H3C S3100 Series, Command Manual

Page 1: ...H3C S3100 Series Ethernet Switches Command Manual For Soliton Hangzhou H3C Technologies Co Ltd http www h3c com Manual Version 20080928 C 1 02...

Page 2: ...nnoVision and HUASAN are trademarks of Hangzhou H3C Technologies Co Ltd All other trademarks that may be mentioned in this manual are the property of their respective owners Notice The information in...

Page 3: ...stallation Organization H3C S3100 Series Ethernet Switches Command Manual For Soliton is organized as follows Part Contents 1 CLI Introduces the commands used for switching between the command levels...

Page 4: ...configuration 18 AAA Introduces the commands used for AAA RADIUS HWTACACS and EAD configuration 19 MAC Address Authentication Introduces the commands used for MAC address authentication configuration...

Page 5: ...this command manual in an alphabetic order The parts and pages where the commands are described are also given Conventions The manual uses the following conventions I Command conventions Convention De...

Page 6: ...names menu items data table and field names are inside square brackets For example pop up the New User window Multi level menus are separated by forward slashes For example File Create Folder III Sym...

Page 7: ...hes Table of Contents i Table of Contents Chapter 1 CLI Configuration Commands 1 1 1 1 CLI Configuration Commands 1 1 1 1 1 command privilege level 1 1 1 1 2 display history command 1 3 1 1 3 super 1...

Page 8: ...view that the Ethernet switch supports The S3100 series For Soliton support only the CLI views listed in Table 1 1 Table 1 1 Available CLI views for the view argument CLI view Description acl adv Adv...

Page 9: ...t the level of a specified command in a specified view Use the undo command privilege view command to restore the default Commands fall into four levels visit level 0 monitor level 1 system level 2 an...

Page 10: ...ay history command View Any view Parameters None Description Use the display history command command to display the history commands of the current user so that the user can check the configurations p...

Page 11: ...high to low user level switching is unlimited However the low to high user level switching requires the corresponding authentication The authentication mode can be set through the super authentication...

Page 12: ...r level switching Use the undo super authentication mode command to restore the default By default super password authentication is adopted for low to high user level switching Note that the two authe...

Page 13: ...vel level cipher simple password undo super password level level View System view Parameters level level User level in the range of 1 to 3 It is 3 by default cipher Stores the password in the configur...

Page 14: ...figuration By default no such password is set Note that no matter whether a plain text or cipher text password is set users must enter the plain text password during authentication Examples Set the sw...

Page 15: ...ze 1 13 1 1 11 idle timeout 1 14 1 1 12 ip http shutdown 1 15 1 1 13 lock 1 16 1 1 14 parity 1 17 1 1 15 protocol inbound 1 17 1 1 16 screen length 1 19 1 1 17 send 1 19 1 1 18 service type 1 20 1 1 1...

Page 16: ...mber to set the local password using the set authentication password command Otherwise AUX users can log in to the switch successfully without password but VTY users will fail the login VTY users must...

Page 17: ...eme there are three scenarios when the supported protocol is specified as telnet TCP 23 will be enabled when the supported protocol is specified as SSH TCP 22 will be enabled when the supported protoc...

Page 18: ...telnet level 2 After the configuration when a user logs in to the switch through VTY0 the user must enter the configured username and password 1 1 2 auto execute command Syntax auto execute command te...

Page 19: ...ysname user interface vty 0 Sysname ui vty0 auto execute command telnet 10 110 100 1 This action will lead to configuration failure through ui vty0 Are you sure Y N y After the above configuration whe...

Page 20: ...Sysname system view System View return to User View with Ctrl Z Sysname undo copyright info enable After the above configuration no copyright information is displayed after a user logs in as shown bel...

Page 21: ...bered from 0 to 12 summary Displays the summary information about a user interface Description Use the display user interface command to display the information about a specified user interface or all...

Page 22: ...a modem is used Privi Available command level Auth Authentication mode Int Physical position of the user interface Super The authentication mode used for a user to switch from the current lower user...

Page 23: ...user interface is idle The total number of Us and Xs is the total number of user interfaces that are available character mode users U The number of current users that is the number of Us UI never used...

Page 24: ...es and those in the right sub column are the relative user interface indexes Delay The period in seconds the user interface idles for Type User type Ipaddress The IP address from which the user logs i...

Page 25: ...r interface Syntax free user interface type number View User view Parameters type User interface type which can be AUX for AUX user interface and VTY for VTY user interface number User interface index...

Page 26: ...ord is valid only when users are authenticated before they log in to the switch and appears while the switch prompts for user name and password If a user logs in to the switch through Web the banner t...

Page 27: ...s required In the latter case the shell banner is not displayed z The banner configured with the header legal command is displayed when you enter the user interface If password authentication is enabl...

Page 28: ...played Copyright c 2004 2008 Hangzhou H3C Tech Co Ltd All rights reserved Without the owner s prior written consent no decompiling or reverse engineering shall be allowed Welcome to legal Press Y or E...

Page 29: ...meout Syntax idle timeout minutes seconds undo idle timeout View User interface view Parameters minutes Number of minutes This argument ranges from 0 to 35 791 seconds Number of seconds This argument...

Page 30: ...will be enabled or disabled after corresponding configurations z TCP 80 port is enabled only after you use the undo ip http shutdown command to enable the Web server z If you use the ip http shutdown...

Page 31: ...ck a user interface press Enter and then enter the password as prompted Note that if you set a password containing more than 16 characters the system matches only the first 16 characters of the passwo...

Page 32: ...the check mode of the user interface Use the undo parity command to revert to the default check mode By default no check is performed Examples Set to perform even checks Sysname system view System Vi...

Page 33: ...P 23 will be enabled and TCP 22 will be disabled z If the authentication mode is scheme there are three scenarios when the supported protocol is specified as telnet TCP 23 will be enabled when the sup...

Page 34: ...length command to revert to the default number of lines By default the terminal screen can contain up to 24 lines You can use the screen length 0 command to disable the function to display information...

Page 35: ...and to send messages to a user interface or all the user interfaces Examples Send hello to all user interfaces Sysname send all Enter message end with CTRL Z or Enter abort with CTRL C hello Z Send me...

Page 36: ...and so on The display and debugging commands are at monitor level Commands at this level cannot be saved in configuration files z System level Commands at this level are used to configure services Com...

Page 37: ...set The password must be in plain text if you specify the simple keyword in the set authentication password command If you specify the cipher keyword the password can be in either cipher text or plain...

Page 38: ...tax shell undo shell View User interface view Parameters None Description Use the shell command to enable terminal services Use the undo shell command to disable terminal services By default terminal...

Page 39: ...d 115 200 Description Use the speed command to set the transmission speed of the user interface Use the undo speed command to revert to the default transmission speed By default the transmission speed...

Page 40: ...terminal emulation utility does not affect the communication between them Examples Set the stop bits to 2 Sysname system view System View return to User View with Ctrl Z Sysname user interface aux 0 S...

Page 41: ...en consent no decompiling or reverse engineering shall be allowed SwitchB 1 1 24 telnet ipv6 Syntax telnet ipv6 remote system i interface type interface number port number View User view Parameters re...

Page 42: ...er interface first number User interface index identifying the first user interface to be configured A user interface index can be relative or absolute z In relative user interface index scheme the ty...

Page 43: ...and manage which are described as follows z Visit level Commands at this level are used to diagnose network such as the ping tracert and telnet command Commands at this level cannot be saved in config...

Page 44: ...mmands as listed in the following Sysname User view commands cluster Run cluster command debugging Enable system debugging functions display Display current system information msdp tracert MSDP trace...

Page 45: ...0 to 3999 for advanced ACLs inbound Applies the ACL for the users Telnetting to the local switch from the current user interface outbound Applies the ACL for the users Telnetting to other devices from...

Page 46: ...o 80 characters Description Use the free web users command to disconnect a specified Web user or all Web users by force Examples Disconnect all Web users by force Sysname free web users all 2 1 3 ip h...

Page 47: ...e community The acl number argument ranges from 2000 to 2999 mib view view name Sets the name of the MIB view accessible to the community The view name argument is a string of 1 to 32 characters Descr...

Page 48: ...authentication Specifies to authenticate SNMP data without encrypting the data privacy Authenticates and encrypts packets read view Name of the view to be set to read only This argument can be of 1 to...

Page 49: ...ode aes128 des56 priv password acl acl number undo snmp agent usm user v3 user name group name engineid engineid string local View System view Parameters v1 SNMPv1 v2c SNMPv2c v3 SNMPv3 user name User...

Page 50: ...string of even number of hexadecimal numbers and comprising of 10 to 64 hexadecimal digits Description Use the snmp agent usm user command to add a user to an SNMP group You can also optionally use t...

Page 51: ...ration File Management Commands 1 1 1 1 File Attribute Configuration Commands 1 1 1 1 1 display current configuration 1 1 1 1 2 display current configuration vlan 1 6 1 1 3 display saved configuration...

Page 52: ...ext txt in the current directory you can directly input the file name text txt as the file URL 1 1 File Attribute Configuration Commands 1 1 1 display current configuration Syntax display current conf...

Page 53: ...ar expression z include Displays only the lines that match the regular expression A regular expression also supports some special characters For match rules of the special characters refer to Table 1...

Page 54: ...rrent configuration command to display the current configuration of a switch After you finish a set of configurations you can execute the display current configuration command to display the parameter...

Page 55: ...Ethernet1 0 9 interface Ethernet1 0 10 interface Ethernet1 0 11 interface Ethernet1 0 12 interface Ethernet1 0 13 interface Ethernet1 0 14 interface Ethernet1 0 15 interface Ethernet1 0 16 interface E...

Page 56: ...splay current configuration include 10 vlan 1 interface Vlan interface1 ip address 192 168 0 241 255 255 255 0 interface Aux1 0 0 interface Ethernet1 0 1 port link aggregation group 1 interface Ethern...

Page 57: ...n vlan id by linenum View Any view Parameters vlan vlan id VLAN ID in the range 1 to 4094 by linenum Displays configuration information with line numbers Description Use the display current configurat...

Page 58: ...tion with line numbers Description Use the display saved configuration command to display the initial configuration file of a switch Note that z If the switch starts up without a configuration file th...

Page 59: ...TE interface Aux1 0 0 interface Ethernet1 0 1 interface Ethernet1 0 2 interface Ethernet1 0 3 interface Ethernet1 0 4 interface Ethernet1 0 5 interface Ethernet1 0 6 interface Ethernet1 0 7 interface...

Page 60: ...GigabitEthernet1 1 1 interface GigabitEthernet1 1 2 shutdown interface GigabitEthernet1 2 1 interface GigabitEthernet1 2 2 shutdown TOPOLOGYCFG MUST NOT DELETE GLBCFG MUST NOT DELETE interface NULL0...

Page 61: ...ackup cfg Bootrom access enable state enabled Table 1 2 Description on the fields of the display startup command Field Description Current Startup saved configuration file The configuration file used...

Page 62: ...played z The configured parameter whose corresponding function does not take effect is not displayed z Execution of this command in any user interface view or VLAN view displays the valid configuratio...

Page 63: ...configuration file with backup attribute it only erases the backup attribute of a configuration file having both main and backup attribute You may need to erase the configuration file for one of thes...

Page 64: ...nt configuration to it The file attribute is neither main nor backup z If the cfgfile argument is specified and the file specified by it exists the system will save the current configuration to the sp...

Page 65: ...next startup Sysname save main The configuration will be written to the device Are you sure Y N y Please input the file name cfg To leave the existing filename unchanged press the enter key 123 cfg N...

Page 66: ...ation when it restarts Note that If you execute the startup saved configuration command with neither the backup nor the main keyword specified the configuration file identified by the cfgfile argument...

Page 67: ...1 10 1 2 1 display port 1 10 1 2 2 port 1 10 1 2 3 port access vlan 1 11 1 2 4 port hybrid pvid vlan 1 12 1 2 5 port hybrid vlan 1 13 1 2 6 port link type 1 14 1 2 7 port trunk permit vlan 1 15 1 2 8...

Page 68: ...rrent VLAN or VLAN interface You can use the description to provide information helping identify the devices or network segment attached to the VLAN or VLAN interface and so on Use the undo descriptio...

Page 69: ...d VLAN interface or all VLAN interfaces already created if no VLAN interface is specified The output of this command shows the state IP address description and other information of a VLAN interface Yo...

Page 70: ...of the following z DOWN The protocol state of this VLAN interface is down usually because no IP address is configured z UP The protocol state of this VLAN interface is up IP Sending Frames Format is...

Page 71: ...Dynamic VLANs refer to VLANs that are generated through GVRP or those distributed by a RADIUS server static Displays the number of static VLANs and the ID of each static VLAN Static VLANs refer to VL...

Page 72: ...the VLAN interface Description Description of the VLAN Name VLAN name Tagged Ports Ports out of which packets are sent tagged Untagged Ports Ports out of which packets are sent untagged 1 1 4 interfac...

Page 73: ...w return to User View with Ctrl Z Sysname interface Vlan interface 1 Sysname Vlan interface1 1 1 5 name Syntax name text undo name View VLAN view Parameters text VLAN name a description of 1 to 32 cha...

Page 74: ...LAN z When all the Ethernet ports in the VLAN are down the VLAN interface of the VLAN is down that is disabled z When one or more Ethernet ports in the VLAN are up the VLAN interface of the VLAN is up...

Page 75: ...N you want to create or remove in the range of 1 to 4094 to vlan id2 In conjunction with vlan id1 specify a VLAN ID range you want to create or remove The vlan id2 argument takes a value in the range...

Page 76: ...LAN on the trunk port or hybrid port does not change The port will continue to use the removed VLAN as its default VLAN Examples Create VLAN 5 and enter its VLAN view Sysname system view System View r...

Page 77: ...mand Examples Display the existing hybrid ports Sysname display port hybrid The following hybrid ports exist Ethernet1 0 1 Ethernet1 0 2 The above information shows the current system has two hybrid p...

Page 78: ...ation about how to assign to or remove from a VLAN trunk or hybrid ports refer to the port hybrid vlan command and the port trunk permit vlan command For port type configuration refer to the port link...

Page 79: ...command to remove the access port from the specified VLAN After that the access port joins VLAN 1 automatically Examples Assign Ethernet 1 0 1 to VLAN 3 Sysname system view System View return to User...

Page 80: ...w return to User View with Ctrl Z Sysname interface ethernet1 0 1 Sysname Ethernet1 0 1 port link type hybrid Sysname Ethernet1 0 1 port hybrid pvid vlan 100 1 2 5 port hybrid vlan Syntax port hybrid...

Page 81: ...ecified each time does not overwrite those configured before if any The VLAN specified by the vlan id argument must already exist Otherwise this command is invalid Related commands port link type Exam...

Page 82: ...ist all undo port trunk permit vlan vlan id list all View Ethernet port view Parameters vlan id list List of the VLANs that the current trunk port will be assigned to or removed from In this list you...

Page 83: ...any Related commands port link type Examples Assign the trunk port Ethernet 1 0 1 to VLAN 2 VLAN 4 and VLAN 50 through VLAN 100 Sysname system view System View return to User View with Ctrl Z Sysname...

Page 84: ...AN to be transmitted properly Related commands port link type port trunk permit vlan Examples Set the default VLAN ID of the trunk port Ethernet 1 0 1 to 100 Sysname system view System View return to...

Page 85: ...cify the VLAN ID for which the MAC to VLAN mapping is to be displayed Description Use the display mac vlan command to display MAC to VLAN mappings Examples Display all the MAC to VLAN mappings Sysname...

Page 86: ...ac vlan all mac address mac addr vlan vlan id View System view Parameters mac addr Specifies a MAC address vlan vlan id Specify a VLAN ID in the range of 1 to 4094 priority priority Specify an 802 1p...

Page 87: ...a link aggregation member port z You cannot enable MAC based VLAN on a port configured with VLAN VPN or selective QinQ By default MAC based VLAN is disabled Examples Enable MAC based VLAN on GigabitEt...

Page 88: ...display protocol vlan interface command to display information about protocol based VLANs and protocol templates for the specified port s Related commands port hybrid protocol vlan vlan protocol vlan...

Page 89: ...s a value in the range of 1 to 4094 and must not be less than that of vlan id1 all Displays all protocol VLANs and their protocol template information Description Use the display protocol vlan vlan co...

Page 90: ...emplate must have been configured for the VLAN protocol index Specifies a protocol template in the range of 0 to 15 to protocol index end In conjunction with protocol index specify a protocol index ra...

Page 91: ...emplate the system will report operation failure if the index of the specified protocol to be removed does not exist If a part of the specified protocol indexes to be removed do not exist the switch w...

Page 92: ...packet The etype id argument indicates the protocol type value and ranges from 0x0600 to 0xFFFF protocol index Beginning protocol index ranging from 0 to 4 If you do not specify this argument the beg...

Page 93: ...and assign IP packets to VLAN 3 for transmission Sysname system view System View return to User View with Ctrl Z Sysname vlan 3 Sysname vlan3 protocol vlan ip Caution Because the IP protocol is closel...

Page 94: ...face brief 1 4 1 1 5 display ip routing table 1 5 1 1 6 display ip routing table acl 1 7 1 1 7 display ip routing table ip address 1 10 1 1 8 display ip routing table ip address1 ip address2 1 11 1 1...

Page 95: ...Use the delete static routes all command to delete all static routes The system will request your confirmation before it deletes all the configured static routes Related command ip route static and di...

Page 96: ...tate DOWN IP Sending Frames Format is PKTFMT_ETHNT_2 Hardware address is 000f e256 ae10 Internet Address is 192 168 0 39 24 Primary Description Vlan interface1 Interface The Maximum Transmit Unit is 1...

Page 97: ...lan interface1 current state UP Line protocol current state UP Internet Address is 192 168 0 39 24 Primary Broadcast address 192 168 0 255 The Maximum Transmit Unit 1500 bytes IP packets input number...

Page 98: ...ets total bytes and multicast packets TTL invalid packet number Number of received packets with TTL errors ICMP packet input number Number of received ICMP messages Echo reply Echo replies Unreachable...

Page 99: ...168 0 39 up up Vlan inte Table 1 3 Description on fields of the display ip interface brief command Field Description down The interface is administratively shut down with the shutdown command s Spoof...

Page 100: ...with the items of a routing entry contained in one line The information displayed includes destination IP address mask length protocol preference cost next hop and outbound interface The display ip ro...

Page 101: ...mand displays the routes that match a specified basic ACL you can use it to trace routing policies Example Display the summary information about the active routes that match ACL 2000 Sysname system vi...

Page 102: ...Vlan interface1 State Int ActiveU Gateway Static Unicast Age 1 48 18 Cost 0 0 Table 1 5 Description on the fields of the display ip routing table acl command Field Description Destination Destination...

Page 103: ...ion For details refer to corresponding routing protocols Int The route is discovered by the internal gateway protocol IGP NoAdvise The route is not advertised when the router advertises routes based o...

Page 104: ...ip routing table ip address command to display the information about the routes leading to a specified destination The output information of this command differs with the arguments keywords specified...

Page 105: ...ActiveU Gateway Static Unicast Age 32 31 Cost 0 0 Refer to Table 1 5 for the description on the output fields 1 1 8 display ip routing table ip address1 ip address2 Syntax display ip routing table ip...

Page 106: ...he output fields 1 1 9 display ip routing table protocol Syntax display ip routing table protocol protocol inactive verbose View Any view Parameter protocol This argument can be one of the following z...

Page 107: ...routing table Sysname display ip routing table protocol static STATIC Routing tables Summary count 1 STATIC Routing table status active Summary count 1 Destination Mask Protocol Pre Cost Nexthop Inte...

Page 108: ...tistics Syntax display ip routing table statistics View Any view Parameter None Description Use the display ip routing table statistics command to display the statistics of a routing table The statist...

Page 109: ...routes with deleted flags this type of routes will be removed after a period of time Total Total numbers of various routes 1 1 12 display ip routing table verbose Syntax display ip routing table verbo...

Page 110: ...the statistics information about the routing table Table 1 8 Description on the fields of the display ip routing table verbose command Field Description Holddown Number of the routes that are held do...

Page 111: ...interface view Sysname system view System View return to User View with Ctrl Z Sysname vlan 10 Sysname vlan10 quit Sysname management vlan 10 Sysname interface Vlan interface 10 Sysname Vlan interfac...

Page 112: ...er Next hop outgoing interface Currently you can specify a NULL interface only A null interface is a virtual interface Packets destined for a null interface are discarded helping to reduce system load...

Page 113: ...if neither of the reject and blackhole keywords is specified Note the following when configuring a static route z The next hop address of a static route cannot be the VLAN interface address of the loc...

Page 114: ...et ip routing table statistics protocol command to clear the statistics of routes in a routing table Example Before executing the reset ip routing table statistics protocol command use the display ip...

Page 115: ...ment VLAN H3C S3100 Series Ethernet Switches Chapter 1 Management VLAN Configuration Commands 1 21 DIRECT 4 4 0 0 STATIC 0 0 0 0 Total 4 4 0 0 The above information shows that the routing statistics i...

Page 116: ...ommands 2 1 2 1 1 display fib 2 1 2 1 2 display fib ip address 2 2 2 1 3 display fib acl 2 3 2 1 4 display fib 2 4 2 1 5 display fib statistics 2 5 2 1 6 display icmp statistics 2 5 2 1 7 display ip s...

Page 117: ...n about a specified or all Layer 3 interfaces If no argument is specified information about all Layer 3 interfaces is displayed Examples Display information about VLAN interface 1 Sysname display ip i...

Page 118: ...r 9678 bytes 475001 multicasts 7 IP packets output number 8622 bytes 391084 multicasts 0 Total number of packets bytes and multicast packets forwarded and received on the interface TTL invalid packet...

Page 119: ...e interface type and interface number specified it displays information about the specified interface Related commands display ip interface Examples Display brief information about VLAN interface 1 Sy...

Page 120: ...View VLAN interface view loopback interface view Parameters ip address IP address in dotted decimal notation mask Subnet mask in dotted decimal notation mask length Subnet mask length the number of co...

Page 121: ...r 1 IP Address Configuration Commands 1 5 Examples Assign the IP address 129 12 0 1 to VLAN interface 1 with subnet mask 255 255 255 0 Sysname system view System View return to User View with Ctrl Z S...

Page 122: ...command to display all forwarding information base FIB information Examples Display all FIB information Sysname display fib Flag U Usable G Gateway H Host B Blackhole D Dynamic S Static R Reject E Eq...

Page 123: ...dress Syntax display fib ip address1 mask1 mask length1 ip address2 mask2 mask length2 longer longer View Any view Parameters ip address1 ip address2 Destination IP addresses in dotted decimal notatio...

Page 124: ...Entry Count 1 Flag U Usable G Gateway H Host B Blackhole D Dynamic S Static R Reject E Equal cost multi path L Generated by ARP or ESIS Destination Mask Nexthop Flag TimeStamp Interface 12 158 10 0 24...

Page 125: ...ched by access list 2001 Summary Counts 1 Flag U Usable G Gateway H Host B Blackhole D Dynamic S Static R Reject E Equal cost multi path L Generated by ARP or ESIS Destination Mask Nexthop Flag TimeSt...

Page 126: ...ning the string 169 254 0 0 Sysname display fib begin 169 254 0 0 169 254 0 0 16 2 1 1 1 U t 0 Vlan interface1 2 0 0 0 16 2 1 1 1 U t 0 Vlan interface1 For details about the displayed information see...

Page 127: ...set ip statistics Examples Display the statistics about ICMP packets Sysname display icmp statistics Input bad formats 0 bad checksum 0 echo 5 destination unreachable 0 source quench 0 redirects 0 ech...

Page 128: ...er of received time stamp packets information request Number of received information request packets mask requests Number of received mask requests mask replies Number of received mask replies Input t...

Page 129: ...6 LA 0 0 0 0 23 FA 0 0 0 0 0 sndbuf 8192 rcvbuf 8192 sb_cc 0 rb_cc 0 socket option SO_ACCEPTCONN SO_KEEPALIVE SO_SENDVPNID SO_SETKEEPALIVE socket state SS_PRIV SS_ASYNC Task VTYD 18 socketid 2 Proto...

Page 130: ...cc Current data size in the receiving buffer socket option Option of a socket socket state State of a socket 2 1 8 display ip statistics Syntax display ip statistics View Any view Parameters None Desc...

Page 131: ...kets with incorrect header format that contains a wrong version or has a header length less than 20 bytes bad checksum Total number of packets with incorrect checksum Input bad options Total number of...

Page 132: ...packets Total 753 packets in sequence 412 11032 bytes window probe packets 0 window update packets 0 checksum error 0 offset error 0 short error 0 duplicate packets 4 88 bytes partially duplicate pack...

Page 133: ...be packets Number of window probe packets received window update packets Number of window update packets received checksum error Number of checksum error packets received offset error Number of offset...

Page 134: ...timeouts connections dropped in retransmitted timeout Number of connections broken due to retransmission timeouts Keepalive timeout Number of keepalive timer timeouts keepalive probe Number of keepali...

Page 135: ...Connection TCPCB Local Add port Foreign Add port State 03e37dc4 0 0 0 0 4001 0 0 0 0 0 Listening 04217174 100 0 0 204 23 100 0 0 253 65508 Established Table 2 6 Description on the fields of the displ...

Page 136: ...7187 Table 2 7 Description on the fields of the display udp statistics command Field Description Total Total number of received UDP packets checksum error Total number of packets with incorrect checks...

Page 137: ...send command to disable the device from sending ICMP redirection packets By default the device is enabled to send ICMP redirection packets Examples Disable the device from sending ICMP redirection pac...

Page 138: ...nreachable packets Examples Disable the device from sending ICMP destination unreachable packets Sysname system view System View return to User View with Ctrl Z Sysname undo icmp unreach send 2 1 14 r...

