This command connects a pair of interfaces. After you execute this command, each interface will be configured as a source interface and a destination interface of the other interface. A packet received Command a source interface will be forwarded out its destination interface.

The source and destination interfaces must be on the same device.

To avoid congestion when traffic is forwarded from a source interface to a destination interface, make sure they are installed with transceiver modules operating at the same speed.

After the connection-interface command is executed, the source-interface command will be issued on the two connected interfaces. After the undo destination-interface command is executed, the source-interface command will be deleted from the two connected interfaces.

In R6712P02 and later versions, the connection-interface command is mutually exclusive with the enhanced-connection destination-interface or enhanced-connection source-interface command.

Examples

# Connect interface Ten-GigabitEthernet1/0/1 and Ten-GigabitEthernet1/0/2.

<Sysname> system-view

[sysname] connection-interface Ten-GigabitEthernet 1/0/1 Ten-GigabitEthernet 1/0/2

Related commands

enhanced-connection destination-interface (supported only in R6712P02 and later versions)

enhanced-connection source-interface (supported only in R6712P02 and later versions)

source-interface

demux

Use demux to create a Demux group and enter its view, or enter the view of an existing Demux group.

Use undo demux to restore the default.

Syntax

demux demux-id fpga fpga-number

undo demux demux-id fpga fpga-number

Default

No Demux group exists.

Views

System view

Predefined user roles

network-admin

Parameters

demux-id: Specifies a Demux group by its ID. In enhanced SecurityMux mode, the value is 1. In multi-group SecurityMux mode, the value range is 1 to 4.

fpga fpga-number: Specifies the FPGA associated with the Demux group. The fpga-number argument specifies an FPGA firmware number.

Usage guidelines

A Demux group can achieve ultra-low latency traffic forwarding. Packets received from a downstream interface are forwarded out of multiple upstream interfaces.

A Mux group and a Demux group are used together. A Mux group is used to process upstream traffic, and a Demux group is used to process downstream traffic.

Before you can configure a Demux group, you must configure a Mux group.

Examples

# Create Demux group 1 and enter its view.

<Sysname> system-view

[Sysname] demux 1 fpga 0

[Sysname-demux-group-1-fpga-0]

Related commands

downstream-port

upstream-port

destination-interface

Use destination-interface to specify the destination interface.

Use undo destination-interface to cancel the configuration.

Syntax

destination-interface interface-list

undo destination-interface interface-list

Default

No destination interface is specified.

Views

Layer 2 Ethernet interface view

Layer 3 Ethernet interface view

Predefined user roles

network-admin

Parameters

interface-list: Specifies an interface list in the format of interface-list = { interface-type interface-number1 [ to interface-type interface-number2 ] }&<1-24>. The interface-type interface-number argument specifies an interface by its type and number. The & <1- 24> argument indicates that you can specify the preceding parameter for up to 24 times. The value of the interface-type interface-number2 argument cannot be smaller than the value of the interface-type interface-number1 argument. The selected interfaces must reside on the same interface module or submodule.

Usage guidelines

To enable fast forwarding of packets, you can execute this command to specify a destination interface for the current interface. When the current interface receives a packet, the packet will be forwarded out the specified destination interface. With multiple destination interfaces specified for a source interface, when the source interface receives a packet, a copy of the packet will be forwarded out each of the specified destination interfaces.

The specified destination interface must be on the same device as the current interface.

To avoid congestion when traffic is forwarded from a source interface to a destination interface, make sure they are installed with transceiver modules operating at the same speed.

After the destination-interface command is executed on an interface, the source-interface command will be issued on the specified destination interface. After the undo destination-interface command is executed on an interface, the source-interface command will be deleted from the specified destination interface.

In R6712P02 and later versions, the destination-interface command is mutually exclusive with the enhanced-connection destination-interface or enhanced-connection source-interface command.

Examples

# Configure the Ten-GigabitEthernet1/0/2 as the destination interface of Ten-GigabitEthernet1/0/1.

<Sysname> system-view

[sysname] interface Ten-GigabitEthernet 1/0/1

[sysname-Ten-GigabitEthernet1/0/1] destination-interface Ten-GigabitEthernet 1/0/2

Related commands

enhanced-connection destination-interface (supported only in R6712P02 and later versions)

enhanced-connection source-interface (supported only in R6712P02 and later versions)

source-interface

display interface connection

Use display interface connection to display interface connection information.

Syntax

display interface [ interface-type interface-number ] connection [ source | destination ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

interface-type interface-number: Displays connection information for the specified interface. The interface-type interface-number option specifies an interface by its type and number. If you do not specify this option, the command displays connection information for all interfaces.

source: Displays the source interface connection information for the specified interface. If you specify this keyword, this command displays the source interface connection information only for common L1 connections, rather than enhanced connections. This keyword is supported only in R6712P02 and later versions.

destination: Displays the destination interface connection information for the specified interface. This keyword is supported only in R6712P02 and later versions.

Usage guidelines

If you do not specify the source or destination keyword, this command displays both source interface connection information and destination interface connection information for the specified interface.

Examples

# Display connection information for interface Ten-GigabitEthernet1/0/1.

<Sysname> display interface Ten-GigabitEthernet 1/0/1 connection

Connection(s):

XGE1/0/1 <-> XGE1/0/3

XGE1/0/1 --> XGE1/0/4

# Display connection information for all interfaces.

<Sysname> display interface connection

Connection(s):

XGE1/0/1 <-> XGE1/0/3

--> XGE1/0/4

XGE1/0/2 --> XGE1/0/5

<-- XGE1/0/6

XGE1/0/3 <-> XGE1/0/1

XGE1/0/4 <-- XGE1/0/1

XGE1/0/5 <-- XGE1/0/2

XGE1/0/6 --> XGE1/0/2

# Display source interface connection information for all interfaces. (Supported only in R6712P02 and later versions.)

<Sysname> display interface connection source

Port Status Speed Transceiver Source State Tx_fault Rx_los Tx_disable Description

XGE1/0/1 UP 10G STACK_SFP_PLUS XGE1/0/2 Present Normal Normal Enabled --

XGE1/0/2 UP 10G STACK_SFP_PLUS XGE1/0/1 Present Normal Normal Enabled switch1_port1

XGE1/0/3 DOWN -- No connector XGE1/0/1 Absent Normal Fault Disabled port

XGE1/0/4 DOWN -- No connector XGE1/0/2 Absent Normal Fault Disabled --

XGE1/0/5 DOWN -- No connector -- Absent Normal Fault Disabled --

XGE1/0/6 DOWN -- No connector -- Absent Normal Fault Disabled --

XGE1/0/7 DOWN -- No connector -- Absent Normal Fault Disabled --

XGE1/0/8 DOWN 10G STACK_SFP_PLUS -- Present Normal Normal Enabled --

XGE1/0/9 DOWN -- No connector -- Absent Normal Fault Disabled --

XGE1/0/10 DOWN -- No connector XGE1/0/10 Absent Normal Fault Disabled 12343455

# Display the source interface connection information for interface Ten-GigabitEthernet 1/0/1. (Supported only in R6712P02 and later versions.)

<Sysname> display interface Ten-GigabitEthernet 1/0/1 connection source

Port Status Speed Transceiver Source State Tx_fault Rx_los Tx_disable Description

XGE1/0/1 UP 10G STACK_SFP_PLUS XGE1/0/2 Present Normal Normal Enabled --

# Display the destination interface connection information for all interfaces. (Supported only in R6712P02 and later versions.)

<Sysname> display interface connection destination

Connection(s):

XGE1/0/1 --> XGE1/0/3, XGE1/0/4

XGE1/0/2 --> XGE1/0/5

XGE1/0/3 --> XGE1/0/1

XGE1/0/6 --> XGE1/0/2*

# Display the destination interface connection information for Ten-GigabitEthernet 1/0/1. (Supported only in R6712P02 and later versions.)

<Sysname> display interface Ten-GigabitEthernet 1/0/1 connection destination

Connection(s):

XGE1/0/1 --> XGE1/0/3, XGE1/0/4

# Display the destination interface connection information for interface Ten-GigabitEthernet 1/0/4.

<Sysname> display interface Ten-GigabitEthernet 1/0/4 connection destination

No connection information, or no connected interface.

Table 1 Command output

Field	Description
Connection(s)	Interface connection information: · <->—The two interfaces are source and destination interfaces. · -->—The interface on the left is the source interface of the interface on the right. · <--—The interface on the left is the destination interface of the interface on the right. · No connection information, or no connected interface—No source or destination interface is specified for this interface. · *—An enhanced connection is established between two interfaces.

Field

Description

Connection(s)

Interface connection information:

· <->—The two interfaces are source and destination interfaces.

· -->—The interface on the left is the source interface of the interface on the right.

· <--—The interface on the left is the destination interface of the interface on the right.

· No connection information, or no connected interface—No source or destination interface is specified for this interface.

· *—An enhanced connection is established between two interfaces.

Related commands

connection-interface

destination-interface

enhanced-connection destination-interface (supported only in R6712P02 and later versions)

enhanced-connection source-interface (supported only in R6712P02 and later versions)

source-interface

display interface connection pathed

Use display interface connection pathed to display the connections for two interfaces that act as both the source and destination interfaces of each other.

NOTE:

This command is supported only in R6712P02 and later versions.

Syntax

display interface connection pathed

Views

Any view

Predefined user roles

network-admin

network-operator

Examples

# Display the connections for two interfaces that act as both the source and destination interfaces of each other.

<Sysname> display interface connection pathed

Connection(s):

XGE1/0/1 <-> XGE1/0/3

XGE1/0/3 <-> XGE1/0/1

Table 2 Command output

Field	Description
Connection(s)	Interface interconnect information: · <->—The two interfaces act as both the source and destination interfaces of each other. · No connection information, or no connected interface—No source or destination interface is specified.

Field

Description

Connection(s)

Interface interconnect information:

· <->—The two interfaces act as both the source and destination interfaces of each other.

· No connection information, or no connected interface—No source or destination interface is specified.

display interface transceiver

Use display interface transceiver to display the transceiver modules and source interfaces of interfaces.

Syntax

display interface transceiver

Views

Any view

Predefined user roles

network-admin

network-operator

Examples

# Display the transceiver modules and source interfaces of all interfaces.

<Sysname> display interface transceiver

Interface Transceiver type Source interface

XGE1/0/1 1000_BASE_SX_SFP(D) XGE1/0/2

XGE1/0/2 -- XGE1/0/1

XGE1/0/3 --(D) XGE1/0/4

XGE1/0/5 Unknown XGE1/0/6

Table 3 Command output

Field	Description
Interface	Abbreviated interface name.
Transceiver	Model of the transceiver module. This field displays – if no transceiver module is installed. This field displays (D) if the transceiver tx-disable command has been executed on the interface. This field displays Unknown if no transceiver module information is detected.
Source interface	Abbreviated name of the source interface.

display mux

Use display mux to display information about FastMux, Mux, and Demux groups.

Syntax

display mux [ mode { fast-mux | mux | demux } [ mux-id fpga fpga-number ] ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

mode: Specifies a Mux type. If you do not specify this keyword, the command displays information for all FastMux, Mux, and Demux groups.

fast-mux: Displays FastMux group information.

mux: Displays Mux group information.

demux: Displays Demux group information.

mux-id: Specifies a FastMux, Mux, or Demux group by its ID. The value range for this argument is 1 to 4. If you do not specify this argument, the command displays information about all FastMux, Mux, and Demux groups.

fpga fpga-number: Specifies the FPGA associated with the group. The fpga-number argument specifies an FPGA firmware number.

