- Table of Contents
- Related Documents
-
Title | Size | Download |
---|---|---|
01-Text | 781.92 KB |
Contents
gratuitous-arp-learning enable
dhcp server bootp reply-rfc-1048
dhcp server relay information enable
display dhcp server statistics
dhcp relay check mac-address aging time
dhcp relay client-information record
dhcp relay client-information refresh
dhcp relay client-information refresh enable
dhcp relay information circuit-id
dhcp relay information remote-id
dhcp relay information strategy
display dhcp relay check mac-address
display dhcp relay client-information
display dhcp relay information
display dhcp relay server-address
reset dhcp relay client-information
dhcp snooping binding database filename
dhcp snooping binding database update interval
dhcp snooping binding database update now
dhcp snooping check mac-address
dhcp snooping check request-message
dhcp snooping information circuit-id
dhcp snooping information enable
dhcp snooping information remote-id
dhcp snooping information strategy
dhcp snooping max-learning-num
display dhcp snooping binding database
display dhcp snooping information
display dhcp snooping packet statistics
reset dhcp snooping packet statistics
IP performance optimization commands
ARP commands
arp check enable
Use arp check enable to enable dynamic ARP entry check.
Use undo arp check enable to disable dynamic ARP entry check.
Syntax
arp check enable
undo arp check enable
Default
Dynamic ARP entry check is enabled.
Views
System view
Predefined user roles
network-admin
mdc-admin
Usage guidelines
The dynamic ARP entry check function controls whether the device supports dynamic ARP entries with multicast MAC addresses.
When dynamic ARP entry check is enabled, the device cannot learn dynamic ARP entries containing multicast MAC addresses, and you cannot manually add static ARP entries containing multicast MAC addresses.
When dynamic ARP entry check is disabled, the device can learn dynamic ARP entries containing multicast MAC addresses obtained from the ARP packets sourced from a unicast MAC address. You can also manually add static ARP entries containing multicast MAC addresses.
Examples
# Enable dynamic ARP entry check.
<Sysname> system-view
[Sysname] arp check enable
arp check log enable
Use arp check log enable to enable ARP logging.
Use undo arp check log enable to disable ARP logging.
Syntax
arp check log enable
undo arp check log enable
Default
ARP logging is disabled.
Views
System view
Predefined user roles
network-admin
mdc-admin
Usage guidelines
The device can generate a large amount of ARP logs. To conserve system resources, enable ARP logging only when you are troubleshooting or debugging ARP events.
Examples
# Enable ARP logging.
<Sysname> system-view
[Sysname] arp check log enable
arp max-learning-num
Use arp max-learning-num to set the maximum number of dynamic ARP entries that an interface can learn.
Use undo arp max-learning-num to restore the default.
Syntax
arp max-learning-num number
undo arp max-learning-num
Default
An interface can learn a maximum of 262144 dynamic ARP entries in versions earlier than Release 1138P01 and 524288 dynamic ARP entries in Release 1138P01 and later versions.
Views
Layer 2 Ethernet interface view, Layer 3 Ethernet interface view, Layer 3 Ethernet subinterface view, VLAN interface view, Layer 2 aggregate interface view, Layer 3 aggregate interface view, Layer 3 aggregate subinterface view
Predefined user roles
network-admin
mdc-admin
Parameters
number: Specifies the maximum number of dynamic ARP entries for an interface. The value range is 0 to 262144 in versions earlier than Release 1138P01 and 0 to 524288 in Release 1138P01 and later versions.
Usage guidelines
An interface can dynamically learn ARP entries. To prevent an interface from holding too many ARP entries, you can set the maximum number of dynamic ARP entries that an interface can learn. When the maximum number is reached, the interface stops learning ARP entries.
When the number argument is set to 0, the interface is disabled from learning dynamic ARP entries.
Examples
# Specify VLAN-interface 40 to learn a maximum of 500 dynamic ARP entries.
<Sysname> system-view
[Sysname] interface vlan-interface 40
[Sysname-Vlan-interface40] arp max-learning-num 500
# Specify FortyGigE 1/0/1 to learn a maximum of 1000 dynamic ARP entries.
<Sysname> system-view
[Sysname] interface fortygige 1/0/1
[Sysname-FortyGigE1/0/1] arp max-learning-num 1000
# Specify Layer 2 aggregate interface Bridge-Aggregation 1 to learn a maximum of 1000 dynamic ARP entries.
<Sysname> system-view
[Sysname] interface bridge-aggregation 1
[Sysname-Bridge-Aggregation1] arp max-learning-num 1000
# Specify Layer 3 aggregate interface Route-Aggregation 1 to learn a maximum of 1000 dynamic ARP entries.
<Sysname> system-view
[Sysname] interface route-aggregation 1
[Sysname-Route-Aggregation1] arp max-learning-num 1000
arp max-learning-number
Use arp max-learning-number to set the maximum number of dynamic ARP entries that a device can learn.
Use undo arp max-learning-number to restore the default.
Syntax
In standalone mode:
arp max-learning-number number slot slot-number
undo arp max-learning-number slot slot-number
In IRF mode:
arp max-learning-number number chassis chassis-number slot slot-number
undo arp max-learning-number chassis chassis-number slot slot-number
Default
A device can learn a maximum of 262144 dynamic ARP entries in versions earlier than Release 1138P01 and 524288 dynamic ARP entries in Release 1138P01 and later versions.
Views
System view
Predefined user roles
network-admin
mdc-admin
Parameters
number: Specifies the maximum number of dynamic ARP entries for a device. The value range is 0 to 262144 in versions earlier than Release 1138P01 and 0 to 524288 in Release 1138P01 and later versions.
slot slot-number: Specifies a card by its slot number. (In standalone mode.)
chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument specifies the ID of the IRF member device. The slot-number argument specifies the slot number of the card. (In IRF mode.)
Usage guidelines
A device can dynamically learn ARP entries. To prevent a device from holding too many ARP entries, you can set the maximum number of dynamic ARP entries that a device can learn. When the maximum number is reached, the device stops learning ARP entries.
When the number argument is set to 0, the device is disabled from learning dynamic ARP entries.
Examples
# Set the card in slot 1 to learn a maximum of 64 dynamic ARP entries.
<Sysname> system-view
[Sysname] arp max-learning-number 64 slot 1
arp mode uni
Use arp mode uni to configure a port as a customer-side port.
Use undo arp mode to restore the default.
Syntax
arp mode uni
undo arp mode
Default
A port operates as a network-side port.
Views
VLAN interface view
Predefined user roles
network-admin
mdc-admin
Usage guidelines
By default, the device associates an ARP entry with routing information when the device learns an ARP entry. The ARP entry provides the next hop information for routing. To save hardware resources, you can use this command to specify a port that connects to a user terminal as a customer-side port so the device will not associate the routing information with the learned ARP entries.
Examples
# Specify VLAN-interface 2 as a customer-side port.
<Sysname> system-view
[Sysname] interface vlan-interface 2
[Sysname-Vlan-interface2] arp mode uni
arp multiport
Use arp multiport to configure a multiport ARP entry.
Use undo arp to remove an ARP entry.
Syntax
arp multiport ip-address mac-address vlan-id [ vpn-instance vpn-instance-name ]
undo arp ip-address [ vpn-instance-name ]
Default
No multiport ARP entries are configured.
Views
System view
Predefined user roles
network-admin
mdc-admin
Parameters
ip-address: Specifies an IP address for the multiport ARP entry.
mac-address: Specifies a MAC address for the multiport ARP entry, in the format of H-H-H.
vlan-id: Specifies a VLAN for the multiport ARP entry, in the range of 1 to 4094.
vpn-instance vpn-instance-name: Specifies an MPLS L3VPN for the multiport ARP entry. The VPN instance name is a case-sensitive string of 1 to 31 characters. The specified VPN instance must already exist. To specify a multiport ARP entry on the public network, do not specify this option.
Usage guidelines
The specified VLAN must already exist. If the specified VLAN or the corresponding VLAN interface is removed, the multiport ARP entry is also removed.
The specified IP address must reside on the same subnet as the virtual interface of the specified VLAN. Otherwise, the multiport ARP entry does not take effect.
To use the multiport ARP entry, you must also configure a multicast or multiport unicast MAC address entry that has the same MAC address and VLAN ID as the multiport ARP entry to specify multiple output interfaces.
Examples
# Configure a multiport ARP entry that contains IP address 202.38.10.2 and MAC address 00e0-fc01-0000 in VLAN 10.
<Sysname> system-view
[Sysname] arp multiport 202.38.10.2 00e0-fc01-0000 10
Related commands
· display arp multiport
· reset arp multiport
arp smooth
Use arp smooth to synchronize ARP entries from the active MPU to all other cards.
Syntax
arp smooth
Views
Any view
Predefined user roles
network-admin
mdc-admin
Usage guidelines
This command is available in Release 1138P01 and later versions.
This command triggers one-time operation, and ensures that all cards on the device have the same ARP entries.
To synchronize ARP entries across all cards in a timely manner, you can schedule the device to automatically execute the arp smooth command. For information about scheduling a task, see Fundamentals Configuration Guide.
Examples
# Synchronize ARP entries from the active MPU to all other cards.
<Sysname> arp smooth
arp static
Use arp static to configure a static ARP entry.
Use undo arp to remove an ARP entry.
Syntax
arp static ip-address mac-address [ vlan-id interface-type interface-number | interface-type interface-number interface-type interface-number vsi vsi-name ] [ vpn-instance vpn-instance-name ]
undo arp ip-address [ vpn-instance-name ]
Default
No static ARP entries are configured.
Views
System view
Predefined user roles
network-admin
mdc-admin
Parameters
ip-address: Specifies an IP address for the static ARP entry.
mac-address: Specifies a MAC address for the static ARP entry, in the format H-H-H.
vlan-id: Specifies the ID of a VLAN to which a static ARP entry belongs. The value range is from 1 to 4094. The VLAN and VLAN interface must already exist.
interface-type interface-number: Specifies an interface by its type and number. Make sure the interface belongs to the specified VLAN.
vsi vsi-name: Specifies a VSI by its name, a case-sensitive string of 1 to 31 characters. This option is available in Release 1138P01 and later versions.
vpn-instance vpn-instance-name: Specifies an MPLS L3VPN for the static ARP entry. The VPN instance name is a case-sensitive string of 1 to 31 characters. The VPN instance must already exist. To specify a static ARP entry on the public network, do not specify this option.
Usage guidelines
A static ARP entry is manually configured and maintained. It does not age out and cannot be overwritten by any dynamic ARP entry.
Static ARP entries can be classified into long and short static ARP entries. A short static ARP entry contains an IP-to-MAC mapping. A long static ARP entry contains an IP-to-MAC mapping, a VLAN, and an output interface.
A static ARP entry is effective when the device works correctly. However, if the VLAN or VLAN interface to which an ARP entry corresponds is deleted, the entry is deleted if it is long. If it is short and resolved, the entry becomes unresolved.
A resolved short static ARP entry might become unresolved upon certain events, for example, when the output interface goes down.
A long static ARP entry is ineffective when the corresponding VLAN interface or output interface is down. An ineffective long static ARP entry cannot be used to forward packets.
If you specify both the vlan-id and ip-address arguments, the IP address of the specified VLAN interface must be in the same network as the specified IP address.
If you do not specify any VPN, the undo arp command removes ARP entries only for the public network.
On a VXLAN IP gateway that forwards traffic among VXLANs through VXLAN tunnels, a VSI interface can act as the gateway for multiple VXLANs. The VSI interface (input interface) might be connected to multiple VXLAN tunnel interfaces (output interfaces). In this case, to configure a long static ARP entry, you must specify the interface-type interface-number interface-type interface-number vsi vsi-name parameters to identify a VSI interface-VSI-VXLAN tunnel interface binding. For more information about VSI interfaces, VSI, and VXLAN tunnel interfaces, see VXLAN Configuration Guide. Long static ARP entries on a VXLAN IP gateway are available in Release 1138P01 and later versions.
Examples
# Configure a static ARP entry that contains IP address 202.38.10.2, MAC address 00e0-fc01-0000, and output interface FortyGigE 1/0/1 in VLAN 10.
<Sysname> system-view
[Sysname] arp static 202.38.10.2 00e0-fc01-0000 10 fortygige 1/0/1
Related commands
· display arp
· reset arp
arp timer aging
Use arp timer aging to set the aging timer for dynamic ARP entries.
Use undo arp timer aging to restore the default.
Syntax
arp timer aging aging-time
undo arp timer aging
Default
The aging timer for dynamic ARP entries is 20 minutes.
Views
System view
Predefined user roles
network-admin
mdc-admin
Parameters
aging-time: Sets the aging timer for dynamic ARP entries, in the range of 1 to 1440 minutes.
Usage guidelines
Each dynamic ARP entry in the ARP table has a limited lifetime, called aging timer. The aging timer of a dynamic ARP entry is reset each time the dynamic ARP entry is updated. Dynamic ARP entries that are not updated before their aging timers expire are deleted from the ARP table.
Set the aging timer for dynamic ARP entries as needed. For example, when you configure proxy ARP, set a short aging time so that invalid dynamic ARP entries can be deleted timely.
Examples
# Set the aging timer for dynamic ARP entries to 10 minutes.
<Sysname> system-view
Related commands
display arp timer aging
display arp
Use display arp to display ARP entries.
Syntax
In standalone mode:
display arp [ [ all | dynamic | multiport |static ] [ slot slot-number ] | vlan vlan-id | interface interface-type interface-number ] [ count | verbose ]
In IRF mode:
display arp [ [ all | dynamic | multiport |static ] [ chassis chassis-number slot slot-number ] | vlan vlan-id | interface interface-type interface-number ] [ count | verbose ]
Views
Any view
Predefined user roles
network-admin
network-operator
mdc-admin
mdc-operator
Parameters
all: Displays all ARP entries.
dynamic: Displays dynamic ARP entries.
multiport: Displays multiport ARP entries.
static: Displays static ARP entries.
slot slot-number: Specifies a card by its slot number. (In standalone mode.)
chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument specifies the ID of the IRF member device. The slot-number argument specifies the slot number of the card. (In IRF mode.)
vlan vlan-id: Specifies a VLAN by its VLAN ID. The VLAN ID is in the range of 1 to 4094.
interface interface-type interface-number: Specifies an interface by its type and number.
count: Displays the number of ARP entries.
verbose: Displays detailed information about ARP entries.
Usage guidelines
This command displays information about ARP entries, including the IP address, MAC address, VLAN ID, output interface, entry type, and aging timer.
If you do not specify any parameters, the command displays all ARP entries.
Examples
# Display all ARP entries. This example is applicable to Release 1135.
Type: S-Static D-Dynamic O-Openflow M-Multiport I-Invalid
IP Address MAC Address VLAN Interface Aging Type
20.1.1.1 00e0-fc00-0001 N/A N/A N/A S
193.1.1.70 00e0-fe50-6503 100 FGE1/0/1 N/A IS
192.168.0.115 000d-88f7-9f7d 1 FGE1/0/2 18 D
192.168.0.39 0012-a990-2241 1 FGE1/0/3 20 D
22.1.1.1 000c-299d-c041 10 N/A N/A M
# Display detailed information about all ARP entries. This example is applicable to Release 1135.
<Sysname> display arp all verbose
Type: S-Static D-Dynamic O-Openflow M-Multiport I-Invalid
IP Address MAC Address VLAN Interface Aging Type
Vpn Instance
20.1.1.1 00e0-fc00-0001 N/A N/A N/A S
[No Vrf]
193.1.1.70 00e0-fe50-6503 100 FGE1/0/1 N/A IS
[No Vrf]
192.168.0.115 000d-88f7-9f7d 1 FGE1/0/2 18 D
[No Vrf]
192.168.0.39 0012-a990-2241 1 FGE1/0/3 20 D
[No Vrf]
22.1.1.1 000c-299d-c041 10 N/A N/A M
[No Vrf]
# Display all ARP entries. This example is applicable to Release 1138P01 and later versions.
<Sysname> display arp all
Type: S-Static D-Dynamic O-Openflow R-Rule M-Multiport I-Invalid
IP Address MAC Address VID Interface/Link ID Aging Type
1.1.1.1 0015-e944-adc5 12 FGE1/0/1 16 D
1.1.1.2 0013-1234-0001 12 Tunnel1 15 D
1.1.1.3 0012-1234-0002 12 0x1 16 D
# Display detailed information about all ARP entries. This example is applicable to Release 1138P01 and later versions.
<Sysname> display arp all verbose
Type: S-Static D-Dynamic O-Openflow R-Rule M-Multiport I-Invalid
IP Address : 1.1.1.1 VID : 12 Aging : 16
MAC Address : 0015-e944-adc5 Type: D Nickname: 0x0000
Interface/Link ID: FGE1/0/1
VPN Instance : [No Vrf]
VSI Name : N/A
IP Address : 1.1.1.2 VID : 12 Aging : 15
MAC Address : 0013-1234-0001 Type: D Nickname: 0x0000
Interface/Link ID: Tunnel1
VPN Instance : [No Vrf]
VSI Name : vpna
IP Address : 1.1.1.3 VID : 12 Aging : 16
MAC Address : 0012-1234-0002 Type: D Nickname: 0x0000
Interface/Link ID: 0x1
VPN Instance : [No Vrf]
VSI Name : vpna
# Display the number of all ARP entries.
<Sysname> display arp all count
Total number of entries : 5
Table 1 Command output
Field |
Description |
IP Address |
IP address in an ARP entry. |
MAC Address |
MAC address in an ARP entry. |
VLAN |
ID of the VLAN to which the ARP entry belongs. This field is available in Release 1135. |
VID |
ID of the VLAN or index of the VSI to which the ARP entry belongs. This field is available in Release 1138P01 and later versions. |
Interface |
Output interface in an ARP entry. This field is available in Release 1135. |
Interface/Link ID |
Output interface or the link ID in an ARP entry. This field is available in Release 1138P01 and later versions. |
Aging |
Aging time for a dynamic ARP entry in minutes. N/A means unknown aging time or no aging time. |
Type |
ARP entry type: · S—Static. · D—Dynamic. · O—OpenFlow. · R—Rule. This type is available in Release 1138P01 and later versions. · M—Multiport. · I—Invalid. |
Nickname |
Nickname of the ARP entry. The nickname is a string of four hexadecimal numbers, for example, 0x012a. For more information about the nickname, see TRILL Configuration Guide. This field is available in Release 1138P01 and later versions. |
Vpn Instance |
Name of the VPN instance. If no VPN instance is configured for the ARP entry, this field displays [No Vrf]. |
VSI Name |
Name of the VSI to which the ARP entry belongs. If the ARP entry does not belong to any VSI, this field displays N/A. This field is available in Release 1138P01 and later versions. |
Total number of entries |
Number of ARP entries. |
Related commands
· arp static
· reset arp
display arp ip-address
Use display arp ip-address to display the ARP entry for a specific IP address.
Syntax
In standalone mode:
display arp ip-address [ slot slot-number ] [ verbose ]
In IRF mode:
display arp ip-address [ chassis chassis-number slot slot-number ] [ verbose ]
Views
Any view
Predefined user roles
network-admin
network-operator
mdc-admin
mdc-operator
Parameters
ip-address: Displays the ARP entry for the specified IP address.
slot slot-number: Specifies a card by its slot number. (In standalone mode.)
chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument specifies the ID of the IRF member device. The slot-number argument specifies the slot number of the card. (In IRF mode.)
verbose: Displays the detailed information about the specified ARP entry.
Usage guidelines
The ARP entry information includes the IP address, MAC address, VLAN ID, output interface, entry type, and aging timer.
Examples
# Display the ARP entry for the IP address 20.1.1.1. This example is applicable to Release 1135.
<Sysname> display arp 20.1.1.1
Type: S-Static D-Dynamic O-Openflow M-Multiport I-Invalid
IP address MAC address VLAN Interface Aging Type
20.1.1.1 00e0-fc00-0001 N/A N/A N/A S
# Display the ARP entry for the IP address 20.1.1.1. This example is applicable to Release 1138P01 and later versions.
<Sysname> display arp 20.1.1.1
Type: S-Static D-Dynamic O-Openflow R-Rule M-Multiport I-Invalid
IP address MAC address VID Interface/Link ID Aging Type
20.1.1.1 00e0-fc00-0001 N/A N/A N/A S
Related commands
· arp static
· reset arp
display arp timer aging
Use display arp timer aging to display the aging timer of dynamic ARP entries.
Syntax
display arp timer aging
Views
Any view
Predefined user roles
network-admin
network-operator
mdc-admin
mdc-operator
Examples
# Display the aging timer of dynamic ARP entries.
<Sysname> display arp timer aging
Current ARP aging time is 10 minute(s)
Related commands
arp timer aging
display arp vpn-instance
Use display arp vpn-instance to display the ARP entries for a VPN instance.
Syntax
display arp vpn-instance vpn-instance-name [ count ]
Views
Any view
Predefined user roles
network-admin
network-operator
mdc-admin
mdc-operator
Parameters
vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters. The VPN instance name cannot contain any spaces.
count: Displays the number of ARP entries.
Usage guidelines
This command displays information about ARP entries for a VPN instance, including the IP address, MAC address, VLAN ID, output interface, entry type, and aging time.
Examples
# Display ARP entries for the VPN instance named test. This example is applicable to Release 1135.
<Sysname> display arp vpn-instance test
Type: S-Static D-Dynamic O-Openflow M-Multiport I-Invalid
IP address MAC address VLAN ID Interface Aging Type
20.1.1.1 00e0-fc00-0001 N/A N/A N/A S
# Display ARP entries for the VPN instance named test. This example is applicable to Release 1138P01 and later versions.
<Sysname> display arp vpn-instance test
Type: S-Static D-Dynamic O-Openflow R-Rule M-Multiport I-Invalid
IP address MAC address VID Interface/Link ID Aging Type
20.1.1.1 00e0-fc00-0001 N/A N/A N/A S
Related commands
· arp static
· reset arp
reset arp
Use reset arp to clear ARP entries from the ARP table.
Syntax
In standalone mode:
reset arp { all | dynamic | interface interface-type interface-number | multiport | slot slot-number | static }
In IRF mode:
reset arp { all | chassis chassis-number slot slot-number | dynamic | interface interface-type interface-number | multiport | static }
Views
User view
Predefined user roles
network-admin
mdc-admin
Parameters
all: Clears all ARP entries.
dynamic: Clears all dynamic ARP entries.
multiport: Clears all multiport ARP entries.
static: Clears all static ARP entries.
slot slot-number: Specifies a card by its slot number. (In standalone mode.)
chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument specifies the ID of the IRF member device. The slot-number argument specifies the slot number of the card. (In IRF mode.)
interface interface-type interface-number: Specifies an interface by its type and number.
Usage guidelines
This command can separately clear static ARP entries, dynamic ARP entries, multiport ARP entries, ARP entries of specified cards, or ARP entries on specified interfaces.
When the interface interface-type interface-number option is specified, this command clears only dynamic ARP entries for the specified interface.
When the slot slot-number option is specified, this command clears only dynamic ARP entries for the specified card.
Examples
# Clear all static ARP entries.
<Sysname> reset arp static
· arp static
· display arp
Gratuitous ARP commands
arp ip-conflict log prompt
Use arp ip-conflict log prompt to enable IP conflict notification without conflict confirmation.
Use undo arp ip-conflict log prompt to restore the default.
Syntax
arp ip-conflict log prompt
undo arp ip-conflict log prompt
Default
The IP conflict notification is disabled.
Views
System view
Predefined user roles
network-admin
mdc-admin
Usage guidelines
By default, the device performs the following operations if it is using the sender IP address of a received ARP packet:
· Sends a gratuitous ARP request.
· Displays an error message after the device receives an ARP reply about the conflict.
Examples
# Enable IP conflict notification on the device.
<Sysname> system-view
[Sysname] arp ip-conflict log prompt
arp send-gratuitous-arp
Use arp send-gratuitous-arp to enable periodic sending of gratuitous ARP packets and set the sending interval on an interface.
Use undo arp send-gratuitous-arp to disable the interface from periodically sending gratuitous ARP packets.
Syntax
arp send-gratuitous-arp [ interval milliseconds ]
undo arp send-gratuitous-arp
Default
Periodic sending of gratuitous ARP packets is disabled.
Views
Layer 3 Ethernet interface view, Layer 3 Ethernet subinterface view, Layer 3 aggregate interface view, Layer 3 aggregate subinterface view, VLAN interface view
Predefined user roles
network-admin
mdc-admin
Parameters
interval milliseconds: Sets the interval at which gratuitous ARP packets are sent, in the range of 200 to 200000 milliseconds. The default value is 2000 milliseconds.
Usage guidelines
This function takes effect only when the enabled interface is up and an IP address has been assigned to the interface.
This function can send gratuitous ARP requests only for a VRRP virtual IP address, or the sending interface's primary IP address or manually configured secondary IP address. The primary IP address can be configured manually or automatically, whereas the secondary IP address must be configured manually.
If you change the interval for sending gratuitous ARP packets, the configuration takes effect at the next sending interval.
The frequency of sending gratuitous ARP packets might be much lower than expected if this function is enabled on multiple interfaces, or each interface is configured with multiple secondary IP addresses, or a small sending interval is configured in the preceding cases.
Examples
# Enable VLAN-interface 2 to send gratuitous ARP packets every 300 milliseconds.
<Sysname> system-view
[Sysname] interface vlan-interface 2
[Sysname-Vlan-interface2] arp send-gratuitous-arp interval 300
gratuitous-arp-learning enable
Use gratuitous-arp-learning enable to enable learning of gratuitous ARP packets.
Use undo gratuitous-arp-learning enable to disable learning of gratuitous ARP packets.
Syntax
gratuitous-arp-learning enable
undo gratuitous-arp-learning enable
Default
Learning of gratuitous ARP packets is enabled.
Views
System view
Predefined user roles
network-admin
mdc-admin
Usage guidelines
When learning of gratuitous ARP packets is enabled, a device adds an ARP entry that contains the sender IP and MAC addresses in a gratuitous ARP packet to its ARP table. If the corresponding ARP entry exists, the device updates the ARP entry.
When learning of gratuitous ARP packets is disabled, the device uses the received gratuitous ARP packets to update existing ARP entries, but not to create new ARP entries. You can disable this function to save ARP entry resources.
Examples
# Enable learning of gratuitous ARP packets.
<Sysname> system-view
[Sysname] gratuitous-arp-learning enable
gratuitous-arp-sending enable
Use gratuitous-arp-sending enable to enable sending gratuitous ARP packets upon receiving ARP requests whose target IP address is on a different subnet.
Use undo gratuitous-arp-sending enable to restore the default.
Syntax
gratuitous-arp-sending enable
undo gratuitous-arp-sending enable
Default
A device does not send gratuitous ARP packets when it receives ARP requests whose target IP address is on a different subnet.
Views
System view
Predefined user roles
network-admin
mdc-admin
Examples
# Disable a device from sending gratuitous ARP packets upon receiving ARP requests whose target IP address is on a different subnet.
<Sysname> system-view
[Sysname] undo gratuitous-arp-sending enable
Proxy ARP commands
display local-proxy-arp
Use display local-proxy-arp to display the local proxy ARP status.
Syntax
display local-proxy-arp [ interface interface-type interface-number ]
Views
Any view
Predefined user roles
network-admin
network-operator
mdc-admin
mdc-operator
Parameters
interface interface-type interface-number: Displays the local proxy ARP status for the specified interface.
Usage guidelines
You can use this command to check whether local proxy ARP is enabled or disabled.
If an interface is specified, this command displays the local proxy ARP status for the specified interface.
If no interface is specified, this command displays the local proxy ARP status for all interfaces.
Examples
# Display the local proxy ARP status for VLAN-interface 2.
<Sysname> display local-proxy-arp interface vlan-interface 2
Interface Vlan-interface2
Local Proxy ARP status: enabled
Related commands
local-proxy-arp enable
display proxy-arp
Use display proxy-arp to display the proxy ARP status.
Syntax
display proxy-arp [ interface interface-type interface-number ]
Views
Any view
Predefined user roles
network-admin
network-operator
mdc-admin
mdc-operator
Parameters
interface interface-type interface-number: Displays the proxy ARP status for the specified interface.
Usage guidelines
You can use this command to check whether proxy ARP is enabled or disabled.
If an interface is specified, this command displays proxy ARP status for the specified interface.
If no interface is specified, this command displays proxy ARP status for all interfaces.
Examples
# Display the proxy ARP status on VLAN-interface 1.
<Sysname> display proxy-arp interface Vlan-interface 1
Interface Vlan-interface1
Proxy ARP status: disabled
Related commands
proxy-arp enable
local-proxy-arp enable
Use local-proxy-arp enable to enable local proxy ARP.
Use undo local-proxy-arp enable to disable local proxy ARP.
Syntax
local-proxy-arp enable [ ip-range startIP to endIP ]
undo local-proxy-arp enable
Default
Local proxy ARP is disabled.
