Вы находитесь на странице: 1из 167

H3C S5800_5820X-CMW520-R1211 Release Notes

Hangzhou H3C Technologies Co., Ltd.

H3C S5800_5820X-CMW520-R1211 Release Notes

H3C S5800_5820X-CMW520-R1211 Release Notes


Keywords: Version Information, Version changed, Unresolved Problems and Avoidance Measures, List of Solved Problems. Abstract: Provide all details about the application version file, include: Version Information, Version changed, Unresolved Problems and Avoidance Measures, List of Solved Problems. Acronyms:
Acronym
IRF AAA ARP CMW DHCP GVRP IGMP LACP MIB MSTP RIP MPLS VPLS ISSU IRDP NLB DCB DCBX COPP

Full spelling
Intelligent Resilient Framework Authentication, Authorization and Accounting Address Resolution Protocol Comware Dynamic Host Configuration Protocol GARP VLAN Registration Protocol Internet Group Management Protocol Link Aggregation Control Protocol Management Information Base Multiple Spanning Tree Protocol Routing Information Protocol Multi-protocol Label Switching Virtual Private LAN Service In-Service Software Upgrade ICMP Router Discovery Protocol Network Load Balance Data Center Bridge DCB Capability Exchange Protocol Control Panel Policy

May 9, 2011

Page 2 of 167

Hangzhou H3C Technologies Co., Ltd.

H3C S5800_5820X-CMW520-R1211 Release Notes

Table of Contents
Version Information 8
Version Number 8 Version History8 Hardware and Software Compatibility Matrix9

Restrictions and Cautions 10 Feature List 10


Hardware Feature 10 S5800 Switch models and technical specifications 10 S5820X Switch models and technical specifications 13 Software Features 14

Version Updates 25
Feature Updates 25 Command Line Updates 30 MIB Updates 35 Operation Changes 37 Operation Changes in R1211 37 Operation Changes in F1209P01 37 Operation Changes in F1209 37 Operation Changes in F1208 37 Operation Changes in F1207 37 Operation Changes in R1206 37 Operation Changes in R1110P05 38 Operation Changes in R1110P04 38 Operation Changes in R1110P03 38 Operation Changes in F1110 38 Operation Changes in R1109P01 38 Operation Changes in R1109 38 Operation Changes in R1108 38 Operation Changes in E1107 39 Operation Changes in E1106P01 39 Operation Changes in E1106 39

Open Problems and Workarounds 39 List of Resolved Problems 40


Resolved Problems in R1211 40 Resolved Problems in F1209P01 45 Resolved Problems in F1209 46 Resolved Problems in F1208 47 Resolved Problems in F1207 48
May 9, 2011 Page 3 of 167

Hangzhou H3C Technologies Co., Ltd.

H3C S5800_5820X-CMW520-R1211 Release Notes

Resolved Problems in R1206 49 Resolved Problems in R1110P05 50 Resolved Problems in R1110P04 53 Resolved Problems in R1110P03 55 Resolved Problems in F1110 58 Resolved Problems in R1109P01 61 Resolved Problems in R1109 61 Resolved Problems in R1108 62 Resolved Problems in E1107 63 Resolved Problems in E1106P01 64 Resolved Problems in E1106 64

Related Documentation 64
New Feature Documentation 64 Documentation Set 64 Obtaining Documentation 64 Downloading Documentation 64

Software Upgrading 65
Introduction 65 Approaches for Loading Software 65 Loading Software through the Boot ROM Menu 66 Introduction to the Boot ROM Menu 66 Loading Software Using XMODEM Through Console Port 68 Loading Software Using TFTP Through Ethernet Port 78 Loading Software Using FTP Through Ethernet Port 81 Loading Software Through CLI 84 Loading Software through USB Interface 85 Loading Software Using FTP 85 Loading Software Using TFTP 87

Appendix 87
Details of Changed CLI Commands in R1211 87 display device manuinfo fan 87 display device manuinfo power 88 oam loopback interface 90 fan prefer-direction 91 pim bfd enable 92 pim ipv6 bfd enable 93 ospfv3 bfd enable 93 isis ipv6 bfd enable 94 peer bfd (IPv6 address family view/IPv6 BGP-VPN instance view) 94 ssl client-policy 95 ip check source max-entries 96 preferred-path 97 ip urpf 98
May 9, 2011 Page 4 of 167

Hangzhou H3C Technologies Co., Ltd.

H3C S5800_5820X-CMW520-R1211 Release Notes

cwmp 98 cwmp acs password 99 cwmp acs url 99 cwmp acs username 100 cwmp cpe connect retry 101 cwmp cpe connect interface 101 cwmp cpe inform interval 102 cwmp cpe inform interval enable 103 cwmp cpe inform time 103 cwmp cpe password 104 cwmp cpe username 104 cwmp cpe wait timeout 105 cwmp enable 106 display cwmp configuration 106 display cwmp status 108 Details of Changed CLI Commands in F1209P01 109 mac-address mac-roaming enable 109 stp tc-snooping 110 Details of Changed CLI Commands in F1209 110 default 110 ipv6 neighbor stale-aging 111 next-server 112 Details of Changed CLI Commands in F1208 112 ip route-static 112 ip community-list 115 apply comm-list delete 117 mac-table limit 117 Details of Changed CLI Commands in F1207 118 dhcp-snooping rate-limit 118 default-route-advertise (OSPF view) 119 qos car aggregative 120 Details of Changed CLI Commands in R1206 121 cfd ais enable 121 cfd ais level 122 cfd ais period 122 jumboframe enable 123 reset packet-drop interface 124 display packet-drop interface 125 display packet-drop summary 126 port link-mode 126 ip icmp-extensions 127 port isolate-user-vlan 128 reset dns host 129 Details of Changed CLI Commands in R1110P05 129
May 9, 2011 Page 5 of 167

Hangzhou H3C Technologies Co., Ltd.

H3C S5800_5820X-CMW520-R1211 Release Notes

display ftp client configuration 129 ftp client source 130 display tftp client configuration 131 tftp client source 132 display telnet client configuration 133 telnet client source 133 primary accounting (RADIUS scheme view) 134 primary authentication (RADIUS scheme view) 135 secondary accounting (RADIUS scheme view) 137 secondary authentication (RADIUS scheme view) 139 ignore-first-as 141 Details of Changed CLI Commands in R1109 141 irf domain 141 bfd multi-hop destination-port 142 Details of Changed CLI Commands in R1108 142 reset version-update-record 142 display version-update-record 143 portal server server-detect 144 portal server user-sync 146 arp resolving-route enable 147 cut connection 148 arp filter source 149 arp filter binding 149 dot1x unicast-trigger 150 display counters rate 151 Details of Changed CLI Commands in E1107 152 packet-filter 152 packet-filter ipv6 153 rule (advanced IPv4 ACL view) 154 mad bfd enable 158 mad enable 159 mad exclude interface 159 mad ip address 160 mad restore 161 logfile save 162 buffer apply 162 buffer egress queue guaranteed 163 buffer egress queue shared 164 buffer egress shared 165 buffer egress total-shared 166

May 9, 2011

Page 6 of 167

Hangzhou H3C Technologies Co., Ltd.

H3C S5800_5820X-CMW520-R1211 Release Notes

List of Tables
Table 1 Version history.................................................................................................................................8 Table 2 Hardware and software compatibility matrix ...........................................................................9 Table 3 H3C S5800 Switch Series technical specifications ..................................................................10 Table 4 H3C S5820X Switch Series technical specifications................................................................13 Table 5 Software features of the S5800 series .......................................................................................14 Table 6 Software features of the A5820X series ....................................................................................19 Table 7 Feature updates ..........................................................................................................................25 Table 8 Command line updates .............................................................................................................30 Table 9 MIB updates..................................................................................................................................35 Table 10 New Feature Documentation .................................................................................................64 Table 11 Documentation set ...................................................................................................................64 Table 12 Download documentation from the H3C website ..............................................................64 Table 13 Approaches for loading software on the switch..................................................................65 Table 14 Description of the Boot ROM menu........................................................................................67 Table 15 Description of the Boot ROM update menu .........................................................................72 Table 16 Description of the protocol parameter setting menu .........................................................73 Table 17 Description of the TFTP parameters ........................................................................................80 Table 18 Description of the FTP parameters..........................................................................................83 Table 19 Output description ..................................................................................................................107 Table 20 Output description ..................................................................................................................108 Table 21 display packet-drop interface command output description ........................................125 Table 22 display version-update-record command output description ........................................143 Table 23 display counters rate command output description ........................................................151 Table 24 Match criteria and other rule information for advanced IPv4 ACL rules .......................154 Table 25 TCP/UDP-specific parameters for advanced IPv4 ACL rules............................................155 Table 26 ICMP-specific parameters for advanced IPv4 ACL rules..................................................156 Table 27 ICMP message names supported in advanced IPv4 ACL rules.......................................156 Table 28 Default data buffer allocation schemes of the S5800 and the S5820X series switches163

May 9, 2011

Page 7 of 167

Hangzhou H3C Technologies Co., Ltd.

H3C S5800_5820X-CMW520-R1211 Release Notes

Version Information
Version Number
Comware software, Version 5.20, Release 1211 Note: You can see the version number with the command display version in any view. Please see Note.

Version History
Table 1 Version history Version number
S5800_5820X-CMW520 -R1211 S5800_5820X-CMW520 -F1209P01 S5800_5820X-CMW520 -F1209 S5800_5820X-CMW520 -F1208 S5800_5820X-CMW520 -F1207 S5800_5820X-CMW520 -R1206 S5800_5820X-CMW520 -R1110P05 S5800_5820X-CMW520 -R1110P04 S5800_5820X-CMW520 -R1110P03 S5800_5820X-CMW520 -F1110 S5800_5820X-CMW520 -R1109P01 S5800_5820X-CMW520 -R1109 S5800_5820X-CMW520 -R1108 S5800_5820X-CMW520 -E1107 S5800_5820X-CMW520 -E1106P01 May 9, 2011

Last version
S5800_5820X-CMW520 -F1209P01 S5800_5820X-CMW520 -F1209 S5800_5820X-CMW520 -F1208 S5800_5820X-CMW520 -F1207 S5800_5820X-CMW520 -R1206 S5800_5820X-CMW520 -R1110P05 S5800_5820X-CMW520 -R1110P04 S5800_5820X-CMW520 -R1110P03 S5800_5820X-CMW520 -F1110 S5800_5820X-CMW520 -R1109P01 S5800_5820X-CMW520 -R1109 S5800_5820X-CMW520 -R1108 S5800_5820X-CMW520 -E1107 S5800_5820X-CMW520 -E1106P01 S5800_5820X-CMW520 -E1106

Release Date
2011-05-04 2011-03-14 2011-01-24 2010-12-17 2010-11-30 2010-10-08 2010-06-18 2010-05-27 2010-03-30 2010-01-25 2009-12-11 2009-11-04 2009-10-12 2009-06-19 2009-07-20

Remarks
None None None None None None None None None None None None None None None Page 8 of 167

Hangzhou H3C Technologies Co., Ltd.

H3C S5800_5820X-CMW520-R1211 Release Notes

Version number
S5800_5820X-CMW520 -E1106

Last version
First release

Release Date
2009-05-25

Remarks
None

Hardware and Software Compatibility Matrix


Table 2 Hardware and software compatibility matrix Item
Product family

Specifications
S5800/S5820X Series H3C S5800-60C-PWR/ H3C S5800-32C-PWR/ H3C S5800-56C-PWR

Hardware platform

H3C S5800-32C/ H3C S5800-56C/ H3C S5800-32F H3C S5820X-28C / H3C S5820X-28S H3C S5820X-26S/H3C S5800-54S

Minimum memory requirements Minimum Flash requirements Boot ROM version Host software

512 MB/1GB 512 MB Version 212 or higher (Note: Perform the command display version command in any view to view the version information. Please see Note) S5800_5820X-CMW520-R1211.bin iMC PLAT 5.0 (E0101) + L02 iMC UAM 5.0 (E0101) iMC EAD 5.0 (E0101) iMC NTA 5.0 (E0101) iMC UBA 5.0 (E0101) iMC QoSM 5.0 (E0101)

iMC version

iNode version

iNode PC 5.0 (E0101) Fiber Channel Card: 9.0.6.15.0 IPS/AV Card: ESS2110P10

OAA version

Fire Wall Card: R3166P12 High Performance Wireless AC Card: R2107P10 Wireless AC Card: R3111P09

Note

H3C S5820X-28C / H3C S5820X-28S dont support iMC UBA

Sample: To display the host software and Boot ROM version of the S5800/S5820X, perform the following: <H3C>display version H3C Comware Platform Software Comware Software, Version 5.20, Release 1211 ------- Note

Copyright (c) 2004-2011 Hangzhou H3C Tech. Co., Ltd. All rights reserved. H3C S5800-56C uptime is 0 week, 0 day, 16 hours, 40 minutes

May 9, 2011

Page 9 of 167

Hangzhou H3C Technologies Co., Ltd.

H3C S5800_5820X-CMW520-R1211 Release Notes

H3C S5800-56C with 2 Processor 512M 4M 512M bytes SDRAM bytes Nor Flash Memory bytes Nand Flash Memory

Config Register points to Nand Flash

Hardware Version is Ver.B CPLD Version is 003 BootRom Version is 212 [SubSlot 0] 48GE+4SFP Plus Hardware Version is Ver.B [SubSlot 1] No Module ------ Note

Restrictions and Cautions


1.

S5820X works at IPS mirror mode. If the IPS applies any rule, the PC connected to the device can not communicate to its gateway.

Feature List
Hardware Feature
S5800 Switch models and technical specifications
Table 3 H3C S5800 Switch Series technical specifications Item S5800-6 0C-PWR
86.1 440 465 mm (3.39 17.32 18.31 in) 18 kg (39.68 lb)

S5800-56 C
43.6 440 367 mm (1.72 17.32 14.45 in) 6.5 kg (14.33 lb) 1, covered by the logo plate on the front panel N/A

S5800-56 C-PWR
43.6 440 427 mm (1.72 17.32 16.81 in) 8.5 kg (18.74 lb) 1, covered by the logo plate on the front panel N/A

S5800-54 S
43.6 440 660 mm (1.72 17.32 25.98 in) 12.2 kg (26.90 lb)

S5800-32 C
43.6 440 367 mm (1.72 17.32 14.45 in) 6.0 kg (13.23 lb)

S5800-32 C-PWR
43.6 440 427 mm (1.72 17.32 16.81 in) 8 kg (17.64 lb)

S5800-32 F
43.6 440 427 mm (1.72 17.32 16.81 in) 8.5 kg (18.74 lb) 1, covered by the logo plate on the front panel 1, on the rear panel

Dimensions (H W D)

Weight

Console ports

1, on the front panel

1, on the rear panel

1, on the front panel

1, on the front panel

Manageme nt Ethernet ports

N/A

1, on the rear panel

N/A

N/A

May 9, 2011

Page 10 of 167

Hangzhou H3C Technologies Co., Ltd.

H3C S5800_5820X-CMW520-R1211 Release Notes

Item

S5800-6 0C-PWR

S5800-56 C
1, covered by the logo plate on the front panel

S5800-56 C-PWR
1, covered by the logo plate on the front panel

S5800-54 S

S5800-32 C

S5800-32 C-PWR

S5800-32 F
1, covered by the logo plate on the front panel

USB ports (full speed)

1, on the front panel

1, on the rear panel

1, on the front panel

1, on the front panel

10/100/1000 Base-T Ethernet ports 100/1000Ba se-X SFP ports

48, PoE

48

48, PoE

48

24

24, PoE

N/A

N/A 4

N/A 4

N/A 6

N/A 4

N/A 4

24 4

SFP+ ports

N/A

You can plug an SFP+ transceiver module, SFP transceiver module or SFP+ cable into an SFP port. An SFP port plugged in with an SFP+ cable can be used to connect IRF member switches. 1, on the rear panel N/A N/A Fixed fans are used. N/A 1, on the rear panel N/A N/A Fixed fans are used. N/A 1, on the rear panel N/A N/A Fixed fans are used. N/A 1, on the rear panel N/A N/A Fixed fans are used N/A 1, on the front panel N/A 1, hot swappin g N/A 2, hot swappin g

Expansion interface card slots OAP card slots Fan tray slots PoE module slots Power module slots AC-input voltage

2, on the front panel 1 1, hot swappin g 1, 2, hot swappin g

N/A

N/A 2, hot swappin g N/A 2, hot swappin g

N/A

N/A

N/A

N/A

Rated voltage: 100 VAC to 240 VAC, 50 or 60 Hz Max voltage: 90 VAC to 264 VAC, 47 or 63 Hz

May 9, 2011

Page 11 of 167

Hangzhou H3C Technologies Co., Ltd.

H3C S5800_5820X-CMW520-R1211 Release Notes

Item

S5800-6 0C-PWR
Rated voltage:

S5800-56 C

S5800-56 C-PWR

S5800-54 S

S5800-32 C

S5800-32 C-PWR

S5800-32 F

300 W
at 48 VDC to 60 VDC at 54 VDC to 57 VDC Rated voltage: N/A N/A 40 VDC to 60 VDC N/A N/A Rated voltage: 48 VDC to 60 VDC

DC-input voltage

750 W

RPS-input voltage

Rated voltage: 52 VDC to 55 VDC DC: 94 W AC: 96 W Single DC output: 1840 W (1500 W for PoE output) Dual DC outputs: 1840 W (1500 W for PoE output) Single AC output: 714 W (425 W for PoE output) Dual AC outputs: 1147 W (740 W for PoE output)

Rated voltage: 10.8 VDC to 13.2 VDC

Rated voltage: 52 VDC to 55 VDC DC: 107 W AC: 131 W

N/A

Rated voltage: 10.8 VDC to 13.2 VDC

Rated voltage: 52 VDC to 55 VDC DC: 64 W AC: 85 W

Rated voltage: 52 VDC to 55 VDC DC: 58 W AC: 67 W

Minimum power consumptio n

102 W

105 W

67 W

Maximum power consumptio n

163 W

DC: 973 W (740 W for PoE output) AC: 673 W (370 W for PoE output)

AC: 130 W DC: 130 W

105 W

DC: 870 W (740 W for PoE output) AC: 598 W (370 W for PoE output)

DC: 136 W AC: 146 W

Operating temperatur e May 9, 2011

0C to 45C (32F to 113F) Page 12 of 167

Hangzhou H3C Technologies Co., Ltd.

H3C S5800_5820X-CMW520-R1211 Release Notes

Item
Operating humidity

S5800-6 0C-PWR

S5800-56 C

S5800-56 C-PWR

S5800-54 S

S5800-32 C

S5800-32 C-PWR

S5800-32 F

10% to 90%, noncondensing

S5820X Switch models and technical specifications


Table 4 H3C S5820X Switch Series technical specifications Item
Dimensions (H W D) Weight Console ports Management Ethernet ports USB ports 10/100/1000Base-T Ethernet ports SFP+ ports Expansion interface card slots OAP card slots Fan tray slots Power module slots AC-input voltage

S5820X-26S
43.6 440 660 mm (1.72 17.32 25.98 in) 11.2 kg (24.69 lb) 1 1 1 2 24 N/A N/A 2, rear panel 2, rear panel

S5820X-28S
43.6 440 427 mm (1.72 17.32 16.8 in) 8.5 kg (18.74 lb) 1 1 1 4 24 N/A N/A 1, rear panel 2, rear panel

S5820X-28C
86 440 467 mm (3.39 17.32 18.39 in) 17 kg (37.48 lb) 1 N/A 1 4 14 2, front panel 1, rear panel 1, rear panel 2, rear panel

Rated voltage: 100 VAC to 240 VAC, 50 or 60 Hz Max voltage: 90 VAC to 264 VAC, 47 or 63 Hz Rated voltage: 40 VDC to 60 VDC Max voltage: 40 VDC to 72 VDC 135 W AC: 205 W DC: 205 W Rated voltage: 48 VDC to 60 VDC Max voltage: 40.5 VDC to 72 VDC AC: 128 W DC: 124 W AC: 245 W DC: 241 W Rated voltage: 48 VDC to 60 VDC Max voltage: 40.5 VDC to 72 VDC AC: 105 W DC: 103 W AC: 185 W DC: 176 W

DC-input voltage

Minimum power consumption Maximum power consumption Operating temperature Operating humidity

0C to 45C (32F to 113F) 10% to 90%, noncondensing

May 9, 2011

Page 13 of 167

Hangzhou H3C Technologies Co., Ltd.

H3C S5800_5820X-CMW520-R1211 Release Notes

Software Features
Table 5 Software features of the S5800 series Feature
Switchin g capacity (full duplex) Packet forwardin g rate (whole system)

S5800-6 0C-PWR

S580056C

S5800-5 6C-PW R

S5800-3 2C

S5800-3 2C-PWR

S580032F

S580054S

Wire speed L2 switchin g

284 Gbps

256 Gbps

208 Gbps

256 Gbps

211.3 Mpps

190.5 Mpps

154.8 Mpps

190.5 Mpps

Forwarding mode

Store and forward Ring topology Chain topology MAD for BFD/LACP/ARP ISSU Aggregation of GE ports Aggregation of 10 GE ports Static link aggregation

IRF

Link aggregation

Dynamic link aggregation An IRF fabric supports up to 128 aggregation groups, and each group supports up to eight GE ports or eight 10 GE ports. NLB

Flow control Jumbo frame

IEEE 802.3x flow control and back pressure With a maximum size of 10000 bytes 32K MAC addresses 1K static MAC addresses Blackhole MAC addresses Limit to the number of MAC addresses learned on a port Port-based VLANs (4094 VLANs) QinQ and selective QinQ Voice VLAN Protocol-based VLANs MAC-based VLANs IP subnet-based VLANs GVRP Super VLAN

MAC address table

VLAN

May 9, 2011

Page 14 of 167

Hangzhou H3C Technologies Co., Ltd.

H3C S5800_5820X-CMW520-R1211 Release Notes

Feature

S5800-6 0C-PWR

S580056C

S5800-5 6C-PW R

S5800-3 2C

S5800-3 2C-PWR

S580032F

S580054S

One-to-one VLAN mapping VLAN mapping Many-to-one VLAN mapping Two-to-two VLAN mapping 16K entries 1K static entries Gratuitous ARP ARP Standard proxy ARP and local proxy ARP ARP source suppression ARP detection (based on DHCP snooping entries/802.1X security entries/static IP-to-MAC bindings) Multicast ARP ND VLAN virtual interface 8K entries 1K static entries 1K DHCP client DHCP snooping DHCP relay agent DHCP DHCP server DHCPv6 client DHCPv6 snooping DHCPv6 relay agent DHCPv6 server UDP helper DNS Supported Dynamic domain name resolution Dynamic domain name resolution client IPv4/IPv6 addresses 4K static routes RIP v1/2: up to 4K IPv4 routes OSPF v1/v2: up to 16K IPv4 routes BGP: up to 16K IPv4 routes IPv4 route ISIS: up to 16K IPv4 routes 256 equal-cost routes, each having 8 next hops at most Routing policy VRRP Policy based routing IRDP

May 9, 2011

Page 15 of 167

Hangzhou H3C Technologies Co., Ltd.

H3C S5800_5820X-CMW520-R1211 Release Notes

Feature

S5800-6 0C-PWR

S580056C

S5800-5 6C-PW R

S5800-3 2C

S5800-3 2C-PWR

S580032F

S580054S

2K static routes RIPng: up to 2K IPv6 routes OSPF v3: up to 8K IPv6 routes BGP4+ for IPV6: up to 8K IPv6 routes IPv6 route ISIS for IPV6: up to 8K IPv6 routes 256 equal-cost routes, each having 8 next hops Routing policy VRRP Policy routing URPF MCE Reverse route check strict mode and loose mode IPv4/IPv6 OSPF/OSPFv3 BGP/BGP4 BFD IS-IS/IS-ISv6 PIM/IPM for IPv6 Static route MAD IPv4 over IPv4 tunnel IPv4 over IPv6 tunnel IPv6 over IPv4 manual tunnel Tunnel IPv6 over IPv4 6to4 tunnel IPv6 over IPv4 ISATAP tunnel IPv6 over IPv6 tunnel GRE tunnel MPLS MPLS VPLS IGMP snooping v1/v2/v3 Multicast VLAN Multicast VLAN+ IGMP v1/v2/v3 PIM-DM PIM-SM IPv4 multicast PIM-SSM MSDP MBGP PIM BI-DIR Multicast VPN Multicast over MCE Mulitcast over MCE over tunnel May 9, 2011 Page 16 of 167

Hangzhou H3C Technologies Co., Ltd.

H3C S5800_5820X-CMW520-R1211 Release Notes

Feature

S5800-6 0C-PWR

S580056C

S5800-5 6C-PW R

S5800-3 2C

S5800-3 2C-PWR

S580032F

S580054S

MLD snooping v1/v2 MLD v1/v2 IPv6 multicast PIM-DM/SM/SSM/BI-DIR for IPv6 IPv6 multicast VLAN IPv6 multicast VLAN+ MBGP for IPv6 Broadcast/multicast /unicast storm control Based on port rate percentage Based on pps Based on bps STP/RSTP/MSTP MSTP STP root guard BPDU guard STP TC snooping RRPP Smart Link Monitor link RRPP protocol Multi-instance RRPP Up to 26 groups Multi-instance Smart Link Supported Restriction of the rates at which a port sends and receives packets, with a granularity of 8 kbps. Packet redirection CAR, with a granularity of 8 kbps. Global CAR (including aggregation CAR and hierarchical CAR) Eight output queues for each port Queue scheduling algorithms based on port and queue, including SP, WDRR, WFQ, and SP + WDRR. QoS/ACL Remarking of 802.1p and DSCP priorities Packet filtering at Layer 2 through Layer 4; flow classification based on source MAC address, destination MAC address, source IP (IPv4/IPv6) address, destination IP (IPv4/IPv6) address, port, protocol, and VLAN. Time range WRED Traffic shaping User profile COPP HQoS Traffic mirroring Mirroring Remote mirroring May 9, 2011 Port mirroring Multiple mirror observing ports Remote port mirroring (RSPAN/ERSPAN) Page 17 of 167

Hangzhou H3C Technologies Co., Ltd.

H3C S5800_5820X-CMW520-R1211 Release Notes

Feature

S5800-6 0C-PWR

S580056C

S5800-5 6C-PW R

S5800-3 2C

S5800-3 2C-PWR

S580032F

S580054S

Hierarchical management and password protection of users AAA authentication RADIUS authentication HWTACACS SSH 2.0 Port isolation Port security Security MAC address authentication IP-MAC-port binding IP source guard HTTPS SSL PKI Portal EAD Boot ROM access control (password recovery) IPS OAA Firewall Anti virus Wireless access Up to 2,048 users Port-based and MAC address-based authentication 802.1X Guest VLAN Trunk port authentication 802.1X-based dynamic QoS/ACL/VLAN assignment Traffic Management Software download and upgrade IPFIX (NetStream) sFlow XModem FTP TFTP

May 9, 2011

Page 18 of 167

Hangzhou H3C Technologies Co., Ltd.

H3C S5800_5820X-CMW520-R1211 Release Notes

Feature

S5800-6 0C-PWR

S580056C

S5800-5 6C-PW R

S5800-3 2C

S5800-3 2C-PWR

S580032F

S580054S

Configuration at the command line interface Remote configuration through Telnet Configuration through Console port SNMP RMON alarm, event and history recording IMC NMS Web-based network management Management System log Hierarchical alarms HGMPv2 NTP PoE Power supply alarm function Fan and temperature alarms BIMS zero configuration Debug information output Ping and Tracert NQA Track Remote maintenance through Telnet Maintenance Virtual cable test 802.1ag 802.3ah DLDP File download and upload through USB port Auto power down EEE

Table 6 Software features of the A5820X series Feature


Switching capacity Wire speed L2 switching (full duplex) Packet forwardin g rate (whole system)

S5820X-28C
488 Gbps

S5820X-28S

S5820X-26S

363 Mbps

Forwarding mode

Store-forward and cut-through

May 9, 2011

Page 19 of 167

Hangzhou H3C Technologies Co., Ltd.

H3C S5800_5820X-CMW520-R1211 Release Notes

Feature

S5820X-28C
Ring topology Chain Topology MAD of BFD/LACP/ARP ISSU Aggregation of GE ports Aggregation of 10-GE ports Static link aggregation

S5820X-28S

S5820X-26S

IRF

Link aggregation

Dynamic link aggregation An IRF fabric supports up to 128 aggregation groups, and each group supports up to eight GE ports or eight 10-GE ports NLB

Flow control Jumbo Frame

IEEE 802.3x flow control and back pressure Supports a maximum frame size of 10000 bytes 32K MAC addresses 1K static MAC addresses Blackhole MAC addresses Limit to the number of MAC addresses learned on a port Port-based VLANs (4094 VLANs) QinQ and selective QinQ Voice VLAN Protocol-based VLANs MAC-based VLANs IP subnet-based VLANs GVRP Super VLAN One-to-one VLAN mapping

MAC address table

VLAN

VLAN mapping

Many-to-one VLAN mapping Two-to-two VLAN mapping 8K entries 1K static entries Gratuitous ARP Standard proxy ARP and local proxy ARP ARP source suppression ARP detection (based on DHCP snooping entries/802.1x security entries/static IP-to-MAC bindings) Multicast ARP 4K entries 1K static entries 1K

ARP

ND VLAN virtual interface

May 9, 2011

Page 20 of 167

Hangzhou H3C Technologies Co., Ltd.

H3C S5800_5820X-CMW520-R1211 Release Notes

Feature

S5820X-28C
DHCP client DHCP snooping DHCP relay agent DHCP server DHCPv6 client DHCPv6 snooping DHCPv6 relay agent DHCPv6 server

S5820X-28S

S5820X-26S

DHCP

UDP Helper DNS

Supported Dynamic domain name resolution Dynamic domain name resolution client IPv4/IPv6 addresses 4K static routes RIP v1/2: up to 4K IPv4 routes OSPF v1/v2: up to 12K IPv4 routes BGP: up to 12K IPv4 routes ISIS: up to 12K IPv4 routes 256 equal-cost routes, each having 8 next hops at most Routing policy VRRP Policy based routing IRDP 2K static routes RIPng: up to 2K IPv6 routes OSPFv3: up to 6K IPv6 routes BGP4+: up to 6K IPv6 routes

IPv4 route

IPv6 route

ISISv6: up to 6K IPv6 routes 256 equal-cost routes, each having 8 next hops at most Routing policy VRRP Policy based routing

URPF MCE

Strict mode and loose mode IPv4/IPv6 OSPF/OSPFv3 BGP/BGP4 IS-IS/IS-ISv6 PIM/IPM for IPv6 Static route MAD

BFD

May 9, 2011

Page 21 of 167

Hangzhou H3C Technologies Co., Ltd.

H3C S5800_5820X-CMW520-R1211 Release Notes

Feature

S5820X-28C
IPv4 over IPv4 tunnel IPv4 over IPv6 tunnel IPv6 over IPv4 manual tunnel

S5820X-28S

S5820X-26S

Tunnel

IPv6 over IPv4 6to4 tunnel IPv6 over IPv4 ISATAP Tunnel IPv6 over IPv6 tunnel GRE tunnel IGMP snooping v1/v2/v3 Multicast VLAN Multicast VLAN+ IGMP v1/v2/v3 PIM-DM PIM-SM PIM-SSM MSDP MBGP PIM BI-DIR Multicast over MCE Mulitcast over MCE over Tunnel MLD snooping v1/v2 MLD v1/v2 PIM-DM/SM/SSM/BI-DIR for IPv6 IPv6 multicast VLAN IPv6 multicast VLAN+ MBGP for Ipv6 Based on port rate percentage Based on pps Based on bps STP/RSTP/MSTP STP root guard BPDU guard STP TC snooping RRPP protocol Multi-instance RRPP Up to 26 groups Multi-instance Smart Link Supported

IPv4 multicast

IPv6 multicast

Broadcast/multicast/u nicast storm control

MSTP

RRPP Smart link Monitor link

May 9, 2011

Page 22 of 167

Hangzhou H3C Technologies Co., Ltd.

