Contents

vSystem commands· 1

vSystem commands for the default vSystem·· 1

allocate interface· 1

allocate vlan· 2

capability security-policy-rule maximum·· 2

capability session maximum·· 3

capability session rate· 4

capability throughput 5

default 5

description (vSystem view) 6

description (vSystem interface view) 7

display interface vsys-interface· 7

display vsys-capability throughput 10

display vsys· 11

display vsys interface· 12

display vsys vlan· 12

interface vsys-interface· 13

reset counters interface vsys-interface· 14

save vsys· 14

switchto vsys· 15

vsys· 16

vsys-capability throughput alarm enable· 17

vsys-capability throughput drop-logging enable· 18

vSystem commands for non-default vSystems· 19

description (vSystem interface view) 19

display interface vsys-interface· 19

interface vsys-interface· 22

reset counters interface vsys-interface· 22

 

vSystem commands

 

vSystem commands for the default vSystem

allocate interface

Use allocate interface to assign interfaces to a vSystem.

Use undo allocate interface to reclaim interfaces assigned to a vSystem.

Syntax

allocate interface interface-type interface-number

undo allocate interface interface-type interface-number

Default

All interfaces on the device belong to the default vSystem. A non-default vSystem cannot use any interfaces.

Views

vSystem view

Predefined user roles

network-admin

context-admin

Parameters

interface-type: Specify an interface by its type.

interface-number: Specify an interface by its number.

Usage guidelines

An interface can be assigned to only one vSystem.

To allocate Layer 2 interfaces to a vSystem, execute the allocate vlan command to assign a VLAN to a vSystem and then the Layer 2 interfaces in the VLAN will be assigned to the vSystem automatically.

Do not assign the interfaces that are bound with VPN instances to vSystems. Do not bind the interfaces that are assigned to vSystems with VPN instances.

You can use this command multiple times to assign multiple interfaces to a vSystem.

Examples

# Assign GigabitEthernet 1/0/1 to vSystem vsys1.

<Sysname> system-view

[Sysname] vsys vsys1

[Sysname-vsys-2-vsys1] allocate interface gigabitethernet 1/0/1

Related commands

display vsys interface

allocate vlan

Use allocate vlan to assign a VLAN to a vSystem.

Use undo allocate vlan to reclaim a VLAN assigned to a vSystem.

Syntax

allocate vlan vlan-id

undo allocate vlan vlan-id

Default

All VLANs belong to the default vSystem.

Views

vSystem view

Predefined user roles

network-admin

context-admin

Parameters

vlan-id: Assigns a VLAN to the vSystem. Make sure the VLAN has been created.

Usage guidelines

A VLAN can be assigned to only one vSystem.

After a VLAN is assigned to a vSystem, the Layer 2 interfaces in the VLAN will be assigned to the vSystem automatically.

You can use this command multiple times to assign multiple VLANs to a vSystem.

Examples

# Assign VLAN 100 to vSystem vsys1.

<Sysname> system-view

[Sysname] vsys vsys1

[Sysname-vsys-2-vsys1] allocate vlan 100

Related commands

display vsys vlan

capability security-policy-rule maximum

Use capability security-policy-rule maximum to set the maximum number of security policy rules for a vSystem.

Use undo capability security-policy-rule maximum to restore the default.

Syntax

capability security-policy-rule maximum max-number

undo capability security-policy-rule maximum

Default

The number of security policy rules is not limited for a vSystem.

Views

vSystem view

Predefined user roles

network-admin

context-admin

Parameters

max-number: Specifies the maximum number of security policy rules for the vSystem, in the range of 1 to 4294967295.

Usage guidelines

A large number of security policy rules occupy too much memory, affecting other features on the vSystem. This command sets the maximum number of security policy rules for a vSystem. When the maximum number is reached, you cannot add new security policy rules.

If the setting of this command is greater than the number of existing rules, the device does not delete rules but you cannot add additional security policy rules.

Examples

# Set the maximum number of security policy rules to 1000 for vSystem vys1 with vSystem ID 2.

<Sysname> system-view

[Sysname] vsys vsys1 id 2

[Sysname-vsys-2-vsys1] capability security-policy-rule maximum 1000

Related commands

display security-policy ip (Security Command Reference)

capability session maximum

Use capability session maximum to set the maximum number of concurrent sessions for a vSystem.

