Login
- Table of Contents
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 07-Layer 2 forwarding commands | 123.04 KB |
Contents
Normal Layer 2 forwarding commands
display mac-forwarding statistics
reset mac-forwarding statistics
Fast Layer 2 forwarding commands
display mac-forwarding cache ip
display mac-forwarding cache ip fragment
display mac-forwarding cache ipv6
mac fast-forwarding check-vlan-id
bridge mac-address timer aging
bridge tunnel-encapsulation skip
Fast bridge forwarding commands
bridge fast-forwarding check-vlan-id
display bridge cache ip fragment
Layer 2 forwarding commands
Normal Layer 2 forwarding commands
display mac-forwarding statistics
Use display mac-forwarding statistics to display Layer 2 forwarding statistics.
Syntax
display mac-forwarding statistics [ interface interface-type interface-number ]
Views
Any view
Predefined user roles
network-admin
network-operator
context-admin
context-operator
Parameters
interface interface-type interface-number: Specifies an interface by its type and number. If you do not specify this option, the command displays Layer 2 forwarding statistics on all interfaces.
Examples
# Display Layer 2 forwarding statistics on all interfaces.
<Sysname> display mac-forwarding statistics
Input:
Sum: 888 Unknown Unicast: 0
Broadcast: 0 Multicast: 0
Filtered: 0 STP discarded: 0
Service dropped: 0 Source dropped: 0
Unknown dropped: 0 Learning dropped: 0
Blackhole dropped: 0 Suppress dropped: 0
Source MAC dropped:0
Deliver:
Sum: 111 L2 protocol: 11
Local MAC address: 100
Output:
Sum: 666 Filtered: 0
Blackhole dropped: 0 STP discarded: 0
Service dropped: 0 Dest MAC dropped: 0
# Display Layer 2 forwarding statistics on GigabitEthernet 1/0/1.
<Sysname> display mac-forwarding statistics interface gigabitethernet 1/0/1
GigabitEthernet1/0/1:
Input frames: 100 Output frames:100
Filtered: 0
Table 1 Command output
|
Field |
Description |
|
Input |
Inbound Ethernet frame statistics. · Sum—Total number of received Ethernet frames. · Filtered—Number of Ethernet frames filtered out by 802.1Q VLAN inbound filtering rules. · STP discarded—Number of inbound Ethernet frames dropped on the ports blocked by STP. · Service dropped—Number of Ethernet frames dropped by inbound service features. · Source dropped—Number of Ethernet frames dropped because their source MAC addresses are all-zeros, multicast, or broadcast MAC addresses. · Unknown dropped—Number of Ethernet frames dropped because the device is disabled from forwarding frames with unknown source MAC addresses. · Learning dropped—Number of Ethernet frames dropped because the device is disabled from forwarding unknown frames after the number of learned MAC addresses reaches the upper limit. · Suppress dropped—Number of Ethernet frames dropped by storm suppression. · Broadcast—Number of received broadcast Ethernet frames. · Multicast—Number of received multicast Ethernet frames. · Unknown unicast—Number of received unknown unicast Ethernet frames. · Blackhole dropped—Number of Ethernet frames dropped because they are sourced from blackhole MAC addresses. · Source MAC dropped—Number of Ethernet frames dropped by features based on the source MAC addresses. |
|
Deliver |
Statistics of Ethernet frames delivered to the CPU. · Sum—Total number of Ethernet frames delivered to the CPU. · L2 protocol—Number of Layer 2 protocol Ethernet frames delivered to the CPU. · Local MAC address—Number of Ethernet frames that use the MAC addresses of local Layer 3 VLAN interfaces as the destination MAC addresses. |
|
Output |
Outbound Ethernet frame statistics. · Sum—Total number of sent Ethernet frames. · Filtered—Number of Ethernet frames filtered out by 802.1Q VLAN outbound filtering rules. · Blackhole dropped—Number of Ethernet frames dropped because they are destined for blackhole MAC addresses. · STP discarded—Number of outbound Ethernet frames dropped on the ports blocked by STP. · Service dropped—Number of Ethernet frames dropped by outbound service features. · Dest MAC dropped—Number of Ethernet frames dropped by features based on the destination MAC addresses. |
|
GigabitEthernet1/0/1 |
Layer 2 forwarding statistics on GigabitEthernet 1/0/1: · Input frames—Number of Ethernet frames received on the interface. · Output frames—Number of Ethernet frames sent out of the interface. · Filtered—Number of Ethernet frames filtered out because they are from other VLANs. |
reset mac-forwarding statistics
Use reset mac-forwarding statistics to clear Layer 2 forwarding statistics.