H3C S5800_5820X-CMW520-R1211 Release Notes

Feature

S5820X-28C

S5820X-28S

S5820X-26S

Restriction of the rates at which a port sends and receives packets, with a granularity of 8 kbps. Packet redirection CAR, with a granularity of 8 kbps. Global CAR (including aggregation CAR and hierarchical CAR) Eight output queues for each port Flexible queue scheduling algorithms based on port and queue, including SP, WDRR, WFQ, and SP + WDRR QoS/ACL Remarking of 802.1p and DSCP priorities Packet filtering at Layer 2 through Layer 4; flow classification based on source MAC address, destination MAC address, source IPv4/IPv6 address, destination IPv4/IPv6 address, port, protocol, and VLAN. Time range WRED Traffic shaping User profile COPP Traffic mirroring Mirroring Remote mirroring Port mirroring Multiple mirror observing ports Remote port mirroring (RSPAN/ERSPAN) Hierarchical management and password protection of users AAA authentication RADIUS authentication HWTACACS SSH 2.0 Port isolation Port security Security MAC address authentication IP-MAC-port binding IP source guard HTTPS SSL PKI Portal EAD Boot ROM access control (password recovery) Data Center Feature PFC DCBX

May 9, 2011

Page 23 of 167

Hangzhou H3C Technologies Co., Ltd.

H3C S5800_5820X-CMW520-R1211 Release Notes

Feature

S5820X-28C
IPS Firewall

S5820X-28S

S5820X-26S

OAA

Anti virus Wireless access FC Up to 2,048 users Port-based and MAC addressbased authentication

802.1X

Guest VLAN Trunk port authentication 802.1X-based dynamic QoS/ACL/VLAN assignment XModem FTP TFTP Configuration at the command line interface Remote configuration through Telnet Configuration through Console port SNMP RMON alarm, event and history recording IMC NMS Web-based network management System log Hierarchical alarms HGMPv2 NTP Power supply alarm function Fan and temperature alarms BIMS zero configuration Debug information output Ping and Tracert NQA Track Remote maintenance through Telnet Virtual cable test 802.1ag 802.3ah DLDP File download and upload through USB port Auto power down EEE

Software download and upgrade

Management

Maintenance

May 9, 2011

Page 24 of 167

Hangzhou H3C Technologies Co., Ltd.

H3C S5800_5820X-CMW520-R1211 Release Notes

Version Updates
Feature Updates
Table 7 Feature updates Version number
S5800_5820X-C MW520-R1211

Item
Hardware feature updates Software feature updates

Description
1. Support new 300W administrable power. 2. Support H3C S5820X-26S\H3C S5800-54S. 1. Support display manufactory information of power, sub slot, optical module and fan. 2. Support set the prefer wind direction of system and alarm when the wind direction error. 3. Support URPF loose mode. 4. Support IPv6 BFD, PIM/PIMv6 BFD 5. Support assigning a tunnel port to a tunnel policy 6. Support BIMS zero configuration 7. Support 16K intra-zone route entries and inter-zone route entries 8. Support configuring the max num of the static and dynamic IP binding 9. Support portal authentication through aggregate port 10. IPv6 BFD support for OSPFv3, ISISv6, and BGP4+ 11. IPv6 BFD support for OSPFv3, BGP4+, and ISISv6 in a VRF 12. Support disabling VSI station move.

S5800_5820X-C MW520-F1209P0 1

Hardware feature updates Software feature updates Hardware feature updates

None 1. Support TC-Snooping feature. 2. Support mac-roaming feature. None

S5800_5820X-C MW520-F1209

May 9, 2011

Page 25 of 167

Hangzhou H3C Technologies Co., Ltd.

H3C S5800_5820X-CMW520-R1211 Release Notes

Version number

Item
Software feature updates

Description
1. Support 6VPE. 2. Support ACL match LSAP field. 3. Support interface default settings restoration feature. 4. Support configuring a start or end remark for ACL rules. 5. Support setting the age timer for ND entries. 6. Support configuring MAC address transition. 7. Support displaying response time in CFD loop back test result. 8. Support writes user-defined information to LSW1SP4P0 and LSW1SP2P0 sub slot. 9. Support configuring OAM loopback function and loopback active/passive mode on port. 10. Support Specifying a server's IP address for the client when the device works as DHCP server.

S5800_5820X-C MW520-F1208

Hardware feature updates Software feature updates

None 1. Support 4k static route and 4k RIP route. 2. Support 255 VRRP. 3. BGP support 1k peers. 4. Support 1k VRF. 5. Support ACL output filtering. 6. Increased ACL name length. 7. Support routing policy name extension. 8. Support community list name configuration. 9. Support permanent static route.

S5800_5820X-C MW520-F1207

Hardware feature updates Software feature updates

None 1. Support dynamic password secondly attestation. 2. Support DHCP packet rate limit. 3. OSPF support add default route from other router. 4. Support obtaining device ACL utilization by MIB. 5. Support obtaining optical module information by MIB. 6. Support obtaining DHCP server information by MIB.

S5800_5820X-C MW520-R1206

Hardware feature updates

1. Support 5m stack cable 2. Support FC module

May 9, 2011

Page 26 of 167

Hangzhou H3C Technologies Co., Ltd.

H3C S5800_5820X-CMW520-R1211 Release Notes

Version number

Item
Software feature updates

Description
New Features: 1. Support DCBX 2. Support configuring timer zone with WEB 3. Support configuring time parameter of OAM 4. ICMP Extension MPLS (RFC 4950) 5. Support IPv4 Path MTU adjust(RFC 1191) 6. BPDU Drop any 7. Support Supper VLAN 8. BFD/OAM/RRPP/CFD dual core supported 9. Support multicast ARP 10. Support lossless Link-aggregation 11. Support NLB 12. Support configuring the timeout of LACP 13. Support detecting the loop back between multiple ports 14. Support IRDP 15. Support configuring the L4 Port range of egress ACL 16. Support HQOS 17. Support PIM BI-DIR 18. Support DHBK-portal 19. Support COPP 10. Support MPLS 21. Support VPLS 22. Support L3 rout port 23. Support multicast VPN ; Support multicast over MCE ; Support multicast over MCE over tunnel 24. Support ISSU on IRF 25. Support modifying the ACL dynamically 26. Support DHCPv6 server/Snooping 27. Triple authentication function enhanced and support configuring it with WEB 28. Support multicast Controlled 29. Support ND anti-attack 30.Support configuring the jumbo frame size on port 31. Support password control 32. Support configuring PBR with a single command line 33. Support sticky MAC old. Deleted Features: Delete BFD authentication function. Modified Features BFD sessions increased to 32

May 9, 2011

Page 27 of 167

Hangzhou H3C Technologies Co., Ltd.

H3C S5800_5820X-CMW520-R1211 Release Notes

Version number
S5800_5820X-C MW520-R1110P0 5

Item
Hardware feature updates Software feature updates

Description
Support 40Km SFP+ fiber module New features: 1. Radius authentication supports multi backup server. 2. Saving information to log buffer when VRRP priority changes. 3. Add the command ftp/tftp/telnet client source to specify the source IP. 4. Support displaying transceiver diagnosis and traffic statistics on IRF port. 5. Support to configure ignoring the first AS number of eBGP. 6. Portal authentication support certificate.

S5800_5820X-C MW520-R1110P0 4

Hardware feature updates Software feature updates Hardware feature updates Software feature updates

None None None New features: 1. SPF+ port supports 1000Base-T module. 2. Support CFD trap and MIB. 3. Support loopback detection MIB. 4. BGP supports importing direct route of OSPF. 5. Support anti-attack on management port.

S5800_5820X-C MW520-R1110P0 3

S5800_5820X-C MW520-F1110

Hardware feature updates

None

May 9, 2011

Page 28 of 167

Hangzhou H3C Technologies Co., Ltd.

H3C S5800_5820X-CMW520-R1211 Release Notes

Version number

Item
Software feature updates

Description
New features: 1. Support Configuring the minimum number of selected ports in the aggregation group 2. The description information configured on ports is added to be shown when press command display brief interface 3. Support creating IBGP neighbors between PE and CE 4. Support VPN on TFTP/SFTP/SSH2/FTP 5. Support hash key configuration on IRF ports 6. Support mac-vlan trigger enable 7. Support mac-vlan PVID disable 8. Support VPN based on TUNNEL 9. Support AAA based on VPN 10. Support system log based on VPN 11. Support Echo packet single-hop detection when using BFD to implement fast fault detection 12. Support ACL log 13. Support Mixed IRF of S5800 and S5820X 14. Support guest vlan based on mac authentication.

S5800_5820X-C MW520-R1109P0 1

Hardware feature updates Software feature updates Hardware feature updates Software feature updates

None None None New features: 1.IRF domain function 2.BFD multi-hop destination-port New features: none Deleted features: none New features: 1. Support ARP blank hole route function 2. ARP gateway protection and ARP filter protection 3. Record software version used on the device to higher end memory 4. LLDP TLV support POE+ attributes. 5. Support portal escape function Deleted features: none

S5800_5820X-C MW520-R1109

S5800_5820X-C MW520-R1108

Hardware feature updates Software feature updates

S5800_5820X-C MW520-E1107

Hardware feature updates

None

May 9, 2011

Page 29 of 167

Hangzhou H3C Technologies Co., Ltd.

H3C S5800_5820X-CMW520-R1211 Release Notes

Version number

Item
Software feature updates

Description
New features: 1. MAD detection through LACP and BFD protocol. 2. Configure packet buffer flexibly by command 3. Support execute ACL command through packet filter command 4. ACL support TCP established key word 5. Warm reboot and log information recorded to flash. 6. Support CPLD auto update function Deleted features: none

S5800_5820X-C MW520-E1106P0 1

Hardware feature updates Software feature updates Hardware feature updates Software feature updates

None None First release First release

S5800_5820X-C MW520-E1106

Command Line Updates


Table 8 Command line updates Version number
S5800_5820X-CM W520-R1211

Item
New commands Removed commands Modified commands

Description
Refer to Details of Changed CLI Commands in R1211 1. poe mode signal 1. ip urpf strict change to ip urpf { loose | strict } Refer to Details of Changed CLI Commands in R1211

S5800_5820X-CM W520-F1209P01

New commands Removed commands Modified commands

Refer to Details of Changed CLI Commands in F1209P01 None. None. 1. default 2. ipv6 neighbor stale-aging aging-time undo ipv6 neighbor stale-aging 3. next-server ip-address undo next-server Refer to Details of Changed CLI Commands in F1209 The other new command, refer to New Feature

S5800_5820X-CM W520-F1209

New commands

May 9, 2011

Page 30 of 167

Hangzhou H3C Technologies Co., Ltd.

H3C S5800_5820X-CMW520-R1211 Release Notes Documentation

Removed commands Modified commands

1. fib6-tunning fast-download-enable 1. dhcp relay address-check [ enable | disable ] changes to dhcp relay address-check enable 2. port isolate-user-vlan { host | promiscuous } changes to port isolate-user-vlan { host | INTEGER<1-4094> promiscuous } 3. The modified commands related to 6VPE, refer to <Command changes for 6VPE>

S5800_5820X-CM W520-F1208

New commands Removed commands Modified commands

Refer to Details of Changed CLI Commands in F1208 None. 1. ip route-static dest-address { mask | mask-length } { next-hop-address [ bfd control-packet [ bfd-source ip-address ] | track track-entry-number ] | interface-type interface-number [ next-hop-address ] [ bfd { control-packet [ bfd-source ip-address ] | echo-packet } ] | vpn-instance d-vpn-instance-name next-hop-address [ track track-entry-number ] } [ preference preference-value ] [ tag tag-value ] [ description description-text ] change to ip route-static dest-address { mask | mask-length } { next-hop-address [ bfd control-packet [ bfd-source ip-address ] | track track-entry-number ] | interface-type interface-number [ next-hop-address ] [ bfd { control-packet [ bfd-source ip-address ] | echo-packet } ] | vpn-instance d-vpn-instance-name next-hop-address [ track track-entry-number ] } [ preference preference-value ] [ tag tag-value ] [ permanent ] [ description description-text ] 2. ip route-static vpn-instance s-vpn-instance-name&<1-6> dest-address { mask | mask-length } { next-hop-address [ public ] [ bfd control-packet [ bfd-source ip-address ] | track track-entry-number ] | interface-type interface-number [ next-hop-address ] [ bfd { control-packet [ bfd-source ip-address ] | echo-packet } ] | vpn-instance d-vpn-instance-name next-hop-address [ track track-entry-number ] } [ preference preference-value ] [ tag tag-value ] [ description description-text ] change to ip route-static vpn-instance s-vpn-instance-name&<1-6> dest-address { mask | mask-length } { next-hop-address [ public ] [ bfd control-packet [ bfd-source ip-address ] | track track-entry-number ] | interface-type interface-number [ next-hop-address ] [ bfd { control-packet [ bfd-source ip-address ] | echo-packet } ] | vpn-instance d-vpn-instance-name next-hop-address [ track track-entry-number ] } [ preference preference-value ] [ tag tag-value ]

May 9, 2011

Page 31 of 167

Hangzhou H3C Technologies Co., Ltd.

H3C S5800_5820X-CMW520-R1211 Release Notes [ permanent ] [ description description-text ] 3. ip community-list { deny | permit } [ community-number-list ] [ internet | no-advertise | no-export | no-export-subconfed ] * change to ip community-list { basic-comm-list-num | basic comm-list-name } { deny | permit } [ community-number-list ] [ internet | no-advertise | no-export | no-export-subconfed ] * 4. ip community-list { deny | permit } regular-expression change to ip community-list { adv-comm-list-num | advanced comm-list-name } { deny | permit } regular-expression 5. apply comm-list comm-list-number delete change to apply comm-list { comm-list-number | comm-list-name } delete Refer to Details of Changed CLI Commands in F1208

S5800_5820X-CM W520-F1207

New commands Removed commands Modified commands

Refer to Details of Changed CLI Commands in F1207 None. 1. default-route-advertise [ [ always | cost cost | route-policy route-policy-name | type type ] * | summary cost cost ] change to default-route-advertise [ [ [ always | permit-calculate-other ] | cost cost | route-policy route-policy-name | type type ] * | summary cost cost ] 2. qos car car-name aggregative cir committed-information-rate [ cbs committed-burst-size [ ebs excess-burst-size ] ] [ pir peek-information-rate ] [ red action ] the cbs and ebs max virtual value change from 16000000 to 256000000 Refer to Details of Changed CLI Commands in F1207

S5800_5820X-CM W520-R1206

New commands

1. Feature ISSU relate new command refer to < 01 Fundamentals Command Reference > 2. Feature Supper VLAN relate new command refer to < 03 Layer 2 - LAN Switching Command Reference > 3. Feature IRDP relate new command refer to < 04 Layer 3 - IP Services Command Reference > 4. Feature MPLS/VPLS relate new command refer to < 07 MPLS Command Reference > 5. Feature PIM BI-DIR relate new command refer to < 06 IP Multicast Command Reference > 6. Feature Multicast VPN/Multicast over MCE/Multicast over MCE over tunnel/Multicast Controlled relate new command refer to <06 IP Multicast Command Reference> 7. Feature password control relate new command refer to < 09 Security Command Reference > 8. Feature DHCPv6/Snooping relate new command refer to < 04 Layer 3 - IP Services Command Reference

May 9, 2011

Page 32 of 167

Hangzhou H3C Technologies Co., Ltd.

H3C S5800_5820X-CMW520-R1211 Release Notes > 9. Feature IPsec relate new command refer to < 09 Security Command Reference > 10. Policy based route relate new command refer to < 05 Layer 3 - IP Routing Command Reference > 11. IP Source Guard support IPv6 relate new command refer to < 09 Security Command Reference > 12. Feature DCBX relate new command refer to < 03 Layer 2 - LAN Switching Command Reference > 13. Feature DHBK relate new command refer to < 10 High Availability Command Reference > 14. Feature IPv6 ND relate new command refer to < 09 Security Command Reference > 15. Sticky MAC old relate new command refer to < Sticky MAC Feature Manual > Others new commands Refer to Details of Changed CLI Commands in R1206

Removed commands

1. reset dns [ ipv6 ] dynamic-host change to reset dns host [ ip | ipv6 | naptr | srv ] Refer to Details of Changed CLI Commands in R1206 1. bfd authentication-mode { md5 key-id key | sha1 key-id key | simple key-id password } undo bfd authentication-mode Refer to Details of Changed CLI Commands in R1110P05 None 1. undo secondary accounting changed to undo secondary accounting [ipv4-address | ipv6 ipv6-address ] 2. undo secondary authentication changed to undo secondary authentication [ipv4-address | ipv6 ipv6-address ] 3. primary authentication { ip-address [ port-number | vpn-instance vpn-instance-name ] * | ipv6 ipv6-address [ port-number ] } changed to primary authentication { ip-address [ port-number | key string | vpn-instance vpn-instance-name ] * | ipv6 ipv6-address [ port-number | key string ] * } 4. primary accounting { ip-address [ port-number | vpn-instance vpn-instance-name ] * | ipv6 ipv6-address [ port-number ] ] changed to primary accounting { ip-address [ port-number | key string | vpn-instance vpn-instance-name ] * | ipv6 ipv6-address [ port-number | key string ] * } 5. secondary authentication { ip-address [ port-number | vpn-instance vpn-instance-name ] * | ipv6 ipv6-address [ port-number ] } changed to secondary authentication { ip-address [ port-number | key string | vpn-instance vpn-instance-name ] * | ipv6

Modified commands

S5800_5820X-CM W520-R1110P05

New commands Removed commands Modified commands

May 9, 2011

Page 33 of 167

Hangzhou H3C Technologies Co., Ltd.

H3C S5800_5820X-CMW520-R1211 Release Notes ipv6-address [ port-number | key string ] * } 6. secondary accounting { ip-address [ port-number | vpn-instance vpn-instance-name ] * | ipv6 ipv6-address [ port-number ] } changed to secondary accounting { ipv4-address [ port-number | key string | vpn-instance vpn-instance-name ] * | ipv6 ipv6-address [ port-number | key string] * } Refer to Details of Changed CLI Commands in R1110P05

S5800_5820X-CM W520-R1110P04

New commands Removed commands Modified commands

None None None 1. ip binding vpn-instance 2. tcp syn-cookie enable Refer to S5800&S5820X Series Ethernet Switches Command Manual(Release 1110)

S5800_5820X-CM W520-R1110P03

New commands

Removed commands Modified commands

1. undo portal trap server-down 1. display brief interface changed to display interface brief 2. mcms connect slot slot-number system system-name changed to oap connect slot slot-number system system-name 3. mcms reboot slot slot-number system system-name changed to oap reboot slot slot-number system system-name

S5800_5820X-CM W520-F1110

New commands Removed commands Modified commands

Refer to S5800&S5820X Series Ethernet Switches Command Manual(F1110) None None None None None Refer to Details of Changed CLI Commands in R1109 None None Refer to Details of Changed CLI Commands in R1108 None None Refer to Details of Changed CLI Commands in E1107 Page 34 of 167

S5800_5820X-CM W520-R1109P01

New commands Removed commands Modified commands

S5800_5820X-CM W520-R1109

New commands Removed commands Modified commands

S5800_5820X-CM W520-R1108

New commands Removed commands Modified commands

S5800_5820X-CM May 9, 2011

New commands

Hangzhou H3C Technologies Co., Ltd. W520-E1107

H3C S5800_5820X-CMW520-R1211 Release Notes None None None None None First release First release First release

Removed commands Modified commands

S5800_5820X-CM W520-E1106P01

New commands Removed commands Modified commands

S5800_5820X-CM W520-E1106

New commands Removed commands Modified commands

MIB Updates
Table 9 MIB updates Version number Item MIB file Module Description
Support display administrant information of power, sub slot, optical module and fan ENTITY-MIB ENTITY-MIB entPhysicalName entPhysicalSerialNum Modified S5800_5820X-CM W520-F1209P01 S5800_5820X-CM W520-F1209 S5800_5820X-CM W520-F1208 New Modified New Modified New Modified None None None None None None None None None None None None None None None None None None None None None HH3C-DHCP-SERVER-MIB: hh3c-dhcp -server.mib New DHCP Server hh3cDHCPServerObjects hh3cDHCPServerTables hh3cDHCPServerTraps S5800_5820X-CM W520-F1207 hh3c-trans ceiver-info. mib hh3c-acl.m ib Modified Entity MIB Optic module HH3C-TRANSCEIVER-INFO-MIB: hh3cTransceiverInfoEntry hh3cAclResourceUsageTable Refer to the MIB Companion for detail information

S5800_5820X-CM W520-R1211

New

rfc2737-enti ty.mib

ACL Entity MIB

May 9, 2011

Page 35 of 167

Hangzhou H3C Technologies Co., Ltd.

H3C S5800_5820X-CMW520-R1211 Release Notes

Version number

Item

MIB file
rfc3814-mpl s-ftn-std.mi b

Module
MPLS

Description
MPLS-FTN-STD-MIB

S5800_5820X-CM W520-R1206

New

rfc3815-mpl s-ldp-std.mi b rfc3813-mpl s-lsr-std.mib

MPLS

MPLS-LDP-STD-MIB

MPLS None None None None None None

MPLS-LSR-STD-MIB None None None None None None Support h3cLpbkdtTrapLoopbacked, h3cLpbkdtTrapRecovered, h3cLpbkdtTrapPerVlanLoopb acked, h3cLpbkdtTrapPerVlanRecov ered in h3cLpbkdtTrapPrefix. Support dot1agCfmMdTable, dot1agCfmMaNetTable, dot1agCfmMaCompTable, dot1agCfmMaMepListTable, dot1agCfmMepTable and dot1agCfmMdTableNextInde x. None None None None None None None None None None None None First release First release Page 36 of 167

Modified S5800_5820X-CM W520-R1110P05 S5800_5820X-CM W520-R1110P04 New Modified New Modified New

None None None None None None

hh3c-lpbkd t.mib S5800_5820X-CM W520-R1110P03

Loopback-detec tion

Modified Connectivity Fault Management

IEEE8021-CF M-MIB.mib

S5800_5820X-CM W520-F1110 S5800_5820X-CM W520-R1109P01 S5800_5820X-CM W520-R1109 S5800_5820X-CM W520-R1108 S5800_5820X-CM W520-E1107 S5800_5820X-CM W520-E1106P01 S5800_5820X-CM W520-E1106

New Modified New Modified New Modified New Modified New Modified New Modified New Modified

None None None None None None None None None None None None First release First release

None None None None None None None None None None None None First release First release

May 9, 2011

Hangzhou H3C Technologies Co., Ltd.

H3C S5800_5820X-CMW520-R1211 Release Notes

Operation Changes
Operation Changes in R1211
None

Operation Changes in F1209P01


None

Operation Changes in F1209


1. 2.

The command remark service-vlan-id has effect on both tag and untag packets by default. It has effect on only tag packets in early version. The ports PVID and VLAN can be configured even if it in a PVLAN mapping group. Such operation will be rejected in early version.

Operation Changes in F1208


1. 2.

Send free ARP at once when RRPP notify ARP TC event in order to resume traffic quickly. There is no such operation in early version. When the port link-delay mode is down mode, if there is state change of down or up on the port the port delay time will be refreshed. There is no refresh operation in early version.

Operation Changes in F1207


1.

Modify support max 5k rules in an ACL group to support 10k rules.

Operation Changes in R1206


1. 2. 3.

Modify the forwarding priority of 32bit route from lower to higher than ARP. Modify the default action of PBR (MQC-based) from dropping to forwarding when the next hop of the PBR not exists. The VRRP virtual IP will be advertised as 32bits host route when advertising the VRRP network in old software version. From this version, the Virtual IP will not be advertised any more. The un-authorized user can not get IP address through DHCP in EAD fast deployment with previous version if the DHCP-Snooping is not enabled on device, while with this version, the un-authorized can get IP address even if the DHCP-Snooping is not enabled. The new version will map the 802.1p priority of the customer VLAN to service VLAN in QINQ application while the old version does not do this map and the 802.1p priority of service VLAN is always 0.

4.

5.

May 9, 2011

Page 37 of 167

Hangzhou H3C Technologies Co., Ltd. 6.

H3C S5800_5820X-CMW520-R1211 Release Notes

The old version will add the secondary VLAN to uplink port and add the primary VLAN to downlink port; The new version does not do this only if port isolate-user-vlan { host | promiscuous } configured. The new software support dual core application and the patch install is core based. So the file name of patch changed from patchs5800.bin to patch_mpu.bin(Main core) and patch_lpu.bin (assistant core). Patch installing command "patch install flash:/patchs5800.bin" and "patch install flash:" can be used on old version but command "patch install flash:" can only be used on new version.

7.

Operation Changes in R1110P05


None

Operation Changes in R1110P04


None

Operation Changes in R1110P03


None

Operation Changes in F1110


None

Operation Changes in R1109P01


1.

Enhance the burst ability in default configuration.

Operation Changes in R1109


1.

DHCP relay functions default action is not produce DHCP security table and keeps switch DHCP packets normally. And default action is produce DCHP security table in older version DCHP relay function produce security table only when related authorized ARP, DHCP relay address check and IP source guard function enabled and not relate with other function. DHCP keep switching packets when DHCP relay table reaches max specification or the same IP temporary entry limitation reaches to 2 or more. And drop packets in older version. The DHCP ACK packets are switched normally when not receive DHCP request packets and drop packets in older version.

2.

3.

4.

Operation Changes in R1108


Reply ARP request packet whichs source IP is all zero and judge this packet is valid.
May 9, 2011 Page 38 of 167

Hangzhou H3C Technologies Co., Ltd.

H3C S5800_5820X-CMW520-R1211 Release Notes

Operation Changes in E1107


None

Operation Changes in E1106P01


None

Operation Changes in E1106


First release

Open Problems and Workarounds


LSD50925
First found-in version: A5800_5820X-CMW520-R1211 Description: Issue the display interface MTunnel command. The displayed maximum transmit unit is 1460 which is different from the actual value. Workaround: None.

LSD59864
First found-in version: A5800_5820X-CMW520-R1211 Description: Use BIMS to manage an IRF fabric. The IRF fabric is displayed as multiple devices on the management interface. Workaround: None.

LSD60159
First found-in version: A5800_5820X-CMW520-R1211 Description: Configure a hybrid port to remove the VLAN tag of traffic from VLANs other than VLAN 1. Use IMC to view the port list of the configured VLANs. The hybrid port is not displayed. Workaround: None.

LSD50222
First found-in version: A5800_5820X-CMW520-R1211 Description: Use an IRF fabric as a PE. The local CE can communicate with the remote CE over a CCC connection through the master device but not a slave device. Workaround: Connect the CE to the master device.

May 9, 2011

Page 39 of 167

Hangzhou H3C Technologies Co., Ltd.

H3C S5800_5820X-CMW520-R1211 Release Notes

List of Resolved Problems


Resolved Problems in R1211
LSD58354
First found-in version: S5800_5820X-CMW520-F1209P01F1209P01 Condition: Configure the mac-table limit command in VSI view, and then cancel the configuration. Description: The device cannot learn VSI MAC addresses.

LSD59916
First found-in version: S5800_5820X-CMW520-F1209P01 Condition: Configure the mac-table limit command in VSI view on an IRF fabric and reboot the master device to trigger active/standby switchover. Description: The slave device cannot apply the configuration of the mac-table limit command.

LSD58786
First found-in version: S5800_5820X-CMW520-F1209P01 Condition: Configure the policy-based-route command when the memory usage is high on the slave device. Description: The device prompts insufficient ACL resources. Protocol packets cannot be sent to the CPU and traffic forwarding is interrupted.

LSD59825
First found-in version: S5800_5820X-CMW520-F1209P01 Condition: Configure parameters bandwidth and gts in the same policy, and then cancel one of them. Description: The other configuration is also cancelled and thus cannot take effect.

LSD59476
First found-in version: S5800_5820X-CMW520-F1209P01 Condition: Reboot the master device to trigger active/standby switchover when the device has more than 10000 ARP entries in an IRF system. Description: The device reboots repeatedly.

LSD58580
First found-in version: S5800_5820X-CMW520-F1209P01 Condition: Execute the display packet-drop command to display information about dropped packets. Description: The command cannot display information about dropped packets on router ports.

LSD58273

May 9, 2011

First found-in version: S5800_5820X-CMW520-F1209P01


Page 40 of 167

Hangzhou H3C Technologies Co., Ltd.

H3C S5800_5820X-CMW520-R1211 Release Notes

Condition: Enable Layer 3 portal authentication on the VLAN interface that corresponds to the aggregate port, disable the IRF port to disconnect IRF links so that the IRF fabric splits, and then disable Layer 3 portal authentication. Description: Portal-related ACLs are wrongly removed, and the attached devices cannot ping the device.

LSD58585
First found-in version: S5800_5820X-CMW520-F1209P01 Condition: Execute the display lldp local-information command. Description: HardwareRev, SerialNum, Manufacturer name, Model name, and Asset tracking identifier are all displayed unknown.

LSD58842
First found-in version: S5800_5820X-CMW520-F1209P01 Condition: Install optical modules on all slots on the S5800-32F, and add the S5800-32F to the IRF fabric. Description: The S5800-32F reboots repeatedly and cannot join the IRF fabric.

LSD58508
First found-in version: S5800_5820X-CMW520-F1209P01 Condition: Enable the OSPF graceful restart function on the IRF fabric, and disconnect IRF links so that the IRF fabric splits. Description: OSPF neighborship states are switched.

LSD58411
First found-in version: S5800_5820X-CMW520-F1209P01 Condition: Configure the LACP MADenabled aggregate port as a reserved port, and repeatedly simulate IRF fabric split and IRF fabric merge. Description: Some member ports of the aggregate group cannot be selected, and MAD fails.

LSD58820
First found-in version: S5800_5820X-CMW520-F1209P01 Condition: Execute the scripts to quickly add and remove PBR. Description: Execute the display acl resource command and find ACL resource leak.

LSD58695
First found-in version: S5800_5820X-CMW520-F1209P01 Condition: The IRF fabric starts with the configuration of the voice vlan qos trust command. Description: Display the logbuffer, and find error information Command voice vlan qos 4 0 fails to recover configuration.

LSD58641
First found-in version: S5800_5820X-CMW520-F1209P01 Condition: In an IRF fabric, configure isatap tunnel, and configure an IPv6 site-local address, for example, 3001::/64 eui-64 on the tunnel port. Then, reboot the device.

May 9, 2011

Page 41 of 167

Hangzhou H3C Technologies Co., Ltd.

H3C S5800_5820X-CMW520-R1211 Release Notes

Description: Display the logbuffer, and find error information Command ipv6 address 3001::/64 eui-64 fails to recover configuration.

LSD58640
First found-in version: S5800_5820X-CMW520-F1209P01 Condition: Configure the IS-IS cost mode as auto-cost, and bind IS-IS to the tunnel port. Description: Display information about the tunnel port and find that the cost values are not standard compliant.

LSD58581
First found-in version: S5800_5820X-CMW520-F1209P01 Condition: Two devices establish IS-IS neighbor relationship and a TE tunnel. Install more than 10000 LSP route entries and execute the traffic-eng command to perform TE failover. Description: The device on which you execute the traffic-eng command reboots exceptionally.

LSD58543
First found-in version: S5800_5820X-CMW520-F1209P01 Condition: Enable LLDP on the port and connect the port to the Cisco IP telephone. Description: The port cannot establish LLDP neighbor relationship with the IP telephone.

LSD58530
First found-in version: S5800_5820X-CMW520-F1209P01 Condition: In VRRP standard mode, configure multiple virtual IP addresses in the same VRRP group, and assign them on the master device and slave device in different orders. Description: Execute the display vrrp interface Vlan-interface x vrid x command, and find that the displayed IP addresses on the master device and slave device are different.

LSD58516
First found-in version: S5800_5820X-CMW520-F1209P01 Condition: Add a port that is forwarding traffic to a service loopback group, and remove it from the group. Description: Traffic forwarding cannot resume on the port.

LSD58457
First found-in version: S5800_5820X-CMW520-F1209P01 Condition: Click Back on the page for the fourth step on the web configuration wizard. Description: The Back button does not work.

LSD58378
First found-in version: S5800_5820X-CMW520-F1209P01 Condition: Walk MIB node dot1qVlanStaticUntaggedPorts through SNMP.

May 9, 2011

Page 42 of 167

Hangzhou H3C Technologies Co., Ltd.

H3C S5800_5820X-CMW520-R1211 Release Notes

Description: The significant octet of the obtained value corresponds to a high port number, but the specification requires that the significant octet should correspond to a low port number.

TCD02667
First found-in version: S5800_5820X-CMW520-R1206 Condition: Enable MacVlan, VoiceVlan, and 802.1X on the port, and a large number of users try to get online through the port. Description: Some online users are forced to get offline.

LSD57520
First found-in version: S5800_5820X-CMW520-F1209P01 Condition: Establish a cluster. Description: Members repeatedly join and leave the cluster.

