- Table of Contents
- Related Documents
-
Title | Size | Download |
---|---|---|
02-vSystem commands | 140.56 KB |
Contents
vSystem commands for the default vSystem
capability security-policy-rule maximum
description (vSystem interface view)
display interface vsys-interface
display vsys-capability throughput
reset counters interface vsys-interface
vsys-capability throughput alarm enable
vsys-capability throughput drop-logging enable
vSystem commands for non-default vSystems
description (vSystem interface view)
display interface vsys-interface
reset counters interface vsys-interface
vSystem commands
vSystem commands for the default vSystem
allocate interface
Use allocate interface to assign interfaces to a vSystem.
Use undo allocate interface to reclaim interfaces assigned to a vSystem.
Syntax
allocate interface interface-type interface-number
undo allocate interface interface-type interface-number
Default
All interfaces on the device belong to the default vSystem. A non-default vSystem cannot use any interfaces.
Views
vSystem view
Predefined user roles
network-admin
context-admin
Parameters
interface-type: Specify an interface by its type.
interface-number: Specify an interface by its number.
Usage guidelines
An interface can be assigned to only one vSystem.
To allocate Layer 2 interfaces to a vSystem, execute the allocate vlan command to assign a VLAN to a vSystem and then the Layer 2 interfaces in the VLAN will be assigned to the vSystem automatically.
Do not assign the interfaces that are bound with VPN instances to vSystems. Do not bind the interfaces that are assigned to vSystems with VPN instances.
You can use this command multiple times to assign multiple interfaces to a vSystem.
Examples
# Assign GigabitEthernet 1/0/1 to vSystem vsys1.
<Sysname> system-view
[Sysname] vsys vsys1
[Sysname-vsys-2-vsys1] allocate interface gigabitethernet 1/0/1
Related commands
display vsys interface
allocate vlan
Use allocate vlan to assign a VLAN to a vSystem.
Use undo allocate vlan to reclaim a VLAN assigned to a vSystem.
Syntax
allocate vlan vlan-id
undo allocate vlan vlan-id
Default
All VLANs belong to the default vSystem.
Views
vSystem view
Predefined user roles
network-admin
context-admin
Parameters
vlan-id: Assigns a VLAN to the vSystem. Make sure the VLAN has been created.
Usage guidelines
A VLAN can be assigned to only one vSystem.
After a VLAN is assigned to a vSystem, the Layer 2 interfaces in the VLAN will be assigned to the vSystem automatically.
You can use this command multiple times to assign multiple VLANs to a vSystem.
Examples
# Assign VLAN 100 to vSystem vsys1.
<Sysname> system-view
[Sysname] vsys vsys1
[Sysname-vsys-2-vsys1] allocate vlan 100
display vsys vlan
capability security-policy-rule maximum
Use capability security-policy-rule maximum to set the maximum number of security policy rules for a vSystem.
Use undo capability security-policy-rule maximum to restore the default.
Syntax
capability security-policy-rule maximum max-number
undo capability security-policy-rule maximum
Default
The number of security policy rules is not limited for a vSystem.
Views
vSystem view
Predefined user roles
network-admin
context-admin
Parameters
max-number: Specifies the maximum number of security policy rules for the vSystem, in the range of 1 to 4294967295.
Usage guidelines
A large number of security policy rules occupy too much memory, affecting other features on the vSystem. This command sets the maximum number of security policy rules for a vSystem. When the maximum number is reached, you cannot add new security policy rules.
If the setting of this command is greater than the number of existing rules, the device does not delete rules but you cannot add additional security policy rules.
Examples
# Set the maximum number of security policy rules to 1000 for vSystem vys1 with vSystem ID 2.
<Sysname> system-view
[Sysname] vsys vsys1 id 2
[Sysname-vsys-2-vsys1] capability security-policy-rule maximum 1000
Related commands
display security-policy ip (Security Command Reference)
capability session maximum
Use capability session maximum to set the maximum number of concurrent sessions for a vSystem.
Use undo capability session maximum to restore the default.