Page 139: ...kets Sysname reset tcp statistics 2 1 16 reset udp statistics Syntax reset udp statistics View User view Parameters None Description Use the reset udp statistics command to clear the statistics about...

Page 140: ...value of the TCP finwait timer to 800 seconds Sysname system view System View return to User View with Ctrl Z Sysname tcp timer fin timeout 800 2 1 18 tcp timer syn timeout Syntax tcp timer syn timeo...

Page 141: ...ilobytes KB in the range of 1 to 32 Description Use the tcp window command to configure the size of the transmission and receiving buffers of the connection oriented socket Use the undo tcp window com...

Page 142: ...VLAN Configuration Commands 1 1 1 1 1 display voice vlan error info 1 1 1 1 2 display voice vlan oui 1 1 1 1 3 display voice vlan status 1 2 1 1 4 display vlan 1 3 1 1 5 voice vlan 1 4 1 1 6 voice vl...

Page 143: ...Description Use the display voice vlan error info command to display the ports on which the voice VLAN function fails to be enabled Note When ACL number applied to a port reaches to its threshold voi...

Page 144: ...e OUI list for the voice VLAN Sysname display voice vlan oui Oui Address Mask Description 0003 6b00 0000 ffff ff00 0000 Cisco phone 000f e200 0000 ffff ff00 0000 H3C Aolynk phone 00d0 1e00 0000 ffff f...

Page 145: ...status of global voice VLAN function enabled or disabled Voice Vlan ID The VLAN which is currently enabled with voice VLAN Voice Vlan security mode The status of voice VLAN security mode enabled or d...

Page 146: ...suming that the current voice VLAN is VLAN 6 Sysname display vlan 6 VLAN ID 6 VLAN Type static Route Interface not configured Description VLAN 0006 Name VLAN 0006 Tagged Ports Ethernet1 0 5 Untagged P...

Page 147: ...he voice vlan enable command Caution z If you want to delete a VLAN with voice VLAN function enabled you must disable the voice VLAN function first z The voice VLAN function can be enabled for only on...

Page 148: ...o the voice VLAN statically When setting the voice VLAN aging timer consider the usage frequency of IP phones Note that z A large voice VLAN aging timer setting can prevent a port from being assigned...

Page 149: ...is disabled on all ports To have the voice VLAN function take effect on a port you must enable it both globally and on the port Note that the operations are order independent Note Voice VLAN is not s...

Page 150: ...y function is disabled Examples Enable the voice VLAN legacy function on Ethernet1 0 1 Sysname system view System View return to User View with Ctrl Z Sysname interface Ethernet 1 0 1 Sysname Ethernet...

Page 151: ...fined OUI addresses in Table 1 2 You can modify them with the voice vlan mac address command The OUI list can contain up to 16 OUI address entries Table 1 2 Default OUI addresses of a switch Number OU...

Page 152: ...AN tag If the port has not received any voice data before the voice VLAN aging timer expires the port is removed from the voice VLAN automatically By default an Ethernet port works in automatic voice...

Page 153: ...curity mode the ports in a voice VLAN and with voice devices attached to can only forward voice data Data packets with their MAC addresses not among the OUI addresses that can be identified by the sys...

Page 154: ...mmands 1 1 1 1 GARP Configuration Commands 1 1 1 1 1 display garp statistics 1 1 1 1 2 display garp timer 1 2 1 1 3 garp timer 1 3 1 1 4 garp timer leaveall 1 5 1 1 5 reset garp statistics 1 6 1 2 GVR...

Page 155: ...t exceed 10 Description Use the display garp statistics command to display the GARP statistics of the specified or all ports If the interface interface list keyword argument combination is not specifi...

Page 156: ...r interface interface list View Any view Parameters interface list Specifies a list of Ethernet ports of which the GARP timer settings are to be displayed In this list you can specify individual ports...

Page 157: ...ds 1 1 3 garp timer Syntax garp timer hold join leave timer value undo garp timer hold join leave View Ethernet port view Parameters hold Sets the GARP Hold timer join Sets the GARP Join timer leave S...

Page 158: ...timeout time of the Hold timer You can change the threshold by changing the timeout time of the Hold timer This upper threshold is less than one half of the timeout time of the Leave timer You can cha...

Page 159: ...nt with the Leave timer settings of other Ethernet ports as references That is this argument needs to be larger than the Leave timer settings of any Ethernet ports Also note that this argument needs t...

Page 160: ...number1 to interface type interface number2 with interface number2 taking a value greater than interface number1 The total number of individual ports and port ranges defined in the list must not excee...

Page 161: ...te that this command displays GVRP statistics only on the trunk ports included in the list Statistics on non trunk ports will not be displayed Description Use the display gvrp statistics command to di...

Page 162: ...Description Use the gvrp command to enable GVRP globally in system view or for a port in Ethernet port view Use the undo gvrp command to disable GVRP globally in system view or on a port in Ethernet p...

Page 163: ...n GVRP registration mode A port operating in this mode cannot register or deregister VLAN information dynamically It permits only VLAN 1 that is it propagates only the information about VLAN 1 to the...

Page 164: ...Command Manual For Soliton GVRP H3C S3100 Series Ethernet Switches Chapter 1 GVRP Configuration Commands 1 10 Sysname Ethernet1 0 1 gvrp registration fixed...

Page 165: ...1 19 1 1 13 flow interval 1 20 1 1 14 flow control 1 20 1 1 15 interface 1 21 1 1 16 jumboframe enable 1 22 1 1 17 link delay 1 23 1 1 18 loopback 1 24 1 1 19 loopback detection control enable 1 24 1...

Page 166: ...of 1 and defaults to 100 The smaller the ratio is the less broadcast traffic is allowed max bps Maximum number in Kbps of broadcast traffic that can be received per second on an Ethernet port in step...

Page 167: ...the Traffic Policing enabled broadcast suppression function cannot be enabled either on System view or Ethernet port view Refer to the QoS part for information about Traffic Policing Example Allow inc...

Page 168: ...uses the port with the smallest port number in the aggregation group as the source z If you specify a destination aggregation group ID the configuration of the source port will be copied to all ports...

Page 169: ...be copied the system will print the error message Note z Any aggregation group port you input in the destination port list will be removed from the list and the copy command will not take effect on t...

Page 170: ...is defined for a port You can use the display brief interface command to display the configured description Example Set description string lanswitch interface for the Ethernet1 0 1 port Sysname syste...

Page 171: ...e command to display the brief configuration information about one or all interfaces including interface type link state link rate duplex attribute link type default VLAN ID and description string Not...

Page 172: ...Description Port description string The state of an Ethernet port can be UP DOWN or ADMINISTRATIVELY DOWN The following table shows the port state transitions Table 1 2 Port state transitions Initial...

Page 173: ...he Ethernet1 0 1 port Sysname display interface ethernet1 0 1 Ethernet1 0 1 current state DOWN IP Sending Frames Format is PKTFMT_ETHNT_2 Hardware address is 0012 a990 2240 Media type is twisted pair...

Page 174: ...mode full duplex mode Current speed mode and duplex mode Link speed type is force link link duplex type is force link Link speed and duplex status force or auto negotiation Flow control is enabled St...

Page 175: ...em is not supported Input total 0 packets 0 bytes 0 broadcasts 0 multicasts pauses Count in packets and in bytes of total incoming traffic on the port including incoming normal packets abnormal packet...

Page 176: ...l packets including z Fragments CRC error frames of less than 64 bytes integer or non integer z Jabber frames CRC error frames of more than 1518 bytes if untagged or 1522 bytes if tagged integer or no...

Page 177: ...ut queue which is a rare hardware error buffer failures The number of packets dropped due to insufficient transmit buffer on the port aborts The number of transmission failures due to various reasons...

Page 178: ...red delay Related commands link delay Examples Display the information about the ports with the link delay command configured Sysname display link delay Interface Time Delay Ethernet1 0 5 8 1 1 7 disp...

Page 179: ...1 system Loopback detection is running Loopback detection is enabled globally Detection interval time is 30 seconds Time interval for loopback detection is 30 seconds There is no port existing loopba...

Page 180: ...face number begin exclude include regular expression View Any view Parameters interface type Port type interface number Port number Uses a regular expression to filter the output configuration informa...

Page 181: ...en the broadcast multicast unicast traffic exceeds the upper threshold which can be block or shutdown Status Current status of the port which can be normal or control Trap on trap information is outpu...

Page 182: ...k link duplex type is force link Flow control is enabled The Maximum Frame Length is 9216 Broadcast MAX pps 500 Unicast MAX ratio 100 Multicast MAX ratio 100 Allow jumbo frame to pass PVID 1 Mdi type...

Page 183: ...1 1 11 duplex Syntax duplex auto full half undo duplex View Ethernet port view Parameter auto Sets the port to auto negotiation mode full Sets the port to full duplex mode half Sets the port to half d...

Page 184: ...wn command or the undo shutdown command on Ethernet 1 0 1 and the system outputs Up Down log information of Ethernet 1 0 1 Sysname system view System View return to User View with Ctrl Z Sysname inter...

Page 185: ...onds When you use the display interface interface type interface number command to display the information of a port the system performs statistical analysis on the traffic flow passing through the po...

Page 186: ...emporarily the peer switch will stop sending packets to the local switch or reduce the sending rate temporarily when it receives the message and vice versa By this way packet loss is avoided and the n...

Page 187: ...ew Sysname system view System View return to User View with Ctrl Z Sysname interface Ethernet 1 0 1 Sysname Ethernet1 0 1 1 1 16 jumboframe enable Syntax jumboframe enable undo jumboframe enable View...

Page 188: ...is argument is in the range 2 to 10 in seconds Description Use the link delay command to set the port state change delay Use the undo link delay command to restore the default By default the port stat...

Page 189: ...hardware failures on the port internal Performs internal loop test In the internal loop test self loop is established in the switching chip to locate the chip failure which is related to the port Desc...

Page 190: ...remove the corresponding MAC forwarding entry After the loop is removed the port will automatically resume the normal forwarding state z With the function disabled on the trunk or hybrid port the syst...

Page 191: ...e access port the port will automatically resume the normal forwarding state after the loop is removed 2 If a loop is found on a trunk or hybrid port the system sends log messages to the terminal If y...

Page 192: ...interface list enable undo loopback detection interface list enable View System view Parameter interface list Ethernet port list in the form of interface list interface type interface number to interf...

Page 193: ...ime time undo loopback detection interval time View System view Parameter time Time interval for loopback detection in the range of 5 to 300 in seconds It is 30 seconds by default Description Use the...

Page 194: ...on the default VLAN of the trunk or hybrid port Note that the command is invalid for any access port Example Configure the system to run loopback detection on all VLANs of the trunk port Ethernet1 0 1...

Page 195: ...d the port is still in the normal forwarding state By default the loopback port auto shutdown function is enabled on ports if the device boots with the default configuration file config def if the dev...

Page 196: ...s operating in different MDI modes use a straight through cable Description Use the mdi command to set the MDI mode for a port Use the undo mdi command to restore the default setting By default a port...

Page 197: ...ceeds the traffic threshold you set the system drops the packets exceeding the threshold to reduce the unknown multicast and unknown unicast traffic ratio to the reasonable range so as to keep normal...

Page 198: ...and to remove specified Ethernet interface s from a port group By default a port group is empty that is there is no Ethernet interface in it Note A port can not be added to a port group if it has been...

Page 199: ...ls about the parameters see the parameter description of the interface command Description Use the reset counters interface command to clear the statistics of the port preparing for a new statistics c...

Page 200: ...wo ports forming a combo port The one in active state is currently enabled and the one in inactive state is currently disabled For the two ports forming a combo port executing the shutdown command on...

Page 201: ...et the speed of Ethernet 1 0 1 to 10 Mbps Sysname system view System View return to User View with Ctrl Z Sysname interface ethernet 1 0 1 Sysname Ethernet1 0 1 speed 10 1 1 32 storm constrain Syntax...

Page 202: ...System View return to User View with Ctrl Z Sysname interface Ethernet 1 0 1 Sysname Ethernet1 0 1 storm constrain broadcast 100 10 pps 1 1 33 storm constrain control Syntax storm constrain control b...

Page 203: ...can execute the undo shutdown command or the undo storm constrain all broadcast multicast command Related commands display storm constrain storm constrain Examples Set the control action on Ethernet...

Page 204: ...s below the lower threshold Sysname system view System View return to User View with Ctrl Z Sysname interface Ethernet 1 0 1 Sysname Ethernet1 0 1 undo storm constrain enable log 1 1 35 storm constrai...

Page 205: ...play the results The system can test these attributes of the cable Cable status including normal abnormal abnormal open abnormal short and failure Cable length Note z If the cable is in normal state t...

Page 206: ...ms that are currently not supported is displayed in the corresponding output fields Example Enable the system to test the cable connected to Ethernet1 0 1 Sysname system view System View return to Use...

Page 207: ...ands 1 1 1 1 1 display link aggregation interface 1 1 1 1 2 display link aggregation summary 1 2 1 1 3 display link aggregation verbose 1 3 1 1 4 display lacp system id 1 5 1 1 5 lacp enable 1 5 1 1 6...

Page 208: ...e interface number argument pairs around it as the two ends Description Use the display link aggregation interface command to display the link aggregation details about a specified port or port range...

Page 209: ...ation about the remote end System ID Remote device ID Port number Port number Received LACP Packets 0 packet s Illegal 0 packet s Sent LACP Packets 0 packet s Statistics about received invalid and sen...

Page 210: ...dynamic S for static and M for manual Loadsharing Type Load sharing type Shar for load sharing and NonS for non load sharing Actor ID Local device ID AL ID Aggregation group ID AL Type Aggregation gr...

Page 211: ...in the information about the peer ports displayed are all 0 instead of the actual values Example Display the details about aggregation group 1 Sysname display link aggregation verbose 1 Loadsharing Ty...

Page 212: ...AggregationType Aggregation group type System ID Device ID Port Status Port status including selected and unselected 1 1 4 display lacp system id Syntax display lacp system id View Any view Parameter...

Page 213: ...em View return to User View with Ctrl Z Sysname interface Ethernet1 0 1 Sysname Ethernet1 0 1 lacp enable 1 1 6 lacp port priority Syntax lacp port priority port priority undo lacp port priority View...

Page 214: ...acp system priority View System view Parameter system priority System priority ranging from 0 to 65 535 Description Use the lacp system priority command to set the system priority Use the undo lacp sy...

Page 215: ...fter system reboot the configuration concerning manual and static aggregation groups and their descriptions still exists but that of the dynamic aggregation groups and their descriptions gets lost You...

Page 216: ...roup 22 mode manual 1 1 10 port link aggregation group Syntax port link aggregation group agg id undo port link aggregation group View Ethernet port view Parameter agg id Aggregation group ID in the r...

Page 217: ...r View User view Parameter interface type Port type interface number Port number to Specifies a port index range with the two interface type interface number argument pairs around it as the two ends D...

Page 218: ...solation H3C S3100 Series Ethernet Switches Table of Contents i Table of Contents Chapter 1 Port Isolation Configuration Commands 1 1 1 1 Port Isolation Configuration Commands 1 1 1 1 1 display isolat...

Page 219: ...None Description Use the display isolate port command to display the Ethernet ports assigned to the isolation group Example Display information about the Ethernet ports added to the isolation group S...

Page 220: ...taneously removing a port from the aggregation group has no effect on the other ports That is the rest ports remain in the aggregation group and the isolation group z Ports that belong to an aggregati...

Page 221: ...ac address security 1 6 1 1 4 port security enable 1 7 1 1 5 port security intrusion mode 1 8 1 1 6 port security authorization ignore 1 11 1 1 7 port security max mac count 1 12 1 1 8 port security n...

Page 222: ...ber of matching security MAC addresses Description Use the display mac address security command to display security MAC address entries If no argument is specified the command displays information abo...

Page 223: ...security MAC address entries for VLAN 1 Sysname display mac address security vlan 1 MAC ADDR VLAN ID STATE PORT INDEX AGING TIME s 0000 0000 0001 1 Security Ethernet1 0 20 NOAGED 0000 0000 0002 1 Secu...

Page 224: ...h interface number2 taking a value greater than interface number1 The total number of individual ports and port ranges defined in the list must not exceed 10 Description Use the display port security...

Page 225: ...isplay the port security configurations of ports Ethernet 1 0 1 to Ethernet 1 0 3 Sysname display port security interface Ethernet 1 0 1 to Ethernet 1 0 3 Ethernet1 0 1 is link up Port mode is AutoLea...

Page 226: ...ding of MAC based authentication success trap messages is enabled RALM logoff trap is Enabled The sending of logoff trap messages for MAC based authenticated users is enabled RALM logfailure trap is E...

Page 227: ...ce type interface number Specify the port on which the security MAC address is to be added The interface type interface number arguments indicate the port type and port number vlan vlan id Specify the...

Page 228: ...rt security max mac count 100 Sysname Ethernet1 0 1 port security port mode autolearn Sysname Ethernet1 0 1 mac address security 0001 0001 0001 vlan 1 Use the display mac address interface command to...

Page 229: ...Enable port security Sysname system view System View return to User View with Ctrl Z Sysname port security enable Notice The port control of 802 1x will be restricted to auto when port security is en...

Page 230: ...ackets with invalid MAC addresses The following cases can trigger intrusion protection on a port z A packet with unknown source MAC address is received on the port while MAC address learning is disabl...

Page 231: ...num is 2 Stored mac address num is 2 Authorization is permit For description on the output information refer to Table 1 2 Configure the intrusion protection mode on Ethernet 1 0 1 as disableport temp...

Page 232: ...he authorization information delivered by the RADIUS server Use the undo port security authorization ignore command to restore the default configuration By default the port uses does not ignore the au...

Page 233: ...the port Use the undo port security max mac count command to cancel this limit By default there is no limit on the number of MAC addresses allowed on the port Note By configuring the maximum number o...

Page 234: ...ithbroadcasts Allows the port to transmit broadcast packets and unicast packets with successfully authenticated destination MAC addresses ntk withmulticasts Allows the port to transmit multicast packe...

Page 235: ...the system will take the first 24 bits as the OUI value and ignore the rest index value OUI index ranging from 1 to 16 Note The organizationally unique identifiers OUIs are assigned by the IEEE to di...

Page 236: ...t mode View Ethernet port view Parameters Table 1 3 shows the description on the security mode keywords Table 1 3 Keyword description Keyword Security mode Description autolearn autolearn In this mode...

Page 237: ...the macAddressElseUserLoginSecure mode except that in this mode there can be more than one 802 1x authenticated user on the port secure secure In this mode MAC address learning is disabled on the cur...

Page 238: ...d user on the port userlogin s ecure or ma c ext macAddressOr UserLoginSecu reExt This mode is similar to the macAddressOrUserLoginSecure mode except that in this mode there can be more than one 802 1...

Page 239: ...t mode command to change it back to noRestriction before you change the port security mode to other modes On a port configured with a security mode you cannot do the following z Configure the maximum...

Page 240: ...otection mode on Ethernet 1 0 1 to disableport temporarily It is required that when intrusion protection is triggered the port be shut down temporarily and then go up 30 seconds later Sysname system v...

Page 241: ...port security trap command to enable the sending of specified type s of trap messages Use the undo port security trap command to disable the sending of specified type s of trap messages By default th...

Page 242: ...splay port security Equipment port security is enabled Intrusion trap is Enabled Disableport Timeout 20 s OUI value Ethernet1 0 1 is link down Port mode is AutoLearn NeedtoKnow mode is needtoknowonly...

Page 243: ...ip addr ip address View System view Ethernet port view Parameters interface interface type interface number Specify the port to be bound The interface type interface number arguments specify the port...

Page 244: ...ess 10 153 1 2 supposing they are MAC and IP addresses of a legal user to Ethernet 1 0 2 Sysname system view System View return to User View with Ctrl Z Sysname interface Ethernet1 0 2 Sysname Etherne...

Page 245: ...s Sysname display am user bind Following User address bind have been configured Mac IP Port 00e0 fc00 5101 10 153 1 1 Ethernet1 0 1 00e0 fc00 5102 10 153 1 2 Ethernet1 0 2 Unit 1 Total 2 found 2 liste...

Page 246: ...ntents Chapter 1 DLDP Configuration Commands 1 1 1 1 DLDP Configuration Commands 1 1 1 1 1 display dldp 1 1 1 1 2 dldp 1 2 1 1 3 dldp authentication mode 1 3 1 1 4 dldp interval 1 4 1 1 5 dldp reset 1...

Page 247: ...ion Use the display dldp command to display the DLDP configuration of a unit or a port Example Display the DLDP configuration of unit 1 Sysname display dldp 1 dldp interval 10 dldp work mode enhance d...

Page 248: ...he port number of unit 1 with DLDP Number of the DLDP enabled ports on unit 1 interface GigabitEthernet1 1 1 Port type and port number dldp port state DLDP state of a port dldp link state DLDP link st...

Page 249: ...tead of those added subsequently Example Enable DLDP for all the optical ports of the switch Sysname system view System View return to User View with Ctrl Z Sysname dldp enable 1 1 3 dldp authenticati...

Page 250: ...tion mode and password are set on both the local port and the peer port Otherwise DLDP authentication fails z DLDP cannot work before DLDP authentication succeeds Related command dldp unidirectional s...

Page 251: ...n all the DLDP enabled ports z It is recommended that you set the interval shorter than one third of the STP convergence time usually 30 seconds If too long an interval is set an STP loop may occur be...

Page 252: ...unidirectional shutdown auto manual undo dldp unidirectional shutdown View System view Parameter auto Disables automatically the corresponding port when DLDP detects an unidirectional link or finds in...

Page 253: ...are aging normal Configures DLDP to work in normal mode In this mode DLDP does not detect whether neighbors exist when neighbor tables are aging Description Use the dldp work mode command to set the...

Page 254: ...own timer command to restore the default delaydown timer setting By default the DelayDown timer is set to 1 second A period of 5 seconds is recommended Note When a device in the active advertisement o...

Page 255: ...ss Table Management Configuration Commands 1 1 1 1 MAC Address Table Management Configuration Commands 1 1 1 1 1 display mac address aging time 1 1 1 1 2 display mac address 1 2 1 1 3 display port mac...

Page 256: ...Address Table Management Configuration Commands 1 1 1 display mac address aging time Syntax display mac address aging time View Any view Parameters None Description Use the display mac address aging...

Page 257: ...splays information about dynamic static or blackhole MAC address entries interface interface type interface number vlan vlan id count Displays information about the MAC address entries concerning a sp...

Page 258: ...TATE PORT INDEX AGING TIME s 000f e20f 0101 1 Learned Ethernet1 0 1 AGING Display the MAC address entries for the port Ethernet 1 0 4 Sysname display mac address interface Ethernet 1 0 4 MAC ADDR VLAN...

Page 259: ...entry PORT INDEX Outgoing port out of which the traffic destined for the MAC address should be sent AGING TIME s Indicates whether the MAC address entry is aging AGING indicates that the entry is agi...

Page 260: ...outgoing port by its type and number for the MAC address All traffic destined for the MAC address will be sent out the port vlan id Specifies a VLAN ID in the range of 1 to 4094 The VLAN must already...

Page 261: ...ttributes of the corresponding MAC address entry according to your settings in the command You can remove all unicast MAC address entries on a port or remove a specific type of MAC address entries suc...

Page 262: ...hout the number limitation By default no number limitation is set to the port for MAC address learning To prevent illegal devices from accessing the network through a port you can configure static MAC...

Page 263: ...mmand to set the MAC address aging timer Use the undo mac address timer command to restore the default The default MAC address aging timer is 300 seconds The timer applies only to dynamic address entr...

Page 264: ...rt mac View System view Parameters start mac address Start MAC address for the Ethernet ports on the switch in the format of H H H It must be a valid unicast address Description Use the port mac comma...

Page 265: ...p bpdu protection 1 16 1 1 15 stp bridge diameter 1 16 1 1 16 stp compliance 1 17 1 1 17 stp config digest snooping 1 19 1 1 18 stp cost 1 20 1 1 19 stp dot1d trap 1 21 1 1 20 stp edged port 1 23 1 1...

Page 266: ...7 1 1 42 stp portlog all 1 47 1 1 43 stp priority 1 48 1 1 44 stp region configuration 1 49 1 1 45 stp root primary 1 50 1 1 46 stp root secondary 1 51 1 1 47 stp root protection 1 52 1 1 48 stp tc pr...

Page 267: ...itter caused by the configuration multiple spanning tree protocol MSTP does not recalculate spanning trees immediately after the configuration it does this only after you activate the new MST region r...

Page 268: ...ives the BPDU packets it will forward them to other switches As a result STP calculation is performed repeatedly which may occupy too much CPU of the switches or cause errors in the protocol state of...

Page 269: ...region related parameters mentioned above are not consistent with those of another switch in the region The H3C series support only the MST region name VLAN to MSTI mapping table and revision level Sw...

Page 270: ...rface number to interface type interface number 1 10 where 1 10 means that you can provide up to 10 port indexes port index ranges for this argument slot slot number Specifies a slot whose STP related...

Page 271: ...BPDUs that the port can send the maximum transmitting speed type of the enabled guard function state of the digest snooping feature enabled or disabled VLAN mappings hello time max age forward delay M...

Page 272: ...2s MaxAge 20s FwDly 15s MaxHop 20 CIST Root ERPC 32768 000f cb00 6600 200 CIST RegRoot IRPC 32768 00e0 fc12 4001 0 CIST RootPortId 128 22 BPDU Protection disabled TC Protection enabled Threshold 6 Br...

Page 273: ...can remove the MAC address table and ARP entries within each 10 seconds Bridge Config Digest Snooping Indicates whether Digest Snooping is enabled globally on the bridge TC or TCN received Number of...

Page 274: ...indicates the configured value and Active indicates the actual value Port Config Digest Snooping Indicates whether digest snooping is enabled on the port Num of Vlans Mapped Number of VLANs mapped to...

