- Table of Contents
- Related Documents
-
Title | Size | Download |
---|---|---|
01-Text | 2.27 MB |
Ping, tracert, and system debugging commands
operation (FTP operation view)
operation (HTTP operation view)
reaction checked-element { jitter-ds | jitter-sd }
reaction checked-element { owd-ds | owd-sd }
reaction checked-element icpif
reaction checked-element packet-loss
reaction checked-element probe-duration
reaction checked-element probe-fail (for trap)
reaction checked-element probe-fail (for trigger)
display ntp-service ipv6 sessions
ntp-service authentication enable
ntp-service authentication-keyid
ntp-service ipv6 inbound enable
ntp-service ipv6 multicast-client
ntp-service ipv6 multicast-server
ntp-service ipv6 unicast-server
ntp-service max-dynamic-sessions
ntp-service reliable authentication-keyid
sntp reliable authentication-keyid
display poe pse interface power
display snmp-agent local-engineid
snmp-agent { inform | trap } source
snmp-agent trap if-mib link extended
snmp-agent usm-user { v1 | v2c }
snmp-agent usm-user v3 user-role
display snmp mib event object list
display snmp mib event summary
display snmp mib event trigger
event owner (trigger-Boolean view)
event owner (trigger-existence view)
object list (action-notification view)
object list (trigger-Boolean view)
object list (trigger-existence view)
object list (trigger-threshold view)
oid (action-notification view)
snmp mib event sample instance maximum
snmp-agent trap enable event-mib
startup (trigger-existence view)
startup (trigger-threshold view)
wildcard context (action-set view)
wildcard context (trigger view)
wildcard oid (action-set view)
netconf capability specific-namespace
reset netconf service statistics
reset netconf session statistics
cwmp cpe inform interval enable
Process monitoring and maintenance commands
display kernel deadloop configuration
display kernel starvation configuration
display process memory heap address
display process memory heap size
monitor kernel deadloop enable
monitor kernel deadloop exclude-thread
monitor kernel starvation enable
monitor kernel starvation exclude-thread
monitor kernel starvation time
mirroring-group mirroring-port (interface view)
mirroring-group mirroring-port (system view)
mirroring-group monitor-port (interface view)
mirroring-group monitor-port (system view)
NetStream configuration commands
ip netstream export v9-template refresh-rate packet
ip netstream export v9-template refresh-rate time
display ipv6 netstream template
ipv6 netstream ipsec raw-packet
ipv6 netstream export v9-template refresh-rate packet
ipv6 netstream export v9-template refresh-rate time
ipv6 netstream export version 9
ipv6 netstream timeout inactive
reset ipv6 netstream statistics
display diagnostic-logfile summary
display security-logfile summary
info-center diagnostic-logfile directory
info-center diagnostic-logfile enable
info-center diagnostic-logfile frequency
info-center diagnostic-logfile quota
info-center logfile size-quota
info-center logging suppress duplicates
info-center security-logfile alarm-threshold
info-center security-logfile directory
info-center security-logfile enable
info-center security-logfile frequency
info-center security-logfile size-quota
info-center syslog trap buffersize
info-center trace-logfile quota
userlog flow export load-balancing
userlog flow export timestamp localtime
packet-capture local ap (on ACs)
packet-capture local interface (on wired devices/fat APs)
packet-capture remote ap (on ACs)
packet-capture remote interface (on wired devices/fat APs)
display smartmc backup configuration status
display smartmc batch-file status
display smartmc replace status
display smartmc upgrade status
smartmc backup configuration max-number
smartmc backup configuration interval
smartmc tc startup-configuration
smartmc topology-refresh interval
smartmc upgrade startup-configuration
Ping, tracert, and system debugging commands
debugging
Use debugging to enable debugging for a module.
Use undo debugging to disable debugging for a module.
Syntax
debugging module-name [ option ]
undo debugging module-name [ option ]
Default
Debugging is disabled for all modules.
Views
User view
Predefined user roles
network-admin
Parameters
module-name: Specifies a module by its name, such as arp or device. For a list of supported modules, use the debugging ? command.
option: Specifies the debugging option for a module. Available options vary by module. To display the debugging options supported by a module, use the debugging module-name ? command.
Usage guidelines
Output from debugging commands is memory intensive. To guarantee system performance, enable debugging only for modules that are in an exceptional condition.
The system sends the debugging command output as debug messages to the device information center. The information center then sends the messages to appropriate destinations based on the log output configuration. For more information about configuring debug message output, see Network Management and Monitoring Configuration Guide.
