timeout time: Specifies the timeout time for the debugging all command. When all debugging is enabled, the system automatically executes the undo debugging all command after the timeout time. The time argument is in the range of 1 to 1440 minutes.

module-name: Specifies a module by its name, such as arp or device. To display the current module name, use the debugging ? command.

option: Specifies the debugging option for a specific module. The option number and content differ for different modules. To display the supported options, use the debugging module-name ? command.

Usage guidelines

Output of debugging commands is memory intensive. To guarantee system performance, enable debugging only for modules that are in an exceptional condition.

Examples

# Enable debugging for the device management module.

<Sysname> debugging dev

Related commands

display debugging

Use display debugging to display the enabled debugging functions.

Syntax

display debugging [ module-name ]

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Parameters

module-name: Specifies a module by its name. To display the current module name, use the display debugging ? command.

Examples

# Display all enabled debugging functions.

<Sysname> display debugging

DEV debugging switch is on

Related commands

debugging

ping

Use ping to verify whether the destination IP address is reachable, and display related statistics.

Syntax

Views

Any view

Predefined user roles

network-admin

mdc-admin

Parameters

ip: Distinguishes between a destination host name and the ping command keywords if the name of the destination host is i, or ip. For example, you must use the command in the form of ping ip ip instead of ping ip if the destination host name is ip.

-a source-ip: Specifies an IP address of the device as the source IP address of ICMP echo requests. If this option is not specified, the source IP address of ICMP echo requests is the primary IP address of the outbound interface.

-c count: Specifies the number of ICMP echo requests that are sent to the destination. The value range is 1 to 4294967295, and the default is 5.

-f: Sets the DF bit in the IP header.

-h ttl: Specifies the TTL value of ICMP echo requests. The value range is 1 to 255, and the default is 255.

-i interface-type interface-number: Specifies the source interface of ICMP echo requests. If this option is not provided, the system uses the primary IP address of the matching route's egress interface as the source interface of ICMP echo requests.

-m interval: Specifies the interval (in milliseconds) to send ICMP echo requests. The value range is 1 to 65535, and the default is 200.

-n: Disables domain name resolution for the host argument. If the host argument represents the host name of the destination, and if this keyword is not specified, the device translates host into an address.

-p pad: Specifies the value of the pad field in an ICMP echo request, in hexadecimal format, 1 to 8 bits. The pad argument is in the range of 0 to ffffffff. If the specified value is less than 8 bits, 0s are added in front of the value to extend it to 8 bits. For example, if pad is configured as 0x2f, then the packets are padded with 0x0000002f to make the total length of the packet meet the requirements of the device. By default, the padded value starts from 0x01 up to 0xff, where another round starts again if necessary, like 0x010203…feff01….

-q: Displays only the summary statistics. If this keyword is not specified, the system displays all the ping statistics.

-r: Records the addresses of the hops (up to 9) the ICMP echo requests passed. If this keyword is not specified, the addresses of the hops that the ICMP echo requests passed are not recorded.

-s packet-size: Specifies the length (in bytes) of ICMP echo requests (excluding the IP packet header and the ICMP packet header). The value range is 20 to 8100, and the default is 56.

-t timeout: Specifies the timeout time (in milliseconds) of an ICMP echo reply. The value range is 0 to 65535, and the default is 2000. If the source does not receive an ICMP echo reply within the timeout, it considers the ICMP echo reply timed out.

-tos tos: Specifies the ToS value of ICMP echo requests. The value range is 0 to 255, and the default is 0.

-v: Displays non-ICMP echo reply packets. If this keyword is not specified, the system does not display non-ICMP echo reply packets.

-vpn-instance vpn-instance-name: Specifies the MPLS L3VPN instance to which the destination belongs, where the vpn-instance-name argument is a case-sensitive string of 1 to 31 characters. If the destination is on the public network, do not specify this option.

host: Specifies the IP address or host name of the destination. The host name is a case-insensitive string of 1 to 253 characters, which can contain letters, digits, and special characters such as hyphen (-), underscore (_), and dot (.).

Usage guidelines

To use the name of the destination host to perform the ping operation, you must first configure the DNS on the device. Otherwise, the ping operation will fail.

To abort the ping operation during the execution of the command, press Ctrl+C.

Examples

# Test whether the device with an IP address of 1.1.2.2 is reachable.

<Sysname> ping 1.1.2.2

Ping 1.1.2.2 (1.1.2.2): 56 data bytes, press CTRL_C to break

56 bytes from 1.1.2.2: icmp_seq=0 ttl=254 time=2.137 ms

56 bytes from 1.1.2.2: icmp_seq=1 ttl=254 time=2.051 ms

56 bytes from 1.1.2.2: icmp_seq=2 ttl=254 time=1.996 ms

56 bytes from 1.1.2.2: icmp_seq=3 ttl=254 time=1.963 ms

56 bytes from 1.1.2.2: icmp_seq=4 ttl=254 time=1.991 ms

--- Ping statistics for 1.1.2.2 ---

5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss

round-trip min/avg/max/std-dev = 1.963/2.028/2.137/0.062 ms

# Test whether the device with an IP address of 1.1.2.2 in VPN 1 is reachable.

<Sysname> ping -vpn-instance vpn1 1.1.2.2

Ping 1.1.2.2 (1.1.2.2): 56 data bytes, press CTRL_C to break

56 bytes from 1.1.2.2: icmp_seq=0 ttl=254 time=2.137 ms

56 bytes from 1.1.2.2: icmp_seq=1 ttl=254 time=2.051 ms

56 bytes from 1.1.2.2: icmp_seq=2 ttl=254 time=1.996 ms

56 bytes from 1.1.2.2: icmp_seq=3 ttl=254 time=1.963 ms

56 bytes from 1.1.2.2: icmp_seq=4 ttl=254 time=1.991 ms

--- Ping statistics for 1.1.2.2 in VPN instance vpn1 ---

5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss

round-trip min/avg/max/std-dev = 1.963/2.028/2.137/0.062 ms

# Test whether the device with an IP address of 1.1.2.2 is reachable. Only results are displayed.

<Sysname> ping -q 1.1.2.2

Ping 1.1.2.2 (1.1.2.2): 56 data bytes, press CTRL_C to break

--- Ping statistics for 1.1.2.2 ---

5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss

round-trip min/avg/max/std-dev = 1.962/2.196/2.665/0.244 ms

# Test whether the device with an IP address of 1.1.2.2 is reachable. The IP addresses of the hops that the ICMP packets passed in the path are displayed.

<Sysname> ping -r 1.1.2.2

Ping 1.1.2.2 (1.1.2.2): 56 data bytes, press CTRL_C to break

56 bytes from 1.1.2.2: icmp_seq=0 ttl=254 time=4.685 ms

RR: 1.1.2.1

1.1.2.2

1.1.1.2

1.1.1.1

56 bytes from 1.1.2.2: icmp_seq=1 ttl=254 time=4.834 ms (same route)

56 bytes from 1.1.2.2: icmp_seq=2 ttl=254 time=4.770 ms (same route)

56 bytes from 1.1.2.2: icmp_seq=3 ttl=254 time=4.812 ms (same route)

56 bytes from 1.1.2.2: icmp_seq=4 ttl=254 time=4.704 ms (same route)

--- Ping statistics for 1.1.2.2 ---

5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss

round-trip min/avg/max/std-dev = 4.685/4.761/4.834/0.058 ms

The output shows that:

· The destination is reachable.

· The route is 1.1.1.1 <-> {1.1.1.2; 1.1.2.1} <-> 1.1.2.2.

Table 1 Command output

Field	Description
Ping 1.1.2.2 (1.1.2.2): 56 data bytes, press CTRL_C to break	Test whether the device with IP address 1.1.2.2 is reachable. There are 56 bytes in each ICMP echo request. Press Ctrl+C to abort the ping operation.
56 bytes from 1.1.2.2: icmp_seq=0 ttl=254 time=4.685 ms	Received ICMP echo replies from the device whose IP address is 1.1.2.2. If no echo reply is received within the timeout period, no information is displayed. · bytes—Number of bytes in the ICMP echo reply. · icmp_seq—Packet sequence, used to determine whether a segment is lost, disordered or repeated. · ttl—TTL value in the ICMP echo reply. · time—Response time.
RR:	Routers through which the ICMP echo request passed. They are displayed in inversed order, which means the router with a smaller distance to the destination is displayed first.
--- Ping statistics for 1.1.2.2 ---	Statistics on data received and sent in the ping operation.
--- Ping statistics for 1.1.2.2 in VPN instance vpn1 ---	Ping statistics for a device in a VPN instance.
5 packet(s) transmitted	Number of ICMP echo requests sent.
5 packet(s) received	Number of ICMP echo replies received.
0.0% packet loss	Percentage of unacknowledged packets to the total packets sent.
round-trip min/avg/max/std-dev = 4.685/4.761/4.834/0.058 ms	Minimum/average/maximum/standard deviation response time, in milliseconds.

tracert

Use tracert to trace the path the packets traverse from source to destination.

Syntax

Views

Any view

Predefined user roles

network-admin

mdc-admin

Parameters

-a source-ip: Specifies an IP address of the device as the source IP address of probe packets. If this option is not specified, the source IP address of probe packets is the primary IP address of the outbound interface.

-f first-ttl: Specifies the TTL of the first packet sent to the destination. The value range is 1 to 255, and the default is 1. It must be smaller than the value of the max-ttl argument.

-m max-ttl: Specifies the maximum number of hops allowed for a probe packet. The value range is 1 to 255, and the default is 30. It must be greater than the value of the first-ttl argument.

-p port: Specifies an invalid UDP port of the destination. The value range is 1 to 65535, and the default 33434.

-q packet-number: Specifies the number of probe packets to send per hop. The value range is 1 to 65535, and the default is 3.

-t tos: Specifies the ToS value of probe packets. The value range is 0 to 255, and the default is 0.

-w timeout: Specifies the timeout time in milliseconds of the reply packet for a probe packet. The value range is 1 to 65535, and the default is 5000.

Usage guidelines

When network failures occur, use the tracert command to locate failed nodes.

The output of the tracert command includes IP addresses of all the Layer 3 devices that the packets traverse from source to destination. Asterisks (* * *) are displayed if the device cannot reply with an ICMP error message (this can be because the destination is unreachable or sending ICMP timeout/destination unreachable packets is disabled).

To abort the tracert operation during the execution of the command, press Ctrl+C.

Examples

# Display the path that the packets traverse from source to destination (1.1.2.2).

<Sysname> tracert 1.1.2.2

traceroute to 1.1.2.2(1.1.2.2), 30 hops at most, 40 bytes each packet, press CTRL_C to break

1 1.1.1.2 673 ms 425 ms 30 ms

2 1.1.2.2 580 ms 470 ms 80 ms

# Trace the path to destination (192.168.0.46) over an MPLS network.

<Sysname> tracert 192.168.0.46

traceroute to 192.168.0.46(192.168.0.46), 30 hops at most, 40 bytes each packet, press CTRL_C to break

1 192.0.2.13 (192.0.2.13) 0.661 ms 0.618 ms 0.579 ms

2 192.0.2.9 (192.0.2.9) 0.861 ms 0.718 ms 0.679 ms

MPLS Label=100048 Exp=0 TTL=1 S=1

3 192.0.2.5 (192.0.2.5) 0.822 ms 0.731 ms 0.708 ms

MPLS Label=100016 Exp=0 TTL=1 S=1

4 192.0.2.1 (192.0.2.1) 0.961 ms 8.676 ms 0.875 ms

Table 2 Command output

Field	Description
traceroute to 1.1.2.2(1.1.2.2)	Display the route that the IP packets traverse from the current device to the device whose IP address is 1.1.2.2.
hops at most	Maximum number of hops of the probe packets, which can be set by the -m keyword.
bytes each packet	Number of bytes of a probe packet.
press CTRL_C to break	During the execution of the command, press Ctrl+C to abort the tracert operation.
1 1.1.1.2 673 ms 425 ms 30 ms	Probe result of the probe packets whose TTL is 1, including the IP address of the first hop, and the round-trip time of three probe packets. The number of packets that can be sent in each probe can be set through the -q keyword.
MPLS Label=100048 Exp=0 TTL=1 S=1	MPLS label information carried in ICMP timeout packets on an MPLS network: · Label—Label value that is used to identify a forwarding equivalence class (FEC). · Exp—Reserved, typically used for class of service (CoS). · TTL—TTL value. · S—MPLS supports multiple levels of labels. Value 1 indicates that the label is at the bottom of the label stack. Value 0 indicates that the label is in another label stack.

NTP commands

The term "interface" in this chapter collectively refers to Layer 3 interfaces, including VLAN interfaces and Layer 3 Ethernet interfaces. You can set an Ethernet port as a Layer 3 interface by using the port link-mode route command (see Layer 2—LAN Switching Configuration Guide).

display ntp-service sessions

Use display ntp-service sessions to display information about all IPv4 NTP associations.

Syntax

display ntp-service sessions [ verbose ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

verbose: Displays detailed information about all IPv4 NTP associations. If you do not specify this keyword, the command displays only brief information about the NTP associations.

Usage guidelines

When a device is operating in NTP broadcast or multicast server mode, the display ntp-service sessions command does not display the IPv4 NTP association information corresponding to the broadcast or multicast server, but the associations are counted in the total number of associations.

Examples

# Display brief information about all IPv4 NTP associations.

<Sysname> display ntp-service sessions

source reference stra reach poll now offset delay disper

********************************************************************************

[12345]LOCAL(0) LOCL 0 1 64 - 0.0000 0.0000 7937.9

[5]0.0.0.0 INIT 16 0 64 - 0.0000 0.0000 0.0000

Notes: 1 source(master), 2 source(peer), 3 selected, 4 candidate, 5 configured.

Total sessions: 1

Table 3 Command output

Field	Description
source	· When the reference clock is the local clock, the field displays LOCAL (number), which indicates that the IP address of the local clock is 127.127.1.number, where number represents the NTP process number in the range of 0 to 3. · When the reference clock is the clock of another device, the field displays the IP address of the NTP server. If this field displays 0.0.0.0, the IP address of the NTP server has not been resolved successfully.
reference	Reference clock ID of the NTP server: · If the reference clock is the local clock, the value of this field is related to the value of the stra field: ¡ When the value of the stra field is 0 or 1, this field displays LOCL. ¡ When the stra field has another value, this field displays the IP address of the local clock. · If the reference clock is the clock of another device on the network, this field displays the IP address of the device. If this field displays INIT, the local device has not established a connection with the NTP server.
stra	Stratum level of the clock source, which determines the clock accuracy. The value is in the range of 1 to 16. The clock accuracy decreases from stratum 1 to stratum 16. A stratum 1 clock has the highest precision, and a stratum 16 clock is not synchronized and cannot be used as a reference clock.
reach	Reachability count of the clock source. 0 indicates that the clock source is unreachable.
poll	Polling interval in seconds. It is the maximum interval between successive NTP messages.
now	Length of time from when the last NTP message was received or when the local clock was last updated to the current time. Time is in seconds by default. If the time length is greater than 2048 seconds, it is displayed in minutes. If greater than 300 minutes, in hours. If greater than 96 hours, in days; if greater than 999 days, in years. If the time when the most recent NTP message was received or when the local clock was updated most recently is behind the current time, a hyphen (-) is displayed.
offset	Offset of the system clock relative to the reference clock, in milliseconds.
delay	Roundtrip delay from the local device to the NTP server, in milliseconds.
disper	Maximum error of the system clock relative to the reference source, in milliseconds.
[12345]	· 1—Clock source selected by the system (the current reference source). It has a system clock stratum level less than or equal to 15. · 2—The stratum level of the clock source is less than or equal to 15. · 3—The clock source has survived the clock selection algorithm. · 4—The clock source is a candidate clock source. · 5—The clock source was created by a configuration command.
Total sessions	Total number of associations.

# Display detailed information about all IPv4 NTP associations.

<Sysname> display ntp-service sessions verbose

Clock source: 192.168.1.40

Session ID: 35888

Clock stratum: 2

Clock status: configured, master, sane, valid

Reference clock ID: 127.127.1.0

VPN instance: Not specified

Local mode: client, local poll interval: 6

Peer mode: server, peer poll interval: 6

Offset: 0.2862ms, roundtrip delay: 3.2653ms, dispersion: 4.5166ms

Root roundtrip delay: 0.0000ms, root dispersion: 10.910ms

Reachabilities:31, sync distance: 0.0194

Precision: 2^18, version: 3, source interface: Not specified

Reftime: d17cbba5.1473de1e Tue, May 17 2011 9:17:25.079

Orgtime: 00000000.00000000 Thu, Feb 7 2036 6:28:16.000

Rcvtime: d17cbbc0.b1959a30 Tue, May 17 2011 9:17:52.693

Xmttime: d17cbbc0.b1959a30 Tue, May 17 2011 9:17:52.693

Roundtrip delay samples: 0.007 0.010 0.006 0.011 0.010 0.005 0.007 0.003

Offset samples: 5629.55 3913.76 5247.27 6526.92 31.99 148.72 38.27 0.29

Filter order: 7 5 2 6 0 4 1 3

Total sessions: 1

Table 4 Command output

Field	Description
Clock source	IP address of the NTP server. If this field displays 0.0.0.0, the IP address of the NTP server has not been resolved successfully.
Clock stratum	Stratum level of the NTP server, which determines the clock accuracy. The value is in the range of 1 to 16. A lower stratum level represents greater clock accuracy. A stratum 16 clock is not synchronized and cannot be used as a reference clock.
Clock status	Status of the clock source corresponding to this association: · configured—The association was created by a configuration command. · dynamic—The association is established dynamically. · master—The clock source is the primary reference source of the current system. · selected—The clock source has survived the clock selection algorithm. · candidate—The clock source is the candidate reference source. · sane—The clock source has passed the sane authentication. · insane—The clock source has failed the sane authentication. · valid—The clock source is valid, which means the clock source meets the following requirements: it has passed authentication and is being synchronized. Its stratum level is valid, and its root delay and root dispersion values are within their ranges. · invalid—The clock source is invalid. · unsynced—The clock source has not been synchronized or the value of the stratum level is invalid.
Reference clock ID	Reference clock ID of the NTP server: · If the reference clock is the local clock, the value of this field is related to the value of the Clock stratum field: ¡ When the value of the Clock stratum field is 0 or 1, this field displays LOCL. ¡ When the Clock stratum field has another value, this field displays the IP address of the local clock. · If the reference clock is the clock of another device on the network, this field displays the IP address of the device. If this field displays INIT, the local device has not established a connection with the NTP server.
VPN instance	VPN instance of the NTP server. If the NTP server is on a public network, the field displays Not specified.
Local mode	Operation mode of the local device: · unspec—The mode is unspecified. · active—Active mode. · passive—Passive mode. · client—Client mode. · server—Server mode. · broadcast—Broadcast or multicast server mode. · bclient—Broadcast or multicast client mode.
local poll interval	Polling interval of the local device, in seconds. The value displayed is a power of 2. For example, if the displayed value is 6, the poll interval of the local device is 2⁶, or 64 seconds.
Peer mode	Operation mode of the peer device: · unspec—The mode is unspecified. · active—Active mode. · passive—Passive mode. · client—Client mode. · server—Server mode. · broadcast—Broadcast or multicast server mode. · bclient—Broadcast or multicast client mode.
peer poll interval	Polling interval of the peer device, in seconds. The value displayed is a power of 2. For example, if the displayed value is 6, the poll interval of the local device is 2⁶, or 64 seconds.
Offset	Offset of the system clock relative to the reference clock, in milliseconds.
roundtrip delay	Roundtrip delay from the local device to the NTP server, in milliseconds.
dispersion	Maximum error of the system clock relative to the reference clock.
Root roundtrip delay	Roundtrip delay from the local device to the primary reference source, in milliseconds.
root dispersion	Maximum error of the system clock relative to the primary reference clock, in milliseconds.
Reachabilities	Reachability count of the clock source. 0 indicates that the clock source is unreachable.
sync distance	Synchronization distance relative to the upper-level clock, in seconds, and calculated from dispersion and roundtrip delay values.
Precision	Accuracy of the system clock.
version	NTP version in the range of 1 to 4.
source interface	Source interface. If the source interface is not specified, this field is Not specified.
Reftime	Reference timestamp in the NTP message.
Orgtime	Originate timestamp in the NTP message.
Rcvtime	Receive timestamp in the NTP message.
Xmttime	Transmit timestamp in the NTP message.
Filter order	Sample information order.
Reference clock status	Status of the local clock. The field is displayed only when you use the ntp-service refclock-master command to set the local clock as a reference clock. When the reach field of the local clock is 255, the field is displayed as working normally. Otherwise, the field is displayed as working abnormally.
Total sessions	Total number of associations.

display ntp-service status

Use display ntp-service status to display NTP service status.

Syntax

display ntp-service status

View

Any view

Predefined user roles

network-admin

network-operator

Examples

# Display NTP service status after time synchronization.

<Sysname> display ntp-service status

Clock status: synchronized

Clock stratum: 2

System peer: LOCAL(0)

Local mode: client

Reference clock ID: 127.127.1.0

Leap indicator: 00

Clock jitter: 0.000977 s

Stability: 0.000 pps

Clock precision: 2^-10

Root delay: 0.00000 ms

Root dispersion: 3.96367 ms

Reference time: d0c5fc32.92c70b1e Wed, Dec 29 2010 18:28:02.573

# Display the NTP service status when time is not synchronized.

<Sysname> display ntp-service status

Clock status: unsynchronized

Clock stratum: 16

Reference clock ID: none

Clock jitter: 0.000000 s

Stability: 0.000 pps

Clock precision: 2^-10

Root delay: 0.00000 ms

Root dispersion: 0.00002 ms

Reference time: d0c5fc32.92c70b1e Wed, Dec 29 2010 18:28:02.573

Table 5 Command output

Field	Description
Clock status	Status of the system clock: · synchronized—The system clock has been synchronized. · unsynchronized—The system clock has not been synchronized.
Clock stratum	Stratum level of the system clock.
System peer	IP address of the selected NTP server.
Local mode	Operation mode of the local device: · unspec—The mode is unspecified. · active—Active mode. · passive—Passive mode. · client—Client mode. · server—Server mode. · broadcast—Broadcast or multicast server mode. · bclient—Broadcast or multicast client mode.
Reference clock ID	The field represents the IP address of the remote server when the local device is synchronized to a remote NTP server. The field represents the local clock when the local device uses the local clock as a reference source. · When the local clock has a stratum level of 1, this field displays Local. · When the local clock has any other stratum, this field displays the IP address of the local clock.
Leap indicator	Alarming status: · 00—Normal. · 01—Leap second, indicates that the last minute in a day has 61 seconds. · 10—Leap second, indicates that the last minute in a day has 59 seconds. · 11—Time is not synchronized.
Clock jitter	Difference between the system clock and reference clock, in seconds.
Stability	Clock frequency stability. A lower value represents better stability.
Clock precision	Accuracy of the system clock.
Root delay	Roundtrip delay from the local device to the primary reference source, in milliseconds.
Root dispersion	Maximum error of the system clock relative to the primary reference source, in milliseconds.
Reference time	Reference timestamp.

display ntp-service trace

Use display ntp-service trace to display brief information about each NTP server from the local device back to the primary reference source.

Syntax

display ntp-service trace

View

Any view

Predefined user roles

network-admin

network-operator

Examples

# Display brief information about each NTP server from the local device back to the primary reference source.

<Sysname> display ntp-service trace

Server 127.0.0.1

Stratum 3, jitter 0.000, synch distance 0.0000.

Server 3000::32

Stratum 2 , jitter 790.00, synch distance 0.0000.

RefID 127.127.1.0

The output shows that server 127.0.0.1 is synchronized to server 3000::32, and server 3000::32 is synchronized to the local clock.

Table 6 Command output

Field	Description
Server	IP address of the NTP server.
Stratum	Stratum level of the NTP server.
jitter	Root mean square (RMS) value of the clock offset relative to the upper-level clock, in seconds.
synch distance	Synchronization distance relative to the upper-level NTP server, in seconds, calculated from dispersion and roundtrip delay values.
RefID	Identifier of the primary reference source. When the stratum level of the primary reference clock is 0, it is displayed as Local. Otherwise, it is displayed as the IP address of the primary reference clock.

ntp-service acl

Use ntp-service acl to configure the access-control right for peer devices to access NTP services of the local device.

Use undo ntp-service acl to remove the configured NTP service access-control right.

Syntax

ntp-service { peer | query | server | synchronization } acl acl-number

undo ntp-service { peer | query | server | synchronization } acl acl-number

Default

The access-control right for the peer devices to access the NTP services of the local device is peer.

Views

System view

Predefined user roles

network-admin

Parameters

peer: Allows time requests and NTP control queries (such as alarms, authentication status, and time server information) from a peer device and allows the local device to synchronize itself to a peer device.

query: Allows only NTP control queries from a peer device to the local device.

server: Allows time requests and NTP control queries from a peer device, but does not allow the local device to synchronize itself to a peer device.

synchronization: Allows only time requests from a system whose address passes the access list criteria.

acl acl-number: Specifies an ACL. The peer devices that match the ACL have the access right specified in this command. The acl-number argument represents a basic ACL number in the range of 2000 to 2999.

Usage guidelines

You can control NTP access by using ACL. The access rights are in the following order, from least restrictive to most restrictive: peer, server, synchronization, and query.

The device processes an NTP request by following these rules:

· If no NTP access control is configured, peer is granted to the local device and peer devices.

· If the IP address of the peer device matches a permit statement in an ACL for more than one access right, the least restrictive access right is granted to the peer device. If a deny statement or no ACL is matched, no access right is granted.

· If no ACL is created for a specific access right, the associated access right is not granted.

· If no ACL is created for any access right, peer is granted.

The ntp-service acl command provides minimal security for a system running NTP. A more secure method is NTP authentication.

Examples

# Configure the peer devices on subnet 10.10.0.0/16 to have full access to the local device.

<Sysname> system-view

[Sysname] acl number 2001

[Sysname-acl-basic-2001] rule permit source 10.10.0.0 0.0.255.255

[Sysname-acl-basic-2001] quit

[Sysname] ntp-service access peer acl 2001

Related commands

· ntp-service authentication enable

· ntp-service authentication-keyid

· ntp-service reliable authentication-keyid

ntp-service authentication enable

Use ntp-service authentication enable to enable NTP authentication.

Use undo ntp-service authentication enable to disable NTP authentication.

Syntax

ntp-service authentication enable

undo ntp-service authentication enable

Default

NTP authentication is disabled.

Views

System view

Predefined user roles

network-admin

Usage guidelines

Enable NTP authentication in networks that require time synchronization security to make sure NTP clients are only synchronized to authenticated NTP servers.

To authenticate an NTP server, set an authentication key and specify it as a trusted key.

Examples

# Enable NTP authentication.

<Sysname> system-view

[Sysname] ntp-service authentication enable

Related commands

· ntp-service authentication-keyid

· ntp-service reliable authentication-keyid

ntp-service authentication-keyid

Use ntp-service authentication-keyid to set an NTP authentication key.

Use undo ntp-service authentication-keyid to remove the NTP authentication key.

Syntax

ntp-service authentication-keyid keyid authentication-mode md5 { cipher | simple } value

undo ntp-service authentication-keyid keyed

Default

No NTP authentication key is set.

Views

System view

Predefined user roles

network-admin

Parameters

keyid: Specifies a key ID to identify an authentication key, in the range of 1 to 4294967295.

authentication-mode md5 value: Uses the MD5 algorithm for key authentication.

simple: Sets a plaintext authentication key.

cipher: Sets a ciphertext authentication key.

value: Specifies the MD5 authentication key string. If simple is specified, it is a string of 1 to 32 characters. If cipher is specified, it is a string of 1 to 73 characters.

Usage guidelines

In a network where there is a high security demand, the NTP authentication feature must be enabled for a system running NTP. This feature enhances the network security by using client-server key authentication, which prohibits a client from synchronizing to a device that has failed the authentication.

After you specify an NTP authentication key, use the ntp-service reliable authentication-keyid command to configure the key as a trusted key. The key automatically changes to untrusted after you delete the key. In this case, you do not need to execute the undo ntp-service reliable authentication-keyid command.

You can set up to 128 keys by executing the command.

The authentication key, set in either plain text or cipher text, is saved to the configuration file in cipher text.

Examples

# Set a plaintext MD5 authentication key, with the key ID of 10 and key value of BetterKey.

<Sysname> system-view

[Sysname] ntp-service authentication enable

[Sysname] ntp-service authentication-keyid 10 authentication-mode md5 simple BetterKey

Related commands

· ntp-service authentication enable

· ntp-service reliable authentication-keyid

ntp-service broadcast-client

Use ntp-service broadcast-client to configure the device to operate in NTP broadcast client mode and use the current interface to receive NTP broadcast packets.

Use undo ntp-service broadcast-client to remove the configuration.

Syntax

ntp-service broadcast-client

undo ntp-service broadcast-client

Default

The device does not operate in any NTP association mode.

Views

Interface view

Predefined user roles

network-admin

Usage guidelines

After you configure this command, the device listens to NTP messages sent by the NTP broadcast server and is synchronized based on the received NTP messages.

If you have configured the device to operate in broadcast client mode on an interface with this command, do not add the interface to any aggregate group. To add the interface to an aggregate group, remove the configuration of the command.

Examples

# Configure the device to operate in broadcast client mode and receive NTP broadcast messages on VLAN-interface 1.

<Sysname> system-view

[Sysname] interface vlan-interface 1

[Sysname-Vlan-interface1] ntp-service broadcast-client

Related commands

ntp-service broadcast-server

Use ntp-service broadcast-server to configure the device to operate in NTP broadcast server mode and use the current interface to send NTP broadcast packets.

Use undo ntp-service broadcast-server to remove the configuration.

Syntax

ntp-service broadcast-server [ authentication-keyid keyid | version number ] *

undo ntp-service broadcast-server

Default

The device does not operate in any NTP association mode.

Views

Interface view

Predefined user roles

network-admin

Parameters

authentication-keyid keyid: Specifies the key ID to be used for sending broadcast messages to broadcast clients, where keyid is in the range of 1 to 4294967295. If you do not specify this option, the local device cannot synchronize broadcast clients enabled with NTP authentication.

version number: Specifies the NTP version. The value range for the number argument is 1 to 4, and the default is 4.

Usage guidelines

After you configure this command, the device periodically sends NTP messages to the broadcast address 255.255.255.255.

If you have configured the device to operate in broadcast server mode on an interface with this command, do not add the interface to any aggregate group. To add the interface to an aggregate group, remove the configuration of the command.

Examples

# Configure the device to operate in broadcast server mode and send NTP broadcast messages on VLAN-interface 1, using key 4 for encryption, and set the NTP version to 4.

<Sysname> system-view

[Sysname] interface vlan-interface 1

[Sysname-Vlan-interface1] ntp-service broadcast-server authentication-keyid 4 version 4

Related commands

ntp-service broadcast-client

ntp-service dscp

Use ntp-server dscp to set a DSCP value for IPv4 NTP packets.

Use undo ntp-server dscp to restore the default.

Syntax

ntp-service dscp dscp-value

undo ntp-service dscp

Default

The DSCP value for IPv4 NTP packets is 48.

Views

System view

Predefined user roles

network-admin

Parameters

dscp-value: Sets a DSCP value in the range of 0 to 63 for IPv4 NTP packets.

Usage guidelines

The DSCP value is included in the ToS field of an IPv4 packet to identify the packet priority.

Examples

# Set the DSCP value for IPv4 NTP packets to 30.

<Sysname> system-view

[Sysname] ntp-service dscp 30

ntp-service enable

Use ntp-service enable to enable the NTP service.

Use undo ntp-service enable to disable the NTP service.

Syntax

ntp-service enable

undo ntp-service enable

Default

The NTP service is not enabled.

Views

System view

Predefined user roles

network-admin

Examples

# Enable the NTP service.

<Sysname> system-view

[Sysname] ntp-service enable

ntp-service inbound enable

Use ntp-service inbound enable to enable an interface to process NTP messages.

Use undo ntp-service inbound enable to disable an interface from processing NTP messages.

Syntax

ntp-service inbound enable

undo ntp-service inbound enable

Default

An interface processes NTP messages.

Views

Interface view

Predefined user roles

network-admin

Usage guidelines

To achieve the following purposes, execute the undo ntp-service inbound enable command on an interface:

· Disable the interface from synchronizing the peer device in the corresponding subnet.

· Disable the device from being synchronized by the peer device in the subnet corresponding to an interface.

Examples

# Disable VLAN-interface 1 from processing NTP messages.

<Sysname> system-view

[Sysname] interface vlan-interface 1

[Sysname-Vlan-interface1] undo ntp-service inbound enable

ntp-service max-dynamic-sessions

Use ntp-service max-dynamic-sessions to set the maximum number of dynamic NTP sessions allowed to be established locally.

Use undo ntp-service max-dynamic-sessions to restore the default.

Syntax

ntp-service max-dynamic-sessions number

undo ntp-service max-dynamic-sessions

Default

The maximum number of dynamic NTP sessions is 100.

View

System view

Predefined user roles

network-admin

Parameters

number: Sets the maximum number of dynamic NTP associations allowed to be established, in the range of 0 to 100.

Usage guidelines

A single device can have a maximum of 128 concurrent associations, including static associations and dynamic associations. A static association refers to an association that a user has manually created by using an NTP command, while a dynamic association is a temporary association created by the system during operation.

Examples

# Set the maximum number of dynamic NTP associations allowed to be established to 50.

<Sysname> system-view

[Sysname] ntp-service max-dynamic-sessions 50

Related commands

display ntp-service sessions

ntp-service multicast-client

Use ntp-service multicast-client to configure the device to operate in NTP multicast client mode and use the current interface to receive NTP multicast packets.

Use undo ntp-service multicast-client to remove the configuration.

Syntax

ntp-service multicast-client [ ip-address ]

undo ntp-service multicast-client [ ip-address ]

Default

The device does not operate in any NTP association mode.

View

Interface view

Predefined user roles

network-admin

Parameters

ip-address: Specifies a multicast IP address. The default is 224.0.1.1. A multicast server and client must be configured with the same multicast IP address.

Usage guidelines

After you configure this command, the device listens to NTP messages using the specified multicast address as the destination address.

If you have configured the device to operate in multicast client mode on an interface with this command, do not add the interface to any aggregate group. To add the interface to an aggregate group, remove the configuration of the command.

Examples

# Configure the device to operate in multicast client mode and receive NTP multicast messages on VLAN-interface 1, and set the multicast address to 224.0.1.1.

<Sysname> system-view

[Sysname] interface vlan-interface 1

[Sysname-Vlan-interface1] ntp-service multicast-client 224.0.1.1

Related commands

ntp-service multicast-server

Use ntp-service multicast-server to configure the device to operate in NTP multicast server mode and use the current interface to send NTP multicast packets.

Use undo ntp-service multicast-server to remove the configuration.

Syntax

ntp-service multicast-server [ ip-address ] [ authentication-keyid keyid | ttl ttl-number | version number ] *

undo ntp-service multicast-server [ ip-address ]

Default

The device does not operate in any NTP association mode.

View

Interface view

Predefined user roles

network-admin

Parameters

ip-address: Specifies a multicast IP address. The default is 224.0.1.1. A multicast server and client must be configured with the same multicast IP address.

authentication-keyid keyid: Specifies the key ID to be used for sending multicast messages to multicast clients, where keyid is in the range of 1 to 4294967295. If you do not specify this option, the local device cannot synchronize multicast clients enabled with NTP authentication.

ttl ttl-number: Specifies the TTL of NTP multicast messages, where ttl-number is in the range of 1 to 255. The default value is 16.

version number: Specifies the NTP version. The value range for the number argument is 1 to 4, and the default is 4.

Usage guidelines

After you configure this command, the device periodically sends NTP messages to the specified multicast address.

If you have configured the device to operate in multicast server mode on an interface with this command, do not add the interface to any aggregate group. To add the interface to an aggregate group, remove the configuration of the command.

Examples

# Configure the device to operate in multicast server mode and send NTP multicast messages on VLAN-interface 1 to the multicast address 224.0.1.1, using key 4 for encryption, and set the NTP version to 4.

<Sysname> system-view

[Sysname] interface vlan-interface 1

[Sysname-Vlan-interface1] ntp-service multicast-server 224.0.1.1 version 4 authentication-keyid 4

Related commands

ntp-service multicast-client

ntp-service refclock-master

Use ntp-service refclock-master to configure the local clock as a reference source for other devices.

Use undo ntp-service refclock-master to remove the configuration.

Syntax

ntp-service refclock-master [ ip-address ] [ stratum ]

undo ntp-service refclock-master [ ip-address ]

Default

The device does not use its local clock as a reference clock.

Views

System view

Predefined user roles

network-admin

Parameters

ip-address: IP address of the local clock, which is 127.127.1.u, where u is the NTP process ID in the range of 0 to 3. If you do not specify ip-address, it defaults to 127.127.1.0.

stratum: Stratum level of the local clock, in the range of 1 to 15. The default value is 8. A lower stratum level represents a higher clock accuracy.

Usage guidelines

Usually an NTP server that gets its time from an authoritative time source, such as an atomic clock has stratum 1 and operates as the primary time server to provide time synchronization for other devices in the network. The accuracy of each server is the stratum, with the topmost level (primary servers) assigned as one and each level downwards (secondary servers) in the hierarchy assigned as one greater than the preceding level.

If the devices in a network cannot synchronize to an authoritative time source, you can select a device that has a relatively accurate clock from the network, and use the local clock of the device as the reference clock to synchronize other devices in the network.

Use this command with caution to avoid time errors. As a best practice, adjust the local system time to a correct value before you execute this command.

Examples

# Specify the local clock as the reference source, with the stratum level 2.

<Sysname> system-view

[Sysname] ntp-service refclock-master 2

ntp-service reliable authentication-keyid

Use ntp-service reliable authentication-keyid to specify the created authentication key as a trusted key.

Use undo ntp-service reliable authentication-keyid to remove the configuration.

Syntax

ntp-service reliable authentication-keyid keyid

undo ntp-service reliable authentication-keyid keyid

Default

No trust key is specified.

Views

System view

Predefined user roles

network-admin

Parameters

keyid: Specifies an authentication key number in the range of 1 to 4294967295.

Usage guidelines

When NTP authentication is enabled, a client can be synchronized only to a server that can provide a trusted authentication key.

Before you use the command, make sure NTP authentication is enabled and an authentication key is configured. The key automatically changes to untrusted after you delete the key. In this case, you do not need to execute the undo ntp-service reliable authentication-keyid command.

You can set up to 128 keys by executing the command.

Examples

# Enable NTP authentication, specify the MD5 algorithm, with the key ID of 37 and key value of BetterKey.

<Sysname> system-view

[Sysname] ntp-service authentication enable

[Sysname] ntp-service authentication-keyid 37 authentication-mode md5 BetterKey

# Specify this key as a trusted key.

[Sysname] ntp-service reliable authentication-keyid 37

Related commands

· ntp-service authentication enable

· ntp-service authentication-keyid

ntp-service source

Use ntp-service source to specify the source interface for NTP messages.

Use undo ntp-service source to restore the default.

Syntax

ntp-service source interface-type interface-number

undo ntp-service source

Default

No source interface is specified for NTP messages. The device searches the routing table for the outbound interface of NTP messages, and uses the primary IP address of the outbound interface as the source IP address for NTP messages.

Views

System view

Predefined user roles

network-admin

Parameters

interface-type interface-number: Specifies an interface by its type and number.

Usage guidelines

If you specify the source interface for NTP messages, the device sets the source IP address of the NTP messages as the primary IP address of the specified interface when sending the NTP messages.

When the device responds to an NTP request, the source IP address of the NTP response is always the IP address of the interface that has received the NTP request.

If you do not want the IP address of an interface on the local device to become the destination address for response messages, use this command.

· If you have specified the source interface for NTP messages in the ntp-service unicast-server or ntp-service unicast-peer command, the interface specified in the ntp-service unicast-server or ntp-service unicast-peer command serves as the source interface for NTP messages.

· If you have configured the ntp-service broadcast-server or ntp-service multicast-server command, the source interface for the broadcast or multicast NTP messages is the interface configured with the respective command.

· If the specified source interface is down, the device does not send NTP messages.

Examples

# Specify the source interface for NTP messages as VLAN-interface 1.

<Sysname> system-view

[Sysname] ntp-service source vlan-interface 1

ntp-service unicast-peer

Use ntp-service unicast-peer to specify a symmetric-passive peer for the device.

Use undo ntp-service unicast-peer to remove the symmetric-passive peer specified for the device.

Syntax

ntp-service unicast-peer { peer-name | ip-address } [ vpn-instance vpn-instance-name ] [ authentication-keyid keyid | priority | source interface-type interface-number | version number ] *

undo ntp-service unicast-peer { peer-name | ip-address } [ vpn-instance vpn-instance-name ]

Default

No symmetric-passive peer is specified for the device.

Views

System view

Predefined user roles

network-admin

Parameters

peer-name: Specifies the host name of the symmetric-passive peer, a case-insensitive string of 1 to 253 characters.

ip-address: Specifies the IP address of the symmetric-passive peer. It must be a unicast address, rather than a broadcast address, a multicast address, or the IP address of the local clock.

vpn-instance vpn-instance-name: Specifies the MPLS L3VPN to which the symmetric-passive peer belongs, where vpn-instance-name is a case-sensitive string of 1 to 31 characters. If the symmetric-passive peer is on a public network, do not specify this option.

authentication-keyid keyid: Specifies the key ID to be used for sending NTP messages to the peer, where keyid is in the range of 1 to 4294967295. If you do not specify this option, the local device and the peer do not authenticate each other.

priority: Specifies the peer specified by ip-address or peer-name as the first choice under the same condition.

source interface-type interface-number: Specifies the source interface for NTP messages. In an NTP message the local device sends to its peer, the source IP address is the primary IP address of this interface. The interface-type interface-number argument represents the interface type and number.

version number: Specifies the NTP version. The value range for the number argument is 1 to 4, and the default is 4.

Usage guidelines

When you specify a passive peer for the device, the device and its passive peer can be synchronized to each other. If their clocks are in synchronized state, the clock with a high stratum level is synchronized to the clock with a lower stratum level.

To synchronize the PE to a PE or CE in a VPN, provide vpn-instance vpn-instance-name in your command.

If you include vpn-instance vpn-instance-name in the undo ntp-service unicast-peer command, the command removes the symmetric-passive peer with the IP address of ip-address in the specified VPN. If you do not include vpn-instance vpn-instance-name in this command, the command removes the symmetric-passive peer with the IP address of ip-address on the public network.

Examples

# Specify the device with the IP address of 10.1.1.1 as the symmetric-passive peer of the device, configure the device to run NTP version 4, and specify the source interface of NTP messages as VLAN-interface 1.

<Sysname> system-view

[Sysname] ntp-service unicast-peer 10.1.1.1 version 4 source-interface vlan-interface 1

Related commands

· ntp-service authentication enable

· ntp-service authentication-keyid

· ntp-service reliable authentication-keyid

ntp-service unicast-server

Use ntp-service unicast-server to specify an NTP server for the device.

Use undo ntp-service unicast-server to remove an NTP server specified for the device.

Syntax

ntp-service unicast-server { server-name | ip-address } [ vpn-instance vpn-instance-name ] [ authentication-keyid keyid | priority | source interface-type interface-number | version number ] *

undo ntp-service unicast-server { server-name | ip-address } [ vpn-instance vpn-instance-name ]

Default

No NTP server is specified for the device.

Views

System view

Predefined user roles

network-admin

Parameters

server-name: Specifies the host name of the NTP server, a case-insensitive string of 1 to 253 characters.

ip-address: Specifies the IP address of the NTP server. It must be a unicast address, rather than a broadcast address, a multicast address, or the IP address of the local clock.

authentication-keyid keyid: Specifies the key ID to be used for sending NTP messages to the NTP server, where keyid is in the range of 1 to 4294967295. If the option is not specified, the local device and NTP server do not authenticate each other.

priority: Specifies this NTP server as the first choice under the same condition.

source interface-type interface-number: Specifies the source interface for NTP messages. For an NTP message the local device sends to the NTP server, the source IP address is the primary IP address of this interface. The interface-type interface-number argument represents the interface type and number.

version number: Specifies the NTP version. The value range for the number argument is 1 to 4, and the default is 4.

Usage guidelines

When you specify an NTP server for the device, the device is synchronized to the NTP server, but the NTP server is not synchronized to the device.

To synchronize the PE to a PE or CE in a VPN, provide vpn-instance vpn-instance-name in your command.