Syntax
reset mac-forwarding statistics
Views
User view
Predefined user roles
network-admin
network-operator
context-admin
context-operator
Examples
# Clear Layer 2 forwarding statistics.
<Sysname> reset mac-forwarding statistics
Fast Layer 2 forwarding commands
display mac-forwarding cache ip
Use display mac-forwarding cache ip to display IPv4 fast forwarding entries.
Syntax
display mac-forwarding cache ip [ ip-address ] [ slot slot-number ]
Views
Any view
Predefined user roles
network-admin
network-operator
context-admin
context-operator
Parameters
ip-address: Specifies an IPv4 address. If you do not specify an IPv4 address, this command displays all IPv4 fast forwarding entries.
slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command displays IPv4 fast forwarding entries for all member devices.
Examples
# Display all IPv4 fast forwarding entries.
<Sysname> display mac-forwarding cache ip
Total number of mac-forwarding entries: 2
SIP SPort DIP DPort Pro Input_If Output_If VLAN
1.1.1.2 99 1.1.1.1 2048 1 GE1/0/1 GE1/0/2 2
1.1.1.1 98 1.1.1.2 2012 1 GE1/0/2 GE1/0/1 2
Table 2 Command output
|
Description |
|
|
Total number of mac-forwarding entries |
Total number of IPv4 fast forwarding entries. |
|
SIP |
Source IPv4 address. |
|
SPort |
Source port number. |
|
DIP |
Destination IPv4 address. |
|
DPort |
Destination port number. |
|
Pro |
Protocol number. |
|
Input_If |
Input interface type and number. If no input interface is involved in fast forwarding, this field displays N/A. If no input interface is available, this field displays a hyphen (-). |
|
Output_If |
Output interface type and number. If no output interface is involved in fast forwarding, this field displays N/A. If no output interface is available, this field displays a hyphen (-). |
|
VLAN |
VLAN ID. |
display mac-forwarding cache ip fragment
Use display mac-forwarding cache ip fragment to display IPv4 fast forwarding entries for fragments.
Syntax
display mac-forwarding cache ip fragment [ ip-address ] [ slot slot-number ]
Views
Any view
Predefined user roles
network-admin
network-operator
context-admin
context-operator
Parameters
ip-address: Specifies an IPv4 address. If you do not specify an IPv4 address, this command displays IPv4 fast forwarding entries for all fragments.
slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command displays IPv4 fast forwarding entries for fragments on all member devices.
Examples
# Display IPv4 fast forwarding entries for all fragments.
<Sysname> display mac-forwarding cache ip fragment
Total number of fragment mac-forwarding entries: 2
SIP SPort DIP DPort Pro Input_If ID VLAN
1.1.1.1 117 1.1.1.2 0 1 GE1/0/1 2828 1
1.1.1.2 110 1.1.1.1 67 17 GE1/0/2 2322 1
Table 3 Command output
|
Field |
Description |
|
Total number of fragment mac-forwarding entries |
Total number of IPv4 fast forwarding entries for fragments. |
|
SIP |
Source IPv4 address. |
|
SPort |
Source port number. |
|
DIP |
Destination IPv4 address. |
|
DPort |
Destination port number. |
|
Pro |
Protocol number. |
|
Input_If |
Input interface type and number. If no input interface is involved in fast forwarding, this field displays N/A. If no input interface is available, this field displays a hyphen (-). |
|
ID |
Fragment ID. |
|
VLAN |
VLAN ID. |
display mac-forwarding cache ipv6
Use display mac-forwarding cache ipv6 to display IPv6 fast forwarding entries.
