Quidway s6500 Series Ethernet Switches Command Manual

HUAWEI
1. Getting Started
2. Port
3. VLAN
4. Network Protocol
5. Routing Protocol
6. Multicast Protocol
7. QoS/ACL
8. STP
9. Security
10. Reliability
11. System Management
12. PoE
13. Appendix
Quidway S6500 Series Ethernet Switches

Command Manual
Release 3000 Series
Huawei Technologies Proprietary

Command Manual
Manual Version
T2-081933-20051118-C-2.01
Product Version
Release 3000 Series
BOM
3119A033
Huawei Technologies Co., Ltd. provides customers with comprehensive technical support
and service. If you purchase the products from the sales agent of Huawei Technologies Co.,
Ltd., please contact our sales agent. If you purchase the products from Huawei
Technologies Co., Ltd. directly, Please feel free to contact our local office, customer care
center or company headquarters.
Huawei Technologies Co., Ltd.

Address: Administration Building, Huawei Technologies Co., Ltd.,
Bantian, Longgang District, Shenzhen, P. R. China
Postal Code: 518129
Website: http://www.huawei.com
Copyright 2005 Huawei Technologies Co., Ltd.
All Rights Reserved

No part of this manual may be reproduced or transmitted in any form or by any
means without prior written consent of Huawei Technologies Co., Ltd.
Trademarks
, HUAWEI, C&C08, EAST8000, HONET,
, ViewPoint, INtess, ETS, DMC,
M900/M1800,
TELLIN, InfoLink, Netkey, Quidway, SYNLOCK, Radium,
TELESIGHT, Quidview, Musa, Airbridge, Tellwin, Inmedia, VRP, DOPRA,
iTELLIN, HUAWEI OptiX, C&C08 iNET, NETENGINE, OptiX, iSite, U-SYS, iMUSE,
OpenEye, Lansway, SmartAX, infoX, and TopEng are trademarks of Huawei
Technologies Co., Ltd.
All other trademarks and trade names mentioned in this manual are the property of
their respective holders.
Notice
The information in this manual is subject to change without notice. Every effort has
been made in the preparation of this manual to ensure accuracy of the contents,
but all statements, information, and recommendations in this manual do not
constitute the warranty of any kind, express or implied.
About This Manual

Release Notes
The product version that corresponds to the manual is Release 3000 Series.
Related Manuals
The following manuals provide more information about the Quidway S6500 Series
Ethernet Switches.
Manual
Content
Quidway S6500 Series Ethernet

Switches Installation Manual
It provides information for the system

installation.
Quidway S6502 Ethernet Switch

Installation Manual
It provides information for the S6502

installation.
Quidway S6500 Series Ethernet

Switches Operation Manual
It is used for assisting the users in data

configurations and typical applications.
Organization
Command Manual consists of the
following parts:
z
Getting Started
Introduces the commands used for accessing the Ethernet Switch.

z
Port
Introduces the commands used for configuring Ethernet port and link aggregation.
z
VLAN
This module introduces the commands used for configuring VLAN, GARP, and
GVRP.
z
Network Protocol
Introduces the commands used for configuring network protocols.

z
Routing Protocol
Introduces the commands used for configuring routing protocols.
Multicast Protocol
Introduces the commands used for configuring multicast protocols.

QoS/ACL
Introduces the commands used for configuring traffic classification and access control
list (ACL).
STP
Introduces the commands used for configuring STP.

Security
Introduces the commands used for security configuration.

Reliability
Introduces the commands used for reliability configuration.

System Management
Introduces the commands used for system management and maintenance.

PoE
Introduces the commands used for PoE configuration.

Appendix
Includes all the commands in this command manual, which are arranged
alphabetically.
Intended Audience
The manual is intended for the following readers:
z
Network engineers
Network administrators
Customers who are familiar with network fundamentals
Conventions
The manual uses the following conventions:
I. General conventions
Convention
Description
Arial
Normal paragraphs are in Arial.
Boldface
Headings are in Boldface.
Courier New
Terminal Display is in Courier New.
II. Command conventions

Convention
Description
Boldface
The keywords of a command line are in Boldface.
italic
Command arguments are in italic.
[]
Items (keywords or arguments) in square brackets [ ] are

optional.
{ x | y | ... }
Alternative items are grouped in braces and separated by

vertical bars. One is selected.
[ x | y | ... ]
Optional alternative items are grouped in square brackets

and separated by vertical bars. One or none is selected.
{ x | y | ... } *
Alternative items are grouped in braces and separated by

vertical bars. A minimum of one or a maximum of all can be
selected.
[ x | y | ... ] *
Optional alternative items are grouped in square brackets

and separated by vertical bars. Many or none can be
selected.
A line starting with the # sign is comments.
III. GUI conventions

Convention
Description
<>
Button names are inside angle brackets. For example, click

the <OK> button.
[]
Window names, menu items, data table and field names

are inside square brackets. For example, pop up the [New
User] window.
Multi-level menus are separated by forward slashes. For

example, [File/Create/Folder].
IV. Keyboard operation

Format
Description
<Key>
Press the key with the key name inside angle brackets. For
example, <Enter>, <Tab>, <Backspace>, or <A>.
<Key1+Key2>
Press the keys concurrently. For example, <Ctrl+Alt+A>

means the three keys should be pressed concurrently.
<Key1, Key2>
Press the keys in turn. For example, <Alt, A> means the
two keys should be pressed in turn.
V. Mouse operation
Action
Description
Select
Press and hold the primary mouse button (left mouse

button by default).
Click
Select and release the primary mouse button without

moving the pointer.
Double-Click
Press the primary mouse button twice continuously and

quickly without moving the pointer.
Drag
Press and hold the primary mouse button and move the
pointer to a certain position.
VI. Symbols
Eye-catching symbols are also used in the manual to highlight the points worthy of
special attention during the operation. They are defined as follows:
Caution, Warning: Means reader be extremely careful during the operation.

Note: Means a complementary description.
HUAWEI

Command Manual
Getting Started
Command Manual - Getting Started

Table of Contents
Table of Contents
Chapter 1 Logging in Ethernet Switch Commands ................................................................... 1-1
1.1 Logging in Ethernet Switch Commands ............................................................................ 1-1
1.1.1 authentication-mode................................................................................................ 1-1
1.1.2 auto-execute command........................................................................................... 1-2
1.1.3 command-privilege level ......................................................................................... 1-2
1.1.4 databits.................................................................................................................... 1-3
1.1.5 display history-command ........................................................................................ 1-4
1.1.6 display user-interface .............................................................................................. 1-4
1.1.7 display users ........................................................................................................... 1-6
1.1.8 flow-control .............................................................................................................. 1-7
1.1.9 free user-interface ................................................................................................... 1-7
1.1.10 header ................................................................................................................... 1-8
1.1.11 history-command max-size ................................................................................. 1-10
1.1.12 idle-timeout.......................................................................................................... 1-10
1.1.13 language-mode ................................................................................................... 1-11
1.1.14 lock ...................................................................................................................... 1-12
1.1.15 modem ................................................................................................................ 1-12
1.1.16 modem auto-answer ........................................................................................... 1-13
1.1.17 modem timer answer........................................................................................... 1-13
1.1.18 parity.................................................................................................................... 1-14
1.1.19 protocol inbound.................................................................................................. 1-15
1.1.20 quit....................................................................................................................... 1-15
1.1.21 return ................................................................................................................... 1-16
1.1.22 screen-length....................................................................................................... 1-16
1.1.23 send..................................................................................................................... 1-17
1.1.24 service-type ......................................................................................................... 1-17
1.1.25 set authentication password................................................................................ 1-19
1.1.26 shell ..................................................................................................................... 1-20
1.1.27 speed................................................................................................................... 1-21
1.1.28 stopbits ................................................................................................................ 1-22
1.1.29 super ................................................................................................................... 1-22
1.1.30 super password ................................................................................................... 1-23
1.1.31 sysname .............................................................................................................. 1-24
1.1.32 system-view......................................................................................................... 1-24
1.1.33 telnet.................................................................................................................... 1-25
1.1.34 user-interface ...................................................................................................... 1-26
1.1.35 user privilege level .............................................................................................. 1-26

i

Chapter 1 Logging in Ethernet Switch Commands

1.1 Logging in Ethernet Switch Commands
1.1.1 authentication-mode
Syntax
authentication-mode { password | scheme | none }
View
User interface view
Parameter
password: Perform local password authentication.
scheme: Perform local or remote authentication of username and password.
none: No authentication.
Description
Using authentication-mode command, you can configure the authentication method
for login user. Using authentication-mode none command, you can configure no
authentication.
This command with the password parameter indicates to perform local password
authentication, that is, you need to configure a login password using the set
authentication password { cipher | simple } password command.
This command with the scheme parameter indicates to perform authentication of local
or remote username and password. The type of the authentication depends on your
configuration. For detailed information, see Security section.
By default, users logging in via the Console port do not need to pass any terminal
authentication, whereas the password is required for authenticating the Modem and
Telnet users when they log in.
Example
# Configure local password authentication.
[Quidway-ui-aux0] authentication-mode password

1-1

1.1.2 auto-execute command

Syntax
auto-execute command text
undo auto-execute command
View
User interface view
Parameter
text: Specifies the command to be run automatically.
Description
Using auto-execute command command, you can configure to automatically run a
specified command. When a user logs in, the command configured will be executed
automatically. Using undo auto-execute command command, you can configure not
to run the command automatically.
This command is usually used to configure the telnet command on the terminal, which
will connect the user to a designated device automatically.
By default, auto run is disabled.
Caution:
z
If you execute this command, the user-interface can no longer be used to perform
routine configurations on the local system. Therefore use caution when using this
command.
Ensure that you will be able to log into the system in some other way to cancel the
configuration, before you configure the auto-execute command command and
save the configuration.
Example
# Configure to automatically telnet 10.110.100.1 after the user logs in via VTY 0.
[Quidway-ui-vty0] auto-execute command telnet 10.110.100.1
1.1.3 command-privilege level

Syntax
command-privilege level level view view command
1-2

undo command-privilege view view command
View
System view
Parameter
level: Specifies the command level, ranging from 0 to 3.
view: Specifies the command view, which can be any of the views supported by the
switch.
command: Specifies the command to be configured.
Description
Using command-privilege level command, you can configure the priority of the
specifically command of the specifically view. Using undo command-privilege view
command, you can restore the default command priority.
The command levels include visit, monitoring, system, and management, which are
identified as 0 through 3 respectively. The network administrator can customize the
command levels as needed.
Example
# Configure the precedence of the command "interface" in system view as 0.
[Quidway] command-privilege level 0 view system interface
1.1.4 databits
Syntax
databits { 7 | 8 }
undo databits
View
User interface view
Parameter
7: The data bits are 7.
8: The data bits are 8.
Description
Using databits command, you can configure the data bits for AUX (Console) port.
Using undo databits command, you can restore the default bits of the AUX (Console).
This command can only be performed in AUX user interface view.

1-3

By default, the value is 8.
Example
# Configure the data bits of AUX (Console) port to 7 bits.
[Quidway-ui-aux0] databits 7
1.1.5 display history-command

Syntax
display history-command
View
Any view
Parameter
None
Description
Using display history-command command, you can view the saved history
commands.
For the related command, see history-command max-size.
Example
# Display history commands.
<Quidway> display history-command
sys
quit
display his
1.1.6 display user-interface

Syntax
display user-interface [ type number | number ] [ summary ]
View
Any view
Parameter
type: Specifies the type of a user interface.
number: Specifies the number of a user interface.
summary: Display the summary of a user interface.
1-4

Description
Using display user-interface command, you can view the relational information of the
user interface. This command without the summary parameter displays user interface
type, absolute/relative index, transmission speed, priority, authentication methods, and
physical location. This command with the summary parameter displays one user
interface in use totally and user interface name etc.
Example
# Display the relational information of user interface 0.
<Quidway> display user-interface 0
Idx
F 0
Type
Tx/Rx
Modem Privi Auth
Int
AUX 0
9600
: Current user-interface is active.
: Current user-interface is active and work in async mode.
Idx
: Absolute index of user-interface.
Type : Type and relative index of user-interface.

Privi: The privilege of user-interface.
Auth : The authentication mode of user-interface.
Int
: The physical location of UIs.
: Authentication use AAA.
: Current UI need not authentication.
: Authentication use current UI's password.
Table 1-1 Output description of the display user-interface command

Field
Description
Current user interface is in use
Current user interface is in use and work in asynchronous mode
Idx
Absolute index of user interface
Type
Type and relative index of user interface
Tx/Rx
User interface speed
Modem
Modem operation mode
Privi
Which levels of commands can be used after logging in from the user
interface
Auth
User interface authentication method
Int
The physical location of user interfaces
# Display the summary information of user interface 0.

1-5

<Quidway> display user-interface 0 summary

0: U
1 character mode users.
(U)
1 total UIs in use.

UI's name: aux0
Table 1-2 Output description of the display user-interface summary command

Field
Description
0: U
User interface type
1 character mode users.
One type user interface
1 total UIs in use.
One user interface in use totally
UI's name
User interface name
1.1.7 display users

Syntax
display users [ all ]
View
Any view
Parameter
all: Display the information of all user interfaces.
Description
Using display users command, you can view the information of the user interface.
Example
# Display the information of the current user interface.
[Quidway] display users
UI
F 0
AUX 0
Delay
Type
Ipaddress
Username
00:00:00
Table 1-3 Output description of the display users command

Field
Description
Current user interface is in use and work in asynchronous mode.
UI
Number of the first list is the absolute number of user interface.

Number of the second list is the relative number of user interface.
1-6

Field
Description
Delay
Indicates the interval from the latest input till now in seconds.
Type
User type
IPaddress
Displays initial connection location, namely the host IP address of

the incoming connection.
Username
Display the name of the user using this user interface, namely the
login username of the user.
1.1.8 flow-control
Syntax
flow-control { hardware | none | software }
undo flow-control
View
User interface view
Parameter
hardware: Configures to perform hardware flow control.
none: Configures no flow control.
software: Configures to perform software flow control.
Description
Using flow-control command, you can configure the flow control mode on AUX
(Console) port. Using undo flow-control command, you can restore the default flow
control mode.
By default, the value is none. That is, no flow control will be performed.
Example
# Configure software flow control on AUX (Console) port.
[Quidway-ui-aux0] flow-control software
1.1.9 free user-interface

Syntax
free user-interface [ type ] number

1-7

View
User view
Parameter
type: Specifies the user interface type.
number: Specifies the absolute/relative number of the user interface. Configured
together with the type, it will specify the user interface number of the corresponding
type. If the type is not specified, number will specify an absolute user interface number.
Description
Using free user-interface command, you can clear a user of a specified user interface.
The user interface will be disconnected after the command is executed.
Note that the user of the current user interface cannot be cleared.
Example
# Clear the user of the user interface 1 after logging in to the switch via user interface 0.
<Quidway> free user-interface 1
After the command is executed, user interface 1 will be disconnected. It will not be
connected to the switch until you log in via the user interface 1 for the next time.
1.1.10 header
Syntax
header [ shell | incoming | login ] text
undo header [ shell | incoming | login ]
View
System view
Parameter
login: Login information in case of authentication. It is displayed before the user is
prompted to enter user name and password.
shell: User conversation established header, the information output after user
conversation has been established. If authentication is required, it is prompted after the
user passes authentication.
incoming: Login header, the information output after a Modem user logs in. If
authentication is required, it is prompted after the user passes authentication. In this
case, no shell information is output.
text: Specifies the title text. If you do not choose any keyword in the command, the
system displays the login information by default. The system supports two types of
1-8

input modes: one is to input all the text in one line, and altogether 256 characters can
be input; the other is to input all the text in several lines using the <Enter> key. The text
starts and ends with the first character. After inputting the end character, press the
<Enter> key to exit the interact process.
Description
Using header command, you can configure to display header when user login. Using
undo header command, you can configure not to display the header.
When the users log in the switch, if a connection is activated, the login header will be
displayed. After the user successfully logs in the switch, the shell header will be
displayed.
Note that if you press <Enter> after typing any of the three keywords shell, login and
incoming in the command, then what you type after the word header is the contents of
the login information, instead of identifying header type.
You can judge whether the initial character can be used as the header contents this
way:
1)
If there is only one character in the first line and it is used as the identifier, this
initial character pairs with the ending character and is not the header contents.
2)
If there are many characters in the first line but the initial and ending characters
are different, this initial character pairs with the ending character and is the header
contents.
3)
There are many characters in the first line and the initial character is identical with
the ending character, this initial character is not the header contents.
Example
# Configure the header of setting up a session.
Mode 1: Input in one line
[Quidway] header shell %SHELL: Hello! Welcome% (The starting and ending
characters must be the same, and press the <Enter> key to finish a line)
When you log on the switch again, the terminal displays the configured session
establishment title.
[Quidway] quit
<Quidway> quit
Please press ENTER
SHELL: Hello! Welcome (The initial character % is not the header contents)
<Quidway>
Mode 2: Input in several lines
[Quidway] header shell % SHELL: (After you pressing the <Enter> key, the system
prompts the following message:)
1-9

Input banner text, and quit with the character '%'.
Go on inputting the rest text and end your input with the first letter:
Hello! Welcome % (Press the <Enter> key)
[Quidway]
When you log on the switch again, the terminal displays the configured session
establishment title.
[Quidway] quit
<Quidway> quit
Please press ENTER
%SHELL: (The initial character % is the header contents)
Hello! Welcome
<Quidway>
1.1.11 history-command max-size

Syntax
history-command max-size value
undo history-command max-size
View
User interface view
Parameter
value: Defines the size of the history buffer, ranging from 0 to 256. By default, the size is
10, that is, 10 history commands can be saved.
Description
Using history-command max-size command, you can configure the size of the history
command buffer. Using undo history-command max-size command, you can restore
default size of the history command buffer.
Example
# Set the history buffer to 20, namely saving 20 history commands.
[Quidway-ui-aux0] history-command max-size 20
1.1.12 idle-timeout
Syntax
idle-timeout minutes [ seconds ]

1-10

undo idle-timeout
View
User interface view
Parameter
minutes: Specifies the minute, ranging from 0 to 35791.
seconds: Specifies the second, ranging from 0 to 59.
Description
Using idle-timeout command, you can configure the timeout function. If there is no
user operation performed before idle-timeout expires, the user interface will be
disconnected. Using undo idle-timeout command, you can restore the default
idle-timeout.
idle-timeout 0 means disabling idle-timeout.
By default, idle-timeout is set to 10 minutes.
Example
# Configure the timeout value to 1 minute on the AUX user interface.
[Quidway-ui-aux0] idle-timeout 1 0
1.1.13 language-mode
Syntax
language-mode { chinese | english }
View
User view
Parameter
chinese: Configures the language environment of command line interface as Chinese.
english: Configures the language environment of command line interface as English.
Description
Using language-mode command, you can switch between different language
environments of command line interface for convenience of different users.
By default, the value is English.
Example
# Switch from English mode to Chinese mode.

1-11

<Quidway> language-mode chinese
1.1.14 lock
Syntax
lock
View
User view
Parameter
none
Description
Using lock command, you can lock the user interface to prevent unauthorized user
from operating it.
Example
# Lock the current user interface.
<Quidway> lock
Password: xxxx
Again: xxxx
1.1.15 modem
Syntax
modem [ call-in | both ]
undo modem [ call-in | both ]
View
User interface view
Parameter
call-in: Configures to allow call-in.
both: Configures to allow call-in and call-out.
Description
Using modem command, you can configure the call-in and call-out attributes of the
Modem. Using undo modem command, you can cancel the configuration of Modem
call-in and call-out attributes.
The modem command without parameters is used to allow call-in and call-out.
1-12

The undo modem command without parameters is used to ban call-in and call-out.
Example
# Configure to allow call-in and call-out of Modem on the AUX (Console) port.
[Quidway-ui-aux0] modem both
1.1.16 modem auto-answer

Syntax
modem auto-answer
undo modem auto-answer
View
User interface view
Parameter
none
Description
Using modem auto-answer command, you can configure the answer mode as
auto-answer. Using undo modem auto-answer command, you can configure the
answer mode as manual answer.
By default, the mode is set to manual answer.
Example
# Configure the answer mode of the Modem on the AUX (Console) port as
auto-answer.
[Quidway-ui-aux0] modem auto-answer
1.1.17 modem timer answer

Syntax
modem timer answer seconds
undo modem timer answer
View
User interface view

1-13

Parameter
seconds: Specifies the timer answer in seconds, ranging from 1 to 60.The default value
is 30s.
Description
Using modem timer answer command, you can configure the timer answer from
off-hook to carrier detected when establishing the call in connection. Using undo
modem timer answer command, you can restore the default timeout value.
Example
# Set the timer answer of AUX 0 to 45s.
[Quidway-ui-aux0] modem timer answer 45
1.1.18 parity
Syntax
parity { even | mark | none | odd | space }
undo parity
View
User interface view
Parameter
even: Configures to perform even parity.
mark: Configures to perform mark parity.
none: Configures not to perform parity.
odd: Configures to perform odd parity.
space: Configures to perform space parity.
Description
Using parity command, you can configure the parity mode on AUX (Console) port.
Using undo parity command, you can restore the default parity mode.
By default, the mode is set to none.
Example
# Set mark parity on the AUX (Console) port.
[Quidway-ui-aux0] parity mark

1-14

1.1.19 protocol inbound

Syntax
protocol inbound { all | ssh | telnet }
View
VTY user interface view
Parameter
all: Supports both Telnet and SSH protocols.
ssh: Supports only SSH protocol.
telnet: Supports only Telnet protocol.
Description
Using the protocol inbound command, you can configure the protocols supported by
a designated user interface.
By default, the user interface supports Telnet and SSH protocols.
For the related commands, see user-interface vty.
Example
# Configure SSH protocol supported by VTY0 user interface.
[Quidway-ui-vty0] protocol inbound ssh
1.1.20 quit
Syntax
quit
View
Any view
Parameter
none
Description
Using quit command, you can return to the lower level view from the current view. If the
current view is user view, you can quit the system.
There are three levels of views, which are listed from low to high as follows:
z
User view
System view

1-15

z
VLAN view, Ethernet port view, and so on.
For the related commands, see return, system-view.
Example
# Return to user view from system view.
[Quidway] quit
<Quidway>
1.1.21 return
Syntax
return
View
System view or above
Parameter
none
Description
Using return command, you can return to user view from a view other than user view.
Combination key <Ctrl+Z> performs the same function with the return command.
For the related command, see quit.
Example
# Return to user view from system view.
[Quidway] return
<Quidway>
1.1.22 screen-length
Syntax
screen-length screen-length
undo screen-length
View
User interface view

1-16

Parameter
screen-length: Specifies how many lines can be displayed on a screen, ranging from 0
to 512. The default value is 24.
Description
Using screen-length command, you can configure how many lines that can be
displayed on a screen of the terminal. Using undo screen-length command, you can
restore the default number of terminal information lines displayed on the terminal
screen.
The screen-length 0 command is used to disable this function.
Example
# Configure the lines that can be displayed on a screen as 20 lines.
[Quidway-ui-aux0] screen-length 20
1.1.23 send
Syntax
send { all | number | type number }
View
User view
Parameter
all: Configures to send message to all user interfaces.
type: Specifies the user interface type, which can be aux or vty.
number: Specifies the absolute/relative number of the user interface.
Description
Using send command, you can send messages between different user interfaces.
Example
# Send message to all the user interfaces.
<Quidway> send all
1.1.24 service-type
Syntax
service-type { ftp [ ftp-directory directory ] | lan-access | { ssh | telnet | terminal }*
[ level level ] }

1-17

undo service-type { ftp [ ftp-directory ] | lan-access | { ssh | telnet | terminal }*

[ level level ] }
View
Local user view
Parameter
telnet: Specifies user type as Telnet.
ssh: Specifies user type as SSH.
ftp: Specifies user type as ftp.
ftp-directory directory: Specifies the directory of ftp users, directory is a character
string of up to 64 characters.
lan-access: Specifies user type to lan-access, which mainly refers to Ethernet
accessing users, 802.1x supplicants for example.
terminal: Authorizes the user to use the terminal service (login from the Console port).
level level: Specifies the level of Telnet, SSH or terminal users. The argument level is
an integer in the range of 0 to 3 and defaults to 0.
Description
Use the service-type command to configure the log type and the command level can
be accessed after the logon. Use the undo service-type command to cancel the
setting.
Commands are classified into four levels, namely visit level, monitoring level, system
level and management level. They are introduced as follows:
z
Visit level: Commands of this level involve command of network diagnosis tool
(such as ping and tracert), command of switch between different language
environments of user interface (language-mode), and telnet command etc. The
operation of saving configuration file is not allowed on this level of commands.
Monitoring level: Commands of this level, including the display command and the
debugging command, are used for system maintenance, service fault diagnosis,
etc. The operation of saving the configuration file is not allowed on this level of
commands.
System level: Service configuration commands, including routing command and

commands on each network layer, are used to provide direct network service to
the user.
Management level: These are commands that influence the basic operation of the
system and system support module, which plays a supporting role on service.
Commands of this level involve file system commands, FTP commands, TFTP
commands, user management commands, and level setting commands.

1-18

When users log into the switch, the commands they can use depend jointly on the user
level settings and the command level settings on the user interface. If the two types of
settings differ,
z
For the users using AAA/RADIUS/HWTACACS authentication, the commands

they can use are determined by the user level settings. For example, if a use is set
to level 3 and the command level on the VTY 0 user interface is level 1, he or she
can only use the commands of level 3 or lower when logging into the switch from
the VTY 0 user interface.
For the users using RSA public key authentication, the commands they can use
are determined by the command level settings on the user interface.
By default, ping, tracert, and telnet are at visit level (0); display and debugging are at
monitoring level (1); all the configuration commands are at system level (2); and FTP,
TFTP and commands for file system operations are at management level (3).
Example
# Configure the user zbr to use commands at level 0 after logon.
[Quidway] local-user zbr
[Quidway-luser-zbr] service-type telnet level 0
# Quit the system and logs on with username zbr again. Now only the commands at
level 0 are listed on the terminal.
[Quidway] quit
<Quidway> ?
User view commands:
language-mode
Specify the language environment
ping
Send echo messages
quit
Exit from current command view
super
Privilege current user a specified priority level
telnet
Establish one TELNET connection
tracert
Trace route function
undo
Undo a command or set to its default status
1.1.25 set authentication password

Syntax
set authentication password { cipher | simple } password
undo set authentication password
View
User interface view

1-19

Parameter
cipher: Configure to display password in encrypted text.
simple: Configure to display password in plain text.
password: If the authentication is in the simple mode, the password must be in plain
text. If the authentication is in the cipher mode, the password can be either in
encrypted text or in plain text. The result is determined by the input. A plain text
password is a sequential character string of no more than 16 digits, for example,
huawei918. The length of an encrypted password must be 24 digits and in encrypted
text, for example, _(TT8F]Y\5SQ=^Q`MAF4<1!!.
Description
Using set authentication password command, you can configure the password for
local authentication. Using undo set authentication password command, you can
cancel local authentication password.
The password in plain text is required when performing authentication, regardless
whether the configuration is plain text or encrypted text.
Note:
By default, password is required to be set for authenticating the users connecting via
Modem or Telnet. If no password has been set, the following prompt will be displayed
Login password has not been set !
Example
# Configure the local authentication password on VTY 0 to huawei.
[Quidway-ui-vty0] set authentication password simple huawei
1.1.26 shell
Syntax
shell
undo shell
View
User interface view
Parameter
none

1-20

Description
Using shell command, you can enable terminal service of a user interface. Using undo
shell command, you can disable the terminal service of a user interface.
By default, terminal service is enabled.
When using the undo shell command, note the following points.
z
For the sake of security, the undo shell command can only be used on the user
interfaces other than the AUX user interface.
You cannot use this command on the user interface via which you log in.
You will be asked to confirm before executing this command on any legal user
interface.
Example
# Disable terminal service on the vty user interface 0 to 4 after logging in to the Ethernet
switch via user interface 0.
[Quidway] user-interface vty 0 4
[Quidway-ui-vty0-4] undo shell
# The following message will be displayed on the Telnet terminal after logon.
% Disable ui-vty0-4 , are you sure ? [Y/N]
1.1.27 speed
Syntax
speed speed-value
undo speed
View
User interface view
Parameter
speed-value: Specifies the transmission rate on the AUX (Console) port in bit/s, which
can be 300, 600, 1200, 2400, 4800, 9600, 19200, 38400, 57600 or 115200. The default
rate is 9600bit/s.
Description
Using speed command, you can configure the transmission rate on the AUX (Console)
port. Using undo speed command, you can restore the default rate.

1-21

Example
# Configure the transmission speed on the AUX (Console) port as 9600bit/s.
[Quidway-ui-aux0] speed 9600
1.1.28 stopbits
Syntax
stopbits { 1 | 1.5 | 2 }
undo stopbits
View
User interface view
Parameter
1: Sets 1 stop bit.
1.5: Sets 1.5 stop bits.
2: Sets 2 stop bits.
Description
Using stopbits command, you can configure the stop bits on the AUX (Console) port.
Using undo stopbits command, you can restore the default stop bits.
Example
# Configure 2 stop bits on the AUX (Console) port.
[Quidway-ui-aux0] stopbits 2
1.1.29 super
Syntax
super [ level ]
View
User view
Parameter
level: User level, ranging 0 to 3. The default value is 3.

1-22

Description
Using super command, you can enable the user to change to user level from the
current user level. If the user has set the super password [ level level ] { simple |
cipher } password, then user password of the higher level is needed, or the former user
level will not change.
Login users are classified into four levels that correspond to the four command levels
respectively. After users of different levels log in, they can only use commands at the
levels that are equal to or lower than its own level.
For the related commands, see super password, quit.
Example
# change to user level 3 from the current user level.
<Quidway> super 3
Password:
1.1.30 super password

Syntax
super password [ level level ] { simple | cipher } password
undo super password [ level level ]
View
System view
Parameter
level: User level, ranging from 1 to 3. The default value is 3, i.e. do not specify user level.
It means the password to be set is used for entering level 3.
simple: Configure to display password in plain text.
cipher: Configure to display password in encrypted text.
text. If the authentication is in the cipher mode, the password can either be in
encrypted text or in plain text. The result is determined by the input. A plain text
password is a sequential character string of no more than 16 digits, for example,
huawei918. The length of an encrypted password must be 24 digits and in encrypted
text, for example, _(TT8F]Y\5SQ=^Q`MAF4<1!!.
Description
Using super password command, you can configure the password for changing the
user from a lower level to a higher level. In order to prevent unauthorized users from
illegal intrusion, user ID authentication is performed when users switch from a lower
1-23

level to a higher level. For the sake of confidentiality, on the screen the user cannot see
the password that he entered. Only when correct password is input for three times, can
the user switch to the higher level. Otherwise, the original user level will remain
unchanged. Using undo super password command, you can cancel the current
settings.
The password in plain text is required when performing authentication, regardless
whether the configuration is plain text or encrypted text.
Example
# Configure the password to zbr for changing the user from the current level to level 3.
[Quidway] super password level 3 simple zbr
1.1.31 sysname
Syntax
sysname text
undo sysname
View
System view
Parameter
text: Specifies the hostname with a character string, ranging from 1 to 30 characters.
The default name is Quidway.
Description
Using sysname command, you can configure the hostname of the Ethernet switch.
Using undo sysname command, you can restore the default hostname.
Changing the hostname of the Ethernet switch will affect the prompt of command line
interface. For example, if the hostname of the Ethernet switch is Quidway, the prompt in
user view will be <Quidway>.
Example
# Configure the hostname of Ethernet switch to Huawei.
[Quidway] sysname Huawei
[Huawei]
1.1.32 system-view
Syntax
system-view
1-24

View
User view
Parameter
None
Description
Using system-view command, you can enter system view from user view.
For the related commands, see quit, return.
Example
# Enter system view from user view.
<Quidway> system-view
[Quidway]
1.1.33 telnet
Syntax
telnet { hostname | ip-address } [ service-port ]
View
User view
Parameter
hostname: Specifies the host name of the remote switch. It is configured using the ip
host command.
ip-address: Specifies the IP address of the remote switch.
service-port: Designates the TCP port on the remote switch providing Telnet service,
ranging from 0 to 65535.
Description
Using telnet command, you can log in to another switch from the current one via telnet
for remote management. To terminate the Telnet logon, press <Ctrl+K>.
By default, when the service-port is not specified, the default telnet port number is 23.
For the related command, see display tcp status.
Example
# Log in to switch Quidway2 at 129.102.0.1 from the current Quidway1 switch.
<Quidway1> telnet 129.102.0.1

1-25

Trying 129.102.0.1 ...

Press CTRL+K to abort
Connected to 129.102.0.1 ...
*********************************************************
*
*
All rights reserved (1997-2005)

Without the owner's prior written consent,
*
*
*no decompiling or reverse-engineering shall be allowed.*

*********************************************************
<Quidway2>
1.1.34 user-interface
Syntax
user-interface [ type ] first-number [ last-number ]
View
System view
Parameter
type: Specifies the user interface type, which can be aux or vty.
first-number: Specifies the number of the first user interface to be configured.
last-number: Specifies the number of the last user interface to be configured.
Description
Using user-interface command, you can enter single user interface view or multiple
user interface views to configure the corresponding user interfaces.
Example
# Enter user interface view 0 through 5, that is, 1 AUX (Console) port user interface
view and 5 VTY user interface views.
[Quidway] user-interface 0 5
[Quidway-ui0-5]
1.1.35 user privilege level

Syntax
user privilege level level
undo user privilege level
View
User interface view
1-26

Parameter
level: Specifies which level of command a user can use after logon from the specifically
user interface, ranging from 0 to 3.
Description
Using user privilege level command, you can configure which level of command a
user can use after logon from the specifically user interface, so that a user can use all
the available commands at this level. Using undo user privilege level command, you
can restore the default level of command a user can use after logon from the
specifically user interface.
By default, a user can access the commands at Level 3 after logging in through the
AUX user interface, and the commands at Level 0 after logging in through the VTY user
interface.
When users log into the switch, the commands they can use depend jointly on the user
level settings and the command level settings on the user interface. If the two types of
settings differ,
z
For the users using AAA/RADIUS/HWTACACS authentication, the commands

they can use are determined by the user level settings. For example, if a use is set
to level 3 and the command level on the VTY 0 user interface is level 1, he or she
can only use the commands of level 3 or lower when logging into the switch from
the VTY 0 user interface.
For the users using RSA public key authentication, the commands they can use
are determined by the command level settings on the user interface.
By default, ping, tracert, and telnet are at visit level (0); display and debugging are at
monitoring level (1); all the configuration commands are at system level (2); and FTP,
TFTP and commands for file system operations are at management level (3).
Example
# Configure to use commands level 0 after logging in from VTY 0 user interface.
[Quidway-ui-vty0] user privilege level 0
# After you telnet from VTY 0 user interface to the switch, you will view the terminal only
displays commands at level 0.
<Quidway> ?
User view commands:
language-mode
Specify the language environment
ping
Send echo messages
quit
super
Privilege current user a specified priority level
telnet
Establish one TELNET connection
tracert

1-27

undo
Undo a command or set to its default status

1-28
HUAWEI

Command Manual
Port
Command Manual - Port

Table of Contents
Table of Contents
Chapter 1 Ethernet Port Configuration Commands................................................................... 1-1
1.1 Ethernet Port Configuration Commands............................................................................ 1-1
1.1.1 broadcast-suppression............................................................................................ 1-1
1.1.2 copy configuration ................................................................................................... 1-2
1.1.3 description ............................................................................................................... 1-3
1.1.4 display interface ...................................................................................................... 1-3
1.1.5 display port .............................................................................................................. 1-6
1.1.6 display port vlan-vpn ............................................................................................... 1-7
1.1.7 duplex...................................................................................................................... 1-8
1.1.8 flow-control .............................................................................................................. 1-8
1.1.9 interface................................................................................................................... 1-9
1.1.10 loopback-detection control enable ...................................................................... 1-10
1.1.11 loopback-detection enable .................................................................................. 1-11
1.1.12 loopback-detection interval-time ......................................................................... 1-11
1.1.13 loopback-detection per-vlan enable .................................................................... 1-12
1.1.14 jumboframe enable ............................................................................................. 1-13
1.1.15 mdi....................................................................................................................... 1-13
1.1.16 multicast-suppression ......................................................................................... 1-14
1.1.17 port access vlan .................................................................................................. 1-15
1.1.18 port hybrid pvid vlan ............................................................................................ 1-16
1.1.19 port hybrid vlan.................................................................................................... 1-16
1.1.20 port link-type........................................................................................................ 1-17
1.1.21 port trunk permit vlan .......................................................................................... 1-18
1.1.22 port trunk pvid vlan.............................................................................................. 1-19
1.1.23 reset counters interface....................................................................................... 1-19
1.1.24 shutdown ............................................................................................................. 1-20
1.1.25 speed................................................................................................................... 1-21
1.1.26 vlan-vpn enable ................................................................................................... 1-21
Chapter 2 Link Aggregation Configuration Commands............................................................ 2-1
2.1 Link Aggregation Configuration Commands...................................................................... 2-1
2.1.1 debugging link-aggregation error ............................................................................ 2-1
2.1.2 debugging link-aggregation event ........................................................................... 2-1
2.1.3 debugging lacp packet ............................................................................................ 2-2
2.1.4 debugging lacp state ............................................................................................... 2-3
2.1.5 display link-aggregation summary........................................................................... 2-3
2.1.6 display link-aggregation verbose............................................................................. 2-4
2.1.7 display link-aggregation interface............................................................................ 2-5

i

Table of Contents
2.1.8 display lacp system-id ............................................................................................. 2-6

2.1.9 lacp enable .............................................................................................................. 2-7
2.1.10 lacp port-priority..................................................................................................... 2-7
2.1.11 lacp system-priority ............................................................................................... 2-8
2.1.12 link-aggregation..................................................................................................... 2-9
2.1.13 link-aggregation group description ........................................................................ 2-9
2.1.14 link-aggregation group mode .............................................................................. 2-10
2.1.15 port link-aggregation group ................................................................................. 2-10
2.1.16 reset lacp statistics.............................................................................................. 2-11

ii

Chapter 1 Ethernet Port Configuration Commands

1.1 Ethernet Port Configuration Commands
1.1.1 broadcast-suppression
Syntax
broadcast-suppression { ratio | bandwidth bandwidth | pps pps }
undo broadcast-suppression
View
Ethernet port view
Parameter
ratio: Specifies the maximum bandwidth ratio of the broadcast traffic allowed on
Ethernet port, ranging form 1 to 100. By default, the value is 100. The smaller the ratio
is, the smaller the broadcast traffic is permitted.
bandwidth bandwidth: Specifies the maximum bandwidth of the broadcast traffic on
Ethernet port. It ranges from 1 to 100 for 100Mbit/s port, from 1 to 1000 for 1000Mbit/s
port in Mbit/s.
pps pps: Specifies the maximum packets per second of the broadcast traffic.
z
For 100M Ethernet port, ranging from 1 to 148,810 pps.
For 1000M Ethernet port, ranging from 1 to 262,143pps.
Description
Using broadcast-suppression command, you can configure the broadcast traffic size
enabled on current port. Using undo broadcast-suppression command, you can
restore the default broadcast traffic enabled on current port.
By default, all broadcast traffic is allowed to pass through, that is, no broadcast
suppression will be performed.
Once the broadcast traffic exceeds the value set by the user, the system will discard
some broadcast to ensure network service so that the traffic ratio of broadcast is
maintained in a proper range.
The configuration of the suppression mode on the port will overwrite the previously
configured mode.

1-1

Example
# Enable 20% broadcast cast to pass, i.e. 80% broadcast storm suppression is made
on broadcast traffic of port.
[Quidway-Ethernet1/0/1] broadcast-suppression 20
1.1.2 copy configuration

Syntax
copy configuration source { interface-type interface-number | interface-name |
aggregation-group agg-id1 } destination { interface_list [ aggregation-group agg-id ]
| aggregation-group agg-id2 }
View
System view
Parameter
interface_type: Source port type.
interface_num: Source port number.
interface_name: Source port name, in the format of interface_name = interface_type
interface_num. For more information, see the parameter item for the interface
command.
agg-id1: Source aggregation group ID, ranging from 1 to 384. The port with minimum
port number is the source port.
interface_list: Destination port list, interface_list1 = { interface_type interface_num |
interface_name } [ to { interface_type interface_num | interface_name } ] &<1-10>.
&<1-10> indicates that the former parameter can be input 10 times repeatedly at most.
agg-id2: Destination aggregation group ID, ranging from 1 to 384.
Description
Using the copy configuration command, you can copy the configuration of a specific
port to other ports, to ensure consistent configuration.
Example
# Copy the configuration of aggregation group 1 to aggregation group 2.
[Quidway]
copy
configuration
source
aggregation-group
aggregation-group 2

1-2
destination

1.1.3 description
Syntax
description text
undo description
View
Ethernet port view
Parameter
text: Port description character string, with 80 characters at most.
Description
Using description command, you can configure the description character string for
Ethernet port. Using undo description command, you can cancel the port description
character string.
By default, the port description character string is null.
Example
# Configure the description character string of Ethernet port Ethernet1/0/1 as
lanswitch-interface.
[Quidway-Ethernet1/0/1] description lanswitch-interface
1.1.4 display interface

Syntax
display interface [ interface_type | interface_type interface_num | interface_name ]
View
Any view
Parameter
interface_type: Specifies the port type.
interface_num: Specifies the port number.
interface_name: Specifies the port name in the interface_name= interface_type
interface_num format.
For parameter description, refer to the interface command.

1-3

Description
Using display interface command, you can view the configuration information on the
port.
If the port type and number are not specified when displaying the port information, the
information of all the ports will be displayed. If only the port type is specified, all the
information of the ports of this type will be displayed. If both port type and port number
are specified, the information of the designated port will be displayed.
Example
# Display configuration information of Ethernet1/0/1.
<Quidway> display interface ethernet1/0/1
Ethernet1/0/1 current state : UP
IP
Sending
Frames'
Format
is
PKTFMT_ETHNT_2,
Hardware
address
00e0-fc00-0010
The Maximum Transmit Unit is 1500
Media type is twisted pair, loopback not set
Port hardware type is 100_BASE_TX
100Mbps-speed mode, full-duplex mode
Link speed type is autonegotiation, link duplex type is autonegotiation
Flow-control is not enabled
The Maximum Frame Length is 1536
Broadcast MAX-ratio: 100%
Allow jumbo frame to pass
PVID: 1
Mdi type: auto
Port link-type: access
Tagged
VLAN ID : none
Untagged VLAN ID : 1
Last 300 seconds input:
0 packets/sec 0 bytes/sec
Last 300 seconds output:

Input(total):
0 packets/sec 0 bytes/sec
0 packets, 0 bytes
- broadcasts, - multicasts
Input(normal):
0 packets, 0 bytes
0 broadcasts, 0 multicasts
Input:
0 input errors, 0 runts, 0 giants,

0 frame,
0 throttles, 0 CRC
- overruns, - aborts, - ignored, - parity errors
Output(total): 0 packets, 0 bytes

- broadcasts, - multicasts, - pauses
Output(normal): 0 packets, 0 bytes
0 broadcasts, 0 multicasts, 0 pauses
Output: 0 output errors,
- underruns, - buffer failures

1-4
is

- aborts, 0 deferred, 0 collisions, 0 late collisions

- lost carrier, - no carrier
Table 1-1 Output description of the display interface command

Field
Description
Ethernet1/0/1 current state
The current state of Ethernet port (enabled or

disabled)
IP Sending Frames' Format
Ethernet frame format
Hardware address
Port hardware address
Description
Port description character string
The Maximum Transmit Unit
Maximum transmit unit
Media type
Type of media
loopback not set
Port loopback test state
Port hardware type
Port hardware type
100Mbps-speed
full-duplex mode
mode,
Link
speed
type
is
autonegotiation, link duplex type
is autonegotiation
Both the duplex mode and the rate are set to

auto-negotiation. The rate of 100Mbps and the
mode of full-duplex are adopted after
negotiating with its peer
Flow-control is not enabled
Port flow control state
The Maximum Frame Length
Maximum length of the Ethernet frames that

can pass through the port
Broadcast MAX-ratio
Port broadcast storm suppression ratio
Allow jumbo frame to pass
Jumbo frame is allowed to pass through the

port
PVID
Port default VLAN ID
Mdi type
Cable type
Port link-type
Port link type
Tagged VLAN ID
The VLANs with packets tagged
Untagged VLAN ID
The VLANs with packets untagged
Last 300 seconds input:

packets/sec 0 bytes/sec
Last 300 seconds output:

packets/sec 0 bytes/sec
The input/output rate and the passing packet

number on this port in the last 300 seconds

1-5

Field
Description
Input(total): 0 packets, 0 bytes

- broadcasts, - multicasts
Input(normal):
bytes
0 packets, 0
0 broadcasts, 0 multicasts
Input: 0 input errors, 0 runts, 0
giants, 0 throttles, 0 CRC
0 frame,
- overruns, aborts, - ignored, - parity errors
Output(total): 0 packets, 0 bytes
- broadcasts, - multicasts, pauses
The statistics information of input/output

packets and errors on this port. - indicates that
the item doesnt supported by the switch.
Output(normal): 0 packets, 0
bytes
0 broadcasts, 0 multicasts,
0 pauses
Output: 0 output errors,
underruns, - buffer failures
- aborts, 0 deferred, 0
collisions, 0 late collisions
- lost carrier, - no carrier
1.1.5 display port

Syntax
display port { hybrid | trunk }
View
Any view
Parameter
hybrid: Display Hybrid port.
Trunk: Display Trunk port.
Description
Using display port command, you can view the names of the ports that are of Hybrid or
Trunk type, and the corresponding VLANs whose packets are permitted by these ports.
Example
# Display the Hybrid ports in the current system.
<Quidway> display port hybrid

1-6

Interface
VLAN passing
GigabitEthernet3/0/6
Tagged: 100
Untagged: 1, 200
The above information displays that the current system has one Hybrid port
GigabitEthernet3/0/6, the tagged VLAN permitted passing is VLAN 100, the untagged
VLANs permitted passing are VLAN 1 and VLAN 200.
1.1.6 display port vlan-vpn

Syntax
display port vlan-vpn
View
Any view
Parameter
none
Description
Using display port vlan-vpn command, you can view the ports on which VLAN VPN
has been enabled and the VLAN ID of the VLAN VPN.
Example
# Display the related information of the port VLAN VPN feature.
<Quidway> display port vlan-vpn
Ethernet1/0/1
VLAN-VPN status: enabled
VLAN-VPN VLAN: 1
Ethernet1/0/2
VLAN-VPN status: enabled
VLAN-VPN VLAN: 2
Table 1-2 Port VLAN VPN information description

Field
Description
Ethernet1/0/1
The Ethernet port on which VLAN VPN has been enabled.
VLAN-VPN status
VLAN VPN status.
VLAN-VPN VLAN
VLAN ID of the VLAN VPN.

1-7

1.1.7 duplex
Syntax
duplex { auto | full | half }
undo duplex
View
Ethernet port view
Parameter
auto: Port auto-negotiation attribute.
full: Port full-duplex attribute.
half: Port half-duplex attribute.
Description
Using duplex command, you can configure the full-duplex/half-duplex attribute of the
Ethernet port. Using undo duplex command, you can restore the duplex attribute of
the port to default auto-negotiation mode.
By default, the duplex attribute is auto.
For the related command, see speed.
Example
# Configure the Ethernet port Ethernet1/0/1 as auto-negotiation attribute.
[Quidway-Ethernet1/0/1] duplex auto
1.1.8 flow-control
Syntax
flow-control
undo flow-control
View
Ethernet port view
Parameter
none

1-8

Description
Using flow-control command, you can enable flow control feature on the Ethernet port
to avoid discarding data packets due to congestion. Using undo flow-control
command, you can disable flow control feature.
By default, flow control on the Ethernet port is disabled.
Example
# Enable flow control on Ethernet1/0/1.
[Quidway-Ethernet1/0/1] flow-control
1.1.9 interface
Syntax
interface { interface_type interface_num | interface_name }
View
System view
Parameter
interface-type: Specifies the port type. it can be Ethernet or GigabitEthernet or
M-Ethernet.
interface_num: Specifies the port number. The port number can be expressed as
slot-number/subslot-number/port-number. For S6506 and S6506R Ethernet Switches,
slot-number specifies the LPU slot number of the port. For S6506, it ranges from 1 to 6.
For S6506R, it ranges from 2 to 7. subslot-number specifies the sub-slot number of the
port. For the slot without subslot, the subslot-number is fixed as 0. For the slot with
subslot, the subslot-number ranges from 1 to 4, according to how many ports a subslot
provides. port-number specifies the port number on the LPU and ranges from 1 to 8, 24,
or 48 according to how many ports a LPU provides. For S6503 Ethernet Switch, the
LPU slot-number ranges from 1 to 3 and SRPU slot-number ranges from 0 to 3.
Subslot-number takes 0 or ranges from 1 to 4, and the port number ranges from 1 to 8,
24, or 48. M-Ethernet is used to update and maintain. It ranges from 0/0/0.
interface_name: Specifies the port name in the interface_name = interface_type
Description
Using interface command, you can enter the Ethernet port view.
If the user wants to configure the related parameters of the Ethernet port, he must first
use this command to enter the Ethernet port view.

1-9

Example
# Enter the Ethernet1/0/1 port view.
[Quidway] interface ethernet1/0/1
1.1.10 loopback-detection control enable

Syntax
loopback-detection control enable
undo loopback-detection control enable
View
Ethernet port view
Parameter
none
Description
Using loopback-detection control enable command, you can enable loopback
detection control function on a Trunk port or Hybrid port. Using undo
loopback-detection control enable command, you can disable loopback detection
control function on a Trunk port or Hybrid port.
This command sets control over the operating status of the port, when the loopback
detection function is enabled and lookback is found on a Trunk or Hybrid port. When
this function is enabled and loopback is detected on a Trunk or Hybrid port, the system
begins to control the operating status of the port.
When this function is disabled and loopback is found, the system just reports a Trap
message but has no control over the operating status of the Trunk or Hybrid port.
By default, loopback detection controlled function on Trunk or Hybrid port is disabled.
Note that, this command has no effect on Access ports.
Example
# Enable the port loopback detection controlled function.
System View: return to User View with Ctrl+Z.
[Quidway] interface ethernet 1/0/1

[Quidway-Ethernet1/0/1] port link-type trunk
[Quidway-Ethernet1/0/1] loopback-detection control enable
[Quidway-Ethernet1/0/1]

1-10

1.1.11 loopback-detection enable

Syntax
loopback-detection enable
undo loopback-detection enable
View
System view/Ethernet port view
Parameter
none
Description
Using loopback-detection enable command, you can enable the port loopback
detection. If there is a loopback port found, the switch will put it under control. Using
undo loopback-detection enable command, you can disable the port loopback
detection.
The loopback detection of the specified port functions only after port loopback detection
is enabled in system view and Ethernet port view.
By default, port loopback detection is disabled.
For the related command, see display loopback-detection.
Example
# Enable the port loopback detection.
[Quidway] loopback-detection enable

[Quidway-Ethernet1/0/1] loopback-detection enable
1.1.12 loopback-detection interval-time

Syntax
loopback-detection interval-time time
undo loopback-detection interval-time
View
System view

1-11

Parameter
time: Specifies the interval of monitoring external loopback conditions of the port. It
ranges from 5 to 300, measured in seconds. By default, the interval is 30 seconds.
Description
Using loopback-detection interval-time command, you can configure detection
interval
for
the
external
loopback
condition
of
each
port.
Using
undo
loopback-detection interval-time command, you can restore the default interval.

For the related command, see display loopback-detection.
Example
# Configure the detection interval for the external loopback condition of each port to 10
seconds.
[Quidway] loopback-detection interval-time 10

[Quidway]
1.1.13 loopback-detection per-vlan enable

Syntax
loopback-detection per-vlan enable
undo loopback-detection per-vlan enable
View
Ethernet port view
Parameter
none
Description
Using the loopback-detection per-vlan enable command, you can configure that the
system performs loopback detection to all VLANs on Trunk and Hybrid ports. Using the
undo loopback-detection per-vlan enable command, you can configure that the
system only performs loopback detection to the default VLANs on the port.
By default, the system performs loopback detection to the default VLAN on Trunk and
Hybrid ports.

1-12

Example
# Configure the detection interval for the external loopback condition of each port to 10
seconds.

[Quidway-Ethernet1/0/1] loopback-detection per-vlan enable
1.1.14 jumboframe enable

Syntax
jumboframe enable [ jumboframe-value ]
undo jumboframe enable
View
Ethernet port view
Parameter
jumboframe-value: Size of jumbo frame permitted to pass through, in the range of 1536
bytes to 9216 bytes.
Description
Using jumboframe enable command, you can permit jumbo frame to pass through the
current Ethernet port. Using undo jumboframe enable command, you can forbid
jumbo frame to pass through.
By default, the jumbo frame with length between 1518 bytes and 1536 bytes including
are permitted to pass through the Ethernet port.
Example
# Permit the jumbo frame with length between 1518 bytes and 1536 bytes to pass
through GigabitEthernet1/0/1.
[Quidway-GigabitEthernet1/0/1] jumboframe enable
1.1.15 mdi
Syntax
mdi { across | auto | normal }

1-13

undo mdi
View
Ethernet port view
Parameter
across: The network cable type is cross-over cable.
auto: The network cable will be recognized whether it is straight-through cable or
cross-over cable.
normal: The network cable of the port is straight-through cable.
Description
Using mdi command, you can configure the network cable type of the Ethernet ports.
Using undo mdi command, you can restore the default type.
By default, the network cable type will be recognized automatically.
Note that, the settings only take effect on 10/100Base-T and 10/100/1000Base-T ports.
S6500 series Switches only support auto (auto-sensing). If you set some other type,
you will see the prompt Operation not supported!
Example
# Configure the network cable type of Ethernet port Ethernet1/0/1 as auto.
[Quidway-Ethernet1/0/1] mdi auto
1.1.16 multicast-suppression
Syntax
multicast-suppression { ratio | bandwidth { mbps-value | kbps kbps-value } | pps
max-pps }
undo multicast-suppression
View
Ethernet port view
Parameter
ratio: Specifies the maximum wire speed ratio of the multicast traffic allowed on
Ethernet port, ranging form 1 to 100. The step is 1. By default, the value is 100. The
smaller the ratio is, the smaller the multicast traffic is permitted.
mbps-value: Specifies the maximum bandwidth of the broadcast traffic on Ethernet port.
It ranges from 1 to 100 for 100Mbit/s port, from 1 to 1000 for 1000Mbit/s port, from 1 to
10,000 for 10Gbit/s port in Mbps.

1-14

kbps kbps-value: Specifies the maximum bandwidth of the broadcast traffic on

Ethernet port. It ranges from 64 to 1024,000 in Kbps. The step is 64.
max-pps: Specifies the maximum packets per second of the multicast traffic on an
Ethernet port. It ranges from 1 to 148,810 for 100Mbit/s port, from 1 to 1488,100 for
1000Mbit/s port, from 1 to 262,143 for 10Gbit/s port in pps.
Description
Using multicast-suppression command, you can configure the multicast traffic size
enabled on port. Once the multicast traffic exceeds the value set by the user, the
system will discard some multicast to ensure network service so that the traffic ratio of
multicast is maintained in a proper range. Using undo multicast-suppression
command, you can restore the default multicast traffic enabled on port as 100. i.e.,
100% multicast traffic is allowed to pass through.
Note that: Currently, type A LPUs of S6500 series switch (LS81FT48A/
LS81FM24A/LS81FS24A/LS81GB8UA/LS81GT8UA) do not support the configuration
of multicast traffic suppression.
Example
# Enable 20% multicast packets to pass, i.e. 80% multicast storm suppression is made
on multicast traffic of port.

[Quidway-Ethernet1/0/1] multicast-suppression 20
# Specify the maximum packets per second of the multicast traffic on an Ethernet1/0/1
as 1000 pps.
[Quidway-Ethernet1/0/1] multicast-suppression pps 1000
1.1.17 port access vlan

Syntax
port access vlan vlan_id
undo port access vlan
View
Ethernet port view
Parameter
vlan_id: VLAN ID defined in IEEE802.1Q, ranging from 2 to 4094.
1-15

Description
Using port access vlan command, you can join the access port to a specified VLAN.
Using undo port access vlan command, you can cancel the access port from the
VLAN.
The use condition of this command is the VLAN indicated in vlan_id must exist.
Example
# Join Ethernet1/0/1 port to VLAN3 (VLAN3 has existed).
[Quidway-Ethernet1/0/1] port access vlan 3
1.1.18 port hybrid pvid vlan

Syntax
port hybrid pvid vlan vlan_id
undo port hybrid pvid
View
Ethernet port view
Parameter
vlan_id: VLAN ID defined in IEEE802.1Q, ranging from1 to 4094 and the default
vlan_id is 1.
Description
Using port hybrid pvid vlan command, you can configure the default VLAN ID of the
hybrid port. Using undo port hybrid pvid command, you can restore the default VLAN
ID of the hybrid port.
The default VLAN ID of local hybrid port shall be consistent with that of the peer one,
otherwise, the packet cannot be properly transmitted.
For the related command, see port link-type.
Example
# Configure the default VLAN of the hybrid port Ethernet1/0/1 to 100.
[Quidway-Ethernet1/0/1] port hybrid pvid vlan 100
1.1.19 port hybrid vlan

Syntax
port hybrid vlan vlan_id_list { tagged | untagged }
undo port hybrid vlan vlan_id_list
1-16

View
Ethernet port view
Parameter
vlan_id_list: vlan_id_list = [ vlan_id1 [ to vlan_id2 ] ]&<1-10> specifies which VLAN the
hybrid port will be added to. It can be discrete. The vlan_id ranges from 1 to 4094.
&<1-10> indicates that the former parameter can be input 10 times repeatedly at most.
tagged: The packet of specified VLAN will have tag.
untagged: The packet of specified VLAN will not have tag.
Description
Using port hybrid vlan command, you can join the hybrid port to specified existing
VLAN. Using undo port hybrid vlan command, you can cancel the hybrid port from
the specified VLAN.
Hybrid port can belong to multiple VLANs. If the port hybrid vlan vlan_id_list { tagged
| untagged } command is used for many times, the VLANs carried by the hybrid port is
the set of vlan_id_list.
This command can be used on condition that the VLAN specified with vlan_id must
have been existed.
Example
# Join hybrid port Ethernet1/0/1 to VLAN of 2, 4 and 50-100, and these VLAN will have
tags.
[Quidway-Ethernet1/0/1] port hybrid vlan 2 4 50 to 100 tagged
1.1.20 port link-type

Syntax
port link-type { access | hybrid | trunk }
undo port link-type
View
Ethernet port view
Parameter
access: Configure the port as access port.
hybrid: Configure the port as hybrid port.
trunk: Configure the port as trunk port

1-17

Description
Using port link-type command, you can configure the link type of Ethernet port. Using
undo port link-type command, you can restore the port as default status, i.e. access
port.
You can configure three types of ports concurrently on the same switch, but you cannot
switch between trunk port and hybrid port. You must turn it first into access port and
then set it as other type. For example, you cannot configure a trunk port directly as
hybrid port, but first set it as access port and then as hybrid port.
By default, the port is access port.
Example
# Configure Ethernet port Ethernet1/0/1 as trunk port.
1.1.21 port trunk permit vlan

Syntax
port trunk permit vlan { vlan_id_list | all }
undo port trunk permit vlan { vlan_id_list | all }
View
Ethernet port view
Parameter
vlan_id_list: vlan_id_list = [ vlan_id1 [ to vlan_id2 ] ]&<1-10> is the VLAN range joined
by the trunk port. It can be discrete. The vlan_id ranges from 1 to 4094. &<1-10>
indicates that the former parameter can be input 10 times repeatedly at most.
all: Join the trunk port to all VLANs.
Description
Using port trunk permit vlan command, you can join trunk port to specified VLAN.
Using undo port trunk permit vlan command, you can cancel trunk port from
specified VLAN.
Trunk port can belong to multiple VLANs. If the port trunk permit vlan command is
used many times, then the VLAN enabled to pass on trunk port is the set of these
vlan_id_list.
Example
# Join the trunk port Ethernet1/0/1 to VLAN 2, 4 and 50-100.
1-18

[Quidway-Ethernet1/0/1] port trunk permit vlan 2 4 50 to 100

# Cancel the trunk port Ethernet1/0/2 from VLAN 1.
[Quidway-Ethernet1/0/2] undo port trunk permit vlan 1
1.1.22 port trunk pvid vlan

Syntax
port trunk pvid vlan vlan_id
undo port trunk pvid
View
Ethernet port view
Parameter
vlan_id: VLAN ID defined in IEEE802.1Q, ranging from1 to 4094 and the default
vlan_id is 1.
Description
Using port trunk pvid vlan command, you can configure the default VLAN ID of trunk
port. Using undo port trunk pvid command, you can restore the default VLAN ID of
the port.
The default VLAN ID of local trunk port should be consistent with that of the peer one,
otherwise, the packet cannot be properly transmitted.
Example
# Configure the default VLAN of the trunk port Ethernet1/0/1 to 100.
[Quidway-Ethernet1/0/1] port trunk pvid vlan 100
1.1.23 reset counters interface

Syntax
reset counters interface [ interface_type | interface_type interface_num |
interface_name ]
View
User view
Parameter

1-19


interface_name: Specifies the port name in the interface_name= interface_type
For parameter description, refer to the interface command.
Description
Using reset counters interface command, you can reset the statistical information on
the port. and count the related information again on the port for the user.
If the port type and number are not specified when clearing the port information,
information of all ports on the switch will be cleared. If only the port type is specified, all
the information on the ports of this type will be cleared. If both port type and port
number are specified, the information on the designated port will be cleared.
Note that after 802.1X is enabled, the port information cannot be reset.
Example
# Reset statistical information on Ethernet port Ethernet1/0/1.
<Quidway> reset counters interface ethernet1/0/1
1.1.24 shutdown
Syntax
shutdown
undo shutdown
View
Ethernet port view
Parameter
none
Description
Using shutdown command, you can disable the Ethernet port. Using undo shutdown
command, you can enable the Ethernet port.
By default, the Ethernet port is enabled.
Example
# Enable Ethernet port Ethernet1/0/1.
[Quidway-Ethernet1/0/1] undo shutdown

1-20

1.1.25 speed
Syntax
speed { 10 | 100 | 1000 | 10000 | auto }
undo speed
View
Ethernet port view
Parameter
10: The speed on the port is 10Mbps.
auto: The port speed is in peer auto-negotiation status.
Description
Using speed command, you can configure the port speed. Using undo speed
command, you can restore the default speed.
By default, the speed is auto.
For the related command, see duplex.
Example
# Configure Ethernet port Ethernet1/0/1 port speed as 10Mbps.
[Quidway-Ethernet1/0/1] speed 10
1.1.26 vlan-vpn enable

Syntax
vlan-vpn enable
undo vlan-vpn
View
Ethernet port view
Parameter
None

1-21

Description
Using vlan-vpn enable command, you can enable port VLAN VPN. Using undo
vlan-vpn command, you can disable port VLAN VPN.
Note that if anyone of GVRP, GMRP, STP, NTDP and 802.1x has been enabled on a
port, VLAN VPN cannot be enabled on it.
By default, the port VLAN VPN is disabled.
Example
# Enable VLAN VPN on Ethernet1/0/1.
[Quidway-Ethernet1/0/1] vlan-vpn enable

1-22

Chapter 2 Link Aggregation Configuration Commands
Chapter 2 Link Aggregation Configuration

Commands
2.1 Link Aggregation Configuration Commands
2.1.1 debugging link-aggregation error
Syntax
debugging link-aggregation error
undo debugging link-aggregation error
View
User view
Parameter
None
Description
Using debugging link-aggregation error command, you can enable link aggregation
errors debugging. Using undo debugging link-aggregation error command, you can
disable link aggregation errors debugging.
Example
# Enable link aggregation errors debugging.
<Quidway> debugging link-aggregation error
2.1.2 debugging link-aggregation event

Syntax
debugging link-aggregation event
undo debugging link-aggregation event
View
User view
Parameter
None

2-1

Description
Using debugging link-aggregation event command, you can enable link aggregation
events debugging. Using the undo debugging link-aggregation event command,
you can disable link aggregation events debugging.
Example
# Enable link aggregation events debugging.
<Quidway> debugging link-aggregation event
2.1.3 debugging lacp packet

Syntax
debugging lacp packet [ interface { interface-type interface-number | interface-name }
[ to { interface-type interface-num | interface-name } ] ]
undo debugging lacp packet [ interface { interface-type interface-number |
interface-name } [ to { interface-type interface-num | interface-name } ] ]
View
User view
Parameter
interface { interface_type interface_ num | interface_name } [ to { interface_type
interface_ num | interface_name } ]: Specifies ports. You can specify multiple sequential
ports with the to parameter, instead of specifying only one port. interface_name
specifies port name, in the format of interface_name = interface_type interface_num.
interface_type specifies port type and interface_num port number. For more
information, see the parameter item for the interface command.
Description
Using debugging lacp packet command, you can enable LACP packets debugging at
a designated port or ports. Using the undo debugging lacp packet command, you
can disable LACP packets debugging at a designated port or ports.
Example
# Enable LACP packets debugging at Ethernet1/0/1.
<Quidway> debugging lacp packet interface ehternet1/0/1

2-2

2.1.4 debugging lacp state

Syntax
debugging lacp state [ interface { interface-type interface-number | interface-name }
[ to { interface-type interface-num | interface-name } ] ] { { actor-churn | mux |
partner-churn | ptx | rx }* | all }
undo debugging lacp state [ interface { interface-type interface-number |
interface-name } [ to { interface-type interface-num | interface-name } ] ] { { actor-churn
| mux | partner-churn | ptx | rx }* | all }
View
User view
Parameter
actor-churn: Debugging actor-churn state machine.
mux: Debugging MUX state machine.
partner-churn: Debugging partner-churn state machine.
ptx: Debugging PTX state machine.
rx: Debugging RX state machine.
all: Debugging all state machines.
Description
Using debugging lacp state command, you can enable LACP state machines
debugging on a designated port or ports. Using undo debugging lacp state command,
you can disable LACP state machines debugging on a designated port or ports.
Example
# Enable all LACP state machines debugging.
<Quidway> debugging lacp state all
2.1.5 display link-aggregation summary

Syntax
display link-aggregation summary
2-3

View
Any view
Parameter
None
Description
Using display link-aggregation summary command, you can view summary
information of all aggregation groups, including actor system ID, aggregation group ID,
aggregate group type, partner system ID, number of selected ports, number of standby
ports, load sharing type and master port number.
Example
# Display summary information of all aggregation information.
<Quidway> display link-aggregation summary
Aggregation Group Type: D -- Dynamic, S -- Static, M -- Manual
Loadsharing Type: Shar Loadsharing, NonS Non-Loadsharing
Actor ID: 0x8000, 00e0-fcff-ff04
AL
AL
ID
Type
Partner ID
Select Standby Share
Master
Ports Ports
Port
Type
------------------------------------------------------------------1
0x8000,00e0-fcff-ff01 1
NonS
Ethernet4/0/1
10
none
NonS
Ethernet4/0/2
20
0x8000,00e0-fcff-ff01 1
NonS
Ethernet4/0/3
2.1.6 display link-aggregation verbose

Syntax
display link-aggregation verbose [ agg-id ]
View
Any view
Parameter
agg-id: Aggregation group ID, which must be existing ones, in the range of 1 to 384.
Description
Using display link-aggregation verbose command, you can view detailed information
of a designated port, including aggregation group ID, aggregation group type, load
sharing type, aggregation group description and detailed local information (system ID,

2-4

member ports, port state, port priority, LACP state flag, operation key) and detailed
remote information (local port, indexes of remote ports, port priority, LACP state flag,
operation key and system ID, here local and remote are in a relative sense).
Note that since the manual aggregation group cannot get the information of the peer
end, every item of the peer end is displayed as 0, which does not indicate the actual
state of the peer system.
Example
# Display detailed information of aggregation group 1.
<Quidway> display link-aggregation verbose 1
Loadsharing Type: Shar Loadsharing, NonS Non-Loadsharing
Aggregation ID: 20, AggregationType: Static, Loadsharing Type: NonS

Aggregation Descripiton: myagg1
System ID: 0x8000, 00e0-fcff-ff04
Port Status: S -- Selected, T -- sTandby
Local:
Port
Status
Priority Flag
Oper-Key
------------------------------------------------------------------Ethernet4/0/3
32768
0x3d
Remote:
Actor
Partner Priority Flag Oper-Key
SystemID
------------------------------------------------------------------Ethernet4/0/3
32768
0x3d 3
0x8000,00e0-fcff-ff01
2.1.7 display link-aggregation interface

Syntax
display
link-aggregation
interface
interface-type
interface-number
interface-name } [ to { interface-type interface-num | interface-name } ]
View
Any view
Parameter
2-5

Description
Using display link-aggregation interface command, you can view detailed link
aggregation information at a designated port, including aggregation group ID for the
port, port priority, operation key, LACP state flag, partner information (system ID, port
number, port priority, operation key, LACP state flag, LACP packet statistics).
Note that since the manual aggregation group cannot get the information of the peer
end, every item of the peer end is displayed as 0, which does not indicate the actual
state of the peer system.
Example
# Display detailed link aggregation information of manual link aggregation group.
<Quidway> display link-aggregation interface ethernet1/0/1
Ethernet1/0/1:
Attached AggID: 1
Local:
Port-Priority: 32768, Oper key: 1, Flag: 0x00
Remote:
System ID: 0x0, 0000-0000-0000
Port Number: 0, Port-Priority: 0, Oper-key: 0, Flag: 0x00
# Display detailed link aggregation information of static or dynamic link aggregation

group.
<Quidway> display link-aggregation interface ethernet1/0/1
Ethernet1/0/1:
Attached AggID: 20
Local:
Port-Priority: 32768, Oper key: 2, Flag: 0x3d
Remote:
System ID: 0x8000, 000e-84a6-fb00
Port Number: 2, Port-Priority: 32768 , Oper-key: 10, Flag: 0x3d
Received LACP Packets: 8 packet(s), Illegal: 0 packet(s)
Sent LACP Packets: 9 packet(s)
2.1.8 display lacp system-id

Syntax
display lacp system-id
View
Any view

2-6

Parameter
None
Description
Using display lacp system-id command, you can view actor system ID, including
system priority and system MAC address.
For the related command, see link-aggregation.
Example
# Display local system ID.
<Quidway> display lacp system-id
Actor System ID: 0x8000, 00e0-fc00-0100
2.1.9 lacp enable

Syntax
lacp enable
undo lacp enable
View
Ethernet port view
Parameter
None
Description
Using lacp enable command, you can enable LACP. Using lacp enable command,
you can disable LACP.
Example
# Enable LACP at Ethernet1/0/1.
[Quidway-Ethernet1/0/1] lacp enable
2.1.10 lacp port-priority

Syntax
lacp port-priority port-priority-value
undo lacp port-priority

2-7

View
Ethernet port view
Parameter
port-priority-value: Port priority, ranging from 0 to 65535. By default, it is 32768.
Description
Using lacp port-priority command, you can configure port priority value. Using undo
lacp port-priority command, you can restore the default value.
For the related commands, see display link-aggregation verbose and display
link-aggregation interface.
Example
# Set port priority as 64.
[Quidway-Ethernet1/0/1] lacp port-priority 64
2.1.11 lacp system-priority

Syntax
lacp system-priority system-priority-value
undo lacp system-priority
View
System view
Parameter
system-priority-value: System priority, ranging from 0 to 65535. By default, it is 32768.
Description
Using lacp system-priority command, you can configure system priority value. Using
undo lacp system-priority command, you can restore the default value.
For the related command, see display lacp system-id.
Example
# Set system priority as 64.
[Quidway] lacp system-priority 64

2-8

2.1.12 link-aggregation
Syntax
link-aggregation interface_name1 to interface_name2 [ both ]
View
System view
Parameter
interface_name1: Starting range value of Ethernet port joined the Ethernet link
aggregation.
interface_name2: Last range value of Ethernet port joined the Ethernet link
aggregation.
both: Specifies that each member port in the link group performs load sharing for
incoming and outgoing traffic.
Description
Use the link-aggregation command to set a group of ports to be link group with an
auto assigned group number. You can use the ink-aggregation group mode and port
link-aggregation group commands to accomplish this task.
By default, load sharing is carried out:
z
Based on IP addresses for IP packets.
Based on MAC addresses for non-IP packets.
Example
# Add the ports Ethernet1/0/1 through Ethernet1/0/4 to the link group and specify them
to perform load sharing for incoming and outgoing traffic.
[Quidway] link-aggregation ethernet1/0/1 to ethernet1/0/4 both
2.1.13 link-aggregation group description

Syntax
link-aggregation group agg-id description alname
undo link-aggregation group agg-id description
View
System view
Parameter
agg-id: Aggregation group ID, in the range of 1 to 384.

2-9

alname: Aggregation group name, character string with 1 to 32 characters.
Description
Using link-aggregation group agg-id description command, you can configure
descriptor for an aggregation group. Using undo link-aggregation group agg-id
description command, you can delete aggregation group descriptor.
For the related command, see display link-aggregation verbose.
Example
# Configure myal1 as the descriptor of aggregation group 22.
[Quidway] link-aggregation group 22 description myal1
2.1.14 link-aggregation group mode

Syntax
link-aggregation group agg-id mode { manual | static }
undo link-aggregation group agg-id
View
System view
Parameter
manual: Manual aggregation group.
static: Static aggregation group.
Description
Using link-aggregation group agg-id mode command, you can create a manual or
static aggregation group. Using undo link-aggregation group command, you can
delete an aggregation group.
For the related command, see display link-aggregation summary.
Example
# Create manual aggregation group 22.
[Quidway] link-aggregation group 22 mode manual
2.1.15 port link-aggregation group

Syntax
port link-aggregation group agg-id

2-10

undo port link-aggregation group
View
Ethernet port view
Parameter
Description
Using port link-aggregation group command, you can add an Ethernet port into a
manual or static aggregation group. Using undo port link-aggregation group
command, you can delete an Ethernet port from a manual or static aggregation group.
For the related command, see display link-aggregation verbose.
Example
# Add Ethernet1/0/1 into aggregation group 22.
[Quidway-Ethernet1/0/1] port link-aggregation group 22
2.1.16 reset lacp statistics

Syntax
reset lacp statistics [ interface { interface-type interface-number | interface-name }
[ to { interface-type interface-num | interface-name } ] ]
View
User view
Parameter
Description
Using reset lacp statistics command, you can clear LACP statistics at a designated
port. If no port is specified, then LACP statistics at all ports shall be cleared.
For the related command, see display link-aggregation interface.

2-11

Example
# Clear LACP statistics at all Ethernet ports.
<Quidway> reset lacp statistics

2-12
HUAWEI

Command Manual
VLAN
Command Manual - VLAN

Table of Contents
Table of Contents
Chapter 1 VLAN Configuration Commands................................................................................ 1-1
1.1 VLAN Common Configuration Commands........................................................................ 1-1
1.1.1 broadcast-suppression............................................................................................ 1-1
1.1.2 description ............................................................................................................... 1-2
1.1.3 display interface vlan-interface................................................................................ 1-3
1.1.4 display vlan.............................................................................................................. 1-3
1.1.5 interface vlan-interface............................................................................................ 1-4
1.1.6 name ....................................................................................................................... 1-5
1.1.7 shutdown ................................................................................................................. 1-5
1.1.8 vlan.......................................................................................................................... 1-6
1.2 Port-Based VLAN Configuration Commands .................................................................... 1-7
1.2.1 port .......................................................................................................................... 1-7
1.3 Protocol-Based VLAN Configuration Commands.............................................................. 1-8
1.3.1 display protocol-vlan interface................................................................................. 1-8
1.3.2 display protocol-vlan vlan........................................................................................ 1-9
1.3.3 port hybrid protocol-vlan vlan .................................................................................. 1-9
1.3.4 protocol-vlan vlan slot ........................................................................................... 1-10
1.3.5 protocol-vlan.......................................................................................................... 1-12
Chapter 2 GARP/GVRP Configuration Commands.................................................................... 2-1
2.1 GARP Configuration Commands....................................................................................... 2-1
2.1.1 display garp statistics .............................................................................................. 2-1
2.1.2 display garp timer .................................................................................................... 2-2
2.1.3 garp timer ................................................................................................................ 2-2
2.1.4 garp timer leaveall ................................................................................................... 2-4
2.1.5 reset garp statistics ................................................................................................. 2-4
2.2 GVRP Configuration Command......................................................................................... 2-5
2.2.1 display gvrp statistics .............................................................................................. 2-5
2.2.2 display gvrp status .................................................................................................. 2-6
2.2.3 gvrp ......................................................................................................................... 2-6
2.2.4 gvrp registration....................................................................................................... 2-7
Chapter 3 Super VLAN Configuration Commands .................................................................... 3-1
3.1 Super VLAN Configuration Commands............................................................................. 3-1
3.1.1 display supervlan..................................................................................................... 3-1
3.1.2 subvlan .................................................................................................................... 3-3
3.1.3 supervlan................................................................................................................. 3-3

i

Chapter 1 VLAN Configuration Commands

1.1 VLAN Common Configuration Commands
1.1.1 broadcast-suppression
Syntax
broadcast-suppression { ratio | pps pps }
undo broadcast-suppression
View
VLAN view
Parameter
ratio: Specifies the maximum bandwidth ratio of the broadcast traffic allowed on VLAN,
ranging form 0 to 100. By default, the value is 100. The smaller the ratio is, the smaller
the broadcast traffic is permitted.
pps pps: Specifies the maximum packets per second of the broadcast traffic on VLAN,
ranging from 1 to 148,800 pps.
Description
Using broadcast-suppression command, you can configure the broadcast traffic size
enabled on current VLAN. Using undo broadcast-suppression command, you can
restore the default broadcast traffic enabled on current VLAN.
By default, all broadcast traffic is allowed to pass through, that is, no broadcast
suppression will be performed.
Once the broadcast traffic exceeds the value set by the user, the system will discard
some broadcast to ensure network service so that the traffic ratio of broadcast is
maintained in a proper range.
The broadcast suppression modes supported by the LPUs of S6500 series are related
to the LPU type. The relationship is as the following table.

1-1

Table 1-1 Relationship Between Broadcast Suppression Mode and LPU Type
Broadcast Suppression
Mode
Type A LPU (LS81FT48A/

LS81FM24A/LS81FS24A/LS8
1GB8UA/LS81GT8UA)
LPUs excluding the

type A LPUs
VLAN pps Suppression

Mode
Supported
Unsupported
VLAN Bandwidth Radio

Suppression Mode
Supported
Unsupported
The configuration of the suppression mode on the VLAN will overwrite the previously
configured mode.
Example
# Set the broadcast suppression ratio for the current VLAN1 to 50%.
[Quidway-vlan1] broadcast-suppression 50
1.1.2 description
Syntax
description { string | text }
undo description
View
VLAN view, VLAN interface view
Parameter
string: Description character string of current VLAN. It ranges from 1 to 32 characters.
The default description character string of current VLAN is VLAN ID of the VLAN, e.g.
VLAN 0001.
text: Description character text of current VLAN interface. It ranges from 1 to 80
characters. The default description character string of VLAN interface is the interface
name, e.g. Vlan-interface1 Interface.
Description
Using description command, you can configure a description for the current VLAN or
VLAN interface. Using undo description command, you can restore the default
description of current VLAN or VLAN interface.
For the related command, see display vlan, display interface vlan-interface.
Example
# Specify a description character string RESEARCH for current VLAN.
1-2

[Quidway-vlan1] description RESEARCH
1.1.3 display interface vlan-interface

Syntax
display interface vlan-interface [ vlan-id ]
View
Any view
Parameter
vlan-id: ID of VLAN interface, ranging from 1 to 4094.
Description
Using display interface vlan-interface command, you can view the related
information about specified or all VLAN interfaces such as physical status and link
status of VLAN interface, Ethernet frame format, MAC address, IP address and sub-net
mask, description character string and MTU, etc.
With vlan-id specified, only the information about the specified VLAN interface will be
displayed. If no vlan-id is specified, the information about all the existing VLAN
interfaces will be displayed.
For the related command, see interface vlan-interface.
Example
# Display related information about VLAN-interface 1.
<Quidway> display interface vlan-interface 1
Vlan-interface1 current state : DOWN
Line protocol current state : DOWN
IP
Sending
Frames'
Format
is
PKTFMT_ETHNT_2,
Hardware
00e0-fc07-4101
Internet Address is 10.1.1.1/24 Primary
Description : HUAWEI, Quidway Series, Vlan-interface1 Interface
The Maximum Transmit Unit is 1500
1.1.4 display vlan

Syntax
display vlan [ vlan-id [ to vlan-id ] | all | static | dynamic ]
View
Any view

1-3
address
is

Parameter
vlan-id: Display information of specified VLAN.
all: Display information of all VLANs.
static: Display information of VLAN created statically by the system.
dynamic: Display information of VLAN created dynamically by the system.
Description
Using display vlan command, you can view related information about the specified or
all VLANs.
If vlan-id or all is specified, information of specified VLAN or all VLANs is displayed. It
includes: VLAN ID, VLAN type, whether the routing function has been enable on this
VLAN (i.e. whether the route interface exists. If it exists, display primary IP address and
mask), VLAN description, the broadcast suppression ratio, and the ports VLAN
contains.
If parameter is not specified, information of the VLAN that has been created is
displayed. If the parameter dynamic or static is selected, information of VLAN created
dynamically or statically by the system is displayed.
For the related command, see vlan.
Example
# Display the information about VLAN1.
[Quidway] display vlan 1
VLAN ID: 1
VLAN Type: static
Route interface: not configured
Description: VLAN 0001
Name: hello
Tagged
Ports: none
Untagged Ports:
Ethernet1/0/1
Ethernet1/0/2
Ethernet1/0/3
1.1.5 interface vlan-interface

Syntax
interface vlan-interface vlan-id
undo interface vlan-interface vlan-id
View
System view
1-4

Parameter
vlan-id: ID of VLAN interface, ranging from 1 to 4094.
Description
Using interface vlan-interface command, you can configure VLAN interface or enter
VLAN interface view. Using undo interface vlan-interface command, you can cancel
one VLAN interface.
For the related command, see display interface vlan-interface.
Example
# Enter VLAN-interface 1 view of VLAN interface.
[Quidway] interface vlan-interface 1
1.1.6 name
Syntax
name string
undo name
View
VLAN view
Parameter
string: The name of the current VLAN, which consists of 1 to 32 characters. By default,
it is the VLAN ID of the current VLAN, e.g. VLAN 0001.
Description
Using name command, you can name the current VLAN. Using undo name command,
you can restore the default name of the current VLAN.
By default, the name is the VLAN ID of the current VLAN.
Example
# Name the VLAN1 hello.
[Quidway-vlan1] name hello
1.1.7 shutdown
Syntax
shutdown
undo shutdown

1-5

View
VLAN interface view
Parameter
none
Description
Using shutdown command, you can disable the VLAN interface. Using undo
shutdown command, you can enable the VLAN interface.
By default, when all Ethernet ports are in DOWN status in VLAN interface, the VLAN
interface is in DOWN status, i.e. disabled status. When there is one or more Ethernet
ports in VLAN interface are in UP status, the VLAN interface is UP.
This command can be used to start interface after the related parameters and protocols
of VLAN interface are set well. Or when the VLAN interface fails, the interface can be
shut down first and then restarted, in this way, the interface may be restored to normal
status. Shutting down or starting VLAN interface will not take any effect on any Ethernet
port of this VLAN.
Example
# Restart interface after shutting down the interface.
[Quidway-Vlan-interface1] shutdown
[Quidway-Vlan-interface1] undo shutdown
1.1.8 vlan
Syntax
vlan vlan-id
undo vlan { vlan-id [ to vlan-id ] | all }
View
System view
Parameter
vlan-id: Specifies the ID of a VLAN to be created and/or entered, ranging from 1 to
4094.
all: Delete all VLANs.
Description
Using vlan command, you can enter VLAN view. If the specified VLAN is not created,
create it first. Using undo vlan command, you can cancel the specified VLAN.

1-6

VLAN 1 is default VLAN and cannot be deleted.

For the related commands, see display vlan.
Example
# Enter the view of VLAN 1.
[Quidway] vlan 1
1.2 Port-Based VLAN Configuration Commands

1.2.1 port
Syntax
port interface-list
undo port interface-list
View
VLAN view
Parameter
interface-list: list of Ethernet ports to be added to or deleted from a certain VLAN,
expressed as interface-list= { { interface_type interface_num | interface_name } [ to
{ interface_type interface_num | interface_name } ] }&<1-10>. interface_type is
interface type, interface_numis interface number and interface_name is interface name.
For their meanings and value range, read Parameter of Port in this document. The
interface number after keyword to must be larger than or equal to the port number
before to. &<1-10>: Representing the repeatable times of parameters, 1 is the minimal
and 10 is the maximal.
Description
Using port command, you can add one port or one group of ports to VLAN. Using undo
port command, you can cancel one port or one group of ports from VLAN.
Note that you can add/delete trunk port and hybrid port to/from VLAN by port trunk
permit vlan, undo port trunk permit vlan, port hybrid vlan, undo port hybrid vlan
commands in Ethernet port view, but not in VLAN view.
For the related command, see display vlan.
Example
# Add Ethernet1/0/1 through Ethernet1/0/3 to VLAN 2.
[Quidway-vlan2] port ethernet1/0/1 to ethernet1/0/3

1-7

1.3 Protocol-Based VLAN Configuration Commands

1.3.1 display protocol-vlan interface
Syntax
display protocol-vlan interface { { interface-type interface-number | interface-name }
[ to { interface-type interface-num | interface-name } ] | all }
View
Any view
Parameter
{ interface_type interface_num | interface_name } [ to { interface_type interface_num |
interface_name } ]: Specifies ports. You can specify multiple sequential ports with the to
parameter, instead of specifying only one port. interface_name specifies port name, in
the format of interface_name = interface_type interface_num. interface_type specifies
port type and interface_num port number.
all: Displays the protocol information of all ports.
Description
Using the display protocol-vlan interface command, you can view the protocol
information and protocol index configured on the specific port, to which you can refer
when you use the protocol-based VLAN and add/delete a protocol.
For the related commands, see display interface.
Example
# Display the protocol information and protocol index configured on Ethernet1/0/1 and
Ethernet1/0/2.
[Quidway] display protocol-vlan interface ethernet1/0/1 to ethernet1/0/2
Interface: Ethernet1/0/1
VLAN ID
Protocol-Index
Protocol-type
50
ip 192.168.10.1 255.255.255.0
80
ip 101.120.34.0 255.255.0.0
100
ip 104.232.43.0 255.255.255.0
100
ipx ethernetii
Interface: Ethernet1/0/2
VLAN ID
Protocol-Index
Protocol-type
50
ipx raw
80
at
100
mode snap etype 0x0abc
100
mode llc dsap 0xac ssap 0xbd

1-8

1.3.2 display protocol-vlan vlan

Syntax
display protocol-vlan vlan { vlan-id [ to vlan-id ] | all }
View
Any view
Parameter
vlan-id: Displays the protocol information of the specific VLAN, ranging from 1 to 4094.
all: Displays the protocol information of all VLANs.
Description
Using the display protocol-vlan vlan command, you can view the protocol
information and protocol index configured on a VLAN, to which you can refer when you
use the protocol-based VLAN and add/delete a protocol.
For the related commands, see display vlan.
Example
# Display the protocol information and protocol index configured on the VLANs from
VLAN10 to VLAN20
[Quidway] display protocol-vlan vlan 10 to 20
VLAN ID: 10
VLAN Type: Protocol-based VLAN
Protocol-Index
Protocol-Type
IP
101.120.34.0/24
IP
104.232.43.0/24
IPX
AT
ETH II
VLAN ID: 15
VLAN Type: Protocol-based VLAN
Protocol-Index
Protocol-Type
ip 192.168.10.1 255.255.255.0
mode snap etype 0x0abc
..
1.3.3 port hybrid protocol-vlan vlan

Syntax
port hybrid protocol-vlan vlan vlan-id { protocol-index [ to protocol-end ] | all }
undo port hybrid protocol-vlan vlan vlan-id { protocol-index [ to protocol-end ] | all }
1-9

View
Ethernet port view
Parameter
vlan-id: ID of the VLAN which a protocol is added to or deleted from.
protocol-index: Value of the protocol index, ranging from 0 to 6. It must be smaller than
protocol-end.
protocol-end: End value of the protocol index, ranging form 0 to 6.
all: All protocols.
Description
Using the port hybrid protocol-vlan vlan command, you can associate a
protocol-based VLAN with the specified port. Using the undo port hybrid
protocol-vlan vlan command, you can delete the association between the port and the
protocol-based VLAN.
Note that only the Hybrid port supports this feature at present. The port must belong to
the VLAN before you associate it with the protocol-based VLAN. Otherwise, it cannot
be associated with the VLAN.
For the related commands, see display protocol-vlan interface.
Example
# Associate Ethernet1/0/1 with protocols 0 to 6 in VLAN 3
[Quidway-Ethernet1/0/1] port hybrid protocol-vlan vlan 3 0 to 6
1.3.4 protocol-vlan vlan slot

Syntax
protocol-vlan vlan vlan-id { protocol-index [ to protocol-end ] | all } slot slot-num
undo protocol-vlan vlan vlan-id { protocol-index [ to protocol-end ] | all } slot slot-num
View
system view
Parameter
vlan-id: ID of the VLAN which a protocol is added to or deleted from.
protocol-index: Value of the protocol index, ranging from 0 to 6. It must be smaller than
protocol-end.
protocol-end: End value of the protocol index, ranging form 0 to 6.
all: All protocols.

1-10

slot-num: The slot number of the card.
Description
Using theprotocol-vlan vlan slot command, you can associate a protocol-based
VLAN with the specified card in system view. Using the undo protocol-vlan vlan slot
command, you can delete the association between the card and the protocol-based
VLAN.
Note that you must add the card port where the protocol is to be applied to the
protocol-based VLAN. Currently, only the cards (include LPU and SRPU) except A type
ones support the command.
For the relationship between the card and the command ,see Table 1-2.
Table 1-2 The relationship between the card and the command
Command description
A type card
Card except A type one
Create the association between a

card
and
a
specific
protocol-based VLAN in system
view
not support
support ( only to all IP protocol

and subnet IP protocol)
Create the association between

an port and a protocol-based
VLAN in Ethernet port view
support
support ( not include all IP

protocol and subnet IP
protocol)
Note:
z
A type card includes LS81FT48A, LS81FM24A, LS81FS24A, LS81GB8UA,

LS81GT8UA, iSalience I, Salience I and Salience II cards.
The cards except A type ones do not include LS81VSNP, LS81PT8GA and
LS81PT4GA.
For the related commands, see port hybrid protocol-vlan vlan, display
protocol-vlan interface.
Example
# Associate slot 5 with protocols 0 to 6 in VLAN 3
[Quidway] protocol-vlan vlan 3 0 to 6 slot 5

1-11

1.3.5 protocol-vlan
Syntax
protocol-vlan [ procotol-index ] { at | ip [ ip_address [ net_mask ] ] | ipx { ethernetii |
llc | raw | snap } | mode { ethernetii [ etype etype_id ] | llc [ dsap dsap_id [ ssap
ssap_id ] | ssap ssap_id ] | snap [ etype etype_id ] } }
undo protocol-vlan { protocol-index [ to protocol-end ] | all }
View
VLAN view
Parameter
at: AT(Apple Talk) protocol based VLAN.
ip [ ip_address [ net_mask ] ]: IP protocol based VLAN. net_mask is the IP address
mask; if not specified, it defaults to 255.255.255.0.
ipx { ethernetii | llc | raw I snap }: IPX protocol based VLAN. ethernetii | llc | raw I
snap are four encapsulation types of the IPX.
mode: Specify other protocol types and encapsulation format.
ethernetii [ etype etype_id ]: EthernetII protocol based VLAN. etype_id is the Ethernet
type of the incoming packet, ranging from 600 to FFFF.
llc [ dsap dsap_id [ ssap ssap_id ] | ssap ssap_id ]: Logical link control protocol based
VLAN. dsap_id is the destination service access point, ranging from 0 to FF. ssap_id is
source service access point, ranging from 0 to FF.
snap [ etype etype_id ]: SNAP (Sub-Network Access Protocol) based protocol.
etype_id is the Ethernet type of the incoming packet, ranging from 600 to FFFF.
Caution:
Consider the following when you are configuring the parameter mode llc dsap dsap_id
ssap ssap_id:
z
When the dsap_id and ssap_id are set to ff, the encapsulaiton format of packets is
the same as that of the command with ipx raw, thus, the system matches the
command with ipx raw first. If no matching is found, the system stops matching.
Therefore, the command with mode llc dsap ff ssap ff takes no effect.
When the dsap_id and ssap_id are set to aa, the encapsulation format of the
packets is snap instead of IIc.

1-12

protocol-index: Protocol index value, ranging from 0 to 6. If not specified, it is

automatically allocated by the system.
protocol-end: Protocol index end value, ranging from 0 to 6, and must be greater than
the value of protocol-index.
all: All protocol indexes.
Description
Using the protocol-vlan command, you can configure a certain protocol type for the
specified VLAN. Using the undo protocol-vlan command, you can cancel this
configuration.
Note that the format of mode llc dsap ff ssap ff is the same as that of ipx raw, and the
system first matches ipx raw, so the configuration of vlan-type protocol mode llc
dsap ff ssap ff does not function.
For the related commands, see display protocol-vlan vlan.
Example
# Specify VLAN 3 to be based on IP protocol.
[Quidway-vlan3] protocol-vlan ip
# Specify VLAN 5 to be based on the 123.34.56.0 network segment.
[Quidway-vlan5] protocol-vlan ip 123.34.56.0

1-13

Chapter 2 GARP/GVRP Configuration Commands

2.1 GARP Configuration Commands
2.1.1 display garp statistics
Syntax
display garp statistics [ interface interface-list ]
View
Any view
Parameter
interface-list: List of Ethernet port to be displayed, expressed as interface -list =
{ { interface_type interface_num | interface_name } [ to { interface_type interface_num
| interface_name } ] }&<1-10>. interface_type is interface type, interface_numis
interface number and interface_name is interface name. For their meanings and value
range, read command parameters description of Port in this document.
&<1-10>: Representing the repeatable times of parameters, 1 is the minimal and 10 is
the maximal.
Description
Using display garp statistics command, you can view the GARP statistics information,
including the number of received/sent packet and the number of discarded packet by
GVRP/GMRP etc.
Example
# Display the GARP statistics information on Ethernet port Ethernet1/0/1.
<Quidway> display garp statistics interface ethernet1/0/1
GARP statistics on port Ethernet1/0/1
Number Of GMRP Frames Received
: 0
Number Of GVRP Frames Received
: 0
Number Of GMRP Frames Transmitted
: 0
Number Of GVRP Frames Transmitted
: 0
Number Of Frames Discarded
: 0
The above information indicates that the numbers of GVRP/GMRP packets

received/sent and discarded on Ethernet1/0/1 are 0.

2-1

2.1.2 display garp timer

Syntax
display garp timer [ interface interface-list ]
View
Any view
Parameter
| interface_name } ] }&<1-10>.
interface_type is interface type, interface_numis
the maximal.
Description
Using display garp timer command, you can view the value of GARP timer, including
Hold timer, Join timer, Leave timer and LeaveAll timer.
For the related command, see garp timer, garp timer leaveall.
Example
# Show GARP timer on Ethernet1/0/1.
<Quidway> display garp timer interface ethernet1/0/1
GARP timers on port Ethernet1/0/1
GARP JoinTime
: 20 centiseconds
GARP Leave Time
: 60 centiseconds
GARP LeaveAll Time

GARP Hold Time
: 1000 centiseconds
: 10 centiseconds
2.1.3 garp timer

Syntax
garp timer { hold | join | leave } timer_value
undo garp timer { hold | join | leave }
View
Ethernet port view

2-2

Parameter
hold: GARP Hold timer. After received certain registration information, the GARP
application entity will not send Join Message at once, instead, it starts the Hold timer.
All the registration information received within duration of the Hold timer will be
transmitted in the same frame after the Hold timer times out, thereby saving the
bandwidth resource.
join: GARP Join timer. GARP application entity will send out Join message after the
Join timer goes timeout to make other GARP application entity register its own
information.
leave: GARP Leave timer . When a GARP application entity wants to deregister certain
attribute information, it sends Leave message. The GARP application entity received
the message will starts Leave timer. If the entity receives no Join message before the
timer goes timeout, it will deregister the attribute information.
timer_value: Value of GARP hold timer, join timer and leave timer in centisecond. The
step is 5 centiseconds. The range is according to the following rule:
z
the value of Join timer should be no less than the doubled value of Hold timer,
the value of Leave timer should be greater than the doubled value of Join timer
and smaller than the Leaveall timer value,
the minimal value of Join timer is 10 centiseconds.
By default, Hold timer is 10 centiseconds, Join timer is 20 centiseconds, Leave

timer is 60 centiseconds.
Description
Using garp timer command, you can configure GARP timer value. Using undo garp
timer command, you can restore the default value of GARP timer.
Value range of each timer changes with value range of another timer. If the value of the
timer you want to set is out of the current range, you can change the related timer value.
z
The lower limit of the Hold timer value is 10 centiseconds, and the upper limit can
be changed by changing the value of the Join timer;
The lower limit of the Join timer changes with the Hold timer value, and the upper
limit can be changed by changing the value of the Leave timer;
The lower limit of the Leave timer changes with the Join timer value, and the upper
limit can be changed by changing the value of the LeaveAll timer;
The lower limit of the LeaveAll timer changes with the Leave timer value, and the
upper limit is 32765 centiseconds.
For the related command, see display garp timer.
Example
# Set Join timer of GARP as 300ms.
[Quidway-Ethernet1/0/1] garp timer join 30
2-3

2.1.4 garp timer leaveall

Syntax
garp timer leaveall timer_value
undo garp timer leaveall
View
System view
Parameter
timer_value: Value of GARP leaveall timer in centisecond, ranging from 65 to 32765.
The step is 5 centiseconds. The value of Leaveall timer should be greater than the
value of Leave timer. By default, the value of LeaveAll timer is 1000 centiseconds, i.e.
10s.
Description
Using garp timer leaveall command, you can configure GARP leaveall timer. Using
undo garp timer leaveall command, you can restore the default value.
After every GARP application entity is started, the LeaveAll timer will be started
simultaneously. The GARP application entity will send LeaveAll message after the timer
times out to make other application entities re-register all attribute information on
themselves. Then, the LeaveAll timer is started and the new cycle begins.
For the related command, see display garp timer.
Example
# Set GARP LeaveAll timer as 1s.
[Quidway] garp timer leaveall 100
2.1.5 reset garp statistics

Syntax
reset garp statistics [ interface interface-list ]
View
User view
Parameter
interface-list: Specifies a list of Ethernet ports, on which the GARP statistics information
will be cleared, expressed as interface-list = { { interface_type interface_num |
interface_name } [ to { interface_type interface_num | interface_name } ] }&<1-10>.
interface_type is interface type, interface_num is interface number and interface_name
2-4

is interface name. For their meanings and value range, read Parameter Description of
Port in this document.
the maximal.
Description
Using reset garp statistics command, you can reset the GARP statistics information
(such as the received/sent packets or discarded packets by GVRP/GMRP). If the
command has no parameter, it will clear the GARP statistics information of all the ports.
For the related command, see display garp statistics.
Example
# Clear GARP statistics information.
<Quidway> reset garp statistics
2.2 GVRP Configuration Command

2.2.1 display gvrp statistics
Syntax
display gvrp statistics [ interface interface-list ]
View
Any view
Parameter
| interface_name } ] }&<1-10>. interface_type is interface type, interface_num is
the maximal.
Description
Using display gvrp statistics command, you can view the GVRP statistics information
of all the Trunk ports, including the list of ports enabled with GVRP, GVRP status
information, failed GVRP registration entries and the last GVRP data unit origin etc.
Example
# Display the GVRP statistics information about Ethernet1/0/1.

2-5

<Quidway> display gvrp statistics interface ethernet1/0/1

GVRP statistics on port Ethernet1/0/1
GVRP Status
: Enabled
GVRP Failed Registrations
: 0
GVRP Last Pdu Origin
: 0000-0000-0000
GVRP Registration Type
: Normal
2.2.2 display gvrp status

Syntax
display gvrp status
View
Any view
Parameter
none
Description
Using display gvrp status command, you can view the global status information about
GVRP.
Example
# Display the global status information about GVRP.
<Quidway> display gvrp status
GVRP is enabled
2.2.3 gvrp
Syntax
gvrp
undo gvrp
View
Parameter
none

2-6

Description
Using gvrp command, you can enable GVRP. Using undo gvrp command, you can
restore the GVRP to default mode, i.e. disable GVRP.
By default, GVRP is disabled.
This command can be used to enable/disable global GVRP in System view or
enable/disable port GVRP in Ethernet port view.
Before enabling port GVRP, the user must enable global GVRP first and port GVRP
must be enabled/disabled on Trunk port.
For the related commands, see display gvrp status.
Example
# Enable global GVRP.
[Quidway] gvrp
2.2.4 gvrp registration

Syntax
gvrp registration { fixed | forbidden | normal }
undo gvrp registration
View
Ethernet port view
Parameter
fixed: Enable to create or register VLAN on the port manually and disable to register or
deregister VLAN dynamically.
forbidden: Deregisters all VLANs except VLAN 1 and disables to create or register any
other VLAN on the port.
normal: Enable to create, register and deregister VLAN on the port manually or
dynamically.
Description
Using gvrp registration command, you can configure GVRP registration type. Using
undo gvrp registration command, you can restore the default type.
By default, the registration type is normal.
This command can be only used on Trunk port.
For the related commands, see display gvrp statistics.

2-7

Example
# Set the GVRP registration type of Ethernet1/0/1 as fixed.
[Quidway-Ethernet1/0/1] gvrp registration fixed

2-8

Chapter 3 Super VLAN Configuration Commands
Note:
Only Salience III series engine supports this feature.
3.1 Super VLAN Configuration Commands

3.1.1 display supervlan
Syntax
display supervlan [ supervlan-id ]
View
Any view
Parameter
supervlan-id: ID of Super VLAN, range from 1 to 4094.
Description
Using display supervlan command, you can view the mapping relationship between
Super VLAN and Sub VLAN, and the ports identified mapping relationship super VLAN
and sub VLAN.
For the related commands, see supervlan, subvlan.
Example
# view the mapping relationship between Super VLAN and Sub VLAN.
[Quidway] display supervlan 2
Supervlan ID :
ARP proxy:
Subvlan ID :
enabled
3-5
VLAN ID: 2
VLAN Type: static
It is a Super VLAN.
ARP proxy enabled.

3-1

Route Interface: configured

IP Address: 10.153.17.41
Subnet Mask: 255.255.252.0
Name: VLAN 0002
Tagged
Ports: none
Untagged Ports: none
VLAN ID: 3
VLAN Type: static
It is a Sub VLAN.
Route Interface: not configured
Name: VLAN 0003
Tagged
Ports: none
Untagged Ports:
Ethernet0/3
VLAN ID: 4
VLAN Type: static
It is a Sub VLAN.
Name: VLAN 0004
Tagged
Ports: none
Untagged Ports:
Ethernet0/4
VLAN ID: 5
VLAN Type: static
It is a Sub VLAN.
Name: VLAN 0005
Tagged
Ports: none
Untagged Ports:
Ethernet0/5

3-2

3.1.2 subvlan
Syntax
subvlan vlan-list
undo subvlan [ vlan-list ]
View
VLAN view
Parameter
vlan-list: vlan-list = { vlan-id1 [ to vlan-id2 ] } &<1-10> is the VLAN range joined by the
trunk port. It can be discrete. The vlan-id ranges from 1 to 4094. &<1-10> indicates that
the former parameter can be input 10 times repeatedly at most.
Description
Using subvlan commmand, you can establish the mapping relationship between sub
VLAN and super VLAN. Using undo subvlan commmand, you can cancel the mapping
relationship between sub VLAN and super VLAN.
Note that:
z
The sub VLAN must exist before you creat mapping between the sub VLAN and
the super VLAN.
After creating mapping between the sub VLAN and the super VLAN, you can still
add (or delete) Ethernet ports to (from) the sub VLAN.
When using the undo subvlan command without parameter, you can remove the
mapping between the specific super VLAN and all sub VLANs associated to it. If
choosing the parameter, you can remove the mapping between the specific super
VLAN and the specific sub VLAN.
For the related commands, see display supervlan.
Example
# Establish the mapping relationship between sub VLAN 3, 4, 5, 9 and super VLAN 10.
[Quidway] vlan 10
[Quidway-vlan10] supervlan
[Quidway-vlan10] subvlan 3 to 5 9
3.1.3 supervlan
Syntax
supervlan
undo supervlan
3-3

View
VLAN view
Parameter
None
Description
Using supervlan commmand, you can set current VLAN to super VLAN. Using undo
supervlan commmand, you can cancel the super VLAN type of current VLAN.
For the related commands, see display supervlan.
Example
# Set the VLAN 2 to super VLAN.
[Quidway-vlan2] supervlan

3-4
HUAWEI

Command Manual
Network Protocol
Command Manual - Network Protocol

Table of Contents
Table of Contents
Chapter 1 IP Address Configuration Commands....................................................................... 1-1
1.1 IP Address Configuration Commands ............................................................................... 1-1
1.1.1 display ip host.......................................................................................................... 1-1
1.1.2 display ip interface .................................................................................................. 1-1
1.1.3 ip address................................................................................................................ 1-3
1.1.4 ip host...................................................................................................................... 1-4
Chapter 2 ARP Configuration Commands .................................................................................. 2-1
2.1 ARP Configuration Commands.......................................................................................... 2-1
2.1.1 arp check enable ..................................................................................................... 2-1
2.1.2 arp static.................................................................................................................. 2-1
2.1.3 arp timer aging ........................................................................................................ 2-2
2.1.4 debugging arp ......................................................................................................... 2-3
2.1.5 display arp ............................................................................................................... 2-4
2.1.6 display arp | ............................................................................................................. 2-5
2.1.7 display arp interface ................................................................................................ 2-6
2.1.8 display arp slot ........................................................................................................ 2-7
2.1.9 display arp timer aging ............................................................................................ 2-7
2.1.10 display arp vlan ..................................................................................................... 2-8
2.1.11 reset arp ................................................................................................................ 2-8
2.2 Gratuitous ARP Configuration Commands........................................................................ 2-9
2.2.1 gratuitous-arp-learning enable ................................................................................ 2-9
Chapter 3 ARP Source Suppression Configuration Commands.............................................. 3-1
3.1 ARP Source Suppression Configuration Commands ........................................................ 3-1
3.1.1 arp source-suppression limit ................................................................................... 3-1
3.1.2 display arp source-suppression .............................................................................. 3-2
Chapter 4 ARP Proxy Configuration Command......................................................................... 4-1
4.1 ARP Proxy Configuration Command ................................................................................. 4-1
4.1.1 arp proxy enable...................................................................................................... 4-1
4.1.2 display arp proxy ..................................................................................................... 4-1
Chapter 5 DHCP Configuration Commands ............................................................................... 5-1
5.1 DHCP Relay Configuration Commands ............................................................................ 5-1
5.1.1 address-check ......................................................................................................... 5-1
5.1.2 address-check dhcp-relay ....................................................................................... 5-1
5.1.3 address-check no-matched..................................................................................... 5-2
5.1.4 debugging dhcp-relay.............................................................................................. 5-3
5.1.5 dhcp-security static ................................................................................................. 5-4

i

Table of Contents
5.1.6 dhcp-server ............................................................................................................. 5-5

5.1.7 dhcp-server ip.......................................................................................................... 5-6
5.1.8 display dhcp-security............................................................................................... 5-6
5.1.9 display dhcp-server ................................................................................................. 5-7
5.1.10 display dhcp-server interface vlan-interface ......................................................... 5-9
Chapter 6 IP Performance Configuration Commands ............................................................... 6-1
6.1 IP Performance Configuration Commands........................................................................ 6-1
6.1.1 display fib ................................................................................................................ 6-1
6.1.2 display icmp statistics.............................................................................................. 6-2
6.1.3 display ip socket ...................................................................................................... 6-3
6.1.4 display ip statistics .................................................................................................. 6-5
6.1.5 display tcp statistics ................................................................................................ 6-6
6.1.6 display tcp status..................................................................................................... 6-8
6.1.7 display udp statistics ............................................................................................... 6-8
6.1.8 ip.............................................................................................................................. 6-9
6.1.9 ip forward-broadcast ............................................................................................. 6-10
6.1.10 reset ip statistics.................................................................................................. 6-10
6.1.11 reset tcp statistics................................................................................................ 6-11
6.1.12 reset udp statistics .............................................................................................. 6-11
6.1.13 tcp timer fin-timeout............................................................................................. 6-12
6.1.14 tcp timer syn-timeout........................................................................................... 6-12
6.1.15 tcp window........................................................................................................... 6-13
Chapter 7 IPX Configuration Commands.................................................................................... 7-1
7.1 IPX Configuration Commands ........................................................................................... 7-1
7.1.1 display ipx interface................................................................................................. 7-1
7.1.2 display ipx routing-table .......................................................................................... 7-2
7.1.3 display ipx service-table .......................................................................................... 7-4
7.1.4 display ipx statistics................................................................................................. 7-5
7.1.5 ipx enable ................................................................................................................ 7-6
7.1.6 ipx encapsulation .................................................................................................... 7-7
7.1.7 ipx netbios-propagation........................................................................................... 7-7
7.1.8 ipx network .............................................................................................................. 7-8
7.1.9 ipx rip import-route static......................................................................................... 7-9
7.1.10 ipx rip mtu.............................................................................................................. 7-9
7.1.11 ipx rip multiplier ................................................................................................... 7-10
7.1.12 ipx rip timer update.............................................................................................. 7-10
7.1.13 ipx route load-balance-path................................................................................. 7-11
7.1.14 ipx route max-reserve-path ................................................................................. 7-12
7.1.15 ipx route-static ..................................................................................................... 7-12
7.1.16 ipx sap disable..................................................................................................... 7-13
7.1.17 ipx sap gns-disable-reply .................................................................................... 7-14
7.1.18 ipx sap gns-load-balance .................................................................................... 7-14
ii

Table of Contents
7.1.19 ipx sap max-reserve-servers............................................................................... 7-15

7.1.20 ipx sap mtu .......................................................................................................... 7-16
7.1.21 ipx sap multiplier ................................................................................................. 7-16
7.1.22 ipx sap timer update............................................................................................ 7-17
7.1.23 ipx service ........................................................................................................... 7-17
7.1.24 ipx split-horizon ................................................................................................... 7-18
7.1.25 ipx tick ................................................................................................................. 7-19
7.1.26 ipx update-change-only....................................................................................... 7-19
7.1.27 reset ipx routing-table statistics protocol............................................................. 7-20
7.1.28 reset ipx statistics ................................................................................................ 7-21

iii

Chapter 1 IP Address Configuration

Commands
Chapter 1 IP Address Configuration Commands

1.1 IP Address Configuration Commands
1.1.1 display ip host
Syntax
display ip host
View
Any view
Parameter
None
Description
Using display ip host command, you can view all the host names and the
corresponding IP addresses.
Example
# Display all hosts name and corresponding IP address of the hosts.
<Quidway> display ip host
Host
Age
Flags
Address
My
static
1.1.1.1
Aa
static
2.2.2.4
1.1.2 display ip interface

Syntax
display ip interface [ interface_type interface_num | brief ]
View
Any view
Parameter
interface_type: Port type. Interface_num: Port number. See the description of the
interface command for details.
brief: Displays basic interface configuration information.

1-1


Commands
Description
Using display ip interface command, you can view the information of an IP interface.
By default, the information about all the IP interfaces will be displayed if undo interface
is specified. This command outputs all the information related to IP on the interface,
which is useful for troubleshooting.
Example
# Display the information related to interface VLAN-Interface 1.
<Quidway> display ip interface vlan-interface 1
Vlan-interface1 current state : DOWN
Line protocol current state : DOWN
Internet Address is 1.1.1.1/8 Primary
Broadcast address : 1.255.255.255
The Maximum Transmit Unit : 1500 bytes
input packets : 0, bytes : 0, multicasts : 0
output packets : 0, bytes : 0, multicasts : 0
TTL invalid packet number:
ICMP packet input number:
Echo reply:
Unreachable:
Source quench:
Routing redirect:
Echo request:
Router advert:
Router solicit:
Time exceed:
IP header bad:
Timestamp request:
Timestamp reply:
Information request:
Information reply:
Netmask request:
Netmask reply:
Unknown type:
# Display basic configuration information.