Examples
# Enable debugging for the device management module.
<Sysname> debugging dev
Related commands
display debugging
display debugging
Use display debugging to display the enabled debugging features for a module or for all modules.
Syntax
display debugging [ module-name ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
module-name: Specifies a module by its name. For a list of supported modules, use the display debugging ? command. If you do not specify a module name, this command displays the enabled debugging features for all modules.
Examples
# Display all enabled debugging features.
<Sysname> display debugging
DEV debugging switch is on
Related commands
debugging
ping
Use ping to test the reachability of the destination IP address and display ping statistics.
Syntax
ping [ ip ] [ -a source-ip | -c count | -f | -h ttl | -i interface-type interface-number | -m interval | -n | -p pad | -q | -r | -s packet-size | -t timeout | -tos tos | -v | { -topology topo-name | -vpn-instance vpn-instance-name } ] * host
Views
Any view
Predefined user roles
network-admin
Parameters
ip: Distinguishes between a destination host name and the ping command keywords if the name of the destination host is i, ip, ipv, or ipv6. For example, you must use the command in the form of ping ip ip instead of ping ip if the destination host name is ip.
-a source-ip: Specifies an IP address of the device as the source IP address of ICMP echo requests. If this option is not specified, the source IP address of ICMP echo requests is the primary IP address of the outbound interface.
-c count: Specifies the number of ICMP echo requests that are sent to the destination. The value range is 1 to 4294967295, and the default is 5.
-f: Sets the "do-not-fragment" bit in the IP header.
-h ttl: Specifies the TTL value of ICMP echo requests. The value range is 1 to 255, and the default is 255.
-i interface-type interface-number: Specifies the source interface for ICMP echo requests. If you do not specify this option, the system uses the primary IP address of the matching route's egress interface as the source interface for ICMP echo requests.
-m interval: Specifies the interval (in milliseconds) to send ICMP echo requests. The value range is 1 to 65535, and the default is 200.
-n: Disables domain name resolution for the host argument. If the host argument represents the host name of the destination, and if this keyword is not specified, the device translates host into an address.
-p pad: Specifies the value of the pad field in an ICMP echo request, in hexadecimal format, 1 to 8 bits. The pad argument is in the range of 0 to ffffffff. If the specified value is less than 8 bits, 0s are added in front of the value to extend it to 8 bits. For example, if pad is configured as 0x2f, then the packets are padded with 0x0000002f to make the total length of the packet meet the requirements of the device. By default, the padded value starts from 0x01 up to 0xff, where another round starts again if necessary, such as 0x010203…feff01….
-q: Displays only the summary statistics. If this keyword is not specified, the system displays all the ping statistics.
-r: Records the addresses of the hops (up to 9) the ICMP echo requests passed. If this keyword is not specified, the addresses of the hops that the ICMP echo requests passed are not recorded.
-s packet-size: Specifies the length (in bytes) of ICMP echo requests (excluding the IP packet header and the ICMP packet header). The value range is 20 to 8100, and the default is 56.
-t timeout: Specifies the timeout time (in milliseconds) of an ICMP echo reply. The value range is 0 to 65535, and the default is 2000. If the source does not receive an ICMP echo reply within the timeout, it considers the ICMP echo reply timed out.
-tos tos: Specifies the ToS value of ICMP echo requests. The value range is 0 to 255, and the default is 0.
-v: Displays non-ICMP echo reply packets. If this keyword is not specified, the system does not display non-ICMP echo reply packets.
-topology topo-name: Specifies the topology to which the destination belongs, where topo-name is a case-sensitive string of 1 to 31 characters. If the destination is on the public network, do not specify this option.
-vpn-instance vpn-instance-name: Specifies the MPLS L3VPN instance to which the destination belongs, where the vpn-instance-name argument is a case-sensitive string of 1 to 31 characters. If the destination is on the public network, do not specify this option.
host: Specifies the IP address or host name of the destination. The host name is a case-insensitive string of 1 to 253 characters. It can contain letters, digits, and special characters such as hyphen (-), underscore (_), and dot (.).
Usage guidelines
To ping a device identified by its host name, configure the DNS settings on the device first. If the DNS settings are not configured, the ping operation fails.
To abort the ping operation during the execution of the command, press Ctrl+C.