Syntax
display mac-forwarding cache ipv6 [ ipv6-address ] [ slot slot-number ]
Views
Any view
Predefined user roles
network-admin
network-operator
context-admin
context-operator
Parameters
ipv6-address: Specifies an IPv6 address. If you do not specify an IPv6 address, this command displays all IPv6 fast forwarding entries.
slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command displays IPv6 fast forwarding entries for all member devices.
Examples
# Display all IPv6 fast forwarding entries.
<Sysname> display mac-forwarding cache ipv6
Total number of IPv6 mac-forwarding items: 1
Src IP: 2002::1 Src port: 129
Dst IP: 2001::1 Dst port: 65535
VLAN ID: 2
Protocol: 2
Input interface: GE1/0/2
Output interface: GE1/0/1
Table 4 Command output
|
Field |
Description |
|
Total number of IPv6 mac-forwarding items |
Total number of IPv6 fast forwarding entries. |
|
Src IP |
Source IPv6 address. |
|
Src port |
Source port number. |
|
Dst IP |
Destination IPv6 address. |
|
Dst Port |
Destination port number. |
|
Protocol |
Protocol number. |
|
Input interface |
Input interface type and number. If no input interface is involved in fast forwarding, this field displays N/A. If no input interface is available, this field displays a hyphen (-). |
|
Output interface |
Output interface type and number. If no output interface is involved in fast forwarding, this field displays N/A. If no output interface is available, this field displays a hyphen (-). |
mac fast-forwarding check-vlan-id
Use mac fast-forwarding check-vlan-id to enable VLAN ID check for fast Layer 2 forwarding.
Use undo mac fast-forwarding check-vlan-id to disable VLAN ID check for fast Layer 2 forwarding.
Syntax
mac fast-forwarding check-vlan-id
undo mac fast-forwarding check-vlan-id
Default
VLAN ID check is enabled for fast Layer 2 forwarding.
Views
System view
Predefined user roles
network-admin
context-admin
Usage guidelines
This feature allows the device to check whether the VLAN ID of a flow matches that of any fast forwarding entry. If no match is found, the flow does not match any fast forwarding entry.
The VLAN ID of a packet helps the device to determine the TCP session to which the packet belongs. On a hot backup system formed by two firewalls, you must disable VLAN ID check if the traffic incoming interfaces on the primary and secondary devices belong to different VLANs. If you enable VLAN ID check, traffic cannot match session entries correctly when asymmetric-path traffic exists.
Examples
# Enable VLAN ID check for fast Layer 2 forwarding.
<Sysname> system-view
[Sysname] mac fast-forwarding check-vlan-id
Bridge forwarding commands
add interface
Use add interface to add an interface to a reflect-type, forward-type, or blackhole-type bridge instance.
Use undo add interface to remove an interface from a reflect-type, forward-type, or blackhole-type bridge instance.
Syntax
add interface interface-type interface-number
undo add interface interface-type interface-number
Default
No interfaces exist in a reflect-type, forward-type, or blackhole-type bridge instance.
Views
Reflect-type bridge view
Forward-type bridge view
Blackhole-type bridge view
Predefined user roles
network-admin
context-admin
Parameters
interface-type interface-number: Specifies an interface by its type and number.
Usage guidelines
You can add only Layer 2 physical interfaces, Layer 3 physical interfaces, or Layer 2 aggregate interfaces to reflect-type, forward-type, or blackhole-type bridge instances.
Only one interface can be added to a reflect-type or blackhole-type bridge instance.