LSD56170
First found-in version: S5800_5820X-CMW520-R1206 Condition: In an IRF fabric, use the IPS card to apply a rule that concerns only an outbound interface. Description: The rule is applied only to the device where the outbound interface resides, but not to other member devices in the IRF fabric.

TCD02710
First found-in version: S5800_5820X-CMW520-R1206 Condition: Configure the S5800 to work in VRRP enhanced mode and enable portal authentication. The master device and the iMC are interconnected. Switch the traffic to the slave device after the first accounting-start message is sent. Description: The slave device cannot send accounting-update message, causing that the user gets offline.

TCD02566
First found-in version: S5800_5820X-CMW520-R1110P04 Condition: An intra-zone route entry and an inter-zone route entry that have the same next hop update each other. Description: This condition results in oversized number of intra-zone route entries, causing repeated route calculation and 100% of CPU utilization.

ZDD03850
First found-in version: S5800_5820X-CMW520-R1206 Condition: The device acts as a client to log in to the server through FTP to upload and download files. Description: Upload and download fail.

ZDD03868

May 9, 2011

First found-in version: S5800_5820X-CMW520-F1209P01 Condition: The device is configured with NQA to detect the network, and the next-hop is specified. Description: NQA detection fails.
Page 43 of 167

Hangzhou H3C Technologies Co., Ltd.

H3C S5800_5820X-CMW520-R1211 Release Notes

LSD57513
First found-in version: S5800_5820X-CMW520-F1209P01 Condition: Log in to the device through Telnet, and apply an MQC policy that the device does not support. Description: If the terminal monitor is not enabled, the device does not give prompt that the device does not support the policy.

LSD57222
First found-in version: S5800_5820X-CMW520-F1209P01 Condition: Configure handshake interval for the cluster through web NMS, save the configuration and reboot the device. Description: The configuration is lost.

LSD57249
First found-in version: S5800_5820X-CMW520-F1209P01 Condition: Configure the speed and duplex mode of the 10GE port on the web page. Description: Not supported is returned.

LSD56113
First found-in version: S5800_5820X-CMW520-F1209P01 Condition: Configure the RMON extended alarm group through the iMC, save the configuration and reboot the device. Description: The configuration is lost.

LSD58138
First found-in version: S5800_5820X-CMW520-F1209P01 Condition: Send packets to an IRF fabric, and add a large number of MAC VLAN entries. Reboot the master device to trigger active/standby switchover when packets are being sent to the IRF fabric. Description: Some MAC VLAN entries cannot age out.

LSD58101
First found-in version: S5800_5820X-CMW520-F1209P01 Condition: Configure the IRF fabric as the DHCP relay and enable the IP check function. Then, send three IP address applications every second. Description: CPU utilization becomes high. Display information about the IRF port, but find no IRF-related alarms.

LSD58263
First found-in version: S5800_5820X-CMW520-F1209P01 Condition: Configure an IPv6 VPN tunnel on the device, and use a PC to ping the VLAN interface with ping packets whose packet length is 1049 or more. Description: The PC cannot ping the device.

LSD67832

May 9, 2011

First found-in version: S5800_5820X-CMW520-F1209P01 Condition: In an IRF fabric, configure multiple Smartlink workgroups, and configure them to work in preemptive mode. Each group controls a different VLAN. The primary
Page 44 of 167

Hangzhou H3C Technologies Co., Ltd.

H3C S5800_5820X-CMW520-R1211 Release Notes

port is a port on the master device and the secondary port is an aggregate port. Disable and then enable the primary port by the shutdown and undo shutdown command. Description: The ARP entries of some instances in the upstream device are not refreshed.

LSD58146
First found-in version: S5800_5820X-CMW520-F1209P01 Condition: Configure a user profile and its corresponding QoS policy, apply the QoS policy, and then cancel the policy configuration with the undo command but select N at the prompt. Then, cancel the policy configuration again with the undo command and select Y to apply the configuration. Then, remove the ACL rules. Description: ACLs fail to be removed, and the system prompts Error: The acl has been applied, and can not be deleted or changed.

LSD58179
First found-in version: S5800_5820X-CMW520-R1206 Condition: Apply an IPv4 ACL in the outbound direction on the port, and then an IPv6 ACL in the outbound direction on the port. Then, apply the same ACLs on other ports. Description: The ACLs fail to be applied to other ports.

LSD59697
First found-in version: S5800_5820X-CMW520-R1206 Condition: Walk MIB node HGMP hh3cNDPPortTable through SNMP. Description: The system does not list the results in lexicographic order.

ZDD03986
First found-in version: S5800_5820X-CMW520-F1209P01 Condition: The device receives a packet in which the user parameters contain a 63-byte callback-number parameter. Description: 64-byte memory block on the device is written badly, which might cause that CLIs cannot be parsed or the device reboots exceptionally.

LSD60563
First found-in version: S5800_5820X-CMW520-R1206 Condition: User login through SSH and do authentication and authorization with TACACS+, authentication successes but authorization failed. Description: Memory access exception and it may lead to protocol broken or device rebooting abnormally.

Resolved Problems in F1209P01


None.

May 9, 2011

Page 45 of 167

Hangzhou H3C Technologies Co., Ltd.

H3C S5800_5820X-CMW520-R1211 Release Notes

Resolved Problems in F1209


LSD55527
First found-in version: S5800_5820X-CMW520-R1110P04 Condition: Plug and remove sub slot frequently. Description: The statistical info of packet counter on some port is zero while traffic is continual.

LSD55902
First found-in version: S5800_5820X-CMW520-R1206 Condition: Configure flow-control on port with burst-mode configuration and traffic continuer. Description: The flow-control configuration has no effect.

LSD55621
First found-in version: S5800_5820X-CMW520-R1208 Condition: Execute command display mac-address statistics. Description: Item Total Multicast displayed is false.

LSD55389
First found-in version: S5800_5820X-CMW520-R1206 Condition: Configure NAS-IP with 255 as last number. Description: The configuration cant apply.

LSD56265
First found-in version: S5800_5820X-CMW520-R1206 Condition: Device works on an environment with a lot of BGP routes and route attribute changed continually. Description: BGP peer up and down again and again.

ZDD03749
First found-in version: S5800_5820X-CMW520-R1206 Condition: Memory using rate is high and memory with size 256 can be allocated while with size 2048 cant be allocated. Description: The net stream task abnormal and cause device reboot.

LSD56026
First found-in version: S5800_5820X-CMW520-R1206 Condition: S5800/5820X device works as DHCP server, PXE devices work as client and PXE devices cant parse option 150 field in DHCP packets. Description: PXE client cant get startup file from DHCP server and startup failed.

LSD55742

May 9, 2011

First found-in version: S5800_5820X-CMW520-R1206 Condition: Obtain ifType node through MIB browser. Description: The return value is 117, it should be 6.
Page 46 of 167

Hangzhou H3C Technologies Co., Ltd.

H3C S5800_5820X-CMW520-R1211 Release Notes

Resolved Problems in F1208


LSD55123
First found-in version: S5800_5820X-CMW520-R1108 Condition: Walk hh3cTransceiverFiberDiameterType and hh3cTransceiverMinTXPower MIB node on switch connected with stack SFP cable through MIB browser. Description: Can't get all port's hh3cTransceiverFiberDiameterType node information and hh3cTransceiverMinTXPower's information isnt correct.

LSD55546
First found-in version: S5800_5820X-CMW520-R1206 Condition: 2048 user get online from one port using do1x radius authentication and the shake hand timer is the default value 15 seconds. Description: Some user lost line after some times.

LSD55694
First found-in version: S5800_5820X-CMW520-F1207 Condition: When exist iterative ECMP route on the device. Description: The route fails to add to the switch chip sometimes.

LSD55663
First found-in version: S5800_5820X-CMW520-R1206 Condition: Enable L2VPN but doesnt enable MPLS L2VPN function then execute "ping lsp pw *.*.*.* pw-id *" command. Description: The device reboots.

LSD55049
First found-in version: S5800_5820X-CMW520-F1207 Condition: Obtain optic module power MIB nod through MIB browser and execute _display transceiver diagnosis command. Description: The power value displayed by two measures is conflict.

LSD55054
First found-in version: S5800_5820X-CMW520-F1207 Condition: Obtain hh3cTransceiverDiagnostic MIB node on the device some port not connected with optic module. Description: Can't get all port's hh3cTransceiverDiagnostic MIB information.

LSD55562
First found-in version: S5800_5820X-CMW520-R1206 Condition: Some route with next hop is TUNNEL fails to add to the switch chip when ARP table full. Description: These routes can't flush to the switch chip even when ARP table become not full.

LSD55336

May 9, 2011

First found-in version: S5800_5820X-CMW520-F1207


Page 47 of 167

Hangzhou H3C Technologies Co., Ltd.

H3C S5800_5820X-CMW520-R1211 Release Notes

Condition: Apply more then 2048 VPLS items. Description: No more VPLS item can be applied and CPU rate is high.

LSD52608
First found-in version: S5800_5820X-CMW520-R1206 Condition: Send IPV6 unicast or multicast too big packet to obtain ICMP answer packet. Description: The MTU value in answer packet isnt equal the value configured on port interface.

LSD53825
First found-in version: S5800_5820X-CMW520-R1206 Condition: Obtain hh3cTransceiverInfoEntry node by MIB on an IRF system. Description: CPU rate is high.

HWD28488
First found-in version: S5800_5820X-CMW520-F1207 Condition: Device temperature over warning value. Description: The word TEMPERATURE_WANRING in warning information spelling mistake, it should be TEMPERATURE_WARNING.

LSD53876
First found-in version: S5800_5820X-CMW520-R1206 Condition: Configure command display ip netstream cache. Description: The word Direc in show information spelling mistake, it should be Direct.

LSD53669
First found-in version: S5800_5820X-CMW520-F1207 Condition: When different VRF visit each other, delete ARP in source VRP. Description: The destination VRF cant copy the learning ARP, as a result, the VRF cant communicate with each other after ARP moved.

Resolved Problems in F1207


LSD54344
First found-in version: S5800_5820X-CMW520-R1108 Condition: Enable net stream on device and send traffic measurement packet to test center. Description: The TCP Flags field in traffic measurement packet is wrong.

LSD54650
First found-in version: S5800_5820X-CMW520-R1108 Condition: The first time insert or plug sub slot after device boot up. Description: There are packets lost for a little moment.

May 9, 2011

Page 48 of 167

Hangzhou H3C Technologies Co., Ltd.

H3C S5800_5820X-CMW520-R1211 Release Notes

LSD54409
First found-in version: S5800_5820X-CMW520-R1206 Condition: Apply more than 100 ACL rules through ACFP on an IRF system with two IPS cards. Description: The rules apply failed.

LSD54692
First found-in version: S5800_5820X-CMW520-R1108 Condition: Devices configure OSPF and apply MD5 authentication, run a long time in an environment with a lot of OSPF neighbors. Description: The OSPF neighbors may be break off and rebuild.

LSD54413
First found-in version: S5800_5820X-CMW520-R1206 Condition: Apply ACL policy include any field through ACFP on an IRF system with two IPS cards. Description: The traffic measurement is anomaly.

LSD54125
First found-in version: S5800_5820X-CMW520- R1110P05 Condition: Enable QinQ on the port, and configure BPDU-TUNNEL PVST. Description: The inner VLAN tags of BPDU-Tunnel PVST packets are changed to 0.

Resolved Problems in R1206


LSD41738
First found-in version: S5800_5820X-CMW520-E1107 Condition: There is an IRF system MAC change event occur when cluster command switch as a master member in IRF rebooted. Description: The cluster function becomes invalid.

LSD52117
First found-in version: S5800_5820X-CMW520-E1106 Condition: When the sending interface index of Sflow V5 Sampler is unknown. Description: It should filter 0 into the field of the packet in stead of 1 according to the standard.

LSD53033
First found-in version: S5800_5820X-CMW520-R1108 Condition: Configure a PBR and set the next hop to a tunnel interface. Description: The PBR cant work properly.

LSD44944

May 9, 2011

First found-in version: S5800_5820X-CMW520-R1108 Condition: IP ttl-expires function does not enabled on device, and the port received packets with TTL = 1.
Page 49 of 167

Hangzhou H3C Technologies Co., Ltd.

H3C S5800_5820X-CMW520-R1211 Release Notes

Description: The packet would be sent to CPU wrongly.

HWD26461
First found-in version: S5800_5820X-CMW520-R1110P05 Condition: Configure command _reset transceiver diagnosis to clear diagnosis information about optic Transceiver. Description: Command line will return error such as Error: There is no any transceiver information.

ZDD03348
First found-in version: S5800_5820X-CMW520-R1108 Condition: Telnet server from other company with our devices, and the packets from server has a head with \0\r\n. Description: There will be nothing displayed or the display is half-baked.

LSD42682
First found-in version: S5800_5820X-CMW520-R1110P04 Condition: Apply unsupported MQC or not enough resource for new ACL application. Description: Abnormal protocol behavior or function occurred on device. For example, the device cant learn ARP anymore.

HSD51987
First found-in version: S5800_5820X-CMW520- R1110P05 Condition: As an NTP client, the device synchronizes its clock with the NTP server. When the servers clock is not accurate, the clock difference is too large between the server and the client. Description: The device discards the NTP clock source.

LSD58024
First found-in version: S5800_5820X-CMW520- R1100P05 Condition: The actual number of intra-zone route entries on the device is not consistent with that calculated by the OSPF SPF algorithm. In such a case, install new intra-zone route entries to make the total number of intra-zone route entries more than the upper limit of the device. Description: Continuous SPF calculation might occur, causing 100% of CPU utilization.

RTD40567
First found-in version: S5800_5820X-CMW520-R1108 Condition: Walk MIB node hh3cLswPortType through SNMP. Description: None is returned.

Resolved Problems in R1110P05


LSD49224

May 9, 2011

First found-in version: S5800_5820X-CMW520-R1108 Condition: S5820X works with IPS and configures IPS in mirror mode; Enable MSTP multi instances on device.
Page 50 of 167

Hangzhou H3C Technologies Co., Ltd.

H3C S5800_5820X-CMW520-R1211 Release Notes

Description: The L2 switched unicast packets matched Mirror rule is dropped.

LSD48166
First found-in version: S5800_5820X-CMW520-R1108 Condition: Device works for a long time. Description: Login the device with telnet and show info in log buffer, there is error information in log buffer such as vt0 has got the TCB of task FC0.

LSD48127
First found-in version: S5800_5820X-CMW520-R1110P04 Condition: Configure a radius primary server which doesnt exist and set it to active manually. Description: The server status cant change from active to block automatically.

LSD47296
First found-in version: S5800_5820X-CMW520-R1108 Condition: Execute the SNMP script to access MIB entry of hh3cRrppPortEntry. Description: The device reboots.

TCD02368
First found-in version: S5800_5820X-CMW520-R1108 Condition: Execute reset saved-configuration on device. Description: Current startup saved-configuration file is NULL when execute display startup and the configuration still exists when execute display saved-configuration.

LSD47874
First found-in version: S5800_5820X-CMW520-R1108 Condition: Configure two ports in one IRF-PORT group, one port connects to other device to buildup an IRF system, the other port is added and deleted from the IRF-PORT group repeatedly. Description: Size of 2048 byte memory leaks.

LSD49095
First found-in version: S5800_5820X-CMW520-R1108 Condition: Reboot master device of an IRF group and then delete MAD BFD and reconfigure it. Description: BFD session cant create successfully.

LSD48911
First found-in version: S5800_5820X-CMW520-R1108 Condition: There are a lot of configurations related to link aggregation on the device and it connects to another device with aggregation link; Reboot the other device. Description: The device reboots occasionally.

LSD48912

May 9, 2011

First found-in version: S5800_5820X-CMW520-R1110P04 Condition: There are seven users login the device through SSH and execute display current-configuration
Page 51 of 167

Hangzhou H3C Technologies Co., Ltd.

H3C S5800_5820X-CMW520-R1211 Release Notes

Description: There is nothing displayed for the last user.

LSD48856
First found-in version: S5800_5820X-CMW520-R1108 Condition: When link status change and there are a lot of ARP items need to be updated. Description: The ARP table cant be updated in a short time.

LSD48822
First found-in version: S5800_5820X-CMW520-R1108 Condition: One user displays the ACL and another user deletes the ACL at the same time. Description: The device reboots.

LSD48776
First found-in version: S5800_5820X-CMW520-R1108 Condition: Press TAB key at the view which doesnt support key word attaching. Description: Memory leaks.

LSD48486
First found-in version: S5800_5820X-CMW520-R1108 Condition: Configure port connection-mode extend on master device of IRF group and reboot the master device. Description: The configuration port connection-mode extend lost after the device rebooted.

LSD48823
First found-in version: S5800_5820X-CMW520-R1108 Condition: Send VRRP packets to a VLAN-interface which doesnt enable VRRP. Description: The status of other VRRP groups changes frequently.

LSD46979
First found-in version: S5800_5820X-CMW520-R1108 Condition: Reboot an IRF group with a lot of ports has been configured mac-vlan and voice vlan. Description: It costs a long time to recover the IRF system.

LSD47345
First found-in version: S5800_5820X-CMW520-R1108 Condition: Send IPV6 L3 packets that destination is unknown. Description: The CPU usage is high.

LSD49724
First found-in version: S5800_5820X-CMW520-E1106 Condition: The device works at heavy traffic for a long time. Description: There are some parity check errors on chip occasionally.

May 9, 2011

Page 52 of 167

Hangzhou H3C Technologies Co., Ltd.

H3C S5800_5820X-CMW520-R1211 Release Notes

HWD25109
First found-in version: S5800_5820X-CMW520-E1106 Condition: Insert an optical module to a port which the RX power threshold or the actually RX power is lower than -20db, and display the diagnostic info of the module. Description: The RX power threshold or the actually RX power displayed is not correctly. Its displayed as -40db.

Resolved Problems in R1110P04


LSD42465
First found-in version: S5800_5820X-CMW520-R1108 Condition: In IPS application, enable ACFP redirect policy on device and enable portal on L3 interface connected to users. Description: The counter of the port may be a large value.

LSD47541
First found-in version: S5800_5820X-CMW520-R1108 Condition: Apply ACFP policy on the four GE fiber port or the GE port on sub slot of S5800-60C-PWR. Description: The packets cant be redirected to IPS card.

LSD47217/LSD47620
First found-in version: S5800_5820X-CMW520-R1108 Condition: When display information about L3 table and at the same time the device is learning ARP. Description: The RX task cant receive packets occasionally and the device may reboot.

LSD47830
First found-in version: S5800_5820X-CMW520-R1110P03 Condition: DLDP up and down frequently for a long time. Description: Some tasks hang up and the device cant work properly.

LSD47104
First found-in version: S5800_5820X-CMW520-R1110P03 Condition: Configure the log host in a VPN and configure the source IP to send the log message. Description: The device cant send the log message with the configured source IP.

LSD47000
First found-in version: S5800_5820X-CMW520-R1108 Condition: Configure the ACFP rule with gt or lt a L4 port number. Description: The traffic eq to the configured L4 port number will be redirected or mirrored to the IPS.

May 9, 2011

Page 53 of 167

Hangzhou H3C Technologies Co., Ltd.

H3C S5800_5820X-CMW520-R1211 Release Notes

LSD48982
First found-in version: S5800_5820X-CMW520-R1108 Condition: When user login the switch through SSH, and execute the display diagnostic-information and select output the result to the screen directly while there is a lot of lot of MAC-ADDRESS, routing entries or VLAN. Description: The switch may reboot.

LSD48065
First found-in version: S5800_5820X-CMW520-R1108 Condition: Apply more then 20 ACFP policies on device, then insert IPS card. Description: Some of the policies cant be applied successfully.

LSD48790
First found-in version: S5800_5820X-CMW520-R1108 Condition: Multi users access the device at the same time. One user adds or deletes port member of a link aggregation group while another user display the link aggregation group. Description: The device reboots occasionally.

LSD48023
First found-in version: S5800_5820X-CMW520-R1108 Condition: The IPS card works at redirections mode. Description: The PC connected to the device directly cant communicate its gateway.

LSD48020
First found-in version: S5800_5820X-CMW520-R1108 Condition: The IPS card works at mirror mode and enable portal at the downlink L3 interface. Description: Users cant authenticate successfully.

LSD47878
First found-in version: S5800_5820X-CMW520-R1108 Condition: The IPS card works at mirror mode. Description: The traffic of L2 packets is double and the L3 packets cant be transmitted.

LSD47326
First found-in version: S5800_5820X-CMW520-R1108 Condition: Enable NTDP on device and execute ntdp explore repeat Description: The device reboots occasionally.

LSD48971

May 9, 2011

First found-in version: S5800_5820X-CMW520-R1108 Condition: Enable OSPF on device and configure import BGP route. Description: Some iBGP route cant be imported successfully.
Page 54 of 167

Hangzhou H3C Technologies Co., Ltd.

H3C S5800_5820X-CMW520-R1211 Release Notes

LSD46943
First found-in version: S5800_5820X-CMW520-R1108 Condition: When receiving packets with double tag and the inter VLAN of tag is not configured on the device. Description: The packets will be dropped.

Resolved Problems in R1110P03


LSD45825
First found-in version: S5800_5820X-CMW520-F1110 Condition: Enable MAC-authentication with guest VLAN, when user authentications failed and return to guest VLAN. Description: The MAC-VLAN table related to the user has not been deleted.

LSD45782
First found-in version: S5800_5820X-CMW520-F1110 Condition: Enable VRRPE on IRF, the PC connected to master send a gratuitous ARP packet conflict to the virtual IP of VRRP. Description: The ARP reply packet from VRRP use a wrong MAC address, users connected to the master cant ping the master successfully.

LSD45441
First found-in version: S5800_5820X-CMW520-F1110 Condition: Enable MAC-authentication on IRF, the authentication users reach to the max number on the slave. Description: No more users can get authorized on the master.

LSD43000
First found-in version: S5800_5820X-CMW520-R1108 Condition: Insert 100M fiber module to 1000M fixed fiber port on the front panel of S5800-60C-PWR switch. Description: The port cant forward packets occasionally.

LSD46220
First found-in version: S5800_5820X-CMW520-R1108 Condition: Insert IPS card to the device and enable inline mode to monitor L3 packet flow. Description: L3 packet cannot be transmitted.

LSD45742
First found-in version: S5800_5820X-CMW520-F1110 Condition: Enable CFD on a port and shutdown it. Description: The trap information of CFD cant be sent out.

LSD46204

May 9, 2011

First found-in version: S5800_5820X-CMW520-F1110


Page 55 of 167

Hangzhou H3C Technologies Co., Ltd.

H3C S5800_5820X-CMW520-R1211 Release Notes

Condition: Enable loopback detection on device, and generate a loop. Description: The device cant send loopback trap message to the trap server.

LSD45971
First found-in version: S5800_5820X-CMW520-F1110 Condition: Enable port-bridge on device. Description: Port-bridge cant work properly.

LSD45888
First found-in version: S5800_5820X-CMW520-F1110 Condition: Change IRF port to a user port. Description: Packets destined to this port probability cannot be forwarded.

LSD45776
First found-in version: S5800_5820X-CMW520-F1110 Condition: Enable MAC-address notifying information function on a port which has enabled MAC max count limit. Description: Mac-address notifying information function cant work properly.

LSD45743
First found-in version: S5800_5820X-CMW520-F1110 Condition: When no sampling algorithm configured on a port and monitors the flow with NetFlow. Description: Information from NetFlow shows the port configured sampling algorithm.

LSD46382
First found-in version: S5800_5820X-CMW520-F1110 Condition: There is IPv4 ACL and IPv6 ACL with the same ACL number configured on device, and the IPv6 ACL is null, apply packet-filter rule with the IPv6 ACL on L3 interface outbound direction, then add rules to IPv6 ACL. Description: The IPv4 ACL with the same ACL number will be applied.

LSD46062
First found-in version: S5800_5820X-CMW520-F1110 Condition: View LACP configuration with Web. Description: The port name of slot 10 has no slot information.

LSD46023
First found-in version: S5800_5820X-CMW520-F1110 Condition: Apply ACL on TFTP Server worked on VPN. Description: TFTP put and get cannot work.

LSD45807
First found-in version: S5800_5820X-CMW520-F1110 Condition: Two IRF group connect by LACP with LACP MAD enabled, reboot one of the IRF group.

May 9, 2011

Page 56 of 167

Hangzhou H3C Technologies Co., Ltd.

H3C S5800_5820X-CMW520-R1211 Release Notes

Description: The CPU unitization of the other IRF group may be high and the network loss stability with a long time.

LSD45660
First found-in version: S5800_5820X-CMW520-F1110 Condition: In an IRF system, add a 10G port to an aggregation group then configure the port as an IRF port Description: The device comes into configuration recovery process and cannot response to CLI for a long time.

LSD46420
First found-in version: S5800_5820X-CMW520-F1110 Condition: Apply MQC or packet-filter with IPv6 next-header, SIP, DIP and other IP field. Description: The rule applied cannot take into effect.

LSD46411
First found-in version: S5800_5820X-CMW520-F1110 Condition: Configure IP precedence field and TOS field in one ACL rule. Description: The ACL rule with IP precedence field applied failed.

LSD46400
First found-in version: S5800_5820X-CMW520-F1110 Condition: Enable storm-constrain control block on a port which has configured unicast-suppression or multicast-suppression. Description: Storm-constrain control block worked failed.

LSD46115
First found-in version: S5800_5820X-CMW520-F1110 Condition: Create a link aggregation group between two IRF groups and enable VRRP function, reboot the backup device that exchanges VRRP protocol packet with the other IRF group. Description: The VRRP status of the IRF changes to master from backup and then changes back.

LSD45875
First found-in version: S5800_5820X-CMW520-F1110 Condition: Enable ACL logging function on 10GE port then input traffic match the ACL at wire speed. Description: The logging information displayed is wrong.

LSD45761
First found-in version: S5800_5820X-CMW520-F1110 Condition: Enable ACL logging function on a port and input traffic match the ACL, copy the rule of the ACL to other ACL number but dont apply the ACL. Description: There will be logging information associate the ACL displayed.

LSD46503

May 9, 2011

First found-in version: S5800_5820X-CMW520-F1110


Page 57 of 167

Hangzhou H3C Technologies Co., Ltd.

H3C S5800_5820X-CMW520-R1211 Release Notes

Condition: Configure QOS WFQ and QOS GTS on a port at the same moment, input different size packets to different queues. Description: The packet rate of some queues doesnt match the WFQ configured.

LSD47032
First found-in version: S5800_5820X-CMW520-F1110 Condition: Configure the guaranteed ratio buffer parameter of all the 8 queues. Description: The device reboots after applying the buffer parameter.

LSD46884
First found-in version: S5800_5820X-CMW520-F1110 Condition: Repeat execute loopback internal test on port for a long time. Description: The CLI will hang up.

LSD46772
First found-in version: S5800_5820X-CMW520-F1110 Condition: Apply ip-prefix deny function. Description: Ip-prefix deny function works wrong, the static route which mask length less then the configured is denied.

LSD46144
First found-in version: S5800_5820X-CMW520-F1110 Condition: Reboot the IRF group. Description: There are a lot of recover configuration failed information about IRF, portal, OAM and CFD etc.

Resolved Problems in F1110


LSD42426
First found-in version: S5800_5820X-CMW520-R1108 Condition: Enable bpdu-tunnel and QinQ VLAN transparent function on a port at the same time. Description: Bpdu-tunnel protocol packets passing through the service port are added an outer tag wrongly.

LSD43636
First found-in version: S5800_5820X-CMW520-R1108 Condition: Enable dhcp-snooping on device, and the link connected to DHCP server is an aggregation, dhcp-snooping trust configured on the link. Description: The customer connected to the device can not get IP address from DHCP server.

LSD44358

May 9, 2011

First found-in version: S5800_5820X-CMW520-R1108 Condition: Create tunnel interface on device. Description: When pressing display lldp neighbor-information interface T X/X/X shows all the ports LLDP neighbor information wrongly.
Page 58 of 167

Hangzhou H3C Technologies Co., Ltd.

H3C S5800_5820X-CMW520-R1211 Release Notes

LSD44217
First found-in version: S5800_5820X-CMW520-R1108 Condition: Two IRF group connect with an aggregation link, and configure MAD LACP on both size of the link aggregation with different domain, then split one of the IRF group. Description: MAD LACP can not detect the split.

LSD44612
First found-in version: S5800_5820X-CMW520-R1109 Condition: Configure BFD MAD on an IRF, split of the IRF and then recover the IRF. Description: IP routing conflict information will be displayed on device.

LSD45205
First found-in version: S5800_5820X-CMW520-R1109 Condition: Use Putty to telnet device with SSH mode. Description: After a long time running, the device may be reboot probability.

LSD45107
First found-in version: S5800_5820X-CMW520-R1108 Condition: Access the device with web mode press a large number of characters in the address frame. Description: The device reboots.

LSD42604
First found-in version: S5800_5820X-CMW520-R1108 Condition: Delete all the VLANs in a VRRP environment. Description: The master of IRF group may be reboot probability.

LSD44597
First found-in version: S5800_5820X-CMW520-R1109 Condition: Configure 115200 baud rate on serial port of the device and access the device with 115200 baud rate. Description: Some terminals may display illegible characters.

LSD44126
First found-in version: S5800_5820X-CMW520-R1108 Condition: Execute debug port global-info command on an IRF. Description: The master of IRF reboots.

LSD44989
First found-in version: S5800_5820X-CMW520-E1107 Condition: Execute S5800-32C/S5800-56C. display rps /display power command on

Description: display rps returns not support and display power shows power 2 is absent.

May 9, 2011

Page 59 of 167

Hangzhou H3C Technologies Co., Ltd.

H3C S5800_5820X-CMW520-R1211 Release Notes

LSD45367
First found-in version: S5800_5820X-CMW520-R1109 Condition: Configure RRPP primary ring and subring to the max spec, then reboot. Description: Protocol packets can not be sent to CPU after reboot.

LSD45467
First found-in version: S5800_5820X-CMW520-R1109 Condition: Use Saint to scan the IP address of the out-of-band management port. Description: The device may be reboot probability.

LSD45354
First found-in version: S5800_5820X-CMW520-R1109 Condition: Disable lldp on device. Description: LLDP protocol packets would be transmitted by the device.

LSD44062
First found-in version: S5800_5820X-CMW520-R1109 Condition: Ftp to a server as the client and use port mode. Description: The device reboots.

LSD43999
First found-in version: S5800_5820X-CMW520-R1109 Condition: Enable VRRP normal mode on device and ping the virtual IP address with a PC. Description: The inner MAC address and outer MAC address of the ARP ACK packet replied by the device are different.

LSD44289
First found-in version: S5800_5820X-CMW520-R1109 Condition: Configure header incoming on device Description: Display configuration shows header incomming.

LSD44293
First found-in version: S5800_5820X-CMW520-R1109 Condition: Enable Sflow on a port, and no packets pass through on the port. Description: Some Sflow statistic packets which only contain the header of standard Sflow packet and with the length of 40 bytes are sent to the collector.

LSD44231
First found-in version: S5800_5820X-CMW520-R1109 Condition: Execute display patch info command. Description: Word temporary is wrongly spelled as temporaty.

LSD43959

May 9, 2011

First found-in version: S5800_5820X-CMW520-R1109 Condition: Configure bfd multi-hop destination-port 3784. Description: This configuration can not be saved to configuration file.
Page 60 of 167

Hangzhou H3C Technologies Co., Ltd.

H3C S5800_5820X-CMW520-R1211 Release Notes

LSD44125
First found-in version: S5800_5820X-CMW520-R1109 Condition: Add a link-up status port to an aggregation. Description: The information of the port changing down shows on the device.

LSD45389
First found-in version: S5800_5820X-CMW520-R1109 Condition: Get the temperature of the device using MIB. Description: The temperature returned is 65535.

LSD46092
First found-in version: S5800_5820X-CMW520-R1108 Condition: Insert Openxt optical module to 10GE port. Description: The port is probability up and down.

Resolved Problems in R1109P01


LSD44209
First found-in version: S5800_5820X-CMW520-R1108 Condition: Inset 1G ESFP optic module to 10G port. Description: Port would be down and up within one second frequently.

LSD44385
First found-in version: S5800_5820X-CMW520-E1106 Condition: Apply remark drop-precedenc and remark qos-local-id acl rules together. Description: Operation failed

LSD44633
First found-in version: S5800_5820X-CMW520-R1108 Condition: Power off and power on or reboot the devices of a stack in the same time. Description: After reboot, the stack ports connected with a stack cable may keep link down on either sides or one end link up but the other end link down.