Page 275: ...as been blocked Block Reason The function blocking the port 1 1 6 display stp portdown Syntax display stp portdown View Any view Parameters None Description Use the display stp portdown command to dis...

Page 276: ...pings configured for the switch Related commands stp region configuration Examples Display the configuration of the MST region Sysname display stp region configuration Oper Configuration Format select...

Page 277: ...Bridge ID ExtPathCost IntPathCost Root Port 0 32768 00e0 fc53 d908 0 200 Ethernet1 0 18 Table 1 7 Description on the fields of the display stp root command Field Description MSTID MSTI ID in the MST r...

Page 278: ...the undo instance command all VLANs that are mapped to the specified MSTI are remapped to the CIST By default all VLANs are mapped to the CIST VLAN to MSTI mappings are recorded in the VLAN to MSTI m...

Page 279: ...s to Related commands instance revision level check region configuration vlan mapping modulo active region configuration Examples Set the MST region name of the switch to hello Sysname system view Sys...

Page 280: ...cs on Ethernet 1 0 1 through Ethernet 1 0 3 Sysname reset stp interface Ethernet 1 0 1 to Ethernet 1 0 3 1 1 12 revision level Syntax revision level level undo revision level View MST region view Para...

Page 281: ...globally or on a port By default MSTP is disabled After MSTP is enabled the actual operating mode which can be STP compatible mode RSTP compatible mode or MSTP mode is determined by the user defined p...

Page 282: ...ts to implement rapid transition But they resume non edge ports automatically upon receiving configuration BPDUs which causes spanning trees recalculation and network topology jitter Normally no confi...

Page 283: ...he network diameter is 7 After you configure the network diameter of a switched network MSTP adjusts its hello time forward delay and max age settings accordingly With the network diameter set to the...

Page 284: ...automatically determines the format legacy or dot1s of received MSTP packets and then determines the format of the packets to be sent accordingly thus communicating with the peer devices z If the form...

Page 285: ...ame MST region by checking the configuration IDs of the BPDUs between them A configuration ID contains information such as region ID and configuration digest As some other manufacturers switches adopt...

Page 286: ...itch adopting proprietary spanning tree protocols must be configured with exactly the same MST region related configurations including region name revision level and VLAN to MSTI mapping z The digest...

Page 287: ...the specified MSTI By default a switch automatically calculates the path costs of a port in different MSTIs based on a specified standard If you specify the instance id argument to be 0 or do not spe...

Page 288: ...ation of spanning tree instances 0 to 16 to the network management device By default when the local switch becomes the regional root of a spanning tree instance in the range of 0 to 16 it sends newroo...

Page 289: ...h are non edge ports An edge port is a port that is directly connected to a user terminal instead of another switch or shared network segment Rapid transition to the forwarding state is applied to edg...

Page 290: ...Ethernet port list You can specify multiple Ethernet ports by providing this argument in the form of interface list interface type interface number to interface type interface number 1 10 where 1 10 m...

Page 291: ...nterface number to interface type interface number 1 10 where 1 10 means that you can provide up to 10 port indexes port index ranges for this argument auto Specifies the port to recognize and send MS...

Page 292: ...rt only recognizes and sends MSTP packets in legacy format In this case the port can only communicate with the peer through packets in legacy format z If packets in dot1s format are received the port...

Page 293: ...rmine whether or not they are in the same MST region by checking the configuration IDs of the BPDUs between them A configuration ID contains information such as region ID and configuration digest As s...

Page 294: ...exactly the same MST region related configurations including region name revision level and VLAN to MSTI mapping z The digest snooping feature must be enabled on all the switch ports that connect to a...

Page 295: ...ault value of the path cost s of the specified port s in the specified MSTI in system view By default a switch automatically calculates the path costs of a port in different MSTIs based on a specified...

Page 296: ...the specified Ethernet ports to the default state By default all Ethernet ports of a switch are non edge ports An edge port is a port that is directly connected to a user terminal instead of another s...

Page 297: ...ng this argument in the form of interface list interface type interface number to interface type interface number 1 10 where 1 10 means that you can provide up to 10 port indexes port index ranges for...

Page 298: ...rform the mCheck operation on specified port s in system view A port on an MSTP enabled switch migrates to the STP RSTP compatible mode automatically if an STP RSTP enabled switch has been connected t...

Page 299: ...tches to avoid this case When an H3C series switch running MSTP is connected in the upstream direction to a manufacture s switch adopting proprietary spanning tree protocols you can enable the rapid t...

Page 300: ...t ports are point to point links Description Use the stp interface point to point command to specify whether the links connected to the specified Ethernet ports are point to point links in system view...

Page 301: ...multiple Ethernet ports by providing this argument in the form of interface list interface type interface number to interface type interface number 1 10 where 1 10 means that you can provide up to 10...

Page 302: ...type interface number 1 10 where 1 10 means that you can provide up to 10 port indexes port index ranges for this argument Description Use the stp interface root protection command to enable the root...

Page 303: ...erface interface list transmit limit packetnum undo stp interface interface list transmit limit View System view Parameters interface list Ethernet port list You can specify multiple Ethernet ports by...

Page 304: ...meters None Description Use the stp loop protection command to enable the loop guard function on the current port Use the undo stp loop protection command to restore the loop guard function to the def...

Page 305: ...ount to the default By default the maximum hop count of an MST region is 20 The maximum hop count configured on the region roots of an MST region limits the size of the MST region A configuration BPDU...

Page 306: ...ed downstream switch is then replaced by an MSTP enabled switch the port cannot automatically transit to the MSTP mode but still remains in the STP compatible mode In this case you can force the port...

Page 307: ...TP compatible mode where the ports of a switch send STP BPDUs to neighboring devices If STP enabled switches exist in a switched network you can use the stp mode stp command to configure an MSTP enabl...

Page 308: ...d port fails to change their states rapidly The rapid transition feature aims to resolve this problem When an H3C series switch running MSTP is connected in the upstream direction to another manufactu...

Page 309: ...tandard View System view Parameters dot1d 1998 Uses the IEEE 802 1D 1998 standard to calculate the default path costs of ports dot1t Uses the IEEE 802 1t standard to calculate the default path costs o...

Page 310: ...ed link 2 ports Aggregated link 3 ports Aggregated link 4 ports 2 1 1 1 200 000 1 000 666 500 2 1 1 1 Normally when a port operates in full duplex mode the corresponding path cost is slightly less tha...

Page 311: ...k connected to the current Ethernet port to its default link type which is automatically determined by MSTP By default whether the link type of a port is point to point is automatically determined by...

Page 312: ...and 32 Description Use the stp port priority command to set the port priority of the current port in the specified MSTI Use the undo stp port priority command to restore the default port priority of t...

Page 313: ...lue of 0 indicates the CIST Description Use the stp portlog command to enable log and trap message output for the ports of a specified instance Use the undo stp portlog command to disable this functio...

Page 314: ...ance id priority priority undo stp instance instance id priority View System view Parameters instance id MSTI ID ranging from 0 to 16 The value of 0 refers to the CIST priority Switch priority to be s...

Page 315: ...scription Use the stp region configuration command to enter MST region view Use the undo stp region configuration command to restore the MST region related settings to the default MST region related p...

Page 316: ...and defaults to 200 Description Use the stp root primary command to configure the current switch as the root bridge of a specified MSTI Use the undo stp root command to cancel the current configurati...

Page 317: ...User View with Ctrl Z Sysname stp instance 1 root primary bridge diameter 4 hello time 500 1 1 46 stp root secondary Syntax stp instance instance id root secondary bridge diameter bridgenum hello tim...

Page 318: ...CIST You can configure only one root bridge for an MSTI but you can configure one or more secondary root bridges for an MSTI Once a switch is configured as the root bridge or a secondary root bridge i...

Page 319: ...ort and stops forwarding packets as if it is disconnected from the link Related commands stp interface root protection Examples Enable the root guard function on Ethernet 1 0 1 Sysname system view Sys...

Page 320: ...ntax stp tc protection threshold number undo stp tc protection threshold View System view Parameters number Maximum number of times that a switch can remove the MAC address table and ARP entries withi...

Page 321: ...able and ARP entries to 100 and the switch receives 200 TC BPDUs in the period the switch removes the MAC address table and ARP entries for only 100 times within the period Examples Set the maximum ti...

Page 322: ...that the three proper time related parameters are automatically calculated by MSTP Related commands stp timer hello stp timer max age stp bridge diameter Examples Set the forward delay to 2 000 centis...

Page 323: ...rameters are automatically calculated by MSTP Related commands stp timer forward delay stp timer max age stp bridge diameter Examples Set the hello time to 400 centiseconds Sysname system view System...

Page 324: ...automatically determined by MSTP Related commands stp timer forward delay stp timer hello stp bridge diameter Examples Set the max age to 1 000 centiseconds Sysname system view System View return to...

Page 325: ...p transmit limit packetnum undo stp transmit limit View Ethernet port view Parameters packetnum Maximum number of configuration BPDUs a port can transmit in each hello time This argument ranges from 1...

Page 326: ...a network are mapped to the CIST MSTI 0 MSTP uses a VLAN to MSTI mapping table to describe VLAN to MSTI mappings You can use this command to establish the VLAN to MSTI mapping table and map VLANs to M...

Page 327: ...ands 1 61 Related commands check region configuration revision level region name active region configuration Examples Map VLANs to MSTIs with the modulo being 16 Sysname system view System View return...

Page 328: ...1 igmp snooping querier 1 13 1 1 12 igmp snooping query interval 1 14 1 1 13 igmp snooping router aging time 1 15 1 1 14 igmp snooping version 1 15 1 1 15 igmp snooping vlan mapping 1 16 1 1 16 igmp h...

Page 329: ...tax display igmp snooping configuration View Any view Parameters None Description Use the display igmp snooping configuration command to display IGMP Snooping configuration information If IGMP Snoopin...

Page 330: ...snooping group Syntax display igmp snooping group vlan vlan id View Any view Parameters vlan vlan id Specifies the VLAN in which the multicast group information is to be displayed where vlan id range...

Page 331: ...mber of IP multicast groups in all VLANs Total 1 MAC Group s Total number of MAC multicast groups in all VLANs Vlan id ID of the VLAN whose multicast group information is displayed Total 1 IP Group s...

Page 332: ...the device makes statistics of IGMPv3 messages as IGMPv2 messages Related commands igmp snooping Examples Display IGMP Snooping statistics Sysname display igmp snooping statistics Received IGMP genera...

Page 333: ...isabled Caution z Before enabling IGMP Snooping in a VLAN be sure to enable IGMP Snooping globally in system view otherwise the IGMP Snooping setting will not take effect z If IGMP Snooping and VLAN V...

Page 334: ...ched to the port runs IGMPv2 or IGMPv3 z The configuration performed in system view takes effect on all ports of the switch if no VLAN is specified if one or more VLANs are specified the configuration...

Page 335: ...can be any legal IP address Description Use the igmp snooping general query source ip command to configure the source address of IGMP general queries Use the undo igmp snooping general query source i...

Page 336: ...VLAN IDs in the form of vlan id and or one or more VLAN ID ranges in the form of vlan id1 to vlan id2 where vlan id2 must be greater than vlan id1 The effective range for a VLAN ID is 1 to 4094 and t...

Page 337: ...icast groups Sysname system view System View return to User View with Ctrl Z Sysname interface Ethernet 1 0 1 Sysname Ethernet1 0 1 igmp snooping group limit 200 vlan 2 1 1 8 igmp snooping group polic...

Page 338: ...a port blocked by this function z The configuration performed in system view takes effect on all ports of the switch if no VLAN is specified if one or more VLANs are specified the configuration takes...

Page 339: ...re ACL 2001 on Ethernet1 0 2 to it to join any IGMP multicast groups except those defined in the deny rule of ACL 2001 Sysname interface Ethernet 1 0 2 Sysname Ethernet1 0 2 igmp snooping group policy...

Page 340: ...With this function enabled unknown multicast packets are passed to the router ports of the switch rather than being flooded in the VLAN Use the undo igmp snooping nonflooding enable command to disabl...

Page 341: ...cast drop enable multicast source deny display multicast source deny Examples Enable IGMP Snooping non flooding after you enable IGMP Snooping globally and disable both port stacking and unknown multi...

Page 342: ...terval ranging from 1 to 300 in seconds Description Use the igmp snooping query interval command to configure the IGMP query interval namely the interval at which the switch sends IGMP general queries...

Page 343: ...in seconds Description Use the igmp snooping router aging time command to configure the aging time of router ports Use the undo igmp snooping router aging time command to restore the default aging tim...

Page 344: ...version to version 3 in VLAN 100 Sysname system view System View return to User View with Ctrl Z Sysname igmp snooping enable Enable IGMP Snooping ok Sysname vlan 100 Sysname vlan100 igmp snooping ena...

Page 345: ...the multicast group to join source address Address of the multicast source to join You can specify a multicast source address only when IGMPv3 Snooping is running in a VLAN vlan vlan id ID of the VLA...

Page 346: ...on 3 Sysname vlan1 quit Sysname interface Ethernet 1 0 1 Sysname Ethernet 1 0 1 igmp host join 225 0 0 1 source ip 1 1 1 1 vlan 10 1 1 17 multicast static group interface Syntax multicast static group...

Page 347: ...as static members ports for multicast group 225 0 0 1 Sysname system view System View return to User View with Ctrl Z Sysname interface Vlan interface 1 Sysname Vlan interface1 multicast static group...

Page 348: ...uter port interface type interface number View VLAN view Parameters interface type interface number Specifies a port by its type and number Description Use the multicast static router port command to...

Page 349: ...specified VLAN as a static router port By default the static router port function is disabled Examples Configure Ethernet 1 0 1 in VLAN 10 as a static router port Sysname system view System View retur...

Page 350: ...nly within the multicast VLAN In addition because the multicast VLAN is isolated from user VLANs this method also enhances the information security Note z One port belongs to only one multicast VLAN z...

Page 351: ...100 Series Ethernet Switches Chapter 1 IGMP Snooping Configuration Commands 1 23 Examples Configure VLAN 2 as a multicast VLAN Sysname system view System View return to User View with Ctrl Z Sysname v...

Page 352: ...n id Displays the static multicast MAC entry information in the specified VLAN Without a VLAN specified this command displays the static multicast MAC entry information in all VLANs count Displays the...

Page 353: ...interface interface type interface number View Any view Parameters interface type Port type interface number Port number Description Use the display multicast source deny command to display the multic...

Page 354: ...here interface number2 must be greater than interface number1 The total number of individual ports plus port ranges cannot exceed 10 For port types and port numbers refer to the parameter description...

Page 355: ...port Use the undo mac address multicast vlan command to remove the specified multicast MAC address entry or all multicast MAC address entries on the current port Each multicast MAC address entry conta...

Page 356: ...icast source port suppression feature enabled on a port the port drops all multicast data packets while it permits multicast protocol packets to pass This feature is useful for rejecting multicast tra...

Page 357: ...one Description Use the unknown multicast drop enable command to enable the function of dropping unknown multicast packets Use the undo unknown multicast drop enable command to disable the function of...

Page 358: ...ax 1 16 1 1 14 dot1x re authenticate 1 17 1 1 15 dot1x supp proxy check 1 18 1 1 16 dot1x timer 1 20 1 1 17 dot1x timer reauth period 1 22 1 1 18 dot1x version check 1 23 1 1 19 reset dot1x statistics...

Page 359: ...m Guard H3C S3100 Series Ethernet Switches Table of Contents ii 4 1 2 display system guard state 4 2 4 1 3 system guard detect threshold 4 3 4 1 4 system guard enable 4 3 4 1 5 system guard permit 4 4...

Page 360: ...he type of an Ethernet port and interface number is the number of the port The string 1 10 means that up to 10 port lists can be provided Description Use the display dot1x command to display 802 1x re...

Page 361: ...0 255 255 255 0 Acl timeout 30 m Total maximum 802 1x user resource number is 1024 Total current used 802 1x resource number is 1 Ethernet1 0 1 is link up 802 1X protocol is enabled Proxy trap checke...

Page 362: ...that a supplicant system logs in through a proxy Proxy logoff checker is disabled Whether or not to disconnect a supplicant system when detecting it logs in through a proxy z Disable means the switch...

Page 363: ...ystem logs in through a proxy z Enable means the switch sends Trap packets when it detects that a supplicant system logs in through a proxy Proxy logoff checker is disabled Whether or not to disconnec...

Page 364: ...g 1 10 means that up to 10 port lists can be provided Description Use the dot1x command to enable 802 1x globally or for specified Ethernet ports Use the undo dot1x command to disable 802 1x globally...

Page 365: ...a port has been added to an aggregation group it is prohibited to enable 802 1x for the port Related command display dot1x Example Enable 802 1x for Ethernet1 0 1 port Sysname system view System View...

Page 366: ...ion a switch authenticates supplicant systems by encapsulating 802 1x authentication information in EAP packets and sending the packets to the RADIUS server instead of converting the packets into RADI...

Page 367: ...supplicant system when it applies for a dynamic IP address through DHCP Sysname system view System View return to User View with Ctrl Z Sysname dot1x dhcp launch 1 1 5 dot1x guest vlan Syntax dot1x gu...

Page 368: ...ese two commands apply to the specified ports In Ethernet port view the interface list argument is not available and these two commands apply to only the current Ethernet port Caution z The Guest VLAN...

Page 369: ...king function first z Handshaking packets need the support of the H3C proprietary client They are used to test whether or not a user is online z As clients that are not of H3C do not support the onlin...

Page 370: ...cure function to take effect the clients that enable the function need to cooperate with the authentication server If either the clients or the authentication server does not support the function disa...

Page 371: ...de the interface list argument these two commands apply to all the ports of the switch z If you specify the interface list argument these two commands apply to the specified ports In Ethernet port vie...

Page 372: ...type specifies the type of an Ethernet port and interface number is the number of the port The string 1 10 means that up to 10 port lists can be provided Description Use the dot1x port control comman...

Page 373: ...ault access control method By default the access control method is macbased This command specifies the way in which the users are authenticated z If you specify to authenticate users by MAC addresses...

Page 374: ...11 dot1x quiet period Syntax dot1x quiet period undo dot1x quiet period View System view Parameter None Description Use the dot1x quiet period command to enable the quiet period timer Use the undo dot...

Page 375: ...on request packets to a user for up to 2 times After a switch sends an authentication request packet to a user it sends another authentication request packet if it does not receive response from the u...

Page 376: ...er after a specific period of time as determined by the client version request timer When the number set by this command has reached and there is still no response from the user the switch continues t...

Page 377: ...is command will enable 802 1x re authentication on all ports z If you specify the interface list argument the command will enable 802 1x on the specified ports In Ethernet port view the interface list...

Page 378: ...roxy check command to disable 802 1x proxy checking for specified ports By default 802 1x proxy checking is disabled on all Ethernet ports In system view z If you do not specify the interface list arg...

Page 379: ...fter the user passes the authentication Note z The 802 1x proxy checking function needs the cooperation of H3C s 802 1x client program z The proxy checking function takes effect only after the client...

Page 380: ...quiet period the switch does not perform any 802 1x authentication related actions for the supplicant system The quiet period value argument ranges from 10 to 120 in seconds By default the quiet perio...

Page 381: ...sends another version request packet if it does receive version response packets from the supplicant system when the timer expires The ver period value argument ranges from 1 to 30 in seconds By defa...

Page 382: ...econds Example Set the 802 1x re authentication interval to 150 seconds Sysname system view System View return to User View with Ctrl Z Sysname dot1x timer reauth period 150 1 1 18 dot1x version check...

Page 383: ...ystem View return to User View with Ctrl Z Sysname interface Ethernet 1 0 1 Sysname Ethernet1 0 1 dot1x version check 1 1 19 reset dot1x statistics Syntax reset dot1x statistics interface interface li...

Page 384: ...r 1 802 1x Configuration Commands 1 25 If the interface list argument is specified this command clears the 802 1x statistics on the specified ports Related command display dot1x Example Clear 802 1x s...

Page 385: ...ddress in dotted decimal notation mask length Length of the subnet mask of the free IP address in the range 0 to 32 Description Use the dot1x free ip command to configure a free IP range A free IP ran...

Page 386: ...ot1x timer acl timeout command to configure the ACL timeout period Use the undo dot1x timer acl timeout command to restore the default By default the ACL timeout period is 30 minutes Related commands...

Page 387: ...ion Commands 2 3 Use the undo dot1x url command to remove the configuration By default no URL is configured for HTTP redirection Related commands dot1x configuration commands Examples Configure the UR...

Page 388: ...ABP configuration and status Sysname display habp Global HABP information HABP Mode Server Sending HABP request packets every 20 seconds Bypass VLAN 2 Table 3 1 Description on the fields of the displa...

Page 389: ...ained by HABP Sysname display habp table MAC Holdtime Receive Port 001f 3c00 0030 53 Ethernet1 0 1 Table 3 2 Description on the fields of the display habp table command Field Description MAC MAC addre...

Page 390: ...the display habp traffic command Field Description Packets output Number of the HABP packets sent Input Number of the HABP packets received ID error Number of the HABP packets with ID errors Type erro...

Page 391: ...nging from 1 to 4094 Description Use the habp server vlan command to configure a switch to operate as an HABP server This command also specifies the VLAN where HABP packets are broadcast Use the undo...

Page 392: ...rom 5 to 600 Description Use the habp timer command to set the interval for a switch to send HABP request packets Use the undo habp timer command to revert to the default interval The default interval...

Page 393: ...rameter None Description Use the display system guard attack record command to display the record of detected attacks Example Display the record of detected attacks Sysname display system guard attack...

Page 394: ...er None Description Use the display system guard state command to display the state of the system guard feature Related command system guard enable system guard detect threshold and system guard timer...

Page 395: ...ckets when an attack is detected in the range of 200 to 1 000 Description Use the system guard detect threshold command to set the threshold for the number of packets when an attack is detected When t...

Page 396: ...d permit Syntax system guard permit interface list undo system guard permit interface list View System view Parameter permit Specifies the ports to which with the system guard function is to be applie...

Page 397: ...1 0 1 to Ethernet 1 0 10 4 1 6 system guard timer interval Syntax system guard timer interval isolate timer undo system guard timer interval View System view Parameter isolate timer Length of the iso...

Page 398: ...1 14 1 1 13 domain 1 15 1 1 14 domain delimiter 1 17 1 1 15 idle cut 1 18 1 1 16 level 1 18 1 1 17 local user 1 19 1 1 18 local user password display mode 1 21 1 1 19 messenger 1 21 1 1 20 name 1 22...

Page 399: ...1 57 1 2 26 server type 1 58 1 2 27 state 1 59 1 2 28 stop accounting buffer enable 1 60 1 2 29 timer 1 61 1 2 30 timer quiet 1 62 1 2 31 timer realtime accounting 1 63 1 2 32 timer response timeout...

Page 400: ...ches Table of Contents iii 1 3 17 timer quiet 1 79 1 3 18 timer realtime accounting 1 80 1 3 19 timer response timeout 1 81 1 3 20 user name format 1 81 Chapter 2 EAD Configuration Commands 2 1 2 1 EA...

Page 401: ...argument ranges from 1 to 2 072 Description Use the access limit command to set the maximum number of access users that can be contained in current ISP domain Use the undo access limit command to rest...

Page 402: ...an accounting scheme for current ISP domain Use the undo accounting command to cancel the accounting scheme configuration for current ISP domain By default no separate accounting scheme is configured...

Page 403: ...hat z If the system does not find any available accounting server or fails to communicate with any accounting server when it performs accounting for an online user it will not disconnect the user as l...

Page 404: ...fies to which VLAN the user belongs Here vlan id is an integer ranging from 1 to 4094 location Sets the port binding attribute of the user nas ip ip address Sets the IP address of an access server so...

Page 405: ...undo authentication View ISP domain view Parameters radius scheme radius scheme name Specifies to use a RADIUS authentication scheme Here radius scheme name is a string of up to 32 characters hwtacac...

Page 406: ...entication scheme z If you execute the authentication none command no authentication will be performed z The authentication command takes precedence over the scheme command If the authentication comma...

Page 407: ...execute the authentication super command to specify a HWTACACS authentication scheme for user level switching the HWTACACS scheme must exist Note The S3100 series switches adopt hierarchical protecti...

Page 408: ...Use the authorization command to configure an authorization scheme for current ISP domain Use the undo authorization command to restore the default authorization scheme setting of the ISP domain By de...

Page 409: ...LAN Use the undo authorization vlan command to remove the configuration By default no authorized VLAN is specified for a local user Note For local RADIUS authentication to take effect the VLAN assignm...

Page 410: ...ius scheme radius scheme name Cuts down all user connections using a specified RADIUS scheme Here radius scheme name is a string of up to 32 characters vlan vlan id Cuts down all user connections of a...

Page 411: ...of H H H radius scheme radius scheme name Displays all user connections using a specified RADIUS scheme Here radius scheme name is a string of up to 32 characters hwtacacs scheme hwtacacs scheme name...

Page 412: ...Auth CHAP Port Ether Port NO 0x10003001 Initial VLAN 1 Authorization VLAN 1 ACL Group Disable CAR Disable Priority Disable Start 2000 04 03 02 51 53 Current 2000 04 03 02 52 22 Online 00h00m29s On Un...

Page 413: ...ption on the fields of the display domain command Field Description Domain Domain name State Status of the domain which can be active or block Scheme AAA scheme that the domain uses Access Limit Maxim...

Page 414: ...lays the local users belonging to a specified VLAN Here vlan id ranges from 1 to 4094 service type Displays the local users of a specified type You can specify one of the following user types ftp lan...

Page 415: ...able 1 3 Description on the fields of the display local user command Field Description State Status of the local user ServiceType Mask Service type mask T means Telnet service S means SSH service C me...