<Quidway S6506R> display ip interface brief
Interface
IP Address
Physical
Protocol
M-Ethernet0/0/0
unassigned
down
down
Vlan-interface1
1.1.1.1
down
down

1-2


Commands
Table 1-1 Description on the fields of the display ip interface command

Field
Description
Interface
Interface type
IP Address
Interface IP Address
Physical
Interface physical state
Protocol
Interface protocol state
1.1.3 ip address
Syntax
ip address ip-address { mask | mask-length } [ sub ]
undo ip address [ ip-address { mask | mask-length } [sub ] ]
View
VLAN interface view or LoopBack interface view
Parameter
ip-address: IP address of VLAN interface.
mask: Corresponding subnet mask.
mask-length: Mask length, i.e. the length of "1" in the IP address.
sub: the secondary IP address of the VLAN interface or LoopBack interface.
Description
Using ip address command, you can configure an IP address for VLAN interface or
LoopBack interface. Using undo ip address command, you can cancel an IP
address of the VLAN interface or LoopBack interface.
By default, all interfaces IP addresses are null.
Generally, it is enough to configure one IP address for an interface. You can also
configure eight IP addresses for an interface at most, so that it can be connected to
several subnets. Among these IP addresses, one is the primary IP address and all
others are secondary. The relationship between primary and secondary addresses is:
z
When you configure a primary IP address for an interface, which already has a
primary IP address, the newly configured one will replace the old one.
If you input undo ip address command without any parameter, the switch will
delete both primary and secondary IP address of an interface. undo ip address
ip-address { mask | mask-length } command can be used to delete the primary IP
address, while undo ip address ip-address { mask | mask-length } sub
command can be used to delete the secondary IP address.
1-3


Commands
For the related command, see display ip interface.
Example
# Configure the IP address of interface VLAN interface 1 as 202.38.10.66 and subnet
mask as 255.255.255.0.
[Quidway-vlan-interface1] ip address 202.38.10.66 255.255.255.0
1.1.4 ip host
Syntax
ip host hostname ip-address
undo ip host hostname [ ip-address ]
View
System view
Parameter
hostname: Name of the host, a character string consisting of 1 to 20 characters,
including letters, numbers, or "_", and it must contain at least one letter.
ip-address: Host IP address (the corresponding IP address to the host name) in
dotted decimal notation.
Description
Using ip host command, you can configure the host name and the host IP address.
Using undo ip host command, you can cancel the host name and the host IP
address.
By default, Host name and corresponding IP address are null.
For the related command, see display ip host.
Example
# Set Lanswtich1s IP address to be 202.38.0.8.
[Quidway] ip host Lanswitch1 202.38.0.8

1-4

Chapter 2 ARP Configuration Commands

2.1 ARP Configuration Commands
2.1.1 arp check enable
Syntax
arp check enable
undo arp check enable
View
System view
Parameter
None
Description
Using arp check enable command, you can enable the checking of ARP entry, that is,
the device does not learn the ARP entry where the MAC address is multicast MAC
address. Using undo arp check enable command, you can disable the checking of
ARP entry, that is, the device learns the ARP entry where the MAC address is
multicast MAC address.
By default, the checking of ARP entry is enabled, that is, the device does not learn the
ARP entry where the MAC address is multicast MAC address.
Example
# Configure that the device learns the ARP entry where the MAC address is multicast
MAC address.
[Quidway] undo arp check enable
2.1.2 arp static

Syntax
arp static ip-address mac-address [ vlan-id { interface_type interface_num |
interface_name } ]
undo arp ip-address
View
System view
2-1

Parameter
ip-address: IP address of the ARP mapping entry.
mac-address: MAC address of ARP mapping entry, whose format is H-H-H ( H
indicates a hexadecimal number).
vlan-id: VLAN to which the static ARP entry belongs, which is in the range of 1 to
4094.
interface_name: Port to which the static ARP entry belong, represented with
interface_name= interface_type interface_num. interface_type is port type and
interface_num is port number. For details about interface_type, interface_num and
interface_name, refer to the Port Command Manual.
Description
Using arp static command, you can configure the static ARP mapping entries in an
ARP mapping table. Using undo arp static command, you can cancel a static ARP
mapping entry from the ARP table
By default, the mapping table of the system ARP is empty and the switch can maintain
its address mapping by means of dynamic ARP.
Note that:
z
Static ARP map entry will be always valid as long as Ethernet switch works
normally. But if you modify or delete VLAN interfaces, delete VLANs or delete
ports from VLANs to make ARP invalid, the ARP mapping entry will be also
deleted. The valid period of dynamic ARP map entries will last only 20 minutes by
default.
The parameter vlan-id must be the ID of a VLAN that has been created by the
user, and the Ethernet port specified behind this parameter must belong to the
VLAN.
The aggregation port or port with LACP enabled cannot be set as the egress port
of static ARP.
For the related command, see reset arp, display arp, debugging arp.
Example
# Associate the IP address 202.38.10.2 with the MAC address 00e0-fc01-0000, and
the ARP mapping entry belongs to the Ethernet port Ethernet1/0/1 on VLAN1.
[Quidway] arp static 202.38.0.10 00e0-fc01-0000 1 ethernet1/0/1
2.1.3 arp timer aging

Syntax
arp timer aging aging-time
undo arp timer aging
2-2

View
System view
Parameter
aging-time: Aging time of dynamic ARP aging timer, which is in the range of 1 to 1440
minutes. By default, the aging time is 20 minutes.
Description
Using arp timer aging command, you can configure the dynamic ARP aging timer.
Using undo arp timer aging command, you can restore the default dynamic ARP
aging time.
For the related command, see display arp timer aging.
Example
# Configure the dynamic ARP aging timer to 10 minutes.
[Quidway] arp timer aging 10
2.1.4 debugging arp

Syntax
debugging arp packet
undo debugging arp packet
View
User view
Parameter
packet: ARP packet debugging.
Description
Using debugging arp command, you can enable ARP debugging. Using undo
debugging arp command, you can disable the corresponding ARP debugging.
By default, undo ARP debugging is enabled.
For the related command, see arp static, display arp.
Example
# Enable ARP packet debugging.
<Quidway> debugging arp packet
*Aug 31 10:30:20 2005 C_0.6506r ARP/8/arp_send:Send an ARP Packet, operation :
1

2-3

,
sender_eth_addr
0019-9612-0601,sender_ip_addr
10.0.0.2,
target_eth_addr :
0000-0000-0000, target_ip_addr : 10.153t d

*Aug 31 10:30:20 2005 C_0.6506r ARP/8/arp_rcv:Receive an ARP Packet,
operation :
2,
sender_eth_addr
000f-1f9b-8b98,
sender_ip_addr
10.153.81.10,
target_eth_
addr : 0019-9612-0601, target_ip_addr : 10.0.0.2

*Aug 31 10:30:21 2005 C_0.6506r ARP/8/arp_send:Send an ARP Packet, operation :
1
,
sender_eth_addr
0019-9612-0601,sender_ip_addr
193.1.1.2,
target_eth_addr :
0000-0000-0000, target_ip_addr : 193.1.1.4
*Aug 31 10:30:21 2005 C_0.6506r ARP/8/arp_rcv:Receive an ARP Packet,
operation :
2,
sender_eth_addr
000f-e200-8001,
sender_ip_addr
193.1.1.4,
target_eth_add
r : 0019-9612-0601, target_ip_addr : 193.1.1.2
Table 2-1 Output description of the debugging arp packet display

Field
Description
operation
Kind of ARP packets: 1 ARP request packet; 2 ARP reply

packet
sender_eth_addr
Ethernet address of the sender
sender_ip_addr
IP address of the sender
target_eth_addr
Target Ethernet address. If the packet is ARP request packet,

the target IP address will be 0
target_ip_addr
Target IP address
2.1.5 display arp

Syntax
display arp [ ip-address | [ dynamic | static ]
View
Any view
Parameter
dynamic: Display the dynamic ARP entries in ARP mapping table.

2-4

static: Display the static ARP entries in ARP mapping table.

ip-address: Display ARP mapping entries according to specified IP address.
Description
Using display arp command, you can view the ARP mapping table.
For the related command, see arp static, reset arp, debugging arp.
Example
# Display all the ARP entries.
<Quidway> display arp
Type: S-Static
D-Dynamic
IP Address
MAC Address
VLAN ID Port Name
Aging
Type
10.1.1.2
00e0-fc01-0102
N/A
N/A
N/A
1.1.1.9
0010-5ce1-1ae6 1
Ethernet3/0/12
17
1.1.1.11
000f-1f9b-8ab2 1
Ethernet3/0/1
18
---
3 entries found
---
Table 2-2 Output description of the display arp display

Field
Description
IP Address
IP address of the ARP mapping entry
MAC Address
MAC address of the ARP mapping entry
VLAN ID
VLAN to which the static ARP entry belongs
Port Name
Port to which the static ARP entry belongs
Aging
Aging time of dynamic ARP entry in minutes
Type
Type of ARP entry
2.1.6 display arp |

Syntax
display arp | { begin | include | exclude } text
View
Any view
Parameter
begin: Displays ARP mapping entries containing the specified text from the first entry
to the last one.

2-5

include: Only displays ARP mapping entries containing specified texts.

exclude: Displays ARP mapping entries that do not contain the specified texts.
text: Text contained in the ARP mapping entries .
Description
Use the display arp | command to display the ARP mapping table containing the
specified text content.
Related command: arp static, reset arp, debugging arp.
Example
# Display the ARP mapping entries containing specified text 1 the first entry to the last
one.
<Quidway> display arp | begin 1
Type: S-Static D-Dynamic
IP Address
MAC Address
VLAN ID Port Name
1.1.1.9
0010-5ce1-1ae6 1
Ethernet3/0/12
1.1.1.11
000f-1f9b-8ab2 1
Ethernet3/0/1
Aging Type
17
18
D
D
--- 2 entries found --For description on all fields in the above display information, refer to Table 2-2.
2.1.7 display arp interface

Syntax
display arp interface interface_type interface_num
View
Any view
Parameter
interface_type: Port type. interface_num: Port number. See the description of the
interface command for details.
Description
Using the display arp interface command, you can view the ARP mapping table of a
specified port.
Example
# Display the ARP table of Ethernet 2/0/1.
[Quidway]display arp interface ethernet 2/0/1

2-6

Type: S-Static D-Dynamic

IP Address
10.1.1.2
MAC Address
VLAN ID Port Name
00e0-fc01-0102 1
Ethernet3/0/1
Aging Type
N/A S
2.1.8 display arp slot

Syntax
display arp slot slot-id
View
Any view
Parameter
slot-id: Slot ID on the switch
Description
Using the display arp slot command, you can view the ARP mapping table of a
specified slot.
Example
# Display the ARP table of slot 3.
[Quidway]display arp slot 3
Type: S-Static
D-Dynamic
IP Address
MAC Address
VLAN ID Port Name
10.1.1.2
00e0-fc01-0102 1
Ethernet3/0/1
Aging Type
N/A
2.1.9 display arp timer aging

Syntax
display arp timer aging
View
Any view
Parameter
vlan-id: VLAN interface ID.
Description
Using display arp timer aging command, you can view the current setting of the
dynamic ARP map aging timer.
For the related command, see arp timer aging.
2-7

Example
# Display the current setting of the ARP map aging timer.
[Quidway] display arp timer aging
Current ARP aging time is 10 minute(s)
2.1.10 display arp vlan

Syntax
display arp vlan vlan-id
View
Any view
Parameter
vlan-id: VALN interface ID
Description
Using the display arp vlan command, you can view the ARP mapping table of a
specified VLAN.
Example
# Display the ARP table of VLAN1.
[Quidway]display arp vlan 1
Type: S-Static
D-Dynamic
IP Address
MAC Address
VLAN ID Port Name
10.1.1.2
00e0-fc01-0102 1
Ethernet3/0/1
Aging Type
N/A
2.1.11 reset arp

Syntax
reset arp [ dynamic | static | interface { interface_type interface_num |
interface_name } ]
View
User view
Parameter
dynamic: Clear the dynamic ARP mapping entries.
static: Clear the static ARP mapping entries

2-8

interface interface_name: Clear the ARP mapping entries that are related to the
specified. port, represented with interface_name= interface_type interface_num.
interface_type is port type and interface_num is port number. For details about
interface_type, interface_num and interface_name, refer to the Port Command
Manual.
Description
Using reset arp command, you can reset the ARP mapping entries.
For the related command, see arp static, display arp.
Example
# Reset the static ARP entries.
<Quidway> reset arp static
2.2 Gratuitous ARP Configuration Commands

2.2.1 gratuitous-arp-learning enable
Syntax
gratuitous-arp-learning enable
undo gratuitous-arp-learning enable
View
System view
Parameter
None
Description
Use the gratuitous-arp-learning enable command to enable gratuitous ARP packet
learning.
Use the undo gratuitous-arp-learning enable command to disable this function.
By default, gratuitous ARP packet learning is disabled.
Gratuitous ARP function is to implement the following functions by sending out
gratuitous ARP packets:
z
By sending gratuitous ARP packets, network devices can figure out whether the
IP addresses of other devices conflict with its own.
If the device which sends the gratuitous ARP packet changed its hardware
address (probably, it turns off, has its interface card changed, and then reboots),
this packet can make old hardware address in the cache of other devices update
accordingly.
2-9

Related command: debugging arp packet.
Example
# Enable gratuitous ARP packet learning on the switch Quidway A.
<QuidwayA> system-view
[QuidwayA] gratuitous-arp-learning enable

2-10

Chapter 3 ARP Source Suppression

Configuration Commands

3.1 ARP Source Suppression Configuration Commands
3.1.1 arp source-suppression limit
Syntax
arp source-suppression limit { total | local | through } limit-value
undo arp source-suppression limit { total | local | through }
View
System view
Parameter
total: Restricts the maximum number of any ARP packets sent to the CPU. These
packets have any source and destination IP addresses.
local: Restricts the maximum number of the ARP packets sent to the CPU within unit
time. These packets have the same source IP addresses and their destination
addresses are the IP address of the current switch.
through: Restricts the maximum number of the passing ARP packets with the same
source IP addresses sent to the CPU within unit time. These packets have the same
source IP addresses and their destination addresses are not the IP address of the
current switch.
limit-value: Maximum number of the ARP packets sent to the CPU within unit time. It
ranges from 1 to 4,294,967,295 when local or total keyword or is chosen, and ranges
from 0 to 4,294,967,295 when through keyword is chosen.
Description
Use the arp source-suppression limit command to configure the maximum number
of ARP packets sent to the CPU in unit time.
Use the undo arp source-suppression limit command to restore the default value.
By defaut, the maximum number of ARP packets sent to the CPU in unit time is
related to ARP packet types:
z
The default number is 4,294,967,295 (without limitation) for the total keyword.
The default number is 3 for the local keyword.
The default number is 3 for the through keyword.

3-1


Related command: display arp source-suppression.
Example
# Set the maximum number of any ARP packets sent to the CPU within unit time to
100.
[Quidway] arp source-suppression limit total 100
3.1.2 display arp source-suppression

Syntax
display arp source-suppression
View
Any view
Parameter
None
Description
Use the display arp source-suppression command to display the information about
ARP source suppression configuration for the current switch.
Example
# Display the information about ARP source suppression configuration for the current
switch.
<Quidway> display arp source-suppression
ARP suppression limit total: 4294967295
ARP suppression limit local: 3
ARP suppression limit through: 3

3-2


Table 3-1 Description on the fields of the display arp source-suppression command
Field
Description
ARP suppression limit total:
Maximum number of any ARP packets sent to the

CPU in unit time
ARP suppression limit local:
Maximum number of ARP packets sent to the CPU

in unit time. These packets have the same source
IP addresses and their destination addresses are
the IP address of the current switch.
ARP
suppression
through:
Maximum number of passing ARP packets sent to

the CPU in unit time. These packets have the same
source IP addresses and their destination
addresses are not the IP address of the current
switch.
limit

3-3

Chapter 4 ARP Proxy Configuration

Command
Chapter 4 ARP Proxy Configuration Command

4.1 ARP Proxy Configuration Command
4.1.1 arp proxy enable
Syntax
arp proxy enable
undo arp proxy enable
View
VLAN interface view
Parameter
None
Description
Use the arp proxy enable command to enable ARP proxy. Use the undo arp proxy
enable command to disable ARP proxy.
See display arp proxy for related configuration.
Example
# Enable the ARP proxy of VLAN 2 virtual interface.
[Quidway-Vlan-interface2] arp proxy enable
4.1.2 display arp proxy

Syntax
display arp proxy [ interface interface_type interface_num ]
View
Any view
Parameter

4-1

Chapter 4 ARP Proxy Configuration

Command
Description
Use the display arp proxy command to view the ARP proxy status: enabled or
disabled.
See arp proxy enable for related configuration.
Example
# Display the ARP proxy status of interface VLAN 2
[Quidway] display arp proxy

4-2

Chapter 5 DHCP Configuration Commands

5.1 DHCP Relay Configuration Commands
5.1.1 address-check
Syntax
address-check enable
address-check disable
View
VLAN interface view
Parameter
None
Description
Using address-check enable command, you can enable the security features of
DHCP relay and enable the user address validity check on VLAN interface. Using
address-check disable command, you can disable the security features of DHCP
relay and disable the user address validity check on VLAN interface.
By default, the switch disables DHCP security features function.
Example
# Enable the security features of DHCP relay on VLAN1 interface.
[Quidway-Vlan-interface1] address-check enable
5.1.2 address-check dhcp-relay

Syntax
address-check dhcp-relay enable
address-check dhcp-relay disable
View
VLAN interface view
Parameter
None

5-1

Description
Use the address-check dhcp-relay enable command to activate the dynamic
entries generated by the DHCP relay.
Use the address-check dhcp-relay disable command to deactivate the dynamic
entries generated by the DHCP relay
By default, the dynamic entries generated by the DHCP relay are activated.
Only when the dynamic entries are activated, the corresponding devices can pass the
DHCP security check.
This configuration takes effect only when the DHCP security feature is enabled on the
VLAN interface.
Example
# Deactivate the dynamic entries generated by the DHCP relay.
[Quidway-Vlan-interface1] address-check dhcp-relay disable
5.1.3 address-check no-matched

Syntax
address-check no-matched enable
address-check no-matched disable
View
VLAN interface view
Parameter
None
Description
Use the address-check no-matched enable command to inhibit unknown machines
from passing through the DHCP security check.
Use the address-check no-matched disable command to allow unknown machines
to pass through the DHCP security check.
By default, unknown machines are inhibited from passing through the DHCP security
check.

5-2

The so called unknown machine is a device which IP and MAC addresses are not
contained in any DHCP security table entry.
This configuration takes effect only when the DHCP security feature is enabled on the
VLAN interface.
Example
# Inhibit unknown machines from passing through the DHCP security check on a
VLAN interface.
[Quidway-Vlan-interface1] address-check no-matched enable
5.1.4 debugging dhcp-relay

Syntax
debugging dhcp-relay
undo debugging dhcp-relay
View
User view
Parameter
None
Description
Using debugging dhcp-relay command, you can enable DHCP relay debugging.
Using undo debugging dhcp-relay command, you can disable the DHCP relay
debugging.
By default, DHCP relay debugging is disabled.
For the related command, see dhcp-server ip, dhcp-server, display dhcp-server,
display dhcp-server interface vlan-interface.
Example
# Enable DHCP relay debugging.
<Quidway> debugging dhcp-relay
*0.7200205-DHCP-8-dhcp_debug:
From client to DHCP Server:
Interface: VLAN-Interface 1
ServerGroupNo: 0

5-3

Type: dhcp-request
ClientHardAddress: 0010-dc19-695d
DHCP ServerIpAddress: 192.168.1.2
*0.7200230-DHCP-8-dhcp_debug:
From DHCP Server to client:
Interface: VLAN-Interface 1
ServerGroupNo: 0
Type: dhcp-ack
ClientHardAddress: 0010-dc19-695d
AllocatedIpAddress: 10.1.1.1
*0.7200580-DHCP-8-largehop:
Discard DHCP request packet because of too large hop count!
*0.7200725-DHCP-8-invalidpkt:
Wrong DHCP packet!
Table 5-1 Description of information generated by the command debugging

dhcp-relay
Field
Description
Interface
Virtual interface of VLAN performing DHCP Relay
ServerGroupNo
DHCP Server group number for Relay
Type
DHCP packet type for Relay
ClientHardAddress
Hardware address of Client
ServerIpAddress
IP address of DHCP Server
AllocatedIpAddress
IP address allocated to Client
5.1.5 dhcp-security static

Syntax
dhcp-security static ip_address mac_address
undo dhcp-security { ip_address | all | dynamic | static }
View
System view
Parameter
ip_address: User IP address.
5-4

mac_address: User MAC address.

all: Cancel all address table entry.
dynamic: Cancel dynamic address table entry.
static: Cancel static address table entry.
Description
Using dhcp-security static command, you can configure a static address table entry
of DHCP Server group. Using undo dhcp-security command, you can cancel a
address table entry of DHCP Server group.
You can use the display dhcp-security command to view the user configuration of
DHCP Server group before you change corresponding IP address of the DHCP
Server group.
For the related command, see display dhcp-security.
Example
# Configure the user IP address and MAC address of DHCP Server group as 1.1.1.1
and 0005-5D02-F2B3 respectively.
[Quidway] dhcp-security static 1.1.1.1 0005-5D02-F2B3
5.1.6 dhcp-server
Syntax
dhcp-server groupNo
undo dhcp-server
View
VLAN interface view
Parameter
groupNo: DHCP Server group number; ranging from 0 to 19.
Description
Using dhcp-server command, you can configure the native DHCP Server group of
VLAN interface. Using undo dhcp-server command, you can cancel the VLAN
interface from its native DHCP Server group.
For the related command, see dhcp-server ip, display dhcp-server, display
dhcp-server interface vlan-interface, debugging dhcp-relay.
Example
# Add VLAN-Interface 1 to DHCP Server group1.

5-5

[Quidway-Vlan-interface1] dhcp-server 1
5.1.7 dhcp-server ip
Syntax
dhcp-server groupNo ip ipaddress1 [ ipaddress2 ]
undo dhcp-server groupNo
View
System view
Parameter
groupNo: DHCP Server group number; the valid groupNo ranges from 0 to 19.
ipaddress1:IP address of the DHCP Server1 in the group.
ipaddress2:IP address of the DHCP Server2 in the group.
Description
Using dhcp-server ip command, you can configure the IP address of DHCP Server
adopted by the DHCP Server group. Using undo dhcp-server ip command, you can
cancel the IP addresses all the DHCP Servers in DHCP Server group.
For the related command, see dhcp-server, display dhcp-server, debugging
dhcp-relay.
Example
# Configure IP addresses of the DHCP Servers of DHCP Server group1 as 1.1.1.1
and 2.2.2.2 respectively.
[Quidway] dhcp-server 1 ip 1.1.1.1 2.2.2.2
5.1.8 display dhcp-security

Syntax
display dhcp-security [ ip_address | dynamic | static ]
View
Any view
Parameter
ip_address: User IP address.
dynamic: Display dynamic address table entry.
static: Display static address table entry.

5-6

Description
Using display dhcp-security command, you can view all the IP addresses in valid
user address table ofDHCP Server group.
Example
# Display all the IP addresses in valid user address table of DHCP Server group.
<Quidway>display dhcp-security
IP Address
MAC Address
IP Address Type
2.2.2.2
0005-5d02-f2b2
Static
3.3.3.3
0005-5d02-f2b3
Dynamic
---
2 dhcp-security item(s) found
---
Table 5-2 Output description of the display dhcp-security display

Field
Description
IP Address
IP address of the DHCP Server group
MAC Address
User MAC address of DHCP Server group
IP Address Type
Type of user address table entry, including dynamic

address entry and static address entry
5.1.9 display dhcp-server

Syntax
display dhcp-server groupNo
View
Any view
Parameter
groupNo: DHCP Server group.
Description
Using display dhcp-server command, you can view the related information of DHCP
Server group.
For the related command, see dhcp-server ip, dhcp-server, display dhcp-server
interface vlan-interface, debugging dhcp-relay.
Example
# View the related information of DHCP Server group 0.
<Quidway> display dhcp-server 0
5-7

The first IP address of DHCP Server group 0:
1.1.1.1
The second IP address of DHCP Server group 0:
1.1.1.2
Messages from this server group: 0

Messages to this server group: 0
Messages from clients to this server group: 0
Messages from this server group to clients: 0
DHCP_OFFER messages: 0
DHCP_ACK messages: 0
DHCP_NAK messages: 0
DHCP_DECLINE messages: 0
DHCP_DISCOVER messages: 0
DHCP_REQUEST messages: 0
DHCP_INFORM messages: 0
DHCP_RELEASE messages: 0
Table 5-3 Output description of the display dhcp-server display

Field
Description
The first IP address of DHCP

Server group 0
IP address of the master DHCP Server in

DHCP Server group 0
The second IP address of DHCP

Server group 0
IP address of the slave DHCP Server in DHCP

Server group0
Messages from this server group
Number of packets that DHCP relay received

from this DHCP Server group
Messages to this server group
Number of packets that DHCP relay sends to

this DHCP Server group
Messages from clients to this

server group
Number of packets that DHCP relay receives

from client.
Messages from this server group

to clients
Number of packets that DHCP relay sends to

client
DHCP_OFFER messages
Number of OFFER packets received by DHCP

relay
DHCP_ACK messages
Number of ACK packets received by DHCP

relay
DHCP_NAK messages
Number of NAK packets received by DHCP

relay
DHCP_DECLINE messages
Number of DECLINE packets received by

DHCP relay
DHCP_DISCOVER messages
Number of DISCOVER packets received by

DHCP relay.
DHCP_REQUEST messages
Number of REQUEST packets received by

DHCP relay

5-8

Field
Description
DHCP_INFORM messages
Number of INFORM packets received by

DHCP relay
DHCP_RELEASE messages
Number of RELEASE packets received by

DHCP relay
5.1.10 display dhcp-server interface vlan-interface

Syntax
display dhcp-server interface vlan-interface vlan-id
View
Any view
Parameter
vlan-id: VLAN interface ID.
Description
Using display dhcp-server interface vlan-interface command, you can view the
information of the DHCP Server group corresponding to VLAN interface.
For the related command, see dhcp-server, display dhcp-server, debugging
dhcp-relay.
Example
# View the information of the DHCP Server group corresponding to VLAN-Interface 2.
<Quidway> display dhcp-server interface vlan-interface 2
The DHCP Server group of this interface is 0
The information shown above indicates that vlan-interface 2 is configured with a

DHCP Server group with ID as 0.

5-9

Chapter 6 IP Performance Configuration

Commands

Commands
6.1 IP Performance Configuration Commands
6.1.1 display fib
Syntax
display fib
View
Any view
Parameter
None
Description
Using display fib command, you can view the summary of the Forwarding
Information Base. The information includes: destination address/mask length, next
hop, current flag and outbound interface.
Example
# Display the summary of the Forwarding Information Base.
<Quidway> display fib
Flag D:Direct, I:Indirect, B:BlackHole, R:Reject, N:Not Use
Destination/Mask
127.0.0.0/8
Nexthop
Flag
Interface
127.0.0.1
InLoopBack0
1.1.1.0/24
1.1.1.1
Vlan-interface1
1.1.1.1/32
127.0.0.1
InLoopBack0

6-1


Commands
Table 6-1 Description of the output information of the display fib command
Field
Description
Destination/Mask
Destination/Mask length
Nexthop
Nexthop address
The flag options include:
D Direct route
I Indirect route
Flag
B Blackhole route
R Refused and unavailable route
N Route which is not used
Interface
Interface to forward packets
6.1.2 display icmp statistics

Syntax
display icmp statistics
View
Any view
Parameter
None
Description
Using display icmp statistics command, you can view the statistics information
about ICMP packets.
For the related command, see display ip interface, reset ip statistics.
Example
# View statistics about ICMP packets.
<Quidway> display icmp statistics
Input: bad formats
bad checksum
echo
destination unreachable 0
source quench 0
redirects
echo reply
10
parameter problem
timestamp
information request
mask replies
mask requests 0
time exceeded 0
Output:echo
10
destination unreachable 0

6-2


Commands
source quench 0
redirects
echo reply
parameter problem
timestamp
information reply
mask requests 0
mask replies
0
0
time exceeded 0
Table 6-2 Description of the output information of the display icmp statistics
command
Field
Description
bad formats
Number of input packets in bad format
bad checksum
Number of input packets with wrong checksum
echo
Number of input/output echo request packets
destination unreachable
Number of input/output packets with unreachable

destination
source quench
Number of input/output source quench packets
redirects
Number of input/output redirected packets
echo reply
Number of input/output echo reply packets
parameter problem
Number of input/output packets with parameter problem
timestamp
Number of input/output timestamp packets
information request
Number of input information request packets
mask requests
Number of input/output mask request packets
mask replies
Number of input/output mask reply packets
information reply
Number of output information reply packets
time exceeded
Number of time exceeded packets
6.1.3 display ip socket

Syntax
display ip socket [ socktype sock-type ] [ task-id socket-id ]
View
Any view
Parameter
sock-type: The type of a socket: (tcp:1, udp 2, raw ip 3).
task-id: The ID of a task, with the value ranging from 1 to 100.
socket-id: The ID of a socket, with the value ranging from 0 to 3072.
6-3


Commands
Description
Using the display ip socket command, you can display the information about the
sockets in the current system.
Example
# Display the information about the socket of TCP type.
<Quidway> display ip socket socktype 1
SOCK_STREAM:
Task = VTYD(18), socketid = 1, Proto = 6,
LA = 0.0.0.0:23, FA = 0.0.0.0:0,
sndbuf = 8192, rcvbuf = 8192, sb_cc = 0, rb_cc = 0,
socket option = SO_ACCEPTCONN SO_KEEPALIVE SO_SENDVPNID SO_SETKEEPALIVE,
socket state = SS_PRIV SS_ASYNC

LA = 10.153.17.99:23, FA = 10.153.17.56:1161,
socket option = SO_KEEPALIVE SO_OOBINLINE SO_SENDVPNID SO_SETKEEPALIVE,
socket state = SS_ISCONNECTED SS_PRIV SS_ASYNC

LA = 10.153.17.99:23, FA = 10.153.17.82:1121,
socket option = SO_KEEPALIVE SO_OOBINLINE SO_SENDVPNID SO_SETKEEPALIVE,
socket state = SS_ISCONNECTED SS_PRIV SS_ASYNC
Table 6-3 Output description of the display ip socket display

Field
Description
SOCK_STREAM
The socket type
Task
The ID of a task
socketid
The ID of a socket
Proto
The protocol number used by the socket
sndbuf
The sending buffer size of the socket
rcvbuf
The receiving buffer size of the socket
sb_cc
The current data size in the sending buffer. The value

makes sense only for the socket of TCP type, because only
TCP is able to cache data
rb_cc
The current data size in the receiving buffer
socket option
The option of the socket

6-4


Commands
Field
Description
socket state
The state of the socket
6.1.4 display ip statistics

Syntax
display ip statistics
View
Any view
Parameter
None
Description
Using display ip statistics command, you can view the statistics information about
IP packets.
For the related command, see display ip interface, reset ip statistics.
Example
# View statistics about IP packets.
<Quidway> display ip statistics
Input:
Output:
sum
7120
local
112
bad protocol
bad format
bad checksum
bad options
forwarding
local
27
dropped
no route
output
compress fails 0
Fragment:input
dropped
fragmented
couldn't fragment 0
timeouts
Reassembling:sum

6-5


Commands
Table 6-4 Description of the output information of the display ip statistics command
Field
Input:
Output:
Fragment:
Reassembli
ng:
Description
sum
Sum of input packets
local
Number of received packets whose destination is

the local device
bad protocol
Number of packets with wrong protocol number
bad format
Number of packets in bad format
bad checksum
Number of packets with wrong checksum
bad options
Number of packets that has wrong options
forwarding
Number of forwarded packets
local
Number of packets that are sent by the local device
dropped
Number of dropped packets during transmission
no route
Number of packets that cannot be routed
compress fails
Number of packets that cannot be compressed
input
Number of input fragments
output
Number of output fragments
dropped
Number of dropped fragments
fragmented
Number of packets that are fragmented
couldn't
fragment
Number of packets that cannot be fragmented
sum
Number of packets that are reassembled
timeouts
Number of packets that time out
6.1.5 display tcp statistics

Syntax
display tcp statistics
View
Any view
Parameter
None

6-6


Commands
Description
Using display tcp statistics command, you can view the statistics information about
TCP packets.
The statistics information about TCP packets are divided into two major kinds which
are Received packets and Sent packets. And each kind of packets are further divided
into different kinds such as window probe packets, window update packets, duplicate
packets, and out-of-order packets. Some statistics information that is closely related
to TCP connection, such as window probe packets, window update packets, and data
packets retransmitted is also displayed. All these displayed information are measured
in packet.
For the related commands, see display tcp status, reset tcp statistics.
Example
# View statistics about TCP packets.
[Quidway]display tcp statistics
Received packets:
Total: 753
packets in sequence: 412 (11032 bytes)
window probe packets: 0, window update packets: 0
checksum error: 0, offset error: 0, short error: 0
duplicate packets: 4 (88 bytes), partially duplicate packets: 5 (7 bytes)
out-of-order packets: 0 (0 bytes)
packets of data after window: 0 (0 bytes)
packets received after close: 0
ACK packets: 481 (8776 bytes)
duplicate ACK packets: 7, too much ACK packets: 0
Sent packets:
Total: 665
urgent packets: 0
control packets: 5 (including 1 RST)
window probe packets: 0, window update packets: 2
data packets: 618 (8770 bytes) data packets retransmitted: 0 (0 bytes)
ACK-only packets: 40 (28 delayed)
Retransmitted timeout: 0, connections dropped in retransmitted timeout: 0

Keepalive timeout: 0, keepalive probe: 0, Keepalive timeout, so connections
disconnected : 0
Initiated connections: 0, accepted connections: 0, established connections:
0
Closed connections: 0 (dropped: 0, initiated dropped: 0)

6-7


Commands
Packets dropped with MD5 authentication: 0

Packets permitted with MD5 authentication: 0
6.1.6 display tcp status

Syntax
display tcp status
View
Any view
Parameter
None
Description
Using display tcp status command, you can view the TCP connection state.
Example
# Display the state of all TCP connections.
<Quidway> display tcp status
TCPCB
Local Add:port
Foreign Add:port
State
03e37dc4
0.0.0.0:4001
0.0.0.0:0
Listening
04217174
100.0.0.204:23
100.0.0.253:65508
EstablishedOutput
description of the display tcp status display

Information
Description
Local Add: port
Local IP address: local port
Foreign Add: port
Remote IP address; remote port
State
State of the TCP link
6.1.7 display udp statistics

Syntax
display udp statistics
View
Any view
Parameter
None
6-8


Commands
Description
Using the display udp statistics command, you can view UDP traffic statistic
information.
The statistic information includes sent and received packets, which include different
types of packets such as checksum and error packets. The statistic information also
includes information related closely to connections such as the number of broadcast
packets. Note that the above information is count in packets.
For relate configuration, please refer to the reset udp statistics command.
Example
# Display the UDP traffic statistic information.
<Quidway> display udp statistics
Received packet:
Total:0
checksum error:0
shorter than header:0, data length larger than packet:0
no socket on port:0
broadcast:0
not delivered, input socket full:0
input packets missing pcb cache:0
Sent packet:
Total:0
6.1.8 ip
Syntax
ip { redirects | ttl-expires | unreachables }
undo ip { redirects | ttl-expires | unreachables }
View
System view
Parameter
redirects: Set whether to send redirection packets to CPU.
ttl-expires: Set whether to send TTL timeout packets to CPU.
unreachables: Set whether to send route unreachable packets to CPU.
Description
Using ip { redirects | ttl-expires | unreachables } command, you can set redirection
packets, TTL timeout packets and route unreachable packets sent to CPU for further
6-9


Commands
processing. Using undo ip { redirects | ttl-expires | unreachables } command, you

can set redirection packets, TTL timeout packets and route unreachable packets not
sent to CPU.
By default, redirection packets and route unreachable packets are not sent to CPU,
while TTL timeout packets are sent to CPU.
Example
# Set redirection packets sent to CPU for further processing.
[Quidway] ip redirects
6.1.9 ip forward-broadcast
Syntax
ip forward-broadcast
undo ip forward-broadcast
View
System view
Parameter
None
Description
Using ip forward-broadcast command, you can configure to forward L3 broadcast
packets. Using undo ip forward-broadcast command, you can disable to forward
broadcast packets.
By default, L3 broadcast packets is forwarded.
Example
# Enable the switch to forward broadcast packets.
[Quidway] ip forward-broadcast
6.1.10 reset ip statistics

Syntax
reset ip statistics
View
User view

6-10


Commands
Parameter
None
Description
Using reset ip statistics command, you can clear the IP statistics information.
For the related commands, see display ip interface, display ip statistics.
Example
# Clear the IP statistics information.
<Quidway> reset ip statistics
6.1.11 reset tcp statistics

Syntax
reset tcp statistics
View
User view
Parameter
None
Description
Using reset tcp statistics command, you can clear the TCP statistics information.
For the related command, see display tcp statistics.
Example
# Clear the TCP statistics information.
<Quidway> reset tcp statistics
6.1.12 reset udp statistics

Syntax
reset udp statistics
View
User view
Parameter
None

6-11


Commands
Description
Using the reset udp statistics command, you can clear the UDP statistics
information.
Example
# Clear the UDP traffic statistics information.
<Quidway> reset udp statistics
6.1.13 tcp timer fin-timeout

Syntax
tcp timer fin-timeout time-value
undo tcp timer fin-timeout
View
System view
Parameter
time-value: TCP finwait timer value in second, with the value ranging from 76 to 3600;
By default, 675 seconds.
Description
Using tcp timer fin-timeout command, you can configure the TCP finwait timer.
Using undo tcp timer fin-timeout command, you can restore the default value of the
TCP finwait timer.
When the TCP connection state changes from FIN_WAIT_1 to FIN_WAIT_2, the
finwait timer is enabled. If the switch does not receive FIN packet before finwait timer
timeouts, the TCP connection will be terminated.
For the related command, see tcp timer syn-timeout, tcp window.
Example
# Configure the TCP finwait timer value as 800 seconds.
[Quidway] tcp timer fin-timeout 800
6.1.14 tcp timer syn-timeout

Syntax
tcp timer syn-timeout time-value
undo tcp timer syn-timeout

6-12


Commands
View
System view
Parameter
time-value: TCP synwait timer value measured in second, whose value ranges from 2
to 600. The default time-value is75 seconds.
Description
Using tcp timer syn-timeout command, you can configure the TCP synwait timer.
Using undo tcp timer syn-timeout command, you can restore the default value of
the timer.
TCP will enable the synwait timer, if a SYN packet is sent. The TCP connection will be
terminated If the response packet is not received.
For the related command, see tcp timer fin-timeout, tcp window.
Example
# Configure the TCP synwait timer value as 80 seconds.
[Quidway] tcp timer syn-timeout 80
6.1.15 tcp window

Syntax
tcp window window-size
undo tcp window
View
System view
Parameter
window-size:The size of the transmission and receiving buffers measured in kilobytes
(KB), whose value ranges from 1 to 32. By default, the window-size is 8KB.
Description
Using tcp window command, you can configure the size of the transmission and
receiving buffers of the connection-oriented Socket. Using undo tcp window
command, you can restore the default size of the buffer.
For the related command, see tcp timer fin-timeout, tcp timer syn-timeout.
Example
# Configure the size of the transmission and receiving buffers as 3KB.

6-13


Commands
[Quidway] tcp window 3

6-14

Chapter 7 IPX Configuration Commands

7.1 IPX Configuration Commands
7.1.1 display ipx interface
Syntax
display ipx interface [ vlan-interface vlan-id ]
View
Any view
Parameter
vlan-id: Specifies a VLAN interface by specifying its VLAN ID.
Description
Using the display ipx interface command, you can view the IPX information of the
specified VLAN interface.
If no vlan-id is specified, the IPX information of all the IPX-enabled VLAN interfaces is
displayed.
Example
# Display the IPX information of VLAN interface 1.
<Quidway> display ipx interface Vlan-interface 1
Vlan-interface1 is down
IPX address is 1.0020-9c68-448e [down]
SAP is enabled
Split horizon is enabled
Update change only is disabled
Forwarding of IPX type 20 propagation packet is disabled
Delay of this IPX interface, in ticks is 1
SAP GNS response is enabled
RIP packet maximum size is 432 bytes
SAP packet maximum size is 480 bytes
IPX encapsulation is Netware 802.3
0 received, 0 sent
0 bytes received, 0 bytes sent
0 RIP received, 0 RIP sent, 0 RIP discarded
0 RIP specific requests received, 0 RIP specific responses sent

7-1

0 RIP general requests received, 0 RIP general responses sent

0 SAP received, 0 SAP sent, 0 SAP discarded
0 SAP requests received, 0 SAP responses sent
7.1.2 display ipx routing-table

Syntax
display ipx routing-table [ network [ verbose ] | protocol { default | direct | rip |
static } [ inactive | verbose ] | statistics | verbose ]
View
Any view
Parameter
network: Displays IPX routing information by specifying a destination network number,
which comprises eight hexadecimal numbers and is in the range 0x1 to 0xFFFFFFFE.
protocol: Displays the IPX routing information by route type.
default: Displays information of all the default routes.
direct: Displays information of all the direct routes.
rip: Displays all the IPX RIP routing information.
static: Displays all the IPX static routing information.
inactive: Displays the inactive routing information.
verbose: Displays the detailed IPX routing information, including the active and
inactive routes.
statistics: Displays the IPX routing statistics.
Description
Using the display ipx routing-table command, you can view the IPX routing
information.
If no parameters are specified, information of all the active IPX routes is displayed.
Example
# Display information of the active IPX routes.
[Quidway] display ipx routing-table
Routing tables:
Summary count: 2
Dest_Ntwk_ID
Proto
Pre Ticks Hops Nexthop
0x1
Direct 0
0.0000-0000-0000
Vlan-interface1
0x2
Static 60
1.000e-0001-0000
Vlan-interface1

7-2
Interface

Table 7-1 Display information of the display ipx routing-table command

Field
Description
Dest_Ntwk_ID
Destination network number of the route
Proto
Protocol type of the route
Pre
Preference of the route
Ticks
Tick count of the route
Hops
Hop count of the route
Nexthop
Next hop of the route
Interface
Outgoing interface of the route
# Display the detailed IPX routing information, including the active and inactive routes.
<Quidway> display ipx routing-table verbose
Routing tables:
Destinations: 2
Routes: 3
Destination Network ID: 0x1

Protocol: Direct
Preference: 0
Ticks: 1
Hops: 0
Nexthop: 0.0000-0000-0000
Time: 0
Interface: 1.0020-9c68-448e(Vlan-interface1)
State: <Active>
Protocol: Static
Preference: -60
Ticks: 1
Hops: 1
Nexthop: 2.000e-0001-0000
Time: 0
Interface: 2.0020-9c68-448f(Vlan-interface2)
State: <Inactive>
Destination Network ID: 0x2
Protocol: Static
Preference: 60
Ticks: 1
Hops: 1
Nexthop: 1.000e-0001-0000
Time: 0
Interface: 1.0020-9c68-448e(Vlan-interface1)
State: <Active>
Table 7-2 Display information of the display ipx routing-table verbose command
Field
Description
Time
Route aging time; it is 0 for the direct and static routes, meaning they
never time out.
State
The state of the route. It can be active, inactive, or delete (meaning the
route is being deleted).

7-3

# Display the IPX routing statistics.

<Quidway> display ipx routing-table statistics
Routing tables:
Proto/State
route
active
added
deleted
freed
Direct
Static
RIP
Default
Total
Table 7-3 Display information of the display ipx routing-table statistics command
Field
Description
Proto/State
Routing protocol
Route
Number of routes, including the active and inactive routes
Active
Number of the active routes
Added
Number of the added routes
Deleted
Number of the deleted, yet not released routes
Freed
Number of the released routes
7.1.3 display ipx service-table

Syntax
display ipx service-table [ inactive | name name | network network | order
{ network | type } | type service-type ] [ verbose ]
View
Any view
Parameter
inactive: Displays information of the inactive services.
name name: Displays service information by specifying a server name.
network network: Displays service information on the server with a specified network
number.
order { network | type }: Displays the service information by network number or by
service type.
type service-type: Displays the service information with a specified service type.
verbose: Displays the detailed service information.
7-4

Description
Using the display ipx service-table command, you can view the contents of the IPX
server information table.
Example
# Display the contents of the IPX server information table.
[Quidway] display ipx service-table
Abbreviation: S - Static, Pref - Preference(Decimal), NetId - Network number,
NodeId - Node address, hop - Hops(Decimal), Recv-If - Interface from which
the service is received
Number of Static Entries:
Number of Dynamic Entries: 0

Name
Type
NetId
S Prn1
0005
000d
S Prn2
0005
0008
# Display the details about the IPX server information table.

[Quidway] display ipx service-table verbose
Abbreviation: S - Static, Pref - Preference(Decimal), NetId - Network number,
NodeId - Node address, hop - Hops(Decimal), Recv-If - Interface from which
the service is received
Number of Static Entries:
Number of Dynamic Entries: 0

Name
Type
NetId NodeId
Sock Pref Hops
Recv-If
S Prn1
0005
000d
000a-000a-000a
0452 500
02
Vlan-interface1
S Prn2
0005
0008
000a-000a-000a
0452 500
03
Vlan-interface1
7.1.4 display ipx statistics

Syntax
display ipx statistics
View
Any view
Parameter
None
Description
Using the display ipx statistics command, you can view the IPX packet statistics.
7-5

Example
# Display the IPX statistics.
<Quidway> display ipx statistics
Received: 0 total, 0 packets pitched
0 packets size errors, 0 format errors
0 bad hops(>16), 0 discarded(hops=16)
0 other errors, 0 local destination
0 can not be dealed
Sent:
0 forwarded, 0 generated
0 no route, 0 discarded
RIP:
0 sent, 0 received
0 responses sent, 0 responses received
0 requests received, 0 requests dealt
0 requests sent, 0 periodic updates
SAP:
0 general requests received

0 specific requests received
0 GNS requests received
0 general responses sent
0 specific responses sent
0 GNS responses sent
0 periodic updates, 0 errors
PING:
0 requests sent, 0 requests received

0 responses sent, 0 responses received
0 responses in time, 0 responses time out
7.1.5 ipx enable

Syntax
ipx enable
undo ipx enable
View
System view
Parameter
None
Description
Using the ipx enable command, you can enable IPX. Using the undo ipx enable
command, you can disable IPX and delete all the IPX configurations.

7-6

Note that after the undo ipx enable command is executed, the IPX configurations are
not recoverable with the ipx enable command.
Example
# Enable IPX.
[Quidway] ipx enable
7.1.6 ipx encapsulation

Syntax
ipx encapsulation [ dot2 | dot3 | ethernet-2 | snap ]
undo ipx encapsulation
View
VLAN interface view
Parameter
dot2: Sets the encapsulation format to Ethernet_802.2.
dot3: Sets the encapsulation format to Ethernet_802.3.
ethernet-2: Sets the encapsulation format to Ethernet_II.
snap: Sets the encapsulation format to Ethernet_SNAP.
Description
Using the ipx encapsulation command, you can configure an IPX frame
encapsulation format on the current VLAN interface. Using the undo ipx
encapsulation command, you can restore the encapsulation format to the default.
By default, the IPX frame encapsulation format is Ethernet_802.3 (dot3).
Example
# Set the IPX frame encapsulation format to Ethernet_II on VLAN interface 1.
[Quidway-Vlan-interface1] ipx encapsulation ethernet-2
7.1.7 ipx netbios-propagation

Syntax
ipx netbios-propagation
undo ipx netbios-propagation
View
VLAN interface view

7-7

Parameter
None
Description
Using the ipx netbios-propagation command, you can enable the current VLAN
interface
to
forward
type
20
broadcast
packets.
Using
the
undo
ipx
netbios-propagation command, you can disable the current VLAN interface to

forward type 20 broadcast packets.
By default, type 20 broadcast packets are not forwarded.
Example
# Allow the current interface to forward type 20 broadcast packets.
[Quidway-Vlan-interface1] ipx netbios-propagation
7.1.8 ipx network

Syntax
ipx network network-number
undo ipx network
View
VLAN interface view
Parameter
network-number: Hexadecimal IPX network number in the range 0x1 to 0xFFFFFFFD.
The leading 0s can be omitted when you input a network number.
Description
Using the ipx network command, you can assign an IPX network number to the
VLAN interface. Using the undo ipx network command, you can delete the IPX
network number of the VLAN interface.
By default, no network number is assigned to VLAN interfaces; therefore, IPX is
disabled on all the VLAN interfaces even after it is enabled globally.
Example
# Assign the network number 675 to VLAN interface 1.
[Quidway-Vlan-interface1] ipx network 675

7-8

7.1.9 ipx rip import-route static

Syntax
ipx rip import-route static
undo ipx rip import-route static
View
System view
Parameter
None
Description
Using the ipx rip import-route static command, you can enable RIP to import static
routes. The imported routes are included in the update packets of RIP. Using the
undo ipx rip import-route static command, you can disable RIP to import static
routes.
By default, IPX RIP does not import static routes.
Note that RIP imports only active static routes; inactive static routes are neither
imported nor forwarded.
Example
# Import the static routes into RIP.
[Quidway] ipx rip import-route static
7.1.10 ipx rip mtu

Syntax
ipx rip mtu bytes
undo ipx rip mtu
View
VLAN interface view
Parameter
bytes: The maximum size of RIP update packets in bytes. It is in the range 432 to
1500 and defaults to 432.
Description
Using the ipx rip mtu command, you can configure the RIP update packet size. Using
the undo ipx rip mtu command, you can restore the default.
7-9

Example
# Set the maximum RIP update packet size to 500 bytes on VLAN interface 1.
[Quidway-Vlan-interface1] ipx rip mtu 500
7.1.11 ipx rip multiplier

Syntax
ipx rip multiplier multiplier
undo ipx rip multiplier
View
System view
Parameter
multiplier: A multiplier of the update interval, decides the aging period of the RIP
routing entries together with the update interval. It is in the range 1 to 1000 and
defaults to 3. Multiplying the update interval by the multiplier, you can get the actual
aging period.
Description
Using the ipx rip multiplier command, you can configure the aging period of the RIP
routing entries. Using the undo ipx rip multiplier command, you can restore the
default.
For the related command, see ipx rip timer update.
Example
# Set the RIP aging period of the routing entries to five times the update interval.
[Quidway] ipx rip multiplier 5
7.1.12 ipx rip timer update

Syntax
ipx rip timer update seconds
undo ipx rip timer update
View
System view

7-10

Parameter
seconds: RIP update interval in seconds. It is in the range 10 to 60000 and defaults to
60.
Description
Using the ipx rip timer update command, you can configure a RIP update interval.
Using the undo ipx rip timer update command, you can restore the default.
For the related command, see ipx rip multiplier.
Example
# Set the RIP update interval to 30 seconds.
[Quidway] ipx rip timer update 30
7.1.13 ipx route load-balance-path

Syntax
ipx route load-balance-path paths
undo ipx route load-balance-path
View
System view
Parameter
paths: The maximum number of equivalent routes to the same destination. It is in the
range 1 to 64 and defaults to 1.
Description
Using the ipx route load-balance-path command, you can configure the number of
equivalent routes to the same destination. Using the undo
ipx
route
load-balance-path command, you can restore the default.

The number of equivalent routes configured using this command is the maximum
number of active equivalent routes to the same destination in the current system. If
the new number is less than the number of the current active routes, the system
deactivates those excessive.
Example
# Set the number of equivalent routes to the same destination to 30.
[Quidway] ipx route load-balance-path 30

7-11

7.1.14 ipx route max-reserve-path

Syntax
ipx route max-reserve-path paths
undo ipx route max-reserve-path
View
System view
Parameter
paths: The maximum number of dynamic routes saved in the device to the same
destination. It is in the range 1 to 255 and defaults to 4.
Description
Using the ipx route max-reserve-path command, you can configure the maximum
number of dynamic routes saved in the device to the same destination. Using the
undo ipx route max-reserve-path command, you can restore the default.
When the number of dynamic routes saved in the device to the same destination
exceeds the specified maximum value, the new dynamic routes are dropped directly
without being added into the routing table. When the configured new value is less than
the old one, the switch, however, does not delete the excessive route entries. These
route entries either time out or are manually deleted.
Example
# Set the maximum number of dynamic routes saved in the device to the same
destination to 200.
[Quidway] ipx route max-reserve-path 200
7.1.15 ipx route-static

Syntax
ipx route-static network network.node [ preference value ] [ tick ticks hop hops ]
undo ipx route-static { network [ network.node ] | all }
View
System view
Parameter
network: Destination network number of an IPX static route. It comprises eight
hexadecimal numbers and is in the range 1 to 0xFFFFFFFE.

7-12

network.node: Next hop address of the IPX static route. network defines the network
number; node defines the node address using 12 hexadecimal numbers that are
separated into three parts using -, each part in the range 1 to 0xFFFF.
preference value: Static route preference in the range 1 to 255. A smaller value
indicates a higher preference. By default, the preference values of the static routes,
direct routes, and dynamic RIP IPX routes are 60 (user-configurable), 0, and 100.
ticks ticks: Time that a packet must take to reach the destination network. It is in the
range 1 to 65534 and defaults to 1, with 1 tick = 1/18 seconds. When the tick value of
a VLAN interface is modified, the tick value of the static route also changes. You must
configure both the tick value and the hop count.
hop hops: Number of the switches on the way to the destination network. It is in the
range 1 to 15 and defaults to 1. You must configure both the hop count and tick value.
all: All the IPX static routes.
Description
Using the ipx route-static command, you can configure an IPX static route. Using the
undo ipx route-static command, you can delete the static route.
The IPX static routes with the destination network number of 0xFFFFFFFE are default
routes.
Example
# Configure an IPX static route, setting the destination network number to 0x5a, next
hop to 1000.0-0c91-f61f, tick value to 10 and hop count to 2.
[Quidway] ipx route-static 5a 1000.0-0c91-f61f 10 2
7.1.16 ipx sap disable

Syntax
ipx sap disable
undo ipx sap disable
View
VLAN interface view
Parameter
None

7-13

Description
Using the ipx sap disable command, you can disable SAP on the current VLAN
interface. Using the undo ipx sap disable command, you can enable SAP on the
current VLAN interface.
By default, SAP is enabled on the VLAN interface when IPX is enabled.
Example
# Disable SAP on VLAN interface 1.
[Quidway-Vlan-interface1] ipx sap disable
7.1.17 ipx sap gns-disable-reply

Syntax
ipx sap gns-disable-reply
undo ipx sap gns-disable-reply
View
VLAN interface view
Parameter
None
Description
Using the ipx sap gns-disable-reply command, you can disable IPX GNS reply on
the current VLAN interface. Using the undo ipx sap gns-disable-reply command,
you can enable IPX GNS reply on the current VLAN interface.
By default, GNS reply is enabled on the VLAN interface.
Example
# Disable GNS reply on VLAN interface 1.
[Quidway-Vlan-interface1] ipx sap gns-disable-reply
7.1.18 ipx sap gns-load-balance

Syntax
ipx sap gns-load-balance
undo ipx sap gns-load-balance
View
System view

7-14

Parameter
None
Description
Using the ipx sap gns-load-balance command, you can configure the switch to
respond to GNS requests through round robin polling. Using the undo ipx sap
gns-load-balance command, you can configure the switch to respond to GNS
requests with information of the nearest server.
By default, the switch responds to SAP GNS requests using the known server
information in turn. This prevents a server from getting overloaded.
For the related command, see ipx sap gns-disable-reply.
Example
# Respond to GNS requests with information of the nearest server.
[Quidway] undo ipx sap gns-load-balance
7.1.19 ipx sap max-reserve-servers

Syntax
ipx sap max-reserve-servers length
undo ipx sap max-reserve-servers
View
System view
Parameter
length: The maximum length of the service information reserve-queue for one service
type. It is in the range 1 to 2048 and defaults to 2048.
Description
Using the ipx sap max-reserve-servers command, you can configure the maximum
length of the service information reserve-queue for one service type. Using the undo
ipx sap max-reserve-servers command, you can restore the default.
Example
# Set the maximum length of the service information reserve-queue for one service
type to 1024.
[Quidway] ipx sap max-reserve-servers 1024

7-15

7.1.20 ipx sap mtu

Syntax
ipx sap mtu bytes
undo ipx sap mtu
View
VLAN interface view
Parameter
bytes: The maximum SAP packet size in bytes. It is in the range 480 to 1500 and
defaults to 480.
Description
Using the ipx sap mtu command, you can configure the maximum size of SAP
update packets. Using the undo ipx sap mtu command, you can restore the default.
Example
# Set the maximum size of SAP update packets to 674 bytes, allowing 10 service
entries on VLAN interface 1.
[Quidway-Vlan-interface1] ipx sap mtu 674
7.1.21 ipx sap multiplier

Syntax
ipx sap multiplier multiplier
undo ipx sap multiplier
View
System view
Parameter
multiplier: A multiplier of the update interval, decides the aging period of the SAP
service entries together with the update interval. It is in the range 1 to 1000 and
defaults to 3. Multiplying the update interval by the multiplier, you can get the actual
aging period.
Description
Using the ipx sap multiplier command, you can configure the aging period of the
SAP service entries. Using the undo ipx sap multiplier command, you can restore
the default.

7-16

For the related command, see ipx sap timer update.
Example
# Set the aging period of the SAP service entries to five times the update interval.
[Quidway] ipx sap multiplier 5
7.1.22 ipx sap timer update

Syntax
ipx sap timer update seconds
undo ipx sap timer update
View
System view
Parameter
seconds: SAP update interval in the range 10 to 60000 seconds. By default, the value
is 60 seconds.
Description
Using the ipx sap timer update command, you can configure a SAP update interval.
Using the undo ipx sap timer update command, you can restore the default.
Note that this command is invalid if the triggered updates feature is applied on VLAN
interface.
For the related commands, see ipx sap multiplier and ipx update-change-only.
Example
# Set the SAP update interval to 300 seconds.
[Quidway] ipx sap timer update 300
7.1.23 ipx service

Syntax
ipx service service-type name network.node socket hop hops [ preference
preference ]
undo ipx service { service-type [ name [ network.node ] ] [ preference preference ] |
all }
View
System view

7-17

Parameter
service-type: A 4-byte hexadecimal number ranging from to. 0 indicates all service
types.
name: Specifies the server providing the specified service, a string of 1 to 47
characters.
network.node: Network number and node value of the server. A network number
comprises eight hexadecimal numbers and is in the range 0x1 to 0xFFFFFFFD. A
node address identifies a node in the network; it is 48 bits long and comprises 12
hexadecimal numbers that are separated into three parts by -. The leading 0s can be
omitted when you input network/node numbers.
socket: Comprises four hexadecimal numbers and is in the range 0x1 to 0xFFFF.
hop hops: Number of hops to the server, written in decimal and in the range 1 to 15.
The hop count equal to or exceeding 16 implies that the service is unreachable.
preference: Service preference value in the range 1 to 255, with a smaller number
indicating higher preference. By default, the preference value of the static service
entries is 60 (modifiable); the preference value of the dynamic service entries is fixed
to 500.
all: Deletes all the static service entries.
Description
Using the ipx service command, you can add a static service entry to the server
information table. Using the undo ipx service command, you can delete a static
service entry from the server information table.
Example
# Add a static service entry, setting service type to 4, server name to FileServer,
server network number to 130, node number to 0000-0a0b-abcd, hop count to 1 and
server preference to 60.
[Quidway] ipx service 4 FileServer 130.0000-0a0b-abcd 451 hop 1 preference 60
7.1.24 ipx split-horizon

Syntax
ipx split-horizon
undo ipx split-horizon
View
VLAN interface view

7-18

Parameter
None
Description
Using the ipx split-horizon command, you can enable split horizon on the current
VLAN interface. Using the undo ipx split-horizon command, you can disable split
horizon on the current VLAN interface.
By default, the split horizon of IPX is enabled.
Example
# Enable split horizon on VLAN interface 1.
[Quidway-Vlan-interface1] ipx split-horizon
7.1.25 ipx tick

Syntax
ipx tick ticks
undo ipx tick
View
VLAN interface view
Parameter
ticks: Delay in ticks; it is in the range 0 to 30000 and defaults to 1.
Description
Using the ipx tick command, you can configure an IPX packet forwarding delay on
the VLAN interface. Using the undo ipx tick command, you can restore the default.
Example
# Configure VLAN interface 1 to experience a delay of five ticks before forwarding IPX
packets.
[Quidway-Vlan-interface1] ipx tick 5
7.1.26 ipx update-change-only

Syntax
ipx update-change-only
undo ipx update-change-only

7-19

View
VLAN interface view
Parameter
None
Description
Using the ipx update-change-only command, you can enable update by trigger on
the current VLAN interface. Using the undo ipx update-change-only command, you
can restore the default.
By default, update by trigger is disabled.
Example
# Enable the update by trigger feature of IPX on VLAN interface 1.
[Quidway-Vlan-interface1] ipx update-change-only
7.1.27 reset ipx routing-table statistics protocol

Syntax
reset ipx routing-table statistics protocol { all | default | direct | rip | static }
View
User view
Parameter
all: Clears the statistics of all the IPX routes.
default: Clears the statistics of the default IPX routes.
direct: Clears the statistics of the direct IPX routes.
rip: Clears the statistics of the IPX RIP routes.
static: Clears the statistics of the static IPX routes.
Description
Using the reset ipx routing-table statistics protocol command, you can clear the
statistics on the IPX routes of a specific routing type.
For the related command, see display ipx routing-table statistics.
Example
# Clear the statistics of the IPX static routes.
<Quidway> reset ipx routing-table statistics protocol static

7-20

7.1.28 reset ipx statistics

Syntax
reset ipx statistics
View
User view
Parameter
None
Description
Using the reset ipx statistics command, you can clear the IPX statistics.
Example
# Clear the IPX statistics.
<Quidway> reset ipx statistics

7-21
HUAWEI

Command Manual
Routing Protocol
Command Manual - Routing Protocol

Table of Contents
Table of Contents
Chapter 1 Static Route Configuration Commands .................................................................... 1-1
1.1 Display Commands of the Routing Table .......................................................................... 1-1
1.1.1 display ip routing-table ............................................................................................ 1-1
1.1.2 display ip routing-table acl....................................................................................... 1-2
1.1.3 display ip routing-table ip_address.......................................................................... 1-6
1.1.4 display ip routing-table ip_address1 ip_address2................................................... 1-8
1.1.5 display ip routing-table ip-prefix .............................................................................. 1-9
1.1.6 display ip routing-table protocol ............................................................................ 1-10
1.1.7 display ip routing-table radix ................................................................................. 1-11
1.1.8 display ip routing-table statistics ........................................................................... 1-13
1.1.9 display ip routing-table verbose ............................................................................ 1-14
1.2 Static Route Configuration Commands ........................................................................... 1-15
1.2.1 delete static-routes all ........................................................................................... 1-15
1.2.2 ip route-static......................................................................................................... 1-16
1.2.3 ip route-static default-preference .......................................................................... 1-17
Chapter 2 RIP Configuration Commands.................................................................................... 2-1
2.1 RIP Configuration Commands ........................................................................................... 2-1
2.1.1 checkzero ................................................................................................................ 2-1
2.1.2 default cost .............................................................................................................. 2-2
2.1.3 display rip ................................................................................................................ 2-2
2.1.4 display rip routing .................................................................................................... 2-3
2.1.5 filter-policy export .................................................................................................... 2-4
2.1.6 filter-policy import .................................................................................................... 2-5
2.1.7 host-route ................................................................................................................ 2-6
2.1.8 import-route ............................................................................................................. 2-7
2.1.9 network.................................................................................................................... 2-8
2.1.10 peer ....................................................................................................................... 2-9
2.1.11 preference ........................................................................................................... 2-10
2.1.12 reset .................................................................................................................... 2-10
2.1.13 rip ........................................................................................................................ 2-11
2.1.14 rip authentication-mode....................................................................................... 2-12
2.1.15 rip input................................................................................................................ 2-13
2.1.16 rip metricin........................................................................................................... 2-14
2.1.17 rip metricout......................................................................................................... 2-14
2.1.18 rip output ............................................................................................................. 2-15
2.1.19 rip split-horizon .................................................................................................... 2-16
2.1.20 rip version............................................................................................................ 2-16

i

Table of Contents
2.1.21 rip work................................................................................................................ 2-17

2.1.22 summary.............................................................................................................. 2-18
2.1.23 timers................................................................................................................... 2-19
2.1.24 traffic-share-across-interface .............................................................................. 2-19
Chapter 3 OSPF Configuration Commands................................................................................ 3-1
3.1 OSPF Configuration Commands ....................................................................................... 3-1
3.1.1 abr-summary ........................................................................................................... 3-1
3.1.2 area ......................................................................................................................... 3-2
3.1.3 asbr-summary ......................................................................................................... 3-2
3.1.4 authentication-mode................................................................................................ 3-3
3.1.5 debugging ospf........................................................................................................ 3-4
3.1.6 default cost .............................................................................................................. 3-5
3.1.7 default interval ......................................................................................................... 3-6
3.1.8 default limit .............................................................................................................. 3-6
3.1.9 default tag................................................................................................................ 3-7
3.1.10 default type............................................................................................................ 3-8
3.1.11 default-cost............................................................................................................ 3-8
3.1.12 default-route-advertise .......................................................................................... 3-9
3.1.13 display debugging ospf ....................................................................................... 3-10
3.1.14 display ospf abr-asbr........................................................................................... 3-11
3.1.15 display ospf asbr-summary ................................................................................. 3-12
3.1.16 display ospf brief ................................................................................................. 3-13
3.1.17 display ospf cumulative ....................................................................................... 3-15
3.1.18 display ospf error................................................................................................. 3-17
3.1.19 display ospf interface .......................................................................................... 3-19
3.1.20 display ospf lsdb.................................................................................................. 3-20
3.1.21 display ospf nexthop ........................................................................................... 3-23
3.1.22 display ospf peer ................................................................................................. 3-24
3.1.23 display ospf request-queue ................................................................................. 3-26
3.1.24 display ospf retrans-queue.................................................................................. 3-27
3.1.25 display ospf routing ............................................................................................. 3-28
3.1.26 display ospf vlink ................................................................................................. 3-29
3.1.27 filter-policy export ................................................................................................ 3-30
3.1.28 filter-policy import ................................................................................................ 3-31
3.1.29 import-route ......................................................................................................... 3-32
3.1.30 network................................................................................................................ 3-33
3.1.31 nssa..................................................................................................................... 3-34
3.1.32 ospf...................................................................................................................... 3-35
3.1.33 ospf authentication-mode.................................................................................... 3-36
3.1.34 ospf cost .............................................................................................................. 3-37
3.1.35 ospf dr-priority ..................................................................................................... 3-37
3.1.36 ospf mib-binding .................................................................................................. 3-38

ii

Table of Contents
3.1.37 ospf mtu-enable .................................................................................................. 3-39

3.1.38 ospf network-type................................................................................................ 3-40
3.1.39 ospf timer dead.................................................................................................... 3-41
3.1.40 ospf timer hello .................................................................................................... 3-42
3.1.41 ospf timer poll ...................................................................................................... 3-42
3.1.42 ospf timer retransmit ........................................................................................... 3-43
3.1.43 ospf trans-delay................................................................................................... 3-44
3.1.44 peer ..................................................................................................................... 3-44
3.1.45 preference ........................................................................................................... 3-45
3.1.46 reset ospf............................................................................................................. 3-46
3.1.47 router id ............................................................................................................... 3-47
3.1.48 silent-interface ..................................................................................................... 3-48
3.1.49 snmp-agent trap enable ospf .............................................................................. 3-48
3.1.50 spf-schedule-interval ........................................................................................... 3-49
3.1.51 stub...................................................................................................................... 3-50
3.1.52 vlink-peer............................................................................................................. 3-50
Chapter 4 Integrated IS-IS Configuration Commands ............................................................... 4-1
4.1 Integrated IS-IS Configuration Commands........................................................................ 4-1
4.1.1 area-authentication-mode ....................................................................................... 4-1
4.1.2 cost-style ................................................................................................................. 4-2
4.1.3 debugging isis ......................................................................................................... 4-3
4.1.4 default-route-advertise ............................................................................................ 4-4
4.1.5 display isis brief ....................................................................................................... 4-5
4.1.6 display isis interface ................................................................................................ 4-6
4.1.7 display isis lsdb ....................................................................................................... 4-7
4.1.8 display isis mesh-group........................................................................................... 4-7
4.1.9 display isis peer....................................................................................................... 4-8
4.1.10 display isis route.................................................................................................... 4-9
4.1.11 display isis spf-log ............................................................................................... 4-10
4.1.12 domain-authentication-mode............................................................................... 4-11
4.1.15 ignore-lsp-checksum-error .................................................................................. 4-14
4.1.16 import-route ......................................................................................................... 4-14
4.1.17 import-route isis level-2 into level-1 .................................................................... 4-15
4.1.18 isis ....................................................................................................................... 4-16
4.1.19 isis authentication-mode ..................................................................................... 4-17
4.1.20 isis circuit-level .................................................................................................... 4-18
4.1.21 isis cost................................................................................................................ 4-19
4.1.22 isis dis-priority...................................................................................................... 4-20
4.1.23 isis enable ........................................................................................................... 4-20
4.1.24 isis mesh-group ................................................................................................... 4-21

iii

Table of Contents
4.1.25 isis timer csnp...................................................................................................... 4-22

4.1.26 isis timer hello...................................................................................................... 4-23
4.1.27 isis timer holding-multiplier.................................................................................. 4-24
4.1.28 isis timer lsp......................................................................................................... 4-25
4.1.29 isis timer retransmit ............................................................................................. 4-25
4.1.30 is-level ................................................................................................................. 4-26
4.1.31 log-peer-change .................................................................................................. 4-27
4.1.32 md5-compatible................................................................................................... 4-27
4.1.33 network-entity ...................................................................................................... 4-28
4.1.34 preference ........................................................................................................... 4-29
4.1.35 reset isis all.......................................................................................................... 4-29
4.1.36 reset isis peer ...................................................................................................... 4-30
4.1.37 set-overload......................................................................................................... 4-31
4.1.38 silent-interface ..................................................................................................... 4-31
4.1.39 spf-delay-interval................................................................................................. 4-32
4.1.40 spf-slice-size........................................................................................................ 4-33
4.1.41 summary.............................................................................................................. 4-34
4.1.42 timer lsp-max-age ............................................................................................... 4-34
4.1.43 timer lsp-refresh .................................................................................................. 4-35
4.1.44 timer spf............................................................................................................... 4-36
Chapter 5 BGP Configuration Commands.................................................................................. 5-1
5.1 BGP Configuration Commands ......................................................................................... 5-1
5.1.1 aggregate ................................................................................................................ 5-1
5.1.2 bgp .......................................................................................................................... 5-2
5.1.3 compare-different-as-med....................................................................................... 5-3
5.1.4 confederation id....................................................................................................... 5-4
5.1.5 confederation nonstandard ..................................................................................... 5-5
5.1.6 confederation peer-as ............................................................................................. 5-5
5.1.7 dampening............................................................................................................... 5-6
5.1.8 debugging bgp......................................................................................................... 5-7
5.1.9 default local-preference........................................................................................... 5-8
5.1.10 default med............................................................................................................ 5-9
5.1.11 display bgp group.................................................................................................. 5-9
5.1.12 display bgp network ............................................................................................ 5-11
5.1.13 display bgp paths ................................................................................................ 5-11
5.1.14 display bgp peer .................................................................................................. 5-12
5.1.15 display bgp routing-table ..................................................................................... 5-14
5.1.16 display bgp routing-table as-path-acl .................................................................. 5-15
5.1.17 display bgp routing-table cidr .............................................................................. 5-17
5.1.18 display bgp routing-table community .................................................................. 5-18
5.1.19 display bgp routing-table community-list............................................................. 5-18
5.1.20 display bgp routing-table dampened................................................................... 5-19

iv

Table of Contents
5.1.21 display bgp routing-table different-origin-as........................................................ 5-21

5.1.22 display bgp routing-table flap-info ....................................................................... 5-22
5.1.23 display bgp routing-table peer............................................................................. 5-23
5.1.24 display bgp routing-table regular-expression ...................................................... 5-24
5.1.25 display bgp routing-table statistic ........................................................................ 5-25
5.1.28 group ................................................................................................................... 5-27
5.1.29 import-route ......................................................................................................... 5-28
5.1.30 ip as-path-acl....................................................................................................... 5-28
5.1.31 ip community-list.................................................................................................. 5-29
5.1.32 network................................................................................................................ 5-30
5.1.33 peer advertise-community................................................................................... 5-31
5.1.34 peer allow-as-loop............................................................................................... 5-31
5.1.35 peer as-number ................................................................................................... 5-32
5.1.36 peer as-path-acl export ....................................................................................... 5-32
5.1.37 peer as-path-acl import ....................................................................................... 5-33
5.1.38 peer connect-interface ........................................................................................ 5-34
5.1.39 peer default-route-advertise ................................................................................ 5-35
5.1.40 peer description................................................................................................... 5-35
5.1.41 peer ebgp-max-hop............................................................................................. 5-36
5.1.42 peer enable ......................................................................................................... 5-36
5.1.43 peer filter-policy export........................................................................................ 5-37
5.1.44 peer filter-policy import........................................................................................ 5-38
5.1.45 peer group ........................................................................................................... 5-38
5.1.46 peer ip-prefix export ............................................................................................ 5-39
5.1.47 peer ip-prefix import ............................................................................................ 5-40
5.1.48 peer next-hop-local ............................................................................................. 5-41
5.1.49 peer password..................................................................................................... 5-41
5.1.50 peer public-as-only.............................................................................................. 5-42
5.1.51 peer reflect-client................................................................................................. 5-43
5.1.52 peer route-policy export ...................................................................................... 5-43
5.1.53 peer route-policy import ...................................................................................... 5-44
5.1.54 peer route-update-interval................................................................................... 5-45
5.1.55 peer timer ............................................................................................................ 5-45
5.1.56 preference ........................................................................................................... 5-46
5.1.57 reflect between-clients ........................................................................................ 5-47
5.1.58 reflector cluster-id................................................................................................ 5-47
5.1.59 refresh bgp .......................................................................................................... 5-48
5.1.60 reset bgp ............................................................................................................. 5-49
5.1.61 reset bgp dampening .......................................................................................... 5-49
5.1.62 reset bgp flap-info ............................................................................................... 5-50

v

Table of Contents
5.1.63 reset bgp group ................................................................................................... 5-50

5.1.64 summary.............................................................................................................. 5-51
5.1.65 timer .................................................................................................................... 5-52
5.1.66 undo synchronization .......................................................................................... 5-52
Chapter 6 IP Routing Policy Configuration Commands............................................................ 6-1
6.1 IP Routing Policy Configuration Commands ..................................................................... 6-1
6.1.1 apply as-path........................................................................................................... 6-1
6.1.2 apply community ..................................................................................................... 6-2
6.1.3 apply cost ................................................................................................................ 6-3
6.1.4 apply cost-type ........................................................................................................ 6-3
6.1.5 apply ip next-hop ..................................................................................................... 6-4
6.1.6 apply isis.................................................................................................................. 6-5
6.1.7 apply local-preference............................................................................................. 6-5
6.1.8 apply origin .............................................................................................................. 6-6
6.1.9 apply tag.................................................................................................................. 6-7
6.1.10 display ip ip-prefix ................................................................................................. 6-7
6.1.11 display route-policy ............................................................................................... 6-8
6.1.12 filter-policy export .................................................................................................. 6-9
6.1.14 if-match { acl | ip-prefix }...................................................................................... 6-11
6.1.15 if-match as-path .................................................................................................. 6-12
6.1.16 if-match community ............................................................................................. 6-12
6.1.17 if-match cost ........................................................................................................ 6-13
6.1.18 if-match interface................................................................................................. 6-14
6.1.19 if-match ip next-hop............................................................................................. 6-14
6.1.20 if-match tag.......................................................................................................... 6-15
6.1.21 ip ip-prefix............................................................................................................ 6-16
6.1.22 route-policy.......................................................................................................... 6-17
Chapter 7 Route Capacity Configuration Commands ............................................................... 7-1
7.1 Route Capacity Configuration Commands ........................................................................ 7-1
7.1.1 display memory ....................................................................................................... 7-1
7.1.2 display memory limit................................................................................................ 7-2
7.1.3 memory { safety | limit } ........................................................................................... 7-3
7.1.4 memory auto-establish disable ............................................................................... 7-4
7.1.5 memory auto-establish enable ................................................................................ 7-5

vi

Chapter 1 Static Route Configuration Commands
Note:
When an Ethernet switch runs a routing protocol, it can perform the router functions.
Router that is referred to in the following and its icon represent a generalized router or
an Ethernet switch running routing protocols. To improve readability, this will not be
described in the other parts of the manual.
1.1 Display Commands of the Routing Table

1.1.1 display ip routing-table
Syntax
display ip routing-table
View
Any view
Parameter
None
Description
Using display ip routing-table command, you can view the routing table summary.
This command displays routing table information in summary form. Each line
represents one route. The contents include destination address/mask length, protocol,
preference, metric, next hop and output interface.
Only current used route, i.e., best route, is displayed using display ip routing-table
command.
Example
# View the summary of routing table.
<Quidway> display ip routing-table
Routing Table: public net
Destination/Mask
Protocol
Pre Cost
Nexthop
Interface
1.1.1.0/24
DIRECT
1.1.1.1
Vlan-interface1

1-1

1.1.1.1/32
DIRECT
127.0.0.1
InLoopBack0
2.2.2.0/24
DIRECT
2.2.2.1
Vlan-interface2
2.2.2.1/32
DIRECT
127.0.0.1
InLoopBack0
3.3.3.0/24
DIRECT
3.3.3.1
Vlan-interface3
3.3.3.1/32
DIRECT
127.0.0.1
InLoopBack0
4.4.4.0/24
DIRECT
4.4.4.1
Vlan-interface4
4.4.4.1/32
DIRECT
127.0.0.1
InLoopBack0
127.0.0.0/8
DIRECT
127.0.0.1
InLoopBack0
127.0.0.1/32
DIRECT
127.0.0.1
InLoopBack0
Table 1-1 Description of information generated by the command display ip

routing-table
Field
Description
Destination/Mask
Destination address/Mask length
Protocol
Routing protocol
Pre
Routing preference
Cost
Cost
Nexthop
Next hop address
Interface
Output interface, through which the data packet destined for

the destination network segment is sent
1.1.2 display ip routing-table acl

Syntax
display ip routing-table acl { acl-number | acl-name } [ verbose ]
View
Any view
Parameter
acl-number: the number of basic ACL, ranging from 2000 to 2999.
acl-name: the basic ACL name introduced via names.
verbose: With the parameter, this command displays the verbose information of both
the active and inactive routes that passed filtering rules. Without the parameter, this
command only displays the summary of the active routes that passed filtering rules.
Description
Using display ip routing-table acl command, you can view the route filtered through
specified basic access control list (ACL).
1-2

This command is used in track display of route policy to display the route that passed
the filtering rule according the input basic ACL number or name.
The command is only applicable to display the route that passed basic ACL filtering
rules.
Example
# Display the summary of active routes that are filtered through basic acl 2000.
[Quidway] acl number 2000
[Quidway-acl-basic-2000] rule permit source 10.1.1.1 0.0.0.255
[Quidway-acl-basic-2000] rule deny source any
[Quidway-acl-basic-2000] display ip routing-table acl 2000
Routes matched by access-list 2000:
Summary count: 2
Destination/Mask
Protocol Pre
Cost
Nexthop
Interface
10.1.1.0/24
DIRECT
10.1.1.2
Vlan-interface1
10.1.1.2/32
DIRECT
127.0.0.1
InLoopBack0
For detailed description of the output information, see Table 1-1.

# Display the verbose information of the active and inactive routes that are filtered
through basic acl 2000.
<Quidway> display ip routing-table acl 2000 verbose
Routes matched by access-list 2000:
Generate Default: no
+ = Active Route, - = Last Active, # = Both
* = Next hop in use
Summary count: 2
**Destination: 10.1.1.0
Mask: 255.255.255.0
Protocol: #DIRECT
Preference: 0
*NextHop: 10.1.1.2
Interface: 10.1.1.2(Vlan-interface1)
Vlinkindex: 0
State: <Int ActiveU Retain Unicast>
Age: 7:24
Cost: 0/0
Tag: 0
Mask: 255.255.255.255
Protocol: #DIRECT
Preference: 0
*NextHop: 127.0.0.1
Interface: 127.0.0.1(InLoopBack0)
Vlinkindex: 0
State: <NoAdvise Int ActiveU Retain Gateway Unicast>
Age: 7:24
Cost: 0/0
Tag: 0

1-3


routing-table acl verbose
Field
Description
Destination
Destination address
Mask
Mask
Protocol
Routing protocol
Preference
Routing preference
Nexthop
Next hop address
Interface
Output interface, through which the data packet destined for the
destination network segment is sent
Vlinkindex
Virtual link index

1-4

Field
Description
Route state description:
ActiveU
The route is selected and is optimum
Blackhole
Blackhole route is similar to Reject route, but it will not

send the ICMP unreachable message to the source
end
Delete
The route is deleted
Gateway
Identifies that the route is not an interface route
Hidden
The route exists, but it is unavailable temporarily for

some reasons (e.g., configured policy or interface is
Down). Moreover, you do not wish to delete it.
Therefore, you need to hide it, so as to restore it again
later
Holddown
Holddown is one kind of route redistribution policy

adopted by some distance-vector (D-V) routing
protocols (e.g., RIP), through which these routing
protocols can avoid the flooding of error routes and
deliver the routing unreachable message accurately.
For example, the RIP redistributes a certain route
every a period of time regardless of whether the
actually found routes destined for the same
destination change. For more details, refer to the
specific routing protocols.
Int
The route is discovered by interior gateway protocol

(IGP).
NoAdvise
The routing protocol does not redistribute NoAdvise

route when it redistributes routes based on the policy.
NotInstall
The routing protocol generally selects the route with

the highest precedence from its routing table, then
places it in its core routing table and redistributes it.
Although the NotInstall route cannot be placed in the
core routing table, it is possibly that it is selected and
redistributed.
Reject
Unlike the normal routes, the Reject route will discard

the packets that select it as their route, and the router
will send ICMP unreachable message to the source
end. Reject route is usually used for the network test
Retain
When the routes from the routing table are deleted, the
routes with Retain flag will not be deleted. Using this
function you can set Retain flag for some static routes,
so that they can exist in the core routing table.
Static
The route with Static flag will not be cleared from the
routing table after you save it and reboot the router.
Generally, the static route configured manually in the
router belongs to a Static route.
Unicast
Unicast route
State

1-5

Field
Description
Age
Time to live
Cost
Value of the cost
Tag
Tag of the route
1.1.3 display ip routing-table ip_address

Syntax
display ip routing-table ip_address [ mask ] [ longer-match ] [ verbose ]
View
Any view
Parameter
ip_address: Destination IP address.
mask: IP address mask, length in dotted decimal notation or integer. It ranges from 0 to
32 when it is expressed with integer.
verbose: With the verbose parameter, this command displays the verbose information
of both the active and inactive routes. Without the parameter, this command only
displays the summary of active routes.
longer-match: Routes matching the destination address in specified mask range. If no
mask is specified, all the routes matching the destination address in natural mask
range are displayed.
Description
Using display ip routing-table ip_address command, you can view the routing
information of the specified destination address.
With different parameters, the output of command is different. The following is the
output description for different forms of this command:
z
display ip routing-table ip_address
If destination address, ip_address, has corresponding route in natural mask range, this
command will display all subnet routes or only the route best matching the destination
address, ip_address, is displayed. And only the active matching route is displayed.
z
display ip routing-table ip_address mask,
This command only displays the route fully matching with specified destination address
and mask.
z
display ip routing-table ip_address longer-match

1-6

This command displays all destination address route matching destination address in
natural mask range.
z
display ip routing-table ip_address mask longer-match
This command displays all destination address route matching destination address in
specified mask range.
Example
# There is corresponding route in natural mask range. Display the summary.
<Quidway> display ip routing-table 169.0.0.0
Destination/Mask
Protocol Pre Cost
Nexthop
Interface
169.0.0.0/16
Static
2.1.1.1
LoopBack1
60

# There is no corresponding route (only the longest matching route is displayed) in
natural mask range and summary is displayed.
<Quidway> display ip routing-table 169.253.0.0
Destination/Mask
Protocol Pre
Cost
Nexthop
Interface
169.0.0.0/8
Static
2.1.1.1
LoopBack1
60
# There are corresponding routes in the natural mask range. Display the detailed
information.
<Quidway> display ip routing-table 169.0.0.0 verbose
Routing Tables:
* = Next hop in use
Summary count:2
Protocol: #Static
Mask: 255.0.0.0
Preference: 60
*NextHop: 2.1.1.1
Interface: 2.1.1.1(LoopBack1)
Vlinkindex: 0
State: <Int ActiveU Static Unicast>
Age: 3:47 Cost: 0/0
Protocol: #Static
Tag: 0
Mask: 255.254.0.0
Preference: 60
*NextHop: 2.1.1.1
Vlinkindex: 0
Age: 3:47 Cost: 0/0
Tag: 0
# There are no corresponding routes in the natural mask range (only displaying the
longest matched route). Display the detailed information.
<Quidway> display ip routing-table 169.253.0.0 verbose
1-7

Routing Tables:
* = Next hop in use
Summary count:1
Protocol: #Static
Mask: 255.0.0.0
Preference: -60
*NextHop: 2.1.1.1
Vlinkindex: 0
Age: 3:47 Cost: 0/0
Tag: 0
1.1.4 display ip routing-table ip_address1 ip_address2

Syntax
display ip routing-table ip_address1 mask1 ip_address2 mask2 [ verbose ]
View
Any view
Parameter
ip_address1, ip_address2: Destination IP address in dotted decimal notation.
ip_address1 and ip_address2 determine one address range together to display the
route in this address range. ip_address1 anding with mask1 specifies the start of the
range while ip_address2 anding with mask2 specifies the end.
mask1, mask2: IP address mask, length in dotted decimal notation or integer form. It
ranges from 0 to 32 when it is presented in integer.
verbose: With the verbose parameter, this command displays the verbose information
of both the active and inactive routes. Without the parameter, this command only
displays the summary of active routes.
Description
Using display ip routing-table ip_address1 ip_address2 command, you can view
the route information in the specified address range.
Example
# Display the routing information of destination addresses ranging from 1.1.1.0 to
2.2.2.0.
<Quidway>display ip routing-table 1.1.1.0 24 2.2.2.0 24
Routing tables:
Summary count: 3

1-8

Destination/Mask
Protocol
Pre Cost
Nexthop
Interface
1.1.1.0/24
DIRECT
1.1.1.1
Vlan-interface1
1.1.1.1/32
DIRECT
127.0.0.1
InLoopBack0
2.2.2.0/24
DIRECT
2.2.2.1
Vlan-interface2
1.1.5 display ip routing-table ip-prefix

Syntax
display ip routing-table ip-prefix ip-prefix-name [ verbose ]
View
Any view
Parameter
ip-prefix-name: ip prefix list name. The length of ip-prefix-name ranges from 1 to 19
character string.
verbose: With the parameter, this command displays the verbose information of both
the active and inactive routes that passed filtering rules. Without the parameter, this
command displays the summary of the active routes that passed filtering rules.
Description
Using display ip routing-table ip-prefix command, you can view the route information
that passed the filtering rule according the input ip prefix list name.
Example
# Display the summary of the active route that is filtered ip prefix list abc2.
[Quidway] ip ip-prefix abc2 permit 10.1.1.0 24 less-equal 32
[Quidway] display ip routing-table ip-prefix abc2
Routes matched by ip-prefix abc2:
Summary count: 2
Destination/Mask
Protocol Pre
Cost
Nexthop
Interface
10.1.1.0/24
DIRECT
10.1.1.2
Vlan-interface1
10.1.1.2/32
DIRECT
127.0.0.1
InLoopBack0

# Display the verbose information of the active and inactive routes that are filtered
prefix list abc2.
[Quidway] display ip routing-table ip-prefix abc2 verbose
Routes matched by ip-prefix abc2:

1-9

* = Next hop in use
Summary count: 2
Mask: 255.255.255.0
Protocol: #DIRECT
Preference: 0
*NextHop: 10.1.1.2
Vlinkindex: 0
Age: 3:23:44
Cost: 0/0
Tag: 0
Mask: 255.255.255.255
Protocol: #DIRECT
Preference: 0
*NextHop: 127.0.0.1
Vlinkindex: 0
Age: 3:23:44
Cost: 0/0
Tag: 0
1.1.6 display ip routing-table protocol

Syntax
display ip routing-table protocol protocol [ inactive | verbose ]
View
Any view
Parameter
inactive: With the parameter, this command displays the inactive route information.
Without the parameter, this command displays the active and inactive route
information.
verbose: With the verbose parameter, this command displays the verbose route
information. Without the parameter, this command displays the route summary.
protocol: the parameter has multiple selectable values:
z
direct: Display direct connection route information
static: Display the static route information.
bgp: Display BGP route information.
isis: Display IS-IS route information.
ospf: Display OSPF route information.
ospf-ase: Display OSPF ASE route information.
ospf-nssa: Display OSPF NSSA route information.

1-10

z
rip: Display RIP route information.
Description
Using display ip routing-table protocol command, you can view the route information
of specified protocol.
Example
# Display all direct connection routes summary.
<Quidway> display ip routing-table protocol direct
DIRECT Routing tables:
Summary count: 8
DIRECT Routing table status:<active>:
Summary count: 7
Destination/Mask
Protocol Pre
Cost
Nexthop
Interface
10.5.1.0/24
DIRECT
10.5.1.5
Vlan-interface105
10.5.1.5/32
DIRECT
127.0.0.1
InLoopBack0
100.100.1.1/32
DIRECT
127.0.0.1
InLoopBack0
102.1.1.0/24
DIRECT
102.1.1.1
LoopBack1
102.1.1.1/32
DIRECT
127.0.0.1
InLoopBack0
127.0.0.0/8
DIRECT
127.0.0.1
InLoopBack0
127.0.0.1/32
DIRECT
127.0.0.1
InLoopBack0
DIRECT Routing table status:<inactive>:

Summary count: 1
Destination/Mask
Protocol Pre
Cost
Nexthop
Interface
100.100.1.1/32
DIRECT
100.100.1.1
LoopBack0
Nexthop
Interface
# View the static routing table.

<Quidway> display ip routing-table protocol static
STATIC Routing tables:
Summary count: 1
STATIC Routing tables status:<active>:
Summary count: 0
STATIC Routing tables status:<inactive>:
Summary count: 1
Destination/Mask
1.2.3.0/24
Protocol
STATIC
Pre Cost
60
1.2.4.5
1.1.7 display ip routing-table radix

Syntax
display ip routing-table radix
1-11
Vlan-interface10

View
Any view
Parameter
None
Description
Using display ip routing-table radix command, you can view the route information in
a tree structure.
Example
<Quidway> display ip routing-table radix
Radix tree for INET (2) inodes 14 routes 10:
+--8+--{169.0.0.0
|
+-32+--{169.1.1.1
+--0+
|
+--8+--{127.0.0.0
+--1+
+-32+--{127.0.0.1
+--8+--{2.0.0.0
+-24+--{2.2.2.0
+--6+
+-32+--{2.2.2.2
+-22+
+-32+--{2.2.1.1
+--8+--{1.0.0.0
+-32+--{1.1.1.1

routing-table radix
Field
Description
INET
Address suite
inodes
Number of nodes
routes
Number of routes

1-12

1.1.8 display ip routing-table statistics

Syntax
display ip routing-table statistics
View
Any view
Parameter
None
Description
Using display ip routing-table statistics command, you can view the statistics of
routing information.
The statistics of routing information includes total route amount, the route amount
added or deleted by protocol, amount of the routes that are labeled deleted but not
deleted, the active route amount and inactive route amount.
Example
# Display the statistics of route information.
<Quidway> display ip routing-table statistics
Routing tables:
Proto
route
active
added
deleted
DIRECT
24
25
STATIC
BGP
RIP
IS-IS
OSPF
O_ASE
O_NSSA
AGGRE
Total
28
29

routing-table statistics
Field
Description
Proto
Routing protocol
route
Number of routes
active
Number of active routes

1-13

Field
Description
added
Number of added routes after the router is rebooted or the

routing table is cleared last time.
deleted
Number of deleted routes (such routes will be freed in a

period of time)
Total
Total number of the different kinds of routes.
1.1.9 display ip routing-table verbose

Syntax
display ip routing-table verbose
View
Any view
Parameter
None
Description
Using display ip routing-table verbose command, you can view the verbose routing
table information.
With the verbose parameter, this command displays the verbose routing table
information. The descriptor describing the route state will be displayed first, then the
statistics of the entire routing table will be output and finally the verbose description of
each route will be output.
All current routes, including inactive route and invalid route, can be displayed using
display ip routing-table verbose command.
Example
# Display the verbose routing table information.
<Quidway> display ip routing-table verbose
Routing Tables:
Destinations: 3
Holddown: 0
* = Next hop in use
Routes: 3
Delete: 62
Protocol: #DIRECT
Hidden: 0
Mask: 255.255.255.0
Preference: 0
*NextHop: 1.1.1.1

1-14


Age: 20:17:41
Cost: 0/0
Mask: 255.255.255.255
Protocol: #DIRECT
Preference: 0
*NextHop: 127.0.0.1

Age: 20:17:42
Cost: 0/0
Mask: 255.255.255.0
Protocol: #DIRECT
Preference: 0
*NextHop: 2.2.2.1

Age: 20:08:05
Cost: 0/0
First, display statistics of the whole routing table and then output detailed information of
every route entry in turn. The meaning of route status is shown in Table 1-2, and the
statistics of routing table is shown in the following table.
routing-table verbose
Field
Description
Holddown
Number of held-down routes
Delete
Number of deleted routes
Hidden
Number of hidden routes
1.2 Static Route Configuration Commands

1.2.1 delete static-routes all
Syntax
delete static-routes all
View
System view
Parameter
None
Description
Using the delete static-routes all command, you can delete all the static routes.
The system will request your confirmation before it deletes all the configured static
routes.
1-15

For related commands, see ip route-static and display ip routing-table.
Example
# Delete all the static routes in the router.
[Quidway] delete static-routes all
Are you sure to delete all the unicast static routes?[Y/N]
1.2.2 ip route-static
Syntax
ip route-static ip-address { mask | mask-length } { interface-name | gateway-address }
[ preference preference-value ] [ reject | blackhole ]
undo ip route-static ip-address { mask | mask-length } [ interface-name |
gateway-address ] [ preference preference-value ] [ reject blackhole ]
View
system view
Parameter
ip-address: Destination IP address in dotted decimal notation.
mask: Mask.
mask-length: Mask length. Since "1" s in the 32-bit mask are required to be consecutive,
the mask in dotted decimal format can be replaced by mask-length, which is the
number of the consecutive "1" s in the mask.
interface-name: Specify the interface of the route. The packets that are sent to a NULL
interface, a kind of virtual interface, will be discarded immediately. Thus can decrease
the system load.
gateway-address: Specify the next hop IP address of the route.
preference-value: Preference level of the route in the range from 1 to 255.
reject: Indicate an unreachable route.
blackhole: Indicate a blackhole route.
Description
Using ip route-static command, you can configure a static route. Using undo ip
route-static command, you can delete the configured static route.
By default, the system can obtain the sub-net route directly connected with the router.
When configuring a static route, the default preference is 60. You can change the
default preference value of the static routes to be configured by using the command ip

1-16

route-static default-preference. If it is not specified as reject or blackhole, the route

will be reachable by default.
A static route is a special route. You can set up an interconnecting network with the
static route configuration. The problem for such configuration is when a fault occurs to
the network, the static route cannot change automatically to steer away from the node
causing the fault, if without the help of an administrator.
In a relatively simple network, you only need to configure the static routes to make the
router work normally. The proper configuration and usage of the static route can
improve the network performance and ensure the bandwidth of the important
applications.
All the following routes are static routes:
z
Reachable route: A normal route is of this type. That is, the IP packet is sent to the
next hop via the route marked by the destination. It is a common type of static
routes.
Unreachable route: When a static route to a destination has the "reject" attribute,
all the IP packets to this destination will be discarded.
Blackhole route: If a static route to a destination has the "blackhole" attribute, the
outgoing interface of this route is the Null 0 interface regardless of the next hop
address, and all the IP packets addressed to this destination are dropped.
The attributes "reject" and "blackhole" are usually used to control the range of
reachable destinations of this router, and help troubleshooting the network.
Precautions when configuring static route:
z
You cannot specify an interface address of the local switch as the next hop
address of an static route.
In addition, when the destination IP address and the mask are both 0.0.0.0, it is the
configured default route. If it is failed to detect the routing table, a packet will be
forwarded along the default route.
For different configuration of preference level, flexible routing management policy

can be adopted.
For the related commands, see display ip routing-table, delete static-routes all and
ip route-static default-preference.
Example
# Configure the next hop of the default route as 129.102.0.2.
[Quidway] ip route-static 0.0.0.0 0.0.0.0 129.102.0.2
1.2.3 ip route-static default-preference

Syntax
ip route-static default-preference default-preference-value
1-17

undo ip route-static default-preference
View
System view
Parameter
default-preference-value: The default preference value of static routes, which will be
the preference value of the static route if its preference is not specified when configured.
Its default value is 60.
Description
Using ip route-static default-preference command, you can configure the default
preference value of static routes. Using undo ip route-static default-preference
command, you can restore the default value.
A static routes preference will be the default-preference-value set by this command if
its preference is not specified when configured by ip route-static command.
For the related commands, see display ip routing-table, ip route-static.
Example
# Configure the default preference of static routes as 120.
[Quidway] ip route-static default-preference 120

1-18

Chapter 2 RIP Configuration Commands
Note:
2.1 RIP Configuration Commands

2.1.1 checkzero
Syntax
checkzero
undo checkzero
View
RIP view
Parameter
None
Description
Using checkzero command, you can check the zero field of RIP-1 packet. Using undo
checkzero command, you can disable the checking of the zero fields.
By default, RIP-1 performs the zero field checking.
According to the protocol (RFC1058) specifications, some fields in RIP-1 packets must
be zero, called zero fields. With the checkzero command, the zero check operation of
RIP-1 can be enabled or disabled. During the zero check operation, if the RIP-1 packet
in which the zero fields are not zeros is received, it will be rejected.
This command is ineffective to RIP-2 since RIP-2 packets have no zero fields.
Example
# Configure not to perform zero check for RIP-1 packet.
[Quidway-rip] undo checkzero
2-1

2.1.2 default cost

Syntax
default cost value
undo default cost
View
RIP view
Parameter
value: the default routing cost to be set, ranging from 1 to 16. The default value is 1.
Description
Using default cost command, you can set the default routing cost of an imported route.
Using undo default cost command, you can restore the default value.
If no specific routing cost is specified when importing the route of another routing
protocol with the import-route command, the importing will be performed with the
default routing cost specified with the default cost command.
For the related commands, see import-route.
Example
# Set the default routing cost of the imported route of another routing protocol to 3.
[Quidway-rip] default cost 3
2.1.3 display rip

Syntax
display rip
View
Any view
Parameter
None
Description
Using display rip command, you can view the current RIP running state and its
configuration information.
Example
# Display the current running state and configuration information of the RIP.
2-2

<Quidway> display rip

RIP is running
public net VPN-Instance
Checkzero is on
Default cost : 1
Summary is on
Preference : 100
Traffic-share-across-interface is off
Period update timer : 30
Timeout timer : 180
Garbage-collection timer : 120
No peer router
Network :
10.0.0.0
Table 2-1 Description of information generated by the command display rip

Field
Description
RIP is running
RIP is active
Checkzero is on
Enable zero field checking
Default cost : 1
The default route cost is 1
Summary is on
Routes are summarized automatically
Preference : 100
The preference of RIP is 100
Traffic-share-across-interface
is off
Traffic sharing across RIP interfaces is disabled
Period update timer : 30

Timeout timer : 180
Three timers of RIP
Garbage-collection timer : 120

No peer router
No destination address of a transmission is

specified
Network :10.0.0.0
Enable RIP on network segment 202.38.168.0
2.1.4 display rip routing

Command
display rip routing
View
Any view
Parameter
None
2-3

Description
Use the display rip routing command to view RIP routing information.
Example
# Display RIP routing information.
<Quidway> display rip routing
RIP routing table: public net
A = Active
I = Inactive
G=Garbage collection
Destination/Mask
Cost NextHop
Age
SourceGateway
Att
6.0.0.0/8
4s
10.153.25.22
10.153.25.22
Table 2-2 Field description of the display rip routing command

Field
Description
Destination/Mask
Destination IP address/mask length
Cost
Routing cost
NextHop
Next hop address of the route
Age
Aging time of the routing entry
SourceGateway
IP address of the source gateway from which the route is

learned
Attributes with three options available:
A
The active route
The inactive route
The unreachable route in the state of

Garbage-collection. If the Garbage-collection
timer times out before the unreachable route is
updated by the update packets from the
neighbors, the entire routing entry is deleted
from the routing table
Att
2.1.5 filter-policy export

Syntax
filter-policy { acl-number | ip-prefix ip-prefix-name | route-policy route-policy-name }
export [ routing-protocol ]
undo
filter-policy
acl-number
ip-prefix
route-policy-name } export [ routing-protocol ]

2-4
ip-prefix-name
route-policy

View
RIP view
Parameter
acl-number: Access control list number used for filtering the destination addresses of
the routing information.
ip-prefix-name: Name of address prefix list used for filtering the destination addresses
of the routing information. The length of ip-prefix-name ranges from 1 to 19 character
string.
route-policy-name: Route policy name that filters routing information. After enabling
RIP protocol, you can determine which routes are to be sent/received based on
acl/cost/interface/ip/ip-prefix/tag fields. The length of route-policy-name parameter
ranges from 1 to 16 character string.
routing-protocol: Routing protocol whose routing information is to be filtered, including
direct, isis, bgp, ospf, ospf-ase, ospf-nssa and static at present.
Description
Using filter-policy export command, you can configure to filter the advertised routing
information by RIP. Using undo filter-policy export command, you can configure not
to filter the advertised routing information.
By default, RIP does not filter the advertised routing information.
In some cases, it may be required that only the routing information meeting some
conditions can be advertised. Then, the filter-policy command can be used to set the
filtering conditions for the routing information to be advertised. Only the routing
information passing the filtration can be advertised.
For the related commands, see acl, filter-policy import, ip ip-prefix.
Example
# Filter the advertised route information according to ACL 2000.
[Quidway-rip] filter-policy 2000 export
2.1.6 filter-policy import

Syntax
filter-policy gateway ip-prefix-name import
undo filter-policy gateway ip-prefix-name import
filter-policy { acl-number | ip-prefix ip-prefix-name [ gateway ip-prefix-name ] |
route-policy route-policy-name } import

2-5

undo filter-policy { acl-number | ip-prefix ip-prefix-name [ gateway ip-prefix-name ] |

route-policy route-policy-name } import
View
RIP view
Parameter
the routing information.
string.
gateway ip-prefix-name: Name of address prefix list used for filtering the addresses of
the neighboring routers advertising the routing information. The length of
ip-prefix-name ranges from 1 to 19 character string.
route-policy-name: Route policy name that filters routing information. After enabling
RIP protocol, you can determine which routes are to be sent/received based on
acl/cost/interface/ip/ip-prefix/tag fields. The length of route-policy-name parameter
ranges from 1 to 16 character string.
Description
Using filter-policy gateway import command, you can configure to filter the received
routing information distributed from the specified address. Using undo filter-policy
gateway import command, you can configure not to filter the received routing
information distributed from the specified address.
Using filter-policy import command, you can configure the filtering to the received
global routing information. Using undo filter-policy import command, you can disable
filtering to the received global routing information
By default, RIP does not filter the received routing information.
For the related commands, see acl, filter-policy export, ip ip-prefix.
Example
# Configure the filtering of the global routing information according to acl 2000.
[Quidway-rip] filter-policy 2000 import
2.1.7 host-route
Syntax
host-route
undo host-route

2-6

View
RIP view
Parameter
None
Description
Using host-route command, you can control the RIP to accept the host route. Using
undo host-route command, you can reject the host route.
By default, RIP accepts the host route.
In some special cases, RIP receives a great number of host routes in the same network
segment. These routes cannot help the path searching much but occupy a lot of
resources. In this case, the undo host-route command can be used to reject a host
route.
Example
# Configure RIP to reject a host route.
[Quidway-rip] undo host-route
2.1.8 import-route
Syntax
import-route protocol [ cost value | route-policy route-policy-name ]*
undo import-route protocol
View
RIP view
Parameter
protocol: Specify the source routing protocol to be imported by RIP. At present, RIP can
import the following routes: direct, bgp, ospf, ospf-ase, ospf-nssa , isis and static.
value: Cost value of the route to be imported, ranging from 1 to 16.
route-policy route-policy-name: Configure to import the route matching the condition
of the specified Route-policy only. The length of route-policy-name parameter ranges
from 1 to 16 character string.
Description
Using import-route command, you can import the routes of other protocols into RIP.
Using undo import-route command, you can cancel the routes imported from other
protocols.

2-7

By default, RIP does not import any other route.

The import-route command is used to import the route of another protocol by using a
certain cost value. RIP regards the imported route as its own route and transmits it with
the specified cost value. This command can greatly enhance the RIP capability of
obtaining routes, thus increases the RIP performance.
If the cost value is not specified, routes will be imported according to the default cost
ranging from 1 to 16. If the imported route cost value is 16, then RIP continues to
announce this cost to other routers running RIP, and marks this route with HOLDDOWN.
However, this router can still forward packets until the Garbage Collection timer times
out (defaults to 120 seconds).
For the related commands, see default cost.
Example
# Import a static route with cost 4.
[Quidway-rip] import-route static cost 4
# Set the default cost and import an OSPF route with the default cost.
[Quidway-rip] default cost 3
[Quidway-rip] import-route ospf
2.1.9 network
Syntax
network network-address
undo network network-address
View
RIP view
Parameter
network-address: Address of the network enabled/disabled. It can be the IP network
address of any interface.
Description
Using network command, you can enable Routing Information Protocol (RIP) for the
specified network connected to the router. Using undo network command, you can
disable the RIP on the interface.
By default, RIP is disabled on any interface.
After enabling RIP, RIP at a certain interface must be enabled with the network
command, since RIP works only on the interface of specified network segment. RIP
wont receive or forward route on interfaces of non-specified network segments.
2-8

The undo network command is similar to the undo rip work command in terms of
function. But they are not identical. Their similarity is that the interface using either
command will not receive/transmit RIP routes. The difference between them is that, in
the case of undo rip work , other interfaces will still forward the routes of the interface
using the undo rip work command. In the case of undo network, other interfaces will
not forward the routes of the interface using this command and it seems that the
interface disappeared.
When the network command is used on an address, the effect is that the interface on
the network segment at this address is enabled. For example, the results of viewing the
network 129.102.1.1 with both the display current-configuration command and the
display rip command are shown as the network 129.102.0.0.
For the related commands, see rip work .
Example
# Enable the RIP on the interface with the network address as 129.102.0.0.
[Quidway-rip] network 129.102.0.0
2.1.10 peer
Syntax
peer ip-address
undo peer ip-address
View
RIP view
Parameter
ip-address: The interface IP address of the peer router, represented in the format of
dotted decimal.
Description
Using peer command, you can configure the sending destination address of the peer
device. Using undo peer command, you can cancel the set destination address.
By default, do not send RIP packet to any destination.
RIP exchanges routing information with non-broadcasting networks in unicast view.
This command specifies the sending destination address to fit some non-broadcast
networks. Usually, it is not recommended to use this command.
Example
# Specify the sending destination address 202.38.165.1.

2-9

[Quidway-rip] peer 202.38.165.1
2.1.11 preference
Syntax
preference value
undo preference
View
RIP view
Parameter
value: Preference level, ranging from 1 to 255. By default, the value is 100.
Description
Using preference command, you can configure the route preference of RIP. Using
undo preference command, you can restore the default preference.
Every routing protocol has its own preference. Its default value is determined by the
specific routing policy. The preference will finally determine the routing algorithm to
obtain the optimal route in the IP routing table. This command can be used to modify
the RIP preference manually.
Example
# Specify the RIP preference as 20.
[Quidway-rip] preference 20
2.1.12 reset
Syntax
reset
View
RIP view
Parameter
None
Description
Using reset command, you can reset the system configuration parameters of RIP.
When you need to re-configure parameters of RIP, this command can be used to
restore to the default setting.

2-10

Example
# Reset the RIP system.
[Quidway-rip] reset
2.1.13 rip
Syntax
rip
undo rip
View
system view
Parameter
none
Description
Using rip command, you can enable the RIP and enter the RIP view. Using undo rip
command, you can disable RIP.
By default, the system does not run RIP.
To enter the RIP view to configure various RIP global parameters, RIP should be
enabled first. Whereas the configuration of parameters related to the interfaces is not
restricted by enabling/disabling RIP.
Note:
Note that the interface parameters configured previously would be invalid when RIP is
disabled.
Example
# Enable the RIP and enter the RIP view.
[Quidway] rip
[Quidway-rip]

2-11

2.1.14 rip authentication-mode

Syntax
rip authentication-mode { simple password | md5 { rfc2453 key-string | rfc2082
key-string key-id } }
undo rip authentication-mode
View
Interface view
Parameter
simple: Simple text authentication mode.
password: Simple text authentication key.
md5: MD5 cipher text authentication mode.
rfc2453: Specify the MD5 cipher text authentication packet to use the general packet
format (RFC2453 standard format).
key-string: MD5 authentication key. If it is input in a plain text form, MD5 key is a
character string not exceeding 16 characters. And it will be displayed in a cipher text
form in a length of 24 characters when display current-configuration command is
executed. Inputting the MD5 key in a cipher text form with 24 characters long is also
supported.
rfc2082: Specify the MD5 cipher text authentication packet to use a nonstandard
packet format described in RFC2082.
key-id: MD5 cipher text authentication identifier, ranging from 1 to 255.
Description
Using rip authentication-mode command, you can configure RIP-2 authentication
mode and its parameters. Using undo rip authentication-mode command, you can
cancel the RIP-2 authentication.
RIP-1 does not support authentication. There are two RIP authentication modes:
simple authentication and MD5 cipher text authentication for RIP-2 . When MD5 cipher
text authentication mode is used, there are two types of packet formats. One of them is
that described in RFC 2453. The other format is the one described specially in RFC
2082. The router supports both of the packet formats and the user can select either of
them on demands.
For the related commands, see rip version.
Example
# Specify Interface Vlan-interface 1 to use the simple authentication with the key as
aaa.
2-12

[Quidway] interface Vlan-interface 1

[Quidway-Vlan-interface1] rip version 2
[Quidway-Vlan-interface1] rip authentication-mode simple aaa
# Set MD5 authentication at Vlan-interface 1 with the key string as aaa and the packet
type as rfc2453.
[Quidway-Vlan-interface1] rip authentication-mode md5 rfc2453 aaa
2.1.15 rip input

Syntax
rip input
undo rip input
View
Interface view
Parameter
None
Description
Using rip input command, you can allow an interface to receive RIP packets. Using
undo rip input command, you can disable an interface to receive RIP packets.
By default, all interfaces except loopback interfaces are enabled to receive RIP
packets.
This command is used in cooperation with the other two commands: rip output and rip
work . Functionally, rip work is equivalent to rip input & rip output. The latter two
control the receipt and the transmission of RIP packets respectively on an interface.
The former command equals the functional combination of the latter two commands.
For the related commands, see rip output, rip work .
Example
# Specify Vlan-interface 1 not to receive RIP packets.
[Quidway-Vlan-interface1] undo rip input

2-13

2.1.16 rip metricin

Syntax
rip metricin value
undo rip metricin
View
Interface view
Parameter
value: Additional route metric added when receiving a packet, ranging from 0 to 16. By
default, the value is 0.
Description
Using rip metricin command, you can configure the additional route metric added to
the route when an interface receives RIP packets. Using undo rip metricin command,
you can restore the default value of this additional route metric.
For the related commands, see rip metricout.
Example
# Specify the additional route metric to 2 when the interface Vlan-interface 1 receives
RIP packets.
[Quidway-Vlan-interface1] rip metricin 2
2.1.17 rip metricout

Syntax
rip metricout value
undo rip metricout
View
Interface view
Parameter
value: Additional route metric added when transmitting a packet, ranging from 1 to 16.

2-14

Description
Using rip metricout command, you can configure the additional route metric to the
route when an interface transmits RIP packets. Using undo rip metricout command,
you can restore the default value of this additional route metric.
For the related commands, see rip metricin.
Example
# Set the additional route metric to 2 when the interface Vlan-interface 1 transmits RIP
packets.
[Quidway-Vlan-interface1] rip metricout 2
2.1.18 rip output

Syntax
rip output
undo rip output
View
Interface view
Parameter
none
Description
Using rip output command, you can allow an interface to transmit RIP packets to the
external. Using undo rip output command, you can disable an interface to transmit
RIP packets to the external.
By default, all interfaces except loopback interfaces are enabled to transmit RIP
packets to the external.
This command is used in cooperation with the other two commands: rip input and rip
work . Functionally, rip work is equivalent to rip input & rip output. The latter two
control the receipt and the transmission of RIP packets respectively on an interface.
The former command equals the functional combination of the latter two commands.
For the related commands, see rip input, rip work .
Example
# Disable the interface Vlan-interface 1 to transmit RIP packets.

2-15

[Quidway-Vlan-interface1] undo rip output
2.1.19 rip split-horizon

Syntax
rip split-horizon
undo rip split-horizon
View
Interface view
Parameter
none
Description
Using rip split-horizon command, you can configure an interface to use split horizon
when transmitting RIP packets. Using undo rip split-horizon command, you can
configure an interface not to use split horizon when transmitting RIP packets.
By default, an interface is enabled to use split horizon when transmitting RIP packets.
Normally, split horizon is necessary for reducing route loop. Only in some special cases,
split horizon should be disabled to ensure the correct execution of protocols.
Example
# Specify the interface Vlan-interface 1 not to use split horizon when processing RIP
packets.
[Quidway-Vlan-interface1] undo rip split-horizon
2.1.20 rip version

Syntax
rip version 1
rip version 2 [ broadcast | multicast ]
undo rip version
View
Interface view
Parameter
1: Interface version is RIP-1.

2-16

2: Interface version is RIP-2.

broadcast: Transmission mode of RIP-2 packet is broadcast.
multicast: Transmission mode of RIP-2 packet is multicast.
Description
Using rip version command, you can configure the version of RIP packets on an
interface. Using undo rip version command, you can restore the default value of RIP
packet version on the interface.
By default, the interface RIP version is RIP-1. RIP-1 transmits packets in broadcast
mode, while RIP-2 transmits packets in multicast mode by default.
When running RIP-1, the interface only receives and transmits RIP-1 broadcast
packets, and receives RIP-2 broadcast packets, but does not receive RIP-2 multicast
packets. When running RIP-2 in broadcast mode, the interface only receives and
transmits RIP-2 broadcast packets, receives RIP-1 packets and RIP-2 multicast
packets. When running RIP-2 in multicast mode, the interface only receives and
transmits RIP-2 multicast packets, receives RIP-2 broadcast packets, but does not
receive RIP-1 packets.
Example
# Configure the interface Vlan-interface 1 as RIP-2 broadcast mode.
[Quidway-Vlan-interface1] rip version 2 broadcast
2.1.21 rip work

Syntax
rip work
undo rip work
View
Interface view
Parameter
None
Description
Using rip work command, you can enable the running of RIP on an interface. Using
undo rip work command, you can disable the running of RIP on an interface.
By default, RIP is run on an interface.

2-17

This command is used in cooperation with rip input, rip output and network
commands. Refer to the usage guideline of the related commands.
For the related commands, see network, rip input, rip output.
Example
# Disable the interface Vlan-interface 1 to run the RIP.
[Quidway-Vlan-interface1] undo rip work
2.1.22 summary
Syntax
summary
undo summary
View
RIP view
Parameter
None
Description
Using summary command, you can configure to activate RIP-2 automatic route
summarization. Using undo summary command, you can disable RIP-2 automatic
route summarization.
By default, RIP-2 route summarization is used.
Route aggregation can be performed to reduce the routing traffic on the network as well
as to reduce the size of the routing table. RIP-1 does not support subnet mask.
Forwarding subnet route may cause ambiguity. Therefore, RIP-1 uses route
summarization all the time. If RIP-2 is used, route summarization function can be
disabled with the undo summary command, when it is necessary to broadcast the
subnet route.
For the related commands, see rip version.
Example
# Set RIP version on the interface Vlan-interface 1 as RIP-2 and disable the route
aggregation.
[Quidway-Vlan-interface1] quit
2-18

[Quidway] rip
[Quidway-rip] undo summary
2.1.23 timers
Syntax
timers { update update-timer-length | timeout timeout-timer-length } *
undo timers { update | timeout } *
View
RIP view
Parameter
update-timer-length: Value of the Period update timer, ranging from 1 to 3600 seconds.
By default, it is 30 seconds.
timeout-timer-length: Value of the Timeout timer, ranging from 1 to 3600 seconds. By
default, it is 180 seconds.
Description
Using the timers command, you can modify the values of the three RIP timers: Period
Update, Timeout, and Garbage-collection. Using the undo timers command, you can
restore the default settings.
By default, the values of Period Update, Timeout, and Garbage-collection timers are 30
seconds, 180 seconds, and 120 seconds respectively.
Generally, it is regarded that the value of Garbage-collection timer is fixed to 4 times of
that
of
Period
Update
timer.
Adjusting
Period
Update
timer
will
affect
Garbage-collection timer.
The modification of RIP timers is validated immediately.
For related commands, see display rip.
Example
# Set the values of Period Update timer and Timeout timer of RIP to 10 seconds and 30
seconds respectively.
[Quidway] rip
[Quidway-rip] timers update 10 timeout 30
2.1.24 traffic-share-across-interface
Syntax
traffic-share-across-interface
2-19

undo traffic-share-across-interface
View
RIP view
Parameter
None
Description
Use the traffic-share-across-interface command to enable RIP to distribute traffic
equally among interfaces by employing equivalent routes.
Use the undo traffic-share-across-interface command to disable traffic sharing
among interfaces.
By default, traffic sharing across RIP interfaces is disabled.
Example
# Enable RIP traffic sharing across interfaces.
[Quidway-rip] traffic-share-across-interface

2-20

Chapter 3 OSPF Configuration Commands
Note:
3.1 OSPF Configuration Commands

3.1.1 abr-summary
Syntax
abr-summary ip-address mask [ advertise | not-advertise ]
undo abr-summary ip-address mask
View
OSPF Area view
Parameter
ip-address: Network segment address.
mask: Network mask.
advertise : Advertise only the summarized route.
not-advertise : Do not advertise routes matching the specified IP address and mask.
Description
Using abr-summary command, you can configure the route aggregation on the area
border router. Using undo abr-summary command, you can disable the function of
route aggregation on the area border router.
By default, the area border router doesnt aggregate routes.
This command is applicable only to the area border router (ABR) and is used for the
route aggregation in an area. The ABR only transmits an aggregated route to other
areas. Route aggregation refers to that the routing information is processed in the ABR
and for each network segment configured with route aggregation, there is only one
route transmitted to other areas.
3-1

Example
# Aggregate the two network segments, 66.48.10.0 and 66.48.120.0, in OSPF area 1
into one summary route 66.48.0.0 and transmit it to other areas.
[Quidway-ospf-1] area 1
[Quidway-ospf-1-area-0.0.0.1] network 66.48.10.0 0.0.0.255
[Quidway-ospf-1-area-0.0.0.1] abr-summary 66.48.0.0 255.255.0.0
3.1.2 area
Syntax
area area-id
undo area area-id
View
OSPF view
Parameter
area-id: ID of the OSPF area, which can be a decimal integer or in IP address format.
Description
Using area command, you can enter OSPF Area view. Using undo area command,
you can cancel the designated area.
Example
# Enter OSPF Area 0 view.
[Quidway-ospf-1-area-0.0.0.0]
3.1.3 asbr-summary
Syntax
asbr-summary ip-address mask [ not-advertise | tag value ]
undo asbr-summary ip-address mask
View
OSPF view
Parameter
ip-address: Matched IP address.
3-2

mask: IP address mask in dotted decimal format.

not-advertise: Do not advertise routes matching the specified IP address and mask.
tag value: Tag value, which is mainly used to control advertisement of routes via
route-policy. It is in the range from 0 to 4294967295. If it is not specified, it is 1 by
default.
Description
Using asbr-summary command, you can configure summarization of imported routes
by OSPF. Using undo asbr-summary command, you can cancel the summarization.
By default, summarization of imported routes is disabled.
After the summarization of imported routes is configured, if the local router is an
autonomous system border router (ASBR), this command summarizes the imported
Type-5 LSAs in the summary address range. When NSSA is configured, this command
will also summarize the imported Type-7 LSAs in the summary address range.
If the local router acts as both an ABR and a router in the NSSA, this command
summarizes Type-5 LSAs transformed from Type-7 LSAs. If the router is not the router
in the NSSA, the summarization is disabled.
For the related commands, see display ospf asbr-summary.
Example
# Set summarization of Quidway imported routes.
[Quidway-ospf-1] asbr-summary 10.2.0.0 255.255.0.0 not-advertise
3.1.4 authentication-mode
Syntax
authentication-mode { simple | md5 }
undo authentication-mode
View
OSPF Area view
Parameter
simple: Use simple text authentication mode.
md5: Use MD5 cipher text authentication mode.
Description
Using authentication-mode command, you can configure one area of OSPF to
support the authentication attribute. Using undo authentication-mode command, you
can cancel the authentication attribute of this area.