Resolved Problems in R1109


LSD43327
First found-in version: S5800_5820X-CMW520-R1108 Condition: S5820X device enable IPV6 function Description: Qos behavior with car cant apply successfully.

LSD42320
First found-in version: S5800_5820X-CMW520-E1106

May 9, 2011

Page 61 of 167

Hangzhou H3C Technologies Co., Ltd.

H3C S5800_5820X-CMW520-R1211 Release Notes

Condition: Execute reset unused porttag command in stack device and then reboot master device. Description: Ports interface cant be created partly.

LSD42292
First found-in version: S5800_5820X-CMW520-E1106 Condition: Scan device using IPV6 address unreachable packets. Description: The device reboots.

LSD43302
First found-in version: S5800_5820X-CMW520-R1108 Condition: Walk MIB h3cMPortGroupTable node of IGMP group. Description: The device reboots.

LSD42979
First found-in version: S5800_5820X-CMW520-R1108 Condition: Ping the server which use virtual LACP link-aggregation NIC connected with device. Description: The time delay is long.

LSD42422
First found-in version: S5800_5820X-CMW520-E1106 Condition: Configure multicast load balancing when already exit multicast entry. Description: The multicast egress interface cant be deleted.

Resolved Problems in R1108


LSD41882
First found-in version: S5800_5820X-CMW520-E1106 Condition: Continuous packets flow flush to the management port. Description: The console port no reaction or the device reboots.

LSD42640
First found-in version: S5800_5820X-CMW520-E1106 Condition: Remove stack configuration on the port and use this port to switch normal packets. Description: Multicast packets cant send out from this port.

LSD42578
First found-in version: S5800_5820X-CMW520-E1106 Condition: Ftp to the server using IPV6 and execute dir command. Description: The device reboots.

LSD42662

May 9, 2011

First found-in version: S5800_5820X-CMW520-E1106 Condition: Shut down and undo shut down the 10G Ethernet port.
Page 62 of 167

Hangzhou H3C Technologies Co., Ltd.

H3C S5800_5820X-CMW520-R1211 Release Notes

Description: 10G port cant link up.

LSD42753
First found-in version: S5800_5820X-CMW520-E1106 Condition: Configure forced speed and duplex on the 10G port which inserted 1000M fiber module and reboots the device. Description: The port switch packet only in single direction.

LSD42580
First found-in version: S5800_5820X-CMW520-E1106 Condition: Plug out fiber or cable in the device which configured link-delay and dynamic link aggregation configuration. Description: The port cant switch packets.

LSD38727
First found-in version: S5800_5820X-CMW520-E1106 Condition: Configure VPN bind virtual interface in the S5820X-28S or S5820X-28C device. Description: The direct IP in VPN cant ping successfully.

LSD38723
First found-in version: S5800_5820X-CMW520-E1106 Condition: Show the current configuration on the device configured loopback interface. Description: The loopback interface configuration are behind the info center related configuration

LSTD39672
First found-in version: S5800_5820X-CMW520-E1106 Condition: Receive telnet packets over 640 Kbps on a port. And the packets are not to the devices CPU port. Description: The packets over 640 Kbps will be dropped by the port.

Resolved Problems in E1107


LSD39253
First found-in version: S5800_5820X-CMW520-E1106 Condition: Configure cluster and cluster ftp server on the command switch. Description: log on ftp server from member switch and failed to get/put file.

LSD39151
First found-in version: S5800_5820X-CMW520-E1106 Condition: Configure STP and run LLDP compatible with CDP Description: The STP discard port doesnt switch CDP packets.

May 9, 2011

Page 63 of 167

Hangzhou H3C Technologies Co., Ltd.

H3C S5800_5820X-CMW520-R1211 Release Notes

Resolved Problems in E1106P01


None

Resolved Problems in E1106


First release

Related Documentation
New Feature Documentation
Table 10 New Feature Documentation For information about new features, see Documentation Set <H3C S5820X&S5800 Series Ethernet Switches Configuration Guides-Release 1211> and <H3C S5820X&S5800 Series Ethernet Switches Command References-Release 1211>.

Documentation Set
Table 11 Documentation set Manual
H3C S5820X Series Ethernet Switches Installation Manual H3C S5800 Series Ethernet Switches Installation Manual H3C PSR150-A&PSR150-D Power Modules User Manual H3C PSR300-12A&PSR300-12D1 Power Modules User Manual H3C PSR750-A&PSR750-D Power Modules User Manual H3C S5820X&S5800 Switch Series Configuration Guides-Release 1211 H3C S5820X&S5800 Switch Series Command References-Release 1211 H3C LSVM1AC650 & LSVM1DC650 Power Modules User Manual

Version
6W104 6W104 5W101 5PW102 5PW102 6W100 6W100 5PW101

Obtaining Documentation
Downloading Documentation
Take the following steps to get related documents from the H3C website at www.h3c.com. Table 12 Download documentation from the H3C website
How to apply for an account May 9, 2011 Access the homepage of H3C at http://www.h3c.com and click Registration at the top right. In the displayed page, provide your information and click Submit to register. Page 64 of 167

Hangzhou H3C Technologies Co., Ltd.

H3C S5800_5820X-CMW520-R1211 Release Notes Access the homepage of H3C at http://www.h3c.com and click Registration at the top right. In the displayed page, provide your information and click Submit to register. Approach 1: In the homepage of H3C at http://www.h3c.com, select Technical Support & Document > Technical Documents from the navigation bar at the top. Then select a product for its documents. Approach 2: In the Support area of the H3C homepage at http://www.h3c.com, select Technical Documents. Then select a product for its documents.

How to apply for an account

How to get documentation

The operation and command manuals corresponding to a software version are released along with the software version.

Software Upgrading
Introduction
Loading software on the switch involves loading application files and upgrading the Boot ROM program by using the host software package. The host software package of the S5800 series comprises the Boot ROM files and application files with the file name extension .bin. Loading application files: Download the host software package to the flash memory on the switch and set the attribute (main, backup, or none) of the application files. Upgrading the Boot ROM program: Use Boot ROM files in the host software package to upgrade the Boot ROM program of the switch.

NOTE: Boot ROM files (stored together with application files with name extension .bin in the host software package) used for upgrade are complete Boot ROM files. A complete Boot ROM file includes a basic section and an extended section. The basic Boot ROM section is the smallest program file used to complete the primary initialization of the system. With rich human-computer interaction (HCI) functions, the extended Boot ROM section uses Ethernet interfaces for upgrading the applications and the boot system.

Approaches for Loading Software


You can load application and configuration files of the switch through the Boot ROM menu or the CLI. Table 13 Approaches for loading software on the switch Approach
Loading files through the Boot ROM May 9, 2011

Section
Loading Software Using XMODEM Through Console Port Page 65 of 167

Hangzhou H3C Technologies Co., Ltd.

H3C S5800_5820X-CMW520-R1211 Release Notes

Approach
menu

Section
Loading Software Using TFTP Through Ethernet Port Loading Software Using FTP Through Ethernet Port Loading Software through USB Interface

Loading files through the CLI

Loading Software Using FTP

Loading Software Using TFTP NOTE: Each S5800-32F series switch provides a management Ethernet port, which can operate regardless of the working status of the switching chip. To upgrade the Boot ROM program or load application files when the switching chip fails to operate normally, you are recommended to use the management Ethernet port. Loading the Boot ROM or application files through the management Ethernet port is similar to that through the common Ethernet port. This manual takes the common Ethernet port as examples in file loading.

Loading Software through the Boot ROM Menu


To load the Boot ROM and application files through the Boot ROM menu, you need to correctly connect a user terminal to the switch using a console cable.

Introduction to the Boot ROM Menu


Starting...... ************************************************************************ * * * Copyright (c) 2004-2008 Hangzhou H3C Technologies Co., Ltd. Creation Date Memory Size Flash Size CPLD Version PCB Version Mac Address : Dec 2 2008,17:43:47 H3C S5800-56C BOOTROM, Version 007 * * *

************************************************************************

CPU Clock Speed : 750MHz : 512MB : 512MB : 001 : Ver.B : 000ef2005800

Press Ctrl-B to enter Extended Boot menu...4

When the system displays Press Ctrl-B to enter Extended Boot menu, press Ctrl + B. Then, the following prompt is displayed:
Please input BootRom password:

May 9, 2011

Page 66 of 167

Hangzhou H3C Technologies Co., Ltd.

H3C S5800_5820X-CMW520-R1211 Release Notes

NOTE: By default, the system starts up in normal mode and the waiting time here is five seconds. If you set the startup mode to fast, the waiting time is one second. To enter the Boot ROM menu in normal mode, you need to press Ctrl + B within four seconds when the system displays Press Ctrl-B to enter Boot Menu. Otherwise, the system starts decompressing the application files. You need to restart the switch if you want to enter the Boot ROM menu after the application files are decompressed. Enter the Boot ROM password (the initial password is null). Then the system displays the Boot ROM menu.
BOOT MENU

1. Download application file to flash 2. Select application file to boot 3. Display all files in flash 4. Delete file from flash 5. Modify BootRom password 6. Enter BootRom upgrade menu 7. Skip current configuration file 8. Set BootRom password recovery 9. Set switch startup mode 0. Reboot

Enter your choice(0-9):

The items in the Boot ROM menu are described in Table 14 . Table 14 Description of the Boot ROM menu Item
1. Download application file to flash 2. Select application file to boot 3. Display all files in flash 4. Delete file from flash 5. Modify BootRom password 6. Enter BootRom upgrade menu 7. Skip current configuration file 8. Set BootRom password recovery 9. Set switch startup mode 0. Reboot

Description
Download the application file to the flash memory Select the application file to boot Display all files in the flash memory Delete files from the flash memory Modify the Boot ROM password Enter the Boot ROM update menu Skip the current configuration file (this configuration is valid once) Restore the Boot ROM password Set the startup mode of the switch Restart the switch

May 9, 2011

Page 67 of 167

Hangzhou H3C Technologies Co., Ltd.

H3C S5800_5820X-CMW520-R1211 Release Notes

NOTE: Currently, Boot ROM files are not provided separately by the S5800 series; instead, they are stored together with the application files with name extension .bin in the host software package. The procedures for upgrading the Boot ROM program and loading application files are similar except that you need to select different items (1 for loading application files, and 6 for loading Boot ROM files) in the Boot ROM menu. This manual takes upgrading the Boot ROM program as examples.

Loading Software Using XMODEM Through Console Port


Introduction to XMODEM
XMODEM is a file transfer protocol widely used for its simplicity. XMODEM transfers files through the console port, supporting data packets of 128 bytes. With respect to reliability, it supports checksum, CRC, and the error packet retransmission mechanism. Normally, the maximum number of retransmission attempts is ten. XMODEM transfer is completed by receiving and sending programs together. Receiving program initiates packet checking method negotiation by sending the negotiation character. If negotiation passes, the sending program starts packet transfer. Upon receipt of a complete packet, the receiving program checks it using the agreed-upon check method. If the check succeeds, the receiving program sends an acknowledgement character; if the check fails, it sends a reject character. Upon receipt of the acknowledgement, the sending program continues to send the next packet; upon receipt of the reject, it retransmits the packet.

Setting Terminal Parameters


When setting up the configuration environment through the console port, the terminal or PC can use the terminal emulation program to communicate with the switch. You can run the HyperTerminal of the Windows operating system to connect to other PCs, network devices, and Telnet sites. For detailed information and the use of the HyperTerminal, refer to the HyperTerminal Help documentation in Help and Support Center on the PC running the Windows operating system. In the following configuration procedure, Windows XP HyperTerminal is used to communicate with the switch.
1. 2.

Start the PC and run the terminal emulation program. Set terminal parameters as follows: Bits per second: 9,600 Data bits: 8 Parity: None Stop bits: 1 Flow control: None Emulation: VT100

The specific procedure is as follows:


Step1 Select Start > Programs > Accessories > Communications > HyperTerminal to enter the

HyperTerminal window. The Connection Description dialog box appears, as shown below.

May 9, 2011

Page 68 of 167

Hangzhou H3C Technologies Co., Ltd.

H3C S5800_5820X-CMW520-R1211 Release Notes

Figure 1 Connection description of the HyperTerminal

Step2 Type the name of the new connection in the Name text box and click OK. The following

dialog box appears. Select the serial port to be used from the Connect using drop-down list. Figure 2 Set the serial port used by the HyperTerminal connection

Step3 Click OK after selecting a serial port. The following dialog box appears. Set Bits per second

to 9600, Data bits to 8, Parity to None, Stop bits to 1, and Flow control to None.

May 9, 2011

Page 69 of 167

Hangzhou H3C Technologies Co., Ltd.

H3C S5800_5820X-CMW520-R1211 Release Notes

Figure 3 Set the serial port parameters

Step4 Click OK after setting the serial port parameters and the system enters the HyperTerminal

window shown below. Figure 4 HyperTerminal window

May 9, 2011

Page 70 of 167

Hangzhou H3C Technologies Co., Ltd.

H3C S5800_5820X-CMW520-R1211 Release Notes

Step5 Click Properties in the HyperTerminal window to enter the Switch Properties dialog box.

Click the Settings tab, set the emulation to VT100, and then click OK.

Figure 5 Set terminal emulation in Switch Properties dialog box

Upgrading the Boot ROM program


Complete the following tasks to update the Boot ROM program using XMODEM through the console port (For details about the HyperTerminal, refer to Setting Terminal Parameters: Task
Enter the Boot ROM update menu on the switch Enter the protocol parameter setting menu Configure the switch to download files using XMODEM Set the download rate of the console port on the switch

Remarks
Required Log in to the switch through the HyperTerminal and then configure the protocol used for loading files. Required Log in to the switch through the HyperTerminal and then set the download rate of the console port on the switch. Optional Set the baud rate of the serial port on the terminal to be consistent with that of the console port on the switch. Optional

Change the rate of the serial port on the terminal Establish a connection between the terminal and the switch using the changed rate

May 9, 2011

Page 71 of 167

Hangzhou H3C Technologies Co., Ltd.

H3C S5800_5820X-CMW520-R1211 Release Notes

Task
Upload an application file from the terminal to the switch Update the Boot ROM file on the switch

Remarks
Required Transmit a file from the terminal to the switch using the changed connection rate. Required Update the Boot ROM file on the switch. Optional Set the baud rate of the serial port on the terminal to be consistent with the default rate of the console port on the switch. Required

Restore the download rate to the default

Restart the switch to make the updated Boot ROM file effective 1.

Enter the Boot ROM update menu on the switch

Enter the Boot ROM menu, and then enter 6 or press Ctrl + U after the system displays Enter your choice(0-9): to enter the Boot ROM update menu.
Enter your choice(0-9): 6

1. Update full BootRom 2. Update extended BootRom 3. Update basic BootRom 0. Return to boot menu

Enter your choice(0-3):

The items in the Boot ROM update menu are described in Table 15 . Table 15 Description of the Boot ROM update menu Item
1. Update full BootRom 2. Update extended BootRom 3. Update basic BootRom 0. Return to boot menu 2.

Description
Update the complete Boot ROM file Update the extended Boot ROM section Update the basic Boot ROM section Return to the Boot ROM menu

Enter the protocol parameter setting menu

After the system displays Enter your choice(0-3):, enter 1 to enter the protocol parameter setting menu. NOTE: All the Boot ROM files used for upgrade are complete Boot ROM files.
1. Set TFTP protocol parameter 2. Set FTP protocol parameter 3. Set XMODEM protocol parameter 0. Return to boot menu

Enter your choice(0-3):

The items in the protocol parameter setting menu are described in Table 16 .
May 9, 2011 Page 72 of 167

Hangzhou H3C Technologies Co., Ltd.

H3C S5800_5820X-CMW520-R1211 Release Notes

Table 16 Description of the protocol parameter setting menu Item


1. Set TFTP protocol parameter 2. Set FTP protocol parameter 3. Set XMODEM protocol parameter 0. Return to boot menu 3.

Description
Set TFTP parameters Set FTP parameters Set XMODEM parameters Return to the Boot ROM menu

Configure the switch to download files using XMODEM

Enter 3 to enter the download rate setting menu.


Please select your download baudrate: 1.* 9600 2. 19200 3. 38400 4. 57600 5. 115200 0. Return Enter your choice (0-5):

4.

Set the download rate of the console port on the switch

Select an appropriate download rate. For example, if you select 115200 bps, that is, enter 5, the following information is displayed:
Download baud rate is 115200 bps

Please change the terminal's baud rate to 115200 bps and select XMODEM protocol Press enter key when ready Now that the console communication baud rate of the switch has been changed to 115200 bps while that of the terminal is still 9600 bps, the two sides cannot communicate with each other. According to the prompt, you need to change the baud rate of the terminal to 115200 bps. NOTE: Typically, the size of a .bin file is over 10 MB. Even at a baud rate of 115200 bps, the update takes tens of minutes. If you select 9600 bps as the download rate, you can skip the step Change the rate of the serial port on the terminal.
5.

Change the rate of the serial port on the terminal

To ensure communication between the terminal and the switch, the baud rate of the serial port on the terminal should be consistent with that of the console port on the switch.
Step1 Select Call > Disconnect in the HyperTerminal window to disconnect the terminal from the

switch.

May 9, 2011

Page 73 of 167

Hangzhou H3C Technologies Co., Ltd.

H3C S5800_5820X-CMW520-R1211 Release Notes

Figure 6 Disconnect the terminal from the switch

Step2 Select File > Properties. In the Properties dialog box, click Configure (as shown in Figure 7 ),

and then select 115200 from the Bits per second drop-down list box (as shown in Figure 8 ).

May 9, 2011

Page 74 of 167

Hangzhou H3C Technologies Co., Ltd.

H3C S5800_5820X-CMW520-R1211 Release Notes

Figure 7 Properties dialog box

Figure 8 Modify the baud rate

May 9, 2011

Page 75 of 167

Hangzhou H3C Technologies Co., Ltd.

H3C S5800_5820X-CMW520-R1211 Release Notes

Step3 Select Call > Call to reestablish the connection.

Figure 9 Reestablish the connection

NOTE: The new settings can take effect only after you reestablish the connection.
6.

Establish a connection between the terminal and the switch using the changed rate

Press Enter to reestablish the connection between the terminal and the switch and download the application file at 115200 bps. The following information is displayed:
Now please start transfer file with XMODEM protocol. If you want to exit, Press <Ctrl+X>. Loading ...CCCCCCCCCC

NOTE: Press Ctrl + X to quit downloading files; otherwise, proceed as follows.


7.

Upload an application file from the terminal to the switch

Step4 Select Transfer > Send File in the HyperTerminal window (as shown in Figure 10 ). Click

Browse in the pop-up dialog box (as shown in Figure 11 ) to select the application file to be downloaded (for example, update.bin), and select Xmodem from the Protocol drop-down list.

Figure 10 Transfer menu

Figure 11 File transmission dialog box

May 9, 2011

Page 76 of 167

Hangzhou H3C Technologies Co., Ltd.

H3C S5800_5820X-CMW520-R1211 Release Notes

Step5 Click Send. The following dialog box appears:

Figure 12 Send the application file using XMODEM

8.

Update the Boot ROM file on the switch

After the Boot ROM file is downloaded, the terminal displays the following information:
Loading ...CCCC Done! Will you Update Basic BootRom? (Y/N):Y

The system asks you whether you want to update the basic Boot ROM section. Click Y and then the system displays the following information after the update is completed.
Updating Basic BootRom...........Done! Updating extended BootRom? (Y/N):Y

The system asks you whether you want to update the extended Boot ROM section. Click Y. Then the system displays the following information after the update is completed:
Updating extended BootRom.........Done! Please change the terminal's baudrate to 9600 bps, press ENTER when ready.

9.

Restore the download rate to the default

Set the baud rate to 9600 bps (refer to Change the rate of the serial port on the terminal for detailed operation). NOTE: If you select 9600 bps as the download rate, skip this step, that is, you do not need to modify the baud rate of the HyperTerminal.
10.

Restart the switch to make the updated Boot ROM file effective

Press any key to return to the Boot ROM update menu.


1. Update full BootRom 2. Update extended BootRom 3. Update basic BootRom 0. Return to boot menu Enter your choice(0-3):

May 9, 2011

Page 77 of 167

Hangzhou H3C Technologies Co., Ltd.

H3C S5800_5820X-CMW520-R1211 Release Notes

Enter 0 to return to the Boot ROM menu, and then enter 0 again. After that, the device is restarted and the updated Boot ROM file becomes effective.

Loading an application file


To load the application file of the switch, enter 1 in the Boot ROM menu. The system displays the following information:
1. Set TFTP protocol parameter 2. Set FTP protocol parameter 3. Set XMODEM protocol parameter 0. Return to boot menu Enter your choice(0-3):3

Select an appropriate protocol in Table 16 to load the application file. The procedure of loading an application file is similar to that of upgrading the Boot ROM program. The difference lies in that the system displays the prompt of loading the application file rather than the upgrading the Boot ROM program. After the application file is loaded, the switch displays that you should set the application attribute, that is, main, backup, or none. Type a specific attribute to complete loading the application file.
Writing flash.................................................................. ................Done! Please input the file attribute (Main/Backup/None) M Done!

NOTE: If an application file with a specific attribute already exists when you set a new file with the attribute, the attribute of the existing file becomes none after the new file becomes effective.

Loading Software Using TFTP Through Ethernet Port


Introductin to TFTP
Trivial File Transfer Protocol (TFTP) is a TCP/IP protocol used for file transfer between client and server. It provides a simple and low-overhead file transfer service. TFTP provides unreliable data transfer over UDP.

Upgrading the Boot ROM program


Complete the following tasks to upgrade the Boot ROM program using TFTP through an Ethernet port (For details about the HyperTerminal, refer to Setting Terminal Parameters: Task Remarks
Required Set up the configuration environment Connect the switch to the TFTP server through an Ethernet port, and to a PC through the console port. The PC and the TFTP server can be the same device. Required

Run the TFTP Server program on the sever

May 9, 2011

Page 78 of 167

Hangzhou H3C Technologies Co., Ltd.

H3C S5800_5820X-CMW520-R1211 Release Notes

Task
Run the terminal emulation program on the PC connected with the switchs console port. Start the switch and enter the Boot ROM menu. Then enter the protocol parameter setting menu. Enter the protocol parameter setting menu Configure the switch to upload the Boot ROM file through TFTP Update the Boot ROM file on the switch Restart the switch to make the updated Boot ROM file effective

Remarks

Required Log in to the switch through the HyperTerminal and configure the protocol for uploading the Boot ROM file.

Required Update the Boot ROM file on the switch. Required Restart the switch to make the updated Boot ROM file effective.

1.

Set up the configuration environment

Connect an Ethernet port (GigabitEthernet 1/0/25, for example) of the switch to the server (whose IP address is available) that provides the file (usually the .bin file) to be downloaded, and connect the console port of the switch to a PC, as shown in Figure 13 . Figure 13 Load software using TFTP/FTP through Ethernet port

CAUTION: The PC and the TFTP/FTP server can be the same device. Each S5800-32F series switch provides a management Ethernet port, which can operate regardless of the working status of the switching chip. To upgrade the Boot ROM program or load application files when the switching chip fails to operate normally, you are recommended to use the management Ethernet port. The TFTP/FTP server program is not provided with the S5800 series. Make sure that it is available by yourself.
2.

Run the TFTP Server program on the sever

Run TFTP Server on the server connected with the switchs Ethernet port, and specify the path of the application file to be downloaded.
3.

Run the terminal emulation program on the PC connected with the switchs console port. Start the switch and enter the Boot ROM menu. Then enter the protocol parameter setting menu.

If you want to load the Boot ROM file, enter 6 in the Boot ROM menu after the system displays Enter your choice(0-9): to enter the Boot ROM update menu.
1. Update full BootRom 2. Update extended BootRom 3. Update basic BootRom 0. Return to boot menu

May 9, 2011

Page 79 of 167

Hangzhou H3C Technologies Co., Ltd.


Enter your choice(0-3):

H3C S5800_5820X-CMW520-R1211 Release Notes

4.

Enter the protocol parameter setting menu

Enter 1 to update the complete Boot ROM file, and then enter the protocol parameter setting menu.
Bootrom update menu:

1. Set TFTP protocol parameter 2. Set FTP protocol parameter 3. Set XMODEM protocol parameter 0. Return to boot menu

Enter your choice(0-3):

5.

Configure the switch to upload the Boot ROM file through TFTP
:update.bin :10.10.10.2 :10.10.10.3

Enter 1 to update the Boot ROM file using TFTP, and then set the TFTP parameters.
Load File Name Server IP Address Local IP Address

Gateway IP Address :

The parameters are described in Table 17 . Table 17 Description of the TFTP parameters Item
Load File Name : Server IP Address : Local IP Address : Gateway IP Address :

Description
Name of the file to be downloaded (for example, update.bin) IP address of server (for example, 10.10.10.2) IP address of the switch (for example, 10.10.10.3) IP address of the gateway (suppose it is not specified)

NOTE: Enter the file name and IP addresses based on the actual condition. If the switch and the server are on the same network segment, you can specify any unused IP address of the network for the switch without specifying the gateways IP address; if they are not on the same segment, you need to specify the gateways IP address so that the switch can communicate with the server.
6.

Update the Boot ROM file on the switch

Enter the corresponding parameters based on the actual condition. The system displays the following information:
Loading........................................................................ ............................................................................... ................................Done! Will you Update Basic BootRom? (Y/N):Y

The system asks you whether you want to update the basic Boot ROM section. Click Y. Then the system displays the following information after the update is complete:
Updating Basic BootRom...........Done! Updating extended BootRom? (Y/N):Y

May 9, 2011

Page 80 of 167

Hangzhou H3C Technologies Co., Ltd.

H3C S5800_5820X-CMW520-R1211 Release Notes

The system asks you whether you want to update the extended Boot ROM section. Click Y. Then the system displays the following information after the update is complete:
Updating extended BootRom.........Done!

7.

Restart the switch to make the updated Boot ROM file effective

Press any key to return to the Boot ROM update menu.


Press enter key when ready 1. Update full BootRom 2. Update extended BootRom 3. Update basic BootRom 0. Return to boot menu Enter your choice(0-3):

Enter 0 to return to the Boot ROM menu, and then enter 0 again. After that, the device is restarted and the updated Boot ROM file becomes effective.

Loading an application file


To load an application file of the switch, enter 1 in the Boot ROM menu. The system displays the following information:
1. Set TFTP protocol parameter 2. Set FTP protocol parameter 3. Set XMODEM protocol parameter 0. Return to boot menu Enter your choice(0-3):3

You can enter 1 to load the application file. The procedure of loading an application file is similar to that of upgrading the Boot ROM program. The difference lies in that the system displays the prompt of loading the application file rather than upgrading the Boot ROM program. After loading the application file, the switch displays that you should configure the application attribute, that is, main, backup, or none. Type a specific attribute to complete loading the application file.
Writing flash.................................................................. ................Done! Please input the file attribute (Main/Backup/None) M Done!

NOTE: If an application file with a specific attribute already exists when you set a new file with the attribute, the attribute of the existing file becomes none after the new file becomes effective.

Loading Software Using FTP Through Ethernet Port


Introduction to FTP
The switch can serve as either an FTP server or an FTP client by using its Ethernet port to download the system application and configuration files. The switch serves as an FTP client in the following examples.

May 9, 2011

Page 81 of 167

Hangzhou H3C Technologies Co., Ltd.

H3C S5800_5820X-CMW520-R1211 Release Notes

Upgrading the Boot ROM program


NOTE: When upgrading the Boot ROM program, the switch can serve only as an FTP client. Complete the following tasks to upgrading the Boot ROM program using FTP through an Ethernet port (For details about the HyperTerminal, refer to Setting Terminal Parameters: Task Remarks
Required Set up the configuration environment Connect the switch to the TFTP server through an Ethernet port, and to a PC through the console port. The PC and the TFTP server can be the same device. Required

Run the FTP Server program on the server Run the terminal emulation program on the PC connected with the switchs console port. Start the switch and enter the Boot ROM menu, and then enter the protocol parameter setting menu. Enter the protocol parameter setting menu Configure the switch to load the Boot ROM file through FTP Update the Boot ROM file on the switch Restart the switch to make the updated Boot ROM file effective

Required Log in to the switch through the HyperTerminal and configure the protocol for uploading the Boot ROM file.

Required Update the Boot ROM file on the switch. Required Restart the switch to make the updated Boot ROM file effective.

1.

Set up the configuration environment

Connect an Ethernet port (GigabitEthernet 1/0/25, for example) of the switch to the server (whose IP address is available) that provides the file (usually the .bin file) to be downloaded, and connect the console port of the switch to a PC, as shown in Figure 13 .
2.

Run the FTP Server program on the server

Run FTP Server on the server connected with the switchs Ethernet port, configure the FTP username and password, and specify the path of the application file to be downloaded.
3.

Run the terminal emulation program on the PC connected with the switchs console port. Start the switch and enter the Boot ROM menu, and then enter the protocol parameter setting menu.

If you want to load the Boot ROM file, enter 6 in the Boot ROM menu after the system displays Enter your choice(0-9): to enter the Boot ROM update menu.
1. Update full BootRom 2. Update extended BootRom 3. Update basic BootRom 0. Return to boot menu Enter your choice(0-3):

4. May 9, 2011

Enter the protocol parameter setting menu


Page 82 of 167

Hangzhou H3C Technologies Co., Ltd.

H3C S5800_5820X-CMW520-R1211 Release Notes

Enter 1 to update the complete Boot ROM file.


Bootrom update menu:

1. Set TFTP protocol parameter 2. Set FTP protocol parameter 3. Set XMODEM protocol parameter 0. Return to boot menu Enter your choice(0-3):

5.

Configure the switch to load the Boot ROM file through FTP

In the protocol parameter setting menu, enter 2 to update the Boot ROM file using FTP, and then set the FTP parameters.
Load File Name Server IP Address Local IP Address :update.bin :10.10.10.2 :10.10.10.3

Gateway IP Address :0.0.0.0 FTP User Name FTP User Password :5800 :123

The parameters are described in Table 18 . Table 18 Description of the FTP parameters Item
Load File Name : Server IP Address : Local IP Address : Gateway IP Address : FTP User Name FTP User Password

Description
Name of the file to be downloaded IP address of the PC IP address of the switch IP address of the gateway Username for logging in to the FTP server, which should be consistent with that configured on the FTP server. Password for logging in to the FTP server, which should be consistent with that configured on the FTP server.

NOTE: Enter the file name and IP addresses based on the actual condition. If the switch and the server are on the same network segment, you can specify any unused IP address of the network for the switch without specifying the gateways IP address; if they are not on the same segment, you need to specify the gateways IP address so that the switch can communicate with the server.
6.

Update the Boot ROM file on the switch

Enter the corresponding parameters based on the actual condition. The system displays the following information:
Will you Update Basic BootRom? (Y/N):Y

The system asks you whether you want to update the basic Boot ROM section. Click Y. The system displays the following information after the update is complete:
Updating Basic BootRom...........Done! Updating extended BootRom? (Y/N):Y

May 9, 2011

Page 83 of 167

Hangzhou H3C Technologies Co., Ltd.

H3C S5800_5820X-CMW520-R1211 Release Notes

The system asks you whether you want to update the extended Boot ROM section. Click Y and then the system displays the following information after the update is complete:
Updating extended BootRom.........Done!

7.

Restart the switch to make the updated Boot ROM file effective

Press any key to return to the Boot ROM update menu.


Press enter key when ready 1. Update full BootRom 2. Update extended BootRom 3. Update basic BootRom 0. Return to boot menu Enter your choice(0-3):

Enter 0 to return to the Boot ROM menu, and then enter 0 again. After that, the device is restarted and the updated Boot ROM file becomes effective.

Loading an application file


To load an application file of the switch, enter 1 in the Boot ROM menu. The system displays the following information:
1. Set TFTP protocol parameter 2. Set FTP protocol parameter 3. Set XMODEM protocol parameter 0. Return to boot menu Enter your choice(0-3):3

You can enter 2 to load the application file. The procedure of loading an application file is similar to that of upgrading the Boot ROM program. The difference lies in that the system displays the prompt of loading the application file rather than upgrading the Boot ROM program. After loading the application file, the switch displays that you should configure the application attribute, that is, main, backup, or none. Type a specific attribute to complete loading the application file.
Writing flash.................................................................. ................Done! Please input the file attribute (Main/Backup/None) M Done!

NOTE: If an application file with a specific attribute already exists when you set a new file with the attribute, the attribute of the existing file becomes none after the new file becomes effective.

