- Table of Contents
-
- 10-Security
- 00-Preface
- 01-AAA commands
- 02-802.1X commands
- 03-802.1X client commands
- 04-MAC authentication commands
- 05-Portal commands
- 06-User profile commands
- 07-Password control commands
- 08-Public key management commands
- 09-PKI commands
- 10-IPsec commands
- 11-SSH commands
- 12-SSL commands
- 13-Session management commands
- 14-Connection limit commands
- 15-Attack detection and prevention commands
- 16-IP source guard commands
- 17-ARP attack protection commands
- 18-ND attack defense commands
- 19-User isolation commands
- 20-ASPF commands
- Related Documents
-
Title | Size | Download |
---|---|---|
13-Session management commands | 144.68 KB |
display session aging-time state
display session relation-table
display session statistics ipv4
display session statistics ipv6
display session statistics multicast
display session table multicast ipv4
display session table multicast ipv6
reset session statistics multicast
reset session table multicast ipv4
reset session table multicast ipv6
session log { bytes-active | packets-active }
session state-machine mode loose
Session management commands
The following matrix shows the feature and hardware compatibility:
Hardware series |
Model |
Session management compatibility |
WX1800H series |
WX1804H WX1810H WX1820H |
Yes |
WX2500H series |
WX2510H WX2540H WX2560H |
Yes |
WX3000H series |
WX3010H WX3010H-L WX3010H-X WX3024H WX3024H-L |
Yes: · WX3010H · WX3010H-X · WX3024H No: · WX3010H-L · WX3024H-L |
WX3500H series |
WX3508H WX3510H WX3520H WX3540H |
Yes |
WX5500E series |
WX5510E WX5540E |
Yes |
WX5500H series |
WX5540H WX5560H WX5580H |
Yes |
Access controller modules |
EWPXM1MAC0F EWPXM1WCME0 EWPXM2WCMD0F LSQM1WCMX20 LSQM1WCMX40 LSUM1WCME0 LSUM1WCMX20RT LSUM1WCMX40RT |
Yes |
The WX1800H series, WX2500H series, and WX3000H series access controllers do not support the slot keyword or the slot-number argument.
display session aging-time state
Use display session aging-time stat to display the aging time for sessions in different protocol states.
Syntax
display session aging-time state
Views
Any view
Predefined user roles
network-admin
network-operator
Examples
# Display the aging time for sessions in different protocol states.
<Sysname> display session aging-time state
State Aging Time(s)
SYN 10
TCP-EST 3600
FIN 10
UDP-OPEN 10
UDP-READY 30
ICMP-REQUEST 30
ICMP-REPLY 10
RAWIP-OPEN 30
RAWIP-READY 60
UDPLITE-OPEN 30
UDPLITE-READY 60
DCCP-REQUEST 30
DCCP-EST 3600
DCCP-CLOSEREQ 30
SCTP-INIT 30
SCTP-EST 3600
SCTP-SHUTDOWN 30
ICMPV6-REQUEST 60
ICMPV6-REPLY 30
TCP-TIME-WAIT 2
TCP-CLOSE 2
Table 1 Command output
Field |
Description |
State |
Protocol state. |
Aging Time(s) |
Aging time in seconds. |
Related commands
session aging-time state
display session relation-table
Use display session relation-table to display relation entries.
Syntax
display session relation-table { ipv4 | ipv6 } [ slot slot-number ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
ipv4: Specifies IPv4 relation entries.
ipv6: Specifies IPv6 relation entries.
slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command displays relation entries for all member devices.
Examples
# Display all IPv4 relation entries.
<Sysname> display session relation-table ipv4
Slot 1:
Source IP/port: 192.168.1.100/-
Destination IP/port: 192.168.2.100/99
DS-Lite tunnel peer: -
VPN instance/VLAN ID/Inline ID: 1/-/-
Protocol: TCP(6) TTL: 1234s App: FTP-DATA
Source IP/port: -/-
Destination IP/port: 192.168.2.200/1212
DS-Lite tunnel peer: -
VPN instance/VLAN ID/Inline ID: -/-/-
Protocol: TCP(6) TTL: 3100s App: H225
Total entries found: 2
# Display all IPv6 relation entries.
<Sysname> display session relation-table ipv6
Slot 1:
Source IP: 2011::0002
Destination IP/port: 2011::0008/1212
DS-Lite tunnel peer: -
VPN instance/VLAN ID/Inline ID: -/-/-
Protocol: TCP(6) TTL: 567s App: FTP-DATA
Total entries found: 1
Table 2 Command output
Field |
Description |
Source IP/port |
Source IP address and port number of the session. If the IP or port number is not specified, this field displays a hyphen (-). For an IPv6 relation entry, the source port number is not displayed. |
Destination IP/port |
Destination IP address and port number of the session. |
DS-Lite tunnel peer |
Peer tunnel interface address of the DS-Lite tunnel to which the session belongs. If no peer tunnel interface address is specified, a hyphen (-) is displayed. The device does not support this field in the current software version. |
VPN instance/VLAN ID/Inline ID |
MPLS L3VPN to which the relation entry belongs. The device does not support the VPN instance field in the current software version. VLAN and INLINE to which the relation entry belongs during Layer 2 forwarding. If a parameter is not specified, a hyphen (-) is displayed for the proper field. |
Protocol |
Transport layer protocol. |
TTL |
Remaining lifetime of the relation entry, in seconds. |
App |
Application layer protocol. |
Total entries found |
Total number of found relation entries. |
display session statistics ipv4
Use display session statistics ipv4 to display IPv4 unicast session statistics.
Syntax
display session statistics ipv4 { source-ip source-ip | destination-ip destination-ip | protocol { dccp | icmp | raw-ip | sctp | tcp | udp | udp-lite } | source-port source-port | destination-port destination-port } * [ slot slot-number ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
source-ip source-ip: Specifies a source IPv4 address for a unicast session from the initiator to the responder.
destination-ip destination-ip: Specifies a destination IPv4 address for a unicast session from the initiator to the responder.
protocol { dccp | icmp | raw-ip | sctp | tcp | udp | udp-lite }: Specifies an IPv4 transport layer protocol, including DCCP, ICMP, RawIP, SCTP, TCP, UDP, and UDP-Lite.
source-port source-port: Specifies a source port by its number. The source-port argument specifies the source port of an IPv4 unicast session from the initiator to the responder. The value range for the source-port argument is 0 to 65535.
destination-port destination-port: Specifies a destination port by its number. The destination-port argument specifies the destination port of an IPv6 unicast session from the initiator to the responder. The value range for the destination-port argument is 0 to 65535.
slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command displays IPv4 unicast session statistics for all member devices.