3-3

By default, an area does not support authentication attribute.

All the routers in one area must use the same authentication mode (no authentication,
simple text authentication or MD5 cipher text authentication). If the mode of supporting
authentication is configured, all routers on the same segment must use the same
authentication key. To configure a simple text authentication key, use the ospf
authentication-mode simple command. And, use the ospf authentication-mode
md5 command to configure the MD5 cipher text authentication key if the area is
configured to support MD5 cipher text authentication mode.
For the related commands, see ospf authentication-mode.
Example
# Specify the OSPF area 0 to support MD5 cipher text authentication:
[Quidway-ospf-1-area-0.0.0.0] authentication-mode md5
3.1.5 debugging ospf

Syntax
debugging ospf [ process-id ] { event | lsa-originate | packet [ ack | dd | hello |
request | update ] [ interface interface-type interface-num ] | spf }
undo debugging ospf [ process-id ] { event | lsa-originate | packet [ ack | dd | hello
| request | update ] [ interface interface-type interface-num ] | spf }
View
User view
Parameter
interface type num: Type and number of the interface.
process-id: OSPF process ID. If no process ID is specified, all the process debugging is
enabled or disabled.
event: Enables OSPF event information debugging.
packet: Enables OSPF packet information debugging. There are five sorts of packets
in OSPF as follows:
ack: LSAck packet.
dd: Database Description packet.
hello: Hello message.
request: Link State Request packet.
update: Link State Update packet.
Lsa-generate: Enables OSPF LSA packet information debugging.
3-4

spf: Enables the debugging of the calculation of the OSPF shortest-path tree.
te: Enables the debugging of OSPF TE.
Description
Use the debugging ospf command to enable OSPF debugging.
Use the undo debugging ospf command to disable the function.
If no process ID is specified in the debugging command, the command is valid to all
the processes. And it keeps the state during the router running period no matter OSPF
process exits or not. If there is a specified process ID in the debugging command, only
the specified process is debugged.
Related command: display debugging ospf.
Example
# Enable the information debugging of OSPF packets.
<Quidway> debugging ospf packet
3.1.6 default cost

Syntax
default cost value
undo default cost
View
OSPF view
Parameter
value: Default routing cost of external route imported by OSPF, ranging from 0 to
16777214. By default, its value is 1.
Description
Using default cost command, you can configure the default cost for OSPF to import
external routes. Using undo default cost command, you can restore the default value
of the default routing cost configured for OSPF to import external routes.
Since OSPF can import external routing information, whose routing cost can influence
routing selection and calculation, and propagate it to the entire autonomous system, it
is necessary to specify the default routing cost for the protocol to import external routes.
Example
# Specify the default routing cost for OSPF to import external routes as 10.
[Quidway-ospf-1] default cost 10

3-5

3.1.7 default interval

Syntax
default interval seconds
undo default interval
View
OSPF view
Parameter
seconds: Default interval for redistributing external routes. Its unit is second and the
value ranges from 1 to 2147483647. By default, the interval for OSPF to import external
routes is 1 second.
Description
Using default interval command, you can configure the default interval for OSPF to
import external routes. Using undo default interval command, you can restore the
default value of the default interval of redistributing external routes.
Because OSPF can import the external routing information and broadcast it to the
entire autonomous system, and importing routes too often will greatly affect the
performances of the device, it is necessary to specify the default interval for the
protocol to import external routes.
Example
# Specify the default interval for OSPF to import external routes as 10 seconds.
[Quidway-ospf-1] default interval 10
3.1.8 default limit

Syntax
default limit routes
undo default limit
View
OSPF view
Parameter
routes: Default value to the imported external routes in a unit time, ranging from 200 to
2147483647. By default, the value is 1000.

3-6

Description
Using default limit command, you can configure the default value of maximum number
of imported routes. Using undo default limit command, you can restore the default
value.
OSPF can import external routing information and advertise them to the whole AS.
Importing too much external routes once will greatly affect the performances of the
device.
For the related commands, see default interval.
Example
# Specify the default value of OSPF imported external routes as 200.
[Quidway-ospf-1] default limit 200
3.1.9 default tag

Syntax
default tag tag
undo default tag
View
OSPF view
Parameter
tag: Default tag, ranging from 0 to 4294967295 with the default value 1.
Description
Using default tag command, you can configure the default tag of OSPF when it
redistributes an external route. Using undo default tag command, you can restore the
default tag of OSPF when it redistributes the external route.
When OSPF imports a route found by other routing protocols in the router and uses it
as the external routing information of its own autonomous system, some additional
parameters are required, including the default cost and the default tag of the route.
For the related commands, see default type.
Example
# Set the default tag of OSPF imported external route of the autonomous system as 10.
[Quidway-ospf-1] default tag 10

3-7

3.1.10 default type

Syntax
default type { 1 | 2 }
undo default type
View
OSPF view
Parameter
type 1: External routes of type 1.
type 2: External routes of type 2.
Description
Using default type command, you can configure the default type when OSPF
redistributes external routes. Using undo default type command, you can restore the
default type when OSPF redistributes external routes.
By default, the external routes of type 2 are imported.
OSPF specifies the two types of external routing information. The command described
in this section can be used to specify the default type when external routes are
imported.
For the related commands, see default tag.
Example
# Specify the default type as type 1 when OSPF imports an external route.
[Quidway-ospf-1] default type 1
3.1.11 default-cost
Syntax
default-cost value
undo default-cost
View
OSPF Area view
Parameter
value: Specify the cost value of the default route transmitted by OSPF to the STUB or
NSSA area, ranging from 0 to 16777214. The default value is 1.

3-8

Description
Using default-cost command, you can configure the cost of the default route
transmitted by OSPF to the STUB or NSSA area. Using undo default-cost command,
you can restore the cost of the default route transmitted by OSPF to the STUB or NSSA
area to the default value.
For the related commands, see stub, nssa.
Example
# Set the area 1 as the STUB area and the cost of the default route transmitted to this
STUB area to 60.
[Quidway-ospf-1-area-0.0.0.1] stub
[Quidway-ospf-1-area-0.0.0.1] default-cost 60
3.1.12 default-route-advertise
Syntax
default-route-advertise [ always | cost value | type type-value | route-policy
route-policy-name ]*
undo default-route-advertise [ always | cost | type | route-policy ]*
View
OSPF view
Parameter
always: The parameter will generate an ase lsa which describes the default route and
advertise it if the local router is not configured with the default route. If this parameter is
not set, the local router cannot import the ase lsa, which generates the default route
only when it is configured with the default route.
cost value: the cost value of this ase lsa. The value ranges from 0 to 16777214. If the
parameter is not configured, the default value is 1.
type value: cost type of this ase lsa. It ranges from 1 to 2. If the parameter is not
configured, the default value is 2.
route-policy route-policy-name: if the default route match the route-policy specified by
route-policy-name, route-policy will affect the value in ase lsa. The length of
route-policy-name parameter ranges from 1 to 16 character string.

3-9

Description
Using default-route-advertise command, you can import default route to OSPF route
area. Using undo default-route-advertise command, you can cancel the import of
default route.
By default, OSPF does not import default route.
The import-route command cannot import the default route. To import the default route
to the route area, this command must be used. When local router is not configured with
default route, the keyword always should be used by ase lsa to generate default route.
Example
# If local route has no default route, the ase lsa of default route will be generated,
otherwise it wont be generated.
[Quidway-ospf-1] default-route-advertise
# The ase lsa of default route will be generated and advertised to OSPF route area
even the local router has no default route.
[Quidway-ospf-1] default-route-advertise always
3.1.13 display debugging ospf

Syntax
display debugging ospf
View
Any view
Description
Using the display debugging ospf command, you can view the debugging states of
global OSPF and all processes.
For related commands, see debugging ospf.
Example
# Display the debugging states of global OSPF and all processes.
<Quidway> display debugging ospf
OSPF global debugging state:
OSPF SPF debugging is on
OSPF LSA debugging is on
OSPF process 100 debugging state:

3-10

OSPF process 200 debugging state:

OSPF LSA debugging is on
3.1.14 display ospf abr-asbr

Syntax
display ospf [ process-id ] abr-asbr
View
Any view
Parameter
process-id: Process ID of OSPF, ranging from 1 to 65535. The command is applied to
all current OSPF processes if you do not specify a process ID.
Description
Using display ospf abr-asbr command, you can view the information about the ABR
and ASBR of OSPF.
Example
# Display the information of the OSPF area border routers and autonomous system
border routers.
<Quidway> display ospf abr-asbr
OSPF Process 1 with Router ID 10.110.98.138
Routing Table to ABR and ASBR
I = Intra i = Inter A = ASBR B = ABR S = SumASBR
Destination
Area
Cost
Nexthop
Interface
IA 2.2.2.2
0.0.0.0
10
10.153.17.89
Vlan-interface1
Table 3-1 Description of information generated by the command display ospf abr-asbr
Field
Description
Destination
Router ID of the ABR or ASBR
Area
Area where the router is connected with ASBR
Cost
The routing overhead value of the route
Nexthop
Nexthop address to the destination
Interface
The local output interface

3-11

3.1.15 display ospf asbr-summary

Syntax
display ospf [ process-id ] asbr-summary [ ip-address mask ]
View
Any view
Parameter
ip-address: Matched IP address in dotted decimal format.
mask: IP address mask in dotted decimal format.
Description
Using display ospf asbr-summary command, you can view the summary information
of OSPF imported route.
If the parameters are not set, the summary information of all OSPF imported routes will
be displayed.
For the related commands, see asbr-summary .
Example
# Display the summary information of all OSPF imported routes.
<Quidway> display ospf asbr-summary
Summary Addresses
Total summary address count:
Summary Address
net
: 168.10.0.0
mask
: 255.254.0.0
tag
: 1
status
: Advertise
The Count of Route is 0
Summary Address
net
: 1.1.0.0
mask
: 255.255.0.0
tag
: 100
status
: DoNotAdvertise
The Count of Route is 0

3-12

Table 3-2 Description of information generated by the command display ospf

asbr-summary
Field
Description
net
Destination network segment
mask
Mask
tag
Tag
Status information, including two values:
status
DoNotAdvertise
The summary routing information to the network

segment will not be advertised
Advertise
The summary routing information to the network

segment will be advertised
3.1.16 display ospf brief

Syntax
display ospf [ process-id ] brief
View
Any view
Parameter
Description
Using display ospf brief command, you can view the main summary of OSPF.
Example
# Display the OSPF summary.
<Quidway> display ospf brief
OSPF Protocol Information
RouterID: 10.110.95.189
Border Router: Area AS
spf-schedule-interval: 5
Routing preference: Inter/Intra: 10 External: 150
Default ASE parameters: Metric: 1 Tag: 0.0.0.1 Type: 2
SPF computation count: 16
Area Count: 1
Nssa Area Count: 0

3-13

Area 0.0.0.0:
Authtype: none
Flags: <>
SPF scheduled: <>

Interface: 201.1.1.4 (Vlan-interface1)
Cost: 1 State: DR
Type: Broadcast
Priority: 1
Designated Router: 201.1.1.4
Backup Designated Router: 201.1.1.3
Timers: Hello 10, Dead 40, Poll 40, Retransmit 5, Transmit Delay 1
Table 3-3 Description of information generated by the command display ospf brief
Field
Description
RouterID
Router ID of the router
Border Router
Border routers for connection to the area, including

autonomous system border router (ASBR) and area
border router (ABR)
spf-schedule-interval
Interval of SPF schedule
Authtype
Authentication type of OSPF
Routing preference
Routing preference of OSPF. The internal route of OSPF

includes intra/inter area route, and its default routing
preference is 10. While that of the external route of OSPF
is 150 by default
Default
parameters
Default ASE parameters of OSPF, including metric, type

and tag
SPF
count
ASE
computation
SPF computation count since OSPF is enabled
Area Count
Areas for connection to this router
Nssa Area Count
Number of NSSA areas
SPF scheduled
SPF scheduled (flag)
Interface
Interface name belonging to this area
Cost
Cost of routes
State
State information
Type
Network type of OSPF interface
Priority
Priority
Designated Router
IP address of designated router (DR)
Backup
Router
IP address of backup designated router (BDR)
Designated

3-14

Field
Description
OSPF timers, defining as follows:
Timers
Transmit Delay
Hello
Interval of hello packet
Dead
Interval of dead neighbors
Poll
Interval of poll
Retransmit
Interval of retransmitting LSA
Delay time of transmitting LSA
3.1.17 display ospf cumulative

Syntax
display ospf [ process-id ] cumulative
View
Any view
Parameter
Description
Using display ospf cumulative command, you can view the OSPF cumulative
information.
Example
# Display the OSPF cumulative information.
<Quidway> display ospf cumulative
Cumulations
IO Statistics
Type
Input
Output
Hello
225
437
DB Description
78
86
Link-State Req
18
18
Link-State Update
48
53
Link-State Ack
25
21
ASE: 1 Checksum Sum:
FCAF
LSAs originated by this router

Router: 50
SumNet: 40
SumASB: 2

3-15

LSAs Originated: 92
LSAs Received: 33
Area 0.0.0.0:
Neighbors: 1
Spf: 54
Interfaces: 1
Checksum Sum F020
rtr: 2 net: 0 sumasb: 0 sumnet: 1

Area 0.0.0.1:
Neighbors: 0
Spf: 19
Interfaces: 1
Checksum Sum 14EAD
rtr: 1 net: 0
sumasb: 1
sumnet: 1
Routing Table:
Intra Area: 2
Inter Area: 0
ASE: 1

cumulative
Field
IO Statistics
Description
Type
Type of input/output OSPF packet
Input
Number of received packets
Output
Number of transmitted packets
ASE
Number of all ASE LSAs
checksum sum
Checksum of ASE LSA

originated
Number of originated LSAs
received
Number of received LSAs generated by other

routers
LSAs
Router
Number of all Router LSAs
SumNet
Number of all Sumnet LSAs
SumASB
Number of all SumASB LSAs
Area
Routing Table
Neighbors
Number of neighbors in this area
Interfaces
Number of interfaces in this area
Spf
Number of SPF computation count in this area
rtr, net, sumasb,

sumnet
Number of all LSAs in this area
Intra Area
Number of intra-area routes
Inter Area
Number of inter-area routes
ASE
Number of external routes

3-16

3.1.18 display ospf error

Syntax
display ospf [ process-id ] error
View
Any view
Parameter
Description
Using display ospf error command, you can view the OSPF error information.
Example
# Display the OSPF error information.
<Quidway> display ospf error
OSPF packet error statistics:
0: IP: received my own packet
0: OSPF: wrong packet type
0: OSPF: wrong version
0: OSPF: wrong checksum
0: OSPF: wrong area id
0: OSPF: area mismatch
0: OSPF: wrong virtual link
0: OSPF: wrong authentication type
0: OSPF: wrong authentication key
0: OSPF: too small packet
0: OSPF: packet size > ip length
0: OSPF: transmit error
0: OSPF: interface down
0: OSPF: unknown neighbor
0: HELLO: netmask mismatch
0: HELLO: hello timer mismatch
0: HELLO: dead timer mismatch
0: HELLO: extern option mismatch
0: HELLO: router id confusion
0: HELLO: virtual neighbor unknown
0: HELLO: NBMA neighbor unknown
0: DD: neighbor state low
0: DD: router id confusion
0: DD: extern option mismatch
0: DD: unknown LSA type
0: LS ACK: neighbor state low
0: LS ACK: wrong ack
0: LS ACK: duplicate ack
0: LS ACK: unknown LSA type
0: LS REQ: neighbor state low
0: LS REQ: empty request
0: LS REQ: wrong request
0: LS UPD: neighbor state low
0: LS UPD: newer self-generate LSA
0: LS UPD: LSA checksum wrong
0: LS UPD: received less recent LSA
0: LS UPD: unknown LSA type
0: OSPF routing: next hop not exist
0: DD: MTU option mismatch
0: ROUTETYPE: wrong type value

3-17

Table 3-5 Description of information generated by the command display ospf error
Field
Description
IP: received my own packet
Received my own packet
OSPF: wrong packet type
OSPF packet type error
OSPF: wrong version
OSPF version error
OSPF: wrong checksum
OSPF checksum error
OSPF: wrong area id
OSPF area ID error
OSPF: area mismatch
OSPF area mismatch
OSPF: wrong virtual link
OSPF virtual link error
OSPF: wrong authentication type
OSPF authentication type error
OSPF: wrong authentication key
OSPF authentication key error
OSPF: too small packet
OSPF packet too small
OSPF: packet size > ip length
OSPF packet size exceeds IP packet length
OSPF: transmit error
OSPF transmission error
OSPF: interface down
OSPF interface is down, unavailable
OSPF: unknown neighbor
OSPF neighbors are unknown
HELLO: netmask mismatch
Network mask mismatch
HELLO: hello timer mismatch
Interval of HELLO packet is mismatched
HELLO: dead timer mismatch
Interval of
mismatched
HELLO: extern option mismatch
Extern option of Hello packet is mismatched
HELLO: router id confusion
Hello packet: Router ID confusion
HELLO: virtual neighbor unknown
Hello packet: unknown virtual neighbor
HELLO: NBMA neighbor unknown
Hello packet: unknown NBMA neighbor
DD: neighbor state low
Database
description
(DD)
asynchronous neighbor state
DD: unknown LSA type
DD packet: unknown LSA type
LS ACK: neighbor state low
Link state acknowledgment (LS ACK) packet:

LS ACK: wrong ack
Link state acknowledgment packet: ack error
LS ACK: duplicate ack
Link state
duplication
LS ACK: unknown LSA type
Link state acknowledgment packet: unknown

LSA type
LS REQ: neighbor state low
Link
state

3-18
dead
neighbor
acknowledgment
request
(LS
packet
packet:
packet:
REQ)
is
ack
packet:

Field
Description
LS REQ: empty request
Link state request packet: empty request
LS REQ: wrong request
Link state request packet: erroneous request
LS UPD: neighbor state low
Link state update packet: asynchronous

neighbor state
LS UPD: newer self-generate LSA
Link state update

generated by itself
LS UPD: LSA checksum wrong
Link state update packet: LSA checksum error
LS UPD:received less recent LSA
Link state update packet: received less recent

LSA
LS UPD: unknown LSA type
Link state update packet: unknown LSA type
OSPF routing: next hop not exist
Next hop of OSPF routing does not exist
DD: MTU option mismatch
MTU option of DD packet is mismatched
ROUTETYPE: wrong type value
Route type: the value of the type is wrong
packet:
newer
LSA
3.1.19 display ospf interface

Syntax
display ospf [ process-id ] interface [ interface-type interface-number ]
View
Any view
Parameter
interface-type interface-number: Specify an interface.
Description
Using display ospf interface command, you can view the OSPF interface information.
Example
# Display the OSPF interface information of Vlan-interface1.
<Quidway> display ospf interface vlan-interface 1
Interfaces
Interface: 10.110.10.2 (Vlan-interface1)

3-19

Cost: 1 State: BackupDR

Type: Broadcast
Priority: 1
Designated Router: 10.110.10.1
Backup Designated Router: 10.110.10.2
Table 3-6 Description of information generated by the command display ospf interface
Field
Description
Cost
Cost of the interface
State
State of the interface state machine
Type
Network type of OSPF
Priority
Priority of DR for interface election
Designated Router
DR on the network in which the interface resides
Backup Designated Router
BDR on the network in which the interface resides

Timers
Transmit Delay
Hello
Dead
Poll
Interval of poll
Retransmit
3.1.20 display ospf lsdb

Syntax
display ospf [ process-id ] [ area-id ] lsdb [ brief | [ asbr | ase | network | nssa |
router | summary ] [ ip-address ] [ originate-router ip-address | self-originate ] ]
View
Any view
Parameter
area-id: ID of the OSPF area, which can be a decimal integer or in IP address format.
brief: View brief database information.
asbr: View the database information of summary-Asbr-LSA.
ase: View the database information of AS-external-LSA.
3-20

network: View the database information of Network-LSA

nssa: View the database information of NSSA-external-LSA
router: View the database information of Router-LSA
summary: View the database information of Summary-Net-LSA
ip-address: Link state ID in IP address format.
originate-router ip-address: Router ID of the LSA generator.
self-originate: View the database information of self-originated LSA.
Description
Using display ospf lsdb command, you can view the database information about
OSPF connecting state.
Example
# Display the database information about OSPF connecting state.
<Quidway> display ospf lsdb
Link State Database
Area: 0.0.0.0
Type LinkState ID
AdvRouter
Age Len
Sequence
Metric Where
Rtr
2.2.2.2
2.2.2.2
465 36
8000000c
SpfTree
Rtr
1.1.1.1
1.1.1.1
449 36
80000004
SpfTree
Net
10.153.17.89
2.2.2.2
465 32
80000004
SpfTree
1.1.1.1
355 28
80000003
10 Inter List
SNet 10.153.18.0
Area: 0.0.0.1
Type LinkState ID
AdvRouter
Age Len
Sequence
Rtr
1.1.1.1
1.1.1.1
449 36
80000004
SpfTree
Rtr
3.3.3.3
3.3.3.3
429 36
8000000a
Clist
Net
10.153.18.89
3.3.3.3
429 32
80000003
SpfTree
SNet 10.153.17.0
1.1.1.1
355 28
80000003
10
Inter List
ASB
1.1.1.1
355 28
80000003
10
SumAsb List
2.2.2.2
Metric Where
AS External Database:
Type LinkState ID
AdvRouter
Age Len
ASE
10.153.18.0
1.1.1.1
1006 36
ASE
10.153.16.0
2.2.2.2
798 36
ASE
10.153.17.0
2.2.2.2
623 36
ASE
10.153.17.0
1.1.1.1
1188 36
Sequence
80000002
Metric Where
1
Ase List
80000002
Uninitialized
80000003
Uninitialized
Ase List
80000002
Table 3-7 Description of information generated by the command display ospf lsdb
Field
Type
Description
Type of the LSA

3-21

Field
Description
LinkStateID
Link state ID of the LSA
AdvRouter
Router ID of the router originating the LSA
Age
Age of the LSA
Len
Length of the LSA
Sequence
Sequence number of the LSA
Metric
Cost from the router originating the LSA to LSA destination
Where
location of the LSA
<Quidway> display ospf lsdb ase

Link State Data Base
type : ASE
ls id :
2.2.0.0
adv rtr: 1.1.1.1

ls age:
349
len: 36
seq#:
chksum:
80000001
0xfcaf
Options: (DC)
Net mask:255.255.0.0
Tos 0 metric: 1
E type : 2
Forwarding Address: 0.0.0.0
Tag: 1
Table 3-8 Description of information generated by the command display ospf lsdb ase
Field
Description
type
Type of the LSA
ls id
Link state ID of the LSA
adv rtr
ls age
Age of the LSA
len
Length of the LSA
seq#
Sequence number of the LSA
chksum
Checksum of the LSA
Options
Options of the LSA
Net mask
Network mask
3-22

Field
Description
E type
Type of external route
Forwarding Address
Forwarding address
Tag
Tag
3.1.21 display ospf nexthop

Syntax
display ospf [ process-id ] nexthop
View
Any view
Parameter
Description
Using display ospf nexthop command, you can view the information about the
next-hop
Example
# Display the OSPF next-hop information.
<Quidway> display ospf nexthop
Next hops:
Address
Type
Refcount
Intf Addr
Intf Name
--------------------------------------------------------------------202.38.160.1
Direct
202.38.160.1
Vlan-interface2
202.38.160.2
Neighbor 1
202.38.160.1
Vlan-interface2
Table 3-9 Description of information generated by the command display ospf nexthop
Field
Description
Address
Address of next hop
Type
Type of next hop
Refcount
Reference count of the next hop, i.g., number of routes using

the next hop

3-23

Field
Description
Intf Addr
IP address of the interface to the next hop
Intf Name
The interface to the next hop
3.1.22 display ospf peer

Syntax
display ospf [ process-id ] peer [ brief ]
View
Any view
Parameter
Description
Using display ospf peer command, you can view the information about OSPF peer.
Using display ospf peer brief command, you can view the brief information of every
peer in OSPF, mainly the peer number at all states in every area.
Example
# View the information of OSPF peer.
<Quidway> display ospf peer
Neighbors
Area 0.0.0.0 interface 10.153.17.88(Vlan-interface1)'s neighbor(s)
RouterID: 2.2.2.2
State: Full
Address: 10.153.17.89
Mode: Nbr is Master
DR: 10.153.17.89
Priority: 1
BDR: 10.153.17.88
Dead timer expires in 31s

Neighbor has been up for 01:14:14
Table 3-10 Description of information generated by the command display ospf peer
Field
Description
RouterID
Router ID of neighbor router
Address
Address of the interface, through which neighbor

router communicates with the router
State
State of adjacency relation

3-24

Field
Description
Mode
Master/Slave mode formed by negotiation in

exchanging DD packet
Priority
Priority of DR/BDR for neighbor election
DR
IP address of the interface of elected DR
BDR
IP address of the interface of elected BDR
Dead timer expires in 31s
If no hello packet received from the peer within this

interval, the peer will be considered to be invalid.
Neighbor has been up for

01:14:14
Time of neighbor connection
# View the brief information of every peer.

<Quidway> display ospf peer brief
Neighbor Statistics
Area ID
Down Attempt Init 2-Way ExStart Exchange Loading Full Total
0.0.0.0
0.0.0.1
Total
Table 3-11 Description of information generated by the command display ospf peer
brief
Field
Description
Area ID
Area ID
Down
Initial state for OSPF to establish neighbor relation, which indicates

that OSPF router does not receive the message from a certain
neighbor router within a period of time
Attempt
It is enabled in NBMA environment, such as Frame Relay, X.25 or

ATM. It indicates that OSPF router does not receive the message from
a certain neighbor router within a period of time, but still attempts to
send Hello packet to the adjacent routers for their communications with
a lower frequency.
Init
It indicates that OSPF router has received Hello packet from a

neighbor router, but its IP address is not contained in the Hello packet.
Therefore, a two-way communication between them has not been
established.
2-Way
It indicates that a two-way communication between OSPF router and

neighbor router has been established. DR and BDR can be selected in
this state (or higher state).
ExStart
In this state, the router determines the sequence number of initial

database description (DD) packet used for data exchange, so that it
can obtain the latest link state information
3-25

Field
Description
Exchange
It indicates that OSPF router sends DD packet to its neighbor routers

to exchange link state information
Loading
In this state, OSPF router requests neighbor routers based on the

updated link state information from neighbor routers and its expired
information, and waits for response from neighbor routers
Full
It indicates that database synchronization between the routers that

have established neighbor relation has been completed, and their link
state databases have been consistent
3.1.23 display ospf request-queue

Syntax
display ospf [ process-id ] request-queue
View
Any view
Parameter
Description
Using display ospf request-queue command, you can view the information about the
OSPF request-queue.
Example
# Display the information of OSPF request-queue.
<Quidway> display ospf request-queue
The Router's Neighbors is
RouterID:
1.1.1.1
Interface: 1.1.1.3
LSID:1.1.1.3
Address: 1.1.1.1
Area: 0.0.0.0
AdvRouter:1.1.1.3
Sequence:80000017
Age:35

request-queue
Field
Description
RouterID
Address
Address of the interface,

communicate with the router
through

3-26
which
neighbor
routers

Field
Description
Interface
Address of the interface on the network segment
Area
Area number of OSPF
LSID:1.1.1.
3
Link State ID of the LSA
AdvRouter
Sequence
Sequence number of the LSA, used to discover old and repeated

LSAs
Age
Age of the LSA
3.1.24 display ospf retrans-queue

Syntax
display ospf [ process-id ] retrans-queue
View
Any view
Parameter
Description
Using display ospf retrans-queue command, you can view the information about the
OSPF retransmission queue.
Example
# Display the information of OSPF retransmission queue.
<Quidway> display ospf retrans-queue
Retransmit List
The Router's Neighbors is

RouterID: 162.162.162.162 Address: 103.169.2.2
Interface: 103.169.2.5
Area: 0.0.0.1
Retrans list:
Type: ASE
LSID:129.11.77.0
Type: ASE
LSID:129.11.108.0
AdvRouter:103.160.1.1
AdvRouter:103.160.1.1

3-27


retrans-queue
Field
Description
RouterID
Address
Address of the interface, through which neighbor routers

communicate with the router
Interface
Address of the interface on the network segment
Area
Area number of OSPF
Type
Type of the LSA
LSID
Link State ID of the LSA
AdvRouter
3.1.25 display ospf routing

Syntax
display ospf [ process-id ] routing
View
Any view
Parameter
Description
Using display ospf routing command, you can view the information about OSPF
routing table.
Example
# View the routing information related to OSPF.
<Quidway> display ospf routing
Routing Tables
Routing for Network
Destination
Cost Type NextHop
10.110.0.0/16
1 Net
10.110.10.1
10.10.0.0/16
1 Stub 10.10.0.1
Total Nets: 2

3-28
AdvRouter
Area
1.1.1.1
3.3.3.3

Intra Area: 2
Inter Area: 0
ASE: 0
NSSA: 0
Table 3-14 Description of information generated by the command display ospf routing
Field
Description
Destination
Destination network segment
Cost
Cost of route
Type
Type of route
NextHop
Next hop of route
AdvRouter
Router ID of the router advertising the route
Area
Area ID
Intra Area
Number of intra-area routes
Inter Area
Number of inter-area routes
ASE
Number of external routes
NSSA
Number of NSSA routes
3.1.26 display ospf vlink

Syntax
display ospf [ process-id ] vlink
View
Any view
Parameter
Description
Using display ospf vlink command, you can view the information about OSPF virtual
links.
Example
# View OSPF virtual links information.
<Quidway> display ospf vlink
Virtual Links
Virtual-link Neighbor-id
Cost: 0 State: Full
-> 2.2.2.2, State: Full

Type: Virtual

3-29

Transit Area: 0.0.0.2

Table 3-15 Description of information generated by the command display ospf vlink
Field
Description
Virtual-link
Neighbor-id
Router ID of virtual-link neighbor router
State
State
Interface
IP address the interface on the virtual link
Cost
Route cost of the interface
Type
Type: virtual link
Transit Area
ID of transit area that the virtual link passes, and it cannot be

backbone area, STUB area and NSSA area
Timers
Transmit Delay
Hello
Dead
Poll
Interval of poll
Retransmit

Syntax
filter-policy { acl-number | ip-prefix ip-prefix-name } export [ routing-protocol ]
undo filter-policy { acl-number | ip-prefix ip-prefix-name} export [ routing-protocol ]
View
OSPF view
Parameter
acl-number: Access control list number.
ip-prefix-name: Name of the address prefix list. The length of ip-prefix-name ranges
routing-protocol: Protocol advertising the routing information, including direct, isis,
bgp, rip and static at present.

3-30

Description
Using filter-policy export command, you can configure the ASBR router to filter the
external routes imported to the OSPF. This command only takes effect on ASBR
routers.
Using undo filter-policy export command, you can cancel the filtering rules that have
been set.
By default, OSPF does not receive the routes distributed by other routing protocol.
Note:
z
The filter-policy export command only takes effect to the routes imported by the
import-route command. If you configure the switch with only the filter-policy
export command, but without configuring the import-route command to import
other external routes (including OSPF routes of different process), then the
filter-policy export command does not take effect.
If the filter-policy export command does not specify to filter which type of routes, it
takes effect for all the routes imported by the import-route.
For the related commands, see acl, ip ip-prefix.
Example
# Configure ospf to only import the routes by acl 2000.
[Quidway-ospf-1] filter-policy 2000 export

Syntax
filter-policy { acl-number | ip-prefix ip-prefix-name | gateway ip-prefix-name } import
undo filter-policy { acl-number | ip-prefix ip-prefix-name | gateway ip-prefix-name }
import
View
OSPF view

3-31

Parameter
the routing information, ranging 2000 to 3999.
string.
gateway ip-prefix-name: Name of address prefix list used for filtering the addresses of
the neighboring routers advertising the routing information. The length of
Description
Using filter-policy import command, you can configure the OSPF rules of filtering the
routing information received. Using undo filter-policy import command, you can
cancel the filtering of the routing information received.
By default, no filtering of the received routing information is performed.
conditions can be received. Then, the filter-policy command can be used to set the
filtering conditions for the routing information to be received. Only the routing
information passing the filtration can be received.
Example
# Filter the received routing information according to the rule defined by the access
control list 2000.
[Quidway-ospf-1] filter-policy 2000 import
3.1.29 import-route
Syntax
import-route protocol [ cost value | type value | tag value | route-policy
View
OSPF view

3-32

Parameter
protocol: Specify the source routing protocol that can be imported. At present, it
includes direct, rip, static, ospf, ospf-ase and ospf-nssa.
cost value: Specify the cost of imported route.
type value: Specify the cost type of imported external routes. The value ranges from 1
to 2. The default value is 2.
tag value: Specify the value of tag for imported external routes.
route-policy route-policy-name: Configure only to import the routes matching the
specified Route-policy. The length of route-policy-name parameter ranges from 1 to 16
character string.
Description
Using import-route command, you can import the information of another routing
protocol. Using undo import-route command, you can cancel the imported external
routing information.
By default, the routing information of other protocols is not imported.
Note:
You are recommended to configure the route type, cost and tag together in one
command; otherwise, the new configuration overwrites the old one.
Example
# Specify an imported RIP route as the route of type 2, with the route tag as 33 and the
route cost as 50.
[Quidway-ospf-1] import-route rip type 2 tag 33 cost 50
3.1.30 network
Syntax
network ip-address ip-mask
undo network ip-address ip-mask
View
OSPF Area view
Parameter
ip-address: Address of the network segment where the interface locates.
3-33

ip-mask: IP address wildcard shielded text (similar to the complement of the IP address
mask).
Description
Using network command, you can configure the interface running OSPF protocol to
which the interface belongs. Using undo network command, you can cancel the
interface running OSPF.
By default, the interface does not belong to any area.
With the two parameters, ip-address and ip-mask, one or more interfaces can be
configured as an area. To run the OSPF protocol on one interface, the master IP
address of this interface must be in the range of the network segment specified by this
command. If only the slave IP address of the interface is in the range of the network
segment specified by this command, this interface will not run OSPF protocol.
For the related commands, see ospf.
Example
# Specify the interfaces whose master IP addresses are in the segment range of
10.110.36.0 to run the OSPF protocol and specify the number of the OSPF area (where
these interfaces are located) as 6.
[Quidway-ospf-1-area-0.0.0.6] network 10.110.36.0.0 0.0.0.255
3.1.31 nssa
Syntax
nssa [ default-route-advertise ] [ no-import-route ] [ no-summary ]
undo nssa
View
OSPF Area view
Parameter
default-route-advertise: Import default route to NSSA area.
no-import-route: Configure not to import route to NSSA area.
no-summary: ABR is disabled to transmit summary_net LSAs to the NSSA area.
Description
Using nssa command, you can configure the type of an OSPF area as NSSA area.
Using undo nssa command, you can cancel the function.
By default, NSSA area is not configured.
3-34

For all the routers connected to the NSSA area, the command nssa must be used to
configure the area as the NSSA attribute.
The default-route-advertise parameter is used to generate default type-7 LSA. No
matter whether there is route 0.0.0.0 in routing table on ABR, type-7 LSA default route
will be generated always. Only when there is route 0.0.0.0 in routing table on ASBR, will
type-7 LSA default route be generated.
On ASBR, the no-import-route parameter enables the external route imported by
OSPF through import-route command not to be advertised to NSSA area.
Example
# Configure area 1 as NSSA area.
[Quidway-ospf-1-area-0.0.0.1] nssa
3.1.32 ospf
Syntax
ospf [ process-id [ router-id router-id ] ]
undo ospf [ process-id ]
View
System view
Parameter
process-id: Process ID of OSPF, ranging from 1 to 65535. By default, the process ID is
1. process-id is locally significant.
router-id: Router ID that is a 32-bit unsigned integer.
Description
Using ospf command, you can enable the OSPF protocol. Using undo ospf command,
you can disable the OSPF protocol.
After starting OSPF protocol, the user can make the corresponding configuration under
the OSPF protocol view.
By default, the system does not run the OSPF protocol.
For the related commands, see network.
Example
# Enable the running of the OSPF protocol.

3-35

[Quidway] router id 10.110.1.8

[Quidway] ospf
[Quidway-ospf-1]
# Enable the running of the OSPF protocol with process ID specified as 120.
[Quidway] ospf 120
[Quidway-ospf-120]
3.1.33 ospf authentication-mode

Syntax
ospf authentication-mode { simple password | md5 key-id key }
undo ospf authentication-mode { simple | md5 }
View
Interface view
Parameter
simple password: Character string not exceeding 8 characters using plain text
authentication.
key-id: ID of the authentication key in MD5 authentication mode in the range from 1 to
255.
key: MD5 authentication key. If it is input in a plain text form, MD5 key is a character
string not exceeding 16 characters. And it will be displayed in a cipher text form in a
length of 24 characters when display current-configuration command is executed.
Inputting the MD5 key in a cipher text form with 24 characters is also supported.
Description
Using ospf authentication-mode command, you can configure the authentication
mode and key between adjacent routers. Using undo ospf authentication-mode
command, you can cancel the authentication key that has been set.
By default, the interface does not authenticate the OSPF packets.
The passwords for authentication keys of the routers on the same network segment
must be identical. In addition, using authentication-mode command, you can set the
authentication type of the area so as to validate the configuration.
For the related commands, see authentication-mode.

3-36

Example
# Set the area 1 where the network segment 131.119.0.0 of Interface Vlan-interface 1 is
located to support MD5 cipher text authentication. The authentication key identifier is
set to 15 and the authentication key is Huawei.
[Quidway-ospf-1-area-0.0.0.1] authentication-mode md5
[Quidway-Vlan-interface1] ospf authentication-mode md5 15 Huawei
3.1.34 ospf cost

Syntax
ospf cost value
undo ospf cost
View
Interface view
Parameter
value: Cost for running OSPF protocol, ranging from 1 to 65535.
Description
Using ospf cost command, you can configure different message sending costs so as
to send messages from different interfaces. Using undo ospf cost command, you can
restore the default costs.
For S6500 series switches, the default cost for running OSPF protocol of on the VLAN
interface is 10.
Example
# Specify the cost spent when an interface runs OSPF as 33.
[Quidway-Vlan-interface1] ospf cost 33
3.1.35 ospf dr-priority

Syntax
ospf dr-priority value
undo ospf dr-priority

3-37

View
Interface view
Parameter
value: Interface priority for electing the "designated router", ranging from 0 to 255. The
default value is 1.
Description
Using ospf dr-priority command, you can configure the priority for electing the
"designated router" on an interface. Using undo ospf dr-priority command, you can
restore the default value.
The priority of the interface determines the qualification of the interface when the
"designated router" is elected. The interface with higher priority will be considered first
when the vote collision occurs.
Example
# Set the priority of the interface Vlan-interface 1 to 8, when electing the DR.
[Quidway-Vlan-interface1] ospf dr-priority 8
3.1.36 ospf mib-binding

Syntax
ospf mib-binding process-id
undo ospf mib-binding
View
System view
Parameter
process-id: Process ID of OSPF, ranging from 1 to 65535.
Description
Using the ospf mib-binding command, you can bind the MIB operation to the specified
OSPF process. Using the undo ospf mib-binding command, you can restore the
default settings.
When OSPF protocol enables the first process, it always binds MIB operation to this
process. You can use this command to bind MIB operation to another OSPF process.
Execute the undo ospf mib-binding command if you want to cancel the setting. OSPF
will automatically re-bind MIB operation to the first process that it enables.

3-38

By default, MIB operation is bound to the first enabled OSPF process.
Example
# Bind MIB operation to OSPF process 100.
[Quidway] ospf mib-binding 100
# Bind MIB operation to OSPF process 200.
[Quidway] ospf mib-binding 200
# Cancel the binding of MIB operation.
[Quidway] undo ospf mib-binding
3.1.37 ospf mtu-enable

Syntax
ospf mtu-enable
undo ospf mtu-enable
View
Interface view
Parameter
None.
Description
Using ospf mtu-enable command, you can enable the interface to write MTU value
when sending DD packets. Using undo ospf mtu-enable command, you can restore
the default settings.
By default, The MTU value is 0 when sending DD packets, i.e. the actual MTU value of
the interface is not written.
Database Description (DD) packets are used to describe its own LSDB when the router
running OSPF protocol is synchronizing the database.
The default MTU value of DD packet is 0. With this command, the specified interface
can be set manually to write the MTU value area in DD packets when sending DD
packets, i.e. the actual MTU value of the interface is written in.
Example
# Set interface Vlan-interface 3 to write MTU value area when sending DD packets.
[Quidway-Vlan-interface3] ospf mtu-enable

3-39

3.1.38 ospf network-type

Syntax
ospf network-type { broadcast | nbma | p2mp | p2p }
undo ospf network-type
View
Interface view
Parameter
broadcast: Change the interface network type to broadcast.
nbma: Change the interface network type to NBMA.
p2mp: Change the interface network type to p2mp.
p2p: Change the interface network type to point-to-point.
Description
Using ospf network-type command, you can configure the network type of OSPF
interface. Using undo ospf network-type command, you can restore the default
network type of the OSPF interface.
OSPF divides networks into four types by link layer protocol:
z
Broadcast: If Ethernet or FDDI is adopted, OSPF defaults the network type to

broadcast.
Non-Broadcast Muli-access (nbma): If Frame Relay, ATM, HDLC or X.25 is

adopted, OSPF defaults the network type to NBMA.
Point-to-Multipoint (p2mp): OSPF will not default the network type of any link layer
protocol to p2mp. The general undertaking is to change a partially connected
NBMA network to p2mp network if the NBMA network is not fully-meshed.
Point-to-point (p2p): If PPP, LAPB or POS is adopted, OSPF defaults the network
type to p2p.
NBMA means that a network is non-broadcast and multi-accessible. ATM is a typical

example for it. The user can configure the polling interval to specify the interval of
sending polling hello packets before the adjacency of the neighboring routers is formed.
Configure the interface type to nonbroadcast on a broadcast network without
multi-access capability.
Configure the interface type to p2mp if not all the routers are directly accessible on an
NBMA network.
Change the interface type to p2p if the router has only one peer on the NBMA network.
Note: When the network type of an interface is NBMA or it is changed to NBMA
manually, the peer command must be used to configure the neighboring point.

3-40

For the related commands, see ospf dr-priority.
Example
# Set the interface Vlan-interface 1 to NBMA type.
[Quidway-Vlan-interface1] ospf network-type nbma
3.1.39 ospf timer dead

Syntax
ospf timer dead seconds
undo ospf timer dead
View
Interface view
Parameter
seconds: Dead interval of the OSPF neighbor. It is in second and ranges from 1 to
65535.
Description
Using ospf timer dead command, you can configure the dead interval of the OSPF
peer. Using undo ospf timer dead command, you can restore the default value of the
dead interval of the peer.
By default, the dead interval for the OSPF peers of p2p and broadcast interfaces are
40 seconds, and for those of p2mp and nbma interfaces is 120 seconds.
The dead of OSPF peers means that within this interval, if no Hello message is
received from the peer, the peer will be considered to be invalid. The value of dead
seconds should be at least 4 times of that of the Hello seconds. The dead seconds for
the routers on the same network segment must be identical.
For the related commands, see ospf timer hello.
Example
# Set the peer dead on the interface Vlan-interface 1 to 80 seconds.
[Quidway-Vlan-interface1] ospf timer dead 80

3-41

3.1.40 ospf timer hello

Syntax
ospf timer hello seconds
undo ospf timer hello
View
Interface view
Parameter
seconds: Interval in seconds for an interface to transmit hello packet. It ranges from 1 to
255.
Description
Using ospf timer hello command, you can configure the interval for transmitting Hello
messages on an interface. Using undo ospf timer hello command, you can restore
the interval to the default value.
By default, the interval is 10 seconds for an interface of p2p or broadcast type to
transmit Hello messages, and 30 seconds for an interface of nbma or p2mp type.
For the related commands, see ospf timer dead.
Example
# Configure the interval of transmitting Hello messages on the interface Vlan-interface
1 to 20 seconds.
[Quidway-Vlan-interface1] ospf timer hello 20
3.1.41 ospf timer poll

Syntax
ospf timer poll seconds
undo ospf timer poll
View
Interface view
Parameter
seconds: Specifies the poll Hello interval, ranging from 1 to 65535 and measured in
seconds. The default value is 40 seconds.

3-42

Description
Using ospf timer poll command, you can configure the poll Hello packet interval on
NBMA and p2mp network. Using undo ospf timer poll command, you can restore the
default poll interval.
On the NBMA and p2mp network, if a neighbor is invalid, the Hello packet will be
transmitted regularly according to the poll seconds. You can configure the poll
seconds to specify how often the interface transmits Hello packet before it establishes
adjacency with the adjacent router. Poll seconds should be no less than 3 times of
Hello.
Example
# Configure to transmit poll Hello packet from interface Vlan-interface 2 every 120
seconds.
[Quidway-Vlan-interface2] ospf timer poll 120
3.1.42 ospf timer retransmit

Syntax
ospf timer retransmit interval
undo ospf timer retransmit
View
Interface view
Parameter
interval: Interval in second for re-transmitting LSA on an interface. It ranges from 1 to
3600. The default value is 5 seconds.
Description
Using ospf timer retransmit command, you can configure the interval for LSA
re-transmitting on an interface. Using undo ospf timer retransmit command, you can
restore the default interval value for LSA re-transmitting on the interface.
If a router running OSPF transmits a "link state advertisement" (LSA) to the peer, it
needs to wait for the acknowledgement packet from the peer. If no acknowledgement is
received from the peer within the LSA retransmit, this LSA will be re-transmitted. This
command can change the interval of re-transmitting LSA. However, according to
RFC2328, the LSA retransmit between adjacent routers should not be set too short.
Otherwise, unexpected re-transmission will be caused.

3-43

Example
# Specify the retransmit for LSA transmitting between the interface Vlan-interface 1 and
the adjacent routers to 12 seconds.
[Quidway-Vlan-interface1] ospf timer retransmit 12
3.1.43 ospf trans-delay

Syntax
ospf trans-delay value
undo ospf trans-delay
View
Interface view
Parameter
value: Transmitting delay of LSA on an interface. It ranges from 1 to 3600. By default,
the value is 1 second.
Description
Using ospf trans-delay command, you can configure the LSA transmitting delay on an
interface. Using undo ospf trans-delay command, you can restore the default value of
the LSA transmitting delay on an interface.
LSA will age in the "link state database" (LSDB) of the router as time goes by (add 1 for
every second), but it will not age during network transmission. Therefore, it is
necessary to add a period of time set by this command to the aging time of LSA before
transmitting it.
Example
# Specify the trans-delay of transmitting LSA on the interface Vlan-interface 1 as 3
seconds.
[Quidway-Vlan-interface1] ospf trans-delay 3
3.1.44 peer
Syntax
peer ip-address [ dr-priority dr-priority-number ]
undo peer ip-address

3-44

View
OSPF view
Parameter
ip-address : IP address of the neighboring point.
dr-priority-number: Priority value represents the corresponding priority value of the
network neighbor. The range is from 0 to 255. The default value is 1.
Description
Using peer command, you can configure the neighboring point if a router is connected
to a network of NBMA type. Using undo peer command, you can cancel the configured
neighboring point.
Example
# Configure the IP address of neighboring router as 10.1.1.1.
[Quidway-ospf-1] peer 10.1.1.1
3.1.45 preference
Syntax
preference [ ase ] value
undo preference [ ase ]
View
OSPF view
Parameter
value: OSPF protocol route preference, ranging from 1 to 255.
ase: Indicate the preference of an imported external route of the AS.
Description
Using preference command, you can configure the preference of an OSPF protocol
route. Using undo preference command, you can restore the default value of the
OSPF protocol route.
By default, the preference of an OSPF protocol internal route is 10 and the preference
of an external route is 150.
Because multiple dynamic routing protocols could be running on a router, there is the
problem of routing information sharing among routing protocols and selection.
Therefore, a default preference is specified for each routing protocol. When a route is

3-45

identified by different protocols, the protocol with a high preference will play a decisive
role.
Example
# Specify the preference of an imported external route of the AS as 160.
[Quidway-ospf-1] preference ase 160
3.1.46 reset ospf

Syntax
reset ospf [ statistics ] { all | process-id }
View
User view
Parameter
statistics: Reset OSPF statistics.
all: Reset all OSPF processes.
process-id: Process ID of OSPF, ranging from 1 to 65535.
Description
Using reset ospf all command, you can reset all the OSPF process.
Using reset ospf process-id command, you can reset the corresponding OSPF
process
This command can be used to reset the OSPF process and the following results are
expected:
z
Clear invalid LSA immediately without waiting for LSA timeout.
If the Router ID changes, a new Router ID will take effect by executing the
command.
Re-elect DR and BDR conveniently.
OSPF configuration before the restart will not lose.
The system will require the user to confirm whether to re-enable the OSPF protocol
after execution of the command.
Example
# Reset all the OSPF processes.
<Quidway> reset ospf all

3-46

3.1.47 router id
Syntax
router id router-id
undo router id
View
System view
Parameter
router-id: Router ID that is a 32-bit unsigned integer.
Description
Using router id command, you can configure the ID of a router running the OSPF
protocol. Using undo router id command, you can cancel the router ID that has been
set.
By default, if the LoopBack interface address exists, the system chooses the LoopBack
address with the greatest IP address value as the router ID; if no LoopBack interface
configured, then the address of the physical interface with the greatest IP address
value will be the router ID.
Router ID is a 32-bit unsigned integer that uniquely identifies a router in an OSPF
autonomous system. The user can specify the ID for a router. If the user doesnt specify
router ID, the router will automatically select one from configured IP address as the ID
of this router. If no IP address is configured for any interface of the router, the router ID
must be configured in OSPF view. Otherwise, OSPF protocol cannot be enabled.
When the router ID is configured manually, the IDs of any two routers cannot be same
in the autonomous system. So, the IP address of certain interface might as well be
selected as the ID of this router.
Note:
The modified router ID will not be valid unless OSPF is re-enabled.
For the related commands, see ospf.
Example
# Set the router ID to 10.1.1.3.

3-47

3.1.48 silent-interface
Syntax
silent-interface interface-type interface-number
undo silent-interface interface-type interface-number
View
OSPF view
Parameter
interface-type: Specify the interface type
interface-number: Specify the interface number.
Description
Using silent-interface command, you can disable an interface to transmit OSPF
packet. Using undo silent-interface command, you can restore the default setting.
By default, the interface is enabled to transmit OSPF packet.
You can use this command to disable an interface to transmit OSPF packet, so as to
prevent the router on some network from receiving the OSPF routing information. On a
switch, this command can disable/enable the specified VLAN interface to send OSPF
packets
Example
# Disable interface Vlan-interface 2 to transmit OSPF packet.
[Quidway-ospf-1] silent-interface Vlan-interface 2
3.1.49 snmp-agent trap enable ospf

Syntax
snmp-agent trap enable ospf [ process-id ] [ ifstatechange | virifstatechange |
nbrstatechange | virnbrstatechange | ifcfgerror | virifcfgerror | ifauthfail |
virifauthfail | ifrxbadpkt | virifrxbadpkt | txretransmit | viriftxretransmit |
originatelsa | maxagelsa | lsdboverflow | lsdbapproachoverflow ]
undo snmp-agent trap enable ospf [ process-id ] [ ifstatechange | virifstatechange
| nbrstatechange | virnbrstatechange | ifcfgerror | virifcfgerror | ifauthfail |
virifauthfail | ifrxbadpkt | virifrxbadpkt | txretransmit | viriftxretransmit |
originatelsa | maxagelsa | lsdboverflow | lsdbapproachoverflow ]
View
System view

3-48

Parameter
process-id: Process ID of OSPF. The command is applied to all current OSPF
processes if you do not specify a process ID.
ifstatechange, virifstatechange, nbrstatechange, virnbrstatechange, ifcfgerror,
virifcfgerror, ifauthfail, virifauthfail, ifrxbadpkt, virifrxbadpkt, txretransmit,
viriftxretransmit, originatelsa, maxagelsa, lsdboverflow, lsdbapproachoverflow:
Types of TRAP packets that the switch produces in case of OSPF anomalies.
Description
Using the snmp-agent trap enable ospf command, you can enable the OSPF TRAP
function. Using the undo snmp-agent trap enable ospf command, you can disable
the OSPF TRAP function.
This command cannot be applied to the OSPF processes that are started after the
command is executed.
By default, the switch does not send TRAP packets in case of OSPF anomalies.
For detailed configuration of SNMP TRAP, refer to the module System Management"
in this manual.
Example
# Enable the TRAP function for OSPF process 100.
[Quidway] snmp-agent trap enable ospf 100
3.1.50 spf-schedule-interval
Syntax
spf-schedule-interval interval
undo spf-schedule-interval
View
OSPF view
Parameter
interval: SPF calculation interval of OSPF, which is in second in the range of 1 to 10.
The default value is 5 seconds.
Description
Using spf-schedule-interval command, you can configure the route calculation
interval of OSPF. Using undo spf-schedule-interval command, you can restore the
default setting.

3-49

According to the Link State Database (LSDB), the router running OSPF can calculate
the shortest path tree taking itself as the root and determine the next hop to the
destination network according to the shortest path tree. By adjusting SPF calculation
interval, network frequently changing can be restrained, which may lead to that too
many bandwidth resources and router resources will be used.
Example
# Set the OSPF route calculation interval of Quidway to 6 seconds.
[Quidway-ospf-1] spf-schedule-interval 6
3.1.51 stub
Syntax
stub [ no-summary ]
undo stub
View
OSPF Area view
Parameter
no-summary: ABR is disabled to transmit Summary LSAs to the STUB area.
Description
Using stub command, you can configure the type of an OSPF area as stub. Using
undo stub command, you can cancel the settings.
By default, no area is set to be the STUB area.
If the router is an ABR, it will send a default route to the connected stub area . Using
default-cost command, you can configure the default route cost.
For the related commands, see default-cost.
Example
# Set the type of OSPF area 1 to the STUB area.
[Quidway-ospf-1-area-0.0.0.1] stub
3.1.52 vlink-peer
Syntax
vlink-peer router-id [ hello seconds | retransmit seconds | trans-delay seconds |
dead seconds | simple password | md5 keyid key ]*

3-50

undo vlink-peer router-id
View
OSPF Area view
Parameter
route-id: Router ID of virtual link peer.
hello seconds: Interval that router transmits hello packet. It ranges from 1 to 8192
seconds. This value must equal the hello seconds value of the router virtually linked to
the interface. The default value is 10 seconds,
retransmit seconds: Specify the interval for re-transmitting the LSA packets on an
interface. It ranges from 1 to 3600 seconds. The default value is 5 seconds.
trans-delay seconds: Specify the interval for delaying transmitting LSA packets on an
interface. It ranges from 1 to 3600 seconds. By default, the value is 1 second.
dead seconds: Specify the interval of death timer. It ranges from 1 to 8192 seconds.
This value must equal the dead seconds of the router virtually linked to it and must be
at least 4 times of the hello seconds. The default value is 40 seconds.
simple password: Specify the simple text authentication password, not exceeding 8
characters, of the interface. This value must equal the authentication key of the virtually
linked peer.
keyid: Specify the MD5 authentication key ID. Its value ranges from 1 to 255. It must be
equal to the authentication key ID of the virtually linked peer.
key: Specify the MD5 authentication key. If it is input in a plain text form, the key is a
character string not exceeding 16 characters. And it will be displayed in a cipher text
form in a length of 24 characters when display current-configuration command is
executed. Inputting the MD5 key in a cipher text form with 24 characters is also
supported.
Description
Using vlink-peer command, you can create and configure a virtual link. Using undo
vlink-peer command, you can cancel an existing virtual link.
According to RFC2328, the OSPF area should be connected with the backbone
network. You can use vlink-peer command to keep the connectivity. Virtual link can be
regarded as a common interface that uses OSPF so that you can easily understand
why to configure the parameters such as hello, retransmit, and trans-delay on it.
One thing should be mentioned. When configuring virtual link authentication,
authentication-mode command is used to set the authentication mode as MD5 cipher
text or simple text on the backbone network.
For the related commands, see authentication-mode, display ospf.

3-51

Example
# Create a virtual link to 10.110.0.3 and use the MD5 cipher authentication mode.
[Quidway-ospf-1] area 10.0.0.0
[Quidway-ospf-1-area-10.0.0.0] vlink-peer 10.110.0.3 md5 3 345

3-52

Chapter 4 Integrated IS-IS Configuration Commands
Chapter 4 Integrated IS-IS Configuration

Commands
Note:
4.1 Integrated IS-IS Configuration Commands

4.1.1 area-authentication-mode
Syntax
area-authentication-mode { simple | md5 } password [ ip | osi ]
undo area-authentication-mode { simple | md5 } [ ip | osi ]
View
IS-IS view
Parameter
simple: Configure to transmit the password in simple text.
md5: Configure to transmit the password encrypted with MD5 algorithm.
text. If the authentication is in the md5 mode, the password can be either in cipher text
or in plain text, and it will be displayed in a cipher text form in a length of 24 characters
when display current-configuration command is executed. A plain text password is a
sequential character string of no more than 16 characters, for example, h3c. The length
of an cipher text must be 24 characters, for example, _(TT8F]Y\5SQ=^Q`MAF4<1!!.
ip: Specify the IP authentication password.
osi: Specify the OSI authentication password.
The configuration of ip or osi authentication password is independent of the real
network environment.

4-1

Description
Using area-authentication-mode command, you can configure ISIS to authenticate
the received level-1 routing information packets (LSP, CSNP and PSNP), according to
the pre-defined mode and password. Using undo area-authentication-mode
command, you can configure ISIS not to authenticate the said packets.
In default configuration, the system will not authenticate the received level-1 routing
packets, and there is no password. By using this command, you can clear all the level-1
routing packets, whose area authentication passwords do not consistent with the one
set via this command. At the same time, this command will let ISIS insert the area
authentication password into all the level-1 routing packets sent by this node, in a
certain mode.
For the related commands, see reset isis all, domain-authentication-mode, isis
authentication-mode.
Example
# Set the area authentication password as hello and the authentication type as
simple.
[Quidway] isis
[Quidway-isis] area-authentication-mode simple hello
4.1.2 cost-style
Syntax
cost-style { narrow | wide | wide-compatible | { compatible | narrow-compatible }
[ relax-spf-limit ] }
undo cost-style
View
IS-IS view
Parameter
narrow: Only receive/send packets whose cost type is narrow
wide: Only receive/send packets whose cost type is wide.
compatible: Receive/send packets whose cost type is narrow or wide.
narrow-compatible: Receive packets whose cost type is narrow or wide, but only send
packets whose cost type is narrow
wide-compatible: Receive packets whose cost type is narrow or wide, but only send
packets whose cost type is wide.

4-2

relax-spf-metric: Permit to receive routes whose cost value is larger than 1024. If this
item is not set, routes whose metrics value is larger than 1024 will be discarded. This
setting is only valid for compatible, narrow-compatible and wide-compatible.
Description
Using cost-style command, you can set the cost type of an IS-IS packet received/sent
by the router. Using undo cost-style command, you can restore the default settings.
By default, IS-IS only receives/sends packets whose cost type is narrow.
Example
# Set IS-IS to receive packets whose cost type is narrow or wide, but only send packets
whose cost type is narrow.
[Quidway] isis
[Quidway-isis] cost-style narrow-compatible
4.1.3 debugging isis

Syntax
debugging isis { is-adjacency | all | authentication-error | checksum-error |
circuit-information
datalink-sending-packet
memory-allocating
configuration-error
|
general-error
datalink-receiving-packet
|
receiving-packet-content
interface-information
|
self-originate-update
|
|
|
sending-packet-content | snp-packet | spf-event | spf-summary | spf-timer |

task-error | timer | update-packet }
undo debugging isis { is-adjacency | all | authentication-error | checksum-error |
circuit-information
datalink-sending-packet
memory-allocating
configuration-error
|
general-error
receiving-packet-content
datalink-receiving-packet
|
interface-information
|
self-originate-update
|
|
|
sending-packet-content | snp-packet | spf-event | spf-summary | spf-timer |

task-error | timer | update-packet }
View
User view
Parameter
is-adjacency: IS-IS adjacency related packets.
all: All IS-IS related debugging information.
authentication-error: IS-IS authentication errors.
checksum-error: IS-IS checksum errors.
circuit-information: Information about IS-IS enabled interface.

4-3

configuration-error: IS-IS configuration errors.

datalink-receiving-packet: Data link layer's packets-receiving status.
datalink-sending-packet: Data link layer's packets-sending status.
general-error: IS-IS error information.
interface-information: Information about IS-IS enabled data link layer.
memory-allocating: IS-IS memory allocating status.
receiving-packet-content: Packets received through IS-IS protocol.
self-originate-update: Packets locally updated through IS-IS protocol.
sending-packet-content: Packets sent through IS-IS protocol.
snp-packet: CSNP/PSNP packet of IS-IS.
spf-event: IS-IS SPF events.
spf-summary: Statistics about IS-IS performing SPF calculation.
spf-timer: IS-IS SPF trigger events.
task-error: IS-IS events status.
timer: IS-IS timer.
update-packet: Updated packets through IS-IS protocol.
Description
Using the debugging isis command, you can enable IS-IS debugging. Using the undo
debugging isis command, you can disable the function.
Example
# Enable all the information debugging of IS-IS.
<Quidway> debugging isis all
4.1.4 default-route-advertise
Syntax
default-route-advertise [ route-policy route-policy-name ]
undo default-route-advertise [ route-policy route-policy-name ]
View
IS-IS view
Parameter
route-policy route-policy-name: Only the route that satisfies the matching requirement
of specified Route-policy can generate default route. The length of route-policy-name
parameter ranges from 1 to 16 character string.
4-4

Description
Using default-route-advertise command, you can create the default route of L1, L2
router. Using undo default-route-advertise command, you can cancel this
configuration.
By default, L2 router creates the default route.
This command can be set on L1 router or L2 router. By default, the route is generated
on L2 TCP. If level level-1 is set in Route-policy view, the default route will be generated
on L1 LSP. If level level-2 is set in Route-policy view, the default route will be generated
on L2 LSP. If level level-1-2 is set in Route-policy view, the default route will be
generated on both L1 LSP and L2 LSP.
Example
# Set the router to create the default route in the LSP of correspond level.
[Quidway-isis] default-route-advertise
4.1.5 display isis brief

Syntax
display isis brief
View
Any view
Parameter
None
Description
Use the display isis brief command to view the brief information of IS-IS.
Example
# View the brief information of IS-IS.
<Quidway> display isis brief
ISIS
Network-entity:
Is-level:
Protocol Brief Information:
01.0001.0000.0000.0002.00
level-1-2
Cost-style:
narrow
Preference:
15
Timers:
spf-delay-interval:
spf-slice-size:
5000

4-5

lsp-max-age:
1200
lsp-refresh:
900
interval between SPFs:
level-1
10
level-2
10
4.1.6 display isis interface

Syntax
display isis interface [ verbose ]
View
Any view
Parameter
verbose: If this parameter is used, the details of the interface will be displayed.
Description
Using display isis interface command, you can view the information of the enabled
IS-IS interface.
This command displays the information of the enabled IS-IS interface, including
interface name, IP address of the interface, link state of the interface and so on.
Besides displaying all the information shown by the display isis interface command,
the display isis interface verbose command displays such information about the
IS-IS parameters of the interface as CSNP packet broadcast interval, Hello packet
broadcast interval and invalid number of Hello packet.
Example
# Display the information about the enabled IS-IS interface.
<Quidway> display isis interface
Interface
IP Address Id
Link.Sta IP.Sta
Vlan-interface1 172.16.1.2 001 Up
Up
MTU
Type
1497
L1
MTU
Type
1497
L1
DIS
Yes
# Display the details of the IS-IS enabled interface.

<Quidway> display isis interface verbose
Interface
IP Address Id
Link.Sta IP.Sta
Vlan-interface1 172.16.1.2 001 Up
Up
Secondary IP Address
SNPA Address
00e0.fc44.5f71
Csnp Interval
L1
10
L2
10
Hello Interval
L1
10
L2
10
Hold Time
L1
30
L2
30
Lsp Interval
33

4-6
DIS
Yes

Cost
L1
10
L2
10
Priority
L1
64
L2
64
Retransmission interval
4.1.7 display isis lsdb

Syntax
display isis lsdb [ [ l1 | l2 | level-1 | level-2 ] | [ [ LSPID | local ] | verbose ]* ]*
View
Any view
Parameter
l1 and Level-1: Both refer to the link state database of level-1.
l2 and level-2: Both refer to the link state database of level-2.
LSPID: Specify the LSPID of the Network-entity-title.
local: Configure to display the local information of the link state database.
verbose: Configure to display the verbose information of the link state database.
Description
Using display isis lsdb command, you can view the link state database of the IS-IS.
Example
# Display the verbose information of an LSP.
<Quidway> display isis lsdb 0050.0500.5005.00-00 verbose
IS-IS Level-1 Link State Database
Lsp ID
Sequence
Holdtime
A_P_O
Checksum
>0050.0500.5005.00-00
0x00000328
780
0_0_0
0xf211
4.1.8 display isis mesh-group

Syntax
display isis mesh-group
View
Any view
Parameter
none

4-7

Description
Using display isis mesh-group command, you can view the IS-IS mesh group.
This command is used for displaying the configurations of the mesh-group of the
current router interface.
Example
# Add Interface Vlan-interface 10 and Interface Vlan-interface 20 running IS-IS into
mesh group 100.
[Quidway-Vlan-interface10] isis mesh-group 100
# Display the information of IS-IS mesh-group.
[Quidway-Vlan-interface20] display isis mesh-group
Interface
Mesh-group/Blocked
Vlan-interface 10
100
Vlan-interface 20
100
4.1.9 display isis peer

Syntax
display isis peer [ verbose ]
View
Any view
Parameter
verbose: When this parameter is configured, the area address carried in the Hello
packet from the neighbor will be displayed. Otherwise, only the universal information
will be displayed.
Description
Using display isis peer command, you can view IS-IS peer information.
The display isis peer verbose command yields not only all the outputs of the display
isis peer command, but also the area address, Uptime and IP address of the directly
connected interface of the peer.
Example
# Output more information, using the verbose parameter.
<Quidway> display isis peer verbose

4-8

System ID
Interface

Circuit ID
State HoldTime Type Pri OSI/IP
0000.0000.6502 Vlan-interface1000 0000.0000.6502.02 Up 8s

Area Address:
System ID
01
IP Address: 7.7.7.7
Interface
01
Circuit ID
IP Address: 6.6.6.6
64
N/Y
Period: 01:51:13
0000.0000.6502 Vlan-interface1001 0001.0000.6506.02 Up

Area Address:
L1
24s
L1
64
N/Y
Period: 00:53:50
# View IS-IS peer information.

<Quidway> display isis peer
System ID
Interface
Circuit ID
L1
64
N/Y
L1
64
N/Y
4.1.10 display isis route

Syntax
display isis { clns | ip } route
View
Any view
Parameter
clns: Configure the interface to activate the OSI IS-IS routing process.
ip: Configure the interface to activate the IP IS-IS routing process.
Description
Using display isis route command, you can view IS-IS routing information. .
Example
# View IS-IS routing information.
<Quidway> display isis ip route
ISIS Level - 1 Forwarding Table :
Type - D -Direct, C -Connected, I -ISIS, S -Static, O -OSPF

B -BGP, R -RIP
Flags: R-Added to RM, L-Advertised in LSPs, U-Up/Down Bit Set
Destination/Mask
In.Met
Ex.Met NextHop
Interface
Flags
------------------------------------------------------------------------I 3.3.3.0/24
20
7.7.7.7

4-9
Vlan-interface1000
R/-/-

I 0.0.0.0/0
10

6.6.6.6
Vlan-interface1001
7.7.7.7
Vlan-interface1000
6.6.6.6
Vlan-interface1001
R/-/-
D 7.7.7.0/25
10
Direct
Vlan-interface1000
R/L/-
D 6.6.6.0/24
10
Direct
Vlan-interface1001
R/L/-
I 10.1.1.0/24
10
7.7.7.7
Vlan-interface1000
R/-/-
6.6.6.6
Vlan-interface1001
4.1.11 display isis spf-log

Syntax
display isis spf-log
View
Any view
Parameter
none
Description
Using display isis spf-log command, you can view the SPF calculation log information
of the IS-IS. .
Example
# View the SPF calculation log of IS-IS.
<Quidway> display isis spf-log
Details of Level 1 SPF Run:
------------------------------------------------------------------------Trig.Event
No.Of Nodes
Duration(ms)
StartTime
IS_SPFTRIG_LSPCHANGE
19
1:12:1
19
1:11:58
18
1:11:53
IS_SPFTRIG_CIRC_DOWN
19
1:11:46
IS_SPFTRIG_NEWADJ
20
1:11:39
19
1:11:35
IS_SPFTRIG_PERIODIC
18
1:3:25
22
0:55:51
18
0:55:46
IS_SPFTRIG_ADJDOWN
19
0:55:23
IS_SPFTRIG_NEWADJ
18
0:54:16
20
0:54:12
19
0:54:7

4-10

IS_SPFTRIG_PERIODIC
21
0:48:25
IS_SPFTRIG_LSPEXPIRED
19
0:34:10
IS_SPFTRIG_PERIODIC
19
0:33:25
IS_SPFTRIG_PERIODIC
18
0:18:25
19
0:13:26
IS_SPFTRIG_PERIODIC
19
0:3:25
19
1:12:7
4.1.12 domain-authentication-mode
Syntax
domain-authentication-mode { simple | md5 } password [ ip | osi ]
undo domain-authentication-mode { simple | md5 } [ ip | osi ]
View
IS-IS view
Parameter
simple: Configure to transmit the password in plain text.
ip: If this item is configured, the system checks the configuration of the corresponded
field of the IP in LSP.
osi: If this item is configured, the system checks the configuration of the corresponded
field of the OSI in LSP.
The configuration of ip or osi is independent of the real network environment.
Description
Using domain-authentication-mode command, you can configure IS-IS to
authenticate the received level-2 routing packets (LSP, CSNP, PSNP), according to the
pre-defined mode and password. Using undo domain-authentication-mode
command, you can configure IS-IS not to authenticate the said packets.
In default configuration, the system will not authenticate the received level-2 routing
packets, and there is no password. By using this command, you can clear all the level-2
routing packets, whose domain authentication passwords do not consist with the one
set via this command. At the same time, this command will let IS-IS insert the domain
4-11

authentication password into all the level-2 routing packets sent by this node, in a
certain mode.
For
the
related
commands,
see
area-authentication-mode,
isis
authentication-mode.
Example
# When you need to authenticate the level-2 routing packets, you can select the simple
mode, and the password is huawei.
[Quidway] isis
[Quidway-isis] domain-authentication-mode simple huawei

Syntax
filter-policy acl-number export [ protocol ]
undo filter-policy acl-number export [ protocol ]
View
IS-IS view
Parameter
acl-number: Specify the number of the access control list, ranging 2000 to 3999.
protocol: Specify the protocols that distribute routing information, including direct, static,
rip, bgp, ospf, ospf-nssa and ospf-ase.
Description
Using filter-policy export command, you can configure to filter the routes distributed
by other routing protocol.
Using undo filter-policy export command, you can cancel the filtering rules.
By default, IS-IS does not receive routes distributed by other routing protocol.

4-12

Note:
z
The filter-policy export command only takes effect to the routes imported by the
import-route command. If you configure the switch with only the filter-policy
export command, but without configuring the import-route command to import
other external routes, then the filter-policy export command does not take effect.
If the filter-policy export command does not specify which route to be filtered, then
the all the routes imported by the import-route command will be filtered.
For the related commands, see filter-policy import.
Example
# Use acl 2000 to filter the routes imported by IS-IS.
[Quidway-isis] filter-policy 2000 export

Syntax
filter-policy acl-number import
undo filter-policy acl-number import
View
IS-IS view
Parameter
acl-number: Specify the number of the access control list, ranging 2000 to 3999.
Description
Using filter-policy import command, you can configure to filter the routes received by
IS-IS. Using undo filter-policy import command, you can configure not to filter the
received routes.
By default, IS-IS does not filter the received routing information.
In some cases, only the routing information meeting the specified conditions will be
accepted. You can configure the filter-policy to specify the filter conditions so as to
accept the desired routing information only.
For the related commands, see filter-policy export.
Example
# Filter the received routes by using acl 2000.
[Quidway-isis] filter-policy 2000 import
4-13

4.1.15 ignore-lsp-checksum-error
Syntax
ignore-lsp-checksum-error
undo ignore-lsp-checksum-error
View
IS-IS view
Parameter
None
Description
Using ignore-lsp-checksum-error command, you can configure the IS-IS to discard
LSPs with checksum errors. Using undo ignore-lsp-checksum-error command, you
can configure the IS-IS to ignore the checksum error of LSP.
By default, the checksum error of LSP is ignored.
After receiving an LSP packet, the local IS-IS will calculate its checksum and compares
the result with the checksum in the LSP packet. This process is the checksum
authentication over the received LSP. By default, though the checksum in the packet is
found not in consistent with the calculated result, the LSP is processed as normal.
However,
if
not
ignoring
LSP
checksum
error
is
set
with
the
ignore-lsp-checksum-error command, the LSP will be discarded silently if the

checksum error is found.
Example
# Discard the LSPs with checksum errors.
[Quidway-isis] ignore-lsp-checksum-error
4.1.16 import-route
Syntax
import-route protocol [ cost value | type { external | internal } | [ level-1 | level-1-2 |
level-2 ] | route-policy route-policy-name ]*
undo import-route protocol [ cost value | type { external | internal } | [ level-1 |
level-1-2 | level-2 ] | route-policy route-policy-name ]*
View
IS-IS view

4-14

Parameter
protocol: Specify the source protocol for importing the routing information, which can be
direct, static, rip, bgp, and ospf etc.
value: Specify the metric of the imported route, ranging from 0 to 63.
type: Type of routing cost: internal indicates the routing cost in the same area;
external indicates the routing cost among areas. By default, the routing cost is
internal.
level-1: Configure to import the route into Level-1 routing table.
level-2: Configure to import the route into Level-2 routing table. If the level is not
specified, it defaults to importing the routes into level-2.
level-1-2: Configure to import the route into Level-1 and Level-2 routing table.
route-policy route-policy-name: Configure to import the routes matching the
conditions defined in the specified route-policy only. The length of route-policy-name
Description
Using import-route command, you can configure IS-IS to import the routing
information of other protocols. Using undo import-route command, you can cancel
this function.
By default, IS-IS does not import the routing information of other protocols.
IS-IS regards all the routes imported into the routing domain as the external routes,
which describe the way of routing outside the routing domain.
For the related commands, see import-route isis level-2 into level-1.
Example
# Configure IS-IS to import the routing information of OSPF.
[Quidway-isis] import-route ospf
4.1.17 import-route isis level-2 into level-1

Syntax
import-route isis level-2 into level-1 [ acl acl-number ]
undo import-route isis level-2 into level-1 [ acl acl-number ]
View
IS-IS view

4-15

Parameter
acl-number: ACL number. When configuring routing leak from Level-2 to Level-1, only
the routes that are permitted by ACL can be imported to Level-1 area if an ACL has
been specified.
Description
Using the import-route isis level-2 into level-1 command, you can enable routing
information in a Level-2 area to be imported to a Level-1 area. Using the undo
import-route isis level-2 into level-1 command, you can remove the function.
By default, routing information in a Level-2 area is not imported to a Level-1 area.
Example
# Import routing information of a router from a Level-2 area to a Level-1 area.
[Quidway] acl number 3100 permit any
[Quidway] isis
[Quidway-isis] import-route isis level2 into level1 acl 3100
4.1.18 isis
Syntax
isis [ tag ]
undo isis [ tag ]
View
System view
Parameter
tag: the name given to the ISIS process. The name length should be no longer than 128
characters, and it can be 0, which means null.
Description
Using isis command, you can start the corresponding IS-IS routing process and enter
the ISIS view. Using undo isis command, you can delete the specified IS-IS routing
process.
By default, IS-IS routing process is not started
For the normal operation of the IS-IS protocol, the isis command must be used to
enable the IS-IS process. Then the network-entity command is used to set a Network
Entity Title (NET) for the router. And, at last, the isis enable command is used to

4-16

enable each interface on which the IS-IS process runs. The IS-IS protocol is actually
enabled upon the completion of these configurations.
Note:
Only one IS-IS routing process can be started on one router.
For the related commands, see isis enable, network-entity.
Example
# Start an IS-IS routing process, in which the system ID is 0000.0000.0002 and the area
ID is 01.0001.
[Quidway] isis
[Quidway-isis] network-entity 01.0001.0000.0000.0002.00
4.1.19 isis authentication-mode

Syntax
isis authentication-mode { simple | md5 } password [ { level-1 | level-2 } [ ip | osi ] ]
undo isis authentication-mode { simple | md5 } password [ { level-1 | level-2 } [ ip |
osi ] ]
View
VLAN interface view
Parameter
simple: Configure to transmit the password in plain text.
level-1: Configure authentication password for L1.
level-2: Configure authentication password for L2.
ip: If this item is configured, the system checks the configuration of the corresponded
field of the IP in LSP.

4-17

osi: If this item is configured, the system checks the configuration of the corresponded
field of the OSI in LSP.
The configuration of ip or osi is independent of the real network environment.
Description
Using isis authentication-mode command, you can configure the IS-IS to
authenticate the hello packets of the corresponding level, in the specified mode and
with
the
specified
password
on
the
IS-IS
interface.
Using
undo
isis
authentication-mode command, you can cancel the authentication and delete the
password at the same time.
By default, the password is not set and no authentication is executed.
If the password is set, but no parameter is specified, the default settings are level-1 and
osi.
For
the
related
commands,
see
domain-authentication-mode.
Example
# Set the authentication password tangshi in plain text for the Level-1 neighboring
relationship on Interface Vlan-interface 10.
[Quidway-Vlan-interface10] isis authentication-mode simple tangshi level-1
4.1.20 isis circuit-level

Syntax
isis circuit-level [ level-1 | level-1-2 | level-2 ]
undo isis circuit-level
View
Interface view
Parameter
level-1: Configure Level-1, instead of Level-2, adjacency on the current interface only.
level-1-2: Configure Level-1-2 adjacency on the current interface.
level-2: Configure Level-2 adjacency on the current interface only.
Description
Using isis circuit-level command, you can configure the neighboring circuit type.
Using undo isis circuit-level command, you can restore the default setting.
By default, the value is level-1-2.
4-18

This command is only applicable to level-1-2 router. If the local router is a level-1-2
router and it is required to establish a correlation with the peer router on a certain level
(level-1 or level-2), this command can specify the interface to send and receive hello
packets of this level. Certainly, only one type of hello packet is sent and received on the
point-to-point link. In this way, excessive processing is avoided, and the bandwidth is
saved.
For the related commands, see is-level.
Example
# When interface Vlan-interface 10 is connected with a non-backbone router in the
same area, you can set this interface as level-1, prohibiting the sending and receiving
of level-2 hello packets.
[Quidway-Vlan-interface10] isis enable
[Quidway-Vlan-interface10] isis circuit-level level-1
4.1.21 isis cost

Syntax
isis cost value [ level-1 | level-2 ]
undo isis cost [ level-1 | level-2 ]
View
Interface view
Parameter
value: Specify the link cost used in the SPF calculation of corresponding level. Its range
is 0 to 63. By default, the value is 10.
level-1: indicate that the link cost corresponds to level-1.
level-2: indicate that the link cost corresponds to level-2
Description
Using isis cost command, you can configure the link cost of this interface when
performing SPF calculation. Using undo isis cost command, you can restore the
default link cost.
If neither Level 1 nor Level 2 is specified in the configuration, both level-1 and level-2
will be the default value.
The user is recommended to configure the appropriate link cost for all the interfaces.
Otherwise, the link cost in the calculation of IS-IS routes cannot reflect the link cost.

4-19

Example
# Set the link cost of the Level-2 link on Interface Vlan-interface 10 to 5.
[Quidway-Vlan-interface10] isis cost 5 level-2
4.1.22 isis dis-priority

Syntax
isis dis-priority value [ level-1 | level-2 ]
undo isis dis-priority [ level-1 | level-2 ]
View
Interface view
Parameter
value: The priority when selecting DIS. Its value ranges 0 to 127, and the default priority
is 64.
level-1: Specify the priority when selecting level-1 DIS.
level-2: Specify the priority when selecting level-2 DIS.
If the level is not specified, it defaults to setting both Level-1 and level-2 priority.
Description
Using isis dis-priority command, you can configure the priority of an interface for the
DIS election. Using undo isis dis-priority command, you can restore the default
priority.
The IS-IS protocol does not concern the concept of backup DIS. The router with the
priority 0 can also run for the DIS, which is different from the DR election of OSPF.
Example
# Set the priority of Interface Vlan-interface 1 to 127.
[Quidway-Vlan-interface1] isis dis-priority 127 level-2
4.1.23 isis enable

Syntax
isis enable { clns | ip } [ tag ]
undo isis enable { clns | ip } [ tag ]

4-20

View
Interface view
Parameter
clns: Configure the interface to activate the OSI IS-IS routing process.
ip: Configure the interface to activate the IP IS-IS routing process.
tag: the name given to an IS-IS routing process, when executing isis command in the
system view. If not specified, it is null.
Description
Using isis enable command, you can configure the interface to activate the
corresponding IS-IS routing process. Using undo isis enable command, you can
cancel this designation.
By default, the IS-IS routing process is not enabled on an interface.
For the normal operation of the IS-IS protocol, the isis command must be used to
enable the IS-IS process. Then the network-entity command is used to set a Network
Entity Title (NET) for the router. And, at last, the isis enable command is used to
enable each interface on which the IS-IS process runs. The IS-IS protocol is actually
enabled upon the completion of these configurations.
For the related commands, see isis, network-entity.
Example
# Create an IS-IS routing process named huawei, and activate this routing process on
interface Vlan-interface 1.
[Quidway] isis huawei
[Quidway-Vlan-interface1] isis enable ip huawei
4.1.24 isis mesh-group

Syntax
isis mesh-group { mesh-group-number | mesh-blocked }
undo isis mesh-group
View
Interface view

4-21

Parameter
mesh-group-number: Specify the mesh group number, ranging from 1 to 4294967295.
mesh-blocked: Configure to block a specified interface, so that it will not flood the
received LSP to other interfaces.
Description
Using isis mesh-group command, you can add an interface to a specified mesh group.
Using undo isis mesh-group command, you can delete this interface from the mesh
group.
By default, the interface does not belong to any mesh group and floods LSP normally.
The interface beyond the mesh group floods the received LSP to other interfaces,
following the normal procedure. This processing method applied to an NBMA network
with higher connectivity and several point-to-point links will cause repeated LSP
flooding and waste bandwidth.
The interface joining a mesh group only floods the received LSP to the interfaces
beyond the local mesh group.
Be sure to provide some redundancy when adding an interface to a mesh group or
blocking it, avoiding the affect to the normal flooding of the LSP due to link failure.
Example
# Add Vlan-interface 1 running IS-IS to mesh group 3.
4.1.25 isis timer csnp

Syntax
isis timer csnp seconds [ level-1 | level-2 ]
undo isis timer csnp [ level-1 | level-2 ]
View
Interface view
Parameter
seconds: Specify the CSNP packet interval on the broadcast network, ranging from 1 to
65535 and measured in seconds. By default, the value is 10 seconds.
level-1: Specify the Level-1 CSNP packet interval.
level-2: Specify the Level-2 CSNP packet interval.
If the level is not specified, it defaults to setting both Level-1 and level-2 intervals.

4-22

Description
Using isis timer csnp command, you can configure the interval of sending CSNP
packets on the broadcast network. Using undo isis timer csnp command, you can
restore the default value, that is, 10 seconds.
Only DIS can periodically send CSNP packets, therefore, this command is valid only for
the router that is selected as the DIS. Furthermore, DIS is divided into level-1 and
level-2, and their intervals of sending CSNP packets must be set respectively.
Example
# Set the CSNP packet of Level-2 to be transmitted every 15 seconds on the interface
Vlan-interface 1.
[Quidway-Vlan-interface1] isis timer csnp 15 level-2
4.1.26 isis timer hello

Syntax
isis timer hello seconds [ level-1 | level-2 ]
undo isis timer hello [ level-1 | level-2 ]
View
Interface view
Parameter
seconds: Specify the Hello interval, ranging from 3 to 255 and measured in seconds.
The default value is 10 seconds.
level-1: Specify the Level-1 Hello interval.
level-2: Specify the Level-2 Hello interval.
If the level is not specified, it defaults to setting the Hello interval at Level-1-2, that is,
both Level-1 and Level-2 take effect.
Description
Using isis timer hello command, you can configure the interval of sending hello packet
of corresponding level. Using undo isis timer hello command, you can restore the
default value, that is, 10 seconds.
On a broadcast link, level-1 and level-2 hello packets will be sent respectively and their
intervals should also be set respectively. Such settings are unnecessary on
point-to-point links. The shorter the sending interval is, the more system resources are
occupied to send hello packets. Therefore, the interval should be set according to
actual conditions.
4-23

For the related commands, see isis timer holding-multiplier.
Example
# Set the Hello packet of Level-2 to be transmitted every 20 seconds on Interface
Vlan-interface 1.
[Quidway-Vlan-interface1] isis timer hello 20 level-2
4.1.27 isis timer holding-multiplier

Syntax
isis timer holding-multiplier number [ level-1 | level-2 ]
undo isis timer holding-multiplier [ level-1 | level-2 ]
View
Interface view
Parameter
number: In the range of 3 to 1000.
Description
Using the isis timer holding-multiplier command, you can configure the number of
invalid Hello messages for the interface. Using the undo isis timer holding-multiplier
command, you can restore the default settings.
The default number of invalid Hello messages is 3.
ISIS protocol maintains the adjacency between the adjacent routers by sending and
receiving Hello messages. If the local router does not receive a Hello message from the
peer within an interval, it regards the neighbor unavailable. The interval is the ISIS
holddown time.
In ISIS, the holddown time can be regulated by configuring the number of invalid Hello
messages. That is, the local router regards its neighbor unavailable if it has not
received the specific number of Hello messages consecutively.
If you do not specify Level-1 or Level-2 in the command, the system applies the number
of invalid Hello messages to Level-1 and Level-2.
For the related command, see isis timer hello.
Example
# Set the number of invalid Hello messages to 5 on Vlan-interface 10.
[Quidway-Vlan-interface10] isis timer holding-multiplier 5
4-24

4.1.28 isis timer lsp

Syntax
isis timer lsp time
undo isis timer lsp
View
Interface view
Parameter
time: Specify the LSP interval, ranging from 1 to 1000 and measured in milliseconds.
The default value is 33 milliseconds.
Description
Using isis timer lsp command, you can configure IS-IS LSP interval on the interface.
Using undo isis timer lsp command, you can restore the default setting.
For the related commands, see isis timer retransmit.
Example
# Set the LSP interval on Interface Vlan-interface 1 to 500 milliseconds.
[Quidway-Vlan-interface1] isis timer lsp 500
4.1.29 isis timer retransmit

Syntax
isis timer retransmit seconds
undo isis timer retransmit
View
Interface view
Parameter
seconds: Specify the the retransmission interval of LSP packets, in the unit of second,
in the range from 1 to 300 and the default value is 5 seconds.
Description
Using isis timer retransmit command, you can configure the LSP retransmission
interval over the point-to-point link. Using undo isis timer retransmit command, you
can restore the default setting.

4-25

Use caution when setting this parameter to avoid unnecessary retransmission.

The response is required when sending LSP packets on the point-to-point link, not the
broadcast link, and therefore this command is unnecessary for the broadcast link.
For the related commands, see isis timer lsp.
Example
# Set the LSP retransmission interval to 10 seconds on Interface Vlan-interface 1.
[Quidway-Vlan-interface1] isis timer retransmit 10
4.1.30 is-level
Syntax
is-level { level-1 | level-1-2 | level-2 }
undo is-level
View
IS-IS view
Parameter
level-1: Configure the router to operate at Level-1, only calculate the intra-area routes
and maintain the LSDB of L1.
level-1-2: Configure the router to operate at Level-2, calculate both the L1 and L2
routes and maintain the LSDB of L1 and L2.
level-2: Configure the router to operate at Level-2, only switch L2 LSP and calculate
the L2 routes and maintain the LSDB of L2.
Description
Using is-level command, you can configure the IS-IS level. Using undo is-level
By default, the value is level-1-2.
We recommend setting the system Level, when you configure IS-IS.
If there is only one area, you are recommended to set the level of all the routers as
Level-1 or Level-2, because it is not necessary for all the routers to maintain two
identical databases. You are recommended to set all the routers to Level-2 for
convenient future extension, when applying them to IP network.
For the related commands, see isis circuit-level.

4-26

Example
# Set the current router to operate at Level-1.
[Quidway] isis
[Quidway-isis] is-level level-1
4.1.31 log-peer-change
Syntax
log-peer-change
undo log-peer-change
View
IS-IS view
Parameter
none
Description
Using log-peer-change command, you can log the peer changes. Using undo
log-peer-change command, you can configure not to log the peer changes.
By default, peer changes log disabled.
After peer changes log is enabled, the IS-IS peer changes will be output on the
configuration terminal until the log is disabled.
Example
# Configure to output the IS-IS peer changes on the current router.
[Quidway-isis] log-peer-change
4.1.32 md5-compatible
Syntax
md5-compatible
undo md5-compatible
View
IS-IS view
Parameter
none

4-27

Description
Using the md5-compatible command, you can set the IS-IS to use the MD5 algorithm
which is compatible with that of the other vendors. Using the undo md5-compatible
command, you can return to the defaults.
By default, the system uses the MD5 algorithm in IS-IS which is compatible with that of
Huawei.
You must configure this command when the switch needs to authenticate the devices of
other vendors using MD5 algorithm in IS-IS.
Example
# Set the IS-IS to use the MD5 algorithm compatible with that of the other vendors
[Quidway-isis] md5-compatible
4.1.33 network-entity
Syntax
network-entity NET
undo network-entity NET
View
IS-IS view
Parameter
NET: Specify the Network Entity Title in the XX.XXXX....XXXX.00 format, in which
the first XX is the area address, the twelve Xs in the middle is the System ID of the
router, and the 00 in the end is SEL.
Description
Using network-entity command, you can configure the name of Network Entity Title
(NET) of the IS-IS routing process. Using undo network-entity command, you can
delete a NET.
By default, the value is No NET.
NET means the Network Service Access Point (NSAP). It consists of three parts. Part
one is area ID, which is variable (1 to 13 bytes), and the area IDs of the routers in the
same area are identical. Part two is system ID (6 bytes) of this router, which must be
unique in the whole area and backbone area. Part three, the last byte SEL, whose
value must be 00. So the NET field of IS-IS is 8 to 20 bytes. Usually, one router can be
configured with one NET. When the area is redesigned by combination or separation,
after reconfiguration, the correctness and continuity of the routes must be ensured.
For the related commands, see isis, isis enable.
4-28

Example
# Specify NET as 10.0001.1010.1020.1030.00, in which the system ID is
1010.1020.1030, area ID is 10.0001.
[Quidway] isis
4.1.34 preference
Syntax
preference value
undo preference
View
IS-IS view
Parameter
value: Specify the preference, ranging from1 to 255. By default, the value is 15.
Description
Using preference command, you can configure the preference of IS-IS protocol. Using
undo preference command, you can restore the default value.
Several dynamic routing protocols could run simultaneously on a router. In this case,
there is an issue of sharing and selecting the routing information among all the routing
protocols. The system sets a preference for each routing protocol. When various
routing protocols find the route to the same destination, the protocol with the higher
preference will take effect.
Example
# Configure the preference of IS-IS as 25.
[Quidway-isis] preference 25
4.1.35 reset isis all

Syntax
reset isis all
View
User view

4-29

Parameter
none
Description
Using reset isis all command, you can reset all the IS-IS data structures.
By default, IS-IS data structure will not be cleared.
This command is used when LSPs need refreshing immediately. For example, after
area-authentication-mode
and
domain-authentication-mode
commands
are
executed, the old LSP still remain on the router. This command can be used to clear
them.
For
the
related
commands,
see
domain-authentication-mode.
Example
# Reset all the IS-IS data structures.
<Quidway> reset isis all
4.1.36 reset isis peer

Syntax
reset isis peer system-id
View
User view
Parameter
system-id: Specifies the system ID of IS-IS neighbor.
Description
Using reset isis peer command, you can reset the specified IS-IS peer.
By default, the IS-IS neighbor will not be cleared.
This command is used when you want to reconfigure a certain neighbor.
Example
# Clear the IS-IS neighbor whose system ID is 0000.0c11.1111.
<Quidway> reset isis peer 0000.0c11.1111

4-30

4.1.37 set-overload
Syntax
set-overload
undo set-overload
View
IS-IS view
Parameter
none
Description
Using set-overload command, you can set overload flag for the current router. Using
undo set-overload command, you can cancel the overload flag.
By default, no overload flag is set.
If a router is configured with the overload flag, the routes it calculates will be ignored by
other routers in SPF calculation. (However the directly connected routes will not be
ignored.) And other routers should not send this router the packets which should be
forwarded by it.
Example
# Set overload flag on the current router.
[Quidway-isis] set-overload
4.1.38 silent-interface
Syntax
silent-interface silent-interface-type interface-number
undo silent-interface silent-interface-type interface-number
View
IS-IS view
Parameter
interface-type: Specifies the interface type.
interface-number: Specifies the interface number.

4-31

Description
Using silent-interface command, you can disable a specified interface to transmit
IS-IS packet. Using undo silent-interface command, you can enable the interface to
transmit IS-IS packet.
By default, all the interface are allowed to transmit/receive IS-IS packets.
The silent-interface command is only used to suppress the packets to be transmitted
on the interface, but the routes of this interface will still be transmitted from other
interfaces.
Example
# Prohibit the IS-IS packets to be transmitted via Interface Vlan-interface 3.
[Quidway-isis] silent-interface Vlan-interface 3
4.1.39 spf-delay-interval
Syntax
spf-delay-interval number
undo spf-delay-interval
View
IS-IS view
Parameter
number: Specify number of routes to process before releasing CPU. It is in unit of piece
with the range from 1000 to 50000. By default, the value is 5000 pieces.
Description
Using spf-delay-interval command, you can configure number of routes to process
before releasing CPU in the SPF calculation. Using undo spf-delay-interval command,
you can restore the default setting.
When there are a large number of routes in the routing table, this command can be
used to set that CPU resources are released automatically after a certain number of
routes are processed. The unprocessed routes will be processed in one second. In this
way, SPF calculation will not occupy the system resources for a long time, which has
impact on the responding speed of the console.
The value of the parameter number can be adjusted according to the capacity of the
routing table. If the spf-slice-size command is also configured, the SPF calculation will
be paused when any setting item is met.
By default, CPU is released once when every 5000 pieces of routes are processed.
For the related commands, see spf-slice-size.
4-32

Example
# Set IS-IS to release CPU once after processing every 3000 pieces of routes.
[Quidway-isis] spf-delay-interval 3000
4.1.40 spf-slice-size
Syntax
spf-slice-size seconds
undo spf-slice-size
View
IS-IS view
Parameter
seconds: Duration of one cycle in second of SPF calculation in the range from 0 to 120.
When the calculation duration time reaches or exceeds the set value, the calculation of
this time ends. If seconds is set to 0, it indicates that SPF calculation is not divided into
slices and it will operate until the end. By default, the value is 0.
Description
Using spf-slice-size command, you can configure the duration of one cycle when IS-IS
performs SPF route calculation. Using undo spf-slice-size command, you can restore
the default setting.
When there is a large number of routes in the routing table, this command can be used
to enable the SPF calculation in slices to prevent it from occupying the system
resources for a long time.
The user is recommended to use the command when the number of routes reaches
150,000 or 200,000 and the value of seconds is recommended as 1. In other cases, the
default setting should be used, that is, SPF runs to the end with no slice.
If the spf-delay-interval command is also configured, when SPF calculation is run, the
SPF calculation will be paused if any setting item is met.
For the related commands, see spf-delay-interval.
Example
# Set the SPF duration time to 1 second.
[Quidway-isis] spf-slice-size 1

4-33

4.1.41 summary
Syntax
summary ip-address mask [ level-1 | level-1-2 | level-2 ]
undo summary ip-address mask [ level-1 | level-1-2 | level-2 ]
View
IS-IS view
Parameter
ip-address: Aggregated network segment address.
mask: Aggregated network mask.
level-1: Configure to aggregate the routes imported into Level-1.
level-2: Configure to aggregate the routes imported into Level-2 routing table.
level-1-2: Configure to aggregate the routes imported into Level-1 and Level-2.
If the level is not specified, it defaults to setting level-2 aggregation.
Description
Using summary command, you can configure IS-IS route summary. Using undo
summary command, you can cancel the summary.
By default, no routes will be summarized.
Similarly, the routes with the same next hops can be aggregated into one route. In this
way, the sizes of the routing table, LSP packets and LSDB are reduced. Among them,
the aggregated route can be either a route found by IS-IS protocol, or an imported route.
Furthermore, the cost value of the aggregated route adopts the smallest cost of the
routes aggregated.
Example
# Set a route summary of 202.0.0.0/8.
[Quidway-isis] summary 202.0.0.0 255.0.0.0
4.1.42 timer lsp-max-age

Syntax
timer lsp-max-age seconds
undo timer lsp-max-age
View
IS-IS view

4-34

Parameter
seconds: Specifies the maximum lifetime of LSP, measured in seconds. The range is 1
to 65535. The default value is 1200 seconds.
Description
Using timer lsp-max-age command, you can configure the maximum lifetime of an
LSP generated by the current router. Using undo timer lsp-max-age command, you
can restore the default value.
When the router generates an LSP for the system, it adds the maximum lifetime to it.
When other routers receive this LSP, the lifetime decreases continuously as the time
goes. If updated LSP has not been received before the old one times out, this LSP will
be deleted from the LSDB.
For the related commands, see timer lsp-refresh.
Example
# Set the lifetime of an LSP generated by the current system to 25 minutes, i.e., 1500
seconds.
[Quidway-isis] timer lsp-max-age 1500
4.1.43 timer lsp-refresh

Syntax
timer lsp-refresh seconds
undo timer lsp-refresh
View
IS-IS view
Parameter
seconds: Specifies the LSP refresh interval, measured in seconds. The range is 1 to
65535. The default value is 900 seconds.
Description
Using timer lsp-refresh command, you can configure the refresh interval of LSP.
Using undo timer lsp-refresh command, you can restore the default value, that is, 900
seconds.
By this mechanism, the latest synchronization of the LSP within the entire area can be
maintained.
For the related commands, see timer lsp-max-age.

4-35

Example
# Set the LSP refresh interval of the current system to 25 minutes, i.e., 1500 seconds.
[Quidway-isis] timer lsp-refresh 1500
4.1.44 timer spf

Syntax
timer spf seconds [ level-1 | level-2 ]
undo timer spf [ level-1 | level-2 ]
View
IS-IS view
Parameter
seconds: Specifies the SPF calculation interval, ranging from 1 to 120 and measured in
seconds. The default value is 10 seconds.
level-1: Sets Level-1 SPF calculation interval only.
level-2: Sets Level-2 SPF calculation interval only.
If the level is not specified, it defaults to setting both Level-1 and level-2 intervals.
Description
Using timer spf command, you can configure the interval for the SPF calculation of
corresponding level. Using undo timer spf command, you can restore the system
default value, that is, 5 seconds.
Usually, when the LSDB of the corresponding level is changed, SPF calculation is
required. However, when the network is unstable and LSDB changes frequently, if the
SPF calculation is performed too frequently, the system efficiency will be lowered. In a
severe condition, other services will be affected. By setting proper interval for
performing SPF calculation, you can avoid the above situation. Certainly, the interval
for SPF calculation cannot be set too long, because a long interval will prevent the
current routing table from showing the actual network condition. This sitting must be
made according to actual conditions.
Example
# Set the SPF calculation interval of the router to 3 seconds.
[Quidway-isis] timer spf 3

4-36

Chapter 5 BGP Configuration Commands
Note:
5.1 BGP Configuration Commands
Note:
For the commands defining routing policies in BGP, refer to the Routing Policy" of the
next chapter.
5.1.1 aggregate
Syntax
aggregate
address
detail-suppressed
mask
|
as-set
origin-policy
attribute-policy
route-policy-name
route-policy-name
|
suppress-policy
undo aggregate address mask [ as-set | attribute-policy route-policy-name |
detail-suppressed
origin-policy
route-policy-name
View
BGP view
Parameter
address: Address of the aggregated route.
mask: Network mask of the aggregated route.
as-set: Create a route with segment of AS_SET.
detail-suppressed: Only advertise the aggregated route.
5-1
suppress-policy

suppress-policy route-policy-name: Suppress the specific route selected.

origin-policy route-policy-name: Select the originate routes used for aggregation.
attribute-policy route-policy-name: Set the attributes of the aggregated route. The
length of route-policy-name parameter ranges from 1 to 16 character string.
Description
Using aggregate command, you can establish an aggregated record in the BGP
routing table. Using undo aggregate command, you can disable the function.
By default, there is no route aggregation.
The keywords is explained as follows:
Table 5-1 The use of the keywords
keywords
use
as-set
Used to produce an aggregated route whose AS path

information includes detailed routes. Use this keyword carefully
when many AS paths need to be aggregated, for the frequent
change of routes may lead to route vibration.
detail-suppress
ed
This keyword does not establish any aggregated route, but it

restrains the advertisement of all the specific routes. If only
some specific routes are to be restrained, use the peer
filter-policy command carefully.
suppress-polic
y
Create an aggregated route with this keyword, at the same

time, the advertisement of the specified route is restrained. If
you want to restrain some specific routes selectively and leaves
other routes still being advertised, use the if-match
sub-statement of the route-policy command.
origin-policy
select only the specific routes that are in accordance with

route-policy to create an aggregated route.
attribute-policy
set aggregated route attributes. The same work can be done by

using peer route-policy, etc.
Example
# Create an aggregated record in BGP routing table.
[Quidway-bgp] aggregate 168.328.0.0 255.255.0.0
5.1.2 bgp
Syntax
bgp as-number
undo bgp [as-number ]

5-2

View
system view
Parameter
as-number: The specified local AS number.
Description
Using bgp command, you can enable BGP and enter the BGP view. Using undo bgp
command, you can disable BGP.
By default, the system does not run BGP.
This command is used to enable and disable BGP as well as to specify the local AS
number of BGP.
Example
# Enable BGP.
[Quidway] bgp 100
[Quidway-bgp]
5.1.3 compare-different-as-med
Syntax
compare-different-as-med
undo compare-different-as-med
View
BGP view
Parameter
none
Description
Using compare-different-as-med command, you can enable comparison of MED
values from different AS neighboring routes when determining the best route. Using
undo compare-different-as-med command, you can disable the comparison.
By default, it is disabled to compare the MED attribute values from the routing paths of
different AS peers.
If there are several routes available to one destination address, the route with smaller
MED parameter can be selected as the final route item.
Do not use this command unless it is determined that the same IGP and routing
selection mode are adopted by different autonomous systems.
5-3

Example
[Quidway-bgp] compare-different-as-med
5.1.4 confederation id
Syntax
confederation id as-number
undo confederation id
View
BGP view
Parameter
as-number: The ID of BGP AS confederation. It is equal to the AS number which
contains the AS numbers of multiple sub-ASs. The range is 1 to 65535.
Description
Using confederation id command, you can configure confederation identifier. Using
undo confederation id command, you can cancel the BGP confederation specified by
as-number parameter.
By default, the confederation ID is not configured.
Confederation can be adopted to solve the problem of too many IBGP full connections
in a large AS domain. The solution is, first dividing the AS domain into several smaller
sub-ASs, and each sub-ASs remains full-connected. These sub-ASs form a
confederation. Key BGP attributes of the route, such as next hop, MED, local
preference, are not discarded across each sub-ASs. The sub-ASs still look like a whole
from the point of view of a confederation although these sub-ASs have EBGP relations.
This can assure the integrality of the former AS domain, and ease the problem of too
many connections in the domain
For the related commands, see confederation nonstandard, confederation peer-as.
Example
# Confederation 9 consists of four sub-ASs, namely, 38, 39, 40 and 41. Here, the peer
10.1.1.1 is an internal member of the AS confederation while the peer 200.1.1.1 is an
external member of the AS confederation. For external members, Confederation 9 is a
unified AS domain.
[Quidway] bgp 41
[Quidway-bgp] confederation id 9
[Quidway-bgp] confederation peer-as 38 39 40
[Quidway-bgp] group Confed38 external
5-4

[Quidway-bgp] peer Confed38 as-number 38

[Quidway-bgp] peer 10.1.1.1 group Confed38
[Quidway-bgp] group Remote98 external
[Quidway-bgp] peer Remote98 as-number 98
[Quidway-bgp] peer 200.1.1.1 group Remote98
5.1.5 confederation nonstandard

Syntax
confederation nonstandard
undo confederation nonstandard
View
BGP view.
Parameter
none
Description
Using confederation nonstandard command, you can configure the router to be
compatible with routers not following RFC1965. Using undo confederation
nonstandard command, you can disable this function.
By default, it is in accordance with RFC1965.
For the related commands, see confederation id, confederation peer-as.
Example
# AS100 contains routers following nonstandard, which is composed of two sub-ASs,
64000 and 65000.
[Quidway] bgp 64000
[Quidway-bgp] confederation id 100
[Quidway-bgp] confederation peer-as 65000
[Quidway-bgp] confederation nonstandard
5.1.6 confederation peer-as

Syntax
confederation peer-as as-number-1 [... as-number-n ]
undo confederation peer-as [ as-number-1 ] [... as-number-n ]

5-5

View
BGP view
Parameter
as-number-1...as-number-n: Sub-AS number. The range is 1 to 65535. This command
can configure a maximum of 32 Sub-ASs belonging to a confederation.
Description
Using confederation peer-as command, you can configure a confederation consisting
of which Sub-ASs. Using undo confederation peer-as command, you can delete the
specified Sub-AS in the confederation.
By default, no autonomous system is configured as a member of the confederation.
Before this command is performed, the confederation ID should be configured by the
confederation id command. Otherwise this configuration is invalid. The configured
ASs in this command are inside the confederation and each AS uses fully meshed
network. The confederation appears as a single AS to the routers outside it.
For the related commands, see confederation nonstandard, confederation id.
Example
# Configure the confederation contains AS 2001 and 2002.
[Quidway-bgp]confederation peer-as 2000 2001
5.1.7 dampening
Syntax
dampening [ half-life-reachable half-life-unreachable reuse suppress ceiling ]
[ route-policy route-policy-name ]
undo dampening
View
BGP view
Parameter
half-life-reachable: Specify the semi-dampening when the route is reachable. The
range is 1 to 45 minutes. By default, the value is 15 minutes.
half-life-unreachable: Specify the semi-dampening when the route is unreachable. The
range is 1 to 45 minutes. By default, the value is 15 minutes.
reuse: The penalty value of a route when it start to be reused. The range is 1 to 20000.

5-6

suppress: The penalty threshold of a route when it start to be suppressed. The range is
1 to 20000. By default, the value is 2000.
ceiling: The upper threshold of the penalty. The range is 1001 to 20000. By default, the
value is 16000.
route-policy-name: Configure route policy name. The length of route-policy-name
If the parameters are not set, the BGP route attenuation is valid and each parameter is
taken as the default value. The parameters are mutually dependent. Once configure
any parameter, all other parameters should also be specified.
Description
Using dampening command, you can make BGP route attenuation valid or modify
various BGP route attenuation parameters. Using undo dampening command, you
can make the characteristics invalid.
By default, no route attenuation is configured.
For the related commands, see reset bgp dampening, reset bgp flap-info, display
bgp routing-table dampened, display bgp routing-table flap-info.
Example
# Modify various BGP route attenuation parameters.
[Quidway-bgp] dampening 15 15 1000 2000 10000
5.1.8 debugging bgp

Syntax
debugging bgp { all | event | normal | { keepalive | open | packet | route-refresh |
update } [ receive | send ] [ verbose ] }
undo debugging bgp { all | event | normal | keepalive | open | packet |
route-refresh | update }
View
User view
Parameter
all: Indicating to enable all BGP information debugging.
event: Indicating to enable BGP event information debugging.
normal: Indicating to enable information debugging of BGP normal functions.
keepalive: Indicating to enable BGP Keepalive packet information debugging.
open: Indicating to enable BGP Open packet information debugging.

5-7

packet: Indicating to enable BGP packet information debugging.

route-refresh: Indicating to enable BGP route-refresh packet information debugging.
update: Indicating to enable BGP Update packet information debugging.
receive: Information of receiving packets.
send: Information of sending packets.
verbose: Detailed information.
Description
Using debugging bgp all command, you can enable all the information debugging of
BGP packet and events.
Using debugging bgp event command, you can enable the information debugging of
BGP events
Using debugging bgp keepalive command, you can enable the information
debugging of BGP Keepalive packets.
Using debugging bgp packet command, you can enable the information debugging of
BGP packets.
Using undo debugging bgp command, you can disable the debugging functions.
Example
# Enable the information debugging of BGP packets.
<Quidway> debugging bgp packet
5.1.9 default local-preference

Syntax
default local-preference value
undo default local-preference
View
BGP view
Parameter
value: Default local preference to be configured. The range is 0 to 4294967295. By
default, its value is 100.
Description
Using default local-preference command, you can configure the default local
preference. Using undo default local-preference command, you can restore the
default value.

5-8

Configuring different local preferences will affect BGP routing selection.
Example
# The two routers RTA and RTB in the same autonomous area use X.25 and Frame
Relay protocols separately to connect with external autonomous areas. The command
can be used to configure the default local preference of RTB as 180 so that the route
via RTB is selected first when the same route goes through RTA and RTB at the same
time.
[Quidway-bgp]default local-preference 180
5.1.10 default med

Syntax
default med med-value
undo default med
View
BGP view.
Parameter
med-value: MED value to be specified. The range is 0 to 4294967295. By default, the
med-value is 0.
Description
Using default med command, you can configure the default system metric. Using
undo default med command, you can restore the default metric of the system.
In the case that all other conditions are the same, the system first selects the route with
the smaller MED value as the external route of the autonomous system.
Example
# Routers RTA and RTB belong to AS100 and router RTC belongs to AS200. RTC is
the peer of RTA and RTB. The network between RTA and RTC is X.25 network and the
network between RTB and RTC is Ethernet. So the MED of RTA can be configured as
25 to allow RTC to select the route transmitted by RTB first.
[Quidway-bgp] default med 25
5.1.11 display bgp group

Syntax
display bgp group [ group-name ]

5-9

View
Any view
Parameter
group-name: Specified a peer group.
Description
Using display bgp group command, you can view the information of peer groups.
Example
# View the information of the peer group aaa.
<Quidway> display bgp group aaa
Group : aaa
type : external
as-number : 200
members in this group :
10.1.1.1
11.1.1.1
configuration within the group :

no export policy route-policy
no export policy filter-policy
no export policy acl
no export policy ip-prefix
route-policy specified in import policy : aaa
no import policy filter-policy
no import policy acl
no import policy ip-prefix
no default route produce
Table 5-2 Description of information generated by the command display bgp group
Field
Description
Group
Name of peer group
type
Type of peer group: IBGP or EBGP
as-number
AS number of peer group
members in this group
Members in this peer group
route-policy
Name of configured route policy
filter-policy
Configured export and import route filter for BGP
acl
Configured access control list
ip-prefix
Configured IP address prefix list

5-10

5.1.12 display bgp network

Syntax
display bgp network
View
Any view
Parameter
none
Description
Using display bgp network command, you can view the routing information that has
been configured.
Example
# Display the routing information that has been configured.
<Quidway> display bgp network
Network
Mask
Route-policy
133.1.1.0
255.255.255.0
None
112.1.0.0
255.255.0.0
None
Table 5-3 Description of information generated by the command display bgp network
Field
Description
Network
Network address
Mask
Mask
Route-policy
Configured route policy
5.1.13 display bgp paths

Syntax
display bgp paths as-regular-expression
View
Any view
Parameter
as-regular-expression: Matched AS path regular expression.