Loading Software Through CLI


By connecting a terminal to the switch, you can upgrade the Boot ROM program and load application files of the switch remotely through CLI.

May 9, 2011

Page 84 of 167

Hangzhou H3C Technologies Co., Ltd.

H3C S5800_5820X-CMW520-R1211 Release Notes

Loading Software through USB Interface


Each S5800 series switch provides a USB interface on its front panel. You can download the Boot ROM and application files to a removable storage device (such as a USB flash disk), and load the file through the USB interface. Suppose the Boot ROM and application files are stored in the file named update.bin, follow these steps to load the files from the USB flash disk.
Step1 Plug the USB flash disk containing the update.bin file in the USB interface of the switch. Step2 Copy the update.bin file to the flash memory of the switch.
<H3C> cd flash: <H3C> copy usba:/upadate.bin update.bin

Step3 Remove the USB flash disk, and then load the Boot ROM file.
<H3C> bootrom update file update.bin slot 1 This command will update bootrom file on the specified board(s), Continue? [Y/ N]:y Now updating bootrom, please wait...

Step4 Load the application file, and specify the file as the main program file.
<H3C> boot-loader file update.bin slot 1 main This command will set the boot file of the specified board. Continue? [Y/N]:y The specified file will be used as the main boot file at the next reboot on slot 1! <H3C> display boot-loader Slot 1 The current boot app is: The main boot app is: The backup boot app is: <H3C> reboot flash:/update.bin flash:/update.bin flash:/update.bin

NOTE: After loading the application file, use the reboot command to restart the switch to make the update take effect (make sure you have saved other configurations before restart). If the flash memory does not have enough space, you can load the Boot ROM file first, and then delete certain application files from the flash memory (you are recommended to delete the unused host program files); then, load the application file to the switch through FTP for update. Avoid any power failure during the loading process.

Loading Software Using FTP


As shown in Figure 14 , run FTP Server on the local host, configure username admin and the password, and specify the path of the file to be downloaded (suppose the IP address of the FTP server is 202.10.10.53). Then, telnet to the switch and send the host program file to the switch using FTP.

May 9, 2011

Page 85 of 167

Hangzhou H3C Technologies Co., Ltd.

H3C S5800_5820X-CMW520-R1211 Release Notes

Figure 14 Load software through FTP

Suppose the Boot ROM and application files are stored in the file named update.bin, follow these steps after you telnet to the switch.
Step1 Download the file to the switch using FTP.
<H3C> ftp 202.10.10.53 Trying ... Press CTRL+K to abort Connected. 220 WFTPD 2.0 service (by Texas Imperial Software) ready for new user User(none):admin 331 Give me your password, please Password: 230 Logged in successfully [ftp] get update.bin update.bin [ftp] bye

Step2 Upgrade the Boot ROM program.


<H3C> bootrom update file update.bin slot 1 This command will update bootrom file on the specified board(s), Continue? [Y/ N]:y Now updating bootrom, please wait...

Step3 Load the application file, and specify the file as the main program file.
<H3C> boot-loader file update.bin slot 1 main This command will set the boot file of the specified board. Continue? [Y/N]:y The specified file will be used as the main boot file at the next reboot on slot 1! <H3C> display boot-loader Slot 1 The current boot app is: The main boot app is: The backup boot app is: <H3C> reboot flash:/update.bin flash:/update.bin flash:/update.bin

NOTE: After loading the application file, use the reboot command to restart the switch to make the update take effect (make sure you have saved other configurations before restart). If the flash memory does not have enough space, you can load the Boot ROM file first, and then delete certain application files from the flash memory (you are recommended to delete the unused host program files); then, load the application file to the switch through FTP for update. Avoid any power failure during the loading process.
May 9, 2011 Page 86 of 167

Hangzhou H3C Technologies Co., Ltd.

H3C S5800_5820X-CMW520-R1211 Release Notes

Loading Software Using TFTP


Loading a file through TFTP is similar to loading a file through FTP. The switch can serve only as a TFTP client that downloads the file from the TFTP server to its flash memory. The procedure after download is the same as loading the file remotely through FTP.

Appendix
Details of Changed CLI Commands in R1211
display device manuinfo fan
Syntax
On a centralized device or a distributed device: display device manuinfo fan fan-id [ | { begin | exclude | include } regular-expression ] On a centralized IRF member device: display device manuinfo slot slot-number
regular-expression ]

fan fan-id [ | { begin | exclude | include }

On a distributed IRF member device: display device manuinfo chassis chassis-number fan fan-id [ | { begin | exclude | include }
regular-expression ]

View
Any view

Default level
3: Manage level

Parameters
slot slot-number: Displays the electrical label information of the fans on an IRF member device. The slot-number argument is the ID of a member device. (On a centralized IRF member device) chassis chassis-number: Displays the electrical label information of the fans on an IRF member device. The chassis-number argument is the ID of a member device of the current IRF virtual device. (On a distributed IRF member device) fan fan-id: Displays the electrical label information of the specified fan. Support for this argument and the value range depend on the device model. |: Filters command output by specifying a regular expression. For more information about regular expressions, see the Fundamentals Configuration Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression.
May 9, 2011 Page 87 of 167

Hangzhou H3C Technologies Co., Ltd.

H3C S5800_5820X-CMW520-R1211 Release Notes

characters.

regular-expression: Specifies a regular expression, which is a case-sensitive string of 1 to 256

Description
Use the display device manuinfo fan command to display the electrical label information of the specified fan. NOTE: Support for this command depends on the device model.

Examples
# Display the electrical label information of fan 2. (On a centralized device or a distributed device) (The output of this command varies with devices)
<Sysname> display device manuinfo fan 2 Fan unit 2: DEVICE_NAME : fan

DEVICE_SERIAL_NUMBER : 210235A36L1234567890 MAC_ADDRESS MANUFACTURING_DATE VENDOR_NAME : NONE : 2010-01-20 : H3C

# Display the electrical label information of fan 2 on IRF member device 1. (On a centralized IRF member device) (The output of this command varies with devices)
<Sysname> display device manuinfo fan 2 Slot 1: Fan unit 2: DEVICE_NAME MAC_ADDRESS MANUFACTURING_DATE VENDOR_NAME : fan : NONE : 2010-01-20 : H3C

DEVICE_SERIAL_NUMBER : 210235A36L1234567890

# Display the electrical label information of fan 2 on IRF member device 1. (On a distributed IRF member device) (The output of this command varies with devices)
<Sysname> display device manuinfo chassis 1 fan 2 Chassis 1: Fan unit 2: DEVICE_NAME DEVICE_SERIAL_NUMBER MAC_ADDRESS MANUFACTURING_DATE VENDOR_NAME : fan2 : 210235A36L1234567891 : NONE : 2010-01-20 : H3C

display device manuinfo power


Syntax
On a centralized device or a distributed device: display device manuinfo power power-id [ | { begin | exclude | include } regular-expression ]
May 9, 2011 Page 88 of 167

Hangzhou H3C Technologies Co., Ltd.

H3C S5800_5820X-CMW520-R1211 Release Notes

On a centralized IRF member device: display device manuinfo slot slot-number power power-id [ | { begin | exclude | include } regular-expression ] On a distributed IRF member device: display device manuinfo chassis chassis-number power power-id [ | { begin | exclude | include } regular-expression ]

View
Any view

Default level
3: Manage level

Parameters
slot slot-number: Displays the electrical label information of the PSUs on an IRF member device. The slot-number argument is the ID of a member device. (On a centralized IRF member device) chassis chassis-number: Displays the electrical label information of the PSUs on an IRF member device. The chassis-number argument is the ID of a member device of the current IRF virtual device. (On a distributed IRF member device) power power-id: Displays the electrical label information of the specified power supply unit (PSU), where power-id represents the PSU number. The value varies with devices. |: Filters command output by specifying a regular expression. For more information about regular expressions, see the Fundamentals Configuration Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression.
regular-expression: Specifies a regular expression, which is a case-sensitive string of 1 to 256

characters.

Description
Use the display device manuinfo power command to display the electrical label information of the specified PSU. NOTE: Support for this command depends on the device model.

Examples
# Display the electrical label information of PSU 2. (On a centralized device or a distributed device) (The output of this command varies with devices)
<Sysname> display device manuinfo power 2 Power unit 2: DEVICE_NAME MAC_ADDRESS MANUFACTURING_DATE : power : NONE : 2010-01-20

DEVICE_SERIAL_NUMBER : 210235A36L1234567890

May 9, 2011

Page 89 of 167

Hangzhou H3C Technologies Co., Ltd.


VENDOR_NAME : H3C

H3C S5800_5820X-CMW520-R1211 Release Notes

# Display the electrical label information of PSU 2 on IRF member device 1. (On a centralized IRF member device) (The output of this command varies with devices)
<Sysname> display device manuinfo slot 1 power 2 Slot 1: Power unit 2: DEVICE_NAME MAC_ADDRESS MANUFACTURING_DATE VENDOR_NAME : power : NONE : 2010-01-20 : H3C

DEVICE_SERIAL_NUMBER : 210235A36L1234567890

# Display the electrical label information of PSU 2 on IRF member device 1. (On a distributed IRF member device) (The output of this command varies with devices)
<Sysname> display device manuinfo chassis 1 power 2 Chassis 1: Power unit 2: DEVICE_NAME DEVICE_SERIAL_NUMBER MAC_ADDRESS MANUFACTURING_DATE VENDOR_NAME : power2 : 210235A36L1234567891 : NONE : 2010-01-20 : H3C

oam loopback interface


Syntax
oam loopback interface interface-type interface-number undo oam loopback interface interface-type interface-number

View
User view, system view

Default level
1: Monitor level

Parameters
interface-type interface-number: Specifies a port by its type and number.

Description
Use the oam loopback command to enable Ethernet OAM remote loopback on an Ethernet port. Use the undo oam loopback command to disable Ethernet OAM remote loopback on an Ethernet port. By default, Ethernet OAM remote loopback is disabled on an Ethernet port. Ethernet OAM remote loopback is available only after the Ethernet OAM connection is established and can be performed only by the Ethernet OAM entities operating in active Ethernet OAM mode. Related commands: oam enable, oam loopback, and oam mode.
May 9, 2011 Page 90 of 167

Hangzhou H3C Technologies Co., Ltd.

H3C S5800_5820X-CMW520-R1211 Release Notes

Examples
# Configure the active Ethernet OAM mode and enable Ethernet OAM on Ethernet 1/1, and then enable Ethernet OAM remote loopback on Ethernet 1/1 in system view.
<Sysname> system-view [Sysname] interface ethernet 1/1 [Sysname-Ethernet1/1] oam mode active [Sysname-Ethernet1/1] oam enable [Sysname-Ethernet1/1] quit [Sysname]oam loopback interface ethernet 1/1

fan prefer-direction
Syntax
On a centralized device: fan prefer-direction { power-to-port | port-to-power } undo fan prefer-direction On a distributed device/centralized IRF member device: fan prefer-direction slot slot-number { power-to-port | port-to-power } undo fan prefer-direction slot slot-number On a distributed IRF member device: fan prefer-direction chassis chassis-number { power-to-port | port-to-power } undo fan prefer-direction chassis chassis-number

View
System view

Default level
2: System level

Parameters
slot slot-number: Verifies the fan ventilation direction of the specified card. The slot-number argument represents the number of the slot of a card. (On a distributed device) slot slot-number: Verifies the fan ventilation direction of the specified member device. The slot-number argument is the ID of a member device of the current IRF virtual device. (On a centralized IRF member device) chassis chassis-number: Verifies the fan ventilation direction of the specified IRF member device. The chassis-number argument is the ID of a member device of the current IRF virtual device. (On a distributed IRF member device) power-to-port: Verifies that the fan ventilation direction is from the PSU side to the port side. port-to-power: Verifies that the fan ventilation direction is from the port side to the PSU side.

Description
Use the fan prefer-direction command to verify the fan ventilation direction. Use the undo fan prefer-direction command to restore the default.
May 9, 2011 Page 91 of 167

Hangzhou H3C Technologies Co., Ltd.

H3C S5800_5820X-CMW520-R1211 Release Notes

The default fan ventilation direction depends on your fan model. A product series has a default air ventilation direction that cannot be modified at the CLI. If the ventilation direction of the fan tray is not consistent with the system, the system regards that the fan tray is wrong, and repeatedly outputs traps and logs. In this case, if the fan tray has the same ventilation direction as the air ventilation system in the equipment room, you can use this command to verify the ventilation direction of the fan tray so that the system stops outputting traps and logs. NOTE: Support for this command depends on the device model.

Examples
# Verfify the fan ventilation direction as port-to-power.
<Sysname> system-view [Sysname] fan prefer-direction port-to-power

pim bfd enable


Syntax
pim bfd enable undo pim bfd enable

View
Interface view

Default level
2: System level

Parameters
None

Description
Use the pim bfd enable command to enable PIM to work with Bidirectional Forwarding Detection (BFD). Use the undo pim bfd enable command to disable this feature. By default, this feature is disabled. You must enable PIM-DM or PIM-SM on an interface before you configure this feature on the interface. Otherwise, this feature is not effective. Related commands: pim dm and pim sm.

Examples
# Enable IP multicast routing in the public network, enable PIM-SM on interface VLAN-interface 100, and enable PIM to work with BFD on the interface.
<Sysname> system-view [Sysname] multicast routing-enable [Sysname] interface vlan-interface 100 [Sysname-Vlan-interface100] pim sm [Sysname-Vlan-interface100] pim bfd enable

May 9, 2011

Page 92 of 167

Hangzhou H3C Technologies Co., Ltd.

H3C S5800_5820X-CMW520-R1211 Release Notes

pim ipv6 bfd enable


Syntax
pim ipv6 bfd enable undo pim ipv6 bfd enable

View
Interface view

Default level
2: System level

Parameters
None

Description
Use the pim ipv6 bfd enable command to enable IPv6 PIM to work with Bidirectional Forwarding Detection (BFD). Use the undo pim ipv6 bfd enable command to disable this feature. By default, this feature is disabled. You must enable IPv6 PIM-DM or IPv6 PIM-SM on an interface before you configure this feature on the interface. Otherwise, this feature is not effective. Related commands: pim ipv6 dm and pim ipv6 sm.

Examples
# Enable IPv6 multicast routing in the public network, enable IPv6 PIM-SM on interface VLAN-interface 100, and enable IPv6 PIM to work with BFD on the interface.
<Sysname> system-view [Sysname] multicast ipv6 routing-enable [Sysname] interface vlan-interface 100 [Sysname-Vlan-interface100] pim ipv6 sm [Sysname-Vlan-interface100] pim ipv6 bfd enable

ospfv3 bfd enable


Syntax
ospfv3 bfd enable [ instance instance-id ] undo ospfv3 bfd enable [ instance instance-id ]

View
Interface view

Default level
2: System level

Parameters
instance-id: Instance ID of the interface. It ranges from 0 to 255 and defaults to 0.
May 9, 2011 Page 93 of 167

Hangzhou H3C Technologies Co., Ltd.

H3C S5800_5820X-CMW520-R1211 Release Notes

Description
Use the ospfv3 bfd enable command to enable BFD for link failure detection on an OSPFv3 interface. Use the undo ospfv3 bfd enable command to disable BFD on the OSPFv3 interface. By default, the OSPFv3 interface is not enabled with BFD.

Examples
# Enable BFD on VLAN-interface 11 in instance 1.
<Sysname> system-view [Sysname] interface vlan-interface 11 [Sysname-Vlan-interface11] ospfv3 bfd enable instance 1

isis ipv6 bfd enable


Syntax
isis ipv6 bfd enable undo isis ipv6 bfd enable

View
Interface view

Default level
2: System level

Parameters
None

Description
Use the isis ipv6 bfd enable command to enable BFD on an IPv6 IS-IS interface for link failure detection. Use the undo isis ipv6 bfd enable command to disable BFD on an IPv6 IS-IS interface. By default, an IPv6 IS-IS interface is not enabled with BFD.

Examples
# Enable BFD for IPv6 IS-IS on VLAN-interface 11.
<Sysname> system-view [Sysname] interface vlan-interface 11 [Sysname-Vlan-interface11] isis ipv6 bfd enable

peer bfd (IPv6 address family view/IPv6 BGP-VPN instance view)


Syntax
peer ipv6-address bfd undo peer ipv6-address bfd
May 9, 2011 Page 94 of 167

Hangzhou H3C Technologies Co., Ltd.

H3C S5800_5820X-CMW520-R1211 Release Notes

View
IPv6 address family view, IPv6 BGP-VPN instance view

Default level
2: System level

Parameters
ipv6-address: IPv6 address of a peer.

Description
Use the peer bfd command to enable BFD over the link to a BGP peer. Use the undo peer bfd command to restore the default. By default, BFD is not enabled for any BGP peer. After a link failure occurs, BFD may detect the failure before the system performs GR, and as a result, GR will fail. Therefore, if GR capability is enabled for IPv6 BGP, use BFD with caution.

Examples
# Enable BFD over the link to BGP peer 100::1.
<Sysname> system-view [Sysname] bgp 100 [Sysname] ipv6-family [Sysname-bgp-af-ipv6] peer 100::1 bfd

ssl client-policy
Syntax
ssl client-policy policy-name undo ssl client-policy { policy-name | all }

View
System view

Default level
2: System level

Parameters
policy-name: SSL client policy name, a case-insensitive string of 1 to 16 characters, which cannot be a, al, or all.
all: Specifies all SSL client policies.

Description
Use the ssl client-policy command to create an SSL policy and enter its view. Use the undo ssl client-policy command to delete a specified SSL client policy or all SSL client policies. Related commands: display ssl client-policy.

May 9, 2011

Page 95 of 167

Hangzhou H3C Technologies Co., Ltd.

H3C S5800_5820X-CMW520-R1211 Release Notes

Examples
# Create SSL client policy policy1 and enter its view.
<Sysname> system-view [Sysname] ssl client-policy policy1 [Sysname-ssl-client-policy-policy1]

ip check source max-entries


Syntax
ip check source [ ipv6 ] max-entries number undo ip check source [ ipv6 ] max-entries

View
Layer 2 Ethernet port view

Default level
2: System level

Parameters
ipv6: Limits the number of IPv6 source guard binding entries. Without this keyword, this command limits the number of IPv4 source guard binding entries.

number: Maximum number of IP source guard entries allowed on a port. The value ranges from 0 to 2048.

Description
Use the ip check source max-entries command to limit the total number of static and dynamic IPv4 (or IPv6) source guard binding entries on a port. When the number of IPv4 (or IPv6) binding entries on a port reaches the maximum, the port does not allowed new IPv4 (or IPv6) binding entries any more. Use the undo ip check source max-entries command to restore the default. By default, the maximum number of IPv4/IPv6 source guard binding entries allowed on a port is 2048. If the maximum number of IPv4 (or IPv6) binding entries to be configured on a port is smaller than the number of existing IPv4 (or IPv6) binding entries on the port, the maximum number can be configured successfully and the existing entries will be not be affected. New IPv4 (or IPv6) binding entries, however, cannot be added more, unless the number of IPv4 (or IPv6) binding entries on the port drops below the configured maximum. The actual maximum number of binding entries that the switch can apply to a port depends on the ACL resource on the switch.

Examples
# Set the maximum number of IP source guard binding entries on port GigabitEthernet 1/0/1 to 100.
<Sysname> system-view [Sysname] interface gigabitethernet 1/0/1 [Sysname-GigabitEthernet1/0/1] ip check source max-entries 100

May 9, 2011

Page 96 of 167

Hangzhou H3C Technologies Co., Ltd.

H3C S5800_5820X-CMW520-R1211 Release Notes

preferred-path
Syntax
preferred-path number interface tunnel tunnel-number [ disable-fallback ] undo preferred-path number

View
Tunneling policy view

Default level
2: System view

Parameters
number: Number of the preferred tunnel, in the range 0 to 63. A smaller number means a higher priority.
interface tunnel tunnel-number: Specifies a tunnel interface for the preferred tunnel. tunnel-number represents the tunnel interface number, which ranges from 0 to 127. disable-fallback: With this keyword specified, the tunneling policy does not select other paths when this preferred tunnel is matched (the tunnels destination address and encapsulation type are both matched) but is unavailable.

Description
Use the preferred-path interface tunnel command to configure a preferred tunnel and specify a tunnel interface for it. Use the undo preferred-path command to remove a preferred tunnel. By default, no preferred tunnel exists. In a tunneling policy, you can configure up to 64 preferred tunnels. The tunnel interfaces specified for the preferred tunnels can have the same destination address and the tunnel encapsulation type must be MPLS TE.

Examples
# Tunnel interfaces Tunnel 0, Tunnel 2, and Tunnel 3 have the same destination address 1.1.1.1. Configure a tunneling policy po1 for the switch, so that the switch selects tunnels for traffic destined for 1.1.1.1 in this order: Tunnel 0, Tunnel 2, Tunnel 3. If all three tunnels are unavailable, tunnel selection is stopped and traffic destined for 1.1.1.1 can not be transmitted. For traffic going to other destinations, the device selects tunnels by type, and only one CR-LSP tunnel can be selected.
<Sysname> system-view [Sysname] tunnel-policy po1 [Sysname-tunnel-policy-po1] preferred-path 0 interface tunnel 0 [Sysname-tunnel-policy-po1] preferred-path 2 interface tunnel 2 [Sysname-tunnel-policy-po1] preferred-path 3 interface tunnel 3 disable-fallback [Sysname-tunnel-policy-po1] tunnel select-seq cr-lsp load-balance-number 1

May 9, 2011

Page 97 of 167

Hangzhou H3C Technologies Co., Ltd.

H3C S5800_5820X-CMW520-R1211 Release Notes

ip urpf
Syntax
ip urpf { loose | strict } undo ip urpf

View
System view, interface view

Default level
2: System level

Parameters
loose: Specifies loose URPF check. To pass loose URPF check, the source address of a packet must match the destination address of a forwarding information base (FIB) entry. strict: Specifies strict URPF check. To pass strict URPF check, the source address and receiving interface of a packet must match the destination address and output interface of a FIB entry.

Description
Use the ip urpf command to enable URPF check globally. Use the undo ip urpf command to disable URPF check. By default, URPF check is disabled. NOTE: The routing table size is decreased by half when URPF is enabled on the switch. To prevent loss of route entries and packets, you cannot enable URPF on the switch if the number of route entries the switch maintains exceeds half the routing table size.

Examples
# Enable strict URPF check globally.
<Sysname> system-view [Sysname] ip urpf strict

cwmp
Syntax
cwmp

View
System view

Default level
2: System level

Parameters
None
May 9, 2011 Page 98 of 167

Hangzhou H3C Technologies Co., Ltd.

H3C S5800_5820X-CMW520-R1211 Release Notes

Description
Use the cwmp command to enter CWMP view.

Examples
# Enter CWMP view.
<Sysname> system-view [Sysname] cwmp

cwmp acs password


Syntax
cwmp acs password passowrd undo cwmp acs password

View
CWMP view

Default level
2: System level

Parameters
password: Password used for authentication when the CPE connects to the ACS, which is a case-sensitive string of 1 to 255 characters.

Description
Use the cwmp acs password command to configure the password used for connection to the ACS. Use the undo cwmp acs password command to restore the default. By default, no password is configured for connection to the ACS. If you use the command multiple times, the newly configured password overwrites the previous one. The execution of the undo cwmp acs username command equals the execution of both undo cwmp acs username and undo cwmp acs password commands, which means the system deletes both the CPE username and the password at the same time. Related commands: cwmp acs username.

Examples
# Configure the password used for connection to the ACS as newpsw.
<Sysname> system [Sysname] cwmp [Sysname-cwmp] cwmp acs password newpsw

cwmp acs url


Syntax
cwmp acs url url undo cwmp acs url
May 9, 2011 Page 99 of 167

Hangzhou H3C Technologies Co., Ltd.

H3C S5800_5820X-CMW520-R1211 Release Notes

View
CWMP view

Default level
2: System level

Parameters
url: URL of the ACS, which is a string of 8 to 255 characters. An URL must be in the format of http://host[:port]/path.

Description
Use the cwmp acs url command to configure the ACS URL. Use the undo cwmp acs url command to restore the default. By default, no ACS URL is configured. If you use the command for multiple times, the newly configured URL overwrites the previous one.

Examples
Configure the ACS URL as http://www.acs.com:80/acs.
<Sysname> system [Sysname] cwmp [Sysname-cwmp] cwmp acs url http://www.acs.com:80/acs

cwmp acs username


Syntax
cwmp acs username username undo cwmp acs username

View
CWMP view

Default level
2: System level

Parameters
username: Username used for authentication when the CPE connects to the ACS, which is a case-sensitive string of 1 to 255 characters.

Description
Use the cwmp acs username command to configure the username used for connection to the ACS. Use the undo cwmp acs username command to restore the default. By default, no username is configured for connection to the ACS. If you use the command multiple times, the newly configured username overwrites the previous one.

May 9, 2011

Page 100 of 167

Hangzhou H3C Technologies Co., Ltd.

H3C S5800_5820X-CMW520-R1211 Release Notes

The execution of the undo cwmp acs username command equals the execution of both undo cwmp acs username and undo cwmp acs password commands, which means the system deletes both the CPE username and the password at the same time. Related commands: cwmp acs password.

Examples
# Configure the username used for connection to the ACS as newname.
<Sysname> system [Sysname] cwmp [Sysname-cwmp] cwmp acs username newname

cwmp cpe connect retry


Syntax
cwmp cpe connect retry times undo cwmp cpe connect retry

View
CWMP view

Default level
2: System level

Parameters
times: Number of attempts that will be made to retry a connection, which ranges from 0 to 100. 0 indicates that no attempt will be made to retry a connection.

Description
Use the cwmp cpe connect retry command to configure the maximum number of attempts the CPE can make to retry a connection. Use the undo cwmp cpe connect retry command to restore the default. By default, the retry times is infinity, that is, a CPE sends connect requests to the ACS at a specified interval all along.

Examples
# Configure that the CPE can retry a connection for up to 5 times.
<Sysname> system [Sysname] cwmp [Sysname-cwmp] cwmp cpe connect retry 5

cwmp cpe connect interface


Syntax
cwmp cpe connect interface interface-type interface-number undo cwmp cpe connect interface

View
CWMP view
May 9, 2011 Page 101 of 167

Hangzhou H3C Technologies Co., Ltd.

H3C S5800_5820X-CMW520-R1211 Release Notes

Default level
2: System level

Parameters
interface-type interface-number: Type and number of the interface that connects a CPE to the ACS.

Description
Use the cwmp cpe connect interface command to set the interface connecting to the ACS on the CPE. Use the undo cwmp cpe connect interface command to restore the default. By default, the interface that connects the CPE to the ACS is VLAN-interface 1.

Examples
# Set the interface connecting to the ACS on the CPE to VLAN-interface 1.
<Sysname> system [Sysname] cwmp [Sysname-cwmp] cwmp cpe connect interface Vlan-interface 1

cwmp cpe inform interval


Syntax
cwmp cpe inform interval seconds undo cwmp cpe inform interval

View
CWMP view

Default level
2: System level

Parameters
seconds: Interval between sending the Inform messages, which ranges from 60 to 65535 seconds.

Description
Use the cwmp cpe inform interval command to configure the interval at which the CPE sends an Inform message. Use the undo cwmp cpe inform interval command to restore the default. By default, the Inform message sending interval is 600 seconds.

Examples
# Configure the CPE to send an Inform message every 3600 seconds.
<Sysname> system [Sysname] cwmp [Sysname-cwmp] cwmp cpe inform interval 3600

May 9, 2011

Page 102 of 167

Hangzhou H3C Technologies Co., Ltd.

H3C S5800_5820X-CMW520-R1211 Release Notes

cwmp cpe inform interval enable


Syntax
cwmp cpe inform interval enable undo cwmp cpe inform interval enable

View
CWMP view

Default level
2: System level

Parameters
None

Description
Use the cwmp cpe inform interval enable command to enable periodical sending of Inform messages. Use the undo cwmp cpe inform interval enable command to restore the default. By default, periodical sending of Inform messages is disabled.

Examples
# Enable periodical sending of Inform messages.
<Sysname> system [Sysname] cwmp [Sysname-cwmp] cwmp cpe inform interval enable

cwmp cpe inform time


Syntax
cwmp cpe inform time time undo cwmp cpe inform time

View
CWMP view

Default level
2: System level

Parameters
time: Time at which the CPE sends an Inform message. The specified time must be in the format of yyyy-mm-ddThh:mm:ss, and in the range of 1970-01-01T00:00:00 to 2105-12-31T23:59:59. The specified time must be greater than the current system time.

Description
Use the cwmp cpe inform time command to configure the CPE to send an Inform message at a specified time. Use the undo cwmp cpe inform time command to restore the default.
May 9, 2011 Page 103 of 167

Hangzhou H3C Technologies Co., Ltd.

H3C S5800_5820X-CMW520-R1211 Release Notes

By default, the time is null, that is, the CPE is not configured to send an Inform message at a specific time.

Examples
# Configure the CPE to send an Inform message at 2007-12-01T20:00:00.
<Sysname> system [Sysname] cwmp [Sysname-cwmp] cwmp cpe inform time 2007-12-01T20:00:00

cwmp cpe password


Syntax
cwmp cpe password password undo cwmp cpe password

View
CWMP view

Default level
2: System level

Parameters
password: Password used for authentication when the ACS connects to the CPE, which is a case-sensitive string of 1 to 255 characters.

Description
Use the cwmp cpe password command to configure the password used for authentication when the ACS connects to the CPE. Use the undo cwmp cpe password command to restore the default. By default, no password is configured for connection to the CPE. If you use the command for multiple times, the newly configured password overwrites the previous one. The execution of the undo cwmp cpe username command equals the execution of both undo cwmp cpe username and undo cwmp cpe password commands, which means the system deletes both the CPE username and the password at the same time. Related commands: cwmp cpe username.

Examples
# Configure the password used for connection to the CPE as newpsw.
<Sysname> system [Sysname] cwmp [Sysname-cwmp] cwmp cpe password newpsw

cwmp cpe username


Syntax
cwmp cpe username username
May 9, 2011 Page 104 of 167

Hangzhou H3C Technologies Co., Ltd.

H3C S5800_5820X-CMW520-R1211 Release Notes

undo cwmp cpe username

View
CWMP view

Default level
2: System level

Parameters
username: Username used for authentication when the ACS connects to the CPE, which is a case-sensitive string of 1 to 255 characters.

Description
Use the cwmp cpe username command to configure the username used for authentication when the ACS connects to the CPE. Use the undo cwmp cpe username command to restore the default. By default, no username is configured for connection to the CPE. If you use the command for multiple times, the newly configured username overwrites the previous ones. The execution of the undo cwmp cpe username command equals the execution of both undo cwmp cpe username and undo cwmp cpe password commands, which means the system deletes both the CPE username and the password at the same time. Related commands: cwmp cpe password.

Examples
# Configure the username used for connection to the CPE as newname.
<Sysname> system [Sysname] cwmp [Sysname-cwmp] cwmp cpe username newname

cwmp cpe wait timeout


Syntax
cwmp cpe wait timeout seconds undo cwmp cpe wait timeout

View
CWMP view

Default level
2: System level

Parameters
seconds: Timeout value of the CPE close-wait timer, which ranges from 30 to 1800 seconds.

Description
Use the cwmp cpe wait timeout command to configure the close-wait timer of the CPE. Use the undo cwmp cpe wait timeout command to restore the default.
May 9, 2011 Page 105 of 167

Hangzhou H3C Technologies Co., Ltd.

H3C S5800_5820X-CMW520-R1211 Release Notes

By default, the timeout of the CPE close-wait timer is 30 seconds.

Examples
# Configure the CPE close-wait timeout as 60 seconds.
<Sysname> system [Sysname] cwmp [Sysname-cwmp] cwmp cpe wait timeout 60

cwmp enable
Syntax
cwmp enable undo cwmp enable

View
CWMP view

Default level
2: System level

Parameters
None

Description
Use the cwmp enable command to enable CWMP. Use the undo cwmp enable command to disable CWMP. By default, CWMP is enabled. CWMP cannot be disabled when it is performing upload or download operations.

Examples
# Disable CWMP when there is no upload or download operations.
<Sysname> system [Sysname] cwmp [Sysname-cwmp] undo cwmp enable

display cwmp configuration


Syntax
display cwmp configuration [ | { begin | exclude | include } regular-expression ]

View
Any view

Default level
2: System level

Parameters
|: Filters command output by specifying a regular expression. For more information about regular expressions, see the Fundamentals Configuration Guide.
May 9, 2011 Page 106 of 167

Hangzhou H3C Technologies Co., Ltd.