Examples
# Display statistics for unicast sessions from IP address 111.15.111.66.
<Sysname> display session statistics ipv4 source-ip 111.15.111.66
Slot 1:
Current sessions: 3
TCP sessions: 0
UDP sessions: 0
ICMP sessions: 3
ICMPv6 sessions: 0
UDP-Lite sessions: 0
SCTP sessions: 0
DCCP sessions: 0
RAWIP sessions: 0
# Display statistics for IPv4 unicast TCP sessions.
<Sysname> display session statistics ipv4 protocol tcp
Slot 1:
Current sessions: 3
TCP sessions: 3
UDP sessions: 0
ICMP sessions: 0
ICMPv6 sessions: 0
UDP-Lite sessions: 0
SCTP sessions: 0
DCCP sessions: 0
RAWIP sessions: 0
Table 3 Command output
Field |
Description |
Current sessions |
Total number of unicast sessions. |
TCP sessions |
Number of TCP unicast sessions. |
UDP sessions |
Number of UDP unicast sessions. |
ICMP sessions |
Number of ICMP unicast sessions. |
ICMPv6 sessions |
Number of ICMPv6 unicast sessions. |
UDP-Lite sessions |
Number of UDP-Lite unicast sessions. |
SCTP sessions |
Number of SCTP unicast sessions. |
DCCP sessions |
Number of DCCP unicast sessions. |
RAWIP sessions |
Number of Raw IP unicast sessions. |
display session statistics ipv6
Use display session statistics ipv6 to display IPv6 unicast session statistics.
Syntax
display session statistics ipv6 { source-ip source-ip | destination-ip destination-ip | protocol { dccp | icmpv6 | raw-ip | sctp | tcp | udp | udp-lite } | source-port source-port | destination-port destination-port } * [ slot slot-number ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
source-ip source-ip: Specifies a source IPv6 address for a unicast session from the initiator to the responder.
destination-ip destination-ip: Specifies a destination IPv6 address for a unicast session from the initiator to the responder.
protocol { dccp | icmpv6 | raw-ip | sctp | tcp | udp | udp-lite }: Specifies an IPv6 transport layer protocol, including DCCP, ICMPv6, RawIP, SCTP, TCP, UDP, and UDP-Lite.
source-port source-port: Specifies a source port by its number. The source-port argument specifies the source port of an IPv6 unicast session from the initiator to the responder. The value range for the source-port argument is 0 to 65535.
destination-port destination-port: Specifies a destination port by its number. The destination-port argument specifies the destination port of an IPv6 unicast session from the initiator to the responder. The value range for the destination-port argument is 0 to 65535.
slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command displays IPv6 unicast session statistics for all member devices.
Examples
# Display statistics for unicast sessions from IPv6 address 100::2.
<Sysname> display session statistics ipv6 source-ip 100::2
Slot 1:
Current sessions: 3
TCP sessions: 0
UDP sessions: 0
ICMP sessions: 3
ICMPv6 sessions: 0
UDP-Lite sessions: 0
SCTP sessions: 0
DCCP sessions: 0
RAWIP sessions: 0
# Display statistics for IPv6 unicast TCP sessions.
<Sysname> display session statistics ipv6 protocol tcp
Slot 1:
Current sessions: 3
TCP sessions: 3
UDP sessions: 0
ICMP sessions: 0
ICMPv6 sessions: 0
UDP-Lite sessions: 0
SCTP sessions: 0
DCCP sessions: 0
RAWIP sessions: 0
Table 4 Command output
Field |
Description |
Current sessions |
Total number of unicast sessions. |
TCP sessions |
Number of TCP unicast sessions. |
UDP sessions |
Number of UDP unicast sessions. |
ICMP sessions |
Number of ICMP unicast sessions. |
ICMPv6 sessions |
Number of ICMPv6 unicast sessions. |
UDP-Lite sessions |
Number of UDP-Lite unicast sessions. |
SCTP sessions |
Number of SCTP unicast sessions. |
DCCP sessions |
Number of DCCP unicast sessions. |
RAWIP sessions |
Number of Raw IP unicast sessions. |
display session statistics
Use display session statistics to display unicast session statistics.
Syntax
display session statistics [ summary ] [ slot slot-number ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
summary: Displays summary information about unicast session statistics. If you do not specify this keyword, the command displays detailed information about unicast session statistics.
slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command displays unicast session statistics for all member devices.
Examples
# Display detailed information about unicast session statistics.
<Sysname> display session statistics
Slot 1:
Current sessions: 3
TCP sessions: 0
UDP sessions: 0
ICMP sessions: 3
ICMPv6 sessions: 0
UDP-Lite sessions: 0
SCTP sessions: 0
DCCP sessions: 0
RAWIP sessions: 0
History average sessions per second:
Past hour: 1
Past 24 hours: 0
Past 30 days: 0
History average session establishment rate:
Past 24 hours: 0/s
Past 30 days: 0/s
Current relation-table entries: 0
Session establishment rate: 0/s
TCP: 0/s
UDP: 0/s
ICMP: 0/s
ICMPv6: 0/s
UDP-Lite: 0/s
SCTP: 0/s
DCCP: 0/s
RAWIP: 0/s
Received TCP : 0 packets 0 bytes
Received UDP : 118 packets 13568 bytes
Received ICMP : 105 packets 8652 bytes
Received ICMPv6 : 0 packets 0 bytes
Received UDP-Lite : 0 packets 0 bytes
Received SCTP : 0 packets 0 bytes
Received DCCP : 0 packets 0 bytes
Received RAWIP : 0 packets 0 bytes
Table 5 Command output
Field |
Description |
Current sessions |
Total number of unicast sessions. |
TCP sessions |
Number of TCP sessions. |
UDP sessions |
Number of UDP sessions. |
ICMP sessions |
Number of ICMP sessions. |
ICMPv6 sessions |
Number of ICMPv6 sessions. |
UDP-Lite sessions |
Number of UDP-Lite sessions. |
SCTP sessions |
Number of SCTP sessions. |
DCCP sessions |
Number of DCCP sessions. |
RAWIP sessions |
Number of Raw IP sessions. |
History statistics of average sessions per second. |
|
Average number of sessions per second in the most recent hour. |
|
Average number of sessions per second in the most recent 24 hours. |
|
Average number of sessions per second in the most recent 30 days. |
|
History statistics of average session establishment rates. |
|
Average session establishment rate in the most recent hour. |
|
Average session establishment rate in the most recent 24 hours. |
|
Average session establishment rate in the most recent 30 days. |
|
Current relation-table entries |
Total number of relation entries. |
Session establishment rate |
Unicast session establishment rate, and rates for establishing unicast sessions of different protocols. |
Received TCP |
Number of received TCP packets and bytes. |
Received UDP |
Number of received UDP packets and bytes. |
Received ICMP |
Number of received ICMP packets and bytes. |
Received ICMPv6 |
Number of received ICMPv6 packets and bytes. |
Received UDP-Lite |
Number of received UDP-Lite packets and bytes. |
Received SCTP |
Number of received SCTP packets and bytes. |
Received DCCP |
Number of received DCCP packets and bytes. |
Received RAWIP |
Number of received Raw IP packets and bytes. |
display session statistics multicast
Use display session statistics multicast to display multicast session statistics.