Use undo capability session maximum to restore the default.

Syntax

capability session maximum max-number

undo capability session maximum

Default

The number of concurrent sessions is not limited for a vSystem.

Views

vSystem view

Predefined user roles

network-admin

Parameters

max-number: Specifies the maximum number of concurrent sessions for the vSystem. The value range is 1 to 4294967295.

Usage guidelines

A large number of concurrent sessions occupy too much memory, affecting other features on the vSystem. This command sets the maximum number of concurrent sessions for a vSystem. When the maximum number is reached, you cannot establish additional sessions.

If the setting of this command is greater than the number of existing sessions, the device does not close existing sessions but you cannot establish additional sessions.

This command does not affect local traffic, such as FTP traffic, Telnet traffic, SSH traffic, HTTP traffic, and HTTP-based load balancing traffic.

Examples

# Set the maximum number of concurrent sessions to 1000000 for vSystem vys1 with vSystem ID 2.

<Sysname> system-view

[Sysname] vsys vsys1 id 2

[Sysname-vsys-2-vsys1] capability session maximum 1000000

Related commands

vsys

display session statistics (Security Command Reference)

capability session rate

Use capability session rate to set the upper limit of the session establishment rate for a vSystem.

Use undo capability session rate to restore the default.

Syntax

capability session rate max-value

undo capability session rate

Default

The session establishment rate is not limited for a vSystem.

Views

vSystem view

Predefined user roles

network-admin

Parameters

max-value: Specifies the maximum number of sessions that can be established per second, in the range of 1 to 4294967295.

Usage guidelines

Establishing sessions too frequently consumes too much CPU resources. If a vSystem establishes sessions too frequently, other vSystems will not be able to establish sessions. This command sets the number of sessions that can be established per second for a vSystem. When the limit is reached, no additional sessions can be established.

This command does not affect local traffic, such as FTP traffic, Telnet traffic, SSH traffic, HTTP traffic, and HTTP-based load balancing traffic.

Examples

# Configure vSystem vys1 with vSystem ID 2 to establish a maximum of 20000 sessions per second.

<Sysname> system-view

[Sysname] vsys vsys1 id 2

[Sysname-vsys-2-vsys1] capability session rate 20000

Related commands

vsys

display session statistics (Security Command Reference)

capability throughput

Use capability throughput to set the inbound throughput threshold for a vSystem.

Use undo capability throughput to restore the default.

Syntax

capability throughput { kbps | pps } threshold

undo capability throughput

Default

The inbound throughput of a vSystem is not limited on a vSystem.

Views

vSystem view

Predefined user roles

network-admin

context-admin

Parameters

kbps: Specifies the inbound throughput in kilobits per second.

pps: Specifies the inbound throughput in packets per second.

threshold: Specifies the inbound throughput threshold in the range of 1000 to 100000000.

Usage guidelines

You can execute this command to specify an inbound throughput threshold for a vSystem. With the inbound throughput threshold configured, the vSystem can only use a bandwidth lower than or equal to the specified inbound throughput threshold value to forward the packets.

Examples

# Set the inbound throughput threshold to 100000 kbps for vSystem vys1 with vSystem ID 2.

<Sysname> system-view

[Sysname] vsys vsys1 id 2

[Sysname-vsys-2-vsys1] capability throughput kbps 10000

Related commands

vsys-capability throughput drop-logging enable

default

Use default to restore the default settings for an interface.

Syntax

default

Views

vSystem interface view

Predefined user roles

network-admin

context-admin

Usage guidelines

	CAUTION: The default command might interrupt ongoing network services. Make sure you are fully aware of the impacts of this command when you use it in a live network.

‌

This command might fail to restore the default settings for some commands because of command dependencies or system restrictions. You can use the display this command in interface view to identify these commands, and use their undo forms or follow the command reference to restore their default settings. If your restoration attempt still fails, follow the error message instructions to solve the problem.

Examples

# Restore the default settings for vSystem interface 2.

<Sysname> system-view

[Sysname] interface vsys-interface 2

[Sysname-vSys-interface2] default

description (vSystem view)

Use description to configure a description for a vSystem.