Examples

# Specify NTP server 10.1.1.1 for the device, and configure the device to run NTP version 4.

<Sysname> system-view

[Sysname] ntp-service unicast-server 10.1.1.1 version 4

Related commands

· ntp-service authentication enable

· ntp-service authentication-keyid

· ntp-service reliable authentication-keyid

SNTP commands

display sntp sessions

Use display sntp sessions to display information about all SNTP associations.

Syntax

display sntp sessions

Views

Any view

Predefined user roles

network-admin

network-operator

Examples

# Display information about all SNTP associations.

<Sysname> display sntp sessions

SNTP server Stratum Version Last receive time

1.0.1.11 2 4 Tue, May 17 2011 9:11:20.833 (Synced)

Table 7 Command output

Field	Description
SNTP server	SNTP server (NTP server). If this field displays 0.0.0.0, the IP address of the NTP server has not been resolved successfully.
Stratum	Stratum level of the NTP server, which determines the clock accuracy. It is in the range of 1 to 16. A lower stratum level represents higher clock accuracy. A clock with stratum level 16 is not synchronized.
Version	SNTP version.
Last receive time	Time when the last message was received. Synced means the local clock is synchronized to the NTP server.

sntp authentication enable

Use sntp authentication enable to enable SNTP authentication.

Use undo sntp authentication enable to disable SNTP authentication.

Syntax

sntp authentication enable

undo sntp authentication enable

Default

SNTP authentication is disabled.

Views

System view

Predefined user roles

network-admin

Usage guidelines

You need to enable SNTP authentication in networks that require time synchronization security to make sure SNTP clients are only synchronized to authenticated NTP servers.

To authenticate an NTP server, set an authentication key and specify it as a trusted key.

Examples

# Enable SNTP authentication.

<Sysname> system-view

[Sysname] sntp authentication enable

Related commands

· sntp authentication-keyid

· sntp reliable authentication-keyid

sntp authentication-keyid

Use sntp authentication-keyid to set an SNTP authentication key.

Use undo sntp authentication-keyid to remove the SNTP authentication key.

Syntax

sntp authentication-keyid keyid authentication-mode md5 { cipher | simple } value

undo sntp authentication-keyid keyid

Default

No SNTP authentication key is set.

Views

System view

Predefined user roles

network-admin

Parameters

keyid: Specifies a key ID to identify an authentication key, in the range of 1 to 4294967295.

authentication-mode md5 value: Uses the MD5 algorithm for key authentication.

simple: Sets a plaintext authentication key.

cipher: Sets a ciphertext authentication key.

value: Specifies the MD5 authentication key string. If simple is specified, it is a string of 1 to 32 characters. If cipher is specified, it is a string of 1 to 73 characters.

Usage guidelines

You need to enable SNTP authentication in networks that require time synchronization security to make sure SNTP clients are only synchronized to authenticated NTP servers.

Configure the same key ID and key value on the SNTP client and NTP server. Otherwise, the SNTP client cannot be synchronized to the NTP server.

After you configure an SNTP authentication key, use the sntp reliable authentication-keyid command to set it as a trusted key. The key automatically changes to untrusted after you delete the key. In this case, you do not need to execute the undo sntp-service reliable authentication-keyid command.

You can set up to 128 keys by executing the command.

The authentication key, set in either plain text or cipher text, is saved to the configuration file in cipher text.

Examples

# Set an MD5 authentication key, with the key ID of 10 and key value of BetterKey. Input the key in plain text.

<Sysname> system-view

[Sysname] sntp authentication enable

[Sysname] sntp authentication-keyid 10 authentication-mode md5 simple BetterKey

Related commands

· sntp authentication enable

· sntp reliable authentication-keyid

sntp enable

Use sntp enable to enable the SNTP service.

Use undo sntp enable to disable the SNTP service.

Syntax

sntp enable

undo sntp enable

Default

The SNTP service is not enabled.

Views

System view

Predefined user roles

network-admin

Examples

# Enable the SNTP service.

<Sysname> system-view

[Sysname] sntp enable

sntp reliable authentication-keyid

Use sntp reliable authentication-keyid to specify the created authentication key as a trusted key.

Use undo sntp reliable authentication-keyid to remove the specified trusted key.

Syntax

sntp reliable authentication-keyid keyid

undo sntp reliable authentication-keyid keyid

Default

No trust key is specified.

Views

System view

Predefined user roles

network-admin

Parameters

keyid: Specifies an authentication key number in the range of 1 to 4294967295.

Usage guidelines

If SNTP is enabled, the SNTP client is only synchronized to an NTP server that provides a trusted key.

Before you use the command, make sure SNTP authentication is enabled and an authentication key is configured. The key automatically changes to untrusted after you delete the key. In this case, you do not need to execute the undo sntp-service reliable authentication-keyid command.

Examples

# Enable NTP authentication, and specify the MD5 encryption algorithm, with the key ID of 37 and key value of BetterKey.

<Sysname> system-view

[Sysname] sntp authentication enable

[Sysname] sntp authentication-keyid 37 authentication-mode md5 BetterKey

# Specify this key as a trusted key.

[Sysname] sntp reliable authentication-keyid 37

Related commands

· sntp authentication-keyid

· sntp authentication enable

sntp unicast-server

Use sntp unicast-server to specify an NTP server for the device.

Use undo sntp unicast-server to remove the NTP server.

Syntax

sntp unicast-server { server-name | ip-address } [ vpn-instance vpn-instance-name ] [ authentication-keyid keyid | source interface-type interface-number | version number ] *

undo sntp unicast-server { server-name | ip-address } [ vpn-instance vpn-instance-name ]

Default

No NTP server is specified for the device.

Views

System view

Predefined user roles

network-admin

Parameters

server-name: Specifies the host name of the NTP server, a case-insensitive string of 1 to 253 characters.

ip-address: Specifies the IP address of the NTP server. It must be a unicast address, rather than a broadcast address, a multicast address, or the IP address of the local clock.

vpn-instance vpn-instance-name: Specifies the MPLS L3VPN to which the NTP server belongs, where vpn-instance-name is a case-sensitive string of 1 to 31 characters. If the NTP server is on a public network, do not specify this option.

source interface-type interface-number: Specifies the source interface for NTP messages. In an NTP message the local device sends to the NTP server, the source IP address is the primary IP address of this interface. The interface-type interface-number argument represents the interface type and number.

version number: Specifies the NTP version. The value range for the number argument is 1 to 4, and the default is 4.

Usage guidelines

When you specify an NTP server for the device, the device is synchronized to the NTP server, but the NTP server is not synchronized to the device.

To synchronize the PE to a PE or CE in a VPN, provide vpn-instance vpn-instance-name in your command.

If you include the vpn-instance vpn-instance-name option in the undo ntp-service unicast-server command, the command removes the NTP server with the IP address of ip-address in the specified VPN. If you do not include the vpn-instance vpn-instance-name option in this command, the command removes the NTP server with the IP address of ip-address on the public network.

Examples

# Specify NTP server 10.1.1.1 for the device, and configure the device to run NTP version 4.

<Sysname> system-view

[Sysname] sntp unicast-server 10.1.1.1 version 4

Related commands

· sntp authentication enable

· sntp authentication-keyid

· sntp reliable authentication-keyid

Information center commands

diagnostic-logfile save

Use diagnostic-logfile save to manually save diagnostic logs from the diagnostic log buffer to the diagnostic log file.

Syntax

diagnostic-logfile save

Views

Any view

Predefined user roles

network-admin

mdc-admin

Usage guidelines

You can specify the directory to save the diagnostic log file with the info-center diagnostic-logfile directory command.

The system clears the diagnostic log buffer after saving the buffered diagnostic logs to the diagnostic log file.

Examples

# Manually save diagnostic logs from the diagnostic log buffer to the diagnostic log file.

<Sysname> diagnostic-logfile save

The contents in the diagnostic log file buffer have been saved to the file flash:/ diagfile/diagfile.log.

Related commands

· info-center diagnostic-logfile enable

· info-center diagnostic-logfile directory

display diagnostic-logfile summary

Use display diagnostic-logfile summary to display the diagnostic log file configuration.

Syntax

display diagnostic-logfile summary

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Examples

# Display the diagnostic log file configuration.

<Sysname> display diagnostic-logfile summary

Diagnostic log file: Enabled.

Diagnostic log file size quota: 10 MB

Diagnostic log file directory: flash:/diagfile

Writing frequency: 24 hour 0 min 0 sec

Table 8 Command output

Field	Description
Diagnostic log file	· Enabled—Diagnostic logs can be output to the diagnostic log file. · Disabled—Diagnostic logs cannot be output to the diagnostic log file.
Diagnostic log file size quota	Maximum size of the diagnostic log file, in MB.
Log file directory	Directory where the diagnostic log file is saved.
Writing frequency	Interval at which the diagnostic log file is saved.

display info-center

Use display info-center to display information center configuration information.

Syntax

display info-center

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Examples

# Display information center configuration.

<Sysname> display info-center

Information Center: Enabled

Console: Enabled

Monitor: Enabled

Log host: Enabled

IP address: 192.168.0.1, port number: 5000, host facility: local7

IP address: 192.168.0.2, port number: 5001, host facility: local5

Log buffer: Enabled

Max buffer size 1024, current buffer size 512,

Current messages 0, dropped messages 0, overwritten messages 0

Log file: Enabled

Security log file: Enabled

Information timestamp format:

Loghost: Date

Other output destination: Date

display logbuffer

Use display logbuffer to display the state of the log buffer and the log information in the log buffer.

Syntax

In standalone mode:

display logbuffer [ reverse ] [ level severity | size buffersize | slot slot-number ] *

In IRF mode:

display logbuffer [ reverse ] [ level severity | size buffersize | chassis chassis-number slot slot-number ] *

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Parameters

reverse: Displays log entries chronologically, with the most recent entry at the top. Without this keyword, the command displays log entries chronologically, with the oldest entry at the top.

level severity: Specifies a severity level in the range of 0 to 7. Without this keyword, the command displays log information for all levels.

Table 9 Log levels

Severity value	Level	Description	Corresponding keyword in commands
0	Emergency	The system is unusable. For example, the system authorization has expired.	emergency
1	Alert	Action must be taken immediately. For example, traffic on an interface exceeds the upper limit.	alert
2	Critical	Critical condition. For example, the device temperature exceeds the upper limit, the power module fails, or the fan tray fails.	critical
3	Error	Error condition. For example, the link state changes.	error
4	Warning	Warning condition. For example, an interface is disconnected, or the memory resources are used up.	warning
5	Notification	Normal but significant condition. For example, a terminal logs in to the device, or the device reboots.	notification
6	Informational	Informational message. For example, a command or a ping operation is executed.	informational
7	Debug	Debugging message.	debugging

size buffersize: Specifies the number of latest log messages to be displayed, in the range of 1 to 1024. Without this keyword, the command displays all log information.

slot slot-number: Specifies a card by its slot number. (In standalone mode.)

chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument specifies the ID of the member device. The slot-number argument specifies the slot number of the card. (In IRF mode.)

Examples

# (In standalone mode.) Display the state and log information of the log buffer.

<Sysname> display logbuffer slot 1

Log buffer: Enabled

Max buffer size: 1024

Actual buffer size: 512

Dropped messages: 0

Overwritten messages: 0

Current messages: 127

%Jun 19 18:03:24:55 2006 Sysname SYSLOG /7/SYS_RESTART:System restarted

…

# (In IRF mode.) Display the state and log information of the log buffer.

<Sysname> display logbuffer chassis 0 slot 1

Log buffer: Enabled

Max buffer size: 1024

Actual buffer size: 512

Dropped messages: 0

Overwritten messages: 0

Current messages: 127

%Jun 19 18:03:24:55 2006 Sysname SYSLOG/7/SYS_RESTART:System restarted

…

Table 10 Command output

Field	Description
Log buffer	· Enabled—Logs can be output to the log buffer. · Disabled—Logs cannot be output to the buffer.
Max buffer size	Maximum number of logs that can be stored in the log buffer.
Actual buffer size	Actual number of logs that can be stored in the log buffer. (This value is specified with the info-center logbuffer size command.)
Dropped messages	Number of dropped messages.
Overwritten messages	Number of overwritten messages.
Current messages	Number of current messages.

Related commands

· info-center logbuffer

· reset logbuffer

display logbuffer summary

Use display logbuffer summary to display the summary of the log buffer.

Syntax

In standalone mode:

display logbuffer summary [ level severity | slot slot-number ] *

In IRF mode:

display logbuffer summary [ level severity | chassis chassis-number slot slot-number ] *

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Parameters

level severity: Specifies a severity level in the range of 0 to 7. Without this keyword, the command displays log information of all levels in the log buffer. For more information about log levels, see Table 9.

slot slot-number: Specifies a card by its slot number. (In standalone mode.)

Examples

# (In standalone mode.) Display the summary of the log buffer.

<Sysname> display logbuffer summary

SLOT EMERG ALERT CRIT ERROR WARN NOTIF INFO DEBUG

0 0 0 0 0 0 0 0 0

1 0 0 0 0 0 0 0 0

2 0 0 0 0 0 0 0 0

3 0 0 0 0 0 0 0 0

4 0 0 0 0 0 0 0 0

5 0 0 0 0 0 0 0 0

6 0 0 0 0 0 0 0 0

7 0 0 0 0 0 0 0 0

8 0 0 0 0 0 0 0 0

9 0 0 0 0 0 0 0 0

10 0 0 0 0 0 0 0 0

11 0 0 0 0 0 0 0 0

12 0 0 0 0 0 0 0 0

13 0 0 0 0 0 0 0 0

14 0 0 0 0 0 0 0 0

15 0 0 0 0 0 0 0 0

16 0 0 0 0 0 0 0 0

17 0 0 111 87 2 48 264 0

18 0 0 0 0 0 0 0 0

19 0 0 0 0 0 0 0 0

20 0 0 0 0 0 0 0 0

21 0 0 0 0 0 0 0 0

22 0 0 0 0 0 0 0 0

23 0 0 0 0 0 0 0 0

# (In IRF mode.) Display the summary of the log buffer.

<Sysname> display logbuffer summary

CHASSIS SLOT EMERG ALERT CRIT ERROR WARN NOTIF INFO DEBUG

1 0 0 0 0 0 0 0 0 0

1 1 0 0 0 0 0 0 0 0

1 2 0 0 0 0 0 0 0 0

1 3 0 0 0 0 0 0 0 0

1 4 0 0 0 0 0 0 0 0

1 5 0 0 0 0 0 0 0 0

1 6 0 0 0 0 0 0 0 0

1 7 0 0 0 0 0 0 0 0

1 8 0 0 0 0 0 0 0 0

1 9 0 0 0 0 0 0 0 0

1 10 0 0 0 0 0 0 0 0

1 11 0 0 0 0 0 0 0 0

1 12 0 0 0 0 0 0 0 0

1 13 0 0 0 0 0 0 0 0

1 14 0 0 0 0 0 0 0 0

1 15 0 0 0 0 0 0 0 0

1 16 0 0 0 0 0 0 0 0

1 17 0 0 111 87 2 48 264 0

1 18 0 0 0 0 0 0 0 0

1 19 0 0 0 0 0 0 0 0

1 20 0 0 0 0 0 0 0 0

1 21 0 0 0 0 0 0 0 0

1 22 0 0 0 0 0 0 0 0

1 23 0 0 0 0 0 0 0 0

Table 11 Command output

Field	Description
CHASSIS	IRF member device ID. (In IRF mode.)
SLOT	Slot number of the card.
EMERG	Represents emergency. For more information, see Table 9.
ALERT	Represents alert. For more information, see Table 9.
CRIT	Represents critical. For more information, see Table 9.
ERROR	Represents error. For more information, see Table 9.
WARN	Represents warning. For more information, see Table 9.
NOTIF	Represents notification. For more information, see Table 9.
INFO	Represents informational. For more information, see Table 9.
DEBUG	Represents debug. For more information, see Table 9.

display logfile summary

Use display logfile summary to display the log file configuration.

Syntax

display logfile summary

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Examples

# Display the log file configuration.

<Sysname> display logfile summary

Log file: Enabled.

Log file size quota: 10 MB

Log file directory: flash:/logfile

Writing frequency: 0 hour 1 min 10 sec

Table 12 Command output

Field	Description
Log file	· Enabled—Logs can be output to a log file. · Disabled—Logs cannot be output to a log file.
Log file size quota	Maximum storage size of a log file, in MB.
Log file directory	Log file directory.
Writing frequency	Interval at which the log file is saved.

enable log updown

Use enable log updown to enable an interface to generate link up or link down logs when the interface state changes.

Use undo enable log updown to disable an interface from generating link up or link down logs when the interface state changes.

Syntax

enable log updown

undo enable log updown

Default

All interfaces are allowed to generate link up and link down logs.

Views

Interface view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Examples

# Disable port FortyGigE 1/0/1 from generating link up or link down logs.

<Sysname> system-view

[Sysname] interface fortygige 1/0/1

[Sysname-FortyGigE1/0/1] undo enable log updown

info-center diagnostic-logfile enable

Use info-center diagnostic-logfile enable to enable saving diagnostic logs into the diagnostic log file.

Use undo info-center diagnostic-logfile enable to disable saving diagnostic logs into the diagnostic log file.

Syntax

info-center diagnostic-logfile enable

undo info-center diagnostic-logfile enable

Default

Saving diagnostic logs to the diagnostic log file is disabled.

Views

System view

Predefined user roles

network-admin

mdc-admin

Usage guidelines

This command enables the system to save generated diagnostic logs to the diagnostic log file for centralized management. This facilitates users in monitoring device activities and debugging problems.

Examples

# Enable saving diagnostic logs into the diagnostic log file.

<Sysname> system-view

[Sysname] info-center diagnostic-logfile enable

info-center diagnostic-logfile frequency

Use info-center diagnostic-logfile frequency to configure the interval at which the system saves diagnostic logs from the diagnostic log buffer to the diagnostic log file.

Use undo info-center diagnostic-logfile frequency to restore the default saving interval.

Syntax

info-center diagnostic-logfile frequency freq-sec

undo info-center diagnostic-logfile frequency

Default

The default saving interval is 86400 seconds.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

freq-sec: Specifies the interval at which the system saves diagnostic logs from the diagnostic log file buffer to the diagnostic log file, in seconds. The value range is 10 to 86400, and the default is 86400.

Usage guidelines

The system saves diagnostic logs in the diagnostic log buffer, and outputs the buffered diagnostic logs to the diagnostic log file at the specified interval.

Examples

# Configure the system to save diagnostic logs from the diagnostic log file buffer to the diagnostic log file every 600 seconds.

<Sysname> system-view

[Sysname] info-center diagnostic-logfile frequency 600

Related commands

info-center diagnostic-logfile enable

info-center diagnostic-logfile quota

Use info-center diagnostic-logfile quota to set the maximum size of the diagnostic log file.

Use undo info-center diagnostic-logfile quota to restore the default.

Syntax

info-center diagnostic-logfile quota size

undo info-center diagnostic-logfile quota

Default

The maximum size of the diagnostic log file is 10 MB.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

size: Specifies the maximum size of the diagnostic log file, in the range of 1 to 10 MB.

Examples

# Set the maximum size of the diagnostic log file to 6 MB.

<Sysname> system-view

[Sysname] info-center diagnostic-logfile quota 6

info-center diagnostic-logfile directory

Use info-center diagnostic-logfile directory to configure the directory to save the diagnostic log file.

Syntax

info-center diagnostic-logfile directory dir-name

Default

The diagnostic log file is saved in the diagfile directory under the root directory of the storage device.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

dir-name: Specifies a directory by its name, a string of 1 to 511 characters.

Usage guidelines

The specified directory must have been created.

This command cannot survive a reboot or an active/standby switchover. (In standalone mode.)

This command cannot survive an IRF reboot or a global active/standby switchover in an IRF fabric. (In IRF mode.)

Examples

# Set the directory to save the diagnostic log file to flash:/test.

<Sysname> mkdir test

Creating directory flash:/test... Done.

<Sysname> system-view

[Sysname] info-center diagnostic-logfile directory flash:/test

info-center logfile overwrite-protection

Use info-center logfile overwrite-protection to enable log file overwrite-protection. When the log file is full or the storage device runs out of space, the device does not write new logs into the log file.

Use undo info-center logfile overwrite-protection to disable log file overwrite-protection. When the log file is full or the storage device runs out of space, the device overwrites the earliest logs in the log file with new logs.

Syntax

info-center logfile overwrite-protection [ all-port-powerdown ]

undo info-center logfile overwrite-protection

Default

Logfile overwrite-protection is disabled.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

all-port-powerdown: Shuts down all the physical ports except for the management port and IRF ports when the log file is full or the storage device runs out of space.

Usage guidelines

This command is supported only in FIPS mode.

If the all-port-powerdown keyword is specified in this command, the device shuts down all the physical ports except for the management port and IRF ports when the log file is full or the storage device runs out of space. When this occurs, back up the log file, delete the original log file to release the storage space, and then bring up the ports.

Examples

# Enable log file overwrite-protection.

<Sysname> system-view

[Sysname] info-center logfile overwrite-protection

info-center enable

Use info-center enable to enable the information center.

Use undo info-center enable to disable the information center.

Syntax

info-center enable

undo info-center enable

Default

The information center is enabled.

Views

System view

Predefined user roles

network-admin

mdc-admin

Examples

# Enable the information center.

<Sysname> system-view

[Sysname] info-center enable

Information center is enabled.

info-center format

Use info-center format to set the format of logs sent to a log host.

Use undo info-center format to restore the default.

Syntax

info-center format { unicom | cmcc }

undo info-center format

Default

Logs are sent to a log host in H3C format.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

unicom: Specifies the unicom format.

cmcc: Specifies the China Mobile Communications Corporation (cmcc) format.

Usage guidelines

Logs can be sent to a log host in H3C, unicom, or cmcc format. For more information about log formats, see Network Management and Monitoring Configuration Guide.

Examples

# Set the log format to unicom for logs sent to a log host.

<Sysname> system-view

[Sysname] info-center format unicom

info-center logbuffer

Use info-center logbuffer to configure log output to the log buffer.

Use undo info-center logbuffer to disable log output to the log buffer.

Syntax

info-center logbuffer

undo info-center logbuffer

Default

Logs are allowed to be output to the log buffer.

Views

System view

Predefined user roles

network-admin

mdc-admin

Examples

# Configure output of log information to the log buffer.

<Sysname> system-view

[Sysname] info-center logbuffer

Related commands

· display logbuffer

· info-center enable

info-center logbuffer size

Use info-center logbuffer size to set the maximum number of logs that can be stored in the log buffer.

Use undo info-center logbuffer size to restore the default.

Syntax

info-center logbuffer size buffersize

undo info-center logbuffer size

Default

The log buffer can store up to 512 logs.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

buffersize: Specifies the maximum number of logs that can be stored in the log buffer. The value range is 0 to 65535, and the default is 512.

Examples

# Set the maximum number of logs that can be stored in a log buffer to 50.

<Sysname> system-view

[Sysname] info-center logbuffer size 50

# Restore the default maximum log buffer size.

<Sysname> system-view

[Sysname] undo info-center logbuffer size

Related commands

· display logbuffer

· info-center enable

info-center logfile enable

Use info-center logfile enable to enable the log file feature.

Use undo info-center logfile enable to disable the log file feature.

Syntax

info-center logfile enable

undo info-center logfile enable

Default

The log file feature is enabled.

Views

System view

Predefined user roles

network-admin

mdc-admin

Examples

# Enable the output of logs to a log file.

<Sysname> system-view

[Sysname] info-center logfile enable

info-center logfile frequency

Use info-center logfile frequency to configure the interval for saving logs to the log file.

Use undo info-center logfile frequency to restore the default saving interval.

Syntax

info-center logfile frequency freq-sec

undo info-center logfile frequency

Default

The default saving interval is 86400 seconds.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

freq-sec: Specifies the interval at which the system saves logs to the log file, in the range of 1 to 86400 seconds. The default setting is 86400 seconds.

Usage guidelines

With this command executed, the system saves logs in the log file buffer to the log file at the specified interval.

Examples

# Set the log file saving interval to 60000 seconds.

<Sysname> system-view

[Sysname] info-center logfile frequency 60000

Related commands

info-center logfile enable

info-center logfile size-quota

Use info-center logfile size-quota to set the maximum size of the log file.

Use undo info-center logfile size-quota to restore the default.

Syntax

info-center logfile size-quota size

undo info-center logfile size-quota

Default

The maximum size of the log file is 10 MB.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

size: Specifies the maximum size of the log file, in MB.

Usage guidelines

When the log file is full, the system overwrites the earliest logs in the log file with new logs.

Examples

# Set the maximum size of the log file to 6 MB.

<Sysname> system-view

[Sysname] info-center logfile size-quota 6

Related commands

info-center logfile enable

info-center logfile directory

Use info-center logfile directory to configure the directory where the log file is saved.

Syntax

info-center logfile directory dir-name

Default

The log file is saved in the flash:/logfile directory.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

dir-name: Specifies a directory by its name, a string of 1 to 511 characters.

Usage guidelines

The specified directory must have been created.

The suffix of a log file is .log. When the default directory has no enough space for storing the log file, you can specify a new directory for the log file.

This command cannot survive a reboot or an active/standby switchover. (In standalone mode.)

This command cannot survive an IRF reboot or a global active/standby switchover in an IRF fabric. (In IRF mode.)

Examples

# Create a directory named test under the root directory of the flash.

<Sysname> mkdir test

Creating directory flash:/test... Done.

# Set the directory to save the log file to flash:/test.

<Sysname> system-view

[Sysname] info-center logfile directory flash:/test

Related commands

info-center logfile enable

info-center logging suppress duplicates

Use info-center logging suppress duplicates to enable duplicate log suppression.

Use undo info-center logging suppress duplicate to restore the default.

Syntax

info-center logging suppress duplicates

undo info-center logging suppress duplicates

Default

Duplicate log suppression is disabled.

Views

System view

Predefined user roles

network-admin

mdc-admin

Usage guidelines

Outputting consecutive duplicate logs at an interval of less than 30 seconds wastes system and network resources.

With this feature enabled, the system starts a suppression period when outputting a new log:

· During the suppression period, the system does not output logs with the same module name, level, mnemonic, location, and text as the previous log.

· After the suppression period expires, if the same log continues to appear, the system outputs the suppressed logs and the log number and starts another suppression period. The suppression period is 30 seconds the first time, 2 minutes the second time, and 10 minutes for subsequent times.

· If a different log is generated during the suppression period, the system aborts the current suppression period, outputs suppressed logs and the log number and then outputs the new log, starting another suppression period.

Examples

Suppose the IP address of Vlan-interface100 on device A conflicts with that of another device on the network, device A will output the following log information repeatedly:

%Jan 1 07:27:48:636 2000 Sysname ARP/6/DUPIFIP:

Duplicate address 172.16.0.1 on interface Vlan-interface100, sourced from 00e0-fc58-123d

# Enable duplicate log suppression on device A.

<Sysname> system-view

[Sysname] info-center logging suppress duplicates

Device A continues to output the following log information:

%Jan 1 07:27:48:636 2000 Sysname ARP/6/DUPIFIP:

Duplicate address 172.16.0.1 on interface Vlan-interface100, sourced from 00e0-fc58-123d

%Jan 1 07:28:19:639 2000 Sysname ARP/6/DUPIFIP:

Duplicate address 172.16.0.1 on interface Vlan-interface100, sourced from 00e0-fc58-123d

This message repeated 4 times in last 30 seconds.

The output shows that after the duplicate log suppression function is enabled, the system outputs another duplicate log and starts the first suppression period for 30 seconds.

%Jan 1 07:30:19:643 2000 Sysname ARP/6/DUPIFIP:

Duplicate address 172.16.0.1 on interface Vlan-interface100, sourced from 00e0-fc58-123d

This message repeated 20 times in last 2 minutes.

The output shows the second suppression period lasts for 2 minutes.

%Jan 1 07:30:20:541 2000 Sysname ARP/6/DUPIFIP:

Duplicate address 172.16.0.1 on interface Vlan-interface100, sourced from 00e0-fc58-123d

This message repeated 1 times in last 1 second.

%Jan 1 07:30:19:542 2000 Sysname CFGMAN/5/CFGMAN_CFGCHANGED: -EventIndex=[12]-CommandSource=[2]-ConfigSource=[4]-ConfigDestination=[2]; Configuration is changed.

The output shows that a different log is generated during the suppression period.

%Jan 1 07:30:24:643 2000 Sysname ARP/6/DUPIFIP:

Duplicate address 172.16.0.1 on interface Vlan-interface100, sourced from 00e0-fc58-123d

%Jan 1 07:30:55:645 2000 Sysname ARP/6/DUPIFIP:

Duplicate address 172.16.0.1 on interface Vlan-interface100, sourced from 00e0-fc58-123d

This message repeated 4 times in last 30 seconds.

The output shows that the system starts another suppression period.

info-center loghost

Use info-center loghost to specify a log host and to configure output parameters.

Use undo info-center loghost to restore the default.

Syntax

info-center loghost [ vpn-instance vpn-instance-name ] loghost [ port port-number ] [ facility local-number ]

undo info-center loghost [ vpn-instance vpn-instance-name ] loghost

Default

No log host is specified.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters. If the log host is on the public network, do not specify this option.

loghost: Specifies the IPv4 address or name of a log host.

port port-number: Specifies the port number of the log host, in the range of 1 to 65535. The default is 514. It must be the same as the value configured on the log host. Otherwise, the log host cannot receive system information.

facility local-number: Specifies a logging facility from local0 to local7 for the log host. The default value is local7. Logging facilities are used to mark different logging sources, and query and filer logs.

Usage guidelines

The info-center loghost command takes effect only after information center is enabled with the info-center enable command.

The device supports up to four log hosts.

Examples

# Output logs to the log host 1.1.1.1.

<Sysname> system-view

[Sysname] info-center loghost 1.1.1.1

info-center loghost source

Use info-center loghost source to specify the source IP address for output logs.

Use undo info-center loghost source to restore the default.

Syntax

info-center loghost source interface-type interface-number

undo info-center loghost source

Default

The source IP address of output logs is the primary IP address of the matching route's egress interface.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

interface-type interface-number: Specifies the egress interface for logs by the interface type and interface number.

Usage guidelines

The system uses the primary IP address of the specified egress interface as the source IP address of log information no matter which physical interface is used to output the logs.

The info-center loghost source command takes effect only after the information center is enabled with the info-center enable command.

Examples

# Specify the IP address of interface loopback 0 as the source IP address of logs.

<Sysname> system-view

[Sysname] interface loopback 0

[Sysname-LoopBack0] ip address 2.2.2.2 32

[Sysname-LoopBack0] quit

[Sysname] info-center loghost source loopback 0

info-center source

Use info-center source to configure a log output rule for a module.

Use undo info-center source to restore the default.

Syntax

info-center source { module-name | default } { console | logbuffer | logfile | loghost | monitor } { deny | level severity }

undo info-center source { module-name | default } { console | logbuffer | logfile | loghost | monitor }

Default

Table 9 lists the default output rules.

Table 13 Default output rules

Destination	Source modules	Common log	Diagnostic log	Hidden log
Console	All supported modules	debugging	Disabled	Disabled
Monitor terminal	All supported modules	debugging	Disabled	Disabled
Log host	All supported modules	informational	Disabled	informational
Log buffer	All supported modules	informational	Disabled	informational
Log file	All supported modules	informational	Disabled	informational
Diagnostic log file	All supported modules, cannot be filtered	Disabled	Debugging, which cannot be filtered	Disabled

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

module-name: Specifies a module by its name. For instance, to output FTP information, specify this argument as FTP. You can use the info-center source ? command to view the modules supported by the device.

default: Specifies all modules, which can be displayed by using the info-center source ? command.

console: Outputs logs to the console.

logbuffer: Outputs logs to the log buffer.

logfile: Outputs logs to a log file.

loghost: Outputs logs to the log host.

monitor: Outputs logs to the monitor terminal.

deny: Disables log output.

level severity: Specifies a severity level in the range of 0 to 7. The smaller the severity value, the higher the severity level. See Table 9 for more information. Logs at the specified severity level and higher levels are allowed or denied to be output.

Usage guidelines

If you do not set an output rule for a module, the module uses the default output rule or the output rule set by using the default keyword.

If you use the command multiple times, only the most recent output rule takes effect for the specified module.

After you set an output rule for a module, you must use the module-name argument to modify or remove the rule. A new output rule configured by using the default keyword does not take effect on the module.

Examples

# Output only VLAN module's information with a severity level of at least emergency to the console.

<Sysname> system-view

[Sysname] info-center source default console deny

[Sysname] info-center source vlan console level emergency

# Based on the previous configuration, disable output of VLAN module's information to the console so no system information is output to the console.

<Sysname> system-view

[Sysname] undo info-center source vlan console

info-center synchronous

Use info-center synchronous to enable synchronous information output.

Use undo info-center synchronous to disable synchronous information output.

Syntax

info-center synchronous

undo info-center synchronous

Default

Synchronous information output is disabled.

Views

System view

Predefined user roles

network-admin

mdc-admin

Usage guidelines

The system log output interrupts ongoing configuration operations, obscuring previously input commands before the logs. Synchronous information output can show the previous input after log output. It also provides a command prompt in command editing mode, or a [Y/N] string in interaction mode so you can continue your operation from where you were stopped.

Examples

# Enable synchronous information output, and then issue the display current-configuration command to view the current configuration of the device.

<Sysname> system-view

[Sysname] info-center synchronous

Info-center synchronous output is on

[Sysname] display current-

At this time, the system receives log information. It displays the log information first, and then displays your previous input, which is display current- in this example.

%May 21 14:33:19:425 2007 Sysname SHELL/4/LOGIN: VTY login from 192.168.1.44

[Sysname] display current-

Enter configuration to complete the display current-configuration command, and press the Enter key to execute the command.

# Enable synchronous information output, and then save the current configuration (enter interactive information).

<Sysname> system-view

[Sysname] info-center synchronous

Info-center synchronous output is on

[Sysname] save

The current configuration will be written to the device. Are you sure? [Y/N]:

At this time, the system receives the log information. It displays the log information first and then displays [Y/N].

%May 21 14:33:19:425 2007 Sysname SHELL/4/LOGIN: VTY login from 192.168.1.44

[Y/N]:

Enter Y or N to complete your input.

info-center syslog min-age

Use info-center syslog min-age to set the minimum storage period for logs in the log buffer and log file.

Use undo info-center syslog min-age to restore the default.

Syntax

info-center syslog min-age min-age

undo info-center syslog min-age

Default

The log minimum storage period is not set.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

min-age: Sets the log minimum storage period in hours. The value range is 1 to 8760.

Examples

# Set the log minimum storage period to 168 hours.

<Sysname> system-view

[Sysname] info-center syslog min-age 168

info-center timestamp

Use info-center timestamp to configure the timestamp format for logs sent to the console, monitor terminal, log buffer, and log file.

Use undo info-center timestamp to restore the default.

Syntax

info-center timestamp { boot | date | none }

undo info-center timestamp

Default

The timestamp format for logs sent to the console, monitor terminal, log buffer, and log file is date.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

boot: Sets the timestamp format to xxx.yyy, where xxx is the most significant 32 bits (in milliseconds) and yyy is the least significant 32 bits. For example, 0.21990989 equals Jun 25 14:09:26:881 2007. The boot time shows the time since system startup.

date: Sets the timestamp format to MMM DD hh:mm:ss:xxx YYYY, such as Dec 8 10:12:21:708 2007. The date time shows the current system time.

· MMM: Abbreviations of the months in English, which could be Jan, Feb, Mar, Apr, May, Jun, Jul, Aug, Sep, Oct, Nov, or Dec.

· DD: Date, starting with a space if it is less than 10, for example " 7".

· hh:mm:ss:xxx: Local time, with hh in the range of 00 to 23, mm and ss in the range of 00 to 59, and xxx in the range of 0 to 999.

· YYYY: Year.

none: Indicates no time information is provided.

Examples

# Set the timestamp format to boot for logs sent to the console, monitor terminal, log buffer, and log file.

<Sysname> system-view

[Sysname] info-center timestamp boot

Related commands

info-center timestamp loghost

Use info-center timestamp loghost to configure the timestamp format for logs sent to log hosts.

Use undo info-center timestamp loghost to restore the default.

Syntax

info-center timestamp loghost { date | iso | no-year-date | none }

undo info-center timestamp loghost

Default

The timestamp format for logs sent to log hosts is date.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

date: Sets the timestamp format to mmm dd hh:mm:ss yyyy, such as Dec 8 10:12:21 2007. The date time shows the current system time.

iso: Sets the ISO 8601 timestamp format, for example, 2009-09-21T15:32:55.

no-year-date: Sets the timestamp format to the current system date and time without year.

none: Indicates that no timestamp information is provided.

Examples

# Set the timestamp format to no-year-date for logs sent to log hosts.

<Sysname> system-view

[Sysname] info-center timestamp loghost no-year-date

Related commands

info-center timestamp

info-center trace-logfile quota

Use info-center trace-logfile quota to set the maximum size of the trace log file.

Use undo info-center trace-logfile quota to restore the default.

Syntax

info-center trace-logfile quota size

undo info-center trace-logfile quota

Default

The maximum size of the trace log file is 1 MB.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

size: Specifies the maximum size of the trace log file, in MB.

Examples

# Set the maximum size of the trace log file to 6 MB.

<Sysname> system-view

[Sysname] info-center trace-logfile quota 6

logfile save

Use logfile save to manually save logs in the log file buffer into the log file.

Syntax

logfile save

Views

Any view

Predefined user roles

network-admin

mdc-admin

Usage guidelines

You can specify the directory to save the log file with the info-center logfile directory command.

The system clears the log file buffer after saving logs from the buffer to the log file automatically or manually.

Examples

# Manually save logs from the log file buffer into the log file.

<Sysname> logfile save

The contents in the log file buffer have been saved to the file flash:/logfile/logfile.log.

Related commands

· info-center logfile enable

· info-center logfile directory

reset logbuffer

Use reset logbuffer to clear the log buffer.

Syntax

reset logbuffer

Views

User view

Predefined user roles

network-admin

mdc-admin

Examples

# Clear the log buffer.

<Sysname> reset logbuffer

Related commands

display logbuffer

terminal debugging

Use terminal debugging to enable the display of debug information on the current terminal.

Use undo terminal debugging to disable the display of debug information on the current terminal.

Syntax

terminal debugging

undo terminal debugging

Default

The display of debug information is disabled on the current terminal.

Views

User view

Predefined user roles

network-admin

mdc-admin

Usage guidelines

To view the debug information on the console, execute the terminal debugging command, enable the information center (enabled by default), and use a debugging command to enable the related debugging.

To view debug information on the current terminal, execute the terminal monitor and terminal debugging commands, enable the information center (enabled by default), and use a debugging command to enable the related debugging.

The configuration of this command is only valid for the current connection between the terminal and the device. If a new connection is established, the default is restored.

You can also execute the terminal logging level 7 command to enable the display of debug information on the current terminal. However, this command also enables the display of all other log information.

Examples

# Enable the display of debug information on the current terminal.

<Sysname> terminal debugging

The current terminal is enabled to display debugging information.

Related commands

· terminal logging level

· terminal monitor

terminal logging level

Use terminal logging level to set the lowest level of the logs that can be output to the current terminal.

Use undo terminal logging level to restore the default.

Syntax

terminal logging level severity

undo terminal logging level

Default

The lowest level of the logs that can be output to the console and the monitor terminal is 6 (Informational).

Views

User view

Predefined user roles

network-admin

mdc-admin

Parameters

severity: Specifies the lowest level of the logs that can be output to the current terminal, in the range of 0 to 7.

Usage guidelines

If you specify the lowest level of the logs that can be output to the current terminal, the device outputs the logs with a severity level higher than or equal to the specified level. For example, if you set the lowest level of the logs that can be output to the current terminal to 6 (informational), logs with a severity value from 0 to 6 will be output.

The configuration of this command is valid for only the current connection between the terminal and the device. If a new connection is established, the display of logs on the terminal restores the default.

Examples

# Set the lowest level of the logs that can be output on the monitor terminal to 7 (Debugging).

<Sysname> terminal logging level 7

terminal monitor

Use terminal monitor to enable the monitoring of logs on the current terminal.

Use undo terminal monitor to disable the monitoring of logs on the current terminal.

Syntax

terminal monitor

undo terminal monitor

Default

Monitoring of logs is enabled on the console and disabled on the monitor terminal.

Views

User view

Predefined user roles

network-admin

mdc-admin

Usage guidelines

The configuration of this command is valid for only the current connection between the terminal and the device. If a new connection is established, the monitoring of system information on the terminal restores the default.

Examples

# Enable the monitoring of logs on the current terminal.

<Sysname> terminal monitor

Current terminal monitor is on.

SNMP commands

The device supports the FIPS mode that complies with NIST FIPS 140-2 requirements. Support for features, commands, and parameters might differ in FIPS mode and non-FIPS mode. For more information about FIPS mode, see Security Configuration Guide.

The SNMP agent sends notifications (traps and informs) to inform the NMS of significant events, such as link state changes and user logins or logouts. Unless otherwise stated, the trap keyword in the command line includes both traps and informs.

display snmp-agent community

Use display snmp-agent community to display SNMPv1 or SNMPv2c community information.

Syntax

display snmp-agent community [ read | write ]

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Parameters

read: Displays information about SNMP read-only communities.

write: Displays information about SNMP read and write communities.

Usage guidelines

This command is supported only in non-FIPS mode.

If no keyword is specified, this command displays information about all SNMPv1 and SNMPv2c communities that have been created, including those configured with the snmp-agent community command and those automatically created by the system for SNMPv1 and SNMPv2c users that have been assigned to an existing SNMP group.

Examples

# Display information about all SNMPv1 and SNMPv2c communities.

<Sysname> display snmp-agent community

Community name: aa

Group name: aa

ACL:2001

Storage-type: nonVolatile

Context name: con1

Community name: bb

Group name: bb

Storage-type: nonVolatile

Community name: userv1

Group name: testv1

Storage-type: nonVolatile

Table 14 Command output

Field	Description
Community name	Displays the community name created by using the snmp-agent community command or the username created by using the snmp-agent usm-user { v1 \| v2c } command.
Group name	SNMP group name. · If the community is created by using the snmp-agent community command, the group name is the same as the community name. · If the community is created by using the snmp-agent usm-user { v1 \| v2c } command, the name of the group that has the user is displayed.
Role name	User role name for the community. If the community is created by using the snmp-agent community command in RBAC mode, a user role can be bound to the community name.
ACL	Number of the ACL that controls the access of the NMSs in the community to the device. Only the NMSs with the IP addresses permitted in the ACL can access the device with the community name.
Storage-type	Storage type: · volatile—Settings are lost when the system reboots. · nonVolatile—Settings remain after the system reboots. · permanent—Settings remain after the system reboots and can be modified but not deleted. · readOnly—Settings remain after the system reboots and cannot be modified or deleted. · other—Any other storage type.
Context name	SNMP context: · If a mapping between an SNMP community and an SNMP context is configured, the SNMP context is displayed. · If no mapping between an SNMP community and an SNMP context exists, this field is not displayed.

Related commands

· snmp-agent community

· snmp-agent usm-user { v1 | v2c }

display snmp-agent context

Use display snmp-agent context to display an SNMP context.

Syntax

display snmp-agent context [ context-name ]

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Parameters

context-name: Specifies an SNMP context by its name, a case-sensitive string of 1 to 32 characters. If no SNMP context is specified, the command displays all SNMP contexts created on the device.

Examples

# Display all SNMP contexts created on the device.

<Sysname> display snmp-agent context

snmpcontext

infocontext

Related commands

snmp-agent context

display snmp-agent group

Use display snmp-agent group to display SNMP group information, including the group name, security model, MIB view, and storage-type.

Syntax

display snmp-agent group [ group-name ]

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Parameters

group-name: Specifies an SNMPv1, SNMPv2c, or SNMPv3 group name in non-FIPS mode, and specifies an SNMPv3 group name in FIPS mode, a case-sensitive string of 1 to 32 characters.

Usage guidelines

If no group is specified, this command displays information about all SNMP groups.

Examples

# Display information about all SNMP groups.

<Sysname> display snmp-agent group

Group name: groupv3

Security model: v3 noAuthnoPriv

Readview: ViewDefault

Writeview: <no specified>

Notifyview: <no specified>

Storage-type: nonVolatile

Table 15 Command output

Field	Description
Group name	SNMP group name.
Security model	Security model of the SNMP group: · authPriv—authentication with privacy. · authNoPriv—authentication without privacy. · noAuthNoPriv—no authentication, no privacy. Security model of an SNMPv1 or SNMPv2c group can only be noAuthNoPriv.
Readview	Read-only MIB view accessible to the SNMP group.
Writeview	Write MIB view accessible to the SNMP group.
Notifyview	Notify MIB view for the SNMP group. The SNMP users in the group can send notifications only for the nodes in the notify MIB view.
Storage-type	Storage type, including volatile, nonvolatile, permanent, readOnly, and other (see Table 14).