5-11

Description
Using display bgp paths command, you can view the information about AS paths
Example
# Display the information about the AS paths.
<Quidway> display bgp paths 500
Id
Hash-index References Aggregator Origin As-Path
--------------------------------------------------153 80
100
<null>
IGP
500 {500,400,600}
Table 5-4 Description of information generated by the command display bgp paths
Field
Description
Id
Value of sequence number
Hash-Index
Value of Hash-index
References
Number of routes with reference
Aggregator
Mask length of aggregate route

Origin attribute of route, which indicates that the route updates
its origin relative to the route originating it from AS. It has three
optional values:
IGP
The route belongs to inside of AS. BGP treats

aggregate route and the route defined by the command
network as inside of AS, and origin type as IGP.
EGP
The route is learned from exterior gateway protocol

(EGP).
INC
Short for INCOMPLETE: indicates that the original

source of the route information is unknown (learned by
other methods). BGP sets the origin of the route
imported through other IGP protocols as INCOMPLETE
Origin
As-path
AS-path attribute of route, which records all AS areas that the

route passes. With it, route loop can be avoided
5.1.14 display bgp peer

Syntax
display bgp peer peer-address [ verbose ]
display bgp peer [ verbose ]
View
Any view

5-12

Parameter
peer-address: Specify the peer to be displayed.
Description
Using display bgp peer command, you can view the information about BGP peers.
Example
# Display the detail information of the peer 10.110.25.20.
<Quidway> display bgp peer 10.110.25.20 verbose
Peer: 10.110.25.20 Local: Unspecified
Type: External
State: Idle
Flags: <Idled>
Last State: NoState
Last Event: NoEvent
Last Error: None

Options: <>
Configuration within the peer :

no export policy route-policy
no export policy ip-prefix
no export policy filter-policy
no export policy acl
no import policy route-policy
no import policy ip-prefix
no import policy filter-policy
no import policy acl
no default route produce
Table 5-5 Description of information generated by the command display bgp peer
verbose
Field
Description
Peer
IP address of peer and port number used by the peer to establish

TCP connection
Local
IP address and port number used to establish TCP connection of

local end
Type
Type of peer: Internal for IBGP, and External for EBGP
State
State of peer
Flags
Flags of peer
Last State
Last state before entering current state
Last Event
Last event of neighbor state machine

5-13

Field
Description
Last Error
Last error of neighbor state machine
Options
Options
5.1.15 display bgp routing-table

Syntax
display bgp routing-table [ ip-address [ mask ] ]
View
Any view
Parameter
ip-address: Destination of the network.
mask: Mask of the network.
Description
Using display bgp routing-table command, you can view all the BGP routing
information.
Example
# Display all the BGP routing information.
<Quidway> display bgp routing-table
Flags:
# - valid
^ - active
I - internal
D - damped
H - history
S - aggregate suppressed
B - balance
Dest/Mask
Next-hop
Med
Local-pref Origin As-path
----------------------------------------------------------------------#^
129.1.1.0/24
5.5.5.5
IGP
600
#^
129.1.2.0/24
5.5.5.5
IGP
600
#^
129.1.3.0/24
5.5.5.5
IGP
600
#^
129.1.4.0/24
5.5.5.5
IGP
600
#^
129.1.5.0/24
5.5.5.5
IGP
600
#^
129.1.6.0/24
5.5.5.5
IGP
600
#^
129.1.7.0/24
5.5.5.5
IGP
600
#^
129.1.8.0/24
5.5.5.5
IGP
600
#^
129.1.9.0/24
5.5.5.5
IGP
600
#^
129.1.10.0/24
5.5.5.5
IGP
600

5-14

Routes total: 10
Table 5-6 Description of information generated by the command display bgp

routing-table
Field
Description
State flags:
# - valid (valid)
^ - active (selected)
Flags
D damped (discarded)
H history (history)
I internal (interior gateway protocol)
S - aggregate suppressed (suppressed)
B - Balance
Dest/Mask
Destination address/Mask
Next Hop
IP address of next hop
Med
MULTI_EXIT_DISC attribute value, which ranges from 0 to

4294967295
Local-Pref
Local preference, which ranges from 0 to 4294967295

Origin attribute of route, which indicates that the route updates its
origin relative to the route originating it from AS. It has three
optional values:
IGP
The route belongs to inside of AS. BGP treats aggregate

route and the route defined by the command network as
inside of AS, and origin type as IGP.
EGP
The route is learned from exterior gateway protocol (EGP).
INC
Short for INCOMPLETE: indicates that the original source

of the route information is unknown (learned by other
methods). BGP sets the origin of the route imported
through other IGP protocols as INCOMPLETE
Origin
As-path
AS-path attribute of route, which records all AS areas that the route
passes. With it, route loop can be avoided
5.1.16 display bgp routing-table as-path-acl

Syntax
display bgp routing-table as-path-acl acl-number
View
Any view

5-15

Parameter
acl-number: Specify matched AS path list number ranging from 1 to 199.
Description
Using display bgp routing-table as-path-acl command, you can view routes that
match an as-path acl.
Example
# Display routes that match the as-path-acl 1.
<Quidway> display bgp routing-table as-path-acl 1
Flags:
# - valid
^ - active
I - internal
D - damped
H - history
B - balance
Dest/Mask
Pref
Next-Hop
Med
Local-pref
Origin
As-path
-------------------------------------------------------------------#^ 1.1.1.0/24
256
10.10.10.1
IGP
200
#^ 1.1.2.0/24
256
10.10.10.1
IGP
200
#^ 1.1.3.0/24
256
10.10.10.1
IGP
200
#^ 2.2.3.0/24
256
10.10.10.1
INC
200
#^ 4.4.4.0/24
256
10.10.10.1
INC
200
#^ 9.9.9.0/24
256
10.10.10.1
INC
200
#^ 10.10.10.0/24
256
10.10.10.1
IGP
200
#^
22.1.0.0/16
256
200.1.7.2
100
INC
200
88.1.0.0/16
60
0.0.0.0
IGP

routing-table as-path-acl
Field
Description
Dest/Mask
Destination address/Mask
Pref
Preference
Nexthop
IP address of next hop
Med
MULTI_EXIT_DISC attribute value
Local-pref
Local preference

5-16

Field
Description
origin relative to the route originating it from AS. It has three optional
values:
IGP

EGP
INC

Origin
As-path
5.1.17 display bgp routing-table cidr

Syntax
display bgp routing-table cidr
View
Any view
Parameter
None
Description
Using display bgp routing-table cidr command, you can view the routing information
about the non-natural mask (namely the classless interdomain routing, CIDR).
Example
<Quidway> display bgp routing-table cidr
Flags:
# - valid
^ - active
I - internal
D - damped
H - history
B balance
Dest/Mask
Pref
Next-Hop
Med
Local-pref
Origin
As-path
-------------------------------------------------------------------#^
22.1.0.0/16
256
200.1.7.2
88.1.0.0/16
60
0.0.0.0
100

5-17
INC
IGP
200

5.1.18 display bgp routing-table community

Syntax
display
bgp
routing-table
community [
aa:nn | no-export-subconfed |
no-advertise | no-export ]* [ whole-match ]
View
Any view
Parameter
aa:nn: Specify a community number.
no-export-subconfed: Not sending matched route outside AS.
no-advertise: Send matched route to no peers.
no-export: Does not announce the route to the AS or the association outside, but can
advertise to other sub-ASs.
whole-match: Configure to display the exactly matched routes.
Description
Using display bgp routing-table community command, you can view the routing
information related to the specified BGP community number in the routing table.
Example
# Display the routing information matching BGP community number 11:22.
<Quidway> display bgp routing-table community 11:22
Flags:
# - valid
^ - active
I - internal
D - damped
H - history
B - balance
Dest/Mask
Pref
Next-Hop
Med
Local-pref
Origin
As-path
-------------------------------------------------------------------#^
1.0.0.0/8
256
172.10.0.2
100
IGP
#^
2.0.0.0/8
256
172.10.0.2
100
IGP
5.1.19 display bgp routing-table community-list

Syntax
display bgp routing-table community-list community-list-number [ whole-match ]

5-18

View
Any view
Parameter
community-list-number: Specify a community-list.
whole-match: Configure to display the exactly matched routes.
Description
Using display bgp routing-table community-list command, you can view the routing
information matching the specified BGP community list.
Example
# Display the routing information matching BGP community list 1.
[Quidway] display bgp routing-table community-list 1
Flags:
# - valid
^ - active
I - internal
D - damped
H - history
B - balance
Destination/Mask
Pref
Next-hop
Med
Local-Pref
Origin
As-Path
------------------------------------------------------------------1.1.1.0/24
256
10.10.10.1
IGP
200
1.1.2.0/24
256
10.10.10.1
IGP
200
1.1.3.0/24
256
10.10.10.1
IGP
200
2.2.3.0/24
256
10.10.10.1
INC
200
4.4.4.0/24
256
10.10.10.1
INC
200
9.9.9.0/24
256
10.10.10.1
INC
200
10.10.10.0/24 0
10.10.10.2
IGP
10.10.10.0/24 256
10.10.10.1
IGP
5.1.20 display bgp routing-table dampened

Syntax
display bgp routing-table dampened
View
Any view
Parameter
None

5-19
200

Description
Using display bgp routing-table dampened command, you can view BGP dampened
routes.
Example
# View BGP dampened information.
<Quidway> display bgp routing-table dampened
Flags:
# - valid
^ - active
I - internal
D - damped
H - history
B - balance
Dest/Mask
Source
Damping-limit
Origin
As-path
----------------------------------------------------------------#D
11.1.0.0/16
133.1.1.2
1:20:00
IGP
200

routing-table dampened
Item
Description
State flags:
# - valid (valid)
Flags
H history (history)
B - balance
#D
The valid and damped route
Dest/Mask
The dampened route to the destination network 11.1.0.0
Source
The nexthop of the route
Damping-li
mit
The time before dampening turns invalid and the route can be
reused.

5-20

Item
Description
values:
IGP

EGP
INC
Short for INCOMPLETE: indicates that the original source of

the route information is unknown (learned by other methods).
BGP sets the origin of the route imported through other IGP
protocols as INCOMPLETE
Origin
As-path
5.1.21 display bgp routing-table different-origin-as

Syntax
display bgp routing-table different-origin-as
View
Any view
Parameter
None
Description
Using display bgp routing-table different-origin-as command, you can view routes
that have different source autonomous systems
Example
# View the routes that have different source ASs.
<Quidway> display bgp routing-table different-origin-as
Flags:
# - valid
^ - active
I - internal
D - damped
H - history
B - balance
Destination/Mask
Pref
Next-hop
Med
Local-Pref
Origin
As-Path
-----------------------------------------------------------------10.10.10.0/24
10.10.10.2
IGP
10.10.10.0/24
256
10.10.10.1
IGP

5-21
200

5.1.22 display bgp routing-table flap-info

Syntax
display bgp routing-table flap-info [ { regular-expression as-regular-expression } |
{ as-path-acl acl-number } | { network-address [ mask [ longer-match ] ] } ]
View
Any view
Parameter
as-regular-expression: The route flap-info matching AS path regular expression.
acl-number: Number of the specified AS path to be matched, ranging from 1 to 199.
network-address: Network IP address related to the dampening information to be
shown
mask: Network mask.
longer-match: Show the route flap-info that is more specific than address, mask.
Description
Using display bgp routing-table flap-info command, you can view BGP flap-info.
Example
# Display BGP flap-info.
<Quidway> display bgp routing-table flap-info
Flags:
# - valid
^ - active
I - internal
D - damped
H - history
B - balance
Dest/Mask
Source Keepup-time Damping-limit Flap-times Origin As-path
-------------------------------------------------------------------#D
11.1.0.0/16 133.1.1.2
48
1:20:30

5-22
IGP
200


routing-table flap-info
Item
Description
State flags:
# - valid (valid)
Flags
H history (history)
B balance
#D
The valid and damped route
Dest/Mask
The dampened route to the destination network 11.1.0.0
Source
The nexthop of the route
Keepup-time
The time that route damping has continued
Damping-lim
it
The time before dampening turns invalid and the route can be
reused.
Flap-times
The times of the route flap

values:
IGP

EGP
INC

Origin
As-path
5.1.23 display bgp routing-table peer

Syntax
display bgp routing-table peer peer-address { advertised | received }
[ network-address [ mask ] | statistic ]
View
Any view
5-23

Parameter
peer-address: Specifies the peer to be displayed.
advertised: Routing information advertised by the specified peer.
received: Routing information the specified peer received.
network-address mask : IP address and address mask of destination network.
statistic: Statistic routing information of peer.
Description
Using display bgp routing-table peer command, you can view the routing information
the specified BGP peer advertised or received.
Example
# Display the routing information advertised by BGP peer 1.1.1.2.
<Quidway> display bgp routing table peer 1.1.1.2 advertised
Dest/Mask
Next-hop
Med
Local-pref
Origin As-path
------------------------------------------------------------------------Appendant Flags: @ - Queued

1.1.1.0/24
1.1.1.1
100
INC
Here, Appendat Flags indicates the appended flag, @ the route to be sent, ! the
reachable route, and ~ to cancel route. For detailed description of the output
information, see Table 5-6.
5.1.24 display bgp routing-table regular-expression

Syntax
display bgp routing-table regular-expression as-regular-expression
View
Any view
Parameter
as-regular-expression: Matched AS regular expression.
Description
Using display bgp routing-table regular-expression command, you can view the
routing information matching the specified AS regular expression
Example
# Display the routing information matched with ^200$.

5-24

<Quidway> display bgp routing-table regular-expression ^200$

Flags:
# - valid
^ - active
I - internal
D - damped
H - history
B - balance
Destination/Mask Pref
Next-hop
Med
Local-Pref Origin
AS-Path
-------------------------------------------------------------------1.1.1.0/24
256
10.10.10.1
IGP
200
1.1.2.0/24
256
10.10.10.1
IGP
200
1.1.3.0/24
256
10.10.10.1
IGP
200
2.2.3.0/24
256
10.10.10.1
INC
200
4.4.4.0/24
256
10.10.10.1
IGP
200
9.9.9.0/24
256
10.10.10.1
INC
200
10.10.10.1
IGP
200
10.10.10.0/24 256
5.1.25 display bgp routing-table statistic

Syntax
display bgp routing-table statistic
View
Any view
Parameter
None
Description
Using display bgp routing-table statistic command, you can view the statistics of
BGP routing infomation.
Example
# Display the statistics of BGP routing information.
<Quidway> display bgp routing-table statistic
Routes total: 4

Syntax
filter-policy { acl-number | ip-prefix ip-prefix-name } export [ protocol ]
undo filter-policy { acl-number | ip-prefix ip-prefix-name } export [ protocol ]
5-25

View
BGP view
Parameter
acl-number: Number of IP access control list.
ip-prefix-name: Name of ip prefix list. The length of ip-prefix-name ranges from 1 to 19
character string.
protocol: Specified protocols advertising routing information which include direct, ospf,
ospf-ase, ospf-nssa, rip, isis and static.
Description
Using filter-policy export command, you can filter the advertised routes and only the
routes passing the filter can be advertised by BGP. Using undo filter-policy export
command, you can cancel the filtration to the advertised routes.
By default, filtration to the received routing information is not configured.
If the parameter protocol is specified, only the imported route generated by the
specified protocol is filtered and the imported routes generated by other protocols are
not affected. If the parameter protocol is not specified, the imported route generated by
any protocol will be filtered.
Example
# Use ACL 2000 to filter the routing information advertised by BGP.
[Quidway-bgp] filter-policy 2000 export

Syntax
filter-policy { acl-number | ip-prefix ip-prefix-name } import
undo filter-policy { acl-number | ip-prefix ip-prefix-name } import
View
BGP view
Parameter
acl-number: Number of IP access control list, ranging from 2000 to 3999.
ip-prefix-name: Name of address prefix list. The length of ip-prefix-name ranges from 1
to 19 character string.

5-26

Description
Using filter-policy gateway import command, you can filter the learned routing
information advertised by the peer with the specified address. Using undo filter-policy
gateway import command, you can cancel the filtration to the routing information
advertised by the peer with specified address.
Using filter-policy import command, you can filter the received global routing
information. Using undo filter-policy import command, you can remove the filtration
to the received global routing information.
By default, filtration to the received routing information is not configured.
This command can be used to filter the routes received by BGP and determines
whether to add the routes to the BGP routing table.
Example
# Use ACL 2000 to filter the routing information received by BGP.
[Quidway-bgp] filter-policy 2000 import
5.1.28 group
Syntax
group group-name [ internal | external ]
undo group group-name
View
BGP view
Parameter
group-name: Specify the name of the peer group. group-name is locally significant.
internal: Specify the type of the peer group as IBGP.
external: Specify the type of the peer group as EBGP.
Description
Using group group-name command, you can establish a peer group. Using undo
group group-name command, you can cancel the configured peer group.
The default type of BGP peer group is internal.
The external peer group members must be in the same network segment. Otherwise,
some EBGP peers may discard the transmitted route update.
Example
# Create a BGP group named test.

5-27

[Quidway-bgp] group test
5.1.29 import-route
Syntax
import-route protocol [ med med-value | route-policy route-policy-name ]*
View
BGP view
Parameter
protocol: Specify source routing protocols which can be imported, which include direct,
ospf, ospf-nssa , ospf-ase, rip, isis and static at present.
med med-value: Specify the MED value loaded by a redistributes route, ranging from 0
to 4294967295.
route-policy
route-policy-name:
Specify
route-policy.
The
length
of
Description
Using import-route command, you can import routes of other protocols. Using undo
import-route command, you can cancel redistributing routes of other protocols.
By default, BGP does not import routes of other protocols.
Example
# Import routes of RIP.
[Quidway-bgp] import-route rip
5.1.30 ip as-path-acl
Syntax
ip as-path-acl acl-number { permit | deny } as-regular-expression
undo ip as-path-acl acl-number
View
System view
Parameter
acl-number: Number of AS path list ranging from 1 to 199.
as-regular-expression: AS regular expression.

5-28

Description
Using ip as-path-acl command, you can configure an AS path regular express. Using
undo ip as-path-acl command, you can disable the defined regular expression.
The configured AS path list can be used in BGP policy.
For the related commands, see peer as-path-acl, display bgp routing-table
as-path-acl.
Example
# Configure an AS path list.
[Quidway] ip as-path-acl 10 permit 200,300
5.1.31 ip community-list
Syntax
ip community-list basic-comm-list-number { permit | deny } [ aa:nn | internet |
no-export-subconfed | no-advertise | no-export ]
ip community-list adv-comm-list-number { permit | deny } as-regular-expression
undo ip community-list { basic-comm-list-number | adv-comm-list-number }
View
System view
Parameter
basic-comm-list-number: Number of the basic community list ranging from 1 to 99.
adv-comm-list-number: Number of the advanced community list ranging from 100 to
199.
permit: Permit those that match conditions to access.
deny: Deny those that match conditions to access.
aa:nn: Community number.
internet: Advertise all routes.
no-export-subconfed: Used not to advertise the matched route beyond the
confederation.
no-advertise: Used not to send the matched route to any peer.
advertise to other sub-ASs.
as-regular-expression: Community attribute of the regular expression.

5-29

Description
Using ip community-list command, you can configure a BGP community list. Using
undo ip community-list command, you can cancel the configured BGP community
list.
The configured community list can be used in BGP policy.
For the related commands, see apply community, display bgp routing-table
community-list.
Example
# Define a community attribute list which does not advertise routes with the community
attribute beyond the confederation.
[Quidway] ip community-list 6 permit no-export-subconfed
5.1.32 network
Syntax
network ip-address [ address-mask ] [ route-policy route-policy-name ]
undo network ip-address [ address-mask ] [ route-policy route-policy-name ]
View
BGP view
Parameter
ip-address: Network address that BGP advertises.
address-mask: Mask of the network address.
route-policy-name: Route-policy applied to advertised routes. The length of
Description
Using network command, you can configure the network routes advertised by the local
BGP. Using undo network command, you can cancel the existing configuration.
By default, there is no networks sent through BGP
Example
# Advertise routes to network segment 10.0.0.0/16.
[Quidway-bgp] network 10.0.0.0 255.255.0.0

5-30

5.1.33 peer advertise-community

Syntax
peer group-name advertise-community
undo peer group-name advertise-community
View
BGP view
Parameter
group-name: Name of peer group.
Description
Using peer advertise-community command, you can enable the transmission of the
community attribute to a peer group. Using undo peer advertise-community
command, you can cancel the existing configuration.
By default, the community attribute is not transmitted to any peer group.
For the related commands, see if-match community-list, apply community.
Example
# Transmit community attribute to the peer group name test.
[Quidway-bgp] peer test advertise-community
5.1.34 peer allow-as-loop

Syntax
peer { group-name | peer-address } allow-as-loop [ number ]
undo peer { group-name | peer-address } allow-as-loop
View
BGP view
Parameter
group-name: Specify name of the peer group.
peer-address: Specify IP address of the peer.
number: Specify the repeating times of local AS, ranging from 1 to 10.

5-31

Description
Using peer allow-as-loop command, you can configure the repeating time of local AS.
Using undo peer allow-as-loop command, you can remove the repeating time of local
AS.
For the related commands, see display current-configuration, display bgp
routing-table peer, display bgp routing-table group
Example
# Specify to configure the repeating times of local AS to 2.
[Quidway-bgp] peer 1.1.1.1 allow-as-loop 2
5.1.35 peer as-number

Syntax
peer group-name as-number as-number
undo peer group-name as-number
View
BGP view
Parameter
as-number: The AS number of the peer/peer group, the range is 1 to 65535.
Description
Using peer as-number command, you can configure the AS number of peer group.
Using undo peer as-number command, you can delete the AS number of peer group.
By default, no AS number of peer group is configured.
Example
# Specify the peer AS number for the peer test as 100.
[Quidway-bgp] peer test as-number 100
5.1.36 peer as-path-acl export

Syntax
peer group-name as-path-acl acl-number export
undo peer group-name as-path-acl acl-number export

5-32

View
BGP view
Parameter
acl-number: Specify the filter list number of an AS regular expression. The range is 1 to
199.
export: For the advertised routes.
Description
Using peer as-path-acl export command, you can configure filtering Policy of BGP
advertised routes based on AS path list. Using undo peer as-path-acl command, you
can cancel the existing configuration.
By default, the peer group has no AS path list.
This command can only be configured on peer group.
For the related commands, see peer as-path-acl import.
Example
# Set the AS path ACL of the peer group test.
[Quidway-bgp] peer test as-path-acl 3 export
5.1.37 peer as-path-acl import

Syntax
peer { group-name | peer-address } as-path-acl acl-number import
undo peer { group-name | peer-address } as-path-acl acl-number import
View
BGP view
Parameter
peer-address: Specify IP address of the peer.
acl-number: Specify the filter list number of an AS regular expression. The range is 1 to
199.
import: For the received routes.

5-33

Description
Using peer as-path-acl import command, you can configure filtering Policy of BGP
received routes based on AS path list. Using undo peer as-path-acl import command,
you can cancel the existing configuration.
By default, the peer/peer group has no AS path list.
For the related commands, see peer as-path-acl export.
Example
# Set the AS path ACL of the peer group test to filter BGP received routes.
[Quidway-bgp] peer test as-path-acl 2 import
5.1.38 peer connect-interface

Syntax
peer { group-name | peer-address } connect-interface interface-name
undo peer { group-name | peer-address } connect-interface interface-name
View
BGP view
Parameter
group-name: Specified peer group.
peer-address: IP address of the peer.
interface-name: Interface name.
Description
Using peer connect-interface command, you can specify the source interface of a
route update packet. Using undo peer connect-interface command, you can restore
the best source interface.
By default, BGP uses the best source interface.
Usually, BGP uses the optimal route to update the source interface of the packets.
However, you can set the mode of the interface to Loopback in order to send route
updates even if the interface is not work normally.
Example
# Specify Vlan-interface1 as the source interface of a route update packet.
[Quidway-bgp] peer test connect-interface vlan-interface 1

5-34

5.1.39 peer default-route-advertise

Syntax
peer group-name default-route-advertise
undo peer group-name default-route-advertise
View
BGP view
Parameter
Description
Using peer default-route-advertise command, you can configure a peer group to
generate a default route for a peer. Using undo peer default-route-advertise
By default, a peer group does not import the default route.
For this command, no default route needs to exist in the routing table. A default route is
sent unconditionally to a peer with the next hop as itself.
For the related commands, see default-route-advertise. .
Example
# Configure a peer group named test to generate a default route.
[Quidway-bgp] peer test default-route-advertise
5.1.40 peer description

Syntax
peer { group-name | peer-address } description description-line
undo peer { group-name | peer-address } description
View
BGP view
Parameter
group-name: group name.
peer-address: address of the peer.
description-line: description information configured, which can be letters or figures.

5-35

Description
Using peer description command, you can configure the description information of the
peer/peer group. Using undo peer description command, you can cancel the
description information of the peer/peer group.
By default, description information of peers/peer group is not configured.
For the related commands, see display current-configuration, display bgp
routing-table peer, display bgp routing-table group.
Example
# Configure the description information of the peer whose name is group1 as beijing1.
[Quidway-bgp] peer group1 description beijing1
5.1.41 peer ebgp-max-hop

Syntax
peer group-name ebgp-max-hop [ ttl ]
undo peer group-name ebgp-max-hop
View
BGP view
Parameter
group-name: Specify Name of the peer group.
ttl: Maximum hop value. The range is 1 to 255. By default, the value is 64.
Description
Using peer ebgp-max-hop command, you can allow to establishing EBGP connection
with the peer on indirectly connected network. Using undo peer ebgp-max-hop
By default, this feature is disabled.
Example
# Allow to establishing EBGP connection with the peer group named test indirectly
connected.
[Quidway-bgp] peer test ebgp-max-hop
5.1.42 peer enable

Syntax
peer { group-name | peer-address } enable
5-36

undo peer { group-name | peer-address } enable
View
BGP view
Parameter
group-name: Specify the name of the peer group which specifies the entire peer group.
peer-address: IP address of a peer, which specifies a certain peer.
Description
Using peer enable command, you can enable the specified peer/peer group and
disable it by using undo peer enable command.
By default, BGP peer/peer group is enabled.
If the specified peer/peer group is disabled, the router will not exchange routing
information with the specified peer/peer group.
Example
# Disable the specified peer.
[Quidway-bgp] peer 18.10.0.9 group group1
[Quidway-bgp] undo peer 18.10.0.9 enable
5.1.43 peer filter-policy export

Syntax
peer group-name filter-policy acl-number export
undo peer group-name filter-policy acl-number export
View
BGP view
Parameter
group-name: Specify the name of the peer group.
peer-address: Specify the IP address of the peer.
acl-number: Specify an IP acl number, ranging from 2000 to 3999.
export: Egress filter policy.
Description
Using peer filter-policy export command, you can configure the filter-policy list of
routes advertised by a peer group. Using undo peer filter-policy export command,
5-37

By default, a peer/peer group has no access control list (acl).

For the related commands, see peer filter-policy import, ip as-path-acl, peer
as-path-acl export and peer as-path-acl import.
Example
# Set the filter-policy list of a peer group test.
[Quidway-bgp] peer test filter-policy 2000 export
5.1.44 peer filter-policy import

Syntax
peer { group-name | peer-address } filter-policy acl-number import
undo peer { group-name | peer-address } filter-policy acl-number import
View
BGP view
Parameter
acl-number: Specify an IP acl number, ranging from 2000 to 3999.
import: Ingress filter policy.
Description
Using peer filter-policy import command, you can configure the filter-policy list of the
routes received by a peer/peer group. Using undo peer filter-policy import command,
By default, a peer/peer group has no access control list (acl).
For the related commands, see peer filter-policy export, ip as-path-acl, peer
as-path-acl export and peer as-path-acl import.
Example
# Set the filter-policy list of a peer group test.
[Quidway-bgp] peer test filter-policy 2000 import
5.1.45 peer group

Syntax
peer peer-address group group-name [ as-number as-number ]
5-38

undo peer peer-address
View
BGP view
Parameter
Description
Using peer group command, you can add a peer to the exsiting peer group. Using
undo peer group command, you can delete the specified peer.
When adding a peer to a EBGP peer group without AS number, you should also specify
the peers AS number. While adding a peer to a IBGP peer group or to a EBGP peer
group with AS number, you need not specify the AS number for the peer.
Example
# Add a peer to the peer group test.
[Quidway-bgp] group test
[Quidway-bgp] peer 10.1.1.1 group test
5.1.46 peer ip-prefix export

Syntax
peer group-name ip-prefix prefixname export
undo peer group-name ip-prefix prefixname export
View
BGP view
Parameter
prefixname: Name of the specified ip-prefix.
export: Apply the filtering policy on the route transmitted to the specified peer/peer
group.
Description
Using peer ip-prefix export command, you can configure the route filtering policy of
routes advertised by the peer group based on the ip-prefix. Using undo peer ip-prefix

5-39

export command, you can cancel the route filtering policy of the peer/peer group based
on the ip-prefix.
By default, the route filtering policy of the peer group is not specified.
For the related commands, see ip ip-prefix, peer ip-prefix import.
Example
# Configure the route filtering policy of the peer group based on the ip-prefix 1.
[Quidway-bgp] peer group1 ip-prefix list1 export
5.1.47 peer ip-prefix import

Syntax
peer { group-name | peer-address } ip-prefix prefixname import
undo peer { group-name | peer-address } ip-prefix prefixname import
View
BGP view
Parameter
prefixname: Name of the specified ip-prefix.
import: Apply the filtering policy on the route received by the specified peer/peer
group.
Description
Using peer ip-prefix import command, you can configure the route filtering policy of
routes received by the peer/peer group based on the ip-prefix. Using undo peer
ip-prefix import command, you can cancel the route filtering policy of the peer/peer
group based on the ip-prefix.
By default, the route filtering policy of the peer/peer group is not specified.
For the related commands, see ip ip-prefix, peer ip-prefix export.
Example
# Configure the route filtering policy of the peer group based on the ip-prefix 1.
[Quidway-bgp] peer group1 ip-prefix list1 import

5-40

5.1.48 peer next-hop-local

Syntax
peer group-name next-hop-local
undo peer group-name next-hop-local
View
BGP view
Parameter
Description
Using peer next-hop-local command, you can configure to perform the process of the
next hop in the route to be advertised to the peer group and take the address of itself as
the next hop. Using undo peer next-hop-local command, you can cancel the existing
configuration.
Example
# When BGP distributes the routes to the peer group test, it will take its own address
as the next hop.
[Quidway-bgp] peer test next-hop-local
5.1.49 peer password

Syntax
peer { group-name | peer-address } password { cipher | simple } password
undo peer { group-name | peer-address } password
View
BGP view
Parameter
group-name: Name of the peer group.
peer-address: IP address of the peer, in dotted decimal format.
cipher: Displays the configured password in cipher text mode.
simple: Displays the configured password in simple text mode.
password: Password in character string form with 1 to 16 characters when parameter
simple is configured in the command or in the event of inputting the password in simple
text mode but parameter cipher is configured in the command; with 24 characters in

5-41

the event of inputting the password in cipher text mode when parameter cipher is
configured in the command.
Description
Using the peer password command, you can configure MD5 authentication for BGP
during TCP connection setup. Using the undo peer password command, you can
cancel the configuration.
By default, BGP does not perform MD5 authentication when TCP connection is set up.
Once MD5 authentication is enabled, both parties involved in the authentication must
be configured with identical authentication modes and passwords. Otherwise, TCP
connection will not be set up because of the failed authentication.
This command is used to configure MD5 authentication for the specific peer only when
the peer group to which the peer belongs is not configured with MD5 authentication.
Otherwise, the peer should be consistent with the peer group.
Example
# Adopt MD5 authentication on the TCP connection set up between the local router at
10.1.100.1 and the peer router at 10.1.100.2.
[Quidway-bgp] peer 10.1.100.2 password simple huawei
# Perform the similar configuration on the peer.
[Quidway-bgp] peer 10.1.100.1 password simple huawei
5.1.50 peer public-as-only

Syntax
peer group-name public-as-only
undo peer group-name public-as-only
View
BGP view
Parameter
group-name: Name of a peer group.
Description
Using peer public-as-only command, you can configure not to carry the AS number
when transmitting BGP update packets. Using undo peer public-as-only command,
you can configure to carry the AS number when transmitting BGP update packets.
By default, private AS number is carried when transmitting BGP update packets.

5-42

Generally, BGP transmits BGP update packets with the AS number (either public AS
number or private AS number). To enable some outbound routers to ignore the AS
number when transmitting update packets, you can configure not to carry the AS
number when transmitting BGP update packets.
Example
# Configure not to carry the private AS number when transmitting BGP update packets
to the peer named test.
[Quidway-bgp] peer test public-as-only
5.1.51 peer reflect-client

Syntax
peer group-name reflect-client
undo peer group-name reflect-client
View
BGP view
Parameter
Description
Using peer reflect-client command, you can configure a peer group as the route
reflector client. Using undo peer reflect-client command, you can cancel the existing
configuration.
This command only applies to peer group.
For the related commands, see reflect between-clients, reflector cluster-id.
Example
# Configure the peer group test as the route reflector client.
[Quidway-bgp] peer test reflect-client
5.1.52 peer route-policy export

Syntax
peer group-name route-policy route-policy-name export
undo peer group-name route-policy route-policy-name export
View
BGP view
5-43

Parameter
route-policy-name: The specified Route-policy. The length of route-policy-name
Description
Using peer route-policy export command, you can assign the Route-policy to the
routes advertised to the peer group. Using undo peer route-policy export command,
you can delete the specified Route-policy.
By default, the peer/peer group has no Route-policy association.
For the related commands, see peer route-policy import.
Example
# Apply the Route-policy named test-policy to the route coming from the peer/peer
group test.
[Quidway-bgp] peer test route-policy test-policy export
5.1.53 peer route-policy import

Syntax
peer { group-name | peer-address } route-policy route-policy-name import
undo peer { group-name | peer-address } route-policy route-policy-name import
View
BGP view
Parameter
route-policy-name: The specified Route-policy. The length of route-policy-name
Description
Using peer route-policy import command, you can assign the Route-policy to the
route coming from the peer/peer group. Using undo peer route-policy import
command, you can delete the specified Route-policy.
By default, the peer/peer group has no Route-policy association.
For the related commands, see peer route-policy export.

5-44

Example
# Apply the Route-policy named test-policy to the route coming from the peer/peer
group test.
[Quidway-bgp] peer test route-policy test-policy import
5.1.54 peer route-update-interval

Syntax
peer group-name route-update-interval seconds
undo peer group-name route-update-interval
View
BGP view
Parameter
group-name: Specify the name of the configured peer group.
seconds: The minimum interval of sending BGP update packets route. The range is 0 to
600. By default, the advertisement interval is: 5 seconds for internal peer/peer group,
and 30 seconds for external peer/peer group.
Description
Using peer route-update-interval command, you can configure the interval for the
transmission route of a peer group. Using undo peer route-update-interval command,
you can restore the interval to the default value.
Example
# Configure the interval of the BGP peer group test sending the route update packet
as 10 seconds.
[Quidway-bgp] peer test route-update-interval 10
5.1.55 peer timer

Syntax
peer { group-name | peer-address } timer keep-alive keepalive-interval hold
holdtime-interval }
undo peer { group-name | peer-address } timer
View
BGP view

5-45

Parameter
keepalive-interval: Keepalive interval to be specified. The range is 1 to 65535. By
default, its value is 60 seconds.
holdtime-interval: Holdtime interval to be specified. The range is 3 to 65535. By default,
its value is 180 seconds.
Description
Using peer timer command, you can configure the timers for a peer/peer group. Using
undo peer timer command, you can restore the timer to the default value.
The timer configured by using this command has a higher priority than the one
configured by using the timer command.
Example
# Configure Keepalive and Holdtime intervals of the peer group test.
[Quidway-bgp] peer test timer keep-alive 60 hold 180
5.1.56 preference
Syntax
preference ebgp-value ibgp-value local-value
undo preference
View
BGP view
Parameter
ebgp-value: Set preference value for routes learned from external peers.
ibgp-value: Set preference value for routes learned from internal peers.
local-value: Set preference value for local-origined routes.
The ebgp-value, ibgp-value and local-value parameters are in the range of 1 to 256. By
default, the first two is 256 and the last one is 130.
Description
Using preference command, you can configure BGP preference. Using undo
preference command, you can restore the default preference.

5-46

Three types of routes may be involved in BGP: routes learned from external peers,
routes learned from internal peers and local-origined routes. You can set preference
values for the three types of route.
You can set different BGP preference values for different sub address families.
Currently the system supports unicast and multicast address families.
Example
# Set the preferences of EBGP, IBGP and locally generated routes to 170.
[Quidway-bgp] preference 170 170 170
5.1.57 reflect between-clients

Syntax
reflect between-clients
undo reflect between-clients
View
BGP view
Parameter
none
Description
Using reflect between-clients command, you can configure the between-client
reflection of a route. Using undo reflect between-clients command, you can disable
this function.
By default, the reflection between clients is enabled.
For the related commands, see reflector cluster-id, peer reflect-client.
Example
# Disable the reflection between clients.
[Quidway-bgp] undo reflect between-clients
5.1.58 reflector cluster-id

Syntax
reflector cluster-id { cluster-id | address }
undo reflector cluster-id

5-47

View
BGP view
Parameter
cluster-id: Specify the cluster ID of the route reflector with the range from 1 to
4294967295.
address: Used as the interface address of the route reflectors cluster ID.
Description
Using reflector cluster-id command, you can configure the cluster ID of the route
reflector. Using undo reflector cluster-id command, you can delete the cluster ID of
the route reflector.
By default, each route reflector uses its Router ID as the cluster ID.
For the related commands, see reflect between-clients, peer reflect-client.
Example
# Set the cluster ID of the route reflector as 80.
[Quidway-bgp] reflector cluster-id 80
5.1.59 refresh bgp

Syntax
refresh bgp { all | peer-address | group group-name } { import | export }
View
User view
Parameter
all: Reset all the connections with BGP.
peer-address: Reset connection with a specified BGP peer.
group-name: Reset connection with a specified BGP peer group.
import: Refresh the routes learned from the peers
export: Refresh routes advertised to the peers.
Description
Using refresh bgp peer-address command, you can refresh general BGP routes.
When BGP routing policy changes, it is required to re-compute associated route
information. This command can refresh general BGP routes.

5-48

Example
# Refresh all BGP routes.
<Quidway>refresh bgp all
5.1.60 reset bgp

Syntax
reset bgp { all | peer-address [ flap-info ] }
View
User view
Parameter
peer-address: Reset connection with a specified BGP peer.
all: Reset all the connections with BGP.
flap-info: Reset the flap-info of a record at this peer address.
Description
Using reset bgp peer-address command, you can reset the connection of BGP with a
specified BGP peer.
Using reset bgp all command, you can reset all the connections with BGP.
Example
# Reset all the BGP connections to enable the new configuration (after configuring the
new Keepalive interval and Holdtime interval using the timer command).
<Quidway>reset bgp all
5.1.61 reset bgp dampening

Syntax
reset bgp dampening [ network-address [ mask ] ]
View
User view
Parameter
network-address: Network IP address related to the clearing attenuation information.
mask: Network mask.

5-49

Description
Using reset bgp dampening command, you can reset the attenuation information of a
route and release the suppression of a suppressed route.
For the related commands, see dampening, display bgp routing-table dampened.
Example
# Reset the route attenuation information of the specified route.
<Quidway>reset bgp dampening 20.1.0.0 255.255.0.0
5.1.62 reset bgp flap-info

Syntax
reset bgp flap-info [ regular-expression as-regular-expression | as-path-acl
acl-number } | network-address [ mask ] ]
View
User view
Parameter
regular-expression as-regular-expression: Reset the flap-info matching the AS path
regular expression.
as-path-acl acl-number: Reset the flap-info in consistency with a specified filter list.
The range of the parameter acl-number is 1 to 199.
network-address: Reset the flap-info of a record at this IP address.
mask: Network mask.
Description
Using reset bgp flap-info command, you can reset the flap-info of a route.
For the related commands, see dampening.
Example
# Reset the flap-info of all the routes that go through filter list 10.
<Quidway> reset bgp flap-info as-path-acl 10
5.1.63 reset bgp group

Syntax
reset bgp group group-name

5-50

View
User view
Parameter
Description
Using reset bgp group command, you can reset the connections between the BGP
and all the members of a group.
For the related commands, see peer group.
Example
# Reset BGP connections of all members from group1.
<Quidway> reset bgp group group1
5.1.64 summary
Syntax
summary
undo summary
View
BGP view
Parameter
none
Description
Using summary command, you can configure auto aggregation of sub-network routes
and disable it by using undo summary command,.
By default, no auto aggregation of sub-network routes is executed.
After the summary is configured, BGP cannot receive the sub-network routes imported
from the IGP, so the amount of the routing information can be reduced.
Example
# Make the auto aggregation of the sub-network routes.
[Quidway-bgp] summary

5-51

5.1.65 timer
Syntax
timer keep-alive keepalive-interval hold holdtime-interval
undo timer
View
BGP view
Parameter
keepalive-interval: Set the interval time value for keepalive time. The range is 1 to
65535. By default, its value is 60 seconds.
holdtime-interval: Set the interval time value for hold time. The range is 3 to 65535. By
default, its value is 180 seconds.
Description
Using timer command, you can configure the Keep-alive and Hold-time timer of BGP.
Using undo timer command, you can restore the default value of the Keep-alive and
Hold-time of the timer.
Example
# Configure the Keep-alive timer as 30 seconds and Hold-time timer as 90 seconds.
[Quidway-bgp] timer keep-alive 30 hold 90
5.1.66 undo synchronization

Syntax
undo synchronization
View
BGP view
Parameter
none
Description
Using undo synchronization command, you can cancel the synchronization of BGP
and IGP.
By default, BGP doesnt synchronize with IGP.
If the local BGP is not set synchronous with the IGP and the next hop of the learned
BGP route is reachable, the local BGP will add this BGP route into its routing table
5-52

immediately after it learns the route, rather than waiting till the IGP also learns the
route.
This command means BGP does not synchronize with IGP in current system. You need
not configure it for S6500 Series Ethernet Switches dont support synchronization of
BGP and IGP at present.
Example
# Cancel the synchronization of BGP and IGP.
[Quidway-bgp] undo synchronization

5-53

Chapter 6 IP Routing Policy Configuration Commands
Chapter 6 IP Routing Policy Configuration

Commands
Note:
6.1 IP Routing Policy Configuration Commands

The above describes the configuration commands in the routing policy, which are
independent of any specific routing protocol.
6.1.1 apply as-path

Syntax
apply as-path as-number-1 [ as-number-2 [ as-number-3 ... ] ]
undo apply as-path
View
Route policy view
Parameter
as-number-1... as-number-n: AS number to be added.
Description
Using apply as-path command, you can configure AS number to be added in front of
the original AS path in Route-policy. Using undo apply as-path command, you can
cancel the AS sequence number added in front of the original AS path.
By default, no AS number is set.
If the match condition of Route-policy is matched, the AS attribute of the transmitting
route will be changed.

6-1

Example
# Configure AS 200 to be added in front of the original AS path in Route-policy.
[Quidway-route-policy] apply as-path 200
6.1.2 apply community

Syntax
apply community [ none | [ aa:nn ] [ no-export-subconfed | no-export |
no-advertise ]* [ additive ] ]
undo apply community
View
Route policy view
Parameter
aa:nn: Community number.
no-export-subconfed: Not sending matched route outside AS.
no-advertise: Not sending matched route to any peer.
advertises to other sub-ASs.
additive: Additional known community attribute.
none: Deleted route community attribute.
Description
Using apply community command, you can configure the set BGP community
attribute of Route-policy. Using undo apply community command, you can cancel the
set BGP community attribute.
By default, BGP community attribute is not set.
For the related commands, see ip community-list, if-match community-list,
route-policy, display bgp routing-table community.
Example
# Configure one Route-policy applycommunity, whose node serial number is 16 and
match mode is permit, and enter Route policy view to set match conditions and attribute
modification actions to be executed.
[Quidway] route-policy applycommunity permit node 16
[Quidway-route-policy] if-match as-path 8
[Quidway-route-policy] apply community no-export

6-2

6.1.3 apply cost

Syntax
apply cost value
undo apply cost
View
Route policy view
Parameter
value: Specify the route cost value of route information.
Description
Using apply cost command, you can configure the route cost value of route
information. This command is one attribute apply sub-statements of Route-policy.
Using undo apply cost command, you can cancel the apply sub-statement.
For the related commands, see if-match interface, if-match acl, if-match ip-prefix,
if-match ip next-hop, if-match cost, if-match tag, route-policy, apply ip next-hop,
apply local-preference, apply origin and apply tag.
Example
# Define one apply sub-statement. When it is used for setting route information attribute,
it sets the route metric value of route information as 120.
[Quidway-route-policy] apply cost 120
6.1.4 apply cost-type

Syntax
apply cost-type [ internal | external ]
undo apply cost-type
View
Route policy View
Parameter
internal: Use the cost type of IGP as MED value of BGP to advertise route to EBGP
peer.
external: external cost type of IS-IS.

6-3

Description
Using apply cost-type command, you can configure the route cost type of route
Using undo apply cost-type command, you can cancel the apply sub-statement.
By default, route cost type is not set.
Example
# Set the cost type of IGP as MED value of BGP to advertise route to EBGP peer.
[Quidway-route-policy] apply cost-type internal
6.1.5 apply ip next-hop

Syntax
apply ip next-hop ip-address
undo apply ip next-hop
View
Route policy view
Parameter
ip-address: The next-hop address.
Description
Using apply ip next-hop command, you can configure the next hop address of route
Using undo apply ip next-hop command, you can cancel the apply sub-statement.
By default, no apply sub-statement is defined.
When it is used for setting route information attribute, it sets the next hop address area
of route information passing filtration.
if-match
ip
next-hop,
if-match
cost,
if-match
tag,
route-policy,
apply
local-preference, apply cost, apply origin and apply tag.
Example
# Set the next hop address of route information as 193.1.1.8 when it is used for setting
route information attribute.
[Quidway-route-policy] apply ip next-hop 193.1.1.8

6-4

6.1.6 apply isis

Syntax
apply isis [ level-1 | level-2 | level-1-2 ]
undo apply isis
View
Route policy view
Parameter
level-1: Set to import the matched route to level-1 area.
level-2: Set to import the matched route to level-2 area.
level-1-2: Set to import the matched route to both level-1 and levle-2 area.
Description
Using apply isis command, you can configure to apply the level of a matched route to
be imported to level-1, level-2 or level-1-2. Using undo apply isis command, you can
cancel the apply sub-statement.
By default, no apply clause is defined.
apply cost, apply origin, apply tag.
Example
# Define a set clause, setting to import the route to level-2.
[Quidway-route-policy] apply isis level-2
6.1.7 apply local-preference

Syntax
apply local-preference local-preference
undo apply local-preference
View
Route policy view
Parameter
local-preference: New set local preference.

6-5

Description
Using apply local-preference command, you can configure to apply the local
preference of route information. This command is one apply sub-statements of
Route-policy attribute set. Using undo apply local-preference command, you can
cancel the apply sub-statement.
Example
# Apply the local preference level of route information as 130 when this apply
sub-statement is used for setting route information attribute. .
[Quidway-route-policy] apply local-preference 130
6.1.8 apply origin

Syntax
apply origin { igp | egp as-number | incomplete }
undo apply origin
View
Route policy view
Parameter
igp: Set the BGP route information source as internal route
egp: Set the BGP route information source as external route
as-number: Specifies AS number of external route.
incomplete: Setting the BGP route information source as unknown source.
Description
Using apply origin command, which is one of attribute apply sub-statements of
Route-policy, you can configure to apply the route source. Using undo apply origin
command, you can cancel the apply sub-statement.
apply local-preference, apply cost and apply tag.
Example
it sets the route source of BGP route information as igp.
6-6

[Quidway-route-policy] apply origin igp
6.1.9 apply tag

Syntax
apply tag value
undo apply tag
View
Route policy view
Parameter
value: Specifies the tag value of route information.
Description
Using apply tag command, you can configure to set the tag area of OSPF route
information. This command is one of attribute apply sub-statements of Route-policy.
Using undo apply tag command, you can cancel the apply sub-statement.
apply local-preference, apply cost and apply origin.
Example
it sets the tag area of route information as 100.
[Quidway-route-policy] apply tag 100
6.1.10 display ip ip-prefix

Syntax
display ip ip-prefix [ ip-prefix-name ]
View
Any view
Parameter
ip-prefix-name: Specifies displayed address prefix list name. The length of
Description
Using display ip ip-prefix command, you can view the address prefix list.

6-7

For the related commands, see ip ip-prefix.
Example
# Display the information of the address prefix list named as p1.
<Quidway> display ip ip-prefix p1
name
index
conditions
ip-prefix / mask
GE
LE
p1
10
permit
10.1.0.0/16
17
18
Table 6-1 Description of information generated by the command display ip ip-prefix

Field
Description
name
Name of ip-prefix
index
Internal sequence number of ip-prefix
conditions
Mode: permit or deny
ip-prefix / mask
Address and network segment length of ip-prefix
GE
Greater-equal value of ip-prefix network segment length
LE
Less-equal value of ip-prefix network segment length
6.1.11 display route-policy

Syntax
display route-policy [ route-policy-name ]
View
Any view
Parameter
route-policy-name:
Specifies
displayed
Route-policy
name.
The
length
Description
Using display route-policy command, you can view the configured Route-policy
For the related commands, see route-policy.
Example
# Display the information of Route-policy named as policy1.
<Quidway> display route-policy policy1
Route-policy : policy1
Permit 10 : if-match (prefixlist) p1

6-8
of

apply cost 100

matched : 0
denied : 0
Table 6-2 Description of information generated by the command display route-policy

Field
Route-policy
Description
Name of ip-prefix
Information of the route-policy with mode configured as permit and
node as 10:
if-match
(prefixlist) p1
Permit 10
The configured if-match clause
apply cost 100
Apply routing cost 100 to the routes matching

the conditions defined by if-match clause
matched
Number of routes matching the conditions set

by if-match clause
denied
Number of routes not matching the conditions

set by if-match clause

Syntax
filter-policy { acl-number | ip-prefix ip-prefix-name } export [ protocol ]
undo filter-policy { acl-number | ip-prefix ip-prefix-name } export [ protocol ]
View
Routing protocol view
Parameter
acl-number: Number of the access control list used for matching the destination
address field of the routing information.
ip-prefix-name: Address prefix list used for matching the routing information destination
address field. The length of ip-prefix-name ranges from 1 to 19 character string.
protocol: The routing information of which kind of route protocol to be filtered.
Description
Using filter-policy export command, you can configure to set the filtering conditions of
the routing information advertised by a certain type of routing protocols. Using undo
filter-policy export command, you can cancel the filtering conditions set.
By default, the advertised routing information is not filtered.

6-9

conditions can be advertised. Then, the filter-policy command can be used to set the
information passing the filtration can be advertised.
For the related commands, see filter-policy import.
Example
# Define the filtering rules for advertising the routing information of RIP. Only the routing
information passing the filtering of address prefix list p1 will be advertised by RIP.
[Quidway-rip] filter-policy ip-prefix p1 export

Syntax
filter-policy { acl-number | ip-prefix ip-prefix-name } import
undo filter-policy { acl-number | ip-prefix ip-prefix-name } import
View
Routing protocol view
Parameter
acl-number: The access control list number used for matching the destination address
field of the routing information.
ip-prefix ip-prefix-name: The prefix address list name. Its matching object is the
destination address field of the routing information. The length of ip-prefix-name ranges
gateway ip-prefix-name: The prefix address list name of the neighbor router address.
Its matching object is the routing information advertised by the specified neighbor
router.
Description
Using filter-policy gateway import command, you can filter the received routing
information advertised by a specified router. Using undo filter-policy gateway import
command, you can cancel the setting of the filtering condition.
Using filter-policy import command, you can set the condition for filtering the routing
information. Using undo filter-policy import command, you can cancel the setting of
filter condition
By default, the received routing information is not filtered.

6-10

conditions can be received. Then, the filter-policy command can be used to set the
information passing the filtration can be received.
For the related commands, see filter-policy export.
Example
# Define the filtering rule for receiving routing information of RIP. Only the routing
information filtered through the address prefix list p1 can be received by RIP.
[Quidway-rip] filter-policy ip-prefix p1 import
6.1.14 if-match { acl | ip-prefix }

Syntax
if-match { acl acl-number | ip-prefix ip-prefix-name }
undo if-match { acl | ip-prefix }
View
Route policy view
Parameter
acl-number: Specify the number of the access control list used for filtration.
ip-prefix-name: Specify the prefix address list used for filtration. The length of
Description
Using if-match { acl | ip-prefix } command, you can configure the IP address range to
match the Route-policy. Using undo if-match { acl | ip-prefix } command, you can
cancel the setting of the match rule.
Filtration is performed by quoting an ACL or a prefix address list.
For the related commands, see if-match interface, if-match ip next-hop, if-match
cost, if-match tag, route-policy, apply ip next-hop, apply cost, apply
local-preference, apply origin and apply tag.
Example
# Define one if-match sub-statement. When the sub-statement is used for filtering route
information, the route information filtered by route destination address through address
prefix list p1 is enable to pass the if-match sub-statement.
[Quidway-route-policy] if-match ip-prefix p1

6-11

6.1.15 if-match as-path

Syntax
if-match as-path acl-number
undo if-match as-path
View
Route policy view
Parameter
acl-number: AS path based access control list number, ranging from 1 to 199.
Description
Using the if-match as-path command, you can match the AS path domain of the BGP
routing information; using the undo if-match as-path command, you can cancel the
match of AS path domain.
By default, AS path list number is not matched.
Example
# An as-path numbered as 2 is defined first, allowing the routing information of AS 100
and 200. Then the route-policy named test is defined. The node No.10 of this
route-policy defines a if-match sub-statement, which quotes the definition of as-path.
[Quidway] ip as-path-acl 2 permit 100:200
[Quidway] route-policy test permit node 10
[Quidway-route-policy] if-match as-path 2
6.1.16 if-match community

Syntax
if-match
community
basic-community-number
whole-match
adv-community-number }
undo if-match community
View
Route policy view
Parameter
basic-community-list-number: Basic community list number, ranging from 1 to 99.
adv-community-list-number: Advanced community list number, ranging from 100 to
199.

6-12

whole-match: Fully matching.
Description
Using if-match community command, you can match the community attribute of the
BGP information. Using undo if-match community command, you can cancel the
match of the community attribute.
This if-match sub-statement of route-policy is used to filter BGP routing information.
The match condition is specified according to the community attributes of the routing
information.
For the related commands, see route-policy, ip community-list.
Example
# A community-list numbered as 1 is defined first, allowing the autonomous system
number to contain the routing information of 100 and 200. Then, the route-policy named
test is defined. The node No.10 of the route-policy defines a if-match sub-statement,
which quotes the definition of the community-list.
[Quidway] ip community-list 1 permit 100:200
[Quidway] route-policy test permit node 10
[Quidway-route-policy] if-match community 1
6.1.17 if-match cost

Syntax
if-match cost value
undo if-match cost
View
Route policy view
Parameter
value: Specify the required route metric value, ranging from 0 to 4294967295.
Description
Using if-match cost command, you can configure one of the match rules of
route-policy to match the cost of the routing information. Using undo if-match cost
command, you can cancel the configuration of the match rule.
By default, no if-match sub-statement is defined.
if-match ip next-hop, if-match tag, route-policy, apply ip next-hop, apply
local-preference, apply cost, apply origin, apply tag.

6-13

Example
# A if-match sub-statement is defined, which allows the routing information with routing
cost 8 to pass this if-match sub-statement.
[Quidway-route-policy] if-match cost 8
6.1.18 if-match interface

Syntax
if-match interface { interface-name | interface-type interface-number }
undo if-match interface
View
Route policy view
Parameter
interface-type: Specify interface type.
interface-number: Specify interface number.
interface-name: Specify interface name.
Description
Using if-match interface command, you can configure to match the route whose next
hop is designated interface. Using undo if-match interface command, you can cancel
the setting of matching condition.
By default, no if-match sub-statement is defined.
It matches the corresponding interface of route next hop when filtering route.
For the related commands, see if-match acl, if-match ip-prefix, if-match ip next-hop,
if-match cost, if-match tag, route-policy, apply ip next-hop, apply cost, apply
Example
# Define one if-match sub-statement to match the route whose next hop interface is
Vlan-interface 1
[Quidway-route-policy] if-match interface Vlan-interface 1
6.1.19 if-match ip next-hop

Syntax
if-match ip next-hop { acl acl-number | ip-prefix ip-prefix-name }
undo if-match ip next-hop [ ip-prefix ]

6-14

View
Route policy view
Parameter
acl-number: Specify the number of the access control list used for filtration. The range
is 2000 to 2999.
ip-prefix-name: Specify the name of the prefix address list used for filtration. The length
of ip-prefix-name ranges from 1 to 19 character string.
Description
Using if-match ip next-hop command, you can configure one of the match rules of
route-policy on the next hop address of the routing information. Using undo if-match ip
next-hop command, you can cancel the setting of ACL matching condition. Using
undo if-match ip next-hop ip-prefix command, you can cancel the setting of address
prefix list matching condition.
Filtration is performed by quoting an ACL or a address prefix list.
if-match cost, if-match tag, route-policy, apply ip next-hop, apply cost, apply
Example
# Define a if-match sub-statement. It permits the routing information, whose route next
hop address passes the filtration of the prefix address list p1, to pass this if-match
sub-statement.
[Quidway-route-policy] if-match ip next-hop ip-prefix p1
6.1.20 if-match tag

Syntax
if-match tag value
undo if-match tag
View
Route policy view
Parameter
value: Specify the value in tag field of OSPF route information.

6-15

Description
Using if-match tag command, you can configure to match the tag field of OSPF route
information. Using undo if-match tag command, you can cancel the existing matching
rules.
if-match ip next-hop, if-match cost, route-policy, apply ip next-hop, apply cost,
Example
# Define one if-match sub-statement and enable the OSPF route information whose
value of tag is 8 to pass the if-match sub-statement.
[Quidway-route-policy] if-match tag 8
6.1.21 ip ip-prefix
Syntax
ip ip-prefix ip-prefix-name [ index index-number ] { permit | deny } network len
[ greater-equal greater-equal | less-equal less-equal ]
undo ip ip-prefix ip-prefix-name [ index index-number | permit | deny ]
View
System view
Parameter
ip-prefix-name: The specified address prefix list name. It identifies one address prefix
list uniquely. The length of ip-prefix-name ranges from 1 to 19 character string.
index-number: Identify an item in the prefix address list. The item with smaller
index-number will be tested first.
permit: Specify the match mode of the defined address prefix list items as permit
mode.
deny: Specify the match mode of the defined address prefix list items as deny mode.
network: The IP address prefix range (IP address). If it is 0.0.0.0 0, all the IP addresses
are matched.
len: The IP address prefix range (mask length). If it is 0.0.0.0 0, all the IP addresses are
matched.
greater-equal, less-equal: The address prefix range [greater-equal, less-equal] to be
matched after the address prefix network len has been matched. The meaning of
greater-equal is "larger than or equal to" , and the meaning of less-equal is "less than
or equal to". The range is len <= greater-equal <= less-equal <= 32. When only

6-16

greater-equal is used, it denotes the prefix range [greater-equal, 32]. When only
less-equal is used, it denotes the prefix range [len, less-equal].
Description
Using ip ip-prefix command, you can configure an address prefix list or one of its items,
which can also be deleted with undo ip ip-prefix command.
By default, theres no address prefix list.
The address prefix list is used for IP address filtering. An address prefix list may contain
several items, and each item specifies one address prefix range. The inter-item filtering
relation is "OR", i.e. passing an item means passing the filtering of this address prefix
list. Not passing the filtering of any item means not passing the filtration of this prefix
address list.
The address prefix range may contain two parts, which are determined by len and
[greater-equal, less-equal] respectively. If the prefix ranges of these two parts are both
specified, the IP to be filtered must match the prefix ranges of these two parts.
If you specify network len as 0.0.0.0 0, it only matches the default route.
Example
# The prefix address list of this address indicates to match the bits 1 to 8 and the bits 17
to 18 for filtering the IP address with the bits 1 to 8 and the bits 17 to 18 of the specified
IP network segment 10.0.192.0.
[Quidway] ip ip-prefix p1 permit 10.0.192.0 8 greater-equal 17 less-equal 18
6.1.22 route-policy
Syntax
route-policy route-policy-name { permit | deny } node { node-number }
undo route-policy route-policy-name [ permit | deny | node node-number ]
View
System view
Parameter
route-policy-name: Specify the Route-policy name to identify one Route-policy uniquely.
The length of route-policy-name parameter ranges from 1 to 16 character string.
permit: Specify the match mode of the defined Route-policy node as permit mode.
deny: Specify the match mode of the defined Route-policy node as deny mode.
node: Node of the route policy.
node-number: Index of the node in the route-policy. When this route-policy is used for
routing information filtration, the node with smaller node-number will be tested first.
6-17

Description
Using route-policy command, you can create and enter the Route-policy view. Using
undo route-policy command, you can delete the established Route-policy.
By default, no Route-policy is defined.
Route-policy is used for route information filtration or route policy. One Route-policy
comprises of some nodes and each node comprises of some match and apply
sub-statements. The if-match sub-statement defines the match rules of this node and
the apply sub-statement defines the actions after passing the filtration of this node. The
filtering relationship between the if-match sub-statements of the node is and, i.e., all
if-match sub-statements that meet the node. The filtering relation between Route-policy
nodes is "OR", i.e. passing the filtering of one node means passing the filtering of this
Route-policy. If the information doesnt pass the filtration of any nodes, it cannot pass
the filtration of this Route-policy.
if-match ip next-hop, if-match cost, if-match tag, apply ip next-hop, apply
local-preference, apply cost, apply origin and apply tag.
Example
# Configured one Route-policy policy1, whose node number is 10 and if-match mode is
permit, and enter Route policy view.
[Quidway] route-policy policy1 permit node 10
[Quidway-route-policy]

6-18

Chapter 7 Route Capacity Configuration Commands
Chapter 7 Route Capacity Configuration

Commands
7.1 Route Capacity Configuration Commands
7.1.1 display memory
Syntax
display memory [ slot slot-number ]
Mode
Any view
Parameter
slot-number: View the memory setting of the specified slot.
Description
Using display memory command, you can view the memory setting.
Example
# Display the current memory setting.
<Quidway> display memory
System Total Memory(bytes): 203563008
Total Used Memory(bytes): 77852012
Used Rate: 38%
The displayed information is described specifically in the following table:

Table 7-1 The description for the information displayed by the display memory
command
Item
Description
System
Total
Memory(bytes)
The total number of the Ethernet switch memory in byte.
Total
Used
Memory(bytes)
The total number of the used Ethernet switch memory in byte.
Used Rate
The used rate of the Ethernet switch memory

7-1

7.1.2 display memory limit

Syntax
display memory limit
Mode
Any view
Parameter
None
Description
Using display memory limit command, you can view the memory setting and state
information related to the Ethernet switch capacity, including available memory and
state information about connections such as times for disconnecting connections, times
for reestablishing connections and whether or not the current system is in the emergent
state.
Example
# Display the current memory setting and state information.
<Quidway> display memory limit
Current memory limit configuration information:
system memory safety: 40 (MBytes)
system memory limit: 30 (MBytes)
auto-establish enabled
Free Memory: 125705152 (Bytes)
The state information about connection:

The times of disconnect: 0
The times of reconnect: 0
The current state: Normal
The information displayed by this command includes the Ethernet switch memory limit,
the size of the idle memory, the times of the connection disconnecting, the times of the
connection reestablishment and the current state.
The displayed information is described specifically in the following table:

7-2

Table 7-2 The description for the information displayed by the display memory limit
command
Item
Description
system
safety
memory
system
limit
memory
The safety value of the Ethernet switch memory.

The lower limit of the Ethernet switch memory.
auto-establish
enabled
The system allows recovering the connection automatically. (If

the automatic recover is disabled, the "auto-establish
disabled" will be displayed.)
Free Memory
The size of the current idle memory.
The
times
disconnect: 0
of
The times of the connection disconnecting of the Ethernet

switch is 0.
The
times
reconnect: 0
of
The times of the connection reestablishment of the Ethernet

switch is 0.
The current state:

Normal
The current state is normal. (If entering the emergent state, the
system will display "Exigence" )
7.1.3 memory { safety | limit }

Syntax
memory { safety safety-value | limit limit-value }*
undo memory [ safety | limit ]
View
System view
Parameter
safety safety-value: The safety value of the Ethernet switch idle memory, in the unit of
Mbytes. Its value range depends on the idle memory of the active Ethernet switch.
limit limit-value: The lower limit of the Ethernet switch idle memory, in the unit of
Mbytes. Its value range depends on the idle memory of the active Ethernet switch.
Description
Using memory limit limit-value command, you can configure the lower limit of the
Ethernet switch idle memory. When the idle memory of the Ethernet switch is less than
this limit, all the routing protocol connections will be disconnected forcibly. The
limit-value in the command must be less than the current idle memory safety value, and
otherwise the configuration will fail.

7-3

Using memory safety safety-value command, you can configure the safety value of
the Ethernet switch idle memory. If you use the memory auto-establish enable
command (the default configuration), the routing protocol connection that is forcibly
disconnected will automatically recover when the idle memory of the Ethernet switch
reaches this value. The safety-value in the command must be more than the current
idle memory lower limit, and otherwise the configuration will fail.
Using memory safety safety-value limit limit-value command, you can change both of
the safety value and lower limit of the Ethernet switch idle memory. The safety-value
must be more than the limit-value, otherwise the configuration will fail.
Using undo memory command, you can configure the safety value and the lower limit
of the Ethernet switch idle memory to the default configuration.
For the related commands, see memory auto-establish disable, memory
auto-establish enable and display memory limit.
Example
# Set the lower limit of the Ethernet switch idle memory to 2Mbytes and the safety value
to 4Mbytes.
[Quidway] memory safety 4 limit 2
7.1.4 memory auto-establish disable

Syntax
memory auto-establish disable
View
System view
Parameter
none
Description
Using memory auto-establish disable command, you can disable the routing protocol
connection that is forcibly disconnected to recover automatically when the idle memory
of the Ethernet switch reaches this value. Thus, connections of all the routing protocols
will not recover when the idle memory of the Ethernet switch recovers to a safety value.
In this case, you need to restart the routing protocol to recover the connections.
By default, when the idle memory of the Ethernet switch recovers to a safety value,
connections of all the routing protocols will always recover (when the idle memory of
the Ethernet switch reduces to a lower limit, the connection will be disconnected
forcibly).
You shall use the command cautiously.
7-4

For the related commands, see memory auto-establish enable, memory { safety |
limit }, display memory limit.
Example
# Disable memory resume of the current Ethernet switch and recover connections of all
the protocols automatically.
[Quidway] memory auto-establish disable
7.1.5 memory auto-establish enable

Syntax
memory auto-establish enable
View
System view
Parameter
None
Description
Using memory auto-establish enable command, the routing protocol connection that
is forcibly disconnected to recover automatically when the idle memory of the Ethernet
switch reaches this value.
By default, when the idle memory of the Ethernet switch recovers to a safety value,
connections of all the routing protocols will always recover (when the idle memory of
the Ethernet switch reduces to a lower limit, the connection will be disconnected
forcibly).
For the related commands, see memory auto-establish disable, memory { safety |
limit }, display memory limit.
Example
# Enable memory resume of the current Ethernet switch and recover connections of all
the protocols automatically.
[Quidway] memory auto-establish enable

7-5
HUAWEI

Command Manual
Multicast Protocol
Command Manual - Multicast Protocol

Table of Contents
Table of Contents
Chapter 1 GMRP Configuration Commands............................................................................... 1-1
1.1 GMRP Configuration Commands ...................................................................................... 1-1
1.1.1 debugging gmrp ...................................................................................................... 1-1
1.1.2 display gmrp statistics ............................................................................................. 1-1
1.1.3 display gmrp status ................................................................................................. 1-2
1.1.4 gmrp ........................................................................................................................ 1-3
Chapter 2 IGMP Snooping Configuration Commands............................................................... 2-1
2.1 IGMP Snooping Configuration Commands ....................................................................... 2-1
2.1.1 display igmp-snooping configuration....................................................................... 2-1
2.1.2 display igmp-snooping group .................................................................................. 2-2
2.1.3 display igmp-snooping statistics.............................................................................. 2-3
2.1.4 igmp-snooping......................................................................................................... 2-3
2.1.5 igmp-snooping host-aging-time............................................................................... 2-4
2.1.6 igmp-snooping max-response-time......................................................................... 2-5
2.1.7 igmp-snooping router-aging-time ............................................................................ 2-6
2.1.8 reset igmp-snooping statistics................................................................................. 2-6
Chapter 3 Multicast Common Configuration Commands ......................................................... 3-1
3.1 Multicast Common Configuration Commands ................................................................... 3-1
3.1.1 debugging multicast forwarding .............................................................................. 3-1
3.1.2 debugging multicast kernel-routing ......................................................................... 3-2
3.1.3 debugging multicast status-forwarding ................................................................... 3-2
3.1.4 display multicast forwarding-table ........................................................................... 3-3
3.1.5 display multicast routing-table................................................................................. 3-4
3.1.6 multicast route-limit ................................................................................................. 3-6
3.1.7 multicast routing-enable .......................................................................................... 3-6
3.1.8 reset multicast forwarding-table .............................................................................. 3-7
3.1.9 reset multicast routing-table .................................................................................... 3-8
Chapter 4 IGMP Configuration Commands ................................................................................ 4-1
4.1 IGMP Configuration Commands........................................................................................ 4-1
4.1.1 debugging igmp....................................................................................................... 4-1
4.1.2 display igmp group .................................................................................................. 4-2
4.1.3 display igmp interface ............................................................................................. 4-3
4.1.4 igmp enable............................................................................................................. 4-3
4.1.5 igmp group-limit....................................................................................................... 4-4
4.1.6 igmp group-policy .................................................................................................... 4-5
4.1.7 igmp group-policy vlan ............................................................................................ 4-6
4.1.8 igmp host-join .......................................................................................................... 4-7
i

Table of Contents
4.1.9 igmp host-join port................................................................................................... 4-7

4.1.10 igmp host-join vlan ................................................................................................ 4-8
4.1.11 igmp lastmember-queryinterval............................................................................. 4-9
4.1.12 igmp max-response-time..................................................................................... 4-10
4.1.13 igmp robust-count ............................................................................................... 4-10
4.1.14 igmp timer other-querier-present......................................................................... 4-12
4.1.15 igmp timer query.................................................................................................. 4-12
4.1.16 igmp version ........................................................................................................ 4-13
4.1.17 reset igmp group ................................................................................................. 4-14
Chapter 5 PIM Configuration Commands ................................................................................... 5-1
5.1 PIM Configuration Commands........................................................................................... 5-1
5.1.1 bsr-policy ................................................................................................................. 5-1
5.1.2 c-bsr ........................................................................................................................ 5-2
5.1.3 c-rp .......................................................................................................................... 5-3
5.1.4 crp-policy ................................................................................................................. 5-4
5.1.5 debugging pim common.......................................................................................... 5-5
5.1.6 debugging pim dm................................................................................................... 5-6
5.1.7 debugging pim sm................................................................................................... 5-6
5.1.8 display pim bsr-info ................................................................................................. 5-7
5.1.9 display pim interface ............................................................................................... 5-8
5.1.10 display pim neighbor ............................................................................................. 5-9
5.1.11 display pim routing-table ..................................................................................... 5-10
5.1.12 display pim rp-info ............................................................................................... 5-11
5.1.13 pim....................................................................................................................... 5-12
5.1.14 pim bsr-boundary ................................................................................................ 5-12
5.1.15 pim dm................................................................................................................. 5-13
5.1.16 pim neighbor-limit ................................................................................................ 5-14
5.1.17 pim neighbor-policy ............................................................................................. 5-14
5.1.18 pim sm................................................................................................................. 5-15
5.1.19 pim timer hello ..................................................................................................... 5-16
5.1.20 register-policy ...................................................................................................... 5-16
5.1.21 reset pim neighbor .............................................................................................. 5-17
5.1.22 reset pim routing-table ........................................................................................ 5-18
5.1.23 source-policy ....................................................................................................... 5-19
5.1.24 static-rp................................................................................................................ 5-20
Chapter 6 Multicast MAC Address Configuration Commands ................................................. 6-1
6.1 Multicast MAC Address Configuration Commands ........................................................... 6-1
6.1.1 mac-address multicast ............................................................................................ 6-1
6.1.2 display mac-address multicast ................................................................................ 6-2
6.1.3 display mac-address multicast count ...................................................................... 6-2

ii

Chapter 1 GMRP Configuration Commands

1.1 GMRP Configuration Commands
1.1.1 debugging gmrp
Syntax
debugging gmrp { event | packet }
undo debugging gmrp { event | packet }
View
User view
Parameter
event: GMRP event.
packet: GMRP packet.
Description
Using debugging gmrp command, you can enable GMRP debugging. Using undo
debugging gmrp you can disable GMRP debugging.
When IGMP-snooping is enabled on the switch, you can view these contents of the
IGMP snooping configuration: IGMP Snooping enabled or not, aging time of the port,
maximum query response time, aging time of the multicast port.
For the related command, see igmp-snooping.
Example
# Enable GMRP event debugging.
<Quidway> debugging gmrp event
GMRP: Max number of GMRP entries reached
1.1.2 display gmrp statistics

Syntax
display gmrp statistics [ interface interface-list ]
View
Any view

1-1

Parameter
interface interface-list: Specifies Ethernet port list, expressed as interface-list =
| interface_name } ] }&<1-10>. For meanings and value ranges of interface-type,
interface-number and interface-name, refer to the syntax description in the Port
Configuration of this manual.
Description
Using display gmrp statistics command, you can view the statistics information about
GMRP.
This command is used for displaying the statistics information about GMRP, including
the list of ports with GMRP enabled, GMRP status information, GMRP failed
registrations and last origin of GMRP packet data unit (PDU).
Example
# Display the statistics information about GMRP on Ethernet 2/0/1.
<Quidway> display gmrp statistics interface Ethernet 2/0/1
GMRP statistics on port Ethernet2/0/1
Gmrp Status
: Enabled
Gmrp Failed Registrations : 0

Gmrp Last Pdu Origin
: 0000-0000-0000
1.1.3 display gmrp status

Syntax
display gmrp status
View
Any view
Parameter
None
Description
Using display gmrp status command, you can view the status of global GMRP.
This command can be used for displaying the enabled/disabled status of global GMRP.
Example
# Display the status of global GMRP.
<Quidway> display gmrp status

1-2

GMRP is enabled
Table 1-1 Global GMRP status information

Field
Description
GMRP is enabled
GMRP is enabled globally.
1.1.4 gmrp
Syntax
gmrp
undo gmrp
View
Parameter
None
Description
Using gmrp command, you can enable global GMRP or enable GMRP on a port. Using
undo gmrp command, you can configure the GMRP back to the default setting,
namely disabled.
By default, GMRP is disabled
Executed in system view, this command will enable the global GMRP. After performing
this command in Ethernet port view, GMRP will be enabled on a port.
Before enabling GMRP on a port, you shall enable GMRP globally.
For the related command, see display gmrp status, display gmrp statistics.
Example
# Enable GMRP globally.
[Quidway] gmrp

1-3

Chapter 2 IGMP Snooping Configuration Commands
Chapter 2 IGMP Snooping Configuration

Commands
2.1 IGMP Snooping Configuration Commands
2.1.1 display igmp-snooping configuration
Syntax
display igmp-snooping configuration
View
Any view
Parameter
None
Description
Using display igmp-snooping configuration command, you can view the IGMP
Snooping configuration information.
This command is used to display the IGMP Snooping configuration information of the
switch. The information displayed includes whether IGMP Snooping is enabled, router
port timeout, maximum response timeout of a query and the member port timeout.
Example
# Display the IGMP Snooping configuration information of the switch.
<Quidway> display igmp-snooping configuration
Enable IGMP-Snooping.
The router port timeout is 105 second(s).
The max response timeout is 10 second(s).
The host port timeout is 260 second(s).
The information above tells us that: IGMP Snooping is enabled; the router port timer is
set to be 105 seconds; the max response timer is set to be 10 seconds; the aging timer
of multicast group member is set to be 260 seconds.

2-1

2.1.2 display igmp-snooping group

Syntax
display igmp-snooping group [ vlan vlan_id ]
View
Any view
Parameter
vlan vlan_id: Specifies the VLAN where the multicast group to be viewed is located.
When the parameter is omitted, the command will display the information about all the
multicast groups on the VLAN.
Description
Using display igmp-snooping group command, you can view the IP multicast groups
and MAC multicast groups under VLAN.
This command displays the IP multicast group and MAC multicast group information of
a VLAN or all the VLAN where the Ethernet switch is located. It displays the information
such as VLAN ID, router port, IP multicast group address, member ports in the IP
multicast group, MAC multicast group, MAC multicast group address, and the member
ports in the MAC multicast group.
Example
# Display the multicast group information about VLAN2.
<Quidway> display igmp-snooping group vlan 2
***************Multicast group table***************
Vlan(id):2.
Router port(s):Ethernet0/1
IP group(s):the following ip group(s) match to one mac group.
IP group address:230.45.45.1
Member port(s):Ethernet0/12
MAC group(s):
MAC group address:01-00-5e-2d-2d-01
Member port(s):Ethernet0/12
We can know from the information listed above that :

z
There is a multicast group in VLAN 2;
The router port is Ethernet 0/1;
The address of the multicast group is 230.45.45.1;
The member of the IP multicast group is Ethernet 0/12;
MAC multicast group is 0100-5e2d-2d01;
The member of the MAC multicast group is Ethernet 0/12.

2-2

2.1.3 display igmp-snooping statistics

Syntax
display igmp-snooping statistics
View
Any view
Parameter
None
Description
Using display igmp-snooping statistics command, you can view the statistics
information on IGMP Snooping.
This command displays the statistics information about IGMP Snooping of Ethernet
switch. It displays the information such as number of received general IGMP query
packets, received IGMP specific query packets, received IGMP Version 1 and Version 2
report packets, received IGMP leave packets and error packets, and sent IGMP
specific query packets.
Example
# Display statistics information about IGMP Snooping.
<Quidway> display igmp-snooping statistics
Received IGMP general query packet(s) number:0.
Received IGMP specific query packet(s) number:0.
Received IGMP V1 report packet(s) number:0.
Received IGMP V2 report packet(s) number:0.
Received IGMP leave packet(s) number:0.
Received error IGMP packet(s) number:0.
Sent IGMP specific query packet(s) number:0.
2.1.4 igmp-snooping
Syntax
igmp-snooping { enable | disable }
View
System view, VLAN view

2-3

Parameter
enable: Enables IGMP Snooping.
disable: Disables IGMP Snooping; By default, the switch disables IGMP Snooping
feature.
Description
Using igmp-snooping enable command, you can enable/disable IGMP Snooping.
Using igmp-snooping disable command, you can restore the default setting.
Caution:
z
IGMP Snooping and GMRP cannot run at the same time. You can check if GMRP is
running, using the display gmrp status command, in any view, before enabling
IGMP Snooping.
Although layer 2 and layer 3 multicast protocols can run together, they cannot run
on the same VLAN or its corresponding VLAN interface at the same time. For
example, if the layer 2 multicast protocol is enabled on a VLAN, then the layer 3
multicast protocol cannot operate on this VLAN, and vice versa.
IGMP Snooping functions only when it is enabled both in system view and in VLAN
view.
Example
# Enable IGMP Snooping on VLAN 100
[Quidway] igmp-snooping enable
[Quidway] vlan 100
[Quidway-vlan100] igmp-snooping enable
2.1.5 igmp-snooping host-aging-time

Syntax
igmp-snooping host-aging-time seconds
undo igmp-snooping host-aging-time
View
System view

2-4

Parameter
seconds: Specifies the port aging time of the multicast group member, ranging from 200
to 1000 and measured in seconds; By default, 260.
Description
Using igmp-snooping host-aging-time command, you can configure the port aging
time of the multicast group members. Using undo igmp-snooping host-aging-time
This command is used to set the aging time of the multicast group member so that the
refresh frequency can be controlled. When the group members change frequently, the
aging time should be comparatively short, and vice versa.
Example
# Set the aging time to 300 seconds.
[Quidway] igmp-snooping host-aging-time 300
2.1.6 igmp-snooping max-response-time

Syntax
igmp-snooping max-response-time seconds
undo igmp-snooping max-response-time
View
System view
Parameter
seconds: Maximum response time for a query ranging from 1 to 25 and measured in
seconds; By default, 10 seconds.
Description
Using igmp-snooping max-response-time command, you can configure the
maximum
response
time
for
query.
Using
undo
igmp-snooping
max-response-time command, you can restore the default value.

The set maximum response time decides the time limit for the switch to respond to
IGMP Snooping general query packets.
For the related command, see igmp-snooping, igmp-snooping router-aging-time.
Example
# Configure to respond the IGMP Snooping packet within 12s.

2-5

[Quidway] igmp-snooping max-response-time 12
2.1.7 igmp-snooping router-aging-time

Syntax
igmp-snooping router-aging-time seconds
undo igmp-snooping router-aging-time
View
System view
Parameter
seconds: Specifies the router port aging time, ranging from 1 to 1000 measured in
seconds; By default, 105
Description
Using igmp-snooping router-aging-time command, you can configure the router port
aging time of IGMP Snooping. Using undo igmp-snooping router-aging-time
The port here refers to the Ethernet switch port connected to the router. The Layer-2
Ethernet switch receives general query packets from the router via this port. The timer
should be set to about 2.5 times of the general query period of the router.
For
the
related
command,
see
igmp-snooping,
igmp-snooping
max-response-time.
Example
# Set the aging time of the IGMP Snooping router port to 300 seconds.
[Quidway] igmp-snooping router-aging-time 300
2.1.8 reset igmp-snooping statistics

Syntax
reset igmp-snooping statistics
View
User view
Parameter
None

2-6

Description
Using reset igmp-snooping statistics command, you can reset the IGMP Snooping
statistics information.
Example
# Clear IGMP Snooping statistics information.
<Quidway> reset igmp-snooping statistics

2-7

Chapter 3 Multicast Common Configuration Commands
Chapter 3 Multicast Common Configuration

Commands
Note:
When running IP multicast protocols, Ethernet switches also provide the functions of
switches. We use routers in this manual to stand for not only the common routers but
also the layer 3 Ethernet switches running IP multicast protocols.
3.1 Multicast Common Configuration Commands

3.1.1 debugging multicast forwarding
Syntax
debugging multicast forwarding
undo debugging multicast forwarding
View
User view
Parameter
None
Description
Using debugging multicast forwarding command, you can enable multicast packet
forwarding debugging functions. Using undo debugging multicast forwarding
command, you can disable the debugging functions.
By default, the debugging function is disabled.
Example
# Enable multicast packet forwarding debugging functions.
<Quidway> debugging multicast forwarding

3-1

3.1.2 debugging multicast kernel-routing

Syntax
debugging multicast kernel-routing
undo debugging multicast kernel-routing
View
User view
Parameter
None
Description
Using debugging multicast kernel-routing command, you can enable multicast
kernel routing debugging functions. Using undo debugging multicast kernel-routing
command, you can disable the debugging functions.
Example
# Enable multicast kernel routing debugging functions.
<Quidway> debugging multicast kernel-routing
3.1.3 debugging multicast status-forwarding

Syntax
debugging multicast status-forwarding
undo debugging multicast status-forwarding
View
User view
Parameter
None
Description
Using debugging multicast status-forwarding command, you can enable multicast
forwarding
status
debugging
functions.
Using
undo
debugging
status-forwarding command, you can disable the debugging functions.
Example
# Enable multicast forwarding status debugging functions.
<Quidway> debugging multicast status-forwarding
3-2
multicast

3.1.4 display multicast forwarding-table

Syntax
display multicast forwarding-table [ group-address [ mask { mask | mask-length } ] |
source-address [ mask { mask | mask-length } ] | incoming-interface register ] *
View
Any view
Parameter
group-address: Multicast group address, used to specify a multicast group, ranging
from 224.0.0.0 to 239.255.255.255.
source-address: Unicast IP address of the multicast source.
incoming-interface: Incoming interface of the multicast forwarding table.
register: Register interface of PIM-SM.
Description
Using display multicast forwarding-table command, you can view the information of
IP multicast forwarding table.
For the related command, see display multicast routing-table.
Example
# View the multicast forwarding table information.
<Quidway> display multicast forwarding-table
Multicast Forwarding Cache Table
Total 2 entries
00001. (4.4.4.4, 224.2.254.84), iif Vlan-interface1, 0 oifs

Matched 240 pkts(11288 bytes), Wrong If 0 pkts
Forwarded 232 pkts(11288 bytes)
00002. (4.4.4.4, 224.2.149.17), iif Vlan-interface1, 1 oifs

List of outgoing interface:
01: Vlan-interface2
Matched 236 pkts(3267 bytes), Wrong If 0 pkts
Forwarded 233 pkts(3267 bytes)
Matched 2 entries

3-3

Table 3-1 Description of information generated by the command display multicast

forwarding-table
Field
Description
Multicast Forwarding Cache Table
Multicast forwarding cache table
Total 2 entries
Total number of entries
00002
Sequence number of entries
(4.4.4.4, 224.2.149.17)
(s,g)
iif Vlan-interface1, 1 oifs
Multicast forwarding cache table has an

incoming interface Vlan-interface 1 and one
outgoing interface
List of outgoing interface:
List of outgoing interface has an outgoing

interface Vlan-interface 2
01: Vlan-interface2
Matched 236 pkts(3267 bytes),
Wrong If 0 pkts
Forwarded
bytes)
236
pkts(3267
Matched 2 entries
236 matched packets (3267 bytes); 0

matched packets means wrong; 233
forwarded packets (3267 bytes)
2 matched entries
3.1.5 display multicast routing-table

Syntax
display multicast routing-table [ group-address [ mask { mask | mask-length } ] |
source-address [ mask { mask | mask-length } ] | incoming-interface { interface-type
interface-number | register } ]*
View
Any view
Parameter
group-address: Multicast group address, used to specify a multicast group and display
the corresponding routing table information of the group. The value ranges from
224.0.0.0 to 239.255.255.255.
source-address: Unicast IP address of the multicast source.
incoming-interface: Incoming interface of the multicast route entry.
register: Register interface of PIM-SM.

3-4

Description
Using display multicast routing-table command, you can view the information of IP
multicast routing table.
This command displays the multicast routing table information, while the display
multicast forwarding-table command displays the multicast forwarding table
information.
Example
# View the route entry information in the multicast routing table.
[Quidway] display multicast routing-table
Multicast Routing Table
Total 3 entries
(4.4.4.4, 224.2.149.17)
Uptime: 00:15:16, Timeout in 272 sec
Upstream interface: Vlan-interface1(4.4.4.6)
Downstream interface list:
Vlan-interface2(2.2.2.4), Protocol 0x1: IGMP
(4.4.4.4, 224.2.254.84)
Downstream interface list: NULL
(4.4.4.4, 239.255.2.2)
Matched 3 entries
Table 3-2 Description of information generated by the command display multicast

routing-table
Field
Description
Multicast Routing Table
Multicast routing table
Total 3 entries
3 entries in total
(4.4.4.4, 224.2.149.17)
(s, g)
Uptime: 00:15:16, Timeout in

272 sec
Multicast routing table lasts 1516 and times out in

272 seconds.
Upstream interface:
Upstream interface vlan-interface 1 (its IP address

3-5

Field
Description
Vlan-interface1(4.4.4.6)
Downstream interface list:
is 4.4.4.6).
Vlan-interface2(2.2.2.4),
Protocol 0x1: IGMP
Downstream interface list: has an interface

Vlan-interface 2 (its IP address is 2.2.2.4). The
downstream interface is configured with IGMP
groups.
Matched 3 entries
3 entries in total meeting the requirement
3.1.6 multicast route-limit

Syntax
multicast route-limit limit
undo multicast route-limit
View
System view
Parameter
limit: Limits the capacity of multicast routing table, in the range of 0 to 1024
Description
Using multicast route-limit command, you can limit the capacity of multicast routing
table. When the preset capacity is exceeded, the router will discard new (S, G) protocol
and data packets. Using undo multicast route-limit command, you can restore the
limit to the default value.
By default, the capacity of multicast routing table is set to 512.
If the existing route entries exceed the capacity value you configured during using this
command, the system will not delete the existing entries, but prompts the information
Existing route entries exceed the configured capacity value.
The new configuration overwrites the old one if you run the command for a second
time.
Example
# Limit multicast routing table capacity at 256.
[Quidway] multicast route-limit 256
3.1.7 multicast routing-enable

Syntax
multicast routing-enable
3-6

undo multicast routing-enable
View
System view
Parameter
None
Description
Using multicast routing-enable command, you can enable IP multicast routing. Using
undo multicast routing-enable command, you can disable IP multicast routing.
By default, IP multicast routing is disabled.
The system will not forward any multicast packet when IP multicast routing is disabled.
For the related commands, see pim dm and pim sm.
Example
# Enable IP multicast routing.
[Quidway] multicast routing-enable
3.1.8 reset multicast forwarding-table

Syntax
reset multicast forwarding-table [ statistics ] { all | { group-address [ mask
{ group-mask | group-mask-length } ] | source-address [ mask
{ source-mask |
source-mask-length } ] | incoming-interface interface-type interface-number } * }
View
User view
Parameter
statistics: If it is selected, the system clears the statistic information of MFC forward
entries. Otherwise, the system clears MFC forward entries.
all: All MFC forward entries.
group-address: Specifies group address.
group-mask: Specifies Mask of group address
group-mask-length: Specifies mask length of group address.
source-address: Specifies source address.
source-mask: Specifies mask of source address.

3-7

source-mask-length: Specifies mask length of source address.

incoming-interface: Specifies incoming interface for the forward entry.
interface-type interface-number: Interface type and interface number.
Description
Using reset multicast forwarding-table command, you can clear MFC forwarding
entries or statistic information of MFC forwarding entries.
You can type in source address first and group address after in the command, as long
as they both are valid addresses. The system prompts error information if you type in
invalid addresses.
For the related commands, see reset pim routing-table, reset multicast
routing-table and display multicast forwarding-table.
Example
# Clear the forwarding entry with address of 225.5.4.3 from the MFC forwarding table.
<Quidway> reset multicast forwarding-table 225.5.4.3
# Clear statistic information of the forwarding entry with address of 225.5.4.3 from the
MFC forwarding table.
<Quidway> reset multicast forwarding-table statistics 225.5.4.3
3.1.9 reset multicast routing-table

Syntax
reset multicast routing-table { all | { group-address [ mask { group-mask |
group-mask-length } ] | source-address [ mask { source-mask | source-mask-length } ]
| incoming-interface interface-type interface-number } * }
View
User view
Parameter
all: All route entries in the core multicast routing table.
group-mask: Specifies Mask of group address
group-mask-length: Specifies mask length of group address.
source-mask: Specifies mask of source address.
source-mask-length: Specifies mask length of source address.
incoming-interface: Specifies incoming interface for the forward entry.
3-8

interface-type interface-number: Interface type and interface number.
Description
Using reset multicast routing-table command, you can clear route entries from the
core multicast routing table, as well as MFC forwarding entries.
as they both are valid addresses. The system prompts error information if you type in
invalid addresses.
For the related commands, see reset pim routing-table, reset multicast
forwarding-table and display multicast forwarding-table.
Example
# Clear the route entry with address of 225.5.4.3 from the core multicast routing table.
<Quidway> reset multicast routing-table 225.5.4.3

3-9

Chapter 4 IGMP Configuration Commands
Note:
4.1 IGMP Configuration Commands

4.1.1 debugging igmp
Syntax
debugging igmp { all | event | host | packet | timer }
undo debugging igmp { all | event | host | packet | timer }
View
User view
Parameter
all: All the debugging information of IGMP.
event: Debugging information of IGMP event.
host: Debugging information of IGMP host.
packet: Debugging information of IGMP packets.
timer: Debugging information of IGMP timers.
Description
Using debugging igmp command, you can enable IGMP debugging functions. Using
undo debugging igmp command, you can disable the debugging functions.
By default, IGMP debugging functions are disabled.
Example
# Enable all IGMP debugging functions
<Quidway> debugging igmp all

4-1

4.1.2 display igmp group

Syntax
display igmp group [ group-address | interface interface-type interface-number ]
View
Any view
Parameter
group-address: Address of the multicast group.
interface-type interface-number: Interface type and interface number of the router,
used to specify the specific interface.
Description
Using display igmp group command, you can view the member information of the
IGMP multicast group.
You can specify to show the information of a group or the member information of the
multicast group on an interface. The information displayed contains the multicast
groups which are joined by the downstream hosts through IGMP or through command
line.
For the related command, see igmp host-join.
Example
# View the member information of multicast group in the system.
<Quidway> display igmp group
Total 1 IGMP group reported on this router.
Vlan-interface7 (90.7.1.1): No multicast-group joined
Vlan-interface9 (90.9.1.1): Total 1 IGMP Group reported on this interface:
Group Address
Last Reporter
Uptime
Expires
239.255.255.250
90.9.1.254
23:17:02
00:02:25
Table 4-1 Output description of the display igmp group command

Field
Description
Group address
Multicast group address
Last Reporter
The last host reporting to join in the multicast group
Uptime
Time passed since multicast group is discovered (hh: mm: ss).
Expires
Specifies when the member will be removed from the multicast

group (hh: mm: ss).

4-2

4.1.3 display igmp interface

Syntax
display igmp interface [ interface-type interface-number ]
View
Any view
Parameter
interface-type interface-number: Interface type and interface number of the router,
used to specify the interface. If the parameters are omitted, information about all the
interfaces running IGMP will be displayed.
Description
Using display igmp interface command, you can view the IGMP configuration and
running information on an interface.
Example
# View the IGMP configuration and running information of all interfaces.
<Quidway> display igmp interface
Vlan-interface1 (10.153.17.99):
IGMP is enabled
Current IGMP version is 2
Value of query interval for IGMP(in seconds): 60
Value of other querier time out for IGMP(in seconds): 120
Value of maximum query response time for IGMP(in seconds): 10
Value of robust count for IGMP: 2
Value of startup query interval for IGMP(in seconds): 15
Value of last member query interval for IGMP(in seconds): 1
Value of query timeout for IGMP version 1(in seconds): 400
Policy to accept IGMP reports: none
Querier for IGMP: 10.153.17.99 (this router)
IGMP group limit is 1024
No IGMP group reported
4.1.4 igmp enable

Syntax
igmp enable
igmp disable

4-3

View
Interface view
Parameter
None
Description
Using igmp enable command, you can enable IGMP on an interface. Using undo
igmp enable command, you can disable IGMP on the interface.
By default, IGMP is not enabled.
Only multicast function is enabled can the igmp enable command be executed. After
this, you can initiate IGMP feature configuration.
For the related command, see multicast routing-enable.
Example
# Enable IGMP on Vlan-interface 10.
[Quidway-Vlan-interface10] igmp enable
4.1.5 igmp group-limit

Syntax
igmp group-limit limit
undo igmp group-limit
View
Interface view
Parameter
limit: Quantity of multicast groups, in the range of 0 to 1024.
Description
Using igmp group-limit command, you can limit multicast groups on an interface.
Using undo igmp group-limit command, you can restore the default setting.
By default, you can add up to 1024 IGMP groups on an interface.
If the existing IGMP groups exceed the quantity limit you configured during using this
command, the system will not delete the existing entries.
time.

4-4

Example
# Limit the maximum IGMP groups at Vlan-interface10 to 100.
[Quidway-Vlan-interface10] igmp group-limit 100
4.1.6 igmp group-policy

Syntax
igmp group-policy acl-number [ 1 | 2 | port { interface_type interface_ num |
interface_name } [ to { interface_type interface_ num | interface_name } ] ]
undo igmp group-policy [ port { interface_type interface_ num | interface_name } [ to
{ interface_type interface_ num | interface_name } ] ]
View
Interface view
Parameter
acl-number: Number of the basic IP access control list number, defining a multicast
group range. The value ranges from 2000 to 2999.
1: IGMP version 1.
2: IGMP version 2. If IGMP version is not specified, version 2 will be used as default.
port: Packets received and sent by the port(s) and applied to the conditions set by the
ACL will be filtered. And the port(s) must belong to the VLAN interface being configured
by this command.
Description
Using igmp group-policy command, you can set the filter of multicast groups on an
interface to control the accessing to the IP multicast groups. Using undo igmp
group-policy command, you can remove the filter configured.
By default, no filter is configured, that is, a host can join any multicast group.
If you do not want the hosts on the network that the interface is on to join some
multicast groups and receive the packets from the multicast groups, you can use this
command to limit the range of the multicast groups serviced by the interface.
For the related command, see igmp host-join, igmp host-join port, igmp host-join
vlan.
Example
# Configure the access-list 2000.

4-5

# Configure that only the hosts contained in the access-list 2000 connected to the
VLAN-interface10 can be added to the multicast group, which is configured to use
IGMP version 2.
[Quidway-vlan-interface10] igmp group-policy 2000 2
4.1.7 igmp group-policy vlan

Syntax
igmp group-policy acl-number vlan vlan_id
undo igmp group-policy vlan vlan_id
View
Ethernet port view
Parameter
acl-number: Number of the basic IP access control list number, defining a multicast
group range. The value ranges from 2000 to 2999.
vlan_id: Specify the ID for the VLAN to which the port belongs.
Description
Using igmp group-policy vlan command, you can set the filter of multicast groups on
an port to control the accessing to the IP multicast groups. Using undo igmp
group-policy vlan command, you can remove the configured filter.
By default, no filter is configured, that is, a host can join any multicast group.
This command has the same function with the igmp group-policy command. Note
that the configured port must belong to the specified VLAN, and the IGMP protocol
must be enabled on this port; otherwise, the configuration does not function.
For the related command, see igmp host-join, igmp host-join vlan, igmp host-join
port.
Example
# Configure that only the hosts contained in the access-list 2000 connected to the port
Ethernet0/1 in VLAN-interface10 can be added to the multicast group, which is
configured to use IGMP version 2.
[Quidway] interface ethernet 0/1
[Quidway-Ethernet0/1] port access vlan 10
[Quidway-Ethernet0/1] igmp group-policy 2000 vlan 10

4-6

4.1.8 igmp host-join

Syntax
igmp host-join group-address
undo igmp host-join group-address
View
LoopBack interface view
Parameter
group-address: Multicast address of the multicast group that an interface will join.
Description
Using igmp host-join command, you can enable a LoopBack interface of an ethernet
switch to join a multicast group. Using undo igmp host-join command, you can
disable the configuration.
By default, a LoopBack interface does not join any multicast group.
For the related command, see igmp host-join port, igmp host-join vlan and igmp
group-policy.
Example
# Add LoopBack 0 to the multicast group at 225.0.0.1.
[Quidway-LoopBack0] igmp host-join 225.0.0.1
4.1.9 igmp host-join port

Syntax
igmp host-join group-address port { interface_type interface_ num | interface_name }
[ to { interface_type interface_ num | interface_name } ]
undo igmp host-join group-address port { interface_type interface_ num |
interface_name } [ to { interface_type interface_ num | interface_name } ]
View
interface view
Parameter
port: Specifies the port in the VLAN interface.

4-7

Description
Using igmp host-join port command, you can enable an port in the VLAN interface of
an ethernet switch to join a multicast group. Using undo igmp host-join port
command, you can disable the configuration.
By default, an interface does not join any multicast group.
For the related command, see igmp host-join vlan, igmp host-join and igmp
group-policy.
Example
# Add port Ethernet 0/1 in VLAN-interface10 to the multicast group at 225.0.0.1.
[Quidway-Vlan-interface10] igmp host-join 225.0.0.1 port Ethernet 0/1
4.1.10 igmp host-join vlan

Syntax
igmp host-join group-address vlan vlan_id
undo igmp host-join group-address vlan vlan_id
View
Ethernet port view
Parameter
vlan_id: Specifies the ID for the VLAN to which the port belongs.
Description
Using igmp host-join vlan command, you can enable an port in the VLAN interface of
an ethernet switch to join a multicast group. Using undo igmp host-join vlan
command, you can disable the configuration.
By default, a port does not join any multicast group.
This command has the same function with the igmp host-join port command. Note
that the configured port must belong to the specified VLAN, and the IGMP protocol
must be enabled on this VLAN interface; otherwise, the configuration does not function.
For the related command, see igmp host-join port, igmp host-join, igmp
group-policy.
Example
# Add port Ethernet 0/1 in VLAN-interface10 to the multicast group at 225.0.0.1.

4-8

[Quidway] interface ethernet 0/1
[Quidway-Ethernet0/1] port access vlan 10
[Quidway-Ethernet0/1] igmp host-join 225.0.0.1 vlan 10
4.1.11 igmp lastmember-queryinterval

Syntax
igmp lastmember-queryinterval seconds
undo igmp lastmember-queryinterval
View
Interface view
Parameter
seconds: Time interval before IGMP query router sends the IGMP group query
message after it receives the IGMP Leave message from the host. It is in the range of 1
to 5 seconds. By default, it is 1 second.
Description
Using igmp lastmember-queryinterval command, you can set the time interval before
IGMP query router sends the IGMP group query message after it receives the IGMP
Leave message from the host. Using undo igmp lastmember-queryinterval
In the shared network, that is, a same network segment including multiple hosts and
multicast routers, the query router is responsible for maintaining the IGMP group
membership on the interface. When the IGMP v2 host leaves a group, it sends a IGMP
Leave message. When receiving the IGMP Leave message, IGMP query router must
send the IGMP group query message for specified times (by the robust-value
parameter in the igmp robust-count command, with default value as 2) in a specified
time interval (by the seconds parameter in the igmp lastmember-queryinterval
command, with default value as 1 second). If other hosts which are interested in the
specified group receive the IGMP query message from the IGMP query router, they will
sends back the IGMP Membership Report message within the specified maximum
response time interval. If it receives the IGMP Membership Report message within the
defined period (equal to robust-value seconds), the IGMP query router continue to
maintain the membership of this group. When receiving no IGMP Membership Report
message from any hosts within the defined period, the IGMP query router considers it
as timeout and stops membership maintenance for the group.

4-9

This command is only available on the IGMP query router running IGMP v2. For the
host running IGMP v1, this command cannot take effect for the host may not send the
IGMP Leave message when it leaves a group.
For the related command, see igmp robust-count and display igmp interface.
Example
# Set the query interval at the Vlan-interface10 as 3 seconds.
[Quidway-Vlan-interface10] igmp lastmember-queryinterval 3
4.1.12 igmp max-response-time

Syntax
igmp max-response-time seconds
undo igmp max-response-time
View
Interface view
Parameter
seconds: Maximum response time in the IGMP query messages in second in the range
from 1 to 25. By default, the value is 10 seconds.
Description
Using igmp max-response-time command, you can configure the maximum response
time contained in the IGMP query messages. Using undo igmp max-response-time
The maximum query response time determines the period for a router to quickly detect
that there are no more directly connected group members in a LAN.
For the related command, see display igmp group.
Example
# Set the maximum response time carried in host-query message to 8 seconds.
[Quidway-Vlan-interface10] igmp max-response-time 8
4.1.13 igmp robust-count

Syntax
igmp robust-count robust-value
undo igmp robust-count

4-10

View
Interface view
Parameter
robust-value: IGMP robust value, number of sending the IGMP group query message
after the IGMP query router receives the IGMP Leave message from the host. It is in
the range of 2 to 5. By default, it is 2.
Description
Using igmp robust-count command, you can set the number of sending the IGMP
group query message after the IGMP query router receives the IGMP Leave message
from the host. Using undo igmp robust-count command, you can restore the default
value.
In the shared network, that is, a same network segment including multiple hosts and
multicast routers, the query router is responsible for maintaining the IGMP group
membership on the interface. When the IGMP v2 host leaves a group, it sends a IGMP
Leave message. When receiving the IGMP Leave message, IGMP query router must
send the IGMP group query message for specified times (by the robust-value
parameter in the igmp robust-count command, with default value as 2) in a specified
time interval (by the seconds parameter in the igmp lastmember-queryinterval
command, with default value as 1 second). If other hosts which are interested in the
specified group receive the IGMP query message from the IGMP query router, they will
sends back the IGMP Membership Report message within the specified maximum
response time interval. If it receives the IGMP Membership Report message within the
defined period (equal to robust-value seconds), the IGMP query router continue to
maintain the membership of this group. When receiving no IGMP Membership Report
message from any hosts within the defined period, the IGMP query router considers it
as timeout and stops membership maintenance for the group.
This command is only available on the IGMP query router running IGMP v2. For the
host running IGMP v1, this command cannot take effect for the host may not send the
IGMP Leave message when it leaves a group.
For the related command, see igmp lastmember-queryinterval and display igmp
interface.
Example
# Set the robust value at the Vlan-interface 10 as 3.
[Quidway-Vlan-interface10] igmp robust-count 3

4-11

4.1.14 igmp timer other-querier-present

Syntax
igmp timer other-querier-present seconds
undo igmp timer other-querier-present
View
Interface view
Parameter
seconds: IGMP querier present timer value in second ranging from 1 to 131070. By
default, the value is twice the value of IGMP query message interval, i.e., 120 seconds.
Description
Using igmp timer other-querier-present command, you can configure the timer of
presence of the IGMP querier. Using undo igmp timer other-querier-present
On a shared network, i.e., there are multiple multicast routers on the same network
segment, the query router (querier for short) takes charge of sending query messages
periodically on the interface. If other non-queriers receive no query messages within
the valid period, the router will consider the previous query to be invalid and the router
itself becomes a querier.
In IGMP version 1, the selection of a query is determined by the multicast routing
protocol. In IGMP version 2, the router with the lowest IP address on the shared
network segment acts as the querier.
For the related commands, see igmp timer query and display igmp interface.
Example
# Set querier to expire after 300 seconds.
[Quidway-Vlan-interface10] igmp timer other-querier-present 300
4.1.15 igmp timer query

Syntax
igmp timer query seconds
undo igmp timer query
View
Interface view

4-12

Parameter
seconds: Interval at which a router transmits IGMP query messages in second in the
range from 1 to 65535. By default, the value is 60 seconds.
Description
Using igmp timer query command, you can configure the interval at which a router
interface sends IGMP query messages. Using undo igmp timer query command, you
can restore the default value.
A multicast router periodically sends out IGMP query messages to attached segments
to find hosts that belong to different multicast groups. The query interval can be
modified according to the practical conditions of the network.
For the related command, see igmp timer other-querier-present.
Example
# Configure to transmit the host-query message every 150 seconds via
VLAN-interface2.
[Quidway-Vlan-interface2] igmp timer query 150
4.1.16 igmp version

Syntax
igmp version { 1 | 2 }
undo igmp version
View
Interface view
Parameter
1: IGMP Version 1.
2: IGMP Version 2. By default, IGMP Version 2 is used.
Description
Using igmp version command, you can specify the version of IGMP that a router uses.
Using undo igmp version command, you can restore the default value.
All routers on a subnet must support the same version of IGMP. After detecting the
presence of IGMP Version 1 system, a router cannot automatically switch to Version 1.
Example
# Run IGMP Version 1 on VLAN-interface10.
[Quidway-Vlan-interface10] igmp version 1
4-13

4.1.17 reset igmp group

Syntax
reset igmp group { all | interface interface-type interface-number { all ||
group-address [ group-mask ] } }
View
User view
Parameter
all: All IGMP groups.
interface interface-type interface-number: Interface type and interface number.
group-address: IGMP group address.
group-mask: Mask of IGMP group address.
Description
Using reset igmp group command, you can delete an existing IGMP group from the
interface. The deleted group can added again on the interface.
Example
# Delete all IGMP groups on all the interfaces.
<Quidway> reset igmp group all
# Delete all IGMP groups on the Vlan-interface10.
<Quidway> reset igmp group interface Vlan-interface10 all
# Delete the group 225.0.0.1 from the Vlan-interface10.
<Quidway> reset igmp group interface Vlan-interface10 225.0.0.1
# Delete the IGMP groups ranging from 225.1.1.0 to 225.1.1.255 on the
Vlan-interface10.
<Quidway> reset igmp group interface Vlan-interface10 225.1.1.0 255.255.255.0

4-14

Chapter 5 PIM Configuration Commands
Note:
5.1 PIM Configuration Commands

5.1.1 bsr-policy
Syntax
bsr-policy acl-number
undo bsr-policy
View
PIM view
Parameter
acl-number: ACL number imported in BSR filtering policy, in the range of 2000 to 2999.
Description
Using bsr-policy command, you can limit the range of legal BSRs to prevent BSR
proofing. Using undo bsr-policy command, you can restore the default setting, that is,
no range limit is set and all received messages are taken as legal.
In the PIM SM network using BSR (bootstrap router) mechanism, every router can set
itself as C-BSR (candidate BSR) and take the authority to advertise RP information in
the network once it wins in the contention. To prevent malicious BSR proofing in the
network, the following two measures need to be taken:
z
Prevent the router from being spoofed by hosts though faking legal BSR
messages to modify RP mapping. BSR messages are of multicast type and their
TTL is 1, so this type of attacks often hit edge routers. Fortunately, BSRs are
inside the network, while assaulting hosts are outside, therefore neighbor and
RPF checks can be used to stop this type of attacks.

5-1

z
If a router in the network is manipulated by an attacker, or an illegal router is

accessed into the network, the attacker may set itself as C-BSR and try to win the
contention and gain authority to advertise RP information among the network.
Since the router configured as C-BSR shall propagate BSR messages, which are
multicast messages sent hop by hop with TTL as 1, among the network, then the
network cannot be affected as long as the peer routers do not receive these BSR
messages. One way is to configure bsr-policy on each router to limit legal BSR
range, for example, only 1.1.1.1/32 and 1.1.1.2/32 can be BSR, thus the routers
cannot receive or forward BSR messages other than these two. Even legal BSRs
cannot contest with them.
Problems may still exist if a legal BSR is attacked, though these two measures can
effectively guarantee high BSR security.
The source parameter in the rule command is translated as BSR address in the
bsr-policy command.
For the related commands, see acl and rule.
Example
# Configure BSR filtering policy on routers, only 101.1.1.1/32 can be BSR.
[Quidway-pim] bsr-policy 2000
[Quidway-pim] quit
[Quidway-acl-basic-2000] rule 0 permit source 101.1.1.1 0
5.1.2 c-bsr
Syntax
c-bsr interface-type interface-number hash-mask-len [ priority ]
undo c-bsr
View
PIM view
Parameter
interface-type interface-number: Specifies the interface. The candidate BSR is
configured on the interface. PIM-SM must be enabled on the interface first.
hash-mask-len: Length of the mask. The value ranges from 0 to 32.
priority: Priority of the candidate BSR. The larger the value of the priority, the higher the
priority of the BSR. The value ranges from 0 to 255. By default, the priority is 0.

5-2

Description
Using c-bsr command, you can configure a candidate BSR. Using undo c-bsr
command, you can remove the candidate BSR configured.
By default, no candidate BSR is set.
When configure the candidate BSR, the larger bandwidth should be guaranteed since a
great amount of information will be exchanged between BSR and other devices in the
PIM domain.
For the related command, see pim sm.
Example
# Configure the Ethernet switch as C-BSR with priority 2 (and the C-BSR address is
designated as the IP address of VLAN-interface10).
[Quidway] pim
[Quidway-pim] c-bsr vlan-interface 10 24 2
5.1.3 c-rp
Syntax
c-rp
interface-type
interface-number
group-policy
acl-number
priority
priority-value ]*
undo c-rp { interface-type interface-number | all }
View
PIM view
Parameter
interface-type interface-number: Specifies interface with the IP address advertised as a
candidate RP address.
acl-number: Number of the basic ACL that defines a group range, which is the service
range of the advertised RP. The value ranges from 2000 to 2999.
priority-value: Priority value of candidate RP, in the range of 0 to 255. By default, it is 0.
The greatest value corresponds to the lowest priority level
all: Remove all candidate RP configurations.
Description
Using c-rp command, you can configure the router to advertise itself as a candidate RP.
Using undo c-rp command, you can remove the configuration.
By default, no candidate RP is configured.

5-3

When configuring the candidate RP, a relatively large bandwidth should be reserved for
the router and other devices in the PIM domain.
For the related command, see c-bsr.
Example
# Configure the Ethernet switch to advertise the BSR that he is the C-RP in the PIM.
The standard access list 2000 defines the groups related to the RP. The address of
C-RP is designated as the IP address of VLAN-interface10.
[Quidway] pim
[Quidway-pim] c-rp vlan-interface 10 group-policy 2000
5.1.4 crp-policy
Syntax
crp-policy acl-number
undo crp-policy
View
PIM view
Parameter
acl-number: ACL number imported in C-RP filtering policy, ranging from 3000 to 3999.
Description
Using crp-policy command, you can limit the range of legal C-RP, as well as target
service group range of each C-RP, prevent C-RP proofing. Using undo crp-policy
command, you can restore the default setting, that is, no range limit is set and all
received messages are taken as legal.
In the PIM SM network using BSR mechanism, every router can set itself as C-RP
(candidate rendezvous point) servicing particular groups. If elected, a C-RP becomes
the RP servicing the current group.
In BSR mechanism, a C-RP router unicasts C-RP messages to the BSR, which then
propagates the C-RP messages among the network by BSR message. To prevent
C-RP spoofing, you need to configure crp-policy on the BSR to limit legal C-RP range
and their service group range. Since each C-BSR has the chance to become BSR, you
must configure the same filtering policy on each C-BSR router.
This command uses the ACLs numbered between 3000 and 3999. The source
parameter in the rule command is translated as C-RP address in the crp-policy
5-4

command, and the destination parameter as the service group range of this C-RP
address. For the C-RP messages received, only when their C-RP addresses match the
source address and their server group addresses are subset of those in ACL, can the
be considered as matched.
For the related commands, see acl and rule.
Example
# Configure C-RP filtering policy on the C-BSR routers, allowing only 1.1.1.1/32 as
C-RP and to serve only for the groups 225.1.0.0/16.
[Quidway-pim] crp-policy 3000
[Quidway-pim] quit
[Quidway-acl-adv-3000] rule 0 permit source 1.1.1.1 0 destination 225.1.0.0
0.0.255.255
5.1.5 debugging pim common

Syntax
debugging pim common { all | event | packet | timer }
undo debugging pim common { all | event | packet | timer }
View
User view
Parameter
all: All the common debugging information of PIM.
event: Debugging information of common PIM event.
packet: Debugging information of PIM hello packet.
timer: Debugging information of common PIM timer.
Description
Using debugging pim common command, you can enable common PIM debugging
functions. Using undo debugging pim common command, you can disable the
debugging functions.
By default, common PIM debugging functions are disabled.
Example
# Enable all common PIM debugging functions
<Quidway> debugging pim common all

5-5

5.1.6 debugging pim dm

Syntax
debugging pim dm { alert | all | mrt | timer | warning | { recv | send } { all | assert |
graft | graft-ack | join | prune } }
undo debugging pim dm { alert | all | mrt | timer | warning | { recv | send } { all |
assert | graft | graft-ack | join | prune } }
View
User view
Parameter
alert: Interoperation event debugging information of PIM-DM.
all: All the debugging information of PIM-DM.
mrt: Debugging information of PIM-DM multicast routing table.
timer: Debugging information of PIM-DM timer.
warning: Debugging information of PIM-DM warning message.
recv: Debugging information of PIM-DM receiving packets.
send: Debugging information of PIM-DM sending packets.
assert | graft | graft-ack | join | prune: Packets type.
Description
Using debugging pim dm command, you can enable PIM-DM debugging functions.
Using undo debugging pim dm command, you can disable the debugging functions.
By default, PIM-DM debugging functions are disabled.
Example
# Enable all PIM-DM debugging functions
<Quidway> debugging pim dm all
5.1.7 debugging pim sm

Syntax
debugging pim sm { all | verbose | mrt | warning | mbr {alert | fresh } | timer { assert
| bsr | crpadv | jp | jpdelay | mrt | probe | spt } | { recv | send } { assert | bootstrap |
crpadv | reg | regstop | jp } }
undo debugging pim sm { all | verbose | mrt | warning | mbr {alert | fresh } | timer
{ assert | bsr | crpadv | jp | jpdelay | mrt | probe | spt } | { recv | send } { assert |
bootstrap | crpadv | reg | regstop | jp } }

5-6

View
User view
Parameter
mbr: Debugging information of PIM-SM multicast border router event.
verbose: Debugging detail information of PIM-SM.
mrt: Debugging information of PIM-SM multicast routing table.
timer: Debugging information of PIM-SM timer.
warning: Debugging information of PIM-SM warning message.
recv: Debugging information of PIM-SM receiving packets.
send: Debugging information of PIM-SM sending packets.
assert | bootstrap | crpadv | reg | regstop | jp: Packets type
assert | bootstrap | crpadv | jp | reg | regstop: Packets type.
Description
Using debugging pim sm command, you can enable PIM-SM debugging functions.
Using undo debugging pim sm command, you can disable the debugging functions.
By default, PIM-SM debugging functions are disabled.
Example
# Enable all PIM-SM debugging functions
<Quidway> debugging pim sm all
5.1.8 display pim bsr-info

Syntax
display pim bsr-info
View
Any view
Parameter
None
Description
Using display pim bsr-info command, you can view the BSR information.
For the related commands, see c-bsr and c-rp.