Only two interfaces can be added to a manually created forward-type bridge instance. The two interfaces must be the same type.
Each interface can be added to only one bridge instance.
This command is not available for a forward-type bridge instance that is automatically created upon insertion of a hardware bypass subcard. An automatically created forward-type bridge instance uses the pair of interfaces on the bypass subcard by default and you cannot edit the interfaces in the instance.
If you execute this command multiple times in reflect-type or blackhole-type bridge view, the most recent configuration takes effect.
If you execute this command multiple times in forward-type bridge view, the most recent two configurations take effect.
Examples
# Add GigabitEthernet 1/0/1 to reflect-type bridge instance 1.
<Sysname> system-view
[Sysname] bridge 1 reflect
[Sysname-bridge1-reflect] add interface gigabitethernet 1/0/1
add vlan
Use add vlan to add a list of VLANs to an inter-VLAN bridge instance.
Use undo add vlan to remove VLANs from an inter-VLAN bridge instance.
Syntax
add vlan vlan-id-list
undo add vlan [ vlan-id-list ]
Default
No VLANs exist in an inter-VLAN bridge instance.
Views
Inter-VLAN bridge view
Predefined user roles
network-admin
context-admin
Parameters
vlan-id-list: Specifies a space-separated list of up to 10 VLAN items. Each VLAN item specifies a VLAN ID or a range of VLAN IDs in the form of start-vlan-id to end-vlan-id. The end VLAN ID must be greater than the start VLAN ID. Valid VLAN IDs are from 1 to 4094.
Usage guidelines
You can add VLANs to a bridge instance before or after you create the VLANs.
You can add a VLAN to only one bridge instance.
If you execute the command multiple times, all configurations take effect.
If you do not specify the vlan-id-list argument, the undo add vlan command removes all VLANs from the inter-VLAN bridge instance.
Examples
# Add VLANs 2, 3, 5, and VLANs 50 through 70 to bridge instance 2.
<Sysname> system-view
[Sysname] bridge 2 inter-vlan
[Sysname-bridge2-inter-vlan] add vlan 2 3 5 50 to 70
bridge
Use bridge to create a specific type of bridge instance and enter its view, or enter the view of an existing bridge instance.
Use undo bridge to delete bridge instances.
Syntax
bridge bridge-index [ blackhole | forward | inter-vlan | reflect ]
undo bridge { bridge-index | all }
Default
No bridge instances exist.
Views
System view
Predefined user roles
network-admin
context-admin
Parameters
bridge-index: Specifies a bridge instance index. For an automatically created forward-type bridge instance, the system will assign an index in the range of 32768 to 1082400.
The following compatibility matrixes show the value ranges for the bridge-index argument for a manually created bridge instance:
|
F1000 series |
Models |
Value range |
|
F1000-X-G5 series |
F1000-A-G5, F1000-C-G5, F1000-C-G5-LI, F1000-E-G5, F1000-H-G5, F1000-S-G5 |
1 to 128 |
|
F1000-X-G3 series |
F1000-A-G3, F1000-C-G3, F1000-E-G3, F1000-S-G3 |
1 to 128 |
|
F1000-X-G2 series |
F1000-A-G2, F1000-C-G2, F1000-E-G2, F1000-S-G2 |
1 to 128 |
|
F1000-9X0-AI series |
F1000-9390-AI, F1000-9385-AI, F1000-9380-AI, F1000-9370-AI, F1000-9360-AI, F1000-9350-AI, F1000-9330-AI, F1000-9320-AI, F1000-990-AI, F1000-980-AI, F1000-970-AI, F1000-960-AI, F1000-950-AI, F1000-930-AI, F1000-920-AI, F1000-910-AI, F1000-905-AI |