Related commands

snmp-agent group

display snmp-agent local-engineid

Use display snmp-agent local-engineid to display the local SNMP engine ID.

Syntax

display snmp-agent local-engineid

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Usage guidelines

Every SNMP agent has one SNMP engine to provide services for sending and receiving messages, authenticating and encrypting messages, and controlling access to managed objects.

The local SNMP engine ID uniquely identifies the SNMP engine of the SNMP agent in an SNMP domain.

Examples

# Display the local engine ID.

<Sysname> display snmp-agent local-engineid

SNMP local engine ID: 800007DB7F0000013859

Related commands

snmp-agent local-engineid

display snmp-agent mib-node

Use display snmp-agent mib-node to display SNMP MIB node information.

Syntax

display snmp-agent mib-node [ details | index-node | trap-node | verbose ]

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Parameters

details: Specifies detailed MIB node information, including node name, last octet of an OID string, and name of the next leaf node.

index-node: Specifies SNMP MIB tables, and node names and OIDs of MIB index nodes.

trap-node: Specifies node names and OIDs of MIB notification nodes, and node names and OIDs of notification objects.

verbose: Specifies detailed information about SNMP MIB nodes, including node names, OIDs, node types, permissions to MIB nodes, data types, MORs, and parent, child, and sibling nodes.

Usage guidelines

If no keywords are specified, the command displays information about all SNMP MIB nodes, including node name, OID, and permissions to MIB nodes.

The SNMP software package includes different MIB files. Support for MIBs varies with SNMP software versions.

Examples

# Display SNMP MIB node information.

<Sysname> display snmp-agent mib-node

iso<1>(NA)

|-std<1.0>(NA)

|-iso8802<1.0.8802>(NA)

|-ieee802dot1<1.0.8802.1>(NA)

|-ieee802dot1mibs<1.0.8802.1.1>(NA)

|-lldpMIB<1.0.8802.1.1.2>(NA)

|-lldpNotifications<1.0.8802.1.1.2.0>(NA)

|-lldpNotificationPrefix<1.0.8802.1.1.2.0.0>(NA)

|-lldpRemTablesChange<1.0.8802.1.1.2.0.0.1>(NA)

|-lldpObjects<1.0.8802.1.1.2.1>(NA)

|-lldpConfiguration<1.0.8802.1.1.2.1.1>(NA)

|-*lldpMessageTxInterval<1.0.8802.1.1.2.1.1.1>(RW)

|-*lldpMessageTxHoldMultiplier<1.0.8802.1.1.2.1.1.2>(RW)

|-*lldpReinitDelay<1.0.8802.1.1.2.1.1.3>(RW)

Table 16 Command output

Field	Description
-std	MIB node name.
<1.0>	OID of a MIB node.
(NA)	Permissions to MIB nodes: NA—Not accessible. NF—Supports notifications. RO—Supports read-only access. RW—Supports read and write access. RC—Supports read-write-create access. WO—Supports write-only access.
*	Leaf node or MIB table node.

# Display detailed MIB node information.

<Sysname> display snmp-agent mib-node details

iso(1)(lldpMessageTxInterval)

|-std(0)(lldpMessageTxInterval)

|-iso8802(8802)(lldpMessageTxInterval)

|-ieee802dot1(1)(lldpMessageTxInterval)

|-ieee802dot1mibs(1)(lldpMessageTxInterval)

|-lldpMIB(2)(lldpMessageTxInterval)

|-lldpNotifications(0)(lldpMessageTxInterval)

|-lldpNotificationPrefix(0)(lldpMessageTxInterval)

|-lldpRemTablesChange(1)(NULL)

|-lldpObjects(1)(lldpMessageTxInterval)

|-lldpConfiguration(1)(lldpMessageTxInterval)

|-*lldpMessageTxInterval(1)(lldpMessageTxHoldMultiplier)

|-*lldpMessageTxHoldMultiplier(2)(lldpReinitDelay)

|-*lldpReinitDelay(3)(lldpTxDelay)

|-*lldpTxDelay(4)(lldpNotificationInterval)

|-*lldpNotificationInterval(5)(lldpPortConfigPortNum)

|-lldpPortConfigTable(6)(lldpPortConfigPortNum)

|-lldpPortConfigEntry(1)(lldpPortConfigPortNum)

|-*lldpPortConfigPortNum(1)(lldpPortConfigAdminStatus)

|-*lldpPortConfigAdminStatus(2)(lldpPortConfigNotificationEnable)

|-*lldpPortConfigNotificationEnable(3)(lldpPortConfigTLVsTxEnable)

|-*lldpPortConfigTLVsTxEnable(4)(lldpConfigManAddrPortsTxEnable)

Table 17 Command output

Field	Description
-std	MIB node name.
(0)	Last bit of a MIB OID string.
(lldpMessageTxInterval)	Name of a leaf node.
*	Leaf node or MIB table node.

# Display MIB table names, and node names and OIDs of MIB index nodes.

<Sysname> display snmp-agent mib-node index-node

Table |lldpPortConfigTable

Index ||lldpPortConfigPortNum

OID ||| 1.0.8802.1.1.2.1.1.6.1.1

Table |lldpConfigManAddrTable

Index ||lldpLocManAddrSubtype

OID ||| 1.0.8802.1.1.2.1.3.8.1.1

Index ||lldpLocManAddr

OID ||| 1.0.8802.1.1.2.1.3.8.1.2

Table |lldpStatsTxPortTable

Index ||lldpStatsTxPortNum

OID ||| 1.0.8802.1.1.2.1.2.6.1.1

Table |lldpStatsRxPortTable

Index ||lldpStatsRxPortNum

OID ||| 1.0.8802.1.1.2.1.2.7.1.1

Table |lldpLocPortTable

Index ||lldpLocPortNum

OID ||| 1.0.8802.1.1.2.1.3.7.1.1

Table 18 Command output

Field	Description
Table	MIB table name.
Index	Name of a MIB index node.
OID	OID of a MIB index node.

# Display names and OIDs of MIB notification nodes, and names and OIDs of notification objects.

<Sysname> display snmp-agent mib-node trap-node

Name |lldpRemTablesChange

OID ||1.0.8802.1.1.2.0.0.1

Trap Object

Name |||lldpStatsRemTablesInserts

OID ||||1.0.8802.1.1.2.1.2.2

Name |||lldpStatsRemTablesDeletes

OID ||||1.0.8802.1.1.2.1.2.3

Name |||lldpStatsRemTablesDrops

OID ||||1.0.8802.1.1.2.1.2.4

Name |||lldpStatsRemTablesAgeouts

OID ||||1.0.8802.1.1.2.1.2.5

Name |lldpXMedTopologyChangeDetected

OID ||1.0.8802.1.1.2.1.5.4795.0.1

Trap Object

Name |||lldpRemChassisIdSubtype

OID ||||1.0.8802.1.1.2.1.4.1.1.4

Name |||lldpRemChassisId

OID ||||1.0.8802.1.1.2.1.4.1.1.5

Name |||lldpXMedRemDeviceClass

OID ||||1.0.8802.1.1.2.1.5.4795.1.3.1.1.3

Table 19 Command output

Field	Description
Name	Name of a MIB notification node.
OID	OID of a MIB notification node.
Trap Object	Name and OID of a notification object.

# Display detailed information about SNMP MIB nodes, including node names, OIDs, node types, permissions to MIB nodes, data types, MORs, and parent, child, and sibling nodes.

<Sysname> display snmp-agent mib-node verbose

Name |lldpNotificationInterval

OID ||1.0.8802.1.1.2.1.1.5

Properties ||NodeType: Leaf

||AccessType: RW

||DataType: Integer32

||MOR: 0x020c1105

Parent ||lldpConfiguration

First child ||

Next leaf ||lldpPortConfigPortNum

Next sibling ||lldpPortConfigTable

Allow ||get/set/getnext

Value range || [5..3600]

Name |lldpPortConfigTable

OID ||1.0.8802.1.1.2.1.1.6

Properties ||NodeType: Table

||AccessType: NA

||DataType: NA

||MOR: 0x00000000

Parent ||lldpConfiguration

First child ||lldpPortConfigEntry

Next leaf ||lldpPortConfigPortNum

Next sibling ||lldpConfigManAddrTable

Name |lldpPortConfigEntry

OID ||1.0.8802.1.1.2.1.1.6.1

Properties ||NodeType: Row

||AccessType: NA

||DataType: NA

||MOR: 0x00000000

Parent ||lldpPortConfigTable

First child ||lldpPortConfigPortNum

Next leaf ||lldpPortConfigPortNum

Next sibling ||

Index ||[indexImplied:0, indexLength:1]:

Name |lldpPortConfigPortNum

OID ||1.0.8802.1.1.2.1.1.6.1.1

Properties ||NodeType: Column

||AccessType: NA

||DataType: Integer32

||MOR: 0x020c1201

Parent ||lldpPortConfigEntry

First child ||

Next leaf ||lldpPortConfigAdminStatus

Next sibling ||lldpPortConfigAdminStatus

Allow ||get/set/getnext

Index ||[indexImplied:0, indexLength:1]:

Value range || [1..4096]

Name |lldpPortConfigAdminStatus

OID ||1.0.8802.1.1.2.1.1.6.1.2

Properties ||NodeType: Column

||AccessType: RW

||DataType: Integer

||MOR: 0x020c1202

Parent ||lldpPortConfigEntry

First child ||

Next leaf ||lldpPortConfigNotificationEnable

Next sibling ||lldpPortConfigNotificationEnable

Allow ||get/set/getnext

Index ||[indexImplied:0, indexLength:1]:

Value range ||

|| ['txOnly', 1]

|| ['rxOnly', 2]

|| ['txAndRx', 3]

|| ['disabled', 4]

Table 20 Command output

Field	Description
Name	MIB node name.
OID	OID of a MIB node.
NodeType	MIB node types: · Table—Table node. · Row—Row node in a MIB table. · Column—Column node in a MIB table. · Leaf—Leaf node. · Group—Group node (parent node of a leaf node). · Trapnode—Notification node. · Other—Other node types.
AccessType	Permissions to MIB nodes: · NA—Not accessible. · NF—Supports notifications. · RO—Supports read-only access. · RW—Supports read and write access. · RC—Supports read-write-create access. · WO—Supports write-only access.
DataType	Data types of MIB nodes: · Integer—An integer. · Integer32—A 32-bit integer. · Unsigned32—A 32-bit integer with no mathematical sign. · Gauge—A non-negative integer that might increase or decrease. · Gauge32—A 32-bit non-negative integer that might increase or decrease. · Counter—A non-negative integer that might increase but not decrease. · Counter32—A 32-bit non-negative integer that might increase but not decrease. · Counter64—A 64-bit non-negative integer that might increase but not decrease. · Timeticks—A non-negative integer for time keeping. · Octstring—An octal string. · OID—Object identifier. · IPaddress—A 32-bit IP address. · Networkaddress—A network IP address. · Opaque—Any data. · Userdefined—User-defined data. · BITS—Bit enumeration.
MOR	MOR for a MIB node.
Parent	Name of a parent node.
First child	Name of the first leaf node.
Next leaf	Name of the next leaf node.
Next sibling	Name of the next sibling node.
Allow	Operation types allowed: · get/set/getnext—All operations. · get—Get operation. · set—Set operation. · getnext—GetNext operation.
Value range	Value range of a MIB node.
Index	Table index. This field appears only for a table node.

display snmp-agent mib-view

Use display snmp-agent mib-view to display MIB views.

Syntax

display snmp-agent mib-view [ exclude | include | viewname view-name ]

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Parameters

exclude: Displays the subtrees excluded from any MIB view.

include: Displays the subtrees included in any MIB view.

viewname view-name: Displays information about the specified MIB view.

Usage guidelines

If you do not specify any parameter, this command displays all MIB views.

Examples

# Display all MIB views.

<Sysname> display snmp-agent mib-view

View name: ViewDefault

MIB Subtree: iso

Subtree mask:

Storage-type: nonVolatile

View Type: included

View status: active

View name: ViewDefault

MIB Subtree: snmpUsmMIB

Subtree mask:

Storage-type: nonVolatile

View Type: excluded

View status: active

View name: ViewDefault

MIB Subtree: snmpVacmMIB

Subtree mask:

Storage-type: nonVolatile

View Type: excluded

View status: active

View name: ViewDefault

MIB Subtree: snmpModules.18

Subtree mask:

Storage-type: nonVolatile

View Type: excluded

View status: active

ViewDefault is the default MIB view. The output shows that except for the MIB objects in the snmpUsmMIB, snmpVacmMIB, and snmpModules.18 subtrees, all the MIB objects in the iso subtree are accessible.

Table 21 Command output

Field	Description
View name	MIB view name.
MIB Subtree	MIB subtree covered by the MIB view.
Subtree mask	MIB subtree mask.
Storage-type	Type of the medium (see Table 14) where the subtree view is stored.
View Type	Access privilege for the MIB subtree in the MIB view: · Included—All objects in the MIB subtree are accessible in the MIB view. · Excluded—None of the objects in the MIB subtree is accessible in the MIB view.
View status	Status of the MIB view: · active—MIB view is effective. · inactive—MIB view is ineffective. MIB views are active upon their creation at the CLI. To temporarily disable a MIB view without deleting it, you can perform an SNMP set operation to set its status to inactive.

Related commands

snmp-agent mib-view

display snmp-agent remote

Use display snmp-agent remote to display remote SNMP engine IDs configured by using the snmp-agent remote command.

Syntax

display snmp-agent remote [ ip-address [ vpn-instance vpn-instance-name ] ]

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Parameters

ip-address: Specifies the IP address of a remote SNMP entity to display its SNMP engine ID.

vpn-instance vpn-instance-name: Specifies the VPN for a remote SNMP entity. The vpn-instance-name argument specifies the name of the MPLS L3VPN, a case-sensitive string of 1 to 31 characters. If the remote SNMP entity is on a public network, do not specify this option.

Usage guidelines

Every SNMP agent has one SNMP engine to provide services for sending and receiving messages, authenticating and encrypting messages, and controlling access to managed objects.

If no IP address is specified, this command displays all remote SNMP engine IDs you have configured.

Examples

# Display all remote SNMP engine IDs.

<Sysname> display snmp-agent remote

Remote engined: 800063A28000A0FC00580400000001

IPv4 address: 1.1.1.1

VPN instance: vpn1

Table 22 Command output

Field	Description
Remote engined	Remote SNMP engine ID you have configured using the snmp-agent remote command.
IPv4 address	IPv4 address of the remote SNMP entity.
VPN instance	This field is available only if a VPN has been specified for the remote SNMP entity in the snmp-agent remote command.

Related commands

snmp-agent remote

display snmp-agent statistics

Use display snmp-agent statistics to display SNMP message statistics.

Syntax

display snmp-agent statistics

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Examples

# Display SNMP message statistics.

<Sysname> display snmp-agent statistics

1684 messages delivered to the SNMP entity.

5 messages were for an unsupported version.

0 messages used an unknown SNMP community name.

0 messages represented an illegal operation for the community supplied.

0 ASN.1 or BER errors in the process of decoding.

1679 messages passed from the SNMP entity.

0 SNMP PDUs had badValue error-status.

0 SNMP PDUs had genErr error-status.

0 SNMP PDUs had noSuchName error-status.

0 SNMP PDUs had tooBig error-status (Maximum packet size 1500).

16544 MIB objects retrieved successfully.

2 MIB objects altered successfully.

7 GetRequest-PDU accepted and processed.

7 GetNextRequest-PDU accepted and processed.

1653 GetBulkRequest-PDU accepted and processed.

1669 GetResponse-PDU accepted and processed.

2 SetRequest-PDU accepted and processed.

0 Trap PDUs accepted and processed.

0 alternate Response Class PDUs dropped silently.

0 forwarded Confirmed Class PDUs dropped silently.

Table 23 Command output

Field	Description
messages delivered to the SNMP entity	Number of messages that the SNMP agent has received.
messages were for an unsupported version	Number of messages that had an SNMP version not configured on the SNMP agent.
messages used an unknown SNMP community name	Number of messages that used an unknown SNMP community name.
messages represented an illegal operation for the community supplied	Number of messages carrying an operation that the community has no right to perform.
ASN.1 or BER errors in the process of decoding	Number of messages that had ASN.1 or BER errors during decoding.
messages passed from the SNMP entity	Number of messages sent by the SNMP agent.
SNMP PDUs had badValue error-status	Number of PDUs with a BadValue error.
SNMP PDUs had genErr error-status	Number of PDUs with a genErr error.
SNMP PDUs had noSuchName error-status	Number of PDUs with a NoSuchName error.
SNMP PDUs had tooBig error-status	Number of PDUs with a TooBig error (the maximum packet size is 1500 bytes).
MIB objects retrieved successfully	Number of MIB objects that have been successfully retrieved.
MIB objects altered successfully	Number of MIB objects that have been successfully modified.
GetRequest-PDU accepted and processed	Number of GetRequest requests that have been received and processed.
GetNextRequest-PDU accepted and processed	Number of getNext requests that have been received and processed.
GetBulkRequest-PDU accepted and processed	Number of getBulk requests that have been received and processed.
GetResponse-PDU accepted and processed	Number of get responses that have been received and processed.
SetRequest-PDU accepted and processed	Number of set requests that have been received and processed.
Trap PDUs accepted and processed	Number of notifications that have been received and processed.
alternate Response Class PDUs dropped silently	Number of dropped response packets.
forwarded Confirmed Class PDUs dropped silently	Number of forwarded packets that have been dropped.

display snmp-agent sys-info

Use display snmp-agent sys-info to display SNMP agent system information.

Syntax

display snmp-agent sys-info [ contact | location | version ] *

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Parameters

contact: Displays the system contact.

location: Displays the physical location of the device.

version: Displays the SNMP agent version.

Usage guidelines

If none of the parameters is specified, this command displays all SNMP agent system information.

Examples

# Display all SNMP agent system information.

<Sysname> display snmp-agent sys-info

The contact information of the agent:

Hangzhou H3C Tech. Co., Ltd.

The location information of the agent:

Hangzhou, China

The SNMP version of the agent:

SNMPv3

Related commands

snmp-agent sys-info

display snmp-agent trap queue

Use display snmp-agent trap queue to display basic information about the trap queue, including the trap queue name, queue size, and number of traps in the queue.

Syntax

display snmp-agent trap queue

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Examples

# Display the trap queue configuration and usage status.

<Sysname> display snmp-agent trap queue

Queue size: 100

Message number: 6

Related commands

· snmp-agent trap life

· snmp-agent trap queue-size

display snmp-agent trap-list

Use display snmp-agent trap-list to display modules that can generate SNMP notifications and their notification function status (enable or disable).

Syntax

display snmp-agent trap-list

Views

Any view

Usage guidelines

You can use the snmp-agent trap enable command to enable or disable the notification function of a module. For a module that has sub-modules, the notification function status is enable if the trap function of any of its sub-modules is enabled.

Examples

# Display the modules that can generate notification and their notification function status.

<Sysname> display snmp-agent trap-list

arp notification is disabled.

configuration notification is enabled.

l3vpn notification is enabled.

mac-address notification is enabled.

mpls notification is enabled.

ospf notification is enabled.

radius notification is disabled.

standard notification is enabled.

system notification is enabled.

Enabled notifications: 7; Disabled notifications: 2

Related commands

snmp-agent trap enable

display snmp-agent usm-user

Use display snmp-agent usm-user to display SNMPv3 user information.

Syntax

display snmp-agent usm-user [ engineid engineid | group group-name | username user-name ] *

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Parameters

engineid engineid: Displays SNMPv3 user information for the SNMP engine ID identified by engineid. When an SNMPv3 user is created, the system records the local SNMP entity engine ID. The user becomes invalid when the engine ID changes and becomes valid again when the recorded engine ID is restored.

group group-name: Displays SNMPv3 user information for a specified SNMP group name. The group name is case-sensitive.

username user-name: Displays information about the specified SNMPv3 user. The username is case-sensitive.

Usage guidelines

This command displays only SNMPv3 users that you have created by using the snmp-agent usm-user v3 command. To display SNMPv1 or SNMPv2c users created by using the snmp-agent usm-user { v1 | v2c } command, use the display snmp-agent community command.

Examples

# Display information about all SNMPv3 users.

<Sysname> display snmp-agent usm-user

Username: userv3

Group name: mygroupv3

Engine ID: 800063A203000FE240A1A6

Storage-type: nonVolatile

UserStatus: active

Username: userv3code

Group name: groupv3code

Engine ID: 800063A203000FE240A1A6

Storage-type: nonVolatile

UserStatus: active

Table 24 Command output

Field	Description
Username	SNMP username.
Group name	SNMP group name.
Engine ID	Engine ID that the SNMP agent used when the SNMP user was created.
Role name	SNMP user role name.
Storage-type	Storage type: · volatile. · nonvolatile. · permanent. · readOnly. · other. For more information about these storage types, see Table 14.
UserStatus	SNMP user status: · active—The SNMP user is effective. · notInService—The SNMP user is correctly configured but not activated. · notReady—The SNMP user configuration is incomplete. · other—Any other status. SNMP users are active upon their creation at the CLI. To temporarily disable an SNMP user without deleting it, you can perform an SNMP set operation to change its status.
ACL	Number of the ACL that controls the access of the SNMP user (the NMS) to the device. To access the device, the IP address of the NMS must be permitted in the ACL. This field appears only when an SNMP user is associated with an ACL rule.

Related commands

snmp-agent usm-user v3

enable snmp trap updown

Use enable snmp trap updown to enable link state notifications on an interface.

Use undo enable snmp trap updown to disable link state notifications on an interface.

Syntax

enable snmp trap updown

undo enable snmp trap updown

Default

Link state notifications are enabled.

Views

Interface view

Predefined user roles

network-admin

mdc-admin

Usage guidelines

For an interface to generate linkUp/linkDown notifications when its state changes, you must also enable the linkUp/linkDown notification function globally using the snmp-agent trap enable standard [ linkdown | linkup ] * command.

Examples

# Enable port Forty-GigabitEthernet 1/0/1 to send linkUp/linkDown SNMP traps to 10.1.1.1 in the community public.

<Sysname> system-view

[Sysname] snmp-agent trap enable

[Sysname] snmp-agent target-host trap address udp-domain 10.1.1.1 params securityname public

[Sysname] interface fortygige 1/0/1

[Sysname-FortyGigE1/0/1] enable snmp trap updown

Related commands

· snmp-agent target-host

· snmp-agent trap enable

snmp-agent

Use snmp-agent to enable the SNMP agent.

Use undo snmp-agent to disable the SNMP agent.

Syntax

snmp-agent

undo snmp-agent

Default

The SNMP agent is disabled.

Views

System view

Predefined user roles

network-admin

mdc-admin

Usage guidelines

The snmp-agent command is optional for an SNMP configuration task. The SNMP agent is automatically enabled when you execute any command that begins with snmp-agent except for the snmp-agent calculate-password command.

Examples

# Enable the SNMP agent.

<Sysname> system-view

[Sysname] snmp-agent

snmp-agent calculate-password

Use snmp-agent calculate-password to calculate a digest for the ciphertext authentication or privacy key converted from a plaintext key in SNMPv3.

Syntax

In non-FIPS mode:

snmp-agent calculate-password plain-password mode { 3desmd5 | 3dessha | md5 | sha } { local-engineid | specified-engineid engineid }

In FIPS mode:

snmp-agent calculate-password plain-password mode sha { local-engineid | specified-engineid engineid }

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

plain-password: Specifies a plaintext authentication or privacy key.

mode: Specifies the same authentication mode and privacy mode as configured in the snmp-agent usm-user v3 command. The encryption algorithms AES, 3DES, and DES are in descending order of security strength. DES is enough to meet general security requirements. The MD5 authentication algorithm is faster than SHA-1, while SHA-1 provides higher security than MD5.

· 3desmd5: Converts the plaintext privacy key to an encrypted key for 3DES encryption used in conjunction with MD5 authentication.

· 3dessha: Converts the plaintext privacy key to an encrypted key for 3DES encryption used in conjunction with SHA-1 authentication.

· md5: Converts the plaintext authentication key to a ciphertext key for MD5 authentication, or converts the plaintext privacy key to a ciphertext key for AES or DES encryption used in conjunction with MD5.

· sha: Converts the plaintext authentication key to a ciphertext key for SHA-1 authentication, or converts the plaintext privacy key to a ciphertext key for AES or DES encryption used in conjunction with SHA-1 authentication.

local-engineid: Uses the local engine ID to calculate the ciphertext key. You can configure the local engine ID by using the snmp-agent local-engineid command.

specified-engineid engineid: Uses a user-defined engine ID to calculate the ciphertext key. The engineid argument specifies an SNMP engine ID as a hexadecimal string. It must comprise an even number of hexadecimal characters, in the range of 10 to 64. All-zero and all-F strings are invalid.

Usage guidelines

Make sure the SNMP agent is enabled before you execute the snmp-agent calculate-password command.

For security purposes, use this command to calculate digests for ciphertext authentication and privacy keys when you create SNMPv3 users by using the snmp-agent usm-user v3 command.

The converted key is valid only under the engine ID specified for key conversion.

Examples

# Use the local engine and the SHA-1 algorithm to calculate a digest for the ciphertext key converted from the plaintext key authkey.

<Sysname> system-view

[Sysname] snmp-agent calculate-password authkey mode sha local-engineid

The encrypted key is: 09659EC5A9AE91BA189E5845E1DDE0CC

Related commands

· snmp-agent local-engineid

· snmp-agent usm-user v3

snmp-agent community

Use snmp-agent community to configure an SNMP community.

Use undo snmp-agent community to delete an SNMP community.

Syntax

In VACM mode:

snmp-agent community { read | write } [ simple | cipher ] community-name [ mib-view view-name ] [ acl acl-number ]

undo snmp-agent community { read | write } [ cipher ] community-name

In RBAC mode:

snmp-agent community [ simple | cipher ] community-name user-role role-name [ acl acl-number ]

undo snmp-agent community [ cipher ] community-name

Default

No SNMP community exists.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

read: Assigns the specified community the read only access to MIB objects. A read-only community can only inquire MIB information.

write: Assigns the specified community the read and write access to MIB objects. A read and write community can configure MIB information.

simple: Sets a community name in plain text. For security purposes, this community name is saved in cipher text.

cipher: Sets and saves the community name in cipher text.

community-name: Sets a case-sensitive community name. In plain text, the community name must be a string of 1 to 32 characters. In cipher text, the community name must be a string of 33 to 73 characters. Input a string as escape characters after a backslash (\).

mib-view view-name: Specifies the MIB view available for the community. The view-name argument represents a MIB view name, a string of 1 to 32 characters. A MIB view represents a set of accessible MIB objects. If no MIB view is specified, the specified community can access the MIB objects in the default MIB view ViewDefault.

user-role role-name: Specifies a user role name for the community, a case-sensitive string of 1 to 63 characters.

acl acl-number: Specifies a basic IPv4 ACL to filter NMSs by source IPv4 address. The acl-number argument represents an ACL number in the range of 2000 to 2999. In the specified community, only NMSs with an IPv4 address permitted in the ACL can access the SNMP agent. If no ACL is specified, or the specified ACL does not exist, all NMSs in the SNMP community can access the SNMP agent. If the specified ACL does not have any rules, no NMS in the SNMP community can access the SNMP agent.

Usage guidelines

This command is for SNMPv1 and SNMPv2c, and is supported only in non-FIPS mode.

To set and save a community name in plain text, do not specify the simple or cipher keyword.

You can create up to 10 SNMP communities by using the snmp-agent community command. To create more SNMP communities, use the snmp-agent usm-user { v1 | v2c } command.

An SNMPv1 or SNMPv2c community comprises a set of NMSs and SNMP agents, and is identified by a community name. An NMS and an SNMP agent must use the same community name to authenticate to each other.

Typically, public is used as the read-only community name and private is used as the read and write community name. To improve security, assign your SNMP communities a name other than public and private.

You can use the following modes to control access to MIB objects for an SNMP community:

· View-based Access Control Model—The VACM mode controls access to MIB objects by assigning MIB views to SNMP communities.

· Role based access control—The RBAC mode controls access to MIB objects by assigning user roles to SNMP communities.

¡ An SNMP community with a predefined user role network-admin, mdc-admin, or level-15 has read and write access to all MIB objects.

¡ An SNMP community with a predefined user role network-operator or mdc-operator has read-only access to all MIB objects.

¡ An SNMP community with a user role specified by the role command accesses MIB objects through the user role rules specified by the rule command.

For more information about user roles, see Fundamentals Configuration Guide.

If you create the same SNMP community with both modes multiple times, the most recent configuration takes effect.

For an NMS to access an agent:

· The RBAC mode requires the user role bound to the community name to have the same access right to MIB objects as the NMS.

· The VACM mode requires only the access right from the NMS to MIB objects.

The RBAC mode is more secure. As a best practice, use the RBAC mode to create an SNMP community.

Examples

# Create the read-only community readaccess in plain text so an SNMPv1 or SNMPv2c NMS can use the community name readaccess to read the MIB objects in the default view ViewDefault.

<Sysname> system-view

[Sysname] snmp-agent sys-info version v1 v2c

[Sysname] snmp-agent community read simple readaccess

# Create the read and write community writeaccess in plain text so only the SNMPv2c NMS at 1.1.1.1 can use the community name writeaccess to read or set the MIB objects in the default view ViewDefault.

<Sysname> system-view

[Sysname] acl number 2001

[Sysname-acl-basic-2001] rule permit source 1.1.1.1 0.0.0.0

[Sysname-acl-basic-2001] rule deny source any

[Sysname-acl-basic-2001] quit

[Sysname] snmp-agent sys-info version v2c

[Sysname] snmp-agent community write simple writeaccess acl 2001

# Create the read and write community wr-sys-acc in plain text so an SNMPv1 or SNMPv2c NMS can use the community name wr-sys-acc to read or set the MIB objects in the system subtree (OID 1.3.6.1.2.1.1).

<Sysname> system-view

[Sysname] snmp-agent sys-info version v1 v2c

[Sysname] undo snmp-agent mib-view ViewDefault

[Sysname] snmp-agent mib-view included test system

[Sysname] snmp-agent community write simple wr-sys-acc mib-view test

Related commands

· display snmp-agent community

· snmp-agent mib-view

snmp-agent community-map

Use snmp-agent community-map to map an SNMP community to an SNMP context.

Use undo snmp-agent community-map to delete the mapping between an SNMP community and an SNMP context.

Syntax

snmp-agent community-map community-name context context-name

undo snmp-agent community-map community-name context context-name

Default

No mapping between an SNMP community and an SNMP context exists on the device.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

community-name: Specifies an SNMP community, a case-sensitive string of 1 to 32 characters.

context-name: Specifies an SNMP context, a case-sensitive string of 1 to 32 characters.

Usage guidelines

This command enables a module on an agent to obtain the context mapped to a community name when an NMS accesses the agent by using SNMPv1 or SNMPv2c.

You can configure up to 10 community-context mappings on the device.

Examples

# Map SNMP community private to SNMP context snmpcontext.

<Sysname> system-view

[Sysname] snmp-agent community-map private context snmpcontext

Related commands

display snmp-agent community

snmp-agent context

Use snmp-agent context to create an SNMP context.

Use undo snmp-agent context to delete an SNMP context.

Syntax

snmp-agent context context-name

undo snmp-agent context context-name

Default

No SNMP context is configured on the device.

Views

System view

Predefined use roles

network-admin

mdc-admin

Parameters

context-name: Specifies an SNMP context, a case-sensitive string of 1 to 32 characters.

Usage guidelines

An NMS and an SNMP agent can communicate with each other, if the following conditions exist:

· No SNMP context is configured on the NMS and the SNMP agent.

· The NMS and the SNMP agent use the same SNMP context.

Otherwise, a timeout message appears, indicating a communication failure between the NMS and SNMP agent.

You can create up to 20 SNMP contexts.

Examples

# Create SNMP context snmpcontext.

<Sysname> system-view

[Sysname] snmp-agent context snmpcontext

Related commands

display snmp-agent context

snmp-agent group

Use snmp-agent group to create an SNMP group and specify its access right.

Use undo snmp-agent group to delete an SNMP group.

Syntax

SNMPv1 and SNMP v2c:

snmp-agent group { v1 | v2c } group-name [ read-view view-name ] [ write-view view-name ] [ notify-view view-name ] [ acl acl-number ]

undo snmp-agent group { v1 | v2c } group-name

SNMPv3 (in non-FIPS mode):

snmp-agent group v3 group-name [ authentication | privacy ] [ read-view read-view ] [ write-view write-view ] [ notify-view notify-view ] [ acl acl-number ]

undo snmp-agent group v3 group-name [ authentication | privacy ]

SNMPv3 (in FIPS mode):

snmp-agent group v3 group-name { authentication | privacy } [ read-view read-view ] [ write-view write-view ] [ notify-view notify-view ] [ acl acl-number ]

undo snmp-agent group v3 group-name { authentication | privacy }

Default

No SNMP group exists.

Views

System view

Predefined use roles

network-admin

mdc-admin

Parameters

v1: Specifies SNMPv1.

v2c: Specifies SNMPv2c.

v3: Specifies SNMPv3.

group-name: Specifies an SNMP group name, a string of 1 to 32 case-sensitive characters.

authentication: Specifies the authentication without privacy security model for the SNMPv3 group.

privacy: Specifies the authentication with privacy security model for the SNMPv3 group.

read-view view-name: Specifies a read-only MIB view. The view-name represents a MIB view name, a string of 1 to 32 characters. If no read-only MIB view is specified, the SNMP group has read access to the default view ViewDefault.

write-view view-name: Specifies a read and write MIB view. The view-name represents a MIB view name, a string of 1 to 32 characters. If no read and write view is specified, the SNMP group cannot set any MIB object on the SNMP agent.

notify-view view-name: Specifies a notify MIB view. The view-name represents a MIB view name, a string of 1 to 32 characters. The SNMP agent sends notifications to the users in the specified group only for the MIB objects included in the notify view. If no notify view is specified, the SNMP agent does not send any notification to the users in the specified group.

acl acl-number: Specifies a basic IPv4 ACL to filter NMSs by source IPv4 address. The acl-number argument represents an ACL number in the range of 2000 to 2999. In the specified SNMP group, only NMSs with an IPv4 address permitted in the ACL can access the SNMP agent. If no ACL is specified, or the specified ACL does not exist, all NMSs in the SNMP group can access the SNMP agent. If the specified ACL does not have any rules, no NMS in the SNMP community can access the SNMP agent.

Usage guidelines

SNMPv1 and SNMPv2c settings in this command are supported only in non-FIPS mode.

All users in an SNMP group share the security model and access rights of the group.

You can create up to 20 SNMP groups, including SNMPv1, SNMPv2c, and SNMPv3 groups.

All SNMPv3 users in a group share the same security model, but can use different authentication and privacy key settings. To implement a security model for a user and avoid SNMP communication failures, make sure the security model configuration for the group and the security key settings for the user are compliant with Table 25 and match the settings on the NMS.

Table 25 Basic security setting requirements for different security models

Security model	Security model keyword for the group	Security key settings for the user	Remarks
Authentication with privacy	privacy	Authentication key, privacy key	If the authentication key or the privacy key is not configured, SNMP communication will fail.
Authentication without privacy	authentication	Authentication key	If no authentication key is configured, SNMP communication will fail. The privacy key (if any) for the user does not take effect.
No authentication, no privacy	Neither authentication nor privacy	None	The authentication and privacy keys, if configured, do not take effect.

Examples

# Create the SNMPv3 group group1 and assigns the no authentication, no privacy security model to the group.

<Sysname> system-view

[Sysname] snmp-agent group v3 group1

Related commands

· display snmp-agent group

· snmp-agent mib-view

· snmp-agent usm-user

snmp-agent local-engineid

Use snmp-agent local-engineid to change the SNMP engine ID of the local SNMP agent.

Use undo snmp-agent local-engineid to restore the default local SNMP engine ID.

Syntax

snmp-agent local-engineid engineid

undo snmp-agent local-engineid

Default

The local engine ID is the combination of the company ID and the device ID. Device ID varies by product and might be an IP address, a MAC address, or any user-defined hexadecimal string.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

engineid: Specifies an SNMP engine ID as a hexadecimal string. It must comprise an even number of hexadecimal characters, in the range of 10 to 64. All-zero and all-F strings are invalid.

Usage guidelines

An SNMP engine ID uniquely identifies an SNMP entity in an SNMP managed network. Make sure the local SNMP engine ID is unique within your SNMP managed network to avoid communication problems.

If you have configured SNMPv3 users, change the local SNMP engine ID only when necessary. The change can void the SNMPv3 usernames and encrypted keys you have configured.

Examples

# Change the local engine ID to 123456789A.

<Sysname> system-view

[Sysname] snmp-agent local-engineid 123456789A

Related commands

· display snmp-agent local-engineid

· snmp-agent usm-user

snmp-agent log

Use snmp-agent log to enable logging SNMP operations.

Use undo snmp-agent log to disable logging SNMP operations.

Syntax

snmp-agent log { all | get-operation | set-operation }

undo snmp-agent log { all | get-operation | set-operation }

Default

SNMP logging is disabled.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

all: Enables logging SNMP Get and Set operations.

get-operation: Enables logging SNMP Get operations.

set-operation: Enables logging SNMP Set operations.

Usage guidelines

Use SNMP logging to record the SNMP operations performed on the SNMP agent for auditing NMS behaviors. The SNMP agent sends log data to the information center. You can configure the information center to output the data to a specific destination as needed.

Examples

# Enable logging SNMP Get operations.

<Sysname> system-view

[Sysname] snmp-agent log get-operation

# Enable logging SNMP Set operations.

<Sysname> system-view

[Sysname] snmp-agent log set-operation

snmp-agent mib-view

Use snmp-agent mib-view to create or update a MIB view.

Use undo snmp-agent mib-view to delete a MIB view.

Syntax

snmp-agent mib-view { excluded | included } view-name oid-tree [ mask mask-value ]

undo snmp-agent mib-view view-name

Default

The system creates the ViewDefault view when the SNMP agent is enabled. In this default MIB view, all MIB objects in the iso subtree but the snmpUsmMIB, snmpVacmMIB, and snmpModules.18 subtrees are accessible.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

excluded: Denies access to any node in the specified MIB subtree.

included: Permits access to all the nodes in the specified MIB subtree.

view-name: Specify a view name, a string of 1 to 32 characters.

oid-tree: Specifies a MIB subtree by its root node's OID (for example, 1.3.6.1.2.1.1) or object name (for example, system). An OID is a dotted numeric string that uniquely identifies an object in the MIB tree.

mask mask-value: Sets a MIB subtree mask, a hexadecimal string. Its length must be an even number in the range of 2 to 32.

Usage guidelines

A MIB view represents a set of MIB objects (or MIB object hierarchies) with certain access privilege. The MIB objects included in the MIB view are accessible while those excluded from the MIB view are inaccessible.

Each view-name oid-tree pair represents a view record. If you specify the same record with different MIB subtree masks multiple times, the most recent configuration takes effect.

The system can store entries for up to 20 unique MIB view records. In addition to the four default MIB view records, you can create up to 16 unique MIB view records. After you delete the default view with the undo snmp-agent mib-view command, you can create up to 20 unique MIB view records.

Be cautious with deleting the default MIB view. The operation blocks the access to any MIB object on the device from NMSs that use the default view.

Examples

# Include the mib-2 (OID 1.3.6.1) subtree in the mibtest view and exclude the system subtree from this view.

<Sysname> system-view

[Sysname] snmp-agent sys-info version v1

[Sysname] snmp-agent mib-view included mibtest 1.3.6.1

[Sysname] snmp-agent mib-view excluded mibtest system

[Sysname] snmp-agent community read public mib-view mibtest

An SNMPv1 NMS in the public community can query the objects in the mib-2 subtree but not any object (for example, the sysDescr or sysObjectID node) in the system subtree.

Related commands

· display snmp-agent mib-view

· snmp-agent group

snmp-agent packet max-size

Use snmp-agent packet max-size to set the maximum size (in bytes) of SNMP packets that the SNMP agent can receive or send.

Use undo snmp-agent packet max-size to restore the default packet size.

Syntax

snmp-agent packet max-size byte-count

undo snmp-agent packet max-size

Default

The maximum SNMP packet size that the SNMP agent can handle is 1500 bytes.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

byte-count: Sets the maximum size (in bytes) of SNMP packets that the SNMP agent can receive or send. The value range is 484 to 17940.

Usage guidelines

If any device on the path to the NMS does not support packet fragmentation, limit the SNMP packet size to prevent large-sized packets from being discarded. For most networks, the default value is sufficient.

Examples

# Set the maximum SNMP packet size to 1024 bytes.

<Sysname> system-view

[Sysname] snmp-agent packet max-size 1024

snmp-agent port

Use snmp-agent port to specify the UDP port for receiving SNMP packets.

Use undo snmp-agent port to restore the default.

Syntax

snmp-agent port port-num

undo snmp-agent port

Default

The device uses UDP port 161 for receiving SNMP packets.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

port-num: Specifies the UDP port for receiving SNMP packets, in the range of 1 to 65535. The default is 161.

Usage guidelines

After changing the port number for receiving SNMP packets, reconnect the device by using the port number for SNMP get and set operations.

To display UDP port information, use the display current-configuration command.

Examples

# Specify the UDP port for receiving SNMP packets as 5555.

<Sysname> system-view

[Sysname] snmp-agent port 5555

# Restore the default UDP port.

<Sysname> system-view

[Sysname] undo snmp-agent port

snmp-agent remote

Use snmp-agent remote to configure the SNMP engine ID of a remote SNMP entity.

Use undo snmp-agent remote to delete a remote SNMP engine ID.

Syntax

snmp-agent remote { ip-address } [ vpn-instance vpn-instance-name ] engineid engineid

undo snmp-agent remote ip-address

Default

No remote SNMP engine ID is configured.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

ip-address: Specifies the IP address of a remote SNMP entity.

engineid: Specifies the SNMP engine ID of the remote SNMP entity. This argument must be a hexadecimal string that comprises an even number of characters, in the range of 10 to 64. All-zero and all-F strings are invalid.

Usage guidelines

To send informs to an NMS, you must configure the SNMP engine ID of the NMS on the SNMP agent.

The NMS accepts the SNMPv3 informs from the SNMP agent only if the engine ID in the informs is the same as its local engine ID.

You can configure up to 20 remote SNMP engine IDs.

Examples

# Configure the SNMP engine ID (123456789A) of the SNMP manager (10.1.1.1).

<Sysname> system-view

[Sysname] snmp-agent remote 10.1.1.1 engineid 123456789A

Related commands

display snmp-agent remote

snmp-agent source

Use snmp-agent source to specify a source IP address for the informs or traps sent by the SNMP agent.

Use undo snmp-agent source to restore the default.

Syntax

snmp-agent { inform | trap } source interface-type { interface-number | interface-number.subnumber }

undo snmp-agent { inform | trap } source

Default

The SNMP agent uses the IP address of the outgoing routed interface as the source IP address of notifications.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

inform: Specifies informs.

trap: Specifies traps.

interface-type { interface-number | interface-number.subnumber }: Specifies an interface by its type and number. The interface-number argument specifies a main interface number. The subnumber argument specifies a subinterface number in the range of 1 to 4094.

Usage guidelines

The snmp-agent source command enables the SNMP agent to use the primary IP address of an interface as the source IP address in all its SNMP informs or traps, regardless of their outgoing interfaces. An NMS can use this IP address to filter all the informs or traps sent by the SNMP agent.

Make sure the specified interface has been created and assigned a valid IP address. The configuration will fail if the interface has not been created and will take effect only after a valid IP address is assigned to the specified interface.

Examples

# Configure the primary IP address of Forty-GigabitEthernet 1/0/1 as the source address of SNMP traps.

<Sysname> system-view

[Sysname] snmp-agent trap source fortygige 1/0/1

# Configure the primary IP address of Forty-GigabitEthernet 1/0/2 as the source address of SNMP informs.

<Sysname> system-view

[Sysname] snmp-agent inform source fortygige 1/0/2

Related commands

· snmp-agent target-host

· snmp-agent trap enable

snmp-agent sys-info contact

Use snmp-agent sys-info contact to configure the system contact.