5-7

Example
<Quidway> display pim bsr-info
Current BSR Address: 20.20.20.30
Priority: 0
Mask Length: 30
Expires: 00:01:55
Local host is BSR
Table 5-1 Output description of the display pim bsr-info command

Field
Description
BSR
Boot trap router
Priority
Priority of BSR
Mask Length: 30
Length of mask
Expires: 00:01:55
Expire time
5.1.9 display pim interface

Syntax
display pim interface [ interface-type interface-number ]
View
Any view
Parameter
interface-type interface-number: Interface type and interface number, used to specify
the interface.
Description
Using display pim interface command, you can view the PIM interface configuration
information.
Example
<Quidway> display pim interface
PIM information of VLAN-interface 2:
IP address of the interface is 10.10.1.20
PIM is enabled on interface
PIM version is 2
PIM mode is Sparse
PIM query interval is 30 seconds

5-8

PIM neighbor limit is 128

PIM neighbor policy is none
Total 1 PIM neighbor on interface
PIM DR(designated router) is 10.10.1.20
Table 5-2 Output description of the display pim interface command

Field
Description
PIM version
Version of PIM
PIM mode
PIM mode enabled on the interface (DM or SM)
PIM query interval
Hello packet interval
PIM neighbor limit
Limit of the PIM neighbors on an interface. No neighbor

can be added any more when the limit is reached
PIM neighbor policy
Filtering policy of the PIM neighbors on the current

interface
PIM DR
Designated router
5.1.10 display pim neighbor

Syntax
display pim neighbor [ interface interface-type interface-number ]
View
Any view
Parameter
interface-type interface-number: Interface type and interface number, used to specify
the interface.
Description
Using display pim neighbor command, you can view the PIM neighbor information.
Example
<Quidway> display pim neighbor
Neighbor Address
Interface Name
8.8.8.6
VLAN-interface10
Uptime
1637
Expires
89
Table 5-3 Output description about PIM neighbors

Field
Description
Neighbor Address
Neighbor address
Interface
Interface where the neighbor has been discovered

5-9

Field
Description
Uptime
Time passed since the multicast group has been discovered
Expires
Specifies when the member will be removed from the group
5.1.11 display pim routing-table

Syntax
display pim routing-table [ { { *g [ group-address [ mask { mask-length | mask } ] ] |
**rp [ rp-address [ mask { mask-length | mask } ] ] } | { group-address [ mask
{ mask-length | mask } ] | source-address [ mask { mask-length | mask } ] } * } |
incoming-interface { interface-type interface-number | null } | { dense-mode |
sparse-mode } ] *
View
Any view
Parameter
**rp: (*, *, RP) route entry.
*g: (*, G) route entry.
group-address: Address of the multicast group.
source-address: IP address of the multicast source.
incoming-interface interface-type interface-number: Route entry with the specified
incoming interface.
null: Specifies the incoming interface type as Null.
dense-mode: Specifies the multicast routing protocol as PIM-DM.
sparse-mode: Specifies the multicast routing protocol as PIM-SM.
Description
Using display pim routing-table command, you can view the contents of the PIM
multicast routing table.
For the related command, see display multicast routing-table.
Example
# View the contents of the PIM multicast routing table on the router.
<Quidway> display pim routing-table
PIM-SM Routing Table
Total 0 (*,*,RP)entry, 0 (*,G)entry, 2 (S,G)entries

5-10

(192.168.1.2, 224.2.178.130),
Protocol 0x20: PIMSM, Flag 0x4: SPT
UpTime: 23:59, Timeout after 196 seconds
Upstream interface: VLAN-interface2, RPF neighbor: NULL
(192.168.1.2, 224.2.181.90),
Protocol 0x20: PIMSM, Flag 0x4: SPT
UpTime: 23:59, Timeout after 196 seconds
Upstream interface: VLAN-interface2, RPF neighbor: NULL
Total 2 entries listed
Table 5-4 Output description about PIM routing table

Field
Description
RP
Rendezvous Point
(S,G)
(source address, multicast group)
PIM-SM
PIM Sparse Mode
SPT
Shortest Path Tree
RPF
Reverse Path Forwarding
5.1.12 display pim rp-info

Syntax
display pim rp-info [ group-address ]
View
Any view
Parameter
group-address: Specifies the group address to display. If no multicast group is specified,
the RP information about all multicast groups will be displayed.
Description
Using display pim rp-info command, you can view the RP information of multicast
group.
In addition, this command can also display the BSR and static RP information.

5-11

Example
# View the RP information of multicast group
<Quidway> display pim rp-info
PIM-SM RP-SET information:
BSR is: 4.4.4.6
Group/MaskLen: 224.0.0.0/4
RP 4.4.4.6
Version: 2
Priority: 0
Uptime: 00:39:50
Expires: 00:01:40
5.1.13 pim
Syntax
pim
undo pim
View
System view
Parameter
None
Description
Using pim command, you can enter the PIM view. Using undo pim command, you can
clear the configurations in PIM view.
Example
# Enable multicast and enter the PIM view.
[Quidway] pim
[Quidway-pim]
5.1.14 pim bsr-boundary

Syntax
pim bsr-boundary
5-12

undo pim bsr-boundary
View
Interface view
Parameter
None
Description
Using pim bsr-boundary command, you can configure an interface to be the PIM
domain border. Using undo pim bsr-boundary command, you can remove the border.
You can use this command to set border of bootstraps messages, that is to say,
bootstrap messages cannot pass interfaces that are configured with pim
bsr-boundary command while other PIM messages can. In this way, the network is
divided into different BSR domains.
By default, no domain border is set.
For the related command, see c-bsr.
Example
# Configure domain border on VLAN-interface10.
[Quidway-Vlan-interface10] pim bsr-boundary
5.1.15 pim dm
Syntax
pim dm
undo pim dm
View
Interface view
Parameter
None
Description
Using pim dm command, you can enable PIM-DM. Using undo pim dm command,
you can disable PIM-DM.
By default, PIM-DM is disabled.
Once enabled PIM-DM on an interface, PIM-SM cannot be enabled on the same
interface and vice versa.

5-13

Example
# Enable PIM-DM on VLAN-interface10 of the Ethernet switch.
[Quidway-Vlan-interface10] pim dm
5.1.16 pim neighbor-limit

Syntax
pim neighbor-limit limit
undo pim neighbor-limit
View
Interface view
Parameter
limit: Limits of PIM neighbors on the interface, in the range of 0~128.
Description
Using pim neighbor-limit command, you can limit the PIM neighbors on an interface.
No neighbor can be added any more when the limit is reached. Using undo pim
neighbor-limit command, you can restore the default setting.
By default, the PIM neighbors on the interface are limited to 128.
If the existing PIM neighbors exceed the configured value during configuration, they will
not be deleted.
Example
# Limit the PIM neighbors on the Vlan-interface10 to 50.
[Quidway-Vlan-interface10] pim neighbor-limit 50
5.1.17 pim neighbor-policy

Syntax
pim neighbor-policy acl-number
undo pim neighbor-policy
View
Interface view
Parameter
acl-number: Basic ACL number, in the range of 2000 to 2999.
5-14

Description
Using pim neighbor-policy command, you can set to filter the PIM neighbors on the
current interface. Using undo pim neighbor-policy command, you can remove the
setting.
Only the routers that match the filtering rule in the ACL can serve as a PIM neighbor of
the current interface.
time.
Example
# Configure that 10.10.1.2 can serve as a PIM neighbor of the Vlan-interface10, but not
10.10.1.1.
[Quidway-Vlan-interface10] pim neighbor-policy 2000
[Quidway-acl-basic-2000] rule permit source 10.10.1.2 0
[Quidway-acl-basic-2000] rule deny source 10.10.1.1 0
5.1.18 pim sm
Syntax
pim sm
undo pim sm
View
Interface view
Parameter
None
Description
Using pim sm command, you can enable the PIM-SM protocol on an interface. Using
undo pim sm command, you can disable the PIM-SM protocol.
By default, PIM-SM is disabled.
Once enabled PIM-SM on an interface, PIM-DM cannot be enabled on the same
interface and vice versa.
Example
# Enable PIM-SM on VLAN-interface10.

5-15

[Quidway-Vlan-interface10] pim sm
5.1.19 pim timer hello

Syntax
pim timer hello seconds
undo pim timer hello
View
Interface view
Parameter
seconds: Interval of sending Hello messages in second ranging from 1 to 18000. By
default, the interval value is 30 seconds.
Description
Using pim timer hello command, you can configure the interval of sending PIM router
Hello messages. Using undo pim timer hello command, you can restore the default
value.
Example
# Configure to transmit Hello packet via VLAN-interface10 every 40 seconds.
[Quidway-Vlan-interface10] pim timer hello 40
5.1.20 register-policy
Syntax
register-policy acl-number
undo register-policy
View
PIM view
Parameter
acl-number: Number of IP advanced ACL, defining the rule of filtering the source and
group addresses. The value ranges from 3000 to 3999.
Description
Using register-policy command, you can configure a RP to filter the register
messages sent by the DR in the PIM-SM network and to accept the specified

5-16

messages only. Using undo register-policy command, you can remove the
configured message filtering.
Example
# If the local device is the RP in the network, using the following command can only
accept multicast message register of the source sending multicast address in the range
of 225.1.0.0/16 on network segment 10.10.0.0/16.
[Quidway-acl-adv-3010] rule permit ip source 10.10.0.0 0.0.255.255 destination
225.1.0.0 0.0.255.255
[Quidway-acl-adv-3010] quit
[Quidway] pim
[Quidway-pim] register-policy 3010
5.1.21 reset pim neighbor

Syntax
reset pim neighbor { all | { neighbor-address | interface interface-type
interface-number } * }
View
User view
Parameter
all: All PIM neighbors
neighbor-address: Specifies neighbor address.
interface interface-type interface-number: Specifies interface.
Description
Using reset pim neighbor command, you can clear a PIM neighbor.
For the related command, see display pim neighbor.
Example
# Clear the PIM neighbor 25.5.4.3.
<Quidway> reset pim neighbor 25.5.4.3

5-17

5.1.22 reset pim routing-table

Syntax
reset pim routing-table { all | { group-address [ mask { group-mask |
group-mask-length } ] | source-address [ mask { source-mask | source-mask-length } ]
| { incoming-interface { interface-type interface-number | null } } } * }
View
User view
Parameter
all: All PIM neighbors
mask group-mask: Specifies group mask.
group-mask-length: Specifies mask length of the group address.
mask source-mask: Specifies source mask.
source-mask-length: Specifies mask length of the group address.
incoming-interface: Specifies incoming interface for the route entry in PIM routing
table.
interface-type interface-number: Specifies the interface.
null: Specifies the incoming interface of the route entry as null.
Description
Using reset pim routing-table command, you can clear a PIM route entry.
as they are valid. Error information will be given if you type in invalid addresses.
If in this command, the group-address is 224.0.0.0/24 and source-address is the RP
address (where group address can have a mask, but the resulted IP address must be
224.0.0.0, and source address has no mask), then it means only the (*, *, RP) item will
be cleared.
If in this command, the group-address is any a group address, and source-address is 0
(where group address can have a mask, and source address has no mask), then only
the (*, G) item will be cleared.
This command shall clear not only multicast route entries from PIM routing table, but
also the corresponding route entries and forward entries in the multicast core routing
table and MFC.

5-18

For the related commands, see reset multicast routing-table, reset multicast
forwarding-table and display pim routing-table.
Example
# Clear the route entries with group address 225.5.4.3 from the PIM routing table.
<Quidway> reset pim neighbor 25.5.4.3
5.1.23 source-policy
Syntax
source-policy acl-number
undo source-policy
View
PIM view
Parameter
acl-number: Basic or advanced ACL, in the range of 2000 to 3999.
Description
Using source-policy command, you can set to filter the source (and group) address of
multicast data packets. Using undo static-rp command, you can remove the
configuration.
If resource address filtering is configured, as well as basic ACLs, then the router filters
the resource addresses of all multicast data packets received. Those not matched will
be discarded.
If resource address filtering is configured, as well as advanced ACLs, then the router
filters the resource and group addresses of all multicast data packets received. Those
not matched will be discarded.
When this feature is configured, the router filters not only multicast data, but the
multicast data encapsulated in the registration packets.
time.
Example
# Set to receive the multicast data packets from source address 10.10.1.2, but discard
those from 10.10.1.1.
[Quidway] pim
[Quidway-pim] source-policy 2000
5-19

[Quidway-pim] quit
[Quidway-acl-basic-2000] rule permit source 10.10.1.2 0
[Quidway-acl-basic-2000] rule deny source 10.10.1.1 0
5.1.24 static-rp
Syntax
static-rp rp-address [ acl-number ]
undo static-rp
View
PIM view
Parameter
rp-address: Static RP address, only being legal unicast IP address.
acl-number: Basic ACL, used to control the range of multicast group served by static RP,
which ranges from 2000 to 2999. If an ACL is not specified upon configuration, static
RP will serve all multicast groups; if an ACL is specified, static RP will only serve the
multicast group passing the ACL.
Description
Using static-rp command, you can configure static RP. Using undo static-rp
command, you can remove the configuration.
Static RP functions as the backup of dynamic RP so as to improve the network
robusticity. If the RP elected by BSR mechanism is valid, static RP will not work.
All routers in the PIM domain should be configured with this command and be specified
with the same RP address.
time.
For related command, see display pim rp-info.
Example
# Configure 10.110.0.6 as a static RP.
[Quidway] pim
[Quidway-pim] static-rp 10.110.0.6

5-20

Chapter 6 Multicast MAC Address

Chapter 6 Multicast MAC Address Configuration

Commands
6.1 Multicast MAC Address Configuration Commands
6.1.1 mac-address multicast
Syntax
mac-address multicast mac-address interface interface-list vlan vlan_id
undo mac-address multicast { mac-address interface interface-list vlan vlan_id |
[ mac-address ] | [ interface interface-list ] | [ vlan vlan_id ] }
View
System view
Parameter
mac-address: Multicast MAC address.
interface-list: Forwarding port list, in format of interface-list = { { interface-type
interface-num
interface-name
to
interface-type
interface-num
interface-name } ] }&<1-10>.
vlan_id: Specifies VLAN ID.
Description
Use the mac-address multicast command to add multicast MAC address entries.
Use the undo mac-address multicast command to delete multicast MAC address
entries.
A multicast entry includes multicast address, forwarding port, VLAN etc.
Related command: display mac-address
multicast, display mac-address
multicast count.
Example
# Create a multicast MAC address entry on the switch, with its multicast address as
0100-5e0a-0805, forwarding port as Ethernet 1/0/1 and it belonging to VLAN1.
[Quidway] mac-address multicast 0100-5e0a-0805 interface Ethernet 1/0/1 vlan 1

6-1

Chapter 6 Multicast MAC Address

6.1.2 display mac-address multicast

Syntax
display mac-address multicast
View
System view
Parameter
None
Description
Use the display mac-address multicast command to view the multicast MAC address
entries on the switch.
Example
# Display multicast MAC address entries on Quidway.
[Quidway] display mac-address multicast
6.1.3 display mac-address multicast count

Syntax
display mac-address multicast count
View
System view
Parameter
None
Description
Use the display mac-address multicast count command to view the number of the
multicast MAC address entries on the switch.
Example
# Display the number of the multicast MAC address entries on Quidway.
[Quidway] display mac-address multicast count

6-2
HUAWEI

Command Manual
QoS/ACL
Command Manual - QoS/ACL

Table of Contents
Table of Contents
Chapter 1 ACL Command ............................................................................................................. 1-1
1.1 ACL Command .................................................................................................................. 1-1
1.1.1 acl............................................................................................................................ 1-1
1.1.2 acl mode.................................................................................................................. 1-3
1.1.3 display acl config ..................................................................................................... 1-4
1.1.4 display acl mode...................................................................................................... 1-5
1.1.5 display acl running-packet-filter............................................................................... 1-6
1.1.6 display time-range ................................................................................................... 1-7
1.1.7 packet-filter.............................................................................................................. 1-8
1.1.8 reset acl counter.................................................................................................... 1-10
1.1.9 rule ........................................................................................................................ 1-11
1.1.10 time-range ........................................................................................................... 1-16
Chapter 2 Qos Command ............................................................................................................. 2-1
2.1 QoS Command .................................................................................................................. 2-1
2.1.1 display mirroring-group ........................................................................................... 2-1
2.1.2 display priority-trust ................................................................................................. 2-1
2.1.3 display qos cos-local-precedence-map................................................................... 2-2
2.1.4 display qos-interface all........................................................................................... 2-3
2.1.5 display qos-interface line-rate ................................................................................. 2-6
2.1.6 display qos-interface queue-scheduler ................................................................... 2-7
2.1.7 display qos-interface traffic-bandwidth.................................................................... 2-8
2.1.8 display qos-interface traffic-limit............................................................................ 2-10
2.1.9 display qos-interface traffic-priority ....................................................................... 2-11
2.1.10 display qos-interface traffic-red ........................................................................... 2-12
2.1.11 display qos-interface traffic-redirect .................................................................... 2-13
2.1.12 display qos-interface traffic-statistic .................................................................... 2-14
2.1.13 inboundcar........................................................................................................... 2-16
2.1.14 line-rate ............................................................................................................... 2-17
2.1.15 mirroring-group.................................................................................................... 2-18
2.1.16 priority.................................................................................................................. 2-19
2.1.17 priority-trust ......................................................................................................... 2-20
2.1.18 qos....................................................................................................................... 2-21
2.1.19 qos cos-local-precedence-map ........................................................................... 2-22
2.1.20 queue-scheduler ................................................................................................. 2-24
2.1.21 reset traffic-statistic ............................................................................................. 2-25
2.1.22 traffic-bandwidth.................................................................................................. 2-27
2.1.23 traffic-limit ............................................................................................................ 2-29
i

Table of Contents
2.1.24 traffic-priority........................................................................................................ 2-31

2.1.25 traffic-red ............................................................................................................. 2-33
2.1.26 traffic-redirect ...................................................................................................... 2-35
2.1.27 traffic-statistic ...................................................................................................... 2-36
Chapter 3 ACL Control Commands to Control Login Users..................................................... 3-1
3.1 The ACL Control Commands to Control Login Users........................................................ 3-1
3.1.1 acl............................................................................................................................ 3-1
3.1.2 snmp-agent community........................................................................................... 3-2
3.1.3 snmp-agent group ................................................................................................... 3-3
3.1.4 snmp-agent usm-user ............................................................................................. 3-4

ii

Chapter 1 ACL Command

1.1 ACL Command
Note:
A type card includes LS81FT48A, LS81FM24A, LS81FS24A, LS81GB8UA and
LS81GT8UA cards.
1.1.1 acl
Syntax
acl { number acl-number | name acl-name [ advanced | basic | link | user ] }
[ match-order { config | auto } ]
undo acl { number acl-number | name acl-name | all }
View
System view
Parameter
number acl-number: Sequence number of an Access Control List (ACL), the range is:
2000~2999: Represent basic ACL.
3000~3999: Represent advanced ACL.
4000~4999: Represent Layer 2 ACL.
5000 to 5999: User-defined ACL.
name acl-name:Character string, which must be started with an English letter (i.e., a-z
or A-Z), and there should not be a space or quotation mark in it; case insensitive, key
word all is not allowed to use.
advanced: Advanced ACL.

1-1

basic: Basic ACL.

link: Layer 2 ACL.
user: User-defined ACL..
config: When matching ACL rules, the users configuration order is employed.
auto: When matching ACL rules, depth first order is employed.
all: Cancels all ACLs (including those identified by a number or a name).
Description
Using the acl command, you can define ACL identified by a number or a name, and
then enter the corresponding ACL view. Using the undo acl command, you can cancel
all subitems of an ACL identified by a number or a name, or cancel the entire ACL.
By default, config order is employed to match ACL.
Using the acl command, you can create an ACL named acl-name. And the type of this
ACL is decided by keywords: advanced, basic, link, or "user. After entering a
corresponding ACL view, no matter the ACL is identified by a number or a name, you
can use the rule command to create subitems of this named ACL (you can exit ACL
view by using the quit command).
Note:
User-defined ACL can only be activated on the cards except A type ones.
Using the match-order, you can specify whether the match order is users
configuration order or depth first order (it first matches the rules with a small range); if
not specified, then the users configuration order will be chosen by default. Once the
matching order of ACL is specified, you cannot change the order unless you have
cancelled all the subitems. Be aware that the ACL matching order is in effect only when
the ACL is employed by software as a means of data filtering and classification.

1-2

Table 1-1 Hardware match order of the ACL subrules on S6500

Switch
S6500 Series
Hardware match order of ACL subrules

When one ACL is configured with several subrules, the one with
the most precisely defined range is chosen as the first hardware
match order. If subrules are defined with the same range, the last
configured one will be first matched. For instance, one ACL 3000
has two subrules: rule0 and rule1,
rule0 is defined as rule 0 permit ip source 1.1.1.1 0.0.255.255
destination 2.2.2.2 0.0.255.255, and rule1 is defined as rule 1
permit ip source 1.1.1.1 0.0.0.255 destination 2.2.2.2
0.0.0.255.Since the range of rule1 is more precise, it will be
matched first.
For the related configuration, see rule, acl mode.
Example
# Specify depth first order as the match order of number 2000 ACL.
[Quidway] acl number 2000 match-order auto
1.1.2 acl mode

Syntax
acl mode { ip-based | link-based }
View
System view
Parameter
ip-based: Performs traffic classification based on Layer 3 information.

link-based: Performs traffic classification based on Layer 2 information.
Description
Using the acl mode command, you can set the traffic classification mode for the
device.
By default, traffic classification is performed based on Layer 3 information.

1-3

Note:
This command is not effective to the cards except A type ones.
For the related configuration, see acl.
Example
# Specify to perform traffic classification based on Layer 3 information.
[Quidway] acl mode ip-based
1.1.3 display acl config

Syntax
display acl config { all | acl-number | acl-name }
View
Any view
Parameter
all: Displays all ACLs (including those identified by a number or a name).
acl-number: Sequence number of the ACL to be displayed. It can be a number chosen
from 2000~5999.
acl-name: Name of the ACL to be displayed. It must be a character string started with
an English letter (a-z or A-Z), and there should not be a space or quotation mark in it.
Description
Using the display acl config command, you can view the detailed configuration
information of an ACL, including every subrule, sequence number and the times
matched with this rule.
The matched times displayed by this command is software matched times, namely, the
matched times of ACL to be processed by switch CPU. You can use the
traffic-statistic command to calculate the matched times of hardware during
packet-forwarding.
Example
# Display all content of ACL.
1-4

<Quidway> display acl config all

Basic acl 2010, 1 rule,
rule 1
Basic acl
permit 10.0.0.1 0 (0 times matched)
2020, 1 rule,
rule 2 permit 20.0.0.1 0 (0 times matched)
Basic acl
std1, 2 rules,

Table 1-2 Field explanation of the command display acl config all
Field
Explanation
Basic acl 2010, 1 rule,

rule 1
permit
10.0.0.1 0 (0 times
matched)
Content of basic ACL 10: the number of ACL is 2010, and

it has one subrule which can enable the pass of the
packet with the source address of 10.0.0.1(the 0 before 1
is address wildcard, which is used to confirm whether the
IP address is network segment address or the host
address. Wildcard 0 means this IP address is the host
address). 0 times matched means this rule is used 0 times
by the CPU to match packets. It is software matched
times, not hardware matched times
The following displayed information is similar to this one,
so there are no more introductions.
1.1.4 display acl mode

Syntax
display acl mode
View
Any view
Parameter
None
Description
Using the display acl mode command, you can view the ACL running mode chosen by
the switch.

1-5

Example
# Display the ACL running mode chosen by the switch.
<Quidway>display acl mode
ACL mode:
ip-based.
1.1.5 display acl running-packet-filter

Syntax
display acl running-packet-filter { all | interface { interface-name | interface-type
interface-num } }
View
Any view
Parameter
all: Represents all the ACLs to be displayed (including those identified by a number or a
name).
interface { interface-name | interface-type interface-num }: Interface of the switch, for
more detail, please refer to Command Manual Port.
Description
Using the display acl running -packet-filter command, you can view the information
of the activated of ACL. The displayed content includes ACL name, subitem name and
activation status.
Example
# Display the information of the activated ACL of all interfaces.
<Quidway> display acl running-packet-filter all
acl std1 rule 0
running
acl std1 rule 1
running
Field explanation of this command

1-6

Table 1-3 Field explanation of the command display acl running -packet-filter all
Field
acl std1
running
Explanation
rule
Means the subrule 0 of ACL std1 is running currently.std1

is the name of ACL, rule0 represents subrule 0.
1.1.6 display time-range

Syntax
display time-range { all | name }
View
Any view
Parameter
all: Displays all the time-range.
name: Name of a time-range, a character string that starts with an English letter (a-z or
A-Z), ranging from 1 to 32 characters.
Description
Using the display time range command, you can view the configuration and state of
the present time-range. It will display active if the current time-range is in active state,
and inactive if in the opposite state.
It is likely that you find out that a time-range is activated by using the command display
time-range, while the ACL referencing the time-range is not activated yet. It is because
there is a one-minute delay after the system updates the ACL state, and the command
display time-range uses the current to judge the state.
For the related configuration, see time-range.
Example
# Display all the time-ranges.
<Quidway> display time-range all
Current time is 14:36:36 4-3-2003 Thursday
Time-range : hhy ( Inactive )

from 08:30 2-5-2005 to 18:00 2-19-2005

1-7

Time-range : hhy1 ( Inactive )

from 08:30 2-5-2003 to 18:00 2-19-2003
1.1.7 packet-filter
Syntax
I. The Command Line Format for for A type Card
packet-filter { inbound | outbound } { ip-group { acl-number | acl-name } [ rule rule ]
| link-group { acl-number | acl-name } [ rule rule ] } [ not-care-for-interface ]
undo packet-filter { inbound | outbound } { ip-group { acl-number | acl-name } [ rule
rule ] | link-group { acl-number | acl-name } [ rule rule ] }
II. The Command Line Format for the Cards except A Type Ones
packet-filter inbound { user-group { acl-number | acl-name } [ rule rule ] | { ip-group
{ acl-number | acl-name } [ rule rule ] | link-group { acl-number | acl-name } [ rule
rule ] }* }
undo packet-filter inbound { user-group { acl-number | acl-name } [ rule rule ] |
{ ip-group { acl-number | acl-name } [ rule rule ] | link-group { acl-number | acl-name }
[ rule rule ] }* }
Note:
Combined activating of IP ACL and Link ACL is supported by the cards except A type
ones. But the sum of the bytes number defined by IP ACL and that defined by the Link
ACL can not exceed 32 bytes; otherwise the ACL can not be activated.
View
QoS view
Parameter
inbound: Performs filtering to the packets received by the interface.
outbound: Performs filtering to the packets sent by the interface.
ip-group { acl-number | acl-name }: Activates IP ACLs, including basic and advanced
ACLs. acl-number : Sequence number of ACL, ranging from 2000~3999. acl-name:

1-8

Name of the ACL, which must be a character string starting with an English letter (a-z or
A-Z), and without any space or quotation mark in it.
link-group { acl-number | acl-name }: Activates Layer 2 ACLs. acl-number: Sequence
number of ACL, ranging from 4000~4999. acl-name: Name of ACL, which must be a
character string started with an English letter (a-z or A-Z), and without any space or
quotation mark in it.
user-group { acl-number | acl-name }: activate the user-defined ACL. acl-number:
Specifies the ACL number, ranging from 5000 to 5999. acl-name: Specifies the ACL
name with a character string started with English letters (that is [a to z, A to Z]),
excluding space and quotation marks.
rule rule: Specifies the subitem of an active ACL, ranging from 0 to 127; if not specified,
all subitems of ACL will be activated.
not-care-for-interface: As for non-48-port interface card, the packet-filtering function
will take place on the interface card where the current port resides after the parameter
is chosen. As for the 48-port interface, if the number of the current port belong to the
range of 1 to 24, the packet filtering will take effect on port 1 to port 24 after the
parameter is chosen; if the number of the current port belong to the range of 25 to 48,
the packet filtering will take effect on port 25 to port 48 after the parameter is chosen.
Description
Using the packet-filter command, you can activate ACL. Using the undo packet-filter
command, you can cancel it.
Note:
ARP packets are allowed to pass by default on S6500 Series Ethernet Switches. You
cannot use the packet-filter command to filter ARP packets, even though you have
used the rule command to define a Layer 2 ACL, in which the parameter protocol is
defined as ARP.
Example
# Activate ACL 2000.
[Quidway-qoss-Ethernet3/0/1] packet-filter inbound ip-group 2000

1-9

1.1.8 reset acl counter

Syntax
reset acl counter { all | acl-number | acl-name }
View
User view
Parameter
all: All ACLs (including those identified by a number or a name).
acl-number: The sequence number of an ACL, ranging from 2000~3999.
acl-name: ACL name, a case insensitive character string, which must start with an
English letter (a-z or A-Z), and there should not be a space or quotation mark in it; key
word all is not allowed to use.
Description
Using the reset acl counter command, you can clear ACL statistics to zero.
Table 1-4 The comparison between reset commands of statistics information
Command
Function
reset acl counter
Reset the statistics information of the ACL which is used in

the case of filtering or classifying the data treated by the
software of switch. The case includes: ACL cited by route
policy function, ACL used for control logon user, etc. The
ACL number ranges from 2000~3999.
reset
traffic-statistic
Reset statistic information of traffic. This command is used in

the case of filtering or classifying the data transmitted by the
hardware of switch. Commonly, this command is used to
reset the statistics information of the traffic-statistic
command.
Example
# Clear the statistic information of ACL 2000.
<Quidway> reset acl counter 2000

1-10

1.1.9 rule
Syntax
I. define/delete a rule for basic acl
rule [ rule-id ] { permit | deny } [ source { source-addr wildcard | any } ] [ fragment ]
[ time-range name ]
undo rule rule-id [ source ] [ fragment ] [ time-range ]
II. define/delete a rule for advanced acl

rule [ rule-id ] { permit | deny } protocol [ source { source-addr wildcard | any } ]
[ destination { dest-addr dest-mask | any } ] [ source-port operator port1 [ port2 ] ]
[ destination-port operator port1 [ port2 ] ] [ icmp-type type code ] [ established ]
[ [ precedence precedence | tos tos ]* | dscp dscp ] [ fragment ] [ time-range name ]
undo rule rule-id [ source ] [ destination ] [ source-port ] [ destination-port ]
[ icmp-type ] [ precedence ] [ tos ] [ dscp ] [ fragment ] [ time-range ]
III. define/delete a rule for link acl

rule [ rule-id ] { permit | deny } [ protocol-type | format-type | cos cos | ingress
{ { source-vlan-id | source-mac-addr }* | any } | egress { dest-mac-addr | any } |
time-range name ]*
undo rule rule-id
IV. define/delete a rule for user-defined acl

rule [ rule-id ] { permit | deny } { rule-string rule-mask offset }&<1-8> [ time-range
name ]
undo rule rule-id
Note:
User-defined ACL can only be activated on the cards except A type ones.
View
Corresponding ACL view

1-11

Parameter
rule-id: Specifies the subitems of an ACL, ranging from 0 to 127.
Permit: Permits the pass of packets that meet the requirements.
deny: Denies the pass of packets that meet the requirements.
time-range name: Name of a time-range, which means the rule is in effect during this
time-range.
Note:
The following parameters are various property parameters carried by packets. The ACL
set rules according to this parameter.
Parameters specific to basic ACLs:
source { source-addr wildcard | any }: source-addr wildcard represents source IP

address and the wildcard digit represented in dotted decimal notation. any represents
all source addresses.
fragment: Means this rule is only effective to fragment packets and is ignored by
non-fragment packets.
z
Parameters specific to advanced ACLs:
protocol: Specifies the protocol type which is represented by a name or a number.

When it is a name, this parameter can be adopted like: icmp, igmp, tcp, udp, ip, gre,
ospf, ipinip, etc. If the adopted value is IP, that means all the Internet Protocols. When it
is a number: it ranges from 1 to 225.
source { source-addr wildcard | any }: source-addr wildcard means the source IP
address and the wildcard digit represented in dotted decimal notation. any means all
source addresses. It is applicable to define advanced ACLs.
destination { dest-addr dest-mask | any }: dest-addr wildcard means the destination IP
address and the wildcard digit represented in dotted decimal notation. any means all
destination addresses.
source-port operator port1 [port2]: Source port number of TCP or UDP used by the
packet. operator is port operator, including eq (equal), gt (greater than), lt (less
than),neq (non-equal), range (within this range). Note that this parameter is only
available when the parameter protocol is TCP or UDP. port1 [port2]: Source port
number of TCP or UDP used by the packet, notated by a character or a number which
ranges from 0 to 65535 inclusive. For the value of character, please refer to mnemonic

1-12

symbol table. The two parameters port1 and port2 appear at the same time only when
the operator is range, but other operators need port1 only.
destination-port operator port1 [port2]: Destination port number of TCP or UDP used
by packets. For detailed description, please refer to source-port operator port1 [port2].
icmp-type type code: Appears when protocol is icmp. type code specifies an ICMP
packet. type represents the type of ICMP packet, notated by a character or a number
which ranges from 0 to 255; code represents ICMP code, which appears when the
protocol is icmp and the type of packet is not notated by character, ranging from 0 to
255. It is applicable to define advanced ACLs.
established: Means that it is only effective to the first SYN packet established by TCP,
appears when protocol is tcp.
precedence precedence: IP priority, can be a name or a number ranging from 0 to 7.
tos tos: ToS value, can be a name or a number ranging from 0 to 15. Packets can be
classified according to TOS value. It is applicable to define advanced ACLs.
dscp dscp: DSCP value, can be a name or a number ranging from 0 to 63. Packets can
be classified according to DSCP value.
cos cos: Specifies 802.1p preference, ranging from 0 to 7.
fragment: Means this rule is only effective to fragment packets and is ignored by
non-fragment packets.
Note:
Type A cards do not support to deliver rules that configured with icmp-type type code,
tos tos, fragment parameters to hardware.
Only typA cards support the RANGE operator of the TCP/UDP port.
Parameters specific to Layer 2 ACL:
protocol-type: (Optional) Protocol type carried by Ethernet frame, can be:ip, arp,
pppoe-control, pppoe-data, rarp, ipx, nbx.

1-13

Note:
ARP packets are allowed to pass by default on S6500 Series Switches. You cannot
configure to filter ARP packets. If you have configured the rule of ARP packets traffic
classification, that is to choose ARP as the protocol type when defining Layer2 ACL
rules, you cannot activate this ACL to make it effective by using the packet-filter
command.
format-type: 802.3/802.2, 802.3, ether_ii, snap.

ingress { { source-vlan-id | source-mac-addr }* | any }: The source information of a
packet, source-vlan-id represents source VLAN of the packet, source-mac-addr
represents source MAC address of the packet, any represents all the packets received
from all ports.
egress { dest-mac-addr | any }: The destination information of a packet, dest-mac-addr
represents the the packets destination MAC address. any represents all the packets
forwarded from all ports.
z
The parameter of user-defined ACL
{ rule-string rule-mask offset }&<1-8>: rule-string is a character string of a rule defined

by a user. It only consists of hexadecimal numbers of even digits. rule-mask offset is
used to extract the packet information. Here, rule-mask is rule mask, used for logical
AND operation with data packets, and offset determines to perform AND operation from
which bytes apart from the packet header. rule-mask offset extracts a character string
from the packet and compares it with the user-defined rule-string to get and process the
matched packets. &<1-8> indicates that you can define up to 8 such rules at a time.

1-14

Note:
Take the following into consideration when configuring the offset parameter:
(1) The packets processed by the switch have VLAN tags. One VLAN tag occupies 4
bytes.
(2) If VLAN VPN is disabled, the packets processed by the switch have 4 bytes of VLAN
tag.
(3) If VLAN VPN is enabled, a 4 bytes of VLAN tag is added to the packets that the
switch receives. However, the result is slightly different for type A and non type A cards:
z
For type A card: If the received packets have no VLAN tag, each packet will have
one VLAN tag; if the received packets have one VLAN tag already, each will have
two VLAN tags including the original one.
For non type A card: The packets will have two VALN tags no matter the received
packets have VLAN tag or not.
Description
Using the rule command, you can add a subrule to the ACL. Using the undo rule
command, you can cancel a subrule of the ACL.
You can define several subrules for an ACL. If you have input parameters when you are
using the undo rule command, the system will only cancel the corresponding content
of the parameters in the subrule.
For the related configuration, see acl.
Example
# Add a subrule to an advanced ACL:
[Quidway-acl-adv-3000] rule 1 permit tcp established source 1.1.1.1 0 destination
2.2.2.2 0
# Add a subrule to a basic ACL:
[Quidway-acl-basic-2000] rule 1 permit source 1.1.1.1 0 fragment
# Add a subrule to a Layer 2 ACL:
[Quidway-acl-link-4000] rule 1 permit ingress 1 egress any
# Add a rule to a user-defined ACL.
[Quidway-acl-user-5000] rule 1 permit 88 ff 18

1-15

1.1.10 time-range
Syntax
time-range time-name { start-time to end-time days-of-the-week [ from start-time
start-date ] [ to end-time end-date ] | from start-time start-date [ to end-time end-date ]
| to end-time end-date }
undo time-range time-name [ start-time to end-time days-of-the-week [ from
start-time start-date ] [ to end-time end-date ] | from start-time start-date [ to end-time
end-date ] | to end-time end-date ]
View
System view
Parameter
time-name: Name of a special time range to be referenced.
start-time: Start time of the special time range, format as hh:mm.
end-time: End time of the special time range, format as hh:mm.
days-of-the-week: Determines in which day(s) of a week in the special time range a
command takes effect. You can specify this parameter with any of the following values.
Numbers (ranging from 0 to 6);
Monday, Tuesday, Wednesday, Thursday, Friday, Saturday or Sunday;
working-day, representing 5 working days, from Monday to Friday;
off-day, representing Saturday and Sunday;
daily, representing everyday of the week.
from start-time start-date: Start time and date of the special time range, determining
effective days of the time range with the end-date, format as hh:mm YYYY/MM/DD.
to end-time end-date: End time and date of the special time range, determining
effective days of the time range with the start-date, format as hh:mm YYYY/MM/DD.
Description
Using time-range command, you can configure a time range. Using undo time-range
command, you can delete a time range.
start-time and end-time days-of-the-week define period time range together. from
start-time start-date and end-time end-date define absolute time range together.
1-16

If a time range only defines the period time range, the time range is only active within
the period time range.
If a time range only defines the absolute time range, the time range is only active within
the absolute time range.
If a time range defines the period time range and the absolute time range, the time
range is only active when the period time range and the absolute time range are both
matched. For example, a time range defines a period time range which is from 12:00 to
14:00 every Wednesday, and defines an absolute time range which is from 00:00
2004/1/1 to 23:59 2004/12/31. This time range is only active from 12:00 to 14:00 every
Wednesday in 2004.
If neither starting time nor end time is specified, the time range is 24 hours (0:00 to
24:00).
If no end date is specified, the time range is from the date of configuration till the largest
date available in the system.
If you input the parameter when use the undo time-range command, the system will
delete the corresponding content of the time range according to the parameter input.
Example
# Configure a time range being effective since zero hour on January 1, 2000 and
forever.
[Quidway] time-range test from 0:0 2000/1/1

1-17

Chapter 2 Qos Command

2.1 QoS Command
2.1.1 display mirroring-group
Syntax
display mirroring-group [ groupid ]
View
Any view
Parameter
groupid: Port mirroring group ID, ranging from 1 to 20.
Description
Using the display mirroring-group command, you can view the parameter
configuration of a port mirroring group. The information displayed includes the
monitored ports, direction of monitored packets, monitoring ports, and so on.
For the related configuration, see mirroring-group.
Example
# Display the parameter configuration of a port mirroring group.
[Quidway] display mirroring-group
mirroring-group 1 inbound Ethernet6/0/1 mirrored-to Ethernet6/0/2
2.1.2 display priority-trust

Syntax
display priority-trust
View
Any view
2-1

Parameter
None
Description
Using the display priority-trust command, you can view the priority by which the
switch places the packets in the output queue.
For the related configuration, see priority-trust.
Example
# Display the queue scheduling mode and parameter.
<Quidway>display priority-trust
Priority trust mode: local-precedence
2.1.3 display qos cos-local-precedence-map

Syntax
display qos cos-local-precedence-map
View
Any view
Parameter
None
Description
Using the display qos cos-local-precedence-map command, you can view COS
Local-precedence map table.
Example
# Display the COSLocal -precedence map table.
<Quidway> display qos cos-local-precedence-map
cos-local-precedence-map:
cos :
-------------------------------------------------------------------local-precedence :

2-2

2.1.4 display qos-interface all

Syntax
display qos-interface [ interface-name | interface-type interface-num ] all
View
Any view
Parameter
interface-name | interface-type interface-num: Interfaces of the switch, for detailed
description, please refer to Command Manual Port.
Description
Using the display qos-interface all command, you can view QoS setting information
of all interfaces. If you do not input interface parameters, this command will display all
QoS setting information of the switch, including traffic policing, rate limit at interface, etc;
if you input interface parameters, this command will display QoS setting information of
specified interfaces, including traffic policing, rate limit at interfaces, etc.
Example
# Display all the configurations of QoS parameters.
<Quidway> display qos-interface all
GigabitEthernet5/0/1: traffic-limit
Inbound:
Matches: acl 2000 rule 0
running
Target rate: 4 Mbps
GigabitEthernet5/0/1:traffic-priority
Outbound:
Matches: acl std1 rule 0
running
Priority action: dscp ef
GigabitEthernet5/0/1: traffic-red
Outbound:
Matches: acl r1 rule 0
running
Queue length of start random discarding: 64

Queue length of stop random discarding: 128
Max probability of discarding: 20

2-3

GigabitEthernet5/0/1:traffic-statistic
Inbound:
running
0 byte
0 packet
Outbound:
running
0 byte
0 packet
Outbound:
running

GigabitEthernet5/0/2: traffic-bandwidth
Outbound:
running
Minimum guaranteed bandwidth: 64

Maximum available bandwidth: 128
Bandwidth weight: 100
Table 2-1 Field description of this command

Fielde
Explanation
Traffic monitoring configuration:
inboundmeans this configuration is

effective to packets received by
interfaces.
Inbound:
Matches: acl 2000 rule 0 running
Target rate: 4 Mbps
Matches: acl 2000 rule 0 running

Burst size: 64 Kbps means that 4 Mbps
is the maximum rate of packets that
match with subrule0 of ACL1.
Priority mark:
Outbound:
Matches: acl std1 rule 0 running
Outbound means that this configuration

is effective to packets sent by interfaces.

Priority action: dscp ef means that the
DSCP priority mark of the packet that
match with ACL std1 s subrule0 is ef.

2-4

Fielde
Explanation
RED configuration of the port:
is effective to packets sent by interfaces.
Matches: acl r1 rule 0 running is the
rule of packet classification.
Outbound:
Matches: acl r1 rule 0 running
Queue length of start random
discarding: 64
Queue length of stop random
discarding: 128
Queue length of start random

discarding: 64 means the queue length
at which the packets will be discarded
randomly; the packet whose length is less
than 64 will not be discarded.
Queue length of stop random

discarding: 128 means the queue length
at which the random packet drop will stop;
the packet whose length is larger than
128 will be totally discarded.
represents that the probability of
discarding when the queue reaches the
length where the system stops random
discarding.
Inbound:
Traffic statistics:

0 byte
0 packet
Outbound:
0 byte

0
byte
0 packet means that the number
of the packets that match with the subrule
0 of ACL std1 is 0.
0
byte
0 packet means that the number
of the packets that match with the subrule
1 of ACL std1 is 0.
0 packet

2-5

Fielde
Explanation
Configuration
guarantee.
Outbound:
Matches: acl r1 rule 0 running
of
port
bandwidth

is effective to packets sent by interfaces
Matches: acl r1 rule 0 running is the
rule of packet classification.
represents the minimum guaranteed
bandwidth.

represents the maximum guaranteed
bandwidth.
Bandwidth weight: 100 represents
bandwidth
weight.
For
detailed
explanation, see traffic-bandwidth.
2.1.5 display qos-interface line-rate

Syntax
display qos-interface [ interface-name | interface-type interface-num ] line-rate
View
Any view
Parameter
interface-name | interface-type interface-num: Interface of switch, for detailed
description, please refer to Command Manual Port.
Description
Using the display qos-interface line-rate command, you can view the parameter
setting of traffic rate limitation in the interface output direction, including the output
interfaces and their limited traffic rate. If you do not input interface parameters, you will
view the parameter setting of traffic rate limitation of all interfaces in output direction; if
you do not input interface parameters, you will view the parameter setting of traffic rate
limitation at specified interfaces in output direction.

2-6

Example
# Display the parameter configuration of interface traffic rate limitation.
[Quidway-Ethernet3/0/4] display qos-interface line-rate
Ethernet3/0/2: line-rate
Line rate: 3072 kbps
Table 2-2 Field description of this command

Field
Explanation
Rate limitation configuration at interface Ethernet3/0/2:

The maximum sum of all the packets rates at the
Ethernet3/0/2 interface is 3072 kbps.
2.1.6 display qos-interface queue-scheduler

Syntax
display qos-interface [ interface-type interface-num ] queue-scheduler
View
Any view
Parameter
interface-name | interface-type interface-num: Interface of the switch, for more detail,
please refer to Command Manual Port.
Description
Using display qos-interface queue-scheduler command to display the queue
scheduling configuration of the port.
Example
# Display the queue scheduling configuration of GigabitEthernet5/0/1.
<Quidway> display qos-interface gigabitethernet 5/0/1 queue-scheduler
GigabitEthernet5/0/1:
Queue scheduling mode: weighted round robin
weight of queue 1: 10

2-7

COS configuration:
Config (max queues): 8
Schedule mode: weighted round-robin
Weighting (in packets):
COSQ 0 = 10 packets
COSQ 1 = 5 packets
COSQ 2 = 10 packets
COSQ 3 = 10 packets
COSQ 4 = 5 packets
COSQ 5 = 10 packets
COSQ 6 = 5 packets
COSQ 7 = 10 packets
Egress port queue statistics(in bytes):
Priority
CosQ
Threshold
Count
Used(%):
18432
2560
2560
2560
2560
2560
2560
2560
common queue statistics(in bytes):

49152
2.1.7 display qos-interface traffic-bandwidth

Syntax
display
qos-interface
interface-name
traffic-bandwidth
View
Any view

2-8
interface-type
interface-num

Parameter
Description
Using the display qos-interface traffic-bandwidth command, you can view the
configuration information of the bandwidth guarantee.
For the related configuration, see traffic-bandwidth.
Example
# Display the parameter configuration of traffic limitation.
<Quidway> display qos-interface gigabitEthernet5/0/2 traffic-bandwidth
Outbound:
running

Table 2-3 Field explanation of this command

Field
Explanation
Configuration information of the port bandwidth
guarantee:
traffic-bandwidth
Outbound means that this configuration is

effective to packets sent from interfaces
Outbound:
Matches: acl r1 rule 0 running is the rule of

packet classification.

running
Minimum
bandwidth: 64
Maximum
bandwidth: 128
guaranteed
available
Minimum guaranteed bandwidth: 64 represents

the minimum guaranteed bandwidth for the
packets that match with traffic rules.
Maximum available bandwidth: 128 represents

the maximum guaranteed bandwidth for the packets
that match with traffic rules.
Bandwidth weight: 100 represents bandwidth
weight.
For
detailed
explanation,
see
traffic-bandwidth.

2-9

2.1.8 display qos-interface traffic-limit

Syntax
display qos-interface [ interface-name | interface-type interface-num ] traffic-limit
View
Any view
Parameter
Description
Using the display qos-interface traffic-limit command, you can view the parameter
setting of traffic rate limitation. The displayed content includes the ACLs of the traffic to
be limited, the average of the limited rate and the related monitoring actions, etc.
For the related configuration, see traffic-limit.
Example
<Quidway> display qos-interface gigabitEthernet5/0/1 traffic-limit
Inbound:
running
Target rate: 4 Mbps

Field
Explanation
traffic-limit
Traffic monitoring configuration information:
Inbound:
inboundmeans this configuration is effective to

packets received by interfaces.

running
Target rate: 4 Mbps
Matches: acl 2000 rule 0 running Burst size: 64

Kbps represents that 4 Mbps is the maximum rate
of the packets that match with subrule0 of ACL1.

2-10

2.1.9 display qos-interface traffic-priority

Syntax
display qos-interface [ interface-name | interface-type interface-num ] traffic-priority
View
Any view
Parameter
Description
Using the display qos-interface traffic-priority command, you can view the setting of
the priority mark parameters. The displayed content includes the corresponding ACLs
of the traffic with priority mark, priority mark types and value, etc.
For the related configuration, see traffic-priority.
Example
# Display the configuration of the priority mark parameter.
<Quidway> display qos-interface gigabitEthernet5/0/1 traffic-priority
Outbound:
running

Field
Explanation
GigabitEthernet5/0/1:traffic-pri
ority
Outbound:
running
Priority mark information:

effective to packets sent by interfaces.
Matches: acl std1 rule 0 running Priority action:
dscp ef means that the DSCP priority mark of the
packets that match with ACL std1 s subrule0 is
ef.

2-11

2.1.10 display qos-interface traffic-red

Syntax
display qos-interface [ interface-name | interface-type interface-num ] traffic-red
View
Any view
Parameter
Description
Using the display qos-interface traffic-red command, you can view the configuration
information of the RED operation.
The cards except A type ones do not support traffic RED function.
For the related configuration, see traffic-red.
Example
<Quidway> display qos-interface gigabitEthernet5/0/1 traffic-red
Outbound:
running


2-12


Field
Explanation
RED Configuration information of the interface:
effective to packets sent by interfaces.
traffic-red
Matches: acl r1 rule 0 running is the rule of

packet classification.
Outbound:
Matches:
running
acl
r1
rule
Queue length of
random discarding: 64
start
Queue length of
random discarding: 128
stop
Max
probability
discarding: 20
of

means the queue length at which the packets will
be discarded randomly; the packet whose length
is less than 64 will not be discarded.
means the queue length at which the random
packet drop will stop; the packet whose length is
larger than 128 will be totally discarded.
Max probability of discarding: 20 represents
that the probability of discarding when the queue
reaches the length where the system stops
random discarding.
2.1.11 display qos-interface traffic-redirect

Syntax
display qos-interface [ interface-name | interface-type interface-num ] traffic-redirect
View
Any view
Parameter
Description
Using the display qos-interface traffic-redirect command, you can view the setting
of the redirection parameters. The displayed content includes the corresponding ACLs
of the traffics to be redirected, the redirected interfaces, etc.
For the related configuration, see traffic-redirect.

2-13

Example
# Display the redirection parameter configuration.
<Quidway> display qos-interface traffic-redirect
traffic-redirect
running
Redirected to: interface Ethernet5/0/2

running
Redirected to: interface Ethernet5/0/2

Field
Explanation
traffic-redirect
Packet redirection configuration:

running
Redirected to: interface
Ethernet5/0/2
running
Redirected to: interface
Ethernet5/0/2
Matches: acl std1 rule 0 running Redirected to:

interface Ethernet5/0/2 means the packets that
match with subrule 0 of the ACL std1 will be
redirected to the interface Ethernet5/0/2.
Matches: acl std1 rule 1 running Redirected to:
interface Ethernet5/0/2 means the packets that
match with subrule1 of the ACL std1 will be
redirected to the interface Ethernet5/0/2.
2.1.12 display qos-interface traffic-statistic

Syntax
display
qos-interface
interface-name
interface-type
interface-num
traffic-statistic
View
Any view
Parameter

2-14

Description
Using the display qos-interface traffic-statistic command, you can view the traffic
statistics information. The displayed content includes the corresponding ACLs of the
traffics to be calculated, the number of calculated packets, etc.
For the related configuration, see traffic-statistic.
Example
# Display the traffic statistics information.
<Quidway> display qos-interface gigabitEthernet5/0/1 traffic-statistic
Inbound:
running
0 byte
0 packet
Outbound:
running
0 byte
0 packet

Field
Explanation
GigabitEthernet5/0/1:traffic-sta
tistic
Inbound:
running
0 byte
0 packet
Outbound:
running
Information of traffic statistics:

Matches: acl std1 rule 0 running 0 byte 0
packet means that the number of the packets that
match with the subrule 0 of ACL std1 is 0.
Matches: acl std1 rule 1 running 0 byte 0
packet means that the number of the packets that
match with the subrule 1 of ACL std1 is 0.
0 byte
0 packet

2-15

2.1.13 inboundcar
Syntax
inboundcar { enable | disable }
View
System view
Parameter
enable: Enable the inbound CAR function.
disable: Disable the inbound CAR function.
Description
Use the inboundcar enable command to enable the inbound CAR function.
Use the inboundcar disable command to disable the inbound CAR function.
By default, the inbound car is disabled.
Note:
The inboundcar command is only effective to the type A card.
The inboundcar command takes effect only after you restart the switch.
When the inbound CAR function is enabled and the same ACL rules are sent to the
different ports, they are treated as different rules, thus seizing multiple entries. If you
configure the CAR function for the traffic matching the same rule on multiple ports, the
switch provides a bandwidth gurantee to the traffic matching the CAR rule on each port.
When the inbound CAR function is disabled and the same ACL rules are sent to the
different ports, they are treated as the same one, thus seizing one entry only. If you
configure the CAR function for the traffic matching the same rule on multiple ports, the
switch provides a bandwidth gurantee to the traffic matching the CAR rule on these
ports.
For example, to set the CAR bandwidth of 2 M for the traffic matching the rule 0 on the
switch, use the traffic-limit command to configure the CAR rule on two ports. The
following describes the bandwidth gurarantee with inbound CAR function enabled or
disabled.
2-16

z
If the inbound CAR function enabled, the two ports provides 2M bandwidth
gurarantee for the traffic mathching the rule 0 on each port.
If the inbound CAR function enabled, the two ports provides the total bandwidth
gurarantee of 2M for the traffic mathching the rule 0 on the two ports.
Example
# Enable the inbound CAR function on the switch.
[Quidway] inboundcar enable
2.1.14 line-rate
Syntax
line-rate [ kbps ] target-rate
undo line-rate
View
QoS view
Parameter
kbps: Specifies the rate limit of the port to kbps. In this approach, the rate is in kbps and
the granularity can be as low as 64 kbps.
target-rate: The total limited rate of the the packets sent by interfaces, ranging from 1 to
1000; in Mbps.
Description
Using the line-rate command, you can limit the total rate of the packets delivered by
interfaces. Using the undo line-rate command, you can cancel the configuration of
limit rate at interfaces.
Note:
Only the cards except A type ones support the port rate limitation.
Example
# The rate limitation of interface GigabitEthernet7/0/1 is 10 Mbps.
2-17

[Quidway-qosb-GigabitEthernet7/0/1] line-rate 10
2.1.15 mirroring-group
Syntax
mirroring-group groupId { inbound | outbound } mirroring-port-list &<1-8>
mirrored-to monitor-port
undo mirroring-group groupId
View
System view
Parameter
groupid: Port mirroring group ID, ranging from 1 to 20.
Inbound: Performs monitoring to the packets received by interfaces.
outbound: Performs monitoring to the packets sent by interfaces.
mirroring-port-list: The list of Ethernet ports, means multiple Ethernet interfaces,
donated as port-list={ { interface_type interface_num | interface_name } [ to
{ interface_type interface_num | interface_name } ] }&<1-8>. For detailed description of
interface_type, interface_num, interface_name, please refer to Command Manual
Port. &<1-8> means the previous parameters can be input 8 times at the most.
mirrored-to monitor-port: Specifies monitoring ports.
Description
Using the mirroring-group command, you can configure port mirroring group. Using
the undo mirroring-group command, you can cancel the port mirroring group.
The switch supports multi-to-one port mirroring, that is to copy packets of many ports to
a monitoring port and perform monitoring. S6500 Series Switches configure port
mirroring function through the configuration of port mirroring group. You can configure
one monitoring port and multiple monitored ports in each port monitoring group,
meanwhile, you can specify the direction of the monitored packets.
S6500 Series Switches can be configured with 20 port mirroring groups at the most.
Some cards do not support port mirroring. If you configure port mirroring on these cards,
the system will prompt Not support.

2-18

Note:
Restrictions of port mirroring configuration:
z
The mirroring port and the mirrored port must be located at the same interface card.
As for a non-48-port interface card, only one port mirroring group can be configured
in one mirroring direction. For instance, one interface card can be configured with
only one port mirroring group for monitoring received packets. If you configure
another port mirroring group for monitoring received packets, the system will prompt
that configuration fails. The restrictions of port mirroring configuration for monitoring
sent packets is similar to this one.
As for a 48-port interface card, the monitoring port and the monitored port must
belong to the same port range simultaneously, that is, either 1-24 ports or 25-48
ports. Only one port mirroring group can be configured in one mirroring direction For
instance, in the range of port 1 to port 24, one interface card can be configured with
only one port mirroring group for monitoring received packets. If you configure
another port mirroring group for monitoring received packets, the system will prompt
that configuration fails. The restrictions of port mirroring configuration for monitoring
sent packets is similar to this one.
For the related configuration, see display mirroring-group.
Example
#Configure mirroring group 1; the monitored port is Ethernet3/0/1~Ethernet3/0/3; the
monitoring port is Ethernet3/0/4; only packets received by port are monitored.
[Quidway] mirroring-group 1 inbound ethernet 3/0/1 to ethernet 3/0/3 mirrored-to
ethernet 3/0/4
2.1.16 priority
Syntax
priority priority-level
undo priority
View
Ethernet port view
Parameter
priority-level: The value of port priority level, ranging from 0 to 7.
2-19

Description
Using the priority command, you can set the priority of the Ethernet interface. Using
the undo priority command, you can resume the default situation.
By default, the priority of port is 0.
This command is used to set the priority of the Ethernet interface. If the received
packets without the mark of VLAN, the switch will use the default VLAN of the port
receiving the packets as the VLAN mark of the packets, then the 802.1p priority of the
VLAN mark will be the priority of the receiving port.
Example
# Set the priority level of port Ethernet1/0/1 to 7.
[Quidway-Ethernet1/0/1] priority 7
2.1.17 priority-trust
Syntax
priority-trust { dscp | ip-precedence | cos | local-precedence }
View
System view
Parameter
dscp: Puts the packets into corresponding port output queue according to dscp
priority.
ip-precedence: Puts the packets into corresponding port output queue according to IP
precedence.
cos: Puts the packets into the corresponding port output queue according to 802.1p
priority.
local-precedence: Puts the packets into corresponding port output queue according to
local precedence.
Description
Using the priority-trust command, you can configure the priority by which the switch
puts packets into the port output queue.
By default, the switch chooses the local-precedence.
2-20

The switch can choose different levels of precedence when it puts the packets into the
port output queue.
The switch ports support eight output queues with different levels of precedence, The
higher the precedence, the earlier it will be delivered.
z
dscp precedence: dscp precedence value ranges from 0 to 63 inclusive, then the
packets with precedence value 0 to 7 are put into queue 0, and those with
precedence value 8 to 15 are put into queue 1, and so on.
ip-precedence: ip-precedence value ranges from 0 to 7, the packets with

precedence value 0 are put into queue 0, and those with precedence value 1 is put
into queue 1, and so on.
cos precedence: cos value ranges from 0 to 7, the packet whose precedence
value is 0 is put into queue 2, the packet whose precedence value is 1 is put into
queue 0, the packet whose precedence value is 2 is put into queue 1, the packet
whose precedence value is 3 is put into queue 3, and so on.
local-precedence: local-precedence value ranges from 0 to 7. The packet

whose precedence value is 0 is put into queue 0, and so on.
Example
# Configure the switch to choose dscp precedence.
[Quidway] priority-trust dscp
2.1.18 qos
Syntax
qos
View
Ethernet port view
Parameter
None
Description
Using the qos command, you can enter QoS view and perform the corresponding QoS
configuration.

2-21

Note:
Different interface cards of S6500 Series Switches support different QoS functions. You
can use ? to query the supported QoS configurations after entering different QoS
views.
Example
# Enter QoS view and query the QoS configuration supported by the interface card.
[Quidway-GigabitEthernet7/0/1] qos
[Quidway-qosb-GigabitEthernet7/0/1] ?
Qosb view commands:
catch
catch
display
Display current system information
line-rate
Limit the rate of the outbound packets of the interface
packet-filter
Filter packets based on acl
ping
Ping function
quit
reset
Reset operation
tracert
traffic-limit
Limit the rate of the packets
traffic-priority
Specify new priority of the packets
traffic-redirect
Redirect the packets
traffic-statistic
Count the packets
undo
Cancel current setting
2.1.19 qos cos-local-precedence-map

Syntax
qos
cos-local-precedence-map
cos0-map-local-prec
cos1-map-local-prec
cos2-map-local-prec cos3-map-local-prec cos4-map-local-prec cos5-map-local-prec

cos6-map-local-prec cos7-map-local-prec
undo qos cos-local-precedence-map
View
System view

2-22

Parameter
cos0-map-local-prec: The mapping value from COS 0 to local-prec, ranging from 0 to 7.
Description
Using the qos cos-local-precedence-map command, you can configure COS
Local-precedence mapping table. Using the undo qos cos-local-precedence-map
By default, the system provides default COS Local-precedence mapping table.
Table 2-9 Default COS Local-precedence mapping table
COS value
Local precedence
Example
# Configure the COS Local-precedence mapping table.
[Quidway] qos cos-local-precedence-map 0 1 2 3 4 5 6 7
After configuration, the mapping table is as follows:

2-23

Table 2-10 COS Local-precedence mapping table

COS value
Local precedence
2.1.20 queue-scheduler
Syntax
queue-scheduler { rr | strict-priority | wrr queue1-weight queue2-weight
queue3-weight
queue4-weight
queue5-weight
queue6-weight
queue7-weight
queue8-weight }
undo queue-scheduler
View
QoS view
Parameter
rr: Indicates the queue adopts round robin algorithm.
strict-priority: Indicates the queue performs strict priority scheduling.
wrr queue1-weight queue2-weight queue3-weight queue4-weight queue5-weight
queue6-weight queue7-weight queue8-weight: Indicates that the queue adopts the
weighted round robin algorithm, with the weight range from 0 to 15.
Description
Use the queue-scheduler command to set the queue scheduling mode and
parameters.
Use the undo queue-scheduler command to restore the defaults.

2-24

By default, the strict priority scheduling is adopted.

Related command: display qos-interface queue-scheduler.
Example
# Set the queue scheduling mode to weighted round robin, with the weights 10, 5, 10,
10, 5, 10, 5, and 10 respectively.
[Quidway-qosb-GigabitEthernet5/0/1] queue-scheduler wrr 10 5 10 10 5 10 5 10
2.1.21 reset traffic-statistic

Syntax
reset traffic-statistic { inbound | outbound } { ip-group { acl-number | acl-name }
[ rule rule ] | link-group { acl-number | acl-name } [ rule rule ] }
Note:
LS81GT8UA cards.
reset traffic-statistic inbound { user-group { acl-number | acl-name } [ rule rule ] |
[ rule rule ] }* }
Note:
Combined activating of IP ACL and Link ACL is supported by the Cards except A Type
Ones. But the sum of the bytes number defined by IP ACL and that defined by the Link

2-25

View
QoS view
Parameter
ip-group { acl-number | acl-name } [ rule rule ]: the basic or advanced
ACLs;acl-number: the sequence number of ACLs, ranging from 2000~3999;
acl-number: the name of ACLs, character string, which must be started with an English
letter (i.e., a-z or A-Z), and there should not be a space or quotation mark in it; rule rule:
(Optional) specifies a subitem of an ACL, ranging from 0 to 127, it represents all the
subitems of the ACL if not specified.
link-group { acl-number | acl-name } [ rule rule ]: The Layer 2 ACL; acl-number: the
sequence number of an ACL, ranging from 4000~4999; acl-name: the name of an ACL,
character string, which must be started with an English letter (i.e., a-z or A-Z), and there
should not be a space or quotation mark in it; rule rule: (Optional) specifies the subitem
of an ACL, ranging from 0 to 127, it represents all the subitems of the ACL if not
specified.
Description
Using the reset traffic-statistic command, you can clear the specified or all the traffic
statistics information.
Table 2-11 The comparison between reset commands of statistics information
Command
Function
reset acl counter
Reset the statistics information of the ACL which is used in the

case of filtering or classifying the data treated by the software
of switch. The case includes: ACL cited by route policy
function, ACL used for control logon user, etc. The ACL
number ranges from 2000~3999.
reset
traffic-statistic
Reset statistic information of traffic. This command is used in

the case of filtering or classifying the data transmitted by the
hardware of switch. Commonly, this command is used to reset
the statistics information of the traffic-statistic command.
Example
# Clear the traffic statistics information of ACL 2000.
2-26

[Quidway-qoss-Ethernet3/0/1] reset traffic-statistic inbound ip-group 2000
2.1.22 traffic-bandwidth
Syntax
traffic-bandwidth outbound { ip-group { acl-number | acl-name } [ rule rule ] |
link-group { acl-number | acl-name } [ rule rule ] } min-guaranteed-bandwidth
max-guaranteed-bandwidth weight
undo traffic-bandwidth outbound { ip-group { acl-number | acl-name } [ rule rule ] |
link-group { acl-number | acl-name } [ rule rule ] }
View
QoS view
Parameter
outbound: The packets sent from the port.
ip-group { acl-number | acl-name } [ rule rule ]: the basic or advanced ACLs;
acl-number: the sequence number of ACLs, ranging from 2000~3999; acl-number: the
name of ACLs, character string, which must be started with an English letter (i.e., a-z or
A-Z), and there should not be a space or quotation mark in it; rule rule: (Optional)
specifies a subitem of an ACL, ranging from 0 to 127, it represents all the subitems of
the ACL if not specified.
specified.
min-guaranteed-bandwidth: The minimum guaranteed bandwidth, in kbps, ranging
from 0 to 8388608, which must be the multiple of 64 kbps.
max-guaranteed-bandwidth: The maximum guaranteed bandwidth, in kbps, ranging
from 0 to 8388608, which must be the multiple of 64 kbps.
weight: The bandwidth weight, ranging from 1 to 100, in percentage. It is used in the
situations when there is several traffic bandwidth guarantees at the current port. For
instance, there is 10 M port bandwidth supporting two flows. The minimum bandwidth
for each flow is 2 M, and the maximum is 8 M, then the bandwidth weights are 40% and
80% respectively. After the port guarantees the minimum bandwidth for both flows (that

2-27

is, 4 M), the remaining bandwidth (6M) cannot support the maximum bandwidth of both
flows (16M). If the bandwidth occupied by the two flows exceeds the minimum
bandwidth guarantee, then the remaining bandwidth (6 M) will be allocated to each flow
according to the bandwidth weights (40% : 80%).
Note:
Assume there are N flows at one port, the port bandwidth is Bp, the minimum
guaranteed bandwidth of the ith flow isBimin, and the maximum guaranteed bandwidth
of the ith flow is Bimax, and the weight is Wi. If the bandwidth occupied by all the flows
is greater than their minimum guaranteed bandwidth, and the sum of maximum
guaranteed bandwidth is greater than port bandwidth Bp, the bandwidth allocated to
the ith flow is Bi= Bimin+(Bp-
i min
)*Wi/
Wi .
N
Description
Using the traffic-bandwidth command, you can activate the ACL and provide
bandwidth guarantee for the corresponding traffic (the command is only effective to the
permit rule). Using the undo traffic-bandwidth command, you can remove this
function.
This configuration provides the minimum bandwidth guarantee and maximum available
bandwidth for specific traffic.
For the related configuration, see display qos-interface traffic-bandwidth.
Note:
The cards except A type ones do not support this command.
Only the rule with the action of permit can be activated by this command successfully.
Example
# Guarantee the bandwidth of the packets that match with the rule of permit in ACL
2000, the minimum guaranteed bandwidth is 64 k, the maximum available bandwidth is
128 k, and bandwidth weight is 50.
[Quidway-qoss-Ethernet3/0/1] traffic-bandwidth outbound ip-group 2000 64 128 50

2-28

2.1.23 traffic-limit
Syntax
traffic-limit { inbound | outbound } { ip-group { acl-number | acl-name } [ rule rule] |
link-group { acl-number | acl-name } [ rule rule ] } target-rate
undo traffic-limit { inbound | outbound } { ip-group { acl-number | acl-name } [ rule
Note:
LS81GT8UA cards.
traffic-limit inbound { user-group { acl-number | acl-name } [ rule rule ] | { ip-group
{ acl-number | acl-name } [ rule rule ] | link-group { acl-number | acl-name } [ rule
rule ] }* } [ kbps ] target-rate [ exceed action ]
undo traffic-limit inbound { user-group { acl-number | acl-name } [ rule rule ] |
[ rule rule ] }* }
Note:
View
QoS view

2-29

Parameter
inbound: Performs traffic limitation to the packets received by the interface.
outbound: Performs traffic limitation to the packets sent by the interface.
specified.
kbps: Specifies the traffic limit to kbps. In this approach, the rate is in kbps and the
granularity can be as low as 64 kbps.
target-rate: The set normal traffic, as for the LS82GP20 and LS82GT20 interface cards,
the value ranges from 1 to 1000, in Mbps; as for other types of interface cards, the unit
is kpbs, the value ranges from 64 to 8388608 and must be the multiple of 64k.
exceed action: (Optional) The action taken when the traffic exceeds the threshold. Only
LS82GP20 and LS82GT20 interface cards support this parameter. The action can be:
z
drop: Drops the packets.
remark-dscp value: Sets new DSCP value.
Description
Using the traffic-limit command, you can activate ACL and perform traffic limitation.
Using the undo traffic-limit command, you can remove traffic limitation.
This command performs traffic limitation to the packets that match with specified ACL
rule, and is only effective to the permit rule.

2-30

Example
# Perform traffic limitation to packets that match with the permit rule of ACL 2000. The
normal traffic is 128 kbps.
[Quidway-qoss-Ethernet3/0/1] traffic-limit inbound ip-group 2000 128
2.1.24 traffic-priority
Syntax
traffic-priority { inbound | outbound } { ip-group { acl-number | acl-name } [ rule rule ]
| link-group { acl-number | acl-name } [ rule rule ] } { { dscp dscp-value |
ip-precedence pre-value } | local-precedence pre-value }*
undo traffic-priority { inbound | outbound } { ip-group { acl-number | acl-name }
[ rule rule ] | link-group { acl-number | acl-name } [ rule rule ] }
Note:
LS81GT8UA cards.
traffic-priority inbound { user-group { acl-number | acl-name } [ rule rule ] |
[ rule rule ] }* } { { dscp dscp-value | ip-precedence pre-value } | { cos cos |
local-precedence pre-value } }*
undo traffic-priority inbound { user-group { acl-number | acl-name } [ rule rule ] |
[ rule rule ] }* }

2-31

Note:
View
QoS view
Parameter
inbound: Performs priority marking to the packets received by the interface.
outbound: Performs priority marking to the packets sent by the interface.
link-group { acl-number | acl-name } [ rule rule ] : The Layer 2 ACL; acl-number: the
specified.
dscp dscp-value: Set DSCP precedence, ranging from 0 to 63.
ip-precedence pre-value: Set IP precedence, pre-value is the IP precedence, ranging
from 0 to 7.
cos cos: Specifies 802.1p preference, ranging from 0 to 7.
local-precedence pre-value: Set local precedence, ranging from 0 to 7.

2-32

Description
Using the traffic-priority command, you can activate ACL and perform priority marking.
Using the undo traffic-priority command, you can remove the priority marks.
The system can mark the packets with various levels of precedence (dscp precedence
and IP precedence).
For the related configuration, see display qos-interface traffic-priority.
Example
# Perform priority marking to packets that match with the permit rule of ACL 2000. Set
its local priority to 0.
[Quidway-qoss-Ethernet3/0/1] traffic-priority outbound ip-group 2000 local-precedence
0
2.1.25 traffic-red
Syntax
traffic-red outbound { ip-group { acl-number | acl-name } [ rule rule ] | link-group
{ acl-number | acl-name } [ rule rule ] } qstart qstop probability
undo traffic-red outbound { ip-group { acl-number | acl-name } [ rule rule ] |
link-group { acl-number | acl-name } [ rule rule ] }
View
QoS view
Parameter
outbound: Performs RED operation to the sent packets.
link-group { acl-number | acl-name } [ rule rule ] : The Layer 2 ACL; acl-number: the

2-33

specified.
qstart: The queue length where the system starts to drop packets randomly. The queue
whose length is less than qstart will not be dropped. The value ranges from 0 to 262128,
in KB; it must be the multiple of 16KB.
qstop: The queue length where the system stops random dropping of packets. The
queue whose length is greater than qstop will be dropped totally. The value ranges from
0 to 262128, in KB; it must be the multiple of 16 KB.
probability: The drop probability when red-qstop is reached, ranging from 0% to 100%.
Description
Using the traffic-red command, you can enable RED operation and set RED
parameters. Using the undo traffic-red command, you can remove the RED
configuration.
For the related configuration, see display qos-interface traffic-red.
Note:
The cards except A type ones do not support this command.
Example
# Perform RED operation to the packets that match with the permit rule of ACL 2000.
RED parameters can be set as follows: the queue length where the system starts
random dropping of packets is 64 KB, the queue length where the system stops
random dropping of packets is 128 KB, and the probability of random drop is 20%.
[Quidway-qoss-Ethernet3/0/1] traffic-red outbound ip-group 2000 64 128 20

2-34

2.1.26 traffic-redirect
Syntax
traffic-redirect inbound { user-group { acl-number | acl-name } [ rule rule ] |
[ rule rule ] }* } { cpu | interface { interface-name | interface-type interface-num } }
undo traffic-redirect inbound { user-group { acl-number | acl-name } [ rule rule ] |
[ rule rule ] }* }
View
QoS view
Parameter
inbound: Performs traffic redirection to the packets received by the interface.
specified.
cpu: Redirects to CPU.
interface { interface-name | interface-type interface-num }: Redirect the packets to the
specified Ethernet interface, interface-type is the interface type which can be
gigabitethernet only; interface-num is the number of interface and represents a
complete interface name together with interface-type; interface-name is equal to
interface-type plus interface-num.

2-35

Description
Using the traffic-redirect command, you can activate ACL and perform redirection (the
command is only effective to permit rule). Using the undo traffic-redirect command,
you can remove the redirection.
For the related configuration, see display qos-interface traffic-redirect.
Note:
Only the cards except A type ones support the packet redirecting configuration.
Example
# Perform redirection to the packets that match with the permit rule of ACL 2000.
Redirect the packets to interface GigabitEthernet7/0/2.
[Quidway-qosb-GigabitEthernet7/0/1] traffic-redirect inbound ip-group 2000 interface
gigabitethernet7/0/2
2.1.27 traffic-statistic
Syntax
traffic-statistic { inbound | outbound } { ip-group { acl-number | acl-name } [ rule
undo traffic-statistic { inbound | outbound } { ip-group { acl-number | acl-name }
[ rule rule ] | link-group { acl-number | acl-name } [ rule rule] }
Note:
LS81GT8UA cards.

2-36

traffic-statistic inbound { user-group { acl-number | acl-name } [ rule rule ] |
[ rule rule ] }* }
undo traffic-statistic inbound { user-group { acl-number | acl-name } [ rule rule ] |
[ rule rule ] }* }
Note:
View
QoS view
Parameter
inbound: Performs statistic operation to the packets received by the interface.
outbound: Performs statistic operation to the packets sent by the interface. LS82GP20
and LS82GT20 interface cards do not support it.
specified.

2-37

Description
Using the traffic-statistic command, you can activate ACL and perform traffic statistic
(the command is only effective to permit rule). Using the undo traffic-statistic
command, you can remove traffic statistics.
The traffic-statistic command is used to count the number of hardware matches
during the course of packet forwarding. You can use the display qos-interface
traffic-statistic command to view this information.
For the related configuration, see display qos-interface traffic-statistic.
Example
# Perform traffic statistic to the packets that match with the permit rule of ACL 2000.
[Quidway-qoss-Ethernet3/0/1] traffic-statistic inbound ip-group 2000

2-38

Chapter 3 ACL Control Commands to

Control Login Users
Chapter 3 ACL Control Commands to Control

Login Users
3.1 The ACL Control Commands to Control Login Users
3.1.1 acl
Syntax
acl acl-number { inbound | outbound }
undo acl { inbound | outbound }
View
User interface view
Parameter
acl-number: The number identifier of number-based ACLs, ranging from 2000 to 3999.
inbound: Performs ACL control to the users who access the local switch using
TELNET.
outbound: Performs ACL control to the users who access other switches from the local
switch using TELNET.
Description
Using the acl command, you can reference ACL and implement the ACL control to the
TELNET users. Using the undo acl command, you can remove the control to the
TELNET users.
The ACLs referenced by this command can only be the basic and advanced
number-based ACLs.
Example
# Perform ACL control to the users who access the local switch using TELNET (basic
ACL 2000 has been defined).
3-1


Control Login Users
[Quidway-user-interface-vty0-4] acl 2000 inbound
3.1.2 snmp-agent community

Syntax
snmp-agent community { read | write } community-name [ mib-view view-name ]
[ acl acl-number ]
undo snmp-agent community community-name
View
System view
Parameter
read: Indicates that this community name has the read-only right within the specified
view.
write: Indicates that this community name has the read-write right within the specified
view.
community-name: Character string of the community name.
mib-view: Set the MIB view name which can be accessed by the community name.
view-name: MIB view name.
acl acl-numbe: The number identifier of basic number-based ACLs, ranging from 2000
to 2999.
Description
Using the snmp-agent community command, you can set the community access
name, permit the access to the switch using SNMP, and reference the ACL to perform
ACL control to the network management users by acl-number. Using the undo
snmp-agent community command, you can remove the setting of community access
name.
By default, SNMPV1 and SNMPV2C use community name to perform access.
Example
# Set the community name as Huawei, permit the user to perform read-only access by
using this community name, and reference the ACL 2000 to perform ACL control to the
network management users (basic ACL 2000 has already been defined ).

3-2


Control Login Users
[Quidway] snmp-agent community read huawei acl 2000
3.1.3 snmp-agent group

Syntax
snmp-agent group { v1 | v2c } group-name [ read-view read-view ] [ write-view
write-view ] [ notify-view notify-view ] [ acl acl-number ]
undo snmp-agent group { v1 | v2c } group-name
snmp-agent group v3 group-name [ authentication | privacy ] [ read-view
read-view ] [ write-view write-view ] [ notify-view notify-view ] [ acl acl-number ]
undo snmp-agent group v3 group-name [ authentication | privacy ]
View
System view
Parameter
v1: V 1 security mode.
v2c: V 2 security mode.
group-name: Group name, ranging from 1 to 32 bytes.
authentication: With this parameter, the system will authenticate SNMP data without
encrypting it.
privacy: Authenticates and encrypts packets.
read-view: Sets read-only view.
read-view: The name of read-only view, ranging from 1 to 32 bytes.
write-view: Permits to set read-write view.
write-view: The name of read-write view, ranging from 1 to 32 bytes.
notify-view: Sets notify view.
notify-view: The name of notify view, ranging from 1 to 32 bytes.
acl acl-number: The number identifier of basic number-based ACLs, ranging from 2000
to 2999.

3-3


Control Login Users
Description
Using the snmp-agent group command, you can configure a new SNMP group and
reference the ACL to perform ACL control to the network management users by acl
acl-number. Using the undo snmp-agent group command, you can remove a
specified SNMP group.
Example
# Create a SNMP group huawei, and reference the ACL 2001 to perform ACL control
to the network management users (basic ACL 2001 has already been defined).
[Quidway] snmp-agent group v1 huawei acl 2001
3.1.4 snmp-agent usm-user

Syntax
snmp-agent usm-user { v1 | v2c } user-name group-name [ acl acl-number ]
undo snmp-agent usm-user { v1 | v2c } user-name group-name
snmp-agent usm-user v3 user-name group-name [ authentication-mode { md5 |
sha } auth-password privacy des56 priv-password ] [ acl acl-number ]
undo snmp-agent usm-user v3 user-name group-name { local | engineid
engineid-string }
View
System view
Parameter
v2c: V 2 security mode.
user-name: The user name, ranging from 1 to 32 bytes.
group-name: The corresponding group name of the user, ranging from 1 to 32 bytes.
authentication-mode: Specifies the security level to to be authenticated
md5: Specifies the authentication protocol as HMAC-MD5-96.
sha: Specifies the authentication protocol as HMAC-SHA-96.

3-4


Control Login Users
auth-password: Authentication password, character string, ranging from 1 to 64 bytes.

privacy: Specifies the security level as encryption.
des56: Specifies the DES encryption protocol.
priv-password: Encryption password, character string, ranging from 1 to 64 bytes.
acl acl-number: The number identifier of basic number-based ACLs, ranging from 2000
to 2999.
local: Local entity user.
engineid: Specifies the engine ID related to the user.
engineid-string: Engine ID character string.
Description
Using the snmp-agent usm-user command, you can add a new user to an SNMP
group, and reference the ACL to perform ACL control to the network management
users by acl acl-number. Using the undo snmp-agent usm-user command, you can
remove the user from the related SNMP group as well as the configuration of the ACL
control of the user.
Example
# Add a user huawei to the SNMP group huaweigroup. Specify the security level to
to be authenticated, the authentication protocol to HMAC-MD5-96 and the
authentication password to quidway, and reference the ACL 2002 to perform ACL
control to the network management users (basic ACL 2002 has already been defined).
[Quidway] snmp-agent usm-user v3 huawei huaweigroup authentication-mode md5
quidway acl 2002

3-5
HUAWEI

Command Manual
STP
Command Manual - STP

Table of Contents
Table of Contents
Chapter 1 MSTP Configuration Commands ............................................................................... 1-1
1.1 MSTP Configuration Commands ....................................................................................... 1-1
1.1.1 active region-configuration ...................................................................................... 1-1
1.1.2 check region-configuration ...................................................................................... 1-1
1.1.3 display stp ............................................................................................................... 1-3
1.1.4 display stp region-configuration .............................................................................. 1-5
1.1.5 instance ................................................................................................................... 1-6
1.1.6 region-name ............................................................................................................ 1-6
1.1.7 reset stp................................................................................................................... 1-7
1.1.8 revision-level ........................................................................................................... 1-8
1.1.9 stp............................................................................................................................ 1-9
1.1.10 stp bpdu-protection ............................................................................................... 1-9
1.1.11 stp bridge-diameter ............................................................................................. 1-10
1.1.12 stp cost ................................................................................................................ 1-11
1.1.13 stp edged-port ..................................................................................................... 1-12
1.1.14 stp interface......................................................................................................... 1-13
1.1.15 stp interface cost ................................................................................................. 1-14
1.1.16 stp interface edged-port ...................................................................................... 1-15
1.1.17 stp interface loop-protection................................................................................ 1-16
1.1.18 stp interface mcheck ........................................................................................... 1-17
1.1.19 stp interface point-to-point................................................................................... 1-18
1.1.20 stp interface port priority...................................................................................... 1-19
1.1.21 stp interface root-protection ................................................................................ 1-20
1.1.22 stp interface transmit-limit ................................................................................... 1-21
1.1.23 stp loop-protection............................................................................................... 1-21
1.1.24 stp max-hops....................................................................................................... 1-22
1.1.25 stp mcheck .......................................................................................................... 1-23
1.1.26 stp mode.............................................................................................................. 1-23
1.1.27 stp pathcost-standard.......................................................................................... 1-24
1.1.28 stp point-to-point ................................................................................................. 1-26
1.1.29 stp port priority..................................................................................................... 1-27
1.1.30 stp priority............................................................................................................ 1-27
1.1.31 stp region-configuration....................................................................................... 1-28
1.1.32 stp root primary ................................................................................................... 1-29
1.1.33 stp root secondary............................................................................................... 1-30
1.1.34 stp root-protection ............................................................................................... 1-31
1.1.35 stp tc-protection................................................................................................... 1-32
1.1.36 stp timer forward-delay........................................................................................ 1-33
i

Table of Contents
1.1.37 stp timer hello ...................................................................................................... 1-34

1.1.38 stp timer max-age ............................................................................................... 1-35
1.1.39 stp timer-factor .................................................................................................... 1-36
1.1.40 stp transmit-limit .................................................................................................. 1-36
1.1.41 vlan-mapping modulo.......................................................................................... 1-37
Chapter 2 BPDU TUNNEL Configuration Commands................................................................ 2-1
2.1.1 vlan-vpn tunnel ........................................................................................................ 2-1
Chapter 3 Digest Snooping Configuration Commands............................................................. 3-1
3.1 Digest Snooping Configuration Commands ...................................................................... 3-1
3.1.1 stp config-digest-snooping ...................................................................................... 3-1
Chapter 4 Rapid Transition Configuration Commands ............................................................. 4-1
4.1 Rapid Transition Configuration Commands....................................................................... 4-1
4.1.1 stp interface no-agreement-check........................................................................... 4-1
4.1.2 stp no-agreement-check ......................................................................................... 4-2

ii

Chapter 1 MSTP Configuration Commands

1.1 MSTP Configuration Commands
1.1.1 active region-configuration
Syntax
active region-configuration
View
MST region view
Parameter
None
Description
Using active region-configuration command, you can activate the configurations of
MST region.
This command is used for manually activate the configurations of MST region.
Configuring the related parameters, especially the VLAN mapping table, of the MST
region, will lead to the recalculation of spanning tree and network topology flapping. To
bate such flapping, MSTP applies the configured parameters and launches
recalculation of the spanning tree only when you activate the configured MST region
parameters or enable MSTP.
After you entered this command, MSTP will apply the MST region parameters you
configured to the system and recalculate the spanning tree.
For the related command, see instance, region-name, revision-level, vlan-mapping
modulo, check region-configuration .
Example
# Manually activate MST region configurations.
[Quidway-mst-region] active region-configuration
1.1.2 check region-configuration

Syntax
check region-configuration

1-1

View
MST region view
Parameter
None
Description
Using check region-configuration command, you can view the configuration
information (including switch region name, revision level, and VLAN mapping table) to
be activated.
MSTP defines that the user must ensure the correct region configurations, especially
the VLAN mapping table configuration. The switches can be configured in the same
region only if their region names, VLAN mapping tables, and MSTP revision levels are
configured exactly the same. The switch may not be configured in the expected region
due to any slight deviation. You can use this command to display the MST region
configuration information to be activated to know to which MST regions the switch
belongs and check if the MST region configurations are correct.
For the related command, see instance, region-name, revision-level, vlan-mapping
modulo, active region-configuration .
Example
# Display the configuration information about the region.
[Quidway-mst-region] check region-configuration
Admin Configuration:
Format selector :0
Region name
:00b010000001
Revision level
:0
Instance
0
16
Vlans Mapped
1 to 9, 11 to 4094
10
Table 1-1 the display Information

Field
Description
Format selector
Selection factor described in MSPT
Region name
Region name of MST region
Revision level
MSTP revision level of MST region
Instance Vlans Mapped
VLAN mapping table of MST region

1-2

1.1.3 display stp

Syntax
display stp [ instance instance-id ] [ interface interface-list | slot slot-num ] [ brief ]
View
Any view
Parameter
instance-id: Specifies the spanning tree instance ID, ranging from 0 to 16.
interface-list: Ethernet port list, containing multiple Ethernet ports and expressed as
interface _list = { { interface_type interface_num | interface_name } [ to { interface_type
interface_num | interface_name } ] }&<1-10>. For detail descriptions of interface_type,
interface_num and interface_name parameters, refer to the corresponding descriptions
in Port Command Manual. &<1-10> means that the preceding parameters can be
entered up to 10 times.
slot slot-num: Displays STP information of the specific slot.
brief: Display the role, state and protection type of the port only.
Description
Using display stp command, you can view the state information and statistics
information of the spanning tree .
The MSTP state and statistics information can help analyze and maintain the network
topology and maintain the normal operation of MSTP.
If no STI ID or port list is specified, the command will display the spanning tree
information of all the instances on all the ports in port number order. If the instance ID is
specified, the command will display the spanning tree information of the specified
instance on all the port in port number order. If only the port list is specified, the
command will display the information about all the STIs on the port in port number order.
If both the STI ID and port list are specified, the command will displays the spanning
tree information of the specified instance on the specified port in the port list order of the
instance ID. If the aggregation port exists, only the instance information of the primary
port is displayed.
MSTP state information include:
1)
Global CIST parameter: Protocol operation mode, switch priority in the CIST
instance, MAC address, Hello Time, Max Age, Forward Delay, Max Hops, CIST
common root (the primary or the secondary), external path cost of the switch to the
CIST common root, region root, internal path cost of the switch to the CIST
common root, CIST root port of the switch, and whether to enable BPDU
protection.

1-3

2)
CIST port parameter: Port state, role, priority, path cost, designated bridge,
designated port, edge port/non-edge port, whether connected to the point-to-point
link, port transit limit, whether to enable Root protection, number of the VLAN
maps, whether being a region edge port, Hello Time, Max Age, Forward Delay,
Message-age time, and Remaining-hops.
3)
Global MSTIs parameter: MSTI instance ID, bridge priority of the instance,
whether an MSTI root is a primary or secondary one, region root, internal path cost,
MSTI root port, and MASTER bridge.
4)
MSTIs port parameter: Port state, number of the VLAN maps, role, priority, path
cost, designated bridge, designated port and Remaining Hops.
Statistics information: Count of TCN, CONFIG BPDU, RST, and MST BPDU
transmitted/received via the port.
For the related command, see reset stp..
Example
# Display the state and statistics information about the spanning tree.
<Quidway> display stp instance 0 interface Ethernet 2/1/1 to Ethernet 2/1/4
GigabitEthernet 3/2/1 to GigabitEthernet 3/2/4 GigabitEthernet 3/3/1 brief
MSTID
Port
Role
STP State
Protection
Ethernet2/1/1
ALTE
DISCARDING
LOOP
Ethernet2/1/2
DESI
FORWARDING
NONE
Ethernet2/1/3
DESI
FORWARDING
NONE
Ethernet2/1/4
DESI
FORWARDING
NONE
DESI
FORWARDING
NONE
DESI
FORWARDING
NONE
DESI
FORWARDING
NONE
DESI
FORWARDING
NONE
ROOT
FORWARDING
NONE

Field
Description
MSTID
MST instance ID of the port
Port
Port number
Role
Interface role
STP State
STP State of the port, which can be learning,

forwarding, or discarding
Protection
Protection Type of the port, which can be

1-4

1.1.4 display stp region-configuration

Syntax
display stp region-configuration
View
Any view
Parameter
None
Description
Using display stp region-configuration command, you can view the effective MST
region configurations .
MST region configuration information includes: region name, region revision level, and
associations between VLANs and STIs. All these configurations together determine to
which MST region a switch belongs.
For the related command, see stp region-configuration .
Example
# Display the MST region configuration information.
<Quidway> display stp region-configuration
Oper Configuration
Format selector :0
Region name
:huawei
Revision level
:0
Instance
Vlans Mapped
21 to 4094
1 to 10
11 to 20

Field
Description
Format selector
Selection factor described in MSPT
Region name
Region name of MST region
Revision level
MSTP revision level of MST region
Instance Vlans Mapped
VLAN mapping table of MST region

1-5

1.1.5 instance
Syntax
instance instance-id vlan vlan-list
undo instance instance-id [ vlan vlan-list ]
View
MST region view
Parameter
instance-id: Specifies the spanning tree instance ID, ranging from 0 to 16.
vlan-list: Specifies the VLAN list, ranging from 1 to 4094. The switch may support VLAN
4095, 4096 others, however, they can only be mapped to CIST (Instance 0).
Description
Using instance command, you can map the specified VLAN list to the specified STI.
Using undo instance command, you can cancel the specified VLAN list from the
specified STI, the removed VLAN will then be mapped to the CIST (i.e., the Instance 0).
If no VLAN is specified in the undo command, all the VLANs associated with the
specified STI will be mapped to CIST.
By default, all the VLANs are mapped to CIST, i.e., the Instance 0.
MSTP describes the association between VLANs and STIs with the VLAN mapping
table. You can use this command to configure this table. Every VLAN can be mapped to
an STI as per your configuration.
A VLAN cannot be mapped to different instances at the same time. The latter
configured association will replace the former one.
For
the
related
command,
see
region-name,
revision-level,
region-configuration , vlan-mapping modulo, active region-configuration .
Example
# Map VLAN 2 to STI 1 3 5.
[Quidway-mst-region] instance 1 vlan 1 3 5
1.1.6 region-name
Syntax
region-name name
undo region-name

1-6
check

View
MST region view
Parameter
name: Specifies the MST region name of the switch with a character string not
exceeding 32 bytes.
Description
Using region-name command, you can configure the MST region name of a switch.
Using undo region-name command, you can restore the default MST region name.
By default, the MST region name of the switch is the switch MAC address in
hexadecimal notation.
The switch region name, together with VLAN mapping table of the MST region and
MSTP revision level, is used for determining the region to which the switch belongs.
For the related command, see instance, revision-level, check region-configuration ,
vlan-mapping modulo, active region-configuration .
Example
# Set the MST region name of the switch as huawei.
[Quidway-mst-region] region-name huawei
1.1.7 reset stp

Syntax
reset stp [ interface interface-list ]
View
User view
Parameter
Description
Using reset stp command, you can reset the spanning tree statistics information.

1-7

The spanning tree statistics information includes TCN, Config BPDU, RST, and MST
BPDU, received and transmitted on the port. Among them, STP BPDU and TCN BPDU
are counted on CIST.
When the spanning tree ID and port list are specified, the command clears the statistics
information of the specified spanning tree on the specified port. If no port is specified,
the command clears the statistics information of the specified spanning tree on all the
ports. If no spanning tree is specified, the command clears the statistics information of
all the spanning trees.
For the related command, see display stp.
Example
# Clear the statistics information on the ports from Ethernet2/1/1 through Ethernet2/1/3.
z
<Quidway> reset stp interface Ethernet2/1/1 to Ethernet2/1/3
1.1.8 revision-level
Syntax
revision-level level
undo revision-level
View
MST region view
Parameter
level: Specifies the MSTP revision level, ranging from 0 to 65535. By default, MSTP
revision level takes 0.
Description
Using revision-level command, you can configure MSTP revision level of the switch.
Using undo revision-level command, you can restore the default revision-level .
MSTP revision level, together with region name and VLAN mapping table, is used for
determining the MST region to which the switch belongs.
For the related command, see instance, region-name, check region-configuration ,
vlan-mapping modulo and active region-configuration .
Example
# Set the MSTP revision level of the switch MST region to 5.
[Quidway-mst-region] revision-level 5

1-8

1.1.9 stp
Syntax
stp { enable | disable }
undo stp
View
System view, Ethernet port view
Parameter
enable: Enables global or port MSTP.
disable: Disables global or port MSTP.
Description
Using stp command, you can enable or disable MSTP on a device or a port. Using
undo stp command, you can restore the default MSTP state on a device or a port.
By default, MSTP is disabled on the switch.
After MSTP is enabled, the switch determines to run MSTP in STP-compatible mode or
MSTP mode per your configurations. The switch serves as a transparent bridge after
MSTP is disabled.
By default, the MSTP on the switch is disabled, to enable it, you must enable the MSTP
globally.
After MSTP is enabled, it will dynamically maintain the spanning tree state of the
corresponding VLAN according to the received configuration BPDU until it is disabled.
For the related command, see stp mode, stp interface.
Example
# Enable MSTP globally.
[Quidway] stp enable
# Disable MSTP on Ethernet2/1/1.
[Quidway-Ethernet2/1/1] stp disable
1.1.10 stp bpdu-protection

Syntax
stp bpdu-protection
undo stp bpdu-protection

1-9

View
System view
Parameter
None
Description
Using stp bpdu-protection command, you can enable the BPDU protection on the
switch. Using undo stp bpdu-protection command, you can restore the default state
of BPDU protection.
By default, BPDU protection is disabled.
Generally, the access ports of the access layer devices are directly connected to user
terminals (such as PC) or file servers. In this case, the access ports are set to edge
ports to implement fast state transition. However, when such access ports receive
configuration BPDU, the system will automatically set them to non-edge ports and
recalculate the spanning tree, which makes the network topology flap. These ports will
not receive any STP configuration BPDU in normal cases. Anyway, if someone
maliciously attacks the switch with fake configuration BPDU, the network will flap.
MSTP provides BPDU protection function to avoid such attack: After configured with
BPDU protection, the switch will disable the edge port through MSTP, which receives a
BPDU, and notify the network manager at same time. These ports can be resumed by
the network manager only.
Example
# Enable BPDU protection on the switch.
[Quidway] stp bpdu-protection
1.1.11 stp bridge-diameter

Syntax
stp bridge-diameter bridgenum
undo stp bridge-diameter
View
System view
Parameter
bridgenum: Ranges from 2 to 7 and defaults to 7.

1-10

Description
Using stp bridge-diameter command, you can configure the switching network
diameter. Using undo stp bridge-diameter command, you can restore the default
network diameter.
The network diameter refers to the maximum count of switches on the path between
any two terminal devices.
The definition of network diameter: Maximum count of switches between the farthest
communication ends.
stp bridge-diameter command configures the switching network diameter and
determines the three time parameters of MSTP accordingly. This configuration takes
effect on CIST only but makes no sense for MSTI.
The spanning tree convergence can be speeded up, when Hello Time, Forward Delay,
and Max Age are well configured. These parameters are related to the network scale.
You can configure the network scale to get the time parameters. Upon the
user-configured bridge-diameter parameter, MSTP will automatically set Hello Time,
Forward Delay, and Max Age to moderate values. When bridge-diameter defaults to 7,
the time parameters also take their respective default values.
For the related command, see stp timer forward-delay, stp timer hello, stp timer
max-age.
Example
# Set the diameter of the switching network to 5.
[Quidway] stp bridge-diameter 5
1.1.12 stp cost

Syntax
stp [ instance instance-id ] cost cost
undo stp [ instance instance-id ] cost
View
Ethernet port view
Parameter
instance instance-id: Specifies the spanning tree instance ID, ranging from 0 to 16. The
Instance 0 represents CIST.
cost cost: Specifies the port path cost, ranging from 1 to 20000000.

1-11

Description
Using stp instance cost command, you can configure the port path cost on the
specified STI for the current port. Using undo stp instance cost command, you can
restore the path cost on the specified STI.
By default, switch calculates the path costs of a port on different STIs. For more
description, refer to the table offered in the configuration guideline of the stp interface
instance cost command.
You may specify the instance-id parameter as 0 to configure CIST path cost of the port.
The path cost has effect on the port role selection. A port can be configured with
different path costs on different MSTIs. Thus the traffic from different VLANs can run
over different physical links, thereby implementing the VLAN-based load-balancing.
MSTP will recalculate the port role and transit its state, upon the port path cost
changes.
For the related command, see stp interface instance cost .
Example
# Set the path cost of Ethernet2/0/3 on STI 2 to 200.
[Quidway-Ethernet2/0/3] stp instance 2 cost 200
1.1.13 stp edged-port

Syntax
stp edged-port { enable | disable }
undo stp edged-port
View
Ethernet port view
Parameter
enable: Configure the current port as an edge port.
disable: Configure the current port as a non-edge port.
Description
Using stp edged-port enable command, you can configure the current Ethernet port
as an edge port. Using stp edged-port disable command, you can configure the
current Ethernet port as a non-edge port. Using undo stp edged-port command, you
can restore the default state, i.e., non-edge port.
By default, all the switch ports are configured as non-edge port.

1-12

If the current Ethernet port is connected to other switch, you can use the stp
edged-port disable command to configure it as a non-edge port. The stp edged-port
enable command is used for configuring the 0port as an edge port.
A port is considered as an edge port when it is directly connected to the user terminal,
instead of any other switches or shared network segments. The edge port will not
cause loop upon network topology changes. Accordingly, you can configure a port as
an edge port, so that it can transit to forwarding state fast. For this purpose, please
configure the Ethernet port directly connected to the user terminal as an edge port.
Because the edge port is not connected to any other switches, it will not receive the
configuration BPDUs from them. Before BPDU PROTECTION is enabled on the switch,
the port received a BPDU runs as a non-edge port, even if it is configured as edge port.
For the related command, see stp interface edged-port.
Example
# Configure Ethernet2/0/1 as an edge port.
[Quidway-Ethernet2/0/1] stp edged-port disable
1.1.14 stp interface

Syntax
stp interface interface-list { enable | disable }
View
System view
Parameter
enable: Enables MSTP on the port.
disable: Disables MSTP on the port.
Description
Using stp interface command, you can enable/disable MSTP on a switch port in
system view.
By default, if MSTP is enabled globally, it is enabled on every port; if MSTP is disabled
globally, it is also disabled on every port.

1-13

When MSTP is disabled, the corresponding port stays in forwarding state and does not
take part in any STI calculation.
Caution:
Loop may be generated, if you disable MSTP on the port.
For the related command, see stp mode, stp.
Example
# Enable MSTP on Ethernet2/0/1 in system view.
[Quidway] stp interface Ethernet2/0/1 enable
1.1.15 stp interface cost

Syntax
stp interface interface-list [ instance instance-id ] cost cost
undo stp interface interface-list [ instance instance-id ] cost
View
System view
Parameter
cost cost: Specifies the path cost of the port, ranging from 1 to 200000000.
Description
Using stp interface instance cost command, you can configure the path cost of the
specified port on the specified STI in system view.,. Using undo stp interface
instance cost command, you can restore the path cost to default value.
By default, switch calculates the path costs of a port on different STIs.

1-14

You may specify the instance-id parameter as 0 to configure CIST path cost of the port.
The path cost has effect on the port role selection. A port can be configured with
different path costs on different MSTIs. Thus the traffic from different VLANs can run
over different physical links, thereby implementing the VLAN-based load-balancing.
MSTP will recalculate the port role and transit its state, upon the port path cost
changes.
For the related command, see stp instance cost .
Example
# Set the path cost of Ethernet2/0/3 on STI 2 to 400 in system view.
[Quidway] stp interface Ethernet2/0/3 instance 2 cost 400
1.1.16 stp interface edged-port

Syntax
stp interface interface-list edged-port {enable | disable }
undo stp interface interface-list edged-port
View
System view
Parameter
enable: Configure the current port as an edge port.
disable: Configure the current port as a non-edge port.
Description
Using stp interface edged-port enable command, you can configure a port as an
edge port in system view. Using stp interface edged-port disable command, you can
configure a port as a non-edge port in system view. Using undo stp interface
edged-port command, you can restore the non-edge port, as defaulted.
By default, all the switch ports are configured as non-edge port.
If the current Ethernet port is connected to other switch, you can use the stp interface
edged-port disable or undo stp interface edged-port command to configure it as a
non-edge port. The stp interface edged-port enable command is used for configuring
the port as an edge port.
1-15

A port is considered as an edge port when it is directly connected to the user terminal,
instead of any other switches or shared network segments. The edge port will not
cause loop upon network topology changes. Accordingly, you can configure a port as
an edge port, so that it can transit to forwarding state fast. For this purpose, please
configure the Ethernet port directly connected to the user terminal as an edge port.
Because the edge port is not connected to any other switches, it will not receive the
configuration BPDUs from them. Before BPDU PROTECTION is enabled on the switch,
the port received a BPDU runs as a non-edge port, even if it is configured as edge port.
For the related command, see stp edged-port.
Example
# Configure Ethernet2/0/3 as an edge port in system view.
[Quidway] stp interface Ethernet2/0/3 edged-port enable
1.1.17 stp interface loop-protection

Syntax
stp interface interface-list loop-protection
undo stp interface interface-list loop-protection
View
System view
Parameter
Description
Using stp interface loop-protection command, you can enable loop protection on the
switch in system view. Using undo stp interface loop-protection command, you can
restore the default loop protection state.
By default, loop protection is disabled.
For the related command, see stp loop-protection.
Example
# Enable loop protection on the Ethernet2/0/1.

1-16

[Quidway] stp interface Ethernet2/0/1 loop-protection
1.1.18 stp interface mcheck

Syntax
stp interface interface-list mcheck
View
System view
Parameter
Description
Using stp interface mcheck command, you can perform mcheck operation on the port
in system view.
If a port of an MSTP switch on a switching network has ever been connected to an STP
switch, the port will automatically transit to operate in STP-compatible mode. However,
when the STP switch is removed, the port stays in STP-compatible mode and cannot
automatically transit back to MSTP mode. In this case, you can perform mCheck
operation to transit the port to MSTP mode by force.
The switch defaults to operate in MSTP mode. It is an RSTP- and STP-compatible
mode, that is, the switch in MSTP mode can identify the BPDU packets of MSTP and
the Config BPDU packets of RSTP. However, the switch in STP mode can only identify
the Config BPDU packets from both MSTP and RSTP bridges. If the switch in
STP-compatible mode transits back to MSTP mode, but you do not execute the stp
mcheck command, it cannot send the BPDU packets of MSTP and the devices
connecting to it still send the Config BPDU (BPDU of STP) packets toward it, thus
causing the packets from the devices with the same configuration not to be in the same
domain. Therefore, execute the stp interface mcheck command in system view when
you have changed the STP mode.
For the related command, see stp mcheck, stp mode.
Example
# Set mcheck parameter of Ethernet2/0/3 in system view.
[Quidway] stp interface Ethernet2/0/3 mcheck

1-17

1.1.19 stp interface point-to-point

Syntax
stp interface interface-list point-to-point { force-true | force-false | auto }
undo stp interface interface-list point-to-point
View
System view
Parameter
force-true: Indicates the Ethernet port connected to a point-to-point link.
force-false: Indicates the Ethernet port not connected to a point-to-point link.
auto: Configure to automatically check if the link to the Ethernet port is a point-to-point
link.
Description
Using stp interface point-to-point command, you can configure a port (not) to be
connected to a point-to-point link in system view. Using undo stp interface
point-to-point command, you can restore the default state of the link to the Ethernet
port.
By default, the parameter defaults to auto, that is, MSTP checks if the link to the
Ethernet port is a point-to-point link.
The port not connected with the point-to-point link cannot transit fast.
The master ports of the link aggregation and the ports operating in full-duplex mode are
connected to the point-to-point link. You are recommended to keep the default settings
and let MSTP detect the link state automatically.
This configuration takes effect on the CIST and all the MSTIs. The settings of a port
whether to connect the point-to-point link will be applied to all the STIs where the port
belongs. Note that a temporary loop may be redistributed if you configure a port not
physically connected with the point-to-point link as connected to such a link by force.
For the related command, see stp point-to-point.
Example
# Configure Ethernet2/0/3 to be connected to the point-to-point link in system view.
1-18

[Quidway] stp interface Ethernet2/0/3 point-to-point force-true
1.1.20 stp interface port priority

Syntax
stp interface interface-list instance instance-id port priority priority
undo stp interface interface-list instance instance-id port priority
View
System view
Parameter
port priority priority: Specifies the port priority, ranging from 0 to 240 with a step length
of 16, e.g., 0, 16 and 32. By default, the port has a priority of 128 on every STI.
Description
Using stp interface instance port priority command, you can configure the priority of
the specified port on the specified STI in system view. Using undo stp interface
instance port priority command, you can restore the default priority.
You may specify the instance-id parameter as 0 to configure CIST priority of the port.
The port priority has effect on the port role selection. A port can be configured with
different priorities on different MSTIs. Thus the traffic from different VLANs can run over
different physical links, thereby implementing the VLAN-based load-balancing. MSTP
will recalculate the port role and transit its state, upon the port priority changes.
For the related command, see stp instance port priority.
Example
# Set the priority of Ethernet2/0/3 on STI 2 to 16 in system view.
[Quidway] stp instance 2 interface Ethernet2/0/3 port priority 16

1-19

1.1.21 stp interface root-protection

Syntax
stp interface interface-list root-protection
undo stp interface interface-list root-protection
View
System view
Parameter
Description
Using stp interface root-protection command, you can enable Root protection on the
switch in system view. Using undo stp interface root-protection command, you can
restore the default Root protection state.
By default, Root protection is disabled.
In case of configuration error or malicious attack, the legal primary root may receive the
BPDU with a higher priority and then loose its place, which causes network topology
change errors. Due to the illegal change, the traffic supposed to travel over the
high-speed link may be pulled to the low-speed link and congestion will occur on the
network.
Root protection function is used against such problem. The port configured with Root
protection only plays a role of designated port on every instance. Whenever such port
receives a higher-priority BPDU, that is, it is about to turn into non-designated port, it
will be set to listening state and not forward packets any more (as if the link to the port is
disconnected). If the port has not received any higher-priority BPDU for a certain period
of time thereafter, it will resume the normal state.
For the related command, see stp root-protection.
Example
# Enable Root protection on the Ethernet2/0/1.
[Quidway] stp interface Ethernet2/0/1root-protection

1-20

1.1.22 stp interface transmit-limit

Syntax
stp interface interface-list transmit-limit packetnum
undo stp interface interface-list transmit-limit
View
System view
Parameter
packetnum: Specifies the amount limit to the transmitted packets, ranging from 1 to 255
(expressed as a counter value without any units). By default, the transmission limit on
every port is 3.
Description
Using stp interface transmit-limit command, you can configure an amount limit to the
configuration BPDU transmitted via a port during the Hello Time in system view. Using
undo stp interface transmit-limit command, you can restore the default limit in
system view.
The larger the value is, the more packets can be transmitted in a time unit, yet the more
switch resources will be occupied. With a moderate value, the amount of the BPDUs
transmitted during Hello Time via every port can be limited and MSTP will not occupy
too many bandwidth resources when the network topology flaps.
For the related command, see stp transmit-limit.
Example
# Set a limit of 5 to the packets transmitted via Ethernet2/0/3 in system view.
[Quidway] stp interface Ethernet2/0/3 transmit-limit 5
1.1.23 stp loop-protection

Syntax
stp loop-protection
undo stp loop-protection

1-21

View
Ethernet port view
Parameter
None
Description
Using stp loop-protection command, you can enable loop protection function. Using
undo stp loop-protection command, you can restore the restore setting.
By default, the loop protection function is not enabled.
Example
# Enable loop protection function in Ethernet2/0/1.
[Quidway-Ethernet2/0/1] stp loop-protection
1.1.24 stp max-hops

Syntax
stp max-hops hop
undo stp max-hops
View
System view
Parameter
hop: Specifies the max hops, ranging from 1 to 40. By default, MST region Max Hops is
20.
Description
Using stp max-hops command, you can configure the Max Hops of an MST region.
Using undo stp max-hops command, you can restore the default Max Hops.
On CIST and MSTIs, the Max Hops configured on the region root determines the max
switching network diameter supported by the local MST region. As the BPDU traveling
from the spanning tree root, each time when it is forwarded by a switch, the max hops
will be reduced by 1. The switch discards the configuration BPDU with 0 hops left,
thereby limiting the network scale inside the region. If the current switch is a CIST root
bridge or MSTI root bridge in an MST region, the Max Hops configured on it will be the
network diameter of the spanning tree to limit its scale in the local MST region. The Max
Hops configured on the root bridge in an MST region will be adopted by other switches
in the same region.

1-22

Example
# Set the Max Hops of an MST region to 35.
[Quidway] stp max-hops 35
1.1.25 stp mcheck

Syntax
stp mcheck
View
Ethernet port view
Parameter
None
Description
Using stp mcheck command, you can perform mcheck on the current port.
If a port of an MSTP switch on a switching network has ever been connected to an STP
switch, the port will automatically transit to operate in STP-compatible mode. However,
when the STP switch is removed, the port stays in STP-compatible mode and cannot
automatically transit back to MSTP mode. In this case, you can perform mCheck
operation to transit the port to MSTP mode by force.
For the related command, see stp mode, stp interface mcheck.
Example
# Set mcheck parameter for Ethernet2/0/1.
[Quidway-Ethernet2/0/1] stp mcheck
1.1.26 stp mode

Syntax
stp mode { stp | rstp | mstp }
undo stp mode
View
System view
Parameter
stp: Configure the MSTP operation mode as STP-compatible.
rstp: Configure the MSTP operation mode as RSTP.

1-23

mstp: Configure the MSTP operation mode as MSTP.
Description
Using stp mode command, you can configure MSTP operation mode of the switch.
Using undo stp mode command, you can restore the default MSTP operation mode.
By default, switch work in MSTP mode
MSTP and RSTP are compatible and they can recognize the packets of each other.
However, STP cannot recognize MSTP packets. To implement the compatibility, MSTP
provides two operation modes, STP-compatible mode and MSTP mode. In
STP-compatible mode, the switch sends STP BPDU packets via every port and serves
as a region itself. In MSTP mode, the switch ports send MSTP BPDU packets (when
connected to the STP switch) and the switch provides multiple spanning tree function.
For the related command, see stp mcheck, stp, stp interface, stp interface mcheck.
Example
# Set MSTP operation mode as STP-compatible.
[Quidway] stp mode stp
1.1.27 stp pathcost-standard

Syntax
stp pathcost-standard { dot1d-1998 | dot1t | legacy }
undo stp pathcost-standard
View
System view
Parameter
dot1d-1998: The switch calculates the default Path Cost of a port by the IEEE
802.1D-1998 standard.
dot1t: The switch calculates the default Path Cost of a port by the IEEE 802.1t
standard.
legacy: The switch calculates the default Path Cost of a port by the Huawei-3Com
company.
Description
Using the stp pathcost-standard command, you can specify the standard to be used
by the switch in calculating the default Path Cost. Using the undo stp
pathcost-standard command, you can restore the default choice of the standard.

1-24

By default, the switch calculates the default Path Cost of a port by the IEEE 802.1t
standard.
Table 1-4 Cost corresponding to the port speed of different standard.
Link
speed
0
dot1d-1998
value range
Duplex state
-
dot1t value
range
Huawei-3Com
cost value
65535
200,000,000
200,000
Full-Duplex
100
2,000,000
2,000
Aggregated Link 2
Ports
99
1,999,999
2,000
95
1,000,000
1,800
Aggregated Link 3
Ports
95
666,666
1,600
95
500,000
1,400
Full-Duplex
19
200,000
200
Aggregated Link 2
Ports
18
199,999
200
15
100,000
180
Aggregated Link 3
Ports
15
66,666
160
15
50,000
140
Aggregated Link 2
Ports
20,000
20
10,000
18
Aggregated Link 3
Ports
6,666
16
5,000
14
Aggregated Link 2
Ports
2,000
1,000
Aggregated Link 3
Ports
666
500
Half-Duplex
10Mb/s
Aggregated Link 4
Ports
Half-Duplex
100Mb/s
Aggregated Link 4
Ports
Full-Duplex
1000Mb/
s
Aggregated Link 4
Ports
Full-Duplex
10G/s
Aggregated Link 4
Ports
Generally the path cost of the links in full duplex status is lower than those in half duplex
status.
In calculating the path cost of aggregation links, the 802.1D-1998 does not take into
account the number of aggregation links, but the 802.1T does. The formula involved is:
Path Cost = 200,000,000/link speed in 100Kbps

1-25

Where the link speed is the sum of the speed of the ports in unblocked status within the
aggregation links.
Example
# Configure the switch to calculate the default Path Cost of a port by the IEEE
802.1D-1998 standard.
[Quidway] stp pathcost-standard dot1d-1998
# Configure the switch to calculate the default Path Cost of a port by the IEEE 802.1t
standard.
[Quidway] stp pathcost-standard dot1t
1.1.28 stp point-to-point

Syntax
stp point-to-point { force-true | force-false | auto }
undo stp point-to-point
View
Ethernet port view
Parameter
force-true: Indicates the Ethernet port connected to a point-to-point link.
force-false: Indicates the Ethernet port not connected to a point-to-point link.
auto: Configure to automatically check if the link to the Ethernet port is a point-to-point
link.
Description
Using stp point-to-point command, you can configure the current Ethernet port (not)
to connect with point-to-point link. Using undo stp point-to-point command, you can
configure the link state to the default state in which MSTP automatically detects if the
link to the Ethernet port is point-to-point link.
By default, switch adopts auto mode.
The port not connected with the point-to-point link cannot transit fast.
The master ports of the link aggregation and the ports operating in full-duplex mode are
connected to the point-to-point link. You are recommended to keep the default settings
and let MSTP detect the link state automatically.
This configuration takes effect on the CIST and all the MSTIs. The settings of a port
whether to connect the point-to-point link will be applied to all the STIs where the port
belongs. Note that a temporary loop may be redistributed if you configure a port not
physically connected with the point-to-point link as connected to such a link by force.
1-26

For the related command, see stp interface point-to-point.
Example
# Configure Ethernet2/0/3 to be connected to the point-to-point link.
[Quidway-Ethernet2/0/3] stp point-to-point force-true
1.1.29 stp port priority

Syntax
stp [ instance instance-id ] port priority priority
undo stp [ instance instance-id ] port priority
View
Ethernet port view
Parameter
port priority priority: Specifies the port priority, ranging from 0 to 240, with a step length
of 16, e.g., 0, 16, and 32. By default, the priorities of a port on the STIs are 128.
Description
Using stp instance port priority command, you can configure the priority of a port on
a specified STI. Using undo stp instance port priority command, you can restore the
default priority of the port on the specified STI.
You may specify the instance-id parameter as 0 to configure CIST priority of the port.
The port priority has effect on the port role selection. A port can be configured with
different priorities on different MSTIs. Thus the traffic from different VLANs can run over
different physical links, thereby implementing the VLAN-based load-balancing. MSTP
will recalculate the port role and transit its state, upon the port priority changes.
For the related command, see stp interface port priority.
Example
# Set the priority of Ethernet5/0/3 on STI 2 to 16.
[Quidway-Ethernet5/0/3] stp instance 2 port priority 16
1.1.30 stp priority

Syntax
stp [ instance instance-id ] priority priority

1-27

undo stp [ instance instance-id ] priority
View
System view
Parameter
instance-id: Ranges from 0 to 16.
priority: Specifies the switch priority, ranging from 0 to 61440 with a step length of 4096.
That is, 16 priorities are available for the switch including 0, 4096, 8192, etc. By default,
the switch priority is 32768.
Description
Using stp priority command, you can configure the bridge priority in the specified STI.
Using undo stp priority command, you can restore the default value of bridge priority .
The switch priority takes part in the spanning tree calculation. It is configured separately
for every STI. Different STIs can be configured with different priorities.
If specifying the instance ID as 0, the command can configure the CIST priority.
Example
# Set the bridge priority of the switch in STI 1 to 4096.
[Quidway] stp instance 1 priority 4096
1.1.31 stp region-configuration

Syntax
stp region-configuration
undo stp region-configuration
View
System view
Parameter
None
Description
Using stp region-configuration command, you can enter MST region view. Using
undo stp region-configuration command, you can restore the default MSTP region
configurations.
By default, the three MST region parameters take the default values. The MST region
name of the switch is the first MAC address, all the VLANs are mapped to CIST, and
MSTP revision level takes 0.
1-28

You can enter MST region view, using the stp region-configuration command. And
then you can configure the parameters including region name, revision level, and VLAN
mapping table of the region.
Example
# Enter MST region view.
[Quidway] stp region-configuration
[Quidway-mst-region]
1.1.32 stp root primary

Syntax
stp [ instance instance-id ] root primary [ bridge-diameter bridgenum [ hello-time
centi-senconds ] ]
undo stp [ instance instance-id ] root
View
System view
Parameter
instance instance-id: Specifies the spanning tree instance ID, ranging from 0 to 16.
Specify it as 0 to configure the root bridge of CIST.
root primary: Configure the current switch as the primary root of the designated STI.
bridge-diameter bridgenum: Specify the network diameter of the spanning tree,
hello-time centi-senconds: Specifies the Hello Time of the spanning tree, ranging from
100 to 1000 and measured in centiseconds.
Description
Using stp root primary command, you can configure the current switch as the primary
root of the designated STI. Using undo stp root command, you can cancel the current
switch for the primary root of the designated STI.
By default, the switch does not server as a root bridge.
You can configure a root bridge for every STI without concerning the switch priority.
When configuring the root bridge, you may also specify the network diameter of the
designated switching network, so that the switch will calculate and get three time
parameter values (Hello time, Forward Delay and Max Age). The Hello time got in this
way may not be as good as expected. You can specify the hello-time centi-senconds
parameter to overwrite it. Normally, you are recommended to set the network diameter
to get the other two time parameter of the switch accordingly.