Syntax
display session statistics multicast [ slot slot-number ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
slot slot-number: Specifies an IRF member device by its member ID.
Examples
# Display information about multicast session statistics.
<Sysname> display session statistics multicast
Slot 0:
Current sessions: 0
Session establishment rate: 0/s
Received: 0 packets 0 bytes
Sent : 0 packets 0 bytes
Slot 2:
Current sessions: 0
Session establishment rate: 0/s
Received: 0 packets 0 bytes
Sent : 0 packets 0 bytes
Table 6 Command output
Field |
Description |
Current sessions |
Total number of multicast sessions. |
Session establishment rate |
Rate of multicast session creation. |
Received |
Number of received multicast packets and packet bytes. |
Sent |
Number of sent multicast packets and packet bytes. |
display session table ipv4
Use display session table ipv4 to display IPv4 unicast session entries.
Syntax
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command displays IPv4 unicast session entries that match specific criteria for all member devices.
source-ip start-source-ip [ end-source-ip ]: Specifies a source IPv4 address or IPv4 address range for a unicast session from the initiator to the responder. The start source-ip argument specifies the start source IPv4 address. The end source-ip argument specifies the end source IPv4 address.
destination-ip start-destination-ip [ end-destination-ip ]: Specifies a destination IPv4 address or IPv4 address range for a unicast session from the initiator to the responder. The start destination-ip argument specifies the start destination IPv4 address. The end destination-ip argument specifies the end destination IPv4 address.
protocol { dccp | icmp | raw-ip | sctp | tcp | udp | udp-lite }: Specifies an IPv4 transport layer protocol, including DCCP, ICMP, RawIP, SCTP, TCP, UDP, and UDP-Lite.
source-port source-port: Specifies a source port by its number. The source-port argument specifies the source port of a unicast session from the initiator to the responder. The value range for the source-port argument is 0 to 65535.
destination-port destination-port: Specifies a destination port by its number. The destination-port argument specifies the destination port of a unicast session from the initiator to the responder. The value range for the destination-port argument is 0 to 65535.
verbose: Displays detailed information about IPv4 unicast session entries. If you do not specify this keyword, the command displays brief information about IPv4 unicast session entries.
Usage guidelines
If you do not specify any parameters, this command displays all IPv4 unicast session entries.
Examples
# Display brief information about all IPv4 unicast session entries.
<Sysname> display session table ipv4
Slot 1:
Initiator:
Source IP/port: 192.168.100.14/54324
Destination IP/port: 192.168.100.138/27011
DS-Lite tunnel peer: -
VPN instance/VLAN ID/Inline ID: -/-/-
Protocol: UDP(17)
Inbound interface: Vlan-interface3
Initiator:
Source IP/port: 192.168.100.14/56105
Destination IP/port: 192.168.100.138/23
DS-Lite tunnel peer: -
VPN instance/VLAN ID/Inline ID: -/-/-
Protocol: TCP(6)
Inbound interface: Vlan-interface3
Total sessions found: 2
# Display detailed information about all IPv4 unicast session entries.
<Sysname> display session table ipv4 verbose
Slot 1:
Initiator:
Source IP/port: 192.168.100.14/56105
Destination IP/port: 192.168.100.138/23
DS-Lite tunnel peer: -
VPN instance/VLAN ID/Inline ID: -/-/-
Protocol: TCP(6)
Inbound interface: Vlan-interface3
Responder:
Source IP/port: 192.168.100.138/23
Destination IP/port: 192.168.100.14/56105
DS-Lite tunnel peer: -
VPN instance/VLAN ID/Inline ID: -/-/-
Protocol: TCP(6)
Inbound interface: InLoopBack0
State: TCP_ESTABLISHED
Application: TELNET
Start time: 2017-03-06 09:21:29 TTL: 1199s
Initiator->Responder: 0 packets 0 bytes
Responder->Initiator: 0 packets 0 bytes
Total sessions found: 1
Table 7 Command output
Field |
Description |
Initiator |
Information about the unicast session from the initiator to the responder. |
Responder |
Information about the unicast session from the responder to the initiator. |
DS-Lite tunnel peer |
Address of the DS-Lite tunnel peer. When the session does not belong to any DS-Lite tunnel, this field displays a hyphen (-). The device does not support this field in the current software version. |
VPN instance/VLAN ID/Inline ID |
MPLS L3VPN to which the session belongs. The device does not support the VPN instance field in the current software version. VLAN and INLINE to which the session belongs during Layer 2 forwarding. If a parameter is not specified, a hyphens (-) is displayed for the proper field. |
Protocol |
Transport layer protocol: · DCCP. · ICMP. · ICMPv6. · Raw IP. · SCTP. · TCP. · UDP. · UDP-Lite. The number in the brackets indicates the protocol number. |
State |
Session state. |
Application |
Application layer protocol, FTP or DNS. If it is an unknown protocol identified by an unknown port, this field displays OTHER. |
Start time |
Session establishment time. |
TTL |
Remaining lifetime of the unicast session, in seconds. |
Initiator->Responder |
Number of packets and packet bytes from the initiator to the responder. |
Responder->Initiator |
Number of packets and packet bytes from the responder to the initiator. |
Total sessions found |
Total number of found unicast session entries. |
display session table ipv6
Use display session table ipv6 to display IPv6 unicast session entries.
Syntax
display session table ipv6 [ slot slot-number ] [ source-ip start-source-ip [ end-source-ip ] ] [ destination-ip start-destination-ip [ end-destination-ip ] ] [ protocol { dccp | icmp | raw-ip | sctp | tcp | udp | udp-lite } ] [ source-port source-port ] [ destination-port destination-port ] [ verbose ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command displays IPv6 unicast session entries that match specific criteria for all member devices.
source-ip start-source-ip [ end-source-ip ]: Specifies a source IPv6 address or IPv6 address range for a unicast session from the initiator to the responder. The start source-ip argument specifies the start source IPv6 address. The end source-ip argument specifies the end source IPv6 address.
destination-ip start-destination-ip [ end-destination-ip ]: Specifies a destination IPv6 address or IPv6 address range for a unicast session from the initiator to the responder. The start destination-ip argument specifies the start destination IPv6 address. The end destination-ip argument specifies the end destination IPv6 address.
protocol { dccp | icmpv6 | raw-ip | sctp | tcp | udp | udp-lite }: Specifies an IPv6 transport layer protocol, including DCCP, ICMPv6, RawIP, SCTP, TCP, UDP, and UDP-Lite.
source-port source-port: Specifies a source port by its number. The source-port argument specifies the source port of a unicast session from the initiator to the responder. The value range for the source-port argument is 0 to 65535.
destination-port destination-port: Specifies a destination port by its number. The destination-port argument specifies the destination port of a unicast session from the initiator to the responder. The value range for the destination-port argument is 0 to 65535.
verbose: Displays detailed information about IPv6 unicast session entries. If you do not specify this keyword, the command displays brief information about IPv6 unicast session entries.