Views
Layer 3 Ethernet interface view, Layer 3 Ethernet subinterface view, Layer 3 aggregate interface view, Layer 3 aggregate subinterface view, VLAN interface view
Predefined user roles
network-admin
mdc-admin
Parameters
ip-range startIP to endIP: Specifies the IP address range for which local proxy ARP is enabled. The start IP address must be lower than or equal to the end IP address.
Usage guidelines
Proxy ARP enables a device on a network to answer ARP requests for an IP address not on that network. With proxy ARP, hosts on different broadcast domains can communicate with each other as they do on the same network.
Proxy ARP includes common proxy ARP and local proxy ARP.
Common proxy ARP allows communication between hosts that connect to different Layer-3 interfaces and reside in different broadcast domains.
Local proxy ARP allows communication between hosts that connect to the same Layer-3 interface and reside in different broadcast domains.
Only one IP address range can be specified by using the ip-range keyword on an interface.
Examples
# Enable local proxy ARP on VLAN-interface 2.
<Sysname> system-view
[Sysname] interface vlan-interface 2
[Sysname-Vlan-interface2] local-proxy-arp enable
# Enable local proxy ARP on VLAN-interface 2 for a specific IP address range.
<Sysname> system-view
[Sysname] interface vlan-interface 2
[Sysname-Vlan-interface2] local-proxy-arp enable ip-range 1.1.1.1 to 1.1.1.20
Related commands
display local-proxy-arp
proxy-arp enable
Use proxy-arp enable to enable proxy ARP.
Use undo proxy-arp enable to disable proxy ARP.
Syntax
proxy-arp enable
undo proxy-arp enable
Default
Proxy ARP is disabled.
Views
Layer 3 Ethernet interface view, Layer 3 Ethernet subinterface view, Layer 3 aggregate interface view, Layer 3 aggregate subinterface view, VLAN interface view
Predefined user roles
network-admin
mdc-admin
Usage guidelines
Proxy ARP enables a device on a network to answer ARP requests for an IP address not on that network. With proxy ARP, hosts on different broadcast domains can communicate with each other as they do on the same network.
Proxy ARP includes common proxy ARP and local proxy ARP.
Common proxy ARP allows communication between hosts that connect to different Layer-3 interfaces and reside in different broadcast domains.
Local proxy ARP allows communication between hosts that connect to the same Layer-3 interface and reside in different broadcast domains.
Examples
# Enable proxy ARP on VLAN-interface 2.
<Sysname> system-view
[Sysname] interface vlan-interface 2
[Sysname-Vlan-interface2] proxy-arp enable
Related commands
display proxy-arp
IP addressing commands
The IP addresses in this chapter refer to IPv4 addresses unless otherwise specified.
The term "interface" in this chapter collectively refers to Layer 3 interfaces, including VLAN interfaces and Layer 3 Ethernet interfaces. You can set an Ethernet port as a Layer 3 interface by using the port link-mode route command (see Layer 2—LAN Switching Configuration Guide).
display ip interface
Use display ip interface to display IP configuration and statistics for the specified Layer 3 interface or all Layer 3 interfaces.
Syntax
display ip interface [ interface-type interface-number ]
Views
Any view
Predefined user roles
network-admin
network-operator
mdc-admin
mdc-operator
Parameters
interface-type interface-number: Specifies an interface by its type and number.
Usage guidelines
Use the display ip interface command to display IP configuration and statistics for the specified Layer 3 interface. The statistics include the following information:
· The number of unicast packets, bytes, and multicast packets the interface has sent and received.
· The number of TTL-invalid packets and ICMP packets the interface has received.
The packet statistics helps you locate a possible attack on the network.
If you do not specify any interface, the command displays information about all Layer 3 interfaces.
Examples
# Display IP configuration and statistics for VLAN-interface 10.
<Sysname> display ip interface vlan-interface 10
Vlan-interface10 current state : DOWN
Line protocol current state : DOWN
Internet Address is 1.1.1.1/8 Primary
Broadcast address : 1.255.255.255
The Maximum Transmit Unit : 1500 bytes
input packets : 0, bytes : 0, multicasts : 0
output packets : 0, bytes : 0, multicasts : 0
TTL invalid packet number: 0
Echo reply: 0
Unreachable: 0
Source quench: 0
Routing redirect: 0
Echo request: 0
Router advert: 0
Router solicit: 0
Time exceed: 0
IP header bad: 0
Timestamp request: 0
Timestamp reply: 0
Information request: 0
Information reply: 0
Netmask request: 0
Netmask reply: 0
Unknown type: 0
Table 2 Command output
Field |
Description |
current state |
Current physical state of the interface: · Administrative DOWN—The interface is shut down with the shutdown command. · DOWN—The interface is administratively up but its physical state is down, which might be caused by a connection or link failure. · UP—Both the administrative and physical states of the interface are up. |
Line protocol current state |
Current state of the link layer protocol: · DOWN—The protocol state of the interface is down (typically when no IP address is configured for the interface). · UP—The protocol state of the interface is up. · UP (spoofing)—The protocol state of the interface pretends to be up. However, no corresponding link is present, or the corresponding link is not present permanently but is established as needed. |
Internet Address |
IP address of an interface followed by: · Primary—A primary IP address. · Sub—A secondary IP address. · DHCP-Allocated—An IP address obtained through DHCP. · Mad—A MAD IP address. |
Broadcast address |
Broadcast address of the subnet attached to an interface. |
The Maximum Transmit Unit |
Maximum transmission units on the interface, in bytes. |
input packets, bytes, multicasts output packets, bytes, multicasts |
Unicast packets, bytes, and multicast packets received on an interface (statistics start at the device startup). |
TTL invalid packet number |
Number of TTL-invalid packets received on the interface (statistics start at the device startup). |
ICMP packet input number: Echo reply: Unreachable: Source quench: Routing redirect: Echo request: Router advert: Router solicit: Time exceed: IP header bad: Timestamp request: Timestamp reply: Information request: Information reply: Netmask request: Netmask reply: Unknown type: |
Total number of ICMP packets received on the interface (statistics start at the device startup): · Echo reply packets. · Unreachable packets. · Source quench packets. · Routing redirect packets. · Echo request packets. · Router advertisement packets. · Router solicitation packets. · Time exceeded packets. · IP header bad packets. · Timestamp request packets. · Timestamp reply packets. · Information request packets. · Information reply packets. · Netmask request packets. · Netmask reply packets. · Unknown type packets. |
Related commands
· display ip interface brief
· ip address
display ip interface brief
Use display ip interface brief to display brief IP configuration information for the specified Layer 3 interface or all Layer 3 interfaces.
Syntax
display ip interface [ interface-type [ interface-number ] ] brief
Views
Any view
Predefined user roles
network-admin
network-operator
mdc-admin
mdc-operator
Parameters
interface-type: Specifies the interface type.
interface-number: Specifies the interface number.
Usage guidelines
Use the display ip interface brief command to display brief IP configuration information, including the state, IP address, and description of the physical and link layer protocols, for the specified Layer 3 interface or all Layer 3 interfaces.
If you do not specify the interface type and interface number, this command displays the brief IP configuration information for all Layer 3 interfaces.
If you specify only the interface type, this command displays the brief IP configuration information for all Layer 3 interfaces of the specified type.
If you specify both the interface type and interface number, this command displays the brief IP configuration information for the specified interface.
Examples
# Display brief IP configuration information for VLAN interfaces.
<Sysname> display ip interface vlan-interface brief
*down: administratively down
(s): spoofing
Interface Physical Protocol IP Address Description
Vlan10 down down 6.6.6.1 Vlan-inte...
Vlan2 down down 7.7.7.1 Vlan-inte...
Table 3 Command output
Field |
Description |
*down: administratively down |
The interface is administratively shut down with the shutdown command. |
(s) : spoofing |
Spoofing attribute of the interface. It indicates that an interface might have no link present even when its link layer protocol is up or the link is set up only on demand. |
Interface |
Interface name. |
Physical |
Physical state of the interface: · *down—The interface is administratively shut down with the shutdown command. · down—The interface is administratively up but its physical state is down (possibly because of poor connection or line failure). · up—Both the administrative and physical states of the interface are up. |
Protocol |
Link layer protocol state of the interface: · down—The protocol state of the interface is down (typically when no IP address is configured for the interface). · up—The protocol state of the interface is up. · up(s)—The protocol state of the interface is up (spoofing). |
IP Address |
IP address of the interface. If no IP address is configured, unassigned is displayed. |
Description |
Interface description information. A maximum of 12 characters can be displayed. If there are more than 12 characters, only the first nine characters are displayed. |
Related commands
· display ip interface
· ip address
ip address
Use ip address to assign an IP address to the interface.
Use undo ip address to remove the IP address from the interface.
Syntax
In standalone mode:
ip address ip-address { mask-length | mask } [ sub ]
undo ip address [ ip-address { mask-length | mask } [ sub ] ]
In IRF mode:
ip address ip-address { mask-length | mask } [ irf-member member-id | sub ]
undo ip address ip-address { mask-length | mask } [ irf-member member-id | sub ]
Default
No IP address is assigned to an interface.
Views
Interface view
Predefined user roles
network-admin
mdc-admin
Parameters
ip-address: Specifies the IP address of the interface, in dotted decimal notation.
mask-length: Specifies the subnet mask length in the range of 1 to 31. For a loopback interface, the value range is 1 to 32.
mask: Specifies the subnet mask in dotted decimal notation.
irf-member member-id: Specifies an IRF member device by its member ID in the range of 1 to 4. If you specify this option, this command assigns an IP address to the management Ethernet port of the specified IRF member device. This option is available in Release 1138P01 and later versions.
sub: Assigns a secondary IP address to the interface.
Usage guidelines
Use this command to configure a primary IP address for an interface. If the interface connects to multiple subnets, configure primary and secondary IP addresses on the interface so the subnets can communicate with each other through the interface.
An interface can have only one primary IP address. A newly configured primary IP address overwrites the previous address.
You cannot assign secondary IP addresses to an interface that obtains an IP address through DHCP.
The undo ip address command removes all IP addresses from the interface. The undo ip address ip-address { mask | mask-length } command removes the primary IP address. The undo ip address ip-address { mask | mask-length } sub command removes a secondary IP address. Before removing the primary IP address, remove all secondary IP addresses.
The primary and secondary IP addresses assigned to the interface can be located on the same network segment. The following interfaces on the device must reside on different network segments:
· Different interfaces.
· Main interfaces and their subinterfaces.
· Subinterfaces of the same main interface.
The IP addresses assigned to the management Ethernet ports of all IRF member devices must be in the same subnet. In an IRF fabric, only the IP address assigned to the management Ethernet port of the master takes effect. Make sure no IP address conflict exists when you assign IP addresses to the management Ethernet ports of subordinates. The system does not prompt an IP address conflict because the IP addresses assigned to the management Ethernet ports of subordinates do not take effect. After an IRF fabric split, the IP addresses assigned to the management Ethernet ports of the new masters (original subordinates) take effect.
Examples
# Assign VLAN-interface 10 a primary IP address 129.12.0.1 and a secondary IP address 202.38.160.1, with subnet masks both 255.255.255.0.
<Sysname> system-view
[Sysname] interface vlan-interface 10
[Sysname-Vlan-interface10] ip address 129.12.0.1 255.255.255.0
[Sysname-Vlan-interface10] ip address 202.38.160.1 255.255.255.0 sub
Related commands
· display ip interface
· display ip interface brief
DHCP commands
Common DHCP commands
dhcp dscp
Use dhcp dscp to set the DSCP value for DHCP packets sent by the DHCP server or the DHCP relay agent.
Use undo dhcp dscp to restore the default.
Syntax
dhcp dscp dscp-value
undo dhcp dscp
Default
The DSCP value in DHCP packets is 56.
Views
System view
Predefined user roles
network-admin
mdc-admin
Parameters
dscp-value: Sets the DSCP value for DHCP packets, in the range of 0 to 63.
Usage guidelines
The DSCP value of a packet specifies the priority level of the packet and affects the transmission priority of the packet. A bigger DSCP value represents a higher priority.
Examples
# Set the DSCP value for DHCP packets to 30.
<Sysname> system-view
[Sysname] dhcp dscp 30
dhcp enable
Use dhcp enable to enable DHCP.
Use undo dhcp enable to disable DHCP.
Syntax
dhcp enable
undo dhcp enable
Default
DHCP is disabled.
Views
System view
Predefined user roles
network-admin
mdc-admin
Usage guidelines
Enable DHCP before you perform DHCP server or relay agent configurations.
Examples
# Enable DHCP.
<Sysname> system-view
[Sysname] dhcp enable
dhcp select
Use dhcp select to enable the DHCP server or DHCP relay agent on an interface.
Use undo dhcp select to disable the DHCP server or DHCP relay agent on an interface. The interface discards DHCP packets.
Syntax
dhcp select { relay | server }
undo dhcp select { relay | server }
Default
The interface operates in DHCP server mode and responds to DHCP requests with configuration parameters.
Views
Interface view
Predefined user roles
network-admin
mdc-admin
Parameters
relay: Enables the DHCP relay agent on the interface.
server: Enables the DHCP server on the interface.
Usage guidelines
Before changing the DHCP server mode to the DHCP relay agent mode on an interface, use the reset dhcp server ip-in-use command to remove address bindings and authorized ARP entries. These bindings might conflict with ARP entries that are created after the DHCP relay agent is enabled.
Examples
# Enable the DHCP relay agent on VLAN-interface 2.
<Sysname> system-view
[Sysname] interface vlan-interface 2
[Sysname-Vlan-interface2] dhcp select relay
Related commands
reset dhcp server ip-in-use
DHCP server commands
The term "interface" in this section collectively refers to Layer 3 interfaces, including VLAN interfaces and Layer 3 Ethernet interfaces. You can set an Ethernet port as a Layer 3 interface by using the port link-mode route command (see Layer 2—LAN Switching Configuration Guide).
address range
Use address range to configure an IP address range in a DHCP address pool for dynamic allocation.
Use undo address range to remove the IP address range in the address pool.
Syntax
address range start-ip-address end-ip-address
undo address range
Default
No IP address range is configured.
Views
DHCP address pool view
Predefined user roles
network-admin
mdc-admin
Parameters
start-ip-address: Specifies the start IP address.
end-ip-address: Specifies the end IP address.
Usage guidelines
If no IP address range is specified, all IP addresses in the subnet specified by the network command in address pool view are assignable. If an IP address range is specified, only the IP addresses in the IP address range are assignable.
After you use the address range command, you cannot use the network secondary command to specify a secondary subnet in the address pool.
If you use the command multiple times, the most recent configuration takes effect.
The address range specified by the address range command must be within the subnet specified by the network command, and the addresses out of the address range cannot be assigned.
Examples
# Specify an address range of 192.168.8.1 through 192.168.8.150 in address pool 1.
<Sysname> system-view
[Sysname] dhcp server ip-pool 1
[Sysname-dhcp-pool-1] address range 192.168.8.1 192.168.8.150
Related commands
· class
· dhcp class
· display dhcp server pool
· network
bims-server
Use bims-server to specify the IP address, port number, and shared key of the BIMS server in a DHCP address pool.
Use undo bims-server to remove the specified BIMS server information.
Syntax
bims-server ip ip-address [ port port-number ] sharekey { cipher | simple } key
undo bims-server
Default
No BIMS server information is specified.
Views
DHCP address pool view
Predefined user roles
network-admin
mdc-admin
Parameters
ip ip-address: Specifies the IP address of the BIMS server.
port port-number: Specifies the port number of the BIMS server, in the range of 1 to 65534.
cipher: Sets a ciphertext key.
simple: Sets a plaintext key.
key: Specifies the key string. This argument is case sensitive. If simple is specified, it must be a string of 1 to 16 characters. If cipher is specified, it must be a ciphertext string of 1 to 53 characters. The DHCP client uses the shared key to encrypt packets sent to the BIMS server.
Usage guidelines
If you use this command multiple times, the most recent configuration takes effect.
For security purposes, all passwords, including passwords configured in plaintext, are saved in ciphertext.
Examples
# Specify the BIMS server IP address 1.1.1.1, port number 80, and shared key aabbcc in address pool 0.
<Sysname> system-view
[Sysname] dhcp server ip-pool 0
[Sysname-dhcp-pool-0] bims-server ip 1.1.1.1 port 80 sharekey simple aabbcc
display dhcp server pool
bootfile-name
Use bootfile-name to specify a boot file name or a remote boot file URL for DHCP clients.
Use undo bootfile-name to remove the specified file name or URL.
Syntax
bootfile-name { bootfile-name | url }
undo bootfile-name
Default
No boot file name or remote boot file URL is specified.
Views
DHCP address pool view
Predefined user roles
network-admin
mdc-admin
Parameters
bootfile-name: Specifies the boot file name, a case-sensitive string of 1 to 63 characters.
url: Specifies the remote boot file URL in the format of http://. It is a case-sensitive string of 1 to 63 characters.
Usage guidelines
If you use the bootfile-name command multiple times, the most recent configuration takes effect.
Examples
# Specify the boot file name boot.cfg in DHCP address pool 0.
<Sysname> system-view
[Sysname] dhcp server ip-pool 0
[Sysname-dhcp-pool-0] bootfile-name boot.cfg
# Specify the remote boot file URL http://10.1.1.1/boot.cfg in DHCP address pool 0.
<Sysname> system-view
[Sysname] dhcp server ip-pool 0
[Sysname-dhcp-pool-0] bootfile-name http://10.1.1.1/boot.cfg
Related commands
· display dhcp server pool
· next-server
· tftp-server domain-name
· tftp-server ip-address
class
Use class to specify an IP address range for a DHCP user class.
Use undo class to remove the IP address range for the DHCP user class.
Syntax
class class-name range start-ip-address end-ip-address
undo class class-name
Default
No IP address range is specified for a DHCP user class.
Views
DHCP address pool view
Predefined user roles
network-admin
mdc-admin
Parameters
class-name: Specifies the name of a DHCP user class, a case-insensitive string of 1 to 63 characters. If the specified user class does not exist, the DHCP server will not assign the addresses in the address range specified for the user class to any client.
start-ip-address: Specifies the start IP address.
end-ip-address: Specifies the end IP address.
Usage guidelines
The class command enables you to divide an address range into multiple address ranges for different DHCP user classes. The address range for a user class must be within the primary subnet specified by the network command. If the DHCP client does not match any DHCP user class, the DHCP server selects an address in the IP address range specified by the address range command. If the address range has no assignable IP addresses or no address range is configured, the address allocation fails.
You can specify only one address range for a DHCP user class in an address pool. If you use the class command multiple times for a DHCP user class, the most recent configuration takes effect.
After you specify an address range for a user class, you cannot use the network secondary command to specify a secondary subnet in the address pool.
Examples
# Specify an IP address range of 192.168.8.1 through 192.168.8.150 for the DHCP user class user in DHCP address pool 1.
<Sysname> system-view
[Sysname] dhcp server ip-pool 1
[Sysname-dhcp-pool-1] class user range 192.168.8.1 192.168.8.150
Related commands
· address range
· dhcp class
· display dhcp server pool
dhcp class
Use dhcp class to create a DHCP user class and enter the DHCP user class view. If the user class has already been created, you directly enter the user class view.
Use undo dhcp class to remove the specified user class.
Syntax
dhcp class class-name
undo dhcp class class-name
Default
No DHCP user class exists.
Views
System view
Predefined user roles
network-admin
mdc-admin
Parameters
class-name: Specifies the name of a DHCP user class, a case-insensitive string of 1 to 63 characters.
Usage guidelines
In the DHCP user class view, use the if-match command to configure a match rule to match specific clients. Then use the class command to specify an IP address range for the matching clients.
Examples
# Create a DHCP user class test and enter DHCP user class view.
<Sysname> system-view
[Sysname] dhcp class test
[Sysname-dhcp-class-test]
Related commands
· address range
· class
· if-match
dhcp server always-broadcast
Use dhcp server always-broadcast to enable the DHCP server to broadcast all responses.
Use undo dhcp server always-broadcast to restore the default.
Syntax
dhcp server always-broadcast
undo dhcp server always-broadcast
Default
The DHCP server reads the broadcast flag in a DHCP request to decide whether to broadcast or unicast the response.
Views
System view
Predefined user roles
network-admin
mdc-admin
Usage guidelines
This command enables the DHCP server to ignore the broadcast flag in DHCP requests and broadcast all responses.
If a DHCP request is from a DHCP client that has an IP address (the ciaddr field is not 0), the DHCP server always unicasts a response (the destination address is ciaddr) to the DHCP client regardless of whether this command is executed.
If a DHCP request is from a DHCP relay agent (the giaddr field is not 0), the DHCP server always unicasts a response (the destination address is giaddr) to the DHCP relay agent regardless of whether this command is executed.
Examples
# Enable the DHCP server to broadcast all responses.
<Sysname> system-view
[Sysname] dhcp server always-broadcast
dhcp server apply ip-pool
Use dhcp server apply ip-pool to apply an address pool on an interface.
Use undo dhcp server apply ip-pool to remove the configuration.
Syntax
dhcp server apply ip-pool pool-name
undo dhcp server apply ip-pool
Default
No address pool is applied on an interface
Views
Interface view
Predefined user roles
network-admin
mdc-admin
Parameters
pool-name: Specifies the name of a DHCP address pool, a case-insensitive string of 1 to 63 characters.
Usage guidelines
Upon receiving a DHCP request from the interface, the DHCP server searches for a static binding for the client from all address pools. If no static binding is found, the server assigns configuration parameters from the address pool applied on the interface to the client. If the address pool has no assignable IP address or does not exist, the DHCP client cannot obtain an IP address.
If you use the command multiple times, the most recent configuration takes effect.
Examples
# Apply DHCP address pool 0 on VLAN-interface 2.
<Sysname> system-view
[Sysname] interface vlan-interface 2
[Sysname-Vlan-interface2] dhcp server apply ip-pool 0
dhcp server ip-pool
dhcp server bootp ignore
Use dhcp server bootp ignore to configure the DHCP server to ignore BOOTP requests.
Use undo dhcp server bootp ignore to restore the default.
Syntax
dhcp server bootp ignore
undo dhcp server bootp ignore
Default
The DHCP server does not ignore BOOTP requests.
Views
System view
Predefined user roles
network-admin
mdc-admin
Usage guidelines
The lease duration of IP addresses obtained by BOOTP clients is unlimited. For scenarios that do not allow unlimited leases, you can configure the DHCP server to ignore BOOTP requests.
Examples
# Configure the DHCP server to ignore BOOTP requests.
<Sysname> system-view
[Sysname] dhcp server bootp ignore
dhcp server bootp reply-rfc-1048
Use dhcp server bootp reply-rfc-1048 to enable the DHCP server to send BOOTP responses in RFC 1048 format when it receives RFC 1048-incompliant BOOTP requests for statically bound addresses.
Use undo dhcp server bootp reply-rfc-1048 to disable this feature.
Syntax
dhcp server bootp reply-rfc-1048
undo dhcp server bootp reply-rfc-1048
Default
This feature is disabled.
Views
System view
Predefined user roles
network-admin
mdc-admin
Usage guidelines
Not all BOOTP clients can send requests compliant with RFC 1048. By default, the DHCP server does not process the Vend field of RFC 1048-incompliant requests but copies the Vend field into responses.
Use this command to enable the DHCP server to fill in the Vend field using the RFC 1048-compliant format in DHCP responses to RFC 1048-incompliant requests sent by BOOTP clients that request statically bound addresses.
Examples
# Enable the DHCP server to send BOOTP responses in RFC 1048 format upon receiving BOOTP requests incompliant with RFC 1048.
<Sysname> system-view
[Sysname] dhcp server bootp reply-rfc-1048
dhcp server forbidden-ip
Use dhcp server forbidden-ip to exclude specific IP addresses from dynamic allocation.
Use undo dhcp server forbidden-ip to remove the configuration.
Syntax
dhcp server forbidden-ip start-ip-address [ end-ip-address ] [ vpn-instance vpn-instance-name ]
undo dhcp server forbidden-ip start-ip-address [ end-ip-address ] [ vpn-instance vpn-instance-name ]
Default
No IP addresses are excluded from dynamic allocation.
Views
System view
Predefined user roles
network-admin
mdc-admin
Parameters
start-ip-address: Specifies the start IP address.
end-ip-address: Specifies the end IP address, which cannot be lower than the start-ip-address. If the argument is not specified, only the start-ip-address is excluded from dynamic allocation. If it is specified, the IP addresses from start-ip-address through end-ip-address are all excluded from dynamic allocation.
vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters. If the excluded IP addresses belong to the public network, do not specify this option. This option is available in Release 1138P01 and later versions.
Usage guidelines
The IP addresses of some devices such as the gateway and FTP server cannot be assigned to clients. Use this command to exclude such addresses from dynamic allocation.
You can exclude multiple IP address ranges from dynamic allocation.
If the excluded IP address is in a static binding, the address can be still assigned to the client.
The address or address range specified in the undo form of the command must be the same as the address or address range specified in the command. To remove an IP address that has been specified as part of an address range, you must remove the entire address range.
Examples
# Exclude the IP addresses of 10.110.1.1 through 10.110.1.63 from dynamic allocation.
<Sysname> system-view
[Sysname] dhcp server forbidden-ip 10.110.1.1 10.110.1.63
· forbidden-ip
· static-bind
dhcp server ip-pool
Use dhcp server ip-pool to create a DHCP address pool and enter its view. If the pool has been created, you directly enter its view.
Use undo dhcp server ip-pool to remove the specified DHCP address pool.
Syntax
dhcp server ip-pool pool-name
undo dhcp server ip-pool pool-name
Default
No DHCP address pool is created.
Views
System view
Predefined user roles
network-admin
mdc-admin
Parameters
pool-name: Specifies the name for the DHCP address pool, a case-insensitive string of 1 to 63 characters used to uniquely identify this pool.
Usage guidelines
A DHCP address pool is used to store the configuration parameters to be assigned to DHCP clients.
Examples
# Create a DHCP address pool named pool1.
<Sysname> system-view
[Sysname] dhcp server ip-pool pool1
[Sysname-dhcp-pool-pool1]
· dhcp server apply ip-pool
· display dhcp server pool
dhcp server ping packets
Use dhcp server ping packets to specify the maximum number of ping packets.
Use undo dhcp server ping packets to restore the default.
Syntax
dhcp server ping packets number
undo dhcp server ping packets
Default
The maximum number of ping packets is 1.
Views
System view
Predefined user roles
network-admin
mdc-admin
Parameters
number: Specifies the maximum number of ping packets, in the range of 0 to 10. A value of 0 indicates that the DHCP server does not perform address conflict detection.
Usage guidelines
To avoid IP address conflicts, the DHCP server pings an IP address before assigning it to a DHCP client.
If a ping attempt succeeds, the server considers that the IP address is in use and picks a new IP address. If all the ping attempts are failed, the server assigns the IP address to the requesting DHCP client.
Examples
# Specify the maximum number of ping packets as 10.
<Sysname> system-view
[Sysname] dhcp server ping packets 10
· dhcp server ping timeout
· display dhcp server conflict
· reset dhcp server conflict
dhcp server ping timeout
Use dhcp server ping timeout to configure the ping response timeout time on the DHCP server.
Use undo dhcp server ping timeout to restore the default.
Syntax
dhcp server ping timeout milliseconds
undo dhcp server ping timeout
Default
The ping response timeout time is 500 milliseconds.
Views
System view
Predefined user roles
network-admin
mdc-admin
Parameters
milliseconds: Specifies the timeout time in the range of 0 to 10000 milliseconds. To disable the ping operation for address conflict detection, set the value to 0 milliseconds.
Usage guidelines
To avoid IP address conflicts, the DHCP server pings an IP address before assigning it to a DHCP client.
If a ping attempt succeeds, the server considers that the IP address is in use and picks a new IP address. If all the ping attempts are failed, the server assigns the IP address to the requesting DHCP client.
Examples
# Specify the response timeout time as 1000 milliseconds.
<Sysname> system-view
[Sysname] dhcp server ping timeout 1000
· dhcp server ping packets
· display dhcp server conflict
· reset dhcp server conflict
dhcp server relay information enable
Use dhcp server relay information enable to enable the DHCP server to handle Option 82.
Use undo dhcp server relay information enable to configure the DHCP server to ignore Option 82.
Syntax
dhcp server relay information enable
undo dhcp server relay information enable
Default
The DHCP server handles Option 82.
Views
System view
Predefined user roles
network-admin
mdc-admin
Usage guidelines
Upon receiving a DHCP request that contains Option 82, the server copies the original Option 82 into the response. If the server is configured to ignore Option 82, the response will not contain Option 82.
Examples
# Configure the DHCP server to ignore Option 82.
[Sysname] undo dhcp server relay information enable
display dhcp server conflict
Use display dhcp server conflict to display information about IP address conflicts.
Syntax
display dhcp server conflict [ ip ip-address ] [ vpn-instance vpn-instance-name ]
Views
Any view
Predefined user roles
network-admin
network-operator
mdc-admin
mdc-operator
Parameters
ip ip-address: Displays conflict information about the specified IP address. If you do not specify any IP address, this command displays information about all IP address conflicts.
vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters. If you do not specify a VPN instance, this command displays IP address conflict information for the public network. This option is available in Release 1138P01 and later versions.