Syntax
capability session maximum max-number
undo capability session maximum
Default
The number of concurrent sessions is not limited for a vSystem.
Views
vSystem view
Predefined user roles
network-admin
Parameters
max-number: Specifies the maximum number of concurrent sessions for the vSystem. The value range is 1 to 4294967295.
Usage guidelines
A large number of concurrent sessions occupy too much memory, affecting other features on the vSystem. This command sets the maximum number of concurrent sessions for a vSystem. When the maximum number is reached, you cannot establish additional sessions.
If the setting of this command is greater than the number of existing sessions, the device does not close existing sessions but you cannot establish additional sessions.
This command does not affect local traffic, such as FTP traffic, Telnet traffic, SSH traffic, HTTP traffic, and HTTP-based load balancing traffic.
Examples
# Set the maximum number of concurrent sessions to 1000000 for vSystem vys1 with vSystem ID 2.
<Sysname> system-view
[Sysname] vsys vsys1 id 2
[Sysname-vsys-2-vsys1] capability session maximum 1000000
Related commands
vsys
display session statistics (Security Command Reference)
capability session rate
Use capability session rate to set the upper limit of the session establishment rate for a vSystem.
Use undo capability session rate to restore the default.
Syntax
capability session rate max-value
undo capability session rate
Default
The session establishment rate is not limited for a vSystem.
Views
vSystem view
Predefined user roles
network-admin
Parameters
max-value: Specifies the maximum number of sessions that can be established per second, in the range of 1 to 4294967295.
Usage guidelines
Establishing sessions too frequently consumes too much CPU resources. If a vSystem establishes sessions too frequently, other vSystems will not be able to establish sessions. This command sets the number of sessions that can be established per second for a vSystem. When the limit is reached, no additional sessions can be established.
This command does not affect local traffic, such as FTP traffic, Telnet traffic, SSH traffic, HTTP traffic, and HTTP-based load balancing traffic.
Examples
# Configure vSystem vys1 with vSystem ID 2 to establish a maximum of 20000 sessions per second.
<Sysname> system-view
[Sysname] vsys vsys1 id 2
[Sysname-vsys-2-vsys1] capability session rate 20000
Related commands
vsys
display session statistics (Security Command Reference)
capability throughput
Use capability throughput to set the inbound throughput threshold for a vSystem.
Use undo capability throughput to restore the default.
Syntax
capability throughput { kbps | pps } threshold
undo capability throughput
Default
The inbound throughput of a vSystem is not limited on a vSystem.
Views
vSystem view
Predefined user roles
network-admin
context-admin
Parameters
kbps: Specifies the inbound throughput in kilobits per second.
pps: Specifies the inbound throughput in packets per second.
threshold: Specifies the inbound throughput threshold in the range of 1000 to 100000000.
Usage guidelines
You can execute this command to specify an inbound throughput threshold for a vSystem. With the inbound throughput threshold configured, the vSystem can only use a bandwidth lower than or equal to the specified inbound throughput threshold value to forward the packets.
Examples
# Set the inbound throughput threshold to 100000 kbps for vSystem vys1 with vSystem ID 2.
<Sysname> system-view
[Sysname] vsys vsys1 id 2
[Sysname-vsys-2-vsys1] capability throughput kbps 10000
Related commands
vsys-capability throughput drop-logging enable
default
Use default to restore the default settings for an interface.
Syntax
default
Views
vSystem interface view
Predefined user roles
network-admin
context-admin
Usage guidelines
CAUTION: The default command might interrupt ongoing network services. Make sure you are fully aware of the impacts of this command when you use it in a live network. |
This command might fail to restore the default settings for some commands because of command dependencies or system restrictions. You can use the display this command in interface view to identify these commands, and use their undo forms or follow the command reference to restore their default settings. If your restoration attempt still fails, follow the error message instructions to solve the problem.
Examples
# Restore the default settings for vSystem interface 2.
<Sysname> system-view
[Sysname] interface vsys-interface 2
[Sysname-vSys-interface2] default
description (vSystem view)
Use description to configure a description for a vSystem.
Use undo description to restore the default.