Page 416: ...domain and enter its view or enter the view of an existing ISP domain or configure the default ISP domain Use the undo domain command to delete a specified ISP domain The ISP domain system is used as...

Page 417: ...tween the username and the ISP domain name Use the undo domain delimiter command to restore the delimiter form to the default setting By default the character is used as the delimiter between the user...

Page 418: ...ss than the specified amount the system will disconnect the user By default this function is disabled Note that if the authentication server assigns the idle cut settings the assigned ones take preced...

Page 419: ...the configured authentication method is none or password authentication the command level that a user can access after login is determined by the level of the user interface z If the configured authen...

Page 420: ...ocal users service type Specifies the local users of a specified type You can specify one of the following user types ftp lan access generally this type of users are Ethernet access users for example...

Page 421: ...the password display mode of all local users Use the undo local user password display mode command to restore the default password display mode of all local users By default the password display mode...

Page 422: ...command to restore the messenger function to its default state By default the messenger function is disabled on the switch The purpose of this function is to remind online users of their remaining onl...

Page 423: ...Syntax password simple cipher password undo password View Local user view Parameters simple Specifies the password in plain text cipher Specifies the password in cipher text password Password to be se...

Page 424: ...reats it as a password in plain text Related commands display local user Examples Set the password of user1 to 20030422 and specify to display the password in plain text Sysname system view System Vie...

Page 425: ...of a HWTACACS scheme a string of up to 32 characters local Specifies to use local authentication none Specifies not to perform authentication Description Use the scheme command to configure an AAA sch...

Page 426: ...be used to specify the RADIUS scheme to be quoted for the ISP domain Their functions are the same and the system takes the latest configuration Related commands radius scheme display domain Examples...

Page 427: ...example IE or Netscape and locates the URL page used to change user password on the self service server Then the user can change the password z A user can choose the change user password option on the...

Page 428: ...specified types of services By default a user is inhibited from accessing any type of service You may user the display local user command to view the types of services that a user is authorized to ac...

Page 429: ...is already online Related commands domain local user You may use the display domain command or the display local user command to view the status information Examples Set the ISP domain aabbcc net to...

Page 430: ...Then upon receiving an integer ID assigned by the RADIUS authentication server the switch adds the port to the VLAN whose VLAN ID is equal to the assigned integer ID If no such a VLAN exists the switc...

Page 431: ...irst regards it as an integer VLAN ID the switch transforms the string to an integer value and judges if the value is in the valid VLAN ID range if it is the switch adds the authenticated port to the...

Page 432: ...accounting is not needed z This configuration takes effect only on the ISP domains using this RADIUS scheme z If you configure the accounting optional command in ISP domain view it is effective to al...

Page 433: ...rver to log out its users The following gives the operations after the switch restarts 1 The switch generates an Accounting On message which mainly contains the following information NAS ID NAS IP add...

Page 434: ...Sysname radius radius1 accounting on enable 1 2 3 calling station id mode Syntax calling station id mode mode1 mode2 lowercase uppercase undo calling station id mode View RADIUS scheme view Parameter...

Page 435: ...yte or mega byte packet Sets the packet unit of outgoing RADIUS flows which can be one packet giga packet kilo packet or mega packet Description Use the data flow format command to set the units of RA...

Page 436: ...al server statistics command to display the RADIUS message statistics about local RADIUS server Related commands local server Examples Display the RADIUS message statistics about local RADIUS server S...

Page 437: ...configured Acct Server Encryption Key Not configured Accounting method required Accounting On packet enable send times 15 interval 3s TimeOutValue in second 3 RetryTimes 3 RealtimeACCT in minute 12 P...

Page 438: ...ond RADIUS server response timeout time RetryTimes Maximum number of transmission attempts of a RADIUS request RealtimeACCT in minute Real time accounting interval in minutes Permitted send realtime P...

Page 439: ...stics state statistic total 1048 DEAD 1048 AuthProc 0 AuthSucc 0 AcctStart 0 RLTSend 0 RLTWait 0 AcctStop 0 OnLine 0 Stop 0 StateErr 0 Received and Sent packets statistic Unit 1 Sent PKT total 0 Recei...

Page 440: ...iscarded No response acct stop packet for buffer overflow 0 1 2 8 display stop accounting buffer Syntax display stop accounting buffer radius scheme radius scheme name session id session id time range...

Page 441: ...ge to display those generated within the specified time range The displayed information helps you diagnose and resolve RADIUS problems z If the switch gets no response in a specified time period after...

Page 442: ...m each other by using the shared keys that have been set on them and can accept and respond to the messages only when both parties have same shared key z The authentication authorization shared key an...

Page 443: ...te RADIUS authentication authorization and accounting services the switch can act as a local RADIUS server to provide simple RADIUS server functions locally For the switch to act as a local server you...

Page 444: ...med locally The default share key is null Note that z The message encryption key set by the local server nas ip ip address key password command must be identical with the authentication authorization...

Page 445: ...scheme view has the same function as the radius nas ip command in system view and the configuration in RADIUS scheme view takes precedence over that in system view You can set the source IP address o...

Page 446: ...ing server which are 0 0 0 0 and 1813 respectively In the system default RADIUS scheme system the default IP address of the primary accounting server is 127 0 0 1 and the default UDP port number is 16...

Page 447: ...ary authentication authorization server is 0 0 0 0 and the default UDP port number is 1812 Note that z After creating a new RADIUS scheme you should configure the IP address and UDP port number of eac...

Page 448: ...ntication and accounting ports are enabled If you want to use the switch as a RADIUS client you need to ensure that the ports for RADIUS authentication and accounting are open Otherwise you can disabl...

Page 449: ...in RADIUS scheme view takes precedence over that in system view Note that z You can set the source IP address of outgoing RADIUS messages to avoid messages returned from RADIUS server from being unabl...

Page 450: ...and the parameters required for the RADIUS client to interact with the RADIUS servers You should first create a RADIUS scheme and enter its view before performing RADIUS protocol configurations z A R...

Page 451: ...radius trap command to disable the switch from sending trap messages when a RADIUS authentication server or a RADIUS accounting server turns down By default this function is disabled This configuratio...

Page 452: ...ers that does not contain any of the following characters session id session id Deletes the buffered stop accounting requests of a specified session Here session id is a session ID which is a string o...

Page 453: ...to set the maximum number of transmission attempts of a RADIUS request Use the undo retry command to restore the default maximum number of transmission attempts By default the maximum number of RADIU...

Page 454: ...o retry realtime accounting command to restore the default maximum number of continuous real time accounting failures By default the maximum number of continuous real time accounting failures is five...

Page 455: ...s an accounting request every 12 minutes if the switch does not receive a response within 3 seconds after it sends out the accounting request it resends the request if the switch continuously sends th...

Page 456: ...uch a request the switch should first buffer the request on itself and then retransmit the request to the RADIUS accounting server until it gets a response or the maximum number of transmission attemp...

Page 457: ...sname radius scheme radius1 New Radius scheme Sysname radius radius1 secondary accounting 10 110 1 1 1813 1 2 25 secondary authentication Syntax secondary authentication ip address port number undo se...

Page 458: ...that is use the procedure and message format of private RADIUS protocol to interact with an H3C s RADIUS server standard Specifies to support standard RADIUS server that is use the procedure and mess...

Page 459: ...me are in the block state the primary RADIUS servers in the default RADIUS scheme system are in the active state and the secondary RADIUS servers in system are in the block state For the primary and s...

Page 460: ...nd to enable the switch to buffer the stop accounting requests that get no response Use the undo stop accounting buffer enable command to disable the switch from buffering the stop accounting requests...

Page 461: ...the default response timeout timer of RADIUS servers By default the response timeout time of RADIUS servers is 3 seconds Note that z After sending out a RADIUS request authentication authorization req...

Page 462: ...tes Wait time before primary server state restoration ranging from 1 to 255 minutes Description Use the timer quiet command to set the time that the switch waits before it tries to re communicate with...

Page 463: ...t which users are charged in real time you can set the real time accounting interval After the setting the switch periodically sends online users accounting information to the RADIUS server at the set...

Page 464: ...me of RADIUS servers By default the response timeout time of RADIUS servers is 3 seconds Note that z After sending out a RADIUS request authentication authorization request or accounting request to a...

Page 465: ...tem the usernames sent to RADIUS servers in any RADIUS scheme carry ISP domain names Note that z Generally an access user is named in the userid isp name format Here isp name behind the character repr...

Page 466: ...flow format Syntax data flow format data byte giga byte kilo byte mega byte data flow format packet giga packet kilo packet mega packet one packet undo data flow format data packet View HWTACACS schem...

Page 467: ...s scheme name HWTACACS scheme name a string of 1 to 32 characters This name is case insensitive If this argument is not specified the system displays information about all HWTACACS schemes statistics...

Page 468: ...t 1 3 3 display stop accounting buffer Syntax display stop accounting buffer hwtacacs scheme hwtacacs scheme name View Any view Parameters hwtacacs scheme hwtacacs scheme name Displays the buffered st...

Page 469: ...ress Note that z You can specify the source address of outgoing HWTACACS messages to avoid messages returned from server from being unable to reach their destination due to physical interface trouble...

Page 470: ...ith Ctrl Z Sysname hwtacacs scheme hwt1 Sysname hwtacacs hwt1 1 3 6 key Syntax key accounting authentication authorization string undo key accounting authentication authorization View HWTACACS scheme...

Page 471: ...Description Use the nas ip command to set the source address of outgoing HWTACACS messages Use the undo nas ip command to restore the default setting Note that z You can set the source address of HWT...

Page 472: ...rrent scheme Use the undo primary accounting command to restore the default IP address and port number of the primary HWTACACS accounting server which are 0 0 0 0 and 49 respectively Note that z You a...

Page 473: ...ress and port number of the primary HWTACACS authentication server which are 0 0 0 0 and 49 respectively Note that z You are not allowed to set the same IP address for both primary and secondary authe...

Page 474: ...ively Note that z You are not allowed to set the same IP address for both primary and secondary authorization servers If you do this your setting will fail z If you re execute the command the new sett...

Page 475: ...hwtacacs scheme name View User view Parameters hwtacacs scheme hwtacacs scheme name Deletes the buffered stop accounting requests of a specified HWTACACS scheme Here hwtacacs scheme name is the name...

Page 476: ...he maximum number of transmission attempts is 100 Related commands reset stop accounting buffer hwtacacs scheme display stop accounting buffer Examples Enable the stop accounting request retransmissio...

Page 477: ...o the server Examples Set the IP address and UDP port number of the secondary accounting server for HWTACACS scheme hwt1 to 10 163 155 12 and 49 respectively Sysname system view System View return to...

Page 478: ...rn to User View with Ctrl Z Sysname hwtacacs scheme hwt1 Sysname hwtacacs hwt1 secondary authentication 10 163 155 13 49 1 3 16 secondary authorization Syntax secondary authorization ip address port u...

Page 479: ...cs hwt1 secondary authorization 10 163 155 13 49 1 3 17 timer quiet Syntax timer quiet minutes undo timer quiet View HWTACACS scheme view Parameters minutes Wait time before primary server state resto...

Page 480: ...rs are charged in real time you can set the real time accounting interval After the setting the switch periodically sends online users accounting information to TACACS accounting server at the set int...

Page 481: ...out command to set the response timeout time of TACACS servers Use the undo timer response timeout command to restore the default response timeout time of TACACS servers By default the response timeou...

Page 482: ...s cannot accept the usernames that carry ISP domain names In this case it is necessary to remove domain names from usernames before sending usernames to TACACS server For this reason the user name for...

Page 483: ...cy server Use the undo security policy server command to remove one specified or all security policy server address settings You can configure up to eight security policy server addresses in each RADI...

Page 484: ...Command Manual For Soliton AAA H3C S3100 Series Ethernet Switches Chapter 2 EAD Configuration Commands 2 2 security policy server 192 168 0 1 user name format without domain...

Page 485: ...1 4 mac authentication authmode usernameasmacaddress 1 6 1 1 5 mac authentication authmode usernamefixed 1 7 1 1 6 mac authentication authpassword 1 7 1 1 7 mac authentication authusername 1 8 1 1 8...

Page 486: ...ace number to interface type interface number 1 10 where 1 10 means that you can provide up to 10 port indexes port index ranges for this argument Description Use the display mac authentication comman...

Page 487: ...ication z UsernameAsMacAddress Uses the MAC address of a user as the username for authentication The default is the MAC address UsernameAsMacAddress Fixed password Meaning of this field varies by the...

Page 488: ...he switch sets the user to be in quiet state During quiet period the switch does not process the authentication request of this user Ethernet1 0 1 is link up The link connected to Ethernet1 0 1 port i...

Page 489: ...being executed in system view the mac authentication command enables MAC address authentication globally When being executed in Ethernet port view the mac authentication command enables MAC address au...

Page 490: ...AC address authentication for on the specified port s Use the undo mac authentication interface command to disable the MAC address authentication for the specified port s By default MAC address authen...

Page 491: ...02 e3 without hyphen Uses MAC addresses without hyphens as usernames and passwords for example 0005e01c02e3 lowercase Uses lowercase MAC addresses as usernames and passwords uppercase Uses uppercase M...

Page 492: ...Use the mac authentication authmode usernamefixed command to set the user name in fixed mode for MAC address authentication Use the undo mac authentication authmode command to restore the default user...

Page 493: ...w return to User View with Ctrl Z Sysname mac authentication authpassword newmac 1 1 7 mac authentication authusername Syntax mac authentication authusername username undo mac authentication authusern...

Page 494: ...re an ISP domain for MAC address authentication Use the undo mac authentication domain command to restore the default ISP domain for MAC address authentication By default no domain for MAC address aut...

Page 495: ...ntication the switch prohibits a user from accessing the network if the connection between the switch and the RADIUS server times out Description Use the mac authentication timer command to configure...

Page 496: ...ac authentication guest vlan vlan id undo mac authentication guest vlan View Ethernet port view Parameters vlan id ID of the guest VLAN configured for the current port This argument is in the range of...

Page 497: ...est VLAN can be configured for a port and the VLAN configured as the Guest VLAN must be an existing VLAN Otherwise the Guest VLAN configuration does not take effect If you want to change the Guest VLA...

Page 498: ...return to User View with Ctrl Z Sysname interface Ethernet 1 0 1 Sysname Ethernet1 0 1 mac authenticiaon intrusion mode block mac enable 1 2 3 mac authentication max auth num Syntax mac authenticatio...

Page 499: ...on z You cannot configure the maximum number of MAC address authentication users for a port if any user connected to this port is online Examples Set the maximum number of MAC address authentication u...

Page 500: ...gured for it Use the undo mac authentication timer guest vlan reauth command to restore the re authentication interval to the default value The switch re authenticates the users in guest VLANs at the...

Page 501: ...detection trust 1 3 1 1 5 arp protective down recover enable 1 3 1 1 6 arp protective down recover interval 1 4 1 1 7 arp rate limit 1 5 1 1 8 arp rate limit enable 1 6 1 1 9 arp restricted forwarding...

Page 502: ...tem view Parameters None Description Use the arp anti attack valid check enable command to enable ARP source MAC address consistency check Use the undo arp anti attack valid check enable command to di...

Page 503: ...e ARP entry checking function Sysname system view System View return to User View with Ctrl Z Sysname undo arp check enable 1 1 3 arp detection enable Syntax arp detection enable undo arp detection en...

Page 504: ...he arp detection trust command to specify the current port as a trusted port that is ARP packets received on this port are regarded as legal ARP packets and will not be checked Use the undo arp detect...

Page 505: ...ion is disabled Examples Enable the port state auto recovery function of the switch Sysname system view System View return to User View with Ctrl Z Sysname arp protective down recover enable 1 1 6 arp...

Page 506: ...overy interval to 30 seconds Sysname system view System View return to User View with Ctrl Z Sysname arp protective down recover enable Sysname arp protective down recover interval 30 1 1 7 arp rate l...

Page 507: ...ription Use the arp rate limit enable command to enable the ARP packet rate limit function on the port that is to limit the rate of ARP packets passing through the port If a rate the maximum ARP packe...

Page 508: ...o the MAC addresses in the packets or through trusted ports if the MAC address table contains no such destination MAC addresses Use the undo arp restricted forwarding enable command to disable ARP res...

Page 509: ...at z Static ARP entries are valid as long as the Ethernet switch operates normally But some operations such as removing a VLAN or removing a port from a VLAN will make the corresponding ARP entries in...

Page 510: ...elated commands display arp timer aging Examples Configure the aging time to be 10 minutes for dynamic ARP entries Sysname system view System View return to User View with Ctrl Z Sysname arp timer agi...

Page 511: ...17 000d 88f6 379c 1 Ethernet1 0 2 17 D 192 168 0 115 000d 88f7 9f7d 1 Ethernet1 0 2 18 D 192 168 0 43 000c 760a 172d 1 Ethernet1 0 2 18 D 192 168 0 33 000d 88f6 44ba 1 Ethernet1 0 2 20 D 192 168 0 35...

Page 512: ...case sensitive character string Description Use the display arp command to display the ARP entries related to string in a specified way Related commands arp static reset arp Examples Display all the A...

Page 513: ...cified string include Displays the number of ARP entries containing the specified string regular expression A case sensitive character string ip address IP address The ARP entries containing the IP ad...

Page 514: ...ion statistics on Ethernet 1 0 10 Sysname display arp detection statistics interface ethernet1 0 10 ARP DETECTION ENABLE ARP PORT TRUST DISABLE INVALID ARP PACKETS 31 Table 1 2 Description on the fiel...

Page 515: ...nd to enable the gratuitous ARP packet learning function Then a switch receiving a gratuitous ARP packet can add the IP and MAC addresses carried in the packet to its own dynamic ARP table if it finds...

Page 516: ...dynamic Clears dynamic ARP entries static Clears static ARP entries interface interface type interface number Clears ARP entries of the specified port Description Use the reset arp command to clear s...

Page 517: ...remote id 1 7 1 1 9 dhcp snooping trust 1 8 1 1 10 display dhcp snooping 1 9 1 1 11 display dhcp snooping trust 1 9 1 1 12 display ip source static binding 1 10 1 1 13 ip check source ip address 1 11...

Page 518: ...to disable the DHCP snooping function After DHCP snooping is disabled all the ports can forward DHCP replies from the DHCP server without recording the IP to MAC bindings of the DHCP clients By defau...

Page 519: ...nooping information enable command to disable DHCP snooping Option 82 DHCP snooping Option 82 is disabled by default Note that Enable DHCP snooping before performing this configuration Examples Enable...

Page 520: ...n format command Examples Configure the storage format of Option 82 as ASCII Sysname system view System View return to User View with Ctrl Z Sysname dhcp snooping information format ascii 1 1 4 dhcp s...

Page 521: ...acters Description Use the dhcp snooping information remote id command to configure the remote ID sub option in Option 82 Use the undo dhcp snooping information remote id command to restore the defaul...

Page 522: ...tegy command in Ethernet port view to configure a handling policy for requests that contain Option 82 received on the current port Use the undo dhcp snooping information strategy command to restore th...

Page 523: ...zed circuit ID sub option applies to all DHCP packets that pass through the current port Use the undo dhcp snooping information vlan vlan id circuit id command to restore the default circuit ID in DHC...

Page 524: ...DHCP packets from the specified VLAN Without vlan vlan id specified the customized remote ID sub option applies to all DHCP packets that pass through the current port Use the undo dhcp snooping infor...

Page 525: ...t Use the undo dhcp snooping trust command to restore an Ethernet port to a DHCP snooping untrusted port By default with the DHCP snooping enabled all the ports of a switch are untrusted ports Note th...

Page 526: ...nd to display the user IP MAC address mapping entries recorded by the DHCP snooping function Related commands dhcp snooping Examples Display the user IP MAC address mapping entries recorded by the DHC...

Page 527: ...snooping function is enabled and the Ethernet 1 0 10 port is a trusted port 1 1 12 display ip source static binding Syntax display ip source static binding vlan vlan id interface interface type inter...

Page 528: ...ce ip address command to enable the filtering of the IP packets received through the current port based on the source IP address of the packets Use the undo ip check source ip address command to disab...

Page 529: ...ce IP address source MAC address and the port number so as to generate static binding entries Use the undo ip source static binding ip address command to remove the static binding among source IP addr...

Page 530: ...ch Use the undo dhcp protective down recover enable command to disable port state auto recovery With the port state auto recovery function a port that is shut down because the DHCP traffic rate limit...

Page 531: ...witch the auto recovery interval defaults to 300 seconds Note that z Before configuring the port state auto recovery interval you must enable port state auto recovery on the switch first z The new por...

Page 532: ...re the DHCP traffic threshold to 100 pps for port Ethernet 1 0 11 Sysname system view System View return to User View with Ctrl Z Sysname interface ethernet 1 0 11 Sysname Ethernet1 0 11 dhcp rate lim...

Page 533: ...limit DHCP traffic is disabled on an Ethernet port That is DHCP traffic passing through an Ethernet port is not limited Examples Enable the function to limit DHCP traffic for Ethernet 1 0 11 port Sys...

Page 534: ...cation of DHCP clients Note that S3100 series Ethernet switches that operate as DHCP clients support a maximum lease duration of 24 days currently Examples Display the information about the address al...

Page 535: ...ng Lease from to The starting and end time of the lease period Server IP IP address of the DHCP server selected Transaction ID Transaction ID Default router Gateway address Next timeout will happen af...

Page 536: ...dhcp alloc command UDP port 68 is disabled Examples Configure VLAN interface 1 to obtain an IP address through DHCP Sysname system view System View return to User View with Ctrl Z Sysname interface V...

Page 537: ...ield in BOOTP packets Mac Address MAC address of the BOOTP client Default router Default router 3 2 2 ip address bootp alloc Syntax ip address bootp alloc undo ip address bootp alloc View VLAN interfa...

Page 538: ...Command Manual For Soliton DHCP H3C S3100 Series Ethernet Switches Chapter 3 DHCP BOOTP Client Configuration 3 5 Sysname Vlan interface1 ip address bootp alloc...

Page 539: ...1 3 display acl 1 3 1 1 4 display acl remaining entry 1 4 1 1 5 display ipv6 acl template 1 5 1 1 6 display packet filter 1 6 1 1 7 display time range 1 7 1 1 8 ipv6 acl template 1 8 1 1 9 packet filt...

Page 540: ...the range 2000 to 2999 identifies a basic ACL z An ACL number in the range 3000 to 3999 identifies an advanced ACL Note that 3998 and 3999 cannot be configured because they are reserved for cluster ma...

Page 541: ...to Sysname acl basic 2000 Add three rules with different numbers of zeros in the source wildcards Sysname acl basic 2000 rule 1 permit source 1 1 1 1 0 255 255 255 Sysname acl basic 2000 rule 2 permit...

Page 542: ...stinguish ACLs by their descriptions By default no description string is assigned for an ACL Examples Assign description string This ACL is used for filtering all HTTP packets to ACL 3000 Sysname syst...

Page 543: ...1 1 0 Table 1 1 Description on the fields of the display acl command Field Description Basic ACL 2000 The displayed information is about the basic ACL 2000 1 rule The ACL includes one rule Acl s step...

Page 544: ...assign Total Number Total number of ACL resources Reserved Number Number of resources reserved for system ACLs Configured Number Number of resources configured for user defined ACLs Remaining Number...

Page 545: ...g on the unit specified by unit id The unit ID can be set only to 1 vlan vlan id Displays information about packet filtering on the VLAN specified by vlan id Description Use the display packet filter...

Page 546: ...ve time ranges this command displays Inactive Related commands time range Examples Display all time ranges Sysname display time range all Current time is 17 01 34 May 21 2007 Monday Time range tr Acti...

Page 547: ...IPv6 packets src port Matches the TCP UDP source port field in IPv6 packets dest port Matches the TCP UDP destination port field in IPv6 packets icmpv6 type Matches the ICMPv6 type field in IPv6 pack...

Page 548: ...Combined application of ACLs Combination mode The acl rule argument Apply all the rules of an ACL that is of IP type The ACL can be a basic ACL or an advanced ACL ip group acl number Apply a rule of...

Page 549: ...basic ACL 2000 on Ethernet 1 0 1 to filter inbound packets Here it is assumed that the ACL and its rules are already configured Sysname system view System View return to User View with Ctrl Z Sysname...

Page 550: ...e An ACL assigned to a VLAN takes effect only for the packets tagged with 802 1Q header For more information about 802 1Q header refer to the VLAN part Examples Apply all rules of basic ACL 2000 to VL...

Page 551: ...ime range time name Specifies the time range in which the rule takes effect time name specifies the name of the time range in which the rule is active a string comprising 1 to 32 characters Note sour...

Page 552: ...plus one If the current greatest rule number is 65534 however the system will display an error message and you need to specify a number for the rule z The content of a modified or created rule cannot...

Page 553: ...ckets protocol Protocol carried by IP When the protocol is represented by numeral it ranges from 1 to 255 when the protocol is represented by name it can be gre 47 icmp 1 igmp 2 ip ipinip 4 ospf 89 tc...

Page 554: ...preference The tos argument can be a number in the range 0 to 15 dscp dscp Packet priority Specifies a DSCP priority The dscp argument can be a number in the range 0 to 63 fragment Fragment informatio...

Page 555: ...28 011100 af33 30 011110 af41 34 100010 af42 36 100100 af43 38 100110 be 0 000000 cs1 8 001000 cs2 16 010000 cs3 24 011000 cs4 32 100000 cs5 40 101000 cs6 48 110000 cs7 56 111000 ef 46 101110 If you s...

Page 556: ...f you specify the tos keyword you can directly input a value ranging from 0 to 15 or input one of the keywords listed in Table 1 10 as the ToS value Table 1 10 ToS value and the corresponding keywords...