1 to 128 |
|
F1000-C83X0 series |
F1000-C8395, F1000-C8390, F1000-C8385, F1000-C8380, F1000-C8370, F1000-C8360, F1000-C8350, F1000-C8330 |
1 to 128 |
|
F1000-C81X0 series |
F1000-C8180, F1000-C8170, F1000-C8160, F1000-C8150, F1000-C8130, F1000-C8120, F1000-C8110 |
1 to 128 |
|
F1000-7X0-HI series |
F1000-770-HI, F1000-750-HI, F1000-740-HI, F1000-730-HI, F1000-720-HI, F1000-710-HI |
1 to 128 |
|
F1000-C-X series |
F1000-C-EI, F1000-C-HI, F1000-C-XI, F1000-E-XI |
1 to 128 |
|
F1000-V series |
F1000-E-VG, F1000-S-VG |
1 to 128 |
|
SecBlade IV |
LSPM6FWD8, LSQM2FWDSC8 |
1 to 2048 |
|
F100 series |
Models |
Value range |
|
F100-X-G5 series |
F100-A-G5, F100-C-G5, F100-E-G5, F100-M-G5, F100-S-G5 |
1 to 128 |
|
F100-X-G3 series |
F100-A-G3, F100-C-G3, F100-E-G3, F100-M-G3, F100-S-G3 |
1 to 128 |
|
F100-X-G2 series |
F100-A-G2, F100-C-G2, F100-E-G2, F100-M-G2, F100-S-G2 |
1 to 128 |
|
F100-WiNet series |
F100-A80-WiNet, F100-C80-WiNet, F100-C60-WiNet, F100-S80-WiNet, F100-A81-WiNet, F100-A91-WiNet, F100-C50-WiNet |
1 to 128 |
|
F100-C-A series |
F100-C-A6, F100-C-A5, F100-C-A3, F100-C-A6-WL, F100-C-A5-W, F100-C-A3-W, F100-C-A2, F100-C-A1 |
1 to 128 |
|
F100-X-XI series |
F100-A-EI, F100-A-HI, F100-A-SI, F100-C-EI, F100-C-HI, F100-C-XI, F100-E-EI, F100-S-HI, F100-S-XI |
1 to 128 |
blackhole: Specifies a blackhole-type bridge instance.
forward: Specifies a forward-type bridge instance.
inter-vlan: Specifies an inter-VLAN bridge instance.
reflect: Specifies a reflect-type bridge instance.
all: Deletes all bridge instances.
Usage guidelines
Use this command to create a bridge instance. You can create reflect-type, forward-type, and blackhole-type bridge instances for inline forwarding.
When you create a bridge instance, you must specify its type. You can specify only one type for a bridge instance.
The device will automatically create a forward-type bridge instance upon insertion of a hardware bypass subcard. The automatically created forward-type bridge instance uses the pair of interfaces on the bypass subcard by default. You cannot edit the interfaces in the bridge instance or delete the bridge instance.
Examples
# Create blackhole-type bridge instance 1 and enter its view.
<Sysname> system-view
[Sysname] bridge 1 blackhole
[Sysname-bridge1-blackhole]
# Create forward-type bridge instance 2 and enter its view.
<Sysname> system-view
[Sysname] bridge 2 forward
[Sysname-bridge2-forward]
# Create inter-VLAN bridge instance 3 and enter its view.
<Sysname> system-view
[Sysname] bridge 3 inter-vlan
[Sysname-bridge3-inter-vlan]
# Create reflect-type bridge instance 4 and enter its view.
<Sysname> system-view
[Sysname] bridge 4 reflect
[Sysname-bridge4-reflect]
bridge mac-address timer aging
Use bridge mac-address timer aging to set the aging timer for dynamic MAC address entries in bridge instances.
Use undo bridge to restore the default.
Syntax
bridge mac-address timer aging seconds
undo bridge mac-address timer aging
Default
The aging timer for dynamic MAC address entries is 300 seconds.
Views
System view
Predefined user roles
network-admin
context-admin
Parameters
seconds: Specifies a MAC address aging timer, in seconds. The value range is 60 to 1440.
