option: Specifies the debugging option for a module. The option number and content differ for different modules. To display the supported options, use the debugging module-name ? command.

all: Disables debugging for all modules.

Usage guidelines

Output of debugging commands is memory intensive. To guarantee system performance, enable debugging only for modules that are in an exceptional condition.

The system sends generated debug messages to the device information center. The information center then sends the messages to appropriate destinations based on the log output configuration. For more information about the information center, see Network Management and Monitoring Configuration Guide.

Examples

# Enable debugging for the device management module.

<Sysname> debugging dev

Related commands

display debugging

Use display debugging to display the enabled debugging features.

Syntax

display debugging [ module-name ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

module-name: Specifies a module by its name. To display the current module name, use the display debugging ? command.

Examples

# Display all enabled debugging features.

<Sysname> display debugging

DEV debugging switch is on

Related commands

debugging

ping

Use ping to test the reachability of the destination IP address and display ping statistics.

Syntax

Views

Any view

Predefined user roles

network-admin

Parameters

ip: Distinguishes between a destination host name and the ping command keywords if the name of the destination host is i, ip, ipv, ipv6, l, ls, or lsp. For example, you must use the command in the form of ping ip ip instead of ping ip if the destination host name is ip.

-a source-ip: Specifies an IP address of the device as the source IP address of ICMP echo requests. If this option is not specified, the source IP address of ICMP echo requests is the primary IP address of the outbound interface.

-c count: Specifies the number of ICMP echo requests that are sent to the destination. The value range is 1 to 4294967295, and the default is 5.

-f: Sets the "do-not-fragment" bit in the IP header.

-h ttl: Specifies the TTL value of ICMP echo requests. The value range is 1 to 255, and the default is 255.

-i interface-type interface-number: Specifies the source interface for ICMP echo requests. If you do not specify this option, the system uses the primary IP address of the matching route's egress interface as the source interface for ICMP echo requests.

-m interval: Specifies the interval (in milliseconds) to send ICMP echo requests. The value range is 1 to 65535, and the default is 200.

-n: Disables domain name resolution for the host argument. If the host argument represents the host name of the destination, and if this keyword is not specified, the device translates host into an address.

-p pad: Specifies the value of the pad field in an ICMP echo request, in hexadecimal format, 1 to 8 bits. The pad argument is in the range of 0 to ffffffff. If the specified value is less than 8 bits, 0s are added in front of the value to extend it to 8 bits. For example, if pad is configured as 0x2f, then the packets are padded with 0x0000002f to make the total length of the packet meet the requirements of the device. By default, the padded value starts from 0x01 up to 0xff, where another round starts again if necessary, such as 0x010203…feff01….

-q: Displays only the summary statistics. If this keyword is not specified, the system displays all the ping statistics.

-r: Records the addresses of the hops (up to 9) the ICMP echo requests passed. If this keyword is not specified, the addresses of the hops that the ICMP echo requests passed are not recorded.

-s packet-size: Specifies the length (in bytes) of ICMP echo requests (excluding the IP packet header and the ICMP packet header). The value range is 20 to 8100, and the default is 56.

-t timeout: Specifies the timeout time (in milliseconds) of an ICMP echo reply. The value range is 0 to 65535, and the default is 2000. If the source does not receive an ICMP echo reply within the timeout, it considers the ICMP echo reply timed out.

-tos tos: Specifies the ToS value of ICMP echo requests. The value range is 0 to 255, and the default is 0.

-v: Displays non-ICMP echo reply packets. If this keyword is not specified, the system does not display non-ICMP echo reply packets.

host: Specifies the IP address or host name of the destination. The host name is a case-insensitive string of 1 to 253 characters. It can contain letters, digits, and special characters such as hyphen (-), underscore (_), and dot (.).

Usage guidelines

To use the name of the destination host to perform the ping operation, you must first configure the DNS on the device. Otherwise, the ping operation will fail.

To abort the ping operation during the execution of the command, press Ctrl+C.

Examples

# Test whether the device with an IP address of 1.1.2.2 is reachable.

<Sysname> ping 1.1.2.2

Ping 1.1.2.2 (1.1.2.2): 56 data bytes, press CTRL_C to break

56 bytes from 1.1.2.2: icmp_seq=0 ttl=254 time=2.137 ms

56 bytes from 1.1.2.2: icmp_seq=1 ttl=254 time=2.051 ms

56 bytes from 1.1.2.2: icmp_seq=2 ttl=254 time=1.996 ms

56 bytes from 1.1.2.2: icmp_seq=3 ttl=254 time=1.963 ms

56 bytes from 1.1.2.2: icmp_seq=4 ttl=254 time=1.991 ms

--- Ping statistics for 1.1.2.2 ---

5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss

round-trip min/avg/max/std-dev = 1.963/2.028/2.137/0.062 ms

# Test whether the device with an IP address of 1.1.2.2 is reachable. Only results are displayed.

<Sysname> ping -q 1.1.2.2

Ping 1.1.2.2 (1.1.2.2): 56 data bytes, press CTRL_C to break

--- Ping statistics for 1.1.2.2 ---

5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss

round-trip min/avg/max/std-dev = 1.962/2.196/2.665/0.244 ms

# Test whether the device with an IP address of 1.1.2.2 is reachable. The IP addresses of the hops that the ICMP packets passed in the path are displayed.

<Sysname> ping -r 1.1.2.2

Ping 1.1.2.2 (1.1.2.2): 56 data bytes, press CTRL_C to break

56 bytes from 1.1.2.2: icmp_seq=0 ttl=254 time=4.685 ms

RR: 1.1.2.1

1.1.2.2

1.1.1.2

1.1.1.1

56 bytes from 1.1.2.2: icmp_seq=1 ttl=254 time=4.834 ms (same route)

56 bytes from 1.1.2.2: icmp_seq=2 ttl=254 time=4.770 ms (same route)

56 bytes from 1.1.2.2: icmp_seq=3 ttl=254 time=4.812 ms (same route)

56 bytes from 1.1.2.2: icmp_seq=4 ttl=254 time=4.704 ms (same route)

--- Ping statistics for 1.1.2.2 ---

5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss

round-trip min/avg/max/std-dev = 4.685/4.761/4.834/0.058 ms

The output shows that:

· The destination is reachable.

· The route is 1.1.1.1 <-> {1.1.1.2; 1.1.2.1} <-> 1.1.2.2.

Table 1 Command output

Field	Description
Ping 1.1.2.2 (1.1.2.2): 56 data bytes, press CTRL_C to break	Test whether the device with IP address 1.1.2.2 is reachable. There are 56 bytes in each ICMP echo request. Press Ctrl+C to abort the ping operation.
56 bytes from 1.1.2.2: icmp_seq=0 ttl=254 time=4.685 ms	Received ICMP echo replies from the device whose IP address is 1.1.2.2. If no echo reply is received within the timeout period, no information is displayed. · bytes—Number of bytes in the ICMP echo reply. · icmp_seq—Packet sequence, used to determine whether a segment is lost, disordered or repeated. · ttl—TTL value in the ICMP echo reply. · time—Response time.
RR:	Routers through which the ICMP echo request passed. They are displayed in inversed order, which means the router with a smaller distance to the destination is displayed first.
--- Ping statistics for 1.1.2.2 ---	Statistics on data received and sent in the ping operation.
5 packet(s) transmitted	Number of ICMP echo requests sent.
5 packet(s) received	Number of ICMP echo replies received.
0.0% packet loss	Percentage of unacknowledged packets to the total packets sent.
round-trip min/avg/max/std-dev = 4.685/4.761/4.834/0.058 ms	Minimum/average/maximum/standard deviation response time, in milliseconds.

ping ipv6

Use ping ipv6 to test the reachability of the destination IPv6 address and display IPv6 ping statistics.

Syntax

Views

Any view

Predefined user roles

network-admin

Parameters

-a source-ipv6: Specifies an IPv6 address of the device as the source IP address of ICMP echo requests. If this option is not specified, the source IPv6 address of ICMP echo requests is the IPv6 address of the outbound interface. (The address selection rule is defined by RFC 3484.)

-c count: Specifies the number of ICMPv6 echo requests that are sent to the destination. The value range is 1 to 4294967295, and the default is 5.

-i interface-type interface-number: Specifies the source interface for ICMPv6 echo requests. This option must be specified when the destination address is a multicast address or a link local address. If you do not specify this option, the system uses the primary IP address of the matching route's egress interface as the source interface for ICMPv6 echo requests.

-m interval: Specifies the interval (in milliseconds) to send an ICMPv6 echo reply. The value range is 1 to 65535, and the default is 1000.

-q: Displays only the summary statistics. If you do not specify this keyword, the system displays all the ping statistics.

-s packet-size: Specifies the length (in bytes) of ICMPv6 echo requests (excluding the IPv6 packet header and the ICMPv6 packet header). The value range is 20 to 8100, and the default is 56.

-t timeout: Specifies the timeout time (in milliseconds) of an ICMPv6 echo reply. The value range is 0 to 65535, and the default is 2000.

-tc traffic-class: Specifies the traffic class value in an ICMPv6 packet. The value range is 0 to 255 and the default is 0.

-v: Displays detailed information (including the dst field and the idx field) about ICMPv6 echo replies. If this keyword is not specified, the system only displays brief information (not including the dst field and the idx field) about ICMPv6 echo replies.

host: Specifies the IPv6 address or host name of the destination. The host name is a case-insensitive string of 1 to 253 characters. It can contain letters, digits, and special characters such as hyphen (-), underscore (_), and dot (.).

Usage guidelines

To use the name of the destination host to perform the ipv6 ping operation, you must first configure DNS on the device. Otherwise, the ipv6 ping operation fails.

To abort the ping ipv6 operation during the execution of the command, press Ctrl+C.

Examples

# Test whether the IPv6 address (2001::2) is reachable.

<Sysname> ping ipv6 2001::2

Ping6(56 data bytes) 2001::1 --> 2001::2, press CTRL_C to break

56 bytes from 2001::2, icmp_seq=0 hlim=64 time=62.000 ms

56 bytes from 2001::2, icmp_seq=1 hlim=64 time=23.000 ms

56 bytes from 2001::2, icmp_seq=2 hlim=64 time=20.000 ms

56 bytes from 2001::2, icmp_seq=3 hlim=64 time=4.000 ms

56 bytes from 2001::2, icmp_seq=4 hlim=64 time=16.000 ms

--- Ping6 statistics for 2001::2 ---

5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss

round-trip min/avg/max/std-dev = 4.000/25.000/62.000/20.000 ms

# Test whether the IPv6 address (2001::2) is reachable. Only the statistics are displayed.

<Sysname> ping ipv6 –q 2001::2

Ping6(56 data bytes) 2001::1 --> 2001::2, press CTRL_C to break

--- Ping6 statistics for 2001::2 ---

5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss

round-trip min/avg/max/std-dev = 4.000/25.000/62.000/20.000 ms

# Test whether the IPv6 address (2001::2) is reachable. Detailed ping information is displayed.

<Sysname> ping ipv6 –v 2001::2

Ping6(56 data bytes) 2001::1 --> 2001::2, press CTRL_C to break

56 bytes from 2001::2, icmp_seq=0 hlim=64 dst=2001::1 idx=3 time=62.000 ms

56 bytes from 2001::2, icmp_seq=1 hlim=64 dst=2001::1 idx=3 time=23.000 ms

56 bytes from 2001::2, icmp_seq=2 hlim=64 dst=2001::1 idx=3 time=20.000 ms

56 bytes from 2001::2, icmp_seq=3 hlim=64 dst=2001::1 idx=3 time=4.000 ms

56 bytes from 2001::2, icmp_seq=4 hlim=64 dst=2001::1 idx=3 time=16.000 ms

--- Ping6 statistics for 2001::2 ---

5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss

round-trip min/avg/max/std-dev = 4.000/25.000/62.000/20.000 ms

The output shows that:

· The destination is reachable, and ICMPv6 echo requests are replied.

· The minimum/average/maximum/standard deviation roundtrip time of packets is 4 milliseconds, 25 milliseconds, 62 milliseconds, and 20 milliseconds.

Table 2 Command output

Field	Description
Ping6(56 data bytes) 2001::1 --> 2001::2, press CTRL_C to break	An ICMPv6 echo reply with a data length of 56 bytes is sent from 2001::1 to 2001::2. Press Ctrl+C to abort the ping IPv6 operation.
56 bytes from 2001::2, icmp_seq=1 hlim=64 dst=2001::1 idx=3 time=62.000 ms	Received ICMPv6 echo replies from the device whose IPv6 address is 2001::2. · The number of data bytes is 56. · The packet sequence is 1. · The hop limit value is 64. · The destination address is 2001::1. Specify the -v keyword to display this field. · The index for the packet inbound interface is 3. Specify the -v keyword to display this field. · The response time is 62 milliseconds.
--- Ping6 statistics for 2001::2 ------	Statistics on data received and sent in an IPv6 ping operation.
5 packet(s) transmitted	Number of ICMPv6 echo requests sent.
5 packet(s) received	Number of ICMPv6 echo replies received.
0.0% packet loss	Percentage of unacknowledged packets to the total packets sent.
round-trip min/avg/max/ std-dev =4.000/25.000/62.000/20.000 ms	Minimum/average/maximum/standard deviation response time, in milliseconds.

tracert

Use tracert to trace the path the packets traverse from source to destination.

Syntax

Views

Any view

Predefined user roles

network-admin

Parameters

-a source-ip: Specifies an IP address of the device as the source IP address of probe packets. If this option is not specified, the source IP address of probe packets is the primary IP address of the outbound interface.

-f first-ttl: Specifies the TTL of the first packet sent to the destination. The value range is 1 to 255, and the default is 1. It must be no greater than the value of the max-ttl argument.

-m max-ttl: Specifies the maximum number of hops allowed for a probe packet. The value range is 1 to 255, and the default is 30. It must be no smaller than the value of the first-ttl argument.

-p port: Specifies an invalid UDP port of the destination. The value range is 1 to 65535, and the default is 33434. If the destination address is an EID address at a remote LISP site, specify a port number in the range of 33434 to 65535.

-q packet-number: Specifies the number of probe packets to send per hop. The value range is 1 to 65535, and the default is 3.

-t tos: Specifies the ToS value of probe packets. The value range is 0 to 255, and the default is 0.

-w timeout: Specifies the timeout time in milliseconds of the reply packet for a probe packet. The value range is 1 to 65535, and the default is 5000.

Usage guidelines

After identifying network failure with the ping command, use the tracert command to locate failed nodes.

The output of the tracert command includes IP addresses of all the Layer 3 devices that the packets traverse from source to destination. Asterisks (* * *) are displayed if the device cannot reply with an ICMP error message. The reason might be the destination is unreachable or sending ICMP timeout/destination unreachable packets is disabled.

To abort the tracert operation during the execution of the command, press Ctrl+C.

Examples

# Display the path that the packets traverse from source to destination (1.1.2.2).

<Sysname> tracert 1.1.2.2

traceroute to 1.1.2.2 (1.1.2.2), 30 hops at most, 40 bytes each packet, press CTRL_C to break

1 1.1.1.2 (1.1.1.2) 673 ms 425 ms 30 ms

2 1.1.2.2 (1.1.2.2) 580 ms 470 ms 80 ms

Table 3 Command output

Field	Description
traceroute to 1.1.2.2 (1.1.2.2)	Display the route that the IP packets traverse from the current device to the device whose IP address is 1.1.2.2.
hops at most	Maximum number of hops of the probe packets, which can be set by the -m keyword.
bytes each packet	Number of bytes of a probe packet.
press CTRL_C to break	During the execution of the command, press Ctrl+C to abort the tracert operation.
2 1.1.2.2 (1.1.2.2) 580 ms 470 ms 80 ms	Probe result of the probe packets that contain a TTL value of 2, including the following information about the second hop: · Domain name of the hop. If the domain name is not configured, the IP address is displayed. · IP address of the hop. · The round-trip time of the probe packets. The number of packets that can be sent in each probe can be set through the -q keyword.
1 1.1.1.2 (1.1.1.2) 673 ms 425 ms 30 ms	Probe result of the probe packets that contain a TTL value of 1, including the following information about the first hop: · Domain name of the hop. If the domain name is not configured, the IP address is displayed. · IP address of the hop. · The round-trip time of the probe packets. The number of packets that can be sent in each probe can be set through the -q keyword.

tracert ipv6

Use tracert ipv6 to display the path that the IPv6 packets traverse from source to destination.

Syntax

Views

Any view

Predefined user roles

network-admin

Parameters

-f first-hop: Specifies the TTL value of the first packet. The value range is 1 to 255, and the default is 1. The value must be no greater than the value of the max-hops argument.

-m max-hops: Specifies the maximum number of hops allowed for a packet. The value range is 1 to 255, and the default is 30. The value must be no smaller than the value of the first-hop argument.

-p port: Specifies an invalid UDP port of the destination. The value range is 1 to 65535, and the default is 33434.

-q packet-number: Specifies the number of probe packets sent each time. The value range is 1 to 65535, and the default is 3.

-t traffic-class: Specifies the traffic class value in an IPv6 probe packet. The value range is 0 to 255, and the default is 0.

-w timeout: Specifies the timeout time (in milliseconds) of the reply packet of a probe packet. The value range is 1 to 65535, and the default is 5000.

Usage guidelines

After identifying network failure with the ping ipv6 command, you can use the tracert ipv6 command to locate failed nodes.

The output of the tracert ipv6 command includes IPv6 addresses of all the Layer 3 devices that the packets traverse from source to destination. Asterisks (* * *) are displayed if the device cannot reply with an ICMP error message. The reason might be the destination is unreachable or sending ICMP timeout/destination unreachable packets is disabled.

To abort the tracert operation during the execution of the command, press Ctrl+C.

Examples

# Display the path that the packets traverse from source to destination (2001:3::2).

<Sysname> tracert ipv6 2001:3::2

traceroute to 2001:3::2(2001:3::2), 30 hops at most, 60 byte packets , press CTRL_C to break

1 2001:1::2 0.661 ms 0.618 ms 0.579 ms

2 2001:2::2 0.861 ms 0.718 ms 0.679 ms

3 2001:3::2 0.822 ms 0.731 ms 0.708 ms

Table 4 Command output

Field	Description
traceroute to 2001:3::2	Display the route that the IPv6 packets traverse from the current device to the device whose IP address is 2001:3:2.
hops at most	Maximum number of hops of the probe packets, which can be set by the -m keyword.
byte packets	Number of bytes of a probe packet.
2 2001:2::2 0.861 ms 0.718 ms 0.679 ms	Probe result of the probe packets that contain a hoplimit value of 2, including the following information about the second hop: · IPv6 address of the hop. · The round-trip time of the probe packets. The number of packets that can be sent in each probe can be set by the -q keyword.

NQA commands

NQA client commands

data-fill

Use data-fill to configure the payload fill string for probe packets.

Use undo data-fill to restore the default.

Syntax

data-fill string

undo data-fill

Default

The payload fill string is the hexadecimal number 00010203040506070809.

Views

ICMP/UDP echo operation view

UDP jitter operation view

ICMP/TCP/UDP template view

Predefined user roles

network-admin

Parameters

string: Specifies a case-sensitive string of 1 to 200 characters.

Usage guidelines

If the payload length is smaller than the string length, only the first part of the string is filled. For example, if you configure the string as abcd and set the payload size to 3 bytes, abc is filled.

If the payload length is greater than the string length, the system fills the payload with the string cyclically until the payload is full. For example, if you configure the string as abcd and the payload size as 6 bytes, abcdab is filled.

How the string is filled depends on the operation type.

· For the ICMP echo operation, the string fills the whole payload of an ICMP echo request.

· For the UDP echo operation, the first five bytes of the payload of a UDP packet are for special purpose. The string fills the remaining part of payload.

· For the UDP jitter operation, the first 68 bytes of the payload of a UDP packet are for special purpose. The string fills the remaining part of the payload.

Examples

# Specify abcd as the payload fill string for ICMP echo requests.

<Sysname> system-view

[Sysname] nqa entry admin test

[Sysname-nqa-admin-test] type icmp-echo

[Sysname-nqa-admin-test-icmp-echo] data-fill abcd

# In TCP template view, specify abcd as the payload fill string for requests.

<Sysname> system-view

[Sysname] nqa template tcp tcptplt

[Sysname-nqatplt-tcp-tcptplt] data-fill abcd

data-size

Use data-size to set the payload size for each probe packet.

Use undo data-size to restore the default.

Syntax

data-size size

undo data-size

Default

The default payload size of a probe packet for different operations is described in Table 5.

Table 5 Default payload size of a probe packet

Operation type	Codec type	Default size (bytes)
ICMP echo	N/A	100
UDP echo	N/A	100
UDP jitter	N/A	100

Views

ICMP/UDP echo operation view

UDP jitter operation view

ICMP/UDP template view

Predefined user roles

network-admin

Parameters

size: Specifies the payload size. Available value ranges include:

· 20 to 65507 bytes for the ICMP echo and UDP echo operations.

· 68 to 65507 bytes for the UDP jitter operation.

Usage guidelines

In ICMP echo operations, the command sets the payload size for each ICMP echo request.

In UDP echo and UDP jitter operations, the command sets the payload size for each UDP packet.

Examples

# Set the payload size to 80 bytes for each ICMP echo request.

<Sysname> system-view

[Sysname] nqa entry admin test

[Sysname-nqa-admin-test] type icmp-echo

[Sysname-nqa-admin-test-icmp-echo] data-size 80

# In ICMP template view, set the payload size to 80 bytes for each request.

<Sysname> system-view

[Sysname] nqa template icmp icmptplt

[Sysname-nqatplt-icmp-icmptplt] data-size 80

description (any NQA operation type view)

Use description to configure a description for an NQA operation, such as the operation type or purpose.

Use undo description to remove the description.

Syntax

description text

undo description

Default

No description is configured for an NQA operation.

Views

Any NQA operation type view

Any NQA template view

Predefined user roles

network-admin

Parameters

text: Specifies a case-sensitive string of 1 to 200 characters.

Examples

# Configure the description as icmp-probe for an NQA operation.

<Sysname> system-view

[Sysname] nqa entry admin test

[Sysname-nqa-admin-test] type icmp-echo

[Sysname-nqa-admin-test-icmp-echo] description icmp-probe

# In ICMP template view, configure the description as icmp-probe for an NQA operation.

<Sysname> system-view

[Sysname] nqa template icmp icmptplt

[Sysname-nqatplt-icmp-icmptplt] description icmp-probe

destination ip

Use destination ip to configure the destination IPv4 address for the operation.

Use undo destination ip to remove the destination IPv4 address.

Syntax

destination ip ip-address

undo destination ip

Default

No destination IPv4 address is configured for the operation.

Views

SNMP/TCP operation view

ICMP/UDP echo operation view

ICMP/UDP jitter operation view

ICMP/RADIUS/SSL/TCP/UDP template view

TCP half open template view

Predefined user roles

network-admin

Parameters

ip-address: Specifies the destination IPv4 address for the operation.

Examples

# Specify 10.1.1.1 as the destination IPv4 address for the ICMP echo operation.

<Sysname> system-view

[Sysname] nqa entry admin test

[Sysname-nqa-admin-test] type icmp-echo

[Sysname-nqa-admin-test-icmp-echo] destination ip 10.1.1.1

# In ICMP template view, specify 10.1.1.1 as the destination IPv4 address for the ICMP echo operation.

<Sysname> system-view

[Sysname] nqa template icmp icmptplt

[Sysname-nqatplt-icmp-icmptplt] destination ip 10.1.1.1

destination ipv6

Use destination ipv6 to configure the destination IPv6 address for the operation.

Use undo destination ipv6 to remove the destination IPv6 address.

Syntax

destination ipv6 ipv6-address

undo destination ipv6

Default

No destination IPv6 address is configured for the operation.

Views

ICMP echo operation view

ICMP/RADIUS/SSL/TCP/UDP template view

TCP half open template view

Predefined user roles

network-admin

Parameters

ipv6-address: Specifies the destination IPv6 address for the operation. IPv6 link-local addresses are not supported.

Examples

# In ICMP template view, specify 1::1 as the destination IPv6 address for the operation.

<Sysname> system-view

[Sysname] nqa template icmp icmptplt

[Sysname-nqatplt-icmp-icmptplt] destination ipv6 1::1

destination port

Use destination port to configure the destination port number for the operation.

Use undo destination port to remove the destination port number.

Syntax

destination port port-number

undo destination port

Default

The destination port numbers for the operations that use the following NQA templates are:

· 21 for the FTP template.

· 80 for the HTTP template.

· 443 for the HTTPS template.

· 1812 for the RADIUS template.

No destination port number is configured for other types of operations.

Views

TCP operation view

UDP echo operation view

UDP jitter operation view

RADIUS/SSL/TCP/UDP template view

Predefined user roles

network-admin

Parameters

port-number: Specifies the destination port number for the operation, in the range of 1 to 65535.

Examples

# Set the destination port number to 9000 for the UDP echo operation.

<Sysname> system-view

[Sysname] nqa entry admin test

[Sysname-nqa-admin-test] type udp-echo

[Sysname-nqa-admin-test-udp-echo] destination port 9000

# In TCP template view, set the destination port number to 9000 for the UDP echo operation.

<Sysname> system-view

[Sysname] nqa template tcp tcptplt

[Sysname-nqatplt-tcp-tcptplt] destination port 9000

display nqa history

Use display nqa history to display the history records of NQA operations.

Syntax

display nqa history [ admin-name operation-tag ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

admin-name operation-tag: Specifies an NQA operation by its administrator name and operation tag. The admin-name argument represents the name of the administrator who creates the NQA operation. The operation-tag argument represents the operation tag. Each of the arguments is a case-insensitive string of 1 to 32 characters that cannot contain hyphens (-). If you do not specify an NQA operation, the command displays the history records of all NQA operations.

Usage guidelines

The display nqa history command does not display the results or statistics of the ICMP jitter or UDP jitter operation. To view the results or statistics of these operations, use the display nqa result or display nqa statistics command.

Examples

# Display the history records of the NQA operation with the administrator name administrator and the operation tag test.

<Sysname> display nqa history administrator test

NQA entry (admin administrator, tag test) history records:

Index Response Status Time

10 329 Succeeded 2011-04-29 20:54:26.5

9 344 Succeeded 2011-04-29 20:54:26.2

8 328 Succeeded 2011-04-29 20:54:25.8

7 328 Succeeded 2011-04-29 20:54:25.5

6 328 Succeeded 2011-04-29 20:54:25.1

5 328 Succeeded 2011-04-29 20:54:24.8

4 328 Succeeded 2011-04-29 20:54:24.5

3 328 Succeeded 2011-04-29 20:54:24.1

2 328 Succeeded 2011-04-29 20:54:23.8

1 328 Succeeded 2011-04-29 20:54:23.4

Table 6 Command output

Field	Description
Index	History record ID.
TTL	TTL value in the probe packet.
Response	Round-trip time if the operation succeeds, timeout time upon timeout, or 0 if the operation cannot be completed, in milliseconds.
Hop IP	IP address of the node that sent the reply packet.
Status	Status of the operation result: · Succeeded. · Unknown error. · Internal error. · Timeout.
Time	Time when the operation was completed.

display nqa reaction counters

Use display nqa reaction counters to display the current monitoring results of reaction entries.

Syntax

display nqa reaction counters [ admin-name operation-tag [ item-number ] ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

item-number: Specifies a reaction entry by its ID in the range of 1 to 10. If you do not specify a reaction entry, the command displays the results of all reaction entries.

Usage guidelines

The result fields display hyphens (-) if the threshold type is the average value.

The monitoring results of an operation are accumulated, and are not cleared after the operation completes.

Examples

# Display the monitoring results of all reaction entries of the ICMP echo operation with the administrator name admin and the operation tag test.

<Sysname> display nqa reaction counters admin test

NQA entry (admin admin, tag test) reaction counters:

Index Checked Element Threshold Type Checked Num Over-threshold Num

1 probe-duration accumulate 12 4

2 probe-duration average - -

3 probe-duration consecutive 160 56

4 probe-fail accumulate 12 0

5 probe-fail consecutive 162 2

Table 7 Command output

Field	Description
Index	ID of a reaction entry.
Checked Element	Monitored performance metric.
Threshold Type	Threshold type.
Checked Num	Number of targets that have been monitored for data collection.
Over-threshold Num	Number of threshold violations.

Table 8 Description of the threshold monitoring fields

Monitored performance metric	Threshold type	Collect data in	Checked Num	Over-threshold Num
probe-duration	accumulate	Probes after the operation starts.	Number of completed probes.	Number of probes with duration exceeding the threshold.
	average	N/A	N/A	N/A
	consecutive	Probes after the operation starts.	Number of completed probes.	Number of probes with duration exceeding the threshold.
probe-fail	accumulate	Probes after the operation starts.	Number of completed probes.	Number of probe failures.
probe-fail	consecutive	Probes after the operation starts.	Number of completed probes.	Number of probe failures.
RTT	accumulate	Packets sent after the operation starts.	Number of sent packets.	Number of packets with round-trip time exceeding threshold.
RTT	average	N/A	N/A	N/A
jitter-DS/jitter-SD	accumulate	Packets sent after the operation starts.	Number of sent packets.	Number of packets with the one-way jitter exceeding the threshold.
jitter-DS/jitter-SD	average	N/A	N/A	N/A
OWD-DS/OWD-SD	N/A	Packets sent after the operation starts.	Number of sent packets.	Number of packets with the one-way delay exceeding the threshold.
packet-loss	accumulate	Packets sent after the operation starts.	Number of sent packets.	Total packet loss.
ICPIF	N/A	N/A	N/A	N/A
MOS	N/A	N/A	N/A	N/A

display nqa result

Use display nqa result to display the most recent result of the specified NQA operation.

Syntax

display nqa result [ admin-name operation-tag ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

Examples

# Display the most recent result of the TCP operation.

<Sysname> display nqa result admin test

NQA entry (admin admin, tag test) test results:

Send operation times: 1 Receive response times: 1

Min/Max/Average round trip time: 35/35/35

Square-Sum of round trip time: 1225

Last succeeded probe time: 2011-05-29 10:50:33.2

Extended results:

Packet loss ratio: 0%

Failures due to timeout: 0

Failures due to disconnect: 0

Failures due to no connection: 0

Failures due to internal error: 0

Failures due to other errors: 0

# Display the most recent result of the ICMP jitter operation.

<Sysname> display nqa result admin test

NQA entry (admin admin, tag test) test results:

Send operation times: 10 Receive response times: 10

Min/Max/Average round trip time: 1/2/1

Square-Sum of round trip time: 13

Last packet received time: 2015-03-09 17:40:29.8

Extended results:

Packet loss ratio: 0%

Failures due to timeout: 0

Failures due to internal error: 0

Failures due to other errors: 0

Packets out of sequence: 0

Packets arrived late: 0

ICMP-jitter results:

RTT number: 10

Min positive SD: 0 Min positive DS: 0

Max positive SD: 0 Max positive DS: 0

Positive SD number: 0 Positive DS number: 0

Positive SD sum: 0 Positive DS sum: 0

Positive SD average: 0 Positive DS average: 0

Positive SD square-sum: 0 Positive DS square-sum: 0

Min negative SD: 1 Min negative DS: 2

Max negative SD: 1 Max negative DS: 2

Negative SD number: 1 Negative DS number: 1

Negative SD sum: 1 Negative DS sum: 2

Negative SD average: 1 Negative DS average: 2

Negative SD square-sum: 1 Negative DS square-sum: 4

One way results:

Max SD delay: 1 Max DS delay: 2

Min SD delay: 1 Min DS delay: 2

Number of SD delay: 1 Number of DS delay: 1

Sum of SD delay: 1 Sum of DS delay: 2

Square-Sum of SD delay: 1 Square-Sum of DS delay: 4

Lost packets for unknown reason: 0

# Display the most recent result of the UDP jitter operation.

<Sysname> display nqa result admin test

NQA entry (admin admin, tag test) test results:

Send operation times: 10 Receive response times: 10

Min/Max/Average round trip time: 15/46/26

Square-Sum of round trip time: 8103

Last packet received time: 2011-05-29 10:56:38.7

Extended results:

Packet loss ratio: 0%

Failures due to timeout: 0

Failures due to internal error: 0

Failures due to other errors: 0

Packets out of sequence: 0

Packets arrived late: 0

UDP-jitter results:

RTT number: 10

Min positive SD: 8 Min positive DS: 8

Max positive SD: 18 Max positive DS: 8

Positive SD number: 5 Positive DS number: 2

Positive SD sum: 75 Positive DS sum: 32

Positive SD average: 15 Positive DS average: 16

Positive SD square-sum: 1189 Positive DS square-sum: 640

Min negative SD: 8 Min negative DS: 1

Max negative SD: 24 Max negative DS: 30

Negative SD number: 4 Negative DS number: 7

Negative SD sum: 56 Negative DS sum: 99

Negative SD average: 14 Negative DS average: 14

Negative SD square-sum: 946 Negative DS square-sum: 1495

One way results:

Max SD delay: 22 Max DS delay: 23

Min SD delay: 7 Min DS delay: 7

Number of SD delay: 10 Number of DS delay: 10

Sum of SD delay: 125 Sum of DS delay: 132

Square-Sum of SD delay: 1805 Square-Sum of DS delay: 1988

SD lost packets: 0 DS lost packets: 0

Lost packets for unknown reason: 0

Table 9 Command output

Field	Description
Send operation times	Number of operations.
Receive response times	Number of response packets received.
Min/Max/Average round trip time	Minimum/maximum/average round-trip time in milliseconds.
Square-Sum of round trip time	Square sum of round-trip time.
Last succeeded probe time	Time when the last successful probe was completed. If no probes are successful in an operation, the field displays 0. This field is not available for UDP jitter operations.
Last packet received time	Time when the last response packet was received. If no response packets in a probe were received, the field displays 0. This field is available only for UDP jitter operations.
Packet loss ratio	Average packet loss ratio.
Failures due to timeout	Number of timeout occurrences in an operation.
Failures due to disconnect	Number of disconnections by the peer.
Failures due to no connection	Number of failures to connect with the peer.
Failures due to internal error	Number of failures due to internal errors.
Failures due to other errors	Failures due to other errors.
Packets out of sequence	Number of failures due to out-of-sequence packets.
Packets arrived late	Number of response packets received after a probe times out.
UDP-jitter results	UDP jitter operation results. This field is available only for the UDP jitter operation.
ICMP-jitter results	ICMP jitter operations results. This field is available only for the ICMP jitter operation.
RTT number	Number of response packets received.
Min positive SD	Minimum positive jitter from source to destination.
Min positive DS	Minimum positive jitter from destination to source.
Max positive SD	Maximum positive jitter from source to destination.
Max positive DS	Maximum positive jitter from destination to source.
Positive SD number	Number of positive jitters from source to destination.
Positive DS number	Number of positive jitters from destination to source.
Positive SD sum	Sum of positive jitters from source to destination.
Positive DS sum	Sum of positive jitters from destination to source.
Positive SD average	Average positive jitters from source to destination.
Positive DS average	Average positive jitters from destination to source.
Positive SD square-sum	Square sum of positive jitters from source to destination.
Positive DS square-sum	Square sum of positive jitters from destination to source.
Min negative SD	Minimum absolute value among negative jitters from source to destination.
Min negative DS	Minimum absolute value among negative jitters from destination to source.
Max negative SD	Maximum absolute value among negative jitters from source to destination.
Max negative DS	Maximum absolute value among negative jitters from destination to source.
Negative SD number	Number of negative jitters from source to destination.
Negative DS number	Number of negative jitters from destination to source.
Negative SD sum	Sum of absolute values of negative jitters from source to destination.
Negative DS sum	Sum of absolute values of negative jitters from destination to source.
Negative SD average	Average absolute value of negative jitters from source to destination.
Negative DS average	Average absolute value of negative jitters from destination to source.
Negative SD square-sum	Square sum of negative jitters from source to destination.
Negative DS square-sum	Square sum of negative jitters from destination to source.
One way results	Unidirectional delay. This field is available only for the ICMP jitter and UDP jitter operations.
Max SD delay	Maximum delay from source to destination.
Max DS delay	Maximum delay from destination to source.
Min SD delay	Minimum delay from source to destination.
Min DS delay	Minimum delay from destination to source.
Number of SD delay	Number of delays from source to destination.
Number of DS delay	Number of delays from destination to source.
Sum of SD delay	Sum of delays from source to destination.
Sum of DS delay	Sum of delays from destination to source.
Square-Sum of SD delay	Square sum of delays from source to destination.
Square-Sum of DS delay	Square sum of delays from destination to source.
SD lost packets	Number of lost packets from the source to the destination.
DS lost packets	Number of lost packets from the destination to the source.
Lost packets for unknown reason	Number of lost packets for unknown reasons.

display nqa statistics

Use display nqa statistics to display NQA operation statistics.

Syntax

display nqa statistics [ admin-name operation-tag ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

Usage guidelines

The statistics are generated after the NQA operation completes. If you execute the display nqa statistics command before the operation completes, the statistics are displayed as all 0s.

If a reaction entry is configured, the command displays the monitoring results of the reaction entry in the period specified by the statistics internal command.

Examples

# Display the statistics for the TCP operation.

<Sysname> display nqa statistics admin test

NQA entry (admin admin, tag test) test statistics:

NO. : 1

Start time: 2007-01-01 09:30:20.0

Life time: 2 seconds

Send operation times: 1 Receive response times: 1

Min/Max/Average round trip time: 13/13/13

Square-Sum of round trip time: 169

Extended results:

Packet loss ratio: 0%

Failures due to timeout: 0

Failures due to disconnect: 0

Failures due to no connection: 0

Failures due to internal error: 0

Failures due to other errors: 0

# Display the statistics for the ICMP jitter operation.

<Sysname> display nqa statistics admin test

NQA entry (admin admin, tag test) test statistics:

NO. : 1

Start time: 2015-03-09 17:42:10.7

Life time: 156 seconds

Send operation times: 1560 Receive response times: 1560

Min/Max/Average round trip time: 1/2/1

Square-Sum of round trip time: 1563

Extended results:

Packet loss ratio: 0%

Failures due to timeout: 0

Failures due to internal error: 0

Failures due to other errors: 0

Packets out of sequence: 0

Packets arrived late: 0

ICMP-jitter results:

RTT number: 1560

Min positive SD: 1 Min positive DS: 1

Max positive SD: 1 Max positive DS: 2

Positive SD number: 18 Positive DS number: 46

Positive SD sum: 18 Positive DS sum: 49

Positive SD average: 1 Positive DS average: 1

Positive SD square-sum: 18 Positive DS square-sum: 55

Min negative SD: 1 Min negative DS: 1

Max negative SD: 1 Max negative DS: 2

Negative SD number: 24 Negative DS number: 57

Negative SD sum: 24 Negative DS sum: 58

Negative SD average: 1 Negative DS average: 1

Negative SD square-sum: 24 Negative DS square-sum: 60

One way results:

Max SD delay: 1 Max DS delay: 2

Min SD delay: 1 Min DS delay: 1

Number of SD delay: 4 Number of DS delay: 4

Sum of SD delay: 4 Sum of DS delay: 5

Square-Sum of SD delay: 4 Square-Sum of DS delay: 7

Lost packets for unknown reason: 0

Reaction statistics:

Index Checked Element Threshold Type Checked Num Over-threshold Num

1 jitter-DS accumulate 1500 10

2 jitter-SD average - -

3 OWD-DS - 1560 2

4 OWD-SD - 1560 0

5 packet-loss accumulate 0 0

6 RTT accumulate 1560 0

# Display the statistics for the UDP jitter operation.

<Sysname> display nqa statistics admin test

NQA entry (admin admin, tag test) test statistics:

NO. : 1

Start time: 2007-01-01 09:33:22.3

Life time: 23 seconds

Send operation times: 100 Receive response times: 100

Min/Max/Average round trip time: 1/11/5

Square-Sum of round trip time: 24360

Extended results:

Packet loss ratio: 0%

Failures due to timeout: 0

Failures due to internal error: 0

Failures due to other errors: 0

Packets out of sequence: 0

Packets arrived late: 0

UDP-jitter results:

RTT number: 550

Min positive SD: 1 Min positive DS: 1

Max positive SD: 7 Max positive DS: 1

Positive SD number: 220 Positive DS number: 97

Positive SD sum: 283 Positive DS sum: 287

Positive SD average: 1 Positive DS average: 2

Positive SD square-sum: 709 Positive DS square-sum: 1937

Min negative SD: 2 Min negative DS: 1

Max negative SD: 10 Max negative DS: 1

Negative SD number: 81 Negative DS number: 94

Negative SD sum: 556 Negative DS sum: 191

Negative SD average: 6 Negative DS average: 2

Negative SD square-sum: 4292 Negative DS square-sum: 967

One way results:

Max SD delay: 5 Max DS delay: 5

Min SD delay: 1 Min DS delay: 1

Number of SD delay: 550 Number of DS delay: 550

Sum of SD delay: 1475 Sum of DS delay: 1201

Square-Sum of SD delay: 5407 Square-Sum of DS delay: 3959

SD lost packets: 0 DS lost packets: 0

Lost packets for unknown reason: 0

Reaction statistics:

Index Checked Element Threshold Type Checked Num Over-threshold Num

1 jitter-DS accumulate 90 25

2 jitter-SD average - -

3 OWD-DS - 100 24

4 OWD-SD - 100 13

5 packet-loss accumulate 0 0

6 RTT accumulate 100 52

Table 10 Command output

Field	Description
No.	Statistics group ID.
Start time	Time when the operation started.
Life time	Duration of the operation in seconds.
Send operation times	Number of probe packets sent.
Receive response times	Number of response packets received.
Min/Max/Average round trip time	Minimum/maximum/average round-trip time in milliseconds.
Square-Sum of round trip time	Square sum of round-trip time.
Packet loss ratio	Average packet loss ratio.
Failures due to timeout	Number of timeout occurrences in an operation.
Failures due to disconnect	Number of disconnections by the peer.
Failures due to no connection	Number of failures to connect with the peer.
Failures due to internal error	Number of failures due to internal errors.
Failures due to other errors	Failures due to other errors.
Packets out of sequence	Number of failures due to out-of-sequence packets.
Packets arrived late	Number of response packets received after a probe times out.
UDP-jitter results	UDP jitter operation results. This field is available only for the UDP jitter operation.
ICMP-jitter results	ICMP jitter operation results. This field is available only for the ICMP jitter operation.
RTT number	Number of response packets received.
Min positive SD	Minimum positive jitter from source to destination.
Min positive DS	Minimum positive jitter from destination to source.
Max positive SD	Maximum positive jitter from source to destination.
Max positive DS	Maximum positive jitter from destination to source.
Positive SD number	Number of positive jitters from source to destination.
Positive DS number	Number of positive jitters from destination to source.
Positive SD sum	Sum of positive jitters from source to destination.
Positive DS sum	Sum of positive jitters from destination to source.
Positive SD average	Average positive jitters from source to destination.
Positive DS average	Average positive jitters from destination to source.
Positive SD square-sum	Square sum of positive jitters from source to destination.
Positive DS square-sum	Square sum of positive jitters from destination to source.
Min negative SD	Minimum absolute value among negative jitters from source to destination.
Min negative DS	Minimum absolute value among negative jitters from destination to source.
Max negative SD	Maximum absolute value among negative jitters from source to destination.
Max negative DS	Maximum absolute value among negative jitters from destination to source.
Negative SD number	Number of negative jitters from source to destination.
Negative DS number	Number of negative jitters from destination to source.
Negative SD sum	Sum of absolute values of negative jitters from source to destination.
Negative DS sum	Sum of absolute values of negative jitters from destination to source.
Negative SD average	Average absolute value of negative jitters from source to destination.
Negative DS average	Average absolute value of negative jitters from destination to source.
Negative SD square-sum	Square sum of negative jitters from source to destination.
Negative DS square-sum	Square sum of negative jitters from destination to source.
One way results	Unidirectional delay result. This field is available only for the ICMP jitter and UDP jitter operations.
Max SD delay	Maximum delay from source to destination.
Max DS delay	Maximum delay from destination to source.
Min SD delay	Minimum delay from source to destination.
Min DS delay	Minimum delay from destination to source.
Number of SD delay	Number of delays from source to destination.
Number of DS delay	Number of delays from destination to source.
Sum of SD delay	Sum of delays from source to destination.
Sum of DS delay	Sum of delays from destination to source.
Square-Sum of SD delay	Square sum of delays from source to destination.
Square-Sum of DS delay	Square sum of delays from destination to source.
SD lost packets	Number of lost packets from the source to the destination.
DS lost packets	Number of lost packets from the destination to the source.
Lost packets for unknown reason	Number of lost packets for unknown reasons.
Reaction statistics	Statistics about the reaction entry in the counting interval.
Index	ID of a reaction entry.
Checked Element	Monitored element.
Threshold Type	Threshold type.
Checked Num	Number of targets that have been monitored for data collection.
Over-threshold Num	Number of threshold violations.

Table 11 Description of the threshold monitoring fields

Monitored performance metric	Threshold type	Collect data in	Checked Num	Over-threshold Num
probe-duration	accumulate	Probes in the counting interval.	Number of completed probes.	Number of probes of which the duration exceeds the threshold.
	average	N/A	N/A	N/A
	consecutive	Probes in the counting interval.	Number of completed probes.	Number of probes of which the duration exceeds the threshold.
probe-fail	accumulate	Probes in the counting interval.	Number of completed probes.	Number of probe failures.
probe-fail	consecutive	Probes in the counting interval.	Number of completed probes.	Number of probe failures.
RTT	accumulate	Packets sent in the counting interval.	Number of sent packets.	Number of packets of which the round-trip time exceeds the threshold.
RTT	average	N/A	N/A	N/A
jitter-DS/jitter-SD	accumulate	Packets sent in the counting interval.	Number of sent packets.	Number of packets of which the one-way jitter exceeds the threshold.
jitter-DS/jitter-SD	average	N/A	N/A	N/A
OWD-DS/OWD-SD	N/A	Packets sent in the counting interval.	Number of sent packets.	Number of packets of which the one-way delay exceeds the threshold.
packet-loss	accumulate	Packets sent in the counting interval.	Number of sent packets.	Number of packet loss.
ICPIF	N/A	N/A	N/A	N/A
MOS	N/A	N/A	N/A	N/A

Related commands

statistics interval

expect data

Use expect data to configure the expected data.

Use undo expect data to restore the default.

Syntax

expect data expression [ offset number ]

undo expect data

Default

No expected data is configured.

Views

HTTP template view

HTTPS template view

TCP template view

UDP template view

Predefined user roles

network-admin

Parameters

expression: Specifies the expected data, a case-sensitive string of 1 to 200 characters.

offset number: Specifies the offset in bytes after which the first match operation starts. The value range for the number argument is 0 to 1000, and the default value is 0. If you do not specify an offset, the client performs only one lookup operation.

Usage guidelines

Upon receiving a response packet, the NQA client looks up the target payload content for the expected data.

· If a match is found, the NQA client verifies the NQA destination device as legal.

· If no match is found, the NQA client looks up the entire payload for a match. If no match is found again, the NQA destination device is verified as illegal.

The first five bytes of the UDP packet payload identify the probe packet type. The start byte of the offset is the sixth byte of the UDP payload.

Expected data check takes place in the following conditions:

· For features that use the HTTP or HTTPS template, the NQA client checks for the expected data if the response contains the Content-Length header.

· For features that use the TCP or UDP template, the NQA client checks for the expected data if the data-fill command is configured.

Examples

# In HTTP template view, set the expected data to welcome!.

<Sysname> system-view

[Sysname] nqa template http httptplt

[Sysname-nqatplt-http-httptplt] expect data welcome!

filename

Use filename to specify a file to be transferred between the FTP server and the FTP client.

Use undo filename to restore the default.

Syntax

filename filename

undo filename

Default

No file is specified.

Views

FTP operation view

FTP template view

Predefined user roles

network-admin

Parameters

filename: Specifies the name of a file, a case-sensitive string of 1 to 200 characters that cannot contain slashes (/).

Examples

# Specify config.txt as the file to be transferred between the FTP server and the FTP client.

<Sysname> system-view

[Sysname] nqa entry admin test

[Sysname-nqa-admin-test] type ftp

[Sysname-nqa-admin-test-ftp] filename config.txt

# In FTP template view, specify config.txt as the file to be transferred between the FTP server and the FTP client.

<Sysname> system-view

[Sysname] nqa template ftp ftptplt

[Sysname-nqatplt-ftp-ftptplt] filename config.txt

frequency

Use frequency to specify the interval at which the NQA operation repeats.

Use undo frequency to restore the default.

Syntax

frequency interval

undo frequency

Default

In NQA operation view, the interval between two consecutive operations is 0 milliseconds.

In NQA template view, the interval between two consecutive operations is 5000 milliseconds.

Views

FTP/HTTP/SNMP/TCP operation view

ICMP/UDP echo operation view

ICMP/UDP jitter operation view

Any NQA template view

Predefined user roles

network-admin

Parameters

interval: Specifies the interval between two consecutive operations, in the range of 0 to 604800000 milliseconds. An interval of 0 milliseconds sets NQA to perform the operation only once, and not to generate any statistics.

Usage guidelines

If an operation is not completed when the interval is reached, the next operation does not start.

Examples

# Configure the ICMP echo operation to repeat every 1000 milliseconds.

<Sysname> system-view

[Sysname] nqa entry admin test

[Sysname-nqa-admin-test] type icmp-echo

[Sysname-nqa-admin-test-icmp-echo] frequency 1000

history-record enable

Use history-record enable to enable the saving of history records for the NQA operation.

Use undo history-record enable to disable the saving of history records.

Syntax

history-record enable

undo history-record enable

Default

The saving of history records is disabled.

Views

FTP/HTTP/SNMP/TCP operation view

ICMP/UDP echo operation view

Predefined user roles

network-admin

Usage guidelines

To display the history records of the NQA operation, use the display nqa history command.

The undo form of the command also removes existing history records of an NQA operation.

Examples

# Enable the saving of history records for the NQA operation.

<Sysname> system-view

[Sysname] nqa entry admin test

[Sysname-nqa-admin-test] type icmp-echo

[Sysname-nqa-admin-test-icmp-echo] history-record enable

Related commands

display nqa history

history-record keep-time

Use history-record keep-time to set the lifetime of history records for an NQA operation.

Use undo history-record keep-time to restore the default.

Syntax

history-record keep-time keep-time

undo history-record keep-time

Default

The history records of an NQA operation are kept for 120 minutes.

Views

FTP/HTTP/SNMP/TCP operation view

ICMP/UDP echo operation view

Predefined user roles

network-admin

Parameters

keep-time: Specifies how long the history records can be saved. The value is in the range of 1 to 1440 minutes.

Usage guidelines

When an NQA operation completes, the timer starts. All records are removed when the lifetime is reached.

Examples

# Set the lifetime of the history records to 100 minutes for an NQA operation.

<Sysname> system-view

[Sysname] nqa entry admin test

[Sysname-nqa-admin-test] type icmp-echo

[Sysname-nqa-admin-test-icmp-echo] history-record keep-time 100

history-record number

Use history-record number to set the maximum number of history records that can be saved for an NQA operation.

Use undo history-record number to restore the default.

Syntax

history-record number number

undo history-record number

Default

A maximum of 50 history records can be saved for an NQA operation.

Views

FTP/HTTP/SNMP/TCP operation view

ICMP/UDP echo operation view

Predefined user roles

network-admin

Parameters

number: Specifies the maximum number of history records that can be saved for an NQA operation. The value is in the range of 0 to 50.

Usage guidelines

If the number of history records for an NQA operation exceeds the maximum number, earliest history records are removed.

Examples

# Set the maximum number of history records to 10 for an NQA operation.

<Sysname> system-view

[Sysname] nqa entry admin test

[Sysname-nqa-admin-test] type icmp-echo

[Sysname-nqa-admin-test-icmp-echo] history-record number 10

key

Use key to set the shared key for secure RADIUS authentication.

Use undo key to restore the default.

Syntax

key { cipher | simple } string

undo key

Default

No shared key is configured for secure RADIUS authentication.

Views

RADIUS template view

Predefined user roles

network-admin

Parameters

cipher: Sets a ciphertext shared key.

simple: Sets a plaintext shared key.

string: Specifies the shared key string. This argument is case sensitive. If you specify the simple keyword, the shared key must be a string of 1 to 64 characters. If you specify the cipher keyword, the shared key must be a string of 1 to 117 characters.

Usage guidelines

Make sure the NQA client and the RADIUS server have the same shared key.

For security purposes, all shared keys, including shared keys configured in plain text, are saved in cipher text.

Examples

# Set the shared key to abc in plain text for secure RADIUS authentication.

<Sysname> system-view

[Sysname] nqa template radius radiustplt

[Sysname-nqatplt-radius-radiustplt] key simple abc

mode

Use mode to set the data transmission mode for the FTP operation.

Use undo mode to restore the default.

Syntax

mode { active | passive }

undo mode

Default

The FTP operation uses the data transmission mode active.

Views

FTP operation view

FTP template view

Predefined user roles

network-admin

Parameters

active: Sets the data transmission mode to active. The FTP server initiates a connection request.

passive: Sets the data transmission mode to passive. The FTP client initiates a connection request.

Examples

# Set the data transmission mode to passive for the FTP operation.

<Sysname> system-view

[Sysname] nqa entry admin test

[Sysname-nqa-admin-test] type ftp

[Sysname-nqa-admin-test-ftp] mode passive

# In FTP template view, set the data transmission mode to passive for the FTP operation.

<Sysname> system-view

[Sysname] nqa template ftp ftptplt

[Sysname-nqatplt-ftp-ftptplt] mode passive

next-hop ip

Use next-hop ip to specify the next hop IPv4 address for the ICMP echo operation.

Use undo next-hop ip to remove the next hop IPv4 address.

Syntax

next-hop ip ip-address

undo next-hop ip

Default

No next hop IPv4 address is specified for the ICMP echo operation.

Views

ICMP echo operation view

ICMP template view

TCP half open template view

Predefined user roles

network-admin

Parameters

ip-address: Specifies the IPv4 address of the next hop.

Usage guidelines

If the next hop IPv4 address is not configured, the device searches the routing table to determine the next hop IPv4 address for the probe packets.

Examples

# Specify 10.1.1.1 as the next hop IPv4 address for the ICMP echo operation.

<Sysname> system-view

[Sysname] nqa entry admin test

[Sysname-nqa-admin-test] type icmp-echo

[Sysname-nqa-admin-test-icmp-echo] next-hop ip 10.1.1.1

next-hop ipv6

Use next-hop ipv6 to specify the next hop IPv6 address for the ICMP echo operation.

Use undo next-hop ipv6 to remove the next hop IPv6 address.

Syntax

next-hop ipv6 ipv6-address

undo next-hop ipv6

Default

No next hop IPv6 address is specified for the ICMP echo operation.

Views

ICMP echo operation view

ICMP template view

TCP half open template view

Predefined user roles

network-admin

Parameters

ipv6-address: Specifies the IPv6 address of the next hop. IPv6 link-local addresses are not supported.

Usage guidelines

If the next hop IPv6 address is not configured, the device searches the routing table to determine the next hop IPv6 address for the probe packets.

Examples

# Specify 10::1 as the next hop IPv6 address for the ICMP echo operation.

<Sysname> system-view

[Sysname] nqa entry admin test

[Sysname-nqa-admin-test] type icmp-echo

[Sysname-nqa-admin-test-icmp-echo] next-hop ipv6 10::1

nqa

Use nqa to create an NQA operation and enter its view.

Use undo nqa to remove the operation.

Syntax

nqa entry admin-name operation-tag

undo nqa { all | entry admin-name operation-tag }

Default

No NQA operation is created.

Views

System view

Predefined user roles

network-admin

Parameters

all: Removes all NQA operations.

Usage guidelines

If the operation type has been configured for the operation, the command directly places you to NQA operation view.

Examples

# Create an NQA operation with administrator name admin and operation tag test, and enter NQA operation view.

<Sysname> system-view

[Sysname] nqa entry admin test

[Sysname-nqa-admin-test]

nqa agent enable

Use nqa agent enable to enable the NQA client.

Use undo nqa agent enable to disable the NQA client and stop all operations being performed.

Syntax

nqa agent enable

undo nqa agent enable

Default

The NQA client is enabled.

Views

System view

Predefined user roles

network-admin

Examples

# Enable the NQA client.

<Sysname> system-view

[Sysname] nqa agent enable

Related commands

nqa server enable

nqa schedule

Use nqa schedule to configure scheduling parameters for an NQA operation.

Use undo nqa schedule to stop the operation.

Syntax

nqa schedule admin-name operation-tag start-time { hh:mm:ss [ yyyy/mm/dd | mm/dd/yyyy ] | now } lifetime { lifetime | forever } [ recurring ]

undo nqa schedule admin-name operation-tag

Default

No schedule is configured for an NQA operation.

Views

System view

Predefined user roles

network-admin

Parameters

start-time: Specifies the start time and date of the NQA operation.

hh:mm:ss: Specifies the start time of an NQA operation.

yyyy/mm/dd: Specifies the start date of an NQA operation. The default value is the current system time, and the value for the yyyy argument is in the range of 2000 to 2035.

mm/dd/yyyy: Specifies the start date of an NQA operation. The default value is the current system time, and the value for the yyyy argument is in the range of 2000 to 2035.

now: Starts the operation immediately.

lifetime: Specifies the duration of an operation.

lifetime: Specifies the duration of an operation in seconds, in the range of 1 to 2147483647.

forever: Performs the operation until you stop it by using the undo nqa schedule command.

recurring: Runs the operation automatically at the start time and for the specified duration.

Usage guidelines

You cannot enter the operation view or operation type view of a scheduled NQA operation.

Specify a lifetime long enough for an operation to complete.

Examples

# Schedule the operation with the administrator name admin and operation tag test to start on 08:08:08 2008/08/08 and last 1000 seconds.

<Sysname> system-view

[Sysname] nqa schedule admin test start-time 08:08:08 2008/08/08 lifetime 1000 recurring

Related commands

· destination ip

· nqa entry

· type

nqa template

Use nqa template to create an NQA template and enter its view.

Use undo nqa template to remove the NQA template.

Syntax

nqa template { ftp | http | https | icmp | radius | ssl | tcp | tcphalfopen | udp } name

undo nqa template { ftp | http | https | icmp | radius | ssl | tcp | tcphalfopen | udp } name

Default

No NQA template is created.

Views

System view

Predefined user roles

network-admin

Parameters

ftp: Specifies the FTP template.

http: Specifies the HTTP template.

https: Specifies the HTTPS template.

icmp: Specifies the ICMP template.

radius: Specifies the RADIUS template.

ssl: Specifies the SSL template.

tcp: Specifies the TCP template.

tcphalfopen: Specifies the TCP half open template.

udp: Specifies the UDP template.

name: Specifies the name of the NQA template, a case-insensitive string of 1 to 32 characters.

Examples

# Create an ICMP template named icmptplt, and enter its view.

<Sysname> system-view

[Sysname] nqa template icmp icmptplt

[Sysname-nqatplt-icmp-icmptplt]

operation (FTP operation view)

Use operation to specify the operation type for the FTP operation.

Use undo operation to restore the default.

Syntax

operation { get | put }

undo operation

Default

The FTP operation type is get.

Views

FTP operation view

FTP template view

Predefined user roles

network-admin

Parameters

get: Gets a file from the FTP server.

put: Transfers a file to the FTP server.

Usage guidelines

When you perform the put operation with the filename command configured, make sure the file exists on the NQA client.

If you get a file from the FTP server, make sure the file specified in the URL exists on the FTP server. The NQA client does not save the file obtained from the FTP server.

Use a small file for the FTP operation. A big file might result in transfer failure because of timeout, or might affect other services for occupying much network bandwidth.

Examples

# Set the operation type to put for the FTP operation.

<Sysname> system-view

[Sysname] nqa entry admin test

[Sysname-nqa-admin-test] type ftp

[Sysname-nqa-admin-test-ftp] operation put

# In FTP template view, set the operation type to put for the FTP operation.

<Sysname> system-view

[Sysname] nqa template ftp ftptplt

[Sysname-nqatplt-ftp-ftptplt] operation put

Related commands

· password

· username

operation (HTTP/HTTPS operation view)

Use operation to specify the operation type for the HTTP or HTTPS operation.

Use undo operation to restore the default.

Syntax

operation { get | post | raw }

undo operation

Default

The HTTP or HTTPS operation type is get.

Views

HTTP operation view

HTTP template view

HTTPS template view

Predefined user roles

network-admin

Parameters

get: Gets data from the HTTP or HTTPS server.

post: Transfers data to the HTTP or HTTPS server.

raw: Sends the RAW request to the HTTP or HTTPS server.

Usage guidelines

The HTTP and HTTPS operations use HTTP and HTTPS requests as probe packets.

For the get or post operation, the content in the request is obtained from the URL specified by the url command.

For the raw operation, the content in the request is configured in raw request view. You can use the raw-request command to enter the raw request view.

Examples

# Set the operation type to raw for the HTTP operation.

<Sysname> system-view

[Sysname] nqa entry admin test

[Sysname-nqa-admin-test] type http

[Sysname-nqa-admin-test-http] operation raw

# In HTTP template view, set the operation type to raw for the HTTP operation.

<Sysname> system-view

[Sysname] nqa template http httptplt

[Sysname-nqatplt-http-httptplt] operation raw

Related commands

· password

· raw-request

· username

out interface

Use out interface to specify the output interface for probe packets.

Use undo out interface to restore the default.

Syntax

out interface interface-type interface-number

undo out interface

Default

The output interface for probe packets is not specified. The NQA client determines the output interface based on the routing table lookup.

Views

ICMP echo operation view

Predefined user roles

network-admin

Parameters

interface-type interface-number: Specifies an interface by its type and number.

Usage guidelines

For successful operation, the specified output interface must be up.

If the next-hop command is configured for an ICMP echo operation, the out interface command does not take effect.

Examples

# Specify VLAN-interface 2 as the output interface for probe packets in the ICMP echo operation.

<Sysname> system-view

[Sysname] nqa entry admin test

[Sysname-nqa-admin-test] type icmp-echo

[Sysname-nqa-admin-test-icmp-echo] out interface vlan-interface 2

password

Use password to specify a password.

Use undo password to restore the default.

Syntax

password { cipher | simple } password

undo password

Default

No password is specified.

Views

FTP/HTTP operation view

FTP/HTTP/HTTPS/RADIUS template view

Predefined user roles

network-admin

Parameters

cipher: Sets a ciphertext password.

simple: Sets a plaintext password.

password: Specifies the password string. This argument is case sensitive. The value of the argument varies as follows:

· For FTP, HTTP, and HTTPS operations:

? If you specify the simple keyword, the password must be a string of 1 to 32 characters.

? If you specify the cipher keyword, the password must be a string of 1 to 73 characters.

· For RADIUS templates:

? If you specify the simple keyword, the password must be a string of 1 to 64 characters.

? If you specify the cipher keyword, the password must be a string of 1 to 117 characters.

Usage guidelines

For security purposes, all passwords, including passwords configured in plain text, are saved in cipher text.