Usage guidelines
The DHCP server creates IP address conflict information in the following conditions:
· Before assigning an IP address to a DHCP client, the DHCP server pings the IP address and discovers that it has been used by other host.
· The DHCP client sends a DECLINE packet to the DHCP server to inform the server of an IP address conflict.
· The DHCP server discovers that the only assignable address in the address pool is its own IP address.
Examples
# Display information about all IP address conflicts.
<Sysname> display dhcp server conflict
IP address Detect time
4.4.4.1 Apr 25 16:57:20 2007
4.4.4.2 Apr 25 17:00:10 2007
Table 4 Command output
Field |
Description |
|
IP address |
Conflicted IP address. |
|
Detect time |
Time when the conflict was discovered. |
reset dhcp server conflict
display dhcp server expired
Use display dhcp server expired to display the lease expiration information.
Syntax
display dhcp server expired [ ip ip-address [ vpn-instance vpn-instance-name ] | pool pool-name ]
Views
Any view
Predefined user roles
network-admin
network-operator
mdc-admin
mdc-operator
Parameters
ip ip-address: Displays lease expiration information about the specified IP address.
vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters. If you do not specify a VPN instance, this command displays lease expiration information for the public network. This option is available in Release 1138P01 and later versions.
pool pool-name: Displays lease expiration information about the specified address pool. The pool name is a case-insensitive string of 1 to 63 characters.
Usage guidelines
If you do not specify any parameter, this command displays lease expiration information about all address pools.
DHCP assigns these expired IP addresses to DHCP clients when all available addresses have been assigned.
Examples
# Display all lease expiration information.
<Sysname> display dhcp server expired
IP address Client-identifier/Hardware address Lease expiration
4.4.4.6 3030-3066-2e65-3230-302e-3130-3234 Apr 25 17:10:47 2007
-2d45-7468-6572-6e65-7430-2f31
Table 5 Command output
Field |
Description |
IP address |
Expired IP address. |
Client-identifier/Hardware address |
Client ID or MAC address. |
Lease expiration |
Time when the lease expired. |
reset dhcp server expired
display dhcp server free-ip
Use display dhcp server free-ip to display information about assignable IP addresses.
Syntax
display dhcp server free-ip [ pool pool-name | vpn-instance vpn-instance-name ]
Views
Any view
Predefined user roles
network-admin
network-operator
mdc-admin
mdc-operator
Parameters
pool pool-name: Displays assignable IP addresses in the specified address pool. The pool name is a case-insensitive string of 1 to 63 characters. If you do not specify any address pool, this command displays all assignable IP addresses for all address pools.
vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters. If you do not specify a VPN instance, this command displays assignable IP addresses in address pools for the public network. This option is available in Release 1138P01 and later versions.
Examples
# Display assignable IP addresses in all address pools.
<Sysname> display dhcp server free-ip
Pool name: 1
Network: 10.0.0.0 mask 255.0.0.0
IP ranges from 10.0.0.10 to 10.0.0.100
IP ranges from 10.0.0.105 to 10.0.0.255
Secondary networks:
10.1.0.0 mask 255.255.0.0
IP ranges from 10.1.0.0 to 10.1.0.255
10.2.0.0 mask 255.255.0.0
IP Ranges from 10.2.0.0 to 10.2.0.255
Pool name: 2
Network: 20.1.1.0 mask 255.255.255.0
IP ranges from 20.1.1.0 to 20.1.1.255
Table 6 Command output
Field |
Description |
Pool name |
Name of the address pool. |
Network |
Assignable network. |
IP ranges |
Assignable IP address range. |
Secondary networks |
Assignable secondary networks. |
Related commands
· address range
· dhcp server ip-pool
· network
display dhcp server ip-in-use
Use display dhcp server ip-in-use to display binding information about assigned IP addresses.
Syntax
display dhcp server ip-in-use [ ip ip-address [ vpn-instance vpn-instance-name ] | pool pool-name ]
Views
Any view
Predefined user roles
network-admin
network-operator
mdc-admin
mdc-operator
Parameters
ip ip-address: Displays binding information about the specified IP address.
vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters. If you do not specify a VPN instance, this command displays binding information about assigned IP addresses for the public network. This option is available in Release 1138P01 and later versions.
pool pool-name: Displays binding information about the specified IP address pool. The pool name is a case-insensitive string of 1 to 63 characters.
Usage guidelines
If you do not specify any parameter, the command displays binding information about all assigned DHCP addresses.
If the lease deadline exceeds the year 2100, the lease expiration time is displayed as After 2100.
The client binding information can be used by other security modules such as IP source guard only when the DHCP server is configured on the gateway of DHCP clients.
Examples
# Display binding information about all assigned DHCP addresses.
<Sysname> display dhcp server ip-in-use
IP address Client identifier/ Lease expiration Type
Hardware address
10.1.1.1 4444-4444-4444 Not used Static(F)
10.1.1.2 3030-3030-2e30-3030- May 1 14:02:49 2009 Auto(C)
662e-3030-3033-2d45-
7468-6572-6e65-74
10.1.1.3 1111-1111-1111 After 2100 Static(C)
Field |
Description |
|
IP address |
IP address assigned. |
|
Client identifier/Hardware address |
Client ID or hardware address. |
|
Lease expiration |
Lease expiration time: · Exact time (May 1 14:02:49 2009 in this example)—Time when the lease will expire. · Not used—The IP address of the static binding has not been assigned to the specific client. · Unlimited—Infinite lease expiration time. · After 2100—The lease will expire after 2100. |
|
Type |
Binding types: · Static(F)—A free static binding whose IP address has not been assigned. · Static(O)—An offered static binding whose IP address has been selected and sent by the DHCP server in a DHCP-OFFER packet to the client. Static(C)—A committed static binding whose IP address has been assigned to the DHCP client. · Auto(O)—An offered temporary dynamic binding whose IP address has been dynamically selected by the DHCP server and sent in a DHCP-OFFER packet to the DHCP client. · Auto(C)—A committed dynamic binding whose IP address has been dynamically assigned to the DHCP client. |
|
Related commands
reset dhcp server ip-in-use
display dhcp server pool
Use display dhcp server pool to display information about a DHCP address pool.
Syntax
display dhcp server pool [ pool-name | vpn-instance vpn-instance-name ]
Views
Any view
Predefined user roles
network-admin
network-operator
mdc-admin
mdc-operator
Parameters
pool-name: Displays information about the specified address pool. The pool name is a case-insensitive string of 1 to 63 characters. If you do not specify the pool-name argument, the command displays information about all address pools.
vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters. If you do not specify a VPN instance, this command displays information about address pools for the public network. This option is available in Release 1138P01 and later versions.
Examples
# Display information about all DHCP address pools.
<Sysname> display dhcp server pool
Pool name: 0
Network 20.1.1.0 mask 255.255.255.0
class a range 20.1.1.50 20.1.1.60
bootfile-name abc.cfg
dns-list 20.1.1.66 20.1.1.67 20.1.1.68
domain-name www.aabbcc.com
bims-server ip 192.168.0.51 sharekey cipher $c$3$K13OmQPi791YvQoF2Gs1E+65LOU=
option 2 ip-address 1.1.1.1
expired 1 2 3 0
Pool name: 1
Network 20.1.1.0 mask 255.255.255.0
secondary networks:
20.1.2.0 mask 255.255.255.0
20.1.3.0 mask 255.255.255.0
bims-server ip 192.168.0.51 port 50 sharekey cipher $c$3$K13OmQPi791YvQoF2Gs1E+65LOU=
forbidden-ip 20.1.1.22 20.1.1.36 20.1.1.37
forbidden-ip 20.1.1.22 20.1.1.23 20.1.1.24
gateway-list 1.1.1.1 2.2.2.2 4.4.4.4
nbns-list 5.5.5.5 6.6.6.6 7.7.7.7
netbios-type m-node
option 2 ip-address 1.1.1.1
expired 1 0 0 0
Pool name: 2
Network 20.1.1.0 mask 255.255.255.0
address range 20.1.1.1 to 20.1.1.15
class departmentA range 20.1.1.20 to 20.1.1.29
class departmentB range 20.1.1.30 to 20.1.1.40
next-server 20.1.1.33
tftp-server domain-name www.dian.org.cn
tftp-server ip-address 192.168.0.120
voice-config ncp-ip 10.1.1.2
voice-config as-ip 10.1.1.5
voice-config voice-vlan 3 enable
voice-config fail-over 10.1.1.1 123*
option 2 ip-address 1.1.1.3
expired 1 0 0 0
Pool name: 3
static bindings:
ip-address 10.10.1.2 mask 255.0.0.0
hardware-address 00e0-00fc-0001 ethernet
ip-address 10.10.1.3 mask 255.0.0.0
client-identifier aaaa-bbbb
expired unlimited
Table 8 Command output
Field |
Description |
Pool name |
Name of an address pool. |
Network |
Assignable network. |
secondary networks |
Assignable secondary networks. |
address range |
Assignable address range. |
class class-name range |
DHCP user class and its address range. |
static bindings |
Static IP-to-MAC/client ID bindings. |
option |
Customized DHCP option. |
expired |
Lease duration: 1 2 3 4 in this example refers to 1 day 2 hours 3 minutes 4 seconds. |
bootfile-name |
Boot file name |
dns-list |
DNS server IP address. |
domain-name |
Domain name suffix. |
bims-server |
BIMS server information. |
forbidden-ip |
IP addresses excluded from dynamic allocation. |
gateway-list |
Gateway addresses. |
nbns-list |
WINS server addresses. |
netbios-type |
NetBIOS node type. |
next-server |
Next server IP address. |
tftp-server domain-name |
TFTP server name. |
tftp-server ip-address |
TFTP server address. |
voice-config ncp-ip |
Primary network calling processor address. |
voice-config as-ip |
Backup network calling processor address. |
voice-config voice-vlan |
Voice VLAN. |
voice-config fail-over |
Failover route. |
display dhcp server statistics
Use display dhcp server statistics to display the DHCP server statistics.
Syntax
display dhcp server statistics [ pool pool-name | vpn-instance vpn-instance-name ]
Views
Any view
Predefined user roles
network-admin
network-operator
mdc-admin
mdc-operator
Parameters
pool pool-name: Specifies an address pool by its name, a case-insensitive string of 1 to 63 characters. Without this option, the command displays information about all address pools.
vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters. If you do not specify a VPN instance, this command displays DHCP server statistics for the public network. This option is available in Release 1138P01 and later versions.
Examples
# Display the DHCP server statistics.
<Sysname> display dhcp server statistics
Pool number: 1
Pool utilization: 0.39%
Bindings:
Automatic: 1
Manual: 0
Expired: 0
Conflict: 1
Messages received: 10
DHCPDISCOVER: 5
DHCPREQUEST: 3
DHCPDECLINE: 0
DHCPRELEASE: 2
DHCPINFORM: 0
BOOTPREQUEST: 0
Messages sent: 6
DHCPOFFER: 3
DHCPACK: 3
DHCPNAK: 0
BOOTPREPLY: 0
Bad Messages: 0
Table 9 Command output
Field |
Description |
|
Pool number |
Total number of address pools. This field is not displayed when you display statistics for a specific address pool. |
|
Pool utilization |
Pool utilization rate: · If you display statistics for all address pools, this field displays the utilization rate of all address pools. · If you display statistics for an address pool, this field displays the pool utilization rate of the specified address pool. |
|
Bindings |
Bindings include the following types: · Automatic—Number of dynamic bindings. · Manual—Number of static bindings. · Expired—Number of expired bindings. |
|
Conflict |
Total number of conflict addresses. This field is not displayed if you display statistics for a specific address pool. |
|
Messages received |
DHCP packets received from clients: · DHCPDISCOVER · DHCPREQUEST · DHCPDECLINE · DHCPRELEASE · DHCPINFORM · BOOTPREQUEST This field is not displayed if you display statistics for a specific address pool. |
|
Messages sent |
DHCP packets sent to clients: · DHCPOFFER · DHCPACK · DHCPNAK · BOOTPREPLY This field is not displayed if statistics about a specific address pool are displayed. |
|
Bad Messages |
Number of bad messages. This field is not displayed if you display statistics for a specific address pool. |
reset dhcp server statistics
dns-list
Use dns-list to specify DNS server addresses in a DHCP address pool.
Use undo dns-list to remove DNS server addresses from a DHCP address pool.
Syntax
dns-list ip-address&<1-8>
undo dns-list [ ip-address&<1-8> ]
Default
No DNS server address is specified.
Views
DHCP address pool view
Predefined user roles
network-admin
mdc-admin
Parameters
ip-address&<1-8>: Specifies DNS servers. &<1-8> indicates that you can specify up to eight DNS server addresses separated by spaces.
Usage guidelines
If you use the dns-list command multiple times, the most recent configuration takes effect.
The undo dns-list command without any parameter specified deletes all DNS server addresses in the DHCP address pool.
Examples
# Specify the DNS server address 10.1.1.254 in DHCP address pool 0.
<Sysname> system-view
[Sysname] dhcp server ip-pool 0
[Sysname-dhcp-pool-0] dns-list 10.1.1.254
Related commands
display dhcp server pool
domain-name
Use domain-name to specify a domain name in a DHCP address pool.
Use undo domain-name to remove the specified domain name.
Syntax
domain-name domain-name
undo domain-name
Default
No domain name is specified.
Views
DHCP address pool view
Predefined user roles
network-admin
mdc-admin
Parameters
domain-name: Specifies the domain name, a case-sensitive string of 1 to 50 characters.
Usage guidelines
If you use the command multiple times, the most recent configuration takes effect.
Examples
# Specify the domain name company.com in address pool 0.
<Sysname> system-view
[Sysname] dhcp server ip-pool 0
[Sysname-dhcp-pool-0] domain-name company.com
Related commands
display dhcp server pool
expired
Use expired to specify the lease duration in a DHCP address pool.
Use undo expired to restore the default lease duration for a DHCP address pool.
Syntax
expired { day day [ hour hour [ minute minute [ second second ] ] ] | unlimited }
undo expired
Default
The lease duration of a dynamic address pool is one day.
Views
DHCP address pool view
Predefined user roles
network-admin
mdc-admin
Parameters
day day: Specifies the number of days, in the range of 0 to 365.
hour hour: Specifies the number of hours, in the range of 0 to 23.
minute minute: Specifies the number of minutes, in the range of 0 to 59.
second second: Specifies the number of seconds, in the range of 0 to 59.
unlimited: Specifies the unlimited lease duration, which is actually 136 years.
Usage guidelines
The DHCP server assigns an IP address together with the lease duration to the DHCP client. Before the lease expires, the DHCP client must extend the lease duration. If the lease extension operation succeeds, the DHCP client can continue to use the IP address. If the lease option does not succeed, the DHCP client cannot use the IP address after the lease duration expires and the DHCP server will label the IP address as an expired address.
Examples
# Specify the lease duration as 1 day, 2 hours, 3 minutes, and 4 seconds in DHCP address pool 0.
<Sysname> system-view
[Sysname] dhcp server ip-pool 0
[Sysname-dhcp-pool-0] expired day 1 hour 2 minute 3 second 4
· display dhcp server expired
· display dhcp server pool
· reset dhcp server expired
forbidden-ip
Use forbidden-ip to exclude IP addresses from dynamic allocation in an address pool.
Use undo forbidden-ip to cancel the configuration.
Syntax
forbidden-ip ip-address&<1-8>
undo forbidden-ip [ ip-address&<1-8> ]
Default
No IP addresses are excluded from dynamic allocation in an address pool.
Views
DHCP address pool view
Predefined user roles
network-admin
mdc-admin
Parameters
ip-address&<1-8>: Specifies excluded IP addresses. &<1-8> indicates that you can specify up to eight IP addresses, separated by spaces.
Usage guidelines
The excluded IP addresses in an address pool are still assignable in other address pools.
You can exclude a maximum of 4096 IP addresses in an address pool.
The undo forbidden-ip command without any parameter specified deletes all excluded IP addresses.
Examples
# Exclude IP addresses 192.168.1.3 and 192.168.1.10 from dynamic allocation in DHCP address pool 0.
<Sysname> system-view
[Sysname] dhcp server ip-pool 0
[Sysname-dhcp-pool-0] forbidden-ip 192.168.1.3 192.168.1.10
· dhcp server forbidden-ip
· display dhcp server pool
gateway-list
Use gateway-list to specify gateway addresses in a DHCP address pool or a DHCP secondary subnet.
Use undo gateway-list to remove the specified gateway addresses from a DHCP address pool or a DHCP secondary subnet.
Syntax
gateway-list ip-address&<1-8>
undo gateway-list [ ip-address&<1-8> ]
Default
No gateway address is configured in a DHCP address pool or a DHCP secondary subnet.
Views
DHCP address pool view, DHCP secondary subnet view
Predefined user roles
network-admin
mdc-admin
Parameters
ip-address&<1-8>: Specifies gateways. &<1-8> indicates that you can specify up to eight gateway addresses separated by spaces. Gateway addresses must reside on the same subnet as the assignable IP addresses.
Usage guidelines
If you use this command multiple times, the most recent configuration takes effect.
Without any parameters specified, the undo gateway-list command deletes all gateway addresses.
If you specify gateways in both address pool view and secondary subnet view, DHCP assigns the gateway addresses in the secondary subnet view to the clients on the secondary subnet.
If you specify gateways in address pool view but not in secondary subnet view, DHCP assigns the gateway addresses in address pool view to the clients on the secondary subnet.
Examples
# Specify the gateway address 10.1.1.1 in DHCP address pool 0.
<Sysname> system-view
[Sysname] dhcp server ip-pool 0
[Sysname-dhcp-pool-0] gateway-list 10.1.1.1
display dhcp server pool
if-match
Use if-match to configure a match rule for a DHCP user class.
Use undo if-match to remove the match rule for a DHCP user class.
Syntax
if-match rule rule-number option option-code [ hex hex-string [ mask mask | offset offset length length ] ]
undo if-match rule rule-number
Default
No match rule is configured for the DHCP user class.
Views
DHCP user class view
Predefined user roles
network-admin
mdc-admin
Parameters
rule rule-number: Assigns the match rule an ID in the range of 1 to 16. A smaller ID represents a higher priority.
option option-code: Matches a DHCP option identified by its number in the range of 1 to 254.
hex hex-string: Matches the specified hexadecimal string in the option. The length of the hexadecimal string must be an even number in the range of 2 to 256. If you do not specify the hex-string argument, the DHCP server only checks whether the specified option exists in the received packets.
mask mask: Specifies the mask used to match the option. The mask argument is a hexadecimal string, and its length must be the same as that of hex-string.
offset offset: Specifies the offset to match the option, in the range of 0 to 254 bytes. If you do not specify the offset argument, the server compares the entire option against the rule.
length length: Matches the specified length of the option, in the range of 1 to 128 bytes. The specified length must be the same as the hex-string length.
Usage guidelines
You can configure multiple match rules for a DHCP user class. Each match rule is uniquely identified by a rule ID. Different match rules can include the same option code, but they cannot have the same matching criteria.
The DHCP server matches DHCP requests against the match rules. A DHCP client matches the DHCP user class as long as it matches one of the specified rules.
The match operation follows these guidelines:
· If only the option-code argument is specified in the rule, packets containing the option match the rule.
· If only the option-code and hex-string arguments are specified in the rule, packets that have the specified hexadecimal string in the specified option match the rule.
· If the option-code, hex-string, offset and length arguments are specified in the rule, packets match the rule as long as their content from offset+1 bit to offset+length bit in the specified option is the same as the specified hexadecimal string.
· If the option-code, hex-string, and mask arguments are specified in the rule, the DHCP server ANDs the content from the first bit to the mask-1 bit in the specified option with the mask, and then compares the result with the result of the AND operation between hex-string and mask. If the two results are the same, the received packet matches the rule.
Examples
# Configure match rule 1 to match DHCP requests that contain Option 82 for DHCP user class contain-option82.
[Sysname] dhcp class contain-option82
[Sysname-dhcp-class-contain-option82] if-match rule 1 option 82
# Configure match rule 2 to match DHCP requests that contain Option 82 whose first three bytes are 0x13ae92 for DHCP user class exam.
[Sysname] dhcp class exam
[Sysname-dhcp-class-exam] if-match rule 2 option 82 hex 13ae92 offset 0 length 3
# Configure match rule 3 to match DHCP requests that contain Option 82 whose highest bit of the fourth byte is 1 for DHCP user class exam.
[Sysname] dhcp class exam
[Sysname-dhcp-class-exam] if-match rule 3 option 82 hex 00000080 mask 00000080
Related commands
dhcp class
nbns-list
Use nbns-list to specify WINS server addresses in a DHCP address pool.
Use undo nbns-list to remove the specified WINS server addresses.
Syntax
nbns-list ip-address&<1-8>
undo nbns-list [ ip-address&<1-8> ]
Default
No WINS server address is specified.
Views
DHCP address pool view
Predefined user roles
network-admin
mdc-admin
Parameters
ip-address&<1-8>: Specifies WINS server IP addresses. &<1-8> indicates that you can specify up to eight WINS server addresses separated by spaces.
Usage guidelines
If you use this command multiple times, the most recent configuration takes effect.
The undo nbns-list command with no parameter specified deletes all WINS server addresses.
Examples
# Specify the WINS server IP address 10.1.1.1 in DHCP address pool 0.
<Sysname> system-view
[Sysname] dhcp server ip-pool 0
[Sysname-dhcp-pool-0] nbns-list 10.1.1.1
· display dhcp server pool
· netbios-type
netbios-type
Use netbios-type to specify the NetBIOS node type in a DHCP address pool.
Use undo netbios-type to remove the specified NetBIOS node type.
Syntax
netbios-type { b-node | h-node | m-node | p-node }
undo netbios-type
Default
No NetBIOS node type is specified.
Views
DHCP address pool view
Predefined user roles
network-admin
mdc-admin
Parameters
b-node: Specifies the broadcast node. A b-node client sends the destination name in a broadcast message to get the name-to-IP mapping from a server.
h-node: Specifies the hybrid node. An h-node client unicasts the destination name to a WINS server. If it does not receive a response, the h-node client broadcasts the destination name to get the mapping from a server.
m-node: Specifies the mixed node. An m-node client broadcasts the destination name. If it does not receive a response, the m-node client unicasts the destination name to the WINS server to get the mapping.
p-node: Specifies the peer-to-peer node. A p-node client sends the destination name in a unicast message to get the mapping from the WINS server.
Usage guidelines
If you use the command multiple times, the most recent configuration takes effect.
Examples
# Specify the NetBIOS node type as p-node in DHCP address pool 0.
<Sysname> system-view
[Sysname] dhcp server ip-pool 0
[Sysname-dhcp-pool-0] netbios-type p-node
Related commands
· display dhcp server pool
· nbns-list
network
Use network to specify the subnet for dynamic allocation in a DHCP address pool.
Use undo network to remove the specified subnet.
Syntax
network network-address [ mask-length | mask mask ] [ secondary ]
undo network network-address [ mask-length | mask mask ] [ secondary ]
Default
No subnet is specified in a DHCP address pool.
Views
DHCP address pool view
Predefined user roles
network-admin
mdc-admin
Parameters
network-address: Specifies the subnet for dynamic allocation. If no mask length or mask is specified, the natural mask will be used.
mask-length: Specifies the mask length in the range of 1 to 30.
mask mask: Specifies the mask in dotted decimal format.
secondary: Specifies the subnet as a secondary subnet. Without this keyword, this command specifies the primary subnet. If the addresses in the primary subnet are used up, the DHCP server can select addresses from a secondary subnet for clients.
Usage guidelines
You can use the secondary keyword to specify a secondary subnet and enter its view, where you can specify gateways by using the gateway-list command for DHCP clients in the secondary subnet.
You can specify only one primary subnet for a DHCP address pool. If you use the network command multiple times, the most recent configuration takes effect.
You can specify up to 32 secondary subnets for a DHCP address pool.
The primary subnet and secondary subnets in a DHCP address pool must not have the same network address and mask.
If you have used the address range or class command in an address pool, you cannot specify any secondary subnet in the same address pool.
Modifying or removing the network configuration deletes the assigned addresses from the current address pool.
Examples
# Specify primary subnet 192.168.8.0/24 and secondary subnet 192.168.10.0/24 in DHCP address pool 0.
<Sysname> system-view
[Sysname] dhcp server ip-pool 0
[Sysname-dhcp-pool-0] network 192.168.8.0 mask 255.255.255.0
[Sysname-dhcp-pool-0] network 192.168.10.0 mask 255.255.255.0 secondary
[Sysname-dhcp-pool-0-secondary]
Related commands
· display dhcp server pool
· gateway-list
next-server
Use next-server to specify the IP address of a server in a DHCP address pool.
Use undo next-server to remove the server's IP address from the DHCP address pool.
Syntax
next-server ip-address
undo next-server
Default
No server's IP address is specified in an address pool.
Views
DHCP address pool view
Predefined user roles
network-admin
mdc-admin
Parameters
ip-address: Specifies the IP address of a server.
Usage guidelines
Upon startup, the DHCP client obtains its own IP address and the specified server IP address, and then contacts the specified server, such as a TFTP server, to get other boot information.
If you use the next-server command multiple times, the most recent configuration takes effect.
Examples
# Specify a server's IP address 10.1.1.254 in DHCP address pool 0.
<Sysname> system-view
[Sysname] dhcp server ip-pool 0
[Sysname-dhcp-pool-0] next-server 10.1.1.254
display dhcp server pool
option
Use option to customize a DHCP option.
Use undo option to remove a customized option.
option code { ascii ascii-string | hex hex-string | ip-address ip-address&<1-8> }
undo option code
Default
No DHCP option is customized.
Views
DHCP address pool view
Predefined user roles
network-admin
mdc-admin
Parameters
code: Specifies the number of the customized option, in the range of 2 to 254, excluding 50 through 54, 56, 58, 59, 61, and 82.
ascii ascii-string: Specifies an ASCII string of 1 to 255 characters as the option content.
hex hex-string: Specifies a hexadecimal string of even numbers from 2 to 256 as the option content.
ip-address ip-address&<1-8>: Specifies the IP addresses as the option content. &<1-8> indicates that you can specify up to eight IP addresses separated by spaces.
Usage guidelines
The DHCP server fills the customized option with the specified ASCII string, hexadecimal string, or IP addresses, and sends it in a response to the client.
If you use the option command with the same code specified, the most recent configuration takes effect.
You can customize options for the following purposes:
· Add newly released options.
· Add options for which the vendor defines the contents, for example, Option 43.
· Add options for which the CLI does not provide a dedicated configuration command. For example, you can use the option 4 ip-address 1.1.1.1 command to define the time server address 1.1.1.1 for DHCP clients.
· Add all option values if the actual requirement exceeds the limit for a dedicated option configuration command. For example, the dns-list command can specify up to eight DNS servers. To specify more than eight DNS server, you must use the option 6 command to define all DNS servers.
If a DHCP option is specified by both the dedicated command and the option command, the DHCP server assigns the content specified by the dedicated command. For example, if a DNS server address is specified by the dns-list command and the option 6 command, the server uses the address specified by dns-list command.
Examples
# Configure Option 7 to specify the log server address 2.2.2.2 in address pool 0.
<Sysname> system-view
[Sysname] dhcp server ip-pool 0
[Sysname-dhcp-pool-0] option 7 ip-address 2.2.2.2
Related commands
display dhcp server pool
reset dhcp server conflict
Use reset dhcp server conflict to clear IP address conflict information.
Syntax
reset dhcp server conflict [ ip ip-address ] [ vpn-instance vpn-instance-name ]
Views
User view
Predefined user roles
network-admin
mdc-admin
Parameters
ip ip-address: Clears conflict information about the specified IP address. If no IP address is specified, this command clears all address conflict information.
vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters. If you do not specify a VPN instance, this command clears IP address conflict information for the public network. This option is available in Release 1138P01 and later versions.
Usage guidelines
Address conflicts occur when dynamically assigned IP addresses have been statically configured for other hosts. After the conflicts are resolved, you can use the reset dhcp server conflict command to clear conflict information so that the conflicted addresses can be assigned to clients.
Examples
# Clear all IP address conflict information.
<Sysname> reset dhcp server conflict
Related commands
display dhcp server conflict
reset dhcp server expired
Use reset dhcp server expired to clear binding information about expired IP addresses.
Syntax
reset dhcp server expired [ ip ip-address [ vpn-instance vpn-instance-name ] | pool pool-name ]
Views
User view
Predefined user roles
network-admin
mdc-admin
Parameters
ip ip-address: Clears binding information about the specified expired IP address.
vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters. If you do not specify a VPN instance, this command clears lease expiration information for the public network. This option is available in Release 1138P01 and later versions.
pool pool-name: Clears binding information about the expired IP addresses in the specified address pool. The pool name is a case-insensitive string of 1 to 63 characters.