1-29

Caution:
z
In a switching network, you can configure only one root bridge for each STI and one
or more secondary switches. Do not configure more than one root bridge for an STI
at the same time, otherwise, the calculation result will be unpredictable.
After a switch is configured as primary root bridge or secondary root bridge, user
cant modify the bridge priority of the switch.
Example
# Designate the current switch as the root bridge of STI 1 and specifies the diameter of
the switching network as 4 and the Hello Time as 500 centiseconds.
[Quidway] stp instance 1 root primary bridge-diameter 4 hello-time 500
1.1.33 stp root secondary

Syntax
stp [ instance instance-id ] root secondary [ bridge-diameter bridgenum [ hello-time
centi-senconds ] ]
undo stp [ instance instance-id ] root
View
System view
Parameter
instance instance-id: Specifies the spanning tree instance ID, ranging from 0 to 16.
Specify it as 0 to configure CIST.
root secondary: Configure the current switch as the secondary root of the designated
STI.
bridge-diameter bridgenum: Specify the network diameter of the spanning tree,
hello-time centi-senconds: Specify the Hello Time of the spanning tree, ranging from
100 to 1000 and measured in centiseconds.
Description
Using stp root secondary command, you can configure the current switch as the
secondary root bridge of a specified STI. Using undo stp root command, you can
cancel the current switch for the secondary root bridge of a specified STI.
By default, the switch does not server as a secondary root bridge.

1-30

You can configure one or more secondary root bridges in an STI. If the primary root is
down or powered off, the secondary root will take its place. Among several secondary
root bridges, the one with the smallest MAC address takes the place of the failed
primary root.
When configuring the secondary root bridge, you may also specify the switching
network diameter and the Hello Time of the switch, so that the other two parameters,
Forward Delay and Max Age, of the switch can be determined. To configure the current
switch as the root bridge of CIST, simply specify instance-id as 0. You can configure
only one root bridge for an STI and one or more secondary root bridges for it.
After a switch is configured as primary root bridge or secondary root bridge, user cant
modify the bridge priority of the switch.
Example
# Configure the current switch as the secondary root bridge of STI 4 and specify the
diameter of the switching network as 5 and the Hello Time of the switch as 300
centiseconds.
[Quidway] stp instance 4 root primary bridge-diameter 5 hello-time 300
1.1.34 stp root-protection

Syntax
stp root-protection
undo stp root-protection
View
Ethernet port view
Parameter
None
Description
Using stp root-protection command, you can enable on Root protection the switch.
Using undo stp root-protection command, you can restore the default state of Root
protection.
By default, Root protection is disabled.
In case of configuration error or malicious attack, the legal primary root may receive the
BPDU with a higher priority and then loose its place, which causes network topology
change errors. Due to the illegal change, the traffic supposed to travel over the
high-speed link may be pulled to the low-speed link and congestion will occur on the
network.

1-31

MSTP provides Root protection function to protect the root bridge: The port configured
with Root protection only plays a role of designated port on every instance. Whenever
such port receives a higher-priority BPDU, it will be set to listening state and not forward
packets any more (as if the link to the port is disconnected). If the port has not received
any higher-priority BPDU for a certain period of time thereafter, it will resume the normal
state.
For the related command, see stp interface root-protection.
Example
# Enable Root protection on the Ethernet2/0/1 port of the switch.
[Quidway-Ethernet2/0/1] stp root-protection
1.1.35 stp tc-protection

Syntax
stp tc-protection enable
stp tc-protection disable
View
System view
Parameter
None
Description
Using the stp tc-protection enable command, you can enable the protection function
from being attacked by TC-BPDU packets on the switch. Using the stp tc-protection
disable command, you can disable the protection function.
By default, the protection from TC-BPDU packet attack is enabled.
As a general rule, the switch deletes the corresponding entries in the MAC address
table and ARP table upon receiving TC-BPDU packets. When under malicious attacks
of TC-BPDU packets, the switch shall receive a great number of TC-BPDU packets in a
very short period. Too frequent delete operations shall consume huge switch sources
and bring great risk to network stability.
When the protection from TC-BPDU packet attack is enabled, the switch just perform
one delete operation in a specified period after receiving TC-BPDU packets, as well as
monitoring whether it receives TC-BPDU packets during this period. Even if it detects a
TC-BPDU packet is received in a period shorter than the specified interval, the switch
shall not run the delete operation till the specified interval is reached. This can avoid
frequent delete operations to the MAC address table and ARP table.

1-32

Example
# Enable TC-BPDU protection on the switch.
[Quidway] stp tc-protection enable
1.1.36 stp timer forward-delay

Syntax
stp timer forward-delay centi-senconds
undo stp timer forward-delay
View
System view
Parameter
centi-senconds: Specifies Forward Delay, ranging from 400 to 3000 and measured in
centiseconds. By default, the Forward Delay of the switch is 1500 centiseconds.
Description
Using stp timer forward-delay command, you can configure Forward Delay for the
switch. Using undo stp timer forward-delay command, you can restore the default
Forward Delay .
To avoid temporary loop, MSTP defines a medium state, Learning, when the port
switches from the Discarding state to Forwarding state. There is also a delay before
state switchover to guarantee the synchronous switchover with the remote switch. The
Forward Delay configured on the root bridge determines the state transition time.
The root bridge will determine the state transition time according to the configured
values, while the other switches will apply the forward delay configured on it.
When configuring Hello time, Forward Delay and Max Age, please guarantee the
following equations:
2 * (Forward Delay - 1.0 seconds) >= Max Age
Max Age >= 2 * (Hello Time + 1.0 seconds)
Only if the above-mentioned formulas are equal can the MSTP normally operate on the
entire network, otherwise, the network may flap frequently. You are recommended to
use the stp instance root primary command to specify the diameter of the switching
network, so that MSTP can automatically calculate and give the moderate values for
the time parameters.
For the related command, see stp timer hello, stp timer max-age, stp
bridge-diameter.

1-33

Example
# Set the Forward Delay of the device to 2000 centiseconds.
[Quidway] stp timer forward-delay 2000
1.1.37 stp timer hello

Syntax
stp timer hello centi-senconds
undo stp timer hello
View
System view
Parameter
centi-senconds: Specifies Hello Time value with an integer in the range of 100 to 1000
in units of centiseconds. By default, the Hello Time of the switch is 200 centiseconds.
Description
Using stp timer hello command, you can configure Hello Time of the switch. Using
undo stp timer hello command, you can restore the default Hello Time.
The STP defines to transmit configuration BPDU regularly at an interval specified with
Hello Time to keep the spanning tree stable. If the switch receives no BPDU packets
for a period of time, it will recalculate the spanning tree upon the BPDU timeouts. The
root bridge transmits BPDU packets at an interval as you configured, while other
switches apply the Hello Time configured on the root bridge.
When configuring Hello time, Forward Delay and Max Age, remember to guarantee the
following equations:
2 * (Forward Delay -1.0 seconds) >= Max Age
For the related command, see stp timer forward-delay, stp timer max-age, stp
bridge-diameter.
Example
# Set Hello Time of the switch 300 centiseconds.

1-34

[Quidway] stp timer hello 300
1.1.38 stp timer max-age

Syntax
stp timer max-age centi-senconds
undo stp timer max-age
View
System view
Parameter
centiseconds: Specifies the Max Age, ranging from 600 to 4000 and measured with
centiseconds. By default, the Max Age of the switch is 2000 centiseconds.
Description
Using stp timer max-age command, you can configure the Max Age of the switch.
Using undo stp timer max-age command, you can restore the default Max Age.
MSTP can detect the link fault and automatically resume the forwarding state of the
redundant link. On the CIST, the switch checks if the configuration BPDU received via
the port expires according to the Max Age. If the BPDU expires, the STI has to be
calculated again.
Max Age takes no effect on MSTIs. If the current switch is CIST root bridge, it will check
if the configuration BPDU expires according to the configured Max Age. Otherwise, the
switch adopts the Max Age configured on the CIST root bridge.
When you configure Hello time, Forward Delay and Max Age, ensure the following
formulas equal:
2 * (Forward Delay -1.0 seconds) >= Max Age
For the related command, see stp timer forward-delay, stp timer hello, stp
bridge-diameter.
Example
# Set Max Age of the device to 1000 centiseconds.
[Quidway] stp timer max-age 1000
1-35

1.1.39 stp timer-factor

Syntax
stp timer-factor number
undo stp timer-factor
View
System view
Parameter
number: Specifies the timeout time, which must be a multiple of hello time, ranging from
1 to 10. By default, the timeout time is three times of the hello time.
Description
Using stp timer-factor command, you can configure multiple of hello time for the
switch. Using undo stp timer-factor command, you can restore the default multiple
value.
By default, the multiple is 3.
The Ethernet switch transmits STP packets every hello time. Generally, if the switch
doesnt receive the STP packets from the upstream switch for 3 times of hello time, the
switch will decide the upstream switch is dead and will recalculate the topology of the
network. Then in steady network, the recalculation may be caused when the upstream
is busy. In this case, user can redefine the timeout interval to a longer time by define the
multiple of hello time. The stp timer-factor command can be used to modify the value
of multiple. It is recommended to set 5, 6 or 7 as the value of multiple in the steady
network.
Example
# Set the multiple value of hello time to 7.
[Quidway] stp timer-factor 7
1.1.40 stp transmit-limit

Syntax
stp transmit-limit packetnum
undo stp transmit-limit
View
Ethernet port view

1-36

Parameter
packetnum: Specifies the amount limit to the transmitted packets, ranging from 1 to 255
(expressed as a counter value without any units). By default, the value is 3.
Description
Using stp transmit-limit command, you can configure an amount limit to the
configuration BPDU transmitted via a port during the Hello Time. Using undo stp
transmit-limit command, you can restore the default limit.
The larger the value is, the more packets can be transmitted in a time unit, yet the more
switch resources will be occupied. With a moderate value, the amount of the BPDUs
transmitted during Hello Time via every port can be limited and MSTP will not occupy
too many bandwidth resources when the network topology flaps.
For the related command, see stp interface transmit-limit.
Example
# Set a limit of 5 to the packets transmitted via Ethernet2/0/1.
[Quidway-Ethernet2/0/1] stp transmit-limit 5
1.1.41 vlan-mapping modulo

Syntax
vlan-mapping modulo modulo
View
MST region view
Parameter
modulo: Specifies the modulus, ranging from 1 to 16.
Description
Using vlan-mapping modulo command, you can map a VLAN list to an STI.
By default, all the VLANs are mapped to CIST, namely Instance 0.
MSTP describes the association between VLANs and STIs with the VLAN mapping
table. You can use this command to configure this table. Every VLAN can be mapped to
an STI as per your configuration.
A VLAN cannot be mapped to different MSTI at the same time. The latter configured
association will replace the former one.
The vlan-mapping modulo modulo command designates VLAN for every STI fast. It
maps the VLAN to an STI whose ID is (VLAN ID-1)%modulo+1. (Note: (VLAN ID-1)
%modulo performs modulo operation on (VLAN ID-1). Taking the operation modulo 16
1-37

as an example, vlan 1 maps to MSTI 1, vlan 2 maps to MSTI2 ...vlan 16 maps to

MSTI16, vlan 17 maps to MSTI 1, and so on.)
For the related command, see region-name, revision-level, display configuration,
active configuration.
Example
# Map VLAN to STI modulo 16.
[Quidway-mst-region] vlan-mapping modulo 16

1-38

Chapter 2 BPDU TUNNEL Configuration

Commands

Commands
2.1.1 vlan-vpn tunnel
Syntax
vlan-vpn tunnel
undo vlan-vpn tunnel
View
System view
Parameter
None
Description
Use the vlan-vpn tunnel command to enable bridge protocol data unit (BPDU)
Tunnel on the switch.
Use the undo vlan-vpn tunnel command to disable BPDU Tunnel on the switch.
BPDU Tunnel enables geographically segmented user network to transmit BPDU
packets transparently over the specified VLAN VPN on the operators network. This
allows the user network to participate in a uniform spanning tree calculation while
maintaining a separate spanning tree from the operator network.
By default, BPDU Tunnel is disabled.
Note:
z
Be sure to enable STP for network devices that are BPDU TUNNEL-enabled.
Be sure to configure the ports that are BPDU TUNNEL-enabled to be Access

ports.
Configure Trunk links between operators networks.
Do not enable the BPDU TUNNEL function for ports that have 802.1x, GVRP,
GMRP, STP, or NTDP enabled.

2-1


Commands
Example
# Enable BPDU Tunnel on the switch.
[Quidway] vlan-vpn tunnel

2-2

Chapter 3 Digest Snooping Configuration

Commands

Commands
3.1 Digest Snooping Configuration Commands
3.1.1 stp config-digest-snooping
Syntax
stp config-digest-snooping
undo stp config-digest-snooping
View
System view, Ethernet interface view
Parameter
None
Description
Using the stp config-digest-snooping command, you can enable digest snooping.
Using the undo stp config-digest-snooping command, you can disable digest
snooping.
Digest snooping is disabled by default.
According to IEEE 802.1s, two connected switches can communicate through MSTIs
(multiple spanning tree instances) in a MSTP (multiple spanning tree protocol) domain
only when they are configured with the same domain settings. With MSTP employed,
interconnected switches determine whether or not they are in the same domain by
checking the configuration IDs of the BPDUs between them. (Configuration ID
comprises information such as domain ID and configuration digest.)
As some switches come with some proprietary protocols concerning STP employed,
they cannot communicate with other switches in MSTP domains even both of them are
configured with the same domain configuration settings.
This can be overcome by implementing digest snooping. Digest snooping enables a
switch to track and maintain configuration digests of other switches that are in the same
domain by examining their BPDUs and insert corresponding configuration digests in its
BPDUs destined for these switches, through which switches of different type are
capable of communicating with each other in a MSTP domain.

3-1


Commands
Note:
z
You must enable digest snooping on an interface first before enabling it globally.
Digest snooping is unnecessay if the interconnected switches are from the same
vendor.
To enable digest snooping, the interconneted switches must be configured with the
same settings.
To enable digest snooping, all interfaces in a MSTP domain used to connect other
switches must have digest snooping enabled.
Do not enable digest snooping on border interfaces of a MSTP domain.
To change domain configuration, be sure to disable digest snooping first to prevent

broadcast storm.
Example
# Enable digest snooping on Ethernet3/0/1 interface.
[Quidway] interface Ethernet3/0/1
[Quidway-Ethernet3/0/1] stp config-digest-snooping
[Quidway-Ethernet3/0/1] quit
[Quidway]stp config-digest-snooping

3-2

Chapter 4 Rapid Transition Configuration

Commands

Commands
4.1 Rapid Transition Configuration Commands
4.1.1 stp interface no-agreement-check
Syntax
stp interface interface-type interface-number no-agreement-check
undo stp interface interface-type interface-number no-agreement-check
View
System view
Parameter
interface-type: Port type.
interface-number: Port number.
Description
Use the stp interface no-agreement-check command to enable rapid transition for a
specified port.
Use the undo stp interface no-agreement-check command to disable rapid transition
on a port.
Rapid transition is disabled on a port by default.
As switches of certain manufacturers coming with some proprietary protocols
concerning STP employed, the way to implement rapid transition on the designated
ports of this kind of switches is similar to that of RSTP. So, when a switch of this kind
operates as the upstream switch with Quidway series switches running MSTP
connected to it, the upstream designated port fails to change their state rapidly.
Rapid transition is developed for Quidway series switches to avoid this. When Quidway
series switches with MSTP employed are connected to switches of certain
manufacturers, you can enable rapid transition on the ports of the Quidway series
switches operating as the downstream switches. Among these ports, those operating
as the root ports will then send agreement packets to their upstream ports after they
receive proposal packets from the upstream designated ports rather than wait for the
agreement packets sourced from the upstream switch. This enables designated ports
of the upstream switch to change their states rapidly.

4-1


Commands
Related command: stp no-agreement-check.
Note:
Configure rapid transition for root port or Alternate port only.
Example
# Enable rapid transition on Ethernet3/0/1 port.
[Quidway]stp interface Ethernet3/0/1 no-agreement-check
4.1.2 stp no-agreement-check

Syntax
stp no-agreement-check
undo stp no-agreement-check
View
Ethernet port view
Parameter
None
Description
Use the stp no-agreement-check command to enable rapid transition for the port.
Use the undo stp no-agreement-check command to disable rapid transition on the
port.
Rapid transition is disabled on a port by default.
As switches of certain manufacturers coming with some proprietary protocols
concerning STP employed, the way to implement rapid transition on the designated
ports of this kind of switches is similar to that of RSTP. So, when a switch of this kind
operates as the upstream switch with Quidway series switches running MSTP
connected to it, the upstream designated port fails to change their state rapidly.
Rapid transition is developed for Quidway series switches to avoid this. When Quidway
series switches with MSTP employed are connected to switches of certain
manufacturers, you can enable rapid transition on the ports of the Quidway series
switches operating as the downstream switches. Among these ports, those operating
as the root ports will then send agreement packets to their upstream ports after they
4-2


Commands
receive proposal packets from the upstream designated ports rather than wait for the
agreement packets sourced from the upstream switch. This enables designated ports
of the upstream switch to change their states rapidly.
Related command: stp interface no-agreement-check.
Note:
Configure rapid transition for root port or Alternate port only.
Example
# Enable rapid transition on Ethernet3/0/1 port.
[Quidway]interface Ethernet3/0/1
[Quidway-Ethernet3/0/1]stp no-agreement-check

4-3
HUAWEI

Command Manual
Security
Command Manual - Security

Table of Contents
Table of Contents
Chapter 1 802.1x Configuration Commands .............................................................................. 1-1
1.1 802.1x Configuration Commands ...................................................................................... 1-1
1.1.1 display dot1x ........................................................................................................... 1-1
1.1.2 dot1x........................................................................................................................ 1-2
1.1.3 dot1x authentication-method................................................................................... 1-3
1.1.4 dot1x dhcp-launch................................................................................................... 1-4
1.1.5 dot1x guest-vlan ...................................................................................................... 1-5
1.1.6 dot1x max-user........................................................................................................ 1-6
1.1.7 dot1x port-control .................................................................................................... 1-7
1.1.8 dot1x port-method ................................................................................................... 1-8
1.1.9 dot1x quiet-period ................................................................................................... 1-9
1.1.10 dot1x re-authenticate .......................................................................................... 1-10
1.1.11 dot1x retry ........................................................................................................... 1-11
1.1.12 dot1x retry-version-max ...................................................................................... 1-12
1.1.13 dot1x supp-proxy-check ...................................................................................... 1-12
1.1.14 dot1x timer........................................................................................................... 1-14
1.1.15 dot1x version-check ............................................................................................ 1-15
1.1.16 reset dot1x statistics............................................................................................ 1-16
Chapter 2 AAA Configuration Commands.................................................................................. 2-1
2.1 AAA Configuration Commands.......................................................................................... 2-1
2.1.1 access-limit.............................................................................................................. 2-1
2.1.2 attribute ................................................................................................................... 2-1
2.1.3 cut connection ......................................................................................................... 2-3
2.1.4 display connection................................................................................................... 2-4
2.1.5 display domain ........................................................................................................ 2-5
2.1.6 display local-user..................................................................................................... 2-6
2.1.7 domain..................................................................................................................... 2-8
2.1.8 idle-cut..................................................................................................................... 2-9
2.1.9 level ....................................................................................................................... 2-10
2.1.10 local-user............................................................................................................. 2-11
2.1.11 local-user password-display-mode...................................................................... 2-11
2.1.12 messenger........................................................................................................... 2-12
2.1.13 name ................................................................................................................... 2-13
2.1.14 password ............................................................................................................. 2-14
2.1.15 radius-scheme..................................................................................................... 2-14
2.1.16 scheme................................................................................................................ 2-15
2.1.17 self-service-url ..................................................................................................... 2-16
i

Table of Contents
2.1.18 service-type ......................................................................................................... 2-17

2.1.19 state..................................................................................................................... 2-18
2.1.20 vlan-assignment-mode........................................................................................ 2-19
2.2 RADIUS Protocol Configuration Commands ................................................................... 2-20
2.2.1 accounting-on enable............................................................................................ 2-20
2.2.2 accounting optional ............................................................................................... 2-21
2.2.3 data-flow-format .................................................................................................... 2-22
2.2.4 display local-server statistics................................................................................. 2-23
2.2.5 display radius ........................................................................................................ 2-24
2.2.6 display radius statistics ......................................................................................... 2-25
2.2.7 display stop-accounting-buffer .............................................................................. 2-26
2.2.8 key......................................................................................................................... 2-27
2.2.9 local-server............................................................................................................ 2-28
2.2.10 nas-ip................................................................................................................... 2-29
2.2.11 primary accounting.............................................................................................. 2-30
2.2.12 primary authentication......................................................................................... 2-31
2.2.13 radius nas-ip........................................................................................................ 2-32
2.2.14 radius scheme ..................................................................................................... 2-32
2.2.15 reset radius statistics........................................................................................... 2-33
2.2.16 reset stop-accounting-buffer ............................................................................... 2-34
2.2.17 retry ..................................................................................................................... 2-35
2.2.18 retry realtime-accounting..................................................................................... 2-36
2.2.19 retry stop-accounting........................................................................................... 2-37
2.2.20 secondary accounting ......................................................................................... 2-38
2.2.21 secondary authentication .................................................................................... 2-38
2.2.22 server-type .......................................................................................................... 2-39
2.2.23 state..................................................................................................................... 2-40
2.2.24 stop-accounting-buffer enable............................................................................. 2-41
2.2.25 timer .................................................................................................................... 2-42
2.2.26 timer quiet............................................................................................................ 2-42
2.2.27 timer realtime-accounting.................................................................................... 2-43
2.2.28 timer response-timeout ....................................................................................... 2-44
2.2.29 user-name-format................................................................................................ 2-45

ii

Chapter 1 802.1x Configuration Commands

1.1 802.1x Configuration Commands
1.1.1 display dot1x
Syntax
display dot1x [ sessions | statistics ] [ interface interface-list ]
View
Any view
Parameter
sessions: Configures to display the session connection information of 802.1x.
statistics: Configures to display the relevant statistics information of 802.1x.
interface: Configures to display the 802.1x information on the specified interface.
interface-list: Ethernet interface list including several Ethernet interfaces, expressed in
the format interface-list = { interface-num [ to interface-num ] } & < 1-10 >.
interface-num specifies a single Ethernet interface in the format interface-num =
{ interface-type interface-num | interface-name }, where interface-type specifies the
interface type, interface-num specifies the interface number and interface-name
specifies the interface name. For the respective meanings and value ranges, read the
Parameter of the Port Command Manual section.
Description
Using display dot1x command, you can view the relevant information of 802.1x,
including configuration information, running state (session connection information) and
relevant statistics information.
By default, all the relevant 802.1x information about each interface will be displayed.
If no port is specified when executing this command, the system will display all 802.1x
related information. For example, 802.1x configuration of all ports, 802.1x session
connection information, and 802.1x data statistical information. The output information
of this command can help the user to verify the current 802.1x configurations so as to
troubleshoot 802.1x .
For the related commands, see reset dot1x statistics, dot1x, dot1x retry, dot1x
max-user, dot1x port-control, dot1x port-method, dot1x timer.

1-1

Example
# Display the configuration information of 802.1x.
<Quidway> display dot1x
Equipment 802.1X protocol is enabled
CHAP authentication is enabled
DHCP-launch is disabled
Proxy trap checker is disabled
Proxy logoff checker is disabled
Configuration: Transmit Period

ReAuth Period
30 s,
Handshake Period
15 s
003600 s
Quiet Period
60 s,
Quiet Period Timer is disabled
Supp Timeout
30 s,
Server Timeout
100 s
Interval between version requests is 30s

maximal request times for version information is 3
The maximal retransmitting times
Total maximum 802.1x user resource number is 4096

Total current used 802.1x resource number is 0
is link-up
802.1X protocol is disabled

Proxy trap checker is disabled
Proxy logoff checker is disabled
Version-Check is disabled
The port is a(n) authenticator
Authenticate Mode is auto
Port Control Type is Mac-based
ReAuthenticate is disabled
Max on-line user number is 1024
(Omitted)
1.1.2 dot1x
Syntax
dot1x [ interface interface-list ]
undo dot1x [ interface interface-list ]
View

1-2

Parameter
interface interface-list: Ethernet port list including several Ethernet ports. interface-list
= { interface-num [ to interface-num ] } & < 1-10 >. interface-num specifies a single
Ethernet port in the format interface-num = { interface-type interface-num |
interface-name }, where interface-type specifies the port type, interface-num specifies
the port number and interface-name specifies the port name. For the respective
meanings and value ranges, read the Parameter of the Port Configuration section.
Description
Using dot1x command, you can enable 802.1x on the specified port or globally (i.e., on
the current device). Using undo dot1x command, you can disable the 802.1x on the
specified port or globally.
By default, 802.1x is disabled on all the ports and globally on the device.
This command is used to enable the 802.1x on the current device or on the specified
port. When it is used in system view, if the parameter ports-list is not specified, 802.1x
will be globally enabled. If the parameter ports-list is specified, 802.1x will be enabled
on the specified port. When this command is used in Ethernet port view, the parameter
interface-list cannot be input and 802.1x can only be enabled on the current port.
The configuration command can be used to configure the global or port 802.1x
performance parameters before or after 802.1x is enabled. Before 802.1x is enabled
globally, if the parameters are not configured globally or for a specified port, they will
maintain the default values.
After the global 802.1x performance is enabled, only when port 802.1x performance is
enabled will the configuration of 802.1x become effective on the port.
For the related commands, see display dot1x.
Example
# Enable 802.1x on Ethernet 3/0/1.
[Quidway] dot1x interface Ethernet 3/0/1
# Enable the 802.1x globally.
[Quidway] dot1x
1.1.3 dot1x authentication-method

Syntax
dot1x authentication-method { chap | pap | eap }
undo dot1x authentication-method
View
System view
1-3

Parameter
chap: Use CHAP authentication method.
pap: Use PAP authentication method.
eap: Use EAP authentication method.
Description
Using dot1x authentication-method command, you can configure the authentication
method for 802.1x user. Using undo dot1x authentication-method command, you
can restore the default authentication method of 802.1x user.
By default, CHAP authentication is used for 802.1x user authentication.
Password Authentication Protocol (PAP) is a kind of authentication protocol with two
handshakes. It sends password in the form of simple text.
Challenge Handshake Authentication Protocol (CHAP) is a kind of authentication
protocol with three handshakes. It only transmits username but not password. CHAP is
more secure and reliable.
In the process of EAP authentication, switch directly sends authentication information
of 802.1x user to RADIUS server in the form of EAP packet. It is not necessary to
transfer the EAP packet to standard RADIUS packet first and then send it to RADIUS
server. By now, for EAP authentication, PEAP, EAP-TLS and EAP-MD5 methods are
available.
If you want to enable PEAP, EAP-TLS or EAP-MD5 authentication method on an
Ethernet switch, you only need to use the command dot1x authentication-method
eap to enable EAP authentication.
Please note: To realize PAP, CHAP or EAP authentication, RADIUS server should
support PAP, CHAP or EAP authentication respectively.
For the related command, see display dot1x.
Example
# Configure 802.1x user to use PAP authentication.
[Quidway] dot1x authentication-method pap
1.1.4 dot1x dhcp-launch

Syntax
dot1x dhcp-launch
undo dot1x dhcp-launch
View
System view
1-4

Parameter
None
Description
Using dot1x dhcp-launch command, you can set 802.1x to disable the switch to
trigger the user ID authentication over the users who configure static IP addresses in
DHCP environment. Using undo dot1x dhcp-launch command, you can set 802.1x to
enable the switch to trigger the authentication over them.
By default, the switch can trigger the user ID authentication over the users who
configure static IP addresses in DHCP environment.
For the related command, see dot1x.
Example
# Disable the switch to trigger the authentication over the users who configure static IP
addresses in DHCP environment.
[Quidway] dot1x dhcp-launch
1.1.5 dot1x guest-vlan

Syntax
dot1x guest-vlan vlan-id [ interface interface-list ]
undo dot1x guest-vlan vlan-id [ interface interface-list ]
View
Parameter
vlan-id: ID of Guest VLAN, ranging from 1 to 4094.
interface_list: Enable the Guest VLAN interface list. interface_list = { interface_type
interface_num
interface_name
to
interface_type
interface_num
interface_name } ] &<1-10>. Note that after the key work to, the port number must be
equal to or greater than the port number before to. &<1-10> means the parameter
before it can be input repeatedly for 10 times.
Description
Using the dot1x guest-vlan command, you can enable the Guest VLAN function on
specified port. Using the undo dot1x guest-vlan command, you can disable this
function.

1-5

When you execute this command in system view, if you do not input the interface-list
parameter, it means that to enable Guest VLAN on all ports; if you specify this
parameter, it means that to enable Guest VLAN on the specified port.
When you execute this command in Ethernet port view, you can only enable Guest
VLAN on the current port, and the interface-list parameter cannot be input.
Note the following:
z
Guest VLAN is only supported in the port-based authentication mode.
A switch only can be configured with one Guest VLAN.
Users who skip the authentication, fail in the authentication or get offline belong to
the Guest VLAN.
If dot1x dhcp-launch is configured on the switch, the Guest VLAN function

cannot be implemented because the switch does not send active authentication
packet in this mode.
Example
# Set the authentication mode to port-based.
[Quidway] dot1x port-method portbased
# Enable Guest VLAN on all ports.
[Quidway] dot1x guest-vlan 1
1.1.6 dot1x max-user

Syntax
dot1x max-user user-number [ interface interface-list ]
undo dot1x max-user [ interface interface-list ]
View
Parameter
user-number: Specifies the limit to the amount of supplicants on the port, ranging from 1
to 1024. By default, the maximum user number is 1024.
interface interface-list: Ethernet interface list including several Ethernet interfaces,
expressed in the format interface-list = { interface-num [ to interface-num ] } & <1-10>.

1-6

Description
Using dot1x max-user command, you can configure a limit to the amount of
supplicants on the specified interface of 802.1x. Using undo dot1x max-user
This command is used for setting a limit to the amount of supplicants that 802.1x can
hold on the specified interface. This command has effect on the interface specified by
the parameter interface-list when executed in system view. It has effect on all the
interfaces when no interface is specified. The parameter interface-list cannot be input
when the command is executed in Ethernet Port view and it has effect only on the
current interface.
Example
# Configure the interface Ethernet 3/0/1 to hold no more than 32 users.
[Quidway] dot1x max-user 32 interface Ethernet 3/0/1
1.1.7 dot1x port-control

Syntax
dot1x port-control { auto | authorized-force | unauthorized-force } [ interface
interface-list ]
undo dot1x port-control [ interface interface-list ]
View
Parameter
auto: Automatic identification mode, configuring the initial state of the interface as
unauthorized. The user is only allowed to receive or transmit EAPoL packets but not to
access the network resources. If the user passes the authentication flow, the interface
will switch over to the authorized state and then the user is allowed to access the
network resources. This is the most common case.
authorized-force: Forced authorized mode, configuring the interface to always stay in
authorized state and the user is allowed to access the network resources without
authentication/authorization.
unauthorized-force: Forced unauthorized mode, configuring the interface to always
stay in non-authorized mode and the user is not allowed to access the network
resources.
expressed in the format interface-list = { interface-num [ to interface-num ] } & < 1-10 >.
1-7


Description
Using dot1x port-control command, you can configure the mode for 802.1x to perform
access control on the specified interface. Using undo dot1x port-control command,
you can restore the default access control mode.
By default, the value is auto.
This command is used to set the mode, or the interface state, for 802.1x to perform
access control on the specified interface. This command has effect on the interface
specified by the parameter interface-list when executed in system view. It has effect on
all the interfaces when no interface is specified. The parameter interface-list cannot be
input when the command is executed in Ethernet port view and it has effect only on the
current interface.
Example
# Configure the interface Ethernet 3/0/1 to be in unauthorized-force state.
[Quidway] dot1x port-control unauthorized-force interface Ethernet 3/0/1
1.1.8 dot1x port-method

Syntax
dot1x port-method { macbased | portbased } [ interface interface-list ]
undo dot1x port-method [ interface interface-list ]
View
System view/Ethernet Port view
Parameter
macbased: Configures the 802.1x authentication system to perform authentication on
the supplicant based on MAC address.
portbased: Configures the 802.1x authentication system to perform authentication on
the supplicant based on port.
1-8


Description
Using dot1x port-method command, you can configure the base for 802.1x to perform
access control on the specified interface. Using undo dot1x port-method command,
you can restore the default access control base.
By default, the value is macbased.
This command is used to set the base for 802.1x to perform access control. When
macbased is adopted, the user access this interface must be authenticated
independently, and if one successful authentication user is to finish network service, the
other accessed users can still use network service. When portbased is adopted, if only
the first access user by this interface can be authenticated successfully, the other
access users followed can be considered authenticated successfully automatically ,but
if the first one finish the network service , the other accessed users network service will
be rejected . .
This command has effect on the interface specified by the parameter interface-list
when executed in system view. It has effect on all the interfaces when no interface is
specified. The parameter interface-list cannot be input when the command is executed
in Ethernet Port view and it has effect only on the current interface.
Example
# Authenticate the supplicant based on the interface number on Ethernet 3/0/1.
[Quidway] dot1x port-method portbased interface Ethernet 3/0/1
1.1.9 dot1x quiet-period

Command
dot1x quiet-period
undo dot1x quiet-period
View
System view
Parameter
None

1-9

Description
Using dot1x quiet-period command, you can enable the quiet-period timer. Using
undo dot1x quiet-period command, you can disable this timer.
If an 802.1x user has not passed the authentication, the Authenticator will keep quiet for
a while (which is specified by quiet-period timer) before launching the authentication
again. During the quiet period, the Authenticator does not do anything related to 802.1x
authentication.
By default, quiet-period timer is disabled.
For the related commands, see display dot1x , dot1x timer.
Example
# Enable quiet-period timer.
[Quidway] dot1x quiet-period
1.1.10 dot1x re-authenticate

Syntax
dot1x re-authenticate [ interface interface-list ]
undo dot1x re-authenticate [ interface interface-list ]
View
Parameter
interface interface-list: Ethernet interface list, represents multiple Ethernet interfaces,
in the format of interface-list = { interface-num [ to interface-num ] } & < 1-10 >.
interface-num is a single Ethernet port, in the format of interface-num = { interface-type
interface-num | interface-name }.
Description
Using the dot1x re-authenticate command, you can enable 802.1x re-authentication
on a specific port or all the authenticator ports on a device.
Using the undo dot1x re-authenticate command, you can disable 802.1x
re-authentication on a specific port or all the authenticator ports on a device.
By default, 802.1x re-authentication is disabled on all ports.
In system view, if the interface-list parameter is not specified, it means that to enable
the 802.1x re-authentication feature on all interfaces; if the interface-list parameter is
specified, it means that to enable the feature on the specified interfaces. In Ethernet
port view, the interface-list parameter cannot be specified, and you can use command
only to enable the feature on the current interface.
1-10

Before configuring 802.1x re-authentication feature on a port, you must enable the
feature both globally and on this port.
Example
# Enable 802.1x reauthentication on port Ethernet 3/0/1.
[Quidway-Ethernet3/0/1] dot1x re-authenticate
Re-authentication is enabled on port Ethernet 3/0/1
1.1.11 dot1x retry

Syntax
dot1x retry max-retry-value
undo dot1x retry
View
System view
Parameter
max-retry-value: Specifies the maximum times an Ethernet switch can retransmit the
authentication request frame to the supplicant, ranging from 1 to 10. By default, the
value is 2, that is, the switch can retransmit the authentication request frame to the
supplicant for 2 times.
Description
Using dot1x retry command, you can configure the maximum times an Ethernet switch
can retransmit the authentication request frame to the supplicant. Using undo dot1x
retry command, you can restore the default maximum retransmission time.
After the switch has transmitted authentication request frame to the user for the first
time, if no user response is received during the specified time-range, the switch will
re-transmit authentication request to the user. This command is used for specifying
how many times the switch can re-transmit the authentication request frame to the
supplicant. When the time is 1, the switch is configured to transmit authentication
request frame only once. 2 indicates that the switch is configured to transmit
authentication request frame once again when no response is received for the first time
and so on. This command has effect on all the port after configuration.
Example
# Configure the current device to transmit authentication request frame to the user for
no more than 9 times.
[Quidway] dot1x retry 9
1-11

1.1.12 dot1x retry-version-max

Syntax
dot1x retry-version-max max-retry-version-value
undo dot1x retry-version-max
View
System view
Parameter
max-retry-version-value: The maximum retry times for a device to send the version
request frame to an access user. The value ranges form 1 to 10, and defaults to 3.
Description
Using the dot1x retry-version-max command, you can set the maximum retry times
for an Ethernet switch to send version request frame to an access user. Using the undo
dot1x retry-version-max command, you can return the value to the defaults.
After sending client version request frame for the first time, if the switch receives no
response from the client response within a certain period of time (set by the version
authentication timeout timer), it resends version request again. When the switch
receives no response for the configured maximum times, it no longer authenticates the
version of the client, and perform the following authentications. If configured, this
command functions on all ports that enabled version authentication function.
See display dot1x and dot1x timer for related configuration.
Example
# Configure the switch to send version request frame to an access user 6 times at the
most.
[Quidway] dot1x retry-version-max 6
1.1.13 dot1x supp-proxy-check

Syntax
dot1x supp-proxy-check { logoff | trap } [ interface interface-list ]
undo dot1x supp-proxy-check { logoff | trap } [ interface interface-list ]
View
System view/Ethernet Port view
Parameter
logoff: Cuts network connection to a user upon detecting the use of proxy.
1-12

trap: Sends trap message upon detecting a user using proxy to access the switch.
Description
Using dot1x supp-proxy-check command, you can configure the control method for
802.1x access users via proxy logon the specified interface. Using undo dot1x
supp-proxy-check command, you can cancel the control method set for the 802.1x
access users via proxy.
Note that when performing this function, the user logging on via proxy need to run
Huawei 802.1x client program,( Huawei 802.1x client program version V1.29 or above
is needed).
This command is used to set on the specified interface when executed in system view.
The parameter interface-list cannot be input when the command is executed in
Ethernet Port view and it has effect only on the current interface. After globally enabling
proxy user detection and control in system view, only if you enable this feature on a
specific port can this configuration take effects on the port.
For the related command, see display dot1x.
Example
# Configure the switch cut network connection to a user upon detecting the use of proxy
on Ethernet 3/0/1 ~ Ethernet 3/0/8.
[Quidway] dot1x supp-proxy-check logoff
[Quidway] dot1x supp-proxy-check logoff interface Ethernet 3/0/1 to Ethernet 3/0/8
# Configure the switch to send trap message upon detecting the use of proxy on
Ethernet 3/0/9.
[Quidway] dot1x supp-proxy-check trap
[Quidway] dot1x supp-proxy-check trap interface Ethernet 3/0/9
or
[Quidway] dot1x supp-proxy-check trap
[Quidway] interface Ethernet 3/0/9
[Quidway-Ethernet3/0/9] dot1x supp-proxy-check trap

1-13

1.1.14 dot1x timer

Syntax
dot1x
timer
quiet-period-value
handshake-period
|
reauth-period
handshake-period-value
reauth-period-value
quiet-period
server-timeout
server-timeout-value | supp-timeout supp-timeout-value | tx-period tx-period-value |

ver-period ver-period-value }
undo dot1x timer { handshake-period | quiet-period | reauth-period |
server-timeout | supp-timeout | tx-period | ver-period }
View
System view
Parameter
handshake-period: This timer begins after the user has passed the authentication.
After setting handshake-period, system will send the handshake packet by the period.
Suppose the dot1x retry time is configured as N, the system will consider the user
having logged off and set the user as logoff state if system doesnt receive the response
from user for consecutive N times.
handshake-period-value: Handshake period. The value ranges from 1 to 1024 in units
of second and defaults to 15.
quiet-period: Specify the quiet timer. If an 802.1x user has not passed the
authentication, the Authenticator will keep quiet for a while (which is specified by
quiet-period timer) before launching the authentication again. During the quiet period,
the Authenticator does not do anything related to 802.1x authentication.
quiet-period-value: Specify how long the quiet period is. The value ranges from 10 to
120 in units of second and defaults to 60.
server-timeout: Specify the timeout timer of an Authentication Server. If an
Authentication Server has not responded before the specified period expires, the
Authenticator will resend the authentication request.
server-timeout-value: Specify how long the duration of a timeout timer of an
Authentication Server is. The value ranges from 100 to 300 in units of second and
defaults to 100 seconds.
supp-timeout: Specify the authentication timeout timer of a Supplicant. After the
Authenticator sends Request/Challenge request packet which requests the MD5
encrypted text, the supp-timeout timer of the Authenticator begins to run. If the
Supplicant does not respond back successfully within the time range set by this timer,
the Authenticator will resend the above packet.
supp-timeout-value: Specify how long the duration of an authentication timeout timer of
a Supplicant is. The value ranges from 10 to 120 in units of second and defaults to 30.
1-14

tx-period: Specify the transmission timeout timer. After the Authenticator sends the
Request/Identity request packet which requests the user name or user name and
password together, the tx-period timer of the Authenticator begins to run. If the
Supplicant does not respond back with authentication reply packet successfully, then
the Authenticator will resend the authentication request packet.
tx-period-value: Specify how long the duration of the transmission timeout timer is. The
value ranges from 10 to 120 in units of second and defaults to 30.
reauth-period: Re-authentication timeout timer. During the time limit set by this timer,
the supplicant device launches 802.1x re-authentication.
reauth-period-value: Period set by the re-authentication timeout timer, ranging from 1 to
86400, in seconds. By default, the value is 3600.
ver-period: Client version request timeout timer. If the supplicant device failed to send
the version response packet within the time set by this timer, then the authenticator
device will resend the version request packet.
ver-period-value: Period set by the version request timeout timer, ranging from 1 to 30,
in seconds. By default, the value is 30.
Description
Using dot1x timer command, you can configure the 802.1x timers. Using undo dot1x
timer command, you can restore the default values.
When it is run, 802.1x enables many timers to control the rational and orderly
interacting of the Supplicant, the Authenticator and the Authenticator Server. This
command can set some of the timers (while other timers cannot be set) to adapt the
interaction process. It could be necessary for some special and hard network
environment. Generally, the user should keep the default values of the timers.
Example
# Set the Authentication Server timeout timer is 150s.
[Quidway] dot1x timer server-timeout 150
1.1.15 dot1x version-check

Syntax
dot1x version-check [ interface interface-list ]
undo dot1x version-check [ interface interface-list ]
View

1-15

Parameter
interface interface-list: Ethernet interface list, represents multiple Ethernet interfaces,
in the format of interface-list = { interface-num [ to interface-num ] } & < 1-10 >.
interface-num is a single Ethernet port, in the format of interface-num = { interface-type
interface-num | interface-name }.
Description
Using the dot1x version-check command, you can enable the 802.1x client version
authentication feature on a specific port. Using the undo dot1x version-check
command, you can disable the feature on a specific port.
By default, 802.1x client version authentication feature is disabled on all ports.
In system view, if the interface-list parameter is not specified, it means that to enable
the 802.1x client version authentication feature on all interfaces; if the interface-list
parameter is specified, it means that to enable the feature on the specified interfaces. In
Ethernet port view, the interface-list parameter cannot be specified, and you can use
command only to enable the feature on the current interface.
Example
# Configure the port Ethernet 3/0/1 to detect the version of the 802.1x client when it
receives an authentication packet.
[Quidway-Ethernet3/0/1] dot1x version-check
1.1.16 reset dot1x statistics

Syntax
reset dot1x statistics [ interface interface-list ]
View
User view
Parameter
interface interface-list: Ethernet port list including several Ethernet ports. interface-list
= { interface-num [ to interface-num ] } & < 1-10 >. interface-num specifies a single
Ethernet port in the format port-num = { interface-type interface-num | interface-name },
where interface-type specifies the port type, interface-num specifies the port number
and interface-name specifies the port name. For the respective meanings and value
ranges, read the Parameter of the Port Configuration section.
Description
Using reset dot1x statistics command, you can reset the statistics of 802.1x.

1-16

This command can be used to re-perform statistics if the user wants to delete the
former statistics of 802.1x.
When the original statistics is cleared, if no port type or port number is specified, the
global 802.1x statistics of the switch and 802.1x statistics on all the ports will be cleared.
If the port type and port number are specified, the 802.1x statistics on the specified port
will be cleared.
Example
# Clear the 802.1x statistics on Ethernet 3/0/1.
<Quidway> reset dot1x statistics interface Ethernet 3/0/1

1-17

Chapter 2 AAA Configuration Commands

2.1 AAA Configuration Commands
2.1.1 access-limit
Syntax
access-limit { disable | enable max-user-number }
undo access-limit
View
ISP domain view
Parameter
disable: No limit to the supplicant number in the current ISP domain.
enable max-user-number: Specifies the maximum supplicant number in the current
ISP domain, ranging from 1 to 4120.
Description
Using access-limit command, you can configure a limit to the amount of supplicants in
the current ISP domain. Using undo access-limit command, you can restore the limit
to the default setting.
By default, there is no limit to the amount of supplicants in the current ISP domain.
The access-limit command limits the amount of supplicants contained in the current
ISP domain. The supplicants may contend for the network resources. So setting a
suitable limit to the amount will guarantee the reliable performance for the existing
supplicants.
Example
# Set a limit of 500 supplicants for the ISP domain named huawei163.net.
[Quidway-isp-huawei163.net] access-limit enable 500
2.1.2 attribute
Syntax
attribute { ip ip-address | mac mac-address | idle-cut second | access-limit
max-user-number | vlan vlanid | location { nas-ip ip-address port portnum | port
portnum }

2-1

undo attribute { ip | mac | idle-cut | access-limit | vlan | location }*
View
Local user view
Parameter
ip: Specifies the bound IP address of a user.
mac mac-address: Specifies the bound MAC address of a user. Where, mac-address
takes on the hexadecimal format of H-H-H.
idle-cut second: Allows/Disallows the local users to enable the idle-cut function. (The
specific data for this function depends on the configuration of the ISP domain where the
users locate.) The argument minute defines the idle-cut time, which is in the range of 60
to 7200 seconds.
access-limit max-user-number: Specifies the maximum number of access users who
access the device by using the current user name. The argument max-user-number is
in the range of 1 to 4096.
vlan vlanid: Sets the bound VLAN attribute of a user, in other words, the VLAN to which
a user belong. The argument vlanid is an integer in the range of 1 to 4094.
location: Sets the port binding attribute of user.
nas-ip ip-address: The IP address of the access server in the event of binding a remote
port with a user. The argument ip-address is an IP address in dotted decimal format and
defaults to 127.0.0.1.
port portnum: Sets the port with which a user is bound. The argument portnum is
represented by SlotNumber SubSlotNumber PortNumber. If any of these three items
is absent, the value 0 can be used to replace it.
Description
Using attribute command, you can configure some attributes for specified local user.
Using undo attribute command, you can cancel the attributes that have been defined
for this local user.
It should be noted that the argument nas-ip must be defined for a user bound with a
remote port, which is unnecessary, however, in the event of a user bound with a local
port.
For the related command, see display local-user.
Example
# Configure the IP address 10.110.50.1 to the user huawei1.
[Quidway-luser-huawei1] attribute ip 10.110.50.1

2-2

2.1.3 cut connection

Syntax
cut connection { all | access-type dot1x | domain domain-name | interface
interface-type interface-number | ip ip-address | mac mac-address | radius-scheme
radius-scheme-name | vlan vlanid | ucibindex ucib-index | user-name user-name }
View
System view
Parameter
all: Configures to disconnect all connection.
access-type dot1x: Configures to cut connections of 802.1x users.
domain domain-name: Configures to cut the connection according to ISP domain.
domain-name specifies the ISP domain name with a character string not exceeding 24
characters. The specified ISP domain shall have been created.
mac mac-address: Configures to cut the connection of the supplicant whose MAC
address is mac-address. The argument mac-address is in the hexadecimal format
(H-H-H).
radius-scheme radius-scheme-name: Configures to cut the connection according to
RADIUS server name. radius-scheme-name specifies the RADIUS server name with a
character string not exceeding 32 characters
interface interface-type interface-number: Configures to cut the connection according
to the port.
ip ip-address: Configures to cut the connection according to IP address. The argument
ip-address is in the hexadecimal format (ip-address).
vlan vlanid: Configures to cut the connection according to VLAN ID. Here, vlanid
ranges from 1 to 4094.
ucibindex ucib-index: Configures to cut the connection according to ucib-index.
user-name user-name : Configures to cut the connection according to user name .
user-name is the argument specifying the username. It is a character string not
exceeding 80 characters, excluding /, :, *, ?, < and >. The @ character can
only be used once in one username. The pure username (the part before @, namely
the user ID) cannot exceed 55 characters.
Description
Using cut connection command, you can disconnect a user or a category of users by
force.
By now, this command is available for 802.1x users.

2-3

For the related command, see display connection.
Example
# Cut all the connections of 802.1x users in the ISP domain, huawei163.net.
[Quidway] cut connection domain huawei163.net
2.1.4 display connection

Syntax
display connection [ access-type dot1x | domain domain-name | interface
interface-type interface-number | ip ip-address | mac mac-address | radius-scheme
radius-scheme-name | vlan vlanid | ucibindex ucib-index | user-name user-name ]
View
Any view
Parameter
access-type dot1x: Configures to display the supplicants according to their logon type.
dot1x means the 802.1x users.
domain domain-name: Configures to display all the users in an ISP domain.
domain-name specifies the ISP domain name with a character string not exceeding 24
mac mac-address: Configures to display the supplicant whose MAC address is
mac-address. The argument mac-address is in the hexadecimal format (H-H-H).
radius-scheme radius-scheme-name: Configures to display the supplicant according
to RADIUS server name. radius-scheme-name specifies the RADIUS server name with
a character string not exceeding 32 characters.
interface interface-type interface-number: Configures to display the supplicant
according the port.
ip ip-address: Configures to display the user specified with IP address. The argument
ip-address is in the hexadecimal format (ip-address).
vlan vlanid: Configures to display the user specified with VLAN ID. Here, vlanid ranges
from 1 to 4094.
ucibindex ucib-index: Configures to display the user specified with ucib-index.
user-name user-name: Configures to display a user specifies with user-name.

2-4

Description
Using display connection command, you can view the relevant information of all the
supplicants or the specified one(s). The output can help you with the user connection
diagnosis and troubleshooting.
If no parameter is specified, this command displays the related information about all
connected users.
By now, this command is available for 802.1x users.
For the related command, see cut connection.
Example
# Display the relevant information of all the 802.1x users.
<Quidway> display connection
Total 0 connections matched ,0 listed.
2.1.5 display domain

Syntax
display domain [ isp-name ]
View
Any view
Parameter
isp-name: Specifies the ISP domain name, with a character string not exceeding 24
Description
Using display domain command, you can view the configuration of a specified ISP
domain or display the summary information of all ISP domains.
This command is used to output the configuration of a specified ISP domain or display
the summary information of all ISP domains. If an ISP domain is specified, the
configuration information will be displayed exactly the same, concerning the content
and format, as the displayed information of the display domain command. The output
information can help with ISP domain diagnosis and troubleshooting. Note that the
accounting scheme to be displayed should have been created.
For the related commands, see access-limit, domain, radius scheme, state, display
domain.
Example
# Display the summary information of all ISP domains of the system.
2-5

<Quidway> display domain

0
Domain = system
State = Active
Scheme = LOCAL
Access-limit = Disable
Vlan-assignment-mode = Integer
Domain User Template:
Idle-cut = Disable
Self-service = Disable
Messenger Time = Disable
Default Domain Name: system

Total 1 domain(s).1 listed.
2.1.6 display local-user

Syntax
display local-user [ domain isp-name | idle-cut { enable | disable } | service-type
{ telnet | ftp | ssh | terminal | lan-access } | state { active | block } | user-name
user-name | vlan vlanid ]
View
Any view
Parameter
domain isp-name: Configures to display all the local users in the specified ISP domain.
isp-name specifies the ISP domain name with a character string not exceeding 24
idle-cut: Configures to display the local users according to the state of idle-cut function.
disable means that the user disables the idle-cut function and enable means the user
enables the function. This parameter only takes effect on the users configured as
lan-access type. For other types of users, the display local-user idle-cut enable and
display local-user idle-cut disable commands will not display any information.
service-type: Configures to display local user of a specified type. telnet means that:
the specified user type is telnet. ftp means that: the specified user type is ftp.
lan-access means that the specified user type is lan-access which mainly refers to
Ethernet accessing users, 802.1x supplicants for example. terminal means the
specified user type is terminal which refers to users who use the terminal service (login
from the Console port).
state { active | block } Configures to display the local users in the specified state.
active means that the system allows the user requesting network service and block
means the system does not allow the user requesting network service.

2-6

user-name user-name : Configures to display a user specified with user-name .

vlan vlanid: Configures to display the users bound to the specified VLAN. vlanid is the
integer, ranging from 1 to 4094.
Description
Using display local-user command, you can view the relevant information of all the
local users or the specified one(s).
This command displays the relevant information about a specified or all the local users.
The output can help you with the fault diagnosis and troubleshooting related to local
user.
For the related command, see local-user.
Example
# Display the relevant information of all the local users.
<Quidway> display local-user
The contents of local user user1:
State:
Active
Idle Cut:
Disable
AccessLimit:
Disable
Bind location:
Disable
Vlan ID:
Disable
IP address:
Disable
MAC address:
Disable
ServiceType Mask: None
Current AccessNum: 0
Total 1 local user(s) Matched, 1 listed.
Table 2-1 Output description of the display local-user command

Field
Description
State
The state of the user
Idle-Cut
The state of the idle-cut switch
Access-Limit
The limit to the number of access users.
Bind location
Indicates whether the port is bound with or not
VLAN ID
The ID of the VLAN to which the user is bound
IP address
The bound IP address of the user
MAC address
The bound MAC address of the user

2-7

Field
Description
FTP Directory
The directory authorized to FTP users
2.1.7 domain
Syntax
domain { isp-name | default { disable | enable isp-name } }
undo domain isp-name
View
System view
Parameter
isp-name: Specifies an ISP domain name. The name is expressed with a character
string not exceeding 24 characters, excluding /, : , *, ? , <, and >.
default enable isp-name: Enables the default ISP domain specified by isp-name.
default disable: Restores the default ISP domain to system.
Description
Using domain command, you can configure an ISP domain or enter the view of an
existing ISP domain. Using undo domain command, you can cancel a specified ISP
domain.
By default, a domain named system has been created in the system. The attributes of
system are all default values.
ISP domain is a group of users belonging to the same ISP. Generally, for a username in
the userid@isp-name format, taking gw20010608@huawei163.net as an example, the
isp-name (i.e.huawei163.net) following the @ is the ISP domain name. When Quidway
Series Ethernet Switches control user access, as for an ISP user whose username is in
userid@isp-name format, the system will take userid part as username for identification
and take isp-name part as domain name.
The purpose of introducing ISP domain settings is to support the application
environment with several ISP domains. In this case, an access device may have
supplicants from different ISP domains. Because the attributes of ISP users, such as
username and password structures, service types, may be different, it is necessary to
separate them by setting ISP domains. In ISP domain view, you can configure a
complete set of exclusive ISP domain attributes for each ISP domain, which includes
AAA schemes ( RADIUS scheme applied and so forth.)

2-8

For a switch, each supplicant belongs to an ISP domain. The system supports to
configure up to 16 ISP domains. If a user has not reported its ISP domain name, the
system will put it into the default domain.
When this command is used, if the specified ISP domain does not exist, the system will
create a new ISP domain. All the ISP domains are in the active state when they are
created.
For the related commands, see access-limit, radius scheme, state, display domain.
Example
# Create a new ISP domain, huawei163.net, and enters its view.
[Quidway] domain huawei163.net
New Domain added.
[Quidway-isp-huawei163.net]
2.1.8 idle-cut
Syntax
idle-cut { disable | enable minute flow }
View
ISP domain view
Parameter
disable: means disabling the user to use idle-cut function .
enable: means enabling the user to use idle-cut function.
minute: Specifies the maximum idle time, ranging from 1 to 120 and measured in
minutes.
flow: The minimum data traffic, ranging from 1 to 10,240,000 and measured in bytes.
Description
Using idle-cut command, you can configure the user template in the current ISP
domain.
By default, after an ISP domain is created, this attribute in user template is disable, that
is, the user idle-cut is disabled.
The user template is a set of default user attributes. If a user requesting for the network
service does not have some required attributes, the corresponding attributes in the
template will be endeavored to him as default ones. The user template of the switch you
are using may only provide user idle-cut settings. After a user is authenticated, if the
idle-cut is configured to enable or disable by neither the user nor the RADIUS server,
the user will adopt the idle-cut state in the template.
2-9

Because a user template only works in one ISP domain, it is necessary to configure
user template attributes for users from different ISP domain respectively.
For the related command, see domain
Example
# Enable the user in the current ISP domain, huawei163.net, to use the idle-cut attribute
specified in the user template (that is, enabling the user to use the idle-cut function).
The maximum idle time is 50 minutes and the minimum data traffic is 500 bytes.
[Quidway-isp-huawei163.net] idle-cut enable 50 500
2.1.9 level
Syntax
level level
undo level
View
Local user view
Parameter
level: Specifies user priority level, an integer ranging from 0 to 3.
Description
Using the level command, you can configure user priority level. Using the undo level
command, you can restore the default user priority level.
By default, user priority level is 0.
For the related command, see local-user.
Note:
If the configured authentication mode is none authentication or password
authentication, the command level that a user can access after login depends on the
priority of user interface. In the case of authentication requiring both username and
password, however, the accessible command level depends on user priority level.
Example
# Set the priority level of the user huawei to 3.
[Quidway-luser-huawei1] level 3

2-10

2.1.10 local-user
Syntax
local-user user-name
undo local-user { user-name | all [ service-type { telnet | ftp | lan-access | ssh |
terminal } ] }
View
System view
Parameter
user-name: Specifies a local username with a character string not exceeding 80
characters, excluding /, :, *, ?, < and >. The @ character can only be used
once in one username. The pure username (the part before @, namely the user ID)
cannot exceed 55 characters. The user-name is case-insensitive, so that UserA is the
same as usera.
service-type: Specifies the service type. telnet means that: the specified user type is
telnet. ftp means that: the specified user type is ftp. lan-access means that the
specified user type is lan-access which mainly refers to Ethernet accessing users,
802.1x supplicants for example. ssh means the specified user type is SSH. terminal
means the specified user type is terminal which refers to users who use the terminal
service (login from the Console port).
all: All the users.
Description
Using local-user command, you can configure a local user and enter the local user
view. Using undo local-user command, you can cancel a specified local user.
By default, no local user.
For the related commands, see display local-user , service-type.
Example
# Add a local user named huawei1.
[Quidway] local-user huawei1
[Quidway-luser-huawei1]
2.1.11 local-user password-display-mode

Syntax
local-user password-display-mode { cipher-force | auto }
undo local-user password-display-mode
2-11

View
System view
Parameter
cipher-force: Forced cipher mode specifies that the passwords of all the accessed
users must be displayed in cipher text.
auto: The auto mode specifies that a user is allowed to use the password command to
set a password display mode.
Description
Using local-user password-display-mode command, you can configure the
password display mode of all the accessing users. Using undo local-user
password-display-mode command, you can cancel the password display mode that
has been set for all the accessing users.
If cipher-force has been adopted, the user efforts of specifying to display passwords in
simple text will render useless.
The password display mode of all the accessing users defaults to auto.
For the related commands, see display local-user , password.
Example
# Force all the accessing users to display passwords in cipher text.
[Quidway] local-user password-display-mode cipher-force
2.1.12 messenger
Syntax
messenger time { enable limit interval | disable }
undo messenger time
View
ISP domain view
Parameter
limit: Remaining-online-time threshold in minutes, in the range of 1 to 60. When the
remaining online time of a user is equal to this threshold, the switch begins to send alert
messages to the client.
interval: Sending interval of alert messages in minutes, in the range of 5 to 60. It must
be a multiple of 5.

2-12

Description
Use the messenger time enable command to enable messenger alert and configure
the related parameters.
Use the messenger time disable command to disable messenger alert.
Use the undo messenger time command to restore messenger alert to default
settings.
By default, the messenger alert is disabled on the switch.
This function allows the clients to inform the online users about their remaining online
time through message alert dialog box.
The implementation of this function is as follows:
z
On the switch, use the messenger time enable command to enable this function
and to configure the remaining-online-time threshold (the limit argument) and the
alert message interval.
If the threshold is reached, the switch sends messages containing the users
remaining online time to the client at the interval you configured.
The client keeps the user informed of the remaining online time through a
message alert dialog box.
Example
# Configure to start the sending of alert messages when the users remaining online
time is 30 minutes and send the messages at an interval of five minutes.
[Quidway-isp-system] messenger time enable 30 5
2.1.13 name
Syntax
name string
undo name
View
VLAN view
Parameter
string: Name of the delivered VLAN.
Description
Using name command, you can configure name of the delivered VLAN.
For the related commands, see vlan-assignment-mode.

2-13

Example
# Configure name of the delivered VLAN
[Quidway-vlan100] name test
2.1.14 password
Syntax
password { simple | cipher } password
undo password
View
Local user view
Parameter
simple: Specifies to display passwords in simple text.
cipher: Specifies to display passwords in cipher text.
password: Defines a password. For simple mode, the password must be in plain text.
For cipher mode, the password can be either in encrypted text or in plain text. The
result is determined by the input. A plain text password is a character string of no more
than 16 characters, for example, huawei918. The password must be an encrypted
string of 24 characters in length, for example, _(TT8F]Y\5SQ=^Q`MAF4<1!!.
Description
Using password command, you can configure a password for local users. Using undo
password command, you can cancel the specified password.
If local-user password-display-mode cipher-force has been adopted, the user
efforts of using the password command to set the password display mode to simple
text (simple) will render useless.
For the related command, see display local-user.
Example
# Set the user huawei1 to display the password in simple text, given the password is
20030422.
[Quidway-luser-huawei1] password simple 20030422
2.1.15 radius-scheme
Syntax
radius-scheme radius-scheme-name

2-14

View
ISP domain view
Parameter
radius-scheme-name: Specifies a RADIUS scheme, with a character string not
exceeding 32 characters.
Description
Using radius-scheme command, you can configure the RADIUS scheme used by the
current ISP domain.
This command is used to specify the RADIUS scheme for the current ISP domain. The
specified RADIUS scheme shall have been created.
For the related commands, see radius scheme, display radius.
Example
# The following example designates the current ISP domain, huawei163.net, to use the
RADIUS server, huawei.
[Quidway-isp-huawei163.net] radius-scheme Huawei
2.1.16 scheme
Syntax
scheme { radius-scheme radius-scheme-name [ local ] | local | none }
undo scheme [ radius-scheme | none ]
View
ISP domain view
Parameter
radius-scheme-name: RADIUS scheme, a character string not exceeding 32
characters.
local: Local authentication.
none: No authentication.
Description
Using the scheme command, you can configure the AAA scheme to be referenced by
the current ISP domain. Using the undo scheme command, you can restore the
default AAA scheme.
The default AAA scheme in the system is local.

2-15

The scheme command can be used to specify the RADIUS scheme referenced by
current ISP domain; the scheme you specified must be an existing scheme.
When using radius-scheme radius-scheme-name local in the configuration command,
the local refers to the alternative authentication scheme if the RADIUS server does not
respond normally. That is, when the RADIUS server operates normally, the local
scheme is not used; otherwise, the local scheme is used.
When local is used as the first AAA scheme in the configuration command, only local
scheme is used; that is, RADIUS scheme can be used at the same time.
Note:
You can use either scheme or radius-scheme command to specify the RADIUS
scheme for a ISP domain. If both of these two commands are used, the latest
configuration will take effect.
For the related commands, see radius scheme.
Example
# Specify the current ISP domain, huawei163.net, to use the RADIUS scheme huawei.
[Quidway-isp-huawei163.net] scheme radius-scheme huawei
2.1.17 self-service-url
Syntax
self-service-url enable url-string
self-service-url disable
View
ISP domain view
Parameter
url-string: The URL address of the page used to change the user password on the
self-service server, a string with 1 to 64 characters. This string cannot contain "?"
character. If "?" is contained in the URL address, you must replace it with "|" when
inputting the URL address in the command line.
Description
Use the self-service-url enable command to configure self-service server URL.
Use the self-service-url disable command to remove the configuration.

2-16

By default, self-service server URL is not configured on the switch.

This command must be incorporated with a RADIUS server (such as a CAMS server)
that supports self-service. Self-service means that users can manage their accounts
and card numbers by themselves. And a server with the self-service software is called a
self-service server.
Once this function is enabled on the switch, users can locate the self-service server and
perform self-management through the following operations:
z
Select "Change user password" on the 802.1x client.
After the client opens the default explorer (IE or NetScape), locate the specified
URL page used to change the user password on the self-service server.
Change user password on this page.
The "Change user password" option is available only after the user passed the
authentication; otherwise, this option is in grey and unavailable.
Example
# In the default ISP domain "system", configure the URL address of the page used to
change
the
user
password
on
the
self-service
server
to
http://10.153.89.94/selfservice/modPasswd1x.jsp|userName.
[Quidway] domain system
[Quidway-isp-system] self-service-url enable http://10.153.89.94/selfservice/modPass
wd1x.jsp|userName
2.1.18 service-type
Syntax
service-type { ftp [ ftp-directory directory ] | lan-access | { ssh | telnet | terminal }*
[ level level ] }
undo service-type { ftp [ ftp-directory ] | lan-access | { ssh | telnet | terminal }* }
View
Local user view
Parameter
telnet: Specifies user type as Telnet.
ssh: Specifies user type as SSH.
level level: Specifies the level of Telnet, SSH or terminal users. The argument level is
an integer in the range of 0 to 3 and defaults to 0.
ftp: Specifies user type as ftp.
ftp-directory directory: Specifies the directory of ftp users, directory is a character
string of up to 64 characters.
2-17

lan-access: Specifies user type to lan-access, which mainly refers to Ethernet

accessing users, 802.1x supplicants for example.
terminal: Authorizes the user to use the terminal service (login from the Console port).
Description
Using service-type command, you can configure a service type for a particular user.
Using undo service-type command, you can cancel the specified service type for the
user.
Note:
You can use either level or service-type command to specify the level for a local user.
If both of these two commands are used, the latest configuration will take effect.
Example
# Set to provide the lan-access service for the user huawei1.
[Quidway-luser-huawei1] service-type lan-access
2.1.19 state
Syntax
state { active | block }
View
ISP domain view
Local user view
Parameter
active: Configures the current ISP domain (ISP domain view)/current user (local user
view) as being in active state, that is, the system allows the users in the domain (ISP
domain view) or the current user (local user view) to request network service.
block: Configures the current ISP domain (ISP domain view)/current user (local user
view) as being in block state, that is, the system does not allow the users in the domain
(ISP domain view) or the current user (local user view) to request network service.
Description
Using state command, you can configure the state of the current ISP domain/ current
user.
By default, after an ISP domain is created, it is in the active state (in ISP domain view).
2-18

A local user will be active (in local user view) upon its creation.
In ISP domain view, every ISP can either be in active or block state. If an ISP domain is
configured to be active, the users in it can request for network service, while in block
state, its users cannot request for any network service, which will not affect the users
currently online.
For the related command, see domain.
Example
# Set the current ISP domain huawei163.net to be in the block state. The supplicants in
this domain cannot request for the network service.
[Quidway-isp-huawei163.net] state block
# Set the user huawei1 to be in the block state.
[Quidway-luser-huawei1] state block
2.1.20 vlan-assignment-mode
Syntax
vlan-assignment-mode { integer | string }
View
ISP domain view
Parameter
integer: Specify the dynamic VLAN delivery mode as integer.
string: Specify the dynamic VLAN delivery mode as string.
Description
Using vlan-assignment-mode command, you can specify the dynamic VLAN delivery
mode.
Currently the switch supports RADIUS server delivers the integer type and string type
VLAN ID.
z
Integer VLAN ID: The switch adds the port into the VLAN based on the integer ID
delivered from the server. If the VLAN does not exist, it first creates a VLAN and
then adds the port into the new VLAN.
String ID: The switch compares the string ID delivered from the server with the
VLAN names existing on the switch. If a matching entry is found, the switch adds
the port into the corresponding VLAN. Otherwise, the delivery fails and the user
cannot pass the authentication.

2-19

Note:
z
For the string delivery mode, the VLAN to be delivered must be an existing one on
the switch. That is, you must have created the VLAN and configured a name for it on
the switch. There is no such a restriction for the integer mode.
For the string delivery mode, the switch follows this rule in handling strings: If the
RADIUS server delivers VLANs with full number string IDs (1024 for example) and
their converted integer form is within the VLAN range, the switch just handles them
as integer IDs and add the authentication port to the VLAN with the corresponding
integer ID. In this example, the port is added into VLAN 1024.
By default, the integer mode is selected, that is, the switch supports the RADIUS server
delivering the integer VLAN ID.
For the related commands, see name.
Example
# Specify the dynamic VLAN delivery mode as integer.
[Quidway-isp-ias] vlan-assignment-mode integer
2.2 RADIUS Protocol Configuration Commands

2.2.1 accounting-on enable
Syntax
accounting-on enable
undo accounting-on enable
View
RADIUS Scheme view
Parameter
None
Description
Using the accounting-on enable command, you can enable user re-authentication at
reboot. Using the undo accounting-on enable command, you can disable this
function.
By default, user re-authentication at reboot is disabled.
Exclusive users are those with its concurrent online number set to 1 on the CAMS. In
the AAA solution implemented jointly by the switch and CAMS, if the switch reboots

2-20

after a user passes the authentication/authorization begins being accounted, the switch
prompts that the user has been online when the user logs into the switch before CAMS
makes online detection. Therefore, the user cannot access network resources normally.
The user can access the network only after the network administrator deletes manually
the online information of the user.
To solve this problem, user re-authentication at reboot is designed. After this function is
enabled, each time the switch reboots,
z
The switch generates an Accounting-On message, which mainly includes NAS-ID,

NAS-IP (source IP) and session ID;
The switch sends to CAMS an Accounting-On message;
Upon receiving the CAMS Accounting-On message, CAMS finds and deletes the
existing online information of the user based on the NAS-ID, NAS-IP (source IP)
and session ID in the Accounting-On message.
Note:
The main attributes of the Accounting-On message NAS-ID, NAS-IP and session ID
are often generated automatically by the switch. However, you can configure the
NAS-IP using the nas-ip command. Make sure you set a correct and valid NAS-IP
address. Otherwise, the switch automatically selects the IP address of the virtual VLAN
interface as NAS-IP.
Example
# Enable user reauthentication at reboot.
[Quidway] radius scheme CAMS

[Quidway-radius-CAMS] accounting-on enable
2.2.2 accounting optional

Syntax
accounting optional
undo accounting optional
View
RADIUS scheme view/ISP domain view

2-21

Parameter
None
Description
Using the accounting optional command, you can enable the selection of RADIUS
accounting option. Using the undo accounting optional command, you can disable
the selection of RADIUS accounting option.
By default, selection of RADIUS accounting option is disabled.
If no RADIUS server is available or if RADIUS accounting server fails when the
accounting optional is configured, the user can still use the network resource,
otherwise, the user will be disconnected.
The user configured with accounting optional command in RADIUS scheme will no
longer send real-time accounting update packet or stop accounting packet.
The accounting optional command in RADIUS scheme view is only effective on the
accounting that uses this RADIUS scheme.
Example
# Enable the selection of RADIUS accounting of the RADIUS scheme named as
CAMS.
[Quidway-radius-cams] accounting optional
2.2.3 data-flow-format
Syntax
data-flow-format data { byte | giga-byte | kilo-byte | mega-byte } packet
{ giga-packet | kilo-packet | mega-packet | one-packet }
undo data-flow-format
View
RADIUS scheme view
Parameter
data: Set data unit.
byte: Set 'byte' as the unit of data flow.
giga-byte: Set 'giga-byte' as the unit of data flow.
kilo-byte: Set 'kilo-byte' as the unit of data flow.
mega-byte: Set 'mega-byte' as the unit of data flow.
packet: Set data packet unit.
giga-packet: Set 'giga-packet' as the unit of packet flow.
2-22

kilo-packet: Set 'kilo-packet' as the unit of packet flow.

mega-packet: Set 'mega-packet' as the unit of packet flow.
one-packet: Set 'one-packet' as the unit of packet flow.
Description
Using data-flow-format command, you can configure the unit of data flow that send to
RADIUS Server. Using undo data-flow-format command, you can restore the unit to
the default setting.
By default, the data unit is byte and the data packet unit is one-packet.
For the related command, see display radius.
Example
# Set the unit of data flow that send to RADIUS Server Huawei is kilo-byte and the data
packet unit is kilo-packet.
[Quidway-radius-huawei] data-flow-format data kilo-byte packet kilo-packet
2.2.4 display local-server statistics

Syntax
display local-server statistics
View
Any view
Parameter
None
Description
Using display local-server statistics command, you can view the statistics of local
RADIUS authentication server.
For the related command, see local-server.
Example
# Display the statistics of local RADIUS authentication server.
<Quidway> display local-server statistics
The localserver packet statistics:
Receive:
Send:
Discard:
Receive Packet Error:
Auth Reveive:
Auth Send:
Acct Receive:
Acct Send:

2-23

2.2.5 display radius

Syntax
display radius [ radius-scheme-name ]
View
Any view
Parameter
radius-scheme-name: Specifies the RADIUS scheme name with a character string not
exceeding 32 characters. Display all RADIUS schemes when the parameter is not set.
Description
Using display radius command, you can view the configuration information of all
RADIUS schemes or a specified one.
By default, This command outputs the configuration information about the specified or
all the RADIUS schemes. The output can help with RADIUS diagnosis and
troubleshooting.
For the related command, see radius scheme.
Example
# Display the configuration information of all the RADIUS schemes.
<Quidway> display radius
-----------------------------------------------------------------SchemeName
=system
Index=0
Type=huawei
Primary Auth IP
=127.0.0.1
Port=1645
State=block
Primary Acct IP
=127.0.0.1
Port=1646
State=block
Second
Auth IP
=0.0.0.0
Port=1812
State=block
Second
Acct IP
=0.0.0.0
Port=1813
State=block
Auth Server Encryption Key= huawei

Acct Server Encryption Key= huawei
Accounting method = required
TimeOutValue(in second)=3 RetryTimes=3 RealtimeACCT(in minute)=12
Permitted send realtime PKT failed counts
=5
Retry sending times of noresponse acct-stop-PKT =500

Quiet-interval(min)
=5
Username format
=without-domain
Data flow unit
=Byte
Packet unit
=1
-----------------------------------------------------------------Total 1 RADIUS scheme(s). 1 listed

2-24

2.2.6 display radius statistics

Syntax
display radius statistics
View
Any view
Parameter
None
Description
Using display radius statistics command, you can view the statistics information of
RADIUS packet.
This command outputs the statistics information about the RADIUS packets. The
displayed packet information can help with RADIUS diagnosis and troubleshooting.
Example
# Display the statistics information of RADIUS packets.
<Quidway> display radius statistics
state statistic(total=4120):
DEAD=4120
AuthProc=0
AuthSucc=0
AcctStart=0
RLTSend=0
RLTWait=0
AcctStop=0
OnLine=0
Stop=0
StateErr=0
Received and Sent packets statistic:

Sent PKT total
:0
Received PKT total:0
RADIUS received packets statistic:

Code= 2,Num=0
,Err=0
Code= 3,Num=0
,Err=0
Code= 5,Num=0
,Err=0
Code=11,Num=0
,Err=0
Running statistic:
RADIUS received messages statistic:
Normal auth request
, Num=0
, Err=0
, Succ=0
EAP auth request
, Num=0
, Err=0
, Succ=0
Account request
, Num=0
, Err=0
, Succ=0
Account off request
, Num=0
, Err=0
, Succ=0

2-25

PKT auth timeout
, Num=0
, Err=0
, Succ=0
PKT acct_timeout
, Num=0
, Err=0
, Succ=0
(Omitted)
2.2.7 display stop-accounting-buffer

Syntax
display stop-accounting-buffer { radius-scheme radius-scheme-name | session-id
session-id | time-range start-time stop-time | user-name user-name }
View
Any view
Parameter
radius-scheme radius-scheme-name: Configures to display the saved stopping
accounting requests according to RADIUS server name. radius-scheme-name
specifies the RADIUS server name with a character string not exceeding 32 characters.
session-id session-id: Configures to display the saved stopping accounting requests
according to the session ID. session-id specifies the session ID with a character string
not exceeding 50 characters.
time-range start-time stop-time: Configures to display the saved stopping accounting
requests according to the saving time. start-time specifies the start time of the saving
time range and stop-time specifies the stop time of the saving time range. The time is
expressed in the format hh:mm:ss-yyyy/mm/dd. When this parameter is specified, all
the stopping accounting requests saved in the time range since start-time to stop-time
will be displayed.
user-name user-name: Configures to display the saved stopping accounting requests
according to the username.
Description
Using display stop-accounting-buffer command, you can view the stopping
accounting requests, which have not been responded and saved in the buffer.
After transmitting the stopping accounting requests, if there is no response from the
RADIUS server, the switch will save the packet in the buffer and retransmit it for several
times, which is set through the retry realtime-accounting command.
This command is used to display the stopping accounting requests saved in the switch
buffer. You can select to display the packets sent to a certain RADIUS server, or display
the packets according to user session ID or username. You may also display the
request packets saved during a specified time range. The displayed packet information
can help with diagnosis and troubleshooting.

2-26

For
the
related
commands,
see
reset
stop-accounting-buffer,
stop-accounting-buffer enable, retry stop-accounting.
Example
# Display the stopping accounting requests saved in the system buffer since 0:0:0 to
23:59:59 on August 31, 2002.
<Quidway>
display
stop-accounting-buffer
time-range
0:0:0-2002/08/31
23:59:59-2002/08/31
Total find
0 record
2.2.8 key
Syntax
key { accounting | authentication } string
undo key { accounting | authentication }
View
RADIUS scheme view
Parameter
accounting: Configures to set/delete the encryption key for RADIUS accounting
packet.
authentication:
Configures
to
set/delete
the
encryption
key
for
RADIUS
authentication/authorization packet.
string: Specifies the key with a character string not exceeding 16 characters. By default,
the key is huawei.
Description
Using
key
command,
you
can
configure
encryption
key
for
RADIUS
authentication/authorization or accounting packet. Using undo key command, you can

restore the default key.
RADIUS client (switch system) and RADIUS server use MD5 algorithm to encrypt the
exchanged packets. The two ends verify the packet through setting the encryption key.
Only when the keys are identical can both ends accept the packets from each other and
give responses. So it is necessary to ensure that the keys set on the switch and the
RADIUS server are identical. If the authentication/authorization and accounting are
performed on two different servers with different encryption keys, you are supposed to
set two encryption keys respectively.
For the related commands, see primary accounting, primary authentication, radius
scheme

2-27

Example
Example 1:
# Set the authentication/authorization key of the RADIUS scheme, huawei, to hello.
[Quidway-radius-huawei] key authentication hello
Example 2:
# Set the accounting packet key of the RADIUS scheme, huawei, to ok.
[Quidway-radius-huawei] key accounting ok
2.2.9 local-server
Syntax
local-server nas-ip ip-address key string
undo local-server nas-ip ip-address
View
System view
Parameter
nas-ip ip-address: set NAS-IP address of access server. ip-address is expressed in the
format of dotted decimal. By default, there is a local server with the NAS-IP address of
127.0.0.1.
key string: Set the shared key. string is a character string containing up to 16
characters.
Description
Using local-server command, you can configure the parameters of local RADIUS
server. Using undo local-server command, you can cancel a local RADIUS server.
RADIUS service, which adopts authentication/authorization/accounting servers to
manage users, is widely used in Quidway series switches. Besides, local
authentication/authorization service is also used in these products and it is called local
RADIUS function, i.e. realize basic RADIUS function on the switch.

2-28

Caution:
z
When using local RADIUS server function of Huawei, remember the number of UDP
port used for authentication is 1645 and that for accounting is 1646.
The key configured by this command must be the same as that of the RADIUS
authentication/authorization
packet
configured
by
the
command
key
authentication in RADIUS scheme view.
Quidway series switches support up to 16 local RADIUS authentication servers.

For the related commands, see radius scheme, state and key.
Example
# Set the NAS-IP address of local RADIUS authentication server to 10.110.1.2 and the
key to huawei.
[Quidway] local-server nas-ip 10.110.1.2 key huawei
2.2.10 nas-ip
Syntax
nas-ip ip-address
undo nas-ip
View
RADIUS scheme view
Parameter
ip-address: IP address in dotted decimal format.
Description
Using the nas-ip command, you can set the source IP address of the network access
server (NAS, the switch in this manual), so that all packets destined for the RADIUS
server carry the same source IP address. Using the undo nas-ip command, you can
cancel the configuration.
Specifying a source address for the RADIUS packets to be transmitted can avoid the
situation where the packets sent back by the RADIUS server cannot be received as the
result of a physical interface failure. The address of a loopback interface is usually used
as the source address.
By default, the source IP address of packets is the IP address of the output port.
For the related command, see display radius, radius nas-ip.
2-29

Example
# Set the source IP address that is carried in the RADIUS packets sent by the NAS (the
switch) to 10.1.1.1.
[Quidway] radius scheme test1
[Quidway-radius-test1] nas-ip 10.1.1.1
2.2.11 primary accounting

Syntax
primary accounting ip-address [ port-number ]
undo primary accounting
View
RADIUS scheme view
Parameter
ip-address: IP address, in dotted decimal format.
port-number: UDP port number. ranging from 1 to 65535.
Description
Using primary accounting command, you can configure the IP address and port
number for the primary accounting server. Using undo primary accounting command,
you can restore the default IP address and port number of the primary RADIUS
accounting server.
By default, as for the newly created RADIUS scheme, the IP address of the primary
accounting server is 0.0.0.0, and the UDP port number of this server is 1813; as for the
"system" RADIUS scheme created by the system, the IP address of the primary
accounting server is 127.0.0.1, and the UDP port number is 1646.
After creating a RADIUS scheme, you are supposed to set IP addresses and UDP port
numbers
for
the
RADIUS
servers,
including
primary/second
authentication/authorization servers and accounting servers. In real networking

environments, the above parameters shall be set according to the specific
requirements. However, at least you have to set one authentication/authorization
server and an accounting server. Besides, ensure that the RADIUS service port
settings on the Ethernet switch is consistent with the port settings on the RADIUS
server.
For the related commands, see key, radius scheme, state.

2-30

Example
# Set the IP address of the primary accounting server of RADIUS scheme, huawei, to
10.110.1.2 and the UDP port 1813 to provide RADIUS accounting service.
[Quidway-radius-huawei] primary accounting 10.110.1.2 1813
2.2.12 primary authentication

Syntax
primary authentication ip-address [ port-number ]
undo primary authentication
View
RADIUS scheme view
Parameter
ip-address: IP address, in dotted decimal format.
port-number: Specifies UDP port number. ranging from 1 to 65535.
Description
Using primary authentication command, you can configure the IP address and port
number for the primary RADIUS authentication/authorization. Using undo primary
authentication command, you can restore the default IP address and port number of
the primary RADIUS authentication/authorization.
By default, as for the newly created RADIUS scheme, the IP address of the primary
authentication server is 0.0.0.0, and the UDP port number of this server is 1812; as for
the "system" RADIUS scheme created by the system, the IP address of the primary
authentication server is 127.0.0.1, and the UDP port number is 1645.
After creating a RADIUS scheme, you are supposed to set IP addresses and UDP port
numbers
for
the
RADIUS
servers,
including
primary/second
authentication/authorization servers and accounting servers. In real networking

environments, the above parameters shall be set according to the specific
requirements. However, at least you have to set one authentication/authorization
server and an accounting server. Besides, ensure that the RADIUS service port
settings on the Ethernet switch is consistent with the port settings on the RADIUS
server.
For the related commands, see key, radius scheme , state.

2-31

Example
# Set the IP address of the primary authentication/authorization server of RADIUS
scheme, huawei, to 10.110.1.1 and the UDP port 1812 to provide RADIUS
authentication/authorization service.
[Quidway-radius-huawei] primary authentication 10.110.1.1 1812
2.2.13 radius nas-ip

Syntax
radius nas-ip ip-address
undo radius nas-ip
View
System view
Parameter
ip-address: IP address in dotted decimal format.
Description
Using the radius nas-ip command, you can specify the source address of the RADIUS
packet sent from NAS. Using the undo radius nas-ip command, you can restore the
default setting.
By specifying the source address of the RADIUS packet, you can avoid unreachable
packets as returned from the server upon interface failure. The source address is
normally recommended to be a loopback interface address..
By default, the source address is not specified, that is, the address of the interface
sending the packet serves as the source address.
This command specifies only one source address; therefore, the newly configured
source address may overwrite the original one.
Example
# Configure the switch to send RADIUS packets from 129.10.10.1.
[Quidway] radius nas-ip 129.10.10.1
2.2.14 radius scheme

Syntax
radius scheme radius-scheme-name
undo radius scheme radius-scheme-name

2-32

View
System view
Parameter
radius-scheme-name: Specifies the Radius server name with a character string not
Description
Using radius scheme command, you can configure a RADIUS scheme and enter its
view. Using undo radius scheme command, you can delete the specified RADIUS
scheme.
By default, a RADIUS scheme named as system has been created in the system. Its
attributes are all default values.
RADIUS protocol configuration is performed on a per-RADIUS-scheme basis. Every
RADIUS scheme shall at least have the specified IP address and UDP port number of
the RADIUS authentication/authorization/accounting server and some necessary
parameters exchanged with the RADIUS client end (switch system). So it is necessary
to create the RADIUS scheme and enter its view before performing other RADIUS
protocol configurations.
A RADIUS scheme can be used by several ISP domains at the same time. You can
configure up to 16 RADIUS server-groups, including the default scheme named as
system.
Although undo radius scheme can remove a specified RADIUS scheme. However,
the default one cannot be removed. Note that a scheme currently in use by the online
user cannot be removed.
For the related commands, see key, retry realtime-accounting, radius-scheme,
timer realtime-accounting, stop-accounting-buffer enable, retry stop-accounting,
server-type, state, user-name-format, retry , display radius, display radius
statistics .
Example
# Create a RADIUS scheme named huawei and enters its view.
[Quidway] radius scheme huawei
[Quidway-radius-huawei]
2.2.15 reset radius statistics

Syntax
reset radius statistics

2-33

View
User view
Parameter
None
Description
Using the reset radius statistics command, you can clear the statistic information
related to the RADIUS protocol.
For the related command, see display radius.
Example
# Clear the RADIUS protocol statistics.
<Quidway> reset radius statistics
2.2.16 reset stop-accounting-buffer

Syntax
reset stop-accounting-buffer { radius-scheme radius-scheme-name | session-id
session-id | time-range start-time stop-time | user-name user-name }
View
User view
Parameter
radius-scheme radius-scheme-name: Configures to delete the stopping accounting
requests from the buffer according to the specified RADIUS server name.
radius-scheme-name specifies the RADIUS server name with a character string not
session-id session-id: Configures to delete the stopping accounting requests from the
buffer according to the specified session ID. session-id specifies the session ID with a
character string not exceeding 50 characters.
time-range start-time stop-time: Configures to delete the stopping accounting requests
from the buffer according to the saving time. Start-time specifies the start time of the
saving time range and stop-time specifies the stop time of the saving time range. The
time is expressed in the format hh:mm:ss-yyyy/mm/dd. When this parameter is set, all
the stopping accounting requests saved since start-time to stop-time will be deleted.
user-name user-name: Configures to delete the stopping accounting requests from the
buffer according to the username. User-name specifies the username, a character
string not exceeding 32 characters.

2-34

Description
Using reset stop-accounting-buffer command, you can reset the stopping
accounting requests, which are saved in the buffer and have not been responded.
By default, after transmitting the stopping accounting requests, if there is no response
from the RADIUS server, the switch will save the packet in the buffer and retransmit it
for several times, which is set through the retry realtime-accounting command.
This command is used to delete the stopping accounting requests from the switch
buffer. You can select to delete the packets transmitted to a specified RADIUS server,
or according to the session-id or username, or delete the packets transmitted during the
specified time-range.
For
the
related
commands,
see
enable,
retry
stop-accounting, display stop-accounting-buffer.
Example
# Delete the stopping accounting requests saved in the system buffer by the user,
user0001@huawei163.net.
<Quidway> reset stop-accounting-buffer user-name user0001@huawei163.net
# Delete the stopping accounting requests saved in the system buffer since 0:0:0 to
23:59:59 on August 31, 2003.
<Quidway>
reset
time-range
0:0:0-2003/08/31
23:59:59-2003/08/31
2.2.17 retry
Syntax
retry retry-times
undo retry
View
RADIUS scheme view
Parameter
retry-times: Specifies the maximum times of retransmission, ranging from 1 to 20. By
Description
Using retry command, you can configure retransmission times of RADIUS request
packet. Using undo retry command, you can restore the retransmission times to
default value.

2-35

Because RADIUS protocol uses UDP packets to carry the data, its communication
process is not reliable. If the RADIUS server has not responded NAS until timeout, NAS
has to retransmit RADIUS request packet. If it transmits more than the specified
retry-times, NAS considers the communication with the primary and secondary
RADIUS servers has been disconnected.
Setting a suitable retry-time according to the network situation can speed up the system
response.
Example
# Set to retransmit the RADIUS request packet no more than 5 times for the RADIUS
scheme huawei.
[Quidway-radius-huawei] retry 5
2.2.18 retry realtime-accounting

Syntax
retry realtime-accounting retry-times
undo retry realtime-accounting
View
RADIUS scheme view
Parameter
retry-times: Specifies the maximum times of real-time accounting request failing to be
responded, ranging from 1 to 255. By default, the accounting request can fail to be
responded up to 5 times.
Description
Using retry realtime-accounting command, you can configure the maximum times of
real-time
accounting
request
failing
to
be
responded.
Using
undo
retry
realtime-accounting command, you can restore the maximum times of real-time

accounting request failing to be responded to the default value.
RADIUS server usually checks if a user is online with timeout timer. If the RADIUS
server has not received the real-time accounting packet from NAS, it will consider that
there is line or device failure and stop accounting. Accordingly, it is necessary to
disconnect the user at NAS end and on RADIUS server synchronously when some
unexpected failure occurs. Quidway Series Ethernet Switches support to set maximum
times of real-time accounting request failing to be responded. NAS will disconnect the
user if it has not received real-time accounting response from RADIUS server for some
specified times.
2-36

How to calculate the value of count? Suppose RADIUS server connection will timeout
in T and the real-time accounting interval of NAS is t, then the integer part of the result
from dividing T by t is the value of count. Therefore, when applied, T is suggested the
numbers which can be divided exactly by t.
For the related command, see radius scheme
Example
# Allow the real-time accounting request failing to be responded for up to 10 times.
[Quidway-radius-huawei] retry realtime-accounting 10
2.2.19 retry stop-accounting

Syntax
retry stop-accounting retry-times
undo retry stop-accounting
View
RADIUS scheme view
Parameter
retry-times: Specifies the maximal retransmission times after stopping accounting
request,. ranging from 10 to 65535. By default, the value is 500.
Description
Using
retry
stop-accounting
command,
you
can
configure
the
maximal
retransmission times after stopping accounting request . Using undo retry

stop-accounting command, you can restore the retransmission times to the default
value.
Because the stopping accounting request concerns account balance and will affect the
amount of charge, which is very important for both the user and ISP, NAS shall make its
best effort to send the message to RADIUS accounting server. Accordingly, if the
message from the switch to RADIUS accounting server has not been responded, the
switch shall save it in the local buffer and retransmit it until the server responds or
discard the messages after transmitting for specified times.
For the related commands, see reset stop-accounting-buffer , radius scheme,
display stop-accounting-buffer .
Example
# Indicate that, when stopping accounting request for the RADIUS scheme Huawei,
the switch will retransmit the packets for up to 1000 times.
[Quidway-radius-huawei] retry stop-accounting 1000
2-37

2.2.20 secondary accounting

Syntax
secondary accounting ip-address [ port-number ]
undo secondary accounting
View
RADIUS scheme view
Parameter
ip-address: IP address, in dotted decimal format. By default, the IP addresses of
second accounting server is at 0.0.0.0.
port-number: Specifies the UDP port number, ranging from 1 to 65535. By default, the
accounting service is provided via UDP 1813.
Description
Using secondary accounting command, you can configure the IP address and port
number for the second RADIUS accounting server. Using undo secondary
accounting command, you can restore the IP address and port number to default
values.
For detailed information, read the Description of the primary accounting command.
Example
# Set the IP address of the second accounting server of RADIUS scheme, huawei, to
10.110.1.1 and the UDP port 1813 to provide RADIUS accounting service.
[Quidway-radius-huawei] secondary accounting 10.110.1.1 1813
2.2.21 secondary authentication

Syntax
secondary authentication ip-address [ port-number ]
undo secondary authentication
View
RADIUS scheme view
Parameter
ip-address: IP address, in dotted decimal format. By default, the IP addresses of
second authentication/authorization is at 0.0.0.0.

2-38

port-number: Specifies the UDP port number, ranging from 1 to 65535. By default, the
authentication/authorization service is provided via UDP 1812
Description
Using secondary authentication command, you can configure the IP address and
port number for the second RADIUS authentication/authorization. Using undo
secondary authentication command, you can restore the IP address and port number
to default values.
For detailed information, read the Description of the primary authentication
command.
Example
# Set the IP address of the second authentication/authorization server of RADIUS
scheme, huawei, to 10.110.1.2 and the UDP port 1812 to provide RADIUS
authentication/authorization service.
[Quidway-radius-huawei] secondary authentication 10.110.1.2 1812
2.2.22 server-type
Syntax
server-type { huawei | standard }
undo server-type
View
RADIUS scheme view
Parameter
huawei: Configures the switch system to support the RADIUS server of Huawei type,
which requires the RADIUS client end (switch) and RADIUS server to interact
according to the private RADIUS protocol regulation and packet format of Huawei
Technologies Co., Ltd.
standard: Configures the switch system to support the RADIUS server of Standard
type, which requires the RADIUS client end (switch) and RADIUS server to interact
according to the regulation and packet format of standard RADIUS protocol (RFC
2138/2139 or newer).
Description
Using server-type command, you can configure the RADIUS server type supported by
the switch. Using undo server-type command, you can restore the RADIUS server
type to the default setting
2-39

By default, the newly created RADIUS scheme supports the server of standard type,
while the "system" RADIUS scheme created by the system supports the server of
huawei type.
Quidway Series Ethernet Switches support standard RADIUS protocol and the
extended RADIUS service platform developed by Huawei Technologies.
Example
# Set RADIUS server type of RADIUS scheme, huawei to huawei.
[Quidway-radius-huawei] server-type huawei
2.2.23 state
Syntax
state { primary | secondary } { accounting | authentication } { block | active }
View
RADIUS scheme view
Parameter
primary: Configures to set the state of the primary RADIUS server.
secondary: Configures to set the state of the second RADIUS server.
accounting: Configures to set the state of RADIUS accounting server.
authentication: Configures to set the state of RADIUS authentication/authorization.
block: Configures the RADIUS server to be in the state of block.
active: Configures the RADIUS server to be active, namely the normal operation state.
Description
Using state command, you can configure the state of RADIUS server.
By default, all the RADIUS servers in every RADIUS scheme are in the state of block.
For the primary and second servers (no matter an authentication/authorization or an
accounting server), if the primary server is disconnected to NAS for some fault, NAS
will automatically turn to exchange packets with the second server. However, after the
primary one recovers, NAS will not resume the communication with it at once, instead,
it continues communicating with the second one. When the second one fails to
communicate, NAS will turn to the primary one again. This command is used to set the
primary server to be active manually, in order that NAS can communicate with it right
after the troubleshooting.

2-40

When the primary and second servers are all active or block, NAS will send the
packets to the primary server only.
For the related commands, see radius scheme, primary authentication, secondary
authentication, primary accounting, secondary accounting.
Example
# Set the second authentication server of RADIUS scheme, huawei, to be active.
[Quidway-radius-huawei] state secondary authentication active
2.2.24 stop-accounting-buffer enable

Syntax
stop-accounting-buffer enable
undo stop-accounting-buffer enable
View
RADIUS scheme view
Parameter
None
Description
Using stop-accounting-buffer enable command, you can configure to save the
stopping accounting requests without response in the switch system buffer. Using
undo stop-accounting-buffer enable command, you can cancel the function of
saving the stopping accounting requests without response in the switch system buffer.
By default, enable to save the stopping accounting requests in the buffer.
Because the stopping accounting request concerns account balance and will affect the
amount of charge, which is very important for both the user and ISP, NAS shall make its
best effort to send the message to RADIUS accounting server. Accordingly, if the
message from the switch to RADIUS accounting server has not been responded, the
switch shall save it in the local buffer and retransmit it until the server responds or
discard the messages after transmitting for specified times.
For the related commands, see reset stop-accounting-buffer, radius scheme,
display stop-accounting-buffer.
Example
# Indicate that, for the RADIUS scheme Huawei, the switch will save the stopping
accounting request packets in the buffer
[Quidway-radius-huawei] stop-accounting-buffer enable

2-41

2.2.25 timer
Syntax
timer seconds
undo timer
View
RADIUS scheme view
Parameter
seconds: RADIUS server response timeout timer, ranging from 1 to 10 and measured in
seconds. By default, the value is 3.
Description
Using timer command, you can configure RADIUS server response timer. Using undo
timer command, you can restore the default value of the timer.
After RADIUS (authentication/authorization or accounting) request packet has been
transmitted for a period of time, if NAS has not received the response from RADIUS
server, it has to retransmit the message to guarantee RADIUS service for the user. The
period taken is called RADIUS server response timeout time, which is controlled by the
RADIUS server response timeout timer in the switch system. This command is used to
set this timer.
Setting a suitable timer according to the network situation will enhance the system
performance.
For the related commands, see radius scheme, retry.
Example
# Set the response timeout timer of RADIUS scheme, huawei, to 5 seconds.
[Quidway-radius-huawei] timer 5
2.2.26 timer quiet

Syntax
timer quiet minutes
undo timer quiet
View
RADIUS scheme view

2-42

Parameter
minutes: Quiet time interval, ranging from 1 to 255, in minutes. The default value is 5.
Description
Use the timer quiet command to set the quiet time interval after which the primary and
secondary RADIUS servers switch over.
Use the undo timer quiet command to set the quiet time interval to its default value.
The functions of the quiet time interval are as follows:
z
The switch sends RADIUS packets to the primary RADIUS server.
If the switch affirms that the primary server does not respond, it then sends
RADIUS packets to the secondary RADIUS server.
After each quiet time interval, the switch sets the status of the primary RADIUS
server to active, and sends RADIUS packets to it next time.
Example
# Set the quiet time interval of the RADIUS scheme huawei to 3 minutes.
[Quidway] radius scheme huawei
[Quidway-radius-huawei] timer quiet 3
2.2.27 timer realtime-accounting

Syntax
timer realtime-accounting minutes
undo timer realtime-accounting
View
RADIUS scheme view
Parameter
minutes: Real-time accounting interval, ranging from 3 to 60 and measured in minutes.
By default, the value is 12. It must be a multiple of 3.
Description
Using timer realtime-accounting command, you can configure the real-time
accounting interval. Using undo timer realtime-accounting command, you can
restore the default interval.
To implement real-time accounting, it is necessary to set a real-time accounting interval.
After the attribute is set, NAS will transmit the accounting information of online users to
the RADIUS server regularly.

2-43

The value of minute is related to the performance of NAS and RADIUS server. The
smaller the value is, the higher the requirement for NAS and RADIUS server is. When
there are a large amount of users (more than 1000, inclusive), we suggest a larger
value. The following table recommends the ratio of minute value to number of users.
Table 2-2 Recommended ratio of minute to number of users
Number of users
Real-time accounting interval (minute)
1 to 99
100 to 499
500 to 999
12
1000
15
For the related commands, see retry realtime-accounting , radius scheme.
Example
# Set the real-time accounting interval of RADIUS scheme, huawei, to 15 minutes.
[Quidway-radius-huawei] timer realtime-accounting 15
2.2.28 timer response-timeout

Syntax
timer response-timeout seconds
undo timer response-timeout
View
RADIUS scheme view
Parameter
seconds: RADIUS server response timeout timer, ranging from 1 to 10 seconds. By
Description
Using the timer response-timeout command, you can configure the RADIUS server
response timer. Using the undo timer command, you can restore the default.
If the NAS receives no response from the RADIUS server after sending a RADIUS
request (authentication/authorization or accounting request) for a period of time, the
NAS resends the request, thus ensuring the user can obtain the RADIUS service. You
can specify this period by setting the RADIUS server response timeout timer, taking into
consideration the network condition and the desired system performance.
For the related commands, see radius scheme and retry.
2-44

Example
# Set the response timeout timer in the RADIUS scheme huawei to 5 seconds.
[Quidway-radius-huawei] timer response-timeout 5
2.2.29 user-name-format
Syntax
user-name-format { with-domain | without-domain }
View
RADIUS scheme view
Parameter
with-domain: Specifies to send the username with domain name to RADIUS server.
without-domain: Specifies to send the username without domain name to RADIUS
server.
Description
Using user-name-format command, you can configure the username format sent to
RADIUS server.
By default, as for the newly created RADIUS scheme, the username sent to RADIUS
servers includes an ISP domain name; as for the "system" RADIUS scheme created by
the system, the username sent to RADIUS servers excludes the ISP domain name.
The supplicants are generally named in userid@isp-name format. The part following
@ is the ISP domain name. The switch will put the users into certain ISP domains
according to the domain names. However, some earlier RADIUS servers reject the
username including ISP domain name. In this case, the username will be sent to the
RADIUS server after its domain name is removed. Accordingly, the switch provides this
command to decide whether the username to be sent to RADIUS server carries ISP
domain name or not.
Note:
If a RADIUS scheme is configured to reject usernames including ISP domain names,
the RADIUS scheme shall not be simultaneously used in more than one ISP domains.
Otherwise, the RADIUS server will regard two users in different ISP domains as the
same user by mistake, if they have the same username (excluding their respective
domain names.)

2-45

Example
# Specify to send the username without domain name to RADIUS server.
[Quidway-radius-huawei] user-name-format without-domain

2-46
HUAWEI

Command Manual
Reliability
Command Manual - Reliability

Table of Contents
Table of Contents
Chapter 1 VRRP Configuration Commands ............................................................................... 1-1
1.1 VRRP Configuration Commands ....................................................................................... 1-1
1.1.1 debugging vrrp ........................................................................................................ 1-1
1.1.2 display vrrp .............................................................................................................. 1-1
1.1.3 reset vrrp statistics .................................................................................................. 1-3
1.1.4 vrrp authentication-mode ........................................................................................ 1-4
1.1.5 vrrp method ............................................................................................................. 1-5
1.1.6 vrrp ping-enable ...................................................................................................... 1-6
1.1.7 vrrp vrid preempt-mode........................................................................................... 1-7
1.1.8 vrrp vrid priority........................................................................................................ 1-8
1.1.9 vrrp vrid timer .......................................................................................................... 1-8
1.1.10 vrrp vrid track......................................................................................................... 1-9
1.1.11 vrrp vrid virtual-ip................................................................................................. 1-10
Chapter 2 HA Configuration Commands .................................................................................... 2-1
2.1 HA Configuration Commands ............................................................................................ 2-1
2.1.1 display switchover state .......................................................................................... 2-1
2.1.2 slave auto-update config ......................................................................................... 2-1
2.1.3 slave restart............................................................................................................. 2-2
2.1.4 slave switchover ...................................................................................................... 2-3
2.1.5 slave update configuration ...................................................................................... 2-3

i

Chapter 1 VRRP Configuration Commands

1.1 VRRP Configuration Commands
1.1.1 debugging vrrp
Syntax
debugging vrrp { state | packet }
undo debugging vrrp { state | packet }
View
User view
Parameter
state: Debugs VRRP state.
packet: Debugs VRRP packets.
Description
Use the debugging vrrp command to enable the VRRP debugging.
Use the undo debugging vrrp command to disable the VRRP debugging. By default,
the VRRP debugging is disabled.
Example
# Enable VRRP state debugging.
<Quidway> debugging vrrp state
1.1.2 display vrrp

Syntax
display vrrp [ interface vlan-interface interface-num | statistics [ vlan-interface
interface-num ] ] [ virtual-router-ID ]

1-1

View
Any view
Parameter
interface: Displays VRRP information of the specified VLAN interface.
vlan-interface interface-num: Interface name.
statistics: Displays VRRP statistics.
virtual-router-ID: VRRP virtual router ID, ranging from 1 to 255.
Description
Use the display vrrp command to view the information about the VRRP state or VRRP
statistics. If the interface name and virtual router ID are not specified, the state
information about all the virtual routers on the switch will be displayed. If only the
interface name is specified, the state information about all the virtual routers on this
interface will be displayed. If the interface name and virtual router ID are specified, the
state information about the specified virtual router on this interface will be displayed.
If the interface name and virtual router ID are not specified, the statistics about all the
virtual routers on the switch will be displayed. If only the interface name is specified, the
statistics about all the virtual routers on this interface will be displayed. If the interface
name and virtual router ID are specified, the statistics about the specified virtual router
on this interface will be displayed.
Example
# Display the statistics about the virtual router on VLAN-interface 1 of the switch.
[Quidway-Vlan-interface1] display vrrp statistics
[Quidway-Vlan-interface1] display vrrp statistics
Interface
: Vlan-interface10
VRID
: 1
CheckSum Errors
: 0
Version Errors
: 0
VRID Errors
: 0
Advertisement Interval Errors
: 0
IP TTL Errors
: 0
Auth Failures
: 0
Invalid Auth Type
: 0
Auth Type Mismatch
: 0
Packet Length Errors
: 0
Address List Errors
: 0
Become Master
: 2
Priority Zero Pkts Rcvd
: 0
Advertise Rcvd
: 0
Priority Zero Pkts Sent
: 1
Invalid Type Pkts Rcvd : 0

1-2

Table 1-1 Field description of the display vrrp statistics command

Field
Description
Interface
Interface in which virtual router resides
VRID
Virtual router ID
CheckSum Errors
Times of checksum error
Version Errors
Times of version error
VRID Errors
Times of virtual router ID error
Advertisement Interval Errors
Times of advertisement time interval error
IP TTL Errors
Times of TTL error
Auth Failures
Times of authentication error
Invalid Auth Type
Times of invalid authentication type
Auth Type Mismatch
Mismatched times of authentication type
Packet Length Errors
Times of VRRP packet length error
Address List Errors
Times of the virtual IP address list error
Become Master
Times of becoming a master
Priority Zero Pkts Rcvd
Number of the received advertisement packets

with the priority of 0
Advertise Rcvd
Number of the received advertisement packets
Priority Zero Pkts Sent
Number of the sent advertisement packets with

the priority of 0
Invalid Type Pkts Rcvd
Times of packet type error
1.1.3 reset vrrp statistics

Syntax
reset vrrp statistics [ vlan-interface interface-num [ virtual-router-ID ] ]
View
User view
Parameter
statistics: Displays VRRP statistics.
vlan-interface interface-num: Interface name.

1-3

Description
Use the reset vrrp statistics command to clear the statistics information about VRRP.
If the interface name and virtual router ID are not specified, the statistics information
about all the virtual routers on the switch will be cleared. If only the interface name is
specified, the statistics information about all the virtual routers on this interface will be
cleared. If the interface name and virtual router ID are specified, the statistics
information about the specified virtual router on this interface will be cleared.
Example
# Clear the VRRP statistics on the switch.
<Quidway> reset vrrp statistics
1.1.4 vrrp authentication-mode

Syntax
vrrp authentication-mode authentication-type authentication-key
undo vrrp authentication-mode
View
VLAN interface view
Parameter
authentication-type: Authentication type. There are following types:
z
simple: Indicates to perform simple character authentication.
md5: Indicates to perform the AH authentication with MD5 algorithm.
authentication-key: Authentication key, the key cannot exceed 8 characters.
Description
Use the vrrp authentication-mode command to configure the authentication type and
a key of a specified VRRP virtual router.
Use the undo vrrp authentication-mode command to clear the authentication type
and the key of a specified VRRP virtual router.
If the simple or md5 authentication is configured, it is required to set the authentication
key.
1-4

This command is used to configure the authentication type and key for all the VRRP
virtual routers on an interface. As defined in the protocol, all the virtual routers on an
interface shall use the same authentication type and key. And all the members joining
the same virtual router shall also use the same authentication type and key.
The authentication key is case sensitive.
Example
# Specify the authentication type and key for a VRRP virtual router.
[Quidway-vlan-interface2] vrrp authentication-mode simple huawei
1.1.5 vrrp method

Syntax
vrrp method { real-mac | virtual-mac }
undo vrrp method
View
System view
Parameter
real-mac: Uses the real MAC address of the interface to match the virtual IP address of
the virtual router in VRRP backup.
virtual-mac: Uses the virtual MAC address of the interface to match the virtual IP
address of the virtual router in VRRP backup.
Description
Use the vrrp method command to set correspondence between the MAC address and
the virtual IP address of the virtual router: matching the real or virtual MAC address with
the virtual IP address.
Use the undo vrrp method command to reset the correspondence to the default value.
By default, the switch matches the virtual MAC address with the virtual IP address of
the virtual router.
Due to the chips installed, some switches support matching one IP address of a routing
interface to multiple MAC addresses. Then you may configure correspondence
between the virtual IP address of the virtual router and the real/virtual MAC address.

1-5

You should set correspondence between the virtual IP address of the virtual router and
the MAC address before configuring the virtual router. Otherwise, you cannot configure
the correspondence.
If the virtual MAC address using the routing interface of the switch matches with the
virtual IP address of the virtual router, only one virtual router can be configured on the
VLAN interface.
Example
# Set the real MAC address of the interface match the virtual IP address of the virtual
router.
[Quidway] vrrp method real-mac
1.1.6 vrrp ping-enable

Syntax
vrrp ping-enable
undo vrrp ping-enable
View
System view
Parameter
None
Description
Use the vrrp ping-enable command to enable the function to ping the virtual IP
address of the virtual router.
Use the undo vrrp ping-enable command to disable the function to ping the virtual IP
address of the virtual router.
By default, the ping function is disabled.
You can only use the commands before configuring the virtual router.
Example
# Enable the function to ping the virtual IP address of the virtual router.
[Quidway] vrrp ping-enable
1-6

1.1.7 vrrp vrid preempt-mode

Syntax
vrrp vrid virtual-router-ID preempt-mode [ timer delay delay-value ]
undo vrrp vrid virtual-router-ID preempt-mode
View
VLAN interface view
Parameter
delay-value: Delay time, in seconds, ranging from 0 to 255.
Description
Use the vrrp vrid preempt-mode command to configure the preemption and delay of
the virtual router.
Use the undo vrrp vrid preempt-mode command to cancel the preemption.
By default, virtual router is in preempt-mode and delay-value is 0 second.
If a higher-priority switch is required to preempt the master, you need configure it as
preemption. You can also set a delay for the preemption. If you configure it not to
preempt, the delay will be set to 0 automatically.
Example
# Configure the switch to preempt.
[Quidway-vlan-interface2] vrrp vrid 1 preempt-mode
# Set a delay.
[Quidway-vlan-interface2] vrrp vrid 1 preempt-mode timer delay 5
# Configure the switch not to preempt.
[Quidway-vlan-interface2] undo vrrp vrid 1 preempt-mode

1-7

1.1.8 vrrp vrid priority

Syntax
vrrp vrid virtual-router-ID priority priority
undo vrrp vrid virtual-router-ID priority
View
VLAN interface view
Parameter
priority: Priority value, ranging from 1 to 254; By default, the priority value is 100.
Description
Use the vrrp vrid priority command to configure the virtual router priority.
Use undo vrrp vrid priority command to clear the virtual router priority.
The priority decides the status of a switch in the virtual router. A higher-priority switch is
more likely to be a master. Priority 0 is reserved for some special purpose. The value
255 is reserved for the IP address owner. The priority of the IP address owner is always
255 and cannot be modified.
Example
# Set the virtual router priority on VLAN-interface2 to 120.
[Quidway-vlan-interface2] vrrp vrid 1 priority 120
1.1.9 vrrp vrid timer

Syntax
vrrp vrid virtual-router-ID timer advertise adver-interval
undo vrrp vrid virtual-router-ID timer advertise
View
VLAN interface view

1-8

Parameter
adver-interval: VRRP packet interval of the master in the virtual router, in seconds,
ranging from 1 to 255; By default, the value is 1 second.
Description
Use the vrrp vrid timer advertise command to set the VRRP packet interval of the
master in the virtual router.
Use the undo vrrp vrid timer advertise command to restore to the default value.
You are required to set the identical timer value for the switches in the same virtual
router to avoid improper configuration.
Example
# Configure the master to transmit VRRP packets every 15 seconds.
[Quidway-vlan-interface2] vrrp vrid 1 timer advertise 15
1.1.10 vrrp vrid track

Syntax
vrrp vrid virtual-router-ID track interface-type interface-num [ reduced
value-reduced ]
undo vrrp vrid virtual-router-ID track interface-type interface-num [ reduced
value-reduced ]
View
VLAN interface view,Ethernet interface view
Parameter
interface-type interface-num: Tracked interface.
value-reduced: Reduced value of priority, ranging from 1 to 255; By default, the
reduced value of priority is 10.

