Login
- Table of Contents
-
- 12-Security Command References
- 00-Preface
- 01-Security zone commands
- 02-AAA commands
- 03-802.1X commands
- 04-MAC authentication commands
- 05-Portal commands
- 06-Port security commands
- 07-User profile commands
- 08-Password control commands
- 09-Keychain commands
- 10-Public key management commands
- 11-PKI commands
- 12-IPsec commands
- 13-Group domain VPN commands
- 14-SSH commands
- 15-SSL commands
- 16-SSL VPN commands
- 17-ASPF commands
- 18-APR commands
- 19-mGRE commands
- 20-Session management commands
- 21-Connection limit commands
- 22-Object group commands
- 23-Object policy commands
- 24-Security policy commands
- 25-Attack detection and prevention commands
- 26-IP source guard commands
- 27-ARP attack protection commands
- 28-ND attack defense commands
- 29-uRPF commands
- 30-SAVA commands
- 31-Crypto engine commands
- 32-FIPS commands
- 33-MACsec commands
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 19-mGRE commands | 121.61 KB |
mGRE commands
The following compatibility matrixes show the support of hardware platforms for mGRE:
|
Hardware |
mGRE compatibility |
|
MSR610 |
Yes |
|
MSR810, MSR810-W, MSR810-W-DB, MSR810-LM, MSR810-W-LM, MSR810-10-PoE, MSR810-LM-HK, MSR810-W-LM-HK, MSR810-LM-CNDE-SJK, MSR810-CNDE-SJK, MSR810-EI, MSR810-LM-EA, MSR810-LM-EI |
Yes |
|
MSR810-LMS, MSR810-LUS |
Yes |
|
MSR810-SI, MSR810-LM-SI |
Yes |
|
MSR810-LMS-EA, MSR810-LME |
Yes |
|
MSR1004S-5G, MSR1004S-5G-CN |
Yes |
|
MSR1104S-W, MSR1104S-W-CAT6, MSR1104S-5G-CN, MSR1104S-W-5G-CN |
Yes |
|
MSR2600-6-X1, MSR2600-15-X1, MSR2600-15-X1-T |
Yes |
|
MSR2600-10-X1 |
Yes |
|
MSR 2630 |
Yes |
|
MSR3600-28, MSR3600-51 |
Yes |
|
MSR3600-28-SI, MSR3600-51-SI |
No |
|
MSR3600-28-X1, MSR3600-28-X1-DP, MSR3600-51-X1, MSR3600-51-X1-DP |
Yes |
|
MSR3600-28-G-DP, MSR3600-51-G-DP |
Yes |
|
MSR3610-I-DP, MSR3610-IE-DP, MSR3610-IE-ES, MSR3610-IE-EAD, MSR-EAD-AK770, MSR3610-I-IG, MSR3610-IE-IG |
Yes |
|
MSR3610-X1, MSR3610-X1-DP, MSR3610-X1-DC, MSR3610-X1-DP-DC, MSR3620-X1, MSR3640-X1 |
Yes |
|
MSR3610, MSR3620, MSR3620-DP, MSR3640, MSR3660 |
Yes |
|
MSR3610-G, MSR3620-G |
Yes |
|
MSR3640-G |
Yes |
|
MSR3640-X1-HI |
Yes |
|
Hardware |
mGRE compatibility |
|
MSR810-W-WiNet, MSR810-LM-WiNet |
Yes |
|
MSR830-4LM-WiNet |
Yes |
|
MSR830-5BEI-WiNet, MSR830-6EI-WiNet, MSR830-10BEI-WiNet |
Yes |
|
MSR830-6BHI-WiNet, MSR830-10BHI-WiNet |
Yes |
|
MSR2600-6-WiNet |
Yes |
|
MSR2600-10-X1-WiNet |
Yes |
|
MSR2630-WiNet |
Yes |
|
MSR3600-28-WiNet |
Yes |
|
MSR3610-X1-WiNet |
Yes |
|
MSR3610-WiNet, MSR3620-10-WiNet, MSR3620-DP-WiNet, MSR3620-WiNet, MSR3660-WiNet |
Yes |
|
Hardware |
mGRE compatibility |
|
MSR860-6EI-XS |
Yes |
|
MSR860-6HI-XS |
Yes |
|
MSR2630-XS |
Yes |
|