H3C S5800_5820X-CMW520-R1211 Release Notes

begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression.

regular-expression: Specifies a regular expression, which is a case sensitive string of 1 to 256 characters.

Description
Use the display cwmp configuration command to display the current configuration information of CWMP.

Examples
# CWMP is enabled. Display the configuration information of CWMP.
<Sysname> display cwmp configuration

TR-069 is enabled. ACS URL ACS username ACS password Inform enable status Inform interval Inform time Wait timeout Reconnection times Source IP interface :http://www.acs.com:80/acs :newname :newpsw3 :disabled :600s :none :30s :Unlimited :none

Table 19 Output description Field


TR-069 is ACS URL ACS username ACS password Inform enable status Inform interval Inform time Wait timeout Reconnection times

Description
The status of CWMP (TR-069), including enabled and disabled. URL of the ACS. It is displayed as null if not configured. Authentication username for connection to the ACS. It is displayed as null if not configured. Authentication password for connection to the ACS. It is displayed as null if not configured. Enabled/disabled status of periodical sending of Inform messages Interval between sending Inform messages Date and time at which an Inform message will be sent. It is displayed as null if not configured. Timeout value for the CPE to wait for a response Number of attempts the CPE can make to retry a connection Interface connecting to the ACS on the CPE. You can set this interface with the cwmp cpe connect interface command. Page 107 of 167

Source IP interface

May 9, 2011

Hangzhou H3C Technologies Co., Ltd.

H3C S5800_5820X-CMW520-R1211 Release Notes

display cwmp status


Syntax
display cwmp status [ | { begin | exclude | include } regular-expression ]

View
Any view

Default level
2: System level

Parameters
|: Filters command output by specifying a regular expression. For more information about regular expressions, see the Fundamentals Configuration Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays all lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression.

regular-expression: Specifies a regular expression, which is a case sensitive string of 1 to 256 characters.

Description
Use the display cwmp status command to display the current status information of CWMP.

Examples
# CWMP is disabled. Display the status information of CWMP.
<Sysname> display cwmp status TR-069 is disabled.

# CWMP is enabled. Display the status information of CWMP.


<Sysname> display cwmp status

TR-069 is enabled. ACS URL ACS information is set by ACS username ACS password Connection status Data transfer status Time of last successful connection Interval upon to next connection :http://www.acs.com:80/acs :user :newname :newpsw3 :disconnected :none :none :1096832s

Table 20 Output description Field


ACS URL

Description
URL of the ACS. It is displayed as null if not configured.

May 9, 2011

Page 108 of 167

Hangzhou H3C Technologies Co., Ltd.

H3C S5800_5820X-CMW520-R1211 Release Notes

Field

Description
The mode through which CWMP gets the ACS URL. It is displayed as null if ACS URL is not configured.

ACS information is set by

user: Indicates that the ACS URL is configured through CLI config file: Indicates that the ACS URL is configured through ACS DHCP: Indicates that the ACS URL is configured through DHCP

ACS username ACS password

Authentication username for connection to the ACS. It is displayed as null if not configured. Authentication password for connection to the ACS. It is displayed as null if not configured. Connection status, includes: connected: Indicates that the connection is established.

Connection status

disconnected: Indicates that the connection is not established. waiting response: Indicates that the device is waiting for a response. Data transfer status, includes: uploading: The device is uploading data. downloading: The device is downloading data. none: The device is not transferring data. Time at which the last successful connection was established. If there is no successful connection, it is displayed as none. Period of time after which the device will initiate a connection. If no interval or time is configured for Inform message sending, it is displayed as null.

Data transfer status

Time of last successful connection

Interval upon to next connection

Details of Changed CLI Commands in F1209P01


mac-address mac-roaming enable
Syntax
mac-address mac-roaming enable

View
System view

May 9, 2011

Page 109 of 167

Hangzhou H3C Technologies Co., Ltd.

H3C S5800_5820X-CMW520-R1211 Release Notes

Default level
2: System level

Parameters
None

Description
Use the mac-address mac-roaming enable command to make MAC-address roam to other slots in an IRF system. This command not configured by default.

Examples
# Open MAC roaming functions.
<Sysname> system-view [Sysname] mac-address mac-roaming enable

stp tc-snooping
Syntax
stp tc-snooping

View
System view

Default level
2: System level

Parameters
None

Description
Use the stp tc-snooping command to enable TC-snooping feature. Device can delete ARP item and MAC address when receive TCN packet at the condition STP disabled and TC-snooping enabled. This command not configured by default and used only STP disabled.

Examples
# Open TC-snooping functions.
<Sysname> system-view [Sysname] stp tc-snooping

Details of Changed CLI Commands in F1209


default
Syntax
default
May 9, 2011 Page 110 of 167

Hangzhou H3C Technologies Co., Ltd.

H3C S5800_5820X-CMW520-R1211 Release Notes

View
Interface view

Default level
2: System level

Parameters
None

Description
Use the default command to restore the default settings of an interface. This command may fail to restore some default settings of the interface because the conditions for restoring those settings are not satisfied. To view the execution result of the default command, use the display this command.

Examples
# Restore the default settings of the interface GigabitEthernet 1/0/1.
<Sysname> system-view [Sysname] interface gigabitethernet 1/0/1 [Sysname-GigabitEthernet1/0/1] default This command will restore the default settings. Continue? [Y/N]:y

ipv6 neighbor stale-aging


Syntax
ipv6 neighbor stale-aging aging-time undo ipv6 neighbor stale-aging

View
System view

Default level
2: System level

Parameters
aging-time: Age timer for ND entries, in the range of 1 to 24 hours.

Description
Use ipv6 neighbor stale-aging command to set the age timer of ND entries. Use the undo ipv6 neighbor stale-aging command to restore the default. By default, the age timer of ND entries is four hours.

Examples
# Set the age timer of ND entries to two hours.
<Sysname> system-view [Sysname] ipv6 neighbor stale-aging 2

May 9, 2011

Page 111 of 167

Hangzhou H3C Technologies Co., Ltd.

H3C S5800_5820X-CMW520-R1211 Release Notes

next-server
Syntax
next-server ip-address undo next-server

View
DHCP address pool view

Default level
2: System level

Parameters
ip-address: IP address of a server.

Description
Use the next-server command to specify the IP address of a server for DHCP clients. Use the undo next-server command to remove the servers address from the DHCP address pool. By default, no servers IP address is specified in the address pool on the DHCP server.

Examples
# Specify IP address 1.1.1.1 in DHCP address pool 0.
<Sysname> system-view [Sysname] dhcp server ip-pool 0 [Sysname-dhcp-pool-0] next-server 1.1.1.1

Details of Changed CLI Commands in F1208


ip route-static
Syntax
ip route-static dest-address { mask | mask-length } { next-hop-address [ bfd control-packet [ bfd-source ip-address ] | track track-entry-number ] | interface-type interface-number [ next-hop-address ] [ bfd { control-packet [ bfd-source ip-address ] | echo-packet } ] | vpn-instance d-vpn-instance-name next-hop-address [ track track-entry-number ] } [ preference preference-value ] [ tag tag-value ] [ permanent ] [ description description-text ] undo ip route-static dest-address { mask | mask-length } [ next-hop-address | interface-type interface-number [ next-hop-address ] | vpn-instance d-vpn-instance-name next-hop-address ] [ preference preference-value ] ip route-static vpn-instance s-vpn-instance-name&<1-6> dest-address { mask | mask-length } { next-hop-address [ bfd control-packet [ bfd-source ip-address ] | track track-entry-number ] [ public ] | interface-type interface-number [ next-hop-address ] [ bfd { control-packet [ bfd-source ip-address ] | echo-packet } ] | vpn-instance d-vpn-instance-name next-hop-address [ track track-entry-number ] } [ preference preference-value ] [ tag tag-value ] [ permanent ] [ description description-text ]
May 9, 2011 Page 112 of 167

Hangzhou H3C Technologies Co., Ltd.

H3C S5800_5820X-CMW520-R1211 Release Notes

undo ip route-static vpn-instance s-vpn-instance-name&<1-6> dest-address { mask | mask-length } [ next-hop-address [ public ] | interface-type interface-number [ next-hop-address ] | vpn-instance d-vpn-instance-name next-hop-address ] [ preference preference-value ]

View
System view

Default level
2: System level

Parameters
vpn-instance s-vpn-instance-name&<1-6>: Specifies a source MPLS L3VPN. s-vpn-instance-name is a case-sensitive string of 1 to 31 characters. &<1-6> indicates the argument before it can be entered up to 6 times. Each VPN has its own routing table, and the configured static route is installed in the routing tables of the specified VPNs. Support for this keyword and argument combination depends on the device model.

dest-address: Destination IP address of the static route, in dotted decimal notation. mask: Mask of the IP address, in dotted decimal notation. mask-length: Mask length, in the range 0 to 32. next-hop-address: IP address of the next hop, in dotted decimal notation. interface-type interface-number: Specifies the outbound interface by its type and number. If the outbound interface is a broadcast interface, such as an Ethernet interface, a virtual template or a VLAN interface, the next hop address must be specified.
vpn-instance d-vpn-instance-name: Specifies a destination MPLS L3VPN. d-vpn-instance-name is a case-sensitive string of 1 to 31 characters. If a destination VPN is specified, the router will search the outbound interface in the destination VPN based on the configured next-hop-address.

next-hop-address public: Indicates that the specified next-hop-address is a public network address, rather than a VPN instance address.
preference preference-value : Specifies the preference of the static route, which is in the range of 1 to 255 and defaults to 60. tag tag-value: Sets a tag value for the static route from 1 to 4294967295. The default is 0. Tags of routes are used in routing policies to control routing. For more information about routing policies, see IP Routing Basics in the Layer 3 IP Routing Command Reference. permanent: Specifies the route as a permanent static route. If the outgoing interface is down, the permanent static route is still active. description description-text: Configures a description for the static route, which consists of 1 to 60 characters, including special characters like space, but excluding ?. bfd: Enable the BFD (bidirectional forwarding detection) function to detect reachability of the static routes next hop. Once the next hop is unreachable, the system will switch to a backup route. Support for this key word varies by device. control-packet: Implements BFD in the control packet mode. echo-packet: Implements BFD in the echo packet mode. bfd-source ip-address: Specifies the source address of BFD packets. H3C recommends you to configure loopback interface address.
May 9, 2011 Page 113 of 167

Hangzhou H3C Technologies Co., Ltd.

H3C S5800_5820X-CMW520-R1211 Release Notes

track track-entry-number: Associates the static route with a track entry. Use the track-entry-number argument to specify a track entry number, in the range 1 to 1024. Support for this argument varies with devices.

Description
Use the ip route-static command to configure a unicast static route. Use the undo ip route-static command to delete a unicast static route. When configuring a unicast static route, follow these guidelines:
1.

If the destination IP address and the mask are both 0.0.0.0 (or 0), the configured route is a default route. The default route will be used for forwarding a packet if no route is available for the packet in the routing table. You can implement different routing policies by tuning route preference. For example, to enable multiple routes to the same destination address to share load, assign the same preference for the routes; to enable them to back up one another, assign different preferences for them. You can specify the outbound interface or the next hop address of the static route as needed. The next hop address cannot be the IP address of a local interface; otherwise, the route configuration will not take effect. If the outbound interface supports network address-to-link layer address resolution or is a point-to-point interface, you may specify only the interface or the next hop address. If the outbound interface is a Null 0 interface, there is no need to configure the next hop address. If the outbound interface is a point-to-point interface, a PPP interface for example, you may specify only the outbound interface rather than the peer address or both the outbound interface and peer address. As only the outbound interface is specified, there is no need to change the configuration of the route even if the peer address is changed. If the outbound interface is an NBMA and P2MP interface, you are recommended to specify both the interface and the next hop address for the route. This is because such interfaces support point-to-multipoint networks; for them the router must establish IP address-to-link layer address mappings for successful packet delivery. H3C does not recommend to specify a broadcast interface (such as an Ethernet interface or a VLAN interface) as the outbound interface for a static route, because a broadcast interface may have multiple next hops. If you have to do so, you must specify the corresponding next hop of the interface at the same time. To implement BFD with the control-packet mode, the remote end must create a BFD session; otherwise the BFD function cannot work. To implement BFD with the echo-packet mode, the BFD function can work without the remote end needing to create any BFD session. To configure a static route and enable BFD control packet mode for it, specify an outbound interface and a direct next hopBFD establishes a direct session, or specify an indirect next hop and a specific BFD packet source addressBFD establishes an indirect sessionfor the static route.

2.

3.

May 9, 2011

Page 114 of 167

Hangzhou H3C Technologies Co., Ltd.

H3C S5800_5820X-CMW520-R1211 Release Notes

NOTE: Whether this command supports the VPN instance varies with devices. The static route does not take effect if you specify its next hop address first and then configure the address as the IP address of a local interface, such as an Ethernet interface and VLAN interface. If route oscillation occurs, enabling BFD may worsen it. Be cautious when using BFD. To configure track monitoring for an existing static route, simply associate the static route with a track entry. For a non-existent static route, configure it and associate it with a track entry. If the track module uses NQA to detect the reachability of the private network static route's nexthop, the VPN instance number of the static route's nexthop must be identical to that configured in the NQA test group. If a static route needs route recursion, the associated track entry must monitor the nexthop of the recursive route instead of that of the static route. Otherwise, a valid route may be mistakenly considered invalid. Do not specify the permanent keyword together with the bfd or track keyword.

Examples
# Configure a static route, whose destination address is 1.1.1.1/24, next hop address is 2.2.2.2, tag value is 45, and description information is for internet & intranet.
<Sysname> system-view [Sysname] ip route-static 1.1.1.1 24 2.2.2.2 tag 45 description for internet & intranet

# Configure a static route for a VPN instance named vpn1: the destination address is 1.1.1.1/16 and the next hop address is 1.1.1.2, which is the address of this VPN instance.
<Sysname> system-view [Sysname] ip route-static vpn-instance vpn1 1.1.1.1 16 vpn-instance vpn1 1.1.1.2

# Configure a static route: the destination address is 1.1.1.1/24, the outbound interface is Ethernet 1/1, and the next hop address is 2.2.2.2, and enable BFD with the echo packet mode.
<Sysname> system-view [Sysname] ip route-static 1.1.1.1 24 ethernet 1/1 2.2.2.2 bfd echo-packet

ip community-list
Syntax
ip community-list { basic-comm-list-num | basic comm-list-name } { deny | permit } [ community-number-list ] [ internet | no-advertise | no-export | no-export-subconfed ] * undo ip community-list { basic-comm-list-num | basic comm-list-name } [ deny | permit ] [ community-number-list ] [ internet | no-advertise | no-export | no-export-subconfed ] * ip community-list { adv-comm-list-num | advanced comm-list-name } { deny | permit }
regular-expression

undo ip community-list { adv-comm-list-num | advanced comm-list-name } [ deny | permit ] [ regular-expression ]

May 9, 2011

Page 115 of 167

Hangzhou H3C Technologies Co., Ltd.

H3C S5800_5820X-CMW520-R1211 Release Notes

View
System view

Default level
2: System level

Parameters
basic-comm-list-num: Basic community list number, in the range 1 to 99.
basic: Specifies a basic communist list name. advanced: Specifies an advanced communist list name.

comm-list-name: Community list name, a string of 1 to 31 characters, which can contain letters, numbers, and signs. adv-comm-list-num: Advanced community list number, in the range 100 to 199. regular-expression: Regular expression of advanced community attribute, a string of 1 to 50 characters. For more information about regular expressions, see CLI in the Fundamentals Configuration Guide.
deny: Specifies the match mode for the community list as deny. permit: Specifies the match mode for the community list as permit.

community-number-list: Community number list, which is in the community number or aa:nn format; a community number is in the range 1 to 4294967295; aa and nn are in the range 0 to 65535. Up to 16 community numbers can be entered.
internet: Routes with this attribute can be advertised to all BGP peers. By default, all routes have this attribute. no-advertise: Routes with this attribute cannot be advertised to other BGP peers. no-export: Routes with this attribute cannot be advertised out the local AS, or the confederation but can be advertised to other ASs in the confederation. no-export-subconfed: Routes with this attribute cannot be advertised out the local AS, or to other sub ASs in the confederation.

Description
Use the ip community-list to define a community list entry. Use the undo ip community-list command to remove a community list or entry. No community list is defined by default.

Examples
# Define basic community list 1 to permit routing information with the internet community attribute.
<Sysname> system-view [Sysname] ip community-list 1 permit internet

# Define advanced community list 100 to permit routing information with the community attribute starting with 10.
<Sysname> system-view [Sysname] ip community-list 100 permit ^10

May 9, 2011

Page 116 of 167

Hangzhou H3C Technologies Co., Ltd.

H3C S5800_5820X-CMW520-R1211 Release Notes

apply comm-list delete


Syntax
apply comm-list { comm-list-number | comm-list-name } delete undo apply comm-list

View
Routing policy view

Default level
2: System level

Parameters
comm-list-number: Community list number. A basic community list number ranges from 1 to 99. A advanced community list number ranges from 100 to 199. comm-list-name: Community list name, a string of 1 to 31 characters, which can contain letters, numbers, and signs.

Description
Use the apply comm-list delete command to remove the community attributes specified by the community list from BGP routing information. Use the undo apply comm-list command to remove the clause configuration. No community attributes are removed from BGP routing information by default.

Examples
# Configure node 10 in permit mode of routing policy policy1: remove the community attributes specified in community list 1 from the BGP routing information matching AS-PATH list 1.
<Sysname> system-view [Sysname] route-policy policy1 permit node 10 [Sysname-route-policy] if-match as-path 1 [Sysname-route-policy] apply comm-list 1 delete

mac-table limit
Syntax
mac-table limit mac-limit-number undo mac-table limit

View
VSI view

Default level
2: System level

Parameters
mac-limit-number: Maximum number of MAC addresses that the device can learn for the VPLS instance. The value range varies with device models.
May 9, 2011 Page 117 of 167

Hangzhou H3C Technologies Co., Ltd.

H3C S5800_5820X-CMW520-R1211 Release Notes

Description
Use the mac-table limit command to specify the maximum number of MAC addresses that the device can learn for the VPLS instance. Use the undo mac-table limit command to restore the default. The default maximum number of MAC addresses that the device can learn for a VPLS instance varies with device models. NOTE: Support for this command depends on the device model.

Examples
# Set the maximum number of MAC addresses that the device can learn for VPLS instance aaa to 1024.
<Sysname> system-view [Sysname] vsi aaa [Sysname-vsi-aaa] mac-table limit 1024

Details of Changed CLI Commands in F1207


dhcp-snooping rate-limit
Syntax
dhcp-snooping rate-limit rate undo dhcp-snooping rate-limit

View
Layer 2 Ethernet interface view, Layer 2 aggregate interface view

Default Level
2: System level

Parameters
rate: Maximum rate of DHCP packets, in the range of 64 to 512 Kbps.

Description
Use the dhcp-snooping rate-limit command to configure a DHCP packet rate on the interface.. Use the undo dhcp-snooping rate-limit command to restore the default. By default, DHCP packet rate limit is disabled.

Examples
# Set the maximum rate of DHCP packets on Layer 2 Ethernet interface GigabitEthernet 1/0/1 to 64 Kbps.
<Sysname> system-view [Sysname] interface GigabitEthernet 1/0/1

[Sysname-GigabitEthernet1/0/1] dhcp-snooping rate-limit 64

May 9, 2011

Page 118 of 167

Hangzhou H3C Technologies Co., Ltd.

H3C S5800_5820X-CMW520-R1211 Release Notes

default-route-advertise (OSPF view)


Syntax
default-route-advertise [ [ [ always | permit-calculate-other ] | cost cost | route-policy route-policy-name | type type ] * | summary cost cost ] undo default-route-advertise

View
OSPF view

Default level
2: System level

Parameters
always: Generates a default route in a Type-5 LSA into the OSPF routing domain regardless of whether a default route exists in the routing table. With this keyword specified, the router does not calculate default routes from other routers. permit-calculate-other: Generates a default route in a Type-5 LSA into the OSPF routing domain if an active default route that does not belong to the current OSPF process exists in the IP routing table. With this keyword specified, the router calculates default routes from other routers. NOTE: If neither the always nor permit-calculate-other keyword is specified, the router generates a default route in a Type-5 LSA into the OSPF routing domain only when an active default route that does not belong to the current OSPF process exists in the IP routing table, and the router does not calculate default routes from other routers. cost cost: Specifies a cost for the default route, in the range 0 to 16777214. If no cost is specified, the default cost specified by the default cost command applies.. route-policy route-policy-name: Specifies a routing policy name, a string of 1 to 63 case-sensitive characters. When a default route exists in the routing table and the specified routing policy is matched, the command distributes a default route in a Type-5 LSA into the OSPF routing domain, and the routing policy modifies some values in the Type-5 LSA. If the always keyword is specified at the same time, the command can distribute a default route in a Type-5 LSA into the OSPF routing domain when the specified routing policy is matched, regardless of whether a default route exists in the routing table, and the routing policy modifies some values in the Type-5 LSA. type type: Specifies a type for the Type-5 LSA: 1 or 2. If type is not specified, the default type for the Type-5 LSA specified by the default type command applies. summary: Advertises the Type-3 summary LSA of the specified default route.

Description
Use the default-route-advertise command to generate a default route into the OSPF routing domain. Use the undo default-route-advertise command to disable OSPF from distributing a default external route. By default, no default route is distributed.

May 9, 2011

Page 119 of 167

Hangzhou H3C Technologies Co., Ltd.

H3C S5800_5820X-CMW520-R1211 Release Notes

Using the import-route command cannot redistribute a default route. To do so, use the default-route-advertise command. If no default route exists in the router's routing table, use the default-route-advertise always command to generate a default route in a Type-5 LSA. The default-route-advertise summary cost command is applicable only to VPNs, and the default route is redistributed in a Type-3 LSA. The PE router advertises the redistributed default route to the CE router. Related commands: import-route and default.

Examples
# Configure the router to generate a default route in a Type-5 LSA into the OSPF routing domain if an active default route that does not belong to OSPF process 100 exists in the IP routing table, and to calculate default routes from other routers.
<Sysname> system-view [Sysname] ospf 100

[Sysname-ospf-100] default-route-advertise permit-calculate-other

qos car aggregative


Syntax
qos car car-name aggregative cir committed-information-rate [ cbs committed-burst-size [ ebs excess-burst-size ] ] [ pir peek-information-rate ] [ red action ] undo qos car car-name

View
System view

Default Level
2: System level

Parameters
car-name: Name of the aggregation CAR policy.
aggregative: Indicates that the global CAR policy is aggregative. cir committed-information-rate: Committed information rate (CIR) in kbps. The committed-information-rate argument ranges from 8 to 32000000 and must be a multiple of 8. cbs committed-burst-size: Committed burst size (CBS) in bytes. If you do not specify the cbs keyword, the CBS is 62.5 committed-information-rate by default and cannot not exceed 16000000. If you specify the cbs keyword, the CBS ranges from 512 to 16000000.

ebs excess-burst-size: Excess burst size (EBS) in bytes. The excess-burst-size argument ranges from 0 to 16000000 and defaults to 512. pir peak-information-rate: Peak information rate (PIR) in kbps. The peak-information-rate argument ranges from 8 to 32000000 and must be a multiple of 8. green action: Action to take on packets that conform to CIR. The default action is pass. yellow action: Action to take on packets that conform to PIR but do not conform to CIR. The default action is pass.
May 9, 2011 Page 120 of 167

Hangzhou H3C Technologies Co., Ltd.

H3C S5800_5820X-CMW520-R1211 Release Notes

red action: Action to take on packets that conforms to neither CIR nor PIR. The default action is discard.

action: Action to take on packets, which can be:


discard: Drops the packet. pass: Permits the packet to pass through. remark-dot1p-pass new-cos: Sets the CoS value of the 802.1p packet to new-cos and permits the packet to pass through. The new-cos argument is in the range of 0 to 7. remark-dscp-pass new-dscp: Sets the DSCP value of the packet to new-dscp and permits the packet to pass through. The new-dscp argument is in the range of 0 to 63.

Description
Use the qos car aggregative command to configure an aggregation CAR policy. Use the undo qos car command to remove an aggregation CAR policy. An aggregation CAR policy does not take effect until it is applied to an interface or referenced in a policy.

Examples
# Configure the aggregation CAR policy aggcar-1, where CIR is 256, CBS is 4096, and red packets are dropped.
<Sysname> system-view

[Sysname] qos car aggcar-1 aggregative cir 256 cbs 4096 red discard

Details of Changed CLI Commands in R1206


cfd ais enable
Syntax
cfd ais enable undo cfd ais enable

View
System view

Default Level
2: System level

Parameters
None

Description
Use the cfd ais enable command to enable AIS. Use the undo cfd ais enable command to disable AIS. By default, AIS is disabled.

Examples
# Enable AIS.
<Sysname> system-view

May 9, 2011

Page 121 of 167

Hangzhou H3C Technologies Co., Ltd.


[Sysname] cfd ais enable

H3C S5800_5820X-CMW520-R1211 Release Notes

cfd ais level


Syntax
cfd ais level level-value service-instance instance-id undo cfd ais level level-value service-instance instance-id

View
System view

Default Level
2: System level

Parameters
level level-value: Specifies the AIS frame transmission level, which ranges from 1 to 7. service-instance instance-id: Specifies a service instance by its ID, which ranges from 1 to 32767.

Description
Use the cfd ais level command to configure the AIS frame transmission level in the specified service instance. Use the undo cfd ais level command to restore the default. By default, no AIS frame transmission level is configured for a service instance. If no AIS frame transmission level is configured for a service instance, the MEPs in the service instance cannot send AIS frames. Regardless of the value of the level-value argument, the undo cfd ais level command restores the AIS frame transmission level to an invalid value.

Examples
# Configure the AIS frame transmission level as 3 in service instance 1.
<Sysname> system-view [Sysname] cfd ais level 3 service-instance 1

cfd ais period


Syntax
cfd ais period period-value service-instance instance-id undo cfd ais period period-value service-instance instance-id

View
System view

Default Level
2: System level

May 9, 2011

Page 122 of 167

Hangzhou H3C Technologies Co., Ltd.

H3C S5800_5820X-CMW520-R1211 Release Notes

Parameters
period period-value: Specifies the AIS frame transmission period, which ranges from 1 to 60 seconds. service-instance instance-id: Specifies a service instance by its ID, which ranges from 1 to 32767.

Description
Use the cfd ais period command to configure the AIS frame transmission period in the specified service instance. Use the undo cfd ais period command to restore the default. By default, the AIS frame transmission period is 1 second in all service instances. Regardless of the value of the period-value argument, the undo cfd ais period command restores the AIS frame transmission period to 1 second.

Examples
# Configure the AIS frame transmission period as 60 seconds in service instance 1.
<Sysname> system-view [Sysname] cfd ais period 60 service-instance 1

jumboframe enable
Syntax
jumboframe enable [ value ] undo jumboframe enable

View
Ethernet interface view, port group view

Default Level
2: System level

Parameters
value: Maximum length of Ethernet frames that are allowed to pass through, in the range of 1536 to 10000 bytes. If you set the value argument multiple times, the latest configuration takes effect.

Description
Use the jumboframe enable command to allow jumbo frames within the specified length to pass through an Ethernet interface or a group of Ethernet interfaces. The maximum jumbo frame length is specified by the value argument. If you do not specify the value argument, the maximum jumbo frame length is 10000 bytes.

Use the undo jumboframe enable command to prevent frames longer than 1536 bytes to pass through an Ethernet interface or a group of Ethernet interfaces. By default, the switch allows jumbo frames with the specified length to pass through all Ethernet ports. The default length of jumbo frames that are allowed to pass is 10000 bytes.

May 9, 2011

Page 123 of 167

Hangzhou H3C Technologies Co., Ltd.

H3C S5800_5820X-CMW520-R1211 Release Notes

Configuration of this command in Ethernet interface view applies only to the current Ethernet interface. Configuration of this command in port group view applies to the layer 2 Ethernet interface(s) in the port group.

Examples
# Enable the jumbo frames no longer than 10000 bytes to pass through GigabitEthernet 1/0/1.
<Sysname> system-view [Sysname] interface GigabitEthernet 1/0/1 [Sysname-GigabitEthernet1/0/1] jumboframe enable

reset packet-drop interface


Syntax
reset packet-drop interface [ interface-type [ interface-number ] ]

View
Any view

Default Level
2: System level

Parameters
interface-type: Specify an interface type, you can specify Gigabit interface or 10-Gigabit interface. interface-number: Specify an interface number.

Description
Use the reset packet-drop interface command to clear statistics of dropped packets on an interface or multiple interfaces. Sometimes when you want to collect the statistics of dropped packets on an interface, you need to clear the old statistics on the interface first. If you do not specify an interface type or interface number, this command clears statistics of dropped packets on all the interfaces on the device. If you specify an interface type only, this command clears statistics of dropped packets on the specified type of interfaces. If you specify both the interface type and interface number, this command clears statistics of dropped packets on the specified interface.

Examples
# Clear statistics of dropped packets on GigabitEthernet 1/0/1.
<Sysname> reset packet-drop interface GigabitEthernet 1/0/1

# Clear statistics of dropped packets on all interfaces.


<Sysname> reset packet-drop interface

May 9, 2011

Page 124 of 167

Hangzhou H3C Technologies Co., Ltd.

H3C S5800_5820X-CMW520-R1211 Release Notes

display packet-drop interface


Syntax
display packet-drop interface [ interface-type [ interface-number ] ] [ | { begin | exclude | include } regular-expression ]

View
Any view

Default Level
1: Monitor level

Parameters
interface-type: Specifies an interface type, you can specify Gigabit interface or 10-Gigabit interface. interface-number: Specifies an interface number.
|: Filters command output by specifying a regular expression. For more information about regular expressions, see CLI in the Fundamentals Configuration Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays the lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression.

regular-expression: Specifies a regular expression, which is a case sensitive string of 1 to 256 characters.

Description
Use the display packet-drop interface command to display information about packets dropped on an interface or multiple interfaces. If you do not specify an interface type or interface number, this command displays information about dropped packets on all the interfaces on the device. If you specify an interface type only, this command displays information about dropped packets on the specified type of interfaces. If you specify both the interface type and interface number, this command displays information about dropped packets on the specified interface.

Examples
# Display information about dropped packets on GigabitEthernet 1//01.
<Sysname> display packet-drop interface gigabitethernet 1/0/1 GigabitEthernet1/0/1: Packets dropped by GBP full or insufficient bandwidth: 301 Packets dropped by FFP: 261 Packets dropped by STP non-forwarding state: 321

Table 21 display packet-drop interface command output description Field


Packets dropped by GBP full or insufficient bandwidth May 9, 2011

Description
Packets that are dropped because the buffer is used up or the bandwidth is insufficient Page 125 of 167

Hangzhou H3C Technologies Co., Ltd.

H3C S5800_5820X-CMW520-R1211 Release Notes

Field
Packets dropped by FFP Packets dropped by STP non-forwarding state

Description
Packets that are filtered out Packets that are dropped because STP is in the non-forwarding state

display packet-drop summary


Syntax
display packet-drop summary [ | { begin | exclude | include } regular-expression ]

View
Any view

Default Level
1: Monitor level

Parameters
|: Filters command output by specifying a regular expression. For more information about regular expressions, see CLI in the Fundamentals Configuration Guide. begin: Displays the first line that matches the specified regular expression and all lines that follow. exclude: Displays the lines that do not match the specified regular expression. include: Displays all lines that match the specified regular expression.

regular-expression: Specifies a regular expression, which is a case sensitive string of 1 to 256 characters.

Description
Use the display packet-drop summary command to display the summary information about dropped packets on all interfaces.

Examples
# Display information about dropped packets on all interfaces.
<Sysname> display packet-drop summary All interfaces: Packets dropped by GBP full or insufficient bandwidth: 301 Packets dropped by FFP: 261 Packets dropped by STP non-forwarding state: 321

port link-mode
Syntax
port link-mode { bridge | route } undo port link-mode

View
Ethernet interface view
May 9, 2011 Page 126 of 167

Hangzhou H3C Technologies Co., Ltd.

H3C S5800_5820X-CMW520-R1211 Release Notes

Default Level
2: System level

Parameters
bridge: Specifies the Layer 2 mode. route: Specifies the Layer 3 mode.

Description
Use the port link-mode command to change the working mode of the Ethernet interface. Use the undo port link-mode command to restore the default. By default, the interfaces operate as Layer 2 Ethernet interfaces (in bridge mode). CAUTION: After you change the operating mode of an Ethernet interface, all the settings of the Ethernet interface are restored to their defaults under the new operating mode.