Use undo description to restore the default.

Syntax

description text

undo description

Views

vSystem view

Predefined user roles

network-admin

context-admin

Parameters

text: Specifies a description, a case-sensitive string of 1 to 255 characters.

Usage guidelines

You can configure a description for each vSystem, which is useful to maintain vSystems.

Examples

# Configure a description for vSystem vsys1.

<Sysname> system-view

[Sysname] vsys vsys1

[Sysname-vsys-2-vsys1] description test

Related commands

display vsys

description (vSystem interface view)

Use description to configure the description of an interface.

Use undo description to restore the default.

Syntax

description text

undo description

Default

The description of a vSystem interface is interface name Interface, for example, vSys-interface2 Interface.

Views

vSystem interface view

Predefined user roles

network-admin

context-admin

Parameters

text: Specifies a description, a case-sensitive string of 1 to 255 characters.

Usage guidelines

For interface identification and easy maintenance, you can configure a description for an interface according to its connection and usage.

You can execute the display interface vsys-interface command view the configured description.

Examples

# Configure "for RouterID" as the description of vSystem interface 2.

<Sysname> system-view

[Sysname] interface vsys-interface 2

[Sysname-vSys-interface2] description for RouterID

Related commands

display interface vsys-interface

display interface vsys-interface

Use display interface vsys-interface to display vSystem interface information.

Syntax

display interface [ vsys-interface [ interface-number ] ] [ brief [ description ] ]

Views

Any view

Predefined user roles

network-admin

network-operator

context-admin

context-operator

Parameters

vsys-interface [ interface-number ]: Specifies a vSystem interface by its number. Make sure the specified vSystem interface has been created. If you do not specify this option, the command displays information about all interfaces except VA interfaces. If you specify the vsys-interface keyword without specifying a vSystem interface number, this command displays information about all created vSystem interfaces. For more information about VA interfaces, see PPP in Layer 2—WAN Access Configuration Guide.

brief: Displays brief interface information. If you do not specify this keyword, the command displays detailed interface information.

description: Displays complete interface descriptions. If you do not specify this keyword, the command displays only the first 27 characters of each interface description.

Usage guidelines

This command is supported only when a vSystem interface exists on the device.

On the default vSystem, you can view information about all vSystem interfaces. On a non-default vSystem, you can view information about the vSystem interface with same vSystem ID.

Examples

# Display information about vSystem interface 2.

<Sysname> display interface vsys-interface 2

vSys-interface2

Current state: UP

Line protocol state: UP(spoofing)

Description: vSys-interface2 Interface

Maximum transmission unit: 64000

Physical: vSystem

Last clearing of counters:  Never

Last 300 seconds input rate:  0 bytes/sec, 0 bits/sec, 0 packets/sec

Last 300 seconds output rate:  0 bytes/sec, 0 bits/sec, 0 packets/sec

Input: 0 packets, 0 bytes, 0 drops

Output: 0 packets, 0 bytes, 0 drops

Table 1 Command output

Field	Description
Current state	Physical link state of the interface: ·     UP—The interface can transmit and receive the packets. ·     DOWN—The interface cannot transmit or receive the packets.
Line protocol state	Data link layer state of the interface. The field value is UP(spoofing), indicating that the data link layer protocol is up but the link is an on-demand link or does not exist.
Description	Description of the interface.
Maximum transmission unit	MTU of the interface.
Physical: vSystem	Physical type of the interface. The field value is vSystem.
baudrate	Baudrate in kbps.
Last clearing of counters	Time when the reset counters interface command was most recently used to clear the interface statistics. This field displays Never if the reset counters interface command has never been used on the interface since device startup.
Last 300 seconds input rate:  0 bytes/sec, 0 bits/sec, 0 packets/sec	Average input rate (in Bps, bps, and pps) in the most recent 300 seconds. This field is available only when the interface supports statistics collection.
Last 300 seconds output rate:  0 bytes/sec, 0 bits/sec, 0 packets/sec	Average output rate (in Bps, bps, and pps) in the most recent 300 seconds. This field is available only when the interface supports statistics collection.
Input: 0 packets, 0 bytes, 0 drops	Statistics about the input packets, including the number of input packets, number of input bytes, and number of dropped packets. This field is available only when the interface supports statistics collection.
Output: 0 packets, 0 bytes, 0 drops	Statistics about the output packets, including the number of output packets, number of output bytes, and number of dropped packets. This field is available only when the interface supports statistics collection.