1-9

Description
Use the vrrp vrid track command to configure tracking of the interface.
Use the undo vrrp vrid track command to stop tracking the interface.
VRRP interface track expends the backup function, which thereby can be implemented
not only when the switch fails, but also when a network interface is down. You can use
this command to track or stop tracking an interface or all the interfaces. After the
configuration of the interface tracking, the priority of the switch will be reduced, if the
tracked interface turns down. Accordingly, some other switch in the virtual router will
have the comparatively highest priority and become the new master, thereby
implementing the backup function. The IP address owner does not allow the
configuration of interface tracking.
Note:
z
The monitored physical port may be contained in the VLAN of the VLAN interface
the backup group belongs to.
When the switch is an IP address owner, its interfaces cannot be tracked.
If a tracked port becomes up, the priority level of the corresponding switch will
resume automatically.
Each virtual router can track up to eight ports.
Example
# Configure to track interface vlan-interface1 on interface vlan-interface2; and when the
vlan-interface1 becomes down, the priority of the virtual router 1 on interface
vlan-interface2 reduces 50.
[Quidway-vlan-interface2] vrrp vrid 1 track vlan-interface 1 reduced 50
1.1.11 vrrp vrid virtual-ip

Syntax
vrrp vrid virtual-router-ID virtual-ip virtual-address
undo vrrp vrid virtual-router-ID [ virtual-ip virtual-address ]
View
VLAN interface view
1-10

Parameter
virtual-address: Virtual IP address.
Description
Use the vrrp vrid virtual-ip command to add a virtual IP address to an existing virtual
router.
Use the undo vrrp vrid virtual-ip command to delete an existing virtual IP address
from the virtual router.
You can use this command to create a virtual router, and add a virtual IP address into
an existing virtual router. A virtual router supports up to 16 virtual IP addresses. You can
use the undo vrrp vrid virtual-ip command to remove an existing virtual router, or
delete an address from this virtual router. If no virtual IP address is in the virtual router,
then the system will automatically remove this virtual router.
Example
# Create a virtual router.
[Quidway-vlan-interface2] vrrp vrid 1 virtual-ip 10.10.10.10
# Add a virtual IP address to an existing virtual router.
[Quidway-vlan-interface2] vrrp vrid 1 virtual-ip 10.10.10.11
# Delete a virtual IP address.
[Quidway-vlan-interface2] undo vrrp vrid 1 virtual-ip 10.10.10.10
# Delete a virtual router.
[Quidway-vlan-interface2] undo vrrp vrid 1

1-11

Chapter 2 HA Configuration Commands

2.1 HA Configuration Commands
2.1.1 display switchover state
Syntax
display switchover state [ slot-id ]
View
Any view
Parameter
slot-id: Slot number of master/slave board.
Description
Use the display switchover state command to display the backup status of
master/slave board.
This command displays the backup state of master/slave board according to the
specified slot number. If the slot-id is not specified, the status of master board will be
displayed.
Example
# Display the status of master board.
<Quidway> display switchover state
HA FSM State(master): Slave is absent.
2.1.2 slave auto-update config

Syntax
slave auto-update config
undo slave auto-update config

2-1

View
System view
Parameter
None
Description
Use slave auto-update config command to enable the automatic synchronous switch
between the master/slave systems.
Use the undo slave auto-update config command to disable the automatic
synchronous switch.
By default, the automatic synchronous switch is enabled.
For the related command, see slave update config.
Example
# Enable automatic synchronous switch between master/slave systems.
[Quidway] slave auto-update config
2.1.3 slave restart

Syntax
slave restart
View
User view
Parameter
None
Description
Use the slave restart command to restart the slave board.
When the application of the backup system operates unmorally and requires for
reloading the applications, you can use this command to restart the slave board.

2-2

Example
# Restart the slave board.
<Quidway> slave restart
The slave will reset! Continue?[Y/N]:y
2.1.4 slave switchover

Syntax
slave switchover
View
User view
Parameter
None
Description
Use the slave switchover command to perform master/slave switchover manually.
When the slave board operates normally and the master board is in the real-time
backup state, if you want the slave board to be the master board to ensure the
operation of the system, you can use this command to implement master/slave
switchover. After that, the slave board becomes the new master board and controls the
system, and the original master board restarts automatically.
Example
# Perform master/slave switchover manually.
<Quidway> slave switchover
Caution!!! Confirm switch slave to master[Y/N]?y
Starting.....
RAM Line....OK
2.1.5 slave update configuration

Syntax
slave update configuration

2-3

View
User view
Parameter
None
Description
Use the slave update configuration command to synchronise the configurations files
on master/slave board.
You can use this command to manually synchronize the configuration files on the
master board to the slave board.
Example
# Synchronize the configuration files on the master board to the slave board.
<Quidway> slave update configuration
Now saving the current configuration to the slave board.
Please wait...
The configuration has been saved to the slave board successfully.

2-4
HUAWEI

Command Manual
System Management
Command Manual - System Management

Table of Contents
Table of Contents
Chapter 1 File System Management Commands ....................................................................... 1-1
1.1 File System ........................................................................................................................ 1-1
1.1.1 cd............................................................................................................................. 1-1
1.1.2 copy......................................................................................................................... 1-2
1.1.3 delete....................................................................................................................... 1-2
1.1.4 dir ............................................................................................................................ 1-3
1.1.5 execute.................................................................................................................... 1-4
1.1.6 file prompt................................................................................................................ 1-5
1.1.7 fixdisk ...................................................................................................................... 1-5
1.1.8 format ...................................................................................................................... 1-6
1.1.9 mkdir........................................................................................................................ 1-7
1.1.10 more ...................................................................................................................... 1-7
1.1.11 move...................................................................................................................... 1-8
1.1.12 pwd........................................................................................................................ 1-8
1.1.13 rename .................................................................................................................. 1-9
1.1.14 reset recycle-bin .................................................................................................. 1-10
1.1.15 rmdir .................................................................................................................... 1-10
1.1.16 undelete............................................................................................................... 1-11
1.2 Configuration File Management Commands ................................................................... 1-12
1.2.1 display current-configuration ................................................................................. 1-12
1.2.2 display saved-configuration................................................................................... 1-17
1.2.3 display this............................................................................................................. 1-19
1.2.4 display startup ....................................................................................................... 1-19
1.2.5 reset saved-configuration...................................................................................... 1-20
1.2.6 save....................................................................................................................... 1-21
1.2.7 startup saved-configuration................................................................................... 1-22
1.3 FTP Server Configuration Commands............................................................................. 1-22
1.3.1 display ftp-server ................................................................................................... 1-22
1.3.2 display ftp-user ...................................................................................................... 1-23
1.3.3 ftp server ............................................................................................................... 1-24
1.3.4 ftp timeout.............................................................................................................. 1-24
1.4 FTP Client Commands .................................................................................................... 1-25
1.4.1 ascii ....................................................................................................................... 1-25
1.4.2 binary..................................................................................................................... 1-25
1.4.3 bye......................................................................................................................... 1-26
1.4.4 cd........................................................................................................................... 1-26
1.4.5 cdup....................................................................................................................... 1-27
1.4.6 close ...................................................................................................................... 1-27
i

Table of Contents
1.4.7 debugging.............................................................................................................. 1-28

1.4.8 delete..................................................................................................................... 1-28
1.4.9 dir .......................................................................................................................... 1-29
1.4.10 disconnect ........................................................................................................... 1-30
1.4.11 ftp ........................................................................................................................ 1-30
1.4.12 get ....................................................................................................................... 1-31
1.4.13 lcd........................................................................................................................ 1-31
1.4.14 ls.......................................................................................................................... 1-32
1.4.15 mkdir.................................................................................................................... 1-33
1.4.16 open .................................................................................................................... 1-33
1.4.17 passive ................................................................................................................ 1-34
1.4.18 put ....................................................................................................................... 1-35
1.4.19 pwd...................................................................................................................... 1-35
1.4.20 quit....................................................................................................................... 1-36
1.4.21 remotehelp .......................................................................................................... 1-36
1.4.22 rmdir .................................................................................................................... 1-37
1.4.23 user ..................................................................................................................... 1-37
1.4.24 verbose................................................................................................................ 1-38
1.5 TFTP Configuration Commands ...................................................................................... 1-38
1.5.1 tftp get ................................................................................................................... 1-38
1.5.2 tftp put ................................................................................................................... 1-39
1.5.3 tftp-server acl......................................................................................................... 1-39
Chapter 2 MAC Address Table Management Commands ......................................................... 2-1
2.1 MAC Address Table Management Commands ................................................................. 2-1
2.1.1 bridgemactocpu....................................................................................................... 2-1
2.1.2 display mac-address aging-time ............................................................................. 2-1
2.1.3 display mac-address ............................................................................................... 2-2
2.1.4 mac-address............................................................................................................ 2-3
2.1.5 mac-address max-mac-count.................................................................................. 2-4
2.1.6 mac-address timer .................................................................................................. 2-5
Chapter 3 Device Management Commands ............................................................................... 3-1
3.1 Device Management Commands ...................................................................................... 3-1
3.1.1 boot boot-loader ...................................................................................................... 3-1
3.1.2 boot bootrom ........................................................................................................... 3-2
3.1.3 bootrom-update security-check enable................................................................... 3-3
3.1.4 display backboard view ........................................................................................... 3-4
3.1.5 display boot-loader.................................................................................................. 3-4
3.1.6 display cpu .............................................................................................................. 3-5
3.1.7 display device.......................................................................................................... 3-5
3.1.8 display environment ................................................................................................ 3-7
3.1.9 display fan ............................................................................................................... 3-7
3.1.10 display memory ..................................................................................................... 3-8
ii

Table of Contents
3.1.11 display power ........................................................................................................ 3-9

3.1.12 display schedule reboot ........................................................................................ 3-9
3.1.13 display uplink monitor.......................................................................................... 3-10
3.1.14 pause-protection ................................................................................................. 3-10
3.1.15 product ................................................................................................................ 3-11
3.1.16 qe monitor ........................................................................................................... 3-12
3.1.17 qe monitor errpkt ................................................................................................. 3-13
3.1.18 qe monitor errpkt check-time............................................................................... 3-14
3.1.19 qe monitor overflow-threshold............................................................................. 3-14
3.1.20 reboot .................................................................................................................. 3-15
3.1.21 rdram ................................................................................................................... 3-15
3.1.22 schedule reboot at............................................................................................... 3-16
3.1.23 schedule reboot delay ......................................................................................... 3-17
3.1.24 set backboard view ............................................................................................. 3-18
3.1.25 temperature-limit ................................................................................................. 3-19
Chapter 4 System Maintenance Commands .............................................................................. 4-1
4.1 Basic System Configuration and Management Commands.............................................. 4-1
4.1.1 clock datetime ......................................................................................................... 4-1
4.1.2 clock summer-time .................................................................................................. 4-1
4.1.3 clock timezone......................................................................................................... 4-3
4.1.4 sysname .................................................................................................................. 4-3
4.2 System Status and System Information Display Commands ............................................ 4-4
4.2.1 display clock ............................................................................................................ 4-4
4.2.2 display debugging ................................................................................................... 4-5
4.2.3 display users ........................................................................................................... 4-5
4.2.4 display version......................................................................................................... 4-6
4.3 System Debug Commands................................................................................................ 4-7
4.3.1 debugging................................................................................................................ 4-7
4.3.2 display diagnostic-information................................................................................. 4-8
4.4 Network Connection Test Commands ............................................................................... 4-9
4.4.1 ping.......................................................................................................................... 4-9
4.4.2 tracert .................................................................................................................... 4-11
4.5 Log Commands................................................................................................................ 4-13
4.5.1 display channel...................................................................................................... 4-13
4.5.2 display info-center ................................................................................................. 4-13
4.5.3 display logbuffer .................................................................................................... 4-14
4.5.4 display logbuffer summary .................................................................................... 4-16
4.5.5 Syntax ................................................................................................................... 4-16
4.5.6 info-center channel name...................................................................................... 4-17
4.5.7 info-center console channel .................................................................................. 4-18
4.5.8 info-center enable ................................................................................................. 4-19
4.5.9 info-center logbuffer .............................................................................................. 4-19
iii

Table of Contents
4.5.10 info-center loghost............................................................................................... 4-20

4.5.11 info-center loghost source................................................................................... 4-21
4.5.12 info-center monitor channel................................................................................. 4-22
4.5.13 info-center snmp channel.................................................................................... 4-22
4.5.14 info-center source ............................................................................................... 4-23
4.5.15 info-center timestamp.......................................................................................... 4-26
4.5.16 info-center trapbuffer........................................................................................... 4-27
4.5.17 reset logbuffer ..................................................................................................... 4-27
4.5.18 reset trapbuffer .................................................................................................... 4-28
4.5.19 terminal debugging.............................................................................................. 4-28
4.5.20 terminal logging ................................................................................................... 4-29
4.5.21 terminal monitor .................................................................................................. 4-29
4.5.22 terminal trapping ................................................................................................. 4-30
Chapter 5 SNMP Configuration Commands ............................................................................... 5-1
5.1 SNMP Configuration Commands....................................................................................... 5-1
5.1.1 display snmp-agent community............................................................................... 5-1
5.1.2 display snmp-agent ................................................................................................. 5-1
5.1.3 display snmp-agent group....................................................................................... 5-2
5.1.4 display snmp-agent mib-view.................................................................................. 5-3
5.1.5 display snmp-agent statistics .................................................................................. 5-5
5.1.6 display snmp-agent sys-info contact....................................................................... 5-7
5.1.7 display snmp-agent sys-info location ...................................................................... 5-7
5.1.8 display snmp-agent sys-info version ....................................................................... 5-8
5.1.9 display snmp-agent usm-user ................................................................................. 5-8
5.1.10 enable snmp trap .................................................................................................. 5-9
5.1.11 snmp-agent local-engineid .................................................................................. 5-10
5.1.12 snmp-agent community....................................................................................... 5-11
5.1.13 snmp-agent group ............................................................................................... 5-11
5.1.14 snmp-agent mib-view .......................................................................................... 5-12
5.1.15 snmp-agent packet max-size .............................................................................. 5-13
5.1.16 snmp-agent sys-info............................................................................................ 5-14
5.1.17 snmp-agent target-host ....................................................................................... 5-15
5.1.18 snmp-agent trap enable ...................................................................................... 5-16
5.1.19 snmp-agent trap life ............................................................................................ 5-17
5.1.20 snmp-agent trap queue-size ............................................................................... 5-17
5.1.21 snmp-agent trap source ...................................................................................... 5-18
5.1.22 snmp-agent usm-user ......................................................................................... 5-19
5.1.23 undo snmp-agent ................................................................................................ 5-20
Chapter 6 RMON Configuration Commands .............................................................................. 6-1
6.1 RMON Configuration Commands ...................................................................................... 6-1
6.1.1 display rmon alarm.................................................................................................. 6-1
6.1.2 display rmon event .................................................................................................. 6-2
iv

Table of Contents
6.1.3 display rmon eventlog ............................................................................................. 6-3

6.1.4 display rmon history ................................................................................................ 6-4
6.1.5 display rmon prialarm.............................................................................................. 6-5
6.1.6 display rmon statistics ............................................................................................. 6-7
6.1.7 rmon alarm .............................................................................................................. 6-8
6.1.8 rmon event .............................................................................................................. 6-9
6.1.9 rmon history........................................................................................................... 6-10
6.1.10 rmon prialarm ...................................................................................................... 6-11
6.1.11 rmon statistics ..................................................................................................... 6-12
Chapter 7 NTP Configuration Commands .................................................................................. 7-1
7.1 NTP Configuration Commands.......................................................................................... 7-1
7.1.1 debugging ntp-service............................................................................................. 7-1
7.1.2 display ntp-service sessions ................................................................................... 7-2
7.1.3 display ntp-service status........................................................................................ 7-2
7.1.4 display ntp-service trace ......................................................................................... 7-4
7.1.5 ntp-service access .................................................................................................. 7-4
7.1.6 ntp-service authentication enable ........................................................................... 7-5
7.1.7 ntp-service authentication-keyid.............................................................................. 7-6
7.1.8 ntp-service broadcast-client .................................................................................... 7-6
7.1.9 ntp-service broadcast-server................................................................................... 7-7
7.1.10 ntp-service disable ................................................................................................ 7-8
7.1.11 ntp-service in-interface disable ............................................................................. 7-8
7.1.12 ntp-service max-dynamic-sessions ....................................................................... 7-9
7.1.13 ntp-service multicast-client.................................................................................. 7-10
7.1.14 ntp-service multicast-server ................................................................................ 7-10
7.1.15 ntp-service refclock-master ................................................................................. 7-11
7.1.16 ntp-service reliable authentication-keyid............................................................. 7-12
7.1.17 ntp-service source-interface................................................................................ 7-13
7.1.18 ntp-service unicast-peer...................................................................................... 7-14
7.1.19 ntp-service unicast-server ................................................................................... 7-15
Chapter 8 SSH Configuration Commands .................................................................................. 8-1
8.1 SSH Configuration Commands.......................................................................................... 8-1
8.1.1 debugging ssh server.............................................................................................. 8-1
8.1.2 display rsa local-key-pair public .............................................................................. 8-2
8.1.3 display rsa peer-public-key ..................................................................................... 8-2
8.1.4 display ssh server ................................................................................................... 8-3
8.1.5 display ssh user-information ................................................................................... 8-4
8.1.6 peer-public-key end................................................................................................. 8-5
8.1.7 protocol inbound...................................................................................................... 8-5
8.1.8 public-key-code begin ............................................................................................. 8-6
8.1.9 public-key-code end ................................................................................................ 8-7
8.1.10 rsa local-key-pair create........................................................................................ 8-8
v

Table of Contents
8.1.11 rsa local-key-pair destroy ...................................................................................... 8-9

8.1.12 rsa peer-public-key.............................................................................................. 8-10
8.1.13 ssh server authentication-retries ......................................................................... 8-10
8.1.14 ssh server rekey-interval ..................................................................................... 8-11
8.1.15 ssh server timeout............................................................................................... 8-11
8.1.16 ssh user assign rsa-key ...................................................................................... 8-12
8.1.17 ssh user username authentication-type .............................................................. 8-13

vi

Chapter 1 File System Management Commands

1.1 File System
Note:
S6506R supports master board and slave board. The two boards both have file system.
User can operate the file on the two boards. In the case user operate the file on slave
board, the file directory or URL should be started with slot[No.]#flash:, the [No.] is the
slave board number. For example, suppose slot 1 is slave board, text.txt file URL on
slave board should be slot1#flash:/text.txt.
1.1.1 cd
Syntax
cd directory
View
User view
Parameter
directory: Destination directory; By default, the directory is the working path configured
by the user when the system starts.
Description
Using cd command, you can change the current user configuration path on the
Ethernet Switch.
Example
# Change the current working directory of the switch to flash.
<Quidway>cd flash:
<Quidway>pwd
flash:

1-1

1.1.2 copy
Syntax
copy fileurl-source fileurl-dest
View
User view
Parameter
fileurl-source: Source file name.
fileurl-dest: Destination file name.
Description
Using copy command, you can copy a file.
When the destination filename is the same as that of an existing file, the system will ask
whether to overwrite it.
Example
# Display current directory information.
<Quidway> dir
Directory of unit1>flash:/
0
-rw-
595
Jul 12 2001 19:41:50
test.txt
31877 KB total (1171 KB free)
# Copy the file test.txt and saves it as test.bak.

<Quidway> copy test.txt test.bak
Copy unit1>flash:/test/test.txt to unit1>flash:/test/test.bak ?[Y/N]:y
%Copy file unit1>flash:/test/test.txt unit1>flash:/test/test.bak
# Display current directory information.

<Quidway> dir
Directory of unit1>flash:/
0
-rw-
595
Jul 12 2001 19:41:50
test.txt
-rw-
595
Jul 12 2001 19:46:50
test.bak
1.1.3 delete
Syntax
delete [ /unreserved ] file-url

1-2

View
User view
Parameter
file-url: path and name of the file you want to delete.
Description
Using delete command, you can cancel a specified file from the storage device of the
Ethernet Switch.
The deleted files are kept in the recycle bin and will not be displayed when you use the
dir command. However they will be displayed when you use the dir /all command.
The files deleted by the delete command can be recovered with the undelete
command or deleted permanently from the recycle bin, using the reset recycle-bin
command.
Note that, if two files with the same name in a directory are deleted, only the latest
deleted file will be kept in the recycle bin.
Example
# Delete the file flash:/test/test.txt
<Quidway> delete flash:/test/test.txt
Delete flash:/test/test.txt?[Y/N]:
1.1.4 dir
Syntax
dir [ /all ] [ file-url ]
View
User view
Parameter
/all: Display all the files (including the deleted ones).
file-url: File or directory name to be displayed. The file-url parameter supports *
matching. For example, using dir *.txt will display all the files with the extension txt in
the current directory.; By default, display the file information in current path.
Description
Using dir command, you can view the information about the specified file or directory in
storage device of Ethernet Switch.

1-3

Example
# Display the information about the file flash:/test/test.txt
<Quidway> dir flash:/test/test.txt
Directory of flash:/
-rw-
248
Sep 26 2005 09:55:33
test.txt
# Display information of directory flash:/hello/

<Quidway> dir flash:/hello/
0
-rw-
119401
Apr 04 2005 20:12:05
vrpcfg.cfg
-rw-
Apr 04 2005 20:13:47
[snmpboots]
Note:
In the output information of dir/all command, as a hint, the name of each deleted file
kept in the recycle bin is in a square bracket.
1.1.5 execute
Syntax
execute filename
View
System view
Parameter
filename: The name of the batch file, ranging from 1 to 256, with a suffix of .bat.
Description
Using the execute command, you can execute the specified batch file.
During the operation of the switch, it may common for you to use the same command to
check or maintain the device. In this case, you can write these commonly used
commands into a batch file, and then you just need to use the execute command to run
the file.
Note that:

1-4

z
There should be no invisible character in the batch file. If invisible characters are
found, the batch command will quit the current execution without back off
operation.
The contents of the batch file must be the standard command lines. If not, the
system prompts you the failure as you enter the wrong command in the CLI.
The execute command cannot be executed as nested, that is, a batch file cannot
contain another batch file.
Example
# Execute the batch file test.bat in the directory of flash:/.
[Quidway] execute test.bat
1.1.6 file prompt

Syntax
file prompt { alert | quiet }
View
System view
Parameter
alert: Perform interactive confirmation on dangerous file operations; The default value
is alert, which configures to perform interactive confirmation on dangerous file
operations.
quiet: Do not prompt for the file operations.
Description
Using file prompt command, you can modify prompt modes of the file operation on the
Ethernet switch.
If the prompt mode is set as quiet, that is, no prompt for file operations, some
non-recoverable operations may lead to system damage.
Example
# Configure the prompt mode of file operation as quiet.
[Quidway] file prompt quiet
1.1.7 fixdisk
Syntax
fixdisk device

1-5

View
User view
Parameter
device: device name.
Description
Using fixdisk command, you can restore the space of storage device.
The space may be unavailable caused by exceptional operation. User can use fixdisk
command to restore the space.
Example
# restore the space of Flash.
<Quidway> fixdisk flash:
Fixdisk flash: may take some time to complete.
%Fixdisk unit1>flash: completed.
1.1.8 format
Syntax
format filesystem
View
User view
Parameter
filesystem: Device name.
Description
Using format command, you can format the storage device.
Format operation will cause non-recoverable loss of all the files on the device. Specially,
configuration files will be lost after formatting the flash memory.
Example
# Format flash:.
<Quidway> format flash:
All data on Flash will be lost , proceed with format ? [Y/N] y
% Now begin to format flash, please wait for a while...
Format winc: completed

1-6

1.1.9 mkdir
Syntax
mkdir directory
View
User view
Parameter
directory: Directory name.
Description
Using mkdir command, you can create directory in the specified directory on the
storage device.
The directory to be created cannot have the same name as that of other directory or file
in the specified directory.
Example
# Create the directory dd.
<Quidway> mkdir dd
.
%Created dir flash:/dd.
1.1.10 more
Syntax
more file-url
View
User view
Parameter
file-url: File name.
Description
Using more command, you can view content of specified file.The extension name of
the specified file must be txt or cfg.
At present, file system can display files in the text format.
Example
# Display contents of file test.txt.
1-7

<Quidway> more test.txt

The file is for test only.
<Quidway>
1.1.11 move
Syntax
move fileurl-source fileurl-dest
View
User view
Parameter
Description
Using move command, you can move files.
When the destination filename is the same as that of an existing file, the system will ask
whether to overwrite it.
Example
# Move flash:/test/sample.txt to flash:/sample.txt.
<Quidway> move flash:/test/sample.txt flash:/sample.txt
Move flash:/test/sample.txt to flash:/sample.txt ?[Y/N]:y
%Moved file flash:/test/sample.txt to flash:/sample.txt
1.1.12 pwd
Syntax
pwd
View
User view
Parameter
none
Description
Using pwd command, you can view the current path.

1-8

Error may occur without setting the current path.
Example
# Display the current path.
<Quidway> pwd
flash:
1.1.13 rename
Syntax
rename fileurl-source fileurl-dest
View
User view
Parameter
Description
Using rename command, you can rename a file.
If the destination file name is the same as an existing directory name or file name,
operation fails and prompt Duplicate file name or file in use.
Example
# Display the current directory information.
<Quidway> dir
-rw-
412757
Sep 26 2005 14:49:24
vrpcfg.cfg
-rw-
248
Sep 26 2005 10:01:16
sample.txt
# Rename the file sample.txt with sample.bak.

<Quidway> rename sample.txt sample.bak
Rename unit1>flash:/sample.txt to unit1>flash:/sample.bak ?[Y/N]:y
%Renamed file unit1>flash:/sample.txt to unit1>flash:/sample.bak
# Display the directory after renaming sample.txt with sample.bak.

<Quidway> dir

1-9

-rw-
412757
Sep 26 2005 14:49:24
vrpcfg.cfg
-rw-
248
Sep 26 2005 10:01:16
sample.bak
1.1.14 reset recycle-bin

Syntax
reset recycle-bin file-url
View
User view
Parameter
file-url: The name of the file to be deleted.
Description
Using reset recycle-bin command, you can permanently delete files from the recycle
bin.
The delete command only puts the file into the recycle bin, but reset recycle-bin
command will delete this file permanently.
Example
# Delete the file from the recycle bin.
<Quidway> reset recycle-bin flash:/p1h_logic.out
Clear flash:/plh_logic.out? [Y/N]:y
Clearing files from flash may take a long time. Please wait.
%Cleared file unit1>flash:/~/ plh_logic.out.
1.1.15 rmdir
Syntax
rmdir directory
View
User view
Parameter
directory: Directory name.

1-10

Description
Using rmdir command, you can cancel a directory.
The directory to be deleted must be empty.
Note that : After you execute rmdir command, the file originally belonging to the
directory is deleted automatically in the recycle bin.
Example
# Delete the directory hello.
<Quidway> rmdir hello
The files in the recycle-bin under this directory will be deleted permanently,
Remove flash:/hj?[Y/N]:y
...
%Removed directory flash:/ hello.
1.1.16 undelete
Syntax
undelete file-url
View
User view
Parameter
file-url: The name of the file to be recovered.
Description
Using undelete command, you can recover deleted file.
The file name to be recovered cannot be the same as an existing directory name. If the
destination file name is the same as an existing file name, prompt whether to overwrite.
Example
# Recover the deleted file sample.bak.
<Quidway> undelete sample.bak
Undelete flash:/sample.bak ?[Y/N]:y
%Undeleted file flash:/sample.bak

1-11

1.2 Configuration File Management Commands

1.2.1 display current-configuration
Syntax
display
current-configuration
controller
interface
interface-type
[ interface-number ] | configuration [ configuration ] | vlan [ vlan-id ] ] [ | { begin |

exclude | include } regular-expression ]
View
Any view
Parameter
controller: View the configuration information of controllers.
interface: View the configuration information of interfaces.
interface-type: Type of the interface, may be Aux, GigabitEthernet, NULL,
Vlan-interface, M-Ethernet, | ( Matching output ).
interface-number: Number of the interface.
configuration configuration: View the pre-positive and post-positive configuration
information. The value of configuration is the key word of the configuration, such as:
z
acl-adv: View the configuration information of advanced ACL.
ospf: View the configuration information of OSPF.
system: View the configuration information of sysname.
timerange: View the configuration information of time range.
user-interface: View the configuration information of user-interface.
vlan-id: The VLAN ID.

|: Filter the configuration information to be output via regular expression.
begin: Begin with the line that matches the regular expression.
exclude: Exclude lines that match the regular expression.
include: Include lines that match the regular expression.
regular-expression: Define the regular expression.
Description
Using display current-configuration command, you can display the currently
effective configuration parameters of the switch.
By default, if some running configuration parameters are the same with the default
operational parameters, they will not be displayed.
If a user needs to authenticate whether the configurations are correct after finishing a
set of configuration, the display current-configuration command can be used to
1-12

display the running parameters. Although the user has configured some parameters,
but the related functions are not effective, they are not displayed.
When there is much configuration information, you can use the regular expression to
filter the output information. For specific rules about the regular expression, refer to the
corresponding operation manual.
For the related command, see save, reset saved-configuration and display
saved-configuration.
Example
# View the running configuration parameters of the switch.
<Quidway> display current-configuration
#
sysname Quidway
#
radius scheme system
server-type nec
primary authentication 127.0.0.1 1645
primary accounting 127.0.0.1 1646
user-name-format without-domain
domain system
radius-scheme system
access-limit disable
state active
idle-cut disable
domain default enable system

#
local-server nas-ip 127.0.0.1 key hello
#
router id 2.2.2.2
#
stp timer hello 500
#
vlan 1
#
vlan 2
#
interface Vlan-interface1
#

1-13

ip address 10.1.1.2 255.255.255.0

#
interface Aux0/0
#
interface Ethernet1/0/1
duplex full
speed 1000
port access vlan 2
#
#
#
#
port access vlan 2
#
#
#
#
interface NULL0
#
ospf
#
area 0.0.0.0
network 10.1.1.0 0.0.0.255
#
user-interface aux 0
user-interface vty 0 4
#
return
# View configuration information of all the VLANs.

<Quidway> display current-configuration vlan
#
vlan 1
description TestVlan1
igmp-snooping enable
1-14

#
vlan 10
description testVlan10
#
vlan 100
#
vlan 1000
#
return
# View configuration information of the VLAN1.
<Quidway> display current-configuration vlan 1
#
vlan 1
description TestVlan1
#
return
# View the lines containing the character string 10* in the configuration information.
The * indicates that the 0 before it can appear 0 times or multiple consecutive times.
<Quidway> display current-configuration | include 10*
vlan 1
ip address 10.1.1.2 255.255.255.0
speed 1000
network 10.1.1.0 0.0.0.255

1-15

# View configuration information begin with user.

<Quidway> display current-configuration | include ^user
# View the pre-positive and post-positive configuration information.

<Quidway> display current-configuration configuration
#
sysname Quidway
#
server-type nec
domain system
state active
idle-cut disable

#
#
router id 2.2.2.2
#
stp timer hello 500
#
ospf
#
area 0.0.0.0
network 10.1.1.0 0.0.0.255
#
#
return

1-16

1.2.2 display saved-configuration

Syntax
display saved-configuration
View
Any view
Parameter
none
Description
Using display saved-configuration command, you can view the configuration files in
the flash memory of Ethernet Switch.
If the Ethernet Switch works abnormally after electrified, execute the display
saved-configuration command to view the startup configuration of the Ethernet
Switch.
For
the
related
commands,
see
save,
reset
saved-configuration,
current-configuration.
Example
# Display configuration files in flash memory of Ethernet Switch.
<Quidway> display saved-configuration
#
sysname Quidway
#
server-type nec
domain system
state active
idle-cut disable

#

1-17
display

#
router id 2.2.2.2
#
stp timer hello 500
#
vlan 1
#
vlan 2
#
#
ip address 10.1.1.2 255.255.255.0
#
interface Aux0/0
#
duplex full
speed 1000
port access vlan 2
#
#
#
#
port access vlan 2
#
#
#
#
interface NULL0
#
ospf
#
area 0.0.0.0
network 10.1.1.0 0.0.0.255

1-18

#
#
return
1.2.3 display this

Syntax
display this
View
Any view
Parameter
None
Description
Using the display this command, you can display the running configuration of the
current view. If you need to authenticate whether the configurations is correct after you
have finished a set of configurations under a view, you can use the display this
command to view the running parameters.
Some effective parameters are not displayed if they are the same with the default ones,
while some parameters, though have been configured by the user, if their related
functions are not effective, are not displayed either.
Associated configuration of the interface is displayed when executing the command in
different interface views; related configuration of the protocol view is displayed when
executing this command in different protocol views; and all the configuration of the
protocol view is displayed when executing this command in protocol sub-views.
For
the
related
command,
see
save,
reset,
display
current-configuration, display saved-configuration.
Example
# Display the running configuration parameters for the current view of the switch
system.
[Quidway] display this
1.2.4 display startup

Syntax
display startup

1-19

View
Any view
Parameter
None
Description
Using the display startup command, you can display the configuration filenames used
for the current and the next start-ups.
For the related command, see startup saved-configuration.
Example
# Display the configuration filenames used for the current and the next start-ups.
<Quidway> display startup
MainBoard:
Startup saved-configuration file:
flash:/vrpcfg.cfg
Next startup saved-configuration file:
flash:/vrpcfg.cfg
1.2.5 reset saved-configuration

Syntax
reset saved-configuration
View
User view
Parameter
none
Description
Using reset saved-configuration command, you can erase configuration files from
the flash memory of the Ethernet Switch.
Perform this command with cautious. It is suggested to consult technical support
personnel first.
Generally, this command is used in the following situations:
z
After upgrade of software, configuration files in flash memory may not match the
new version's software. Perform reset saved-configuration command to erase
the old configuration files.

1-20

z
If a used Ethernet Switch is applied to the new circumstance and the original
configuration files cannot meet the new requirements, the Ethernet Switch should
be configured again. Erase the original configuration files for reconfiguration.
If the configuration files do not exist in the flash memory when Ethernet Switch is
electrified and initialized, it will enter setup switch view automatically.
For the related commands, see save, display current-configuration, display
saved-configuration.
Example
# Erase the configuration files from the flash memory of Ethernet Switch.
<Quidway> reset saved-configuration
This will delete the configuration in the flash memory.
The switch configurations will be erased to reconfigure.
Are you sure?[Y/N]
1.2.6 save
Syntax
save [ file-name | safely ]
View
User view
Parameter
file-name: The name of the configuration file. It is a character string of 5 to 56
characters.
Description
Using save command, you can save the current configuration files to Flash memory.
After finishing a group of configurations and achieving corresponding functions, user
should remember to get the current configuration files stored in the flash memory.
For
the
related
commands,
see
reset
current-configuration, display saved-configuration.
Example
# Get the current configuration files stored in the flash memory.
<Quidway> save
The configuration will be written to the device.
Are you sure?[Y/N]y
Now saving current configuration to the device.

1-21
display

Saving configuration flash:/vrpcfg.cfg. Please wait...

...........
Configuration is saved to flash memory successfully.
1.2.7 startup saved-configuration

Syntax
startup saved-configuration cfgfile
View
User view
Parameter
cfgfile: The name of the configuration file. It is a string with a length of 5 to 56
characters.
Description
Using the startup saved-configuration command, you can configure the configuration
file used for enabling the system for the next time.
The configuration file uses .cfg as its extension name and is saved under the root
directory of the Flash. For the related command, please see display startup.
Example
Configure the configuration file for the next start-up.
<Quidway> startup saved-configuration vrpcfg.cfg
1.3 FTP Server Configuration Commands
Note:
For information about how to configure a local user, the password display mode of all
the accessing users, the password for local users, and a service type for a particular
user, refer to the local-user, local-user password-display-mode, password,
service-type command respectively in the Security Module.
1.3.1 display ftp-server

Syntax
display ftp-server

1-22

View
Any view
Parameter
none
Description
Using display ftp-server command, you can view the parameters of the current FTP
Server. You can perform this command to verify the configuration after setting FTP
parameters.
Example
# Display the configuration of FTP Server parameters.
<Quidway> display ftp-server
FTP server is running
Max user number
User count
Timeout value(in minute)
30
1.3.2 display ftp-user

Syntax
display ftp-user
View
Any view
Parameter
none
Description
Using display ftp-user command, you can view the parameters of current FTP user.
Example
# Show the configuration of FTP user parameters.
<Quidway> display ftp-user
Username
Host IP
Port
Idle
Homedir
quidway
10.110.3.5
1074
flash:/quidway

1-23

1.3.3 ftp server

Syntax
ftp sever enable
undo ftp sever
View
System view
Parameter
enable: Start FTP Server.
Description
Using ftp server command, you can start FTP Server and enable FTP user logon.
Using undo ftp server command, you can close FTP Server and disable FTP user
logon.
By default, FTP Server is shut down.
Perform this command to easily start or shut down FTP Server, preventing Ethernet
Switch from being attacked by some unknown user.
Example
# Shut down FTP Server.
[Quidway] undo ftp server
1.3.4 ftp timeout

Syntax
ftp timeout minute
undo ftp timeout
View
System view
Parameter
minute: Connection timeouts (measured in minutes), ranging from 1 to 35791; By
default, the connection timeout time is 30 minutes.
Description
Using ftp timeout command, you can configure connection timeout interval. Using
undo ftp timeout command, you can restore the default connection timeout interval.

1-24

After a user logs on to an FTP Server and has established connection, if the connection
is interrupted or cut abnormally by the user, FTP Server will still hold the connection.
The connection timeout can avoid this problem. If the FTP server has no command
interaction with a client for a specific period of time, it considers the connection to be
failed and disconnect to the client.
Example
# Set the connection timeout to 36 minutes.
[Quidway] ftp timeout 36
1.4 FTP Client Commands

1.4.1 ascii
Syntax
ascii
View
FTP Client view
Parameter
none
Description
Using ascii command, you can configure data transmission mode as ASCII mode.
By default, the file transmission mode is ASCII mode.
Perform this command if the user needs to change the file transmission mode to default
mode.
Example
# Configure to transmit data in the ASCII mode.
[ftp] ascii
200 Type is ASCII.
1.4.2 binary
Syntax
binary
View
FTP Client view
1-25

Parameter
none
Description
Using binary command, you can configure file transmission type as binary mode.
Example
# Configure to transmit data in the binary mode.
[ftp] binary
200 Type is Image (Binary).
1.4.3 bye
Syntax
bye
View
FTP Client view
Parameter
none
Description
Using bye command, you can disconnect with the remote FTP Server and return to
user view.
After performing this command, you can terminate the control connection and data
connection with the remote FTP Server.
Example
# Terminate connection with the remote FTP Server and return to user view.
[ftp] bye
1.4.4 cd
Syntax
cd pathname
View
FTP Client view

1-26

Parameter
pathname: Path name.
Description
Using cd command, you can change the working path on the remote FTP Server.
This command is used to access another directory on FTP Server. Note that the user
can only access the directories authorized by the FTP server.
Example
# Change the working path to flash:/temp
[ftp] cd flash:/temp
1.4.5 cdup
Syntax
cdup
View
FTP Client view
Parameter
none
Description
Using cdup command, you can change working path to the upper level directory.
This command is used to exit the current directory and return to the upper level
directory.
Example
# Change working path to the upper level directory.
[ftp] cdup
1.4.6 close
Syntax
close
View
FTP Client view

1-27

Parameter
none
Description
Using close command, user can disconnect FTP client side from FTP server side
without exiting FTP client side view. That is to say, you can terminate the control
connection and data connection with the remote FTP Server at the same time.
Related command: open.
Example
# Terminate connection with the remote FTP Server and stays in FTP Client view.
[ftp] close
221 Server closing.
[ftp]
1.4.7 debugging
Syntax
debugging
View
FTP Client view
Parameter
none
Description
Using debugging command, you can enable the system debugging functions.
Example
# Enable the system debugging functions.
[ftp] debugging
Debug is on.
1.4.8 delete
Syntax
delete remotefile

1-28

View
FTP Client view
Parameter
remotefile: File name.
Description
Using delete command, you can cancel the specified file.
This command is used to delete a file.
Example
# Delete the file temp.c
[ftp] delete temp.c
1.4.9 dir
Syntax
dir [ filename ] [ localfile ]
View
FTP Client view
Parameter
filename: File name to be queried.
localfile: Saved local file name.
Description
Using dir command, you can get a information list including the file names, size and
creation date under the current directory. If you specify the file name with the parameter
filename, you can get the information list about this file only.
Example
# Display the file information list under the current directory.
200 PORT command okay
7 File Listing Follows in ASCII mode
-rwxrwxrwx
1 noone
nogroup
430585 Dec 21
2004 4.app
-rwxrwxrwx
1 noone
nogroup
430585 Dec 21
2004 5.app
-rwxrwxrwx
1 noone
nogroup
430585 Dec 23
2004 6. app
-rwxrwxrwx
1 noone
nogroup
430585 Dec 21
2004 6. app.bak
-rwxrwxrwx
1 noone
nogroup
638912 Nov 15
2004 abc.BTM
drwxrwxrwx
1 noone
nogroup
0 Dec 15

1-29
2004 TEST

-rwxrwxrwx
1 noone

nogroup
3212176 Jul 14
2004 21.bin
226 Transfer finished successfully.

FTP: 5346 byte(s) received in 6.782 second(s) 788.00 byte(s)/sec.
# Display the file information of 4.app and saves the results in the file temp1.
[ftp] dir 4.app temp1
-rwxrwxrwx
1 noone
nogroup
430585 Dec 21
2004 4.app

FTP: 70 byte(s) received in 0.122 second(s) 573.00 byte(s)/sec.
1.4.10 disconnect
Syntax
disconnect
View
FTP Client view
Parameter
none
Description
Using disconnect command, subscribers can disconnect FTP client side from FTP
server side without exiting FTP client side view.
This command terminates the control connection and data connection with the remote
FTP Server at the same time.
Example
# Terminate connection with the remote FTP Server and stays in FTP Client view.
[ftp] disconnect
1.4.11 ftp
Syntax
ftp [ ipaddress [ port ] ]
View
User view

1-30

Parameter
ip-address: The host name ( a string with a length of 1 to 20 characters ) or the IP
address of the remote FTP Server.
port: Port number of remote FTP Server, ranging from 0 to 65535. By default , it is 21.
Description
Using ftp command, you can establish control connection with the remote FTP Server
and enter FTP Client view.
Example
# Connect to FTP Server at the IP address 1.1.1.1
<Quidway> ftp 1.1.1.1
1.4.12 get
Syntax
get remotefile [ localfile ]
View
FTP Client view
Parameter
localfile: Local file name.
remotefile: The name of a file on the remote FTP Server.
Description
Using get command, you can download a remote file and save it locally.
If no local file name is specified, it will be considered the same as that on the remote
FTP Server.
Example
# Download the file temp1.c and saves it as temp.c
[ftp] get temp1.c temp.c
1.4.13 lcd
Syntax
lcd

1-31

View
FTP Client view
Parameter
none
Description
Using lcd command, you can view local working path of FTP Client.
Example
# Show local working path.
[ftp] lcd
% Local directory now flash:/temp
1.4.14 ls
Syntax
ls [ remotefile ] [ localfile ]
View
FTP Client view
Parameter
remotefile: Remote file to be queried.
localfile: Saved local file name.
Description
Using the ls command, you can get a list of all the file names under the current directory.
If you use the parameter remotefile, you can get the name of this file.
Note:
Using the ls command, you can only get a list of all the file names. However, you can
get a information list including all the file names, size and creation date under the
current directory while using the dir command.
Example
# Display the list of all the file names under the current directory.

1-32

[ftp] ls
4.app
5.app
6.app
6.app.bak
abc.BTM
TEST
21.bin
FTP: 1235 byte(s) received in 1.595 second(s) 774.00byte(s)/sec.
1.4.15 mkdir
Syntax
mkdir pathname
View
FTP Client view
Parameter
pathname: Directory name.
Description
Using mkdir command, you can create a directory on the remote FTP Server.
User can perform this operation as long as the remote FTP server has authorized.
Example
# Create the directory flash:/lanswitch on the remote FTP Server.
[ftp] mkdir flash:/lanswitch
1.4.16 open
Syntax
open [ ip-address [ port ] ]
View
FTP Client view

1-33

Parameter
ip-address: The host name ( a string with a length of 1 to 20 characters ) or the IP
address of the remote FTP Server.
port: Port number of remote FTP Server, ranging from 0 to 65535. By default , it is 21.
Description
Using open command, you can establish control connection with the remote FTP
Server in the FTP Client view.
Related command: close.
Example
# Establish control connection with the FTP Server, which IP address is 1.1.1.1.
[ftp] open 1.1.1.1
Trying ...
Press CTRL+K to abort
Connected.
220220 WFTPD 2.0 service (by Texas Imperial Software) ready for new user
User(none):abc
331 Give me your password, please
Password:
230 Logged in successfully
1.4.17 passive
Syntax
passive
undo passive
View
FTP Client view
Parameter
none
Description
Using passive command, you can configure the data transmission mode as passive
mode. Using undo passive command, you can configure the data transmission mode
as active mode.
By default, the data transmission mode is passive mode

1-34

Example
# Set the data transmission to passive mode.
[ftp] passive
1.4.18 put
Syntax
put localfile [ remotefile ]
View
FTP Client view
Parameter
localfile: Local file name.
remotefile: File name on the remote FTP Server.
Description
Using put command, you can upload a local file to the remote FTP Server.
If the user does not specify the filename on the remote server, the system will consider
it the same as the local file name by default.
Example
# Upload the local file temp.c to the remote FTP Server and saves it as temp1.c.
[ftp] put temp.c temp1.c
1.4.19 pwd
Syntax
pwd
View
FTP Client view
Parameter
none
Description
Using pwd command, you can view the current directory on the remote FTP Server.
Example
# Show the current directory on the remote FTP Server.
1-35

[ftp] pwd
"flash:/temp" is current directory.
1.4.20 quit
Syntax
quit
View
FTP Client view
Parameter
none
Description
Using quit command, you can terminate the connection with the remote FTP Server
and return to user view.
Example
# Terminate connection with the remote FTP Server and returns to user view.
[ftp] quit
<Quidway>
1.4.21 remotehelp
Syntax
remotehelp [ protocol-command ]
View
FTP Client view
Parameter
protocol-command: FTP protocol command.
Description
Using remotehelp command, you can view help information about the FTP protocol
command.
Example
# Show the syntax of the protocol command user.
[ftp] remotehelp user
1-36

214 Syntax: USER <sp> <username>
1.4.22 rmdir
Syntax
rmdir pathname
View
FTP Client view
Parameter
pathname: Directory name of remote FTP Server.
Description
Using rmdir command, you can cancel the specified directory from FTP Server. The
rmdir command can operate successfully only when there are not files under the
directory.
Example
# Delete the directory flash:/temp1 from FTP Server.
[ftp] rmdir flash:/temp1
1.4.23 user
Syntax
user username [ password ]
View
FTP Client view
Parameter
username: Logon username.
password: Logon password.
Description
Using user command, you can register an FTP user.
Example
# Log in the FTP Server with username tom and password bjhw.
[ftp] user tom bjhw

1-37

1.4.24 verbose
Syntax
verbose
undo verbose
View
FTP Client view
Parameter
none
Description
Using verbose command, you can enable verbose. Using undo verbose command,
you can disable verbose.
By default, verbose is enabled.
Example
# Enable verbose.
[ftp]verbose
1.5 TFTP Configuration Commands

1.5.1 tftp get
Syntax
tftp tftp-server get source-file [ dest-file ]
View
User view
Parameter
tftp-server: The IP address or hostname of the TFTP server. The name of the TFTP
server should be a string ranging from 1 to 20 characters.
source-file: Specify the filename of the source file on the TFTP server.
dest-file: Specify the filename of the destination file which will be saved on the switch.
Description
Using tftp get command, you can download a file from the specified directory of the
TFTP server and saving it on the switch.

1-38

For the related commands, see tftp put.
Example
# Download the file LANSwitch.app from the TFTP server at 1.1.3.214 and save it as
vxWorks.app on the local switch.
<Quidway> tftp 1.1.3.214 get LANSwitch.app vxWorks.app
1.5.2 tftp put

Syntax
tftp tftp-server put source-file [ dest-file ]
View
User view
Parameter
tftp-server: The IP address or hostname of the TFTP server. The name of the TFTP
server should be a string ranging from 1 to 20 characters.
source-file: Specify the filename of the source file which is saved on the switch.
dest-file: Specify the filename of the destination file which will be saved on the TFTP
server.
Description
Using tftp put command, you can upload a file from the switch to the specified directory
on the TFTP server.
For the related commands, see tftp get.
Example
# Upload the vrpcfg.txt to the TFTP server at 1.1.3.214 and save it as Temp.txt.
<Quidway> tftp 1.1.3.214 put vrpcfg.txt temp.txt
1.5.3 tftp-server acl

Syntax
tftp-server acl acl-num
undo tftp-server acl
View
System view

1-39

Parameter
acl-num: ACL (access control list) number ranging from 2000 to 2999.
Description
Use the tftp-server acl command to specify the ACL rule when the TFTP client is
making a connection with the TFTP server.
Use the undo tftp-server acl command to cancel the specified ACL rule.
Example
# Specify the ACL for TFTP client to ACL 2000.
[Quidway] tftp-server acl 2000
The ACL number is not existent or contains no rule. Continue? [Y/N] y
[Quidway]

1-40

Chapter 2 MAC Address Table Management Commands
Chapter 2 MAC Address Table Management

Commands
2.1 MAC Address Table Management Commands
2.1.1 bridgemactocpu
Syntax
bridgemactocpu { enable | disable }
View
System view
Parameter
enable: Configure the packets to be passed to CPU for being processed.
disable: Configure the packets not to be passed to CPU for being processed.
Description
Using bridgemactocpu command, you can configure whether or not the packets with
destination MAC addresses being bridge MAC address of the switch are passed to
CPU for being processed.
By default, the packets with destination MAC addresses being bridge MAC address are
not to be passed to CPU for being processed.
Example
# Configure the packets with destination MAC addresses being bridge MAC address to
be passed to CPU for being processed.
[Quidway] bridgemactocpu enable
2.1.2 display mac-address aging-time

Syntax
display mac-address aging-time
View
Any view

2-1

Parameter
none
Description
Using display mac-address aging-time command, you can view the aging time of the
dynamic entry in the MAC address table.
For the related commands, see mac-address, mac-address timer, display
mac-address.
Example
# Display the aging time of the dynamic entry in the MAC address table.
[Quidway] display mac-address aging-time
Mac address aging time: 300s
The above information indicates that the aging time of the dynamic entry in the MAC
address is 300s.
2.1.3 display mac-address

Syntax
display mac-address [ mac-addr [ vlan vlan-id ] | [ static | dynamic ] [ interface
{ interface-name | interface-type interface-num } ] [ vlan vlan-id ] [ count ] ]
View
Any view
Parameter
mac-addr: Specify the MAC address.
vlan-id: Specify the VLAN ID.
static: Static table entry, lost after resetting switch.
dynamic: Dynamic table entry, which will be aged.
interface-type: Specify the interface type.
interface-num: Specify the interface number.
interface-name: Specify the interface name.
For details about the interface-type, interface-num and interface-name parameters,
refer to the Port Configuration in this manual.
count: the display information will only contain the sum number of MAC addresses in
the MAC address table if user choice this parameter when using this command.

2-2

Description
Using display mac-address command, you can view MAC address table information.
When managing the Layer-2 addresses of the switch, the administrator can Perform
this command to view such information as the Layer-2 address table, address status
(static or dynamic), Ethernet port of the MAC address, VLAN of the address, and
system address aging time.
For the related commands, see mac-address, mac-address timer.
Example
# Show the information of the MAC address table.
[Quidway] display mac-address
MAC ADDR
VLAN ID
0100-0001-0002
0000-0251-5500
STATE
PORT INDEX
AGING TIME(s)
Config static
N/A
212
Learned
255
000f-1f9c-0adf
212
Learned
180
0001-0001-0001
Config static
NOAGED
00e0-fc35-8962
213
Learned
AGING
2.1.4 mac-address
Syntax
mac-address { static | dynamic } mac-addr interface { interface-name | interface-type
interface-num } vlan vlan-id
undo mac-address [ static | dynamic ] [ [ mac-addr ] interface {interface-name |
interface-type interface-num } vlan vlan-id ]
View
System view
Parameter
static: Static table entry, lost after resetting switch.
dynamic: Dynamic table entry, which will be aged.
mac-addr: Specify the MAC address.
interface-type: interface type;
interface-num: interface number;
interface-name: interface name;
vlan-id: Specify the VLAN ID.

2-3

Description
Using mac-address command, you can add/modify the MAC address table entry.
Using undo mac-address command, you can cancel MAC address table entry
If the input address has been existed in the address table, the original entry will be
modified. That is, replace the interface pointed by this address with the new interface
and the entry attribute with the new attribute (dynamic entry and static entry).
All the (MAC unicast) addresses on a certain interface can be deleted. User can choose
to delete any of the following addresses: address learned by system automatically,
dynamic address configured by user, static address configured by user.
Because the address table is shared in the VLAN domain, you need specify the VLAN
of the multicast address and the port of the unicast address, when adding entries to the
address table.
For the related commands, see display mac-address.
Example
# Configure the port number corresponding to the MAC address 00e0-fc01-0101 as
Ethernet2/0/1 in the address table, and sets this entry as static entry.
[Quidway] mac-address static 00e0-fc01-0101 interface ethernet 2/0/1 vlan 2
2.1.5 mac-address max-mac-count

Syntax
mac-address max-mac-count count
undo mac-address max-mac-count
View
Ethernet port view
Parameter
count: Specify the amount limit to the MAC addresses to be learned, ranging from 0 to
16384. 0 indicates that no address can be learned via the port. By default, it is 16384.
Description
Using mac-address max-mac-count command, you can set a limit to the MAC
addresses to be learned by the Ethernet port. Using undo mac-address
max-mac-count command, you can restore the default max count of the MAC
addresses to be learned by the Ethernet port.
By default, the max count of MAC addresses learned via the Ethernet port is 16384.
The port will stop learning MAC address when the amount reaches the limit specified by
the count parameter.
2-4

For the related commands, see mac-address, mac-address timer.
Example
# Configure Ethernet2/0/3 to learn at most 600 addresses.
[Quidway-Ethernet2/0/3] mac-address max-mac-count 600
# Configure no limit to the amount of addresses learned via Ethernet2/0/3.
[Quidway-Ethernet2/0/3] undo mac-address max-mac-count
2.1.6 mac-address timer

Syntax
mac-address timer { aging age | no-aging }
undo mac-address timer aging
View
System view
Parameter
aging age: Specifies the aging time (measured in seconds) of the Layer-2 dynamic
address table entry, ranging from 10 to 1000000. By default, the aging time is 300
seconds.
no-aging : No aging time.
Description
Using mac-address timer command, you can configure the aging time of the Layer-2
dynamic address table entry. Using undo mac-address timer command, you can
restore the default value.
Too long or too short aging time set by subscribers will cause the problem that the
Ethernet switch broadcasts a great mount of data packets without MAC addresses,
which will affect the switch operation performance.
If aging time is set too long, the Ethernet switch will store a great number of out-of-date
MAC address tables. This will consume MAC address table resources and the switch
will not be able to update MAC address table according to the network change.
If aging time is set too short, the Ethernet switch may delete valid MAC address table.
Example
# Configure the entry aging time of Layer-2 dynamic address table to be 500 seconds.
[Quidway] mac-address timer aging 500

2-5

Chapter 3 Device Management Commands

3.1 Device Management Commands
3.1.1 boot boot-loader
Syntax
boot boot-loader { primary | backup } file-url [ slot slot-num ]
View
User view
Parameter
primary : Specify the APP file as the primary boot file.
backup : Specify the APP file as the backup boot file.
file-url: Path and name of APP file.
slot slot-num: Specify the APP file of slave board. This parameter is only supported by
S6506R.
Description
Using boot boot-loader command, you can configure the app file used for boot of the
next time.
You can specify two boot files at the same time, one is the primary boot file, the other is
the backup. When the switch boots, the process is as follows:
z
The switch first selects the primary boot file.
If the switch cannot be booted by the primary boot file, it selects the backup file.
If the switch cannot be booted by both of the files, it randomly selects an

application file from the Flash memory. The booting fails if the switch cannot be
booted by the newly selected one.

3-1

Note:
User can operate the file on the two boards. In the case user designate the APP
adopted on slave board next time, the file directory or URL should be started with
slot[No.]#flash:, the [No.] is the slave board number. For example, suppose slot 1 is
slave board, text.txt file URL on slave board should be slot1#flash:/text.txt.
Example
# Specify the APP application used for primary boot of next time.
<Quidway> boot boot-loader primary PLATV100R002B09D002.APP slot 0
The specifed file will be booted next time!
<Quidway>
3.1.2 boot bootrom

Syntax
boot bootrom file-url slot slot-num-list
View
User view
Parameter
file-url:path and name of Bootrom file.
slot-num-list: slot-num-list = [ slot-num1 [ to slot-num2 ] ]&<1-10>, slot need to be
upgraded, the range of slot-num is from 0 to 6. &<1-10> indicates that parameter in
front of this mark can be input up to 10 times.
Description
Using boot bootrom command, you can upgrade bootrom.

3-2

Note:
User can operate the file on the two boards. In the case user upgrade the BootROM
adopted on slave board, the file directory or URL should be started with
slot[No.]#flash:, the [No.] is the slave board number. For example, suppose slot 1 is
slave board, text.txt file URL on slave board should be slot1#flash:/text.txt.
Example
# Upgrade bootrom of No. 0 slot.
<Quidway> boot bootrom PLATV100R002B09D002.btm slot 0
3.1.3 bootrom-update security-check enable

Syntax
bootrom-update security-check enable
undo bootrom-update security-check enable
View
System view
Parameter
None.
Description
Using bootrom-update security-check enable command, you can enable the validity
check
function
when
upgrade
BootROM.
Using
undo
bootrom-update
security-check enable command, you can disable the validity check function when
upgrade BootROM.
S6500 series switches have many cards. Every card has its own BootROM application.
Wrongly upgrading the BootROM causes serious results. The validity checking is used
to avoid the above wrong operation.
Example
# enable the validity check function.
[Quidway] bootrom-update security-check enable

3-3

3.1.4 display backboard view

Syntax
display backboard view
View
Any view
Parameter
none
Description
Using display backboard view command, you can view system backboard views.
Salience III series engines do not support this command.
Example
# Show backboard view.
[Quidway] display backboard view
The backboard view is 0
Current Back Board Configuration is described as following:
|Slot No. lBrd Type
|Slot Band Width
|Brd Available
| 1
|NONE
| 8G
|NO
| 2
|NONE
| 8G
|NO
| 3
|NONE
| 8G
|NO
| 4
|LS81FT48
| 8G
|YES
| 5
|NONE
| 0G
|NO
| 6
|NONE
| 0G
|NO
3.1.5 display boot-loader

Syntax
display boot-loader
View
Any view
Parameter
none
Description
Using display boot-loader command, you can view APP file used next time.
3-4

Example
<Quidway> display boot-loader
The primary app to boot of board 0 at the next time is: flash:/ccc.app
The backup app to boot of board 0 at the next time is: flash:/ddd.app
The app to boot of board 0 at this time is: flash:/ccc.app
3.1.6 display cpu

Syntax
display cpu [slot slot-num ]
View
Any view
Parameter
slot-num: Slot number.
Description
Using display cpu command, you can display CPU occupancy.
Example
# Display CPU occupancy.
<Quidway> display cpu
Board 0 CPU busy status:
13% in last 5 seconds
13% in last 1 minute
13% in last 5 minutes
Board 3 CPU busy status:
16% in last 5 seconds
19% in last 1 minute
19% in last 5 minutes
3.1.7 display device

Syntax
display device [ detail | [ shelf shelf-no ] [ frame frame-no ] [ slot slot-num ] ]
View
Any view

3-5

Parameter
detail: display all slot detail information.
shelf-no: Shelf number.
frame-no: Frame number.
Description
Using display device command, you can display the module type and working status
information of a card, including physical card number, physical daughter card number,
number of ports, hardware version number, FPGA version number, version number of
BOOTROM software, application version number, address learning mode, interface
card type and interface card type description, etc.
Example
# Show device information.
<Quidway> display device
Slot No.
Brd Type
Brd Status
Subslot Num
Sft Ver
LS83SRPC
Normal
6506R-011
LS83SRPC
Normal
6506R-011
LS81GT8U
Normal
6506R-011
LS81FT48
Normal
6506R-011
NONE
Absent
Absent
None
NONE
Absent
Absent
None
LS81GT8U
Normal
6506R-011
NONE
Absent
Absent
None
# Show device information of S6506R.

<Quidway> display device
Slot No.
Brd Type
Brd Status
Subslot Num
Sft Ver
LS83SRPC
Master
6506R-011
LS83SRPC
Slave
LS81GT8U
Normal
6506R-011
LS81FT48
Normal
6506R-011
NONE
Absent
Absent
None
NONE
Absent
Absent
None
LS81GT8U
Normal
6506R-011
NONE
Absent
Absent
None
6506R-011
The following table describes the displaying information.

3-6

Table 3-1 Output description of the display device command

Field
Description
Slot No
Physical card number
Brd Type
Type of board
Brd Status
Status of board
Subslot Num
Subslot number
Sft Ver
Software version number
3.1.8 display environment

Syntax
display environment
View
Any view
Parameter
none
Description
Using display environment command, you can view environment information.
Example
# Display the environment information.
<Quidway> display environment
System temperature information (degree centigrade):
---------------------------------------------------Board
Temperature
Lower limit
Upper limit
28
20
80
39
10
80
3.1.9 display fan

Syntax
display fan [ fan-id ]
View
Any view

3-7

Parameter
fan-id: the fan ID.
Description
Using display fan command, you can view the working state of the built-in fans. User
can Perform this command to see if they work normally.
Example
# Display the working state of the fans.
<Quidway> display fan
Fan
1 State: Normal
Fan
2 State: Normal
Fan
3 State: Normal
The above information indicates that all of the four fans work normally.
3.1.10 display memory

Syntax
display memory [ slot slot-number ]
View
Any view
Parameter
slot-number: Specify slot number
Description
Using display memory command, you can display memory situation.
Example
# Display memory situation.
<Quidway> display memory
System Total Memory(bytes): 32491008
Total Used Memory(bytes): 13181348
Used Rate: 40%

3-8

Table 3-2 Display information

Field
Description
System Total Memory(bytes)
The Total Memory of switch, unit in byte
Total Used Memory(bytes)
The Total used Memory of switch, unit in byte
Used Rate
The memory used rate
3.1.11 display power

Syntax
display power [ powe-id ]
View
Any view
Parameter
power-id: Power-ID.
Description
Using display power command, you can view the working state of the built-in power
supply.
Example
# Show power state.
<Quidway> display power 1
power 1 State: Normal
3.1.12 display schedule reboot

Syntax
display schedule reboot
View
Any view
Parameter
None

3-9

Description
Using the display schedule reboot command, you can check the configuration of
related parameters of the switch schedule reboot terminal service.
For the related command, see reboot, schedule reboot at, schedule reboot delay, undo
schedule reboot.
Example
# Display the configuration of the schedule reboot terminal service parameters of the
current switch.
<Quidwa> display schedule reboot
System will reboot at 16:00:00 2002/11/1 (in 2 hours and 5 minutes).
3.1.13 display uplink monitor

Syntax
display uplink monitor
View
Any view
Parameter
None
Description
Use the display uplink monitor command to view information about Layer 3
connectivity between the local device and the remote device.
Related command: uplink monitor.
Example
# View information about Layer 3 connectivity between the local device and the remote
device.
<Quidway> display uplink monitor
UpLink monitor information
No Dest_IP_Addr
Dest_MAC_Addr
Vlan
Port
3.1.14 pause-protection
Syntax
pause-protection { enable | disable } slot slot-num

3-10
ErrCnt
Last_Err_Time

View
System view
Parameter
enable: Enables pause frame protection mechanism.
disable: Disables pause frame protection mechanism.
slot slot-num: Specifies the board seated in the slot determined by the parameter
slot-num.
Description
Use the pause-protection command to enable/disable pause frame protection
mechanism.
Pause frame protection mechanism is disabled by default.
Pause frames, which can be utilized as packets to attack a network, are used in traffic
controlling. A switch that has pause frame protection mechanism enabled discards the
detected pause frames that are utilized to attack the network it resides and logs these
attacks in the logbuffer. If the switch experiences successive pause frame attacks, it
sends messages to the console to warn users.
Example
# Enable pause frame protection mechanism on the board in slot 7.
[Quidway] pause-protection enable slot 7
3.1.15 product
Syntax
product { 6503 | 6506 }
View
System view
Parameter
6503: Specifies the switch type to S6503.
6506: Specifies the switch type to S6506.
Description
Using the product command, you can specify the switch type.
If the Salience III series engines works with the S6503 chassis without the XGbus
silkscreen, the system cannot recognize the current switch type. And then you need to
specify the switch type to S6503 by the product 6503 command. After that, if you want
3-11

to use this engine in the S6506 chassis without the XGbus silkscreen, you must specify
the switch type to S6506 by the product 6506 command after you insert the engine,
and vice versa.
By default, the switch type is S6506 that the system can recognize.
Note:
z
You must reboot the switch after specifying the switch type.
If the Salience III series engines works with the other type of chassis, the system
can recognize the current switch type, and this configuration is not needed.
Example
# Specify the switch type to S6503 and reboot the switch.
[Quidway] product 6503
[Quidway] quit
<Quidway> reboot
3.1.16 qe monitor
Syntax
qe monitor { enable | disable }
View
System view
Parameter
enable: Specify to enable queue traffic monitoring.
disable: Specify to disable queue traffic monitoring.
Description
Use the qe monitor command to enable/disable queue traffic monitoring.
Queue traffic monitoring is disabled by default.
Upon enabling queue traffic monitoring on a switch, the switch monitors the queue
traffic and relieves blocks in the output queue of its interfaces.
The criterion used to distinguish a block is the queue is full, and the traffic of the
corresponding interface is less than the specified threshold.
Refer to the qe monitor overflow-threshold command for information about how to
set a threshold.
3-12

Example
# Enable queue traffic monitoring.
[Quidway] qe monitor enable
[Quidway]
3.1.17 qe monitor errpkt

Syntax
qe monitor errpkt { runt | all | none }
View
Ethernet port view
Parameter
runt: Specifies to detect error packets that are of runt type on current interface. Error
packets that are of runt type refer to frames whose data segment are less than 64 bytes
without CRC errors.
all: Specifies to detect all error packets on current interface.
none: Specifies not to detect error packets on current interface.
Description
Use the qe monitor errpkt runt command to detect error packets that are of runt type
on current interface.
Use the qe monitor errpkt all command to detect all error packets on current interface.
If you do not want to detect error packets on current interface, use the qe monitor
errpkt none command.
A switch does not detect error packets on current interface by default.
If the switch receives a great number of error packets, it will not be able to send/receive
packets properly. With error packets monitoring enabled, the switch collects information
about received error packets regularly. If error packets are detected, it takes protection
measures to ensure that its interfaces send/receive packets properly.
Example
# Specify to detect error packets that are of runt type on Ethernet4/0/1 interface.
[Quidway-Ethernet4/0/1] qe monitor errpkt runt

3-13

3.1.18 qe monitor errpkt check-time

Syntax
qe monitor errpkt check-time interval
View
System view
Parameter
interval: Specifies the interval for detecting error packets ranging from 1 to 3600 (in
seconds). It defaults to 5.
Description
Use the qe monitor errpkt check-time command to set the interval for detecting error
packets.
Example
# Set the interval for detecting error packets to 50 seconds.
[Quidway] qe monitor errpkt check-time 50
[Quidway]
3.1.19 qe monitor overflow-threshold

Syntax
qe monitor overflow-threshold threshold
View
System view
Parameter
threshold: An integer that sets the overall traffic threshold, ranging from 0 to
4294967295 bps.
Description
Use the qe monitor overflow-threshold command to specify the overall traffic
threshold used in queue traffic monitoring.
The overall traffic threshold defaults to 50,000,000 bps (50 Mbps).
Upon enabling queue traffic monitoring on a switch, the switch monitors the queue
traffic and relieves blocks in the output queue of its interfaces.
The criterion used to distinguish a block is the queue is full, and the traffic of the
corresponding interface is less than the specified threshold.
3-14

Example
# Set the overall traffic threshold used in queue traffic monitoring to 90 Mbps.
[Quidway] qe monitor overflow-threshold 90000000
[Quidway]
3.1.20 reboot
Syntax
reboot [ slot slot-num ]
View
User view
Parameter
slot-num: Specifies the physical card number.The number ranges from 0 to 6. 0
indicates to reset the SRPU, taking the same effect as resetting the switch system.
Description
Using reboot command, you can reset the whole system or the specified card.
Example
# Reset the switch.
<Quidway> reboot
This command will reboot the system. The current configuration has not been
saved and will be lost if you continue. Continue? [Y/N]
3.1.21 rdram
Syntax
rdram { enable | disable }
View
System view
Parameter
enable: Enable RDRAM (Rambus Dynamic Random Access Memory) of the device.
disable: Disable RDRAM of the device.
Description
Using rdram enable command, you can enable RDRAM of the device.

3-15

Using rdram disable command, you can disable RDRAM of the device.
By default, RDRAM of the device is enabled.
Example
# Disable RDRAM of the device.
[Quidway] rdram disable
3.1.22 schedule reboot at

Syntax
schedule reboot at hh:mm [ yyyy/mm/dd ]
undo schedule reboot
View
User view
Parameter
hh:mm: Reboot time of the switch, in the format of "hour: minute" The hh ranges from 0
to 23, and the mm ranges from 0 to 59.
yyyy/mm/dd: Reboot date of the switch, in the format of "year/month/day. The yyyy
ranges from 2000 to 2099, the mm ranges from 1 to 12, and the value of dd is related to
the specific month.
Description
Using the schedule reboot at command, you can enable the timing reboot function of
the switch and set the specific reboot time and date. Using the undo schedule reboot
command, you can disable the timing reboot function.
By default, the timing reboot switch function is disabled.
Note:
The precision of switch timer is 1 minute. The switch will reboot in one minute when
time comes to the specified rebooting point.
If the schedule reboot at command sets specified date parameters, which represents
a data in the future, the switch will be restarted in specified time, with error not more
than 1 minute.
If no specified date parameters are configured, two cases are involved: If the
configured time is after the current time, the switch will be restarted at the time point of

3-16

that day; if the configured time is before the current time, the switch will be restarted at
the time point of the next day.
It should be noted that the configured date should not exceed the current date more
than 30 days. In addition, after the command is configured, the system will prompt you
to input confirmation information. Only after the "Y" or the "y" is entered can the
configuration be valid. If there is related configuration before, it will be covered directly.
Moreover, after the schedule reboot at command is configured and the system time is
adjusted by the clock command, the former configured schedule reboot at parameter
will go invalid.
For the related command, see reboot, schedule reboot delay, display schedule reboot.
Example
# Set the switch to be restarted at 22:00 that night ( the current time is 16:21 ).
<Quidway> schedule reboot at 22:00
Reboot system at 22:00 2005/04/06(in 5 hours and 39 minutes)
confirm?[Y/N]:y
<Quidway>
%Apr
6 16:21:03 2005 S6506R CMD/5/REBOOT:
aux0: schedule reboot parameters at 16:21:00 2005/04/06. And system will reboot
at 22:00:2005 04/06/2005.
3.1.23 schedule reboot delay

Syntax
schedule reboot delay { hhh:mm | mmm }
undo schedule reboot
View
User view
Parameter
hhh:mm: Waiting time for rebooting a switch, in the format of "hour: minute" The hhh
ranges from 0 to 720, and the mm ranges from 0 to 59.
mmm: Waiting delay for rebooting a switch, in the format of "absolute minutes" .
Ranging from 0 to 43200,
Description
Using the schedule reboot delay command, you can enable the timing reboot switch
function and set the waiting time. Using the undo schedule reboot command, you can
disable the timing reboot function.

3-17

By default, the timing reboot switch function is disabled.
Note:
The precision of switch timer is 1 minute. The switch will reboot in one minute when
time comes to the specified rebooting point.
Two formats can be used to set the waiting delay of timing reboot switch, namely the
format of "hour: minute" and the format of "absolute minutes". But the total minutes
should be no more than 302460 minutes, or 30 days.
After this command is configured, the system will prompt you to input confirmation
information. Only after the "Y" or the "y" is entered can the configuration be valid. If
there is related configuration before, it will be covered directly.
Moreover, after the schedule reboot at command is configured, and the system time is
adjusted by the clock command, the original schedule reboot at parameter will
become invalid.
For the related command, see reboot, schedule reboot at, undo schedule reboot,
display schedule reboot.
Example
# Configure the switch to be restarted after 88 minutes (the current time is 21:32).
<Quidway> schedule reboot delay 88
Reboot system at 17:54 2005/04/06(in 1 hours and 28 minutes)
confirm?[Y/N]:y
<Quidway>
%Apr
6 16:26:38 2005 S6506R CMD/5/REBOOT:
aux0: schedule reboot parameters at 16:26:34 2005/04/06. And system will reboot
at 17:54:2005 04/06/2005.
3.1.24 set backboard view

Syntax
set backboard view value
View
System view
Parameter
value: indicates value of backboard view, ranging from 0 to 5.

3-18

Description
Using set backboard view command, you can configure backboard view.
Salience III series engines do not support this command.
Example
# Set backboard view.
[Quidway] set backboard view 1
Configuration of System Back Board Mode
Default settings are in square brackets '[]'.
The new configuration will be as following:
|Slot No. lBrd Type
|Slot Band Width
|Brd Available
| 1
|NONE
| 8G
|NO
| 2
|NONE
| 8G
|NO
| 3
|NONE
| 4G
|NO
| 4
|LS81FT48
| 4G
|YES
| 5
|NONE
| 4G
|NO
| 6
|NONE
| 4G
|NO
Are you sure the configuration is correct, continue?[Y/N]
3.1.25 temperature-limit
Syntax
temperature-limit slot-num down-value up-value
undo temperature-limit slot-num
View
User view, system view
Parameter
slot-num: Physical card number.
down-value: Lower temperature limit.
up-value: Upper temperature limit.
Description
Using temperature-limit command, you can configure temperature limit. Using undo
temperature-limit command, you can restore temperature limit to default value.
Example
# Set the lower and upper temperature limit of card 0.
<Quidway> temperature-limit 0 10 75
3-19

Success temperature limit set

3-20

Chapter 4 System Maintenance Commands

4.1 Basic System Configuration and Management
Commands
4.1.1 clock datetime
Syntax
clock datetime HH:MM:SS YYYY/MM/DD
View
User view
Parameter
HH:MM:SS: Current clock. HH ranges from 0 to 23. MM and SS range from 0 to 59.
YYYY/MM/DD: Specify the current year, month and date. YYYY ranges from 1993 to
2035. MM ranges from 1 to 12 and DD ranges from 1 to 31.
Description
Using clock datetime command, you can configure the current date and clock of
Ethernet Switch.
By default, the date and clock of Ethernet Switch is set as 0:0:0, 2000/1/1.
The current date and clock of Ethernet Switch must be set in the circumstance that
absolute time is strictly required.
For the related commands, see display clock.
Example
# Set the current date of Ethernet Switch to 0:0:0, 2001/01/1.
<Quidway> clock datetime 0:0:0 2001/01/01
4.1.2 clock summer-time

Syntax
clock summer-time zone_name { one-off | repeating } start-time start-date end-time
end-date offset-time
undo clock summer-time

4-1

View
User view
Parameter
zone_name: The name of the summer time, which is a character with the length
ranging 1 to 32.
one-off: Only set the summer time of a certain year.
repeating: Set the summer time of every year starting from a certain year.
start-time:
Set
start
time
of
the
summer
time,
input
like
HH:MM:SS
(hour/minute/second).
start-date:
Set
start
time
of
end
time
of
the
summer
time,
input
like
YYYY/MM/DD
(year/month/day).
end-time:
Set
the
summer
time,
input
like
HH:MM:SS
end-date: Set end time of the summer time, input like YYYY/MM/DD (year/month/day).
offset-time:
Set
offset
time
of
the
summer
time,
input
like
HH:MM:SS
Description
Using clock summer-time command, you can set the name, starting and ending time
of the summer time. Using undo clock summer-time command, you can remove the
configuration of the summer time.
After the configuration takes effect, the display clock command can be used to check
it. Besides, the time of the log or debug information uses the local time after the
adjustment of the time zone and summer time.
For the related command, see clock timezone.
Example
# Set the summer time for z2 that starts at 06:00:00 on 08/06/2002 and ends at
06:00:00 on 01/09/2002 with the time adding 1 hour.
<Quidway> clock summer-time z2 one-off 06:00:00 2002/06/08 06:00:00 2002/09/01
01:00:00
# Set the summer time for z2 that starts at 06:00:00 on 08/06 and ends at 06:00:00 on
01/09 in each year from 2002 on with the time adding 1 hour.
<Quidway> clock summer-time z2 repeating 06:00:00 2002/06/08 06:00:00 2002/09/01
01:00:00

4-2

4.1.3 clock timezone

Syntax
clock timezone zone_name { add | minus } HH:MM:SS
undo clock timezone
View
User view
Parameter
zone_name: The name of the time zone, which is a character with the length ranging 1
to 32.
add: The time is adding compared with the UTC.
minus: The time is minus compared with the UTC.
HH:MM:SS: Time (hour/minute/second).
Description
Using clock timezone command, you can set the information of the local time zone.
Using undo clock timezone command, you can restore to the default Universal Time
Coordinated (UTC) time zone.
After the configuration takes effect, the display clock command can be used to check
it. Besides, the time of the log or debug information uses the local time after the
adjustment of the time zone and summer time.
For the related command, see clock summer-time.
Example
# Set the name of the local time zone as Z5 with the time adding 5 hours compared with
the UTC.
<Quidway> clock timezone z5 add 05:00:00
4.1.4 sysname
Syntax
sysname sysname
undo sysname
View
System view

4-3

Parameter
sysname: Specify the hostname with a character string with the length ranging from1 to
30 characters.
Description
Using sysname command, you can configure the hostname of Ethernet Switch.
By default, the hostname of Ethernet Switch can be Quidway S6502, Quidway S6503,
Quidway S6506, or Quidway S6506R based on the chassis.
Changing the hostname name of Ethernet Switch will affect the prompt of command
line interface. E.g. the host name of Ethernet Switch is Quidway, and the prompt in user
view is <Quidway>.
Example
# Set the hostname of the Ethernet Switch as QuidwayLANSwitch.
[Quidway] sysname QuidwayLANSwitch
[QuidwayLANSwitch]
4.2 System Status and System Information Display

Commands
4.2.1 display clock
Syntax
display clock
View
Any view
Parameter
none
Description
Using display clock command, subscribers can obtain information about system data
and time from the terminal display.
The maximum date and time the system can display is 23:59:59 9999/12/31.
For the related commands, see clock.
Example
# View the current system date and clock.
<Quidway> display clock
4-4

15:50:45 UTC Mon 2001/2/12
4.2.2 display debugging

Syntax
display debugging [ interface { interface-name | interface-type interface-num } ]
[ module-name ]
View
Any view
Parameter
interface-name: Specify the Ethernet port name.
interface-type: Specify the Ethernet port type.
interface-num: Specify the Ethernet port number.
module-name: Specify the module name.
Description
Using display debugging command, you can view the enabled debugging process.
Show all the enabled debugging when there is no parameter.
For the related commands, see debugging.
Example
# Show all the enabled debugging.
<Quidway> display debugging
IP packet debugging is on.
4.2.3 display users

Syntax
display users [ all ]
View
Any view
Parameter
all: display all users connected to the switch.

4-5

Description
Using display users command, you can view information about users connected to the
switch.
Example
# Display the status of the current users.
<Quidway> display users
UI
Delay
F 0 AUX 0
IPaddress
Username
00:00:00
4.2.4 display version

Syntax
display version
View
Any view
Parameter
none
Description
Using display version command, you can view such information as software version,
issue date and the basic hardware configurations.
Example
# Display the information about the system version.
<Quidway> display version
Hello-3Com Versatile Routing Platform Software
VRP(R) software, Version 3.10, Release 3009
Copyright
(c)
2003-2005
Hangzhou
Hello-3Com
Tech.
Co.,Ltd.
All
reserved.
Copyright (c) 2000-2003 Hello Tech. Co.,Ltd. All rights reserved.
Quidway S6506R uptime is 0 week, 0 day, 0 hour, 43 minutes
SRPG 0:
uptime is 0 weeks,0 days,0 hours,43 minutes
QuidwayS6500 with 1 MPC8245 Processor

256M
bytes SDRAM
32768K
bytes Flash Memory
512K
bytes NVRAM Memory
PCB Version
VER.A

4-6
rights

BootROM Version
500
CPLD Version
002
Software Version :
LPU 2:
S6506R-3009
uptime is 0 weeks,0 days,0 hours,42 minutes
QuidwayS6500 LPU with 1 MPC850 Processor

64M
bytes SDRAM
0K
bytes Flash Memory
0K
bytes NVRAM Memory
PCB Version
VER.0
BootROM Version
403
CPLD Version
003
Software Version :
S6506R-3009
4.3 System Debug Commands

4.3.1 debugging
Syntax
debugging { all | module-name [ debugging-option ] }
undo debugging { all | module-name [ debugging-option ] }
View
User view
Parameter
all: Enable or disable all the debugging.
module-name: Specify the module name.
debugging-option: Debugging option.
Description
Using debugging command, you can enable the system debugging. Using undo
debugging command, you can disable the system debugging.
By default, all the debugging processes are disabled.
Ethernet Switch provides various kinds of debugging functions for technical support
personnel and experienced maintenance staff to troubleshoot the network.
Enabling the debugging will generate a large amount of debugging information and
decrease the system efficiency. Specially, network system may collapse after all the
debugging is enabled by debugging all command. So it is not suggested to use the
debugging all command. It is convenient for the user to disable all the debugging with
undo debugging all command.
4-7

For the related commands, see display debugging.
Example
# Enable IP Packet debugging.
<Quidway> debugging ip packet
4.3.2 display diagnostic-information

Syntax
display diagnostic-information
View
Any view
Parameter
none
Description
Using display diagnostic-information command, you can view the current
configuration information about all running modules. You can use all these information
to help diagnose and troubleshoot the Ethernet switch.
When the Ethernet switch does not run well, you can collect all sorts of information
about the switch to locate the source of fault. However, each module has its
corresponding display command, which make it difficult for you to collect all the
information needed. In this case, you can use display diagnostic-information
command.
Example
# Display all system configuration information
<Quidway> display diagnostic-information
Redirect it to file?[Y/N]y
Please input the file name(*.txt)[flash:/diaginfo.txt]:
The file is already existing, overwrite it? [Y/N]y
This operation may take a few minutes, continue?[Y/N]y
..............................................................

4-8

4.4 Network Connection Test Commands

4.4.1 ping
Syntax
ping [ -a ip-add | -c count | -d | -f | -h ttl | -i {interface-type interface-num |
interface-name } | -n | - p pattern | -q | -r | -s packetsize | -t timeout | -tos tos | -v | ip ]*
host-ip
ping ipx ipx-add [ -c count | -s packetsize | -t timeout ]*
View
Any view
Parameter
-a ip-add: Specify the source IP address to transmit ICMP ECHO-REQUEST.
-c: count specify how many times the ICMP ECHO-REQUEST packet will be
transmitted, ranging from 1 to 4294967295.
-d: Configure the socket to be in DEBUGGING mode.
-f: Drop the packets which are larger than the MTU instead of fragmenting them.
-h ttl: Configure TTL value for echo requests to be sent, range from 1 to 255.
-i: Configure to choose packet sent on the interface.
interface-type: Specify the interface type.
interface-num: Specify the interface number.
interface-name: Specify the interface name.
-n: Configure to take the host parameter as IP address without domain name
resolution.
-p: pattern is the hexadecimal padding of ICMP ECHO-REQUEST, e.g. -p ff pads the
packet completely with ff.
-q: Configure not to display any other detailed information except statistics.
-r: Record route.
-s packetsize: Specify the length of ECHO-REQUEST (excluding IP and ICMP packet
header) in bytes, in the range of 20 to 32000 bytes.
-t timeout: Maximum waiting time after sending the ECHO-REQUEST (measured in
ms).
-tos tos: Specify TOS value for echo requests to be sent, range from 0 to 255.
-v: Show other received ICMP packets (non ECHO-RESPONSE).
host-ip: Destination host domain name or IP address of the destination host.

4-9

ip: Choose IP ICMP packet.

ipx: Choose IPX packet.
ipx-add: IPX address of the destination host.
Description
Using ping command, you can check the IP network connection and the reachability of
the host.
By default, when the parameters are not specified:
z
The ECHO-REQUEST message will be sent for 5 times.
socket is not in DEBUGGING mode.
The TTL value for echo requests is 255.
host will be treated as IP address first. If it is not an IP address, perform domain

name resolution.
The default padding operation starts from 0x01 and ends on 0x09 (progressively),
then performs again.
Show all the information including statistics.
Routes are not recorded.
Send ECHO-REQUEST according to route selection.
Default length of ECHO-REQUEST is 56 bytes.
Default timeout of ECHO-RESPONSE is 2000ms.
Do not display other ICMP packets (non ECHO-RESPONSE).
The TOS value of echo requests is 0.
The ping command sends ICMP ECHO-REQUEST message to the destination. If the
network to the destination works well, then the destination host will send ICMP
ECHO-REPLY to the source host after receiving ICMP ECHO-REQUEST.
Perform ping command to troubleshoot the network connection and line quality. The
output information includes:
z
Responses to each of the ECHO-REQUEST messages. If the response message

is not received until timeout, output "Request time out". Or display response
message bytes, packet sequence number, TTL and response time.
The final statistics, including number of sent packets, number of response packets
received, percentage of non-response packets and minimal/maximum/average
value of response time.
If the network transmission rate is too low, you can increase the response message
timeout.
For the related commands, see tracert.
Example
# Check whether the host 202.38.160.244 is reachable.
<Quidway> ping 202.38.160.244
4-10

ping 202.38.160.244 : 56 data bytes

Reply from 202.38.160.244 : bytes=56 sequence=1 ttl=255 time = 1ms
--202.38.160.244 ping statistics-5 packets transmitted
5 packets received
0% packet loss
round-trip min/avg/max = 1/2/3 ms
4.4.2 tracert
Syntax
tracert [ -a source-ip ] [ -f first-TTL ] [ -m max-TTL ] [ -p port ] [ -q num-packet ] [ -w
timeout ] string
View
Any view
Parameter
-a source-ip: Configure the source IP address used by tracert command.
-f: Configure to verify the -f switch, first-TTL specifies an initial TTL, ranging from 0 to
the maximum TTL.
-m: Configure to verify the -m switch, max-TTL specifies a maximum TTL ,ranging from
0 to 255, and larger than the initial TTL.
-p: Configure to verify the -p switch, port is an integer host port number, ranging from 0
to 65535. Generally, user need not modify this option.
-q: Configure to verify the -q switch, num-packet is an integer specifying the number of
query packets sent, ranging from 0 to 65535.
-w: Configure to verify the -wf switch, timeout is an integer specifying IP packet timeout
in seconds, ranging from 0 to 65535.
srting: The IP address of the destination host or the hostname of the remote system.
Description
Using tracert command, you can check the reachability of network connection and
troubleshoot the network. User can test gateways passed by the packets transmitted
from the host to the destination.
By default, when the parameters are not specified,

4-11

first-TTL is 1,
max-TTL is 30,
port is 33434,
nqueries is 3 and
timeout is 5s.
The tracert command sends a packet with TTL 1, and the first hop will send an ICMP
error message back to indicate this packet cannot be transmitted (because of TTL
timeout). Then this packet will be sent again with TTL 2, and the second hop will
indicate a TTL timeout error. Perform this operation repeatedly till reaching the
destination. These processes are operated to record the source address of each ICMP
TTL timeout so as to provide a path to the destination for an IP packet.
After ping command finds some error on the network, perform tracert to locate the
error.
The output of tracert command includes IP address of all the gateways to the
destination. If a certain gateway times out, output "***".
Example
# Test the gateways passed by the packets to the destination host at 18.26.0.115.
<Quidway> tracert 18.26.0.115
tracert to allspice.lcs.mit.edu (18.26.0.115), 30 hops max, 40 bytes packet
1 helios.ee.lbl.gov (128.3.112.1) 0 ms 0 ms 0 ms
2 lilac-dmc.Berkeley.EDU (128.32.216.1) 19 ms 19 ms 19 ms
3 lilac-dmc.Berkeley.EDU (128.32.216.1) 39 ms 19 ms 19 ms
4 ccngw-ner-cc.Berkeley.EDU (128.32.136.23) 19 ms 39 ms 39 ms
5 ccn-nerif22.Berkeley.EDU (128.32.168.22) 20 ms 39 ms 39 ms
6 128.32.197.4 (128.32.197.4) 59 ms 119 ms 39 ms
7 131.119.2.5 (131.119.2.5) 59 ms 59 ms 39 ms
8 129.140.70.13 (129.140.70.13) 80 ms 79 ms 99 ms
9 129.140.71.6 (129.140.71.6) 139 ms 139 ms 159 ms
10 129.140.81.7 (129.140.81.7) 199 ms 180 ms 300 ms
11 129.140.72.17 (129.140.72.17) 300 ms 239 ms 239 ms
12 * * *
13 128.121.54.72 (128.121.54.72) 259 ms 499 ms 279 ms
14 * * *
15 * * *
16 * * *
17 * * *
18 ALLSPICE.LCS.MIT.EDU (18.26.0.115) 339 ms 279 ms 279 ms

4-12

4.5 Log Commands

4.5.1 display channel
Syntax
display channel [ channel-number | channel-name ]
View
Any view
Parameter
channel-number: Channel number, ranging from 0 to 9, that is, the system has ten
channels.
channel-name: Specify the channel name. the name can be channel6, channel7,
channel8, channel9, console, logbuffer, loghost, monitor, snmpagent, trapbuffer.
Description
Using display channel command, you can view the details about the information
channel.
Without parameter, display channel command shows the configurations of all the
channels.
Example
# Show details about the information channel 0.
<Quidway> display channel 0
channel number:0, channel name:console
MODU_ID
NAME
ENABLE
ffff0000 default
LOG_LEVEL
warning
ENABLE
TRAP_LEVEL
4.5.2 display info-center

Syntax
display info-center
View
Any view
Parameter
None

4-13
debugging
ENABLE
Y
DEBUG_LEVEL
debugging

Description
Using display info-center command, you can view the configuration of system log and
the information recorded in the memory buffer.
If the information in the current log/trap buffer is less than the specified sizeval, display
the actual log/trap information.
For the related commands, see info-center enable,info-center loghost,info-center
logbuffer,info-center console channel,info-center monitor channel.
Example
# Show the system log information.
<Quidway> display info-center
Information Center:enabled
Log host:
173.168.1.10, channel number:2, channel name:loghost,
language:english , host facility local:7
Console:
channel number:0, channel name:console
Monitor:
channel number:1, channel name:monitor
SNMP Agent:
channel number:5, channel name:snmpagent
Log buffer:
enabled, max buffer size:1024, current buffer size:256
current messages:6, channel number:4, channel name:logbuffer
dropped messages:0, overwritten messages:0
Trap buffer:
enabled, max buffer size:1024, current buffer size:256
current messages:0, channel number:3, channel name:trapbuffer
dropped messages:0, overwritten messages:0
Information timestamp setting:
log - date, trap - date, debug - boot
4.5.3 display logbuffer

Syntax
display logbuffer [ level severity | size buffersize ]* [ | { begin | exclude | include }
regular-expression ]
View
Any view

4-14

Parameter
level: Information level.
severity: Information level, do not output information below this level. By default, the log
information level is warnings, the trap information level is debugging, the debugging
information level is debugging.
Information at different levels is as follows:
z
emergencies: Level 1 information, which cannot be used by the system.
alerts: Level 2 information, to be reacted immediately.
critical: Level 3 information, critical information.
errors: Level 4 information, error information.
warnings: level 5 information, warning information.
notifications: Level 6 information, showed normally and important.
informational: Level 7 information, notice to be recorded.
debugging: Level 8 information, generated during the debugging progress.
size: Configure the size of buffer.

buffersize: Size of buffer (number of messages which can be kept); By default, the size
of the buffer is 512.
|: Filter the configuration information to be output via regular expression.
begin: Begin with the line that matches the regular expression.
exclude: Exclude lines that match the regular expression.
include: Include lines that match the regular expression.
regular-expression: Define the regular expression.
Description
Using display logbuffer command, you can view the attribute of logbuffer and the
information recorded in logbuffer.
Example
# Show the system logbuffer attribute and the log information in logbuffer.
<Quidway> display logbuffer
Logging buffer configuration and contents:enabled
Allowed max buffer size : 1024
Actual buffer size : 512
Channel number : 4 , Channel name : logbuffer
Dropped messages : 0
Overwritten messages : 0
Current messages : 91

4-15

4.5.4 display logbuffer summary

Syntax
display logbuffer summary [ level severity ]
View
Any view
Parameter
level: Information level.
severity: Information level, do not output information below this level. By default, the log
information level is warnings, the trap information level is debugging, the debugging
information level is debugging.
z
Description
Using display logbuffer summary command, you can view the summary information
recorded in logbuffer.
Example
# Show the summary information recorded in logbuffer.
<Quidway> display logbuffer summary
EMERG ALERT CRIT ERROR WARN NOTIF INFO DEBUG
0
94
display trapbuffer
4.5.5 Syntax
display trapbuffer [ size buffersize ]
4-16

View
Any view
Parameter
Description
Using display trapbuffer command, you can view the attribute of trapbuffer and the
information recorded in trapbuffer.
Example
# Show the system trapbuffer attribute and the log information in trapbuffer.
<Quidway> display trapbuffer
Trapping Buffer Configuration and contents:enabled
allowed max buffer size : 1024
actual buffer size : 256
channel number : 3 , channel name : trapbuffer
dropped messages : 0
overwritten messages : 0
current messages : 6
#Dec 31 14:01:25 2004 Quidway DEV/2/LOAD FINISHED:

Trap 1.3.6.1.4.1.2011.2.23.1.12.1.20: frameIndex is 0, slotIndex 0.4
#Dec 31 14:01:33 2004 Quidway DEV/2/BOARD STATE CHANGE TO NORMAL:

Trap 1.3.6.1.4.1.2011.2.23.1.12.1.11: frameIndex is 0, slotIndex 0.2
#Dec 31 14:01:40 2004 Quidway DEV/2/BOARD STATE CHANGE TO NORMAL:

Trap 1.3.6.1.4.1.2011.2.23.1.12.1.11: frameIndex is 0, slotIndex 0.
.
4.5.6 info-center channel name

Syntax
info-center channel channel-number name channel-name
undo info-center channel channel-number

4-17

View
System view
Parameter
channel-number: Channel number, ranging from 0 to 9, that is, system has ten
channels.
channel-name: Specify the channel name with a character string not exceeding 30
characters, excluding "-", "/" or "\". .
Description
Using info-center channel name command, you can rename a channel specified by
the channel-number as channel-name. Using undo info-center channel command,
you can restore the channel name.
Note that the channel name cannot be duplicated.
Example
# Rename the channel 0 as execconsole.
[Quidway] info-center channel 0 name execconsole
4.5.7 info-center console channel

Syntax
info-center console channel { channel-number | channel-name }
undo info-center console channel
View
System view
Parameter
channels.
channel-name: Specify the channel name. The name can be channel6, channel7,
Description
Using info-center console channel command, you can configure the channel through
which the log information is output to the console.
By default, Ethernet switches output log information to the console.
This command takes effect only after system logging is started.
For the related commands, see info-center enable,display info-center.
4-18

Example
# Configure to output log information to the console through channel 0.
[Quidway] info-center console channel 0
4.5.8 info-center enable

Syntax
info-center enable
undo info-center enable
View
System view
Parameter
none
Description
Using info-center enable command, you can enable the system log function. Using
undo info-center enable command, you can disable system log function.
By default, system log function is enabled.
Only after the system log function is enabled can the system output the log information
to the info-center loghost and console, etc.
For the related commands, see info-center loghost, info-center logbuffer, info-center
console channel, info-center monitor channel, display info-center.
Example
# Enable the system log function.
[Quidway] info-center enable
4.5.9 info-center logbuffer

Syntax
info-center logbuffer [ channel { channel-number | channel-name } | size buffersize ]*
undo info-center logbuffer [ channel | size ]
View
System view
Parameter
channel: Configure the channel to output information to buffer.
4-19

channels.
Description
Using info-center logbuffer command, you can configure to output information to the
memory buffer. Using undo info-center logbuffer command, you can cancel the
information output to buffer
This command takes effect only after the system logging is enabled.
For the related commands, see info-center enable, display info-center.
Example
# Send log information to buffer and sets the size of buffer as 50.
[Quidway] info-center logbuffer size 50
4.5.10 info-center loghost

Syntax
info-center loghost host-ip-addr [ channel { channel-number | channel-name } ]
[ facility local-number ] [ language { chinese | english } ]
undo info-center loghost host-ip-addr
View
System view
Parameter
host-ip-addr: The IP address of info-center loghost.
channel: Configure information channel of the info-center loghost.
channels.
facility: Configure the recording tool of info-center loghost.
local-number: Record tool of info-center loghost, ranging from local0 to local7.
language: Set the logging language.
4-20

chinese,english: Language used in log file.
Description
Using info-center loghost command, you can configure the IP address of the
info-center loghost to send information to it. Using undo info-center loghost
command, you can cancel output to info-center loghost.
By default, Ethernet switches do not output information to info-center loghost.
Example
# Configure to send log information to the UNIX workstation at 202.38.160.1.
[Quidway] info-center loghost 202.38.160.1
4.5.11 info-center loghost source

Syntax
info-center loghost source interface-name
undo info-center loghost source
View
System view
Parameter
source interface-name: set source address of the packets sent to loghost as the
address of the interface specified by the interface-name. Normally, the interface can be
VLAN interface, NULL interface or Loopback interface.
Description
Using info-center loghost source command, you can set source address of the
packets sent to loghost as the address of the interface specified by the interface-name.
Using undo info-center loghost source command, you can cancel the setting source
address of the packets sent to loghost.
Example
# Set source address of the packets sent to loghost as the address of the VLAN
interface 1.
[Quidway] info-center loghost source vlan-interface 1

4-21

4.5.12 info-center monitor channel

Syntax
info-center monitor channel { channel-number | channel-name }
undo info-center monitor channel
View
System view
Parameter
channels.
Description
Using info-center monitor channel command, you can configure the channel to
output the log information to the user terminal. Using undo info-center monitor
channel command, you can restore the channel to output the log information to the
user terminal to default value.
By default, Ethernet switches do not output log information to user terminal.
This command takes effect only after system logging is started.
Example
# Configure channel 0 to output log information to user terminal.
[Quidway] info-center monitor channel 0
4.5.13 info-center snmp channel

Syntax
info-center snmp channel { channel-number | channel-name }
undo info-center snmp channel
View
System view
Parameter
channels. By default, channel 5 is used.

4-22

Description
Using info-center snmp channel command, you can configure new channel for
transmitting the SNMP information. Using undo info-center snmp channel command,
you can restore the channel for transmitting the SNMP information to default value.
For the related commands, see display snmp.
Example
# Configure channel 6 as the SNMP information channel.
[Quidway] info-center snmp channel 6
4.5.14 info-center source

Syntax
info-center source { modu-name | default } channel { channel-number |
channel-name } [ { log | trap | debug } * { level severity | state state ] } *
undo info-center source { modu-name | default } channel { channel-number |
channel-name }
View
System view
Parameter
modu-name: Module name.
default: All the modules.
log: Log information.
trap: Trap information.
debugging: Debugging information.
level: Level.
severity: Information level, do not output information below this level.

4-23


Table 4-1 Default information level of each channel

channel
Log information
level
Trap information
level
Debugging
information level
Console
warning
debugging
debugging
Terminal
warning
debugging
debugging
Log host
informational
debugging
debugging
Trapbuffer
informational
warning
debugging
Logbuffer
warning
debugging
debugging
SNMPagent
debugging
warning
debugging
Channel6
debugging
debugging
debugging
Channel7
debugging
debugging
debugging
Channel8
debugging
debugging
debugging
Channel9
debugging
debugging
debugging
Table 4-2 Default information switch state of each channel

Channel
Log information
switch
Trap information
switch
Debug information
switch
Console
Enable
Disable
Enable
Terminal
Enable
Disable
Enable
Log host
Enable
Enable
Disable
Trapbuffer
Disable
Enable
Disable
Logbuffer
Enable
Disable
Disable
SNMPagent
Disable
Enable
Disable
Channel6
Enable
Enable
Disable
Channel7
Enable
Enable
Disable
Channel8
Enable
Enable
Disable
Channel9
Enable
Enable
Disable

4-24

Note:
If you only specify the level for one/two of the three types of information, the level(s) of
the unspecified two/one return(s) to the default. For example, if you only define the
level of the log information, then the levels of the trap and debugging information return
to the defaults.
channel-number: Channel number to be set.

channel-name: Channel name to be set. The name can be channel6, channel7,
state: Set the state of the information.
state: Specify the state as on or off.
Description
Using info-center source command, you can add/delete a record to the information
channel. Using undo info-center source command, you can cancel the contents of
the information channel.
For example, for the filter of IP module log output, you can configure to output the logs
at a level higher than warnings to the log host and output those higher than
informational to the log buffer. You can also configure to output the trap information on
the IP module to a specified trap host, etc.
The channels for filtering in all the directions are specified by this configuration
command. All the information will be sent to the corresponding directions through the
specified channels. You can configure the channels in the output direction, channel
filter information, filtering and redirecting of all kinds of information.
At present, the system distributes an information channel in each output direction by
default, shown as follows:
Table 4-3 Information channel in each output direction by default
Output direction
Information channel name
Console
console
Monitor
monitor
Info-center loghost
loghost
Log buffer
logbuffer
Trap buffer
trapbuffer
snmp
snmpagent

4-25

In addition, each information channel has a default record with the module name
default and module number as 0xffff0000. However, for different information channel,
the default log, trap and debugging settings in the records may be different with one
another. Use default configuration record if a module does not have any specific
configuration record in the channel.
Example
# Configure to enable the log information of VLAN module in SNMP channel and allows
the output of the information with a level higher than emergencies.
[Quidway] info-center source vlan channel snmp log level emergencies
4.5.15 info-center timestamp

Syntax
info-center timestamp { log | trap | debugging } { boot | date | none }
undo info-center timestamp { log | trap | debugging }
View
System view
Parameter
log: Log information.
trap: Trap information.
debugging: Debugging information.
boot: Time elapsing after system starts. Format: xxxxxx.yyyyyy, xxxxxx is the high 32
bits of the elapsed time (in milliseconds) after system starts, and yyyyyy is the low 32
bits.
date: Current system date and time. It shows as yyyy/mm/dd-hh:mm:ss in Chinese
environment and mm dd hh:mm:ss yyyy in Western language environment.
none: No timestamp format.
Description
Using info-center timestamp command, you can configure the timestamp output
format in debugging/trap information. Using undo info-center timestamp command,
you can disable the output of timestamp field.
By default, datetime stamp is used.
Example
# Configure the debugging information timestamp format as boot.
[Quidway] info-center timestamp debugging boot
4-26

4.5.16 info-center trapbuffer

Syntax
info-center trapbuffer [ size buffersize ] [ channel { channel-number |
channel-name } ]
undo info-center trapbuffer [ channel | size ]
View
System view
Parameter
size: Configure the size of the trap buffer.
buffersize: Size of trap buffer (numbers of messages).
channel: Configure the channel to output information to trap buffer.
channels.
channel-name: Specify the channel name.
Description
Using info-center trapbuffer command, you can output information to the trap buffer.
Using undo info-center trapbuffer command, you can cancel output information to
trap buffer.
By default, output information is transmitted to trap buffer and size of trap buffer is 256.
Example
# Send information to the trap buffer and sets the size of buffer as 30.
[Quidway] info-center trapbuffer size 30
4.5.17 reset logbuffer

Syntax
reset logbuffer
View
User view
Parameter
none
4-27

Description
Using reset logbuffer command, you can reset information in log buffer.
Example
# Clear information in log buffer.
<Quidway> reset logbuffer
4.5.18 reset trapbuffer

Syntax
reset trapbuffer
View
User view
Parameter
none
Description
Using reset trapbuffer command, you can reset information in trap buffer.
Example
# Clear information in trap buffer.
<Quidway> reset trapbuffer
4.5.19 terminal debugging

Syntax
terminal debugging
undo terminal debugging
View
User view
Parameter
none
Description
Using terminal debugging command, you can configure to display the debugging
information on the terminal. Using undo terminal debugging command, you can
configure not to display the debugging information on the terminal.
4-28

By default, the displaying function is disabled.

For the related commands, see debugging.
Example
# Enable the terminal display debugging.
<Quidway> terminal debugging
4.5.20 terminal logging

Syntax
terminal logging
undo terminal logging
View
User view
Parameter
none
Description
Using terminal logging command, you can enable terminal log information display.
Using undo terminal logging command, you can disable terminal log information
display.
By default, this function is enabled.
Example
# Disable the terminal log display.
<Quidway> undo terminal logging
4.5.21 terminal monitor

Syntax
terminal monitor
undo terminal monitor
View
User view
Parameter
none

4-29

Description
Using terminal monitor command, you can enable the log debugging/log/trap on the
terminal monitor. Using undo terminal monitor command, you can disable these
functions.
By default, enable these functions for the console user and disable them for the
terminal user.
This command only takes effect on the current terminal where the commands are input.
The debugging/log/trap information can be output to the current terminal, beginning in
user view. When the terminal monitor is shut down, no debugging/log/trap information
will be displayed in local terminal, which is equals to having performed undo terminal
debugging,undo terminal logging,undo terminal trapping commands. When the
terminal monitor is enabled, you can use terminal debugging / undo terminal
debugging, terminal logging / terminal logging and terminal trapping / undo
terminal trapping respectively to enable or disable the corresponding functions.
Example
# Disable the terminal monitor.
<Quidway> undo terminal monitor
4.5.22 terminal trapping

Syntax
terminal trapping
undo terminal trapping
View
User view
Parameter
none
Description
Using terminal trapping command, you can enable terminal trap information display.
Using undo terminal trapping command, you can disable this function.
By default, this function is enabled.
Example
# Enable trap information display.
<Quidway> terminal trapping

4-30

Chapter 5 SNMP Configuration Commands

5.1 SNMP Configuration Commands
5.1.1 display snmp-agent community
Syntax
display snmp-agent community [ read | write ]
View
Any view
Parameter
read: display read-only community information.
write: display read-write community information.
Description
Using display snmp-agent community command, you can view the currently
configured community names.
Example
# Display the currently configured community names.
<Quidway> display snmp-agent community
community name:public
group name:public
storage-type: nonVolatile
community name:tom
group name:hello
storage-type: nonVolatile
5.1.2 display snmp-agent

Syntax
display snmp-agent { local-engineid | remote-engineid }
View
Any view

5-1

Parameter
local-engineid: local engine ID.
remote-engineid: remote engine ID.
Description
Using display snmp-agent engineid command, you can view engine ID of current
device.
SNMP engine is the core of SNMP entity. It performs the function of sending, receiving
and authenticating SNMP message, extracting PDU, packet encapsulation and the
communication with SNMP application, etc.
Example
# Display the engine ID of current device.
<Quidway> display snmp-agent local-engineid
SNMP local engineID: 00000009020000000C025808
5.1.3 display snmp-agent group

Syntax
display snmp-agent group [ group-name ]
View
Any view
Parameter
groupname: Group name, ranging from 1 to 32 bytes.
Description
Using display snmp-agent group command, you can view group name, safe mode,
state of various views and storage modes.
Example
# Display SNMP group name and safe mode.
<Quidway> display snmp-agent group
Group name: hello
Security model: v2c noAuthnoPriv
Readview: ViewDefault
Writeview: <no specified>
Notifyview :<no specified>
Storage-type: nonVolatile

5-2

The following table describes the output fields.

Table 5-1 Output description of the display snmp-agent group command
Field
Description
groupname
SNMP Group name of the user
Security model
The security model adopted by SNMP
readview
Read-only MIB view name corresponding to that group
writeview
Writable MIB view corresponding to that group
notifyview
The name of the notify MIB view corresponding to that group
storage-type
Storage type
5.1.4 display snmp-agent mib-view

Syntax
display snmp-agent mib-view [ exclude | include | { viewname mib-view } ]
View
Any view
Parameter
exclude: Display the SNMP mib view excluded.
Include: Display the SNMP mib view included.
viewname: Display the SNMP mib view according to the mib view name.
mib-view: Specify the mib view name.
Description
display snmp-agent mib-view command is used to view the MIB view configuration
information of the Ethernet switch.
Example
# Display the information about the currently configured MIB view.
<Quidway> display snmp-agent mib-view
View name:system
MIB Subtree:system
Subtree mask:
View Type:included
View status:active

5-3

View name:ViewDefault
MIB Subtree:iso
Subtree mask:
View Type:included
View status:active
MIB Subtree:snmpUsmMIB
Subtree mask:
View Type:excluded
View status:active
MIB Subtree:snmpVacmMIB
Subtree mask:
View Type:excluded
View status:active
MIB Subtree:snmpModules.18
Subtree mask:
View Type:excluded
View status:active

Table 5-2 Output description of the display snmp-agent mib-view command
Field
Description
View name
View name
MIB Subtree
MIB subtree
Subtree mask
The mask of the Subtree
storage-type
Storage type
View Type: included/excluded
View Type: permit or forbid access to an MIB

object
View status: active/inactive
Indicate the line state in the table, may be active

or inactive

5-4

Caution:
If the SNMP Agent is disabled, "Snmp Agent disabled" will be displayed after you
execute the above display commands.
5.1.5 display snmp-agent statistics

Syntax
display snmp-agent statistics
View
Any view
Parameter
none
Description
Using display snmp-agent statistics command, you can view current state of SNMP
communication.
This command provides a counter for SNMP operations.
Example
# Display the current state of SNMP communication.
<Quidway> display snmp-agent statistics
9232 Messages delivered to the SNMP entity
0 Messages which were for an unsupported version
0 Messages which used a SNMP community name not known
0 Messages which represented an illegal operation for the community supplied
0 ASN.1 or BER errors in the process of decoding
9266 Messages passed from the SNMP entity
0 SNMP PDUs which had badValue error-status
0 SNMP PDUs which had genErr error-status
11 SNMP PDUs which had noSuchName error-status
0 SNMP PDUs which had tooBig error-status (Maximum packet size 2000)
33029 MIB objects retrieved successfully
2 MIB objects altered successfully
714 GetRequest-PDU accepted and processed
8514 GetNextRequest-PDU accepted and processed
10 GetBulkRequest-PDU accepted and processed

5-5

9230 GetResponse-PDU accepted and processed

1 SetRequest-PDU accepted and processed
34 Trap PDUs accepted and processed

Table 5-3 Output description of the display snmp-agent statistics command
Field
Description
9232 Messages delivered to the SNMP

entity
Total number of the input SNMP packets
0 Messages which
unsupported version
Number of packets
information error
were
for
an
with
version
0 Messages which used a SNMP

community name not known
Number of packets with community

name error
0 Messages which represented an

illegal operation for the community
supplied
Number of packets with authority error

corresponding to the community name
0 ASN.1 or BER errors in the process of

decoding
Number of SNMP packets with encoding

error
9266 Messages passed from the SNMP

entity
Total number of the output SNMP

packets
0 SNMP PDUs which had badValue

error-status
Number of SNMP
Bad_values error
packets
with
0 SNMP PDUs which had genErr

error-status
Number of SNMP
General_errors
packets
with
11
SNMP
PDUs
which
noSuchName error-status
Number of the packets requesting

nonexistent MIB objects
had
0 SNMP PDUs which had tooBig

error-status (Maximum packet size
1800)
Number SNMP packet with too_big error
33029
MIB
successfully
Number of variables requested by NMS
objects
retrieved
2 MIB objects altered successfully
The number of variables set by NMS
714 GetRequest-PDU accepted and

processed
Number of the
requested by get
received
packets
8514 GetNextRequest-PDU accepted

and processed
Number of the received

requested by get-next
packets
10 GetBulkRequest-PDU accepted and

processed
Number of the received

requested by get-bulk
packets
9230 GetResponse-PDU accepted and

processed
Number of the response packets sent
1 SetRequest-PDU
processed
Number of the
requested by set
accepted
and

5-6
received
packets

Field
Description
34 Trap PDUs accepted and processed
Number of the sent Trap packets
5.1.6 display snmp-agent sys-info contact

Syntax
display snmp-agent sys-info contact
View
Any view
Parameter
none
Description
Using display snmp-agent sys-info contact command, you can view the character
string sysContact (system contact).
Example
# Display the character string sysContact (system contact).
<Quidway> display snmp-agent sys-info contact
The contact person for this managed node:
Hangzhou Huawei-3Com Tech. Co.,Ltd.
5.1.7 display snmp-agent sys-info location

Syntax
display snmp-agent sys-info location
View
Any view
Parameter
none
Description
Using display snmp-agent sys-info location command, you can view the character
string describing the system location.