Usage guidelines
If you do not specify any parameters, this command displays all IPv6 unicast session entries.
Examples
# Display brief information about all IPv6 unicast session entries.
<Sysname> display session table ipv6
Slot 1:
Initiator:
Source IP/port: 2011::2/58473
Destination IP/port: 2011::8/32768
DS-Lite tunnel peer: -
VPN instance/VLAN ID/Inline ID: -/-/-
Protocol: IPV6-ICMP(58)
Inbound interface: Vlan-interface3
Total sessions found: 1
# Display detailed information about all IPv6 unicast session entries.
<Sysname> display session table ipv6 verbose
Slot 1:
Initiator:
Source IP/port: 2011::2/58473
Destination IP/port: 2011::8/32768
DS-Lite tunnel peer: -
VPN instance/VLAN ID/Inline ID: -/-/-
Protocol: IPV6-ICMP(58)
Inbound interface: Vlan-interface3
Responder:
Source IP/port: 2011::8/58473
Destination IP/port: 2011::2/33024
DS-Lite tunnel peer: -
VPN instance/VLAN ID/Inline ID: -/-/-
Protocol: IPV6-ICMP(58)
Inbound interface: InLoopBack0
State: ICMPV6_REQUEST
Application: OTHER
Start time: 2011-07-29 19:23:41 TTL: 55s
Initiator->Responder: 1 packets 104 bytes
Responder->Initiator: 0 packets 0 bytes
Total sessions found: 1
Table 8 Command output
Field |
Description |
Initiator |
Information about the unicast session from the initiator to the responder. |
Responder |
Information about the unicast session from the responder to the initiator. |
DS-Lite tunnel peer |
Address of the DS-Lite tunnel peer. When the session is not tunneled by DS-Lite, this field displays a hyphen (-). The device does not support this field in the current software version. |
VPN instance/VLAN ID/Inline ID |
MPLS L3VPN to which the unicast session belongs. The device does not support the VPN instance field in the current software version. VLAN and INLINE to which the session belongs during Layer 2 forwarding. If a parameter is not specified, a hyphens (-) is displayed for the proper field. |
Protocol |
Transport layer protocol: · DCCP. · ICMP. · ICMPv6. · Raw IP. · SCTP. · TCP. · UDP. · UDP-Lite. The number in the brackets indicates the protocol number. |
State |
Session state. |
Application |
Application layer protocol, FTP or DNS. If it is an unknown protocol identified by an unknown port, this field displays OTHER. |
Start time |
Session establishment time. |
TTL |
Remaining lifetime of the unicast session, in seconds. |
Initiator->Responder |
Number of packets and packet bytes from the initiator to the responder. |
Responder->Initiator |
Number of packets and packet bytes from the responder to the initiator. |
Total sessions found |
Total number of found unicast session entries. |
display session table multicast ipv4
Use display session table multicast ipv4 to display IPv4 multicast session entries.
Syntax
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command displays IPv4 multicast session entries that match specific criteria for all member devices.
source-ip start-source-ip [ end-source-ip ]: Specifies a source IPv4 address or IPv4 address range for a multicast session from the initiator to the responder. The start source-ip argument specifies the start source IPv4 address. The end source-ip argument specifies the end source IPv4 address.
destination-ip start-destination-ip [ end-destination-ip ]: Specifies a destination IPv4 address or IPv4 address range for a multicast session from the initiator to the responder. The start destination-ip argument specifies the start destination IPv4 address. The end destination-ip argument specifies the end destination IPv4 address.
protocol { dccp | icmp | raw-ip | sctp | tcp | udp | udp-lite }: Specifies an IPv4 transport layer protocol, including DCCP, ICMP, RawIP, SCTP, TCP, UDP, and UDP-Lite.
source-port source-port: Specifies a source port by its number. The source-port argument specifies the source port of a multicast session from the initiator to the responder. The value range for the source-port argument is 0 to 65535.
destination-port destination-port: Specifies a destination port by its number. The destination-port argument specifies the destination port of a multicast session from the initiator to the responder. The value range for the destination-port argument is 0 to 65535.
verbose: Displays detailed information about IPv4 multicast session entries. If you do not specify this keyword, the command displays brief information about IPv4 multicast session entries.
Usage guidelines
If you do not specify any parameters, this command displays all IPv4 multicast session entries.
Examples
# Display brief information about all IPv4 multicast session entries.
<Sysname> display session table multicast ipv4
Slot 1:
Inbound initiator:
Source IP/port: 160.51.0.2/63
Destination IP/port: 232.0.0.1/63
DS-Lite tunnel peer: -
VPN instance/VLAN ID/Inline ID: -/53/-
Protocol: UDP(17)
Inbound interface: GigabitEthernet2/0/2
Outbound interface list:
WLAN-BSS1/0/12067
Total sessions found: 2
Slot 2:
Inbound initiator:
Source IP/port: 160.51.0.2/63
Destination IP/port: 232.0.0.1/63
DS-Lite tunnel peer: -
VPN instance/VLAN ID/Inline ID: -/53/-
Protocol: UDP(17)
Inbound interface: GigabitEthernet2/0/2
Outbound interface list:
