Login
- Table of Contents
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 01-VXLAN commands | 128.42 KB |
display l2vpn service-instance
selective-flooding mac-address
vxlan invalid-vlan-tag discard
vxlan tunnel mac-learning disable·
VXLAN commands
arp suppression enable
Use arp suppression enable to enable ARP flood suppression.
Use undo arp suppression enable to restore the default.
Syntax
arp suppression enable
undo arp suppression enable
Default
ARP flood suppression is disabled.
Views
VSI view
Predefined user roles
network-admin
mdc-admin
Usage guidelines
ARP flood suppression reduces ARP request broadcasts by enabling the VTEP to reply to ARP requests on behalf of VMs.
This feature snoops ARP packets to populate the ARP flood suppression table with local and remote MAC addresses. If an ARP request has a matching entry, the VTEP replies to the request on behalf of the VM. If no match is found, the VTEP floods the request to both local and remote sites.
Examples
# Enable ARP flood suppression for the VSI vsi1.
<Sysname> system-view
[Sysname] vsi vsi1
[Sysname-vsi-vsi1] arp suppression enable
Related commands
· display arp suppression vsi
· reset arp suppression vsi
description
Use description to configure a description for a VSI.
Use undo description to delete the description of a VSI.
Syntax
description text
undo description
Default
A VSI does not have a description.
Views
VSI view
Predefined user roles
network-admin
mdc-admin
Parameters
text: Specifies the VSI description, a case-sensitive string of 1 to 80 characters.
Examples
# Configure a description for the VSI vpn1.
<Sysname> system-view
[Sysname] vsi vpn1
[Sysname-vsi-vpn1] description vsi for vpn1
Related commands
display l2vpn vsi
display arp suppression vsi
Use display arp suppression vsi to display ARP flood suppression entries.
Syntax
In standalone mode:
display arp suppression vsi [ name vsi-name ] [ slot slot-number ] [ count ]
In IRF mode:
display arp suppression vsi [ name vsi-name ] [ chassis chassis-number slot slot-number ] [ count ]
Views
Any view
Predefined user roles
network-admin
network-operator
mdc-admin
mdc-operator
Parameters
name vsi-name: Specifies a VSI by its name. If you do not specify a VSI, this command displays entries for all VSIs.
slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays entries on the active MPU. (In standalone mode.)
chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the IRF member ID. The slot-number argument represents the slot number of the card. If you do not specify a card, this command displays entries on the global active MPU. (In IRF mode.)
count: Displays the number of ARP flood suppression entries that match the command.
Examples
# (In standalone mode.) Display the ARP flood suppression entries on the active MPU.
<Sysname> display arp suppression vsi
IP address MAC address Vsi Name Link ID Aging
1.1.1.2 000f-e201-0101 vsi1 0x70000 14
1.1.1.3 000f-e201-0202 vsi1 0x80000 18
1.1.1.4 000f-e201-0203 vsi2 0x90000 10
# (In standalone mode.) Display the number of ARP flood suppression entries on the active MPU.
<Sysname> display arp suppression vsi count
Total entries: 3
# (In IRF mode.) Display the ARP flood suppression entries on the global active MPU.
<Sysname> display arp suppression vsi
IP address MAC address Vsi Name Link ID Aging
1.1.1.2 000f-e201-0101 vsi1 0x70000 14
1.1.1.3 000f-e201-0202 vsi1 0x80000 18
1.1.1.4 000f-e201-0203 vsi2 0x90000 10
# (In IRF mode.) Display the number of ARP flood suppression entries on the global active MPU.
<Sysname> display arp suppression vsi count
Total entries: 3
Table 1 Command output
|
Field |
Description |
|
Link ID |
Link ID that uniquely identifies an AC or a VXLAN tunnel on a VSI. |
|
Aging |
Remaining lifetime (in minutes) of the ARP flood suppression entry. When the timer expires, the entry is deleted. |
Related commands
· arp suppression enable
· reset arp suppression vsi
display igmp host group
Use display igmp host group to display information about the multicast groups that contain IGMP host-enabled interfaces.
Syntax
display igmp host group [ group-address | interface interface-type interface-number ] [ verbose ]
Views
Any view
Predefined user roles
network-admin
network-operator
mdc-admin
mdc-operator
Parameters
group-address: Specifies a multicast group address in the range of 224.0.1.0 to 239.255.255.255. If you do not specify a multicast group, this command displays information about all multicast groups.
interface interface-type interface-number: Specifies an interface by its type and number. If you do not specify an interface, this command displays multicast group information for all interfaces.
verbose: Displays detailed multicast group information. If you do not specify this keyword, the command displays brief multicast group information.
Usage guidelines
For the VXLAN multicast source interface of a multicast-mode VXLAN to join its VXLAN multicast group, you must enable the IGMP host function on the interface. The VXLAN multicast source interface provides the source IP address for multicast VXLAN packets.
Use this command to verify the following information:
· Multicast group information for VXLANs.
· Group membership status of VXLAN multicast source interfaces.