5-7

Example
# Display the system location.
<Quidway> display snmp-agent sys-info location
The physical location of this node:
BeiJing China
5.1.8 display snmp-agent sys-info version

Syntax
display snmp-agent sys-info version
View
Any view
Parameter
none
Description
Using display snmp-agent sys-info version command, you can view the version
information about the running SMNMP in the system.
Example
# Display the version information of running SNMP
<Quidway> display snmp-agent sys-info version
SNMP version running in the system:
SNMPv3
5.1.9 display snmp-agent usm-user

Syntax
display snmp-agent usm-user [ engineid engineid ] [ group groupname ]
[ username username ]
View
Any view
Parameter
engineid: display user information with specified engine ID.
username:display user information with specified user name.
groupname:display user information of specified group.
5-8

Description
Using display snmp-agent usm-user command, you can view information of all the
SNMP usernames in the group username list.
Example
# Display the information of all the current users.
<Quidway> display snmp-agent usm-user engineid 1234567890
User name: userv3aaaa
Group name: managev3group
Engine ID: 1234567890
UserStatus: active

Table 5-4 Output description of the display snmp-agent usm-user command
Field
Description
User name
The name of SNMP user
Group name
The name of SNMP group
Engine ID
Character string identifying SNMP device
Storage-type
The storing type of SNMP information
UserStatus
The status of the user, may be active or inactive.
5.1.10 enable snmp trap

Syntax
enable snmp trap updown
undo enable snmp trap updown
View
Ethernet port view / VLAN interface view
Parameter
None.
Description
Using enable snmp trap updown command, you can enable the current port to
transmit the LINK UP and LINK DOWN trap information. Using undo enable snmp

5-9

trap updown command, you can disable current port to transmit the LINK UP and LINK
DOWN trap information.
By default, the current port is capable of transmitting the LINK UP and LINK DOWN trap
information.
Example
# Enable current port Ethernet6/0/1 to transmit the LINK UP and LINK DOWN trap
information.
[Quidway-Ethernet6/0/1] enable snmp trap updown
5.1.11 snmp-agent local-engineid

Syntax
snmp-agent local-engineid engineid
undo snmp-agent local-engineid
View
System view
Parameter
local-engineid: Specify an engineID for the local SNMPv3 entity
engineid: Specify the engine ID with a character string, only composed of hexadecimal
numbers, the size must be in the range 5 to 32 bytes. An engine ID can contain up to
64 4-bit hexadecimal numbers. By default, the value is "Enterprise Number + device
information".
Description
Using snmp-agent local-engineid command, you can configure a name for a local or
remote SNMP engine on the Ethernet Switch. Using undo
snmp-agent
local-engineid command, you can restore the default setting of engine ID.
Device information is determined according to different products. It can be IP address,
MAC address or user defined text. However, you must use numbers in hexadecimal
form.
Example
# Configure the ID of a local or remote device as 1234512345.
[Quidway] snmp-agent local-engineid 1234512345

5-10

5.1.12 snmp-agent community

Syntax
snmp-agent community { read | write } community-name [ [ mib-view view-name ]
[ acl acl-list ] ]
undo snmp-agent community community-name
View
System view
Parameter
read: Indicate that MIB object can only be read.
write: Indicate that MIB object can be read and written.
community-name: Community name character string.
view-name: MIB view name.
acl acl-list:set access control list for specified community.
Description
Using snmp-agent community command, you can configure community access
name and enable the access to SNMP. Using undo snmp-agent community
command, you can cancel the settings of community access name.
Example
# Configure community name as hello and permits read-only access by this community
name.
[Quidway] snmp-agent community read hello
# Configure community name as mgr and permits read-write access.
[Quidway] snmp-agent community write mgr
5.1.13 snmp-agent group

Syntax
snmp-agent group { v1 | v2c } group-name [ read-view read-view ] [ write-view
write-view ] [ notify-view notify-view ] [ acl acl-list ]
undo snmp-agent group { v1 | v2c } group-name
snmp-agent group v3 group-name [ authentication | privacy ] [ read-view
read-view ] [ write-view write-view ] [notify-view notify-view ] [ acl acl-list ]
undo snmp-agent group v3 group-name [ authentication | privacy ]

5-11

View
System view
Parameter
groupname: Group name, ranging from 1 to 32 bytes.
authentication: Configure to authenticate the packet without encryption.
privacy: Configure to authenticate and encrypt the packet.
read-view: Configures to allow read-only view settings.
readview: Read-only view name, ranging from 1 to 32 bytes.
write-view: Configure to allow read-write view settings.
writeview: The name of read-write view, ranging from 1 to 32 bytes.
notify-view: Configure to allow notify view settings.
notifyview: Specify the notify view name, ranging from 1 to 32 bytes.
acl acl-list:Set access control list for this group name.
Description
Using snmp-agent group command, you can configure a new SNMP group, that is, to
map SNMP user to SNMP view. Using undo snmp-agent group command, you can
cancel a specified SNMP group.
For the following reasons:
z
snmp-agent target-host command automatically generates a notifyview for user

and adds it to the corresponding group.
Any change of the SNMP group notify view will affect all the users related to this
group.
Please do not specify the notify view when configuring SNMP group.
Example
# Create an SNMP group named hello.
[Quidway] snmp-agent group v3 hello.
5.1.14 snmp-agent mib-view

Syntax
snmp-agent mib-view { included | excluded } view-name oid-tree
undo snmp-agent mib-view view-name
View
System view

5-12

Parameter
included: Include this MIB subtree.
excluded: Exclude this MIB subtree.
view-name: Specify the view name, with a character string, ranging from 1 to 32
characters. By default, the view name is ViewDefault.
oid-tree: MIB object subtree. It can be a character string of the variable OID, or a
variable name, ranging from 1 to 255 characters. By default, OID is 1.3.6.1.
Description
Using snmp-agent mib-view command, you can create or update the view information.
Using undo snmp-agent mib-view command, you can cancel the view information
By default, the view name is ViewDefault, OID is 1.3.6.1.
Both the character string of OID and the node name can be input as parameter.
Example
# Create a view that consists of all the objects of MIB-II.
[Quidway] snmp-agent mib-view included mib2 1.3.6.1.2.1
5.1.15 snmp-agent packet max-size

Syntax
snmp-agent packet max-size byte-count
undo snmp-agent packet max-size
View
System view
Parameter
byte-count: Specify the size of SNMP packet (measured in bytes), ranging from 484 to
17940. By default, the size is 2000 bytes.
Description
Using snmp-agent packet max-size command, you can configure the size of SNMP
packet that the Agent can send/receive. Using undo snmp-agent packet max-size
command, you can restore the default size of SNMP packet.
The sizes of the SNMP packets received/sent by the Agent are different in different
network environment.
Example
# Set the size of SNMP packet to 1042 bytes.
5-13

[Quidway] snmp-agent packet max-size 1042
5.1.16 snmp-agent sys-info

Syntax
snmp-agent sys-info { contact sysContact | location syslocation | version { { v1 |
v2c | v3 } * | all } }
undo snmp-agent sys-info { { contact | location }* | version { { v1 | v2c | v3 } * |
all } }
View
System view
Parameter
sysContact: Specify a character string describing the system maintaining contact (in
bytes), with a length ranging from 1 to 255; By default, the contact information is "Hello
Beijing China".
sysLocation: Specify a character string to describe the system location; By default, the
character string is "Beijing China".
version: version of running SNMP.
v1:SNMP V1.
v2c:SNMP V2C.
v3:SNMP V3.
all:all SNMP version (includes SNMP V1, SNMP V2C, SNMP V3).
Description
Using snmp-agent sys-info command, you can configure system information such as
geographical location of the device, contact information for system maintenance and
version information of running SNMP. Using undo snmp-agent sys-info location
Example
# Set system location as Building 3/Room 214.
[Quidway] snmp-agent sys-info location Building 3/Room 214

5-14

5.1.17 snmp-agent target-host

Syntax
snmp-agent
target-host
trap
address
udp-domain
host-addr [ udp-port
udp-port-number ] params securityname community-string [ v1 | v2c | v3

[ authentication | privacy ] ]
undo snmp-agent target-host host-addr securityname community-string
View
System view
Parameter
trap:Specify the host to receive traps or notifications
address:Specify the transport addresses to be used in the generation of SNMP
messages.
udp-domain:Specify transport domain over UDP for the target address
host-addr: The IP address of destination host.
udp-port udp-port-number: Specify the UDP port number of the host to receive the
SNMP notification.
params:Specify SNMP target information to be used in the generation of SNMP
messages
v1: Represent the version of SNMPV1.
v2c: Represent the version of SNMPV2C.
v3: Represent the version of SNMPV3.
authentication: Configure to authenticate the packet without encryption.
privacy: Configure to authenticate and encrypt the packet.
community-string: Specify the community name. The character string ranges from 1 to
32 bytes.
Description
Using snmp-agent target-host command, you can configure destination of SNMP
notification. Using undo snmp-agent target-host command, you can cancel the host
that receives SNMP notification.
The snmp-agent target-host command and the snmp-agent trap enable command
should be used at the same time. Use the snmp-agent trap enable command to
enable the device to transmit Trap packets. snmp-agent trap enable command and
snmp-agent target-host command should be used at the same time on the host to
enable notify message sending.

5-15

Example
# Enable sending Trap message to myhost.hello.com with community name hello.
[Quidway] snmp-agent trap enable
[Quidway] snmp-agent target-host trap address udp-domain 2.2.2.2 params
securityname hello
# Enable sending Trap packets to 2.2.2.2 with the community name public
[Quidway] snmp-agent trap enable
securityname public
5.1.18 snmp-agent trap enable

Syntax
snmp-agent trap enable [ standard [ authentication ] [ coldstart ] [ linkdown ]
[ linkup ] | bgp [ backwardtransition ] [ established ] | vrrp [ authfailure |
newmaster ] ]
undo snmp-agent trap enable [ standard [ authentication ] [ coldstart ] [ linkdown ]
[ linkup ] | bgp [ backwardtransition ] [ established ] | vrrp [ authfailure |
newmaster ] ]
View
System view
Parameter
standard [ authentication ] [ coldstart ] [ linkdown ] [ linkup ]: Configure to send
standard Trap messages. authentication: Configure to send SNMP authentication
Trap messages. coldstart: Configure to send SNMP cold start Trap messages.
linkdown: Configure to send SNMP link down Trap messages. linkup: Configure to
send SNMP link up Trap messages.
bgp [ backwardtransition ] [ established ] : Configure to send BGP Trap messages.
vrrp [ authfailure | newmaster ] : Configure to send VRRP Trap messages.
Description
Using snmp-agent trap enable command, you can enable the device to send Trap
message. Using undo snmp-agent trap enable command, you can disable Trap
message sending.
By default, Trap message sending is disabled.
snmp-agent trap enable command and snmp-agent target-host command should
be used at the same time. snmp-agent target-host command specifies which hosts

5-16

can receive Trap message. However, to send Trap message, at least one snmp-agent
target-host command should be configured.
Example
# Enable to send the trap packet of SNMP authentication failure to 10.1.1.1. The
community name is hello.
[Quidway] snmp-agent trap enable standard authentication
securityname hello
5.1.19 snmp-agent trap life

Syntax
snmp-agent trap life seconds
undo snmp-agent trap life
View
System view
Parameter
seconds: Specify the timeouts, ranging from 1 to 2592000 seconds; By default, the
timeout interval is 120 seconds.
Description
Using snmp-agent trap life command, you can configure the timeout of Trap packets.
Using undo snmp-agent trap life command, you can restore the default value.
The set timeout of Trap packet is represented by seconds. If time exceeds seconds,
this Trap packet will be discarded.
For the related commands, see snmp-agent trap enable, snmp-agent target-host .
Example
# Configure the timeout interval of Trap packet as 60 seconds.
[Quidway] snmp-agent trap life 60
5.1.20 snmp-agent trap queue-size

Syntax
snmp-agent trap queue-size length
undo snmp-agent trap queue-size

5-17

View
System view
Parameter
length: Length of queue, ranging from 1 to 1000; By default, the length is 100.
Description
Using snmp-agent trap queue-size command, you can configure the information
queue length of Trap packet sent to destination host. Using undo snmp-agent trap
queue-size command, you can restore the default value.
For the related commands, see snmp-agent trap enable, snmp-agent target-host,
snmp-agent trap life.
Example
# Configure the queue length to 200.
[Quidway] snmp-agent trap queue-size 200
5.1.21 snmp-agent trap source

Syntax
snmp-agent trap source vlan-interface vlan-id
undo snmp-agent trap source
View
System view
Parameter
vlan-id: Specify the VLAN interface ID, ranging from 1 to 4000.
Description
Using snmp-agent trap source command, you can configure the source address for
sending Trap. Using undo snmp-agent trap source command, you can cancel the
source address for sending Trap.
Example
# Configure the IP address of the VLAN interface 1 as the source address for
transmitting the Trap packets.
[Quidway] snmp-agent trap source vlan-interface 1

5-18

5.1.22 snmp-agent usm-user

Syntax
snmp-agent usm-user { v1 | v2c } username groupname [ acl acl-list ]
undo snmp-agent usm-user { v1 | v2c } username groupname
snmp-agent usm-user v3 username groupname [ authentication-mode { md5 | sha }
authpassstring [ privacy-mode { des56 privpassstring } ] ] [ acl acl-list ]
undo snmp-agent usm-user v3 username groupname { local | engineid engine-id }
View
System view
Parameter
username: Specify the user name, ranging from 1 to 32 bytes.
groupname: Specify the group name corresponding to that user, a character string at
the length ranging from 1 to 32 bytes.
v1: Configure to use V1 safe mode.
v2c: Configure to use V2c safe mode.
v3: Configure to use V3 safe mode.
authentication-mode: Specify the safety level as authentication required.
md5: MD5 algorithm is adopted in authentication. MD5 authentication uses the
128-digit password. Computation speed of MD5 is faster than that of SHA
sha: SHA algorithm is adopted in authentication. SHA authentication uses the 160-digit
password. Computation speed of SHA is slower than that of MD5, but with higher
security.
authpassword: Specify the authentication password with a character string, ranging
from 1 to 64 bytes.
privacy-mode: Specify the safety level as encrypted.
des56: Specify the authentication protocol as DES.
privpassword: Specify the encryption password with a character string, ranging from 1
to 64 bytes.
acl acl-list:Set access control list for this user based on USM name
Description
Using snmp-agent usm-user command, you can add a new user to an SNMP group.
Using undo snmp-agent usm-user command, you can cancel a user from SNMP
group.

5-19

SNMP engineID (for authentication) is required when configuring remote user for an
agent. This command will not be effective without engineID configured.
For V1 and V2C, this command will add a new community name. For V3, it will add a
new user for an SNMP group.
Example
# Add a user wang for hello (an SNMP group), configures to authenticate with MD5 and
sets authentication password as pass.
[Quidway] snmp-agent usm-user v3 wang hello authentication-mode md5 pass
5.1.23 undo snmp-agent

Syntax
undo snmp-agent
View
System view
Parameter
none
Description
Using undo snmp-agent command, you can disable all versions of SNMP running on
the server.
Perform any command of snmp-agent will enable SNMP Agent.
Example
# Disable the running SNMP agents of all SNMP versions.
[Quidway] undo snmp-agent

5-20

Chapter 6 RMON Configuration Commands

6.1 RMON Configuration Commands
6.1.1 display rmon alarm
Syntax
display rmon alarm [ alarm-table-entry ]
View
Any view
Parameter
alarm-table-entry: Alarm table entry index.
Description
Using display rmon alarm command, you can view RMON alarm information.
For the related commands, see rmon alarm.
Example
# Display the RMON alarm information.
<Quidway> display rmon alarm
Alarm table 1 owned by abc is VALID.
Samples type
Variable formula
: delta
: 1.3.6.1.2.1.2.2.1.11.67111554<ifInUcastPkts.67111554>
Sampling interval
: 10(sec)
Rising threshold
: 100(linked with event 7)
Falling threshold
When startup enables
: risingOrFallingAlarm
Latest value
: 0
Table 6-1 Output description of the display rmon alarm command

Field
Description
Alarm table 1
Index 1 in the alarm table
owned by abc
Creator of the entry.
VALID
The entry corresponding to the index is valid
Samples type
The sampling type

6-1

Field
Description
Variable formula
The alarm variable value of the node.
Sampling interval
The interval of sampling the value.
Rising threshold
Rising threshold. When sampling value rises from normal

value to this threshold, rising threshold alarm will be
triggered.
Falling threshold
Falling threshold. When sampling value decreases from

normal value to this threshold, falling threshold alarm will be
triggered.
When
enables
Enable the first trigger.
startup
risingOrFallingAlarm
The type of the first alarm: Specifies to alarm when

exceeding the rising threshold or the falling threshold.
Latest value
The value of the latest sampling.
6.1.2 display rmon event

Syntax
display rmon event [ event-table-entry ]
View
Any view
Parameter
event-table-entry: Entry index of event table.
Description
Using display rmon event command, you can view RMON events.
The display includes event index in event table, owner of the event, description to the
event, action caused by event (log or alarm information), and occurrence time of the
latest event (counted on system initiate/boot time in centiseconds).
For the related commands, see rmon event.
Example
# Show the RMON event.
<Quidway> display rmon event
Event table 1 owned by abc is VALID.
Description: null.
Will cause log-trap when triggered, last triggered at 0days 00h:02m:27s.

6-2

Table 6-2 Output description of the display rmon event command

Field
Description
Event table 1
Index 1 in event table.
owned by abc
VALID
The entry corresponding to the index is valid.
Description
Event description.
Will cause log-trap when

triggered, last triggered at
0days 00h:02m:27s
When the event is triggered, it will cause the

log-trap. And the last triggered time is
00h:02m:27s.
6.1.3 display rmon eventlog

Syntax
display rmon eventlog [ event-number ]
View
Any view
Parameter
event-number: Entry index of event table.
Description
Using display rmon eventlog command, you can view RMON event log.
The display includes description about event index in event table, description to the
event, and occurrence time of the latest event (counted on system initiate/boot time in
centisecond).
Example
# Show event log of RMON.
<Quidway> display rmon eventlog 1
Event table 1 owned by abc is VALID.
Generates eventLog 1.1 at 0days 00h:01m:39s.
Description: The 1.3.6.1.2.1.16.1.1.1.4.1 defined in alarm table 1,
less than(or =) 100 with alarm value 0. Alarm sample type is absolute.
Generates eventLog 1.2 at 0days 00h:02m:27s.
Description: The alarm formula defined in private alarm table 1,
less than(or =) 100 with alarm value 0. Alarm sample type is absolute.

6-3

Table 6-3 Output description of the display rmon eventlog command

Field
Description
Event table 1
Index 1 in event table
owned by abc
Creator of the entry
VALID
Description
Event description
less than(or =) 100 with alarm

value 0
The alarm sample value is less than or equal

to 100.
Alarm sample type is absolute
The type of alarm sampling is absolute.
Generates eventLog 1.2 at 0days

00h:02m:27s
The eventlog corresponding to the index 1.2 is

generated at 0days 00h:02m:27s.
6.1.4 display rmon history

Syntax
display rmon history [ port-num ]
View
Any view
Parameter
port-num: Ethernet port name.
Description
Using display rmon history command, you can view latest RMON history sampling
information (including utility, error number and total packet number).
For the related commands, see rmon history.
Example
# Show the RMON history information.
<Quidway> display rmon history ethernet 2/0/1
History control entry 1 owned by abc is VALID
Samples interface
: Ethernet2/0/1<ifEntry.642>
Sampling interval
: 10(sec) with 10 buckets max
Latest sampled values :

Dropevents
:0
, octets
:0
packets
:0
, broadcast packets
:0
multicast packets :0
, CRC alignment errors :0

6-4

undersize packets :0
, oversize packets
:0
fragments
:0
, jabbers
:0
collisions
:0
, utilization
:0
Table 6-4 Output description of the display rmon history command

Field
Description
History control entry
Index number in history control table
owned by abc
Creator of the entry
VALID
Samples interface
The sampled port
Sampling interval
Sampling interval
buckets
Records in history control table.
Dropevents
Dropping packet events
octets
Sent/Received octets in sampling time
packets
Packets sent/received in sampling time
broadcast packets
Number of broadcast packets
multicast packets
Number of multicast packets
CRC alignment errors
Number of CRC error packets
undersized packets
Number of undersized packets
oversized packets
Number of oversized packets
fragments
Number of undersized and CRC error packets
jabbers
Number of oversized and CRC error packets
collisions
Number of collision packets
utilization
Utilization
6.1.5 display rmon prialarm

Syntax
display rmon prialarm [ prialarm-table-entry ]
View
Any view
Parameter
prialarm-table-entry:entry of extended alarm table.

6-5

Description
Using display rmon prialarm command, you can view information about extended
alarm table.
For the related commands, see rmon prialarm.
Example
# display alarm information about extended RMON.
<Quidway> display rmon prialarm
Prialarm table 1 owned by abc is VALID.
Samples type
: delta
Variable formula
: .1.3.6.1.2.1.2.2.1.10.641
Description
: ifInOctets.Ethernet1/0/1
Sampling interval
: 10(sec)
Rising threshold
Falling threshold
When startup enables
: risingOrFallingAlarm
This entry will exist : forever.

Latest value
: 0
Table 6-5 Output description of the display rmon prialarm command

Field
Description
Prialarm table 1
Index of extended alarm entry
owned by abc
Creator of the extended alarm entry
VALID
Samples type
The sampling type
Variable formula
The variable formula of the node
Description
The description of the alarm variable
Rising threshold
Rising threshold. When sampling value rises from

normal value to this threshold, rising threshold alarm
will be triggered.
Falling threshold
Falling threshold. When sampling value decreases from

normal value to this threshold, falling threshold alarm
will be triggered.
linked with event 2
Corresponding event index of ring and falling threshold

alarm
When startup enables:

risingOrFallingAlarm
Kind of first alarm. It may trigger rising threshold alarm

or falling threshold alarm or both.
This entry
forever
The lifespan of this alarm entry which can be forever or

a specified period of time.
will
exist

6-6

Field
Description
Latest value
The value of the latest sampling.
6.1.6 display rmon statistics

Syntax
display rmon statistics [ port-num ]
View
Any view
Parameter
port-num: Ethernet port number.
Description
Using display rmon statistics command, you can view RMON statistics.
The displayed information includes collision, CRC (Cyclic Redundancy Check) and
queue, undersized or oversized packet, timeout, fragment, broadcast, multicast,
unicast, and bandwidth utility.
For the related commands, see rmon statistics.
Example
# Show RMON statistics.
<Quidway> display rmon statistics Ethernet 3/0/1
Statistics entry 3 owned by abc is VALID.
Interface : Ethernet3/0/1<ifIndex.201326722>
etherStatsOctets
: 3776
, etherStatsPkts
etherStatsBroadcastPkts
: 0
, etherStatsMulticastPkts : 30
etherStatsUndersizePkts
: 0
, etherStatsOversizePkts
: 0
etherStatsFragments
: 0
, etherStatsJabbers
: 0
, etherStatsCollisions
: 0
etherStatsCRCAlignErrors : 0
: 30
etherStatsDropEvents (insufficient resources): 0

Packets received according to length (etherStatsPktsXXXtoYYYOctets):
64
: 5
65-127
: 10
256-511: 0
512-1023: 0
128-255
1024-max : 0

6-7
: 15

Table 6-6 Output description of the display rmon statistics command

Field
Description
Statistics entry 3
Index number in statistics table
owned by abc
VALID
The entry corresponding to the index is valid
Interface
The sampled port.
etherStatsOctets
Received/Sent octets
etherStatsPkts
Received/Sent packets
etherStatsBroadcastPkts
Number of broadcast packets
etherStatsMulticastPkts
Number of multicast packets
etherStatsUndersizePkts
Number of undersized packets
etherStatsOversizePkts
Number of oversized packets
etherStatsFragments
Number of undersized and CRC error packets
etherStatsJabbers
Number of oversized and CRC error packets
etherStatsCRCAlignErrors
Number of CRC error packets
etherStatsCollisions
Number of collision packets
etherStatsDropEvents
(insufficient resources)
Dropping packet events
Packets received according to

length
The number of packets calculated by the bytes

length.
6.1.7 rmon alarm

Syntax
rmon alarm entry-number alarm-variable interval { delta | absolute } rising-threshold
threshold-value1
event-entry1
falling-threshold
threshold-value2
event-entry2
[ owner text ]
undo rmon alarm entry-number
View
System view
Parameter
entry-number: Number of the entry to be added/deleted, ranging from 1 to 65535.
alarm-variable: Specifies the alarm variable with a character string, ranging from 1 to
256, in the OID dotted format, like 1.3.6.1.2.1.2.1.10.1 (or ifInOctets.1).
6-8

interval: Specifies the sampling interval, ranging from 5 to 65535 (measured in

seconds).
delta: Sampling type is delta.
absolute: Sampling type is absolute.
rising-threshold threshold-value1: Rising threshold, ranging from 0 to 2147483647.
event-entry1: Event number corresponding to the upper limit of threshold, ranging from
0 to 65535.
falling-threshold threshold-value2: Falling threshold, ranging from 0 to 2147483647.
event-entry2: Event number corresponding to the falling threshold, ranging from 0 to
65535.
owner text: Specifies the creator of the alarm. Length of the character string ranges
from 1 to 127.
Description
Using rmon alarm command, you can add an entry to the alarm table. Using undo
rmon alarm command, you can cancel an entry from this table.
In this way, the alarm event can be triggered in the abnormal situations and then
decides to log and send trap to the NM station.
Example
# Delete the information of entry 15 from the alarm table.
[Quidway] undo rmon alarm 15
6.1.8 rmon event

Syntax
rmon event event-entry [ description description ] { log | trap trap-community |
log-trap log-trapcommunity | none } [ owner rmon-station ]
undo rmon event event-entry
View
System view
Parameter
event-entry: Number of the entry to be added/deleted, ranging from 1 to 65535.
description: Event description. Length of the character string ranges from 1 to 127.
log: Log event.
trap: Trap event.
trap-community: The name of the community that trap message is sent to.
6-9

log-trap: Log and trap event.

log-trapcommunity: The name of the community that trap message is sent to.
none: neither log nor trap event.
owner rmon-station: The name of the network management station that creates this
entry. The length of the character string ranges from 1 to 127.
Description
Using rmon event command, you can add an entry to the event table. Using undo
rmon event command, you can cancel an entry from this table.
Event management of RMON defines the way to deal with event number and event-log,
send trap message or log while sending trap message. In this way, alarm events may
obtain corresponding treatment
Example
# Add the entry 10 to the event table and marks it as log event.
[Quidway] rmon event 10 log
6.1.9 rmon history

Syntax
rmon history entry-number buckets number interval interval [ owner text ]
undo rmon history entry-number
View
Ethernet port view
Parameter
buckets number: Capacity of the history table corresponding to the control line.
interval: Sampling interval, ranging from 5 to 3600 (measured in seconds).
text: Creator of the line. Length of the character string ranges from 1 to127.
Description
Using rmon history command, you can add an entry to the history control table. Using
undo rmon history command, you can cancel an entry from history control table.
Perform this command to sample, set sample parameter (sample time interval) and
storage amounts for a port. RMON will periodically perform data collection and save for
query on this port. Sample information includes utility, error number and total packet
number.

6-10

Example
# Delete the entry 15 from the history control table.
[Quidway-Ethernet2/0/1] undo rmon history 15
6.1.10 rmon prialarm

Syntax
rmon prialarm entry-number variable-formula description interval { delta | absolute |
changeratio } rising-threshold threshold-value1 event-entry1 falling-threshold
threshold-value2 event-entry2 entrytype { forever | cycle cycle-period } [ owner text ]
undo rmon prialarm entry-number
View
System view
Parameter
entry-number: Specifies the entry number, ranging from 1 to 65535.
variable-formula: Specifies the alarm variable, which can be an arithmetic expression of
several integer MIB node instances. The node can be OID in dotted notation.
description: Specifies the alarm description with a length ranging from 1 to 256.
interval: Sets the sampling interval, ranging from 10 to 65535 and measured in
seconds.
delta | absolute | changeratio: Specifies the sampling type as delta ratio, absolute
ratio or change ratio.
threshold-value1: Rising threshold value, specified with a number ranging from 0 to
4294967295.
event-entry1: Corresponding event number to the upper limit threshold value, ranging
from 0 to 65535.
threshold-value2: Falling threshold value, specified with a number ranging from 0 to
4294967295.
event-entry2: Event number corresponding to the falling threshold, ranging from 0 to
65535.
forever | cycle: Specifies the type of the alarm instance line.
cycle-period specifies the functional cycle of the instance.
text: Specifies the creator of the line. Length of the character string ranges from 1 to
127.

6-11

Description
Using rmon prialarm command, you can add an entry to the extended RMON alarm
table. Using undo rmon prialarm command, you can cancel an entry from the
extended RMON alarm table.
The number of instances can be created in the table depends on the hardware
resource of the product.
Example
# Delete line 10 from the extended RMON alarm table.
[Quidway] undo rmon prialarm 10
6.1.11 rmon statistics

Syntax
rmon statistics entry-number [ owner text ]
undo rmon statistics entry-number
View
Ethernet port view
Parameter
owner text: Creator of the entry. Length of the character string ranges from 1 to127.
Description
Using rmon statistics command, you can add an entry to the statistic table. Using
undo rmon statistics command, you can cancel an entry from statistic table.
RMON statistic management concerns the statistics and monitoring of the usage and
error on a port. Statistics includes collision, undersized or oversized packet, timeout,
fragment, broadcast, multicast, unicast, and bandwidth utility.
Example
# Add statistics of Ethernet2/0/1 to the entry 20.
[Quidway-Ethernet2/0/1] rmon statistic 20

6-12

Chapter 7 NTP Configuration Commands

7.1 NTP Configuration Commands
7.1.1 debugging ntp-service
Syntax
debugging ntp-service { access | adjustment | authentication | event | filter |
packet | parameter | refclock | selection | synchronization | validity | all }
undo debugging ntp-service { access | adjustment | authentication | event | filter |
packet | parameter | refclock | selection | synchronization | validity | all }
View
User view
Parameter
access: NTP access control debugging.
adjustment: NTP clock adjustment debugging.
all: All NTP debugging functions.
authentication: NTP authentication debugging.
event: NTP event debugging.
filter: NTP filter information debugging.
packet: NTP packet debugging.
parameter: NTP clock parameter debugging.
refclock: NTP reference clock debugging.
selection: NTP clock selection information debugging.
synchronization: NTP clock synchronization information debugging.
validity: NTP remote host validity debugging.
Description
Using debugging ntp-service command, you can debug different NTP services. Using
undo debugging ntp-service command, you can disable corresponding debugging
function.
By default, no debugging function is enabled.

7-1

Example
# Enable NTP access control debugging.
<Quidway> debugging ntp-service access
7.1.2 display ntp-service sessions

Syntax
display ntp-service sessions [ verbose ]
View
Any view
Parameter
verbose: Indicate to display the detail information about the sessions.
Description
Using display ntp-service sessions command, you can display the status of all the
sessions maintained by NTP service provided by the local equipment.
When you configure this command without the verbose parameter, the Ethernet switch
will display the brief information about all the sessions it maintains.
With the verbose parameter configured, Ethernet switch will display the detail
information about all the sessions it maintains.
Note:
All the NTP operating modes create sessions except the NTP Server Mode after the
relevant configuration.
Example
<Quidway> display ntp-service sessions
source
refid
st
now
poll reach
delay offset
disp
********************************************************************
[12345]212.125.95.4
131.188.3.221
18
64 377
339.8
10.8
0.9
note: 1 source(master),2 source(peer),3 selected,4 candidate,5 configured
7.1.3 display ntp-service status

Syntax
display ntp-service status
7-2

View
Any view
Parameter
None
Description
Using command display ntp-service status, you can display the NTP service status.
Example
<Quidway> display ntp-service status
clock status: unsynchronized
clock stratum: 16
reference clock ID: none
nominal frequency: 100.0000 Hz
actual frequency: 100.0000 Hz
clock precision: 2^17
clock offset: 0.0000 ms
root delay: 0.00 ms
root dispersion: 0.00 ms
peer dispersion: 0.00 ms
reference time: 00:00:00.000 UTC Jan 1 1900(00000000.00000000)
The following table describes the outputs:

Table 7-1 NTP service status information
Output
Meaning
clock
status:
unsynchronized
Local clock status: do not synchronize to any remote NTP

server.
clock stratum: 16
Indicates the NTP stratum of local clock.
reference clock ID
Indicates the address of a remote server of the reference ID, in

the case that the local system has been synchronized by a
remote NTP server or the ID of some clock source.
nominal frequency
Nominal frequency of the local system hardware clock
actual frequency
Actual frequency of the local system hardware clock.
clock precision
Precision of local system clock
clock offset
Offset of the local clock to the NTP server clock
root delay
Root delay from local equipment to the master reference clock.
root dispersion
Dispersion of the local clock relative to the NTP server clock
peer dispersion
Dispersion of the remote NTP server.

7-3

Output
reference time
Meaning
Reference timestamp
7.1.4 display ntp-service trace

Syntax
display ntp-service trace
View
Any view
Parameter
None
Description
Using display ntp-service trace command, you can display the brief information about
every NTP server on the way from the local equipment to the reference clock source.
Example
<Quidway> display ntp-service trace
server 127.0.0.1,stratum 8, offset 0.000000, synch distance 0.00000
refid 127.127.1.0
7.1.5 ntp-service access

Syntax
ntp-service access { query | synchronization | server | peer } acl-number
undo ntp-service access { query | synchronization | server | peer }
View
System view
Parameter
query: Allow to control query authority.
synchronization: Only allow the server to access.
server: Allow query to server and access.
peer: Full access authority.
acl-number: The IP address list number, ranging from 2000 to 2999.

7-4

Description
Using ntp-service access command, you can set the authority to access the local
equipment. Using undo ntp-service access command, you can cancel the access
authority settings.
By default, there is no limit to the access.
Set authority to access the NTP services on a local Ethernet Switch. This is a basic and
brief security measure, compared to authentication. An access request will be matched
with peer, server, server only, and query only in an ascending order of the limitation.
The first matched authority will be given.
Example
# Give the authority of time request, query control and synchronization with the local
equipment to the peer in ACL 2076.
[Quidway] ntp-service access peer 2076
# Give the authority of time request and query control of the local equipment to the peer
in ACL 2028.
[Quidway] ntp-service access synchronization 2028
7.1.6 ntp-service authentication enable

Syntax
ntp-service authentication enable
undo ntp-service authentication enable
View
System view
Parameter
None
Description
Using ntp-service authentication enable command, you can enable the NTP-service
authentication function. Using undo ntp-service authentication enable command,
you can disable this function.
By default, the authentication is disabled.
Example
# Enable NTP authentication function.
[Quidway] ntp-service authentication enable

7-5

7.1.7 ntp-service authentication-keyid

Syntax
ntp-service authentication-keyid number authentication-mode md5 value
undo ntp-service authentication-keyid number
View
System view
Parameter
number: Specify the key number and range from 1 to 4294967295.
value: Specify the value of the key with 1 to 32 ASCII characters.
Description
Using ntp-service authentication-keyid command, you can set NTP authentication
key. Using undo ntp-service authentication-keyid command, you can cancel the
NTP authentication key.
By default, there is no authentication key.
Only MD5 authentication is supported for the NTP authentication key settings.
Example
# Set MD5 authentication key 10 as BetterKey.
[Quidway] ntp-service authentication-keyid 10 authentication-mode md5 BetterKey
7.1.8 ntp-service broadcast-client

Syntax
ntp-service broadcast-client
undo ntp-service broadcast-client
View
VLAN interface view
Parameter
None
Description
Using ntp-service broadcast-client command, you can configure NTP broadcast
client mode. Using undo ntp-service broadcast-client command, you can disable the
NTP broadcast client mode.

7-6

By default, the NTP broadcast client mode is disabled.

Designate an interface on the local Ethernet Switch to receive NTP broadcast
messages and operate in broadcast client mode. The local Ethernet Switch listens to
the broadcast from the server. When it receives the first broadcast packet, it starts a
brief client/server mode to switch messages with a remote server for estimating the
network delay. Thereafter, the local Ethernet Switch enters broadcast client mode and
continues listening to the broadcast and synchronizes the local clock according to the
arrived broadcast message.
Example
# Configure to receive NTP broadcast packets via Vlan-Interface1.
[Quidway] interface vlan-interface1
[Quidway-Vlan-Interface1] ntp-service broadcast-client
7.1.9 ntp-service broadcast-server

Syntax
ntp-service broadcast-server [ authentication-keyid keyid version number ]
undo ntp-service broadcast-server
View
VLAN interface view
Parameter
authentication-keyid: Specify the authentication key.
keyid: Key ID used in broadcast, ranging from 0 to 4294967295.
version: Define NTP version number.
number: NTP version number, ranging from 1 to 3.
Description
Using ntp-service broadcast-server command, you can configure NTP broadcast
server mode. Using undo ntp-service broadcast-server command, you can disable
the NTP broadcast server mode.
By default, the broadcast service is disabled and number defaults to 3.
Designate an interface on the local equipment to broadcast NTP packets. The local
equipment runs in broadcast-server mode and regularly broadcasts packets to its
clients.

7-7

Example
# Configure to broadcast NTP packets via Vlan-Interface1 and encrypt them with Key 4
and set the NTP version number as 3.
[Quidway-Vlan-Interface1] ntp-service broadcast-server authentication-key 4 version 3
7.1.10 ntp-service disable

Syntax
ntp-service disable
undo ntp-service disable
View
System view
Parameter
None
Description
Using ntp-service disable command, you can disable the NTP service function
globally. Using undo ntp-service disable command, you can enable this function
globally.
By default, the NTP service is enabled.
Example
# Disable NTP service function.
[Quidway] ntp-service disable
7.1.11 ntp-service in-interface disable

Syntax
ntp-service in-interface disable
undo ntp-service in-interface disable
View
VLAN interface view
Parameter
None

7-8

Description
Using ntp-service in-interface disable command, you can disable an interface to
receive NTP message. Using undo ntp-service in-interface disable command, you
can enable an interface to receive NTP message.
By default, an interface is enabled to receive NTP message.
Example
# Disable Vlan-Interface1 to receive NTP message.
[Quidway-Vlan-Interface1] ntp-service in-interface disable
7.1.12 ntp-service max-dynamic-sessions

Syntax
ntp-service max-dynamic-sessions number
undo ntp-service max-dynamic-sessions
View
System view
Parameter
number: The maximum dynamic sessions can be created locally, ranging from 0 to 100.
Description
Using ntp-service max-dynamic-sessions command, you can set how many
dynamic
sessions
can
be
created
locally.
Using
undo
ntp-service
max-dynamic-sessions command, you can resume the default maximum dynamic

session number.
By default, a local device allows up to 100 sessions.
Note:
Only the sessions created by NTP peer mode, NTP broadcast client mode and NTP
multicast client mode are dynamic sessions. Other sessions are static sessions.
Example
# Set the local equipment to allow up to 50 sessions.
[Quidway] ntp-service max-dynamic-sessions 50
7-9

7.1.13 ntp-service multicast-client

Syntax
ntp-service multicast-client [ ip-address ]
undo ntp-service multicast-client [ ip-address ]
View
VLAN interface view
Parameter
ip-address: Specify an multicast IP address of Class D.
Description
Using ntp-service multicast-client command, you can configure the NTP multicast
client mode. Using undo ntp-service multicast-client command, you can disable the
NTP multicast client mode.
By default, the multicast client service is disabled. ip-address defaults to 224.0.1.1.
Designate an interface on the local Ethernet Switch to receive NTP multicast messages
and operate in multicast client mode. The local Ethernet Switch listens to the multicast
from the server. When it receives the first multicast packet, it starts a brief client/server
mode to switch messages with a remote server for estimating the network delay.
Thereafter, the local Ethernet Switch enters multicast client mode and continues
listening to the multicast and synchronizes the local clock according to the arrived
multicast message.
Example
# Configure to receive NTP multicast packet via Vlan-Interface1 and the multicast
group corresponding to these packets located at 224.0.1.1.
[Quidway-Vlan-Interface1] ntp-service multicast-client 224.0.1.1
7.1.14 ntp-service multicast-server

Syntax
ntp-service multicast-server [ ip-address ] [ authentication-keyid keyid ] [ ttl
ttl-number ] [ version number ]
undo ntp-service multicast-server [ ip-address ]
View
VLAN interface view

7-10

Parameter
ip-address: Specify a multicast IP address of Class D and default to 224.0.1.1.
authentication-keyid: Specify authentication key.
keyid: Key ID used in multicast, ranging from 0 to 4294967295.
ttl: Define the time to live of a multicast packet.
ttl-number: Specify the ttl of a multicast packet and range from 1 to 255.
number: Specify NTP version number and range from 1 to 3.
Description
Using ntp-service multicast-server command, you can configure NTP multicast
server mode, if no IP address is specified, switch automatically choice the 224.0.1.1 as
the multicast IP address. Using undo ntp-service multicast-server command, you
can disable NTP multicast server mode, if no IP address is specified, the switch will
disable the configuration of the multicast IP address 224.0.1.1.
By default, the multicast service is disabled. IP address defaults to 224.0.1.1 and the
version number defaults to 3.
Designate an interface on the local equipment to transmit NTP multicast packet. The
local equipment operates in multicast-server mode and multicasts packets regularly to
its clients.
Example
# Configure to transmit NTP multicast packets encrypted with Key 4 via Vlan-Interface1
at 224.0.1.1 and use NTP version 3.
[Quidway-Vlan-Interface1] ntp-service multicast-server 224.0.1.1 authentication-keyid
4 version 3
7.1.15 ntp-service refclock-master

Syntax
ntp-service refclock-master [ ip-address ] [ stratum ]
undo ntp-service refclock-master [ ip-address ]
View
System view

7-11

Parameter
ip-address: Specify the reference clock IP address as 127.127.t.u. Here, t ranges from
0 to 37 and u ranges from 0 to 3.
stratum: Specify which stratum the local clock is located at and range from 1 to 15.
Description
Using ntp-service refclock-master command, you can configure an external
reference clock or the local clock as an NTP master clock. Using undo ntp-service
refclock-master command, you can cancel the NTP master clock settings.
By default, ip-address is not specified and stratum defaults to 1.
You can use this command to designate an NTP external reference clock or the local
clock as an NTP master clock to provide synchronized time for other equipment.
ip-address specifies the IP address of an external clock as 127.127.t.u. If no IP address
is specified, the local clock is set as the NTP master clock by default. You can also
specify the stratum of the NTP master clock.
Example
# Set the local clock as the NTP master clock to provide synchronized time for its peers
and locate it at stratum 3.
[Quidway] ntp-service refclock-master 3
7.1.16 ntp-service reliable authentication-keyid

Syntax
ntp-service reliable authentication-keyid number
undo ntp-service reliable authentication-keyid number
View
System view
Parameter
number: Specify the key number, ranging from 1 to 4294967295.
Description
Using ntp-service reliable authentication-keyid command, you can configure the
key as reliable. Using undo ntp-service reliable authentication-keyid command,
you can cancel the current setting.
By default, no key is configured as reliable.

7-12

When you enable the authentication, you can use this command to configure one or
more than one keys as reliable. In this case, a client will only get synchronized by a
server whichever can provide a reliable key.
Example
# Enable NTP authentication, adopt MD5 encryption, and designate Key 37 BetterKey
and configure it as reliable.
[Quidway] ntp-service authentication enable
[Quidway] ntp-service authentication-keyid 37 authentication-mode md5 BetterKey
[Quidway] ntp-service reliable authentication-keyid 37
7.1.17 ntp-service source-interface

Syntax
ntp-service source-interface { interface-name | interface-type interface-number }
undo ntp-service source-interface
View
System view
Parameter
interface-name: Specify an interface. The source IP address of the packets will be
taken from the address of the interface.
interface-type: Specify the interface type and determine an interface with the
interface-number parameter.
interface-number: Specify the interface number and determine an interface with the
interface-type parameter.
Description
Using ntp-service source-interface command, you can designate an interface to
transmit NTP message. Using undo ntp-service source-interface command, you can
cancel the current setting.
The source address specifies where the packets are transmitted from.
You can use this command to designate an interface to transmit all the NTP packets
and take the source address of these packets from its IP address. If you do not want
any other interface to receive the acknowledgement packets, use this command to
specify one interface to send all the NTP packets.

7-13

Example
# Configure all the outgoing NTP packets to use the IP address of Vlan-Interface1 as
their source IP address.
[Quidway] ntp-service source-interface Vlan-Interface 1
7.1.18 ntp-service unicast-peer

Syntax
ntp-service unicast-peer ip-address [ version number ] [ authentication-key keyid ]
[ source-interface { interface-name | interface-type interface-number } ] [ priority ]
undo ntp-service unicast-peer ip-address
View
System view
Parameter
ip-address: Specify the IP address of a remote server.
authentication-keyid: Define authentication key.
keyid: Key ID used for transmitting messages to a remote server, ranging from 0 to
4294967295.
source-interface: Specify the name of an interface.
interface-name: Specify the interface name. When a local device sends an NTP
message to a peer, the source IP address of the message is taken from the address of
the interface.
interface-type: Specify the interface type and determine an interface together with the
interface-number: Specify the interface number and determine an interface together
with the interface-type parameter.
priority: Designate a server as the first choice.
Description
Using ntp-service unicast-peer command, you can configure NTP peer mode. Using
undo ntp-service unicast-peer command, you can cancel NTP peer mode.
By default, version number number defaults to 3, the authentication is disabled, and the
local server is not the first choice.

7-14

This command sets the remote server at ip-address as a peer of the local equipment,
which operates in symmetric active mode. ip-address specifies a host address other
than an IP address of broadcast, multicast, or reference clock. By operating in this
mode, a local device can synchronize and be synchronized by a remote server.
Example
# Configure the local equipment to synchronize or synchronized by a peer at
128.108.22.44. Set the NTP version to 3. The IP address of the NTP packets are taken
from that of Vlan-Interface1.
[Quidway] ntp-service unicast-peer 131.108.22.33 version 3 source-interface
Vlan-Interface 1
7.1.19 ntp-service unicast-server

Syntax
ntp-service unicast-server ip-address [ version number ] [ authentication-keyid
keyid ] [ source-interface { interface-name | interface-type interface-number } ]
[ priority ]
undo ntp-service unicast-server ip-address
View
System view
Parameter
ip-address: Specify the IP address of a remote server.
authentication-keyid: Define authentication key.
keyid: Key ID used for transmitting messages to a remote server, ranging from 0 to
4294967295.
source-interface: Specify the name of an interface.
interface-name: Specify the interface name. When a local device sends an NTP
message to a peer, the source IP address of the message is taken from the address of
the interface.
interface-type: Specify the interface type and determine an interface together with the
interface-number: Specify the interface number and determine an interface together
with the interface-type parameter.
priority: Designate a server as the first choice.

7-15

Description
Using ntp-service unicast-server command, you can configure NTP server mode.
Using undo ntp-service unicast-server command, you can disable NTP server
mode.
By default, version number number defaults to 3, the authentication is disabled, and the
local server is not the first choice.
The command announces to use the remote server at ip-address as the local time
server. ip-address specifies a host address other than an IP address of broadcast,
multicast, or reference clock. By operating in client mode, a local device can be
synchronized by a remote server, but not synchronize any remote server.
Example
# Designate the server at 128.108.22.44 to synchronize the local device and use NTP
version 3.
[Quidway] ntp-service unicast-server 128.108.22.44 version 3

7-16

Chapter 8 SSH Configuration Commands

8.1 SSH Configuration Commands
8.1.1 debugging ssh server
Command
debugging ssh server { all | vty index }
undo debugging ssh server { all | vty index }
View
User view
Parameter
all: All SSH channels
index: Debugged SSH channels. Optional values depend on the VTY number and they
are 0~4.
Description
Using the debugging ssh server command, you can send the negotiation process
defined in SSH1.5 protocol to the information center as debugging information and
debug a single user interface. Using the undo debugging ssh server command, you
can disable debugging function.
By default, debugging function is disabled.
For the related commands, see ssh server authentication-retries, ssh server
rekey-interval, ssh server timeout.
Example
# Print debugging information in running SSH
<Quidway> debugging ssh server vty 0
00:23:20: SSH0: starting SSH control process
00:23:20: SSH0: sent protocol version id SSH-1.5-Quidway-1.25
00:23:20: SSH0: protocol version id is - SSH-1.5-1.2.26
00:23:20: SSH0: SSH_SMSG_PUBLIC_KEY msg
00:23:21: SSH0: SSH_CMSG_SESSION_KEY msg - length 112, type 0x03
00:23:21: SSH: RSA decrypt started
00:23:21: SSH: RSA decrypt finished
00:23:21: SSH: RSA decrypt started

8-1

00:23:21: SSH: RSA decrypt finished
8.1.2 display rsa local-key-pair public

Command
display rsa local-key-pair public
View
Any view
Parameter
None
Description
Using the display rsa local-key-pair public command, you can display local key pair
and public key of the server. If no key is generated, corresponding information will be
prompted, for example, RSA keys not found.
For the related command, see rsa local-key-pair create.
Example
# Display local key pair and public key of the server
<Quidway> display rsa local-key-pair public
% Key pair was generated at: 12:26:33 UTC 2002/4/4
Key name: rtvrp_Host
Usage: Encryption Key
Key Data:
30470240 AF7DB1D0 DA78944F 53B7B59B 40D425D0 DC9C57D2 A60916C2 1F165807
08B84DDB 5F4DB8E7 A115B74E 2D41D96C AC61D276 AA027E41 DD48DE64 696E0934
EB872805 02030100 01
% Key pair was generated at: 12:26:45 UTC 2002/4/4
Key name: rtvrp_Server
Usage: Encryption Key
Key Data:
30670260 C05280D9 BA0D56C8 7BE43379 8634CDE7 83ABA9A2 3F36280E 25995487
4FF6AD7A 0E57871C 761E6D92 9914D8C5 CC577388 5B580B94 C2172C8F 36039EED
160A0478 651DED3A 9CCF1AAD D800AAF2 DF7FBEC4 A13ADA59 9E738319 AF366B8B
519D39F5 02030100 01
8.1.3 display rsa peer-public-key

Command
display rsa peer-public-key [ brief | name keyname ]
8-2

View
Any view
Parameter
brief: Displays brief information of the remote public key.
keyname: Specifies key name, a string including 0~32 characters.
Description
Using the display rsa peer-public-key command, you can display a designated RSA
public key. All public keys will be displayed if no key is specified.
For the related command, see rsa local-key-pair create.
Example
# Display a designated RSA public key
<Quidway> display rsa peer-public-key
Address
Bits
Name
1023
abcd
1024
hq
1024
wn1
1024
hq_all
<Quidway> display rsa peer-public-key name abcd

Key name:abcd
Key address:
Data:
30818602 8180739A 291ABDA7 04F5D93D C8FDF84C 42746319 91C164B0 DF178C55
FA833591 C7D47D53 81D09CE8 2913D7ED F9C08511 D83CA4ED 2B30B809 808EB0D1
F52D045D E40861B7 4A0E1355 23CCD74C AC61F8E5 8C452B2F 3F2DA0DC C48E3306
367FE187 BDD94401 8B3B69F3 CBB0A573 202C16BB 2FC1ACF3 EC8F828D 55A36F1C
DDC4BB45 504F0201 25
8.1.4 display ssh server

Command
display ssh server { session | status }
View
Any view
Parameter
session: Displays SSH sessions.
status: Displays SSH state information.
8-3

Description
Using the display ssh server command, you can display SSH state or session
information.
For the related commands, see ssh server authentication-retries, ssh server
rekey-interval, ssh server timeout.
Example
# Display SSH state and configuration parameters.
<Quidway> display ssh server status
SSH version : 1.5
SSH connection timeout : 60 seconds
SSH server key generating interval : 1 hours
SSH Authentication retries : 3 times
# Display SSH sessions.

<Quidway> display ssh server session
Connection
Version Encryption
State
Username
VTY0
1.5
DES
Session started Quidway
VTY3
1.5
DES
Session started switch
8.1.5 display ssh user-information

Command
display ssh user-information [ username ]
View
Any view
Parameter
username: Valid SSH user named defined by AAA
Description
Using the display ssh user-information command, you can display information of the
user, including username, corresponding key, authentication type. If a username is
specified, the system just gives its information.
For the related commands, see ssh user username assign rsa-key, ssh user
username authentication-type.
Example
# Display SSH user information.
<Quidway> display ssh user-information

8-4

Username
authentication-type
Jin
rsa
user-public-key-name
jin
hanqi1
password
816pub
8.1.6 peer-public-key end

Command
peer-public-key end
View
Public key view
Parameter
None
Description
Using the peer-public-key end command, you can finish editing peer public key and
quit from public key view to system view.
For the related commands, see rsa peer-public-key, public-key-code end.
Example
# Quit public key view.
[Quidway] rsa peer-public-key quidway003
[Quidway-rsa-public-key] peer-public-key end
[Quidway]
8.1.7 protocol inbound

Command
protocol inbound { all | ssh | telnet }
View
VTY user interface view
Parameter
all: Supports both Telnet and SSH protocols.
ssh: Supports only SSH protocol.
telnet: Supports only Telnet protocol.

8-5

Description
Using the protocol inbound command, you can configure the protocols supported by
a designated user interface.
By default, the system supports both Telnet and SSH protocols.
If SSH protocol is enabled and specified for the user interface, but no local RSA key is
configured, SSH cannot take effect yet till you log onto the system next time.
If SSH protocol is specified, to ensure a successful logon, you must configure the AAA
authentication using the authentication-mode scheme command. The protocol
inbound ssh configuration fails if you configure authentication-mode password and
authentication-mode none.
For the related commands, see user-interface vty.
Example
# Disable Telnet on vty0 through vty4, only SSH available.
[Quidway-ui-vty0-4] protocol inbound ssh
# Disable Telnet on vty0, only SSH available.

[Quidway] user-interface vty 0
[Quidway-ui-vty0] protocol inbound ssh
8.1.8 public-key-code begin

Command
public-key-code begin
View
Public key edit view
Parameter
None
Description
Using the public-key-code begin command, you can enter public key edit view.
Before using this command, you have to create a public key with the rsa
peer-public-key command. In the public key edit view, you can key in desired public

8-6

key, which consists of hexadecimal characters, with blank space allowed between them,
and is generated randomly by the client program supporting SSH.
For the related commands, see rsa peer-public-key, public-key-code end.
Example
# Enter public key view and key in public key.
[Quidway-rsa-public-key] public-key-code begin
[Quidway-rsa-key-code] 308186028180739A291ABDA704F5D93DC8FDF84C427463
[Quidway-rsa-key-code] 1991C164B0DF178C55FA833591C7D47D5381D09CE82913
[Quidway-rsa-key-code] D7EDF9C08511D83CA4ED2B30B809808EB0D1F52D045DE4
[Quidway-rsa-key-code] 0861B74A0E135523CCD74CAC61F8E58C452B2F3F2DA0DC
[Quidway-rsa-key-code] C48E3306367FE187BDD944018B3B69F3CBB0A573202C16
[Quidway-rsa-key-code] BB2FC1ACF3EC8F828D55A36F1CDDC4BB45504F020125
[Quidway-rsa-key-code] public-key-code end
8.1.9 public-key-code end

Command
public-key-code end
View
Public key edit view
Parameter
None
Description
Using the public-key-code end command, you can save the configured public key and
return to the public key view from the public key edit view.
This command terminates the edit process of public key and checks its validity before
saving. If the public key contains invalid characters or violates coding rules,
corresponding information will be prompted and the current configuration fails. If you
have configured valid public key, the system will store it into the public key table.
For the related commands, see rsa peer-public-key, public-key-code begin.
Example
# Exit the public key edit view and save the configuration.

8-7


[Quidway-rsa-public-key] public-key-code begin
[Quidway-rsa-key-code] public-key-code end
[Quidway-rsa-public-key]
8.1.10 rsa local-key-pair create

Command
rsa local-key-pair create
View
System view
Parameter
None
Description
Using the rsa local-key-pair create command, you can create local RSA host key pair
and server key pair.
If you have configured RSA key, the system gives an alarm after using this command
and prompts that the existing one will be replaced. The key naming format is switch
name plus server and switch name plus host, for example, Quidway_host and
Quidway_server. The configuration result of this command will not be stored in the
configuration file.
The system prompts you to key in bit range, for which, the server key pair must be at
least 128 bits longer than the host key pair. The maximum bit range of both key pairs is
2048 bits and the minimum is 512. If there have been key pairs, the system will prompts
you to decide whether to modify them.
For a successful SSH logon, you must configure and generate the local RSA key pairs.
To generate local key pairs, you just need to execute the command once, with no
further action required even after the system is rebooted.
For the related command, see rsa local-key-pair destroy.
Example
# Create local host key pair and server key pair.
[Quidway] rsa local-key-pair create
The key name will be: Quidway_Host
% You already have RSA keys defined for Quidway_Host

8-8

% Do you really want to replace them? [yes/no]:y

Choose the size of the key modulus in the range of 512 to 2048 for your Keys.
NOTES: If the key modulus is greater than 512,
It will take a few minutes.
How many bits in the modulus [512]:512
Generating keys...
.....++++++++++++
........................++++++++++++
..........++++++++
............................++++++++
[Quidway]
8.1.11 rsa local-key-pair destroy

Command
rsa local-key-pair destroy
View
System view
Parameter
None
Description
Using the rsa local-key-pair destroy command, you can remove all RSA key pairs at
the server, including Host key pair and Server key pair.
Acknowledgement information will be promoted before the system clears all RSA key
pairs. This command is just a one-time instruction, so the result will not be stored in the
configuration file.
For the related commands, see rsa local-key-pair create.
Example
# Remove all key pairs at the server.
[Quidway] rsa local-key-pair destroy
% The name for the keys which will be destroyed is Quidway_Host .
% Confirm to destroy these keys? [yes/no]:y
[Quidway]

8-9

8.1.12 rsa peer-public-key

Command
rsa peer-public-key key-name
View
System view
Parameter
key-name: Public key name
Description
Using the rsa peer-public-key command, you can enter the public key view.
When using this command together with the public-key-code begin command, you
can configure the public key at the client, which is generated randomly by the client
program supporting SSH1.5.
For the related commands, see public-key-code begin, public-key-code end.
Example
# Enter the public key view.
[Quidway-rsa-public]
8.1.13 ssh server authentication-retries

Command
ssh server authentication-retries times
undo ssh server authentication-retries
View
System view
Parameter
times: Specifies authentication retry times, in the range of 1~5.
Description
Using the ssh server authentication-retries command, you can define SSH
authentication retry times value, which takes effect at next logon. Using the undo ssh
server authentication-retries command, you can restore the default retry value.
8-10

By default, it is 3.
For the related command, see display ssh server.
Example
# Define the authentication retry times value as 4.
[Quidway] ssh server authentication-retries 4
8.1.14 ssh server rekey-interval

Command
ssh server rekey-interval hours
undo ssh server rekey-interval
View
System view
Parameter
hours: Defines key update interval, in the range of 1~24 hours.
Description
Using the ssh server rekey-interval command, you can define update interval of
server key pair. Using the undo ssh server rekey-interval command, you can cancel
the current setting.
By default, system doesnt update the server key.
For the related commands, see display ssh server.
Example
# Define update interval of server key pair as 3 hours.
[Quidway] ssh server rekey-interval 3
8.1.15 ssh server timeout

Command
ssh server timeout seconds
undo ssh server timeout

8-11

View
System view
Parameter
seconds: Defines registration timeout value, in the range of 1~120 seconds.
Description
Using the ssh server timeout command, you can define timeout value for SSH
registration authentication, which takes effect at next logon. Using the undo ssh
server timeout command, you can restore the default value.
By default, the timeout value is 60 seconds.
For the related commands, see display ssh server.
Example
# Define the registration timeout value as 80 seconds.
[Quidway] ssh server timeout 80
8.1.16 ssh user assign rsa-key

Command
ssh user username assign rsa-key keyname
undo ssh user username assign rsa-key
View
System view
Parameter
keyname: Configures client public key, consisting of 1~32 characters.
username: Valid local user name or user name defined by remote RADIUS system.
Description
Using the ssh user username assign rsa-key command, you can associate an
existing public key with a designated user. Using the undo ssh user username
assign rsa-key command, you can delete the association.
For a user who has been associated with a public key, the command associates
him/her with the new public key.
The newly configured users take effect at the next logon.
For the related command, see display ssh user-information.
8-12

Example
# Associate the key 1 with the zhangsan.
[Quidway] ssh user zhangsan assign rsa-key key1
8.1.17 ssh user username authentication-type

Command
ssh user username authentication-type { all | password | rsa }
undo ssh user username authentication-type
View
System view
Parameter
username: Valid local user name or user name defined by remote RADIUS system.
all: Specifies authentication type as password and RSA.
password: Specifies authentication type as password.
rsa: Specifies authentication type as RSA.
Description
Using the ssh user username authentication-type command, you can define
authentication type for a designated user. Using the undo ssh user username
authentication-type command, you can restore the default mode in which logon fails.
By default, user cant logon the switch through SSH or TELNET, so you have to specify
authentication type for a new user. The new configuration takes effects at the next
logon.
For the related commands, see display ssh user-information.
Example
# Specify zhangsans authentication type as password.
[Quidway] ssh user zhangsan authentication-type password

8-13
HUAWEI

Command Manual
PoE
Command Manual - PoE

Table of Contents
Table of Contents
Chapter 1 PoE Configuration Commands .................................................................................. 1-1
1.1 PoE Configuration Commands .......................................................................................... 1-1
1.1.1 display poe interface ............................................................................................... 1-1
1.1.2 display poe interface power .................................................................................... 1-3
1.1.3 display poe powersupply......................................................................................... 1-5
1.1.4 display poe pse ....................................................................................................... 1-6
1.1.5 poe enable............................................................................................................... 1-7
1.1.6 poe enable slot ........................................................................................................ 1-7
1.1.7 poe legacy enable slot ............................................................................................ 1-8
1.1.8 poe max-power........................................................................................................ 1-9
1.1.9 poe max-power slot............................................................................................... 1-10
1.1.10 poe mode ............................................................................................................ 1-11
1.1.11 poe power max-value.......................................................................................... 1-12
1.1.12 poe power-management ..................................................................................... 1-12
1.1.13 poe priority........................................................................................................... 1-13
Chapter 2 PoE PSU Supervision Configuration Commands .................................................... 2-1
2.1 PoE PSU Supervision Display Commands ....................................................................... 2-1
2.1.1 display poe-power ac-input state ............................................................................ 2-1
2.1.2 display poe-power alarm ......................................................................................... 2-2
2.1.3 display poe-power dc-output state .......................................................................... 2-3
2.1.4 display poe-power dc-output value ......................................................................... 2-4
2.1.5 display poe-power switch state ............................................................................... 2-4
2.1.6 display supervision-module information.................................................................. 2-5
2.2 PoE PSU Supervision Configuration Commands.............................................................. 2-6
2.2.1 poe-power input-thresh lower.................................................................................. 2-6
2.2.2 poe-power input-thresh upper ................................................................................. 2-7
2.2.3 poe-power output-thresh lower ............................................................................... 2-8
2.2.4 poe-power output-thresh upper............................................................................... 2-8

i

Chapter 1 PoE Configuration Commands

1.1 PoE Configuration Commands
1.1.1 display poe interface
Syntax
display poe interface { interface-name | interface-type interface-num | all }
View
Any view
Parameter
interface-name | interface-type interface-num: Port on the switch; refer to Command
Manual Port for details.
all: Display the PoE status about all ports on the switch.
Description
Using the display poe interface command, you can view the PoE status of a specific
or all ports on the switch.
Example
# Display the PoE status of the Ethernet port Ethernet3/0/1.
<Quidway> display poe interface ethernet3/0/1
Port power status
:searching
Port power mode
:signal
Port PD class
:0
port power priority
:low
Port max power
:0 mW
Port current power
:0 mW
Port average power
:0 mW
Port peak power
:0 mW
Port current
:0 mA
Port voltage
:0.0 V

1-1

Table 1-1 Output description of the display poe interface command

Field
Description
PoE status of the port:
Port power status
1)
2)
3)
4)
5)
6)
disabled: PoE is disabled on the port

searching: The port is searching for a PD
delivering: The port is supplying power to the PD
PD disconnected: The port is not connected with a
PD
testing: In test
fault: A nonstandard or fault PD is detected
PoE mode of the port:

Port power mode
1)
2)
Port PD class
Power class of the port
signal
spare
Port priority:
Port power priority
1)
2)
3)
critical
high
low
Port max power
Maximum power on the port
Port current power
Present power on the port
Port Average power
Average power on the port
Port peak power
Peak power on the port
Port current
Present current on the port
Port voltage
Present voltage on the port
# Display the PoE status of all ports.

<Quidway> display poe interface all
Interface Ethernet3/0/1 power status: delivering
Interface Ethernet3/0/2 power status: PD searching

1-2


Interface Ethernet3/0/17 power status: delivering
1.1.2 display poe interface power

Syntax
display poe interface power { interface-name | interface-type interface-num | all }

1-3

View
Any view
Parameter
interface-name | interface-type interface-num: Port on the switch; refer to Command
Manual Port for details.
all: Display the power of all ports on the switch.
Description
Using the display poe interface power command, you can view the power information
of a specific or all ports on the switch.
Example
# Display the power information of port Ethernet3/0/1.
<Quidway> display poe interface power ethernet3/0/1
Port power
:700 mW
# Display the power information of all ports.

<Quidway> display poe interface power all
Interface Ethernet3/0/1 current power : 700 mw

1-4


1.1.3 display poe powersupply

Syntax
display poe powersupply
View
Any view
Parameter
None
Description
Using the display poe powersupply command, you can view the parameters of PoE
external power unit.

1-5

Example
# Display the parameters of the external power unit.
<Quidway> display poe powersupply
Power model
:Spring Pms
Power manufacturer
:Tyco Electronics Com
Power Nominal Value
:2400 W
Power Peak Value
:0 W
Power Average Value
:0 W
Power Current Current
:0 mA
Power Current Voltage
:54.0 V
Power Software Version
:512
Power Hardware Version
:000
1.1.4 display poe pse

Syntax
display poe pse
View
Any view
Parameter
None
Description
Using the display poe pse command, you can view the parameters of all boards that
serves as a power sourcing equipment (PSE).
Example
# Display the parameters of all boards that serves as a power sourcing equipment
(PSE).
<Quidway> display poe pse
Power Current Value
:450 W
Power Max Value
:806 W
Power Peak Value
:700 W
Power Average Value
:475 W
Software Version
:290
Hardware Version
:000
CPLD Version
:000

1-6

1.1.5 poe enable

Syntax
poe enable
undo poe enable
View
Ethernet port view
Parameter
None
Description
Using the poe enable command, you can enable the PoE feature on a port.
Using the undo poe enable command, you can disable the PoE feature on a port.
By default, the PoE is enabled on each port when it is enabled on the board.
Example
# Disable PoE on the current port.

[Quidway-Ethernet3/0/1] undo poe enable
# Enable PoE on the current port.

[Quidway-Ethernet3/0/1] poe enable
1.1.6 poe enable slot

Syntax
poe enable slot slot-num
undo poe enable slot slot-num
View
System view

1-7

Parameter
Description
Using the poe enable slot command, you can enable the PoE feature on a board.
Using the undo poe enable slot command, you can restore the default PoE status on
the board.
By default, the PoE on each board is disabled.
Note:
z
Before enabling PoE power supply mode, you need first to ensure that the
remaining power output is not less than the full value required for the board.
Otherwise, do not enable PoE power supply mode.
After PoE power supply mode is enalbed on a board, the rated power output shall
be reserved for the slot enen when the board is removed from the slot. You need
to release this power output using the undo poe enable slot command.
If you insert a board where PoE is not supported into the slot for which a rated
power output is reserved, the power output reserved shall be released.
If you insert a PoE-supported board of another type in the slot for which a rated
power output is reserved, the switch still delivers a power output of the original
value.
Example
# Enable PoE on a board.
[Quidway] poe enable slot 3

# Disable PoE on the board.
[Quidway] undo poe enable slot 3
1.1.7 poe legacy enable slot

Syntax
poe legacy enable slot slot-num
undo poe legacy enable slot slot-num
View
System view

1-8

Parameter
Description
Using the poe legacy enable slot command, you can enable PoE-compatibility
detection on the board to check if the connected PDs are IEEE802.3af-compatible.
Using the undo poe legacy slot command, you can disable the PoE-compatibility
detection on the board.
By default, PoE-compatibility detection is not enabled on the board.
The switch can detect the PDs incompatible with IEEE802.3af and deliver current to
them over the Ethernet ports.
Caution:
PoE-compatibility detection process is very slow and has impact on the system
performance, so you are recommended not to enable the PoE-compatibility detection
on a board if all PDs connected are IEEE802.3af-compatible.
Example
# Enable PoE-compatibility detection on the PoE board in slot 2.
[Quidway] poe enable slot 2

[Quidway] poe legacy enable slot 2
1.1.8 poe max-power

Syntax
poe max-power max-power
undo poe max-power
View
Ethernet port view
Parameter
max-power: Maximum power distributed to the port, ranging from 1000 to 15400 mW.

1-9

Description
Using the poe max-power command, you can set the maximum power on current port.
Using the undo poe max-power command, you can restore the default maximum
power on current port.
By default, the maximum power on a port is 15400 mW.
Example
# Set the maximum power on current port.

[Quidway-Ethernet3/0/1] poe max-power 12000
# Restore the default maximum power on current port.

[Quidway-Ethernet3/0/1] undo poe max-power
1.1.9 poe max-power slot

Syntax
poe max-power max-power slot slot-num
undo poe max-power slot slot-num
View
System view
Parameter
max-power: Maximum power distributed to the board, ranging from 37 to 806 W.
Description
Using the poe max-power command, you can set the maximum power on a board.
Using the undo poe max-power command, you can restore the default maximum
power on the board.
By default, the maximum power on a board is 37 W.

1-10

Example
# Set the maximum power on a board.
[Quidway] poe max-power 400 slot 3

# Restore the default maximum power on the board.
[Quidway] undo poe max-power slot 3
1.1.10 poe mode

Syntax
poe mode { signal | spare }
undo poe mode
View
Ethernet port view
Parameter
signal: The port will supply power through signal lines.
spare: The port will supply power through spare lines
Description
Using the poe mode command, you can configure the power feeding mode on current
port.
Using the undo poe mode command, you can restore the default mode on current
port.
By default, the port adopts signal lines to supply power
Note that S6506 switch currently does not support the spare mode. If a PD only
supports the spare mode, a conversion will be needed.
Example
# Configure the power feeding mode on current port to auto.

[Quidway-Ethernet3/0/1] poe mode signal
1-11

1.1.11 poe power max-value

Syntax
poe power max-value max-value
View
System view
Parameter
max-value: Maximum PoE power output on the switch, ranging from 37 to 2400 W.
Description
By default, maximum PoE power output on the switch is 2400 W.Using the poe power
max-value command, you can set the maximum power that can be supplied externally
by the switch.
Note:
This command works only when the power you specified is greater than the power that
has been distributed to the boards.
Example
# Set the maximum power supplied externally by the switch to 2000 W.
[Quidway] poe power max-value 2000
1.1.12 poe power-management

Syntax
poe power-management { auto | manual } slot slot-num
View
System view
Parameter
auto: Configures the PoE management mode of the switch to auto.
manual: Configures the PoE management mode of the switch to manual.

1-12

Description
Using the poe power-management command, you can configure the PoE
management mode of the switch.
Using the undo poe power-management command, you can restore the default
mode.
By default, the PoE management mode of the switch is auto.
This command and the port priority settings will work together to control the power
feeding of the switch when the switch is reaching its full power load in power supply.
z
auto mode: When the switch is reaching its full load in supplying power, it will first
supply power to the PDs that are connected to the ports with critical priority, and
secondly supply power to the PDs that are connected to the ports with high priority.
For example: Port A has the priority of critical. When the switch is reaching full
load and a new PD is now added to the port A, the switch will power down a PD
that is connected to a port with the lowest priority and turn to feed this new PD.
manual mode: When the switch is reaching its full load in supplying power
externally and a new PD is added, it will neither take the priority into account nor
make change to its original power supply status; only the infomation about the
newly added device is provided. For example: Port A has the priority of critical.
When the switch is reaching full load and a new PD is now connected to port A, the
switch does not supply power to this new device.
Example
# Configure the PoE management mode of the switch on slot 3 to auto.
[Quidway] poe power-management auto slot 3
1.1.13 poe priority

Syntax
poe priority { critical | high | low }
undo poe priority
View
Ethernet port view
Parameter
critical: Sets the port priority to critical.
high: Sets the port priority to high.

1-13

low: Sets the port priority to the low.
Description
Using the poe priority command, you can configure the power supply priority on a port.
Using the undo poe priority command, you can restore the default priority.
By default, the port priority is low.
Note:
This command is used together with the poe power-management command, and
takes effect when the PoE power output of the switch reaches nearly to its maximum
value.
Example
# Set the port priority to critical.

[Quidway-Ethernet3/0/1] poe priority critical
# Restore the default priority.

[Quidway-Ethernet3/0/1] undo poe priority

1-14

Chapter 2 PoE PSU Supervision Configuration

Commands

Commands
2.1 PoE PSU Supervision Display Commands
2.1.1 display poe-power ac-input state
Syntax
display poe-power ac-input state
View
Any view
Parameter
None
Description
Use the display poe-power ac-input state command to display the AC input state of
the PoE power supply units (PSUs) contained in the external PoE power supply
system.
Example
# Display the AC input state of the external PoE PSUs.
<Quidway> display poe-power ac-input state
PSU 1 AC Input State : Lack Phrase
PSU 2 AC Input State : Normal
PSU 3 AC Input State : Lack Phrase

2-1


Commands
Table 2-1 Description on the fields of the display poe-power ac-input state
command
Field
Description
Normal: The AC input is normal.
Lack Phrase: The PSU is idle.
PSU 1 AC Input State:

(AC input state of PoE PSU 1)
Under Limit: The AC input voltage is lower than

the lower threshold.
Upper Limit: The AC input voltage is higher than
the upper threshold.
Fuse Broken: The fuse is blown.
Switch Off: The switch is off.
2.1.2 display poe-power alarm

Syntax
display poe-power alarm
View
Any view
Parameter
None
Description
Use the display poe-power alarm command to display the detailed alarm information
about the external PoE PSUs.
Example
# Display the detailed alarm information about the external PoE PSUs.
<Quidway> display poe-power alarm
PSU alarm detail:
Number of PSUs
: 3
PSU 1
: Absent
PSU 2
: NORMAL
PSU 3
: Absent
Normal.

2-2


Commands
Table 2-2 Description on the fields of the display poe-power alarm command
Field
Description
NORMAL: No alarm.
NOTLINK: The PSU is not linked (the controller fails to
communicate with this PSU or the PSU is not inserted). You
can clear the error by power-cycling the PSU or inserting a
PSU).
INERROR: PSU input error (AC input undervoltage). Restoring
the normal AC input can clear the error.
PSU 1 alarm:
(alarm
information about
PoE PSU1)
OUTERROR: PSU output error (No normal DC output from the

PSU).
HIGHVOL: Overvoltage on the PSU (the PSU is shut down).
HIGHTEP: It is overheated in the PSU.
FANERROR: The fan is faulty.
CLOSE: The PSU is shut down.
CURLIMIT: The current of the PSU is limited.
Absent: The PSU is absent.
2.1.3 display poe-power dc-output state

Syntax
display poe-power dc-output state
View
Any view
Parameter
None
Description
Use the display poe-power dc-output state command to display the DC output state
of the in-use PoE PSUs.
Example
# Display the DC output states of the in-use PoE PSUs.
<Quidway> display poe-power dc-output state
DC Output State : Normal

2-3


Commands
Table 2-3 Description on the fields of the display poe-power dc-output state
command
Field
Description
Normal: The DC output is normal.
Under Limit: The DC output voltage is lower than the
lower threshold.
DC Output State:
(DC output state of the
external PoE PSU)
Upper Limit: The DC output voltage is higher than the

upper threshold.
Fuse Broken: The fuse is blown.
Switch Off: The switch is off.
Hardware Fault: There is a hardware fault.
2.1.4 display poe-power dc-output value

Syntax
display poe-power dc-output value
View
Any view
Parameter
None
Description
Use the display poe-power dc-output value command to display the DC output
voltage/current values of the external PoE PSUs.
Example
# Display the DC output voltage/current values of the external PoE PSUs.
<Quidway> display poe-power dc-output value
DC Output Voltage : 53.997
DC Output Current : 0.350 A
2.1.5 display poe-power switch state

Syntax
display poe-power switch state

2-4


Commands
View
Any view
Parameter
None
Description
Use the display poe-power switch state command to display the number and current
state of the AC power distribution switches in the external PoE PSU.
Example
# Display the number and current state of the AC power distribution switches.
<Quidway> display poe-power switch state
Switch Number : 0
Note:
Currently, the S6500 series do not use any AC power distribution switch, so the
returned value is always 0.
2.1.6 display supervision-module information

Syntax
display supervision-module information
View
Any view
Parameter
None
Description
Use the display supervision-module information command to display the basic
information about the external PoE power supply system, including the software name
and version of the supervision module used to monitor this system, the model,
specifications and output power of the system, and so on.
Example
# Display the information about the PoE PSUs.
2-5


Commands
<Quidway> display supervision-module information

Supervision Module Version
: 2.6
Supervision Module Name
: Spring Pms
Power Type
: PSE2500-A
Power Rating Value
: 2400 W
Power Current Value
: 1502 W
Power Peak Value
: 1506 W
Power Average Value
: 1482 W
PSU Number
: 1
PSU 2
Rating Output Power
: 2500 W (220V)/1250 W(110V)
Hard Version Info
: NP Series
Table 2-4 Description on the fields of the display supervision-module information

command
Field
Description
Supervision Module Version
Software version of the supervision module
Supervision Module Name
Software name of the supervision module
Power Type
Model of the external PoE PSUs
Power Rating Value
Rated power of the external PoE PSUs
Power Current Value
Current power of the external PoE PSUs
Power Peak Value
Peak power of the external PoE PSUs
Power Average Value
Mean power of the external PoE PSUs
Rating Output Power
Rated output power of the PSU: 2500 W for 220 VAC

input, 1250 W for 110 VAC input
Hard Version Info
Hardware version information of the external PoE

PSUs
2.2 PoE PSU Supervision Configuration Commands

2.2.1 poe-power input-thresh lower
Syntax
poe-power input-thresh lower string
View
System view

2-6


Commands
Parameter
string: Undervoltage alarm threshold in volts (V). The format is X.X.
z
For 220 VAC input, it ranges from 176.0V to 264.0V and is recommended to be
181.0V.
90.0V.
Description
Use the poe-power input-thresh lower command to set the undervoltage alarm
threshold of AC input for the external PoE PSUs.
Example
# Set the undervoltage alarm threshold of AC input for the external PoE PSUs to 181.0
V.
[Quidway] poe-power input-thresh lower 181.0

Set lower input-threshold power successfully!
2.2.2 poe-power input-thresh upper

Syntax
poe-power input-thresh upper string
View
System view
Parameter
string: Overvoltage alarm threshold in volts (V). The format is X.X.
z
264.0 V.
132.0V.
Description
Use the poe-power input-thresh upper command to set the overvoltage alarm
threshold of AC input for the external PoE PSUs.
Example
# Set the overvoltage alarm threshold of AC input for the external PoE PSUs to 264.0 V.

2-7


Commands
[Quidway] poe-power input-thresh upper 264.0

Set upper input-threshold power successfully!
2.2.3 poe-power output-thresh lower

Syntax
poe-power output-thresh lower string
View
System view
Parameter
string: Undervoltage alarm threshold in volts (V). The format is X.X and the range is
45.0 to 47.0.
Description
Use the poe-power output-thresh lower command to set the undervoltage alarm
threshold of DC output for the external PoE PSUs.
For 220 VAC or 110 VAC input, it is recommended to set the threshold to 47.0 V.
Example
# Set the undervoltage DC output undervoltage alarm threshold for the external PoE
PSUs to 47.0 V.
[Quidway] poe-power output-thresh lower 47.0

Set lower output-threshold power successfully!
2.2.4 poe-power output-thresh upper

Syntax
poe-power output-thresh upper string
View
System view

2-8


Commands
Parameter
string: Overvoltage alarm threshold in volts (V). The format is X.X and the range is 55.0
to 57.0.
Description
Use the poe-power output-thresh upper command to set the overvoltage alarm
threshold of DC output for the external PoE PSUs
For 220 VAC or 110 VAC input, it is recommended to set the threshold to 55.0 V.
Example
# Set the overvoltage alarm threshold of DC output for the external PoE PSUs to 55.0
V.
[Quidway] poe-power output-thresh upper 55.0

Set upper output-threshold power successfully!

2-9
HUAWEI

Command Manual
Appendix
Command Manual - Command Index

Appendix A Command Indexx
Appendix A Command Index

The command index includes all the commands in the Quidway S6500 Series Ethernet Switches
Command Manual, which are arranged alphabetically.
ABCDEFGHIJKLMNOPQRSTUVWXYZ
A
abr-summary
Multicast Protocol
3-1
access-limit
Reliability
2-1
accounting optional
Reliability
2-21
accounting-on enable
Reliability
2-20
acl
STP
1-1
acl
STP
3-1
acl mode
STP
1-3
active region-configuration
Security
1-1
address-check
Routing Protocol
5-1
address-check dhcp-relay
Routing Protocol
5-1
address-check no-matched
Routing Protocol
5-2
aggregate
Multicast Protocol
5-1
apply as-path
Multicast Protocol
6-1
apply community
Multicast Protocol
6-2
apply cost
Multicast Protocol
6-3
apply cost-type
Multicast Protocol
6-3
apply ip next-hop
Multicast Protocol
6-4
apply isis
Multicast Protocol
6-5
apply local-preference
Multicast Protocol
6-5
apply origin
Multicast Protocol
6-6
apply tag
Multicast Protocol
6-7
area
Multicast Protocol
3-2
area-authentication-mode
Multicast Protocol
4-1
arp check enable
Routing Protocol
2-1
arp proxy enable
Routing Protocol
4-1

A-1

arp source-suppression limit
Routing Protocol
3-1
arp static
Routing Protocol
2-1
arp timer aging
Routing Protocol
2-2
asbr-summary
Multicast Protocol
3-2
ascii
PoE
1-25
attribute
Reliability
2-1
authentication-mode
Port
1-1
authentication-mode
Multicast Protocol
3-3
auto-execute command
Port
1-2
bgp
Multicast Protocol
5-2
binary
PoE
1-25
boot boot-loader
PoE
3-1
boot bootrom
PoE
3-2
bootrom-update security-check enable
PoE
3-3
bridgemactocpu
PoE
2-1
broadcast-suppression
VLAN
1-1
broadcast-suppression
Network Protocol
1-1
bsr-policy
QoS/ACL
5-1
bye
PoE
1-26
c-bsr
QoS/ACL
5-2
cd
PoE
1-1
cd
PoE
1-26
cdup
PoE
1-27
check region-configuration
Security
1-1
checkzero
Multicast Protocol
2-1
clock datetime
PoE
4-1
clock summer-time
PoE
4-1
clock timezone
PoE
4-3
close
PoE
1-27
command-privilege level
Port
1-2

A-2

compare-different-as-med
Multicast Protocol
5-3
confederation id
Multicast Protocol
5-4
confederation nonstandard
Multicast Protocol
5-5
confederation peer-as
Multicast Protocol
5-5
copy
PoE
1-2
copy configuration
VLAN
1-2
cost-style
Multicast Protocol
4-2
c-rp
QoS/ACL
5-3
crp-policy
QoS/ACL
5-4
cut connection
Reliability
2-3
dampening
Multicast Protocol
5-6
databits
Port
1-3
data-flow-format
Reliability
2-22
debugging
PoE
1-28
debugging
PoE
4-7
debugging arp
Routing Protocol
2-3
debugging bgp
Multicast Protocol
5-7
debugging dhcp-relay
Routing Protocol
5-3
debugging gmrp
QoS/ACL
1-1
debugging igmp
QoS/ACL
4-1
debugging isis
Multicast Protocol
4-3
debugging lacp packet
VLAN
2-2
debugging lacp state
VLAN
2-3
debugging link-aggregation error
VLAN
2-1
debugging link-aggregation event
VLAN
2-1
debugging multicast forwarding
QoS/ACL
3-1
debugging multicast kernel-routing
QoS/ACL
3-2
debugging multicast status-forwarding
QoS/ACL
3-2
debugging ntp-service
PoE
7-1
debugging ospf
Multicast Protocol
3-4
debugging pim common
QoS/ACL
5-5
debugging pim dm
QoS/ACL
5-6

A-3

debugging pim sm
QoS/ACL
5-6
debugging ssh server
PoE
8-1
debugging vrrp
System Management
1-1
default cost
Multicast Protocol
2-2
default cost
Multicast Protocol
3-5
default interval
Multicast Protocol
3-6
default limit
Multicast Protocol
3-6
default local-preference
Multicast Protocol
5-8
default med
Multicast Protocol
5-9
default tag
Multicast Protocol
3-7
default type
Multicast Protocol
3-8
default-cost
Multicast Protocol
3-8
default-route-advertise
Multicast Protocol
3-9
default-route-advertise
Multicast Protocol
4-4
delete
PoE
1-2
delete
PoE
1-28
delete static-routes all
Multicast Protocol
1-15
description
VLAN
1-3
description
Network Protocol
1-2
dhcp-security static
Routing Protocol
5-4
dhcp-server
Routing Protocol
5-5
dhcp-server ip
Routing Protocol
5-6
dir
PoE
1-3
dir
PoE
1-29
disconnect
PoE
1-30
display acl config
STP
1-4
display acl mode
STP
1-5
display acl running-packet-filter
STP
1-6
display arp
Routing Protocol
2-4
display arp |
Routing Protocol
2-5
display arp interface
Routing Protocol
2-6
display arp proxy
Routing Protocol
4-1
display arp slot
Routing Protocol
2-7
display arp source-suppression
Routing Protocol
3-2

A-4

display arp timer aging
Routing Protocol
2-7
display arp vlan
Routing Protocol
2-8
display backboard view
PoE
3-4
display bgp group
Multicast Protocol
5-9
display bgp network
Multicast Protocol
5-11
display bgp paths
Multicast Protocol
5-11
display bgp peer
Multicast Protocol
5-12
display bgp routing-table
Multicast Protocol
5-14
display bgp routing-table as-path-acl
Multicast Protocol
5-15
display bgp routing-table cidr
Multicast Protocol
5-17
display bgp routing-table community
Multicast Protocol
5-18
display bgp routing-table community-list
Multicast Protocol
5-18
display bgp routing-table dampened
Multicast Protocol
5-19
display bgp routing-table different-origin-as
Multicast Protocol
5-21
display bgp routing-table flap-info
Multicast Protocol
5-22
display bgp routing-table peer
Multicast Protocol
5-23
display bgp routing-table regular-expression
Multicast Protocol
5-24
display bgp routing-table statistic
Multicast Protocol
5-25
display boot-loader
PoE
3-4
display channel
PoE
4-13
display clock
PoE
4-4
display connection
Reliability
2-4
display cpu
PoE
3-5
display current-configuration
PoE
1-12
display debugging
PoE
4-5
display debugging ospf
Multicast Protocol
3-10
display device
PoE
3-5
display dhcp-security
Routing Protocol
5-6
display dhcp-server
Routing Protocol
5-7
display dhcp-server interface vlan-interface
Routing Protocol
5-9
display diagnostic-information
PoE
4-8
display domain
Reliability
2-5
display dot1x
Reliability
1-1
display environment
PoE
3-7

A-5

display fan
PoE
3-7
display fib
Routing Protocol
6-1
display ftp-server
PoE
1-22
display ftp-user
PoE
1-23
display garp statistics
Network Protocol
2-1
display garp timer
Network Protocol
2-2
display gmrp statistics
QoS/ACL
1-1
display gmrp status
QoS/ACL
1-2
display gvrp statistics
Network Protocol
2-5
display gvrp status
Network Protocol
2-6
display history-command
Port
1-4
display icmp statistics
Routing Protocol
6-2
display igmp group
QoS/ACL
4-2
display igmp interface
QoS/ACL
4-3
display igmp-snooping configuration
QoS/ACL
2-1
display igmp-snooping group
QoS/ACL
2-2
display igmp-snooping statistics
QoS/ACL
2-3
display info-center
PoE
4-13
display interface
VLAN
1-3
display interface vlan-interface
Network Protocol
1-3
display ip host
Routing Protocol
1-1
display ip interface
Routing Protocol
1-1
display ip ip-prefix
Multicast Protocol
6-7
display ip routing-table
Multicast Protocol
1-1
display ip routing-table acl
Multicast Protocol
1-2
display ip routing-table ip_address
Multicast Protocol
1-6
display ip routing-table ip_address1 ip_address2
Multicast Protocol
1-8
display ip routing-table ip-prefix
Multicast Protocol
1-9
display ip routing-table protocol
Multicast Protocol
1-10
display ip routing-table radix
Multicast Protocol
1-11
display ip routing-table statistics
Multicast Protocol
1-13
display ip routing-table verbose
Multicast Protocol
1-14
display ip socket
Routing Protocol
6-3
display ip statistics
Routing Protocol
6-5

A-6

display ipx interface
Routing Protocol
7-1
display ipx routing-table
Routing Protocol
7-2
display ipx service-table
Routing Protocol
7-4
display ipx statistics
Routing Protocol
7-5
display isis brief
Multicast Protocol
4-5
display isis interface
Multicast Protocol
4-6
display isis lsdb
Multicast Protocol
4-7
display isis mesh-group
Multicast Protocol
4-7
display isis peer
Multicast Protocol
4-8
display isis route
Multicast Protocol
4-9
display isis spf-log
Multicast Protocol
4-10
display lacp system-id
VLAN
2-6
display link-aggregation interface
VLAN
2-5
display link-aggregation summary
VLAN
2-3
display link-aggregation verbose
VLAN
2-4
display local-server statistics
Reliability
2-23
display local-user
Reliability
2-6
display logbuffer
PoE
4-14
display logbuffer summary
PoE
4-16
display mac-address
PoE
2-2
display mac-address aging-time
PoE
2-1
display mac-address multicast
QoS/ACL
6-2
display mac-address multicast count
QoS/ACL
6-2
display memory
Multicast Protocol
7-1
display memory
PoE
3-8
display memory limit
Multicast Protocol
7-2
display mirroring-group
STP
2-1
display multicast forwarding-table
QoS/ACL
3-3
display multicast routing-table
QoS/ACL
3-4
display ntp-service sessions
PoE
7-2
display ntp-service status
PoE
7-2
display ntp-service trace
PoE
7-4
display ospf abr-asbr
Multicast Protocol
3-11
display ospf asbr-summary
Multicast Protocol
3-12

A-7

display ospf brief
Multicast Protocol
3-13
display ospf cumulative
Multicast Protocol
3-15
display ospf error
Multicast Protocol
3-17
display ospf interface
Multicast Protocol
3-19
display ospf lsdb
Multicast Protocol
3-20
display ospf nexthop
Multicast Protocol
3-23
display ospf peer
Multicast Protocol
3-24
display ospf request-queue
Multicast Protocol
3-26
display ospf retrans-queue
Multicast Protocol
3-27
display ospf routing
Multicast Protocol
3-28
display ospf vlink
Multicast Protocol
3-29
display pim bsr-info
QoS/ACL
5-7
display pim interface
QoS/ACL
5-8
display pim neighbor
QoS/ACL
5-9
display pim routing-table
QoS/ACL
5-10
display pim rp-info
QoS/ACL
5-11
display poe interface
Getting Started
1-1
display poe interface power
Getting Started
1-3
display poe powersupply
Getting Started
1-5
display poe pse
Getting Started
1-6
display poe-power ac-input state
Getting Started
2-1
display poe-power alarm
Getting Started
2-2
display poe-power dc-output state
Getting Started
2-3
display poe-power dc-output value
Getting Started
2-4
display poe-power switch state
Getting Started
2-4
display port
VLAN
1-6
display port vlan-vpn
VLAN
1-7
display power
PoE
3-9
display priority-trust
STP
2-1
display protocol-vlan interface
Network Protocol
1-8
display protocol-vlan vlan
Network Protocol
1-9
display qos cos-local-precedence-map
STP
2-2
display qos-interface all
STP
2-3
display qos-interface line-rate
STP
2-6

A-8

display qos-interface queue-scheduler
STP
2-7
display qos-interface traffic-bandwidth
STP
2-8
display qos-interface traffic-limit
STP
2-10
display qos-interface traffic-priority
STP
2-11
display qos-interface traffic-red
STP
2-12
display qos-interface traffic-redirect
STP
2-13
display qos-interface traffic-statistic
STP
2-14
display radius
Reliability
2-24
display radius statistics
Reliability
2-25
display rip
Multicast Protocol
2-2
display rip routing
Multicast Protocol
2-3
display rmon alarm
PoE
6-1
display rmon event
PoE
6-2
display rmon eventlog
PoE
6-3
display rmon history
PoE
6-4
display rmon prialarm
PoE
6-5
display rmon statistics
PoE
6-7
display route-policy
Multicast Protocol
6-8
display rsa local-key-pair public
PoE
8-2
display rsa peer-public-key
PoE
8-2
display saved-configuration
PoE
1-17
display schedule reboot
PoE
3-9
display snmp-agent
PoE
5-1
display snmp-agent community
PoE
5-1
display snmp-agent group
PoE
5-2
display snmp-agent mib-view
PoE
5-3
display snmp-agent statistics
PoE
5-5
display snmp-agent sys-info contact
PoE
5-7
display snmp-agent sys-info location
PoE
5-7
display snmp-agent sys-info version
PoE
5-8
display snmp-agent usm-user
PoE
5-8
display ssh server
PoE
8-3
display ssh user-information
PoE
8-4
display startup
PoE
1-19

A-9

display stop-accounting-buffer
Reliability
2-26
display stp
Security
1-3
display stp region-configuration
Security
1-5
display supervision-module information
Getting Started
2-5
display supervlan
Network Protocol
3-1
display switchover state
System Management
2-1
display tcp statistics
Routing Protocol
6-6
display tcp status
Routing Protocol
6-8
display this
PoE
1-19
display time-range
STP
1-7
display udp statistics
Routing Protocol
6-8
display uplink monitor
PoE
3-10
display user-interface
Port
1-4
display users
Port
1-6
display users
PoE
4-5
display version
PoE
4-6
display vlan
Network Protocol
1-3
display vrrp
System Management
1-1
domain
Reliability
2-8
domain-authentication-mode
Multicast Protocol
4-11
dot1x
Reliability
1-2
dot1x authentication-method
Reliability
1-3
dot1x dhcp-launch
Reliability
1-4
dot1x guest-vlan
Reliability
1-5
dot1x max-user
Reliability
1-6
dot1x port-control
Reliability
1-7
dot1x port-method
Reliability
1-8
dot1x quiet-period
Reliability
1-9
dot1x re-authenticate
Reliability
1-10
dot1x retry
Reliability
1-11
dot1x retry-version-max
Reliability
1-12
dot1x supp-proxy-check
Reliability
1-12
dot1x timer
Reliability
1-14
dot1x version-check
Reliability
1-15

A-10

duplex
VLAN
1-8
enable snmp trap
PoE
5-9
execute
PoE
1-4
file prompt
PoE
1-5
filter-policy export
Multicast Protocol
2-4
Multicast Protocol
3-30
Multicast Protocol
4-12
Multicast Protocol
5-25
Multicast Protocol
6-9
filter-policy import
Multicast Protocol
2-5
Multicast Protocol
3-31
Multicast Protocol
4-13
Multicast Protocol
5-26
Multicast Protocol
6-10
fixdisk
PoE
1-5
flow-control
Port
1-7
flow-control
VLAN
1-8
format
PoE
1-6
free user-interface
Port
1-7
ftp
PoE
1-30
ftp server
PoE
1-24
ftp timeout
PoE
1-24
garp timer
Network Protocol
2-2
garp timer leaveall
Network Protocol
2-4
get
PoE
1-31
gmrp
QoS/ACL
1-3
gratuitous-arp-learning enable
Routing Protocol
2-9
group
Multicast Protocol
5-27
E
F

A-11

gvrp
Network Protocol
2-6
gvrp registration
Network Protocol
2-7
header
Port
1-8
history-command max-size
Port
1-10
host-route
Multicast Protocol
2-6
idle-cut
Reliability
2-9
idle-timeout
Port
1-10
if-match { acl | ip-prefix }
Multicast Protocol
6-11
if-match as-path
Multicast Protocol
6-12
if-match community
Multicast Protocol
6-12
if-match cost
Multicast Protocol
6-13
if-match interface
Multicast Protocol
6-14
if-match ip next-hop
Multicast Protocol
6-14
if-match tag
Multicast Protocol
6-15
igmp enable
QoS/ACL
4-3
igmp group-limit
QoS/ACL
4-4
igmp group-policy
QoS/ACL
4-5
igmp group-policy vlan
QoS/ACL
4-6
igmp host-join
QoS/ACL
4-7
igmp host-join port
QoS/ACL
4-7
igmp host-join vlan
QoS/ACL
4-8
igmp lastmember-queryinterval
QoS/ACL
4-9
igmp max-response-time
QoS/ACL
4-10
igmp robust-count
QoS/ACL
4-10
igmp timer other-querier-present
QoS/ACL
4-12
igmp timer query
QoS/ACL
4-12
igmp version
QoS/ACL
4-13
igmp-snooping
QoS/ACL
2-3
igmp-snooping host-aging-time
QoS/ACL
2-4
igmp-snooping max-response-time
QoS/ACL
2-5

A-12

igmp-snooping router-aging-time
QoS/ACL
2-6
ignore-lsp-checksum-error
Multicast Protocol
4-14
import-route
Multicast Protocol
2-7
import-route
Multicast Protocol
3-32
import-route
Multicast Protocol
4-14
import-route
Multicast Protocol
5-28
import-route isis level-2 into level-1
Multicast Protocol
4-15
inboundcar
STP
2-16
info-center channel name
PoE
4-17
info-center console channel
PoE
4-18
info-center enable
PoE
4-19
info-center logbuffer
PoE
4-19
info-center loghost
PoE
4-20
info-center loghost source
PoE
4-21
info-center monitor channel
PoE
4-22
info-center snmp channel
PoE
4-22
info-center source
PoE
4-23
info-center timestamp
PoE
4-26
info-center trapbuffer
PoE
4-27
instance
Security
1-6
interface
VLAN
1-9
interface vlan-interface
Network Protocol
1-4
ip
Routing Protocol
6-9
ip address
Routing Protocol
1-3
ip as-path-acl
Multicast Protocol
5-28
ip community-list
Multicast Protocol
5-29
ip forward-broadcast
Routing Protocol
6-10
ip host
Routing Protocol
1-4
ip ip-prefix
Multicast Protocol
6-16
ip route-static
Multicast Protocol
1-16
ip route-static default-preference
Multicast Protocol
1-17
ipx enable
Routing Protocol
7-6
ipx encapsulation
Routing Protocol
7-7
ipx netbios-propagation
Routing Protocol
7-7

A-13

ipx network
Routing Protocol
7-8
ipx rip import-route static
Routing Protocol
7-9
ipx rip mtu
Routing Protocol
7-9
ipx rip multiplier
Routing Protocol
7-10
ipx rip timer update
Routing Protocol
7-10
ipx route load-balance-path
Routing Protocol
7-11
ipx route max-reserve-path
Routing Protocol
7-12
ipx route-static
Routing Protocol
7-12
ipx sap disable
Routing Protocol
7-13
ipx sap gns-disable-reply
Routing Protocol
7-14
ipx sap gns-load-balance
Routing Protocol
7-14
ipx sap max-reserve-servers
Routing Protocol
7-15
ipx sap mtu
Routing Protocol
7-16
ipx sap multiplier
Routing Protocol
7-16
ipx sap timer update
Routing Protocol
7-17
ipx service
Routing Protocol
7-17
ipx split-horizon
Routing Protocol
7-18
ipx tick
Routing Protocol
7-19
ipx update-change-only
Routing Protocol
7-19
isis
Multicast Protocol
4-16
isis authentication-mode
Multicast Protocol
4-17
isis circuit-level
Multicast Protocol
4-18
isis cost
Multicast Protocol
4-19
isis dis-priority
Multicast Protocol
4-20
isis enable
Multicast Protocol
4-20
isis mesh-group
Multicast Protocol
4-21
isis timer csnp
Multicast Protocol
4-22
isis timer hello
Multicast Protocol
4-23
isis timer holding-multiplier
Multicast Protocol
4-24
isis timer lsp
Multicast Protocol
4-25
isis timer retransmit
Multicast Protocol
4-25
is-level
Multicast Protocol
4-26
J
A-14

jumboframe enable
VLAN
1-13
Reliability
2-27
lacp enable
VLAN
2-7
lacp port-priority
VLAN
2-7
lacp system-priority
VLAN
2-8
language-mode
Port
1-11
lcd
PoE
1-31
level
Reliability
2-10
line-rate
STP
2-17
link-aggregation
VLAN
2-9
link-aggregation group description
VLAN
2-9
link-aggregation group mode
VLAN
2-10
local-server
Reliability
2-28
local-user
Reliability
2-11
local-user password-display-mode
Reliability
2-11
lock
Port
1-12
log-peer-change
Multicast Protocol
4-27
loopback-detection control enable
VLAN
1-10
loopback-detection enable
VLAN
1-11
loopback-detection interval-time
VLAN
1-11
loopback-detection per-vlan enable
VLAN
1-12
ls
PoE
1-32
mac-address
PoE
2-3
mac-address max-mac-count
PoE
2-4
mac-address multicast
QoS/ACL
6-1
mac-address timer
PoE
2-5
md5-compatible
Multicast Protocol
4-27
mdi
VLAN
1-13
K
key

A-15

memory { safety | limit }
Multicast Protocol
7-3
memory auto-establish disable
Multicast Protocol
7-4
memory auto-establish enable
Multicast Protocol
7-5
messenger
Reliability
2-12
mirroring-group
STP
2-18
mkdir
PoE
1-7
mkdir
PoE
1-33
modem
Port
1-12
modem auto-answer
Port
1-13
modem timer answer
Port
1-13
more
PoE
1-7
move
PoE
1-8
multicast route-limit
QoS/ACL
3-6
multicast routing-enable
QoS/ACL
3-6
multicast-suppression
VLAN
1-14
name
Network Protocol
1-5
name
Reliability
2-13
nas-ip
Reliability
2-29
network
Multicast Protocol
2-8
network
Multicast Protocol
3-33
network
Multicast Protocol
5-30
network-entity
Multicast Protocol
4-28
nssa
Multicast Protocol
3-34
ntp-service access
PoE
7-4
ntp-service authentication enable
PoE
7-5
ntp-service authentication-keyid
PoE
7-6
ntp-service broadcast-client
PoE
7-6
ntp-service broadcast-server
PoE
7-7
ntp-service disable
PoE
7-8
ntp-service in-interface disable
PoE
7-8
ntp-service max-dynamic-sessions
PoE
7-9
ntp-service multicast-client
PoE
7-10

A-16

ntp-service multicast-server
PoE
7-10
ntp-service refclock-master
PoE
7-11
ntp-service reliable authentication-keyid
PoE
7-12
ntp-service source-interface
PoE
7-13
ntp-service unicast-peer
PoE
7-14
ntp-service unicast-server
PoE
7-15
open
PoE
1-33
ospf
Multicast Protocol
3-35
ospf authentication-mode
Multicast Protocol
3-36
ospf cost
Multicast Protocol
3-37
ospf dr-priority
Multicast Protocol
3-37
ospf mib-binding
Multicast Protocol
3-38
ospf mtu-enable
Multicast Protocol
3-39
ospf network-type
Multicast Protocol
3-40
ospf timer dead
Multicast Protocol
3-41
ospf timer hello
Multicast Protocol
3-42
ospf timer poll
Multicast Protocol
3-42
ospf timer retransmit
Multicast Protocol
3-43
ospf trans-delay
Multicast Protocol
3-44
packet-filter
STP
1-8
parity
Port
1-14
passive
PoE
1-34
password
Reliability
2-14
pause-protection
PoE
3-10
peer
Multicast Protocol
2-9
peer
Multicast Protocol
3-44
peer advertise-community
Multicast Protocol
5-31
peer allow-as-loop
Multicast Protocol
5-31
peer as-number
Multicast Protocol
5-32
peer as-path-acl export
Multicast Protocol
5-32

A-17

peer as-path-acl import
Multicast Protocol
5-33
peer connect-interface
Multicast Protocol
5-34
peer default-route-advertise
Multicast Protocol
5-35
peer description
Multicast Protocol
5-35
peer ebgp-max-hop
Multicast Protocol
5-36
peer enable
Multicast Protocol
5-36
peer filter-policy export
Multicast Protocol
5-37
peer filter-policy import
Multicast Protocol
5-38
peer group
Multicast Protocol
5-38
peer ip-prefix export
Multicast Protocol
5-39
peer ip-prefix import
Multicast Protocol
5-40
peer next-hop-local
Multicast Protocol
5-41
peer password
Multicast Protocol
5-41
peer public-as-only
Multicast Protocol
5-42
peer reflect-client
Multicast Protocol
5-43
peer route-policy export
Multicast Protocol
5-43
peer route-policy import
Multicast Protocol
5-44
peer route-update-interval
Multicast Protocol
5-45
peer timer
Multicast Protocol
5-45
peer-public-key end
PoE
8-5
pim
QoS/ACL
5-12
pim bsr-boundary
QoS/ACL
5-12
pim dm
QoS/ACL
5-13
pim neighbor-limit
QoS/ACL
5-14
pim neighbor-policy
QoS/ACL
5-14
pim sm
QoS/ACL
5-15
pim timer hello
QoS/ACL
5-16
ping
PoE
4-9
poe enable
Getting Started
1-7
poe enable slot
Getting Started
1-7
poe legacy enable slot
Getting Started
1-8
poe max-power
Getting Started
1-9
poe max-power slot
Getting Started
1-10
poe mode
Getting Started
1-11

A-18

poe power max-value
Getting Started
1-12
poe power-management
Getting Started
1-12
poe priority
Getting Started
1-13
poe-power input-thresh lower
Getting Started
2-6
poe-power input-thresh upper
Getting Started
2-7
poe-power output-thresh lower
Getting Started
2-8
poe-power output-thresh upper
Getting Started
2-8
port
Network Protocol
1-7
port access vlan
VLAN
1-15
port hybrid protocol-vlan vlan
Network Protocol
1-9
port hybrid pvid vlan
VLAN
1-16
port hybrid vlan
VLAN
1-16
port link-aggregation group
VLAN
2-10
port link-type
VLAN
1-17
port trunk permit vlan
VLAN
1-18
port trunk pvid vlan
VLAN
1-19
preference
Multicast Protocol
2-10
preference
Multicast Protocol
3-45
preference
Multicast Protocol
4-29
preference
Multicast Protocol
5-46
primary accounting
Reliability
2-30
primary authentication
Reliability
2-31
priority
STP
2-19
priority-trust
STP
2-20
product
PoE
3-11
protocol inbound
Port
1-15
protocol inbound
PoE
8-5
protocol-vlan
Network Protocol
1-12
protocol-vlan vlan slot
Network Protocol
1-10
public-key-code begin
PoE
8-6
public-key-code end
PoE
8-7
put
PoE
1-35
pwd
PoE
1-8
pwd
PoE
1-35

A-19

Q
qe monitor
PoE
3-12
qe monitor errpkt
PoE
3-13
qe monitor errpkt check-time
PoE
3-14
qe monitor overflow-threshold
PoE
3-14
qos
STP
2-21
qos cos-local-precedence-map
STP
2-22
queue-scheduler
STP
2-24
quit
Port
1-15
quit
PoE
1-36
radius nas-ip
Reliability
2-32
radius scheme
Reliability
2-32
radius-scheme
Reliability
2-14
rdram
PoE
3-15
reboot
PoE
3-15
reflect between-clients
Multicast Protocol
5-47
reflector cluster-id
Multicast Protocol
5-47
refresh bgp
Multicast Protocol
5-48
region-name
Security
1-6
register-policy
QoS/ACL
5-16
remotehelp
PoE
1-36
rename
PoE
1-9
reset
Multicast Protocol
2-10
reset acl counter
STP
1-10
reset arp
Routing Protocol
2-8
reset bgp
Multicast Protocol
5-49
reset bgp dampening
Multicast Protocol
5-49
reset bgp flap-info
Multicast Protocol
5-50
reset bgp group
Multicast Protocol
5-50
reset counters interface
VLAN
1-19
reset dot1x statistics
Reliability
1-16

A-20

reset garp statistics
Network Protocol
2-4
reset igmp group
QoS/ACL
4-14
reset igmp-snooping statistics
QoS/ACL
2-6
reset ip statistics
Routing Protocol
6-10
reset ipx routing-table statistics protocol
Routing Protocol
7-20
reset ipx statistics
Routing Protocol
7-21
reset isis all
Multicast Protocol
4-29
reset isis peer
Multicast Protocol
4-30
reset lacp statistics
VLAN
2-11
reset logbuffer
PoE
4-27
reset multicast forwarding-table
QoS/ACL
3-7
reset multicast routing-table
QoS/ACL
3-8
reset ospf
Multicast Protocol
3-46
reset pim neighbor
QoS/ACL
5-17
reset pim routing-table
QoS/ACL
5-18
reset radius statistics
Reliability
2-33
reset recycle-bin
PoE
1-10
reset saved-configuration
PoE
1-20
reset stop-accounting-buffer
Reliability
2-34
reset stp
Security
1-7
reset tcp statistics
Routing Protocol
6-11
reset traffic-statistic
STP
2-25
reset trapbuffer
PoE
4-28
reset udp statistics
Routing Protocol
6-11
reset vrrp statistics
System Management
1-3
retry
Reliability
2-35
retry realtime-accounting
Reliability
2-36
retry stop-accounting
Reliability
2-37
return
Port
1-16
revision-level
Security
1-8
rip
Multicast Protocol
2-11
rip authentication-mode
Multicast Protocol
2-12
rip input
Multicast Protocol
2-13
rip metricin
Multicast Protocol
2-14

A-21

rip metricout
Multicast Protocol
2-14
rip output
Multicast Protocol
2-15
rip split-horizon
Multicast Protocol
2-16
rip version
Multicast Protocol
2-16
rip work
Multicast Protocol
2-17
rmdir
PoE
1-10
rmdir
PoE
1-37
rmon alarm
PoE
6-8
rmon event
PoE
6-9
rmon history
PoE
6-10
rmon prialarm
PoE
6-11
rmon statistics
PoE
6-12
route-policy
Multicast Protocol
6-17
router id
Multicast Protocol
3-47
rsa local-key-pair create
PoE
8-8
rsa local-key-pair destroy
PoE
8-9
rsa peer-public-key
PoE
8-10
rule
STP
1-11
save
PoE
1-21
schedule reboot at
PoE
3-16
schedule reboot delay
PoE
3-17
scheme
Reliability
2-15
screen-length
Port
1-16
secondary accounting
Reliability
2-38
secondary authentication
Reliability
2-38
self-service-url
Reliability
2-16
send
Port
1-17
server-type
Reliability
2-39
service-type
Port
1-17
service-type
Reliability
2-17
set authentication password
Port
1-19
set backboard view
PoE
3-18

A-22

set-overload
Multicast Protocol
4-31
shell
Port
1-20
shutdown
VLAN
1-20
shutdown
Network Protocol
1-5
silent-interface
Multicast Protocol
3-48
silent-interface
Multicast Protocol
4-31
slave auto-update config
System Management
2-1
slave restart
System Management
2-2
slave switchover
System Management
2-3
slave update configuration
System Management
2-3
snmp-agent community
STP
3-2
snmp-agent community
PoE
5-11
snmp-agent group
STP
3-3
snmp-agent group
PoE
5-11
snmp-agent local-engineid
PoE
5-10
snmp-agent mib-view
PoE
5-12
snmp-agent packet max-size
PoE
5-13
snmp-agent sys-info
PoE
5-14
snmp-agent target-host
PoE
5-15
snmp-agent trap enable
PoE
5-16
snmp-agent trap enable ospf
Multicast Protocol
3-48
snmp-agent trap life
PoE
5-17
snmp-agent trap queue-size
PoE
5-17
snmp-agent trap source
PoE
5-18
snmp-agent usm-user
STP
3-4
snmp-agent usm-user
PoE
5-19
source-policy
QoS/ACL
5-19
speed
Port
1-21
speed
VLAN
1-21
spf-delay-interval
Multicast Protocol
4-32
spf-schedule-interval
Multicast Protocol
3-49
spf-slice-size
Multicast Protocol
4-33
ssh server authentication-retries
PoE
8-10
ssh server rekey-interval
PoE
8-11

A-23

ssh server timeout
PoE
8-11
ssh user assign rsa-key
PoE
8-12
ssh user username authentication-type
PoE
8-13
startup saved-configuration
PoE
1-22
state
Reliability
2-18
state
Reliability
2-40
static-rp
QoS/ACL
5-20
stop-accounting-buffer enable
Reliability
2-41
stopbits
Port
1-22
stp
Security
1-9
stp bpdu-protection
Security
1-9
stp bridge-diameter
Security
1-10
stp config-digest-snooping
Security
3-1
stp cost
Security
1-11
stp edged-port
Security
1-12
stp interface
Security
1-13
stp interface cost
Security
1-14
stp interface edged-port
Security
1-15
stp interface loop-protection
Security
1-16
stp interface mcheck
Security
1-17
stp interface no-agreement-check
Security
4-1
stp interface point-to-point
Security
1-18
stp interface port priority
Security
1-19
stp interface root-protection
Security
1-20
stp interface transmit-limit
Security
1-21
stp loop-protection
Security
1-21
stp max-hops
Security
1-22
stp mcheck
Security
1-23
stp mode
Security
1-23
stp no-agreement-check
Security
4-2
stp pathcost-standard
Security
1-24
stp point-to-point
Security
1-26
stp port priority
Security
1-27
stp priority
Security
1-27

A-24

stp region-configuration
Security
1-28
stp root primary
Security
1-29
stp root secondary
Security
1-30
stp root-protection
Security
1-31
stp tc-protection
Security
1-32
stp timer forward-delay
Security
1-33
stp timer hello
Security
1-34
stp timer max-age
Security
1-35
stp timer-factor
Security
1-36
stp transmit-limit
Security
1-36
stub
Multicast Protocol
3-50
subvlan
Network Protocol
3-3
summary
Multicast Protocol
2-18
summary
Multicast Protocol
4-34
summary
Multicast Protocol
5-51
super
Port
1-22
super password
Port
1-23
supervlan
Network Protocol
3-3
Syntax
PoE
4-16
sysname
Port
1-24
sysname
PoE
4-3
system-view
Port
1-24
tcp timer fin-timeout
Routing Protocol
6-12
tcp timer syn-timeout
Routing Protocol
6-12
tcp window
Routing Protocol
6-13
telnet
Port
1-25
temperature-limit
PoE
3-19
terminal debugging
PoE
4-28
terminal logging
PoE
4-29
terminal monitor
PoE
4-29
terminal trapping
PoE
4-30
tftp get
PoE
1-38

A-25

tftp put
PoE
1-39
tftp-server acl
PoE
1-39
timer
Multicast Protocol
5-52
timer
Reliability
2-42
timer lsp-max-age
Multicast Protocol
4-34
timer lsp-refresh
Multicast Protocol
4-35
timer quiet
Reliability
2-42
timer realtime-accounting
Reliability
2-43
timer response-timeout
Reliability
2-44
timer spf
Multicast Protocol
4-36
time-range
STP
1-16
timers
Multicast Protocol
2-19
tracert
PoE
4-11
traffic-bandwidth
STP
2-27
traffic-limit
STP
2-29
traffic-priority
STP
2-31
traffic-red
STP
2-33
traffic-redirect
STP
2-35
traffic-share-across-interface
Multicast Protocol
2-19
traffic-statistic
STP
2-36
undelete
PoE
1-11
undo snmp-agent
PoE
5-20
undo synchronization
Multicast Protocol
5-52
user
PoE
1-37
user privilege level
Port
1-26
user-interface
Port
1-26
user-name-format
Reliability
2-45
verbose
PoE
1-38
vlan
Network Protocol
1-6
vlan-assignment-mode
Reliability
2-19

A-26

vlan-mapping modulo
Security
1-37
vlan-vpn enable
VLAN
1-21
vlan-vpn tunnel
Security
2-1
vlink-peer
Multicast Protocol
3-50
vrrp authentication-mode
System Management
1-4
vrrp method
System Management
1-5
vrrp ping-enable
System Management
1-6
vrrp vrid preempt-mode
System Management
1-7
vrrp vrid priority
System Management
1-8
vrrp vrid timer
System Management
1-8
vrrp vrid track
System Management
1-9
vrrp vrid virtual-ip
System Management
1-10
W
X
Y
Z

A-27

Quidway s6500 Series Ethernet Switches Command Manual

Загружено:

Сведения о документе

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

Quidway s6500 Series Ethernet Switches Command Manual

Загружено:

Авторское право:

Доступные форматы

HUAWEI

Quidway S6500 Series Ethernet Switches

Huawei Technologies Proprietary

Quidway S6500 Series Ethernet Switches

Release 3000 Series

Huawei Technologies Co., Ltd.

Huawei Technologies Proprietary

Copyright 2005 Huawei Technologies Co., Ltd.

All Rights Reserved

, HUAWEI, C&C08, EAST8000, HONET,

, ViewPoint, INtess, ETS, DMC,

Huawei Technologies Proprietary

About This Manual

Quidway S6500 Series Ethernet

It provides information for the system

Quidway S6502 Ethernet Switch

It provides information for the S6502

Quidway S6500 Series Ethernet

It is used for assisting the users in data

Command Manual consists of the

Introduces the commands used for accessing the Ethernet Switch.

Introduces the commands used for configuring network protocols.

Introduces the commands used for configuring routing protocols.

Huawei Technologies Proprietary

Introduces the commands used for configuring multicast protocols.

Introduces the commands used for configuring STP.

Introduces the commands used for security configuration.

Introduces the commands used for reliability configuration.

Introduces the commands used for system management and maintenance.

Introduces the commands used for PoE configuration.

Customers who are familiar with network fundamentals

Normal paragraphs are in Arial.

Headings are in Boldface.

Terminal Display is in Courier New.

Huawei Technologies Proprietary

II. Command conventions

The keywords of a command line are in Boldface.

Command arguments are in italic.

Items (keywords or arguments) in square brackets [ ] are

Alternative items are grouped in braces and separated by

Optional alternative items are grouped in square brackets

Alternative items are grouped in braces and separated by

Optional alternative items are grouped in square brackets

A line starting with the # sign is comments.

III. GUI conventions

Button names are inside angle brackets. For example, click

Window names, menu items, data table and field names

Multi-level menus are separated by forward slashes. For

IV. Keyboard operation

Press the keys concurrently. For example, <Ctrl+Alt+A>

Huawei Technologies Proprietary

Press and hold the primary mouse button (left mouse

Select and release the primary mouse button without

Press the primary mouse button twice continuously and

Caution, Warning: Means reader be extremely careful during the operation.

Huawei Technologies Proprietary

Quidway S6500 Series Ethernet Switches

Huawei Technologies Proprietary

Command Manual - Getting Started

Huawei Technologies Proprietary

Command Manual - Getting Started

Chapter 1 Logging in Ethernet Switch Commands

Chapter 1 Logging in Ethernet Switch Commands

Huawei Technologies Proprietary