Examples
# Test whether the device with an IP address of 1.1.2.2 is reachable.
<Sysname> ping 1.1.2.2
Ping 1.1.2.2 (1.1.2.2): 56 data bytes, press CTRL_C to break
56 bytes from 1.1.2.2: icmp_seq=0 ttl=254 time=2.137 ms
56 bytes from 1.1.2.2: icmp_seq=1 ttl=254 time=2.051 ms
56 bytes from 1.1.2.2: icmp_seq=2 ttl=254 time=1.996 ms
56 bytes from 1.1.2.2: icmp_seq=3 ttl=254 time=1.963 ms
56 bytes from 1.1.2.2: icmp_seq=4 ttl=254 time=1.991 ms
--- Ping statistics for 1.1.2.2 ---
5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss
round-trip min/avg/max/std-dev = 1.963/2.028/2.137/0.062 ms
# Test whether the device with an IP address of 1.1.2.2 in VPN 1 is reachable.
<Sysname> ping -vpn-instance vpn1 1.1.2.2
Ping 1.1.2.2 (1.1.2.2): 56 data bytes, press CTRL_C to break
56 bytes from 1.1.2.2: icmp_seq=0 ttl=254 time=2.137 ms
56 bytes from 1.1.2.2: icmp_seq=1 ttl=254 time=2.051 ms
56 bytes from 1.1.2.2: icmp_seq=2 ttl=254 time=1.996 ms
56 bytes from 1.1.2.2: icmp_seq=3 ttl=254 time=1.963 ms
56 bytes from 1.1.2.2: icmp_seq=4 ttl=254 time=1.991 ms
--- Ping statistics for 1.1.2.2 in VPN instance vpn1 ---
5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss
round-trip min/avg/max/std-dev = 1.963/2.028/2.137/0.062 ms
# Test whether the device with an IP address of 1.1.2.2 is reachable. Only results are displayed.
<Sysname> ping -q 1.1.2.2
Ping 1.1.2.2 (1.1.2.2): 56 data bytes, press CTRL_C to break
--- Ping statistics for 1.1.2.2 ---
5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss
round-trip min/avg/max/std-dev = 1.962/2.196/2.665/0.244 ms
# Test whether the device with an IP address of 1.1.2.2 is reachable. The IP addresses of the hops that the ICMP packets passed in the path are displayed.
<Sysname> ping -r 1.1.2.2
Ping 1.1.2.2 (1.1.2.2): 56 data bytes, press CTRL_C to break
56 bytes from 1.1.2.2: icmp_seq=0 ttl=254 time=4.685 ms
RR: 1.1.2.1
1.1.2.2
1.1.1.2
1.1.1.1
56 bytes from 1.1.2.2: icmp_seq=1 ttl=254 time=4.834 ms (same route)
56 bytes from 1.1.2.2: icmp_seq=2 ttl=254 time=4.770 ms (same route)
56 bytes from 1.1.2.2: icmp_seq=3 ttl=254 time=4.812 ms (same route)
56 bytes from 1.1.2.2: icmp_seq=4 ttl=254 time=4.704 ms (same route)
--- Ping statistics for 1.1.2.2 ---
5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss
round-trip min/avg/max/std-dev = 4.685/4.761/4.834/0.058 ms
The output shows that:
· The destination is reachable.
· The route is 1.1.1.1 <-> {1.1.1.2; 1.1.2.1} <-> 1.1.2.2.
Table 1 Command output
Field |
Description |
Ping 1.1.2.2 (1.1.2.2): 56 data bytes, press CTRL_C to break |
Test whether the device with IP address 1.1.2.2 is reachable. There are 56 bytes in each ICMP echo request. Press Ctrl+C to abort the ping operation. |
56 bytes from 1.1.2.2: icmp_seq=0 ttl=254 time=4.685 ms |
Received ICMP echo replies from the device whose IP address is 1.1.2.2. If no echo reply is received within the timeout period, no information is displayed. · bytes—Number of bytes in the ICMP echo reply. · icmp_seq—Packet sequence, used to determine whether a segment is lost, disordered or repeated. · ttl—TTL value in the ICMP echo reply. · time—Response time. |
RR: |
Routers through which the ICMP echo request passed. They are displayed in inversed order, which means the router with a smaller distance to the destination is displayed first. |
--- Ping statistics for 1.1.2.2 --- |
Statistics on data received and sent in the ping operation. |
--- Ping statistics for 1.1.2.2 in VPN instance vpn1 --- |
Ping statistics for a device in a VPN instance. |
5 packet(s) transmitted |
Number of ICMP echo requests sent. |
5 packet(s) received |
Number of ICMP echo replies received. |
0.0% packet loss |
Percentage of unacknowledged packets to the total packets sent. |
round-trip min/avg/max/std-dev = 4.685/4.761/4.834/0.058 ms |
Minimum/average/maximum/standard deviation response time, in milliseconds. |
ping ipv6
Use ping ipv6 to test the reachability of the destination IPv6 address and display IPv6 ping statistics.