 

# Display brief information about all vSystem interfaces.

<Sysname> display interface vsys-interface brief

Brief information on interfaces in route mode:

Protocol: (s) - spoofing

Interface            Link Protocol Primary IP      Description

vSys2                 UP   UP(s)    --              forLAN1

Table 2 Command output

Field	Description
Brief information on interfaces in route mode:	Brief information about Layer 3 interfaces.
Protocol: (s) - spoofing	Data link layer state of the interface. The field value is (s) - spoofing, indicating that the data link layer protocol is up but the link is an on-demand link or does not exist. The (s) attribute represents the spoofing flag.
Interface	Abbreviated interface name.
Link	Physical link state of the interface: ·     UP—The interface is physically up. ·     DOWN—The interface is physically down.
Protocol	Data link layer state of the interface. The field value is UP(s).
Primary IP	Primary IP address of the interface.
Description	Description of the interface.

 

Related commands

reset counters interface vsys-interface

display vsys-capability throughput

Use display vsys-capability throughput to display throughput usage information for vSystems.

Syntax

In standalone mode:

display vsys-capability throughput [ name vsys-name ] [ slot slot-number cpu cpu-number ]

In IRF mode:

display vsys-capability throughput [ name vsys-name ] [ chassis chassis-number slot slot-number cpu cpu-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

vsys-name: Specifies a vSystem by its name, a case-sensitive string of 1 to 31 characters. If you do not specify a vSystem, this command displays throughput usage information for all vSystems.

slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays throughput usage information for vSystems on all cards. (In standalone mode.)

chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the card. If you do not specify a card, this command displays throughput usage information for vSystems on all cards of all IRF member devices. (In IRF mode.)

cpu cpu-number: Specifies a CPU by its number. This option is available only if multiple CPUs are available on the specified slot.

Examples

# Display throughput usage information for all vSystems.

<Sysname> display  vsys-capability throughput

Throughput usage:

 Slot 1 CPU 0:

  ID    Name      Maximum    Used    Free   Usage(%)  Unit

  1     Admin     NA         0       NA     0         NA  

  2     vvsys1    10000      1000    9000   10        kbps

  3     vsys2     200000     10000   10000  50        pps

Table 3 Command output

Field	Description
ID	vSystem ID.
Name	vSystem name.
Maximum	Inbound throughput threshold for the vSystem. If no inbound throughput threshold is set for the vSystem, this field displays NA.
Used	Used inbound throughput of the vSystem. If no inbound throughput threshold is set for the vSystem, this field displays 0.
Free	Remaining inbound throughput of the vSystem. This value is the result of the maximum inbound throughput of the vSystem minus the used inbound throughput of the vSystem. If no inbound throughput threshold is set for the vSystem, this field displays NA.
Usage	Percentage of the used inbound throughput to the inbound throughput threshold for the vSystem. If no inbound throughput threshold is set for the vSystem, this field displays 0.
Unit	Throughput unit. If no inbound throughput threshold is set for the vSystem, this field displays NA.

 

Related commands

capability throughput

display vsys

Use display vsys to display vSystems.

Syntax

display vsys [ name vsys-name ]

Views

Any view

Predefined user roles

network-admin

network-operator

context-admin

context-operator

Parameters

name vsys-name: Specifies a vSystem by its name, a case-sensitive string of 1 to 15 characters. If you do not specify this option, this command displays all vSystems.

Examples

# Display all vSystems.

<Sysname> display vsys

ID     Name      Status       Description

1      admin     Active       Default

2      aaa       Active       vsys2

Table 4 Command output

Field	Description
Status	Status of the vSystem. Active indicates that the vSystem is active.

 

Related commands

description

vsys

display vsys interface

Use display vsys interface to display interfaces assigned to vSystems.

