for all cards.
Examples
# Create a random sampler with the sampling rate of 8.
<Sysname> system-view [Sysname] sampler abc mode random packet-interval 8
5.Syntax
display ipv6 netstream cache [ verbose ]
View
Any view
Parameters
slot slot-id: Displays IPv6 NetStream cache entry of the specified slot.
Description
Use the display ipv6 netstream cache command to view configuration and status information about the IPv6 NetStream cache. On a distributed device, if you provide the slot slot-id argument, the IPv6 NetStream cache information of the board in the slot is displayed; if you do not provide the slot slot-id argument, information of all the IPv6 NetStream caches on the device is displayed.
Examples
# Display information about the IPv6 NetStream cache on a centralized router.
<Sysname> display ipv6 netstream cache IPv6 netstream cache information: Stream active timeout (in minutes) Stream max entry number IP active stream entry number MPLS active stream entry number IPL2 active stream entry number IP stream entries been counted MPLS stream entries been counted IPL2 stream entries been counted : 60 : 1000 : 1 : 2 : 1 : 10 : 20 : 20 Stream inactive timeout (in seconds) : 10
2011-09-27
Huawei Confidential
Page 66 of page141
Version Number
Item
Description
Last statistics reset time : 01/01/2000, 00:01:02
6.Syntax
display ipv6 netstream export
View
Any view
Default Level
1: Monitor level
Parameters
None
Description
Use the display ipv6 netstream export command to view statistics about exported IPv6 NetStream statistics packets.
Examples
# Display statistics about IPv6 NetStream statistics packets.
<Sysname> display ipv6 netstream export IPv6 export information: Stream source interface Stream destination VPN-instance Stream destination IP (UDP) (30000) Version 9 exported stream number AS aggregation export information: Stream source interface Stream destination VPN -instance Stream destination IP (UDP) (30000) Version 9 exported stream number : Ethernet1/0 : VPN1 : 10.10.0.10 : 16 : Ethernet1/0 : VPN1 : 10.10.0.10 : 16
7.Syntax
display ipv6 netstream template
View
Any view
Parameters
slot slot-id: Displays NetStream template information of the specified slot.
Description
Use the display ipv6 netstream template command to view configuration and status information about the NetStream version 9 template. On a distributed device, if you provide the slot slot-id argument, the NetStream template information of the board in the slot is displayed; if you do not provide the slot slot-id argument, only the configuration information of the template is displayed. Page 67 of page141
2011-09-27
Huawei Confidential
Version Number
Item
Description
Examples
# Display information about the NetStream template on a distributed router.
<Sysname> display ipv6 netstream template slot 5 Stream template refresh-rate packet Active stream templates Added stream templates AS outbound template: Template ID Packets Last template export time Field count Field type : 292 : 0 : 01/01/2008, 00:05:17 : 14 Field length (byte) : 30 :2 :2 Stream template refresh-rate time (in minutes) : 20
-------------------------------------------------------------------Flows Out packets Out bytes First switched Last switched Source AS Destination AS Input SNMP Output SNMP Direction Sampling algorithm PAD PAD Sampling interval AS inbound template: Template ID Packets Last template export time Field count Field type : 292 : 3 : 01/01/2008, 00:01:02 : 14 Field length (byte) 4 8 8 4 4 2 2 2 2 1 1 1 1 4
-------------------------------------------------------------------Flows In packets In bytes First switched Last switched Source AS Destination AS Input SNMP 4 8 8 4 4 2 2 2
2011-09-27
Huawei Confidential
Page 68 of page141
Version Number
Item
Description
Output SNMP Direction Sampling algorithm PAD PAD Sampling interval 2 1 1 1 1 4
8.Syntax
enable undo enable
View
NetStream aggregation view
Parameters
None
Description
Use the enable command to enable current aggregation mode. Use the undo enable command to disable current aggregation mode. By default, no aggregation mode is enabled. Related commands: ipv6 netstream aggregation.
Examples
# Enable NetStream AS aggregation.
<Sysname> system-view [Sysname] ipv6 netstream aggregation as [Sysname-aggregation-as] enable
9.Syntax
ipv6 netstream [ inbound | outbound ] undo ipv6 netstream [ inbound | outbound ]
View
Interface view, system view
Parameters
inbound: Enables IPv6 NetStream statistics in the inbound direction of an interface. outbound: Enables IPv6 NetStream statistics in the outbound direction of an interface.
Description
Use the ipv6 netstream command to enable NetStream statistics globally or on the current interface. Use the undo ipv6 netstream command to disable Netstream statistics globally or on the current interface. By default, IPv6 NetStream statistics is disabled both globally and on the current interface. Page 69 of page141
2011-09-27
Huawei Confidential
Version Number
Item
Description
Examples
# Enable IPv6 NetStream statistics in the inbound direction of interface Ethernet 1/0.
<Sysname> system-view [Sysname] interface ethernet 1/0 [Sysname-Ethernet1/0] ipv6 netstream inbound
10.Syntax
ipv6 netstream aggregation { as | bgp-nexthop | destination-prefix | prefix | protocol-port | source-prefix }
View
System view
Parameters
as: AS aggregation by combination of source AS number, destination AS number, inbound interface index, and outbound interface index. bgp-nexthop: ToS-BGP next hop aggregation by combination of BGP next hop IPv6 address, and outbound interface index. destination-prefix: Destination-prefix aggregation by destination AS number, destination address mask length, destination prefix, and outbound interface index. prefix: Source and destination prefix aggregation by combination of source AS number, destination AS number, source address mask length, destination address mask length, source prefix, destination prefix, inbound interface index, and outbound interface index. protocol-port: Protocol-port aggregation by combination of protocol number, source port, and destination port. source-prefix: Source-prefix aggregation by combination of source AS number, source address mask length, source prefix, and inbound interface index.
Description
Use the ipv6 netstream aggregation command to enter NetStream aggregation view. In NetStream aggregation view, you can enable or disable the aggregation mode, set information about source interface, destination IP address and destination port number for version 8 NetStream statistics packets. Related commands: enable, ipv6 netstream export host, ipv6 netstream export source.
Examples
# Enter NetStream AS aggregation view.
<Sysname> system-view [Sysname] ipv6 netstream aggregation as [Sysname-ns6-aggregation-as]
11.Syntax
ipv6 netstream aggregation advanced undo ipv6 netstream aggregation advanced Page 70 of page141
2011-09-27
Huawei Confidential
Version Number
Item
Description
View
System view
Parameters
None
Description
Use the ipv6 netstream aggregation advanced command to enable hardware NetStream aggregation. Use the undo ipv6 netstream aggregation advanced command to disable hardware NetStream aggregation. By default, IPv6 hardware NetStream stream aggregation is disabled. Note that: If you enable hardware NetStream aggregation, the system performs the aggregation based on whether you have configured the export host, and the aggregation type. After hardware NetStream aggregation is enabled, the aged hardware aggregation entries are recorded in the normal stream entry table and then exported. Related commands: ipv6 netstream export host, ipv6 netstream aggregation
Examples
# Enable IPv6 hardware NetStream aggregation.
<Sysname> system-view [Sysname] ipv6 netstream aggregation advanced
12.Syntax
ipv6 netstream export rate rate undo ipv6 netstream export rate
View
System view
Parameters
rate: Maximum rate for exporting IPv6 NetStream statistics, in the unit of the maximum number of packets per second, in the range 1 to 1000. The value range depends on the device model.
Description
Use the ipv6 netstream export rate command to enable the packet export limitation, and set the maximum rate for exporting NetStream statistics. Use the undo ipv6 netstream export rate command to disable the packet export limitation. By default, the export rate of IPv6 NetStream statistics is not limited. Note that the export rate on each board is different. As the aging timer is different, the configuration may not be very accurate on a multi-CPU device.
Examples
# Allow 10 packets at most to be exported per second. 2011-09-27 Page 71 of page141
Huawei Confidential
Version Number
Item
Description
<Sysname> system-view [Sysname] ipv6 netstream export rate 10
13.Syntax
ipv6 netstream export host ip-address udp-port [ vpn-instance vpn-instance-name ] undo ipv6 netstream export host [ ip-address [ vpn-instance vpn-instance-name ]
View
System view, NetStream aggregation view
Parameters
ip-address: Destination IP address for IPv6 NetStream statistics packets. At present, only IPv4 addresses are supported. udp-port: Destination port number for NetStream statistics packets, in the range 0 to 65535. vpn-instance vpn-instance-name: Name of the VPN in which routes are to be queried.
Description
Use the ipv6 netstream export host command to set the destination IP address and port number for NetStream statistics packets, and specify the name of the VPN in which routes are to be queried. Use the undo ipv6 netstream export host command to restore the default. By default, no destination IP address and port number are configured in system view and the IP address and port number in aggregation view are those configured in system view. Note that: If NetStream aggregation is not enabled, the destination IP address and port number of NetStream statistics packets cannot be displayed. Different destination hosts can be configured in different aggregation views. If no destination host is configured in aggregation view, the configuration in system view is adopted. You can configure up to four different destination hosts, including hosts in different VPNs, in one aggregation view. If you have configured the destination hosts with the same IP addresses but different UDP port numbers, the latest configuration takes effect. If you configure different VPN names, you can configure destination hosts with the same IP address and UDP port number. Statistics packets for a single stream are sent to all destination hosts configured in system view. Aggregation statistics packets are sent to all destination hosts configured in the aggregation view corresponding to the aggregation type. Related commands: ipv6 netstream aggregation, ipv6 netstream export source.
Examples
# Configure the destination IP address and port number for NetStream statistics packet as 1.1.1.1 and 5000 respectively, and query routes in vpn0.
<Sysname> system-view
2011-09-27
Huawei Confidential
Page 72 of page141
Version Number
Item
Description
[Sysname] ipv6 netstream export host 1.1.1.1 5000 vpn-instance vpn0
14.Syntax
ipv6 netstream export source interface interface-type interface-number undo ipv6 netstream export source
View
System view, NetStream aggregation view
Parameters
interface-type interface-number: Specifies a source interface for NetStream statistics packets by its type and number.
Description
Use the ipv6 netstream export source interface command to configure the source interface for NetStream statistics packets. Use the undo ipv6 netstream export source command to remove the configured source interface. By default, the outbound interface is adopted as the source interface. Different source interfaces can be configured in different aggregation views. If no source interface is configured in aggregation view, the source interface configured in system view is used. Related commands: ipv6 netstream aggregation.
Examples
# Configure the source interface for IPv6 NetStream statistics packets as Ethernet 1/0.
<Sysname> system-view [Sysname] ipv6 netstream export source interface ethernet 1/0
15.Syntax
ipv6 netstream export v9-template refresh-rate packet packets undo ipv6 netstream export v9-template refresh-rate packet
View
System view
Parameters
packets: Packet refresh rate of version 9 templates, in the unit of the number of reported packets, namely, the device sends a template every packets packets for template update by XLog. It is in the range 1 to 600 and defaults to 20.
Description
Use the ipv6 netstream export v9-template refresh-rate packet command to configure the packet refresh rate of version 9 templates. Use the undo ipv6 netstream export v9-template refresh-rate packet command to restore the default. By default, a version 9 template is sent every 20 packets. Page 73 of page141
2011-09-27
Huawei Confidential
Version Number
Item
Description
Due to its capacity limitation, XLog does not save all version 9 templates for ever; therefore, version 9 templates must be refreshed periodically. You can configure the packet refresh rate of version 9 templates to refresh them on time. Related commands: ipv6 netstream export v9-template refresh-rate time.