Syntax
description text
undo description
Views
vSystem view
Predefined user roles
network-admin
context-admin
Parameters
text: Specifies a description, a case-sensitive string of 1 to 255 characters.
Usage guidelines
You can configure a description for each vSystem, which is useful to maintain vSystems.
Examples
# Configure a description for vSystem vsys1.
<Sysname> system-view
[Sysname] vsys vsys1
[Sysname-vsys-2-vsys1] description test
Related commands
display vsys
description (vSystem interface view)
Use description to configure the description of an interface.
Use undo description to restore the default.
Syntax
description text
undo description
Default
The description of a vSystem interface is interface name Interface, for example, vSys-interface2 Interface.
Views
vSystem interface view
Predefined user roles
network-admin
context-admin
Parameters
text: Specifies a description, a case-sensitive string of 1 to 255 characters.
Usage guidelines
For interface identification and easy maintenance, you can configure a description for an interface according to its connection and usage.
You can execute the display interface vsys-interface command view the configured description.
Examples
# Configure "for RouterID" as the description of vSystem interface 2.
<Sysname> system-view
[Sysname] interface vsys-interface 2
[Sysname-vSys-interface2] description for RouterID
Related commands
display interface vsys-interface
display interface vsys-interface
Use display interface vsys-interface to display vSystem interface information.
Syntax
display interface [ vsys-interface [ interface-number ] ] [ brief [ description ] ]
Views
Any view
Predefined user roles
network-admin
network-operator
context-admin
context-operator
Parameters
vsys-interface [ interface-number ]: Specifies a vSystem interface by its number. Make sure the specified vSystem interface has been created. If you do not specify this option, the command displays information about all interfaces except VA interfaces. If you specify the vsys-interface keyword without specifying a vSystem interface number, this command displays information about all created vSystem interfaces. For more information about VA interfaces, see PPP in Layer 2—WAN Access Configuration Guide.
brief: Displays brief interface information. If you do not specify this keyword, the command displays detailed interface information.
description: Displays complete interface descriptions. If you do not specify this keyword, the command displays only the first 27 characters of each interface description.
Usage guidelines
This command is supported only when a vSystem interface exists on the device.
On the default vSystem, you can view information about all vSystem interfaces. On a non-default vSystem, you can view information about the vSystem interface with same vSystem ID.
Examples
# Display information about vSystem interface 2.
<Sysname> display interface vsys-interface 2
vSys-interface2
Current state: UP
Line protocol state: UP(spoofing)
Description: vSys-interface2 Interface
Maximum transmission unit: 64000
Physical: vSystem
Last clearing of counters: Never
Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Input: 0 packets, 0 bytes, 0 drops
Output: 0 packets, 0 bytes, 0 drops
Table 1 Command output
Field |
Description |
Current state |
Physical link state of the interface: · UP—The interface can transmit and receive the packets. · DOWN—The interface cannot transmit or receive the packets. |
Line protocol state |
Data link layer state of the interface. The field value is UP(spoofing), indicating that the data link layer protocol is up but the link is an on-demand link or does not exist. |
Description |
Description of the interface. |
Maximum transmission unit |
MTU of the interface. |
Physical: vSystem |
Physical type of the interface. The field value is vSystem. |
baudrate |
Baudrate in kbps. |
Last clearing of counters |
Time when the reset counters interface command was most recently used to clear the interface statistics. This field displays Never if the reset counters interface command has never been used on the interface since device startup. |
Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec |
Average input rate (in Bps, bps, and pps) in the most recent 300 seconds. This field is available only when the interface supports statistics collection. |
Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec |
Average output rate (in Bps, bps, and pps) in the most recent 300 seconds. This field is available only when the interface supports statistics collection. |
Input: 0 packets, 0 bytes, 0 drops |
Statistics about the input packets, including the number of input packets, number of input bytes, and number of dropped packets. This field is available only when the interface supports statistics collection. |
Output: 0 packets, 0 bytes, 0 drops |
Statistics about the output packets, including the number of output packets, number of output bytes, and number of dropped packets. This field is available only when the interface supports statistics collection. |