Syntax
ping ipv6 [ -a source-ipv6 | -c count | -i interface-type interface-number | -m interval | -q | -s packet-size | -t timeout | -tc traffic-class| -v | -vpn-instance vpn-instance-name ] * host
Views
Any view
Predefined user roles
network-admin
Parameters
-a source-ipv6: Specifies an IPv6 address of the device as the source IP address of ICMP echo requests. If this option is not specified, the source IPv6 address of ICMP echo requests is the IPv6 address of the outbound interface. See RFC 3484 for information about the address selection rule.
-c count: Specifies the number of ICMPv6 echo requests that are sent to the destination. The value range is 1 to 4294967295, and the default is 5.
-i interface-type interface-number: Specifies the source interface for ICMPv6 echo requests. This option must be specified when the destination address is a multicast address or a link local address. If you do not specify this option, the system uses the primary IP address of the matching route's egress interface as the source interface for ICMPv6 echo requests.
-m interval: Specifies the interval (in milliseconds) to send an ICMPv6 echo reply. The value range is 1 to 65535, and the default is 1000.
-q: Displays only the summary statistics. If you do not specify this keyword, the system displays all the ping statistics.
-s packet-size: Specifies the length (in bytes) of ICMPv6 echo requests (excluding the IPv6 packet header and the ICMPv6 packet header). The value range is 20 to 8100, and the default is 56.
-t timeout: Specifies the timeout time (in milliseconds) of an ICMPv6 echo reply. The value range is 0 to 65535, and the default is 2000.
-tc traffic-class: Specifies the traffic class value in an ICMPv6 packet. The value range is 0 to 255 and the default is 0.
-v: Displays detailed information (including the dst field and the idx field) about ICMPv6 echo replies. If this keyword is not specified, the system only displays brief information (not including the dst field and the idx field) about ICMPv6 echo replies.
-vpn-instance vpn-instance-name: Specifies the MPLS L3VPN instance to which the destination belongs, where the vpn-instance-name argument is a case-sensitive string of 1 to 31 characters. If the destination is on the public network, do not specify this option.
host: Specifies the IPv6 address or host name of the destination. The host name is a case-insensitive string of 1 to 253 characters. It can contain letters, digits, and special characters such as hyphen (-), underscore (_), and dot (.).
Usage guidelines
To ping a device identified by its host name, configure the DNS settings on the device first. If the DNS settings are not configured, the ping ipv6 operation fails.
To abort the ping ipv6 operation during the execution of the command, press Ctrl+C.
Examples
# Test whether the IPv6 address (2001::2) is reachable.
<Sysname> ping ipv6 2001::2
Ping6(56 data bytes) 2001::1 --> 2001::2, press CTRL_C to break
56 bytes from 2001::2, icmp_seq=0 hlim=64 time=62.000 ms
56 bytes from 2001::2, icmp_seq=1 hlim=64 time=23.000 ms
56 bytes from 2001::2, icmp_seq=2 hlim=64 time=20.000 ms
56 bytes from 2001::2, icmp_seq=3 hlim=64 time=4.000 ms
56 bytes from 2001::2, icmp_seq=4 hlim=64 time=16.000 ms
--- Ping6 statistics for 2001::2 ---
5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss
round-trip min/avg/max/std-dev = 4.000/25.000/62.000/20.000 ms
# Test whether the IPv6 address (2001::2) is reachable. Only the statistics are displayed.
<Sysname> ping ipv6 –q 2001::2
Ping6(56 data bytes) 2001::1 --> 2001::2, press CTRL_C to break
--- Ping6 statistics for 2001::2 ---
5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss
round-trip min/avg/max/std-dev = 4.000/25.000/62.000/20.000 ms
# Test whether the IPv6 address (2001::2) is reachable. Detailed ping information is displayed.
<Sysname> ping ipv6 –v 2001::2
Ping6(56 data bytes) 2001::1 --> 2001::2, press CTRL_C to break
56 bytes from 2001::2, icmp_seq=0 hlim=64 dst=2001::1 idx=3 time=62.000 ms
56 bytes from 2001::2, icmp_seq=1 hlim=64 dst=2001::1 idx=3 time=23.000 ms
56 bytes from 2001::2, icmp_seq=2 hlim=64 dst=2001::1 idx=3 time=20.000 ms
56 bytes from 2001::2, icmp_seq=3 hlim=64 dst=2001::1 idx=3 time=4.000 ms
56 bytes from 2001::2, icmp_seq=4 hlim=64 dst=2001::1 idx=3 time=16.000 ms
--- Ping6 statistics for 2001::2 ---
5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss
round-trip min/avg/max/std-dev = 4.000/25.000/62.000/20.000 ms
The output shows that:
· The destination is reachable, and ICMPv6 echo requests are replied.