Examples

# Display information about all FastMux groups.

<Sysname> display mux mode fast-mux

Fast multiplex group 1 fpga 0 (7:1):

Upstream interface: Ten-GigabitEthernet1/0/1

Active Downstream interfaces: Ten-GigabitEthernet1/0/2 to Ten-GigabitEthernet1/0/8

Inactive Downstream interfaces: Ten-GigabitEthernet1/0/9 to Ten-GigabitEthernet1/0/10

Fast multiplex group 2 fpga 0 (7:1):

Upstream interface: Ten-GigabitEthernet1/0/11

Active Downstream interfaces: Ten-GigabitEthernet1/0/12 to Ten-GigabitEthernet1/0/13

Table 4 Command output

Field	Description
Fast multiplex group ID	FastMux group ID and the maximum ratio between the downstream and upstream interfaces in the group.
Multiplex group ID	Mux group ID.
Demultiplex group ID	Demux group ID.
fpga number	FPGA firmware number. Firmware number of the FPGA associated with the FastMux, Mux, or Demux group.
Upstream interface	Upstream interface name.
Active Downstream interfaces	Name of the downstream interface that takes effect.
Inactive Downstream interfaces	Name of the downstream interface that does not take effect.

display this interface connection

Use display this interface connection to display interconnection information of an interface.

Syntax

display this interface connection

Views

Layer 2 Ethernet interface view

Layer 3 Ethernet interface view

Predefined user roles

network-admin

network-operator

Examples

# Display interconnection information of interface Ten-GigabitEthernet1/0/1.

<Sysname> system-view

[sysname] interface Ten-GigabitEthernet 1/0/1

[sysname-Ten-GigabitEthernet1/0/1] display this interface connection

Connection(s):

XGE1/0/1 <-> XGE1/0/3

XGE1/0/1 --> XGE1/0/4

Table 5 Command output

Field	Description
Connection(s)	Interface interconnection information: · <->—The two interfaces are source and destination interfaces. · -->—The interface on the left is the source interface of the interface on the right. · <--—The interface on the left is the destination interface of the interface on the right.

Field

Description

Connection(s)

Interface interconnection information:

· <->—The two interfaces are source and destination interfaces.

· -->—The interface on the left is the source interface of the interface on the right.

· <--—The interface on the left is the destination interface of the interface on the right.

downstream-port

Use downstream-port to configure downstream interfaces.

Use undo downstream-port to remove downstream interfaces.

Syntax

downstream-port interface-list

undo downstream-port [ interface-list ]

Default

No downstream interface exists.

Views

FastMux group view

Mux group view

Demux group view

Predefined user roles

network-admin

Parameters

Usage guidelines

If you configure an interface as a downstream interface, you cannot configure it as the following interfaces:

· Upstream interface (configured by using the upstream-port command).

· Monitor port (configured by using the upstream-port monitportlist command).

· Monitor port for a local mirroring group (configured by using the mirroring-group monitor-port command).

Examples

# In FastMux group view, configure Ten-GigabitEthernet1/0/1 as a downstream interface.

<Sysname> system-view

[Sysname] fast-mux 1 type 1 fpga 0

[Sysname-fast-mux-group-1-fpga-0] downstream-port Ten-GigabitEthernet 1/0/1

Related commands

upstream-port

enhanced-connection destination-interface

Use enhanced-connection destination-interface to establish enhanced connections between an interface and the specified destination interfaces.

Use undo enhanced-connection destination-interface to remove enhanced connections between an interface and the specified destination interfaces.

NOTE:

This command is supported only in R6712P02 and later versions.

Syntax

enhanced-connection destination-interface interface-list

undo enhanced-connection destination-interface interface-list

Default

Enhanced connections are not established between an interface and the specified destination interfaces.

Views

Layer 2 Ethernet interface view

Layer 3 Ethernet interface view

Predefined user roles

network-admin

Parameters

interface-list: Specifies a space-separated list of up to 24 destination interface items. Each item specifies an interface by its type and number or specifies a range of interfaces in the form of { interface-type interface-number1 [ to interface-type interface-number2 ] }. When you specify a range of interfaces, the start interface number must be identical to or lower than the end interface number. The selected interfaces must reside on the same interface module or submodule.

Usage guidelines

Application scenarios

When you configure the patch panel feature, you can use the connection-interface, source-interface, or destination-interface command to establish a forwarding relationship between the source and destination interfaces to enable traffic exchange between these interfaces.

However, in the multi-tier device cascading scenario, the signals might gradually attenuate during the tier-by-tier forwarding process. For example, when a tier-2 device connects to a tier-3 device in a 3-tier network, the signals must be first transmitted from the source interface to the destination interface on the tier-2 device before the signals are sent to the tier-3 device. During this process, signal attenuation might lead to data packet loss, which can affect the normal transmission of packets to the tier-3 device.

Use this feature to resolve the preceding issue.

Operating mechanism

When an interface with this command executed receives packets, the packets will be directly forwarded out the specified destination interface. With multiple destination interfaces specified for a source interface, when the source interface receives a packet, a copy of the packet will be forwarded out each of the specified destination interfaces. At the same time, the device establishes enhanced connections between the current interface and the destination interfaces and modifies the connections in the hardware to change the internal traffic route of the interface. This feature amplifies the signals and ensures no packet loss after multiple tiers of devices are cascaded.

Restrictions and guidelines

The specified destination interface must be on the same device as the current interface and they must be of the same interface type.

To avoid congestion when traffic is forwarded from a source interface to a destination interface, make sure they are installed with transceiver modules operating at the same speed.

Establishing an enhanced connection consumes one pipe statistics port resource. Because a device has only 13 such resources, you can configure a maximum of 13 enhanced connections between interfaces. Any attempt to create more than 13 enhanced connections will fail.

Do not include the current interface in the specified destination interface list.

After you execute the enhanced-connection destination-interface command, the device will automatically issue the enhanced-connection source-interface command to the destination interfaces.

After you execute the undo enhanced-connection destination-interface command, the device will automatically issue the undo enhanced-connection source-interface command to the destination interfaces to remove the enhanced connections between the current interface and the destination interfaces.

The enhanced-connection destination-interface command is mutually exclusive with any of the following commands:

· connection-interface

· destination-interface

· source-interface

To change the destination interfaces for the enhanced connections between the current interface and the specified destination interfaces:

1. First, execute the undo enhanced-connection destination-interface command to remove the enhanced connections.

2. Then, execute the enhanced-connection destination-interface command to establish new enhanced connections.

When you execute this command in interface view, make sure traffic statistics collection has been enabled on the interface by using the counter enable command. After you execute this command, you cannot disable traffic statistics collection on the interface.

Examples

# Establish an enhanced connection between interface Ten-GigabitEthernet 1/0/1 and destination interface Ten-GigabitEthernet 1/0/2.

<Sysname> system-view

[Sysname] interface Ten-GigabitEthernet 1/0/1

[Sysname-Ten-GigabitEthernet1/0/1] enhanced-connection destination-interface Ten-GigabitEthernet 1/0/2

enhanced-connection source-interface

Use enhanced-connection source-interface to establish an enhanced connection between an interface and the specified source interface.

Use undo enhanced-connection source-interface to remove an enhanced connection between an interface and the specified source interface.

NOTE:

This command is supported only in R6712P02 and later versions.

Syntax

enhanced-connection source-interface interface-type interface-number

undo enhanced-connection source-interface

Default

An enhanced connection is not established between an interface and the specified source interface.

Views

Layer 2 Ethernet interface view

Layer 3 Ethernet interface view

Predefined user roles

network-admin

Parameters

interface-type interface-number: Specifies an interface by its type and number.

Usage guidelines

Application scenarios

Use this feature to resolve the preceding issue.

Operating mechanism

With this command executed on an interface, when the specified source interface receives packets, the packets will be directly forwarded out the current interface. At the same time, the device establishes enhanced connections between the current interface and the source interfaces and modifies the connections in the hardware to change the internal traffic route of the interface. This feature amplifies the signals and ensures no packet loss after multiple tiers of devices are cascaded.

Restrictions and guidelines

The specified source interface must be on the same device as the current interface and they must be of the same interface type.

To avoid congestion when traffic is forwarded from a source interface to a destination interface, make sure they are installed with transceiver modules operating at the same speed.

Do not configure the current interface as the source interface.

The enhanced-connection source-interface command is mutually exclusive with any of the following commands:

· connection-interface

· destination-interface

· source-interface

To change the source interface for the enhanced connection between the current interface and the specified source interface:

1. First, execute the undo enhanced-connection source-interface command to remove the enhanced connection.

2. Then, execute the enhanced-connection source-interface command to establish a new enhanced connection.

Examples

# Establish an enhanced connection between interface Ten-GigabitEthernet 1/0/2 and destination interface Ten-GigabitEthernet 1/0/1.

<Sysname> system-view

[Sysname] interface Ten-GigabitEthernet 1/0/2

[Sysname-Ten-GigabitEthernet1/0/2] enhanced-connection source-interface Ten-GigabitEthernet 1/0/1

fast-mux

Use fast-mux to create a FastMux group and enter its view, or enter the view of an existing FastMux group.

Use undo fast-mux to delete a FastMux group.

Syntax

fast-mux fast-mux-id type type-id fpga fpga-number

undo fast-mux fast-mux-id [ type type-id ] fpga fpga-number

Default

No FastMux group exists.

Views

System view

Predefined user roles

network-admin

Parameters

fast-mux-id: Specifies a FastMux group by its ID in the range of 1 to 4.

type type-id: Specifies a FastMux group type by its ID in the range of 1 to 2. 1 represents the 7:1 resource group type, and 2 represents the 15:1 resource group type.

fpga fpga-number: Specifies the FPGA associated with the FastMux group. The fpga-number argument specifies an FPGA firmware number.

Usage guidelines

Configure a FastMux group to implement ultra-low latency traffic forwarding. You can add an upstream interface and multiple downstream interfaces to a FastMux group. Packets from the downstream interfaces are sent to the upstream interface, which lowers latency.

Examples

# Create FastMux group 1 and enter its view.

<Sysname> system-view

[Sysname] fast-mux 1 type 1 fpga 0

[Sysname-fast-mux-group-1-fpga-0]

Related commands

downstream-port

upstream-port

firmware update

Use firmware update to upgrade firmware.

Syntax

firmware update slot slot-number fpga fpga-number { fast-mux | multi-sec-mux | sec-mux-enhance | tapping-aggr }

Views

User view

Predefined user roles

network-admin

Parameters

slot slot-number: Specifies a device by its number, which is fixed at 1.

fpga fpga-number: Specifies an FPGA by its firmware number.

fast-mux: Specifies a FastMux mode. This application supports four FastMux groups, which separately implement 15:1, 15:1, 7:1, and 7:1 upstream traffic multiplexing ratios with a minimum latency of 35 ns.

multi-sec-mux: Specifies the multi-group SecurityMux mode. It supports four Mux groups and four Demux groups. A Mux group can have one upstream interface. The groups separately implement 7:1, 7:1, 13:1, and 15:1 upstream traffic multiplexing ratios, and 1:7, 1:7, 1:13, 1:15 downstream traffic demultiplexing ratios. This application supports ACL-based packet forwarding control on the outgoing interfaces of downstream traffic. Two monitor ports are used to monitor the traffic of Mux groups.

sec-mux-enhance: Specifies the enhanced SecurityMux mode. In this mode, a Mux group can have two upstream interfaces. This application supports a maximum upstream traffic multiplexing ratio of 46:2 and a maximum downstream demultiplexing ratio of 2:46. This application supports ACL-based packet forwarding control on the outgoing interfaces of upstream or downstream traffic.

tapping-aggr: Specifies the tapping aggregation mode, which supports mirroring traffic to other interfaces.

