Huawei Quidway S2000 Series, Command Manual

Page 1: ...1 Getting Started 2 Port 3 VLAN 4 Multicast 5 QoS ACL 6 Integrated Management 7 STP 8 Security 9 Network Protocol 10 System Management 11 Appendix Quidway S2000 Series Ethernet Switches Command Manual VRP3 10 ...

Page 2: ...chase the products from the sales agent of Huawei Technologies Co Ltd please contact our sales agent If you purchase the products from Huawei Technologies Co Ltd directly Please feel free to contact our local office customer care center or company headquarters Huawei Technologies Co Ltd Address Administration Building Huawei Technologies Co Ltd Bantian Longgang District Shenzhen P R China Postal C...

Page 3: ... Tellwin Inmedia VRP DOPRA iTELLIN HUAWEI OptiX C C08iNET NETENGINE OptiX iSite U SYS iMUSE OpenEye Lansway SmartAX infoX TopEng are trademarks of Huawei Technologies Co Ltd All other trademarks mentioned in this manual are the property of their respective holders Notice The information in this manual is subject to change without notice Every effort has been made in the preparation of this manual ...

Page 4: ...thernet Switches Operation Manual It is used for assisting the users in data configurations and typical applications Organization Quidway S2000 Series Ethernet Switches Command Manual consists of the following parts z Getting Started This module introduces the commands used for accessing the Ethernet Switch z Port This module introduces the commands used for configuring Ethernet port link aggregat...

Page 5: ...ds used for system management and maintenance z Appendix This module includes all the commands in this command manual which are arranged alphabetically Intended Audience The manual is intended for the following readers z Network engineers z Network administrators z Customers who are familiar with network fundamentals Conventions The manual uses the following conventions I General conventions Conve...

Page 6: ...by vertical bars Many or none can be selected III GUI conventions Convention Description Button names are inside angle brackets For example click the OK button Window names menu items data table and field names are inside square brackets For example pop up the New User window Multi level menus are separated by forward slashes For example File Create Folder IV Keyboard operation Format Description ...

Page 7: ...t button and drag it to a certain position VI Symbols Eye catching symbols are also used in the manual to highlight the points worthy of special attention during the operation They are defined as follows Caution Warning Means reader be extremely careful during the operation Note Means a complementary description ...

Page 8: ...HUAWEI Quidway S2000 Series Ethernet Switches Command Manual 1 Getting Started ...

Page 9: ... 10 header 1 8 1 1 11 history command max size 1 9 1 1 12 idle timeout 1 9 1 1 13 language mode 1 10 1 1 14 lock 1 11 1 1 15 parity 1 11 1 1 16 quit 1 12 1 1 17 return 1 12 1 1 18 screen length 1 13 1 1 19 send 1 14 1 1 20 service type telnet 1 14 1 1 21 set authentication password 1 15 1 1 22 shell 1 16 1 1 23 speed 1 17 1 1 24 stopbits 1 18 1 1 25 super 1 18 1 1 26 super password 1 19 1 1 27 sys...

Page 10: ...terface vlan interface 2 3 2 1 5 display ip routing table 2 4 2 1 6 display ip routing table ip_address 2 5 2 1 7 display ip routing table ip_address1 ip_address2 2 8 2 1 8 display ip routing table verbose 2 9 2 1 9 interface vlan interface 2 10 2 1 10 ip address 2 11 2 1 11 ip host 2 12 2 1 12 ip route static 2 12 2 1 13 shutdown 2 13 ...

Page 11: ...ntication mode none command you can configure no authentication This command with the password parameter indicates to perform local password authentication that is you need to configure a login password using the set authentication password cipher simple password command This command with the scheme parameter indicates to perform authentication of local or remote username and password The type of ...

Page 12: ...ly This command is usually used to configure the telnet command on the terminal which will connect the user to a designated device automatically By default auto run is disabled Caution 1 If you execute this command the user interface can no longer be used to perform routine configurations on the local system Therefore use caution when using this command 2 Ensure that you will be able to log into t...

Page 13: ...them to operate in corresponding views When a user logs in the switch the command level that it can access depends on two points One is the command level that the user itself can access the other is the set command level of this user interface If the two levels are different the former will be taken For example the command level of VTY 0 user interface is 1 however user Tom has the right to access...

Page 14: ...n restore the default bits of the AUX Console This command can only be performed in AUX user interface view By default the value is 8 Example Configure the data bits of AUX Console port to 7 bits Quidway ui aux0 databits 7 1 1 5 display history command Syntax display history command View Any view Parameter none Description Using display history command command you can view the saved history comman...

Page 15: ...es user interface type absolute relative index transmission speed priority and authentication methods Example Display the relational information of user interface 0 Quidway display user interface 0 Idx Type Tx Rx Modem Privi Auth F 0 AUX 0 9600 3 N Current user interface is active F Current user interface is active and work in async mode Idx Absolute index of user interface Type Type and relative ...

Page 16: ...ameter all Display the information of all user interfaces Description Using display users command you can view the information of the user interface Example Display the information of the current user interface Quidway display users UI Delay IPaddress Username F 0 AUX 0 00 00 00 Table 1 2 Output description of the display users command Field Description F Current user interface is in use and work ...

Page 17: ...do flow control command you can restore the default flow control mode This command can only be performed in AUX user interface view By default the value is none That is no flow control will be performed Example Configure software flow control on AUX Console port Quidway ui aux0 flow control software 1 1 9 free user interface Syntax free user interface type number View User view Parameter type Spec...

Page 18: ...login View System view Parameter login Configures to display login information shell Configures to display the header of setting up a session for the user incoming Configures to display the login header text Specifies the header content Description Using header command you can configure to display header when user login Using undo header command you can configure not to display the header When the...

Page 19: ...ax size Syntax history command max size value undo history command max size View User interface view Parameter value Defines the size of the history buffer ranging from 0 to 256 By default the size is 10 that is 10 history commands can be saved Description Using history command max size command you can configure the size of the history command buffer Using undo history command max size command you...

Page 20: ...meout idle timeout 0 means disabling idle timeout By default idle timeout is set to 10 minutes Example Configure the timeout value to 1 minute on the AUX user interface Quidway ui aux0 idle timeout 1 0 1 1 13 language mode Syntax language mode chinese english View User view Parameter chinese Configures the language environment of command line interface as Chinese english Configures the language en...

Page 21: ...rrent user interface Quidway lock Password xxxx Again xxxx 1 1 15 parity Syntax parity even mark none odd space undo parity View User interface view Parameter even Configures to perform even parity mark Configures to perform mark parity none Configures not to perform parity odd Configures to perform odd parity space Configures to perform space parity Description Using parity command you can config...

Page 22: ...16 quit Syntax quit View Any view Parameter none Description Using quit command you can return to the lower level view from the current view If the current view is user view you can quit the system There are three levels of views which are listed from low to high as follows z User view z System view z VLAN view Ethernet port view and so on For the related commands see return system view Example Re...

Page 23: ...h Syntax screen length screen length undo screen length View User interface view Parameter screen length Specifies how many lines can be displayed on a screen ranging from 0 to 512 The default value is 24 Description Using screen length command you can configure how many lines that can be displayed on a screen of the terminal Using undo screen length command you can restore the default number of t...

Page 24: ...le Send message to all the user interfaces Quidway send all 1 1 20 service type telnet Syntax service type telnet level level undo service type telnet level View Local user view Parameter level Specifies which level of command a user can use after logon ranging from 0 to 3 and defaults to level 1 Description Using service type telnet command you can configure which level of command a user can use ...

Page 25: ...irect network service to the user z Management level These are commands that influence the basic operation of the system and system support module which plays a supporting role on service Commands of this level involve file system commands FTP commands TFTP commands XModem downloading commands user management commands and level setting commands Example Configure the user zbr to use commands at lev...

Page 26: ... and in encrypted text for example _ TT8F Y 5SQ Q MAF4 1 Description Using set authentication password command you can configure the password for local authentication Using undo set authentication password command you can cancel local authentication password The password in plain text is required when performing authentication regardless whether the configuration is plain text or encrypted text No...

Page 27: ...ore executing this command on any legal user interface Example Disable terminal service on the vty user interface 0 to 4 after logging in to the Ethernet switch via user interface 0 Quidway user interface vty 0 4 Quidway ui vty0 4 undo shell The following message will be displayed on the Telnet terminal after logon Connection to host lost 1 1 23 speed Syntax speed speed value undo speed View User ...

Page 28: ...Parameter 1 Sets 1 stop bit 1 5 Sets 1 5 stop bits 2 Sets 2 stop bits Description Using stopbits command you can configure the stop bits on the AUX Console port Using undo stopbits command you can restore the default stop bits This command can only be performed in AUX user interface view By default the value is 1 Example Configure 2 stop bits on the AUX Console port Quidway ui aux0 stopbits 2 1 1 ...

Page 29: ...ple cipher password undo super password level level View System view Parameter level User level ranging from 1 to 3 The default value is 3 i e do not specify user level It means the password to be set is used for entering level 3 simple Configure plain text password cipher Configure encrypted text password password If the authentication is in the simple mode the password must be in plain text If t...

Page 30: ...Example Configure the password to zbr for changing the user from the current level to level 3 Quidway super password level 3 simple zbr 1 1 27 sysname Syntax sysname text undo sysname View System view Parameter text Specifies the hostname with a character string ranging from 1 to 30 characters The default name is Quidway Description Using sysname command you can configure the hostname of the Ether...

Page 31: ...p address Specifies the IP address or the hostname of the remote Ethernet switch If it is the hostname the Ethernet switch must have the function of static resolution service port Designates the TCP port on the remote Ethernet switch providing Telnet service ranging from 0 to 65535 Description Using telnet command you can log in to another Ethernet switch from the current one via telnet for remote...

Page 32: ...ast number Specifies the number of the last user interface to be configured Description Using user interface command you can enter single user interface view or multiple user interface views to configure the corresponding user interfaces Example Enter user interface view 0 through 5 that is 1 AUX Console port user interface view and 5 VTY user interface views Quidway user interface 0 5 Quidway ui0...

Page 33: ...er interface By default a user can access the commands at Level 3 after logging in through the AUX user interface and the commands at Level 0 after logging in through the VTY user interface Example Configure to use commands level 0 after logging in from VTY 0 user interface Quidway ui vty0 user privilege level 0 After you telnet from VTY 0 user interface to the switch you will view the terminal on...

Page 34: ...face Vlan interface1 is the management VLAN interface name Description Using description command you can configure the description character string of management VLAN interface Using undo description command you can restore the default description character string of management VLAN interface For the related command see display interface vlan interface Example Configure the description character s...

Page 35: ...ames Format is PKTFMT_ETHNT_2 Hardware address is 00e0 fc07 4101 Internet Address is 10 1 1 1 24 Primary Description HUAWEI Quidway Series Vlan interface1 Interface The Maximum Transmit Unit is 1500 Table 2 1 Output description of display interface vlan interface command Field Description Vlan interface1 current state The current state of management VLAN interface Line protocol current state The c...

Page 36: ...terface vlan interface Syntax display ip interface vlan interface vlan id View Any view Parameter vlan id Specifies the management VLAN interface ID Description Using display ip interface vlan interface command you can view the information about the management VLAN interface Example Display the information about the management VLAN interface 1 Quidway display ip interface vlan interface 1 Vlan int...

Page 37: ...This command displays routing table information in summary form Each line represents one route The contents include destination address mask length protocol preference metric next hop and output interface Only current used route i e best route is displayed using display ip routing table command Example View the summary of routing table Quidway display ip routing table Routing Table public net Dest...

Page 38: ... It ranges from 0 to 32 when it is expressed with integer verbose With the verbose parameter this command displays the verbose information of both the active and inactive routes Without the parameter this command only displays the summary of active routes longer match Address route matching the destination address in natural mask range Description Using display ip routing table ip_address command ...

Page 39: ...4 There is no corresponding route only the longest matching route is displayed in natural mask range and summary is displayed Quidway display ip routing table 169 253 0 0 Routing Tables Summary count 1 Destination Mask Proto Pre Cost Nexthop Interface 169 0 0 0 8 Static 60 0 2 1 1 1 LoopBack1 There are corresponding routes in the natural mask range Display the detailed information Quidway display ...

Page 40: ...ive Both Next hop in use Summary count 1 Destination 169 0 0 0 Mask 255 0 0 0 Protocol Static Preference 60 NextHop 2 1 1 1 Vlinkindex 0 State Int ActiveU Static Unicast Age 3 47 Cost 0 0 Table 2 5 Description of information generated by the command display ip routing table ip_address Field Description Destination Destination address Mask Mask Proto Routing protocol Preference Routing preference N...

Page 41: ...y NotInstall The routing protocol generally selects the route with the highest precedence from its routing table then places it in its core routing table and redistributes it Although the NotInstall route cannot be placed in the core routing table it is possibly that it is selected and redistributed Reject Unlike the normal routes the Reject route will discard the packets that select it as their r...

Page 42: ...Proto Pre Cost Nexthop Interface 1 1 1 0 24 DIRECT 0 0 1 1 1 1 Vlan interface1 1 1 1 1 32 DIRECT 0 0 127 0 0 1 InLoopBack0 2 2 2 0 24 DIRECT 0 0 2 2 2 1 Vlan interface2 For detailed description of the output information see Table 2 4 2 1 8 display ip routing table verbose Syntax display ip routing table verbose View Any view Parameter none Description Using display ip routing table verbose command...

Page 43: ...27 0 0 1 InLoopBack0 State NoAdvise Int ActiveU Retain Gateway Unicast Age 20 17 42 Cost 0 0 Destination 2 2 2 0 Mask 255 255 255 0 Protocol DIRECT Preference 0 NextHop 2 2 2 1 Interface 2 2 2 1 Vlan interface2 State Int ActiveU Retain Unicast Age 20 08 05 Cost 0 0 First display statistics of the whole routing table and then output detailed information of every route entry in turn The meaning of r...

Page 44: ...Example Enter the view of management VLAN interface 1 Quidway interface vlan interface 1 2 1 10 ip address Syntax ip address ip address net mask undo ip address ip address net mask View VLAN interface view Parameter ip address Configures the IP address of the management VLAN interface net mask Configures the mask of the management VLAN interface Description Using ip address command you can configu...

Page 45: ...gure the host name and corresponding IP address Using undo ip host command you can cancel the host name and corresponding IP address By default the host name and corresponding IP address are none For the related command see display ip host Example Configure the IP address of the host named Lanswtich2 at 10 110 0 2 Quidway ip host Lanswtich2 10 110 0 2 2 1 12 ip route static Syntax ip route static ...

Page 46: ...1 to 255 reject Specifies an unreachable route blackhole Specifies a blackhole route Description Using ip route static command you can configure a static route Using undo ip route static command you can cancel the configured static route By default the system can obtain the sub net route directly connected with the router When configuring a static route the default preference is 60 if it is not sp...

Page 47: ...nable the management VLAN interface By default when all the Ethernet ports belonging to the management VLAN are in down status the management VLAN interface is also down i e the management VLAN interface is disabled When there is one or more Ethernet ports in up status the management VLAN interface is also up i e the management VLAN interface is enabled Example Enable the management VLAN interface...

Page 48: ...HUAWEI Quidway S2000 Series Ethernet Switches Command Manual 2 Port ...

Page 49: ...enable 1 10 1 1 14 loopback detection interval time 1 11 1 1 15 loopback detection per vlan enable 1 12 1 1 16 mdi 1 12 1 1 17 port access vlan 1 13 1 1 18 port hybrid pvid vlan 1 13 1 1 19 port hybrid vlan 1 14 1 1 20 port link type 1 15 1 1 21 port trunk permit vlan 1 16 1 1 22 port trunk pvid vlan 1 16 1 1 23 port vlan filter disable 1 17 1 1 24 reset counters interface 1 18 1 1 25 shutdown 1 1...

Page 50: ...Command Manual Port Quidway S2000 Series Ethernet Switches Table of Contents ii 3 1 4 port mirror observing port 3 3 ...

Page 51: ...st traffic is allowed Description Using broadcast suppression command you can configure the broadcast traffic size enabled on port Once the broadcast traffic exceeds the value set by the user the system will discard some broadcast to ensure network service so that the traffic ratio of broadcast is maintained in a proper range Using undo broadcast suppression command you can restore the default bro...

Page 52: ...rface_type interface_type interface_num interface_name View Any view Parameter interface_type Specifies the port type interface_num Specifies the port number interface_name Specifies the port name in the interface_name interface_type interface_num format For parameter description refer to the interface command Description Using display interface command you can view the configuration information o...

Page 53: ... Maximum Frame Length is 1522 Broadcast MAX ratio 100 PVID 1 Mdi type auto Port link type access Tagged VLAN ID none Untagged VLAN ID 1 Last 5 minutes input 0 packets sec 0 bytes sec Last 5 minutes output 0 packets sec 0 bytes sec input total 0 packets 0 bytes 0 broadcasts 0 multicasts input normal packets bytes broadcasts multicasts input 0 input errors 0 runts 0 giants throttles 0 CRC 0 frame ov...