Usage guidelines
Using this command without any parameter clears binding information about all expired IP addresses.
Examples
# Clear binding information about all expired IP addresses.
<Sysname> reset dhcp server expired
Related commands
display dhcp server expired
reset dhcp server ip-in-use
Use reset dhcp server ip-in-use to clear binding information about assigned IP addresses.
Syntax
reset dhcp server ip-in-use [ ip ip-address [ vpn-instance vpn-instance-name ] | pool pool-name ]
Views
User view
Predefined user roles
network-admin
mdc-admin
Parameters
ip ip-address: Clears binding information about the specified assigned IP address.
vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters. If you do not specify a VPN instance, this command clears binding information for the public network. This option is available in Release 1138P01 and later versions.
pool pool-name: Clears binding information about the specified address pool. The pool name is a case-insensitive string of 1 to 63 characters.
Usage guidelines
Using this command without any parameter clears binding information about all assigned IP addresses.
If you use this command to clear information about an assigned static binding, the static binding becomes an unassigned static binding.
Examples
# Clear binding information about the IP address 10.110.1.1.
<Sysname> reset dhcp server ip-in-use ip 10.110.1.1
display dhcp server ip-in-use
reset dhcp server statistics
Use reset dhcp server statistics to clear DHCP server statistics.
Syntax
reset dhcp server statistics [ vpn-instance vpn-instance-name ]
Views
User view
Predefined user roles
network-admin
mdc-admin
Parameters
vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters. If you do not specify a VPN instance, this command clears DHCP server statistics for the public network. This option is available in Release 1138P01 and later versions.
Examples
# Clear DHCP server statistics.
<Sysname> reset dhcp server statistics
Related commands
display dhcp server statistics
static-bind
Use static-bind to statically bind a client ID or MAC address to an IP address.
Use undo static-bind to remove a static binding.
Syntax
static-bind ip-address ip-address [ mask-length | mask mask ] { client-identifier client-identifier | hardware-address hardware-address [ ethernet | token-ring ] }
undo static-bind ip-address ip-address
Default
No static binding is specified in a DHCP address pool.
Views
DHCP address pool view
Predefined user roles
network-admin
mdc-admin
Parameters
ip-address ip-address: Specifies the IP address of the static binding. The natural mask is used if no mask length or mask is specified.
mask-length: Specifies the mask length in the range of 1 to 30.
mask mask: Specifies the mask, in dotted decimal format.
client-identifier client-identifier: Specifies the client ID of the static binding, a string of 4 to 254 characters that can contain only hexadecimal numbers and hyphen (-), in the format of H-H-H…., in which the last H can be a two-digit or four-digit hexadecimal number while the other Hs must be all four-digit hexadecimal numbers. For example, aabb-cccc-dd is a correct ID, while aabb-c-dddd and aabb-cc-dddd are incorrect IDs.
hardware-address hardware-address: Specifies the client hardware address of the static binding, a string of 4 to 79 characters that can contain only hexadecimal numbers and hyphen (-), in the format of H-H-H…, in which the last H can be a two-digit or four-digit hexadecimal number while the other Hs must be all four-digit hexadecimal numbers. For example, aabb-cccc-dd is a correct hardware address, while aabb-c-dddd and aabb-cc-dddd are incorrect hardware addresses.
ethernet: Specifies the client hardware address type as Ethernet. The default type is Ethernet.
token-ring: Specifies the client hardware address type as token ring.
Usage guidelines
The IP address of a static binding must not be an interface address of the DHCP server. Otherwise, an IP address conflict occurs, and the bound client cannot obtain the IP address.
You can specify multiple static bindings in an address pool. The total number of static bindings in all address pools cannot exceed 8192.
You cannot modify bindings. To change the binding for a DHCP client, you must delete the existing binding first and create a new binding.
Examples
# Bind the IP address 10.1.1.1/24 to the client ID 00aa-aabb in DHCP address pool 0.
<Sysname> system-view
[Sysname] dhcp server ip-pool 0
[Sysname-dhcp-pool-0] static-bind ip-address 10.1.1.1 mask 255.255.255.0 client-identifier 00aa-aabb
Related commands
display dhcp server pool
tftp-server domain-name
Use tftp-server domain-name to specify a TFTP server name in a DHCP address pool.
Use undo tftp-server domain-name to remove the TFTP server name from a DHCP address pool.
Syntax
tftp-server domain-name domain-name
undo tftp-server domain-name
Default
No TFTP server name is specified.
Views
DHCP address pool view
Predefined user roles
network-admin
mdc-admin
Parameters
domain-name: Specifies the TFTP server name, a case-sensitive string of 1 to 63 characters.
Usage guidelines
If you use this command multiple times, the most recent configuration takes effect.
Examples
# Specify the TFTP server name aaa in DHCP address pool 0.
<Sysname> system-view
[Sysname] dhcp server ip-pool 0
[Sysname-dhcp-pool-0] tftp-server domain-name aaa
· display dhcp server pool
· tftp-server ip-address
tftp-server ip-address
Use tftp-server ip-address to specify a TFTP server address in a DHCP address pool.
Use undo tftp-server ip-address to remove the TFTP server address from a DHCP address pool.
Syntax
tftp-server ip-address ip-address
undo tftp-server ip-address
Default
No TFTP server address is specified.
Views
DHCP address pool view
Predefined user roles
network-admin
mdc-admin
Parameters
ip-address: Specifies the IP address of a TFTP server.
Usage guidelines
If you use this command multiple times, the most recent configuration takes effect.
Examples
# Specify the TFTP server address 10.1.1.1 in DHCP address pool 0.
<Sysname> system-view
[Sysname] dhcp server ip-pool 0
[Sysname-dhcp-pool-0] tftp-server ip-address 10.1.1.1
· display dhcp server pool
· tftp-server domain-name
voice-config
Use voice-config to configure the content for Option 184 in a DHCP address pool.
Use undo voice-config to remove the Option 184 content from a DHCP address pool.
Syntax
voice-config { as-ip ip-address | fail-over ip-address dialer-string | ncp-ip ip-address | voice-vlan vlan-id { disable | enable } }
undo voice-config [ as-ip | fail-over | ncp-ip | voice-vlan ]
Default
No Option 184 content is configured in a DHCP address pool.
Views
DHCP address pool view
Predefined user roles
network-admin
mdc-admin
Parameters
as-ip ip-address: Specifies the IP address of the backup network calling processor.
fail-over ip-address dialer-string: Specifies the failover IP address and dialer string. The dialer-string is a string of 1 to 39 characters, which can include numbers 0 through 9 and asterisk (*).
ncp-ip ip-address: Specifies the IP address of the primary network calling processor.
voice-vlan vlan-id: Specifies the voice VLAN ID in the range of 2 to 4094.
· disable: Disables the specified VLAN. DHCP clients will not take this VLAN as their voice VLAN.
· enable: Enables the specified VLAN. DHCP clients will take this VLAN as their voice VLAN.
Usage guidelines
If you use the command multiple times, the most recent configuration takes effect.
Examples
# Configure Option 184 in DHCP address pool 0: the primary network calling processor 10.1.1.1, backup network calling processor 10.2.2.2, voice VLAN 3 that is enabled, failover IP address 10.3.3.3, and dialer string 99*.
<Sysname> system-view
[Sysname] dhcp server ip-pool 0
[Sysname-dhcp-pool-0] voice-config ncp-ip 10.1.1.1
[Sysname-dhcp-pool-0] voice-config as-ip 10.2.2.2
[Sysname-dhcp-pool-0] voice-config voice-vlan 3 enable
[Sysname-dhcp-pool-0] voice-config fail-over 10.3.3.3 99*
Related commands
display dhcp server pool
vpn-instance
Use vpn-instance to apply a DHCP address pool to a VPN instance.
Use undo vpn-instance to restore the default.
Syntax
vpn-instance vpn-instance-name
undo vpn-instance
Default
The DHCP address pool is not applied to any VPN instance.
Views
DHCP address pool view
Predefined user roles
network-admin
mdc-admin
Parameters
vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters.
Usage guidelines
This command is available in Release 1138P01 and later versions.
If a DHCP address pool is applied to a VPN instance, the DHCP server assigns IP addresses in this address pool to clients in the specified VPN instance.
The DHCP server identifies the VPN instance to which a DHCP client belongs according to the following information:
· The client's VPN information stored in authentication modules.
· The VPN information of the DHCP server's interface that receives DHCP packets from the client.
The VPN information from authentication modules takes precedence over the VPN information of the receiving interface.
Examples
# Apply the address pool 0 to the VPN instance abc.
<Sysname> system-view
[Sysname] dhcp server ip-pool 0
[Sysname-dhcp-pool-0] vpn-instance abc
DHCP relay agent commands
The term "interface" in this section collectively refers to Layer 3 interfaces, including VLAN interfaces and Layer 3 Ethernet interfaces. You can set an Ethernet port as a Layer 3 interface by using the port link-mode route command (see Layer 2—LAN Switching Configuration Guide).
dhcp relay check mac-address
Use dhcp relay check mac-address to enable MAC address check on the relay agent.
Use undo dhcp relay check mac-address to disable MAC address check on the relay agent.
Syntax
dhcp relay check mac-address
undo dhcp relay check mac-address
Default
The MAC address check feature is disabled.
Views
Interface view
Predefined user roles
network-admin
mdc-admin
Usage guidelines
This feature enables the DHCP relay agent to compare the chaddr field of a received DHCP request with the source MAC address in the frame header. If they are the same, the DHCP relay agent forwards the request to the DHCP server. If they are not the same, the DHCP relay agent discards the request.
The MAC address check feature takes effect only when the dhcp select relay command has been configured on the interface.
Enable the MAC address check feature only on the DHCP relay agent directly connected to the DHCP clients. A DHCP relay agent changes the source MAC address of DHCP packets before sending them. If you enable this feature on an intermediate relay agent, it might discard valid DHCP packet, and the sending clients will not obtain IP addresses.
Examples
# Enable MAC address check on the relay agent.
<Sysname> system-view
[Sysname] interface vlan-interface 10
[Sysname-Vlan-interface10] dhcp relay check mac-address
dhcp select relay
dhcp relay check mac-address aging time
Use dhcp relay check mac-address aging time to configure the aging time for MAC address check entries on the DHCP relay agent.
Use undo dhcp relay check mac-address aging time to restore the default.
Syntax
dhcp relay check mac-address aging-time time
undo dhcp relay check mac-address aging-time
Default
The aging time is 300 seconds.
Views
System view
Predefined user roles
network-admin
mdc-admin
Parameters
time: Specifies the aging time for MAC address check entries in seconds, in the range of 30 to 600.
Usage guidelines
This command takes effect only after you execute the dhcp relay check mac-address command.
Examples
# Set the aging time for MAC address check entries on the DHCP relay agent to 60 seconds.
<Sysname> system-view
[Sysname] dhcp relay check mac-address aging-time 60
dhcp relay client-information record
Use dhcp relay client-information record to enable recording client information in relay entries. A relay entry contains information about a client such as the client's IP and MAC addresses.
Use undo dhcp relay client-information record to disable the feature.
Syntax
dhcp relay client-information record
undo dhcp relay client-information record
Default
The DHCP relay agent does not record client information in relay entries.
Views
System view
Predefined user roles
network-admin
mdc-admin
Usage guidelines
Disabling recording of client information deletes all recorded relay entries.
Client information is recorded only when the DHCP relay agent is configured on the gateway of DHCP clients.
Examples
# Enable recording of relay entries on the relay agent.
<Sysname> system-view
[Sysname] dhcp relay client-information record
Related commands
· dhcp relay client-information refresh
· dhcp relay client-information refresh enable
dhcp relay client-information refresh
Use dhcp relay client-information refresh to configure the interval at which the DHCP relay agent periodically refreshes relay entries.
Use undo dhcp relay client-information refresh to restore the default.
Syntax
dhcp relay client-information refresh [ auto | interval interval ]
undo dhcp relay client-information refresh
Default
The refresh interval is automatically calculated based on the number of relay entries.
Views
System view
Predefined user roles
network-admin
mdc-admin
Parameters
auto: Automatically calculates the refresh interval. The more the entries, the shorter the refresh interval. The shortest interval must not be less than 500 ms.
interval interval: Specifies the refresh interval in the range of 1 to 120 seconds.
Usage guidelines
If you use this command multiple times, the most recent configuration takes effect.
Examples
# Set the refresh interval to 100 seconds.
<Sysname> system-view
[Sysname] dhcp relay client-information refresh interval 100
Related commands
· dhcp relay client-information record
· dhcp relay client-information refresh enable
dhcp relay client-information refresh enable
Use dhcp relay client-information refresh enable to enable the DHCP relay agent to periodically refresh dynamic relay entries.
Use undo dhcp relay client-information refresh enable to disable the DHCP relay agent to periodically refresh dynamic relay entries.
Syntax
dhcp relay client-information refresh enable
undo dhcp relay client-information refresh enable
Default
The DHCP relay agent periodically refreshes relay entries.
Views
System view
Predefined user roles
network-admin
mdc-admin
Usage guidelines
A DHCP client unicasts a DHCP-RELEASE message to the DHCP server to release its IP address. The DHCP relay agent conveys the message to the DHCP server and does not remove the IP-to-MAC entry of the client.
With this feature, the DHCP relay agent uses the IP address of a client and the MAC address of the DHCP relay interface to periodically send a DHCP-REQUEST message to the DHCP server.
· If the server returns a DHCP-ACK message or does not return any message within a specific interval, the DHCP relay agent removes the entry and sends a DHCP-RELEASE message to the DHCP server to release the IP address.
· If the server returns a DHCP-NAK message, the relay agent keeps the entry.
With this feature disabled, the DHCP relay agent does not remove relay entries automatically. After a DHCP client releases its IP address, you must use the reset dhcp relay client-information on the relay agent to remove the corresponding relay entry.
Examples
# Disable periodic refresh of relay entries.
<Sysname> system-view
[Sysname] undo dhcp relay client-information refresh enable
Related commands
· dhcp relay client-information record
· dhcp relay client-information refresh
· reset dhcp relay client-information
dhcp relay information circuit-id
Use dhcp relay information circuit-id to configure the padding content and padding format for the circuit ID sub-option of Option 82.
Use undo dhcp relay information circuit-id to restore the default.
Syntax
dhcp relay information circuit-id { string circuit-id | { normal | verbose [ node-identifier { mac | sysname | user-defined node-identifier } ] } [ format { ascii | hex } ] }
undo dhcp relay information circuit-id
Default
The content mode is normal and the padding format is hex.
Views
Interface view
Predefined user roles
network-admin
mdc-admin
Parameters
string circuit-id: Specifies a case-sensitive string of 3 to 63 characters as the content of the circuit ID sub-option.
normal: Specifies the normal mode, in which the padding content consists of the VLAN ID and port number.
verbose: Specifies the verbose mode. The padding content includes the VLAN ID and interface number.
node-identifier { mac | sysname | user-defined node-identifier }: Specifies the access node identifier. The padding content includes the node identifier, Ethernet type (fixed to eth), chassis number, slot number, sub-slot number, interface number, and VLAN ID. The node identifier varies with the keyword mac, sysname, and user-defined.
· mac: Uses the MAC address of the access node as the node identifier. It is the default node identifier.
· sysname: Uses the device name as the node identifier. You can set the device name by using the sysname command in system view. The padding format for the device name is always ASCII regardless of the specified padding format.
· user-defined node-identifier: Uses a case-sensitive string of 1 to 50 characters as the node identifier. The padding format for the specified character string is always ASCII regardless of the specified padding format.
format: Specifies the code type for the circuit ID sub-option.
ascii: Specifies the ASCII code type.
hex: Specifies the hex code type.
Usage guidelines
If you use this command multiple times, the most recent configuration takes effect.
The padding format for the user-defined string, the normal mode, or the verbose modes varies with the command configuration. Table 10 shows how the padding format is determined for different modes.
Table 10 Padding format for different modes
Keyword (mode) |
If no padding format is specified |
If the padding format is ascii |
The padding format is hex |
string circuit-id |
You cannot specify a padding format, and the padding format is always ASCII. |
N/A |
N/A |
normal |
Hex. |
ASCII. |
Hex. |
verbose |
Hex for the VLAN ID. ASCII for the node identifier, Ethernet type, chassis number, slot number, sub-slot number, and interface number. |
ASCII. |
ASCII for the node identifier and Ethernet type. Hex for the chassis number, slot number, sub-slot number, interface number, and VLAN ID. |
Examples
# Specify the content mode as verbose, node identifier as the system name, and the padding format as ASCII for the circuit ID sub-option.
<Sysname> system-view
[Sysname] interface vlan-interface 10
[Sysname-Vlan-interface10] dhcp relay information enable
[Sysname-Vlan-interface10] dhcp relay information strategy replace
[Sysname-Vlan-interface10] dhcp relay information circuit-id verbose node-identifier sysname format ascii
Related commands
· dhcp relay information enable
· dhcp relay information strategy
· display dhcp relay information
dhcp relay information enable
Use dhcp relay information enable to enable the DHCP relay agent to support Option 82.
Use undo dhcp relay information enable to disable Option 82 support.
Syntax
dhcp relay information enable
undo dhcp relay information enable
Default
The DHCP relay agent does not support Option 82.
Views
Interface view
Predefined user roles
network-admin
mdc-admin
Usage guidelines
This command enables the DHCP relay agent to add Option 82 to DHCP requests that do not contain Option 82 before forwarding the requests to the DHCP server. The content of Option 82 is determined by the dhcp relay information circuit-id and dhcp relay information remote-id commands. If the DHCP requests contain Option 82, the relay agent handles the requests according to the strategy configured with the dhcp relay information strategy command.
If this feature is disabled, the relay agent forwards requests that contain or do not contain Option 82 to the DHCP server.
Examples
# Enable Option 82 support on the relay agent.
<Sysname> system-view
[Sysname] interface vlan-interface 10
[Sysname-Vlan-interface10] dhcp relay information enable
Related commands
· dhcp relay information circuit-id
· dhcp relay information remote-id
· dhcp relay information strategy
· display dhcp relay information
dhcp relay information remote-id
Use dhcp relay information remote-id to configure the padding content and padding format for the remote ID sub-option of Option 82.
Use undo dhcp relay information remote-id to restore the default.
Syntax
dhcp relay information remote-id { normal [ format { ascii | hex } ] | string remote-id | sysname }
undo dhcp relay information remote-id
Default
The content mode is normal and the padding format is hex.
Views
Interface view
Predefined user roles
network-admin
mdc-admin
Parameters
normal: Specifies the normal mode in which the padding content is the MAC address of the receiving interface.
format: Specifies the code type for the remote ID sub-option. The default code type is hex.
ascii: Specifies the ASCII code type.
hex: Specifies the Hex code type.
string remote-id: Specifies a case-sensitive string of 1 to 63 characters as the content of the remote ID sub-option.
sysname: Uses the device name as the content of the remote ID sub-option. You can set the device name by using the sysname command.
Usage guidelines
The padding format for the specified character string (string) or the device name (sysname) is always ASCII. The padding format for the normal mode is determined by the command.
If you use the command multiple times, the most recent configuration takes effect.
Examples
# Specify the padding content for the remote ID sub-option of Option 82 as device001.
<Sysname> system-view
[Sysname] interface vlan-interface 10
[Sysname-Vlan-interface10] dhcp relay information enable
[Sysname-Vlan-interface10] dhcp relay information strategy replace
[Sysname-Vlan-interface10] dhcp relay information remote-id string device001
Related commands
· dhcp relay information enable
· dhcp relay information strategy
· display dhcp relay information
dhcp relay information strategy
Use dhcp relay information strategy to configure the strategy for the DHCP relay agent to handle messages containing Option 82.
Use undo dhcp relay information strategy to restore the default handling strategy.
Syntax
dhcp relay information strategy { drop | keep | replace }
undo dhcp relay information strategy
Default
The handling strategy for messages that contain Option 82 is replace.
Views
Interface view
Predefined user roles
network-admin
mdc-admin
Parameters
drop: Drops DHCP messages that contain Option 82 messages.
keep: Keeps the original Option 82 intact.
replace: Replaces the original Option 82 with the configured Option 82.
Usage guidelines
This command takes effect only on DHCP requests that contain Option 82.
When enabled to support Option 82, the DHCP relay agent always adds Option 82 into DHCP requests that do not contain Option 82 before forwarding the requests to the DHCP.
Examples
# Specify the handling strategy for Option 82 as keep.
<Sysname> system-view
[Sysname] interface vlan-interface 10
[Sysname-Vlan-interface10] dhcp relay information enable
[Sysname-Vlan-interface10] dhcp relay information strategy keep
Related commands
· dhcp relay information enable
· display dhcp relay information
dhcp relay release ip
Use dhcp relay release ip to release a specific client IP address.
Syntax
dhcp relay release ip client-ip [ vpn-instance vpn-instance-name ]
Views
System view
Predefined user roles
network-admin
mdc-admin
Parameters
client-ip: Specifies the IP address to be released.
vpn-instance vpn-instance-name: Specifies the MPLS L3VPN instance to which the IP address belongs. The vpn-instance-name is a case-sensitive string of 1 to 31 characters. To release an IP address on the public network, do not specify this option.
Usage guidelines
After you execute this command, the relay agent sends a DHCP-RELEASE packet to the DHCP server and removes the relay entry of the IP address. Upon receiving the packet, the server removes binding information about the specified IP address to release the IP address.
Examples
# Release the IP address 1.1.1.1.
<Sysname> system-view
[Sysname] dhcp relay release ip 1.1.1.1
dhcp relay server-address
Use dhcp relay server-address to specify DHCP servers on the DHCP relay agent.
Use undo dhcp relay server-address to remove DHCP servers.
Syntax
dhcp relay server-address ip-address
undo dhcp relay server-address [ ip-address ]
Default
No DHCP server is specified on the relay agent.
Views
Interface view
Predefined user roles
network-admin
mdc-admin
Parameters
ip-address: Specifies the IP address of a DHCP server. The DHCP relay agent forwards DHCP packets received from DHCP clients to this DHCP server.
Usage guidelines
The specified IP address of the DHCP server must not reside on the same subnet as the IP address of the DHCP relay agent interface. Otherwise, the DHCP clients might fail to obtain IP addresses.
You can specify a maximum of eight DHCP servers on an interface. The DHCP relay agent forwards the packets from the clients to all the specified DHCP servers.
If you do not specify any IP address, the undo dhcp relay server-address command removes all DHCP servers on the interface.
Examples
# Specify the DHCP server 1.1.1.1 on the relay agent interface VLAN-interface 10.
<Sysname> system-view
[Sysname] interface vlan-interface 10
[Sysname-Vlan-interface10] dhcp relay server-address 1.1.1.1
Related commands
· dhcp select relay
· display dhcp relay interface
display dhcp relay check mac-address
Use display dhcp relay check mac-address to display MAC address check entries on the relay agent.
Syntax
display dhcp relay check mac-address
Views
Any view
Predefined user roles
network-admin
network-operator
mdc-admin
mdc-operator
Examples
# Display MAC address check entries on the DHCP relay agent.
<Sysname> display dhcp relay check mac-address
Source-MAC Interface Aging-time
23f3-1122-adf1 FGE1/0/1 10
23f3-1122-2230 FGE1/0/2 30
Table 11 Command output
Field |
Description |
Source MAC |
Source MAC address of the attacker. |
Interface |
Interface where the attack comes from. |
Aging-time |
Aging time of the MAC address check entry, in seconds. |
display dhcp relay client-information
Use display dhcp relay client-information to display relay entries on the relay agent.
Syntax
display dhcp relay client-information [ interface interface-type interface-number | ip ip-address [ vpn-instance vpn-instance-name ] ]
Views
Any view
Predefined user roles
network-admin
network-operator
mdc-admin
mdc-operator
Parameters
interface interface-type interface-number: Displays relay entries on the specified interface.
ip ip-address: Displays the relay entry for the specified IP address.
vpn-instance vpn-instance-name: Displays the relay entry for the specified IP address in the specified MPLS L3VPN instance. The vpn-instance-name is a case-sensitive string of 1 to 31 characters.
Usage guidelines
The DHCP relay agent records relay entries only when the dhcp relay client-information record command has been issued.
Without any parameter, the display dhcp relay client-information command shows all relay entries on the relay agent.
Examples
# Display all relay entries on the relay agent.
<Sysname> display dhcp relay client-information
Total number of client-information items: 2
Total number of dynamic items: 1
Total number of temporary items: 1
IP address MAC address Type Interface VPN name
10.1.1.1 00e0-0000-0001 Dynamic Vlan1 VPN1
10.1.1.5 00e0-0000-0000 Temporary Vlan2 VPN2
Table 12 Command output
Field |
Description |
|
Total number of client-information items |
Total number of relay entries. |
|
Total number of dynamic items |
Total number of dynamic relay entries. |
|
Total number of temporary items |
Total number of temporary relay entries. |
|
IP address |
IP address of the DHCP client. |
|
MAC address |
MAC address of the DHCP client. |
|
Type |
Relay entry type: · Dynamic—The relay agent creates a dynamic relay entry upon receiving an ACK response from the DHCP server. · Temporary—The relay agent creates a temporary relay entry upon receiving a REQUEST packet from a DHCP client. |
|
Interface |
Layer 3 interface connected to the DHCP client. N/A is displayed for relay entries without interface information. |
|
Related commands
· dhcp relay client-information record
· reset dhcp relay client-information
display dhcp relay information
Use display dhcp relay information to display Option 82 configuration information for the DHCP relay agent.
Syntax
display dhcp relay information [ interface interface-type interface-number ]
Views
Any view
Predefined user roles
network-admin
network-operator
mdc-admin
mdc-operator
Parameters
interface interface-type interface-number: Displays Option 82 configuration information for the specified interface. If you do not specify any interface, the command displays Option 82 configuration information about all interfaces.
Examples
# Display Option 82 configuration information for all interfaces.
<Sysname> display dhcp relay information
Interface: Vlan-interface100
Status: Enable
Strategy: Replace
Circuit ID Pattern: Verbose
Remote ID Pattern: Sysname
Circuit ID format-type: Undefined
Remote ID format-type: ASCII
Node identifier: aabbcc
Interface: Vlan-interface200
Status: Enable
Strategy: Replace
Circuit ID Pattern: User Defined
Remote ID Pattern: User Defined
Circuit ID format-type: ASCII
Remote ID format-type: ASCII
User defined:
Circuit ID: vlan100
Remote ID: device001
Table 13 Command output
Field |
Description |
|
|||
Interface |
Interface name. |
|
|||
Status |
Option 82 states: · Enable—DHCP relay agent support for Option 82 is enabled. · Disable—DHCP relay agent support for Option 82 is disabled. |
||||
Strategy |
Handling strategy for request messages containing Option 82, Drop, Keep, or Replace. |
||||
Circuit ID Pattern |
Padding content mode of the circuit ID sub-option, Verbose, Normal, or User Defined. |
||||
Remote ID Pattern |
Padding content mode of the remote ID sub-option, Sysname, Normal, or User Defined. |
||||
Circuit ID format-type |
Padding format of the circuit ID sub-option, ASCII, Hex, or Undefined. |
||||
Remote ID format-type |
Padding format of the remote ID sub-option, ASCII, Hex, or Undefined. |
||||
Node identifier |
Access node identifier. |
||||
User defined |
Content of the user-defined sub-options. |
||||
Circuit ID |
User-defined content of the circuit ID sub-option. |
||||
Remote ID |
User-defined content of the remote ID sub-option. |
||||
display dhcp relay server-address
Use display dhcp relay server-address to display DHCP server addresses configured on an interface.
Syntax
display dhcp relay server-address [ interface interface-type interface-number ]
Views
Any view
Predefined user roles
network-admin
network-operator
mdc-admin
mdc-operator
Parameters
interface interface-type interface-number: Displays DHCP server addresses on the specified interface. If you do not specify any interface, the command displays DHCP server addresses on all interfaces operating in DHCP relay agent mode.
Examples
# Display DHCP server addresses on all interfaces.
<Sysname> display dhcp relay server-address
Interface name Server IP address
Vlan1 2.2.2.2
Table 14 Command output
Field |
Description |
Interface name |
Interface name. |
Server IP address |
DHCP server IP address. |
Related commands
dhcp relay server-address
display dhcp relay statistics
Use display dhcp relay statistics to display DHCP packet statistics on the DHCP relay agent.
Syntax
display dhcp relay statistics [ interface interface-type interface-number ]
Views
Any view
Predefined user roles
network-admin
network-operator
mdc-admin
mdc-operator
Parameters
interface interface-type interface-number: Displays DHCP packet statistics on the specified interface. If you do not specify any interface, the command displays all DHCP packet statistics on the DHCP relay agent.