Total sessions found: 1
# Display detailed information about all IPv4 multicast session entries.
<Sysname> display session table multicast ipv4 verbose
Slot 1:
Inbound initiator:
Source IP/port: 160.51.0.2/63
Destination IP/port: 232.0.0.1/63
DS-Lite tunnel peer: -
VPN instance/VLAN ID/Inline ID: -/53/-
Protocol: UDP(17)
Inbound responder:
Source IP/port: 232.0.0.1/63
Destination IP/port: 160.51.0.2/63
DS-Lite tunnel peer: -
VPN instance/VLAN ID/Inline ID: -/53/-
Protocol: UDP(17)
Inbound interface: GigabitEthernet2/0/2
State: UDP_OPEN
Application: -
Start time: 2017-03-13 17:13:30 TTL: 29s
Initiator->Responder: 0 packets 0 bytes
Outbound initiator:
Source IP/port: 160.51.0.2/63
Destination IP/port: 232.0.0.1/63
DS-Lite tunnel peer: -
VPN instance/VLAN ID/Inline ID: -/53/-
Protocol: UDP(17)
Outbound responder:
Source IP/port: 232.0.0.1/63
Destination IP/port: 160.51.0.2/63
DS-Lite tunnel peer: -
VPN instance/VLAN ID/Inline ID: -/53/-
Protocol: UDP(17)
Outbound interface: WLAN-BSS1/0/12067
State: UDP_OPEN
Application: -
Start time: 2017-03-13 17:13:30 TTL: 29s
Initiator->Responder: 0 packets 0 bytes
Total sessions found: 2
Slot 2:
Inbound initiator:
Source IP/port: 160.51.0.2/63
Destination IP/port: 232.0.0.1/63
DS-Lite tunnel peer: -
VPN instance/VLAN ID/Inline ID: -/53/-
Protocol: UDP(17)
Inbound responder:
Source IP/port: 232.0.0.1/63
Destination IP/port: 160.51.0.2/63
DS-Lite tunnel peer: -
VPN instance/VLAN ID/Inline ID: -/53/-
Protocol: UDP(17)
Inbound interface: GigabitEthernet2/0/2
State: UDP_OPEN
Application: -
Start time: 2017-03-13 17:13:31 TTL: 30s
Initiator->Responder: 0 packets 0 bytes
Total sessions found: 1
Table 9 Command output
Field |
Description |
Information about the multicast session from the initiator to the responder on the inbound interface. |
|
Information about the multicast session from the responder to the initiator on the inbound interface. |
|
Information about the multicast session from the initiator to the responder on the outbound interface. |
|
Information about the multicast session from the responder to the initiator on the outbound interface. |
|
DS-Lite tunnel peer |
Address of the DS-Lite tunnel peer. If the multicast session is not tunneled by DS-Lite, this field displays a hyphen (-). The device does not support this field in the current software version. |
VPN instance/VLAN ID/Inline ID |
MPLS L3VPN to which the multicast session belongs. The device does not support the VPN instance field in the current software version. VLAN and INLINE to which the multicast session belongs during Layer 2 forwarding. If a parameter is not specified, a hyphens (-) is displayed for the proper field. |
Protocol |
Transport layer protocol: · DCCP. · ICMP. · Raw IP. · SCTP. · TCP. · UDP. · UDP-Lite. The number in the brackets indicates the protocol number. |
State |
Multicast session state. |
Application |
Application layer protocol, FTP or DNS. If it is an unknown protocol identified by an unknown port, this field displays OTHER. |
Start time |
Time when the multicast session was created. |
TTL |
Remaining lifetime of the multicast session, in seconds. |
Inbound interface of the first packet from the initiator to responder. |
|
Outbound interface of the first packet from the initiator to responder. |
|
Outbound interfaces of the first packet from the initiator to responder. |
|
Initiator->Responder |
Number of packets and packet bytes from the initiator to the responder. |
Total sessions found |
Total number of found multicast session entries. |
display session table multicast ipv6
Use display session table multicast ipv6 to display IPv6 multicast session entries.
Syntax
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command displays IPv6 multicast session entries that match specific criteria for all member devices.
source-ip start-source-ip [ end-source-ip ]: Specifies a source IPv6 address or IPv6 address range for a multicast session from the initiator to the responder. The start source-ip argument specifies the start source IPv6 address. The end source-ip argument specifies the end source IPv6 address.
destination-ip start-destination-ip [ end-destination-ip ]: Specifies a destination IPv6 address or IPv6 address range for a multicast session from the initiator to the responder. The start destination-ip argument specifies the start destination IPv6 address. The end destination-ip argument specifies the end destination IPv6 address.
protocol { dccp | icmpv6 | raw-ip | sctp | tcp | udp | udp-lite }: Specifies an IPv6 transport layer protocol, including DCCP, ICMPv6, RawIP, SCTP, TCP, UDP, and UDP-Lite.
source-port source-port: Specifies a source port by its number. The source-port argument specifies the source port of a multicast session from the initiator to the responder. The value range for the source-port argument is 0 to 65535.
destination-port destination-port: Specifies a destination port by its number. The destination-port argument specifies the destination port of a multicast session from the initiator to the responder. The value range for the destination-port argument is 0 to 65535.
verbose: Displays detailed information about IPv6 multicast session entries. If you do not specify this keyword, the command displays brief information about IPv6 multicast session entries.
Usage guidelines
If you do not specify any parameters, this command displays all IPv6 multicast session entries.
Examples
# Display brief information about all IPv6 multicast session entries.
<Sysname> display session table multicast ipv6
Slot 1:
Inbound initiator:
Source IP/port: 3::4/1617
Destination IP/port: FF0E::1/1025
DS-Lite tunnel peer: -
VPN instance/VLAN ID/Inline ID: -/53/-
Protocol: UDP(17)
Inbound interface: GigabitEthernet2/0/2
Outbound interface list:
WLAN-BSS1/0/12067
Total sessions found: 2
Slot 2:
Inbound initiator:
Source IP/port: 3::4/1617
Destination IP/port: FF0E::1/1025
DS-Lite tunnel peer: -
VPN instance/VLAN ID/Inline ID: -/53/-
Protocol: UDP(17)
Inbound interface: GigabitEthernet2/0/2
Outbound interface list:
Total sessions found: 1
# Display detailed information about all IPv6 multicast session entries.
<Sysname> display session table multicast ipv6 verbose
Slot 1:
Inbound initiator:
Source IP/port: 3::4/1617
Destination IP/port: FF0E::1/1025
DS-Lite tunnel peer: -
VPN instance/VLAN ID/Inline ID: -/53/-
Protocol: UDP(17)
Inbound responder:
Source IP/port: FF0E::1/1025
Destination IP/port: 3::4/1617
DS-Lite tunnel peer: -
VPN instance/VLAN ID/Inline ID: -/53/-
Protocol: UDP(17)
Inbound interface: GigabitEthernet2/0/2
State: UDP_OPEN
Application: -
Start time: 2017-03-13 17:13:30 TTL: 29s
Initiator->Responder: 0 packets 0 bytes
Outbound initiator:
Source IP/port: 3::4/1617
Destination IP/port: FF0E::1/1025
DS-Lite tunnel peer: -
VPN instance/VLAN ID/Inline ID: -/53/-
Protocol: UDP(17)
Outbound responder:
Source IP/port: FF0E::1/1025
Destination IP/port: 3::4/1617
DS-Lite tunnel peer: -
VPN instance/VLAN ID/Inline ID: -/53/-
Protocol: UDP(17)
Outbound interface: WLAN-BSS1/0/12067
State: UDP_OPEN
Application: -
Start time: 2017-03-13 17:13:30 TTL: 29s
Initiator->Responder: 0 packets 0 bytes
Total sessions found: 2
Slot 2:
Inbound initiator:
Source IP/port: 3::4/1617
Destination IP/port: FF0E::1/1025
DS-Lite tunnel peer: -
VPN instance/VLAN ID/Inline ID: -/53/-
Protocol: UDP(17)
Inbound responder:
Source IP/port: FF0E::1/1025
Destination IP/port: 3::4/1617
DS-Lite tunnel peer: -
VPN instance/VLAN ID/Inline ID: -/53/-
Protocol: UDP(17)
Inbound interface: GigabitEthernet2/0/2
State: UDP_OPEN
Application: -
Start time: 2017-03-13 17:13:31 TTL: 30s
Initiator->Responder: 0 packets 0 bytes
Total sessions found: 1
Table 10 Command output
Field |
Description |
Inbound initiator |
Information about the multicast session from the initiator to the responder on the inbound interface. |
Inbound responder |
Information about the multicast session from the responder to the initiator on the inbound interface. |
Outbound initiator |
Information about the multicast session from the initiator to the responder on the outbound interface. |
Outbound responder |
Information about the multicast session from the responder to the initiator on the outbound interface. |
DS-Lite tunnel peer |
Address of the DS-Lite tunnel peer. If the multicast session is not tunneled by DS-Lite, this field displays a hyphen (-). The device does not support this field in the current software version. |
VPN instance/VLAN ID/Inline ID |
MPLS L3VPN to which the multicast session belongs. The device does not support the VPN instance field in the current software version. VLAN and INLINE to which the multicast session belongs during Layer 2 forwarding. If a parameter is not specified, a hyphens (-) is displayed for the proper field. |
Protocol |
Transport layer protocol: · DCCP. · ICMPv6. · Raw IP. · SCTP. · TCP. · UDP. · UDP-Lite. The number in the brackets indicates the protocol number. |
State |
Multicast session state. |
Application |
Application layer protocol, FTP or DNS. If it is an unknown protocol identified by an unknown port, this field displays OTHER. |
Start time |
Time when the multicast session was created. |
TTL |
Remaining lifetime of the multicast session, in seconds. |
Inbound interface |
Inbound interface of the first packet from the initiator to responder. |
Outbound interface |
Outbound interface of the first packet from the initiator to responder. |
Outbound interface list |
Outbound interfaces of the first packet from the initiator to responder. |
Initiator->Responder |
Number of packets and packet bytes from the initiator to the responder. |
Total sessions found |
Total number of found multicast session entries. |
reset session relation-table
Use reset session relation-table to clear relation entries.