Page 557: ...erators require only one port number as the operand port1 and port2 TCP UDP port number s expressed as port names or port numbers When expressed as numerals the value range is 0 to 65535 With the rang...

Page 558: ...7 If the protocol type is ICMP you can also define the information listed in Table 1 13 Table 1 13 ICMP specific ACL rule information Parameters Type Function Description icmp type icmp type icmp code...

Page 559: ...rning the source port in the ACL rule This keyword is only available to the ACL rules with their protocol types set to TCP or UDP destination Removes the settings concerning the destination address in...

Page 560: ...xistent rule The unmodified part of the rule remains With the auto match order specified for the ACL you cannot modify any existent rule otherwise the system prompts error information z If you do not...

Page 561: ...ation of the ACLs 1 1 13 rule for Layer 2 ACLs Syntax rule rule id deny permit rule string undo rule rule id View Layer 2 ACL view Parameters rule id ACL rule ID in the range of 0 to 65534 deny Drops...

Page 562: ...ator the value of vlan id2 does not need to be greater than that of vlan id1 because the device can automatically judge the value range Note that if you specify a combination of lt 1 or gt 4093 the de...

Page 563: ...eating an ACL rule the rule will be numbered automatically If the ACL has no rules the rule is numbered 0 otherwise the number of the rule will be the greatest rule number plus one If the current grea...

Page 564: ...cimal numbers respectively src ip ipv6 address prefix length Specifies the source IPv6 address information Arguments ipv6 address and prefix length indicate the IPv6 address and prefix length respecti...

Page 565: ...cify the rule id argument when creating an ACL rule the rule will be numbered automatically If the ACL has no rules the rule is numbered 0 otherwise the number of the rule will be the greatest rule nu...

Page 566: ...undo rule comment command to remove the comment defined for the ACL rule You can give rules comments to provide relevant information such as their application purposes and the ports they are applied t...

Page 567: ...ange in the form of hh mm end time End time of a periodic time range in the form of hh mm The end time must be greater than the start time days of the week Day of the week when the periodic time range...

Page 568: ...when the system time is within one of the absolute time sections z If both a periodic time section and an absolute time section are defined in a time range the time range is active only when the peri...

Page 569: ...1 1 12 display qos interface traffic shape 1 11 1 1 13 display qos interface traffic statistic 1 12 1 1 14 display qos port group 1 13 1 1 15 display qos vlan 1 14 1 1 16 display queue scheduler 1 15...

Page 570: ...c 1 42 1 1 38 traffic statistic vlan 1 43 Chapter 2 QoS Profile Configuration Commands 2 1 2 1 QoS Profile Configuration Commands 2 1 2 1 1 apply qos profile 2 1 2 1 2 display qos profile 2 2 2 1 3 pa...

Page 571: ...stem view Parameter None Description Use the burst mode enable command to enable the burst function Use the undo burst mode enable command to disable the burst function By default the burst function i...

Page 572: ...cos local precedence map Syntax display qos cos local precedence map View Any view Parameter None Description Use the display qos cos local precedence map command to display the CoS precedence to loc...

Page 573: ...the DSCP precedence to local precedence mapping table Related command qos dscp local precedence map Example Display the DSCP precedence to local precedence mapping table Sysname display qos dscp loca...

Page 574: ...C S3100 Series Ethernet Switches Chapter 1 QoS Commands 1 4 27 1 28 1 29 1 30 1 31 1 32 2 33 2 34 2 35 2 36 2 37 2 38 2 39 2 40 2 41 2 42 2 43 2 44 2 45 2 46 2 47 2 48 3 49 3 50 3 51 3 52 3 53 3 54 3...

Page 575: ...ccounting configuration Description Use the display qos global command to display the QoS related configuration performed for all the packets Example Display all the QoS configurations performed for a...

Page 576: ...lay qos interface all Syntax display qos interface interface type interface number unit id all View Any view Parameter interface type interface number Specifies the type and number of a port for which...

Page 577: ...splay qos interface interface type interface number unit id line rate View Any view Parameter interface type interface number Specifies the type and number of a port for which the line rate configurat...

Page 578: ...d to display the traffic mirroring configuration of a port or all the ports on the device Related command mirrored to Example Display the traffic mirroring configuration of Ethernet 1 0 1 on an S3100...

Page 579: ...lay qos interface traffic limit command to display the traffic policing configuration of a port or all the ports on the device This command also displays the traffic policing statistics Related comman...

Page 580: ...y the priority marking configuration of Ethernet 1 0 1 Sysname display qos interface Ethernet 1 0 1 traffic priority Ethernet1 0 1 traffic priority Inbound Matches Acl 2000 rule 0 running Priority act...

Page 581: ...elated command traffic redirect Example Display the traffic redirecting configuration of Ethernet 1 0 1 Sysname display qos interface Ethernet 1 0 1 traffic redirect Ethernet1 0 1 traffic redirect Inb...

Page 582: ...on the device Related command traffic shape Example Display the traffic shaping configuration of Ethernet 1 0 1 Sysname display qos interface Ethernet 1 0 1 traffic shape Ethernet1 0 1 QID status max...

Page 583: ...mand also displays traffic statistics Related command traffic statistic Example Display the traffic accounting configuration information and traffic statistics on Ethernet 1 0 1 Sysname display qos in...

Page 584: ...y qos port group command to display specific QoS related configuration of a port group Example Display all the QoS related configurations of port group 1 Sysname display qos port group 1 all Port grou...

Page 585: ...uration performed for a VLAN Example Display all the QoS related configuration performed for VLAN 1 Sysname display qos vlan 1 all Vlan 1 traffic limit Inbound Matches Acl 3001 rule 0 running Target r...

Page 586: ...8 z GigabitEthernet port 64 to 1 000 000 The granularity of port rate limit is 64 Kbps Assume that the value you provide for the target rate argument is in the range N 64 to N 1 64 N is a natural numb...

Page 587: ...plicates inbound packets acl rule ACL rules to be applied This argument can be the combination of multiple ACLs For more information about this argument refer to Table 1 8 and Table 1 9 Note that the...

Page 588: ...ing for packets that match Use the undo mirrored to command to remove traffic mirroring configuration globally or for a port group or a port Note that the same ACL cannot be simultaneously referenced...

Page 589: ...Table 1 9 Note that the ACL rules referenced must be those defined with the permit keyword specified cpu Duplicates the packets to the CPU monitor interface Duplicates the packets to the destination m...

Page 590: ...vlan 1 inbound ip group 2000 monitor interface Display the traffic mirroring configuration of VLAN 1 Sysname display qos vlan 1 mirrored to Vlan 1 mirrored to Inbound Matches Acl 2000 rule 1 running...

Page 591: ...packet the switch replaces the 802 1p priority of the packet with the port priority searches for the local precedence corresponding to the port priority of the receiving port in the 802 1p to local p...

Page 592: ...o is determined by its local precedence z DSCP precedence Ranges from 0 to 63 By default packets with DSCP values from 0 to 15 are put into queue 0 those from 16 to 31 in queue 1 from 32 to 47 in queu...

Page 593: ...al prec Local precedence to which CoS 2 is to be mapped in the range 0 to 3 cos3 map local prec Local precedence to which CoS 3 is to be mapped in the range 0 to 3 cos4 map local prec Local precedence...

Page 594: ...to 3 and 7 to 3 Sysname system view System View return to User View with Ctrl Z Sysname qos cos local precedence map 0 0 1 1 2 2 3 3 Display the configuration result Sysname display qos cos local prec...

Page 595: ...e mapping table The default DSCP precedence to local precedence mapping tables as shown in Table 1 11 Table 1 11 The default DSCP precedence to local precedence mapping table DSCP Local precedence 0 t...

Page 596: ...mands 1 26 Sysname display qos dscp local precedence map dscp local precedence map dscp local precedence queue 0 2 1 2 2 2 3 2 4 2 5 2 6 2 7 2 8 2 9 2 10 2 11 2 12 2 13 2 14 2 15 2 16 1 17 1 18 1 19 1...

Page 597: ...ight queue1 weight queue2 weight wrr queue0 weight queue1 weight queue2 weight queue3 weight undo queue scheduler View System view Parameter strict priority Adopts the strict priority SP algorithm for...

Page 598: ...e weight values for queues 0 to 3 are set as 1 2 4 and 8 corresponding to w0 w1 w2 and w3 respectively In this case when data traffic of the four output queues on the port exceeds the port processing...

Page 599: ...hing specific ACL rules or packets that match specific ACL rules and are of a port group or pass a port Related command traffic limit Example Clear the traffic policing statistics on packets matching...

Page 600: ...to clear the statistics on the inbound packets acl rule ACL rules to be applied This argument can be the combination of multiple ACLs For more information about this argument refer to Table 1 8 and T...

Page 601: ...reset traffic statistic vlan 1 inbound ip group 2000 1 1 30 traffic limit Syntax traffic limit inbound acl rule target rate burst bucket burst bucket size conform con action exceed exceed action meter...

Page 602: ...The con action argument can be z remark dscp dscp value Sets the DSCP precedence for the packets The dscp value argument is in the range of 0 to 63 You can also enter a keyword listed in Table 1 13 fo...

Page 603: ...rwards the packets z remark dscp dscp value Resets the DSCP precedence of the packets and forwards them at the same time The DSCP value is in the range of 0 to 63 You can also enter a keyword listed i...

Page 604: ...r View with Ctrl Z Sysname acl number 4000 Sysname acl ethernetframe 4000 rule permit source 200 Sysname acl ethernetframe 4000 quit Sysname interface Ethernet 1 0 1 Sysname Ethernet1 0 1 traffic limi...

Page 605: ...e 1 14 for this argument exceed exceed action Sets the actions on the part of the packets exceeding the specified traffic when the packet traffic exceeds the specified traffic The actions include z dr...

Page 606: ...th Ctrl Z Sysname traffic limit vlan 1 inbound link group 4000 128 exceed drop 1 1 32 traffic priority Syntax traffic priority inbound acl rule dscp dscp value cos cos value local precedence pre value...

Page 607: ...Sysname system view System View return to User View with Ctrl Z Sysname acl number 4000 Sysname acl ethernetframe 4000 rule permit cos 5 Sysname acl ethernetframe 4000 quit Sysname interface Ethernet...

Page 608: ...and are of a VLAN By default priority marking is disabled on a VLAN Related command display qos vlan Note The priority marking function configured on a VLAN is only applicable to packets tagged with 8...

Page 609: ...specific ACL rules or the packets that match specific ACL rules and are of a port group or pass a port You can redirect packets to a port or the CPU Note that the same ACL cannot be simultaneously re...

Page 610: ...le 1 8 and Table 1 9 Note that the ACL rules referenced must be those defined with the permit keyword specified cpu Redirects the packets to the CPU interface interface type interface number Redirects...

Page 611: ...2000 rules and are of VLAN 1 to Ethernet 1 0 7 Sysname system view System View return to User View with Ctrl Z Sysname acl number 2000 Sysname acl basic 2000 rule permit source 1 1 1 0 0 0 0 255 Sysna...

Page 612: ...rameter inbound Generates statistics on inbound packets acl rule ACL rules to be applied This argument can be the combination of multiple ACLs For more information about this argument refer to Table 1...

Page 613: ...1 to 4094 inbound Generates statistics on inbound packets acl rule ACL rules to be applied This argument can be the combination of multiple ACLs For more information about this argument refer to Table...

Page 614: ...xample Generate statistics on packets that match ACL 2000 and are of VLAN 1 Sysname system view System View return to User View with Ctrl Z Sysname acl number 2000 Sysname acl basic 2000 rule permit s...

Page 615: ...f 1 to 32 characters and starting with English letters a z A Z interface list List of Ethernet ports You can specify multiple Ethernet ports by providing this argument in the form of interface type in...

Page 616: ...erface type interface number Specifies the type and number of a port to display the QoS profile applied on the port user user name Specifies the name of an 802 1x authentication user The user name arg...

Page 617: ...et filter inbound ip group 2000 rule 0 traffic limit inbound ip group 3000 rule 0 64 traffic priority inbound ip group 4000 rule 0 cos controlled load Table 2 1 Description on the fields of the displa...

Page 618: ...nbound Filters the inbound packets acl rule ACL rules to be applied This argument can be the combination of multiple ACLs For more information about this argument refer to Table 1 8 and Table 1 9 Desc...

Page 619: ...corresponding QoS profile view Use the undo qos profile command to remove a QoS profile A QoS profile currently applied to a port cannot be removed or modified To remove or modify a QoS profile alread...

Page 620: ...cation mode to be port based Example Configure the QoS profile application mode on Ethernet 1 0 1 to be port based Sysname system view System View return to User View with Ctrl Z Sysname interface Eth...

Page 621: ...value argument is in the range 0 to 7 You can also enter a keyword listed in Table 1 14 for this argument exceed exceed action Sets the actions on the part of the packets exceeding the specified traf...

Page 622: ...st be those defined with the permit keyword specified dscp dscp value Sets the DSCP precedence The dscp value argument is in the range 0 to 63 You can also enter a keyword listed in Table 1 13 for thi...

Page 623: ...al For Soliton QoS QoS Profile H3C S3100 Series Ethernet Switches Chapter 2 QoS Profile Configuration Commands 2 9 Sysname qos profile a123 Sysname qos profile a123 traffic priority inbound link group...

Page 624: ...1 1 1 1 Mirroring Commands 1 1 1 1 1 display mirroring group 1 1 1 1 2 mirroring group 1 3 1 1 3 mirroring group mirroring port 1 4 1 1 4 mirroring group monitor port 1 5 1 1 5 mirroring group reflect...

Page 625: ...Specifies to display the parameter settings of local port mirroring groups remote destination Specifies to display the parameter settings of the destination groups for remote mirroring remote source S...

Page 626: ...and Field Description mirroring group Port mirroring group number type Port mirroring group type which can be local remote source or remote destination status Status of the port mirroring group which...

Page 627: ...oup for remote port mirroring remote source Specifies the mirroring group as the source mirroring group for remote port mirroring Description Use the mirroring group command to create a port mirroring...

Page 628: ...s or port lists both Specifies to mirror the packets received on and sent from the source mirroring port inbound Specifies to mirror the packets received on the source mirroring port outbound Specifie...

Page 629: ...roup monitor port command to configure the destination port for a local mirroring group or a remote destination mirroring group Use the undo mirroring group monitor port to remove the destination port...

Page 630: ...ote the following when you configure the reflector port z The reflector port cannot be a member port of an aggregation group or a port enabled with LACP or STP It must be an access port and cannot be...

Page 631: ...ng a VLAN as the remote probe VLAN for a remote source destination mirroring group you need to use the remote probe vlan enable command to configure the VLAN as a remote probe VLAN first Related comma...

Page 632: ...ally create local mirroring group 1 and add the source port to the group if mirroring group 1 already exists but is not a local mirroring group your configuration of the source port will fail Examples...

Page 633: ...switch creates the local mirroring group 1 and adds the port to the group if mirroring group 1 already exists but is not a local mirroring group your configuration of the destination port will fail Ex...

Page 634: ...s the remote probe VLAN z A remote probe VLAN cannot be removed directly To do that you need to run the undo remote probe vlan enable command in VLAN view first Related commands mirroring group remote...

Page 635: ...ndp timer hello 2 5 2 1 5 reset ndp statistics 2 6 2 2 NTDP Configuration Commands 2 6 2 2 1 display ntdp 2 6 2 2 2 display ntdp device list 2 8 2 2 3 ntdp enable 2 10 2 2 4 ntdp explore 2 11 2 2 5 nt...

Page 636: ...2 3 22 tftp get 2 40 2 3 23 tftp put 2 41 2 3 24 tftp server 2 42 2 3 25 timer 2 43 2 3 26 tracemac 2 44 2 4 Enhanced Cluster Feature Configuration Commands 2 45 2 4 1 black list 2 45 2 4 2 display c...

Page 637: ...epends on the members keyword as follows z If the members keyword is not specified the output information indicates that the local switch is the main switch Besides the number of the switches containe...

Page 638: ...e Device S3100 MAC Address 000f e20f 3130 Member status Up IP 129 10 1 16 16 Member number 2 Name stack_2 Sysname Device S3100 MAC Address 000f e20f 3135 Member status Up IP 129 10 1 17 16 Table 1 1 D...

Page 639: ...from sending forwarding stack join in requests to from its connected switch By default the stack port function on a stack port is enabled indicating that a switch can send forward the stack join in r...

Page 640: ...t stack_0 Sysname 1 1 4 stacking enable Syntax stacking enable undo stacking enable View System view Parameter None Description Use the stacking enable command to create a stack Use the undo stacking...

Page 641: ...ing the stack When adding a switch to a stack the main switch picks an IP address from the IP address pool and assigns the IP address to it The stacking ip pool command can only be executed on switche...

Page 642: ...a slave switch is not of the same network segment as that of the stack address pool the main switch or the slave switch automatically removes the existing IP address and picks a new one from the stac...

Page 643: ...ber Description Use the display ndp command to display all NDP configuration and operating information including the global NDP status the interval to send NDP packets the holdtime of NDP information...

Page 644: ...01 Device Name H3C S3100 Port Duplex AUTO Product Ver 3100 BootROM Ver 506 Table 2 1 Description on the fields of the two commands Field Description Neighbor Discovery Protocol is enabled NDP is enabl...

Page 645: ...ndp enable interface interface list View System view Ethernet port view Parameters interface list Ethernet port list in the format of interface type interface number to interface type interface number...

Page 646: ...d to set the holdtime of the NDP information This command specifies how long an adjacent device should hold the NDP neighbor information received from the local switch before discarding the informatio...

Page 647: ...se the undo ndp timer hello command to restore the default interval By default this interval is 60 seconds A switch should update the NDP information of its neighbors regularly so that the switch can...

Page 648: ...command if you specify the interface keyword the command will clear NDP statistics on the specified ports if you do not specify the interface keyword the command will clear NDP statistics on all port...

Page 649: ...lection total time 92ms Table 2 2 Description on the fields of the display ntdp command Field Description NTDP is running NTDP is enabled globally on this device Hops Hop count for topology collection...

Page 650: ...t MAC HOP IP PLATFORM 000f e20f 3901 0 100 100 1 1 24 S3100 000f e20f 3190 1 16 1 1 1 24 S3100 Table 2 3 Description on the fields of the display ntdp device list command Field Description MAC MAC add...

Page 651: ...r switch of cluster 1234 Administrator MAC 00e0 fc11 1111 Stack Candidate switch Peer MAC Peer Port ID Native Port ID Speed Duplex 000f e200 0144 Ethernet0 3 Ethernet0 24 100 FULL 00e0 fc00 3100 Ether...

Page 652: ...lected device for the cluster Peer MAC MAC address of a neighbor device connected to the collected device Peer Port ID Index of the port on the neighbor device connected to the collected device Native...

Page 653: ...llection process NTDP is able to periodically collect topology information In addition you can use this command to manually start a topology collection process at any moment If you do this NTDP collec...

Page 654: ...from the collecting device to the collected devices For example if you set the maximum hops to two the switch initiating the topology collection collects topology information from the switches within...

Page 655: ...on process manually z After a cluster is set up the management switch will collect the topology information of the network at the topology collection interval you set and automatically add the candida...

Page 656: ...logy collection requests Examples Set the delay for collected switches to forward topology collection requests to 300 ms aaa_0 Sysname system view System View return to User View with Ctrl Z aaa_0 Sys...

Page 657: ...sword View Cluster view Parameters member number Member number assigned to the candidate device to be added to the cluster This argument ranges from 1 to 255 H H H MAC address of the candidate device...

Page 658: ...ew return to User View with Ctrl Z aaa_0 Sysname cluster aaa_0 Sysname cluster add member 6 mac address 000f e20f 35e7 password 123456 2 3 2 administrator address Syntax administrator address mac addr...

Page 659: ...ster aaa_1 Sysname cluster undo administrator address 2 3 3 auto build Syntax auto build recover View Cluster view Parameters recover Recovers all member devices Description Use the auto build command...

Page 660: ...ceived from the public network The two ACL rules will be automatically applied to all ports of the cluster members z After a cluster is built automatically ACL 3998 and ACL 3999 can neither be configu...

Page 661: ...name CLST 5 LOG 1 Member 000f e200 7800 is joined in cluster aaa Apr 3 08 12 37 863 2000 aaa_0 Sysname CLST 5 LOG 1 Member 000f e200 2420 is joined in cluster aaa Apr 3 08 12 37 996 2000 aaa_0 Sysname...

Page 662: ...candidate device as well as on a management device Executing the build command on a candidate device will change the device to a management device and assign a name to the cluster created on the devic...

Page 663: ...luster the candidate device changes to a member device and its UDP port 40000 is opened at the same time z When you execute the auto build command on the management device to have the system automatic...

Page 664: ...DPIndex 0 00 00 00 00 00 12 a9 90 22 40 Role 1 aaa_0 Sysname cluster 2 3 5 cluster Syntax cluster View System view Parameters None Description Use the cluster command to enter cluster view Examples En...

Page 665: ...z When you execute undo cluster enable command on a device that does not belong to any cluster the cluster function is disabled on the device and thus you cannot create a cluster on the device or add...

Page 666: ...ange the super password of any cluster member or the management device so as to avoid switching failure resulting from authentication failure z After you switch from the management device to a member...

Page 667: ...Pv2 protocol packets configured on the management device through the multicast MAC synchronization packets the member devices can learn the multicast MAC address of HGMPv2 protocol packets and use it...

Page 668: ...ter so that HGMPv2 protocol packets can be forwarded normally within the cluster HGMPv2 multicast MAC synchronization packets are Layer 2 multicast packets If you set this interval to zero on a manage...

Page 669: ...the delete member command with the to black list keyword specified to remove a device and add the device to the blacklist of the cluster z Before using the delete member command to remove a device fr...

Page 670: ...member devices in the cluster cluster status holdtime and interval to send handshake packets Executing this command on a device that does not belong to any cluster will display an error Examples Disp...

Page 671: ...dtime of the neighbor status information which can be configured through the holdtime command Administrator device mac address MAC address of the management device Administrator status Status of the m...

Page 672: ...ay information about all candidate devices aaa_0 Sysname cluster display cluster candidates MAC HOP IP PLATFORM 3900 0000 3334 2 16 1 1 11 24 S3100 000f e20f 3190 1 16 1 1 1 24 S3100 Table 2 6 Descrip...

Page 673: ...display cluster members Syntax display cluster members member number verbose View Any view Parameters member number Member number of a device ranging from 0 to 255 verbose Displays detailed informatio...

Page 674: ...Member number 0 Name aaa_0 Sysname Device S3100 MAC Address 000f e20f 3901 Member status Admin Hops to administrator device 0 IP 100 100 1 1 24 Version H3C Comware Platform Software Comware Software...

Page 675: ...in the cluster Name Device name Device Device type MAC Address Device MAC address Member status Device status Hops to administrator device Hops from the device to the management device IP Device IP a...

Page 676: ...in 2 3 15 ftp server Syntax ftp server ip address undo ftp server View Cluster view Parameters ip address IP address of the FTP server to be configured for the cluster Description Use the ftp server...

Page 677: ...r to the member device according to the NAT record Examples Configure FTP server 1 0 0 9 on the management device of a cluster aaa_0 Sysname system view System View return to User View with Ctrl Z aaa...

Page 678: ...mask ip mask length undo ip pool View Cluster view Parameters administrator ip address IP address for the device to be set as the management device of a cluster ip mask Mask of the cluster IP address...

Page 679: ...o configure a shared log host for a cluster on the management device Use the undo logging host command to remove the shared log host setting By default no shared log host is configured After setting t...

Page 680: ...on a device only when no cluster is created on the device You cannot change the management VLAN on a device that already joins a cluster If you want to change the management VLAN on a device where a...

Page 681: ...s you can use the remote control function on the management device to maintain the member device remotely For example from the management device you can delete the configuration file on a member devic...

Page 682: ...re SNMP NMS address 1 0 0 9 on the management device for the cluster aaa_0 Sysname system view System View return to User View with Ctrl Z aaa_0 Sysname cluster aaa_0 Sysname cluster snmp host 1 0 0 9...

Page 683: ...app vs app 2 3 23 tftp put Syntax tftp cluster tftp server put source file destination file View User view Parameters cluster Uploads files through the shared TFTP server of the cluster tftp server IP...

Page 684: ...o be configured for the cluster Description Use the tftp server command to configure a shared TFTP server for the cluster on the management device Use the undo tftp server command to remove the shared...

Page 685: ...etween sending handshake packets Use the undo timer command to restore the default value of the interval By default the interval between sending handshake packets is 10 seconds In a cluster the manage...

Page 686: ...luster through the specified destination MAC address or IP address and to display the path from the current device to the destination device Note z When using the destination IP address to trace a dev...

Page 687: ...00f e232 0005 H3C05 Local 2 4 Enhanced Cluster Feature Configuration Commands 2 4 1 black list Syntax black list add mac mac address black list delete mac all mac address View Cluster view Parameters...

Page 688: ...me system view Enter system view return to user view with Ctrl Z aaa_0 Sysname cluster aaa_0 Sysname cluster black list add mac 0010 3500 e001 Delete all addresses in the current cluster blacklist aaa...

Page 689: ...e layers above or below the node specified by the MAC address member member id Displays the structure of the standard topology three layers above or below the node specified by the member ID Descripti...

Page 690: ...er device MAC address For example P_0 40 P_0 6 Sysname 000f e200 2200 means that the peer device uses its port Ethernet 1 0 40 to connect to port Ethernet 1 0 6 of the local device the peer device nam...

Page 691: ...ers mac address mac address1 Displays the topology structure three layers above or below the node specified by the MAC address If to mac address is specified mac address1 is the start point of the rou...

Page 692: ...d Examples Display the topology of the current cluster aaa_0 Sysname display cluster current topology PeerPort ConnectFlag NativePort SysName DeviceMac ConnectFlag normal connect odd connect in blackl...