Syntax

display vsys [ name vsys-name ] interface

Views

Any view

Predefined user roles

network-admin

network-operator

context-admin

context-operator

Parameters

name vsys-name: Specifies a vSystem by its name, a case-sensitive string of 1 to 31 characters. If you do not specify this option, this command displays the interfaces for all vSystems.

Examples

# Display the interfaces for all vSystems.

<Sysname> display vsys interface

vSystem vsys1's interfaces:

  gigabitethernet 1/0/2

vSystem vsys2's interfaces:

  gigabitethernet 1/0/3

Related commands

allocate interface

display vsys vlan

Use display vsys vlan to display VLAN lists for vSystems.

Syntax

display vsys [ name vsys-name ] vlan

Views

Any view

Predefined user roles

network-admin

network-operator

context-admin

context-operator

Parameters

name vsys-name: Specifies a vSystem by its name, a case-sensitive string of 1 to 31 characters. If you do not specify tthis option, this command displays VLAN lists for all vSystems.

Examples

# Display VLAN lists for all vSystems.

<Sysname> display vsys vlan

vSystem vsys1's VLANs:

 2,4094

vSystem vsys2's VLANs:

 5,6,3400

Related commands

allocate vlan

interface vsys-interface

Use interface vsys-interface to enter vSystem interface view.

Syntax

interface vsys-interface interface-number

undo interface vsys-interface interface-number

Views

System view

Predefined user roles

network-admin

context-admin

Parameters

interface-number: Specifies a vSystem interface by its number. It must be the same as the interface number configured on the non-default system where the interface belongs.

Usage guidelines

The vSystem interfaces are used for the communication between two non-default vSystems.

A vSystem interface is automatically generated when a default vSystem user creates a non-default vSystem. Each non-default vSystem has only one vSystem interface that cannot be created manually. You can execute the display interface vsys-interface command to view the vSystem interface information.

Examples

# Enter the view of vSystem interface 2.

<Sysname> system-view

[Sysname] interface vsys-interface 2

[Sysname-vSys-interface2]

Related commands

display interface vsys-interface

vsys

reset counters interface vsys-interface

Use reset counters interface vsys-interface to clear vSystem interface statistics.

Syntax

reset counters interface [ vsys-interface [ interface-number ] ]

Views

User view

Predefined user roles

network-admin

context-admin

Parameters

vsys-interface [ interface-number ]: Specifies a vSystem interface by its number. If you do not specify this option, the command clears statistics about all interfaces except VA interfaces. If you specify the vsys-interface keyword without specifying a vSystem interface number, this command clears vSystem interface statistics as follows:

·     On the default vSystem, the statistics about all vSystem interfaces will be cleared.

·     On a non-default vSystem, the statistics about the non-default vSystem will be cleared.

Usage guidelines

To judge whether the specified interface and its link work normally, you can execute this command to clear the existing interface statistics and then the system will start the interface statistics automatically.

This command is supported only when a vSystem interface exists on the device.

Examples

# Clear statistics about vSystem interface 2.

<Sysname> reset counters interface vsys-interface 2

Related commands

display interface vsys-interface

save vsys

Use save vsys to save current configuration of a vSystem to a text file.

Syntax

save vsys vsys-name [ file-url ]

Views

System view

Predefined user roles

network-admin

context-admin

Parameters

vsys-name: Specifies a vSystem name, a case-sensitive string of 1 to 31 characters.

file-url: Specifies a file path, a string of up to 255 characters. The file must be a .cfg file.

Usage guidelines

You can execute this command to save the configuration of a vSystem to the specified text file. If the file specified for this command does not exist, the system creates the file before saving the configuration. If the file already exists, the system overwrite the file with the same name.

If you do not specify a file path or use a file path same as the next-startup configuration file, the specified vSystem configuration will be saved in the next-startup configuration file. After the device reboot, the vSystem will be restored according to the saved configuration.

Examples

# Save current configuration of vSystem abc to abcvsys.cfg.

<Sysname> save vsys abc abcvsys.cfg

The configuration of vSystem abc will be saved to flash:/abcvsys.cfg. Continue? [Y/N]:y

Now saving the configuration of vSystem abc to the device.

Saving configuration flash:/abcvsys.cfg. Please wait...