· The minimum/average/maximum/standard deviation roundtrip time of packets is 4 milliseconds, 25 milliseconds, 62 milliseconds, and 20 milliseconds.
Table 2 Command output
Field |
Description |
Ping6(56 data bytes) 2001::1 --> 2001::2, press CTRL_C to break |
An ICMPv6 echo reply with a data length of 56 bytes is sent from 2001::1 to 2001::2. Press Ctrl+C to abort the ping IPv6 operation. |
56 bytes from 2001::2, icmp_seq=1 hlim=64 dst=2001::1 idx=3 time=62.000 ms |
Received ICMPv6 echo replies from the device whose IPv6 address is 2001::2. · The number of data bytes is 56. · The packet sequence is 1. · The hop limit value is 64. · The destination address is 2001::1. Specify the -v keyword to display this field. · The index for the packet inbound interface is 3. Specify the -v keyword to display this field. · The response time is 62 milliseconds. |
--- Ping6 statistics for 2001::2 ------ |
Statistics on data received and sent in an IPv6 ping operation. |
5 packet(s) transmitted |
Number of ICMPv6 echo requests sent. |
5 packet(s) received |
Number of ICMPv6 echo replies received. |
0.0% packet loss |
Percentage of unacknowledged packets to the total packets sent. |
round-trip min/avg/max/ std-dev =4.000/25.000/62.000/20.000 ms |
Minimum/average/maximum/standard deviation response time, in milliseconds. |
tracert
Use tracert to trace the path the packets traverse from source to destination.
Syntax
tracert [ -a source-ip | -f first-ttl | -m max-ttl | -p port | -q packet-number | -t tos | { -topology topo-name |-vpn-instance vpn-instance-name [ -resolve-as { global | none | vpn } ] } | -w timeout ] * host
Views
Any view
Predefined user roles
network-admin
Parameters
-a source-ip: Specifies an IP address of the device as the source IP address of probe packets. If this option is not specified, the source IP address of probe packets is the primary IP address of the outbound interface.
-f first-ttl: Specifies the TTL of the first packet sent to the destination. The value range is 1 to 255, and the default is 1. It must be no greater than the value of the max-ttl argument.
-m max-ttl: Specifies the maximum number of hops allowed for a probe packet. The value range is 1 to 255, and the default is 30. It must be no smaller than the value of the first-ttl argument.
-p port: Specifies an invalid UDP port of the destination. The value range is 1 to 65535, and the default is 33434. If the destination address is an EID address at a remote LISP site, specify a port number in the range of 33434 to 65535.
-q packet-number: Specifies the number of probe packets to send per hop. The value range is 1 to 65535, and the default is 3.
-t tos: Specifies the ToS value of probe packets. The value range is 0 to 255, and the default is 0.
-topology topo-name: Specifies the topology to which the destination belongs, where topo-name is a case-sensitive string of 1 to 31 characters. If the destination is on the public network, do not specify this option.
-vpn-instance vpn-instance-name: Specifies the MPLS L3VPN instance to which the destination belongs, where the vpn-instance-name argument is a case-sensitive string of 1 to 31 characters. If the destination is on the public network, do not specify this option.
-resolve-as: Specifies a routing table for autonomous system (AS) resolution. Tracert searches the specified routing table for the AS that each hop along the path belongs to. If you do not specify this keyword, the global routing table is used. If the AS information is found, this command displays the AS number next to the address of the hop in the probe result.
· global: Specifies the global routing table.
· none: Disables AS resolution.
· vpn: Specifies the VPN routing table.
-w timeout: Specifies the timeout time in milliseconds of the reply packet for a probe packet. The value range is 1 to 65535, and the default is 5000.
host: Specifies the IP address or host name of the destination. The host name is a case-insensitive string of 1 to 253 characters. It can contain letters, digits, and special characters such as hyphen (-), underscore (_), and dot (.).
Usage guidelines
After identifying network failure with the ping command, use the tracert command to locate failed nodes.
If the destination address is on the public network, you do not need to specify the -resolve-as keyword to obtain the AS information. The device automatically uses the global routing table for AS resolution.