Page 54: ...imum length of the Ethernet frames that can pass through the port Broadcast MAX ratio Port broadcast storm suppression ratio PVID Port default VLAN ID Mdi type Cable type Port link type Port link type Tagged VLAN ID The VLANs with packets tagged Untagged VLAN ID The VLANs with packets untagged Last 5 minutes output 0 packets sec 0 bytes sec Last 5 minutes input 0 packets sec 0 bytes sec The input ...

Page 55: ...ging time command Field Description The mac aging time of lock port 1 hour s The lock port mac aging time is 1 hour 1 1 5 display loopback detection Syntax display loopback detection View Any view Parameter none Description Using display loopback detection command you can view whether the port loopback detection has been enabled If it has been enabled then the time interval of the detection and th...

Page 56: ...ay port Syntax display port hybrid trunk View Any view Parameter hybrid Display Hybrid port Trunk Display Trunk port Description Using display port command you can view the ports in the current system whose link type is Hybrid or Trunk If there is any such port display the corresponding port name Example Display the Hybrid ports in the current system Quidway display port hybrid Now the following h...

Page 57: ... mode By default the duplex attribute is auto For the related command see speed Example Configure the Ethernet port Ethernet0 1 as auto negotiation attribute Quidway Ethernet0 1 duplex auto 1 1 8 flow control Syntax flow control undo flow control View Ethernet port view Parameter none Description Using flow control command you can enable flow control feature on the Ethernet port to avoid discardin...

Page 58: ...nges from 1 to 18 Slot 1 contains the extended 100M optical Ethernet port and the port number can be 1 only For S2403H Ethernet Switch Ethernet slot number ranges from 0 to 1 Slot 0 contains the fixed 100M Ethernet ports provided by the switch and the port number ranges from 1 to 25 Slot 1 contains the extended 100M optical port The port number can only be 1 interface_name Specifies the port name ...

Page 59: ... For the related command see display lock port mac aging time Example Configure the MAC address table corresponding to the lock port to be aged in 2 hours Quidway lock port mac aging 2 1 1 11 loopback Syntax loopback external internal View Ethernet port view Parameter external External loop test internal Internal loop test Description Using loopback command you can configure the Ethernet port to p...

Page 60: ...r control meantime deletes the port corresponding MAC address entry Using the undo loopback detection control enable command you can disable this function that is when the system finds out that port on a certain VLAN on Trunk or Hybrid port is looped back it only reports the Trap information The Trunk or Hybrid port is still operates in the normal state By default loopback detection controlled fun...

Page 61: ...ommand see display loopback detection Example Enable the port loopback detection Quidway loopback detection enable 1 1 14 loopback detection interval time Syntax loopback detection interval time time undo loopback detection interval time View System view Parameter time Specifies the interval of monitoring external loopback conditions of the port It ranges from 5 to 300 measured in seconds By defau...

Page 62: ...ion per vlan enable command you can configure that the system only performs loopback detection to the default VLANs on the port By default the system performs loopback detection to all VLANs on Trunk and Hybrid ports Example Configure the detection interval for the external loopback condition of each port to 10 seconds Quidway Ethernet0 1 loopback detection per vlan enable 1 1 16 mdi Syntax mdi ac...

Page 63: ...o Quidway Ethernet0 1 mdi auto 1 1 17 port access vlan Syntax port access vlan vlan_id undo port access vlan View Ethernet port view Parameter vlan_id VLAN ID defined in IEEE802 1Q ranging from 2 to 4094 Description Using port access vlan command you can join the access port to a specified VLAN Using undo port access vlan command you can cancel the access port from the VLAN The use condition of th...

Page 64: ...peer one otherwise the packet cannot be properly transmitted For the related command see port link type Example Configure the default VLAN of the hybrid port Ethernet0 1 to 100 Quidway Ethernet0 1 port hybrid pvid vlan 100 1 1 19 port hybrid vlan Syntax port hybrid vlan vlan_id_list tagged untagged undo port hybrid vlan vlan_id_list View Ethernet port view Parameter vlan_id_list vlan_id_list vlan_...

Page 65: ... access hybrid trunk undo port link type View Ethernet port view Parameter access Configure the port as access port hybrid Configure the port as hybrid port trunk Configure the port as trunk port Description Using port link type command you can configure the link type of Ethernet port Using undo port link type command you can restore the port as default status i e access port You can configure thr...

Page 66: ... VLANs Description Using port trunk permit vlan command you can join trunk port to specified VLAN Using undo port trunk permit vlan command you can cancel trunk port from specified VLAN Trunk port can belong to multiple VLANs If the port trunk permit vlan command is used many times then the VLAN enabled to pass on trunk port is the set of these vlan_id_list This command can be used on condition th...

Page 67: ...with that of the peer one otherwise the packet cannot be properly transmitted For the related command see port link type Example Configure the default VLAN of the trunk port Ethernet0 1 to 100 Quidway Ethernet0 1 port trunk pvid vlan 100 1 1 23 port vlan filter disable Syntax port vlan filter disable undo port vlan filter disable View Ethernet port view Parameter none Description Using port vlan f...

Page 68: ...terface command you can reset the statistical information on the port and count the related information again on the port for the user If the port type and number are not specified when clearing the port information information of all ports on the switch will be cleared If only the port type is specified all the information on the ports of this type will be cleared If both port type and port numbe...

Page 69: ...uidway Ethernet0 1 undo shutdown 1 1 26 speed Syntax speed 10 100 auto undo speed View Ethernet port view Parameter 10 The speed on the port is 10Mbps 100 The speed on the port is 100Mbps auto The port speed is in peer auto negotiation status Description Using speed command you can configure the port speed Using undo speed command you can restore the default speed By default the speed is auto For ...

Page 70: ...escription Using display link aggregation command you can view the related information on aggregation port If the master port number of an aggregation is specified information on this link aggregation will be displayed If the master port number is not specified information of all link aggregations will be displayed For the related command see link aggregation Example Display the related informatio...

Page 71: ... MAC address ingress Configures that the sub ports in the link aggregation share outgoing load on the port depending on the source MAC addresses master_port_num Master port number in link aggregation all all aggregated ports Description Using link aggregation command you can configure a series of ports to aggregation port and the port with the smallest port number as master port Using undo link ag...

Page 72: ...iew the information of monitor mirror port For the related commands see monitor port port mirror Example Display the information of monitor mirror port Quidway display mirror Information about monitor port s The observing port Ethernet0 1 The monitored ports Ethernet0 2 Ethernet0 3 Ethernet0 4 Ethernet0 5 Ethernet0 6 Table 3 1 Description of port mirroring Field Description The observing port The ...

Page 73: ...d when there is corresponding mirror port z The specified monitor port cannot be aggregated port z When new monitor port is set the former monitor port will be cancelled automatically while the mirror port does not change For the related commands see port mirror display mirror Example Configure Ethernet0 1 as monitor port Quidway monitor port ethernet0 1 3 1 3 port mirror Syntax port mirror interf...

Page 74: ...ethernet0 1 3 1 4 port mirror observing port Syntax port mirror interface_list1 observing port interface_type interface_ num interface_name undo port mirror interface_list1 observing port interface_type interface_ num interface_name View System view Parameter interface_list1 Specified mirror port list interface_list1 interface_type interface_num interface_name to interface_type interface_num inter...

Page 75: ... port cannot be aggregated port When the new monitor port is set the former monitor port will be cancelled automatically For the related commands see monitor port port mirror display mirror Example Configure Ethernet0 1 as monitor port and Ethernet0 2 as mirror port Quidway port mirror ethernet0 2 observing port ethernet0 1 ...

Page 76: ...HUAWEI Quidway S2000 Series Ethernet Switches Command Manual 3 VLAN ...

Page 77: ...ands 2 1 2 1 isolate user vlan Configuration Commands 2 1 2 1 1 display isolate user vlan 2 1 2 1 2 isolate user vlan 2 2 2 1 3 isolate user vlan enable 2 3 Chapter 3 GARP GVRP Configuration Commands 3 1 3 1 GARP Configuration Commands 3 1 3 1 1 display garp statistics 3 1 3 1 2 display garp timer 3 2 3 1 3 garp timer 3 2 3 1 4 garp timer leaveall 3 3 3 1 5 reset garp statistics 3 4 3 2 GVRP Confi...

Page 78: ...ption character string of current VLAN is VLAN ID of the VLAN e g VLAN 0001 Description Using description command you can configure a description for the current VLAN Using undo description command you can restore the default description of current VLAN For the related command see display vlan Example Specify a description character string RESEARCH for current VLAN Quidway vlan1 description RESEAR...

Page 79: ...been created and information of whether VLAN feature has been enabled are displayed If the parameter dynamic or static is selected information of VLAN created dynamically or statically by the system and information of whether VLAN feature has been enabled are displayed For the related command see vlan Example Display the information about VLAN1 Quidway display vlan 1 VLAN ID 1 VLAN Type static Rou...

Page 80: ...rt commands in Ethernet port view but not in VLAN view For the related command see display vlan Example Add Ethernet0 4 through Ethernet0 7 Ethernet0 9 and Ethernet0 11 through Ethernet0 15 to VLAN 2 The repeated time of command parameter is 3 times Quidway vlan2 port ethernet0 4 to ethernet0 7 ethernet0 9 ethernet0 11 to ethernet0 15 1 1 4 vlan Syntax vlan vlan_id undo vlan vlan_id to vlan_id all...

Page 81: ... features of equipment disable Disable the VLAN features of equipment Description Using vlan enable disable command you can enable disable the VLAN features of equipment After the VLAN is disabled the switch will not use VLAN ID during the packet exchange thereby losing the isolation function of VLAN domain For the related commands see display vlan Example Enable the VLAN features of equipment Qui...

Page 82: ...ng display isolate user vlan command you can view the mapping relationship and the ports identifying the mapping relationship between isolate user vlan and Secondary VLAN For the related command see isolate user vlan enable isolate user vlan Example Display the mapping relationship between isolate user vlan and Secondary VLAN Quidway display isolate user vlan Isolate user VLAN Vlan ID 3 Secondary ...

Page 83: ...condary secondary_vlan_numlist to secondary_vlan_numlist View System view Parameter isolate user vlan_num VLAN ID of isolate user vlan ranging from 1 to 4094 secondary_vlan_numlist VLAN ID of Secondary vlan ranging from 1 to 4094 Description Using isolate user vlan command you can associate isolate user vlan to Secondary VLAN and establish the mapping relationship between isolate user vlan and Sec...

Page 84: ...er vlan 10 secondary 2 to 5 9 2 1 3 isolate user vlan enable Syntax isolate user vlan enable undo isolate user vlan enable View VLAN view Parameter none Description Using isolate user vlan enable command you can configure the type of one VLAN as isolate user vlan Using undo isolate user vlan enable command you can cancel the isolate user vlan type of one VLAN By default the type of the VLAN create...

Page 85: ...range read command parameters description of Port in this document 1 10 Representing the repeatable times of parameters 1 is the minimal and 10 is the maximal Description Using display garp statistics command you can view the GARP statistics information including the number of received sent packet and the number of discarded packet by GVRP GMRP etc Example Display the GARP statistics information o...

Page 86: ...ead command parameters description of Port in this document 1 10 Representing the repeatable times of parameters 1 is the minimal and 10 is the maximal Description Using display garp timer command you can view the value of GARP timer including Hold timer Join timer Leave timer and LeaveAll timer For the related command see garp timer garp timer leaveall Example Show GARP timer on Ethernet0 1 Quidw...

Page 87: ...ts Leave timer If the entity receives no Join message before the timer goes timeout it will deregister the attribute information timer_value Value of GARP hold timer join timer and leave timer in centisecond The step is 5 centiseconds The range is according to the following rule the value of Join timer should be no less than the doubled value of Hold timer and the value of Leave timer should be gr...

Page 88: ...n themselves Then the LeaveAll timer is started and the new cycle begins For the related command see display garp timer Example Set GARP LeaveAll timer as 1s Quidway garp timer leaveall 100 3 1 5 reset garp statistics Syntax reset garp statistics interface interface_list View User view Parameter interface_list Specifies a list of Ethernet ports on which the GARP statistics information will be clea...

Page 89: ...ame 1 10 interface_type is interface type interface_num is interface number and interface_name is interface name For their meanings and value range read command parameters description of Port in this document 1 10 Representing the repeatable times of parameters 1 is the minimal and 10 is the maximal Description Using display gvrp statistics command you can view the GVRP statistics information of a...

Page 90: ...bout GVRP Quidway display gvrp status GVRP is enabled 3 2 3 gvrp Syntax gvrp undo gvrp View System view Ethernet port view Parameter none Description Using gvrp command you can enable GVRP Using undo gvrp command you can restore the GVRP to default mode i e disable GVRP By default GVRP is disabled This command can be used to enable disable global GVRP in System view or enable disable port GVRP in ...

Page 91: ...ster VLAN dynamically forbidden Deregisters all VLANs except VLAN 1 and disables to create or register any other VLAN on the port normal Enable to create register and deregister VLAN on the port manually or dynamically Description Using gvrp registration command you can configure GVRP registration type Using undo gvrp registration command you can restore the default type By default the registratio...

Page 92: ...HUAWEI Quidway S2000 Series Ethernet Switches Command Manual 4 Multicast ...

Page 93: ...ds 2 1 2 1 IGMP Snooping Configuration Commands 2 1 2 1 1 display igmp snooping configuration 2 1 2 1 2 display igmp snooping group 2 2 2 1 3 display igmp snooping statistics 2 3 2 1 4 igmp snooping 2 4 2 1 5 igmp snooping host aging time 2 4 2 1 6 igmp snooping max response time 2 5 2 1 7 igmp snooping router aging time 2 6 2 1 8 reset igmp snooping statistics 2 7 Chapter 3 Unknown Multicast Drop...

Page 94: ...w Parameter event GMRP event packet GMRP packet Description Using debugging gmrp command you can enable GMRP debugging Using undo debugging gmrp you can disable GMRP debugging Example Enable GMRP event debugging Quidway debugging gmrp event GMRP Max number of GMRP entries reached Table 1 1 Description of information generated by the command debugging gmrp event Field Description GMRP Max number of...

Page 95: ...he syntax description in the Port Configuration of this manual Description Using display gmrp statistics command you can view the statistics information about GMRP This command is used for displaying the statistics information about GMRP including the list of ports with GMRP enabled GMRP status information GMRP failed registrations and last origin of GMRP packet data unit PDU Example Display the s...

Page 96: ...al GMRP Example Display the status of global GMRP Quidway display gmrp status GMRP is enabled Table 1 2 Global GMRP status information Field Description GMRP is enabled GMRP is enabled globally 1 1 4 gmrp Syntax gmrp undo gmrp View System view Ethernet port view Parameter none Description Using gmrp command you can enable global GMRP or enable GMRP on a port Using undo gmrp command you can configu...

Page 97: ... in system view this command will enable the global GMRP After performing this command in Ethernet port view GMRP will be enabled on a port Before enabling GMRP on a port you shall enable GMRP globally For the related command see display gmrp status display gmrp statistics Example Enable GMRP globally Quidway gmrp ...

Page 98: ...iew the IGMP Snooping configuration information This command is used to display the IGMP Snooping configuration information of the switch The information displayed includes whether IGMP Snooping is enabled router port timeout maximum response timeout of a query and the member port timeout For the related command see igmp snooping Example Display the IGMP Snooping configuration information of the s...

Page 99: ...Description Using display igmp snooping group command you can view the IP multicast groups and MAC multicast groups under VLAN This command displays the IP multicast group and MAC multicast group information of a VLAN or all the VLAN where the Ethernet switch is located It displays the information such as VLAN ID router port IP multicast group address member ports in the IP multicast group MAC mul...

Page 100: ...snooping statistics command you can view the statistics information on IGMP Snooping This command displays the statistics information about IGMP Snooping of Ethernet switch It displays the information such as number of received general IGMP query packets received IGMP specific query packets received IGMP Version 1 and Version 2 report packets received IGMP leave packets and error packets and sent ...

Page 101: ...able IGMP Snooping disable Disables IGMP Snooping By default the switch disables IGMP Snooping feature Description Using igmp snooping command you can enable disable IGMP Snooping Using undo igmp snooping command you can restore the default setting This command is used to enable or disable IGMP Snooping on the switch Example Enable IGMP Snooping Quidway igmp snooping enable 2 1 5 igmp snooping hos...

Page 102: ... member so that the refresh frequency can be controlled When the group members change frequently the aging time should be comparatively short and vice versa For the related command see igmp snooping Example Set the aging time to 300 seconds Quidway igmp snooping host aging time 300 2 1 6 igmp snooping max response time Syntax igmp snooping max response time seconds undo igmp snooping max response ...

Page 103: ...rameter seconds Specifies the router port aging time ranging from 130 to 1000 measured in seconds By default 260 Description Using igmp snooping router aging time command you can configure the router port aging time of IGMP Snooping Using undo igmp snooping router aging time command you can restore the default value The port here refers to the Ethernet switch port connected to the router The Layer...

Page 104: ... snooping statistics Syntax reset igmp snooping statistics View User view Parameter none Description Using reset igmp snooping statistics command you can reset the IGMP Snooping statistics information For the related command see igmp snooping Example Clear IGMP Snooping statistics information Quidway reset igmp snooping statistics ...

Page 105: ...cast dropping function Using undo unknown multicast drop enable command you can disable this function By default the unknown multicast dropping function is disabled Normally if the multicast address of multicast data packet received by the switch is not registered on this switch this packet will be broadcasted within this VLAN Whereas after enabling the unknown multicast dropping feature when rece...