Use undo snmp-agent sys-info contact to restore the default contact.

Syntax

snmp-agent sys-info contact sys-contact

undo snmp-agent sys-info contact

Default

The system contact is Hangzhou H3C Tech. Co., Ltd.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

sys-contact: Specifies the system contact, a string of 1 to 255 characters.

Usage guidelines

Configure the system contact for system maintenance and management.

Examples

# Configure the system contact as Dial System Operator # 27345.

<Sysname> system-view

[Sysname] snmp-agent sys-info contact Dial System Operator # 27345

Related commands

display snmp-agent sys-info

snmp-agent sys-info location

Use snmp-agent sys-info location to configure the system location.

Use undo snmp-agent sys-info location to restore the default location.

Syntax

snmp-agent sys-info location sys-location

undo snmp-agent sys-info location

Default

The system location is Hangzhou, China.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

sys-location: Specifies the system location, a string of 1 to 255 characters.

Usage guidelines

Configure the location of the device for system maintenance and management.

Examples

# Configure the system location as Room524-row1-3.

<Sysname> system-view

[Sysname] snmp-agent sys-info location Room524-row1-3

Related commands

display snmp-agent sys-info

snmp-agent sys-info version

Use snmp-agent sys-info version to enable SNMP versions.

Use undo snmp-agent sys-info version to disable SNMP versions.

Syntax

In non-FIPS mode:

snmp-agent sys-info contact version { all | { v1 | v2c | v3 } * }

undo snmp-agent sys-info version { all | { v1 | v2c | v3 } * }

In FIPS mode:

snmp-agent sys-info version v3

undo snmp-agent sys-info version v3

Default

The default is SNMPv3.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

all: Specifies SNMPv1, SNMPv2c, and SNMPv3.

v1: Specifies SNMPv1.

v2c: Specifies SNMPv2c.

v3: Specifies SNMPv3.

Usage guidelines

SNMPv1 and SNMPv2c settings in this command are supported only in non-FIPS mode.

Configure the SNMP agent with the same SNMP version as the NMS for successful communications between them.

Examples

# Enable SNMPv3.

<Sysname> system-view

[Sysname] snmp-agent sys-info version v3

Related commands

display snmp-agent sys-info

snmp-agent target-host

Use snmp-agent target-host to configure the SNMP agent to send SNMP notifications (informs or traps) to a host.

Use undo snmp-agent target-host to remove an SNMP notification target host.

Syntax

In non-FIPS mode:

snmp-agent target-host inform address udp-domain ip-address [ udp-port port-number ] [ vpn-instance vpn-instance-name ] params securityname security-string { v2c | v3 [ authentication | privacy ] }

snmp-agent target-host trap address udp-domain ip-address [ udp-port port-number ] [ vpn-instance vpn-instance-name ] params securityname security-string [ v1 | v2c | v3 [ authentication | privacy ] ]

undo snmp-agent target-host { trap | inform } address udp-domain ip-address params securityname security-string [ vpn-instance vpn-instance-name ]

In FIPS mode:

snmp-agent target-host inform address udp-domain ip-address [ udp-port port-number ] [ vpn-instance vpn-instance-name ] params securityname security-string v3 { authentication | privacy }

snmp-agent target-host trap address udp-domain ip-address [ udp-port port-number ] [ vpn-instance vpn-instance-name ] params securityname security-string v3 { authentication | privacy }

undo snmp-agent target-host { trap | inform } address udp-domain ip-address params securityname security-string [ vpn-instance vpn-instance-name ]

Default

No SNMP notification target host is configured.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

inform: Sends notifications as informs.

trap: Sends notifications as traps.

address: Specifies the destination address of SNMP notifications.

udp-domain: Specifies UDP as the transport protocol.

ip-address: Specifies the IPv4 address of the target host as the destination of SNMP notifications.

udp-port port-number: Specifies the UDP port for SNMP notifications. If no UDP port is specified, UDP port 162 is used.

vpn-instance vpn-instance-name: Specifies the VPN for the target host. The vpn-instance-name argument specifies the name of the MPLS L3VPN, a case-sensitive string of 1 to 31 characters. If the target host is on a public network, do not specify this option.

params securityname security-string: Specifies the authentication parameter. The security-string argument specifies an SNMPv1 or SNMPv2c community name or an SNMPv3 username, a string of 1 to 32 characters.

v1: Specifies SNMPv1.

v2c: Specifies SNMPv2c.

v3: Specifies SNMPv3.

· authentication: Specifies the security model to be authentication without privacy. You must specify the authentication key when you create the SNMPv3 user.

· privacy: Specifies the security model to be authentication with privacy. You must specify the authentication key and privacy key when you create the SNMPv3 user.

Usage guidelines

You can specify multiple SNMP notification target hosts.

Make sure the SNMP agent uses the same UDP port for SNMP notifications as the target host. Typically, NMSs, for example, IMC and MIB Browser, use port 162 for SNMP notifications as defined in the SNMP protocols.

If none of the keywords v1, v2c, or v3 is specified, SNMPv1 is used. Make sure the SNMP agent uses the same SNMP version as the target host so the host can receive the notification.

If neither authentication nor privacy is specified, the security model is no authentication, no privacy.

Examples

# Configure the SNMP agent to send SNMPv3 traps to 10.1.1.1 in the user public.

<Sysname> system-view

[Sysname] snmp-agent trap enable standard

[Sysname] snmp-agent target-host trap address udp-domain 10.1.1.1 params securityname public v3

Related commands

· snmp-agent source

· snmp-agent trap enable

· snmp-agent trap life

snmp-agent trap enable

Use snmp-agent trap enable to enable SNMP notifications globally.

Use undo snmp-agent trap enable to disable SNMP notifications globally.

Syntax

Default

SNMP configuration notifications, standard notifications, and system notifications are enabled. Whether other SNMP notifications are enabled varies by modules.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

configuration: Specifies configuration notifications. If configuration notifications are enabled, the system checks the running configuration and the startup configuration every 10 minutes for any change and generates a notification for the most recent change.

protocol: Specifies a module for enabling SNMP notifications. For more information about this argument, see the command reference for each module.

standard: Specifies SNMP standard notifications.

Table 26 Standard SNMP notifications

Keyword	Definition
authentication	Authentication failure notification sent when an NMS fails to authenticate to the SNMP agent.
coldstart	Notification sent when the device restarts.
linkdown	Notification sent when the link of a port goes down.
linkup	Notification sent when the link of a port comes up.
warmstart	Notification sent when the SNMP agent restarts.

system: Specifies system notifications sent when the system time is modified, the system reboots, or the main system software image is not available.

Usage guidelines

The snmp-agent trap enable command enables the device to generate notifications, including both informs and traps, even though the keyword trap is used in the command.

You can use the snmp-agent target-host command to enable the device to send the notifications as informs or traps to a host.

If no optional parameters are specified, the command or its undo form enables or disables all SNMP notifications supported by the device.

Examples

# Enable the SNMP agent to send SNMP authentication failure traps to 10.1.1.1 in the community public.

<Sysname> system-view

[Sysname] snmp-agent target-host trap address udp-domain 10.1.1.1 params securityname public

[Sysname] snmp-agent trap enable standard authentication

Related commands

snmp-agent target-host

snmp-agent trap if-mib link extended

Use snmp-agent trap if-mib link extended to configure the SNMP agent to send extended linkUp/linkDown notifications.

Use undo snmp-agent trap if-mib link extended to restore the default.

Syntax

snmp-agent trap if-mib link extended

undo snmp-agent trap if-mib link extended

Default

The SNMP agent sends standard linkUp/linkDown notifications.

Views

System view

Predefined user roles

network-admin

mdc-admin

Usage guidelines

Extended linkUp and linkDown notifications add interface description and interface type to the standard linkUp/linkDown notifications for fast failure point identification.

When you use this command, make sure the NMS supports the extended linkup and linkDown notifications.

Examples

# Enable extended linkUp/linkDown notifications.

<Sysname> system-view

[Sysname] snmp-agent trap if-mib link extended

snmp-agent trap life

Use snmp-agent trap life to configure the lifetime of notifications in the SNMP notification queue.

Use undo snmp-agent trap life to restore the default notification lifetime.

Syntax

snmp-agent trap life seconds

undo snmp-agent trap life

Default

SNMP notification lifetime is 120 seconds.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

seconds: Sets a lifetime in seconds, in the range of 1 to 2592000.

Usage guidelines

When congestion occurs, the SNMP agent buffers notifications in a queue. The notification lifetime sets how long a notification can stay in the queue. A trap is deleted when its lifetime expires.

Examples

# Set the SNMP notification lifetime to 60 seconds.

<Sysname> system-view

[Sysname] snmp-agent trap life 60

Related commands

· snmp-agent target-host

· snmp-agent trap enable

· snmp-agent trap queue-size

snmp-agent trap log

Use snmp-agent trap log to enable SNMP notification logging.

Use undo snmp-agent trap log to disable SNMP notification logging.

Syntax

snmp-agent trap log

undo snmp-agent trap log

Default

SNMP notification logging is disabled.

Views

System view

Predefined user roles

network-admin

mdc-admin

Usage guidelines

Use SNMP notification logging to record SNMP notifications sent by the SNMP agent for notification tracking. The SNMP agent sends logs to the information center. You can configure the information center to output the logs to a specific destination as needed.

Examples

# Enable SNMP notification logging.

<Sysname> system-view

[Sysname] snmp-agent trap log

snmp-agent trap queue-size

Use snmp-agent trap queue-size to set the SNMP notification queue size.

Use undo snmp-agent trap queue-size to restore the default queue size.

Syntax

snmp-agent trap queue-size size

undo snmp-agent trap queue-size

Default

The SNMP notification queue can store up to 100 notifications.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

size: Specifies the maximum number of notifications that the SNMP notification queue can hold. The value range is 1 to 1000.

Usage guidelines

When congestion occurs, the SNMP agent buffers notifications in a queue. SNMP notification queue size sets the maximum number of notifications that this queue can hold. When the queue size is reached, the oldest notifications are dropped for new notifications.

Examples

# Set the SNMP notification queue size to 200.

<Sysname> system-view

[Sysname] snmp-agent trap queue-size 200

Related commands

· snmp-agent target-host

· snmp-agent trap enable

· snmp-agent trap life

snmp-agent usm-user { v1 | v2c }

Use snmp-agent usm-user { v1 | v2c } to add a user to an SNMPv1 or SNMPv2c group.

Use undo snmp-agent usm-user { v1 | v2c } to delete a user from an SNMPv1 or SNMPv2c group.

Syntax

snmp-agent usm-user { v1 | v2c } user-name group-name [ acl acl-number ]

undo snmp-agent usm-user { v1 | v2c } user-name group-name

Default

No SNMP users are configured.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

v1: Specifies SNMPv1.

v2c: Specifies SNMPv2c.

user-name: Specifies an SNMP username, a case-sensitive string of 1 to 32 characters.

group-name: Specifies an SNMPv1 or SNMPv2c group name, a case-sensitive string of 1 to 32 characters. The group can be one that has been created or not. If the group has not been created, the user takes effect after you create the group.

acl acl-number: Specifies a basic IPv4 ACL to filter NMSs by source IPv4 address. The acl-number argument represents an ACL number in the range of 2000 to 2999. Only NMSs with an IPv4 address permitted in the ACL can use the specified username (community name) to access the SNMP agent. If no ACL is specified, or the specified ACL does not exist, any NMS can use the specified username to access the SNMP agent. If the specified ACL does not have any rules, no NMS in the SNMP community can access the SNMP agent.

Usage guidelines

This command is supported only in non-FIPS mode.

When you create an SNMPv1 or SNMPv2c user, the system automatically creates a community that has the same name as the SNMPv1 or SNMPv2c username. This community has the same access right as the SNMPv1 or SNMPv2c group. To display the SNMPv1 and SNMPv2c communities created in this way, use the display snmp-agent community command.

To change the access right of the SNMPv1 or SNMPv2c user, use the snmp-agent community command or the snmp-agent group { v1 | v2c } command. If the snmp-agent community command is used, the SNMPv1 or SNMPv2c is removed from the SNMP group.

The snmp-agent usm-user { v1 | v2c } command enables managing SNMPv1 and SNMPv2c communities in the same way as managing SNMPv3 users. It does not affect the way of configuring SNMPv1 and SNMPv2c communities on the NMS.

Examples

# Add the user userv2c to the SNMPv2c group readCom so an NMS can use the protocol SNMPv2c and the read-only community name userv2c to access the device.

<Sysname> system-view

[Sysname] snmp-agent sys-info version v2c

[Sysname] snmp-agent group v2c readCom

[Sysname] snmp-agent usm-user v2c userv2c readCom

# Add the user userv2c in the SNMPv2c group readCom so only the NMS at 1.1.1.1 can use the protocol SNMPv2c and read-only community name userv2c to access the device.

<Sysname> system-view

[Sysname] acl number 2001

[Sysname-acl-basic-2001] rule permit source 1.1.1.1 0.0.0.0

[Sysname-acl-basic-2001] rule deny source any

[Sysname-acl-basic-2001] quit

[Sysname] snmp-agent sys-info version v2c

[Sysname] snmp-agent group v2c readCom

[Sysname] snmp-agent usm-user v2c userv2c readCom acl 2001

Related commands

· display snmp-agent community

· snmp-agent community

· snmp-agent group

snmp-agent usm-user v3

Use snmp-agent usm-user v3 to add a user to an SNMPv3 group or create an SNMPv3 user.

Use undo snmp-agent usm-user v3 to delete a user from an SNMPv3 group or remove an SNMPv3 user.

Syntax

In non-FIPS mode (in VACM mode):

snmp-agent usm-user v3 user-name group-name [ remote ip-address [ vpn-instance vpn-instance-name ] ] [ { cipher | simple } authentication-mode { md5 | sha } auth-password [ privacy-mode { aes128 | 3des | des56 } priv-password ] ] [ acl acl-number ]

undo snmp-agent usm-user v3 user-name group-name { local | engineid engineid-string | remote ip-address [ vpn-instance vpn-instance-name ] }

In non-FIPS mode (in RBAC mode):

snmp-agent usm-user v3 user-name user-role role-name [ remote ip-address [ vpn-instance vpn-instance-name ] ] [ { cipher | simple } authentication-mode { md5 | sha } auth-password [ privacy-mode { aes128 | 3des | des56 } priv-password ] ] [ acl acl-number ]

undo snmp-agent usm-user v3 user-name { local | engineid engineid-string | remote ip-address [ vpn-instance vpn-instance-name ] }

In FIPS mode (in VACM mode):

snmp-agent usm-user v3 user-name group-name [ remote ip-address [ vpn-instance vpn-instance-name ] ] [ { cipher | simple } authentication-mode sha auth-password [ privacy-mode aes128 priv-password ] ] [ acl acl-number ]

undo snmp-agent usm-user v3 user-name group-name { local | engineid engineid-string | remote ip-address [ vpn-instance vpn-instance-name ] }

In FIPS mode (in RBAC mode):

snmp-agent usm-user v3 user-name user-role role-name [ remote ip-address [ vpn-instance vpn-instance-name ] ] [ { cipher | simple } authentication-mode sha auth-password [ privacy-mode aes128 priv-password ] ] [ acl acl-number ]

undo snmp-agent usm-user v3 user-name { local | engineid engineid-string | remote ip-address [ vpn-instance vpn-instance-name ] }

Default

No SNMPv3 users are configured.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

user-name: Specifies an SNMPv3 username, a case-sensitive string of 1 to 32 characters.

group-name: Specifies an SNMPv3 group name, a case-sensitive string of 1 to 32 characters.

user-role role-name: Specifies a user role name, a case-sensitive string of 1 to 63 characters.

remote ip-address: Specifies the IPv4 of the remote SNMP entity.

vpn-instance vpn-instance-name: Specifies the VPN for the target host receiving SNMP notifications. The vpn-instance-name argument specifies the name of the MPLS L3VPN, a case-sensitive string of 1 to 31 characters. If the target host is on a public network, do not specify this option.

cipher: Specifies that auth-password and priv-password are encrypted keys, which can be calculated to a hexadecimal string by using the snmp-agent calculate-password command.

simple: Specifies that auth-password and priv-password are plaintext keys.

authentication-mode: Specifies an authentication algorithm. MD5 is faster but less secure than SHA.

· md5: Specifies the MD5 authentication algorithm.

· sha: Specifies the SHA-1 authentication algorithm.

auth-password: Specifies a case-sensitive plaintext or encrypted authentication key. In non-FIPS mode, a plaintext key is a string of 1 to 64 visible characters. In FIPS mode, a plaintext key is a string of 15 to 64 visible characters, which must contain numbers, upper-case letters, lower-case letters, and special characters. If the cipher keyword is specified, the encrypted authentication key length requirements differ by authentication algorithm and key string format, as shown in Table 27.

Table 27 Encrypted authentication key length requirements

Authentication algorithm	Hexadecimal string	Non-hexadecimal string
MD5	32 characters	53 characters
SHA	40 characters	57 characters

privacy-mode: Specifies an encryption algorithm for privacy. The encryption algorithms AES, 3DES, and DES are in descending order of security strength. DES is enough to meet general security requirements.

· aes128: Specifies the AES (Advanced Encryption Standard) algorithm.

· 3des: Specifies the 3DES algorithm.

· des56: Specifies the DES (Data Encryption Standard) algorithm.

priv-password: Specifies a case-sensitive plaintext or encrypted privacy key. In non-FIPS mode, a plaintext key is a string of 1 to 64 characters. In FIPS mode, a plaintext key is a string of 15 to 64 visible characters, which must contain numbers, upper-case letters, lower-case letters, and special characters. If the cipher keyword is specified, the encrypted privacy key length requirements differ by authentication algorithm and key string format, as shown in Table 28.

Table 28 Encrypted privacy key length requirements

Authentication algorithm	Encryption algorithm	Hexadecimal string	Non-hexadecimal string
MD5	AES128 or DES-56	32 characters	53 characters
MD5	3DES	64 characters	73 characters
SHA	AES128 or DES-56	40 characters	53 characters
SHA	3DES	80 characters	73 characters

acl acl-number: Specifies a basic IPv4 ACL to filter NMSs by source IPv4 address. The acl-number argument represents an ACL number in the range of 2000 to 2999. Only NMSs with an IPv4 address permitted in the ACL can use the specified username to access the SNMP agent. If no ACL is specified, or the specified ACL does not exist, any NMS can use the specified username to access the SNMP agent. If the specified ACL does not have any rules, no NMS in the SNMP community can access the SNMP agent.

local: Specifies the local SNMP engine.

engineid engineid-string: Specifies an SNMP engine. The engineid-string argument represents the engine ID and must contain an even number of hexadecimal characters, in the range of 10 to 64. All-zero and all-F strings are invalid. After you change the local engine ID, the existing SNMPv3 users and encrypted keys become invalid, and you must reconfigure them.

Usage guidelines

To send SNMPv3 informs to an NMS, perform the following tasks:

· Specify the IPv4 address of the NMS in the snmp-agent usm-user v3.

· Map the IPv4 address to the SNMP engine ID of the NMS by using the snmp-agent remote command.

You can use the following modes to control access to MIB objects for an SNMPv3 user:

· View-based Access Control Model—In VACM mode, you must create an SNMPv3 group before you assign an SNMPv3 user to the group. Otherwise, the user cannot take effect after it is created. An SNMP group contains one or multiple users and specifies the MIB views and security model for the group of users. The authentication and encryption algorithms for each user are specified when they are created.

· Role based access control—The RBAC mode controls access to MIB objects by assigning user roles to SNMP users.

¡ An SNMP user with a predefined user role network-admin, mdc-admin, or level-15 has read and write access to all MIB objects.

¡ An SNMP user with a predefined user role network-operator or mdc-operator has read-only access to all MIB objects.

¡ An SNMP user with a user role specified by the role command accesses MIB objects through the user role rules specified by the rule command.

In VACM mode, if you configure an SNMPv3 user multiple times, the most recent configuration takes effect.

In RBAC mode, you can assign different user roles to an SNMPv3 user:

· If you specify only user roles but do not change any other settings, the snmp-agent usm-user v3 command assigns different user roles to the user. Other settings remain unchanged.

· If you specify user roles and also change other settings, the snmp-agent usm-user v3 command assigns different user roles to the user. The most recent configuration for other settings takes effect.

For an NMS to access an agent:

· The RBAC mode requires the user role bound to the username to have the same access right to MIB objects as the NMS.

· The VACM mode requires only the access right from the NMS to MIB objects.

The RBAC mode is more secure. As a best practice, use the RBAC mode to create an SNMPv3 user.

You must create an SNMPv3 group before you assign an SNMPv3 user to the group. Otherwise, the user cannot take effect after it is created. An SNMP group contains one or multiple users and specifies the MIB views and security model for the group of users. The authentication and encryption algorithms for each user are specified when they are created.

SNMPv3 users are valid only on the SNMP engine that creates them. By default, SNMPv3 users are created on the local SNMP engine. When you create an SNMPv3 user for sending SNMP inform messages, you must associate it with the remote SNMP engine.

For security purposes, all keys, including keys configured in plain text, are saved in cipher text.

Make sure you remember the username and the plain text of the keys. When you access the device from an NMS, you must provide this information.

Examples

In VACM mode:

# Add the user testUser to the SNMPv3 group testGroup, and enable the authentication without privacy security model for the group. Specify the authentication algorithm SHA-1 and the authentication key 123456TESTplat&! in plain text for the user.

<Sysname> system-view

[Sysname] snmp-agent group v3 testGroup authentication

[Sysname] snmp-agent usm-user v3 testUser testGroup simple authentication-mode sha 123456TESTplat&!

# For an NMS to access the MIB objects in the default view ViewDefault, make sure the following configurations are the same on the NMS and the SNMP agent:

· SNMPv3 username.

· SNMP protocol version.

· Authentication algorithm and key.

# Add the user testUser to the SNMPv3 group testGroup, and enable the authentication and privacy security model for the group. Specify the authentication algorithm SHA-1, the privacy algorithm AES, the plaintext authentication key 123456TESTauth&!, and the plaintext privacy key 123456TESTencr&! for the user.

<Sysname> system-view

[Sysname] snmp-agent group v3 testGroup privacy

[Sysname] snmp-agent usm-user v3 testUser testGroup simple authentication-mode sha 123456TESTauth&! privacy-mode aes128 123456TESTencr&!

# For an NMS to access the MIB objects in the default view ViewDefault, make sure the following configurations are the same on the NMS and the SNMP agent:

· SNMPv3 username.

· SNMP protocol version.

· Authentication algorithm.

· Privacy algorithm.

· Plaintext authentication and privacy keys.

# Add the user remoteUser for the SNMP remote engine at 10.1.1.1 to the SNMPv3 group testGroup, and enable the authentication and privacy security model for the group. Specify the authentication algorithm SHA-1, the privacy algorithm AES, the plaintext authentication key 123456TESTauth&!, and the plaintext privacy key 123456TESTencr&! for the user.

<Sysname> system-view

[Sysname] snmp-agent remote 10.1.1.1 engineid 123456789A

[Sysname] snmp-agent group v3 testGroup privacy

[Sysname] snmp-agent usm-user v3 remoteUser testGroup remote 10.1.1.1 simple authentication-mode sha 123456TESTauth&! privacy-mode aes128 123456TESTencr&!

In RBAC mode:

# Create the SNMPv3 user testUser with the user role network-operator and enable the authentication without privacy security model for the user. Specify the authentication algorithm SHA-1 and the authentication key 123456TESTplat&! in plain text for the user.

<Sysname> system-view

[Sysname] snmp-agent usm-user v3 testUser user-role network-operator simple authentication-mode sha 123456TESTplat&!

# For an NMS to have read-only access to all MIB objects, make sure the following configurations are the same on the NMS and the SNMP agent:

· SNMPv3 username.

· SNMP protocol version.

· Authentication algorithm and key.

Related commands

· display snmp-agent usm-user

· snmp-agent calculate-password

· snmp-agent group

Sampler configuration commands

display sampler

Use display sampler to display configuration information for a sampler.

Syntax

In standalone mode:

display sampler [ sampler-name ] [ slot slot-number ]

In IRF mode:

display sampler [ sampler-name ] [ chassis chassis-number slot slot-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

sampler-name: Specifies a sampler by its name, a case-insensitive string of 1 to 31 characters. If you do not specify a sampler, this command displays configuration information for all samplers.

slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays sampler configuration information for the active MPU. (In standalone mode.)

chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the card. If you do not specify a card, this command displays sampler configuration information for the global active MPU. (In IRF mode.)

Examples

# Display configuration information for sampler 256.

<Sysname> display sampler 256

Sampler name: 256

Mode: Fixed; Packet-interval: 8

# (In standalone mode.) Display configuration information for sampler 256 on card 1.

<Sysname> display sampler 256 slot 1

Sampler name: 256

Mode: Fixed; Packet-interval: 8

# (In IRF mode.) Display configuration information for sampler 256 for card 1 on IRF member device 1.

<Sysname> display sampler 256 chassis 1 slot 1

Sampler name: 256

Mode: Fixed; Packet-interval: 8

Table 29 Command output

Field	Description
Sampler name	Name of the sampler.
Mode	Sampling mode.
Packet-interval	Sampling rate.

sampler

Use sampler to create a sampler.

Use undo sampler to delete a sampler.

Syntax

sampler sampler-name mode fixed packet-interval rate

undo sampler sampler-name

Default

No sampler exists.

Views

System view

Predefined user roles

network-admin

Parameters

sampler-name: Specifies a sampler by its name, a case-insensitive string of 1 to 31 characters.

rate: Specifies the sampling rate. The sampling rate is calculated by using the formula 2 to the nth power, where n is the rate value. For example, setting the sampling rate to 8 means the first packet out of 256 (2 to the 8th power) packets is sampled. Setting the sampling rate to 10 means the first packet out of 1024 (2 to the 10th power) packets is sampled.

Usage guidelines

This command takes effect on all cards.

Examples

# Create sampler abc in fixed sampling mode.

<Sysname> system-view

[Sysname] sampler abc mode fixed packet-interval 8

Port mirroring commands

The port mirroring commands are available on both Layer 2 and Layer 3 Ethernet interfaces. The term "interface" in this chapter collectively refers to these two types of interfaces. You can use the port link-mode command to configure an Ethernet port as a Layer 2 or Layer 3 interface (see Layer 2—LAN Switching Configuration Guide).

display mirroring-group

Use display mirroring-group to display mirroring group information.

Syntax

display mirroring-group { group-id | all | local | remote-destination | remote-source }

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Parameters

group-id: Specifies a mirroring group by its number.

· In Release 1135, the value range is 1 to 4.

· In Release 1138P01 and later versions, the value range is 1 to 6.

all: Specifies all mirroring groups.

local: Specifies local mirroring groups.

remote-destination: Specifies remote destination groups.

remote-source: Specifies remote source groups.

Usage guidelines

Mirroring group information includes the type, status, and content of a mirroring group. It is sorted by mirroring group number.

Examples

# Display information about all mirroring groups.

<Sysname> display mirroring-group all

Mirroring group 1:

Type: Local

Status: Active

Mirroring port:

FortyGigE1/0/1 Inbound

FortyGigE1/0/2 Both

Mirroring CPU:

Slot 1, 2, 3 Both

Slot 4 Inbound

Monitor port: FortyGigE1/0/3

Mirroring group 2:

Type: Remote source

Status: Incomplete

Mirroring port:

FortyGigE1/0/4 Both

Remote probe VLAN: 1900

Mirroring group 3:

Type: Remote destination

Status: Active

Monitor port: FortyGigE1/0/6

Remote probe VLAN: 1901

Table 30 Command output

Field	Description
Mirroring group	Number of the mirroring group.
Type	Type of the mirroring group: · Local. · Remote source. · Remote destination.
Status	Status of the mirroring group: · Active—The mirroring group has taken effect. · Incomplete—The mirroring group configuration is not complete and does not take effect.
Sampler	Sampler name. · If the mirroring group failed to use the sampler, this field displays sampler-name (failed). · If no sampler is configured, this field is not displayed.
Mirroring port	Source port.
Mirroring CPU	Source CPU.
Monitor port	Destination port.

mirroring-group

Use mirroring-group to create a mirroring group.

Use undo mirroring-group to delete mirroring groups.

Syntax

mirroring-group group-id { local | remote-destination | remote-source } [ sampler sampler-name ]

undo mirroring-group { group-id | all | local | remote-destination | remote-source }

Default

No mirroring group exists on a device.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

group-id: Specifies a mirroring group ID.

· In Release 1135, the value range is 1 to 4.

· In Release 1138P01 and later versions, the value range is 1 to 6.

local: Specifies local mirroring groups.

remote-destination: Specifies remote destination groups.

remote-source: Specifies remote source groups.

sampler sampler-name: Specifies a sampler to be used by the mirroring group. The sampler-name argument is a case-insensitive string of 1 to 31 characters.

all: Specifies all mirroring groups.

Usage guidelines

A sampler selects a packet from sequential packets. Port mirroring uses the sampler to limit the volume of traffic to be mirrored. You can specify a sampler that has not been created for a mirroring group. If you configure multiple samplers for a mirroring group, the most recent configuration takes effect. For more information about samplers, see Network Management and Monitoring Configuration Guide.

Examples

# Create local mirroring group 1.

<Sysname> system-view

[Sysname] mirroring-group 1 local

mirroring-group mirroring-cpu

Use mirroring-group mirroring-cpu to configure source CPUs for a mirroring group.

Use undo mirroring-group mirroring-cpu to remove source CPUs from a mirroring group.

Syntax

In standalone mode:

mirroring-group group-id mirroring-cpu slot slot-number-list { both | inbound | outbound }

undo mirroring-group group-id mirroring-cpu slot slot-number-list

In IRF mode:

mirroring-group group-id mirroring-cpu chassis chassis-number slot slot-number-list { both | inbound | outbound }

undo mirroring-group group-id mirroring-cpu chassis chassis-number slot slot-number-list

Default

No source CPU is configured for a mirroring group.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

group-id: Specifies an existing mirroring group by its number.

· In Release 1135, the value range is 1 to 4.

· In Release 1138P01 and later versions, the value range is 1 to 6.

slot slot-number-list: Specifies the cards that hold the source CPUs. The slot-number-list argument specifies a space-separated list of up to eight card items. Each item specifies a card by its slot number or a range of cards in the format of start-slot-number to end-slot-number. The value for the end-slot-number argument must be equal to or greater than the value for the start-slot-number argument. (In standalone mode.)

chassis chassis-number slot slot-number-list: Specifies the cards that hold the source CPUs on the specified IRF member device. The chassis-number argument specifies the IRF member device ID. The slot-number-list argument specifies a space-separated list of up to eight card items. Each item specifies a card by its slot number or a range of cards in the format of start-slot-number to end-slot-number. The value for the end-slot-number argument must be equal to or greater than the value for the start-slot-number argument. (In IRF mode.)

both: Mirrors both received and sent packets.

inbound: Mirrors only received packets.

outbound: Mirrors only sent packets.

Usage guidelines

You can configure source CPUs only for local mirroring groups and remote source groups.

Examples

# Create local mirroring group 1 to monitor the bidirectional traffic of the CPU of the card in slot 1.

<Sysname> system-view

[Sysname] mirroring-group 1 local

[Sysname] mirroring-group 1 mirroring-cpu slot 1 both

# Create remote source group 2 to monitor the bidirectional traffic of the CPU of the card in slot 2.

<Sysname> system-view

[Sysname] mirroring-group 2 remote-source

[Sysname] mirroring-group 2 mirroring-cpu slot 2 both

Related commands

mirroring-group

mirroring-group mirroring-port (interface view)

Use mirroring-group mirroring-port to configure a source port for a mirroring group.

Use undo mirroring-group mirroring-port to remove a source port from a mirroring group.

Syntax

mirroring-group group-id mirroring-port { both | inbound | outbound }

undo mirroring-group group-id mirroring-port

Default

No source port is configured for a mirroring group.

Views

Interface view

Predefined user roles

network-admin

mdc-admin

Parameters

group-id: Specifies an existing mirroring group by its number.

· In Release 1135, the value range is 1 to 4.

· In Release 1138P01 and later versions, the value range is 1 to 6.

both: Mirrors both received and sent packets.

inbound: Mirrors only received packets.

outbound: Mirrors only sent packets.

Usage guidelines

You can configure source ports only for local mirroring groups and remote source groups.

Do not assign a source port of a mirroring group to the remote probe VLAN of the mirroring group.

A port can act as a source port for multiple mirroring groups.

A source port cannot be a reflector port, egress port, or monitor port.

Examples

# Create local mirroring group 1 to monitor the bidirectional traffic of FortyGigE 1/0/1.

<Sysname> system-view

[Sysname] mirroring-group 1 local

[Sysname] interface fortygige 1/0/1

[Sysname-FortyGigE1/0/1] mirroring-group 1 mirroring-port both

# Create remote source group 2 to monitor the bidirectional traffic of FortyGigE 1/0/2.

<Sysname> system-view

[Sysname] mirroring-group 2 remote-source

[Sysname] interface fortygige 1/0/2

[Sysname-FortyGigE1/0/2] mirroring-group 2 mirroring-port both

Related commands

mirroring-group

mirroring-group mirroring-port (system view)

Use mirroring-group mirroring-port to configure source ports for a mirroring group.

Use undo mirroring-group mirroring-port to remove source ports from a mirroring group.

Syntax

mirroring-group group-id mirroring-port interface-list { both | inbound | outbound }

undo mirroring-group group-id mirroring-port interface-list

Default

No source port is configured for a mirroring group.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

group-id: Specifies an existing mirroring group by its number.

· In Release 1135, the value range is 1 to 4.

· In Release 1138P01 and later versions, the value range is 1 to 6.

interface-list: Specifies a space-separated list of up to eight port items. Each item specifies a single port or a port range in the form of interface-type interface-number1 to interface-type interface-number2. The specified interfaces must be of the same type and on the same card. The value for the interface-number2 argument must be equal to or greater than the value for the interface-number1 argument.

both: Mirrors both received and sent packets.

inbound: Mirrors only received packets.

outbound: Mirrors only sent packets.

Usage guidelines

You can configure source ports only for local mirroring groups and remote source groups.

Do not assign a source port of a mirroring group to the remote probe VLAN of the mirroring group.

A port can act as a source port for multiple mirroring groups.

A source port cannot be used as a reflector port, monitor port, or egress port.

Examples

# Create local mirroring group 1 to monitor the bidirectional traffic of FortyGigE 1/0/1.

<Sysname> system-view

[Sysname] mirroring-group 1 local

[Sysname] mirroring-group 1 mirroring-port fortygige 1/0/1 both

# Create remote source group 2 to monitor the bidirectional traffic of FortyGigE 1/0/2.

<Sysname> system-view

[Sysname] mirroring-group 2 remote-source

[Sysname] mirroring-group 2 mirroring-port fortygige 1/0/2 both

Related commands

mirroring-group

mirroring-group monitor-egress

Use mirroring-group monitor-egress to configure the egress port for a remote source group.

Use undo mirroring-group monitor-egress to remove the egress port from a remote source group.

Syntax

In system view:

mirroring-group group-id monitor-egress interface-type interface-number

undo mirroring-group group-id monitor-egress interface-type interface-number

In interface view:

mirroring-group group-id monitor-egress

undo mirroring-group group-id monitor-egress

Default

No egress port is configured for a mirroring group.

Views

System view, interface view

Predefined user roles

network-admin

mdc-admin

Parameters

group-id: Specifies an existing mirroring group by its number.

· In Release 1135, the value range is 1 to 4.

· In Release 1138P01 and later versions, the value range is 1 to 6.

interface-type interface-number: Specifies a port by its type and number.

Usage guidelines

You can configure egress ports only for remote source groups.

For port mirroring to work correctly, disable the following features on the egress port of a mirroring group:

· Spanning tree.

· IGMP snooping.

· Static ARP.

· MAC address learning.

Do not configure a port of an existing mirroring group as an egress port.

Examples

# Create remote source group 1 and configure FortyGigE 1/0/1 as its egress port in system view.

<Sysname> system-view

[Sysname] mirroring-group 1 remote-source

[Sysname] mirroring-group 1 monitor-egress fortygige 1/0/1

# Create remote source group 2 and configure FortyGigE 1/0/2 as its egress port in interface view.

<Sysname> system-view

[Sysname] mirroring-group 2 remote-source

[Sysname] interface fortygige 1/0/2

[Sysname-FortyGigE1/0/2] mirroring-group 2 monitor-egress

Related commands

mirroring-group

mirroring-group monitor-port (interface view)

Use mirroring-group monitor-port to configure the port as the monitor port for a mirroring group.

Use undo mirroring-group monitor-port to remove the monitor port from a mirroring group.

Syntax

mirroring-group group-id monitor-port

undo mirroring-group group-id monitor-port

Default

No monitor port is configured for a mirroring group.

Views

Interface view

Predefined user roles

network-admin

mdc-admin

Parameters

group-id: Specifies an existing mirroring group by its number.

· In Release 1135, the value range is 1 to 4.

· In Release 1138P01 and later versions, the value range is 1 to 6.

Usage guidelines

You can configure monitor ports only for local mirroring groups and remote destination groups.

Use a monitor port only for port mirroring, so the data monitoring device receives only the mirrored traffic.

Do not configure a port of an existing mirroring group as a monitor port.

Examples

# Create local mirroring group 1 and configure FortyGigE 1/0/1 as its monitor port.

<Sysname> system-view

[Sysname] mirroring-group 1 local

[Sysname] interface fortygige 1/0/1

[Sysname-FortyGigE1/0/1] mirroring-group 1 monitor-port

# Create remote destination group 2 and configure FortyGigE 1/0/2 as its monitor port.

<Sysname> system-view

[Sysname] mirroring-group 2 remote-destination

[Sysname] interface fortygige 1/0/2

[Sysname-FortyGigE1/0/2] mirroring-group 2 monitor-port

Related commands

mirroring-group

mirroring-group monitor-port (system view)

Use mirroring-group monitor-port to configure a port as the monitor port for a mirroring group.

Use undo mirroring-group monitor-port to remove the monitor port from a mirroring group.

Syntax

mirroring-group group-id monitor-port interface-type interface-number

undo mirroring-group group-id monitor-port interface-type interface-number

Default

No monitor port is configured for a mirroring group.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

group-id: Specifies an existing mirroring group by its number.

· In Release 1135, the value range is 1 to 4.

· In Release 1138P01 and later versions, the value range is 1 to 6.

interface-type interface-number: Specifies a port by its type and number.

Usage guidelines

You can configure monitor ports only for local mirroring groups and remote destination groups.

Use a monitor port only for port mirroring, so the data monitoring device receives only the mirrored traffic.

Do not configure a port of an existing mirroring group as a monitor port.

Examples

# Create local mirroring group 1, and configure FortyGigE 1/0/1 as its monitor port.

<Sysname> system-view

[Sysname] mirroring-group 1 local

[Sysname] mirroring-group 1 monitor-port fortygige 1/0/1

# Create remote destination group 2, and configure FortyGigE 1/0/2 as its monitor port.

<Sysname> system-view

[Sysname] mirroring-group 2 remote-destination

[Sysname] mirroring-group 2 monitor-port fortygige 1/0/2

Related commands

mirroring-group

mirroring-group reflector-port

Use mirroring-group reflector-port to configure the reflector port for a remote source group.

Use undo mirroring-group reflector-port to remove the reflector port from a remote source group.

Syntax

In system view:

mirroring-group group-id reflector-port interface-type interface-number

undo mirroring-group group-id reflector-port interface-type interface-number

In interface view:

mirroring-group group-id reflector-port

undo mirroring-group group-id reflector-port

Default

No reflector port is configured for a mirroring group. A port does not act as the reflector port for a mirroring group.

Views

System view, interface view

Predefined user roles

network-admin

mdc-admin

Parameters

group-id: Specifies an existing mirroring group by its number.

· In Release 1135, the value range is 1 to 4.

· In Release 1138P01 and later versions, the value range is 1 to 6.

interface-type interface-number: Specifies a port by its type and number.

Usage guidelines

You can configure reflector ports only for remote source groups.

The port to be configured as a reflector port must be a port not in use. Do not connect a cable to a reflector port.

When a port is configured as a reflector port, the port restores to the factory default settings. You cannot configure other features on a reflector port.

You cannot change the duplex mode and port rate for a port after the port is configured as a reflector port.

Examples

# Create remote source group 1, and configure FortyGigE 1/0/1 as its reflector port in system view.

<Sysname> system-view

[Sysname] mirroring-group 1 remote-source

[Sysname] mirroring-group 1 reflector-port fortygige 1/0/1

This operation may delete all settings made on the interface. Continue? [Y/N]: y

# Create remote source group 2, and configure FortyGigE 1/0/2 as its reflector port in interface view.

<Sysname> system-view

[Sysname] mirroring-group 2 remote-source

[Sysname] interface fortygige 1/0/2

[Sysname-FortyGigE1/0/2] mirroring-group 2 reflector-port

This operation may delete all settings made on the interface. Continue? [Y/N]: y

Related commands

mirroring-group

mirroring-group remote-probe vlan

Use mirroring-group remote-probe vlan to specify a VLAN as the remote probe VLAN for a mirroring group.

Use undo mirroring-group remote-probe vlan to remove a remote probe VLAN from a mirroring group.

Syntax

mirroring-group group-id remote-probe vlan vlan-id

undo mirroring-group group-id remote-probe vlan vlan-id

Default

No remote probe VLAN is configured for a mirroring group.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

group-id: Specifies an existing mirroring group by its number.

· In Release 1135, the value range is 1 to 4.

· In Release 1138P01 and later versions, the value range is 1 to 6.

vlan-id: Specifies a VLAN by its ID.

Usage guidelines

You can configure remote probe VLANs only for remote source groups and remote destination groups.

When a VLAN is configured as a remote probe VLAN, use the remote probe VLAN for port mirroring exclusively.

The remote mirroring groups on the source device and destination device must use the same remote probe VLAN.

Only a static VLAN that already exists can be configured as a remote probe VLAN. A VLAN can be configured as the remote probe VLAN for only one mirroring group.

To delete a VLAN that is configured as a remote probe VLAN, remove the remote probe VLAN configuration first.

Examples

# Create remote source group 1, and configure VLAN 10 as its remote probe VLAN.

<Sysname> system-view

[Sysname] mirroring-group 1 remote-source

[Sysname] mirroring-group 1 remote-probe vlan 10

# Create remote destination group 2, and configure VLAN 20 as its remote probe VLAN.

<Sysname> system-view

[Sysname] mirroring-group 2 remote-destination

[Sysname] mirroring-group 2 remote-probe vlan 20

Related commands

mirroring-group

Flow mirroring commands

The flow mirroring commands are available on both Layer 2 and Layer 3 Ethernet interfaces. The term "interface" in this chapter collectively refers to these two types of interfaces. You can use the port link-mode command to configure an Ethernet port as a Layer 2 or Layer 3 interface (see Layer 2—LAN Switching Configuration Guide).

mirror-to

Use mirror-to to configure a mirroring action for a traffic behavior.

Use undo mirror-to to delete a mirroring action.

Syntax

mirror-to { cpu | interface interface-type interface-number }

undo mirror-to { cpu | interface interface-type interface-number }

Default

No mirroring action is configured for a traffic behavior.

Views

Traffic behavior view

Predefined user roles

network-admin

mdc-admin

Parameters

cpu: Specifies the CPU of the card that receives the packets matching the criteria defined in the traffic class.

interface interface-type interface-number: Specifies an interface by its type and number.

Usage guidelines

You can configure the action of mirroring traffic to multiple interfaces for a traffic behavior.

Examples

# Create traffic behavior 1, and configure the action of mirroring traffic to the CPU for the traffic behavior.

<Sysname> system-view

[Sysname] traffic behavior 1

[Sysname-behavior-1] mirror-to cpu

# Create traffic behavior 1, and configure the action of mirroring traffic to FortyGigE 1/0/1 for the traffic behavior.

<Sysname> system-view

[Sysname] traffic behavior 1

[Sysname-behavior-1] mirror-to interface fortygige 1/0/1

# Create traffic behavior 1, and configure the action of mirroring traffic to VLAN 100 for the traffic behavior.

<Sysname> system-view

[Sysname] traffic behavior 1

[Sysname-behavior-1] mirror-to vlan 100

sFlow commands

display sflow

Use display sflow to display sFlow configuration and operation information.