Syntax
reset session relation-table [ ipv4 | ipv6 ] [ slot slot-number ]
Views
User view
Predefined user roles
network-admin
Parameters
ipv4: Specifies IPv4 relation entries.
ipv6: Specifies IPv6 relation entries.
slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command clears relation entries for all member devices.
Usage guidelines
If you do not specify the IPv4 keyword or the IPv6 keyword, this command clears all IPv4 and IPv6 relation entries.
Examples
# Clear all IPv4 relation entries.
<Sysname> reset session relation-table ipv4
Related commands
display session relation-table
reset session statistics
Use reset session statistics to clear unicast session statistics.
Syntax
reset session statistics [ slot slot-number ]
Views
User view
Predefined user roles
network-admin
Parameters
slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command clears unicast session statistics for all member devices.
Examples
# Clear all unicast session statistics.
<Sysname> reset session statistics
Related commands
display session statistics
reset session statistics multicast
Use reset session statistics multicast to clear multicast session statistics.
Syntax
reset session statistics multicast [ slot slot-number ]
Views
User view
Predefined user roles
network-admin
Parameters
slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command clears multicast session statistics for all member devices.
Examples
# Clear all multicast session statistics.
<Sysname> reset session statistics multicast
Related commands
display session statistics multicast
reset session table
Use reset session table to clear IPv4 and IPv6 unicast session entries.
Syntax
reset session table [ slot slot-number ]
Views
User view
Predefined user roles
network-admin
Parameters
slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command clears unicast session entries for all member devices.
Examples
# Clear all IPv4 and IPv6 unicast session entries.
<Sysname> reset session table
Related commands
· display session table ipv4
· display session table ipv6
reset session table ipv4
Use reset session table ipv4 to clear IPv4 unicast session entries.
Syntax
reset session table ipv4 [ slot slot-number ] [ source-ip source-ip ] [ destination-ip destination-ip ] [ protocol { dccp | icmp | raw-ip | sctp | tcp | udp | udp-lite } ] [ source-port source-port ] [ destination-port destination-port ]
Views
User view
Predefined user roles
network-admin
Parameters
slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command clears IPv4 unicast session entries that match specific criteria for all member devices.
source-ip source-ip: Specifies a source IPv4 address. The source-ip argument specifies the source IPv4 address of a unicast session from the initiator to the responder.
destination-ip destination-ip: Specifies a destination IPv4 address. The destination-ip argument specifies the destination IPv4 address of a unicast session from the initiator to the responder.
protocol { dccp | icmp | raw-ip | sctp | tcp | udp | udp-lite }: Specifies an IPv4 transport layer protocol, including DCCP, ICMP, RawIP, SCTP, TCP, UDP, and UDP-Lite.
source-port source-port: Specifies a source port by its number. The source-port argument specifies the source port of a unicast session from the initiator to the responder. The value range for the source-port argument is 0 to 65535.
destination-port destination-port: Specifies a destination port by its number. The destination-port argument specifies the destination port of a unicast session from the initiator to the responder. The value range for the destination-port argument is 0 to 65535.
Usage guidelines
If you do not specify any parameters, this command clears all IPv4 unicast session entries.
Examples
# Clear all IPv4 unicast session entries.
<Sysname> reset session table ipv4
# Clear the IPv4 unicast session entries with the source IP address of 10.10.10.10.
<Sysname> reset session table ipv4 source-ip 10.10.10.10
Related commands
display session table ipv4
reset session table ipv6
Use reset session table ipv6 to clear IPv6 unicast session entries.
Syntax
reset session table ipv6 [ slot slot-number ] [ source-ip source-ip ] [ destination-ip destination-ip ] [ protocol { dccp | icmpv6 | raw-ip | sctp | tcp | udp | udp-lite } ] [ source-port source-port ] [ destination-port destination-port ]
Views
User view
Predefined user roles
network-admin
Parameters
slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command clears IPv6 unicast session entries that match the specified criteria for all member devices.
source-ip source-ip: Specifies a source IPv6 address. The source-ip argument specifies the source IPv6 address of a unicast session from the initiator to the responder.
destination-ip destination-ip: Specifies a destination IPv6 address. The destination-ip argument specifies the destination IPv6 address of a unicast session from the initiator to the responder.
protocol { dccp | icmpv6 | raw-ip | sctp | tcp | udp | udp-lite }: Specifies an IPv6 transport layer protocol, including DCCP, ICMPv6, Raw IP, SCTP, TCP, UDP, and UDP-Lite.
source-port source-port: Specifies a source port by its number. The source-port argument specifies the source port of a unicast session from the initiator to the responder. The value range for the source-port argument is 0 to 65535.
destination-port destination-port: Specifies a destination port by its number. The destination-port argument specifies the destination port of a unicast session from the initiator to the responder. The value range for the destination-port argument is 0 to 65535.
Usage guidelines
If you do not specify any parameters, this command clears all IPv6 unicast session entries.
Examples
# Clear all IPv6 unicast session entries.
<Sysname> reset session table ipv6
# Clear the IPv6 unicast session entries with the source IP address of 2011::0002.
<Sysname> reset session table ipv6 source-ip 2011::0002
Related commands
display session table ipv6
reset session table multicast
Use reset session table multicast to clear IPv4 and IPv6 multicast session entries.