Examples
# Set the packet refresh rate for version 9 NetStream statistics packets to 100.
<Sysname> system-view [Sysname] ipv6 netstream export v9-template refresh-rate packet 100
16.Syntax ipv6 netstream export v9-template refresh-rate time minutes undo ipv6 netstream export v9-template refresh-rate time View System view Parameters minutes: Specifies the interval to send version 9 templates for IPv6 NetStream statistics packets, in minutes, namely, the device sends a template every minutes minutes for template update by XLog. It is in the range 1 to 3600, and defaults to 30. Description Use the ipv6 netstream export v9-template refresh-rate time command to configure the interval to send version 9 templates for NetStream statistics packets. Use the undo ipv6 netstream export version command to restore the default. By default, a version 9 template is sent every 30 minutes. Due to its capacity limitation, XLog does not save all version 9 templates for ever; therefore, version 9 templates must be refreshed periodically. You can configure the interval to send version 9 templates to refresh them on time. The device sends a version 9 template to Xlog as long as either of refresh rate for the time or for the packets of version 9 template is reached. Related commands: ipv6 netstream export v9-template refresh-rate packet. Examples # Set the interval to send version 9 templates to 60 minutes.
<Sysname> system-view [Sysname] ipv6 netstream export v9-template refresh-rate time 60
17.Syntax ipv6 netstream export version 9 [ origin-as | peer-as ] [ bgp-nexthop ] undo ipv6 netstream export version View System view Parameters origin-as: Sets the type of AS number recorded in IPv6 NetStream cache entries to origin. peer-as: Sets the type of AS number recorded in IPv6 NetStream cache 2011-09-27 Huawei Confidential Page 74 of page141
Version Number
Item
Description
entries to peer. bgp-nexthop: BGP next hops recorded in IPv6 NetStream cache. Description Use the ipv6 netstream export version 9 command to configure IPv6 NetStream statistics packets and the type of AS numbers and BPG next hop information to be recorded in IPv6 NetStream version 9 cache entries. Use the undo ipv6 netstream export version command to restore the default. By default, a single IPv6 stream, IPv6 aggregation statistics information, and MPLS stream information with IPv6 options are sent in version 9 statistics packets, the AS option is peer-as and BGP next hop address is not recorded. Note that the AS numbers for the source and destination IPv6 addresses of a stream are recorded in the statistics information. And each IPv6 address corresponds with two AS numbers (origin and peer), the system records the AS numbers according to the AS option configured by users. Examples # Set the NetStream statistics packet version number to 9 and the AS option to origin-as.
<Sysname> system-view [Sysname] ipv6 netstream export version 9 origin-as
18.Syntax ipv6 netstream max-entry { max-entries | aging | disable-caching } undo ipv6 netstream max-entry View System view Parameters max-entries: IPv6 NetStream cache size. On a distributed device, this argument is effective on each board. aging: Forcibly ages out the entries when the number of entries in the cache reaches the upper limit. disable-caching: Disables creation of a new entry when the number of entries in the cache reaches the upper limit. Description Use the ipv6 netstream max-entry command to set the NetStream cache size, meaning maximum number of entries that the NetStream cache can accommodate, and configure whether to age out the entries or disable creation of a new entry when the number of entries in the cache reaches the upper limit. Use the undo ipv6 netstream max-entry command to restore the default. For a multi-CPU device, the command is used to set the cache size of a VCPU. Examples # Set the NetStream cache size to 5000.
<Sysname> system-view [Sysname] ipv6 netstream max-entry 5000
# Disable creation of a new entry when the number of entries in the cache Page 75 of page141
2011-09-27
Huawei Confidential
Version Number
Item
Description
reaches the upper limit.
<Sysname> system-view [Sysname] ipv6 netstream max-entry disable-caching
19.Syntax ipv6 netstream timeout active minutes undo ipv6 netstream timeout active View System view Parameters minutes: Sets the length of the active aging timer for IPv6 NetStream cache entries, in minutes. It is in the range 1 to 60, and defaults to 30. Description Use the ipv6 netstream timeout active command to set the active aging timer for IPv6 NetStream cache entries. Use the undo ipv6 netstream timeout active command to restore the default. The default value is 30 minutes. Related commands: ipv6 netstream timeout inactive. You can configure the active aging timer and inactive aging timer at the same time. When either of them times out, the entry ages out. The time precision is 10 seconds. Examples # Set the active aging timer to 60 minutes.
<Sysname> system-view [Sysname] ipv6 netstream timeout active 60
20.Syntax ipv6 netstream timeout inactive seconds undo ipv6 netstream timeout inactive View System view Parameters seconds: Sets the length of the inactive aging timer for IPv6 NetStream cache entries, in seconds. It is in the range 10 to 600, and defaults to 30. Description Use the ipv6 netstream timeout inactive command to set the inactive aging timer for IPv6 NetStream cache entries. Use the undo ipv6 netstream timeout inactive command to restore the default. The default value is 30 seconds. Related commands: ipv6 netstream timeout active. You can configure the active aging timer and inactive aging timer at the same time. When either of them times out, the entry ages out. The time precision is 10 seconds. Page 76 of page141
2011-09-27
Huawei Confidential
Version Number
Item
Description
Examples # Set the inactive aging timer to 60 seconds.
<Sysname> system-view [Sysname] ipv6 netstream timeout inactive 60
21.Syntax reset ipv6 netstream statistics View User view Parameters None Description Use the reset ipv6 netstream statistics command to age and export all stream statistics to clear the IPv6 NetStream cache. The stream statistics are recounted when they age out. Note that when the system is clearing the NetStream cache, it prompts you that the operation may take several minutes, and the system does not perform NetStream statistics during this process. Examples # Age and export all stream statistics to clear the IPv6 NetStream cache.
<Sysname> reset ipv6 netstream statistics This process may take a few minutes. Netstream statistic function is disabled during this process.
22.Syntax ip netstream filter acl acl-number { inbound | outbound } undo ip netstream filter acl acl-number { inbound | outbound } View Interface view Parameters acl-number: ACL number, in the range 2000 to 3999. inbound: Enables NetStream filtering in the inbound direction. outbound: Enables NetStream filtering in the outbound direction. Description Use the ip netstream filter command to enable NetStream filtering based on specified ACL rules. Use the undo ip netstream filter to disable the function. If both NetStream sampling and filtering are enabled, NetStream filtering is performed first. By default, NetStream filtering is disabled. Examples # Perform NetStream filter in the outbound direction of interface Ethernet 1/0 based on ACL rule 2003.
<Sysname> system-view [Sysname] interface ethernet 1/0
2011-09-27
Huawei Confidential
Page 77 of page141
Version Number
Item
Description
[Sysname-Ethernet1/0] ip netstream filter acl 2003 outbound
23.Syntax ip netstream mpls [ label-positions label-position1 [ label-position2 [ label-position3 ] ] ] [ no-ip-fields ] undo ip netstream mpls View System view Parameters label-positions: Specifies position of the labels to be counted. no-ip-fields: IP options are not counted. label-position1: Position of the first label to be counted, in the range 1 to 6. label-position2: Position of the second label to be counted, in the range 1 to 6. label-position3: Position of the third label to be counted, in the range 1 to 6. Description Use the ip netstream mpls command to count and export MPLS packets. By using the no-ip-fields keyword, you can set whether to carry IP options when exporting MPLS packets. If you do not provide any arguments, the first label is used and IP options are carried in MPLS packets. Use the undo ip netstream mpls command to disable counting and exporting of MPLS packets. By default, counting and exporting of MPLS packets are disabled. Note that this command not only enables IPv4 NetStream MPLS packet statistics, but also enables IPv6 NetStream MPLS packet statistics. Examples # Enable MPLS NetStream statistics, and export MPLS packets using the first label and without IP options.
<Sysname> system-view [Sysname] ip netstream mpls no-ip-fields
24.Syntax ip netstream sampler sampler-name { inbound | outbound } undo ip netstream sampler sampler-name { inbound | outbound } View Interface view, system view Parameters sampler sampler-name: Sampler name, a string of up to 32 characters. inbound: Enables sampling in the inbound direction. outbound: Enables sampling in the outbound direction. Description Use the ip netstream sampler command to enable NetStream sampling. Use the undo ip netstream sampler command to disable NetStream sampling. NetStream sampling is disabled by default. 2011-09-27 Huawei Confidential Page 78 of page141
Version Number
Item
Description
Examples # Enable sampler abc for NetStream sampling in the inbound direction.
<Sysname> system-view [Sysname] interface ethernet 1/0 [Sysname-Ethernet1/0] ip netstream sampler abc inbound
25.Syntax nat dns-map domain domain-name protocol pro-type ip global-ip port global-port undo nat dns-map domain domain-name View System view Default Level 2: System level Parameters domain-name: Domain name of an internal server, which is a string containing no more than 255 case-insensitive characters. A domain name consists of several labels separated by dots (.). Each label has no more than 63 characters that must begin and end with letters or digits; besides, dashes (-) can be included. pro-type: Protocol type used by the internal server. global-ip: Public IP address used by the internal server to provide services to the external network. server-port: Port number used by the internal server to provide services to the external network. Description Use the nat dns-map command to map the domain name to the public network information of an internal server. Use the undo nat dns-map command to remove a DNS mapping. Currently, the device supports up to 16 DNS mappings. Related commands: display nat dns-map. Examples # A company provides WWW service to external users. The domain name of the internal server is www.server.com, and the public IP address is 202.112.0.1. Configure a DNS mapping, so that internal users can access the WWW server using its domain name.
<Sysname> system-view [Sysname] nat dns-map domain 202.112.0.1 port www www.server.com protocol tcp ip
26.Syntax display nat dns-map View Any view Parameters None Page 79 of page141
2011-09-27
Huawei Confidential
Version Number
Item
Description
Description Use the display nat dns-map command to dispaly NAT DNS mapping configuration information. Examples # Display NAT DNS mapping configuration information.
<Sysname> display nat dns-map NAT DNS mapping information: There are currently 2 NAT DNS mapping(s) Domain-name: www.server.com Global-IP Protocol Global-IP Protocol : 202.113.16.117 : 6(TCP) : 202.113.16.100 : 6(TCP) Global-port: 80(www) Domain-name: ftp.server.com Global-port: 21(ftp)
27.Syntax interface net-stream interface-number View System view Default Level 2: System level Parameters interface-number: Specifies a NetStream interface by its number. Description Use the interface net-stream command to enter specified NetStream interface view. Examples # Enter specified NetStream interface view.
<Sysname> system-view [Sysname] interface net-stream 1/0 [Sysname-Net-Stream1/0]
28.Syntax ip netstream aggregation advanced undo ip netstream aggregation advanced View System view Default Level 3: Manage level Parameters None Description Page 80 of page141
2011-09-27
Huawei Confidential
Version Number
Item
Description
Use the ip netstream aggregation advanced command to enable hardware NetStream aggregation. Use the undo ip netstream aggregation advanced command to disable hardware NetStream aggregation. By default, hardware NetStream aggregation is disabled. Note that: If you enable hardware NetStream aggregation, the system performs the aggregation based on whether you have configured the export host, and the aggregation type. After hardware NetStream aggregation is enabled, the aged hardware aggregation entries are recorded in the normal stream entry table and then exported. Related commands: ip netstream export host, ip netstream aggregation Examples # Enable hardware NetStream aggregation.