Usage guidelines

If a switch has two FPGAs, you can specify different modes for them. For the H3C developed modes (multi-sec-mux, fast-mux, sec-mux-enhance, and tapping-aggr), the first FPGA supports all modes, and the second FPGA supports only the tapping aggregation mode. The device does not support user-developed modes.

To successfully change the FPGA mode, first delete the FastMux groups, Mux groups, Demux groups, monitor ports for tapping aggregation, applied QoS policies, and packet filters (packet-filter) in the current mode.

To upgrade the FPGA by using an H3C developed mode, specify the multi-sec-mux, fast-mux, sec-mux-enhance, or tapping-aggr keyword.

Examples

# Upgrade the FPGA firmware to the FastMux mode.

<Sysname> firmware update slot 1 fpga 0 fast-mux

Updating firmware for FPGA on the specified card or subcard. Continue?[Y/N]:y

Updating the firmware.............................Done.

mux

Use mux to create a Mux group and enter its view, or enter the view of an existing Mux group.

Use undo mux to restore the default.

Syntax

mux mux-id fpga fpga-number

undo mux mux-id fpga fpga-number

Default

No Mux group exists.

Views

System view

Predefined user roles

network-admin

Parameters

mux-id: Specifies a Mux group by its ID. In enhanced SecurityMux mode, the value is 1. In multi-group SecurityMux mode, the value range is 1 to 4.

fpga fpga-number: Specifies the FPGA associated with the Mux group. The fpga-number argument specifies an FPGA firmware number.

Usage guidelines

A Mux group can achieve ultra-low latency traffic forwarding. You can add one upstream interface and multiple downstream interfaces to a Mux group. Packets from the downstream interfaces are sent to the upstream interface, which lowers latency.

A Mux group and a Demux group are used together. A Mux group is used to process upstream traffic, and a Demux group is used to process downstream traffic.

Before you can modify or delete a Mux group, you must delete all Demux groups on the switch.

Before you modify a Mux group, first delete the existing Demux groups from the device. Deleting a Mux group will also delete the existing Demux groups from the device.

Examples

# Create Mux group 1 and enter its view.

<Sysname> system-view

[Sysname] mux 1 fpga 0

[Sysname-mux-group-1-fpga-0]

Related commands

downstream-port

upstream-port

source-interface

Use source-interface to specify the source interface.

Use undo source-interface to restore the default.

Syntax

source-interface interface-type interface-number

undo source-interface

Default

No source interface is specified.

Views

Layer 2 Ethernet interface view

Layer 3 Ethernet interface view

Predefined user roles

network-admin

Parameters

interface-type interface-number: Specifies an interface by its type and number.

Usage guidelines

To enable fast forwarding of packets, you can execute this command to specify a source interface for the current interface. When the source interface receives a packet, the packet will be directly forwarded out the current interface.

The specified source interface must be on the same device as the current interface.

To avoid congestion when traffic is forwarded from a source interface to a destination interface, make sure they are installed with transceiver modules operating at the same speed.

As a best practice, do not configure multiple interfaces for cascading. If you do that, interfaces might flap. For example, after you use the source-interface command to configure interface B as the source interface for interface A, do not configure interface A as the source interface for other interfaces.

If you execute this command multiple times, the most recent configuration takes effect.

In R6712P02 and later versions, the source-interface command is mutually exclusive with the enhanced-connection destination-interface or enhanced-connection source-interface command.

Examples

# Configure Ten-GigabitEthernet1/0/2 as the source interface of Ten-GigabitEthernet1/0/1.

<Sysname> system-view

[Sysname] interface Ten-GigabitEthernet 1/0/1

[Sysname-Ten-GigabitEthernet1/0/1] source-interface Ten-GigabitEthernet 1/0/2

Related commands

connection-interface

destination-interface

enhanced-connection destination-interface (supported only in R6712P02 and later versions)

enhanced-connection source-interface (supported only in R6712P02 and later versions)

transceiver tx-disable

Use transceiver tx-disable to disable the transceiver module installed in an interface from sending packets.

Use transceiver tx-enable to enable the transceiver module installed in an interface to send packets.

Syntax

transceiver { tx-disable | tx-enable }

Default

A transceiver module installed in an interface can send packets.

Views

Layer 2 Ethernet interface view

Layer 3 Ethernet interface view

Predefined user roles

network-admin

Usage guidelines

After a connection is established, executing the transceiver tx-disable command will interrupt the connection.

· When a 10-Gbps transceiver module is installed in an SFP+ interface, both the local and peer interface will go down.

· When a 1-Gbps transceiver module is installed in an SFP+ interface, the local interface status will not change, while the peer interface will go down.

Examples

# Disable the transceiver module installed in interface Ten-GigabitEthernet1/0/1 from sending packets.

<Sysname> system-view

[Sysname] interface Ten-GigabitEthernet 1/0/1

[Sysname-Ten-GigabitEthernet1/0/1] transceiver tx-disable

# Enable the transceiver module installed in interface Ten-GigabitEthernet1/0/1 to send packets.

<Sysname> system-view

[Sysname] interface Ten-GigabitEthernet 1/0/1

[Sysname-Ten-GigabitEthernet1/0/1] transceiver tx-enable

upstream-port

Use upstream-port to configure upstream interfaces.

Use undo upstream-port to delete upstream interfaces.

Syntax

FastMux group view/Mux group view:

upstream-port interface-list [ monitportlist interface-list | redirect-mode mode-number ]

undo upstream-port interface-list [ monitportlist interface-list | redirect-mode mode-number ]

Demux group view:

upstream-port interface-list

undo upstream-port interface-list

Default

No upstream interfaces exist.

Views

FastMux group view

Mux group view

Demux group view

Predefined user roles

network-admin

Parameters

monitportlist interface-list: Specifies the monitor port list. If you do not specify this option, the traffic is forwarded to only upstream interfaces.

redirect-mode mode-number: Specifies a redirection mode by its number in the range of 0 to 1. The default value for the mode-number argument is 0. The redirection modes are as follows:

· 0—Forwards packets to the upstream interface and copies them to the monitor ports. These interfaces use the same FPGA.

· 1—Forwards packets to the upstream interface and copies them to the monitor ports and the internal interface on the FPGA in tapping aggregation mode. Traffic on the internal interface of the FPGA in tapping aggregation mode is forwarded out of monitor ports on the FPGA.

NOTE:

Redirection mode 1 is supported only on devices that have two FPGAs.

Usage guidelines

You can execute this command multiple times to configure multiple upstream interfaces or configure the mapping interface list and redirection mode for an upstream interface.

If you configure an interface as an upstream interface, you cannot configure it as the following interfaces:

· Monitor port (configured by using the monitportlist interface-list option in the upstream-port command).

· Downstream interface.

· Monitor port for a local mirroring group (configured by using the mirroring-group monitor-port command).

If you configure an interface as a monitor port by using the monitportlist interface-list option in the upstream-port command, you cannot configure it as the following interfaces:

· Upstream interface.

· Downstream interface.

· Source interface.

· Destination interface.

· Monitor port for another upstream port (configured by using the upstream-port interface-list monitportlist interface-list command).

· Monitor port for a local mirroring group (configured by using the mirroring-group monitor-port command).

In R6712P02 and later versions, when the L1 forwarding source interface (source-interface) and the L1 forwarding destination interface (destination-interface) are the same, do not configure the interface as the upstream interface (upstream-port interface-list) of a Mux or Demux group.

The upstream interface statistics of a FastMux group occupy pipe port statistics resources. If L1 interfaces use all 13 pipe port statistics resources, traffic statistics cannot be collected for upstream interfaces in a FastMux group.

Examples

# In FastMux group view, configure Ethernet interface Ten-GigabitEthernet1/0/1 as an upstream interface.

<Sysname> system-view

[Sysname] fast-mux 1 type 1 fpga 0

[Sysname-fast-mux-group-1] upstream-port Ten-GigabitEthernet 1/0/1

Related commands

downstream-port

Port mirroring

display mirroring-group

Use display mirroring-group to display mirroring group information.

Syntax

display mirroring-group { group-id [ interface interface-type interface-number ] | all | local }

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

group-id: Specifies a mirroring group by its number. The value range for this argument is 1.

interface interface-type interface-number: Displays the statistics of an interface specified by its type and number in a mirroring group. If this option is not specified, this command displays the mirroring group information. This option is supported only in R6712P02 and later versions. Specifying this option will display statistics for the specified interface in the mirroring group only when the FPGA mode is set to tapping-aggr (FPGA aggregation mode).

all: Specifies all mirroring groups.

local: Specifies local mirroring groups.

Usage guidelines

Mirroring group information includes the type, status, and content of a mirroring group. It is sorted by mirroring group number.

Examples

# Display information about all mirroring groups.

<Sysname> display mirroring-group all

Mirroring group 1:

FPGA: 1

Type: Local

Status: Active

Mirroring mux group:

Mux-downstream 1 FPGA 0 Inbound

Input : 0 packets, 0 bytes

0 unicasts, 0 broadcasts, 0 multicasts

0 drops, 0 CRC

Monitor port:

Ten-GigabitEthernet1/0/2

Output: 0 packets, 0 bytes

0 unicasts, 0 broadcasts, 0 multicasts

# Display information about the specified source interface of mirroring group 1. (Supported only in R6712P02 and later versions.)

<Sysname> display mirroring-group 1 interface Ten-GigabitEthernet1/0/5

Ten-GigabitEthernet1/0/5:

mirroring-group 1 mirroring-port inbound

Input:

Total: 0 packets, 0 bytes

0 unicasts, 0 broadcasts, 0 multicasts

0 drops, 0 CRC

1519-n : 0 packets

1024-1518: 0 packets

512-1023 : 0 packets

256-511 : 0 packets

128-255 : 0 packets

65-127 : 0 packets

n-64 : 0 packets

Table 6 Command output

Field	Description
Mirroring group	Number of the mirroring group.
Type	Type of the mirroring group: · Local. · Remote source. · Remote destination.
Status	Status of the mirroring group: · Active—The mirroring group has taken effect. · Incomplete—The mirroring group configuration is not complete and does not take effect.
FPGA	FPGA associated with a mirroring group.
Mirroring port	Source port.
Mirroring mux group	Source mux group.
Mux-downstream 1 FPGA 0 inbound	Mirrors only packets received on downstream interfaces in mux group 1 associated with FPGA 0.
Monitor port	Destination port.
Input	Input mirrored packets. This field is supported only in R6712P02 and later versions.
Output	Output mirrored packets. This field is supported only in R6712P02 and later versions.
Inbound	Packets received on interfaces are mirrored. This field is supported only in R6712P02 and later versions.
Total	Interface traffic statistics for the mirroring group. This field is supported only in R6712P02 and later versions.
packets	Total number of packets. This field is supported only in R6712P02 and later versions.
bytes	Total number of bytes. This field is supported only in R6712P02 and later versions.
unicasts	Number of unicast packets. This field is supported only in R6712P02 and later versions.
broadcasts	Number of broadcast packets. This field is supported only in R6712P02 and later versions.
multicasts	Number of multicast packets. This field is supported only in R6712P02 and later versions.
drops	Number of dropped packets. This field is supported only in R6712P02 and later versions.
CRC	Number of CRC error packets. This field is supported only in R6712P02 and later versions.
1519-n	Number of packets larger than 1519 bytes. This field is supported only in R6712P02 and later versions.
n-64	Number of packets smaller than 64 bytes. This field is supported only in R6712P02 and later versions.
1024-1518	Number of packets with lengths in the range of 1024 to 1518 bytes. This field is supported only in R6712P02 and later versions.
512-1023	Number of packets with lengths in the range of 512 to 1023 bytes. This field is supported only in R6712P02 and later versions.
256-511	Number of packets with lengths in the range of 256 to 511 bytes. This field is supported only in R6712P02 and later versions.
128-255	Number of packets with lengths in the range of 128 to 255 bytes. This field is supported only in R6712P02 and later versions.
65-127	Number of packets with lengths in the range of 65 to 127 bytes. This field is supported only in R6712P02 and later versions.

mirroring-group

Use mirroring-group to create a mirroring group.