Page 106: ...Command Manual Multicast Quidway S2000 Series Ethernet Switches Chapter 3 Unknown Multicast Dropping Configuration Commands 3 2 Quidway unknown multicast drop enable ...

Page 107: ...HUAWEI Quidway S2000 Series Ethernet Switches Command Manual 5 QoS ACL ...

Page 108: ... 1 1 4 reset acl counter 1 4 1 1 5 rule 1 5 1 1 6 time range 1 6 Chapter 2 QoS Commands 2 1 2 1 QoS Configuration Command List 2 1 2 1 1 display queue cycle 2 1 2 1 2 priority 2 1 2 1 3 priority trust 2 2 2 1 4 queue cycle 2 3 Chapter 3 Logon user s ACL control command 3 1 3 1 Logon user s ACL control command 3 1 3 1 1 acl 3 1 3 1 2 ip http acl 3 1 3 1 3 snmp agent community 3 2 3 1 4 snmp agent g...

Page 109: ... to delete all the ACLs including numbered and named ACLs Description Using acl command you can configure a numbered or named ACL and enter the corresponding ACL view Using undo acl command you can cancel all the rules of a numbered or named ACL or all the ACLs By default the ACLs are matched in config order You can use the acl command to create an ACL and specify its name with acl name and its ty...

Page 110: ...f ACL 2000 Quidway acl number 2000 match order auto 1 1 2 display acl config Syntax display acl config all acl number acl name View Any view Parameter all Configures to display all the ACLs including numbered and named ACLs acl number Specifies the sequence number of the ACL to be displayed with a number between 2000 and 3999 acl name Specifies the name of the ACL to be displayed with a character ...

Page 111: ...rule indicates the rule number of the ACL rule 1 permit 10 0 0 1 0 0 times matched indicates the rule s content 1 1 3 display time range Syntax display time range all name View Any view Parameter all Configures to display all the time range name Specifies the name of the time range Description Using display time range command you can view the configuration and status of the current time range You ...

Page 112: ...00 2 19 2005 The content of time range the first time is the beginning time the last time is the ending time Display the time range named tm1 Quidway display time range tm1 Current time is 14 37 31 4 3 2003 Thursday Time range tm1 Inactive from 08 30 2 5 2005 to 18 00 2 19 2005 Table 1 3 the display Information Field Description Current time is 14 36 36 4 3 2003 Thursday Indicates the current time...

Page 113: ...ommand Table 1 4 The comparison between reset commands of statistics information Command Function reset acl counter Reset the statistics information of the ACL which is used in the case of filtering or classifying the data treated by the software of switch The case includes ACL cited by route policy function ACL used for control logon user etc The ACL number ranges from 2000 to 3999 reset traffic ...

Page 114: ...s that the rule takes effect on fragmented packets only and will be ignored for other packets Description Using rule command you can add a rule to an ACL Using undo rule command you can cancel a rule from an ACL You can add a lot of rules to an ACL If you input the parameter when use the undo rule command the system will delete the corresponding content of the rule according to the parameter input...

Page 115: ... representing everyday of the week from start time start date Start time and date of the special time range determining effective days of the time range with the end date format as hh mm MM DD YYYY to end time end date End time and date of the special time range determining effective days of the time range with the start date format as hh mm MM DD YYYY If the above two parameters are omitted there...

Page 116: ...n Using display queue cycle command you can view the parameter settings of queue cycle For the related commands refer to queue cycle Example Display parameter settings of queue cycle Quidway display queue cycle The cyclic ratio of high priority and low priority queues 4 2 1 2 priority Syntax priority priority level undo priority View Ethernet Port views Parameter priority level Specifies the prior...

Page 117: ...he 802 1p priority carried in the packet with it After transmitting a packet the switch will replace the packet 802 1p priority with the priority of the received port according to which the packet will be put into the corresponding egress queue so as to realize QoS function Example Set the priority of Ethernet0 1 port to 7 Quidway Ethernet0 1 priority 7 2 1 3 priority trust Syntax priority trust u...

Page 118: ...forwarded when there is no packet in the lower priority queue Description Using queue cycle command you can configure the polling processing ratio of the packets in higher priority queue to those in lower priority queue on the switch Using undo queue cycle command you can restore the default setting By default the value is 4 That is the system processes one lower priority packet after processing e...

Page 119: ...m ACL control over the users that telnet to the local switch outbound Perform ACL control over the users that telnet to other switches from the local switch Description Using acl command you can call an ACL and perform ACL control over the TELNET users This command calls numbered basic ACL only Example Performs ACL control over the users that telnet to the local switch Suppose ACL 2020 has been de...

Page 120: ...has been defined Quidway ip http acl 2020 3 1 3 snmp agent community Syntax snmp agent community read write community name mib view view name acl acl number undo snmp agent community community name View System view Parameter read Indicate that MIB object can only be read write Indicate that MIB object can be read and written community name Community name character string mib view view name MIB vie...

Page 121: ...ew notify view acl acl number undo snmp agent group v3 group name authentication privacy View System view Parameter v1 Configure to use V1 safe mode v2c Configure to use V2c safe mode v3 Configure to use V3 safe mode groupname Group name ranging from 1 to 32 bytes read view Configures to allow read only view settings readview Read only view name ranging from 1 to 32 bytes write view Configure to a...

Page 122: ... user name group name authentication mode md5 sha auth password privacy mode des56 priv password acl acl number undo snmp agent usm user v3 user name group name local engineid engineid string View System view Parameter v1 Configure to use V1 safe mode v2c Configure to use V2c safe mode v3 Configure to use V3 safe mode username Specify the user name ranging from 1 to 32 bytes groupname Specify the ...

Page 123: ...nd you can add a new user to a SNMP group and perform the ACL control to the user through the parameter acl acl number Using undo snmp agent usm user command you can cancel a user from corresponding SNMP group meanwhile delete the configuration of ACL control Example Adds a user huawei for huaweigroup an SNMP group configures to authenticate with HMAC MD5 96 and sets authentication password as hel...

Page 124: ...HUAWEI Quidway S2000 Series Ethernet Switches Command Manual 6 Integrated Management ...

Page 125: ...ore 1 11 1 2 5 ntdp hop 1 11 1 2 6 ntdp timer 1 12 1 2 7 ntdp timer hop delay 1 13 1 2 8 ntdp timer port delay 1 14 1 3 Cluster Configuration Commands 1 15 1 3 1 add member 1 15 1 3 2 administrator address 1 16 1 3 3 auto build 1 17 1 3 4 build 1 18 1 3 5 cluster 1 18 1 3 6 cluster enable 1 19 1 3 7 cluster switch to 1 20 1 3 8 delete member 1 21 1 3 9 display cluster 1 22 1 3 10 display cluster c...

Page 126: ...type interface_num interface_name to interface_type interface_num interface_name 1 10 interface_type specifies the port type interface_num specifies the port number expressed as slot number port number Key word to helps specify a port range Description Using display ndp command you can view global NDP configuration information including NDP packet interval NDP information hold time and neighbor in...

Page 127: ... Enabled Pkts Snd 0 Pkts Rvd 0 Pkts Err 0 Interface Ethernet0 8 Status Enabled Pkts Snd 0 Pkts Rvd 0 Pkts Err 0 Interface Ethernet0 9 Status Enabled Pkts Snd 0 Pkts Rvd 0 Pkts Err 0 Interface Ethernet0 10 Status Enabled Pkts Snd 0 Pkts Rvd 0 Pkts Err 0 Interface Ethernet0 11 Status Enabled Pkts Snd 0 Pkts Rvd 0 Pkts Err 0 Interface Ethernet0 12 Status Enabled Pkts Snd 0 Pkts Rvd 0 Pkts Err 0 Inter...

Page 128: ...nabled Pkts Snd 0 Pkts Rvd 0 Pkts Err 0 Interface Ethernet0 21 Status Enabled Pkts Snd 0 Pkts Rvd 0 Pkts Err 0 Interface Ethernet0 22 Status Enabled Pkts Snd 0 Pkts Rvd 0 Pkts Err 0 Interface Ethernet0 23 Status Enabled Pkts Snd 11 Pkts Rvd 12 Pkts Err 0 Neighbor 1 Aging Time 170 s MAC Address 00e0 fc00 0003 Port Name Ethernet0 23 Software Ver VRP3 10 Device Name Quidway S3526 Port Duplex AUTO Pro...

Page 129: ...or device Port Name Port name of a neighbor device Software Ver The software version of a neighbor device Device Name Device name of a neighbor device Port Duplex Port duplex mode of a neighbor device Product Ver The product version of a neighbor device 1 1 2 ndp enable Syntax ndp enable interface port list undo ndp enable interface port list View System view or Ethernet port view Parameter interf...

Page 130: ...ansmitted every 60 seconds Description Using ndp timer hello command you can configure how often to transmit the NDP packets Using undo ndp timer hello command you can restore the default NDP packet interval A device shall refresh the NDP information of its adjacent nodes in time to maintain timely information as the adjacent nodes change You can use configuration command to adjust the NDP refresh...

Page 131: ... will hold the information of the local device The adjacent device learns how long it will hold the NDP information from the aging time carried in NDP packets and discards the packets when the aging timer expires Normally NDP aging time is longer than NDP packet interface Otherwise the neighbor information table of an NDP port will become unstable Example Configure the aging time of NDP packet as ...

Page 132: ... you can reset the NDP counters to clear the NDP statistics information Example Clear NDP statistics information Quidway reset ndp statistics 1 2 NTDP Configuration Commands 1 2 1 display ntdp Syntax display ntdp View Any view Parameter none Description Using display ntdp command you can view the global NTDP information The displayed information includes collected hops ntdp timer hop delay port de...

Page 133: ... topology collection request Port Delay Delay that the port forwards topology collection request Last collection total time Time taken by last collection 1 2 2 display ntdp device list Syntax display ntdp device list verbose View All view Parameter verbose Display the detailed information about the device Description Using display ntdp device list command you can view the device information collec...

Page 134: ...way S3026 IP Version Huawei Versatile Routing Platform Software VRP tm Software Version 3 10 Quidway S3026 Software Version 3026 005 RELEASE SOFTWARE Copyright c 2000 2002 By HUAWEI TECH CO LTD Cluster Candidate device Stack Candidate device Peer MAC Peer Port ID Native Port ID Speed Duplex 00e0 fc07 0bc0 Ethernet0 23 Ethernet2 4 100 FULL 00e0 fc07 4de0 Ethernet0 12 Ethernet2 4 100 FULL Hostname Q...

Page 135: ...on Using ntdp enable command you can enable NTDP on switch or a port Using undo ntdp enable command you can disable NTDP on switch or a port By default NTDP is enabled on switch and the ports supporting NDP If NTDP is enabled on a port not supporting NDP NTDP cannot run yet Before a device can process NTDP packet the system NTDP must be enable first After disabling system NTDP all the NTDP informa...

Page 136: ...dp explore Syntax ntdp explore View User view Parameter none Description Using ntdp explore command you can start topology information collection when you wants to collect network topology information NTDP will collect the NDP information of every device and all of their neighboring connections in the specified network scope The administrator device or network management system will learn the netw...

Page 137: ...default value The limit is performed through controlling permitted hops from the originating of collection For example if you set a limit of 2 to the hop number only the switches 2 hops away from the first switch transmitting the topology collection request will be collected This command is only effective on the topology collecting device The broader collection scope requires more memory of the to...

Page 138: ...nfigure the periodic topology connection interval is 30 minutes Quidway ntdp timer 30 1 2 7 ntdp timer hop delay Syntax ntdp timer hop delay time undo ntdp timer hop delay View System view Parameter time The time that the collected device wait before forwarding the topology collection request ranging from 1 to 1000 milliseconds By default the value is 200ms Description Using ntdp timer hop delay c...

Page 139: ...anging from 1 to 100 in milliseconds By default the value is 20ms Description Using ntdp timer port delay command you can configure the delay before the next port s forwarding packets on the collected device Using undo ntdp timer port delay command you can restore the default port delay To avoid network congestion resulted from collecting device s receiving large amount of responses simultaneously...

Page 140: ...ndidate device a user has to input that password before adding the candidate device to the cluster Description Using add member command you can add a candidate device to a cluster This command can be executed on the administrator device only When adding a cluster member you can use the member num parameter to assign a member number to it at the same time Remember to assign an unused number otherwi...

Page 141: ...digital subtraction sign and underline _ Description Using administrator address command you can store such information as administrator device address and cluster name related to a cluster on a member device and add a candidate to a cluster Using undo administrator address command you can cancel a member from the cluster and make it a candidate again This command is used for saving configuration ...

Page 142: ...s NTDP to collect candidates and adds them to the cluster upon your confirmation When you use this command on an administrator device the system will collect the candidates directly The recover parameter is used for recover a cluster Using the auto build recover command you can find the members left the member list and add them to the cluster again Note Ensure that NTDP is enabled because it is th...

Page 143: ...er Using undo build command you can cancel a cluster By default all the devices supporting cluster are candidate devices After a cluster is created the device on which the command is executed becomes the administrator device and will be assigned with a fixed member number of 0 This command can be executed on an administrator device or a command capable device Using it on an administrator device yo...

Page 144: ...ription Using cluster enable command you can enable the cluster function on a switch Using undo cluster enable command you can disable the cluster function of a switch By default the cluster function is enabled on all the devices supporting cluster Above commands can be used on any device supporting the cluster function When you use the undo cluster enable command on an administrator device the sy...

Page 145: ...tween administrator device and member devices for convenient management A member device in a cluster can be managed through the administrator device The user can operate on an administrator device and switchover to a specified member device for configuration management or operate on a member device and switchover to an administrator device Authentication is required when the user switch from the a...

Page 146: ...or device Huawei_0 Quidway cluster switch to 6 Huawei_6 Quidway quit Huawei_0 Quidway 1 3 8 delete member Syntax delete member member num View Cluster view Parameter member num Number of a member device ranging from 1 to 255 Description Using delete member command you can cancel a member from the cluster This command can be performed on administrator device After performing this command the admini...

Page 147: ...ice but the displays are different In the administrator device there are cluster name member number handshake interval holdtime address pool and the server of cluster In the member device there are member number MAC address of administrator device and the state of administrator device Example Display information about cluster on the administrator device Quidway display cluster Cluster name sss Rol...

Page 148: ...n about cluster on the member device Quidway display cluster Cluster name sss Role Member Member number 1 Handshake timer 10 sec Handshake hold time 60 sec Administrator device mac address 00e0 fc00 0003 Administrator status Up Table 1 6 Description of cluster status and statistics information Field Description Cluster name Name of the cluster Role Role of the cluster member Member state Member st...

Page 149: ... by NTDP last time In order to ensure the correctness of display you can manually perform a collection first or set the NTDP to run collection periodically Example Display all the candidate devices lists Quidway display cluster candidates MAC HOP IP PLATFORM 00e0 fc10 0000 1 Quidway S3526 00e0 fc07 3c00 3 Quidway S3526 00e0 fc07 4de0 2 192 169 121 257 25 Quidway S3526 00e0 fc07 0bc0 0 Quidway S352...

Page 150: ...er members member num verbose View Any view Parameter member num Cluster member number ranging from 0 to 255 verbose Display the detailed information about all the member devices Description Using display cluster command you can view the information of cluster member This command can only be performed on the administrator device Using member num or verbose parameter to display detail information o...

Page 151: ...se Member number 0 Name Huawei_0 Quidway Device Quidway S3526 MAC Address 00e0 fc07 0bc0 Member status Cmdr Hops to administrator device 0 IP 1 1 200 210 16 Version Huawei Versatile Routing Platform Software VRP tm Software Version 3 10 Copyright c 2000 2002 By HUAWEI TECH CO LTD Quidway S3526 3526 003 Member number 1 Name Huawei_1 Quidway Device Quidway S3026 MAC Address 00e0 fc00 a01f Member sta...

Page 152: ... type MAC Address MAC address of the device Member Status Status of the device Hops to administrator device The hops from current member device to the administrator IP IP address of current member device Version Software Version of current device 1 3 12 ftp server Syntax ftp server ip address undo ftp server View Cluster view Parameter ip address IP address of FTP server configured for the cluster...

Page 153: ...ult the valid holdtime is 60 seconds Description Using holdtime command you can configure the valid holdtime of a switch Using undo holdtime command you can restore the default value of holdtime After missing 3 times of handshake if the switch still cannot receive any information of the peer device during holdtime it will set the state of peer device to down When the communication resumes the rele...

Page 154: ...pool command you can restore the default IP address configuration of the cluster By default no IP pool is configured Before setting up a cluster the user should configure a private IP address pool for the member devices of the cluster When a candidate device is added the administrator device will dynamically assign a private IP address which can be used for communication inside the cluster In this...

Page 155: ...blic logging host configured The commands are used to assign an IP address for the logging host of the cluster thereby the members can send log information to logging host via the administrator device Example Configure the IP address of the logging host on the administrator device Huawei_0 Quidway cluster logging host 1 0 0 9 1 3 16 port tagged Syntax port tagged vlan vlanid undo port tagged View ...