<Sysname> system-view [Sysname] ip netstream aggregation advanced
29.Syntax nat link-down reset-session enable undo nat link-down reset-session enable View System view Default Level 2: System level Parameters None Description Use the nat link-down reset-session enable command to enable aging out NAT entries upon master link failure. Use the undo nat link-down reset-session enable command to restore the default. By default, this feature is disabled. Examples # Enable aging out NAT entries upon master link failure.
<Sysname> system-view [Sysname] nat link-down reset-session enable
30.Syntax ip netstream export rate limit undo ip netstream export rate View System view Default Level 2011-09-27 Huawei Confidential Page 81 of page141
Version Number
Item
Description
3: Manage level Parameters limit: Maximum rate for exporting NetStream statistics, in the unit of the maximum number of packets per second, in the range 1 to 1000. The value range depends on the device model. Description Use the ip netstream export rate command to enable the packet export limitation, and set the maximum rate for exporting NetStream statistics. Use the undo ip netstream export rate command to disable the packet export limitation. By default, the export rate of NetStream statistics is not limited. Note that the export rate on each board is different. As the aging timer is different, the configuration may not be very accurate on a multi-CPU device. Examples # Allow 10 packets at most to be exported per second.
<Sysname> system-view [Sysname] ip netstream export rate 10
None.
Syntax:
ip netstream binding interface interface-type interface-number undo ip netstream binding interface interface-type interface-number The model :IP Info: Delete these two commads.
VRP520-B 1608
1.Syntax: authentication-mode { none | password | scheme } View: IP terminal access service view Parameter: none: No authentication. password: Password authentication. scheme: AAA scheme authentication. Description: Use the authentication-mode command to set the IP terminal access authentication mode for the service. The default mode is none, that is, no IP terminal access authentication is performed. Note that the setting can be configured when the service is running but takes effect at the next login. Related commands: set authentication password. Example: Page 82 of page141
2011-09-27
Huawei Confidential
Version Number
Item
Description
# Set the IP terminal access password authentication mode for the cunkuan service. <Sysname> system-view [Sysname] ipta service cunkuan [Sysname-ipta-service-cunkuan] authentication-mode password # Set the IP terminal access AAA scheme authentication mode for the cunkuan service. <Sysname> system-view [Sysname] ipta service cunkuan [Sysname-ipta-service-cunkuan] authentication-mode scheme 2.Syntax: bind vpn-instance vpn-name undo bind vpn-instance View: Terminal view Parameter: vpn-name: Name of a VPN instance, a string of 1 to 31 characters. Description: Use the bind vpn-instance command to bind a VPN instance to the terminal. After that, the terminal can access servers in the VPN. Use the undo bind vpn-instance command to remove the binding. No VPN is bound to the terminal by default. Example: # Bind Terminal 1 to VPN 1. <Sysname> system-view [Sysname] ipta terminal 1
[Sysname-terminal-1] bind vpn-instance vpn1
3.Syntax: display ipta { status | statistics } { service [ service-name ] | terminal [ ttyid [ service service-name ] ] } View: Any view Parameter: status: Displays IP terminal access status information. statistics: Displays IP terminal access statistics information. service [ service-name ]: Displays IP terminal access information about the service. The service name is a string of 1 to 15 case-insensitive characters, and can include spaces. terminal [ ttyid [ service service-name ] ]: Displays IP terminal access information about the terminal. ttyid is the number of the terminal, in the range 0 to 255. The keyword and argument combination terminal ttyid service service-name displays IP terminal access information about the specified service on the specified terminal. Description: Use the display ipta command to display IP terminal access information. 2011-09-27 Page 83 of page141
Huawei Confidential
Version Number
Item
Description
Example: # Displays IP terminal access status information about the cunkuan service. <Sysname> display ipta status service cunkuan Service name: cunkuan listen port: 2049 First server IP: 192.168.0.24 Third server IP: 0.0.0.0 Port: 9011 Status: ACTIVE status: INACTIVE Second server IP: 192.168.0.25 Port: 9011 Port: 0 Idle-timeout disconnect: 300 second(s) Idle-timeout lock: 100 second(s) Encrytion algorithm: aes Source ip: 6.6.6.6 Athentication mode: Scheme TTY-ID IP:Port Server IP:Port Status WaitingPwd Normal 41 192.168.0.168:6058 192.168.0.24:9011 43 192.168.0.46:8462 192.168.0.24:9011 4.Syntax: encryption algorithm { aes | quick } undo encryption algorithm View: IP terminal access service view Parameter: aes: AES 128-bit encryption algorithm. quick: Quick encryption algorithm, a proprietary algorithm of Huawei. Description: Use the encryption algorithm command to enable data encryption using the specified encryption algorithm. Use the undo encryption algorithm to restore the default. By default, data encryption is not enabled. Note that the new setting takes effect only for connections established after it is configured. Example: # Specify the AES encryption algorithm for the cunkuan service. <Sysname> system-view [Sysname] ipta service cunkuan [Sysname-ipta-service-cunkuan] encryption algorithm aes 5.Syntax: ip ip-address [ mac mac-address ] undo { ip | mac } View: Terminal view
status: INACTIVE
2011-09-27
Huawei Confidential
Page 84 of page141
Version Number
Item
Description
Parameter: ip-address: IP address of the terminal, in dotted decimal format. mac mac-address: MAC address of the terminal, in the H-H-H format. Description: Use the ip command to specify the terminals IP-to-MAC binding. Use the undo ip command to restore the default. Use the undo mac command to remove the binding. Note that: To modify the IP address of a binding, use the ip ip-address command. To modify the MAC address of a binding, use the ip ip-address mac mac-address command. After a binding is specified for a terminal, the terminal must use the IP and MAC addresses to login successfully. If the access router is not directly connected to terminals, packets from terminals do not carry their own MAC addresses, and therefore, you dont need to bind MAC addresses for them. Example: # Bind IP address 1.1.1.2 to MAC address 00e0-fc04-1234 for Terminal 1. <Sysname> system-view [Sysname] ipta terminal 1 [Sysname-ipta-terminal-1] ip 1.1.1.2 mac 00e0-fc04-1234 6.Syntax: ipta bind { mac-address interface interface-type interface-number | string string } undo ipta bind View: System view Parameter: mac-address interface interface-type interface-number: Specifies the interfaces MAC address to be used for authentication. string string: Specifies a string of 1 to 30 characters to be used for authentication. Description: Use the ipta bind command to specify the MAC address or string for authentication with the server. Use the undo ipta bind command to remove the configuration. By default, no authentication is performed between the access router and server. During authentication, the router sends the specified MAC address or string to the server, which compares it with that locally configured. If they match, the router passes the authentication. If not, the server disconnect from the router. Example: # Specify the MAC address of Ethernet 0/0 for authentication. <Sysname> system-view
2011-09-27
Huawei Confidential
Page 85 of page141
Version Number
Item
Description
[Sysname] ipta bind mac-address interface ethernet 0/0 # Specify the string abc for authentication. <Sysname> system-view [Sysname] ipta bind string abc 7. Syntax: ipta bind vpn-instance vpn-name terminal ttyid-list undo ipta bind vpn-instance terminal ttyid-list View: System view Parameters: vpn-name: Name of a VPN instance, a string of 1 to 31 characters. ttyid-list: List of terminals. You can specify up to 10 terminal lists. A ttyid is a terminal number in the range 0 to 255. Description: Use the ipta bind vpn-instance command to bind the specified terminals to the specified VPN. After that, the specified terminals can access servers in the VPN. Use the undo ipta bind vpn-instance command to remove the binding. By default, no terminal-VPN binding is configured. Examples: # Bind terminals 1 through 20, 25, and 30 through 50 to VPN 1 <Sysname> system-view [Sysname] ipta bind vpn-instance vpn1 terminal 1 to 20 25 30 to 50 8. Syntax: ipta disconnect { all | service service-name | terminal ttyid [ service service-name ] } View: System view Parameters: all: Disconnects all IP terminal access TCP connections. service service-name: Disconnects the IP terminal access TCP connections of the specified service. The service name is a string of 1 to 15 case-insensitive characters and can include spaces. terminal ttyid [ service service-name ]: Disconnects the IP terminal access TCP connections of the specified terminal. A ttyid is a terminal number in the range 0 to 255. The keyword and argument combination terminal ttyid service service-name disconnects the IP terminal access TCP connections of the specified service on the specified terminal. Description: Use the ipta disconnect command to manually disconnect IP terminal access TCP connections between terminals, the access router and the server. Examples: Page 86 of page141
2011-09-27
Huawei Confidential
Version Number
Item
Description
# Disconnect all IP terminal access TCP connections. <Sysname> system-view [Sysname] ipta disconnect all # Disconnect the IP terminal access TCP connections of the cunkuan service.. <Sysname> system-view [Sysname] ipta disconnect service cunkuan # Disconnect the IP terminal access TCP connections of Terminal 10. <Sysname> system-view [Sysname] ipta disconnect terminal 10 # Disconnect the IP terminal access TCP connections of the cunkuan service of Terminal 10. <Sysname> system-view [Sysname] ipta disconnect terminal 10 service cunkuan 9. Syntax: ipta lock-key ascii-code&<1-3> undo ipta lock-key View: System view Parameters: ascii-code&<1-3>: ASCII value of the terminal lock hotkey, in the range 0 to 255. You can specify up to three terminal lock hotkeys. Description: Use the ipta lock-key command to specify IP terminal lock hotkey(s). Use the undo ipta lock-key command to remove IP terminal lock hotkey(s) No IP terminal lock hotkey is specified by default. Note that: The specified IP terminal lock hotkeys cannot be identical to other hotkeys on the access router and the server to avoid conflicts. For example, hotkeys 17 and 19 are flow control hotkeys of Linux. The specified IP terminal lock hotkeys are not effective for terminals using the service that has the none authentication mode specified,. Related commands: authentication-mode. Examples: # Configure lock hotkey 27 for all terminals. <Sysname> system-view [Sysname] ipta lock-key 27 10. Syntax: ipta server enable undo ipta server enable View:System view Parameters:
2011-09-27
Huawei Confidential
Page 87 of page141
Version Number
Item
Description
None Description: Use the ipta server enable command to enable IP terminal access. Use the undo ipta server enable command to disable IP terminal access. IP terminal access is disabled by default. Examples: # Enable IP terminal access. <Sysname> system-view [Sysname] ipta server enable 11. Syntax: ipta service service-name undo ipta service service-name View:System view Parameters: service-name : Service name, which is a string of 1 to 15 case-insensitive characters can include spaces. Description: Use the ipta service command to create a IP terminal access service and enter its view, or to enter IP terminal access service view if the service has been created. Use the undo ipta service command to remove the specified service and its configurations. Examples: # Create the service named cunkuan. <Sysname> system-view [Sysname] ipta service cunkuan [Sysname-ipta-service-cunkuan] 12. Syntax: ipta terminal ttyid undo ipta terminal { ttyid | all } View:System view Parameters: ttyid: Terminal number, in the range 0 to 255. all: All terminals. Description: Use the ipta terminal command to create an IP terminal and enter its view, or enter its view if the terminal has been created. Use the undo ipta terminal command to remove a terminal and its configuration, or all terminals and their configurations. Examples: # Create Terminal 1. <Sysname> system-view
