- Table of Contents
- Related Documents
-
Title | Size | Download |
---|---|---|
01-Text | 1.12 MB |
Ping, tracert, and system debugging commands
ntp-service authentication enable
ntp-service authentication-keyid
ntp-service max-dynamic-sessions
ntp-service reliable authentication-keyid
sntp reliable authentication-keyid
display diagnostic-logfile summary
info-center diagnostic-logfile enable
info-center diagnostic-logfile frequency
info-center diagnostic-logfile quota
info-center diagnostic-logfile directory
info-center logfile overwrite-protection
info-center logfile size-quota
info-center logging suppress duplicates
info-center trace-logfile quota
display snmp-agent local-engineid
snmp-agent trap if-mib link extended
snmp-agent usm-user { v1 | v2c }
Sampler configuration commands
mirroring-group mirroring-port (interface view)
mirroring-group mirroring-port (system view)
mirroring-group monitor-egress
mirroring-group monitor-port (interface view)
mirroring-group monitor-port (system view)
mirroring-group reflector-port
mirroring-group remote-probe vlan
operation (FTP operation view)
operation (HTTP/HTTPS operation view)
reaction checked-element { jitter-ds | jitter-sd }
reaction checked-element { owd-ds | owd-sd }
reaction checked-element icpif
reaction checked-element packet-loss
reaction checked-element probe-duration
reaction checked-element probe-fail (for trap)
reaction checked-element probe-fail (for trigger)
Ping, tracert, and system debugging commands
debugging
Use debugging to enable debugging for a specific module.
Use undo debugging to disable debugging for a specific module.
Syntax
debugging { all [ timeout time ] | module-name [ option ] }
undo debugging { all | module-name [ option ] }
Default
Debugging functions are disabled for all modules.
Views
User view
Predefined user roles
network-admin
mdc-admin
Parameters
all: Enables all debugging functions.
timeout time: Specifies the timeout time for the debugging all command. When all debugging is enabled, the system automatically executes the undo debugging all command after the timeout time. The time argument is in the range of 1 to 1440 minutes.
module-name: Specifies a module by its name, such as arp or device. To display the current module name, use the debugging ? command.
option: Specifies the debugging option for a specific module. The option number and content differ for different modules. To display the supported options, use the debugging module-name ? command.
Usage guidelines
Output of debugging commands is memory intensive. To guarantee system performance, enable debugging only for modules that are in an exceptional condition.
Examples
# Enable debugging for the device management module.
<Sysname> debugging dev
Related commands
display debugging
display debugging
Use display debugging to display the enabled debugging functions.
Syntax
display debugging [ module-name ]
Views
Any view
Predefined user roles
network-admin
network-operator
mdc-admin
mdc-operator
Parameters
module-name: Specifies a module by its name. To display the current module name, use the display debugging ? command.
Examples
# Display all enabled debugging functions.
<Sysname> display debugging
DEV debugging switch is on
Related commands
debugging
ping
Use ping to verify whether the destination IP address is reachable, and display related statistics.
Syntax
ping [ ip ] [ -a source-ip | -c count | -f | -h ttl | -i interface-type interface-number | -m interval | -n | -p pad | -q | -r | -s packet-size | -t timeout | -tos tos | -v | -vpn-instance vpn-instance-name ] * host
Views
Any view
Predefined user roles
network-admin
mdc-admin
Parameters
ip: Distinguishes between a destination host name and the ping command keywords if the name of the destination host is i, or ip. For example, you must use the command in the form of ping ip ip instead of ping ip if the destination host name is ip.
-a source-ip: Specifies an IP address of the device as the source IP address of ICMP echo requests. If this option is not specified, the source IP address of ICMP echo requests is the primary IP address of the outbound interface.
-c count: Specifies the number of ICMP echo requests that are sent to the destination. The value range is 1 to 4294967295, and the default is 5.
-f: Sets the DF bit in the IP header.
-h ttl: Specifies the TTL value of ICMP echo requests. The value range is 1 to 255, and the default is 255.
-i interface-type interface-number: Specifies the source interface of ICMP echo requests. If this option is not provided, the system uses the primary IP address of the matching route's egress interface as the source interface of ICMP echo requests.
-m interval: Specifies the interval (in milliseconds) to send ICMP echo requests. The value range is 1 to 65535, and the default is 200.
-n: Disables domain name resolution for the host argument. If the host argument represents the host name of the destination, and if this keyword is not specified, the device translates host into an address.
-p pad: Specifies the value of the pad field in an ICMP echo request, in hexadecimal format, 1 to 8 bits. The pad argument is in the range of 0 to ffffffff. If the specified value is less than 8 bits, 0s are added in front of the value to extend it to 8 bits. For example, if pad is configured as 0x2f, then the packets are padded with 0x0000002f to make the total length of the packet meet the requirements of the device. By default, the padded value starts from 0x01 up to 0xff, where another round starts again if necessary, like 0x010203…feff01….
-q: Displays only the summary statistics. If this keyword is not specified, the system displays all the ping statistics.
-r: Records the addresses of the hops (up to 9) the ICMP echo requests passed. If this keyword is not specified, the addresses of the hops that the ICMP echo requests passed are not recorded.
-s packet-size: Specifies the length (in bytes) of ICMP echo requests (excluding the IP packet header and the ICMP packet header). The value range is 20 to 8100, and the default is 56.
-t timeout: Specifies the timeout time (in milliseconds) of an ICMP echo reply. The value range is 0 to 65535, and the default is 2000. If the source does not receive an ICMP echo reply within the timeout, it considers the ICMP echo reply timed out.
-tos tos: Specifies the ToS value of ICMP echo requests. The value range is 0 to 255, and the default is 0.
-v: Displays non-ICMP echo reply packets. If this keyword is not specified, the system does not display non-ICMP echo reply packets.
-vpn-instance vpn-instance-name: Specifies the MPLS L3VPN instance to which the destination belongs, where the vpn-instance-name argument is a case-sensitive string of 1 to 31 characters. If the destination is on the public network, do not specify this option.
host: Specifies the IP address or host name of the destination. The host name is a case-insensitive string of 1 to 253 characters, which can contain letters, digits, and special characters such as hyphen (-), underscore (_), and dot (.).
Usage guidelines
To use the name of the destination host to perform the ping operation, you must first configure the DNS on the device. Otherwise, the ping operation will fail.
To abort the ping operation during the execution of the command, press Ctrl+C.
Examples
# Test whether the device with an IP address of 1.1.2.2 is reachable.
<Sysname> ping 1.1.2.2
Ping 1.1.2.2 (1.1.2.2): 56 data bytes, press CTRL_C to break
56 bytes from 1.1.2.2: icmp_seq=0 ttl=254 time=2.137 ms
56 bytes from 1.1.2.2: icmp_seq=1 ttl=254 time=2.051 ms
56 bytes from 1.1.2.2: icmp_seq=2 ttl=254 time=1.996 ms
56 bytes from 1.1.2.2: icmp_seq=3 ttl=254 time=1.963 ms
56 bytes from 1.1.2.2: icmp_seq=4 ttl=254 time=1.991 ms
--- Ping statistics for 1.1.2.2 ---
5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss
round-trip min/avg/max/std-dev = 1.963/2.028/2.137/0.062 ms
# Test whether the device with an IP address of 1.1.2.2 in VPN 1 is reachable.
<Sysname> ping -vpn-instance vpn1 1.1.2.2
Ping 1.1.2.2 (1.1.2.2): 56 data bytes, press CTRL_C to break
56 bytes from 1.1.2.2: icmp_seq=0 ttl=254 time=2.137 ms
56 bytes from 1.1.2.2: icmp_seq=1 ttl=254 time=2.051 ms
56 bytes from 1.1.2.2: icmp_seq=2 ttl=254 time=1.996 ms
56 bytes from 1.1.2.2: icmp_seq=3 ttl=254 time=1.963 ms
56 bytes from 1.1.2.2: icmp_seq=4 ttl=254 time=1.991 ms
--- Ping statistics for 1.1.2.2 in VPN instance vpn1 ---
5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss
round-trip min/avg/max/std-dev = 1.963/2.028/2.137/0.062 ms
# Test whether the device with an IP address of 1.1.2.2 is reachable. Only results are displayed.
<Sysname> ping -q 1.1.2.2
Ping 1.1.2.2 (1.1.2.2): 56 data bytes, press CTRL_C to break
--- Ping statistics for 1.1.2.2 ---
5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss
round-trip min/avg/max/std-dev = 1.962/2.196/2.665/0.244 ms
# Test whether the device with an IP address of 1.1.2.2 is reachable. The IP addresses of the hops that the ICMP packets passed in the path are displayed.
<Sysname> ping -r 1.1.2.2
Ping 1.1.2.2 (1.1.2.2): 56 data bytes, press CTRL_C to break
56 bytes from 1.1.2.2: icmp_seq=0 ttl=254 time=4.685 ms
RR: 1.1.2.1
1.1.2.2
1.1.1.2
1.1.1.1
56 bytes from 1.1.2.2: icmp_seq=1 ttl=254 time=4.834 ms (same route)
56 bytes from 1.1.2.2: icmp_seq=2 ttl=254 time=4.770 ms (same route)
56 bytes from 1.1.2.2: icmp_seq=3 ttl=254 time=4.812 ms (same route)
56 bytes from 1.1.2.2: icmp_seq=4 ttl=254 time=4.704 ms (same route)
--- Ping statistics for 1.1.2.2 ---
5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss
round-trip min/avg/max/std-dev = 4.685/4.761/4.834/0.058 ms
The output shows that:
· The destination is reachable.
· The route is 1.1.1.1 <-> {1.1.1.2; 1.1.2.1} <-> 1.1.2.2.
Table 1 Command output
Field |
Description |
Ping 1.1.2.2 (1.1.2.2): 56 data bytes, press CTRL_C to break |
Test whether the device with IP address 1.1.2.2 is reachable. There are 56 bytes in each ICMP echo request. Press Ctrl+C to abort the ping operation. |
56 bytes from 1.1.2.2: icmp_seq=0 ttl=254 time=4.685 ms |
Received ICMP echo replies from the device whose IP address is 1.1.2.2. If no echo reply is received within the timeout period, no information is displayed. · bytes—Number of bytes in the ICMP echo reply. · icmp_seq—Packet sequence, used to determine whether a segment is lost, disordered or repeated. · ttl—TTL value in the ICMP echo reply. · time—Response time. |
RR: |
Routers through which the ICMP echo request passed. They are displayed in inversed order, which means the router with a smaller distance to the destination is displayed first. |
--- Ping statistics for 1.1.2.2 --- |
Statistics on data received and sent in the ping operation. |
--- Ping statistics for 1.1.2.2 in VPN instance vpn1 --- |
Ping statistics for a device in a VPN instance. |
5 packet(s) transmitted |
Number of ICMP echo requests sent. |
5 packet(s) received |
Number of ICMP echo replies received. |
0.0% packet loss |
Percentage of unacknowledged packets to the total packets sent. |
round-trip min/avg/max/std-dev = 4.685/4.761/4.834/0.058 ms |
Minimum/average/maximum/standard deviation response time, in milliseconds. |
tracert
Use tracert to trace the path the packets traverse from source to destination.
Syntax
tracert [ -a source-ip | -f first-ttl | -m max-ttl | -p port | -q packet-number | -t tos | -vpn-instance vpn-instance-name | -w timeout ] * host
Views
Any view
Predefined user roles
network-admin
mdc-admin
Parameters
-a source-ip: Specifies an IP address of the device as the source IP address of probe packets. If this option is not specified, the source IP address of probe packets is the primary IP address of the outbound interface.
-f first-ttl: Specifies the TTL of the first packet sent to the destination. The value range is 1 to 255, and the default is 1. It must be smaller than the value of the max-ttl argument.
-m max-ttl: Specifies the maximum number of hops allowed for a probe packet. The value range is 1 to 255, and the default is 30. It must be greater than the value of the first-ttl argument.
-p port: Specifies an invalid UDP port of the destination. The value range is 1 to 65535, and the default 33434.
-q packet-number: Specifies the number of probe packets to send per hop. The value range is 1 to 65535, and the default is 3.
-t tos: Specifies the ToS value of probe packets. The value range is 0 to 255, and the default is 0.
-vpn-instance vpn-instance-name: Specifies the MPLS L3VPN instance to which the destination belongs, where the vpn-instance-name argument is a case-sensitive string of 1 to 31 characters. If the destination is on the public network, do not specify this option.
-w timeout: Specifies the timeout time in milliseconds of the reply packet for a probe packet. The value range is 1 to 65535, and the default is 5000.
host: Specifies the IP address or host name of the destination. The host name is a case-insensitive string of 1 to 253 characters, which can contain letters, digits, and special characters such as hyphen (-), underscore (_), and dot (.).
Usage guidelines
When network failures occur, use the tracert command to locate failed nodes.
The output of the tracert command includes IP addresses of all the Layer 3 devices that the packets traverse from source to destination. Asterisks (* * *) are displayed if the device cannot reply with an ICMP error message (this can be because the destination is unreachable or sending ICMP timeout/destination unreachable packets is disabled).
To abort the tracert operation during the execution of the command, press Ctrl+C.
Examples
# Display the path that the packets traverse from source to destination (1.1.2.2).
<Sysname> tracert 1.1.2.2
traceroute to 1.1.2.2(1.1.2.2), 30 hops at most, 40 bytes each packet, press CTRL_C to break
1 1.1.1.2 673 ms 425 ms 30 ms
2 1.1.2.2 580 ms 470 ms 80 ms
# Trace the path to destination (192.168.0.46) over an MPLS network.
<Sysname> tracert 192.168.0.46
traceroute to 192.168.0.46(192.168.0.46), 30 hops at most, 40 bytes each packet, press CTRL_C to break
1 192.0.2.13 (192.0.2.13) 0.661 ms 0.618 ms 0.579 ms
2 192.0.2.9 (192.0.2.9) 0.861 ms 0.718 ms 0.679 ms
MPLS Label=100048 Exp=0 TTL=1 S=1
3 192.0.2.5 (192.0.2.5) 0.822 ms 0.731 ms 0.708 ms
MPLS Label=100016 Exp=0 TTL=1 S=1
4 192.0.2.1 (192.0.2.1) 0.961 ms 8.676 ms 0.875 ms
Table 2 Command output
Field |
Description |
traceroute to 1.1.2.2(1.1.2.2) |
Display the route that the IP packets traverse from the current device to the device whose IP address is 1.1.2.2. |
hops at most |
Maximum number of hops of the probe packets, which can be set by the -m keyword. |
bytes each packet |
Number of bytes of a probe packet. |
press CTRL_C to break |
During the execution of the command, press Ctrl+C to abort the tracert operation. |
1 1.1.1.2 673 ms 425 ms 30 ms |
Probe result of the probe packets whose TTL is 1, including the IP address of the first hop, and the round-trip time of three probe packets. The number of packets that can be sent in each probe can be set through the -q keyword. |
MPLS Label=100048 Exp=0 TTL=1 S=1 |
MPLS label information carried in ICMP timeout packets on an MPLS network: · Label—Label value that is used to identify a forwarding equivalence class (FEC). · Exp—Reserved, typically used for class of service (CoS). · TTL—TTL value. · S—MPLS supports multiple levels of labels. Value 1 indicates that the label is at the bottom of the label stack. Value 0 indicates that the label is in another label stack. |
NTP commands
The term "interface" in this chapter collectively refers to Layer 3 interfaces, including VLAN interfaces and Layer 3 Ethernet interfaces. You can set an Ethernet port as a Layer 3 interface by using the port link-mode route command (see Layer 2—LAN Switching Configuration Guide).
display ntp-service sessions
Use display ntp-service sessions to display information about all IPv4 NTP associations.
Syntax
display ntp-service sessions [ verbose ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
verbose: Displays detailed information about all IPv4 NTP associations. If you do not specify this keyword, the command displays only brief information about the NTP associations.
Usage guidelines
When a device is operating in NTP broadcast or multicast server mode, the display ntp-service sessions command does not display the IPv4 NTP association information corresponding to the broadcast or multicast server, but the associations are counted in the total number of associations.
Examples
# Display brief information about all IPv4 NTP associations.
<Sysname> display ntp-service sessions
source reference stra reach poll now offset delay disper
********************************************************************************
[12345]LOCAL(0) LOCL 0 1 64 - 0.0000 0.0000 7937.9
[5]0.0.0.0 INIT 16 0 64 - 0.0000 0.0000 0.0000
Notes: 1 source(master), 2 source(peer), 3 selected, 4 candidate, 5 configured.
Total sessions: 1
Table 3 Command output
Field |
Description |
source |
· When the reference clock is the local clock, the field displays LOCAL (number), which indicates that the IP address of the local clock is 127.127.1.number, where number represents the NTP process number in the range of 0 to 3. · When the reference clock is the clock of another device, the field displays the IP address of the NTP server. If this field displays 0.0.0.0, the IP address of the NTP server has not been resolved successfully. |
reference |
Reference clock ID of the NTP server: · If the reference clock is the local clock, the value of this field is related to the value of the stra field: ¡ When the value of the stra field is 0 or 1, this field displays LOCL. ¡ When the stra field has another value, this field displays the IP address of the local clock. · If the reference clock is the clock of another device on the network, this field displays the IP address of the device. If this field displays INIT, the local device has not established a connection with the NTP server. |
stra |
Stratum level of the clock source, which determines the clock accuracy. The value is in the range of 1 to 16. The clock accuracy decreases from stratum 1 to stratum 16. A stratum 1 clock has the highest precision, and a stratum 16 clock is not synchronized and cannot be used as a reference clock. |
reach |
Reachability count of the clock source. 0 indicates that the clock source is unreachable. |
poll |
Polling interval in seconds. It is the maximum interval between successive NTP messages. |
now |
Length of time from when the last NTP message was received or when the local clock was last updated to the current time. Time is in seconds by default. If the time length is greater than 2048 seconds, it is displayed in minutes. If greater than 300 minutes, in hours. If greater than 96 hours, in days; if greater than 999 days, in years. If the time when the most recent NTP message was received or when the local clock was updated most recently is behind the current time, a hyphen (-) is displayed. |
offset |
Offset of the system clock relative to the reference clock, in milliseconds. |
delay |
Roundtrip delay from the local device to the NTP server, in milliseconds. |
disper |
Maximum error of the system clock relative to the reference source, in milliseconds. |
[12345] |
· 1—Clock source selected by the system (the current reference source). It has a system clock stratum level less than or equal to 15. · 2—The stratum level of the clock source is less than or equal to 15. · 3—The clock source has survived the clock selection algorithm. · 4—The clock source is a candidate clock source. · 5—The clock source was created by a configuration command. |
Total sessions |
Total number of associations. |
# Display detailed information about all IPv4 NTP associations.
<Sysname> display ntp-service sessions verbose
Clock source: 192.168.1.40
Session ID: 35888
Clock stratum: 2
Clock status: configured, master, sane, valid
Reference clock ID: 127.127.1.0
VPN instance: Not specified
Local mode: client, local poll interval: 6
Peer mode: server, peer poll interval: 6
Offset: 0.2862ms, roundtrip delay: 3.2653ms, dispersion: 4.5166ms
Root roundtrip delay: 0.0000ms, root dispersion: 10.910ms
Reachabilities:31, sync distance: 0.0194
Precision: 2^18, version: 3, source interface: Not specified
Reftime: d17cbba5.1473de1e Tue, May 17 2011 9:17:25.079
Orgtime: 00000000.00000000 Thu, Feb 7 2036 6:28:16.000
Rcvtime: d17cbbc0.b1959a30 Tue, May 17 2011 9:17:52.693
Xmttime: d17cbbc0.b1959a30 Tue, May 17 2011 9:17:52.693
Roundtrip delay samples: 0.007 0.010 0.006 0.011 0.010 0.005 0.007 0.003
Offset samples: 5629.55 3913.76 5247.27 6526.92 31.99 148.72 38.27 0.29
Filter order: 7 5 2 6 0 4 1 3
Total sessions: 1
Table 4 Command output
Field |
Description |
Clock source |
IP address of the NTP server. If this field displays 0.0.0.0, the IP address of the NTP server has not been resolved successfully. |
Clock stratum |
Stratum level of the NTP server, which determines the clock accuracy. The value is in the range of 1 to 16. A lower stratum level represents greater clock accuracy. A stratum 16 clock is not synchronized and cannot be used as a reference clock. |
Clock status |
Status of the clock source corresponding to this association: · configured—The association was created by a configuration command. · dynamic—The association is established dynamically. · master—The clock source is the primary reference source of the current system. · selected—The clock source has survived the clock selection algorithm. · candidate—The clock source is the candidate reference source. · sane—The clock source has passed the sane authentication. · insane—The clock source has failed the sane authentication. · valid—The clock source is valid, which means the clock source meets the following requirements: it has passed authentication and is being synchronized. Its stratum level is valid, and its root delay and root dispersion values are within their ranges. · invalid—The clock source is invalid. · unsynced—The clock source has not been synchronized or the value of the stratum level is invalid. |
Reference clock ID |
Reference clock ID of the NTP server: · If the reference clock is the local clock, the value of this field is related to the value of the Clock stratum field: ¡ When the value of the Clock stratum field is 0 or 1, this field displays LOCL. ¡ When the Clock stratum field has another value, this field displays the IP address of the local clock. · If the reference clock is the clock of another device on the network, this field displays the IP address of the device. If this field displays INIT, the local device has not established a connection with the NTP server. |
VPN instance |
VPN instance of the NTP server. If the NTP server is on a public network, the field displays Not specified. |
Local mode |
Operation mode of the local device: · unspec—The mode is unspecified. · active—Active mode. · passive—Passive mode. · client—Client mode. · server—Server mode. · broadcast—Broadcast or multicast server mode. · bclient—Broadcast or multicast client mode. |
local poll interval |
Polling interval of the local device, in seconds. The value displayed is a power of 2. For example, if the displayed value is 6, the poll interval of the local device is 26, or 64 seconds. |
Peer mode |
Operation mode of the peer device: · unspec—The mode is unspecified. · active—Active mode. · passive—Passive mode. · client—Client mode. · server—Server mode. · broadcast—Broadcast or multicast server mode. · bclient—Broadcast or multicast client mode. |
peer poll interval |
Polling interval of the peer device, in seconds. The value displayed is a power of 2. For example, if the displayed value is 6, the poll interval of the local device is 26, or 64 seconds. |
Offset |
Offset of the system clock relative to the reference clock, in milliseconds. |
roundtrip delay |
Roundtrip delay from the local device to the NTP server, in milliseconds. |
dispersion |
Maximum error of the system clock relative to the reference clock. |
Root roundtrip delay |
Roundtrip delay from the local device to the primary reference source, in milliseconds. |
root dispersion |
Maximum error of the system clock relative to the primary reference clock, in milliseconds. |
Reachabilities |
Reachability count of the clock source. 0 indicates that the clock source is unreachable. |
sync distance |
Synchronization distance relative to the upper-level clock, in seconds, and calculated from dispersion and roundtrip delay values. |
Precision |
Accuracy of the system clock. |
version |
NTP version in the range of 1 to 4. |
source interface |
Source interface. If the source interface is not specified, this field is Not specified. |
Reftime |
Reference timestamp in the NTP message. |
Orgtime |
Originate timestamp in the NTP message. |
Rcvtime |
Receive timestamp in the NTP message. |
Xmttime |
Transmit timestamp in the NTP message. |
Filter order |
Sample information order. |
Reference clock status |
Status of the local clock. The field is displayed only when you use the ntp-service refclock-master command to set the local clock as a reference clock. When the reach field of the local clock is 255, the field is displayed as working normally. Otherwise, the field is displayed as working abnormally. |
Total sessions |
Total number of associations. |
display ntp-service status
Use display ntp-service status to display NTP service status.
Syntax
display ntp-service status
View
Any view
Predefined user roles
network-admin
network-operator
Examples
# Display NTP service status after time synchronization.
<Sysname> display ntp-service status
Clock status: synchronized
Clock stratum: 2
System peer: LOCAL(0)
Local mode: client
Reference clock ID: 127.127.1.0
Leap indicator: 00
Clock jitter: 0.000977 s
Stability: 0.000 pps
Clock precision: 2^-10
Root delay: 0.00000 ms
Root dispersion: 3.96367 ms
Reference time: d0c5fc32.92c70b1e Wed, Dec 29 2010 18:28:02.573
# Display the NTP service status when time is not synchronized.
<Sysname> display ntp-service status
Clock status: unsynchronized
Clock stratum: 16
Reference clock ID: none
Clock jitter: 0.000000 s
Stability: 0.000 pps
Clock precision: 2^-10
Root delay: 0.00000 ms
Root dispersion: 0.00002 ms
Reference time: d0c5fc32.92c70b1e Wed, Dec 29 2010 18:28:02.573
Table 5 Command output
Field |
Description |
Clock status |
Status of the system clock: · synchronized—The system clock has been synchronized. · unsynchronized—The system clock has not been synchronized. |
Clock stratum |
Stratum level of the system clock. |
System peer |
IP address of the selected NTP server. |
Local mode |
Operation mode of the local device: · unspec—The mode is unspecified. · active—Active mode. · passive—Passive mode. · client—Client mode. · server—Server mode. · broadcast—Broadcast or multicast server mode. · bclient—Broadcast or multicast client mode. |
Reference clock ID |
The field represents the IP address of the remote server when the local device is synchronized to a remote NTP server. The field represents the local clock when the local device uses the local clock as a reference source. · When the local clock has a stratum level of 1, this field displays Local. · When the local clock has any other stratum, this field displays the IP address of the local clock. |
Leap indicator |
Alarming status: · 00—Normal. · 01—Leap second, indicates that the last minute in a day has 61 seconds. · 10—Leap second, indicates that the last minute in a day has 59 seconds. · 11—Time is not synchronized. |
Clock jitter |
Difference between the system clock and reference clock, in seconds. |
Stability |
Clock frequency stability. A lower value represents better stability. |
Clock precision |
Accuracy of the system clock. |
Root delay |
Roundtrip delay from the local device to the primary reference source, in milliseconds. |
Root dispersion |
Maximum error of the system clock relative to the primary reference source, in milliseconds. |
Reference time |
Reference timestamp. |
display ntp-service trace
Use display ntp-service trace to display brief information about each NTP server from the local device back to the primary reference source.
Syntax
display ntp-service trace
View
Any view
Predefined user roles
network-admin
network-operator
Examples
# Display brief information about each NTP server from the local device back to the primary reference source.
<Sysname> display ntp-service trace
Server 127.0.0.1
Stratum 3, jitter 0.000, synch distance 0.0000.
Server 3000::32
Stratum 2 , jitter 790.00, synch distance 0.0000.
RefID 127.127.1.0
The output shows that server 127.0.0.1 is synchronized to server 3000::32, and server 3000::32 is synchronized to the local clock.
Table 6 Command output
Field |
Description |
Server |
IP address of the NTP server. |
Stratum |
Stratum level of the NTP server. |
jitter |
Root mean square (RMS) value of the clock offset relative to the upper-level clock, in seconds. |
synch distance |
Synchronization distance relative to the upper-level NTP server, in seconds, calculated from dispersion and roundtrip delay values. |
RefID |
Identifier of the primary reference source. When the stratum level of the primary reference clock is 0, it is displayed as Local. Otherwise, it is displayed as the IP address of the primary reference clock. |
ntp-service acl
Use ntp-service acl to configure the access-control right for peer devices to access NTP services of the local device.
Use undo ntp-service acl to remove the configured NTP service access-control right.
Syntax
ntp-service { peer | query | server | synchronization } acl acl-number
undo ntp-service { peer | query | server | synchronization } acl acl-number
Default
The access-control right for the peer devices to access the NTP services of the local device is peer.
Views
System view
Predefined user roles
network-admin
Parameters
peer: Allows time requests and NTP control queries (such as alarms, authentication status, and time server information) from a peer device and allows the local device to synchronize itself to a peer device.
query: Allows only NTP control queries from a peer device to the local device.
server: Allows time requests and NTP control queries from a peer device, but does not allow the local device to synchronize itself to a peer device.
synchronization: Allows only time requests from a system whose address passes the access list criteria.
acl acl-number: Specifies an ACL. The peer devices that match the ACL have the access right specified in this command. The acl-number argument represents a basic ACL number in the range of 2000 to 2999.
Usage guidelines
You can control NTP access by using ACL. The access rights are in the following order, from least restrictive to most restrictive: peer, server, synchronization, and query.
The device processes an NTP request by following these rules:
· If no NTP access control is configured, peer is granted to the local device and peer devices.
· If the IP address of the peer device matches a permit statement in an ACL for more than one access right, the least restrictive access right is granted to the peer device. If a deny statement or no ACL is matched, no access right is granted.
· If no ACL is created for a specific access right, the associated access right is not granted.
· If no ACL is created for any access right, peer is granted.
The ntp-service acl command provides minimal security for a system running NTP. A more secure method is NTP authentication.
Examples
# Configure the peer devices on subnet 10.10.0.0/16 to have full access to the local device.
<Sysname> system-view
[Sysname] acl number 2001
[Sysname-acl-basic-2001] rule permit source 10.10.0.0 0.0.255.255
[Sysname-acl-basic-2001] quit
[Sysname] ntp-service access peer acl 2001
Related commands
· ntp-service authentication enable
· ntp-service authentication-keyid
· ntp-service reliable authentication-keyid
ntp-service authentication enable
Use ntp-service authentication enable to enable NTP authentication.
Use undo ntp-service authentication enable to disable NTP authentication.
Syntax
ntp-service authentication enable
undo ntp-service authentication enable
Default
NTP authentication is disabled.
Views
System view
Predefined user roles
network-admin
Usage guidelines
Enable NTP authentication in networks that require time synchronization security to make sure NTP clients are only synchronized to authenticated NTP servers.
To authenticate an NTP server, set an authentication key and specify it as a trusted key.
Examples
# Enable NTP authentication.
<Sysname> system-view
[Sysname] ntp-service authentication enable
Related commands
· ntp-service authentication-keyid
· ntp-service reliable authentication-keyid
ntp-service authentication-keyid
Use ntp-service authentication-keyid to set an NTP authentication key.
Use undo ntp-service authentication-keyid to remove the NTP authentication key.
Syntax
ntp-service authentication-keyid keyid authentication-mode md5 { cipher | simple } value
undo ntp-service authentication-keyid keyed
Default
No NTP authentication key is set.
Views
System view
Predefined user roles
network-admin
Parameters
keyid: Specifies a key ID to identify an authentication key, in the range of 1 to 4294967295.
authentication-mode md5 value: Uses the MD5 algorithm for key authentication.
simple: Sets a plaintext authentication key.
cipher: Sets a ciphertext authentication key.
value: Specifies the MD5 authentication key string. If simple is specified, it is a string of 1 to 32 characters. If cipher is specified, it is a string of 1 to 73 characters.
Usage guidelines
In a network where there is a high security demand, the NTP authentication feature must be enabled for a system running NTP. This feature enhances the network security by using client-server key authentication, which prohibits a client from synchronizing to a device that has failed the authentication.
After you specify an NTP authentication key, use the ntp-service reliable authentication-keyid command to configure the key as a trusted key. The key automatically changes to untrusted after you delete the key. In this case, you do not need to execute the undo ntp-service reliable authentication-keyid command.
You can set up to 128 keys by executing the command.
The authentication key, set in either plain text or cipher text, is saved to the configuration file in cipher text.
Examples
# Set a plaintext MD5 authentication key, with the key ID of 10 and key value of BetterKey.
<Sysname> system-view
[Sysname] ntp-service authentication enable
[Sysname] ntp-service authentication-keyid 10 authentication-mode md5 simple BetterKey
Related commands
· ntp-service authentication enable
· ntp-service reliable authentication-keyid
ntp-service broadcast-client
Use ntp-service broadcast-client to configure the device to operate in NTP broadcast client mode and use the current interface to receive NTP broadcast packets.
Use undo ntp-service broadcast-client to remove the configuration.
Syntax
ntp-service broadcast-client
undo ntp-service broadcast-client
Default
The device does not operate in any NTP association mode.
Views
Interface view
Predefined user roles
network-admin
Usage guidelines
After you configure this command, the device listens to NTP messages sent by the NTP broadcast server and is synchronized based on the received NTP messages.
If you have configured the device to operate in broadcast client mode on an interface with this command, do not add the interface to any aggregate group. To add the interface to an aggregate group, remove the configuration of the command.
Examples
# Configure the device to operate in broadcast client mode and receive NTP broadcast messages on VLAN-interface 1.
<Sysname> system-view
[Sysname] interface vlan-interface 1
[Sysname-Vlan-interface1] ntp-service broadcast-client
Related commands
ntp-service broadcast-server
Use ntp-service broadcast-server to configure the device to operate in NTP broadcast server mode and use the current interface to send NTP broadcast packets.
Use undo ntp-service broadcast-server to remove the configuration.
Syntax
ntp-service broadcast-server [ authentication-keyid keyid | version number ] *
undo ntp-service broadcast-server
Default
The device does not operate in any NTP association mode.
Views
Interface view
Predefined user roles
network-admin
Parameters
authentication-keyid keyid: Specifies the key ID to be used for sending broadcast messages to broadcast clients, where keyid is in the range of 1 to 4294967295. If you do not specify this option, the local device cannot synchronize broadcast clients enabled with NTP authentication.
version number: Specifies the NTP version. The value range for the number argument is 1 to 4, and the default is 4.
Usage guidelines
After you configure this command, the device periodically sends NTP messages to the broadcast address 255.255.255.255.
If you have configured the device to operate in broadcast server mode on an interface with this command, do not add the interface to any aggregate group. To add the interface to an aggregate group, remove the configuration of the command.
Examples
# Configure the device to operate in broadcast server mode and send NTP broadcast messages on VLAN-interface 1, using key 4 for encryption, and set the NTP version to 4.
<Sysname> system-view
[Sysname] interface vlan-interface 1
[Sysname-Vlan-interface1] ntp-service broadcast-server authentication-keyid 4 version 4
Related commands
ntp-service broadcast-client
ntp-service dscp
Use ntp-server dscp to set a DSCP value for IPv4 NTP packets.
Use undo ntp-server dscp to restore the default.
Syntax
ntp-service dscp dscp-value
undo ntp-service dscp
Default
The DSCP value for IPv4 NTP packets is 48.
Views
System view
Predefined user roles
network-admin
Parameters
dscp-value: Sets a DSCP value in the range of 0 to 63 for IPv4 NTP packets.
Usage guidelines
The DSCP value is included in the ToS field of an IPv4 packet to identify the packet priority.
Examples
# Set the DSCP value for IPv4 NTP packets to 30.
<Sysname> system-view
[Sysname] ntp-service dscp 30
ntp-service enable
Use ntp-service enable to enable the NTP service.
Use undo ntp-service enable to disable the NTP service.
Syntax
ntp-service enable
undo ntp-service enable
Default
The NTP service is not enabled.
Views
System view
Predefined user roles
network-admin
Examples
# Enable the NTP service.
<Sysname> system-view
[Sysname] ntp-service enable
ntp-service inbound enable
Use ntp-service inbound enable to enable an interface to process NTP messages.
Use undo ntp-service inbound enable to disable an interface from processing NTP messages.
Syntax
ntp-service inbound enable
undo ntp-service inbound enable
Default
An interface processes NTP messages.
Views
Interface view
Predefined user roles
network-admin
Usage guidelines
To achieve the following purposes, execute the undo ntp-service inbound enable command on an interface:
· Disable the interface from synchronizing the peer device in the corresponding subnet.
· Disable the device from being synchronized by the peer device in the subnet corresponding to an interface.
Examples
# Disable VLAN-interface 1 from processing NTP messages.
<Sysname> system-view
[Sysname] interface vlan-interface 1
[Sysname-Vlan-interface1] undo ntp-service inbound enable
ntp-service max-dynamic-sessions
Use ntp-service max-dynamic-sessions to set the maximum number of dynamic NTP sessions allowed to be established locally.
Use undo ntp-service max-dynamic-sessions to restore the default.
Syntax
ntp-service max-dynamic-sessions number
undo ntp-service max-dynamic-sessions
Default
The maximum number of dynamic NTP sessions is 100.
View
System view
Predefined user roles
network-admin
Parameters
number: Sets the maximum number of dynamic NTP associations allowed to be established, in the range of 0 to 100.
Usage guidelines
A single device can have a maximum of 128 concurrent associations, including static associations and dynamic associations. A static association refers to an association that a user has manually created by using an NTP command, while a dynamic association is a temporary association created by the system during operation.
Examples
# Set the maximum number of dynamic NTP associations allowed to be established to 50.
<Sysname> system-view
[Sysname] ntp-service max-dynamic-sessions 50
Related commands
display ntp-service sessions
ntp-service multicast-client
Use ntp-service multicast-client to configure the device to operate in NTP multicast client mode and use the current interface to receive NTP multicast packets.
Use undo ntp-service multicast-client to remove the configuration.
Syntax
ntp-service multicast-client [ ip-address ]
undo ntp-service multicast-client [ ip-address ]
Default
The device does not operate in any NTP association mode.
View
Interface view
Predefined user roles
network-admin
Parameters
ip-address: Specifies a multicast IP address. The default is 224.0.1.1. A multicast server and client must be configured with the same multicast IP address.
Usage guidelines
After you configure this command, the device listens to NTP messages using the specified multicast address as the destination address.
If you have configured the device to operate in multicast client mode on an interface with this command, do not add the interface to any aggregate group. To add the interface to an aggregate group, remove the configuration of the command.
Examples
# Configure the device to operate in multicast client mode and receive NTP multicast messages on VLAN-interface 1, and set the multicast address to 224.0.1.1.
<Sysname> system-view
[Sysname] interface vlan-interface 1
[Sysname-Vlan-interface1] ntp-service multicast-client 224.0.1.1
Related commands
ntp-service multicast-server
ntp-service multicast-server
Use ntp-service multicast-server to configure the device to operate in NTP multicast server mode and use the current interface to send NTP multicast packets.
Use undo ntp-service multicast-server to remove the configuration.
Syntax
ntp-service multicast-server [ ip-address ] [ authentication-keyid keyid | ttl ttl-number | version number ] *
undo ntp-service multicast-server [ ip-address ]
Default
The device does not operate in any NTP association mode.
View
Interface view
Predefined user roles
network-admin
Parameters
ip-address: Specifies a multicast IP address. The default is 224.0.1.1. A multicast server and client must be configured with the same multicast IP address.
ttl ttl-number: Specifies the TTL of NTP multicast messages, where ttl-number is in the range of 1 to 255. The default value is 16.
version number: Specifies the NTP version. The value range for the number argument is 1 to 4, and the default is 4.
Usage guidelines
After you configure this command, the device periodically sends NTP messages to the specified multicast address.
If you have configured the device to operate in multicast server mode on an interface with this command, do not add the interface to any aggregate group. To add the interface to an aggregate group, remove the configuration of the command.
Examples
# Configure the device to operate in multicast server mode and send NTP multicast messages on VLAN-interface 1 to the multicast address 224.0.1.1, using key 4 for encryption, and set the NTP version to 4.
<Sysname> system-view
[Sysname] interface vlan-interface 1
[Sysname-Vlan-interface1] ntp-service multicast-server 224.0.1.1 version 4 authentication-keyid 4
Related commands
ntp-service multicast-client
ntp-service refclock-master
Use ntp-service refclock-master to configure the local clock as a reference source for other devices.
Use undo ntp-service refclock-master to remove the configuration.
Syntax
ntp-service refclock-master [ ip-address ] [ stratum ]
undo ntp-service refclock-master [ ip-address ]
Default
The device does not use its local clock as a reference clock.
Views
System view
Predefined user roles
network-admin
Parameters
ip-address: IP address of the local clock, which is 127.127.1.u, where u is the NTP process ID in the range of 0 to 3. If you do not specify ip-address, it defaults to 127.127.1.0.
stratum: Stratum level of the local clock, in the range of 1 to 15. The default value is 8. A lower stratum level represents a higher clock accuracy.
Usage guidelines
Usually an NTP server that gets its time from an authoritative time source, such as an atomic clock has stratum 1 and operates as the primary time server to provide time synchronization for other devices in the network. The accuracy of each server is the stratum, with the topmost level (primary servers) assigned as one and each level downwards (secondary servers) in the hierarchy assigned as one greater than the preceding level.
If the devices in a network cannot synchronize to an authoritative time source, you can select a device that has a relatively accurate clock from the network, and use the local clock of the device as the reference clock to synchronize other devices in the network.
Use this command with caution to avoid time errors. As a best practice, adjust the local system time to a correct value before you execute this command.
Examples
# Specify the local clock as the reference source, with the stratum level 2.
<Sysname> system-view
[Sysname] ntp-service refclock-master 2
ntp-service reliable authentication-keyid
Use ntp-service reliable authentication-keyid to specify the created authentication key as a trusted key.
Use undo ntp-service reliable authentication-keyid to remove the configuration.
Syntax
ntp-service reliable authentication-keyid keyid
undo ntp-service reliable authentication-keyid keyid
Default
No trust key is specified.
Views
System view
Predefined user roles
network-admin
Parameters
keyid: Specifies an authentication key number in the range of 1 to 4294967295.
Usage guidelines
When NTP authentication is enabled, a client can be synchronized only to a server that can provide a trusted authentication key.
Before you use the command, make sure NTP authentication is enabled and an authentication key is configured. The key automatically changes to untrusted after you delete the key. In this case, you do not need to execute the undo ntp-service reliable authentication-keyid command.
You can set up to 128 keys by executing the command.
Examples
# Enable NTP authentication, specify the MD5 algorithm, with the key ID of 37 and key value of BetterKey.
<Sysname> system-view
[Sysname] ntp-service authentication enable
[Sysname] ntp-service authentication-keyid 37 authentication-mode md5 BetterKey
# Specify this key as a trusted key.
[Sysname] ntp-service reliable authentication-keyid 37
Related commands
· ntp-service authentication enable
· ntp-service authentication-keyid
ntp-service source
Use ntp-service source to specify the source interface for NTP messages.
Use undo ntp-service source to restore the default.
Syntax
ntp-service source interface-type interface-number
undo ntp-service source
Default
No source interface is specified for NTP messages. The device searches the routing table for the outbound interface of NTP messages, and uses the primary IP address of the outbound interface as the source IP address for NTP messages.
Views
System view
Predefined user roles
network-admin
Parameters
interface-type interface-number: Specifies an interface by its type and number.
Usage guidelines
If you specify the source interface for NTP messages, the device sets the source IP address of the NTP messages as the primary IP address of the specified interface when sending the NTP messages.
When the device responds to an NTP request, the source IP address of the NTP response is always the IP address of the interface that has received the NTP request.
If you do not want the IP address of an interface on the local device to become the destination address for response messages, use this command.
· If you have specified the source interface for NTP messages in the ntp-service unicast-server or ntp-service unicast-peer command, the interface specified in the ntp-service unicast-server or ntp-service unicast-peer command serves as the source interface for NTP messages.
· If you have configured the ntp-service broadcast-server or ntp-service multicast-server command, the source interface for the broadcast or multicast NTP messages is the interface configured with the respective command.
· If the specified source interface is down, the device does not send NTP messages.
Examples
# Specify the source interface for NTP messages as VLAN-interface 1.
<Sysname> system-view
[Sysname] ntp-service source vlan-interface 1
ntp-service unicast-peer
Use ntp-service unicast-peer to specify a symmetric-passive peer for the device.
Use undo ntp-service unicast-peer to remove the symmetric-passive peer specified for the device.
Syntax
ntp-service unicast-peer { peer-name | ip-address } [ vpn-instance vpn-instance-name ] [ authentication-keyid keyid | priority | source interface-type interface-number | version number ] *
undo ntp-service unicast-peer { peer-name | ip-address } [ vpn-instance vpn-instance-name ]
Default
No symmetric-passive peer is specified for the device.
Views
System view
Predefined user roles
network-admin
Parameters
peer-name: Specifies the host name of the symmetric-passive peer, a case-insensitive string of 1 to 253 characters.
ip-address: Specifies the IP address of the symmetric-passive peer. It must be a unicast address, rather than a broadcast address, a multicast address, or the IP address of the local clock.
vpn-instance vpn-instance-name: Specifies the MPLS L3VPN to which the symmetric-passive peer belongs, where vpn-instance-name is a case-sensitive string of 1 to 31 characters. If the symmetric-passive peer is on a public network, do not specify this option.
authentication-keyid keyid: Specifies the key ID to be used for sending NTP messages to the peer, where keyid is in the range of 1 to 4294967295. If you do not specify this option, the local device and the peer do not authenticate each other.
priority: Specifies the peer specified by ip-address or peer-name as the first choice under the same condition.
source interface-type interface-number: Specifies the source interface for NTP messages. In an NTP message the local device sends to its peer, the source IP address is the primary IP address of this interface. The interface-type interface-number argument represents the interface type and number.
version number: Specifies the NTP version. The value range for the number argument is 1 to 4, and the default is 4.
Usage guidelines
When you specify a passive peer for the device, the device and its passive peer can be synchronized to each other. If their clocks are in synchronized state, the clock with a high stratum level is synchronized to the clock with a lower stratum level.
To synchronize the PE to a PE or CE in a VPN, provide vpn-instance vpn-instance-name in your command.
If you include vpn-instance vpn-instance-name in the undo ntp-service unicast-peer command, the command removes the symmetric-passive peer with the IP address of ip-address in the specified VPN. If you do not include vpn-instance vpn-instance-name in this command, the command removes the symmetric-passive peer with the IP address of ip-address on the public network.
Examples
# Specify the device with the IP address of 10.1.1.1 as the symmetric-passive peer of the device, configure the device to run NTP version 4, and specify the source interface of NTP messages as VLAN-interface 1.
<Sysname> system-view
[Sysname] ntp-service unicast-peer 10.1.1.1 version 4 source-interface vlan-interface 1
Related commands
· ntp-service authentication enable
· ntp-service authentication-keyid
· ntp-service reliable authentication-keyid
ntp-service unicast-server
Use ntp-service unicast-server to specify an NTP server for the device.
Use undo ntp-service unicast-server to remove an NTP server specified for the device.