# Display brief information about all vSystem interfaces.
<Sysname> display interface vsys-interface brief
Brief information on interfaces in route mode:
Protocol: (s) - spoofing
Interface Link Protocol Primary IP Description
vSys2 UP UP(s) -- forLAN1
Table 2 Command output
Field |
Description |
Brief information on interfaces in route mode: |
Brief information about Layer 3 interfaces. |
Protocol: (s) - spoofing |
Data link layer state of the interface. The field value is (s) - spoofing, indicating that the data link layer protocol is up but the link is an on-demand link or does not exist. The (s) attribute represents the spoofing flag. |
Interface |
Abbreviated interface name. |
Link |
Physical link state of the interface: · UP—The interface is physically up. · DOWN—The interface is physically down. |
Protocol |
Data link layer state of the interface. The field value is UP(s). |
Primary IP |
Primary IP address of the interface. |
Description |
Description of the interface. |
Related commands
reset counters interface vsys-interface
display vsys-capability throughput
Use display vsys-capability throughput to display throughput usage information for vSystems.
Syntax
In standalone mode:
display vsys-capability throughput [ name vsys-name ] [ slot slot-number cpu cpu-number ]
In IRF mode:
display vsys-capability throughput [ name vsys-name ] [ chassis chassis-number slot slot-number cpu cpu-number ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
vsys-name: Specifies a vSystem by its name, a case-sensitive string of 1 to 31 characters. If you do not specify a vSystem, this command displays throughput usage information for all vSystems.
slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays throughput usage information for vSystems on all cards. (In standalone mode.)
chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the card. If you do not specify a card, this command displays throughput usage information for vSystems on all cards of all IRF member devices. (In IRF mode.)
cpu cpu-number: Specifies a CPU by its number. This option is available only if multiple CPUs are available on the specified slot.
Examples
# Display throughput usage information for all vSystems.
<Sysname> display vsys-capability throughput
Throughput usage:
Slot 1 CPU 0:
ID Name Maximum Used Free Usage(%) Unit
1 Admin NA 0 NA 0 NA
2 vvsys1 10000 1000 9000 10 kbps
3 vsys2 200000 10000 10000 50 pps
Table 3 Command output
Field |
Description |
ID |
vSystem ID. |
Name |
vSystem name. |
Maximum |
Inbound throughput threshold for the vSystem. If no inbound throughput threshold is set for the vSystem, this field displays NA. |
Used |
Used inbound throughput of the vSystem. If no inbound throughput threshold is set for the vSystem, this field displays 0. |
Free |
Remaining inbound throughput of the vSystem. This value is the result of the maximum inbound throughput of the vSystem minus the used inbound throughput of the vSystem. If no inbound throughput threshold is set for the vSystem, this field displays NA. |
Usage |
Percentage of the used inbound throughput to the inbound throughput threshold for the vSystem. If no inbound throughput threshold is set for the vSystem, this field displays 0. |
Unit |
Throughput unit. If no inbound throughput threshold is set for the vSystem, this field displays NA. |
Related commands
capability throughput
display vsys
Use display vsys to display vSystems.
Syntax
display vsys [ name vsys-name ]
Views
Any view
Predefined user roles
network-admin
network-operator
context-admin
context-operator
Parameters
name vsys-name: Specifies a vSystem by its name, a case-sensitive string of 1 to 15 characters. If you do not specify this option, this command displays all vSystems.
Examples
# Display all vSystems.
<Sysname> display vsys
ID Name Status Description
1 admin Active Default
2 aaa Active vsys2
Table 4 Command output
Description |
|
Status of the vSystem. Active indicates that the vSystem is active. |
Related commands
description
vsys
display vsys interface
Use display vsys interface to display interfaces assigned to vSystems.
Syntax
display vsys [ name vsys-name ] interface
Views
Any view
Predefined user roles
network-admin
network-operator
context-admin
context-operator
Parameters
name vsys-name: Specifies a vSystem by its name, a case-sensitive string of 1 to 31 characters. If you do not specify this option, this command displays the interfaces for all vSystems.
