H3C S6800 Series, Command Reference Manual

Page 1: ...H3C S6800 Switch Series VXLAN Command Reference Hangzhou H3C Technologies Co Ltd http www h3c com Software version Release 24xx Document version 6W102 20151130 ...

Page 2: ...ine SecPath SecCenter SecBlade Comware ITCMM and HUASAN are trademarks of Hangzhou H3C Technologies Co Ltd All other trademarks that may be mentioned in this manual are the property of their respective owners Notice The information in this document is subject to change without notice Every effort has been made in the preparation of this document to ensure accuracy of the contents but all statement...

Page 3: ...d text represents commands and keywords that you enter literally as shown Italic Italic text represents arguments that you replace with actual values Square brackets enclose syntax choices keywords or arguments that are optional x y Braces enclose a set of required syntax choices separated by vertical bars from which you select one x y Square brackets enclose a set of optional syntax choices separ...

Page 4: ...OTE An alert that contains additional or supplementary information TIP An alert that provides helpful information Network topology icons Convention Description Represents a generic network device such as a router switch or firewall Represents a routing capable device such as a router or Layer 3 switch Represents a generic switch such as a Layer 2 or Layer 3 switch or a router that supports Layer 2...

Page 5: ...ng SFP SFP QSFP transceiver modules Pluggable modules manual Describes the hot swappable modules available for the H3C switches their external views and specifications Software configuration Configuration guides Describe software features and configuration procedures Command references Provide a quick reference to all available commands Operations and maintenance MIB Companion Describes the MIBs f...

Page 6: ...Technical support service h3c com http www h3c com Documentation feedback You can e mail your comments about product documentation to info h3c com We appreciate your comments ...

Page 7: ...18 selective flooding mac address 19 service instance 19 shutdown 20 tunnel 20 tunnel bfd enable 21 tunnel global source address 22 vsi 23 vtep group member remote 24 vxlan 24 vxlan invalid udp checksum discard 25 vxlan invalid vlan tag discard 25 vxlan local mac report 26 vxlan tunnel mac learning disable 27 vxlan udp port 27 xconnect vsi 28 OVSDB commands 29 ovsdb server ca certificate 29 ovsdb ...

Page 8: ...lood suppression reduces ARP request broadcasts by enabling the VTEP to reply to ARP requests on behalf of VMs This feature snoops ARP packets to populate the ARP flood suppression table for local and remote MAC addresses If an ARP request has a matching entry the VTEP replies to the request on behalf of the VM If no match is found the VTEP floods the request to both local and remote sites Example...

Page 9: ...etwork admin network operator Parameters name vsi name Specifies a VSI by its name If you do not specify a VSI this command displays entries for all VSIs slot slot number Specifies an IRF member device by its member ID If you do not specify a member device this command displays entries on the master device count Displays the number of ARP flood suppression entries that match the command Examples D...

Page 10: ... group the command displays information about all multicast groups interface interface type interface number Specifies an interface by its type and number If you do not specify an interface the command displays multicast group information for all interfaces verbose Displays detailed multicast group information If you do not specify this keyword the command displays brief multicast group informatio...

Page 11: ...multicast groups on the interface Group address Group Address of the multicast group Member state Member state Delay The interface has joined the multicast group and it has started the delay timer for sending IGMP reports Idle The interface has joined the multicast group but it has not started the delay timer for sending IGMP reports The delay timer is not user configurable Expires Remaining delay...

Page 12: ...entries Examples Display MAC address entries for all VSIs Sysname display l2vpn mac address MAC Address State VSI Name Link ID Name Aging 0000 0000 000a Dynamic vpn1 1 Aging 0000 0000 000b Static vpn1 Tunnel10 NotAging 0000 0000 000c Dynamic vpn1 Tunnel60 Aging 0000 0000 000d Dynamic vpn1 Tunnel99 Aging 4 mac address es found Display the total number of MAC address entries in all VSIs Sysname disp...