Examples

# Set the FTP login password to ftpuser.

<Sysname> system-view

[Sysname] nqa entry admin test

[Sysname-nqa-admin-test] type ftp

[Sysname-nqa-admin-test-ftp] password simple ftpuser

# Set the FTP login password to ftpuser in FTP template view.

<Sysname> system-view

[Sysname] nqa template ftp ftptplt

[Sysname-nqatplt-ftp-ftptplt] password simple ftpuser

Related commands

· operation

· username

probe count

Use probe count to specify the probe times.

Use undo probe count to restore the default.

Syntax

probe count times

undo probe count

Default

The NQA client performs one probe to the destination per operation.

Views

FTP/HTTP/SNMP/TCP operation view

ICMP/UDP echo operation view

UDP jitter operation view

Predefined user roles

network-admin

Parameters

times: Specifies the probe times. The value range is 1 to 15.

Usage guidelines

The following describes how NQA performs different types of operations:

· A TCP operation sets up a connection.

· An ICMP jitter or UDP jitter operation sends a number of probe packets. The number of probe packets is set by using the probe packet-number command.

· An FTP operation uploads or downloads a file.

· An HTTP operation gets a Web page.

· An ICMP echo sends an ICMP echo request.

· A UDP echo operation sends a UDP packet.

· An SNMP operation sends one SNMPv1 packet, one SNMPv2c packet, and one SNMPv3 packet.

Examples

# Configure the ICMP echo operation to perform 10 probes.

<Sysname> system-view

[Sysname] nqa entry admin test

[Sysname-nqa-admin-test] type icmp-echo

[Sysname-nqa-admin-test-icmp-echo] probe count 10

probe packet-interval

Use probe packet-interval to configure the packet sending interval in the probe.

Use undo probe packet-interval to restore the default.

Syntax

probe packet-interval packet-interval

undo probe packet-interval

Default

The packet sending interval is 20 milliseconds.

Views

UDP jitter operation view

Predefined user roles

network-admin

Parameters

packet-interval: Specifies the sending interval in the range of 10 to 60000 milliseconds.

Examples

# Configure the UDP jitter operation to send packets every 100 milliseconds.

<Sysname> system-view

[Sysname] nqa entry admin test

[Sysname-nqa-admin-test] type udp-jitter

[Sysname-nqa-admin-test-udp-jitter] probe packet-interval 100

probe packet-number

Use probe packet-number to set the number of packets to be sent per probe.

Use undo probe packet-number to restore the default.

Syntax

probe packet-number packet-number

undo probe packet-number

Default

An ICMP jitter or UDP jitter probe sends 10 packets per probe.

Views

ICMP/UDP jitter operation view

Predefined user roles

network-admin

Parameters

packet-number: Specifies the number of packets to be sent per probe. The value range is 10 to 1000.

Examples

# Configure the UDP jitter probe to send 100 packets.

<Sysname> system-view

[Sysname] nqa entry admin test

[Sysname-nqa-admin-test] type udp-jitter

[Sysname-nqa-admin-test-udp-jitter] probe packet-number 100

probe packet-timeout

Use probe packet-timeout to set the amount of time the NQA client waits for a response from the destination device.

Use undo probe packet-timeout to restore the default.

Syntax

probe packet-timeout packet-timeout

undo probe packet-timeout

Default

The response timeout time in the ICMP jitter or UDP jitter operation is 3000 milliseconds.

Views

ICMP/UDP jitter operation view

Predefined user roles

network-admin

Parameters

packet-timeout: Specifies the timeout time in milliseconds. The value is in the range of 10 to 3600000.

Examples

# Set the timeout time for waiting for a response to 100 milliseconds in the UDP jitter operation.

<Sysname> system-view

[Sysname] nqa entry admin test

[Sysname-nqa-admin-test] type udp-jitter

[Sysname-nqa-admin-test-udp-jitter] probe packet-timeout 100

probe timeout

Use probe timeout to set the probe timeout time.

Use undo probe timeout to restore the default.

Syntax

probe timeout timeout

undo probe timeout

Default

The timeout time of a probe is 3000 milliseconds.

Views

FTP/HTTP/SNMP/TCP operation view

ICMP/UDP echo operation view

Any NQA template view

Predefined user roles

network-admin

Parameters

timeout: Specifies the probe timeout time in milliseconds. Available value ranges include:

· 10 to 86400000 for the FTP or HTTP operation.

· 10 to 3600000 for the ICMP echo, SNMP, TCP, or UDP echo operation.

Usage guidelines

If a probe does not complete within the period, the probe is timed out.

Examples

# Set the probe timeout time to 10000 milliseconds for the ICMP echo operation.

<Sysname> system-view

[Sysname] nqa entry admin test

[Sysname-nqa-admin-test] type icmp-echo

[Sysname-nqa-admin-test-icmp-echo] probe timeout 10000

# In HTTP template view, set the probe timeout time to 10000 milliseconds for the HTTP operation.

<Sysname> system-view

[Sysname] nqa template http httptplt

[Sysname-nqatplt-http-httptplt] probe timeout 10000

raw-request

Use raw-request to enter raw request view and specify the content of an HTTP or HTTPS request.

Use undo raw-request to delete the content of an HTTP or HTTPS request.

Syntax

raw-request

undo raw-request

Default

The contents of an HTTP or HTTPS raw request is not specified.

Views

HTTP operation view

HTTP template view

HTTPS template view

Predefined user roles

network-admin

Usage guidelines

This command places you in raw request view and deletes the previously configured request content. To ensure successful operations, make sure the request content is in the correct format.

If the HTTP or HTTPS operation type is set to raw, you must enter raw request view and configure the request content to be sent to the HTTP or HTTPS server.

Examples

# Enter raw request view and specify the content of a GET request for the HTTP operation.

<Sysname> system-view

[Sysname] nqa entry admin test

[Sysname-nqa-admin-test] type http

[Sysname-nqa-admin-test-http] raw-request

[Sysname-nqa-admin-test-http-raw-request] GET /sdn/ui/app/index HTTP/1.0\r\nHost: 172.0.0.2\r\n\r\n

# In HTTP template view, enter raw request view and specify the content of a POST request for the HTTP operation.

<Sysname> system-view

[Sysname] nqa template http httptplt

[Sysname-nqatplt-http-httptplt] raw-request

[Sysname-nqatplt-http-httptplt-raw-request] POST /sdn/ui/app/index HTTP/1.0\r\nHost:

172.0.0.2\r\nAuthorization: Basic cm9vdDoxMjM0NTY=\r\n\r\n

reaction checked-element { jitter-ds | jitter-sd }

Use reaction checked-element { jitter-ds | jitter-sd } to configure a reaction entry for monitoring one-way jitter in the NQA operation.

Use undo reaction to delete the specified reaction entry.

Syntax

reaction item-number checked-element { jitter-ds | jitter-sd } threshold-type { accumulate accumulate-occurrences | average } threshold-value upper-threshold lower-threshold [ action-type { none | trap-only } ]

undo reaction item-number

Default

No reaction entry for monitoring one-way jitter is configured.

Views

ICMP/UDP jitter operation view

Predefined user roles

network-admin

Parameters

item-number: Assigns an ID to the reaction entry, in the range of 1 to 10.

jitter-ds: Specifies the destination-to-source jitter of each probe packet as the monitored element (or performance metric).

jitter-sd: Specifies source-to-destination jitter of each probe packet as the monitored element.

threshold-type: Specifies a threshold type.

accumulate accumulate-occurrences: Checks the total number of threshold violations in the operation. The value is in the range of 1 to 14999.

average: Checks the average one-way jitter.

threshold-value: Specifies threshold range in milliseconds.

upper-threshold: Specifies the upper limit in the range of 0 to 3600000.

lower-threshold: Specifies the lower limit in the range of 0 to 3600000. It must not be greater than the upper limit.

action-type: Specifies the action to be triggered. The default action is none.

none: Specifies the action of displaying results on the terminal display.

trap-only: Specifies the action of displaying results on the terminal display and meanwhile sending SNMP trap messages to the NMS.

Usage guidelines

You cannot edit a reaction entry after it is created. To change the attributes in a reaction entry, use the undo reaction command to delete the entry, and then configure a new one.

Only successful probe packets are monitored. Statistics about failed probe packets are not collected.

Examples

# Create reaction entry 1 for monitoring the average destination-to-source jitter of UDP jitter packets, and set the upper limit to 50 milliseconds and the lower limit to 5 milliseconds. Before the NQA operation starts, the initial state of the reaction entry is invalid. After the operation, the average destination-to-source jitter is checked against the threshold range. If it exceeds the upper limit, the state of the reaction entry is set to over-threshold. If it is below the lower limit, the state is set to below-threshold. Once the state of the reaction entry changes, a trap message is generated and sent to the NMS.

<Sysname> system-view

[Sysname] nqa entry admin test

[Sysname-nqa-admin-test] type udp-jitter

[Sysname-nqa-admin-test-udp-jitter] reaction 1 checked-element jitter-ds threshold-type average threshold-value 50 5 action-type trap-only

# Create reaction entry 2 for monitoring the destination-to-source jitter of UDP jitter probe packets, and set the upper limit to 50 milliseconds, and the lower limit to 5 milliseconds. Before the NQA operation starts, the initial state of the reaction entry is invalid. After the operation, the destination-to-source jitter is checked against the threshold range. If the total number of threshold violations reaches or exceeds 100, the state of the entry is set to over-threshold. Otherwise, the state of the entry is set to below-threshold. Once the state of the reaction entry changes, a trap message is generated and sent to the NMS.

<Sysname> system-view

[Sysname] nqa entry admin test

[Sysname-nqa-admin-test] type udp-jitter

[Sysname-nqa-admin-test-udp-jitter] reaction 2 checked-element jitter-ds threshold-type accumulate 100 threshold-value 50 5 action-type trap-only

reaction checked-element { owd-ds | owd-sd }

Use reaction checked-element { owd-ds | owd-sd } to configure a reaction entry for monitoring the one-way delay.

Use undo reaction to delete the specified reaction entry.

Syntax

reaction item-number checked-element { owd-ds | owd-sd } threshold-value upper-threshold lower-threshold

undo reaction item-number

Default

No reaction entry for monitoring the one-way delay is configured.

Views

ICMP/UDP jitter operation view

Predefined user roles

network-admin

Parameters

item-number: Assigns an ID to the reaction entry, in the range of 1 to 10.

owd-ds: Specifies the destination-to-source delay of each probe packet as the monitored element.

owd-sd: Specifies the source-to-destination delay of each probe packet as the monitored element.

threshold-value: Specifies threshold range in milliseconds.

upper-threshold: Specifies the upper limit in the range of 0 to 3600000.

lower-threshold: Specifies the lower limit in the range of 0 to 3600000. It must not be greater than the upper limit.

Usage guidelines

You cannot edit a reaction entry after it is created. To change the attributes in a reaction entry, use the undo reaction command to delete the entry, and then configure a new one.

Only successful probe packets are monitored. Statistics about failed probe packets are not collected.

No actions can be configured for a reaction entry of monitoring one-way delays. To display the monitoring results and statistics, use the display nqa reaction counters and display nqa statistics commands.

Examples

# Create reaction entry 1 for monitoring the destination-to-source delay of every UDP jitter packet, and set the upper limit to 50 milliseconds and lower limit to 5 milliseconds. Before the NQA operation starts, the initial state of the reaction entry is invalid. The destination-to-source delay is calculated after the response to the probe packet arrives. If the delay exceeds the upper limit, the state of the reaction entry is set to over-threshold. If it is below the lower limit, the state is set to below-threshold. Once the state of the reaction entry changes, a trap message is generated and sent to the NMS.

<Sysname> system-view

[Sysname] nqa entry admin test

[Sysname-nqa-admin-test] type udp-jitter

[Sysname-nqa-admin-test-udp-jitter] reaction 1 checked-element owd-ds threshold-value 50 5

reaction checked-element packet-loss

Use reaction checked-element packet-loss to configure a reaction entry for monitoring packet loss in the UDP jitter operation.

Use undo reaction to delete the specified reaction entry.

Syntax

reaction item-number checked-element packet-loss threshold-type accumulate accumulate-occurrences [ action-type { none | trap-only } ]

undo reaction item-number

Default

No reaction entry for monitoring packet loss is configured.

Views

ICMP/UDP jitter operation view

Predefined user roles

network-admin

Parameters

item-number: Assigns an ID to the reaction entry, in the range of 1 to 10.

threshold-type: Specifies a threshold type.

accumulate accumulate-occurrences: Specifies the total number of lost packets in the operation. The value range is 1 to 15000.

action-type: Specifies what action to be triggered. The default action is none.

none: Specifies the action of displaying results on the terminal display.

trap-only: Specifies the action of displaying results on the terminal display and meanwhile sending SNMP trap messages to the NMS.

Usage guidelines

You cannot edit a reaction entry after it is created. To change the attributes in a reaction entry, use the undo reaction command to delete the entry, and then configure a new one.

Examples

# Create reaction entry 1 for monitoring packet loss in the UDP jitter operation. Before the NQA operation starts, the initial state of the reaction entry is invalid. After the operation, the total number of the lost packets is checked against the threshold. If the number reaches or exceeds 100, the state of the reaction entry is set to over-threshold. Otherwise, the state is set to below-threshold. Once the state of the reaction entry changes, a trap message is generated and sent to the NMS.

<Sysname> system-view

[Sysname] nqa entry admin test

[Sysname-nqa-admin-test] type udp-jitter

[Sysname-nqa-admin-test-udp-jitter] reaction 1 checked-element packet-loss threshold-type accumulate 100 action-type trap-only

reaction checked-element probe-duration

Use reaction checked-element probe-duration to configure a reaction entry for monitoring the probe duration.

Use undo reaction to delete the specified reaction entry.

Syntax

reaction item-number checked-element probe-duration threshold-type { accumulate accumulate-occurrences | average | consecutive consecutive-occurrences } threshold-value upper-threshold lower-threshold [ action-type { none | trap-only } ]

undo reaction item-number

Default

No reaction entry for monitoring the probe duration is configured.

Views

FTP/HTTP/SNMP/TCP operation view

ICMP/UDP echo operation view

Predefined user roles

network-admin

Parameters

item-number: Assigns an ID to the reaction entry, in the range of 1 to 10.

threshold-type: Specifies a threshold type.

accumulate accumulate-occurrences: Checks the total number of threshold violations. The value is in the range of 1 to 15.

average: Checks the average probe duration.

consecutive consecutive-occurrences: Specifies the number of consecutive threshold violations after the NQA operation starts. The value is in the range of 1 to 16.

threshold-value: Specifies threshold range in milliseconds.

upper-threshold: Specifies the upper limit in the range of 0 to 3600000.

lower-threshold: Specifies the lower limit in the range of 0 to 3600000. It must not be greater than the upper threshold.

action-type: Specifies what action to be triggered. The default action is none.

none: Specifies the action of displaying results on the terminal display.

trap-only: Specifies the action of displaying results on the terminal display and meanwhile sending SNMP trap messages to the NMS.

Usage guidelines

You cannot edit a reaction entry after it is created. To change the attributes in a reaction entry, use the undo reaction command to delete the entry, and then configure a new one.

Only successful probe packets are monitored. Statistics about failed probe packets are not collected.

Examples

# Create reaction entry 1 for monitoring the average probe duration of ICMP echo operation, and set the upper limit to 50 milliseconds and lower limit to 5 milliseconds. Before the NQA operation starts, the initial state of the reaction entry is invalid. After the operation, the average probe duration is checked. If it exceeds the upper limit, the state is set to over-threshold. If it is below the lower limit, the state of the reaction entry is set to below-threshold. Once the state of the reaction entry changes, a trap message is generated and sent to the NMS.

<Sysname> system-view

[Sysname] nqa entry admin test

[Sysname-nqa-admin-test] type icmp-echo

[Sysname-nqa-admin-test-icmp-echo] reaction 1 checked-element probe-duration threshold-type average threshold-value 50 5 action-type trap-only

# Create reaction entry 2 for monitoring the probe duration of ICMP echo operation, and set the upper limit to 50 milliseconds and the lower limit to 5 milliseconds. Before the NQA operation starts, the initial state of the reaction entry is invalid. After the operation, the accumulated probe duration is checked against the threshold range. If the total number of threshold violations reaches or exceeds 10, the state of the entry is set to over-threshold. If it is below the lower threshold, the state of the entry is set to below-threshold. Once the state of the reaction entry changes, a trap message is generated and sent to the NMS.

<Sysname> system-view

[Sysname] nqa entry admin test

[Sysname-nqa-admin-test] type icmp-echo

[Sysname-nqa-admin-test-icmp-echo] reaction 2 checked-element probe-duration threshold-type accumulate 10 threshold-value 50 5 action-type trap-only

# Create reaction entry 3 for monitoring the probe duration time of ICMP echo operation, and set the upper limit to 50 milliseconds and the lower limit to 5 milliseconds. Before the NQA operation starts, the initial state of the reaction entry is invalid. After the operation, the consecutive probe duration is checked against the threshold range. If the total number of consecutive threshold violations reaches or exceeds 10, the state of the entry is set to over-threshold. If it is below the lower threshold, the state of the entry is set to below-threshold. Once the state of the reaction entry changes, a trap message is generated and sent to the NMS.

<Sysname> system-view

[Sysname] nqa entry admin test

[Sysname-nqa-admin-test] type icmp-echo

[Sysname-nqa-admin-test-icmp-echo] reaction 3 checked-element probe-duration threshold-type consecutive 10 threshold-value 50 5 action-type trap-only

reaction checked-element probe-fail (for trap)

Use reaction checked-element probe-fail to configure a reaction entry for monitoring the probe failures of the operation.

Use undo reaction to delete the specified reaction entry.

Syntax

reaction item-number checked-element probe-fail threshold-type { accumulate accumulate-occurrences | consecutive consecutive-occurrences } [ action-type { none | trap-only } ]

undo reaction item-number

Default

No reaction entry for monitoring probe failures is configured.

Views

FTP/HTTP/SNMP/TCP operation view

ICMP/UDP echo operation view

Predefined user roles

network-admin

Parameters

item-number: Assigns an ID to the reaction entry, in the range of 1 to 10.

threshold-type: Specifies a threshold type.

accumulate accumulate-occurrences: Checks the total number of probe failures. The value is in the range of 1 to 15.

consecutive consecutive-occurrences: Checks the maximum number of consecutive probe failures. The value is in the range of 1 to 16.

action-type: Specifies what action to be triggered. The default action is none.

none: Specifies the action of displaying results on the terminal display.

trap-only: Specifies the action of displaying results on the terminal display and meanwhile sending SNMP trap messages to the NMS.

Usage guidelines

You cannot edit a reaction entry after it is created. To change the attributes in a reaction entry, use the undo reaction command to delete the entry, and then configure a new one.

Examples

# Create reaction entry 1 for monitoring the probe failures in ICMP echo operation. Before the NQA operation starts, the initial state of the reaction entry is invalid. If the total number of probe failures reaches or exceeds 10, the state of the entry is set to over-threshold. If it is below the threshold, the state of the entry is set to below-threshold. Once the state of the reaction entry changes, a trap message is generated and sent to the NMS.

<Sysname> system-view

[Sysname] nqa entry admin test

[Sysname-nqa-admin-test] type icmp-echo

[Sysname-nqa-admin-test-icmp-echo] reaction 1 checked-element probe-fail threshold-type accumulate 10 action-type trap-only

# Create reaction entry 2 for monitoring the probe failures in ICMP echo operation. Before the NQA operation starts, the initial state of the reaction entry is invalid. If the number of consecutive probe failures reaches or exceeds 10, the state of the entry is set to over-threshold. If it is below the threshold, the state of the entry is set to below-threshold. Once the state of the reaction entry changes, a trap message is generated and sent to the NMS.

<Sysname> system-view

[Sysname] nqa entry admin test

[Sysname-nqa-admin-test] type icmp-echo

[Sysname-nqa-admin-test-icmp-echo] reaction 2 checked-element probe-fail threshold-type consecutive 10 action-type trap-only

reaction checked-element probe-fail (for trigger)

Use reaction checked-element probe-fail to configure a reaction entry for monitoring probe failures.

Use undo reaction to remove the specified reaction entry.

Syntax

reaction item-number checked-element probe-fail threshold-type consecutive consecutive-occurrences action-type trigger-only

undo reaction item-number

Default

No reaction entry for monitoring probe failures is configured.

Views

FTP/HTTP/SNMP/TCP operation view

ICMP/UDP echo operation view

Predefined user roles

network-admin

Parameters

item-number: Assigns an ID to the reaction entry, in the range of 1 to 10.

threshold-type: Specifies a threshold type.

consecutive consecutive-occurrences: Checks the maximum number of consecutive probe failures, in the range of 1 to 16.

action-type: Specifies what action to be triggered.

trigger-only: Triggers other modules to react to certain conditions.

Usage guidelines

You cannot edit a reaction entry after it is created. To change the attributes in a reaction entry, use the undo reaction command to delete the entry, and then configure a new one.

Examples

# Create reaction entry 1. If the number of consecutive probe failures reaches 3, collaboration is triggered.

<Sysname> system-view

[Sysname] nqa entry admin test

[Sysname-nqa-admin-test] type tcp

[Sysname-nqa-admin-test-tcp] reaction 1 checked-element probe-fail threshold-type consecutive 3 action-type trigger-only

Related commands

track (High Availability Command Reference)

reaction checked-element rtt

Use reaction checked-element rtt to configure a reaction entry for monitoring packet round-trip time.

Use undo reaction to delete the specified reaction entry.

Syntax

reaction item-number checked-element rtt threshold-type { accumulate accumulate-occurrences | average } threshold-value upper-threshold lower-threshold [ action-type { none | trap-only } ]

undo reaction item-number

Default

No reaction entry for monitoring packet round-trip time is configured.

Views

ICMP/UDP jitter operation view

Predefined user roles

network-admin

Parameters

item-number: Assigns an ID to the reaction entry, in the range of 1 to 10.

threshold-type: Specifies a threshold type.

accumulate accumulate-occurrences: Checks the total number of threshold violations. The value range is 1 to 15000.

average: Checks the packet average round-trip time.

threshold-value: Specifies threshold range in milliseconds.

upper-threshold: Specifies the upper limit in the range of 0 to 3600000.

lower-threshold: Specifies the lower limit in the range of 0 to 3600000. It must not be greater than the upper limit.

action-type: Specifies what action to be triggered. The default action is none.

none: Specifies the action of displaying results on the terminal display.

trap-only: Specifies the action of displaying results on the terminal display and meanwhile sending SNMP trap messages to the NMS.

Usage guidelines

You cannot edit a reaction entry after it is created. To change the attributes in a reaction entry, use the undo reaction command to delete the entry, and then configure a new one.

Only successful probe packets are monitored. Statistics about failed probe packets are not collected.

Examples

# Create reaction entry 1 for monitoring the average round-trip time of UDP jitter probe packets, and set the upper limit to 50 milliseconds and lower limit to 5 milliseconds. Before the NQA operation starts, the initial state of the reaction entry is invalid. After the operation, the average packet round-trip time is checked. If it exceeds the upper limit, the state is set to over-threshold. If it is below the lower limit, the state is set to below-threshold. Once the reaction entry state changes, a trap message is generated and sent to the NMS.

<Sysname> system-view

[Sysname] nqa entry admin test

[Sysname-nqa-admin-test] type udp-jitter

[Sysname-nqa-admin-test-udp-jitter] reaction 1 checked-element rtt threshold-type average threshold-value 50 5 action-type trap-only

# Create reaction entry 2 for monitoring the round-trip time of UDP jitter probe packets, and set the upper limit to 50 milliseconds and lower limit to 5 milliseconds. Before the NQA operation starts, the initial state of the reaction entry is invalid. After the operation, the packet round-trip time is checked. If the total number of threshold violations reaches or exceeds 100, the state of the entry is set to over-threshold. Otherwise, the state of the entry is set to below-threshold. Once the state of the reaction entry changes, a trap message is generated and sent to the NMS.

<Sysname> system-view

[Sysname] nqa entry admin test

[Sysname-nqa-admin-test] type udp-jitter

[Sysname-nqa-admin-test-udp-jitter] reaction 1 checked-element rtt threshold-type accumulate 100 threshold-value 50 5 action-type trap-only

reaction trap

Use reaction trap to configure the sending of traps to the NMS under specific conditions.

Use undo reaction trap to restore the default.

Syntax

reaction trap { probe-failure consecutive-probe-failures | test-complete | test-failure [ cumulate-probe-failures ] }

undo reaction trap { probe-failure | test-complete | test-failure }

Default

No traps are sent to the NMS.

Views

FTP/HTTP/SNMP/TCP operation view

ICMP/UDP echo operation view

ICMP/UDP jitter operation view

Predefined user roles

network-admin

Parameters

probe-failure consecutive-probe-failures: Sends a trap to the NMS if the number of consecutive probe failures in an operation is greater than or equal to consecutive-probe-failures. The value range for the consecutive-probe-failures argument is 1 to 15. The system counts the number of consecutive probe failures for each operation, so multiple traps might be sent.

test-complete: Sends a trap to indicate that the operation is completed.

test-failure: Sends a trap when an operation fails. The system counts the total number of probe failures in an operation. If the number reaches or exceeds the value for the cumulate-probe-failures argument, a trap is sent for the operation failure.

cumulate-probe-failures: Specifies the total number of probe failures in an operation. The value range is 1 to 15.

Usage guidelines

The ICMP jitter and UDP jitter operations support only the test-complete keyword.

Examples

# Configure the system to send a trap if five or more consecutive probe failures occur in an ICMP echo operation.

<Sysname> system-view

[Sysname] nqa entry admin test

[Sysname-nqa-admin-test] type icmp-echo

[Sysname-nqa-admin-test-icmp-echo] reaction trap probe-failure 5

reaction trigger per-probe

Use reaction trigger per-probe to configure the probe result sending on a per-probe basis.

Use undo reaction trigger per-probe to restore the default.

Syntax

reaction trigger per-probe

undo reaction trigger per-probe

Default

The probe result is send to the feature that uses the template after three consecutive failed or successful probes.

Views

ICMP template view

TCP half open template view

Predefined user roles

network-admin

Usage guidelines

The feature enables the NQA client to send the probe result to the feature that uses the NQA template every time a probe is completed.

If you execute this command with the reaction trigger probe-fail or reaction trigger probe-pass command, the most recent configuration takes effect.

Examples

# In ICMP template view, configure the probe result sending on a per-probe basis.

<Sysname> system-view

[Sysname] nqa template icmp icmptplt

[Sysname-nqatplt-icmp-icmptplt] reaction trigger per-probe

Related commands

· reaction trigger probe-fail

· reaction trigger probe-pass

reaction trigger probe-fail

Use reaction trigger probe-fail to set the number of consecutive probe failures that lead to an operation failure.

Use undo reaction trigger probe-fail to restore the default.

Syntax

reaction trigger probe-fail count

undo reaction trigger probe-fail

Default

When the number of consecutive probe failures reaches 3, the operation fails.

Views

Any NQA template view

Predefined user roles

network-admin

Parameters

count: Specifies the number of consecutive probe failures, in the range of 1 to 15.

Usage guidelines

If the operation fails, the NQA client notifies the feature that uses the NQA template of the operation failure.

If you execute this command and the reaction trigger per-probe command, the most recent configuration takes effect.

Examples

# In HTTP template view, if the number of consecutive probe failures reaches 5, the operation fails.

<Sysname> system-view

[Sysname] nqa template http httptplt

[Sysname-nqatplt-http-httptplt] reaction trigger probe-fail 5

Related commands

· reaction trigger per-probe

· reaction trigger probe-pass

reaction trigger probe-pass

Use reaction trigger probe-pass to set the number of consecutive successful probes that lead to a successful operation.

Use undo reaction trigger probe-fail to restore the default.

Syntax

reaction trigger probe-pass count

undo reaction trigger probe-pass

Default

When the number of consecutive successful probes reaches 3, the operation succeeds.

Views

Any NQA template view

Predefined user roles

network-admin

Parameters

count: Specifies the number of consecutive successful probes, in the range of 1 to 15.

Usage guidelines

If the operation succeeds, the NQA client notifies the feature that uses the template of the successful operation event.

If you execute this command and the reaction trigger per-probe command, the most configuration takes effect.

Examples

# In HTTP template view, if the number of consecutive successful probes reaches 5, the operation succeeds.

<Sysname> system-view

[Sysname] nqa template http httptplt

[Sysname-nqatplt-http-httptplt] reaction trigger probe-pass 5

Related commands

· reaction trigger per-probe

· reaction trigger probe-fail

route-option bypass-route

Use route-option bypass-route to enable the routing table bypass feature to test the connectivity to the direct destination.

Use undo route-option bypass-route to disable the routing table bypass feature.

Syntax

route-option bypass-route

undo route-option bypass-route

Default

The routing table bypass feature is disabled.

Views

FTP/HTTP/SNMP/TCP operation view

ICMP/UDP echo operation view

ICMP/UDP jitter operation view

Predefined user roles

network-admin

Usage guidelines

When the routing table bypass feature is enabled, the following events occur:

· The routing table is not searched. Packets are sent to the destination in a directly connected network.

· The TTL value in the probe packet is set to 1. The TTL set in the ttl command does not take effect.

Examples

# Enable the routing table bypass feature.

<Sysname> system-view

[Sysname] nqa entry admin test

[Sysname-nqa-admin-test] type icmp-echo

[Sysname-nqa-admin-test-icmp-echo] route-option bypass-route

source interface

Use source interface to specify the IP address of the specified interface as the source IP address of probe packets.

Use undo source interface to restore the default.

Syntax

source interface interface-type interface-number

undo source interface

Default

No source IP address is specified for probe packets. The probe packets take the primary IP address of the outgoing interface as their source IP address.

Views

ICMP echo operation view

ICMP template view

Predefined user roles

network-admin

Parameters

interface-type interface-number: Specifies an interface by its type and number.

Usage guidelines

If you configure the source interface command with the source ip or source ipv6 command, the most recent configuration takes effect.

The specified source interface must be up. Otherwise, no probe requests can be sent out.

Examples

# Specify the IP address of interface VLAN-interface 2 as the source IP address of ICMP echo request packets.

<Sysname> system-view

[Sysname] nqa entry admin test

[Sysname-nqa-admin-test] type icmp-echo

[Sysname-nqa-admin-test-icmp-echo] source interface vlan-interface 2

# In ICMP template view, specify the IP address of interface VLAN-interface 2 as the source IP address of ICMP echo request packets.

<Sysname> system-view

[Sysname] nqa template icmp icmptplt

[Sysname-nqatplt-icmp-icmptplt] source interface vlan-interface 2

Related commands

· source ip

· source ipv6

source ip

Use source ip to configure the source IPv4 address for probe packets.

Use undo source ip to remove the configured source IPv4 address. The source IPv4 address of probe packets is the IP address of their outgoing interface.

Syntax

source ip ip-address

undo source ip

Default

No source IPv4 address is configured for probe packets.

Views

FTP/HTTP/SNMP/TCP operation view

ICMP/UDP echo operation view

ICMP/UDP jitter operation view

Any NQA template view

Predefined user roles

network-admin

Parameters

ip-address: Specifies the source IPv4 address for probe packets.

Usage guidelines

If you configure both the source interface and source ip commands for an ICMP echo operation, the most recent configuration takes effect.

The specified source IPv4 address must be the IPv4 address of a local interface, and the local interface must be up. Otherwise, no probe packets can be sent out.

For an NQA template, if the source and destination addresses have different IP versions, the source address does not take effect.

Examples

# Specify 10.1.1.1 as the source IPv4 address for ICMP echo requests.

<Sysname> system-view

[Sysname] nqa entry admin test

[Sysname-nqa-admin-test] type icmp-echo

[Sysname-nqa-admin-test-icmp-echo] source ip 10.1.1.1

# In ICMP template view, specify 10.1.1.1 as the source IPv4 address for ICMP echo requests.

<Sysname> system-view

[Sysname] nqa template icmp icmptplt

[Sysname-nqatplt-icmp-icmptplt] source ip 10.1.1.1

Related commands

source interface

source ipv6

Use source ipv6 to configure the source IPv6 address for probe packets.

Use undo source ipv6 to remove the configured source IPv6 address. The IPv6 address of the interface that sends a probe packet is the source IPv6 address of the probe packet.

Syntax

source ipv6 ipv6-address

undo source ipv6

Default

No source IPv6 address is configured for probe packets.

Views

ICMP echo template view

Any NQA template view

Predefined user roles

network-admin

Parameters

ipv6-address: Specifies the source IPv6 address for probe packets. IPv6 link-local addresses are not supported.

Usage guidelines

If you configure both the source interface and source ipv6 commands for an ICMP echo operation, the most recent configuration takes effect.

The specified source IPv6 address must be the IPv6 address of a local interface. The local interface must be up. Otherwise, no probe packets can be sent out.

For an NQA template, if the source and destination addresses have different IP versions, the source address does not take effect.

Examples

# In ICMP template view, specify 1::1 as the source IPv6 address for ICMP echo requests.

<Sysname> system-view

[Sysname] nqa template icmp icmptplt

[Sysname-nqatplt-icmp-icmptplt] source ipv6 1::1

Related commands

source interface

source port

Use source port to configure the source port number for probe packets.

Use undo source port to remove the configured source port number.

Syntax

source port port-number

undo source port

Default

No source port number is configured for probe packets.

Views

SNMP operation view

UDP echo operation view

UDP jitter operation view

Predefined user roles

network-admin

Parameters

port-number: Specifies the source port number in the range of 1 to 65535.

Examples

# Set the source port number to 8000 for probe packets in the UDP echo operation.

<Sysname> system-view

[Sysname] nqa entry admin test

[Sysname-nqa-admin-test] type udp-echo

[Sysname-nqa-admin-test-udp-echo] source port 8000

ssl-client-policy

Use ssl-client-policy to specify an SSL client policy for an HTTPS or SSL template.

Use undo ssl-client-policy to remove the SSL client policy.

Syntax

ssl-client-policy policy-name

undo ssl-client-policy

Default

No SSL client policy is specified for an HTTPS or SSL template.

Views

HTTPS template view

SSL template view

Predefined user roles

network-admin

Parameters

policy-name: Specifies an SSL client policy by its name, a case-insensitive string of 1 to 31 characters.

Usage guidelines

In the HTTPS or SSL operation, the NQA client uses the specified SSL client policy to establish an SSL connection to the server.

Examples

# Specify the SSL client policy named policy for the SSL template ssltplt.

<Sysname> system-view

[Sysname] nqa template ssl ssltplt

[Sysname-nqatplt-ssl-ssltplt] ssl-client-policy policy

statistics interval

Use statistics interval to set the statistics collection interval for an NQA operation.

Use undo statistics interval to restore the default.

Syntax

statistics interval interval

undo statistics interval

Default

The statistics collection interval is 60 minutes.

Views

FTP/HTTP/SNMP/TCP operation view

ICMP/UDP echo operation view

ICMP/UDP jitter operation view

Predefined user roles

network-admin

Parameters

interval: Specifies the interval in minutes, in the range of 1 to 35791394.

Usage guidelines

NQA forms statistics within the same collection interval as a statistics group. To display information about the statistics groups, use the display nqa statistics command.

Examples

# Configure the system to collect the ICMP echo operation statistics every 2 minutes.

<Sysname> system-view

[Sysname] nqa entry admin test

[Sysname-nqa-admin-test] type icmp-echo

[Sysname-nqa-admin-test-icmp-echo] statistics interval 2

statistics max-group

Use statistics max-group to set the maximum number of statistics groups that can be saved.

Use undo statistics max-group to restore the default.

Syntax

statistics max-group number

undo statistics max-group

Default

A maximum of two statistics groups can be saved.

Views

FTP/HTTP/SNMP/TCP operation view

ICMP/UDP echo operation view

ICMP/UDP jitter operation view

Predefined user roles

network-admin

Parameters

number: Specifies the maximum number of statistics groups, in the range of 0 to 100. To disable statistics collection, set the value to 0.

Usage guidelines

When the maximum number of statistics groups is reached and a new statistics group is to be saved, the earliest statistics group is deleted.

Examples

# Configure the NQA to save up to five statistics groups for the ICMP operation.

<Sysname> system-view

[Sysname] nqa entry admin test

[Sysname-nqa-admin-test] type icmp-echo

[Sysname-nqa-admin-test-icmp-echo] statistics max-group 5

tos

Use tos to set the ToS value in the IP header for probe packets.

Use undo tos to restore the default.

Syntax

tos value

undo tos

Default

The ToS value in the IP header of probe packets is 0.

Views

Any operation view

Any NQA template view

Predefined user roles

network-admin

Parameters

value: Specifies the ToS value in the range of 0 to 255.

Examples

# Set the ToS value to 1 in the IP header for probe packets.

<Sysname> system-view

[Sysname] nqa entry admin test

[Sysname-nqa-admin-test] type icmp-echo

[Sysname-nqa-admin-test-icmp-echo] tos 1

# In ICMP template view, set the ToS value to 1 in the IP header for probe packets.

<Sysname> system-view

[Sysname] nqa template icmp icmptplt

[Sysname-nqatplt-icmp-icmptplt] tos 1

ttl

Use ttl to set the maximum number of hops that the probe packets can traverse.

Use undo ttl to restore the default.

Syntax

ttl value

undo ttl

Default

The maximum number of hops is 20 for probe packets of an NQA operation.

Views

FTP/HTTP/SNMP/TCP operation view

ICMP/UDP echo operation view

ICMP/UDP jitter operation view

Any NQA template view

Predefined user roles

network-admin

Parameters

value: Specifies the maximum number of hops that the probe packets can traverse, in the range of 1 to 255.

Usage guidelines

The route-option bypass-route command sets the TTL to 1 for probe packets. The ttl command does not take effect.

Examples

# Set the maximum number of hops to 16 for probe packets.

<Sysname> system-view

[Sysname] nqa entry admin test

[Sysname-nqa-admin-test] type icmp-echo

[Sysname-nqa-admin-test-icmp-echo] ttl 16

# In ICMP template view, set the maximum number of hops to 16 for probe packets.

<Sysname> system-view

[Sysname] nqa template icmp icmptplt

[Sysname-nqatplt-icmp-icmptplt] ttl 16

type

Use type to specify the operation type of the NQA operation and enter operation type view.

Syntax

type { ftp | http | icmp-echo | icmp-jitter |snmp | tcp | udp-echo | udp-jitter }

Default

No operation type is specified.

Views

NQA operation view

Predefined user roles

network-admin

Parameters

ftp: Specifies the FTP operation type.

http: Specifies the HTTP operation type.

icmp-echo: Specifies the ICMP echo operation type.

icmp-jitter: Specifies the ICMP jitter operation type.

snmp: Specifies the SNMP operation type.

tcp: Specifies the TCP operation type.

udp-echo: Specifies the UDP echo operation type.

udp-jitter: Specifies the UDP jitter operation type.

Examples

# Specify FTP as the NQA operation type and enter FTP operation view.

<Sysname> system-view

[Sysname] nqa entry admin test

[Sysname-nqa-admin-test] type ftp

[Sysname-nqa-admin-test-ftp]

url

Use url to specify the URL of the destination.

Use undo url to remove the URL.

Syntax

url url

undo url

Default

The destination URL is not specified.

Views

FTP/HTTP operation view

FTP/HTTP/HTTPS template view

Predefined user roles

network-admin

Parameters

url: Specifies the URL of the destination server, a case-sensitive string of 1 to 255 characters. The following table describes the URL format and parameters for different operations.

Operation	URL format	Parameter description
HTTP operation	http://host/resource http://host:port/resource	The host parameter represents the host name of the destination server. The host name is a dot-separated case-sensitive string including letters, digits, hyphens (-), and underscores (_). Host names are composed of series of labels, aabbcc.com for example. Each label consists of 1 to 63 characters. Consecutive dots (.) and question marks are not allowed. For description about the filename parameter, see Fundamentals Configuration Guide.
HTTPS operation	https://host/resource https://host:port/resource
FTP operation	ftp://host/filename ftp://host:port/filename

Examples

# Configure the URL that the HTTP operation visits as http://www.company.com/index.htm.

<Sysname> system-view

[Sysname] nqa entry admin test

[Sysname-nqa-admin-test] type http

[Sysname-nqa-admin-test-http] url http://www.company.com/index.html

# In HTTP template view, configure the URL that the HTTP operation visits as http://www.company.com/index.htm.

<Sysname> system-view

[Sysname] nqa template http httptplt

[Sysname-nqatplt-http-httptplt] url http://www.company.com/index.html

username

Use username to specify a username.

Use undo username to restore the default.

Syntax

username username

undo username

Default

No username is configured.

Views

FTP/HTTP operation view

FTP/HTTP/HTTPS/RADIUS template view

Predefined user roles

network-admin

Parameters

username: Specifies the username. This argument is case sensitive. It is a string of 1 to 32 characters for an FTP, HTTP, or HTTPS username, and a string of 1 to 253 characters for a RADIUS authentication username.

Examples

# Set the FTP login username to administrator.

<Sysname> system-view

[Sysname] nqa entry admin test

[Sysname-nqa-admin-test] type ftp

[Sysname-nqa-admin-test-ftp] username administrator

# Set the FTP login username to administrator in FTP template view.

<Sysname> system-view

[Sysname] nqa template ftp ftptplt

[Sysname-nqatplt-ftp-ftptplt] username administrator

Related commands

· operation

· password

version

Use version to specify the version used in the HTTP or HTTPS operation.

Use undo version to restore the default.

Syntax

version { v1.0 | v1.1 }

undo version

Default

Version 1.0 is used in the HTTP operation or HTTPS operation.

Views

HTTP operation view

HTTP/HTTPS template view

Predefined user roles

network-admin

Parameters

v1.0: Uses version 1.0.

v1.1: Uses version 1.1.

Examples

# Configure the HTTP operation to use the HTTP version 1.1.

<Sysname> system-view

[Sysname] nqa entry admin test

[Sysname-nqa-admin-test] type http

[Sysname-nqa-admin-test-http] version v1.1

NQA server commands

IMPORTANT:

Configure the NQA server only for UDP jitter, TCP, and UDP echo operations.

display nqa server

Use display nqa server status to display NQA server status.

Syntax

display nqa server

Views

Any view

Predefined user roles

network-admin

network-operator

Examples

# Display NQA server status.

<Sysname> display nqa server

NQA server status: enabled

TCP connect:

IP Address Port ToS VPN instance

2.2.2.2 2000 200 -

UDP echo:

IP Address Port ToS VPN instance

3.3.3.3 3000 255 vpn1

Table 12 Command output

Field	Description
NQA server status	Whether the NQA server is enabled.
TCP-connect	Information about the TCP listening service on the NQA server.
UDP-echo	Information about the UDP listening service on the NQA server.
IP Address	IP address specified for the TCP/UDP listening service on the NQA server.
Port	Port number specified for the TCP/UDP listening service on the NQA server.
ToS	ToS value in reply packets sent by the NQA server.
VPN instance	Name of the MPLS L3VPN instance to which the IP address that the NQA server listens on belongs. This field displays a hyphen (-) if the NQA server listens on a public IP address. The device does not support this field in the current software version.

Related commands

· nqa server enable

· nqa server tcp-connect

· nqa server udp-echo

nqa server enable

Use nqa server enable to enable the NQA server.

Use undo nqa server enable to disable the NQA server.

Syntax

nqa server enable

undo nqa server enable

Default

The NQA server is disabled.

Views

System view

Predefined user roles

network-admin

Examples

# Enable the NQA server.

<Sysname> system-view

[Sysname] nqa server enable

Related commands

· display nqa server

· nqa server tcp-connect

· nqa server udp-echo

nqa server tcp-connect

Use nqa server tcp-connect to configure a TCP listening service to enable the NQA server to listen and respond to the specified IP address and port.

Use undo nqa server tcp-connect to remove a TCP listening service.

Syntax

nqa server tcp-connect ip-address port-number [ tos tos ]

undo nqa server tcp-connect ip-address port-number

Default

The NQA server does not have any TCP listening service configured.

Views

System view

Predefined user roles

network-admin

Parameters

ip-address: Specifies the IP address for the TCP listening service.

port-number: Specifies the port number for the TCP listening service, in the range of 1 to 65535.

tos tos: Specifies the ToS value in the IP header for reply packets. The value range for this argument is 0 to 255, and the default value is 0.

Usage guidelines

Use this command on the NQA server only for the TCP operation.

When you configure the IP address and port number for a TCP listening service on the NQA server, follow these restrictions and guidelines:

· The IP address and port number must be unique on the NQA server and match the configuration on the NQA client.

· The IP address must be the address of an interface on the NQA server.

· To ensure successful NQA operations and avoid affecting existing services, do not configure the TCP listening service on well-known ports from 1 to 1023.

Examples

# Configure a TCP listening service to enable the NQA server to listen and respond to the IP address 169.254.10.2 and port 9000.

<Sysname> system-view

[Sysname] nqa server tcp-connect 169.254.10.2 9000

Related commands

· display nqa server

· nqa server enable

nqa server udp-echo

Use nqa server udp-echo to configure a UDP listening service to enable the NQA server to listen and respond on the specified IP address and port.

Use undo nqa server udp-echo to remove the UDP listening service created.

Syntax

nqa server udp-echo ip-address port-number [ tos tos ]

undo nqa server udp-echo ip-address port-number

Default

The NQA server does not have any UDP listening service configured.

Views

System view

Predefined user roles

network-admin

Parameters

ip-address: Specifies the IP address for the UDP listening service.

port-number: Specifies the port number for the UDP listening service, in the range of 1 to 65535.

tos tos: Specifies the ToS value in the IP header for reply packets. The value range for this argument is 0 to 255, and the default value is 0.

Usage guidelines

Use this command on the NQA server only for the UDP jitter, and UDP echo operations.

When you configure the IP address and port number for a UDP listening service on the NQA server, follow these restrictions and guidelines:

· The IP address and port number must be unique on the NQA server and match the configuration on the NQA client.

· The IP address must be the address of an interface on the NQA server.

· To ensure successful NQA operations and avoid affecting existing services, do not configure the UDP listening service on well-known ports from 1 to 1023.

Examples

# Configure a UDP listening service to enable the NQA server to listen and respond on the IP address 169.254.10.2 and port 9000.

<Sysname> system-view

[Sysname] nqa server udp-echo 169.254.10.2 9000

Related commands

· display nqa server

· nqa server enable

NTP commands

NTP is supported by the following Layer 3 interfaces:

· Layer 3 Ethernet interfaces.

· Layer 3 Ethernet subinterfaces.

· VLAN interfaces.

· Tunnel interfaces.

display ntp-service ipv6 sessions

Use display ntp-service ipv6 sessions to display information about all IPv6 NTP associations.

Syntax

display ntp-service ipv6 sessions [ verbose ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

verbose: Displays detailed information about all IPv6 NTP associations. If you do not specify this keyword, the command displays only brief information about the IPv6 NTP associations.

Examples

# Display brief information about all IPv6 NTP associations.

<Sysname> display ntp-service ipv6 sessions

Notes: 1 source(master), 2 source(peer), 3 selected, 4 candidate, 5 configured.

Source: [125]3000::32

Reference: 127.127.1.0 Clock stratum: 2

Reachabilities: 1 Poll interval: 64

Last receive time: 6 Offset: -0.0

Roundtrip delay: 0.0 Dispersion: 0.0

Total sessions : 1

Table 13 Command output

Field	Description
[12345]	· 1—Clock source selected by the system (the current reference source). It has a system clock stratum level less than or equal to 15. · 2—The stratum level of the clock source is less than or equal to 15. · 3—The clock source has survived the clock selection algorithm. · 4—The clock source is a candidate clock source. · 5—The clock source was created by a command.
Source	IPv6 address of the NTP server. If this field displays ::, the IPv6 address of the NTP server has not been resolved successfully.
Reference	Reference clock ID of the NTP server: · If the reference clock is the local clock, the value of this field is related to the value of the Clock stratum field: ? When the value of the Clock stratum field is 0 or 1, this field displays LOCL. ? When the Clock stratum field has another value, this field displays the MD5 digest value of the first 32 bits of the IPv6 address. The MD5 digest value is in dotted decimal format. · If the reference clock is the clock of another device on the network, this field displays the MD5 digest value of the first 32 bits of the IPv6 address. The MD5 digest value is in dotted decimal format. If this field displays INIT, the local device has not established a connection with the NTP server.
Clock stratum	Stratum level of the NTP server, which determines the clock accuracy. The value is in the range of 1 to 16. A lower stratum level represents higher clock accuracy. A stratum 16 clock is not synchronized and cannot be used as a reference clock.
Reachabilities	Reachability count of the NTP server. 0 indicates that the NTP server is unreachable.
Poll interval	Polling interval in seconds. It is the maximum interval between successive NTP messages.
Last receive time	Length of time from when the last NTP message was received or when the local clock was last updated to the current time. Time is in seconds by default. · If the time length is greater than 2048 seconds, it is displayed in minutes (m). · If the time length is greater than 300 minutes, it is displayed in hours (h). · If the time length is greater than 96 hours, it is displayed in days (d). · If the time length is greater than 999 days, it is displayed in years (y). If the time when the most recent NTP message was received or when the local clock was updated most recently is behind the current time, this field displays a hyphen (-).
Offset	Offset of the system clock relative to the reference clock, in milliseconds.
Roundtrip delay	Roundtrip delay from the local device to the clock source, in milliseconds.
Dispersion	Maximum error of the system clock relative to the reference source.
Total sessions	Total number of associations.

# Display detailed information about all IPv6 NTP associations.

<Sysname> display ntp-service ipv6 sessions verbose

Clock source: 1::1

Session ID: 36144

Clock stratum: 16

Clock status: configured, insane, valid, unsynced

Reference clock ID: INIT

VPN instance: Not specified

Local mode: sym_active, local poll interval: 6

Peer mode: unspec, peer poll interval: 10

Offset: 0.0000ms, roundtrip delay: 0.0000ms, dispersion: 15937ms

Root roundtrip delay: 0.0000ms, root dispersion: 0.0000ms

Reachabilities:0, sync distance: 15.938

Precision: 2^10, version: 4, source interface: Not specified

Reftime: 00000000.00000000 Thu, Feb 7 2036 6:28:16.000

Orgtime: d17cbb21.0f318106 Tue, May 17 2011 9:15:13.059

Rcvtime: 00000000.00000000 Thu, Feb 7 2036 6:28:16.000

Xmttime: 00000000.00000000 Thu, Feb 7 2036 6:28:16.000

Roundtrip delay samples: 0.000 0.000 0.000 0.000 0.000 0.000 0.000 0.000

Offset samples: 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00

Filter order: 0 1 2 3 4 5 6 7

Total sessions: 1

Table 14 Command output

Field	Description
Clock source	IPv6 address of the clock source. If this field displays ::, the IPv6 address of the NTP server has not been resolved successfully.
Clock stratum	Stratum level of the NTP server, which determines the clock precision. The value is in the range of 1 to 16. A lower stratum level represents higher clock accuracy. A stratum 16 clock is not synchronized and cannot be used as a reference clock.
Clock status	Status of the clock source corresponding to this association: · configured—The association was created at the CLI. · dynamic—The association is established dynamically. · master—The clock source is the primary reference source of the current system. · selected—The clock source has survived the clock selection algorithm. · candidate—The clock source is the candidate reference source. · sane—The clock source has passed authentication and will be used as a reference clock. · insane—The clock source has not passed authentication, or it has passed authentication but will not be used as a reference clock. · valid—The clock source is valid, which means the clock source meets the following requirements: it has passed the authentication and is being synchronized. Its stratum level is valid, and its root delay and root dispersion values are within their ranges. · invalid—The clock source is invalid. · unsynced—The clock source has not been synchronized or the value of the stratum level is invalid.
Reference clock ID	· If the reference clock is the local clock, the value of this field is related to the value of the Clock stratum field: ? When the value of the Clock stratum field is 0 or 1, this field displays LOCL. ? When the Clock stratum field has another value, this field displays the MD5 digest value of the first 32 bits of the IPv6 address. The MD5 digest value is in dotted decimal format. · If the reference clock is the clock of another device on the network, this field displays the MD5 digest value of the first 32 bits of the IPv6 address. The MD5 digest value is in dotted decimal format. If this field displays INIT, the local device has not established a connection with the NTP server.
VPN instance	VPN instance of the NTP server. If the NTP server is in a public network, the field is displayed as Not specified. The device does not support this field in the current software version.
Local mode	Operation mode of the local device: · unspec—The mode is unspecified. · sym_active—Active mode. · sym_passive—Passive mode. · client—Client mode. · server—Server mode. · broadcast—Broadcast or multicast server mode. · bclient—Broadcast or multicast client mode.
local poll interval	Polling interval for the local device, in seconds. The value displayed is a power of 2. For example, if the displayed value is 6, the poll interval of the local device is 2⁶, or 64 seconds.
peer mode	Operation mode of the peer device: · unspec—The mode is unspecified. · sym_active—Active mode. · sym_passive—Passive mode. · client—Client mode. · server—Server mode. · broadcast—Broadcast or multicast server mode. · bclient—Broadcast or multicast client mode.
peer poll interval	Polling interval for the peer device, in seconds. The value displayed is a power of 2. For example, if the displayed value is 6, the polling interval of the local device is 2⁶, or 64 seconds.
Offset	Offset of the system clock relative to the reference clock, in milliseconds.
roundtrip delay	Roundtrip delay from the local device to the clock source, in milliseconds.
dispersion	Maximum error of the system clock relative to the reference clock.
Root roundtrip delay	Roundtrip delay from the local device to the primary reference source, in milliseconds.
root dispersion	Maximum error of the system clock relative to the primary reference clock, in milliseconds.
Reachabilities	Reachability count of the clock source. 0 indicates that the clock source is unreachable.
sync distance	Synchronization distance relative to the upper-level clock, in seconds, and calculated from dispersion and roundtrip delay values.
Precision	Accuracy of the system clock.
version	NTP version in the range of 1 to 4.
source interface	Source interface. If the source interface is not specified, this field is Not specified.
Reftime	Reference timestamp in the NTP message.
Orgtime	Originate timestamp in the NTP message.
Rcvtime	Receive timestamp in the NTP message.
Xmttime	Transmit timestamp in the NTP message.
Filter order	Dispersion information.
Reference clock status	Status of the local clock. The field is displayed only when you use the ntp-service refclock-master command to set the local clock as a reference clock. When the reach field of the local clock is 255, the field is displayed as working normally. Otherwise, the field is displayed as working abnormally.
Total sessions	Total number of associations.

display ntp-service sessions

Use display ntp-service sessions to display information about all IPv4 NTP associations.

Syntax

display ntp-service sessions [ verbose ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

verbose: Displays detailed information about all IPv4 NTP associations. If you do not specify this keyword, the command displays only brief information about the NTP associations.

Usage guidelines

When a device is operating in NTP broadcast or multicast server mode, the display ntp-service sessions command does not display the IPv4 NTP association information corresponding to the broadcast or multicast server. However, the associations are counted in the total number of associations.

Examples

# Display brief information about all IPv4 NTP associations.

<Sysname> display ntp-service sessions

source reference stra reach poll now offset delay disper

********************************************************************************

[12345]LOCAL(0) LOCL 0 1 64 - 0.0000 0.0000 7937.9

[5]0.0.0.0 INIT 16 0 64 - 0.0000 0.0000 0.0000

Notes: 1 source(master), 2 source(peer), 3 selected, 4 candidate, 5 configured.

Total sessions: 1

Table 15 Command output

Field	Description
source	· When the reference clock is the local clock, the field displays LOCAL (number). It indicates that the IP address of the local clock is 127.127.1.number, where number represents the NTP process number in the range of 0 to 3. · When the reference clock is the clock of another device, the field displays the IP address of the NTP server. If this field displays 0.0.0.0, the IP address of the NTP server has not been resolved successfully.
reference	Reference clock ID of the NTP server: · If the reference clock is the local clock, the value of this field is related to the value of the stra field: ? When the value of the stra field is 0 or 1, this field displays LOCL. ? When the stra field has another value, this field displays the IP address of the local clock. · If the reference clock is the clock of another device on the network, this field displays the IP address of the device. If the device supports IPv6, this field displays the MD5 digest of the first 32 bits of the IPv6 address of the device. If this field displays INIT, the local device has not established a connection with the NTP server.
stra	Stratum level of the clock source, which determines the clock accuracy. The value is in the range of 1 to 16. The clock accuracy decreases from stratum 1 to stratum 16. A stratum 1 clock has the highest precision, and a stratum 16 clock is not synchronized and cannot be used as a reference clock.
reach	Reachability count of the clock source. 0 indicates that the clock source is unreachable.
poll	Polling interval in seconds. It is the maximum interval between successive NTP messages.
now	Length of time from when the last NTP message was received or when the local clock was last updated to the current time. Time is in seconds by default. · If the time length is greater than 2048 seconds, it is displayed in minutes (m). · If the time length is greater than 300 minutes, it is displayed in hours (h). · If the time length is greater than 96 hours, it is displayed in days (d). · If the time length is greater than 999 days, it is displayed in years (y). If the time when the most recent NTP message was received or when the local clock was updated most recently is behind the current time, this field displays a hyphen (-).
offset	Offset of the system clock relative to the reference clock, in milliseconds.
delay	Roundtrip delay from the local device to the NTP server, in milliseconds.
disper	Maximum error of the system clock relative to the reference source, in milliseconds.
[12345]	· 1—Clock source selected by the system (the current reference source). It has a system clock stratum level less than or equal to 15. · 2—The stratum level of the clock source is less than or equal to 15. · 3—The clock source has survived the clock selection algorithm. · 4—The clock source is a candidate clock source. · 5—The clock source was created by a configuration command.
Total sessions	Total number of associations.

# Display detailed information about all IPv4 NTP associations.

<Sysname> display ntp-service sessions verbose

Clock source: 192.168.1.40

Session ID: 35888

Clock stratum: 2

Clock status: configured, master, sane, valid

Reference clock ID: 127.127.1.0

VPN instance: Not specified

Local mode: client, local poll interval: 6

Peer mode: server, peer poll interval: 6

Offset: 0.2862ms, roundtrip delay: 3.2653ms, dispersion: 4.5166ms

Root roundtrip delay: 0.0000ms, root dispersion: 10.910ms

Reachabilities:31, sync distance: 0.0194

Precision: 2^18, version: 3, source interface: Not specified

Reftime: d17cbba5.1473de1e Tue, May 17 2011 9:17:25.079

Orgtime: 00000000.00000000 Thu, Feb 7 2036 6:28:16.000

Rcvtime: d17cbbc0.b1959a30 Tue, May 17 2011 9:17:52.693

Xmttime: d17cbbc0.b1959a30 Tue, May 17 2011 9:17:52.693

Roundtrip delay samples: 0.007 0.010 0.006 0.011 0.010 0.005 0.007 0.003

Offset samples: 5629.55 3913.76 5247.27 6526.92 31.99 148.72 38.27 0.29

Filter order: 7 5 2 6 0 4 1 3

Total sessions: 1

Table 16 Command output

Field	Description
Clock source	IP address of the NTP server. If this field displays 0.0.0.0, the IP address of the NTP server has not been resolved successfully.
Clock stratum	Stratum level of the NTP server, which determines the clock accuracy. The value is in the range of 1 to 16. A lower stratum level represents greater clock accuracy. A stratum 16 clock is not synchronized and cannot be used as a reference clock.
Clock status	Status of the clock source corresponding to this association: · configured—The association was created by a configuration command. · dynamic—The association is established dynamically. · master—The clock source is the primary reference source of the current system. · selected—The clock source has survived the clock selection algorithm. · candidate—The clock source is the candidate reference source. · sane—The clock source has passed authentication and will be used as a reference clock. · insane—The clock source has not passed authentication, or it has passed authentication but will not be used as a reference clock. · valid—The clock source is valid, which means the clock source meets the following requirements: it has passed authentication and is being synchronized. Its stratum level is valid, and its root delay and root dispersion values are within their ranges. · invalid—The clock source is invalid. · unsynced—The clock source has not been synchronized or the value of the stratum level is invalid.
Reference clock ID	Reference clock ID of the NTP server: · If the reference clock is the local clock, the value of this field is related to the value of the Clock stratum field: ? When the value of the Clock stratum field is 0 or 1, this field displays LOCL. ? When the Clock stratum field has another value, this field displays the IP address of the local clock. · If the reference clock is the clock of another device on the network, this field displays the IP address of the device. If the device supports IPv6, this field displays the MD5 digest of the first 32 bits of the IPv6 address of the device. If this field displays INIT, the local device has not established a connection with the NTP server.
VPN instance	VPN instance to which the NTP server belongs. If the NTP server is in a public network, the field displays Not specified. The device does not support this field in the current software version.
Local mode	Operation mode of the local device: · unspec—The mode is unspecified. · active—Active mode. · passive—Passive mode. · client—Client mode. · server—Server mode. · broadcast—Broadcast or multicast server mode. · bclient—Broadcast or multicast client mode.
local poll interval	Polling interval of the local device, in seconds. The value displayed is a power of 2. For example, if the displayed value is 6, the poll interval of the local device is 2⁶, or 64 seconds.
Peer mode	Operation mode of the peer device: · unspec—The mode is unspecified. · active—Active mode. · passive—Passive mode. · client—Client mode. · server—Server mode. · broadcast—Broadcast or multicast server mode. · bclient—Broadcast or multicast client mode.
peer poll interval	Polling interval of the peer device, in seconds. The value displayed is a power of 2. For example, if the displayed value is 6, the poll interval of the local device is 2⁶, or 64 seconds.
Offset	Offset of the system clock relative to the reference clock, in milliseconds.
roundtrip delay	Roundtrip delay from the local device to the NTP server, in milliseconds.
dispersion	Maximum error of the system clock relative to the reference clock.
Root roundtrip delay	Roundtrip delay from the local device to the primary reference source, in milliseconds.
root dispersion	Maximum error of the system clock relative to the primary reference clock, in milliseconds.
Reachabilities	Reachability count of the clock source. 0 indicates that the clock source is unreachable.
sync distance	Synchronization distance relative to the upper-level clock, in seconds, and calculated from dispersion and roundtrip delay values.
Precision	Accuracy of the system clock.
version	NTP version in the range of 1 to 4.
source interface	Source interface. If the source interface is not specified, this field is Not specified.
Reftime	Reference timestamp in the NTP message.
Orgtime	Originate timestamp in the NTP message.
Rcvtime	Receive timestamp in the NTP message.
Xmttime	Transmit timestamp in the NTP message.
Filter order	Sample information order.
Reference clock status	Status of the local clock. The field is displayed only when you use the ntp-service refclock-master command to set the local clock as a reference clock. When the reach field of the local clock is 255, the field is displayed as working normally. Otherwise, the field is displayed as working abnormally.
Total sessions	Total number of associations.

display ntp-service status

Use display ntp-service status to display NTP service status.