Examples
# Display the interfaces for all vSystems.
<Sysname> display vsys interface
vSystem vsys1's interfaces:
gigabitethernet 1/0/2
vSystem vsys2's interfaces:
gigabitethernet 1/0/3
Related commands
allocate interface
display vsys vlan
Use display vsys vlan to display VLAN lists for vSystems.
Syntax
display vsys [ name vsys-name ] vlan
Views
Any view
Predefined user roles
network-admin
network-operator
context-admin
context-operator
Parameters
name vsys-name: Specifies a vSystem by its name, a case-sensitive string of 1 to 31 characters. If you do not specify tthis option, this command displays VLAN lists for all vSystems.
Examples
# Display VLAN lists for all vSystems.
<Sysname> display vsys vlan
vSystem vsys1's VLANs:
2,4094
vSystem vsys2's VLANs:
5,6,3400
Related commands
allocate vlan
interface vsys-interface
Use interface vsys-interface to enter vSystem interface view.
Syntax
interface vsys-interface interface-number
undo interface vsys-interface interface-number
Views
System view
Predefined user roles
network-admin
context-admin
Parameters
interface-number: Specifies a vSystem interface by its number. It must be the same as the interface number configured on the non-default system where the interface belongs.
Usage guidelines
The vSystem interfaces are used for the communication between two non-default vSystems.
A vSystem interface is automatically generated when a default vSystem user creates a non-default vSystem. Each non-default vSystem has only one vSystem interface that cannot be created manually. You can execute the display interface vsys-interface command to view the vSystem interface information.
Examples
# Enter the view of vSystem interface 2.
<Sysname> system-view
[Sysname] interface vsys-interface 2
[Sysname-vSys-interface2]
Related commands
display interface vsys-interface
vsys
reset counters interface vsys-interface
Use reset counters interface vsys-interface to clear vSystem interface statistics.
Syntax
reset counters interface [ vsys-interface [ interface-number ] ]
Views
User view
Predefined user roles
network-admin
context-admin
Parameters
vsys-interface [ interface-number ]: Specifies a vSystem interface by its number. If you do not specify this option, the command clears statistics about all interfaces except VA interfaces. If you specify the vsys-interface keyword without specifying a vSystem interface number, this command clears vSystem interface statistics as follows:
· On the default vSystem, the statistics about all vSystem interfaces will be cleared.
· On a non-default vSystem, the statistics about the non-default vSystem will be cleared.
Usage guidelines
To judge whether the specified interface and its link work normally, you can execute this command to clear the existing interface statistics and then the system will start the interface statistics automatically.
This command is supported only when a vSystem interface exists on the device.
Examples
# Clear statistics about vSystem interface 2.
<Sysname> reset counters interface vsys-interface 2
Related commands
display interface vsys-interface
save vsys
Use save vsys to save current configuration of a vSystem to a text file.
Syntax
save vsys vsys-name [ file-url ]
Views
System view
Predefined user roles
network-admin
context-admin
Parameters
vsys-name: Specifies a vSystem name, a case-sensitive string of 1 to 31 characters.
file-url: Specifies a file path, a string of up to 255 characters. The file must be a .cfg file.
Usage guidelines
You can execute this command to save the configuration of a vSystem to the specified text file. If the file specified for this command does not exist, the system creates the file before saving the configuration. If the file already exists, the system overwrite the file with the same name.
If you do not specify a file path or use a file path same as the next-startup configuration file, the specified vSystem configuration will be saved in the next-startup configuration file. After the device reboot, the vSystem will be restored according to the saved configuration.
Examples
# Save current configuration of vSystem abc to abcvsys.cfg.
<Sysname> save vsys abc abcvsys.cfg
The configuration of vSystem abc will be saved to flash:/abcvsys.cfg. Continue? [Y/N]:y
Now saving the configuration of vSystem abc to the device.
Saving configuration flash:/abcvsys.cfg. Please wait...
Configuration is saved to device successfully.
switchto vsys
Use switchto vsys to log in to a non-default vSystem from the system view of the default vSystem and enter the user view of the non-default vSystem.