Page 13: ...rfaces service instance instance id Specifies an Ethernet service instance by its ID in the range of 1 to 4096 If you do not specify an Ethernet service instance the command displays information about all Ethernet service instances on the specified interface verbose Displays detailed information about Ethernet service instances If you do not specify this keyword the command displays brief informat...

Page 14: ...d information about all Ethernet service instances on FortyGigE 1 0 3 Sysname display l2vpn service instance interface fortygige 1 0 3 verbose Interface FGE1 0 3 Service Instance 1 Encapsulation s vid 16 VSI Name vsi10 Link ID 1 State Up Statistics Enabled Input Statistics Octets 0 Packets 0 Output Statistics Octets 0 Packets 0 Service Instance 2 Encapsulation s vid 1001 only tagged VSI Name vsi11...

Page 15: ...state Up Down Statistics Packet statistics state Enabled Packet statistics is enabled for the Ethernet service instance Disabled Packet statistics is disabled for the Ethernet service instance Input Statistics Incoming traffic statistics Octets Number of incoming bytes Packets Number of incoming packets Output Statistics Outgoing traffic statistics Octets Number of outgoing bytes Packets Number of...

Page 16: ...dex 0 VSI State Up MTU 1500 Bandwidth Broadcast Restrain Multicast Restrain Unknown Unicast Restrain MAC Learning Enabled MAC Table Limit Drop Unknown Flooding Enabled VXLAN ID 10 Tunnels Tunnel Name Link ID State Type Flooding proxy Tunnel1 0x5000001 Up Manual Disabled Tunnel2 0x5000002 Up Manual Disabled MTunnel0 0x6002710 Up Auto Disabled ACs AC Link ID State FGE1 0 1 srv1000 0 Up Table 6 Comma...

Page 17: ...up proxy tunnel Its tunnel interface is up but the tunnel is blocked because the primary proxy tunnel is operating correctly Defect The tunnel interface is up but the VTEP has not received BFD control packets from the remote end for 5 seconds You must check for physical link or VXLAN tunnel problems This value is available in Release 2418P01 and later versions Down The tunnel interface is down Typ...

Page 18: ... Tunnel name Link ID State Type Flooding proxy Tunnel0 0x5000000 Up Auto Disabled Tunnel1 0x5000001 Up Manual Disabled Tunnel2 0x5000002 Up Manual Auto Disabled MTunnel0 0x6002710 Up Auto Disabled Table 7 Command output Field Description Link ID Tunnel s link ID in the VXLAN State Tunnel state Up The tunnel is operating correctly Blocked The tunnel is a backup proxy tunnel Its tunnel interface is ...

Page 19: ...n default encapsulation tagged untagged encapsulation s vid vlan id only tagged encapsulation s vid vlan id c vid vlan id undo encapsulation Default An Ethernet service instance does not contain a frame match criterion Views Ethernet service instance view Predefined user roles network admin Parameters default Matches frames that do not match any other Ethernet service instance on the interface tag...

Page 20: ...red by using the encapsulation s vid vlan id c vid vlan id command An Ethernet service instance can contain only one match criterion To change the match criterion you must remove the original criterion first When you remove the match criterion in an Ethernet service instance the mapping between the service instance and the VSI is removed automatically If the Ethernet service instance uses the defa...

Page 21: ...up to restore the default Syntax group group address source source address undo group group address source source address Default A VXLAN uses unicast mode head end replication for flood traffic No multicast group address or source IP address is specified for multicast VXLAN packets Views VXLAN view Predefined user roles network admin Parameters group address Specifies a multicast address in the r...

Page 22: ...e the IGMP host function on an interface Syntax igmp host enable undo igmp host enable Default The IGMP host function is disabled on an interface Views Interface view Predefined user roles network admin Usage guidelines For this command to take effect you must use the multicast routing command to enable IP multicast routing You must configure an interface as an IGMP host if its IP address is the s...

Page 23: ... add a static remote MAC address entry Use undo mac address static to remove a static remote MAC address entry Syntax mac address static mac address interface tunnel tunnel number vsi vsi name undo mac address static mac address interface tunnel tunnel number vsi vsi name Default VXLAN VSIs do not have static remote MAC address entries Views System view Predefined user roles network admin Paramete...