Syntax
ntp-service unicast-server { server-name | ip-address } [ vpn-instance vpn-instance-name ] [ authentication-keyid keyid | priority | source interface-type interface-number | version number ] *
undo ntp-service unicast-server { server-name | ip-address } [ vpn-instance vpn-instance-name ]
Default
No NTP server is specified for the device.
Views
System view
Predefined user roles
network-admin
Parameters
server-name: Specifies the host name of the NTP server, a case-insensitive string of 1 to 253 characters.
ip-address: Specifies the IP address of the NTP server. It must be a unicast address, rather than a broadcast address, a multicast address, or the IP address of the local clock.
vpn-instance vpn-instance-name: Specifies the MPLS L3VPN to which the symmetric-passive peer belongs, where vpn-instance-name is a case-sensitive string of 1 to 31 characters. If the symmetric-passive peer is on a public network, do not specify this option.
authentication-keyid keyid: Specifies the key ID to be used for sending NTP messages to the NTP server, where keyid is in the range of 1 to 4294967295. If the option is not specified, the local device and NTP server do not authenticate each other.
priority: Specifies this NTP server as the first choice under the same condition.
source interface-type interface-number: Specifies the source interface for NTP messages. For an NTP message the local device sends to the NTP server, the source IP address is the primary IP address of this interface. The interface-type interface-number argument represents the interface type and number.
version number: Specifies the NTP version. The value range for the number argument is 1 to 4, and the default is 4.
Usage guidelines
When you specify an NTP server for the device, the device is synchronized to the NTP server, but the NTP server is not synchronized to the device.
To synchronize the PE to a PE or CE in a VPN, provide vpn-instance vpn-instance-name in your command.
If you include vpn-instance vpn-instance-name in the undo ntp-service unicast-peer command, the command removes the symmetric-passive peer with the IP address of ip-address in the specified VPN. If you do not include vpn-instance vpn-instance-name in this command, the command removes the symmetric-passive peer with the IP address of ip-address on the public network.
Examples
# Specify NTP server 10.1.1.1 for the device, and configure the device to run NTP version 4.
<Sysname> system-view
[Sysname] ntp-service unicast-server 10.1.1.1 version 4
Related commands
· ntp-service authentication enable
· ntp-service authentication-keyid
· ntp-service reliable authentication-keyid
SNTP commands
display sntp sessions
Use display sntp sessions to display information about all SNTP associations.
Syntax
display sntp sessions
Views
Any view
Predefined user roles
network-admin
network-operator
Examples
# Display information about all SNTP associations.
<Sysname> display sntp sessions
SNTP server Stratum Version Last receive time
1.0.1.11 2 4 Tue, May 17 2011 9:11:20.833 (Synced)
Table 7 Command output
Field |
Description |
SNTP server |
SNTP server (NTP server). If this field displays 0.0.0.0, the IP address of the NTP server has not been resolved successfully. |
Stratum |
Stratum level of the NTP server, which determines the clock accuracy. It is in the range of 1 to 16. A lower stratum level represents higher clock accuracy. A clock with stratum level 16 is not synchronized. |
Version |
SNTP version. |
Last receive time |
Time when the last message was received. Synced means the local clock is synchronized to the NTP server. |
sntp authentication enable
Use sntp authentication enable to enable SNTP authentication.
Use undo sntp authentication enable to disable SNTP authentication.
Syntax
sntp authentication enable
undo sntp authentication enable
Default
SNTP authentication is disabled.
Views
System view
Predefined user roles
network-admin
Usage guidelines
You need to enable SNTP authentication in networks that require time synchronization security to make sure SNTP clients are only synchronized to authenticated NTP servers.
To authenticate an NTP server, set an authentication key and specify it as a trusted key.
Examples
# Enable SNTP authentication.
<Sysname> system-view
[Sysname] sntp authentication enable
Related commands
· sntp authentication-keyid
· sntp reliable authentication-keyid
sntp authentication-keyid
Use sntp authentication-keyid to set an SNTP authentication key.
Use undo sntp authentication-keyid to remove the SNTP authentication key.
Syntax
sntp authentication-keyid keyid authentication-mode md5 { cipher | simple } value
undo sntp authentication-keyid keyid
Default
No SNTP authentication key is set.
Views
System view
Predefined user roles
network-admin
Parameters
keyid: Specifies a key ID to identify an authentication key, in the range of 1 to 4294967295.
authentication-mode md5 value: Uses the MD5 algorithm for key authentication.
simple: Sets a plaintext authentication key.
cipher: Sets a ciphertext authentication key.
value: Specifies the MD5 authentication key string. If simple is specified, it is a string of 1 to 32 characters. If cipher is specified, it is a string of 1 to 73 characters.
Usage guidelines
You need to enable SNTP authentication in networks that require time synchronization security to make sure SNTP clients are only synchronized to authenticated NTP servers.
Configure the same key ID and key value on the SNTP client and NTP server. Otherwise, the SNTP client cannot be synchronized to the NTP server.
After you configure an SNTP authentication key, use the sntp reliable authentication-keyid command to set it as a trusted key. The key automatically changes to untrusted after you delete the key. In this case, you do not need to execute the undo sntp-service reliable authentication-keyid command.
You can set up to 128 keys by executing the command.
The authentication key, set in either plain text or cipher text, is saved to the configuration file in cipher text.
Examples
# Set an MD5 authentication key, with the key ID of 10 and key value of BetterKey. Input the key in plain text.
<Sysname> system-view
[Sysname] sntp authentication enable
[Sysname] sntp authentication-keyid 10 authentication-mode md5 simple BetterKey
Related commands
· sntp authentication enable
· sntp reliable authentication-keyid
sntp enable
Use sntp enable to enable the SNTP service.
Use undo sntp enable to disable the SNTP service.
Syntax
sntp enable
undo sntp enable
Default
The SNTP service is not enabled.
Views
System view
Predefined user roles
network-admin
Examples
# Enable the SNTP service.
<Sysname> system-view
[Sysname] sntp enable
sntp reliable authentication-keyid
Use sntp reliable authentication-keyid to specify the created authentication key as a trusted key.
Use undo sntp reliable authentication-keyid to remove the specified trusted key.
Syntax
sntp reliable authentication-keyid keyid
undo sntp reliable authentication-keyid keyid
Default
No trust key is specified.
Views
System view
Predefined user roles
network-admin
Parameters
keyid: Specifies an authentication key number in the range of 1 to 4294967295.
Usage guidelines
If SNTP is enabled, the SNTP client is only synchronized to an NTP server that provides a trusted key.
Before you use the command, make sure SNTP authentication is enabled and an authentication key is configured. The key automatically changes to untrusted after you delete the key. In this case, you do not need to execute the undo sntp-service reliable authentication-keyid command.
Examples
# Enable NTP authentication, and specify the MD5 encryption algorithm, with the key ID of 37 and key value of BetterKey.
<Sysname> system-view
[Sysname] sntp authentication enable
[Sysname] sntp authentication-keyid 37 authentication-mode md5 BetterKey
# Specify this key as a trusted key.
[Sysname] sntp reliable authentication-keyid 37
Related commands
· sntp authentication-keyid
· sntp authentication enable
sntp unicast-server
Use sntp unicast-server to specify an NTP server for the device.
Use undo sntp unicast-server to remove the NTP server.
Syntax
sntp unicast-server { server-name | ip-address } [ vpn-instance vpn-instance-name ] [ authentication-keyid keyid | source interface-type interface-number | version number ] *
undo sntp unicast-server { server-name | ip-address } [ vpn-instance vpn-instance-name ]
Default
No NTP server is specified for the device.
Views
System view
Predefined user roles
network-admin
Parameters
server-name: Specifies the host name of the NTP server, a case-insensitive string of 1 to 253 characters.
ip-address: Specifies the IP address of the NTP server. It must be a unicast address, rather than a broadcast address, a multicast address, or the IP address of the local clock.
vpn-instance vpn-instance-name: Specifies the MPLS L3VPN to which the NTP server belongs, where vpn-instance-name is a case-sensitive string of 1 to 31 characters. If the NTP server is on a public network, do not specify this option.
authentication-keyid keyid: Specifies the key ID to be used for sending NTP messages to the NTP server, where keyid is in the range of 1 to 4294967295. If the option is not specified, the local device and NTP server do not authenticate each other.
source interface-type interface-number: Specifies the source interface for NTP messages. In an NTP message the local device sends to the NTP server, the source IP address is the primary IP address of this interface. The interface-type interface-number argument represents the interface type and number.
version number: Specifies the NTP version. The value range for the number argument is 1 to 4, and the default is 4.
Usage guidelines
When you specify an NTP server for the device, the device is synchronized to the NTP server, but the NTP server is not synchronized to the device.
To synchronize the PE to a PE or CE in a VPN, provide vpn-instance vpn-instance-name in your command.
If you include the vpn-instance vpn-instance-name option in the undo ntp-service unicast-server command, the command removes the NTP server with the IP address of ip-address in the specified VPN. If you do not include the vpn-instance vpn-instance-name option in this command, the command removes the NTP server with the IP address of ip-address on the public network.
Examples
# Specify NTP server 10.1.1.1 for the device, and configure the device to run NTP version 4.
<Sysname> system-view
[Sysname] sntp unicast-server 10.1.1.1 version 4
Related commands
· sntp authentication enable
· sntp authentication-keyid
· sntp reliable authentication-keyid
Information center commands
diagnostic-logfile save
Use diagnostic-logfile save to manually save diagnostic logs from the diagnostic log buffer to the diagnostic log file.
Syntax
diagnostic-logfile save
Views
Any view
Predefined user roles
network-admin
mdc-admin
Usage guidelines
You can specify the directory to save the diagnostic log file with the info-center diagnostic-logfile directory command.
The system clears the diagnostic log buffer after saving the buffered diagnostic logs to the diagnostic log file.
Examples
# Manually save diagnostic logs from the diagnostic log buffer to the diagnostic log file.
<Sysname> diagnostic-logfile save
The contents in the diagnostic log file buffer have been saved to the file flash:/ diagfile/diagfile.log.
Related commands
· info-center diagnostic-logfile enable
· info-center diagnostic-logfile directory
display diagnostic-logfile summary
Use display diagnostic-logfile summary to display the diagnostic log file configuration.
Syntax
display diagnostic-logfile summary
Views
Any view
Predefined user roles
network-admin
network-operator
mdc-admin
mdc-operator
Examples
# Display the diagnostic log file configuration.
<Sysname> display diagnostic-logfile summary
Diagnostic log file: Enabled.
Diagnostic log file size quota: 10 MB
Diagnostic log file directory: flash:/diagfile
Writing frequency: 24 hour 0 min 0 sec
Table 8 Command output
Field |
Description |
Diagnostic log file |
· Enabled—Diagnostic logs can be output to the diagnostic log file. · Disabled—Diagnostic logs cannot be output to the diagnostic log file. |
Diagnostic log file size quota |
Maximum size of the diagnostic log file, in MB. |
Log file directory |
Directory where the diagnostic log file is saved. |
Writing frequency |
Interval at which the diagnostic log file is saved. |
display info-center
Use display info-center to display information center configuration information.
Syntax
display info-center
Views
Any view
Predefined user roles
network-admin
network-operator
mdc-admin
mdc-operator
Examples
# Display information center configuration.
<Sysname> display info-center
Information Center: Enabled
Console: Enabled
Monitor: Enabled
Log host: Enabled
IP address: 192.168.0.1, port number: 5000, host facility: local7
IP address: 192.168.0.2, port number: 5001, host facility: local5
Log buffer: Enabled
Max buffer size 1024, current buffer size 512,
Current messages 0, dropped messages 0, overwritten messages 0
Log file: Enabled
Security log file: Enabled
Information timestamp format:
Loghost: Date
Other output destination: Date
display logbuffer
Use display logbuffer to display the state of the log buffer and the log information in the log buffer.
Syntax
In standalone mode:
display logbuffer [ reverse ] [ level severity | size buffersize | slot slot-number ] *
In IRF mode:
display logbuffer [ reverse ] [ level severity | size buffersize | chassis chassis-number slot slot-number ] *
Views
Any view
Predefined user roles
network-admin
network-operator
mdc-admin
mdc-operator
Parameters
reverse: Displays log entries chronologically, with the most recent entry at the top. Without this keyword, the command displays log entries chronologically, with the oldest entry at the top.
level severity: Specifies a severity level in the range of 0 to 7. Without this keyword, the command displays log information for all levels.
Severity value |
Level |
Description |
Corresponding keyword in commands |
0 |
Emergency |
The system is unusable. For example, the system authorization has expired. |
emergency |
1 |
Alert |
Action must be taken immediately. For example, traffic on an interface exceeds the upper limit. |
alert |
2 |
Critical |
Critical condition. For example, the device temperature exceeds the upper limit, the power module fails, or the fan tray fails. |
critical |
3 |
Error |
Error condition. For example, the link state changes. |
error |
4 |
Warning |
Warning condition. For example, an interface is disconnected, or the memory resources are used up. |
warning |
5 |
Notification |
Normal but significant condition. For example, a terminal logs in to the device, or the device reboots. |
notification |
6 |
Informational |
Informational message. For example, a command or a ping operation is executed. |
informational |
7 |
Debug |
Debugging message. |
debugging |
size buffersize: Specifies the number of latest log messages to be displayed, in the range of 1 to 1024. Without this keyword, the command displays all log information.
slot slot-number: Specifies a card by its slot number. (In standalone mode.)
chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument specifies the ID of the member device. The slot-number argument specifies the slot number of the card. (In IRF mode.)
Examples
# (In standalone mode.) Display the state and log information of the log buffer.
<Sysname> display logbuffer slot 1
Log buffer: Enabled
Max buffer size: 1024
Actual buffer size: 512
Dropped messages: 0
Overwritten messages: 0
Current messages: 127
%Jun 19 18:03:24:55 2006 Sysname SYSLOG /7/SYS_RESTART:System restarted
…
# (In IRF mode.) Display the state and log information of the log buffer.
<Sysname> display logbuffer chassis 0 slot 1
Log buffer: Enabled
Max buffer size: 1024
Actual buffer size: 512
Dropped messages: 0
Overwritten messages: 0
Current messages: 127
%Jun 19 18:03:24:55 2006 Sysname SYSLOG/7/SYS_RESTART:System restarted
…
Table 10 Command output
Field |
Description |
Log buffer |
· Enabled—Logs can be output to the log buffer. · Disabled—Logs cannot be output to the buffer. |
Max buffer size |
Maximum number of logs that can be stored in the log buffer. |
Actual buffer size |
Actual number of logs that can be stored in the log buffer. (This value is specified with the info-center logbuffer size command.) |
Dropped messages |
Number of dropped messages. |
Overwritten messages |
Number of overwritten messages. |
Current messages |
Number of current messages. |
Related commands
· info-center logbuffer
· reset logbuffer
display logbuffer summary
Use display logbuffer summary to display the summary of the log buffer.
Syntax
In standalone mode:
display logbuffer summary [ level severity | slot slot-number ] *
In IRF mode:
display logbuffer summary [ level severity | chassis chassis-number slot slot-number ] *
Views
Any view
Predefined user roles
network-admin
network-operator
mdc-admin
mdc-operator
Parameters
level severity: Specifies a severity level in the range of 0 to 7. Without this keyword, the command displays log information of all levels in the log buffer. For more information about log levels, see Table 9.
slot slot-number: Specifies a card by its slot number. (In standalone mode.)
chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument specifies the ID of the member device. The slot-number argument specifies the slot number of the card. (In IRF mode.)
Examples
# (In standalone mode.) Display the summary of the log buffer.
<Sysname> display logbuffer summary
SLOT EMERG ALERT CRIT ERROR WARN NOTIF INFO DEBUG
0 0 0 0 0 0 0 0 0
1 0 0 0 0 0 0 0 0
2 0 0 0 0 0 0 0 0
3 0 0 0 0 0 0 0 0
4 0 0 0 0 0 0 0 0
5 0 0 0 0 0 0 0 0
6 0 0 0 0 0 0 0 0
7 0 0 0 0 0 0 0 0
8 0 0 0 0 0 0 0 0
9 0 0 0 0 0 0 0 0
10 0 0 0 0 0 0 0 0
11 0 0 0 0 0 0 0 0
12 0 0 0 0 0 0 0 0
13 0 0 0 0 0 0 0 0
14 0 0 0 0 0 0 0 0
15 0 0 0 0 0 0 0 0
16 0 0 0 0 0 0 0 0
17 0 0 111 87 2 48 264 0
18 0 0 0 0 0 0 0 0
19 0 0 0 0 0 0 0 0
20 0 0 0 0 0 0 0 0
21 0 0 0 0 0 0 0 0
22 0 0 0 0 0 0 0 0
23 0 0 0 0 0 0 0 0
# (In IRF mode.) Display the summary of the log buffer.
<Sysname> display logbuffer summary
CHASSIS SLOT EMERG ALERT CRIT ERROR WARN NOTIF INFO DEBUG
1 0 0 0 0 0 0 0 0 0
1 1 0 0 0 0 0 0 0 0
1 2 0 0 0 0 0 0 0 0
1 3 0 0 0 0 0 0 0 0
1 4 0 0 0 0 0 0 0 0
1 5 0 0 0 0 0 0 0 0
1 6 0 0 0 0 0 0 0 0
1 7 0 0 0 0 0 0 0 0
1 8 0 0 0 0 0 0 0 0
1 9 0 0 0 0 0 0 0 0
1 10 0 0 0 0 0 0 0 0
1 11 0 0 0 0 0 0 0 0
1 12 0 0 0 0 0 0 0 0
1 13 0 0 0 0 0 0 0 0
1 14 0 0 0 0 0 0 0 0
1 15 0 0 0 0 0 0 0 0
1 16 0 0 0 0 0 0 0 0
1 17 0 0 111 87 2 48 264 0
1 18 0 0 0 0 0 0 0 0
1 19 0 0 0 0 0 0 0 0
1 20 0 0 0 0 0 0 0 0
1 21 0 0 0 0 0 0 0 0
1 22 0 0 0 0 0 0 0 0
1 23 0 0 0 0 0 0 0 0
Table 11 Command output
Field |
Description |
CHASSIS |
IRF member device ID. (In IRF mode.) |
SLOT |
Slot number of the card. |
EMERG |
Represents emergency. For more information, see Table 9. |
ALERT |
Represents alert. For more information, see Table 9. |
CRIT |
Represents critical. For more information, see Table 9. |
ERROR |
Represents error. For more information, see Table 9. |
WARN |
Represents warning. For more information, see Table 9. |
NOTIF |
Represents notification. For more information, see Table 9. |
INFO |
Represents informational. For more information, see Table 9. |
DEBUG |
Represents debug. For more information, see Table 9. |
display logfile summary
Use display logfile summary to display the log file configuration.
Syntax
display logfile summary
Views
Any view
Predefined user roles
network-admin
network-operator
mdc-admin
mdc-operator
Examples
# Display the log file configuration.
<Sysname> display logfile summary
Log file: Enabled.
Log file size quota: 10 MB
Log file directory: flash:/logfile
Writing frequency: 0 hour 1 min 10 sec
Table 12 Command output
Field |
Description |
Log file |
· Enabled—Logs can be output to a log file. · Disabled—Logs cannot be output to a log file. |
Log file size quota |
Maximum storage size of a log file, in MB. |
Log file directory |
Log file directory. |
Writing frequency |
Interval at which the log file is saved. |
enable log updown
Use enable log updown to enable an interface to generate link up or link down logs when the interface state changes.
Use undo enable log updown to disable an interface from generating link up or link down logs when the interface state changes.
Syntax
enable log updown
undo enable log updown
Default
All interfaces are allowed to generate link up and link down logs.
Views
Interface view
Predefined user roles
network-admin
network-operator
mdc-admin
mdc-operator
Examples
# Disable port FortyGigE 1/0/1 from generating link up or link down logs.
<Sysname> system-view
[Sysname] interface fortygige 1/0/1
[Sysname-FortyGigE1/0/1] undo enable log updown
info-center diagnostic-logfile enable
Use info-center diagnostic-logfile enable to enable saving diagnostic logs into the diagnostic log file.
Use undo info-center diagnostic-logfile enable to disable saving diagnostic logs into the diagnostic log file.
Syntax
info-center diagnostic-logfile enable
undo info-center diagnostic-logfile enable
Default
Saving diagnostic logs to the diagnostic log file is disabled.
Views
System view
Predefined user roles
network-admin
mdc-admin
Usage guidelines
This command enables the system to save generated diagnostic logs to the diagnostic log file for centralized management. This facilitates users in monitoring device activities and debugging problems.
Examples
# Enable saving diagnostic logs into the diagnostic log file.
<Sysname> system-view
[Sysname] info-center diagnostic-logfile enable
info-center diagnostic-logfile frequency
Use info-center diagnostic-logfile frequency to configure the interval at which the system saves diagnostic logs from the diagnostic log buffer to the diagnostic log file.
Use undo info-center diagnostic-logfile frequency to restore the default saving interval.
Syntax
info-center diagnostic-logfile frequency freq-sec
undo info-center diagnostic-logfile frequency
Default
The default saving interval is 86400 seconds.
Views
System view
Predefined user roles
network-admin
mdc-admin
Parameters
freq-sec: Specifies the interval at which the system saves diagnostic logs from the diagnostic log file buffer to the diagnostic log file, in seconds. The value range is 10 to 86400, and the default is 86400.
Usage guidelines
The system saves diagnostic logs in the diagnostic log buffer, and outputs the buffered diagnostic logs to the diagnostic log file at the specified interval.
Examples
# Configure the system to save diagnostic logs from the diagnostic log file buffer to the diagnostic log file every 600 seconds.
<Sysname> system-view
[Sysname] info-center diagnostic-logfile frequency 600
Related commands
info-center diagnostic-logfile enable
info-center diagnostic-logfile quota
Use info-center diagnostic-logfile quota to set the maximum size of the diagnostic log file.
Use undo info-center diagnostic-logfile quota to restore the default.
Syntax
info-center diagnostic-logfile quota size
undo info-center diagnostic-logfile quota
Default
The maximum size of the diagnostic log file is 10 MB.
Views
System view
Predefined user roles
network-admin
mdc-admin
Parameters
size: Specifies the maximum size of the diagnostic log file, in the range of 1 to 10 MB.
Examples
# Set the maximum size of the diagnostic log file to 6 MB.
<Sysname> system-view
[Sysname] info-center diagnostic-logfile quota 6
info-center diagnostic-logfile directory
Use info-center diagnostic-logfile directory to configure the directory to save the diagnostic log file.
Syntax
info-center diagnostic-logfile directory dir-name
Default
The diagnostic log file is saved in the diagfile directory under the root directory of the storage device.
Views
System view
Predefined user roles
network-admin
mdc-admin
Parameters
dir-name: Specifies a directory by its name, a string of 1 to 511 characters.
Usage guidelines
The specified directory must have been created.
This command cannot survive a reboot or an active/standby switchover. (In standalone mode.)
This command cannot survive an IRF reboot or a global active/standby switchover in an IRF fabric. (In IRF mode.)
Examples
# Set the directory to save the diagnostic log file to flash:/test.
<Sysname> mkdir test
Creating directory flash:/test... Done.
<Sysname> system-view
[Sysname] info-center diagnostic-logfile directory flash:/test
info-center logfile overwrite-protection
Use info-center logfile overwrite-protection to enable log file overwrite-protection. When the log file is full or the storage device runs out of space, the device does not write new logs into the log file.
Use undo info-center logfile overwrite-protection to disable log file overwrite-protection. When the log file is full or the storage device runs out of space, the device overwrites the earliest logs in the log file with new logs.
Syntax
info-center logfile overwrite-protection [ all-port-powerdown ]
undo info-center logfile overwrite-protection
Default
Logfile overwrite-protection is disabled.
Views
System view
Predefined user roles
network-admin
mdc-admin
Parameters
all-port-powerdown: Shuts down all the physical ports except for the management port and IRF ports when the log file is full or the storage device runs out of space.
Usage guidelines
This command is supported only in FIPS mode.
If the all-port-powerdown keyword is specified in this command, the device shuts down all the physical ports except for the management port and IRF ports when the log file is full or the storage device runs out of space. When this occurs, back up the log file, delete the original log file to release the storage space, and then bring up the ports.
Examples
# Enable log file overwrite-protection.
<Sysname> system-view
[Sysname] info-center logfile overwrite-protection
info-center enable
Use info-center enable to enable the information center.
Use undo info-center enable to disable the information center.
Syntax
info-center enable
undo info-center enable
Default
The information center is enabled.
Views
System view
Predefined user roles
network-admin
mdc-admin
Examples
# Enable the information center.
<Sysname> system-view
[Sysname] info-center enable
Information center is enabled.
info-center format
Use info-center format to set the format of logs sent to a log host.
Use undo info-center format to restore the default.
Syntax
info-center format { unicom | cmcc }
undo info-center format
Default
Logs are sent to a log host in H3C format.
Views
System view
Predefined user roles
network-admin
mdc-admin
Parameters
unicom: Specifies the unicom format.
cmcc: Specifies the China Mobile Communications Corporation (cmcc) format.
Usage guidelines
Logs can be sent to a log host in H3C, unicom, or cmcc format. For more information about log formats, see Network Management and Monitoring Configuration Guide.
Examples
# Set the log format to unicom for logs sent to a log host.
<Sysname> system-view
[Sysname] info-center format unicom
info-center logbuffer
Use info-center logbuffer to configure log output to the log buffer.
Use undo info-center logbuffer to disable log output to the log buffer.
Syntax
info-center logbuffer
undo info-center logbuffer
Default
Logs are allowed to be output to the log buffer.
Views
System view
Predefined user roles
network-admin
mdc-admin
Examples
# Configure output of log information to the log buffer.
<Sysname> system-view
[Sysname] info-center logbuffer
· display logbuffer
· info-center enable
info-center logbuffer size
Use info-center logbuffer size to set the maximum number of logs that can be stored in the log buffer.
Use undo info-center logbuffer size to restore the default.
Syntax
info-center logbuffer size buffersize
undo info-center logbuffer size
Default
The log buffer can store up to 512 logs.
Views
System view
Predefined user roles
network-admin
mdc-admin
Parameters
buffersize: Specifies the maximum number of logs that can be stored in the log buffer. The value range is 0 to 65535, and the default is 512.
Examples
# Set the maximum number of logs that can be stored in a log buffer to 50.
<Sysname> system-view
[Sysname] info-center logbuffer size 50
# Restore the default maximum log buffer size.
<Sysname> system-view
[Sysname] undo info-center logbuffer size
Related commands
· display logbuffer
· info-center enable
info-center logfile enable
Use info-center logfile enable to enable the log file feature.
Use undo info-center logfile enable to disable the log file feature.
Syntax
info-center logfile enable
undo info-center logfile enable
Default
The log file feature is enabled.
Views
System view
Predefined user roles
network-admin
mdc-admin
Examples
# Enable the output of logs to a log file.
<Sysname> system-view
[Sysname] info-center logfile enable
info-center logfile frequency
Use info-center logfile frequency to configure the interval for saving logs to the log file.
Use undo info-center logfile frequency to restore the default saving interval.
Syntax
info-center logfile frequency freq-sec
undo info-center logfile frequency
Default
The default saving interval is 86400 seconds.
Views
System view
Predefined user roles
network-admin
mdc-admin
Parameters
freq-sec: Specifies the interval at which the system saves logs to the log file, in the range of 1 to 86400 seconds. The default setting is 86400 seconds.
Usage guidelines
With this command executed, the system saves logs in the log file buffer to the log file at the specified interval.
Examples
# Set the log file saving interval to 60000 seconds.
<Sysname> system-view
[Sysname] info-center logfile frequency 60000
Related commands
info-center logfile enable
info-center logfile size-quota
Use info-center logfile size-quota to set the maximum size of the log file.
Use undo info-center logfile size-quota to restore the default.
Syntax
info-center logfile size-quota size
undo info-center logfile size-quota
Default
The maximum size of the log file is 10 MB.
Views
System view
Predefined user roles
network-admin
mdc-admin
Parameters
size: Specifies the maximum size of the log file, in MB.
Usage guidelines
When the log file is full, the system overwrites the earliest logs in the log file with new logs.
Examples
# Set the maximum size of the log file to 6 MB.
<Sysname> system-view
[Sysname] info-center logfile size-quota 6
Related commands
info-center logfile enable
info-center logfile directory
Use info-center logfile directory to configure the directory where the log file is saved.
Syntax
info-center logfile directory dir-name
Default
The log file is saved in the flash:/logfile directory.
Views
System view
Predefined user roles
network-admin
mdc-admin
Parameters
dir-name: Specifies a directory by its name, a string of 1 to 511 characters.
Usage guidelines
The specified directory must have been created.
The suffix of a log file is .log. When the default directory has no enough space for storing the log file, you can specify a new directory for the log file.
This command cannot survive a reboot or an active/standby switchover. (In standalone mode.)
This command cannot survive an IRF reboot or a global active/standby switchover in an IRF fabric. (In IRF mode.)
Examples
# Create a directory named test under the root directory of the flash.
<Sysname> mkdir test
Creating directory flash:/test... Done.
# Set the directory to save the log file to flash:/test.
<Sysname> system-view
[Sysname] info-center logfile directory flash:/test
Related commands
info-center logfile enable
info-center logging suppress duplicates
Use info-center logging suppress duplicates to enable duplicate log suppression.
Use undo info-center logging suppress duplicate to restore the default.
Syntax
info-center logging suppress duplicates
undo info-center logging suppress duplicates
Default
Duplicate log suppression is disabled.
Views
System view
Predefined user roles
network-admin
mdc-admin
Usage guidelines
Outputting consecutive duplicate logs at an interval of less than 30 seconds wastes system and network resources.
With this feature enabled, the system starts a suppression period when outputting a new log:
· During the suppression period, the system does not output logs with the same module name, level, mnemonic, location, and text as the previous log.
· After the suppression period expires, if the same log continues to appear, the system outputs the suppressed logs and the log number and starts another suppression period. The suppression period is 30 seconds the first time, 2 minutes the second time, and 10 minutes for subsequent times.
· If a different log is generated during the suppression period, the system aborts the current suppression period, outputs suppressed logs and the log number and then outputs the new log, starting another suppression period.
Examples
Suppose the IP address of Vlan-interface100 on device A conflicts with that of another device on the network, device A will output the following log information repeatedly:
%Jan 1 07:27:48:636 2000 Sysname ARP/6/DUPIFIP:
Duplicate address 172.16.0.1 on interface Vlan-interface100, sourced from 00e0-fc58-123d
# Enable duplicate log suppression on device A.
<Sysname> system-view
[Sysname] info-center logging suppress duplicates
Device A continues to output the following log information:
%Jan 1 07:27:48:636 2000 Sysname ARP/6/DUPIFIP:
Duplicate address 172.16.0.1 on interface Vlan-interface100, sourced from 00e0-fc58-123d
%Jan 1 07:28:19:639 2000 Sysname ARP/6/DUPIFIP:
Duplicate address 172.16.0.1 on interface Vlan-interface100, sourced from 00e0-fc58-123d
This message repeated 4 times in last 30 seconds.
The output shows that after the duplicate log suppression function is enabled, the system outputs another duplicate log and starts the first suppression period for 30 seconds.
%Jan 1 07:30:19:643 2000 Sysname ARP/6/DUPIFIP:
Duplicate address 172.16.0.1 on interface Vlan-interface100, sourced from 00e0-fc58-123d
This message repeated 20 times in last 2 minutes.
The output shows the second suppression period lasts for 2 minutes.
%Jan 1 07:30:20:541 2000 Sysname ARP/6/DUPIFIP:
Duplicate address 172.16.0.1 on interface Vlan-interface100, sourced from 00e0-fc58-123d
This message repeated 1 times in last 1 second.
%Jan 1 07:30:19:542 2000 Sysname CFGMAN/5/CFGMAN_CFGCHANGED: -EventIndex=[12]-CommandSource=[2]-ConfigSource=[4]-ConfigDestination=[2]; Configuration is changed.
The output shows that a different log is generated during the suppression period.
%Jan 1 07:30:24:643 2000 Sysname ARP/6/DUPIFIP:
Duplicate address 172.16.0.1 on interface Vlan-interface100, sourced from 00e0-fc58-123d
%Jan 1 07:30:55:645 2000 Sysname ARP/6/DUPIFIP:
Duplicate address 172.16.0.1 on interface Vlan-interface100, sourced from 00e0-fc58-123d
This message repeated 4 times in last 30 seconds.
The output shows that the system starts another suppression period.
info-center loghost
Use info-center loghost to specify a log host and to configure output parameters.
Use undo info-center loghost to restore the default.
Syntax
info-center loghost [ vpn-instance vpn-instance-name ] loghost [ port port-number ] [ facility local-number ]
undo info-center loghost [ vpn-instance vpn-instance-name ] loghost
Default
No log host is specified.
Views
System view
Predefined user roles
network-admin
mdc-admin
Parameters
vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters. If the log host is on the public network, do not specify this option.
loghost: Specifies the IPv4 address or name of a log host.
port port-number: Specifies the port number of the log host, in the range of 1 to 65535. The default is 514. It must be the same as the value configured on the log host. Otherwise, the log host cannot receive system information.
facility local-number: Specifies a logging facility from local0 to local7 for the log host. The default value is local7. Logging facilities are used to mark different logging sources, and query and filer logs.
Usage guidelines
The info-center loghost command takes effect only after information center is enabled with the info-center enable command.
The device supports up to four log hosts.
Examples
# Output logs to the log host 1.1.1.1.
<Sysname> system-view
[Sysname] info-center loghost 1.1.1.1
info-center loghost source
Use info-center loghost source to specify the source IP address for output logs.
Use undo info-center loghost source to restore the default.
Syntax
info-center loghost source interface-type interface-number
undo info-center loghost source
Default
The source IP address of output logs is the primary IP address of the matching route's egress interface.
Views
System view
Predefined user roles
network-admin
mdc-admin
Parameters
interface-type interface-number: Specifies the egress interface for logs by the interface type and interface number.
Usage guidelines
The system uses the primary IP address of the specified egress interface as the source IP address of log information no matter which physical interface is used to output the logs.
The info-center loghost source command takes effect only after the information center is enabled with the info-center enable command.
Examples
# Specify the IP address of interface loopback 0 as the source IP address of logs.
<Sysname> system-view
[Sysname] interface loopback 0
[Sysname-LoopBack0] ip address 2.2.2.2 32
[Sysname-LoopBack0] quit
[Sysname] info-center loghost source loopback 0
info-center source
Use info-center source to configure a log output rule for a module.
Use undo info-center source to restore the default.
Syntax
info-center source { module-name | default } { console | logbuffer | logfile | loghost | monitor } { deny | level severity }
undo info-center source { module-name | default } { console | logbuffer | logfile | loghost | monitor }
Default
Table 9 lists the default output rules.
Table 13 Default output rules
Destination |
Source modules |
Common log |
Diagnostic log |
Hidden log |
Console |
All supported modules |
debugging |
Disabled |
Disabled |
Monitor terminal |
All supported modules |
debugging |
Disabled |
Disabled |
Log host |
All supported modules |
informational |
Disabled |
informational |
Log buffer |
All supported modules |
informational |
Disabled |
informational |
Log file |
All supported modules |
informational |
Disabled |
informational |
Diagnostic log file |
All supported modules, cannot be filtered |
Disabled |
Debugging, which cannot be filtered |
Disabled |
Views
System view
Predefined user roles
network-admin
mdc-admin
Parameters
module-name: Specifies a module by its name. For instance, to output FTP information, specify this argument as FTP. You can use the info-center source ? command to view the modules supported by the device.
default: Specifies all modules, which can be displayed by using the info-center source ? command.
console: Outputs logs to the console.
logbuffer: Outputs logs to the log buffer.
logfile: Outputs logs to a log file.
loghost: Outputs logs to the log host.
monitor: Outputs logs to the monitor terminal.
deny: Disables log output.
level severity: Specifies a severity level in the range of 0 to 7. The smaller the severity value, the higher the severity level. See Table 9 for more information. Logs at the specified severity level and higher levels are allowed or denied to be output.
Usage guidelines
If you do not set an output rule for a module, the module uses the default output rule or the output rule set by using the default keyword.
If you use the command multiple times, only the most recent output rule takes effect for the specified module.
After you set an output rule for a module, you must use the module-name argument to modify or remove the rule. A new output rule configured by using the default keyword does not take effect on the module.
Examples
# Output only VLAN module's information with a severity level of at least emergency to the console.
<Sysname> system-view
[Sysname] info-center source default console deny
[Sysname] info-center source vlan console level emergency
# Based on the previous configuration, disable output of VLAN module's information to the console so no system information is output to the console.
<Sysname> system-view
[Sysname] undo info-center source vlan console
info-center synchronous
Use info-center synchronous to enable synchronous information output.
Use undo info-center synchronous to disable synchronous information output.
Syntax
info-center synchronous
Default
Synchronous information output is disabled.
Views
System view
Predefined user roles
network-admin
mdc-admin
Usage guidelines
The system log output interrupts ongoing configuration operations, obscuring previously input commands before the logs. Synchronous information output can show the previous input after log output. It also provides a command prompt in command editing mode, or a [Y/N] string in interaction mode so you can continue your operation from where you were stopped.
Examples
# Enable synchronous information output, and then issue the display current-configuration command to view the current configuration of the device.
<Sysname> system-view
[Sysname] info-center synchronous
Info-center synchronous output is on
[Sysname] display current-
At this time, the system receives log information. It displays the log information first, and then displays your previous input, which is display current- in this example.
%May 21 14:33:19:425 2007 Sysname SHELL/4/LOGIN: VTY login from 192.168.1.44
[Sysname] display current-
Enter configuration to complete the display current-configuration command, and press the Enter key to execute the command.
# Enable synchronous information output, and then save the current configuration (enter interactive information).
<Sysname> system-view
[Sysname] info-center synchronous
Info-center synchronous output is on
[Sysname] save
The current configuration will be written to the device. Are you sure? [Y/N]:
At this time, the system receives the log information. It displays the log information first and then displays [Y/N].
%May 21 14:33:19:425 2007 Sysname SHELL/4/LOGIN: VTY login from 192.168.1.44
[Y/N]:
Enter Y or N to complete your input.
info-center syslog min-age
Use info-center syslog min-age to set the minimum storage period for logs in the log buffer and log file.
Use undo info-center syslog min-age to restore the default.
Syntax
info-center syslog min-age min-age
undo info-center syslog min-age
Default
The log minimum storage period is not set.
Views
System view
Predefined user roles
network-admin
mdc-admin
Parameters
min-age: Sets the log minimum storage period in hours. The value range is 1 to 8760.
Examples
# Set the log minimum storage period to 168 hours.
<Sysname> system-view
[Sysname] info-center syslog min-age 168
info-center timestamp
Use info-center timestamp to configure the timestamp format for logs sent to the console, monitor terminal, log buffer, and log file.
Use undo info-center timestamp to restore the default.
Syntax
info-center timestamp { boot | date | none }
undo info-center timestamp
Default
The timestamp format for logs sent to the console, monitor terminal, log buffer, and log file is date.
Views
System view
Predefined user roles
network-admin
mdc-admin
Parameters
boot: Sets the timestamp format to xxx.yyy, where xxx is the most significant 32 bits (in milliseconds) and yyy is the least significant 32 bits. For example, 0.21990989 equals Jun 25 14:09:26:881 2007. The boot time shows the time since system startup.
date: Sets the timestamp format to MMM DD hh:mm:ss:xxx YYYY, such as Dec 8 10:12:21:708 2007. The date time shows the current system time.
· MMM: Abbreviations of the months in English, which could be Jan, Feb, Mar, Apr, May, Jun, Jul, Aug, Sep, Oct, Nov, or Dec.
· DD: Date, starting with a space if it is less than 10, for example " 7".
· hh:mm:ss:xxx: Local time, with hh in the range of 00 to 23, mm and ss in the range of 00 to 59, and xxx in the range of 0 to 999.
· YYYY: Year.
none: Indicates no time information is provided.
Examples
# Set the timestamp format to boot for logs sent to the console, monitor terminal, log buffer, and log file.
<Sysname> system-view
[Sysname] info-center timestamp boot
Related commands
info-center timestamp loghost
info-center timestamp loghost
Use info-center timestamp loghost to configure the timestamp format for logs sent to log hosts.
Use undo info-center timestamp loghost to restore the default.
Syntax
info-center timestamp loghost { date | iso | no-year-date | none }
undo info-center timestamp loghost
Default
The timestamp format for logs sent to log hosts is date.
Views
System view
Predefined user roles
network-admin
mdc-admin
Parameters
date: Sets the timestamp format to mmm dd hh:mm:ss yyyy, such as Dec 8 10:12:21 2007. The date time shows the current system time.
iso: Sets the ISO 8601 timestamp format, for example, 2009-09-21T15:32:55.
no-year-date: Sets the timestamp format to the current system date and time without year.
none: Indicates that no timestamp information is provided.
Examples
# Set the timestamp format to no-year-date for logs sent to log hosts.
<Sysname> system-view
[Sysname] info-center timestamp loghost no-year-date
Related commands
info-center timestamp
info-center trace-logfile quota
Use info-center trace-logfile quota to set the maximum size of the trace log file.
Use undo info-center trace-logfile quota to restore the default.
Syntax
info-center trace-logfile quota size
undo info-center trace-logfile quota
Default
The maximum size of the trace log file is 1 MB.
Views
System view
Predefined user roles
network-admin
mdc-admin
Parameters
size: Specifies the maximum size of the trace log file, in MB.
Examples
# Set the maximum size of the trace log file to 6 MB.
<Sysname> system-view
[Sysname] info-center trace-logfile quota 6
logfile save
Use logfile save to manually save logs in the log file buffer into the log file.
Syntax
logfile save
Views
Any view
Predefined user roles
network-admin
mdc-admin
Usage guidelines
You can specify the directory to save the log file with the info-center logfile directory command.
The system clears the log file buffer after saving logs from the buffer to the log file automatically or manually.
Examples
# Manually save logs from the log file buffer into the log file.
<Sysname> logfile save
The contents in the log file buffer have been saved to the file flash:/logfile/logfile.log.
Related commands
· info-center logfile enable
· info-center logfile directory
reset logbuffer
Use reset logbuffer to clear the log buffer.
Syntax
reset logbuffer
Views
User view
Predefined user roles
network-admin
mdc-admin
Examples
# Clear the log buffer.
<Sysname> reset logbuffer
Related commands
display logbuffer
terminal debugging
Use terminal debugging to enable the display of debug information on the current terminal.
Use undo terminal debugging to disable the display of debug information on the current terminal.
Syntax
terminal debugging
undo terminal debugging
Default
The display of debug information is disabled on the current terminal.
Views
User view
Predefined user roles
network-admin
mdc-admin
Usage guidelines
To view the debug information on the console, execute the terminal debugging command, enable the information center (enabled by default), and use a debugging command to enable the related debugging.
To view debug information on the current terminal, execute the terminal monitor and terminal debugging commands, enable the information center (enabled by default), and use a debugging command to enable the related debugging.
The configuration of this command is only valid for the current connection between the terminal and the device. If a new connection is established, the default is restored.
You can also execute the terminal logging level 7 command to enable the display of debug information on the current terminal. However, this command also enables the display of all other log information.
Examples
# Enable the display of debug information on the current terminal.
<Sysname> terminal debugging
The current terminal is enabled to display debugging information.
Related commands
· terminal logging level
· terminal monitor
terminal logging level
Use terminal logging level to set the lowest level of the logs that can be output to the current terminal.
Use undo terminal logging level to restore the default.
Syntax
terminal logging level severity
undo terminal logging level
Default
The lowest level of the logs that can be output to the console and the monitor terminal is 6 (Informational).
Views
User view
Predefined user roles
network-admin
mdc-admin
Parameters
severity: Specifies the lowest level of the logs that can be output to the current terminal, in the range of 0 to 7.
Usage guidelines
If you specify the lowest level of the logs that can be output to the current terminal, the device outputs the logs with a severity level higher than or equal to the specified level. For example, if you set the lowest level of the logs that can be output to the current terminal to 6 (informational), logs with a severity value from 0 to 6 will be output.
The configuration of this command is valid for only the current connection between the terminal and the device. If a new connection is established, the display of logs on the terminal restores the default.
Examples
# Set the lowest level of the logs that can be output on the monitor terminal to 7 (Debugging).
<Sysname> terminal logging level 7
terminal monitor
Use terminal monitor to enable the monitoring of logs on the current terminal.
Use undo terminal monitor to disable the monitoring of logs on the current terminal.
Syntax
terminal monitor
undo terminal monitor
Default
Monitoring of logs is enabled on the console and disabled on the monitor terminal.
Views
User view
Predefined user roles
network-admin
mdc-admin
Usage guidelines
The configuration of this command is valid for only the current connection between the terminal and the device. If a new connection is established, the monitoring of system information on the terminal restores the default.
Examples
# Enable the monitoring of logs on the current terminal.
<Sysname> terminal monitor
Current terminal monitor is on.
SNMP commands
The device supports the FIPS mode that complies with NIST FIPS 140-2 requirements. Support for features, commands, and parameters might differ in FIPS mode and non-FIPS mode. For more information about FIPS mode, see Security Configuration Guide.
The SNMP agent sends notifications (traps and informs) to inform the NMS of significant events, such as link state changes and user logins or logouts. Unless otherwise stated, the trap keyword in the command line includes both traps and informs.
display snmp-agent community
Use display snmp-agent community to display SNMPv1 or SNMPv2c community information.
Syntax
display snmp-agent community [ read | write ]
Views
Any view
Predefined user roles
network-admin
network-operator
mdc-admin
mdc-operator
Parameters
read: Displays information about SNMP read-only communities.
write: Displays information about SNMP read and write communities.
Usage guidelines
This command is supported only in non-FIPS mode.
If no keyword is specified, this command displays information about all SNMPv1 and SNMPv2c communities that have been created, including those configured with the snmp-agent community command and those automatically created by the system for SNMPv1 and SNMPv2c users that have been assigned to an existing SNMP group.