Usage guidelines
Follow these guidelines to set the aging timer appropriately:
· A long aging interval causes the MAC address table to retain outdated entries and fail to accommodate the most recent network changes.
· A short aging interval results in removal of valid entries. Then, unnecessary broadcast packets appear and affect device performance.
After you set an aging time for dynamic MAC address entries, the device automatically deletes the expired dynamic MAC address entries. Then, the device learns new MAC addresses to build new MAC address entries.
Examples
# Set the aging timer to 500 seconds for dynamic MAC address entries.
<Sysname> system-view
[Sysname] bridge mac-address timer aging 500
bridge tunnel-encapsulation skip
Use bridge tunnel-encapsulation skip to configure the device to ignore the tunnel encapsulation when forwarding tunneled packets in inline mode.
Use undo bridge tunnel-encapsulation skip to restore the default.
Syntax
bridge tunnel-encapsulation skip
undo bridge tunnel-encapsulation skip
Default
In inline forwarding mode, tunneled packets are forwarded based on information in the tunnel encapsulation.
Views
System view
Predefined user roles
network-admin
context-admin
Usage guidelines
This command takes effect only for inline forwarding.
In inline forwarding mode, tunneled packets are forwarded based on information in the tunnel encapsulation by default.
Use this command to enable the device to ignore the tunnel encapsulation and forward tunneled packets based on the original packet header information.
Examples
# Configure the device to ignore the tunnel encapsulation when forwarding tunneled packets in inline mode.
<Sysname> system-view
[Sysname] bridge tunnel-encapsulation skip
bypass enable
Use bypass enable to enable internal security service bypass.
Use undo bypass enable to disable security service bypass.
Syntax
bypass enable
undo bypass enable
Default
Security service bypass is disabled.
Views
Reflect-type bridge view
Forward-type bridge view
Blockhole-type bridge view
Predefined user roles
network-admin
context-admin
Usage guidelines
This feature enables the device to bypass the security service and to directly process received packets according to the configured bridge forwarding mode.
If you configure the bypass enable command multiple times, the most recent configuration takes effect.
Examples
# Enable internal security service bypass.
<Sysname> system-view
[Sysname] bridge 1 forward
[Sysname-bridge-1-forward] bypass enable
display bridge mac-address
Use display bridge mac-address to display MAC address entries in bridge instances.
Syntax
display bridge mac-address [ bridge-index [ vlan vlan-id ] ] [ count ] [ slot slot-number ]
Views
Any view
Predefined user roles
network-admin
network-operator
context-admin
context-operator
Parameters
bridge-index: Specifies a bridge instance by its index.
vlan vlan-id: Specifies a VLAN by its ID.
count: Displays only the total number of MAC address entries that match all entry attributes you specify in this command. In this case, the detailed information about MAC address entries is not displayed. For example, you can use the display bridge mac-address 2 vlan 20 count command to display the total number of entries for VLAN 20 in bridge instance 2. If you do not specify this keyword, this command displays detailed information about specified MAC address entries.
slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command displays MAC address entries for the master device.
Usage guidelines
If you do not specify any parameters, this command displays MAC address entries for all bridge instances.
This command displays dynamic MAC address entries because the MAC address entries in a bridge instance are all learned MAC addresses.
Examples
# Display MAC address entries for bridge instance 100.
<Sysname> display bridge mac-address 100
MAC Address BRIDGE ID State VLAN ID Port Aging
0033-0033-0033 100 Learned 44 GE1/0/1 Y
0000-0000-0002 100 Learned 66 GE1/0/2 Y
# Display the number of MAC address entries in bridge instance 100.
<Sysname> display bridge mac-address 100 count
1 mac address(es) found.