Syntax
switchto vsys vsys-name
Views
System view
Predefined user roles
network-admin
context-admin
Parameters
vsys-name: Specifies a non-default vSystem by its name, a case-sensitive string of 1 to 31 characters.
Usage guidelines
A default vSystem user can execute this command on the device to log in to any non-default vSystem for configuration and management.
Examples
# Log in to vSystem abc from the system view of the default vSystem.
<Sysname> system-view
[Sysname] switchto vsys abc
<Sysname-abc>
vsys
Use vsys to create a vSystem and enter its view, or enter the view of an existing vSystem.
Use undo vsys to delete a vSystem.
Syntax
vsys vsys-name [ id vsys-id ]
undo vsys vsys-name
Default
A default vSystem exists. The vSystem name is Admin and the vSystem ID is 1.
Views
System view
Predefined user roles
network-admin
context-admin
Parameters
vsys-name: Specifies a vSystem by its name, a case-sensitive string of 1 to 31 characters. Valid characters are letters, digits, underscores (_), and hyphens (-). A vSystem name cannot be any form of admin.
id vsys-id: Specifies a vSystem by its ID. If you do not specify this option, the system assigns the lowest ID among the available IDs to the vSystem.
The following compatibility matrix shows the value ranges for the vSystem ID:
Hardware platform |
Module type |
Value range |
M9006 M9010 M9014 |
Blade IV firewall module |
2 to 2048 |
Blade V firewall module |
2 to 2048 |
|
NAT module |
2 to 2048 |
|
M9010-GM |
Encryption module |
2 to 2048 |
M9016-V |
Blade V firewall module |
2 to 2048 |
M9008-S M9012-S |
Blade IV firewall module |
2 to 2048 |
Intrusion prevention service (IPS) module |
2 to 2048 |
|
Video network gateway module |
2 to 2048 |
|
M9008-S-6GW |
IPv6 module |
2 to 2048 |
M9008-S-V |
Blade IV firewall module |
2 to 2048 |
M9000-AI-E4 M9000-AI-E8 M9000-AI-E16 |
Blade V firewall module |
2 to 2048 |
M9000-X06 |
Blade VI firewall module |
2 to 2048 |
M9000-X10 |
Blade VI firewall module |
2 to 4000 |
Usage guidelines
The default vSystem is the root system. You cannot delete it.
When you execute this command to create a vSystem, a VPN instance with the same name will be created and the created vSystem will be bound to the VPN instance automatically. Make sure the vSystem name is not the same as the existing VPN instance name.
Delete a vSystem with caution. Deleting a vSystem deletes all settings of the vSystem.
If you execute this command multiple times, you can create multiple non-default vSystems.
Examples
# Create a non-default vSystem named vsys1 with vSystem ID 2.
<Sysname> system-view
[Sysname] vsys vsys1 id 2
[Sysname-vsys-2-vsys1]
Related commands
display vsys
vsys-capability throughput alarm enable
Use vsys-capability throughput alarm enable to enable inbound throughput alarm for vSystems and set the alarm threshold.
Use undo vsys-capability throughput alarm enable to disable inbound throughput alarm for vSystems.
Syntax
vsys-capability throughput alarm enable alarm-threshold alarm-threshold
undo vsys-capability throughput alarm enable
Default
Inbound throughput alarm for vSystems is disabled.
Views
System view
Predefined user roles
network-admin
network-operator
Parameters
alarm-threshold alarm-threshold: Sets the throughput alarm threshold, in percentage. The value range for the alarm-threshold argument is 1 to 99.
Usage guidelines
This command is deployed to all vSystems on the device.
For this command to take effect on a vSystem, you must use the capability throughput command to set the inbound throughput threshold for the vSystem.
With the vsys-capability throughput alarm enable command, the device generates an alarm log message when the percentage of the used inbound throughput of a vSystem to its inbound throughput threshold exceeds the specified alarm threshold. When the percentage drops below the alarm threshold, the device generates a recovery log message. The log messages are sent to the information center. You can configure the information center to output the log messages to a specific destination. For more information about the information center, see Network Management and Monitoring Configuration Guide.