2011-09-27
Huawei Confidential
Page 88 of page141
Version Number
Item
Description
[Sysname] ipta terminal 1 [Sysname-ipta-terminal-1] 13. Syntax: listen port port-number undo listen port View:IP terminal access service view Parameters: port-number: Listen port number, in the range 1024 to 50000. Description: Use the listen port command to specify the listen port of the IP terminal access service. The specified port is used by the service to receive connection requests from terminals. Use the undo listen port command to remove the listen port of the service. No listen port is specified for an IP terminal access service. Note that the setting is effective for connections established after it is configured. Examples: # Configure listen port 3000 for the cunkuan service. <Sysname> system-view [Sysname] ipta service cunkuan [Sysname-ipta-service-cunkuan]listen port 3000 14. Syntax: reset ipta statistics { service [ service-name ] | terminal ttyid [ service service-name ] } View:User view Parameters: service [ service-name ]: Clears the IP terminal access statistics of the specified service. The service name is a string of 1 to 15 case-insensitive characters and can include spaces. ttyid: Terminal number, in the range 0 to 255. terminal ttyid [ service service-name ]: Clears the IP terminal access statistics of the specified terminal. A ttyid is a terminal number in the range 0 to 255. The keyword and argument combination terminal ttyid service service-name clears the IP terminal access statistics of the specified service on the specified terminal. Description: Use the reset ipta statistics command to clear IP terminal access statistics. Examples: # Clear the IP terminal access statistics of Terminal 1. <Sysname> reset ipta statistics terminal 1 # Clear the IP terminal access statistics of service cunkuan. <Sysname> reset ipta statistics service cunkuan 15. Syntax:
2011-09-27
Huawei Confidential
Page 89 of page141
Version Number
Item
Description
server ip ip-address port port-number [ priority priority-level ] undo server priority priority-level View:IP terminal access service view Parameters: ip ip-address: IP address of the server, in dotted decimal notation. port port-number: Port number of the server, in the range 1024 to 50000. priority priority-level: Priority of the server, in the range 0 to 2. A smaller value represents a higher priority. Description: Use the server ip command to specify the IP address, port number and priority of the server providing the service. Use the undo server ip command to remove the configuration of the server with the specified priority. Note that a server can have only one priority configured. Examples # Configure the server with the highest priority for the cunkuan service <Sysname> system-view [Sysname] ipta service cunkuan [Sysname-ipta-service-cunkuan] server ip 1.1.1.2 port 6000 priority 0 16. Syntax: set authentication password { cipher | simple } password undo set authentication password View:IP terminal access service view Parameters: cipher: Configures the password to be displayed in cipher text. simple: Configures the password to be displayed in plain text. password: A case-sensitive character string. If the simple keyword is specified, the password is a string of 1 to 16 characters in plain text. If the cipher keyword is specified, the password can be a string of 1 to 16 characters in plain text or a string of 24 characters in cipher text. For example, the plain text password 1234567 corresponds to the cipher text password_(TT8F]Y\5SQ=^Q`MAF4<1!!. Description: Use the set authentication password command to set the authentication password for terminals to log into the service. Use the undo set authentication password command to remove the setting. By default, no authentication password is configured. Note that you can configure the password no matter when the service is running or not. Related commands: authentication-mode. Examples: # Configure 123 as the password for terminals to log into the cunkuan
2011-09-27
Huawei Confidential
Page 90 of page141
Version Number
Item
Description
service, and specify the password to be displayed in plain text. <Sysname> system-view [Sysname] ipta service cunkuan [Sysname-ipta-service-cunkuan] set authentication password simple 123 17. Syntax source ip ip-address undo source ip View:IP terminal access service view Parameters: ip-address: Source IP address bound to the service, in dotted decimal notation. Description: Use the source ip command to bind the source IP address to the service. Use the undo source ip command to restore the default. By default, no source IP address is bound to the service. The IP address of the outbound interface is used as the source IP address of TCP connections. You are recommended to specify the IP address of a loopback or dialer interface as the source IP address of TCP connections, and you need to configure a route to the IP address on the server (FEP). Examples: # Bind a source IP address to the cunkuan service. <Sysname> system-view [Sysname] interface loopback 1 [Sysname-LoopBack1] ip address 1.1.1.2 32 [Sysname-LoopBack1] quit [Sysname] ipta service cunkuan [Sysname-ipta-service-cunkuan] source ip 1.1.1.2 18. Syntax: tcp keepalive time counter undo tcp keepalive View:IP terminal access service view Parameters: time: Interval for sending TCP keepalives, in the range 10 to 7200 seconds. counter: Times for sending TCP keepalives, in the range 1 to 100. Description: Use the tcp keepalive command to configure parameters for sending TCP keepalives. Use the undo tcp keepalive command to restore the default. By default, the interval for sending keepalives is 300 seconds, and the number of keepalive sending times is 3. Keepalives are used to detect the links between the terminal, access router and FEP. Page 91 of page141
2011-09-27
Huawei Confidential
Version Number
Item
Description
Keepalive time = Interval for sending keepalives Times for sending keepalives Note that the keepalive parameters take effect for connections established after they are configured. Examples: # Configure the keepalive sending interval as 1800 seconds, and the keepalive sending times as 2. <Sysname> system-view [Sysname] ipta service cunkuan [Sysname-ipta-service-cunkuan] tcp keepalive 1800 2 19. Syntax tcp recvbuf-size recvsize undo tcp recvbuf-size View:IP terminal access service view Parameters: recvsize: Size of the TCP receive buffer, in the range of 512 to 16384 bytes. Description: Use the tcp recvbuf-size command to configure the size of the TCP receive buffer. Use the undo tcp recvbuf-size command to restore the default. By default, the TCP receive buffer size is 2048 bytes. Examples: # Configure the size of the TCP receive buffer size to 512 bytes. <Sysname> system-view [Sysname] ipta service cunkuan [Sysname-ipta-service-cunkuan] tcp recvbuf-size 512 20. Syntax tcp sendbuf-size sendsize undo tcp sendbuf-size View:IP terminal access service view Parameters: sendsize: Size of the TCP send buffer, in the range of 512 to 16384 bytes. Description: Use the tcp sendbuf-size command to configure the size of the TCP send buffer. Use the undo tcp sendbuf-size command to restore the default. By default, the TCP send buffer size is 2048 bytes. Examples: # Configure the size of the TCP send buffer size as 512 bytes. <Sysname> system-view [Sysname] ipta service cunkuan
2011-09-27
Huawei Confidential
Page 92 of page141
Version Number
Item
Description
[Sysname-ipta-service-cunkuan] tcp sendbuf-size 512 21. Syntax: telnet negotiation enable undo telnet negotiation enable View:Terminal view Parameters: None Description: Use the telnet negotiation enable command to enable telnet parameters negotiation function with the terminal. Use the undo telnet negotiation enable command to restore the default. By default, the telnet parameters negotiation function with the terminal is disabled. Examples: # Enable telnet parameters negotiation with terminal 1. <Sysname> system-view [Sysname] ipta terminal 1 [Sysname-ipta-terminal-1] telnet negotiation enable 22. Syntax terminal ttyid [ to ttyid ] undo terminal { ttyid [ to ttyid ] | all } View:Service view Parameters: ttyid [ to ttyid ]: A ttyid refers to a terminal number, in the range of 0 to 255. ttyid to ttyid specifies a range of terminal numbers. all: Specifies all terminals. Description: Use the terminal command to enable the terminal(s) to use the service. Use the undo terminal command to disable the specified terminal(s) from using the service. Examples: # Enable terminal 1 to use the cunkuan service. <Sysname> system-view [Sysname] ipta service cunkuan [Sysname-ipta-service-cunkuan] terminal 1 23. Syntax timer idle-timeout seconds { disconnect | lock } undo timer idle-timeout { disconnect | lock } View:IP terminal access service view Parameters: seconds: Timeout time, in the range of 0 to 7200 seconds. If the value is set to Page 93 of page141
2011-09-27
Huawei Confidential
Version Number
Item
Description
0, the corresponding link lock or link disconnection function is disabled. disconnect: Sets the link disconnection timer. lock: Sets the link lock timer. Description: Use the timer idle-timeout command to set the link disconnection timer or link lock timer. Use the undo timer idle-timeout command to restore the default. By default, the link disconnection timer and link lock timer are both 600 seconds. If the link lock timer expires and the authentication mode on the router is set to scheme or password, a new authentication interface will replace the service interface on the corresponding terminal; if the link lock timer expires and the authentication mode on the router is set to none, the service interface on the terminal will not be changed. If the link disconnection timer expires, the corresponding link is disconnected. The link lock and link disconnection timers can be set separately, and they do not affect each other. The value of the link lock timer should be smaller than the link disconnection timer; otherwise, a link may be disconnected even if the link lock timer does not expire. Examples: # Set the link lock timer of the cunkuan service to 60 seconds. <Sysname> system-view [Sysname] ipta service cunkuan [Sysname-ipta-service-cunkuan] timer idle-timeout 60 lock 24. Syntax transform enter { cr | crlf } undo transform enter View:Terminal view Parameters: cr: Takes both CR (carriage return ASCII code 0d) and CRLF (new-line ASCII code 0d0a or 0d00) as CR (0d). crlf: Takes both CR and CRLF as CRLF (0d0a). Description: Use the transform enter command to configure the processing approach for CR and CRLF. Use the undo transform enter command to restore the default. By default, the system does not transform CR and CRLF. To enable different terminals to recognize the carriage return and new-line characters of the FEP, the device needs to transform them into a common form. This function only applies to data packets from the FEP. Examples: # Transform both CR and CRLF to CR. Page 94 of page141
2011-09-27
Huawei Confidential
Version Number
Item
Description
<Sysname> system-view [Sysname] ipta terminal 1 [Sysname-ipta-terminal-1] transform enter cr # Transform both CR and CRLF to CRLF. <Sysname> system-view [Sysname] ipta terminal 1 [Sysname-ipta-terminal-1] transform enter crlf 25.Syntax: privacy { asserted | preferred } undo privacy View: SIP client view Parameter: asserted: Adds the P-Asserted-Identity header field. When the P-Asserted-Identity header field is added, the Privacy header field will be added. The Privacy header field contains the caller identity presentation and screening information, while the P-Asserted-Identity header field contains the caller identity. preferred: Adds the P-Preferred-Identity header field. When the P-Preferred-Identity header field is added, the Privacy header field will be added. The Privacy header field contains the caller identity presentation and screening information, while the P-Preferred-Identity header field contains the caller identity. Description: Use the privacy command to add the P-Preferred-Identity or P-Asserted-Identity header field. Use the undo privacy command to remove the configuration. By default, neither the P-Preferred-Identity header field nor the P-Asserted-Identity header field is added. Example: # Add the P-Asserted-Identity header field. <Sysname> system-view [Sysname] voice-setup [Sysname-voice] sip [Sysname-voice-sip] privacy asserted 26.Syntax: remote-party-id undo remote-party-id View: SIP client view Parameter: None. Description: Use the remote-party-id command to add the Remote-Party-ID header field. Use the remote-party-id command to remove the configuration.