Page 156: ...raseflash Delete the configuration file when resetting the member device Description Using reboot member command you can reset a specified member device on the administrator device The communication between the administrator device and member devices may be interrupted due to some configuration errors the member device can be controlled via the remote control function of member device For example ...

Page 157: ...ic SNMP host for the members inside a cluster on the administrator device Using undo snmp host command you can cancel the public SNMP host By default there is no public SNMP host This command is used to configure the IP address of the network management site for the cluster thereby a cluster member can send the trap information to it via the administrator device Example Configure the IP address of...

Page 158: ...ia the administrator device Example Configure IP address for TFTP server on the administrator device Huawei_0 Quidway cluster tftp server 1 0 0 9 1 3 20 timer Syntax timer interval in secs undo timer View Cluster view Parameter Interval in secs This parameter is to set sending time interval of the handshake packet ranging of 1 255 seconds By default the value is 10 seconds Description Using timer ...

Page 159: ...es Chapter 1 HGMP V2 Configuration Commands 1 34 This command can only be executed on the administrator device which will advertise the cluster timer value to the member devices Example Configure to send handshake packets once every 3 seconds Huawei_0 Quidway cluster timer 5 ...

Page 160: ...HUAWEI Quidway S2000 Series Ethernet Switches Command Manual 7 STP ...

Page 161: ...tion 1 4 1 1 5 stp cost 1 5 1 1 6 stp edged port 1 5 1 1 7 stp loop protection 1 6 1 1 8 stp mcheck 1 7 1 1 9 stp mode 1 7 1 1 10 stp point to point 1 8 1 1 11 stp port priority 1 9 1 1 12 stp priority 1 9 1 1 13 stp root primary 1 10 1 1 14 stp root secondary 1 11 1 1 15 stp root protection 1 12 1 1 16 stp timeout factor 1 13 1 1 17 stp timer forward delay 1 13 1 1 18 stp timer hello 1 14 1 1 19 ...

Page 162: ...o the Port Command Manual 1 10 indicates the preceding parameter can be input up to 10 times Description Using display stp command you can view the status information of the current RSTP For the related command see reset stp Example Display the status information about RSTP of Ethernet0 2 Quidway display stp interface Ethernet0 2 Protocol mode IEEE RSTP The bridge ID Pri MAC 32768 00e0 fc00 5516 T...

Page 163: ... 200000 Port priority 128 Designated bridge ID Pri MAC 32768 00e0 fc00 5516 The Port is a non edged port Connected to a point to point LAN segment Maximum transmission limit is 3 Packets hello time Times Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Message Age 0 BPDU sent 0 TCN 0 RST 0 Config BPDU 0 BPDU received 0 TCN 0 RST 0 Config BPDU 0 The RSTP configuration of port 2 including the po...

Page 164: ...dway reset stp interface ethernet0 1 to ethernet0 3 1 1 3 stp Syntax stp enable disable undo stp View System view Ethernet port view Parameter enable Enables RSTP on a device or a port disable Disables RSTP on a device or a port Description Using stp enable command you can enable RSTP on a device or port Using stp disable command you can disable RSTP on a device or port Using undo stp command you ...

Page 165: ... the access port is generally connected to the user terminal such as a PC or file server directly and configured as an edge port to implement the fast transition When such port receives BPDU packet the system will set it to non edge port and recalculate the spanning tree which will cause network topology flapping In normal cases these ports will not receive any BPDU packets However someone may for...

Page 166: ...onnected to the port The path cost of an Ethernet port is related to the link speed You can refer to the following table RSTP will check the link speed of the port and get the path cost directly It is recommended to set the cost to the default value and let RSTP query the path cost of the port Table 1 2 Path cost for ports at different link speeds Link speed Recommended value Recommended range Ran...

Page 167: ...r switch you can use the stp edged port disable or undo stp edged port command to specify it as a non edge port The stp edged port enable command can be used to configure the current Ethernet port as an edge port All the Ethernet ports have been set to non edge ports by initialization You can configure the Ethernet ports directly connected to the user terminals as edge ports so that they can trans...

Page 168: ...g STP on the segment connected to the current Ethernet port the port will switch to run RSTP in STP compatible mode If the network is rather stable even when the bridge running STP on the segment is removed the corresponding port will still work in the STP compatible mode In this case you can use this command to force the port to work in RSTP mode In RSTP mode when the port receives an STP packet ...

Page 169: ...patible mode Quidway stp mode stp 1 1 10 stp point to point Syntax stp point to point force true force false auto undo stp point to point View Ethernet port view Parameter force true Indicates that the link to the current Ethernet port is point to point link force false Indicates that the link to the current Ethernet port is not point to point link auto Specifies to check if the link to the Ethern...

Page 170: ...stp port priority View Ethernet port view Parameter port priority Specifies the priority of the port ranging from 0 to 240 The values are not consecutive integers Step length is 16 By default the value is 128 Description Using stp port priority command you can configure the priority of the current Ethernet port Using undo stp port priority command you can restore the default priority The priority ...

Page 171: ...6 such as 0 4096 8192 etc The smaller value represents the higher priority A switch with higher priority is more likely to be a root bridge Example Set the priority of the current Ethernet switch to 4096 Quidway stp priority 4096 1 1 13 stp root primary Syntax stp root primary undo stp root View System view Parameter none Description Using stp root primary command you can configure the current swi...

Page 172: ...do stp root View System view Parameter none Description Using stp root secondary command you can configure the current switch as a secondary root of a specified spanning tree Using undo stp root secondary command you can cancel the designation of the current switch for a secondary root of a specified spanning tree By default a switch is not a secondary root You can designate one or more secondary ...

Page 173: ...protection is not enabled Due to configuration error of the maintenance personnel or malicious user attack a legal root of the network may receive a BPDU with higher priority and lose its status as a root which causes unpleasant changes of network topology Such illegal changes may pull the higher speed traffic to lower speed links and cause network congestion To avoid such problem RSTP provides Ro...

Page 174: ...enerally if the switch doesn t receive the RSTP packets from the upstream switch for 3 times of hello time the switch will decide the upstream switch is dead and will recalculate the topology of the network Then in steady network the recalculation may be caused when the upstream is busy In this case user can redefine the timeout interval to a longer time by define the multiple of hello time The st...

Page 175: ...ed commands see stp timer hello stp timer max age Example Set the forward delay of the device to 2000 centiseconds Quidway stp timer forward delay 2000 1 1 18 stp timer hello Syntax stp timer hello centiseconds undo stp timer hello View System view Parameter centiseconds Specifies the value of hello time in centisecond ranging from 100 to 1000 By default the value is 200 centiseconds Description U...

Page 176: ...n restore the default Max Age Maximum age is used for judging if an RSTP packet is outdated If the value is set too small the spanning tree will be computed too frequently because the network congestion may be considered as link failure However if the value is set too large the link failure may not be discovered in time Maximum age is related to the network diameter You can use this command to mod...

Page 177: ...igure a limit to the transmission speed of the current Ethernet port Using undo stp transit limit command you can restore the default speed limit You can use this command to set a limit to the transmission speed of the current Ethernet port The greater the speed is the more the packets can be transmitted in the unit time However if the value is set too large it will occupy excessive switch resourc...

Page 178: ...HUAWEI Quidway S2000 Series Ethernet Switches Command Manual 8 Security ...

Page 179: ... handshake period 1 12 1 1 13 reset dot1x statistics 1 13 Chapter 2 AAA Configuration Commands 2 1 2 1 AAA Configuration Commands 2 1 2 1 1 access limit 2 1 2 1 2 attribute 2 1 2 1 3 cut connection 2 3 2 1 4 display connection 2 4 2 1 5 display domain 2 5 2 1 6 display local user 2 6 2 1 7 domain 2 7 2 1 8 idle cut 2 8 2 1 9 local user 2 9 2 1 10 local user password display mode 2 10 2 1 11 passwo...

Page 180: ...4 retry stop accounting 2 27 2 2 15 secondary accounting 2 28 2 2 16 secondary authentication 2 29 2 2 17 server type 2 29 2 2 18 state 2 30 2 2 19 stop accounting buffer enable 2 31 2 2 20 timer 2 32 2 2 21 timer realtime accounting 2 33 2 2 22 user name format 2 34 Chapter 3 HABP Configuration Commands 3 1 3 1 HABP Commands 3 1 3 1 1 display debugging habp 3 1 3 1 2 display habp 3 1 3 1 3 displa...

Page 181: ...e interface number and interface name specifies the interface name For the respective meanings and value ranges read the Parameter of the Port Command Manual section Description Using display dot1x command you can view the relevant information of 802 1x including configuration information running state session connection information and relevant statistics information By default all the relevant 8...

Page 182: ...alue of Server Timeout 000100 s The maximal retransmitting times 000003 Total maximum on line user number is 512 Total current on line user number is 0 Ethernet0 1 is link down 802 1X protocol is disabled Proxy trap checker is disabled Proxy logoff checker is disabled The port is a n authenticator Authenticate Mode is auto Port Control Type is Mac based Max on line user number is 64 Omitted 1 1 2 ...

Page 183: ...pecified 802 1x will be globally enabled If the parameter ports list is specified 802 1x will be enabled on the specified port When this command is used in Ethernet port view the parameter interface list cannot be input and 802 1x can only be enabled on the current port The configuration command can be used to configure the global or port 802 1x performance parameters before or after 802 1x is ena...

Page 184: ...authentication protocol with three handshakes It only transmits username but not password CHAP is more secure and reliable In the process of EAP authentication switch directly sends authentication information of 802 1x user to RADIUS server in the form of EAP packet It is not necessary to transfer the EAP packet to standard RADIUS packet first and then send it to RADIUS server Please note To reali...

Page 185: ...mit to the amount of supplicants on the port ranging from 1 to 64 S By default the maximum user number is 64 interface interface list Ethernet interface list including several Ethernet interfaces expressed in the format interface list interface num to interface num 1 10 interface num specifies a single Ethernet interface in the format interface num interface type interface num interface name where...

Page 186: ...kets but not to access the network resources If the user passes the authentication flow the interface will switch over to the authorized state and then the user is allowed to access the network resources This is the most common case authorized force Forced authorized mode configuring the interface to always stay in authorized state and the user is allowed to access the network resources without au...

Page 187: ...e Ethernet 0 1 to be in unauthorized force state Quidway dot1x port control unauthorized force interface Ethernet 0 1 1 1 7 dot1x port method Syntax dot1x port method macbased portbased interface interface list undo dot1x port method interface interface list View System view Ethernet interface view Parameter macbased Configures the 802 1x authentication system to perform authentication on the supp...

Page 188: ...ted successfully automatically but if the first one finish the network service the other accessed users network service will be rejected This command has effect on the interface specified by the parameter interface list when executed in system view It has effect on all the interfaces when no interface is specified The parameter interface list cannot be input when the command is executed in Etherne...

Page 189: ...rnet switch can retransmit the authentication request frame to the supplicant Using undo dot1x retry command you can restore the default maximum retransmission time After the switch has transmitted authentication request frame to the user for the first time if no user response is received during the specified time range the switch will re transmit authentication request to the user This command is...

Page 190: ...me specifies the interface name For the respective meanings and value ranges read the Parameter of the Port Command Manual section Description Using dot1x supp proxy check command you can configure the control method for 802 1x access users via proxy logon the specified interface Using undo dot1x supp proxy check command you can cancel the control method set for the 802 1x access users via proxy N...

Page 191: ...802 1x authentication quiet period value Specify how long the quiet period is The value ranges from 10 to 120 in units of second and defaults to 60 server timeout Specify the timeout timer of an Authentication Server If an Authentication Server has not responded before the specified period expires the Authenticator will resend the authentication request server timeout value Specify how long the du...

Page 192: ...should keep the default values of the timers For the related commands see display dot1x Example Set the Authentication Server timeout timer is 150s Quidway dot1x timer server timeout 150 1 1 12 dot1x timer handshake period Syntax dot1x timer handshake period interval undo dot1x timer handshake period View system view Parameter interval Handshake period range from 1 to 1024 unit in second Descripti...

Page 193: ... For the respective meanings and value ranges read the Parameter of the Port Configuration section Description Using reset dot1x statistics command you can reset the statistics information of 802 1x This command can be used to re perform information statistics if the user wants to delete the former statistics information of 802 1x When the original statistics information is cleared if no port type...

Page 194: ...plicants in the current ISP domain Using undo access limit command you can restore the limit to the default setting By default there is no limit to the amount of supplicants in the current ISP domain This command limits the amount of supplicants contained in the current ISP domain The supplicants may contend with each other for the network resources So setting a suitable limit to the amount will g...

Page 195: ...which a user belong The argument vlanid is an integer in the range of 1 to 4094 location Sets the port binding attribute of user nas ip ip address The IP address of the access server in the event of binding a remote port with a user The argument ip address is an IP address in dotted decimal format and defaults to 127 0 0 1 port portnum Sets the port with which a user is bound The argument portnum ...

Page 196: ...mal format x x x radius scheme radius server name Configures to cut the connection according to RADIUS server name radius server name specifies the RADIUS server name with a character string not exceeding 32 characters excluding and interface interface type interface number Configures to cut the connection according to the port ip ip address Configures to cut the connection according to IP address...

Page 197: ...d ISP domain shall have been created mac mac address Configures to display the supplicant whose MAC address is mac address The argument mac address is in the hexadecimal format x x x radius scheme radius server name Configures to display the supplicant according to RADIUS server name radius server name specifies the RADIUS server name with a character string not exceeding 32 characters excluding a...

Page 198: ...ot exceeding 24 characters The specified ISP domain shall have been created Description Using display domain command you can view the configuration of a specified ISP domain or display the summary information of all ISP domains This command is used to output the configuration of a specified ISP domain or display the summary information of all ISP domains If an ISP domain is specified the configura...

Page 199: ...able means the user enables the function service type Configures to display local user of a specified type telnet means that the specified user type is telnet ftp means that the specified user type is ftp lan access means that the specified user type is lan access which mainly refers to Ethernet accessing users 802 1x supplicants for example state active block Configures to display the local users...

Page 200: ...the relevant information of all the local users Quidway display local user The contents of local user user1 State Active ServiceType Mask None Idle Cut Disable AccessLimit Disable Current AccessNum 0 Bind location Disable Vlan ID Disable IP address Disable MAC address Disable Total 1 local user s Matched 1 listed 2 1 7 domain Syntax domain isp name default disable enable isp name undo domain isp n...

Page 201: ...environment with several ISP domains In this case an access device may have supplicants from different ISP domains Because the attributes of ISP users such as username and password structures service types may be different it is necessary to separate them by setting ISP domains In ISP domain view you can configure a complete set of exclusive ISP domain attributes for each ISP domain which includes...

Page 202: ...onding attributes in the template will be endeavored to him as default ones The user template of the switch you are using may only provide user idle cut settings After a user is authenticated if the idle cut is configured to enable or disable by neither the user nor the RADIUS server the user will adopt the idle cut state in the template Because a user template only works in one ISP domain it is n...

Page 203: ... mainly refers to Ethernet accessing users 802 1x supplicants for example all All the users Description Using local user command you can configure a local user and enter the local user view Using undo local user command you can cancel a specified local user By default no local user For the related commands see display local user server type Example Add a local user named huawei1 Quidway local user...

Page 204: ...s to display passwords in cipher text Quidway local user password display mode cipher force 2 1 11 password Syntax password simple cipher password undo password View Local user view Parameter simple Specifies to display passwords in simple text cipher Specifies to display passwords in cipher text password Defines a password which is a character string of up to 16 characters if it is in simple text...

Page 205: ...you can restore the RADIUS server group used by the current ISP domain to the default RADIUS server group After an ISP domain is created it uses the default RADIUS server group named default For configuration of relevant parameters read the RADIUS Configuration section of this chapter of the system This command is used to specify the RADIUS server group for the current ISP domain The specified RAD...

Page 206: ...nfigure a service type for a particular user Using undo service type command you can cancel the specified service type for the user Example Set to provide the lan access service for the user huawei1 Quidway luser huawei1 service type lan access 2 1 14 state Syntax state active block View ISP domain view Local user view Parameter active Configures the current ISP domain ISP domain view current user...

Page 207: ...nline For the related command see domain Example Set the current ISP domain huawei163 net to be in the block state The supplicants in this domain cannot request for the network service Quidway isp huawei163 net state block Set the user huawei1 to be in the block state Quidway luser huawei1 state block 2 2 RADIUS Protocol Configuration Commands 2 2 1 data flow format Syntax data flow format data by...

Page 208: ...he related command see display radius Example Set the unit of data flow that send to RADIUS Server Huawei is kilo byte and the data packet unit is kilo packet Quidway radius huawei data flow format data kilo byte packet kilo packet 2 2 2 display local server statistics Syntax display local server statistics View Any view Parameter None Description Using display local server statistics command you ...

Page 209: ... specified or all the RADIUS server groups The output can help with RADIUS diagnosis and troubleshooting For the related command see radius scheme Example Display the configuration information of all the RADIUS server groups Quidway display radius SchemeName system Index 0 Type huawei Primary Auth IP 127 0 0 1 Port 1645 State active Primary Acct IP 127 0 0 1 Port 1646 State active Second Auth IP 0...