Examples
# Display information about all SNMPv1 and SNMPv2c communities.
<Sysname> display snmp-agent community
Community name: aa
Group name: aa
ACL:2001
Storage-type: nonVolatile
Context name: con1
Community name: bb
Group name: bb
Storage-type: nonVolatile
Community name: userv1
Group name: testv1
Storage-type: nonVolatile
Field |
Description |
Community name |
Displays the community name created by using the snmp-agent community command or the username created by using the snmp-agent usm-user { v1 | v2c } command. |
Group name |
SNMP group name. · If the community is created by using the snmp-agent community command, the group name is the same as the community name. · If the community is created by using the snmp-agent usm-user { v1 | v2c } command, the name of the group that has the user is displayed. |
User role name for the community. If the community is created by using the snmp-agent community command in RBAC mode, a user role can be bound to the community name. |
|
ACL |
Number of the ACL that controls the access of the NMSs in the community to the device. Only the NMSs with the IP addresses permitted in the ACL can access the device with the community name. |
Storage-type |
Storage type: · volatile—Settings are lost when the system reboots. · nonVolatile—Settings remain after the system reboots. · permanent—Settings remain after the system reboots and can be modified but not deleted. · readOnly—Settings remain after the system reboots and cannot be modified or deleted. · other—Any other storage type. |
Context name |
SNMP context: · If a mapping between an SNMP community and an SNMP context is configured, the SNMP context is displayed. · If no mapping between an SNMP community and an SNMP context exists, this field is not displayed. |
Related commands
· snmp-agent community
· snmp-agent usm-user { v1 | v2c }
display snmp-agent context
Use display snmp-agent context to display an SNMP context.
Syntax
display snmp-agent context [ context-name ]
Views
Any view
Predefined user roles
network-admin
network-operator
mdc-admin
mdc-operator
Parameters
context-name: Specifies an SNMP context by its name, a case-sensitive string of 1 to 32 characters. If no SNMP context is specified, the command displays all SNMP contexts created on the device.
Examples
# Display all SNMP contexts created on the device.
<Sysname> display snmp-agent context
snmpcontext
infocontext
Related commands
snmp-agent context
display snmp-agent group
Use display snmp-agent group to display SNMP group information, including the group name, security model, MIB view, and storage-type.
Syntax
display snmp-agent group [ group-name ]
Views
Any view
Predefined user roles
network-admin
network-operator
mdc-admin
mdc-operator
Parameters
group-name: Specifies an SNMPv1, SNMPv2c, or SNMPv3 group name in non-FIPS mode, and specifies an SNMPv3 group name in FIPS mode, a case-sensitive string of 1 to 32 characters.
Usage guidelines
If no group is specified, this command displays information about all SNMP groups.
Examples
# Display information about all SNMP groups.
<Sysname> display snmp-agent group
Group name: groupv3
Security model: v3 noAuthnoPriv
Readview: ViewDefault
Writeview: <no specified>
Notifyview: <no specified>
Storage-type: nonVolatile
Table 15 Command output
Field |
Description |
Group name |
SNMP group name. |
Security model |
Security model of the SNMP group: · authPriv—authentication with privacy. · authNoPriv—authentication without privacy. · noAuthNoPriv—no authentication, no privacy. Security model of an SNMPv1 or SNMPv2c group can only be noAuthNoPriv. |
Readview |
Read-only MIB view accessible to the SNMP group. |
Writeview |
Write MIB view accessible to the SNMP group. |
Notifyview |
Notify MIB view for the SNMP group. The SNMP users in the group can send notifications only for the nodes in the notify MIB view. |
Storage-type |
Storage type, including volatile, nonvolatile, permanent, readOnly, and other (see Table 14). |
Related commands
snmp-agent group
display snmp-agent local-engineid
Use display snmp-agent local-engineid to display the local SNMP engine ID.
Syntax
display snmp-agent local-engineid
Views
Any view
Predefined user roles
network-admin
network-operator
mdc-admin
mdc-operator
Usage guidelines
Every SNMP agent has one SNMP engine to provide services for sending and receiving messages, authenticating and encrypting messages, and controlling access to managed objects.
The local SNMP engine ID uniquely identifies the SNMP engine of the SNMP agent in an SNMP domain.
Examples
# Display the local engine ID.
<Sysname> display snmp-agent local-engineid
SNMP local engine ID: 800007DB7F0000013859
Related commands
snmp-agent local-engineid
display snmp-agent mib-node
Use display snmp-agent mib-node to display SNMP MIB node information.
Syntax
display snmp-agent mib-node [ details | index-node | trap-node | verbose ]
Views
Any view
Predefined user roles
network-admin
network-operator
mdc-admin
mdc-operator
Parameters
details: Specifies detailed MIB node information, including node name, last octet of an OID string, and name of the next leaf node.
index-node: Specifies SNMP MIB tables, and node names and OIDs of MIB index nodes.
trap-node: Specifies node names and OIDs of MIB notification nodes, and node names and OIDs of notification objects.
verbose: Specifies detailed information about SNMP MIB nodes, including node names, OIDs, node types, permissions to MIB nodes, data types, MORs, and parent, child, and sibling nodes.
Usage guidelines
If no keywords are specified, the command displays information about all SNMP MIB nodes, including node name, OID, and permissions to MIB nodes.
The SNMP software package includes different MIB files. Support for MIBs varies with SNMP software versions.
Examples
# Display SNMP MIB node information.
<Sysname> display snmp-agent mib-node
iso<1>(NA)
|-std<1.0>(NA)
|-iso8802<1.0.8802>(NA)
|-ieee802dot1<1.0.8802.1>(NA)
|-ieee802dot1mibs<1.0.8802.1.1>(NA)
|-lldpMIB<1.0.8802.1.1.2>(NA)
|-lldpNotifications<1.0.8802.1.1.2.0>(NA)
|-lldpNotificationPrefix<1.0.8802.1.1.2.0.0>(NA)
|-lldpRemTablesChange<1.0.8802.1.1.2.0.0.1>(NA)
|-lldpObjects<1.0.8802.1.1.2.1>(NA)
|-lldpConfiguration<1.0.8802.1.1.2.1.1>(NA)
|-*lldpMessageTxInterval<1.0.8802.1.1.2.1.1.1>(RW)
|-*lldpMessageTxHoldMultiplier<1.0.8802.1.1.2.1.1.2>(RW)
|-*lldpReinitDelay<1.0.8802.1.1.2.1.1.3>(RW)
Table 16 Command output
Field |
Description |
-std |
MIB node name. |
<1.0> |
OID of a MIB node. |
(NA) |
Permissions to MIB nodes: NA—Not accessible. NF—Supports notifications. RO—Supports read-only access. RW—Supports read and write access. RC—Supports read-write-create access. WO—Supports write-only access. |
* |
Leaf node or MIB table node. |
# Display detailed MIB node information.
<Sysname> display snmp-agent mib-node details
iso(1)(lldpMessageTxInterval)
|-std(0)(lldpMessageTxInterval)
|-iso8802(8802)(lldpMessageTxInterval)
|-ieee802dot1(1)(lldpMessageTxInterval)
|-ieee802dot1mibs(1)(lldpMessageTxInterval)
|-lldpMIB(2)(lldpMessageTxInterval)
|-lldpNotifications(0)(lldpMessageTxInterval)
|-lldpNotificationPrefix(0)(lldpMessageTxInterval)
|-lldpRemTablesChange(1)(NULL)
|-lldpObjects(1)(lldpMessageTxInterval)
|-lldpConfiguration(1)(lldpMessageTxInterval)
|-*lldpMessageTxInterval(1)(lldpMessageTxHoldMultiplier)
|-*lldpMessageTxHoldMultiplier(2)(lldpReinitDelay)
|-*lldpReinitDelay(3)(lldpTxDelay)
|-*lldpTxDelay(4)(lldpNotificationInterval)
|-*lldpNotificationInterval(5)(lldpPortConfigPortNum)
|-lldpPortConfigTable(6)(lldpPortConfigPortNum)
|-lldpPortConfigEntry(1)(lldpPortConfigPortNum)
|-*lldpPortConfigPortNum(1)(lldpPortConfigAdminStatus)
|-*lldpPortConfigAdminStatus(2)(lldpPortConfigNotificationEnable)
|-*lldpPortConfigNotificationEnable(3)(lldpPortConfigTLVsTxEnable)
|-*lldpPortConfigTLVsTxEnable(4)(lldpConfigManAddrPortsTxEnable)
Table 17 Command output
Field |
Description |
-std |
MIB node name. |
(0) |
Last bit of a MIB OID string. |
(lldpMessageTxInterval) |
Name of a leaf node. |
* |
Leaf node or MIB table node. |
# Display MIB table names, and node names and OIDs of MIB index nodes.
<Sysname> display snmp-agent mib-node index-node
Table |lldpPortConfigTable
Index ||lldpPortConfigPortNum
OID ||| 1.0.8802.1.1.2.1.1.6.1.1
Table |lldpConfigManAddrTable
Index ||lldpLocManAddrSubtype
OID ||| 1.0.8802.1.1.2.1.3.8.1.1
Index ||lldpLocManAddr
OID ||| 1.0.8802.1.1.2.1.3.8.1.2
Table |lldpStatsTxPortTable
Index ||lldpStatsTxPortNum
OID ||| 1.0.8802.1.1.2.1.2.6.1.1
Table |lldpStatsRxPortTable
Index ||lldpStatsRxPortNum
OID ||| 1.0.8802.1.1.2.1.2.7.1.1
Table |lldpLocPortTable
Index ||lldpLocPortNum
OID ||| 1.0.8802.1.1.2.1.3.7.1.1
Table 18 Command output
Field |
Description |
Table |
MIB table name. |
Index |
Name of a MIB index node. |
OID |
OID of a MIB index node. |
# Display names and OIDs of MIB notification nodes, and names and OIDs of notification objects.
<Sysname> display snmp-agent mib-node trap-node
Name |lldpRemTablesChange
OID ||1.0.8802.1.1.2.0.0.1
Trap Object
Name |||lldpStatsRemTablesInserts
OID ||||1.0.8802.1.1.2.1.2.2
Name |||lldpStatsRemTablesDeletes
OID ||||1.0.8802.1.1.2.1.2.3
Name |||lldpStatsRemTablesDrops
OID ||||1.0.8802.1.1.2.1.2.4
Name |||lldpStatsRemTablesAgeouts
OID ||||1.0.8802.1.1.2.1.2.5
Name |lldpXMedTopologyChangeDetected
OID ||1.0.8802.1.1.2.1.5.4795.0.1
Trap Object
Name |||lldpRemChassisIdSubtype
OID ||||1.0.8802.1.1.2.1.4.1.1.4
Name |||lldpRemChassisId
OID ||||1.0.8802.1.1.2.1.4.1.1.5
Name |||lldpXMedRemDeviceClass
OID ||||1.0.8802.1.1.2.1.5.4795.1.3.1.1.3
Table 19 Command output
Field |
Description |
Name |
Name of a MIB notification node. |
OID |
OID of a MIB notification node. |
Trap Object |
Name and OID of a notification object. |
# Display detailed information about SNMP MIB nodes, including node names, OIDs, node types, permissions to MIB nodes, data types, MORs, and parent, child, and sibling nodes.
<Sysname> display snmp-agent mib-node verbose
Name |lldpNotificationInterval
OID ||1.0.8802.1.1.2.1.1.5
Properties ||NodeType: Leaf
||AccessType: RW
||DataType: Integer32
||MOR: 0x020c1105
Parent ||lldpConfiguration
First child ||
Next leaf ||lldpPortConfigPortNum
Next sibling ||lldpPortConfigTable
Allow ||get/set/getnext
Value range || [5..3600]
Name |lldpPortConfigTable
OID ||1.0.8802.1.1.2.1.1.6
Properties ||NodeType: Table
||AccessType: NA
||DataType: NA
||MOR: 0x00000000
Parent ||lldpConfiguration
First child ||lldpPortConfigEntry
Next leaf ||lldpPortConfigPortNum
Next sibling ||lldpConfigManAddrTable
Name |lldpPortConfigEntry
OID ||1.0.8802.1.1.2.1.1.6.1
Properties ||NodeType: Row
||AccessType: NA
||DataType: NA
||MOR: 0x00000000
Parent ||lldpPortConfigTable
First child ||lldpPortConfigPortNum
Next leaf ||lldpPortConfigPortNum
Next sibling ||
Index ||[indexImplied:0, indexLength:1]:
Name |lldpPortConfigPortNum
OID ||1.0.8802.1.1.2.1.1.6.1.1
Properties ||NodeType: Column
||AccessType: NA
||DataType: Integer32
||MOR: 0x020c1201
Parent ||lldpPortConfigEntry
First child ||
Next leaf ||lldpPortConfigAdminStatus
Next sibling ||lldpPortConfigAdminStatus
Allow ||get/set/getnext
Index ||[indexImplied:0, indexLength:1]:
Value range || [1..4096]
Name |lldpPortConfigAdminStatus
OID ||1.0.8802.1.1.2.1.1.6.1.2
Properties ||NodeType: Column
||AccessType: RW
||DataType: Integer
||MOR: 0x020c1202
Parent ||lldpPortConfigEntry
First child ||
Next leaf ||lldpPortConfigNotificationEnable
Next sibling ||lldpPortConfigNotificationEnable
Allow ||get/set/getnext
Index ||[indexImplied:0, indexLength:1]:
Value range ||
|| ['txOnly', 1]
|| ['rxOnly', 2]
|| ['txAndRx', 3]
|| ['disabled', 4]
Table 20 Command output
Field |
Description |
Name |
MIB node name. |
OID |
OID of a MIB node. |
NodeType |
MIB node types: · Table—Table node. · Row—Row node in a MIB table. · Column—Column node in a MIB table. · Leaf—Leaf node. · Group—Group node (parent node of a leaf node). · Trapnode—Notification node. · Other—Other node types. |
AccessType |
Permissions to MIB nodes: · NA—Not accessible. · NF—Supports notifications. · RO—Supports read-only access. · RW—Supports read and write access. · RC—Supports read-write-create access. · WO—Supports write-only access. |
DataType |
Data types of MIB nodes: · Integer—An integer. · Integer32—A 32-bit integer. · Unsigned32—A 32-bit integer with no mathematical sign. · Gauge—A non-negative integer that might increase or decrease. · Gauge32—A 32-bit non-negative integer that might increase or decrease. · Counter—A non-negative integer that might increase but not decrease. · Counter32—A 32-bit non-negative integer that might increase but not decrease. · Counter64—A 64-bit non-negative integer that might increase but not decrease. · Timeticks—A non-negative integer for time keeping. · Octstring—An octal string. · OID—Object identifier. · IPaddress—A 32-bit IP address. · Networkaddress—A network IP address. · Opaque—Any data. · Userdefined—User-defined data. · BITS—Bit enumeration. |
MOR |
MOR for a MIB node. |
Parent |
Name of a parent node. |
First child |
Name of the first leaf node. |
Next leaf |
Name of the next leaf node. |
Next sibling |
Name of the next sibling node. |
Allow |
Operation types allowed: · get/set/getnext—All operations. · get—Get operation. · set—Set operation. · getnext—GetNext operation. |
Value range |
Value range of a MIB node. |
Index |
Table index. This field appears only for a table node. |
display snmp-agent mib-view
Use display snmp-agent mib-view to display MIB views.
Syntax
display snmp-agent mib-view [ exclude | include | viewname view-name ]
Views
Any view
Predefined user roles
network-admin
network-operator
mdc-admin
mdc-operator
Parameters
exclude: Displays the subtrees excluded from any MIB view.
include: Displays the subtrees included in any MIB view.
viewname view-name: Displays information about the specified MIB view.
Usage guidelines
If you do not specify any parameter, this command displays all MIB views.
Examples
# Display all MIB views.
<Sysname> display snmp-agent mib-view
View name: ViewDefault
MIB Subtree: iso
Subtree mask:
Storage-type: nonVolatile
View Type: included
View status: active
View name: ViewDefault
MIB Subtree: snmpUsmMIB
Subtree mask:
Storage-type: nonVolatile
View Type: excluded
View status: active
View name: ViewDefault
MIB Subtree: snmpVacmMIB
Subtree mask:
Storage-type: nonVolatile
View Type: excluded
View status: active
View name: ViewDefault
MIB Subtree: snmpModules.18
Subtree mask:
Storage-type: nonVolatile
View Type: excluded
View status: active
ViewDefault is the default MIB view. The output shows that except for the MIB objects in the snmpUsmMIB, snmpVacmMIB, and snmpModules.18 subtrees, all the MIB objects in the iso subtree are accessible.
Table 21 Command output
Field |
Description |
View name |
MIB view name. |
MIB Subtree |
MIB subtree covered by the MIB view. |
Subtree mask |
MIB subtree mask. |
Storage-type |
Type of the medium (see Table 14) where the subtree view is stored. |
View Type |
Access privilege for the MIB subtree in the MIB view: · Included—All objects in the MIB subtree are accessible in the MIB view. · Excluded—None of the objects in the MIB subtree is accessible in the MIB view. |
View status |
Status of the MIB view: · active—MIB view is effective. · inactive—MIB view is ineffective. MIB views are active upon their creation at the CLI. To temporarily disable a MIB view without deleting it, you can perform an SNMP set operation to set its status to inactive. |
Related commands
snmp-agent mib-view
display snmp-agent remote
Use display snmp-agent remote to display remote SNMP engine IDs configured by using the snmp-agent remote command.
Syntax
display snmp-agent remote [ ip-address [ vpn-instance vpn-instance-name ] ]
Views
Any view
Predefined user roles
network-admin
network-operator
mdc-admin
mdc-operator
Parameters
ip-address: Specifies the IP address of a remote SNMP entity to display its SNMP engine ID.
vpn-instance vpn-instance-name: Specifies the VPN for a remote SNMP entity. The vpn-instance-name argument specifies the name of the MPLS L3VPN, a case-sensitive string of 1 to 31 characters. If the remote SNMP entity is on a public network, do not specify this option.
Usage guidelines
Every SNMP agent has one SNMP engine to provide services for sending and receiving messages, authenticating and encrypting messages, and controlling access to managed objects.
If no IP address is specified, this command displays all remote SNMP engine IDs you have configured.
Examples
# Display all remote SNMP engine IDs.
<Sysname> display snmp-agent remote
Remote engined: 800063A28000A0FC00580400000001
IPv4 address: 1.1.1.1
VPN instance: vpn1
Table 22 Command output
Field |
Description |
Remote engined |
Remote SNMP engine ID you have configured using the snmp-agent remote command. |
IPv4 address |
IPv4 address of the remote SNMP entity. |
VPN instance |
This field is available only if a VPN has been specified for the remote SNMP entity in the snmp-agent remote command. |
Related commands
snmp-agent remote
display snmp-agent statistics
Use display snmp-agent statistics to display SNMP message statistics.
Syntax
display snmp-agent statistics
Views
Any view
Predefined user roles
network-admin
network-operator
mdc-admin
mdc-operator
Examples
# Display SNMP message statistics.
<Sysname> display snmp-agent statistics
1684 messages delivered to the SNMP entity.
5 messages were for an unsupported version.
0 messages used an unknown SNMP community name.
0 messages represented an illegal operation for the community supplied.
0 ASN.1 or BER errors in the process of decoding.
1679 messages passed from the SNMP entity.
0 SNMP PDUs had badValue error-status.
0 SNMP PDUs had genErr error-status.
0 SNMP PDUs had noSuchName error-status.
0 SNMP PDUs had tooBig error-status (Maximum packet size 1500).
16544 MIB objects retrieved successfully.
2 MIB objects altered successfully.
7 GetRequest-PDU accepted and processed.
7 GetNextRequest-PDU accepted and processed.
1653 GetBulkRequest-PDU accepted and processed.
1669 GetResponse-PDU accepted and processed.
2 SetRequest-PDU accepted and processed.
0 Trap PDUs accepted and processed.
0 alternate Response Class PDUs dropped silently.
0 forwarded Confirmed Class PDUs dropped silently.
Table 23 Command output
Field |
Description |
messages delivered to the SNMP entity |
Number of messages that the SNMP agent has received. |
messages were for an unsupported version |
Number of messages that had an SNMP version not configured on the SNMP agent. |
messages used an unknown SNMP community name |
Number of messages that used an unknown SNMP community name. |
messages represented an illegal operation for the community supplied |
Number of messages carrying an operation that the community has no right to perform. |
ASN.1 or BER errors in the process of decoding |
Number of messages that had ASN.1 or BER errors during decoding. |
messages passed from the SNMP entity |
Number of messages sent by the SNMP agent. |
SNMP PDUs had badValue error-status |
Number of PDUs with a BadValue error. |
SNMP PDUs had genErr error-status |
Number of PDUs with a genErr error. |
SNMP PDUs had noSuchName error-status |
Number of PDUs with a NoSuchName error. |
SNMP PDUs had tooBig error-status |
Number of PDUs with a TooBig error (the maximum packet size is 1500 bytes). |
MIB objects retrieved successfully |
Number of MIB objects that have been successfully retrieved. |
MIB objects altered successfully |
Number of MIB objects that have been successfully modified. |
GetRequest-PDU accepted and processed |
Number of GetRequest requests that have been received and processed. |
GetNextRequest-PDU accepted and processed |
Number of getNext requests that have been received and processed. |
GetBulkRequest-PDU accepted and processed |
Number of getBulk requests that have been received and processed. |
GetResponse-PDU accepted and processed |
Number of get responses that have been received and processed. |
SetRequest-PDU accepted and processed |
Number of set requests that have been received and processed. |
Trap PDUs accepted and processed |
Number of notifications that have been received and processed. |
alternate Response Class PDUs dropped silently |
Number of dropped response packets. |
forwarded Confirmed Class PDUs dropped silently |
Number of forwarded packets that have been dropped. |
display snmp-agent sys-info
Use display snmp-agent sys-info to display SNMP agent system information.
Syntax
display snmp-agent sys-info [ contact | location | version ] *
Views
Any view
Predefined user roles
network-admin
network-operator
mdc-admin
mdc-operator
Parameters
contact: Displays the system contact.
location: Displays the physical location of the device.
version: Displays the SNMP agent version.
Usage guidelines
If none of the parameters is specified, this command displays all SNMP agent system information.
Examples
# Display all SNMP agent system information.
<Sysname> display snmp-agent sys-info
The contact information of the agent:
Hangzhou H3C Tech. Co., Ltd.
The location information of the agent:
Hangzhou, China
The SNMP version of the agent:
SNMPv3
Related commands
snmp-agent sys-info
display snmp-agent trap queue
Use display snmp-agent trap queue to display basic information about the trap queue, including the trap queue name, queue size, and number of traps in the queue.
Syntax
display snmp-agent trap queue
Views
Any view
Predefined user roles
network-admin
network-operator
mdc-admin
mdc-operator
Examples
# Display the trap queue configuration and usage status.
<Sysname> display snmp-agent trap queue
Queue size: 100
Message number: 6
Related commands
· snmp-agent trap life
· snmp-agent trap queue-size
display snmp-agent trap-list
Use display snmp-agent trap-list to display modules that can generate SNMP notifications and their notification function status (enable or disable).
Syntax
display snmp-agent trap-list
Views
Any view
Usage guidelines
You can use the snmp-agent trap enable command to enable or disable the notification function of a module. For a module that has sub-modules, the notification function status is enable if the trap function of any of its sub-modules is enabled.
Examples
# Display the modules that can generate notification and their notification function status.
<Sysname> display snmp-agent trap-list
arp notification is disabled.
configuration notification is enabled.
l3vpn notification is enabled.
mac-address notification is enabled.
mpls notification is enabled.
ospf notification is enabled.
radius notification is disabled.
standard notification is enabled.
system notification is enabled.
Enabled notifications: 7; Disabled notifications: 2
Related commands
snmp-agent trap enable
display snmp-agent usm-user
Use display snmp-agent usm-user to display SNMPv3 user information.
Syntax
display snmp-agent usm-user [ engineid engineid | group group-name | username user-name ] *
Views
Any view
Predefined user roles
network-admin
network-operator
mdc-admin
mdc-operator
Parameters
engineid engineid: Displays SNMPv3 user information for the SNMP engine ID identified by engineid. When an SNMPv3 user is created, the system records the local SNMP entity engine ID. The user becomes invalid when the engine ID changes and becomes valid again when the recorded engine ID is restored.
group group-name: Displays SNMPv3 user information for a specified SNMP group name. The group name is case-sensitive.
username user-name: Displays information about the specified SNMPv3 user. The username is case-sensitive.
Usage guidelines
This command displays only SNMPv3 users that you have created by using the snmp-agent usm-user v3 command. To display SNMPv1 or SNMPv2c users created by using the snmp-agent usm-user { v1 | v2c } command, use the display snmp-agent community command.
Examples
# Display information about all SNMPv3 users.
<Sysname> display snmp-agent usm-user
Username: userv3
Group name: mygroupv3
Engine ID: 800063A203000FE240A1A6
Storage-type: nonVolatile
UserStatus: active
Username: userv3code
Group name: groupv3code
Engine ID: 800063A203000FE240A1A6
Storage-type: nonVolatile
UserStatus: active
Table 24 Command output
Field |
Description |
Username |
SNMP username. |
Group name |
SNMP group name. |
Engine ID |
Engine ID that the SNMP agent used when the SNMP user was created. |
SNMP user role name. |
|
Storage-type |
Storage type: · volatile. · nonvolatile. · permanent. · readOnly. · other. For more information about these storage types, see Table 14. |
UserStatus |
SNMP user status: · active—The SNMP user is effective. · notInService—The SNMP user is correctly configured but not activated. · notReady—The SNMP user configuration is incomplete. · other—Any other status. SNMP users are active upon their creation at the CLI. To temporarily disable an SNMP user without deleting it, you can perform an SNMP set operation to change its status. |
ACL |
Number of the ACL that controls the access of the SNMP user (the NMS) to the device. To access the device, the IP address of the NMS must be permitted in the ACL. This field appears only when an SNMP user is associated with an ACL rule. |
Related commands
snmp-agent usm-user v3
enable snmp trap updown
Use enable snmp trap updown to enable link state notifications on an interface.
Use undo enable snmp trap updown to disable link state notifications on an interface.
Syntax
enable snmp trap updown
undo enable snmp trap updown
Default
Link state notifications are enabled.
Views
Interface view
Predefined user roles
network-admin
mdc-admin
Usage guidelines
For an interface to generate linkUp/linkDown notifications when its state changes, you must also enable the linkUp/linkDown notification function globally using the snmp-agent trap enable standard [ linkdown | linkup ] * command.
Examples
# Enable port Forty-GigabitEthernet 1/0/1 to send linkUp/linkDown SNMP traps to 10.1.1.1 in the community public.
<Sysname> system-view
[Sysname] snmp-agent trap enable
[Sysname] snmp-agent target-host trap address udp-domain 10.1.1.1 params securityname public
[Sysname] interface fortygige 1/0/1
[Sysname-FortyGigE1/0/1] enable snmp trap updown
Related commands
· snmp-agent target-host
· snmp-agent trap enable
snmp-agent
Use snmp-agent to enable the SNMP agent.
Use undo snmp-agent to disable the SNMP agent.
Syntax
snmp-agent
undo snmp-agent
Default
The SNMP agent is disabled.
Views
System view
Predefined user roles
network-admin
mdc-admin
Usage guidelines
The snmp-agent command is optional for an SNMP configuration task. The SNMP agent is automatically enabled when you execute any command that begins with snmp-agent except for the snmp-agent calculate-password command.
Examples
# Enable the SNMP agent.
<Sysname> system-view
[Sysname] snmp-agent
snmp-agent calculate-password
Use snmp-agent calculate-password to calculate a digest for the ciphertext authentication or privacy key converted from a plaintext key in SNMPv3.
Syntax
In non-FIPS mode:
snmp-agent calculate-password plain-password mode { 3desmd5 | 3dessha | md5 | sha } { local-engineid | specified-engineid engineid }
In FIPS mode:
snmp-agent calculate-password plain-password mode sha { local-engineid | specified-engineid engineid }
Views
System view
Predefined user roles
network-admin
mdc-admin
Parameters
plain-password: Specifies a plaintext authentication or privacy key.
mode: Specifies the same authentication mode and privacy mode as configured in the snmp-agent usm-user v3 command. The encryption algorithms AES, 3DES, and DES are in descending order of security strength. DES is enough to meet general security requirements. The MD5 authentication algorithm is faster than SHA-1, while SHA-1 provides higher security than MD5.
· 3desmd5: Converts the plaintext privacy key to an encrypted key for 3DES encryption used in conjunction with MD5 authentication.
· 3dessha: Converts the plaintext privacy key to an encrypted key for 3DES encryption used in conjunction with SHA-1 authentication.
· md5: Converts the plaintext authentication key to a ciphertext key for MD5 authentication, or converts the plaintext privacy key to a ciphertext key for AES or DES encryption used in conjunction with MD5.
· sha: Converts the plaintext authentication key to a ciphertext key for SHA-1 authentication, or converts the plaintext privacy key to a ciphertext key for AES or DES encryption used in conjunction with SHA-1 authentication.
local-engineid: Uses the local engine ID to calculate the ciphertext key. You can configure the local engine ID by using the snmp-agent local-engineid command.
specified-engineid engineid: Uses a user-defined engine ID to calculate the ciphertext key. The engineid argument specifies an SNMP engine ID as a hexadecimal string. It must comprise an even number of hexadecimal characters, in the range of 10 to 64. All-zero and all-F strings are invalid.
Usage guidelines
Make sure the SNMP agent is enabled before you execute the snmp-agent calculate-password command.
For security purposes, use this command to calculate digests for ciphertext authentication and privacy keys when you create SNMPv3 users by using the snmp-agent usm-user v3 command.
The converted key is valid only under the engine ID specified for key conversion.
Examples
# Use the local engine and the SHA-1 algorithm to calculate a digest for the ciphertext key converted from the plaintext key authkey.
<Sysname> system-view
[Sysname] snmp-agent calculate-password authkey mode sha local-engineid
The encrypted key is: 09659EC5A9AE91BA189E5845E1DDE0CC
Related commands
· snmp-agent local-engineid
· snmp-agent usm-user v3
snmp-agent community
Use snmp-agent community to configure an SNMP community.
Use undo snmp-agent community to delete an SNMP community.
Syntax
In VACM mode:
snmp-agent community { read | write } [ simple | cipher ] community-name [ mib-view view-name ] [ acl acl-number ]
undo snmp-agent community { read | write } [ cipher ] community-name
In RBAC mode:
snmp-agent community [ simple | cipher ] community-name user-role role-name [ acl acl-number ]
undo snmp-agent community [ cipher ] community-name
Default
No SNMP community exists.
Views
System view
Predefined user roles
network-admin
mdc-admin
Parameters
read: Assigns the specified community the read only access to MIB objects. A read-only community can only inquire MIB information.
write: Assigns the specified community the read and write access to MIB objects. A read and write community can configure MIB information.
simple: Sets a community name in plain text. For security purposes, this community name is saved in cipher text.
cipher: Sets and saves the community name in cipher text.
community-name: Sets a case-sensitive community name. In plain text, the community name must be a string of 1 to 32 characters. In cipher text, the community name must be a string of 33 to 73 characters. Input a string as escape characters after a backslash (\).
mib-view view-name: Specifies the MIB view available for the community. The view-name argument represents a MIB view name, a string of 1 to 32 characters. A MIB view represents a set of accessible MIB objects. If no MIB view is specified, the specified community can access the MIB objects in the default MIB view ViewDefault.
user-role role-name: Specifies a user role name for the community, a case-sensitive string of 1 to 63 characters.
acl acl-number: Specifies a basic IPv4 ACL to filter NMSs by source IPv4 address. The acl-number argument represents an ACL number in the range of 2000 to 2999. In the specified community, only NMSs with an IPv4 address permitted in the ACL can access the SNMP agent. If no ACL is specified, or the specified ACL does not exist, all NMSs in the SNMP community can access the SNMP agent. If the specified ACL does not have any rules, no NMS in the SNMP community can access the SNMP agent.
Usage guidelines
This command is for SNMPv1 and SNMPv2c, and is supported only in non-FIPS mode.
To set and save a community name in plain text, do not specify the simple or cipher keyword.
You can create up to 10 SNMP communities by using the snmp-agent community command. To create more SNMP communities, use the snmp-agent usm-user { v1 | v2c } command.
An SNMPv1 or SNMPv2c community comprises a set of NMSs and SNMP agents, and is identified by a community name. An NMS and an SNMP agent must use the same community name to authenticate to each other.
Typically, public is used as the read-only community name and private is used as the read and write community name. To improve security, assign your SNMP communities a name other than public and private.
You can use the following modes to control access to MIB objects for an SNMP community:
· View-based Access Control Model—The VACM mode controls access to MIB objects by assigning MIB views to SNMP communities.
· Role based access control—The RBAC mode controls access to MIB objects by assigning user roles to SNMP communities.
¡ An SNMP community with a predefined user role network-admin, mdc-admin, or level-15 has read and write access to all MIB objects.
¡ An SNMP community with a predefined user role network-operator or mdc-operator has read-only access to all MIB objects.
¡ An SNMP community with a user role specified by the role command accesses MIB objects through the user role rules specified by the rule command.
For more information about user roles, see Fundamentals Configuration Guide.
If you create the same SNMP community with both modes multiple times, the most recent configuration takes effect.
For an NMS to access an agent:
· The RBAC mode requires the user role bound to the community name to have the same access right to MIB objects as the NMS.
· The VACM mode requires only the access right from the NMS to MIB objects.
The RBAC mode is more secure. As a best practice, use the RBAC mode to create an SNMP community.
Examples
# Create the read-only community readaccess in plain text so an SNMPv1 or SNMPv2c NMS can use the community name readaccess to read the MIB objects in the default view ViewDefault.
<Sysname> system-view
[Sysname] snmp-agent sys-info version v1 v2c
[Sysname] snmp-agent community read simple readaccess
# Create the read and write community writeaccess in plain text so only the SNMPv2c NMS at 1.1.1.1 can use the community name writeaccess to read or set the MIB objects in the default view ViewDefault.
<Sysname> system-view
[Sysname] acl number 2001
[Sysname-acl-basic-2001] rule permit source 1.1.1.1 0.0.0.0
[Sysname-acl-basic-2001] rule deny source any
[Sysname-acl-basic-2001] quit
[Sysname] snmp-agent sys-info version v2c
[Sysname] snmp-agent community write simple writeaccess acl 2001
# Create the read and write community wr-sys-acc in plain text so an SNMPv1 or SNMPv2c NMS can use the community name wr-sys-acc to read or set the MIB objects in the system subtree (OID 1.3.6.1.2.1.1).
<Sysname> system-view
[Sysname] snmp-agent sys-info version v1 v2c
[Sysname] undo snmp-agent mib-view ViewDefault
[Sysname] snmp-agent mib-view included test system
[Sysname] snmp-agent community write simple wr-sys-acc mib-view test
Related commands
· display snmp-agent community
· snmp-agent mib-view
snmp-agent community-map
Use snmp-agent community-map to map an SNMP community to an SNMP context.
Use undo snmp-agent community-map to delete the mapping between an SNMP community and an SNMP context.
Syntax
snmp-agent community-map community-name context context-name
undo snmp-agent community-map community-name context context-name
Default
No mapping between an SNMP community and an SNMP context exists on the device.
Views
System view
Predefined user roles
network-admin
mdc-admin
Parameters
community-name: Specifies an SNMP community, a case-sensitive string of 1 to 32 characters.
context-name: Specifies an SNMP context, a case-sensitive string of 1 to 32 characters.
Usage guidelines
This command enables a module on an agent to obtain the context mapped to a community name when an NMS accesses the agent by using SNMPv1 or SNMPv2c.
You can configure up to 10 community-context mappings on the device.
Examples
# Map SNMP community private to SNMP context snmpcontext.
<Sysname> system-view
[Sysname] snmp-agent community-map private context snmpcontext
Related commands
display snmp-agent community
snmp-agent context
Use snmp-agent context to create an SNMP context.
Use undo snmp-agent context to delete an SNMP context.
Syntax
snmp-agent context context-name
undo snmp-agent context context-name
Default
No SNMP context is configured on the device.
Views
System view
Predefined use roles
network-admin
mdc-admin
Parameters
context-name: Specifies an SNMP context, a case-sensitive string of 1 to 32 characters.
Usage guidelines
An NMS and an SNMP agent can communicate with each other, if the following conditions exist:
· No SNMP context is configured on the NMS and the SNMP agent.
· The NMS and the SNMP agent use the same SNMP context.
Otherwise, a timeout message appears, indicating a communication failure between the NMS and SNMP agent.
You can create up to 20 SNMP contexts.
Examples
# Create SNMP context snmpcontext.
<Sysname> system-view
[Sysname] snmp-agent context snmpcontext
Related commands
display snmp-agent context
snmp-agent group
Use snmp-agent group to create an SNMP group and specify its access right.
Use undo snmp-agent group to delete an SNMP group.
Syntax
SNMPv1 and SNMP v2c:
snmp-agent group { v1 | v2c } group-name [ read-view view-name ] [ write-view view-name ] [ notify-view view-name ] [ acl acl-number ]
undo snmp-agent group { v1 | v2c } group-name
SNMPv3 (in non-FIPS mode):
snmp-agent group v3 group-name [ authentication | privacy ] [ read-view read-view ] [ write-view write-view ] [ notify-view notify-view ] [ acl acl-number ]
undo snmp-agent group v3 group-name [ authentication | privacy ]
SNMPv3 (in FIPS mode):
snmp-agent group v3 group-name { authentication | privacy } [ read-view read-view ] [ write-view write-view ] [ notify-view notify-view ] [ acl acl-number ]
undo snmp-agent group v3 group-name { authentication | privacy }
Default
No SNMP group exists.
Views
System view
Predefined use roles
network-admin
mdc-admin
Parameters
v1: Specifies SNMPv1.
v2c: Specifies SNMPv2c.
v3: Specifies SNMPv3.
group-name: Specifies an SNMP group name, a string of 1 to 32 case-sensitive characters.
authentication: Specifies the authentication without privacy security model for the SNMPv3 group.
privacy: Specifies the authentication with privacy security model for the SNMPv3 group.
read-view view-name: Specifies a read-only MIB view. The view-name represents a MIB view name, a string of 1 to 32 characters. If no read-only MIB view is specified, the SNMP group has read access to the default view ViewDefault.
write-view view-name: Specifies a read and write MIB view. The view-name represents a MIB view name, a string of 1 to 32 characters. If no read and write view is specified, the SNMP group cannot set any MIB object on the SNMP agent.
notify-view view-name: Specifies a notify MIB view. The view-name represents a MIB view name, a string of 1 to 32 characters. The SNMP agent sends notifications to the users in the specified group only for the MIB objects included in the notify view. If no notify view is specified, the SNMP agent does not send any notification to the users in the specified group.
acl acl-number: Specifies a basic IPv4 ACL to filter NMSs by source IPv4 address. The acl-number argument represents an ACL number in the range of 2000 to 2999. In the specified SNMP group, only NMSs with an IPv4 address permitted in the ACL can access the SNMP agent. If no ACL is specified, or the specified ACL does not exist, all NMSs in the SNMP group can access the SNMP agent. If the specified ACL does not have any rules, no NMS in the SNMP community can access the SNMP agent.
Usage guidelines
SNMPv1 and SNMPv2c settings in this command are supported only in non-FIPS mode.
All users in an SNMP group share the security model and access rights of the group.
You can create up to 20 SNMP groups, including SNMPv1, SNMPv2c, and SNMPv3 groups.
All SNMPv3 users in a group share the same security model, but can use different authentication and privacy key settings. To implement a security model for a user and avoid SNMP communication failures, make sure the security model configuration for the group and the security key settings for the user are compliant with Table 25 and match the settings on the NMS.
Table 25 Basic security setting requirements for different security models
Security model |
Security model keyword for the group |
Security key settings for the user |
Remarks |
Authentication with privacy |
privacy |
Authentication key, privacy key |
If the authentication key or the privacy key is not configured, SNMP communication will fail. |
Authentication without privacy |
authentication |
Authentication key |
If no authentication key is configured, SNMP communication will fail. The privacy key (if any) for the user does not take effect. |
No authentication, no privacy |
Neither authentication nor privacy |
None |
The authentication and privacy keys, if configured, do not take effect. |
Examples
# Create the SNMPv3 group group1 and assigns the no authentication, no privacy security model to the group.
<Sysname> system-view
[Sysname] snmp-agent group v3 group1
Related commands
· display snmp-agent group
· snmp-agent mib-view
· snmp-agent usm-user
snmp-agent local-engineid
Use snmp-agent local-engineid to change the SNMP engine ID of the local SNMP agent.
Use undo snmp-agent local-engineid to restore the default local SNMP engine ID.
Syntax
snmp-agent local-engineid engineid
undo snmp-agent local-engineid
Default
The local engine ID is the combination of the company ID and the device ID. Device ID varies by product and might be an IP address, a MAC address, or any user-defined hexadecimal string.
Views
System view
Predefined user roles
network-admin
mdc-admin
Parameters
engineid: Specifies an SNMP engine ID as a hexadecimal string. It must comprise an even number of hexadecimal characters, in the range of 10 to 64. All-zero and all-F strings are invalid.
Usage guidelines
An SNMP engine ID uniquely identifies an SNMP entity in an SNMP managed network. Make sure the local SNMP engine ID is unique within your SNMP managed network to avoid communication problems.
If you have configured SNMPv3 users, change the local SNMP engine ID only when necessary. The change can void the SNMPv3 usernames and encrypted keys you have configured.
Examples
# Change the local engine ID to 123456789A.
<Sysname> system-view
[Sysname] snmp-agent local-engineid 123456789A
Related commands
· display snmp-agent local-engineid
· snmp-agent usm-user
snmp-agent log
Use snmp-agent log to enable logging SNMP operations.
Use undo snmp-agent log to disable logging SNMP operations.
Syntax
snmp-agent log { all | get-operation | set-operation }
undo snmp-agent log { all | get-operation | set-operation }
Default
SNMP logging is disabled.
Views
System view
Predefined user roles
network-admin
mdc-admin
Parameters
all: Enables logging SNMP Get and Set operations.
get-operation: Enables logging SNMP Get operations.
set-operation: Enables logging SNMP Set operations.
Usage guidelines
Use SNMP logging to record the SNMP operations performed on the SNMP agent for auditing NMS behaviors. The SNMP agent sends log data to the information center. You can configure the information center to output the data to a specific destination as needed.
Examples
# Enable logging SNMP Get operations.
<Sysname> system-view
[Sysname] snmp-agent log get-operation
# Enable logging SNMP Set operations.
<Sysname> system-view
[Sysname] snmp-agent log set-operation
snmp-agent mib-view
Use snmp-agent mib-view to create or update a MIB view.
Use undo snmp-agent mib-view to delete a MIB view.
Syntax
snmp-agent mib-view { excluded | included } view-name oid-tree [ mask mask-value ]
undo snmp-agent mib-view view-name
Default
The system creates the ViewDefault view when the SNMP agent is enabled. In this default MIB view, all MIB objects in the iso subtree but the snmpUsmMIB, snmpVacmMIB, and snmpModules.18 subtrees are accessible.
Views
System view
Predefined user roles
network-admin
mdc-admin
Parameters
excluded: Denies access to any node in the specified MIB subtree.
included: Permits access to all the nodes in the specified MIB subtree.
view-name: Specify a view name, a string of 1 to 32 characters.
oid-tree: Specifies a MIB subtree by its root node's OID (for example, 1.3.6.1.2.1.1) or object name (for example, system). An OID is a dotted numeric string that uniquely identifies an object in the MIB tree.
mask mask-value: Sets a MIB subtree mask, a hexadecimal string. Its length must be an even number in the range of 2 to 32.
Usage guidelines
A MIB view represents a set of MIB objects (or MIB object hierarchies) with certain access privilege. The MIB objects included in the MIB view are accessible while those excluded from the MIB view are inaccessible.
Each view-name oid-tree pair represents a view record. If you specify the same record with different MIB subtree masks multiple times, the most recent configuration takes effect.
The system can store entries for up to 20 unique MIB view records. In addition to the four default MIB view records, you can create up to 16 unique MIB view records. After you delete the default view with the undo snmp-agent mib-view command, you can create up to 20 unique MIB view records.
Be cautious with deleting the default MIB view. The operation blocks the access to any MIB object on the device from NMSs that use the default view.
Examples
# Include the mib-2 (OID 1.3.6.1) subtree in the mibtest view and exclude the system subtree from this view.
<Sysname> system-view
[Sysname] snmp-agent sys-info version v1
[Sysname] snmp-agent mib-view included mibtest 1.3.6.1
[Sysname] snmp-agent mib-view excluded mibtest system
[Sysname] snmp-agent community read public mib-view mibtest
An SNMPv1 NMS in the public community can query the objects in the mib-2 subtree but not any object (for example, the sysDescr or sysObjectID node) in the system subtree.
Related commands
· display snmp-agent mib-view
· snmp-agent group
snmp-agent packet max-size
Use snmp-agent packet max-size to set the maximum size (in bytes) of SNMP packets that the SNMP agent can receive or send.
Use undo snmp-agent packet max-size to restore the default packet size.
Syntax
snmp-agent packet max-size byte-count
undo snmp-agent packet max-size
Default
The maximum SNMP packet size that the SNMP agent can handle is 1500 bytes.
Views
System view
Predefined user roles
network-admin
mdc-admin
Parameters
byte-count: Sets the maximum size (in bytes) of SNMP packets that the SNMP agent can receive or send. The value range is 484 to 17940.
Usage guidelines
If any device on the path to the NMS does not support packet fragmentation, limit the SNMP packet size to prevent large-sized packets from being discarded. For most networks, the default value is sufficient.
Examples
# Set the maximum SNMP packet size to 1024 bytes.
<Sysname> system-view
[Sysname] snmp-agent packet max-size 1024
snmp-agent port
Use snmp-agent port to specify the UDP port for receiving SNMP packets.
Use undo snmp-agent port to restore the default.
Syntax
snmp-agent port port-num
undo snmp-agent port
Default
The device uses UDP port 161 for receiving SNMP packets.
Views
System view
Predefined user roles
network-admin
mdc-admin
Parameters
port-num: Specifies the UDP port for receiving SNMP packets, in the range of 1 to 65535. The default is 161.
Usage guidelines
After changing the port number for receiving SNMP packets, reconnect the device by using the port number for SNMP get and set operations.
To display UDP port information, use the display current-configuration command.