Syntax

display sflow

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Examples

# Display sFlow configuration and operation information.

<Sysname> display sflow

sFlow datagram version: 5

Global information:

Agent IP: 10.10.10.1(CLI)

Source address: 10.0.0.1 2001::1

Collector information:

ID IP Port Aging Size VPN-instance Description

1 22:2:20::10 6535 N/A 1400 netserver

2 192.168.3.5 6543 500 1400 Office

Port information:

Interface CID Interval(s) FID MaxHLen Rate Mode Status

FGE1/0/1 1 100 1 128 1000 Random Active

FGE1/0/2 2 100 2 128 1000 Random Active

Table 31 Command output

Field	Description
sFlow datagram version	sFlow version, which can only take the value of 5.
Global information	Global sFlow information.
Agent IP	IP address of the sFlow agent: · CLI—Manually configured IP address. · Auto—Automatically configured IP address.
Source address	Source IP address of sFlow packets.
Collector information	sFlow collector information.
ID	sFlow collector ID.
IP	sFlow collector IP address.
Port	sFlow collector port.
Aging	Remaining lifetime of the sFlow collector. If this field displays N/A, the sFlow collector never ages out.
Size	Maximum length of the sFlow data portion in an sFlow packet.
VPN-instance	Name of the VPN bound with the sFlow collector.
Description	Description of the sFlow collector.
Port information	Information about interfaces configured with sFlow.
Interface	Interface configured with sFlow.
CID	ID of the sFlow collector, for receiving counter sampled packets. If no sFlow collector ID is specified, this field displays 0.
Interval(s)	Counter sampling interval, in seconds.
FID	ID of the sFlow collector for receiving flow sampled packets. If no sFlow collector ID is specified, this field displays 0.
MaxHLen	Maximum number of bytes that can be copied in a sampled packet (starting from the packet header).
Rate	Number of packets out of which the interface samples a packet by using flow sampling.
Mode	Flow sampling mode. Random indicates sampling a random number of packets.
Status	Physical status of the port configured with sFlow: · Suspended—The port is down. · Active—The port is up.

sflow agent

Use sflow agent to configure an IP address for the sFlow agent.

Use undo sflow agent to restore the default.

Syntax

sflow agent ip ip-address

undo sflow agent ip

Default

No IP address is configured for the sFlow agent. The device periodically checks whether the sFlow agent has an IP address. If not, the device automatically selects an IPv4 address for the sFlow agent but does not save the IPv4 address in the configuration file.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

ip ip-address: Specifies an IPv4 address for the sFlow agent.

Usage guidelines

As a best practice, manually configure an IP address for the sFlow agent.

Only one IP address can be specified for the sFlow agent on the device, and a newly configured IP address overwrites the existing one.

Examples

# Specify IP address 10.10.10.1 for the sFlow agent.

<Sysname> system-view

[Sysname] sflow agent ip 10.10.10.1

sflow collector

Use sflow collector to configure parameters for an sFlow collector.

Use undo sflow collector to remove an sFlow collector.

Syntax

sflow collector collector-id [ vpn-instance vpn-instance-name ] ip ip-address [ port port-number ] [ datagram-size size ] [ time-out seconds ] [ description text ]

undo sflow collector collector-id

Default

No sFlow collector information is configured.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

collector-id: Specifies an sFlow collector by its ID in the range of 1 to 10.

vpn-instance vpn-instance-name: Specifies a VPN instance by its name for the sFlow collector. A VPN instance name is a case-sensitive string of 1 to 31 characters and cannot contain spaces. By default, the sFlow collector belongs to the public network.

ip ip-address: Specifies the IPv4 address of the sFlow collector.

description text: Configures a description for the sFlow collector. The default description is "CLI Collector."

datagram-size size: Specifies the maximum length of the sFlow data portion in an sFlow packet. The value range for the size argument is 200 to 3000 bytes and the default is 1400 bytes.

port port-number: Specifies the port number of the sFlow collector, in the range of 1 to 65535. The default is 6343.

time-out seconds: Specifies the aging timer of the sFlow collector, in the range of 1 to 2147483647 seconds. When the aging timer expires, the sFlow collector is deleted. For an sFlow collector with the aging timer configured, the system does not save its configuration in the configuration file. By default, the sFlow collector does not age out.

Examples

# Configure the following parameters for sFlow collector 2:

· IP address—3.3.3.1.

· Port number—Default.

· Description—netserver.

· Aging timer—1200 seconds.

· Maximum length of the sFlow data portion in the sFlow packet—1000 bytes.

<Sysname> system-view

[Sysname] sflow collector 2 ip 3.3.3.1 description netserver time-out 1200 datagram-size 1000

sflow counter interval

Use sflow counter interval to enable counter sampling and set a counter sampling interval.

Use undo sflow counter interval to restore the default.

Syntax

sflow counter interval interval-time

undo sflow counter interval

Default

Counter sampling is disabled.

Views

Ethernet interface view

Predefined user roles

network-admin

mdc-admin

Parameters

interval-time: Specifies the counter sampling interval in the range of 2 to 86400 seconds.

Examples

# Enable counter sampling and set the counter sampling interval to 120 seconds on FortyGigE 1/0/1.

<Sysname> system-view

[Sysname] interface fortygige 1/0/1

[Sysname-FortyGigE1/0/1] sflow counter interval 120

sflow counter collector

Use sflow counter collector to specify an sFlow collector for counter sampling.

Use undo sflow counter collector to restore the default.

Syntax

sflow counter collector collector-id

undo sflow counter collector

Default

No sFlow collector is specified for counter sampling.

Views

Ethernet interface view

Predefined user roles

network-admin

mdc-admin

Parameters

collector-id: Specifies an sFlow collector by its ID in the range of 1 to 10.

Examples

# Specify sFlow collector 2 on FortyGigE 1/0/1 for counter sampling.

<Sysname> system-view

[Sysname] interface fortygige 1/0/1

[Sysname-FortyGigE1/0/1] sflow counter collector 2

sflow flow collector

Use sflow flow collector to specify an sFlow collector for flow sampling.

Use undo sflow flow collector to restore the default.

Syntax

sflow flow collector collector-id

undo sflow flow collector

Default

No sFlow collector is specified for flow sampling.

Views

Ethernet interface view

Predefined user roles

network-admin

mdc-admin

Parameters

collector-id: Specifies an sFlow collector by its ID in the range of 1 to 10.

Examples

# Specify sFlow collector 2 on FortyGigE 1/0/1 for flow sampling.

<Sysname> system-view

[Sysname] interface fortygige 1/0/1

[Sysname-FortyGigE1/0/1] sflow flow collector 2

sflow flow max-header

Use sflow flow max-header to set the maximum number of bytes of a packet (starting from the packet header) that flow sampling can copy.

Use undo sflow flow max-header to restore the default.

Syntax

sflow flow max-header length

undo sflow flow max-header

Default

Flow sampling can copy up to 128 bytes of a packet.

Views

Ethernet interface view

Predefined user roles

network-admin

mdc-admin

Parameters

length: Specifies the maximum number of bytes that can be copied, in the range of 18 to 512. As a best practice, use the default.

Examples

# Set the maximum number of bytes that can be copied to 60 on FortyGigE 1/0/1.

<Sysname> system-view

[Sysname] interface fortygige 1/0/1

[Sysname-FortyGigE1/0/1] sflow flow max-header 60

sflow sampling-mode

Use sflow sampling-mode to specify a flow sampling mode.

Use undo sflow sampling-mode to restore the default.

Syntax

sflow sampling-mode { determine | random }

undo sflow sampling-mode

Default

The default is random.

Views

Ethernet interface view

Predefined user roles

network-admin

mdc-admin

Parameters

determine: Specifies the fixed sampling mode. The switch does not support the determine mode in the current software version. For example, if the flow sampling interval is set to 4000 (by using the sflow sampling-rate command), the device samples packets as follows:

· The device randomly samples a packet, like the tenth packet, from the first 4000 packets.

· The next time the device samples the 4010th packet, and so on.

random: Specifies the random sampling mode. For example, if the packet sampling interval is set to 4000, the device samples packets randomly as follows:

· The device might sample one packet from the first 4000 packets.

· The device might sample multiple packets from the next 4000 packets.

· The device might sample no packets from the third 4000 packets.

However, the device samples one packet from 4000 packets on average.

Examples

# Specify fixed flow sampling mode on FortyGigE 1/0/1.

<Sysname> system-view

[Sysname] interface fortygige 1/0/1

[Sysname-FortyGigE1/0/1] sflow sampling-mode determine

Related commands

sflow sampling-rate

Use sflow sampling-rate to enable flow sampling and specify the number of packets out of which flow sampling will sample a packet on an interface.

Use undo sflow sampling-rate to disable flow sampling.

Syntax

sflow sampling-rate rate

undo sflow sampling-rate

Default

Flow sampling samples no packet.

Views

Ethernet interface view

Predefined user roles

network-admin

mdc-admin

Parameters

rate: Specifies the number of packets out of which flow sampling will sample a packet on the interface. The value range for this argument is 1000 to 500000.

Examples

# Enable flow sampling to sample a packet out of 4000 packets on FortyGigE 1/0/1.

<Sysname> system-view

[Sysname] interface fortygige 1/0/1

[Sysname-FortyGigE1/0/1] sflow sampling-rate 4000

Related commands

sflow sampling-mode

sflow source

Use sflow source to specify the source IP address of sent sFlow packets.

Use undo sflow source to restore the default.

Syntax

sflow source ip ip-address

undo sflow source ip

Default

The source IP address of sent sFlow packets is determined by routing.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

ip ip-address: Specifies the source IPv4 address of sent sFlow packets.

Examples

# Specify the source IPv4 address of sent sFlow packets as 10.0.0.1.

<Sysname> system-view

[Sysname] sflow source ip 10.0.0.1

EAA commands

The EAA feature is available in Release 1138P01 and later versions.

action cli

Use action cli to add a CLI action to a monitor policy.

Use undo action to remove an action.

Syntax

action number cli command-line

undo action number

Default

A monitor policy does not contain any actions.

Views

CLI-defined policy view

Predefined user roles

network-admin

mdc-admin

Parameters

number: Specifies an action ID in the range of 0 to 231.

cli command-line: Specifies the command line to be executed when the event occurs. You can enter abbreviated forms of command keywords, but you must make sure the forms can uniquely identify the command keywords. For example, you can enter dis cu for the display current-configuration command.

Usage guidelines

You can configure a series of actions to be executed in response to the event specified in a monitor policy. If two actions have the same ID, the most recent one takes effect.

EAA executes the actions in ascending order of action IDs. When you add actions to a policy, you must make sure the execution order is correct.

To execute a command in a view other than user view, you must define actions required for accessing the target view before defining the command execution action. In addition, you must number the actions in the order they should be executed, starting with entering system view.

For example, to shut down an interface, you must create the following actions in order:

1. Action to enter system view.

2. Action to enter interface view.

3. Action to shut down the interface.

When you define an action, you can specify a value or specify a variable name for an argument. For more information about using EAA environment variables, see "rtm environment."

Examples

# Configure the CLI-defined policy test to shut down FortyGigE 1/0/1 when the policy is triggered.

<Sysname> system-view

[Sysname] rtm cli-policy test

[Sysname-rtm-test] action 1 cli system-view

[Sysname-rtm-test] action 2 cli interface fortygige 1/0/1

[Sysname-rtm-test] action 3 cli shutdown

action reboot

Use action reboot to add a reboot action to a monitor policy.

Use undo action to remove an action.

Syntax

In standalone mode:

action number reboot [ slot slot-number ]

undo action number

In IRF mode:

action number reboot [ chassis chassis-number [ slot slot-number ] ]

undo action number

Default

A monitor policy does not contain any actions.

Views

CLI-defined policy view

Predefined user roles

network-admin

mdc-admin

Parameters

number: Specifies an action ID in the range of 0 to 231.

chassis chassis-number: Specifies an IRF member device by its member ID. If you do not specify a member device, the command reboots all IRF member devices. (In IRF mode.)

slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command reboots all cards. (In standalone mode.)

Usage guidelines

You can configure a series of actions to be executed in response to the event specified in a monitor policy. If two actions have the same ID, the most recent one takes effect.

EAA executes the actions in ascending order of action IDs. When you add actions to a policy, you must make sure the execution order is correct.

The reboot action configured with this command reboots devices or cards without saving the running configuration. If you want to save the running configuration, use the action cli command to configure reboot actions.

When you define an action, you can specify a value or specify a variable name for an argument. For more information about using EAA environment variables, see "rtm environment."

Examples

# (In standalone mode.) Configure an action for the CLI-defined policy test to reboot the device.

<Sysname> system-view

[Sysname] rtm cli-policy test

[Sysname-rtm-test] action 3 reboot

# (In IRF mode.) Configure an action for the CLI-defined policy test to reboot IRF member device 1.

<Sysname> system-view

[Sysname] rtm cli-policy test

[Sysname-rtm-test] action 3 reboot chassis 1

action switchover

Use action switchover to add an active/standby switchover action to a monitor policy.

Use undo action to remove an action.

Syntax

action number switchover

undo action number

Default

A monitor policy does not contain any actions.

Views

CLI-defined policy view

Predefined user roles

network-admin

mdc-admin

Parameters

number: Specifies an action ID in the range of 0 to 231.

Usage guidelines

This command does not trigger an active/standby switchover in either of the following situations:

· The device has only one MPU.

· The standby MPU is not in up state.

You can configure a series of actions to be executed in response to the event specified in a monitor policy.

If two actions have the same ID, the most recent one takes effect.

EAA executes the actions in ascending order of action IDs. You must make sure the execution order is correct when you add actions to a policy.

Examples

# Configure an action for the CLI-defined policy test to perform an active/standby switchover.

<Sysname> system-view

[Sysname] rtm cli-policy test

[Sysname-rtm-test] action 3 switchover

action syslog

Use action syslog to add a Syslog action to a monitor policy.

Use undo action to remove an action.

Syntax

action number syslog priority priority facility local-number msg msg-body

undo action number

Default

A monitor policy does not contain any actions.

Views

CLI-defined policy view

Predefined user roles

network-admin

mdc-admin

Parameters

number: Specifies an action ID in the range of 0 to 231.

priority priority: Specifies the log severity level in the range of 0 to 7. A lower value represents a higher severity level.

facility local-number: Specifies a logging facility by its facility number in the range of local0 to local7. Facility numbers are used by a log host to identify log creation facilities for filtering log messages.

msg msg-body: Configures the log message body.

Usage guidelines

EAA sends log messages to the information center. You can configure the information center to output these messages to certain destinations. For more information about the information center, see "Configuring the information center."

You can configure a series of actions to be executed in response to the event specified in a monitor policy.

EAA executes the actions in ascending order of action IDs. When you add actions to a policy, you must make sure the execution order is correct.

If two actions have the same ID, the most recent one takes effect.

When you define an action, you can specify a value or specify a variable name for an argument. For more information about using EAA environment variables, see "rtm environment."

Examples

# Configure an action for the CLI-defined policy test to send a log message "hello" with a severity of 7 from the facility device local3.

<Sysname> system-view

[Sysname] rtm cli-policy test

[Sysname-rtm-test] action 3 syslog priority 7 facility local3 msg hello

commit

Use commit to enable a CLI-defined monitor policy.

Syntax

commit

Default

No CLI-defined policies are enabled.

Views

CLI-defined policy view

Predefined user roles

network-admin

mdc-admin

Usage guidelines

You must execute this command for a CLI-defined policy to take effect.

After changing the settings in a policy that has been enabled, you must re-execute this command for the changes to take effect.

Examples

# Enable the CLI-defined policy test.

<Sysname> system-view

[Sysname] rtm cli-policy test

[Sysname-rtm-test] commit

display rtm environment

Use display rtm environment to display user-defined EAA environment variables and their values.

Syntax

display rtm environment [ var-name ]

Views

Any view

Predefined user roles

network-admin

mdc-admin

Parameters

var-name: Specifies a user-defined EAA environment variable by its name, a case-sensitive string of 1 to 63 characters. The name can contain digits, letters, and the underscore sign (_), but its leading character cannot be the underscore sign. If you do not specify a variable, this command displays all user-defined EAA environment variables.

Examples

# Display all user-defined EAA environment variables.

<Sysname> display rtm environment

Name Value

config_cmd interface m1/0/1

save_cmd save main force

show_run_cmd display current-configuration

Table 32 Command output

Field	Description
Name	Name of a user-defined EAA environment variable. This field displays a maximum of 30 characters. To display a user-defined EAA environment variable name of more than 30 characters, use the display current-configuration command.
Value	Value of the user-defined EAA environment variable. This field displays a maximum of 30 characters. To display a user-defined EAA environment variable value of more than 30 characters, use the display current-configuration command.

display rtm policy

Use display rtm policy to display monitor policies.

Syntax

display rtm policy { active | registered [ verbose ] } [ policy-name ]

Views

Any view

Predefined user roles

network-admin

mdc-admin

Parameters

active: Displays policies that are running.

registered: Displays policies that have been created.

policy-name: Specifies a policy by its name. If you do not specify a policy, the command displays all monitor policies that are running or have been created.

verbose: Displays detailed information about monitor policies.

Usage guidelines

To display the running configuration of CLI-defined monitor policies, execute the display current-configuration command in any view or execute the display this command in CLI-defined monitor policy view.

Examples

# Display all running monitor policies.

<Sysname> display rtm policy active

JID Type Event TimeActive PolicyName

507 TCL INTERFACE Aug 29 14:55:55 2013 test

# Display all monitor policies that have been created.

<Sysname> display rtm policy registered

Total number: 1

Type Event TimeRegistered PolicyName

CLI Aug 29 14:54:50 2013 test

# Display detailed information about all monitor policies.

<Sysname> display rtm policy registered verbose

Total number: 1

Policy Name: test

Policy Type: CLI

Event Type:

TimeRegistered: Aug 29 14:54:50 2013

User-role: network-operator

network-admin

Table 33 Command output

Field	Description
JID	Job ID. This field is available for the display rtm policy active command.
PolicyName	Monitor policy name.
Type Policy Type	Policy creation method: · TCL—The policy was configured by using Tcl. · CLI—The policy was configured from the CLI.
Event Event Type	Source of the event specified in the policy. Options include CLI, HOTPLUG, INTERFACE, PROCESS, SNMP, SNMP_NOTIF, and SYSLOG, and Track
TimeActive	Time when the policy started to execute.
TimeRegistered	Time when the policy was created.
Total number	Total number of policies.
User-role	User roles for executing the monitor policy. To execute the monitor policy, an administrator must have at least one of the displayed user roles.

event cli

Use event cli to configure a CLI event for a CLI-defined monitor policy.

Use undo event to delete the event in a CLI-defined monitor policy.

Syntax

event cli { async [ skip ] | sync } mode { execute | help | tab } pattern regular-exp

undo event

Default

No CLI event is configured.

Views

CLI-defined policy view

Predefined user roles

network-admin

mdc-admin

Parameters

async [ skip ]: Enables or disables the system to execute the command that triggers the policy. If you specify the skip keyword, the system executes the actions in the policy without executing the command that triggers the policy. If you do not specify the skip keyword, the system executes both the actions in the policy and the command entered at the CLI.

sync: Enables the system to execute the command that triggers the event only if the policy has been executed successfully.

execute: Triggers the policy when a matching command is entered.

help: Triggers the policy when a question mark (?) is entered at a matching command line.

tab: Triggers the policy when the Tab key is pressed to complete a parameter in a matching command line.

pattern regular-exp: Specifies a regular expression for matching commands that trigger the policy. For more information about using regular expressions, see Fundamentals Configuration Guide.

Usage guidelines

Use CLI event monitor policies to monitor operations performed at the CLI.

You can configure only one event for a monitor policy. If the monitor policy already contains an event, the new event replaces the old event.

Examples

# Configure a CLI-defined policy to monitor execution of commands that contain the dis inter brief string. Enable the system to execute the actions in the policy without executing the command that triggers the policy.

<Sysname>system-view

[Sysname] rtm cli-policy test

[Sysname-rmt-test] event cli async skip mode execute pattern dis inter brief

# Configure a CLI-defined policy to monitor the use of the Tab key at command lines that contain the dis inter brief string. Enable the system to execute the actions in the policy and display the complete parameter when Tab is pressed at a policy-matching command line.

<Sysname> system-view

[Sysname] rtm cli-policy test

[Sysname-rmt-test] event cli async mode tab pattern dis inter brief

# Configure a CLI-defined policy to monitor the use of the question mark (?) at command lines that contain the dis inter brief string. Enable the system to execute a policy-matching command line only if the actions in the policy are executed successfully when a question mark is entered at the command line.

<Sysname>system-view

[Sysname] rtm cli-policy test

[Sysname-rmt-test] event cli sync mode help pattern dis inter brief

event hotplug

Use event hotplug to configure a hotplug event for a CLI-defined monitor policy.

Use undo event to delete the event in a CLI-defined monitor policy.

Syntax

In standalone mode:

event hotplug [ insert | remove ] slot slot-number

undo event

In IRF mode:

event hotplug [ insert | remove ] chassis chassis-number slot slot-number

undo event

Default

No hotplug event is configured.

Views

CLI-defined policy view

Predefined user roles

network-admin

mdc-admin

Parameters

insert: Specifies the card insert event.

remove: Specifies the card remove event.

slot slot-number: Specifies a card by its slot number. (In standalone mode.)

chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the card. (In IRF mode.)

Usage guidelines

Use hotplug event monitor policies to monitor cards for card swapping performed while the device is operating.

If you do not specify the remove or insert event, the hotplug event monitor policy monitors cards for both events.

You can configure only one event entry for a monitor policy. If the monitor policy already contains an event entry, the new event entry replaces the old event entry.

Examples

# (In standalone mode.) Configure a CLI-defined policy to monitor the card in slot 2 for card swapping.

<Sysname> system-view

[Sysname] rtm cli-policy test

[Sysname-rtm-test] event hotplug slot 2

# (In IRF mode.) Configure a CLI-defined policy to monitor the card in slot 2 of IRF member device 1 for card swapping.

<Sysname> system-view

[Sysname] rtm cli-policy test

[Sysname-rtm-test] event hotplug chassis 1 slot 2

event interface

Use event interface to configure an interface event for a CLI-defined monitor policy.

Use undo event to delete the event in a CLI-defined monitor policy.

Syntax

event interface interface-type interface-number monitor-obj monitor-obj start-op start-op start-val start-val restart-op restart-op restart-val restart-val [ interval interval ]

undo event

Default

No interface event is configured.

Views

CLI-defined policy view

Predefined user roles

network-admin

mdc-admin

Parameters

interface-type interface-number: Specifies an interface by its type and number.

monitor-obj monitor-obj: Specifies the traffic statistic to be monitored on the interface. For keywords available for the monitor-obj argument, see Table 34.

start-op start-op: Specifies the operator for comparing the monitored traffic statistic with the start threshold. The start threshold is crossed if the comparison result meets the condition. For keywords available for the start-op argument, see Table 35.

start-val start-val: Specifies the start threshold to be compared with the monitored traffic statistic. The value range is 0 to 4294967295.

restart-op restart-op: Specifies the operator for comparing the monitored traffic statistic with the restart threshold. The restart threshold is crossed if the comparison result meets the condition. For keywords available for the restart-op argument, see Table 35.

restart-val restart-val: Specifies the restart threshold to be compared with the monitored traffic statistic. The value range is 0 to 4294967295.

interval interval: Specifies the interval to sample the monitored traffic statistic for a comparison. The value range is 1 to 4294967295, in seconds. The default value is 300.

Table 34 Monitored objects

Monitored traffic statistic	Description
input-drops	Number of discarded incoming packets.
input-errors	Number of incoming error packets.
output-drops	Number of discarded outgoing packets.
output-errors	Number of outgoing error packets.
rcv-bps	Receive rate, in bps.
rcv-broadcasts	Number of incoming broadcasts.
rcv-pps	Receive rate, in packets per second.
tx-bps	Transmit rate, in bps.
tx-pps	Transmit rate, in packets per second.

Table 35 Comparison operators

Comparison operator	Description
eq	Equal to.
ge	Greater than or equal to.
gt	Greater than.
le	Less than or equal to.
lt	Less than.
ne	Not equal to.

Usage guidelines

Use interface event monitor policies to monitor traffic statistics on an interface.

You can configure only one event for a monitor policy. If the monitor policy already contains an event, the new event replaces the old event.

EAA executes an interface event policy when the monitored interface traffic statistic crosses the start threshold in the following situations:

· The statistic crosses the start threshold for the first time.

· The statistic crosses the start threshold each time after it crosses the restart threshold.

The following is the interface event monitor process of EAA:

1. Compares the traffic statistic sample with the start threshold at sampling intervals until the start threshold is crossed.

2. Executes the policy.

3. Compares the traffic statistic sample with the restart threshold at sampling intervals until the restart threshold is crossed.

4. Compares the traffic statistic sample with the start threshold at sampling intervals until the start threshold is crossed.

5. Executes the policy again.

This process cycles for the monitor policy to be executed and re-executed.

Examples

# Configure a CLI-defined policy to monitor the incoming error packet statistic on FortyGigE 1/0/1 every 60 seconds. Set the start threshold to 1000 and the restart threshold to 50. Enable EAA to execute the policy when the statistic exceeds 1000 for the first time. Enable EAA to re-execute the policy if the statistic exceeds 1000 each time after the statistic has dropped below 50.

<Sysname> system-view

[Sysname] rtm cli-policy test

[Sysname-rtm-test] event interface fortygige 1/0/1 monitor-obj input-errors start-op gt start-val 1000 restart-op lt restart-val 50 interval 60

event process

Use event process to configure a process event for a CLI-defined monitor policy.

Use undo event to delete the event in a CLI-defined monitor policy.

Syntax

In standalone mode:

event process { exception | restart | shutdown | start } [ name process-name [ instance instance-id ] ] [ slot slot-number ]

undo event

In IRF mode:

event process { exception | restart | shutdown | start } [ name process-name [ instance instance-id ] ] [ chassis chassis-number [ slot slot-number ] ]

undo event

Default

No process event is configured.

Views

CLI-defined policy view

Predefined user roles

network-admin

mdc-admin

Parameters

exception: Monitors the specified process for exceptional events. EAA executes the policy when an exception occurs to the monitored process.

restart: Monitors the specified process for restart events. EAA executes the policy when the monitored process restarts.

shutdown: Monitors the specified process for shutdown events. EAA executes the policy when the monitored process is shut down.

start: Monitors the specified process for start events. EAA executes the policy when the monitored process starts.

name process-name: Specifies a user-mode process by its name. The process can be one that is running or not running. If you do not specify a name, this command monitors all use-mode processes.

instance instance-id: Specifies a process instance ID in the range of 0 to 4294967295. The instance ID can be one that has not been created yet. If you specify an instance, EAA only monitors the process instance. If you do not specify an instance, EAA monitors all instances of the process.

chassis chassis-number: Specifies an IRF member device by its member ID. If you do not specify a member device, the policy applies to all IRF member devices. (In IRF mode.)

slot slot-number: Specifies a card by its slot number. If you do not specify a card, the policy applies to all cards. (In standalone mode.)

Usage guidelines

Use process event monitor policies to monitor process state changes. These changes can result from manual operations or automatic system operations.

You can configure only one event for a monitor policy. If the monitor policy already contains an event, the new event replaces the old event.

Examples

# Configure a CLI-defined policy to monitor all instances of the process snmpd for restart events.

<Sysname>system-view

[Sysname] rtm cli-policy test

[Sysname-rtm-test] event process restart name snmpd

event snmp oid

Use event snmp oid to configure an SNMP event for a CLI-defined monitor policy.

Use undo event to delete the event in a CLI-defined monitor policy.

Syntax

event snmp oid oid monitor-obj { get | next } start-op start-op start-val start-val restart-op restart-op restart-val restart-val [ interval interval ]

undo event

Default

No SNMP event is configured.

Views

CLI-defined policy view

Predefined user roles

network-admin

mdc-admin

Parameters

oid oid: Specifies the OID of the monitored MIB variable, a string of 1 to 256 characters.

monitor-obj { get | next }: Specifies the SNMP operation used for sampling variable values. The get keyword represents the SNMP get operation, and the next keyword represents the SNMP getNext operation.

start-op start-op: Specifies the operator for comparing the sampled value with the start threshold. The start threshold is crossed if the comparison result meets the condition. For keywords available for the start-op argument, see Table 35.

start-val start-val: Specifies the start threshold to be compared with the sampled value. The start-val argument can be any data type supported by SNMP, including numerals and character strings. The CLI online help system displays the value range as character strings of 1 to 512 characters. If the threshold value contains spaces, you must enclose the value in quotation marks (" ").

restart-op op: Specifies the operator for comparing the sampled value with the restart threshold. The restart threshold is crossed if the comparison result meets the condition. For keywords available for the start-op argument, see Table 35.

restart-op restart-val: Specifies the restart threshold to be compared with the sampled value. The restart-val argument can be any data type supported by SNMP, including numerals and character strings. The CLI online help system displays the value range as character strings of 1 to 512 characters. If the threshold value contains spaces, you must enclose the value in quotation marks (" ").

interval interval: Specifies the sampling interval in the range of 1 to 4294967295, in seconds. The default value is 300.

Usage guidelines

Use SNMP event monitor policy to monitor value changes of MIB variables.

You can configure only one event for a monitor policy. If the monitor policy already contains an event, the new event replaces the old event.

EAA executes an SNMP event policy when the monitored MIB variable's value crosses the start threshold in the following situations:

· The monitored variable's value crosses the start threshold for the first time.

· The monitored variable's value crosses the start threshold each time after it crosses the restart threshold.

The following is the SNMP event monitor process of EAA:

1. Compares the variable sample with the start threshold at sampling intervals until the start threshold is crossed.

2. Executes the policy.

3. Compares the variable sample with the restart threshold at sampling intervals until the restart threshold is crossed.

4. Compares the variable sample with the start threshold at sampling intervals until the start threshold is crossed.

5. Executes the policy again.

This process cycles for the monitor policy to be executed and re-executed.

Examples

# Configure a CLI-defined policy to get the value of the MIB variable 1.3.6.4.9.9.42.1.2.1.6.4 every five seconds. Set the start threshold to 1 and the restart threshold to 2. Enable EAA to execute the policy when the value changes to 1 for the first time. Enable EAA to re-execute the policy if the value changes to 1 each time after the value has changed to 2.

<Sysname> system-view

[Sysname] rtm cli-policy test

[Sysname-rtm-test] event snmp oid 1.3.6.4.9.9.42.1.2.1.6.4 monitor-obj get start-op eq start-val 1 restart-op eq restart-val 2 interval 5

event snmp-notification

Use event snmp-notification to configure an SNMP-Notification event for a CLI-defined policy.

Use undo event to remove the event in a CLI-defined policy.

Syntax

event snmp-notification oid oid oid-val oid-val op op [ drop ]

undo event

Default

No SNMP-Notification event is configured.

Views

CLI-defined policy view

Predefined user roles

network-admin

mdc-admin

Parameters

oid oid: Specifies the OID of the monitored MIB variable, a string of 1 to 256 characters.

oid-val oid-val: Specifies the threshold to be compared with the sampled value. The oid-val argument can be any data type supported by SNMP, including numerals and character strings. The CLI online help system displays the value range as character strings of 1 to 512 characters. If the threshold value contains spaces, you must enclose the value in quotation marks (" ").

op op: Specifies the operator for comparing the sampled value with the threshold. The policy is executed if the comparison result meets the condition. For keywords available for the start-op argument, see Table 35.

drop: Drops the notification if the comparison result meets the condition. If you do not specify this keyword, the system sends the notification.

Usage guidelines

Use SNMP-Notification event monitor policies to monitor variables in SNMP notifications.

EAA executes an SNMP-Notification event monitor policy when the value of the monitored variable in an SNMP notification meets the specified condition.

You can configure only one event for a monitor policy. If the monitor policy already contains an event, the new event replaces the old event.

Examples

# Configure a CLI-defined policy test to monitor SNMP notifications that contain the variable OID 1.3.6.1.4.1.25506.2.2.1.1.2.1.0. Enable the system to drop an SNMP notification and execute the policy if the variable in the notification contains the user name admin.

<Sysname> system-view

[Sysname] rtm cli-policy test

[Sysname-rtm-test] event snmp-notification oid 1.3.6.1.4.1.25506.2.2.1.1.2.1.0 oid-val admin op eq drop

event syslog

Use event syslog to configure a Syslog event for a CLI-defined monitor policy.

Use undo event to delete the event in a CLI-defined monitor policy.

Syntax

event syslog priority priority msg msg occurs times period period

undo event

Default

No Syslog event is configured.

Views

CLI-defined policy view

Predefined user roles

network-admin

mdc-admin

Parameters

priority priority: Specifies the lowest severity level for matching log messages. The level argument can be an integer in the range of 0 to 7, or the word all, which represents any severity level from 0 to 7. A lower number represents higher priority level. For example, specify a severity level of 3 to match log messages from level 3 to level 0.

msg msg: Specifies a regular expression to match the message body, a string of 1 to 255 characters. The log message must use the H3C format. For more information about log message formats, see "Configuring the information center."

occurs times period period: Executes the policy if the number of log matches over an interval exceeds the limit. The times argument specifies the maximum number of log matches in the range of 1 to 32. The period argument specifies an interval in the range of 1 to 4294967295 seconds.

Usage guidelines

Use Syslog event monitor policies to monitor log messages.

EAA executes a Syslog event monitor policy when the number of matching logs over an interval reaches the limit.

NOTE:

EAA does not count log messages generated by the RTM module when it counts log matches.

You can configure only one event for a monitor policy. If the monitor policy already contains an event, the new event replaces the old event.

Examples

# Configure a CLI-defined policy to monitor Syslog messages for level 3 to level 0 messages that contain the down string. Enable the policy to execute when five log matches are found within 6 seconds.

<Sysname> system-view

[Sysname] rtm cli-policy test

[Sysname-rtm-test] event syslog priority 3 msg down occurs 5 period 6

event track

Use event track to configure a track event for a CLI-defined monitor policy.

Use undo event to delete the event in a CLI-defined monitor policy.

Syntax

event track track-list state negative [ suppress-time suppress-time ]

undo event

Default

A CLI-defined policy does not contain a track event.

Views

CLI-defined policy view

Predefined user roles

network-admin

mdc-admin

Parameters

track-list: Specifies a space-separated list of up to 16 track items. Each item specifies a track entry number or a range of track entry numbers in the form of track-entry-number to track-entry-number. The value range for the track-entry-number argument is 1 to 1024.

state negative: Triggers the policy when the states of the track entries change from positive to negative.

suppress-time suppress-time: Specifies a suppress time in the range of 1 to 4294967295, in seconds. The default value is 0.

Usage guidelines

Use track event monitor policies to monitor state change of track entries. If you specify one track entry for a policy, EAA triggers the policy when the state of the track entry changes from positive to negative. If you specify multiple track entries for a policy, EAA triggers the policy only when the state of all the track entries changes from positive to negative.

If you set a suppress time for a track event monitor policy, the timer starts when the policy is triggered. The system does not process the messages that report the track entry positive-to-negative state change until the timer times out.

For example, to automatically disconnect the sessions between the local device and its down link BGP peers when the sessions between the local device and its uplink BGP peers are disconnected, you can configure a track event monitor policy as follows:

· Configure a track event for the policy and specify track entries to monitor the links between the local device and its uplink BGP peers.

· Add the CLI action peer ignore to the policy to disable BGP session establishment between the local device and its downlink BGP peers.

You can configure only one event entry for a monitor policy. If the monitor policy already contains an event entry, the new event entry replaces the old event entry.

Examples

# Create the CLI-defined monitor policy test. Configure a track event for the policy that occurs when the states of track entry 1 to track entry 8 change from positive to negative. Set the suppress time to 180 seconds for the policy. Configure an action for the policy that disconnects the session between the device and its BGP peer.

<Sysname>system-view

[Sysname] rtm cli-policy test

[Sysname-rtm-test] event track 1 to 8 state negative suppress-time 180

[Sysname-rtm-test] action 0 cli system-view

[Sysname-rtm-test] action 1 cli bgp 100

[Sysname-rtm-test] action 2 cli peer 10.1.1.1 ignore

rtm cli-policy

Use rtm cli-policy to create a CLI-defined EAA monitor policy and enter its view, or enter the view of an existing CLI-defined EAA monitor policy.

Use undo rtm cli-policy to delete a CLI-defined monitor policy.

Syntax

rtm cli-policy policy-name

undo rtm cli-policy policy-name

Default

No CLI-defined monitor policies exist.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

policy-name: Specifies the name of a CLI-defined monitor policy, a case-sensitive string of 1 to 63 characters.

Usage guidelines

You must create a CLI-defined monitor policy before you can use the CLI to configure settings in the policy.

You can assign the same policy name to a CLI-defined policy and a Tcl-defined policy, but you cannot assign the same name to policies that are the same type.

For a CLI-defined monitor policy to take effect, you must execute the commit command after you complete configuring the policy.

Examples

# Create a CLI-defined policy and enter its view.

<Sysname> system-view

[Sysname] rtm cli-policy test

Related commands

commit

rtm environment

Use rtm environment to configure an EAA environment variable.

Use undo rtm environment to delete a user-defined EAA environment variable.

Syntax

rtm environment var-name var-value

undo rtm environment var-name

Default

No user-defined EAA environment variables exist.

The system provides the variables in Table 36. You cannot create, delete, or modify these system-defined variables.

Table 36 System-defined EAA environment variables by event type

Variable name	Description
Any event:
_event_id	Event ID.
_event_type	Event type.
_event_type_string	Event type description.
_event_time	Time when the event occurs.
_event_severity	Severity level of an event.
CLI:
_cmd	Commands that are matched.
Syslog:
_syslog_pattern	Log message content.
Hotplug:
_slot	ID of the slot where a hot swap event occurs.
Interface:
_ifname	Interface name.
SNMP:
_oid	OID of the MIB variable where an SNMP operation is performed.
_oid_value	Value of the MIB variable.
SNMP-Notification:
_oid	OID that is included in the SNMP notification.
Process:
_process_name	Process name.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

var-value: Specifies the variable value.

Usage guidelines

When you define an action, you can enter a variable name with a leading dollar sign ($variable_name) instead of entering a value for an argument. EAA will replace the variable name with the variable value when it performs the action.

For an action argument, you can specify a list of variable names in the form of $variable_name1$variable_name2...$variable_nameN.

Examples

# Create an environment variable: set its name to if and set its value to interface.

<Sysname> system-view

[Sysname] rtm environment if interface

rtm scheduler suspend

Use rtm scheduler suspend to suspend monitor policies.

Use undo rtm scheduler suspend to resume monitor policies.

Syntax

rtm scheduler suspend

undo rtm scheduler suspend

Views

System view

Predefined user roles

network-admin

mdc-admin

Usage guidelines

You need to suspend the monitor policies under the following circumstances:

· The monitor policies are triggered frequently, affecting the system services and performance.

· The Tcl script of a policy needs to be revised.

After you execute this command, EAA will not execute the policies even if the trigger conditions are met.

This command does not suspend a running monitor policy until all its actions are executed.

Examples

# Suspend monitor policies.

<Sysname> system-view

[Sysname] rtm scheduler suspend

rtm tcl-policy

Use rtm tcl-policy to create a Tcl-defined policy and bind it to a Tcl script file.

Use undo rtm tcl-policy to delete a Tcl policy.

Syntax

rtm tcl-policy policy-name tcl-filename

undo rtm tcl-policy policy-name

Default

No Tcl policies exist.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

policy-name: Specifies a policy name, a case-sensitive string of 1 to 63 characters.

tcl-filename: Specifies a .tcl script file name. The file name is case sensitive. You must make sure the file is available on a storage medium of the device.

Usage guidelines

When you use this command to create a Tcl-defined policy, follow these guidelines:

Make sure the script file is saved on all MPUs. This practice ensures that the policy can run correctly after an active/standby or master/standby switchover occurs or the MPU where the script file resides fails or is removed.

This command both creates and enables the specified Tcl-defined monitor policy. To revise the Tcl script of a Tcl-defined policy, you must suspend all monitor policies first, and then resume the policies after you finish revising the script. The system cannot execute a Tcl-defined policy if you edit its Tcl script without suspending all monitor policies.

To bind a Tcl-defined policy to a different Tcl script file:

1. Execute the undo rtm tcl-policy policy-name command to delete the Tcl policy.

2. Create the Tcl policy again, and then bind it to the new Tcl script file.

You can assign the same policy name to a CLI-defined policy and a Tcl-defined policy. However, you cannot assign the same name to policies that are the same type.

Examples

# Create a Tcl policy and bind it to a Tcl script file.

<Sysname> system-view

[Sysname] rtm tcl-policy test test.tcl

running-time

Use running-time to configure the runtime of a CLI-defined policy.

Use undo running-time to restore the default.

Syntax

running-time time

undo running-time

Default

The runtime of a CLI-defined policy is 20 seconds.

Views

CLI-defined policy view

Predefined user roles

network-admin

mdc-admin

Parameters

time: Specifies the runtime of the CLI-defined policy, in the range of 0 to 31536000 seconds. If you specify 0, the policy can run forever until it is manually interrupted.

Usage guidelines

Policy runtime limits the amount of time that the monitor policy can run from the time it is triggered. When the runtime is reached, the system stops executing the policy even if the execution is not finished.

This setting prevents an incorrectly defined policy from running permanently to occupy resources.

Examples

# Set the runtime to 60 seconds for the CLI-defined policy test.

<Sysname> system-view

[Sysname] rtm cli-policy test

[Sysname-rtm-test] running-time 60

user-role

Use user-role to assign a user role to a CLI-defined policy.

Use undo user-role to remove a user role from a CLI-defined policy.

Syntax

user-role role-name

undo user-role role-name

Default

A monitor policy contains user roles that its creator had at the time of policy creation.

Views

CLI-defined policy view

Predefined user roles

network-admin

mdc-admin

Parameters

role-name: Specifies a user role by its name, a case-sensitive string of 1 to 63 characters.

Usage guidelines

For EAA to execute an action in a monitor policy, you must assign the policy the user role that has access to the action-specific commands and resources. If EAA lacks access to an action-specific command or resource, EAA does not perform the action and all the subsequent actions.

For example, a monitor policy has four actions numbered from 1 to 4. The policy has user roles that are required for performing actions 1, 3, and 4, but it does not have the user role required for performing action 2. When the policy is triggered, EAA executes only action 1.

A monitor policy supports a maximum of 64 valid user roles. User roles added after this limit is reached do not take effect.

Examples

# Assign user roles to a CLI-defined policy.

<Sysname> system-view

[Sysname] rtm cli-policy test

[Sysname-rtm-test] user-role network-admin

[Sysname-rtm-test] user-role admin

NQA commands

NQA client commands

advantage-factor

Use advantage-factor to set the advantage factor to be used for calculating Mean Opinion Scores (MOS) and Calculated Planning Impairment Factor (ICPIF) values.

Use undo advantage-factor to restore the default.

Syntax

advantage-factor factor

undo advantage-factor

Default

The advantage factor is 0.

Views

Voice operation view

Predefined user roles

network-admin

mdc-admin

Parameters

factor: Specifies the advantage factor in the range of 0 to 20.

Usage guidelines

The evaluation of voice quality depends on users' tolerance for voice quality. For users with higher tolerance for voice quality, use the advantage-factor command to set an advantage factor. When the system calculates the ICPIF value, it subtracts the advantage factor to modify ICPIF and MOS values for voice quality evaluation.

Examples

# Set the advantage factor to 10 for the voice operation.

<Sysname> system-view

[Sysname] nqa entry admin test

[Sysname-nqa-admin-test] type voice

[Sysname-nqa-admin-test-voice] advantage-factor 10

codec-type

Use codec-type to configure the codec type for the voice operation.

Use undo codec-type to restore the default.

Syntax

codec-type { g711a | g711u | g729a }

undo codec-type

Default

The codec type for the voice operation is G.711 A-law.

Views

Voice operation view

Predefined user roles

network-admin

mdc-admin

Parameters

g711a: Specifies G.711 A-law codec type.

g711u: Specifies G.711 µ-law codec type

g729a: Specifies G.729 A-law codec type.

Examples

# Set the codec type to g729a for the voice operation.

<Sysname> system-view

[Sysname] nqa entry admin test

[Sysname-nqa-admin-test] type voice

[Sysname-nqa-admin-test-voice] codec-type g729a

community read

Use community read to specify the community name for the SNMP operation.

Use undo community read to restore the default.

Syntax

community read { cipher | simple } community-name

undo community read

Default

The SNMP operation uses the community name public.

Views

SNMP operation view

Predefined user roles

network-admin

mdc-admin

Parameters

cipher: Specifies a community name in encrypted form.

simple: Specifies a community name in plaintext form. For security purposes, the community name specified in plaintext form will be stored in encrypted form.

community-name: Specifies the community name. Its plaintext form is a case-sensitive string of 1 to 32 characters. Its encrypted form is a case-sensitive string of 33 to 73 characters.