Examples
# Configure GigabitEthernet 1/0/1 to operate in Layer 2 mode.
<Sysname> system-view [Sysname] interface gigabitEthernet 1/0/1 [Sysname-GigabitEthernet1/0/1] display this # interface GigabitEthernet1/0/1 port link-mode route # Return

The preceding output shows that GigabitEthernet 1/0/1 operates in route mode.
[Sysname-GigabitEthernet1/0/1] port link-mode bridge [Sysname-GigabitEthernet1/0/1] display this # interface GigabitEthernet1/0/1 port link-mode bridge # Return

The output shows that GigabitEthernet 1/0/1 is now operating in bridge mode. NOTE: The display this command displays the configuration that takes effect in the current view.

ip icmp-extensions
Syntax
ip icmp-extensions { compliant | non-compliant } undo ip icmp-extensions

May 9, 2011

Page 127 of 167

Hangzhou H3C Technologies Co., Ltd.

H3C S5800_5820X-CMW520-R1211 Release Notes

View
System view

Default Level
2: System level

Parameters
compliant: Specifies the compliant mode. non-compliant: Specifies the non-compliant mode.

Description
Use the ip icmp-extensions command to enable support for ICMP extensions. Use the undo ip icmp-extensions command to disable support for ICMP extensions. By default, ICMP extensions are not supported.

Examples
# Enable support for ICMP extensions in compliant mode.
<Sysname> system-view [Sysname] ip icmp-extensions compliant

port isolate-user-vlan
Syntax
port isolate-user-vlan { host | promiscuous } undo port isolate-user-vlan

View
Layer 2 Ethernet interface view, Layer 2 aggregate interface view

Default Level
2: System level

Parameters
host: Configures the port as a downstream port. promiscuous: Configures the port as an upstream port.

Description
Use the port isolate-user-vlan command to configure the isolate-user-VLAN type of a port. Use the undo port isolate-user-vlan command to restore the default setting. By default, no isolate-user-VLAN type is configured for a port. Related commands: isolate-user-vlan.

Examples
# Configure the access port GigabitEthernet 1/0/1 as a downstream port.
<Sysname> system-view [Sysname] interface gigabitethernet 1/0/1 [Sysname-GigabitEthernet1/0/1] port isolate-user-vlan host

May 9, 2011

Page 128 of 167

Hangzhou H3C Technologies Co., Ltd.

H3C S5800_5820X-CMW520-R1211 Release Notes

# Configure the Layer 2 aggregate interface Bridge-Aggregation 1 as a hybrid port and then configure it as an upstream port.
<Sysname> system-view [Sysname] interface bridge-aggregation 1 [Sysname-Bridge-Aggregation1] port link-type hybrid [Sysname-Bridge-Aggregation1] port isolate-user-vlan promiscuous

reset dns host


Syntax
reset dns host [ ip | ipv6 | naptr | srv ]

View
User view

Default Level
2: System level

Parameters
ip: Clears the dynamic cache information of type A queries. A type A query resolves a domain name to the mapped IPv4 address. ipv6: Clears the dynamic cache information of type AAAA queries. A type AAAA query resolves a domain name to the mapped IPv6 address. naptr: Clears the dynamic cache information of NAPTR queries. A NAPTR query offers the replacement rule of a character string to convert the character string to a domain name. srv: Clears the dynamic cache information of SRV queries. An SRV query offers the domain name of a certain service site.

Description
Use the reset dns host command to clear information of the dynamic DNS cache. Without any keyword specified, the dynamic DNS cache information of all query types will be cleared. Related commands: display dns host.

Examples
# Clear the dynamic DNS cache information of all query types.
<Sysname> reset dns host

Details of Changed CLI Commands in R1110P05


display ftp client configuration
Syntax
display ftp client configuration
May 9, 2011 Page 129 of 167

Hangzhou H3C Technologies Co., Ltd.

H3C S5800_5820X-CMW520-R1211 Release Notes

View
Any view

Default Level
1: Monitor level

Parameters
None

Description
Use the display ftp client configuration command to display the configuration information of the FTP client. NOTE: Currently this command displays the configured source IP address or source interface of the FTP client. Related commands: ftp client source.

Examples
# Display the current configuration information of the FTP client.
<Sysname> display ftp client configuration The source IP address is 192.168.0.123

ftp client source


Syntax
ftp client source { interface interface-type interface-number | ip source-ip-address } undo ftp client source

View
System view

Default Level
2: System level

Parameters
interface interface-type interface-number: Source interface for the FTP connection, including interface type and interface number. The primary IP address configured on the source interface is the source IP address of the packets sent by FTP. If no primary IP address is configured on the source interface, the connection fails. ip source-ip-address: Source IP address of the FTP connection. It must be an IP address that has been configured on the device.

Description
Use the ftp client source command to configure the source address of the transmitted FTP packets from the FTP client. Use the undo ftp client source command to restore the default. By default, a device uses the IP address of the interface determined by the matched route as the source IP address to communicate with an FTP server.
May 9, 2011 Page 130 of 167

Hangzhou H3C Technologies Co., Ltd.

H3C S5800_5820X-CMW520-R1211 Release Notes

NOTE: The source address can be specified as the source interface and the source IP address. If you use the ftp client source command to specify the source interface and then the source IP address, the newly specified source IP address overwrites the configured source interface and vice versa. If the source address is specified with the ftp client source command and then with the ftp command, the source address specified with the latter one is used to communicate with the FTP server. The source address specified with the ftp client source command is valid for all FTP connections and the source address specified with the ftp command is valid only for the current FTP connection. Related commands: display ftp client configuration.

Examples
# Specify the source IP address of the FTP client as 2.2.2.2.
<Sysname> system-view [Sysname] ftp client source ip 2.2.2.2

# Specify the source interface of the FTP client as Vlan-interface1.


<Sysname> system-view [Sysname] ftp client source interface vlan-interface1

display tftp client configuration


Syntax
display tftp client configuration

View
Any view

Default Level
1: Monitor level

Parameters
None

Description
Use the display tftp client configuration command to display the configuration information of the TFTP client. Related commands: tftp client source.

Examples
# Display the current configuration information of the TFTP client.
<Sysname> display tftp client configuration The source IP address is 192.168.0.123

May 9, 2011

Page 131 of 167

Hangzhou H3C Technologies Co., Ltd.

H3C S5800_5820X-CMW520-R1211 Release Notes

NOTE: Currently this command displays the configured source IP address or source interface of the TFTP client.

tftp client source


Syntax
tftp client source { interface interface-type interface-number | ip source-ip-address } undo tftp client source

View
System view

Default Level
2: System level

Parameters
interface interface-type interface-number: Specifies the source interface by its type and number. The primary IP address configured on the source interface is the source IP address of the packets sent by TFTP. If no primary IP address is configured on the source interface, the transmission fails. ip source-ip-address: The source IP address of TFTP connections. It must be an IP address that has been configured on the device.

Description
Use the tftp client source command to configure the source address of the TFTP packets from the TFTP client. Use the undo telnet client source command to restore the default. By default, a device uses the IP address of the interface determined by the matched route as the source IP address to communicate with a TFTP server. NOTE: The source address can be specified as the source interface and the source IP; if you use the tftp client source command to specify the source interface and then the source IP, the newly specified source IP overwrites the configured source interface and vice versa. If the source address is specified with the tftp client source command and then with the tftp command, the source address specified with the latter one is used to communicate with the TFTP server. The source address specified with the tftp client source command is valid for all tftp connections and the source address specified with the tftp command is valid for the current tftp command. Related commands: display tftp client configuration.

Examples
# Specify the source IP address of the TFTP client as 2.2.2.2.
<Sysname> system-view [Sysname] tftp client source ip 2.2.2.2

May 9, 2011

Page 132 of 167

Hangzhou H3C Technologies Co., Ltd.

H3C S5800_5820X-CMW520-R1211 Release Notes

# Specify the source interface of the TFTP client as Vlan-interface1. <Sysname> system-view [Sysname] tftp client source interface vlan-interface 1

display telnet client configuration


Syntax
display telnet client configuration

View
Any view

Default Level
1: Monitor level

Parameter
None

Description
Use the display telnet client configuration command to display the source IP address or source interface configured for the current device.

Example
# Display the source IP address or source interface configured for the current device.
<Sysname> display telnet client configuration The source IP address is 1.1.1.1.

telnet client source


Syntax
telnet client source { ip ip-address | interface interface-type interface-number } undo telnet client source

View
System view

Default Level
2: System level

Parameters
None

Description
Use the telnet client source command to specify the source IP address or source interface for the Telnet packets to be sent. Use the undo telnet client source command to remove the source IP address or source interface configured for Telnet packets. By default, source IP address or source interface of the Telnet packets sent is not configured.
May 9, 2011 Page 133 of 167

Hangzhou H3C Technologies Co., Ltd.

H3C S5800_5820X-CMW520-R1211 Release Notes

Examples
# Specify the source IP address for Telnet packets.
<Sysname> system-view [Sysname] telnet client source ip 129.102.0.2 # Remove the source IP address configured for Telnet packets. [Sysname] undo telnet client source

primary accounting (RADIUS scheme view)


Syntax
primary accounting { ip-address [ port-number | key string | vpn-instance vpn-instance-name ] * | ipv6 ipv6-address [ port-number | key string ] * } undo primary accounting

View
RADIUS scheme view

Default Level
2: System level

Parameters
ip-address: IPv4 address of the primary accounting server.
ipv6 ipv6-address: IPv6 address of the primary accounting server.

port-number: UDP port number of the primary accounting server, which ranges from 1 to 65535 and defaults to 1813.
key string: Specifies the shared key for exchanging accounting packets with the primary RADIUS accounting server. A shared key is a case-sensitive string of 1 to 64 characters. vpn-instance vpn-instance-name: Name of the VPN instance of the primary RADIUS accounting server, a string of 1 to 31 case-sensitive characters.

Description
Use the primary accounting command to specify the primary RADIUS accounting server. Use the undo primary accounting command to remove the configuration. By default, no primary RADIUS accounting server is specified.

May 9, 2011

Page 134 of 167

Hangzhou H3C Technologies Co., Ltd.

H3C S5800_5820X-CMW520-R1211 Release Notes

NOTE: The IP addresses of the primary and secondary accounting servers cannot be the same. Otherwise, the configuration fails. The RADIUS service port configured on the device and that of the RADIUS server must be consistent. The shared key configured on the device for accounting packets and that configured on the RADIUS server must be consistent. The shared key configured in this command is used in preference. If the key string keyword and argument combination is not configured here, the shared key configured in the key accounting string command will be used. If the server to be specified resides on an MPLS VPN, you also need to specify that VPN with the primary accounting command to ensure normal communication with the server. The IP addresses of the primary and secondary accounting servers must be of the same IP version. The IP addresses of the accounting servers and those of the authentication/authorization servers must be of the same IP version. The VPN specified here takes precedence over the VPN specified for the RADIUS scheme. If you change the primary accounting server when the device is already sending a start-accounting request to the server, the communication with the original primary server will time out, and the device will look for a server in active state from scratch: the new primary server is evaluated at first and then the secondary servers according to their configuration order. If you remove an accounting server being used by online users, the device cannot send real-time accounting requests and stop-accounting requests any more for the users, and does not buffer the stop-accounting requests. Related commands: key, radius scheme, state, vpn-instance (RADIUS scheme view).

Examples
# Specify the IP address of the primary accounting server for RADIUS scheme radius1 as 10.110.1.2 and the UDP port of the server as 1813.
<Sysname> system-view [Sysname] radius scheme radius1 [Sysname-radius-radius1] primary accounting 10.110.1.2 1813

primary authentication (RADIUS scheme view)


Syntax
primary authentication { ip-address [ port-number | key string | vpn-instance vpn-instance-name ] * | ipv6 ipv6-address [ port-number | key string ] * } undo primary authentication

View
RADIUS scheme view

May 9, 2011

Page 135 of 167

Hangzhou H3C Technologies Co., Ltd.

H3C S5800_5820X-CMW520-R1211 Release Notes

Default Level
2: System level

Parameters
ip-address: IPv4 address of the primary authentication/authorization server.
ipv6 ipv6-address: IPv6 address of the primary authentication/authorization server.

port-number: UDP port number of the primary authentication/authorization server, which ranges from 1 to 65535 and defaults to 1812.
key string: Specifies the shared key for exchanging authentication and authorization packets with the primary RADIUS authentication/authorization server. A shared key is a case-sensitive string of 1 to 64 characters. vpn-instance vpn-instance-name: Name of the VPN instance of the primary RADIUS authentication/authorization server, a string of 1 to 31 case-sensitive characters.

Description
Use the primary authentication authentication/authorization server. command to specify the primary RADIUS

Use the undo primary authentication command to remove the configuration. By default, no primary RADIUS authentication/authorization server is specified. NOTE: After creating a RADIUS scheme, you are supposed to configure the IP address and UDP port of each RADIUS server (primary/secondary authentication/authorization or accounting server). Ensure that at least one authentication/authorization server and one accounting server are configured, and that the RADIUS service port settings on the device are consistent with the port settings on the RADIUS servers. The shared key configured on the device for authentication/authorization packets and that configured on the RADIUS server must be consistent. The shared key configured in this command is used in preference. If the key string keyword and argument combination is not configured here, the shared key configured in the key authentication string command will be used. If the server to be specified resides on an MPLS VPN, you also need to specify that VPN with the primary authentication command to ensure normal communication with the server. The IP addresses of the primary and secondary authentication/authorization servers cannot be the same. Otherwise, the configuration fails. The IP addresses of the primary and secondary authentication/authorization servers must be of the same IP version. The IP addresses of the authentication/authorization servers and those of the accounting servers must be of the same IP version. The VPN specified here takes precedence over the VPN specified for the RADIUS scheme. In an authentication process, if you remove the primary authentication server, the communication with the original primary server will time out, and the device will look for a server in active state from scratch: the new primary server is evaluated at first and then the secondary servers according to their configuration order.
May 9, 2011 Page 136 of 167

Hangzhou H3C Technologies Co., Ltd.

H3C S5800_5820X-CMW520-R1211 Release Notes

Related commands: key, radius scheme, state, vpn-instance (RADIUS scheme view).

Examples
# Specify the primary authentication/authorization server for RADIUS scheme radius1.
<Sysname> system-view [Sysname] radius scheme radius1 [Sysname-radius-radius1] primary authentication 10.110.1.1 1812

secondary accounting (RADIUS scheme view)


Syntax
secondary accounting { ipv4-address [ port-number | key string | vpn-instance vpn-instance-name ] * | ipv6 ipv6-address [ port-number | key string ] * } undo secondary accounting [ ipv4-address | ipv6 ipv6-address ]

View
RADIUS scheme view

Default Level
2: System level

Parameters
Ipv4-address: IPv4 address of the secondary accounting server, in dotted decimal notation. The default is 0.0.0.0.
ipv6 ipv6-address: IPv6 address of the secondary accounting server.

port-number: UDP port number of the secondary accounting server, which ranges from 1 to 65535 and defaults to 1813.
key string: Specifies the shared key for exchanging accounting packets with the secondary RADIUS accounting server. A shared key is a case-sensitive string of 1 to 64 characters. vpn-instance vpn-instance-name: Name of the VPN instance of the secondary RADIUS accounting server, a string of 1 to 31 case-sensitive characters.

Description
Use the secondary accounting command to specify secondary RADIUS accounting servers for a RADIUS scheme. Use the undo secondary accounting command to remove the configuration. By default, no secondary RADIUS accounting server is specified.

May 9, 2011

Page 137 of 167

Hangzhou H3C Technologies Co., Ltd.

H3C S5800_5820X-CMW520-R1211 Release Notes

NOTE: You can configure multiple secondary RADIUS accounting servers by executing this command repeatedly. After the configuration, if the primary server fails, the device looks for a secondary server in active state (a secondary RADIUS accounting server configured earlier has a higher priority) and tries to communicate with it. A RADIUS scheme supports up to 16 secondary RADIUS accounting servers. All accountings servers, primary or secondary, must use IP addresses of the same IP version. The IP addresses of the primary and secondary accounting servers must be different from each other. Otherwise, the configuration fails. The RADIUS service port configured on the device and that of the RADIUS server must be consistent. The shared keys configured on the device for accounting packets and that configured on the RADIUS server must be consistent. The shared key configured in this command is used in preference. If the key string keyword and argument combination is not configured here, the shared key configured in the key accounting string command will be used. If the server to be specified resides on an MPLS VPN, you also need to specify that VPN with the secondary accounting command to ensure normal communication with the server. The IP addresses of the accounting servers and those of the authentication/authorization servers must be of the same IP version. The VPN specified here takes precedence over the VPN specified for the RADIUS scheme. If you remove a secondary accounting server when the device is already sending a start-accounting request to the server, the communication with the secondary server will time out, and the device will look for a server in active state from scratch: the new primary server is evaluated at first and then the secondary servers according to their configuration order. If you remove an accounting server being used by online users, the device cannot send real-time accounting requests and stop-accounting requests any more for the users, and does not buffer the stop-accounting requests. Related commands: key, radius scheme, state, vpn-instance (RADIUS scheme view).

Examples
# Specify the secondary accounting server and UDP port number for RADIUS scheme radius1.
<Sysname> system-view [Sysname] radius scheme radius1 [Sysname-radius-radius1] secondary accounting 10.110.1.1 1813

# Specify two secondary accounting servers for RADIUS scheme radius2, with the server IP addresses of 10.110.1.1 and 10.110.1.2, and the UDP port number of 1813.
<Sysname> system-view [Sysname] radius scheme radius2 [Sysname-radius-radius2] secondary accounting 10.110.1.1 1813 [Sysname-radius-radius2] secondary accounting 10.110.1.2 1813

May 9, 2011

Page 138 of 167

Hangzhou H3C Technologies Co., Ltd.

H3C S5800_5820X-CMW520-R1211 Release Notes

secondary authentication (RADIUS scheme view)


Syntax
secondary authentication { ipv4-address [ port-number | key string | vpn-instance vpn-instance-name ] * | ipv6 ipv6-address [ port-number | key string ] * } undo secondary authentication [ ipv4-address | ipv6 ipv6-address ]

View
RADIUS scheme view

Default Level
2: System level

Parameters
Ipv4-address: IPv4 address of the secondary authentication/authorization server, in dotted decimal notation. The default is 0.0.0.0.
ipv6 ipv6-address: IPv6 address of the secondary authentication/authorization server.

port-number: UDP port number of the secondary authentication/authorization server, which ranges from 1 to 65535 and defaults to 1812.
key string: Specifies the shared key for exchanging authentication/authorization packets with the secondary RADIUS authentication/authorization server. A shared key is a case-sensitive string of 1 to 64 characters. vpn-instance vpn-instance-name: Name of the VPN instance of the secondary RADIUS authentication/authorization server, a string of 1 to 31 case-sensitive characters.

Description
Use the secondary authentication command to authentication/authorization servers for a RADIUS scheme. specify secondary RADIUS

Use the undo secondary authentication command to remove the configuration. By default, no secondary RADIUS authentication/authorization server is specified.

May 9, 2011

Page 139 of 167

Hangzhou H3C Technologies Co., Ltd.

H3C S5800_5820X-CMW520-R1211 Release Notes

NOTE: You can configure multiple secondary RADIUS authentication/authorization servers by executing this command repeatedly. After the configuration, if the primary server fails, the device looks for a secondary server in active state (a secondary RADIUS authentication/authorization server configured earlier has a higher priority) and tries to communicate with it. A RADIUS scheme supports up to 16 secondary RADIUS authentication/authorization servers. All authentication/authorization servers, primary or secondary, must use IP addresses of the same IP version. The IP addresses of the primary and secondary authentication/authorization servers must be different from each other. Otherwise, the configuration fails. The RADIUS service port configured on the device and that of the RADIUS server must be consistent. The shared keys configured on the device for authentication/authorization packets and that configured on the RADIUS server must be consistent. The shared key configured in this command is used in preference. If the key string keyword and argument combination is not configured here, the shared key configured in the key authentication string command will be used. If the server to be specified resides on an MPLS VPN, you also need to specify that VPN with the secondary authentication command to ensure normal communication with the server. The IP addresses of the authentication/authorization servers and those of the accounting servers must be of the same IP version. The VPN specified here takes precedence over the VPN specified for the RADIUS scheme. If you remove a secondary authentication server in use in the authentication process, the communication with the secondary server will time out, and the device will look for a server in active state from scratch: the new primary server is evaluated at first and then the secondary servers according to their configuration order. Related commands: key, radius scheme, state, vpn-instance (RADIUS scheme view).

Examples
# Specify the secondary authentication/authorization server for RADIUS scheme radius1.
<Sysname> system-view [Sysname] radius scheme radius1 [Sysname-radius-radius1] secondary authentication 10.110.1.2 1812

# Specify two secondary authentication/authorization servers for RADIUS scheme radius2, with the server IP addresses of 10.110.1.1 and 10.110.1.2, and the UDP port number of 1813.
<Sysname> system-view [Sysname] radius scheme radius2 [Sysname-radius-radius2] secondary authentication 10.110.1.1 1812 [Sysname-radius-radius2] secondary authentication 10.110.1.2 1812

May 9, 2011

Page 140 of 167

Hangzhou H3C Technologies Co., Ltd.

H3C S5800_5820X-CMW520-R1211 Release Notes

ignore-first-as
Syntax
ignore-first-as undo ignore-first-as

View
BGP view

Parameters
None

Description
Use the ignore-first-as command to configure BGP to ignore the first AS number of eBGP route updates. Use the undo ignore-first-as command to configure BGP to check the first AS number of eBGP route updates. By default, BGP checks the first AS number of a received eBGP route update. If the first AS number is not that of the BGP peer, the BGP router discards the route update.

Examples
# Configure BGP to ignore the first AS number of eBGP route updates.
<Sysname> system-view [Sysname] bgp 100 [Sysname-bgp] ignore-first-as

Details of Changed CLI Commands in R1109


irf domain
Syntax
irf domain domain-id undo irf domain

View
System view

Default Level
3: Manage level

Parameters
domain-id: ID of an IRF domain, in the range 0 to 4294967295

Description
Use the irf domain command to assign an ID for an IRF domain. Use the irf domain command to restore the default.
May 9, 2011 Page 141 of 167

Hangzhou H3C Technologies Co., Ltd.

H3C S5800_5820X-CMW520-R1211 Release Notes

You may deploy multiple IRFs in one network for various networking applications. IRF domain IDs are used to distinguish different IRFs.

Examples
# Set the ID of the IRF domain to 30.
<Sysname> system-view [Sysname] irf domain 30

bfd multi-hop destination-port


Syntax
bfd multi-hop destination-port port-number undo bfd multi-hop destination-port

View
System view

Default Level
2: System level

Parameters
port-number: Destination port number of multi-hop BFD control packets, 3784 or 4784.

Description
Use the bfd multi-hop destination-port command to configure the destination port number for multi-hop BFD control packets as 3784 or 4784. Use the undo bfd multi-hop destination-port command to restore the default. By default, the destination port number for multi-hop BFD control packets is 4784.

Examples
# Configure the destination port number for multi-hop BFD control packets as 3784.
<Sysname> system-view [Sysname] bfd multi-hop destination-port 3784

Details of Changed CLI Commands in R1108


reset version-update-record
Syntax
reset version-update-record

View
System view

Default Level
0: Visit level
May 9, 2011 Page 142 of 167

Hangzhou H3C Technologies Co., Ltd.

H3C S5800_5820X-CMW520-R1211 Release Notes

Parameters
None

Description
Use the reset version-update-record command to clear the records of updating the device software. Related commands: display version-update-record.

Examples
# Clear the records of updating the device software.
<Sysname> system-view [Sysname] reset version-update-record

display version-update-record
Syntax
display version-update-record

View
Any view

Default Level
0: Visit level

Parameters
None

Description
Use the display version-update-record command to display the version update records of the device software (Boot ROM file). When the device boots, the system records the version of the device software; if the software is updated when the device is running, the system records some brief information, including update time and software version. Currently, the system keeps 10 records at most. Related commands: reset version-update-record.

Examples
# Display the version update records of the device software.
<Sysname> display version-update-record No. Update time 1 2009-09-28 14:39:11 version 5.20 Release 1108

Table 22 display version-update-record command output description Field


No. version

Description
Serial number The updated version

May 9, 2011

Page 143 of 167

Hangzhou H3C Technologies Co., Ltd.

H3C S5800_5820X-CMW520-R1211 Release Notes

portal server server-detect


Syntax
portal server server-name server-detect method { http | portal-heartbeat } * action { log | permit-all | trap } * [ interval interval ] [ retry retries ] undo portal server server-name server-detect

View
System view

Default Level
2: System level

Parameters
server-name: Name of a portal server, a case-sensitive string of 1 to 32 characters. The specified portal server must have existed.
server-detect method { http | portal-heartbeat }: Specifies the portal server detection method. Two detection methods are available: http: HTTP probe. In this method, the access device periodically sends TCP connection requests to the HTTP service port of the portal servers enabled on its interfaces. If the TCP connection with a portal server can be established, the access device considers that the HTTP service of the portal server is open and the portal server is reachable, that is, the detection succeeds. If the TCP connection cannot be established, the access device considers that the detection fails, that is, the portal server is unreachable. If a portal server does not support the portal server heartbeat function, you can configure the device to use the HTTP probe method to detect the reachability of the portal server. portal-heartbeat: Portal heartbeat probe. In this method, portal servers periodically send portal heartbeat packets to the access. If the access device receives a portal heartbeat packet from a portal server within the specified interval, it considers that the detection succeeds and the portal server is reachable; otherwise, it considers that detection fails and the portal server is unreachable. This method is effective to only the portal servers that support the portal heartbeat function. Currently, only the portal server of iMC supports this function. To implement detection with this method, you also need to configure the portal server heartbeat function on the iMC portal server and make sure that the server heartbeat interval configured on the portal server is shorter than or equal to the probe interval configured on the device.

action { log | permit-all | trap }: Specifies the actions to be taken when the status of a portal server changes. Three actions are available: log: Specifies the action as sending a log message. When the status (reachable/unreachable) of a portal server changes, the access device sends a log message. The log message contains the portal server name and the current state and original state of the portal server. permit-all: Specifies the action as disabling portal authentication, that is, enabling portal escape. When the device detects that a portal server is unreachable, it disables portal authentication on the interface configured with the portal server, that is, it allows all portal users on this interface to access network resources. Then, if the access device receives the portal server heartbeat packets or authentication packets (such as login requests and logout requests), it re-enables the portal authentication function.
Page 144 of 167

May 9, 2011

Hangzhou H3C Technologies Co., Ltd.

H3C S5800_5820X-CMW520-R1211 Release Notes

trap: Specifies the action as sending a trap message. When the status (reachable/unreachable) of a portal server changes, the access device sends a trap message to the network management server (NMS). Trap message contains the portal server name and the current state of the portal server.

interval interval: Interval at which probe attempts are made. The interval argument ranges from 20 to 600 and defaults to 20, in seconds. retry retries: Maximum number of probe attempts. The retries argument ranges from 1 to 5 and defaults to 3. If the number of consecutive, failed probes reaches this value, the access device considers that the portal server is unreachable.

Description
Use the portal server server-detect command to configure portal server detection, including the detection method, action, probe interval, and maximum number of probe attempts. With this function configured, the device will checks the status of the specified server periodically and takes the specified actions when the server status changes. Use the undo portal server server-detect command to cancel the detection of the specified portal server. By default, the portal server detection function is not configured. NOTE: You can specify one or more detection methods and the actions to be taken. If both detection methods are specified, a portal server will be regarded as unreachable as long as one detection method fails, and an unreachable portal server will be regarded as recovered only when both detection methods succeed. If multiple actions are specified, the system will execute all the specified actions when the status of a portal server changes. Deleting a portal server on the device will delete the detection function for the portal server. If you configure the detection function for a portal server for multiple times, the last configuration will take effect. If you do not specify an optional parameter, the default setting of the parameter will be used. The portal server detection function takes effect on an interface only after you enable the portal service on the interface. Authentication-related packets from a portal server, such as logon requests and logoff requests, have the same effect as the portal heartbeat packets for the portal server detection function. Related command: display portal server.

Examples
# Configure detection of portal server pts, Specifying both the HTTP probe and portal heartbeat probe methods Setting the probe interval to 600 seconds Specifying the device to send a server unreachable trap message, send a log message and disable portal authentication to permit unauthenticated portal users, if two consecutive probes fail.

<Sysname> system-view

May 9, 2011

Page 145 of 167

Hangzhou H3C Technologies Co., Ltd.

H3C S5800_5820X-CMW520-R1211 Release Notes

[Sysname] portal server pts server-detect method http portal-heartbeat action log permit-all interval 600 retry 2

portal server user-sync


Syntax
portal server server-name user-sync [ interval interval ] [ retry retries ] undo portal server server-name user-sync

View
System view

Default Level
2: System level

Parameters
server-name: Name of a portal server, a case-sensitive string of 1 to 32 characters. The specified portal server must have existed.
user-sync: Enables the portal user synchronization function. interval interval: Interval at which the device checks the user synchronization packets. The interval argument ranges from 60 to 3600 and defaults to 300, in seconds. retry retries: Maximum number of failed checks allowed. The retries argument ranges from 1 to 5 and defaults to 4. If the access device finds that one of its users does not exist in the user synchronization packets from the portal server in N consecutive probe intervals (N = retries), it considers that the user does not exist on the portal server and logs the user off.

Description
Use the portal server user-sync command to configure portal user synchronization with a specified portal server. With this function configured, the device periodically checks and responds to the user synchronization packet received from the specified portal server, so as to keep the consistency of the online user information on the device and the portal server. Use the undo portal server user-sync command to cancel the portal user synchronization configuration with the specified portal server. By default, the portal user synchronization function is not configured.

May 9, 2011

Page 146 of 167

Hangzhou H3C Technologies Co., Ltd.

H3C S5800_5820X-CMW520-R1211 Release Notes

NOTE: The user synchronization function requires that a portal server supports the portal user heartbeat function (currently only the portal server of iMC supports portal user heartbeat). To implement the portal user synchronization function, you also need to configure the user heartbeat function on the portal server and the make sure that the user heartbeat interval configured on the portal server is shorter than or equal to the synchronization probe interval configured on the device. Deleting a portal server on the device will delete the portal user synchronization configuration with the portal server. If you configure the user synchronization function for a portal server for multiple times, the last configuration will take effect. If you do not specify an optional parameter, the default setting of the parameter will be used. For redundant user information on the device, that is, information of the users considered as nonexistent on the portal server, the device will delete the information during the (N+1)th probe interval, where N equals to the value of retries configured in the portal server user-sync command.

Examples
# Configure portal user synchronization with portal server pts, Setting the synchronization probe interval to 600 seconds Specifying the device to log off users if information of the users do not exist in the user synchronization packets sent from the server in two consecutive probe intervals.

<Sysname> system-view [Sysname] portal server pts user-sync interval 600 retry 2

arp resolving-route enable


Syntax
arp resolving-route enable undo arp resolving-route enable

View
System view

Default Level
2: System level

Parameters
None

Description
Use the arp resolving-route enable command to enable ARP black hole routing. Use the undo arp resolving-route enable command to disable the function. By default,the function is enabled.

Examples
# Enable ARP black hole routing.
<Sysname> system-view

May 9, 2011

Page 147 of 167

Hangzhou H3C Technologies Co., Ltd.

H3C S5800_5820X-CMW520-R1211 Release Notes

[Sysname] arp resolving-route enable

cut connection
Syntax
cut connection { access-type { dot1x | mac-authentication | portal } | all | domain isp-name | interface interface-type interface-number | ip ip-address | mac mac-address | ucibindex ucib-index | user-name user-name | vlan vlan-id } [ slot slot-number ]

View
System view

Default Level
2: System level

Parameters
access-type: Specifies user connections of an access mode. dot1x: Specifies 802.1x authentication user connections. mac-authentication: Specifies MAC authentication user connections. portal: Specifies portal authentication user connections.

all: Specifies all user connections. domain isp-name: Specifies all user connections of an ISP domain. The isp-name argument refers to the name of an existing ISP domain and is a string of 1 to 24 characters. interface interface-type interface-number: Specifies all user connections of an interface. ip ip-address: Specifies a user connection by IP address. mac mac-address: Specifies a user connection by MAC address. The MAC address must be in the format of H-H-H. ucibindex ucib-index: Specifies a user connection by connection index. The value ranges from 0 to 4294967295. user-name user-name: Specifies a user connection by username. The user-name argument is a case-sensitive string of 1 to 80 characters and must contain the domain name. If you enter a username without any domain name, the system assumes that the default domain name is used for the username. vlan vlan-id: Specifies all user connections in a VLAN. The VLAN ID ranges from 1 to 4094. slot slot-number: Specifies the member number of the device in the IRF, which you can display with the display irf command. The value range for the slot-number argument depends on the number of members and numbering conditions in the current IRF. If no IRF exists, the slot-number argument is the current device number.