Examples
# Specify the UDP port for receiving SNMP packets as 5555.
<Sysname> system-view
[Sysname] snmp-agent port 5555
# Restore the default UDP port.
<Sysname> system-view
[Sysname] undo snmp-agent port
snmp-agent remote
Use snmp-agent remote to configure the SNMP engine ID of a remote SNMP entity.
Use undo snmp-agent remote to delete a remote SNMP engine ID.
Syntax
snmp-agent remote { ip-address } [ vpn-instance vpn-instance-name ] engineid engineid
undo snmp-agent remote ip-address
Default
No remote SNMP engine ID is configured.
Views
System view
Predefined user roles
network-admin
mdc-admin
Parameters
ip-address: Specifies the IP address of a remote SNMP entity.
vpn-instance vpn-instance-name: Specifies the VPN for a remote SNMP entity. The vpn-instance-name argument specifies the name of the MPLS L3VPN, a case-sensitive string of 1 to 31 characters. If the remote SNMP entity is on a public network, do not specify this option.
engineid: Specifies the SNMP engine ID of the remote SNMP entity. This argument must be a hexadecimal string that comprises an even number of characters, in the range of 10 to 64. All-zero and all-F strings are invalid.
Usage guidelines
To send informs to an NMS, you must configure the SNMP engine ID of the NMS on the SNMP agent.
The NMS accepts the SNMPv3 informs from the SNMP agent only if the engine ID in the informs is the same as its local engine ID.
You can configure up to 20 remote SNMP engine IDs.
Examples
# Configure the SNMP engine ID (123456789A) of the SNMP manager (10.1.1.1).
<Sysname> system-view
[Sysname] snmp-agent remote 10.1.1.1 engineid 123456789A
Related commands
display snmp-agent remote
snmp-agent source
Use snmp-agent source to specify a source IP address for the informs or traps sent by the SNMP agent.
Use undo snmp-agent source to restore the default.
Syntax
snmp-agent { inform | trap } source interface-type { interface-number | interface-number.subnumber }
undo snmp-agent { inform | trap } source
Default
The SNMP agent uses the IP address of the outgoing routed interface as the source IP address of notifications.
Views
System view
Predefined user roles
network-admin
mdc-admin
Parameters
inform: Specifies informs.
trap: Specifies traps.
interface-type { interface-number | interface-number.subnumber }: Specifies an interface by its type and number. The interface-number argument specifies a main interface number. The subnumber argument specifies a subinterface number in the range of 1 to 4094.
Usage guidelines
The snmp-agent source command enables the SNMP agent to use the primary IP address of an interface as the source IP address in all its SNMP informs or traps, regardless of their outgoing interfaces. An NMS can use this IP address to filter all the informs or traps sent by the SNMP agent.
Make sure the specified interface has been created and assigned a valid IP address. The configuration will fail if the interface has not been created and will take effect only after a valid IP address is assigned to the specified interface.
Examples
# Configure the primary IP address of Forty-GigabitEthernet 1/0/1 as the source address of SNMP traps.
<Sysname> system-view
[Sysname] snmp-agent trap source fortygige 1/0/1
# Configure the primary IP address of Forty-GigabitEthernet 1/0/2 as the source address of SNMP informs.
<Sysname> system-view
[Sysname] snmp-agent inform source fortygige 1/0/2
Related commands
· snmp-agent target-host
· snmp-agent trap enable
snmp-agent sys-info contact
Use snmp-agent sys-info contact to configure the system contact.
Use undo snmp-agent sys-info contact to restore the default contact.
Syntax
snmp-agent sys-info contact sys-contact
undo snmp-agent sys-info contact
Default
The system contact is Hangzhou H3C Tech. Co., Ltd.
Views
System view
Predefined user roles
network-admin
mdc-admin
Parameters
sys-contact: Specifies the system contact, a string of 1 to 255 characters.
Usage guidelines
Configure the system contact for system maintenance and management.
Examples
# Configure the system contact as Dial System Operator # 27345.
<Sysname> system-view
[Sysname] snmp-agent sys-info contact Dial System Operator # 27345
Related commands
display snmp-agent sys-info
snmp-agent sys-info location
Use snmp-agent sys-info location to configure the system location.
Use undo snmp-agent sys-info location to restore the default location.
Syntax
snmp-agent sys-info location sys-location
undo snmp-agent sys-info location
Default
The system location is Hangzhou, China.
Views
System view
Predefined user roles
network-admin
mdc-admin
Parameters
sys-location: Specifies the system location, a string of 1 to 255 characters.
Usage guidelines
Configure the location of the device for system maintenance and management.
Examples
# Configure the system location as Room524-row1-3.
<Sysname> system-view
[Sysname] snmp-agent sys-info location Room524-row1-3
Related commands
display snmp-agent sys-info
snmp-agent sys-info version
Use snmp-agent sys-info version to enable SNMP versions.
Use undo snmp-agent sys-info version to disable SNMP versions.
Syntax
In non-FIPS mode:
snmp-agent sys-info contact version { all | { v1 | v2c | v3 } * }
undo snmp-agent sys-info version { all | { v1 | v2c | v3 } * }
In FIPS mode:
snmp-agent sys-info version v3
undo snmp-agent sys-info version v3
Default
The default is SNMPv3.
Views
System view
Predefined user roles
network-admin
mdc-admin
Parameters
all: Specifies SNMPv1, SNMPv2c, and SNMPv3.
v1: Specifies SNMPv1.
v2c: Specifies SNMPv2c.
v3: Specifies SNMPv3.
Usage guidelines
SNMPv1 and SNMPv2c settings in this command are supported only in non-FIPS mode.
Configure the SNMP agent with the same SNMP version as the NMS for successful communications between them.
Examples
# Enable SNMPv3.
<Sysname> system-view
[Sysname] snmp-agent sys-info version v3
Related commands
display snmp-agent sys-info
snmp-agent target-host
Use snmp-agent target-host to configure the SNMP agent to send SNMP notifications (informs or traps) to a host.
Use undo snmp-agent target-host to remove an SNMP notification target host.
Syntax
In non-FIPS mode:
snmp-agent target-host inform address udp-domain ip-address [ udp-port port-number ] [ vpn-instance vpn-instance-name ] params securityname security-string { v2c | v3 [ authentication | privacy ] }
snmp-agent target-host trap address udp-domain ip-address [ udp-port port-number ] [ vpn-instance vpn-instance-name ] params securityname security-string [ v1 | v2c | v3 [ authentication | privacy ] ]
undo snmp-agent target-host { trap | inform } address udp-domain ip-address params securityname security-string [ vpn-instance vpn-instance-name ]
In FIPS mode:
snmp-agent target-host inform address udp-domain ip-address [ udp-port port-number ] [ vpn-instance vpn-instance-name ] params securityname security-string v3 { authentication | privacy }
snmp-agent target-host trap address udp-domain ip-address [ udp-port port-number ] [ vpn-instance vpn-instance-name ] params securityname security-string v3 { authentication | privacy }
undo snmp-agent target-host { trap | inform } address udp-domain ip-address params securityname security-string [ vpn-instance vpn-instance-name ]
Default
No SNMP notification target host is configured.
Views
System view
Predefined user roles
network-admin
mdc-admin
Parameters
inform: Sends notifications as informs.
trap: Sends notifications as traps.
address: Specifies the destination address of SNMP notifications.
udp-domain: Specifies UDP as the transport protocol.
ip-address: Specifies the IPv4 address of the target host as the destination of SNMP notifications.
udp-port port-number: Specifies the UDP port for SNMP notifications. If no UDP port is specified, UDP port 162 is used.
vpn-instance vpn-instance-name: Specifies the VPN for the target host. The vpn-instance-name argument specifies the name of the MPLS L3VPN, a case-sensitive string of 1 to 31 characters. If the target host is on a public network, do not specify this option.
params securityname security-string: Specifies the authentication parameter. The security-string argument specifies an SNMPv1 or SNMPv2c community name or an SNMPv3 username, a string of 1 to 32 characters.
v1: Specifies SNMPv1.
v2c: Specifies SNMPv2c.
v3: Specifies SNMPv3.
· authentication: Specifies the security model to be authentication without privacy. You must specify the authentication key when you create the SNMPv3 user.
· privacy: Specifies the security model to be authentication with privacy. You must specify the authentication key and privacy key when you create the SNMPv3 user.
Usage guidelines
You can specify multiple SNMP notification target hosts.
Make sure the SNMP agent uses the same UDP port for SNMP notifications as the target host. Typically, NMSs, for example, IMC and MIB Browser, use port 162 for SNMP notifications as defined in the SNMP protocols.
If none of the keywords v1, v2c, or v3 is specified, SNMPv1 is used. Make sure the SNMP agent uses the same SNMP version as the target host so the host can receive the notification.
If neither authentication nor privacy is specified, the security model is no authentication, no privacy.
Examples
# Configure the SNMP agent to send SNMPv3 traps to 10.1.1.1 in the user public.
<Sysname> system-view
[Sysname] snmp-agent trap enable standard
[Sysname] snmp-agent target-host trap address udp-domain 10.1.1.1 params securityname public v3
Related commands
· snmp-agent source
· snmp-agent trap enable
· snmp-agent trap life
snmp-agent trap enable
Use snmp-agent trap enable to enable SNMP notifications globally.
Use undo snmp-agent trap enable to disable SNMP notifications globally.
Syntax
snmp-agent trap enable [ configuration | protocol | standard [ authentication | coldstart | linkdown | linkup | warmstart ] * | system ]
undo snmp-agent trap enable [ configuration | protocol | standard [ authentication | coldstart | linkdown | linkup | warmstart ] * | system ]
Default
SNMP configuration notifications, standard notifications, and system notifications are enabled. Whether other SNMP notifications are enabled varies by modules.
Views
System view
Predefined user roles
network-admin
mdc-admin
Parameters
configuration: Specifies configuration notifications. If configuration notifications are enabled, the system checks the running configuration and the startup configuration every 10 minutes for any change and generates a notification for the most recent change.
protocol: Specifies a module for enabling SNMP notifications. For more information about this argument, see the command reference for each module.
standard: Specifies SNMP standard notifications.
Table 26 Standard SNMP notifications
Keyword |
Definition |
authentication |
Authentication failure notification sent when an NMS fails to authenticate to the SNMP agent. |
coldstart |
Notification sent when the device restarts. |
linkdown |
Notification sent when the link of a port goes down. |
linkup |
Notification sent when the link of a port comes up. |
warmstart |
Notification sent when the SNMP agent restarts. |
system: Specifies system notifications sent when the system time is modified, the system reboots, or the main system software image is not available.
Usage guidelines
The snmp-agent trap enable command enables the device to generate notifications, including both informs and traps, even though the keyword trap is used in the command.
You can use the snmp-agent target-host command to enable the device to send the notifications as informs or traps to a host.
If no optional parameters are specified, the command or its undo form enables or disables all SNMP notifications supported by the device.
Examples
# Enable the SNMP agent to send SNMP authentication failure traps to 10.1.1.1 in the community public.
<Sysname> system-view
[Sysname] snmp-agent target-host trap address udp-domain 10.1.1.1 params securityname public
[Sysname] snmp-agent trap enable standard authentication
Related commands
snmp-agent target-host
snmp-agent trap if-mib link extended
Use snmp-agent trap if-mib link extended to configure the SNMP agent to send extended linkUp/linkDown notifications.
Use undo snmp-agent trap if-mib link extended to restore the default.
Syntax
snmp-agent trap if-mib link extended
undo snmp-agent trap if-mib link extended
Default
The SNMP agent sends standard linkUp/linkDown notifications.
Views
System view
Predefined user roles
network-admin
mdc-admin
Usage guidelines
Extended linkUp and linkDown notifications add interface description and interface type to the standard linkUp/linkDown notifications for fast failure point identification.
When you use this command, make sure the NMS supports the extended linkup and linkDown notifications.
Examples
# Enable extended linkUp/linkDown notifications.
<Sysname> system-view
[Sysname] snmp-agent trap if-mib link extended
snmp-agent trap life
Use snmp-agent trap life to configure the lifetime of notifications in the SNMP notification queue.
Use undo snmp-agent trap life to restore the default notification lifetime.
Syntax
snmp-agent trap life seconds
undo snmp-agent trap life
Default
SNMP notification lifetime is 120 seconds.
Views
System view
Predefined user roles
network-admin
mdc-admin
Parameters
seconds: Sets a lifetime in seconds, in the range of 1 to 2592000.
Usage guidelines
When congestion occurs, the SNMP agent buffers notifications in a queue. The notification lifetime sets how long a notification can stay in the queue. A trap is deleted when its lifetime expires.
Examples
# Set the SNMP notification lifetime to 60 seconds.
<Sysname> system-view
[Sysname] snmp-agent trap life 60
Related commands
· snmp-agent target-host
· snmp-agent trap enable
· snmp-agent trap queue-size
snmp-agent trap log
Use snmp-agent trap log to enable SNMP notification logging.
Use undo snmp-agent trap log to disable SNMP notification logging.
Syntax
snmp-agent trap log
undo snmp-agent trap log
Default
SNMP notification logging is disabled.
Views
System view
Predefined user roles
network-admin
mdc-admin
Usage guidelines
Use SNMP notification logging to record SNMP notifications sent by the SNMP agent for notification tracking. The SNMP agent sends logs to the information center. You can configure the information center to output the logs to a specific destination as needed.
Examples
# Enable SNMP notification logging.
<Sysname> system-view
[Sysname] snmp-agent trap log
snmp-agent trap queue-size
Use snmp-agent trap queue-size to set the SNMP notification queue size.
Use undo snmp-agent trap queue-size to restore the default queue size.
Syntax
snmp-agent trap queue-size size
undo snmp-agent trap queue-size
Default
The SNMP notification queue can store up to 100 notifications.
Views
System view
Predefined user roles
network-admin
mdc-admin
Parameters
size: Specifies the maximum number of notifications that the SNMP notification queue can hold. The value range is 1 to 1000.
Usage guidelines
When congestion occurs, the SNMP agent buffers notifications in a queue. SNMP notification queue size sets the maximum number of notifications that this queue can hold. When the queue size is reached, the oldest notifications are dropped for new notifications.
Examples
# Set the SNMP notification queue size to 200.
<Sysname> system-view
[Sysname] snmp-agent trap queue-size 200
Related commands
· snmp-agent target-host
· snmp-agent trap enable
· snmp-agent trap life
snmp-agent usm-user { v1 | v2c }
Use snmp-agent usm-user { v1 | v2c } to add a user to an SNMPv1 or SNMPv2c group.
Use undo snmp-agent usm-user { v1 | v2c } to delete a user from an SNMPv1 or SNMPv2c group.
Syntax
snmp-agent usm-user { v1 | v2c } user-name group-name [ acl acl-number ]
undo snmp-agent usm-user { v1 | v2c } user-name group-name
Default
No SNMP users are configured.
Views
System view
Predefined user roles
network-admin
mdc-admin
Parameters
v1: Specifies SNMPv1.
v2c: Specifies SNMPv2c.
user-name: Specifies an SNMP username, a case-sensitive string of 1 to 32 characters.
group-name: Specifies an SNMPv1 or SNMPv2c group name, a case-sensitive string of 1 to 32 characters. The group can be one that has been created or not. If the group has not been created, the user takes effect after you create the group.
acl acl-number: Specifies a basic IPv4 ACL to filter NMSs by source IPv4 address. The acl-number argument represents an ACL number in the range of 2000 to 2999. Only NMSs with an IPv4 address permitted in the ACL can use the specified username (community name) to access the SNMP agent. If no ACL is specified, or the specified ACL does not exist, any NMS can use the specified username to access the SNMP agent. If the specified ACL does not have any rules, no NMS in the SNMP community can access the SNMP agent.
Usage guidelines
This command is supported only in non-FIPS mode.
When you create an SNMPv1 or SNMPv2c user, the system automatically creates a community that has the same name as the SNMPv1 or SNMPv2c username. This community has the same access right as the SNMPv1 or SNMPv2c group. To display the SNMPv1 and SNMPv2c communities created in this way, use the display snmp-agent community command.
To change the access right of the SNMPv1 or SNMPv2c user, use the snmp-agent community command or the snmp-agent group { v1 | v2c } command. If the snmp-agent community command is used, the SNMPv1 or SNMPv2c is removed from the SNMP group.
The snmp-agent usm-user { v1 | v2c } command enables managing SNMPv1 and SNMPv2c communities in the same way as managing SNMPv3 users. It does not affect the way of configuring SNMPv1 and SNMPv2c communities on the NMS.
Examples
# Add the user userv2c to the SNMPv2c group readCom so an NMS can use the protocol SNMPv2c and the read-only community name userv2c to access the device.
<Sysname> system-view
[Sysname] snmp-agent sys-info version v2c
[Sysname] snmp-agent group v2c readCom
[Sysname] snmp-agent usm-user v2c userv2c readCom
# Add the user userv2c in the SNMPv2c group readCom so only the NMS at 1.1.1.1 can use the protocol SNMPv2c and read-only community name userv2c to access the device.
<Sysname> system-view
[Sysname] acl number 2001
[Sysname-acl-basic-2001] rule permit source 1.1.1.1 0.0.0.0
[Sysname-acl-basic-2001] rule deny source any
[Sysname-acl-basic-2001] quit
[Sysname] snmp-agent sys-info version v2c
[Sysname] snmp-agent group v2c readCom
[Sysname] snmp-agent usm-user v2c userv2c readCom acl 2001
Related commands
· display snmp-agent community
· snmp-agent community
· snmp-agent group
snmp-agent usm-user v3
Use snmp-agent usm-user v3 to add a user to an SNMPv3 group or create an SNMPv3 user.
Use undo snmp-agent usm-user v3 to delete a user from an SNMPv3 group or remove an SNMPv3 user.
Syntax
In non-FIPS mode (in VACM mode):
snmp-agent usm-user v3 user-name group-name [ remote ip-address [ vpn-instance vpn-instance-name ] ] [ { cipher | simple } authentication-mode { md5 | sha } auth-password [ privacy-mode { aes128 | 3des | des56 } priv-password ] ] [ acl acl-number ]
undo snmp-agent usm-user v3 user-name group-name { local | engineid engineid-string | remote ip-address [ vpn-instance vpn-instance-name ] }
In non-FIPS mode (in RBAC mode):
In FIPS mode (in VACM mode):
snmp-agent usm-user v3 user-name group-name [ remote ip-address [ vpn-instance vpn-instance-name ] ] [ { cipher | simple } authentication-mode sha auth-password [ privacy-mode aes128 priv-password ] ] [ acl acl-number ]
undo snmp-agent usm-user v3 user-name group-name { local | engineid engineid-string | remote ip-address [ vpn-instance vpn-instance-name ] }
In FIPS mode (in RBAC mode):
Default
No SNMPv3 users are configured.
Views
System view
Predefined user roles
network-admin
mdc-admin
Parameters
user-name: Specifies an SNMPv3 username, a case-sensitive string of 1 to 32 characters.
group-name: Specifies an SNMPv3 group name, a case-sensitive string of 1 to 32 characters.
user-role role-name: Specifies a user role name, a case-sensitive string of 1 to 63 characters.
remote ip-address: Specifies the IPv4 of the remote SNMP entity.
vpn-instance vpn-instance-name: Specifies the VPN for the target host receiving SNMP notifications. The vpn-instance-name argument specifies the name of the MPLS L3VPN, a case-sensitive string of 1 to 31 characters. If the target host is on a public network, do not specify this option.
cipher: Specifies that auth-password and priv-password are encrypted keys, which can be calculated to a hexadecimal string by using the snmp-agent calculate-password command.
simple: Specifies that auth-password and priv-password are plaintext keys.
authentication-mode: Specifies an authentication algorithm. MD5 is faster but less secure than SHA.
· md5: Specifies the MD5 authentication algorithm.
· sha: Specifies the SHA-1 authentication algorithm.
auth-password: Specifies a case-sensitive plaintext or encrypted authentication key. In non-FIPS mode, a plaintext key is a string of 1 to 64 visible characters. In FIPS mode, a plaintext key is a string of 15 to 64 visible characters, which must contain numbers, upper-case letters, lower-case letters, and special characters. If the cipher keyword is specified, the encrypted authentication key length requirements differ by authentication algorithm and key string format, as shown in Table 27.
Table 27 Encrypted authentication key length requirements
Authentication algorithm |
Hexadecimal string |
Non-hexadecimal string |
MD5 |
32 characters |
53 characters |
SHA |
40 characters |
57 characters |
privacy-mode: Specifies an encryption algorithm for privacy. The encryption algorithms AES, 3DES, and DES are in descending order of security strength. DES is enough to meet general security requirements.
· aes128: Specifies the AES (Advanced Encryption Standard) algorithm.
· 3des: Specifies the 3DES algorithm.
· des56: Specifies the DES (Data Encryption Standard) algorithm.
priv-password: Specifies a case-sensitive plaintext or encrypted privacy key. In non-FIPS mode, a plaintext key is a string of 1 to 64 characters. In FIPS mode, a plaintext key is a string of 15 to 64 visible characters, which must contain numbers, upper-case letters, lower-case letters, and special characters. If the cipher keyword is specified, the encrypted privacy key length requirements differ by authentication algorithm and key string format, as shown in Table 28.
Table 28 Encrypted privacy key length requirements
Authentication algorithm |
Encryption algorithm |
Hexadecimal string |
Non-hexadecimal string |
MD5 |
AES128 or DES-56 |
32 characters |
53 characters |
MD5 |
3DES |
64 characters |
73 characters |
SHA |
AES128 or DES-56 |
40 characters |
53 characters |
SHA |
3DES |
80 characters |
73 characters |
acl acl-number: Specifies a basic IPv4 ACL to filter NMSs by source IPv4 address. The acl-number argument represents an ACL number in the range of 2000 to 2999. Only NMSs with an IPv4 address permitted in the ACL can use the specified username to access the SNMP agent. If no ACL is specified, or the specified ACL does not exist, any NMS can use the specified username to access the SNMP agent. If the specified ACL does not have any rules, no NMS in the SNMP community can access the SNMP agent.
local: Specifies the local SNMP engine.
engineid engineid-string: Specifies an SNMP engine. The engineid-string argument represents the engine ID and must contain an even number of hexadecimal characters, in the range of 10 to 64. All-zero and all-F strings are invalid. After you change the local engine ID, the existing SNMPv3 users and encrypted keys become invalid, and you must reconfigure them.
Usage guidelines
To send SNMPv3 informs to an NMS, perform the following tasks:
· Specify the IPv4 address of the NMS in the snmp-agent usm-user v3.
· Map the IPv4 address to the SNMP engine ID of the NMS by using the snmp-agent remote command.
You can use the following modes to control access to MIB objects for an SNMPv3 user:
· View-based Access Control Model—In VACM mode, you must create an SNMPv3 group before you assign an SNMPv3 user to the group. Otherwise, the user cannot take effect after it is created. An SNMP group contains one or multiple users and specifies the MIB views and security model for the group of users. The authentication and encryption algorithms for each user are specified when they are created.
· Role based access control—The RBAC mode controls access to MIB objects by assigning user roles to SNMP users.
¡ An SNMP user with a predefined user role network-admin, mdc-admin, or level-15 has read and write access to all MIB objects.
¡ An SNMP user with a predefined user role network-operator or mdc-operator has read-only access to all MIB objects.
¡ An SNMP user with a user role specified by the role command accesses MIB objects through the user role rules specified by the rule command.
In VACM mode, if you configure an SNMPv3 user multiple times, the most recent configuration takes effect.
In RBAC mode, you can assign different user roles to an SNMPv3 user:
· If you specify only user roles but do not change any other settings, the snmp-agent usm-user v3 command assigns different user roles to the user. Other settings remain unchanged.
· If you specify user roles and also change other settings, the snmp-agent usm-user v3 command assigns different user roles to the user. The most recent configuration for other settings takes effect.
For an NMS to access an agent:
· The RBAC mode requires the user role bound to the username to have the same access right to MIB objects as the NMS.
· The VACM mode requires only the access right from the NMS to MIB objects.
The RBAC mode is more secure. As a best practice, use the RBAC mode to create an SNMPv3 user.
You must create an SNMPv3 group before you assign an SNMPv3 user to the group. Otherwise, the user cannot take effect after it is created. An SNMP group contains one or multiple users and specifies the MIB views and security model for the group of users. The authentication and encryption algorithms for each user are specified when they are created.
SNMPv3 users are valid only on the SNMP engine that creates them. By default, SNMPv3 users are created on the local SNMP engine. When you create an SNMPv3 user for sending SNMP inform messages, you must associate it with the remote SNMP engine.
For security purposes, all keys, including keys configured in plain text, are saved in cipher text.
Make sure you remember the username and the plain text of the keys. When you access the device from an NMS, you must provide this information.
Examples
In VACM mode:
# Add the user testUser to the SNMPv3 group testGroup, and enable the authentication without privacy security model for the group. Specify the authentication algorithm SHA-1 and the authentication key 123456TESTplat&! in plain text for the user.
<Sysname> system-view
[Sysname] snmp-agent group v3 testGroup authentication
[Sysname] snmp-agent usm-user v3 testUser testGroup simple authentication-mode sha 123456TESTplat&!
# For an NMS to access the MIB objects in the default view ViewDefault, make sure the following configurations are the same on the NMS and the SNMP agent:
· SNMPv3 username.
· SNMP protocol version.
· Authentication algorithm and key.
# Add the user testUser to the SNMPv3 group testGroup, and enable the authentication and privacy security model for the group. Specify the authentication algorithm SHA-1, the privacy algorithm AES, the plaintext authentication key 123456TESTauth&!, and the plaintext privacy key 123456TESTencr&! for the user.
<Sysname> system-view
[Sysname] snmp-agent group v3 testGroup privacy
[Sysname] snmp-agent usm-user v3 testUser testGroup simple authentication-mode sha 123456TESTauth&! privacy-mode aes128 123456TESTencr&!
# For an NMS to access the MIB objects in the default view ViewDefault, make sure the following configurations are the same on the NMS and the SNMP agent:
· SNMPv3 username.
· SNMP protocol version.
· Authentication algorithm.
· Privacy algorithm.
· Plaintext authentication and privacy keys.
# Add the user remoteUser for the SNMP remote engine at 10.1.1.1 to the SNMPv3 group testGroup, and enable the authentication and privacy security model for the group. Specify the authentication algorithm SHA-1, the privacy algorithm AES, the plaintext authentication key 123456TESTauth&!, and the plaintext privacy key 123456TESTencr&! for the user.
<Sysname> system-view
[Sysname] snmp-agent remote 10.1.1.1 engineid 123456789A
[Sysname] snmp-agent group v3 testGroup privacy
[Sysname] snmp-agent usm-user v3 remoteUser testGroup remote 10.1.1.1 simple authentication-mode sha 123456TESTauth&! privacy-mode aes128 123456TESTencr&!
In RBAC mode:
# Create the SNMPv3 user testUser with the user role network-operator and enable the authentication without privacy security model for the user. Specify the authentication algorithm SHA-1 and the authentication key 123456TESTplat&! in plain text for the user.
[Sysname] snmp-agent usm-user v3 testUser user-role network-operator simple authentication-mode sha 123456TESTplat&!
# For an NMS to have read-only access to all MIB objects, make sure the following configurations are the same on the NMS and the SNMP agent:
· SNMPv3 username.
· SNMP protocol version.
· Authentication algorithm and key.
Related commands
· display snmp-agent usm-user
· snmp-agent calculate-password
· snmp-agent group
Sampler configuration commands
display sampler
Use display sampler to display configuration information for a sampler.
Syntax
In standalone mode:
display sampler [ sampler-name ] [ slot slot-number ]
In IRF mode:
display sampler [ sampler-name ] [ chassis chassis-number slot slot-number ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
sampler-name: Specifies a sampler by its name, a case-insensitive string of 1 to 31 characters. If you do not specify a sampler, this command displays configuration information for all samplers.
slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays sampler configuration information for the active MPU. (In standalone mode.)
chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the card. If you do not specify a card, this command displays sampler configuration information for the global active MPU. (In IRF mode.)
Examples
# Display configuration information for sampler 256.
<Sysname> display sampler 256
Sampler name: 256
Mode: Fixed; Packet-interval: 8
# (In standalone mode.) Display configuration information for sampler 256 on card 1.
<Sysname> display sampler 256 slot 1
Sampler name: 256
Mode: Fixed; Packet-interval: 8
# (In IRF mode.) Display configuration information for sampler 256 for card 1 on IRF member device 1.
<Sysname> display sampler 256 chassis 1 slot 1
Sampler name: 256
Mode: Fixed; Packet-interval: 8
Table 29 Command output
Field |
Description |
Sampler name |
Name of the sampler. |
Mode |
Sampling mode. |
Packet-interval |
Sampling rate. |
sampler
Use sampler to create a sampler.
Use undo sampler to delete a sampler.
Syntax
sampler sampler-name mode fixed packet-interval rate
undo sampler sampler-name
Default
No sampler exists.
Views
System view
Predefined user roles
network-admin
Parameters
sampler-name: Specifies a sampler by its name, a case-insensitive string of 1 to 31 characters.
rate: Specifies the sampling rate. The sampling rate is calculated by using the formula 2 to the nth power, where n is the rate value. For example, setting the sampling rate to 8 means the first packet out of 256 (2 to the 8th power) packets is sampled. Setting the sampling rate to 10 means the first packet out of 1024 (2 to the 10th power) packets is sampled.
Usage guidelines
This command takes effect on all cards.
Examples
# Create sampler abc in fixed sampling mode.
<Sysname> system-view
[Sysname] sampler abc mode fixed packet-interval 8
Port mirroring commands
The port mirroring commands are available on both Layer 2 and Layer 3 Ethernet interfaces. The term "interface" in this chapter collectively refers to these two types of interfaces. You can use the port link-mode command to configure an Ethernet port as a Layer 2 or Layer 3 interface (see Layer 2—LAN Switching Configuration Guide).
display mirroring-group
Use display mirroring-group to display mirroring group information.
Syntax
display mirroring-group { group-id | all | local | remote-destination | remote-source }
Views
Any view
Predefined user roles
network-admin
network-operator
mdc-admin
mdc-operator
Parameters
group-id: Specifies a mirroring group by its number.
· In Release 1135, the value range is 1 to 4.
· In Release 1138P01 and later versions, the value range is 1 to 6.
all: Specifies all mirroring groups.
local: Specifies local mirroring groups.
remote-destination: Specifies remote destination groups.
remote-source: Specifies remote source groups.
Usage guidelines
Mirroring group information includes the type, status, and content of a mirroring group. It is sorted by mirroring group number.
Examples
# Display information about all mirroring groups.
<Sysname> display mirroring-group all
Mirroring group 1:
Type: Local
Status: Active
Mirroring port:
FortyGigE1/0/1 Inbound
FortyGigE1/0/2 Both
Mirroring CPU:
Slot 1, 2, 3 Both
Slot 4 Inbound
Monitor port: FortyGigE1/0/3
Mirroring group 2:
Type: Remote source
Status: Incomplete
Mirroring port:
FortyGigE1/0/4 Both
Remote probe VLAN: 1900
Mirroring group 3:
Type: Remote destination
Status: Active
Monitor port: FortyGigE1/0/6
Remote probe VLAN: 1901
Table 30 Command output
Field |
Description |
Mirroring group |
Number of the mirroring group. |
Type |
Type of the mirroring group: · Local. · Remote source. · Remote destination. |
Status |
Status of the mirroring group: · Active—The mirroring group has taken effect. · Incomplete—The mirroring group configuration is not complete and does not take effect. |
Sampler name. · If the mirroring group failed to use the sampler, this field displays sampler-name (failed). · If no sampler is configured, this field is not displayed. |
|
Mirroring port |
Source port. |
Mirroring CPU |
Source CPU. |
Monitor port |
Destination port. |
mirroring-group
Use mirroring-group to create a mirroring group.
Use undo mirroring-group to delete mirroring groups.
Syntax
mirroring-group group-id { local | remote-destination | remote-source } [ sampler sampler-name ]
undo mirroring-group { group-id | all | local | remote-destination | remote-source }
Default
No mirroring group exists on a device.
Views
System view
Predefined user roles
network-admin
mdc-admin
Parameters
group-id: Specifies a mirroring group ID.
· In Release 1135, the value range is 1 to 4.
· In Release 1138P01 and later versions, the value range is 1 to 6.
local: Specifies local mirroring groups.
remote-destination: Specifies remote destination groups.
remote-source: Specifies remote source groups.
sampler sampler-name: Specifies a sampler to be used by the mirroring group. The sampler-name argument is a case-insensitive string of 1 to 31 characters.
all: Specifies all mirroring groups.
Usage guidelines
A sampler selects a packet from sequential packets. Port mirroring uses the sampler to limit the volume of traffic to be mirrored. You can specify a sampler that has not been created for a mirroring group. If you configure multiple samplers for a mirroring group, the most recent configuration takes effect. For more information about samplers, see Network Management and Monitoring Configuration Guide.
Examples
# Create local mirroring group 1.
<Sysname> system-view
[Sysname] mirroring-group 1 local
mirroring-group mirroring-cpu
Use mirroring-group mirroring-cpu to configure source CPUs for a mirroring group.
Use undo mirroring-group mirroring-cpu to remove source CPUs from a mirroring group.
Syntax
In standalone mode:
mirroring-group group-id mirroring-cpu slot slot-number-list { both | inbound | outbound }
undo mirroring-group group-id mirroring-cpu slot slot-number-list
In IRF mode:
mirroring-group group-id mirroring-cpu chassis chassis-number slot slot-number-list { both | inbound | outbound }
undo mirroring-group group-id mirroring-cpu chassis chassis-number slot slot-number-list
Default
No source CPU is configured for a mirroring group.
Views
System view
Predefined user roles
network-admin
mdc-admin
Parameters
group-id: Specifies an existing mirroring group by its number.
· In Release 1135, the value range is 1 to 4.
· In Release 1138P01 and later versions, the value range is 1 to 6.
slot slot-number-list: Specifies the cards that hold the source CPUs. The slot-number-list argument specifies a space-separated list of up to eight card items. Each item specifies a card by its slot number or a range of cards in the format of start-slot-number to end-slot-number. The value for the end-slot-number argument must be equal to or greater than the value for the start-slot-number argument. (In standalone mode.)
chassis chassis-number slot slot-number-list: Specifies the cards that hold the source CPUs on the specified IRF member device. The chassis-number argument specifies the IRF member device ID. The slot-number-list argument specifies a space-separated list of up to eight card items. Each item specifies a card by its slot number or a range of cards in the format of start-slot-number to end-slot-number. The value for the end-slot-number argument must be equal to or greater than the value for the start-slot-number argument. (In IRF mode.)
both: Mirrors both received and sent packets.
inbound: Mirrors only received packets.
outbound: Mirrors only sent packets.
Usage guidelines
You can configure source CPUs only for local mirroring groups and remote source groups.
Examples
# Create local mirroring group 1 to monitor the bidirectional traffic of the CPU of the card in slot 1.
<Sysname> system-view
[Sysname] mirroring-group 1 local
[Sysname] mirroring-group 1 mirroring-cpu slot 1 both
# Create remote source group 2 to monitor the bidirectional traffic of the CPU of the card in slot 2.
<Sysname> system-view
[Sysname] mirroring-group 2 remote-source
[Sysname] mirroring-group 2 mirroring-cpu slot 2 both
mirroring-group
mirroring-group mirroring-port (interface view)
Use mirroring-group mirroring-port to configure a source port for a mirroring group.
Use undo mirroring-group mirroring-port to remove a source port from a mirroring group.
Syntax
mirroring-group group-id mirroring-port { both | inbound | outbound }
undo mirroring-group group-id mirroring-port
Default
No source port is configured for a mirroring group.
Views
Interface view
Predefined user roles
network-admin
mdc-admin
Parameters
group-id: Specifies an existing mirroring group by its number.
· In Release 1135, the value range is 1 to 4.
· In Release 1138P01 and later versions, the value range is 1 to 6.
both: Mirrors both received and sent packets.
inbound: Mirrors only received packets.
outbound: Mirrors only sent packets.
Usage guidelines
You can configure source ports only for local mirroring groups and remote source groups.
Do not assign a source port of a mirroring group to the remote probe VLAN of the mirroring group.
A port can act as a source port for multiple mirroring groups.
A source port cannot be a reflector port, egress port, or monitor port.
Examples
# Create local mirroring group 1 to monitor the bidirectional traffic of FortyGigE 1/0/1.
<Sysname> system-view
[Sysname] mirroring-group 1 local
[Sysname] interface fortygige 1/0/1
[Sysname-FortyGigE1/0/1] mirroring-group 1 mirroring-port both
# Create remote source group 2 to monitor the bidirectional traffic of FortyGigE 1/0/2.
<Sysname> system-view
[Sysname] mirroring-group 2 remote-source
[Sysname] interface fortygige 1/0/2
[Sysname-FortyGigE1/0/2] mirroring-group 2 mirroring-port both
Related commands
mirroring-group
mirroring-group mirroring-port (system view)
Use mirroring-group mirroring-port to configure source ports for a mirroring group.
Use undo mirroring-group mirroring-port to remove source ports from a mirroring group.
Syntax
mirroring-group group-id mirroring-port interface-list { both | inbound | outbound }
undo mirroring-group group-id mirroring-port interface-list
Default
No source port is configured for a mirroring group.
Views
System view
Predefined user roles
network-admin
mdc-admin
Parameters
group-id: Specifies an existing mirroring group by its number.
· In Release 1135, the value range is 1 to 4.
· In Release 1138P01 and later versions, the value range is 1 to 6.
interface-list: Specifies a space-separated list of up to eight port items. Each item specifies a single port or a port range in the form of interface-type interface-number1 to interface-type interface-number2. The specified interfaces must be of the same type and on the same card. The value for the interface-number2 argument must be equal to or greater than the value for the interface-number1 argument.
both: Mirrors both received and sent packets.
inbound: Mirrors only received packets.
outbound: Mirrors only sent packets.
Usage guidelines
You can configure source ports only for local mirroring groups and remote source groups.
Do not assign a source port of a mirroring group to the remote probe VLAN of the mirroring group.
A port can act as a source port for multiple mirroring groups.
A source port cannot be used as a reflector port, monitor port, or egress port.
Examples
# Create local mirroring group 1 to monitor the bidirectional traffic of FortyGigE 1/0/1.
<Sysname> system-view
[Sysname] mirroring-group 1 local
[Sysname] mirroring-group 1 mirroring-port fortygige 1/0/1 both
# Create remote source group 2 to monitor the bidirectional traffic of FortyGigE 1/0/2.
<Sysname> system-view
[Sysname] mirroring-group 2 remote-source
[Sysname] mirroring-group 2 mirroring-port fortygige 1/0/2 both
mirroring-group
mirroring-group monitor-egress
Use mirroring-group monitor-egress to configure the egress port for a remote source group.
Use undo mirroring-group monitor-egress to remove the egress port from a remote source group.
Syntax
In system view:
mirroring-group group-id monitor-egress interface-type interface-number
undo mirroring-group group-id monitor-egress interface-type interface-number
In interface view:
mirroring-group group-id monitor-egress
undo mirroring-group group-id monitor-egress
Default
No egress port is configured for a mirroring group.
Views
System view, interface view
Predefined user roles
network-admin
mdc-admin
Parameters
group-id: Specifies an existing mirroring group by its number.
· In Release 1135, the value range is 1 to 4.
· In Release 1138P01 and later versions, the value range is 1 to 6.
interface-type interface-number: Specifies a port by its type and number.
Usage guidelines
You can configure egress ports only for remote source groups.
For port mirroring to work correctly, disable the following features on the egress port of a mirroring group:
· Spanning tree.
· IGMP snooping.
· Static ARP.
· MAC address learning.
Do not configure a port of an existing mirroring group as an egress port.
Examples
# Create remote source group 1 and configure FortyGigE 1/0/1 as its egress port in system view.
<Sysname> system-view
[Sysname] mirroring-group 1 remote-source
[Sysname] mirroring-group 1 monitor-egress fortygige 1/0/1
# Create remote source group 2 and configure FortyGigE 1/0/2 as its egress port in interface view.
<Sysname> system-view
[Sysname] mirroring-group 2 remote-source
[Sysname] interface fortygige 1/0/2
[Sysname-FortyGigE1/0/2] mirroring-group 2 monitor-egress
Related commands
mirroring-group
mirroring-group monitor-port (interface view)
Use mirroring-group monitor-port to configure the port as the monitor port for a mirroring group.
Use undo mirroring-group monitor-port to remove the monitor port from a mirroring group.
Syntax
mirroring-group group-id monitor-port
undo mirroring-group group-id monitor-port
Default
No monitor port is configured for a mirroring group.
Views
Interface view
Predefined user roles
network-admin
mdc-admin
Parameters
group-id: Specifies an existing mirroring group by its number.
· In Release 1135, the value range is 1 to 4.
· In Release 1138P01 and later versions, the value range is 1 to 6.
Usage guidelines
You can configure monitor ports only for local mirroring groups and remote destination groups.
Use a monitor port only for port mirroring, so the data monitoring device receives only the mirrored traffic.
Do not configure a port of an existing mirroring group as a monitor port.
Examples
# Create local mirroring group 1 and configure FortyGigE 1/0/1 as its monitor port.
<Sysname> system-view
[Sysname] mirroring-group 1 local
[Sysname] interface fortygige 1/0/1
[Sysname-FortyGigE1/0/1] mirroring-group 1 monitor-port
# Create remote destination group 2 and configure FortyGigE 1/0/2 as its monitor port.
<Sysname> system-view
[Sysname] mirroring-group 2 remote-destination
[Sysname] interface fortygige 1/0/2
[Sysname-FortyGigE1/0/2] mirroring-group 2 monitor-port
Related commands
mirroring-group
mirroring-group monitor-port (system view)
Use mirroring-group monitor-port to configure a port as the monitor port for a mirroring group.
Use undo mirroring-group monitor-port to remove the monitor port from a mirroring group.
Syntax
mirroring-group group-id monitor-port interface-type interface-number
undo mirroring-group group-id monitor-port interface-type interface-number
Default
No monitor port is configured for a mirroring group.
Views
System view
Predefined user roles
network-admin
mdc-admin
Parameters
group-id: Specifies an existing mirroring group by its number.
· In Release 1135, the value range is 1 to 4.
· In Release 1138P01 and later versions, the value range is 1 to 6.
interface-type interface-number: Specifies a port by its type and number.
Usage guidelines
You can configure monitor ports only for local mirroring groups and remote destination groups.
Use a monitor port only for port mirroring, so the data monitoring device receives only the mirrored traffic.
Do not configure a port of an existing mirroring group as a monitor port.
Examples
# Create local mirroring group 1, and configure FortyGigE 1/0/1 as its monitor port.
<Sysname> system-view
[Sysname] mirroring-group 1 local
[Sysname] mirroring-group 1 monitor-port fortygige 1/0/1
# Create remote destination group 2, and configure FortyGigE 1/0/2 as its monitor port.
<Sysname> system-view
[Sysname] mirroring-group 2 remote-destination
[Sysname] mirroring-group 2 monitor-port fortygige 1/0/2
Related commands
mirroring-group
mirroring-group reflector-port
Use mirroring-group reflector-port to configure the reflector port for a remote source group.
Use undo mirroring-group reflector-port to remove the reflector port from a remote source group.
Syntax
In system view:
mirroring-group group-id reflector-port interface-type interface-number
undo mirroring-group group-id reflector-port interface-type interface-number
In interface view:
mirroring-group group-id reflector-port
undo mirroring-group group-id reflector-port
Default
No reflector port is configured for a mirroring group. A port does not act as the reflector port for a mirroring group.
Views
System view, interface view
Predefined user roles
network-admin
mdc-admin
Parameters
group-id: Specifies an existing mirroring group by its number.
· In Release 1135, the value range is 1 to 4.
· In Release 1138P01 and later versions, the value range is 1 to 6.
interface-type interface-number: Specifies a port by its type and number.
Usage guidelines
You can configure reflector ports only for remote source groups.
The port to be configured as a reflector port must be a port not in use. Do not connect a cable to a reflector port.
When a port is configured as a reflector port, the port restores to the factory default settings. You cannot configure other features on a reflector port.
You cannot change the duplex mode and port rate for a port after the port is configured as a reflector port.
Examples
# Create remote source group 1, and configure FortyGigE 1/0/1 as its reflector port in system view.
<Sysname> system-view
[Sysname] mirroring-group 1 remote-source
[Sysname] mirroring-group 1 reflector-port fortygige 1/0/1
This operation may delete all settings made on the interface. Continue? [Y/N]: y
# Create remote source group 2, and configure FortyGigE 1/0/2 as its reflector port in interface view.
<Sysname> system-view
[Sysname] mirroring-group 2 remote-source
[Sysname] interface fortygige 1/0/2
[Sysname-FortyGigE1/0/2] mirroring-group 2 reflector-port
This operation may delete all settings made on the interface. Continue? [Y/N]: y
Related commands
mirroring-group
mirroring-group remote-probe vlan
Use mirroring-group remote-probe vlan to specify a VLAN as the remote probe VLAN for a mirroring group.
Use undo mirroring-group remote-probe vlan to remove a remote probe VLAN from a mirroring group.
Syntax
mirroring-group group-id remote-probe vlan vlan-id
undo mirroring-group group-id remote-probe vlan vlan-id
Default
No remote probe VLAN is configured for a mirroring group.
Views
System view
Predefined user roles
network-admin
mdc-admin
Parameters
group-id: Specifies an existing mirroring group by its number.
· In Release 1135, the value range is 1 to 4.
· In Release 1138P01 and later versions, the value range is 1 to 6.
vlan-id: Specifies a VLAN by its ID.
Usage guidelines
You can configure remote probe VLANs only for remote source groups and remote destination groups.
When a VLAN is configured as a remote probe VLAN, use the remote probe VLAN for port mirroring exclusively.
The remote mirroring groups on the source device and destination device must use the same remote probe VLAN.
Only a static VLAN that already exists can be configured as a remote probe VLAN. A VLAN can be configured as the remote probe VLAN for only one mirroring group.
To delete a VLAN that is configured as a remote probe VLAN, remove the remote probe VLAN configuration first.
