Login
- Table of Contents
-
- 03-Security Command Reference
- 00-Preface
- 01-ARP attack protection commands
- 02-ASPF commands
- 03-IP-MAC binding commands
- 04-Keychain commands
- 05-ND attack defense commands
- 06-Password control commands
- 07-uRPF commands
- 08-Location identification commands
- 09-Security zone commands
- 10-User identification commands
- 11-MAC learning through a Layer 3 device commands
- 12-Security policy commands
- 13-Microsegmentation commands
- 14-IP-SGT mapping commands
- 15-SMS commands
- 16-Trusted access control commands
- 17-Application account auditing commands
- 18-Terminal identification commands
- 19-IPoE commands
- 20-SSL commands
- 21-Flow manager commands
- 22-Object group commands
- 23-IP source guard commands
- 24-Server connection detection commands
- 25-Session management commands
- 26-DDoS protection commands
- 27-PKI commands
- 28-Crypto engine commands
- 29-AAA commands
- 30-Portal commands
- 31-IPsec commands
- 32-Public key management commands
- 33-Attack detection and prevention commands
- 34-Connection limit commands
- 35-SSH commands
- 36-SDP zero trust commands
- 37-APR commands
- 38-Overbilling prevention commands
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 08-Location identification commands | 112.84 KB |
Location identification commands
description (location group view)
display geo-location signature library
geo-location signature auto-update
Location identification commands
add geo-location
Use add geo-location to add a location to a location group.
Use undo add geo-location to remove a location from a location group.
Syntax
add geo-location geo-location-name
undo add geo-location [ geo-location-name ]
Default
A location group does not contain any locations.
Views
Location group view
Predefined user roles
network-admin
context-admin
Parameters
geo-location-name: Specifies a location by its name, a case-insensitive string of 1 to 63 characters. The location name cannot contain hyphens (-). If you do not specify this argument when executing the undo add geo-location command, the command removes all locations from the location group.
Examples
# Add location beijing to location group region1.
<Sysname> system-view
[Sysname] geo-location-group region1
[Sysname-geo-location-group-region1] add geo-location beijing
add geo-location-group
Use add geo-location-group to add a location group to a location group.
Use undo add geo-location-group to remove a location group from a location group.
Syntax
add geo-location-group geo-location-group-name
undo add geo-location-group [ geo-location-group-name ]
Default
A location group does not contain any location groups.
Views
Location group view
Predefined user roles
network-admin
context-admin
Parameters
geo-location-group-name: Specifies a location group by its name, a case-insensitive string of 1 to 63 characters. The location group name cannot contain hyphens (-). If you do not specify this argument when executing the undo add geo-location-group command, the command removes all location groups from the location group.
Usage guidelines
Two location groups cannot contain each other at the same time.
The system supports a maximum of three location group hierarchy layers. For example, if groups 1 and 2 are members of groups 2 and 3, respectively, group 3 cannot have members and group 1 cannot be members of another group.
Examples
# Add location group region2 to location group region1.
<Sysname> system-view
[Sysname] geo-location-group region1
[Sysname-geo-location-group-region1] add geo-location-group region2
coordinate
Use coordinate to specify the longitude and latitude of a location.
Use undo coordinate to restore the default.
Syntax
coordinate longitude longitude-value latitude latitude-value
undo coordinate
Default
The longitude and latitude are not specified.
Views
User-defined location view
Predefined user roles
network-admin
context-admin
Parameters
longitude longitude-value: Specifies the longitude in the range of –180 to 180 degrees. Values east of Prime Meridian are positive and values west of Prime Meridian are negative.
latitude latitude-value: Specifies the latitude in the range of –90 to 90 degrees. Values north of the Equator are positive, and values south of the Equator are negative.
Usage guidelines
The longitude and latitude can be specified only for a user-defined location. The longitude and latitude of a predefined location are fixed and cannot be modified.
Examples
# Specify the longitude and latitude as 116 and 39 for location haidian.
<Sysname> system-view
[Sysname] geo-location user-defined haidian
[Sysname-user-defined-location-haidian] coordinate longitude 116 latitude 39
Related commands
display geo-location
description (location group view)
Use description to configure a description for a location group.