Use undo mirroring-group to delete mirroring groups.

Syntax

mirroring-group group-id local fpga fpga-number

undo mirroring-group { group-id | all | local }

Default

No mirroring groups exist.

Views

System view

Predefined user roles

network-admin

Parameters

group-id: Specifies a mirroring group ID. The value range for this argument is fixed at 1.

local: Specifies local mirroring groups.

fpga fpga-number: Specifies a Field Programmable Gate Array (FPGA). The fpga-number argument specifies an FPGA firmware number. You must specify an FPGA firmware number in multi-group SecurityMux mode or tapping aggregation mode.

all: Specifies all mirroring groups.

Usage guidelines

Only one mirroring group is supported.

Examples

# Create local mirroring group 1.

<Sysname> system-view

[Sysname] mirroring-group 1 local fpga 1

mirroring-group mirroring-mux

Use mirroring-group mirroring-mux to configure a source mux group for a local FPGA mirroring group.

Use undo mirroring-group mirroring-mux to delete the specified source mux group from a local FPGA mirroring group.

Syntax

mirroring-group group-id mirroring-mux { demux-downstream demux-id | fast-mux-downstream fast-mux-id| mux-downstream mux-id } fpga fpga-number inbound

undo mirroring-group group-id mirroring-mux { fast-mux-downstream fast-mux-id| mux-downstream mux-id } fpga fpga-number

Default

No source mux group is configured for a local FPGA mirroring group.

Views

System view

Predefined user roles

network-admin

Parameters

group-id: Specifies a mirroring group by its ID. The mirroring group ID is fixed at 1, and the mirroring group must have been created.

demux-downstream demux-id: Specifies downstream interfaces in a Demux group. The demux-id argument specifies a Demux group by its ID in the range of 1 to 4.

fast-mux-downstream fast-mux-id: Specifies downstream interfaces in a FastMux group. The fast-mux-id argument specifies a FastMux group by its ID in the range of 1 to 4.

mux-downstream mux-id: Specifies downstream interfaces in a Mux group. The mux-id argument specifies a mux group by its ID in the range of 1 to 4.

inbound: Mirrors only incoming packets of downstream interfaces.

Usage guidelines

In R6712P02 and later versions, if you configure an interface as a source interface of a mirroring group, the interface can come up without L1 or L1.5 connection configuration.

Examples

# Create local mirroring group 1, configure downstream interfaces in the FastMux group as the source interfaces of the mirroring group, and mirrors only incoming packets of downstream interfaces.

<Sysname> system-view

[Sysname] mirroring-group 1 local fpga 1

[Sysname] mirroring-group 1 fast-mux-downstream 1 fpga 0 inbound

Related commands

mirroring-group

mirroring-group mirroring-port (interface view)

Use mirroring-group mirroring-port to configure a port as a source port for a mirroring group.

Use undo mirroring-group mirroring-port to restore the default.

Syntax

mirroring-group group-id mirroring-port inbound

undo mirroring-group group-id mirroring-port

Default

A port does not act as a source port for any mirroring groups.

Views

Interface view

Predefined user roles

network-admin

Parameters

group-id: Specifies a mirroring group by its ID. The mirroring group ID is fixed at 1, and the mirroring group must have been created.

inbound: Mirrors only received packets.

Usage guidelines

A source port cannot be used as the monitor port of its mirroring group. A monitor port cannot be used as a source port.

In R6712P02 and later versions, if you configure an interface as a source interface of a mirroring group, the interface can come up without L1 or L1.5 connection configuration.

Examples

# Create local mirroring group 1, configure Ten-GigabitEthernet1/0/1 as its source interface, and mirrors only received packets.

<Sysname> system-view

[Sysname] mirroring-group 1 local fpga 1

[Sysname] interface ten-gigabitethernet 1/0/1

[Sysname-Ten-GigabitEthernet1/0/1] mirroring-group 1 mirroring-port inbound

Related commands

mirroring-group

mirroring-group mirroring-port (system view)

Use mirroring-group mirroring-port to configure source ports for a mirroring group.

Use undo mirroring-group mirroring-port to remove source ports from a mirroring group.

Syntax

mirroring-group group-id mirroring-port interface-list inbound

undo mirroring-group group-id mirroring-port interface-list

Default

No source port is configured for a mirroring group.

Views

System view

Predefined user roles

network-admin

Parameters

group-id: Specifies a mirroring group by its ID. The mirroring group ID is fixed at 1, and the mirroring group must have been created.

interface-list: Specifies a space-separated list of up to eight interface items. Each item specifies an interface by its type and number or specifies a range of interfaces in the form of interface-type interface-number1 to interface-type interface-number2. When you specify a range of interfaces, the interfaces must be of the same type and on the same slot. The start interface number must be identical to or lower than the end interface number.

inbound: Mirrors only received packets.

Usage guidelines

A source port cannot be used as the monitor port of its mirroring group. A monitor port cannot be used as a source port.

In R6712P02 and later versions, if you configure an interface as a source interface of a mirroring group, the interface can come up without L1 or L1.5 connection configuration.

Examples

# Create local mirroring group 1, configure Ten-GigabitEthernet1/0/1 as its source interface, and mirrors only received packets.

<Sysname> system-view

[Sysname] mirroring-group 1 local fpga 1

[Sysname] mirroring-group 1 mirroring-port ten-gigabitethernet 1/0/1 inbound

Related commands

mirroring-group

mirroring-group monitor-port (interface view)

Use mirroring-group monitor-port to configure a port as the monitor port for a mirroring group.

Use undo mirroring-group monitor-port to restore the default.

Syntax

mirroring-group group-id monitor-port

undo mirroring-group group-id monitor-port

Default

A port does not act as the monitor port for any mirroring groups.

Views

Interface view

Predefined user roles

network-admin

Parameters

group-id: Specifies a mirroring group by its ID. The mirroring group ID is fixed at 1, and the mirroring group must have been created.

Usage guidelines

A maximum of four mirroring destination interfaces are supported.

If you configure an interface as the monitor port in a mirroring group, you cannot configure it as the following interfaces:

· Upstream interface.

· Downstream interface.

· Source interface.

· Destination interface.

· Monitor port (configured by using the upstream-port interface-list monitportlist interface-list command).

· Source port of the mirroring group (configured by using the mirroring-group group-id mirroring-port interface-type interface-number command).

Examples

# Create local mirroring group 1, and specify Ten-GigabitEthernet1/0/1 as the destination interface.

<Sysname> system-view

[Sysname] mirroring-group 1 local fpga 1

[Sysname] interface ten-gigabitethernet 1/0/1

[Sysname-Ten-GigabitEthernet1/0/1] mirroring-group 1 monitor-port

Related commands

mirroring-group

mirroring-group monitor-port (system view)

Use mirroring-group monitor-port to configure the monitor ports for a mirroring group.

Use undo mirroring-group monitor-port to remove the monitor ports from a mirroring group.

Syntax

mirroring-group group-id monitor-port interface-type interface-number

undo mirroring-group group-id monitor-port interface-type interface-number

Default

No monitor port is configured for a mirroring group.

Views

System view

Predefined user roles

network-admin

Parameters

group-id: Specifies a mirroring group by its ID. The mirroring group ID is fixed at 1, and the mirroring group must have been created.

interface-type interface-number: Specifies an interface by its type and number.

Usage guidelines

A maximum of four mirroring destination interfaces are supported.

If you configure an interface as the monitor port in a mirroring group, you cannot configure it as the following interfaces:

· Upstream interface.

· Downstream interface.

· Source interface.

· Destination interface.

· Monitor port (configured by using the upstream-port interface-list monitportlist interface-list command).

· Source port of the mirroring group (configured by using the mirroring-group group-id mirroring-port interface-type interface-number command).

Examples

# Create local mirroring group 1, and specify Ten-GigabitEthernet1/0/1 as the destination interface.

<Sysname> system-view

[Sysname] mirroring-group 1 local fpga 1

[Sysname] mirroring-group 1 monitor-port ten-gigabitethernet 1/0/1

Related commands

mirroring-group

Traffic filtering commands

acl

Use acl to create an ACL and enter its view, or enter the view of an existing ACL.

Use undo acl to delete the specified or all ACLs.

Syntax

Command for creating an IPv4 ACL by specifying a number:

acl { name acl-name | number acl-number [ name acl-name ] [ match-order config ] }

undo acl { all | name acl-name | number acl-number }

Command for creating an IPv4 ACL by specifying the advanced keyword:

acl { advanced } { acl-number | name acl-name } [ match-order config ]

undo acl { all | { advanced } { acl-number | name acl-name } }

Default

No ACLs exist.

Views

System view

Predefined user roles

network-admin

Parameters

advanced: Specifies the advanced ACL type.

acl-number: Assigns a number to the ACL. The value range is 3000 to 3999 for advanced ACLs.

name acl-name: Assigns a name to the ACL. The acl-name argument is a case-insensitive string of 1 to 63 characters. It must start with an English letter and to avoid confusion, it cannot be all.

match-order config: Compares ACL rules against packets in ascending order of rule ID.

all: Specifies all ACLs of the specified type.

Usage guidelines

If you create a numbered ACL, you can enter the view of the ACL by using either of the following commands:

· acl number acl-number

· acl advanced acl-number

If you create an ACL by using the acl number acl-number name acl-name command, you can enter the view of the ACL by using either of the following commands:

· acl name acl-name (you can use this command to enter only the view of an existing ACL)

· acl number acl-number [ name acl-name ]

· acl advanced name acl-name

If you create a named ACL by using the acl advanced name acl-name command, you can enter the view of the ACL by using either of the following commands:

· acl name acl-name (you can use this command to enter only the view of an existing ACL)

· acl advanced name acl-name

You can change the match order only for ACLs that do not contain any rules.

Examples

# Create IPv4 advanced ACL 3000 and enter its view.

<Sysname> system-view

[Sysname] acl advanced 3000

[Sysname-acl-ipv4-adv-3000]

Related commands

display acl

Use display acl to display ACL configuration and match statistics.

Syntax

display acl { acl-number | all | name acl-name }

Views

Any view

Predefined user roles

network-admin

Parameters

acl-number: Specifies an advanced ACL by its number in the range of 3000 to 3999.

all: Specifies all ACLs of the specified type.

name acl-name: Specifies an ACL by its name. The acl-name argument is a case-insensitive string of 1 to 63 characters.

Usage guidelines

This command displays ACL rules in config or auto order, whichever is configured.

Examples

# Display configuration and match statistics for IPv4 advanced ACL 3001.

<Sysname> display acl 3001

Advanced IPv4 ACL 3000, 1 rule,

ACL's step is 5, start ID is 0

rule 0 deny tcp source 100.1.1.1 0

display buffer usage interface

Use display buffer usage interface to display buffer usage statistics for interfaces.