Page 210: ...d troubleshooting For the related command see radius scheme Example Display the statistics information of RADIUS packets Quidway display radius statistics state statistic total 536 DEAD 1528 AuthProc 0 AuthSucc 0 AcctStart 0 RLTSend 0 RLTWait 0 AcctStop 0 OnLine 0 Stop 0 StateErr 0 Receive and Send packets statistic Send PKT total 0 Receive PKT total 0 RADIUS received packets statistic Code 2 Num ...

Page 211: ...r 0 Succ 0 RADIUS send messages statistic Normal auth accept Num 0 Normal auth reject Num 0 EAP auth accept Num 0 EAP auth reject Num 0 EAP auth replying Num 0 EAP reauth accept Num 0 EAP_reauth_reject Num 0 Account success Num 0 Account failure Num 0 Account off ack Num 0 Update request Num 0 Leaving ack Num 0 Cut req Num 0 RecError_MSG_sum 0 SndMSG_Fail_sum 0 Timer_Err 0 Alloc_Mem_Err 0 State Mi...

Page 212: ...ifies the username a character string not exceeding 32 characters excluding and The character can only be used once in one username The pure username the part before namely the user ID cannot exceed 24 characters Description Using display stop accounting buffer command you can view the stopping accounting requests which have not been responded and saved in the buffer After transmitting the stoppin...

Page 213: ...the default key RADIUS client switch system and RADIUS server use MD5 algorithm to encrypt the exchanged packets The two ends verify the packet through setting the encryption key Only when the keys are identical can both ends accept the packets from each other and give responses So it is necessary to ensure that the keys set on the switch and the RADIUS server are identical If the authentication a...

Page 214: ...authentication authorization accounting servers to manage users is widely used in Huawei Quidway series switches Besides local authentication authorization accounting service is also used in these products and it is called local RADIUS function i e realize basic RADIUS function on the switch Note that when using local RADIUS server function of Huawei remember the number of UDP port used for authen...

Page 215: ...real networking environments the above parameters shall be set according to the specific requirements However at least you have to set one authentication authorization server and an accounting server Besides ensure that the RADIUS service port settings on the Ethernet switch is consistent with the port settings on the RADIUS server For the related commands see key radius scheme state Example Set t...

Page 216: ...erver Besides ensure that the RADIUS service port settings on the Ethernet switch is consistent with the port settings on the RADIUS server For the related commands see key radius scheme state Example Set the IP address of the primary authentication authorization server of RADIUS server group huawei to 10 110 1 1 and the UDP port 1812 to provide RADIUS authentication authorization service Quidway ...

Page 217: ...ting server type state user name format retry display radius display radius statistics Example Create a RADIUS server group named huawei and enters its view Quidway radius scheme huawei Quidway radius huawei 2 2 11 reset stop accounting buffer Syntax reset stop accounting buffer radius scheme radius scheme name session id session id time range start time stop time user name user name View User vie...

Page 218: ...quests if there is no response from the RADIUS server the switch will save the packet in the buffer and retransmit it for several times which is set through the retry realtime accounting command This command is used to delete the stopping accounting requests from the switch buffer You can select to delete the packets transmitted to a specified RADIUS server or according to the session id or userna...

Page 219: ...ommunication with the primary and secondary RADIUS servers has been disconnected Setting a suitable retry time according to the network situation can speed up the system response For the related command see radius scheme Example Set to retransmit the RADIUS request packet no more than 5 times via the server huawei in the RADIUS server group Quidway radius huawei retry 5 2 2 13 retry realtime accou...

Page 220: ...l time accounting interval of NAS is t then the integer part of the result from dividing T by t is the value of count Therefore when applied T is suggested the numbers which can be divided exactly by t For the related command see radius scheme Example Allow the real time accounting request failing to be responded for up to 10 times Quidway radius huawei retry realtime accounting 10 2 2 14 retry st...

Page 221: ...ress port number undo secondary accounting View RADIUS server group view Parameter ip address IP address in dotted decimal format By default the IP addresses of second accounting server is at 0 0 0 0 port number Specifies the UDP port number ranging from 1 to 65535 By default the accounting service is provided via UDP 1813 Description Using secondary accounting command you can configure the IP add...

Page 222: ...econdary authentication command you can configure the IP address and port number for the second RADIUS authentication authorization Using undo secondary authentication command you can restore the IP address and port number to default values For detailed information read the Description of the primary authentication command For the related commands see key radius scheme state Example Set the IP add...

Page 223: ...al an extension of RADIUS protocol standard Configures the switch system to support the RADIUS server of Standard type which requires the RADIUS client end switch system and RADIUS server to interact according to the regulation and packet format of standard RADIUS protocol RFC 2138 2139 or newer Description Using server type command you can configure the RADIUS server type supported by the switch ...

Page 224: ...ary server is disconnected to NAS for some fault NAS will automatically turn to exchange packets with the second server However after the primary one recovers NAS will not resume the communication with it at once instead it continues communicating with the second one When the second one fails to communicate NAS will turn to the primary one again This command is used to set the primary server to be...

Page 225: ...DIUS accounting server Accordingly if the message from the switch to RADIUS accounting server has not been responded the switch shall save it in the local buffer and retransmit it until the server responds or discard the messages after transmitting for specified times For the related commands see reset stop accounting buffer radius scheme display stop accounting buffer Example Indicate that for th...

Page 226: ... 2 21 timer realtime accounting Syntax timer realtime accounting minute undo timer realtime accounting View RADIUS server group view Parameter minute Real time accounting interval ranging from 3 to 60 and measured in minutes By default the value is 12 It must be a multiple of 3 Description Using timer realtime accounting command you can configure the real time accounting interval Using undo timer ...

Page 227: ... username with domain name to RADIUS server without domain Specifies to send the username without domain name to RADIUS server Description Using user name format command you can configure the username format sent to RADIUS server By default RADIUS server acknowledges that the username sent to it includes ISP domain name The supplicants are generally named in userid isp name format The part followi...

Page 228: ...r group shall not be simultaneously used in more than one ISP domains Otherwise the RADIUS server will regard two users in different ISP domains as the same user by mistake if they have the same username excluding their respective domain names For the related command see radius scheme Example Specify to send the username without domain name to RADIUS server Quidway radius huawei user name format w...

Page 229: ... debugging habp View Any view Parameter None Description Using the display debugging habp command you can view HAMP debugging state Example Display HABP debugging state Quidway display debugging habp HABP Debugging switch is on 3 1 2 display habp Syntax display habp View Any view Parameter None Description Using the display habp command you can view configuration information and state of HABP attr...

Page 230: ...BP Mode HABP mode for the current switch including server and client Sending HABP request packets every 20 seconds Time interval to send HABP request packets Bypass VLAN Send HABP packets in specified VLANs 3 1 3 display habp table Syntax display habp table View Any view Parameter None Description Using the display habp table command you can view HABP MAC address table Example Display HABP MAC add...

Page 231: ...bp enable undo habp enable View System view Parameter None Description Using the habp enable command you can enable HABP attribute at a switch Using the undo hapb enable command you can disable HABP attribute at a switch By default HABP attribute is disabled at a switch If 802 1x attribute is enabled on switch and HABP attribute is not enabled for those ports where 802 1x authentication is skipped...

Page 232: ...ckets in a specific VLAN Using the undo hapb server vlan command you can restore the HABP mode to the default value By default the HABP mode is client You must first enable HABP attribute at a switch using the habp enable command and then specify HABP mode as server Example Specify HABP mode as server and transmit HABP packets in VLAN2 Quidway habp server vlan 2 3 1 7 habp timer Syntax habp timer ...

Page 233: ...ommand you can define time interval for a switch to send HABP request packet Using the undo habp timer command you can restore the time interval to the default value The command is only available on the switch whose HABP mode is set as server Example Define the time interval to send HABP request packets as 50 seconds Quidway habp timer 50 ...

Page 234: ...HUAWEI Quidway S2000 Series Ethernet Switches Command Manual 9 Network Protocol ...

Page 235: ...aging 1 5 1 1 6 reset arp 1 5 Chapter 2 DHCP Snooping Configuration Commands 2 1 2 1 DHCP Snooping Configuration Commands 2 1 2 1 1 dhcp snooping 2 1 2 1 2 display dhcp snooping 2 2 Chapter 3 IP Performance Configuration Commands 3 1 3 1 IP Performance Configuration Commands 3 1 3 1 1 display fib 3 1 3 1 2 display icmp statistics 3 1 3 1 3 display ip statistics 3 3 3 1 4 display tcp status 3 4 3 1...

Page 236: ...VLAN to which the static ARP entry belongs which is in the range of 1 to 4094 interface_name Port to which the static ARP entry belong represented with interface_name interface_type interface_num interface_type is port type and interface_num is port number For details about interface_type interface_num and interface_name refer to the Port Command Manual Description Using arp static command you can...

Page 237: ...ay arp debugging arp Example Associate the IP address 202 38 10 2 with the MAC address 00e0 fc01 0000 and the ARP mapping entry belongs to the Ethernet port Ethernet0 1 on VLAN1 Quidway arp static 202 38 0 10 00e0 fc01 0000 1 ethernet0 1 1 1 2 arp timer aging Syntax arp timer aging aging time undo arp timer aging View System view Parameter aging time Aging time of dynamic ARP aging timer which is ...

Page 238: ... disable the corresponding ARP debugging By default undo ARP debugging is enabled For the related command see arp static display arp Example Enable ARP packet debugging Quidway debugging arp packet 0 771346 ARP 8 S1 arp_send Send an ARP Packet operation 1 sender_eth_addr 00e0 fc00 3500 sender_ip_addr 10 110 91 159 target_eth_addr 0000 0000 0000 target_ip_addr 10 110 91 193 0 771584 ARP 8 S1 arp_rc...

Page 239: ...et_ip_addr Target IP address 1 1 4 display arp Syntax display arp dynamic static ip address View Any view Parameter dynamic Display the dynamic ARP entries in ARP mapping table static Display the static ARP entries in ARP mapping table ip address Display ARP mapping entries according to specified IP address Description Using display arp command you can view the ARP mapping table For the related co...

Page 240: ...longs Aging Aging time of dynamic ARP entry in minutes Type Type of ARP entry 1 1 5 display arp timer aging Syntax display arp timer aging View Any view Parameter vlan id VLAN interface Description Using display arp timer aging command you can view the current setting of the dynamic ARP map aging timer For the related command see arp timer aging Example Display the current setting of the ARP map a...

Page 241: ...RP mapping entries that are related to the specified port represented with interface_name interface_type interface_num interface_type is port type and interface_num is port number For details about interface_type interface_num and interface_name refer to the Port Command Manual Description Using reset arp command you can reset the ARP mapping entries For the related command see arp static display ...

Page 242: ...snooping undo dhcp snooping View System view Parameter none Description Using dhcp snooping command you can enable DHCP Snooping function on the switch to record users IP addresses Using undo dhcp snooping command you can disable this function By default The switch is disabled to listen to DHCP broadcast packets and record users IP addresses For the related command see display dhcp snooping Exampl...

Page 243: ... IP address and MAC address bindings recorded through DHCP Snooping For the related command see dhcp snooping Example Display clients IP addresses and MAC addresses recorded through DHCP Snooping Quidway display dhcp snooping IP Address MAC Address 202 38 12 45 00e0 fc00 0006 202 38 12 70 00a3 de01 0005 In the above terminal outputs the IP Addresses are learned from the DHCP broadcast packets and ...

Page 244: ...Any view Parameter none Description Using display fib command you can view the summary of the Forwarding Information Base The information includes destination address mask length next hop current flag and outbound interface Example Display the summary of the Forwarding Information Base Quidway display fib Destination Mask Nexthop Flag TimeStamp Interface 127 0 0 0 8 127 0 0 1 U t 0 InLoopBack0 3 1...

Page 245: ...0 information reply 0 mask requests 0 mask replies 0 time exceeded 0 Table 3 1 Description of the output information of the display icmp statistics command Field Description Input bad formats Number of input packets in bad format bad checksum Number of input packets with wrong checksum echo Number of input output echo request packets destination unreachable Number of input output packets with unre...

Page 246: ...d command see display ip interface vlan interface reset ip statistics Example View statistics about IP packets Quidway display ip statistics Input sum 7120 local 112 bad protocol 0 bad format 0 bad checksum 0 bad options 0 Output forwarding 0 local 27 dropped 0 no route 2 compress fails 0 Fragment input 0 output 0 dropped 0 fragmented 0 couldn t fragment 0 Reassembling sum 0 timeouts 0 Table 3 2 D...

Page 247: ...ckets that cannot be compressed Fragment input Number of input fragments output Number of output fragments dropped Number of dropped fragments fragmented Number of packets that are fragmented couldn t fragment Number of packets that cannot be fragmented Reassembling sum Number of packets that are reassembled timeouts Number of packets that time out 3 1 4 display tcp status Syntax display tcp statu...

Page 248: ...TCP link 3 1 5 reset ip statistics Syntax reset ip statistics View User view Parameter none Description Using reset ip statistics command you can reset the IP statistics information For the related commands see display ip interface vlan interface display ip statistics Example Reset the IP statistics information Quidway reset ip statistics 3 1 6 tcp timer fin timeout Syntax tcp timer fin timeout ti...

Page 249: ...it timer is enabled If the switch does not receive FIN packet before finwait timer timeouts the TCP connection will be terminated For the related command see tcp timer syn timeout tcp window Example Configure the TCP finwait timer value as 800 seconds Quidway tcp timer fin timeout 800 3 1 7 tcp timer syn timeout Syntax tcp timer syn timeout time value undo tcp timer syn timeout View System view Pa...

Page 250: ...p window Syntax tcp window window size undo tcp window View System view Parameter window size The size of the transmission and receiving buffers measured in kilobytes KB whose value ranges from 1 to 32 By default the window size is 4KB Description Using tcp window command you can configure the size of the transmission and receiving buffers of the connection oriented Socket Using undo tcp window co...

Page 251: ...HUAWEI Quidway S2000 Series Ethernet Switches Command Manual 10 System Management ...

Page 252: ...12 reset recycle bin 1 11 1 1 13 rmdir 1 11 1 1 14 undelete 1 12 1 2 Configuration File Management Commands 1 13 1 2 1 reset saved configuration 1 13 1 2 2 save 1 14 1 3 FTP Server Configuration Commands 1 15 1 3 1 display ftp server 1 15 1 3 2 display ftp user 1 16 1 3 3 ftp server 1 16 1 3 4 ftp timeout 1 17 1 3 5 local user 1 18 1 3 6 password 1 19 1 3 7 service type 1 19 1 4 FTP Client Command...

Page 253: ...t Commands 2 1 2 1 1 display mac address aging time 2 1 2 1 2 display mac address 2 2 2 1 3 mac address 2 3 2 1 4 mac address max mac count 2 4 2 1 5 mac address timer 2 5 Chapter 3 Device Management Commands 3 1 3 1 Device Management Commands 3 1 3 1 1 boot boot loader 3 1 3 1 2 boot bootrom 3 1 3 1 3 display boot loader 3 2 3 1 4 display cpu 3 2 3 1 5 display device 3 3 3 1 6 display memory 3 4 ...

Page 254: ...info center loghost 4 26 4 5 8 info center loghost source 4 27 4 5 9 info center monitor channel 4 28 4 5 10 info center snmp channel 4 29 4 5 11 info center source 4 30 4 5 12 info center timestamp 4 32 4 5 13 info center trapbuffer 4 33 4 5 14 reset logbuffer 4 34 4 5 15 reset trapbuffer 4 34 4 5 16 terminal debugging 4 35 4 5 17 terminal logging 4 35 4 5 18 terminal monitor 4 36 4 5 19 terminal...

Page 255: ...isplay rmon eventlog 6 3 6 1 4 display rmon history 6 4 6 1 5 display rmon prialarm 6 5 6 1 6 display rmon statistics 6 6 6 1 7 rmon alarm 6 7 6 1 8 rmon event 6 9 6 1 9 rmon history 6 10 6 1 10 rmon prialarm 6 11 6 1 11 rmon statistics 6 12 Chapter 7 NTP Configuration Commands 7 1 7 1 NTP Configuration Commands 7 1 7 1 1 debugging ntp service 7 1 7 1 2 display ntp service sessions 7 2 7 1 3 displ...

Page 256: ... rsa peer public key 8 3 8 1 5 display ssh server 8 4 8 1 6 display ssh user information 8 5 8 1 7 peer public key end 8 6 8 1 8 protocol inbound 8 6 8 1 9 public key code begin 8 7 8 1 10 public key code end 8 8 8 1 11 rsa local key pair create 8 9 8 1 12 rsa local key pair destroy 8 10 8 1 13 rsa peer public key 8 11 8 1 14 ssh server authentication retries 8 11 8 1 15 ssh server rekey interval ...

Page 257: ... View User view Parameter directory Destination directory By default the directory is the working path configured by the user when the system starts Description Using cd command you can change the current user configuration path on the Ethernet Switch Example Change the current working directory of the switch to flash Quidway cd flash Quidway pwd flash 1 1 2 copy Syntax copy fileurl source fileurl...

Page 258: ... it Example Display current directory information Quidway dir Directory of 0 rw 595 Jul 12 2001 19 41 50 test txt 16125952 bytes total 13975552 bytes free Copy the file test txt and saves it as test bak Quidway copy test txt test bak Copy flash test test txt to flash test test bak confirm y Copyed file flash test test txt flash test test bak Display current directory information Quidway dir Direct...