Page 24: ...has higher priority than the dynamic entry Examples Add the MAC address 000f e201 0101 to the VSI vsi1 and specify Tunnel interface 1 as the outgoing interface Sysname system view Sysname mac address static 000f e201 0101 interface tunnel 1 vsi vsi1 Related commands vxlan tunnel mac learning disable reserved vxlan Use reserved vxlan to specify the reserved VXLAN Use undo reserved vxlan to restore ...

Page 25: ... display arp suppression vsi arp suppression enable reset l2vpn mac address Use reset l2vpn mac address to clear dynamic MAC address entries learned in the data plane on VSIs Syntax reset l2vpn mac address vsi vsi name Views User view Predefined user roles network admin Parameters vsi vsi name Specifies a VSI by its name a case sensitive string of 1 to 31 characters If you do not specify a VSI the...

Page 26: ...e flooding disable command The VTEP will flood the frames destined for the specified MAC address to remote sites when unknown unicast floods are confined to the local site Examples Enable selective flood for 000f e201 0101 on the VSI vsi1 Sysname system view Sysname vsi vsi1 Sysname vsi vsi1 selective flooding mac address 000f e201 0101 Related commands flooding disable service instance Use servic...

Page 27: ... default Syntax shutdown undo shutdown Default VSIs are up Views VSI view Predefined user roles network admin Usage guidelines Use this command to temporarily disable a VSI to provide Layer 2 switching services The shutdown action does not change settings on the VSI You can continue to configure the VSI After you bring up the VSI again the VSI provides services based on the latest settings Example...

Page 28: ...primary proxy tunnel to forward broadcast multicast and unknown unicast traffic Other proxy tunnels are backups and they do not forward traffic when the primary proxy tunnel is operating correctly To change a flood proxy tunnel for a VXLAN perform the following tasks Use the undo tunnel command to remove the flood proxy tunnel Use the tunnel command to enable flood proxy on another tunnel and assi...

Page 29: ... VTEPs send BFD single hop control packets to detect the connectivity of VXLAN tunnels The VTEPs periodically send control packets to each other through the VXLAN tunnel A VTEP sets the tunnel state to Defect if it has not received control packets from the remote end for five seconds In this situation the tunnel interface state is still Up The tunnel state will change from Defect to Up if the VTEP...

Page 30: ...ess 1 1 1 9 vsi Use vsi to create a VSI and enter VSI view Use undo vsi to delete a VSI Syntax vsi vsi name undo vsi vsi name Default No VSIs are created on the device Views System view Predefined user roles network admin Parameters vsi name Specifies a VSI name a case sensitive string of 1 to 31 characters Usage guidelines A VSI acts as a virtual switch to provide Layer 2 switching services for a...

Page 31: ...on the device Views System view Predefined user roles network admin Parameters group ip Specifies a VXLAN VTEP group by its group IP address member ip 1 8 Specifies a space separated list of up to eight member VTEP IP addresses Examples Specify the VXLAN VTEP group 1 1 1 1 and its member VTEPs at 2 2 2 2 3 3 3 3 and 4 4 4 4 Sysname system view Sysname vtep group 1 1 1 1 member remote 2 2 2 2 3 3 3...

Page 32: ...m discard Default The device does not check the UDP checksum of VXLAN packets Views System view Predefined user roles network admin Usage guidelines This command enables the device to check the UDP checksum of VXLAN packets The device always sets the UDP checksum of VXLAN packets to 0 For compatibility with third party devices a VXLAN packet can pass the check if its UDP checksum is 0 or correct I...

Page 33: ...on the local VTEP To configure the access mode of an Ethernet service instance use the xconnect vsi command Examples Enable the device to drop VXLAN packets that have 802 1Q VLAN tags Sysname system view Sysname vxlan invalid vlan tag discard Related commands vxlan invalid udp checksum discard xconnect vsi vxlan local mac report Use vxlan local mac report to enable VXLAN local MAC change logging U...