Syntax

display buffer usage interface [ interface-type [ interface-number ] ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

interface-type interface-number: Specifies an interface by its type and number. If you do not specify the interface-type argument, this command displays buffer usage statistics for all Ethernet interfaces. If you specify the interface-type argument without the interface-number argument, this command displays buffer usage statistics for all Ethernet interfaces of the specified type.

Examples

# Display brief buffer usage statistics for GigabitEthernet 1/0/1.

<Sysname> display buffer usage interface ten-gigabitethernet 1/0/1

Interface QueueID Total Used Threshold(%) Violations

--------------------------------------------------------------------------------

XGE1/0/1 0 65536 0 60 0

1 0 0 60 0

2 0 0 60 0

3 0 0 60 0

4 0 0 60 0

5 0 0 60 0

6 0 0 60 0

7 0 0 60 0

Table 7 Command output

Field	Description
Interface	Interface name.
QueueID	Queue number. The device currently only supports queue 0.
Total	Data buffer size in bytes allowed for a queue.
Used	Data buffer size in bytes that has been used by a queue.
Threshold(%)	Buffer usage threshold for a queue. The threshold value is the same as the per-interface threshold value. This field is fixed at 60 and does not support modification currently.
Violations	Number of threshold violations for a queue. The value of this field is reset upon a switch reboot.

display qos policy interface

Use display qos policy interface to display the QoS policies applied to interfaces.

Syntax

display qos policy interface [ interface-type interface-number ] [ outbound ]

Views

Any view

Predefined user roles

network-admin

Parameters

interface-type interface-number: Specifies an interface by its type and number. If you do not specify an interface, this command displays QoS policies applied to all interfaces.

outbound: Specifies the QoS policies applied to the outbound direction.

Examples

# Display the QoS policy applied to the outgoing traffic of Ten-GigabitEthernet1/0/1.

<Sysname> display qos policy interface ten-gigabitethernet 1/0/1

Interface: Ten-GigabitEthernet1/0/1

Direction: Outbound

Policy: p1

Classifier: c1

Operator: AND

Rule(s) :

If-match any

Behavior: b1

Filter enable: Deny

Classifier: c2

Operator: AND

Rule(s) :

If-match acl 3000

Behavior: b2

Filter enable: Permit

filter

Use filter to configure a traffic filtering action in a traffic behavior.

Use undo filter to restore the default.

Syntax

filter { deny | permit }

undo filter

Default

No traffic filtering action is configured.

Views

Traffic behavior view

Predefined user roles

network-admin

Parameters

deny: Drops packets.

permit: Transmits packets.

Examples

# Configure a traffic filtering action as deny in traffic behavior database.

<Sysname> system-view

[Sysname] traffic behavior database

[Sysname-behavior-database] filter deny

if-match

Use if-match to define a match criterion.

Use undo if-match to delete a match criterion.

Syntax

if-match match-criteria

undo if-match match-criteria

Default

No match criterion is configured.

Views

Traffic class view

Predefined user roles

network-admin

Parameters

match-criteria: Specifies a match criterion. Table 8 shows the available match criteria.

Table 8 Available match criteria

Value	Description
acl { acl-number \| name acl-name }	Matches an ACL. · The acl-number argument is an integer in the range of 3000 to 3999. · The acl-name argument is a case-insensitive string of 1 to 63 characters, which must start with an English letter. To avoid confusion, make sure the argument is not all.
any	Matches all packets.

Value

Description

acl { acl-number | name acl-name }

Matches an ACL.

· The acl-number argument is an integer in the range of 3000 to 3999.

· The acl-name argument is a case-insensitive string of 1 to 63 characters, which must start with an English letter. To avoid confusion, make sure the argument is not all.

any

Matches all packets.

‌

Usage guidelines

In a traffic class, you can configure multiple if match commands for any of the available match criteria.

When you configure ACL-based match criteria, make sure the ACL used as a match criterion already exists.

When the action of the ACL rule used by an if-match criterion is deny, the ACL rule action does not take effect, and the action defined in the traffic behavior is used.

Examples

# Define a match criterion for traffic class class1 to match ACL 3101.

<Sysname> system-view

[Sysname] traffic classifier class1

[Sysname-classifier-class1] if-match acl 3101

qos apply policy (interface view)

Use qos apply policy to apply a QoS policy to an interface.

Use undo qos apply policy to remove an applied QoS policy.

Syntax

qos apply policy policy-name outbound

undo qos apply policy policy-name outbound

Default

No QoS policy is applied.

Views

Interface view

Predefined user roles

network-admin

Parameters

policy-name: Specifies a QoS policy by its name, a case-sensitive string of 1 to 31 characters.

outbound: Applies the QoS policy to the outbound direction.

Usage guidelines

If you apply QoS policies both globally and to an interface, the QoS configuration on the interface takes priority. If no configuration is applied to an interface, the global configuration will be used.

In versions earlier than R6712P03, each interface supports a maximum of eight ACL rules. In the allowlist feature, the rule used to deny all traffic is also counted as one ACL rule.

In R6712P03 and later versions, each interface supports up to four ACL rules. In the allowlist feature, the rule used to deny all traffic is also counted as one ACL rule.

If you perform either of the following operations when continuous traffic exists on the device, the actions on the packets passed will not match correctly within a short period of time:

· Apply a QoS policy globally and then apply it to an interface.

· Apply a QoS policy to an interface and then apply it globally.

Examples

# Apply QoS policy TEST1 to the outgoing traffic of Ten-GigabitEthernet1/0/1.

<Sysname> system-view

[Sysname] interface ten-gigabitethernet 1/0/1

[Sysname-Ten-GigabitEthernet1/0/1] qos apply policy TEST1 outbound

qos apply policy global

Use qos apply policy global to apply a QoS policy globally.

Use undo qos apply policy global to remove a globally applied QoS policy.

Syntax

qos apply policy policy-name global outbound

undo qos apply policy policy-name global outbound

Default

No QoS policy is applied globally.

Views

System view

Predefined user roles

network-admin

Parameters

policy-name: Specifies a QoS policy by its name, a case-sensitive string of 1 to 31 characters.

outbound: Applies the QoS policy to the outbound direction.

Usage guidelines

A QoS policy applied globally takes effect on traffic of all interfaces.

If you perform either of the following operations when continuous traffic exists on the device, the actions on the packets passed will not match correctly within a short period of time:

· Apply a QoS policy globally and then apply it to an interface.

· Apply a QoS policy to an interface and then apply it globally.

Examples

# Globally apply generic QoS policy user1 to the outgoing traffic.

<Sysname> system-view

[Sysname] qos apply policy user1 global outbound

qos policy

Use qos policy to create a QoS policy and enter its view, or enter the view of an existing QoS policy.

Use undo qos policy to delete a QoS policy.

Syntax

qos policy policy-name

undo qos policy policy-name

Default

No QoS policies exist.

Views

System view

Predefined user roles

network-admin

Parameters

policy-name: Specifies a name for the QoS policy, a case-sensitive string of 1 to 31 characters.

Usage guidelines

To delete a QoS policy that has been applied to an object, you must first remove the QoS policy from the object.

Examples

# Create a generic QoS policy named user1.

<Sysname> system-view

[Sysname] qos policy user1

[Sysname-qospolicy-user1]

Related commands

qos apply policy

qos apply policy global

rule (IPv4 advanced ACL view)

Use rule to create or edit an IPv4 advanced ACL rule.

Use undo rule to delete an entire IPv4 advanced ACL rule or some attributes in the rule.

Syntax

rule [ rule-id ] { deny | permit } protocol [ destination dest-address dest-wildcard | destination-port operator port1 [ port2 ] | source source-address source-wildcard | source-port operator port1 [ port2 ] ]*

undo rule [ rule-id ] { deny | permit } protocol [ destination dest-address dest-wildcard | destination-port operator port1 [ port2 ] | source source-address source-wildcard | source-port operator port1 [ port2 ] ]*

Default

No IPv4 advanced ACL rules exist.

Views

IPv4 advanced ACL view

Predefined user roles

network-admin

Parameters

rule-id:: Specifies a rule ID in the range of 0 to 65534. If you do not specify a rule ID when creating an ACL rule, the system automatically assigns it a rule ID. This rule ID is the nearest higher multiple of the numbering step to the current highest rule ID, starting from the start rule ID. For example, if the rule numbering step is 5 and the current highest rule ID is 28, the rule is numbered 30.

deny: Denies matching packets.

permit: Allows matching packets to pass.

protocol: Specifies a protocol carried over IPv4 by its number in the range of 0 to 255 or by its keyword, as shown in Table 9. Versions earlier than R6712P02 only support matching TCP and UDP protocol packets.

Table 9 Protocols carried over IPv4

Number	Keyword	Description
N/A	ip	Matches IPv4 packets. (Supported only in R6712P03 and later versions.)
1	icmp	Matches ICMP packets. (Supported only in R6712P02 and later versions.)
2	igmp	Matches IGMP packets. (Supported only in R6712P02 and later versions.)
4	ipinip	Matches IP-in-IP packets. (Supported only in R6712P02 and later versions.)
6	tcp	Matches TCP packets.
17	udp	Matches UDP packets.
47	gre	Matches GRE packets. (Supported only in R6712P02 and later versions.)
89	ospf	Matches OSPF packets. (Supported only in R6712P02 and later versions.)

‌

Table 10 describes the parameters that you can specify, regardless of the value for the protocol argument.

Table 10 Match criteria and other rule information for IPv4 advanced ACL rules

Parameters	Function	Description
source source-address source-wildcard	Specifies a source IPv4 address.	The source-address argument specifies an IPv4 source address. The source-wildcard argument specifies the wildcard mask of the source address. 0 represents host address.
destination dest-address dest-wildcard	Specifies a destination IPv4 address.	The dest-address argument specifies a destination IPv4 address. The dest-wildcard argument specifies the wildcard mask of the destination address. 0 represents host address.

Parameters

Function

Description

source source-address source-wildcard

Specifies a source IPv4 address.

The source-address argument specifies an IPv4 source address.

The source-wildcard argument specifies the wildcard mask of the source address. 0 represents host address.

destination dest-address dest-wildcard

Specifies a destination IPv4 address.

The dest-address argument specifies a destination IPv4 address.

The dest-wildcard argument specifies the wildcard mask of the destination address. 0 represents host address.

Table 11 TCP/UDP-specific parameters for IPv4 advanced ACL rules

Parameters	Function	Description
source-port operator port1 [ port2 ]	Specifies one or more UDP or TCP source ports.	The operator argument can be lt (lower than), gt (greater than), eq (equal to), or range (inclusive range). The port1 and port2 arguments are TCP or UDP port numbers in the range of 0 to 65535. The port2 argument is needed only when the operator argument is range. TCP port numbers can be represented as: chargen (19), bgp (179), cmd (514), daytime (13), discard (9), dns (53), domain (53), echo (7), exec (512), finger (79), ftp (21), ftp-data (20), gopher (70), hostname (101), irc (194), klogin (543), kshell (544), login (513), lpd (515), nntp (119), pop2 (109), pop3 (110), smtp (25), sunrpc (111), tacacs (49), talk (517), telnet (23), time (37), uucp (540), whois (43), and www (80). UDP port numbers can be represented as: biff (512), bootpc (68), bootps (67), discard (9), dns (53), dnsix (90), echo (7), mobilip-ag (434), mobilip-mn (435), nameserver (42), netbios-dgm (138), netbios-ns (137), netbios-ssn (139), ntp (123), rip (520), snmp (161), snmptrap (162), sunrpc (111), syslog (514), tacacs-ds (65), talk (517), tftp (69), time (37), who (513), and xdmcp (177).
destination-port operator port1 [ port2 ]	Specifies one or more UDP or TCP destination ports.