MSR3600-28-XS |
Yes |
|
MSR3610-XS |
Yes |
|
MSR3620-XS |
Yes |
|
MSR3610-I-XS |
Yes |
|
MSR3610-IE-XS |
Yes |
|
MSR3620-X1-XS |
Yes |
|
MSR3640-XS |
Yes |
|
MSR3660-XS |
Yes |
|
Hardware |
mGRE compatibility |
|
MSR810-LM-GL |
Yes |
|
MSR810-W-LM-GL |
Yes |
|
MSR830-6EI-GL |
Yes |
|
MSR830-10EI-GL |
Yes |
|
MSR830-6HI-GL |
Yes |
|
MSR830-10HI-GL |
Yes |
|
MSR1004S-5G-GL |
Yes |
|
MSR2600-6-X1-GL |
Yes |
|
MSR3600-28-SI-GL |
No |
display mgre session
Use display mgre session to display mGRE session information.
Syntax
display mgre session [ count | [ interface tunnel interface-number [ peer ipv4-address ] [ dynamic | static ] ] [ verbose ] ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
count: Displays mGRE session statistics.
interface tunnel interface-number: Specifies an mGRE tunnel interface by its number. The value range for the interface-number argument is 0 to 10239. If you do not specify this option, the command displays mGRE session information for all mGRE tunnel interfaces.
peer ipv4-address: Specifies a peer public address. If you do not specify this option, the command displays all mGRE session information for the specified mGRE tunnel interface.
dynamic: Displays detailed information about dynamic mGRE sessions.
static: Displays detailed information about static mGRE sessions.
verbose: Displays detailed information about IPv4 mGRE sessions. If you do not specify this keyword, the command displays brief information about mGRE sessions.
Usage guidelines
If you do not specify any parameters, this command displays brief information about all mGRE sessions on all tunnel interfaces.
Examples
# Display brief information about all mGRE sessions.
<Sysname> display mgre session
Interface : Tunnel1
Number of sessions: 2
Peer NBMA address Peer protocol address Type State State duration
10.0.0.3 192.168.180.136 C-S Succeeded 00:30:01
10.0.1.4 192.168.180.137 C-C Establishing 00:30:02
# Display brief information about the mGRE session with the specified peer address.
<Sysname> display mgre session interface tunnel 1 peer 10.0.0.3
Interface : Tunnel1
Number of sessions: 1
Peer NBMA address Peer protocol address Type State State duration
10.0.0.3 192.168.180.136 C-S Succeeded 00:30:01
Table 1 Command output
|
Field |
Description |
|
Interface |
Name of the mGRE tunnel interface. |
|
Number of sessions |
Total number of mGRE sessions on the tunnel interface. |
|
Peer NBMA address |
Public address of the peer. |
|
Peer protocol address |
IP address of the peer tunnel interface. |
|
Type |
mGRE session type: · C-S—The local end is an NHC, and the peer end is the NHS. · C-C—Both the local and peer ends are NHCs. · UNKNOWN—The local end is an NHC, and the peer end type is unknown. |