If the destination address is on a private network, address information of intermediate hops might be stored in either the global routing table or the VPN routing table. To learn the AS path that the packets traverse, execute the tracert command twice, once with the -resolve-as global keywords and again with the -resolve-as vpn keywords.
The output from the tracert command includes IP addresses of all the Layer 3 devices that the packets traverse from source to destination. Asterisks (* * *) are displayed if the device cannot reply with an ICMP error message. The reason might be the destination is unreachable or sending ICMP timeout/destination unreachable packets is disabled.
To abort the tracert operation during the execution of the command, press Ctrl+C.
Examples
# Display the path that the packets traverse from source to destination (1.1.2.2).
<Sysname> tracert 1.1.2.2
traceroute to 1.1.2.2 (1.1.2.2), 30 hops at most, 40 bytes each packet, press CTRL_C to break
1 1.1.1.2 (1.1.1.2) 673 ms 425 ms 30 ms
2 1.1.2.2 (1.1.2.2) [AS 100] 580 ms 470 ms 80 ms
# Display the path that the packets traverse from source to destination (1.1.3.2) in VPN instance vpn1, as well as the AS information of the hops along the path.
<Sysname> tracert –vpn-instance vpn1 –resolve-as vpn 1.1.3.2
traceroute to 1.1.3.2 (1.1.3.2), 30 hops at most, 40 bytes each packet, press CTRL_C to break
1 1.1.1.2 (1.1.1.2) 673 ms 425 ms 30 ms
2 1.1.2.2 (1.1.2.2) 580 ms 470 ms 80 ms
3 1.1.3.2 (1.1.3.2) [AS 65535] 530 ms 472 ms 380 ms
# Trace the path to destination (192.168.0.46) over an MPLS network.
<Sysname> tracert 192.168.0.46
traceroute to 192.168.0.46(192.168.0.46), 30 hops at most, 40 bytes each packet, press CTRL_C to break
1 192.0.2.13 (192.0.2.13) 0.661 ms 0.618 ms 0.579 ms
2 192.0.2.9 (192.0.2.9) 0.861 ms 0.718 ms 0.679 ms
MPLS Label=100048 Exp=0 TTL=1 S=1
3 192.0.2.5 (192.0.2.5) 0.822 ms 0.731 ms 0.708 ms
MPLS Label=100016 Exp=0 TTL=1 S=1
4 192.0.2.1 (192.0.2.1) 0.961 ms 8.676 ms 0.875 ms
Table 3 Command output
Field |
Description |
traceroute to 1.1.2.2 (1.1.2.2) |
Display the route that the IP packets traverse from the current device to the device whose IP address is 1.1.2.2. |
hops at most |
Maximum number of hops of the probe packets, which can be set by the -m keyword. |
bytes each packet |
Number of bytes of a probe packet. |
press CTRL_C to break |
During the execution of the command, press Ctrl+C to abort the tracert operation. |
Probe result of the probe packets that contain a TTL value of 2, including the following information about the second hop: · Domain name of the hop. If no domain name is configured, the IP address is displayed as the domain name. · IP address of the hop. The IP address is displayed in parentheses. · Number of the AS that the hop belongs to. The AS number appears only when it is found for the hop in the specified routing table. · The round-trip time of the probe packets. The number of packets that can be sent in each probe can be set by using the -q keyword. |
|
MPLS Label=100048 Exp=0 TTL=1 S=1 |
ICMP timeout packets on an MPLS network, carrying MPLS label information: · Label—Label value that is used to identify a forwarding equivalence class (FEC). · Exp—Reserved, usually used for class of service (CoS). · TTL—TTL value. · S—MPLS supports multiple levels of labels. Value 1 indicates that the label is at the bottom of the label stack, and value 0 indicates that the label is in another label stack. |
tracert ipv6
Use tracert ipv6 to display the path that the IPv6 packets traverse from source to destination.
Syntax
tracert ipv6 [ -f first-hop | -m max-hops | -p port | -q packet-number | -t traffic-class | -vpn-instance vpn-instance-name [ -resolve-as { global | none | vpn } ] | -w timeout ] * host
Views
Any view
Predefined user roles
network-admin
Parameters
-f first-hop: Specifies the TTL value of the first packet. The value range is 1 to 255, and the default is 1. The value must be no greater than the value of the max-hops argument.
-m max-hops: Specifies the maximum number of hops allowed for a packet. The value range is 1 to 255, and the default is 30. The value must be no smaller than the value of the first-hop argument.