Examples
# Display all DHCP packet statistics on the DHCP relay agent.
<Sysname> display dhcp relay statistics
DHCP packets dropped: 0
DHCP packets received from clients: 0
DHCPDISCOVER: 0
DHCPREQUEST: 0
DHCPINFORM: 0
DHCPRELEASE: 0
DHCPDECLINE: 0
BOOTPREQUEST: 0
DHCP packets received from servers: 0
DHCPOFFER: 0
DHCPACK: 0
DHCPNAK: 0
BOOTPREPLY: 0
DHCP packets relayed to servers: 0
DHCPDISCOVER: 0
DHCPREQUEST: 0
DHCPINFORM: 0
DHCPRELEASE: 0
DHCPDECLINE: 0
BOOTPREQUEST: 0
DHCP packets relayed to clients: 0
DHCPOFFER: 0
DHCPACK: 0
DHCPNAK: 0
BOOTPREPLY: 0
DHCP packets sent to servers: 0
DHCPDISCOVER: 0
DHCPREQUEST: 0
DHCPINFORM: 0
DHCPRELEASE: 0
DHCPDECLINE: 0
BOOTPREQUEST: 0
DHCP packets sent to clients: 0
DHCPOFFER: 0
DHCPACK: 0
DHCPNAK: 0
BOOTPREPLY: 0
reset dhcp relay client-information
Use reset dhcp relay client-information to clear relay entries on the DHCP relay agent.
Syntax
reset dhcp relay client-information [ interface interface-type interface-number | ip ip-address [ vpn-instance vpn-instance-name ] ]
Views
User view
Predefined user roles
network-admin
mdc-admin
Parameters
interface interface-type interface-number: Clears relay entries on the specified interface.
ip ip-address: Clears the relay entry for the specified IP address.
vpn-instance vpn-instance-name: Clears the relay entry for the specified IP address in the specified MPLS L3VPN instance. The vpn-instance-name is a case-sensitive string of 1 to 31 characters. To clear the relay entry for an IP address on the public network, do not specify this option.
Usage guidelines
Without any parameter, this command clears all relay entries on the DHCP relay agent.
Examples
# Clear all relay entries on the DHCP relay agent.
<Sysname> reset dhcp relay client-information
Related commands
display dhcp relay client-information
reset dhcp relay statistics
Use reset dhcp relay statistics to clear relay agent statistics.
Syntax
reset dhcp relay statistics [ interface interface-type interface-number ]
Views
User view
Predefined user roles
network-admin
mdc-admin
Parameters
interface interface-type interface-number: Clears DHCP relay agent statistics on the specified interface. If you do not specify any interface, this command clears all DHCP relay agent statistics.
Examples
# Clear all DHCP relay agent statistics.
<Sysname> reset dhcp relay statistics
Related commands
display dhcp relay statistics
DHCP client commands
dhcp client dad enable
Use dhcp client dad enable to enable duplicate address detection.
Use undo dhcp client dad enable to disable duplicate address detection.
Syntax
dhcp client dad enable
undo dhcp client dad enable
Default
The duplicate address detection feature is enabled on an interface.
Views
System view
Predefined user roles
network-admin
mdc-admin
Usage guidelines
DHCP client detects IP address conflict through ARP packets. An attacker can act as the IP address owner to send an ARP reply, which makes the client unable to use the IP address assigned by the server. As a best practice, disable duplicate address detection when ARP attacks exist on the network.
Examples
# Disable the duplicate address.
<Sysname> system-view
[Sysname] undo dhcp client dad enable
dhcp client dscp
Use dhcp client dscp to set the DSCP value for DHCP packets sent by the DHCP client.
Use undo dhcp client dscp to restore the default.
Syntax
dhcp client dscp dscp-value
undo dhcp client dscp
Default
The DSCP value in DHCP packets is 56.
Views
System view
Predefined user roles
network-admin
mdc-admin
Parameters
dscp-value: Sets the DSCP value for DHCP packets, in the range of 0 to 63.
Usage guidelines
The DSCP value of a packet specifies the priority level of the packet and affects the transmission priority of the packet. A bigger DSCP value represents a higher priority.
Examples
# Set the DSCP value for DHCP packets sent by the DHCP client to 30.
<Sysname> system-view
[Sysname] dhcp client dscp 30
dhcp client identifier
Use dhcp client identifier to configure a DHCP client ID for an interface.
Use undo dhcp client identifier to restore the default.
Syntax
dhcp client identifier { ascii string | hex string | mac interface-type interface-number }
undo dhcp client identifier
Default
An interface generates the DHCP client ID based on its MAC address. If the interface has no MAC address, it uses the MAC address of the first Ethernet interface to generate its client ID.
Views
Interface view
Predefined user roles
network-admin
mdc-admin
Parameters
ascii string: Specifies a case-sensitive ASCII string of 1 to 63 characters as the client ID.
hex string: Specifies a hexadecimal string of 4 to 64 characters as the client ID.
mac interface-type interface-number: Uses the MAC address of the specified interface as a DHCP client ID. The interface-type interface-number argument specifies an interface by its type and number.
Usage guidelines
A DHCP client ID is added to the DHCP option 61. A DHCP server can specify IP addresses for clients based on the DHCP client ID. You can specify a DHCP client ID by naming an ASCII string or hexadecimal string as the client ID, or by using the MAC address of an interface to generate a client ID. Whichever method you use, make sure the IDs for different DHCP clients are unique.
Examples
# Specify the hexadecimal string of FFFFFFF as the client ID for VLAN-interface 10.
<Sysname> system-view
[Sysname] interface vlan-interface 10
[Sysname-Vlan-interface10] dhcp client identifier hex FFFFFFFF
Related commands
display dhcp client
display dhcp client
Use display dhcp client to display DHCP client information.
Syntax
display dhcp client [ verbose ] [ interface interface-type interface-number ]
Views
Any view
Predefined user roles
network-admin
network-operator
mdc-admin
mdc-operator
Parameters
verbose: Displays verbose DHCP client information.
interface interface-type interface-number: Specifies an interface by its type and number.
Usage guidelines
If you do not specify any interface, the command displays DHCP client information about all interfaces.
Examples
# Display DHCP client information about all interfaces.
<Sysname> display dhcp client
Vlan-interface10 DHCP client information:
Current state: BOUND
Allocated IP: 40.1.1.20 255.255.255.0
Allocated lease: 259200 seconds, T1: 129600 seconds, T2: 226800 seconds
DHCP server: 40.1.1.2
# Display verbose DHCP client information.
<Sysname> display dhcp client verbose
Vlan-interface10 DHCP client information:
Current state: BOUND
Allocated IP: 40.1.1.20 255.255.255.0
Allocated lease: 259200 seconds, T1: 129600 seconds, T2: 226800 seconds
Lease from May 21 19:00:29 2012 to May 31 19:00:29 2012
DHCP server: 40.1.1.2
Transaction ID: 0x1c09322d
Default router: 40.1.1.2
Classless static routes:
Destination: 1.1.0.1, Mask: 255.0.0.0, NextHop: 192.168.40.16
Destination: 10.198.122.63, Mask: 255.255.255.255, NextHop: 192.168.40.16
DNS servers: 44.1.1.11 44.1.1.12
Domain name: ddd.com
Boot servers: 200.200.200.200 1.1.1.1
Client ID type: acsii(type value=00)
Client ID value: 000c.29d3.8659-Vlan1
Client ID (with type) hex: 0030-3030-632e-3239-
6433-2e38-3635-392d-
4574-6830-2f30-2f32
T1 will timeout in 1 day 11 hours 58 minutes 52 seconds.
Table 15 Command output
Field |
Description |
Vlan-interface10 DHCP client information |
Information about the interface that serves as the DHCP client. |
Current state |
Current state of the DHCP client: · HALT—The client stops applying for an IP address. · INIT—The initialization state. · SELECTING—The client has sent out a DHCP-DISCOVER message in search for a DHCP server and is waiting for the response from DHCP servers. · REQUESTING—The client has sent out a DHCP-REQUEST message requesting for an IP address and is waiting for the response from DHCP servers. · BOUND—The client has received the DHCP-ACK message from a DHCP server and obtained an IP address successfully. · RENEWING—The T1 timer expires. · REBOUNDING—The T2 timer expires. |
Allocated IP |
IP address allocated by the DHCP server. |
Allocated lease |
Allocated lease time. |
T1 |
1/2 lease time (in seconds) of the DHCP client IP address. |
T2 |
7/8 lease time (in seconds) of the DHCP client IP address. |
Lease from….to…. |
Start and end time of the lease. |
DHCP server |
DHCP server IP address that assigned the IP address. |
Transaction ID |
Transaction ID, a random number chosen by the client to identify an IP address allocation. |
Default router |
Gateway address assigned to the client. |
Classless static routes |
Classless static routes assigned to the client. |
Static routes |
Classful static routes assigned to the client. |
DNS servers |
DNS server address assigned to the client. |
Domain name |
Domain name suffix assigned to the client. |
Boot servers |
PXE server addresses (up to 16 addresses) specified for the DHCP client, which are obtained through Option 43. |
Client ID type |
DHCP client ID type: · If an ASCII string is used as the client ID value, the type value is 00. · If the MAC address of a specific interface is used as the client ID value, the type value is 01. · If a hexadecimal string is used as the client ID value, the type value is the first two characters in the string. |
Client ID value |
Value of the DHCP client ID. |
Client ID (with type) hex |
DHCP client ID with the type field, a hexadecimal string. |
T1 will timeout in 1 day 11 hours 58 minutes 52 seconds. |
How long the T1 (1/2 lease time) timer will timeout. |
Related commands
· dhcp client identifier
· ip address dhcp-alloc
ip address dhcp-alloc
Use ip address dhcp-alloc to configure an interface to use DHCP for IP address acquisition.
Use undo ip address dhcp-alloc to cancel an interface from using DHCP.
Syntax
ip address dhcp-alloc
undo ip address dhcp-alloc
Default
An interface does not use DHCP for IP address acquisition.
Views
Interface view
Predefined user roles
network-admin
mdc-admin
Usage guidelines
When you execute the undo ip address dhcp-alloc command, the interface sends a DHCP-RELEASE message to release the IP address obtained through DHCP. If the interface is down, the message cannot be sent out. This situation can occur when a subinterface has obtained an IP address through DHCP, and the shutdown command is executed on its primary interface. The subinterface will fail to send a DHCP-RELEASE message.
Examples
# Configure VLAN-interface 10 to use DHCP for IP address acquisition.
<Sysname> system-view
[Sysname] interface vlan-interface 10
[Sysname-Vlan-interface10] ip address dhcp-alloc
DHCP snooping commands
DHCP snooping works between the DHCP client and the DHCP server or between the DHCP client and the relay agent. DHCP snooping does not work between the DHCP server and the DHCP relay agent.
dhcp snooping binding database filename
Use dhcp snooping binding database filename to specify a database file to store DHCP snooping entries.
Use undo dhcp snooping binding database filename to restore the default.
Syntax
dhcp snooping binding database filename { filename | url url [ username username [ password { cipher | simple } key ] ] }
undo dhcp snooping binding database filename
Default
No file is specified.
Views
System view
Predefined user roles
network-admin
mdc-admin
Parameters
filename: Specifies the name of a local file. For information about the filename argument, see Fundamentals Configuration Guide.
url url: Specifies the URL of a remote file. Do not include any username or password in the URL. Case sensitivity and the supported path format type depend on the server.
username username: Specifies the username for logging in to the remote device.
cipher: Sets a ciphertext password.
simple: Sets a plaintext password.
key: Specifies the key string. This argument is case sensitive. If simple is specified, it must be a string of 1 to 32 characters. If cipher is specified, it must be a ciphertext string of 1 to 73 characters.
Usage guidelines
For security purposes, all passwords, including passwords configured in plaintext, are saved in ciphertext.
This command enables the device to immediately save DHCP snooping entries to the specified database file. If the file does not exist, the device automatically creates the file. The device does not update the file for a specific amount of time after a DHCP snooping entry changes. The default period is 300 seconds. To change the value, use the dhcp snooping binding database update interval command.
When the file is on a remote device, follow these guidelines to specify the URL, username, and password:
· If the file is on an FTP server, enter URL in the following format: ftp://server address:port/file path, where the port number is optional.
· If the file is on a TFTP server, enter URL in the following format: tftp://server address:port/file path, where the port number is optional.
· The username and password must be the same as those configured on the FTP or TFTP server. If the server authenticates only the username, the password can be omitted. For example, enter URL ftp://1.1.1.1/database.dhcp username admin to specify the URL and username options at the CLI.
· You can also specify the DNS domain name for the server address field, for example, ftp://company/database.dhcp.
Examples
# Specify the file database.dhcp to store DHCP snooping entries.
<Sysname> system-view
[Sysname] dhcp snooping binding database filename database.dhcp
# Save DHCP snooping entries to file database.dhcp in the working directory of the FTP server at 10.1.1.1 with both the username and password as 1.
<Sysname> system-view
[Sysname] dhcp snooping binding database filename url ftp://10.1.1.1/database.dhcp username 1 password simple 1
# Save DHCP snooping entries to file database.dhcp in the working directory of the TFTP server at 10.1.1.1.
<Sysname> system-view
[Sysname] dhcp snooping binding database filename tftp://10.1.1.1/database.dhcp
dhcp snooping binding database update interval
dhcp snooping binding database update interval
Use dhcp snooping binding database update interval to set the amount of time to wait to update the database file after a DHCP snooping entry changes.
Use undo dhcp snooping binding database update interval to restore the default.
Syntax
dhcp snooping binding database update interval seconds
undo dhcp snooping binding database update interval
Default
The waiting period is 300 seconds.
Views
System view
Predefined user roles
network-admin
mdc-admin
Parameters
seconds: Sets the waiting period in seconds, in the range of 60 to 864000.
Usage guidelines
When a DHCP snooping entry is learned or removed, the device does not update the database file until after the specified waiting period. All changed entries during that period will be updated.
If no file has been specified, this command does not take effect.
Examples
# Set the device to wait 600 seconds to update the database file.
<Sysname> system-view
[Sysname] dhcp snooping binding database update interval 600
Related commands
dhcp snooping binding database filename
dhcp snooping binding database update now
Use dhcp snooping binding database update now to manually save DHCP snooping entries to the database file.
Syntax
dhcp snooping binding database update now
Views
System view
Predefined user roles
network-admin
mdc-admin
Usage guidelines
Use this command to manually save DHCP snooping entries to the database file. Use the dhcp snooping binding database filename command before performing the manual saving operation. Otherwise, the manual saving does not take effect.
Examples
# Save DHCP snooping entries to the database file.
<Sysname> system-view
[Sysname] dhcp snooping binding database update now
Related commands
dhcp snooping binding database filename
dhcp snooping binding record
Use dhcp snooping binding record to enable recording of client information in DHCP snooping entries.
Use undo dhcp snooping binding record to disable the feature.
Syntax
dhcp snooping binding record
undo dhcp snooping binding record
Default
DHCP snooping does not record client information.
Views
Layer 2 Ethernet interface view, Layer 2 aggregate interface view
Predefined user roles
network-admin
mdc-admin
Usage guidelines
This command enables DHCP snooping on the port directly connecting to the clients to record client information in DHCP snooping entries.
Examples
# Enable recording of client information in DHCP snooping entries.
<Sysname> system-view
[Sysname]interface FortyGigE 1/0/1
[Sysname-FortyGigE1/0/1] dhcp snooping binding record
dhcp snooping check mac-address
Use dhcp snooping check mac-address to enable MAC address check for DHCP snooping.
Use undo dhcp snooping check mac-address to disable MAC address check for DHCP snooping.
Syntax
dhcp snooping check mac-address
undo dhcp snooping check mac-address
Default
This feature is disabled.
Views
Layer 2 Ethernet interface view, Layer 2 aggregate interface view
Predefined user roles
network-admin
mdc-admin
Usage guidelines
With MAC address check enabled, DHCP snooping compares the chaddr field of a received DHCP request with the source MAC address field in the frame header. If they are the same, DHCP snooping considers this request valid and forwards it to the DHCP server. If they are not the same, DHCP snooping discards the DHCP request.
Examples
# Enable MAC address check for DHCP snooping.
<Sysname> system-view
[Sysname] interface FortyGigE 1/0/1
[Sysname-FortyGigE1/0/1] dhcp snooping check mac-address
dhcp snooping check request-message
Use dhcp snooping check request-message to enable DHCP-REQUEST check for DHCP snooping.
Use undo dhcp snooping check request-message to disable DHCP-REQUEST check for DHCP snooping.
Syntax
dhcp snooping check request-message
undo dhcp snooping check request-message
Default
This feature is disabled.
Views
Layer 2 Ethernet interface view, Layer 2 aggregate interface view
Predefined user roles
network-admin
mdc-admin
Usage guidelines
DHCP-REQUEST packets include lease renewal packets, DHCP-DECLINE packets, and DHCP-RELEASE packets. This feature prevents unauthorized clients that forge DHCP-REQUEST packets from attacking the DHCP server.
With this feature enabled, DHCP snooping looks for a matching DHCP snooping entry for each received DHCP-REQUEST message.
· If a match is found, DHCP snooping compares the entry with the message. If they have consistent information, DHCP snooping considers the packet valid and forwards it to the DHCP server. If they have different information, DHCP snooping considers the message invalid and discards it.
· If no match is found, DHCP snooping forwards the message to the DHCP server.
Examples
# Enable DHCP-REQUEST check for DHCP snooping.
<Sysname> system-view
[Sysname] interface FortyGigE 1/0/1
[Sysname-FortyGigE1/0/1] dhcp snooping check request-message
dhcp snooping enable
Use dhcp snooping enable to enable DHCP snooping.
Use undo dhcp snooping enable to disable DHCP snooping.
Syntax
dhcp snooping enable
undo dhcp snooping enable
Default
DHCP snooping is disabled.
Views
System view
Predefined user roles
network-admin
mdc-admin
Usage guidelines
Use the DHCP snooping feature together with trusted port configuration. Before trusted ports are configured, all ports on the DHCP snooping device are untrusted and the device discards all responses sent from DHCP servers.
When DHCP snooping is disabled, the device forwards all responses from DHCP servers.
Examples
# Enable DHCP snooping.
<Sysname> system-view
[Sysname] dhcp snooping enable
dhcp snooping information circuit-id
Use dhcp snooping information circuit-id to configure the padding content and code type for the circuit ID sub-option.
Use undo dhcp snooping information circuit-id to restore the default.
Syntax
dhcp snooping information circuit-id { [ vlan vlan-id ] string circuit-id | { normal | verbose [ node-identifier { mac | sysname | user-defined node-identifier } ] } [ format { ascii | hex } ] }
undo dhcp snooping information circuit-id [ vlan vlan-id ]
Default
The padding format is normal and the code type is hex.
Views
Layer 2 Ethernet interface view, Layer 2 aggregate interface view
Predefined user roles
network-admin
mdc-admin
Parameters
vlan vlan-id: Specifies a VLAN ID for the circuit ID sub-option.
string circuit-id: Specifies the padding content for the circuit ID sub-option, a case-sensitive string of 3 to 63 characters.
normal: Specifies the normal padding format. The padding content includes the VLAN ID and interface number.
verbose: Specifies the verbose padding format.
node-identifier { mac | sysname | user-defined node-identifier }: Specifies the access node identifier. The padding content includes the node identifier, Ethernet type (fixed to eth), chassis number, slot number, sub-slot number, interface number, and VLAN ID. The node identifier varies with the keyword mac, sysname, and user-defined.
· mac: Uses the MAC address of the access node as the node identifier. It is the default node identifier.
· sysname: Uses the device name as the node identifier. You can set the device name by using the sysname command in system view. The padding format for the device name is always ASCII regardless of the specified padding format.
· user-defined node-identifier: Uses a case-sensitive string of 1 to 50 characters as the node identifier. The padding format for the specified character string is always ASCII regardless of the specified padding format.
format: Specifies the code type for the circuit ID sub-option.
ascii: Specifies the ASCII code type.
hex: Specifies the hex code type.
Usage guidelines
If you use this command multiple times, the most recent configuration takes effect.
The padding format for the user-defined string, the normal mode, or the verbose modes varies with the command configuration. Table 16 shows how the padding format is determined for different modes.
Table 16 Padding format for different modes
Keyword (mode) |
If no padding format is specified |
If the padding format is ascii |
The padding format is hex |
string circuit-id |
You cannot specify a padding format, and the padding format is always ASCII. |
N/A |
N/A |
normal |
Hex. |
ASCII. |
Hex. |
verbose |
Hex for the VLAN ID. ASCII for the node identifier, Ethernet type, chassis number, slot number, sub-slot number, and interface number. |
ASCII. |
ASCII for the node identifier and Ethernet type. Hex for the chassis number, slot number, sub-slot number, interface number, and VLAN ID. |
If replace is configured as the handling strategy for DHCP requests that contain Option 82, you must specify the padding content and code type for the circuit ID sub-option. If the handling strategy is keep or drop, you do not need to specify the padding content and code type for the circuit ID sub-option.
Examples
# Configure verbose as the padding format, device name as the node identifier, and ASCII as the code type for the circuit ID sub-option.
<Sysname> system-view
[Sysname] interface FortyGigE 1/0/1
[Sysname-FortyGigE1/0/1] dhcp snooping information enable
[Sysname-FortyGigE1/0/1] dhcp snooping information strategy replace
[Sysname-FortyGigE1/0/1] dhcp snooping information circuit-id verbose node-identifier sysname format ascii
Related commands
· dhcp snooping information enable
· dhcp snooping information strategy
· display dhcp snooping information
dhcp snooping information enable
Use dhcp snooping information enable to enable DHCP snooping to support Option 82.
Use undo dhcp snooping information enable to disable this feature.
Syntax
dhcp snooping information enable
undo dhcp snooping information enable
Default
DHCP snooping does not support Option 82.
Views
Layer 2 Ethernet interface view, Layer 2 aggregate interface view
Predefined user roles
network-admin
mdc-admin
Usage guidelines
This command enables DHCP snooping to add Option 82 into DHCP request packets that do not contain Option 82 before forwarding the requests to the DHCP server. The content of Option 82 is determined by the dhcp snooping information circuit-id and dhcp snooping information remote-id commands. If the received DHCP request packets contain Option 82, DHCP snooping handles the packets according to the strategy configured with the dhcp snooping information strategy command.
If this feature is disabled, DHCP snooping forwards requests that contain or do not contain Option 82 to the DHCP server.
Examples
# Enable DHCP snooping to support Option 82.
<Sysname> system-view
[Sysname] interface FortyGigE1/0/1
[Sysname-FortyGigE1/0/1] dhcp snooping information enable
Related commands
· dhcp snooping information circuit-id
· dhcp snooping information remote-id
· dhcp snooping information strategy
dhcp snooping information remote-id
Use dhcp snooping information remote-id to configure the padding content and code type for the remote ID sub-option.
Use undo dhcp snooping information remote-id to restore the default.
Syntax
dhcp snooping information remote-id { normal [ format { ascii | hex } ] | [ vlan vlan-id ] { string remote-id | sysname } }
undo dhcp snooping information remote-id [ vlan vlan-id ]
Default
The padding format is normal and the code type is hex.
Views
Layer 2 Ethernet interface view, Layer 2 aggregate interface view
Predefined user roles
network-admin
mdc-admin
Parameters
vlan vlan-id: Specifies the VLAN ID as the remote ID sub-option.
string remote-id: Specifies the character string as the remote ID sub-option, a case-sensitive string of 1 to 63 characters.
sysname: Specifies the device name as the remote ID sub-option. You can configure the device name by using the sysname command in system view.
normal: Specifies the normal padding format. The padding content is the MAC address of the receiving interface.
format: Specifies the code type for the remote ID sub-option. The default code type is hex.
ascii: Specifies the ASCII code type.
hex: Specifies the hex code type.
Usage guidelines
DHCP snooping uses ASCII to pad the specified string or device name for the remote ID sub-option. The code type for the normal padding format is determined by the command configuration.
If you use this command multiple times, the most recent configuration takes effect.
Examples
# Pad the remote ID sub-option with the character string device001.
<Sysname> system-view
[Sysname] interface FortyGigE 1/0/1
[Sysname-FortyGigE1/0/1] dhcp snooping information enable
[Sysname-FortyGigE1/0/1] dhcp snooping information strategy replace
[Sysname-FortyGigE1/0/1] dhcp snooping information remote-id string device001
Related commands
· dhcp snooping information enable
· dhcp snooping information strategy
· display dhcp snooping information
dhcp snooping information strategy
Use dhcp snooping information strategy to configure the handling strategy for Option 82 in request messages.
Use undo dhcp snooping information strategy to restore the default.
Syntax
dhcp snooping information strategy { drop | keep | replace }
undo dhcp snooping information strategy
Default
The handling strategy for Option 82 in request messages is replace.
Views
Layer 2 Ethernet interface view, Layer 2 aggregate interface view
Predefined user roles
network-admin
mdc-admin
Parameters
drop: Drops DHCP messages that contain Option 82.
keep: Keeps the original Option 82 intact.
replace: Replaces the original Option 82 with the configured Option 82.
Usage guidelines
This command takes effect only on DHCP requests that contain Option 82.
When enabled to support Option 82, the DHCP relay agent always adds Option 82 into DHCP requests that do not contain Option 82 before forwarding the requests to the DHCP.
Examples
# Specify the handling strategy for Option 82 in request messages as keep.
<Sysname> system-view
[Sysname] interface FortyGigE1/0/1
[Sysname-FortyGigE1/0/1] dhcp snooping information enable
[Sysname-FortyGigE1/0/1] dhcp snooping information strategy keep
Related commands
· dhcp snooping information circuit-id
· dhcp snooping information remote-id
dhcp snooping max-learning-num
Use dhcp snooping max-learning-num to set the maximum number of DHCP snooping entries that an interface can learn.
Use undo dhcp snooping max-learning-num to restore the default.
Syntax
dhcp snooping max-learning-num number
undo dhcp snooping max-learning-num
Default
The maximum number of DHCP snooping entries for an interface to learn is unlimited.
Views
Layer 2 Ethernet interface view, Layer 2 aggregate interface view
Predefined user roles
network-admin
mdc-admin
Parameters
number: Specifies the maximum number of DHCP snooping entries that an interface can learn. The value range is 1 to 4294967295.
Examples
# Set the maximum number of DHCP snooping entries for the Layer 2 Ethernet interface FortyGigE 1/0/1 to learn to 1000.
<Sysname> system-view
[Sysname] interface FortyGigE 1/0/1
[Sysname-FortyGigE1/0/1] dhcp snooping max-learning-num 1000
dhcp snooping rate-limit
Use dhcp snooping rate-limit to configure the maximum rate at which an interface can receive DHCP packets.
Use undo dhcp snooping rate-limit to remove the rate limit.
Syntax
dhcp snooping rate-limit rate
undo dhcp snooping rate-limit
Default
Incoming DHCP packets on an interface are not rate limited.
Views
Layer 2 Ethernet interface view, Layer 2 aggregate interface view
Predefined user roles
network-admin
mdc-admin
Parameters
rate: Specifies the maximum rate for an interface to receive DHCP packets, in Kbps. The value must be an integer multiple of 8 in the range of 64 to 512.
Usage guidelines
This command takes effect only when DHCP snooping is enabled.
With the rate limit feature, the interface discards DHCP packets that exceed the maximum rate.
If you configure this command on a Layer 2 Ethernet interface that is a member port of a Layer 2 aggregate interface, the Layer 2 Ethernet interface uses the DHCP packet maximum rate configured on the Layer 2 aggregate interface. If the Layer 2 Ethernet interface leaves the aggregation group, it uses its own DHCP packet maximum rate.
Examples
# Set the maximum rate at which the Layer 2 Ethernet interface FortyGigE 1/0/1 can receive DHCP packet to 64 Kbps.
<Sysname> system-view
[Sysname] interface FortyGigE 1/0/1
[Sysname-FortyGigE1/0/1] dhcp snooping rate-limit 64
dhcp snooping trust
Use dhcp snooping trust to configure a port as a trusted port.
Use undo dhcp snooping trust to restore the default state of a port.
Syntax
dhcp snooping trust
undo dhcp snooping trust
Default
After you enable DHCP snooping, all ports are untrusted.
Views
Layer 2 Ethernet interface view, Layer 2 aggregate interface view
Predefined user roles
network-admin
mdc-admin
Usage guidelines
Specify the ports facing the DHCP server as trusted ports and specify the other ports as untrusted ports so DHCP clients can obtain valid IP addresses.
Examples
# Specify the Layer 2 Ethernet interface FortyGigE 1/0/1 as a trusted port.
<Sysname> system-view
[Sysname] interface FortyGigE 1/0/1
[Sysname-FortyGigE1/0/1] dhcp snooping trust
display dhcp snooping trust
display dhcp snooping binding
Use display dhcp snooping binding to display DHCP snooping entries.
Syntax
display dhcp snooping binding [ ip ip-address [ vlan vlan-id ] ]
Views
Any view
Predefined user roles
network-admin
network-operator
mdc-admin
mdc-operator
Parameters
ip ip-address: Displays the DHCP snooping entry for the specified IP address.
vlan vlan-id: Specifies the VLAN ID where the IP address resides.
Usage guidelines
If you do not specify any parameters, the command displays all DHCP snooping entries.