|
State |
mGRE session state: · Succeeded. · Establishing. |
|
State duration |
Duration of the current session state, in the format of hh:mm:ss. |
# Display mGRE session statistics.
<Sysname> display mgre session count
Type Count
Dynamic 3
Static 0
Total 3
Table 2 Command output
|
Field |
Description |
|
Type |
NHRP session type: · Dynamic. · Static. |
|
Count |
Number of NHRP sessions. |
|
Total |
Total number of NHRP sessions. |
# Display detailed information about all mGRE sessions.
<Sysname> display mgre session verbose
Interface : Tunnel1
Link protocol : GRE
Number of sessions: 2
Peer NBMA address : 10.0.1.3
Peer protocol address: 192.168.180.136
Session type : C-S
State : Succeeded
State duration : 00:30:01
Input : 2201 packets, 218 data packets, 3 control packets
2191 multicasts, 0 errors
Output: 2169 packets, 2168 data packets, 1 control packets
2163 multicasts, 0 errors
Peer NBMA address : 10.0.1.4
Peer protocol address: 192.168.180.137
Session type : C-S
State : Succeeded
State duration : 00:31:01
Input : 1 packets, 0 data packets, 1 control packets
0 multicasts, 0 errors
Output: 16 packets, 0 data packets, 16 control packets
0 multicasts, 0 errors
Interface : Tunnel2
Link protocol : IPsec-GRE
Number of sessions: 1
Peer NBMA address : 20.0.0.3
Peer protocol address : 192.168.181.137
Behind NAT : No
Session type : C-C
SA's SPI :
Inbound : 187199087 (0xb286e6f) [ESP]
Outbound: 3562274487 (0xd453feb7) [ESP]
State : Establishing
State duration : 00:31:01
Input : 0 packets, 0 data packets, 0 control packets
0 multicasts, 0 errors
Output: 1 packets, 0 data packets, 1 control packets
0 multicasts, 0 errors
Table 3 Command output
|
Field |
Description |
|
Interface |
Name of the mGRE tunnel interface. |
|
Link protocol |
Encapsulation protocol used by the mGRE tunnel: · GRE. · IPsec-GRE. |
|
Number of sessions |
Total number of mGRE sessions on the tunnel interface. |
|
Peer NBMA address |
Public address of the peer. |
|
Peer protocol address |
IP address of the peer tunnel interface. |
|
SA's SPI |
SPI of the inbound and outbound SAs. This field is available when the mGRE tunnel is carried over IPsec. |
|
Behind NAT |
Whether the peer NHC has traversed a NAT device. |
|
Session type |
mGRE session type: · C-S—The local end is an NHC, and the peer end is the NHS. · C-C—Both the local and peer ends are NHCs. · S-C—The local end is an NHS, and the peer end is an NHC. |
|
State |
mGRE session state: · Succeeded. · Establishing. |
|
State duration |
Duration of the current session state, in the format of hh:mm:ss. If the duration exceeds 99:59:59, the format is dd:hh:mm. |
|
Input |
Statistics on received packets: · packets—Total number of packets. · data packets—Number of data packets. · control packets—Number of control packets. · multicasts—Number of multicast packets. · errors—Number of error packets. |
|
Output |
Statistics on sent packets: · packets—Total number of packets. · data packets—Number of data packets. · control packets—Number of control packets. · multicasts—Number of multicast packets. · errors—Number of error packets. |
Related commands
reset mgre session
display nhrp history-map
Use display nhrp history-map to display NHRP mapping entries that were cleared or have expired.
Syntax
display nhrp history-map [ count count-number ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
count count-number: Displays the specified number of NHRP mapping entries that were cleared or have expired. The value range for the count-number argument is 1 to 2000. If you do not specify this option, the command displays all NHRP mapping entries that were cleared or have expired.
Usage guidelines
Use this command to display the following NHRP mapping entries:
· NHRP mapping entries that were cleared by using the reset nhrp dynamic map command.
· NHRP mapping entries that have expired because their storage time exceeded the value set by using the nhrp holdtime command.
The display nhrp history-map command can display a maximum of 2000 entries. A new entry will overwrite the oldest entry for this command when the maximum number is reached.