2011-09-27
Huawei Confidential
Page 95 of page141
Version Number
Item
Description
By default, the Remote-Party-ID is not added. Example: # Add the Remote-Party-ID header field. <Sysname> system-view [Sysname] voice-setup [Sysname-voice] sip [Sysname-voice-sip] remote-party-id 27.Syntax: ssm-mapping group-address { mask | mask-length } source-address undo ssm-mapping { group-address { mask | mask-length } source-address | all } View: Public instance IGMP view, VPN instance IGMP view Parameter: group-address: Specifies a multicast group by its IP address, in the range of 224.0.0.0 to 239.255.255.255. mask: Subnet mask of the multicast group address. mask-length: Subnet mask length of the multicast group address, in the range of 4 to 32. source-address: Specifies a multicast source by its IP address. all: Removes all IGMP SSM mappings. Description: Use the ssm-mapping command to configure an IGMP SSM mapping. Use the undo ssm-mapping command to remove one or all IGMP SSM mappings. By default, no IGMP SSM mappings are configured. Related commands: igmp ssm-mapping enable, display igmp ssm-mapping. Example: # Configure an IGMP SSM mapping in the public instance for multicast group 225.1.1.1/24 and multicast source 125.1.1.1. <Sysname> system-view [Sysname] igmp [Sysname-igmp] ssm-mapping 225.1.1.1 24 125.1.1.1 28.Syntax: igmp ssm-mapping enable undo igmp ssm-mapping enable View: Interface view/Default Level Parameters: None. Description: Use the igmp ssm-mapping enable command to enable the IGMP SSM mapping feature on the current interface. Page 96 of page141
2011-09-27
Huawei Confidential
Version Number
Item
Description
Use the undo igmp ssm-mapping enable command to disable the IGMP SSM mapping feature on the current interface. By default, the IGMP SSM mapping feature is disabled on all interfaces. Examples: # Enable the IGMP SSM mapping feature on Ethernet 1/0. <Sysname> system-view [Sysname] interface ethernet 1/0 [Sysname-Ethernet1/0] igmp ssm-mapping enable 29. Syntax: display igmp [ vpn-instance vpn-instance-name | all-instance ] ssm-mapping group-address
Description:
Use the display igmp ssm-mapping command to view the configured IGMP SSM mappings for the specified multicast group. Related commands: ssm-mapping.
Examples:
# View the IGMP SSM mappings for multicast group 232.1.1.1 in the public instance. <Sysname> display igmp ssm-mapping 232.1.1.1 VPN-Instance: public net Group: 232.1.1.1 Source list: 1.2.3.4 5.5.5.5 10.1.1.1 100.1.1.10 30. Syntax display igmp [ vpn-instance vpn-instance-name | all-instance ] ssm-mapping group [ group-address | interface interface-type interface-number ] [ verbose ]
Version Number
Item
Description
group-address: Specifies a multicast group by its IP address, in the range of 224.0.1.0 to 239.255.255.255. interface-type interface-number: Specifies an interface by its type and number. verbose: Displays the detailed multicast group information created based on the configured IGMP SSM mappings.
Description:
Use the display igmp ssm-mapping group command to view the multicast group information created based on the configured IGMP SSM mappings. Note that: If you do not specify a multicast group, this command will display the information of all multicast groups created based on the configured IGMP SSM mappings. If you do not specify an interface, this command will display the multicast group information created based on the configured IGMP SSM mappings on all the interfaces.
Examples
# View the detailed information of multicast group 225.1.1.1 created based on the configured IGMP SSM mappings in the public instance. <Sysname> display igmp ssm-mapping group 225.1.1.1 verbose Interface group report information of VPN-Instance: public net Ethernet1/0(10.10.10.10): Total 1 IGMP SSM-mapping Group reported Group: 225.1.1.1 Uptime: 00:00:31 Expires: off Last reporter: 1.1.1.1 Version1-host-present-timer-expiry: off Source list(Total 1 source): Source: 1.1.1.1 Uptime: 00:00:31 Expires: 00:01:39 Last-member-query-counter: 0 Last-member-query-timer-expiry: off Delete d Comm ands Modifi ed Comm ands None.
Original command: mpls te path explicit-path pathname undo mpls te path Modified command: mpls te path { dynamic | explicit-path pathname } preference value Page 98 of page141
2011-09-27
Huawei Confidential
Version Number
Item
Description
undo mpls te path { dynamic | explicit-path pathname } Module of the command: MPLS TE Description:Add dynamic and preference value to uses the path that is dynamically calculated and Specifies the preference of the path. Changes in default values: None.
MIB Updates
Table 12 MIB updates
Version Number VRP520-R22 07P02 Item New Modified MIB File Name None rfc2515-atm. mib rfc2515-atm. mib Module Name None ATM-MIB ATM-MIB Description None Add ATMIMA to the table of atmInterfaceMaxActiveVciBits Add GBIS and ATMIMA to the table of atmInterfaceMaxVccs Modified description of ifSpeed from an estimate of the interface's current bandwidth in bits per second to configured by the bandwidth command, and it's different in various types of interfaces by default. None Add H3C-DAR-MIB None None Add h3cNqaStatisticsReactionTable and h3cNqaReactionTable Add such TRAPs in H3C-NQA-MIB:h3cNqaProbeTimeOver Threshold, h3cNqaJitterRTTOverThreshold, h3cNqaProbeFailure, h3cNqaJitterPacketLoss, h3cNqaJitterSDOverThreshold, h3cNqaJitterDSOverThreshold, h3cNqaICPIFOverThreshold and h3cNqaMOSOverThreshold Add h3cE1T1VITrapTimeSlotEnable
rfc1213.mib
RFC1213-MIB
h3c-nqa.mib
H3C-NQA-MIB
h3c-e1t1vi.mi b
H3C-E1T1VI-MIB
2011-09-27
Huawei Confidential
Page 99 of page141
Quidway AR19_AR29_AR49-VRP520-R2207L30 Release Notes Version Number Item MIB File Name Module Name Description Add h3ce1FcmChannelIndex h3ce1TimeSlotSetTable and
H3C-E1-MIB
HUAWEI-LswMS TP-MIB
Modified the description of hwdot1sMstAdminFormatSelector. Changed the value range from [0..255] to 0 Modified the description of hwDHCPSGlobalPoolLeaseUnlimited . Added the value cant be set to 0 Modified the of PDS bgpeerAdminStatus, bgpPeerHoldTimeConfigured, bgpPeerKeepAliveConfigured, bgpPeerMinASOriginationInterval and bgpPeerMinRouteAdvertisementInt erval Modified the PDS of h3cPosaTerminalTable and h3cPosaAppTable None Added h3cRadiusAuthErrThredshold in H3C-RADIUS-MIB Added H3C-PPPOE-SERVER-MIB Added h3cDHCPServerAvgIpUseThreshold, h3cDHCPServerMaxIpUseThreshold, h3cDHCPServerAllocateThreshold in h3cDHCPServerObjects in H3C-DHCP-SERVER-MIB Added h3cIpAddrNotifyScalarObjects H3C-IP-ADDRESS-MIB Added H3C-3GMODEM-MIB Added h3cLapdStatusTrapEnable and h3cLapdIsdnStatusChange in H3C-ISDN-MIB Added DIAL-CONTROL-MIB Added H3C-VOICE-CALL-ACTIVE-MIB Page 100 of page141 in
huawei-dhcps .mib
HUAWEI-DHCPS -MIB
rfc1657-bgp4. mib
BGP4-MIB
h3c-posa.mib Deleted VRP520-E21 03 New None h3c-radius.mi b h3c-pppoe-se rver.mib h3c-dhcp-ser ver.mib
2011-09-27
Huawei Confidential
Quidway AR19_AR29_AR49-VRP520-R2207L30 Release Notes Version Number Item MIB File Name h3c-voice-dial -control.mib rfc1213.mib lldp.mib lldp-ext-dot1. mib lldp-ext-dot3. mib Modified h3c-isdn.mib h3c-flash-man .mib rfc2465-ipv6. mib h3c-splat-inf. mib rfc4444-isis.mi b ieee8023-lag. mib h3c-cbqos2.m ib Deleted VRP520-E19 08 New Modified Deleted VRP520-B16 08 New None rfc2662-adsl-li ne.mib None None h3c-e1t1vi.mi b huawei-dhcps .mib Modified rfc2819 MIB.mib Module Name H3C-VOICE-DI AL-CONTROLMIB RFC1213-MIB LLDP-MIB LLDP-EXT-DOT1MIB LLDP-EXT-DOT3MIB H3C-ISDN-MIB H3C-FLASH-MA N-MIB IPV6-MIB H3C-LswINF-MI B ISIS-MIB IEEE8023-LAGMIB H3C-CBQOS2MIB None ADSL-LINE-MIB None None H3C-E1T1VI-MIB HUAWEI-DHCP S-MIB RMON-MIB Description Added H3C-VOICE-DIAL-CONTROL-MIB Added RFC1213 IP Group and ICMP Group Added LLDP-MIB Added LLDP-EXT-DOT1-MIB Added LLDP-EXT-DOT3-MIB Modified h3cLapdIsdnProtocol H3C-ISDN-MIB in
Modified description of h3cFlhOperType in h3cFlhOpTable of H3C-FLASH-MAN-MIB Modified route scalar objects and ipv6RouteTable of IPV6-MIB Modified description h3cMaxMacLearnRange H3C-LswINF-MIB of of
Changed describe of isisSysWaitTime of ISIS-MIB to support read operation Modified description of dot3adAggPortActorAdminState of IEEE8023-LAG-MIB Modified description h3cCBQoSMatchRuleType H3C-CBQOS2-MIB None Added ADSL-LINE-MIB None None Added whole h3c-e1t1vi.mib module of to of of
Modify descripsion Not supported. When eventType is none(1) or log(2), the value of eventCommunity will not be saved; when eventType is snmptrap(3) Page 101 of page141
2011-09-27
Huawei Confidential
Quidway AR19_AR29_AR49-VRP520-R2207L30 Release Notes Version Number Item MIB File Name Module Name Description or logandtrap(4), the value of eventCommunity will be saved but can take no effect. ieee8021x.mib h3c-acl.mib IEEE8021-PAE-M IB H3C-ACL-MIB Modify descripsion portbased method. Only valid on
When the value of h3cAclIPAclAdvancedProtocol is ICMP or ICMPV6, h3cAclIPAclAdvancedIcmpType and h3cAclIPAclAdvancedIcmpCode can be set, otherwise it can not. Deleted hwdot1qMacSearchTable None Change the description from not support XRN to not support None.
Configuration Changes
None.
2011-09-27
First found-in VRP520-R2207 Condition: If change the DVPN tunnel-protocol when there is IP traffic going out of the tunnel. Description: The router will reboot possibly.
RTD56062
First found-in VRP520-E2206
Huawei Confidential Page 102 of page141
Condition: Apply two or more IPSec policy groups to a virtual interface on the web interface, like interface tunnel. Description: The IPSec policy groups cannot be modified successfully if the virtual interface is deleted first.
RTD56060
First found in VRP520-E2206 Condition: The router a=silenceSupp:off. received the SIP packet of 200 OK without
Description: The router made mistake when negotiating about the codec, it resulted in that the FAX failed.