Usage guidelines

This command is available in Release 1138P01 and later versions.

You must specify the community name for the SNMP operation when both of the following conditions exist:

· The SNMP operation uses the SNMPv1 or SNMPv2c agent.

· The SNMPv1 or SNMPv2c agent is configured with a read-only or read-write community name.

The specified community name must be the same as the community name configured on the SNMP agent.

The community name configuration is not required if the SNMP operation uses the SNMPv3 agent.

For more information about SNMP, see "Configuring SNMP."

Examples

# Specify readaccess as the community name for the SNMP operation.

<Sysname> system-view

[Sysname] nqa entry admin test

[Sysname-nqa-admin-test] type snmp

[Sysname-nqa-admin-test-snmp] community read simple readaccess

data-fill

Use data-fill to configure the payload fill string for probe packets.

Use undo data-fill to restore the default.

Syntax

data-fill string

undo data-fill

Default

The payload fill string is the hexadecimal string 00010203040506070809.

Views

ICMP/UDP echo operation view

Path jitter/UDP jitter/voice operation view

ICMP/TCP/UDP template view

Predefined user roles

network-admin

mdc-admin

Parameters

string: Specifies a case-sensitive string of 1 to 200 characters.

Usage guidelines

If the payload length is smaller than the string length, only the first part of the string is filled. For example, if you configure the string as abcd and set the payload size to 3 bytes, abc is filled.

If the payload length is greater than the string length, the system fills the payload with the string cyclically until the payload is full. For example, if you configure the string as abcd and the payload size as 6 bytes, abcdab is filled.

How the string is filled depends on the operation type.

· For the ICMP echo operation, the string fills the whole payload of an ICMP echo request.

· For the UDP echo operation, the first five bytes of the payload of a UDP packet are for special purpose. The string fills the remaining part of payload.

· For the UDP jitter operation, the first 68 bytes of the payload of a UDP packet are for special purpose. The string fills the remaining part of the payload.

· For the voice operation, the first 16 bytes of the payload of a UDP packet are for special purpose. The string fills the remaining part of the payload.

· For the path jitter operation, the first four bytes of the payload of an ICMP echo request are for special purpose. The string fills the remaining part of payload.

Examples

# Specify abcd as the payload fill string for ICMP echo requests.

<Sysname> system-view

[Sysname] nqa entry admin test

[Sysname-nqa-admin-test] type icmp-echo

[Sysname-nqa-admin-test-icmp-echo] data-fill abcd

# In TCP template view, specify abcd as the payload fill string for probe packets.

<Sysname> system-view

[Sysname] nqa template tcp tcptplt

[Sysname-nqatplt-tcp-tcptplt] data-fill abcd

data-size

Use data-size to set the payload size for each probe packet.

Use undo data-size to restore the default.

Syntax

data-size size

undo data-size

Default

The default payload size of a probe packet for different operations is described in Table 37.

Table 37 Default payload size of a probe packet

Operation type	Codec type	Default size (bytes)
ICMP echo	N/A	100
UDP echo	N/A	100
UDP jitter	N/A	100
UDP tracert	N/A	100
Path jitter	N/A	100
Voice	G.711 A-law	172
Voice	G.711 µ-law	172
Voice	G.729 A-law	32

Views

ICMP/UDP echo operation view

UDP tracert operation view

Path jitter/UDP jitter/voice operation view

ICMP/UDP template view

Predefined user roles

network-admin

mdc-admin

Parameters

size: Specifies the payload size. Available value ranges include:

· 20 to 65507 bytes for the ICMP echo, UDP echo, or UDP tracert operation.

· 68 to 65507 bytes for the UDP jitter or path jitter operation.

· 16 to 65507 bytes for the voice operation.

Usage guidelines

In ICMP echo and path jitter operations, the command sets the payload size for each ICMP echo request.

In UDP echo, UDP jitter, UDP tracert, and voice operations, the command sets the payload size for each UDP packet.

Examples

# Set the payload size to 80 bytes for each ICMP echo request.

<Sysname> system-view

[Sysname] nqa entry admin test

[Sysname-nqa-admin-test] type icmp-echo

[Sysname-nqa-admin-test-icmp-echo] data-size 80

# In ICMP template view, set the payload size to 80 bytes for each probe packet.

<Sysname> system-view

[Sysname] nqa template icmp icmptplt

[Sysname-nqatplt-icmp-icmptplt] data-size 80

description

Use description to configure a description for an NQA operation, such as the operation type or purpose.

Use undo description to restore the default.

Syntax

description text

undo description

Default

No description is configured for an NQA operation.

Views

Any NQA operation view

Any NQA template view

Predefined user roles

network-admin

mdc-admin

Parameters

text: Specifies a description, a case-sensitive string of 1 to 200 characters.

Examples

# Configure the description as icmp-probe for the ICMP echo operation.

<Sysname> system-view

[Sysname] nqa entry admin test

[Sysname-nqa-admin-test] type icmp-echo

[Sysname-nqa-admin-test-icmp-echo] description icmp-probe

# In ICMP template view, configure the description as icmp-probe for the NQA operation.

<Sysname> system-view

[Sysname] nqa template icmp icmptplt

[Sysname-nqatplt-icmp-icmptplt] description icmp-probe

destination host

Use destination host to configure the destination host name for the operation.

Use undo destination host to restore the default.

Syntax

destination host host-name

undo destination host

Default

No destination host name is configured for the operation.

Views

UDP tracert operation view

Predefined user roles

network-admin

mdc-admin

Parameters

host-name: Specifies the destination host name, a case-sensitive string of 1 to 254 characters. The host name can contain letters, digits, hyphens (-), underscores (_), and dots (.), but consecutive dots (.) are not allowed. If the host name is a series of dot-separated labels, each label can contain a maximum of 63 characters.

Usage guidelines

This command is available in Release 1138P01 and later versions.

Examples

# Specify www.test.com as the destination host name for the UDP tracert operation.

<Sysname> system-view

[Sysname] nqa entry admin test

[Sysname-nqa-admin-test] type udp-tracert

[Sysname-nqa-admin-test-udp-tracert] destination host www.test.com

destination ip

Use destination ip to configure the destination IP address for the operation.

Use undo destination ip to restore the default.

Syntax

destination ip ip-address

undo destination ip

Default

No destination IP address is configured for an operation.

Views

ICMP echo/TCP/UDP echo operation view

DHCP/DLSw/DNS/FTP/HTTP/SNMP operation view

UDP tracert operation view

ICMP jitter/path jitter/UDP jitter/voice operation view

DNS/ICMP/SSL/TCP/TCP half open/UDP template view

Predefined user roles

network-admin

mdc-admin

Parameters

ip-address: Specifies the destination IP address for the operation.

Examples

# Specify 10.1.1.1 as the destination IP address for the ICMP echo operation.

<Sysname> system-view

[Sysname] nqa entry admin test

[Sysname-nqa-admin-test] type icmp-echo

[Sysname-nqa-admin-test-icmp-echo] destination ip 10.1.1.1

# In ICMP template view, specify 10.1.1.1 as the destination IP address for the ICMP echo operation.

<Sysname> system-view

[Sysname] nqa template icmp icmptplt

[Sysname-nqatplt-icmp-icmptplt] destination ip 10.1.1.1

destination port

Use destination port to configure the destination port number for the operation.

Use undo destination port to restore the default.

Syntax

destination port port-number

undo destination port

Default

The destination port number is 33434 for the UDP tracert operation.

The destination port numbers for the operations that use the following NQA templates are:

· 53 for the DNS template.

· 21 for the FTP template.

· 80 for the HTTP template.

· 443 for the HTTPS template.

No destination port number is configured for other types of operations.

Views

TCP/UDP echo operation view

UDP tracert operation view

UDP jitter/voice operation view

DNS/SSL/TCP/UDP template view

Predefined user roles

network-admin

mdc-admin

Parameters

port-number: Specifies the destination port number for the operation, in the range of 1 to 65535.

Examples

# Set the destination port number to 9000 for the UDP echo operation.

<Sysname> system-view

[Sysname] nqa entry admin test

[Sysname-nqa-admin-test] type udp-echo

[Sysname-nqa-admin-test-udp-echo] destination port 9000

# In TCP template view, set the destination port number to 9000 for the NQA operation.

<Sysname> system-view

[Sysname] nqa template tcp tcptplt

[Sysname-nqatplt-tcp-tcptplt] destination port 9000

display nqa history

Use display nqa history to display the history records of NQA operations.

Syntax

display nqa history [ admin-name operation-tag ]

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Parameters

admin-name operation-tag: Specifies an NQA operation by its administrator name and operation tag. The admin-name argument represents the name of the administrator who creates the NQA operation. The operation-tag argument represents the operation tag. Each of the arguments is a case-insensitive string of 1 to 32 characters that cannot contain hyphens (-). If you do not specify an NQA operation, the command displays the history records of all NQA operations.

Usage guidelines

The display nqa history command does not display the results or statistics of the following operations:

· ICMP jitter.

· Path jitter.

· UDP jitter.

· Voice.

To view the results or statistics of the ICMP jitter, path jitter, UDP jitter, and voice operations, use the display nqa result or display nqa statistics command.

Examples

# Display the history records of the UDP tracert operation with the administrator name administrator and the operation tag tracert.

<Sysname> display nqa history administrator tracert

NQA entry (admin administrator, tag tracert) history records:

Index TTL Response Hop IP Status Time

1 2 328 4.1.1.1 Succeeded 2013-09-09 14:46:06.2

1 2 328 4.1.1.1 Succeeded 2013-09-09 14:46:05.2

1 2 328 4.1.1.1 Succeeded 2013-09-09 14:46:04.2

1 1 328 3.1.1.2 Succeeded 2013-09-09 14:46:03.2

1 1 328 3.1.1.1 Succeeded 2013-09-09 14:46:02.2

1 1 328 3.1.1.1 Succeeded 2013-09-09 14:46:01.2

# Display the history records of the NQA operation with the administrator name administrator and the operation tag test.

<Sysname> display nqa history administrator test

NQA entry (admin administrator, tag test) history records:

Index Response Status Time

10 329 Succeeded 2011-04-29 20:54:26.5

9 344 Succeeded 2011-04-29 20:54:26.2

8 328 Succeeded 2011-04-29 20:54:25.8

7 328 Succeeded 2011-04-29 20:54:25.5

6 328 Succeeded 2011-04-29 20:54:25.1

5 328 Succeeded 2011-04-29 20:54:24.8

4 328 Succeeded 2011-04-29 20:54:24.5

3 328 Succeeded 2011-04-29 20:54:24.1

2 328 Succeeded 2011-04-29 20:54:23.8

1 328 Succeeded 2011-04-29 20:54:23.4

Table 38 Command output

Field	Description
Index	History record ID. The history records in one UDP tracert operation have the same ID.
TTL	TTL value in the probe packet.
Response	Round-trip time if the operation succeeds, timeout time upon timeout, or 0 if the operation cannot be completed, in milliseconds.
Hop IP	IP address of the node that sent the reply packet.
Status	Status of the operation result: · Succeeded. · Unknown error. · Internal error. · Timeout.
Time	Time when the operation was completed.

display nqa reaction counters

Use display nqa reaction counters to display the current monitoring results of reaction entries.

Syntax

display nqa reaction counters [ admin-name operation-tag [ item-number ] ]

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Parameters

item-number: Specifies a reaction entry by its ID in the range of 1 to 10. If you do not specify a reaction entry, the command displays the results of all reaction entries.

Usage guidelines

The result fields display hyphens (-) in one of the following conditions:

· The threshold type is the average value.

· The monitored performance metric is ICPIF or MOS of the voice operation.

The monitoring results of an operation are accumulated, and are not cleared after the operation completes.

Examples

# Display the monitoring results of all reaction entries of the ICMP echo operation with the administrator name admin and the operation tag test.

<Sysname> display nqa reaction counters admin test

NQA entry (admin admin, tag test) reaction counters:

Index Checked Element Threshold Type Checked Num Over-threshold Num

1 probe-duration accumulate 12 4

2 probe-duration average - -

3 probe-duration consecutive 160 56

4 probe-fail accumulate 12 0

5 probe-fail consecutive 162 2

Table 39 Command output

Field	Description
Index	ID of a reaction entry.
Checked Element	Monitored performance metric. The available performance metrics vary by NQA operation type. For more information, see Table 40 and Table 41.
Threshold Type	Threshold type.
Checked Num	Number of targets that have been monitored for data collection.
Over-threshold Num	Number of threshold violations.

Table 40 Monitored performance metrics for DHCP/DLSw/DNS/FTP/HTTP/ICMP echo/SNMP/TCP/UDP echo operations

Monitored performance metric	Threshold type	Collect data in	Checked Num	Over-threshold Num
probe-duration	accumulate	Probes after the operation starts.	Number of completed probes.	Number of probes with duration exceeding the threshold.
	average	N/A	N/A	N/A
	consecutive	Probes after the operation starts.	Number of completed probes.	Number of probes with duration exceeding the threshold.
probe-fail	accumulate	Probes after the operation starts.	Number of completed probes.	Number of probe failures.
probe-fail	consecutive	Probes after the operation starts.	Number of completed probes.	Number of probe failures.

Table 41 Monitored performance metrics for ICMP jitter/UDP jitter/voice operations

Monitored performance metric	Threshold type	Collect data in	Checked Num	Over-threshold Num
RTT	accumulate	Packets sent after the operation starts.	Number of sent packets.	Number of packets with round-trip time exceeding threshold.
RTT	average	N/A	N/A	N/A
jitter-DS/jitter-SD	accumulate	Packets sent after the operation starts.	Number of sent packets.	Number of packets with the one-way jitter exceeding the threshold.
jitter-DS/jitter-SD	average	N/A	N/A	N/A
OWD-DS/OWD-SD	N/A	Packets sent after the operation starts.	Number of sent packets.	Number of packets with the one-way delay exceeding the threshold.
packet-loss	accumulate	Packets sent after the operation starts.	Number of sent packets.	Total packet loss.
ICPIF/MOS (available only for the voice operation)	N/A	N/A	N/A	N/A

display nqa result

Use display nqa result to display the most recent result of the specified NQA operation.

Syntax

display nqa result [ admin-name operation-tag ]

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Parameters

Examples

# Display the most recent result of the TCP operation with the administrator name admin and the operation tag test.

<Sysname> display nqa result admin test

NQA entry (admin admin, tag test) test results:

Send operation times: 1 Receive response times: 1

Min/Max/Average round trip time: 35/35/35

Square-Sum of round trip time: 1225

Last succeeded probe time: 2011-05-29 10:50:33.2

Extended results:

Packet loss ratio: 0%

Failures due to timeout: 0

Failures due to disconnect: 0

Failures due to no connection: 0

Failures due to internal error: 0

Failures due to other errors: 0

# Display the most recent result of the ICMP jitter operation with the administrator name admin and the operation tag test.

<Sysname> display nqa result admin test

NQA entry (admin admin, tag test) test results:

Send operation times: 10 Receive response times: 10

Min/Max/Average round trip time: 1/2/1

Square-Sum of round trip time: 13

Last packet received time: 2015-03-09 17:40:29.8

Extended results:

Packet loss ratio: 0%

Failures due to timeout: 0

Failures due to internal error: 0

Failures due to other errors: 0

Packets out of sequence: 0

Packets arrived late: 0

ICMP-jitter results:

RTT number: 10

Min positive SD: 0 Min positive DS: 0

Max positive SD: 0 Max positive DS: 0

Positive SD number: 0 Positive DS number: 0

Positive SD sum: 0 Positive DS sum: 0

Positive SD average: 0 Positive DS average: 0

Positive SD square-sum: 0 Positive DS square-sum: 0

Min negative SD: 1 Min negative DS: 2

Max negative SD: 1 Max negative DS: 2

Negative SD number: 1 Negative DS number: 1

Negative SD sum: 1 Negative DS sum: 2

Negative SD average: 1 Negative DS average: 2

Negative SD square-sum: 1 Negative DS square-sum: 4

One way results:

Max SD delay: 1 Max DS delay: 2

Min SD delay: 1 Min DS delay: 2

Number of SD delay: 1 Number of DS delay: 1

Sum of SD delay: 1 Sum of DS delay: 2

Square-Sum of SD delay: 1 Square-Sum of DS delay: 4

Lost packets for unknown reason: 0

# Display the most recent result of the UDP jitter operation with the administrator name admin and the operation tag test.

<Sysname> display nqa result admin test

NQA entry (admin admin, tag test) test results:

Send operation times: 10 Receive response times: 10

Min/Max/Average round trip time: 15/46/26

Square-Sum of round trip time: 8103

Last packet received time: 2011-05-29 10:56:38.7

Extended results:

Packet loss ratio: 0%

Failures due to timeout: 0

Failures due to internal error: 0

Failures due to other errors: 0

Packets out of sequence: 0

Packets arrived late: 0

UDP-jitter results:

RTT number: 10

Min positive SD: 8 Min positive DS: 8

Max positive SD: 18 Max positive DS: 8

Positive SD number: 5 Positive DS number: 2

Positive SD sum: 75 Positive DS sum: 32

Positive SD average: 15 Positive DS average: 16

Positive SD square-sum: 1189 Positive DS square-sum: 640

Min negative SD: 8 Min negative DS: 1

Max negative SD: 24 Max negative DS: 30

Negative SD number: 4 Negative DS number: 7

Negative SD sum: 56 Negative DS sum: 99

Negative SD average: 14 Negative DS average: 14

Negative SD square-sum: 946 Negative DS square-sum: 1495

One way results:

Max SD delay: 22 Max DS delay: 23

Min SD delay: 7 Min DS delay: 7

Number of SD delay: 10 Number of DS delay: 10

Sum of SD delay: 125 Sum of DS delay: 132

Square-Sum of SD delay: 1805 Square-Sum of DS delay: 1988

SD lost packets: 0 DS lost packets: 0

Lost packets for unknown reason: 0

# Display the most recent result of the voice operation with the administrator name admin and the operation tag test.

<Sysname> display nqa result admin test

NQA entry (admin admin, tag test) test results:

Send operation times: 1000 Receive response times: 0

Min/Max/Average round trip time: 0/0/0

Square-Sum of round trip time: 0

Last packet received time: 0-00-00 00:00:00.0

Extended results:

Packet loss ratio: 100%

Failures due to timeout: 1000

Failures due to internal error: 0

Failures due to other errors: 0

Packets out of sequence: 0

Packets arrived late: 0

Voice results:

RTT number: 0

Min positive SD: 0 Min positive DS: 0

Max positive SD: 0 Max positive DS: 0

Positive SD number: 0 Positive DS number: 0

Positive SD sum: 0 Positive DS sum: 0

Positive SD average: 0 Positive DS average: 0

Positive SD square-sum: 0 Positive DS square-sum: 0

Min negative SD: 0 Min negative DS: 0

Max negative SD: 0 Max negative DS: 0

Negative SD number: 0 Negative DS number: 0

Negative SD sum: 0 Negative DS sum: 0

Negative SD average: 0 Negative DS average: 0

Negative SD square-sum: 0 Negative DS square-sum: 0

One way results:

Max SD delay: 0 Max DS delay: 0

Min SD delay: 0 Min DS delay: 0

Number of SD delay: 0 Number of DS delay: 0

Sum of SD delay: 0 Sum of DS delay: 0

Square-Sum of SD delay: 0 Square-Sum of DS delay: 0

SD lost packets: 0 DS lost packets: 0

Lost packets for unknown reason: 1000

Voice scores:

MOS value: 0.99 ICPIF value: 87

# Display the most recent result of the path jitter operation with the administrator name admin and the operation tag test.

<Sysname> display nqa result admin test

NQA entry (admin admin, tag test) test results:

Hop IP 192.168.40.210

Basic Results:

Send operation times: 10

Receive response times: 10

Min/Max/Average round trip time: 1/1/1

Square-Sum of round trip time: 10

Extended Results:

Packet loss ratio: 0%

Failures due to timeout: 0

Failures due to internal error: 0

Failures due to other errors: 0

Packets out of sequence: 0

Packets arrived late: 0

Path-Jitter Results:

Jitter number: 9

Min/Max/Average jitter: 0/0/0

Positive jitter number: 0

Min/Max/Average positive jitter: 0/0/0

Sum/Square-Sum positive jitter: 0/0

Negative jitter number: 0

Min/Max/Average negative jitter: 0/0/0

Sum/Square-Sum negative jitter: 0/0

Hop IP 192.168.50.209

Basic Results:

Send operation times: 10

Receive response times: 10

Min/Max/Average round trip time: 1/1/1

Square-Sum of round trip time: 10

Extended Results:

Packet loss ratio: 0%

Failures due to timeout: 0

Failures due to internal error: 0

Failures due to other errors: 0

Packets out of sequence: 0

Packets arrived late: 0

Path-Jitter Results:

Jitter number: 9

Min/Max/Average jitter: 0/0/0

Positive jitter number: 0

Min/Max/Average positive jitter: 0/0/0

Sum/Square-Sum positive jitter: 0/0

Negative jitter number: 0

Min/Max/Average negative jitter: 0/0/0

Sum/Square-Sum negative jitter: 0/0

# Display the most recent result of the UDP tracert operation with the administrator name admin and the operation tag test.

<Sysname> display nqa result admin test

NQA entry (admin admin, tag test) test results:

Send operation times: 6 Receive response times: 6

Min/Max/Average round trip time: 35/35/35

Square-Sum of round trip time: 1225

Last succeeded probe time: 2013-09-09 14:23:24.5

Extended results:

Packet loss ratio: 0%

Failures due to timeout: 0

Failures due to internal error: 0

Failures due to other errors: 0

UDP-tracert results:

TTL Hop IP Time

1 3.1.1.1 2013-09-09 14:23:24.5

2 4.1.1.1 2013-09-09 14:23:24.5

Table 42 Command output

Field	Description
Data collecting in progress	The operation is in progress.
Send operation times	Number of operations.
Receive response times	Number of response packets received.
Min/Max/Average round trip time	Minimum/maximum/average round-trip time in milliseconds.
Square-Sum of round trip time	Square sum of round-trip time.
Last succeeded probe time	Time when the last successful probe was completed. If no probes are successful in an operation, the field displays 0. This field is not available for UDP jitter, path jitter, and voice operations.
Last packet received time	Time when the last response packet was received. If no response packets in a probe were received, the field displays 0. This field is available only for UDP jitter and voice operations.
Packet loss ratio	Average packet loss ratio.
Failures due to timeout	Number of timeout occurrences in an operation.
Failures due to disconnect	Number of disconnections by the peer.
Failures due to no connection	Number of failures to connect with the peer.
Failures due to internal error	Number of failures due to internal errors.
Failures due to other errors	Failures due to other errors.
Packets out of sequence	Number of failures due to out-of-sequence packets.
ICMP-jitter results	ICMP jitter operation results. This field is available only for the ICMP jitter operation.
Packets arrived late	Number of response packets received after a probe times out.
UDP-jitter results	UDP jitter operation results. This field is available only for the UDP jitter operation.
Voice results	Voice operation results. This field is available only for the voice operation.
RTT number	Number of response packets received.
Min positive SD	Minimum positive jitter from source to destination.
Min positive DS	Minimum positive jitter from destination to source.
Max positive SD	Maximum positive jitter from source to destination.
Max positive DS	Maximum positive jitter from destination to source.
Positive SD number	Number of positive jitters from source to destination.
Positive DS number	Number of positive jitters from destination to source.
Positive SD sum	Sum of positive jitters from source to destination.
Positive DS sum	Sum of positive jitters from destination to source.
Positive SD average	Average positive jitters from source to destination.
Positive DS average	Average positive jitters from destination to source.
Positive SD square-sum	Square sum of positive jitters from source to destination.
Positive DS square-sum	Square sum of positive jitters from destination to source.
Min negative SD	Minimum absolute value among negative jitters from source to destination.
Min negative DS	Minimum absolute value among negative jitters from destination to source.
Max negative SD	Maximum absolute value among negative jitters from source to destination.
Max negative DS	Maximum absolute value among negative jitters from destination to source.
Negative SD number	Number of negative jitters from source to destination.
Negative DS number	Number of negative jitters from destination to source.
Negative SD sum	Sum of absolute values of negative jitters from source to destination.
Negative DS sum	Sum of absolute values of negative jitters from destination to source.
Negative SD average	Average absolute value of negative jitters from source to destination.
Negative DS average	Average absolute value of negative jitters from destination to source.
Negative SD square-sum	Square sum of negative jitters from source to destination.
Negative DS square-sum	Square sum of negative jitters from destination to source.
One way results	Unidirectional delay. This field is available only for the ICMP jitter, UDP jitter, and voice operations.
Max SD delay	Maximum delay from source to destination.
Max DS delay	Maximum delay from destination to source.
Min SD delay	Minimum delay from source to destination.
Min DS delay	Minimum delay from destination to source.
Number of SD delay	Number of delays from source to destination.
Number of DS delay	Number of delays from destination to source.
Sum of SD delay	Sum of delays from source to destination.
Sum of DS delay	Sum of delays from destination to source.
Square-Sum of SD delay	Square sum of delays from source to destination.
Square-Sum of DS delay	Square sum of delays from destination to source.
SD lost packets	Number of lost packets from the source to the destination.
DS lost packets	Number of lost packets from the destination to the source.
Lost packets for unknown reason	Number of lost packets for unknown reasons.
Voice scores	Voice parameters. This field is available only for the voice operation.
MOS value	MOS value calculated for the voice operation.
ICPIF value	ICPIF value calculated for the voice operation.
Hop IP	IP address of the hop. This field is available only for the path jitter operation.
Path-jitter results	Path jitter operation results. This field is available only for the path jitter operation.
Jitter number	Number of jitters. This field is available only for the path jitter operation.
Min/Max/Average jitter	Minimum/maximum/average jitter in milliseconds. This field is available only for the path jitter operation.
Positive jitter number	Number of positive jitter. This field is available only for the path jitter operation.
Min/Max/Average positive jitter	Minimum/maximum/average positive jitter in milliseconds. This field is available only for the path jitter operation.
Sum/Square-Sum positive jitter	Sum/square sum of the positive jitter. This field is available only for the path jitter operation.
Negative jitter number	Number of negative jitter. This field is available only for the path jitter operation.
Min/Max/Average negative jitter	Minimum/maximum/average negative jitter in milliseconds. This field is available only for the path jitter operation.
Sum/Square-Sum negative jitter	Sum/square sum of the negative jitter. This field is available only for the path jitter operation.
TTL	TTL value in the received reply packet.
Hop IP	IP address of the node that sent the reply packet.
Time	Time when the NQA client received the reply packet.

display nqa statistics

Use display nqa statistics to display NQA operation statistics.

Syntax

display nqa statistics [ admin-name operation-tag ]

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Parameters

Usage guidelines

The statistics are generated after the NQA operation completes. If you execute the display nqa statistics command before the operation completes, the statistics are displayed as all 0s.

If a reaction entry is configured, the command displays the monitoring results of the reaction entry in the period specified by the statistics internal command. The result fields display hyphens (-) in one of the following conditions:

· The threshold type is average value.

· The monitored performance metric is ICPIF or MOS for the voice operation.

Examples

# Display the statistics for the TCP operation with the administrator name admin and the operation tag test.

<Sysname> display nqa statistics admin test

NQA entry (admin admin, tag test) test statistics:

NO. : 1

Start time: 2007-01-01 09:30:20.0

Life time: 2 seconds

Send operation times: 1 Receive response times: 1

Min/Max/Average round trip time: 13/13/13

Square-Sum of round trip time: 169

Extended results:

Packet loss ratio: 0%

Failures due to timeout: 0

Failures due to disconnect: 0

Failures due to no connection: 0

Failures due to internal error: 0

Failures due to other errors: 0

# Display the statistics for the ICMP jitter operation with the administrator name admin and the operation tag test.

<Sysname> display nqa statistics admin test

NQA entry (admin admin, tag test) test statistics:

NO. : 1

Start time: 2015-03-09 17:42:10.7

Life time: 156 seconds

Send operation times: 1560 Receive response times: 1560

Min/Max/Average round trip time: 1/2/1

Square-Sum of round trip time: 1563

Extended results:

Packet loss ratio: 0%

Failures due to timeout: 0

Failures due to internal error: 0

Failures due to other errors: 0

Packets out of sequence: 0

Packets arrived late: 0

ICMP-jitter results:

RTT number: 1560

Min positive SD: 1 Min positive DS: 1

Max positive SD: 1 Max positive DS: 2

Positive SD number: 18 Positive DS number: 46

Positive SD sum: 18 Positive DS sum: 49

Positive SD average: 1 Positive DS average: 1

Positive SD square-sum: 18 Positive DS square-sum: 55

Min negative SD: 1 Min negative DS: 1

Max negative SD: 1 Max negative DS: 2

Negative SD number: 24 Negative DS number: 57

Negative SD sum: 24 Negative DS sum: 58

Negative SD average: 1 Negative DS average: 1

Negative SD square-sum: 24 Negative DS square-sum: 60

One way results:

Max SD delay: 1 Max DS delay: 2

Min SD delay: 1 Min DS delay: 1

Number of SD delay: 4 Number of DS delay: 4

Sum of SD delay: 4 Sum of DS delay: 5

Square-Sum of SD delay: 4 Square-Sum of DS delay: 7

Lost packets for unknown reason: 0

Reaction statistics:

Index Checked Element Threshold Type Checked Num Over-threshold Num

1 jitter-DS accumulate 1500 10

2 jitter-SD average - -

3 OWD-DS - 1560 2

4 OWD-SD - 1560 0

5 packet-loss accumulate 0 0

6 RTT accumulate 1560 0

# Display the statistics for the UDP jitter operation with the administrator name admin and the operation tag test.

<Sysname> display nqa statistics admin test

NQA entry (admin admin, tag test) test statistics:

NO. : 1

Start time: 2007-01-01 09:33:22.3

Life time: 23 seconds

Send operation times: 100 Receive response times: 100

Min/Max/Average round trip time: 1/11/5

Square-Sum of round trip time: 24360

Extended results:

Packet loss ratio: 0%

Failures due to timeout: 0

Failures due to internal error: 0

Failures due to other errors: 0

Packets out of sequence: 0

Packets arrived late: 0

UDP-jitter results:

RTT number: 550

Min positive SD: 1 Min positive DS: 1

Max positive SD: 7 Max positive DS: 1

Positive SD number: 220 Positive DS number: 97

Positive SD sum: 283 Positive DS sum: 287

Positive SD average: 1 Positive DS average: 2

Positive SD square-sum: 709 Positive DS square-sum: 1937

Min negative SD: 2 Min negative DS: 1

Max negative SD: 10 Max negative DS: 1

Negative SD number: 81 Negative DS number: 94

Negative SD sum: 556 Negative DS sum: 191

Negative SD average: 6 Negative DS average: 2

Negative SD square-sum: 4292 Negative DS square-sum: 967

One way results:

Max SD delay: 5 Max DS delay: 5

Min SD delay: 1 Min DS delay: 1

Number of SD delay: 550 Number of DS delay: 550

Sum of SD delay: 1475 Sum of DS delay: 1201

Square-Sum of SD delay: 5407 Square-Sum of DS delay: 3959

SD lost packets: 0 DS lost packets: 0

Lost packets for unknown reason: 0

Reaction statistics:

Index Checked Element Threshold Type Checked Num Over-threshold Num

1 jitter-DS accumulate 90 25

2 jitter-SD average - -

3 OWD-DS - 100 24

4 OWD-SD - 100 13

5 packet-loss accumulate 0 0

6 RTT accumulate 100 52

# Display the statistics for the voice operation with the administrator name admin and the operation tag test.

<Sysname> display nqa statistics admin test

NQA entry (admin admin, tag test) test statistics:

NO. : 1

Start time: 2007-01-01 09:33:45.3

Life time: 120 seconds

Send operation times: 10 Receive response times: 10

Min/Max/Average round trip time: 1/12/7

Square-Sum of round trip time: 620

Extended results:

Packet loss ratio: 0%

Failures due to timeout: 0

Failures due to internal error: 0

Failures due to other errors: 0

Packets out of sequence: 0

Packets arrived late: 0

Voice results:

RTT number: 10

Min positive SD: 3 Min positive DS: 1

Max positive SD: 10 Max positive DS: 1

Positive SD number: 3 Positive DS number: 2

Positive SD sum: 18 Positive DS sum: 2

Positive SD average: 6 Positive DS average: 1

Positive SD square-sum: 134 Positive DS square-sum: 2

Min negative SD: 3 Min negative DS: 1

Max negative SD: 9 Max negative DS: 1

Negative SD number: 4 Negative DS number: 2

Negative SD sum: 25 Negative DS sum: 2

Negative SD average: 6 Negative DS average: 1

Negative SD square-sum: 187 Negative DS square-sum: 2

One way results:

Max SD delay: 0 Max DS delay: 0

Min SD delay: 0 Min DS delay: 0

Number of SD delay: 0 Number of DS delay: 0

Sum of SD delay: 0 Sum of DS delay: 0

Square-Sum of SD delay: 0 Square-Sum of DS delay: 0

SD lost packets: 0 DS lost packets: 0

Lost packets for unknown reason: 0

Voice scores:

Max MOS value: 4.40 Min MOS value: 4.40

Max ICPIF value: 0 Min ICPIF value: 0

Reaction statistics:

Index Checked Element Threshold Type Checked Num Over-threshold Num

1 ICPIF - - -

2 MOS - - -

# Display the statistics for the path jitter operation with the administrator name admin and the operation tag test.

<Sysname> display nqa statistics admin test

NQA entry (admin admin, tag test) test statistics:

NO. : 1

Path 1:

Hop IP 192.168.40.210

Basic Results:

Send operation times: 10

Receive response times: 10

Min/Max/Average round trip time: 1/1/1

Square-Sum of round trip time: 10

Extended Results:

Packet loss ratio: 0%

Failures due to timeout: 0

Failures due to internal error: 0

Failures due to other errors: 0

Packets out of sequence: 0

Packets arrived late: 0

Path-Jitter Results:

Jitter number: 9

Min/Max/Average jitter: 0/0/0

Positive jitter number: 0

Min/Max/Average positive jitter: 0/0/0

Sum/Square-Sum positive jitter: 0/0

Negative jitter number: 0

Min/Max/Average negative jitter: 0/0/0

Sum/Square-Sum negative jitter: 0/0

Hop IP 192.168.50.209

Basic Results:

Send operation times: 10

Receive response times: 10

Min/Max/Average round trip time: 1/1/1

Square-Sum of round trip time: 10

Extended Results:

Packet loss ratio: 0%

Failures due to timeout: 0

Failures due to internal error: 0

Failures due to other errors: 0

Packets out of sequence: 0

Packets arrived late: 0

Path-Jitter Results:

Jitter number: 9

Min/Max/Average jitter: 0/0/0

Positive jitter number: 0

Min/Max/Average positive jitter: 0/0/0

Sum/Square-Sum positive jitter: 0/0

Negative jitter number: 0

Min/Max/Average negative jitter: 0/0/0

Sum/Square-Sum negative jitter: 0/0

Table 43 Command output

Field	Description
No.	Statistics group ID.
Start time	Time when the operation started.
Life time	Duration of the operation in seconds.
Send operation times	Number of probe packets sent.
Receive response times	Number of response packets received.
Min/Max/Average round trip time	Minimum/maximum/average round-trip time in milliseconds.
Square-Sum of round trip time	Square sum of round-trip time.
Packet loss ratio	Average packet loss ratio.
Failures due to timeout	Number of timeout occurrences in an operation.
Failures due to disconnect	Number of disconnections by the peer.
Failures due to no connection	Number of failures to connect with the peer.
Failures due to internal error	Number of failures due to internal errors.
Failures due to other errors	Failures due to other errors.
Packets out of sequence	Number of failures due to out-of-sequence packets.
Packets arrived late	Number of response packets received after a probe times out.
ICMP-jitter results	ICMP jitter operation results. This field is available only for the ICMP jitter operation.
UDP-jitter results	UDP jitter operation results. This field is available only for the UDP jitter operation.
Voice results	Voice operation results. This field is available only for the voice operation.
RTT number	Number of response packets received.
Min positive SD	Minimum positive jitter from source to destination.
Min positive DS	Minimum positive jitter from destination to source.
Max positive SD	Maximum positive jitter from source to destination.
Max positive DS	Maximum positive jitter from destination to source.
Positive SD number	Number of positive jitters from source to destination.
Positive DS number	Number of positive jitters from destination to source.
Positive SD sum	Sum of positive jitters from source to destination.
Positive DS sum	Sum of positive jitters from destination to source.
Positive SD average	Average positive jitters from source to destination.
Positive DS average	Average positive jitters from destination to source.
Positive SD square-sum	Square sum of positive jitters from source to destination.
Positive DS square-sum	Square sum of positive jitters from destination to source.
Min negative SD	Minimum absolute value among negative jitters from source to destination.
Min negative DS	Minimum absolute value among negative jitters from destination to source.
Max negative SD	Maximum absolute value among negative jitters from source to destination.
Max negative DS	Maximum absolute value among negative jitters from destination to source.
Negative SD number	Number of negative jitters from source to destination.
Negative DS number	Number of negative jitters from destination to source.
Negative SD sum	Sum of absolute values of negative jitters from source to destination.
Negative DS sum	Sum of absolute values of negative jitters from destination to source.
Negative SD average	Average absolute value of negative jitters from source to destination.
Negative DS average	Average absolute value of negative jitters from destination to source.
Negative SD square-sum	Square sum of negative jitters from source to destination.
Negative DS square-sum	Square sum of negative jitters from destination to source.
One way results	Unidirectional delay result. This field is available only for the ICMP jitter, UDP jitter, and voice operations.
Max SD delay	Maximum delay from source to destination.
Max DS delay	Maximum delay from destination to source.
Min SD delay	Minimum delay from source to destination.
Min DS delay	Minimum delay from destination to source.
Number of SD delay	Number of delays from source to destination.
Number of DS delay	Number of delays from destination to source.
Sum of SD delay	Sum of delays from source to destination.
Sum of DS delay	Sum of delays from destination to source.
Square-Sum of SD delay	Square sum of delays from source to destination.
Square-Sum of DS delay	Square sum of delays from destination to source.
SD lost packets	Number of lost packets from the source to the destination.
DS lost packets	Number of lost packets from the destination to the source.
Lost packets for unknown reason	Number of lost packets for unknown reasons.
Voice scores	Voice parameters. This field is available only for the voice operation.
Max MOS value	Maximum MOS value.
Min MOS value	Minimum MOS value.
Max ICPIF value	Maximum ICPIF value.
Min ICPIF value	Minimum ICPIF value.
Reaction statistics	Statistics about the reaction entry in the counting interval.
Index	ID of a reaction entry.
Checked Element	Monitored element.
Threshold Type	Threshold type.
Checked Num	Number of targets that have been monitored for data collection.
Over-threshold Num	Number of threshold violations.
Path	Serial number for the path in the path jitter operation. This field is available only for the path jitter operation.
Hop IP	IP address of the hop. This field is available only for the path jitter operation.
Path-jitter results	Path jitter operation results. This field is available only for the path jitter operation.
Jitter number	Number of jitters. This field is available only for the path jitter operation.
Min/Max/Average jitter	Minimum/maximum/average positive jitter in milliseconds. This field is available only for the path jitter operation.
Positive jitter number	Number of positive jitters. This field is available only for the path jitter operation.
Min/Max/Average positive jitter	Minimum/maximum/average positive jitter in milliseconds. This field is available only for the path jitter operation.
Sum/Square-Sum positive jitter	Sum/square sum of positive jitters. This field is available only for the path jitter operation.
Negative jitter number	Number of negative jitters. This field is available only for the path jitter operation.
Min/Max/Average negative jitter	Minimum/maximum/average negative jitter in milliseconds. This field is available only for the path jitter operation.
Sum/Square-Sum negative jitter	Sum/square sum of negative jitters. This field is available only for the path jitter operation.

Table 44 Monitored performance metrics for DHCP/DLSw/DNS/FTP/HTTP/ICMP echo/SNMP/TCP/UDP echo operations

Monitored performance metric	Threshold type	Collect data in	Checked Num	Over-threshold Num
probe-duration	accumulate	Probes in the counting interval.	Number of completed probes.	Number of probes of which the duration exceeds the threshold.
	average	N/A	N/A	N/A
	consecutive	Probes in the counting interval.	Number of completed probes.	Number of probes of which the duration exceeds the threshold.
probe-fail	accumulate	Probes in the counting interval.	Number of completed probes.	Number of probe failures.
probe-fail	consecutive	Probes in the counting interval.	Number of completed probes.	Number of probe failures.

Table 45 Monitored performance metrics for ICMP jitter/UDP jitter/voice operations

Monitored performance metric	Threshold type	Collect data in	Checked Num	Over-threshold Num
RTT	accumulate	Packets sent in the counting interval.	Number of sent packets.	Number of packets of which the round-trip time exceeds the threshold.
RTT	average	N/A	N/A	N/A
jitter-DS/jitter-SD	accumulate	Packets sent in the counting interval.	Number of sent packets.	Number of packets of which the one-way jitter exceeds the threshold.
jitter-DS/jitter-SD	average	N/A	N/A	N/A
OWD-DS/OWD-SD	N/A	Packets sent in the counting interval.	Number of sent packets.	Number of packets of which the one-way delay exceeds the threshold.
packet-loss	accumulate	Packets sent in the counting interval.	Number of sent packets.	Number of packet loss.
ICPIF/MOS (available only for the voice operation)	N/A	N/A	N/A	N/A

Related commands

statistics interval

expect data

Use expect data to configure the expected data.

Use undo expect data to restore the default.

Syntax

expect data expression [ offset number ]

undo expect data

Default

No expected data is configured.

Views

HTTP/HTTPS/TCP/UDP template view

Predefined user roles

network-admin

mdc-admin

Parameters

expression: Specifies the expected data, a case-sensitive string of 1 to 200 characters.

offset number: Specifies the offset in bytes after which the first match operation starts. The value range for the number argument is 0 to 1000, and the default value is 0. If you do not specify an offset, the match operation starts from the beginning byte of the payload.

Usage guidelines

Upon receiving a response packet, the NQA client examines the target payload for the expected data.

· If a match is found, the NQA client verifies the NQA destination device as legal.

· If no match is found, the NQA client looks up the entire payload for a match. If no match is found again, the NQA destination device is verified as illegal. The NQA client does not perform the second round if no offset is specified. It verifies the NQA destination as illegal directly if no match is found for the first round.

Expected data check takes place in the following conditions:

· For features that use the HTTP or HTTPS template, the NQA client checks for the expected data if the response contains the Content-Length header.

· For features that use the TCP or UDP template, the NQA client checks for the expected data if the data-fill command is configured.

The first five bytes of the UDP packet payload identify the probe packet type. The start byte of the offset is the sixth byte of the UDP payload.

Examples

# In HTTP template view, set the expected data to welcome!.

<Sysname> system-view

[Sysname] nqa template http httptplt

[Sysname-nqatplt-http-httptplt] expect data welcome!

expect ip

Use expect ip to specify the expected IP address.

Use undo expect ip to restore the default.

Syntax

expect ip ip-address

undo expect ip

Default

No expected IP address is specified.

Views

DNS template view

Predefined user roles

network-admin

mdc-admin

Parameters

ip-address: Specifies the expected IP address for a DNS echo request.

Usage guidelines

During a DNS operation, the NQA client compares the expected IP address with the IP address resolved by the DNS server. If they are the same, it considers the DNS server legal.

Examples

# In DNS template view, specify 1.1.1.1 as the expected IP address.

<Sysname> system-view

[Sysname] nqa template dns dnstplt

[Sysname-nqatplt-dns-dnstplt] expect ip 1.1.1.1

expect status

Use expect status to configure the expected status code.

Use undo expect status to restore the default.

Syntax

expect status status-list

undo expect status [ status-list ]

Default

No expected status code is configured.

Views

HTTP template view

HTTPS template view

Predefined user roles

network-admin

mdc-admin

Parameters

status-list: Specifies a space-separated list of up to 10 status code items. Each item specifies a status code or a range of status codes in the form of status-num 1 to status-num 2. The value ranges for both the status-num 1 and status-num 2 arguments are 0 to 999. The value for the status-num 2 argument must be equal to or greater than the value for the status-num 1 argument.

Usage guidelines

The status code of the HTTP or HTTPS packet is a three-digit field in decimal notation, and the code includes the server status information. The first digit defines the class of response.