Examples
# Display the most recent two NHRP mapping entries that were cleared or have expired.
<Sysname> display nhrp history-map count 2
Number of off-line map: 1984. Alloc memory: 214272
Interface : Tunnel634
Destination/mask: 182.134.3.1/32
Next hop : 182.134.3.1
Creation time : Mon Apr 12 10:23:31 2022
Delete time : Mon Apr 12 13:04:28 2022
Delete reason : expire
Hold time : 7200
Type : dynamic
NBMA address : 20.1.1.1
Interface : Tunnel311
Destination/mask: 182.61.2.1/32
Next hop : 182.61.2.1
Creation time : Mon Apr 12 10:23:36 2022
Delete time : Mon Apr 12 13:04:23 2022
Delete reason : expire
Hold time : 7200
Type : dynamic
NBMA address : 20.1.1.1
Table 4 Command output
|
Field |
Description |
|
Number of off-line map |
Number of recorded history NHRP mapping entries that were deleted. |
|
Alloc memory |
Amount of memory used by the entries, in bytes. |
|
Interface |
Name of an mGRE tunnel interface. |
|
Destination/mask |
Protocol address of an NHRP peer NHC. |
|
Next hop |
Tunnel address of the NHRP peer NHC. |
|
Creation time |
Time when the mapping entry was created. |
|
Delete time |
Time when the mapping entry was deleted. |
|
Delete reason |
Reason why the mapping entry was deleted: · Expire—The mapping entry holdtime expired. · Tunnel down—Exceptions occurred for the tunnel or public network. · Client purge—The NHC sent purge packets. · Unknown—Other unknown errors. |
|
Hold time |
Mapping entry holdtime, in seconds. |
|
Type |
Mapping entry type: · static—The entry is statically configured. · cached—The entry is dynamically obtained. · Incomplete—The entry is dynamic and incomplete. · dynamic—The entry is dynamically negotiated. |
|
NBMA address |
NBMA network address. |
Related commands
display nhrp map
display nhrp map
Use display nhrp map to display information about NHRP mapping entries.
Syntax
display nhrp map [ statistics | [ interface tunnel interface-number [ peer ipv4-address ] ] [ dynamic | static ] [ verbose ] ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
statistics: Displays statistics about NHRP mapping entries.
interface tunnel interface-number: Specifies an mGRE tunnel interface by its number. The value range for the interface-number argument is 0 to 10239. If you do not specify this option, the command displays NHRP mapping table information for all mGRE tunnel interfaces.
peer ipv4-address: Specifies a peer public address. If you do not specify this option, the command displays NHRP mapping entries for all peers.
dynamic: Displays detailed information about dynamic NHRP mapping entries.
static: Displays detailed information about static NHRP mapping entries.
verbose: Displays detailed information about NHRP mapping entries. If you do not specify this keyword, the command displays brief information about NHRP mapping entries.
Usage guidelines
If you do not specify any parameters, this command displays brief information about all NHRP mapping entries.
Examples
# Display brief information about all NHRP mapping entries.
<Sysname> display nhrp map
Destination/mask Next hop NBMA address Type Interface
172.16.1.1/32 172.16.1.1 105.112.100.4 cached Tunnel0
172.16.1.2/32 172.16.1.2 105.112.100.92 cached Tunnel0
# Display detailed information about all NHRP mapping entries.
<Sysname> display nhrp map verbose
Interface : Tunnel0
Destination/mask : 172.16.1.1/32
Next hop : 172.16.1.1
Creation time : 00:38:44
Expiration time : 01:21:15
Type : cached
Flags : unique up used
NBMA address : 105.112.100.4
Interface : Tunnel0
Destination/mask : 172.16.1.2/32
Next hop : 172.16.1.2
Creation time : 00:25:53
Expiration time : 01:34:06
Type : cached
Flags : unique up used ipsec
NBMA address : 105.112.100.92
Table 5 Command output
|
Field |
Description |
|
Destination/mask |
Destination tunnel interface address and mask. |
|
Next hop |
Next hop address to reach the destination network. |
|
Creation time |
Period of time for which the mapping entry has been created, in the format of hh:mm:ss. If the period exceeds 99:59:59, the format is dd:hh:mm. |
|
Expiration time |
Period of time in which the mapping entry will expire, in the format of hh:mm:ss. If the period exceeds 99:59:59, the format is dd:hh:mm. |
|
Type |
Mapping entry type: · static—The entry is statically configured. · cached—The entry is dynamically obtained. · Incomplete—The entry is dynamic and incomplete. · dynamic—The entry is dynamically negotiated. |
|
Flags |
Mapping entry flags: · unique—The mapping entry in the registration request cannot be overwritten by a mapping entry that has the same private address and different public addresses. A client can register the new entry with the server only after the mapping entry on the server expires. · used—This mapping entry is used for packet forwarding. · up—This mapping entry can be used for packet forwarding. · ipsec—IPsec negotiation succeeded. Packets will be protected by IPsec. · init—Initialization state. |