Use undo description to restore the default.
Syntax
description text
undo description
Default
A location group does not have a description.
Views
Location group view
Predefined user roles
network-admin
context-admin
Parameters
text: Specifies a description, a case-sensitive string of 1 to 127 characters.
Examples
# Configure the description as definedLocation for location group reg1.
<Sysname> system-view
[Sysname] geo-location-group reg1
[Sysname-geo-location-group-reg1] description definedLocation
Related commands
display geo-location-group
description (location view)
Use description to configure a description for a location.
Use undo description to restore the default.
Syntax
description text
undo description
Default
A location does not have a description.
Views
Location view
Predefined user roles
network-admin
context-admin
Parameters
text: Specifies a description, a case-sensitive string of 1 to 127 characters.
Examples
# Configure the description as definedLocation for user-defined location haidian.
<Sysname> system-view
[Sysname] geo-location user-defined haidian
[Sysname-user-defined-location-haidian] description definedLocation
# Configure the description as preDefinedLocation for predefined location beijing.
<Sysname> system-view
[Sysname] geo-location pre-defined beijing
[Sysname-pre-defined-location-beijing] description preDefinedLocation
# Configure the description as unknownLocation for the unknown location.
<Sysname> system-view
[Sysname] geo-location unknown
[Sysname-unknown-location] description unknownLocation
Related commands
display geo-location
display geo-location
Use display geo-location to display information about locations.
Syntax
display geo-location { all | type { pre-defined | unknown | user-defined } | name geo-location-name }
Views
Any view
Predefined user roles
network-admin
network-operator
context-admin
context-operator
Parameters
all: Specifies all locations.
type: Specifies a location type.
pre-defined: Specifies predefined locations.
unknown: Specifies the unknown location.
user-defined: Specifies user-defined locations.
name geo-location-name: Specifies a location by its name, a case-insensitive string of 1 to 63 characters.
Examples
# Display information about all locations.
<Sysname> display geo-location all
Geo location name: beijing
Type: Pre-defined
Description:
Coordinate <Longitude, Latitude>: <45.00, 50.00>
IP addresses: 5
Geo location name: unknown
Type: Unknown
Description:
IP addresses: 1
Geo location name: city1
Type: User-defined
Description:
Coordinate <Longitude, Latitude>: <45.00, 50.00>
IP addresses: 1
# Display information about all predefined locations.
<Sysname> display geo-location type pre-defined
Geo location name: beijing
Type: Pre-defined
Description:
Coordinate <Longitude, Latitude>: <45.00, 50.00>
User-defined IP addresses: 5
1.2.3.0/32
1.2.3.4/32
3.3.3.6/32
192.168.6.131/32
192.168.195.0/24
# Display information about all location beijing.
<Sysname> display geo-location name beijing
Geo location name: beijing
Type: Pre-defined
Description:
Coordinate <Longitude, Latitude>: <45.00, 50.00>
User-defined IP addresses: 5
1.2.3.0/32
1.2.3.4/32
3.3.3.6/32
192.168.6.131/32
192.168.195.0/24
Pre-defined IP addresses: 1
14.0.0.1/24
display geo-location ip
Use display geo-location ip to display the location to which an IPv4 address belongs.
Syntax
display geo-location ip ip-address
Views
Any view
Predefined user roles
network-admin
network-operator
context-admin
context-operator
Parameters
ip-address: Specifies an IPv4 address in dotted decimal notation.
Examples
# Display the location to which IP address 1.2.2.1 belongs.
<Sysname> display geo-location ip 1.2.2.1
IP address Location
1.2.2.1 beijing
display geo-location-group
Use display geo-location-group to display information about location groups.
Syntax
display geo-location-group [ name geo-location-group-name ]
Views
Any view
Predefined user roles
network-admin
network-operator
context-admin
context-operator
Parameters
name geo-location-group-name: Specifies a location group by its name, a case-insensitive string of 1 to 63 characters. The location group name cannot contain hyphens (-). If you do not specify a location group, this command displays information about all location groups.