Examples

# In HTTP template view, set the expected status codes to 200, 300, and 400 to 500.

<Sysname> system-view

[Sysname] nqa template http httptplt

[Sysname-nqatplt-http-httptplt] expect status 200 300 400 to 500

filename

Use filename to specify a file to be transferred between the FTP server and the FTP client.

Use undo filename to restore the default.

Syntax

filename filename

undo filename

Default

No file is specified.

Views

FTP operation view

FTP template view

Predefined user roles

network-admin

mdc-admin

Parameters

filename: Specifies the name of a file, a case-sensitive string of 1 to 200 characters that cannot contain slashes (/).

Examples

# Specify config.txt as the file to be transferred between the FTP server and the FTP client for the FTP operation.

<Sysname> system-view

[Sysname] nqa entry admin test

[Sysname-nqa-admin-test] type ftp

[Sysname-nqa-admin-test-ftp] filename config.txt

# In FTP template view, specify config.txt as the file to be transferred between the FTP server and the FTP client.

<Sysname> system-view

[Sysname] nqa template ftp ftptplt

[Sysname-nqatplt-ftp-ftptplt] filename config.txt

frequency

Use frequency to specify the interval at which the NQA operation repeats.

Use undo frequency to restore the default.

Syntax

frequency interval

undo frequency

Default

In NQA operation view, the interval between two consecutive voice or path jitter operations is 60000 milliseconds. The interval between two consecutive operations of other types is 0 milliseconds.

In NQA template view, the interval between two consecutive operations is 5000 milliseconds.

Views

ICMP echo/TCP/UDP echo operation view

DHCP/DLSw/DNS/FTP/HTTP/SNMP operation view

UDP tracert operation view

ICMP jitter/path jitter/UDP jitter/voice operation view

Any NQA template view

Predefined user roles

network-admin

mdc-admin

Parameters

interval: Specifies the interval between two consecutive operations, in the range of 0 to 604800000 milliseconds. An interval of 0 milliseconds configures NQA to perform the operation only once, and not to generate any statistics.

Usage guidelines

If an operation is not completed when the interval is reached, the next operation does not start.

Examples

# Configure the ICMP echo operation to repeat every 1000 milliseconds.

<Sysname> system-view

[Sysname] nqa entry admin test

[Sysname-nqa-admin-test] type icmp-echo

[Sysname-nqa-admin-test-icmp-echo] frequency 1000

# In DNS template view, configure the DNS operation to repeat every 1000 milliseconds.

<Sysname> system-view

[Sysname] nqa template dns dnstplt

[Sysname-nqatplt-dns-dnstplt] frequency 1000

history-record enable

Use history-record enable to enable the saving of history records for the NQA operation.

Use undo history-record enable to disable the saving of history records.

Syntax

history-record enable

undo history-record enable

Default

The saving of history records is enabled only for the UDP tracert operation.

Views

ICMP echo/TCP/UDP echo operation view

DHCP/DLSw/DNS/FTP/HTTP/SNMP operation view

UDP tracert operation view

Predefined user roles

network-admin

mdc-admin

Usage guidelines

To display the history records of the NQA operation, use the display nqa history command.

The undo form of the command also removes existing history records of an NQA operation.

Examples

# Enable the saving of history records for the NQA operation.

<Sysname> system-view

[Sysname] nqa entry admin test

[Sysname-nqa-admin-test] type icmp-echo

[Sysname-nqa-admin-test-icmp-echo] history-record enable

Related commands

display nqa history

history-record keep-time

Use history-record keep-time to set the lifetime of history records for an NQA operation.

Use undo history-record keep-time to restore the default.

Syntax

history-record keep-time keep-time

undo history-record keep-time

Default

The history records of an NQA operation are kept for 120 minutes.

Views

ICMP echo/TCP/UDP echo operation view

DHCP/DLSw/DNS/FTP/HTTP/SNMP operation view

UDP tracert operation view

Predefined user roles

network-admin

mdc-admin

Parameters

keep-time: Specifies how long the history records can be saved. The value range is 1 to 1440 minutes.

Usage guidelines

When an NQA operation completes, the timer starts. All records are removed when the lifetime is reached.

Examples

# Set the lifetime of the history records to 100 minutes for the ICMP echo operation.

<Sysname> system-view

[Sysname] nqa entry admin test

[Sysname-nqa-admin-test] type icmp-echo

[Sysname-nqa-admin-test-icmp-echo] history-record keep-time 100

history-record number

Use history-record number to set the maximum number of history records that can be saved for an NQA operation.

Use undo history-record number to restore the default.

Syntax

history-record number number

undo history-record number

Default

A maximum of 50 history records can be saved for an NQA operation.

Views

ICMP echo/TCP/UDP echo operation view

DHCP/DLSw/DNS/FTP/HTTP/SNMP operation view

UDP tracert operation view

Predefined user roles

network-admin

mdc-admin

Parameters

number: Specifies the maximum number of history records that can be saved for an NQA operation. The value range is 0 to 50.

Usage guidelines

If the number of history records for an NQA operation exceeds the maximum number, earliest history records are removed.

Examples

# Set the maximum number of history records to 10 for the ICMP echo operation.

<Sysname> system-view

[Sysname] nqa entry admin test

[Sysname-nqa-admin-test] type icmp-echo

[Sysname-nqa-admin-test-icmp-echo] history-record number 10

init-ttl

Use init-ttl to set the TTL value for UDP packets in the start round of the UDP tracert operation.

Use undo init-ttl to restore the default.

Syntax

init-ttl value

undo init-ttl

Default

The NQA client sends a UDP packet with the TTL value 1 to start the UDP tracert operation.

Views

UDP tracert operation view

Predefined user roles

network-admin

mdc-admin

Parameters

value: Specifies the TTL value in the range of 1 to 255.

Usage guidelines

This command is available in Release 1138P01 and later versions.

Examples

# Set the TTL value to 5 for the UDP packets in the start round.

<Sysname> system-view

[Sysname] nqa entry admin test

[Sysname-nqa-admin-test] type udp-tracert

[Sysname-nqa-admin-test-udp-tracert] init-ttl 5

lsr-path

Use lsr-path to specify a loose source routing (LSR) path.

Use undo lsr-path to restore the default.

Syntax

lsr-path ip-address&<1-8>

undo lsr-path

Default

No LSR path is configured.

Views

Path jitter operation view

Predefined user roles

network-admin

mdc-admin

Parameters

ip-address&<1-8>: Specifies a space-separated list of up to eight IP addresses. Each IP address represents a hop on the path.

Usage guidelines

The path jitter operation first uses tracert to detect each hop to the destination. It then sends ICMP echo requests to measure the delay and jitters from the source to each node. If multiple routes exist between the source and destination, the operation uses the path specified by using lsr-path command.

Examples

# Specify 10.1.1.20 and 10.1.2.10 as the hops on the LSR path for the path jitter operation.

<Sysname> system-view

[Sysname] nqa entry admin test

[Sysname-nqa-admin-test] type path-jitter

[Sysname-nqa-admin-test- path-jitter] lsr-path 10.1.1.20 10.1.2.10

max-failure

Use max-failure to set the maximum number of consecutive probe failures in a UDP tracert operation.

Use undo max-failure to restore the default.

Syntax

max-failure times

undo max-failure

Default

A UDP tracert operation stops and fails when it detects five consecutive probe failures.

Views

UDP tracert operation view

Predefined user roles

network-admin

mdc-admin

Parameters

times: Specifies the maximum number in the range of 0 to 255. When this argument is set to 0 or 255, the UDP tracert operation does not stop when consecutive probe failures occur.

Usage guidelines

This command is available in Release 1138P01 and later versions.

When a UDP tracert operation detects the maximum number of consecutive probe failures, the operation fails and stops probing the path.

Examples

# Set the maximum number of consecutive probe failures to 20 in a UDP tracert operation.

<Sysname> system-view

[Sysname] nqa entry admin test

[Sysname-nqa-admin-test] type udp-tracert

[Sysname-nqa-admin-test-udp-tracert] max-failure 20

mode

Use mode to set the data transmission mode for the FTP operation.

Use undo mode to restore the default.

Syntax

mode { active | passive }

undo mode

Default

The FTP operation uses the data transmission mode active.

Views

FTP operation view

FTP template view

Predefined user roles

network-admin

mdc-admin

Parameters

active: Sets the data transmission mode to active. The FTP server initiates a connection request.

passive: Sets the data transmission mode to passive. The FTP client initiates a connection request.

Examples

# Set the data transmission mode to passive for the FTP operation.

<Sysname> system-view

[Sysname] nqa entry admin test

[Sysname-nqa-admin-test] type ftp

[Sysname-nqa-admin-test-ftp] mode passive

# In FTP template view, set the data transmission mode to passive for the FTP operation.

<Sysname> system-view

[Sysname] nqa template ftp ftptplt

[Sysname-nqatplt-ftp-ftptplt] mode passive

next-hop ip

Use next-hop ip to specify the next hop IP address for probe packets.

Use undo next-hop ip to restore the default.

Syntax

next-hop ip ip-address

undo next-hop ip

Default

No next hop IP address is specified for probe packets.

Views

ICMP echo operation view

ICMP/TCP half open template view

Predefined user roles

network-admin

mdc-admin

Parameters

ip-address: Specifies the IP address of the next hop.

Usage guidelines

This command is available in Release 1138P01 and later versions.

If the next hop IP address is not configured, the device searches the routing table to determine the next hop IP address for the probe packets.

Examples

# Specify 10.1.1.1 as the next hop IP address for the ICMP echo operation.

<Sysname> system-view

[Sysname] nqa entry admin test

[Sysname-nqa-admin-test] type icmp-echo

[Sysname-nqa-admin-test-icmp-echo] next-hop ip 10.1.1.1

no-fragment enable

Use no-fragment enable to enable the no-fragmentation feature.

Use undo no-fragment enable to disable the no-fragmentation feature.

Syntax

no-fragment enable

undo no-fragment enable

Default

The no-fragmentation feature is disabled.

Views

UDP tracert operation view

Predefined user roles

network-admin

mdc-admin

Usage guidelines

This command is available in Release 1138P01 and later versions.

The no-fragmentation feature sets the DF field to 1. Packets with the DF field set cannot be fragmented during the forwarding process.

You can use this command to test the path MTU of a link.

Examples

# Enable the no-fragmentation feature for the UDP tracert operation.

<Sysname> system-view

[Sysname] nqa entry admin test

[Sysname-nqa-admin-test] type udp-tracert

[Sysname-nqa-admin-test-udp-tracert] no-fragment enable

nqa

Use nqa to create an NQA operation and enter its view, or enter the view of an existing NQA operation.

Use undo nqa to remove the operation.

Syntax

nqa entry admin-name operation-tag

undo nqa { all | entry admin-name operation-tag }

Default

No NQA operations exist.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

all: Removes all NQA operations.

Examples

# Create an NQA operation with administrator name admin and operation tag test, and enter NQA operation view.

<Sysname> system-view

[Sysname] nqa entry admin test

[Sysname-nqa-admin-test]

nqa agent enable

Use nqa agent enable to enable the NQA client.

Use undo nqa agent enable to disable the NQA client and stop all operations being performed.

Syntax

nqa agent enable

undo nqa agent enable

Default

The NQA client is enabled.

Views

System view

Predefined user roles

network-admin

mdc-admin

Examples

# Enable the NQA client.

<Sysname> system-view

[Sysname] nqa agent enable

Related commands

nqa server enable

nqa schedule

Use nqa schedule to configure scheduling parameters for an NQA operation.

Use undo nqa schedule to stop the operation.

Syntax

nqa schedule admin-name operation-tag start-time { hh:mm:ss [ yyyy/mm/dd | mm/dd/yyyy ] | now } lifetime { lifetime | forever } [ recurring ]

undo nqa schedule admin-name operation-tag

Default

No schedule is configured for an NQA operation.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

start-time: Specifies the start time and date of the NQA operation.

hh:mm:ss: Specifies the start time of an NQA operation.

yyyy/mm/dd: Specifies the start date of an NQA operation. The default value is the current system time, and the value for the yyyy argument is in the range of 2000 to 2035.

mm/dd/yyyy: Specifies the start date of an NQA operation. The default value is the current system time, and the value for the yyyy argument is in the range of 2000 to 2035.

now: Starts the operation immediately.

lifetime: Specifies the duration of an operation.

lifetime: Specifies the duration of an operation in seconds. The value range is 1 to 2147483647.

forever: Performs the operation until you stop it by using the undo nqa schedule command.

recurring: Runs the operation automatically at the start time and for the specified duration. If you do not specify this keyword, the NQA operation is performed only once at the specified date and time.

Usage guidelines

The NQA operation works between the specified start time and the end time (the start time plus operation duration). If the specified start time is ahead of the system time, the operation starts immediately. If both the specified start and end time are ahead of the system time, the operation does not start. To display the current system time, use the display clock command.

You cannot enter the operation view or operation type view of a scheduled NQA operation.

Specify a lifetime long enough for an operation to complete.

Examples

# Schedule the operation with the administrator name admin and operation tag test to start on 08:08:08 2008/08/08 and last 1000 seconds.

<Sysname> system-view

[Sysname] nqa schedule admin test start-time 08:08:08 2008/08/08 lifetime 1000 recurring

Related commands

· destination ip

· display clock (Fundamentals Command Reference)

· nqa entry

· type

nqa template

Use nqa template to create an NQA template and enter its view, or enter the view of an existing NQA template.

Use undo nqa template to remove an NQA template.

Syntax

nqa template { dns | ftp | http | https | icmp | ssl | tcp | tcphalfopen | udp } name

undo nqa template { dns | ftp | http | https | icmp | ssl | tcp | tcphalfopen | udp } name

Default

No NQA templates exist.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

dns: Specifies the DNS template.

ftp: Specifies the FTP template.

http: Specifies the HTTP template.

https: Specifies the HTTPS template.

icmp: Specifies the ICMP template.

ssl: Specifies the SSL template.

tcp: Specifies the TCP template.

tcphalfopen: Specifies the TCP half open template.

udp: Specifies the UDP template.

name: Specifies the name of the NQA template, a case-insensitive string of 1 to 32 characters.

Examples

# Create an ICMP template named icmptplt, and enter its view.

<Sysname> system-view

[Sysname] nqa template icmp icmptplt

[Sysname-nqatplt-icmp-icmptplt]

operation (FTP operation view)

Use operation to specify the operation type for the FTP operation.

Use undo operation to restore the default.

Syntax

operation { get | put }

undo operation

Default

The FTP operation type is get.

Views

FTP operation view

FTP template view

Predefined user roles

network-admin

mdc-admin

Parameters

get: Gets a file from the FTP server.

put: Transfers a file to the FTP server.

Usage guidelines

When you perform the put operation with the filename command configured, make sure the file exists on the NQA client.

If you get a file from the FTP server, make sure the file specified in the URL exists on the FTP server. The NQA client does not save the file obtained from the FTP server.

Use a small file for the FTP operation. A big file might result in transfer failure because of timeout, or might affect other services for occupying much network bandwidth.

Examples

# Set the operation type to put for the FTP operation.

<Sysname> system-view

[Sysname] nqa entry admin test

[Sysname-nqa-admin-test] type ftp

[Sysname-nqa-admin-test-ftp] operation put

# In FTP template view, set the operation type to put for the FTP operation.

<Sysname> system-view

[Sysname] nqa template ftp ftptplt

[Sysname-nqatplt-ftp-ftptplt] operation put

Related commands

· password

· username

operation (HTTP/HTTPS operation view)

Use operation to specify the operation type for the HTTP or HTTPS operation.

Use undo operation to restore the default.

Syntax

operation { get | post | raw }

undo operation

Default

The HTTP or HTTPS operation type is get.

Views

HTTP operation view

HTTP/HTTPS template view

Predefined user roles

network-admin

mdc-admin

Parameters

get: Gets data from the HTTP or HTTPS server.

post: Transfers data to the HTTP or HTTPS server.

raw: Sends the RAW request to the HTTP or HTTPS server.

Usage guidelines

The HTTP and HTTPS operations use HTTP and HTTPS requests as probe packets.

For the get or post operation, the content in the request is obtained from the URL specified by the url command.

For the raw operation, the content in the request is configured in raw request view. You can use the raw-request command to enter the raw request view.

Examples

# Set the operation type to raw for the HTTP operation.

<Sysname> system-view

[Sysname] nqa entry admin test

[Sysname-nqa-admin-test] type http

[Sysname-nqa-admin-test-http] operation raw

# In HTTP template view, set the operation type to raw for the HTTP operation.

<Sysname> system-view

[Sysname] nqa template http httptplt

[Sysname-nqatplt-http-httptplt] operation raw

Related commands

· password

· raw-request

· username

out interface

Use out interface to specify the output interface for probe packets.

Use undo out interface to restore the default.

Syntax

out interface interface-type interface-number

undo out interface

Default

The output interface for probe packets is not specified. The NQA client determines the output interface based on the routing table lookup.

Views

ICMP echo operation view

DHCP operation view

UDP tracert operation view

Predefined user roles

network-admin

mdc-admin

Parameters

interface-type interface-number: Specifies an interface by its type and number.

Usage guidelines

This command is available in Release 1138P01 and later versions.

For successful operation, the specified output interface must be up.

If both the next-hop and out interface commands are configured for the ICMP echo operation, the out interface command does not take effect.

Examples

# Specify VLAN-interface 1 as the output interface for probe packets in the UDP tracert operation.

<Sysname> system-view

[Sysname] nqa entry admin test

[Sysname-nqa-admin-test] type udp-tracert

[Sysname-nqa-admin-test-udp-tracert] out interface vlan-interface 1

password

Use password to specify a password.

Use undo password to restore the default.

Syntax

password { cipher | simple } string

undo password

Default

No password is specified.

Views

FTP/HTTP operation view

FTP/HTTP/HTTPS template view

Predefined user roles

network-admin

mdc-admin

Parameters

cipher: Specifies a password in encrypted form.

simple: Specifies a password in plaintext form. For security purposes, the password specified in plaintext form will be stored in encrypted form.

string: Specifies the password. The plaintext form of the password is a case-sensitive string of 1 to 32 characters. The encrypted form of the password is a case-sensitive string of 1 to 73 characters.

Examples

# Set the FTP login password to ftpuser.

<Sysname> system-view

[Sysname] nqa entry admin test

[Sysname-nqa-admin-test] type ftp

[Sysname-nqa-admin-test-ftp] password simple ftpuser

# Set the FTP login password to ftpuser in FTP template view.

<Sysname> system-view

[Sysname] nqa template ftp ftptplt

[Sysname-nqatplt-ftp-ftptplt] password simple ftpuser

Related commands

· operation

· username

probe count

Use probe count to specify the probe times.

Use undo probe count to restore the default.

Syntax

probe count times

undo probe count

Default

In an UDP tracert operation, the NQA client sends three probe packets to each hop along the path.

In other types of operations, the NQA client performs one probe to the destination per operation.

Views

ICMP echo/TCP/UDP echo operation view

DHCP/DLSw/DNS/FTP/HTTP/SNMP operation view

UDP tracert operation view

ICMP jitter/UDP jitter operation view

Predefined user roles

network-admin

mdc-admin

Parameters

times: Specifies the probe times.

· For the UDP tracert operation, this argument specifies the times of probes to each hop along the path. The value range for this argument is 1 to 10.

· For other types of operations, this argument specifies the times of probes to the destination per operation. The value range for this argument is 1 to 15.

Usage guidelines

The following describes how NQA performs different types of operations:

· A TCP or DLSw operation sets up a connection.

· An ICMP jitter, UDP jitter, or voice operation sends a number of probe packets. The number of probe packets is set by using the probe packet-number command.

· An FTP operation uploads or downloads a file.

· An HTTP operation gets a Web page.

· A DHCP operation gets an IP address through DHCP.

· A DNS operation translates a domain name to an IP address.

· An ICMP echo sends an ICMP echo request.

· A UDP echo operation sends a UDP packet.

· An SNMP operation sends one SNMPv1 packet, one SNMPv2c packet, and one SNMPv3 packet.

· A path jitter operation is accomplished in the following steps:

a. The operation uses tracert to obtain the path from the NQA client to the destination. A maximum of 64 hops can be detected.

b. The NQA client sends ICMP echo requests to each hop along the path. The number of ICMP echo requests is set by using the probe packet-number command.

· A UDP tracert operation determines the routing path from the source to the destination. The number of probe packets sent to each hop is set by using the probe count command.

If an operation is to perform multiple probes, the NQA client starts a new probe in one of the following conditions:

· The NQA client receives responses to packets sent in the last probe.

· The probe timeout time expires.

This command is not available for the voice or path jitter operations. Each of these operations performs only one probe.

Examples

# Configure the ICMP echo operation to perform 10 probes.

<Sysname> system-view

[Sysname] nqa entry admin test

[Sysname-nqa-admin-test] type icmp-echo

[Sysname-nqa-admin-test-icmp-echo] probe count 10

probe packet-interval

Use probe packet-interval to configure the packet sending interval in the probe.

Use undo probe packet-interval to restore the default.

Syntax

probe packet-interval interval

undo probe packet-interval

Default

The packet sending interval is 20 milliseconds.

Views

ICMP jitter/path jitter/UDP jitter/voice operation view

Predefined user roles

network-admin

mdc-admin

Parameters

interval: Specifies the sending interval in the range of 10 to 60000 milliseconds.

Examples

# Configure the UDP jitter operation to send packets every 100 milliseconds.

<Sysname> system-view

[Sysname] nqa entry admin test

[Sysname-nqa-admin-test] type udp-jitter

[Sysname-nqa-admin-test-udp-jitter] probe packet-interval 100

probe packet-number

Use probe packet-number to set the number of packets to be sent in a UDP jitter, path jitter, or voice probe.

Use undo probe packet-number to restore the default.

Syntax

probe packet-number packet-number

undo probe packet-number

Default

An ICMP jitter, UDP jitter, or path jitter probe sends 10 packets and a voice probe sends 1000 packets.

Views

ICMP jitter/path jitter/UDP jitter/voice operation view

Predefined user roles

network-admin

mdc-admin

Parameters

packet-number: Specifies the number of packets to be sent per probe. Available value ranges include:

· 10 to 1000 for the ICMP jitter, UDP jitter, and path jitter operations.

· 10 to 60000 for the voice operation.

Examples

# Configure the UDP jitter probe to send 100 packets.

<Sysname> system-view

[Sysname] nqa entry admin test

[Sysname-nqa-admin-test] type udp-jitter

[Sysname-nqa-admin-test-udp-jitter] probe packet-number 100

probe packet-timeout

Use probe packet-timeout to set the timeout time for waiting for a response in the UDP jitter, path jitter, or voice operation.

Use undo probe packet-timeout to restore the default.

Syntax

probe packet-timeout timeout

undo probe packet-timeout

Default

The response timeout time in the UDP jitter or path jitter operation is 3000 milliseconds.

The response timeout time in the voice operation is 5000 milliseconds.

Views

ICMP jitter/path jitter/UDP jitter/voice operation view

Predefined user roles

network-admin

mdc-admin

Parameters

timeout: Specifies the timeout time in milliseconds. The value range is 10 to 3600000.

Examples

# Set the response timeout time to 100 milliseconds in the UDP jitter operation.

<Sysname> system-view

[Sysname] nqa entry admin test

[Sysname-nqa-admin-test] type udp-jitter

[Sysname-nqa-admin-test-udp-jitter] probe packet-timeout 100

probe timeout

Use probe timeout to set the probe timeout time.

Use undo probe timeout to restore the default.

Syntax

probe timeout timeout

undo probe timeout

Default

The timeout time of a probe is 3000 milliseconds.

Views

ICMP echo/TCP/UDP echo operation view

DHCP/DLSw/DNS/FTP/HTTP/SNMP operation view

UDP tracert operation view

Any NQA template view

Predefined user roles

network-admin

mdc-admin

Parameters

timeout: Specifies the probe timeout time in milliseconds. Available value ranges include:

· 10 to 86400000 for the FTP or HTTP operation.

· 10 to 3600000 for the DHCP, DNS, DLSw, ICMP echo, SNMP, TCP, UDP echo, or UDP tracert operation.

Usage guidelines

If a probe does not complete within the period, the probe is timed out.

Examples

# Set the probe timeout time to 10000 milliseconds for the DHCP operation.

<Sysname> system-view

[Sysname] nqa entry admin test

[Sysname-nqa-admin-test] type dhcp

[Sysname-nqa-admin-test-dhcp] probe timeout 10000

# In HTTP template view, set the probe timeout time to 10000 milliseconds for the HTTP operation.

<Sysname> system-view

[Sysname] nqa template http httptplt

[Sysname-nqatplt-http-httptplt] probe timeout 10000

raw-request

Use raw-request to enter raw request view and specify the content of an HTTP or HTTPS request.

Use undo raw-request to restore the default.

Syntax

raw-request

undo raw-request

Default

The contents of an HTTP or HTTPS raw request are not specified.

Views

HTTP operation view

HTTP/HTTPS template view

Predefined user roles

network-admin

mdc-admin

Usage guidelines

This command places you in raw request view and deletes the previously configured request content. To ensure successful operations, make sure the request content is in the correct format.

If the HTTP or HTTPS operation type is set to raw, you must enter raw request view and configure the request content to be sent to the HTTP or HTTPS server.

Examples

# Enter raw request view and specify the content of a GET request for the HTTP operation.

<Sysname> system-view

[Sysname] nqa entry admin test

[Sysname-nqa-admin-test] type http

[Sysname-nqa-admin-test-http] raw-request

[Sysname-nqa-admin-test-http-raw-request] GET /sdn/ui/app/index HTTP/1.0\r\nHost: 172.0.0.2\r\n\r\n

# In HTTP template view, enter raw request view and specify the content of a POST request for the HTTP operation.

<Sysname> system-view

[Sysname] nqa template http httptplt

[Sysname-nqatplt-http-httptplt] raw-request

[Sysname-nqatplt-http-httptplt-raw-request] POST /sdn/ui/app/index HTTP/1.0\r\nHost:

172.0.0.2\r\nAuthorization: Basic cm9vdDoxMjM0NTY=\r\n\r\n

reaction checked-element { jitter-ds | jitter-sd }

Use reaction checked-element { jitter-ds | jitter-sd } to configure a reaction entry for monitoring one-way jitter in the NQA operation.

Use undo reaction to delete the specified reaction entry.

Syntax

reaction item-number checked-element { jitter-ds | jitter-sd } threshold-type { accumulate accumulate-occurrences | average } threshold-value upper-threshold lower-threshold [ action-type { none | trap-only } ]

undo reaction item-number

Default

No reaction entries for monitoring one-way jitter exist.

Views

ICMP jitter/UDP jitter/voice operation view

Predefined user roles

network-admin

mdc-admin

Parameters

item-number: Assigns an ID to the reaction entry, in the range of 1 to 10.

jitter-ds: Specifies the destination-to-source jitter of each probe packet as the monitored element (or performance metric).

jitter-sd: Specifies source-to-destination jitter of each probe packet as the monitored element.

threshold-type: Specifies a threshold type.

accumulate accumulate-occurrences: Checks the total number of threshold violations in the operation. The value range is 1 to 14999 for the ICMP jitter and UDP jitter operations, and 1 to 59999 for the voice operation.

average: Checks the average one-way jitter.

threshold-value: Specifies threshold range in milliseconds.

upper-threshold: Specifies the upper limit in the range of 0 to 3600000.

lower-threshold: Specifies the lower limit in the range of 0 to 3600000. It must not be greater than the upper limit.

action-type: Specifies the action to be triggered. The default action is none.

none: Specifies the action of displaying results on the terminal display.

trap-only: Specifies the action of displaying results on the terminal display and meanwhile sending SNMP trap messages to the NMS.

Usage guidelines

You cannot edit a reaction entry after it is created. To change the attributes in a reaction entry, use the undo reaction command to delete the entry, and then configure a new one.

Only successful probe packets are monitored. Statistics about failed probe packets are not collected.

Examples

# Create reaction entry 1 for monitoring the average destination-to-source jitter of UDP jitter packets, and set the upper limit to 50 milliseconds and the lower limit to 5 milliseconds. Before the NQA operation starts, the initial state of the reaction entry is invalid. After the operation, the average destination-to-source jitter is checked against the threshold range. If it exceeds the upper limit, the state of the reaction entry is set to over-threshold. If it is below the lower limit, the state is set to below-threshold. Once the state of the reaction entry changes, a trap message is generated and sent to the NMS.

<Sysname> system-view

[Sysname] nqa entry admin test

[Sysname-nqa-admin-test] type udp-jitter

[Sysname-nqa-admin-test-udp-jitter] reaction 1 checked-element jitter-ds threshold-type average threshold-value 50 5 action-type trap-only

# Create reaction entry 2 for monitoring the destination-to-source jitter of UDP jitter probe packets, and set the upper limit to 50 milliseconds, and the lower limit to 5 milliseconds. Before the NQA operation starts, the initial state of the reaction entry is invalid. After the operation, the destination-to-source jitter is checked against the threshold range. If the total number of threshold violations reaches or exceeds 100, the state of the entry is set to over-threshold. Otherwise, the state of the entry is set to below-threshold. Once the state of the reaction entry changes, a trap message is generated and sent to the NMS.

<Sysname> system-view

[Sysname] nqa entry admin test

[Sysname-nqa-admin-test] type udp-jitter

[Sysname-nqa-admin-test-udp-jitter] reaction 2 checked-element jitter-ds threshold-type accumulate 100 threshold-value 50 5 action-type trap-only

reaction checked-element { owd-ds | owd-sd }

Use reaction checked-element { owd-ds | owd-sd } to configure a reaction entry for monitoring the one-way delay.

Use undo reaction to delete the specified reaction entry.

Syntax

reaction item-number checked-element { owd-ds | owd-sd } threshold-value upper-threshold lower-threshold

undo reaction item-number

Default

No reaction entries for monitoring the one-way delay exist.

Views

ICMP jitter/UDP jitter/voice operation view

Predefined user roles

network-admin

mdc-admin

Parameters

item-number: Assigns an ID to the reaction entry, in the range of 1 to 10.

owd-ds: Specifies the destination-to-source delay of each probe packet as the monitored element.

owd-sd: Specifies the source-to-destination delay of each probe packet as the monitored element.

threshold-value: Specifies threshold range in milliseconds.

upper-threshold: Specifies the upper limit in the range of 0 to 3600000.

lower-threshold: Specifies the lower limit in the range of 0 to 3600000. It must not be greater than the upper limit.

Usage guidelines

You cannot edit a reaction entry after it is created. To change the attributes in a reaction entry, use the undo reaction command to delete the entry, and then configure a new one.

Only successful probe packets are monitored. Statistics about failed probe packets are not collected.

No actions can be configured for a reaction entry of monitoring one-way delays. To display the monitoring results and statistics, use the display nqa reaction counters and display nqa statistics commands.

Examples

# Create reaction entry 1 for monitoring the destination-to-source delay of every UDP jitter packet, and set the upper limit to 50 milliseconds and lower limit to 5 milliseconds. Before the NQA operation starts, the initial state of the reaction entry is invalid. The destination-to-source delay is calculated after the response to the probe packet arrives. If the delay exceeds the upper limit, the state of the reaction entry is set to over-threshold. If it is below the lower limit, the state is set to below-threshold. Once the state of the reaction entry changes, a trap message is generated and sent to the NMS.

<Sysname> system-view

[Sysname] nqa entry admin test

[Sysname-nqa-admin-test] type udp-jitter

[Sysname-nqa-admin-test-udp-jitter] reaction 1 checked-element owd-ds threshold-value 50 5

reaction checked-element icpif

Use reaction checked-element icpif to configure a reaction entry for monitoring the ICPIF value in the voice operation.

Use undo reaction to delete the specified reaction entry.

Syntax

reaction item-number checked-element icpif threshold-value upper-threshold lower-threshold [ action-type { none | trap-only } ]

undo reaction item-number

Default

No reaction entries for monitoring ICPIF values exist.

Views

Voice operation view

Predefined user roles

network-admin

mdc-admin

Parameters

item-number: Assigns an ID to the reaction entry, in the range of 1 to 10.

threshold-value: Specifies threshold range.

upper-threshold: Specifies the upper limit in the range of 1 to 100.

lower-threshold: Specifies the lower limit in the range of 1 to 100. It must not be greater than the upper limit.

action-type: Specifies what action to be triggered. The default action is none.

none: Specifies the action of displaying results on the terminal display.

trap-only: Specifies the action of displaying results on the terminal display and meanwhile sending SNMP trap messages to the NMS.

Usage guidelines

You cannot edit a reaction entry after it is created. To change the attributes in a reaction entry, use the undo reaction command to delete the entry, and then configure a new one.

Examples

# Create reaction entry 1 for monitoring the ICPIF value in the voice operation, and set the upper limit to 50 and lower limit to 5. Before the voice operation starts, the initial state of the reaction entry is invalid. After the operation, the ICPIF value is checked against the threshold range. If it exceeds the upper limit, the state of the reaction entry is set to over-threshold. If it is below the lower limit, the state is set to below-threshold. Once the state of the reaction entry changes, a trap message is generated and sent to the NMS.

<Sysname> system-view

[Sysname] nqa entry admin test

[Sysname-nqa-admin-test] type voice

[Sysname-nqa-admin-test-voice] reaction 1 checked-element icpif threshold-value 50 5 action-type trap-only

reaction checked-element mos

Use reaction checked-element mos to configure a reaction entry for monitoring the MOS value in the voice operation.

Use undo reaction to delete the specified reaction entry.

Syntax

reaction item-number checked-element mos threshold-value upper-threshold lower-threshold [ action-type { none | trap-only } ]

undo reaction item-number

Default

No reaction entries for monitoring the MOS value exist.

Views

Voice operation view

Predefined user roles

network-admin

mdc-admin

Parameters

item-number: Assigns an ID to the reaction entry, in the range of 1 to 10.

threshold-value: Specifies threshold range.

upper-threshold: Specifies the upper limit in the range of 1 to 500.

lower-threshold: Specifies the lower limit in the range of 1 to 500. It must not be greater than the upper limit.

action-type: Specifies what action to be triggered. The default action is none.

none: Specifies the action of displaying results on the terminal display.

trap-only: Specifies the action of displaying results on the terminal display and meanwhile sending SNMP trap messages to the NMS.

Usage guidelines

You cannot edit a reaction entry after it is created. To change the attributes in a reaction entry, use the undo reaction command to delete the entry, and then configure a new one.

For the MOS threshold, the number is expressed in three digits representing ones, tenths, and hundredths. For example, to express a MOS threshold of 1, enter 100.

Examples

# Create reaction entry 1 for monitoring the MOS value of the voice operation, and set the upper limit to 2 and lower limit to 1. Before the NQA operation starts, the initial state of the reaction entry is invalid. After the operation, the MOS value is checked against the threshold range. If it exceeds the upper limit, the state of the reaction entry is set to over-threshold. If it is below the lower limit, the state is set to below-threshold. Once the state of the reaction entry changes, a trap message is generated and sent to the NMS.

<Sysname> system-view

[Sysname] nqa entry admin test

[Sysname-nqa-admin-test] type voice

[Sysname-nqa-admin-test-voice] reaction 1 checked-element mos threshold-value 200 100 action-type trap-only

reaction checked-element packet-loss

Use reaction checked-element packet-loss to configure a reaction entry for monitoring packet loss in UDP jitter or voice operation.

Use undo reaction to delete the specified reaction entry.

Syntax

reaction item-number checked-element packet-loss threshold-type accumulate accumulate-occurrences [ action-type { none | trap-only } ]

undo reaction item-number

Default

No reaction entries for monitoring packet loss exist.

Views

ICMP jitter/UDP jitter/voice operation view

Predefined user roles

network-admin

mdc-admin

Parameters

item-number: Assigns an ID to the reaction entry, in the range of 1 to 10.

threshold-type: Specifies a threshold type.

accumulate accumulate-occurrences: Specifies the total number of lost packets in the operation. The value range is 1 to 15000 for the ICMP jitter and UDP jitter operations and 1 to 60000 for the voice operation.

action-type: Specifies what action to be triggered. The default action is none.

none: Specifies the action of displaying results on the terminal display.

trap-only: Specifies the action of displaying results on the terminal display and meanwhile sending SNMP trap messages to the NMS.

Usage guidelines

You cannot edit a reaction entry after it is created. To change the attributes in a reaction entry, use the undo reaction command to delete the entry, and then configure a new one.

Examples

# Create reaction entry 1 for monitoring packet loss in the UDP jitter operation. Before the NQA operation starts, the initial state of the reaction entry is invalid. After the operation, the total number of the lost packets is checked against the threshold. If the number reaches or exceeds 100, the state of the reaction entry is set to over-threshold. Otherwise, the state is set to below-threshold. Once the state of the reaction entry changes, a trap message is generated and sent to the NMS.

<Sysname> system-view

[Sysname] nqa entry admin test

[Sysname-nqa-admin-test] type udp-jitter

[Sysname-nqa-admin-test-udp-jitter] reaction 1 checked-element packet-loss threshold-type accumulate 100 action-type trap-only

reaction checked-element probe-duration

Use reaction checked-element probe-duration to configure a reaction entry for monitoring the probe duration.

Use undo reaction to delete the specified reaction entry.

Syntax

reaction item-number checked-element probe-duration threshold-type { accumulate accumulate-occurrences | average | consecutive consecutive-occurrences } threshold-value upper-threshold lower-threshold [ action-type { none | trap-only } ]

undo reaction item-number

Default

No reaction entries for monitoring the probe duration exist.

Views

ICMP echo/TCP/UDP echo operation view

DHCP/DLSw/DNS/FTP/HTTP/SNMP operation view

Predefined user roles

network-admin

mdc-admin

Parameters

item-number: Assigns an ID to the reaction entry, in the range of 1 to 10.

threshold-type: Specifies a threshold type.

accumulate accumulate-occurrences: Checks the total number of threshold violations. The value range is 1 to 15.

average: Checks the average probe duration.

consecutive consecutive-occurrences: Specifies the number of consecutive threshold violations after the NQA operation starts. The value range is 1 to 16.

threshold-value: Specifies threshold range in milliseconds.

upper-threshold: Specifies the upper limit in the range of 0 to 3600000.

lower-threshold: Specifies the lower limit in the range of 0 to 3600000. It must not be greater than the upper threshold.

action-type: Specifies what action to be triggered. The default action is none.

none: Specifies the action of displaying results on the terminal display.

trap-only: Specifies the action of displaying results on the terminal display and meanwhile sending SNMP trap messages to the NMS. This keyword is not available for the DNS operation.

Usage guidelines

You cannot edit a reaction entry after it is created. To change the attributes in a reaction entry, use the undo reaction command to delete the entry, and then configure a new one.

Only successful probe packets are monitored. Statistics about failed probe packets are not collected.

Examples

# Create reaction entry 1 for monitoring the average probe duration of ICMP echo operation, and set the upper limit to 50 milliseconds and lower limit to 5 milliseconds. Before the NQA operation starts, the initial state of the reaction entry is invalid. After the operation, the average probe duration is checked. If it exceeds the upper limit, the state is set to over-threshold. If it is below the lower limit, the state of the reaction entry is set to below-threshold. Once the state of the reaction entry changes, a trap message is generated and sent to the NMS.

<Sysname> system-view

[Sysname] nqa entry admin test

[Sysname-nqa-admin-test] type icmp-echo

[Sysname-nqa-admin-test-icmp-echo] reaction 1 checked-element probe-duration threshold-type average threshold-value 50 5 action-type trap-only

# Create reaction entry 2 for monitoring the probe duration of ICMP echo operation, and set the upper limit to 50 milliseconds and the lower limit to 5 milliseconds. Before the NQA operation starts, the initial state of the reaction entry is invalid. After the operation, the accumulated probe duration is checked against the threshold range. If the total number of threshold violations reaches or exceeds 10, the state of the entry is set to over-threshold. If it is below the lower threshold, the state of the entry is set to below-threshold. Once the state of the reaction entry changes, a trap message is generated and sent to the NMS.

<Sysname> system-view

[Sysname] nqa entry admin test

[Sysname-nqa-admin-test] type icmp-echo

[Sysname-nqa-admin-test-icmp-echo] reaction 2 checked-element probe-duration threshold-type accumulate 10 threshold-value 50 5 action-type trap-only

# Create reaction entry 3 for monitoring the probe duration time of ICMP echo operation, and set the upper limit to 50 milliseconds and the lower limit to 5 milliseconds. Before the NQA operation starts, the initial state of the reaction entry is invalid. After the operation, the consecutive probe duration is checked against the threshold range. If the total number of consecutive threshold violations reaches or exceeds 10, the state of the entry is set to over-threshold. If it is below the lower threshold, the state of the entry is set to below-threshold. Once the state of the reaction entry changes, a trap message is generated and sent to the NMS.

<Sysname> system-view

[Sysname] nqa entry admin test

[Sysname-nqa-admin-test] type icmp-echo

[Sysname-nqa-admin-test-icmp-echo] reaction 3 checked-element probe-duration threshold-type consecutive 10 threshold-value 50 5 action-type trap-only

reaction checked-element probe-fail (for trap)

Use reaction checked-element probe-fail to configure a reaction entry for monitoring the probe failures of the operation.

Use undo reaction to delete the specified reaction entry.

Syntax

reaction item-number checked-element probe-fail threshold-type { accumulate accumulate-occurrences | consecutive consecutive-occurrences } [ action-type { none | trap-only } ]

undo reaction item-number

Default

No reaction entries for monitoring probe failures exist.

Views

ICMP echo/TCP/UDP echo operation view

DHCP/DLSw/DNS/FTP/HTTP/SNMP operation view

Predefined user roles

network-admin

mdc-admin

Parameters

item-number: Assigns an ID to the reaction entry, in the range of 1 to 10.

threshold-type: Specifies a threshold type.

accumulate accumulate-occurrences: Checks the total number of probe failures. The value range is 1 to 15.

consecutive consecutive-occurrences: Checks the maximum number of consecutive probe failures. The value range is 1 to 16.

action-type: Specifies what action to be triggered. The default action is none.

none: Specifies the action of displaying results on the terminal display.

trap-only: Specifies the action of displaying results on the terminal display and meanwhile sending SNMP trap messages to the NMS. This keyword is not available for the DNS operation.

Usage guidelines

You cannot edit a reaction entry after it is created. To change the attributes in a reaction entry, use the undo reaction command to delete the entry, and then configure a new one.

Examples

# Create reaction entry 1 for monitoring the probe failures in ICMP echo operation. Before the NQA operation starts, the initial state of the reaction entry is invalid. If the total number of probe failures reaches or exceeds 10, the state of the entry is set to over-threshold. If it is below the threshold, the state of the entry is set to below-threshold. Once the state of the reaction entry changes, a trap message is generated and sent to the NMS.

<Sysname> system-view

[Sysname] nqa entry admin test

[Sysname-nqa-admin-test] type icmp-echo

[Sysname-nqa-admin-test-icmp-echo] reaction 1 checked-element probe-fail threshold-type accumulate 10 action-type trap-only

# Create reaction entry 2 for monitoring the probe failures in ICMP echo operation. Before the NQA operation starts, the initial state of the reaction entry is invalid. If the number of consecutive probe failures reaches or exceeds 10, the state of the entry is set to over-threshold. If it is below the threshold, the state of the entry is set to below-threshold. Once the state of the reaction entry changes, a trap message is generated and sent to the NMS.

<Sysname> system-view

[Sysname] nqa entry admin test

[Sysname-nqa-admin-test] type icmp-echo

[Sysname-nqa-admin-test-icmp-echo] reaction 2 checked-element probe-fail threshold-type consecutive 10 action-type trap-only

reaction checked-element probe-fail (for trigger)

Use reaction checked-element probe-fail to configure a reaction entry for monitoring probe failures.

Use undo reaction to remove the specified reaction entry.

Syntax

reaction item-number checked-element probe-fail threshold-type consecutive consecutive-occurrences action-type trigger-only

undo reaction item-number

Default

No reaction entries for monitoring probe failures exist.

Views

ICMP echo/TCP/UDP echo operation view

DHCP/DLSw/DNS/FTP/HTTP/SNMP operation view

Predefined user roles

network-admin

mdc-admin

Parameters

item-number: Assigns an ID to the reaction entry, in the range of 1 to 10.

threshold-type: Specifies a threshold type.

consecutive consecutive-occurrences: Checks the maximum number of consecutive probe failures, in the range of 1 to 16.

action-type: Specifies what action to be triggered.

trigger-only: Triggers other modules to react to certain conditions.

Usage guidelines

You cannot edit a reaction entry after it is created. To change the attributes in a reaction entry, use the undo reaction command to delete the entry, and then configure a new one.