# Display statistics about NHRP mapping entries.
<Sysname> display nhrp map statistics
Type Count
Dynamic map: 3
Static map: 0
Total map: 3
Dynamic peer: 3
Local peer: 0
Cache peer: 0
All peer: 3
Table 6 Command output
|
Field |
Description |
|
Dynamic map |
Number of dynamic NHRP mapping entries. |
|
Static map |
Number of static NHRP mapping entries. |
|
Total map |
Total number of NHRP mapping entries. |
|
Dynamic peer |
Number of dynamic NHRP mapping entries for peers. |
|
Local peer |
Number of local NHRP mapping entries for peers. |
|
Cache peer |
Number of NHRP mapping entries dynamically obtained among NHCs in a full mesh network. |
|
All peer |
Total number of NHRP mapping entries for peers. |
display nhrp statistics
Use display nhrp statistics to display NHRP packet statistics for a tunnel interface.
Syntax
display nhrp statistics [ interface tunnel interface-number ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
interface tunnel interface-number: Specifies an mGRE tunnel interface by its number. The value range for the interface-number argument is 0 to 10239. If you do not specify this option, the command displays NHRP packet statistics for all tunnel interfaces.
Examples
# Display NHRP packet statistics.
<Sysname> display nhrp statistics
Tunnel0:
NHRP packets sent : 815
Resolution requests : 15
Resolution replies : 1
Registration requests : 0
Registration replies : 797
Purge requests : 2
Purge replies : 0
Error indications : 0
Traffic indications : 0
NHRP packets received : 1453
Resolution requests : 15
Resolution replies : 1
Registration requests : 1435
Registration replies : 2
Purge requests : 0
Purge replies : 0
Error indications : 0
Traffic indications : 0
Tunnel1:
NHRP packets sent : 3
Resolution Requests : 0
Resolution replies : 0
Registration requests : 0
Registration replies : 3
Purge requests : 0
Purge replies : 0
Error indications : 0
Traffic indications : 0
NHRP packets received : 3
Resolution requests : 0
Resolution replies : 0
Registration requests : 3
Registration replies : 0
Purge requests : 0
Purge replies : 0
Error indications : 0
Traffic indications : 0
Related commands
reset nhrp statistics
nhrp authentication
Use nhrp authentication to configure an NHRP packet authentication key.
Use undo nhrp authentication to restore the default.
Syntax
nhrp authentication { cipher | simple } string
undo nhrp authentication
Default
No NHRP packet authentication key is configured. NHRP nodes do not authenticate NHRP packets received from each other.
Views
mGRE tunnel interface view
Predefined user roles
network-admin
Parameters
cipher: Specifies an authentication key in encrypted form.
simple: Specifies an authentication key in plaintext form. For security purposes, the key specified in plaintext form will be stored in encrypted form.
string: Specifies the key string. Its plaintext form is a case-sensitive string of 1 to 8 characters. Its encrypted form is a case-sensitive string of 1 to 41 characters.
Usage guidelines
After an NHRP packet authentication key is configured for a tunnel interface, the tunnel interface adds the key in packets sent to the peer. The tunnel interface also uses the key to authenticate NHRP packets it receives. If a packet fails the authentication, the packet will be dropped.
For mGRE tunnels to be established successfully, configure the same NHRP authentication key for all NHCs and NHSs in the same mGRE network.