Examples
# Display brief information about all multicast groups that contain IGMP host-enabled interfaces.
<Sysname> display igmp host group
IGMP host groups in total: 2
Vlan-interface10(1.1.1.20):
IGMP host groups in total: 2
Group address Member state Expires
225.1.1.1 Idle Off
225.1.1.2 Idle Off
# Display detailed information about all multicast groups that contain IGMP host-enabled interfaces.
<Sysname> display igmp host group verbose
Vlan-interface10(1.1.1.20):
IGMP host groups in total: 2
Group: 225.1.1.1
Group mode: Exclude
Member state: Idle
Expires: Off
Source list (sources in total: 0):
Group: 225.1.1.2
Group mode: Exclude
Member state: Idle
Expires: Off
Source list (sources in total: 0):
Table 2 Command output
|
Field |
Description |
|
IGMP host groups in total |
Total number of multicast groups that contain IGMP host-enabled interfaces. |
|
Vlan-interface10(1.1.1.20) |
Name and IP address of the IGMP host-enabled interface. |
|
IGMP host groups in total |
Total number of multicast groups on the interface. |
|
Group address/Group |
Address of the multicast group. |
|
Member state |
Member state: · Delay—The interface has joined the multicast group, and it has started the delay timer for sending IGMP reports. · Idle—The interface has joined the multicast group, but it has not started the delay timer for sending IGMP reports. The delay timer is not user configurable. |
|
Expires |
Remaining delay time for the interface to send an IGMP report. This field displays Off if the delay timer is disabled. |
|
Group mode |
Multicast source filtering mode: · Include. · Exclude. |
|
Source list |
Multicast sources of the multicast group. |
|
sources in total |
Total number of multicast sources. |
|
|
NOTE: For more information about the command output, see IGMP in IP Multicast Configuration Guide. |
Related commands
igmp host enable
display l2vpn mac-address
Use display l2vpn mac-address to display MAC address entries for VSIs.
Syntax
display l2vpn mac-address [ vsi vsi-name ] [ dynamic ] [ count ]
Views
Any view
Predefined user roles
network-admin
network-operator
mdc-admin
mdc-operator
Parameters
vsi vsi-name: Specifies a VSI name, a case-sensitive string of 1 to 31 characters. If you do not specify a VSI, this command displays MAC address entries for all VSIs.
dynamic: Specifies dynamic MAC address entries learned in the data plane. If you do not specify this keyword, the command displays all MAC address entries. The MAC address entries include dynamic remote- and local-MAC entries, OpenFlow remote-MAC entries, and manually added static remote-MAC entries. VXLAN does not support static local-MAC entries.
count: Displays the number of MAC address entries. If you do not specify this keyword, the command displays detailed information about MAC address entries.
Examples
# Display MAC address entries for all VSIs.
<Sysname> display l2vpn mac-address
MAC Address State VSI Name Link ID/Name Aging
0000-0000-000a Dynamic vpn1 1 Aging
0000-0000-000b Static vpn1 Tunnel10 NotAging
0000-0000-000c Dynamic vpn1 Tunnel60 Aging
0000-0000-000d Dynamic vpn1 Tunnel99 Aging
--- 4 mac address(es) found ---
# Display the total number of MAC address entries in all VSIs.
<Sysname> display l2vpn mac-address count
4 mac address(es) found
Table 3 Command output
|
Field |
Description |
|
State |
Entry state: · Dynamic—Local- or remote-MAC entry dynamically learned in the data plane. · Static—Static remote-MAC entry. · OpenFlow—Remote-MAC entry issued by a remote controller through OpenFlow. The Aging field displays Aging for dynamic entries and NotAging for static and OpenFlow entries. |
|
Link ID/Name |
For a local MAC address, this field displays the AC's link ID on the VSI. For a remote MAC address, this field displays the tunnel name. |
|
Aging |
Entry aging state: · Aging. · NotAging. |
Related commands
reset l2vpn mac-address
display l2vpn service-instance
Use display l2vpn service-instance to display information about Ethernet service instances.
Syntax
display l2vpn service-instance [ interface interface-type interface-number [ service-instance instance-id ] ] [ verbose ]
Views
Any view
Predefined user roles
network-admin
network-operator
mdc-admin
mdc-operator
Parameters
interface interface-type interface-number: Specifies a Layer 2 Ethernet interface or Layer 2 aggregate interface by its interface type and number. If you do not specify an interface, this command displays Ethernet service instance information for all Layer 2 Ethernet interfaces and Layer 2 aggregate interfaces.
service-instance instance-id: Specifies an Ethernet service instance by its ID in the range of 1 to 4096. If you do not specify an Ethernet service instance, this command displays information about all Ethernet service instances on the specified interface.
verbose: Displays detailed information about Ethernet service instances. If you do not specify this keyword, the command displays brief information about Ethernet service instances.
Examples
# Display brief information about all Ethernet service instances.
<Sysname> display l2vpn service-instance
Total number of service-instances: 4, 4 up, 0 down
Total number of ACs: 4, 4 up, 0 down
Interface SrvID Owner LinkID State Type
XGE1/0/3 1 vsi10 1 Up VSI
XGE1/0/3 2 vsi11 1 Up VSI
XGE1/0/3 3 vsi12 1 Up VSI
XGE1/0/3 4 vsi13 1 Up VSI
Table 4 Command output
|
Field |
Description |
|
Total number of ACs |
Total number of attachment circuits (ACs) and the number of ACs in each state (up or down). |
|
Interface |
Name of a Layer 2 Ethernet interface or Layer 2 aggregate interface. |
|
SrvID |
Ethernet service instance ID. |
|
Owner |
VSI name. This field is empty if an Ethernet service instance is not mapped to any VSI. |