Description
Use the cut connection command to tear down the specified connections forcibly. At present, this command applies to only LAN access and portal user connections. Related commands: display connection, service-type.

Examples
# Tear down all connections of ISP domain test.
May 9, 2011 Page 148 of 167

Hangzhou H3C Technologies Co., Ltd.


<Sysname> system-view

H3C S5800_5820X-CMW520-R1211 Release Notes

[Sysname] cut connection domain test

arp filter source


Syntax
arp filter source ip-address undo arp filter source ip-address

View
Layer 2 Ethernet interface view

Default Level
2: System level

Parameters
ip-address: IP address of a protected gateway.

Description
Use the arp filter source command to enable ARP gateway protection for a specified gateway. Use the undo arp filter source command to disable ARP gateway protection for a specified gateway. By default, ARP gateway protection is disabled. NOTE: You can enable ARP gateway protection for up to eight gateways on a port. Commands arp filter source and arp filter binding cannot be both configured on a port.

Examples
# Enable ARP gateway protection for the gateway with IP address 1.1.1.1.
<Sysname> system-view [Sysname] interface gigabitethernet 1/0/1 [Sysname-gigabitethernet1/0/1] arp filter source 1.1.1.1

arp filter binding


Syntax
arp filter binding ip-address mac-address undo arp filter binding ip-address

View
Layer 2 Ethernet interface view

Default Level
2: System level
May 9, 2011 Page 149 of 167

Hangzhou H3C Technologies Co., Ltd.

H3C S5800_5820X-CMW520-R1211 Release Notes

Parameters
ip-address: Permitted sender IP address. mac-address: Permitted sender MAC address.

Description
Use the arp filter binding command to configure an ARP filtering entry. If the sender IP and MAC addresses of an ARP packet match an ARP filtering entry, the ARP packet is permitted. If not, it is discarded. Use the undo arp binding command to remove an ARP filtering entry. By default, no ARP filtering entry is configured. NOTE: You can configure up to eight ARP filtering entries on a port. Commands arp filter source and arp filter binding cannot be both configured on a port.

Examples
# Configure an ARP filtering entry with permitted sender IP address 1.1.1.1 and MAC address 2-2-2.
<Sysname> system-view [Sysname] interface gigabitethernet 1/0/1 [Sysname-gigabitethernet1/0/1] arp filter binding 1.1.1.1 2-2-2

dot1x unicast-trigger
Syntax
dot1x unicast-trigger undo dot1x unicast-trigger

View
Ethernet interface view

Default Level
2: System level

Parameters
None

Description
Use the dot1x unicast-trigger command to enable the unicast trigger function of 802.1X on a port. Use the undo dot1x unicast-trigger command to disable this function. By default, the unicast trigger function is disabled. Related commands: display dot1x.

Examples
# Enable the unicast trigger function for GigabitEthernet 1/0/1.
May 9, 2011 Page 150 of 167

Hangzhou H3C Technologies Co., Ltd.


<Sysname> system-view

H3C S5800_5820X-CMW520-R1211 Release Notes

[Sysname] interface gigabitethernet 1/0/1 [Sysname-GigabitEthernet1/0/1] dot1x unicast-trigger

display counters rate


Syntax
display counters rate { inbound | outbound } interface [ interface-type ]

View
Any view

Default Level
1: Monitor level

Parameters
inbound: Displays the statistics on the rate of inbound packets. outbound: Displays the statistics on the rate of outbound packets.

interface-type: Interface type.

Description
Use the display counters rate command to display the statistics on the rate of the packets passing the interfaces that are in up state in the latest sampling interval. If you provide the interface-type argument, this command displays the statistics on the rate of the packets passing through all the interfaces that are in up state and are of the specified type. If you do not provide the argument, this command displays the statistics on the rate of the packets passing through all the interfaces that support this command.

NOTE: You can use the flow-interval command in Ethernet port view to set the sampling interval. The system default is five minutes. Related commands: flow-interval.

Examples
# Display the statistics on the rate of the inbound packets passing through all the GigabitEthernet ports.
<Sysname> display counters rate inbound interface gigabitethernet Interface GE1/0/1 Total(pkts/sec) 0 Broadcast(pkts/sec) -Multicast(pkts/sec) --

Overflow: more than 14 decimal digits. --: not supported.

Table 23 display counters rate command output description Field


Interface May 9, 2011

Description
Abbreviated interface name Page 151 of 167

Hangzhou H3C Technologies Co., Ltd.

H3C S5800_5820X-CMW520-R1211 Release Notes

Field
Total (pkts/sec)

Description
Average rate (in packets per second) of receiving/sending packets during the sampling interval. You can specify the direction of the packets using the inbound and outbound keyword. Average rate (packets per second) of receiving/sending broadcast packets during the sampling interval. You can specify the direction of the packets using the inbound and outbound keyword. Average rate (packets per second) of receiving/sending multicast packets during the sampling interval. You can specify the direction of the packets using the inbound and outbound keyword. Overflow means the value of the statistics item is larger than the maximum number a 14-digit decimal number can represent. The statistics item is not supported.

Broadcast (pkts/sec)

Multicast (pkts/sec) Overflow: more than 14 decimal digits. --: not supported.

Details of Changed CLI Commands in E1107


packet-filter
Syntax
packet-filter { acl-number | name acl-name } { inbound | outbound } undo packet-filter { acl-number | name acl-name } { inbound | outbound }

View
Ethernet interface view, VLAN interface view

Default Level
2: System level

Parameters
acl-number: Specifies the number of an ACL, which must be in the following ranges:
2000 to 2999 for basic IPv4 ACLs 3000 to 3999 for advanced IPv4 ACLs 4000 to 4999 for Ethernet frame header ACLs

name acl-name: Specifies the name of the ACL, which is a case insensitive string of 1 to 32 characters. It must start with an English letter and cannot be named all to avoid confusion. inbound: Specifies to filter the packets received by the interface. outbound: Specifies to filter the packets that are to be sent out of the interface.

Description
Use the packet-filter command to apply an ACL to an interface to filter IPv4 packets or Ethernet frames. Use the undo packet-filter command to restore the default. By default, an interface does not filter packets and Ethernet frames.

May 9, 2011

Page 152 of 167

Hangzhou H3C Technologies Co., Ltd.

H3C S5800_5820X-CMW520-R1211 Release Notes

Note that you can apply only one IPv4 ACL or one Ethernet frame header ACL on an interface. To modify the ACL configured on an interface, you need to remove the previous configuration first and then configure a new ACL.

Examples
# Apply basic IPv4 ACL 2001 to the inbound direction of interface GigabitEthernet 1/0/1.
<Sysname> system-view [Sysname] interface gigabitethernet 1/0/1 [Sysname-GigabitEtherhet1/0/1] ethernet-frame-filter 2001 inbound

# Apply advanced IPv4 ACL 3001 to the inbound direction of VLAN interface 10.
<Sysname> system-view [Sysname] interface Vlan-interface 10 [Sysname-Vlan-interface10] ethernet-frame-filter 3001 inbound

packet-filter ipv6
Syntax
packet-filter ipv6 { acl6-number | name acl6-name } { inbound | outbound } undo packet-filter ipv6 { inbound | outbound }

View
Interface view

Default Level
2: System level

Parameters
acl6-number: Specifies the number of a basic or advanced IPv6 ACL, which must be in the range of 2000 to 3999.
name acl6-name: Specifies the name of the basic or advanced IPv6 ACL, which is a case insensitive string of 1 to 32 characters. It must start with an English letter and cannot be named all to avoid confusion. inbound: Specifies to filter the IPv6 packets received by the interface outbound: Specifies to filter the IPv6 packets that are to be sent out of the interface

Description
Use the packet-filter ipv6 command to apply a basic or advanced IPv6 ACL to an interface to filter IPv6 packets. Use the undo packet-filter ipv6 command to restore the default. By default, an interface does not filter IPv6 packets. Note that you can apply only one IPv6 ACL on an interface. To modify the ACL configured on an interface, you need to remove the previous configuration first and then configure a new ACL.

Examples
# Apply basic IPv6 ACL 2500 to the outbound direction of interface GigabitEthernet 1/0/1.
<Sysname> system-view [Sysname] interface gigabitethernet 1/0/1

May 9, 2011

Page 153 of 167

Hangzhou H3C Technologies Co., Ltd.

H3C S5800_5820X-CMW520-R1211 Release Notes

[Sysname-GigabitEthernet1/0/1] packet-filter ipv6 2500 outbound

# Apply advanced IPv6 ACL 3000 to the outbound direction of interface VLAN interface 20
<Sysname> system-view [Sysname] interface Vlan-interface 20 [Sysname-Vlan-interface20] packet-filter ipv6 3000 outbound

rule (advanced IPv4 ACL view)


Syntax
rule [ rule-id ] { deny | permit } protocol [ { established | { ack ack-value | fin fin-value | psh psh-value | rst rst-value | syn syn-value | urg urg-value } * } | destination { dest-addr dest-wildcard | any } | destination-port operator port1 [ port2 ] | dscp dscp | fragment | icmp-type { icmp-type icmp-code | icmp-message } | logging | precedence precedence | reflective | source { sour-addr sour-wildcard | any } | source-port operator port1 [ port2 ] | time-range time-range-name | tos tos | vpn-instance vpn-instance-name ] * undo rule rule-id [ { established | { ack | fin | psh | rst | syn | urg } * } | destination | destination-port | dscp | fragment | icmp-type | logging | precedence | reflective | source | source-port | time-range | tos | vpn-instance ] *

View
Advanced IPv4 ACL view

Default Level
2: System level

Parameters
rule-id: Advanced IPv4 ACL rule number, in the range 0 to 65534.
deny: Drops matched packets. permit: Allows matched packets to pass.

protocol: Protocol carried by IP. It can be a number in the range 0 to 255, or in words, gre (47), icmp (1), igmp (2), ip, ipinip (4), ospf (89), tcp (6), or udp (17). Table 24 shows the parameters that can be specified after the protocol argument.
Table 24 Match criteria and other rule information for advanced IPv4 ACL rules Parameters Function Description
The sour-addr sour-wildcard argument combination specifies a source IP address in dotted decimal notation. A wildcard of zero indicates a host address. The any keyword indicates any source IP address. The dest-addr dest-wildcard argument combination specifies a destination IP address in dotted decimal notation. A wildcard of zero indicates a host address. The any keyword indicates any destination IP address.

source { sour-addr sour-wildcard | any }

Specifies a source address.

destination { dest-addr dest-wildcard | any }

Specifies a destination address.

May 9, 2011

Page 154 of 167

Hangzhou H3C Technologies Co., Ltd.

H3C S5800_5820X-CMW520-R1211 Release Notes

Parameters

Function
Specifies an IP precedence value.

Description
The precedence argument can be a number in the range 0 to 7, or in words, routine (0), priority (1), immediate (2), flash (3), flash-override (4), critical (5), internet (6), or network (7). The tos argument can be a number in the range 0 to 15, or in words, max-reliability (2), max-throughput (4), min-delay (8), min-monetary-cost (1), or normal (0). The dscp argument can be a number in the range 0 to 63, or in words, af11 (10), af12 (12), af13 (14), af21 (18), af22 (20), af23 (22), af31 (26), af32 (28), af33 (30), af41 (34), af42 (36), af43 (38), cs1 (8), cs2 (16), cs3 (24), cs4 (32), cs5 (40), cs6 (48), cs7 (56), default (0), or ef (46). This function requires that the module using the ACL support logging. A rule with the reflective keyword can be defined only for TCP, UDP, or ICMP packets and can only be a permit statement. The vpn-instance-name argument is a case-sensitive string of 1 to 31 characters. Without this combination, the rule applies to only non-VPN packets. Without this keyword, the rule applies to all fragments and non-fragments. The time-range-name argument is a case insensitive string of 1 to 32 characters. It must start with an English letter and cannot be named all to avoid confusion.

precedence precedence

tos tos

Specifies a ToS preference.

dscp dscp

Specifies a DSCP priority.

logging

Specifies to log matched packets. Specifies that the rule be reflective.

reflective

vpn-instance vpn-instance-name

Specifies a VPN instance. Indicates that the rule applies to only non-first fragments. Specifies the time range in which the rule takes effect.

fragment

time-range time-range-name

CAUTION: If you provide the precedence or tos keyword in addition to the dscp keyword, only the dscp keyword takes effect. Setting the protocol argument to tcp or udp, you may define the parameters shown in Table 25 . Table 25 TCP/UDP-specific parameters for advanced IPv4 ACL rules Parameters
source-port operator port1 [ port2 ]

Function
Specifies one or more UDP or TCP source ports.

Description
The operator argument can be lt (lower than), gt (greater than), eq (equal to), neq (not equal to), or range (inclusive range).

May 9, 2011

Page 155 of 167

Hangzhou H3C Technologies Co., Ltd.

H3C S5800_5820X-CMW520-R1211 Release Notes

Parameters

Function

Description
The port1 and port2 arguments are TCP or UDP port numbers in the range 0 to 65535. port2 is needed only when the operator argument is range. TCP port numbers can be represented in these words: chargen (19), bgp (179), cmd (514), daytime (13), discard (9), domain (53), echo (7), exec (512), finger (79), ftp (21), ftp-data (20), gopher (70), hostname (101), irc (194), klogin (543), kshell (544), login (513), lpd (515), nntp (119), pop2 (109), pop3 (110), smtp (25), sunrpc (111), tacacs (49), talk (517), telnet (23), time (37), uucp (540), whois (43), and www (80). UDP port numbers can be represented in these words: biff (512), bootpc (68), bootps (67), discard (9), dns (53), dnsix (90), echo (7), mobilip-ag (434), mobilip-mn (435), nameserver (42), netbios-dgm (138), netbios-ns (137), netbios-ssn (139), ntp (123), rip (520), snmp (161), snmptrap (162), sunrpc (111), syslog (514), tacacs-ds (65), talk (517), tftp (69), time (37), who (513), and xdmcp (177).

destination-port operator port1 [ port2 ]

Specifies one or more UDP or TCP destination ports.

{ ack ack-value | fin fin-value | psh psh-value | rst rst-value | syn syn-value | urg urg-value } * established

Parameters specific to TCP. Specifies one or more TCP flags Specifies the TCP flags ACK and RST The value for each argument can be 0 or 1. The TCP flags in one rule are ANDed. Parameter specific to TCP.

Setting the protocol argument to icmp, you may define the parameters shown in Table 26 . Table 26 ICMP-specific parameters for advanced IPv4 ACL rules Parameters Function Description
The icmp-type argument ranges from 0 to 255. icmp-type { icmp-type icmp-code | icmp-message } Specifies the ICMP message type and code. The icmp-code argument ranges from 0 to 255. The icmp-message argument specifies a message name. Supported ICMP message names and their corresponding type and code values are listed in Table 27 .

Table 27 ICMP message names supported in advanced IPv4 ACL rules ICMP message name
echo May 9, 2011

Type
8

Code
0 Page 156 of 167

Hangzhou H3C Technologies Co., Ltd.

H3C S5800_5820X-CMW520-R1211 Release Notes

ICMP message name


echo-reply fragmentneed-DFset host-redirect host-tos-redirect host-unreachable information-reply information-request net-redirect net-tos-redirect net-unreachable parameter-problem port-unreachable protocol-unreachable reassembly-timeout source-quench source-route-failed timestamp-reply timestamp-request ttl-exceeded

Type
0 3 5 5 3 16 15 5 5 3 12 3 3 11 4 3 14 13 11

Code
0 4 1 3 1 0 0 0 2 0 0 3 2 1 0 5 0 0 0

Description
Use the rule command to create an advanced IPv4 ACL rule or modify an existing advanced IPv4 ACL rule. Use the undo rule command to remove an advanced IPv4 ACL rule or remove some criteria from the rule. If you specify no optional keywords, the undo rule command removes the entire ACL rule; otherwise, the command removes only the specified criteria. Before performing the undo rule command, you may use the display acl command to view the ID of the rule. When defining ACL rules, you do not need to assign them IDs; the system can automatically assign rule IDs starting with 0 and increasing in certain rule numbering steps. A rule ID thus assigned is the smallest multiple of the step that is bigger than the current biggest number. For example, if the rule numbering step is 5 and the current highest rule ID is 28, the next rule will be numbered 30. You cannot create a rule with, or modify a rule to have, the same permit/deny statement as an existing rule in the ACL. You can only modify the existing rules of an ACL that uses the rule order of config. When modifying a rule of such an ACL, you may choose to change just some of the settings, in which case the other settings remain the same. When the ACL rule order is auto, a newly created rule will be inserted among the existing rules in the depth-first order. Note that the IDs of the rules still remain the same.
May 9, 2011 Page 157 of 167

Hangzhou H3C Technologies Co., Ltd.

H3C S5800_5820X-CMW520-R1211 Release Notes

If the ACL rule order is auto, rules are displayed in the depth-first order rather than by rule number. NOTE: For an advanced IPv4 ACL to be referenced by a QoS policy for traffic classification: The logging and reflective keywords are not supported. The operator cannot be neq if the ACL is for the inbound traffic. The operator cannot be gt, lt, neq, or range if the ACL is for the outbound traffic. Related commands: display acl.

Examples
# Define a rule to permit TCP packets with the destination port of 80 from 129.9.0.0 to 202.38.160.0.
<Sysname> system-view [Sysname] acl number 3101 [Sysname-acl-adv-3101] rule permit tcp source 202.38.160.0 0.0.0.255 destination-port eq 80 129.9.0.0 0.0.255.255 destination

mad bfd enable


Syntax
mad bfd enable undo mad bfd enable

View
VLAN interface view

Default Level
3: Manage level

Parameters
None

Description
Use the mad bfd enable command to enable BFD MAD detection. Use the undo mad bfd enable command to disable BFD MAD detection. By default, the BFD MAD detection is disabled. NOTE: BFD MAD detection links are dedicated, and you are not allowed to configure other services on BFD MAD detection link. A VLAN interface enabled with BFD MAC detection and the interfaces of this VLAN do not support any Layer 2 and Layer 3 protocol applications, including ARP and LACP. You cannot enable BFD MAD detection on VLAN-interface 1.

Examples
# Enable BFD MAD detection on VLAN-interface 3.
May 9, 2011 Page 158 of 167

Hangzhou H3C Technologies Co., Ltd.


<Sysname> system-view

H3C S5800_5820X-CMW520-R1211 Release Notes

[Sysname] interface vlan-interface 3 [Sysname-Vlan-interface3] mad bfd enable

mad enable
Syntax
mad enable undo mad enable

View
Aggregation interface view

Default Level
3: Manage level

Parameters
None

Description
Use the mad enable command to enable LACP MAD detection. Use the undo mad enable command to disable LACP MAD detection. By default, the LACP MAD detection is disabled. This command is only effective to a dynamic aggregation interface, so execute this command on a dynamic aggregation interface.

Examples
# Enable LACP MAD detection on Layer 2 dynamic aggregation interface 1.
<Sysname> system-view [Sysname] interface bridge-aggregation 1 [Sysname-Bridge-Aggregation1] mad enable

mad exclude interface


Syntax
mad exclude interface interface-type interface-number undo mad exclude interface interface-type interface-number

View
System view

Default Level
3: Manage level

Parameters
interface-type interface-number: Specifies port type and port number.

May 9, 2011

Page 159 of 167

Hangzhou H3C Technologies Co., Ltd.

H3C S5800_5820X-CMW520-R1211 Release Notes

Description
Use the mad exclude interface command to specify the reserved ports, that is, the ports that will not be disabled when the device is in the recovery state. Use the undo mad exclude interface command to restore the default. By default, no reserved port is specified, that is, all service ports will be disabled automatically when the device is in the recovery state. In an IRF, a link failure causes the IRF to split in to two or more devices with the global configuration, and if these devices operate on the network, network failure probably occurs. Therefore, the multi-active detection (MAD) mechanism is introduced to solve this problem: when an IRF splits, the MAD mechanism can detect the presence of multiple active IRFs: only one active device will be reserved, the other devices will enter the recovery state, and all service ports on the devices that are in the recovery state will be disabled. You can use this command to specify which ports on the devices in the recovery state should be reserved. You are recommended to disable all ports except for the port for telnetting and the port used for MAD detection. During the failure recovery, the devices in the recovery state will reboot and join the IRF again, the disabled ports will recover automatically. You can use the mad restore command to restore devices in the recovery state to the normal state and the disabled ports will recover automatically.

Examples
# Specify GigabitEthernet2/0/1 as the reserved port, that is, this port will not be disabled when the device is in the recovery state.
<Sysname> system-view [Sysname] mad exclude interface gigabitethernet 2/0/1

mad ip address
Syntax
mad ip address ip-address { mask | mask-length } member member-id undo mad ip address ip-address { mask | mask-length } member member-id

View
VLAN interface view

Default Level
3: Manage level

Parameters
ip-address: IP address of the port, in decimal dotted notation. mask: Subnet mask corresponding to the IP address of the port, in decimal dotted notation. mask-length: Length of the subnet mask, that is, the number of successive 1s in the mask. The value ranges from 0 to 32.
member member-id: Member ID of the device in the IRF. The value range depends on the current number of members and their member IDs in the IRF.

May 9, 2011

Page 160 of 167

Hangzhou H3C Technologies Co., Ltd.

H3C S5800_5820X-CMW520-R1211 Release Notes

Description
Use the mad ip address command to configure the MAD IP address for the specified member device. Use the undo mad ip address command to delete the configured MAD IP address. By default, no MAD IP address is configured for a VLAN interface. All member devices in an IRF need to be configured with their own MAD IP addresses, which are bound to member IDs and are on the same network segment. However, only the MAD IP address of the master is effective, and the MAD IP addresses on the slaves are not effective. When the IRF splits, the original salves become masters, the configured MAD IP addresses become effective, and the BFD session is activated. The device will consider that conflicted IRFs are detected. NOTE: Do not configure other services on a VLAN interface with BFD MAD enabled; otherwise, the MAD detection function will be affected. You must use the mad ip address command to configure the MAD IP address under the interface for BFD MAD detection, and cannot configure other IP addresses, including common IP address configured with the ip address command and VRRP virtual IP address; otherwise, the MAD detection function will be affected.

Examples
# Configure the MAD IP addresses for VLAN-interface 3 on member 1 and member 2.
<Sysname> system-view [Sysname] interface vlan-interface 3 [Sysname-Vlan-interface3] mad ip address 192.12.0.1 255.255.255.0 member 2 [Sysname-Vlan-interface3] mad ip address 192.12.0.2 255.255.255.0 member 3

mad restore
Syntax
mad restore

View
System view

Default Level
3: Manage level

Parameters
None

Description
Use the mad restore command to restore devices in the recovery state to the normal state. When the IRF link fails and multi-active collision occurs, the original IRF splits into multiple active IRFs. With the MAD detection enabled, the IRF system keeps the state of one IRF active (makes it operate normally), and changes the states of other IRFs to recovery (an IRF in recovery state cannot process service packets). If the active IRF fails and cannot
May 9, 2011 Page 161 of 167

Hangzhou H3C Technologies Co., Ltd.

H3C S5800_5820X-CMW520-R1211 Release Notes

operate normally, use this command to restore IRFs in the recovery state to the normal state.

Examples
# Restore IRFs in the recovery state to the normal state.
<Sysname> system-view [Sysname] mad restore This command will restore the device from multi-active conflict state. Continue? [Y/N]:Y Restoring from multi-active conflict state, please wait...

logfile save
Syntax
logfile save

View
Any view

Default Level
2: System level

Parameters
None

Description
Use the logfile save command to save all the contents in the logfile buffer into the log file. By default, the system automatically saves the log file based on a frequency configured by the info-center logfile frequency command into a directory configured by the info-center logfile switch-directory command. Note that all contents in the logfile buffer will be cleared after they are successfully saved into the log file automatically or manually.

Examples
# Save the contents in the logfile buffer into the log file.
<Sysname> logfile save

buffer apply
Syntax
buffer apply undo buffer apply

View
System view

Default Level
2: System level

May 9, 2011

Page 162 of 167

Hangzhou H3C Technologies Co., Ltd.

H3C S5800_5820X-CMW520-R1211 Release Notes

Parameters
None

Description
Use the buffer apply command to apply the configured data buffer settings. Use the undo buffer apply command to restore the default. Table 28 shows the default data buffer allocation schemes of the S5800 and the S5820X series switches. Table 28 Default data buffer allocation schemes of the S5800 and the S5820X series switches Shared resource size in percentage
69% 70% 62%

Hardware platform

Resource type
Cell resource Packet resource Cell resource

Minimum guaranteed resource size per queue in percentage


12% 12% 12%

Maximum shared resource size per queue in percentage


6% 6% 6%

Maximum shared resource size per port in percentage


33% 33% 33%

S5800 series switches S5820X series switches

NOTE: The S5820X series switches do not support the packet resource.

Examples
# Apply the data buffer settings.
<Sysname> system-view [Sysname] buffer apply

buffer egress queue guaranteed


Syntax
buffer egress [ slot slot-number ] { cell | packet } queue queue-id guaranteed ratio ratio undo buffer egress [ slot slot-number ] { cell | packet } queue queue-id guaranteed

View
System view

Default Level
2: System level

Parameters
slot slot-number: Specifies an IRF member device number. For a standalone device, the slot-number argument can only be 1. In an IRF, with slot-number specified, this command configures the buffer resource of the member device specified by slot-number; without slot-number specified, this command configures the buffer resource of the master device in the IRF.
May 9, 2011 Page 163 of 167

Hangzhou H3C Technologies Co., Ltd.

H3C S5800_5820X-CMW520-R1211 Release Notes

cell: Configures the minimum guaranteed resource size for a queue in the cell resource. packet: Configures the minimum guaranteed resource size for a queue in the packet resource. This keyword is not available on an S5820X series switch.

queue-id: Specifies the ID of the queue to be configured, in the range of 0 to 7. ratio: Sets the minimum guaranteed resource size for the specified queue as a percentage of the dedicated buffer per port in the range of 0 to 100.

Description
Use the buffer egress queue guaranteed command to configure the minimum guaranteed resource size for a queue in the cell resource or packet resource. Use the undo buffer egress queue guaranteed command to restore the default. By default, the minimum guaranteed resource size for a queue is 12% of the dedicated buffer of the port in both the cell resource and the packet resource. The minimum guaranteed resource settings of a queue take effect globally, that is, apply to the queue with the same number on each port. As the dedicated resource of a port is shared by eight queues, modifying the minimum guaranteed resource size for a queue can affect those of the other queues. The system will automatically allocate the remaining dedicated resource among all queues that are not manually assigned a minimum guaranteed resource space. For example, if you set the minimum guaranteed resource size to 30% for a queue, the other seven queues will each share 10% of the remaining dedicated resource of the port.

Examples
# Set 20% of the dedicated buffer per port as the minimum guaranteed resource for queue 0 in the cell resource.
<Sysname> system-view [Sysname] buffer egress cell queue 0 guaranteed ratio 20

# In an IRF, set 15% of the dedicated buffer per port as the minimum guaranteed resource for queue 0 in the cell resource on member device 2.
<Sysname> system-view [Sysname] buffer egress slot 2 cell queue 0 guaranteed ratio 15

buffer egress queue shared


Syntax
buffer egress [ slot slot-number ] { cell | packet } queue queue-id shared ratio ratio undo buffer egress [ slot slot-number ] { cell | packet } queue queue-id shared

View
System view

Default Level
2: System level

Parameters
slot slot-number: Specifies an IRF member device number. For a standalone device, the slot-number argument can only be 1. In an IRF, with slot-number specified, this command configures the buffer resource of the member device specified by slot-number; without
May 9, 2011 Page 164 of 167

Hangzhou H3C Technologies Co., Ltd.

H3C S5800_5820X-CMW520-R1211 Release Notes

slot-number specified, this command configures the buffer resource of the master device in the IRF.
cell: Configures the maximum shared resource size for a queue in the cell resource. packet: Configures the maximum shared resource size for a queue in the packet resource. This keyword is not available on an S5820X series switch.

queue-id: Specifies the ID of the queue to be configured, in the range of 0 to 7. ratio: Sets the maximum shared resource size for the specified queue as a percentage of the shared resource in the range of 0 to 100.

Description
Use the buffer egress queue shared command to configure the maximum shared resource size for a queue in the cell resource or packet resource. Use the undo buffer egress queue shared command to restore the default. By default, the maximum shared resource size for a queue is 6% of the shared resource in both the cell resource and the packet resource. NOTE: The maximum shared resource settings of a queue take effect globally, that is, apply to the queue with the same number on each port.

Examples
# Set the maximum shared resource size for queue 0 to 10% in the cell resource.
<Sysname> system-view [Sysname] buffer egress cell queue 0 shared ratio 10

# In an IRF, set the maximum shared resource size of queue 0 to 5% in the cell resource on member device 2.
<Sysname> system-view [Sysname] buffer egress slot 2 cell queue 0 shared ratio 5

buffer egress shared


Syntax
buffer egress [ slot slot-number ] { cell | packet } shared ratio ratio undo buffer egress [ slot slot-number ] { cell | packet } shared

View
System view

Default Level
2: System level

Parameters
slot slot-number: Specifies an IRF member device number. For a standalone device, the slot-number argument can only be 1. In an IRF, with slot-number specified, this command configures the buffer resource of the member device specified by slot-number; without slot-number specified, this command configures the buffer resource of the master device in the IRF.
May 9, 2011 Page 165 of 167

Hangzhou H3C Technologies Co., Ltd.

H3C S5800_5820X-CMW520-R1211 Release Notes

cell: Configures the maximum shared resource size per port in the cell resource. packet: Configures the maximum shared resource size per port in the packet resource. This keyword is not available on an S5820X switch.

ratio: Sets the maximum shared resource size per port as a percentage of the shared resource in the range of 0 to 100.

Description
Use the buffer egress shared command to configure the maximum shared resource size per port in the cell resource or packet resource. Use the undo buffer egress shared command to restore the default. By default, the maximum shared resource size per port is 33% of the shared resource in both the cell resource and the packet resource.

Examples
# Set the maximum shared resource size per port to 30% in the cell resource.
<Sysname> system-view [Sysname] buffer egress cell shared ratio 30

# In an IRF, set the maximum shared resource size per port to 40% in the cell resource on member device 2.
<Sysname> system-view [Sysname] buffer egress slot 2 cell shared ratio 40

buffer egress total-shared


Syntax
buffer egress [ slot slot-number ] { cell | packet } total-shared ratio ratio undo buffer egress [ slot slot-number ] { cell | packet } total-shared

View
System view

Default Level
2: System level

Parameters
slot slot-number: Specifies an IRF member device number. For a standalone device, the slot-number argument can only be 1. In an IRF, with slot-number specified, this command configures the buffer resource of the member device specified by slot-number; without slot-number specified, this command configures the buffer resource of the master device in the IRF. cell: Configures the shared resource size in the cell buffer. packet: Configures the shared resource size in the cell buffer. This keyword is not available on an S5820X series switch.

ratio: Sets the shared resource size as a percentage of the cell resource or packet resource in the range of 0 to 100.

May 9, 2011

Page 166 of 167

Hangzhou H3C Technologies Co., Ltd.

H3C S5800_5820X-CMW520-R1211 Release Notes

Description
Use the buffer egress total-shared command to configure the shared resource size in the cell resource or packet resource. Use the undo buffer egress total-shared command to restore the default. By default, on an S5800 series switch, 69% of the cell resource is the shared resource and 70% of the packet resource is the shared resource; on an S5820X series switch, 62% of the cell resource is the shared resource.

Examples
# Set 50% of the cell resource as the shared resource.
<Sysname> system-view [Sysname] buffer egress cell total-shared ratio 50

# In an IRF, set 65% of the cell resource as the shared resource on member device 2.
<Sysname> system-view [Sysname] buffer egress slot 2 cell total-shared ratio 65

Copyright 2011 Hangzhou H3C Technologies Co., Ltd. All rights reserved. No part of this manual may be reproduced or transmitted in any form or by any means without prior written consent of Hangzhou H3C Technologies Co., Ltd. The information in this document is subject to change without notice.

May 9, 2011

Page 167 of 167