Examples
# On interface Tunnel1, set the NHRP packet authentication key to 123456.
<Sysname> system-view
[Sysname] interface tunnel 1 mode mgre
[Sysname-Tunnel1] nhrp authentication simple 123456
nhrp dscp
Use nhrp dscp to specify a DSCP value for the outgoing NHRP packets on an NHS or NHC.
Use undo nhrp dscp to restore the default.
Syntax
nhrp dscp dscp-value
undo nhrp dscp
Default
The DSCP value is 48.
Views
mGRE tunnel interface view
Predefined user roles
network-admin
Parameters
dscp-value: Specifies a DSCP value in the range of 0 to 63.
Usage guidelines
In an mGRE scenario, if the DSCP value of NHRP packets is too small when network congestion occurs, the NHRP packets might be dropped. As a result, mGRE tunnel interruption occurs. You can use this command to adjust the DSCP value of NHRP packets to ensure that NHRP packets are preferentially transmitted.
Examples
# On tunnel interface Tunnel 1, configure the DSCP value of outgoing NHRP packets as 50.
<Sysname> system-view
[Sysname] interface tunnel 1 mode mgre
[Sysname-Tunnel1] nhrp dscp 50
nhrp holdtime
Use nhrp holdtime to configure the holdtime for NHRP mapping entries.
Use undo nhrp holdtime to restore the default.
Syntax
nhrp holdtime seconds
undo nhrp holdtime
Default
The holdtime of NHRP mapping entries is 7200 seconds.
Views
mGRE tunnel interface view
Predefined user roles
network-admin
Parameters
seconds: Specifies the holdtime in the range of 1 to 65535 seconds.
Usage guidelines
After the holdtime is configured, the local NHRP holdtime carried in outgoing packets is updated to the configured holdtime. To display information about NHRP mapping entries that have expired, use the display nhrp history-map command.
Examples
# On interface Tunnel1, set the holdtime of NHRP mapping entries to 600 seconds
<Sysname> system-view
[Sysname] interface tunnel 1 mode mgre
[Sysname-Tunnel1] nhrp holdtime 600
Related commands
display nhrp history-map
interface tunnel (Layer 3—IP Services Command Reference)
nhrp network-id
Use nhrp network-id to configure an NHRP network ID for an mGRE tunnel.
Use undo nhrp network-id to restore the default.
Syntax
nhrp network-id number
undo nhrp network-id
Default
No NHRP network ID is configured for an mGRE tunnel.
Views
mGRE tunnel interface view
Predefined user roles
network-admin
Parameters
number: Specifies an NHRP network ID in the range of 1 to 4294967295.
Usage guidelines
A network ID is only locally significant. You can configure different NHRP network IDs for different tunnel interfaces on the device. The NHC and NHS can have different NHRP network IDs.
If you execute this command multiple times, the most recent configuration takes effect.
Examples
# Set the NHRP network ID to 10 for mGRE tunnel interface Tunnel1.
<Sysname> system-view
[Sysname] interface tunnel 1 mode mgre
[Sysname-Tunnel1] nhrp network-id 10
nhrp nhs
Use nhrp nhs to configure a private address-to-public DNS name mapping or a private-to-public address mapping for an NHS.
Use undo nhrp nhs to delete a private address-to-public DNS name mapping or a private-to-public address mapping for an NHS.
Syntax
nhrp nhs nhs-address nbma { dns-name | nbma-address }
undo nhrp nhs nhs-address nbma { dns-name | nbma-address }
Default
No private address-to-public DNS name mapping or private-to-public address mapping is configured for an NHS.
Views
mGRE tunnel interface view
Predefined user roles
network-admin
Parameters
nhs-address: Specifies the private address of an NHS.
dns-name: Specifies the public DNS name of the NHS, a case-sensitive string of 1 to 253 characters. The string cannot contain a space.
nbma-address: Specifies the public address (NBMA address) of the NHS.
Usage guidelines
You can execute this command multiple times to configure multiple NHSs for redundancy. If multiple NHSs are configured, NHCs register with all the NHSs.
If you execute this command multiple times for the same NHS private address, the most recently configured public address or DNS name takes effect.