Page 693: ...that displayed by the display cluster members command However if you want to display information about a device that is enabled with only NTDP and is not in any cluster you have to use the display ntd...

Page 694: ...cal device connecting to the peer device Speed Rate of the local port connecting to the peer device Duplex Duplex mode of the local port connecting to the peer device 2 4 7 topology accept Syntax topo...

Page 695: ...vice in the IRF fabric Related commands display cluster base topology topology restore from topology save to Examples Save the current cluster topology as the base topology and save it in the local fl...

Page 696: ...nd on the cluster administrative device Related commands topology accept topology save to Examples Restore the base cluster topology from the flash of the management device in the cluster aaa_0 Sysnam...

Page 697: ...the management device of a cluster Related commands topology restore from Examples Enter Cluster view aaa_0 Sysname system view System View return to User View with Ctrl Z aaa_0 Sysname cluster aaa_0...

Page 698: ...snmp agent community 1 15 1 1 13 snmp agent group 1 16 1 1 14 snmp agent local engineid 1 18 1 1 15 snmp agent log 1 19 1 1 16 snmp agent mib view 1 20 1 1 17 snmp agent packet max size 1 22 1 1 18 sn...

Page 699: ...Command Manual For Soliton SNMP RMON H3C S3100 Series Ethernet Switches Table of Contents ii 2 1 8 rmon event 2 12 2 1 9 rmon history 2 13 2 1 10 rmon prialarm 2 14 2 1 11 rmon statistics 2 16...

Page 700: ...x display snmp agent local engineid remote engineid View Any view Parameters local engineid Displays the local SNMP entity engine ID remote engineid Displays all the remote SNMP entity engine IDs At p...

Page 701: ...unities with read write permission Description Use the display snmp agent community command to display the information about the SNMPv1 SNMPv2c communities with the specific access permission SNMPv1 a...

Page 702: ...ent community command to configure a community name for SNMPv1 or SNMPv2c the group name is the community name If you use the snmp agent usm user v1 v2c command to configure a username the group name...

Page 703: ...play snmp agent group Group name v3group Security model v3 noAuthnoPriv Readview ViewDefault Writeview ViewDefault Notifyview ViewDefault Storage type nonVolatile Table 1 2 display snmp agent group co...

Page 704: ...lay the MIB view configuration of the current Ethernet switch including view name MIB subtree subtree mask and so on For the description of the configuration items of MIB view refer to the related des...

Page 705: ...lay snmp agent statistics command to display the statistics on SNMP packets The statistics are collected from the time when the switch is started and the statistics will not be cleared if the SNMP is...

Page 706: ...ch used a SNMP community name not known The total number of SNMP messages delivered to the SNMP protocol entity which used an SNMP community name not known to said entity Messages which represented an...

Page 707: ...by the SNMP protocol entity GetResponse PDU accepted and processed The total number of SNMP Get Response PDUs which have been accepted and processed by the SNMP protocol entity SetRequest PDU accepted...

Page 708: ...cal location of the device and the employed SNMP version This command displays all the system SNMP information if you execute it with no keyword specified The display snmp agent sys info command displ...

Page 709: ...Display the modules that can generate traps and whether the trap function is enabled on the modules Sysname display snmp agent trap list configuration trap enable flash trap enable standard trap disab...

Page 710: ...validity of the sending end of the packets preventing access of illegal users the latter is used to encrypt packets between the NMS and agent preventing the packets from being intercepted A more secu...

Page 711: ...down command to enable the sending of port interface linkUp linkDown traps Use the undo enable snmp trap updown command to disable the sending of linkUp linkDown traps By default the sending of port i...

Page 712: ...e Ethernet1 0 1 enable snmp trap updown 1 1 10 snmp agent Syntax snmp agent undo snmp agent View System view Parameters None Description Use the snmp agent command to enable the SNMP agent Use the und...

Page 713: ...ssword md5 Uses HMAC MD5 algorithm sha Uses HMAC SHA algorithm which is securer than MD5 algorithm local engineid Uses the local engine ID to calculate the key specified engineid Uses the specified en...

Page 714: ...meters read Specifies that the community to be created has read only permission to MIB objects Communities of this type can only query MIBs for device information write Specifies that the community to...

Page 715: ...iew return to User View with Ctrl Z Sysname snmp agent community read comaccess Create an SNMP community named mgr which has read write permission to MIB objects Sysname snmp agent community write mgr...

Page 716: ...s with specific source addresses thus restricting access between the NMS and the agent Description Use the snmp agent group command to create an SNMP group and set the security mode and corresponding...

Page 717: ...but their security modes are noAuthnoPriv and AuthPriv respectively Sysname display snmp agent group Group name v3group Security model v3 noAuthnoPriv Readview ViewDefault Writeview ospf Notifyview o...

Page 718: ...to 123456789A Sysname system view System View return to User View with Ctrl Z Sysname snmp agent local engineid 123456789A 1 1 15 snmp agent log Syntax snmp agent log set operation get operation all...

Page 719: ...al Examples Enable logging for both the get and the set operations performed on the NMS Sysname system view System View return to User View with Ctrl Z Sysname snmp agent log all 1 1 16 snmp agent mib...

Page 720: ...y the same as the sub OID at the corresponding position of the MIB subtree OID Note the following when defining a MIB view with a mask z If the bit number of a mask value is more than the number of su...

Page 721: ...max size byte count undo snmp agent packet max size View System view Parameters byte count Maximum SNMP packet size in bytes to be set ranging from 484 to 17 940 Description Use the snmp agent packet...

Page 722: ...mand to set the system information including geographical location of the switch contact information for system maintenance and the SNMP version employed by the switch Use the undo snmp agent sys info...

Page 723: ...host trap address udp domain ip address udp port port number params securityname security string v1 v2c v3 authentication privacy undo snmp agent target host ip address securityname security string V...

Page 724: ...to specify the types of the SNMP traps a device can send by default a device can send all types of SNMP traps 2 Use the snmp agent target host command to set the address of the destination for the SN...

Page 725: ...device to send SNMP traps that are of specified types Use the undo snmp agent trap enable command to disable a device from sending SNMP traps that are of specified types By default a device sends all...

Page 726: ...linkDown portIndex is 4227634 ifAdminStatus is 2 ifOperStatus is 2 Apr 2 05 53 16 094 2000 H3C IFNET 5 TRAP 1 1 3 6 1 6 3 1 1 5 3 linkDown Interface 31 is Down Configure the extended linkUp linkDown t...

Page 727: ...undo snmp agent trap life command to restore the default SNMP trap aging time By default the SNMP trap aging time is 120 seconds The system discards the traps that timed out and not sent in the SNMP t...

Page 728: ...iest will be discarded Related commands snmp agent trap enable snmp agent target host and snmp agent trap life Examples Set the SNMP trap queue length to 200 Sysname system view System View return to...

Page 729: ...rface is assigned an IP address Related commands snmp agent trap enable snmp agent target host Examples Configure VLAN interface 1 as the source interface for the SNMP traps sent Sysname system view S...

Page 730: ...the NMS the NMS can establish a connection with the SNMP To make the configured user take effect you must create a group first Related commands snmp agent group snmp agent community and snmp agent loc...

Page 731: ...5 Uses HMAC MD5 algorithm for authentication sha Uses HMAC SHA algorithm for authentication which is securer than MD5 auth password Authentication password a string of 1 to 64 characters in plain text...

Page 732: ...i password argument can be obtained by the snmp agent calculate password command To make the calculated cipher text password applicable to the snmp agent usm user v3 cipher command ensure that the sam...

Page 733: ...ion with the device Then the NMS can access the MIB objects in the view ViewDefault on the device Add a user named testUser to the SNMPv3 group named testGroup in cipher mode namely the authentication...

Page 734: ...sampled node sampling interval rising and falling thresholds that trigger alarms the condition under which an alarm is triggered and the last sampled value Related commands rmon alarm Examples Display...

Page 735: ...riggered When startup enables The condition under which an alarm is triggered which can be z risingOrFallingAlarm An alarm is triggered when the rising or falling threshold is reached z risingAlarm An...

Page 736: ...of an entry in the RMON event table VALID The status of the entry identified by the index is valid Description RMON event description Will cause log trap when triggered The event triggers logging and...

Page 737: ...m sample type is absolute Table 2 3 display rmon eventlog command output description Field Description Event table Index of an entry in the RMON event table VALID The status of the entry identified by...

Page 738: ...his command displays the RMON history information about all the ports units Related commands rmon history Examples Display the RMON history information about Ethernet 1 0 1 Sysname display rmon histor...

Page 739: ...e packets with CRC errors jabbers Number of the oversize packets with CRC errors collisions Number of the packets that cause collisions utilization Bandwidth utilization 2 1 5 display rmon prialarm Sy...

Page 740: ...olute or delta Variable formula Variable formula of the sampled node Description Description Sampling interval Sampling interval in seconds The system collects statistics of the port at this interval...

Page 741: ...information displayed includes the number of z Collisions z Packets with CRC errors z Undersize Oversize packets z Broadcast multicast packets z Received bytes z Received packets Related commands rmo...

Page 742: ...ize packets received with CRC errors etherStatsJabbers Number of oversize packets received with CRC errors etherStatsCRCAlignErrors Number of packets received with CRC errors etherStatsCollisions Numb...

Page 743: ...he owner of the entry a string of 1 to 127 characters Description Use the rmon alarm command to add an alarm entry to the alarm table If you do not specify the owner text keyword argument combination...

Page 744: ...alarm entry z Make sure the node to be monitored exists before executing the rmon alarm command Examples Add the alarm entry numbered 1 as follows z The node to be monitored 1 3 6 1 2 1 16 1 1 1 4 1...

Page 745: ...cter string of 1 to 127 characters none Specifies that the event triggers no action owner text Specifies the owner of the event entry a string of 1 to 127 characters Description Use the rmon event com...

Page 746: ...owner of the entry is displayed as null Use the undo rmon history command to remove an entry from the history control table You can use the rmon history command to sample a specific port You can also...

Page 747: ...ake sure the operation results of each step are valid long integers prialarm des Alarm description a string of 1 to 128 characters sampling timer Sampling interval in seconds in the range 10 to 65535...

Page 748: ...d alarm expression prialarm formula z Comparing the operation result with the set thresholds and perform corresponding operations as described in Table 2 8 Table 2 8 Operation result and corresponding...

Page 749: ...tistics entry number View Ethernet port view Parameters entry number Statistics entry Index in the range 1 to 65535 owner text Specifies the owner of the entry a string of 1 to 127 characters Descript...

Page 750: ...created for a given port you will fail to create a statistics entry with a different index for the port You can use the display rmon statistics command to display the information about the statistics...

Page 751: ...ss 1 5 1 1 5 ntp service authentication enable 1 7 1 1 6 ntp service authentication keyid 1 7 1 1 7 ntp service broadcast client 1 8 1 1 8 ntp service broadcast server 1 9 1 1 9 ntp service in interfa...

Page 752: ...ervice broadcast server ntp service multicast client and ntp service multicast server commands enables the NTP feature and opens UDP port 123 at the same time z Execution of the undo form of one of th...

Page 753: ...e the IP address of the local clock 2 If the reference clock is the clock of another switch on the network the value of this field will be the IP address of that switch stra Stratum of the clock of th...

Page 754: ...ce status Syntax display ntp service status View Any view Parameter None Description Use the display ntp service status command to display the status of NTP services Example View the status of the NTP...

Page 755: ...cal hardware clock in Hz Clock precision Precision of the local hardware clock Clock offset Offset of the local clock relative to the reference clock in milliseconds Root delay Roundtrip delay between...

Page 756: ...m level of the corresponding system clock offset The clock offset relative to the upper level clock in milliseconds synch distance The synchronization distance relative to the upper level clock in sec...

Page 757: ...e to the local NTP server Use the undo ntp service access command to remove the configured access control right to the local NTP server By default the access control right from the remote device to th...

Page 758: ...the NTP authentication is disabled Refer to the ntp service reliable authentication keyid and ntp service authentication keyid commands for related configuration Example Enable the NTP authentication...

Page 759: ...ey Related commands ntp service reliable authentication keyid Example Configure an MD5 authentication key with the key ID being 10 and the key being BetterKey Sysname system view System View return to...

Page 760: ...o 4294967295 You do not need to configure authentication keyid key id if authentication is not required version number Specifies the NTP version number which ranges from 1 to 3 The default version num...

Page 761: ...the interface can receive NTP messages Example Disable Vlan interface1 from receiving NTP messages Sysname system view System View return to User View with Ctrl Z Sysname interface Vlan interface 1 Sy...

Page 762: ...VLAN interface view Parameter ip address Multicast IP address in the range of 224 0 1 0 to 239 255 255 255 The default IP address is 224 0 1 1 Description Use the ntp service multicast client command...

Page 763: ...umber argument ranges from 1 to 255 and defaults to 16 version number Specifies the NTP version number which ranges from 1 to 3 and defaults to 3 Description Use the ntp service multicast server comma...

Page 764: ...move the configuration By default no trusted key is configured When NTP authentication is enabled a client can be synchronized only to a server that can provide a trusted authentication key Related co...

Page 765: ...o specify a specific interface to send all NTP packets In this way the IP address of the interface is the source IP address of all NTP messages sent by the local device Example Specify the source IP a...

Page 766: ...de Use the undo ntp service unicast peer command to remove the configuration By default no NTP operate mode is configured Note If you use remote ip or peer name to specify a remote device as the peer...

Page 767: ...rface vlan id Specifies an interface whose IP address serves as the source IP address of NTP packets sent by the local switch to the server version number Specifies the NTP version number The number a...

Page 768: ...port rsa 1 14 1 1 13 public key local export dsa 1 16 1 1 14 public key peer 1 18 1 1 15 public key peer import sshkey 1 19 1 1 16 public key code begin 1 20 1 1 17 public key code end 1 20 1 1 18 rsa...

Page 769: ...urrent switch s key pairs Related commands public key local create Examples Display the public key part of the current switch s RSA key pair s Sysname display public key local rsa public Time of Key p...

Page 770: ...7723602787E922BA84421F22C3C89CB9B06FD60FE01941D DD77FE6B12893DA76EEBC1D128D97F0678D7722B5341C8506F358214B16A2FAC4B36895038 7811C7DA33021500C773218C737EC8EE993B4F2DED30F48EDACE915F0281810082269009E1 4E...

Page 771: ...erated key pair may have 1024 or 1023 bits Note You can configure an SSH peer s public key on the current switch by using the public key peer command or the public key peer import sshkey command Relat...

Page 772: ...current switch s RSA key pair s If no key pair has been generated the system prompts RSA keys not found Related commands rsa local key pair create Examples Display the public key part of the current s...

Page 773: ...t public key and server public key when the S3100 switch is working in SSH1 compatible but only one public key the host public key when the switch is working in SSH2 mode 1 1 4 display rsa peer public...

Page 774: ...sname display rsa peer public key brief Type Module Name DSA 1023 2 DSA 1024 a Display the information about public key abcd Sysname display rsa peer public key name abcd Key name abcd Key type RSA Ke...

Page 775: ...FTP Server Disable SFTP idle timeout 10 minutes Caution z If you use the ssh server compatible ssh1x enable command to configure the server to be compatible with SSH1 x clients the SSH version will be...

Page 776: ...eys saved on the client Note If an SSH client needs to authenticate the SSH server it uses the locally saved public key of the server for authentication In case the authentication fails you can use th...

Page 777: ...rt cannot be more than 128 characters Description Use the display ssh user information command on an SSH server to display information about the current SSH users including user name authentication ty...

Page 778: ...with peer public key end Sysname rsa public key peer public key end Sysname 1 1 9 protocol inbound Syntax protocol inbound all ssh telnet View VTY user interface view Parameters all Supports both Tel...

Page 779: ...e protocol inbound ssh command neither of the authentication mode password and authentication mode none commands can be executed Examples Configure vty0 through vty4 to support SSH only Sysname system...

Page 780: ...s Sysname system view System View return to User View with Ctrl Z Sysname public key local create rsa The range of public key size is 512 2048 NOTES If the key modulus is greater than 512 It will take...

Page 781: ...c key size is 512 2048 NOTES If the key modulus is greater than 512 It will take a few minutes Input the bits in the modulus default 1024 512 Generating keys Display the public key of the DSA key pair...

Page 782: ...command to destroy the DSA key pair or RSA key pair generated for the current switch Related commands public key local create Examples Destroy the RSA key pair of the current switch Sysname system vi...

Page 783: ...r on the screen or export it to a specified file If you specify a filename the host public key will be exported to the file and the file will be saved If you do not specify any filename the host publi...

Page 784: ...SSH1 and save the public key file as pub_ssh_file3 Sysname public key local export rsa ssh1 pub_ssh_file3 1 1 13 public key local export dsa Syntax public key local export dsa openssh ssh2 filename Vi...

Page 785: ...nput the bits in the modulus default 1024 Generating keys Display the public key in the SSH2 format Sysname public key local export dsa ssh2 BEGIN SSH2 PUBLIC KEY Comment dsa key 20000406 AAAAB3NzaC1k...

Page 786: ...e the configuration of peer public key After configuring this command you enter public key view You can use this command together with the public key code begin command to configure the peer public ke...

Page 787: ...g Note z Only public key files in the format of SSH1 SSH2 or OpenSSH are supported z Currently only public keys whose modules are in the range 512 to 2048 bits can be imported to the switch z You may...

Page 788: ...with Ctrl Z Sysname rsa peer public key Switch003 RSA public key view return to System View with peer public key end Sysname rsa public key public key code begin RSA key code view return to last view...

Page 789: ...w and save the public key you input Sysname system view System View return to User View with Ctrl Z Sysname rsa peer public key Switch003 RSA public key view return to System View with peer public key...

Page 790: ...ommand displays two public keys the host public key and server public key when the S3100 switch is working in SSH1 compatible mode but only one public key the host public key when the switch is workin...

Page 791: ...6 74E45127 3D4CA70F 253645DA 57524DC3 513BAC53 2C1B7F8F 2481FA79 D4AA15C7 0203 010001 Time of Key pair created 02 32 06 2000 04 09 Key name Sysname_Server Key type RSA encryption Key Key code 3067 026...

Page 792: ...peer public key Syntax rsa peer public key keyname undo rsa peer public key keyname View System view Parameters keyname Name of the public key to be configured a string of 1 to 64 characters Descripti...

Page 793: ...characters For file naming rules refer to File System Management Command Description Use the rsa peer public key import sshkey command to import a peer public key from the public key file Use the und...

Page 794: ...Syntax ssh authentication type default all password password publickey publickey rsa undo ssh authentication type default View System view Parameters all Specifies either the password authentication...

Page 795: ...or the user at the same time By default no default authentication mode is specified Related commands display ssh user information Examples Specify the publickey authentication as the default authentic...

Page 796: ...P address or host name that it used to log in to the SSH server as the public key name Note If a client does not support first time authentication it will refuse to access any unauthenticated server I...

Page 797: ...nt that is not configured with the server s host public key can continue accessing the server when it accesses the server for the first time and it will save the host public key for use in subsequent...

Page 798: ...the undo ssh server authentication retries command to restore the default authentication retry times By default the number of authentication retry times is 3 Caution If you have used the ssh user aut...

Page 799: ...x clients Related commands display ssh server Examples Configure the server to be compatible with SSH1 x clients Sysname system view System View return to User View with Ctrl Z Sysname ssh server com...

Page 800: ...User View with Ctrl Z Sysname ssh server rekey interval 3 1 1 28 ssh server timeout Syntax ssh server timeout seconds undo ssh server timeout View System view Parameters seconds Authentication timeout...

Page 801: ...the domain name part cannot be more than 128 characters Description Use the ssh user command to create an SSH user Use the undo ssh user to delete a specified SSH user Caution An SSH user created with...

Page 802: ...y rsa key keyname undo ssh user username assign publickey rsa key View System view Parameters username SSH user name a string of 1 to 184 characters It cannot contain any of these characters slash bac...

Page 803: ...rvice type 1 publickey 127 0 0 1 stelnet 1 1 31 ssh user authentication type Syntax ssh user username authentication type all password password publickey publickey rsa undo ssh user username authentic...

Page 804: ...as they pass one of the two authentications z SSH2 client users can access the switch only when they pass both the authentications Description Use the ssh user authentication type command to specify t...

Page 805: ...haracters stelnet Specifies that the user can access the secure Telnet service sftp Specifies that the user can access the SFTP service all Specifies that the user can access both services secure Teln...

Page 806: ...ange algorithm You can select one from the following two algorithms z dh_group1 Diffie Hellman group1 sha1 key exchange algorithm It is the default algorithm z dh_exchange_group Diffie Hellman group e...

Page 807: ...rver using publickey authentication an SSH client needs to read its own private key for authentication As two algorithms RSA or DSA are available the identity key keyword must be used to specify one a...

Page 808: ...1 6 1 1 6 file prompt 1 7 1 1 7 fixdisk 1 8 1 1 8 format 1 9 1 1 9 mkdir 1 10 1 1 10 more 1 11 1 1 11 move 1 12 1 1 12 pwd 1 12 1 1 13 rename 1 13 1 1 14 reset recycle bin 1 14 1 1 15 rmdir 1 16 1 1 1...

Page 809: ...txt or flash text txt z Entering the path name or file name directly This method can be used to specify a path or a file in the current work directory For example to access file text txt in the curren...

Page 810: ...ing the working directory using the cd command you can use the pwd command to display the current working directory 1 1 2 copy Syntax copy fileurl source fileurl dest View User view Parameter fileurl...

Page 811: ...e character in this argument as a wildcard For example the delete txt command deletes all the files with txt as their extensions running files Specifies to delete all the files with the main attribute...

Page 812: ...te the configuration files with the main backup attribute 3 Delete the Web files with the main backup attribute The corresponding messages are displayed as follows Delete the running image file Y N De...

Page 813: ...rrent directory Description Use the dir command to display the information about the specified files or directories in the Flash memory on a switch z If executed with the all keyword the command will...

Page 814: ...rw 3579326 Mar 28 2007 10 51 22 switch bin 2 rw 1235 Apr 03 2000 16 04 52 basic cfg 3 rw 140709 Apr 04 2000 21 31 08 cmdtree_b01d015 txt 4 rw 1235 Apr 04 2000 23 03 08 test txt 5 drw Apr 04 2000 23 04...

Page 815: ...ecuted but the executed operations will not be cancelled z Not every command in a batch file is sure to be executed For example if a certain command is not correctly configured the system omits this c...

Page 816: ...le related operations In this case the system is more likely to be damaged due to some maloperations For example z If the prompt mode is set to alert the following messages will be displayed when you...

Page 817: ...may become unavailable for reasons such as abnormal operations you can run this command to restore the space Example Restore space on the Flash memory Sysname fixdisk unit1 flash Fixdisk flash may ta...

Page 818: ...ified directory of a Flash memory Note that z The name of the subdirectory to be created must be unique under the specified directory Otherwise you will fail to create the subdirectory under the direc...

Page 819: ...ents of text files Example Display the content of the file named test txt Sysname more test txt AppWizard has created this test application for you This file contains a summary of what you will find i...

Page 820: ...e of the target file is specified the source file name is used as the target file name by default Example Move the file named 1 txt from unit1 flash to unit1 flash a with the name unchanged Sysname mo...

Page 821: ...dest View User view Parameter fileurl source Original path name or file name of a file in the Flash memory fileurl dest Target path name or file name Description Use the rename command to rename a fil...

Page 822: ...when you clear the files in the recycle bin on the local unit the system will ask for your confirmation for each file you want to delete However if you specify the force keyword in the command the sys...

Page 823: ...whether all the files in the recycle bin are deleted Sysname dir all Directory of flash 0 rwh 3080 Apr 26 2000 16 41 43 private data txt 1 rw 2416 Apr 26 2000 13 45 36 config cfg 2 rw 4036197 May 14 2...

Page 824: ...ory before deleting it Example Delete the directory named dd Sysname rmdir dd Rmdir unit1 flash dd Y N y Removed directory unit1 flash dd 1 1 16 undelete Syntax undelete file url View User view Parame...

Page 825: ...cifies app files configuration Specifies configuration files web Specifies Web files Description Use the boot attribute switch command to switch between the main and backup attribute for all the files...

Page 826: ...xt time on unit 1 1 2 3 boot boot loader backup attribute Syntax boot boot loader backup attribute file url View User view Parameter file url Path or the name of the app file in the Flash memory a str...

Page 827: ...e configuration of the main or backup attribute for a Web file takes effect immediately without restarting the device z After you upgrade a Web file you need to specify the new Web file in the Boot me...

Page 828: ...is switch bin The main boot app is switch bin The backup boot app is switchbak bin 1 2 6 display web package Syntax display web package View Any view Parameter None Description Use the display web pa...

Page 829: ...to disable the above function By default users have to use customized passwords to enter the BOOT menu You can use the display startup command in the Configuration File Management part of the manual t...

Page 830: ...2 1 ascii 1 6 1 2 2 binary 1 7 1 2 3 bye 1 7 1 2 4 cd 1 8 1 2 5 cdup 1 8 1 2 6 close 1 9 1 2 7 delete 1 10 1 2 8 dir 1 10 1 2 9 disconnect 1 12 1 2 10 ftp 1 12 1 2 11 get 1 13 1 2 12 lcd 1 14 1 2 13...

Page 831: ...27 1 4 7 get 1 28 1 4 8 help 1 29 1 4 9 ls 1 29 1 4 10 mkdir 1 30 1 4 11 put 1 31 1 4 12 pwd 1 31 1 4 13 quit 1 32 1 4 14 remove 1 32 1 4 15 rename 1 33 1 4 16 rmdir 1 33 1 4 17 sftp 1 34 Chapter 2 T...

Page 832: ...e display ftp server command to display the FTP server related settings of a switch when it operates as an FTP server including startup status number of users and so on You can use this command to ver...