Syntax
reset session table multicast [ slot slot-number ]
Views
User view
Predefined user roles
network-admin
Parameters
slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command clears multicast session entries for all member devices.
Examples
# Clear all IPv4 and IPv6 multicast session entries.
<Sysname> reset session table multicast
Related commands
· display session table multicast ipv4
· display session table multicast ipv6
reset session table multicast ipv4
Use reset session table multicast ipv4 to clear IPv4 multicast session entries.
Syntax
Views
User view
Predefined user roles
network-admin
Parameters
slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command clears IPv4 multicast session entries that match specific criteria for all member devices.
source-ip source-ip: Specifies a source IPv4 address. The source-ip argument specifies the source IPv4 address of a multicast session from the initiator to the responder.
destination-ip destination-ip: Specifies a destination IPv4 address. The destination-ip argument specifies the destination IPv4 address of a multicast session from the initiator to the responder.
protocol { dccp | icmp | raw-ip | sctp | tcp | udp | udp-lite }: Specifies an IPv4 transport layer protocol, including DCCP, ICMP, RawIP, SCTP, TCP, UDP, and UDP-Lite.
source-port source-port: Specifies a source port by its number. The source-port argument specifies the source port of a multicast session from the initiator to the responder. The value range for the source-port argument is 0 to 65535.
destination-port destination-port: Specifies a destination port by its number. The destination-port argument specifies the destination port of a multicast session from the initiator to the responder. The value range for the destination-port argument is 0 to 65535.
Usage guidelines
If you do not specify any parameters, this command clears all IPv4 multicast session entries.
Examples
# Clear all IPv4 multicast session entries.
<Sysname> reset session table multicast ipv4
# Clear the IPv4 multicast session entries with the source IP address of 10.10.10.10.
<Sysname> reset session table multicast ipv4 source-ip 10.10.10.10
Related commands
display session table multicast ipv4
reset session table multicast ipv6
Use reset session table multicast ipv6 to clear IPv6 multicast session entries.
Syntax
Views
User view
Predefined user roles
network-admin
Parameters
slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command clears IPv6 multicast session entries that match specific criteria for all member devices.
source-ip source-ip: Specifies a source IPv6 address. The source-ip argument specifies the source IPv6 address of a multicast session from the initiator to the responder.
destination-ip destination-ip: Specifies a destination IPv6 address. The destination-ip argument specifies the destination IPv6 address of a multicast session from the initiator to the responder.
protocol { dccp | icmpv6 | raw-ip | sctp | tcp | udp | udp-lite }: Specifies an IPv6 transport layer protocol, including DCCP, ICMPv6, RawIP, SCTP, TCP, UDP, and UDP-Lite.
source-port source-port: Specifies a source port by its number. The source-port argument specifies the source port of a multicast session from the initiator to the responder. The value range for the source-port argument is 0 to 65535.
destination-port destination-port: Specifies a destination port by its number. The destination-port argument specifies the destination port of a multicast session from the initiator to the responder. The value range for the destination-port argument is 0 to 65535.
Usage guidelines
If you do not specify any parameters, this command clears all IPv6 multicast session entries.
Examples
# Clear all IPv6 multicast session entries.
<Sysname> reset session table multicast ipv6
# Clear the IPv6 multicast session entries with the source IP address of 2011::0002.
<Sysname> reset session table multicast ipv6 source-ip 2011::0002
Related commands
display session table multicast ipv6
session aging-time state
Use session aging-time state to set the aging time for the sessions in a protocol state.
Use undo session aging-time state to restore the default. If you do not specify a protocol state, this command restores all aging time for sessions in different protocol states to the default.
Syntax
session aging-time state { fin | icmp-reply | icmp-request | rawip-open | rawip-ready | syn | tcp-close | tcp-est | tcp-time-wait | udp-open | udp-ready } time-value
undo session aging-time state [ fin | icmp-reply | icmp-request | rawip-open | rawip-ready | syn | tcp-close | tcp-est | tcp-time-wait | udp-open | udp-ready ]
Default
The aging time for sessions in different protocol states is as follows:
· FIN_WAIT: 30 seconds.
· ICMP-REPLY: 30 seconds.
· ICMP-REQUEST: 60 seconds.
· RAWIP-OPEN: 30 seconds.
· RAWIP-READY: 60 seconds.
· TCP SYN-SENT and SYN-RCV: 30 seconds.
· TCP CLOSE: 2 seconds.
· TCP ESTABLISHED: 3600 seconds.
· TCP TIME-WAIT: 2 seconds.
· UDP-OPEN: 30 seconds.
· UDP-READY: 60 seconds.
Views
System view
Predefined user roles
network-admin
Parameters
fin: Specifies the TCP FIN_WAIT state.
icmp-reply: Specifies the ICMP REPLY state.
icmp-request: Specifies the IGMP REQUEST state.
rawip-open: Specifies the RAWIP-OPEN state.
rawip-ready: Specifies the RAWIP-READY state.
syn: Specifies the TCP SYN-SENT and SYN-RCV states.
tcp-close: Specifies the TCP CLOSE state.
tcp-est: Specifies the TCP ESTABLISHED state.
tcp-time-wait: Specifies the TCP TIME-WAIT state.
udp-open: Specifies the UDP OPEN state.
udp-ready: Specifies the UDP READY state.
time-value: Sets the aging time in seconds. The value range for the time-value argument is 1 to 100000.
Usage guidelines
For persistent sessions, the aging time is set by the session persistent acl command.
Examples
# Set the aging time for TCP sessions in SYN-SENT and SYN-RCV states to 60 seconds.
<Sysname> system-view
[Sysname] session aging-time state syn 60
Related commands
· display session aging-time state
· session persistent acl
session log { bytes-active | packets-active }
Use session log { bytes-active | packets-active } to set a threshold for traffic-based logging.
Use undo session log { bytes-active | packets-active } to restore the default.
Syntax
session log { bytes-active bytes-value | packets-active packets-value }
undo session log { bytes-active | packets-active }
Default
No threshold is set for traffic-based logging.
Views
System view
Predefined user roles
network-admin
Parameters
bytes-value: Specifies the byte-based threshold in the range of 1 to 100000 MB.
packets-value: Specifies the packet-based threshold in the range of 1 to 100000 mega-packets.
Usage guidelines
For this command to take effect, make sure the session statistics collection feature is enabled.
If you set both the traffic-based and time-based logging, the device outputs a session log when whichever is reached. After outputting a session log, the device resets the traffic counter and restarts the interval for the session.
If you execute this command multiple times, the most recent configuration takes effect.
Examples
# Configure the device to output session logs on a per-10-mega-packet basis.
<Sysname> system-view
[Sysname] session statistics enable
[Sysname] session log packets-active 10
Related commands
· session log enable
· session statistics enable
session log enable
Use session log enable to enable session logging.