Syntax

display ntp-service status

Views

Any view

Predefined user roles

network-admin

network-operator

Examples

# Display NTP service status after time synchronization.

<Sysname> display ntp-service status

Clock status: synchronized

Clock stratum: 2

System peer: LOCAL(0)

Local mode: client

Reference clock ID: 127.127.1.0

Leap indicator: 00

Clock jitter: 0.000977 s

Stability: 0.000 pps

Clock precision: 2^-10

Root delay: 0.00000 ms

Root dispersion: 3.96367 ms

Reference time: d0c5fc32.92c70b1e Wed, Dec 29 2010 18:28:02.573

# Display the NTP service status when time is not synchronized.

<Sysname> display ntp-service status

Clock status: unsynchronized

Clock stratum: 16

Reference clock ID: none

Clock jitter: 0.000000 s

Stability: 0.000 pps

Clock precision: 2^-10

Root delay: 0.00000 ms

Root dispersion: 0.00002 ms

Reference time: d0c5fc32.92c70b1e Wed, Dec 29 2010 18:28:02.573

Table 17 Command output

Field	Description
Clock status	Status of the system clock: · synchronized—The system clock has been synchronized. · unsynchronized—The system clock has not been synchronized.
Clock stratum	Stratum level of the system clock.
System peer	IP address of the selected NTP server.
Local mode	Operation mode of the local device: · unspec—The mode is unspecified. · active—Active mode. · passive—Passive mode. · client—Client mode. · server—Server mode. · broadcast—Broadcast or multicast server mode. · bclient—Broadcast or multicast client mode.
Reference clock ID	For an IPv4 NTP server: The field represents the IP address of the remote server when the local device is synchronized to a remote NTP server. The field represents the local clock when the local device uses the local clock as a reference source. · When the local clock has a stratum level of 1, this field displays LOCL. · When the local clock has any other stratum, this field displays the IP address of the local clock. For an IPv6 NTP server: The field represents the MD5 digest of the first 32 bits of the IPv6 address of the remote server when the local device is synchronized to a remote IPv6 NTP server. The field represents the local clock when the local device uses the local clock as a reference source. · When the local clock has a stratum level of 1, this field displays LOCL. · When the local clock has any other stratum, this field displays the MD5 digest of the first 32 bits of the IPv6 address of the local clock.
Leap indicator	Alarming status: · 00—Normal. · 01—Leap second, indicates that the last minute in a day has 61 seconds. · 10—Leap second, indicates that the last minute in a day has 59 seconds. · 11—Time is not synchronized.
Clock jitter	Difference between the system clock and reference clock, in seconds.
Stability	Clock frequency stability. A lower value represents better stability.
Clock precision	Accuracy of the system clock.
Root delay	Roundtrip delay from the local device to the primary reference source, in milliseconds.
Root dispersion	Maximum error of the system clock relative to the primary reference source, in milliseconds.
Reference time	Reference timestamp.

display ntp-service trace

Use display ntp-service trace to display brief information about each NTP time server from the local device back to the primary time server.

Syntax

display ntp-service trace [ source interface-type interface-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

source interface-type interface-number: Specifies the source interface for sending NTP packets to trace each NTP timer server from the local device back to the primary time server. The IPv4 address/IPv6 address of the specified source interface is the source IP address of the NTP packets. If the IP address of an NTP time server is a link-local address, the link-local address of the specified source interface is the source IP address of the NTP packets. If you do not specify this option, the interface that sends the tracing NTP packets acts as the source interface.

Usage guidelines

When you specify a source interface for tracing each NTP time server from the local device to the primary time server, make sure the source interface and the NTP time servers are reachable to each other.

Examples

# Display brief information about each NTP time server from the local device back to the primary time server.

<Sysname> display ntp-service trace

Server 127.0.0.1

Stratum 3, jitter 0.000, synch distance 0.0000.

Server 3000::32

Stratum 2 , jitter 790.00, synch distance 0.0000.

RefID 127.127.1.0

The output shows that server 127.0.0.1 is synchronized to server 3000::32, and server 3000::32 is synchronized to the local clock.

Table 18 Command output

Field	Description
Server	IP address of the NTP time server.
Stratum	Stratum level of the NTP time server.
jitter	Root mean square (RMS) value of the clock offset relative to the upper-level clock, in seconds.
synch distance	Synchronization distance relative to the upper-level NTP time server, in seconds, calculated from dispersion and roundtrip delay values.
RefID	Identifier of the primary time server. When the stratum level of the primary time server is 0, it is displayed as LOCL. Otherwise, it is displayed as the IP address of the primary time server.

Related commands

· ntp-service ipv6 source

· ntp-service ipv6 unicast-peer

· ntp-service ipv6 unicast-server

· ntp-service source

· ntp-service unicast-peer

· ntp-service unicast-server

ntp-service acl

Use ntp-service acl to configure the right for peer devices to access the NTP services on the local device.

Use undo ntp-service to remove the configured NTP service access right.

Syntax

ntp-service { peer | query | server | synchronization } acl ipv4-acl-number

undo ntp-service { peer | query | server | synchronization } [ acl ipv4-acl-number ]

Default

The right for peer devices to access the NTP services on the local device is peer.

Views

System view

Predefined user roles

network-admin

Parameters

peer: Allows time requests and NTP control queries (such as alarms, authentication status, and time server information) from a peer device and allows the local device to synchronize itself to a peer device.

query: Allows only NTP control queries from a peer device to the local device.

server: Allows time requests and NTP control queries from a peer device, but does not allow the local device to synchronize itself to a peer device.

synchronization: Allows only time requests from a system whose address passes the access list criteria.

acl ipv4-acl-number: Specifies an IPv4 ACL by its number. The peer devices that match the ACL have the access right specified in the command. The ipv4-acl-number argument represents an IPv4 basic ACL number in the range of 2000 to 2999 or an IPv4 advanced ACL in the range of 3000 to 3999.

Usage guidelines

When the device receives an NTP request, it matches the request against the access rights in the order from the least restrictive to the most restrictive: peer, server, synchronization, and query.

· If no NTP access control is configured, the peer access right applies.

· If the IP address of the peer device matches a permit statement in an ACL, the access right is granted to the peer device. If a deny statement or no ACL is matched, no access right is granted.

· If no IPv4 ACL is specified for an access right or the ACL specified for the access right is not created, the access right is not granted.

· If none of the IPv4 ACLs specified for the access rights is created, the peer access right applies.

· If none of the IPv4 ACLs specified for the access rights contains rules, no access right is granted.

The ntp-service acl command provides minimal security for a system running NTP. A more secure method is NTP authentication.

Examples

# Configure the peer devices on subnet 10.10.0.0/16 to have the peer access right to the NTP services on the local device.

<Sysname> system-view

[Sysname] acl basic 2001

[Sysname-acl-ipv4-basic-2001] rule permit source 10.10.0.0 0.0.255.255

[Sysname-acl-ipv4-basic-2001] quit

[Sysname] ntp-service peer acl 2001

Related commands

· ntp-service authentication enable

· ntp-service authentication-keyid

· ntp-service reliable authentication-keyid

ntp-service authentication enable

Use ntp-service authentication enable to enable NTP authentication.

Use undo ntp-service authentication enable to disable NTP authentication.

Syntax

ntp-service authentication enable

undo ntp-service authentication enable

Default

NTP authentication is disabled.

Views

System view

Predefined user roles

network-admin

Usage guidelines

Enable NTP authentication in networks that require time synchronization security to make sure NTP clients are synchronized only to authenticated NTP servers.

To authenticate an NTP server, set an authentication key and specify it as a trusted key.

Examples

# Enable NTP authentication.

<Sysname> system-view

[Sysname] ntp-service authentication enable

Related commands

· ntp-service authentication-keyid

· ntp-service reliable authentication-keyid

ntp-service authentication-keyid

Use ntp-service authentication-keyid to set an NTP authentication key.

Use undo ntp-service authentication-keyid to remove an NTP authentication key.

Syntax

ntp-service authentication-keyid keyid authentication-mode md5 { cipher | simple } string [ acl ipv4-acl-number | ipv6 acl ipv6-acl-number ] *

undo ntp-service authentication-keyid keyid

Default

No NTP authentication key is set.

Views

System view

Predefined user roles

network-admin

Parameters

keyid: Specifies an authentication key ID in the range of 1 to 4294967295.

authentication-mode md5: Uses the MD5 algorithm for authentication.

cipher: Specifies an authentication key in encrypted form.

simple: Specifies an authentication key in plaintext form. For security purposes, the authentication key specified in plaintext form will be stored in encrypted form.

string: Specifies a case-sensitive authentication key. Its plaintext form is a string of 1 to 32 characters. Its encrypted form is a string of 1 to 73 characters.

acl ipv4-acl-number: Specifies an IPv4 basic ACL by its number in the range of 2000 to 2999. Only the devices permitted by the ACL can use the key ID for authentication.

ipv6 acl ipv6-acl-number: Specifies an IPv6 basic ACL by its number in the range of 2000 to 2999. Only the devices permitted by the ACL can use the key ID for authentication.

Usage guidelines

For time synchronization security, you need to enable NTP authentication on systems running NTP to ensure that NTP clients are synchronized only to authenticated NTP servers.

The key ID in the message from the peer device identifies the key used for authentication. The acl ipv4-acl-number and acl ipv6-acl-number options are used to identify the peer device that can use the key ID.

· If the specified IPv4 or IPv6 ACL does not exist, any device can use the key ID for authentication.

· If the specified IPv4 or IPv6 ACL does not contain any rules, no device can use the key ID for authentication.

You can set a maximum of 128 NTP authentication keys.

To ensure a successful NTP authentication, configure the same authentication key ID and key on the time server and client. Make sure the peer device is allowed to use the key ID for authentication on the local device.

After you specify an NTP authentication key, use the ntp-service reliable authentication-keyid command to configure the key as a trusted key. The key automatically changes to untrusted after you delete the key. You do not need to execute the undo ntp-service reliable authentication-keyid command.

Examples

# Enable NTP authentication. Set the authentication key ID to 10, specify the MD5 authentication algorithm, and set the key in plaintext form to BetterKey.

<Sysname> system-view

[Sysname] ntp-service authentication enable

[Sysname] ntp-service authentication-keyid 10 authentication-mode md5 simple BetterKey

Related commands

· ntp-service authentication enable

· ntp-service reliable authentication-keyid

ntp-service broadcast-client

Use ntp-service broadcast-client to configure the device to operate in NTP broadcast client mode and use the current interface to receive NTP broadcast packets.

Use undo ntp-service broadcast-client to remove the configuration.

Syntax

ntp-service broadcast-client

undo ntp-service broadcast-client

Default

The device does not operate in any NTP association mode.

Views

Interface view

Predefined user roles

network-admin

Usage guidelines

After you configure the command, the device listens to NTP messages sent by the NTP broadcast server and is synchronized based on the received NTP messages.

If you have configured the device to operate in broadcast client mode on an interface with the command, do not add the interface to any aggregate group. To add the interface to an aggregate group, remove the configuration of the command.

Examples

# Configure the device to operate in broadcast client mode and receive NTP broadcast messages on VLAN-interface 1.

<Sysname> system-view

[Sysname] interface vlan-interface 1

[Sysname-Vlan-interface1] ntp-service broadcast-client

Related commands

ntp-service broadcast-server

Use ntp-service broadcast-server to configure the device to operate in NTP broadcast server mode and use the current interface to send NTP broadcast packets.

Use undo ntp-service broadcast-server to remove the configuration.

Syntax

ntp-service broadcast-server [ authentication-keyid keyid | version number ] *

undo ntp-service broadcast-server

Default

The device does not operate in any NTP association mode.

Views

Interface view

Predefined user roles

network-admin

Parameters

authentication-keyid keyid: Specifies the key ID to be used for sending broadcast messages to broadcast clients, where keyid is in the range of 1 to 4294967295. If this option is not specified, the local device cannot synchronize broadcast clients enabled with NTP authentication.

version number: Specifies the NTP version. The value range for the number argument is 1 to 4, and the default is 4.

Usage guidelines

After you configure the command, the device periodically sends NTP messages to the broadcast address 255.255.255.255.

If you have configured the device to operate in broadcast server mode on an interface with the command, do not add the interface to any aggregate group. To add the interface to an aggregate group, remove the configuration of the command.

Examples

# Configure the device to operate in broadcast server mode and send NTP broadcast messages on VLAN-interface 1, using key 4 for encryption. Set the NTP version to 4.

<Sysname> system-view

[Sysname] interface vlan-interface 1

[Sysname-Vlan-interface1] ntp-service broadcast-server authentication-keyid 4 version 4

Related commands

ntp-service broadcast-client

ntp-service dscp

Use ntp-server dscp to set a DSCP value for IPv4 NTP packets.

Use undo ntp-server dscp to restore the default.

Syntax

ntp-service dscp dscp-value

undo ntp-service dscp

Default

The DSCP value for IPv4 NTP packets is 48.

Views

System view

Predefined user roles

network-admin

Parameters

dscp-value: Sets a DSCP value in the range of 0 to 63 for IPv4 NTP packets.

Usage guidelines

The DSCP value is included in the ToS field of an IPv4 packet to identify the packet priority.

Examples

# Set the DSCP value for IPv4 NTP packets to 30.

<Sysname> system-view

[Sysname] ntp-service dscp 30

ntp-service enable

Use ntp-service enable to enable the NTP service.

Use undo ntp-service enable to disable the NTP service.

Syntax

ntp-service enable

undo ntp-service enable

Default

The NTP service is not enabled.

Views

System view

Predefined user roles

network-admin

Examples

# Enable the NTP service.

<Sysname> system-view

[Sysname] ntp-service enable

ntp-service inbound enable

Use ntp-service inbound enable to enable an interface to process NTP messages.

Use undo ntp-service inbound enable to disable an interface from processing NTP messages.

Syntax

ntp-service inbound enable

undo ntp-service inbound enable

Default

An interface processes NTP messages.

Views

Interface view

Predefined user roles

network-admin

Usage guidelines

Execute the undo ntp-service inbound enable command on an interface in the following cases:

· You do not want the interface to synchronize the peer device in the corresponding subnet.

· You do not want the device to be synchronized by the peer device in the subnet corresponding to the interface.

Examples

# Disable VLAN-interface 1 from processing NTP messages.

<Sysname> system-view

[Sysname] interface vlan-interface 1

[Sysname-Vlan-interface1] undo ntp-service inbound enable

ntp-service ipv6 acl

Use ntp-service ipv6 acl to configure the right for peer devices to access the IPv6 NTP services on the local device.

Use undo ntp-service ipv6 to remove the configured IPv6 NTP service access right.

Syntax

ntp-service ipv6 { peer | query | server | synchronization } acl ipv6-acl-number

undo ntp-service ipv6 { peer | query | server | synchronization } [ acl ipv6-acl-number ]

Default

The right for peer devices to access the IPv6 NTP services on the local device is peer.

Views

System view

Predefined user roes

network-admin

Parameters

peer: Allows time requests and NTP control queries (such as alarms, authentication status, and time server information) and allows the local device to synchronize itself to a peer device.

query: Allows only NTP control queries from a peer device to the local device.

server: Allows time requests and NTP control queries, but does not allow the local device to synchronize itself to a peer device.

synchronization: Allows only time requests from a system whose address passes the access list criteria.

acl ipv6-acl-number: Specifies an IPv6 ACL by its number. The peer devices that match the ACL have the access right specified in the command. The ipv6-acl-number argument represents an IPv6 basic ACL number in the range of 2000 to 2999 or an IPv6 advanced ACL number in the range of 3000 to 3999.

Usage guidelines

When the device receives an IPv6 NTP request, it matches the request against the access rights in the order from the least restrictive to the most restrictive: peer, server, synchronization, and query.

· If no IPv6 NTP access control is configured, the peer access right applies.

· If the IP address of the peer device matches a permit statement in an IPv6 ACL, the access right is granted to the peer device. If a deny statement or no IPv6 ACL is matched, no access right is granted.

· If no IPv6 ACL is specified for an access right or the IPv6 ACL specified for the access right is not created, the access right is not granted.

· If none of the IPv6 ACLs specified for the access rights is created, the peer access right applies.

· If none of the IPv6 ACLs specified for the access rights contains rules, no access right is granted.

The ntp-service ipv6 acl command provides a minimum security method. NTP authentication is more secure.

Examples

# Configure the peer devices on subnet 2001::1 to have the peer access right to the IPv6 NTP services on the local device.

<Sysname> system-view

[Sysname] acl ipv6 basic 2001

[Sysname-acl-ipv6-basic-2001] rule permit source 2001::1 64

[Sysname-acl-ipv6-basic-2001] quit

[Sysname] ntp-service ipv6 peer acl 2001

Related commands

· ntp-service authentication enable

· ntp-service authentication-keyid

· ntp-service reliable authentication-keyid

ntp-service ipv6 dscp

Use ntp-server ipv6 dscp to configure a DSCP value for IPv6 NTP packets.

Use undo ntp-server ipv6 dscp to restore the default.

Syntax

ntp-service ipv6 dscp dscp-value

undo ntp-service ipv6 dscp

Default

The DSCP value for IPv6 NTP packets is 56.

Views

System view

Predefined user roles

network-admin

Parameters

dscp-value: Specifies a DSCP value in the range of 0 to 63 for IPv6 NTP packets.

Usage guidelines

The DSCP value is included in the Traffic Class field of an IPv6 packet to identify the packet priority.

Examples

# Set the DSCP value for IPv6 NTP packets to 30.

<Sysname> system-view

[Sysname] ntp-service ipv6 dscp 30

ntp-service ipv6 inbound enable

Use ntp-service ipv6 inbound enable to enable an interface to process IPv6 NTP messages.

Use undo ntp-service ipv6 inbound enable to disable an interface from processing IPv6 NTP messages.

Syntax

ntp-service ipv6 inbound enable

undo ntp-service ipv6 inbound enable

Default

An interface processes IPv6 NTP messages.

Views

Interface view

Predefined user roles

network-admin

Usage guidelines

Execute the undo ntp-service ipv6 inbound enable command on an interface in the following cases:

· You do not want the interface to synchronize the peer devices in the corresponding subnet.

· You do not want the device to be synchronized by the peer devices in the subnet corresponding to the interface.

Examples

# Disable VLAN-interface 1 from processing IPv6 NTP messages.

<Sysname> system-view

[Sysname] interface vlan-interface 1

[Sysname-Vlan-interface1] undo ntp-service ipv6 inbound enable

ntp-service ipv6 multicast-client

Use ntp-service ipv6 multicast-client to configure the device to operate in IPv6 NTP multicast client mode and use the current interface to receive IPv6 NTP multicast packets.

Use undo ntp-service ipv6 multicast-client to remove the configuration.

Syntax

ntp-service ipv6 multicast-client ipv6-multicast-address

undo ntp-service ipv6 multicast-client ipv6-multicast-address

Default

The device does not operate in any NTP association mode.

Views

Interface view

Predefined user roles

network-admin

Parameters

ipv6-multicast-address: Specifies an IPv6 multicast address. The value range for this argument is FFxy::/16, where "x" and "y" represent any hexadecimal numbers from 0 to F. An IPv6 broadcast client and an IPv6 broadcast server must be configured with the same multicast address.

Usage guidelines

After you configure the command, the device listens to IPv6 NTP messages using the specified multicast address as the destination address. It is synchronized based on the received IPv6 NTP messages.

If you have configured the device to operate in IPv6 multicast client mode on an interface by using the command, do not add the interface to any aggregate group. To add the interface to an aggregate group, remove the configuration of the command.

Examples

# Configure the device to operate in IPv6 multicast client mode and receive IPv6 NTP multicast messages with the destination FF21::1 on VLAN-interface 1.

<Sysname> system-view

[Sysname] interface vlan-interface 1

[Sysname-Vlan-interface1] ntp-service ipv6 multicast-client ff21::1

Related commands

ntp-service ipv6 multicast-server

Use ntp-service ipv6 multicast-server to configure the device to operate in IPv6 NTP multicast server mode and use the current interface to send IPv6 NTP multicast packets.

Use undo ntp-service ipv6 multicast-server to remove the configuration.

Syntax

ntp-service ipv6 multicast-server ipv6-multicast-address [ authentication-keyid keyid | ttl ttl-number ] *

undo ntp-service ipv6 multicast-server ipv6-multicast-address

Default

The device does not operate in any NTP association mode.

Views

Interface view

Predefined user roles

network-admin

Parameters

ipv6-multicast-address: Specifies an IPv6 multicast address. The value range for this argument is FFxy::/16, where "x" and "y" represent any hexadecimal numbers from 0 to F. An IPv6 multicast client and server must be configured with the same multicast address.

authentication-keyid keyid: Specifies the key ID to be used for sending multicast messages to multicast clients, where keyid is in the range of 1 to 4294967295. If this option is not specified, the local device cannot synchronize clients enabled with NTP authentication.

ttl ttl-number: Specifies the TTL of NTP multicast messages. The value range for the ttl-number argument is 1 to 255, and the default is 16.

Usage guidelines

After you configure the command, the device periodically sends NTP messages to the specified IPv6 multicast address.

If you have configured the device to operate in IPv6 multicast server mode on an interface with the command, do not add the interface to any aggregate group. To add the interface to an aggregate group, remove the configuration of the command.

Examples

# Configure the device to operate in IPv6 multicast server mode and send IPv6 NTP multicast messages on VLAN-interface 1 to the multicast address FF21::1, using key 4 for encryption.

<Sysname> system-view

[Sysname] interface vlan-interface 1

[Sysname-Vlan-interface1] ntp-service ipv6 multicast-server ff21::1 authentication-keyid 4

Related commands

ntp-service ipv6 multicast-client

ntp-service ipv6 source

Use ntp-service ipv6 source to specify a source interface for IPv6 NTP messages.

Use undo ntp-service ipv6 source to restore the default.

Syntax

ntp-service ipv6 source interface-type interface-number

undo ntp-service ipv6 source

Default

No source interface is specified for IPv6 NTP messages. The device automatically selects the source IP address for IPv6 NTP messages. For more information, see RFC 3484.

Views

System view

Predefined user roles

network-admin

Parameters

interface-type interface-number: Specifies an interface by its type and number.

Usage guidelines

If you specify a source interface for IPv6 NTP messages, the device uses the IPv6 address of the source interface as the source address to send IPv6 NTP messages. Consequently, the destination address of the IPv6 NTP response messages becomes the address of the source interface.

When the device responds to an IPv6 NTP request, the source IPv6 address of the NTP response is always the IPv6 address of the interface that has received the IPv6 NTP request.

If you do not want the IPv6 address of an interface on the local device to become the destination address for response messages, use the command to specify another interface as the source interface for IPv6 NTP messages.

The source interface for IPv6 NTP messages can also be specified in the following ways:

· In NTP client/server mode, if you have specified the source interface for IPv6 NTP messages in the ntp-service ipv6 unicast-server command, the specified interface acts as the source interface for IPv6 NTP messages.

· In NTP symmetric active/passive mode, if you have specified the source interface for IPv6 NTP messages in the ntp-service ipv6 unicast-peer command, the specified interface acts as the source interface for IPv6 NTP messages.

· In NTP multicast mode, if you have configured the ntp-service ipv6 multicast-server command on an interface, the interface acts as the source interface for NTP multicast messages.

If the specified source interface is down, the device does not send IPv6 NTP messages.

Examples

# Specify the source interface of IPv6 NTP messages as VLAN-interface 1.

<Sysname> system-view

[Sysname] ntp-service ipv6 source vlan-interface 1

ntp-service ipv6 unicast-peer

Use ntp-service ipv6 unicast-peer to specify an IPv6 symmetric-passive peer for the device.

Use undo ntp-service ipv6 unicast-peer to remove the IPv6 symmetric-passive peer specified for the device.

Syntax

ntp-service ipv6 unicast-peer { peer-name | ipv6-address } [ authentication-keyid keyid | priority | source interface-type interface-number ] *

undo ntp-service ipv6 unicast-peer { peer-name | ipv6-address }

Default

No IPv6 symmetric-passive peer is specified for the device.

Views

System view

Predefined user roles

network-admin

Parameters

peer-name: Specifies the host name of the symmetric-passive peer, a case-insensitive string of 1 to 253 characters.

ipv6-address: Specifies the IPv6 address of the symmetric-passive peer. It must be a unicast address, rather than a multicast address.

authentication-keyid keyid: Specifies the key ID to be used for sending NTP messages to the peer, where keyid is in the range of 1 to 4294967295. If this option is not specified, the local device and the peer do not authenticate each other.

priority: Specifies the peer specified by ip-address or peer-name as the first choice under the same condition.

source interface-type interface-number: Specifies the source interface for IPv6 NTP messages. If the specified passive peer address is not a link local address, the source IPv6 address for IPv6 NTP messages sent by the local device is the IPv6 address of the specified source interface. If the specified passive peer address is a link local address, the IPv6 NTP messages are sent from the specified source interface. The interface-type interface-number argument represents the interface type and number. If you do not specify an interface, the device automatically selects the source IPv6 address of IPv6 NTP messages. For more information, see RFC 3484.

Usage guidelines

When you specify an IPv6 passive peer for the device, the device and its IPv6 passive peer can be synchronized to each other. If their clocks are in synchronized state, the clock with a high stratum level is synchronized to the clock with a lower stratum level.

Examples

# Specify the device with the IPv6 address of 2001::1 as the symmetric-passive peer of the device, and specify the source interface for IPv6 NTP messages as VLAN-interface 1.

<Sysname> system-view

[Sysname] ntp-service ipv6 unicast-peer 2001::1 source vlan-interface 1

Related commands

· ntp-service authentication enable

· ntp-service authentication-keyid

· ntp-service reliable authentication-keyid

ntp-service ipv6 unicast-server

Use ntp-service ipv6 unicast-server to specify an IPv6 NTP server for the device.

Use undo ntp-service ipv6 unicast-server to remove an IPv6 NTP server specified for the device.

Syntax

ntp-service ipv6 unicast-server { server-name | ipv6-address } [ authentication-keyid keyid | priority | source interface-type interface-number ] *

undo ntp-service ipv6 unicast-server { server-name | ipv6-address }

Default

No IPv6 NTP server is specified for the device.

Views

System view

Predefined user roles

network-admin

Parameters

server-name: Specifies the host name of the NTP server, a case-insensitive string of 1 to 253 characters.

ipv6-address: Specifies the IPv6 address of the NTP server. It must be a unicast address, rather than a multicast address.

authentication-keyid keyid: Specifies the key ID to be used for sending NTP messages to the NTP server, where keyid is in the range of 1 to 4294967295. If this option is not specified, the local device and NTP server do not authenticate each other.

priority: Specifies this NTP server as the first choice under the same condition.

source interface-type interface-number: Specifies the source interface for IPv6 NTP messages. If the specified IPv6 NTP server address is not a link local address, the source IPv6 address for IPv6 NTP messages sent by the local device to the NTP server is the IPv6 address of the specified source interface. If the specified IPv6 NTP server address is a link local address, the IPv6 NTP messages are sent from the specified source interface, and the source address of the messages is the link local address of the interface. The interface-type interface-number argument represents the interface type and number. If you do not specify an interface, the device automatically selects the source IPv6 address of IPv6 NTP messages. For more information, see RFC 3484.

Usage guidelines

When you specify an IPv6 NTP server for the device, the device is synchronized to the IPv6 NTP server, but the IPv6 NTP server is not synchronized to the device.

Examples

# Specify the IPv6 NTP server 2001::1 for the device.

<Sysname> system-view

[Sysname] ntp-service ipv6 unicast-server 2001::1

Related commands

· ntp-service authentication enable

· ntp-service authentication-keyid

· ntp-service reliable authentication-keyid

ntp-service max-dynamic-sessions

Use ntp-service max-dynamic-sessions to set the maximum number of dynamic NTP sessions allowed to be established locally.

Use undo ntp-service max-dynamic-sessions to restore the default.

Syntax

ntp-service max-dynamic-sessions number

undo ntp-service max-dynamic-sessions

Default

The maximum number of dynamic NTP sessions is 100.

Views

System view

Predefined user roles

network-admin

Parameters

number: Sets the maximum number of dynamic NTP associations allowed to be established, in the range of 0 to 100.

Usage guidelines

A single device can have a maximum of 128 concurrent associations, including static associations and dynamic associations. A static association refers to an association that a user has manually created by using an NTP command. A dynamic association is a temporary association created by the system during operation.

Examples

# Set the maximum number of dynamic NTP associations allowed to be established to 50.

<Sysname> system-view

[Sysname] ntp-service max-dynamic-sessions 50

Related commands

display ntp-service sessions

ntp-service multicast-client

Use ntp-service multicast-client to configure the device to operate in NTP multicast client mode and use the current interface to receive NTP multicast packets.

Use undo ntp-service multicast-client to remove the configuration.

Syntax

ntp-service multicast-client [ ip-address ]

undo ntp-service multicast-client [ ip-address ]

Default

The device does not operate in any NTP association mode.

Views

Interface view

Predefined user roles

network-admin

Parameters

ip-address: Specifies a multicast IP address in the range of 224.0.0.0 to 239.255.255.255. The default is 224.0.1.1. A multicast server and client must be configured with the same multicast IP address.

Usage guidelines

After you configure the command, the device listens to NTP messages using the specified multicast address as the destination address.

If you have configured the device to operate in multicast client mode on an interface with the command, do not add the interface to any aggregate group. To add the interface to an aggregate group, remove the configuration of the command.

Examples

# Configure the device to operate in multicast client mode and receive NTP multicast messages on VLAN-interface 1, and set the multicast address to 224.0.1.1.

<Sysname> system-view

[Sysname] interface vlan-interface 1

[Sysname-Vlan-interface1] ntp-service multicast-client 224.0.1.1

Related commands

ntp-service multicast-server

Use ntp-service multicast-server to configure the device to operate in NTP multicast server mode and use the current interface to send NTP multicast packets.

Use undo ntp-service multicast-server to remove the configuration.

Syntax

ntp-service multicast-server [ ip-address ] [ authentication-keyid keyid | ttl ttl-number | version number ] *

undo ntp-service multicast-server [ ip-address ]

Default

The device does not operate in any NTP association mode.

Views

Interface view

Predefined user roles

network-admin

Parameters

ttl ttl-number: Specifies the TTL of NTP multicast messages, where ttl-number is in the range of 1 to 255. The default value is 16.

version number: Specifies the NTP version. The value range for the number argument is 1 to 4, and the default is 4.

Usage guidelines

After you configure the command, the device periodically sends NTP messages to the specified multicast address.

If you have configured the device to operate in multicast server mode on an interface with the command, do not add the interface to any aggregate group. To add the interface to an aggregate group, remove the configuration of the command.

Examples

# Configure the device to operate in multicast server mode and send NTP multicast messages on VLAN-interface 1 to the multicast address 224.0.1.1, using key 4 for encryption. Set the NTP version to 4.

<Sysname> system-view

[Sysname] interface vlan-interface 1

[Sysname-Vlan-interface1] ntp-service multicast-server 224.0.1.1 version 4 authentication-keyid 4

Related commands

ntp-service multicast-client

ntp-service refclock-master

Use ntp-service refclock-master to configure the local clock as a reference source for other devices.

Use undo ntp-service refclock-master to remove the configuration.

Syntax

ntp-service refclock-master [ ip-address ] [ stratum ]

undo ntp-service refclock-master [ ip-address ]

Default

The device does not use its local clock as a reference clock.

Views

System view

Predefined user roles

network-admin

Parameters

ip-address: IP address of the local clock, which is 127.127.1.u, where u is the NTP process ID in the range of 0 to 3. If you do not specify ip-address, it defaults to 127.127.1.0.

stratum: Stratum level of the local clock, in the range of 1 to 15. The default value is 8. A lower stratum level represents higher clock accuracy.

Usage guidelines

Typically an NTP server that gets its time from an authoritative time source, such as an atomic clock has stratum 1 and operates as the primary time server to provide time synchronization for other devices in the network. The accuracy of each server is the stratum, with the topmost level (primary servers) assigned as one and each level downwards (secondary servers) in the hierarchy assigned as one greater than the preceding level.

If the devices in a network cannot synchronize to an authoritative time source, you can perform the following tasks:

· Select a device that has a relatively accurate clock from the network.

· Use the local clock of the device as the reference clock to synchronize other devices in the network.

Use the command with caution to avoid time errors. Before you execute the command, H3C recommends that you adjust the local system time.

Examples

# Specify the local clock as the reference source, with the stratum level 2.

<Sysname> system-view

[Sysname] ntp-service refclock-master 2

ntp-service reliable authentication-keyid

Use ntp-service reliable authentication-keyid to specify the created authentication key as a trusted key.

Use undo ntp-service reliable authentication-keyid to remove the configuration.

Syntax

ntp-service reliable authentication-keyid keyid

undo ntp-service reliable authentication-keyid keyid

Default

No trust key is specified.

Views

System view

Predefined user roles

network-admin

Parameters

keyid: Specifies an authentication key number in the range of 1 to 4294967295.

Usage guidelines

When NTP authentication is enabled, a client can be synchronized only to a server that can provide a trusted authentication key.

Before you use the command, make sure NTP authentication is enabled and an authentication key is configured. The key automatically changes to untrusted after you delete the key. In this case, you do not need to execute the undo ntp-service reliable authentication-keyid command.

You can set a maximum of 128 keys by executing the command.

Examples

# Enable NTP authentication, specify the MD5 algorithm, with the key ID of 37 and key value of BetterKey.

<Sysname> system-view

[Sysname] ntp-service authentication enable

[Sysname] ntp-service authentication-keyid 37 authentication-mode md5 simple BetterKey

# Specify this key as a trusted key.

[Sysname] ntp-service reliable authentication-keyid 37

Related commands

· ntp-service authentication enable

· ntp-service authentication-keyid

ntp-service source

Use ntp-service source to specify a source interface for NTP messages.

Use undo ntp-service source to restore the default.

Syntax

ntp-service source interface-type interface-number

undo ntp-service source

Default

No source interface is specified for NTP messages. The device does the following:

· Searches the routing table for the outbound interface of NTP messages.

· Uses the primary IP address of the outbound interface as the source IP address for NTP messages.

Views

System view

Predefined user roles

network-admin

Parameters

interface-type interface-number: Specifies an interface by its type and number.

Usage guidelines

If you specify a source interface for NTP messages, the device uses the primary IP address of the specified interface as the source IP address to send NTP messages. Consequently, the destination address of the NTP response messages is the primary IP address of the source interface.

When the device responds to an NTP request, the source IP address of the NTP response is always the IP address of the interface that has received the NTP request.

If you do not want the IP address of an interface on the local device to become the destination address for response messages, use the command to specify another interface as the source interface for NTP messages.

The source interface for NTP messages can also be specified in the following ways:

· In NTP client/server mode, if you have specified the source interface for NTP messages in the ntp-service unicast-server command, the specified interface acts as the source interface for NTP messages.

· In NTP symmetric active/passive mode, if you have specified the source interface for NTP messages in the ntp-service unicast-peer command, the specified interface acts as the source interface for NTP messages.

· In NTP multicast mode, if you have configured the ntp-service multicast-server command on an interface, the interface acts as the source interface for NTP multicast messages.

· In NTP broadcast mode, if you have configured the ntp-service broadcast-server command on an interface, the interface acts as the source interface for NTP broadcast messages.

If the specified source interface is down, the device does not send NTP messages.

Examples

# Specify the source interface for NTP messages as VLAN-interface 1.

<Sysname> system-view

[Sysname] ntp-service source vlan-interface 1

ntp-service unicast-peer

Use ntp-service unicast-peer to specify a symmetric-passive peer for the device.

Use undo ntp-service unicast-peer to remove the symmetric-passive peer specified for the device.

Syntax

ntp-service unicast-peer { peer-name | ip-address } [ authentication-keyid keyid | priority | source interface-type interface-number | version number ] *

undo ntp-service unicast-peer { peer-name | ip-address }

Default

No symmetric-passive peer is specified for the device.

Views

System view

Predefined user roles

network-admin

Parameters

peer-name: Specifies the host name of the symmetric-passive peer, a case-insensitive string of 1 to 253 characters.

ip-address: Specifies the IP address of the symmetric-passive peer. It must be a unicast address, rather than a broadcast address, a multicast address, or the IP address of the local clock.

priority: Specifies the peer specified by ip-address or peer-name as the first choice under the same condition.

source interface-type interface-number: Specifies the source interface for NTP messages. In an NTP message the local device sends to its peer, the source IP address is the primary IP address of this interface. The interface-type interface-number argument represents the interface type and number.

version number: Specifies the NTP version. The value range for the number argument is 1 to 4, and the default is 4.

Usage guidelines

When you specify a passive peer for the device, the device and its passive peer can be synchronized to each other. If their clocks are in synchronized state, the clock with a high stratum level is synchronized to the clock with a lower stratum level.

Examples

# Specify the device with the IP address of 10.1.1.1 as the symmetric-passive peer of the device, and configure the device to run NTP version 4. Specify the source interface of NTP messages as VLAN-interface 1.

<Sysname> system-view

[Sysname] ntp-service unicast-peer 10.1.1.1 version 4 source-interface vlan-interface 1

Related commands

· ntp-service authentication enable

· ntp-service authentication-keyid

· ntp-service reliable authentication-keyid

ntp-service unicast-server

Use ntp-service unicast-server to specify an NTP server for the device.

Use undo ntp-service unicast-server to remove an NTP server specified for the device.

Syntax

ntp-service unicast-server { server-name | ip-address } [ authentication-keyid keyid | priority | source interface-type interface-number | version number ] *

undo ntp-service unicast-server { server-name | ip-address }

Default

No NTP server is specified for the device.

Views

System view

Predefined user roles

network-admin

Parameters

server-name: Specifies the host name of the NTP server, a case-insensitive string of 1 to 253 characters.

ip-address: Specifies the IP address of the NTP server. It must be a unicast address, rather than a broadcast address, a multicast address, or the IP address of the local clock.

authentication-keyid keyid: Specifies the key ID to be used for sending NTP messages to the NTP server, where keyid is in the range of 1 to 4294967295. If the option is not specified, the local device and NTP server do not authenticate each other.

priority: Specifies this NTP server as the first choice under the same condition.

source interface-type interface-number: Specifies the source interface for NTP messages. For an NTP message the local device sends to the NTP server, the source IP address is the primary IP address of this interface. The interface-type interface-number argument represents the interface type and number.

version number: Specifies the NTP version. The value range for the number argument is 1 to 4, and the default is 4.

Usage guidelines

When you specify an NTP server for the device, the device is synchronized to the NTP server, but the NTP server is not synchronized to the device.

Examples

# Specify NTP server 10.1.1.1 for the device, and configure the device to run NTP version 4.

<Sysname> system-view

[Sysname] ntp-service unicast-server 10.1.1.1 version 4

Related commands

· ntp-service authentication enable

· ntp-service authentication-keyid

· ntp-service reliable authentication-keyid

SNTP commands

display sntp ipv6 sessions

Use display sntp ipv6 sessions to display information about all IPv6 SNTP associations.

Syntax

display sntp ipv6 sessions

Views

Any view

Predefined user roles

network-admin

network-operator

Examples

# Display information about all IPv6 SNTP associations.

<Sysname> display sntp ipv6 sessions

SNTP server: 2001::1

Stratum: 16

Version: 4

Last receive time: No packet was received.

SNTP server: 2001::100

Stratum: 3

Version: 4

Last receive time: Fri, Oct 21 2011 11:28:28.058 (Synced)

Table 19 Command output

Field	Description
SNTP server	SNTP server (NTP server). If this field displays ::, the IPv6 address of the NTP server has not been resolved successfully.
Stratum	Stratum level of the NTP server, which determines the clock accuracy. It is in the range of 1 to 16. A lower stratum level represents a higher clock accuracy. A clock with stratum level 16 is not synchronized.
Version	SNTP version.
Last receive time	Time when the last message was received: · Synced—The local clock is synchronized to the NTP server. · No packet was received—The device has not received any SNTP session information from the server.

display sntp sessions

Use display sntp sessions to display information about all IPv4 SNTP associations.

Syntax

display sntp sessions

Views

Any view

Predefined user roles

network-admin

network-operator

Examples

# Display information about all IPv4 SNTP associations.

<Sysname> display sntp sessions

SNTP server Stratum Version Last receive time

1.0.1.11 2 4 Tue, May 17 2011 9:11:20.833 (Synced)

Table 20 Command output

Field	Description
SNTP server	SNTP server (NTP server). If this field displays 0.0.0.0, the IP address of the NTP server has not been resolved successfully.
Stratum	Stratum level of the NTP server, which determines the clock accuracy. It is in the range of 1 to 16. A lower stratum level represents higher clock accuracy. A clock with stratum level 16 is not synchronized.
Version	SNTP version.
Last receive time	Time when the last message was received. Synced means the local clock is synchronized to the NTP server.

sntp authentication enable

Use sntp authentication enable to enable SNTP authentication.

Use undo sntp authentication enable to disable SNTP authentication.

Syntax

sntp authentication enable

undo sntp authentication enable

Default

SNTP authentication is disabled.

Views

System view

Predefined user roles

network-admin

Usage guidelines

You need to enable SNTP authentication in networks that require time synchronization security to make sure SNTP clients are synchronized only to authenticated NTP servers.

To authenticate an NTP server, set an authentication key and specify it as a trusted key.

Examples

# Enable SNTP authentication.

<Sysname> system-view

[Sysname] sntp authentication enable

Related commands

· sntp authentication-keyid

· sntp reliable authentication-keyid

sntp authentication-keyid

Use sntp authentication-keyid to set an SNTP authentication key.

Use undo sntp authentication-keyid to remove an SNTP authentication key.

Syntax

sntp authentication-keyid keyid authentication-mode md5 { cipher | simple } string [ acl ipv4-acl-number | ipv6 acl ipv6-acl-number ] *

undo sntp authentication-keyid keyid

Default

No SNTP authentication key is set.

Views

System view

Predefined user roles

network-admin

Parameters

keyid: Specifies an authentication key ID in the range of 1 to 4294967295.

authentication-mode md5: Uses the MD5 algorithm for authentication.

cipher: Specifies an authentication key in encrypted form.

simple: Specifies an authentication key in plaintext form. For security purposes, the key specified in plaintext form will be stored in encrypted form.

string: Specifies a case-sensitive authentication key. Its plaintext form is a string of 1 to 32 characters. Its encrypted form is a string of 1 to 73 characters.

acl ipv4-acl-number: Specifies an IPv4 basic ACL by its number in the range of 2000 to 2999. Only the devices permitted by the ACL can use the key ID for authentication.

ipv6 acl ipv6-acl-number: Specifies an IPv6 basic ACL by its number in the range of 2000 to 2999. Only the devices permitted by the ACL can use the key ID for authentication.

Usage guidelines

For time synchronization security, you need to enable SNTP authentication on systems running SNTP to ensure that SNTP clients are synchronized only to authenticated NTP servers.

· If the specified IPv4 or IPv6 ACL does not exist, any device can use the key ID for authentication.

· If the specified IPv4 or IPv6 ACL does not contain any rules, no device can use the key ID for authentication.

You can set a maximum of 128 SNTP authentication keys.

To ensure a successful authentication, configure the same authentication key ID and key on the time server and client. Make sure the peer device is allowed to use the key ID for authentication on the local device.

After you configure an SNTP authentication key, use the sntp reliable authentication-keyid command to configure it as a trusted key. The key automatically changes to untrusted after you delete the key. You do not need to execute the undo sntp-service reliable authentication-keyid command.

Examples

# Enable SNTP authentication. Set the authentication key ID to 10, specify the MD5 authentication algorithm, and set the key in plaintext form to BetterKey.

<Sysname> system-view

[Sysname] sntp authentication enable

[Sysname] sntp authentication-keyid 10 authentication-mode md5 simple BetterKey

Related commands

· sntp authentication enable

· sntp reliable authentication-keyid

sntp enable

Use sntp enable to enable the SNTP service.

Use undo sntp enable to disable the SNTP service.

Syntax

sntp enable

undo sntp enable

Default

The SNTP service is not enabled.

Views

System view

Predefined user roles

network-admin

Examples

# Enable the SNTP service.

<Sysname> system-view

[Sysname] sntp enable

sntp ipv6 unicast-server

Use sntp ipv6 unicast-server to specify an IPv6 NTP server for the device.

Use undo sntp ipv6 unicast-server to remove the IPv6 NTP server specified for the device.

Syntax

sntp ipv6 unicast-server { server-name | ipv6-address } [ authentication-keyid keyid | source interface-type interface-number ] *

undo sntp ipv6 unicast-server { server-name | ipv6-address }

Default

No IPv6 NTP server is specified for the device.

Views

System view

Predefined user roles

network-admin

Parameters

server-name: Specifies the host name of the NTP server, a case-insensitive string of 1 to 253 characters.

ipv6-address: Specifies the IPv6 address of the NTP server.

Usage guidelines

When you specify an IPv6 NTP server for the device, the device is synchronized to the NTP server, but the NTP server is not synchronized to the device.

If the specified IPv6 address of the NTP server is a link local address, you must specify the source interface for NTP messages and cannot specify a VPN for the NTP server.

Examples

# Specify the IPv6 NTP server 2001::1 for the device.

<Sysname> system-view

[Sysname] sntp ipv6 unicast-server 2001::1

Related commands

· sntp authentication enable

· sntp authentication-keyid

· sntp reliable authentication-keyid

sntp reliable authentication-keyid

Use sntp reliable authentication-keyid to specify the created authentication key as a trusted key.

Use undo sntp reliable authentication-keyid to remove the specified trusted key.

Syntax

sntp reliable authentication-keyid keyid

undo sntp reliable authentication-keyid keyid

Default

No trust key is specified.

Views

System view

Predefined user roles

network-admin

Parameters

keyid: Specifies an authentication key number in the range of 1 to 4294967295.

Usage guidelines

If SNTP is enabled, the SNTP client is synchronized only to an NTP server that provides a trusted key.

Before you use the command, make sure SNTP authentication is enabled and an authentication key is configured. The key automatically changes to untrusted after you delete the key. In this case, you do not need to execute the undo sntp-service reliable authentication-keyid command.

Examples

# Enable NTP authentication, and specify the MD5 encryption algorithm, with the key ID of 37 and key value of BetterKey.

<Sysname> system-view

[Sysname] sntp authentication enable

[Sysname] sntp authentication-keyid 37 authentication-mode md5 simple BetterKey

# Specify this key as a trusted key.

[Sysname] sntp reliable authentication-keyid 37

Related commands

· sntp authentication-keyid

· sntp authentication enable

sntp unicast-server

Use sntp unicast-server to specify an NTP server for the device.

Use undo sntp unicast-server to remove the NTP server.

Syntax

sntp unicast-server { server-name | ip-address } [ authentication-keyid keyid | source interface-type interface-number | version number ] *

undo sntp unicast-server { server-name | ip-address }

Default

No NTP server is specified for the device.

Views

System view

Predefined user roles

network-admin

Parameters

server-name: Specifies the host name of the NTP server, a case-insensitive string of 1 to 253 characters.

ip-address: Specifies the IP address of the NTP server. It must be a unicast address, rather than a broadcast address, a multicast address, or the IP address of the local clock.

source interface-type interface-number: Specifies the source interface for NTP messages. In an NTP message the local device sends to the NTP server, the source IP address is the primary IP address of this interface. The interface-type interface-number argument represents the interface type and number.

version number: Specifies the NTP version. The value range for the number argument is 1 to 4, and the default is 4.

Usage guidelines

When you specify an NTP server for the device, the device is synchronized to the NTP server, but the NTP server is not synchronized to the device.

Examples

# Specify NTP server 10.1.1.1 for the device, and configure the device to run NTP version 4.

<Sysname> system-view

[Sysname] sntp unicast-server 10.1.1.1 version 4

Related commands

· sntp authentication enable

· sntp authentication-keyid

· sntp reliable authentication-keyid

SNMP commands

The SNMP agent sends notifications (traps and informs) to inform the NMS of significant events, such as link state changes and user logins or logouts. Unless otherwise stated, the trap keyword in the command line includes both traps and informs.

display snmp-agent community

Use display snmp-agent community to display SNMPv1 or SNMPv2c community information.

Syntax

display snmp-agent community [ read | write ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

read: Displays information about SNMP read-only communities.

write: Displays information about SNMP read and write communities.

Usage guidelines

If no keyword is specified, this command displays information about all SNMPv1 and SNMPv2c communities that have been created.

The communities include:

· Those configured with the snmp-agent community command.

· Those automatically created by the system for SNMPv1 and SNMPv2c users that have been assigned to an existing SNMP group.

Examples

# Display information about all SNMPv1 and SNMPv2c communities.

<Sysname> display snmp-agent community

Community name: aa

Group name: aa

ACL:2001

Storage-type: nonVolatile

Context name: con1

Community name: bb

Role name: bb

Storage-type: nonVolatile

Community name: userv1

Group name: testv1

Storage type: nonvolatile

Community name: cc

Group name: cc

ACL name: testacl

Storage type: nonVolatile

Table 21 Command output

Field	Description
Community name	Community name created by using the snmp-agent community command or username created by using the snmp-agent usm-user { v1 \| v2c } command.
Group name	SNMP group name. · If the community is created by using the snmp-agent community command in VACM mode, the group name is the same as the community name. · If the community is created by using the snmp-agent usm-user { v1 \| v2c } command, the name of the group that has the user is displayed.
Role name	User role name for the community. If the community is created by using the snmp-agent community command in RBAC mode, a user role can be bound to the community name.
ACL	Number of the ACL that controls the access of the NMSs in the community to the device. Only the NMSs with the IP addresses permitted in the ACL can access the device with the community name. This field appears only when an SNMPv1 or SNMPv2c user is associated with an ACL rule. It is exclusive with the ACL name field.
ACL name	Name of the ACL that controls the access of the NMSs in the community to the device. Only the NMSs with the IP addresses permitted in the ACL can access the device with the community name. This field appears only when an SNMPv1 or SNMPv2c user is associated with an ACL rule. It is exclusive with the ACL field.
Storage type	Storage type: · volatile—Settings are lost when the system reboots. · nonVolatile—Settings remain after the system reboots. · permanent—Settings remain after the system reboots and can be modified but not deleted. · readOnly—Settings remain after the system reboots and cannot be modified or deleted. · other—Any other storage type.
Context name	SNMP context: · If a mapping between an SNMP community and an SNMP context is configured, the SNMP context is displayed. · If no mapping between an SNMP community and an SNMP context exists, this field is not displayed.

Related commands

· snmp-agent community

· snmp-agent usm-user { v1 | v2c }

display snmp-agent context

Use display snmp-agent context to display an SNMP context.

Syntax

display snmp-agent context [ context-name ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

context-name: Specifies an SNMP context by its name, a case-sensitive string of 1 to 32 characters. If no SNMP context is specified, this command displays all SNMP contexts created on the device.

Examples

# Display all SNMP contexts created on the device.

<Sysname> display snmp-agent context

testcontext

Related commands

snmp-agent context

display snmp-agent group

Use display snmp-agent group to display SNMP group information, including the group name, security model, MIB view, and storage-type.

Syntax

display snmp-agent group [ group-name ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

group-name: Specifies an SNMPv1, SNMPv2c, or SNMPv3 group name. It is a case-sensitive string of 1 to 32 characters. If no group is specified, this command displays information about all SNMP groups.

Examples

# Display information about all SNMP groups.

<Sysname> display snmp-agent group

Group name: groupv3

Security model: v3 noAuthnoPriv

Readview: ViewDefault

Writeview: <no specified>

Notifyview: <no specified>

Storage-type: nonvolatile

ACL name: testacl

Table 22 Command output

Field	Description
Group name	SNMP group name.
Security model	Security model of the SNMP group: · authPriv—authentication with privacy. · authNoPriv—authentication without privacy. · noAuthNoPriv—no authentication, no privacy. Security model of an SNMPv1 or SNMPv2c group can only be noAuthNoPriv.
Readview	Read-only MIB view accessible to the SNMP group.
Writeview	Write MIB view accessible to the SNMP group.
Notifyview	Notify MIB view for the SNMP group. The SNMP users in the group can send notifications only for the nodes in the notify MIB view.
Storage-type	Storage type, including volatile, nonvolatile, permanent, readOnly, and other (see Table 21).
ACL	Number of the ACL that controls the access of the NMSs in the SNMP group to the device. This field appears only when an ACL is assigned to the SNMP group. It is exclusive with the ACL name field.
ACL name	Name of the ACL that controls the access of the NMSs in the SNMP group to the device. This field appears only when an ACL is assigned to the SNMP group. It is exclusive with the ACL field.

Related commands

snmp-agent group

display snmp-agent local-engineid

Use display snmp-agent local-engineid to display the local SNMP engine ID.

Syntax

display snmp-agent local-engineid

Views

Any view

Predefined user roles

network-admin

network-operator

Usage guidelines

Every SNMP agent has one SNMP engine to provide services for sending and receiving messages, authenticating and encrypting messages, and controlling access to managed objects.

The local SNMP engine ID uniquely identifies the SNMP engine of the SNMP agent in an SNMP domain.

Examples

# Display the local engine ID.

<Sysname> display snmp-agent local-engineid

SNMP local engine ID: 800063A2800084E52BED7900000001

Related commands

snmp-agent local-engineid

display snmp-agent mib-node

Use display snmp-agent mib-node to display SNMP MIB node information.

Syntax

display snmp-agent mib-node [ details | index-node | trap-node | verbose ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

details: Specifies detailed MIB node information, including node name, last octet of an OID string, and name of the next leaf node.

index-node: Specifies SNMP MIB tables, and node names and OIDs of MIB index nodes.

trap-node: Specifies node names and OIDs of MIB notification nodes, and node names and OIDs of notification objects.

verbose: Specifies detailed information about SNMP MIB nodes, including node names, OIDs, node types, permissions to MIB nodes, data types, MORs, and parent, child, and sibling nodes.

Usage guidelines

If no keywords are specified, this command displays information about all SNMP MIB nodes, including node name, OID, and permissions to MIB nodes.

The SNMP software package includes different MIB files. Support for MIBs varies by SNMP software versions.

Examples

# Display SNMP MIB node information.

<Sysname> display snmp-agent mib-node

iso<1>(NA)

|-std<1.0>(NA)

|-iso8802<1.0.8802>(NA)

|-ieee802dot1<1.0.8802.1>(NA)

|-ieee802dot1mibs<1.0.8802.1.1>(NA)

|-lldpMIB<1.0.8802.1.1.2>(NA)

|-lldpNotifications<1.0.8802.1.1.2.0>(NA)

|-lldpNotificationPrefix<1.0.8802.1.1.2.0.0>(NA)

|-lldpRemTablesChange<1.0.8802.1.1.2.0.0.1>(NA)

|-lldpObjects<1.0.8802.1.1.2.1>(NA)

|-lldpConfiguration<1.0.8802.1.1.2.1.1>(NA)

|-*lldpMessageTxInterval<1.0.8802.1.1.2.1.1.1>(RW)

|-*lldpMessageTxHoldMultiplier<1.0.8802.1.1.2.1.1.2>(RW)

|-*lldpReinitDelay<1.0.8802.1.1.2.1.1.3>(RW)

Table 23 Command output

Field	Description
-std	MIB node name.
<1.0>	OID of a MIB node.
(NA)	Permissions to MIB nodes: · NA—Not accessible. · NF—Supports notifications. · RO—Supports read-only access. · RW—Supports read and write access. · RC—Supports read-write-create access. · WO—Supports write-only access.
*	Leaf node or MIB table node.

# Display detailed MIB node information.

<Sysname> display snmp-agent mib-node details

iso(1)(lldpMessageTxInterval)

|-std(0)(lldpMessageTxInterval)

|-iso8802(8802)(lldpMessageTxInterval)

|-ieee802dot1(1)(lldpMessageTxInterval)

|-ieee802dot1mibs(1)(lldpMessageTxInterval)

|-lldpMIB(2)(lldpMessageTxInterval)

|-lldpNotifications(0)(lldpMessageTxInterval)

|-lldpNotificationPrefix(0)(lldpMessageTxInterval)

|-lldpRemTablesChange(1)(NULL)

|-lldpObjects(1)(lldpMessageTxInterval)

|-lldpConfiguration(1)(lldpMessageTxInterval)

|-*lldpMessageTxInterval(1)(lldpMessageTxHoldMultiplier)

|-*lldpMessageTxHoldMultiplier(2)(lldpReinitDelay)

|-*lldpReinitDelay(3)(lldpTxDelay)

|-*lldpTxDelay(4)(lldpNotificationInterval)

|-*lldpNotificationInterval(5)(lldpPortConfigPortNum)

|-lldpPortConfigTable(6)(lldpPortConfigPortNum)

|-lldpPortConfigEntry(1)(lldpPortConfigPortNum)

|-*lldpPortConfigPortNum(1)(lldpPortConfigAdminStatus)

|-*lldpPortConfigAdminStatus(2)(lldpPortConfigNotificationEnable)

|-*lldpPortConfigNotificationEnable(3)(lldpPortConfigTLVsTxEnable)

|-*lldpPortConfigTLVsTxEnable(4)(lldpConfigManAddrPortsTxEnable)

Table 24 Command output

Field	Description
-std	MIB node name.
(0)	Last bit of a MIB OID string.
(lldpMessageTxInterval)	Name of a leaf node.
*	Leaf node or MIB table node.

# Display MIB table names, and node names and OIDs of MIB index nodes.

<Sysname> display snmp-agent mib-node index-node

Table |lldpPortConfigTable

Index ||lldpPortConfigPortNum

OID ||| 1.0.8802.1.1.2.1.1.6.1.1

Table |lldpConfigManAddrTable

Index ||lldpLocManAddrSubtype

OID ||| 1.0.8802.1.1.2.1.3.8.1.1

Index ||lldpLocManAddr

OID ||| 1.0.8802.1.1.2.1.3.8.1.2

Table |lldpStatsTxPortTable

Index ||lldpStatsTxPortNum

OID ||| 1.0.8802.1.1.2.1.2.6.1.1

Table |lldpStatsRxPortTable

Index ||lldpStatsRxPortNum

OID ||| 1.0.8802.1.1.2.1.2.7.1.1

Table |lldpLocPortTable

Index ||lldpLocPortNum

OID ||| 1.0.8802.1.1.2.1.3.7.1.1

Table 25 Command output

Field	Description
Table	MIB table name.
Index	Name of a MIB index node.
OID	OID of a MIB index node.

# Display names and OIDs of MIB notification nodes, and names and OIDs of notification objects.

<Sysname> display snmp-agent mib-node trap-node

Name |lldpRemTablesChange

OID ||1.0.8802.1.1.2.0.0.1

Trap Object

Name |||lldpStatsRemTablesInserts

OID ||||1.0.8802.1.1.2.1.2.2

Name |||lldpStatsRemTablesDeletes

OID ||||1.0.8802.1.1.2.1.2.3

Name |||lldpStatsRemTablesDrops

OID ||||1.0.8802.1.1.2.1.2.4

Name |||lldpStatsRemTablesAgeouts

OID ||||1.0.8802.1.1.2.1.2.5

Name |lldpXMedTopologyChangeDetected

OID ||1.0.8802.1.1.2.1.5.4795.0.1

Trap Object

Name |||lldpRemChassisIdSubtype

OID ||||1.0.8802.1.1.2.1.4.1.1.4

Name |||lldpRemChassisId

OID ||||1.0.8802.1.1.2.1.4.1.1.5

Name |||lldpXMedRemDeviceClass

OID ||||1.0.8802.1.1.2.1.5.4795.1.3.1.1.3

Table 26 Command output

Field	Description
Name	Name of a MIB notification node.
OID	OID of a MIB notification node.
Trap Object	Name and OID of a notification object.

# Display detailed information about SNMP MIB nodes, including node names, OIDs, node types, permissions to MIB nodes, data types, MORs, and parent, child, and sibling nodes.

<Sysname> display snmp-agent mib-node verbose

Name |lldpNotificationInterval

OID ||1.0.8802.1.1.2.1.1.5

Properties ||NodeType: Leaf

||AccessType: RW

||DataType: Integer32

||MOR: 0x020c1105

Parent ||lldpConfiguration

First child ||

Next leaf ||lldpPortConfigPortNum

Next sibling ||lldpPortConfigTable

Allow ||get/set/getnext

Value range || [5..3600]

Name |lldpPortConfigTable

OID ||1.0.8802.1.1.2.1.1.6

Properties ||NodeType: Table

||AccessType: NA

||DataType: NA

||MOR: 0x00000000

Parent ||lldpConfiguration

First child ||lldpPortConfigEntry

Next leaf ||lldpPortConfigPortNum

Next sibling ||lldpConfigManAddrTable

Name |lldpPortConfigEntry

OID ||1.0.8802.1.1.2.1.1.6.1

Properties ||NodeType: Row

||AccessType: NA

||DataType: NA

||MOR: 0x00000000

Parent ||lldpPortConfigTable

First child ||lldpPortConfigPortNum

Next leaf ||lldpPortConfigPortNum

Next sibling ||

Index ||[indexImplied:0, indexLength:1]:

Name |lldpPortConfigPortNum

OID ||1.0.8802.1.1.2.1.1.6.1.1

Properties ||NodeType: Column

||AccessType: NA

||DataType: Integer32

||MOR: 0x020c1201

Parent ||lldpPortConfigEntry

First child ||

Next leaf ||lldpPortConfigAdminStatus

Next sibling ||lldpPortConfigAdminStatus

Allow ||get/set/getnext

Index ||[indexImplied:0, indexLength:1]:

Value range || [1..4096]

Name |lldpPortConfigAdminStatus

OID ||1.0.8802.1.1.2.1.1.6.1.2

Properties ||NodeType: Column

||AccessType: RW

||DataType: Integer

||MOR: 0x020c1202

Parent ||lldpPortConfigEntry

First child ||

Next leaf ||lldpPortConfigNotificationEnable

Next sibling ||lldpPortConfigNotificationEnable

Allow ||get/set/getnext

Index ||[indexImplied:0, indexLength:1]:

Value range ||

|| ['txOnly', 1]

|| ['rxOnly', 2]

|| ['txAndRx', 3]

|| ['disabled', 4]

Table 27 Command output

Field	Description
Name	MIB node name.
OID	OID of a MIB node.
NodeType	MIB node types: · Table—Table node. · Row—Row node in a MIB table. · Column—Column node in a MIB table. · Leaf—Leaf node. · Group—Group node (parent node of a leaf node). · Trapnode—Notification node. · Other—Other node types.
AccessType	Permissions to MIB nodes: · NA—Not accessible. · NF—Supports notifications. · RO—Supports read-only access. · RW—Supports read and write access. · RC—Supports read-write-create access. · WO—Supports write-only access.
DataType	Data types of MIB nodes: · Integer—An integer. · Integer32—A 32-bit integer. · Unsigned32—A 32-bit integer with no mathematical sign. · Gauge—A non-negative integer that might increase or decrease. · Gauge32—A 32-bit non-negative integer that might increase or decrease. · Counter—A non-negative integer that might increase but not decrease. · Counter32—A 32-bit non-negative integer that might increase but not decrease. · Counter64—A 64-bit non-negative integer that might increase but not decrease. · Timeticks—A non-negative integer for time keeping. · Octstring—An octal string. · OID—Object identifier. · IPaddress—A 32-bit IP address. · Networkaddress—A network IP address. · Opaque—Any data. · Userdefined—User-defined data. · BITS—Bit enumeration.
MOR	MOR for a MIB node.
Parent	Name of a parent node.
First child	Name of the first leaf node.
Next leaf	Name of the next leaf node.
Next sibling	Name of the next sibling node.
Allow	Operation types allowed: · get/set/getnext—All operations. · get—Get operation. · set—Set operation. · getnext—GetNext operation.
Value range	Value range of a MIB node.
Index	Table index. This field appears only for a table node.

display snmp-agent mib-view

Use display snmp-agent mib-view to display MIB views.