-p port: Specifies an invalid UDP port of the destination. The value range is 1 to 65535, and the default is 33434.
-q packet-number: Specifies the number of probe packets sent each time. The value range is 1 to 65535, and the default is 3.
-t traffic-class: Specifies the traffic class value in an IPv6 probe packet. The value range is 0 to 255, and the default is 0.
-vpn-instance vpn-instance-name: Specifies the MPLS L3VPN instance to which the destination belongs, where the vpn-instance-name argument is a case-sensitive string of 1 to 31 characters. If the destination is on the public network, do not specify this option.
-resolve-as: Specifies a routing table for AS resolution. Tracert searches the specified routing table for the AS that each hop along the path belongs to. If you do not specify this keyword, the global routing table is used. If the AS information is found, this command displays the AS number next to the address of the hop in the probe result.
· global: Specifies the global routing table.
· none: Disables AS resolution.
· vpn: Specifies the VPN routing table.
-w timeout: Specifies the timeout time (in milliseconds) of the reply packet of a probe packet. The value range is 1 to 65535, and the default is 5000.
host: Specifies the IPv6 address or host name of the destination. The host name is a case-insensitive string of 1 to 253 characters. It can contain letters, digits, and special characters such as hyphen (-), underscore (_), and dot (.).
Usage guidelines
After identifying network failure with the ping ipv6 command, you can use the tracert ipv6 command to locate failed nodes.
If the destination address is on the public network, you do not need to specify the -resolve-as keyword to obtain the AS information. The device automatically uses the global routing table for AS resolution.
If the destination address is on a private network, address information of intermediate hops might be stored in either the global routing table or the VPN routing table. To learn the AS path that the packets traverse, execute the tracert ipv6 command twice, once with the -resolve-as global keywords and again with the -resolve-as vpn keywords.
The output from the tracert ipv6 command includes IPv6 addresses of all the Layer 3 devices that the packets traverse from source to destination. Asterisks (* * *) are displayed if the device cannot reply with an ICMP error message. The reason might be the destination is unreachable or sending ICMP timeout/destination unreachable packets is disabled.
To abort the tracert operation during the execution of the command, press Ctrl+C.
Examples
# Display the path that the packets traverse from source to destination (2001:3::2).
<Sysname> tracert ipv6 2001:3::2
traceroute to 2001:3::2(2001:3::2), 30 hops at most, 60 byte packets, press CTRL_C to break
1 2001:1::2 0.661 ms 0.618 ms 0.579 ms
2 2001:2::2 [AS 100] 0.861 ms 0.718 ms 0.679 ms
3 2001:3::2 [AS 200] 0.822 ms 0.731 ms 0.708 ms
# Display the path that the packets traverse from source to destination (2001:3::2) in VPN instance vpn1, as well as the AS information of the hops along the path.
<Sysname> tracert ipv6 –vpn-instance vpn1 –resolve-as vpn 2001:3::2
traceroute to 2001:3::2(2001:3::2), 30 hops at most, 60 byte packets , press CTRL_C to break
1 2001:1::2 0.661 ms 0.618 ms 0.579 ms
2 2001:2::2 0.861 ms 0.718 ms 0.679 ms
3 2001:3::2 [AS 65535] 0.822 ms 0.731 ms 0.708 ms
Table 4 Command output
Field |
Description |
traceroute to 2001:3::2 |
Display the route that the IPv6 packets traverse from the current device to the device whose IP address is 2001:3:2. |
hops at most |
Maximum number of hops of the probe packets, which can be set by the -m keyword. |
byte packets |
Number of bytes of a probe packet. |
Probe result of the probe packets that contain a hoplimit value of 2, including the following information about the second hop: · IPv6 address of the hop. · Number of the AS the hop belongs to. The AS number appears only when it is found for the hop in the specified routing table. · The round-trip time of the probe packets. The number of packets that can be sent in each probe can be set by using the -q keyword. |
NQA commands
NQA client commands
advantage-factor
Use advantage-factor to set the advantage factor to be used for calculating Mean Opinion Scores (MOS) and Calculated Planning Impairment Factor (ICPIF) values.
Use undo advantage-factor to restore the default.
Syntax
advantage-factor factor
undo advantage-factor
Default
The advantage factor is 0.
Views
Voice operation view
Predefined user roles
network-admin
Parameters
factor: Specifies the advantage factor in the range of 0 to 20.