Parameters

Function

Description

source-port operator port1 [ port2 ]

Specifies one or more UDP or TCP source ports.

The operator argument can be lt (lower than), gt (greater than), eq (equal to), or range (inclusive range).

The port1 and port2 arguments are TCP or UDP port numbers in the range of 0 to 65535. The port2 argument is needed only when the operator argument is range.

TCP port numbers can be represented as: chargen (19), bgp (179), cmd (514), daytime (13), discard (9), dns (53), domain (53), echo (7), exec (512), finger (79), ftp (21), ftp-data (20), gopher (70), hostname (101), irc (194), klogin (543), kshell (544), login (513), lpd (515), nntp (119), pop2 (109), pop3 (110), smtp (25), sunrpc (111), tacacs (49), talk (517), telnet (23), time (37), uucp (540), whois (43), and www (80).

UDP port numbers can be represented as: biff (512), bootpc (68), bootps (67), discard (9), dns (53), dnsix (90), echo (7), mobilip-ag (434), mobilip-mn (435), nameserver (42), netbios-dgm (138), netbios-ns (137), netbios-ssn (139), ntp (123), rip (520), snmp (161), snmptrap (162), sunrpc (111), syslog (514), tacacs-ds (65), talk (517), tftp (69), time (37), who (513), and xdmcp (177).

destination-port operator port1 [ port2 ]

Specifies one or more UDP or TCP destination ports.

Usage guidelines

If the specified rule does not exist when you execute the rule command, the command automatically creates the rule. If the specified rule already exists, the command appends the new configuration to the rule.

Within an ACL, the permit or deny statement of each rule must be unique. If the rule you are creating or editing has the same deny or permit statement as another rule in the ACL, the rule will not be created or changed.

You can edit ACL rules only when the match order is config.

To view the existing IPv4 advanced ACL rules, use the display acl all command.

An ACL supports matching only the 5-tuple (source IP, destination IP, source port, destination port, and protocol type).

The undo rule rule-id command without any optional parameters deletes an entire rule. If you specify optional parameters, the undo rule rule-id command deletes the specified attributes for a rule.

The undo rule { deny | permit } command can only be used to delete an entire rule. You must specify all the attributes of the rule for the command.

When you configure the denylist feature, you cannot configure permit rules. For the allowlist feature, you must configure the first rule as rule 0 deny ip, and you can configure only permit rules subsequently.

To configure an IPv4 allowlist:

1. In the same ACL, configure the first rule as rule 0 deny ip, and configure permit rules subsequently.

2. Reference the IPv4 ACL in the traffic or packet filtering feature.

After you configure the ACL allowlist feature, rule 0 deny ip will filter all packets, including IPv4 packets and those not of the 0x0800 type.

Examples

# Create an IPv4 advanced ACL rule to permit devices in the 129.9.0.0/16 network to establish connections with devices (WWW port 80) in the 202.38.160.0/24 network.

<Sysname> system-view

[Sysname] acl advanced 3000

[Sysname-acl-ipv4-adv-3000] rule permit tcp source 129.9.0.0 0.0.255.255 destination 202.38.160.0 0.0.0.255 source-port eq 80 destination-port eq 80

Related commands

acl

display acl

classifier behavior

Use classifier behavior to associate a traffic behavior with a traffic class in a QoS policy.

Use undo classifier to delete a class-behavior association from a QoS policy.

Syntax

classifier classifier-name behavior behavior-name

undo classifier classifier-name

Default

No traffic behavior is associated with a traffic class.

Views

QoS policy view

Predefined user roles

network-admin

Parameters

classifier-name: Specifies a traffic class by its name, a case-sensitive string of 1 to 31 characters.

behavior-name: Specifies a traffic behavior by its name, a case-sensitive string of 1 to 31 characters.

Usage guidelines

A traffic class can be associated only with one traffic behavior in a QoS policy.

If the specified traffic class or traffic behavior does not exist, the system defines a null traffic class or traffic behavior.

Examples

# Associate traffic class database with traffic behavior test in QoS policy user1.

<Sysname> system-view

[Sysname] qos policy user1

[Sysname-qospolicy-user1] classifier database behavior test

Related commands

qos policy

traffic classifier

Use traffic classifier to create a traffic class and enter traffic class view, or enter the view of an existing traffic class.

Use undo traffic classifier to delete a traffic class.

Syntax

traffic classifier classifier-name [ operator { and | or } ]

undo traffic classifier classifier-name

Default

No traffic class exists.

Views

System view

Predefined user roles

network-admin

Parameters

classifier-name: Specifies a traffic class by its name, a case-sensitive string of 1 to 31 characters.

operator: Sets the operator to logic AND (the default) or OR for the traffic class.

and: Specifies the logic AND operator. The traffic class matches the packets that match all its criteria.

or: Specifies the logic OR operator. The traffic class matches the packets that match any of its criteria.

Examples

# Create a traffic class named class1.

<Sysname> system-view

[Sysname] traffic classifier class1

[Sysname-classifier-class1]

Ethernet interface commands

counter enable

Use counter enable to enable traffic statistics collection on an interface.

Use undo counter enable to disable traffic statistics collection on an interface.

NOTE:

This command is supported only in R6712P02 and later versions.

Syntax

counter enable

undo counter enable

Default

Traffic statistics collection is enabled on an interface.

Views

Layer 2 Ethernet interface view

Layer 3 Ethernet interface view

Predefined user roles

network-admin

Usage guidelines

Application scenarios

This command can count the numbers of incoming packets and outgoing packets on an interface. You can use the display counters command to display the statistics.

Restrictions and guidelines

This command occupies statistics resources (13 in total) of the device, which are assigned by chips. After the device reboots or performs a configuration rollback, statistics resources might not be released and allocation of statistics resources might be affected.

As a best practice to prevent the peer interface from failing to come up, do not disable this feature.

To successfully execute the following commands, make sure traffic statistics collection is enabled:

· enhanced-connection destination-interface

· enhanced-connection source-interface

Examples

# Enable traffic statistics collection on Ten-GigabitEthernet 1/0/1.

<Sysname> system-view

[Sysname] interface ten-gigabitethernet 1/0/1

[Sysname-Ten-GigabitEthernet1/0/1] counter enable

Related commands

display counters

description

Use description to configure a description for the interface.

Use undo description to restore the default.

Syntax

description text

undo description

Default

The description of an interface is interface-name Interface, for example, Ten-GigabitEthernet1/0/1 Interface.

Views

Ethernet interface view

Predefined user roles

network-admin

Parameters

text: Specifies an interface description, a case-sensitive string of 1 to 255 characters.

Examples

# Configure lan-interface as the description of interface Ten-GigabitEthernet1/0/1.

<Sysname> system-view

[Sysname] interface ten-gigabitethernet 1/0/1

[Sysname-Ten-GigabitEthernet1/0/1] description lan-interface

display counters

Use display counters to display traffic statistics information about an interface.

Syntax

display counters { inbound | outbound } [ packet-size ] interface [ interface-type [ interface-number] ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

inbound: Displays incoming packet statistics information.

outbound: Displays outgoing packet statistics information.

packet-size: Displays packet length statistics. If you do not specify this keyword, this command does not display packet length statistics.

interface-type: Specifies an interface type.

interface-number: Specifies an interface number.

Usage guidelines

If you do not specify an interface type, this command displays traffic statistics information about all interfaces.

If you specify an interface type without specifying an interface number, this command displays traffic statistics information about all interfaces of the specified type.

If you specify an interface type and an interface number, this command displays traffic statistics information about the specified interface.

Examples

# Display incoming packet statistics information.

<Sysname> display counters inbound interface

Interface Total (pkts) Broadcast (pkts) Multicast (pkts) Err (pkts)

XGE1/0/1 100 100 0 0

XGE1/0/2 Overflow Overflow Overflow Overflow

Overflow: More than 14 digits (7 digits for column "Err").

--: Not supported.

# Display the packet length statistics of inbound traffic on the specified interface.

<Sysname> display counters inbound packet-size interface Ten-GigabitEthernet1/0/15

Interface Total(pkts) 64(pkts) 65-127(pkts)

128-255(pkts) 256-511(pkts)

512-1023(pkts) 1024-1518(pkts)

1519-n(pkts)

XGE1/0/15 2291577996 0 59734692

200264828 400496210

801023051 774421193

55521782

Overflow: More than 14 digits.

--: Not supported.

Table 12 Command output

Field	Description
Interface	Abbreviated interface name.
Total (pkts)	Total number of packets received or sent by the interface.
Broadcast (pkts)	Number of broadcast packets received or sent by the interface.
Multicast (pkts)	Number of multicast packets received or sent by the interface.
Err (pkts)	Number of error packets received or sent by the interface.
Overflow: More than 14 digits (7 digits for column "Err").	If the length of the value for a statistics item exceeds the display limit, the value for the statistics item displays Overflow. · For the Err item, the display limit is 7 decimal digits. · For other items, the display limit is 14 decimal digits.
--: Not supported.	If statistics for a field is not supported, the value for this field displays --.
64 (pkts)	Number of packets no longer than 64 bytes. This field is supported only in R6712P02 and later versions.
65-127 (pkts)	Number of packets with lengths in the range of 65 to 127 bytes. This field is supported only in R6712P02 and later versions.
128-255 (pkts)	Number of packets with lengths in the range of 128 to 255 bytes. This field is supported only in R6712P02 and later versions.
256-511 (pkts)	Number of packets with lengths in the range of 256 to 511 bytes. This field is supported only in R6712P02 and later versions.
512-1023 (pkts)	Number of packets with lengths in the range of 512 to 1023 bytes. This field is supported only in R6712P02 and later versions.
1024-1518 (pkts)	Number of packets with lengths in the range of 1024 to 1518 bytes. This field is supported only in R6712P02 and later versions.
1519-n (pkts)	Number of packets larger than 1519 bytes. This field is supported only in R6712P02 and later versions.

display counters rate

Use display counters rate to display traffic rate statistics for interfaces in up state within the most recent statistics polling interval.

Syntax

display counters rate { inbound | outbound } interface [ interface-type [ interface-number ] ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

inbound: Displays inbound traffic rate statistics.

outbound: Displays outbound traffic rate statistics.

interface-type: Specifies an interface type.

interface-number: Specifies an interface number.

Usage guidelines

If you do not specify an interface type, this command displays traffic rate statistics for all up interfaces that have traffic counters.

If you specify an interface type but do not specify an interface number, this command displays traffic rate statistics for all up interfaces of the specified type.

If you specify an interface type and an interface number, this command displays traffic rate statistics for the specified interface.

If an interface that you specify is always down for the most recent statistics polling interval, the system prompts that the interface does not support the command.

On the device, the statistics polling interval is fixed at 5 minutes.

Examples

# Display the inbound and outbound traffic rate statistics.

<Sysname> display counters rate inbound interface

Usage: Bandwidth utilization in percentage

Interface Usage (%) Total (pps) Broadcast (pps) Multicast (pps)

XGE1/0/1 0 0 -- --

Overflow: More than 14 digits.

--: Not supported.

Table 13 Command output

Field	Description
Interface	Abbreviated interface name.
Usage(%)	Bandwidth usage (in percentage) of the interface within the most recent statistics polling interval.
Total(pps)	Average receiving or sending rate (in pps) for all packets within the most recent statistics polling interval.
Broadcast(pps)	Average receiving or sending rate (in pps) for broadcast packets within the most recent statistics polling interval. On an RPR physical port, all broadcast and multicast packets received or sent are displayed as multicast packets.
Multicast(pps)	Average receiving or sending rate (in pps) for multicast packets within the most recent statistics polling interval. On an RPR physical port, all broadcast and multicast packets received or sent are displayed as multicast packets.
Overflow: more than 14 decimal digits	The command displays Overflow if the data length of a statistical item is greater than 14 decimal digits.
--: not supported	The statistical item is not supported.

display interface

Use display interface to display interface information.