Table 5 Command output
|
Field |
Description |
|
BRIDGE ID |
Index of the bridge instance to which the MAC address entry belongs. |
|
State |
MAC address entry state: Learned. |
|
VLAN ID |
VLAN of the outgoing interface. |
|
Port |
Outgoing interface. |
|
Aging |
Whether the entry can age out: · Y—The entry can age out. · N—The entry never ages out. |
|
1 mac address(es) found |
Number of matching MAC address entries. |
mac-address max-mac-count
Use mac-address max-mac-count to set the MAC learning limit on an inter-VLAN bridge instance.
Use undo mac-address max-mac-count to restore the default.
Syntax
mac-address max-mac-count count
undo mac-address max-mac-count
Default
The MAC learning limit is 4096 on an inter-VLAN bridge instance.
Views
Inter-VLAN bridge view
Predefined user roles
network-admin
context-admin
Parameters
count: Sets the maximum number of MAC addresses that can be learned on an inter-VLAN bridge instance. The value range for this argument is 0 to 4096. To prevent an inter-VLAN bridge instance from learning any MAC addresses, set the limit to 0 for the bridge instance.
Usage guidelines
The command sets the size of the inter-VLAN bridge forwarding MAC address table. When the number of MAC address entries learned by an inter-VLAN bridge instance reaches the limit, the bridge instance stops learning MAC address entries.
Examples
# Configure inter-VLAN bridge instance 2 to learn a maximum of 10 MAC address entries.
<Sysname> system-view
[Sysname] bridge 2 inter-vlan
[Sysname-bridge2-inter-vlan] mac-address max-mac-count 10
Fast bridge forwarding commands
bridge fast-forwarding check-vlan-id
Use bridge fast-forwarding check-vlan-id to enable VLAN ID check for fast bridge forwarding.
Use undo bridge fast-forwarding check-vlan-id to disable VLAN ID check for fast bridge forwarding.
Syntax
bridge fast-forwarding check-vlan-id
undo bridge fast-forwarding check-vlan-id
Default
VLAN ID check is enabled for fast bridge forwarding.
Views
System view
Predefined user roles
network-admin
context-admin
Usage guidelines
This feature allows the device to check whether the VLAN ID of a flow matches that of any fast forwarding entry. If no match is found, the flow does not match any fast forwarding entry.
The VLAN ID of a packet helps the device to determine the TCP session to which the packet belongs. On a hot backup system formed by two firewalls, you must disable VLAN ID check if the traffic incoming interfaces on the primary and secondary devices belong to different VLANs. If you enable VLAN ID check, traffic cannot match session entries correctly when asymmetric-path traffic exists.
On a hot backup system formed by two firewalls, inter-VLAN fast bridge forwarding enables a packet to match the same session after being transmitted between the primary and secondary devices. Because the device does not check VLAN IDs for inter-VLAN fast bridge forwarding. That is, this command does not take effect on inter-VLAN fast bridge forwarding.
Examples
# Enable VLAN ID check for fast bridge forwarding.
<Sysname> system-view
[Sysname] bridge fast-forwarding check-vlan-id
display bridge cache ip
Use display bridge cache ip to display IPv4 fast bridge forwarding entries.
Syntax
display bridge cache ip { inline | inter-vlan } [ ip-address ] [ slot slot-number ]
Views
Any view
Predefined user roles
network-admin
network-operator
context-admin
context-operator
Parameters
inline: Displays IPv4 inline forwarding entries.
inter-vlan: Displays IPv4 inter-VLAN forwarding entries.
ip-address: Specifies an IPv4 address. If you do not specify an IPv4 address, this command displays all IPv4 fast bridge forwarding entries.
slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command displays IPv4 fast bridge forwarding entries for all member devices.