Examples
# Enable inbound throughput alarm for vSystems and set the alarm threshold to 80%.
<Sysname> system-view
[Sysname] vsys-capability throughput alarm enable alarm-threshold 80
Related commands
capability throughput
vsys-capability throughput drop-logging enable
Use vsys-capability throughput drop-logging enable to enable packet drop logging for packets dropped because of vSystem inbound throughput limit.
Use undo vsys-capability throughput drop-logging enable to disable packet drop logging for packets dropped because of vSystem inbound throughput limit.
Syntax
vsys-capability throughput drop-logging enable
undo vsys-capability throughput drop-logging enable
Default
Packet drop logging is disabled for packets dropped because of vSystem inbound throughput limit.
Views
System view
Predefined user roles
network-admin
network-operator
Usage guidelines
This command is deployed to all vSystems on the device.
For this command to take effect on a vSystem, you must use the capability throughput command to set the inbound throughput threshold for the vSystem.
With the vsys-capability throughput drop-logging enable command, the device drops subsequent packets on a vSystem after the used inbound throughput of the vSystem reaches the inbound throughput threshold and generates log messages for the dropped packets. When the used inbound throughput of the vSystem drops below the inbound throughput threshold, the device generates a recovery log message and stops dropping packets. The log messages are sent to the information center. You can configure the information center to output the log messages to a specific destination. For more information about the information center, see Network Management and Monitoring Configuration Guide.
Examples
# Enable packet drop logging for packets dropped because of vSystem inbound throughput limit.
<Sysname> system-view
[Sysname] vsys-capability throughput drop-logging enable
Related commands
capability throughput
vSystem commands for non-default vSystems
description (vSystem interface view)
Use description to configure the description of an interface.
Use undo description to restore the default.
Syntax
description text
undo description
Default
The description of a vSystem interface is interface name Interface, for example, vSys-interface2 Interface.
Views
vSystem interface view
Predefined user roles
network-admin
context-admin
vsys-admin
Parameters
text: Specifies a description, a case-sensitive string of 1 to 255 characters.
Usage guidelines
For interface identification and easy maintenance, you can configure a description for an interface according to its connection and usage.
You can execute the display interface vsys-interface command view the configured description.
Examples
# Configure "for RouterID" as the description of vSystem interface 2.
<Sysname> system-view
[Sysname] interface vsys-interface 2
[Sysname-vSys-interface2] description for RouterID
Related commands
display interface vsys-interface
display interface vsys-interface
Use display interface vsys-interface to display vSystem interface information.
Syntax
display interface [ vsys-interface [ interface-number ] ] [ brief [ description ] ]
Views
Any view
Predefined user roles
network-admin
network-operator
context-admin
context-operator
vsys-admin
vsys-operator
Parameters
vsys-interface [ interface-number ]: Specifies a vSystem interface by its number. Make sure the specified vSystem interface has been created. If you do not specify this option, the command displays information about all interfaces except VA interfaces. If you specify the vsys-interface keyword without specifying a vSystem interface number, this command displays information about all created vSystem interfaces. For more information about VA interfaces, see PPP in Layer 2—WAN Access Configuration Guide.
brief: Displays brief interface information. If you do not specify this keyword, the command displays detailed interface information.
description: Displays complete interface descriptions. If you do not specify this keyword, the command displays only the first 27 characters of each interface description.
Usage guidelines
This command is supported only when a vSystem interface exists on the device.
On the default vSystem, you can view information about all vSystem interfaces. On a non-default vSystem, you can view information about the vSystem interface with same vSystem ID.