Syntax

display interface [ interface-type [ interface-number ] ] [ brief [ description | down ] ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

interface-type: : Specifies an interface type.

interface-number: : Specifies an interface number.

brief: Displays brief interface information. If you do not specify this keyword, the command displays detailed interface information.

description: Displays complete interface descriptions. If you do not specify this keyword, the command displays only the first 25 characters of each interface description.

down: Displays information about interfaces in down state and the causes. If you do not specify this keyword, the command displays information about interfaces in all states.

Usage guidelines

If you do not specify an interface type, this command displays information about all interfaces.

If you specify an interface type but do not specify an interface number, this command displays information about all interfaces of the specified type.

Examples

# Display information about Ethernet interface Ten-GigabitEthernet 1/0/1.

<Sysname> display interface Ten-GigabitEthernet 1/0/1

Ten-GigabitEthernet1/0/1

Current state: UP

Line protocol state: UP

Description: Ten-GigabitEthernet1/0/1 Interface

Bandwidth: 10000000 kbps

Maximum transmission unit: 1500

Forbid jumbo frames to pass

Broadcast max-ratio: 100%

Multicast max-ratio: 100%

Unicast max-ratio: 100%

Known-unicast max-ratio: 100%

Internet protocol processing: Disabled

IP packet frame type: Ethernet II, hardware address: 0000-0000-0000

IPv6 packet frame type: Ethernet II, hardware address: 0000-0000-0000

Last link flapping: 0 hours 0 minutes 10 seconds

Last clearing of counters: 13:42:51 Sun 01/06/2013

Current system time:2013-01-06 19:59:30

Last time when physical state changed to up:2013-01-06 19:59:21

Last time when physical state changed to down:2013-01-06 13:38:46

Peak input rate: 0 bytes/sec, at 00-00-00 00:00:00

Peak output rate: 0 bytes/sec, at 00-00-00 00:00:00

Last 300 seconds input: 0 packets/sec 0 bytes/sec 0%

Last 300 seconds output: 0 packets/sec 0 bytes/sec 0%

Input (total): 0 packets, 0 bytes

0 unicasts, 0 broadcasts, 0 multicasts, 0 pauses

Input (normal): 0 packets, - bytes

- unicasts, - broadcasts, - multicasts, 0 pauses

Input: 0 input errors, 0 runts, 0 giants, 0 throttles

0 CRC, 0 frame, - overruns, 0 aborts

0 ignored, - parity errors

Output (total): 0 packets, 0 bytes

0 unicasts, 0 broadcasts, 0 multicasts, 0 pauses

Output (normal): 0 packets, - bytes

- unicasts, - broadcasts, - multicasts, 0 pauses

Output: 0 output errors, - underruns, - buffer failures

0 aborts, 0 deferred, 0 collisions, 0 late collisions

0 lost carrier, - no carrier

Table 14 Command output

Field	Description
Current state	Physical link state of the interface: · Administratively DOWN—The interface has been shut down by using the shutdown command. · DOWN—The interface is administratively up, but its physical state is down (possibly because no physical link exists or the link has failed). · UP—The interface is both administratively and physically up.
Line protocol state	Data link layer state of the interface. The state is determined through automatic parameter negotiation at the data link layer. · UP—The data link layer protocol is up. · UP (spoofing)—The data link layer protocol is up, but the link is an on-demand link or does not exist. This attribute is typical of null interfaces and loopback interfaces. · DOWN—The data link layer protocol is down.
Description	Description information of the interface.
Bandwidth	Expected bandwidth of the interface.
Maximum transmission unit	MTU of the interface.
Broadcast max-	Broadcast storm suppression threshold. This field is not supported in the current software version.
Multicast max-	Multicast storm suppression threshold. This field is not supported in the current software version.
Unicast max-	Unknown unicast storm suppression threshold. This field is not supported in the current software version.
Known-unicast max-	Known unicast storm suppression threshold. This field is not supported in the current software version.
Internet protocol processing: Disabled	The interface is not assigned an IP address. This field is not supported in the current software version.
IP packet frame type	IPv4 packet framing format. This field is not supported in the current software version.
hardware address	MAC address of the interface. This field is not supported in the current software version.
IPv6 packet frame type	IPv6 packet framing format. This field is not supported in the current software version.
Last link flapping	The amount of time that has elapsed since the most recent physical state change of the interface. This field displays Never if the interface has been physically down since device startup.
Last clearing of counters	Time when the reset counters interface command was last used to clear the interface statistics. This field displays Never if the reset counters interface command has never been used on the interface since device startup.
Current system time	Current system time in the YYYY/MM/DD HH:MM:SS format. If the time zone is configured, this field is in the YYYY/MM/DD HH:MM:SS zone-name±HH:MM:SS format, where the zone-name argument is the local time zone.
Last time when physical state changed to up	Last time when the physical state of the interface changed to up. If the time zone is configured, this field is in the YYYY/MM/DD HH:MM:SS zone-name±HH:MM:SS format, where the zone-name argument is the local time zone. A hyphen (-) indicates that the physical state of the interface has never changed.
Last time when physical state changed to down	Last time when the physical state of the interface changed to down. If the time zone is configured, this field is in the YYYY/MM/DD HH:MM:SS zone-name±HH:MM:SS format, where the zone-name argument is the local time zone. A hyphen (-) indicates that the physical state of the interface has never changed.
Peak input rate	Peak rate of inbound traffic in Bps, and the time when the peak inbound traffic rate occurred.
Peak output rate	Peak rate of outbound traffic in Bps, and the time when the peak outbound traffic rate occurred.
Last interval seconds input: 0 packets/sec 0 bytes/sec 0% Last interval seconds output: 0 packets/sec 0 bytes/sec 0%	Average inbound or outbound traffic rate (in pps and Bps) in the last statistics polling interval, and the ratio of the actual rate to the interface bandwidth. A hyphen (-) indicates that the statistical item is not supported.
Input (total): 0 packets, 0 bytes 0 unicasts, 0 broadcasts, 0 multicasts, 0 pauses	The two fields on the first line represent the inbound traffic statistics (in packets and bytes) for the interface. All inbound normal packets, abnormal packets, and normal pause frames were counted. The four fields on the second line represent: · Number of inbound unicast packets. · Number of inbound broadcasts. · Number of inbound multicasts. · Number of inbound pause frames. A hyphen (-) indicates that the statistical item is not supported.
Input (normal): 0 packets, - bytes - unicasts, - broadcasts, - multicasts, 0 pauses	The two fields on the first line represent the inbound normal traffic and pause frame statistics (in packets and bytes) for the interface. The four fields on the second line represent: · Number of inbound normal unicast packets. · Number of inbound normal broadcasts. · Number of inbound normal multicasts. · Number of inbound normal pause frames. A hyphen (-) indicates that the statistical item is not supported.
input errors	Statistics of incoming error packets.
runts	Number of inbound frames meeting the following conditions: · Shorter than 64 bytes. · In correct format. · Containing valid CRCs.
giants	Number of inbound giants. Giants refer to frames larger than the maximum frame length supported on the interface. For an Ethernet interface that does not permit jumbo frames, the maximum frame length is 1518 bytes. For an Ethernet interface that permits jumbo frames, the maximum Ethernet frame length is set when you configure jumbo frame support on the interface.
throttles	Number of inbound frames that had a non-integer number of bytes.
CRC	Total number of inbound frames that had a normal length, but contained CRC errors.
frame	Total number of inbound frames that contained CRC errors and a non-integer number of bytes.
overruns	Number of packets dropped because the input rate of the port exceeded the queuing capability.
aborts	Total number of illegal inbound packets: · Fragment frames—CRC error frames shorter than 64 bytes. The length (in bytes) can be an integral or non-integral value. · Jabber frames—CRC error frames greater than the maximum frame length supported on the Ethernet interface (with an integral or non-integral length). ¡ For an Ethernet interface that does not permit jumbo frames, the maximum frame length is 1518 bytes. ¡ For an Ethernet interface that permits jumbo frames, the maximum Ethernet frame length is set when you configure jumbo frame support on the interface. · Symbol error frames—Frames that contained a minimum of one undefined symbol. · Unknown operation code frames—Non-pause MAC control frames. · Length error frames—Frames whose 802.3 length fields did not match the actual frame length (46 to 1500 bytes).
ignored	Number of inbound frames dropped because the receiving buffer of the port ran low.
parity errors	Total number of frames with parity errors.
Output (total): 0 packets, 0 bytes 0 unicasts, 0 broadcasts, 0 multicasts, 0 pauses	The two fields on the first line represent the outbound traffic statistics (in packets and bytes) for the interface. All outbound normal packets, abnormal packets, and normal pause frames were counted. The four fields on the second line represent: · Number of outbound unicast packets. · Number of outbound broadcasts. · Number of outbound multicasts. · Number of outbound pause frames. A hyphen (-) indicates that the statistical item is not supported.
Output (normal): 0 packets, - bytes - unicasts, - broadcasts, - multicasts, 0 pauses	The two fields on the first line represent the outbound normal traffic and pause frame statistics (in packets and bytes) for the interface. The four fields on the second line represent: · Number of outbound normal unicast packets. · Number of outbound normal broadcasts. · Number of outbound normal multicasts. · Number of outbound normal pause frames. A hyphen (-) indicates that the statistical item is not supported.
output errors	Number of outbound packets with errors.
underruns	Number of packets dropped because the output rate of the interface exceeded the output queuing capability. This is a low-probability hardware anomaly.
buffer failures	Number of packets dropped because the transmitting buffer of the interface ran low.
aborts	Number of packets that failed to be transmitted, for example, because of Ethernet collisions.
deferred	Number of frames that the interface deferred to transmit because of detected collisions.
collisions	Number of frames that the interface stopped transmitting because Ethernet collisions were detected during transmission.
late collisions	Number of frames that the interface deferred to transmit after transmitting their first 512 bits because of detected collisions.
lost carrier	Number of carrier losses during transmission. This counter increases by one when a carrier is lost, and applies to serial WAN interfaces.
no carrier	Number of times that the port failed to detect the carrier when attempting to send frames. This counter increases by one when a port failed to detect the carrier, and applies to serial WAN interfaces.

# Display brief information about all interfaces.

<Sysname> display interface brief

Brief information on interfaces in route mode:

Link: ADM - administratively down; Stby - standby

Protocol: (s) - spoofing

Interface Link Protocol Primary IP Description

InLoop0 UP UP(s) --

MGE0/0/0 UP UP 192.168.1.113

NULL0 UP UP(s) --

XGE1/0/1 ADM DOWN 1.1.1.1

# Display information about interfaces in DOWN state and the causes.

<Sysname> display interface brief down

Brief information on interfaces in route mode:

Link: ADM - administratively down; Stby - standby

Interface Link Cause

XGE1/0/1 DOWN Not connected

Table 15 Command output

Field	Description
Brief information on interfaces in route mode:	Brief information about Layer 3 interfaces.
Interface	Interface name.
Link	Physical link state of the interface: · UP—The interface is physically up. · DOWN—The interface is physically down. · ADM—The interface has been shut down by using the shutdown command. To restore the physical state of the interface, use the undo shutdown command.
Protocol	Data link layer protocol state of the interface: · UP—The data link layer protocol of the interface is up. · DOWN—The data link layer protocol of the interface is down. · UP(s)—The data link layer protocol of the interface is up, but the link is an on-demand link or does not exist. The (s) attribute represents the spoofing flag. This value is typical of null interfaces and loopback interfaces.
Primary IP	Primary IP address of the interface. This field displays two hyphens (--) if the interface does not have an IP address.
Description	Description of the interface.
Cause	Cause for the physical link state of an interface to be DOWN: · Administratively—The interface has been manually shut down by using the shutdown command. To restore the physical state of the interface, use the undo shutdown command. · Not connected—No physical connection exists (for example, the network cable is disconnected or faulty, or no forwarding related configuration exists). · Storm-Constrain—The storm control feature has detected that unknown unicast traffic, multicast traffic, or broadcast traffic exceeded the upper threshold.

display interface counter status

Use display interface counter status to display the status of the traffic statistics collection feature on each interface.