Examples
# Display all DHCP snooping entries.
<Sysname> display dhcp snooping binding
5 DHCP snooping entries found
IP address MAC address Lease VLAN SVLAN Interface
=============== ============== ============ ===== ===== =================
1.1.1.1 0000-0101-0101 16907527 2 3 BAGG1023
1.1.1.2 0000-0101-0102 16907528 2 3 BAGG1023
1.1.1.4 0000-0101-0104 16907530 2 3 BAGG1023
1.1.1.7 0000-0101-0107 16907533 2 3 BAGG1023
1.1.1.11 0000-0101-010b 16907537 2 3 BAGG1023
Table 17 Command output
Field |
Description |
DHCP snooping entries found |
Number of DHCP snooping entries. |
IP address |
IP address assigned to the DHCP client. |
MAC address |
MAC address of the DHCP client. |
Lease |
Remaining lease duration in seconds. |
VLAN |
When the DHCP packet contains two VLAN tags, this field identifies the outer VLAN tag. Otherwise, it identifies the VLAN where the port connecting the DHCP client resides. |
SVLAN |
When the DHCP packet contains two VLAN tags, this field identifies the inner VLAN tag. Otherwise, it displays N/A. |
Interface |
Port connected to the DHCP client. |
· dhcp snooping enable
· reset dhcp snooping binding
display dhcp snooping binding database
Use display dhcp snooping binding database to display information about the database file that stores DHCP snooping entries.
Syntax
display dhcp snooping binding database
Views
Any view
Predefined user roles
network-admin
network-operator
mdc-admin
mdc-operator
Examples
# Display information about the database file that stores DHCP snooping entries.
<Sysname> display dhcp snooping binding database
File name : database.dhcp
Username :
Password :
Update interval : 600 seconds
Latest write time : Feb 27 18:48:04 2012
Status : Last write succeeded.
Table 18 Command output
Field |
Description |
File name |
Name of the database file that stores the DHCP snooping entries. |
Username |
Username for logging in to the remote device. |
Password |
Password for logging in to the remote device. This field displays ****** if a password is configured. |
Update interval |
Waiting period before the database file is updated, in seconds. |
Latest write time |
Most recent time the file was written. |
Status |
Indicates whether the file was written successfully: · Writing—The file is being written. · Last write succeeded.—The file was written successfully. · Last write failed.—The file was not written successfully. |
display dhcp snooping information
Use display dhcp snooping information to display Option 82 configuration on the DHCP snooping device.
Syntax
display dhcp snooping information { all | interface interface-type interface-number }
Views
Any view
Predefined user roles
network-admin
network-operator
mdc-admin
mdc-operator
Parameters
all: Displays Option 82 configuration on all Layer 2 Ethernet interfaces.
interface interface-type interface-number: Specifies an interface by its type and number.
Examples
# Display Option 82 configuration on all interfaces.
<Sysname> display dhcp snooping information all
Interface: Bridge-Aggregation1
Status: Disable
Strategy: Drop
Circuit ID:
Padding format: User Defined
User defined: abcd
Format: ASCII
Remote ID:
Padding format: Normal
Format: ASCII
VLAN 10:
Circuit ID: abcd
Remote ID: company
Table 19 Command output
Field |
Description |
Interface |
Interface name. |
Status |
Option 82 status, Enable or Disable. |
Strategy |
Handling strategy for DHCP requests that contain Option 82, Drop, Keep, or Replace. |
Circuit ID |
Content of the Circuit ID sub-option. |
Padding format |
Padding format of Option 82: · For circuit ID sub-option, the padding format can be Normal, User Defined, Verbose (sysname), Verbose (MAC), or Verbose (user defined). · For remote ID sub-option, the padding format can be Normal, Sysname, or User Defined. |
Node identifier |
Access node identifier. |
User defined |
Content of the user-defined sub-option. |
Format |
Code type of Option 82 sub-option: · For circuit ID sub-option, the code type can be ASCII, Default, or Hex. · For remote ID sub-option, the code type can be ASCII or Hex. |
Remote ID |
Content of the remote ID sub-option. |
VLAN |
Pads circuit ID sub-option and remote ID sub-option in the DHCP packets received in the specified VLAN. |
display dhcp snooping packet statistics
Use display dhcp snooping packet statistics to display DHCP packet statistics for DHCP snooping.
Syntax
In standalone mode:
display dhcp snooping packet statistics [ slot slot-number ]
In IRF mode:
display dhcp snooping packet statistics [ chassis chassis-number slot slot-number ]
Views
Any view
Predefined user roles
network-admin
network-operator
mdc-admin
mdc-operator
Parameters
slot slot-number: Specifies a card by the slot number. (In standalone mode.)
chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument specifies the ID of the IRF member device. The slot-number argument specifies the number of the slot where the card resides. (In IRF mode.)
Usage guidelines
Without the slot slot-number option, this command displays DHCP packet statistics for the card where the command is executed. (In standalone mode.)
Without the chassis chassis-number slot slot-number option, this command displays DHCP packet statistics for the card of the member device where the command is executed. (In IRF mode.)
Examples
# Display DHCP packet statistics for DHCP snooping.
<Sysname> display dhcp snooping packet statistics
DHCP packets received : 100
DHCP packets sent : 200
Invalid DHCP packets dropped : 0
reset dhcp snooping packet statistics
display dhcp snooping trust
Use display dhcp snooping trust to display information about trusted ports.
Syntax
display dhcp snooping trust
Views
Any view
Predefined user roles
network-admin
network-operator
mdc-admin
mdc-operator
Examples
# Display information about trusted ports.
<Sysname> display dhcp snooping trust
DHCP snooping is enabled.
DHCP snooping trust becomes active.
Interface Trusted
========================= ============
FortyGigE1/0/1 Trusted
dhcp snooping trust
reset dhcp snooping binding
Use reset dhcp snooping binding to clear DHCP snooping entries.
Syntax
reset dhcp snooping binding { all | ip ip-address [ vlan vlan-id ] }
Views
User view
Predefined user roles
network-admin
mdc-admin
Parameters
all: Clears all DHCP snooping entries.
ip ip-address: Clears the DHCP snooping entry for the specified IP address.
vlan vlan-id: Clears DHCP snooping entries for the specified VLAN.
Usage guidelines
This command applies to all slots on the device.
Examples
# Clear all DHCP snooping entries.
<Sysname> reset dhcp snooping binding all
display dhcp snooping binding
reset dhcp snooping packet statistics
Use reset dhcp snooping packet statistics to clear DHCP packet statistics for DHCP snooping.
Syntax
In standalone mode:
reset dhcp snooping packet statistics [ slot slot-number ]
In IRF mode:
reset dhcp snooping packet statistics [ chassis chassis-number slot slot-number ]
Views
User view
Predefined user roles
network-admin
mdc-admin
Parameters
slot slot-number: Specifies a card by the slot number. (In standalone mode.)
chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument refers to the ID of the IRF member device. The slot-number argument specifies the number of the slot where the card resides. (In IRF mode.)
Usage guidelines
Without the slot slot-number option, this command clears DHCP packet statistics for the card where the command is executed. (In standalone mode.)
Without the chassis chassis-number slot slot-number option, this command clears DHCP packet statistics for the member device's card where the command is executed. (In IRF mode.)
Examples
# Clear DHCP packet statistics for DHCP snooping.
<Sysname> reset dhcp snooping packet statistics
Related commands
DNS commands
display dns domain
Use display dns domain to display the domain name suffixes.
Syntax
display dns domain [ dynamic ] [ vpn-instance vpn-instance-name ]
Views
Any view
Predefined user roles
network-admin
network-operator
mdc-admin
mdc-operator
Parameters
dynamic: Displays the domain name suffixes dynamically obtained through DHCP or other protocols. If this keyword is not specified, the command displays the statically configured and dynamically obtained domain name suffixes.
vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters. To display domain name suffixes on the public network, do not specify this option.
Examples
# Display domain name suffixes on the public network.
<Sysname> display dns domain
Type:
D: Dynamic S: Static
No. Type Domain suffix
1 S com
Table 20 Command output
Field |
Description |
No. |
Sequence number. |
Type |
Domain name suffix type: · S—A statically configured domain name suffix. · D—A domain name suffix dynamically obtained through DHCP or other protocols. |
Domain suffix |
Domain name suffixes. |
dns domain
display dns host
Use display dns host to display information about domain name-to-IP address mappings.
Syntax
display dns host [ ip ] [ vpn-instance vpn-instance-name ]
Views
Any view
Predefined user roles
network-admin
network-operator
mdc-admin
mdc-operator
Parameters
ip: Specifies type A queries. A type A query resolves a domain name to the mapped IPv4 address.
vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters. To display domain name-to-IP address mappings for the public network, do not specify this option.
Usage guidelines
If you do not specify the ip keyword, the command displays domain name-to-IP address mappings of all query types.
Examples
# Display domain name-to-IP address mappings of all query types.
<Sysname> display dns host
Type:
D: Dynamic S: Static
Total number: 3
No. Host name Type TTL Query type IP addresses
1 sample.com D 3132 A 192.168.10.1
192.168.10.2
192.168.10.3
2 zig.sample.com S - A 192.168.1.1
Table 21 Command output
Field |
Description |
|
No. |
Sequence number. |
|
Host name |
Domain name. |
|
Type |
Domain name-to-IP address mapping type: · S—A static mapping configured by the ip host command. · D—A mapping dynamically obtained through dynamic domain name resolution. |
|
TTL |
Time in seconds that a mapping can be stored in the cache. For a static mapping, a hyphen (-) is displayed. |
|
Query type |
Query type type A. |
|
IP addresses |
Replied IP address. |
|
· ip host
· reset dns host
display dns server
Use display dns server to display IPv4 DNS server information.
Syntax
display dns server [ dynamic ] [ vpn-instance vpn-instance-name ]
Views
Any view
Predefined user roles
network-admin
network-operator
mdc-admin
mdc-operator
Parameters
dynamic: Displays IPv4 DNS server information dynamically obtained through DHCP or other protocols. If this keyword is not specified, the command displays statically configured and dynamically obtained IPv4 DNS server addresses.
vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters. To display IPv4 DNS server information for the public network, do not specify this option.
Examples
# Display IPv4 DNS server information about the public network.
<Sysname> display dns server
Type:
D: Dynamic S: Static
No. Type IP address
1 S 202.114.0.124
2 S 169.254.65.125
Table 22 Command output
Field |
Description |
|
No. |
Sequence number. |
|
Type |
DNS server type: · S—A manually configured DNS server. · D—DNS server information dynamically obtained through DHCP or other protocols. |
|
IP address |
IPv4 address of the DNS server. |
|
Related commands
dns server
dns domain
Use dns domain to configure a domain name suffix.
Use undo dns domain to delete the specified domain name suffix.
Syntax
dns domain domain-name [ vpn-instance vpn-instance-name ]
undo dns domain domain-name [ vpn-instance vpn-instance-name ]
Default
No domain name suffix is configured. Only the provided domain name is resolved.
Views
System view
Predefined user roles
network-admin
mdc-admin
Parameters
domain-name: Specifies a domain name suffix. It is a dot-separated, case-insensitive string that can include letters, digits, hyphens (-), underscores (_), and dots (.) (for example, aabbcc.com). The domain name suffix can contain at most 253 characters, and each separated string contains no more than 63 characters.
vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters. To specify a domain name suffix on the public network, do not specify this option.
Usage guidelines
The system automatically adds the suffixes in the order they are configured to the domain name string received from a host for resolution.
You can specify the following:
· Domain name suffixes for the public network and up to 1024 VPNs.
· A maximum of 16 domain name suffixes for the public network or each VPN.
Examples
# Configure the domain name suffix com for the public network.
<Sysname> system-view
[Sysname] dns domain com
display dns domain
dns dscp
Use dns dscp to set the DSCP value for DNS packets sent by a DNS client or DNS proxy.
Use undo dns dscp to restore the default.
Syntax
dns dscp dscp-value
undo dns dscp
Default
The DSCP value in DNS packets is 0.
Views
System view
Predefined user roles
network-admin
mdc-admin
Parameters
dscp-value: Sets the DSCP value for outgoing DNS packets, in the range of 0 to 63.
Usage guidelines
The DSCP value of a packet specifies the priority level of the packet and affects the transmission priority of the packet. A bigger DSCP value represents a higher priority.
Examples
# Set the DSCP value for outgoing DNS packets to 30.
<Sysname> system-view
[Sysname] dns dscp 30
dns server
Use dns server to specify an IPv4 address of a DNS server.
Use undo dns server to remove the specified IPv4 address of a DNS server.
Syntax
dns server ip-address [ vpn-instance vpn-instance-name ]
undo dns server [ ip-address ] [ vpn-instance vpn-instance-name ]
Default
No DNS server is specified.
Views
System view
Predefined user roles
network-admin
mdc-admin
Parameters
ip-address: Specifies an IPv4 address of a DNS server.
vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters. To specify an IPv4 address on the public network, do not specify this option.
Usage guidelines
The device sends DNS query request to the DNS servers in the order their IPv4 addresses are specified.
You can specify the following:
· DNS server IPv4 addresses for the public network and up to 1024 VPNs.
· A maximum of six IPv4 addresses for the public network or each VPN.
If you do not specify any IPv4 address, the undo dns server command removes all DNS server IPv4 addresses on the public network or the specified VPN.
Examples
# Specify the IPv4 address of a DNS server as 172.16.1.1.
<Sysname> system-view
[Sysname] dns server 172.16.1.1
Related commands
display dns server
dns source-interface
Use dns source-interface to specify the source interface for DNS packets.
Use undo dns source-interface to restore the default.
Syntax
dns source-interface interface-type interface-number [ vpn-instance vpn-instance-name ]
undo dns source-interface interface-type interface-number [ vpn-instance vpn-instance-name ]
Default
No source interface for DNS packets is specified. The device uses the primary IP address of the output interface of the matching route as the source IP address for a DNS request.
Views
System view
Predefined user roles
network-admin
mdc-admin
Parameters
interface-type interface-number: Specifies an interface by its type and number.
vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters. To specify a source interface on the public network, do not specify this option.
Usage guidelines
The device uses the primary IPv4 address of the specified source interface as the source IP address of DNS query.
If you use the command multiple times, the most recent configuration takes effect.
You can specify the following:
· Source interfaces for the public network and a maximum of 1024 VPNs.
· Only one source interface for the public network or each VPN.
Make sure the specified interface is on the VPN specified by the vpn-instance vpn-instance-name option.
Examples
# Specify VLAN-interface 2 as the source interface for DNS packets on the public network.
<Sysname> system-view
[Sysname] dns source-interface vlan-interface 2
Related commands
dns proxy enable
dns trust-interface
Use dns trust-interface to specify a DNS trusted interface.
Use undo dns trust-interface to remove the specified DNS trusted interface.
Syntax
dns trust-interface interface-type interface-number
undo dns trust-interface [ interface-type interface-number ]
Default
No trusted interface is specified.
Views
System view
Predefined user roles
network-admin
mdc-admin
Parameters
interface-type interface-number: Specifies an interface by its type and number.
Usage guidelines
By default, an interface obtains DNS suffix and DNS server information from DHCP. A network attacker might act as the DHCP server to assign wrong DNS suffix and DNS server address to the device. As a result, the device fails to obtain the resolved IP address or might get the wrong IP address. With the DNS trusted interface specified, the device only uses the DNS suffix and DNS server information obtained through the trusted interface to avoid attack.
This configuration is applicable only to IPv4 DNS.
You can configure up to 128 DNS trusted interfaces on the device.
If no interface is specified, the undo dns trust-interface command removes all DNS trusted interfaces.
Examples
# Specify VLAN-interface 2 as a DNS trusted interface.
<Sysname> system-view
[Sysname] dns trust-interface vlan-interface 2
ip host
Use ip host to create a host name-to-IPv4 address mapping.
Use undo ip host to remove a mapping.
Syntax
ip host host-name ip-address [ vpn-instance vpn-instance-name ]
undo ip host host-name ip-address [ vpn-instance vpn-instance-name ]
Default
No mappings are created.
Views
System view
Predefined user roles
network-admin
mdc-admin
Parameters
host-name: Specifies a host name, a case-insensitive string of 1 to 253 characters. It can include letters, digits, hyphens (-), underscores (_), and dots (.).
ip-address: Specifies the IPv4 address of the host.
vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters. To specify a host name-to-IP address mapping on the public network, do not specify this option.
Usage guidelines
You can configure the following:
· Host name-to-IPv4 address mappings for the public network and up to 1024 VPNs.
· A maximum of 1024 host name-to-IPv4 address mappings for the public network or each VPN.
On the public network or a VPN, each host name maps to only one IPv4 address. If you use the command multiple times, the most recent configuration takes effect.
Examples
# Map the IPv4 address 10.110.0.1 to the host name aaa on the public network.
<Sysname> system-view
[Sysname] ip host aaa 10.110.0.1
display dns host
reset dns host
Use reset dns host to clear information about the dynamic DNS cache.
Syntax
reset dns host [ ip ] [ vpn-instance vpn-instance-name ]
Views
User view
Predefined user roles
network-admin
mdc-admin
Parameters
ip: Specifies type A queries. A type A query resolves a domain name to the mapped IPv4 address.
vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters. To clear the domain name-to-IPv4 address mapping on the public network, do not specify this option.
Usage guidelines
Using the reset dns host command without the ip keyword clears dynamic DNS cache information about all query types.
Examples
# Clear dynamic DNS cache information about all query types on the public network.
<Sysname> reset dns host
Related commands
display dns host
Basic IP forwarding commands
display fib
Use display fib to display FIB entries.
Syntax
display fib [ vpn-instance vpn-instance-name ] [ ip-address [ mask | mask-length ] ]
Views
Any view
Predefined user roles
network-admin
network-operator
mdc-admin
mdc-operator
Parameters
vpn-instance vpn-instance-name: Displays the FIB table for the specified VPN. The vpn-instance-name argument is a case-sensitive string of 1 to 31 characters. If you do not specify any VPN instance, the command displays the FIB entries for the public network.
ip-address: Displays the FIB entry that matches the specified destination IP address.
mask: Specifies the mask for the IP address.
mask-length: Specifies the mask length for the IP address, the number of consecutive ones in the mask. The value range is 0 to 32.
Usage guidelines
Each FIB entry contains a destination IP address/mask, next hop, and output interface.
If you specify an IP address without a mask or mask length, this command displays the longest matching FIB entry.
If you specify an IP address and a mask or mask length, this command displays the exactly matching FIB entry.
Examples
# Display all FIB entries of the public network.
<Sysname> display fib
Destination count: 6 FIB entry count: 6
Flag:
U:Useable G:Gateway H:Host B:Blackhole D:Dynamic S:Static
R:Relay F:FRR
Destination/Mask Nexthop Flag OutInterface/Token Label
0.0.0.0/0 10.153.78.1 USGR M-GE0/0/0 Null
0.0.0.0/32 127.0.0.1 UH InLoop0 Null
10.153.78.0/24 10.153.78.83 U M-GE0/0/0 Null
10.153.78.0/32 10.153.78.83 UBH M-GE0/0/0 Null
10.153.78.1/32 10.153.78.1 UH M-GE0/0/0 Null
10.153.78.2/32 10.153.78.2 UH M-GE0/0/0 Null
# Display the FIB entries for VPN vpn1.
<Sysname> display fib vpn-instance vpn1
Destination count: 8 FIB entry count: 8
Flag:
U:Useable G:Gateway H:Host B:Blackhole D:Dynamic S:Static
R:Relay F:FRR
Destination/Mask Nexthop Flag OutInterface/Token Label
0.0.0.0/32 127.0.0.1 UH InLoop0 Null
20.20.20.0/24 20.20.20.25 U M-GE0/0/0 Null
20.20.20.0/32 20.20.20.25 UBH M-GE0/0/0 Null
20.20.20.25/32 127.0.0.1 UH InLoop0 Null
20.20.20.25/32 20.20.20.25 H M-GE0/0/0 Null
20.20.20.255/32 20.20.20.25 UBH M-GE0/0/0 Null
30.30.30.0/24 30.30.30.30 U FGE1/0/2 Null
30.30.30.0/32 30.30.30.30 UBH FGE1/0/2 Null
# Display the FIB entries matching the destination IP address 10.2.1.1.
<Sysname> display fib 10.2.1.1
Destination count: 1 FIB entry count: 1
Flag:
U:Useable G:Gateway H:Host B:Blackhole D:Dynamic S:Static
R:Relay F:FRR
Destination/Mask Nexthop Flag OutInterface/Token Label
10.2.1.1/32 127.0.0.1 UH InLoop0 Null
Table 23 Command output
Field |
Description |
Destination count |
Total number of destination addresses. |
FIB entry count |
Total number of FIB entries. |
Destination/Mask |
Destination address and the mask length. |
Nexthop |
Next hop address. |
Flag |
Flags of routes: · U—Usable route. · G—Gateway route. · H—Host route. · B—Blackhole route. · D—Dynamic route. · S—Static route. · R—Relay route. · F—Fast reroute. |
OutInterface/Token |
Output interface/LSP index number. |
Label |
Inner label. |
ip forwarding-table save
Use ip forwarding-table save to save the IP forwarding entries to a file.
Syntax
ip forwarding-table save filename filename
Views
Any view
Predefined user roles
network-admin
mdc-admin
Parameters
filename filename: Specifies the name of a file, a string of 1 to 255 characters. For information about the filename argument, see Fundamentals Configuration Guide.
Usage guidelines
This command is available in Release 1138P01 and later versions.
The command automatically creates the file if you specify a nonexistent file. If the file already exists, this command overwrites the file content.
To automatically save the IP forwarding entries periodically, configure a schedule for the device to automatically run the ip forwarding-table save command. For information about scheduling a task, see Fundamentals Configuration Guide.
Examples
# Save the IP forwarding entries to the file fib.txt.
<Sysname> ip forwarding-table save filename fib.txt
Load sharing commands
ip load-sharing mode per-flow
Use ip load-sharing mode per-flow to configure per-flow load sharing.
Use undo ip load-sharing mode per-flow to restore the default.
Syntax
In standalone mode:
ip load-sharing mode per-flow [ tunnel { all | inner | outer } | algorithm algorithm-number | [ dest-ip | dest-port | ingress-port | ip-pro | src-ip | src-port ] * ] [ slot slot-number ]
undo ip load-sharing mode [ slot slot-number ]
In IRF mode:
ip load-sharing mode per-flow [ tunnel { all | inner | outer } | algorithm algorithm-number | [ dest-ip | dest-port | ingress-port | ip-pro | src-ip | src-port ] * ] [ chassis chassis-number slot slot-number ]
undo ip load-sharing mode [ chassis chassis-number slot slot-number ]
Default
The device performs per-flow load sharing based on the following criteria: source IP address, destination IP address, source port, destination port, and IP protocol number.
Views
System view
Predefined user roles
network-admin
mdc-admin
Parameters
algorithm algorithm-number: Specify an algorithm for per-flow load sharing. The algorithm-number argument specifies the algorithm to be switched, and is in the range of 0 to 15. Value 0 indicates the default algorithm.
dest-ip: Identifies flows by destination IP address.
dest-port: Identifies flows by destination port.
ingress-port: Identifies flows by ingress port.
ip-pro: Identifies flows by protocol ID.
src-ip: Identifies flows by source IP address.
src-port: Identifies flows by source port.
tunnel: Performs load sharing for IP tunnel packets.
all: Identifies flows by inner and outer IP header information.
inner: Identifies flows by inner IP header information.
outer: Identifies flows by outer IP header information.
slot slot-number: Specifies a card by its slot number. (In standalone mode.)
chassis chassis-number slot slot-number: Specifies a card in an IRF member device. The chassis-number argument represents the IRF member ID of the device. The slot-number argument represents the slot number of the card. (In IRF mode.)
Usage guidelines
To perform per-flow load sharing of VXLAN traffic, use the ip load-sharing mode per-flow tunnel all command.
Examples
# In standalone mode, configure per-flow load sharing on slot 2.
<Sysname> system-view
[Sysname] ip load-sharing mode per-flow slot 2
# In IRF mode, configure per-flow load sharing on slot 2 of chassis 1.
<Sysname> system-view
[Sysname] ip load-sharing mode per-flow chassis 1 slot 2
display ip load-sharing path
Use display ip load-sharing path to display the load sharing path selected for a flow.
Syntax
display ip load-sharing path ingress-port interface-type interface-number packet-format { ipv4oe dest-ip ip-address [ src-ip ip-address ] | ipv6oe dest-ipv6 ipv6-address [ src-ipv6 ipv6-address ] } [ dest-port port-id | ip-pro protocol-id | src-port port-id | vpn-instance vpn-instance-name ] *
Views
Any view
Predefined user roles
network-admin
network-operator
mdc-admin
mdc-operator
Parameters
ingress-port interface-type interface-number: Specify an ingress port by its type and number.
packet-format: Specifies the packet encapsulation format.
ipv4oe: Specifies the format of IPv4 over Ethernet.
dest-ip ip-address: Specifies the destination IPv4 address in dotted decimal notation.
src-ip ip-address: Specifies the source IPv4 address in dotted decimal notation. If you do not specify this argument, the calculation uses 0.0.0.0 for path selection.
ipv6oe: Specifies the format of IPv6 over Ethernet.
dest-ipv6 ipv6-address: Specifies the destination IPv6 address.
src-ipv6 ipv6-address: Specifies the source IPv6 address. If you do not specify this option, the calculation uses 0:0:0:0:0:0:0:0.
dest-port port-id: Specifies a destination port number in the range of 1 to 65535. If you do not specify this option, the calculation uses 0 for path selection.
ip-pro protocol-id: Specifies an IP protocol by its number in the range of 1 to 65535. If you do not specify this option, the calculation uses 0 for path selection.
source-port port-id: Specifies a source port number in the range of 1 to 65535. If you do not specify this option, the calculation uses 0 for path selection.
vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters. To display the path on the public network, do not specify this option.
Usage guidelines
When you configure this command, make sure the options are the same as those in the ip load-sharing mode per-flow command. If the options are not consistent, the path displayed by this command might be different from the real path for load sharing.
This command does not apply to the enhanced ECMP mode or ECMP across tunnels.
Examples
# Display the load sharing path selected for the flow with the following attributes: ingress interface Ten-GigabitEthernet 1/0/3, destination IP address 10.110.0.2, source IP address 10.100.0.2, IP protocol number 153, destination port number 2000, source port number 2000, VPN instance vpn10.
<Sysname> display ip load-sharing path ingress-port Ten-GigabitEthernet 1/0/3 packet-format ipv4oe destination-ip 10.110.0.2 source-ip 10.100.0.2 ip-pro 153 dest-port 2000 src-port 2000 vpn-instance vpn10
Load-sharing algorithm: 0
Load-sharing options: ingress-port | dest-ip | src-ip | ip-pro | dest-port | src-port
Load-sharing parameters:
Missing configured are set to 0.
ingress-port: Ten-GigabitEthernet1/0/3
packet-format: IPv4oE
dest-ip: 10.110.0.2
src-ip: 10.100.0.2
ip-pro: 153
dest-port: 2000
src-port: 2000
vpn-instance: VPN10
Path selected: 20.0.0.2(interface Ten-GigabitEthernet1/0/3)
Table 24 Command output
Field |
Description |
Load-sharing algorithm |
Load sharing algorithm ID. |
Load-sharing options |
Load sharing options specified by the ip load-sharing mode per-flow command. |
Load-sharing parameters |
Load sharing parameters that you specify for the display ip load-sharing path command. |
Missing configured are set to 0. |
Values of the unconfigured parameters are set to 0. |
ingress-port |
Ingress port of the packet. |
packet-format |
Packet encapsulation format. |
dest-ip |
Destination IP address of the packet. |
src-ip |
Source IP address of the packet. |
ip-pro |
IP protocol number. |
dest-port |
Destination port number. |
src-port |
Source port number. |
vpn-instance |
Name of the MPLS L3VPN instance. |
Path selected |
Selected path information, including the IPv4 or IPv6 address of the next hop and the egress port. |
Related commands
ip load-sharing mode per-flow
IRDP commands
The term "interface" in IRDP collectively refers to Layer 3 interfaces, including VLAN interfaces and Layer 3 Ethernet interfaces. You can set an Ethernet port as a Layer 3 interface by using the port link-mode route command (see Layer 2—LAN Switching Configuration Guide).
ip irdp
Use ip irdp to enable IRDP on an interface.
Use undo ip irdp to disable IRDP on an interface.
Syntax
ip irdp
undo ip irdp
Default
IRDP is disabled on an interface.
Views
Interface view
Predefined user roles
network-admin
mdc-admin
Usage guidelines
This command validates the IRDP settings on the interface. The device sends RA messages out of the interface.
Examples
# Enable IRDP on VLAN-interface 100.
<Sysname> system-view
[Sysname] interface vlan-interface 100
[Sysname-Vlan-interface100] ip irdp
ip irdp address
Use ip irdp address to specify an IP address for an interface to proxy-advertise.