Page 259: ... recovered with the undelete command or deleted permanently from the recycle bin using the reset recycle bin command Note that if two files with the same name in a directory are deleted only the latest deleted file will be kept in the recycle bin Example Delete the file flash test test txt Quidway delete flash test test txt Delete flash test test txt Y N 1 1 4 dir Syntax dir all file url View User...

Page 260: ... 20 2003 14 28 52 test txt 7932928 bytes total 4966400 bytes free Display all files with the names starting with t in the directory flash test Quidway dir flash test t Directory of flash test rwxrwxrwx 1 noone nogroup 971 Sep 20 2003 14 28 52 test txt 7932928 bytes total 4966400 bytes free Display information about all the files including the deleted files in the directory flash test Quidway dir a...

Page 261: ...rm interactive confirmation on dangerous file operations quiet Do not prompt for the file operations Description Using file prompt command you can modify prompt modes of the file operation on the Ethernet switch If the prompt mode is set as quiet that is no prompt for file operations some non recoverable operations may lead to system damage Example Configure the prompt mode of file operation as qu...

Page 262: ... Example Format flash Quidway format flash All data on Flash will be lost proceed with format Y N y Now begin to format flash please wait for a while Format winc completed 1 1 7 mkdir Syntax mkdir directory View User view Parameter directory Directory name Description Using mkdir command you can create directory in the specified directory on the storage device The directory to be created cannot ha...

Page 263: ...play contents of file test txt Quidway more test txt AppWizard has created this test application for you This file contains a summary of what you will find in each of the files that make up your test application Test dsp This file the project file contains information at the project level and is used to build a single project or subproject Other users can share the project dsp file but they should...

Page 264: ...27 58 test Quidway dir flash test Directory of flash test drwxrwxrwx 1 noone nogroup Sep 20 2003 14 36 11 dd rwxrwxrwx 1 noone nogroup 971 Sep 20 2003 14 40 05 sample txt 7932928 bytes total 4963328 bytes free Move flash test sample txt to flash sample txt Quidway move flash test sample txt flash sample txt Move flash test sample txt to flash sample txt Y N y Moved file flash test sample txt to fl...

Page 265: ...up Sep 20 2003 14 36 11 dd 7932928 bytes total 4963328 bytes free 1 1 10 pwd Syntax pwd View User view Parameter none Description Using pwd command you can view the current path Error may occur without setting the current path Example Display the current path Quidway pwd flash 1 1 11 rename Syntax rename fileurl source fileurl dest View User view Parameter fileurl source Source file name ...

Page 266: ...p 20 2003 10 49 57 QX S5516 VRP31 0 0030 app drwxrwxrwx 1 noone nogroup Sep 20 2003 14 27 58 test rwxrwxrwx 1 noone nogroup 971 Sep 20 2003 14 41 44 sample txt 7932928 bytes total 4963328 bytes free Rename the file sample txt with sample bak Quidway rename sample txt sample bak Rename flash sample txt to flash sample bak Y N y Renamed file flash sample txt to flash sample bak Display the directory...

Page 267: ...et recycle bin command you can permanently delete files from the recycle bin The delete command only puts the file into the recycle bin but reset recycle bin command will delete this file permanently Example Delete the file from the recycle bin Quidway reset recycle bin flash p1h_logic out Clear flash plh_logic out Y N 1 1 13 rmdir Syntax rmdir directory View User view Parameter directory Director...

Page 268: ...he same as an existing directory name If the destination file name is the same as an existing file name prompt whether to overwrite Example Display the information of all the files including the deleted ones in the current directory Quidway dir all Directory of flash drwxrwxrwx 1 noone nogroup Jun 22 2002 02 19 16 shit rwxrwxrwx 1 noone nogroup 971 Jun 30 2003 11 45 19 vrpcfg txt rwxrwxrwx 1 noone...

Page 269: ...oone nogroup 4 Aug 27 2003 16 56 56 snmpboots rwxrwxrwx 1 noone nogroup 2957562 Sep 20 2003 10 49 57 QX S5516 VRP31 0 0030 app drwxrwxrwx 1 noone nogroup Sep 20 2003 14 27 58 test rwxrwxrwx 1 noone nogroup 971 Sep 20 2003 14 54 16 sample bak 7932928 bytes total 4962304 bytes free 1 2 Configuration File Management Commands 1 2 1 reset saved configuration Syntax reset saved configuration View User v...

Page 270: ...ectrified and initialized it will enter setup switch view automatically For the related commands see save display current configuration display saved configuration Example Erase the configuration files from the flash memory of Ethernet Switch Quidway reset saved configuration This will delete the configuration in the flash memory The switch configurations will be erased to reconfigure Are you sure...

Page 271: ...flash memory Please wait for a while Save current configuration to flash memory successfully 1 3 FTP Server Configuration Commands 1 3 1 display ftp server Syntax display ftp server View Any view Parameter none Description Using display ftp server command you can view the parameters of the current FTP Server You can perform this command to verify the configuration after setting FTP parameters Exam...

Page 272: ...meter none Description Using display ftp user command you can view the parameters of current FTP user You can perform this command to examine the configuration after setting FTP parameters Example Show the configuration of FTP user parameters Quidway display ftp user No ftp user 1 3 3 ftp server Syntax ftp sever enable undo ftp sever View System view Parameter enable Start FTP Server ...

Page 273: ...p timeout minute undo ftp timeout View System view Parameter minute Connection timeouts measured in minutes ranging from 1 to 35791 By default the connection timeout time is 30 minutes Description Using ftp timeout command you can configure connection timeout interval Using undo ftp timeout command you can restore the default connection timeout interval After a user logs on to an FTP Server and ha...

Page 274: ...ame the part before namely the user ID cannot exceed 24 characters service type Specifies the service type telnet means that the specified user type is telnet ftp means that the specified user type is ftp lan access means that the specified user type is lan access which mainly refers to Ethernet accessing users 802 1x supplicants for example all All the users Description Using local user command y...

Page 275: ...ing password command you can configure a password display mode for local users Using undo password command you can cancel the specified password display mode If local user password display mode cipher force has been adopted the user efforts of using the password command to set the password display mode to simple text simple will render useless For the related command see display local user Example...

Page 276: ...directory of ftp users directory is a character string of up to 64 characters lan access Specifies user type to lan access which mainly refers to Ethernet accessing users 802 1x supplicants for example Description Using service type command you can configure a service type for a particular user Using undo service type command you can cancel the specified service type for the user Example Set to pr...

Page 277: ...e is ASCII mode Perform this command if the user needs to change the file transmission mode to default mode Example Configure to transmit data in the ASCII mode ftp ascii 200 Type set to A 1 4 2 binary Syntax binary View FTP Client view Parameter none Description Using binary command you can configure file transmission type as binary mode Example Configure to transmit data in the binary mode ftp b...

Page 278: ...connection and data connection with the remote FTP Server Example Terminate connection with the remote FTP Server and return to user view ftp bye 1 4 4 cd Syntax cd pathname View FTP Client view Parameter pathname Path name Description Using cd command you can change the working path on the remote FTP Server This command is used to access another directory on FTP Server Note that the user can only...

Page 279: ...y This command is used to exit the current directory and return to the upper level directory Example Change working path to the upper level directory ftp cdup 1 4 6 close Syntax close View FTP Client view Parameter none Description Using close command user can disconnect FTP client side from FTP server side without exiting FTP client side view That is to say you can terminate the control connectio...

Page 280: ...nt view ftp close 1 4 7 delete Syntax delete remotefile View FTP Client view Parameter remotefile File name Description Using delete command you can cancel the specified file This command is used to delete a file Example Delete the file temp c ftp delete temp c 1 4 8 dir Syntax dir filename localfile View FTP Client view Parameter filename File name to be queried localfile Saved local file name ...

Page 281: ... saves the results in the file temp1 ftp dir temp c temp1 1 4 9 disconnect Syntax disconnect View FTP Client view Parameter none Description Using disconnect command subscribers can disconnect FTP client side from FTP server side without exiting FTP client side view This command terminates the control connection and data connection with the remote FTP Server at the same time Example Terminate conn...

Page 282: ...emote FTP Server and enter FTP Client view Example Connect to FTP Server at the IP address 1 1 1 1 Quidway ftp 1 1 1 1 1 4 11 get Syntax get remotefile localfile View FTP Client view Parameter localfile Local file name remotefile Name of a file on the remote FTP Server Description Using get command you can download a remote file and save it locally If no local file name is specified it will be con...

Page 283: ...Client view Parameter none Description Using lcd command you can view local working path of FTP Client Example Show local working path ftp lcd Local directory now flash temp 1 4 13 ls Syntax ls remotefile localfile View FTP Client view Parameter remotefile Remote file to be queried localfile Saved local file name Description Using ls command you can query a specified file ...

Page 284: ...c 1 4 14 mkdir Syntax mkdir pathname View FTP Client view Parameter pathname Directory name Description Using mkdir command you can create a directory on the remote FTP Server User can perform this operation as long as the remote FTP server has authorized Example Create the directory flash lanswitch on the remote FTP Server ftp mkdir flash lanswitch 1 4 15 passive Syntax passive undo passive View ...

Page 285: ...de is passive mode Example Set the data transmission to passive mode ftp passive 1 4 16 put Syntax put localfile remotefile View FTP Client view Parameter localfile Local file name remotefile File name on the remote FTP Server Description Using put command you can upload a local file to the remote FTP Server If the user does not specify the filename on the remote server the system will consider it...

Page 286: ...r none Description Using pwd command you can view the current directory on the remote FTP Server Example Show the current directory on the remote FTP Server ftp pwd flash temp is current directory 1 4 18 quit Syntax quit View FTP Client view Parameter none Description Using quit command you can terminate the connection with the remote FTP Server and return to user view ...

Page 287: ... remotehelp Syntax remotehelp protocol command View FTP Client view Parameter protocol command FTP protocol command Description Using remotehelp command you can view help information about the FTP protocol command Example Show the syntax of the protocol command user ftp remotehelp user 214 Syntax USER sp username 1 4 20 rmdir Syntax rmdir pathname View FTP Client view Parameter pathname Directory ...

Page 288: ...Example Delete the directory flash temp1 from FTP Server ftp rmdir flash temp1 1 4 21 user Syntax user username password View FTP Client view Parameter username Logon username password Logon password Description Using user command you can register an FTP user Example Log in the FTP Server with username tom and password bjhw ftp user tom bjhw 1 4 22 verbose Syntax verbose undo verbose View FTP Clie...

Page 289: ...ax tftp ascii binary View System view Parameter ascii Text format binary Binary format By default the transmission mode is binary Description Using tftp command you can configure the transmission mode of the TFTP files TFTP transmits files in two modes binary mode for program files and ASCII mode for text files You can perform this command to configure the file transmission mode By default TFTP tr...

Page 290: ...FTP server mmm nnn Specify the filename saved as after downloaded to the switch which can be different from xxx yyy Description Using tftp get command you can download a file xxx yyy from the specified directory of the TFTP server at A A A A and saving it as mmm nnn on the switch For the related commands see tftp tftp put Example Download the file LANSwitch app from the TFTP server at 1 1 3 214 an...

Page 291: ...ss of the TFTP server and the filename to be saved as Description Using tftp put command you can upload a file from the switch to the specified directory on the TFTP server at A A A A and saving it as mmm nnn For the related commands see tftp tftp get Example Upload the vrpcfg txt to the TFTP server at 1 1 3 214 and save it as Temp txt Quidway tftp ascii Quidway tftp put vrpcfg txt 1 1 3 214 temp ...

Page 292: ...ime View Any view Parameter none Description Using display mac address aging time command you can view the aging time of the dynamic entry in the MAC address table For the related commands see mac address mac address timer display mac address Example Display the aging time of the dynamic entry in the MAC address table Quidway display mac address aging time mac address aging time 300s The above inf...

Page 293: ...ils about the interface type interface num and interface name parameters refer to the Port Configuration in this manual count the display information will only contain the sum number of MAC addresses in the MAC address table if user choice this parameter when using this command Description Using display mac address command you can view MAC address table information When managing the Layer 2 addres...

Page 294: ...me Description Using mac address command you can add modify the MAC address table entry Using undo mac address command you can cancel MAC address table entry If the input address has been existed in the address table the original entry will be modified That is replace the interface pointed by this address with the new interface and the entry attribute with the new attribute dynamic entry and stati...

Page 295: ...be learned 0 indicates that no address can be learned via the port Description Using mac address max mac count command you can set a limit to the MAC addresses to be learned by the Ethernet port Using undo mac address max mac count command you can cancel the limit By default there is no limit to the MAC addresses learned via the Ethernet port The port will stop learning MAC address when the amount...

Page 296: ... entry Using undo mac address timer command you can restore the default value Too long or too short aging time set by subscribers will cause the problem that the Ethernet switch broadcasts a great mount of data packets without MAC addresses which will affect the switch operation performance If aging time is set too long the Ethernet switch will store a great number of out of date MAC address table...

Page 297: ...ot boot loader file url View User view Parameter file url Path and name of APP file Description Using boot boot loader command you can configure the app file used for boot of the next time Example Specify the APP application used for boot of next time Quidway boot boot loader PLATV100R002B09D002 APP The specifed file will be booted next time Quidway 3 1 2 boot bootrom Syntax boot bootrom file url ...

Page 298: ...d you can upgrade bootrom Example Upgrade bootrom Quidway boot bootrom PLATV100R002B09D002 btm 3 1 3 display boot loader Syntax display boot loader View Any view Parameter none Description Using display boot loader command you can view APP file used next time Example Quidway display boot loader The app to boot at the next time is PLATV100R002B09D002 APP 3 1 4 display cpu Syntax display cpu View An...

Page 299: ...status of switch 18 in last 5 seconds 19 in last 1 minute 19 in last 5 minutes The CPU occupancy rate is 18 at last 5 seconds The CPU occupancy rate is 19 at last 1 minute The CPU occupancy rate is 19 at last 5 minutes 3 1 5 display device Syntax display device View Any view Parameter none Description Using display device command you can view module type and working status information of each card...

Page 300: ...001 002 360 IVL MAIN The following table describes the displaying information Table 3 2 Output description of the display device command Field Description SlotNo Physical card number SubSNo Sub physical card number namely stack card number PortNum Number of ports PCBVer PCB version number FPGAVer FPGA version number CPLDVer r Hardware version number BootRomVer BootROM software version number AddrL...

Page 301: ...d Rate 40 Table 3 3 Display information Field Description System Total Memory bytes The Total Memory of switch unit in byte Total Used Memory bytes The Total used Memory of switch unit in byte Used Rate The memory used rate 3 1 7 reboot syntax reboot View User view Parameter none Description Using reboot command you can reset the Ethernet Switch when failure occurs Example Reboots the Switch Quidw...

Page 302: ...Y MM DD Specify the current year month and date YYYY ranges from 1993 to 2035 MM ranges from 1 to 12 and DD ranges from 1 to 31 Description Using clock datetime command you can configure the current date and clock of Ethernet Switch By default the date and clock of Ethernet Switch is set as 0 0 0 2000 1 1 The current date and clock of Ethernet Switch must be set in the circumstance that absolute t...

Page 303: ...econd start date Set start time of the summer time input like YYYY MM DD year month day end time Set end time of the summer time input like HH MM SS hour minute second end date Set end time of the summer time input like YYYY MM DD year month day offset time Set offset time of the summer time input like HH MM SS hour minute second Description Using clock summer time command you can set the name sta...

Page 304: ... clock timezone Syntax clock timezone zone_name add minus HH MM SS undo clock timezone View User view Parameter zone_name Name of the time zone which is a character with the length ranging 1 to 32 add The time is adding compared with the UTC minus The time is minus compared with the UTC HH MM SS Time hour minute second Description Using clock timezone command you can set the information of the loc...

Page 305: ...sname Specify the hostname with a character string with the length ranging from1 to 30 characters Description Using sysname command you can configure the hostname of Ethernet Switch By default the hostname of Ethernet Switch is Quidway Changing the hostname name of Ethernet Switch will affect the prompt of command line interface E g the host name of Ethernet Switch is Quidway and the prompt in use...

Page 306: ...can obtain information about system data and time from the terminal display The maximum date and time the system can display is 23 59 59 9999 12 31 For the related commands see clock Example View the current system date and clock Quidway display clock 15 50 45 UTC Mon 2001 2 12 4 2 2 display current configuration Syntax display current configuration controller interface interface type interface nu...

Page 307: ...e regular expression Description Using display current configuration command you can display the currently effective configuration parameters of the switch By default if some running configuration parameters are the same with the default operational parameters they will not be displayed If a user needs to authenticate whether the configurations are correct after finishing a set of configuration th...

Page 308: ...ame format without domain domain system radius scheme system access limit disable state active idle cut disable self service url disable messenger time disable domain default enable system local server nas ip 127 0 0 1 key nec interface Aux0 0 vlan 1 interface Ethernet0 1 interface Ethernet0 2 interface Ethernet0 3 interface Ethernet0 4 interface Ethernet0 5 interface Ethernet0 6 interface Etherne...