Examples
# Display IPv4 inline fast bridge forwarding entries.
<Sysname> display bridge cache ip inline
Total number of bridge-forwarding entries: 2
SIP SPort DIP DPort Pro InVLAN OutVLAN Output_If
1.1.1.3 470 1.1.1.2 0 1 3 2 GE1/0/1
1.1.1.2 470 1.1.1.3 2048 1 2 3 GE1/0/2
Table 6 Command output
|
Field |
Description |
|
Total number of bridge-forwarding entries |
Total number of IPv4 fast bridge forwarding entries. |
|
SIP |
Source IPv4 address. |
|
SPort |
Source port number. |
|
DIP |
Destination IPv4 address. |
|
DPort |
Destination port number. |
|
Pro |
Protocol number. |
|
InVLAN |
Input VLAN. |
|
OutVLAN |
Output VLAN. |
|
Output_If |
Output interface. |
display bridge cache ip fragment
Use display bridge cache ip fragment to display IPv4 fast bridge forwarding entries for fragments.
Syntax
display bridge cache ip fragment { inline | inter-vlan } [ ip-address ] [ slot slot-number ]
Views
Any view
Predefined user roles
network-admin
network-operator
context-admin
context-operator
Parameters
inline: Displays IPv4 inline forwarding entries for fragments.
inter-vlan: Displays IPv4 inter-VLAN forwarding entries for fragments.
ip-address: Specifies an IPv4 address. If you do not specify an IPv4 address, this command displays IPv4 fast bridge forwarding entries for all fragments.
slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command displays IPv4 fast bridge forwarding entries for fragments on all member devices.
Examples
# Display IPv4 inline fast bridge forwarding entries for fragments.
<Sysname> display bridge cache ip fragment inline
Total number of fragment bridge-forwarding entries: 2
SIP SPort DIP DPort Pro InVLAN ID
2.1.1.2 2320 2.1.1.1 2048 1 2 7298
2.1.1.1 2048 2.1.1.2 2320 1 3 6826
Table 7 Command output
|
Field |
Description |
|
Total number of fragment bridge-forwarding entries |
Total number of IPv4 fast bridge forwarding entries for fragments. |
|
SIP |
Source IPv4 address. |
|
SPort |
Source port number. |
|
DIP |
Destination IPv4 address. |
|
DPort |
Destination port number. |
|
Pro |
Protocol number. |
|
InVLAN |
Input VLAN. |
|
ID |
Fragment ID. |
display bridge cache ipv6
Use display bridge cache ipv6 to display IPv6 fast bridge forwarding entries.
Syntax
display bridge cache ipv6 { inline | inter-vlan } [ ipv6-address ] [ slot slot-number ]
Views
Any view
Predefined user roles
network-admin
network-operator
context-admin
context-operator
Parameters
inline: Displays IPv6 inline forwarding entries.
inter-vlan: Displays IPv6 inter-VLAN forwarding entries.
ipv6-address: Specifies an IPv6 address. If you do not specify an IPv6 address, this command displays all IPv6 fast bridge forwarding entries.
slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command displays IPv6 fast bridge forwarding entries for all member devices.
Examples
# Display IPv6 inline fast bridge forwarding entries.
<Sysname> display bridge cache ipv6 inline
Total number of IPv6 bridge-forwarding items: 1
Src IP: 10::12 Src Port: 427
Dst IP: 10::11 Dst Port: 32768
InVLAN: 2 OutVLAN: 3
Protocol: 58
Context ID: 257
Bridge ID: 10
Output interface: GE1/0/1
Table 8 Command output
|
Field |
Description |
|
Total number of IPv6 bridge-forwarding items |
Total number of IPv6 fast bridge forwarding entries. |
|
Src IP |
Source IPv6 address. |
|
Src port |
Source port number. |
|
Dst IP |
Destination IPv6 address. |
|
Dst Port |
Destination port number. |
|
InVLAN |
Input VLAN. |
|
OutVLAN |
Output VLAN. |
|
Protocol |
Protocol number. |
|
Context ID |
Context ID. |
|
Output interface |
Output interface type and number. If no output interface is involved in fast forwarding, this field displays N/A. If no output interface is available, this field displays a hyphen (-). |