|
LinkID |
Ethernet service instance's link ID on the VSI. |
|
State |
Ethernet service instance state: · Up. · Down. |
|
Type |
L2VPN type of the Ethernet service instance: · VSI. · VPWS. |
# Display detailed information about all Ethernet service instances on Ten-GigabitEthernet 1/0/3.
<Sysname> display l2vpn service-instance interface ten-gigabitethernet 1/0/3 verbose
Interface: XGE1/0/3
Service Instance: 1
Encapsulation : s-vid 16
VSI Name : vsi10
Link ID : 1
State : Up
Service Instance: 2
Encapsulation : s-vid 1016
only-tagged
VSI Name : vsi11
Link ID : 1
State : Up
Service Instance: 3
Encapsulation : s-vid 2000
c-vid 1001
VSI Name : vsi12
Link ID : 1
State : Up
Table 5 Command output
|
Field |
Description |
|
Interface |
Name of a Layer 2 Ethernet interface or Layer 2 aggregate interface. |
|
Service Instance |
Ethernet service instance ID. |
|
Encapsulation |
Frame match criterion of the Ethernet service instance. If the Ethernet service instance does not contain a match criterion, the command does not display this field. |
|
Link ID |
Ethernet service instance's link ID on the VSI. |
|
State |
Ethernet service instance state: · Up. · Down. |
Related commands
service-instance
display l2vpn vsi
Use display l2vpn vsi to display information about VSIs.
Syntax
display l2vpn vsi [ name vsi-name ] [ verbose ]
Views
Any view
Predefined user roles
network-admin
network-operator
mdc-admin
mdc-operator
Parameters
name vsi-name: Specifies a VSI by its name, a case-sensitive string of 1 to 31 characters. If you do not specify a VSI, this command displays information about all VSIs.
verbose: Displays detailed information about VSIs. If you do not specify this keyword, the command displays brief information about VSIs.
Examples
# Display brief information about all VSIs.
<Sysname> display l2vpn vsi
Total number of VSIs: 1, 1 up, 0 down, 0 admin down
VSI Name VSI Index MTU State
vpna 0 1500 Up
# Display detailed information about all VSIs.
<Sysname> display l2vpn vsi verbose
VSI Name: vpnA
VSI Index : 1
VSI State : Down
MTU : 1500
Bandwidth : -
Broadcast Restrain : -
Multicast Restrain : -
Unknown Unicast Restrain: -
MAC Learning : Enabled
MAC Table Limit : -
Drop Unknown : -
Flooding : Enabled
VXLAN ID : 10
Tunnels:
Tunnel Name Link ID State Type Flooding proxy
Tunnel1 0x5000001 Down Manual Disabled
ACs:
AC Link ID State
XGE1/3/0/6 srv1000 0 Up
Table 6 Command output
|
Field |
Description |
|
VSI Description |
Description of the VSI. If the VSI does not have a description, the command does not display this field. |
|
VSI State |
VSI state: · Up—The VSI is up. A VSI is up only when its VXLAN has an up VXLAN tunnel and an up AC. · Down—The VSI is down. · Administratively down—The VSI has been manually shut down by using the shutdown command. |
|
MTU |
MTU on the VSI. |
|
Bandwidth |
Maximum bandwidth in kbps on the VSI. |
|
Broadcast Restrain |
Broadcast restraint ratio. |
|
Multicast Restrain |
Multicast restraint ratio. |
|
Unknown Unicast Restrain |
Unknown unicast restraint ratio. |
|
MAC Learning |
State of the MAC learning function. |
|
MAC Table Limit |
Maximum number of MAC address entries on the VSI. |
|
Drop Unknown |
Action on source MAC-unknown frames received after the maximum number of MAC entries is reached. |
|
Flooding |
State of the VSI's flooding function: · Enabled—Flooding is enabled on the VSI. The VTEP floods unknown unicast frames to both local and remote sites. · Disabled—Flooding is disabled on the VSI. The VTEP floods unknown unicast frames only to local sites. |
|
State |
Tunnel state: · Up—The tunnel is operating correctly. · Defect—The tunnel interface is up, but BFD cannot detect the remote VTEP. · Down—The tunnel interface is down. |
|
Type |
Tunnel assignment method: · Auto—The tunnel was created automatically. For a multicast-mode VXLAN, the system automatically creates a multicast VXLAN tunnel to transmit flood traffic. · Manual—The tunnel was manually assigned to the VXLAN. |
|
Flooding proxy |
Flood proxy state. This field is not supported in the current software version. |
|
ACs |
ACs that are bound to the VSI. |
|
Link ID |
AC's link ID on the VSI. |
|
State |
AC state: · Up. · Down. |
display vxlan tunnel
Use display vxlan tunnel to display VXLAN tunnel information for VXLANs.
Syntax
display vxlan tunnel [ vxlan-id vxlan-id ]
Views
Any view
Predefined user roles
network-admin
network-operator
mdc-admin
mdc-operator
Parameters
vxlan-id: Specifies a VXLAN ID in the range of 0 to 16777215. If you do not specify a VXLAN, this command displays VXLAN tunnel information for all VXLANs.