NOTE:

This command is supported only in R6712P02 and later versions.

Syntax

display interface counter status

Views

Any view

Predefined user roles

network-admin

network-operator

Examples

# Display the status of the traffic statistics collection feature on each interface.

<Sysname> display interface counter status

Counter resources total: 13 Resource allocate: 1

Interface Status Resource allocate

XGE1/0/1 Enabled Yes

XGE1/0/2 Enabled No

Table 16 Command output

Field	Description
Counter resources total: 13 Resource allocate: 1	The total number of statistics resources and the number of statistics resources that have been occupied.
Status	Indicates whether traffic statistics collection is enabled.
Resource allocate	Indicates whether the interface occupies statistics resources.

display packet-drop

Use display packet-drop to display information about packets dropped on an interface.

NOTE:

This command is supported only in R6712P03 and later versions.

Syntax

display packet-drop { interface [ interface-type [ interface-number ] ] | summary }

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

interface-type: Specifies an interface type. If you do not specify an interface type, this command displays information about dropped packets on all interfaces on the device.

interface-number: Specifies an interface number. If you do not specify an interface number, this command displays information about dropped packets on all interfaces of the specified type.

summary: Displays the summary of dropped packets on all interfaces.

Examples

# Display information about dropped packets on Ten-GigabitEthernet 1/0/1.

<Sysname> display packet-drop interface ten-gigabitethernet 1/0/1

Ten-GigabitEthernet1/0/1:

Packets dropped due to insufficient data buffer: 11758878

Packets dropped due to Acl Filter: 73351548

Packets dropped due to Mirror: 162764420

# Display the summary of dropped packets on all interfaces.

<Sysname> display packet-drop summary

All interfaces:

Packets dropped due to insufficient data buffer: 11758878

Packets dropped due to Acl Filter: 738751750

Packets dropped due to Mirror: 166391290

Table 17 Command output

Field	Description
Packets dropped due to insufficient data buffer. :0	Number of packets dropped due to insufficient data buffer.
Packets dropped due to Acl Filter	Number of packets dropped due to packet filtering.
Packets dropped due to Mirror	Number of packets dropped due to insufficient data buffer of the mirroring source interfaces.

‌

display packet-filter

Use display packet-filter to display ACL application information for packet filtering.

NOTE:

This command is supported only in R6712P03 and later versions.

Syntax

display packet-filter { global | interface [ interface-type interface-number ] } [ outbound ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

global: Specifies all physical interfaces.

interface [ interface-type interface-number ]: Specifies an interface by its type and number. If you do not specify an interface, this command displays ACL application information for packet filtering on all interfaces.

outbound: Specifies the outbound direction.

Examples

# Display ACL application information for outbound packet filtering on interface Ten-GigabitEthernet 1/0/1.

<Sysname> display packet-filter interface ten-gigabitethernet 1/0/1 outbound

Interface: Ten-GigabitEthernet1/0/1

Outbound policy:

IPv4 ACL 3001

MAC ACL 4003

# Display ACL application information for outbound packet filtering on all physical interfaces.

<Sysname> display packet-filter global

Global:

Outbound policy:

IPv4 ACL 3001

IPv4 default action: Deny (Failed)

Table 18 Command output

Field	Description
Interface	Interface to which the ACL applies.
Global	ACL application for packet filtering on all physical interfaces.
IPv4 ACL 3001	Advanced IPv4 ACL 3001 has been successfully applied.
IPv4 default action	Packet filter default action for packets that do not match any IPv4 ACLs: · Deny—The default action deny has been successfully applied for packet filtering. · Deny (Failed)—The device has failed to apply the default action deny for packet filtering. The action permit still functions. · Permit—The default action permit has been successfully applied for packet filtering.

‌

display packet-filter verbose

Use display packet-filter verbose to display ACL application details for packet filtering.

NOTE:

This command is supported only in R6712P03 and later versions.

Syntax

display packet-filter verbose { global | interface interface-type interface-number } outbound [ { acl-number | name acl-name } ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

global: Specifies all physical interfaces.

interface interface-type interface-number: Specifies an interface by its type and number.

outbound: Specifies the outbound direction.

acl-number: Specifies an advanced ACL by its number, in the range of 3000 to 3999.

name acl-name: Specifies an ACL by its name. The acl-name argument is a case-insensitive string of 1 to 63 characters.

Usage guidelines

If acl-number or name acl-name is not specified, this command displays application details of all IPv4 ACLs for packet filtering.

Examples

# Display application details of all ACLs for outbound packet filtering on Ten-GigabitEthernet 1/0/1.

<Sysname> display packet-filter verbose interface ten-gigabitethernet 1/0/1 outbound

Interface: Ten-GigabitEthernet1/0/1

Outbound policy:

IPv4 ACL 3001

rule 0 permit

rule 5 permit source 1.1.1.1 0 (Failed)

IPv4 default action: Deny

Table 19 Command output

Field	Description
Interface	Interface to which the ACL applies.
Global	ACL application details for packet filtering on all physical interfaces.
Outbound policy	ACL used for filtering outgoing traffic.
IPv4 ACL 3001	IPv4 basic ACL 3001 has been successfully applied.
rule 5 permit source 1.1.1.1 0 (Failed)	The device has failed to apply rule 5.
IPv4 default action	Packet filter default action for packets that do not match any IPv4 ACLs: · Deny—The default action deny has been successfully applied for packet filtering. · Deny (Failed)—The device has failed to apply the default action deny for packet filtering. The action permit still functions. · Permit—The default action permit has been successfully applied for packet filtering.

‌

flow-interval

Use flow-interval to set the statistics polling interval.

Use undo flow-interval to restore the default.

Syntax

flow-interval interval

undo flow-interval

Default

The statistics polling interval is 300 seconds.

Views

Ethernet interface view

Predefined user roles

network-admin

Parameters

interval: Sets the statistics polling interval in the range of 5 to 300 seconds.

Examples

# Set the statistics polling interval to 100 seconds on Ten-GigabitEthernet 1/0/1.

<Sysname> system-view

[Sysname] interface ten-gigabitethernet 1/0/1

[Sysname-Ten-GigabitEthernet1/0/1] flow-interval 100

packet-filter (interface view)

Use packet-filter to apply an ACL to an interface to filter packets.

Use undo packet-filter to remove an ACL from an interface.

NOTE:

This command is supported only in R6712P03 and later.

Syntax

packet-filter { acl-number | name acl-name } outbound

undo packet-filter { acl-number | name acl-name } outbound

Default

No ACL is applied to an interface to filter packets.

Views

Interface view

Predefined user roles

network-admin

Parameters

acl-number: Specifies an advanced ACL by its number in the range of 3000 to 3999.

name acl-name: Specifies an advanced ACL by its name. The acl-name argument is a case-insensitive string of 1 to 63 characters.

outbound: Filters outgoing packets.

Usage guidelines

If you use the acl-number argument to specify an ACL, to specify an IPv4 ACL, use the acl-number argument directly.

If you use the name acl-name option to specify an ACL, to specify an IPv4 ACL, use the name acl-name option.

When you reference an ACL, if the ACL does not exist or contains no rules, it does not take effect.

To the outbound direction of an interface, you can apply a maximum of four ACLs.

If you apply packet filters both globally and to an interface, the packet filter on the interface takes priority. If no configuration is applied to an interface, the global configuration will be used.

This feature and traffic filtering are mutually exclusive on the device.

Examples

# Apply IPv4 advanced ACL 3001 to filter outgoing traffic on Ten-GigabitEthernet 1/0/1s.

<Sysname> system-view

[Sysname] interface ten-gigabitethernet 1/0/1

[Sysname-Ten-GigabitEthernet1/0/1] undo shutdown

[Sysname-Ten-GigabitEthernet1/0/1] packet-filter 3001 outbound

Related commands

display packet-filter

display packet-filter verbose

packet-filter global

Use packet-filter global to apply an ACL to filter packets globally.

Use undo packet-filter global to remove an ACL for global packet filtering.

NOTE:

This command is supported only in R6712P03 and later.

Syntax

packet-filter { acl-number | name acl-name } outbound

undo packet-filter { acl-number | name acl-name } outbound

Default

No ACL is applied to filter packets globally.

Views

System view

Predefined user roles

network-admin

Parameters

acl-number: Specifies an advanced ACL by its number in the range of 3000 to 3999.

name acl-name: Specifies an advanced ACL by its name. The acl-name argument is a case-insensitive string of 1 to 63 characters.

global: Specifies all physical interfaces.

outbound: Filters outgoing packets.

Usage guidelines

If you use the acl-number argument to specify an ACL, to specify an IPv4 ACL, use the acl-number argument directly.

If you use the name acl-name option to specify an ACL, to specify an IPv4 ACL, use the name acl-name option.

When you reference an ACL, if the ACL does not exist or contains no rules, it does not take effect.

An ACL supports matching only the 5-tuple (source IP, destination IP, source port, destination port, and protocol type).

This feature and traffic filtering are mutually exclusive on the device.

Examples

# Apply IPv4 advanced ACL 3001 to filter outgoing traffic on all physical interfaces.

<Sysname> system-view

[Sysname] packet-filter 3001 global outbound

Related commands

display packet-filter

display packet-filter verbose

shutdown

Use shutdown to shut down an Ethernet interface.

Use undo shutdown to bring up an Ethernet interface.

Syntax

shutdown

undo shutdown

Default

By default, an Ethernet interface is down.

Views

Ethernet interface view

Predefined user roles

network-admin

Usage guidelines

CAUTION:

Executing the shutdown command on an interface will disconnect the link of the interface and interrupt communication. Use this command with caution.

In some scenarios (such as editing the interface operating parameters), the interface modifications cannot take effect immediately. You must shut down and then bring up the interface for the modifications to take effect.

Examples

# Shut down and then bring up Ethernet interface Ten-GigabitEthernet1/0/1.

<Sysname> system-view

[Sysname] interface ten-gigabitethernet 1/0/1

[Sysname-Ten-GigabitEthernet1/0/1] shutdown

[Sysname-Ten-GigabitEthernet1/0/1] undo shutdown

H3C S6116 Ultra-Low Latency Switch Series Command References-Release 671x-6W101

Application scenarios

Operating mechanism

Restrictions and guidelines

Application scenarios

Operating mechanism

Restrictions and guidelines

mirroring-group monitor-port (system view)

display buffer usage interface

qos apply policy global

counter enable

Application scenarios

Restrictions and guidelines

display counters rate

packet-filter (interface view)

Intelligent Terminal Products

Product Support Services

Technical Service Solutions

Resource Center

Policy

Online Help

Become a Partner

Partner Policy & Program

Global Learning

Partner Sales Resources

Service Business

News & Events

Contact Us