Examples
# Display information about all location groups.
<Sysname> display geo-location-group
Geo location group name: reg1
Description:
Geo location members:
beijing
shanghai
Geo location group members:
reg2
Geo location group name: reg2
Description:
Geo location members:
tianjin
# Display information about location group reg1.
<Sysname> display geo-location-group name reg1
Geo location group name: reg1
Description:
Geo location members:
beijing
shanghai
Geo location group members:
reg2
display geo-location signature library
Use display geo-location signature library to display location signature library information.
Syntax
display geo-location signature library
Views
Any view
Predefined user roles
network-admin
network-operator
context-admin
context-operator
Usage guidelines
After you update the location signature library, you can use this command to verify that the update is successful.
Examples
# Display location signature library information.
<Sysname> display geo-location signature library
Type Library version Release time Size
Current 1.0.6 Tue Jul 28 12:35:15 2020 560208
Factory - - -
Table 1 Command output
|
Field |
Description |
|
Type |
Version type of the location signature library: Current. Factory. |
|
SigVersion |
Version of the location signature library. |
|
ReleaseTime |
Release time of the location signature library. |
|
Size |
Size of the APR signature library, in bytes. |
geo-load
Use geo-load to load a location signature file.
Syntax
geo-load file-name
Views
System view
Predefined user roles
network-admin
Parameters
file-name: Specifies a location signature file by its name, a case-sensitive string of 1 to 255 characters
Usage guidelines
A location signature file is loaded by default. To update the location signature library, copy the latest signature file to the local root directory and load it.
Examples
# Load location signature file location.tar.gz.
<Sysname> system-view
[Sysname] geo-load location.tar.gz
geo-location signature auto-update
Use geo-location signature auto-update to enable the automatic update feature and enter auto-update configuration view.
Use undo geo-location signature auto-update to restore the default.
Syntax
geo-location signature auto-update
undo geo-location signature auto-update
Default
The automatic update feature is disabled.
Views
System view
Predefined user roles
network-admin
context-admin
Usage guidelines
By default, the predefined location signature library is loaded. To perform an automatic update, make sure the device can access the signature library services on the official website.
Examples
# Enable the automatic update feature and enter auto-update configuration view.
<Sysname> system-view
[Sysname] geo-location signature auto-update
[Sysname-geo-autoupdate]
geo-location signature auto-update-now
Use geo-location signature auto-update to trigger an immediate location signature library update.
Syntax
geo-location signature auto-update-now
Views
System view
Predefined user roles
network-admin
context-admin
Usage guidelines
By default, the predefined location signature library is loaded. To perform an immediate update, make sure the device can access the signature on the official website.
Examples
# Trigger an immediate location signature update.
<Sysname> system-view
[Sysname] geo-location signature auto-update-now
geo-location
Use geo-location to enter the view of the unknown location or a predefined location, create a user-defined location and enter its view, or enter the view of an existing user-defined location.
Use undo geo-location to delete a user-defined location.
Syntax
geo-location { unknown | { pre-defined | user-defined } geo-location-name }
undo geo-location user-defined geo-location-name
Views
System view
Predefined user roles
network-admin
context-admin
Parameters
unknown: Specifies the unknown location.
pre-defined: Specifies a predefined location.
user-defined: Specifies a user-defined location.
geo-location-name: Specifies a location by its name, a case-insensitive string of 1 to 63 characters. The location name cannot contain hyphens (-).
Usage guidelines
Locations include predefined locations, user-defined locations, and an unknown location. The name of a user-defined location cannot be the same as that of a predefined location.
Examples
# Enter the view of predefined location beijing.
<Sysname> system-view
[Sysname] geo-location pre-defined beijing
[Sysname-pre-defined-location-beijing]
# Create user-defined location haidian and enter its view.
<Sysname> system-view
[Sysname] geo-location user-defined haidian
[Sysname-user-defined-location-haidian]
# Enter the view of the unknown location.
<Sysname> system-view
[Sysname] geo-location unknown
[Sysname-unknown-location]
Related commands
display geo-location
geo-location-group
Use geo-location-group to create a location group and enter its view, or enter the view of an existing location group.