Examples
# Display VXLAN tunnel information for all VXLANs.
<Sysname> display vxlan tunnel
Total number of VXLANs: 1
VXLAN ID: 10000, VSI name: vpna, Total tunnels: 1 (0 up, 1 down, 0 defect, 0 blocked)
Tunnel name Link ID State Type Flooding proxy
Tunnel1 0x5000001 Down Manual Disabled
Table 7 Command output
|
Field |
Description |
|
Link ID |
Tunnel's link ID in the VXLAN. |
|
State |
Tunnel state: · Up—The tunnel is operating correctly. · Defect—The tunnel interface is up, but BFD cannot detect the remote VTEP. · Down—The tunnel interface is down. |
|
Type |
Tunnel assignment method: · Auto—The tunnel was created automatically. For a multicast-mode VXLAN, the system automatically creates a multicast VXLAN tunnel to transmit flood traffic. · Manual—The tunnel was manually assigned to the VXLAN. |
|
Flooding proxy |
Flood proxy state. This field is not supported in the current software version. |
Related commands
· tunnel
· vxlan
encapsulation
Use encapsulation to configure a frame match criterion for an Ethernet service instance.
Use undo encapsulation to remove a frame match criterion from an Ethernet service instance.
Syntax
encapsulation s-vid vlan-id [ only-tagged ]
encapsulation s-vid vlan-id c-vid vlan-id
encapsulation { default | tagged | untagged }
undo encapsulation
Default
An Ethernet service instance does not contain a frame match criterion.
Views
Ethernet service instance view
Predefined user roles
network-admin
mdc-admin
Parameters
s-vid vlan-id: Matches frames that are tagged with the specified outer 802.1Q VLAN ID. The value range is 1 to 4094. If the outer 802.1Q VLAN is not the PVID, the matching result does not differ, whether or not you specify the only-tagged keyword. If the outer 802.1Q VLAN is the PVID, the matching result depends on whether or not the only-tagged keyword is specified.
only-tagged: Matches only PVID-tagged frames. To match both untagged frames and PVID-tagged frames, do not specify this keyword.
s-vid vlan-id c-vid vlan-id: Matches frames that are tagged with the specified outer and inner 802.1Q VLAN IDs. The vlan-id argument specifies an 802.1Q VLAN ID in the range of 1 to 4094.
default: Matches frames that do not match any other Ethernet service instance on the interface. On an interface, you can configure this criterion only in one Ethernet service instance. The Ethernet service instance matches any frames if it is the only instance on the interface.
tagged: Matches any frames that have an 802.1Q VLAN tag.
untagged: Matches any frames that do not have an 802.1Q VLAN tag.
Usage guidelines
The match criterion in each Ethernet service instance must be unique on an interface. For example, you cannot configure the encapsulation tagged command in one Ethernet service instance if another Ethernet service instance already contains this command. You cannot use the encapsulation s-vid vlan-id command to specify the same 802.1Q VLAN ID for any two Ethernet service instances on the interface.
An Ethernet service instance can contain only one match criterion. To change the match criterion, you must remove the original criterion first. When you remove the match criterion in an Ethernet service instance, the mapping between the service instance and the VSI is removed automatically.
To match frames from a VLAN correctly, make sure you have created the VLAN and assigned the interface to the VLAN.
If you set the match criterion to default or tagged, you must specify the Ethernet access mode when you configure the xconnect vsi command.
To match untagged frames when the VLAN access mode is used, you must use the encapsulation untagged command.
For more information about outer and inner 802.1Q VLAN IDs, see QinQ in Layer 2—LAN Switching Configuration Guide.
Examples
# Configure Ethernet service instance 1 on Ten-GigabitEthernet 1/0/1 to match frames that have an outer 802.1Q VLAN ID of 111 and an inner 802.1Q VLAN ID of 20.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 1/0/1
[Sysname-Ten-GigabitEthernet1/0/1] service-instance 1
[Sysname-Ten-GigabitEthernet1/0/1-srv1] encapsulation s-vid 111 c-vid 20
Related commands
· display l2vpn service-instance
flooding disable
Use flooding disable to disable flooding for a VSI.
Use undo flooding disable to restore the default.
Syntax
flooding disable
undo flooding disable
Default
Flooding is enabled for a VSI.
Views
VSI view
Predefined user roles
network-admin
mdc-admin
Usage guidelines
By default, the device floods unknown unicast frames received from the local site to the following interfaces in the frame's VXLAN:
· All site-facing interfaces except for the incoming interface.
· All VXLAN tunnel interfaces.
To confine unknown unicast traffic to the site-facing interfaces, use this command to disable the flooding function for the VSI bound to the VXLAN. The VSI will not flood unknown unicast frames to VXLAN tunnel interfaces.
Examples
# Disable flooding for the VSI vsi1.
<Sysname> system-view
[Sysname] vsi vsi1
[Sysname-vsi-vsi1] flooding disable
group
Use group to assign a VXLAN a multicast group address for flood traffic, and specify a source IP address for multicast VXLAN packets.
Use undo group to restore the default.
Syntax
group group-address source source-address
undo group group-address source source-address
Default
A VXLAN uses unicast mode (head-end replication) for flood traffic. No multicast group address or source IP address is specified for multicast VXLAN packets.
Views
VXLAN view
Predefined user roles
network-admin
mdc-admin
Parameters
group-address: Specifies a multicast address in the range of 224.0.1.0 to 239.255.255.255.
source source-address: Specifies a source IP address for multicast VXLAN packets.
Usage guidelines
To reduce traffic sent to the transport network, use multicast mode if the network has dense flood traffic or many VTEPs.