Examples
# Display information about vSystem interface 2.
<Sysname> display interface vsys-interface 2
vSys-interface2
Current state: UP
Line protocol state: UP(spoofing)
Description: vSys-interface2 Interface
Maximum transmission unit: 64000
Physical: vSystem
Last clearing of counters: Never
Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Input: 0 packets, 0 bytes, 0 drops
Output: 0 packets, 0 bytes, 0 drops
Table 5 Command output
Field |
Description |
Current state |
Physical link state of the interface: · UP—The interface can transmit and receive the packets. · DOWN—The interface cannot transmit or receive the packets. |
Line protocol state |
Data link layer state of the interface. The field value is UP(spoofing), indicating that the data link layer protocol is up but the link is an on-demand link or does not exist. |
Description |
Description of the interface. |
Maximum transmission unit |
MTU of the interface. |
Physical: vSystem |
Physical type of the interface. The field value is vSystem. |
Last clearing of counters |
Time when the reset counters interface command was most recently used to clear the interface statistics. This field displays Never if the reset counters interface command has never been used on the interface since device startup. |
Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec |
Average input rate (in Bps, bps, and pps) in the most recent 300 seconds. This field is available only when the interface supports statistics collection. |
Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec |
Average output rate (in Bps, bps, and pps) in the most recent 300 seconds. This field is available only when the interface supports statistics collection. |
Input: 0 packets, 0 bytes, 0 drops |
Statistics about the input packets, including the number of input packets, number of input bytes, and number of dropped packets. This field is available only when the interface supports statistics collection. |
Output: 0 packets, 0 bytes, 0 drops |
Statistics about the output packets, including the number of output packets, number of output bytes, and number of dropped packets. This field is available only when the interface supports statistics collection. |
# Display brief information about all vSystem interfaces.
<Sysname> display interface vsys-interface brief
Brief information on interfaces in route mode:
Protocol: (s) - spoofing
Interface Link Protocol Primary IP Description
vSys2 UP UP(s) -- forLAN1
Table 6 Command output
Field |
Description |
Brief information on interfaces in route mode: |
Brief information about Layer 3 interfaces. |
Protocol: (s) - spoofing |
Data link layer state of the interface. The field value is (s) - spoofing, indicating that the data link layer protocol is up but the link is an on-demand link or does not exist. The (s) attribute represents the spoofing flag. |
Interface |
Abbreviated interface name. |
Link |
Physical link state of the interface: · UP—The interface is physically up. · DOWN—The interface is physically down. |
Protocol |
Data link layer state of the interface. The field value is UP(s). |
Primary IP |
Primary IP address of the interface. |
Description |
Description of the interface. |
Related commands
reset counters interface vsys-interface
interface vsys-interface
Use interface vsys-interface to enter vSystem interface view.
Syntax
interface vsys-interface interface-number
undo interface vsys-interface interface-number
Views
System view
Predefined user roles
network-admin
context-admin
vsys-admin
Parameters
interface-number: Specifies a vSystem interface by its number. It must be the same as the interface number configured on the non-default system where the interface belongs.
Usage guidelines
The vSystem interfaces are used for the communication between two non-default vSystems.
A vSystem interface is automatically generated when a default vSystem user creates a non-default vSystem. Each non-default vSystem has only one vSystem interface that cannot be created manually. You can execute the display interface vsys-interface command to view the vSystem interface information.
Examples
# Enter the view of vSystem interface 2.
<Sysname> system-view
[Sysname] interface vsys-interface 2
[Sysname-vSys-interface2]
Related commands
display interface vsys-interface
reset counters interface vsys-interface
Use reset counters interface vsys-interface to clear vSystem interface statistics.
Syntax
reset counters interface [ vsys-interface [ interface-number ] ]
Views
User view
Predefined user roles
network-admin
context-admin
vsys-admin
Parameters
vsys-interface [ interface-number ]: Specifies a vSystem interface by its number. If you do not specify this option, the command clears statistics about all interfaces except VA interfaces. If you specify the vsys-interface keyword without specifying a vSystem interface number, this command clears vSystem interface statistics as follows:
· On the default vSystem, the statistics about all vSystem interfaces will be cleared.
· On a non-default vSystem, the statistics about the non-default vSystem will be cleared.
Usage guidelines
To judge whether the specified interface and its link work normally, you can execute this command to clear the existing interface statistics and then the system will start the interface statistics automatically.
This command is supported only when a vSystem interface exists on the device.
Examples
# Clear statistics about vSystem interface 2.
<Sysname> reset counters interface vsys-interface 2
Related commands
display interface vsys-interface