Use undo session log enable to disable session logging.
Syntax
session log enable { ipv4 | ipv6 } [ acl acl-number ] { inbound | outbound }
undo session log enable { ipv4 | ipv6 } [ acl acl-number ] { inbound | outbound }
Default
Session logging is disabled.
Views
Interface view
Predefined user roles
network-admin
Parameters
ipv4: Logs IPv4 sessions.
ipv6: Logs IPv6 sessions.
acl acl-number: Specifies an ACL by its number in the range of 2000 to 3999.
inbound: Specifies the inbound direction.
outbound: Specifies the outbound direction.
Usage guidelines
If you do not specify an ACL, this command enables session logging for all IPv4 or IPv6 sessions on the interface.
If you do not specify the inbound or the outbound keyword, this command enables session logging on both directions.
Up to one IPv4 ACL and one IPv6 ACL can be applied to each direction.
The session logging feature must work with the flow log feature to generate session logs. For information about flow log, see Network Management and Monitoring.
After session logging is enabled, the device outputs session logs as follows:
· Outputs a session log when the specified traffic threshold or interval is reached.
· Outputs a session log when a session entry is created or removed only if the logging for session creation or deletion is enabled.
Examples
# Enable IPv4 session logging in the inbound direction of VLAN-interface 2.
<Sysname> system-view
[Sysname] session log flow-begin
[Sysname] session log flow-end
[Sysname] interface Vlan-interface 2
[Sysname-Vlan-interface2] session log enable ipv4 inbound
# Enable session logging on VLAN-interface 3 for IPv4 sessions that match ACL 2050 in the outbound direction.
<Sysname> system-view
[Sysname] session log flow-begin
[Sysname] session log flow-end
[Sysname] interface Vlan-interface 3
[Sysname-Vlan-interface3] session log enable ipv4 acl 2050 outbound
# Enable session logging on VLAN-interface 4 for IPv6 sessions that match ACL 2050 in the outbound direction.
<Sysname> system-view
[Sysname] session log flow-begin
[Sysname] session log flow-end
[Sysname] interface Vlan-interface 4
[Sysname-Vlan-interface4] session log enable ipv6 acl 2050 outbound
Related commands
· session log bytes-active
· session log flow-begin
· session log flow-end
· session log packets-active
· session log time-active
session log flow-begin
Use session log flow-begin to enable logging for session creation.
Use undo session log flow-begin to disable logging for session creation.
Syntax
session log flow-begin
undo session log flow-begin
Default
Logging for session creation is disabled.
Views
System view
Predefined user roles
network-admin
Usage guidelines
For the device to output a session log when a session entry is created, make sure both session logging and logging for session creation are enabled.
Examples
# Enable logging for session creation.
<Sysname> system-view
[Sysname] session log flow-begin
Related commands
session log enable
session log flow-end
Use session log flow-end to enable logging for session deletion.
Use undo session log flow-end to disable logging for session deletion.
Syntax
session log flow-end
undo session log flow-end
Default
Logging for session deletion is disabled.
Views
System view
Predefined user roles
network-admin
Usage guidelines
For the device to output a session log when a session entry is deleted, make sure both session logging and logging for session deletion are enabled.
Examples
# Enable logging for session deletion.
<Sysname> system-view
[Sysname] session log flow-end
Related commands
session log enable
session log time-active
Use session log time-active to set the time-based session logging.
Use undo session log time-active to restore the default.
Syntax
session log time-active time-value
undo session log time-active
Default
No threshold is set for time-based session logging.
Views
System view
Predefined user roles
network-admin
Parameters
time-value: Sets the interval in minutes. The value range for the time-value argument is 10 to 120 and the value must be integer times of 10.
Usage guidelines
If you set both time-based and traffic-based logging, the device outputs a session log when whichever is reached. After outputting a session log, the device resets the traffic counter and restarts the interval for the session.
Examples
# Configure the device to output session logs every 50 minutes.
<Sysname> system
[Sysname] session log time-active 50
Related commands
· session log enable
· session log bytes-active
· session log packets-active
session persistent acl
Use session persistent acl to specify persistent sessions.
Use undo session persistent acl to remove the configuration.
Syntax
session persistent acl [ ipv6 ] acl-number [ aging-time time-value ]
undo session persistent acl [ ipv6 ] acl-number
Default
No persistent sessions are specified.
Views
System view
Predefined user roles
network-admin
Parameters
ipv6: Specifies an IPv6 ACL. To specify an IPv4 ACL, do not specify this keyword.
acl-number: Specifies an ACL by its number in the range of 2000 to 3999.
aging-time time-value: Sets the aging time for persistent sessions in hours. The value range for the time-value argument is 0 to 360, and the default value is 24. To disable the aging for persistent sessions, set the value to 0.
Usage guidelines
This command is effective only on TCP sessions in ESTABLISHED state.
For a TCP session in ESTABLISHED state, the priority of the aging time is as follows:
· Aging time for persistent sessions.
· Aging time for sessions of application layer protocols.
· Aging time for sessions in different protocol states.
A never-age-out session is not removed until the device receives a connection close request from the initiator or responder, or you manually clear the session entries.
The configuration of persistent sessions applies only to new sessions. It has no effect on existing sessions.
Repeat this command to use multiple ACLs to specify persistent sessions.
Examples
# Specify IPv4 ACL 2000 for identifying persistent sessions and set the aging time to 72 hours.
<Sysname> system-view
[Sysname] session persistent acl 2000 aging-time 72
# Specify IPv6 ACL 3000 for identifying persistent sessions and set the aging time to 100 hours.
<Sysname> system-view
[Sysname] session persistent acl ipv6 3000 aging-time 100
Related commands
session aging-time state
session state-machine mode loose
Use session state-machine mode loose to set the mode of session state machine to loose.
Use undo session state-machine mode loose to restore the default.
Syntax
session state-machine mode loose
undo session state-machine mode loose
Default
The session state machine is in strict mode.
Views
System view
Predefined user roles
network-admin
Usage guidelines
For asymmetric-path networks, if session synchronization is not enabled, to prevent the device from dropping packets abnormally, set the mode of the session state machine to loose.
As a best practice, use the default setting on symmetric-path networks.
Examples
# Set the mode of session state machine to loose.
<Sysname> system-view
[Sysname] session state-machine mode loose
session statistics enable
Use session statistics enable to enable session statistics collection.
Use undo session statistics enable to disable session statistics collection.
Syntax
session statistics enable
undo session statistics enable
Default
Session statistics collection is disabled.
Views
System view
Predefined user roles
network-admin
Usage guidelines
This command enables the device to collect the session-based outbound and inbound packets and bytes.
To display statistics per session, use the display session table command. To display statistics per packet type, use the display session statistics command.
Examples
# Enable session statistics collection.
[Sysname] session statistics enable
Related commands