RTD56106
First found in VRP520-E2205P02 Condition: The packets were identified by DAR after the packets were transmitted through L2TP tunnel. Description: The DAR function was abnormal and couldnt identify the packets correctly.
RTD55818
First found in VRP520-E2205P02 Condition: The E1POS interface worked with ISDN signal, and established the ISDN connection with ALCATEL PBX. Description: The E1 POS calls failed.
RTD56103
First found in VRP520-E2205P02 Condition: The AR46 or AR28 router worked as RTA relay. Description: The AR router as RTA client couldnt establish connection with RTA relay.
First found in VRP520-E2206 Condition: When using UDP as the SIP transport protocol, If the Packet is huge, the AR cannot re-build the SIP fragment messages. Description: The instant message cannot be relaid.
RTD54836
First found in VRP520-E2206 Condition: When configure the UDP as the SIP transport protocol, If the Packet is larger than MTU-200, the transport protocol will automatically change to TCP, but if the destination does not support TCP, the transport protocol cannot change back to UDP.
Page 103 of page141
2011-09-27
Huawei Confidential
First found-in VRP520-E2103 Condition: Forwarding multicast packets incessantly through many subinterfaces. Description: The router will restart by exception.
RTD53990
First found in VRP520-E2103 Condition: Configure "dialer call-in * callback" in Bri interface. Description: It shows as "dialer call-in * callback 2", with a parameter "2" unwanted, while the function of callback works fine.
RTD53973
First found in VRP520-E2103 Condition: More than one interfaces can be used on router, use sip as the voip call signal and the standard T.38 as the fax protocol, and configure the source-bind command Description: After the call established, when the voice switches to the standard T.38 fax, the source-bind function will be unusable.
RTD53933
First found-in version:VRP520-E2103 Condition: Work with some brand of POS terminal device. Description: The route is not compatible with some brand of POS terminal device.
First found in VRP520-E1804 Condition: After enable CWMP, save the configuration and reboot the router. Description: After reboot, the web login function through http will be disabled and command "ip http enable" must be configured once again to enable it.
2011-09-27
First Found-in Version: VRP520-E1804 Condition: After polarity reversals, the PBX sends the calling number in 180ms.
Page 104 of page141
Huawei Confidential
RTD37590
First Found-in Version: VRP520-E1804 Condition: Apply number gw-access-number. substitution of the voice subscriber line and
First Found-in Version: VRP520-B1707 Condition: When terminal unit sends soft-flowcontrol packets which including 0x11 or 0x13 to the router. Description: The router forwards the packets to front-machine, and the front-machine stop to send packets.
RTD32332
First Found-in Version: VRP520-B1707 Condition: When DSLW create connections through sub Ethernet interface or vlan-interface which work on bridge-forwarding mode. Description: The DLSW connections can't be created successfully.
ZDD01828
First Found-in Version: VRP520-B1707 Condition: ARP detection tries to work with DHCP relay function. Description: The relay function failed.
First Found-in Version: VRP520-B1707 Condition: If the result of command 'display aspf session' is more than one screen. Description: It can't split the display.
First Found-in Version: VRP520-B1606 Condition: Running shutdown on BRI interface or physical interface of PRI, then configuring ISDN Leased Line on it.
Page 105 of page141
2011-09-27
Huawei Confidential
Description: PPP will send negotiated packets from this interface anyway.
RTD21683
First Found-in Version: VRP520-B1606 Condition: Configuring one Ethernet interface as PPPoE Client by pppoe-client dial-bundle-number 101 idle-timeout 1, despite there are packets received during 1 second. Description: the connection will always break down when 1 second is time out.
HSD33072
First Found-in Version: VRP520-B1608 Condition: Reboot router when implemented the Interface-backup feature. Description: The backup interface will flap (up/down) one time.
LSD26984
First Found-in Version: VRP520-B1608 Condition: If the connect with the TACACS is lost. Description: The fallback authentication will not happen.
RTD27056
First Found-in Version: VRP520-B1608 Condition: Implemented MPLS TE tunnel and keep the reservable-bandwidth equal to tunnel BC0. Description: The tunnel can't up.
First Found-in Version: VRP520-B1606 Condition: Get voice and fax default value by display voice default all. Description: It doesnt contain default value of transparent transmission on modem.
First Found-in Version: VRP520-B1606 Condition: Input shutdown on one Encrypt interface. Description: RM will print some redundant information.
RTD21642
First Found-in Version: VRP520-B1606
2011-09-27
Huawei Confidential
Condition: Enable IPV6 and configure IPV6 address on one interface, then get the statistic of interfaces packets after it received some IPV6 packets by display ipv6 interface XXX verbose. After that, reset ipv6 statistic and display ipv6 interface XXX verbose again. Description: The statistic doesnt clean.
RTD20985
First Found-in Version: VRP520-B1606 Condition: Create PVC on the ATM interface and configure map bridge-group broadcast on it, then configure atm-class and apply class on the interface. Description: System will print error info that PVC on the ATM interface has been deleted.
RTD21516
First Found-in Version: VRP520-B1606 Condition: Configuring more than 4251 mboundarys on routers interface, then reset some of them with high speed packets received by the interface. Description: The reset operation will fail.
RTD21151
First Found-in Version: VRP520-B1606 Condition: When dhcp-snooping is enable, print dhcp-snooping to get the prompt info, then run undo dhcp-snooping and dhcp-snooping again, to get the debug info. Description: The syntax of prompt info and debug info are not identical.
RTD21384
First Found-in Version: VRP520-B1606 Condition: Configuring router as SFTP server, setting its idle time by sftp server idle-timeout several. Description: When the client accesses the server with not idlesse, the server will always disconnect it.
RTD21352
2011-09-27
First Found-in Version: VRP520-B1606 Condition: Enable flow control on GEC interface and get the info by display interface. Description: The flow control is not shown in the result.
RTD21406
First Found-in Version: VRP520-B1606 Condition: Get voice and fax default value by display voice default all. Description: It doesnt contain default value of transparent transmission on modem.
RTD21577
First Found-in Version: VRP520-B1606
Huawei Confidential Page 107 of page141
Condition: During the boot if the interface 0/0 is up. Description: The default IP address by product will lose.
First Found-in Version: VRP520-B1605 Condition: AR19-1X work in high temperature. Description: The system will breakdown randomly.
First Found-in Version: VRP520-B1605P01 Condition: The calling number less than 6, and the Q931 section of SETUP message from calling device does not include CALLED PARTY NUMBER and CALLing PARTY NUMBER. Description: The calling will fail.
Related Documentation
New Feature Documentation
None.
Documentation Set
Table 13 Documentation set Manual
AR 19_29_49_19-0X_19-1X Command References AR 19_29_49_19-0X_19-1X Configuration Guide AR 19_29_49_19-1X Interface Card and Interface Module Manual Quidway AR 19_29_49_19-0X_1X Series Routers Web-Based Configuration Manual Quidway AR 19-0X_1X Installation Manual Quidway AR 19 Series Routers Installation Manual Quidway AR 29 Series Routers Installation Manual Quidway AR 49 Series Routers Installation Manual
Version
V1.08 V1.08 V1.07 V1.04 V2.01 V1.03 V1.03 V1.04
Document number
SE0000284256 SE0000284629 SE0000284231 SE0000327248 SE0000317336 SE0000282235 SE0000282236 SE0000282237
2011-09-27
Huawei Confidential
*Document number refers to the number of a document on http://support.huawei.com. You can enter the number in the Search box on the upper right of the website.
Software Upgrading
CAUTION: Upgrade software only when necessary and under the guidance of a technical support engineer.
Introduction
Files
BootWare program file
The file is stored in the flash memory to boot an application. A complete BootWare file includes two segments: basic and extended. The basic section is used for the basic initialization of the system. The extended section provides abundant human-computer interaction (HCI) functions and is used to initialize interfaces and update the applications and the boot system. After the basic section is loaded, you can load and update the extended section through the menu of the basic section.
Application files
The router is available with Dual Image function. By default, the system defines and attempts to boot in order with three boot files: main, backup, and secure, provided they are available with CF card. If the router fails to boot with the secure boot file, it prompts the boot failure. For more information about the boot files, refer to Maintaining Application and Configuration Files on page 132.
2011-09-27 Huawei Confidential Page 109 of page141
The following table gives default names and types of boot files. Table 15 Default names and types of the boot files Boot file
Main boot file Backup boot file Secure boot file
File name
main.bin backup.bin secure.bin
File type
M B S
NOTE: The application programs for system boot can be type M, B and S, but not type N. You can store them in Flash memory, but only one for each. For example, if an M+B file exists, it is impossible to have another M or B file. If you change the file type of another file to B, the M+B file becomes a type M file. You can modify the name of an application file in storage after the application file is loaded. You cannot modify the file type of a type S application file, but you can modify the file type of type M/B and N application files in the BootWare menu or using commands after the application program boots. Secure boot file is the last resort for system boot. You can download it in the BootWare menu and must name it secure.bin. However, you cannot modify this file or change the type of another file to S. If you change the name of the secure boot file with the rename command after the system boots, the file is removed from CF card. To use the secure boot file after that, you need to download it again. You can store type M, B, S files in storage media, but only one for each type in each storage medium. For example, if a type M+B file exists in the Flash memory, there will be no type M or B file. If you change the type of a file to B, the M+B file will become a type M file.
Configuration file
The file stores configuration information of the router. By default, the system defines three configuration files for booting: main, backup, and default file. If the three configuration files are loaded in a storage medium, the system selects them in sequence until the router is successfully loaded. To change the sequence of these configuration files or modify them, refer to Maintaining Application and Configuration Files on page 132. The details about the three configuration files and file selection sequence are as follows: Main configuration file: The configuration file used for booting by default. The file type is M. Backup configuration file: The file type is B. The system uses the backup configuration file when it fails to boot using the main configuration file. Default configuration file: The file type can be M, B, or N. The system uses the default configuration file when it fails to boot using the backup configuration file. If the system fails to boot using the default configuration file, it boots with null configuration. The name of the default configuration file varies with router brands. The main and backup configuration operations on the default configuration file are the same as those on common configuration files.
2011-09-27 Huawei Confidential Page 110 of page141
NOTE: The configuration files for system boot can be type M, B and default configuration file of type N, but not non-default configuration file of type N (i.e. neither M nor B). You can modify the file name of a configuration file in a storage medium using the command after the configuration file is loaded. You cannot modify the type of the default configuration file, but you can modify the file type of type M/B and N configuration files in the BootWare menu or using commands after the configuration file is loaded. CAUTION: The file name cannot be longer than 64 characters (including drive letter and a string terminator. If the drive letter is CFA0: /, the file name can be at most [ 64-1-6 ] = 57 characters in length; or, errors will occur in file operation. Typically, the file name is recommended to be not more than 16 characters. The extension ASCII characters (ASCII>=128) and invisible characters (ASCII<33) cannot be included in the file name. The following characters cannot be included in the file name: , , ?, \, space, *, |, <, /, :, >, ~. The character . can be included in the file name, but cannot be the first or last character of the file name. Two consecutive .s are not allowed.
2011-09-27
Huawei Confidential
Figure 1 Upgrade flowchart for BootWare and Comware under Comware V5 environment
Start
Comware version
Upgrade Comware ?