Syntax

display snmp-agent mib-view [ exclude | include | viewname view-name ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

exclude: Displays the subtrees excluded from any MIB view.

include: Displays the subtrees included in any MIB view.

viewname view-name: Specifies a MIB view. The view-name argument is a string of 1 to 32 characters.

Usage guidelines

If you do not specify any parameters, this command displays all MIB views.

Examples

# Display all MIB views.

<Sysname> display snmp-agent mib-view

View name: ViewDefault

MIB Subtree: iso

Subtree mask:

Storage-type: nonVolatile

View Type: included

View status: active

View name: ViewDefault

MIB Subtree: snmpUsmMIB

Subtree mask:

Storage-type: nonVolatile

View Type: excluded

View status: active

View name: ViewDefault

MIB Subtree: snmpVacmMIB

Subtree mask:

Storage-type: nonVolatile

View Type: excluded

View status: active

View name: ViewDefault

MIB Subtree: snmpModules.18

Subtree mask:

Storage-type: nonVolatile

View Type: excluded

View status: active

ViewDefault is the default MIB view. The output shows that except for the MIB objects in the snmpUsmMIB, snmpVacmMIB, and snmpModules.18 subtrees, all the MIB objects in the iso subtree are accessible.

Table 28 Command output

Field	Description
View name	MIB view name.
MIB Subtree	MIB subtree covered by the MIB view.
Subtree mask	MIB subtree mask.
Storage-type	Type of the medium (see Table 21) where the subtree view is stored.
View Type	Access privilege for the MIB subtree in the MIB view: · Included—All objects in the MIB subtree are accessible in the MIB view. · Excluded—None of the objects in the MIB subtree is accessible in the MIB view.
View status	Status of the MIB view: · active—MIB view is effective. · inactive—MIB view is ineffective. MIB views are active upon their creation at the CLI. To temporarily disable a MIB view without deleting it, you can perform an SNMP set operation to set its status to inactive.

Related commands

snmp-agent mib-view

display snmp-agent remote

Use display snmp-agent remote to display remote SNMP engine IDs configured by using the snmp-agent remote command.

Syntax

display snmp-agent remote [ ip-address | ipv6 ipv6-address ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

ip-address: Specifies the IP address of a remote SNMP entity to display its SNMP engine ID.

ipv6 ipv6-address: Specifies the IPv6 address of a remote SNMP entity to display its SNMP engine ID.

Usage guidelines

Every SNMP agent has one SNMP engine to provide services for sending and receiving messages, authenticating and encrypting messages, and controlling access to managed objects.

If no IP address is specified, this command displays all remote SNMP engine IDs you have configured.

Examples

# Display all remote SNMP engine IDs.

<Sysname> display snmp-agent remote

Remote engineID: 800063A28000A0FC00580400000001

IPv4 address: 1.1.1.1

Table 29 Command output

Field	Description
Remote engineID	Remote SNMP engine ID you have configured using the snmp-agent remote command.
IPv4 address	IPv4 address of the remote SNMP entity. For remote SNMP entities that are configured with an IPv6 address, the field name is "IPv6 address."

Field

Description

Remote engineID

Remote SNMP engine ID you have configured using the snmp-agent remote command.

IPv4 address

IPv4 address of the remote SNMP entity.

For remote SNMP entities that are configured with an IPv6 address, the field name is "IPv6 address."

Related commands

snmp-agent remote

display snmp-agent statistics

Use display snmp-agent statistics to display SNMP message statistics.

Syntax

display snmp-agent statistics

Views

Any view

Predefined user roles

network-admin

network-operator

Examples

# Display SNMP message statistics.

<Sysname> display snmp-agent statistics

1684 messages delivered to the SNMP entity.

5 messages were for an unsupported version.

0 messages used an unknown SNMP community name.

0 messages represented an illegal operation for the community supplied.

0 ASN.1 or BER errors in the process of decoding.

1679 messages passed from the SNMP entity.

0 SNMP PDUs had badValue error-status.

0 SNMP PDUs had genErr error-status.

0 SNMP PDUs had noSuchName error-status.

0 SNMP PDUs had tooBig error-status (Maximum packet size 1500).

16544 MIB objects retrieved successfully.

2 MIB objects altered successfully.

7 GetRequest-PDU accepted and processed.

7 GetNextRequest-PDU accepted and processed.

1653 GetBulkRequest-PDU accepted and processed.

1669 GetResponse-PDU accepted and processed.

2 SetRequest-PDU accepted and processed.

0 Trap PDUs accepted and processed.

0 alternate Response Class PDUs dropped silently.

0 forwarded Confirmed Class PDUs dropped silently.

Table 30 Command output

Field	Description
messages delivered to the SNMP entity	Number of messages that the SNMP agent has received.
messages were for an unsupported version	Number of messages that had an SNMP version not configured on the SNMP agent.
messages used an unknown SNMP community name	Number of messages that used an unknown SNMP community name.
messages represented an illegal operation for the community supplied	Number of messages carrying an operation that the community has no right to perform.
ASN.1 or BER errors in the process of decoding	Number of messages that had ASN.1 or BER errors during decoding.
messages passed from the SNMP entity	Number of messages sent by the SNMP agent.
SNMP PDUs had badValue error-status	Number of PDUs with a BadValue error.
SNMP PDUs had genErr error-status	Number of PDUs with a genErr error.
SNMP PDUs had noSuchName error-status	Number of PDUs with a NoSuchName error.
SNMP PDUs had tooBig error-status	Number of PDUs with a TooBig error (the maximum packet size is 1500 bytes).
MIB objects retrieved successfully	Number of MIB objects that have been successfully retrieved.
MIB objects altered successfully	Number of MIB objects that have been successfully modified.
GetRequest-PDU accepted and processed	Number of GetRequest requests that have been received and processed.
GetNextRequest-PDU accepted and processed	Number of getNext requests that have been received and processed.
GetBulkRequest-PDU accepted and processed	Number of getBulk requests that have been received and processed.
GetResponse-PDU accepted and processed	Number of get responses that have been received and processed.
SetRequest-PDU accepted and processed	Number of set requests that have been received and processed.
Trap PDUs accepted and processed	Number of notifications that have been received and processed.
alternate Response Class PDUs dropped silently	Number of dropped response packets.
forwarded Confirmed Class PDUs dropped silently	Number of forwarded packets that have been dropped.

display snmp-agent sys-info

Use display snmp-agent sys-info to display SNMP agent system information.

Syntax

display snmp-agent sys-info [ contact | location | version ] *

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

contact: Displays the system contact.

location: Displays the physical location of the device.

version: Displays the SNMP agent version.

Usage guidelines

If none of the parameters is specified, this command displays all SNMP agent system information.

Examples

# Display all SNMP agent system information.

<Sysname> display snmp-agent sys-info

The contact information of the agent:

New H3C Technologies Co., Ltd.

The location information of the agent:

Hangzhou, China

The SNMP version of the agent:

SNMPv3

Related commands

snmp-agent sys-info

display snmp-agent trap queue

Use display snmp-agent trap queue to display basic information about the trap queue, including the queue size and number of traps in the queue.

Syntax

display snmp-agent trap queue

Views

Any view

Predefined user roles

network-admin

network-operator

Examples

# Display the trap queue configuration and usage status.

<Sysname> display snmp-agent trap queue

Queue size: 100

Message number: 6

Related commands

· snmp-agent trap life

· snmp-agent trap queue-size

display snmp-agent trap-list

Use display snmp-agent trap-list to display SNMP notifications enabling status for modules.

Syntax

display snmp-agent trap-list

Views

Any view

Usage guidelines

If a module has multiple sub-modules and SNMP notifications are enabled for one of its sub-modules, the command output shows that the module is SNMP notifications-enabled.

To determine whether a module supports SNMP notifications, execute the snmp-agent trap enable ? command.

The display snmp-agent trap-list command output varies by the snmp-agent trap enable command configuration and the module configuration.

Examples

# Display SNMP notifications enabling status for modules.

<Sysname> display snmp-agent trap-list

arp notification is enabled.

configuration notification is enabled.

ike notification is disabled.

ipsec notification is disabled.

mac-address notification is enabled.

policy-based-route notification is enabled.

port-security notification is enabled.

radius notification is disabled.

standard notification is enabled.

stp notification is disabled.

syslog notification is disabled.

system notification is enabled.

wlan ap notification is disabled.

wlan capwap notification is disabled.

wlan client notification is enabled.

wlan load-balance notification is disabled.

wlan mobility notification is disabled.

wlan usersec notification is enabled.

Enabled notifications: 9; Disabled notifications: 9

Related commands

snmp-agent trap enable

display snmp-agent usm-user

Use display snmp-agent usm-user to display SNMPv3 user information.

Syntax

display snmp-agent usm-user [ engineid engineid | group group-name | username user-name ] *

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

engineid engineid: Displays SNMPv3 user information for the SNMP engine ID identified by engineid. When an SNMPv3 user is created, the system records the local SNMP entity engine ID. The user becomes invalid when the engine ID changes, and it becomes valid again when the recorded engine ID is restored.

group group-name: Displays SNMPv3 user information for a specified SNMP group name. The group name is case sensitive.

username user-name: Displays information about the specified SNMPv3 user. The username is case sensitive.

Usage guidelines

This command displays only SNMPv3 users that you have created by using the snmp-agent usm-user v3 command. To display SNMPv1 or SNMPv2c users created by using the snmp-agent usm-user { v1 | v2c } command, use the display snmp-agent community command.

Examples

# Display information about all SNMPv3 users.

<Sysname> display snmp-agent usm-user

Username: userv3

Group name: mygroupv3

Engine ID: 800063A203000FE240A1A6

Storage type: nonVolatile

User status: active

ACL: 2000

Username: userv3

Group name: mygroupv3

Engine ID: 8000259503000BB3100A508

Storage type: nonVolatile

User status: active

ACL name: testacl

Username: userv3code

Role name: groupv3code

network-operator

Engine ID: 800063A203000FE240A1A6

Storage type: nonVolatile

User status: active

Username: userv3code

Role name: snmprole

network-operator

Engine ID: 800063A280000002BB0001

Storage type: nonVolatile

User status: active

Table 31 Command output

Field	Description
Username	SNMP username.
Group name	SNMP group name.
Role name	SNMP user role name.
Engine ID	Engine ID that the SNMP agent used when the SNMP user was created.
Storage type	Storage type: · volatile. · nonvolatile. · permanent. · readOnly. · other. For more information about these storage types, see Table 21.
User status	SNMP user status: · active—The SNMP user is effective. · notInService—The SNMP user is correctly configured but not activated. · notReady—The SNMP user configuration is incomplete. · other—Any other status. SNMP users are active upon their creation at the CLI. To temporarily disable an SNMP user without deleting it, you can perform an SNMP set operation to change its status.
ACL	Number of the ACL that controls the access of the SNMP user (the NMS) to the device. To access the device, the IP address of the NMS must be permitted in the ACL. This field appears only when an SNMPv3 user is associated with an ACL rule. It is exclusive with the ACL name field.
ACL name	Name of the ACL that controls the access of the SNMP user (the NMS) to the device. To access the device, the IP address of the NMS must be permitted in the ACL. This field appears only when an SNMPv3 user is associated with an ACL rule. It is exclusive with the ACL field.

Related commands

snmp-agent usm-user v3

enable snmp trap updown

Use enable snmp trap updown to enable link state notifications on an interface.

Use undo enable snmp trap updown to disable link state notifications on an interface.

Syntax

enable snmp trap updown

undo enable snmp trap updown

Default

Link state notifications are enabled.

Views

Interface view

Predefined user roles

network-admin

Usage guidelines

For an interface to generate linkUp/linkDown notifications when its state changes, you must also enable the linkUp/linkDown notification function globally by using the snmp-agent trap enable standard [ linkdown | linkup ] * command.

Examples

# Enable GigabitEthernet 1/0/1 to send linkUp/linkDown SNMP traps to 10.1.1.1 in the community public.

<Sysname> system-view

[Sysname] snmp-agent trap enable

[Sysname] snmp-agent target-host trap address udp-domain 10.1.1.1 params securityname public

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] enable snmp trap updown

Related commands

· snmp-agent target-host

· snmp-agent trap enable

snmp-agent

Use snmp-agent to enable the SNMP agent.

Use undo snmp-agent to disable the SNMP agent.

Syntax

snmp-agent

undo snmp-agent

Default

SNMP agent is disabled.

Views

System view

Predefined user roles

network-admin

Usage guidelines

The snmp-agent command is optional for an SNMP configuration task. The SNMP agent is automatically enabled when you execute any command that begins with snmp-agent except for the snmp-agent calculate-password command.

Examples

# Enable the SNMP agent.

<Sysname> system-view

[Sysname] snmp-agent

snmp-agent calculate-password

Use snmp-agent calculate-password to calculate the encrypted form for a key in plaintext form.

Syntax

snmp-agent calculate-password plain-password mode { 3desmd5 | 3dessha | md5 | sha } { local-engineid | specified-engineid engineid }

Views

System view

Predefined user roles

network-admin

Parameters

plain-password: Specifies a key in plaintext form. The plain-password argument is a case-sensitive string of 1 to 64 characters.

mode: Specifies an authentication algorithm and encryption algorithm. The device supports the HMAC-MD5 and HMAC-SHA1 authentication algorithms. The HMAC-MD5 algorithm is faster than the HMAC-SHA1 algorithm. The HMAC-SHA1 algorithm provides more security than the HMAC-MD5 algorithm. The AES, 3DES, and DES encryption algorithms (in descending order of security strength) are available for the device. A more secure algorithm calculates slower. DES is enough to meet general security requirements.

· 3desmd5: Calculates the encrypted form for the encryption key by using the 3DES encryption algorithm and HMAC-MD5 authentication algorithm.

· 3dessha: Calculates the encrypted form for the encryption key by using the 3DES encryption algorithm and HMAC-SHA1 authentication algorithm.

· md5: Calculates the encrypted form for the authentication key or encryption key by using the HMAC-MD5 authentication algorithm and AES or DES encryption algorithm. When the HMAC-MD5 authentication algorithm is used, you can get the same authentication key or encryption key in encrypted form regardless of whether the AES or DES encryption algorithm is used.

· sha: Calculates the encrypted form for the authentication key or encryption key by using the HMAC-SHA1 authentication algorithm and the AES or DES encryption algorithm. When the HMAC-SHA1 authentication algorithm is used, you can get the same authentication key or encryption key in encrypted form regardless of whether the AES or DES encryption algorithm is used.

local-engineid: Uses the local engine ID to calculate the encrypted form for the key. You can configure the local engine ID by using the snmp-agent local-engineid command.

specified-engineid engineid: Uses a user-defined engine ID to calculate the encrypted form for the key. The engineid argument is an even number of case-insensitive hexadecimal characters. All-zero and all-F strings are invalid. The even number is in the range of 10 to 64.

Usage guidelines

Make sure the SNMP agent is enabled before you execute the snmp-agent calculate-password command.

For security purposes, use the encrypted-form key generated by using this command when you create an SNMPv3 user by specifying the cipher keyword in the snmp-agent usm-user v3 command.

The encrypted form of the key is valid only when the engine ID specified for key conversion exists.

Examples

# Use the local engine and the HMAC-SHA1 algorithm to calculate the encrypted form for key authkey.

<Sysname> system-view

[Sysname] snmp-agent calculate-password authkey mode sha local-engineid

The encrypted key is: 09659EC5A9AE91BA189E5845E1DDE0CC

Related commands

· snmp-agent local-engineid

· snmp-agent usm-user v3

snmp-agent community

Use snmp-agent community to configure an SNMPv1 or SNMPv2c community.

Use undo snmp-agent community to delete an SNMPv1 or SNMPv2c community.

Syntax

In VACM mode:

snmp-agent community { read | write } [ simple | cipher ] community-name [ mib-view view-name ] [ acl { ipv4-acl-number | name ipv4-acl-number } | acl ipv6 { ipv6-acl-number | name ipv6-acl-name } ] *

undo snmp-agent community [ cipher ] community-name

In RBAC mode:

snmp-agent community [ simple | cipher ] community-name user-role role-name [ acl { ipv4-acl-number | name ipv4-acl-number } | acl ipv6 { ipv6-acl-number | name ipv6-acl-name } ] *

undo snmp-agent community [ cipher ] community-name

Default

No SNMPv1 or SNMPv2c communities exist.

Views

System view

Predefined user roles

network-admin

Parameters

read: Assigns the specified community read-only access to MIB objects. A read-only community can only inquire MIB information.

write: Assigns the specified community read and write access to MIB objects. A read and write community can configure MIB information.

simple: Specifies a community name in plaintext form. For security purposes, the community name specified in plaintext form will be stored in encrypted form.

cipher: Specifies a community name in encrypted form.

community-name: Sets a case-sensitive community name. In plain text, the community name must be a string of 1 to 32 characters. In cipher text, the community name must be a string of 33 to 73 characters. Input a string as escape characters after a backslash (\).

mib-view view-name: Specifies the MIB view available for the community. The view-name argument represents a MIB view name, a string of 1 to 32 characters. A MIB view represents a set of accessible MIB objects. If no MIB view is specified, the specified community can access the MIB objects in the default MIB view ViewDefault.

user-role role-name: Specifies a user role name for the community, a case-sensitive string of 1 to 63 characters.

acl: Specifies a basic IPv4 ACL for the community.

ipv4-acl-number: Specifies a basic IPv4 ACL by its number in the range of 2000 to 2999.

name ipv4-acl-name: Specifies a basic IPv4 ACL by its name, a case-insensitive string of 1 to 63 characters.

acl ipv6: Specifies a basic IPv6 ACL for the community.

ipv6-acl-number: Specifies a basic IPv6 ACL by its number in the range of 2000 to 2999.

name ipv6-acl-name: Specifies a basic IPv6 ACL by its name, a case-insensitive string of 1 to 63 characters.

Usage guidelines

Only users with the network-admin or level-15 user role can execute this command. Users with other user roles cannot execute this command even if these roles are granted access to commands of the SNMP feature or this command.

An SNMP community is identified by a community name. It contains a set of NMSs and SNMP agents. Devices in an SNMP community authenticate each other by using the community name. An NMS and an SNMP agent can communicate only when they use the same community name.

Typically, public is used as the read-only community name and private is used as the read and write community name. To enhance security, you can assign your SNMP communities a name other than public and private.

The snmp-agent community command allows you to use either of the following modes to control SNMP community access to MIB objects:

· View-based access control model—VACM mode controls access to MIB objects by assigning MIB views to SNMP communities.

· Role based access control—RBAC mode controls access to MIB objects by assigning user roles to SNMP communities.

? The network-admin and level-15 user roles have the read and write access to all MIB objects.

? The network-operator user role has the read-only access to all MIB objects.

For more information about user roles, see RBAC configuration in Fundamentals Configuration Guide.

RBAC mode controls access on a per MIB object basis, and VACM mode controls access on a MIB view basis. As a best practice to enhance MIB security, use the RBAC mode.

You can create a maximum of 10 SNMP communities by using the snmp-agent community command.

If you execute the command multiple times to specify the same community name but different other settings each time, the most recent configuration takes effect.

To set and save a community name in plaintext form, do not specify the simple or cipher keyword.

The ACL is used to filter illegitimate NMSs.

· If you do not specify an ACL, the specified ACL does not exist, or the specified ACL does not have any rules, all NMSs that use the community name can access the SNMP agent.

· If you specify an ACL and the ACL has rules, only NMSs permitted by the ACL can access the SNMP agent.

For more information about ACL, see ACL and QoS Configuration Guide.

You can also create an SNMP community by using the snmp-agent usm-user { v1 | v2c } and snmp-agent group { v1 | v2c } commands. These two commands create an SNMPv1 or SNMPv2c user and the group to which the user is assigned. The system automatically creates an SNMP community by using the SNMPv1 or SNMPv2c username.

Examples

# Create the read-only community readaccess in plain text so an SNMPv1 or SNMPv2c NMS can use the community name readaccess to read the MIB objects in the default view ViewDefault.

<Sysname> system-view

[Sysname] snmp-agent sys-info version v1 v2c

[Sysname] snmp-agent community read simple readaccess

# Create the read and write community writeaccess in plain text so only the SNMPv2c NMS at 1.1.1.1 can use the community name writeaccess to read or set the MIB objects in the default view ViewDefault.

<Sysname> system-view

[Sysname] acl basic 2001

[Sysname-acl-ipv4-basic-2001] rule permit source 1.1.1.1 0.0.0.0

[Sysname-acl-ipv4-basic-2001] rule deny source any

[Sysname-acl-ipv4-basic-2001] quit

[Sysname] snmp-agent sys-info version v2c

[Sysname] snmp-agent community write simple writeaccess acl 2001

# Create the read and write community writeaccess in plain text so only the SNMPv2c NMS at 1.1.1.2 can use the community name writeaccess to read or set the MIB objects in the default view ViewDefault.

<Sysname> system-view

[Sysname] acl basic name testacl

[Sysname-acl-ipv4-basic-testacl] rule permit source 1.1.1.2 0.0.0.0

[Sysname-acl-ipv4-basic-testacl] rule deny source any

[Sysname-acl-ipv4-basic-testacl] quit

[Sysname] snmp-agent sys-info version v2c

[Sysname] snmp-agent community write simple writeaccess acl name testacl

# Create the read and write community wr-sys-acc in plain text so an SNMPv1 or SNMPv2c NMS can use the community name wr-sys-acc to read or set the MIB objects in the system subtree (OID 1.3.6.1.2.1.1).

<Sysname> system-view

[Sysname] snmp-agent sys-info version v1 v2c

[Sysname] undo snmp-agent mib-view ViewDefault

[Sysname] snmp-agent mib-view included test system

[Sysname] snmp-agent community write simple wr-sys-acc mib-view test

Related commands

· display snmp-agent community

· snmp-agent mib-view

snmp-agent community-map

Use snmp-agent community-map to map an SNMP community to an SNMP context.

Use undo snmp-agent community-map to delete the mapping between an SNMP community and an SNMP context.

Syntax

snmp-agent community-map community-name context context-name

undo snmp-agent community-map community-name context context-name

Default

No mapping between an SNMP community and an SNMP context exists on the device.

Views

System view

Predefined user roles

network-admin

Parameters

community-name: Specifies an SNMP community, a case-sensitive string of 1 to 32 characters.

context-name: Specifies an SNMP context, a case-sensitive string of 1 to 32 characters.

Usage guidelines

This command enables a module on an agent to obtain the context mapped to a community name when an NMS accesses the agent by using SNMPv1 or SNMPv2c.

You can configure a maximum of 10 community-context mappings on the device.

Examples

# Map SNMP community private to SNMP context trillcontext.

<Sysname> system-view

[Sysname] snmp-agent community-map private context testcontext

Related commands

display snmp-agent community

snmp-agent context

Use snmp-agent context to create an SNMP context.

Use undo snmp-agent context to delete an SNMP context.

Syntax

snmp-agent context context-name

undo snmp-agent context context-name

Default

No SNMP context is configured on the device.

Views

System view

Predefined use roles

network-admin

Parameters

context-name: Specifies an SNMP context, a case-sensitive string of 1 to 32 characters.

Usage guidelines

For an NMS and an SNMP agent to communicate, configure the same SNMP context for them or do not configure a context for the NMS.

You can create a maximum of 20 SNMP contexts.

Examples

# Create SNMP context trillcontext.

<Sysname> system-view

[Sysname] snmp-agent context testcontext

Related commands

display snmp-agent context

snmp-agent group

Use snmp-agent group to create an SNMP group.

Use undo snmp-agent group to delete an SNMP group.

Syntax

SNMPv1 and SNMP v2c:

snmp-agent group { v1 | v2c } group-name [ read-view view-name ] [ write-view view-name ] [ notify-view view-name ] [ acl { ipv4-acl-number | name ipv4-acl-name } | acl ipv6 { ipv6-acl-number | name ipv6-acl-name } ] *

undo snmp-agent group { v1 | v2c } group-name

SNMPv3:

snmp-agent group v3 group-name [ authentication | privacy ] [ read-view read-view ] [ write-view write-view ] [ notify-view notify-view ] [ acl { ipv4-acl-number | name ipv4-acl-name } | acl ipv6 { ipv6-acl-number | name ipv6-acl-name } ] *

Default

No SNMP group exists.

Views

System view

Predefined use roles

network-admin

Parameters

v1: Specifies SNMPv1.

v2c: Specifies SNMPv2c.

v3: Specifies SNMPv3.

group-name: Specifies an SNMP group name, a string of 1 to 32 case-sensitive characters.

authentication: Specifies the authentication without privacy security model for the SNMPv3 group.

privacy: Specifies the authentication with privacy security model for the SNMPv3 group.

read-view view-name: Specifies a read-only MIB view. The view-name represents a MIB view name, a string of 1 to 32 characters. If no read-only MIB view is specified, the SNMP group has read access to the default view ViewDefault.

write-view view-name: Specifies a read and write MIB view. The view-name represents a MIB view name, a string of 1 to 32 characters. If no read and write view is specified, the SNMP group cannot set any MIB object on the SNMP agent.

notify-view view-name: Specifies a notify MIB view. The view-name represents a MIB view name, a string of 1 to 32 characters. The SNMP agent sends notifications to the users in the specified group only for the MIB objects included in the notify view. If no notify view is specified, the SNMP agent does not send any notification to the users in the specified group.

acl: Specifies a basic IPv4 ACL for the group.

ipv4-acl-number: Specifies a basic IPv4 ACL by its number in the range of 2000 to 2999.

name ipv4-acl-name: Specifies a basic IPv4 ACL by its name, a case-insensitive string of 1 to 63 characters.

acl ipv6: Specifies a basic IPv6 ACL for the group.

ipv6-acl-number: Specifies a basic IPv6 ACL by its number in the range of 2000 to 2999.

name ipv6-acl-name: Specifies a basic IPv6 ACL by its name, a case-insensitive string of 1 to 63 characters.

Usage guidelines

All users in an SNMP group share the security model and access rights of the group.

You can create a maximum of 20 SNMP groups, including SNMPv1, SNMPv2c, and SNMPv3 groups.

All SNMPv3 users in a group share the same security model, but can use different authentication and encryption key settings. To implement a security model for a user and avoid SNMP communication failures, make sure the security model configuration for the group and the security key settings for the user are compliant with Table 32 and match the settings on the NMS.

Table 32 Basic security setting requirements for different security models

Security model	Security model keyword for the group	Security key settings for the user	Remarks
Authentication with privacy	privacy	Authentication key, encryption key	If the authentication key or the encryption key is not configured, SNMP communication will fail.
Authentication without privacy	authentication	Authentication key	If no authentication key is configured, SNMP communication will fail. The encryption key (if any) for the user does not take effect.
No authentication, no privacy	Neither authentication nor privacy	None	The authentication and encryption keys, if configured, do not take effect.

You can specify an ACL for the user and group, respectively, to filter illegitimate NMSs. Only the NMSs permitted by the ACLs for both the user and group can access the SNMP agent. The following rules apply to the ACLs for the user and group:

· If you do not specify an ACL, the specified ACL does not exist, or the specified ACL does not have any rules, all NMSs that use the username can access the SNMP agent.

· If you have specified an ACL and the ACL has rules, only the NMSs permitted by the ACL can access the agent.

For more information about ACL, see ACL and QoS Configuration Guide.

Examples

# Create the SNMPv3 group group1, and assign the no authentication, no privacy security model to the group.

<Sysname> system-view

[Sysname] snmp-agent group v3 group1

Related commands

· display snmp-agent group

· snmp-agent mib-view

· snmp-agent usm-user

snmp-agent local-engineid

Use snmp-agent local-engineid to change the SNMP engine ID of the local SNMP agent.

Use undo snmp-agent local-engineid to restore the default local SNMP engine ID.

Syntax

snmp-agent local-engineid engineid

undo snmp-agent local-engineid

Default

The local engine ID is the combination of the company ID and the device ID. Device ID varies by product and might be an IP address, a MAC address, or any user-defined hexadecimal string.

Views

System view

Predefined user roles

network-admin

Parameters

engineid: Specifies an SNMP engine ID as a hexadecimal string. It must contain an even number of hexadecimal characters, in the range of 10 to 64. All-zero and all-F strings are invalid.

Usage guidelines

An SNMP engine ID uniquely identifies an SNMP entity in an SNMP managed network. Make sure the local SNMP engine ID is unique within your SNMP managed network to avoid communication problems.

If you have configured SNMPv3 users, change the local SNMP engine ID only when necessary. The change can void the SNMPv3 usernames and encrypted keys you have configured.

Examples

# Change the local engine ID to 123456789A.

<Sysname> system-view

[Sysname] snmp-agent local-engineid 123456789A

Related commands

· display snmp-agent local-engineid

· snmp-agent usm-user

snmp-agent log

Use snmp-agent log to enable SNMP logging.

Use undo snmp-agent log to disable SNMP logging.

Syntax

snmp-agent log { all | authfail | get-operation | set-operation }

undo snmp-agent log { all | authfail | get-operation | set-operation }

Default

SNMP logging is disabled.

Views

System view

Predefined user roles

network-admin

Parameters

all: Enables logging SNMP authentication failures, Get operations, and Set operations.

authfail: Enables logging SNMP authentication failures.

get-operation: Enables logging SNMP Get operations.

set-operation: Enables logging SNMP Set operations.

Usage guidelines

Use SNMP logging to record the SNMP operations performed on the SNMP agent or authentication failures from the NMS to the agent for auditing NMS behaviors. The SNMP agent sends log data to the information center. You can configure the information center to output the data to a destination as needed.

Examples

# Enable logging SNMP Get operations.

<Sysname> system-view

[Sysname] snmp-agent local-engineid 123456789A

# Enable logging SNMP Set operations.

<Sysname> system-view

[Sysname] snmp-agent log set-operation

# Enable logging SNMP authentication failures.

<Sysname> system-view

[Sysname] snmp-agent log authfail

snmp-agent mib-view

Use snmp-agent mib-view to create or update a MIB view.

Use undo snmp-agent mib-view to delete a MIB view.

Syntax

snmp-agent mib-view { excluded | included } view-name oid-tree [ mask mask-value ]

undo snmp-agent mib-view view-name

Default

The system creates the ViewDefault view when the SNMP agent is enabled. In this default MIB view, all MIB objects in the iso subtree but the snmpUsmMIB, snmpVacmMIB, and snmpModules.18 subtrees are accessible.

Views

System view

Predefined user roles

network-admin

Parameters

excluded: Denies access to any node in the specified MIB subtree.

included: Permits access to all the nodes in the specified MIB subtree.

view-name: Specifies a view name, a string of 1 to 32 characters.

oid-tree: Specifies a MIB subtree by its root node's OID (for example, 1.3.6.1.2.1.1) or object name (for example, system). The oid-tree argument is a string of 1 to 255 characters. An OID is a dotted numeric string that uniquely identifies an object in the MIB tree.

mask mask-value: Sets a MIB subtree mask, a hexadecimal string. Its length must be an even number in the range of 2 to 32.

Usage guidelines

A MIB view represents a set of MIB objects (or MIB object hierarchies) with certain access privilege. The MIB objects included in the MIB view are accessible while those excluded from the MIB view are inaccessible.

Each view-name oid-tree pair represents a view record. If you specify the same record with different MIB subtree masks multiple times, the most recent configuration takes effect.

The system can store entries for up to 20 unique MIB view records. In addition to the four default MIB view records, you can create up to 16 unique MIB view records. After you delete the default view with the undo snmp-agent mib-view command, you can create up to 20 unique MIB view records.

Be cautious with deleting the default MIB view. The operation blocks the access to any MIB object on the device from NMSs that use the default view.

Examples

# Include the mib-2 (OID 1.3.6.1.2.1) subtree in the mibtest view and exclude the system subtree from this view.

<Sysname> system-view

[Sysname] snmp-agent sys-info version v1

[Sysname] snmp-agent mib-view included mibtest 1.3.6.1.2.1

[Sysname] snmp-agent mib-view excluded mibtest system

[Sysname] snmp-agent community read public mib-view mibtest

An SNMPv1 NMS in the public community can query the objects in the mib-2 subtree but not any object (for example, the sysDescr or sysObjectID node) in the system subtree.

Related commands

· display snmp-agent mib-view

· snmp-agent group

snmp-agent packet max-size

Use snmp-agent packet max-size to set the maximum size (in bytes) of SNMP packets that the SNMP agent can receive or send.

Use undo snmp-agent packet max-size to restore the default packet size.

Syntax

snmp-agent packet max-size byte-count

undo snmp-agent packet max-size

Default

The maximum size (in bytes) of SNMP packets that the SNMP agent can process is 1500 bytes.

Views

System view

Predefined user roles

network-admin

Parameters

byte-count: Sets the maximum size (in bytes) of SNMP packets that the SNMP agent can receive or send. The value range is 484 to 17940.

Usage guidelines

If any device on the path to the NMS does not support packet fragmentation, limit the SNMP packet size to prevent large-sized packets from being discarded. For most networks, the default value is sufficient.

Examples

# Set the maximum SNMP packet size to 1024 bytes.

<Sysname> system-view

[Sysname] snmp-agent packet max-size 1024

snmp-agent port

Use snmp-agent port to specify the UDP port for receiving SNMP packets.

Use undo snmp-agent port to restore the default.

Syntax

snmp-agent port port-num

undo snmp-agent port

Default

The device uses UDP port 161 for receiving SNMP packets.

Views

System view

Predefined user roles

network-admin

Parameters

port-num: Specifies the UDP port for receiving SNMP packets, in the range of 1 to 65535. The default is 161.

Usage guidelines

After changing the port number for receiving SNMP packets, reconnect the device by using the port number for SNMP get and set operations.

To display UDP port information, use the display current-configuration command.

Examples

# Specify the UDP port for receiving SNMP packets as 5555.

<Sysname> system-view

[Sysname] snmp-agent port 5555

# Restore the default UDP port.

<Sysname> system-view

[Sysname] undo snmp-agent port

snmp-agent remote

Use snmp-agent remote to configure the SNMP engine ID of a remote SNMP entity.

Use undo snmp-agent remote to delete a remote SNMP engine ID.

Syntax

snmp-agent remote { ip-address | ipv6 ipv6-address } engineid engineid

undo snmp-agent remote ip-address

Default

No remote SNMP engine ID has been configured.

Views

System view

Predefined user roles

network-admin

Parameters

ip-address: Specifies the IP address of a remote SNMP entity.

ipv6 ipv6-address: Specifies the IPv6 address of a remote SNMP entity.

engineid: Specifies the SNMP engine ID of the remote SNMP entity. This argument must be a hexadecimal string that contains an even number of characters, in the range of 10 to 64. All-zero and all-F strings are invalid.

Usage guidelines

To send informs to an NMS, you must configure the SNMP engine ID of the NMS on the SNMP agent.

The NMS accepts the SNMPv3 informs from the SNMP agent only if the engine ID in the informs is the same as its local engine ID.

You can configure up to 20 remote SNMP engine IDs.

Examples

# Configure the SNMP engine ID (123456789A) of the SNMP manager (10.1.1.1).

<Sysname> system-view

[Sysname] snmp-agent remote 10.1.1.1 engineid 123456789A

Related commands

display snmp-agent remote

snmp-agent { inform | trap } source

Use snmp-agent { inform | trap } source to specify a source IP address for the informs or traps sent by the SNMP agent.

Use undo snmp-agent { inform | trap } source to restore the default.

Syntax

snmp-agent { inform | trap } source interface-type { interface-number | interface-number.subnumber }

undo snmp-agent { inform | trap } source

Default

The SNMP agent uses the IP address of the outgoing routed interface as the source IP address of notifications.

Views

System view

Predefined user roles

network-admin

Parameters

inform: Specifies informs.

trap: Specifies traps.

interface-type { interface-number | interface-number.subnumber }: Specifies an interface by its type and number. The interface-number argument specifies a main interface number. The subnumber argument specifies a subinterface number in the range of 1 to 4094.

Usage guidelines

The snmp-agent source command enables the SNMP agent to use the primary IP address of an interface or subinterface as the source IP address in all its SNMP informs or traps, regardless of their outgoing interfaces. An NMS can use this IP address to filter all the informs or traps sent by the SNMP agent.

Make sure the specified interface has been created and assigned a valid IP address. The configuration will fail if the interface has not been created and will take effect only after a valid IP address is assigned to the specified interface.

Examples

# Configure the primary IP address of GigabitEthernet 1/0/1 as the source address of SNMP traps.

<Sysname> system-view

[Sysname] snmp-agent trap source gigabitethernet 1/0/1

# Configure the primary IP address of GigabitEthernet 1/0/2 as the source address of SNMP informs.

<Sysname> system-view

[Sysname] snmp-agent inform source gigabitethernet 1/0/2

Related commands

· snmp-agent target-host

· snmp-agent trap enable

snmp-agent sys-info contact

Use snmp-agent sys-info contact to configure the system contact.

Use undo snmp-agent sys-info contact to restore the default contact.

Syntax

snmp-agent sys-info contact sys-contact

undo snmp-agent sys-info contact

Default

The system contact is New H3C Technologies Co., Ltd..

Views

System view

Predefined user roles

network-admin

Parameters

sys-contact: Specifies the system contact, a string of 1 to 255 characters.

Usage guidelines

Configure the system contact for system maintenance and management.

Examples

# Configure the system contact as Dial System Operator # 27345.

<Sysname> system-view

[Sysname] snmp-agent sys-info contact Dial System Operator # 27345

Related commands

display snmp-agent sys-info

snmp-agent sys-info location

Use snmp-agent sys-info location to configure the system location.

Use undo snmp-agent sys-info location to restore the default location.

Syntax

snmp-agent sys-info location sys-location

undo snmp-agent sys-info location

Default

The system location is Hangzhou, China.

Views

System view

Predefined user roles

network-admin

Parameters

sys-location: Specifies the system location, a string of 1 to 255 characters.

Usage guidelines

Configure the location of the device for system maintenance and management.

Examples

# Configure the system location as Room524-row1-3.

<Sysname> system-view

[Sysname] snmp-agent sys-info location Room524-row1-3

Related commands

display snmp-agent sys-info

snmp-agent sys-info version

Use snmp-agent sys-info version to enable SNMP versions.

Use undo snmp-agent sys-info version to disable SNMP versions.

Syntax

snmp-agent sys-info contact version { all | { v1 | v2c | v3 } * }

undo snmp-agent sys-info version { all | { v1 | v2c | v3 } * }

Default

SNMPv3 is enabled.

Views

System view

Predefined user roles

network-admin

Parameters

all: Specifies SNMPv1, SNMPv2c, and SNMPv3.

v1: Specifies SNMPv1.

v2c: Specifies SNMPv2c.

v3: Specifies SNMPv3.

Usage guidelines

Configure the SNMP agent to use the same SNMP version as the NMS for successful communications between them.

Examples

# Enable SNMPv3.

<Sysname> system-view

[Sysname] snmp-agent sys-info version v3

Related commands

display snmp-agent sys-info

snmp-agent target-host

Use snmp-agent target-host to configure the SNMP agent to send SNMP notifications (informs or traps) to a host.

Use undo snmp-agent target-host to remove an SNMP notification target host.

Syntax

snmp-agent target-host inform address udp-domain { ip-address | ipv6 ipv6-address } [ udp-port port-number ] params securityname security-string { v2c | v3 [ authentication | privacy ] }

snmp-agent target-host trap address udp-domain { ip-address | ipv6 ipv6-address } [ udp-port port-number ] params securityname security-string [ v1 | v2c | v3 [ authentication | privacy ] ]

undo snmp-agent target-host { trap | inform } address udp-domain { ip-address | ipv6 ipv6-address } params securityname security-string

Default

No SNMP notification target host has been configured.

Views

System view

Predefined user roles

network-admin

Parameters

inform: Sends notifications as informs.

trap: Sends notifications as traps.

address: Specifies the destination address of SNMP notifications.

udp-domain: Specifies UDP as the transport protocol.

ip-address: Specifies the IPv4 address or host name of the target host as the destination of SNMP notifications. The host name is a case-insensitive string of 1 to 253 characters. The string can only contain letters, numbers, hyphens (-), underscores (_), and dots (.). If you specify a host name, the IPv4 address of the target host can be obtained.

ipv6 ipv6-address: Specifies the IPv6 address or host name of the target host as the destination of SNMP notifications. The host name is a case-insensitive string of 1 to 253 characters, which only contains letters, numbers, hyphens (-), underscores (_), and dots (.). If you specify a host name, the IPv6 address of the target host can be obtained. If you specify an IPv6 address, the address cannot be a link local address.

udp-port port-number: Specifies the UDP port for SNMP notifications. If no UDP port is specified, UDP port 162 is used.

params securityname security-string: Specifies the authentication parameter. The security-string argument specifies an SNMPv1 or SNMPv2c community name or an SNMPv3 username, a string of 1 to 32 characters.

v1: Specifies SNMPv1.

v2c: Specifies SNMPv2c.

v3: Specifies SNMPv3.

· authentication: Specifies the security model to be authentication without privacy. You must specify the authentication key when you create the SNMPv3 user.

· privacy: Specifies the security model to be authentication with privacy. You must specify the authentication key and encryption key when you create the SNMPv3 user.

Usage guidelines

You can specify multiple SNMP notification target hosts.

Make sure the SNMP agent uses the same UDP port for SNMP notifications as the target host. Typically, NMSs, for example, IMC and MIB Browser, use port 162 for SNMP notifications as defined in the SNMP protocols.

If none of the keywords v1, v2c, or v3 is specified, SNMPv1 is used. Make sure the SNMP agent uses the same SNMP version as the target host so the host can receive the notification.

If neither authentication nor privacy is specified, the security model is no authentication, no privacy.

Examples

# Configure the SNMP agent to send SNMPv3 traps to 10.1.1.1 in the user public.

<Sysname> system-view

[Sysname] snmp-agent trap enable standard

[Sysname] snmp-agent target-host trap address udp-domain 10.1.1.1 params securityname public v3

Related commands

· snmp-agent { inform | trap } source

· snmp-agent trap enable

· snmp-agent trap life

snmp-agent trap enable

Use snmp-agent trap enable to enable SNMP notifications globally.

Use undo snmp-agent trap enable to disable SNMP notifications globally.

Syntax

Default

SNMP configuration notifications, standard notifications, and system notifications are enabled. Whether other SNMP notifications are enabled varies by modules.

Views

System view

Predefined user roles

network-admin

Parameters

configuration: Specifies configuration notifications. If configuration notifications are enabled, the system checks the running configuration and the startup configuration every 10 minutes for any change and generates a notification for the most recent change.

protocol: Specifies a module for enabling SNMP notifications. For more information about this argument, see the command reference for each module.

standard: Specifies SNMP standard notifications.

Table 33 Standard SNMP notifications

Keyword	Definition
authentication	Authentication failure notification sent when an NMS fails to authenticate to the SNMP agent.
coldstart	Notification sent when the device restarts.
linkdown	Notification sent when the link of a port goes down.
linkup	Notification sent when the link of a port comes up.
warmstart	Notification sent when the SNMP agent restarts.

system: Specifies system notifications sent when the system time is modified, the system reboots, or the main system software image is not available.

Usage guidelines

The snmp-agent trap enable command enables the device to generate notifications, including both informs and traps, even though the keyword trap is used in this command.

You can use the snmp-agent target-host command to enable the device to send the notifications as informs or traps to a host.

If no optional parameters are specified, this command or its undo form enables or disables all SNMP notifications supported by the device.

Examples

# Enable the SNMP agent to send SNMP authentication failure traps to 10.1.1.1 in the community public.

<Sysname> system-view

[Sysname] snmp-agent target-host trap address udp-domain 10.1.1.1 params securityname public

[Sysname] snmp-agent trap enable standard authentication

Related commands

snmp-agent target-host

snmp-agent trap if-mib link extended

Use snmp-agent trap if-mib link extended to configure the SNMP agent to send extended linkUp/linkDown notifications.

Use undo snmp-agent trap if-mib link extended to restore the default.

Syntax

snmp-agent trap if-mib link extended

undo snmp-agent trap if-mib link extended

Default

The SNMP agent sends standard linkUp/linkDown notifications.

Views

System view

Predefined user roles

network-admin

Usage guidelines

Extended linkUp and linkDown notifications add interface description and interface type to the standard linkUp/linkDown notifications for fast failure point identification.

When you use this command, make sure the NMS supports the extended linkup and linkDown notifications.

Examples

# Enable extended linkUp/linkDown notifications.

<Sysname> system-view

[Sysname] snmp-agent trap if-mib link extended

snmp-agent trap life

Use snmp-agent trap life to configure the lifetime of notifications in the SNMP notification queue.

Use undo snmp-agent trap life to restore the default notification lifetime.

Syntax

snmp-agent trap life seconds

undo snmp-agent trap life

Default

The SNMP notification lifetime is 120 seconds.

Views

System view

Predefined user roles

network-admin

Parameters

seconds: Sets a lifetime in seconds, in the range of 1 to 2592000.

Usage guidelines

When congestion occurs, the SNMP agent buffers notifications in a queue. The notification lifetime sets how long a notification can stay in the queue. A notification is deleted when its lifetime expires.

Examples

# Set the SNMP notification lifetime to 60 seconds.

<Sysname> system-view

[Sysname] snmp-agent trap life 60

Related commands

· snmp-agent target-host

· snmp-agent trap enable

· snmp-agent trap queue-size

snmp-agent trap log

Use snmp-agent trap log to enable SNMP notification logging.

Use undo snmp-agent trap log to disable SNMP notification logging.

Syntax

snmp-agent trap log

undo snmp-agent trap log

Default

SNMP notification logging is disabled.

Views

System view

Predefined user roles

network-admin

Usage guidelines

Use SNMP notification logging to record SNMP notifications sent by the SNMP agent for notification tracking. The SNMP agent sends logs to the information center. You can configure the information center to output the logs to a destination as needed.

Examples

# Enable SNMP notification logging.

<Sysname> system-view

[Sysname] snmp-agent trap log

snmp-agent trap queue-size

Use snmp-agent trap queue-size to set the SNMP notification queue size.

Use undo snmp-agent trap queue-size to restore the default queue size.

Syntax

snmp-agent trap queue-size size

undo snmp-agent trap queue-size

Default

The SNMP notification queue can store up to 100 notifications.

Views

System view

Predefined user roles

network-admin

Parameters

size: Specifies the maximum number of notifications that the SNMP notification queue can hold. The value range is 1 to 1000.

Usage guidelines

When congestion occurs, the SNMP agent buffers notifications in a queue. SNMP notification queue size sets the maximum number of notifications that this queue can hold. When the queue size is reached, the oldest notifications are dropped for new notifications.

Examples

# Set the SNMP notification queue size to 200.

<Sysname> system-view

[Sysname] snmp-agent trap queue-size 200

Related commands

· snmp-agent target-host

· snmp-agent trap enable

· snmp-agent trap life

snmp-agent usm-user { v1 | v2c }

Use snmp-agent usm-user { v1 | v2c } to add a user to an SNMPv1 or SNMPv2c group.

Use undo snmp-agent usm-user { v1 | v2c } to delete a user from an SNMPv1 or SNMPv2c group.

Syntax

snmp-agent usm-user { v1 | v2c } user-name group-name [ acl { ipv4-acl-number | name ipv4-acl-name } | acl ipv6 { ipv6-acl-number | name ipv6-acl-name } ] *

undo snmp-agent usm-user { v1 | v2c } user-name

Default

No SNMP users have been configured.

Views

System view

Predefined user roles

network-admin

Parameters

v1: Specifies SNMPv1.

v2c: Specifies SNMPv2c.

user-name: Specifies an SNMP username, a case-sensitive string of 1 to 32 characters.

group-name: Specifies an SNMPv1 or SNMPv2c group name, a case-sensitive string of 1 to 32 characters. The group can be one that has been created or not. If the group has not been created, the user takes effect after you create the group.

acl: Specifies a basic IPv4 ACL for the user.

ipv4-acl-number: Specifies a basic IPv4 ACL by its number in the range of 2000 to 2999.

name ipv4-acl-name: Specifies a basic IPv4 ACL by its name, a case-insensitive string of 1 to 63 characters.

acl ipv6: Specifies a basic IPv6 ACL for the user.

ipv6-acl-number: Specifies a basic IPv6 ACL by its number in the range of 2000 to 2999.

name ipv6-acl-name: Specifies a basic IPv6 ACL by its name, a case-insensitive string of 1 to 63 characters.

Usage guidelines

On an SNMPv1 or SNMPv2c network, NMSs and agents authenticate each other by using the community name. On an SNMPv3 network, NMSs and agents authenticate each other by using the username.

You can create an SNMPv1 or SNMPv2c community by using either of the following ways:

· Execute the snmp-agent community command.

· Execute the snmp-agent usm-user { v1 | v2c } and snmp-agent group { v1 | v2c } commands to create an SNMPv1 or SNMPv2c user and the group that the user is assigned to. The system automatically creates an SNMP community by using the SNMPv1 or SNMPv2c username.

· If you do not specify an ACL, the specified ACL does not exist, or the specified ACL does not have any rules, all NMSs that use the username can access the SNMP agent.

· If you have specified an ACL and the ACL has rules, only the NMSs permitted by the ACL can access the agent.

For more information about ACL, see ACL and QoS Configuration Guide.

Examples

# Add the user userv2c to the SNMPv2c group readCom so an NMS can use the protocol SNMPv2c and the read-only community name userv2c to access the device.

<Sysname> system-view

[Sysname] snmp-agent sys-info version v2c

[Sysname] snmp-agent group v2c readCom

[Sysname] snmp-agent usm-user v2c userv2c readCom

# Add the user userv2c in the SNMPv2c group readCom so only the NMS at 1.1.1.1 can use the protocol SNMPv2c and read-only community name userv2c to access the device.

<Sysname> system-view

[Sysname] acl basic 2001

[Sysname-acl-ipv4-basic-2001] rule permit source 1.1.1.1 0.0.0.0

[Sysname-acl-ipv4-basic-2001] rule deny source any

[Sysname-acl-ipv4-basic-2001] quit

[Sysname] snmp-agent sys-info version v2c

[Sysname] snmp-agent group v2c readCom

[Sysname] snmp-agent usm-user v2c userv2c readCom acl 2001

# Add the user userv2c in the SNMPv2c group readCom so only the NMS at 1.1.1.2 can use the protocol SNMPv2c and read-only community name userv2c to access the device.

[Sysname] acl basic name testacl

[Sysname-acl-ipv4-basic-testacl] rule permit source 1.1.1.2 0.0.0.0

[Sysname-acl-ipv4-basic-testacl] rule deny source any

[Sysname-acl-ipv4-basic-testacl] quit

[Sysname] snmp-agent sys-info version v2c

[Sysname] snmp-agent group v2c readCom

[Sysname] snmp-agent usm-user v2c userv2c readCom acl name testacl

Related commands

· display snmp-agent community

· snmp-agent community

· snmp-agent group

snmp-agent usm-user v3

Use snmp-agent usm-user v3 to add a user to an SNMPv3 group or create an SNMPv3 user.

Use undo snmp-agent usm-user v3 to delete a user from an SNMPv3 group or remove an SNMPv3 user.

Syntax

In VACM mode:

snmp-agent usm-user v3 user-name group-name [ remote { ip-address | ipv6 ipv6-address } ] [ { cipher | simple } authentication-mode { md5 | sha } auth-password [ privacy-mode { aes128 | 3des | des56 } priv-password ] ] [ acl { ipv4-acl-number | name ipv4-acl-name } | acl ipv6 { ipv6-acl-number | name ipv6-acl-name } ] *

undo snmp-agent usm-user v3 user-name { local | engineid engineid-string | remote { ip-address | ipv6 ipv6-address } }

In RBAC mode:

snmp-agent usm-user v3 user-name user-role role-name [ remote { ip-address | ipv6 ipv6-address } ] [ { cipher | simple } authentication-mode { md5 | sha } auth-password [ privacy-mode { aes128 | 3des | des56 } priv-password ] ] [ acl { ipv4-acl-number | name ipv4-acl-name } | acl ipv6 { ipv6-acl-number | name ipv6-acl-name } ] *

undo snmp-agent usm-user v3 user-name { local | engineid engineid-string | remote { ip-address | ipv6 ipv6-address } }

Default

No SNMPv3 users have been configured.

Views

System view

Predefined user roles

network-admin

Parameters

user-name: Specifies an SNMPv3 username, a case-sensitive string of 1 to 32 characters.

group-name: Specifies an SNMPv3 group name, a case-sensitive string of 1 to 32 characters.

user-role role-name: Specifies a user role name, a case-sensitive string of 1 to 63 characters.

remote { ip-address | ipv6 ipv6-address }: Specifies the IPv4 or IPv6 address of the remote SNMP entity.

cipher: Specifies an authentication key and an encryption key in encrypted form. The keys will be converted to a digest in encrypted form and stored in the device.

simple: Specifies an authentication key and an encryption key in plaintext from. The keys will be converted to a digest in encrypted form and stored in the device.

authentication-mode: Specifies an authentication algorithm. If you do not specify the keyword, the system does not perform authentication. For more information about authentication algorithms, see IPSec configuration in Security Configuration Guide.

· md5: Specifies the HMAC-MD5 authentication algorithm.

· sha: Specifies the HMAC-SHA1 authentication algorithm.

auth-password: Specifies the authentication key. This argument is case sensitive.

· The plaintext form of the key in non-FIPS mode is a string of 1 to 64 characters. The plaintext form of the key in FIPS mode is a string of 15 to 64 characters, which must contain numbers, uppercase letters, lowercase letters, and special characters.

· The encrypted form of the key can be calculated by using the snmp-agent calculate-password command.

privacy-mode: Specifies an encryption algorithm. If you do not specify this keyword, the system does not perform encryption.

· 3des: Specifies the 3DES encryption algorithm that uses a 168-bit key.

· aes128: Specifies the AES encryption algorithm that uses a 128-bit key.

· des56: Specifies the DES encryption algorithm that uses a 56-bit key.

priv-password: Specifies an encryption key. This argument is case sensitive.

· The encrypted form of the key can be calculated by using the snmp-agent calculate-password command.

acl: Specifies a basic IPv4 ACL for the user.

ipv4-acl-number: Specifies a basic IPv4 ACL by its number in the range of 2000 to 2999.

name ipv4-acl-name: Specifies a basic IPv4 ACL by its name, a case-insensitive string of 1 to 63 characters.

acl ipv6: Specifies a basic IPv6 ACL for the user.

ipv6-acl-number: Specifies a basic IPv6 ACL by its number in the range of 2000 to 2999.

name ipv6-acl-name: Specifies a basic IPv6 ACL by its name, a case-insensitive string of 1 to 63 characters.

local: Specifies the local SNMP engine. By default, an SNMPv3 user is associated with the local SNMP engine.

engineid engineid-string: Specifies an SNMP engine ID. The engineid-string argument is an even number of hexadecimal characters. All-zero and all-F strings are invalid. The even number is in the range of 10 to 64. If you change the local engine ID, the existing SNMPv3 users and keys become invalid. To delete an invalid username, specify the engine ID associated with the username in the undo snmp-agent usm-user v3 command.

Usage guidelines

You can use either of the following modes to control SNMPv3 user access to MIB objects.

· VACM—Controls user access to MIB objects by assigning the user to an SNMP group. To make sure the user takes effect, make sure the group has been created. An SNMP group contains one or multiple users and specifies the MIB views and security model for the users. The authentication and encryption algorithms for each user are specified when they are created.

· RBAC—Controls user access to MIB objects by assigning user roles to the user. A user role specifies the MIB objects accessible to the user and the operations that the user can perform on the objects. After you create a user in RBAC mode, you can use the snmp-agent usm-user v3 user-role command to assign more user roles to the user. You can assign a maximum of 64 user roles to a user.

RBAC mode controls access on a per MIB object basis, and VACM mode controls access on a MIB view basis. As a best practice to enhance MIB security, use RBAC mode.

You can execute the snmp-agent usm-user v3 command multiple times to create different SNMPv3 users in VACM mode. If you do not change the username each time, the most recent configuration takes effect.

You can execute the snmp-agent usm-user v3 command in RBAC mode multiple times to assign different user roles to an SNMPv3 user. The following restrictions and guidelines apply:

· If you specify only user roles but do not change any other settings each time, the snmp-agent usm-user v3 command assigns different user roles to the user. Other settings remain unchanged.

· If you specify user roles and also change other settings each time, the snmp-agent usm-user v3 command assigns different user roles to the user. The most recent configuration for other settings takes effect.

You can specify an ACL for the user and group, respectively, to filter illegitimate NMSs from accessing the agent. Only the NMSs permitted by the ACLs for both the user and group can access the SNMP agent. The following rules apply to the ACLs for the user and group:

· If you do not specify an ACL, the specified ACL does not exist, or the specified ACL does not have any rules, all NMSs that use the username can access the SNMP agent.

· If you have specified an ACL and the ACL has rules, only the NMSs permitted by the ACL can access the agent.

For more information about ACL, see ACL and QoS Configuration Guide.

Examples

In VACM mode:

# Create SNMPv3 group testGroup and specify the authentication without privacy security model for the group. Add user testUser to the group. Specify authentication algorithm HMAC-SHA1 and plaintext-form authentication key 123456TESTplat&! for the user.

<Sysname> system-view

[Sysname] snmp-agent group v3 testGroup authentication

[Sysname] snmp-agent usm-user v3 testUser testGroup simple authentication-mode sha 123456TESTplat&!

For an NMS to access the MIB objects in default view, make sure the following configurations are the same on both the NMS and the SNMP agent:

· SNMP protocol version.

· SNMPv3 username.

· Authentication algorithm and key.

# Create SNMPv3 group testGroup and specify the authentication with privacy security model for the group. Add user testUser to the group. Specify authentication algorithm HMAC-SHA1, encryption algorithm AES, plaintext-form authentication key 123456TESTauth&!, and plaintext-form encryption key 123456TESTencr&! for the user.

<Sysname> system-view

[Sysname] snmp-agent group v3 testGroup privacy

[Sysname] snmp-agent usm-user v3 testUser testGroup simple authentication-mode sha 123456TESTauth&! privacy-mode aes128 123456TESTencr&!

For an NMS to access the MIB objects in default view, make sure the following configurations are the same on both the NMS and the SNMP agent:

· SNMP protocol version.

· SNMPv3 username.

· Authentication algorithm and key.

· Encryption algorithm and key.

# Specify engine ID 123456789A for the NMS at 10.1.1.1. Create SNMPv3 group testGroup and specify the authentication with privacy security model for the group. Add user testUser to the group. Specify NMS at 10.1.1.1 as the target host. Specify authentication algorithm HMAC-SHA1, encryption algorithm AES, plaintext-form authentication key 123456TESTauth&!, and plaintext-form encryption key 123456TESTencr&! for the user.

<Sysname> system-view

[Sysname] snmp-agent remote 10.1.1.1 engineid 123456789A

[Sysname] snmp-agent group v3 testGroup privacy

[Sysname] snmp-agent usm-user v3 remoteUser testGroup remote 10.1.1.1 simple authentication-mode sha 123456TESTauth&! privacy-mode aes128 123456TESTencr&!

In RBAC mode:

# Create SNMPv3 user testUser with user role network-operator. Specify authentication algorithm HMAC-SHA1 and plaintext-form authentication key 123456TESTplat&! for the user.

<Sysname> system-view

[Sysname] snmp-agent usm-user v3 testUser user-role network-operator simple authentication-mode sha 123456TESTplat&!

For an NMS to have read-only access to all MIB objects, make sure the following configurations are the same on both the NMS and the SNMP agent:

· SNMP protocol version.

· SNMPv3 username.

· Authentication algorithm and key.

Related commands

· display snmp-agent usm-user

· snmp-agent calculate-password

· snmp-agent group

· snmp-agent remote

· snmp-agent usm-user v3 user-role

snmp-agent usm-user v3 user-role

Use snmp-agent usm-user v3 user-role to assign a user role to an SNMPv3 user created in RBAC mode.

Use undo snmp-agent usm-user user-role to remove a user role.

Syntax

snmp-agent usm-user v3 user-name user-role role-name

undo snmp-agent usm-user v3 user-name user-role role-name

Default

No SNMPv3 users have been configured in RBAC mode.

Views

System view

Predefined user roles

network-admin

Parameters

user-name: Specifies an SNMPv3 username, a case-sensitive string of 1 to 32 characters.

user-role role-name: Specifies a user role name, a case-sensitive string of 1 to 63 characters.

Usage guidelines

You can assign a maximum of 64 user roles to an SNMPv3 user.

An SNMPv3 user must have a minimum of one user role.

Examples

# Assign user role testRole2 to SNMPv3 user testUser.

<Sysname> system-view

[Sysname] snmp-agent usm-user v3 testUser user-role testRole2

Related commands

snmp-agent usm-user v3

RMON commands

display rmon alarm

Use display rmon alarm to display entries in the RMON alarm table.

Syntax

display rmon alarm [ entry-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

entry-number: Specifies an alarm entry index in the range of 1 to 65535. If you do not specify an entry, the command displays all entries in the RMON alarm table.

Examples

# Display all entries in the RMON alarm table.

<Sysname> display rmon alarm

AlarmEntry 1 owned by user1 is VALID.

Sample type : absolute

Sampled variable : 1.3.6.1.2.1.16.1.1.1.4.1<etherStatsOctets.1>

Sampling interval (in seconds) : 10

Rising threshold : 50(associated with event 1)

Falling threshold : 5(associated with event 2)

Alarm sent upon entry startup : risingOrFallingAlarm

Latest value : 0

Table 34 Command output

Field	Description
AlarmEntry entry-number owned by owner is status.	Alarm entry owner and status: · entry-number—Alarm entry index. · owner—Entry owner · status—Entry status: ? VALID—The entry is valid. ? UNDERCREATION—The entry is invalid. The status field is not configurable at the CLI. All alarm entries created from the CLI are valid by default. The display rmon alarm command can display invalid entries, but the display current-configuration and display this commands do not display their settings.
Sample type	Sample type: · absolute. · delta.
Sampled variable	Monitored variable.
Sampling interval	Interval (in seconds) at which data is sampled.
Rising threshold	Alarm rising threshold.
associated with event	Event index associated with the alarm.
Falling threshold	Alarm falling threshold.
Alarm sent upon entry startup	Alarm that can be generated at the first sampling: · risingAlarm. · fallingAlarm. · risingOrFallingAlarm. If you do not specify an alarm type for the first sampling, the risingOrFallingAlarm is enabled.
Latest value	Most recent sampled value.

Related commands

rmon alarm

display rmon event

Use display rmon event to display RMON event entries.

Syntax

display rmon event [ entry-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

entry-number: Specifies an event entry index in the range of 1 to 65535. If you do not specify an entry, the command displays all event entries.

Usage guidelines

An event entry includes the following information:

· Event index.

· Event owner.

· Event description.

· Action triggered by the event (such as logging the event or sending an SNMP notification).

· Last time when the event occurred (seconds that elapsed since the system startup).

Examples

# Display all RMON event entries.

<Sysname> display rmon event

EventEntry 1 owned by user1 is VALID.

Description: N/A

Community: Security

Take the action log-trap when triggered, last triggered at 0days 00h:02m:27s uptime.