Examples
# On interface Tunnel 1, configure the NHS private address as 1.1.1.1 and public address as 120.1.1.120.
<Sysname> system-view
[Sysname] interface tunnel 1 mode mgre
[Sysname-Tunnel1] nhrp nhs 1.1.1.1 nbma 120.1.1.120
# On interface Tunnel 2, configure the NHS private address as 2.2.2.2 and public DNS name as dns.
<Sysname> system-view
[Sysname] interface tunnel 2 mode mgre
[Sysname-Tunnel1] nhrp nhs 2.2.2.2 nbma dns
Related commands
interface tunnel (Layer 3—IP Services Command Reference)
nhrp registration no-unique
Use nhrp registration no-unique to configure an NHC to include the no-unique flag into outgoing NHRP packets.
Use undo nhrp registration no-unique to restore the default.
Syntax
nhrp registration no-unique
undo nhrp registration no-unique
Default
An outgoing NHRP packet does not include the no-unique flag on an NHC.
Views
mGRE tunnel interface view
Predefined user roles
network-admin
Usage guidelines
When an NHC is registering NHRP information with an NHS, the NHS generates an NHRP mapping entry for the NHC. When the public address of the NHC is changed, the NHC reregisters its latest NHRP information with the NHS. As a result, NHRP mapping entry conflict occurs on the NHS for the NHC. The NHS denies the reregistration of the NHC.
To resolve the issue, use this command on the NHC. With this command, the NHC includes the no-unique flag into NHRP registration and response packets to notify the NHS to overwrite the conflicting NHRP mapping entry with the latest NHC information.
As a best practice to ensure successful NHC reregistration with an NHS in scenarios where the NHCs dynamically obtain addresses, for example, through DHCP, use this command on the NHCs.
Examples
# On tunnel interface Tunnel 1, configure mGRE tunnel registration packets to include the no-unique flag.
<Sysname> system-view
[Sysname] interface tunnel 1 mode mgre
[Sysname-Tunnel1] nhrp registration no-unique
nhrp registration time-out
Use nhrp registration time-out to set the interval at which an NHC sends NHRP registration packets.
Use undo nhrp registration time-out to restore the default.
Syntax
nhrp registration time-out seconds
undo nhrp registration time-out
Default
An NHC sends NHRP registration packets at intervals of 2400 seconds.
Views
mGRE tunnel interface view
Predefined user roles
network-admin
Parameters
seconds: Sets the NHRP registration interval, in seconds. The value range is 1 to 65535.
Usage guidelines
To prevent an NHS from failing to update NHC information in time after the public address of an NHC is modified or the NHRP mapping entry for an NHC on the NHS ages out, use this command on the NHC. To ensure that the NHS can update NHC information in time, make sure the interval at which the NHC sends registration packets is shorter than the holdtime of NHRP mapping entries on the NHS.
Examples
# On tunnel interface Tunnel 1, configure the device to send NHRP registration packets at intervals of 300 seconds.
<Sysname> system-view
[Sysname] interface tunnel 1 mode mgre
[Sysname-Tunnel1] nhrp registration time-out 300
Related commands
nhrp holdtime
nhrp server-only
Use nhrp server-only to enable the NHS-only feature.
Use undo nhrp server-only to disable the NHS-only feature.
Syntax
nhrp server-only
undo nhrp server-only
Default
The NHS-only feature is disabled.
Views
mGRE tunnel interface view
Predefined user roles
network-admin
Usage guidelines
When this feature is enabled, the device can act as only an NHS.
When this feature is enabled, the mappings configured by using the nhrp nhs command for an NHS cannot take effect. In addition, the device no longer sends registration request packets.
As a best practice, enable this feature only when the device only acts as an NHS.
Examples
# On Tunnel interface tunnel 1, enable the NHS-only feature.
<Sysname> system-view
[Sysname] interface tunnel 1 mode mgre
[Sysname-Tunnel1] nhrp server-only
reset mgre session
Use reset mgre session to reset dynamic mGRE sessions.