For traffic to be forwarded correctly, you must use the source IP address of an up VXLAN tunnel as the source IP address for multicast VXLAN packets. If the VXLAN has multiple VXLAN tunnels, the tunnels must use the same source IP address.
For multicast-mode VXLANs, transport network devices must maintain multicast group and forwarding information. To reduce the multicast forwarding entries maintained by transport network devices, assign a multicast group address to multiple VXLANs. The VTEP separates traffic between VXLANs by VXLAN IDs.
|
|
NOTE: For VXLANs that use the same multicast group address, you must configure the same source IP address for their multicast VXLAN packets. |
If you execute the group command multiple times for a VXLAN, the most recent configuration takes effect.
Examples
<Sysname> system-view
[Sysname] vsi aaa
[Sysname-vsi-aaa] vxlan 100
[Sysname-vsi-aaa-vxlan-100] group 233.1.1.1 source 2.1.1.1
Related commands
igmp host enable
igmp host enable
Use igmp host enable to enable the IGMP host function on an interface.
Use undo igmp host enable to disable the IGMP host function on an interface.
Syntax
igmp host enable
undo igmp host enable
Default
The IGMP host function is disabled on an interface.
Views
Interface view
Predefined user roles
network-admin
mdc-admin
Usage guidelines
For this command to take effect, you must use the multicast routing command to enable IP multicast routing.
You must configure an interface as an IGMP host if its IP address is the source IP address of multicast VXLAN packets. The IGMP host function enables the interface to send IGMP reports in response to IGMP queries before it can receive traffic from a multicast group.
Examples
# Enable IP multicast routing, and then enable the IGMP host function on VLAN-interface 10.
<Sysname> system-view
[Sysname] multicast routing
[Sysname-mrib] quit
[Sysname] interface vlan-interface 10
[Sysname-Vlan-interface10] igmp host enable
Related commands
· display igmp host group
· group
· multicast routing (IP Multicast Command Reference)
l2vpn enable
Use l2vpn enable to enable L2VPN.
Use undo l2vpn enable to disable L2VPN.
Syntax
l2vpn enable
undo l2vpn enable
Default
L2VPN is disabled.
Views
System view
Predefined user roles
network-admin
mdc-admin
Usage guidelines
You must enable L2VPN before you can configure L2VPN settings.
Examples
# Enable L2VPN.
<Sysname> system-view
[Sysname] l2vpn enable
mac-address static
Use mac-address static to add a static remote-MAC address entry.
Use undo mac-address static to remove a static remote-MAC address entry.
Syntax
mac-address static mac-address interface tunnel tunnel-number vsi vsi-name
undo mac-address static [ mac-address ] [ interface tunnel tunnel-number ] vsi vsi-name
Default
VXLAN VSIs do not have static remote-MAC address entries.
Views
System view
Predefined user roles
network-admin
mdc-admin
Parameters
mac-address: Specifies a remote MAC address in H-H-H format. Do not specify a multicast MAC address or an all-zeros MAC address. You can omit the consecutive zeros at the beginning of each segment. For example, you can enter f-e2-1 for 000f-00e2-0001.
interface tunnel tunnel-number: Specifies the VXLAN tunnel interface for the remote MAC address. The tunnel-number argument represents the tunnel interface number. The tunnel interface must already exist.
vsi vsi-name: Specifies the VSI name, a case-sensitive string of 1 to 31 characters.
Usage guidelines
A remote MAC address is the MAC address of a VM in a remote site.
Remote MAC entries include the following types:
· Static—Manually added MAC entries.
· Dynamic—MAC entries learned in the data plane from incoming traffic on VXLAN tunnels.
· OpenFlow—MAC entries issued by a remote controller through OpenFlow.
For a remote address, the manual static entry has higher priority than the dynamic entry.
Examples
# Add the MAC address 000f-e201-0101 to the VSI vsi1. Specify Tunnel-interface 1 as the outgoing interface.
<Sysname> system-view
[Sysname] mac-address static 000f-e201-0101 interface tunnel 1 vsi vsi1
Related commands
vxlan tunnel mac-learning disable
mac-learning enable
Use mac-learning enable to enable MAC address learning for a VSI.
Use undo mac-learning enable to disable MAC address learning for a VSI.
|
|
NOTE: The device does not support disabling MAC address learning for a VXLAN VSI. The undo mac-learning enable command does not take effect. |
Syntax
mac-learning enable
undo mac-learning enable
Default
MAC address learning is enabled for a VSI.
Views
VSI view
Predefined user roles
network-admin
mdc-admin
Related commands
display l2vpn vsi
mtu
Use mtu to set the MTU for a VSI.
Use undo mtu to restore the default.
Syntax
mtu mtu
undo mtu
Default
The default MTU is 1500 bytes.
Views
VSI view
Predefined user roles
network-admin
mdc-admin
Parameters
mtu: Specifies an MTU value in the range of 300 to 65535.
Examples
# Set the MTU to 1400 bytes for the VSI vpn1.
<Sysname> system-view
[Sysname] vsi vpn1
[Sysname-vsi-vpn1] mtu 1400
Related commands
display l2vpn vsi
reserved vxlan
Use reserved vxlan to specify the reserved VXLAN.
Use undo reserved vxlan to restore the default.
Syntax
reserved vxlan vxlan-id
undo reserved vxlan
Default
No VXLAN has been reserved.