Examples
# Create remote source group 1, and configure VLAN 10 as its remote probe VLAN.
<Sysname> system-view
[Sysname] mirroring-group 1 remote-source
[Sysname] mirroring-group 1 remote-probe vlan 10
# Create remote destination group 2, and configure VLAN 20 as its remote probe VLAN.
<Sysname> system-view
[Sysname] mirroring-group 2 remote-destination
[Sysname] mirroring-group 2 remote-probe vlan 20
Related commands
mirroring-group
Flow mirroring commands
The flow mirroring commands are available on both Layer 2 and Layer 3 Ethernet interfaces. The term "interface" in this chapter collectively refers to these two types of interfaces. You can use the port link-mode command to configure an Ethernet port as a Layer 2 or Layer 3 interface (see Layer 2—LAN Switching Configuration Guide).
mirror-to
Use mirror-to to configure a mirroring action for a traffic behavior.
Use undo mirror-to to delete a mirroring action.
Syntax
mirror-to { cpu | interface interface-type interface-number }
undo mirror-to { cpu | interface interface-type interface-number }
Default
No mirroring action is configured for a traffic behavior.
Views
Traffic behavior view
Predefined user roles
network-admin
mdc-admin
Parameters
cpu: Specifies the CPU of the card that receives the packets matching the criteria defined in the traffic class.
interface interface-type interface-number: Specifies an interface by its type and number.
Usage guidelines
You can configure the action of mirroring traffic to multiple interfaces for a traffic behavior.
Examples
# Create traffic behavior 1, and configure the action of mirroring traffic to the CPU for the traffic behavior.
<Sysname> system-view
[Sysname] traffic behavior 1
[Sysname-behavior-1] mirror-to cpu
# Create traffic behavior 1, and configure the action of mirroring traffic to FortyGigE 1/0/1 for the traffic behavior.
<Sysname> system-view
[Sysname] traffic behavior 1
[Sysname-behavior-1] mirror-to interface fortygige 1/0/1
# Create traffic behavior 1, and configure the action of mirroring traffic to VLAN 100 for the traffic behavior.
<Sysname> system-view
[Sysname] traffic behavior 1
[Sysname-behavior-1] mirror-to vlan 100
sFlow commands
display sflow
Use display sflow to display sFlow configuration and operation information.
Syntax
display sflow
Views
Any view
Predefined user roles
network-admin
network-operator
mdc-admin
mdc-operator
Examples
# Display sFlow configuration and operation information.
<Sysname> display sflow
sFlow datagram version: 5
Global information:
Agent IP: 10.10.10.1(CLI)
Source address: 10.0.0.1 2001::1
Collector information:
ID IP Port Aging Size VPN-instance Description
1 22:2:20::10 6535 N/A 1400 netserver
2 192.168.3.5 6543 500 1400 Office
Port information:
Interface CID Interval(s) FID MaxHLen Rate Mode Status
FGE1/0/1 1 100 1 128 1000 Random Active
FGE1/0/2 2 100 2 128 1000 Random Active
Table 31 Command output
Field |
Description |
sFlow datagram version |
sFlow version, which can only take the value of 5. |
Global information |
Global sFlow information. |
Agent IP |
IP address of the sFlow agent: · CLI—Manually configured IP address. · Auto—Automatically configured IP address. |
Source address |
Source IP address of sFlow packets. |
Collector information |
sFlow collector information. |
ID |
sFlow collector ID. |
IP |
sFlow collector IP address. |
Port |
sFlow collector port. |
Aging |
Remaining lifetime of the sFlow collector. If this field displays N/A, the sFlow collector never ages out. |
Size |
Maximum length of the sFlow data portion in an sFlow packet. |
VPN-instance |
Name of the VPN bound with the sFlow collector. |
Description |
Description of the sFlow collector. |
Port information |
Information about interfaces configured with sFlow. |
Interface |
Interface configured with sFlow. |
CID |
ID of the sFlow collector, for receiving counter sampled packets. If no sFlow collector ID is specified, this field displays 0. |
Interval(s) |
Counter sampling interval, in seconds. |
FID |
ID of the sFlow collector for receiving flow sampled packets. If no sFlow collector ID is specified, this field displays 0. |
MaxHLen |
Maximum number of bytes that can be copied in a sampled packet (starting from the packet header). |
Rate |
Number of packets out of which the interface samples a packet by using flow sampling. |
Mode |
Flow sampling mode. Random indicates sampling a random number of packets. |
Status |
Physical status of the port configured with sFlow: · Suspended—The port is down. · Active—The port is up. |
sflow agent
Use sflow agent to configure an IP address for the sFlow agent.
Use undo sflow agent to restore the default.
Syntax
sflow agent ip ip-address
undo sflow agent ip
Default
No IP address is configured for the sFlow agent. The device periodically checks whether the sFlow agent has an IP address. If not, the device automatically selects an IPv4 address for the sFlow agent but does not save the IPv4 address in the configuration file.
Views
System view
Predefined user roles
network-admin
mdc-admin
Parameters
ip ip-address: Specifies an IPv4 address for the sFlow agent.
Usage guidelines
As a best practice, manually configure an IP address for the sFlow agent.
Only one IP address can be specified for the sFlow agent on the device, and a newly configured IP address overwrites the existing one.
Examples
# Specify IP address 10.10.10.1 for the sFlow agent.
<Sysname> system-view
[Sysname] sflow agent ip 10.10.10.1
sflow collector
Use sflow collector to configure parameters for an sFlow collector.
Use undo sflow collector to remove an sFlow collector.
Syntax
sflow collector collector-id [ vpn-instance vpn-instance-name ] ip ip-address [ port port-number ] [ datagram-size size ] [ time-out seconds ] [ description text ]
undo sflow collector collector-id
Default
No sFlow collector information is configured.
Views
System view
Predefined user roles
network-admin
mdc-admin
Parameters
collector-id: Specifies an sFlow collector by its ID in the range of 1 to 10.
vpn-instance vpn-instance-name: Specifies a VPN instance by its name for the sFlow collector. A VPN instance name is a case-sensitive string of 1 to 31 characters and cannot contain spaces. By default, the sFlow collector belongs to the public network.
ip ip-address: Specifies the IPv4 address of the sFlow collector.
description text: Configures a description for the sFlow collector. The default description is "CLI Collector."
datagram-size size: Specifies the maximum length of the sFlow data portion in an sFlow packet. The value range for the size argument is 200 to 3000 bytes and the default is 1400 bytes.
port port-number: Specifies the port number of the sFlow collector, in the range of 1 to 65535. The default is 6343.
time-out seconds: Specifies the aging timer of the sFlow collector, in the range of 1 to 2147483647 seconds. When the aging timer expires, the sFlow collector is deleted. For an sFlow collector with the aging timer configured, the system does not save its configuration in the configuration file. By default, the sFlow collector does not age out.
Examples
# Configure the following parameters for sFlow collector 2:
· IP address—3.3.3.1.
· Port number—Default.
· Description—netserver.
· Aging timer—1200 seconds.
· Maximum length of the sFlow data portion in the sFlow packet—1000 bytes.
<Sysname> system-view
[Sysname] sflow collector 2 ip 3.3.3.1 description netserver time-out 1200 datagram-size 1000
sflow counter interval
Use sflow counter interval to enable counter sampling and set a counter sampling interval.
Use undo sflow counter interval to restore the default.
Syntax
sflow counter interval interval-time
undo sflow counter interval
Default
Counter sampling is disabled.
Views
Ethernet interface view
Predefined user roles
network-admin
mdc-admin
Parameters
interval-time: Specifies the counter sampling interval in the range of 2 to 86400 seconds.
Examples
# Enable counter sampling and set the counter sampling interval to 120 seconds on FortyGigE 1/0/1.
<Sysname> system-view
[Sysname] interface fortygige 1/0/1
[Sysname-FortyGigE1/0/1] sflow counter interval 120
sflow counter collector
Use sflow counter collector to specify an sFlow collector for counter sampling.
Use undo sflow counter collector to restore the default.
Syntax
sflow counter collector collector-id
undo sflow counter collector
Default
No sFlow collector is specified for counter sampling.
Views
Ethernet interface view
Predefined user roles
network-admin
mdc-admin
Parameters
collector-id: Specifies an sFlow collector by its ID in the range of 1 to 10.
Examples
# Specify sFlow collector 2 on FortyGigE 1/0/1 for counter sampling.
<Sysname> system-view
[Sysname] interface fortygige 1/0/1
[Sysname-FortyGigE1/0/1] sflow counter collector 2
sflow flow collector
Use sflow flow collector to specify an sFlow collector for flow sampling.
Use undo sflow flow collector to restore the default.
Syntax
sflow flow collector collector-id
undo sflow flow collector
Default
No sFlow collector is specified for flow sampling.
Views
Ethernet interface view
Predefined user roles
network-admin
mdc-admin
Parameters
collector-id: Specifies an sFlow collector by its ID in the range of 1 to 10.
Examples
# Specify sFlow collector 2 on FortyGigE 1/0/1 for flow sampling.
<Sysname> system-view
[Sysname] interface fortygige 1/0/1
[Sysname-FortyGigE1/0/1] sflow flow collector 2
sflow flow max-header
Use sflow flow max-header to set the maximum number of bytes of a packet (starting from the packet header) that flow sampling can copy.
Use undo sflow flow max-header to restore the default.
Syntax
sflow flow max-header length
undo sflow flow max-header
Default
Flow sampling can copy up to 128 bytes of a packet.
Views
Ethernet interface view
Predefined user roles
network-admin
mdc-admin
Parameters
length: Specifies the maximum number of bytes that can be copied, in the range of 18 to 512. As a best practice, use the default.
Examples
# Set the maximum number of bytes that can be copied to 60 on FortyGigE 1/0/1.
<Sysname> system-view
[Sysname] interface fortygige 1/0/1
[Sysname-FortyGigE1/0/1] sflow flow max-header 60
sflow sampling-mode
Use sflow sampling-mode to specify a flow sampling mode.
Use undo sflow sampling-mode to restore the default.
Syntax
sflow sampling-mode { determine | random }
undo sflow sampling-mode
Default
The default is random.
Views
Ethernet interface view
Predefined user roles
network-admin
mdc-admin
Parameters
determine: Specifies the fixed sampling mode. The switch does not support the determine mode in the current software version. For example, if the flow sampling interval is set to 4000 (by using the sflow sampling-rate command), the device samples packets as follows:
· The device randomly samples a packet, like the tenth packet, from the first 4000 packets.
· The next time the device samples the 4010th packet, and so on.
random: Specifies the random sampling mode. For example, if the packet sampling interval is set to 4000, the device samples packets randomly as follows:
· The device might sample one packet from the first 4000 packets.
· The device might sample multiple packets from the next 4000 packets.
· The device might sample no packets from the third 4000 packets.
However, the device samples one packet from 4000 packets on average.
Examples
# Specify fixed flow sampling mode on FortyGigE 1/0/1.
<Sysname> system-view
[Sysname] interface fortygige 1/0/1
[Sysname-FortyGigE1/0/1] sflow sampling-mode determine
Related commands
sflow sampling-rate
sflow sampling-rate
Use sflow sampling-rate to enable flow sampling and specify the number of packets out of which flow sampling will sample a packet on an interface.
Use undo sflow sampling-rate to disable flow sampling.
Syntax
sflow sampling-rate rate
undo sflow sampling-rate
Default
Flow sampling samples no packet.
Views
Ethernet interface view
Predefined user roles
network-admin
mdc-admin
Parameters
rate: Specifies the number of packets out of which flow sampling will sample a packet on the interface. The value range for this argument is 1000 to 500000.
Examples
# Enable flow sampling to sample a packet out of 4000 packets on FortyGigE 1/0/1.
<Sysname> system-view
[Sysname] interface fortygige 1/0/1
[Sysname-FortyGigE1/0/1] sflow sampling-rate 4000
Related commands
sflow sampling-mode
sflow source
Use sflow source to specify the source IP address of sent sFlow packets.
Use undo sflow source to restore the default.
Syntax
sflow source ip ip-address
undo sflow source ip
Default
The source IP address of sent sFlow packets is determined by routing.
Views
System view
Predefined user roles
network-admin
mdc-admin
Parameters
ip ip-address: Specifies the source IPv4 address of sent sFlow packets.
Examples
# Specify the source IPv4 address of sent sFlow packets as 10.0.0.1.
<Sysname> system-view
[Sysname] sflow source ip 10.0.0.1
EAA commands
The EAA feature is available in Release 1138P01 and later versions.
action cli
Use action cli to add a CLI action to a monitor policy.
Use undo action to remove an action.
Syntax
action number cli command-line
undo action number
Default
A monitor policy does not contain any actions.
Views
CLI-defined policy view
Predefined user roles
network-admin
mdc-admin
Parameters
number: Specifies an action ID in the range of 0 to 231.
cli command-line: Specifies the command line to be executed when the event occurs. You can enter abbreviated forms of command keywords, but you must make sure the forms can uniquely identify the command keywords. For example, you can enter dis cu for the display current-configuration command.
Usage guidelines
You can configure a series of actions to be executed in response to the event specified in a monitor policy. If two actions have the same ID, the most recent one takes effect.
EAA executes the actions in ascending order of action IDs. When you add actions to a policy, you must make sure the execution order is correct.
To execute a command in a view other than user view, you must define actions required for accessing the target view before defining the command execution action. In addition, you must number the actions in the order they should be executed, starting with entering system view.
For example, to shut down an interface, you must create the following actions in order:
1. Action to enter system view.
2. Action to enter interface view.
3. Action to shut down the interface.
When you define an action, you can specify a value or specify a variable name for an argument. For more information about using EAA environment variables, see "rtm environment."
Examples
# Configure the CLI-defined policy test to shut down FortyGigE 1/0/1 when the policy is triggered.
<Sysname> system-view
[Sysname] rtm cli-policy test
[Sysname-rtm-test] action 1 cli system-view
[Sysname-rtm-test] action 2 cli interface fortygige 1/0/1
[Sysname-rtm-test] action 3 cli shutdown
action reboot
Use action reboot to add a reboot action to a monitor policy.
Use undo action to remove an action.
Syntax
In standalone mode:
action number reboot [ slot slot-number ]
undo action number
In IRF mode:
action number reboot [ chassis chassis-number [ slot slot-number ] ]
undo action number
Default
A monitor policy does not contain any actions.
Views
CLI-defined policy view
Predefined user roles
network-admin
mdc-admin
Parameters
number: Specifies an action ID in the range of 0 to 231.
chassis chassis-number: Specifies an IRF member device by its member ID. If you do not specify a member device, the command reboots all IRF member devices. (In IRF mode.)
slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command reboots all cards. (In standalone mode.)
Usage guidelines
You can configure a series of actions to be executed in response to the event specified in a monitor policy. If two actions have the same ID, the most recent one takes effect.
EAA executes the actions in ascending order of action IDs. When you add actions to a policy, you must make sure the execution order is correct.
The reboot action configured with this command reboots devices or cards without saving the running configuration. If you want to save the running configuration, use the action cli command to configure reboot actions.
When you define an action, you can specify a value or specify a variable name for an argument. For more information about using EAA environment variables, see "rtm environment."
Examples
# (In standalone mode.) Configure an action for the CLI-defined policy test to reboot the device.
<Sysname> system-view
[Sysname] rtm cli-policy test
[Sysname-rtm-test] action 3 reboot
# (In IRF mode.) Configure an action for the CLI-defined policy test to reboot IRF member device 1.
<Sysname> system-view
[Sysname] rtm cli-policy test
[Sysname-rtm-test] action 3 reboot chassis 1
action switchover
Use action switchover to add an active/standby switchover action to a monitor policy.
Use undo action to remove an action.
Syntax
action number switchover
undo action number
Default
A monitor policy does not contain any actions.
Views
CLI-defined policy view
Predefined user roles
network-admin
mdc-admin
Parameters
number: Specifies an action ID in the range of 0 to 231.
Usage guidelines
This command does not trigger an active/standby switchover in either of the following situations:
· The device has only one MPU.
· The standby MPU is not in up state.
You can configure a series of actions to be executed in response to the event specified in a monitor policy.
If two actions have the same ID, the most recent one takes effect.
EAA executes the actions in ascending order of action IDs. You must make sure the execution order is correct when you add actions to a policy.
Examples
# Configure an action for the CLI-defined policy test to perform an active/standby switchover.
<Sysname> system-view
[Sysname] rtm cli-policy test
[Sysname-rtm-test] action 3 switchover
action syslog
Use action syslog to add a Syslog action to a monitor policy.
Use undo action to remove an action.
Syntax
action number syslog priority priority facility local-number msg msg-body
undo action number
Default
A monitor policy does not contain any actions.
Views
CLI-defined policy view
Predefined user roles
network-admin
mdc-admin
Parameters
number: Specifies an action ID in the range of 0 to 231.
priority priority: Specifies the log severity level in the range of 0 to 7. A lower value represents a higher severity level.
facility local-number: Specifies a logging facility by its facility number in the range of local0 to local7. Facility numbers are used by a log host to identify log creation facilities for filtering log messages.
msg msg-body: Configures the log message body.
Usage guidelines
EAA sends log messages to the information center. You can configure the information center to output these messages to certain destinations. For more information about the information center, see "Configuring the information center."
You can configure a series of actions to be executed in response to the event specified in a monitor policy.
EAA executes the actions in ascending order of action IDs. When you add actions to a policy, you must make sure the execution order is correct.
If two actions have the same ID, the most recent one takes effect.
When you define an action, you can specify a value or specify a variable name for an argument. For more information about using EAA environment variables, see "rtm environment."
Examples
# Configure an action for the CLI-defined policy test to send a log message "hello" with a severity of 7 from the facility device local3.
<Sysname> system-view
[Sysname] rtm cli-policy test
[Sysname-rtm-test] action 3 syslog priority 7 facility local3 msg hello
commit
Use commit to enable a CLI-defined monitor policy.
Syntax
commit
Default
No CLI-defined policies are enabled.
Views
CLI-defined policy view
Predefined user roles
network-admin
mdc-admin
Usage guidelines
You must execute this command for a CLI-defined policy to take effect.
After changing the settings in a policy that has been enabled, you must re-execute this command for the changes to take effect.
Examples
# Enable the CLI-defined policy test.
<Sysname> system-view
[Sysname] rtm cli-policy test
[Sysname-rtm-test] commit
display rtm environment
Use display rtm environment to display user-defined EAA environment variables and their values.
Syntax
display rtm environment [ var-name ]
Views
Any view
Predefined user roles
network-admin
mdc-admin
Parameters
var-name: Specifies a user-defined EAA environment variable by its name, a case-sensitive string of 1 to 63 characters. The name can contain digits, letters, and the underscore sign (_), but its leading character cannot be the underscore sign. If you do not specify a variable, this command displays all user-defined EAA environment variables.
Examples
# Display all user-defined EAA environment variables.
<Sysname> display rtm environment
Name Value
config_cmd interface m1/0/1
save_cmd save main force
show_run_cmd display current-configuration
Field |
Description |
Name |
Name of a user-defined EAA environment variable. This field displays a maximum of 30 characters. To display a user-defined EAA environment variable name of more than 30 characters, use the display current-configuration command. |
Value |
Value of the user-defined EAA environment variable. This field displays a maximum of 30 characters. To display a user-defined EAA environment variable value of more than 30 characters, use the display current-configuration command. |
display rtm policy
Use display rtm policy to display monitor policies.
Syntax
display rtm policy { active | registered [ verbose ] } [ policy-name ]
Views
Any view
Predefined user roles
network-admin
mdc-admin
Parameters
active: Displays policies that are running.
registered: Displays policies that have been created.
policy-name: Specifies a policy by its name. If you do not specify a policy, the command displays all monitor policies that are running or have been created.
verbose: Displays detailed information about monitor policies.
Usage guidelines
To display the running configuration of CLI-defined monitor policies, execute the display current-configuration command in any view or execute the display this command in CLI-defined monitor policy view.
Examples
# Display all running monitor policies.
<Sysname> display rtm policy active
JID Type Event TimeActive PolicyName
507 TCL INTERFACE Aug 29 14:55:55 2013 test
# Display all monitor policies that have been created.
<Sysname> display rtm policy registered
Total number: 1
Type Event TimeRegistered PolicyName
CLI Aug 29 14:54:50 2013 test
# Display detailed information about all monitor policies.
<Sysname> display rtm policy registered verbose
Total number: 1
Policy Name: test
Policy Type: CLI
Event Type:
TimeRegistered: Aug 29 14:54:50 2013
User-role: network-operator
network-admin
Table 33 Command output
Field |
Description |
JID |
Job ID. This field is available for the display rtm policy active command. |
PolicyName |
Monitor policy name. |
Type Policy Type |
Policy creation method: · TCL—The policy was configured by using Tcl. · CLI—The policy was configured from the CLI. |
Event Event Type |
Source of the event specified in the policy. Options include CLI, HOTPLUG, INTERFACE, PROCESS, SNMP, SNMP_NOTIF, and SYSLOG, and Track |
TimeActive |
Time when the policy started to execute. |
TimeRegistered |
Time when the policy was created. |
Total number |
Total number of policies. |
User-role |
User roles for executing the monitor policy. To execute the monitor policy, an administrator must have at least one of the displayed user roles. |
event cli
Use event cli to configure a CLI event for a CLI-defined monitor policy.
Use undo event to delete the event in a CLI-defined monitor policy.
Syntax
event cli { async [ skip ] | sync } mode { execute | help | tab } pattern regular-exp
undo event
Default
No CLI event is configured.
Views
CLI-defined policy view
Predefined user roles
network-admin
mdc-admin
Parameters
async [ skip ]: Enables or disables the system to execute the command that triggers the policy. If you specify the skip keyword, the system executes the actions in the policy without executing the command that triggers the policy. If you do not specify the skip keyword, the system executes both the actions in the policy and the command entered at the CLI.
sync: Enables the system to execute the command that triggers the event only if the policy has been executed successfully.
execute: Triggers the policy when a matching command is entered.
help: Triggers the policy when a question mark (?) is entered at a matching command line.
tab: Triggers the policy when the Tab key is pressed to complete a parameter in a matching command line.
pattern regular-exp: Specifies a regular expression for matching commands that trigger the policy. For more information about using regular expressions, see Fundamentals Configuration Guide.
Usage guidelines
Use CLI event monitor policies to monitor operations performed at the CLI.
You can configure only one event for a monitor policy. If the monitor policy already contains an event, the new event replaces the old event.
Examples
# Configure a CLI-defined policy to monitor execution of commands that contain the dis inter brief string. Enable the system to execute the actions in the policy without executing the command that triggers the policy.
<Sysname>system-view
[Sysname] rtm cli-policy test
[Sysname-rmt-test] event cli async skip mode execute pattern dis inter brief
# Configure a CLI-defined policy to monitor the use of the Tab key at command lines that contain the dis inter brief string. Enable the system to execute the actions in the policy and display the complete parameter when Tab is pressed at a policy-matching command line.
<Sysname> system-view
[Sysname] rtm cli-policy test
[Sysname-rmt-test] event cli async mode tab pattern dis inter brief
# Configure a CLI-defined policy to monitor the use of the question mark (?) at command lines that contain the dis inter brief string. Enable the system to execute a policy-matching command line only if the actions in the policy are executed successfully when a question mark is entered at the command line.
<Sysname>system-view
[Sysname] rtm cli-policy test
[Sysname-rmt-test] event cli sync mode help pattern dis inter brief
event hotplug
Use event hotplug to configure a hotplug event for a CLI-defined monitor policy.
Use undo event to delete the event in a CLI-defined monitor policy.
Syntax
In standalone mode:
event hotplug [ insert | remove ] slot slot-number
undo event
In IRF mode:
event hotplug [ insert | remove ] chassis chassis-number slot slot-number
undo event
Default
No hotplug event is configured.
Views
CLI-defined policy view
Predefined user roles
network-admin
mdc-admin
Parameters
insert: Specifies the card insert event.
remove: Specifies the card remove event.
slot slot-number: Specifies a card by its slot number. (In standalone mode.)
chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the card. (In IRF mode.)
Usage guidelines
Use hotplug event monitor policies to monitor cards for card swapping performed while the device is operating.
If you do not specify the remove or insert event, the hotplug event monitor policy monitors cards for both events.
You can configure only one event entry for a monitor policy. If the monitor policy already contains an event entry, the new event entry replaces the old event entry.
Examples
# (In standalone mode.) Configure a CLI-defined policy to monitor the card in slot 2 for card swapping.
<Sysname> system-view
[Sysname] rtm cli-policy test
[Sysname-rtm-test] event hotplug slot 2
# (In IRF mode.) Configure a CLI-defined policy to monitor the card in slot 2 of IRF member device 1 for card swapping.
<Sysname> system-view
[Sysname] rtm cli-policy test
[Sysname-rtm-test] event hotplug chassis 1 slot 2
event interface
Use event interface to configure an interface event for a CLI-defined monitor policy.
Use undo event to delete the event in a CLI-defined monitor policy.
Syntax
event interface interface-type interface-number monitor-obj monitor-obj start-op start-op start-val start-val restart-op restart-op restart-val restart-val [ interval interval ]
undo event
Default
No interface event is configured.
Views
CLI-defined policy view
Predefined user roles
network-admin
mdc-admin
Parameters
interface-type interface-number: Specifies an interface by its type and number.
monitor-obj monitor-obj: Specifies the traffic statistic to be monitored on the interface. For keywords available for the monitor-obj argument, see Table 34.
start-op start-op: Specifies the operator for comparing the monitored traffic statistic with the start threshold. The start threshold is crossed if the comparison result meets the condition. For keywords available for the start-op argument, see Table 35.
start-val start-val: Specifies the start threshold to be compared with the monitored traffic statistic. The value range is 0 to 4294967295.
restart-op restart-op: Specifies the operator for comparing the monitored traffic statistic with the restart threshold. The restart threshold is crossed if the comparison result meets the condition. For keywords available for the restart-op argument, see Table 35.
restart-val restart-val: Specifies the restart threshold to be compared with the monitored traffic statistic. The value range is 0 to 4294967295.
interval interval: Specifies the interval to sample the monitored traffic statistic for a comparison. The value range is 1 to 4294967295, in seconds. The default value is 300.
Monitored traffic statistic |
Description |
input-drops |
Number of discarded incoming packets. |
input-errors |
Number of incoming error packets. |
output-drops |
Number of discarded outgoing packets. |
output-errors |
Number of outgoing error packets. |
rcv-bps |
Receive rate, in bps. |
rcv-broadcasts |
Number of incoming broadcasts. |
rcv-pps |
Receive rate, in packets per second. |
tx-bps |
Transmit rate, in bps. |
tx-pps |
Transmit rate, in packets per second. |
Comparison operator |
Description |
eq |
Equal to. |
ge |
Greater than or equal to. |
gt |
Greater than. |
le |
Less than or equal to. |
lt |
Less than. |
ne |
Not equal to. |
Usage guidelines
Use interface event monitor policies to monitor traffic statistics on an interface.
You can configure only one event for a monitor policy. If the monitor policy already contains an event, the new event replaces the old event.
EAA executes an interface event policy when the monitored interface traffic statistic crosses the start threshold in the following situations:
· The statistic crosses the start threshold for the first time.
· The statistic crosses the start threshold each time after it crosses the restart threshold.
The following is the interface event monitor process of EAA:
1. Compares the traffic statistic sample with the start threshold at sampling intervals until the start threshold is crossed.
2. Executes the policy.
3. Compares the traffic statistic sample with the restart threshold at sampling intervals until the restart threshold is crossed.
4. Compares the traffic statistic sample with the start threshold at sampling intervals until the start threshold is crossed.
5. Executes the policy again.
This process cycles for the monitor policy to be executed and re-executed.
Examples
# Configure a CLI-defined policy to monitor the incoming error packet statistic on FortyGigE 1/0/1 every 60 seconds. Set the start threshold to 1000 and the restart threshold to 50. Enable EAA to execute the policy when the statistic exceeds 1000 for the first time. Enable EAA to re-execute the policy if the statistic exceeds 1000 each time after the statistic has dropped below 50.
<Sysname> system-view
[Sysname] rtm cli-policy test
[Sysname-rtm-test] event interface fortygige 1/0/1 monitor-obj input-errors start-op gt start-val 1000 restart-op lt restart-val 50 interval 60
event process
Use event process to configure a process event for a CLI-defined monitor policy.
Use undo event to delete the event in a CLI-defined monitor policy.
Syntax
In standalone mode:
event process { exception | restart | shutdown | start } [ name process-name [ instance instance-id ] ] [ slot slot-number ]
undo event
In IRF mode:
event process { exception | restart | shutdown | start } [ name process-name [ instance instance-id ] ] [ chassis chassis-number [ slot slot-number ] ]
undo event
Default
No process event is configured.
Views
CLI-defined policy view
Predefined user roles
network-admin
mdc-admin
Parameters
exception: Monitors the specified process for exceptional events. EAA executes the policy when an exception occurs to the monitored process.
restart: Monitors the specified process for restart events. EAA executes the policy when the monitored process restarts.
shutdown: Monitors the specified process for shutdown events. EAA executes the policy when the monitored process is shut down.
start: Monitors the specified process for start events. EAA executes the policy when the monitored process starts.
name process-name: Specifies a user-mode process by its name. The process can be one that is running or not running. If you do not specify a name, this command monitors all use-mode processes.
instance instance-id: Specifies a process instance ID in the range of 0 to 4294967295. The instance ID can be one that has not been created yet. If you specify an instance, EAA only monitors the process instance. If you do not specify an instance, EAA monitors all instances of the process.
chassis chassis-number: Specifies an IRF member device by its member ID. If you do not specify a member device, the policy applies to all IRF member devices. (In IRF mode.)
slot slot-number: Specifies a card by its slot number. If you do not specify a card, the policy applies to all cards. (In standalone mode.)
Usage guidelines
Use process event monitor policies to monitor process state changes. These changes can result from manual operations or automatic system operations.
You can configure only one event for a monitor policy. If the monitor policy already contains an event, the new event replaces the old event.
Examples
# Configure a CLI-defined policy to monitor all instances of the process snmpd for restart events.
<Sysname>system-view
[Sysname] rtm cli-policy test
[Sysname-rtm-test] event process restart name snmpd
event snmp oid
Use event snmp oid to configure an SNMP event for a CLI-defined monitor policy.
Use undo event to delete the event in a CLI-defined monitor policy.
Syntax
event snmp oid oid monitor-obj { get | next } start-op start-op start-val start-val restart-op restart-op restart-val restart-val [ interval interval ]
undo event
Default
No SNMP event is configured.
Views
CLI-defined policy view
Predefined user roles
network-admin
mdc-admin
Parameters
oid oid: Specifies the OID of the monitored MIB variable, a string of 1 to 256 characters.
monitor-obj { get | next }: Specifies the SNMP operation used for sampling variable values. The get keyword represents the SNMP get operation, and the next keyword represents the SNMP getNext operation.
start-op start-op: Specifies the operator for comparing the sampled value with the start threshold. The start threshold is crossed if the comparison result meets the condition. For keywords available for the start-op argument, see Table 35.
start-val start-val: Specifies the start threshold to be compared with the sampled value. The start-val argument can be any data type supported by SNMP, including numerals and character strings. The CLI online help system displays the value range as character strings of 1 to 512 characters. If the threshold value contains spaces, you must enclose the value in quotation marks (" ").
restart-op op: Specifies the operator for comparing the sampled value with the restart threshold. The restart threshold is crossed if the comparison result meets the condition. For keywords available for the start-op argument, see Table 35.
restart-op restart-val: Specifies the restart threshold to be compared with the sampled value. The restart-val argument can be any data type supported by SNMP, including numerals and character strings. The CLI online help system displays the value range as character strings of 1 to 512 characters. If the threshold value contains spaces, you must enclose the value in quotation marks (" ").
interval interval: Specifies the sampling interval in the range of 1 to 4294967295, in seconds. The default value is 300.
Usage guidelines
Use SNMP event monitor policy to monitor value changes of MIB variables.
You can configure only one event for a monitor policy. If the monitor policy already contains an event, the new event replaces the old event.
EAA executes an SNMP event policy when the monitored MIB variable's value crosses the start threshold in the following situations:
· The monitored variable's value crosses the start threshold for the first time.
· The monitored variable's value crosses the start threshold each time after it crosses the restart threshold.
The following is the SNMP event monitor process of EAA:
1. Compares the variable sample with the start threshold at sampling intervals until the start threshold is crossed.
2. Executes the policy.
3. Compares the variable sample with the restart threshold at sampling intervals until the restart threshold is crossed.
4. Compares the variable sample with the start threshold at sampling intervals until the start threshold is crossed.
5. Executes the policy again.
This process cycles for the monitor policy to be executed and re-executed.
Examples
# Configure a CLI-defined policy to get the value of the MIB variable 1.3.6.4.9.9.42.1.2.1.6.4 every five seconds. Set the start threshold to 1 and the restart threshold to 2. Enable EAA to execute the policy when the value changes to 1 for the first time. Enable EAA to re-execute the policy if the value changes to 1 each time after the value has changed to 2.
<Sysname> system-view
[Sysname] rtm cli-policy test
[Sysname-rtm-test] event snmp oid 1.3.6.4.9.9.42.1.2.1.6.4 monitor-obj get start-op eq start-val 1 restart-op eq restart-val 2 interval 5
event snmp-notification
Use event snmp-notification to configure an SNMP-Notification event for a CLI-defined policy.
Use undo event to remove the event in a CLI-defined policy.
Syntax
event snmp-notification oid oid oid-val oid-val op op [ drop ]
undo event
Default
No SNMP-Notification event is configured.
Views
CLI-defined policy view
Predefined user roles
network-admin
mdc-admin
Parameters
oid oid: Specifies the OID of the monitored MIB variable, a string of 1 to 256 characters.
oid-val oid-val: Specifies the threshold to be compared with the sampled value. The oid-val argument can be any data type supported by SNMP, including numerals and character strings. The CLI online help system displays the value range as character strings of 1 to 512 characters. If the threshold value contains spaces, you must enclose the value in quotation marks (" ").
op op: Specifies the operator for comparing the sampled value with the threshold. The policy is executed if the comparison result meets the condition. For keywords available for the start-op argument, see Table 35.
drop: Drops the notification if the comparison result meets the condition. If you do not specify this keyword, the system sends the notification.
Usage guidelines
Use SNMP-Notification event monitor policies to monitor variables in SNMP notifications.
EAA executes an SNMP-Notification event monitor policy when the value of the monitored variable in an SNMP notification meets the specified condition.
You can configure only one event for a monitor policy. If the monitor policy already contains an event, the new event replaces the old event.
Examples
# Configure a CLI-defined policy test to monitor SNMP notifications that contain the variable OID 1.3.6.1.4.1.25506.2.2.1.1.2.1.0. Enable the system to drop an SNMP notification and execute the policy if the variable in the notification contains the user name admin.
<Sysname> system-view
[Sysname] rtm cli-policy test
[Sysname-rtm-test] event snmp-notification oid 1.3.6.1.4.1.25506.2.2.1.1.2.1.0 oid-val admin op eq drop
event syslog
Use event syslog to configure a Syslog event for a CLI-defined monitor policy.
Use undo event to delete the event in a CLI-defined monitor policy.
Syntax
event syslog priority priority msg msg occurs times period period
undo event
Default
No Syslog event is configured.
Views
CLI-defined policy view
Predefined user roles
network-admin
mdc-admin
Parameters
priority priority: Specifies the lowest severity level for matching log messages. The level argument can be an integer in the range of 0 to 7, or the word all, which represents any severity level from 0 to 7. A lower number represents higher priority level. For example, specify a severity level of 3 to match log messages from level 3 to level 0.
msg msg: Specifies a regular expression to match the message body, a string of 1 to 255 characters. The log message must use the H3C format. For more information about log message formats, see "Configuring the information center."
occurs times period period: Executes the policy if the number of log matches over an interval exceeds the limit. The times argument specifies the maximum number of log matches in the range of 1 to 32. The period argument specifies an interval in the range of 1 to 4294967295 seconds.
Usage guidelines
Use Syslog event monitor policies to monitor log messages.
EAA executes a Syslog event monitor policy when the number of matching logs over an interval reaches the limit.
|
NOTE: EAA does not count log messages generated by the RTM module when it counts log matches. |
You can configure only one event for a monitor policy. If the monitor policy already contains an event, the new event replaces the old event.
Examples
# Configure a CLI-defined policy to monitor Syslog messages for level 3 to level 0 messages that contain the down string. Enable the policy to execute when five log matches are found within 6 seconds.
<Sysname> system-view
[Sysname] rtm cli-policy test
[Sysname-rtm-test] event syslog priority 3 msg down occurs 5 period 6
event track
Use event track to configure a track event for a CLI-defined monitor policy.
Use undo event to delete the event in a CLI-defined monitor policy.
Syntax
event track track-list state negative [ suppress-time suppress-time ]
undo event
Default
A CLI-defined policy does not contain a track event.
Views
CLI-defined policy view
Predefined user roles
network-admin
mdc-admin
Parameters
track-list: Specifies a space-separated list of up to 16 track items. Each item specifies a track entry number or a range of track entry numbers in the form of track-entry-number to track-entry-number. The value range for the track-entry-number argument is 1 to 1024.
state negative: Triggers the policy when the states of the track entries change from positive to negative.
suppress-time suppress-time: Specifies a suppress time in the range of 1 to 4294967295, in seconds. The default value is 0.
Usage guidelines
Use track event monitor policies to monitor state change of track entries. If you specify one track entry for a policy, EAA triggers the policy when the state of the track entry changes from positive to negative. If you specify multiple track entries for a policy, EAA triggers the policy only when the state of all the track entries changes from positive to negative.
If you set a suppress time for a track event monitor policy, the timer starts when the policy is triggered. The system does not process the messages that report the track entry positive-to-negative state change until the timer times out.
For example, to automatically disconnect the sessions between the local device and its down link BGP peers when the sessions between the local device and its uplink BGP peers are disconnected, you can configure a track event monitor policy as follows:
· Configure a track event for the policy and specify track entries to monitor the links between the local device and its uplink BGP peers.
· Add the CLI action peer ignore to the policy to disable BGP session establishment between the local device and its downlink BGP peers.
You can configure only one event entry for a monitor policy. If the monitor policy already contains an event entry, the new event entry replaces the old event entry.
Examples
# Create the CLI-defined monitor policy test. Configure a track event for the policy that occurs when the states of track entry 1 to track entry 8 change from positive to negative. Set the suppress time to 180 seconds for the policy. Configure an action for the policy that disconnects the session between the device and its BGP peer.
<Sysname>system-view
[Sysname] rtm cli-policy test
[Sysname-rtm-test] event track 1 to 8 state negative suppress-time 180
[Sysname-rtm-test] action 0 cli system-view
[Sysname-rtm-test] action 1 cli bgp 100
[Sysname-rtm-test] action 2 cli peer 10.1.1.1 ignore
rtm cli-policy
Use rtm cli-policy to create a CLI-defined EAA monitor policy and enter its view, or enter the view of an existing CLI-defined EAA monitor policy.
Use undo rtm cli-policy to delete a CLI-defined monitor policy.
Syntax
rtm cli-policy policy-name
undo rtm cli-policy policy-name
Default
No CLI-defined monitor policies exist.
Views
System view
Predefined user roles
network-admin
mdc-admin
Parameters
policy-name: Specifies the name of a CLI-defined monitor policy, a case-sensitive string of 1 to 63 characters.
Usage guidelines
You must create a CLI-defined monitor policy before you can use the CLI to configure settings in the policy.
You can assign the same policy name to a CLI-defined policy and a Tcl-defined policy, but you cannot assign the same name to policies that are the same type.
For a CLI-defined monitor policy to take effect, you must execute the commit command after you complete configuring the policy.
Examples
# Create a CLI-defined policy and enter its view.
<Sysname> system-view
[Sysname] rtm cli-policy test
Related commands
commit
rtm environment
Use rtm environment to configure an EAA environment variable.
Use undo rtm environment to delete a user-defined EAA environment variable.
Syntax
rtm environment var-name var-value
undo rtm environment var-name
Default
No user-defined EAA environment variables exist.
The system provides the variables in Table 36. You cannot create, delete, or modify these system-defined variables.
Table 36 System-defined EAA environment variables by event type
Variable name |
Description |
Any event: |
|
_event_id |
Event ID. |
_event_type |
Event type. |
_event_type_string |
Event type description. |
_event_time |
Time when the event occurs. |
_event_severity |
Severity level of an event. |
CLI: |
|
_cmd |
Commands that are matched. |
Syslog: |
|
_syslog_pattern |
Log message content. |
Hotplug: |
|
_slot |
ID of the slot where a hot swap event occurs. |
Interface: |
|
_ifname |
Interface name. |
SNMP: |
|
_oid |
OID of the MIB variable where an SNMP operation is performed. |
_oid_value |
Value of the MIB variable. |
SNMP-Notification: |
|
_oid |
OID that is included in the SNMP notification. |
Process: |
|
_process_name |
Process name. |
Views
System view
Predefined user roles
network-admin
mdc-admin
Parameters
var-name: Specifies a user-defined EAA environment variable by its name, a case-sensitive string of 1 to 63 characters. The name can contain digits, letters, and the underscore sign (_), but its leading character cannot be the underscore sign.
var-value: Specifies the variable value.
Usage guidelines
When you define an action, you can enter a variable name with a leading dollar sign ($variable_name) instead of entering a value for an argument. EAA will replace the variable name with the variable value when it performs the action.
For an action argument, you can specify a list of variable names in the form of $variable_name1$variable_name2...$variable_nameN.
Examples
# Create an environment variable: set its name to if and set its value to interface.
<Sysname> system-view
[Sysname] rtm environment if interface
rtm scheduler suspend
Use rtm scheduler suspend to suspend monitor policies.
Use undo rtm scheduler suspend to resume monitor policies.
Syntax
rtm scheduler suspend
undo rtm scheduler suspend
Views
System view
Predefined user roles
network-admin
mdc-admin
Usage guidelines
You need to suspend the monitor policies under the following circumstances:
· The monitor policies are triggered frequently, affecting the system services and performance.
· The Tcl script of a policy needs to be revised.
After you execute this command, EAA will not execute the policies even if the trigger conditions are met.
This command does not suspend a running monitor policy until all its actions are executed.
Examples
# Suspend monitor policies.
<Sysname> system-view
[Sysname] rtm scheduler suspend
rtm tcl-policy
Use rtm tcl-policy to create a Tcl-defined policy and bind it to a Tcl script file.
Use undo rtm tcl-policy to delete a Tcl policy.
Syntax
rtm tcl-policy policy-name tcl-filename
undo rtm tcl-policy policy-name
Default
No Tcl policies exist.
Views
System view
Predefined user roles
network-admin
mdc-admin
Parameters
policy-name: Specifies a policy name, a case-sensitive string of 1 to 63 characters.
tcl-filename: Specifies a .tcl script file name. The file name is case sensitive. You must make sure the file is available on a storage medium of the device.
Usage guidelines
When you use this command to create a Tcl-defined policy, follow these guidelines:
Make sure the script file is saved on all MPUs. This practice ensures that the policy can run correctly after an active/standby or master/standby switchover occurs or the MPU where the script file resides fails or is removed.
This command both creates and enables the specified Tcl-defined monitor policy. To revise the Tcl script of a Tcl-defined policy, you must suspend all monitor policies first, and then resume the policies after you finish revising the script. The system cannot execute a Tcl-defined policy if you edit its Tcl script without suspending all monitor policies.
To bind a Tcl-defined policy to a different Tcl script file:
1. Execute the undo rtm tcl-policy policy-name command to delete the Tcl policy.
2. Create the Tcl policy again, and then bind it to the new Tcl script file.
You can assign the same policy name to a CLI-defined policy and a Tcl-defined policy. However, you cannot assign the same name to policies that are the same type.
Examples
# Create a Tcl policy and bind it to a Tcl script file.
<Sysname> system-view
[Sysname] rtm tcl-policy test test.tcl
running-time
Use running-time to configure the runtime of a CLI-defined policy.
Use undo running-time to restore the default.
Syntax
running-time time
undo running-time
Default
The runtime of a CLI-defined policy is 20 seconds.
Views
CLI-defined policy view
Predefined user roles
network-admin
mdc-admin
Parameters
time: Specifies the runtime of the CLI-defined policy, in the range of 0 to 31536000 seconds. If you specify 0, the policy can run forever until it is manually interrupted.
Usage guidelines
Policy runtime limits the amount of time that the monitor policy can run from the time it is triggered. When the runtime is reached, the system stops executing the policy even if the execution is not finished.
This setting prevents an incorrectly defined policy from running permanently to occupy resources.
Examples
# Set the runtime to 60 seconds for the CLI-defined policy test.
<Sysname> system-view
[Sysname] rtm cli-policy test
[Sysname-rtm-test] running-time 60
user-role
Use user-role to assign a user role to a CLI-defined policy.
Use undo user-role to remove a user role from a CLI-defined policy.
Syntax
user-role role-name
undo user-role role-name
Default
A monitor policy contains user roles that its creator had at the time of policy creation.
Views
CLI-defined policy view
Predefined user roles
network-admin
mdc-admin
Parameters
role-name: Specifies a user role by its name, a case-sensitive string of 1 to 63 characters.
Usage guidelines
For EAA to execute an action in a monitor policy, you must assign the policy the user role that has access to the action-specific commands and resources. If EAA lacks access to an action-specific command or resource, EAA does not perform the action and all the subsequent actions.
For example, a monitor policy has four actions numbered from 1 to 4. The policy has user roles that are required for performing actions 1, 3, and 4, but it does not have the user role required for performing action 2. When the policy is triggered, EAA executes only action 1.
A monitor policy supports a maximum of 64 valid user roles. User roles added after this limit is reached do not take effect.
Examples
# Assign user roles to a CLI-defined policy.
<Sysname> system-view
[Sysname] rtm cli-policy test
[Sysname-rtm-test] user-role network-admin
[Sysname-rtm-test] user-role admin
NQA commands
NQA client commands
advantage-factor
Use advantage-factor to set the advantage factor to be used for calculating Mean Opinion Scores (MOS) and Calculated Planning Impairment Factor (ICPIF) values.
Use undo advantage-factor to restore the default.