Examples

# Create reaction entry 1. If the number of consecutive probe failures reaches 3, collaboration is triggered.

<Sysname> system-view

[Sysname] nqa entry admin test

[Sysname-nqa-admin-test] type tcp

[Sysname-nqa-admin-test-tcp] reaction 1 checked-element probe-fail threshold-type consecutive 3 action-type trigger-only

Related commands

track (High Availability Command Reference)

reaction checked-element rtt

Use reaction checked-element rtt to configure a reaction entry for monitoring packet round-trip time.

Use undo reaction to delete the specified reaction entry.

Syntax

reaction item-number checked-element rtt threshold-type { accumulate accumulate-occurrences | average } threshold-value upper-threshold lower-threshold [ action-type { none | trap-only } ]

undo reaction item-number

Default

No reaction entries for monitoring packet round-trip time exist.

Views

ICMP jitter/UDP jitter/voice operation view

Predefined user roles

network-admin

mdc-admin

Parameters

item-number: Assigns an ID to the reaction entry, in the range of 1 to 10.

threshold-type: Specifies a threshold type.

accumulate accumulate-occurrences: Checks the total number of threshold violations. Available value ranges include:

· 1 to 15000 for the ICMP jitter and UDP jitter operations.

· 1 to 60000 for the voice operation.

average: Checks the packet average round-trip time.

threshold-value: Specifies threshold range in milliseconds.

upper-threshold: Specifies the upper limit in the range of 0 to 3600000.

lower-threshold: Specifies the lower limit in the range of 0 to 3600000. It must not be greater than the upper limit.

action-type: Specifies what action to be triggered. The default action is none.

none: Specifies the action of displaying results on the terminal display.

trap-only: Specifies the action of displaying results on the terminal display and meanwhile sending SNMP trap messages to the NMS.

Usage guidelines

You cannot edit a reaction entry after it is created. To change the attributes in a reaction entry, use the undo reaction command to delete the entry, and then configure a new one.

Only successful probe packets are monitored. Statistics about failed probe packets are not collected.

Examples

# Create reaction entry 1 for monitoring the average round-trip time of UDP jitter probe packets, and set the upper limit to 50 milliseconds and lower limit to 5 milliseconds. Before the NQA operation starts, the initial state of the reaction entry is invalid. After the operation, the average packet round-trip time is checked. If it exceeds the upper limit, the state is set to over-threshold. If it is below the lower limit, the state is set to below-threshold. Once the reaction entry state changes, a trap message is generated and sent to the NMS.

<Sysname> system-view

[Sysname] nqa entry admin test

[Sysname-nqa-admin-test] type udp-jitter

[Sysname-nqa-admin-test-udp-jitter] reaction 1 checked-element rtt threshold-type average threshold-value 50 5 action-type trap-only

# Create reaction entry 2 for monitoring the round-trip time of UDP jitter probe packets, and set the upper limit to 50 milliseconds and lower limit to 5 milliseconds. Before the NQA operation starts, the initial state of the reaction entry is invalid. After the operation, the packet round-trip time is checked. If the total number of threshold violations reaches or exceeds 100, the state of the entry is set to over-threshold. Otherwise, the state of the entry is set to below-threshold. Once the state of the reaction entry changes, a trap message is generated and sent to the NMS.

<Sysname> system-view

[Sysname] nqa entry admin test

[Sysname-nqa-admin-test] type udp-jitter

[Sysname-nqa-admin-test-udp-jitter] reaction 1 checked-element rtt threshold-type accumulate 100 threshold-value 50 5 action-type trap-only

reaction trap

Use reaction trap to configure the sending of traps to the NMS under specific conditions.

Use undo reaction trap to restore the default.

Syntax

reaction trap { path-change | probe-failure consecutive-probe-failures | test-complete | test-failure [ accumulate-probe-failures ] }

undo reaction trap { path-change | probe-failure | test-complete | test-failure }

Default

No traps are sent to the NMS.

Views

ICMP echo/TCP/UDP echo operation view

DHCP/DLSw/DNS/FTP/HTTP/SNMP operation view

UDP tracert operation view

ICMP jitter/UDP jitter/voice operation view

Predefined user roles

network-admin

mdc-admin

Parameters

path-change: Sends a trap when the UDP tracert operation detects a different path to the destination.

probe-failure consecutive-probe-failures: Sends a trap to the NMS if the number of consecutive probe failures in an operation is greater than or equal to consecutive-probe-failures. The value range for the consecutive-probe-failures argument is 1 to 15. The system counts the number of consecutive probe failures for each operation, so multiple traps might be sent.

test-complete: Sends a trap to indicate that the operation is completed.

test-failure: Sends a trap when an operation fails. For operations other than UDP tracert operation, the system counts the total number of probe failures in an operation. If the number reaches or exceeds the value for the accumulate-probe-failures argument, a trap is sent for the operation failure.

accumulate-probe-failures: Specifies the total number of probe failures in an operation. The value range is 1 to 15. This argument is not supported by the UDP tracert operation.

Usage guidelines

The ICMP jitter, UDP jitter, and voice operations support only the test-complete keyword.

The following parameters are not available for the UDP tracert operation:

· The probe-failure consecutive-probe-failures option.

· The accumulate-probe-failures argument.

Examples

# Configure the system to send a trap if five or more consecutive probe failures occur in an ICMP echo operation.

<Sysname> system-view

[Sysname] nqa entry admin test

[Sysname-nqa-admin-test] type icmp-echo

[Sysname-nqa-admin-test-icmp-echo] reaction trap probe-failure 5

reaction trigger per-probe

Use reaction trigger per-probe to configure the probe result sending on a per-probe basis.

Use undo reaction trigger per-probe to restore the default.

Syntax

reaction trigger per-probe

undo reaction trigger per-probe

Default

The probe result is sent to the feature that uses the template after three consecutive failed or successful probes.

Views

ICMP/TCP half open template view

Predefined user roles

network-admin

mdc-admin

Usage guidelines

This command is available in Release 1138P01 and later versions.

The feature enables the NQA client to send the probe result to the feature that uses the NQA template every time a probe is completed.

If you execute this command and the reaction trigger probe-fail command multiple times, the most recent configuration takes effect.

If you execute this command and the reaction trigger probe-pass command multiple times, the most recent configuration takes effect.

Examples

# In ICMP template view, configure the probe result sending on a per-probe basis.

<Sysname> system-view

[Sysname] nqa template icmp icmptplt

[Sysname-nqatplt-icmp-icmptplt] reaction trigger per-probe

Related commands

· reaction trigger probe-fail

· reaction trigger probe-pass

reaction trigger probe-fail

Use reaction trigger probe-fail to set the number of consecutive probe failures to determine an operation failure.

Use undo reaction trigger probe-fail to restore the default.

Syntax

reaction trigger probe-fail count

undo reaction trigger probe-fail

Default

The NQA client notifies the feature of the operation failure when the number of consecutive probe failures reaches 3.

Views

Any NQA template view

Predefined user roles

network-admin

mdc-admin

Parameters

count: Specifies the number of consecutive probe failures, in the range of 1 to 15.

Usage guidelines

If the number of consecutive probe failures is reached, the NQA client notifies the feature that uses the NQA template of the operation failure.

If you execute this command and the reaction trigger per-probe command multiple times, the most recent configuration takes effect.

Examples

# In HTTP template view, configure the NQA client to notify the feature of the operation failure when the number of consecutive probe failures reaches 5.

<Sysname> system-view

[Sysname] nqa template http httptplt

[Sysname-nqatplt-http-httptplt] reaction trigger probe-fail 5

Related commands

· reaction trigger per-probe

· reaction trigger probe-pass

reaction trigger probe-pass

Use reaction trigger probe-pass to set the number of consecutive successful probes to determine a successful operation event.

Use undo reaction trigger probe-pass to restore the default.

Syntax

reaction trigger probe-pass count

undo reaction trigger probe-pass

Default

The NQA client notifies the feature of the successful operation event if the number of consecutive successful probes reaches 3.

Views

Any NQA template view

Predefined user roles

network-admin

mdc-admin

Parameters

count: Specifies the number of consecutive successful probes, in the range of 1 to 15.

Usage guidelines

If number of consecutive successful probes is reached, the NQA client notifies the feature that uses the template of the successful operation event.

If you execute this command and the reaction trigger per-probe command multiple times, the most configuration takes effect.

Examples

# In HTTP template view, configure the NQA client to notify the feature of the successful operation event if the number of consecutive successful probes reaches 5.

<Sysname> system-view

[Sysname] nqa template http httptplt

[Sysname-nqatplt-http-httptplt] reaction trigger probe-pass 5

Related commands

· reaction trigger per-probe

· reaction trigger probe-fail

resolve-target

Use resolve-target to specify the domain name to be resolved in the DNS operation.

Use undo resolve-target to restore the default.

Syntax

resolve-target domain-name

undo resolve-target

Default

The domain name to be resolved in the DNS operation is not specified.

Views

DNS operation view

DNS template view

Predefined user roles

network-admin

mdc-admin

Parameters

domain-name: Specifies the domain name to be resolved. It is a dot-separated case-sensitive string of 1 to 255 characters including letters, digits, hyphens (-), and underscores (_) (for example, aabbcc.com). Each part consists of 1 to 63 characters, and consecutive dots (.) are not allowed.

Examples

# Specify domain1 as the domain name to be resolved.

<Sysname> system-view

[Sysname] nqa entry admin test

[Sysname-nqa-admin-test] type dns

[Sysname-nqa-admin-test-dns] resolve-target domain1

# In DNS template view, specify domain1 as the domain name to be resolved.

<Sysname> system-view

[Sysname] nqa template dns dnstplt

[Sysname-nqatplt-dns-dnstplt] resolve-target domain1

resolve-type

Use resolve-type to configure the domain name resolution type.

Use undo resolve-type to restore the default.

Syntax

resolve-type A

undo resolve-type

Default

The domain name resolution type is type A.

Views

DNS template view

Predefined user roles

network-admin

mdc-admin

Parameters

A: Specifies the type A queries. A type A query resolves a domain name to a mapped IP address.

Examples

# In DNS template view, set the domain name resolution type to A.

<Sysname> system-view

[Sysname] nqa template dns dnstplt

[Sysname-nqatplt-dns-dnstplt] resolve-type A

route-option bypass-route

Use route-option bypass-route to enable the routing table bypass feature to test the connectivity to the direct destination.

Use undo route-option bypass-route to disable the routing table bypass feature.

Syntax

route-option bypass-route

undo route-option bypass-route

Default

The routing table bypass feature is disabled.

Views

ICMP echo/TCP/UDP echo operation view

DLSw/DNS/FTP/HTTP/SNMP operation view

UDP tracert operation view

ICMP jitter/UDP jitter/voice operation view

Predefined user roles

network-admin

mdc-admin

Usage guidelines

When the routing table bypass feature is enabled, the following events occur:

· The routing table is not searched. Packets are sent to the destination in a directly connected network.

· The TTL value in the probe packet is set to 1. The TTL set in the ttl command does not take effect.

Examples

# Enable the routing table bypass feature.

<Sysname> system-view

[Sysname] nqa entry admin test

[Sysname-nqa-admin-test] type icmp-echo

[Sysname-nqa-admin-test-icmp-echo] route-option bypass-route

source interface

Use source interface to specify the IP address of the specified interface as the source IP address of probe packets.

Use undo source interface to restore the default.

Syntax

source interface interface-type interface-number

undo source interface

Default

The probe packets take the primary IP address of the outgoing interface as their source IP address.

Views

ICMP echo operation view

UDP tracert operation view

ICMP template view

Predefined user roles

network-admin

mdc-admin

Parameters

interface-type interface-number: Specifies an interface by its type and number.

Usage guidelines

The specified interface must be up. If the interface is down, no probe requests can be sent out.

If you execute this command and the source ip command multiple times, the most recent configuration takes effect.

Examples

# Specify the IP address of the interface VLAN-interface 1 as the source IP address of ICMP echo request packets.

<Sysname> system-view

[Sysname] nqa entry admin test

[Sysname-nqa-admin-test] type icmp-echo

[Sysname-nqa-admin-test-icmp-echo] source interface vlan-interface 1

# In ICMP template view, specify the IP address of the interface VLAN-interface 1 as the source IP address of ICMP echo request packets.

<Sysname> system-view

[Sysname] nqa template icmp icmptplt

[Sysname-nqatplt-icmp-icmptplt] source interface vlan-interface 1

Related commands

source ip

Use source ip to configure the source IP address for probe packets.

Use undo source ip to restore the default.

Syntax

source ip ip-address

undo source ip

Default

The probe packets takes the primary IP address of their output interface as the source IP address.

Views

ICMP echo/TCP/UDP echo operation view

DHCP/DLSw/FTP/HTTP/SNMP operation view

UDP tracert operation view

ICMP jitter/path jitter/UDP jitter/voice operation view

Any NQA template view

Predefined user roles

network-admin

mdc-admin

Parameters

ip-address: Specifies the source IP address for probe packets.

Usage guidelines

The specified source IP address must be the IP address of a local interface, and the local interface must be up. Otherwise, no probe packets can be sent out.

If you execute the source interface and source ip commands multiple times for an ICMP echo operation, UDP tracert operation, or ICMP template, the most recent configuration takes effect.

Examples

# Specify 10.1.1.1 as the source IP address for ICMP echo requests.

<Sysname> system-view

[Sysname] nqa entry admin test

[Sysname-nqa-admin-test] type icmp-echo

[Sysname-nqa-admin-test-icmp-echo] source ip 10.1.1.1

# In ICMP template view, specify 10.1.1.1 as the source IP address for ICMP echo requests.

<Sysname> system-view

[Sysname] nqa template icmp icmptplt

[Sysname-nqatplt-icmp-icmptplt] source ip 10.1.1.1

Related commands

source interface

source port

Use source port to configure the source port number for probe packets.

Use undo source port to restore the default.

Syntax

source port port-number

undo source port

Default

The source port number is not specified.

Views

UDP echo operation view

SNMP operation view

UDP tracert operation view

UDP jitter/voice operation view

DNS template view

Predefined user roles

network-admin

mdc-admin

Parameters

port-number: Specifies the source port number in the range of 1 to 65535.

Examples

# Set the source port number to 8000 for probe packets in the UDP echo operation.

<Sysname> system-view

[Sysname] nqa entry admin test

[Sysname-nqa-admin-test] type udp-echo

[Sysname-nqa-admin-test-udp-echo] source port 8000

# In DNS template view, set the source port number to 8000 for probe packets in the DNS operation.

<Sysname> system-view

[Sysname] nqa template dns dnstplt

[Sysname-nqatplt-dns-dnstplt] source port 8000

ssl-client-policy

Use ssl-client-policy to specify an SSL client policy for an HTTPS or SSL template.

Use undo ssl-client-policy to restore the default.

Syntax

ssl-client-policy policy-name

undo ssl-client-policy

Default

No SSL client policy is specified for an HTTPS or SSL template.

Views

HTTPS/SSL template view

Predefined user roles

network-admin

mdc-admin

Parameters

policy-name: Specifies an SSL client policy by its name, a case-insensitive string of 1 to 31 characters.

Usage guidelines

This command is available in Release 1138P01 and later versions.

In the HTTPS or SSL operation, the NQA client uses the specified SSL client policy to establish an SSL connection to the server.

Examples

# Specify the SSL client policy named policy for the SSL template ssltplt.

<Sysname> system-view

[Sysname] nqa template ssl ssltplt

[Sysname-nqatplt-ssl-ssltplt] ssl-client-policy policy

statistics hold-time

Use statistics hold-time to set the hold time of statistics groups for an NQA operation.

Use undo statistics hold-time to restore the default.

Syntax

statistics hold-time hold-time

undo statistics hold-time

Default

The hold time of statistics groups for an NQA operation is 120 minutes.

Views

ICMP echo/TCP/UDP echo operation view

DHCP/DLSw/DNS/FTP/HTTP/SNMP operation view

ICMP jitter/path jitter/UDP jitter/voice operation view

Predefined user roles

network-admin

mdc-admin

Parameters

hold-time: Specifies the hold time in minutes, in the range of 1 to 1440.

Usage guidelines

A statistics group is deleted when its hold time expires.

Examples

# Set the hold time to 3 minutes for statistics groups of the ICMP echo operation.

<Sysname> system-view

[Sysname] nqa entry admin test

[Sysname-nqa-admin-test] type icmp-echo

[Sysname-nqa-admin-test-icmp-echo] statistics hold-time 3

statistics interval

Use statistics interval to set the statistics collection interval for an NQA operation.

Use undo statistics interval to restore the default.

Syntax

statistics interval interval

undo statistics interval

Default

The statistics collection interval is 60 minutes.

Views

ICMP echo/TCP/UDP echo operation view

DHCP/DLSw/DNS/FTP/HTTP/SNMP operation view

ICMP jitter/path jitter/UDP jitter/voice operation view

Predefined user roles

network-admin

mdc-admin

Parameters

interval: Specifies the interval in minutes, in the range of 1 to 35791394.

Usage guidelines

NQA forms statistics within the same collection interval as a statistics group. To display information about the statistics groups, use the display nqa statistics command.

Examples

# Configure NQA to collect the ICMP echo operation statistics every 2 minutes.

<Sysname> system-view

[Sysname] nqa entry admin test

[Sysname-nqa-admin-test] type icmp-echo

[Sysname-nqa-admin-test-icmp-echo] statistics interval 2

statistics max-group

Use statistics max-group to set the maximum number of statistics groups that can be saved.

Use undo statistics max-group to restore the default.

Syntax

statistics max-group number

undo statistics max-group

Default

A maximum of two statistics groups can be saved.

Views

ICMP echo/TCP/UDP echo operation view

DHCP/DLSw/DNS/FTP/HTTP/SNMP operation view

ICMP jitter/path jitter/UDP jitter/voice operation view

Predefined user roles

network-admin

mdc-admin

Parameters

number: Specifies the maximum number of statistics groups, in the range of 0 to 100. To disable statistics collection, set the value to 0.

Usage guidelines

When the maximum number of statistics groups is reached and a new statistics group is to be saved, the earliest statistics group is deleted.

Examples

# Configure NQA to save a maximum of five statistics groups for the ICMP echo operation.

<Sysname> system-view

[Sysname] nqa entry admin test

[Sysname-nqa-admin-test] type icmp-echo

[Sysname-nqa-admin-test-icmp-echo] statistics max-group 5

target-only

Use target-only to perform the path jitter operation only on the destination address.

Use undo target-only to restore the default.

Syntax

target-only

undo target-only

Default

NQA performs the path jitter operation to the destination hop by hop.

Views

Path jitter operation view

Predefined user roles

network-admin

mdc-admin

Examples

# Perform the path jitter operation only on the destination address.

<Sysname> system-view

[Sysname] nqa entry admin test

[Sysname-nqa-admin-test] type path-jitter

[Sysname-nqa-admin-test-path-jitter] target-only

tos

Use tos to set the ToS value in the IP header for probe packets.

Use undo tos to restore the default.

Syntax

tos value

undo tos

Default

The ToS value in the IP header of probe packets is 0.

Views

Any operation view

Any NQA template view

Predefined user roles

network-admin

mdc-admin

Parameters

value: Specifies the ToS value in the range of 0 to 255.

Examples

# In ICMP echo operation view, set the ToS value to 1 in the IP header for probe packets.

<Sysname> system-view

[Sysname] nqa entry admin test

[Sysname-nqa-admin-test] type icmp-echo

[Sysname-nqa-admin-test-icmp-echo] tos 1

# In ICMP template view, set the ToS value to 1 in the IP header for probe packets.

<Sysname> system-view

[Sysname] nqa template icmp icmptplt

[Sysname-nqatplt-icmp-icmptplt] tos 1

ttl

Use ttl to set the maximum number of hops that the probe packets can traverse.

Use undo ttl to restore the default.

Syntax

ttl value

undo ttl

Default

The maximum number of hops is 30 for probe packets of the UDP tracert operation, and is 20 for probe packets of other types of operations.

Views

ICMP echo/TCP/UDP echo operation view

DLSw/DNS/FTP/HTTP/SNMP operation view

UDP tracert operation view

ICMP jitter/UDP jitter/voice operation view

Any NQA template view

Predefined user roles

network-admin

mdc-admin

Parameters

value: Specifies the maximum number of hops that the probe packets can traverse, in the range of 1 to 255.

Usage guidelines

The route-option bypass-route command sets the TTL to 1 for probe packets. If you configure both the route-option bypass-route and ttl commands for an operation, the ttl command does not take effect.

For a successful UDP tracert operation, make sure the maximum number of hops is not smaller than the value set in the init-ttl command.

Examples

# Set the maximum number of hops to 16 for probe packets in the ICMP echo operation.

<Sysname> system-view

[Sysname] nqa entry admin test

[Sysname-nqa-admin-test] type icmp-echo

[Sysname-nqa-admin-test-icmp-echo] ttl 16

# In ICMP template view, set the maximum number of hops to 16 for probe packets.

<Sysname> system-view

[Sysname] nqa template icmp icmptplt

[Sysname-nqatplt-icmp-icmptplt] ttl 16

type

Use type to specify an NQA operation type and enter its view.

Syntax

type { dhcp | dlsw | dns | ftp | http | icmp-echo | icmp-jitter | path-jitter | snmp | tcp | udp-echo | udp-jitter | udp-tracert | voice }

Default

No operation type is specified.

Views

NQA operation view

Predefined user roles

network-admin

mdc-admin

Parameters

dhcp: Specifies the DHCP operation type.

dlsw: Specifies the DLSw operation type.

dns: Specifies the DNS operation type.

ftp: Specifies the FTP operation type.

http: Specifies the HTTP operation type.

icmp-echo: Specifies the ICMP echo operation type.

icmp-jitter: Specifies the ICMP jitter operation type.

path-jitter: Specifies the path jitter operation type.

snmp: Specifies the SNMP operation type.

tcp: Specifies the TCP operation type.

udp-echo: Specifies the UDP echo operation type.

udp-jitter: Specifies the UDP jitter operation type.

udp-tracert: Specifies the UDP tracert operation type.

voice: Specifies the voice operation type.

Examples

# Specify FTP as the NQA operation type and enter FTP operation view.

<Sysname> system-view

[Sysname] nqa entry admin test

[Sysname-nqa-admin-test] type ftp

[Sysname-nqa-admin-test-ftp]

url

Use url to specify the URL of the destination.

Use undo url to restore the default.

Syntax

url url

undo url

Default

The destination URL is not specified.

Views

FTP/HTTP operation view

FTP/HTTP/HTTPS template view

Predefined user roles

network-admin

mdc-admin

Parameters

url: Specifies the URL of the destination server, a case-sensitive string of 1 to 255 characters. The following table describes the URL format and parameters for different operations.

Operation	URL format	Parameter description
HTTP operation	http://host/resource http://host:port/resource	The host parameter represents the host name of the destination server. The host name is a dot-separated case-sensitive string including letters, digits, hyphens (-), and underscores (_). Host names are composed of series of labels, aabbcc.com for example. Each label consists of 1 to 63 characters. Consecutive dots (.) and question marks are not allowed. For description about the filename parameter, see Fundamentals Configuration Guide.
HTTPS operation	https://host/resource https://host:port/resource
FTP operation	ftp://host/filename ftp://host:port/filename

Examples

# Configure the URL that the HTTP operation visits as http://www.company.com/index.htm.

<Sysname> system-view

[Sysname] nqa entry admin test

[Sysname-nqa-admin-test] type http

[Sysname-nqa-admin-test-http] url http://www.company.com/index.html

# In HTTP template view, configure the URL that the HTTP operation visits as http://www.company.com/index.htm.

<Sysname> system-view

[Sysname] nqa template http httptplt

[Sysname-nqatplt-http-httptplt] url http://www.company.com/index.html

username

Use username to specify a username.

Use undo username to restore the default.

Syntax

username username

undo username

Default

No username is configured.

Views

FTP/HTTP operation view

FTP/HTTP/HTTPS template view

Predefined user roles

network-admin

mdc-admin

Parameters

username: Specifies the username, a case sensitive string of 1 to 32 characters.

Examples

# Set the FTP login username to administrator.

<Sysname> system-view

[Sysname] nqa entry admin test

[Sysname-nqa-admin-test] type ftp

[Sysname-nqa-admin-test-ftp] username administrator

# Set the FTP login username to administrator in FTP template view.

<Sysname> system-view

[Sysname] nqa template ftp ftptplt

[Sysname-nqatplt-ftp-ftptplt] username administrator

Related commands

· operation

· password

version

Use version to specify the version used in the HTTP or HTTPS operation.

Use undo version to restore the default.

Syntax

version { v1.0 | v1.1 }

undo version

Default

Version 1.0 is used in the HTTP operation or HTTPS operation.

Views

HTTP operation view

HTTP/HTTPS template view

Predefined user roles

network-admin

mdc-admin

Parameters

v1.0: Uses version 1.0.

v1.1: Uses version 1.1.

Examples

# Configure the HTTP operation to use the HTTP version 1.1.

<Sysname> system-view

[Sysname] nqa entry admin test

[Sysname-nqa-admin-test] type http

[Sysname-nqa-admin-test-http] version v1.1

vpn-instance

Use vpn-instance to apply the operation to a VPN instance.

Use undo vpn-instance to restore the default.

Syntax

vpn-instance vpn-instance-name

undo vpn-instance

Default

The operation applies to the public network.

Views

ICMP echo/TCP/UDP echo operation view

DHCP/DLSw/DNS/FTP/HTTP/SNMP operation view

UDP tracert operation view

ICMP jitter/path jitter/UDP jitter/voice operation view

Any NQA template view

Predefined user roles

network-admin

mdc-admin

Parameters

vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters.

Usage guidelines

After you specify the VPN, the NQA operation tests the connectivity in the specified VPN instance.

Examples

# Apply the ICMP echo operation to vpn1.

<Sysname> system-view

[Sysname] nqa entry admin test

[Sysname-nqa-admin-test] type icmp-echo

[Sysname-nqa-admin-test-icmp-echo] vpn-instance vpn1

# In FTP template view, apply the FTP operation to vpn1.

<Sysname> system-view

[Sysname] nqa template ftp ftptplt

[Sysname-nqatplt-ftp-ftptplt] vpn-instance vpn1

NQA server commands

IMPORTANT:

Configure the NQA server only for UDP jitter, TCP, UDP echo, and voice operations.

display nqa server

Use display nqa server status to display NQA server status.

Syntax

display nqa server

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Examples

# Display NQA server status.

<Sysname> display nqa server

NQA server status: Enabled

TCP connect:

IP Address Port Tos Vpn-instance

2.2.2.2 2000 200 -

UDP echo:

IP Address Port Tos Vpn-instance

3.3.3.3 3000 255 vpn1

Table 46 Command output

Field	Description
NQA server status	Whether the NQA server is enabled.
TCP connect	Information about the TCP listening service on the NQA server.
UDP echo	Information about the UDP listening service on the NQA server.
IP Address	IP address specified for the TCP/UDP listening service on the NQA server.
Port	Port number specified for the TCP/UDP listening service on the NQA server.
Tos	ToS value in reply packets sent by the NQA server.
Vpn instance	Name of the VPN instance to which the IP address that the NQA server listens on belongs. This field displays a hyphen (-) if the NQA server listens on a public IP address.

Related commands

· nqa server enable

· nqa server tcp-connect

· nqa server udp-echo

nqa server enable

Use nqa server enable to enable the NQA server.

Use undo nqa server enable to disable the NQA server.

Syntax

nqa server enable

undo nqa server enable

Default

The NQA server is disabled.

Views

System view

Predefined user roles

network-admin

mdc-admin

Examples

# Enable the NQA server.

<Sysname> system-view

[Sysname] nqa server enable

Related commands

· display nqa server

· nqa server tcp-connect

· nqa server udp-echo

nqa server tcp-connect

Use nqa server tcp-connect to configure a TCP listening service to enable the NQA server to listen to a port on the specified IP address.

Use undo nqa server tcp-connect to remove a TCP listening service.

Syntax

nqa server tcp-connect ip-address port-number [ vpn-instance vpn-instance-name ] [ tos tos ]

undo nqa server tcp-connect ip-address port-number

Default

No TCP listening services exist.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

ip-address: Specifies the IP address for the TCP listening service.

port-number: Specifies the port number for the TCP listening service, in the range of 1 to 65535.

vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters. If you do not specify this option, the NQA server listens on a public IP address.

tos tos: Specifies the ToS value in the IP header for reply packets. The value range is 0 to 255, and the default value is 0.

Usage guidelines

Use this command on the NQA server only for the TCP operation.

When you configure the IP address and port number for a TCP listening service on the NQA server, follow these restrictions and guidelines:

· The IP address, port number, and VPN instance must be unique on the NQA server and match the configuration on the NQA client.

· The IP address must be the address of an interface on the NQA server.

· To ensure successful NQA operations and avoid affecting existing services, do not configure the TCP listening service on well-known ports from 1 to 1023.

Examples

# Configure a TCP listening service to enable the NQA server to listen to port 9000 on the IP address 169.254.10.2.

<Sysname> system-view

[Sysname] nqa server tcp-connect 169.254.10.2 9000

Related commands

· display nqa server

· nqa server enable

nqa server udp-echo

Use nqa server udp-echo to configure a UDP listening service to enable the NQA server to listen to a port on the specified IP address.

Use undo nqa server udp-echo to remove the UDP listening service created.

Syntax

nqa server udp-echo ip-address port-number [ vpn-instance vpn-instance-name ] [ tos tos ]

undo nqa server udp-echo ip-address port-number

Default

No UDP listening services exist.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

ip-address: Specifies the IP address for the UDP listening service.

port-number: Specifies the port number for the UDP listening service, in the range of 1 to 65535.

tos tos: Specifies the ToS value in the IP header for reply packets. The value range for this argument is 0 to 255, and the default value is 0.

Usage guidelines

Use this command on the NQA server only for the UDP jitter, UDP echo, and voice operations.

When you configure the IP address and port number for a UDP listening service on the NQA server, follow these restrictions and guidelines:

· The IP address, port number, and VPN instance must be unique on the NQA server and match the configuration on the NQA client.

· The IP address must be the address of an interface on the NQA server.

· To ensure successful NQA operations and avoid affecting existing services, do not configure the UDP listening service on well-known ports from 1 to 1023.

Examples

# Configure a UDP listening service to enable the NQA server to listen to port 9000 on the IP address 169.254.10.2.

<Sysname> system-view

[Sysname] nqa server udp-echo 169.254.10.2 9000

Related commands

· display nqa server

· nqa server enable

NETCONF commands

netconf idle-timeout

Use netconf idle-timeout to set the NETCONF session idle timeout time.

Use undo netconf idle-timeout to restore the default.

Syntax

netconf { soap | agent } idle-timeout minute

undo netconf { soap | agent } idle-timeout

Default

The NETCONF session idle timeout time is 10 minutes for NETCONF over SOAP over HTTP and for NETCONF over SOAP over HTTPS sessions.

The NETCONF session idle timeout time is 0 minutes for SSH, Telnet, and NETCONF over SSH sessions.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

soap: Specifies the NETCONF over SOAP over HTTP and NETCONF over SOAP over HTTPS sessions.

agent: Specifies the SSH, Telnet, and NETCONF over SSH sessions.

minute: Specifies the NETCONF session idle timeout time in minutes. The value range is as follows:

· 1 to 999 for NETCONF over SOAP over HTTP and for NETCONF over SOAP over HTTPS sessions.

· 0 to 999 for SSH, Telnet, and NETCONF over SSH sessions. The value of 0 indicates that the NETCONF sessions never time out.

Usage guidelines

This command is available in Release 1138P01 and later versions.

Examples

# Set the NETCONF session idle timeout time to 20 minutes for NETCONF over SOAP over HTTP and for NETCONF over SOAP over HTTPS sessions.

<Sysname> system-view

[Sysname] netconf soap idle-timeout 20

netconf log

Use netconf log to enable NETCONF logging.

Use undo netconf log to disable NETCONF logging for the specified NETCONF operation sources and NETCONF operations.

Syntax

netconf log source { all | { agent | soap | web } * } { { protocol-operation { all | { action | config | get | set | session | syntax | others } * } } | verbose }

undo netconf log source { all | { agent | soap | web } * } { { protocol-operation { all | { action | config | get | set | session | syntax | others } * } } | verbose }

Default

NETCONF logging is disabled.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

source: Specifies a NETCONF operation source that represents clients that use a protocol.

· all: Specifies NETCONF clients that use all protocols.

· agent: Specifies clients that use Telnet, SSH, console, or NETCONF over SSH.

· soap: Specifies clients that use SOAP over HTTP, or SOAP over HTTPS.

· web: Specifies clients that use Web.

protocol-operation: Specifies a NETCONF operation type.

· all: Specifies all NETCONF operations.

· action: Specifies the action operation.

· config: Specifies the configuration-related NETCONF operations, including the CLI, save, load, rollback, lock, unlock, and save-point operations.

· get: Specifies the data retrieval-related NETCONF operations, including the get, get-config, get-bulk, get-bulk-config, and get-sessions operations.

· set: Specifies all edit-config operations.

· session: Specifies session-related NETCONF operations, including the kill-session and close-session operations, and capability exchange by hello messages.

· syntax: Specifies the requests that include XML and schema errors.

· others: Specifies NETCONF operations except for those specified by keywords action, config, get, set, session, and syntax.

verbose: Logs detailed NETCONF information. For request operations, this keyword logs the texts of the requests after brief information. For service operations, this keyword takes effect only on the edit-config operations. When an edit-config operation error occurs, this keyword logs detailed error information.

Examples

# Configure the device to log NETCONF edit-config information sourced from agent clients.

<Sysname> system-view

[sysname] netconf log source agent protocol-operation set

netconf soap http enable

Use netconf soap http enable to enable NETCONF over SOAP over HTTP.

Use undo netconf soap http enable to disable NETCONF over SOAP over HTTP.

Syntax

netconf soap http enable

undo netconf soap http enable

Default

NETCONF over SOAP over HTTP is disabled.

Views

System view

Predefined user roles

network-admin

mdc-admin

Usage guidelines

This command is not available in FIPS mode.

This command enables the device to resolve NETCONF messages that are encapsulated with SOAP in HTTP packets.

Examples

# Enable NETCONF over SOAP over HTTP.

<Sysname> system-view

[Sysname] netconf soap http enable

netconf soap https enable

Use netconf soap https enable to enable NETCONF over SOAP over HTTPS.

Use undo netconf soap https enable to disable NETCONF over SOAP over HTTPS.

Syntax

netconf soap https enable

undo netconf soap https enable

Default

NETCONF over SOAP over HTTPS is disabled.

Views

System view

Predefined user roles

network-admin

mdc-admin

Usage guidelines

This command enables the device to resolve NETCONF messages that are encapsulated with SOAP in HTTPS packets.

Examples

# Enable NETCONF over SOAP over HTTPS.

<Sysname> system-view

[Sysname] netconf soap https enable

netconf ssh server enable

Use netconf ssh server enable to enable NETCONF over SSH.

Use undo netconf ssh server enable to disable NETCONF over SSH.

Syntax

netconf ssh server enable

undo netconf ssh server enable

Default

NETCONF over SSH is disabled.

Views

System view

Predefined user roles

network-admin

mdc-admin

Usage guidelines

This feature allows you to use an SSH client to invoke NETCONF as an SSH subsystem. Then, you can directly use XML messages to perform NETCONF operations without using the xml command.

Before you execute this command, configure the authentication mode for users as scheme on the device. Then, the NETCONF-over-SSH-enabled user terminals can access the device through NETCONF over SSH.

Only capability set urn:ietf:params:netconf:base:1.0 is available. It is supported by both the device and user terminals.

Examples

# Enable NETCONF over SSH.

<Sysname> system

[Sysname] netconf ssh server enable

netconf ssh server port

Use netconf ssh server port to specify a port to listen for NETCONF over SSH connections.

Use undo netconf ssh server port to restore the default.

Syntax

netconf ssh server port port-number

undo netconf ssh server port

Default

Port 830 listens for NETCONF over SSH connections.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

port-number: Specifies a port by its number in the range of 1 to 65535.

Usage guidelines

When assigning a listening port, make sure the specified port is not being used by other services. The SSH service can share the same port with other services, but it might not operate correctly.

Examples

# Specify port 800 to listen for NETCONF over SSH connections.

<Sysname> system

[Sysname] netconf ssh server port 800

xml

Use xml to enter XML view.

Syntax

xml

Views

User view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Usage guidelines

In XML view, use NETCONF messages to configure the device or obtain data from the device. NETCONF operations you can perform depend on the user roles you have, as shown in Table 47.

Table 47 NETCONF operations available for the predefined user roles

User role

NETCONF operations

network-admin

All NETCONF operations

network-operator

· Get

· Get-bulk

· Get-bulk-config

· Get-config

· Get-sessions

· Close-session

NETCONF messages must comply with the XML format requirement and syntactic requirements. To ensure successful configuration, use third-party software to generate NETCONF messages.

To quit XML view, use a NETCONF message instead of the quit command.

If you have configured a shortcut key (Ctrl + C, by default) by using the escape-key command in user line/user line class view, the NETCONF message should not contain the shortcut key string. Otherwise, relevant configurations in XML view might be affected. For example, in user line view, you configured "a" as the shortcut key by using the escape-key a command. When a NETCONF message includes the character "a," only the contents after the last "a" in the message can be processed.

Examples

# Enter XML view.

<Sysname> xml

<?xml version="1.0" encoding="UTF-8"?><hello xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"><capabilities><capability>urn:ietf:params:netconf:base:1.1</capability><capability>urn:ietf:params:netconf:writable-running</capability><capability>urn:ietf:params:netconf:capability:notification:1.0</capability><capability>urn:ietf:params:netconf:capability:validate:1.1</capability><capability>urn:ietf:params:netconf:capability:interleave:1.0</capability><capability>urn:ietf:params:netconf:capability:h3c-netconf-ext:1.0</capability></capabilities><session-id>1</session-id></hello>]]>]]>

# Quit XML view.

<close-session>

</close-session>

</rpc>]]>]]>

Index

A C D E F H I L M N O P R S T U V X

action cli,127

action reboot,128

action switchover,129

action syslog,129

advantage-factor,148

codec-type,148

commit,130

community read,149

data-fill,150

data-size,151

debugging,1

description,152

destination host,153

destination ip,153

destination port,154

diagnostic-logfile save,33

display debugging,1

display diagnostic-logfile summary,33

display info-center,34

display logbuffer,35

display logbuffer summary,37

display logfile summary,39

display mirroring-group,107

display nqa history,155

display nqa reaction counters,157

display nqa result,159

display nqa server,224

display nqa statistics,166

display ntp-service sessions,8

display ntp-service status,12

display ntp-service trace,13

display rtm environment,131

display rtm policy,132

display sampler,105

display sflow,119

display snmp-agent community,60

display snmp-agent context,61

display snmp-agent group,62

display snmp-agent local-engineid,63

display snmp-agent mib-node,64

display snmp-agent mib-view,70

display snmp-agent remote,71

display snmp-agent statistics,72

display snmp-agent sys-info,74

display snmp-agent trap queue,75

display snmp-agent trap-list,75

display snmp-agent usm-user,76

display sntp sessions,28

enable log updown,40

enable snmp trap updown,77

event cli,133

event hotplug,134

event interface,135

event process,137

event snmp oid,138

event snmp-notification,140

event syslog,140

event track,141

expect data,175

expect ip,176

expect status,177

filename,177

frequency,178

history-record enable,179

history-record keep-time,180

history-record number,180

info-center diagnostic-logfile directory,42

info-center diagnostic-logfile enable,40

info-center diagnostic-logfile frequency,41

info-center diagnostic-logfile quota,41

info-center enable,43

info-center format,44

info-center logbuffer,44

info-center logbuffer size,45

info-center logfile directory,47

info-center logfile enable,46

info-center logfile frequency,46

info-center logfile overwrite-protection,43

info-center logfile size-quota,47

info-center logging suppress duplicates,48

info-center loghost,50

info-center loghost source,50

info-center source,51

info-center synchronous,53

info-center syslog min-age,54

info-center timestamp,54

info-center timestamp loghost,55

info-center trace-logfile quota,56

init-ttl,181

logfile save,56

lsr-path,182

max-failure,182

mirroring-group,108

mirroring-group mirroring-cpu,109

mirroring-group mirroring-port (interface view),110

mirroring-group mirroring-port (system view),111

mirroring-group monitor-egress,112

mirroring-group monitor-port (interface view),113

mirroring-group monitor-port (system view),114

mirroring-group reflector-port,115

mirroring-group remote-probe vlan,116

mirror-to,118

mode,183

netconf idle-timeout,228

netconf log,228

netconf soap http enable,229

netconf soap https enable,230

netconf ssh server enable,231

netconf ssh server port,231

next-hop ip,184

no-fragment enable,184

nqa,185

nqa agent enable,186

nqa schedule,186

nqa server enable,225

nqa server tcp-connect,225

nqa server udp-echo,226

nqa template,187

ntp-service acl,14

ntp-service authentication enable,15

ntp-service authentication-keyid,16

ntp-service broadcast-client,17

ntp-service broadcast-server,18

ntp-service dscp,18

ntp-service enable,19

ntp-service inbound enable,19

ntp-service max-dynamic-sessions,20

ntp-service multicast-client,21

ntp-service multicast-server,22

ntp-service refclock-master,23

ntp-service reliable authentication-keyid,23

ntp-service source,24

ntp-service unicast-peer,25

ntp-service unicast-server,26

operation (FTP operation view),188

operation (HTTP/HTTPS operation view),189

out interface,190

password,191

ping,2

probe count,192

probe packet-interval,193

probe packet-number,193

probe packet-timeout,194

probe timeout,195

raw-request,196

reaction checked-element { jitter-ds | jitter-sd },196

reaction checked-element { owd-ds | owd-sd },198

reaction checked-element icpif,199

reaction checked-element mos,200

reaction checked-element packet-loss,201

reaction checked-element probe-duration,202

reaction checked-element probe-fail (for trap),203

reaction checked-element probe-fail (for trigger),205

reaction checked-element rtt,205

reaction trap,207

reaction trigger per-probe,208

reaction trigger probe-fail,209

reaction trigger probe-pass,209

reset logbuffer,57

resolve-target,210

resolve-type,211

route-option bypass-route,211

rtm cli-policy,143

rtm environment,143

rtm scheduler suspend,145

rtm tcl-policy,145

running-time,146

sampler,106

sflow agent,120

sflow collector,121

sflow counter collector,122

sflow counter interval,122

sflow flow collector,123

sflow flow max-header,123

sflow sampling-mode,124

sflow sampling-rate,125

sflow source,125

snmp-agent,78

snmp-agent calculate-password,79

snmp-agent community,80

snmp-agent community-map,82

snmp-agent context,83

snmp-agent group,83

snmp-agent local-engineid,85

snmp-agent log,86

snmp-agent mib-view,87

snmp-agent packet max-size,88

snmp-agent port,89

snmp-agent remote,89

snmp-agent source,90

snmp-agent sys-info contact,91

snmp-agent sys-info location,92

snmp-agent sys-info version,92

snmp-agent target-host,93

snmp-agent trap enable,95

snmp-agent trap if-mib link extended,96

snmp-agent trap life,97

snmp-agent trap log,97

snmp-agent trap queue-size,98

snmp-agent usm-user { v1 | v2c },99

snmp-agent usm-user v3,100

sntp authentication enable,28

sntp authentication-keyid,29

sntp enable,30

sntp reliable authentication-keyid,30

sntp unicast-server,31

source interface,212

source ip,213

source port,214

ssl-client-policy,215

statistics hold-time,215

statistics interval,216

statistics max-group,217

target-only,218

terminal debugging,57

terminal logging level,58

terminal monitor,59

tos,218

tracert,5

ttl,219

type,220

url,221

username,222

user-role,147

version,222

vpn-instance,223

xml,232

11-Network Management and Monitoring CR

debugging

ping

tracert

display ntp-service trace

ntp-service authentication enable

ntp-service authentication-keyid

ntp-service broadcast-server

ntp-service inbound enable

ntp-service max-dynamic-sessions

ntp-service multicast-server

ntp-service reliable authentication-keyid

ntp-service unicast-peer

Information center commands

diagnostic-logfile save

display logfile summary

enable log updown

info-center logfile size-quota

info-center timestamp

info-center trace-logfile quota

terminal logging level

Sampler configuration commands

display sampler

mirroring-group mirroring-cpu

mirroring-group mirroring-port (system view)

mirroring-group monitor-egress

mirroring-group monitor-port (interface view)

mirroring-group monitor-port (system view)

sFlow commands

display sflow

event hotplug