- Table of Contents
-
- 11-Security Command Reference
- 00-Preface
- 01-AAA commands
- 02-802.1X commands
- 03-MAC authentication commands
- 04-Portal commands
- 05-Port security commands
- 06-Password control commands
- 07-Keychain commands
- 08-Public key management commands
- 09-PKI commands
- 10-IPsec commands
- 11-SSH commands
- 12-SSL commands
- 13-Attack detection and prevention commands
- 14-TCP attack prevention commands
- 15-IP source guard commands
- 16-ARP attack protection commands
- 17-ND attack defense commands
- 18-uRPF commands
- 19-MFF commands
- 20-FIPS commands
- 21-802.1X client commands
- 22-Web authentication commands
- 23-Object group commands
- 24-Microsegmentation commands
- Related Documents
-
Title | Size | Download |
---|---|---|
24-Microsegmentation commands | 44.96 KB |
Microsegmentation commands
display microsegment
Use display microsegment to display the configuration and status of microsegments.
Syntax
display microsegment [ microsegment-id | name microsegment-name ]
Views
Any view
Predefined user roles
network-admin
network-operator
mdc-admin
mdc-operator
Parameters
microsegment-id: Specifies a microsegment by its ID in the range of 1 to 65535.
name microsegment-name: Specifies a microsegment by its name, a case-insensitive string of 1 to 32 characters.
Usage guidelines
If you do not specify any parameters, this command displays summary information and status information about all microsegments.
Examples
# Display the configuration of microsegment 1.
<Sysname> display microsegment 1
Microsegment ID : 1
Microsegment name : micseg1
IPv4 member:
192.168.56.0/24
IPv6 member:
10:10::/64
# Display summary information and status information about all microsegments.
<Sysname> display microsegment
Microsegment status: Enabled
Total microsegments: 2
Microsegment list :
Microsegment ID Members Microsegment name
12345 3 abc
32789 5 xyz
member
Use member to add a member to a microsegment.
Use undo member to remove a member from a microsegment.
Syntax
member { ipv4 ipv4-address { mask | mask-length } | ipv6 ipv6-address prefix-length } [ vpn-instance vpn-instance-name ]
undo member { ipv4 ipv4-address { mask | mask-length } | ipv6 ipv6-address prefix-length } [ vpn-instance vpn-instance-name ]
Default
A microsegment does not contain members.
Views
Microsegment view
Predefined user roles
network-admin
mdc-admin
Parameters
ipv4 ipv4-address { mask | mask-length }: Specifies a range of IPv4 addresses. The mask argument specifies a subnet mask. The mask-length argument specifies a subnet mask length in the range of 0 to 32. The endpoints that use the IPv4 addresses are added to the microsegment.
ipv6 ipv6-address prefix-length: Specifies a range of IPv6 addresses. The prefix-length argument specifies a prefix length in the range of 0 to 128. The endpoints that use the IPv6 addresses are added to the microsegment.
vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters. If you do not specify a VPN instance, this command adds IP addresses in the public network to the microsegment.
Usage guidelines
A member can belong to multiple microsegments.
You can execute this command multiple times to add multiple IP addresses or IP address ranges to a microsegment.
Examples
# Add IPv4 address 192.168.56.3 to microsegment 1 as a member.
<Sysname> system-view
[Sysname] microsegment 1
[Sysname-microsegment-1] member ip 192.168.56.3 32
Related commands
display microsegment
microsegment
microsegment
Use microsegment to create a microsegment and enter its view, or enter the view of an existing microsegment.
Use undo microsegment to delete a microsegment.
Syntax
microsegment microsegment-id [ name microsegment-name ]
undo microsegment microsegment-id
Default
No microsegments exist.
Views
System view
Predefined user roles
network-admin
mdc-admin
Parameters
microsegment-id: Specifies a microsegment ID in the range of 1 to 65535.
name microsegment-name: Specifies a microsegment name, a case-insensitive string of 1 to 32 characters. The microsegment name must be globally unique. If you do not specify a microsegment name, this command creates the microsegment without a name.
Usage guidelines
To modify the name of an existing microsegment, you must delete the microsegment and then re-create it with a new name.
Examples
# Create microsegment 1 with name micseg1 and enter its view.
<Sysname> system-view
[Sysname] microsegment 1 name micseg1
[Sysname-microsegment-1]
Related commands
member
microsegment enable
Use microsegment enable to enable microsegmentation.
Use undo microsegment enable to disable microsegmentation.
Syntax
microsegment enable
undo microsegment enable
Default
Microsegmentation is disabled.
Views
System view
Predefined user roles
network-admin
mdc-admin
Usage guidelines
After you enable microsegmentation, member IP addresses and microsegment IDs are sent to the FIB. When you disable microsegmentation, the information is deleted from the FIB. The device forwards or drops an incoming packet according to the microsegment IDs of its source and destination IP addresses and the ACL and GBP configurations.
Examples
# Enable microsegmentation.
<Sysname> system-view
[Sysname] microsegment enable
Related commands
display microsegment
member
microsegment