Syntax
advantage-factor factor
undo advantage-factor
Default
The advantage factor is 0.
Views
Voice operation view
Predefined user roles
network-admin
mdc-admin
Parameters
factor: Specifies the advantage factor in the range of 0 to 20.
Usage guidelines
The evaluation of voice quality depends on users' tolerance for voice quality. For users with higher tolerance for voice quality, use the advantage-factor command to set an advantage factor. When the system calculates the ICPIF value, it subtracts the advantage factor to modify ICPIF and MOS values for voice quality evaluation.
Examples
# Set the advantage factor to 10 for the voice operation.
<Sysname> system-view
[Sysname] nqa entry admin test
[Sysname-nqa-admin-test] type voice
[Sysname-nqa-admin-test-voice] advantage-factor 10
codec-type
Use codec-type to configure the codec type for the voice operation.
Use undo codec-type to restore the default.
Syntax
codec-type { g711a | g711u | g729a }
undo codec-type
Default
The codec type for the voice operation is G.711 A-law.
Views
Voice operation view
Predefined user roles
network-admin
mdc-admin
Parameters
g711a: Specifies G.711 A-law codec type.
g711u: Specifies G.711 µ-law codec type
g729a: Specifies G.729 A-law codec type.
Examples
# Set the codec type to g729a for the voice operation.
<Sysname> system-view
[Sysname] nqa entry admin test
[Sysname-nqa-admin-test] type voice
[Sysname-nqa-admin-test-voice] codec-type g729a
community read
Use community read to specify the community name for the SNMP operation.
Use undo community read to restore the default.
Syntax
community read { cipher | simple } community-name
undo community read
Default
The SNMP operation uses the community name public.
Views
SNMP operation view
Predefined user roles
network-admin
mdc-admin
Parameters
cipher: Specifies a community name in encrypted form.
simple: Specifies a community name in plaintext form. For security purposes, the community name specified in plaintext form will be stored in encrypted form.
community-name: Specifies the community name. Its plaintext form is a case-sensitive string of 1 to 32 characters. Its encrypted form is a case-sensitive string of 33 to 73 characters.
Usage guidelines
This command is available in Release 1138P01 and later versions.
You must specify the community name for the SNMP operation when both of the following conditions exist:
· The SNMP operation uses the SNMPv1 or SNMPv2c agent.
· The SNMPv1 or SNMPv2c agent is configured with a read-only or read-write community name.
The specified community name must be the same as the community name configured on the SNMP agent.
The community name configuration is not required if the SNMP operation uses the SNMPv3 agent.
For more information about SNMP, see "Configuring SNMP."
Examples
# Specify readaccess as the community name for the SNMP operation.
<Sysname> system-view
[Sysname] nqa entry admin test
[Sysname-nqa-admin-test] type snmp
[Sysname-nqa-admin-test-snmp] community read simple readaccess
data-fill
Use data-fill to configure the payload fill string for probe packets.
Use undo data-fill to restore the default.
Syntax
data-fill string
undo data-fill
Default
The payload fill string is the hexadecimal string 00010203040506070809.
Views
ICMP/UDP echo operation view
Path jitter/UDP jitter/voice operation view
ICMP/TCP/UDP template view
Predefined user roles
network-admin
mdc-admin
Parameters
string: Specifies a case-sensitive string of 1 to 200 characters.
Usage guidelines
If the payload length is smaller than the string length, only the first part of the string is filled. For example, if you configure the string as abcd and set the payload size to 3 bytes, abc is filled.
If the payload length is greater than the string length, the system fills the payload with the string cyclically until the payload is full. For example, if you configure the string as abcd and the payload size as 6 bytes, abcdab is filled.
How the string is filled depends on the operation type.
· For the ICMP echo operation, the string fills the whole payload of an ICMP echo request.
· For the UDP echo operation, the first five bytes of the payload of a UDP packet are for special purpose. The string fills the remaining part of payload.
· For the UDP jitter operation, the first 68 bytes of the payload of a UDP packet are for special purpose. The string fills the remaining part of the payload.
· For the voice operation, the first 16 bytes of the payload of a UDP packet are for special purpose. The string fills the remaining part of the payload.
· For the path jitter operation, the first four bytes of the payload of an ICMP echo request are for special purpose. The string fills the remaining part of payload.
Examples
# Specify abcd as the payload fill string for ICMP echo requests.
<Sysname> system-view
[Sysname] nqa entry admin test
[Sysname-nqa-admin-test] type icmp-echo
[Sysname-nqa-admin-test-icmp-echo] data-fill abcd
# In TCP template view, specify abcd as the payload fill string for probe packets.
<Sysname> system-view
[Sysname] nqa template tcp tcptplt
[Sysname-nqatplt-tcp-tcptplt] data-fill abcd
data-size
Use data-size to set the payload size for each probe packet.
Use undo data-size to restore the default.
Syntax
data-size size
undo data-size
Default
The default payload size of a probe packet for different operations is described in Table 37.
Table 37 Default payload size of a probe packet
Operation type |
Codec type |
Default size (bytes) |
ICMP echo |
N/A |
100 |
UDP echo |
N/A |
100 |
UDP jitter |
N/A |
100 |
UDP tracert |
N/A |
100 |
Path jitter |
N/A |
100 |
Voice |
G.711 A-law |
172 |
Voice |
G.711 µ-law |
172 |
Voice |
G.729 A-law |
32 |
Views
ICMP/UDP echo operation view
UDP tracert operation view
Path jitter/UDP jitter/voice operation view
ICMP/UDP template view
Predefined user roles
network-admin
mdc-admin
Parameters
size: Specifies the payload size. Available value ranges include:
· 20 to 65507 bytes for the ICMP echo, UDP echo, or UDP tracert operation.
· 68 to 65507 bytes for the UDP jitter or path jitter operation.
· 16 to 65507 bytes for the voice operation.
Usage guidelines
In ICMP echo and path jitter operations, the command sets the payload size for each ICMP echo request.
In UDP echo, UDP jitter, UDP tracert, and voice operations, the command sets the payload size for each UDP packet.
Examples
# Set the payload size to 80 bytes for each ICMP echo request.
<Sysname> system-view
[Sysname] nqa entry admin test
[Sysname-nqa-admin-test] type icmp-echo
[Sysname-nqa-admin-test-icmp-echo] data-size 80
# In ICMP template view, set the payload size to 80 bytes for each probe packet.
<Sysname> system-view
[Sysname] nqa template icmp icmptplt
[Sysname-nqatplt-icmp-icmptplt] data-size 80
description
Use description to configure a description for an NQA operation, such as the operation type or purpose.
Use undo description to restore the default.
Syntax
description text
undo description
Default
No description is configured for an NQA operation.
Views
Any NQA operation view
Any NQA template view
Predefined user roles
network-admin
mdc-admin
Parameters
text: Specifies a description, a case-sensitive string of 1 to 200 characters.
Examples
# Configure the description as icmp-probe for the ICMP echo operation.
<Sysname> system-view
[Sysname] nqa entry admin test
[Sysname-nqa-admin-test] type icmp-echo
[Sysname-nqa-admin-test-icmp-echo] description icmp-probe
# In ICMP template view, configure the description as icmp-probe for the NQA operation.
<Sysname> system-view
[Sysname] nqa template icmp icmptplt
[Sysname-nqatplt-icmp-icmptplt] description icmp-probe
destination host
Use destination host to configure the destination host name for the operation.
Use undo destination host to restore the default.
Syntax
destination host host-name
undo destination host
Default
No destination host name is configured for the operation.
Views
UDP tracert operation view
Predefined user roles
network-admin
mdc-admin
Parameters
host-name: Specifies the destination host name, a case-sensitive string of 1 to 254 characters. The host name can contain letters, digits, hyphens (-), underscores (_), and dots (.), but consecutive dots (.) are not allowed. If the host name is a series of dot-separated labels, each label can contain a maximum of 63 characters.
Usage guidelines
This command is available in Release 1138P01 and later versions.
Examples
# Specify www.test.com as the destination host name for the UDP tracert operation.
<Sysname> system-view
[Sysname] nqa entry admin test
[Sysname-nqa-admin-test] type udp-tracert
[Sysname-nqa-admin-test-udp-tracert] destination host www.test.com
destination ip
Use destination ip to configure the destination IP address for the operation.
Use undo destination ip to restore the default.
Syntax
destination ip ip-address
undo destination ip
Default
No destination IP address is configured for an operation.
Views
ICMP echo/TCP/UDP echo operation view
DHCP/DLSw/DNS/FTP/HTTP/SNMP operation view
UDP tracert operation view
ICMP jitter/path jitter/UDP jitter/voice operation view
DNS/ICMP/SSL/TCP/TCP half open/UDP template view
Predefined user roles
network-admin
mdc-admin
Parameters
ip-address: Specifies the destination IP address for the operation.
Examples
# Specify 10.1.1.1 as the destination IP address for the ICMP echo operation.
<Sysname> system-view
[Sysname] nqa entry admin test
[Sysname-nqa-admin-test] type icmp-echo
[Sysname-nqa-admin-test-icmp-echo] destination ip 10.1.1.1
# In ICMP template view, specify 10.1.1.1 as the destination IP address for the ICMP echo operation.
<Sysname> system-view
[Sysname] nqa template icmp icmptplt
[Sysname-nqatplt-icmp-icmptplt] destination ip 10.1.1.1
destination port
Use destination port to configure the destination port number for the operation.
Use undo destination port to restore the default.
Syntax
destination port port-number
undo destination port
Default
The destination port number is 33434 for the UDP tracert operation.
The destination port numbers for the operations that use the following NQA templates are:
· 53 for the DNS template.
· 21 for the FTP template.
· 80 for the HTTP template.
· 443 for the HTTPS template.
No destination port number is configured for other types of operations.
Views
TCP/UDP echo operation view
UDP tracert operation view
UDP jitter/voice operation view
DNS/SSL/TCP/UDP template view
Predefined user roles
network-admin
mdc-admin
Parameters
port-number: Specifies the destination port number for the operation, in the range of 1 to 65535.
Examples
# Set the destination port number to 9000 for the UDP echo operation.
<Sysname> system-view
[Sysname] nqa entry admin test
[Sysname-nqa-admin-test] type udp-echo
[Sysname-nqa-admin-test-udp-echo] destination port 9000
# In TCP template view, set the destination port number to 9000 for the NQA operation.
<Sysname> system-view
[Sysname] nqa template tcp tcptplt
[Sysname-nqatplt-tcp-tcptplt] destination port 9000
display nqa history
Use display nqa history to display the history records of NQA operations.
Syntax
display nqa history [ admin-name operation-tag ]
Views
Any view
Predefined user roles
network-admin
network-operator
mdc-admin
mdc-operator
Parameters
admin-name operation-tag: Specifies an NQA operation by its administrator name and operation tag. The admin-name argument represents the name of the administrator who creates the NQA operation. The operation-tag argument represents the operation tag. Each of the arguments is a case-insensitive string of 1 to 32 characters that cannot contain hyphens (-). If you do not specify an NQA operation, the command displays the history records of all NQA operations.
Usage guidelines
The display nqa history command does not display the results or statistics of the following operations:
· ICMP jitter.
· Path jitter.
· UDP jitter.
· Voice.
To view the results or statistics of the ICMP jitter, path jitter, UDP jitter, and voice operations, use the display nqa result or display nqa statistics command.
Examples
# Display the history records of the UDP tracert operation with the administrator name administrator and the operation tag tracert.
<Sysname> display nqa history administrator tracert
NQA entry (admin administrator, tag tracert) history records:
Index TTL Response Hop IP Status Time
1 2 328 4.1.1.1 Succeeded 2013-09-09 14:46:06.2
1 2 328 4.1.1.1 Succeeded 2013-09-09 14:46:05.2
1 2 328 4.1.1.1 Succeeded 2013-09-09 14:46:04.2
1 1 328 3.1.1.2 Succeeded 2013-09-09 14:46:03.2
1 1 328 3.1.1.1 Succeeded 2013-09-09 14:46:02.2
1 1 328 3.1.1.1 Succeeded 2013-09-09 14:46:01.2
# Display the history records of the NQA operation with the administrator name administrator and the operation tag test.
<Sysname> display nqa history administrator test
NQA entry (admin administrator, tag test) history records:
Index Response Status Time
10 329 Succeeded 2011-04-29 20:54:26.5
9 344 Succeeded 2011-04-29 20:54:26.2
8 328 Succeeded 2011-04-29 20:54:25.8
7 328 Succeeded 2011-04-29 20:54:25.5
6 328 Succeeded 2011-04-29 20:54:25.1
5 328 Succeeded 2011-04-29 20:54:24.8
4 328 Succeeded 2011-04-29 20:54:24.5
3 328 Succeeded 2011-04-29 20:54:24.1
2 328 Succeeded 2011-04-29 20:54:23.8
1 328 Succeeded 2011-04-29 20:54:23.4
Table 38 Command output
Field |
Description |
Index |
History record ID. The history records in one UDP tracert operation have the same ID. |
TTL |
TTL value in the probe packet. |
Response |
Round-trip time if the operation succeeds, timeout time upon timeout, or 0 if the operation cannot be completed, in milliseconds. |
Hop IP |
IP address of the node that sent the reply packet. |
Status |
Status of the operation result: · Succeeded. · Unknown error. · Internal error. · Timeout. |
Time |
Time when the operation was completed. |
display nqa reaction counters
Use display nqa reaction counters to display the current monitoring results of reaction entries.
Syntax
display nqa reaction counters [ admin-name operation-tag [ item-number ] ]
Views
Any view
Predefined user roles
network-admin
network-operator
mdc-admin
mdc-operator
Parameters
admin-name operation-tag: Specifies an NQA operation by its administrator name and operation tag. The admin-name argument represents the name of the administrator who creates the NQA operation. The operation-tag argument represents the operation tag. Each of the arguments is a case-insensitive string of 1 to 32 characters that cannot contain hyphens (-). If you do not specify an NQA operation, the command displays the current monitoring results of reaction entries for all NQA operations.
item-number: Specifies a reaction entry by its ID in the range of 1 to 10. If you do not specify a reaction entry, the command displays the results of all reaction entries.
Usage guidelines
The result fields display hyphens (-) in one of the following conditions:
· The threshold type is the average value.
· The monitored performance metric is ICPIF or MOS of the voice operation.
The monitoring results of an operation are accumulated, and are not cleared after the operation completes.
Examples
# Display the monitoring results of all reaction entries of the ICMP echo operation with the administrator name admin and the operation tag test.
<Sysname> display nqa reaction counters admin test
NQA entry (admin admin, tag test) reaction counters:
Index Checked Element Threshold Type Checked Num Over-threshold Num
1 probe-duration accumulate 12 4
2 probe-duration average - -
3 probe-duration consecutive 160 56
4 probe-fail accumulate 12 0
5 probe-fail consecutive 162 2
Table 39 Command output
Field |
Description |
Index |
ID of a reaction entry. |
Checked Element |
Monitored performance metric. The available performance metrics vary by NQA operation type. For more information, see Table 40 and Table 41. |
Threshold Type |
Threshold type. |
Checked Num |
Number of targets that have been monitored for data collection. |
Over-threshold Num |
Number of threshold violations. |
Monitored performance metric |
Threshold type |
Collect data in |
Checked Num |
Over-threshold Num |
probe-duration |
accumulate |
Probes after the operation starts. |
Number of completed probes. |
Number of probes with duration exceeding the threshold. |
average |
N/A |
N/A |
N/A |
|
consecutive |
Probes after the operation starts. |
Number of completed probes. |
Number of probes with duration exceeding the threshold. |
|
probe-fail |
accumulate |
Probes after the operation starts. |
Number of completed probes. |
Number of probe failures. |
consecutive |
Probes after the operation starts. |
Number of completed probes. |
Number of probe failures. |
Table 41 Monitored performance metrics for ICMP jitter/UDP jitter/voice operations
Monitored performance metric |
Threshold type |
Collect data in |
Checked Num |
Over-threshold Num |
RTT |
accumulate |
Packets sent after the operation starts. |
Number of sent packets. |
Number of packets with round-trip time exceeding threshold. |
average |
N/A |
N/A |
N/A |
|
jitter-DS/jitter-SD |
accumulate |
Packets sent after the operation starts. |
Number of sent packets. |
Number of packets with the one-way jitter exceeding the threshold. |
average |
N/A |
N/A |
N/A |
|
OWD-DS/OWD-SD |
N/A |
Packets sent after the operation starts. |
Number of sent packets. |
Number of packets with the one-way delay exceeding the threshold. |
packet-loss |
accumulate |
Packets sent after the operation starts. |
Number of sent packets. |
Total packet loss. |
ICPIF/MOS (available only for the voice operation) |
N/A |
N/A |
N/A |
N/A |
display nqa result
Use display nqa result to display the most recent result of the specified NQA operation.
Syntax
display nqa result [ admin-name operation-tag ]
Views
Any view
Predefined user roles
network-admin
network-operator
mdc-admin
mdc-operator
Parameters
admin-name operation-tag: Specifies an NQA operation by its administrator name and operation tag. The admin-name argument represents the name of the administrator who creates the NQA operation. The operation-tag argument represents the operation tag. Each of the arguments is a case-insensitive string of 1 to 32 characters that cannot contain hyphens (-). If you do not specify an NQA operation, the command displays the most recent results of all NQA operations.
Examples
# Display the most recent result of the TCP operation with the administrator name admin and the operation tag test.
<Sysname> display nqa result admin test
NQA entry (admin admin, tag test) test results:
Send operation times: 1 Receive response times: 1
Min/Max/Average round trip time: 35/35/35
Square-Sum of round trip time: 1225
Last succeeded probe time: 2011-05-29 10:50:33.2
Extended results:
Packet loss ratio: 0%
Failures due to timeout: 0
Failures due to disconnect: 0
Failures due to no connection: 0
Failures due to internal error: 0
Failures due to other errors: 0
# Display the most recent result of the ICMP jitter operation with the administrator name admin and the operation tag test.
<Sysname> display nqa result admin test
NQA entry (admin admin, tag test) test results:
Send operation times: 10 Receive response times: 10
Min/Max/Average round trip time: 1/2/1
Square-Sum of round trip time: 13
Last packet received time: 2015-03-09 17:40:29.8
Extended results:
Packet loss ratio: 0%
Failures due to timeout: 0
Failures due to internal error: 0
Failures due to other errors: 0
Packets out of sequence: 0
Packets arrived late: 0
ICMP-jitter results:
RTT number: 10
Min positive SD: 0 Min positive DS: 0
Max positive SD: 0 Max positive DS: 0
Positive SD number: 0 Positive DS number: 0
Positive SD sum: 0 Positive DS sum: 0
Positive SD average: 0 Positive DS average: 0
Positive SD square-sum: 0 Positive DS square-sum: 0
Min negative SD: 1 Min negative DS: 2
Max negative SD: 1 Max negative DS: 2
Negative SD number: 1 Negative DS number: 1
Negative SD sum: 1 Negative DS sum: 2
Negative SD average: 1 Negative DS average: 2
Negative SD square-sum: 1 Negative DS square-sum: 4
One way results:
Max SD delay: 1 Max DS delay: 2
Min SD delay: 1 Min DS delay: 2
Number of SD delay: 1 Number of DS delay: 1
Sum of SD delay: 1 Sum of DS delay: 2
Square-Sum of SD delay: 1 Square-Sum of DS delay: 4
Lost packets for unknown reason: 0
# Display the most recent result of the UDP jitter operation with the administrator name admin and the operation tag test.
<Sysname> display nqa result admin test
NQA entry (admin admin, tag test) test results:
Send operation times: 10 Receive response times: 10
Min/Max/Average round trip time: 15/46/26
Square-Sum of round trip time: 8103
Last packet received time: 2011-05-29 10:56:38.7
Extended results:
Packet loss ratio: 0%
Failures due to timeout: 0
Failures due to internal error: 0
Failures due to other errors: 0
Packets out of sequence: 0
Packets arrived late: 0
UDP-jitter results:
RTT number: 10
Min positive SD: 8 Min positive DS: 8
Max positive SD: 18 Max positive DS: 8
Positive SD number: 5 Positive DS number: 2
Positive SD sum: 75 Positive DS sum: 32
Positive SD average: 15 Positive DS average: 16
Positive SD square-sum: 1189 Positive DS square-sum: 640
Min negative SD: 8 Min negative DS: 1
Max negative SD: 24 Max negative DS: 30
Negative SD number: 4 Negative DS number: 7
Negative SD sum: 56 Negative DS sum: 99
Negative SD average: 14 Negative DS average: 14
Negative SD square-sum: 946 Negative DS square-sum: 1495
One way results:
Max SD delay: 22 Max DS delay: 23
Min SD delay: 7 Min DS delay: 7
Number of SD delay: 10 Number of DS delay: 10
Sum of SD delay: 125 Sum of DS delay: 132
Square-Sum of SD delay: 1805 Square-Sum of DS delay: 1988
SD lost packets: 0 DS lost packets: 0
Lost packets for unknown reason: 0
# Display the most recent result of the voice operation with the administrator name admin and the operation tag test.
<Sysname> display nqa result admin test
NQA entry (admin admin, tag test) test results:
Send operation times: 1000 Receive response times: 0
Min/Max/Average round trip time: 0/0/0
Square-Sum of round trip time: 0
Last packet received time: 0-00-00 00:00:00.0
Extended results:
Packet loss ratio: 100%
Failures due to timeout: 1000
Failures due to internal error: 0
Failures due to other errors: 0
Packets out of sequence: 0
Packets arrived late: 0
Voice results:
RTT number: 0
Min positive SD: 0 Min positive DS: 0
Max positive SD: 0 Max positive DS: 0
Positive SD number: 0 Positive DS number: 0
Positive SD sum: 0 Positive DS sum: 0
Positive SD average: 0 Positive DS average: 0
Positive SD square-sum: 0 Positive DS square-sum: 0
Min negative SD: 0 Min negative DS: 0
Max negative SD: 0 Max negative DS: 0
Negative SD number: 0 Negative DS number: 0
Negative SD sum: 0 Negative DS sum: 0
Negative SD average: 0 Negative DS average: 0
Negative SD square-sum: 0 Negative DS square-sum: 0
One way results:
Max SD delay: 0 Max DS delay: 0
Min SD delay: 0 Min DS delay: 0
Number of SD delay: 0 Number of DS delay: 0
Sum of SD delay: 0 Sum of DS delay: 0
Square-Sum of SD delay: 0 Square-Sum of DS delay: 0
SD lost packets: 0 DS lost packets: 0
Lost packets for unknown reason: 1000
Voice scores:
MOS value: 0.99 ICPIF value: 87
# Display the most recent result of the path jitter operation with the administrator name admin and the operation tag test.
<Sysname> display nqa result admin test
NQA entry (admin admin, tag test) test results:
Hop IP 192.168.40.210
Basic Results:
Send operation times: 10
Receive response times: 10
Min/Max/Average round trip time: 1/1/1
Square-Sum of round trip time: 10
Extended Results:
Packet loss ratio: 0%
Failures due to timeout: 0
Failures due to internal error: 0
Failures due to other errors: 0
Packets out of sequence: 0
Packets arrived late: 0
Path-Jitter Results:
Jitter number: 9
Min/Max/Average jitter: 0/0/0
Positive jitter number: 0
Min/Max/Average positive jitter: 0/0/0
Sum/Square-Sum positive jitter: 0/0
Negative jitter number: 0
Min/Max/Average negative jitter: 0/0/0
Sum/Square-Sum negative jitter: 0/0
Hop IP 192.168.50.209
Basic Results:
Send operation times: 10
Receive response times: 10
Min/Max/Average round trip time: 1/1/1
Square-Sum of round trip time: 10
Extended Results:
Packet loss ratio: 0%
Failures due to timeout: 0
Failures due to internal error: 0
Failures due to other errors: 0
Packets out of sequence: 0
Packets arrived late: 0
Path-Jitter Results:
Jitter number: 9
Min/Max/Average jitter: 0/0/0
Positive jitter number: 0
Min/Max/Average positive jitter: 0/0/0
Sum/Square-Sum positive jitter: 0/0
Negative jitter number: 0
Min/Max/Average negative jitter: 0/0/0
Sum/Square-Sum negative jitter: 0/0
# Display the most recent result of the UDP tracert operation with the administrator name admin and the operation tag test.
<Sysname> display nqa result admin test
NQA entry (admin admin, tag test) test results:
Send operation times: 6 Receive response times: 6
Min/Max/Average round trip time: 35/35/35
Square-Sum of round trip time: 1225
Last succeeded probe time: 2013-09-09 14:23:24.5
Extended results:
Packet loss ratio: 0%
Failures due to timeout: 0
Failures due to internal error: 0
Failures due to other errors: 0
UDP-tracert results:
TTL Hop IP Time
1 3.1.1.1 2013-09-09 14:23:24.5
2 4.1.1.1 2013-09-09 14:23:24.5
Table 42 Command output
Field |
Description |
Data collecting in progress |
The operation is in progress. |
Send operation times |
Number of operations. |
Receive response times |
Number of response packets received. |
Min/Max/Average round trip time |
Minimum/maximum/average round-trip time in milliseconds. |
Square-Sum of round trip time |
Square sum of round-trip time. |
Last succeeded probe time |
Time when the last successful probe was completed. If no probes are successful in an operation, the field displays 0. This field is not available for UDP jitter, path jitter, and voice operations. |
Last packet received time |
Time when the last response packet was received. If no response packets in a probe were received, the field displays 0. This field is available only for UDP jitter and voice operations. |
Packet loss ratio |
Average packet loss ratio. |
Failures due to timeout |
Number of timeout occurrences in an operation. |
Failures due to disconnect |
Number of disconnections by the peer. |
Failures due to no connection |
Number of failures to connect with the peer. |
Failures due to internal error |
Number of failures due to internal errors. |
Failures due to other errors |
Failures due to other errors. |
Packets out of sequence |
Number of failures due to out-of-sequence packets. |
ICMP-jitter results |
ICMP jitter operation results. This field is available only for the ICMP jitter operation. |
Packets arrived late |
Number of response packets received after a probe times out. |
UDP-jitter results |
UDP jitter operation results. This field is available only for the UDP jitter operation. |
Voice results |
Voice operation results. This field is available only for the voice operation. |
RTT number |
Number of response packets received. |
Min positive SD |
Minimum positive jitter from source to destination. |
Min positive DS |
Minimum positive jitter from destination to source. |
Max positive SD |
Maximum positive jitter from source to destination. |
Max positive DS |
Maximum positive jitter from destination to source. |
Positive SD number |
Number of positive jitters from source to destination. |
Positive DS number |
Number of positive jitters from destination to source. |
Positive SD sum |
Sum of positive jitters from source to destination. |
Positive DS sum |
Sum of positive jitters from destination to source. |
Positive SD average |
Average positive jitters from source to destination. |
Positive DS average |
Average positive jitters from destination to source. |
Positive SD square-sum |
Square sum of positive jitters from source to destination. |
Positive DS square-sum |
Square sum of positive jitters from destination to source. |
Min negative SD |
Minimum absolute value among negative jitters from source to destination. |
Min negative DS |
Minimum absolute value among negative jitters from destination to source. |
Max negative SD |
Maximum absolute value among negative jitters from source to destination. |
Max negative DS |
Maximum absolute value among negative jitters from destination to source. |
Negative SD number |
Number of negative jitters from source to destination. |
Negative DS number |
Number of negative jitters from destination to source. |
Negative SD sum |
Sum of absolute values of negative jitters from source to destination. |
Negative DS sum |
Sum of absolute values of negative jitters from destination to source. |
Negative SD average |
Average absolute value of negative jitters from source to destination. |
Negative DS average |
Average absolute value of negative jitters from destination to source. |
Negative SD square-sum |
Square sum of negative jitters from source to destination. |
Negative DS square-sum |
Square sum of negative jitters from destination to source. |
One way results |
Unidirectional delay. This field is available only for the ICMP jitter, UDP jitter, and voice operations. |
Max SD delay |
Maximum delay from source to destination. |
Max DS delay |
Maximum delay from destination to source. |
Min SD delay |
Minimum delay from source to destination. |
Min DS delay |
Minimum delay from destination to source. |
Number of SD delay |
Number of delays from source to destination. |
Number of DS delay |
Number of delays from destination to source. |
Sum of SD delay |
Sum of delays from source to destination. |
Sum of DS delay |
Sum of delays from destination to source. |
Square-Sum of SD delay |
Square sum of delays from source to destination. |
Square-Sum of DS delay |
Square sum of delays from destination to source. |
SD lost packets |
Number of lost packets from the source to the destination. |
DS lost packets |
Number of lost packets from the destination to the source. |
Lost packets for unknown reason |
Number of lost packets for unknown reasons. |
Voice scores |
Voice parameters. This field is available only for the voice operation. |
MOS value |
MOS value calculated for the voice operation. |
ICPIF value |
ICPIF value calculated for the voice operation. |
Hop IP |
IP address of the hop. This field is available only for the path jitter operation. |
Path-jitter results |
Path jitter operation results. This field is available only for the path jitter operation. |
Jitter number |
Number of jitters. This field is available only for the path jitter operation. |
Min/Max/Average jitter |
Minimum/maximum/average jitter in milliseconds. This field is available only for the path jitter operation. |
Positive jitter number |
Number of positive jitter. This field is available only for the path jitter operation. |
Min/Max/Average positive jitter |
Minimum/maximum/average positive jitter in milliseconds. This field is available only for the path jitter operation. |
Sum/Square-Sum positive jitter |
Sum/square sum of the positive jitter. This field is available only for the path jitter operation. |
Negative jitter number |
Number of negative jitter. This field is available only for the path jitter operation. |
Min/Max/Average negative jitter |
Minimum/maximum/average negative jitter in milliseconds. This field is available only for the path jitter operation. |
Sum/Square-Sum negative jitter |
Sum/square sum of the negative jitter. This field is available only for the path jitter operation. |
TTL |
TTL value in the received reply packet. |
Hop IP |
IP address of the node that sent the reply packet. |
Time |
Time when the NQA client received the reply packet. |
display nqa statistics
Use display nqa statistics to display NQA operation statistics.
Syntax
display nqa statistics [ admin-name operation-tag ]
Views
Any view
Predefined user roles
network-admin
network-operator
mdc-admin
mdc-operator
Parameters
admin-name operation-tag: Specifies an NQA operation by its administrator name and operation tag. The admin-name argument represents the name of the administrator who creates the NQA operation. The operation-tag argument represents the operation tag. Each of the arguments is a case-insensitive string of 1 to 32 characters that cannot contain hyphens (-). If you do not specify an NQA operation, the command displays statistics for all NQA operations.
Usage guidelines
The statistics are generated after the NQA operation completes. If you execute the display nqa statistics command before the operation completes, the statistics are displayed as all 0s.
If a reaction entry is configured, the command displays the monitoring results of the reaction entry in the period specified by the statistics internal command. The result fields display hyphens (-) in one of the following conditions:
· The threshold type is average value.
· The monitored performance metric is ICPIF or MOS for the voice operation.
Examples
# Display the statistics for the TCP operation with the administrator name admin and the operation tag test.
<Sysname> display nqa statistics admin test
NQA entry (admin admin, tag test) test statistics:
NO. : 1
Start time: 2007-01-01 09:30:20.0
Life time: 2 seconds
Send operation times: 1 Receive response times: 1
Min/Max/Average round trip time: 13/13/13
Square-Sum of round trip time: 169
Extended results:
Packet loss ratio: 0%
Failures due to timeout: 0
Failures due to disconnect: 0
Failures due to no connection: 0
Failures due to internal error: 0
Failures due to other errors: 0
# Display the statistics for the ICMP jitter operation with the administrator name admin and the operation tag test.
<Sysname> display nqa statistics admin test
NQA entry (admin admin, tag test) test statistics:
NO. : 1
Start time: 2015-03-09 17:42:10.7
Life time: 156 seconds
Send operation times: 1560 Receive response times: 1560
Min/Max/Average round trip time: 1/2/1
Square-Sum of round trip time: 1563
Extended results:
Packet loss ratio: 0%
Failures due to timeout: 0
Failures due to internal error: 0
Failures due to other errors: 0
Packets out of sequence: 0
Packets arrived late: 0
ICMP-jitter results:
RTT number: 1560
Min positive SD: 1 Min positive DS: 1
Max positive SD: 1 Max positive DS: 2
Positive SD number: 18 Positive DS number: 46
Positive SD sum: 18 Positive DS sum: 49
Positive SD average: 1 Positive DS average: 1
Positive SD square-sum: 18 Positive DS square-sum: 55
Min negative SD: 1 Min negative DS: 1
Max negative SD: 1 Max negative DS: 2
Negative SD number: 24 Negative DS number: 57
Negative SD sum: 24 Negative DS sum: 58
Negative SD average: 1 Negative DS average: 1
Negative SD square-sum: 24 Negative DS square-sum: 60
One way results:
Max SD delay: 1 Max DS delay: 2
Min SD delay: 1 Min DS delay: 1
Number of SD delay: 4 Number of DS delay: 4
Sum of SD delay: 4 Sum of DS delay: 5
Square-Sum of SD delay: 4 Square-Sum of DS delay: 7
Lost packets for unknown reason: 0
Reaction statistics:
Index Checked Element Threshold Type Checked Num Over-threshold Num
1 jitter-DS accumulate 1500 10
2 jitter-SD average - -
3 OWD-DS - 1560 2
4 OWD-SD - 1560 0
5 packet-loss accumulate 0 0
6 RTT accumulate 1560 0
# Display the statistics for the UDP jitter operation with the administrator name admin and the operation tag test.
<Sysname> display nqa statistics admin test
NQA entry (admin admin, tag test) test statistics:
NO. : 1
Start time: 2007-01-01 09:33:22.3
Life time: 23 seconds
Send operation times: 100 Receive response times: 100
Min/Max/Average round trip time: 1/11/5
Square-Sum of round trip time: 24360
Extended results:
Packet loss ratio: 0%
Failures due to timeout: 0
Failures due to internal error: 0
Failures due to other errors: 0
Packets out of sequence: 0
Packets arrived late: 0
UDP-jitter results:
RTT number: 550
Min positive SD: 1 Min positive DS: 1
Max positive SD: 7 Max positive DS: 1
Positive SD number: 220 Positive DS number: 97
Positive SD sum: 283 Positive DS sum: 287
Positive SD average: 1 Positive DS average: 2
Positive SD square-sum: 709 Positive DS square-sum: 1937
Min negative SD: 2 Min negative DS: 1
Max negative SD: 10 Max negative DS: 1
Negative SD number: 81 Negative DS number: 94
Negative SD sum: 556 Negative DS sum: 191
Negative SD average: 6 Negative DS average: 2
Negative SD square-sum: 4292 Negative DS square-sum: 967
One way results:
Max SD delay: 5 Max DS delay: 5
Min SD delay: 1 Min DS delay: 1
Number of SD delay: 550 Number of DS delay: 550
Sum of SD delay: 1475 Sum of DS delay: 1201
Square-Sum of SD delay: 5407 Square-Sum of DS delay: 3959
SD lost packets: 0 DS lost packets: 0
Lost packets for unknown reason: 0
Reaction statistics:
Index Checked Element Threshold Type Checked Num Over-threshold Num
1 jitter-DS accumulate 90 25
2 jitter-SD average - -
3 OWD-DS - 100 24
4 OWD-SD - 100 13
5 packet-loss accumulate 0 0
6 RTT accumulate 100 52
# Display the statistics for the voice operation with the administrator name admin and the operation tag test.
<Sysname> display nqa statistics admin test
NQA entry (admin admin, tag test) test statistics:
NO. : 1
Start time: 2007-01-01 09:33:45.3
Life time: 120 seconds
Send operation times: 10 Receive response times: 10
Min/Max/Average round trip time: 1/12/7
Square-Sum of round trip time: 620
Extended results:
Packet loss ratio: 0%
Failures due to timeout: 0
Failures due to internal error: 0
Failures due to other errors: 0
Packets out of sequence: 0
Packets arrived late: 0
Voice results:
RTT number: 10
Min positive SD: 3 Min positive DS: 1
Max positive SD: 10 Max positive DS: 1
Positive SD number: 3 Positive DS number: 2
Positive SD sum: 18 Positive DS sum: 2
Positive SD average: 6 Positive DS average: 1
Positive SD square-sum: 134 Positive DS square-sum: 2
Min negative SD: 3 Min negative DS: 1
Max negative SD: 9 Max negative DS: 1
Negative SD number: 4 Negative DS number: 2
Negative SD sum: 25 Negative DS sum: 2
Negative SD average: 6 Negative DS average: 1
Negative SD square-sum: 187 Negative DS square-sum: 2
One way results:
Max SD delay: 0 Max DS delay: 0
Min SD delay: 0 Min DS delay: 0
Number of SD delay: 0 Number of DS delay: 0
Sum of SD delay: 0 Sum of DS delay: 0
Square-Sum of SD delay: 0 Square-Sum of DS delay: 0
SD lost packets: 0 DS lost packets: 0
Lost packets for unknown reason: 0
Voice scores:
Max MOS value: 4.40 Min MOS value: 4.40
Max ICPIF value: 0 Min ICPIF value: 0
Reaction statistics:
Index Checked Element Threshold Type Checked Num Over-threshold Num
1 ICPIF - - -
2 MOS - - -
# Display the statistics for the path jitter operation with the administrator name admin and the operation tag test.
<Sysname> display nqa statistics admin test
NQA entry (admin admin, tag test) test statistics:
NO. : 1
Path 1:
Hop IP 192.168.40.210
Basic Results:
Send operation times: 10
Receive response times: 10
Min/Max/Average round trip time: 1/1/1
Square-Sum of round trip time: 10
Extended Results:
Packet loss ratio: 0%
Failures due to timeout: 0
Failures due to internal error: 0
Failures due to other errors: 0
Packets out of sequence: 0
Packets arrived late: 0
Path-Jitter Results:
Jitter number: 9
Min/Max/Average jitter: 0/0/0
Positive jitter number: 0
Min/Max/Average positive jitter: 0/0/0
Sum/Square-Sum positive jitter: 0/0
Negative jitter number: 0
Min/Max/Average negative jitter: 0/0/0
Sum/Square-Sum negative jitter: 0/0
Hop IP 192.168.50.209
Basic Results:
Send operation times: 10
Receive response times: 10
Min/Max/Average round trip time: 1/1/1
Square-Sum of round trip time: 10
Extended Results:
Packet loss ratio: 0%
Failures due to timeout: 0
Failures due to internal error: 0
Failures due to other errors: 0
Packets out of sequence: 0
Packets arrived late: 0
Path-Jitter Results:
Jitter number: 9
Min/Max/Average jitter: 0/0/0
Positive jitter number: 0
Min/Max/Average positive jitter: 0/0/0
Sum/Square-Sum positive jitter: 0/0
Negative jitter number: 0
Min/Max/Average negative jitter: 0/0/0
Sum/Square-Sum negative jitter: 0/0
Table 43 Command output
Field |
Description |
No. |
Statistics group ID. |
Start time |
Time when the operation started. |
Life time |
Duration of the operation in seconds. |
Send operation times |
Number of probe packets sent. |
Receive response times |
Number of response packets received. |
Min/Max/Average round trip time |
Minimum/maximum/average round-trip time in milliseconds. |
Square-Sum of round trip time |
Square sum of round-trip time. |
Packet loss ratio |
Average packet loss ratio. |
Failures due to timeout |
Number of timeout occurrences in an operation. |
Failures due to disconnect |
Number of disconnections by the peer. |
Failures due to no connection |
Number of failures to connect with the peer. |
Failures due to internal error |
Number of failures due to internal errors. |
Failures due to other errors |
Failures due to other errors. |
Packets out of sequence |
Number of failures due to out-of-sequence packets. |
Packets arrived late |
Number of response packets received after a probe times out. |
ICMP-jitter results |
ICMP jitter operation results. This field is available only for the ICMP jitter operation. |
UDP-jitter results |
UDP jitter operation results. This field is available only for the UDP jitter operation. |
Voice results |
Voice operation results. This field is available only for the voice operation. |
RTT number |
Number of response packets received. |
Min positive SD |
Minimum positive jitter from source to destination. |
Min positive DS |
Minimum positive jitter from destination to source. |
Max positive SD |
Maximum positive jitter from source to destination. |
Max positive DS |
Maximum positive jitter from destination to source. |
Positive SD number |
Number of positive jitters from source to destination. |
Positive DS number |
Number of positive jitters from destination to source. |
Positive SD sum |
Sum of positive jitters from source to destination. |
Positive DS sum |
Sum of positive jitters from destination to source. |
Positive SD average |
Average positive jitters from source to destination. |
Positive DS average |
Average positive jitters from destination to source. |
Positive SD square-sum |
Square sum of positive jitters from source to destination. |
Positive DS square-sum |
Square sum of positive jitters from destination to source. |
Min negative SD |
Minimum absolute value among negative jitters from source to destination. |
Min negative DS |
Minimum absolute value among negative jitters from destination to source. |
Max negative SD |
Maximum absolute value among negative jitters from source to destination. |
Max negative DS |
Maximum absolute value among negative jitters from destination to source. |
Negative SD number |
Number of negative jitters from source to destination. |
Negative DS number |
Number of negative jitters from destination to source. |
Negative SD sum |
Sum of absolute values of negative jitters from source to destination. |
Negative DS sum |
Sum of absolute values of negative jitters from destination to source. |
Negative SD average |
Average absolute value of negative jitters from source to destination. |
Negative DS average |
Average absolute value of negative jitters from destination to source. |
Negative SD square-sum |
Square sum of negative jitters from source to destination. |
Negative DS square-sum |
Square sum of negative jitters from destination to source. |
One way results |
Unidirectional delay result. This field is available only for the ICMP jitter, UDP jitter, and voice operations. |
Max SD delay |
Maximum delay from source to destination. |
Max DS delay |
Maximum delay from destination to source. |
Min SD delay |
Minimum delay from source to destination. |
Min DS delay |
Minimum delay from destination to source. |
Number of SD delay |
Number of delays from source to destination. |
Number of DS delay |
Number of delays from destination to source. |
Sum of SD delay |
Sum of delays from source to destination. |
Sum of DS delay |
Sum of delays from destination to source. |
Square-Sum of SD delay |
Square sum of delays from source to destination. |
Square-Sum of DS delay |
Square sum of delays from destination to source. |
SD lost packets |
Number of lost packets from the source to the destination. |
DS lost packets |
Number of lost packets from the destination to the source. |
Lost packets for unknown reason |
Number of lost packets for unknown reasons. |
Voice scores |
Voice parameters. This field is available only for the voice operation. |
Max MOS value |
Maximum MOS value. |
Min MOS value |
Minimum MOS value. |
Max ICPIF value |
Maximum ICPIF value. |
Min ICPIF value |
Minimum ICPIF value. |
Reaction statistics |
Statistics about the reaction entry in the counting interval. |
Index |
ID of a reaction entry. |
Checked Element |
Monitored element. |
Threshold Type |
Threshold type. |
Checked Num |
Number of targets that have been monitored for data collection. |
Over-threshold Num |
Number of threshold violations. |
Path |
Serial number for the path in the path jitter operation. This field is available only for the path jitter operation. |
Hop IP |
IP address of the hop. This field is available only for the path jitter operation. |
Path-jitter results |
Path jitter operation results. This field is available only for the path jitter operation. |
Jitter number |
Number of jitters. This field is available only for the path jitter operation. |
Min/Max/Average jitter |
Minimum/maximum/average positive jitter in milliseconds. This field is available only for the path jitter operation. |
Positive jitter number |
Number of positive jitters. This field is available only for the path jitter operation. |
Min/Max/Average positive jitter |
Minimum/maximum/average positive jitter in milliseconds. This field is available only for the path jitter operation. |
Sum/Square-Sum positive jitter |
Sum/square sum of positive jitters. This field is available only for the path jitter operation. |
Negative jitter number |
Number of negative jitters. This field is available only for the path jitter operation. |
Min/Max/Average negative jitter |
Minimum/maximum/average negative jitter in milliseconds. This field is available only for the path jitter operation. |
Sum/Square-Sum negative jitter |
Sum/square sum of negative jitters. This field is available only for the path jitter operation. |
Table 44 Monitored performance metrics for DHCP/DLSw/DNS/FTP/HTTP/ICMP echo/SNMP/TCP/UDP echo operations
Monitored performance metric |
Threshold type |
Collect data in |
Checked Num |
Over-threshold Num |
probe-duration |
accumulate |
Probes in the counting interval. |
Number of completed probes. |
Number of probes of which the duration exceeds the threshold. |
average |
N/A |
N/A |
N/A |
|
consecutive |
Probes in the counting interval. |
Number of completed probes. |
Number of probes of which the duration exceeds the threshold. |
|
probe-fail |
accumulate |
Probes in the counting interval. |
Number of completed probes. |
Number of probe failures. |
consecutive |
Probes in the counting interval. |
Number of completed probes. |
Number of probe failures. |
Table 45 Monitored performance metrics for ICMP jitter/UDP jitter/voice operations
Monitored performance metric |
Threshold type |
Collect data in |
Checked Num |
Over-threshold Num |
RTT |
accumulate |
Packets sent in the counting interval. |
Number of sent packets. |
Number of packets of which the round-trip time exceeds the threshold. |
average |
N/A |
N/A |
N/A |
|
jitter-DS/jitter-SD |
accumulate |
Packets sent in the counting interval. |
Number of sent packets. |
Number of packets of which the one-way jitter exceeds the threshold. |
average |
N/A |
N/A |
N/A |
|
OWD-DS/OWD-SD |
N/A |
Packets sent in the counting interval. |
Number of sent packets. |
Number of packets of which the one-way delay exceeds the threshold. |
packet-loss |
accumulate |
Packets sent in the counting interval. |
Number of sent packets. |
Number of packet loss. |
ICPIF/MOS (available only for the voice operation) |
N/A |
N/A |
N/A |
N/A |
Related commands
statistics interval
expect data
Use expect data to configure the expected data.
Use undo expect data to restore the default.
Syntax
expect data expression [ offset number ]
undo expect data
Default
No expected data is configured.