Page 34: ...ac learning disable undo vxlan tunnel mac learning disable Default Remote MAC address learning is enabled Views System view Predefined user roles network admin Usage guidelines When network attacks occur use this command to prevent the device from learning incorrect remote MAC addresses in the data plane Examples Disable remote MAC address learning Sysname system view Sysname vxlan tunnel mac lear...

Page 35: ...arameters vsi name Specifies the VSI name a case sensitive string of 1 to 31 characters access mode Specifies an access mode By default the access mode is VLAN ethernet Specifies the Ethernet access mode vlan Specifies the VLAN access mode Usage guidelines To configure this command you must first use the encapsulation command to add a frame match criterion to the Ethernet service instance For traf...

Page 36: ...s If the Ethernet service instance uses the default tagged or untagged frame match criterion the access mode set by this command does not take effect The mapped VSI uses Ethernet access mode to process traffic Examples On FortyGigE 1 0 1 configure Ethernet service instance 200 to match frames with an outer 802 1Q VLAN tag of 200 and map the instance to the VSI vpn1 Sysname system view Sysname vsi ...

Page 37: ...chd cacert bootstrap ovsdb server certificate Use ovsdb server certificate to specify a certificate file for SSL Use undo ovsdb server certificate to remove the certificate file setting for SSL Syntax ovsdb server certificate cert filename undo ovsdb server certificate Default No certificate file is specified Views System view Predefined user roles network admin Parameters cert filename Specifies ...

Page 38: ...to specify a key file for SSL Use undo ovsdb private key to remove the key file setting for SSL Syntax ovsdb server private key key filename undo ovsdb server private key Default No key file is specified Views System view Predefined user roles network admin Parameters key filename Specifies the key file name a case insensitive string The file name cannot contain the slot string Usage guidelines Yo...

Page 39: ...device can listen for OVSDB SSL connection requests on only one port If you execute this command multiple times the most recent configuration takes effect Before you use this command specify a key file certificate file and CA certificate file for SSL This command takes effect after you execute the ovsdb server enable command Examples Enable the device to listen for OVSDB SSL connection requests on...

Page 40: ...x ovsdb server ssl ipv4 address port port number undo ovsdb server ssl ipv4 address port port number Default The device does not have active SSL connections Views System view Predefined user roles network admin Parameters ssl ipv4 address Specifies the destination IPv4 address for the SSL connection port port number Specifies the destination port for the SSL connection The value range for the port...

Page 41: ...OVSDB TCP connections This command takes effect after you execute the ovsdb server enable command Examples Establish an active OVSDB TCP connection to port 6632 at 10 0 2 15 Sysname system view Sysname ovsdb server tcp 10 0 2 15 port 6632 vtep access port Use vtep access port to specify a site facing interface as a VTEP access port Use undo vtep access port to restore the default Syntax vtep acces...

Page 42: ...vxlan tunnel service node Use vxlan tunnel service node to enable flood proxy on multicast VXLAN tunnels Use undo vxlan tunnel service node to disable flood proxy on multicast VXLAN tunnels Syntax vxlan tunnel service node undo vxlan tunnel service node Default Flood proxy is disabled on multicast VXLAN tunnels Views System view Predefined user roles network admin Usage guidelines You must enable ...

Page 43: ...36 Examples Enable flood proxy on all multicast VXLAN tunnels Sysname system view Sysname vxlan tunnel service node ...

Page 44: ...vsdb server enable 30 ovsdb server private key 31 ovsdb server pssl 32 ovsdb server ptcp 32 ovsdb server ssl 33 ovsdb server tcp 33 R reserved vxlan 17 reset arp suppression vsi 18 reset l2vpn mac address 18 S selective flooding mac address 19 service instance 19 shutdown 20 T tunnel 20 tunnel bfd enable 21 tunnel global source address 22 V vsi 23 vtep access port 34 vtep enable 35 vtep group memb...