Page 309: ...rnet0 17 interface Ethernet0 18 interface Ethernet0 19 interface Ethernet0 20 interface Ethernet0 21 interface Ethernet0 22 interface Ethernet0 23 interface Ethernet0 24 interface NULL0 user interface aux 0 user interface vty 0 4 return View the lines containing the character string 10 in the configuration information The indicates that the 0 before it can appear 0 times or multiple consecutive ti...

Page 310: ...nterface Ethernet0 19 interface Ethernet0 21 View configuration information begin with user Quidway display current configuration include user user interface aux 0 user interface vty 0 4 View the pre positive and post positive configuration information Quidway display current configuration configuration sysname Quidway radius scheme system server type nec primary authentication 127 0 0 1 1645 prim...

Page 311: ...terface num module name View Any view Parameter interface name Specify the Ethernet port name interface type Specify the Ethernet port type interface num Specify the Ethernet port number module name Specify the module name Description Using display debugging command you can view the enabled debugging process Show all the enabled debugging when there is no parameter For the related commands see deb...

Page 312: ...abnormally after electrified execute the display saved configuration command to view the startup configuration of the Ethernet Switch For the related commands see save reset saved configuration display current configuration Example Display configuration files in flash memory of Ethernet Switch Quidway display saved configuration sysname Quidway radius scheme system server type nec primary authenti...

Page 313: ...nas ip 127 0 0 1 key nec interface Aux0 0 vlan 1 interface Ethernet0 1 interface Ethernet0 2 interface Ethernet0 3 interface Ethernet0 4 interface Ethernet0 5 interface Ethernet0 6 interface Ethernet0 7 interface Ethernet0 8 interface Ethernet0 9 interface Ethernet0 10 interface Ethernet0 11 interface Ethernet0 12 interface Ethernet0 13 interface Ethernet0 14 interface Ethernet0 15 interface Ether...

Page 314: ...ace Ethernet0 20 interface Ethernet0 21 interface Ethernet0 22 interface Ethernet0 23 interface Ethernet0 24 interface NULL0 user interface aux 0 user interface vty 0 4 return 4 2 5 display users Syntax display users all View Any view Parameter all display all users connected to the switch Description Using display users command you can view information about users connected to the switch ...

Page 315: ... display version command you can view such information as software version issue date and the basic hardware configurations Example Display the information about the system version Quidway display version Versatile Routing Platform Software VRP R Software Version 3 10 RELEASE 0014 Copyright c Reserved Quidway uptime is 0 week 0 day 3 hours 13 minutes Quidway with 1 MIPS Processor 64M bytes SDRAM 8...

Page 316: ...ing command you can disable the system debugging By default all the debugging processes are disabled Ethernet Switch provides various kinds of debugging functions for technical support personnel and experienced maintenance staff to troubleshoot the network Enabling the debugging will generate a large amount of debugging information and decrease the system efficiency Specially network system may co...

Page 317: ...the Ethernet switch When the Ethernet switch does not run well you can collect all sorts of information about the switch to locate the source of fault However each module has its corresponding display command which make it difficult for you to collect all the information needed In this case you can use display diagnostic information command Example Display all system configuration information Quid...

Page 318: ... socket to be in DEBUGGING mode h ttl Configure TTL value for echo requests to be sent range from 1 to 255 i Configure to choose packet sent on the interface interface type Specify the interface type interface num Specify the interface number interface name Specify the interface name n Configure to take the host parameter as IP address without domain name resolution p pattern is the hexadecimal pa...

Page 319: ...e not recorded z Send ECHO REQUEST according to route selection z Default length of ECHO REQUEST is 56 bytes z Default timeout of ECHO RESPONSE is 2000ms z Do not display other ICMP packets non ECHO RESPONSE z The TOS value of echo requests is 0 The ping command sends ICMP ECHO REQUEST message to the destination If the network to the destination works well then the destination host will send ICMP ...

Page 320: ...tted 5 packets received 0 packet loss round trip min avg max 1 2 3 ms 4 4 2 tracert Syntax tracert a source IP f first TTL m max TTL p port q nqueries w timeout string View Any view Parameter a source IP Configure the source IP address used by tracert command f Configure to verify the f switch first TTL specifies an initial TTL ranging from 0 to the maximum TTL m Configure to verify the m switch m...

Page 321: ...ly till reaching the destination These processes are operated to record the source address of each ICMP TTL timeout so as to provide a path to the destination for an IP packet After ping command finds some error on the network perform tracert to locate the error The output of tracert command includes IP address of all the gateways to the destination If a certain gateway times out output Example Te...

Page 322: ...ay channel channel number channel name View Any view Parameter channel number Channel number ranging from 0 to 9 that is the system has ten channels channel name Specify the channel name the name can be channel6 channel7 channel8 channel9 console logbuffer loghost monitor snmpagent trapbuffer Description Using display channel command you can view the details about the information channel Without p...

Page 323: ...g trap buffer is less than the specified sizeval display the actual log trap information For the related commands see info center enable info center loghost info center logbuffer info center console channel info center monitor channel Example Show the system log information Quidway display info center Information Center enabled Log host 173 168 1 10 channel number 2 channel name loghost language e...

Page 324: ...r channel channel number name channel name undo info center channel channel number View System view Parameter channel number Channel number ranging from 0 to 9 that is system has ten channels channel name Specify the channel name with a character string not exceeding 30 characters excluding or Description Using info center channel name command you can rename a channel specified by the channel numb...

Page 325: ...channel7 channel8 channel9 console logbuffer loghost monitor snmpagent trapbuffer Description Using info center console channel command you can configure the channel through which the log information is output to the console By default Ethernet switches do not output log information to the console This command takes effect only after system logging is started For the related commands see info cent...

Page 326: ...tem output the log information to the info center loghost and console etc For the related commands see info center loghost info center logbuffer info center console channel info center monitor channel display info center Example Enable the system log function Quidway info center enable 4 5 6 info center logbuffer Syntax info center logbuffer channel channel number channel name size buffersize undo...

Page 327: ...enter logbuffer command you can cancel the information output to buffer This command takes effect only after the system logging is enabled For the related commands see info center enable display info center Example Send log information to buffer and sets the size of buffer as 50 Quidway info center logbuffer size 50 4 5 7 info center loghost Syntax info center loghost host ip addr channel channel ...

Page 328: ...ghost to send information to it Using undo info center loghost command you can cancel output to info center loghost By default Ethernet switches do not output information to info center loghost This command takes effect only after the system logging is enabled For the related commands see info center enable display info center Example Configure to send log information to the UNIX workstation at 20...

Page 329: ... of the VLAN interface 1 Quidway info center loghost source vlan interface 1 4 5 9 info center monitor channel Syntax info center monitor channel channel number channel name undo info center monitor channel View System view Parameter channel number Channel number ranging from 0 to 9 that is the system has ten channels channel name Specify the channel name The name can be channel6 channel7 channel8...

Page 330: ...nnel View System view Parameter channel number Channel number ranging from 0 to 9 that is the system has ten channels By default channel 5 is used channel name Specify the channel name The name can be channel6 channel7 channel8 channel9 console logbuffer loghost monitor snmpagent trapbuffer Description Using info center snmp channel command you can configure new channel for transmitting the SNMP i...

Page 331: ...everity Information level do not output information below this level By default the log information level is warnings the trap information level is debugging the debugging information level is debugging Information at different levels is as follows emergencies Level 1 information which cannot be used by the system alerts Level 2 information to be reacted immediately critical Level 3 information cr...

Page 332: ...module log output you can configure to output the logs at a level higher than warnings to the log host and output those higher than informational to the log buffer You can also configure to output the trap information on the IP module to a specified trap host etc The channels for filtering in all the directions are specified by this configuration command All the information will be sent to the cor...

Page 333: ...ter timestamp log trap debugging boot date none undo info center timestamp log trap debugging View System view Parameter log Log information trap Trap information debugging Debugging information boot Time elapsing after system starts Format xxxxxx yyyyyy xxxxxx is the high 32 bits of the elapsed time in milliseconds after system starts and yyyyyy is the low 32 bits date Current system date and tim...

Page 334: ... Configure the channel to output information to trap buffer channel number Channel number ranging from 0 to 9 that is the system has ten channels channel name Specify the channel name Description Using info center trapbuffer command you can output information to the trap buffer Using undo info center trapbuffer command you can cancel output information to trap buffer By default output information ...

Page 335: ...eter none Description Using reset logbuffer command you can reset information in log buffer Example Clear information in log buffer Quidway reset logbuffer 4 5 15 reset trapbuffer Syntax reset trapbuffer View User view Parameter none Description Using reset trapbuffer command you can reset information in trap buffer Example Clear information in trap buffer Quidway reset trapbuffer ...

Page 336: ...ging command you can configure to display the debugging information on the terminal Using undo terminal debugging command you can configure not to display the debugging information on the terminal By default the displaying function is disabled For the related commands see debugging Example Enable the terminal display debugging Quidway terminal debugging 4 5 17 terminal logging Syntax terminal logg...

Page 337: ...nitor Using undo terminal monitor command you can disable these functions By default enable these functions for the console user and disable them for the terminal user This command only takes effect on the current terminal where the commands are input The debugging log trap information can be output to the current terminal beginning in user view When the terminal monitor is shut down no debugging ...

Page 338: ...l monitor 4 5 19 terminal trapping Syntax terminal trapping undo terminal trapping View User view Parameter none Description Using terminal trapping command you can enable terminal trap information display Using undo terminal trapping command you can disable this function By default this function is enabled Example Enable trap information display Quidway terminal trapping ...

Page 339: ...read write View Any view Parameter read display read only community information write display read write community information Description Using display snmp agent community command you can view the currently configured community names Example Display the currently configured community names Quidway display snmp agent community community name public group name public storage type nonVolatile commu...

Page 340: ... command you can view engine ID of current device SNMP engine is the core of SNMP entity It performs the function of sending receiving and authenticating SNMP message extracting PDU packet encapsulation and the communication with SNMP application etc Example Display the engine ID of current device Quidway display snmp agent local engineid SNMP local engineID 00000009020000000C025808 5 1 3 display ...

Page 341: ...bes the output fields Table 5 1 Output description of the display snmp agent group command Field Description groupname SNMP Group name of the user Security model The security model adopted by SNMP readview Read only MIB view name corresponding to that group writeview Writable MIB view corresponding to that group notifyview The name of the notify MIB view corresponding to that group storage type St...

Page 342: ...torage type nonVolatile included active View name ViewDefault MIB Subtree internet Storage type nonVolatile included active View name ViewDefault MIB Subtree snmpUsmMIB Storage type nonVolatile excluded active View name ViewDefault MIB Subtree snmpVacmMIB Storage type nonVolatile excluded active View name ViewDefault MIB Subtree snmpModules 18 Storage type nonVolatile excluded active The following...

Page 343: ... counter for SNMP operations Example Display the current state of SNMP communication Quidway display snmp agent statistics 9 Messages delivered to the SNMP entity 0 Messages which were for an unsupported version 0 Messages which used a SNMP community name not known 0 Messages which represented an illegal operation for the community supplied 0 ASN 1 or BER errors in the process of decoding 9 Messag...

Page 344: ...s accepted and processed 5 1 6 display snmp agent sys info contact Syntax display snmp agent sys info contact View Any view Parameter none Description Using display snmp agent sys info contact command you can view the character string sysContact system contact Example Display the character string sysContact system contact Quidway display snmp agent sys info contact The contact person for this mana...

Page 345: ...ion Quidway display snmp agent sys info location The physical location of this node BeiJing China 5 1 8 display snmp agent sys info version Syntax display snmp agent sys info version View Any view Parameter none Description Using display snmp agent sys info version command you can view the version information about the running SMNMP in the system Example Display the version information of running ...

Page 346: ...nformation of specified group Description Using display snmp agent usm user command you can view information of all the SNMP usernames in the group username list Example Display the information of all the current users Quidway display snmp agent usm user User name authuser Engine ID 00000009020000000C025808 UserStatus active The following table describes the output fields Table 5 3 Output descript...

Page 347: ...device information Description Using snmp agent local engineid command you can configure a name for a local or remote SNMP engine on the Ethernet Switch Using undo snmp agent local engineid command you can restore the default setting of engine ID Device information is determined according to different products It can be IP address MAC address or user defined text However you must use numbers in he...

Page 348: ...undo snmp agent community command you can cancel the settings of community access name Example Configure community name as huawei and permits read only access by this community name Quidway snmp agent community read huawei Configure community name as mgr and permits read write access Quidway snmp agent community write mgr 5 1 12 snmp agent group Syntax snmp agent group v1 v2c group name read view ...

Page 349: ... notify view Configure to allow notify view settings notifyview Specify the notify view name ranging from 1 to 32 bytes acl acl list Set access control list for this group name Description Using snmp agent group command you can configure a new SNMP group that is to map SNMP user to SNMP view Using undo snmp agent group command you can cancel a specified SNMP group For the following reasons z snmp ...

Page 350: ...object subtree It can be a character string of the variable OID or a variable name ranging from 1 to 255 characters Description Using snmp agent mib view command you can create or update the view information Using undo snmp agent mib view command you can cancel the view information By default the view name is v1default OID is 1 3 6 1 Both the character string of OID and the node name can be input ...

Page 351: ... of the SNMP packets received sent by the Agent are different in different network environment Example Set the size of SNMP packet to 1042 bytes Quidway snmp agent packet max size 1042 5 1 15 snmp agent sys info Syntax snmp agent sys info contact sysContact location syslocation version v1 v2c v3 all undo snmp agent sys info contact location version v1 v2c v3 all View System view Parameter sysConta...

Page 352: ...y default the contact information is HuaWei Beijing China the system location is Beijing China the SNMP version is SNMP V3 Example Set system location as Building 3 Room 214 Quidway snmp agent sys info location Building 3 Room 214 5 1 16 snmp agent target host Syntax snmp agent target host trap address udp domain host addr udp port udp port number params securityname community string v1 v2c v3 aut...

Page 353: ...u can configure destination of SNMP notification Using undo snmp agent target host command you can cancel the host that receives SNMP notification The snmp agent target host command and the snmp agent trap enable command should be used at the same time Use the snmp agent trap enable command to enable the device to transmit Trap packets snmp agent trap enable command and snmp agent target host comm...

Page 354: ...igure to send SNMP link up Trap messages warmstart Configure to send SNMP warm start Trap messages Description Using snmp agent trap enable command you can enable the device to send Trap message Using undo snmp agent trap enable command you can disable Trap message sending By default Trap message sending is disabled snmp agent trap enable command and snmp agent target host command should be used a...

Page 355: ...nmp agent trap life command you can configure the timeout of Trap packets Using undo snmp agent trap life command you can restore the default value The set timeout of Trap packet is represented by seconds If time exceeds seconds this Trap packet will be discarded For the related commands see snmp agent trap enable snmp agent target host Example Configure the timeout interval of Trap packet as 60 s...

Page 356: ...p agent target host snmp agent trap life Example Configure the queue length to 200 Quidway snmp agent trap queue size 200 5 1 20 snmp agent trap source Syntax snmp agent trap source vlan interface vlan id undo snmp agent trap source View System view Parameter vlan id Specify the VLAN interface ID ranging from 1 to 4000 Description Using snmp agent trap source command you can configure the source a...

Page 357: ...2 bytes v1 Configure to use V1 safe mode v2c Configure to use V2c safe mode v3 Configure to use V3 safe mode authentication mode Specify the safety level as authentication required md5 MD5 algorithm is adopted in authentication MD5 authentication uses the 128 digit password Computation speed of MD5 is faster than that of SHA sha SHA algorithm is adopted in authentication SHA authentication uses th...

Page 358: ...ed For V1 and V2C this command will add a new community name For V3 it will add a new user for an SNMP group Example Add a user wang for huawei an SNMP group configures to authenticate with MD5 and sets authentication password as pass Quidway snmp agent usm user v3 wang huawei authentication mode md5 pass 5 1 22 undo snmp agent Syntax undo snmp agent View System view Parameter none Description Usi...

Page 359: ...larm information For the related commands see rmon alarm Example Display the RMON alarm information Quidway display rmon alarm Alarm table 1 owned by HUAWEI is VALID Samples absolute value 1 3 6 1 2 1 16 1 1 1 4 1 etherStatsOctets 1 Sampling interval 10 sec Rising threshold 1000 linked with event 1 Falling threshold 100 linked with event 1 When startup enables risingOrFallingAlarm Latest value 0 T...

Page 360: ...arm when exceeding the rising threshold or the falling threshold 6 1 2 display rmon event Syntax display rmon event event table entry View Any view Parameter event table entry Entry index of event table Description Using display rmon event command you can view RMON events The display includes event index in event table owner of the event description to the event action caused by event log or alarm...

Page 361: ...ou can view RMON event log The display includes description about event index in event table description to the event and occurrence time of the latest event counted on system initiate boot time in centisecond Example Show event log of RMON Quidway display rmon eventlog 1 Event table 1 owned by HUAWEI is VALID Generates eventLog 1 1 at 0days 00h 01m 39s Description The 1 3 6 1 2 1 16 1 1 1 4 1 def...

Page 362: ...mon history Syntax display rmon history port num View Any view Parameter port num Ethernet port name Description Using display rmon history command you can view latest RMON history sampling information including utility error number and total packet number For the related commands see rmon history Example Show the RMON history information Quidway display rmon history ethernet 2 1 History control e...