Table 35 Command output

Field	Description
EventEntry entry-number owned by owner is status.	Event entry owner and status: · entry-number—Event entry index. · owner—Entry owner. · status—Entry status: ? VALID—The entry is valid. ? UNDERCREATION—The entry is invalid. The status field is not configurable at the CLI. All alarm entries created from the CLI are valid by default. The display rmon event command can display invalid entries, but the display current-configuration and display this commands do not display their settings.
Description	Event description.
Community	SNMP community name for the RMON event.
Take the action action when triggered	Actions that the system takes when the event occurs: · none—Takes no action. · log—Logs the event. · trap—Sends an SNMP notification. · log-trap—Logs the event and sends an SNMP notification.
last triggered at time uptime	Last time when the event occurred, which is represented as the amount of time that elapsed since the system startup.

Related commands

rmon event

display rmon eventlog

Use display rmon eventlog to display event log entries.

Syntax

display rmon eventlog [ entry-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

entry-number: Specifies an event entry index in the range of 1 to 65535. If you do not specify an entry, the command displays log entries for all event entries.

Usage guidelines

If the log action is specified for an event, the system adds a record in the event log table each time the event occurs. Each record contains the log entry index, time when the event was logged (the amount of time that elapsed since system startup), and event description.

The system can maintain a maximum of 10 records for an event. The most recent record replaces the oldest record if the number of records reaches 10.

Examples

# Display the RMON log for event entry 99.

<Sysname> display rmon eventlog 99

EventEntry 99 owned by ww is VALID.

LogEntry 99.1 created at 50days 08h:54m:44s uptime.

Description: The 1.3.6.1.2.1.16.1.1.1.4.5 defined in alarmEntry 77,

uprise 16760000 with alarm value 16776314. Alarm sample type is absolute.

LogEntry 99.2 created at 50days 09h:11m:13s uptime.

Description: The 1.3.6.1.2.1.16.1.1.1.4.5 defined in alarmEntry 77,

less than(or =) 20000000 with alarm value 16951648. Alarm sample type is absolute.

LogEntry 99.3 created at 50days 09h:18m:43s uptime.

Description: The alarm formula defined in prialarmEntry 777,

less than(or =) 15000000 with alarm value 14026493. Alarm sample type is absolute.

LogEntry 99.4 created at 50days 09h:23m:28s uptime.

Description: The alarm formula defined in prialarmEntry 777,

uprise 17000000 with alarm value 17077846. Alarm sample type is absolute.

This example shows that the event log table has four records for event 99:

· Two records were created when event 99 was triggered by alarm entry 77.

· Two records were created when event 99 was triggered by private alarm entry 777.

Table 36 Command output

Field	Description
EventEntry entry-number owned by owner is status.	Event log entry owner and status: · entry-number—Event log entry index, which is the same as the event entry index for which this log entry is generated. · owner—Entry owner. · status—Entry status: ? VALID—The entry is valid (default value). ? UNDERCREATION—The entry is invalid. The status field is not configurable at the CLI. All event log entries are valid by default. The display rmon eventlog command can display invalid entries, but the display current-configuration and display this commands do not display their settings.
LogEntry entry-number created at created-time uptime.	Time when an event record was created: · entry-number—Event record index, represented as logEventIndex.logIndex. logEventIndex and logIndex are MIB objects. The record index uniquely identifies the record among all records for the event. · created-time—Time when the event entry was created.
Description	Record description.

Related commands

rmon event

display rmon history

Use display rmon history to display RMON history control entries and history samples of Ethernet statistics for Ethernet interfaces.

Syntax

display rmon history [ interface-type interface-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

interface-type interface-number: Specifies an interface by its type and number. If you do not specify an interface, the command displays history samples for all interfaces that have an RMON history control entry.

Usage guidelines

RMON uses the etherHistoryTable object to store the history samples of Ethernet statistics for Ethernet interfaces.

To collect history samples for an Ethernet interface, you must first create a history control entry on the interface.

To configure the number of history samples that can be displayed and the history sampling interval, use the rmon history command.

Examples

# Display the RMON history control entry and history samples for GigabitEthernet 1/0/1.

<Sysname> display rmon history gigabitethernet 1/0/1

HistoryControlEntry 6 owned by user1 is VALID.

Sampled interface : GigabitEthernet 1/0/1 <ifIndex.117>

Sampling interval : 8(sec) with 3 buckets max

Sampling record 1 :

dropevents : 0 , octets : 5869

packets : 54 , broadcast packets : 9

multicast packets : 23 , CRC alignment errors : 0

undersize packets : 0 , oversize packets : 0

fragments : 0 , jabbers : 0

collisions : 0 , utilization : 0

Sampling record 2 :

dropevents : 0 , octets : 5367

packets : 55 , broadcast packets : 1

multicast packets : 7 , CRC alignment errors : 0

undersize packets : 0 , oversize packets : 0

fragments : 0 , jabbers : 0

collisions : 0 , utilization : 0

Sampling record 3 :

dropevents : 0 , octets : 936

packets : 10 , broadcast packets : 0

multicast packets : 6 , CRC alignment errors : 0

undersize packets : 0 , oversize packets : 0

fragments : 0 , jabbers : 0

collisions : 0 , utilization : 0

HistoryControlEntry 7 owned by user1 is VALID.

Sampled interface : GigabitEthernet 1/0/1 <ifIndex.117>

Sampling interval : 9(sec) with 1 buckets max

Sampling record 1 :

dropevents : 0 , octets : 1150

packets : 12 , broadcast packets : 0

multicast packets : 8 , CRC alignment errors : 0

undersize packets : 0 , oversize packets : 0

fragments : 0 , jabbers : 0

collisions : 0 , utilization : 0

Table 37 Command output

Field	Description
HistoryControlEntry entry-number owned by owner is status.	Status and owner of the history control entry: · entry-number—History control entry index. · owner—Entry owner. · status—Entry status: ? VALID—The entry is valid. ? UNDERCREATION—The entry is invalid. The status field is not configurable at the CLI. All history control entries created from the CLI are valid by default. The display rmon history command can display invalid entries, but the display current-configuration and display this commands do not display their settings.
Sampled Interface	Sampled interface.
Sampling interval	Sampling interval in seconds.
buckets max	Maximum number of samples that can be saved for the history control entry. If the expected bucket size specified with the rmon history command exceeds the available history table size, RMON sets the bucket size as closely to the expected bucket size as possible. If the bucket has been full, RMON overwrites the oldest sample with the new sample.
Sampling record	History sample index.
dropevents	Total number of events in which packets were dropped during the sampling interval. NOTE: This statistic is the number of times that a drop condition occurred. It is not necessarily the total number of dropped packets.
octets	Total number of octets received during the sampling interval.
packets	Total number of packets (including bad packets) received during the sampling interval.
broadcast packets	Number of broadcasts received during the sampling interval.
multicast packets	Number of multicasts received during the sampling interval.
CRC alignment errors	Number of packets received with CRC alignment errors during the sampling interval.
undersize packets	Number of undersize packets received during the sampling interval. Undersize packets are shorter than 64 octets (excluding framing bits but including FCS octets).
oversize packets	Number of oversize packets received during the sampling interval. Oversize packets are longer than 1518 octets (excluding framing bits but including FCS octets).
fragments	Number of undersize packets with CRC errors received during the sampling interval.
jabbers	Number of oversize packets with CRC errors received during the sampling interval.
collisions	Number of colliding packets received during the sampling interval.
utilization	Bandwidth utilization (in hundreds of a percent) during the sampling period.

Related commands

rmon history

display rmon prialarm

Use display rmon prialarm to display entries in the private RMON alarm table.

Syntax

display rmon prialarm [ entry-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

entry-number: Specifies an alarm entry index in the range of 1 to 65535. If you do not specify an entry, the command displays all private alarm entries.

Examples

# Display all private alarm entries.

<Sysname> display rmon prialarm

PrialarmEntry 1 owned by user1 is VALID.

Sample type : absolute

Variable formula : (.1.3.6.1.2.1.16.1.1.1.6.1*100/.1.3.6.1.2.1.16.1.1.1.5.1)

Description : ifUtilization.GigabitEthernet1/0/1

Sampling interval (in seconds) : 10

Rising threshold : 80(associated with event 1)

Falling threshold : 5(associated with event 2)

Alarm sent upon entry startup : risingOrFallingAlarm

Entry lifetime : forever

Latest value : 85

Table 38 Command output

Field	Description
PrialarmEntry entry-number owned by owner is status.	Alarm entry owner and status: · entry-number—Alarm entry index. · owner—Entry owner. · status—Entry status: ? VALID—The entry is valid. ? UNDERCREATION—The entry is invalid. The status field is not configurable at the CLI. All alarm entries created from the CLI are valid by default. The display rmon prialarm command can display invalid entries, but the display current-configuration and display this commands do not display their settings.
Sample type	Sample type: · absolute. · delta.
Variable formula	Variable formula.
Description	Description of the alarm entry.
Sampling interval	Interval (in seconds) at which data is sampled.
Rising threshold	Alarm rising threshold.
Falling threshold	Alarm falling threshold.
associated with event	Event index associated with the alarm.
Alarm sent upon entry startup	Alarm that can be generated at the first sampling: · risingAlarm. · fallingAlarm. · risingOrFallingAlarm. If you do not specify an alarm type for the first sampling, the risingOrFallingAlarm is enabled.
Entry lifetime	Lifetime of the entry. · If the lifetime is set to forever, the entry never expires. · If the lifetime is set to an amount of time, the entry is removed when the timer expires.
Latest value	Most recent sampled value.

NOTE:

The prefix of the MIB objects varies by device brands.

Related commands

rmon prialarm

display rmon statistics

Use display rmon statistics to display RMON statistics.

Syntax

display rmon statistics [ interface-type interface-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

interface-type interface-number: Specifies an interface by its type and number. If you do not specify an interface, the command displays RMON statistics for all interfaces.

Usage guidelines

This command displays the cumulative interface statistics for the period from the time the statistics entry was created to the time the command was executed. The statistics are cleared when the device reboots.

Examples

# Display RMON statistics for GigabitEthernet 1/0/1.

<Sysname> display rmon statistics gigabitethernet 1/0/1

EtherStatsEntry 1 owned by user1 is VALID.

Interface : GigabitEthernet1/0/1<ifIndex.3>

etherStatsOctets : 43393306 , etherStatsPkts : 619825

etherStatsBroadcastPkts : 503581 , etherStatsMulticastPkts : 44013

etherStatsUndersizePkts : 0 , etherStatsOversizePkts : 0

etherStatsFragments : 0 , etherStatsJabbers : 0

etherStatsCRCAlignErrors : 0 , etherStatsCollisions : 0

etherStatsDropEvents (insufficient resources): 0

Incoming packets by size:

64 : 0 , 65-127 : 0 , 128-255 : 0

256-511: 0 , 512-1023: 0 , 1024-1518: 0

Table 39 Command output

Field	Description
EtherStatsEntry entry-number owned by owner is status.	Statistics entry owner and status: · entry-number—Statistics entry index. · owner—Entry owner. · status—Entry status: ? VALID—The entry is valid. ? UNDERCREATION—The entry is invalid. The status field is not configurable at the CLI. All alarm entries created from the CLI are valid by default. The display rmon statistics command can display invalid entries, but the display current-configuration and display this commands do not display their settings.
Interface	Interface on which statistics are gathered.
etherStatsOctets	Total number of octets received on the interface.
etherStatsPkts	Total number of packets received on the interface.
etherStatsBroadcastPkts	Total number of broadcast packets received on the interface.
etherStatsMulticastPkts	Total number of multicast packets received on the interface.
etherStatsUndersizePkts	Total number of undersize packets received on the interface.
etherStatsOversizePkts	Total number of oversize packets received on the interface.
etherStatsFragments	Total number of undersize packets received with CRC errors on the interface.
etherStatsJabbers	Total number of oversize packets received with CRC errors on the interface.
etherStatsCRCAlignErrors	Total number of packets received with CRC errors on the interface.
etherStatsCollisions	Total number of colliding packets received on the interface.
etherStatsDropEvents	Total number of events in which packets were dropped. NOTE: This statistic is the number of times that a drop condition occurred. It is not necessarily the total number of dropped packets.
Incoming packets by size:	Incoming-packet statistics by packet length: · 64—Number of packets with a length less than or equal to 64 bytes. · 65-127—Number of 65- to 127-byte packets. · 128-255—Number of 128- to 255-byte packets. · 256-511—Number of 256- to 511-byte packets. · 512-1023—Number of 512- to 1023-byte packets. · 1024-1518—Number of 1024- to 1518-byte packets.

Related commands

rmon statistics

rmon alarm

Use rmon alarm to create an entry in the RMON alarm table.

Use undo rmon alarm to remove an entry from the RMON alarm table.

Syntax

rmon alarm entry-number alarm-variable sampling-interval { absolute | delta } [ startup-alarm { falling | rising | rising-falling } ] rising-threshold threshold-value1 event-entry1 falling-threshold threshold-value2 event-entry2 [ owner text ]

undo rmon alarm entry-number

Default

The RMON alarm table does not contain any entries.

Views

System view

Predefined user roles

network-admin

Parameters

entry-number: Specifies an alarm entry index in the range of 1 to 65535.

alarm-variable: Specifies an alarm variable, a string of 1 to 255 characters. You can only specify variables that can be parsed as an ASN.1 INTEGER value (INTEGER, INTEGER32, Unsigned32, Counter32, Counter64, Gauge, or TimeTicks) for the alarm-variable argument. The alarm variables must use one of the formats in Table 40.

Table 40 Alarm variable formats

Format	Examples
Dotted OID format: entry.integer.instance	1.3.6.1.2.1.2.1.10.1
Object name.instance	etherStatsOctets.1 etherStatsPkts.1 etherStatsBroadcastPkts.1 ifInOctets.1 ifInUcastPkts.1 ifInNUcastPkts.1

Format

Examples

Dotted OID format:

entry.integer.instance

1.3.6.1.2.1.2.1.10.1

Object name.instance

etherStatsOctets.1

etherStatsPkts.1

etherStatsBroadcastPkts.1

ifInOctets.1

ifInUcastPkts.1

ifInNUcastPkts.1

sampling-interval: Sets the sampling interval in the range of 5 to 65535, in seconds.

absolute: Specifies absolute sampling. RMON compares the value of the variable with the rising and falling thresholds at the end of the sampling interval.

delta: Specifies delta sampling. RMON subtracts the value of the variable at the previous sample from the current value, and then compares the difference with the rising and falling thresholds.

startup-alarm: Specifies alarms that can be generated when the alarm entry becomes valid. If you do not specify an alarm, RMON can generate a rising alarm or a falling alarm depending on the first sample.

rising: Generates a rising alarm if the first sample after the entry becomes valid is greater than or equal to the rising threshold.

falling: Generates a falling alarm if the first sample after the entry becomes valid is less than or equal to the rising threshold.

rising-falling: Generates a rising alarm if the first sample crosses the rising threshold, or generates a falling alarm if the first sample crosses the falling threshold.

rising-threshold threshold-value1 event-entry1: Sets the rising threshold. The threshold-value1 argument represents the rising threshold in the range of –2147483648 to +2147483647. The event-entry1 argument represents the index of the event that is triggered when the rising threshold is crossed. The value range for the event-entry1 argument is 0 to 65535. If 0 is specified, the alarm does not trigger any event.

falling-threshold threshold-value2 event-entry2: Sets the falling threshold. The threshold-value2 argument represents the falling threshold in the range of –2147483648 to +2147483647. The event-entry2 argument represents the index of the event that is triggered when the falling threshold is crossed. The value range for the event-entry2 argument is 0 to 65535. If 0 is specified, the alarm does not trigger any event.

owner text: Specifies the entry owner, a case-sensitive string of 1 to 127 characters.

Usage guidelines

You can create a maximum of 60 entries in the RMON alarm table.

Each alarm entry must have a unique alarm variable, sampling interval, sample type, rising threshold, or falling threshold. You cannot create an alarm entry if all these parameters for the entry are the same as an existing entry.

To trigger the event associated with an alarm condition, you must create the event with the rmon event command.

RMON samples the monitored alarm variable at the specified sampling interval, compares the sampled value with the predefined thresholds, and does one of the following:

· Triggers the event associated with the rising alarm if the sampled value is equal to or greater than the rising threshold.

· Triggers the event associated with the falling alarm if the sampled value is equal to or less than the falling threshold.

Examples

# Create an alarm entry to perform absolute sampling on the number of octets received on GigabitEthernet 1/0/1 (object instance 1.3.6.1.2.1.16.1.1.1.4.1) at 10-seconds intervals. If the sampled value reaches or exceeds 5000, log the rising alarm event. If the sampled value is equal to or less than 5, take no actions.

<Sysname> system-view

[Sysname] rmon event 1 log

[Sysname] rmon event 2 none

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] rmon statistics 1

[Sysname-GigabitEthernet1/0/1] quit

[Sysname] rmon alarm 1 1.3.6.1.2.1.16.1.1.1.4.1 10 absolute rising-threshold 5000 1 falling-threshold 5 2 owner user1

In this example, you can replace 1.3.6.1.2.1.16.1.1.1.4.1 with etherStatsOctets.1, where 1 is the statistics entry index for the interface. If you execute the rmon statistics 5 command, you can use etherStatsOctets.5 to replace 1.3.6.1.2.1.16.1.1.1.4.5.

Related commands

· display rmon alarm

· rmon event

rmon event

Use rmon event to create an entry in the RMON event table.

Use undo rmon event to remove an entry from the RMON event table.

Syntax

rmon event entry-number [ description string ] { log | log-trap security-string | none | trap security-string } [ owner text ]

undo rmon event entry-number

Default

No entry exists in the RMON event table.

Views

System view

Predefined user roles

network-admin

Parameters

entry-number: Specifies an event entry index in the range of 1 to 65535.

description string: Configures an event description, a case-sensitive string of 1 to 127 characters.

log: Logs the event when it occurs.

log-trap: Logs the event and sends an SNMP notification when the event occurs.

security-string: Represents the SNMP community name, a case-sensitive string of 1 to 127 characters.

none: Performs no action when the event occurs.

trap: Sends an SNMP notification when the event occurs.

owner text: Specifies the entry owner, a case-sensitive string of 1 to 127 characters.

NOTE:

The SNMP community name setting for the security-string argument does not take effect even though you can configure it with the command. Instead, the system uses the settings you configure with SNMP when it sends RMON SNMP notifications. For more information about SNMP notifications, see Network Management and Monitoring Configuration Guide.

Usage guidelines

You can create a maximum of 60 event entries.

You can associate an event entry with a standard or private alarm entry to specify the action to take when an alarm condition occurs. Depending on your configuration, the system logs the event, sends an SNMP notification, does both, or does neither.

You can associate an event with multiple alarm entries.

Examples

# Create event 10 in the RMON event table.

<Sysname> system-view

[Sysname] rmon event 10 log owner user1

Related commands

· display rmon event

· rmon alarm

· rmon prialarm

rmon history

Use rmon history to create an entry in the RMON history control table.

Use undo rmon history to remove an entry from the RMON history control table.

Syntax

rmon history entry-number buckets number interval sampling-interval [ owner text ]

undo rmon history entry-number

Default

The RMON history control table does not contain any entries.

Views

Ethernet interface view

Predefined user roles

network-admin

Parameters

entry-number: Specifies a history control entry index in the range of 1 to 65535.

buckets number: Specifies the expected maximum number of samples to be retained for the entry, in the range of 1 to 65535. RMON can retain a maximum of 50 samples for each history control entry. If the expected bucket size exceeds the available history table size, RMON sets the bucket size as closely to the expected bucket size as is possible. However, the granted bucket size will not exceed 50. For example, the bucket size for a history control entry will be 30 if the expected bucket size is set to 55, but the available bucket size is only 30.

interval sampling-interval: Specifies the sampling interval in the range of 5 to 3600 seconds.

owner text: Specifies the entry owner, a case-sensitive string of 1 to 127 characters.

Usage guidelines

You can create RMON history control entries only for Layer 2 or Layer 3 Ethernet interfaces.

The system supports a maximum of 100 history control entries.

If an Ethernet interface has a history control entry, RMON periodically samples packet statistics on the interface and stores the samples to the history table. When the bucket size for the history control entry is reached, RMON overwrites the oldest sample with the most recent sample.

You can configure multiple history control entries for one interface. Make sure their entry numbers and sampling intervals are different.

Examples

# Create RMON history control entry 1 for GigabitEthernet 1/0/1.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] rmon history 1 buckets 10 interval 5 owner user1

Related commands

display rmon history

rmon prialarm

Use rmon prialarm to create an entry in the private alarm table.

Use undo rmon prialarm to remove an entry from the private alarm table.

Syntax

rmon prialarm entry-number prialarm-formula prialarm-des sampling-interval { absolute | delta } [ startup-alarm { falling | rising | rising-falling } ] rising-threshold threshold-value1 event-entry1 falling-threshold threshold-value2 event-entry2 entrytype { forever | cycle cycle-period } [ owner text ]

undo rmon prialarm entry-number

Default

The private alarm table does not contain any entries.

Views

System view

Predefined user roles

network-admin

Parameters

entry-number: Specifies a private alarm entry index in the range of 1 to 65535.

prialarm-formula: Configures a private alarm variable formula, a string of 1 to 255 characters. The variables in the formula must be represented in OID format that starts with a dot (.), for example, (.1.3.6.1.2.1.2.1.10.1)*8. You can configure a formula to perform the basic math operations of addition, subtraction, multiplication, and division on these variables. To get a correct calculation result, make sure the following conditions are met:

· The values of the variables in the formula are positive integers.

· The result of each calculating step is in the value range for long integers.

prialarm-des: Configures an entry description, a case-sensitive string of 1 to 127 characters.

sampling-interval: Sets the sampling interval in the range of 10 to 65535 seconds.

absolute: Specifies absolute sampling. RMON compares the value of the variable with the rising and falling thresholds at the end of the sampling interval.

delta: Specifies delta sampling. RMON subtracts the value of the variable at the previous sample from the current value, and then compares the difference with the rising and falling thresholds.

startup-alarm: Specifies alarms that can be generated when the alarm entry becomes valid. If you do not specify an alarm, RMON does the following:

· Generates a rising alarm if the first sample crosses the rising threshold.

· Generates a falling alarm if the first sample crosses the falling threshold.

rising: Generates a rising alarm if the first sample after the entry becomes valid is greater than or equal to the rising threshold.

falling: Generates a falling alarm if the first sample after the entry becomes valid is less than or equal to the rising threshold.

rising-falling: Generates a rising alarm or falling alarm if the first sample after the entry becomes valid crosses the rising threshold or falling threshold.

forever: Configures the entry as a permanent entry. RMON retains a permanent private alarm entry until it is manually deleted.

cycle cycle-period: Sets the lifetime of the entry, in the range of 0 to 4294967 seconds. RMON deletes the entry when its lifetime expires.

owner text: Specifies the entry owner, a case-sensitive string of 1 to 127 characters.

Usage guidelines

You can create a maximum of 50 private alarm entries.

To trigger the event associated with an alarm condition, you must create the event with the rmon event command.

The RMON agent samples variables and takes an alarm action based on a private alarm entry as follows:

1. Periodically samples the variables specified in the private alarm formula.

2. Processes the sampled values with the formula.

3. Compares the calculation result with the predefined thresholds, and then takes one of the following actions:

? Triggers the event associated with the rising alarm event if the result is equal to or greater than the rising threshold.

? Triggers the event associated with the falling alarm event if the result is equal to or less than the falling threshold.

Examples

# Add a permanent private alarm entry to monitor the ratio of incoming broadcasts to the total number of incoming packets on GigabitEthernet 1/0/1. Log the rising alarm event when the ratio exceeds 80%, and take no actions when the ratio drops to 5%. The formula is (1.3.6.1.2.1.16.1.1.1.6.1*100/.1.3.6.1.2.1.16.1.1.1.5.1), where 1.3.6.1.2.1.16.1.1.1.6.1 is the OID of the object instance etherStatsBroadcastPkts.1, and 1.3.6.1.2.1.16.1.1.1.5.1 is the OID of the object instance etherStatsPkts.1.

<Sysname> system-view

[Sysname] rmon event 1 log

[Sysname] rmon event 2 none

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] rmon statistics 1

[Sysname-GigabitEthernet1/0/1] quit

[Sysname] rmon prialarm 1 (.1.3.6.1.2.1.16.1.1.1.6.1*100/.1.3.6.1.2.1.16.1.1.1.5.1) BroadcastPktsRatioOfEth1/1 10 absolute rising-threshold 80 1 falling-threshold 5 2 entrytype forever owner user1

The last number in the OID forms of variables must be the same as the statistics entry index for the interface. For example, if you execute the rmon statistics 5 command, you must replace 1.3.6.1.2.1.16.1.1.1.6.1 and 1.3.6.1.2.1.16.1.1.1.5.1 with 1.3.6.1.2.1.16.1.1.1.6.5 and 1.3.6.1.2.1.16.1.1.1.5.5, respectively.

Related commands

· display rmon prialarm

· rmon event

rmon statistics

Use rmon statistics to create an entry in the RMON statistics table.

Use undo rmon statistics to remove an entry from the RMON statistics table.

Syntax

rmon statistics entry-number [ owner text ]

undo rmon statistics entry-number

Default

No entry exists in the RMON statistics table.

Views

Ethernet interface view

Predefined user roles

network-admin

Parameters

entry-number: Specifies a statistics entry index in the range of 1 to 65535.

owner text: Specifies the entry owner, a case-sensitive string of 1 to 127 characters.

Usage guidelines

You can create RMON statistics entries only for Layer 2 or Layer 3 Ethernet interfaces.

You can create one statistics entry for each Ethernet interface, and a maximum of 100 statistics entries on the device.

Each RMON statistics table entry provides a set of cumulative traffic statistics collected up to the present time for an interface. Statistics include number of collisions, CRC alignment errors, number of undersize or oversize packets, number of broadcasts, number of multicasts, number of bytes received, and number of packets received. The statistics are cleared at a reboot.

To display the RMON statistics table, use the display rmon statistics command.

Examples

# Create an RMON statistics entry for GigabitEthernet 1/0/1. The index is 20 and the owner is user1.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] rmon statistics 20 owner user1

Related commands

display rmon statistics

NETCONF commands

netconf idle-timeout

Use netconf idle-timeout to set the NETCONF session idle timeout time.

Use undo netconf idle-timeout to restore the default.

Syntax

netconf { soap | agent } idle-timeout minute

undo netconf { soap | agent } idle-timeout

Default

The NETCONF session idle timeout time is 10 minutes for NETCONF over SOAP over HTTP sessions and NETCONF over SOAP over HTTPS sessions.

The NETCONF session idle timeout time is 0 minutes for NETCONF over SSH sessions, NETCONF over Telnet sessions, and NETCONF over console sessions. The sessions never time out.

Views

System view

Predefined user roles

network-admin

Parameters

soap: Specifies the NETCONF over SOAP over HTTP sessions and NETCONF over SOAP over HTTPS sessions.

agent: Specifies the NETCONF over SSH sessions, NETCONF over Telnet sessions, and NETCONF over console sessions.

minute: Specifies the NETCONF session idle timeout time in minutes. The value range is as follows:

· 1 to 999 for NETCONF over SOAP over HTTP sessions and NETCONF over SOAP over HTTPS sessions.

· 0 to 999 for NETCONF over SSH sessions, NETCONF over Telnet sessions, and NETCONF over console sessions. To disable the timeout feature, set this argument to 0.

Usage guidelines

If no NETCONF packets are exchanged on a NETCONF session within the NETCONF session idle timeout time, the device tears down the session.

Examples

# Set the NETCONF session idle timeout time to 20 minutes for NETCONF over SOAP over HTTP sessions and NETCONF over SOAP over HTTPS sessions.

<Sysname> system-view

[Sysname] netconf soap idle-timeout 20

netconf log

Use netconf log to enable NETCONF logging.

Use undo netconf log to disable NETCONF logging for the specified NETCONF operation sources and NETCONF operations.

Syntax

netconf log source { all | { agent | soap | web } * } { { protocol-operation { all | { action | config | get | set | session | syntax | others } * } } | verbose }

undo netconf log source { all | { agent | soap | web } * } { { protocol-operation { all | { action | config | get | set | session | syntax | others } * } } | verbose }

Default

NETCONF logging is disabled.

Views

System view

Predefined user roles

network-admin

Parameters

source: Specifies a NETCONF operation source that represents clients using a protocol.

· all: Specifies NETCONF clients that use all protocols.

· agent: Specifies clients that use Telnet, SSH, console, or NETCONF over SSH.

· soap: Specifies clients that use SOAP over HTTP, or SOAP over HTTPS.

· web: Specifies clients that use Web.

protocol-operation: Specifies a NETCONF operation type.

· all: Specifies all NETCONF operations.

· action: Specifies the action operation.

· config: Specifies the configuration-related NETCONF operations, including the CLI, save, load, rollback, lock, unlock, and save-point operations.

· get: Specifies the data retrieval-related NETCONF operations, including the get, get-config, get-bulk, get-bulk-config, and get-sessions operations.

· set: Specifies all edit-config operations.

· session: Specifies session-related NETCONF operations, including the kill-session and close-session operations, and capability exchanges by hello messages.

· syntax: Specifies the requests that include XML and schema errors.

· others: Specifies NETCONF operations except for those specified by the keywords action, config, get, set, session, and syntax.

verbose: Logs detailed information about requests and replies for types of NETCONF operations, including packet contents of format-correct requests and error information about failed <edit-config> operations.

Usage guidelines

NETCONF sends the generated logs to the information center. For information about the log destination and output rule configuration in the information center, see Network Management and Monitoring Configuration Guide.

Examples

# Configure the device to log NETCONF edit-config information sourced from agent clients.

<Sysname> system-view

[Sysname] netconf log source agent protocol-operation set

netconf soap http acl

Use netconf soap http acl to apply an ACL to NETCONF over SOAP over HTTP traffic.

Use undo netconf soap http acl to remove the application.

Syntax

netconf soap http acl { acl-number | name acl-name }

undo netconf soap http acl

Default

No ACL is applied to NETCONF over SOAP over HTTP traffic.

Views

System view

Predefined user roles

network-admin

Parameters

acl-number: Specifies an IPv4 basic ACL by its number in the range of 2000 to 2999.

name acl-name: Specifies an ACL by its name. The acl-name argument is a case-insensitive string of 1 to 63 characters. It must start with an English letter. To avoid confusion, it cannot be all. The specified ACL must be an existing IPv4 basic ACL.

Usage guidelines

If you execute this command multiple times, the most recent configuration takes effect.

Only NETCONF clients permitted by the ACL can access the device through SOAP over HTTP.

Examples

# Use ACL 2001 to allow only NETCONF clients from subnet 10.10.0.0/16 to access the device through SOAP over HTTP.

<Sysname> system-view

[Sysname] acl basic 2001

[Sysname-acl-ipv4-basic-2001] rule permit source 10.10.0.0 0.0.255.255

[Sysname-acl-ipv4-basic-2001] quit

[Sysname] netconf soap http acl 2001

netconf soap http enable

Use netconf soap http enable to enable NETCONF over SOAP over HTTP.

Use undo netconf soap http enable to disable NETCONF over SOAP over HTTP.

Syntax

netconf soap http enable

undo netconf soap http enable

Default

NETCONF over SOAP over HTTP is disabled.

Views

System view

Predefined user roles

network-admin

Usage guidelines

This command enables the device to resolve NETCONF messages that are encapsulated with SOAP in HTTP packets.

Examples

# Enable NETCONF over SOAP over HTTP.

<Sysname> system-view

[Sysname] netconf soap http enable

netconf soap https acl

Use netconf soap https acl to apply an ACL to NETCONF over SOAP over HTTPS traffic.

Use undo netconf soap https acl to remove the application.

Syntax

netconf soap https acl { acl-number | name acl-name }

undo netconf soap https acl

Default

No ACL is applied to NETCONF over SOAP over HTTPS traffic.

Views

System view

Predefined user roles

network-admin

Parameters

acl-number: Specifies an IPv4 basic ACL by its number in the range of 2000 to 2999.

Usage guidelines

If you execute this command multiple times, the most recent configuration takes effect.

Only NETCONF clients permitted by the ACL can access the device through SOAP over HTTPS.

Examples

# Use ACL 2001 to allow only NETCONF clients from subnet 10.10.0.0/16 to access the device through SOAP over HTTPS.

<Sysname> system-view

[Sysname] acl basic 2001

[Sysname-acl-ipv4-basic-2001] rule permit source 10.10.0.0 0.0.255.255

[Sysname-acl-ipv4-basic-2001] quit

[Sysname] netconf soap https acl 2001

netconf soap https enable

Use netconf soap https enable to enable NETCONF over SOAP over HTTPS.

Use undo netconf soap https enable to disable NETCONF over SOAP over HTTPS.

Syntax

netconf soap https enable

undo netconf soap https enable

Default

NETCONF over SOAP over HTTPS is disabled.

Views

System view

Predefined user roles

network-admin

Usage guidelines

This command enables the device to resolve NETCONF messages that are encapsulated with SOAP in HTTPS packets.

Examples

# Enable NETCONF over SOAP over HTTPS.

<Sysname> system-view

[Sysname] netconf soap https enable

netconf ssh server enable

Use netconf ssh server enable to enable NETCONF over SSH.

Use undo netconf ssh server enable to disable NETCONF over SSH.

Syntax

netconf ssh server enable

undo netconf ssh server enable

Default

NETCONF over SSH is disabled.

Views

System view

Predefined user roles

network-admin

Usage guidelines

This feature allows you to use an SSH client to invoke NETCONF as an SSH subsystem. Then, you can directly use XML messages to perform NETCONF operations without using the xml command.

Before you execute this command, configure the authentication mode for users as scheme on the device. Then, the NETCONF-over-SSH-enabled user terminals can access the device through NETCONF over SSH.

Only capability set urn:ietf:params:netconf:base:1.0 is available. It is supported by both the device and user terminals.

Examples

# Enable NETCONF over SSH.

<Sysname> system-view

[Sysname] netconf ssh server enable

netconf ssh server port

Use netconf ssh server port to specify a port to listen for NETCONF-over-SSH connections.

Use undo netconf ssh server port to restore the default.

Syntax

netconf ssh server port port-number

undo netconf ssh server port

Default

Port 830 listens for NETCONF-over-SSH connections.

Views

System view

Predefined user roles

network-admin

Parameters

port-number: Specifies a port by its number in the range of 1 to 65535.

Usage guidelines

When assigning a listening port, make sure the specified port is not being used by other services. The SSH service can share the same port with other services, but it might not operate correctly.

Examples

# Specify port 800 to listen for NETCONF-over-SSH connections.

<Sysname> system-view

[Sysname] netconf ssh server port 800

xml

Use xml to enter XML view.

Syntax

xml

Views

User view

Predefined user roles

network-admin

network-operator

Usage guidelines

In XML view, use NETCONF messages to configure the device or obtain data from the device. The NETCONF operations you can perform depend on the user roles you have, as shown in Table 41.

Table 41 NETCONF operations available for the predefined user roles

User role	NETCONF operations
network-admin	All NETCONF operations
network-operator	· Get · Get-bulk · Get-bulk-config · Get-config · Get-sessions · Close-session

User role

NETCONF operations

network-admin

All NETCONF operations

network-operator

· Get

· Get-bulk

· Get-bulk-config

· Get-config

· Get-sessions

· Close-session

After you enter XML view, the device automatically advertises its NETCONF capabilities to the client. In response, you must configure the client to notify the device of its supported NETCONF capabilities. After the capability exchange, you can use the client to configure the device.

NETCONF messages must comply with the XML format requirements and semantic and syntactic requirements in the NETCONF XML API reference for the device. To ensure successful configuration, H3C recommends that you use third-party software to generate NETCONF messages.

To quit XML view, use a NETCONF message instead of the quit command.

If you have configured a shortcut key (Ctrl + C, by default) by using the escape-key command in user line/user line class view, the NETCONF message should not contain the shortcut key string. If the NETCONF message contains the shortcut key string, relevant configurations in XML view might be affected. For example, in user line view, you configured "a" as the shortcut key by using the escape-key a command. When a NETCONF message includes the character "a," only the contents after the last "a" in the message can be processed.

Examples

# Enter XML view.

<Sysname> xml

<?xml version="1.0" encoding="UTF-8"?><hello xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"><capabilities><capability>urn:ietf:params:netconf:base:1.0</capability><capability>urn:ietf:params:netconf:capability:writable-running:1.0</capability><capability>urn:ietf:params:netconf:capability:notification:1.0</capability><capability>urn:ietf:params:netconf:capability:validate:1.0</capability><capability>urn:ietf:params:netconf:capability:interleave:1.0</capability><capability>urn:ietf:params:netconf:capability:rollback-on-error:1.0</capability><capability>urn:h3c:params:netconf:capability:h3c-netconf-ext:1.0</capability><capability>urn:h3c:params:netconf:capability:h3c-save-point:1.0</capability></capabilities><session-id>1</session-id></hello>]]>]]>

# Notify the device of the NETCONF capabilities supported on the client.

urn:ietf:params:netconf:base:1.0

</capability>

</capabilities>

</hello>]]>]]>

# Quit XML view.

<close-session>

</close-session>

</rpc>]]>]]>

EAA commands

The WX1800H series access controllers do not support the slot keyword or the slot-number argument.

action cli

Use action cli to add a CLI action to a monitor policy.

Use undo action to remove an action.

Syntax

action number cli command-line

undo action number

Default

Monitor policies do not contain any actions.

Views

CLI-defined policy view

Predefined user roles

network-admin

Parameters

number: Specifies an action ID in the range of 0 to 231.

cli command-line: Specifies the command line to be executed when the event occurs. You can enter abbreviated forms of command keywords, but you must make sure the forms can uniquely identify the command keywords. For example, you can enter dis cu for the display current-configuration command.

Usage guidelines

You can configure a series of actions to be executed in response to the event specified in a monitor policy. If two actions have the same ID, the most recent one takes effect.

EAA executes the actions in ascending order of action IDs. When you add actions to a policy, you must make sure the execution order is correct.

To execute a command in a view other than user view, you must define actions required for accessing the target view before defining the command execution action. In addition, you must number the actions in the order they should be executed, starting with entering system view.

For example, to shut down an interface, you must create the following actions in order:

1. Action to enter system view.

2. Action to enter interface view.

3. Action to shut down the interface.

When you define an action, you may choose to specify a value or specify a variable name for an argument. For more information about using EAA environment variables, see "rtm environment."

Examples

# Configure the CLI-defined policy test to shut down GigabitEthernet 1/0/1 when the policy is triggered.

<Sysname> system-view

[Sysname] rtm cli-policy test

[Sysname-rtm-test] action 1 cli system-view

[Sysname-rtm-test] action 2 cli interface gigabitethernet 1/0/1

[Sysname-rtm-test] action 3 cli shutdown

action reboot

Use action reboot to add a reboot action to a monitor policy.

Use undo action to remove an action.

Syntax

action number reboot [slot slot-number ]

undo action number

Default

Monitor policies do not contain any actions.

Views

CLI-defined policy view

Predefined user roles

network-admin

Parameters

number: Specifies an action ID in the range of 0 to 231.

slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command reboots the IRF fabric.

Usage guidelines

You can configure a series of actions to be executed in response to the event specified in a monitor policy. If two actions have the same ID, the most recent one takes effect.

EAA executes the actions in ascending order of action IDs. When you add actions to a policy, you must make sure the execution order is correct.

The reboot action configured with this command reboots devices or cards without saving the running configuration. If you want to save the running configuration, use the action cli command to configure reboot actions.

When you define an action, you may choose to specify a value or specify a variable name for an argument. For more information about using EAA environment variables, see "rtm environment."

Examples

# Configure an action for the CLI-defined policy test to reboot IRF member device 1.

<Sysname> system-view

[Sysname] rtm cli-policy test

[Sysname-rtm-test] action 3 reboot slot 1

action switchover

Use action switchover to add an active/standby switchover action to a monitor policy.

Use undo action to remove an action.

Syntax

action number switchover

undo action number

Default

Monitor policies do not contain any actions.

Views

CLI-defined policy view

Predefined user roles

network-admin

Parameters

number: Specifies an action ID in the range of 0 to 231.

Usage guidelines

This command does not trigger an active/standby switchover when the device is not in redundancy state.

You can configure a series of actions to be executed in response to the event specified in a monitor policy.

If two actions have the same ID, the most recent one takes effect.

EAA executes the actions in ascending order of action IDs. You must make sure the execution order is correct when you add actions to a policy.

Examples

# Configure an action for the CLI-defined policy test to perform an active/standby switchover.

<Sysname> system-view

[Sysname] rtm cli-policy test

[Sysname-rtm-test] action 3 switchover

action syslog

Use action syslog to add a Syslog action to a monitor policy.

Use undo action to remove an action.

Syntax

action number syslog priority level facility local-number msg msg-body

undo action number

Default

Monitor policies do not contain any actions.

Views

CLI-defined policy view

Predefined user roles

network-admin

Parameters

number: Specifies an action ID in the range of 0 to 231.

priority level: Specifies the log severity level in the range of 0 to 7. A lower value represents a higher severity level.

facility local-number: Specifies a logging facility by its facility number in the range of local0 to local7. Facility numbers are used by a log host to identify log creation facilities for filtering log messages.

msg msg-body: Configures the log message body.

Usage guidelines

EAA sends log messages to the information center. You can configure the information center to output these messages to certain destinations. For more information about the information center, see "Configuring the information center."

You can configure a series of actions to be executed in response to the event specified in a monitor policy.

EAA executes the actions in ascending order of action IDs. When you add actions to a policy, you must make sure the execution order is correct.

If two actions have the same ID, the most recent one takes effect.

When you define an action, you may choose to specify a value or specify a variable name for an argument. For more information about using EAA environment variables, see "rtm environment."

Examples

# Configure an action for the CLI-defined policy test to send a log message "hello" with a severity of 7 from the facility device local3.

<Sysname> system-view

[Sysname] rtm cli-policy test

[Sysname-rtm-test] action 3 syslog priority 7 facility local3 msg hello

commit

Use commit to enable a CLI-defined monitor policy.

Syntax

commit

Default

No CLI-defined policies are enabled.

Views

CLI-defined policy view

Predefined user roles

network-admin

Usage guidelines

You must execute this command for a CLI-defined policy to take effect.

After changing the settings in a policy that has been enabled, you must re-execute this command for the changes to take effect.

Examples

# Enable the CLI-defined policy test.

<Sysname> system-view

[Sysname] rtm cli-policy test

[Sysname-rtm-test] commit

display rtm environment

Use display rtm environment to display user-defined EAA environment variables and their values.

Syntax

display rtm environment [ var-name ]

Views

Any view

Predefined user roles

network-admin

Parameters

var-name: Specifies a user-defined EAA environment variable by its name. If you do not specify a variable, this command displays all user-defined EAA environment variables.

Examples

# Display all user-defined EAA environment variables.

<Sysname> display rtm environment

Name Value

config_cmd interface m1/0/1

save_cmd save main force

show_run_cmd display current-configuration

display rtm policy

Use display rtm policy to display monitor policies.

Syntax

display rtm policy { active | registered [ verbose ] } [ policy-name ]

Views

Any view

Predefined user roles

network-admin

Parameters

active: Displays policies that are running.

registered: Displays policies that have been created.

policy-name: Specifies a policy by its name. If you do not specify a policy, the command displays all monitor policies that are running or have been created.

verbose: Displays detailed information about monitor policies.

Usage guidelines

To display the running configuration of CLI-defined monitor policies, execute the display current-configuration command in any view or execute the display this command in CLI-defined monitor policy view.

Examples

# Display all running monitor policies.

<Sysname> display rtm policy active

JID Type Event TimeActive PolicyName

507 TCL INTERFACE Aug 29 14:55:55 2013 test

# Display all monitor policies that have been created.

<Sysname> display rtm policy registered

Total number: 1

Type Event TimeRegistered PolicyName

CLI Aug 29 14:54:50 2013 test

# Display detailed information about all monitor policies.

<Sysname> display rtm policy registered verbose

Total number: 1

Policy Name: test

Policy Type: CLI

Event Type:

TimeRegistered: Aug 29 14:54:50 2013

User-role: network-operator

network-admin

Table 42 Command output

Field	Description
JID	Job ID. This field is available for the display rtm policy active command.
PolicyName	Monitor policy name.
Type Policy Type	Policy creation method: · TCL—The policy was configured by using Tcl. · CLI—The policy was configured from the CLI.
Event Event Type	Event type, including CLI, hotplug, interface, process, SNMP, SNMP-Notification, Syslog, and track.
TimeActive	Time when the policy started to execute.
TimeRegistered	Time when the policy was created.
Total number	Total number of policies.
User-role	User roles for executing the monitor policy. To execute the monitor policy, an administrator must have at least one of the displayed user roles.

event cli

Use event cli to configure a CLI event for a CLI-defined monitor policy.

Use undo event to delete the event in a CLI-defined monitor policy.

Syntax

event cli { async [ skip ] | sync } mode { execute | help | tab } pattern regular-exp

undo event

Default

No CLI events are configured.

Views

CLI-defined policy view

Predefined user roles

network-admin

Parameters

async [ skip ]: Enables or disables the system to execute the command that triggers the policy. If you specify the skip keyword, the system executes the actions in the policy without executing the command that triggers the policy. If you do not specify the skip keyword, the system executes both the actions in the policy and the command entered at the CLI.

sync: Enables the system to execute the command that triggers the event only if the policy has been executed successfully.

execute: Triggers the policy when a matching command is entered.

help: Triggers the policy when a question mark (?) is entered at a matching command line.

tab: Triggers the policy when the Tab key is pressed to complete a parameter in a matching command line.

pattern regular-exp: Specifies a regular expression for matching commands that trigger the policy. For more information about using regular expressions, see Fundamentals Configuration Guide.

Usage guidelines

Use CLI event monitor policies to monitor operations performed at the CLI.

You can configure only one event for a monitor policy. If the monitor policy already contains an event, the new event replaces the old event.

Examples

# Configure a CLI-defined policy to monitor execution of commands that contain the dis inter brief string. Enable the system to execute the actions in the policy without executing the command that triggers the policy.

<Sysname>system-view

[Sysname] rtm cli-policy test

[Sysname-rmt-test] event cli async skip mode execute pattern dis inter brief

# Configure a CLI-defined policy to monitor the use of the Tab key at command lines that contain the dis inter brief string. Enable the system to execute the actions in the policy and display the complete parameter when Tab is pressed at a policy-matching command line.

<Sysname> system-view

[Sysname] rtm cli-policy test

[Sysname-rmt-test] event cli async mode tab pattern dis inter brief

# Configure a CLI-defined policy to monitor the use of the question mark (?) at command lines that contain the dis inter brief string. Enable the system to execute a policy-matching command line only if the actions in the policy are executed successfully when a question mark is entered at the command line.

<Sysname>system-view

[Sysname] rtm cli-policy test

[Sysname-rmt-test] event cli sync mode help pattern dis inter brief

event interface

Use event interface to configure an interface event for a CLI-defined monitor policy.

Use undo event to delete the event in a CLI-defined monitor policy.

Syntax

event interface interface-type interface-number monitor-obj monitor-obj start-op start-op start-val start-val restart-op restart-op restart-val restart-val [ interval interval ]

undo event

Default

No interface events are configured.

Views

CLI-defined policy view

Predefined user roles

network-admin

Parameters

interface-type interface-number: Specifies an interface by its type and number.

monitor-obj monitor-obj: Specifies the traffic statistic to be monitored on the interface. For keywords available for the monitor-obj argument, see Table 43.

start-op start-op: Specifies the operator for comparing the monitored traffic statistic with the start threshold. The start threshold is crossed if the comparison result meets the condition. For keywords available for the start-op argument, see Table 44.

start-val start-val: Specifies the start threshold to be compared with the monitored traffic statistic. The value range is 0 to 4294967295.

restart-op restart-op: Specifies the operator for comparing the monitored traffic statistic with the restart threshold. The restart threshold is crossed if the comparison result meets the condition. For keywords available for the restart-op argument, see Table 44.

restart-val restart-val: Specifies the restart threshold to be compared with the monitored traffic statistic. The value range is 0 to 4294967295.

interval interval: Specifies the interval to sample the monitored traffic statistic for a comparison. The value range is 1 to 4294967295 seconds. The default is 300 seconds.

Table 43 Monitored objects

Monitored traffic statistic	Description
input-drops	Number of discarded incoming packets.
input-errors	Number of incoming error packets.
output-drops	Number of discarded outgoing packets.
output-errors	Number of outgoing error packets.
rcv-bps	Receive rate, in bps.
rcv-broadcasts	Number of incoming broadcasts.
rcv-pps	Receive rate, in packets per second.
tx-bps	Transmit rate, in bps.
tx-pps	Transmit rate, in packets per second.

Table 44 Comparison operators

Comparison operator	Description
eq	Equal to.
ge	Greater than or equal to.
gt	Greater than.
le	Less than or equal to.
lt	Less than.
ne	Not equal to.

Usage guidelines

Use interface event monitor policies to monitor traffic statistics on an interface.

You can configure only one event for a monitor policy. If the monitor policy already contains an event, the new event replaces the old event.

EAA executes an interface event policy when the monitored interface traffic statistic crosses the start threshold in the following situations:

· The statistic crosses the start threshold for the first time.

· The statistic crosses the start threshold each time after it crosses the restart threshold.

The following is the interface event monitor process of EAA:

1. Compares the traffic statistic sample with the start threshold at sampling intervals until the start threshold is crossed.

2. Executes the policy.

3. Compares the traffic statistic sample with the restart threshold at sampling intervals until the restart threshold is crossed.

4. Compares the traffic statistic sample with the start threshold at sampling intervals until the start threshold is crossed.

5. Executes the policy again.

This process cycles for the monitor policy to be executed and re-executed.

Examples

# Configure a CLI-defined policy to monitor the incoming error packet statistic on GigabitEthernet 1/0/1 every 60 seconds. Set the start threshold to 1000 and the restart threshold to 50. Enable EAA to execute the policy when the statistic exceeds 1000 for the first time. Enable EAA to re-execute the policy if the statistic exceeds 1000 each time after the statistic has dropped below 50.

<Sysname> system-view

[Sysname] rtm cli-policy test

[Sysname-rtm-test] event interface gigabitethernet 1/0/1 monitor-obj input-errors start-op gt start-val 1000 restart-op lt restart-val 50 interval 60

event process

Use event process to configure a process event for a CLI-defined monitor policy.

Use undo event to delete the event in a CLI-defined monitor policy.

Syntax

event process { exception | restart | shutdown | start } [ name process-name [ instance instance-id ] ] [ slot slot-number ]

undo event

Default

No process events are configured.

Views

CLI-defined policy view

Predefined user roles

network-admin

Parameters

exception: Monitors the specified process for exceptional events. EAA executes the policy when an exception occurs to the monitored process.

restart: Monitors the specified process for restart events. EAA executes the policy when the monitored process restarts.

shutdown: Monitors the specified process for shutdown events. EAA executes the policy when the monitored process is shut down.

start: Monitors the specified process for start events. EAA executes the policy when the monitored process starts.

name process-name: Specifies a user-mode process by its name. The process can be one that is running or not running. If you do not specify a name, this command monitors all use-mode processes.

instance instance-id: Specifies a process instance ID in the range of 0 to 4294967295. The instance ID can be one that has not been created yet. If you specify an instance, EAA only monitors the process instance. If you do not specify an instance, EAA monitors all instances of the process.

slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command applies to the IRF fabric.

Usage guidelines

Use process event monitor policies to monitor process state changes. These changes can result from manual operations or automatic system operations.

You can configure only one event for a monitor policy. If the monitor policy already contains an event, the new event replaces the old event.

Examples

# Configure a CLI-defined policy to monitor all instances of the process snmpd for restart events.

<Sysname>system-view

[Sysname] rtm cli-policy test

[Sysname-rtm-test] event process restart name snmpd

event snmp oid

Use event snmp oid to configure an SNMP event for a CLI-defined monitor policy.

Use undo event to delete the event in a CLI-defined monitor policy.

Syntax

event snmp oid oid monitor-obj { get | next } start-op start-op start-val start-val restart-op restart-op restart-val restart-val [ interval interval ]

undo event

Default

No SNMP events are configured.

Views

CLI-defined policy view

Predefined user roles

network-admin

Parameters

oid oid: Specifies the OID of the monitored MIB variable, a string of 1 to 256 characters.

monitor-obj { get | next }: Specifies the SNMP operation used for sampling variable values. The get keyword represents the SNMP get operation, and the next keyword represents the SNMP getNext operation.

start-op start-op: Specifies the operator for comparing the sampled value with the start threshold. The start threshold is crossed if the comparison result meets the condition. For keywords available for the start-op argument, see Table 44.

start-val start-val: Specifies the start threshold to be compared with the sampled value. The start-val argument can be any data type supported by SNMP, including numerals and character strings. The CLI online help system displays the value range as character strings of 1 to 512 characters. If the threshold value contains spaces, you must enclose the value in quotation marks (" ").

restart-op op: Specifies the operator for comparing the sampled value with the restart threshold. The restart threshold is crossed if the comparison result meets the condition. For keywords available for the start-op argument, see Table 44.

restart-op restart-val: Specifies the restart threshold to be compared with the sampled value. The restart-val argument can be any data type supported by SNMP, including numerals and character strings. The CLI online help system displays the value range as character strings of 1 to 512 characters. If the threshold value contains spaces, you must enclose the value in quotation marks (" ").

interval interval: Specifies the sampling interval in the range of 1 to 4294967295 seconds. The default is 300 seconds.

Usage guidelines

Use SNMP event monitor policy to monitor value changes of MIB variables.

You can configure only one event for a monitor policy. If the monitor policy already contains an event, the new event replaces the old event.

EAA executes an SNMP event policy when the monitored MIB variable's value crosses the start threshold in the following situations:

· The monitored variable's value crosses the start threshold for the first time.

· The monitored variable's value crosses the start threshold each time after it crosses the restart threshold.

The following is the SNMP event monitor process of EAA:

1. Compares the variable sample with the start threshold at sampling intervals until the start threshold is crossed.

2. Executes the policy.

3. Compares the variable sample with the restart threshold at sampling intervals until the restart threshold is crossed.

4. Compares the variable sample with the start threshold at sampling intervals until the start threshold is crossed.

5. Executes the policy again.

This process cycles for the monitor policy to be executed and re-executed.

Examples

# Configure a CLI-defined policy to get the value of the MIB variable 1.3.6.4.9.9.42.1.2.1.6.4 every five seconds. Set the start threshold to 1 and the restart threshold to 2. Enable EAA to execute the policy when the value changes to 1 for the first time. Enable EAA to re-execute the policy if the value changes to 1 each time after the value has changed to 2.

<Sysname> system-view

[Sysname] rtm cli-policy snmp

[Sysname-rtm-snmp] event snmp oid 1.3.6.4.9.9.42.1.2.1.6.4 monitor-obj get start-op eq start-val 1 restart-op eq restart-val 2 interval 5

event snmp-notification

Use event snmp-notification to configure an SNMP-Notification event for a CLI-defined policy.

Use undo event to remove the event in a CLI-defined policy.

Syntax

event snmp-notification oid oid oid-val oid-val op op [ drop ]

undo event

Default

No SNMP-Notification events are configured.

Views

CLI-defined policy view

Predefined user roles

network-admin

Parameters

oid oid: Specifies the OID of the monitored MIB variable, a string of 1 to 256 characters.

oid-val oid-val: Specifies the threshold to be compared with the sampled value. The oid-val argument can be any data type supported by SNMP, including numerals and character strings. The CLI online help system displays the value range as character strings of 1 to 512 characters. If the threshold value contains spaces, you must enclose the value in quotation marks (" ").

op op: Specifies the operator for comparing the sampled value with the threshold. The policy is executed if the comparison result meets the condition. For keywords available for the start-op argument, see Table 44.

drop: Drops the notification if the comparison result meets the condition. If this keyword is not specified, the system sends the notification.

Usage guidelines

Use SNMP-Notification event monitor policies to monitor variables in SNMP notifications.

EAA executes an SNMP-Notification event monitor policy when the value of the monitored variable in an SNMP notification meets the specified condition.

You can configure only one event for a monitor policy. If the monitor policy already contains an event, the new event replaces the old event.

Examples

# Configure a CLI-defined policy to monitor SNMP notifications that contain the variable OID 1.3.6.1.4.1.318.2.8.3. Enable the system to drop an SNMP notification and execute the policy if the variable in the notification contains the "UPS:Returned from battery backup power" string.

<Sysname> system-view

[Sysname] rtm cli-policy snmp-notification

[Sysname-rtm-snmp-notification] event snmp-notification oid 1.3.6.1.4.1.318.2.8.3 oid-val “UPS:Returned from battery backup power” op eq drop

event syslog

Use event syslog to configure a Syslog event for a CLI-defined monitor policy.

Use undo event to delete the event in a CLI-defined monitor policy.

Syntax

event syslog priority level msg msg occurs times period period

undo event

Default

No log event is configured.

Views

CLI-defined policy view

Predefined user roles

network-admin

Parameters

priority level: Specifies the lowest severity level for matching log messages. The level argument can be an integer in the range of 0 to 7, or the word all, which represents any severity level from 0 to 7. A lower number represents higher priority level. For example, specify a severity level of 3 to match log messages from level 3 to level 0.

msg msg: Specifies a regular expression to match the message body, a string of 1 to 255 characters. The log message must use the H3C format. For more information about log message formats, see "Configuring the information center."

occurs times period period: Executes the policy if the number of log matches over an interval exceeds the limit. The times argument specifies the maximum number of log matches in the range of 1 to 32. The period argument specifies an interval in the range of 1 to 4294967295 seconds.

Usage guidelines

Use Syslog event monitor policies to monitor log messages.

EAA executes a Syslog event monitor policy when the number of matching logs over an interval reaches the limit.

NOTE:

EAA does not count log messages generated by the RTM module when it counts log matches.

You can configure only one event for a monitor policy. If the monitor policy already contains an event, the new event replaces the old event.

Examples

# Configure a CLI-defined policy to monitor Syslog messages for level 3 to level 0 messages that contain the down string. Enable the policy to execute when five log matches are found within 6 seconds.

<Sysname> system-view

[Sysname] rtm cli-policy syslog

[Sysname-rtm-syslog] event syslog priority 3 msg down occurs 5 period 6

event track

Use event track to configure a track event for a CLI-defined monitor policy.

Use undo event to delete the event in a CLI-defined monitor policy.

Syntax

event track track-list state { negative | positive } [ suppress-time suppress-time ]

undo event

Default

A CLI-defined policy does not contain a track event.

Views

CLI-defined policy view

Predefined user roles

network-admin

Parameters

track-list: Specifies a space-separated list of up to 16 track items. Each item specifies a track entry number or a range of track entry numbers in the form of track-entry-number to track-entry-number. The value range for the track-entry-number argument is 1 to 1024.

state { negative | positive }: Monitors state change of the track entries.

· negative: Triggers the policy when the states of the track entries change from Positive to Negative.

· positive: Triggers the policy when the state of the track entries change from Negative to Positive.

suppress-time suppress-time: Sets a suppress time in the range of 1 to 4294967295, in seconds. The default value is 0.

Usage guidelines

Use track event monitor policies to monitor state change of track entries. If you specify one track entry for a policy, EAA triggers the policy when the state of the track entry changes from Positive to Negative or from Negative to Positive. If you specify multiple track entries for a policy, EAA triggers the policy only when the state of all the track entries changes from Positive (Negative) to Negative (Positive).

If you set a suppress time, the timer starts when the policy is triggered. The system does not process the messages that report the track entry state change from Positive (Negative) to Negative (Positive) until the timer times out.

For example, to automatically disconnect the sessions between the local device and its down link BGP peers when the sessions between the local device and its uplink BGP peers are disconnected, you can configure a track event monitor policy as follows:

· Configure a track event for the policy and specify track entries to monitor the links between the local device and its uplink BGP peers.

· Add CLI action peer ignore to the policy to disable BGP session establishment between the local device and its downlink BGP peers.

You can configure only one event entry for a monitor policy. If the monitor policy already contains an event entry, the new event entry replaces the old event entry.

Examples

# Create CLI-defined monitor policy test. Configure a track event that occurs when the states of track entry 1 to track entry 8 change from Positive to Negative. Set the suppress time to 180 seconds.

<Sysname>system-view

[Sysname] rtm cli-policy test

[Sysname-rtm-test] event track 1 to 8 state negative suppress-time 180

rtm cli-policy

Use rtm cli-policy to create a CLI-defined EAA monitor policy and enter its view.

Use undo rtm cli-policy to delete a CLI-defined monitor policy.

Syntax

rtm cli-policy policy-name

undo rtm cli-policy policy-name

Default

No CLI-defined monitor policy exists.

Views

System view

Predefined user roles

network-admin

Parameters

policy-name: Specifies the name of a CLI-defined monitor policy, a case-sensitive string of 1 to 63 characters.

Usage guidelines

You must create a CLI-defined monitor policy before you can use the CLI to configure settings in the policy.

You can assign the same policy name to a CLI-defined policy and a Tcl-defined policy, but you cannot assign the same name to policies that are the same type.

For a CLI-defined monitor policy to take effect, you must execute the commit command after you complete configuring the policy.

Examples

# Create a CLI-defined policy and enter its view.

<Sysname> system-view

[Sysname] rtm cli-policy test

Related commands

commit

rtm environment

Use rtm environment to configure an EAA environment variable.

Use undo rtm environment to delete a user-defined EAA environment variable.

Syntax

rtm environment var-name var-value

undo rtm environment var-name

Default

The system provides the variables in Table 45. You cannot create, delete, or modify these system-defined variables.

Table 45 System-defined EAA environment variables by event type

Variable name	Description
Any event:
_event_id	Event ID.
_event_type	Event type.
_event_type_string	Event type description.
_event_time	Time when the event occurs.
_event_severity	Severity level of an event.
CLI:
_cmd	Commands that are matched.
Syslog:
_syslog_pattern	Log message content.
Interface:
_ifname	Interface name.
SNMP:
_oid	OID of the MIB variable where an SNMP operation is performed.
_oid_value	Value of the MIB variable.
SNMP-Notification:
_oid	OID that is included in the SNMP notification.
Process:
_process_name	Process name.

Views

System view

Predefined user roles

network-admin

Parameters

var-name: Specifies an environment variable name, a string of 1 to 63 characters. A user-defined EAA environment variable name can contain digits, letters, and the underscore sign (_), but its leading character cannot be the underscore sign.

var-value: Specifies the variable value.

Usage guidelines

When you define an action, you can enter a variable name with a leading dollar sign ($variable_name) instead of entering a value for an argument. EAA will replace the variable name with the variable value when it performs the action.

For an action argument, you can specify a list of variable names in the form of $variable_name1$variable_name2...$variable_nameN.

Examples

# Create an environment variable: set its name to if and set its value to interface.

<Sysname> system-view

[Sysname] rtm environment if interface

rtm scheduler suspend

Use rtm scheduler suspend to suspend monitor policies.

Use undo rtm scheduler suspend to resume monitor policies.

Syntax

rtm scheduler suspend

undo rtm scheduler suspend

Views

System view

Predefined user roles

network-admin

Usage guidelines

This command disables all CLI-defined and Tcl-defined monitor policies except for the monitor policies that are running.