Use undo ip irdp address to remove the proxy-advertised IP address.
Syntax
ip irdp address ip-address preference-value
undo ip irdp address [ ip-address ]
Default
No proxy-advertised IP address is specified.
Views
Interface view
Predefined user roles
network-admin
mdc-admin
Parameters
ip-address: Specifies an IP address in dotted decimal notation.
preference-value: Specifies the preference for the IP address, in the range of –2147483648 to 2147483647.
Usage guidelines
You can specify a maximum of four IP addresses for an interface to proxy-advertise. An RA sent on the interface includes the interface IP addresses and the proxy-advertised IP addresses.
If you do not specify an IP address for the undo command, this command removes the proxy-advertised IP addresses from all interfaces.
Examples
# Specify the IP address 192.168.0.8 and its preference 1600 for VLAN-interface 100 to proxy-advertise.
<Sysname> system-view
[Sysname] interface vlan-interface 100
[Sysname-Vlan-interface100] ip irdp address 192.168.0.8 1600
Related commands
ip irdp
ip irdp lifetime
Use ip irdp lifetime to set the lifetime of IP addresses advertised on an interface.
Use undo ip irdp lifetime to restore the default.
Syntax
ip irdp lifetime lifetime-value
undo ip irdp lifetime
Default
The lifetime is 1800 seconds.
Views
Interface view
Predefined user roles
network-admin
mdc-admin
Parameters
lifetime-value: Specifies the lifetime in seconds, in the range of 4 to 9000.
Usage guidelines
The lifetime cannot be shorter than the maximum advertising interval on an interface.
The lifetime applies to the following IP addresses:
· IP addresses of the interface.
· IP addresses for the interface to proxy-advertise.
Examples
# Set the lifetime of IP addresses advertised on VLAN-interface 100 to 2000 seconds.
<Sysname> system-view
[Sysname] interface vlan-interface 100
[Sysname-Vlan-interface100] ip irdp lifetime 2000
· ip irdp
· ip irdp interval
ip irdp interval
Use ip irdp interval to set the maximum and minimum intervals for advertising RAs on an interface.
Use undo ip irdp interval to restore the default.
Syntax
ip irdp interval max-interval-value [ min-interval-value ]
undo ip irdp interval
Default
The maximum interval is 600 seconds, and the minimum interval is 3/4 of the maximum interval.
Views
Interface view
Predefined user roles
network-admin
mdc-admin
Parameters
max-interval-value: Specifies the maximum interval in seconds, in the range of 4 to 1800.
min-interval-value: Specifies the minimum interval in seconds, in the range of 3 to max-interval-value.
Usage guidelines
The device broadcasts or multicasts an RA at a random interval between the maximum and minimum advertising interval.
The maximum interval cannot be longer than the lifetime of advertised IP addresses. Otherwise, the lifetime is automatically adjusted to a value three times the maximum interval.
Examples
# On VLAN-interface 100, set the maximum interval to 500 seconds and the minimum interval to 300 seconds.
<Sysname> system-view
[Sysname] interface vlan-interface 100
[Sysname-Vlan-interface100] ip irdp interval 500 300
· ip irdp
· ip irdp lifetime
ip irdp multicast
Use ip irdp multicast to specify the multicast address 224.0.0.1 as the destination IP address for RAs sent on an interface.
Use undo ip irdp multicast to restore the default.
Syntax
ip irdp multicast
undo ip irdp multicast
Default
The destination IP address is 255.255.255.255.
Views
Interface view
Predefined user roles
network-admin
mdc-admin
Examples
# Specify the multicast address 224.0.0.1 as the destination IP address for VLAN-interface 100 to send RAs.
<Sysname> system-view
[Sysname] interface vlan-interface 100
[Sysname-Vlan-interface100] ip irdp multicast
Related commands
ip irdp
ip irdp preference
Use ip irdp preference to specify the preference of advertised primary and secondary IP addresses on an interface.
Use undo ip irdp preference to restore the default.
Syntax
ip irdp preference preference-value
undo ip irdp preference
Default
The preference of advertised IP addresses is 0.
Views
Interface view
Predefined user roles
network-admin
mdc-admin
Parameters
preference-value: Specifies the preference in the range of –2147483648 to 2147483647. A larger value represents a higher preference. To request that neighboring hosts do not use any advertised IP address as the default gateway, set the value to the minimum value.
Examples
# Specify preference 1 for IP addresses advertised on VLAN-interface 100.
<Sysname> system-view
[Sysname] interface vlan-interface 100
[Sysname-Vlan-interface100] ip irdp preference 1
Related commands
ip irdp
IP performance optimization commands
The term "interface" in this chapter collectively refers to Layer 3 interfaces, including VLAN interfaces and Layer 3 Ethernet interfaces. You can set an Ethernet port as a Layer 3 interface by using the port link-mode route command (see Layer 2—LAN Switching Configuration Guide).
display icmp statistics
Use display icmp statistics to display ICMP statistics.
Syntax
In standalone mode:
display icmp statistics [ slot slot-number ]
In IRF mode:
display icmp statistics [ chassis chassis-number slot slot-number ]
Views
Any view
Predefined user roles
network-admin
network-operator
mdc-admin
mdc-operator
Parameters
slot slot-number: Displays ICMP statistics for the specified card. The slot-number argument specifies the slot number of the card. (In standalone mode.)
chassis chassis-number slot slot-number: Displays ICMP statistics for the specified card on the specified IRF member device. The chassis-number argument specifies the ID of the IRF member device. The slot-number argument specifies the slot number of the card. (In IRF mode.)
Usage guidelines
ICMP statistics include information about received and sent ICMP packets.
Examples
# Display ICMP statistics.
<Sysname> display icmp statistics
Input: bad formats 0 bad checksum 0
echo 175 destination unreachable 0
source quench 0 redirects 0
echo replies 201 parameter problem 0
timestamp 0 information requests 0
mask requests 0 mask replies 0
time exceeded 0 invalid type 0
router advert 0 router solicit 0
broadcast/multicast echo requests ignored 0
broadcast/multicast timestamp requests ignored 0
Output: echo 0 destination unreachable 0
source quench 0 redirects 0
echo replies 175 parameter problem 0
timestamp 0 information replies 0
mask requests 0 mask replies 0
time exceeded 0 bad address 0
packet error 1442 router advert 3
display ip statistics
Use display ip statistics to display IP packet statistics.
Syntax
In standalone mode:
display ip statistics [ slot slot-number ]
In IRF mode:
display ip statistics [ chassis chassis-number slot slot-number ]
Views
Any view
Predefined user roles
network-admin
network-operator
mdc-admin
mdc-operator
Parameters
slot slot-number: Displays IP packet statistics for the specified card. The slot-number argument specifies the slot number of the card. (In standalone mode.)
chassis chassis-number slot slot-number: Displays IP packet statistics for the specified card on the specified IRF member device. The chassis-number argument specifies the ID of the IRF member device. The slot-number argument specifies the slot number of the card. (In IRF mode.)
Usage guidelines
IP statistics include information about received and sent packets and reassembly.
Examples
# Display IP packet statistics.
<Sysname> display ip statistics
Input: sum 7120 local 112
bad protocol 0 bad format 0
bad checksum 0 bad options 0
Output: forwarding 0 local 27
dropped 0 no route 2
compress fails 0
Fragment:input 0 output 0
dropped 0
fragmented 0 couldn't fragment 0
Reassembling:sum 0 timeouts 0
Table 25 Command output
Field |
Description |
|
Input |
sum |
Total number of packets received. |
local |
Total number of packets destined for the device. |
|
bad protocol |
Total number of unknown protocol packets. |
|
bad format |
Total number of packets with incorrect format. |
|
bad checksum |
Total number of packets with incorrect checksum. |
|
bad options |
Total number of packets with incorrect option. |
|
Output |
forwarding |
Total number of packets forwarded. |
local |
Total number of packets locally sent. |
|
dropped |
Total number of packets discarded. |
|
no route |
Total number of packets for which no route is available. |
|
compress fails |
Total number of packets failed to be compressed. |
|
Fragment |
input |
Total number of fragments received. |
output |
Total number of fragments sent. |
|
dropped |
Total number of fragments dropped. |
|
fragmented |
Total number of packets successfully fragmented. |
|
couldn't fragment |
Total number of packets failed to be fragmented. |
|
Reassembling |
sum |
Total number of packets reassembled. |
timeouts |
Total number of reassembly timeouts. |
Related commands
· display ip interface
· reset ip statistics
display rawip
Use display rawip to display brief information about RawIP connections.
Syntax
In standalone mode:
display rawip [ slot slot-number ]
In IRF mode:
display rawip [ chassis chassis-number slot slot-number ]
Views
Any view
Predefined user roles
network-admin
network-operator
mdc-admin
mdc-operator
Parameters
slot slot-number: Displays brief RawIP connection information for the specified card. The slot-number argument specifies the slot number of the card. (In standalone mode.)
chassis chassis-number slot slot-number: Displays brief RawIP connection information for the specified card on the specified IRF member device. The chassis-number argument specifies the ID of the IRF member device. The slot-number argument specifies the slot number of the card. (In IRF mode.)
Usage guidelines
Brief RawIP connection information includes local and peer addresses, protocol, and PCB.
Examples
# Display brief information about RawIP connections.
<Sysname> display rawip
Local Addr Foreign Addr Protocol Chassis Slot PCB
0.0.0.0 0.0.0.0 1 1 1 0x0000000000000009
0.0.0.0 0.0.0.0 1 1 1 0x0000000000000008
0.0.0.0 0.0.0.0 1 1 5 0x0000000000000002
Table 26 Command output
Field |
Description |
Local Addr |
Local IP address. |
Foreign Addr |
Peer IP address. |
Protocol |
Protocol number. |
Chassis |
ID of the IRF member device. |
Slot |
Number of the slot that holds the card. |
PCB |
Protocol control block. |
display rawip verbose
Use display rawip verbose to display detailed information about RawIP connections.
Syntax
In standalone mode:
display rawip verbose [ slot slot-number [ pcb pcb-index ] ]
In IRF mode:
display rawip verbose [ chassis chassis-number slot slot-number [ pcb pcb-index ] ]
Views
Any view
Predefined user roles
network-admin
network-operator
mdc-admin
mdc-operator
Parameters
pcb pcb-index: Displays detailed RawIP connection information for the specified PCB. The pcb-index argument specifies the index of the PCB, in the range of 1 to 16.
slot slot-number: Displays detailed RawIP connection information for the specified card. The slot-number argument specifies the slot number of the card. (In standalone mode.)
chassis chassis-number slot slot-number: Displays detailed RawIP connection information for the specified card on the specified IRF member device. The chassis-number argument specifies the ID of the IRF member device. The slot-number argument specifies the slot number of the card. (In IRF mode.)
Usage guidelines
Use the display rawip verbose command to display detailed information about socket creator, state, option, type, protocol number, and the source and destination IP addresses of RawIP connections.
Examples
# (Distributed devices–In IRF mode.) Display detailed information about RawIP connections.
<Sysname> display rawip verbose
Total RawIP socket number: 1
Chassis: 2 Slot: 6
Creator: ping[320]
State: N/A
Options: N/A
Error: 0
Receiving buffer(cc/hiwat/lowat/state): 0 / 9216 / 1 / N/A
Sending buffer(cc/hiwat/lowat/state): 0 / 9216 / 512 / N/A
Type: 3
Protocol: 1
Connection info: src = 0.0.0.0, dst = 0.0.0.0
Inpcb flags: N/A
Inpcb vflag: INP_IPV4
TTL: 255(minimum TTL: 0)
Send VRF: 0xffff
Receive VRF: 0xffff
Table 27 Command output
Field |
Description |
Total RawIP socket number |
Total number of RawIP sockets. |
Chassis |
ID of the IRF member device. |
Slot |
Number of the slot that holds the card. |
Creator |
Name of the operation that created the socket. The number in brackets is the process number of the creator. |
State |
State of the socket. |
Options |
Socket options. |
Error |
Error code. |
Receiving buffer (cc/hiwat/lowat/state) |
Displays receive buffer information in the following order: · cc—Used space. · hiwat—Maximum space. · lowat—Minimum space. · state—Buffer state: ¡ CANTSENDMORE—Unable to send data to the peer. ¡ CANTRCVMORE—Unable to receive data from the peer. ¡ RCVATMARK—Receiving tag. ¡ N/A—None of the above states. |
Sending buffer (cc/hiwat/lowat/state) |
Displays send buffer information in the following order: · cc—Used space. · hiwat—Maximum space. · lowat—Minimum space. · state—Buffer state: ¡ CANTSENDMORE—Unable to send data to the peer. ¡ CANTRCVMORE—Unable to receive data from the peer. ¡ RCVATMARK—Receiving tag. ¡ N/A—None of the above states. |
Type |
Socket type: · 1—SOCK_STREAM. This socket uses TCP to provide reliable transmission of byte streams. · 2—SOCK_DGRAM. This socket uses UDP to provide datagram transmission. · 3—SOCK_RAW. This socket allows an application to change the next upper-layer protocol header. · N/A—None of the above types. |
Protocol |
Number of the protocol using the socket. |
Connection info |
Source IP address and destination IP address. |
Inpcb flags |
Flags in the Internet PCB: · INP_RECVOPTS—Receives IP options. · INP_RECVRETOPTS—Receives replied IP options. · INP_RECVDSTADDR—Receives destination IP address. · INP_HDRINCL—Provides the entire IP header. · INP_REUSEADDR—Reuses the IP address. · INP_REUSEPORT—Reuses the port number. · INP_ANONPORT—Port number not specified. · INP_RECVIF—Records the input interface of the packet. · INP_RECVTTL—Receives TTL of the packet. Only UDP and RawIP support this flag. · INP_DONTFRAG—Sets the Don't Fragment flag. · INP_ROUTER_ALERT—Receives packets with the router alert option. Only RawIP support this flag. · INP_PROTOCOL_PACKET—Identifies a protocol packet. · INP_RCVVLANID—Receives the VLAN ID of the packet. Only UDP and RawIP support this flag. · INP_RCVMACADDR—Receives the MAC address of the frame. · INP_RECVTOS—Receives TOS of the packet. Only UDP and RawIP support this flag. · N/A—None of the above flags. |
Inpcb vflag |
IP version flags in the Internet PCB: · INP_IPV4—IPv4 protocol. · INP_TIMEWAIT—In TIMEWAIT state. · INP_ONESBCAST—Sends broadcast packets. · INP_DROPPED—Protocol dropped flag. · INP_SOCKREF—Strong socket reference. · INP_DONTBLOCK—Do not block synchronization of the Internet PCB. · N/A—None of the above flags. |
TTL |
TTL value in the Internet PCB. |
display tcp
Use display tcp to display brief information about TCP connections.
Syntax
In standalone mode:
display tcp [ slot slot-number ]
In IRF mode:
display tcp [ chassis chassis-number slot slot-number ]
Views
Any view
Predefined user roles
network-admin
network-operator
mdc-admin
mdc-operator
Parameters
slot slot-number: Displays brief TCP connection information for the specified card. The slot-number argument specifies the slot number of the card. (In standalone mode.)
chassis chassis-number slot slot-number: Displays brief TCP connection information for the specified card on the specified IRF member device. The chassis-number argument specifies the ID of the IRF member device. The slot-number argument specifies the slot number of the card. (In IRF mode.)
Usage guidelines
Brief TCP connection information includes local IP address, local port number, peer IP address, peer port number, and TCP connection state.
Examples
# Display brief information about TCP connections.
<Sysname> display tcp
*: TCP MD5 Connection
Local Addr:port Foreign Addr:port State Chassis Slot PCB
*0.0.0.0:21 0.0.0.0:0 LISTEN 1 1 0x00000000
0000c387
192.168.20.200:23 192.168.20.14:1284 ESTABLISHED 1 1 0x00000000
00000009
192.168.20.200:23 192.168.20.14:1283 ESTABLISHED 1 1 0x00000000
00000002
Table 28 Command output
Field |
Description |
* |
Indicates the TCP connection uses MD5 authentication. |
Local Addr:port |
Local IP address and port number. |
Foreign Addr:port |
Peer IP address and port number. |
State |
TCP connection state. |
Chassis |
ID of the IRF member device. |
Slot |
Number of the slot that holds the card. |
PCB |
PCB index. |
display tcp statistics
Use display tcp statistics to display TCP traffic statistics.
Syntax
In standalone mode:
display tcp statistics [ slot slot-number ]
In IRF mode:
display tcp statistics [ chassis chassis-number slot slot-number ]
Views
Predefined user roles
network-admin
network-operator
mdc-admin
mdc-operator
Parameters
slot slot-number: Displays TCP traffic statistics for the specified card. The slot-number argument specifies the slot number of the card. (In standalone mode.)
chassis chassis-number slot slot-number: Displays TCP traffic statistics for the specified card on the specified IRF member device. The chassis-number argument specifies the ID of the IRF member device. The slot-number argument specifies the slot number of the card. (Distributed devices–In IRF mode.)
Usage guidelines
TCP traffic statistics include information about received and sent TCP packets and Syncache/syncookie.
Examples
# Display TCP traffic statistics.
<Sysname> display tcp statistics
Received packets:
Total: 4150
packets in sequence: 1366 (134675 bytes)
window probe packets: 0, window update packets: 0
checksum error: 0, offset error: 0, short error: 0
packets dropped for lack of memory: 0
packets dropped due to PAWS: 0
duplicate packets: 12 (36 bytes), partially duplicate packets: 0 (0 bytes)
out-of-order packets: 0 (0 bytes)
packets with data after window: 0 (0 bytes)
packets after close: 0
ACK packets: 3531 (795048 bytes)
duplicate ACK packets: 33, ACK packets for unsent data: 0
Sent packets:
Total: 4058
urgent packets: 0
control packets: 50
window probe packets: 3, window update packets: 11
data packets: 3862 (795012 bytes), data packets retransmitted: 0 (0 bytes)
ACK-only packets: 150 (52 delayed)
unnecessary packet retransmissions: 0
Syncache/syncookie related statistics:
entries added to syncache: 12
syncache entries retransmitted: 0
duplicate SYN packets: 0
reply failures: 0
successfully build new socket: 12
bucket overflows: 0
zone failures: 0
syncache entries removed due to RST: 0
syncache entries removed due to timed out: 0
ACK checked by syncache or syncookie failures: 0
syncache entries aborted: 0
syncache entries removed due to bad ACK: 0
syncache entries removed due to ICMP unreachable: 0
SYN cookies sent: 0
SYN cookies received: 0
SACK related statistics:
SACK recoveries: 1
SACK retransmitted segments: 0 (0 bytes)
SACK blocks (options) received: 0
SACK blocks (options) sent: 0
SACK scoreboard overflows: 0
Other statistics:
retransmitted timeout: 0, connections dropped in retransmitted timeout: 0
persist timeout: 0
keepalive timeout: 21, keepalive probe: 0
keepalive timeout, so connections disconnected: 0
fin_wait_2 timeout, so connections disconnected: 0
initiated connections: 29, accepted connections: 12, established connections:
23
closed connections: 50051 (dropped: 0, initiated dropped: 0)
bad connection attempt: 0
ignored RSTs in the window: 0
listen queue overflows: 0
RTT updates: 3518(attempt segment: 3537)
correct ACK header predictions: 0
correct data packet header predictions: 568
resends due to MTU discovery: 0
packets dropped with MD5 authentication: 0
packets permitted with MD5 authentication: 0
reset tcp statistics
display tcp verbose
Use display tcp verbose to display detailed information about TCP connections.
Syntax
In standalone mode:
display tcp verbose [ slot slot-number [ pcb pcb-index ] ]
In IRF mode:
display tcp verbose [ chassis chassis-number slot slot-number [ pcb pcb-index ] ]
Views
Any view
Predefined user roles
network-admin
network-operator
mdc-admin
mdc-operator
Parameters
pcb pcb-index: Displays detailed TCP connection information for the specified PCB. The pcb-index argument specifies the index of the PCB, in the range of 1 to 16.
slot slot-number: Displays detailed TCP connection information for the specified card. The slot-number argument specifies the slot number of the card. (In standalone mode.)
chassis chassis-number slot slot-number: Displays detailed TCP connection information for the specified card on the specified member device. The chassis-number argument specifies the ID of the IRF member device. The slot-number argument specifies the slot number of the card. (In IRF mode.)
Usage guidelines
Detailed TCP connection information includes socket creator, state, option, type, protocol number, source IP address and port number, destination IP address and port number, and connection state.
Examples
# Display detailed information about TCP connections.
<Sysname> display tcp verbose
TCP inpcb number: 1(tcpcb number: 1)
Chassis: 2 Slot: 6
Creator: telnetd_mips[199]
State: ISCONNECTED
Options: N/A
Error: 0
Receiving buffer(cc/hiwat/lowat/state): 0 / 65700 / 1 / N/A
Sending buffer(cc/hiwat/lowat/state): 0 / 65700 / 512 / N/A
Type: 1
Protocol: 6
Connection info: src = 192.168.20.200:23 , dst = 192.168.20.14:4181
Inpcb flags: N/A
Inpcb vflag: INP_IPV4
TTL: 255(minimum TTL: 0)
Connection state: ESTABLISHED
Send VRF: 0x0
Receive VRF: 0x0
Table 29 Command output
Field |
Description |
TCP inpcb number |
Number of TCP IP PCBs. |
tcpcb number |
Number of TCP PCBs. |
Chassis |
ID of the IRF member device. |
Slot |
Number of the slot that holds the card. |
Creator |
Name of the operation that created the socket. The number in brackets is the process number of the creator. |
State |
State of the socket. |
Options |
Socket options. |
Error |
Error code. |
Receiving buffer (cc/hiwat/lowat/state) |
Displays receive buffer information in the following order: · cc—Used space. · hiwat—Maximum space. · lowat—Minimum space. · state—Buffer state: ¡ CANTSENDMORE—Unable to send data to the peer. ¡ CANTRCVMORE—Unable to receive data from the peer. ¡ RCVATMARK—Receiving tag. ¡ N/A—None of the above states. |
Sending buffer (cc/hiwat/lowat/state) |
Displays send buffer information in the following order: · cc—Used space. · hiwat—Maximum space. · lowat—Minimum space. · state—Buffer state: ¡ CANTSENDMORE—Unable to send data to the peer. ¡ CANTRCVMORE—Unable to receive data from the peer. ¡ RCVATMARK—Receiving tag. ¡ N/A—None of the above states. |
Type |
Socket type: · 1—SOCK_STREAM. This socket uses TCP to provide reliable transmission of byte streams. · 2—SOCK_DGRAM. This socket uses UDP to provide datagram transmission. · 3—SOCK_RAW. This socket allows an application to change the next upper-layer protocol header. · N/A—None of the above types. |
Protocol |
Number of the protocol using the socket. |
Connection info |
Source IP address and destination IP address. |
Inpcb flags |
Flags in the Internet PCB: · INP_RECVOPTS—Receives IP options. · INP_RECVRETOPTS—Receives replied IP options. · INP_RECVDSTADDR—Receives destination IP address. · INP_HDRINCL—Provides the entire IP header. · INP_REUSEADDR—Reuses the IP address. · INP_REUSEPORT—Reuses the port number. · INP_ANONPORT—Port number not specified. · INP_RECVIF—Records the input interface of the packet. · INP_RECVTTL—Receives TTL of the packet. Only UDP and RawIP support this flag. · INP_DONTFRAG—Sets the Don't Fragment flag. · INP_ROUTER_ALERT—Receives packets with the router alert option. Only RawIP support this flag. · INP_PROTOCOL_PACKET—Identifies a protocol packet. · INP_RCVVLANID—Receives the VLAN ID of the packet. Only UDP and RawIP support this flag. · INP_RCVMACADDR—Receives the MAC address of the frame. · INP_SNDBYLSPV—Sends packets through MPLS. · INP_RECVTOS—Receives TOS of the packet. Only UDP and RawIP support this flag. · N/A—None of the above flags. |
Inpcb vflag |
IP version flags in the Internet PCB: · INP_IPV4—IPv4 protocol. · INP_TIMEWAIT—In TIMEWAIT state. · INP_ONESBCAST—Sends broadcast packets. · INP_DROPPED—Protocol dropped flag. · INP_SOCKREF—Strong socket reference. · INP_DONTBLOCK—Do not block synchronization of the Internet PCB. · N/A—None of the above flags. |
TTL |
TTL value in the Internet PCB. |
display udp
Use display udp to display brief information about UDP connections.
Syntax
In standalone mode:
display udp [ slot slot-number ]
In IRF mode:
display udp [ chassis chassis-number slot slot-number ]
Views
Any view
Predefined user roles
network-admin
network-operator
mdc-admin
mdc-operator
Parameters
slot slot-number: Displays brief UDP connection information for the specified card. The slot-number argument specifies the slot number of the card. (In standalone mode.)
chassis chassis-number slot slot-number: Displays brief UDP connection information for the specified card on the specified IRF member device. The chassis-number argument specifies the ID of the IRF member device. The slot-number argument specifies the slot number of the card. (In IRF mode.)
Usage guidelines
Brief UDP connection information includes local IP address and port number, and peer IP address and port number.
Examples
# Display brief information about UDP connections.
<Sysname> display udp
Local Addr:port Foreign Addr:port Chassis Slot PCB
0.0.0.0:69 0.0.0.0:0 1 1 0x0000000000000003
192.168.20.200:1024 192.168.20.14:69 1 5 0x0000000000000002
Table 30 Command output
Field |
Description |
Local Addr:port |
Local IP address and port number. |
Foreign Addr:port |
Peer IP address and port number. |
Chassis |
ID of the IRF member device. |
Slot |
Number of the slot that holds the card. |
PCB |
PCB index. |
display udp statistics
Use display udp statistics to display UDP traffic statistics.
Syntax
In standalone mode:
display udp statistics [ slot slot-number ]
Distributed devices–In IRF mode:
display udp statistics [ chassis chassis-number slot slot-number ]
Views
Any view
Predefined user roles
network-admin
network-operator
mdc-admin
mdc-operator
Parameters
slot slot-number: Displays UDP traffic statistics for the specified card. The slot-number argument specifies the slot number of the card. (In standalone mode.)
chassis chassis-number slot slot-number: Displays UDP traffic statistics for the specified card on the specified IRF member device. The chassis-number argument specifies the ID of the IRF member device and the slot-number argument specifies the slot number of the card. (In IRF mode.)
Usage guidelines
UDP traffic statistics include information about received and sent UDP packets.
Examples
# Display UDP traffic statistics.
<Sysname> display udp statistics
Received packets:
Total: 240
checksum error: 0, no checksum: 0
shorter than header: 0, data length larger than packet: 0
no socket on port(unicast): 0
no socket on port(broadcast/multicast): 240
not delivered, input socket full: 0
Sent packets:
Total: 0
Related commands
reset udp statistics
display udp verbose
Use display udp verbose to display detailed information about UDP connections.
Syntax
In standalone mode:
display udp verbose [ slot slot-number [ pcb pcb-index ] ]
In IRF mode:
display udp verbose [ chassis chassis-number slot slot-number [ pcb pcb-index ] ]
Views
Any view
Predefined user roles
network-admin
network-operator
mdc-admin
mdc-operator
Parameters
pcb pcb-index: Displays detailed UDP connection information for the specified PCB. The pcb-index argument specifies the index of the PCB, in the range of 1 to 16.
slot slot-number: Displays detailed UDP connection information for the specified card. The slot-number argument specifies the slot number of the card. (In standalone mode.)
chassis chassis-number slot slot-number: Displays detailed UDP connection information for the specified card on the specified IRF member device. The chassis-number argument specifies the ID of the IRF member device. The slot-number argument specifies the slot number of the card. (In IRF mode.)
Usage guidelines
Detailed UDP connection information includes the socket creator, status, option, type, the protocol number, the source IP address and port number, and the destination IP address and port number for UDP connections.