Syntax
reset mgre session [ interface tunnel interface-number [ peer ipv4-address ] ]
Views
User view
Predefined user roles
network-admin
Parameters
interface tunnel interface-number: Specifies an mGRE tunnel interface by its number. The value range for the interface-number argument is 0 to 10239. If you do not specify this option, the command resets dynamic mGRE sessions for all mGRE tunnel interfaces.
peer ipv4-address: Specifies a peer public address. If you do not specify this option, the command resets all dynamic mGRE sessions for the specified mGRE tunnel interface.
Usage guidelines
When an mGRE session is reset, the NHC reregisters with the NHS.
Examples
# Reset the mGRE sessions on interface Tunnel1.
<Sysname> reset mgre session interface tunnel 1
# Reset the mGRE session with peer address 202.12.12.12 on interface Tunnel1.
<Sysname> reset mgre session interface tunnel 1 peer 202.12.12.12
Related commands
display mgre session
reset mgre statistics
Use reset mgre statistics to clear mGRE session statistics.
Syntax
reset mgre statistics [ interface tunnel interface-number [ peer ipv4-address ] ]
Views
User view
Predefined user roles
network-admin
Parameters
interface tunnel interface-number: Specifies an mGRE tunnel interface by its number. The value range for the interface-number argument is 0 to 10239. If you do not specify this option, the command clears mGRE session statistics for all mGRE tunnel interfaces.
peer ipv4-address: Specifies a peer public address. If you do not specify this option, the command clears statistics about all mGRE sessions on the specified mGRE tunnel interface.
Examples
# Clear statistics about mGRE sessions on interface Tunnel1.
<Sysname> reset mgre statistics interface tunnel 1
# Clear statistics about the mGRE session with peer public address 192.168.1.200 on interface Tunnel1.
<Sysname> reset mgre statistics interface tunnel 1 peer 192.168.1.200
reset nhrp dynamic map
Use reset nhrp dynamic map to clear dynamically negotiated NHRP mapping entries.
Syntax
reset nhrp dynamic map [ protocol-address [ mask ] ]
Views
mGRE tunnel interface view
Predefined user roles
network-admin
Parameters
protocol-address: Specifies a network layer protocol address in dotted decimal notation.
mask: Specifies the mask of the network layer protocol address, in dotted decimal notation.
Usage guidelines
If you do not specify any parameters, this command clears all dynamic NHRP mapping entries.
To prevent existing dynamic NHRP mapping entries from affecting diagnostic results in debugging operations or in node interaction diagnostic tests, clear the entries before they age out.
Use this command with caution. After this command clears the specified dynamic NHRP mapping entries, the device does not generate these entries until the peer devices register the information again.
To display dynamic NHRP mapping entries that were cleared, use the display nhrp history-map command.
Examples
# Clear dynamic NHRP mapping entry with IP address 20.20.20.1.
<Sysname> system-view
[Sysname] interface tunnel 1 mode mgre
[Sysname-Tunnel1] reset nhrp dynamic map 20.20.20.1
reset nhrp history-map
Use reset nhrp history-map to clear NHRP mapping entries recorded on the device.
Syntax
reset nhrp history-map
Views
User view
Predefined user roles
network-admin
Usage guidelines
Use this command to clear NHRP mapping entries recorded by the display nhrp history-map command.
Examples
# Clear NHRP mapping entries recorded on the device.
<Sysname> reset nhrp history-map
Related commands
display nhrp history-map
reset nhrp statistics
Use reset nhrp statistics to clear NHRP packet statistics.
Syntax
reset nhrp statistics [ interface tunnel interface-number ]
Views
User view
Predefined user roles
network-admin
Parameters
interface tunnel interface-number: Specifies an mGRE tunnel interface by its number. The value range for the interface-number argument is 0 to 10239. If you do not specify this option, the command clears NHRP packet statistics for all mGRE tunnel interfaces.
Examples
# Clear NHRP packet statistics for interface Tunnel1.
<Sysname> reset nhrp statistics interface tunnel 1
Related commands
display nhrp statistics