To revise the Tcl script of a policy, you must suspend all monitor policies first, and then resume the policies after you finish revising the script. The system cannot execute a Tcl-defined policy if you edit its Tcl script without suspending all monitor policies.

Examples

# Suspend monitor policies.

<Sysname> system-view

[Sysname] rtm scheduler suspend

rtm tcl-policy

Use rtm tcl-policy to create a Tcl-defined policy and bind it to a Tcl script file.

Use undo rtm tcl-policy to delete a Tcl policy.

Syntax

rtm tcl-policy policy-name tcl-filename

undo rtm tcl-policy policy-name

Default

No Tcl policies exist.

Views

System view

Predefined user roles

network-admin

Parameters

policy-name: Specifies a policy name, a case-sensitive string of 1 to 63 characters.

tcl-filename: Specifies a .tcl script file name. The file name is case sensitive. You must make sure the file is available on a storage medium of the device.

Usage guidelines

Use this command to configure a monitor policy in Tcl.

This command both creates and enables the specified Tcl-defined monitor policy. To revise the Tcl script of a Tcl-defined policy, you must suspend all monitor policies first, and then resume the policies after you finish revising the script. The system cannot execute a Tcl-defined policy if you edit its Tcl script without suspending all monitor policies.

To bind a Tcl-defined policy to a different Tcl script file:

1. Delete the Tcl policy.

2. Create the Tcl policy again, and then bind it to the new Tcl script file.

You can assign the same policy name to a CLI-defined policy and a Tcl-defined policy. However, you cannot assign the same name to policies that are the same type.

Examples

# Create a Tcl policy and bind it to a Tcl script file.

<Sysname> system-view

[Sysname] rtm tcl-policy test test.tcl

running-time

Use running-time to configure the runtime of a CLI-defined policy.

Use undo running-time to restore the default.

Syntax

running-time time

undo running-time

Default

The runtime of a CLI-defined policy is 20 seconds.

Views

CLI-defined policy view

Predefined user roles

network-admin

Parameters

time: Specifies the runtime of the CLI-defined policy, in the range of 0 to 31536000 seconds. If you specify 0, the policy can run forever until it is manually interrupted.

Usage guidelines

Policy runtime limits the amount of time that the monitor policy can run from the time it is triggered. When the runtime is reached, the system stops executing the policy even if the execution is not finished.

This setting prevents an incorrectly defined policy from running permanently to occupy resources.

Examples

# Set the runtime to 60 seconds for the CLI-defined policy test.

<Sysname> system-view

[Sysname] rtm cli-policy test

[Sysname-rtm-test] running-time 60

user-role

Use user-role to assign a user role to a CLI-defined policy.

Use undo user-role to remove a user role from a CLI-defined policy.

Syntax

user-role role-name

undo user-role role-name

Default

A monitor policy contains user roles that its creator had at the time of policy creation.

Views

CLI-defined policy view

Predefined user roles

network-admin

Parameters

role-name: Specifies a user role, a string of 1 to 63 characters.

Usage guidelines

For EAA to execute an action in a monitor policy, you must assign the policy the user role that has access to the action-specific commands and resources. If EAA lacks access to an action-specific command or resource, EAA does not perform the action and all the subsequent actions.

For example, a monitor policy has four actions numbered from 1 to 4. The policy has user roles that are required for performing actions 1, 3, and 4, but it does not have the user role required for performing action 2. When the policy is triggered, EAA executes only action 1.

A monitor policy supports a maximum of 64 valid user roles. User roles added after this limit is reached do not take effect.

You cannot assign a monitor policy user roles that have higher privilege than the user roles you are logged in with.

Examples

# Assign user roles to a CLI-defined policy.

<Sysname> system-view

[Sysname] rtm cli-policy test

[Sysname-rtm-test] user-role network-admin

[Sysname-rtm-test] user-role admin

Process monitoring and maintenance commands

The WX1800H series access controllers do not support the slot keyword or the slot-number argument.

The storage media supported by the device depends on the device model. A CF card is used as an example.

The display memory, display process, display process cpu, monitor process, and monitor thread commands display information about both user processes and kernel threads. In these commands, "process" refers to both user processes and kernel threads.

display exception context

Use display exception context to display context information for process exceptions.

Syntax

display exception context [ count value ] [ slot slot-number [ cpu cpu-number ] ]

Views

Any view

Predefined user roles

network-admin

Parameters

count value: Specifies the number of context information entries, in the range of 1 to 20. The default value is 1.

slot slot-number: Specifies an IRF member device by its ID. If you do not specify this option, the command displays context information for process exceptions on the master device.

cpu cpu-number: Specifies a CPU by its number. The value can only be 0.

Usage guidelines

The system generates a context information entry for each process exception. A context information entry includes the process ID, the crash time, the core file directory, stack information, and register information.

Examples

# Display the exception context information on the x86-based 32-bit device.

<Sysname> display exception context

Index 1 of 1

------------------------------

Crashed PID: 120 (routed)

Crash signal: SIGBUS

Crash time: Tue Apr 9 17:14:30 2013

Core file path:

cfa0:/core/node0_routed_120_7_20130409-171430_1365527670.core

#0 0xb7caba4a

#1 0x0804cb79

#2 0xb7cd77c4

#3 0x08049f45

Backtrace stopped.

Registers' content

eax:0xfffffffc ebx:0x00000003 ecx:0xbfe244ec edx:0x0000000a

esp:0xbfe244b8 ebp:0xbfe244c8 esi:0xffffffff edi:0xbfe24674

eip:0xb7caba4a eflag:0x00000292 cs:0x00000073 ss:0x0000007b

ds:0x0000007b es:0x0000007b fs:0x00000000 gs:0x00000033

# Display the exception context information on the x86-based 64-bit device.

<Sysname> display exception context

Index 1 of 1

------------------------------

Crashed PID: 121 (routed)

Crash signal: SIGBUS

Crash time: Sun Mar 31 11:12:21 2013

Core file path:

cfa0:/core/node0_routed_121_7_20130331-111221_1364728341.core

#0 0x00007fae7dbad20c

#1 0x00000000004059fa

#2 0x00007fae7dbd96c0

#3 0x0000000000402b29

Backtrace stopped.

Registers' content

rax:0xfffffffffffffffc rbx:0x00007fff88a5dd10

rcx:0xffffffffffffffff rdx:0x000000000000000a

rsi:0x00007fff88a5dd10 rdi:0x0000000000000003

rbp:0x00007fff88a5dcf0 rsp:0x00007fff88a5dcf0

r8:0x00007fae7ea587e0 r9:0x0000000000000079

r10:0xffffffffffffffff r11:0x0000000000000246

r12:0x0000000000405b18 r13:0x00007fff88a5ff7a

r14:0x00007fff88a5de30 r15:0x0000000000000000

rip:0x00007fae7dbad20c flag:0x0000000000000246

cs:0x0000000000000033 ss:0x000000000000002b

ds:0x0000000000000000 es:0x0000000000000000

fs:0x0000000000000000 gs:0x0000000000000000

fs_base:0x00007fae80a5d6a0 gs_base:0x0000000000000000

orig_ax:0x00000000000000e8

# Display the exception context information on the PowerPC-based 32-bit device.

<Sysname> display exception context

Index 1 of 1

------------------------------

Crashed PID: 133 (routed)

Crash signal: SIGBUS

Crash time: Wed Apr 10 15:47:49 2013

Core file path:

cfa0:/core/node0_routed_133_7_20130410-154749_1365608869.core

#0 0x184720bc

#1 0x10006b4c

Backtrace stopped.

Registers' content

grp00: 0x000000ee 0x7ffd6ad0 0x1800f440 0x00000004

grp04: 0x7ffd6af8 0x0000000a 0xffffffff 0x184720bc

grp08: 0x0002d200 0x00000003 0x00000001 0x1847209c

grp12: 0x10006b4c 0x10020534 0xd6744100 0x00000000

grp16: 0x00000000 0xa0203ff0 0xa028b12c 0xa028b13c

grp20: 0xa028b148 0xa028b168 0xa028b178 0xa028b190

grp24: 0xa028b1a8 0xa028b1b8 0x00000000 0x7ffd6c08

grp28: 0x10006cac 0x7ffd6f92 0x184c1b84 0x7ffd6ae0

nip:0x184720bc lr:0x10006b4c cr:0x38000022 ctr:0x1847209c

msr:0x0002db00 xer:0x00000000 ret:0xfffffffc dsisr:0x08000000

gr3:0x00000003 mq:0x00000000 trap:0x00000c00 dar:0x1833114c

# Display the exception context information on the PowerPC-based 64-bit device.

<Sysname> display exception context

Index 1 of 1

------------------------------

Crashed PID: 172 (routed)

Crash signal: SIGBUS

Crash time: Sat Sep 15 16:53:16 2007

Core file path:

cfa0:/core/node1_routed_172_7_20070915-165316_1189875196.core

#0 0x00000fff803c66b4

#1 0x0000000010009b94

#2 0x00000fff80401814

Backtrace stopped.

Registers' content

grp00: 0x00000000000000ee 0x00000fffffd04840

grp02: 0x00000fff80425c28 0x0000000000000004

grp04: 0x00000fffffd048c0 0x000000000000000a

grp06: 0xffffffffffffffff 0x00000fff803c66b4

grp08: 0x000000008002d000 0x0000000000000000

grp10: 0x0000000000000000 0x0000000000000000

grp12: 0x0000000000000000 0x00000fff80a096b0

grp14: 0x000000007b964c00 0x000000007b7d0000

grp16: 0x0000000000000001 0x000000000000000b

grp18: 0x0000000000000031 0x0000000000a205b8

grp20: 0x0000000000a20677 0x0000000000000000

grp22: 0x000000007bb91014 0x0000000000000000

grp24: 0xc0000000005ae1c8 0x0000000000000000

grp26: 0xc0000001f00bff20 0xc0000001f00b0000

grp28: 0x00000fffffd04a30 0x000000001001aed8

grp30: 0x00000fffffd04fae 0x00000fffffd04840

nip:0x00000fff803c66b4 lr:0x0000000010009b94

cr:0x0000000058000482 ctr:0x00000fff803c66ac

msr:0x000000008002d000 xer:0x0000000000000000

ret:0xfffffffffffffffc dsisr:0x0000000000000000

gr3:0x0000000000000003 softe:0x0000000000000001

trap:0x0000000000000c00 dar:0x00000fff8059d14c

# Display the exception context information on the MIPS-based 32-bit device.

<Sysname> display exception context

Index 1 of 1

------------------------------

Crashed PID: 182 (routed)

Crash signal: SIGBUS

Crash time: Sun Jan 2 08:11:38 2013

Core file path:

cfa0:/core/node4_routed_182_10_20130102-081138_1293955898.core

#0 0x2af2faf4

#1 0x00406d8c

Backtrace stopped.

Registers' content

zero:0x00000000 at:0x1000dc00 v0:0x00000004 v1:0x00000003

a0:0x00000003 a1:0x7fd267e8 a2:0x0000000a a3:0x00000001

t0:0x00000000 t1:0xcf08fa14 t2:0x80230510 t3:0xfffffff8

t4:0x69766520 t5:0x00000000 t6:0x63cc6000 t7:0x44617461

s0:0x7fd26f81 s1:0x00401948 s2:0x7fd268f8 s3:0x803e1db0

s4:0x803e1da0 s5:0x803e1d88 s6:0x803e1d70 s7:0x803e1d60

t8:0x00000008 t9:0x2af2fae0 k0:0x00000000 k1:0x00000000

gp:0x2af9a3a0 sp:0x7fd267c0 s8:0x7fd267c0 ra:0x00406d8c

sr:0x0000dc13 lo:0xef9db265 hi:0x0000003f bad:0x2add2010

cause:0x00800020 pc:0x2af2faf4

# Display the exception context information on the MIPS-based 64-bit device.

<Sysname> display exception context

Index 1 of 1

------------------------------

Crashed PID: 270 (routed)

Crash signal: SIGBUS

Crash time: Wed Mar 27 12:39:12 2013

Core file path:

cfa0:/core/node16_routed_270_10_20130327-123912_1364387952.core

#0 0x0000005555a3bcb4

#1 0x0000000120006c1c

Backtrace stopped.

Registers' content

zero:0x0000000000000000 at:0x0000000000000014

v0:0x0000000000000004 v1:0x0000000000000003

a0:0x0000000000000003 a1:0x000000ffff899d90

a2:0x000000000000000a a3:0x0000000000000001

a4:0x0000005555a9b4e0 a5:0x0000000000000000

a6:0xffffffff8021349c a7:0x20696e206368616e

t0:0x0000000000000000 t1:0xffffffff80105068

t2:0xffffffff80213890 t3:0x0000000000000008

s0:0x0000005555a99c40 s1:0x000000ffff89af5f

s2:0x0000000120007320 s3:0x0000005555a5f470

s4:0x000000ffff899f80 s5:0xffffffff803cc6c0

s6:0xffffffff803cc6a8 s7:0xffffffff803cc690

t8:0x0000000000000002 t9:0x0000005555a3bc98

k0:0x0000000000000000 k1:0x0000000000000000

gp:0x0000000120020460 sp:0x000000ffff899d70

s8:0x000000ffff899d80 ra:0x0000000120006c1c

sr:0x000000000400fff3 lo:0xdf3b645a1cac08c9

hi:0x000000000000007f bad:0x000000555589ba84

cause:0x0000000000800020 pc:0x0000005555a3bcb4

Table 46 Command output

Filed	Description
Crashed PID	ID of the crashed process.
Crash signal	Signals that led to the crash: · SIGABRT—Abort. · SIGBUS—Bus error. · SIGFPE—Erroneous arithmetic operation. · SIGILL—Illegal hardware instructions. · SIGQUIT—Quit signal sent by the controlling terminal. · SIGSEGV—Invalid memory access. · SIGSYS—Invalid system call. · SIGTRAP—Trap message. · SIGXCPU—CPU usage limit exceeded. · SIGXFSZ—File size limit exceeded. · SIGUNKNOW—Unknown reason.
Crash time	Time when the crash occurred.
Core file path	Directory where the core file is saved.
Backtrace stopped	All stack information has been displayed.

Related commands

reset exception context

display exception filepath

Use display exception filepath to display the core file directory.

Syntax

display exception filepath [ slot slot-number [ cpu cpu-number ] ]

Views

Any view

Predefined user roles

network-admin

Parameters

slot slot-number: Specifies an IRF member device by its ID. If you do not specify this option, the command displays the core file directory on the master device.

cpu cpu-number: Specifies a CPU by its number. The value can only be 0.

Examples

# (IRF-incapable devices.) Display the core file directory on the device.

<Sysname> display exception filepath

The exception filepath is cfa0:.

# (IRF-capable devices.) Display the core file directory on the master device.

<Sysname> display exception filepath

The exception filepath on slot 0 is cfa0:.

# (IRF-capable devices.) Display the core file directory on a member device.

<Sysname> display exception filepath slot 1

The exception filepath on slot 1 is NULL.

display kernel deadloop

Use display kernel deadloop to display kernel thread deadloop information.

Syntax

display kernel deadloop show-number [ offset ] [ verbose ] [ slot slot-number [ cpu cpu-number ] ]

Views

Any view

Predefined user roles

network-admin

Parameters

show-number: Specifies the number of deadloops to display, in the range of 1 to 20.

offset: Specifies the offset between the starting deadloop and the latest deadloop, in the range of 0 to 19. The default value is 0.

verbose: Displays detailed information. If you do not specify this keyword, the command displays brief information.

slot slot-number: Specifies an IRF member device by its ID. If you do not specify this option, the command displays kernel thread deadloop information for the master device.

cpu cpu-number: Specifies a CPU by its number. The value can only be 0.

Examples

# Display brief information about the latest kernel thread deadloop.

<Sysname> display kernel deadloop 1

----------------- Deadloop record 1 -----------------

Description : BUG: soft lockup - CPU#0 stuck for 61! [comsh: 16306]

Recorded at : 2013-05-01 11:16:00.823018

Occurred at : 2013-05-01 11:16:00.823018

Instruction address : 0x4004158c

Thread : comsh (TID: 16306)

Context : thread context

Chassis : 0

Slot : 0

Cpu : 0

VCPU ID : 0

Kernel module info : module name (mrpnc) module address (0xe332a000)

# Display detailed information about the latest kernel thread deadloop.

<Sysname> display kernel deadloop 1 verbose

----------------- Deadloop record 1 -----------------

Description : BUG: soft lockup - CPU#0 stuck for 61! [comsh: 16306]

Recorded at : 2013-05-01 11:16:00.823018

Occurred at : 2013-05-01 11:16:00.823018

Instruction address : 0x4004158c

Thread : comsh (TID: 16306)

Context : thread context

Chassis : 0

Slot : 0

Cpu : 0

VCPU ID : 0

Kernel module info : module name (mrpnc) module address (0xe332a000)

Last 5 thread switches : migration/0 (11:16:00.823018)-->

swapper (11:16:00.833018)-->

kthreadd (11:16:00.833518)-->

swapper (11:16:00.833550)-->

disk (11:16:00.833560)

Reg: r0, Val = 0x00000000 ; Reg: r1, Val = 0xe2be5ea0 ;

Reg: r2, Val = 0x00000000 ; Reg: r3, Val = 0x77777777 ;

Reg: r4, Val = 0x00000000 ; Reg: r5, Val = 0x00001492 ;

Reg: r6, Val = 0x00000000 ; Reg: r7, Val = 0x0000ffff ;

Reg: r8, Val = 0x77777777 ; Reg: r9, Val = 0x00000000 ;

Reg: r10, Val = 0x00000001 ; Reg: r11, Val = 0x0000002c ;

Reg: r12, Val = 0x057d9484 ; Reg: r13, Val = 0x00000000 ;

Reg: r14, Val = 0x00000000 ; Reg: r15, Val = 0x02000000 ;

Reg: r16, Val = 0xe2be5f00 ; Reg: r17, Val = 0x00000000 ;

Reg: r18, Val = 0x00000000 ; Reg: r19, Val = 0x00000000 ;

Reg: r20, Val = 0x024c10f8 ; Reg: r21, Val = 0x057d9244 ;

Reg: r22, Val = 0x00002000 ; Reg: r23, Val = 0x0000002c ;

Reg: r24, Val = 0x00000002 ; Reg: r25, Val = 0x24000024 ;

Reg: r26, Val = 0x00000000 ; Reg: r27, Val = 0x057d9484 ;

Reg: r28, Val = 0x0000002c ; Reg: r29, Val = 0x00000000 ;

Reg: r30, Val = 0x0000002c ; Reg: r31, Val = 0x00000000 ;

Reg: cr, Val = 0x84000028 ; Reg: nip, Val = 0x057d9550 ;

Reg: xer, Val = 0x00000000 ; Reg: lr, Val = 0x0186eff0 ;

Reg: ctr, Val = 0x682f7344 ; Reg: msr, Val = 0x00784b5c ;

Reg: trap, Val = 0x0000b030 ; Reg: dar, Val = 0x77777777 ;

Reg: dsisr, Val = 0x40000000 ; Reg: result, Val = 0x00020300 ;

Dump stack (total 1024 bytes, 16 bytes/line):

0xe2be5ea0: 02 be 5e c0 24 00 00 24 00 00 00 00 05 7d 94 84

0xe2be5eb0: 00 00 00 04 00 00 00 00 00 00 00 28 05 8d 34 c4

0xe2be5ec0: 02 be 60 a0 01 86 ef f0 00 00 00 00 00 00 00 00

0xe2be5ed0: 02 04 05 b4 00 00 00 00 00 00 00 00 00 00 00 00

0xe2be5ee0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

0xe2be5ef0: 95 47 73 35 00 00 00 00 00 00 00 00 00 00 00 00

0xe2be5f00: a0 e1 64 21 00 00 00 00 00 00 00 00 00 00 00 00

0xe2be5f10: 00 00 00 00 00 00 00 00 00 00 00 00 01 e9 00 00

0xe2be5f20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

0xe2be5f30: 00 00 00 00 00 00 00 00 02 be 66 c0 02 be 66 d0

0xe2be5f40: 02 be 61 e0 00 00 00 02 00 00 00 00 02 44 b3 a4

0xe2be5f50: 02 be 5f 90 00 00 00 08 02 be 5f e0 00 00 00 08

0xe2be5f60: 02 be 5f 80 00 ac 1b 14 00 00 00 00 00 00 00 00

0xe2be5f70: 05 b4 5f 90 02 be 5f e0 00 00 00 30 02 be 5f e0

0xe2be5f80: 02 be 5f c0 00 ac 1b f4 00 00 00 00 02 45 00 00

0xe2be5f90: 00 03 00 00 00 00 00 00 02 be 5f e0 00 00 00 30

0xe2be5fa0: 02 be 5f c0 00 ac 1b 14 61 f1 2e ae 02 45 00 00

0xe2be5fb0: 02 44 b3 74 02 be 5f d0 00 00 00 30 02 be 5f e0

0xe2be5fc0: 02 be 60 60 01 74 ff f8 00 00 00 00 00 00 08 00

0xe2be5fd0: 02 be 5f f0 00 e8 93 7e 02 be 5f f8 02 be 5f fc

0xe2be5fe0: 00 00 00 00 00 00 00 00 00 00 00 00 02 be 60 18

0xe2be5ff0: 02 be 60 10 00 e9 65 98 00 00 00 58 00 00 2a 4f

0xe2be6000: 02 be 60 10 00 00 00 00 00 00 00 00 02 be 60 68

0xe2be6010: 02 be 60 40 00 e8 c6 a0 00 00 11 17 00 00 00 00

0xe2be6020: 02 be 60 40 00 00 00 00 00 00 00 00 02 be 60 98

0xe2be6030: 02 27 00 00 00 00 00 00 00 00 00 00 02 be 60 68

0xe2be6040: 02 be 60 60 00 00 00 01 00 00 b0 30 02 be 60 98

0xe2be6050: 00 00 00 04 02 21 00 00 00 00 00 00 01 e9 00 00

0xe2be6060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

0xe2be6070: 00 00 00 00 00 00 00 00 02 be 66 c0 02 be 66 d0

0xe2be6080: 02 be 61 e0 00 00 00 02 00 00 00 00 02 be 61 70

0xe2be6090: 00 00 00 00 02 21 00 00 05 8d 34 c4 05 7d 92 44

Call trace:

Function Address = 0x8012a4b4

Function Address = 0x8017989c

Function Address = 0x80179b30

Function Address = 0x80127438

Function Address = 0x8012d734

Function Address = 0x80100a00

Function Address = 0xe0071004

Function Address = 0x8016ce0c

Function Address = 0x801223a0

Instruction dump:

41a2fe9c 812300ec 800200ec 7f890000 409efe8c 80010014 540b07b9 40a2fe80

4bfffe6c 80780290 7f64db78 4804ea35 <807f002c> 38800000 38a00080 3863000c

Table 47 Command output

Field	Description
Description	Description for the kernel thread deadloop, including the CPU number, thread running time, thread name, and thread number.
Recorded at	Time when the kernel thread deadloop was recorded on the master device, with microsecond precision.
Occurred at	Time when the kernel thread deadloop occurred, with microsecond precision.
Instruction address	Instruction address for the kernel thread deadloop.
Thread	Name and number of the kernel thread deadloop.
Context	Context for the kernel thread deadloop.
Slot	IRF member ID of the device where the kernel thread ran.
Cpu	Number of the CPU where the kernel thread ran.
VCPU ID	Number of the CPU core where the kernel thread ran.
CPU ID	Number of the CPU where the kernel thread ran.
Kernel module info	Information about kernel modules that had been loaded when the kernel thread deadloop was detected, including kernel module name and memory address.
Last 5 thread switches	Last five kernel thread switches on the CPU before the kernel thread deadloop was detected, including kernel thread name and kernel thread switching time with microsecond precision.
Register content	Register information: · Reg—Name of a register. · Val—Value saved in a register.
Dump stack	Stack information.
Call trace	Function call stack information, which shows the instruction address of a called function at each level.
Instruction dump	Instruction code when the kernel thread deadloop was detected. ffffffff indicates an illegitimate instruction code.
No information to display	No kernel thread deadloop information.

Related commands

reset kernel deadloop

display kernel deadloop configuration

Use display kernel deadloop configuration to display kernel thread deadloop detection configuration.

Syntax

display kernel deadloop configuration [ slot slot-number [ cpu cpu-number ] ]

Views

Any view

Predefined user roles

network-admin

Parameters

slot slot-number: Specifies an IRF member device by its ID. If you do not specify this option, the command displays kernel thread deadloop detection configuration for the master device.

cpu cpu-number: Specifies a CPU by its number. The value can only be 0.

Examples

# Display kernel thread deadloop detection configuration.

<Sysname> display kernel deadloop configuration

Thread dead loop detection: Enabled

Dead loop timer (in seconds): 60

Threads excluded from monitoring: 1

TID: 15 Name: co0

Table 48 Command output

Field	Description
Dead loop timer (in seconds): n	Time interval (in seconds) to identify a kernel thread deadloop. A kernel thread deadloop occurs if a kernel thread runs more than n seconds.
Threads excluded from monitoring	Kernel threads excluded from kernel thread deadloop detection. This field appears only if the monitor kernel deadloop exclude-thread command is configured.
Name	Kernel thread name.
TID	Kernel thread number.
No thread is excluded from monitoring	All kernel threads are monitored by kernel thread deadloop detection.

display kernel exception

Use display kernel exception to display kernel thread exception information.

Syntax

display kernel exception show-number [ offset ] [ verbose ] [ slot slot-number [ cpu cpu-number ] ]

Views

Any view

Predefined user roles

network-admin

Parameters

show-number: Specifies the number of kernel exceptions to display, in the range of 1 to 20.

offset: Specifies the offset between the starting exception and the latest exception, in the range of 0 to 19. The default value is 0.

verbose: Displays detailed information. If you do not specify this keyword, the command displays brief information.

slot slot-number: Specifies an IRF member device by its ID. If you do not specify this option, the command displays kernel thread exception information for the master device.

cpu cpu-number: Specifies a CPU by its number. The value can only be 0.

Usage guidelines

If an exception occurs to a running kernel thread, the system automatically records the exception information.

Examples

# Display brief information about the latest kernel thread exception.

<Sysname> display kernel exception 1

----------------- Exception record 1 -----------------

Description : Oops[#0]

Recorded at : 2013-05-01 11:16:00.823018

Occurred at : 2013-05-01 11:16:00.823018

Instruction address : 0x4004158c

Thread : comsh (TID: 16306)

Context : thread context

Slot : 0

Cpu : 0

VCPU ID : 0

Kernel module info : module name (mrpnc) module address (0xe332a000)

module name (disk) module address (0xe00bd000)

# Display detailed information about the latest kernel thread exception.

<Sysname> display kernel exception 1 verbose

----------------- Exception record 1 -----------------

Description : Oops[#0]

Recorded at : 2013-05-01 11:16:00.823018

Occurred at : 2013-05-01 11:16:00.823018

Instruction address : 0x4004158c

Thread : comsh (TID: 16306)

Context : thread context

Slot : 0

Cpu : 0

VCPU ID : 0

Kernel module info : module name (mrpnc) module address (0xe332a000)

module name (12500) module address (0xe00bd000)

Last 5 thread switches : migration/0 (11:16:00.823018)-->

swapper (11:16:00.833018)-->

kthreadd (11:16:00.833518)-->

swapper (11:16:00.833550)-->

disk (11:16:00.833560)

Reg: r0, Val = 0x00000000 ; Reg: r1, Val = 0xe2be5ea0 ;

Reg: r2, Val = 0x00000000 ; Reg: r3, Val = 0x77777777 ;

Reg: r4, Val = 0x00000000 ; Reg: r5, Val = 0x00001492 ;

Reg: r6, Val = 0x00000000 ; Reg: r7, Val = 0x0000ffff ;

Reg: r8, Val = 0x77777777 ; Reg: r9, Val = 0x00000000 ;

Reg: r10, Val = 0x00000001 ; Reg: r11, Val = 0x0000002c ;

Reg: r12, Val = 0x057d9484 ; Reg: r13, Val = 0x00000000 ;

Reg: r14, Val = 0x00000000 ; Reg: r15, Val = 0x02000000 ;

Reg: r16, Val = 0xe2be5f00 ; Reg: r17, Val = 0x00000000 ;

Reg: r18, Val = 0x00000000 ; Reg: r19, Val = 0x00000000 ;

Reg: r20, Val = 0x024c10f8 ; Reg: r21, Val = 0x057d9244 ;

Reg: r22, Val = 0x00002000 ; Reg: r23, Val = 0x0000002c ;

Reg: r24, Val = 0x00000002 ; Reg: r25, Val = 0x24000024 ;

Reg: r26, Val = 0x00000000 ; Reg: r27, Val = 0x057d9484 ;

Reg: r28, Val = 0x0000002c ; Reg: r29, Val = 0x00000000 ;

Reg: r30, Val = 0x0000002c ; Reg: r31, Val = 0x00000000 ;

Reg: cr, Val = 0x84000028 ; Reg: nip, Val = 0x057d9550 ;

Reg: xer, Val = 0x00000000 ; Reg: lr, Val = 0x0186eff0 ;

Reg: ctr, Val = 0x682f7344 ; Reg: msr, Val = 0x00784b5c ;

Reg: trap, Val = 0x0000b030 ; Reg: dar, Val = 0x77777777 ;

Reg: dsisr, Val = 0x40000000 ; Reg: result, Val = 0x00020300 ;

Dump stack (total 1024 bytes, 16 bytes/line):

0xe2be5ea0: 02 be 5e c0 24 00 00 24 00 00 00 00 05 7d 94 84

0xe2be5eb0: 00 00 00 04 00 00 00 00 00 00 00 28 05 8d 34 c4

0xe2be5ec0: 02 be 60 a0 01 86 ef f0 00 00 00 00 00 00 00 00

0xe2be5ed0: 02 04 05 b4 00 00 00 00 00 00 00 00 00 00 00 00

0xe2be5ee0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

0xe2be5ef0: 95 47 73 35 00 00 00 00 00 00 00 00 00 00 00 00

0xe2be5f00: a0 e1 64 21 00 00 00 00 00 00 00 00 00 00 00 00

0xe2be5f10: 00 00 00 00 00 00 00 00 00 00 00 00 01 e9 00 00

0xe2be5f20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

0xe2be5f30: 00 00 00 00 00 00 00 00 02 be 66 c0 02 be 66 d0

0xe2be5f40: 02 be 61 e0 00 00 00 02 00 00 00 00 02 44 b3 a4

0xe2be5f50: 02 be 5f 90 00 00 00 08 02 be 5f e0 00 00 00 08

0xe2be5f60: 02 be 5f 80 00 ac 1b 14 00 00 00 00 00 00 00 00

0xe2be5f70: 05 b4 5f 90 02 be 5f e0 00 00 00 30 02 be 5f e0

0xe2be5f80: 02 be 5f c0 00 ac 1b f4 00 00 00 00 02 45 00 00

0xe2be5f90: 00 03 00 00 00 00 00 00 02 be 5f e0 00 00 00 30

0xe2be5fa0: 02 be 5f c0 00 ac 1b 14 61 f1 2e ae 02 45 00 00

0xe2be5fb0: 02 44 b3 74 02 be 5f d0 00 00 00 30 02 be 5f e0

0xe2be5fc0: 02 be 60 60 01 74 ff f8 00 00 00 00 00 00 08 00

0xe2be5fd0: 02 be 5f f0 00 e8 93 7e 02 be 5f f8 02 be 5f fc

0xe2be5fe0: 00 00 00 00 00 00 00 00 00 00 00 00 02 be 60 18

0xe2be5ff0: 02 be 60 10 00 e9 65 98 00 00 00 58 00 00 2a 4f

0xe2be6000: 02 be 60 10 00 00 00 00 00 00 00 00 02 be 60 68

0xe2be6010: 02 be 60 40 00 e8 c6 a0 00 00 11 17 00 00 00 00

0xe2be6020: 02 be 60 40 00 00 00 00 00 00 00 00 02 be 60 98

0xe2be6030: 02 27 00 00 00 00 00 00 00 00 00 00 02 be 60 68

0xe2be6040: 02 be 60 60 00 00 00 01 00 00 b0 30 02 be 60 98

0xe2be6050: 00 00 00 04 02 21 00 00 00 00 00 00 01 e9 00 00

0xe2be6060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

0xe2be6070: 00 00 00 00 00 00 00 00 02 be 66 c0 02 be 66 d0

0xe2be6080: 02 be 61 e0 00 00 00 02 00 00 00 00 02 be 61 70

0xe2be6090: 00 00 00 00 02 21 00 00 05 8d 34 c4 05 7d 92 44

Call trace:

Function Address = 0x8012a4b4

Function Address = 0x8017989c

Function Address = 0x80179b30

Function Address = 0x80127438

Function Address = 0x8012d734

Function Address = 0x80100a00

Function Address = 0xe0071004

Function Address = 0x8016ce0c

Function Address = 0x801223a0

Instruction dump:

41a2fe9c 812300ec 800200ec 7f890000 409efe8c 80010014 540b07b9 40a2fe80

4bfffe6c 80780290 7f64db78 4804ea35 <807f002c> 38800000 38a00080 3863000c

For detailed information about the command output, see Table 47.

Related commands

reset kernel exception

display kernel reboot

Use display kernel reboot to display reboot information for the device.

Syntax

display kernel reboot show-number [ offset ] [ verbose ] [ slot slot-number [ cpu cpu-number ] ]

Views

Any view

Predefined user roles

network-admin

Parameters

show-number: Specifies the number of kernel thread reboots to display, in the range of 1 to 20.

offset: Specifies the offset between the starting reboot and the latest reboot, in the range of 0 to 19. The default value is 0.

verbose: Displays detailed information. If you do not specify this keyword, the command displays brief information.

slot slot-number: Specifies an IRF member device by its ID. If you do not specify this option, the command displays kernel thread reboot information for the master device. Reboot information for member devices is recorded in the memory of the master device. If the master device is powered off, the reboot information is lost.

cpu cpu-number: Specifies a CPU by its number. The value can only be 0.

Examples

# Display brief information about the latest reboot.

<Sysname> display kernel reboot 1

----------------- Reboot record 1 -----------------

Recorded at : 2013-05-01 11:16:00.823018

Occurred at : 2013-05-01 11:16:00.823018

Reason : 0x31

Thread : comsh (TID: 16306)

Context : thread context

Slot : 0

Cpu : 0

VCPU ID : 0

Kernel module info : module name (mrpnc) module address (0xe332a000)

module name (12500) module address (0xe00bd000)

# Display detailed information about the latest kernel thread reboot.

<Sysname> display kernel reboot 1 verbose

----------------- Reboot record 1 -----------------

Recorded at : 2013-05-01 11:16:00.823018

Occurred at : 2013-05-01 11:16:00.823018

Reason : 0x31

Thread : comsh (TID: 16306)

Context : thread context

Slot : 0

Cpu : 0

VCPU ID : 0

Kernel module info : module name (mrpnc) module address (0xe332a000)

module name (12500) module address (0xe00bd000)

Last 5 thread switches : migration/0 (11:16:00.823018)-->

swapper (11:16:00.833018)-->

kthreadd (11:16:00.833518)-->

swapper (11:16:00.833550)-->

disk (11:16:00.833560)

Dump stack (total 1024 bytes, 16 bytes/line):

0xe2be5ea0: 02 be 5e c0 24 00 00 24 00 00 00 00 05 7d 94 84

0xe2be5eb0: 00 00 00 04 00 00 00 00 00 00 00 28 05 8d 34 c4

0xe2be5ec0: 02 be 60 a0 01 86 ef f0 00 00 00 00 00 00 00 00

0xe2be5ed0: 02 04 05 b4 00 00 00 00 00 00 00 00 00 00 00 00

0xe2be5ee0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

0xe2be5ef0: 95 47 73 35 00 00 00 00 00 00 00 00 00 00 00 00

0xe2be5f00: a0 e1 64 21 00 00 00 00 00 00 00 00 00 00 00 00

0xe2be5f10: 00 00 00 00 00 00 00 00 00 00 00 00 01 e9 00 00

0xe2be5f20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

0xe2be5f30: 00 00 00 00 00 00 00 00 02 be 66 c0 02 be 66 d0

0xe2be5f40: 02 be 61 e0 00 00 00 02 00 00 00 00 02 44 b3 a4

0xe2be5f50: 02 be 5f 90 00 00 00 08 02 be 5f e0 00 00 00 08

0xe2be5f60: 02 be 5f 80 00 ac 1b 14 00 00 00 00 00 00 00 00

0xe2be5f70: 05 b4 5f 90 02 be 5f e0 00 00 00 30 02 be 5f e0

0xe2be5f80: 02 be 5f c0 00 ac 1b f4 00 00 00 00 02 45 00 00

0xe2be5f90: 00 03 00 00 00 00 00 00 02 be 5f e0 00 00 00 30

0xe2be5fa0: 02 be 5f c0 00 ac 1b 14 61 f1 2e ae 02 45 00 00

0xe2be5fb0: 02 44 b3 74 02 be 5f d0 00 00 00 30 02 be 5f e0

0xe2be5fc0: 02 be 60 60 01 74 ff f8 00 00 00 00 00 00 08 00

0xe2be5fd0: 02 be 5f f0 00 e8 93 7e 02 be 5f f8 02 be 5f fc

0xe2be5fe0: 00 00 00 00 00 00 00 00 00 00 00 00 02 be 60 18

0xe2be5ff0: 02 be 60 10 00 e9 65 98 00 00 00 58 00 00 2a 4f

0xe2be6000: 02 be 60 10 00 00 00 00 00 00 00 00 02 be 60 68

0xe2be6010: 02 be 60 40 00 e8 c6 a0 00 00 11 17 00 00 00 00

0xe2be6020: 02 be 60 40 00 00 00 00 00 00 00 00 02 be 60 98

0xe2be6030: 02 27 00 00 00 00 00 00 00 00 00 00 02 be 60 68

0xe2be6040: 02 be 60 60 00 00 00 01 00 00 b0 30 02 be 60 98

0xe2be6050: 00 00 00 04 02 21 00 00 00 00 00 00 01 e9 00 00

0xe2be6060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

0xe2be6070: 00 00 00 00 00 00 00 00 02 be 66 c0 02 be 66 d0

0xe2be6080: 02 be 61 e0 00 00 00 02 00 00 00 00 02 be 61 70

0xe2be6090: 00 00 00 00 02 21 00 00 05 8d 34 c4 05 7d 92 44

Call trace:

Function Address = 0x8012a4b4

Function Address = 0x8017989c

Function Address = 0x80179b30

Function Address = 0x80127438

Function Address = 0x8012d734

Function Address = 0x80100a00

Function Address = 0xe0071004

Function Address = 0x8016ce0c

Function Address = 0x801223a0

Table 49 Command output

Field	Description
Recorded at	Time when the reboot was recorded on the master device, with microsecond precision.
Occurred at	Time when the reboot occurred, with microsecond precision.
Reason	Reboot reason.
Thread	Name and number of the kernel thread that was running when the reboot occurred.
Context	Context where the reboot occurred.
Slot	IRF member ID of the device that triggered the reboot.
CPU ID	Number of the CPU that triggered the reboot.
Kernel module info	Information about kernel modules that had been loaded when the kernel thread rebooted, including kernel module name and memory address.
Last 5 thread switches	Last five kernel thread switches on the CPU before the kernel thread rebooted, including kernel thread name and kernel thread switching time, with microsecond precision.
Dump stack	Stack information for the threads that were running when the reboot occurred.
Call trace	Function call stack information for the threads that were running when the reboot occurred.
No information to display	No kernel thread reboot information exists.

Related commands

reset kernel reboot

display kernel starvation

Use display kernel starvation to display kernel thread starvation information.

Syntax

display kernel starvation show-number [ offset ] [ verbose ] [ slot slot-number [ cpu cpu-number ] ]

Views

Any view

Predefined user roles

network-admin

Parameters

show-number: Specifies the number of thread starvations to display, in the range of 1 to 20.

offset: Specifies the offset between the starting starvation and the latest starvation, in the range of 0 to 19. The default value is 0.

verbose: Displays detailed information. If you do not specify this keyword, the command displays brief information.

slot slot-number: Specifies an IRF member device by its ID. If you do not specify this option, the command displays kernel thread starvation information for the master device.

cpu cpu-number: Specifies a CPU by its number. The value can only be 0.

Examples

# Display brief information about the latest kernel thread starvation.

<Sysname> display kernel starvation 1

----------------- Starvation record 1 -----------------

Description : INFO: task comsh: 16306 blocked for more than 10 seconds.

Recorded at : 2013-05-01 11:16:00.823018

Occurred at : 2013-05-01 11:16:00.823018

Instruction address : 0x4004158c

Thread : comsh (TID: 16306)

Context : thread context

Slot : 0

Cpu : 0

VCPU ID : 0

Kernel module info : module name (mrpnc) module address (0xe332a000)

module name (12500) module address (0xe00bd000)

# Display detailed information about the latest kernel thread starvation.

<Sysname> display kernel starvation 1 verbose

----------------- Starvation record 1 -----------------

Description : INFO: task comsh: 16306 blocked for more than 10 seconds.

Recorded at : 2013-05-01 11:16:00.823018

Occurred at : 2013-05-01 11:16:00.823018

Instruction address : 0x4004158c

Thread : comsh (TID: 16306)

Context : thread context

Slot : 0

Cpu : 0

VCPU ID : 0

Kernel module info : module name (mrpnc) module address (0xe332a000)

module name (12500) module address (0xe00bd000)

Last 5 thread switches : migration/0 (11:16:00.823018)-->

swapper (11:16:00.833018)-->

kthreadd (11:16:00.833518)-->

swapper (11:16:00.833550)-->

disk (11:16:00.833560)

Reg: r0, Val = 0x00000000 ; Reg: r1, Val = 0xe2be5ea0 ;

Reg: r2, Val = 0x00000000 ; Reg: r3, Val = 0x77777777 ;

Reg: r4, Val = 0x00000000 ; Reg: r5, Val = 0x00001492 ;

Reg: r6, Val = 0x00000000 ; Reg: r7, Val = 0x0000ffff ;

Reg: r8, Val = 0x77777777 ; Reg: r9, Val = 0x00000000 ;

Reg: r10, Val = 0x00000001 ; Reg: r11, Val = 0x0000002c ;

Reg: r12, Val = 0x057d9484 ; Reg: r13, Val = 0x00000000 ;

Reg: r14, Val = 0x00000000 ; Reg: r15, Val = 0x02000000 ;

Reg: r16, Val = 0xe2be5f00 ; Reg: r17, Val = 0x00000000 ;

Reg: r18, Val = 0x00000000 ; Reg: r19, Val = 0x00000000 ;

Reg: r20, Val = 0x024c10f8 ; Reg: r21, Val = 0x057d9244 ;

Reg: r22, Val = 0x00002000 ; Reg: r23, Val = 0x0000002c ;

Reg: r24, Val = 0x00000002 ; Reg: r25, Val = 0x24000024 ;

Reg: r26, Val = 0x00000000 ; Reg: r27, Val = 0x057d9484 ;

Reg: r28, Val = 0x0000002c ; Reg: r29, Val = 0x00000000 ;

Reg: r30, Val = 0x0000002c ; Reg: r31, Val = 0x00000000 ;

Reg: cr, Val = 0x84000028 ; Reg: nip, Val = 0x057d9550 ;

Reg: xer, Val = 0x00000000 ; Reg: lr, Val = 0x0186eff0 ;

Reg: ctr, Val = 0x682f7344 ; Reg: msr, Val = 0x00784b5c ;

Reg: trap, Val = 0x0000b030 ; Reg: dar, Val = 0x77777777 ;

Reg: dsisr, Val = 0x40000000 ; Reg: result, Val = 0x00020300 ;

Dump stack (total 1024 bytes, 16 bytes/line):

0xe2be5ea0: 02 be 5e c0 24 00 00 24 00 00 00 00 05 7d 94 84

0xe2be5eb0: 00 00 00 04 00 00 00 00 00 00 00 28 05 8d 34 c4

0xe2be5ec0: 02 be 60 a0 01 86 ef f0 00 00 00 00 00 00 00 00

0xe2be5ed0: 02 04 05 b4 00 00 00 00 00 00 00 00 00 00 00 00

0xe2be5ee0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

0xe2be5ef0: 95 47 73 35 00 00 00 00 00 00 00 00 00 00 00 00

0xe2be5f00: a0 e1 64 21 00 00 00 00 00 00 00 00 00 00 00 00

0xe2be5f10: 00 00 00 00 00 00 00 00 00 00 00 00 01 e9 00 00

0xe2be5f20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

0xe2be5f30: 00 00 00 00 00 00 00 00 02 be 66 c0 02 be 66 d0

0xe2be5f40: 02 be 61 e0 00 00 00 02 00 00 00 00 02 44 b3 a4

0xe2be5f50: 02 be 5f 90 00 00 00 08 02 be 5f e0 00 00 00 08

0xe2be5f60: 02 be 5f 80 00 ac 1b 14 00 00 00 00 00 00 00 00

0xe2be5f70: 05 b4 5f 90 02 be 5f e0 00 00 00 30 02 be 5f e0

0xe2be5f80: 02 be 5f c0 00 ac 1b f4 00 00 00 00 02 45 00 00

0xe2be5f90: 00 03 00 00 00 00 00 00 02 be 5f e0 00 00 00 30

0xe2be5fa0: 02 be 5f c0 00 ac 1b 14 61 f1 2e ae 02 45 00 00

0xe2be5fb0: 02 44 b3 74 02 be 5f d0 00 00 00 30 02 be 5f e0

0xe2be5fc0: 02 be 60 60 01 74 ff f8 00 00 00 00 00 00 08 00

0xe2be5fd0: 02 be 5f f0 00 e8 93 7e 02 be 5f f8 02 be 5f fc

0xe2be5fe0: 00 00 00 00 00 00 00 00 00 00 00 00 02 be 60 18

0xe2be5ff0: 02 be 60 10 00 e9 65 98 00 00 00 58 00 00 2a 4f

0xe2be6000: 02 be 60 10 00 00 00 00 00 00 00 00 02 be 60 68

0xe2be6010: 02 be 60 40 00 e8 c6 a0 00 00 11 17 00 00 00 00

0xe2be6020: 02 be 60 40 00 00 00 00 00 00 00 00 02 be 60 98

0xe2be6030: 02 27 00 00 00 00 00 00 00 00 00 00 02 be 60 68

0xe2be6040: 02 be 60 60 00 00 00 01 00 00 b0 30 02 be 60 98

0xe2be6050: 00 00 00 04 02 21 00 00 00 00 00 00 01 e9 00 00

0xe2be6060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

0xe2be6070: 00 00 00 00 00 00 00 00 02 be 66 c0 02 be 66 d0

0xe2be6080: 02 be 61 e0 00 00 00 02 00 00 00 00 02 be 61 70

0xe2be6090: 00 00 00 00 02 21 00 00 05 8d 34 c4 05 7d 92 44

Call trace:

Function Address = 0x8012a4b4

Function Address = 0x8017989c

Function Address = 0x80179b30

Function Address = 0x80127438

Function Address = 0x8012d734

Function Address = 0x80100a00

Function Address = 0xe0071004

Function Address = 0x8016ce0c

Function Address = 0x801223a0

Instruction dump:

41a2fe9c 812300ec 800200ec 7f890000 409efe8c 80010014 540b07b9 40a2fe80

4bfffe6c 80780290 7f64db78 4804ea35 <807f002c> 38800000 38a00080 3863000c

For more information about the command output, see Table 47.

Related commands

reset kernel starvation

display kernel starvation configuration

Use display kernel starvation configuration to display kernel thread starvation detection configuration.

Syntax

display kernel starvation configuration [ slot slot-number [ cpu cpu-number ] ]

Views

Any view

Predefined user roles

network-admin

Parameters

slot slot-number: Specifies an IRF member device by its ID. If you do not specify this option, the command displays kernel thread starvation detection configuration for the master device.

cpu cpu-number: Specifies a CPU by its number. The value can only be 0.

Examples

# Display kernel thread starvation detection configuration.

<Sysname> display kernel starvation configuration

Thread starvation detection: Enabled

Starvation timer (in seconds): 10

Threads excluded from monitoring: 1

TID: 123 Name: co0

Table 50 Command output

Field	Description
Starvation timer (in seconds): n	Time interval (in seconds) to identify a kernel thread starvation. A kernel thread starvation occurs if a kernel thread does not run within n seconds.
Threads excluded from monitoring	Kernel threads excluded from kernel thread starvation detection.
Name	Kernel thread name.
TID	Kernel thread number.

Related commands

· monitor kernel starvation enable

· monitor kernel starvation exclude-thread

· monitor kernel starvation time

display process

Use display process to display process state information.

Syntax

display process [ all | job job-id | name process-name ] [ slot slot-number [ cpu cpu-number ] ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

all: Specifies all processes. With the all keyword or without any parameters, the command displays state information for all processes.

job job-id: Specifies a process by its job ID, in the range of 1 to 2147483647. Each process has a fixed job ID.

name process-name: Specifies a process by its name, a case-insensitive string of 1 to 15 characters that must not contain question marks or spaces.

slot slot-number: Specifies an IRF member device by its ID. If you do not specify this option, the command displays process state information for the master device.

cpu cpu-number: Specifies a CPU by its number. The value can only be 0.

Examples

# Display state information for process scmd.

<Sysname> display process name scmd

Job ID: 1

PID: 1

Parent JID: 0

Parent PID: 0

Executable path: -

Instance: 0

Respawn: OFF

Respawn count: 1

Max. spawns per minute: 0

Last started: Wed Jun 1 14:45:46 2013

Process state: sleeping

Max. core: 0

ARGS: -

TID LAST_CPU Stack PRI State HH:MM:SS:MESC Name

1 0 0K 120 S 0:0:5:220 scmd

Table 51 Command output

Field	Description
Job ID	Job ID of the process. The job ID never changes.
PID	Number of the process. The number identifies the process, and it might change as the process restarts.
Parent JID	Job ID of the parent process.
Parent PID	Number of the parent process.
Executable path	Executable path of the process. For a kernel thread, this field displays a hyphen (-).
Instance	Instance number of the process. Whether a process can run multiple instances depends on the software implementation.
Respawn	Indicates whether the process restarts when an error occurs: · ON—The process automatically restarts. · OFF—The process does not automatically restarts.
Respawn count	Times that the process has restarted. The starting value is 1.
Max. spawns per minute	Maximum number of times that the process can restart within one minute. If the threshold is reached, the system automatically shuts down the process.
Last started	Time when the latest restart occurred.
Process state	State of the process: · running—Running or waiting in the queue. · sleeping—Interruptible sleep. · traced or stopped—Stopped. · uninterruptible sleep—Uninterruptible sleep. · zombie—The process has quit, but some resources are not released.
Max. core	Maximum number of core files that the process can create. 0 indicates that the process never creates a core file. A process creates a core file after it abnormally restarts. If the number of core files reaches the maximum value, no more core files are created. Core files are helpful for troubleshooting.
ARGS	Parameters carried by the process during startup. If the process carries no parameters, this field displays a hyphen (-).
TID	Thread ID.
LAST_CPU	Number of the CPU on which the process is last scheduled.
Stack	Stack size.
PRI	Thread priority.
State	Thread state: · R—Running. · S—Sleeping. · T—Traced or stopped. · D—Uninterruptible sleep. · Z—Zombie.
HH:MM:SS:MESC	Running time since the latest start.
Name	Process name.

# Display state information for all processes.

<Sysname> display process all

JID PID %CPU %MEM STAT PRI TTY HH:MM:SS COMMAND

1 1 0.0 0.0 S 120 - 00:00:04 scmd

2 2 0.0 0.0 S 115 - 00:00:00 [kthreadd]

3 3 0.0 0.0 S 99 - 00:00:00 [migration/0]

4 4 0.0 0.0 S 115 - 00:00:05 [ksoftirqd/0]

5 5 0.0 0.0 S 99 - 00:00:00 [watchdog/0]

6 6 0.0 0.0 S 115 - 00:00:00 [events/0]

7 7 0.0 0.0 S 115 - 00:00:00 [khelper]

8 8 0.0 0.0 S 115 - 00:00:00 [kblockd/0]

9 9 0.0 0.0 S 115 - 00:00:00 [ata/0]

10 10 0.0 0.0 S 115 - 00:00:00 [ata_aux]

11 11 0.0 0.0 S 115 - 00:00:00 [kseriod]

12 12 0.0 0.0 S 120 - 00:00:00 [vzmond]

13 13 0.0 0.0 S 120 - 00:00:00 [pdflush]

14 14 0.0 0.0 S 120 - 00:00:00 [pdflush]

15 15 0.0 0.0 S 115 - 00:00:00 [kswapd0]

16 16 0.0 0.0 S 115 - 00:00:00 [aio/0]

17 17 0.0 0.0 S 115 - 00:00:00 [scsi_eh_0]

18 18 0.0 0.0 S 115 - 00:00:00 [scsi_eh_1]

19 19 0.0 0.0 S 115 - 00:00:00 [scsi_eh_2]

35 35 0.0 0.0 D 100 - 00:00:00 [lipc_topology]

---- More ----

Table 52 Command output

Field	Description
JID	Job ID of a process. It never changes.
PID	Number of a process.
%CPU	CPU usage in percentage (%).
%MEM	Memory usage in percentage (%).
STAT	State of a process: · R—Running. · S—Sleeping. · T—Traced or stopped. · D—Uninterruptible sleep. · Z—Zombie.
PRI	Priority of a process for scheduling.
TTY	TTY used by a process.
HH:MM:SS	Running time since the latest start.
COMMAND	Name and parameters of a process. If square brackets ([ ]) exist in a process name, the process is a kernel thread.

display process cpu

Use display process cpu to display CPU usage for all processes.

Syntax

display process cpu [ slot slot-number [ cpu cpu-number ] ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

slot slot-number: Specifies an IRF member device by its ID. If you do not specify a member device, this command displays information for the master device.

cpu cpu-number: Specifies a CPU by its number. The value can only be 0.

Examples

# Display CPU usage for all processes.

<Sysname> display process cpu

CPU utilization in 5 secs: 16.8%; 1 min: 4.7%; 5 mins: 4.7%

JID 5Sec 1Min 5Min Name

1 0.0% 0.0% 0.0% scmd

2 0.0% 0.0% 0.0% [kthreadd]

3 0.1% 0.0% 0.0% [ksoftirqd/0]

4 0.0% 0.0% 0.0% [watchdog/0]

5 0.0% 0.0% 0.0% [events/0]

6 0.0% 0.0% 0.0% [khelper]

29 0.0% 0.0% 0.0% [kblockd/0]

49 0.0% 0.0% 0.0% [vzmond]

52 0.0% 0.0% 0.0% [pdflush]

53 0.0% 0.0% 0.0% [pdflush]

54 0.0% 0.0% 0.0% [kswapd0]

110 0.0% 0.0% 0.0% [aio/0]

712 0.0% 0.0% 0.0% [mtdblockd]

719 0.0% 0.0% 0.0% [TNetJob]

720 0.0% 0.0% 0.0% [TMTH]

727 0.0% 0.0% 0.0% [CF]

730 0.0% 0.0% 0.0% [DIBC]

752 0.0% 0.0% 0.0% [lipc_topology]

762 0.0% 0.0% 0.0% [MNET]

763 0.0% 0.0% 0.0% [SYSM]

---- More ----

Table 53 Command output

Field	Description
CPU utilization in 5 secs: 16.8%; 1 min: 4.7%; 5 mins: 4.7%	System CPU usage within the last 5 seconds, 1 minute, and 5 minutes.
JID	Job ID of a process. It never changes.
5Sec	CPU usage of the process within the last 5 seconds.
1Min	CPU usage of the process within the last minute.
5Min	CPU usage of the process within the last 5 minutes.
Name	Name of the process. If square brackets ([ ]) exist in a process name, the process is a kernel thread.

display process log

Use display process log to display log information for all user processes.

Syntax

display process log [ slot slot-number [ cpu cpu-number ] ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

slot slot-number: Specifies an IRF member device by its ID. If you do not specify a member device, this command displays information for the master device.

cpu cpu-number: Specifies a CPU by its number. The value can only be 0.

Examples

# Display log information for all user processes.

<Sysname> display process log

Process JobID PID Abort Core Exit Kill StartTime EndTime

knotify 92 92 N N 0 36 12-17 07:10:27 12-17 07:10:27

knotify 93 93 N N 0 -- 12-17 07:10:27 12-17 07:10:27

automount 94 94 N N 0 -- 12-17 07:10:27 12-17 07:10:28

knotify 111 111 N N 0 -- 12-17 07:10:28 12-17 07:10:28

comsh 121 121 N N 0 -- 12-17 07:10:30 12-17 07:10:30

knotify 152 152 N N 0 -- 12-17 07:10:31 12-17 07:10:31

autocfgd 155 155 N N 0 -- 12-17 07:10:31 12-17 07:10:31

pkg_update 122 122 N N 0 -- 12-17 07:10:30 12-17 07:10:31

Table 54 Command output

Field	Description
Process	Name of a user process.
JobID	Job ID of a user process.
PID	ID of a user process.
Abort	Indicates whether the process exited abnormally: · Y—Yes. · N—No.
Core	Indicates whether the process can generate core files: · Y—Yes. · N—No.
Exit	Process exit code. A number indicates the process exit code. -- indicates no exit code exists and the process is disabled by the signal.
Kill	Code of the signal that killed the process. A number indicates the code of the signal that killed the process. -- indicates no kill signal code exists. The process exits, instead of being killed by the signal.
StartTime	Time when the user process started.
EndTime	Time when the user process ended.

display process memory

Use display process memory to display memory usage for all user processes.

Syntax

display process memory [ slot slot-number [ cpu cpu-number ] ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

slot slot-number: Specifies an IRF member device by its ID. If you do not specify a member device, this command displays information for the master device.

cpu cpu-number: Specifies a CPU by its number. The value can only be 0.

Usage guidelines

When a user process starts, it requests the following types of memory from the system:

· Text memory—Stores code for the user process.

· Data memory—Stores data for the user process.

· Stack memory—Stores temporary data.

· Dynamic memory—Heap memory dynamically assigned and released by the system according to the needs of the user process. To view dynamic memory information, execute the display process memory heap command.

Examples

# Display memory usage for all user processes.

<Sysname> display process memory

JID Text Data Stack Dynamic Name

1 384 1800 16 36 scmd

2 0 0 0 0 [kthreadd]

3 0 0 0 0 [ksoftirqd/0]

4 0 0 0 0 [watchdog/0]

5 0 0 0 0 [events/0]

6 0 0 0 0 [khelper]

29 0 0 0 0 [kblockd/0]

49 0 0 0 0 [vzmond]

52 0 0 0 0 [pdflush]

---- More ----

Table 55 Command output

Field	Description
JID	Job ID of a process. It never changes.
Text	Text memory used by the user process, in KB. The value for a kernel thread is 0.
Data	Data memory used by the user process, in KB. The value for a kernel thread is 0.
Stack	Stack memory used by the user process, in KB. The value for a kernel thread is 0.
Dynamic	Dynamic memory used by the user process, in KB. The value for a kernel thread is 0.
Name	Name of the user process. If square brackets ([ ]) exist in a process name, the process is a kernel thread.

Related commands

· display process memory heap

· display process memory heap address

· display process memory heap size

display process memory heap

Use display process memory heap to display heap memory usage for a user process.

Syntax

display process memory heap job job-id [ verbose ] [ slot slot-number [ cpu cpu-number ] ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

job job-id: Specifies a user process by its job ID, in the range of 1 to 2147483647.

verbose: Displays detailed information. If you do not specify this keyword, the command displays brief information.

slot slot-number: Specifies an IRF member device by its ID. If you do not specify a member device, this command displays information for the master device.

cpu cpu-number: Specifies a CPU by its number. The value can only be 0.

Usage guidelines

Heap memory comprises fixed-sized blocks such as 16-byte or 64-byte blocks. It stores data and variables used by the user process. When a user process starts, the system dynamically allocates heap memory to the process.

Each memory block has an address represented in hexadecimal format, which can be used to access the memory block. You can view memory block addresses by using the display process memory heap size command, and view memory block contents by using the display process memory heap address command.

Examples

# Display brief information about heap memory usage for the process identified by job ID 148.

<Sysname> display process memory heap job 148

Total virtual memory heap space(in bytes) : 2228224

Total physical memory heap space(in bytes) : 262144

Total allocated memory(in bytes) : 161576

# Display detailed information about heap memory usage for the process identified by job ID 148.

<Sysname> display process memory heap job 148 verbose

Heap usage:

Size Free Used Total Free Ratio

16 8 52 60 13%

64 3 1262 1265 0.2%

128 2 207 209 1%

512 3 55 58 5.1%

4096 3 297 300 1%

8192 1 19 20 5%

81920 0 1 1 0%

Summary:

Total virtual memory heap space (in bytes) : 2293760

Total physical memory heap space (in bytes) : 58368

Total allocated memory (in bytes) : 42368

Table 56 Command output

Field	Description
Size	Size of each memory block, in bytes.
Free	Number of free memory blocks.
Used	Number of used memory blocks.
Total	Total number of memory blocks.
Free Ratio	Ratio of free memory to total memory. It helps identify fragment information.

Related commands

· display process memory

· display process memory heap address

· display process memory heap size

display process memory heap address

Use display process memory heap address to display heap memory content starting from a specified memory block for a process.

Syntax

display process memory heap job job-id address starting-address length memory-length [ slot slot-number [ cpu cpu-number ] ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

job job-id: Specifies a user process by its job ID, in the range of 1 to 2147483647.

address starting-address: Specifies the starting memory block by its address.

length memory-length: Specifies the memory block length in the range of 1 to 1024 bytes.

slot slot-number: Specifies an IRF member device by its ID. If you do not specify a member device, this command displays information for the master device.

cpu cpu-number: Specifies a CPU by its number. The value can only be 0.

Usage guidelines

When a user process runs abnormally, the command helps locate the problem.

Examples

# Display 128-byte memory block content starting from the memory block 0xb7e30580 for the process job 1.

<Sysname> display process memory heap job 1 address b7e30580 length 128

B7E30580: 14 00 EF FF 00 00 00 00 E4 39 E2 B7 7C 05 E3 B7 .........9..|...

B7E30590: 14 00 EF FF 2F 73 62 69 6E 2F 73 6C 62 67 64 00 ..../sbin/slbgd.

B7E305A0: 14 00 EF FF 00 00 00 00 44 3B E2 B7 8C 05 E3 B7 ........D;......

B7E305B0: 14 00 EF FF 2F 73 62 69 6E 2F 6F 73 70 66 64 00 ..../sbin/ospfd.

B7E305C0: 14 00 EF FF 00 00 00 00 A4 3C E2 B7 AC 05 E3 B7 .........<......

B7E305D0: 14 00 EF FF 2F 73 62 69 6E 2F 6D 73 74 70 64 00 ..../sbin/mstpd.

B7E305E0: 14 00 EF FF 00 00 00 00 04 3E E2 B7 CC 05 E3 B7 .........>......

B7E305F0: 14 00 EF FF 2F 73 62 69 6E 2F 6E 74 70 64 00 00 ..../sbin/ntpd..

Related commands

· display process memory heap

· display process memory heap size

display process memory heap size

Use display process memory heap size to display the addresses of heap memory blocks with a specified size used by a process.