Page 363: ...ast packets Number of multicast packets CRC alignment errors Number of CRC error packets undersized packets Number of undersized packets oversized packets Number of oversized packets fragments Number of undersized and CRC error packets jabbers Number of oversized and CRC error packets collisions Number of collision packets utilization Utilization 6 1 5 display rmon prialarm Syntax display rmon pri...

Page 364: ...hreshold alarm will be triggered Falling threshold Falling threshold When sampling value decreases from normal value to this threshold falling threshold alarm will be triggered linked with event 1 Corresponding event index of ring and falling threshold alarm When startup enables risingOrFallingAlarm Kind of first alarm It may trigger rising threshold alarm or falling threshold alarm or both This e...

Page 365: ...n statistics command Field Description Interface Port HUAWEI Owner VALID The entry corresponding to the index is valid octets Received Sent octets in sampling time packets Packets received sent in sampling time broadcast packets Number of broadcast packets multicast packets Number of multicast packets undersized packets Number of undersized packets oversized packets Number of oversized packets fra...

Page 366: ... threshold ranging from 0 to 2147483647 event entry1 Event number corresponding to the upper limit of threshold ranging from 0 to 65535 falling threshold threshold value2 Falling threshold ranging from 0 to 2147483647 event entry2 Event number corresponding to the falling threshold ranging from 0 to 65535 owner text Specifies the creator of the alarm Length of the character string ranges from 1 to...

Page 367: ...unity that trap message is sent to log trap Log and trap event log trapcommunity Name of the community that trap message is sent to none neither log nor trap event owner rmon station Name of the network management station that creates this entry The length of the character string ranges from 1 to 127 Description Using rmon event command you can add an entry to the event table Using undo rmon event...

Page 368: ...Sampling interval ranging from 5 to 3600 measured in seconds owner text string Creator of the line Length of the character string ranges from 1 to127 Description Using rmon history command you can add an entry to the history control table Using undo rmon history command you can cancel an entry from history control table Perform this command to sample set sample parameter sample time interval and s...

Page 369: ...on alarm des Specifies the alarm description with a length ranging from 0 to 0 127 sampling timer Sets the sampling interval ranging from 10 to 65535 and measured in seconds delta absolute changeratio Specifies the sampling type as delta ratio or absolute ratio threshold value1 Rising threshold value specified with a number greater than 0 event entry1 Corresponding event number to the upper limit ...

Page 370: ...rmon statistics entry number View Ethernet port view Parameter entry number Number of the entry to be added deleted ranging from 1 to 65535 owner text string Creator of the entry Length of the character string ranges from 1 to127 Description Using rmon statistics command you can add an entry to the statistic table Using undo rmon statistics command you can cancel an entry from statistic table RMON...

Page 371: ...entication event filter packet parameter refclock selection synchronization validity all View User view Parameter access NTP access control debugging adjustment NTP clock adjustment debugging all All NTP debugging functions authentication NTP authentication debugging event NTP event debugging filter NTP filter information debugging packet NTP packet debugging parameter NTP clock parameter debuggin...

Page 372: ...erbose Indicate to display the detail information about the sessions Description Using display ntp service sessions command you can display the status of all the sessions maintained by NTP service provided by the local equipment By default the status of all the sessions maintained by NTP service provided by the local equipment will be displayed When you configure this command without the verbose p...

Page 373: ...ock stratum 16 reference clock ID none nominal frequency 100 0000 Hz actual frequency 100 0000 Hz clock precision 2 17 clock offset 0 0000 ms root delay 0 00 ms root dispersion 0 00 ms peer dispersion 0 00 ms reference time 00 00 00 000 UTC Jan 1 1900 00000000 00000000 The following table describes the outputs Table 7 1 NTP service status information Output Meaning clock status unsynchronized Loca...

Page 374: ...eer dispersion Dispersion of the remote NTP server reference time Reference timestamp 7 1 4 display ntp service trace Syntax display ntp service trace ip address View Any view Parameter ip address Specify the IP address of the NTP server serving as the reference clock source Description Using display ntp service trace command you can display the brief information about every NTP server on the way ...

Page 375: ...e is no limit to the access Set authority to access the NTP services on a local Ethernet Switch This is a basic and brief security measure compared to authentication An access request will be matched with peer serve serve only and query only in an ascending order of the limitation The first matched authority will be given Example Give the authority of time request query control and synchronization...

Page 376: ...thentication function Quidway ntp service authentication enable 7 1 7 ntp service authentication keyid Syntax ntp service authentication keyid number authentication mode md5 value undo ntp service authentication keyid number View System view Parameter number Specify the key number and range from 1 to 4294967295 value Specify the value of the key with 1 to 32 ASCII characters Description Using ntp ...

Page 377: ...client command you can disable the NTP broadcast client mode By default the NTP broadcast client mode is disabled Designate an interface on the local Ethernet Switch to receive NTP broadcast messages and operate in broadcast client mode The local Ethernet Switch listens to the broadcast from the server When it receives the first broadcast packet it starts a brief client server mode to switch messa...

Page 378: ...ervice max dynamic sessions command you can set how many sessions can be created locally Using undo ntp service max dynamic sessions command you can resume the default maximum session number By default a local device allows up to 100 sessions Example Set the local equipment to allow up to 50 sessions Quidway ntp service max dynamic sessions 50 7 1 10 ntp service multicast client Syntax ntp service...

Page 379: ... for estimating the network delay Thereafter the local Ethernet Switch enters multicast client mode and continues listening to the multicast and synchronizes the local clock according to the arrived multicast message Example Configure to receive NTP multicast packet via Vlan Interface1 and the multicast group corresponding to these packets located at 224 0 1 1 Quidway interface vlan interface 1 Qu...

Page 380: ...nterface Syntax ntp service source interface interface name interface type interface number undo ntp service source interface View System view Parameter interface name Specify an interface The source IP address of the packets will be taken from the address of the interface interface type Specify the interface type and determine an interface with the interface number parameter interface number Spec...

Page 381: ...ng NTP packets to use the IP address of Vlan Interface1 as their source IP address Quidway ntp service source interface Vlan Interface 1 7 1 13 ntp service in interface disable Syntax ntp service in interface disable undo ntp service in interface disable View VLAN interface view Parameter None Description Using ntp service in interface disable command you can disable an interface to receive NTP me...

Page 382: ...interface name Specify the interface name When a local device sends an NTP message to a peer the source IP address of the message is taken from the address of the interface interface type Specify the interface type and determine an interface together with the interface number parameter interface number Specify the interface number and determine an interface together with the interface type paramet...

Page 383: ...ast server ip address version number authentication keyid keyid source interface interface name interface type interface number priority undo ntp service unicast server ip address View System view Parameter ip address Specify the IP address of a remote server version Define NTP version number number NTP version number ranging from 1 to 3 authentication keyid Define authentication key keyid Key ID ...

Page 384: ...an disable NTP server mode By default version number number defaults to 3 the authentication is disabled and the local server is not the first choice The command announces to use the remote server at ip address as the local time server ip address specifies a host address other than an IP address of broadcast multicast or reference clock By operating in client mode a local device can be synchronize...

Page 385: ...he debugging rsa command you can send the detailed information of RSA algorithm including every process and packet structure to the information center as debugging information Using the undo debugging rsa command you can disable debugging function By default debugging function is disabled For the related commands see rsa local key pair create rsa local key pair destroy Example Enable RSA debugging...

Page 386: ...can disable debugging function By default debugging function is disabled For the related commands see ssh server authentication retries ssh server rekey interval ssh server timeout Example Print debugging information in running SSH Quidway debugging ssh server vty 0 00 23 20 SSH0 starting SSH control process 00 23 20 SSH0 sent protocol version id SSH 1 5 Quidway 1 25 00 23 20 SSH0 protocol version...

Page 387: ...rated at 12 26 33 UTC 2002 4 4 Key name rtvrp_Host Usage Encryption Key Key Data 30470240 AF7DB1D0 DA78944F 53B7B59B 40D425D0 DC9C57D2 A60916C2 1F165807 08B84DDB 5F4DB8E7 A115B74E 2D41D96C AC61D276 AA027E41 DD48DE64 696E0934 EB872805 02030100 01 Key pair was generated at 12 26 45 UTC 2002 4 4 Key name rtvrp_Server Usage Encryption Key Key Data 30670260 C05280D9 BA0D56C8 7BE43379 8634CDE7 83ABA9A2 ...

Page 388: ...reate Example Quidway display rsa peer public key Address Bits Name 1023 abcd 1024 hq 1024 wn1 1024 hq_all Quidway display rsa peer public key name abcd Key name abcd Key address Data 30818602 8180739A 291ABDA7 04F5D93D C8FDF84C 42746319 91C164B0 DF178C55 FA833591 C7D47D53 81D09CE8 2913D7ED F9C08511 D83CA4ED 2B30B809 808EB0D1 F52D045D E40861B7 4A0E1355 23CCD74C AC61F8E5 8C452B2F 3F2DA0DC C48E3306 ...

Page 389: ...val 1 hours SSH Authentication retries 3 times Display SSH sessions Quidway display ssh server session Connection Version Encryption State Username VTY0 1 5 DES Session started Quidway VTY3 1 5 DES Session started router 8 1 6 display ssh user information Command display ssh user information username View Any view Parameter username Valid SSH user named defined by AAA Description Using the display...

Page 390: ... end Command peer public key end View RSA public key view Parameter None Description Using the peer public key end command you can finish editing peer public key and quit from RSA public key view to system view For the related commands see rsa peer public key public key code end Example Quit RSA public key view Quidway rsa peer public key quidway003 Quidway rsa public key peer public key end Quidw...

Page 391: ...SSH cannot take effect yet till you log onto the system next time If SSH protocol is specified to ensure a successful logon you must configure the AAA authentication using the authentication mode scheme command The protocol inbound ssh configuration fails if you configure authentication mode password and authentication mode none For the related commands see user interface vty Example Disable Telne...

Page 392: ... public key code begin Quidway rsa key code 308186028180739A291ABDA704F5D93DC8FDF84C427463 Quidway rsa key code 1991C164B0DF178C55FA833591C7D47D5381D09CE82913 Quidway rsa key code D7EDF9C08511D83CA4ED2B30B809808EB0D1F52D045DE4 Quidway rsa key code 0861B74A0E135523CCD74CAC61F8E58C452B2F3F2DA0DC Quidway rsa key code C48E3306367FE187BDD944018B3B69F3CBB0A573202C16 Quidway rsa key code BB2FC1ACF3EC8F82...

Page 393: ...u have configured RSA key the system gives an alarm after using this command and prompts that the existing one will be replaced The key naming format is switch name plus server and switch name plus host for example Quidway_host and Quidway_server The configuration result of this command will not be stored in the configuration file The system prompts you to key in bit range for which the server key...

Page 394: ... the key modulus is greater than 512 It will take a few minutes How many bits in the modulus 512 512 Generating keys Quidway 8 1 12 rsa local key pair destroy Command rsa local key pair destroy View System view Parameter None Description Using the rsa local key pair destroy command you can remove all RSA key pairs at the server including Host key pair and Server key pair Acknowledgement informatio...

Page 395: ...key name Public key name Description Using the rsa peer public key command you can enter the RSA public key view When using this command together with the public key code begin command you can configure the public key at the client which is generated randomly by the client program supporting SSH1 5 For the related commands see public key code begin public key code end Example Enter the RSA public ...

Page 396: ...lue By default it is 3 For the related command see display ssh server Example Define the authentication retry times value as 4 Quidway ssh server authentication retries 4 8 1 15 ssh server rekey interval Command ssh server rekey interval hours undo ssh server rekey interval View System view Parameter hours Defines key update interval in the range of 1 24 hours Description Using the ssh server reke...

Page 397: ...meout value in the range of 1 120 seconds Description Using the ssh server timeout command you can define timeout value for SSH registration authentication which takes effect at next logon Using the undo ssh server timeout command you can restore the default value By default the timeout value is 60 seconds For the related commands see display ssh server Example Define the registration timeout valu...

Page 398: ...sociation For a user who has been associated with a public key the command associates him her with the new public key The newly configured users take effect at the next logon For the related command see display ssh user information Example Associate the key 1 with the zhangsan Quidway ssh user zhangsan assign rsa key key1 Quidway 8 1 18 ssh user username authentication type Command ssh user userna...

Page 399: ...d user Using the undo ssh user username authentication type command you can restore the default mode in which logon fails By default user can t logon the switch through SSH or TELNET so you have to specify authentication type for a new user The new configuration takes effects at the next logon For the related commands see display ssh user information Example Specify zhangsan s authentication type ...

Page 400: ...HUAWEI Quidway S2000 Series Ethernet Switches Command Manual 11 Appendix ...

Page 401: ...gement 1 16 arp static Network Protocol 1 1 arp timer aging Network Protocol 1 2 ascii System Management 1 20 attribute Security 2 1 authentication mode Getting Started 1 1 auto build Integrated Management 1 17 auto execute command Getting Started 1 2 B binary System Management 1 21 boot boot loader System Management 3 1 boot bootrom System Management 3 1 broadcast suppression Port 1 1 build Integ...

Page 402: ...lticast Protocol 1 1 debugging ntp service System Management 7 1 delete System Management 1 2 delete System Management 1 24 delete member Integrated Management 1 21 description Getting Started 2 1 description Port 1 1 description VLAN 1 1 dhcp snooping Network Protocol 2 1 dir System Management 1 3 dir System Management 1 24 disconnect System Management 1 25 display acl config QoS ACL 1 2 display ...

Page 403: ...ay habp Security 3 1 display habp table Security 3 2 display habp traffic Security 3 2 display history command Getting Started 1 4 display icmp statistics Network Protocol 3 1 display igmp snooping configuration Multicast Protocol 2 1 display igmp snooping group Multicast Protocol 2 2 display igmp snooping statistics Multicast Protocol 2 3 display info center System Management 4 22 display interfa...

Page 404: ...rmon eventlog System Management 6 3 display rmon history System Management 6 4 display rmon prialarm System Management 6 5 display rmon statistics System Management 6 6 display saved configuration System Management 4 11 display snmp agent System Management 5 2 display snmp agent community System Management 5 1 display snmp agent group System Management 5 2 display snmp agent mib view System Manage...

Page 405: ...Security 1 11 dot1x timer handshake period Security 1 12 duplex Port 1 6 E F file prompt System Management 1 5 flow control Getting Started 1 7 flow control Port 1 7 format System Management 1 5 free user interface Getting Started 1 7 ftp System Management 1 25 ftp server System Management 1 16 ftp timeout System Management 1 17 ftp server Integrated Management 1 27 G garp timer VLAN 3 2 garp time...

Page 406: ...center logbuffer System Management 4 25 info center loghost System Management 4 26 info center loghost source System Management 4 27 info center monitor channel System Management 4 28 info center snmp channel System Management 4 29 info center source System Management 4 29 info center switch on System Management 4 31 info center timestamp System Management 4 32 info center trapbuffer System Manage...

Page 407: ... detection interval time Port 1 11 loopback detection per vlan enable Port 1 12 ls System Management 1 27 M mac address System Management 2 3 mac address max mac count System Management 2 4 mac address timer System Management 2 5 mdi Port 1 12 mkdir System Management 1 6 mkdir System Management 1 28 monitor port Port 3 1 more System Management 1 7 move System Management 1 7 N ndp enable Integrated...

Page 408: ...m Management 7 9 ntp service source interface System Management 7 10 ntp service unicast peer System Management 7 12 ntp service unicast server System Management 7 13 O P parity Getting Started 1 11 passive System Management 1 28 password Security 2 11 password System Management 1 19 ping System Management 4 17 port VLAN 1 2 port access vlan Port 1 13 port hybrid pvid vlan Port 1 13 port hybrid vl...

Page 409: ...3 4 reset igmp snooping statistics Multicast Protocol 2 7 reset ip statistics Network Protocol 3 5 reset logbuffer System Management 4 34 reset ndp statistics Integrated Management 1 6 reset recycle bin System Management 1 11 reset saved configuration System Management 1 13 reset stop accounting buffer Security 2 24 reset stp STP 1 2 reset trapbuffer System Management 4 35 retry Security 2 25 retr...

Page 410: ...ACL 3 3 snmp agent group System Management 5 10 snmp agent local engineid System Management 5 9 snmp agent mib view System Management 5 12 snmp agent packet max size System Management 5 12 snmp agent sys info System Management 5 13 snmp agent target host System Management 5 14 snmp agent trap enable System Management 5 16 snmp agent trap life System Management 5 17 snmp agent trap queue size Syste...

Page 411: ...ting Started 1 19 sysname Getting Started 1 20 sysname System Management 4 4 system view Getting Started 1 20 T tcp timer fin timeout Network Protocol 3 5 tcp timer syn timeout Network Protocol 3 6 tcp window Network Protocol 3 7 telnet Getting Started 1 21 terminal debugging System Management 4 35 terminal logging System Management 4 36 terminal monitor System Management 4 36 terminal trapping Sy...

Page 412: ...t 1 12 undo snmp agent System Management 5 20 unknown multicast drop enable Multicast Protocol 3 1 user System Management 1 32 user privilege level Getting Started 1 22 user interface Getting Started 1 22 user name format Security 2 34 V verbose System Management 1 32 vlan VLAN 1 3 vlan enable disable VLAN 1 4 W X Y Z ...