Page 833: ...up to one user User count 0 The current login user number is 0 Timeout value in minute 30 The connection idle time is 30 minutes Note The H3C S3100 series Ethernet switch supports one user access at o...

Page 834: ...name display ftp user UserName HostIP Port Idle HomeDir administra tor 192 168 0 152 1031 0 flash Table 1 2 display ftp user command output description Field Description HostIP IP address of the FTP c...

Page 835: ...display ftp user UserName HostIP Port Idle HomeDir admin 192 168 0 152 1029 0 flash Disconnect the user named admin from the FTP server Sysname system view System View return to User View with Ctrl Z...

Page 836: ...rn to User View with Ctrl Z Sysname ftp server enable Start FTP server 1 1 5 ftp timeout Syntax ftp timeout minutes undo ftp timeout View System view Parameters minutes Idle timeout time in minutes in...

Page 837: ...P client view will be omitted to avoid repetition For the configuration of the command for entering FTP client view refer to ftp z When executing the FTP client configuration commands in this section...

Page 838: ...cription Use the binary command to specify that program files be transferred in binary mode which is used for transferring program files By default files are transferred in ASCII mode Related commands...

Page 839: ...sing Sysname 1 2 4 cd Syntax cd path View FTP client view Parameters path Path of the target directory Description Use the cd command to change the working directory on the remote FTP server Note that...

Page 840: ...ed commands cd pwd Examples Change the working directory to flash temp ftp cd flash temp Change the working directory to the parent directory ftp cdup Display the current directory ftp pwd 257 flash i...

Page 841: ...command successful 1 2 8 dir Syntax dir filename localfile View FTP client view Parameters filename Name of the file to be queried localfile Name of the local file where the query result is to be sav...

Page 842: ...12 21 default diag rwxrwxrwx 1 noone nogroup 377424 Apr 30 16 58 switch btm drwxrwxrwx 1 noone nogroup 0 Apr 28 11 41 test rwxrwxrwx 1 noone nogroup 2145 Apr 28 13 13 test txt rwxrwxrwx 1 noone nogrou...

Page 843: ...FTP client view ftp disconnect 221 Server closing ftp 1 2 10 ftp Syntax ftp cluster remote server port number View User view Parameters cluster Connects to the configured FTP server of a cluster For t...

Page 844: ...used when a file is downloaded and saved to the local device If this argument is not specified the source file name is used when a file is saved and downloaded to the local device Description Use the...

Page 845: ...rameters None Description Use the lcd command to display the local working directory on the FTP client If you have logged in to the FTP server you cannot modify the local working directory of the FTP...

Page 846: ...on The ls command only displays file names on an FTP server To query other file related information for example file size creation date and so on use the dir command Related commands pwd Examples Disp...

Page 847: ...FTP server ftp mkdir flash lanswitch 257 flash lanswitch new directory created 1 2 15 open Syntax open ip address server name port View FTP client view Parameters ip address IP address of an FTP serv...

Page 848: ...assive mode is adopted The differences between the passive mode and the active mode are z When working in the active mode an FTP client advertises a random port Port1 to an FTP server through TCP port...

Page 849: ...calfile Name of a local file to be uploaded remotefile File name used after a file is uploaded and saved on an FTP server Description Use the put command to upload a local file on an FTP client to an...

Page 850: ...ectory on the FTP server ftp pwd 257 flash temp is current directory 1 2 19 quit Syntax quit View FTP client view Parameters None Description Use the quit command to terminate FTP control connection a...

Page 851: ...nds Caution z This command is always valid when an H3C series Ethernet switch operates as the FTP server z If you use other FTP server software refer to related instructions to know whether the FTP se...

Page 852: ...2 rmdir Syntax rmdir pathname View FTP client view Parameters pathname Name of a directory on an FTP server Description Use the rmdir command to remove a specified directory on an FTP server Note that...

Page 853: ...bose View FTP client view Parameters None Description Use the verbose command to enable the verbose function which displays execution information of user operations and all FTP responses Use the undo...

Page 854: ...sers For the description of the numbers at the beginning of FTP output information refer to the corresponding section in RFC 959 1 3 SFTP Server Configuration Commands 1 3 1 sftp server enable Syntax...

Page 855: ...value If the idle timeout time exceeds the specified threshold the system disconnects the SFTP user automatically Examples Set the idle timeout time to 500 minutes Sysname system view System View ret...

Page 856: ...ote server Description Use the cd command to change the working path on the remote SFTP server If no remote path is specified this command displays the current working path Note z Use the cd command t...

Page 857: ...delete remote file 1 10 View SFTP client view Parameters remote file 1 10 Name of a file on the server 1 10 indicates that up to ten file names can be input These file names should be separated by spa...

Page 858: ...e command displays details about the files and folders in the specified directory in a list If no remote path is specified this command displays the files in the current working directory This command...

Page 859: ...ote SFTP server sftp client exit Bye Sysname 1 4 7 get Syntax get remote file local file View SFTP client view Parameters remote file Name of a file on the remote SFTP server local file Name of a loca...

Page 860: ...d is specified this command displays all the command names Examples View the help information about the get command sftp client help get get remote path local path Download file Default local path is...

Page 861: ...23 06 52 config cfg rwxrwxrwx 1 noone nogroup 225 Aug 24 08 01 pubkey2 rwxrwxrwx 1 noone nogroup 283 Aug 24 07 39 pubkey1 rwxrwxrwx 1 noone nogroup 225 Sep 28 08 28 pub1 drwxrwxrwx 1 noone nogroup 0...

Page 862: ...efault the local file name is used for the remote file if no remote file name is specified Examples Upload the file named config cfg to the remote SFTP server and save it as 1 txt sftp client put conf...

Page 863: ...and has the same effect as that of the commands bye and exit Examples Terminate a connection with the remote SFTP server sftp client quit Bye Sysname 1 4 14 remove Syntax remove remote file 1 10 View...

Page 864: ...s operation may take a long time Please wait Received status Success File successfully Removed 1 4 15 rename Syntax rename oldname newname View SFTP client view Parameters oldname Old file name newnam...

Page 865: ...wait Received status Success Directory successfully removed 1 4 17 sftp Syntax sftp host ip host name port num identity key dsa rsa prefer_kex dh_group1 dh_exchange_group prefer_ctos_cipher des aes128...

Page 866: ...thm is sha1_96 z sha1 HMAC algorithm hmac sha1 z sha1_96 HMAC algorithm hmac sha1 96 z md5 HMAC algorithm hmac md5 z md5_96 HMAC algorithm hmac md5 96 Description Use the sftp command to establish a c...

Page 867: ...mmand Manual For Soliton FTP SFTP TFTP H3C S3100 Series Ethernet Switches Chapter 1 FTP and SFTP Configuration Commands 1 36 Do you want to save the server s public key Y N y Enter password sftp clien...

Page 868: ...nary Syntax tftp ascii binary View System view Parameters ascii Transfers data in ASCII mode which is used for transferring text files binary Transfers data in binary mode which is used for transferri...

Page 869: ...before downloading a file the switch requests the size of the file to be downloaded to the TFTP server thus to ensure whether there is enough space on the Flash for file downloading If the TFTP server...

Page 870: ...dest file View User view Parameters tftp server IP address or the host name of a TFTP server a string of 1 to 20 characters If the switch belongs to a cluster the value cluster means to connect to the...

Page 871: ...962 bytes sent in 0 second s File uploaded successfully 2 1 4 tftp server acl Syntax tftp server acl acl number undo tftp server acl View System view Parameters acl number Basic ACL number in the ran...

Page 872: ...er console channel 1 7 1 1 8 info center enable 1 8 1 1 9 info center logbuffer 1 9 1 1 10 info center loghost 1 10 1 1 11 info center loghost source 1 11 1 1 12 info center monitor channel 1 12 1 1 1...

Page 873: ...name by default the name of channel 0 to channel 9 is in turn console monitor loghost trapbuffer logbuffer snmpagent channel6 channel7 channel8 channel9 Description Use the display channel command to...

Page 874: ...configuration of information channels the format of time stamp of the current system Sysname display info center Information Center enabled Log host the interface name of the source address Vlan inte...

Page 875: ...ion channel Log buffer Information about the log buffer including its state enabled or disabled its maximum size current size current messages information channel name and number number of dropped mes...

Page 876: ...buffersize argument ranges from 1 to 1 024 and defaults to 512 Filters output log information with a regular expression begin Displays the line that matches the regular expression and all the subseque...

Page 877: ...e channel name of the log buffer defaults to logbuffer Dropped messages The number of dropped messages Overwritten messages The number of overwritten messages when the buffer size is not big enough to...

Page 878: ...buffer command to display the status of the trap buffer and the records in the trap buffer Absence of the size buffersize argument indicates that all trap information is displayed Example Display the...

Page 879: ...tters only Description Use the info center channel name command to name the channel whose number is channel number as channel name Use the undo info center channel command to restore the default name...

Page 880: ...channel command to restore the default channel through which system information is output to the console By default output of information to the console is enabled with channel 0 as the default channe...

Page 881: ...nel name size buffersize undo info center logbuffer channel size View System view Parameter channel Sets the channel through which information outputs to the log buffer channel number Channel number r...

Page 882: ...hannel for the log host channel number Channel number ranging from 0 to 9 corresponding to the 10 channels of the system channel name Channel name by default the name of channel 0 to channel 9 is in t...

Page 883: ...system view System View return to User View with Ctrl Z Sysname info center loghost 202 38 160 1 1 1 11 info center loghost source Syntax info center loghost source interface type interface number und...

Page 884: ...mpagent channel6 channel7 channel8 channel9 Description Use the info center monitor channel command to set the channel through which information is output to user terminals Use the undo info center mo...

Page 885: ...utput to the SNMP agent By default output of system information to the SNMP NMS is enabled with a default channel name of snmpagent and a default channel number of 5 Related command snmp agent display...

Page 886: ...than informational to the log buffer The user can also set to output trap information of the IP module to a specified output destination Note that z If you do not use the module name argument to set o...

Page 887: ...DEBUG Output destina tion Module s allowe d Enable d disab led Severit y Enable d disab led Severit y Enable d disab led Severit y Consol e default all module s Enable d warning s Enable d debuggi ng...

Page 888: ...system information cannot be output to this channel Sysname system view Sysname info center source default channel snmpagent debug state off log state off trap state off Sysname info center source vl...

Page 889: ...e synchronous information output Sysname system view System View return to User View with Ctrl Z Sysname info center synchronous Current IC terminal output sync is on 1 1 16 info center timestamp Synt...

Page 890: ...adopted for debugging information Example Set the boot time stamp for debugging information Sysname system view System View return to User View with Ctrl Z Sysname info center timestamp debugging boot...

Page 891: ...o configure to add UTC time zone to the time stamp of the date type output in each direction of the information center Use the undo info center timestamp utc command to restore the default By default...

Page 892: ...s It ranges from 0 to 1 024 and defaults to 256 channel Sets the channel through which information is output to the trap buffer channel number Channel number ranging from 0 to 9 corresponding to the 1...

Page 893: ...reset logbuffer unit unit id View User view Parameter unit id Unit ID of the device the value can only be 1 Description Use the reset logbuffer command to clear information recorded in the log buffer...

Page 894: ...ble debugging terminal display Use the undo terminal debugging command to disable debugging terminal display By default debugging terminal display is disabled You can execute the terminal debugging co...

Page 895: ...the undo terminal monitor command to disable the function By default this function is enabled for console users and terminal users This command works only on the current terminal The debugging log tra...

Page 896: ...inal trapping Syntax terminal trapping undo terminal trapping View User view Parameter None Description Use the terminal trapping command to enable trap terminal display Use the undo terminal trapping...

Page 897: ...ds 1 9 1 3 1 debugging 1 9 1 3 2 display diagnostic information 1 10 1 3 3 terminal debugging 1 11 Chapter 2 Network Connectivity Test Commands 2 1 2 1 Network Connectivity Test Commands 2 1 2 1 1 pin...

Page 898: ...ton System Maintenance and Debugging H3C S3100 Series Ethernet Switches Table of Contents ii 3 1 15 schedule reboot delay 3 16 3 1 16 schedule reboot regularity 3 17 3 1 17 system monitor enable 3 18...

Page 899: ...where YYYY represents year ranging from 2000 to 2099 MM represents month ranging from 1 to 12 and DD represents day ranging from 1 to 31 Description Use the clock datetime command to set the current...

Page 900: ...ime in the form of HH MM SS end date end date of the summer time in the form of YYYY MM DD or MM DD YYYY offset time Offset of the summer time relative to the standard time in the form of HH MM SS Des...

Page 901: ...inated UTC time to generate a later time minus Specifies to subtract a time value based on the UTC time to generate an earlier time HH MM SS Time to be added or subtracted from the UTC time in the for...

Page 902: ...he three levels of views available on a switch from lower level to higher level z User view z System view z VLAN view Ethernet port view and so on If the current view is user view this command is used...

Page 903: ...n to User View with Ctrl Z Sysname interface GigabitEthernet 1 0 1 Sysname GigabitEthernet1 0 1 return Sysname 1 1 6 sysname Syntax sysname sysname undo sysname View System view Parameter sysname Syst...

Page 904: ...ysname LANSwitch LANSwitch 1 1 7 system view Syntax system view View User view Parameter None Description Use the system view command to enter system view from user view Related command quit return Ex...

Page 905: ...and time of the system Sysname display clock 18 36 31 beijing Sat 2002 02 02 Time Zone beijing add 01 00 00 Summer Time bj one off 01 00 00 2003 01 01 01 00 00 2003 08 08 01 00 00 Table 1 1 Field des...

Page 906: ...version Syntax display version View Any view Parameter None Description Use the display version command to display the version information about the switch system Specifically you can use this comman...

Page 907: ...e debugging option Debugging option all Specifies to disable all debugging Description Use the debugging command to enable system debugging Use the undo debugging command to disable system debugging B...

Page 908: ...splay diagnostic information command to display system diagnostic information or save system diagnostic information to a file with the extension diag in the Flash memory Example Save system diagnostic...

Page 909: ...rminal display for debugging information is disabled Note that z To display the debugging information on the terminal you need to configure both the terminal debugging and terminal monitor commands z...

Page 910: ...ssion unit MTU of the interface h ttl Specifies the time to live TTL value of the ICMP ECHO REQUEST packets in the range 1 to 255 By default the TTL value is 255 i interface type interface number Spec...

Page 911: ...hability of a host The executing procedure of the ping command is as follows First the source host sends an ICMP ECHO REQUEST packet to the destination host If the connection to the destination networ...

Page 912: ...of the packets to be sent so as to only display the addresses of those gateways on the path whose hop counts are not smaller than the hop count specified by the first ttl argument For example if the...

Page 913: ...TTL is reached During the procedure the system records the source address of each ICMP TTL timeout message in order to offer the path that the packets pass through to the destination If you find that...

Page 914: ...mmand Manual For Soliton System Maintenance and Debugging H3C S3100 Series Ethernet Switches Chapter 2 Network Connectivity Test Commands 2 5 14 15 16 17 18 18 26 0 115 18 26 0 115 339 ms 279 ms 279 m...

Page 915: ...cters device name File name in the form of unit NO flash which is used to indicate that the specified file is stored in the Flash memory of a specified switch Description Use the boot boot loader comm...

Page 916: ...xt startup Example Update the Boot ROM of the switch using the file named Switch btm Sysname boot bootrom Switch btm This will update Bootrom on unit 1 Continue Y N y Upgrading Bootrom please wait Upg...

Page 917: ...splay cpu unit unit id View Any view Parameter unit id Unit ID of a switch the value can only be 1 Description Use the display cpu command to display the CPU usage Example Display the CPU usage of thi...

Page 918: ...ard including slot number sub slot number the number of ports versions of PCB FPGA CPLD and Boot ROM software address learning mode interface board type and so on Example Display board information of...

Page 919: ...ly be 1 Description Use the display memory command to display the memory usage of a specified switch Example Display the memory usage of this switch Sysname display memory Unit 1 System Available Memo...

Page 920: ...ion Use the display power command to display the working state of the power supply of the switch Example Display the working state of the power supply Sysname display power Unit 1 power 1 State Normal...

Page 921: ...single or all transceivers If no error occurs None is displayed Table 3 5 shows the alarm information that may occur for the four types of transceivers Table 3 5 Description on the fields of display...

Page 922: ...rent is high TX bias low TX bias current is low TX power high TX power is high TX power low TX power is low Module not ready Module is not ready APD supply fault APD Avalanche Photo Diode supply fault...

Page 923: ...er fault TX fault TX fault PMA PMD receiver local fault PMA PMD receiver local fault PCS receive local fault PCS receive local fault PHY XS receive local fault PHY XS receive local fault TX bias high...

Page 924: ...terface Syntax display transceiver diagnosis interface interface type interface number View Any view Parameters interface type interface number Interface type and interface number Description Use the...

Page 925: ...the precision to 0 01 mA RX power dBM Digital diagnosis parameter RX power in dBM with the precision to 0 01 dBM TX power dBM Digital diagnosis parameter TX power in dBM with the precision to 0 01 dB...

Page 926: ...s every two wavelength values are separated by a comma z Electrical transceiver displayed as N A Transfer distance xx Transfer distance with xx representing km for single mode transceivers and m for o...

Page 927: ...part of the electrical label information of the anti spoofing pluggable transceiver customized by H3C on interface GigabitEthernet 1 2 2 Sysname display transceiver manuinfo interface gigabitethernet...

Page 928: ...down the system without saving the configurations Example Directly restart this switch without saving the current configuration Sysname reboot Start to check configuration with next startup configura...

Page 929: ...ied future date the switch will reboot at the specified time with at most one minute delay After you execute the schedule reboot at command without specifying a date the switch will z Reboot at the sp...

Page 930: ...The switch timer can be set to a precision of one minute that is the switch will reboot within one minute after the specified reboot date and time You can set the reboot waiting delay in two formats...

Page 931: ...oots at a specified time every day monday tuesday wednesday thursday friday saturday sunday indicates the week day when the switch reboots Description Use the schedule reboot regularity command to ena...

Page 932: ...enable undo system monitor enable View System view Parameter None Description Use the system monitor enable command to enable real time monitoring of the running status of the system Use the undo sys...

Page 933: ...that the specified file is stored in the Flash of a specified switch Description Use the xmodem get command to download files from the local device connected with the Console port of a switch through...

Page 934: ...ve QinQ Configuration Commands 2 1 2 1 Selective QinQ Configuration Commands 2 1 2 1 1 raw vlan id inbound 2 1 2 1 2 vlan vpn vid 2 2 2 1 3 vlan vpn selective enable 2 3 Chapter 3 VLAN Mapping Configu...

Page 935: ...guration of the current system Related commands vlan vpn enable vlan vpn inner cos trust vlan vpn tpid Examples Display the VLAN VPN configuration of the current system Sysname display port vlan vpn V...

Page 936: ...the default VLAN tag of the receiving port no matter whether or not the packet already carries a VLAN tag z If the packet already carries a VLAN tag the packet becomes a dual tagged packet z Otherwis...

Page 937: ...f the packet to determine whether the packet carries a VLAN tag or not Use the undo vlan vpn tpid command to restore the default TPID value The default TPID value is 0x8100 For the position and functi...

Page 938: ...VLAN VPN H3C S3100 Series Ethernet Switches Chapter 1 VLAN VPN Configuration Commands 1 4 Examples Set the global TPID value to 0x9100 Sysname system view System View return to User View with Ctrl Z...

Page 939: ...larger than or equal to the VLAN ID before the to keyword and 1 10 means that you can specify up to 10 VLANs VLAN ranges for this argument all Removes all configurations of encapsulating an outer VLAN...

Page 940: ...n vid vlan id View System view Parameters vlan id VLAN ID in the range 1 to 4094 Description Use the vlan vpn vid command to configure the outer VLAN tag for a selective QinQ policy that is the outer...

Page 941: ...Parameter None Description Use the vlan vpn selective enable command to enable the selective QinQ feature on a port With the selective QinQ feature enabled packets carrying specific inner VLAN tags a...

Page 942: ...ark new vlan id Specifies the target VLAN ID for VLAN mapping The new vlan id argument is in the range of 1 to 4094 Description Use the vlan mapping command in system view to define a global VLAN mapp...

Page 943: ...ne z With a global VLAN mapping rule defined in system view you cannot define any VLAN mapping rules in Ethernet port view Related commands vlan mapping enable Example Define a VLAN mapping rule on Et...

Page 944: ...red for a port the VLAN mapping function is enabled on the port at the same time In this case the vlan mapping enable command cannot be used to enable the VLAN mapping function again z The VLAN mappin...

Page 945: ...roup management protocol HGMP related protocols including neighbor discovery protocol NDP neighbor topology discovery protocol cluster member remote control MRC and Huawei authentication bypass protoc...

Page 946: ...can use the bpdu tunnel tunnel dmac command to change the destination MAC addresses of protocol packets to a specified multicast MAC address Caution z If this command is enabled on a port for a speci...

Page 947: ...mitted along a BPDU tunnel is 010f e200 0003 Caution z To prevent the devices in the service provider network from processing the tunnel packets as other protocol packets the MAC address for tunnel pa...

Page 948: ...rotocol packets transmitted along the BPDU tunnel s Related commands bpdu tunnel tunnel dmac Examples Display the private multicast MAC address configured for packets transmitted along the BPDU tunnel...

Page 949: ...5 1 1 11 history records 1 16 1 1 12 http operation 1 17 1 1 13 http string 1 17 1 1 14 hwping 1 18 1 1 15 hwping agent enable 1 19 1 1 16 jitter interval 1 19 1 1 17 jitter packetnum 1 20 1 1 18 pass...

Page 950: ...ndo count command to restore the default For tests except jitter test only one packet is sent in a probe In a jitter test you can use the jitter packetnum command to set the number of packets to be se...

Page 951: ...uration applies to ICMP UDP and jitter tests only Description Use the datasize command to configure the size of a test packet in a test Use the undo datasize command to restore the default Examples Se...

Page 952: ...must be an IP address Examples Set the destination IP address of an ICMP test to 169 254 10 3 Sysname system view System View return to User View with Ctrl Z Sysname hwping administrator icmp Sysname...

Page 953: ...e Examples Set the destination port number for a tcpprivate test to 9000 Sysname system view System View return to User View with Ctrl Z Sysname hwping administrator tcp Sysname hwping administrator t...

Page 954: ...004 11 25 16 28 55 0 Extend result SD Maximal delay 0 DS Maximal delay 0 Packet lost in test 0 Disconnect operation number 0 Operation timeout number 0 System busy operation number 0 Connection fail n...

Page 955: ...failures to connect with the remote end Drop operation number Number of system resource allocation failures Display the history records of HWPing tests Sysname hwping administrator icmp display hwping...

Page 956: ...d 10 unableToResolveDnsName Unable to resolve DNS domain name 11 invalidHostAddress Invalid host address LastRC Response code in the last ICMP response packet received The device does not support this...

Page 957: ...d to establish an HTTP connection DNS Resolve Min Time Minimal time used for a DNS resolution HTTP Test Total Time Total time used for an HTTP test DNS Resolve Max Time Maximum time used for a DNS res...

Page 958: ...rs 0 Drop operation number 0 Other operation errors 0 Jitter result RTT Number 100 Min Positive SD 1 Min Positive DS 1 Max Positive SD 6 Max Positive DS 8 Positive SD Number 38 Positive DS Number 25 P...

Page 959: ...e to the destination Positive DS Square Sum Sum of the square of positive jitter delays from the destination to the source Min Negative SD Minimum absolute value of negative jitter delays from the sou...

Page 960: ...dns test result Destination ip address 10 2 2 2 Send operation times 10 Receive response times 10 Min Max Average Round Trip Time 6 10 8 Square Sum of Round Trip Time 756 Last succeeded test time 2006...

Page 961: ...erver View HWPing test group view Parameters ip address IP address to be assigned to a domain name server DNS Description Use the dns server command to configure the IP address of a DNS server Use the...

Page 962: ...solved in the range of 1 to 60 characters Description Use the dns resolve target command to configure a domain name to be resolved Use the undo resolve target command to remove a domain name to be res...

Page 963: ...lt no file name is configured for FTP tests Related commands username password and ftp operation Note The filename command applies to FTP tests only Examples Specify to transmit config txt between HWP...

Page 964: ...CP tests Examples Set the automatic test interval to 10 seconds in an ICMP test Sysname system view System View return to User View with Ctrl Z Sysname hwping administrator icmp Sysname hwping adminis...

Page 965: ...rds Syntax history records number undo history records View HWPing test group view Parameters Number Maximum number of history records that can be saved in a test group in the range of 0 to 50 and 50...

Page 966: ...d to the HTTP server Description Use the http operation command to configure the HTTP operation mode By default the HTTP operation mode is get Note The http operation command applies to HTTP tests onl...

Page 967: ...http string command applies to HTTP tests only Related commands http operation Examples Set the webpage to be accessed by an HTTP test as index htm and the HTTP version as HTTP 1 0 Sysname system vie...

Page 968: ...or icmp 1 1 15 hwping agent enable Syntax hwping agent enable undo hwping agent enable View System view Parameters None Description Use the hwping agent enable command to enable the HWPing client func...

Page 969: ...ommand to restore the default By default the interval between sending jitter test packets is 20 milliseconds Related commands jitter packetnum Note The jitter interval command applies to jitter tests...

Page 970: ...jitter interval Note This command applies to jitter tests only Examples Configure to send 30 packets in a probe for a jitter test Sysname system view System View return to User View with Ctrl Z Sysnam...

Page 971: ...ith Ctrl Z Sysname hwping administrator ftp Sysname hwping administrator ftp test type ftp Sysname hwping administrator ftp password hwping 1 1 19 probe failtimes Syntax probe failtimes times undo pro...