Configuration is saved to device successfully.

switchto vsys

Use switchto vsys to log in to a non-default vSystem from the system view of the default vSystem and enter the user view of the non-default vSystem.

Syntax

switchto vsys vsys-name

Views

System view

Predefined user roles

network-admin

context-admin

Parameters

vsys-name: Specifies a non-default vSystem by its name, a case-sensitive string of 1 to 31 characters.

Usage guidelines

A default vSystem user can execute this command on the device to log in to any non-default vSystem for configuration and management.

Examples

# Log in to vSystem abc from the system view of the default vSystem.

<Sysname> system-view

[Sysname] switchto vsys abc

<Sysname-abc>

vsys

Use vsys to create a vSystem and enter its view, or enter the view of an existing vSystem.

Use undo vsys to delete a vSystem.

Syntax

vsys vsys-name [ id vsys-id ]

undo vsys vsys-name

Default

A default vSystem exists. The vSystem name is Admin and the vSystem ID is 1.

Views

System view

Predefined user roles

network-admin

context-admin

Parameters

vsys-name: Specifies a vSystem by its name, a case-sensitive string of 1 to 31 characters. Valid characters are letters, digits, underscores (_), and hyphens (-). A vSystem name cannot be any form of admin.

id vsys-id: Specifies a vSystem by its ID. If you do not specify this option, the system assigns the lowest ID among the available IDs to the vSystem.

The following compatibility matrix shows the value ranges for the vSystem ID:

 

Hardware platform	Module type	Value range
M9006 M9010 M9014	Blade IV firewall module	2 to 2048
	Blade V firewall module	2 to 2048
	NAT module	2 to 2048
M9010-GM	Encryption module	2 to 2048
M9016-V	Blade V firewall module	2 to 2048
M9008-S M9012-S	Blade IV firewall module	2 to 2048
	Intrusion prevention service (IPS) module	2 to 2048
	Video network gateway module	2 to 2048
M9008-S-6GW	IPv6 module	2 to 2048
M9008-S-V	Blade IV firewall module	2 to 2048
M9000-AI-E4 M9000-AI-E8 M9000-AI-E16	Blade V firewall module	2 to 2048
M9000-X06	Blade VI firewall module	2 to 2048
M9000-X10	Blade VI firewall module	2 to 4000

‌

Usage guidelines

The default vSystem is the root system. You cannot delete it.

When you execute this command to create a vSystem, a VPN instance with the same name will be created and the created vSystem will be bound to the VPN instance automatically. Make sure the vSystem name is not the same as the existing VPN instance name.

Delete a vSystem with caution. Deleting a vSystem deletes all settings of the vSystem.

If you execute this command multiple times, you can create multiple non-default vSystems.

Examples

# Create a non-default vSystem named vsys1 with vSystem ID 2.

<Sysname> system-view

[Sysname] vsys vsys1 id 2

[Sysname-vsys-2-vsys1]

Related commands

display vsys

vsys-capability throughput alarm enable

Use vsys-capability throughput alarm enable to enable inbound throughput alarm for vSystems and set the alarm threshold.

Use undo vsys-capability throughput alarm enable to disable inbound throughput alarm for vSystems.

Syntax

vsys-capability throughput alarm enable alarm-threshold alarm-threshold

undo vsys-capability throughput alarm enable

Default

Inbound throughput alarm for vSystems is disabled.

Views

System view

Predefined user roles

network-admin

network-operator

Parameters

alarm-threshold alarm-threshold: Sets the throughput alarm threshold, in percentage. The value range for the alarm-threshold argument is 1 to 99.

Usage guidelines

This command is deployed to all vSystems on the device.

For this command to take effect on a vSystem, you must use the capability throughput command to set the inbound throughput threshold for the vSystem.

With the vsys-capability throughput alarm enable command, the device generates an alarm log message when the percentage of the used inbound throughput of a vSystem to its inbound throughput threshold exceeds the specified alarm threshold. When the percentage drops below the alarm threshold, the device generates a recovery log message. The log messages are sent to the information center. You can configure the information center to output the log messages to a specific destination. For more information about the information center, see Network Management and Monitoring Configuration Guide.