Views
System view
Predefined user roles
network-admin
Parameters
vxlan-id: Specifies a VXLAN ID in the range of 0 to 16777215.
Usage guidelines
If BFD is enabled on VXLAN tunnels, you must reserve a VXLAN for BFD sessions to come up.
You can specify only one reserved VXLAN on the VTEP. The reserved VXLAN cannot be the VXLAN created on any VSI.
Examples
# Specify VXLAN 10000 as the reserved VXLAN.
<Sysname> system-view
[Sysname] reserved vxlan 10000
Related commands
tunnel bfd enable
reset arp suppression vsi
Use reset arp suppression vsi to clear ARP flood suppression entries on VSIs.
Syntax
reset arp suppression vsi [ name vsi-name ]
Views
User view
Predefined user roles
network-admin
mdc-admin
Parameters
name vsi-name: Specifies a VSI by its name, a case-sensitive string of 1 to 31 characters. If you do not specify a VSI, this command clears ARP flood suppression entries on all VSIs.
Examples
# Clear ARP flood suppression entries on all VSIs.
<Sysname> reset arp suppression vsi
This command will delete all entries. Continue? [Y/N]:y
Related commands
· arp suppression enable
· display arp suppression vsi
reset l2vpn mac-address
Use reset l2vpn mac-address to clear dynamic MAC address entries learned in the data plane on VSIs.
Syntax
reset l2vpn mac-address [ vsi vsi-name ]
Views
User view
Predefined user roles
network-admin
mdc-admin
Parameters
vsi vsi-name: Specifies a VSI by its name, a case-sensitive string of 1 to 31 characters. If you do not specify a VSI, this command clears all dynamic MAC address entries on all VSIs.
Usage guidelines
Use this command when the number of dynamic MAC address entries reaches the limit or the device learns incorrect MAC addresses.
Examples
# Clear the dynamic MAC address entries on the VSI vpn1.
<Sysname> reset l2vpn mac-address vsi vpn1
Related commands
display l2vpn mac-address vsi
selective-flooding mac-address
Use selective-flooding mac-address to enable selective flood for a MAC address.
Use undo selective-flooding mac-address to disable selective flood for a MAC address.
Syntax
selective-flooding mac-address mac-address
undo selective-flooding mac-address mac-address
Default
Selective flood is disabled for all MAC addresses.
Views
VSI view
Predefined user roles
network-admin
mdc-admin
Parameters
mac-address: Specifies a MAC address. The MAC address cannot be all Fs.
Usage guidelines
This command excludes a remote MAC address from the flood suppression done by using the flooding disable command. The VTEP will flood the frames destined for the specified MAC address to remote sites when unknown-unicast floods are confined to the local site.
Examples
# Enable selective flood for 000f-e201-0101 on the VSI vsi1.
<Sysname> system-view
[Sysname] vsi vsi1
[Sysname-vsi-vsi1] selective-flooding mac-address 000f-e201-0101
Related commands
flooding disable
service-instance
Use service-instance to create an Ethernet service instance and enter Ethernet service instance view.
Use undo service-instance to delete an Ethernet service instance.
Syntax
service-instance instance-id
undo service-instance instance-id
Default
No Ethernet service instances exist on an interface.
Views
Layer 2 Ethernet interface view, Layer 2 aggregate interface view
Predefined user roles
network-admin
mdc-admin
Parameters
instance-id: Specifies an Ethernet service instance ID in the range of 1 to 4096.
Examples
# On the Layer 2 Ethernet interface Ten-GigabitEthernet 1/0/1, create Ethernet service instance 1 and enter Ethernet service instance view.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 1/0/1
[Sysname-Ten-GigabitEthernet1/0/1] service-instance 1
[Sysname-Ten-GigabitEthernet1/0/1-srv1]
Related commands
display l2vpn service-instance
shutdown
Use shutdown to shut down a VSI.
Use undo shutdown to restore the default.
Syntax
shutdown
undo shutdown
Default
VSIs are up.
Views
VSI view
Predefined user roles
network-admin
mdc-admin
Usage guidelines
Use this command to temporarily disable a VSI to provide Layer 2 switching services. The shutdown action does not change settings on the VSI. You can continue to configure the VSI. After you bring up the VSI again, the VSI provides services based on the latest settings.
Examples
# Shut down the VSI vpn1.
<Sysname> system-view
[Sysname] vsi vpn1
[Sysname-vsi-vpn1] shutdown
Related commands
display l2vpn vsi
tunnel
Use tunnel to assign VXLAN tunnels to a VXLAN.
Use undo tunnel to remove VXLAN tunnels from a VXLAN.
Syntax
tunnel { tunnel-number | all }
undo tunnel { tunnel-number | all }
Default
A VXLAN does not contain VXLAN tunnels.
Views
VXLAN view
Predefined user roles
network-admin
mdc-admin
Parameters
tunnel-number: Specifies a tunnel number in the range of 1 to 511. The tunnel must be a VXLAN tunnel.
all: Specifies all VXLAN tunnels.
Usage guidelines
This command assigns a VXLAN tunnel to a VXLAN to provide Layer 2 connectivity for the VXLAN between two sites.
You can assign multiple VXLAN tunnels to a VXLAN, and configure a VXLAN tunnel to trunk multiple VXLANs. For a unicast-mode VXLAN, the system floods unknown unicast, multicast, and broadcast traffic to each tunnel in the VXLAN.