Use undo geo-location-group to delete a location group.
Syntax
geo-location-group geo-location-group-name
undo geo-location-group geo-location-group-name
Default
No location groups exist.
Views
System view
Predefined user roles
network-admin
context-admin
Parameters
geo-location-group-name: Specifies a location group by its name, a case-insensitive string of 1 to 63 characters. The location group name cannot contain hyphens (-).
Usage guidelines
A location group can contain locations and location groups as members.
Examples
# Create location group reg1 and enter its view.
<Sysname> system-view
[Sysname] geo-location-group reg1
[Sysname-geo-location-group-reg1]
Related commands
display geo-location-group
ip address
Use ip address to add IPv4 addresses to a location.
Use undo ip address to remove IPv4 addresses from a location.
Syntax
ip address { ip-address { mask-length | mask } | range ip-address1 ip-address2 }
undo ip address { ip-address { mask-length | mask } | range ip-address1 ip-address2 }
Default
Only predefined locations and the unknown location contain IPv4 addresses.
Views
Location view
Predefined user roles
network-admin
context-admin
Parameters
ip-address { mask-length | mask }: Specifies an IPv4 network segment. The mask-length argument specifies the mask length in the range of 1 to 32. The mask argument specifies the mask in dotted decimal notation.
range ip-address1 ip-address2: Specifies an IPv4 address range. The ip-address1 argument specifies the start address, and the ip-address2 argument specifies the end address.
Usage guidelines
The IPv4 addresses in different locations cannot be overlapping.
When manually added IPv4 addresses overlap with predefined IPv4 addresses, the predefined IPv4 addresses do not take effect.
The undo ip address command can only remove manually added IPv4 addresses.
Examples
# Add network segment 20.20.20.0/24 to user-defined location beijing.
<Sysname> system-view
[Sysname] geo-location pre-defined beijing
[Sysname-pre-defined-location-beijing] ip address 20.20.20.0 24
# Add network segment 20.20.20.0/255.255.255.0 to user-defined location beijing.
<Sysname> system-view
[Sysname] geo-location pre-defined beijing
[Sysname-pre-defined-location-beijing] ip address 20.20.20.0 255.255.255.0
# Add the address range with start address 20.20.20.255 and end address 20.20.20.0 to user-defined location beijing.
<Sysname> system-view
[Sysname] geo-location pre-defined beijing
[Sysname-pre-defined-location-beijing] ip address range 20.20.20.255 20.20.20.0
Related commands
display geo-location ip
update schedule
Use update schedule to set the update schedule for automatic update, including the update interval and update time.
Use undo update schedule to restore the default.
Syntax
update schedule { daily | weekly { mon | tue | wed | thu | fri | sat | sun } } start-time time tingle minutes
undo update schedule
Default
The update schedule is not configured.
Views
Auto-update configuration view
Predefined user roles
network-admin
context-admin
Parameters
daily: Specifies the daily update interval.
weekly: Specifies the weekly update interval. You can specify one day in a week for the update:
· mon: Specifies Monday.
· tue: Specifies Tuesday.
· wed: Specifies Wednesday.
· thu: Specifies Thursday.
· fri: Specifies Friday.
· sat: Specifies Saturday.
· sun: Specifies Sunday.
start-time time: Specifies the start time for the update, in the format of hh:mm:ss. The value range for the time argument is 00:00:00 to 23:59:59.
tingle minutes: Specifies the tolerance time in minutes. The value range for the minutes argument is 0 to 120 minutes. An automatic update will occur at a time point between the following time points:
· Start time minus half of the tolerance time.
· Start time plus half of the tolerance time.
For example, if the specified start time is 01:00:00 and the tolerance time is 60 minutes, the update starts during the period from 00:30:00 to 01:30:00.
Examples
# Configure the device to automatically update the location signature library at 06:00:00 every day with a tolerance time of 10 minutes.
<Sysname> system-view
[Sysname] geo-location signature auto-update
[Sysname-geo-autoupdate] update schedule weekly mon start-time 06:00:00 tingle 10