Page 972: ...ails testcomplete Sends a trap after a test is finished testfailure Sends a trap when a test fails all Sends a trap when any of the above mentioned scenarios occurs Description Use the send trap comma...

Page 973: ...CP probes By default no source interface is specified for ICMP tests and no interface is configured for DHCP probes Note z For DHCP tests this command is required For ICMP tests this command is option...

Page 974: ...ts serves as the source IP address Note z For FTP tests this command is required This command does not apply to DHCP tests For other tests this command is optional z The specified source IP address by...

Page 975: ...Configure the source port number as 8000 for this HTTP test Sysname system view System View return to User View with Ctrl Z Sysname hwping administrator http Sysname hwping administrator http test ty...

Page 976: ...type Examples Configure the test type as an FTP test Sysname system view System View return to User View with Ctrl Z Sysname hwping administrator ftp Sysname hwping administrator ftp test type ftp 1...

Page 977: ...times undo test failtimes View HWPing test group view Parameters times Number of times of consecutive test failure in the range of 1 to 15 Description Use the test failtimes command to configure the...

Page 978: ...t packet Use the undo timeout command to restore the default value By default the probe timeout time is 3 seconds Examples Set the timeout time for one probe in an ICMP test to 10 seconds Sysname syst...

Page 979: ...View with Ctrl Z Sysname hwping administrator icmp Sysname hwping administrator icmp test type icmp Sysname hwping administrator icmp tos 1 1 1 29 username Syntax username name undo username View HWP...

Page 980: ...sname hwping administrator ftp Sysname hwping administrator ftp test type ftp Sysname hwping administrator ftp username administrator 1 2 HWPing Server Commands Note z A HWPing server is required for...

Page 981: ...address specified for a TCP listening service on the HWPing server port number Port number specified for a TCP listening service on the HWPing server The value ranges from 1 to 65535 It is not recomme...

Page 982: ...ss port number View System view Parameters ip address IP address from which a HWPing server performs UDP listening port number Port from which a HWPing server performs UDP listening The value ranges f...

Page 983: ...hernet Switches Chapter 1 HWPing Commands 1 34 Examples Enable UDP listening using 169 254 10 2 as the IP address and 9000 as the port number Sysname system view System View return to User View with C...

Page 984: ...1 12 display udp ipv6 statistics 1 20 1 1 13 dns server ipv6 1 21 1 1 14 ipv6 address 1 22 1 1 15 ipv6 address auto link local 1 23 1 1 16 ipv6 address eui 64 1 24 1 1 17 ipv6 address link local 1 25...

Page 985: ...H3C S3100 Series Ethernet Switches Table of Contents ii Chapter 2 IPv6 Application Configuration Commands 2 1 2 1 IPv6 Application Configuration Commands 2 1 2 1 1 ping ipv6 2 1 2 1 2 telnet ipv6 2 3...

Page 986: ...the cache including the domain name IPv6 address and TTL of the DNS entries You can use the reset dns ipv6 dynamic host command to clear all IPv6 dynamic domain name information from the cache Exampl...

Page 987: ...isplay ipv6 fib View Any view Parameters None Description Use the display ipv6 fib command to display all the IPv6 FIB entries The switch looks up a matching IPv6 FIB entry for forwarding an IPv6 pack...

Page 988: ...cription on the fields of the display ipv6 fib command Field Description Total number of Routes Total number of routes in the FIB Destination Destination address to which a packet is forwarded PrefixL...

Page 989: ...nfiguration Flags Flag indicating whether the entry is configured statically or acquired dynamically IPv6Address es IPv6 address corresponding to a host name 1 1 4 display ipv6 interface Syntax displa...

Page 990: ...onds Hosts use stateless autoconfig for addresses Table 1 4 Description on the fields of the display ipv6 interface command Field Description Vlan interface1 current state VLAN interface link state z...

Page 991: ...le time Neighbor reachable time which can be configured by using the ipv6 nd nud reachable time command ND retransmit interval Interval for retransmitting a neighbor solicitation NS message which can...

Page 992: ...terface is up IPv6 Address IPv6 address of the interface If no address is configured for the interface Unassigned will be displayed 1 1 5 display ipv6 neighbors Syntax display ipv6 neighbors ipv6 addr...

Page 993: ...information You can use the reset ipv6 neighbors command to clear specific IPv6 neighbor information Related commands ipv6 neighbor reset ipv6 neighbors Examples View all neighbor information Sysname...

Page 994: ...tatic configuration and D dynamic acquisition Age z For a static entry is displayed z For a dynamic entry the time in seconds since it is reachable last time is displayed and if it is never reachable...

Page 995: ...d information about the IPv6 routing table Description Use the display ipv6 route table command to display brief information about the routing table including the destination IP address prefix length...

Page 996: ...wing indicates the prefix length Protocol Routing protocol discovering the route NextHop Next hop address Interface Egress interface through which a packet is sent Display detailed information about t...

Page 997: ...3 a raw IP socket task id ID of a task in the range of 1 to 100 socket id ID of a socket in the range of 0 to 3072 Description Use the display ipv6 socket command to display information related to a s...

Page 998: ...ask name and ID of the created socket socketid ID assigned by the kernel to the created socket Proto Protocol ID LA Local address and local port number FA Remote address and remote port number sndbuf...

Page 999: ...0 forwarded 0 raw packets 30 discarded 0 routing failed 0 fragments 0 fragments failed 0 Received packets Total 572 local host 572 hopcount exceeded 0 format error 0 option error 0 protocol error 0 fr...

Page 1000: ...packets sent locally z Number of forwarded packets z Number of packets sent via raw socket z Number of discarded packets z Number of packets with routing failure z Number of sent fragment packets z N...

Page 1001: ...kets Total 126 checksum error 0 too short 0 bad code 0 unreached 10 too big 0 hopcount exceeded 0 reassembly timeout 0 parameter problem 0 unknown error type 0 echoed 17 echo replied 30 neighbor solic...

Page 1002: ...window probe packets 0 window update packets 0 checksum error 0 offset error 0 short error 0 duplicate packets 0 0 bytes partially duplicate packets 0 0 bytes out of order packets 3 0 bytes packets w...

Page 1003: ...t header z Number of duplicate packets z Number of partially duplicate packets z Number of out of order packets z Number of packets exceeding the receiving window size z Number of packets after the co...

Page 1004: ...SYN from the peer 1 1 11 display tcp ipv6 status Syntax display tcp ipv6 status View Any view Parameters None Description Use the display tcp ipv6 status command to display the IPv6 TCP connection st...

Page 1005: ...w Any view Parameters None Description Use the display udp ipv6 statistics command to display statistics of IPv6 UDP packets You can use the reset udp ipv6 statistics command to clear statistics of al...

Page 1006: ...ket on port Total number of received broadcast multicast packets without any socket on a port not delivered input socket full Number of packets not handled because of the receiving buffer being full i...

Page 1007: ...onfigure a site local address or global unicast address manually for an interface Use the undo ipv6 address command to remove the manually configured interface address By default no site local address...

Page 1008: ...s for an interface By default a link local address is generated automatically after a site local IPv6 address or global unicast address is configured for an interface Note that z After an IPv6 site lo...

Page 1009: ...r View with Ctrl Z Sysname interface Vlan interface 1 Sysname Vlan interface1 ipv6 address auto link local 1 1 16 ipv6 address eui 64 Syntax ipv6 address ipv6 address prefix length eui 64 undo ipv6 ad...

Page 1010: ...Vlan interface1 display ipv6 interface Vlan interface 1 Vlan interface1 current state UP Line protocol current state UP IPv6 is enabled link local address is FE80 2E0 FCFF FE00 3100 Global unicast ad...

Page 1011: ...ly generated one If you first adopt manual assignment and then automatic generation the automatically generated link local address will not take effect and the link local address of an interface is st...

Page 1012: ...ser View with Ctrl Z Sysname ipv6 host aaa 2001 1 1 1 19 ipv6 icmp error Syntax ipv6 icmp error bucket bucket size ratelimit interval undo ipv6 icmp error View System view Parameters bucket size Numbe...

Page 1013: ...ection in the range of 0 to 600 The default value is 1 When it is set to 0 the duplicate address detection is disabled Description Use the ipv6 nd dad attempts command to configure the attempts to sen...

Page 1014: ...d hop limit command to restore the default By default the hop limit of ICMPv6 reply packets is 64 Examples Set the hop limit of ICMPv6 reply packets to 100 Sysname system view System View return to Us...

Page 1015: ...retrans timer 10000 1 1 23 ipv6 nd nud reachable time Syntax ipv6 nd nud reachable time value undo ipv6 nd nud reachable time View VLAN interface view Parameters value Neighbor reachable time in mill...

Page 1016: ...ry Description Use the ipv6 neighbor command to configure a static neighbor entry Use the undo ipv6 neighbor command to remove a static neighbor entry Note that You can configure a static neighbor ent...

Page 1017: ...range of 1 to 2048 Description Use the ipv6 neighbors max learning num command to configure the maximum number of neighbors that can be dynamically learned on a specified interface Use the undo ipv6 n...

Page 1018: ...ress of an IPv6 static route as 0 the route configured becomes a default IPv6 route If the destination IP address of a packet does not match any entry in the routing table the device will use a defaul...

Page 1019: ...ameters all Clears the static and dynamic neighbor information on all interfaces dynamic Clears the dynamic neighbor information on all interfaces interface interface type interface number Clears all...

Page 1020: ...pv6 statistics command to display the statistics of IPv6 and ICMPv6 packets Examples Clear the statistics of IPv6 packets Sysname reset ipv6 statistics 1 1 30 reset tcp ipv6 statistics Syntax reset tc...

Page 1021: ...f IPv6 UDP packets Examples Clear the statistics of all IPv6 UDP packets Sysname reset udp ipv6 statistics 1 1 32 tcp ipv6 timer fin timeout Syntax tcp ipv6 timer fin timeout wait time undo tcp ipv6 t...

Page 1022: ...e synwait timer of IPv6 TCP packets in seconds in the range of 2 to 600 Description Use the tcp ipv6 timer syn timeout command to set the synwait timer of IPv6 TCP packets Use the undo tcp ipv6 timer...

Page 1023: ...escription Use the tcp ipv6 window command to set the size of IPv6 TCP receiving sending buffer Use the undo tcp ipv6 window command to restore the size of IPv6 TCP receiving sending buffer to the def...

Page 1024: ...the destination is received within the timeout time the interval to send the next ECHO REQUEST equals to the actual response period plus the value of interval z If no response from the destination is...

Page 1025: ...trl C to terminate the ping operation Examples Test whether destination 2001 1 is accessible Sysname ping ipv6 2001 1 PING 2001 1 56 data bytes press CTRL_C to break Reply from 2001 1 bytes 56 Sequenc...

Page 1026: ...Number of received packets 0 00 packet loss Packet loss percentage round trip min avg max 0 4 20 ms Minimum average maximum response time in milliseconds 2 1 2 telnet ipv6 Syntax telnet ipv6 remote s...

Page 1027: ...abort Can t connect to the remote host 2 1 3 tftp ipv6 Syntax tftp ipv6 remote system i interface type interface number get put source filename destination filename View User view Parameters remote sy...

Page 1028: ...ttl m max ttl p port q packet num w timeout remote system View Any view Parameters f first ttl Specifies the first TTL that is the allowed number of hops for the first packet Ranges from 1 to 255 def...

Page 1029: ...oute of the IPv6 packets from source to destination 3002 1 Sysname tracert ipv6 3002 1 traceroute to 3002 1 30 hops max 60 bytes packet 1 3003 1 30 ms 0 ms 0 ms 2 3002 1 10 ms 10 ms 0 ms 3 Table 2 2 D...

Page 1030: ...onfiguration Commands 1 1 1 1 DNS Configuration Commands 1 1 1 1 1 display dns domain 1 1 1 1 2 display dns dynamic host 1 2 1 1 3 display dns server 1 2 1 1 4 display ip host 1 4 1 1 5 dns domain 1 4...

Page 1031: ...on Commands 1 1 1 display dns domain Syntax display dns domain dynamic View Any view Parameters dynamic Displays DNS suffixes dynamically assigned through DHCP or other protocols Description Use the d...

Page 1032: ...host No Domain name Ipaddress TTL Alias 1 lm test h3c 172 1 223 1 3564 No Domain name Ipaddress TTL Alias 1 aaaa 172 1 223 2 3594 Table 1 2 Description on the fields of the display dns dynamic host co...

Page 1033: ...Servers Domain server Type IP Address 1 S 192 168 0 4 IPv6 DNS Servers Table 1 3 Description on the fields of the display dns server command Field Description Type Type of the DNS server S indicates...

Page 1034: ...Sysname display ip host Host Age Flags Address host com 0 static 192 168 0 38 Table 1 4 Description on the fields of the display ip host command Field Description Host Host name Age Time to live 0 mea...

Page 1035: ...ault You can configure a maximum of 10 DNS suffixes You must enter the DNS suffix before deleting it Otherwise all configured DNS suffixes are deleted Related commands display dns domain Note The DNS...

Page 1036: ...Sysname dns resolve 1 1 7 dns server Syntax dns server ip address undo dns server ip address View System view Parameters ip address IP address of the DNS Server Description Use the dns server command...

Page 1037: ...mapping between host name and IP address in the static DNS database Use the undo ip host command to remove the mapping No mappings are created by default Each host name can correspond to only one IP...

Page 1038: ...isplay the corresponding domain name for 192 168 3 2 Sysname nslookup type ptr 192 168 3 2 Trying DNS server 10 72 66 36 Name www host com Address 192 168 3 2 Display the corresponding IP address for...

Page 1039: ...1 3 flush enable control vlan 1 3 1 1 4 link aggregation group 1 4 1 1 5 port 1 5 1 1 6 port smart link group 1 6 1 1 7 reset smart link packets counter 1 7 1 1 8 smart link flush enable 1 7 1 1 9 sma...

Page 1040: ...sname display smart link flush Flush interface Ethernet1 0 1 Count of flush packets received 1 Time of last flush packet received 22 52 23 2006 04 01 Source MAC of last flush packet received 000f e20f...

Page 1041: ...N ID configured on the receiving port 1 1 2 display smart link group Syntax display smart link group group id all View Any view Parameter group id Smart link group ID in the range of 1 to 24 all Displ...

Page 1042: ...If no flush message is sent NA will be displayed 1 1 3 flush enable control vlan Syntax flush enable control vlan vlan id undo flush enable View Smart Link group view Parameter vlan id Control VLAN I...

Page 1043: ...the specified link aggregation group as the slave port of the Smart Link group Description Use the link aggregation group command to configure a link aggregation group as a member of the Smart Link gr...

Page 1044: ...roup Use the undo port command to remove the specified port from the Smart Link group Either a single port or a link aggregation group configured manually or statically can serve as a member for a Sma...

Page 1045: ...t smart link group command to remove the current port from the specified Smart Link group Either a single port or a link aggregation group configured manually or statically can serve as a member for a...

Page 1046: ...ple Clear the flush message statistics of Smart Link Sysname reset smart link packets counter 1 1 8 smart link flush enable Syntax z In Ethernet port view smart link flush enable control vlan vlan id...

Page 1047: ...fect Note The VLAN configured as a control VLAN for sending or receiving flush messages must exist You cannot directly remove the control VLAN When a dynamic VLAN is configured as a control VLAN for t...

Page 1048: ...eads you into Smart Link group view directly Use the undo smart link group command to remove the specified Smart Link group After creating a Smart Link group you must configure member ports for this S...

Page 1049: ...r link group command to display Monitor Link group information Example Display the information about Monitor Link group 1 Sysname display monitor link group 1 Monitor link group 1 information Member R...

Page 1050: ...ecified link aggregation group as a Monitor Link group member Use the undo link aggregation group command to remove the specified link aggregation group from the current Monitor Link group In Monitor...

Page 1051: ...monitor link group command to create a Monitor Link group and enter Monitor Link group view Use the undo monitor link group command to remove a Monitor Link group After the Monitor Link group is confi...

Page 1052: ...the specified port from the current Monitor Link group In Monitor Link a Monitor Link group member can be a single port a static link aggregation group but not a dynamic link aggregation group The upl...

Page 1053: ...d Monitor Link group Use the undo port monitor link group command to remove the current port from the specified Monitor Link group In Monitor Link a Monitor Link group member can be a single port a st...

Page 1054: ...e specified Smart Link group as the uplink port of the Monitor Link group Description Use the smart link group command to configure the specified Smart Link group as the uplink port of the Monitor Lin...

Page 1055: ...al 18 AAA 1 31 accounting on enable 18 AAA 1 32 acl 02 Login 2 1 acl 22 ACL 1 1 active region configuration 15 MSTP 1 1 add member 25 Stack Cluster 2 15 administrator address 25 Stack Cluster 2 16 am...

Page 1056: ...cute command 02 Login 1 3 B binary 30 FTP SFTP TFTP 1 7 black list 25 Stack Cluster 2 45 boot attribute switch 29 File System Management 1 17 boot boot loader 29 File System Management 1 17 boot boot...

Page 1057: ...ime 32 System Maintenance and Debugging 1 1 clock summer time 32 System Maintenance and Debugging 1 2 clock timezone 32 System Maintenance and Debugging 1 3 close 30 FTP SFTP TFTP 1 9 cluster 25 Stack...

Page 1058: ...ort Basic Configuration 1 5 description 22 ACL 1 2 destination ip 34 HWPing 1 2 destination port 34 HWPing 1 3 dhcp protective down recover enable 21 DHCP 2 1 dhcp protective down recover interval 21...

Page 1059: ...ile System Management 1 19 display boot loader 32 System Maintenance and Debugging 3 2 display bootp client 21 DHCP 3 3 display bpdu tunnel 33 VLAN VPN 4 3 display brief interface 09 Port Basic Config...

Page 1060: ...ay dns domain 36 DNS 1 1 display dns dynamic host 36 DNS 1 2 display dns ipv6 dynamic host 35 IPv6 Management 1 1 display dns server 36 DNS 1 2 display domain 18 AAA 1 12 display dot1x 17 802 1x Syste...

Page 1061: ...e 05 Management VLAN 1 1 display ip host 36 DNS 1 4 display ip interface 05 Management VLAN 1 2 display ip interface 06 IP Address IP Performance 1 1 display ip interface brief 05 Management VLAN 1 4...

Page 1062: ...egation 1 5 display link aggregation interface 10 Link Aggregation 1 1 display link aggregation summary 10 Link Aggregation 1 2 display link aggregation verbose 10 Link Aggregation 1 3 display link de...

Page 1063: ...P 1 4 display packet filter 22 ACL 1 6 display port 04 VLAN 1 10 display port combo 09 Port Basic Configuration 1 14 display port vlan vpn 33 VLAN VPN 1 1 display port mac 14 MAC Address Table Managem...

Page 1064: ...r 23 QoS QoS Profile 1 15 display radius scheme 18 AAA 1 36 display radius statistics 18 AAA 1 39 display rmon alarm 26 SNMP RMON 2 1 display rmon event 26 SNMP RMON 2 2 display rmon eventlog 26 SNMP...

Page 1065: ...ation 1 15 display stp 15 MSTP 1 4 display stp abnormalport 15 MSTP 1 8 display stp portdown 15 MSTP 1 9 display stp region configuration 15 MSTP 1 10 display stp root 15 MSTP 1 11 display system guar...

Page 1066: ...Maintenance and Debugging 1 8 display vlan 04 VLAN 1 3 display vlan 07 Voice VLAN 1 4 display voice vlan error info 07 Voice VLAN 1 1 display voice vlan oui 07 Voice VLAN 1 2 display voice vlan status...

Page 1067: ...rol 17 802 1x System Guard 1 12 dot1x port method 17 802 1x System Guard 1 14 dot1x quiet period 17 802 1x System Guard 1 15 dot1x re authenticate 17 802 1x System Guard 1 17 dot1x retry 17 802 1x Sys...

Page 1068: ...37 Smart Link Monitor Link 1 3 format 29 File System Management 1 9 free user interface 02 Login 1 10 free web users 02 Login 2 2 frequency 34 HWPing 1 14 ftp 30 FTP SFTP TFTP 1 12 ftp cluster 25 Sta...

Page 1069: ...cords 34 HWPing 1 16 holdtime 25 Stack Cluster 2 35 http operation 34 HWPing 1 17 http string 34 HWPing 1 17 hwping 34 HWPing 1 18 hwping agent enable 34 HWPing 1 19 hwping server enable 34 HWPing 1 3...

Page 1070: ...o center channel name 31 Information Center 1 7 info center console channel 31 Information Center 1 7 info center enable 31 Information Center 1 8 info center logbuffer 31 Information Center 1 9 info...

Page 1071: ...tatic binding 21 DHCP 1 12 ip pool 25 Stack Cluster 2 36 ipv6 address 35 IPv6 Management 1 22 ipv6 address auto link local 35 IPv6 Management 1 23 ipv6 address eui 64 35 IPv6 Management 1 24 ipv6 addr...

Page 1072: ...level 18 AAA 1 18 line rate 23 QoS QoS Profile 1 16 link aggregation group 37 Smart Link Monitor Link 1 4 link aggregation group 37 Smart Link Monitor Link 2 2 link aggregation group description 10 Li...

Page 1073: ...lticast 2 3 mac address multicast vlan 16 Multicast 2 4 mac address security 12 Port Security Port Binding 1 6 mac address timer 14 MAC Address Table Management 1 8 mac authentication 19 MAC Address A...

Page 1074: ...Mirroring 1 4 mirroring group monitor port 24 Mirroring 1 5 mirroring group reflector port 24 Mirroring 1 6 mirroring group remote probe vlan 24 Mirroring 1 6 mirroring port 24 Mirroring 1 7 mkdir 29...

Page 1075: ...mer 25 Stack Cluster 2 12 ntdp timer hop delay 25 Stack Cluster 2 13 ntdp timer port delay 25 Stack Cluster 2 14 ntp service access 27 NTP 1 5 ntp service authentication enable 27 NTP 1 7 ntp service...

Page 1076: ...ng 1 21 peer public key end 28 SSH 1 9 ping 32 System Maintenance and Debugging 2 1 ping ipv6 35 IPv6 Management 2 1 port 04 VLAN 1 10 port 09 Port Basic Configuration 1 32 port 37 Smart Link Monitor...

Page 1077: ...12 port security ntk mode 12 Port Security Port Binding 1 13 port security oui 12 Port Security Port Binding 1 14 port security port mode 12 Port Security Port Binding 1 15 port security timer disabl...

Page 1078: ...TP TFTP 1 31 pwd 29 File System Management 1 12 pwd 30 FTP SFTP TFTP 1 18 pwd 30 FTP SFTP TFTP 1 31 Q qos cos local precedence map 23 QoS QoS Profile 1 23 qos dscp local precedence map 23 QoS QoS Prof...

Page 1079: ...dynamic host 36 DNS 1 8 reset dns ipv6 dynamic host 35 IPv6 Management 1 33 reset dot1x statistics 17 802 1x System Guard 1 24 reset garp statistics 08 GVRP 1 6 reset hwtacacs statistics 18 AAA 1 74...

Page 1080: ...S QoS Profile 1 29 reset traffic statistic 23 QoS QoS Profile 1 30 reset traffic statistic vlan 23 QoS QoS Profile 1 30 reset trapbuffer 31 Information Center 1 21 reset udp ipv6 statistics 35 IPv6 Ma...

Page 1081: ...save 03 Configuration File Management 1 13 schedule reboot at 32 System Maintenance and Debugging 3 14 schedule reboot delay 32 System Maintenance and Debugging 3 16 schedule reboot regularity 32 Sys...

Page 1082: ...Monitor Link 1 8 smart link group 37 Smart Link Monitor Link 2 6 snmp agent 26 SNMP RMON 1 13 snmp agent calculate password 26 SNMP RMON 1 14 snmp agent community 02 Login 2 3 snmp agent community 26...

Page 1083: ...efault 28 SSH 1 26 ssh client assign 28 SSH 1 27 ssh client first time enable 28 SSH 1 29 ssh server authentication retries 28 SSH 1 30 ssh server compatible ssh1x enable 28 SSH 1 30 ssh server rekey...

Page 1084: ...MSTP 1 16 stp bridge diameter 15 MSTP 1 16 stp compliance 15 MSTP 1 17 stp config digest snooping 15 MSTP 1 19 stp cost 15 MSTP 1 20 stp dot1d trap 15 MSTP 1 21 stp edged port 15 MSTP 1 23 stp interfa...

Page 1085: ...15 MSTP 1 48 stp region configuration 15 MSTP 1 49 stp root primary 15 MSTP 1 50 stp root secondary 15 MSTP 1 51 stp root protection 15 MSTP 1 52 stp tc protection 15 MSTP 1 53 stp tc protection thres...

Page 1086: ...dress IP Performance 2 18 tcp timer syn timeout 06 IP Address IP Performance 2 19 tcp window 06 IP Address IP Performance 2 20 telnet 02 Login 1 25 telnet ipv6 02 Login 1 26 telnet ipv6 35 IPv6 Manage...

Page 1087: ...response timeout 18 AAA 1 81 time range 22 ACL 1 28 topology accept 25 Stack Cluster 2 52 topology restore from 25 Stack Cluster 2 53 topology save to 25 Stack Cluster 2 54 tos 34 HWPing 1 29 tracemac...

Page 1088: ...level 02 Login 1 28 user interface 02 Login 1 27 username 34 HWPing 1 30 user name format 18 AAA 1 65 user name format 18 AAA 1 81 V verbose 30 FTP SFTP TFTP 1 22 virtual cable test 09 Port Basic Con...

Page 1089: ...dix A Command Index A 35 voice vlan enable 07 Voice VLAN 1 7 voice vlan legacy 07 Voice VLAN 1 8 voice vlan mac address 07 Voice VLAN 1 8 voice vlan mode 07 Voice VLAN 1 9 voice vlan security enable 0...