If you use the tunnel all command to assign all VXLAN tunnels to a VXLAN, you cannot remove a single VXLAN tunnel from the VXLAN. You must remove all the VXLAN tunnels by using the undo tunnel all command.
Examples
# Assign VXLAN tunnel 1 to VXLAN 10000.
<Sysname> system
[Sysname] vsi vpna
[Sysname-vsi-vpna] vxlan 10000
[Sysname-vsi-vpna-vxlan-10000] tunnel 1
Related commands
display vxlan tunnel
tunnel bfd enable
Use tunnel bfd enable to enable BFD on a VXLAN tunnel interface.
Use undo tunnel bfd enable to restore the default.
Syntax
tunnel bfd enable destination-mac mac-address
undo tunnel bfd enable
Default
BFD is disabled on a VXLAN tunnel interface.
Views
VXLAN tunnel interface view
Predefined user roles
network-admin
mdc-admin
Parameters
destination-mac mac-address: Specifies a destination MAC address in H-H-H format for BFD control packets. The MAC address can be a remote VTEP address or a multicast address. You can omit the consecutive zeros at the beginning of each segment. For example, you can enter f-e2-1 for 000f-00e2-0001.
Usage guidelines
Enable BFD on both ends of a VXLAN tunnel for quick link connectivity detection. For BFD sessions to come up, you must also reserve a VXLAN by using the reserved vxlan command. The VTEPs periodically send BFD single-hop control packets to each other through the VXLAN tunnel. A VTEP sets the tunnel state to Defect if it has not received control packets from the remote end for 5 seconds. In this situation, the tunnel interface state is still Up. The tunnel state will change from Defect to Up if the VTEP can receive BFD control packets again.
Examples
# Specify VXLAN 10000 as the reserved VXLAN. Enable BFD on the VXLAN tunnel interface Tunnel 9, and specify 1-1-1 as the destination MAC address for BFD control packets.
<Sysname> system-view
[Sysname] reserved vxlan 10000
[Sysname] interface tunnel 9 mode vxlan
[Sysname-Tunnel9] tunnel bfd enable destination-mac 1-1-1
Related commands
reserved vxlan
tunnel global source-address
Use tunnel global source-address to specify a global source address for VXLAN tunnels.
Use undo tunnel global source-address to restore the default.
Syntax
tunnel global source-address ip-address
undo tunnel global source-address
Default
No global source address is specified for VXLAN tunnels.
Views
System view
Predefined user roles
network-admin
mdc-admin
Parameters
ip-address: Specifies an IP address.
Usage guidelines
A VXLAN tunnel uses the global source address if you do not specify a source interface or source address for the tunnel.
The global source address takes effect only on VXLAN tunnels.
Examples
# Specify 1.1.1.1 as the global source address for VXLAN tunnels.
<Sysname> system-view
[Sysname] tunnel global source-address 1.1.1.1
vsi
Use vsi to create a VSI and enter VSI view.
Use undo vsi to delete a VSI.
Syntax
vsi vsi-name
undo vsi vsi-name
Default
No VSIs are created on the device.
Views
System view
Predefined user roles
network-admin
mdc-admin
Parameters
vsi-name: Specifies a VSI name, a case-sensitive string of 1 to 31 characters.
Usage guidelines
A VSI acts as a virtual switch to provide Layer 2 switching services for a VXLAN on a VTEP. A VSI has all functions of a physical Ethernet switch, including source MAC address learning, MAC address aging, and flooding.
A VSI can provide services only for one VXLAN.
Examples
# Create VSI vxlan10 and enter VSI view.
<Sysname> system-view
[Sysname] vsi vxlan10
[Sysname-vsi-vxlan10]
Related commands
display l2vpn vsi
vxlan
Use vxlan to create a VXLAN and enter VXLAN view.
Use undo vxlan to delete a VXLAN.
Syntax
vxlan vxlan-id
undo vxlan
Default
No VXLANs are created on the device.
Views
VSI view
Predefined user roles
network-admin
mdc-admin
Parameters
vxlan-id: Specifies a VXLAN ID in the range of 0 to 16777215.
Usage guidelines
You can create only one VXLAN for a VSI. The VXLAN ID for each VSI must be unique.
Examples
# Create VXLAN 10000 for VSI vpna and enter VXLAN view.
<Sysname> system
[Sysname] vsi vpna
[Sysname-vsi-vpna] vxlan 10000
[Sysname-vsi-vpna-vxlan-10000]
Related commands
vsi
vxlan invalid-vlan-tag discard
Use vxlan invalid-vlan-tag discard to enable the device to drop the VXLAN packets that have 802.1Q VLAN tags in the inner Ethernet header.
Use undo vxlan invalid-vlan-tag discard to restore the default.
Syntax
vxlan invalid-vlan-tag discard
undo vxlan invalid-vlan-tag discard
Default
The device does not check whether a VXLAN packet has 802.1Q VLAN tags in the inner Ethernet header.
Views
System view
Predefined user roles
network-admin
mdc-admin
Usage guidelines
If a remote VTEP uses the Ethernet access mode, its VXLAN packets might contain 802.1Q VLAN tags. To prevent the local VTEP from dropping the VXLAN packets, do not execute the vxlan invalid-vlan-tag discard command on the local VTEP.