Syntax

display process memory heap job job-id size memory-size [ offset offset-size ] [ slot slot-number [ cpu cpu-number ] ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

job job-id: Specifies a process by its job ID, in the range of 1 to 2147483647.

size memory-size: Specifies the memory block size in the range of 1 to 4294967295.

offset offset-size: Specifies an offset in the range of 0 to 4294967295. The default value is 128. For example, suppose the system allocates 100 16-byte memory blocks to process job 1, and the process has used 66 blocks. Then if you execute the display process memory heap job 1 size 16 offset 50 command, the output shows the addresses of the 51^st through 66^th 16-byte blocks used by the process.

slot slot-number: Specifies an IRF member device by its ID. If you do not specify a member device, this command displays information for the master device.

cpu cpu-number: Specifies a CPU by its number. The value can only be 0.

Usage guidelines

The command displays memory block addresses in hexadecimal format. To view memory block content, execute the display process memory heap address command.

Examples

# Display the addresses of 16-byte memory blocks used by process job 1.

<Sysname> display process memory heap job 1 size 16

0xb7e300c0 0xb7e300d0 0xb7e300e0 0xb7e300f0

0xb7e30100 0xb7e30110 0xb7e30120 0xb7e30130

0xb7e30140 0xb7e30150 0xb7e30160 0xb7e30170

0xb7e30180 0xb7e30190 0xb7e301a0 0xb7e301b0

0xb7e301c0 0xb7e301d0 0xb7e301e0 0xb7e301f0

0xb7e30200 0xb7e30210 0xb7e30220 0xb7e30230

# Display the addresses of 16-byte memory blocks starting from the fifth block used by process job 1.

<Sysname> display process memory heap job 1 size 16 offset 4

0xb7e30100 0xb7e30110 0xb7e30120 0xb7e30130

0xb7e30140 0xb7e30150 0xb7e30160 0xb7e30170

0xb7e30180 0xb7e30190 0xb7e301a0 0xb7e301b0

0xb7e301c0 0xb7e301d0 0xb7e301e0 0xb7e301f0

0xb7e30200 0xb7e30210 0xb7e30220 0xb7e30230

Related commands

· display process memory heap

· display process memory heap address

exception filepath

Use exception filepath to specify the directory for saving core files.

Use undo exception filepath to remove the specified directory.

Syntax

exception filepath directory

undo exception filepath directory

Default

The core files are saved in the root directory of the storage media.

Views

User view

Predefined user roles

network-admin

Parameters

directory: Specifies the directory for saving core files, which can only be the root directory.

Usage guidelines

If no folder exists in the root directory, the system performs the following operations:

1. Creates a folder for saving core files.

2. Saves core files to the folder.

You can use the command to change the directory.

If no directory is specified or the specified directory is not accessible, the system cannot store core files.

Examples

# Specify the directory for saving core files.

<Sysname> exception filepath cfa0:/

Related commands

· display exception filepath

· process core

monitor kernel deadloop enable

Use monitor kernel deadloop enable to enable kernel thread deadloop detection.

Use undo monitor kernel deadloop enable to disable kernel thread deadloop detection.

Syntax

monitor kernel deadloop enable [ slot slot-number [ cpu cpu-number ] ]

undo monitor kernel deadloop enable [ slot slot-number [ cpu cpu-number ] ]

Default

Kernel thread deadloop detection is disabled.

Views

System view

Predefined user roles

network-admin

Parameters

slot slot-number: Specifies an IRF member device by its ID. If you do not specify this option, the master device is specified.

cpu cpu-number: Specifies a CPU by its number. The value can only be 0.

Usage guidelines

Kernel threads share resources in kernel space. If a kernel thread monopolizes the CPU for a long time, other threads cannot run, resulting in a deadloop.

The command enables the device to detect deadloops. If a thread occupies the CPU regularly, the device considers that a deadloop has occurred. It outputs a deadloop message and reboots to remove the deadloop.

Inappropriate use of the command can cause service problems or system breakdown. Make sure you understand the impact of the command on your network before you use it.

Examples

# Enable kernel thread deadloop detection.

<Sysname> system-view

[Sysname] monitor kernel deadloop enable

Related commands

· display kernel deadloop

· display kernel deadloop configuration

· monitor kernel deadloop exclude-thread

· monitor kernel deadloop time

monitor kernel deadloop exclude-thread

Use monitor kernel deadloop exclude-thread to disable kernel thread deadloop detection for a kernel thread.

Use undo monitor kernel deadloop exclude-thread to enable kernel thread deadloop detection for a kernel thread.

Syntax

monitor kernel deadloop exclude-thread tid [ slot slot-number [ cpu cpu-number ] ]

undo monitor kernel deadloop exclude-thread [ tid ] [ slot slot-number [ cpu cpu-number ] ]

Default

Kernel thread deadloop detection monitors all kernel threads.

Views

System view

Predefined user roles

network-admin

Parameters

tid: Specifies a kernel thread by its ID, in the range of 1 to 2147483647. If no kernel thread is specified for the undo command, the default is restored.

slot slot-number: Specifies an IRF member device by its ID. If you do not specify this option, the master device is specified.

cpu cpu-number: Specifies a CPU by its number. The value can only be 0.

Usage guidelines

You can disable kernel thread deadloop detection for up to 128 kernel threads by executing the command.

Inappropriate use of the command can cause service problems or system breakdown. Make sure you understand the impact of the command on your network before you use it.

Examples

# Disable kernel thread deadloop detection for kernel thread 15.

<Sysname> system-view

[Sysname]monitor kernel deadloop exclude-thread 15

Related commands

· display kernel deadloop configuration

· display kernel deadloop

· monitor kernel deadloop enable

· monitor kernel deadloop time

monitor kernel deadloop time

Use monitor kernel deadloop time to set the interval for identifying a kernel thread deadloop.

Use undo monitor kernel deadloop time to restore the default.

Syntax

monitor kernel deadloop time interval [ slot slot-number [ cpu cpu-number ] ]

undo monitor kernel deadloop time [ slot slot-number [ cpu cpu-number ] ]

Default

The interval for identifying a kernel thread deadloop is 20 seconds.

Views

System view

Predefined user roles

network-admin

Parameters

time interval: Specifies the interval for identifying a kernel thread deadloop, in the range of 1 to 65535 seconds.

slot slot-number: Specifies an IRF member device by its ID. If you do not specify this option, the master device is specified.

cpu cpu-number: Specifies a CPU by its number. The value can only be 0.

Usage guidelines

If a kernel thread runs for the specified interval, kernel thread deadloop detection considers that a deadloop has occurred. The system records the deadloop and restarts.

Inappropriate use of the command can cause service problems or system breakdown. Make sure you understand the impact of the command on your network before you use it.

Examples

# Set the interval for identifying a kernel thread deadloop to 8 seconds.

<Sysname> system-view

[Sysname] monitor kernel deadloop time 8

Related commands

· display kernel deadloop configuration

· display kernel deadloop

· monitor kernel deadloop enable

· monitor kernel deadloop exclude-thread

monitor kernel starvation enable

Use monitor kernel starvation enable to enable kernel thread starvation detection.

Use undo monitor kernel starvation enable to disable kernel thread starvation detection.

Syntax

monitor kernel starvation enable [ slot slot-number [ cpu cpu-number ] ]

undo monitor kernel starvation enable [ slot slot-number [ cpu cpu-number ] ]

Default

Kernel thread starvation detection is disabled.

Views

System view

Predefined user roles

network-admin

Parameters

slot slot-number: Specifies an IRF member device by its ID. If you do not specify this option, the master device is specified.

cpu cpu-number: Specifies a CPU by its number. The value can only be 0.

Usage guidelines

Starvation occurs when a thread is unable to access shared resources.

The command enables the system to detect and report thread starvation. If a thread is not executed within an interval, the system considers that a starvation has occurred, and outputs a starvation message.

Thread starvation does not impact system operation. A starved thread can automatically run when certain conditions are met.

Inappropriate use of the command can cause service problems or system breakdown. Make sure you understand the impact of the command on your network before you use it.

Examples

# Enable kernel thread starvation detection.

<Sysname> system-view

[Sysname] monitor kernel starvation enable

Related commands

· display kernel starvation configuration

· display kernel starvation

· monitor kernel starvation time

· monitor kernel starvation exclude-thread

monitor kernel starvation exclude-thread

Use monitor kernel starvation exclude-thread to disable kernel thread starvation detection for a kernel thread.

Use undo monitor kernel starvation exclude-thread to enable kernel thread starvation detection for a kernel thread.

Syntax

monitor kernel starvation exclude-thread tid [ slot slot-number [ cpu cpu-number ] ]

undo monitor kernel starvation exclude-thread [ tid ] [ slot slot-number [ cpu cpu-number ] ]

Default

Kernel thread starvation detection, if enabled, monitors all kernel threads.

Views

System view

Predefined user roles

network-admin

Parameters

tid: Specifies a kernel thread by its ID, in the range of 1 to 2147483647. If no kernel thread is specified for the undo command, the default is restored.

slot slot-number: Specifies an IRF member device by its ID. If you do not specify this option, the master device is specified.

cpu cpu-number: Specifies a CPU by its number. The value can only be 0.

Usage guidelines

You can disable kernel thread starvation detection for up to 128 kernel threads by executing the command.

Inappropriate use of the command can cause service problems or system breakdown. Make sure you understand the impact of the command on your network before you use it.

Examples

# Disable kernel thread starvation detection for kernel thread 15.

<Sysname> system-view

[Sysname] monitor kernel starvation exclude-thread 15

Related commands

· display kernel starvation

· display kernel starvation configuration

· monitor kernel starvation time

· monitor kernel starvation enable

monitor kernel starvation time

Use monitor kernel starvation time to set the interval for identifying a kernel thread starvation.

Use undo monitor kernel starvation time to restore the default.

Syntax

monitor kernel starvation time interval [ slot slot-number [ cpu cpu-number ] ]

undo monitor kernel starvation time [ slot slot-number [ cpu cpu-number ] ]

Default

The interval for identifying a kernel thread starvation is 120 seconds.

Views

System view

Predefined user roles

network-admin

Parameters

time interval: Specifies the interval for identifying a kernel thread starvation, in the range of 1 to 65535 seconds.

slot slot-number: Specifies an IRF member device by its ID. If you do not specify this option, the master device is specified.

cpu cpu-number: Specifies a CPU by its number. The value can only be 0.

Usage guidelines

If a thread is not executed within the specified interval, the system considers that a starvation has occurred, and outputs a starvation message.

Inappropriate use of the command can cause service problems or system breakdown. Make sure you understand the impact of the command on your network before you use it.

Examples

# Set the interval for identifying a kernel thread starvation to 120 seconds.

<Sysname> system-view

[Sysname] monitor kernel starvation time 120

Related commands

· display kernel starvation

· display kernel starvation configuration

· monitor kernel starvation enable

· monitor kernel starvation exclude-thread

monitor process

Use monitor process to display process statistics.

Syntax

monitor process [ dumbtty ] [ iteration number ] [ slot slot-number [ cpu cpu-number ] ]

Views

Any view

Predefined user roles

network-admin

Parameters

dumbtty: Specifies dumbtty mode. In this mode, the command displays process statistics in descending order of CPU usage without refreshing statistics. If you do not specify this keyword, the command displays statistics for the top 10 processes in descending order of CPU usage in an interactive mode, and refreshes statistics every 5 seconds by default.

iteration number: Specifies the number of display times, in the range of 1 to 4294967295. If you specify the dumbtty keyword, the number argument is 1 by default. If neither the dumbtty keyword nor the number argument is specified, there is no limit to the display times and process statistics are refreshed every 5 seconds.

slot slot-number: Specifies an IRF member device by its ID. If you do not specify a member device, this command displays information for the master device.

cpu cpu-number: Specifies a CPU by its number. The value can only be 0.

Usage guidelines

If you do not specify the dumbtty keyword, the command displays process statistics in an interactive mode. In this mode, the system automatically determines the number of displayed processes according to the screen size, and does not display exceeding processes. You can also input interactive commands as shown in Table 57 to perform relevant operations.

Table 57 Interactive commands

Commands	Description
? or h	Displays help information that includes available interactive commands.
1	Displays state information for physical CPUs. For example, if you enter 1 for the first time, the state of each physical CPU is displayed in a separate row. If you enter 1 again, the average value of all CPU states is displayed. If you enter 1 for the third time, separate states are displayed. By default, the average value of all CPU states is displayed.
c	Sorts processes by CPU usage in descending order, which is the default setting.
d	Sets the interval for refreshing process statistics, in the range of 1 to 2147483647 seconds. The default value is 5 seconds.
f	Sorts processes by the number of open files in descending order. Files are identified by file descriptors (FDs).
k	Kills a process. Because the command can impact system operation, be cautious to use it.
l	Refreshes the screen.
m	Sorts processes by memory usage in descending order.
n	Changes the maximum number of processes displayed within a screen, in the range of 0 to 2147483647. The default value is 10. A value of 0 means no limit. Only processes not exceeding the screen size can be displayed.
q	Quits the interactive mode.
t	Sorts processes by running time in descending order.
<	Moves sort field to the next left column.
>	Moves sort field to the next right column.

Examples

# Display process statistics in dumbtty mode. In this mode, the system displays process statistics once, and then returns to command view.

<Sysname> monitor process dumbtty

76 processes; 103 threads; 687 fds

Thread states: 1 running, 102 sleeping, 0 stopped, 0 zombie

CPU states: 77.16% idle, 0.00% user, 14.96% kernel, 7.87% interrupt

Memory: 496M total, 341M available, page size 4K

JID PID PRI State FDs MEM HH:MM:SS CPU Name

1047 1047 120 R 9 1420K 00:02:23 13.53% diagd

1 1 120 S 17 1092K 00:00:20 7.61% scmd

1000 1000 115 S 0 0K 00:00:09 0.84% [sock/1]

1026 1026 120 S 20 26044K 00:00:05 0.84% syslogd

2 2 115 S 0 0K 00:00:00 0.00% [kthreadd]

3 3 99 S 0 0K 00:00:00 0.00% [migration/0]

4 4 115 S 0 0K 00:00:06 0.00% [ksoftirqd/0]

5 5 99 S 0 0K 00:00:00 0.00% [watchdog/0]

6 6 115 S 0 0K 00:00:01 0.00% [events/0]

7 7 115 S 0 0K 00:00:00 0.00% [khelper]

4797 4797 120 S 8 28832K 00:00:02 0.00% comsh

5117 5117 120 S 8 1496K 00:00:00 0.00% top

# Display process statistics twice in dumbtty mode.

<Sysname> monitor process dumbtty iteration 2

76 processes; 103 threads; 687 fds

Thread states: 1 running, 102 sleeping, 0 stopped, 0 zombie

CPU states: 44.84% idle, 0.51% user, 39.17% kernel, 15.46% interrupt

Memory: 496M total, 341M available, page size 4K

JID PID PRI State FDs MEM HH:MM:SS CPU Name

1047 1047 120 R 9 1420K 00:02:30 37.11% diagd

1 1 120 S 17 1092K 00:00:21 11.34% scmd

1000 1000 115 S 0 0K 00:00:09 2.06% [sock/1]

1026 1026 120 S 20 26044K 00:00:05 1.54% syslogd

1027 1027 120 S 12 9280K 00:01:12 1.03% devd

4 4 115 S 0 0K 00:00:06 0.51% [ksoftirqd/0]

1009 1009 115 S 0 0K 00:00:08 0.51% [karp/1]

1010 1010 115 S 0 0K 00:00:13 0.51% [kND/1]

5373 5373 120 S 8 1496K 00:00:00 0.51% top

2 2 115 S 0 0K 00:00:00 0.00% [kthreadd]

3 3 99 S 0 0K 00:00:00 0.00% [migration/0]

5 5 99 S 0 0K 00:00:00 0.00% [watchdog/0]

6 6 115 S 0 0K 00:00:01 0.00% [events/0]

7 7 115 S 0 0K 00:00:00 0.00% [khelper]

4796 4796 120 S 11 2744K 00:00:00 0.00% login

4797 4797 120 S 8 28832K 00:00:03 0.00% comsh

Five seconds later, the system refreshes process statistics as follows (which is the same as executing the monitor process dumbtty command twice at a 5-second interval):

76 processes; 103 threads; 687 fds

Thread states: 1 running, 102 sleeping, 0 stopped, 0 zombie

CPU states: 78.71% idle, 0.16% user, 14.86% kernel, 6.25% interrupt

Memory: 496M total, 341M available, page size 4K

JID PID PRI State FDs MEM HH:MM:SS CPU Name

1047 1047 120 R 9 1420K 00:02:31 14.25% diagd

1 1 120 S 17 1092K 00:00:21 4.25% scmd

1027 1027 120 S 12 9280K 00:01:12 1.29% devd

1000 1000 115 S 0 0K 00:00:09 0.37% [sock/1]

5373 5373 120 S 8 1500K 00:00:00 0.37% top

6 6 115 S 0 0K 00:00:01 0.18% [events/0]

1009 1009 115 S 0 0K 00:00:08 0.18% [karp/1]

1010 1010 115 S 0 0K 00:00:13 0.18% [kND/1]

4795 4795 120 S 11 2372K 00:00:01 0.18% telnetd

2 2 115 S 0 0K 00:00:00 0.00% [kthreadd]

3 3 99 S 0 0K 00:00:00 0.00% [migration/0]

4 4 115 S 0 0K 00:00:06 0.00% [ksoftirqd/0]

5 5 99 S 0 0K 00:00:00 0.00% [watchdog/0]

7 7 115 S 0 0K 00:00:00 0.00% [khelper]

4796 4796 120 S 11 2744K 00:00:00 0.00% login

4797 4797 120 S 8 28832K 00:00:03 0.00% comsh

# Display process statistics in interactive mode.

<Sysname> monitor process

76 processes; 103 threads; 687 fds

Thread states: 1 running, 102 sleeping, 0 stopped, 0 zombie

CPU states: 78.98% idle, 0.16% user, 14.57% kernel, 6.27% interrupt

Memory: 496M total, 341M available, page size 4K

JID PID PRI State FDs MEM HH:MM:SS CPU Name

1047 1047 120 R 9 1420K 00:02:39 14.13% diagd

1 1 120 S 17 1092K 00:00:23 3.98% scmd

1027 1027 120 S 12 9280K 00:01:13 1.44% devd

1000 1000 115 S 0 0K 00:00:09 0.36% [sock/1]

1009 1009 115 S 0 0K 00:00:09 0.36% [karp/1]

4 4 115 S 0 0K 00:00:06 0.18% [ksoftirqd/0]

1010 1010 115 S 0 0K 00:00:13 0.18% [kND/1]

4795 4795 120 S 11 2372K 00:00:01 0.18% telnetd

5491 5491 120 S 8 1500K 00:00:00 0.18% top

2 2 115 S 0 0K 00:00:00 0.00% [kthreadd]

The system refreshes process statistics every 5 seconds. You can enter interactive commands to perform operation as follows:

· Enter h or a question mark (?) to display help information as follows:

Help for interactive commands:

?,h Show the available interactive commands

1 Toggle SMP view: '1' single/separate states

c Sort by the CPU field(default)

d Set the delay interval between screen updates

f Sort by number of open files

k Kill a job

l Refresh the screen

m Sort by memory used

n Set the maximum number of processes to display

q Quit the interactive display

t Sort by run time of processes since last restart

< Move sort field to the next left column

> Move sort field to the next right column

Press any key to continue

· Enter d, and then enter a number to modify the refresh interval. If you enter 3, statistics are refreshed every 3 seconds.

Enter the delay interval between updates(1~2147483647): 3

· Enter n, and then enter a number to modify the maximum number of displayed processes. If you enter 5, statistics for five processes are displayed.

Enter the max number of processes to display(0 means unlimited):5

87 processes; 113 threads; 735 fds

Thread states: 2 running, 111 sleeping, 0 stopped, 0 zombie

CPU states: 86.57% idle, 0.83% user, 11.74% kernel, 0.83% interrupt

Memory: 755M total, 414M available, page size 4K

JID PID PRI State FDs MEM HH:MM:SS CPU Name

864 864 120 S 24 27020K 00:00:43 8.95% syslogd

1173 1173 120 R 24 2664K 00:00:01 2.37% top

866 866 120 S 18 10276K 00:00:09 0.69% devd

1 1 120 S 16 1968K 00:00:04 0.41% scmd

881 881 120 S 8 2420K 00:00:07 0.41% diagd

· Enter f to sort processes by FDs in descending order. (You can also enter command c, m, or t to sort processes.)

87 processes; 113 threads; 735 fds

Thread states: 1 running, 112 sleeping, 0 stopped, 0 zombie

CPU states: 90.66% idle, 0.88% user, 5.77% kernel, 2.66% interrupt

Memory: 755M total, 414M available, page size 4K

JID PID PRI State FDs MEM HH:MM:SS CPU Name

862 862 120 S 61 5384K 00:00:01 0.00% dbmd

905 905 120 S 35 2464K 00:00:02 0.00% ipbased

863 863 120 S 31 1956K 00:00:00 0.00% had

884 884 120 S 31 30600K 00:00:00 0.00% lsmd

889 889 120 S 29 61592K 00:00:00 0.00% routed

· Enter k and then enter a JID to kill a process. If you enter 884, the process with the JID of 884 is killed.

Enter the JID to kill: 884

84 processes; 107 threads; 683 fds

Thread states: 1 running, 106 sleeping, 0 stopped, 0 zombie

CPU states: 59.03% idle, 1.92% user, 37.88% kernel, 1.15% interrupt

Memory: 755M total, 419M available, page size 4K

JID PID PRI State FDs MEM HH:MM:SS CPU Name

862 862 120 S 56 5384K 00:00:01 0.00% dbmd

905 905 120 S 35 2464K 00:00:02 0.00% ipbased

863 863 120 S 30 1956K 00:00:00 0.00% had

889 889 120 S 29 61592K 00:00:00 0.00% routed

1160 1160 120 S 28 23096K 00:00:01 0.19% sshd

· Enter q to quit interactive mode.

Table 58 Command output

Field	Description
84 processes; 107 threads; 683 fds	Numbers of processes, threads, and open files.
JID	Job ID of a process, which never changes.
PID	ID of a process.
PRI	Priority level of a process.
State	State of a process: · R—Running. · S—Sleeping. · T—Traced or stopped. · D—Uninterruptible sleep. · Z—Zombie.
FDs	Number of open files for a process.
MEM	Memory usage. It displays 0 for a kernel thread.
HH:MM:SS	Running time of a process since last restart.
CPU	CPU usage of a process.
Name	Name of a process. If square brackets ([ ]) exist in a process name, the process is a kernel thread.

monitor thread

Use monitor thread to display thread statistics.

Syntax

monitor thread [ dumbtty ] [ iteration number ] [ slot slot-number [ cpu cpu-number ] ]

Views

Any view

Predefined user roles

network-admin

Parameters

dumbtty: Specifies dumbtty mode. In this mode, the command displays all thread statistics in descending order of CPU usage without refreshing statistics. If you do not specify the keyword, the command displays statistics for top 10 processes in descending order of CPU usage in an interactive mode, and refreshes statistics every 5 seconds by default.

slot slot-number: Specifies an IRF member device by its ID. If you do not specify a member device, this command displays information for the master device.

cpu cpu-number: Specifies a CPU by its number. The value can only be 0.

Usage guidelines

If you do not specify the dumbtty keyword, the command displays thread statistics in an interactive mode. In this mode, the system automatically determines the number of displayed thread processes according to the screen size and does not display exceeding processes. You can also input interactive commands as shown in Table 59 to perform relevant operations.

Table 59 Interactive commands

Commands	Description
? or h	Displays help information that includes available interactive commands.
d	Sets the interval for refreshing statistics. The default interval is 5 seconds.
k	Kills a process. Because the command can impact system operation, be cautious when you use it.
l	Refreshes the screen.
n	Changes the maximum number of threads displayed within a screen, in the range of 0 to 2147483647. The default value is 10. A value of 0 means no limit. Only threads not exceeding the screen size can be displayed.
q	Quits interactive mode.
<	Moves sort field to the next left column.
>	Moves sort field to the next right column.

Examples

# Display thread statistics in dumbtty mode.

<Sysname> monitor thread dumbtty

84 processes; 107 threads

Thread states: 1 running, 106 sleeping, 0 stopped, 0 zombie

CPU states: 83.19% idle, 1.68% user, 10.08% kernel, 5.04% interrupt

Memory: 755M total, 417M available, page size 4K

JID TID LAST_CPU PRI State HH:MM:SS MAX CPU Name

1175 1175 0 120 R 00:00:00 1 10.75% top

1 1 0 120 S 00:00:06 1 2.68% scmd

881 881 0 120 S 00:00:09 1 2.01% diagd

776 776 0 120 S 00:00:01 0 0.67% [DEVD]

866 866 0 120 S 00:00:11 1 0.67% devd

2 2 0 115 S 00:00:00 0 0.00% [kthreadd]

3 3 0 115 S 00:00:01 0 0.00% [ksoftirqd/0]

4 4 0 99 S 00:00:00 1 0.00% [watchdog/0]

5 5 0 115 S 00:00:00 0 0.00% [events/0]

6 6 0 115 S 00:00:00 0 0.00% [khelper]

796 796 0 115 S 00:00:00 0 0.00% [kip6fs/1]

# Display thread statistics in interactive mode.

<Sysname> monitor thread

84 processes; 107 threads

Thread states: 1 running, 106 sleeping, 0 stopped, 0 zombie

CPU states: 94.43% idle, 0.76% user, 3.64% kernel, 1.15% interrupt

Memory: 755M total, 417M available, page size 4K

JID TID LAST_CPU PRI State HH:MM:SS MAX CPU Name

1176 1176 0 120 R 00:00:01 1 3.42% top

866 866 0 120 S 00:00:12 1 0.85% devd

881 881 0 120 S 00:00:09 1 0.64% diagd

1 1 0 120 S 00:00:06 1 0.42% scmd

1160 1160 0 120 S 00:00:01 1 0.21% sshd

2 2 0 115 S 00:00:00 0 0.00% [kthreadd]

3 3 0 115 S 00:00:01 0 0.00% [ksoftirqd/0]

4 4 0 99 S 00:00:00 1 0.00% [watchdog/0]

5 5 0 115 S 00:00:00 0 0.00% [events/0]

6 6 0 115 S 00:00:00 0 0.00% [khelper]

· Enter h or a question mark (?) to display help information as follows:

Help for interactive commands:

?,h Show the available interactive commands

c Sort by the CPU field(default)

d Set the delay interval between screen updates

k Kill a job

l Refresh the screen

n Set the maximum number of threads to display

q Quit the interactive display

t Sort by run time of threads since last restart

< Move sort field to the next left column

> Move sort field to the next right column

Press any key to continue

· Enter d, and then enter a number to modify the refresh interval. If you enter 3, statistics are refreshed every 3 seconds.

Enter the delay interval between screen updates (1~2147483647): 3

· Enter n, and then enter a number to modify the maximum number of displayed threads. If you enter 5, statistics for five threads are displayed.

Enter the max number of threads to display(0 means unlimited): 5

84 processes; 107 threads

Thread states: 1 running, 106 sleeping, 0 stopped, 0 zombie

CPU states: 93.26% idle, 0.99% user, 4.23% kernel, 1.49% interrupt

Memory: 755M total, 417M available, page size 4K

JID TID LAST_CPU PRI State HH:MM:SS MAX CPU Name

1176 1176 0 120 R 00:00:02 1 3.71% top

1 1 0 120 S 00:00:06 1 0.92% scmd

866 866 0 120 S 00:00:13 1 0.69% devd

881 881 0 120 S 00:00:10 1 0.69% diagd

720 720 0 115 D 00:00:01 0 0.23% [TMTH]

· Enter k and then enter a JID to kill a thread. If you enter 881, the thread with the JID of 881 is killed.

Enter the JID to kill: 881

83 processes; 106 threads

Thread states: 1 running, 105 sleeping, 0 stopped, 0 zombie

CPU states: 96.26% idle, 0.54% user, 2.63% kernel, 0.54% interrupt

Memory: 755M total, 418M available, page size 4K

JID TID LAST_CPU PRI State HH:MM:SS MAX CPU Name

1176 1176 0 120 R 00:00:04 1 1.86% top

866 866 0 120 S 00:00:14 1 0.87% devd

1 1 0 120 S 00:00:07 1 0.49% scmd

730 730 0 0 S 00:00:04 1 0.12% [DIBC]

762 762 0 120 S 00:00:22 1 0.12% [MNET]

· Enter q to quit interactive mode.

Table 60 Command output

Field	Description
84 processes; 107 threads	Numbers of processes and threads.
JID	Job ID of a thread, which never changes.
TID	ID of a thread.
LAST_CPU	Number of the CPU on which the latest thread scheduling occurs.
PRI	Priority level of a thread.
State	State of a thread: · R—Running. · S—Sleeping. · T—Traced or stopped. · D—Uninterruptible sleep. · Z—Zombie.
HH:MM:SS	Running time of a thread since last restart.
MAX	Longest time that a single thread scheduling occupies the CPU, in milliseconds.
CPU	CPU usage of a thread.
Name	Name of a thread. If square brackets ([ ]) exist in a thread name, the thread is a kernel thread.

process core

Use process core to enable or disable a process to generate core files for exceptions and set the maximum number of core files.

Syntax

process core { maxcore value | off } { job job-id | name process-name } [ slot slot-number [ cpu cpu-number ] ]

Views

User view

Default

A process generates a core file for the first exception and does not generate any core files for subsequent exceptions.

Predefined user roles

network-admin

Parameters

off: Disables core file generation.

maxcore value: Enables core file generation and sets the maximum number of core files, in the range of 1 to 10.

name process-name: Specifies a process by its name, a case-insensitive string of 1 to 15 characters.

job job-id: Specifies a process by its job ID, in the range of 1 to 2147483647. The job ID does not change after the process restarts.

slot slot-number: Specifies an IRF member device by its ID. If you do not specify a member device, this command displays information for the master device.

cpu cpu-number: Specifies a CPU by its number. The value can only be 0.

Usage guidelines

The command applies to all instances of a process.

The command enables the system to generate a core file each time the specified process crashes until the maximum number of core files is reached. A core file records the exception information.

Because the core files consume system storage resources, you can disable core file generation for processes for which you do not need to review exception information.

Examples

# Disable core file generation for process routed.

<Sysname> process core off name routed

# Enable core file generation for process routed and set the maximum number of core files to 5.

<Sysname> process core maxcore 5 name routed

Related commands

· display exception context

· exception filepath

reset exception context

Use reset exception context to clear context information for process exceptions.

Syntax

reset exception context [ slot slot-number [ cpu cpu-number ] ]

Views

User view

Predefined user roles

network-admin

Parameters

slot slot-number: Specifies an IRF member device by its ID. If you do not specify this option, the command clears context information for process exceptions on the master device.

cpu cpu-number: Specifies a CPU by its number. The value can only be 0.

Examples

# Clear context information for exceptions.

<Sysname> reset exception context

Related commands

display exception context

reset kernel deadloop

Use reset kernel deadloop to clear kernel thread deadloop information.

Syntax

reset kernel deadloop [ slot slot-number [ cpu cpu-number ] ]

Views

User view

Predefined user roles

network-admin

Parameters

slot slot-number: Specifies an IRF member device by its ID. If you do not specify this option, the command clears kernel thread deadloop information for the master device.

cpu cpu-number: Specifies a CPU by its number. The value can only be 0.

Examples

# Clear kernel thread deadloop information.

<Sysname> reset kernel deadloop

Related commands

display kernel deadloop

reset kernel exception

Use reset kernel exception to clear kernel thread exception information.

Syntax

reset kernel exception [ slot slot-number [ cpu cpu-number ] ]

Views

User view

Predefined user roles

network-admin

Parameters

slot slot-number: Specifies an IRF member device by its ID. If you do not specify this option, the command clears kernel thread exception information for the master device.

cpu cpu-number: Specifies a CPU by its number. The value can only be 0.

Examples

# Clear kernel thread exception information.

<Sysname> reset kernel exception

Related commands

display kernel exception

reset kernel reboot

Use reset kernel reboot to clear kernel thread reboot information.

Syntax

reset kernel reboot [ slot slot-number [ cpu cpu-number ] ]

Views

User view

Predefined user roles

network-admin

Parameters

slot slot-number: Specifies an IRF member device by its ID. If you do not specify this option, the command clears kernel thread reboot information for the master device.

cpu cpu-number: Specifies a CPU by its number. The value can only be 0.

Examples

# Clear kernel thread reboot information.

<Sysname> reset kernel reboot

Related commands

display kernel reboot

PoE commands

A WX1804H access controller does not support PI configuration by using a PoE profile.

The following matrix shows the feature and hardware compatibility:

Hardware series	Model	PoE compatibility
WX1800H series	WX1804H	Yes
	WX1810H	Yes
	WX1820H	No
	WX1840H	No
WX3800H series	WX3820H WX3840H	No
WX5800H series	WX5860H	No

apply poe-profile

Use apply poe-profile to apply a PoE profile to a power interface (PI).

Use undo apply poe-profile to restore the default.

Syntax

apply poe-profile { index index | name profile-name }

undo apply poe-profile { index index | name profile-name }

Default

No PoE profile is applied to PIs.

Views

PI view

Predefined user roles

network-admin

Parameters

index index: Specifies a PoE profile by its index number in the range of 1 to 100.

name profile-name: Specifies a PoE profile by its name, a case-sensitive string of 1 to 15 characters.

Examples

# Apply the PoE profile named forIPphone to GigabitEthernet 1/0/1.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] apply poe-profile name forIPphone

Related commands

· apply poe-profile interface

· display poe-profile

apply poe-profile interface

Use apply poe-profile interface to apply a PoE profile to PIs.

Use undo apply poe-profile interface to remove the PoE profile application from PIs.

Syntax

apply poe-profile { index index | name profile-name } interface interface-range

undo apply poe-profile { index index | name profile-name } interface interface-range

Default

No PoE profile is applied to a PI.

Views

System view

Predefined user roles

network-admin

Parameters

index index: Specifies a PoE profile by its index number in the range of 1 to 100.

name profile-name: Specifies a PoE profile by its name, a case-sensitive string of 1 to 15 characters.

interface-range: Specifies a range of Ethernet interfaces in the form of interface-type interface-number [ to interface-type interface-number ], where interface-type interface-number represents the interface type and interface number. The start interface number must be smaller than the end interface number. If an interface in the specified range does not support PoE, it is ignored when the PoE profile is applied.

Examples

# Apply the PoE profile named forIPphone to GigabitEthernet 1/0/1.

<Sysname> system-view

[Sysname] apply poe-profile name forIPphone interface gigabitethernet 1/0/1

# Apply the PoE profile with index number 1 to PIs GigabitEthernet 1/0/2 to GigabitEthernet 1/0/8.

<Sysname> system-view

[Sysname] apply poe-profile index 1 interface gigabitethernet 1/0/2 to gigabitethernet 1/0/8

Related commands

· apply poe-profile

· display poe-profile interface

display poe device

Use display poe device to display general PSE information.

Syntax

display poe device

Views

Any view

Predefined user roles

network-admin

network-operator

Examples

# Display general PSE information.

<Sysname> display poe device

PSE ID Slot No. SSlot No. PortNum MaxPower(W) State Model

1 1 0 10 196.0 On MSG360 10P POE

Table 61 Command output

Field	Description
PSE ID	ID of the PSE.
Slot No.	Slot number of the PSE.
SSlot No.	Sub-slot number of the PSE.
PortNum	Number of PIs on the PSE.
MaxPower(W)	Maximum power of the PSE.
State	PSE status: · On—The PSE is supplying power. · Off—The PSE is not supplying power. · Faulty—The PSE has failed.
Model	PSE model.

display poe interface

Use display poe interface to display power supplying information for PIs.

Syntax

display poe interface [ interface-type interface-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

interface-type interface-number: Specifies an interface by its type and number. If you do not specify an interface, this command displays power supplying information for all PIs.

Examples

# Display power supplying information for GigabitEthernet 1/0/1.

<Sysname> display poe interface gigabitethernet 1/0/1

PoE Status : Enabled

Power Priority : Low

Oper : Off

IEEE Class : 0

Detection Status : Disabled

Power Mode : Spare

Current Power : 0 mW

Average Power : 0 mW

Peak Power : 0 mW

Max Power : 30000 mW

Electric Current : 0 mA

Voltage : 0.0 V

PD Description :

Table 62 Command output

Field	Description
PoE status	PoE status: · Enabled. · Disabled.
Power Priority	Power supply priority of the PI: · Critical (highest). · High. · Low.
Oper	Operating status of a PI: · Off—PoE is disabled. · On—Power is being supplied to the PI correctly. · Power-lack—Remaining guaranteed power is insufficient for a critical PI. · Power-deny—The PSE refuses to supply power. The power required by the PD is higher than the configured power. · Power-itself—The PD is using another power supply. · Power-limit—The PSE is supplying power to the PD based on the configured power though the PD requires more power than the configured power.
IEEE Class	PD power class: 0, 1, 2, 3, or 4. If the PSE does not support PD classification, this field displays a hyphen (-).
Detection Status	Power detection status of a PI: · Disabled—The PoE function is disabled. · Searching—The PI is searching for the PD. · Delivering power—The PI is supplying power to the PD. · Fault—A fault occurred during the test. · Test—The PI is undergoing a test. · Other fault—A fault has caused the PSE to enter the idle status. · PD disconnected—The PD is disconnected.
Power Mode	Power transmission mode of a PI: · Signal—Power is being supplied over signal cables. · Spare—Power is being supplied over spare cables.
Current Power	Current power of a PI, including PD consumption power and transmission loss. Typical transmission loss is within 1 watt.
Average Power	Average power of a PI.
Peak Power	Peak power of a PI.
Max Power	Maximum power of a PI.
Electric Current	Current of a PI.
Voltage	Voltage of a PI.
PD Description	Type and location description for the PD connected to the PI.

# Display power supplying information for all PIs.

<Sysname> display poe interface

Interface PoE Priority CurPower Oper IEEE Detection

(W) Class Status

GE1/0/1 Disabled High 0.0 Off 0 Disabled

GE1/0/2 Disabled Low 0.0 Off 0 Disabled

GE1/0/3 Enabled Low 0.0 Off 0 Searching

GE1/0/4 Disabled Low 0.0 Off 0 Disabled

GE1/0/5 Enabled Low 0.0 Off 0 Searching

GE1/0/6 Disabled Low 0.0 Off 0 Disabled

GE1/0/7 Disabled Low 0.0 Off 0 Disabled

GE1/0/8 Disabled Low 0.0 Off 0 Disabled

GE1/0/9 Disabled Low 0.0 Off 0 Disabled

GE1/0/10 Disabled Low 0.0 Off 0 Disabled

--- On State Ports: 0; Used: 0.0(W); Remaining: 196.0(W) ---

Table 63 Command output

Field	Description
Interface	Interface name of a PI.
PoE	PoE status: · Enabled. · Disabled.
Priority	Power priority of a PI: · Critical (highest). · High. · Low.
CurPower	Current power of a PI.
Oper	Operating status of a PI: · Off—PoE is disabled. · On—Power is being supplied to the PI correctly. · Power-lack—Remaining guaranteed power is insufficient for a critical PI. · Power-deny—The PSE refuses to supply power. The power required by the PD is higher than the configured power. · Power-itself—The PD is using another power supply. · Power-limit—The PSE is supplying power to the PD based on the configured power though the PD requires more power than the configured power.
IEEE Class	PD power class: 0, 1, 2, 3, or 4. If the PSE does not support PD classification, this field displays a hyphen (-).
Detection Status	Power detection status of a PI: · Disabled—PoE function is disabled. · Searching—The PI is searching for the PD. · Delivering Power—The PI is supplying power for the PD. · Fault—A fault occurred during the test. · Test—The PI is undergoing a test. · Other fault—A fault has caused the PSE to enter the idle status. · PD disconnected—The PD is disconnected.
On State Ports	Number of PIs that are supplying power.
Used	Power consumed by the current PI.
Remaining	Total remaining power of the system.

display poe interface power

Use display poe interface power to display power information for PIs.

Syntax

display poe interface power [ interface-type interface-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

interface-type interface-number: Specifies an interface by its type and number. If you do not specify an interface, this command displays power information for all PIs.

Examples

# Display power information for GigabitEthernet 1/0/1.

<Sysname> display poe interface power gigabitethernet 1/0/1

Interface Current Peak Max PD Description

(W) (W) (W)

GE1/0/1 15.0 15.3 30.0 Access Point on Room 509 for Peter

# Display power information for all PIs.

<Sysname> display poe interface power

Interface Current Peak Max PD Description

(W) (W) (W)

GE1/0/1 0.0 0.0 30.0

GE1/0/2 0.0 0.0 30.0

GE1/0/3 0.0 0.0 30.0

GE1/0/4 0.0 0.0 30.0

GE1/0/5 0.0 0.0 30.0

GE1/0/6 0.0 0.0 30.0

GE1/0/7 0.0 0.0 30.0

GE1/0/8 0.0 0.0 30.0

GE1/0/9 0.0 0.0 30.0

GE1/0/10 0.0 0.0 30.0

--- On State Ports: 0; Used: 0.0(W); Remaining: 196.0(W) ---

Table 64 Command output

Field	Description
Interface	Interface name of a PI.
CurPower	Current power of a PI.
PeakPower	Peak power of a PI.
MaxPower	Maximum power of a PI.
PD Description	Type and location description for the PD connected to a PI.
Ports On	Number of PIs that are supplying power.
Used	Power consumed by all PIs.
Remaining	Total remaining power of the system.

display poe pse

Use display poe pse to display detailed PSE information.

Syntax

display poe pse

Views

Any view

Predefined user roles

network-admin

network-operator

Examples

# Display detailed PSE information.

<Sysname> display poe pse

PSE ID : 1

Slot No. : 1

SSlot No. : 0

PSE Model : MSG360 10P POE

Current Power : 11.4 W

Average Power : 11.3 W

Peak Power : 18.3 W

Max Power : 196.0 W

Remaining Guaranteed Power : 196.0 W

PSE CPLD Version : -

PSE Software Version : 210

PSE Hardware Version : 0

Legacy PD Detection : Disabled

Power Utilization Threshold : 80

PD Power Policy : Disabled

PD Disconnect-Detection Mode : DC

Table 65 Command output

Field	Description
PSE ID	ID of the PSE.
Slot No.	Slot number of the PSE.
SSlot No.	Subslot number of the PSE.
PSE Status	PoE status of the PSE: · Enabled. · Disabled.
Power Priority	Power priority of the PSE.
Current Power	Current power of the PSE.
Average Power	Average power of the PSE.
Peak Power	Peak power of the PSE.
Max Power	Maximum power of the PSE.
Remaining Guaranteed Power	Remaining guaranteed power of the PSE = Maximum guaranteed power of the PSE – Total maximum power of all critical PIs of the PSE.
PSE CPLD Version	PSE CPLD version number.
PSE Software Version	PSE software version number.
PSE Hardware Version	PSE hardware version number.
Legacy PD Detection	Nonstandard PD detection status: · Enabled. · Disabled.
Power Utilization Threshold	PSE power alarm threshold.
PSE Power Policy	PSE priority policy status.
PD Power Policy	PI priority policy status.
PD Disconnect Detection Mode	PD disconnection detection mode.

display poe-profile

Use display poe-profile to display information about the PoE profile.

Syntax

display poe-profile [ index index | name profile-name ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

index index: Specifies a PoE profile by its index number in the range of 1 to 100.

name profile-name: Specifies a PoE profile by its name, a case-sensitive string of 1 to 15 characters.

Usage guidelines

If you do not specify a profile, the command displays information about all PoE profiles.

Examples

# Display information about all PoE profiles.

<Sysname> display poe-profile

PoE Profile Index ApplyNum Interfaces Configuration

forIPphone 1 2 GE1/0/1 poe enable

GE1/0/2 poe priority critical

forAP 2 2 GE1/0/3 poe enable

GE1/0/4 poe enable

--- Total PoE profiles: 2, total ports: 4 ---

# Display information about the PoE profile with index number 1.

<Sysname> display poe-profile index 1

PoE Profile Index ApplyNum Interfaces Configuration

forIPphone 1 2 GE1/0/1 poe enable

GE1/0/2 poe priority critical

--- Total ports: 2 ---

Table 66 Command output

Field	Description
PoE Profile	Name of the PoE profile.
Index	Index number of the PoE profile.
ApplyNum	Number of PIs to which the PoE profile is applied.
Interfaces	Interface name of the PI to which the PoE configuration is applied.
Configuration	Configurations of the PoE profile.
Total PoE profiles	Number of PoE profiles.
Total ports	Number of PIs to which all PoE profiles are applied.

display poe-profile interface

Use display poe-profile interface to display information about the PoE profile on a PI.

Syntax

display poe-profile interface interface-type interface-number

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

interface-type interface-number: Specifies an interface by its type and number.

Examples

# Display information about the PoE profile on GigabitEthernet 1/0/1.

<Sysname> display poe-profile interface gigabitethernet 1/0/1

PoEProfile Index ApplyNum Interface Effective configuration

forIPphone 1 1 GE1/0/1 poe enable

poe priority critical

The Effective configuration field displays the configurations that have taken effect. For the descriptions of other fields, see Table 66.

poe enable

Use poe enable to enable PoE on a PI.

Use undo poe enable to disable PoE on a PI.

Syntax

poe enable

undo poe enable

Default

PoE is disabled on a PI.

Views

PI view

PoE profile view

Predefined user roles

network-admin

Usage guidelines

If a PoE profile has been applied to a PI, remove the application before configuring the PI in PoE profile view.

If a PI has been configured, remove the configuration before configuring the PI in PI view.

Examples

# Enable PoE on a PI in PI view.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] poe enable

# Enable PoE on a PI in PoE profile view.

<Sysname> system-view

[Sysname] poe-profile abc

[Sysname-poe-profile-abc-1] poe enable

Related commands

· display poe interface

· poe-profile

poe legacy enable

Use poe legacy enable to enable the PSE to detect nonstandard PDs.

Use undo poe legacy enable to disable the PSE from detecting nonstandard PDs.

Syntax

poe legacy enable

undo poe legacy enable

Default

Nonstandard PD detection is disabled.

Views

System view

Predefined user roles

network-admin

Examples

# Enable the PSE to detect nonstandard PDs.

<Sysname> system-view

[Sysname] poe legacy enable

Related commands

display poe pse

poe max-power

Use poe max-power to set the maximum PI power.

Use undo poe max-power to restore the default.

Syntax

poe max-power max-power

undo poe max-power

Default

The maximum PI power is 30000 millwatts.

Views

PI view

PoE profile view

Predefined user roles

network-admin

Parameters

max-power: Sets the maximum PI power in the range of 1000 to 30000 milliwatts. The value must be a multiple of 100.

Usage guidelines

The following matrix shows the command and hardware compatibility:

Hardware series	Model	Command compatibility
WX1800H series	WX1804H	No
	WX1810H	Yes
	WX1820H	No
	WX1840H	No
WX3800H series	WX3820H WX3840H	No

Examples

# Set the maximum PI power to 12000 milliwatts in PI view.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] poe max-power 12000

# Set the maximum PI power to 12000 milliwatts in PoE profile view.

<Sysname> system-view

[Sysname] poe-profile abc

[Sysname-poe-profile-abc-1] poe max-power 12000

poe mode

Use poe mode to configure a PoE power transmission mode.

Use undo poe mode to restore the default.

Syntax

poe mode { signal | spare }

undo poe mode

Default

The PoE power transmission mode is signal (power over signal cables).

Views

PI view

PoE profile view

Predefined user roles

network-admin

Parameters

signal: Specifies the PoE power transmission mode as power over signal cables. The system uses pairs 1, 2, 3, and 6 in the Category 3 or Category 5 twisted pair cable to supply DC power.

spare: Specifies the PoE power transmission mode as power over spare cables. The system uses pairs 4, 5, 7, and 8 in the Category 3 or Category 5 twisted pair cable to supply DC power.

Examples

# Set the PoE power transmission mode to power over signal cables in PI view.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] poe mode signal

# Set the PoE power transmission mode to power over signal cables in PoE profile view.

<Sysname> system-view

[Sysname] poe-profile abc

[Sysname-poe-profile-abc-1] poe mode signal

Related commands

poe-profile

poe pd-description

Use poe pd-description to configure a description for the PD that connects to a PI.

Use undo poe pd-description to restore the default.

Syntax

poe pd-description text

undo poe pd-description

Default

No description is configured for the PD that connects to a PI.

Views

PI view

Predefined user roles

network-admin

Parameters

text: Configures a description for the PD connected to the PI, a case-sensitive string of 1 to 80 characters.

Examples

# Configure the description for the PD as IP Phone for Room 101.

<Sysname> system-view

[Sysname] interface gigabitEthernet 1/0/1

[Sysname-GigabitEthernet1/0/1] poe pd-description IP Phone For Room 101

poe pd-policy priority

Use poe pd-policy priority to enable the PI priority policy.

Use undo poe pd-policy priority to restore the default.

Syntax

poe pd-policy priority

undo poe pd-policy priority

Default

The PI priority policy is disabled.

Views

System view

Predefined user roles

network-admin

Usage guidelines

The following matrix shows the command and hardware compatibility:

Hardware series	Model	Command compatibility
WX1800H series	WX1804H	No
	WX1810H	Yes
	WX1820H	No
	WX1840H	No
WX3800H series	WX3820H WX3840H	No

The PI priority policy enables the PSE to perform priority-based power allocation to PIs when PSE power overload occurs. The priority levels for PIs are critical, high, and low in descending order.

When PSE power overload occurs, the PSE supplies power to PDs as follows:

· If the PI priority policy is disabled, the PSE does not supply power to the newly-added or existing PD that causes PSE power overload.

· If the PI priority policy is enabled, the PSE supplies power to PDs based on the PI priority policy.

Examples

# Enable the PI priority policy.

<Sysname> system-view

[Sysname] poe pd-policy priority

Related commands

poe priority

Use poe priority to set a power supply priority for a PI.

Use undo poe priority to restore the default.

Syntax

poe priority { critical | high | low }

undo poe priority

Default

The power supply priority of a PI is low.

Views

PI view

PoE profile view

Predefined user roles

network-admin

Parameters

critical: Sets the power supply priority to critical. The PI with critical power priority operates in guaranteed mode. Power is first supplied to the PD connected to the critical PI.

high: Sets the power supply priority to high.

low: Sets the power supply priority to low.

Usage guidelines

The following matrix shows the command and hardware compatibility:

Hardware series	Model	Command compatibility
WX1800H series	WX1804H	No
	WX1810H	Yes
	WX1820H	No
	WX1840H	No
WX3800H series	WX3820H WX3840H	No

When PSE power overload occurs, the PSE supplies power to PDs as follows:

· If the PI priority policy is disabled, the PSE does not supply power to the newly-added or existing PD that causes PSE power overload.

· If the PI priority policy is enabled, the PSE supplies power to PDs as follows:

? If a PD being powered causes PSE power overload, the PSE stops supplying power to this PD.

? If a newly-added PD causes PSE power overload, the PSE supplies power to PDs in priority descending order of the PIs to which they are connected. If the newly-added PD and a PD being powered have the same priority, the PD being powered takes precedence. If multiple PIs being powered have the same priority, the PIs with smaller IDs take precedence.

Examples

# Set the power supply priority of the PI to critical in PI view.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] poe priority critical

# Set the power supply priority of the PI to critical in PoE profile view.

<Sysname> system-view

[Sysname] poe-profile abc

[Sysname-poe-profile-abc-1] poe priority critical

[Sysname-poe-profile-abc-1] quit

[Sysname] interface gigabitEthernet 1/0/1

[Sysname-GigabitEthernet1/0/1] apply poe-profile name abc

Related commands

poe pd-policy priority

poe-profile

Use poe-profile to create a PoE profile and enter its view, or enter the view of an existing PoE profile.

Use undo poe-profile to delete a PoE profile.

Syntax

poe-profile profile-name [ index ]

undo poe-profile { index index | name profile-name }

Default

No PoE profiles exist.

Views

System view

Predefined user roles

network-admin

Parameters

profile-name: Specifies a PoE profile name, a case-sensitive string of 1 to 15 characters. A PoE configuration file name begins with a letter and must not contain reserved keywords including undo, all, name, interface, user, poe, disable, mode, priority, or enable.

index: Specifies the index number of a PoE profile, in the range of 1 to 100.

Usage guidelines

To configure PIs in batches, use the PoE profile.

If you do not specify a profile index, the system automatically assigns an index (starting from 1) to the PoE profile.

If a PoE profile is applied, use the undo apply poe-profile command to remove the application before deleting the PoE profile.

Examples

# Create a PoE profile, name it abc, and specify the index number as 3.

<Sysname> system-view

[Sysname] poe-profile abc 3

[Sysname-poe-profile-abc-3]

# Create a PoE profile and name it def. Do not specify the index number.

<Sysname> system-view

[Sysname] poe-profile def

[Sysname-poe-profile-def-1]

Related commands

· apply poe-profile

· poe enable

· poe mode

· poe priority

poe utilization-threshold

Use poe utilization-threshold to configure a power alarm threshold for the PSE.

Use undo poe utilization-threshold to restore the default power alarm threshold of the PSE.

Syntax

poe utilization-threshold value

undo poe utilization-threshold

Default

The power alarm threshold for the PSE is 80%.

Views

System view

Predefined user roles

network-admin

Parameters

value: Specifies alarm threshold as a percentage of 1 to 99.

Usage guidelines

If PSE power usage crosses the threshold multiple times in succession, the system sends notification messages only for the first crossing. For more information, see "Configuring SNMP."

Examples

# Set the power alarm threshold of the PSE to 90%.

<Sysname> system-view

[Sysname] poe utilization-threshold 90

Flow log commands

display userlog export

Use display userlog export to display flow log configuration and statistics.

Syntax

display userlog export

Views

Any view

Predefined user roles

network-admin

network-operator

Examples

# Display flow log configuration and statistics.

<Sysname> display userlog export

Flow:

Export flow log as UDP Packet.

Version: 3.0

Source ipv4 address: 2.2.2.2

Source ipv6 address:

Log load balance function: Disabled

Local time stamp: Disabled

Log host numbers: 1

Log host 1:

Host/Port: 1.2.3.6/2000

Total logs/UDP packets exported: 112/87

Log host 2:

Host/Port:1.1.1.1/2000

Total logs/UDP packets exported: 6553665536/409597846

Table 67 Command output

Field	Description
Flow	Flow log configuration and statistics.
Export flow log as UDP Packet	Flow log entries were sent to log hosts in UDP.
Version	Flow log feature version.
Source ipv4/ipv6 address	Source IPv4 or IPv6 address of the packets that contained the flow log entries.
Log load balance function	Load balancing status for flow log entries: · Enabled—Flow log entries are distributed among available log hosts. · Disabled—Every flow log entry is copied and sent to all available log hosts.
Local time stamp	Whether the local time is used in the log timestamp: · Enabled—The local time is used. · Disabled—The UTC time is used.
Log hosts numbers	Total number of log hosts.
Log host	Information about the log host.
Host/port	IP address and port number of the log host.
Total logs	Total number of flow log entries exported to the log hosts.
UDP packets exported	Total number of UDP packets used to export the flow log entries. A UDP packet can contain multiple flow log entries.

Related commands

userlog flow export

display userlog host-group

Use display userlog host-group to display flow log host group information.

Syntax

display userlog host-group [ ipv6 ] [ host-group-name ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

ipv6: Specifies an IPv6 flow log host group. Do not configure this keyword if you want to specify an IPv4 flow log host group.

host-group-name: Specify a flow log host group by its name, a case-sensitive string of 1 to 63 characters. If you do not specify a log host group, this command displays information about all log host groups.

Examples

# Display information about IPv4 flow log host group test.

<Sysname> display userlog host-group test

Userlog host-group test:

ACL number: 2000

Flow log host numbers: 0

# Display information about all IPv4 flow log host groups.

<Sysname> display userlog host-group

There are 1 IPv4 host groups.

Userlog host-group test:

ACL number: 2000

Flow log host numbers: 0

Table 68 Command output

Field	Description
Userlog host-group test	Information about a flow log host group.
ACL number/ACL name	ACL used by the log host group to match flow log entries.
Flow log host numbers	Number of flow log hosts in the group.
Log host	Information about a flow log host.
Host/Port	IP address and port number of the log host.

Related commands

· userlog host-group

· userlog host-group host flow

reset userlog flow export

Use reset userlog flow export to clear flow log statistics.

Syntax

reset userlog flow export

Views

User view

Predefined user roles

network-admin

Examples

# Clear flow log statistics.

<Sysname> reset userlog flow export

Related commands

userlog flow export

userlog flow export host

Use userlog flow export host to specify a log host to receive flow log entries.

Use undo userlog flow export host to remove a log host.

Syntax

userlog flow export host { hostname | ipv4-address | ipv6 ipv6-address } port udp-port

undo userlog flow export host { hostname | ipv4-address | ipv6 ipv6-address }

Default

No log hosts are specified.

Views

System view

Predefined user roles

network-admin

Parameters

hostname: Specifies a log host by its name, a case-insensitive string of 1 to 253 characters. The host name can contain letters, digits, and special characters including hyphen (-), underscore (_), and dot (.).

ipv4-address: Specifies a log host by its IPv4 address. The address must be a valid unicast address and cannot be a loopback address.

ipv6 ipv6-address: Specifies a log host by its IPv6 address.

port udp-port: Specifies the UDP port number of the log host, in the range of 1 to 65535. To avoid collision with well-known UDP port numbers, H3C recommends that you use UDP port numbers in the range 1025 to 65535.

Examples

# Export flow log entries to UDP port 2000 on the log host at 1.2.3.6.

<Sysname> system-view

[Sysname] userlog flow export host 1.2.3.6 port 2000

Related commands

display userlog export

userlog flow export load-balancing

Use userlog flow export load-balancing to enable load balancing for flow log entries.

Use undo userlog flow export load-balancing to restore the default.

Syntax

userlog flow export load-balancing

undo userlog flow export load-balancing

Default

Load balancing is disabled. The device sends a copy of each flow log entry to all available log hosts.

Views

System view

Predefined user roles

network-admin

Usage guidelines

In load balancing mode, flow log entries are distributed among log hosts based on the source IP addresses (before NAT) that are recorded in the entries. The flow log entries generated for the same source IP address are sent to the same log host. If a log host goes down, the flow logs sent to it will be lost.

Examples

# Enable load balancing for flow logging.

<Sysname> system-view

[Sysname] userlog flow export load-balancing

Related commands

userlog flow export host

userlog flow export source-ip

Use userlog flow export source-ip to specify a source IP address for flow log packets.

Use undo userlog flow export source-ip to restore the default.

Syntax

userlog flow export source-ip ip-address

undo userlog flow export source-ip

Default

The source IP address of flow log packets is the IP address of their outgoing interface.

Views

System view

Predefined user roles

network-admin

Parameters

ip-address: Specifies an IP address.

Examples

# Specify 1.2.1.2 as the source IP address for flow log packets.

<Sysname> system-view

[Sysname] userlog flow export source-ip 1.2.1.2

Related commands

userlog flow export host

userlog flow export timestamp localtime

Use userlog flow export timestamp localtime to configure the device to use the local time in the timestamp of flow logs.

Use undo userlog flow export timestamp localtime to restore the default.

Syntax

userlog flow export timestamp localtime

undo userlog flow export timestamp localtime

Default

The device uses the UTC time in the timestamp of flow logs.

Views

System view

Predefined user roles

network-admin

Usage guidelines

The device uses either the local time or the UTC time in the timestamp of flow logs.

· UTC time—Standard Greenwich Mean Time (GMT).

· Local time—Standard GMT plus or minus the time zone offset.

The time zone offset can be configured by using the clock timezone command. For more information, see Fundamentals Command Reference.

Examples

# Configure the device to use the local time in the timestamp of flow logs.

<Sysname> system-view

[Sysname] userlog flow export timestamp localtime

userlog flow export version

Use userlog flow export version to set the flow log version.

Use undo userlog flow export version to restore the default.

Syntax

userlog flow export version version-number

undo userlog flow export version

Default

The flow log version is 1.0.

Views

System view

Predefined user roles

network-admin

Parameters

version-number: Specifies a flow log version. Available options are 1 and 3.

Usage guidelines

If you set the flow log version multiple times, the most recent setting takes effect.

Examples

# Set the flow log version to 3.0.

<Sysname> system-view

[Sysname] userlog flow export version 3

Related commands

userlog flow export host

userlog flow syslog

Use userlog flow syslog to specify the information center as the destination for flow log export.

Use undo userlog flow syslog to restore the default.

Syntax

userlog flow syslog

undo userlog flow syslog

Default

Flow log entries are not exported.

Views

System view

Predefined user roles

network-admin

Usage guidelines

You can export flow log entries to log hosts or the information center, but not both. If both methods are configured, the system exports flow log entries to the information center.

Flow log entries are converted to the syslog format when they are exported to the information center. Their severity level is informational. With the information center, you can specify multiple log output destinations, including the console, log host, and log file.

Log entries in ASCII format are human readable. However, the log data volume is higher in ASCII format than in binary format.

Examples

# Specify the information center as the destination for flow log export.

<Sysname> system-view

[Sysname] userlog flow syslog

Related commands

userlog flow export host

userlog host-group

Use userlog host-group to create a flow log host group and enter its view, or enter the view of an existing flow log host group.

Use undo userlog host-group to delete a flow log host group.

Syntax

userlog host-group [ ipv6 ] host-group-name acl { name acl-name | number acl-number }

undo userlog host-group [ ipv6 ] host-group-name

Default

No flow log host groups exist.

Views

System view

Predefined user roles

network-admin

Parameters

ipv6: Creates an IPv6 flow log host group. Do not configure this keyword if you want to create an IPv4 flow log host group.

host-group-name: Specify a name for the flow log host group, a case-sensitive string of 1 to 63 characters.

acl: Specify an ACL to match the flow log entries to be sent to the flow log host group.

name acl-name: Specifies the ACL name, a case-insensitive string of 1 to 63 characters. The ACL name must start with a letter and cannot be all.

number acl-number: Specifies the ACL number, in the range of 2000 to 3999.

Usage guidelines

The flow log host group feature enables the device to send specific flow logs to specific group of log hosts. This facilitates log filtering and reduces the log sending and processing workload of the device.

A flow log host group uses an ACL to match the flow logs to be sent to it. Make sure the ACL rules can identify the designated flow logs.

If a flow log matches multiple log host groups, the device sends the log to the group that comes first in alphabetical order of the matching group names.

If a flow log does not match any log host groups, the device ignores the log host group configuration and sends the log to all configured log hosts.

A flow log host group does not take effect if the ACL specified for the group does not exist or does not contain ACL rules.

Examples

# Create an IPv4 flow log host group named test and specify ACL 2000 for it.

<Sysname> system-view

[Sysname] userlog host-group test acl number 2000

[Sysname-userlog-host-group-test]

Related commands

· display userlog host-group

· userlog host-group host flow

userlog host-group host flow

Use userlog host-group host flow to assign a log host to a flow log host group.

Use undo userlog host-group host flow to remove a log host from a flow log host group.