Y
TFTP upgrade
FTP upgrade
Upgrade
End
2011-09-27
Huawei Confidential
Configure the IP addresses of both sides on the same network. For example, the IP address of the TFTP server is set to 192.168.0.1, and that of the Ethernet interface connected to it (GigabitEthernet 0/0 in this example) is set to 192.168.0.2. Use the ping command to check whether the connection successful.
Use the following command to upload the startup.cfg file to the TFTP server and save it as config.bak:
<SYSTEM>tftp 192.168.1.1 put startup.cfg config.bak File will be transferred in binary mode Sending file to remote tftp server. Please wait... \ TFTP: 1045 bytes sent in 0 second(s).
Use the following command to download the startup.cfg file from the server to the router:
Page 113 of page141
2011-09-27
Huawei Confidential
If a startup.cfg file already exists in the router, the system prompts you whether to overwrite it. You can type Y or y to overwrite it.
Use the dir command to view the application files and the available space of the CF card (ensure that the CF card has enough space to store a new application):
<SYSTEM>dir Directory of cfa0:/ 0 1 2 4 drw-rw-rw-rw22165484 1181 22165484 Dec 20 2007 09:18:22 Dec 20 2007 09:18:10 Dec 20 2007 09:42:54 Dec 20 2007 09:42:28 logfile update.bin startup.cfg main.bin
252904 KB total (208940 KB free) File system type of cfa0: FAT16 <SYSTEM>
Download the application ar.bin to the CF card of the device through TFTP:
<SYSTEM>tftp 192.168.1.2 get ar.bin
File will be transferred in binary mode Downloading file from remote TFTP server, please wait...\ TFTP: 15054340 bytes received in 34 second(s) File downloaded successfully.
Use the boot-loader command to set the startup file for the next startup to ar.bin:
<SYSTEM>boot-loader file cfa0:/ar.bin main This command will set the boot file. Continue? [Y/N]:y The specified file will be used as the main boot file at the next reboot on slot 0! <SYSTEM>
Use the display boot-loader command to view the startup file information of the device:
<SYSTEM>dis boot-loader
2011-09-27
Huawei Confidential
Make sure that the configured startup file is correct, and then use the reboot command to reboot the device:
<SYSTEM>reboot Start to check wait.........DONE! configuration with next startup configuration file, please
This command will reboot the device. Current configuration may be lost in next startup if you continue. Continue? [Y/N]:y
After the device is rebooted, use the display boot-loader command to view the startup file information of the device to make sure that the current application of the device is ar.bin. CAUTION: When you back up a file, the file will directly overwrite the one with the same name on the server. The above operations are performed in user view. The backup configuration file can be modified by a text editor. You can change the configuration by downloading the modified configuration file and the modification takes effect after you reboot the router. Similarly, you can also upgrade the main application file by downloading a new application file to overwrite the original main application file. The above operations are performed in user view. Before upgrading an application, save the current configuration of the device. When upgrading an application, use the dir command to view the size of the downloaded file and whether the file is the same as that on the server to ensure that the application is complete and correct.
2011-09-27
Huawei Confidential
Console cable
PC TFTP/FTP Client
Configure the IP addresses of both sides on the same network. In this section, the IP address of the FTP client (PC) is set to 192.168.1.1, and that of the connected Ethernet interface on the router (Ethernet 0/0) is set to 192.168.1.2. Use the ping command to check the connectivity. Enable the FTP service. After configuring authentication and authorization, you can enable the FTP service. The FTP server supports multi-user access. Upon receiving the request from a remote FTP client, the FTP server executes an action accordingly and returns the execution result to the client. Use the following command to enable the FTP service:
[SYSTEM]ftp server enable % Start FTP server
Maintain the router. After enabling the FTP service and configuring the username and password, you can enable the FTP client on the PC. In the following example, the FTP client application program is the built-in Windows XP FTP client. Type ftp in the DOS window, and the system prompt is changed to ftp>:
C:\Documents and Settings\Administrator>ftp ftp> ftp> open 192.168.1.2 Connected to 192.168.1.2. 220 FTP service ready. User (192.168.0.2:(none)): guest 331 Password required for guest Password:
2011-09-27
Huawei Confidential
After you correctly enter the username and password, the system prompts login success. You can then maintain the router, for example, modify transmission mode and local path, and back up files. In this example, the main.bin file on the router is copied to the PC.
ftp> binary 200 Type set to I. ftp> lcd c:\temp Local directory now C:\temp. ftp> get main.bin main.bin 200 Port command okay. 150 Opening BINARY mode data connection for main.bin. 226 Transfer complete. ftp: 14323376 bytes received in 16.81Seconds 851.87Kbytes/sec.
Use the following command to recover the backup file to the router:
ftp> put main.bin main.bin 200 Port command okay. 150 Opening BINARY mode data connection for main.bin. 226 Transfer complete. ftp: 14323376 bytes sent in 8.29Seconds 1727.37Kbytes/sec. ftp> quit 221 Server closing.
2011-09-27
Huawei Confidential
The router serves as the client, while the PC running FTP server program serves as the FTP server. Set the FTP server path and add username and password for the router. Configure the IP addresses of both sides on the same network. In this section, the IP address of the FTP server is set to 192.168.1.1, and that of the connected Ethernet interface on the router (Ethernet 0/0 in this example) is set to 192.168.1.2. Use the ping command to check the connectivity. Maintain the router through the terminal connected with the console interface of the router. The following gives an example:
<SYSTEM>ftp 192.168.1.1 Trying 192.168.1.1 ... Press CTRL+K to abort Connected to 192.168.1.1. 220 huawei 3CDaemon FTP Server Version 2.0 User(192.168.1.1:(none)):guest 331 User name ok, need password Password: 230 User logged in
[ftp]
Use the following commands to maintain the router. Here, the get and put commands are used to restore and back up files.
[ftp]get main.bin main.bin flashcfa0:/main.bin has been existing. Overwrite it?[Y/N]:y 200 PORT command successful. 150 File status OK ; about to open data connection 226 Closing data connection; File transfer successful. FTP: 14323376 byte(s) received in 69.256 second(s) 206.00K byte(s)/sec. [ftp]put main.bin main.bin 200 PORT command successful. 150 File status OK ; about to open data connection 226 Closing data connection; File transfer successful. FTP: 14323376 byte(s) sent in 15.974 second(s) 896.00Kbyte(s)/sec. [ftp]quit 221 Service closing control connection
After an application is uploaded to the device, you can use the boot-loader command to upgrade the device. For the upgrade procedure, refer to Upgrading the application on page 114.
BootWare Menu
Main BootWare Menu
When the router is powered on and reboots, the console terminal displays:
2011-09-27 Huawei Confidential Page 118 of page141
Compiled Date CPU Type CPU L1 Cache CPU Clock Speed Memory Type Memory Size Memory Speed BootWare Size Flash Size cfa0 Size CPLD Version PCB Version
: May 27 2008 : MPC8349E : 32KB : 533MHz : DDR SDRAM : 256MB : 264MHz : 4096KB : 4MB : 256MB : 2.0 : 3.0
NOTE: The extended BootWare menu is referred to as main BootWare menu hereinafter in this manual unless otherwise specified. The sample output above may vary on your device. If you press Ctrl+B when the system displays Press Ctrl+B to enter extended boot menu..., the system prompts for the BootWare password:
Please input BootWare password:
After you enter the correct password, the system enters the main BootWare menu. (The initial password is null. You have three chances to provide the correct BootWare password. If you have tried three times but failed, you need to reboot the system).
Note: The current operating device is cfa0 Enter < Storage Device Operation > to select device. ==========================<EXTEND-BOOTWARE MENU>========================== |<1> Boot System |<2> Enter Serial SubMenu | |
2011-09-27
Huawei Confidential
Description
Bootstrap Enter the serial interface submenu. For details about the submenu, refer to Serial interface submenu on page 120. Enter the Ethernet interface submenu. For details about the submenu, refer to Ethernet interface submenu on page 121. File control submenu. For details about the submenu, refer to File control submenu on page 122. Modify the BootWare password. Boot the system with the default setting, instead of the current system configuration file. This function takes effect only for this startup. It is usually used after you lose your password. BootWare operation submenu. For details about the submenu, refer to BootWare operation submenu on page 122. Remove the super password. You need to use the super password when switching the user level. After you select the option, the super password will be cleared only at the first reboot. At the next reboot, the super password will restore. The storage medium operation menu, where you can select a storage medium. Reboot the router.
BootWare Submenus
Serial interface submenu
Through this submenu, you can upgrade an application program, change the baud rate of a serial interface, and perform other operations.
2011-09-27 Huawei Confidential Page 120 of page141
Enter 2 in the main BootWare menu to enter the serial interface submenu:
==========================<Enter Serial SubMenu>========================== |Note:the operating device is cfa0 |<1> Download Application Program To SDRAM And Run |<2> Update Main Application File |<3> Update Backup Application File |<4> Update Secure Application File |<5> Modify Serial Interface Parameter |<0> Exit To Main Menu ========================================================================== Enter your choice(0-5): | | | | | | |
The submenu is described as follows: Table 17 BootWare serial interface submenu Item
<1> Download Application Program To SDRAM And Run <2> Update Main Application File <3> Update Backup Application File <4> Update Secure Application File <5> Modify Serial Interface Parameter <0> Exit To Main Menu
Description
Download an application program to SDRAM and run it. Upgrade the main application program. Upgrade the backup application program. Upgrade the secure application program. Modify serial interface parameters. Return to the main BootWare menu.
The Ethernet interface submenu is described as follows: Table 18 Ethernet interface submenu Item
<1> Download Application Program To SDRAM And Run 2011-09-27 Huawei Confidential
Description
Download the application program to SDRAM and run it. Page 121 of page141
Quidway AR19_AR29_AR49-VRP520-R2207L30 Release Notes <2> Update Main Application File <3> Update Backup Application File <4> Update Secure Application File <5> Modify Ethernet Parameter <0> Exit To Main Menu Upgrade the main application program. Upgrade the backup application program. Upgrade the secure application program. Modify Ethernet interface parameters. Return to the main BootWare menu.
Description
Display all files. Set an application file type. Set a configuration file type. Delete a file. Return to the main BootWare menu.
2011-09-27
Huawei Confidential
Description
Back up the full BootWare. Restore the full BootWare. Upgrade BootWare through a serial interface Upgrade BootWare through an Ethernet interface Return to the Main BootWare menu
========================================================================== Protocol (FTP or TFTP) :tftp ftp Load File Name :host : Target File Name Server IP Address Local IP Address Gateway IP Address FTP User Name FTP User Password :target : :192.168.1.1 :192.168.1.253 :0.0.0.0 :user :password
Description
To clear the current field, input a (.) and then press Enter. To go to the previous field, input a hyphen (-) and then press Enter. Huawei Confidential Page 123 of page141
Quidway AR19_AR29_AR49-VRP520-R2207L30 Release Notes field Ctrl+D = Quit Protocol (FTP or TFTP) Load File Name Target File Name Server IP Address Local IP Address Gateway IP Address FTP User Name FTP User Password The shortcut key combination for exiting the parameter configuration page is Ctrl+D. Select a transmission protocol, FTP or TFTP. Name of the source file, which must be consistent with the actual name of the file to be downloaded. Name for the target file to be saved. By default, it is the same as the name of the source file on the server. IP address of the FTP/TFTP server. To set a mask, separate the IP address from the mask with a colon (:), for example, 192.168.80.10:24. IP address of the local end, that is, the IP address of the FTP/TFTP client. Configure the gateway IP address if the server and the client are not on the same network segment. This option is not available for TFTP. This option is not available for TFTP.