To configure the access mode, use the xconnect vsi command.
Examples
# Enable the device to drop VXLAN packets that have 802.1Q VLAN tags.
<Sysname> system-view
[Sysname] vxlan invalid-vlan-tag discard
Related commands
xconnect vsi
vxlan local-mac report
Use vxlan local-mac report to enable local-MAC change logging.
Use undo vxlan local-mac report to restore the default.
Syntax
vxlan local-mac report
undo vxlan local-mac report
Default
Local-MAC change logging is disabled.
Views
System view
Predefined user roles
network-admin
mdc-admin
Usage guidelines
Local-MAC change logging enables VXLAN to send a log message to the information center when a local MAC address is added or removed.
With the information center, you can set log message filtering and output rules, including output destinations. For more information about configuring the information center, see Network Management and Monitoring Configuration Guide.
Examples
# Enable local-MAC change logging.
<Sysname> system-view
[Sysname] vxlan local-mac report
vxlan tunnel mac-learning disable
Use vxlan tunnel mac-learning disable to disable remote-MAC address learning.
Use undo vxlan tunnel mac-learning disable to restore the default.
Syntax
vxlan tunnel mac-learning disable
undo vxlan tunnel mac-learning disable
Default
Remote-MAC address learning is enabled.
Views
System view
Predefined user roles
network-admin
mdc-admin
Usage guidelines
When network attacks occur, use this command to prevent the device from learning incorrect remote MAC addresses in the data plane.
Examples
# Disable remote-MAC address learning.
<Sysname> system-view
[Sysname] vxlan tunnel mac-learning disable
vxlan udp-port
Use vxlan udp-port to configure the destination UDP port number of VXLAN packets.
Use undo vxlan udp-port to restore the default.
Syntax
vxlan udp-port port-number
undo vxlan udp-port
Default
The destination UDP port number is 4789 for VXLAN packets.
Views
System view
Predefined user roles
network-admin
mdc-admin
Parameters
port-number: Specifies a UDP port number in the range of 1 to 65535. As a best practice, specify a port number in the range of 1024 to 65535 to avoid conflict with well-known ports.
Usage guidelines
You must configure the same destination UDP port number on all VTEPs in a VXLAN.
Examples
# Set the destination UDP port number to 6666 for VXLAN packets.
<Sysname> system-view
[Sysname] vxlan udp-port 6666
xconnect vsi
Use xconnect vsi to map an AC to a VSI.
Use undo xconnect vsi to remove the mapping between an AC and a VSI.
Syntax
xconnect vsi vsi-name [ access-mode { ethernet | vlan } ]
undo xconnect vsi
Default
An AC is not mapped to any VSI.
Views
Ethernet service instance view
Predefined user roles
network-admin
mdc-admin
Parameters
vsi-name: Specifies the VSI name, a case-sensitive string of 1 to 31 characters.
access-mode: Specifies an access mode. The default access mode is VLAN.
ethernet: Specifies the Ethernet access mode.
vlan: Specifies the VLAN access mode.
Usage guidelines
To use this command, you must first use the encapsulation command to add a traffic match criterion to the Ethernet service instance.
If you set the match criterion to default or tagged, you must specify the Ethernet access mode.
For traffic that matches the Ethernet service instance, the system uses the VSI's MAC address table to make a forwarding decision.
The access mode determines how a VTEP processes the 802.1Q VLAN tags in the inner Ethernet frames assigned to the VSI.
· VLAN access mode—Ethernet frames received from or sent to the local site must contain 802.1Q VLAN tags.
? For an Ethernet frame received from the local site, the VTEP removes all its 802.1Q VLAN tags before forwarding the frame.
? For an Ethernet frame destined for the local site, the VTEP adds 802.1Q VLAN tags to the frame before forwarding the frame.
In VLAN access mode, VXLAN packets sent between VXLAN sites do not contain 802.1Q VLAN tags. VXLAN can provide Layer 2 connectivity for different 802.1Q VLANs between sites. You can use different 802.1Q VLANs to provide the same service in different sites.
· Ethernet access mode—The VTEP does not process the 802.1Q VLAN tags of Ethernet frames received from or sent to the local site.
? For an Ethernet frame received from the local site, the VTEP forwards the frame with the 802.1Q VLAN tags intact.
? For an Ethernet frame destined for the local site, the VTEP forwards the frame without adding 802.1Q VLAN tags.
In Ethernet access mode, VXLAN packets sent between VXLAN sites contain 802.1Q VLAN tags. VXLAN cannot provide Layer 2 connectivity for different 802.1Q VLANs between sites. You must use the same 802.1Q VLAN to provide the same service between sites.
Examples
# On Ten-GigabitEthernet 1/0/1, configure Ethernet service instance 200 to match frames with an outer 802.1Q VLAN tag of 200, and map the instance to the VSI vpn1.
<Sysname> system-view
[Sysname] vsi vpn1
[Sysname-vsi-vpn1] quit
[Sysname] interface ten-gigabitethernet 1/0/1
[Sysname-Ten-GigabitEthernet1/0/1] service-instance 200
[Sysname-Ten-GigabitEthernet1/0/1-srv200] encapsulation s-vid 200
[Sysname-Ten-GigabitEthernet1/0/1-srv200] xconnect vsi vpn1
Related commands
· display l2vpn interface
· display l2vpn service-instance
· encapsulation
· vsi