Examples

# Enable inbound throughput alarm for vSystems and set the alarm threshold to 80%.

<Sysname> system-view

[Sysname] vsys-capability throughput alarm enable alarm-threshold 80

Related commands

capability throughput

vsys-capability throughput drop-logging enable

Use vsys-capability throughput drop-logging enable to enable packet drop logging for packets dropped because of vSystem inbound throughput limit.

Use undo vsys-capability throughput drop-logging enable to disable packet drop logging for packets dropped because of vSystem inbound throughput limit.

Syntax

vsys-capability throughput drop-logging enable

undo vsys-capability throughput drop-logging enable

Default

Packet drop logging is disabled for packets dropped because of vSystem inbound throughput limit.

Views

System view

Predefined user roles

network-admin

network-operator

Usage guidelines

This command is deployed to all vSystems on the device.

For this command to take effect on a vSystem, you must use the capability throughput command to set the inbound throughput threshold for the vSystem.

With the vsys-capability throughput drop-logging enable command, the device drops subsequent packets on a vSystem after the used inbound throughput of the vSystem reaches the inbound throughput threshold and generates log messages for the dropped packets. When the used inbound throughput of the vSystem drops below the inbound throughput threshold, the device generates a recovery log message and stops dropping packets. The log messages are sent to the information center. You can configure the information center to output the log messages to a specific destination. For more information about the information center, see Network Management and Monitoring Configuration Guide.

Examples

# Enable packet drop logging for packets dropped because of vSystem inbound throughput limit.

<Sysname> system-view

[Sysname] vsys-capability throughput drop-logging enable

Related commands

capability throughput

vSystem commands for non-default vSystems

description (vSystem interface view)

Use description to configure the description of an interface.

Use undo description to restore the default.

Syntax

description text

undo description

Default

The description of a vSystem interface is interface name Interface, for example, vSys-interface2 Interface.

Views

vSystem interface view

Predefined user roles

network-admin

context-admin

vsys-admin

Parameters

text: Specifies a description, a case-sensitive string of 1 to 255 characters.

Usage guidelines

For interface identification and easy maintenance, you can configure a description for an interface according to its connection and usage.

You can execute the display interface vsys-interface command view the configured description.

Examples

# Configure "for RouterID" as the description of vSystem interface 2.

<Sysname> system-view

[Sysname] interface vsys-interface 2

[Sysname-vSys-interface2] description for RouterID

Related commands

display interface vsys-interface

display interface vsys-interface

Use display interface vsys-interface to display vSystem interface information.

Syntax

display interface [ vsys-interface [ interface-number ] ] [ brief [ description ] ]

Views

Any view

Predefined user roles

network-admin

network-operator

context-admin

context-operator

vsys-admin

vsys-operator

Parameters

vsys-interface [ interface-number ]: Specifies a vSystem interface by its number. Make sure the specified vSystem interface has been created. If you do not specify this option, the command displays information about all interfaces except VA interfaces. If you specify the vsys-interface keyword without specifying a vSystem interface number, this command displays information about all created vSystem interfaces. For more information about VA interfaces, see PPP in Layer 2—WAN Access Configuration Guide.

brief: Displays brief interface information. If you do not specify this keyword, the command displays detailed interface information.

description: Displays complete interface descriptions. If you do not specify this keyword, the command displays only the first 27 characters of each interface description.

Usage guidelines

This command is supported only when a vSystem interface exists on the device.

On the default vSystem, you can view information about all vSystem interfaces. On a non-default vSystem, you can view information about the vSystem interface with same vSystem ID.

Examples

# Display information about vSystem interface 2.

<Sysname> display interface vsys-interface 2

vSys-interface2

Current state: UP

Line protocol state: UP(spoofing)