NOTE: Upon upgrade failure, the system prompts Loading failed. In this case, please reboot the router to validate the reset IP address.
Only FE0 can be used for upgrading an application program through an Ethernet interface on the Quidway 19 series routers and GE0 can be used on the Quidway 29 and Quidway 49 series routers.
Upgrading Procedure
Trivial File Transfer Protocol (TFTP), a protocol in the TCP/IP protocol suite, is used to transfer trivial files between clients and the server. It provides not-so-complex and low-cost file transfer services. TFTP provides unreliable data transfer services over UDP and does not provide any access authorization and authentication mechanism. It employs timeout and retransmission to guarantee the successful delivery of data. The TFTP software is much smaller than the FTP software in size: File Transfer Protocol (FTP) is an application-layer protocol in the TCP/IP protocol suite. It mainly transfers files among remote hosts. Over TCP, FTP provides reliable and connection-oriented data transfer service but does not provide access authorization and authentication mechanism. Set up an upgrade environment.
2011-09-27
Huawei Confidential
Connect GigabitEthernet 0/0 to a PC with a crossover cable. Start the TFTP/FTP program on the PC, and set the path of TFTP/FTP server to directory of the application program. You need to set username and password if FTP server is used. CAUTION: No TFTP/FTP Server is shipped with the Quidway 29 series routers. Modify Ethernet interface parameters. For details, refer to Configuring Ethernet Interface Parameters on page 123. Enter 3 in the main BootWare menu to enter the Ethernet Interface submenu. For example, when upgrading the main application program, enter 2:
Loading................................................................... .......................................................................... ..........Done! 22165484 bytes downloaded! Updating File cfa0:/update.bin
After downloading the file, enter the file name to start the upgrade process:
Updating File main.bin........ Update Success!
Enter 0 to return to the main BootWare menu. Enter 1 to boot the system from the Flash memory. Set the upgraded application program to the main application file, namely, the default boot file of the system. Enter 4 when the above information appears.
==============================<File CONTROL>============================== |Note:the operating device is cfa0 |<1> Display All File(s) | |
2011-09-27
Huawei Confidential
Enter the file control submenu and enter 2 to set the application file type.
'M' = MAIN 'B' = BACKUP 'S' = SECURE 'N/A' = NOT ASSIGNED ========================================================================== |NO. Size(B) |1 |2 |0 22165484 22165484 Exit Time Type Name cfa0:/update.bin cfa0:/main.bin | | | |
==========================================================================
Enter 1 to set the selected application program to the main application file, namely, the default boot file of the system. Enter 0 to return to the main BootWare menu. Enter 1 to boot the system. CAUTION: If the input file name is the same as the original one in the CF card or the flash memory, the system prompts that The file is exist, will you overwrite it? [Y/N]. Enter Y to overwrite the original file. The new application program file will then overwrite the original file of this type, ensuring the uniqueness of the application program on the device. Make sure the available space in the memory is sufficient. Or, the system prompts The free space isn't enough! The file updated will directly overwrite the original file of this type to become the only application program. The file downloaded here will overwrite the original M file and become the main boot program. For details of file types, refer to Files on page 116. You can set the main or backup attribute only for the startup file in the root directory of the device.
2011-09-27
Huawei Confidential
Before upgrading, enter 4 in the menu to configuring Ethernet parameters. For details, refer to Configuring Ethernet Interface Parameters on page 123. Then you can select to upgrade full BootWare, extended BootWare, or basic BootWare.
|--------------------------<Baudrate Avaliable>--------------------------| |<1> 9600(Default)* |<2> 19200 |<3> 38400 |<4> 57600 |<5> 115200 |<0> Exit | | | | | |
Select a proper baud rate, 5 for 115200 bps for example. The following prompt appears:
Baudrate has been changed to 115200 bps. Please change the terminal's baudrate to 115200 bps, press ENTER when ready.
Since the baud rate of the serial interface on the router is changed to 115200 bps, whereas the terminal baud rate remains 9600 bps, they cannot communicate with each other. Change the baud rate on the console terminal to the one selected for downloading software. Perform the following configurations on the console terminal: Figure 6 Disconnect terminal
Select File > Properties, and press Configure to change the baud rate to 115200 bps:
2011-09-27
Huawei Confidential
Select Call > Call to establish a new connection. Figure 8 Establish a new connection
Press Enter to view the current baud rate and return to the previous menu. The system displays:
The current baudrate is 115200 bps
NOTE: Restore the baud rate in the HyperTerminal to 9600 bps after upgrading the BootWare. This ensures that the information can be displayed on the console terminal after system boot or reboot.
2011-09-27
Huawei Confidential
Upgrading BootWare
First, enter 7 in the main BootWare menu (refer to Main BootWare Menu on page 118) to enter the BootWare operation submenu, through which all BootWare operations are performed. For details, refer to BootWare Submenus on page 120. The following example illustrates how to upgrade the full BootWare: First, change the baud rate of the serial interface to speed up upgrading (refer to Main BootWare Menu on page 118 for details), and then enter 3 in the BootWare operation menu. The system displays:
===================<BOOTWARE OPERATION SERIAL SUB-MENU>=================== |<1> Update Full BootWare |<2> Update Extend BootWare |<3> Update Basic BootWare |<4> Modify Serial Interface Parameter |<0> Exit To Main Menu | | | | |
Enter 4 in the BootWare operation menu to set the baud rate. For details about this menu, refer to BootWare operation submenu on page 122. Enter 1, and the system displays:
Please Start To Transfer File, Press <Ctrl+C> To Exit. Waiting ...CC
Select Transfer > Send file in the HyperTerminal window. The following window appears: Figure 9 Send file dialog box
Click Browse to select the application program file to be downloaded, and select XModem for the Protocol field. Then click Send. The following interface appears:
2011-09-27
Huawei Confidential
Upon completion of downloading, the following information appears, indicating that download and upgrade succeeds:
Download successfully! 425045 bytes downloaded!
Change the baud rate of the console terminal from 115200 bps to 9600 bps, and then reboot the router. NOTE: The file name, size and path vary in different situations. Before upgrading, check the current version of BootWare and application program.
Restore the baud rate in the HyperTerminal to 9600 bps after upgrading the BootWare. This ensures that the information can be displayed on the console terminal after system boot or reboot. Upgrading the extended BootWare involves only a segment of BootWare. Once an error occurs, you can re-upgrade BootWare.
2011-09-27
Huawei Confidential
Select an application program file and send it. The procedure for upgrading an application program through a serial interface is similar to that for upgrading BootWare. For the detailed procedure, see Upgrading BootWare on page 130. NOTE: Generally an application program is more than 10 MB in size. Even if the baud rate is changed to 115200 bps, it usually takes about 30 minutes to upgrade an application program. Therefore, you are recommended to upgrade an application program through an Ethernet interface.
==========================================================================
========================================================================== |NO. Size(B) |1 |2 |3 |4 640199 22165484 1181 22165484 Time Type Name cfa0:/logfile/logfile.log cfa0:/update.bin cfa0:/startup.cfg cfa0:/main.bin | | | | |
Dec/20/2007 09:53:16 N/A Dec/20/2007 09:18:10 B+S Dec/20/2007 09:42:54 N/A Dec/20/2007 09:42:28 M
==========================================================================
2011-09-27
Huawei Confidential
Enter the number of the file to be modified and press Enter, the system will prompt you to modify the file type:
Modify the file attribute: ========================================================================== |<1> +Main |<2> -Main |<3> +Backup |<4> -Backup |<0> Exit | | | | |
You can set the file type to M (main) or B (backup) or cancel the setting by entering digits 1 to 4. Refer to Introduction on page 109 for details.
Enter the number of the file to be modified and press Enter, the system prompts you to modify the file type:
Modify the file attribute: ========================================================================== |<1> +Main |<2> -Main |<3> +Backup |<4> -Backup |<0> Exit | | | | |
You can set the file type to M (main) or B (backup) or cancel the setting by entering digits 1 to 4. Refer to Introduction on page 109 for details.
Deleting files
Enter 4 in the file control submenu to delete files:
Deleting the file in cfa0: 'M' = MAIN 'B' = BACKUP 'S' = SECURE 'N/A' = NOT ASSIGNED
==========================================================================
2011-09-27
Huawei Confidential
Dec/20/2007 09:53:16 N/A Dec/20/2007 09:18:10 B+S Dec/20/2007 09:42:54 N/A Dec/20/2007 09:42:28 M
Enter the number of the file to be deleted and press Enter, and then the system displays:
The file you selected is cfa0:/backup.bak,Delete it? [Y/N]Y Deleting........Done!
CAUTION: You can set the main or backup attribute only for the application and configuration file in the root directory, and the full filename (including the path) of the application file must not exceed 63 characters
The system prompts the setting succeeds. When the main BootWare menu appears again, enter 0 to reboot the system. Set a new password in system view.
[SYSTEM]user-interface console 0 [SYSTEM-ui-console0]authentication-mode password [SYSTEM-ui-console0]set authentication password simple 123456
The above information indicates that the password authentication is adopted on the console interface and the password is set to 123456 and stored in plain text.
2011-09-27
Huawei Confidential
NOTE: After reboot, the system runs the initial default configuration, but the original configuration file is stored in the Flash memory. To restore the original configuration, you can use the display saved-configuration command to display it, and then copy and execute it. If the password is stored in plain text, you can use the display current-configuration command to view the password in the current configuration. If you use the set authentication password cipher 123456 command to set a password, the password is stored in cipher text.. Save the new configuration.
[SYSTEM] save
NOTE: The password modification fails when the old password is not correct or new password is inconsistent. Then the system will exit this operation.
2011-09-27
Huawei Confidential
Now, the entire BootWare is backed up to the memory. Enter 2 under the menu to restore the BootWare in the memory to the system:
Will you restore the Basic BootWare? [Y/N]Y Begin to restore Normal Basic BootWare................................Done! Will you restore the Extend BootWare? [Y/N]Y Begin to restore Normal Extend BootWare................................Done!
Click Browse. On the dialog box displayed, select the target application file in the local path, and specify the name of the application file to be stored on the device. Then select the If the file with same name exists, overwrite it out remind check box. Click Apply to upgrade the software, as shown in the following figure.
2011-09-27
Huawei Confidential
The upgrade process takes about three to five minutes. During this process, ensure that the network connection is normal and do not power off or restart the device.
After the upgrade is complete, the system displays the following information and you need to restart the device.
2011-09-27
Huawei Confidential
Before restarting the device, follow these steps to save the current system configuration: select System Management > Configuration from the navigation tree to enter the default Save page, and then click Save Current Settings, as shown in the following figure.
After saving the configuration information, select System Management > Reboot from the navigation tree to enter the page shown below. Click Apply to reboot the device.
Page 138 of page141
2011-09-27
Huawei Confidential
Copyright 2011 HUAWEI Technologies Co., Ltd. All rights reserved. No part of this manual may be reproduced or transmitted in any form or by any means without prior written consent of HUAWEI Technologies Co., Ltd. The information in this document is subject to change without notice.
2011-09-27
Huawei Confidential