Syntax

IPv4 flow log host group view:

userlog host-group host flow { hostname | ipv4-address | }

undo userlog host-group host flow { hostname | ipv4-address }

IPv6 flow log host group view:

userlog host-group host flow ipv6 { hostname | ipv6-address }

undo userlog host-group host flow ipv6 { hostname | ipv6-address }

Default

No log hosts exist in a flow log host group.

Views

IPv4 flow log host group view

IPv6 flow log host group view

Predefined user roles

network-admin

Parameters

hostname: Specifies a log host by its name, a case-insensitive string of 1 to 253 characters. The host name can contain letters, digits, hyphens (-), underscores (_), and dots (.).

ipv4-address: Specifies a log host by its IPv4 address. The address must be a valid IPv4 unicast address and cannot be a loopback address.

ipv6 ipv6-address: Specifies a log host by its IPv6 address. The address must be a valid IPv6 unicast address and cannot be a loopback address or all zeros.

Usage guidelines

A flow log host group can contain multiple log hosts, and a log host can be assigned to multiple flow log host groups.

Before you assign a log host to a flow log host group, make sure the log host has been configured on the device by using userlog flow export host the command.

Examples

# Assign a log host to flow log host group test.

<Sysname> system-view

[Sysname] userlog host-group test acl number 2000

[Sysname-userlog-host-group-test] userlog host-group host flow 1.2.3.6

Related commands

· display userlog host-group

· userlog flow export host

· userlog host-group

Packet capture commands

A CF card is used as an example in this chapter. For information about the storage media supported by the device, see file system management in Fundamentals Configuration Guide.

display packet-capture status

Use display packet-capture status to display packet capture status information.

Syntax

display packet-capture status

Views

Any view

Predefined user roles

network-admin

Examples

# Display packet capture status information for radio 1 of AP 1.

<Sysname> display packet-capture status

AP name : ap1

Radio ID : 1

Radio mode : 802.11n(2.4GHz)

Channel : 1

Status : Capturing

File name : database.dhcp

Username : 1

Password : ******

Table 69 Command output

Field	Description
Status	Packet capture status. Only the Capturing status is supported in the current software version.
Username	Username for logging in to the remote FTP server.
Password	Password for logging in to the remote FTP server. Both ciphertext and plaintext passwords are displayed as ******. If no password is required or configured, this filed displays N/A.

Related commands

· packet-capture local ap

· packet-capture remote ap

packet-capture local ap

Use packet-capture local ap to capture incoming packets on an AP radio and save the captured packets to a file on an FTP server.

Syntax

packet-capture local ap ap-name radio radio-id [ capture-filter capt-expression | limit-frame-size bytes | autostop filesize kilobytes | autostop duration seconds ] * write url url [ username username [ password { cipher | simple } key ] ]

Views

User view

Predefined user roles

network-admin

Parameters

ap-name: Specifies an AP by its name, a case-insensitive string of 1 to 64 characters.

radio radio-id: Specifies a radio by its ID.

capture-filter capt-expression: Specifies an expression to match packets to be captured. If you do not specify a capture filter expression, the device captures all incoming packets on an interface.

limit-frame-size bytes: Sets the maximum number of bytes to capture for a packet. The value range is 64 to 8000 bytes, and the default value is 8000 bytes.

autostop filesize kilobytes: Stops capturing packets if the maximum packet file size is exceeded when file rotation is disabled. The kilobytes argument sets the maximum packet file size. The value range is 1 to 65536 kilobytes. If you do not set a limit, the packet file size is unlimited.

autostop duration seconds: Stops capturing packets when the capturing duration expires. The seconds argument sets the capturing duration. The value range is 1 to 2147483647 seconds. If you do not set a limit, the capturing duration is unlimited.

write url url: Specifies the URL of the packet file on an FTP server to store captured packet data. The URL must be a case-sensitive string of 1 to 255 characters. The URL string must not contain at signs (@), and the specified username and password. If you do not specify a URL, the captured packet data is not saved.

username username: Specifies the username for logging in to the FTP server. The username is a case-sensitive string of 1 to 32 characters.

password: Specifies the password for logging in to the FTP server.

cipher: Specifies a ciphertext password.

simple: Specifies a plaintext password.

key: Specifies the password. This argument is case sensitive. If simple is specified, it must be a string of 1 to 32 characters. If cipher is specified, it must be a ciphertext string of 1 to 73 characters.

Usage guidelines

To stop the capture while it is capturing packets, use the packet-capture stop command.

If you configure both the autostop filesize option and autostop duration option, the packet capture stops when any one of the limits for the stop options is reached.

Follow these restrictions and guidelines to specify the URL, username, and password:

· If the IP address of the FTP server is an IPv4 address, enter URL in the format of ftp://FTP server IPv4 address[:port number]/file name.

· If the server address is an IPv6 address, enclose the address in a pair of brackets, and enter URL in the format of ftp://[FTP server IPv6 address][:port number]/file name.

· You can also specify the DNS domain name for the server address field. The URL format is ftp://DNS domain name/file name.

· The username and password must be the same as those configured on the FTP server. If the server authenticates only the username, the password can be omitted.

Do not set a short capturing duration in the autostop duration seconds option. If the duration is too short, the capture might stop when a user has not logged in to the FTP server. The captured packets cannot be saved because a packet file has not been created.

Examples

# Capture incoming packets on radio 1 of AP 1.

<Sysname> packet-capture local ap ap1 radio 1 write url ftp://10.1.1.1/database.pcap username 1 password simple 1

Related commands

· display packet-capture status

· packet-capture stop

packet-capture remote ap

Use packet-capture remote ap to capture incoming packets on an AP radio.

Syntax

packet-capture remote ap ap-name radio radio-id [ port port ]

Views

User view

Predefined user roles

network-admin

Parameters

ap-name: Specifies an AP by its name, a case-insensitive string of 1 to 64 characters.

radio radio-id: Specifies a radio by its ID.

port port: Specifies the RPCAP service port on the AP by its port number. If you do not specify a RPCAP service port, RPCAP service port 2002 is used.

Usage guidelines

After this command is executed, the client (such as Wireshark) connected to the RPCAP service port of the AP can obtain packets captured on the AP radio.

To stop the capture while it is capturing packets, use the packet-capture stop command.

Examples

# Capture incoming packets on radio 2 of AP 1 and specify the RPCAP service port number as 2014.

<Sysname> packet-capture remote ap ap1 radio 2 port 2014

Related commands

· display packet-capture status

· packet-capture stop

packet-capture stop

Use packet-capture stop to stop the packet capture.

Syntax

packet-capture stop

Views

User view

Predefined user roles

network-admin

Usage guidelines

When a local AC on a hierarchical network goes offline, the central AC stops the packet capture management processes for the APs connected to the local AC. However, packet capture on the APs continues. To stop the packet capture, you must enable packet capture on the central AC for the APs again and execute this command.

Examples

# Stop the packet capture.

<Sysname> packet-capture stop

Related commands

· packet-capture local ap

· packet-capture remote ap

Information center commands

The WX1800H series access controllers do not support the slot keyword or the slot-number argument.

The storage media supported by the device depends on the device model. A CF card is used as an example.

customlog format

Use customlog format to enable custom log output.

Use undo customlog format to restore the default.

Syntax

customlog format { attack-defense | nat { cmcc | telecom | unicom } | packet-filter | session }

undo customlog format { attack-defense | nat | packet-filter | session } *

Default

Custom log output is disabled.

Views

System view

Predefined user roles

network-admin

Parameters

attack-defense: Enables custom log output for the attack defense module.

nat: Enables custom log output in a specific format for the NAT module.

· cmcc: Specifies the cmcc format.

· unicom: Specifies the unicom format.

· telecom: Specifies the telecom format.

packet-filter: Enables custom log output for the packet filter module.

session: Enables custom log output for the session module.

Usage guidelines

The following matrix shows the command and hardware compatibility:

Hardware series	Model	Command compatibility
WX1800H series	WX1804H WX1810H WX1820H WX1840H	No
WX3800H series	WX3820H WX3840H	Yes
WX5800H series	WX5860H	Yes

Traditionally, logs generated by different modules must be sent to the device information center before being output to log hosts or other destinations.

The custom log output feature enables fast delivery of logs. Logs that are sent as custom logs are not sent to the information center. Instead, they are sent directly to the log hosts specified by using the customlog host command.

The custom log output feature is available for the attack defense, NAT, packet filter, and session modules. See related documents for information about these modules.

To output custom NAT logs to a log host, you must specify the log format required by the log host in the customlog format and customlog host commands.

Logs of the attack defense, packet filter, and session modules can be output as custom logs only in H3C format.

Examples

# Enable custom log output in unicom format for NAT logs.

<Sysname> system

[Sysname] customlog format nat unicom

Related commands

customlog host

Use customlog host to enable outputting custom NAT logs to a log host.

Use undo customlog host to restore the default.

Syntax

customlog host { hostname | ipv4-address | ipv6 ipv6-address } [ port port-number ] export { attack-defense | cmcc-sessionlog | cmcc-userlog | packet-filter | session | telecom-sessionlog | telecom-userlog | unicom-sessionlog | unicom-userlog } *

undo customlog host { hostname | ipv4-address | ipv6 ipv6-address } [ port port-number ]

Default

No log hosts are specified to receive custom NAT logs.

Views

System view

Predefined user roles

network-admin

Parameters

ipv4-address: Specifies a log host by its IPv4 address.

ipv6 ipv6-address: Specifies a log host by its IPv6 address.

port port-number: Specifies the port number of the log host. The value range is 1 to 65535, and the default is 514. The setting must be the same as the port number configured on the log host. Otherwise, the log host cannot receive custom logs.

attack-defense: Outputs logs of the attack defense module to the log host.

cmcc-sessionlog: Outputs NAT session logs in cmcc format to the log host.

cmcc-userlog: Outputs NAT user logs in cmcc format to the log host.

packet-filter: Outputs logs of the packet filter module to the log host.

session: Outputs logs of the session management module to the log host.

telecom-sessionlog: Outputs NAT session logs in telecom format to the log host.

telecom-userlog: Outputs NAT user logs in telecom format to the log host.

unicom-sessionlog: Outputs NAT session logs in unicom format to the log host.

unicom-userlog: Outputs NAT user logs in unicom format to the log host.

Usage guidelines

The following matrix shows the command and hardware compatibility:

Hardware series	Model	Command compatibility
WX1800H series	WX1804H WX1810H WX1820H WX1840H	No
WX3800H series	WX3820H WX3840H	Yes
WX5800H series	WX5860H	Yes

You can use the customlog host command to specify a maximum of four log hosts.

The customlog host command takes effect only after the customlog format command is configured.

To output custom NAT logs to a log host, you must specify the log format required by the log host in the customlog format and customlog host commands.

Logs of the attack defense, packet filter, and session management modules can be output as custom logs only in H3C format.

Examples

# Output NAT session logs and user logs in unicom format to the log host 1.1.1.1.

<Sysname> system-view

[Sysname] customlog host 1.1.1.1 port 1000 export unicom-sessionlog unicom-userlog

Related commands

customlog format

customlog host source

Use customlog host source to specify a source IP address for custom logs.

Use undo customlog host source to restore the default.

Syntax

customlog host source interface-type interface-number

undo customlog host source

Default

The source IP address of output custom logs is the primary IP address of the outgoing interface.

Views

System view

Predefined user roles

network-admin

Parameters

interface-type interface-number: Specifies a source interface. The interface's primary IP address will be used as the source IP address for custom logs.

Usage guidelines

The following matrix shows the command and hardware compatibility:

Hardware series	Model	Command compatibility
WX1800H series	WX1804H WX1810H WX1820H WX1840H	No
WX3800H series	WX3820H WX3840H	Yes
WX5800H series	WX5860H	Yes

The customlog host source command takes effect only after the customlog format and customlog host commands are configured.

Examples

# Use the IP address of Loopback 0 as the source IP address for custom logs.

<Sysname> system-view

[Sysname] interface loopback 0

[Sysname-LoopBack0] ip address 2.2.2.2 32

[Sysname-LoopBack0] quit

[Sysname] customlog host source loopback 0

Related commands

customlog format

customlog host

customlog timestamp

Use customlog timestamp localtime to configure the timestamp of output custom logs to show the local time.

Use undo customlog timestamp localtime to restore the default.

Syntax

customlog timestamp localtime

undo customlog timestamp localtime

Default

The timestamp of output custom logs shows the Greenwich Mean Time (GMT).

Views

System view

Predefined user roles

network-admin

Usage guidelines

The following matrix shows the command and hardware compatibility:

Hardware series	Model	Command compatibility
WX1800H series	WX1804H WX1810H WX1820H WX1840H	No
WX3800H series	WX3820H WX3840H	Yes
WX5800H series	WX5860H	Yes

Examples

# Configure the timestamp of output custom logs to show the local time.

<Sysname> system-view

[Sysname] customlog timestamp localtime

Related commands

customlog format

customlog host

diagnostic-logfile save

Use diagnostic-logfile save to manually save diagnostic logs from the diagnostic log file buffer to the diagnostic log file.

Syntax

diagnostic-logfile save

Views

Any view

Predefined user roles

network-admin

Usage guidelines

You can specify the directory to save the diagnostic log file by using the info-center diagnostic-logfile directory command.

The system clears the diagnostic log file buffer after saving the buffered diagnostic logs to the diagnostic log file.

Examples

# Manually save diagnostic logs from the diagnostic log file buffer to the diagnostic log file.

<Sysname> diagnostic-logfile save

The contents in the diagnostic log file buffer have been saved to the file cfa0:/diagfile/diagfile.log.

Related commands

· info-center diagnostic-logfile enable

· info-center diagnostic-logfile directory

display diagnostic-logfile summary

Use display diagnostic-logfile summary to display the diagnostic log file configuration.

Syntax

display diagnostic-logfile summary

Views

Any view

Predefined user roles

network-admin

network-operator

Examples

# Display the diagnostic log file configuration.

<Sysname> display diagnostic-logfile summary

Diagnostic log file: Enabled.

Diagnostic log file size quota: 10 MB

Diagnostic log file directory: cfa0:/diagfile

Writing frequency: 24 hour 0 min 0 sec

Table 70 Command output

Field	Description
Diagnostic log file	· Enabled—Diagnostic logs can be output to the diagnostic log file. · Disabled—Diagnostic logs cannot be output to the diagnostic log file.
Diagnostic log file size quota	Maximum size for the diagnostic log file, in MB.
Log file directory	Directory where the diagnostic log file is saved.
Writing frequency	Interval at which the system saves diagnostic logs from the buffer to the diagnostic log file.

display info-center

Use display info-center to display information center configuration information.

Syntax

display info-center

Views

Any view

Predefined user roles

network-admin

network-operator

Examples

# Display information center configuration.

<Sysname> display info-center

Information Center: Enabled

Console: Enabled

Monitor: Enabled

Log host: Enabled

IP address: 192.168.0.1, port number: 5000, host facility: local7

IP address: 192.168.0.2, port number: 5001, host facility: local5

Log buffer: Enabled

Max buffer size 1024, current buffer size 512,

Current messages 0, dropped messages 0, overwritten messages 0

Log file: Enabled

Security log file: Enabled

Information timestamp format:

Loghost: Date

Other output destination: Date

display logbuffer

Use display logbuffer to display the state of the log buffer and the log information in the log buffer.

Syntax

display logbuffer [ reverse ] [ level severity | size buffersize | slot slot-number ] *

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

reverse: Displays log entries chronologically, with the most recent entry at the top. If you do not specify this keyword, the command displays log entries chronologically, with the oldest entry at the top.

level severity: Specifies a severity level in the range of 0 to 7. If you do not specify a severity level, this command displays log information for all levels.

Table 71 Log levels

Severity value	Level	Description	Corresponding keyword in commands
0	Emergency	The system is unusable. For example, the system authorization has expired.	emergency
1	Alert	Action must be taken immediately. For example, traffic on an interface exceeds the upper limit.	alert
2	Critical	Critical condition. For example, the device temperature exceeds the upper limit, the power module fails, or the fan tray fails.	critical
3	Error	Error condition. For example, the link state changes.	error
4	Warning	Warning condition. For example, an interface is disconnected, or the memory resources are used up.	warning
5	Notification	Normal but significant condition. For example, a terminal logs in to the device, or the device reboots.	notification
6	Informational	Informational message. For example, a command or a ping operation is executed.	informational
7	Debugging	Debugging message.	debugging

slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command displays information for all member devices.

Examples

# Display the state and log information of the log buffer.

<Sysname> display logbuffer slot 1

Log buffer: Enabled

Max buffer size: 1024

Actual buffer size: 512

Dropped messages: 0

Overwritten messages: 0

Current messages: 127

%Jun 19 18:03:24:55 2006 Sysname SYSLOG /7/SYS_RESTART:System restarted

…

Table 72 Command output

Field	Description
Log buffer	· Enabled—Logs can be output to the log buffer. · Disabled—Logs cannot be output to the buffer.
Max buffer size	Maximum buffer size supported by the device.
Actual buffer size	Maximum buffer size configured by using the info-center logbuffer size command.
Dropped messages	Number of dropped messages.
Overwritten messages	Number of overwritten messages.
Current messages	Number of current messages.

Related commands

· info-center logbuffer

· reset logbuffer

display logbuffer summary

Use display logbuffer summary to display the summary of the log buffer.

Syntax

display logbuffer summary [ level severity | slot slot-number ] *

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

level severity: Specifies a severity level in the range of 0 to 7. If you do not specify a severity level, this command displays log information of all levels in the log buffer. For more information about log levels, see Table 71.

slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command displays information for all member devices.

Examples

# Display the summary of the log buffer.

<Sysname> display logbuffer summary

Slot EMERG ALERT CRIT ERROR WARN NOTIF INFO DEBUG

1 0 0 1 11 4 20 24 0

Table 73 Command output

Field	Description
Slot	Member ID of the device in the IRF fabric.
EMERG	Represents emergency. For more information, see Table 71.
ALERT	Represents alert. For more information, see Table 71.
CRIT	Represents critical. For more information, see Table 71.
ERROR	Represents error. For more information, see Table 71.
WARN	Represents warning. For more information, see Table 71.
NOTIF	Represents notification. For more information, see Table 71.
INFO	Represents informational. For more information, see Table 71.
DEBUG	Represents debug. For more information, see Table 71.

display logfile summary

Use display logfile summary to display the log file configuration.

Syntax

display logfile summary

Views

Any view

Predefined user roles

network-admin

network-operator

Examples

# Display the log file configuration.

<Sysname> display logfile summary

Log file: Enabled.

Log file size quota: 10 MB

Log file directory: cfa0:/logfile

Writing frequency: 0 hour 1 min 10 sec

Table 74 Command output

Field	Description
Log file	· Enabled—Logs can be output to the log file. · Disabled—Logs cannot be output to the log file.
Log file size quota	Maximum storage space reserved for the log file, in MB.
Log file directory	Log file directory.
Writing frequency	Log file writing frequency.

display security-logfile summary

Use display security-logfile summary to display the summary of the security log file.

Syntax

display security-logfile summary

Views

Any view

Predefined user roles

security-audit

Usage guidelines

A local user can use this command only after being authorized as the security log administrator by the system administrator through the authorization-attribute user-role security-audit command. For more information about security log administrator, see Security Configuration Guide.

Examples

# Display the summary of the security log file.

<Sysname> display security-logfile summary

Security log file: Enabled

Security log file size quota: 10 MB

Security log file directory: cfa0:/seclog

Alarm threshold: 80%

Current usage: 30%

Writing frequency: 1 hour 0 min 0 sec

Table 75 Command output

Field	Description
Security log file	· Enabled—Security logs can be output to the security log file. · Disabled—Security logs cannot be output to the security log file.
Security log file size quota	Maximum storage space reserved for the security log file.
Security log file directory	Security log file directory.
Alarm-threshold	Alarm threshold of the security log file usage.
Current usage	Current usage of the security log file.
Writing frequency	Security log file writing frequency.

Related commands

authorization-attribute (Security Command Reference)

enable log updown

Use enable log updown to enable an interface to generate link up or link down logs when the interface state changes.

Use undo enable log updown to disable an interface from generating link up or link down logs when the interface state changes.

Syntax

enable log updown

undo enable log updown

Default

All interfaces are allowed to generate link up and link down logs.

Views

Interface view

Predefined user roles

network-admin

Examples

# Disable port GigabitEthernet 1/0/1 from generating link up or link down logs.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] undo enable log updown

info-center diagnostic-logfile directory

Use info-center diagnostic-logfile directory to configure the directory to save the diagnostic log file.

Syntax

info-center diagnostic-logfile directory dir-name

Default

The diagnostic log file is saved in the diagfile directory under the root directory of the storage device.

Views

System view

Predefined user roles

network-admin

Parameters

dir-name: Specifies a directory by its name, a string of 1 to 64 characters.

Usage guidelines

The specified directory must have been created.

This command cannot survive a reboot. (IRF-incapable devices.)

This command cannot survive an IRF reboot or a master/subordinate switchover. (IRF-capable devices.)

Examples

# Set the diagnostic log file directory to cfa0:/test.

<Sysname> mkdir test

Creating directory cfa0:/test... Done.

<Sysname> system-view

[Sysname] info-center diagnostic-logfile directory cfa0:/test

The directory is in primary partition.

info-center diagnostic-logfile enable

Use info-center diagnostic-logfile enable to enable saving diagnostic logs to the diagnostic log file.

Use undo info-center diagnostic-logfile enable to disable saving diagnostic logs to the diagnostic log file.

Syntax

info-center diagnostic-logfile enable

undo info-center diagnostic-logfile enable

Default

Saving diagnostic logs to the diagnostic log file is enabled.

Views

System view

Predefined user roles

network-admin

Usage guidelines

This command enables saving diagnostic logs to the diagnostic log file for centralized management. Users can view the diagnostic logs to monitor device activities and to troubleshoot problems.

Examples

# Enable saving diagnostic logs to the diagnostic log file.

<Sysname> system-view

[Sysname] info-center diagnostic-logfile enable

info-center diagnostic-logfile frequency

Use info-center diagnostic-logfile frequency to configure the interval at which the system saves diagnostic logs from the diagnostic log file buffer to the diagnostic log file.

Use undo info-center diagnostic-logfile frequency to restore the default saving interval.

Syntax

info-center diagnostic-logfile frequency freq-sec

undo info-center diagnostic-logfile frequency

Default

The diagnostic log file saving interval is 86400 seconds.

Views

System view

Predefined user roles

network-admin

Parameters

freq-sec: Specifies the interval (in seconds) at which the system saves diagnostic logs from the diagnostic log file buffer to the diagnostic log file. The value range is 10 to 86400.

Usage guidelines

The system outputs diagnostic logs to the diagnostic log file buffer, and then saves the buffered logs to the diagnostic log file at the specified interval.

Examples

# Set the diagnostic log file saving interval to 600 seconds.

<Sysname> system-view

[Sysname] info-center diagnostic-logfile frequency 600

Related commands

info-center diagnostic-logfile enable

info-center diagnostic-logfile quota

Use info-center diagnostic-logfile quota to set the maximum size for the diagnostic log file.

Use undo info-center diagnostic-logfile quota to restore the default.

Syntax

info-center diagnostic-logfile quota size

undo info-center diagnostic-logfile quota

Default

The maximum size for the diagnostic log file is 10 MB.

Views

System view

Predefined user roles

network-admin

Parameters

size: Specifies the maximum size for the diagnostic log file, in the range of 1 to 10 MB.

Examples

# Set the maximum size to 6 MB for the diagnostic log file.

<Sysname> system-view

[Sysname] info-center diagnostic-logfile quota 6

info-center enable

Use info-center enable to enable the information center.

Use undo info-center enable to disable the information center.

Syntax

info-center enable

undo info-center enable

Default

The information center is enabled.

Views

System view

Predefined user roles

network-admin

Examples

# Enable the information center.

<Sysname> system-view

[Sysname] info-center enable

Information center is enabled.

info-center format

Use info-center format to set the format for logs sent to log hosts.

Use undo info-center format to restore the default.

Syntax

info-center format { unicom | cmcc }

undo info-center format

Default

Logs are sent to log hosts in standard format.

Views

System view

Predefined user roles

network-admin

Parameters

unicom: Specifies the unicom format.

cmcc: Specifies the China Mobile Communications Corporation (cmcc) format.

Usage guidelines

Logs can be sent to log hosts in standard, unicom, or cmcc format. For more information about log formats, see Network Management and Monitoring Configuration Guide.

Examples

# Set the log format to unicom for logs sent to log hosts.

<Sysname> system-view

[Sysname] info-center format unicom

info-center logbuffer

Use info-center logbuffer to enable log output to the log buffer.

Use undo info-center logbuffer to disable log output to the log buffer.

Syntax

info-center logbuffer

undo info-center logbuffer

Default

Log output to the log buffer is enabled.

Views

System view

Predefined user roles

network-admin

Examples

# Enable log output to the log buffer.

<Sysname> system-view

[Sysname] info-center logbuffer

Related commands

· display logbuffer

· info-center enable

info-center logbuffer size

Use info-center logbuffer size to set the maximum number of logs that can be stored in the log buffer.

Use undo info-center logbuffer size to restore the default.

Syntax

info-center logbuffer size buffersize

undo info-center logbuffer size

Default

The log buffer can store a maximum of 512 logs.

Views

System view

Predefined user roles

network-admin

Parameters

buffersize: Specifies the maximum number of logs that can be stored in the log buffer. The value range is 0 to 1024, and the default is 512.

Examples

# Set the maximum log buffer size to 50.

<Sysname> system-view

[Sysname] info-center logbuffer size 50

# Restore the default maximum log buffer size.

<Sysname> system-view

[Sysname] undo info-center logbuffer size

Related commands

· display logbuffer

· info-center enable

info-center logfile directory

Use info-center logfile directory to specify the log file directory.

Syntax

info-center logfile directory dir-name

Default

The log file is saved in the logfile directory under the root directory of the storage device.

Views

System view

Predefined user roles

network-admin

Parameters

dir-name: Specifies a directory by its name, a string of 1 to 64 characters.

Usage guidelines

The specified directory must have been created.

The log file has a .log extension. When the default log file directory runs out of space, use this command to specify a new log file directory.

This command cannot survive a reboot. (IRF-incapable devices.)

This command cannot survive an IRF reboot or a master/subordinate switchover. (IRF-capable devices.)

Examples

# Create a directory named test under the root directory of the CF card.

<Sysname> mkdir test

Creating directory cfa0:/test... Done.

# Set the log file directory to cfa0:/test.

<Sysname> system-view

[Sysname] info-center logfile directory cfa0:/test

The directory is in primary partition.

Related commands

info-center logfile enable

Use info-center logfile enable to enable the log file feature.

Use undo info-center logfile enable to disable the log file feature.

Syntax

info-center logfile enable

undo info-center logfile enable

Default

The log file feature is enabled.

Views

System view

Predefined user roles

network-admin

Examples

# Enable log output to the log file.

<Sysname> system-view

[Sysname] info-center logfile enable

info-center logfile frequency

Use info-center logfile frequency to configure the interval for saving logs to the log file.

Use undo info-center logfile frequency to restore the default saving interval.

Syntax

info-center logfile frequency freq-sec

undo info-center logfile frequency

Default

The log file saving interval is 86400 seconds.

Views

System view

Predefined user roles

network-admin

Parameters

freq-sec: Specifies the interval (in seconds) at which the system saves logs to the log file. The value range is 1 to 86400.

Usage guidelines

This command enables the system to automatically save logs in the log file buffer to the log file at the specified interval.

Examples

# Set the log file saving interval to 60000 seconds.

<Sysname> system-view

[Sysname] info-center logfile frequency 60000

Related commands

info-center logfile enable

info-center logfile size-quota

Use info-center logfile size-quota to set the maximum size for the log file.

Use undo info-center logfile size-quota to restore the default.

Syntax

info-center logfile size-quota size

undo info-center logfile size-quota

Default

The following matrix shows the default values for the size argument:

Hardware series	Model	Default
WX1800H series	WX1804H WX1810H WX1820H WX1840H	10 MB
WX3800H series	WX3820H WX3840H	4 MB
WX5800H series	WX5860H	10 MB

Views

System view

Predefined user roles

network-admin

Parameters

size: Specifies the maximum size for the log file, in the range of 1 to 10 MB.

Examples

# Set the maximum size to 6 MB for the log file.

<Sysname> system-view

[Sysname] info-center logfile size-quota 6

Related commands

info-center logfile enable

info-center logging suppress duplicates

Use info-center logging suppress duplicates to enable duplicate log suppression.

Use undo info-center logging suppress duplicate to restore the default.

Syntax

info-center logging suppress duplicates

undo info-center logging suppress duplicates

Default

Duplicate log suppression is disabled.

Views

System view

Predefined user roles

network-admin

Usage guidelines

Outputting consecutive duplicate logs at an interval of less than 30 seconds wastes system and network resources.

With this feature enabled, the system starts a suppression period when outputting a new log:

· During the suppression period, the system does not output logs with the same module name, level, mnemonic, location, and text as the previous log.

· After the suppression period expires, if the same log continues to appear, the system outputs the suppressed logs and the log number and starts another suppression period. The suppression period is 30 seconds the first time, 2 minutes the second time, and 10 minutes for subsequent times.

· If a different log is generated during the suppression period, the system aborts the current suppression period, outputs suppressed logs and the log number and then outputs the new log, starting another suppression period.

Examples

Suppose the IP address of VLAN-interface 100 on device A conflicts with that of another device on the network, device A will output the following log information repeatedly:

%Jan 1 07:27:48:636 2000 Sysname ARP/6/DUPIFIP:

Duplicate address 172.16.0.1 on interface Vlan-interface100, sourced from 00e0-fc58-123d

# Enable duplicate log suppression on device A.

<Sysname> system-view

[Sysname] info-center logging suppress duplicates

Device A continues to output the following log information:

%Jan 1 07:27:48:636 2000 Sysname ARP/6/DUPIFIP:

Duplicate address 172.16.0.1 on interface Vlan-interface100, sourced from 00e0-fc58-123d

%Jan 1 07:28:19:639 2000 Sysname ARP/6/DUPIFIP:

Duplicate address 172.16.0.1 on interface Vlan-interface100, sourced from 00e0-fc58-123d

This message repeated 4 times in last 30 seconds.

The output shows that after the duplicate log suppression feature is enabled, the system outputs another duplicate log and starts the first suppression period for 30 seconds.

%Jan 1 07:30:19:643 2000 Sysname ARP/6/DUPIFIP:

Duplicate address 172.16.0.1 on interface Vlan-interface100, sourced from 00e0-fc58-123d

This message repeated 20 times in last 2 minutes.

The output shows that the second suppression period lasts for 2 minutes.

%Jan 1 07:30:20:541 2000 Sysname ARP/6/DUPIFIP:

Duplicate address 172.16.0.1 on interface Vlan-interface100, sourced from 00e0-fc58-123d

This message repeated 1 times in last 1 second.

%Jan 1 07:30:19:542 2000 Sysname CFGMAN/5/CFGMAN_CFGCHANGED: -EventIndex=[12]-CommandSource=[2]-ConfigSource=[4]-ConfigDestination=[2]; Configuration is changed.

The output shows that a different log is generated during the suppression period.

%Jan 1 07:30:24:643 2000 Sysname ARP/6/DUPIFIP:

Duplicate address 172.16.0.1 on interface Vlan-interface100, sourced from 00e0-fc58-123d

%Jan 1 07:30:55:645 2000 Sysname ARP/6/DUPIFIP:

Duplicate address 172.16.0.1 on interface Vlan-interface100, sourced from 00e0-fc58-123d

This message repeated 4 times in last 30 seconds.

The output shows that the system starts another suppression period.

info-center loghost

Use info-center loghost to specify a log host and to configure output parameters.

Use undo info-center loghost to restore the default.

Syntax

info-center loghost { hostname | ipv4-address | ipv6 ipv6-address } [ port port-number ] [ facility local-number ]

undo info-center loghost { hostname | ipv4-address | ipv6 ipv6-address }

Default

No log hosts are specified.

Views

System view

Predefined user roles

network-admin

Parameters

ipv4-address: Specifies a log host by its IPv4 address.

ipv6 ipv6-address: Specifies a log host by its IPv6 address.

port port-number: Specifies the port number of the log host, in the range of 1 to 65535. The default is 514. It must be the same as the value configured on the log host. Otherwise, logs cannot be sent to the log host.

facility local-number: Specifies a logging facility from local0 to local7 for the log host. The default value is local7. Logging facilities are used to mark different logging sources, and query and filer logs.

Usage guidelines

The info-center loghost command takes effect only after information center is enabled with the info-center enable command.

The device supports a maximum of four log hosts.

Examples

# Output logs to the log host 1.1.1.1.

<Sysname> system-view

[Sysname] info-center loghost 1.1.1.1

info-center loghost source

Use info-center loghost source to specify a source IP address for logs sent to log hosts.

Use undo info-center loghost source to restore the default.

Syntax

info-center loghost source interface-type interface-number

undo info-center loghost source

Default

The source IP address of logs sent to log hosts is the primary IP address of the matching route's egress interface.

Views

System view

Predefined user roles

network-admin

Parameters

interface-type interface-number: Specifies a source interface. The interface's primary IP address will be used as the source IP address for logs output to log hosts.

Usage guidelines

The info-center loghost source command takes effect only after the information center is enabled with the info-center enable command.

Examples

# Specify the source interface as loopback 0 for logs sent to log hosts.

<Sysname> system-view

[Sysname] interface loopback 0

[Sysname-LoopBack0] ip address 2.2.2.2 32

[Sysname-LoopBack0] quit

[Sysname] info-center loghost source loopback 0

info-center security-logfile alarm-threshold

Use info-center security-logfile alarm-threshold to set the alarm threshold for security log file usage.

Use undo info-center security-logfile alarm-threshold to restore the default.

Syntax

info-center security-logfile alarm-threshold usage

undo info-center security-logfile alarm-threshold

Default

The alarm threshold for security log file usage is 80. When the usage of the security log file reaches 80%, the system outputs a message to inform the administrator.

Views

System view

Predefined user roles

network-admin

Parameters

usage: Specifies an alarm threshold. The value must be an integer in the range of 1 to 100.

Usage guidelines

When the security log file is full, the system deletes the oldest logs and then writes new logs to the security log file. This feature helps avoid security log loss by setting an alarm threshold for the security log file usage. When the threshold is reached, the system outputs log information to inform the administrator. The administrator can log in to the device as the security log administrator, and back up the security log file.

Examples

# Set the alarm threshold for security log file usage to 90.

<Sysname> system-view

[Sysname] info-center security-logfile alarm-threshold 90

Related commands

info-center security-logfile size-quota

info-center security-logfile enable

Use info-center security-logfile enable to enable saving of security logs to the security log file.

Use undo info-center security-logfile enable to restore the default.

Syntax

info-center security-logfile enable

undo info-center security-logfile enable

Default

The saving of security logs to the security log file is disabled.

Views

System view

Predefined user roles

network-admin

Usage guidelines

This feature enables the system to output security logs to the security log file buffer, and then saves the buffered logs to the security log file regularly.

Examples

# Enable saving security logs to the security log file.

<Sysname> system-view

[Sysname] info-center security-logfile enable

info-center security-logfile frequency

Use info-center security-logfile frequency to configure the interval for saving security logs to the security log file.

Use undo info-center security-logfile frequency to restore the default saving interval.

Syntax

info-center security-logfile frequency freq-sec

undo info-center security-logfile frequency

Default

The security log file saving interval is 86400 seconds.

Views

System view

Predefined user roles

network-admin

Parameters

freq-sec: Specifies a saving interval in the range of 10 to 86400 seconds.

Usage guidelines

The system outputs security logs to the security log file buffer, and then saves the buffered logs to the security log file at the specified interval.

Examples

# Set the security log file saving interval to 600 seconds.

<Sysname> system-view

[Sysname] info-center security-logfile frequency 600

Related commands

info-center security-logfile enable

info-center security-logfile size-quota

Use info-center security-logfile size-quota to set the maximum size for the security log file.

Use undo info-center security-logfile size-quota to restore the default.

Syntax

info-center security-logfile size-quota size

undo info-center security-logfile size-quota

Default

The maximum size for the security log file is 10 MB.

Views

System view

Predefined user roles

network-admin

Parameters

size: Sets the maximum size for the security log file, in the range of 1 to 10 MB.

Examples

# Set the maximum size to 6 MB for the security log file.

<Sysname> system-view

[Sysname] info-center security-logfile size-quota 6

Related commands

info-center security-logfile alarm-threshold

info-center source

Use info-center source to configure a log output rule for a module.

Use undo info-center source to restore the default.

Syntax

info-center source { module-name | default } { console | logbuffer | logfile | loghost | monitor } { deny | level severity }

undo info-center source { module-name | default } { console | logbuffer | logfile | loghost | monitor }

Default

Table 76 lists the default log output rules.

Table 76 Default output rules

Destination	Source modules	Common log	Security log	Diagnostic log	Hidden log
Console	All supported modules	debugging	Disabled	Disabled	Disabled
Monitor terminal	All supported modules	debugging	Disabled	Disabled	Disabled
Log host	All supported modules	informational	Disabled	Disabled	informational
Log buffer	All supported modules	informational	Disabled	Disabled	informational
Log file	All supported modules	informational	Disabled	Disabled	informational
Security log file	All supported modules, cannot be filtered	Disabled	Debugging, which cannot be filtered	Disabled	Disabled
Diagnostic log file	All supported modules, cannot be filtered	Disabled	Disabled	Debugging, which cannot be filtered	Disabled

Views

System view

Predefined user roles

network-admin

Parameters

module-name: Specifies a module by its name. For instance, to output FTP information, set this argument to FTP. You can use the info-center source ? command to view the modules supported by the device.

default: Specifies all modules, which can be displayed by using the info-center source ? command.

console: Outputs logs to the console.

logbuffer: Outputs logs to the log buffer.

logfile: Outputs logs to the log file.

loghost: Outputs logs to the log host.

monitor: Outputs logs to the monitor terminal.

deny: Disables log output.

level severity: Specifies a severity level in the range of 0 to 7. The smaller the severity value, the higher the severity level. See Table 71 for more information. Logs at the specified severity level and higher levels are allowed or denied to be output.

Usage guidelines

If you do not set an output rule for a module, the module uses the default output rule or the output rule set by using the default keyword.

If you use the command multiple times, only the most recent output rule takes effect for the specified module.

After you set an output rule for a module, you must use the module-name argument to modify or remove the rule. A new output rule configured by using the default keyword does not take effect on the module.

Examples

# Output only VLAN module's information with the emergency level to the console.

<Sysname> system-view

[Sysname] info-center source default console deny

[Sysname] info-center source vlan console level emergency

# Based on the previous configuration, disable output of VLAN module's information to the console so no system information is output to the console.

<Sysname> system-view

[Sysname] undo info-center source vlan console

info-center synchronous

Use info-center synchronous to enable synchronous information output.

Use undo info-center synchronous to disable synchronous information output.

Syntax

info-center synchronous

undo info-center synchronous

Default

Synchronous information output is disabled.

Views

System view

Predefined user roles

network-admin

Usage guidelines

System log output interrupts ongoing configuration operations, including obscuring previously entered commands. Synchronous information output shows the obscured commands. It also provides a command prompt in command editing mode, or a [Y/N] string in interaction mode so you can continue your operation from where you were stopped.

Examples

# Enable synchronous information output, and then issue the display current-configuration command to view the current configuration of the device.

<Sysname> system-view

[Sysname] info-center synchronous

Info-center synchronous output is on

[Sysname] display current-

At this time, the system receives log information. It displays the log information first, and then displays your previous input, which is display current- in this example.

%May 21 14:33:19:425 2007 Sysname SHELL/4/LOGIN: VTY login from 192.168.1.44

[Sysname] display current-

Enter configuration to complete the display current-configuration command, and press the Enter key to execute the command.

# Enable synchronous information output, and then save the current configuration (enter interactive information).

<Sysname> system-view

[Sysname] info-center synchronous

Info-center synchronous output is on

[Sysname] save

The current configuration will be written to the device. Are you sure? [Y/N]:

At this time, the system receives the log information. It displays the log information first and then displays [Y/N].

%May 21 14:33:19:425 2007 Sysname SHELL/4/LOGIN: VTY login from 192.168.1.44

[Y/N]:

Enter Y or N to complete your input.

info-center syslog min-age

Use info-center syslog min-age to set the minimum storage period for logs in the log buffer and log file.

Use undo info-center syslog min-age to restore the default.

Syntax

info-center syslog min-age min-age

undo info-center syslog min-age

Default

The log minimum storage period is not set.

Views

System view

Predefined user roles

network-admin

Parameters

min-age: Sets the minimum storage period in hours. The value range is 1 to 8760.

Examples

# Set the log minimum storage period to 168 hours.

<Sysname> system-view

[Sysname] info-center syslog min-age 168

info-center syslog trap buffersize

Use info-center syslog trap buffersize to set the maximum number of log traps that can be stored in the log trap buffer.

Use undo info-center syslog trap buffersize to restore the default.

Syntax

info-center syslog trap buffersize buffersize

undo info-center syslog trap buffersize

Default

The log trap buffer can store a maximum of 1024 traps.

Views

System view

Predefined user roles

network-admin

Parameters

buffersize: Specifies the maximum number of log traps that can be stored in the log trap buffer. The value range is 0 to 65535. Value 0 indicates that the device does not buffer log traps.

Usage guidelines

Log traps are SNMP notifications stored in the log trap buffer. After the snmp-agent trap enable syslog command is configured, the device sends log messages in SNMP notifications to the log trap buffer. You can view the log traps by accessing the MIB corresponding to the trap buffer.

The default buffer size is usually used. You can adjust the buffer size according to your network condition. New traps overwrites the oldest traps when the log trap buffer is full.

Examples

# Set the log trap buffer size to 2048.

<Sysname> system-view

[Sysname] info-center syslog trap buffersize 2048

Related commands

snmp-agent trap enable syslog

info-center timestamp

Use info-center timestamp to set the timestamp format for logs sent to the console, monitor terminal, log buffer, and log file.

Use undo info-center timestamp to restore the default.

Syntax

info-center timestamp { boot | date | none }

undo info-center timestamp

Default

The timestamp format for logs sent to the console, monitor terminal, log buffer, and log file is date.

Views

System view

Predefined user roles

network-admin

Parameters

boot: Sets the timestamp format to xxx.yyy, where xxx is the most significant 32 bits (in milliseconds) and yyy is the least significant 32 bits. For example, 0.21990989 equals Jun 25 14:09:26:881 2007. The boot time shows the time since system startup.

date: Sets the timestamp format to MMM DD hh:mm:ss:xxx YYYY, such as Dec 8 10:12:21:708 2007. The date time shows the current system time.

· MMM: Abbreviations of the months in English, which could be Jan, Feb, Mar, Apr, May, Jun, Jul, Aug, Sep, Oct, Nov, or Dec.

· DD: Date, starting with a space if it is less than 10, for example " 7".

· hh:mm:ss:xxx: Local time, with hh in the range of 00 to 23, mm and ss in the range of 00 to 59, and xxx in the range of 0 to 999.

· YYYY: Year.

none: Indicates no time information is provided.

Examples

# Set the timestamp format to boot for logs sent to the console, monitor terminal, log buffer, and log file.

<Sysname> system-view

[Sysname] info-center timestamp boot

Related commands

info-center timestamp loghost

Use info-center timestamp loghost to set the timestamp format for logs sent to log hosts.

Use undo info-center timestamp loghost to restore the default.

Syntax

info-center timestamp loghost { date | iso | no-year-date | none }

undo info-center timestamp loghost

Default

The timestamp format for logs sent to log hosts is date.

Views

System view

Predefined user roles

network-admin

Parameters

date: Sets the timestamp format to mmm dd hh:mm:ss yyyy, such as Dec 8 10:12:21 2007. The date time shows the current system time.

iso: Sets the ISO 8601 timestamp format, for example, 2009-09-21T15:32:55.

no-year-date: Sets the timestamp format to the current system date and time without year.

none: Indicates that no timestamp information is provided.

Examples

# Set the timestamp format to no-year-date for logs sent to log hosts.

<Sysname> system-view

[Sysname] info-center timestamp loghost no-year-date

Related commands

info-center timestamp

logfile save

Use logfile save to manually save logs in the log file buffer to the log file.

Syntax

logfile save

Views

Any view

Predefined user roles

2: System level

Usage guidelines

You can specify the directory to save the log file by using the info-center logfile directory command.

The system clears the log file buffer after saving logs from the buffer to the log file automatically or manually.

Examples

# Manually save logs from the log file buffer to the log file.

<Sysname> logfile save

The contents in the log file buffer have been saved to the file cfa0:/logfile/logfile.log.

Related commands

· info-center logfile enable

· info-center logfile directory

reset logbuffer

Use reset logbuffer to clear the log buffer.

Syntax

reset logbuffer

Views

User view

Predefined user roles

network-admin

Examples

# Clear the log buffer.

<Sysname> reset logbuffer

Related commands

display logbuffer

snmp-agent trap enable syslog

Use snmp-agent trap enable syslog to enable SNMP notifications for log messages.

Use undo snmp-agent trap enable syslog to restore the default.

Syntax

snmp-agent trap enable syslog

undo snmp-agent trap enable syslog

Default

The device does not send SNMP notifications for log messages.

Views

System view

Predefined user roles

network-admin

Usage guidelines

This command enables the device to send an SNMP notification for each log message it outputs. The device encapsulates logs in SNMP notifications and then sends them to the SNMP module and the log trap buffer.

You can configure the SNMP module to send received SNMP notifications in SNMP traps or informs to remote hosts. For more information, see Network Management and Monitoring Configuration Guide.

To view the traps in the log trap buffer, access the MIB corresponding to the log trap buffer. The log trap buffer size can be set by using the info-center syslog trap buffersize command.

Examples

# Enable the device to send SNMP notifications for log messages.

<Sysname> system-view

[Sysname] snmp-agent trap enable syslog

Related commands

info-center syslog trap buffersize

terminal debugging

Use terminal debugging to enable the display of debug information on the current terminal.

Use undo terminal debugging to disable the display of debug information on the current terminal.

Syntax

terminal debugging

undo terminal debugging

Default

The display of debug information is disabled on the current terminal.

Views

User view

Predefined user roles

network-admin

Usage guidelines

To enable the display of debug information on the console, perform the following tasks:

1. Execute the terminal debugging command.

2. Enable the information center. The information center is enabled by default.

3. Use a debugging command to enable the related debugging.

To enable the display of debug information on the current terminal, perform the following tasks:

4. Execute the terminal monitor and terminal debugging commands.

5. Enable the information center. The information center is enabled by default.

6. Use a debugging command to enable the related debugging.

This command takes effect only for the current connection between the terminal and the device. If a new connection is established, the default is restored.

You can also enable the display of debug information on the current terminal by executing the terminal logging level 7 command. This command has the following differences from the terminal debugging command:

· The terminal logging level 7 command enables log display for all levels (levels 0 through 7) on the current terminal.

· The terminal debugging command only enables display of logs with the following severity levels:

? Debug level (level 7).

? Severity level higher than or equal to the level specified in the terminal logging level command.

Examples

# Enable the display of debug information on the current terminal.

<Sysname> terminal debugging

The current terminal is enabled to display debugging information.

Related commands

· terminal logging level

· terminal monitor

terminal logging level

Use terminal logging level to set the lowest level of logs that can be output to the current terminal.

Use undo terminal logging level to restore the default.

Syntax

terminal logging level severity

undo terminal logging level

Default

The lowest level of logs that can be output to the current terminal is 6 (Informational).

Views

User view

Predefined user roles

network-admin

Parameters

severity: Specifies a log severity level in the range of 0 to 7.

Usage guidelines

This command enables the device to output logs with a severity level higher than or equal to the specified level to the current terminal. For example, if you set the severity argument to 6, logs with a severity value from 0 to 6 are output to the current terminal.

This command takes effect only for the current connection between the terminal and the device. If a new connection is established, the default is restored.

Examples

# Configure the device to output logs with the debugging level and higher levels to the current terminal.

<Sysname> terminal logging level 7

terminal monitor

Use terminal monitor to enable the monitoring of logs on the current terminal.

Use undo terminal monitor to disable the monitoring of logs on the current terminal.

Syntax

terminal monitor

undo terminal monitor

Default

Monitoring of logs is enabled on the console and disabled on the monitor terminal.

Views

User view

Predefined user roles

network-admin

Usage guidelines

This command takes effect only for the current connection between the terminal and the device. If a new connection is established, the default is restored.

Examples

# Enable the monitoring of logs on the current terminal.

<Sysname> terminal monitor

The current terminal is enabled to display logs.

Port mirroring commands

display mirroring-group

Use display mirroring-group to display mirroring group information.

Syntax

display mirroring-group { group-id | all | local }

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

group-id: Specifies a mirroring group by its number in the range of 1 to 2.

all: Specifies all mirroring groups.

local: Specifies local mirroring groups.

Usage guidelines

Mirroring group information includes the type, status, and content of a mirroring group. It is sorted by mirroring group number.

Examples

# Display information about all mirroring groups.

<Sysname> display mirroring-group all

Mirroring group 1:

Type: Local

Status: Active

Mirroring port:

GigabitEthernet1/0/1 Inbound

Monitor port: GigabitEthernet1/0/2

Table 77 Command output

Field	Description
Mirroring group	Number of the mirroring group.
Type	Type of the mirroring group. The device supports only local mirroring groups.
Status	Status of the mirroring group: · Active—The mirroring group has taken effect. · Incomplete—The mirroring group configuration is not complete and does not take effect.
Mirroring port	Source port.
Monitor port	Destination port.

mirroring-group

Use mirroring-group to create a mirroring group.

Use undo mirroring-group to delete mirroring groups.

Syntax

mirroring-group group-id local

undo mirroring-group { group-id | all | local }

Default

No mirroring groups exist.

Views

System view

Predefined user roles

network-admin

Parameters

group-id: Specifies a mirroring group by its number in the range of 1 to 2.

local: Specifies local mirroring groups.

all: Specifies all mirroring groups.

Examples

# Create local mirroring group 1.

<Sysname> system-view

[Sysname] mirroring-group 1 local

mirroring-group mirroring-port (interface view)

Use mirroring-group mirroring-port to configure a port as a source port for a mirroring group.

Use undo mirroring-group mirroring-port to restore the default.

Syntax

mirroring-group group-id mirroring-port { both | inbound | outbound }

undo mirroring-group group-id mirroring-port

Default

A port does not act as a source port for any mirroring groups.

Views

Interface view

Predefined user roles

network-admin

Parameters

group-id: Specifies a mirroring group by its number in the range of 1 to 2. The specified mirroring group must already exist.

both: Mirrors both received and sent packets.

inbound: Mirrors only received packets.

outbound: Mirrors only sent packets.

Usage guidelines

A Layer 2 aggregate interface cannot be configured as a source port for a mirroring group.

A port can act as a source port for only one mirroring group.

A source port cannot be used as a monitor port.

Examples

# Create local mirroring group 1 to monitor the bidirectional traffic of GigabitEthernet 1/0/1.

<Sysname> system-view

[Sysname] mirroring-group 1 local

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] mirroring-group 1 mirroring-port both

Related commands

mirroring-group

mirroring-group mirroring-port (system view)

Use mirroring-group mirroring-port to configure source ports for a mirroring group.

Use undo mirroring-group mirroring-port to remove source ports from a mirroring group.

Syntax

mirroring-group group-id mirroring-port interface-list { both | inbound | outbound }

undo mirroring-group group-id mirroring-port interface-list

Default

No source port is configured for a mirroring group.

Views

System view

Predefined user roles

network-admin

Parameters

group-id: Specifies a mirroring group by its number in the range of 1 to 2. The specified mirroring group must already exist.

interface-list: Specifies a space-separated list of up to eight port items. Each item specifies a single port or a port range in the form of interface-type interface-number1 to interface-type interface-number2. The specified interfaces must be of the same type and on the same card. The value for the interface-number2 argument must be equal to or greater than the value for the interface-number1 argument.

both: Mirrors both received and sent packets.

inbound: Mirrors only received packets.

outbound: Mirrors only sent packets.

Usage guidelines

A Layer 2 aggregate interface cannot be configured as a source port for a mirroring group.

A port can act as a source port for only one mirroring group.

A source port cannot be used as a monitor port.

Examples

# Create local mirroring group 1 to monitor the bidirectional traffic of GigabitEthernet 1/0/1.

<Sysname> system-view

[Sysname] mirroring-group 1 local

[Sysname] mirroring-group 1 mirroring-port gigabitethernet 1/0/1 both

Related commands

mirroring-group

mirroring-group monitor-port (interface view)

Use mirroring-group monitor-port to configure a port as a monitor port for a mirroring group.

Use undo mirroring-group monitor-port to restore the default.

Syntax

mirroring-group group-id monitor-port

undo mirroring-group group-id monitor-port

Default

A port does not act as a monitor port for any mirroring groups.

Views

Interface view

Predefined user roles

network-admin

Parameters

group-id: Specifies a mirroring group by its number in the range of 1 to 2. The specified mirroring group must already exist.

Usage guidelines

Do not enable the spanning tree feature on the monitor port of a mirroring group.

For a Layer 2 aggregate interface configured as the monitor port of a mirroring group, do not configure its member ports as source ports of the mirroring group.

Use a monitor port only for port mirroring, so the data monitoring device receives and analyzes only the mirrored traffic.

Do not configure a port of an existing mirroring group as a monitor port.

Examples

# Create local mirroring group 1 and configure GigabitEthernet 1/0/1 as its monitor port.

<Sysname> system-view

[Sysname] mirroring-group 1 local

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] mirroring-group 1 monitor-port

Related commands

mirroring-group

mirroring-group monitor-port (system view)

Use mirroring-group monitor-port to configure the monitor ports for a mirroring group.

Use undo mirroring-group monitor-port to remove the monitor ports from a mirroring group.

Syntax

mirroring-group group-id monitor-port interface-list

undo mirroring-group group-id monitor-port interface-list

Default

No monitor port is configured for a mirroring group.

Views

System view

Predefined user roles

network-admin

Parameters

group-id: Specifies a mirroring group by its number in the range of 1 to 2. The specified mirroring group must already exist.

interface-list: Specifies a space-separated list of up to eight port items. Each item specifies a single port or a port range in the form of interface-type interface-number1 to interface-type interface-number2. The value for the interface-number2 argument must be equal to or greater than the value for the interface-number1 argument.

Usage guidelines

Do not enable the spanning tree feature on the monitor port of a mirroring group.

For a Layer 2 aggregate interface configured as the monitor port of a mirroring group, do not configure its member ports as source ports of the mirroring group.

Use a monitor port only for port mirroring, so the data monitoring device receives only the mirrored traffic.

Do not configure a port of an existing mirroring group as a monitor port.

Examples

# Create local mirroring group 1 and configure GigabitEthernet 1/0/1 as its monitor port.

<Sysname> system-view

[Sysname] mirroring-group 1 local

[Sysname] mirroring-group 1 monitor-port gigabitethernet 1/0/1

Related commands

mirroring-group

Index

A C D E F H I K L M N O P R S T U V X

action cli,180

action reboot,181

action switchover,181

action syslog,182

apply poe-profile,244

apply poe-profile interface,245

commit,183

customlog format,274

customlog host,275

customlog host source,276

customlog timestamp,277

data-fill,10

data-size,11

debugging,1

description (any NQA operation type view),12

destination ip,12

destination ipv6,13

destination port,14

diagnostic-logfile save,278

display debugging,1

display diagnostic-logfile summary,279

display exception context,199

display exception filepath,203

display info-center,279

display kernel deadloop,204

display kernel deadloop configuration,207

display kernel exception,208

display kernel reboot,211

display kernel starvation,214

display kernel starvation configuration,216

display logbuffer,280

display logbuffer summary,281

display logfile summary,282

display mirroring-group,306

display nqa history,14

display nqa reaction counters,16

display nqa result,17

display nqa server,66

display nqa statistics,21

display ntp-service ipv6 sessions,70

display ntp-service sessions,74

display ntp-service status,78

display ntp-service trace,81

display packet-capture status,270

display poe device,245

display poe interface,246

display poe interface power,249

display poe pse,250

display poe-profile,251

display poe-profile interface,252

display process,217

display process cpu,220

display process log,221

display process memory,222

display process memory heap,224

display process memory heap address,225

display process memory heap size,226

display rmon alarm,156

display rmon event,157

display rmon eventlog,158

display rmon history,159

display rmon prialarm,162

display rmon statistics,163

display rtm environment,183

display rtm policy,184

display security-logfile summary,283

display snmp-agent community,110

display snmp-agent context,111

display snmp-agent group,112

display snmp-agent local-engineid,113

display snmp-agent mib-node,114

display snmp-agent mib-view,119

display snmp-agent remote,121

display snmp-agent statistics,122

display snmp-agent sys-info,123

display snmp-agent trap queue,124

display snmp-agent trap-list,125

display snmp-agent usm-user,126

display sntp ipv6 sessions,103

display sntp sessions,103

display userlog export,261

display userlog host-group,262

enable log updown,284

enable snmp trap updown,127

event cli,185

event interface,186

event process,188

event snmp oid,189

event snmp-notification,191

event syslog,191

event track,192

exception filepath,227

expect data,27

filename,28

frequency,29

history-record enable,30

history-record keep-time,30

history-record number,31

info-center diagnostic-logfile directory,284

info-center diagnostic-logfile enable,285

info-center diagnostic-logfile frequency,285

info-center diagnostic-logfile quota,286

info-center enable,287

info-center format,287

info-center logbuffer,288

info-center logbuffer size,288

info-center logfile directory,289

info-center logfile enable,290

info-center logfile frequency,290

info-center logfile size-quota,291

info-center logging suppress duplicates,291

info-center loghost,293

info-center loghost source,293

info-center security-logfile alarm-threshold,294

info-center security-logfile enable,295

info-center security-logfile frequency,295

info-center security-logfile size-quota,296

info-center source,297

info-center synchronous,298

info-center syslog min-age,299

info-center syslog trap buffersize,300

info-center timestamp,300

info-center timestamp loghost,301

key,32

logfile save,302

mirroring-group,307

mirroring-group mirroring-port (interface view),307

mirroring-group mirroring-port (system view),308

mirroring-group monitor-port (interface view),309

mirroring-group monitor-port (system view),309

mode,32

monitor kernel deadloop enable,228

monitor kernel deadloop exclude-thread,228

monitor kernel deadloop time,229

monitor kernel starvation enable,230

monitor kernel starvation exclude-thread,231

monitor kernel starvation time,232

monitor process,233

monitor thread,237

netconf idle-timeout,173

netconf log,173

netconf soap http acl,175

netconf soap http enable,175

netconf soap https acl,176

netconf soap https enable,176

netconf ssh server enable,177

netconf ssh server port,178

next-hop ip,33

next-hop ipv6,34

nqa,34

nqa agent enable,35

nqa schedule,35

nqa server enable,67

nqa server tcp-connect,68

nqa server udp-echo,69

nqa template,36

ntp-service acl,82

ntp-service authentication enable,83

ntp-service authentication-keyid,84

ntp-service broadcast-client,85

ntp-service broadcast-server,85

ntp-service dscp,86

ntp-service enable,87

ntp-service inbound enable,87

ntp-service ipv6 acl,88

ntp-service ipv6 dscp,89

ntp-service ipv6 inbound enable,90

ntp-service ipv6 multicast-client,90

ntp-service ipv6 multicast-server,91

ntp-service ipv6 source,92

ntp-service ipv6 unicast-peer,93

ntp-service ipv6 unicast-server,94

ntp-service max-dynamic-sessions,95

ntp-service multicast-client,96

ntp-service multicast-server,96

ntp-service refclock-master,97

ntp-service reliable authentication-keyid,98

ntp-service source,99

ntp-service unicast-peer,100

ntp-service unicast-server,101

operation (FTP operation view),37

operation (HTTP/HTTPS operation view),38

out interface,39

packet-capture local ap,270

packet-capture remote ap,272

packet-capture stop,272

password,40

ping,2

ping ipv6,5

poe enable,253

poe legacy enable,253

poe max-power,254

poe mode,255

poe pd-description,256

poe pd-policy priority,256

poe priority,257

poe utilization-threshold,259

poe-profile,258

probe count,41

probe packet-interval,42

probe packet-number,42

probe packet-timeout,43

probe timeout,43

process core,240

raw-request,44

reaction checked-element { jitter-ds | jitter-sd },45

reaction checked-element { owd-ds | owd-sd },46

reaction checked-element packet-loss,47

reaction checked-element probe-duration,48

reaction checked-element probe-fail (for trap),50

reaction checked-element probe-fail (for trigger),51

reaction checked-element rtt,52

reaction trap,53

reaction trigger per-probe,54

reaction trigger probe-fail,54

reaction trigger probe-pass,55

reset exception context,241

reset kernel deadloop,242

reset kernel exception,242

reset kernel reboot,243

reset logbuffer,302

reset userlog flow export,263

rmon alarm,165

rmon event,167

rmon history,168

rmon prialarm,169

rmon statistics,171

route-option bypass-route,56

rtm cli-policy,193

rtm environment,194

rtm scheduler suspend,196

rtm tcl-policy,196

running-time,197

snmp-agent,128

snmp-agent { inform | trap } source,141

snmp-agent calculate-password,129

snmp-agent community,130

snmp-agent community-map,133

snmp-agent context,133

snmp-agent group,134

snmp-agent local-engineid,136

snmp-agent log,137

snmp-agent mib-view,137

snmp-agent packet max-size,139

snmp-agent port,139

snmp-agent remote,140

snmp-agent sys-info contact,142

snmp-agent sys-info location,142

snmp-agent sys-info version,143

snmp-agent target-host,144

snmp-agent trap enable,145

snmp-agent trap enable syslog,303

snmp-agent trap if-mib link extended,146

snmp-agent trap life,147

snmp-agent trap log,147

snmp-agent trap queue-size,148

snmp-agent usm-user { v1 | v2c },149

snmp-agent usm-user v3,150

snmp-agent usm-user v3 user-role,154

sntp authentication enable,104

sntp authentication-keyid,105

sntp enable,106

sntp ipv6 unicast-server,106

sntp reliable authentication-keyid,107

sntp unicast-server,108

source interface,57

source ip,57

source ipv6,58

source port,59

ssl-client-policy,60

statistics interval,60

statistics max-group,61

terminal debugging,303

terminal logging level,304

terminal monitor,305

tos,62

tracert,7

tracert ipv6,8

ttl,62

type,63

url,64

userlog flow export host,263

userlog flow export load-balancing,264

userlog flow export source-ip,265

userlog flow export timestamp localtime,265

userlog flow export version,266

userlog flow syslog,266

userlog host-group,267

userlog host-group host flow,268

username,65

user-role,197

version,66

xml,178

12 Network Management and Monitoring

debugging

ping

ping ipv6

NQA commands

NQA client commands

display nqa history

display nqa reaction counters

expect data

mode

nqa template

operation (FTP operation view)

reaction trigger per-probe

statistics interval

tos

NQA server commands

nqa server udp-echo

display ntp-service ipv6 sessions

display ntp-service trace

ntp-service authentication enable

ntp-service authentication-keyid

ntp-service broadcast-server

ntp-service max-dynamic-sessions

ntp-service multicast-server

ntp-service reliable authentication-keyid

ntp-service unicast-peer