Description: vSys-interface2 Interface

Maximum transmission unit: 64000

Physical: vSystem

Last clearing of counters:  Never

Last 300 seconds input rate:  0 bytes/sec, 0 bits/sec, 0 packets/sec

Last 300 seconds output rate:  0 bytes/sec, 0 bits/sec, 0 packets/sec

Input: 0 packets, 0 bytes, 0 drops

Output: 0 packets, 0 bytes, 0 drops

Table 5 Command output

Field	Description
Current state	Physical link state of the interface: ·     UP—The interface can transmit and receive the packets. ·     DOWN—The interface cannot transmit or receive the packets.
Line protocol state	Data link layer state of the interface. The field value is UP(spoofing), indicating that the data link layer protocol is up but the link is an on-demand link or does not exist.
Description	Description of the interface.
Maximum transmission unit	MTU of the interface.
Physical: vSystem	Physical type of the interface. The field value is vSystem.
Last clearing of counters	Time when the reset counters interface command was most recently used to clear the interface statistics. This field displays Never if the reset counters interface command has never been used on the interface since device startup.
Last 300 seconds input rate:  0 bytes/sec, 0 bits/sec, 0 packets/sec	Average input rate (in Bps, bps, and pps) in the most recent 300 seconds. This field is available only when the interface supports statistics collection.
Last 300 seconds output rate:  0 bytes/sec, 0 bits/sec, 0 packets/sec	Average output rate (in Bps, bps, and pps) in the most recent 300 seconds. This field is available only when the interface supports statistics collection.
Input: 0 packets, 0 bytes, 0 drops	Statistics about the input packets, including the number of input packets, number of input bytes, and number of dropped packets. This field is available only when the interface supports statistics collection.
Output: 0 packets, 0 bytes, 0 drops	Statistics about the output packets, including the number of output packets, number of output bytes, and number of dropped packets. This field is available only when the interface supports statistics collection.

 

# Display brief information about all vSystem interfaces.

<Sysname> display interface vsys-interface brief

Brief information on interfaces in route mode:

Protocol: (s) - spoofing

Interface            Link Protocol Primary IP      Description

vSys2                 UP   UP(s)    --              forLAN1

Table 6 Command output

Field	Description
Brief information on interfaces in route mode:	Brief information about Layer 3 interfaces.
Protocol: (s) - spoofing	Data link layer state of the interface. The field value is (s) - spoofing, indicating that the data link layer protocol is up but the link is an on-demand link or does not exist. The (s) attribute represents the spoofing flag.
Interface	Abbreviated interface name.
Link	Physical link state of the interface: ·     UP—The interface is physically up. ·     DOWN—The interface is physically down.
Protocol	Data link layer state of the interface. The field value is UP(s).
Primary IP	Primary IP address of the interface.
Description	Description of the interface.

 

Related commands

reset counters interface vsys-interface

interface vsys-interface

Use interface vsys-interface to enter vSystem interface view.

Syntax

interface vsys-interface interface-number

undo interface vsys-interface interface-number

Views

System view

Predefined user roles

network-admin

context-admin

vsys-admin

Parameters

interface-number: Specifies a vSystem interface by its number. It must be the same as the interface number configured on the non-default system where the interface belongs.

 

Usage guidelines

The vSystem interfaces are used for the communication between two non-default vSystems.

A vSystem interface is automatically generated when a default vSystem user creates a non-default vSystem. Each non-default vSystem has only one vSystem interface that cannot be created manually. You can execute the display interface vsys-interface command to view the vSystem interface information.

Examples

# Enter the view of vSystem interface 2.

<Sysname> system-view

[Sysname] interface vsys-interface 2

[Sysname-vSys-interface2]

Related commands

display interface vsys-interface

reset counters interface vsys-interface

Use reset counters interface vsys-interface to clear vSystem interface statistics.

Syntax

reset counters interface [ vsys-interface [ interface-number ] ]

Views

User view

Predefined user roles

network-admin

context-admin

vsys-admin

Parameters

vsys-interface [ interface-number ]: Specifies a vSystem interface by its number. If you do not specify this option, the command clears statistics about all interfaces except VA interfaces. If you specify the vsys-interface keyword without specifying a vSystem interface number, this command clears vSystem interface statistics as follows:

·     On the default vSystem, the statistics about all vSystem interfaces will be cleared.

·     On a non-default vSystem, the statistics about the non-default vSystem will be cleared.

Usage guidelines

To judge whether the specified interface and its link work normally, you can execute this command to clear the existing interface statistics and then the system will start the interface statistics automatically.

This command is supported only when a vSystem interface exists on the device.

Examples

# Clear statistics about vSystem interface 2.

<Sysname> reset counters interface vsys-interface 2

Related commands

display interface vsys-interface