Views
HTTP/HTTPS/TCP/UDP template view
Predefined user roles
network-admin
mdc-admin
Parameters
expression: Specifies the expected data, a case-sensitive string of 1 to 200 characters.
offset number: Specifies the offset in bytes after which the first match operation starts. The value range for the number argument is 0 to 1000, and the default value is 0. If you do not specify an offset, the match operation starts from the beginning byte of the payload.
Usage guidelines
Upon receiving a response packet, the NQA client examines the target payload for the expected data.
· If a match is found, the NQA client verifies the NQA destination device as legal.
· If no match is found, the NQA client looks up the entire payload for a match. If no match is found again, the NQA destination device is verified as illegal. The NQA client does not perform the second round if no offset is specified. It verifies the NQA destination as illegal directly if no match is found for the first round.
Expected data check takes place in the following conditions:
· For features that use the HTTP or HTTPS template, the NQA client checks for the expected data if the response contains the Content-Length header.
· For features that use the TCP or UDP template, the NQA client checks for the expected data if the data-fill command is configured.
The first five bytes of the UDP packet payload identify the probe packet type. The start byte of the offset is the sixth byte of the UDP payload.
Examples
# In HTTP template view, set the expected data to welcome!.
<Sysname> system-view
[Sysname] nqa template http httptplt
[Sysname-nqatplt-http-httptplt] expect data welcome!
expect ip
Use expect ip to specify the expected IP address.
Use undo expect ip to restore the default.
Syntax
expect ip ip-address
undo expect ip
Default
No expected IP address is specified.
Views
DNS template view
Predefined user roles
network-admin
mdc-admin
Parameters
ip-address: Specifies the expected IP address for a DNS echo request.
Usage guidelines
During a DNS operation, the NQA client compares the expected IP address with the IP address resolved by the DNS server. If they are the same, it considers the DNS server legal.
Examples
# In DNS template view, specify 1.1.1.1 as the expected IP address.
<Sysname> system-view
[Sysname] nqa template dns dnstplt
[Sysname-nqatplt-dns-dnstplt] expect ip 1.1.1.1
expect status
Use expect status to configure the expected status code.
Use undo expect status to restore the default.
Syntax
expect status status-list
undo expect status [ status-list ]
Default
No expected status code is configured.
Views
HTTP template view
HTTPS template view
Predefined user roles
network-admin
mdc-admin
Parameters
status-list: Specifies a space-separated list of up to 10 status code items. Each item specifies a status code or a range of status codes in the form of status-num 1 to status-num 2. The value ranges for both the status-num 1 and status-num 2 arguments are 0 to 999. The value for the status-num 2 argument must be equal to or greater than the value for the status-num 1 argument.
Usage guidelines
The status code of the HTTP or HTTPS packet is a three-digit field in decimal notation, and the code includes the server status information. The first digit defines the class of response.
Examples
# In HTTP template view, set the expected status codes to 200, 300, and 400 to 500.
<Sysname> system-view
[Sysname] nqa template http httptplt
[Sysname-nqatplt-http-httptplt] expect status 200 300 400 to 500
filename
Use filename to specify a file to be transferred between the FTP server and the FTP client.
Use undo filename to restore the default.
Syntax
filename filename
undo filename
Default
No file is specified.
Views
FTP operation view
FTP template view
Predefined user roles
network-admin
mdc-admin
Parameters
filename: Specifies the name of a file, a case-sensitive string of 1 to 200 characters that cannot contain slashes (/).
Examples
# Specify config.txt as the file to be transferred between the FTP server and the FTP client for the FTP operation.
<Sysname> system-view
[Sysname] nqa entry admin test
[Sysname-nqa-admin-test] type ftp
[Sysname-nqa-admin-test-ftp] filename config.txt
# In FTP template view, specify config.txt as the file to be transferred between the FTP server and the FTP client.
<Sysname> system-view
[Sysname] nqa template ftp ftptplt
[Sysname-nqatplt-ftp-ftptplt] filename config.txt
frequency
Use frequency to specify the interval at which the NQA operation repeats.
Use undo frequency to restore the default.
Syntax
frequency interval
undo frequency
Default
In NQA operation view, the interval between two consecutive voice or path jitter operations is 60000 milliseconds. The interval between two consecutive operations of other types is 0 milliseconds.
In NQA template view, the interval between two consecutive operations is 5000 milliseconds.
Views
ICMP echo/TCP/UDP echo operation view
DHCP/DLSw/DNS/FTP/HTTP/SNMP operation view
UDP tracert operation view
ICMP jitter/path jitter/UDP jitter/voice operation view
Any NQA template view
Predefined user roles
network-admin
mdc-admin
Parameters
interval: Specifies the interval between two consecutive operations, in the range of 0 to 604800000 milliseconds. An interval of 0 milliseconds configures NQA to perform the operation only once, and not to generate any statistics.
Usage guidelines
If an operation is not completed when the interval is reached, the next operation does not start.
Examples
# Configure the ICMP echo operation to repeat every 1000 milliseconds.
<Sysname> system-view
[Sysname] nqa entry admin test
[Sysname-nqa-admin-test] type icmp-echo
[Sysname-nqa-admin-test-icmp-echo] frequency 1000
# In DNS template view, configure the DNS operation to repeat every 1000 milliseconds.
<Sysname> system-view
[Sysname] nqa template dns dnstplt
[Sysname-nqatplt-dns-dnstplt] frequency 1000
history-record enable
Use history-record enable to enable the saving of history records for the NQA operation.
Use undo history-record enable to disable the saving of history records.
Syntax
history-record enable
undo history-record enable
Default
The saving of history records is enabled only for the UDP tracert operation.
Views
ICMP echo/TCP/UDP echo operation view
DHCP/DLSw/DNS/FTP/HTTP/SNMP operation view
UDP tracert operation view
Predefined user roles
network-admin
mdc-admin
Usage guidelines
To display the history records of the NQA operation, use the display nqa history command.
The undo form of the command also removes existing history records of an NQA operation.
Examples
# Enable the saving of history records for the NQA operation.
<Sysname> system-view
[Sysname] nqa entry admin test
[Sysname-nqa-admin-test] type icmp-echo
[Sysname-nqa-admin-test-icmp-echo] history-record enable
Related commands
display nqa history
history-record keep-time
Use history-record keep-time to set the lifetime of history records for an NQA operation.
Use undo history-record keep-time to restore the default.
Syntax
history-record keep-time keep-time
undo history-record keep-time
Default
The history records of an NQA operation are kept for 120 minutes.
Views
ICMP echo/TCP/UDP echo operation view
DHCP/DLSw/DNS/FTP/HTTP/SNMP operation view
UDP tracert operation view
Predefined user roles
network-admin
mdc-admin
Parameters
keep-time: Specifies how long the history records can be saved. The value range is 1 to 1440 minutes.
Usage guidelines
When an NQA operation completes, the timer starts. All records are removed when the lifetime is reached.
Examples
# Set the lifetime of the history records to 100 minutes for the ICMP echo operation.
<Sysname> system-view
[Sysname] nqa entry admin test
[Sysname-nqa-admin-test] type icmp-echo
[Sysname-nqa-admin-test-icmp-echo] history-record keep-time 100
history-record number
Use history-record number to set the maximum number of history records that can be saved for an NQA operation.
Use undo history-record number to restore the default.
Syntax
history-record number number
undo history-record number
Default
A maximum of 50 history records can be saved for an NQA operation.
Views
ICMP echo/TCP/UDP echo operation view
DHCP/DLSw/DNS/FTP/HTTP/SNMP operation view
UDP tracert operation view
Predefined user roles
network-admin
mdc-admin
Parameters
number: Specifies the maximum number of history records that can be saved for an NQA operation. The value range is 0 to 50.
Usage guidelines
If the number of history records for an NQA operation exceeds the maximum number, earliest history records are removed.
Examples
# Set the maximum number of history records to 10 for the ICMP echo operation.
<Sysname> system-view
[Sysname] nqa entry admin test
[Sysname-nqa-admin-test] type icmp-echo
[Sysname-nqa-admin-test-icmp-echo] history-record number 10
init-ttl
Use init-ttl to set the TTL value for UDP packets in the start round of the UDP tracert operation.
Use undo init-ttl to restore the default.
Syntax
init-ttl value
undo init-ttl
Default
The NQA client sends a UDP packet with the TTL value 1 to start the UDP tracert operation.
Views
UDP tracert operation view
Predefined user roles
network-admin
mdc-admin
Parameters
value: Specifies the TTL value in the range of 1 to 255.
Usage guidelines
This command is available in Release 1138P01 and later versions.
Examples
# Set the TTL value to 5 for the UDP packets in the start round.
<Sysname> system-view
[Sysname] nqa entry admin test
[Sysname-nqa-admin-test] type udp-tracert
[Sysname-nqa-admin-test-udp-tracert] init-ttl 5
lsr-path
Use lsr-path to specify a loose source routing (LSR) path.
Use undo lsr-path to restore the default.
Syntax
lsr-path ip-address&<1-8>
undo lsr-path
Default
No LSR path is configured.
Views
Path jitter operation view
Predefined user roles
network-admin
mdc-admin
Parameters
ip-address&<1-8>: Specifies a space-separated list of up to eight IP addresses. Each IP address represents a hop on the path.
Usage guidelines
The path jitter operation first uses tracert to detect each hop to the destination. It then sends ICMP echo requests to measure the delay and jitters from the source to each node. If multiple routes exist between the source and destination, the operation uses the path specified by using lsr-path command.
Examples
# Specify 10.1.1.20 and 10.1.2.10 as the hops on the LSR path for the path jitter operation.
<Sysname> system-view
[Sysname] nqa entry admin test
[Sysname-nqa-admin-test] type path-jitter
[Sysname-nqa-admin-test- path-jitter] lsr-path 10.1.1.20 10.1.2.10
max-failure
Use max-failure to set the maximum number of consecutive probe failures in a UDP tracert operation.
Use undo max-failure to restore the default.
Syntax
max-failure times
undo max-failure
Default
A UDP tracert operation stops and fails when it detects five consecutive probe failures.
Views
UDP tracert operation view
Predefined user roles
network-admin
mdc-admin
Parameters
times: Specifies the maximum number in the range of 0 to 255. When this argument is set to 0 or 255, the UDP tracert operation does not stop when consecutive probe failures occur.
Usage guidelines
This command is available in Release 1138P01 and later versions.
When a UDP tracert operation detects the maximum number of consecutive probe failures, the operation fails and stops probing the path.
Examples
# Set the maximum number of consecutive probe failures to 20 in a UDP tracert operation.
<Sysname> system-view
[Sysname] nqa entry admin test
[Sysname-nqa-admin-test] type udp-tracert
[Sysname-nqa-admin-test-udp-tracert] max-failure 20
mode
Use mode to set the data transmission mode for the FTP operation.
Use undo mode to restore the default.
Syntax
mode { active | passive }
undo mode
Default
The FTP operation uses the data transmission mode active.
Views
FTP operation view
FTP template view
Predefined user roles
network-admin
mdc-admin
Parameters
active: Sets the data transmission mode to active. The FTP server initiates a connection request.
passive: Sets the data transmission mode to passive. The FTP client initiates a connection request.
Examples
# Set the data transmission mode to passive for the FTP operation.
<Sysname> system-view
[Sysname] nqa entry admin test
[Sysname-nqa-admin-test] type ftp
[Sysname-nqa-admin-test-ftp] mode passive
# In FTP template view, set the data transmission mode to passive for the FTP operation.
<Sysname> system-view
[Sysname] nqa template ftp ftptplt
[Sysname-nqatplt-ftp-ftptplt] mode passive
next-hop ip
Use next-hop ip to specify the next hop IP address for probe packets.
Use undo next-hop ip to restore the default.
Syntax
next-hop ip ip-address
undo next-hop ip
Default
No next hop IP address is specified for probe packets.
Views
ICMP echo operation view
ICMP/TCP half open template view
Predefined user roles
network-admin
mdc-admin
Parameters
ip-address: Specifies the IP address of the next hop.
Usage guidelines
This command is available in Release 1138P01 and later versions.
If the next hop IP address is not configured, the device searches the routing table to determine the next hop IP address for the probe packets.
Examples
# Specify 10.1.1.1 as the next hop IP address for the ICMP echo operation.
<Sysname> system-view
[Sysname] nqa entry admin test
[Sysname-nqa-admin-test] type icmp-echo
[Sysname-nqa-admin-test-icmp-echo] next-hop ip 10.1.1.1
no-fragment enable
Use no-fragment enable to enable the no-fragmentation feature.
Use undo no-fragment enable to disable the no-fragmentation feature.
Syntax
no-fragment enable
undo no-fragment enable
Default
The no-fragmentation feature is disabled.
Views
UDP tracert operation view
Predefined user roles
network-admin
mdc-admin
Usage guidelines
This command is available in Release 1138P01 and later versions.
The no-fragmentation feature sets the DF field to 1. Packets with the DF field set cannot be fragmented during the forwarding process.
You can use this command to test the path MTU of a link.
Examples
# Enable the no-fragmentation feature for the UDP tracert operation.
<Sysname> system-view
[Sysname] nqa entry admin test
[Sysname-nqa-admin-test] type udp-tracert
[Sysname-nqa-admin-test-udp-tracert] no-fragment enable
nqa
Use nqa to create an NQA operation and enter its view, or enter the view of an existing NQA operation.
Use undo nqa to remove the operation.
Syntax
nqa entry admin-name operation-tag
undo nqa { all | entry admin-name operation-tag }
Default
No NQA operations exist.
Views
System view
Predefined user roles
network-admin
mdc-admin
Parameters
admin-name operation-tag: Specifies an NQA operation by its administrator name and operation tag. The admin-name argument represents the name of the administrator who creates the NQA operation. The operation-tag argument represents the operation tag. Each of the arguments is a case-insensitive string of 1 to 32 characters that cannot contain hyphens (-).
all: Removes all NQA operations.
Examples
# Create an NQA operation with administrator name admin and operation tag test, and enter NQA operation view.
<Sysname> system-view
[Sysname] nqa entry admin test
[Sysname-nqa-admin-test]
nqa agent enable
Use nqa agent enable to enable the NQA client.
Use undo nqa agent enable to disable the NQA client and stop all operations being performed.
Syntax
nqa agent enable
undo nqa agent enable
Default
The NQA client is enabled.
Views
System view
Predefined user roles
network-admin
mdc-admin
Examples
# Enable the NQA client.
<Sysname> system-view
[Sysname] nqa agent enable
Related commands
nqa server enable
nqa schedule
Use nqa schedule to configure scheduling parameters for an NQA operation.
Use undo nqa schedule to stop the operation.
Syntax
nqa schedule admin-name operation-tag start-time { hh:mm:ss [ yyyy/mm/dd | mm/dd/yyyy ] | now } lifetime { lifetime | forever } [ recurring ]
undo nqa schedule admin-name operation-tag
Default
No schedule is configured for an NQA operation.
Views
System view
Predefined user roles
network-admin
mdc-admin
Parameters
admin-name operation-tag: Specifies an NQA operation by its administrator name and operation tag. The admin-name argument represents the name of the administrator who creates the NQA operation. The operation-tag argument represents the operation tag. Each of the arguments is a case-insensitive string of 1 to 32 characters that cannot contain hyphens (-).
start-time: Specifies the start time and date of the NQA operation.
hh:mm:ss: Specifies the start time of an NQA operation.
yyyy/mm/dd: Specifies the start date of an NQA operation. The default value is the current system time, and the value for the yyyy argument is in the range of 2000 to 2035.
mm/dd/yyyy: Specifies the start date of an NQA operation. The default value is the current system time, and the value for the yyyy argument is in the range of 2000 to 2035.
now: Starts the operation immediately.
lifetime: Specifies the duration of an operation.
lifetime: Specifies the duration of an operation in seconds. The value range is 1 to 2147483647.
forever: Performs the operation until you stop it by using the undo nqa schedule command.
recurring: Runs the operation automatically at the start time and for the specified duration. If you do not specify this keyword, the NQA operation is performed only once at the specified date and time.
Usage guidelines
The NQA operation works between the specified start time and the end time (the start time plus operation duration). If the specified start time is ahead of the system time, the operation starts immediately. If both the specified start and end time are ahead of the system time, the operation does not start. To display the current system time, use the display clock command.
You cannot enter the operation view or operation type view of a scheduled NQA operation.
Specify a lifetime long enough for an operation to complete.
Examples
# Schedule the operation with the administrator name admin and operation tag test to start on 08:08:08 2008/08/08 and last 1000 seconds.
<Sysname> system-view
[Sysname] nqa schedule admin test start-time 08:08:08 2008/08/08 lifetime 1000 recurring
Related commands
· destination ip
· display clock (Fundamentals Command Reference)
· nqa entry
· type
nqa template
Use nqa template to create an NQA template and enter its view, or enter the view of an existing NQA template.
Use undo nqa template to remove an NQA template.
Syntax
nqa template { dns | ftp | http | https | icmp | ssl | tcp | tcphalfopen | udp } name
undo nqa template { dns | ftp | http | https | icmp | ssl | tcp | tcphalfopen | udp } name
Default
No NQA templates exist.
Views
System view
Predefined user roles
network-admin
mdc-admin
Parameters
dns: Specifies the DNS template.
ftp: Specifies the FTP template.
http: Specifies the HTTP template.
https: Specifies the HTTPS template.
icmp: Specifies the ICMP template.
ssl: Specifies the SSL template.
tcp: Specifies the TCP template.
tcphalfopen: Specifies the TCP half open template.
udp: Specifies the UDP template.
name: Specifies the name of the NQA template, a case-insensitive string of 1 to 32 characters.
Examples
# Create an ICMP template named icmptplt, and enter its view.
<Sysname> system-view
[Sysname] nqa template icmp icmptplt
[Sysname-nqatplt-icmp-icmptplt]
operation (FTP operation view)
Use operation to specify the operation type for the FTP operation.
Use undo operation to restore the default.
Syntax
operation { get | put }
undo operation
Default
The FTP operation type is get.
Views
FTP operation view
FTP template view
Predefined user roles
network-admin
mdc-admin
Parameters
get: Gets a file from the FTP server.
put: Transfers a file to the FTP server.
Usage guidelines
When you perform the put operation with the filename command configured, make sure the file exists on the NQA client.
If you get a file from the FTP server, make sure the file specified in the URL exists on the FTP server. The NQA client does not save the file obtained from the FTP server.
Use a small file for the FTP operation. A big file might result in transfer failure because of timeout, or might affect other services for occupying much network bandwidth.
Examples
# Set the operation type to put for the FTP operation.
<Sysname> system-view
[Sysname] nqa entry admin test
[Sysname-nqa-admin-test] type ftp
[Sysname-nqa-admin-test-ftp] operation put
# In FTP template view, set the operation type to put for the FTP operation.
<Sysname> system-view
[Sysname] nqa template ftp ftptplt
[Sysname-nqatplt-ftp-ftptplt] operation put
Related commands
· password
· username
operation (HTTP/HTTPS operation view)
Use operation to specify the operation type for the HTTP or HTTPS operation.
Use undo operation to restore the default.
Syntax
operation { get | post | raw }
undo operation
Default
The HTTP or HTTPS operation type is get.
Views
HTTP operation view
HTTP/HTTPS template view
Predefined user roles
network-admin
mdc-admin
Parameters
get: Gets data from the HTTP or HTTPS server.
post: Transfers data to the HTTP or HTTPS server.
raw: Sends the RAW request to the HTTP or HTTPS server.
Usage guidelines
The HTTP and HTTPS operations use HTTP and HTTPS requests as probe packets.
For the get or post operation, the content in the request is obtained from the URL specified by the url command.
For the raw operation, the content in the request is configured in raw request view. You can use the raw-request command to enter the raw request view.
Examples
# Set the operation type to raw for the HTTP operation.
<Sysname> system-view
[Sysname] nqa entry admin test
[Sysname-nqa-admin-test] type http
[Sysname-nqa-admin-test-http] operation raw
# In HTTP template view, set the operation type to raw for the HTTP operation.
[Sysname] nqa template http httptplt
[Sysname-nqatplt-http-httptplt] operation raw
· password
· raw-request
· username
out interface
Use out interface to specify the output interface for probe packets.
Use undo out interface to restore the default.
Syntax
out interface interface-type interface-number
undo out interface
Default
The output interface for probe packets is not specified. The NQA client determines the output interface based on the routing table lookup.
Views
ICMP echo operation view
DHCP operation view
UDP tracert operation view
Predefined user roles
network-admin
mdc-admin
Parameters
interface-type interface-number: Specifies an interface by its type and number.
Usage guidelines
This command is available in Release 1138P01 and later versions.
For successful operation, the specified output interface must be up.
If both the next-hop and out interface commands are configured for the ICMP echo operation, the out interface command does not take effect.
Examples
# Specify VLAN-interface 1 as the output interface for probe packets in the UDP tracert operation.
<Sysname> system-view
[Sysname] nqa entry admin test
[Sysname-nqa-admin-test] type udp-tracert
[Sysname-nqa-admin-test-udp-tracert] out interface vlan-interface 1
password
Use password to specify a password.
Use undo password to restore the default.
Syntax
password { cipher | simple } string
undo password
Default
No password is specified.
Views
FTP/HTTP operation view
FTP/HTTP/HTTPS template view
Predefined user roles
network-admin
mdc-admin
Parameters
cipher: Specifies a password in encrypted form.
simple: Specifies a password in plaintext form. For security purposes, the password specified in plaintext form will be stored in encrypted form.
string: Specifies the password. The plaintext form of the password is a case-sensitive string of 1 to 32 characters. The encrypted form of the password is a case-sensitive string of 1 to 73 characters.
Examples
# Set the FTP login password to ftpuser.
<Sysname> system-view
[Sysname] nqa entry admin test
[Sysname-nqa-admin-test] type ftp
[Sysname-nqa-admin-test-ftp] password simple ftpuser
# Set the FTP login password to ftpuser in FTP template view.
<Sysname> system-view
[Sysname] nqa template ftp ftptplt
[Sysname-nqatplt-ftp-ftptplt] password simple ftpuser
Related commands
· operation
· username
probe count
Use probe count to specify the probe times.
Use undo probe count to restore the default.
Syntax
probe count times
undo probe count
Default
In an UDP tracert operation, the NQA client sends three probe packets to each hop along the path.
In other types of operations, the NQA client performs one probe to the destination per operation.
Views
ICMP echo/TCP/UDP echo operation view
DHCP/DLSw/DNS/FTP/HTTP/SNMP operation view
UDP tracert operation view
ICMP jitter/UDP jitter operation view
Predefined user roles
network-admin
mdc-admin
Parameters
times: Specifies the probe times.
· For the UDP tracert operation, this argument specifies the times of probes to each hop along the path. The value range for this argument is 1 to 10.
· For other types of operations, this argument specifies the times of probes to the destination per operation. The value range for this argument is 1 to 15.
Usage guidelines
The following describes how NQA performs different types of operations:
· A TCP or DLSw operation sets up a connection.
· An ICMP jitter, UDP jitter, or voice operation sends a number of probe packets. The number of probe packets is set by using the probe packet-number command.
· An FTP operation uploads or downloads a file.
· An HTTP operation gets a Web page.
· A DHCP operation gets an IP address through DHCP.
· A DNS operation translates a domain name to an IP address.
· An ICMP echo sends an ICMP echo request.
· A UDP echo operation sends a UDP packet.
· An SNMP operation sends one SNMPv1 packet, one SNMPv2c packet, and one SNMPv3 packet.
· A path jitter operation is accomplished in the following steps:
a. The operation uses tracert to obtain the path from the NQA client to the destination. A maximum of 64 hops can be detected.
b. The NQA client sends ICMP echo requests to each hop along the path. The number of ICMP echo requests is set by using the probe packet-number command.
· A UDP tracert operation determines the routing path from the source to the destination. The number of probe packets sent to each hop is set by using the probe count command.
If an operation is to perform multiple probes, the NQA client starts a new probe in one of the following conditions:
· The NQA client receives responses to packets sent in the last probe.
· The probe timeout time expires.
This command is not available for the voice or path jitter operations. Each of these operations performs only one probe.
Examples
# Configure the ICMP echo operation to perform 10 probes.
<Sysname> system-view
[Sysname] nqa entry admin test
[Sysname-nqa-admin-test] type icmp-echo
[Sysname-nqa-admin-test-icmp-echo] probe count 10
probe packet-interval
Use probe packet-interval to configure the packet sending interval in the probe.
Use undo probe packet-interval to restore the default.
Syntax
probe packet-interval interval
undo probe packet-interval
Default
The packet sending interval is 20 milliseconds.
Views
ICMP jitter/path jitter/UDP jitter/voice operation view
Predefined user roles
network-admin
mdc-admin
Parameters
interval: Specifies the sending interval in the range of 10 to 60000 milliseconds.
Examples
# Configure the UDP jitter operation to send packets every 100 milliseconds.
<Sysname> system-view
[Sysname] nqa entry admin test
[Sysname-nqa-admin-test] type udp-jitter
[Sysname-nqa-admin-test-udp-jitter] probe packet-interval 100
probe packet-number
Use probe packet-number to set the number of packets to be sent in a UDP jitter, path jitter, or voice probe.
Use undo probe packet-number to restore the default.
Syntax
probe packet-number packet-number
undo probe packet-number
Default
An ICMP jitter, UDP jitter, or path jitter probe sends 10 packets and a voice probe sends 1000 packets.
Views
ICMP jitter/path jitter/UDP jitter/voice operation view
Predefined user roles
network-admin
mdc-admin
Parameters
packet-number: Specifies the number of packets to be sent per probe. Available value ranges include:
· 10 to 1000 for the ICMP jitter, UDP jitter, and path jitter operations.
· 10 to 60000 for the voice operation.
Examples
# Configure the UDP jitter probe to send 100 packets.
<Sysname> system-view
[Sysname] nqa entry admin test
[Sysname-nqa-admin-test] type udp-jitter
[Sysname-nqa-admin-test-udp-jitter] probe packet-number 100
probe packet-timeout
Use probe packet-timeout to set the timeout time for waiting for a response in the UDP jitter, path jitter, or voice operation.
Use undo probe packet-timeout to restore the default.
Syntax
probe packet-timeout timeout
undo probe packet-timeout
Default
The response timeout time in the UDP jitter or path jitter operation is 3000 milliseconds.
The response timeout time in the voice operation is 5000 milliseconds.
Views
ICMP jitter/path jitter/UDP jitter/voice operation view
Predefined user roles
network-admin
mdc-admin
Parameters
timeout: Specifies the timeout time in milliseconds. The value range is 10 to 3600000.
Examples
# Set the response timeout time to 100 milliseconds in the UDP jitter operation.
<Sysname> system-view
[Sysname] nqa entry admin test
[Sysname-nqa-admin-test] type udp-jitter
[Sysname-nqa-admin-test-udp-jitter] probe packet-timeout 100
probe timeout
Use probe timeout to set the probe timeout time.
Use undo probe timeout to restore the default.
Syntax
probe timeout timeout
undo probe timeout
Default
The timeout time of a probe is 3000 milliseconds.
Views
ICMP echo/TCP/UDP echo operation view
DHCP/DLSw/DNS/FTP/HTTP/SNMP operation view
UDP tracert operation view
Any NQA template view
Predefined user roles
network-admin
mdc-admin
Parameters
timeout: Specifies the probe timeout time in milliseconds. Available value ranges include:
· 10 to 86400000 for the FTP or HTTP operation.
· 10 to 3600000 for the DHCP, DNS, DLSw, ICMP echo, SNMP, TCP, UDP echo, or UDP tracert operation.
Usage guidelines
If a probe does not complete within the period, the probe is timed out.
Examples
# Set the probe timeout time to 10000 milliseconds for the DHCP operation.
<Sysname> system-view
[Sysname] nqa entry admin test
[Sysname-nqa-admin-test] type dhcp
[Sysname-nqa-admin-test-dhcp] probe timeout 10000
# In HTTP template view, set the probe timeout time to 10000 milliseconds for the HTTP operation.
<Sysname> system-view
[Sysname] nqa template http httptplt
[Sysname-nqatplt-http-httptplt] probe timeout 10000
raw-request
Use raw-request to enter raw request view and specify the content of an HTTP or HTTPS request.
Use undo raw-request to restore the default.
Syntax
raw-request
undo raw-request
Default
The contents of an HTTP or HTTPS raw request are not specified.
Views
HTTP operation view
HTTP/HTTPS template view
Predefined user roles
network-admin
mdc-admin
Usage guidelines
This command places you in raw request view and deletes the previously configured request content. To ensure successful operations, make sure the request content is in the correct format.
If the HTTP or HTTPS operation type is set to raw, you must enter raw request view and configure the request content to be sent to the HTTP or HTTPS server.
Examples
# Enter raw request view and specify the content of a GET request for the HTTP operation.
<Sysname> system-view
[Sysname] nqa entry admin test
[Sysname-nqa-admin-test] type http
[Sysname-nqa-admin-test-http] raw-request
[Sysname-nqa-admin-test-http-raw-request] GET /sdn/ui/app/index HTTP/1.0\r\nHost: 172.0.0.2\r\n\r\n
# In HTTP template view, enter raw request view and specify the content of a POST request for the HTTP operation.
<Sysname> system-view
[Sysname] nqa template http httptplt
[Sysname-nqatplt-http-httptplt] raw-request
[Sysname-nqatplt-http-httptplt-raw-request] POST /sdn/ui/app/index HTTP/1.0\r\nHost:
172.0.0.2\r\nAuthorization: Basic cm9vdDoxMjM0NTY=\r\n\r\n
reaction checked-element { jitter-ds | jitter-sd }
Use reaction checked-element { jitter-ds | jitter-sd } to configure a reaction entry for monitoring one-way jitter in the NQA operation.
Use undo reaction to delete the specified reaction entry.
Syntax
reaction item-number checked-element { jitter-ds | jitter-sd } threshold-type { accumulate accumulate-occurrences | average } threshold-value upper-threshold lower-threshold [ action-type { none | trap-only } ]
undo reaction item-number
Default
No reaction entries for monitoring one-way jitter exist.
Views
ICMP jitter/UDP jitter/voice operation view
Predefined user roles
network-admin
mdc-admin
Parameters
item-number: Assigns an ID to the reaction entry, in the range of 1 to 10.
jitter-ds: Specifies the destination-to-source jitter of each probe packet as the monitored element (or performance metric).
jitter-sd: Specifies source-to-destination jitter of each probe packet as the monitored element.
threshold-type: Specifies a threshold type.
accumulate accumulate-occurrences: Checks the total number of threshold violations in the operation. The value range is 1 to 14999 for the ICMP jitter and UDP jitter operations, and 1 to 59999 for the voice operation.
average: Checks the average one-way jitter.
threshold-value: Specifies threshold range in milliseconds.
upper-threshold: Specifies the upper limit in the range of 0 to 3600000.
lower-threshold: Specifies the lower limit in the range of 0 to 3600000. It must not be greater than the upper limit.
action-type: Specifies the action to be triggered. The default action is none.
none: Specifies the action of displaying results on the terminal display.
trap-only: Specifies the action of displaying results on the terminal display and meanwhile sending SNMP trap messages to the NMS.
Usage guidelines
You cannot edit a reaction entry after it is created. To change the attributes in a reaction entry, use the undo reaction command to delete the entry, and then configure a new one.
Only successful probe packets are monitored. Statistics about failed probe packets are not collected.
Examples
# Create reaction entry 1 for monitoring the average destination-to-source jitter of UDP jitter packets, and set the upper limit to 50 milliseconds and the lower limit to 5 milliseconds. Before the NQA operation starts, the initial state of the reaction entry is invalid. After the operation, the average destination-to-source jitter is checked against the threshold range. If it exceeds the upper limit, the state of the reaction entry is set to over-threshold. If it is below the lower limit, the state is set to below-threshold. Once the state of the reaction entry changes, a trap message is generated and sent to the NMS.
<Sysname> system-view
[Sysname] nqa entry admin test
[Sysname-nqa-admin-test] type udp-jitter
[Sysname-nqa-admin-test-udp-jitter] reaction 1 checked-element jitter-ds threshold-type average threshold-value 50 5 action-type trap-only
# Create reaction entry 2 for monitoring the destination-to-source jitter of UDP jitter probe packets, and set the upper limit to 50 milliseconds, and the lower limit to 5 milliseconds. Before the NQA operation starts, the initial state of the reaction entry is invalid. After the operation, the destination-to-source jitter is checked against the threshold range. If the total number of threshold violations reaches or exceeds 100, the state of the entry is set to over-threshold. Otherwise, the state of the entry is set to below-threshold. Once the state of the reaction entry changes, a trap message is generated and sent to the NMS.
<Sysname> system-view
[Sysname] nqa entry admin test
[Sysname-nqa-admin-test] type udp-jitter
[Sysname-nqa-admin-test-udp-jitter] reaction 2 checked-element jitter-ds threshold-type accumulate 100 threshold-value 50 5 action-type trap-only
reaction checked-element { owd-ds | owd-sd }
Use reaction checked-element { owd-ds | owd-sd } to configure a reaction entry for monitoring the one-way delay.
Use undo reaction to delete the specified reaction entry.
Syntax
reaction item-number checked-element { owd-ds | owd-sd } threshold-value upper-threshold lower-threshold
undo reaction item-number
Default
No reaction entries for monitoring the one-way delay exist.
Views
ICMP jitter/UDP jitter/voice operation view
Predefined user roles
network-admin
mdc-admin
Parameters
item-number: Assigns an ID to the reaction entry, in the range of 1 to 10.
owd-ds: Specifies the destination-to-source delay of each probe packet as the monitored element.
owd-sd: Specifies the source-to-destination delay of each probe packet as the monitored element.
threshold-value: Specifies threshold range in milliseconds.
upper-threshold: Specifies the upper limit in the range of 0 to 3600000.
lower-threshold: Specifies the lower limit in the range of 0 to 3600000. It must not be greater than the upper limit.
Usage guidelines
You cannot edit a reaction entry after it is created. To change the attributes in a reaction entry, use the undo reaction command to delete the entry, and then configure a new one.
Only successful probe packets are monitored. Statistics about failed probe packets are not collected.
No actions can be configured for a reaction entry of monitoring one-way delays. To display the monitoring results and statistics, use the display nqa reaction counters and display nqa statistics commands.
Examples
# Create reaction entry 1 for monitoring the destination-to-source delay of every UDP jitter packet, and set the upper limit to 50 milliseconds and lower limit to 5 milliseconds. Before the NQA operation starts, the initial state of the reaction entry is invalid. The destination-to-source delay is calculated after the response to the probe packet arrives. If the delay exceeds the upper limit, the state of the reaction entry is set to over-threshold. If it is below the lower limit, the state is set to below-threshold. Once the state of the reaction entry changes, a trap message is generated and sent to the NMS.
<Sysname> system-view
[Sysname] nqa entry admin test
[Sysname-nqa-admin-test] type udp-jitter
[Sysname-nqa-admin-test-udp-jitter] reaction 1 checked-element owd-ds threshold-value 50 5
reaction checked-element icpif
Use reaction checked-element icpif to configure a reaction entry for monitoring the ICPIF value in the voice operation.
Use undo reaction to delete the specified reaction entry.
Syntax
reaction item-number checked-element icpif threshold-value upper-threshold lower-threshold [ action-type { none | trap-only } ]
undo reaction item-number
Default
No reaction entries for monitoring ICPIF values exist.
Views
Voice operation view
Predefined user roles
network-admin
mdc-admin
Parameters
item-number: Assigns an ID to the reaction entry, in the range of 1 to 10.
threshold-value: Specifies threshold range.
upper-threshold: Specifies the upper limit in the range of 1 to 100.
lower-threshold: Specifies the lower limit in the range of 1 to 100. It must not be greater than the upper limit.
action-type: Specifies what action to be triggered. The default action is none.
none: Specifies the action of displaying results on the terminal display.
trap-only: Specifies the action of displaying results on the terminal display and meanwhile sending SNMP trap messages to the NMS.
Usage guidelines
You cannot edit a reaction entry after it is created. To change the attributes in a reaction entry, use the undo reaction command to delete the entry, and then configure a new one.
Examples
# Create reaction entry 1 for monitoring the ICPIF value in the voice operation, and set the upper limit to 50 and lower limit to 5. Before the voice operation starts, the initial state of the reaction entry is invalid. After the operation, the ICPIF value is checked against the threshold range. If it exceeds the upper limit, the state of the reaction entry is set to over-threshold. If it is below the lower limit, the state is set to below-threshold. Once the state of the reaction entry changes, a trap message is generated and sent to the NMS.
<Sysname> system-view
[Sysname] nqa entry admin test
[Sysname-nqa-admin-test] type voice
[Sysname-nqa-admin-test-voice] reaction 1 checked-element icpif threshold-value 50 5 action-type trap-only
reaction checked-element mos
Use reaction checked-element mos to configure a reaction entry for monitoring the MOS value in the voice operation.
Use undo reaction to delete the specified reaction entry.
Syntax
reaction item-number checked-element mos threshold-value upper-threshold lower-threshold [ action-type { none | trap-only } ]
undo reaction item-number
Default
No reaction entries for monitoring the MOS value exist.
Views
Voice operation view
Predefined user roles
network-admin
mdc-admin
Parameters
item-number: Assigns an ID to the reaction entry, in the range of 1 to 10.
threshold-value: Specifies threshold range.
upper-threshold: Specifies the upper limit in the range of 1 to 500.
lower-threshold: Specifies the lower limit in the range of 1 to 500. It must not be greater than the upper limit.
action-type: Specifies what action to be triggered. The default action is none.
none: Specifies the action of displaying results on the terminal display.
trap-only: Specifies the action of displaying results on the terminal display and meanwhile sending SNMP trap messages to the NMS.
Usage guidelines
You cannot edit a reaction entry after it is created. To change the attributes in a reaction entry, use the undo reaction command to delete the entry, and then configure a new one.
For the MOS threshold, the number is expressed in three digits representing ones, tenths, and hundredths. For example, to express a MOS threshold of 1, enter 100.
Examples
# Create reaction entry 1 for monitoring the MOS value of the voice operation, and set the upper limit to 2 and lower limit to 1. Before the NQA operation starts, the initial state of the reaction entry is invalid. After the operation, the MOS value is checked against the threshold range. If it exceeds the upper limit, the state of the reaction entry is set to over-threshold. If it is below the lower limit, the state is set to below-threshold. Once the state of the reaction entry changes, a trap message is generated and sent to the NMS.
<Sysname> system-view
[Sysname] nqa entry admin test
[Sysname-nqa-admin-test] type voice
[Sysname-nqa-admin-test-voice] reaction 1 checked-element mos threshold-value 200 100 action-type trap-only
reaction checked-element packet-loss
Use reaction checked-element packet-loss to configure a reaction entry for monitoring packet loss in UDP jitter or voice operation.
Use undo reaction to delete the specified reaction entry.
Syntax
reaction item-number checked-element packet-loss threshold-type accumulate accumulate-occurrences [ action-type { none | trap-only } ]
undo reaction item-number
Default
No reaction entries for monitoring packet loss exist.
Views
ICMP jitter/UDP jitter/voice operation view
Predefined user roles
network-admin
mdc-admin
Parameters
item-number: Assigns an ID to the reaction entry, in the range of 1 to 10.
threshold-type: Specifies a threshold type.
accumulate accumulate-occurrences: Specifies the total number of lost packets in the operation. The value range is 1 to 15000 for the ICMP jitter and UDP jitter operations and 1 to 60000 for the voice operation.
action-type: Specifies what action to be triggered. The default action is none.
none: Specifies the action of displaying results on the terminal display.
trap-only: Specifies the action of displaying results on the terminal display and meanwhile sending SNMP trap messages to the NMS.
Usage guidelines
You cannot edit a reaction entry after it is created. To change the attributes in a reaction entry, use the undo reaction command to delete the entry, and then configure a new one.
Examples
# Create reaction entry 1 for monitoring packet loss in the UDP jitter operation. Before the NQA operation starts, the initial state of the reaction entry is invalid. After the operation, the total number of the lost packets is checked against the threshold. If the number reaches or exceeds 100, the state of the reaction entry is set to over-threshold. Otherwise, the state is set to below-threshold. Once the state of the reaction entry changes, a trap message is generated and sent to the NMS.
<Sysname> system-view
[Sysname] nqa entry admin test
[Sysname-nqa-admin-test] type udp-jitter
[Sysname-nqa-admin-test-udp-jitter] reaction 1 checked-element packet-loss threshold-type accumulate 100 action-type trap-only
reaction checked-element probe-duration
Use reaction checked-element probe-duration to configure a reaction entry for monitoring the probe duration.
Use undo reaction to delete the specified reaction entry.
Syntax
reaction item-number checked-element probe-duration threshold-type { accumulate accumulate-occurrences | average | consecutive consecutive-occurrences } threshold-value upper-threshold lower-threshold [ action-type { none | trap-only } ]
undo reaction item-number
Default
No reaction entries for monitoring the probe duration exist.
Views
ICMP echo/TCP/UDP echo operation view
DHCP/DLSw/DNS/FTP/HTTP/SNMP operation view
Predefined user roles
network-admin
mdc-admin
Parameters
item-number: Assigns an ID to the reaction entry, in the range of 1 to 10.
threshold-type: Specifies a threshold type.
accumulate accumulate-occurrences: Checks the total number of threshold violations. The value range is 1 to 15.
average: Checks the average probe duration.
consecutive consecutive-occurrences: Specifies the number of consecutive threshold violations after the NQA operation starts. The value range is 1 to 16.
threshold-value: Specifies threshold range in milliseconds.
upper-threshold: Specifies the upper limit in the range of 0 to 3600000.
lower-threshold: Specifies the lower limit in the range of 0 to 3600000. It must not be greater than the upper threshold.
action-type: Specifies what action to be triggered. The default action is none.
none: Specifies the action of displaying results on the terminal display.
trap-only: Specifies the action of displaying results on the terminal display and meanwhile sending SNMP trap messages to the NMS. This keyword is not available for the DNS operation.
Usage guidelines
You cannot edit a reaction entry after it is created. To change the attributes in a reaction entry, use the undo reaction command to delete the entry, and then configure a new one.
Only successful probe packets are monitored. Statistics about failed probe packets are not collected.
Examples
# Create reaction entry 1 for monitoring the average probe duration of ICMP echo operation, and set the upper limit to 50 milliseconds and lower limit to 5 milliseconds. Before the NQA operation starts, the initial state of the reaction entry is invalid. After the operation, the average probe duration is checked. If it exceeds the upper limit, the state is set to over-threshold. If it is below the lower limit, the state of the reaction entry is set to below-threshold. Once the state of the reaction entry changes, a trap message is generated and sent to the NMS.
<Sysname> system-view
[Sysname] nqa entry admin test
[Sysname-nqa-admin-test] type icmp-echo
[Sysname-nqa-admin-test-icmp-echo] reaction 1 checked-element probe-duration threshold-type average threshold-value 50 5 action-type trap-only
# Create reaction entry 2 for monitoring the probe duration of ICMP echo operation, and set the upper limit to 50 milliseconds and the lower limit to 5 milliseconds. Before the NQA operation starts, the initial state of the reaction entry is invalid. After the operation, the accumulated probe duration is checked against the threshold range. If the total number of threshold violations reaches or exceeds 10, the state of the entry is set to over-threshold. If it is below the lower threshold, the state of the entry is set to below-threshold. Once the state of the reaction entry changes, a trap message is generated and sent to the NMS.
<Sysname> system-view
[Sysname] nqa entry admin test
[Sysname-nqa-admin-test] type icmp-echo
[Sysname-nqa-admin-test-icmp-echo] reaction 2 checked-element probe-duration threshold-type accumulate 10 threshold-value 50 5 action-type trap-only
# Create reaction entry 3 for monitoring the probe duration time of ICMP echo operation, and set the upper limit to 50 milliseconds and the lower limit to 5 milliseconds. Before the NQA operation starts, the initial state of the reaction entry is invalid. After the operation, the consecutive probe duration is checked against the threshold range. If the total number of consecutive threshold violations reaches or exceeds 10, the state of the entry is set to over-threshold. If it is below the lower threshold, the state of the entry is set to below-threshold. Once the state of the reaction entry changes, a trap message is generated and sent to the NMS.
<Sysname> system-view
[Sysname] nqa entry admin test
[Sysname-nqa-admin-test] type icmp-echo
[Sysname-nqa-admin-test-icmp-echo] reaction 3 checked-element probe-duration threshold-type consecutive 10 threshold-value 50 5 action-type trap-only
reaction checked-element probe-fail (for trap)
Use reaction checked-element probe-fail to configure a reaction entry for monitoring the probe failures of the operation.
Use undo reaction to delete the specified reaction entry.
Syntax
reaction item-number checked-element probe-fail threshold-type { accumulate accumulate-occurrences | consecutive consecutive-occurrences } [ action-type { none | trap-only } ]
undo reaction item-number
Default
No reaction entries for monitoring probe failures exist.
Views
ICMP echo/TCP/UDP echo operation view
DHCP/DLSw/DNS/FTP/HTTP/SNMP operation view
Predefined user roles
network-admin
mdc-admin
Parameters
item-number: Assigns an ID to the reaction entry, in the range of 1 to 10.
threshold-type: Specifies a threshold type.
accumulate accumulate-occurrences: Checks the total number of probe failures. The value range is 1 to 15.
consecutive consecutive-occurrences: Checks the maximum number of consecutive probe failures. The value range is 1 to 16.
action-type: Specifies what action to be triggered. The default action is none.
none: Specifies the action of displaying results on the terminal display.
trap-only: Specifies the action of displaying results on the terminal display and meanwhile sending SNMP trap messages to the NMS. This keyword is not available for the DNS operation.
Usage guidelines
You cannot edit a reaction entry after it is created. To change the attributes in a reaction entry, use the undo reaction command to delete the entry, and then configure a new one.
Examples
# Create reaction entry 1 for monitoring the probe failures in ICMP echo operation. Before the NQA operation starts, the initial state of the reaction entry is invalid. If the total number of probe failures reaches or exceeds 10, the state of the entry is set to over-threshold. If it is below the threshold, the state of the entry is set to below-threshold. Once the state of the reaction entry changes, a trap message is generated and sent to the NMS.