Examples
# Display detailed UDP connection information.
<Sysname> display udp verbose
Total UDP socket number: 1
Chassis: 2 Slot: 6
Creator: sock_test_mips[250]
State: N/A
Options: N/A
Error: 0
Receiving buffer(cc/hiwat/lowat/state): 0 / 41600 / 1 / N/A
Sending buffer(cc/hiwat/lowat/state): 0 / 9216 / 512 / N/A
Type: 2
Protocol: 17
Connection info: src = 0.0.0.0:69, dst = 0.0.0.0:0
Inpcb flags: N/A
Inpcb vflag: INP_IPV4
TTL: 255(minimum TTL: 0)
Send VRF: 0xffff
Receive VRF: 0xffff
Table 31 Command output
Field |
Description |
Total UDP socket number |
Total number of UDP sockets. |
Chassis |
ID of the IRF member device. |
Slot |
Number of the slot that holds the card. |
Creator |
Name of the operation that created the socket. The number in brackets is the process number of the creator. |
State |
Socket state. |
Options |
Socket option. |
Error |
Error code. |
Receiving buffer(cc/hiwat/lowat/state) |
Displays receive buffer information in the following order: · cc—Used space. · hiwat—Maximum space. · lowat—Minimum space. · state—Buffer state: ¡ CANTSENDMORE—Unable to send data to the peer. ¡ CANTRCVMORE—Unable to receive data from the peer. ¡ RCVATMARK—Receiving tag. ¡ N/A—None of the above states. |
Sending buffer(cc/hiwat/lowat/state) |
Displays send buffer information in the following order: · cc—Used space. · hiwat—Maximum space. · lowat—Minimum space. · state—Buffer state: ¡ CANTSENDMORE—Unable to send data to the peer. ¡ CANTRCVMORE—Unable to receive data from the peer. ¡ RCVATMARK—Receiving tag. ¡ N/A—None of the above states. |
Type |
Socket type: · 1—SOCK_STREAM. This socket uses TCP to provide reliable transmission of byte streams. · 2—SOCK_DGRAM. This socket uses UDP to provide datagram transmission. · 3—SOCK_RAW. This socket allows an application to change the next upper-layer protocol header. · N/A—None of the above types. |
Protocol |
Number of the protocol using the socket. |
Inpcb flags |
Flags in the Internet PCB: · INP_RECVOPTS—Receives IP options. · INP_RECVRETOPTS—Receives replied IP options. · INP_RECVDSTADDR—Receives destination IP address. · INP_HDRINCL—Provides the entire IP header. · INP_REUSEADDR—Reuses the IP address. · INP_REUSEPORT—Reuses the port number. · INP_ANONPORT—Port number not specified. · INP_RECVIF—Records the input interface of the packet. · INP_RECVTTL—Receives TTL of the packet. Only UDP and RawIP support this flag. · INP_DONTFRAG—Sets the Don't Fragment flag. · INP_ROUTER_ALERT—Receives packets with the router alert option. Only RawIP support this flag. · INP_PROTOCOL_PACKET—Identifies a protocol packet. · INP_RCVVLANID—Receives the VLAN ID of the packet. Only UDP and RawIP support this flag. · INP_RCVMACADDR—Receives the MAC address of the frame. · INP_SNDBYLSPV—Sends packets through MPLS. · INP_RECVTOS—Receives TOS of the packet. Only UDP and RawIP support this flag. · N/A—None of the above flags. |
Inpcb vflag |
IP version flags in the Internet PCB: · INP_IPV4—IPv4 protocol. · INP_TIMEWAIT—In TIMEWAIT state. · INP_ONESBCAST—Sends broadcast packets. · INP_DROPPED—Protocol dropped flag. · INP_SOCKREF—Strong socket reference. · INP_DONTBLOCK—Do not block synchronization of the Internet PCB. · N/A—None of the above flags. |
TTL |
TTL value in the Internet PCB. |
ip forward-broadcast
Use ip forward-broadcast to enable an interface to receive and forward directed broadcast packets destined for the directly connected network.
Use undo ip forward-broadcast to disable an interface from receiving and forwarding directed broadcast packets destined for the directly connected network.
Syntax
ip forward-broadcast
undo ip forward-broadcast
Default
An interface cannot receive or forward directed broadcasts destined for the directly connected network.
Views
Interface view
Predefined user roles
network-admin
mdc-admin
Usage guidelines
A directed broadcast packet is destined for all hosts on a specific network. In the destination IP address of the directed broadcast, the network ID identifies the target network, and the host ID is made up of all ones.
If an interface is allowed to forward directed broadcasts destined for the directly connected network, hackers can exploit this vulnerability to attack the target network. In some scenarios, however, an interface must receive and forward such directed broadcast packets to support UDP helper.
This command enables an interface to accept directed broadcast packets that are destined for and received from the directly connected network to support UDP helper, which converts the directed broadcasts to unicasts and forwards them to a specific server.
Examples
# Enable VLAN-interface 2 to receive and forward directed broadcast packets destined for the directly connected network.
<Sysname> system-view
[Sysname] interface vlan-interface 2
[Sysname-Vlan-interface2] ip forward-broadcast
ip icmp error-interval
Use ip icmp error-interval to set the interval and bucket size for ICMP error messages.
Use undo ip icmp error-interval to restore the default.
Syntax
ip icmp error-interval milliseconds [ bucketsize ]
undo ip icmp error-interval
Default
The bucket allows a maximum of 10 tokens, and a token is placed in the bucket every 100 milliseconds.
Views
System view
Predefined user roles
network-admin
mdc-admin
Parameters
milliseconds: Specifies the interval between tokens arriving in the bucket. The value range is 0 to 2147483647 milliseconds, and the default is 100 milliseconds. To disable the ICMP rate limit, set the value to 0.
bucketsize: Specifies the maximum number of tokens allowed in the bucket. The value range is 1 to 200, and the default is 10.
Usage guidelines
To avoid sending excessive ICMP error messages within a short period that might cause network congestion, you can use the command to limit the rate at which ICMP error messages are sent. A token bucket algorithm is used with one token representing one ICMP error message. Tokens are placed in the bucket at a specific interval until the maximum number of tokens that the bucket can hold is reached. Tokens are removed from the bucket when ICMP error messages are sent. When the bucket is empty, ICMP error messages are not sent until a new token is placed in the bucket.
# Configure an interval of 200 milliseconds and bucket size of 40 tokens for ICMP error messages.
<Sysname> system-view
[Sysname] ip icmp error-interval 200 40
ip icmp fragment discarding
Use ip icmp fragment discarding to disable forwarding of ICMP fragments.
Use undo ip icmp fragment discarding to enable forwarding of ICMP fragments.
Syntax
ip icmp fragment discarding
undo ip icmp fragment discarding
Default
Forwarding of ICMP fragments is enabled.
Views
System view
Predefined user roles
network-admin
mdc-admin
Usage guidelines
To prevent ICMP fragment attacks, disable forwarding of ICMP fragments.
Examples
# Disable forwarding of ICMP fragments.
<Sysname> system-view
[Sysname] ip icmp fragment discarding
ip icmp source
Use ip icmp source to enable specifying the source address for outgoing ICMP packets.
Use undo ip icmp source to restore the default.
Syntax
ip icmp source [ vpn-instance vpn-instance-name ] ip-address
undo ip icmp source [ vpn-instance vpn-instance-name ]
Default
The device uses the IP address of the sending interface as the source IP address for outgoing ICMP packets.
Views
System view
Predefined user roles
network-admin
mdc-admin
Parameters
vpn-instance vpn-instance-name: Specifies the VPN instance to which the specified address belongs. The vpn-instance-name argument is a case-sensitive string of 1 to 31 characters. The specified VPN instance must exist. To specify an IP address on the public network, do not use this option.
ip-address: Specifies an IP address.
Usage guidelines
It is a good practice to specify the IP address of the loopback interface as the source IP address for outgoing ping echo request and ICMP error messages. This feature helps users to locate the sending device easily.
Examples
# Specify 1.1.1.1 as the source address for outgoing ICMP packets.
<Sysname> system-view
[Sysname] ip icmp source 1.1.1.1
ip mtu
Use ip mtu to set the MTU of IPv4 packets sent over an interface.
Use undo ip mtu to restore the default.
Syntax
ip mtu mtu-size
undo ip mtu
Default
The MTU of IPv4 packets sent over an interface is not set.
Views
Interface view
Predefined user roles
network-admin
mdc-admin
Parameters
mtu-size: Specifies an MTU in bytes.
· Before Release 1138P01, the value range for the argument is 128 to 2000 bytes.
· In Release 1138P01 and later versions, the value range for the argument is 128 to 9008 bytes.
Usage guidelines
When a packet exceeds the MTU of IPv4 packets on the output interface, the device processes it in one of the following ways:
· If the packet disallows fragmentation, the device discards it.
· If the packet allows fragmentation, the device fragments it and forwards the fragments.
If an interface supports both the mtu and ip mtu commands, the device fragments a packet based on the MTU set by the ip mtu command.
The MTU of IPv4 packets sent over an interface applies only to the following packets on the interface:
· Packets that are originated from the interface.
· Packets that are destined for the interface.
These packets are delivered to the CPU for software forwarding. To avoid system resources consumed by fragmentation and reassembling, set an appropriate MTU.
Examples
# Set the MTU of IPv4 packets sent over VLAN-interface 100 to 1280 bytes.
<Sysname> system-view
[Sysname] interface vlan-interface 100
[Sysname-Vlan-interface100] ip mtu 1280
ip redirects enable
Use ip redirects enable to enable sending ICMP redirect messages.
Use undo ip redirects enable to disable sending ICMP redirect messages.
Syntax
ip redirects enable
undo ip redirects enable
Default
Sending ICMP redirect messages is disabled.
Views
System view
Predefined user roles
network-admin
mdc-admin
Usage guidelines
ICMP redirect messages simplify host management and enable hosts to gradually optimize its routing table.
A host that has only one route destined to the default gateway sends all packets to the default gateway. The default gateway sends an ICMP redirect message to inform the host of a correct next hop by following these rules:
· The receiving and sending interfaces are the same.
· The selected route is not created or modified by any ICMP redirect messages.
· The selected route is not destined for 0.0.0.0.
· There is no source route option in the received packet.
Examples
# Enable sending ICMP redirect messages.
<Sysname> system-view
[Sysname] ip redirects enable
ip ttl-expires enable
Use ip ttl-expires enable to enable sending ICMP time-exceeded messages.
Use undo ip ttl-expires enable to disable sending ICMP time-exceeded messages.
Syntax
ip ttl-expires enable
undo ip ttl-expires enable
Default
Sending ICMP time-exceeded messages is disabled.
Views
System view
Predefined user roles
network-admin
mdc-admin
Usage guidelines
A device sends ICMP time-exceeded messages by following these rules:
· If a received packet is not destined for the device and the TTL field of the packet is 1, the device sends an ICMP TTL Expired in Transit message to the source.
· When the device receives the first fragment of an IP datagram destined for the device itself, it starts a timer. If the timer expires before all the fragments of the datagram are received, the device sends an ICMP Fragment Reassembly Timeout message to the source.
A device disabled from sending ICMP time-exceeded packets does not send ICMP TTL Expired in Transit messages but can still send ICMP Fragment Reassembly Timeout messages.
Examples
# Enable sending ICMP time-exceeded messages.
<Sysname> system-view
[Sysname] ip ttl-expires enable
ip unreachables enable
Use ip unreachables enable to enable sending ICMP destination unreachable messages.
Use undo ip unreachables enable to disable sending ICMP destination unreachable messages.
Syntax
ip unreachables enable
undo ip unreachables enable
Default
Sending ICMP destination unreachable messages is disabled.
Views
System view
Predefined user roles
network-admin
mdc-admin
Usage guidelines
A device sends ICMP destination unreachable messages by following these rules:
· If a packet does not match any specific route and there is no default route in the routing table, the device sends a Network Unreachable ICMP error message to the source.
· If a packet is destined for the device but the transport layer protocol of the packet is not supported by the device, the device sends a Protocol Unreachable ICMP error message to the source.
· If a UDP packet is destined for the device but the packet's port number does not match the running process, the device sends the source a Port Unreachable ICMP error message.
· If the source uses Strict Source Routing to send packets, but the intermediate device finds that the next hop specified by the source is not directly connected, the device sends the source a Source Routing Failure ICMP error message.
· If the MTU of the sending interface is smaller than the packet and the packet has a Don't Fragment set, the device sends the source a Fragmentation Needed and Don't Fragment-Set ICMP error message.
Examples
# Enable sending ICMP destination unreachable messages.
<Sysname> system-view
[Sysname] ip unreachables enable
reset ip statistics
Use reset ip statistics to clear IP traffic statistics.
Syntax
In standalone mode:
reset ip statistics [ slot slot-number ]
In IRF mode:
reset ip statistics [ chassis chassis-number slot slot-number ]
Views
User view
Predefined user roles
network-admin
mdc-admin
Parameters
slot slot-number: Clears IP traffic statistics for the specified card. The slot-number argument specifies the slot number of the card. (In standalone mode.)
chassis chassis-number slot slot-number: Clears IP traffic statistics for the specified card on the specified IRF member device. The chassis-number argument specifies the ID of the IRF member device. The slot-number specifies the slot number of the card. (In IRF mode.)
Usage guidelines
To collect new IP traffic statistics within a period of time, use this command to clear history IP traffic statistics first.
Examples
# Clear IP traffic statistics.
<Sysname> reset ip statistics
· display ip interface
reset tcp statistics
Use reset tcp statistics to clear TCP traffic statistics.
Syntax
reset tcp statistics
Views
User view
Predefined user roles
network-admin
mdc-admin
Examples
# Clear TCP traffic statistics.
<Sysname> reset tcp statistics
reset udp statistics
Use reset udp statistics to clear UDP traffic statistics.
Syntax
reset udp statistics
Views
User view
Predefined user roles
network-admin
mdc-admin
Examples
# Clear UDP traffic statistics.
<Sysname> reset udp statistics
Related commands
display udp statistics
tcp mss
Use tcp mss to set the TCP maximum segment size (MSS).
Use undo tcp mss to restore the default.
Syntax
tcp mss value
undo tcp mss
Default
No TCP MSS is set.
Views
Interface view
Predefined user roles
network-admin
mdc-admin
Parameters
Value: Specifies the TCP MSS in the range of 128 to 2048 bytes.
Usage guidelines
This configuration takes effect only on TCP connections that are established after the configuration and not on the TCP connections that already exist.
This configuration is effective only on IP packets.
The MSS option informs the receiver of the largest segment that the sender can accept. Each end announces its MSS during TCP connection establishment.
If the size of a TCP segment is smaller than the MSS of the receiver, TCP sends the TCP segment without fragmentation. If not, it fragments the segment according to the receiver's MSS.
If you set a TCP MSS on an interface, the size of each TCP segment received or sent on the interface cannot exceed the MSS value.
Examples
# Set the TCP MSS to 300 bytes on VLAN-interface 100.
<Sysname> system-view
[Sysname] interface vlan-interface 100
[Sysname-Vlan-interface100] tcp mss 300
tcp path-mtu-discovery
Use tcp path-mtu-discovery to enable TCP path MTU discovery.
Use undo tcp path-mtu-discovery to disable TCP path MTU discovery.
Syntax
tcp path-mtu-discovery [ aging age-time | no-aging ]
undo tcp path-mtu-discovery
Default
TCP path MTU discovery is disabled.
Views
System view
Predefined user roles
network-admin
mdc-admin
Parameters
aging age-time: Specifies the aging time for the path MTU, in the range of 10 to 30 minutes. The default aging time is 10 minutes.
no-aging: Does not age out the path MTU.
Usage guidelines
After you enable TCP path MTU discovery, all new TCP connections detect the path MTU. The device uses the path MTU to calculate the MSS to avoid IP fragmentation.
After you disable TCP path MTU discovery, the system stops all path MTU timers. The TCP connections established later do not detect the path MTU, but the TCP connections previously established still can detect the path MTU.
Examples
# Enable TCP path MTU discovery and set the path MTU aging time to 20 minutes.
<Sysname> system-view
[Sysname] tcp path-mtu-discovery aging 20
tcp syn-cookie enable
Use tcp syn-cookie enable to enable SYN Cookie to protect the device from SYN flood attacks.
Use undo tcp syn-cookie enable to disable SYN Cookie.
Syntax
tcp syn-cookie enable
undo tcp syn-cookie enable
Default
SYN Cookie is disabled.
Views
System view
Predefined user roles
network-admin
mdc-admin
Usage guidelines
A TCP connection is established through a three-way handshake:
1. The sender sends a SYN packet to the server.
2. The server receives the SYN packet, establishes a TCP semi-connection in SYN_RECEIVED state, and replies with a SYN ACK packet to the sender.
3. The sender receives the SYN ACK packet and replies with an ACK packet. Then, a TCP connection is established.
An attacker can exploit this mechanism to mount SYN flood attacks. The attacker sends a large number of SYN packets, but they do not respond to the SYN ACK packets from the server. As a result, the server establishes a large number of TCP semi-connections and cannot handle normal services.
SYN Cookie can protect the server from SYN flood attacks. When the server receives a SYN packet, it responds to the request with a SYN ACK packet without establishing a TCP semi-connection.
The server establishes a TCP connection and enters ESTABLISHED state only when it receives an ACK packet from the sender.
Examples
# Enable SYN Cookie.
<Sysname> system-view
[Sysname] tcp syn-cookie enable
tcp timer fin-timeout
Use tcp timer fin-timeout to set the TCP FIN wait timer.
Use undo tcp timer fin-timeout to restore the default.
Syntax
tcp timer fin-timeout time-value
undo tcp timer fin-timeout
Default
The TCP FIN wait timer is 675 seconds.
Views
System view
Predefined user roles
network-admin
mdc-admin
Parameters
time-value: Specifies the TCP FIN wait timer in the range of 76 to 3600 seconds.
Usage guidelines
TCP starts the FIN wait timer when the state changes to FIN_WAIT_2. If no FIN packet is received within the timer interval, the TCP connection is terminated.
If a FIN packet is received, TCP changes connection state to TIME_WAIT. If a non-FIN packet is received, TCP restarts the timer and tears down the connection when the timer expires.
Examples
# Set the TCP FIN wait timer to 800 seconds.
<Sysname> system-view
[Sysname] tcp timer fin-timeout 800
tcp timer syn-timeout
Use tcp timer syn-timeout to set the TCP SYN wait timer.
Use undo tcp timer syn-timeout to restore the default.
Syntax
tcp timer syn-timeout time-value
undo tcp timer syn-timeout
Default
The TCP SYN wait timer is 75 seconds.
Views
System view
Predefined user roles
network-admin
mdc-admin
Parameters
time-value: Specifies the TCP SYN wait timer in the range of 2 to 600 seconds.
Usage guidelines
TCP starts the SYN wait timer after sending a SYN packet. If no response packet is received within the SYN wait timer interval, TCP fails to establish the connection.
Examples
# Set the TCP SYN wait timer to 80 seconds.
<Sysname> system-view
[Sysname] tcp timer syn-timeout 80
tcp window
Use tcp window to set the size of the TCP receive/send buffer.
Use undo tcp window to restore the default.
Syntax
tcp window window-size
undo tcp window
Default
The size of the TCP receive/send buffer is 64 KB.
Views
System view
Predefined user roles
network-admin
mdc-admin
Parameters
window-size: Specifies the size of the TCP receive/send buffer in KB, in the range of 1 to 64.
Examples
# Set the size of the TCP receive/send buffer to 3 KB.
<Sysname> system-view
[Sysname] tcp window 3
UDP helper commands
display udp-helper interface
Use display udp-helper interface to display information about broadcast to unicast conversion by UDP helper on an interface.
Syntax
display udp-helper interface interface-type interface-number
Views
Any view
Predefined user roles
network-admin
network-operator
mdc-admin
mdc-operator
Parameters
interface-type interface-number: Specifies an interface by its type and number.
Usage guidelines
This command displays information about destination servers and total number of unicast packets converted from UDP broadcast packets by UDP helper.
Examples
# Display information about broadcast to unicast conversion by UDP helper on VLAN-interface 1.
<Sysname> display udp-helper interface vlan-interface 1
Interface Server VPN instance Server address Packets sent
Vlan-interface1 abc 192.1.1.2 0
Vlan-interface1 N/A 192.1.1.2 0
Table 32 Command output
Field |
Description |
Interface |
Interface name. |
Server VPN instance |
VPN instance to which the destination server belongs. |
Server address |
Destination server to which UDP packets are forwarded. |
Packets sent |
Number of unicast packets that are converted from broadcast packets by UDP helper. |
Related commands
· reset udp-helper statistics
· udp-helper server
reset udp-helper statistics
Use reset udp-helper statistics to clear packet statistics for UDP helper.
Syntax
reset udp-helper statistics
Views
User view
Predefined user roles
network-admin
mdc-admin
Examples
# Clear the packet statistics for UDP helper.
<Sysname> reset udp-helper statistics
Related commands
display udp-helper interface
udp-helper broadcast-map
Use udp-helper broadcast-map to specify a multicast address for UDP helper to convert broadcast to multicast.
Use undo udp-helper broadcast-map to remove a multicast address.
Syntax
udp-helper broadcast-map multicast-address [ acl acl-number ]
undo udp-helper broadcast-map multicast-address
Default
No multicast address is specified for UDP helper.
Views
Interface view
Predefined user roles
network-admin
mdc-admin
Parameters
multicast-address: Specifies the destination multicast address to which the destination broadcast address is converted.
acl acl-number: Specifies an ACL by its number in the range of 2000 to 3999 to filter incoming broadcast packets for UDP helper. Packets permitted by the ACL can be converted.
· For a basic ACL, the value range is 2000 to 2999.
· For an advanced ACL, the value range is 3000 to 3999.
Usage guidelines
Use this command on the interface that receives broadcast packets.
You can configure a maximum of 20 unicast and multicast addresses for UDP helper to convert broadcast packets.
Examples
# Configure UDP helper to convert received broadcast packets on VLAN-interface 100 to multicast packets destined for 225.0.0.1.
<Sysname> system-view
[Sysname] interface vlan-interface 100
[Sysname-vlan-interface 100] udp-helper broadcast-map 225.0.0.1
udp-helper enable
Use udp-helper enable to enable UDP helper.
Use undo udp-helper enable to disable UDP helper.
Syntax
udp-helper enable
undo udp-helper enable
Default
UDP helper is disabled.
Views
System view
Predefined user roles
network-admin
mdc-admin
Usage guidelines
UDP helper takes effect when you use the udp-helper enable command with the udp-helper port command and at least one of the following commands:
· udp-helper server
· udp-helper broadcast-map
Examples
# Enable UDP helper.
<Sysname> system-view
[Sysname] udp-helper enable
Related commands
· udp-helper port
· udp-helper server
· udp-helper broadcast-map
udp-helper port
Use udp-helper port to specify a UDP port number for UDP helper.
Use undo udp-helper port to remove UDP port numbers.
Syntax
udp-helper port { port-number | dns | netbios-ds | netbios-ns | tacacs | tftp | time }
undo udp-helper port { port-number | dns | netbios-ds | netbios-ns | tacacs | tftp | time }
Default
No UDP port number is specified for UDP helper.
Views
System view
Predefined user roles
network-admin
mdc-admin
Parameters
port-number: Specifies a UDP port number in the range of 1 to 65535 (except 67 and 68).
dns: Specifies the UDP port 53 used by DNS packets.
netbios-ds: Specifies the UDP port 138 used by NetBIOS distribution service packets.
netbios-ns: Specifies the UDP port 137 used by NetBIOS name service packets.
tacacs: Specifies the UDP port 49 used by TACACS packets.
tftp: Specifies the UDP port 69 used by TFTP packets.
time: Specifies the UDP port 37 used by time protocol packets.
Usage guidelines
To specify a UDP port, you can specify the port number or the corresponding protocol keyword. For example, udp-helper port 53 and udp-helper port dns specify the same UDP port.
You can specify a maximum of 256 UDP ports on a device.
Examples
# Specify the UDP port 100 for UDP helper.
<Sysname> system-view
[Sysname] udp-helper port 100
udp-helper server
Use udp-helper server to specify a destination server for UDP helper to convert broadcast to unicast.
Use undo udp-helper server to remove a destination server.
Syntax
udp-helper server ip-address [ global | vpn-instance vpn-instance-name ]
undo udp-helper server [ ip-address [ global | vpn-instance vpn-instance-name ] ]
Default
No destination server is specified for UDP helper.
Views
Interface view
Predefined user roles
network-admin
mdc-admin
Parameters
ip-address: Specifies the IP address of a destination server, in dotted decimal notation.
global: Forwards converted unicast packets to the server on the public network.
vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance to which the server belongs. The VPN instance name is a case-sensitive string of 1 to 31 characters.
Usage guidelines
Specify destination servers on an interface that receives UDP broadcast packets.
You can specify a maximum of 20 unicast and multicast addresses for UDP helper to convert broadcast packets on an interface.
If you do not specify the ip-address argument, the undo udp-helper server command removes all destination servers on the interface.
If you specify only the IP address, UDP helper forwards converted unicast packets in the VPN bound to the interface that receives broadcast packets. If the interface is not bound to any VPNs, UDP helper forwards the unicast packets on the public network.
Examples
# Specify the destination server 192.1.1.2 for UDP helper on VLAN-interface 100.
<Sysname> system-view
[Sysname] interface vlan-interface 100
[Sysname-Vlan-interface100] udp-helper server 192.1.1.2
# Specify the destination server 192.1.1.2 on the public network for UDP helper on VLAN-interface 100.
<Sysname> system-view
[Sysname] interface vlan-interface 100
[Sysname-Vlan-interface100] udp-helper server 192.1.1.2 global
Related commands
display udp-helper interface
address range,30
arp check enable,1
arp check log enable,1
arp ip-conflict log prompt,15
arp max-learning-num,2
arp max-learning-number,3
arp mode uni,4
arp multiport,4
arp send-gratuitous-arp,15
arp smooth,5
arp static,6
arp timer aging,7
bims-server,31
bootfile-name,31
class,32
dhcp class,33
dhcp client dad enable,81
dhcp client dscp,81
dhcp client identifier,82
dhcp dscp,28
dhcp enable,28
dhcp relay check mac-address,65
dhcp relay check mac-address aging time,66
dhcp relay client-information record,67
dhcp relay client-information refresh,67
dhcp relay client-information refresh enable,68
dhcp relay information circuit-id,69
dhcp relay information enable,70
dhcp relay information remote-id,71
dhcp relay information strategy,72
dhcp relay release ip,73
dhcp relay server-address,74
dhcp select,29
dhcp server always-broadcast,34
dhcp server apply ip-pool,35
dhcp server bootp ignore,35
dhcp server bootp reply-rfc-1048,36
dhcp server forbidden-ip,37
dhcp server ip-pool,38
dhcp server ping packets,38
dhcp server ping timeout,39
dhcp server relay information enable,40
dhcp snooping binding database filename,86
dhcp snooping binding database update interval,87
dhcp snooping binding database update now,88
dhcp snooping binding record,88
dhcp snooping check mac-address,89
dhcp snooping check request-message,89
dhcp snooping enable,90
dhcp snooping information circuit-id,91
dhcp snooping information enable,92
dhcp snooping information remote-id,93
dhcp snooping information strategy,94
dhcp snooping max-learning-num,95
dhcp snooping rate-limit,96
dhcp snooping trust,96
display arp,8
display arp ip-address,11
display arp timer aging,12
display arp vpn-instance,12
display dhcp client,83
display dhcp relay check mac-address,74
display dhcp relay client-information,75
display dhcp relay information,76
display dhcp relay server-address,78
display dhcp relay statistics,78
display dhcp server conflict,40
display dhcp server expired,41
display dhcp server free-ip,42
display dhcp server ip-in-use,43
display dhcp server pool,45
display dhcp server statistics,47
display dhcp snooping binding,97
display dhcp snooping binding database,98
display dhcp snooping information,99
display dhcp snooping packet statistics,100
display dhcp snooping trust,101
display dns domain,104
display dns host,105
display dns server,106
display fib,113
display icmp statistics,125
display ip interface,22
display ip interface brief,24
display ip load-sharing path,117
display ip statistics,126
display local-proxy-arp,18
display proxy-arp,18
display rawip,127
display rawip verbose,128
display tcp,131
display tcp statistics,132
display tcp verbose,134
display udp,137
display udp statistics,138
display udp verbose,139
display udp-helper interface,154
dns domain,107
dns dscp,108
dns server,108
dns source-interface,109
dns trust-interface,110
dns-list,49
domain-name,50
expired,50
forbidden-ip,51
gateway-list,52
gratuitous-arp-learning enable,16
gratuitous-arp-sending enable,17
if-match,53
ip address,25
ip address dhcp-alloc,85
ip forward-broadcast,142
ip forwarding-table save,115
ip host,111
ip icmp error-interval,143
ip icmp fragment discarding,143
ip icmp source,144
ip irdp,120
ip irdp address,120
ip irdp interval,122
ip irdp lifetime,121
ip irdp multicast,123
ip irdp preference,123
ip load-sharing mode per-flow,116
ip mtu,145
ip redirects enable,145
ip ttl-expires enable,146
ip unreachables enable,147
local-proxy-arp enable,19
nbns-list,54
netbios-type,55
network,56
next-server,57
option,57
proxy-arp enable,20
reset arp,13
reset dhcp relay client-information,80
reset dhcp relay statistics,80
reset dhcp server conflict,59
reset dhcp server expired,59
reset dhcp server ip-in-use,60
reset dhcp server statistics,60
reset dhcp snooping binding,102
reset dhcp snooping packet statistics,102
reset dns host,111
reset ip statistics,148
reset tcp statistics,148
reset udp statistics,149
reset udp-helper statistics,155
static-bind,61
tcp mss,149
tcp path-mtu-discovery,150
tcp syn-cookie enable,150
tcp timer fin-timeout,151
tcp timer syn-timeout,152
tcp window,152
tftp-server domain-name,62
tftp-server ip-address,63
udp-helper broadcast-map,155
udp-helper enable,156
udp-helper port,156
udp-helper server,157
voice-config,63
vpn-instance,64