<Sysname> system-view
[Sysname] nqa entry admin test
[Sysname-nqa-admin-test] type icmp-echo
[Sysname-nqa-admin-test-icmp-echo] reaction 1 checked-element probe-fail threshold-type accumulate 10 action-type trap-only
# Create reaction entry 2 for monitoring the probe failures in ICMP echo operation. Before the NQA operation starts, the initial state of the reaction entry is invalid. If the number of consecutive probe failures reaches or exceeds 10, the state of the entry is set to over-threshold. If it is below the threshold, the state of the entry is set to below-threshold. Once the state of the reaction entry changes, a trap message is generated and sent to the NMS.
<Sysname> system-view
[Sysname] nqa entry admin test
[Sysname-nqa-admin-test] type icmp-echo
[Sysname-nqa-admin-test-icmp-echo] reaction 2 checked-element probe-fail threshold-type consecutive 10 action-type trap-only
reaction checked-element probe-fail (for trigger)
Use reaction checked-element probe-fail to configure a reaction entry for monitoring probe failures.
Use undo reaction to remove the specified reaction entry.
Syntax
reaction item-number checked-element probe-fail threshold-type consecutive consecutive-occurrences action-type trigger-only
undo reaction item-number
Default
No reaction entries for monitoring probe failures exist.
Views
ICMP echo/TCP/UDP echo operation view
DHCP/DLSw/DNS/FTP/HTTP/SNMP operation view
Predefined user roles
network-admin
mdc-admin
Parameters
item-number: Assigns an ID to the reaction entry, in the range of 1 to 10.
threshold-type: Specifies a threshold type.
consecutive consecutive-occurrences: Checks the maximum number of consecutive probe failures, in the range of 1 to 16.
action-type: Specifies what action to be triggered.
trigger-only: Triggers other modules to react to certain conditions.
Usage guidelines
You cannot edit a reaction entry after it is created. To change the attributes in a reaction entry, use the undo reaction command to delete the entry, and then configure a new one.
Examples
# Create reaction entry 1. If the number of consecutive probe failures reaches 3, collaboration is triggered.
<Sysname> system-view
[Sysname] nqa entry admin test
[Sysname-nqa-admin-test] type tcp
[Sysname-nqa-admin-test-tcp] reaction 1 checked-element probe-fail threshold-type consecutive 3 action-type trigger-only
Related commands
track (High Availability Command Reference)
reaction checked-element rtt
Use reaction checked-element rtt to configure a reaction entry for monitoring packet round-trip time.
Use undo reaction to delete the specified reaction entry.
Syntax
reaction item-number checked-element rtt threshold-type { accumulate accumulate-occurrences | average } threshold-value upper-threshold lower-threshold [ action-type { none | trap-only } ]
undo reaction item-number
Default
No reaction entries for monitoring packet round-trip time exist.
Views
ICMP jitter/UDP jitter/voice operation view
Predefined user roles
network-admin
mdc-admin
Parameters
item-number: Assigns an ID to the reaction entry, in the range of 1 to 10.
threshold-type: Specifies a threshold type.
accumulate accumulate-occurrences: Checks the total number of threshold violations. Available value ranges include:
· 1 to 15000 for the ICMP jitter and UDP jitter operations.
· 1 to 60000 for the voice operation.
average: Checks the packet average round-trip time.
threshold-value: Specifies threshold range in milliseconds.
upper-threshold: Specifies the upper limit in the range of 0 to 3600000.
lower-threshold: Specifies the lower limit in the range of 0 to 3600000. It must not be greater than the upper limit.
action-type: Specifies what action to be triggered. The default action is none.
none: Specifies the action of displaying results on the terminal display.
trap-only: Specifies the action of displaying results on the terminal display and meanwhile sending SNMP trap messages to the NMS.
Usage guidelines
You cannot edit a reaction entry after it is created. To change the attributes in a reaction entry, use the undo reaction command to delete the entry, and then configure a new one.
Only successful probe packets are monitored. Statistics about failed probe packets are not collected.
Examples
# Create reaction entry 1 for monitoring the average round-trip time of UDP jitter probe packets, and set the upper limit to 50 milliseconds and lower limit to 5 milliseconds. Before the NQA operation starts, the initial state of the reaction entry is invalid. After the operation, the average packet round-trip time is checked. If it exceeds the upper limit, the state is set to over-threshold. If it is below the lower limit, the state is set to below-threshold. Once the reaction entry state changes, a trap message is generated and sent to the NMS.
<Sysname> system-view
[Sysname] nqa entry admin test
[Sysname-nqa-admin-test] type udp-jitter
[Sysname-nqa-admin-test-udp-jitter] reaction 1 checked-element rtt threshold-type average threshold-value 50 5 action-type trap-only
# Create reaction entry 2 for monitoring the round-trip time of UDP jitter probe packets, and set the upper limit to 50 milliseconds and lower limit to 5 milliseconds. Before the NQA operation starts, the initial state of the reaction entry is invalid. After the operation, the packet round-trip time is checked. If the total number of threshold violations reaches or exceeds 100, the state of the entry is set to over-threshold. Otherwise, the state of the entry is set to below-threshold. Once the state of the reaction entry changes, a trap message is generated and sent to the NMS.
<Sysname> system-view
[Sysname] nqa entry admin test
[Sysname-nqa-admin-test] type udp-jitter
[Sysname-nqa-admin-test-udp-jitter] reaction 1 checked-element rtt threshold-type accumulate 100 threshold-value 50 5 action-type trap-only
reaction trap
Use reaction trap to configure the sending of traps to the NMS under specific conditions.
Use undo reaction trap to restore the default.
Syntax
reaction trap { path-change | probe-failure consecutive-probe-failures | test-complete | test-failure [ accumulate-probe-failures ] }
undo reaction trap { path-change | probe-failure | test-complete | test-failure }
Default
No traps are sent to the NMS.
Views
ICMP echo/TCP/UDP echo operation view
DHCP/DLSw/DNS/FTP/HTTP/SNMP operation view
UDP tracert operation view
ICMP jitter/UDP jitter/voice operation view
Predefined user roles
network-admin
mdc-admin
Parameters
path-change: Sends a trap when the UDP tracert operation detects a different path to the destination.
probe-failure consecutive-probe-failures: Sends a trap to the NMS if the number of consecutive probe failures in an operation is greater than or equal to consecutive-probe-failures. The value range for the consecutive-probe-failures argument is 1 to 15. The system counts the number of consecutive probe failures for each operation, so multiple traps might be sent.
test-complete: Sends a trap to indicate that the operation is completed.
test-failure: Sends a trap when an operation fails. For operations other than UDP tracert operation, the system counts the total number of probe failures in an operation. If the number reaches or exceeds the value for the accumulate-probe-failures argument, a trap is sent for the operation failure.
accumulate-probe-failures: Specifies the total number of probe failures in an operation. The value range is 1 to 15. This argument is not supported by the UDP tracert operation.
Usage guidelines
The ICMP jitter, UDP jitter, and voice operations support only the test-complete keyword.
The following parameters are not available for the UDP tracert operation:
· The probe-failure consecutive-probe-failures option.
· The accumulate-probe-failures argument.
Examples
# Configure the system to send a trap if five or more consecutive probe failures occur in an ICMP echo operation.
<Sysname> system-view
[Sysname] nqa entry admin test
[Sysname-nqa-admin-test] type icmp-echo
[Sysname-nqa-admin-test-icmp-echo] reaction trap probe-failure 5
reaction trigger per-probe
Use reaction trigger per-probe to configure the probe result sending on a per-probe basis.
Use undo reaction trigger per-probe to restore the default.
Syntax
reaction trigger per-probe
undo reaction trigger per-probe
Default
The probe result is sent to the feature that uses the template after three consecutive failed or successful probes.
Views
ICMP/TCP half open template view
Predefined user roles
network-admin
mdc-admin
Usage guidelines
This command is available in Release 1138P01 and later versions.
The feature enables the NQA client to send the probe result to the feature that uses the NQA template every time a probe is completed.
If you execute this command and the reaction trigger probe-fail command multiple times, the most recent configuration takes effect.
If you execute this command and the reaction trigger probe-pass command multiple times, the most recent configuration takes effect.
Examples
# In ICMP template view, configure the probe result sending on a per-probe basis.
<Sysname> system-view
[Sysname] nqa template icmp icmptplt
[Sysname-nqatplt-icmp-icmptplt] reaction trigger per-probe
Related commands
· reaction trigger probe-fail
· reaction trigger probe-pass
reaction trigger probe-fail
Use reaction trigger probe-fail to set the number of consecutive probe failures to determine an operation failure.
Use undo reaction trigger probe-fail to restore the default.
Syntax
reaction trigger probe-fail count
undo reaction trigger probe-fail
Default
The NQA client notifies the feature of the operation failure when the number of consecutive probe failures reaches 3.
Views
Any NQA template view
Predefined user roles
network-admin
mdc-admin
Parameters
count: Specifies the number of consecutive probe failures, in the range of 1 to 15.
Usage guidelines
If the number of consecutive probe failures is reached, the NQA client notifies the feature that uses the NQA template of the operation failure.
If you execute this command and the reaction trigger per-probe command multiple times, the most recent configuration takes effect.
Examples
# In HTTP template view, configure the NQA client to notify the feature of the operation failure when the number of consecutive probe failures reaches 5.
<Sysname> system-view
[Sysname] nqa template http httptplt
[Sysname-nqatplt-http-httptplt] reaction trigger probe-fail 5
Related commands
· reaction trigger per-probe
· reaction trigger probe-pass
reaction trigger probe-pass
Use reaction trigger probe-pass to set the number of consecutive successful probes to determine a successful operation event.
Use undo reaction trigger probe-pass to restore the default.
Syntax
reaction trigger probe-pass count
undo reaction trigger probe-pass
Default
The NQA client notifies the feature of the successful operation event if the number of consecutive successful probes reaches 3.
Views
Any NQA template view
Predefined user roles
network-admin
mdc-admin
Parameters
count: Specifies the number of consecutive successful probes, in the range of 1 to 15.
Usage guidelines
If number of consecutive successful probes is reached, the NQA client notifies the feature that uses the template of the successful operation event.
If you execute this command and the reaction trigger per-probe command multiple times, the most configuration takes effect.
Examples
# In HTTP template view, configure the NQA client to notify the feature of the successful operation event if the number of consecutive successful probes reaches 5.
<Sysname> system-view
[Sysname] nqa template http httptplt
[Sysname-nqatplt-http-httptplt] reaction trigger probe-pass 5
Related commands
· reaction trigger per-probe
· reaction trigger probe-fail
resolve-target
Use resolve-target to specify the domain name to be resolved in the DNS operation.
Use undo resolve-target to restore the default.
Syntax
resolve-target domain-name
undo resolve-target
Default
The domain name to be resolved in the DNS operation is not specified.
Views
DNS operation view
DNS template view
Predefined user roles
network-admin
mdc-admin
Parameters
domain-name: Specifies the domain name to be resolved. It is a dot-separated case-sensitive string of 1 to 255 characters including letters, digits, hyphens (-), and underscores (_) (for example, aabbcc.com). Each part consists of 1 to 63 characters, and consecutive dots (.) are not allowed.
Examples
# Specify domain1 as the domain name to be resolved.
<Sysname> system-view
[Sysname] nqa entry admin test
[Sysname-nqa-admin-test] type dns
[Sysname-nqa-admin-test-dns] resolve-target domain1
# In DNS template view, specify domain1 as the domain name to be resolved.
<Sysname> system-view
[Sysname] nqa template dns dnstplt
[Sysname-nqatplt-dns-dnstplt] resolve-target domain1
resolve-type
Use resolve-type to configure the domain name resolution type.
Use undo resolve-type to restore the default.
Syntax
resolve-type A
undo resolve-type
Default
The domain name resolution type is type A.
Views
DNS template view
Predefined user roles
network-admin
mdc-admin
Parameters
A: Specifies the type A queries. A type A query resolves a domain name to a mapped IP address.
Examples
# In DNS template view, set the domain name resolution type to A.
<Sysname> system-view
[Sysname] nqa template dns dnstplt
[Sysname-nqatplt-dns-dnstplt] resolve-type A
route-option bypass-route
Use route-option bypass-route to enable the routing table bypass feature to test the connectivity to the direct destination.
Use undo route-option bypass-route to disable the routing table bypass feature.
Syntax
route-option bypass-route
undo route-option bypass-route
Default
The routing table bypass feature is disabled.
Views
ICMP echo/TCP/UDP echo operation view
DLSw/DNS/FTP/HTTP/SNMP operation view
UDP tracert operation view
ICMP jitter/UDP jitter/voice operation view
Predefined user roles
network-admin
mdc-admin
Usage guidelines
When the routing table bypass feature is enabled, the following events occur:
· The routing table is not searched. Packets are sent to the destination in a directly connected network.
· The TTL value in the probe packet is set to 1. The TTL set in the ttl command does not take effect.
Examples
# Enable the routing table bypass feature.
<Sysname> system-view
[Sysname] nqa entry admin test
[Sysname-nqa-admin-test] type icmp-echo
[Sysname-nqa-admin-test-icmp-echo] route-option bypass-route
source interface
Use source interface to specify the IP address of the specified interface as the source IP address of probe packets.
Use undo source interface to restore the default.
Syntax
source interface interface-type interface-number
undo source interface
Default
The probe packets take the primary IP address of the outgoing interface as their source IP address.
Views
ICMP echo operation view
UDP tracert operation view
ICMP template view
Predefined user roles
network-admin
mdc-admin
Parameters
interface-type interface-number: Specifies an interface by its type and number.
Usage guidelines
The specified interface must be up. If the interface is down, no probe requests can be sent out.
If you execute this command and the source ip command multiple times, the most recent configuration takes effect.
Examples
# Specify the IP address of the interface VLAN-interface 1 as the source IP address of ICMP echo request packets.
<Sysname> system-view
[Sysname] nqa entry admin test
[Sysname-nqa-admin-test] type icmp-echo
[Sysname-nqa-admin-test-icmp-echo] source interface vlan-interface 1
# In ICMP template view, specify the IP address of the interface VLAN-interface 1 as the source IP address of ICMP echo request packets.
<Sysname> system-view
[Sysname] nqa template icmp icmptplt
[Sysname-nqatplt-icmp-icmptplt] source interface vlan-interface 1
Related commands
source ip
source ip
Use source ip to configure the source IP address for probe packets.
Use undo source ip to restore the default.
Syntax
source ip ip-address
undo source ip
Default
The probe packets takes the primary IP address of their output interface as the source IP address.
Views
ICMP echo/TCP/UDP echo operation view
DHCP/DLSw/FTP/HTTP/SNMP operation view
UDP tracert operation view
ICMP jitter/path jitter/UDP jitter/voice operation view
Any NQA template view
Predefined user roles
network-admin
mdc-admin
Parameters
ip-address: Specifies the source IP address for probe packets.
Usage guidelines
The specified source IP address must be the IP address of a local interface, and the local interface must be up. Otherwise, no probe packets can be sent out.
If you execute the source interface and source ip commands multiple times for an ICMP echo operation, UDP tracert operation, or ICMP template, the most recent configuration takes effect.
Examples
# Specify 10.1.1.1 as the source IP address for ICMP echo requests.
<Sysname> system-view
[Sysname] nqa entry admin test
[Sysname-nqa-admin-test] type icmp-echo
[Sysname-nqa-admin-test-icmp-echo] source ip 10.1.1.1
# In ICMP template view, specify 10.1.1.1 as the source IP address for ICMP echo requests.
<Sysname> system-view
[Sysname] nqa template icmp icmptplt
[Sysname-nqatplt-icmp-icmptplt] source ip 10.1.1.1
Related commands
source interface
source port
Use source port to configure the source port number for probe packets.
Use undo source port to restore the default.
Syntax
source port port-number
undo source port
Default
The source port number is not specified.
Views
UDP echo operation view
SNMP operation view
UDP tracert operation view
UDP jitter/voice operation view
DNS template view
Predefined user roles
network-admin
mdc-admin
Parameters
port-number: Specifies the source port number in the range of 1 to 65535.
Examples
# Set the source port number to 8000 for probe packets in the UDP echo operation.
<Sysname> system-view
[Sysname] nqa entry admin test
[Sysname-nqa-admin-test] type udp-echo
[Sysname-nqa-admin-test-udp-echo] source port 8000
# In DNS template view, set the source port number to 8000 for probe packets in the DNS operation.
<Sysname> system-view
[Sysname] nqa template dns dnstplt
[Sysname-nqatplt-dns-dnstplt] source port 8000
ssl-client-policy
Use ssl-client-policy to specify an SSL client policy for an HTTPS or SSL template.
Use undo ssl-client-policy to restore the default.
Syntax
ssl-client-policy policy-name
undo ssl-client-policy
Default
No SSL client policy is specified for an HTTPS or SSL template.
Views
HTTPS/SSL template view
Predefined user roles
network-admin
mdc-admin
Parameters
policy-name: Specifies an SSL client policy by its name, a case-insensitive string of 1 to 31 characters.
Usage guidelines
This command is available in Release 1138P01 and later versions.
In the HTTPS or SSL operation, the NQA client uses the specified SSL client policy to establish an SSL connection to the server.
Examples
# Specify the SSL client policy named policy for the SSL template ssltplt.
<Sysname> system-view
[Sysname] nqa template ssl ssltplt
[Sysname-nqatplt-ssl-ssltplt] ssl-client-policy policy
statistics hold-time
Use statistics hold-time to set the hold time of statistics groups for an NQA operation.
Use undo statistics hold-time to restore the default.
Syntax
statistics hold-time hold-time
undo statistics hold-time
Default
The hold time of statistics groups for an NQA operation is 120 minutes.
Views
ICMP echo/TCP/UDP echo operation view
DHCP/DLSw/DNS/FTP/HTTP/SNMP operation view
ICMP jitter/path jitter/UDP jitter/voice operation view
Predefined user roles
network-admin
mdc-admin
Parameters
hold-time: Specifies the hold time in minutes, in the range of 1 to 1440.
Usage guidelines
A statistics group is deleted when its hold time expires.
Examples
# Set the hold time to 3 minutes for statistics groups of the ICMP echo operation.
<Sysname> system-view
[Sysname] nqa entry admin test
[Sysname-nqa-admin-test] type icmp-echo
[Sysname-nqa-admin-test-icmp-echo] statistics hold-time 3
statistics interval
Use statistics interval to set the statistics collection interval for an NQA operation.
Use undo statistics interval to restore the default.
Syntax
statistics interval interval
undo statistics interval
Default
The statistics collection interval is 60 minutes.
Views
ICMP echo/TCP/UDP echo operation view
DHCP/DLSw/DNS/FTP/HTTP/SNMP operation view
ICMP jitter/path jitter/UDP jitter/voice operation view
Predefined user roles
network-admin
mdc-admin
Parameters
interval: Specifies the interval in minutes, in the range of 1 to 35791394.
Usage guidelines
NQA forms statistics within the same collection interval as a statistics group. To display information about the statistics groups, use the display nqa statistics command.
Examples
# Configure NQA to collect the ICMP echo operation statistics every 2 minutes.
<Sysname> system-view
[Sysname] nqa entry admin test
[Sysname-nqa-admin-test] type icmp-echo
[Sysname-nqa-admin-test-icmp-echo] statistics interval 2
statistics max-group
Use statistics max-group to set the maximum number of statistics groups that can be saved.
Use undo statistics max-group to restore the default.
Syntax
statistics max-group number
undo statistics max-group
Default
A maximum of two statistics groups can be saved.
Views
ICMP echo/TCP/UDP echo operation view
DHCP/DLSw/DNS/FTP/HTTP/SNMP operation view
ICMP jitter/path jitter/UDP jitter/voice operation view
Predefined user roles
network-admin
mdc-admin
Parameters
number: Specifies the maximum number of statistics groups, in the range of 0 to 100. To disable statistics collection, set the value to 0.
Usage guidelines
When the maximum number of statistics groups is reached and a new statistics group is to be saved, the earliest statistics group is deleted.
Examples
# Configure NQA to save a maximum of five statistics groups for the ICMP echo operation.
<Sysname> system-view
[Sysname] nqa entry admin test
[Sysname-nqa-admin-test] type icmp-echo
[Sysname-nqa-admin-test-icmp-echo] statistics max-group 5
target-only
Use target-only to perform the path jitter operation only on the destination address.
Use undo target-only to restore the default.
Syntax
target-only
undo target-only
Default
NQA performs the path jitter operation to the destination hop by hop.
Views
Path jitter operation view
Predefined user roles
network-admin
mdc-admin
Examples
# Perform the path jitter operation only on the destination address.
<Sysname> system-view
[Sysname] nqa entry admin test
[Sysname-nqa-admin-test] type path-jitter
[Sysname-nqa-admin-test-path-jitter] target-only
tos
Use tos to set the ToS value in the IP header for probe packets.
Use undo tos to restore the default.
Syntax
tos value
undo tos
Default
The ToS value in the IP header of probe packets is 0.
Views
Any operation view
Any NQA template view
Predefined user roles
network-admin
mdc-admin
Parameters
value: Specifies the ToS value in the range of 0 to 255.
Examples
# In ICMP echo operation view, set the ToS value to 1 in the IP header for probe packets.
<Sysname> system-view
[Sysname] nqa entry admin test
[Sysname-nqa-admin-test] type icmp-echo
[Sysname-nqa-admin-test-icmp-echo] tos 1
# In ICMP template view, set the ToS value to 1 in the IP header for probe packets.
<Sysname> system-view
[Sysname] nqa template icmp icmptplt
[Sysname-nqatplt-icmp-icmptplt] tos 1
ttl
Use ttl to set the maximum number of hops that the probe packets can traverse.
Use undo ttl to restore the default.
Syntax
ttl value
undo ttl
Default
The maximum number of hops is 30 for probe packets of the UDP tracert operation, and is 20 for probe packets of other types of operations.
Views
ICMP echo/TCP/UDP echo operation view
DLSw/DNS/FTP/HTTP/SNMP operation view
UDP tracert operation view
ICMP jitter/UDP jitter/voice operation view
Any NQA template view
Predefined user roles
network-admin
mdc-admin
Parameters
value: Specifies the maximum number of hops that the probe packets can traverse, in the range of 1 to 255.
Usage guidelines
The route-option bypass-route command sets the TTL to 1 for probe packets. If you configure both the route-option bypass-route and ttl commands for an operation, the ttl command does not take effect.
For a successful UDP tracert operation, make sure the maximum number of hops is not smaller than the value set in the init-ttl command.
Examples
# Set the maximum number of hops to 16 for probe packets in the ICMP echo operation.
<Sysname> system-view
[Sysname] nqa entry admin test
[Sysname-nqa-admin-test] type icmp-echo
[Sysname-nqa-admin-test-icmp-echo] ttl 16
# In ICMP template view, set the maximum number of hops to 16 for probe packets.
<Sysname> system-view
[Sysname] nqa template icmp icmptplt
[Sysname-nqatplt-icmp-icmptplt] ttl 16
type
Use type to specify an NQA operation type and enter its view.
Syntax
type { dhcp | dlsw | dns | ftp | http | icmp-echo | icmp-jitter | path-jitter | snmp | tcp | udp-echo | udp-jitter | udp-tracert | voice }
Default
No operation type is specified.
Views
NQA operation view
Predefined user roles
network-admin
mdc-admin
Parameters
dhcp: Specifies the DHCP operation type.
dlsw: Specifies the DLSw operation type.
dns: Specifies the DNS operation type.
ftp: Specifies the FTP operation type.
http: Specifies the HTTP operation type.
icmp-echo: Specifies the ICMP echo operation type.
icmp-jitter: Specifies the ICMP jitter operation type.
path-jitter: Specifies the path jitter operation type.
snmp: Specifies the SNMP operation type.
tcp: Specifies the TCP operation type.
udp-echo: Specifies the UDP echo operation type.
udp-jitter: Specifies the UDP jitter operation type.
udp-tracert: Specifies the UDP tracert operation type.
voice: Specifies the voice operation type.
Examples
# Specify FTP as the NQA operation type and enter FTP operation view.
<Sysname> system-view
[Sysname] nqa entry admin test
[Sysname-nqa-admin-test] type ftp
[Sysname-nqa-admin-test-ftp]
url
Use url to specify the URL of the destination.
Use undo url to restore the default.
Syntax
url url
undo url
Default
The destination URL is not specified.
Views
FTP/HTTP operation view
FTP/HTTP/HTTPS template view
Predefined user roles
network-admin
mdc-admin
Parameters
url: Specifies the URL of the destination server, a case-sensitive string of 1 to 255 characters. The following table describes the URL format and parameters for different operations.
Operation |
URL format |
Parameter description |
HTTP operation |
http://host/resource http://host:port/resource |
The host parameter represents the host name of the destination server. The host name is a dot-separated case-sensitive string including letters, digits, hyphens (-), and underscores (_). Host names are composed of series of labels, aabbcc.com for example. Each label consists of 1 to 63 characters. Consecutive dots (.) and question marks are not allowed. For description about the filename parameter, see Fundamentals Configuration Guide. |
HTTPS operation |
https://host/resource https://host:port/resource |
|
FTP operation |
ftp://host/filename ftp://host:port/filename |
Examples
# Configure the URL that the HTTP operation visits as http://www.company.com/index.htm.
<Sysname> system-view
[Sysname] nqa entry admin test
[Sysname-nqa-admin-test] type http
[Sysname-nqa-admin-test-http] url http://www.company.com/index.html
# In HTTP template view, configure the URL that the HTTP operation visits as http://www.company.com/index.htm.
<Sysname> system-view
[Sysname] nqa template http httptplt
[Sysname-nqatplt-http-httptplt] url http://www.company.com/index.html
username
Use username to specify a username.
Use undo username to restore the default.
Syntax
username username
undo username
Default
No username is configured.
Views
FTP/HTTP operation view
FTP/HTTP/HTTPS template view
Predefined user roles
network-admin
mdc-admin
Parameters
username: Specifies the username, a case sensitive string of 1 to 32 characters.
Examples
# Set the FTP login username to administrator.
<Sysname> system-view
[Sysname] nqa entry admin test
[Sysname-nqa-admin-test] type ftp
[Sysname-nqa-admin-test-ftp] username administrator
# Set the FTP login username to administrator in FTP template view.
<Sysname> system-view
[Sysname] nqa template ftp ftptplt
[Sysname-nqatplt-ftp-ftptplt] username administrator
Related commands
· operation
· password
version
Use version to specify the version used in the HTTP or HTTPS operation.
Use undo version to restore the default.
Syntax
version { v1.0 | v1.1 }
undo version
Default
Version 1.0 is used in the HTTP operation or HTTPS operation.
Views
HTTP operation view
HTTP/HTTPS template view
Predefined user roles
network-admin
mdc-admin
Parameters
v1.0: Uses version 1.0.
v1.1: Uses version 1.1.
Examples
# Configure the HTTP operation to use the HTTP version 1.1.
<Sysname> system-view
[Sysname] nqa entry admin test
[Sysname-nqa-admin-test] type http
[Sysname-nqa-admin-test-http] version v1.1
vpn-instance
Use vpn-instance to apply the operation to a VPN instance.
Use undo vpn-instance to restore the default.
Syntax
vpn-instance vpn-instance-name
undo vpn-instance
Default
The operation applies to the public network.
Views
ICMP echo/TCP/UDP echo operation view
DHCP/DLSw/DNS/FTP/HTTP/SNMP operation view
UDP tracert operation view
ICMP jitter/path jitter/UDP jitter/voice operation view
Any NQA template view
Predefined user roles
network-admin
mdc-admin
Parameters
vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters.
Usage guidelines
After you specify the VPN, the NQA operation tests the connectivity in the specified VPN instance.
Examples
# Apply the ICMP echo operation to vpn1.
<Sysname> system-view
[Sysname] nqa entry admin test
[Sysname-nqa-admin-test] type icmp-echo
[Sysname-nqa-admin-test-icmp-echo] vpn-instance vpn1
# In FTP template view, apply the FTP operation to vpn1.
<Sysname> system-view
[Sysname] nqa template ftp ftptplt
[Sysname-nqatplt-ftp-ftptplt] vpn-instance vpn1
NQA server commands
IMPORTANT: Configure the NQA server only for UDP jitter, TCP, UDP echo, and voice operations. |
display nqa server
Use display nqa server status to display NQA server status.
Syntax
display nqa server
Views
Any view
Predefined user roles
network-admin
network-operator
mdc-admin
mdc-operator
Examples
# Display NQA server status.
<Sysname> display nqa server
NQA server status: Enabled
TCP connect:
IP Address Port Tos Vpn-instance
2.2.2.2 2000 200 -
UDP echo:
IP Address Port Tos Vpn-instance
3.3.3.3 3000 255 vpn1
Table 46 Command output
Field |
Description |
NQA server status |
Whether the NQA server is enabled. |
TCP connect |
Information about the TCP listening service on the NQA server. |
UDP echo |
Information about the UDP listening service on the NQA server. |
IP Address |
IP address specified for the TCP/UDP listening service on the NQA server. |
Port |
Port number specified for the TCP/UDP listening service on the NQA server. |
Tos |
ToS value in reply packets sent by the NQA server. |
Vpn instance |
Name of the VPN instance to which the IP address that the NQA server listens on belongs. This field displays a hyphen (-) if the NQA server listens on a public IP address. |
Related commands
· nqa server enable
· nqa server tcp-connect
· nqa server udp-echo
nqa server enable
Use nqa server enable to enable the NQA server.
Use undo nqa server enable to disable the NQA server.
Syntax
nqa server enable
undo nqa server enable
Default
The NQA server is disabled.
Views
System view
Predefined user roles
network-admin
mdc-admin
Examples
# Enable the NQA server.
<Sysname> system-view
[Sysname] nqa server enable
Related commands
· display nqa server
· nqa server tcp-connect
· nqa server udp-echo
nqa server tcp-connect
Use nqa server tcp-connect to configure a TCP listening service to enable the NQA server to listen to a port on the specified IP address.
Use undo nqa server tcp-connect to remove a TCP listening service.
Syntax
nqa server tcp-connect ip-address port-number [ vpn-instance vpn-instance-name ] [ tos tos ]
undo nqa server tcp-connect ip-address port-number
Default
No TCP listening services exist.
Views
System view
Predefined user roles
network-admin
mdc-admin
Parameters
ip-address: Specifies the IP address for the TCP listening service.
port-number: Specifies the port number for the TCP listening service, in the range of 1 to 65535.
vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters. If you do not specify this option, the NQA server listens on a public IP address.
tos tos: Specifies the ToS value in the IP header for reply packets. The value range is 0 to 255, and the default value is 0.
Usage guidelines
Use this command on the NQA server only for the TCP operation.
When you configure the IP address and port number for a TCP listening service on the NQA server, follow these restrictions and guidelines:
· The IP address, port number, and VPN instance must be unique on the NQA server and match the configuration on the NQA client.
· The IP address must be the address of an interface on the NQA server.
· To ensure successful NQA operations and avoid affecting existing services, do not configure the TCP listening service on well-known ports from 1 to 1023.
Examples
# Configure a TCP listening service to enable the NQA server to listen to port 9000 on the IP address 169.254.10.2.
<Sysname> system-view
[Sysname] nqa server tcp-connect 169.254.10.2 9000
Related commands
· display nqa server
· nqa server enable
nqa server udp-echo
Use nqa server udp-echo to configure a UDP listening service to enable the NQA server to listen to a port on the specified IP address.
Use undo nqa server udp-echo to remove the UDP listening service created.
Syntax
nqa server udp-echo ip-address port-number [ vpn-instance vpn-instance-name ] [ tos tos ]
undo nqa server udp-echo ip-address port-number
Default
No UDP listening services exist.
Views
System view
Predefined user roles
network-admin
mdc-admin
Parameters
ip-address: Specifies the IP address for the UDP listening service.
port-number: Specifies the port number for the UDP listening service, in the range of 1 to 65535.
vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters. If you do not specify this option, the NQA server listens on a public IP address.
tos tos: Specifies the ToS value in the IP header for reply packets. The value range for this argument is 0 to 255, and the default value is 0.
Usage guidelines
Use this command on the NQA server only for the UDP jitter, UDP echo, and voice operations.
When you configure the IP address and port number for a UDP listening service on the NQA server, follow these restrictions and guidelines:
· The IP address, port number, and VPN instance must be unique on the NQA server and match the configuration on the NQA client.
· The IP address must be the address of an interface on the NQA server.
· To ensure successful NQA operations and avoid affecting existing services, do not configure the UDP listening service on well-known ports from 1 to 1023.
Examples
# Configure a UDP listening service to enable the NQA server to listen to port 9000 on the IP address 169.254.10.2.
<Sysname> system-view
[Sysname] nqa server udp-echo 169.254.10.2 9000
Related commands
· display nqa server
· nqa server enable
NETCONF commands
netconf idle-timeout
Use netconf idle-timeout to set the NETCONF session idle timeout time.
Use undo netconf idle-timeout to restore the default.
Syntax
netconf { soap | agent } idle-timeout minute
undo netconf { soap | agent } idle-timeout
Default
The NETCONF session idle timeout time is 10 minutes for NETCONF over SOAP over HTTP and for NETCONF over SOAP over HTTPS sessions.
The NETCONF session idle timeout time is 0 minutes for SSH, Telnet, and NETCONF over SSH sessions.
Views
System view
Predefined user roles
network-admin
mdc-admin
Parameters
soap: Specifies the NETCONF over SOAP over HTTP and NETCONF over SOAP over HTTPS sessions.
agent: Specifies the SSH, Telnet, and NETCONF over SSH sessions.
minute: Specifies the NETCONF session idle timeout time in minutes. The value range is as follows:
· 1 to 999 for NETCONF over SOAP over HTTP and for NETCONF over SOAP over HTTPS sessions.
· 0 to 999 for SSH, Telnet, and NETCONF over SSH sessions. The value of 0 indicates that the NETCONF sessions never time out.
Usage guidelines
This command is available in Release 1138P01 and later versions.
Examples
# Set the NETCONF session idle timeout time to 20 minutes for NETCONF over SOAP over HTTP and for NETCONF over SOAP over HTTPS sessions.
<Sysname> system-view
[Sysname] netconf soap idle-timeout 20
netconf log
Use netconf log to enable NETCONF logging.
Use undo netconf log to disable NETCONF logging for the specified NETCONF operation sources and NETCONF operations.
Syntax
netconf log source { all | { agent | soap | web } * } { { protocol-operation { all | { action | config | get | set | session | syntax | others } * } } | verbose }
undo netconf log source { all | { agent | soap | web } * } { { protocol-operation { all | { action | config | get | set | session | syntax | others } * } } | verbose }
Default
NETCONF logging is disabled.
Views
System view
Predefined user roles
network-admin
mdc-admin
Parameters
source: Specifies a NETCONF operation source that represents clients that use a protocol.
· all: Specifies NETCONF clients that use all protocols.
· agent: Specifies clients that use Telnet, SSH, console, or NETCONF over SSH.
· soap: Specifies clients that use SOAP over HTTP, or SOAP over HTTPS.
· web: Specifies clients that use Web.
protocol-operation: Specifies a NETCONF operation type.
· all: Specifies all NETCONF operations.
· action: Specifies the action operation.
· config: Specifies the configuration-related NETCONF operations, including the CLI, save, load, rollback, lock, unlock, and save-point operations.
· get: Specifies the data retrieval-related NETCONF operations, including the get, get-config, get-bulk, get-bulk-config, and get-sessions operations.
· set: Specifies all edit-config operations.
· session: Specifies session-related NETCONF operations, including the kill-session and close-session operations, and capability exchange by hello messages.
· syntax: Specifies the requests that include XML and schema errors.
· others: Specifies NETCONF operations except for those specified by keywords action, config, get, set, session, and syntax.
verbose: Logs detailed NETCONF information. For request operations, this keyword logs the texts of the requests after brief information. For service operations, this keyword takes effect only on the edit-config operations. When an edit-config operation error occurs, this keyword logs detailed error information.
Examples
# Configure the device to log NETCONF edit-config information sourced from agent clients.
<Sysname> system-view
[sysname] netconf log source agent protocol-operation set
netconf soap http enable
Use netconf soap http enable to enable NETCONF over SOAP over HTTP.
Use undo netconf soap http enable to disable NETCONF over SOAP over HTTP.
Syntax
netconf soap http enable
undo netconf soap http enable
Default
NETCONF over SOAP over HTTP is disabled.
Views
System view
Predefined user roles
network-admin
mdc-admin
Usage guidelines
This command is not available in FIPS mode.
This command enables the device to resolve NETCONF messages that are encapsulated with SOAP in HTTP packets.
Examples
# Enable NETCONF over SOAP over HTTP.
<Sysname> system-view
[Sysname] netconf soap http enable
netconf soap https enable
Use netconf soap https enable to enable NETCONF over SOAP over HTTPS.
Use undo netconf soap https enable to disable NETCONF over SOAP over HTTPS.
Syntax
netconf soap https enable
undo netconf soap https enable
Default
NETCONF over SOAP over HTTPS is disabled.
Views
System view
Predefined user roles
network-admin
mdc-admin
Usage guidelines
This command enables the device to resolve NETCONF messages that are encapsulated with SOAP in HTTPS packets.
Examples
# Enable NETCONF over SOAP over HTTPS.
<Sysname> system-view
[Sysname] netconf soap https enable
netconf ssh server enable
Use netconf ssh server enable to enable NETCONF over SSH.
Use undo netconf ssh server enable to disable NETCONF over SSH.
Syntax
netconf ssh server enable
undo netconf ssh server enable
Default
NETCONF over SSH is disabled.
Views
System view
Predefined user roles
network-admin
mdc-admin
Usage guidelines
This feature allows you to use an SSH client to invoke NETCONF as an SSH subsystem. Then, you can directly use XML messages to perform NETCONF operations without using the xml command.
Before you execute this command, configure the authentication mode for users as scheme on the device. Then, the NETCONF-over-SSH-enabled user terminals can access the device through NETCONF over SSH.
Only capability set urn:ietf:params:netconf:base:1.0 is available. It is supported by both the device and user terminals.
Examples
# Enable NETCONF over SSH.
<Sysname> system
[Sysname] netconf ssh server enable
netconf ssh server port
Use netconf ssh server port to specify a port to listen for NETCONF over SSH connections.
Use undo netconf ssh server port to restore the default.
Syntax
netconf ssh server port port-number
undo netconf ssh server port
Default
Port 830 listens for NETCONF over SSH connections.
Views
System view
Predefined user roles
network-admin
mdc-admin
Parameters
port-number: Specifies a port by its number in the range of 1 to 65535.
Usage guidelines
When assigning a listening port, make sure the specified port is not being used by other services. The SSH service can share the same port with other services, but it might not operate correctly.
Examples
# Specify port 800 to listen for NETCONF over SSH connections.
<Sysname> system
[Sysname] netconf ssh server port 800
xml
Use xml to enter XML view.
Syntax
xml
Views
User view
Predefined user roles
network-admin
network-operator
mdc-admin
mdc-operator
Usage guidelines
In XML view, use NETCONF messages to configure the device or obtain data from the device. NETCONF operations you can perform depend on the user roles you have, as shown in Table 47.
Table 47 NETCONF operations available for the predefined user roles
User role |
NETCONF operations |
network-admin |
All NETCONF operations |
network-operator |
· Get · Get-bulk · Get-bulk-config · Get-config · Get-sessions · Close-session |
NETCONF messages must comply with the XML format requirement and syntactic requirements. To ensure successful configuration, use third-party software to generate NETCONF messages.
To quit XML view, use a NETCONF message instead of the quit command.
If you have configured a shortcut key (Ctrl + C, by default) by using the escape-key command in user line/user line class view, the NETCONF message should not contain the shortcut key string. Otherwise, relevant configurations in XML view might be affected. For example, in user line view, you configured "a" as the shortcut key by using the escape-key a command. When a NETCONF message includes the character "a," only the contents after the last "a" in the message can be processed.
Examples
# Enter XML view.
<Sysname> xml
<?xml version="1.0" encoding="UTF-8"?><hello xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"><capabilities><capability>urn:ietf:params:netconf:base:1.1</capability><capability>urn:ietf:params:netconf:writable-running</capability><capability>urn:ietf:params:netconf:capability:notification:1.0</capability><capability>urn:ietf:params:netconf:capability:validate:1.1</capability><capability>urn:ietf:params:netconf:capability:interleave:1.0</capability><capability>urn:ietf:params:netconf:capability:h3c-netconf-ext:1.0</capability></capabilities><session-id>1</session-id></hello>]]>]]>
# Quit XML view.
<rpc message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<close-session>
</close-session>
</rpc>]]>]]>
<Sysname>
action cli,127
action reboot,128
action switchover,129
action syslog,129
advantage-factor,148
codec-type,148
commit,130
community read,149
data-fill,150
data-size,151
debugging,1
description,152
destination host,153
destination ip,153
destination port,154
diagnostic-logfile save,33
display debugging,1
display diagnostic-logfile summary,33
display info-center,34
display logbuffer,35
display logbuffer summary,37
display logfile summary,39
display mirroring-group,107
display nqa history,155
display nqa reaction counters,157
display nqa result,159
display nqa server,224
display nqa statistics,166
display ntp-service sessions,8
display ntp-service status,12
display ntp-service trace,13
display rtm environment,131
display rtm policy,132
display sampler,105
display sflow,119
display snmp-agent community,60
display snmp-agent context,61
display snmp-agent group,62
display snmp-agent local-engineid,63
display snmp-agent mib-node,64
display snmp-agent mib-view,70
display snmp-agent remote,71
display snmp-agent statistics,72
display snmp-agent sys-info,74
display snmp-agent trap queue,75
display snmp-agent trap-list,75
display snmp-agent usm-user,76
display sntp sessions,28
enable log updown,40
enable snmp trap updown,77
event cli,133
event hotplug,134
event interface,135
event process,137
event snmp oid,138
event snmp-notification,140
event syslog,140
event track,141
expect data,175
expect ip,176
expect status,177
filename,177
frequency,178
history-record enable,179
history-record keep-time,180
history-record number,180
info-center diagnostic-logfile directory,42
info-center diagnostic-logfile enable,40
info-center diagnostic-logfile frequency,41
info-center diagnostic-logfile quota,41
info-center enable,43
info-center format,44
info-center logbuffer,44
info-center logbuffer size,45
info-center logfile directory,47
info-center logfile enable,46
info-center logfile frequency,46
info-center logfile overwrite-protection,43
info-center logfile size-quota,47
info-center logging suppress duplicates,48
info-center loghost,50
info-center loghost source,50
info-center source,51
info-center synchronous,53
info-center syslog min-age,54
info-center timestamp,54
info-center timestamp loghost,55
info-center trace-logfile quota,56
init-ttl,181
logfile save,56
lsr-path,182
max-failure,182
mirroring-group,108
mirroring-group mirroring-cpu,109
mirroring-group mirroring-port (interface view),110
mirroring-group mirroring-port (system view),111
mirroring-group monitor-egress,112
mirroring-group monitor-port (interface view),113
mirroring-group monitor-port (system view),114
mirroring-group reflector-port,115
mirroring-group remote-probe vlan,116
mirror-to,118
mode,183
netconf idle-timeout,228
netconf log,228
netconf soap http enable,229
netconf soap https enable,230
netconf ssh server enable,231
netconf ssh server port,231
next-hop ip,184
no-fragment enable,184
nqa,185
nqa agent enable,186
nqa schedule,186
nqa server enable,225
nqa server tcp-connect,225
nqa server udp-echo,226
nqa template,187
ntp-service acl,14
ntp-service authentication enable,15
ntp-service authentication-keyid,16
ntp-service broadcast-client,17
ntp-service broadcast-server,18
ntp-service dscp,18
ntp-service enable,19
ntp-service inbound enable,19
ntp-service max-dynamic-sessions,20
ntp-service multicast-client,21
ntp-service multicast-server,22
ntp-service refclock-master,23
ntp-service reliable authentication-keyid,23
ntp-service source,24
ntp-service unicast-peer,25
ntp-service unicast-server,26
operation (FTP operation view),188
operation (HTTP/HTTPS operation view),189
out interface,190
password,191
ping,2
probe count,192
probe packet-interval,193
probe packet-number,193
probe packet-timeout,194
probe timeout,195
raw-request,196
reaction checked-element { jitter-ds | jitter-sd },196
reaction checked-element { owd-ds | owd-sd },198
reaction checked-element icpif,199
reaction checked-element mos,200
reaction checked-element packet-loss,201
reaction checked-element probe-duration,202
reaction checked-element probe-fail (for trap),203
reaction checked-element probe-fail (for trigger),205
reaction checked-element rtt,205
reaction trap,207
reaction trigger per-probe,208
reaction trigger probe-fail,209
reaction trigger probe-pass,209
reset logbuffer,57
resolve-target,210
resolve-type,211
route-option bypass-route,211
rtm cli-policy,143
rtm environment,143
rtm scheduler suspend,145
rtm tcl-policy,145
running-time,146
sampler,106
sflow agent,120
sflow collector,121
sflow counter collector,122
sflow counter interval,122
sflow flow collector,123
sflow flow max-header,123
sflow sampling-mode,124
sflow sampling-rate,125
sflow source,125
snmp-agent,78
snmp-agent calculate-password,79
snmp-agent community,80
snmp-agent community-map,82
snmp-agent context,83
snmp-agent group,83
snmp-agent local-engineid,85
snmp-agent log,86
snmp-agent mib-view,87
snmp-agent packet max-size,88
snmp-agent port,89
snmp-agent remote,89
snmp-agent source,90
snmp-agent sys-info contact,91
snmp-agent sys-info location,92
snmp-agent sys-info version,92
snmp-agent target-host,93
snmp-agent trap enable,95
snmp-agent trap if-mib link extended,96
snmp-agent trap life,97
snmp-agent trap log,97
snmp-agent trap queue-size,98
snmp-agent usm-user { v1 | v2c },99
snmp-agent usm-user v3,100
sntp authentication enable,28
sntp authentication-keyid,29
sntp enable,30
sntp reliable authentication-keyid,30
sntp unicast-server,31
source interface,212
source ip,213
source port,214
ssl-client-policy,215
statistics hold-time,215
statistics interval,216
statistics max-group,217
target-only,218
terminal debugging,57
terminal logging level,58
terminal monitor,59
tos,218
tracert,5
ttl,219
type,220
url,221
username,222
user-role,147
version,222
vpn-instance,223
xml,232