Usage guidelines
The evaluation of voice quality depends on users' tolerance for voice quality. For users with higher tolerance for voice quality, use the advantage-factor command to set an advantage factor. When the system calculates the ICPIF value, it subtracts the advantage factor to modify ICPIF and MOS values for voice quality evaluation.
Examples
# Set the advantage factor to 10 for the voice operation.
<Sysname> system-view
[Sysname] nqa entry admin test
[Sysname-nqa-admin-test] type voice
[Sysname-nqa-admin-test-voice] advantage-factor 10
codec-type
Use codec-type to configure the codec type for the voice operation.
Use undo codec-type to restore the default.
Syntax
codec-type { g711a | g711u | g729a }
undo codec-type
Default
The codec type for the voice operation is G.711 A-law.
Views
Voice operation view
Predefined user roles
network-admin
Parameters
g711a: Specifies G.711 A-law codec type.
g711u: Specifies G.711 µ-law codec type
g729a: Specifies G.729 A-law codec type.
Examples
# Set the codec type to g729a for the voice operation.
<Sysname> system-view
[Sysname] nqa entry admin test
[Sysname-nqa-admin-test] type voice
[Sysname-nqa-admin-test-voice] codec-type g729a
community read
Use community read to specify the community name for the SNMP operation.
Use undo community read to restore the default.
Syntax
community read { cipher | simple } community-name
undo community read
Default
The SNMP operation uses community name public.
Views
SNMP operation view
Predefined user roles
network-admin
Parameters
cipher: Specifies a community name in encrypted form.
simple: Specifies a community name in plaintext form. For security purposes, the community name specified in plaintext form will be stored in encrypted form.
community-name: Specifies the community name. Its plaintext form is a case-sensitive string of 1 to 32 characters. Its encrypted form is a case-sensitive string of 33 to 73 characters.
Usage guidelines
You must specify the community name for the SNMP operation when both of the following conditions exist:
· The SNMP operation uses the SNMPv1 or SNMPv2c agent.
· The SNMPv1 or SNMPv2c agent is configured with a read-only or read-write community name.
The specified community name must be the same as the community name configured on the SNMP agent.
The community name configuration is not required if the SNMP operation uses the SNMPv3 agent.
For more information about SNMP, see "Configuring SNMP."
Examples
# Specify readaccess as the community name for the SNMP operation.
<Sysname> system-view
[Sysname] nqa entry admin test
[Sysname-nqa-admin-test] type snmp
[Sysname-nqa-admin-test-snmp] community read simple readaccess
data-fill
Use data-fill to configure the payload fill string for probe packets.
Use undo data-fill to restore the default.
Syntax
data-fill string
undo data-fill
Default
The default payload fill string is 0123456789.
Views
ICMP/UDP echo operation view
Path/UDP jitter operation view
Voice operation view
Predefined user roles
network-admin
Parameters
string: Specifies a case-sensitive string of 1 to 200 characters.
Usage guidelines
If the payload length is smaller than the string length, only the first part of the string is filled. For example, if you configure the string as abcd and set the payload size to 3 bytes, abc is filled.
If the payload length is greater than the string length, the system fills the payload with the string cyclically until the payload is full. For example, if you configure the string as abcd and the payload size as 6 bytes, abcdab is filled.
How the string is filled depends on the operation type.
· For the ICMP echo operation, the string fills the whole payload of an ICMP echo request.
· For the UDP echo operation, the first five bytes of the payload of a UDP packet are for special purpose. The string fills the remaining part of payload.
· For the UDP jitter operation, the first 68 bytes of the payload of a UDP packet are for special purpose. The string fills the remaining part of the payload.
· For the voice operation, the first 16 bytes of the payload of a UDP packet are for special purpose. The string fills the remaining part of the payload.
· For the path jitter operation, the first four bytes of the payload of an ICMP echo request are for special purpose. The string fills the remaining part of payload.
Examples
# Specify abcd as the payload fill string for ICMP echo requests.
<Sysname> system-view
[Sysname] nqa entry admin test
[Sysname-nqa-admin-test] type icmp-echo
[Sysname-nqa-admin-test-icmp-echo] data-fill abcd
data-size
Use data-size to set the payload size for each probe packet.
Use undo data-size to restore the default.
Syntax
data-size size
undo data-size
Default
The default payload size of a probe packet for different operations is described in Table 5.
Table 5 Default payload size of a probe packet
Operation type |
Codec type |
Default size (bytes) |
ICMP echo |
N/A |
100 |
UDP echo |
N/A |
100 |
UDP jitter |
N/A |
100 |
UDP tracert |
N/A |
100 |
Path jitter |
N/A |
100 |
Voice |
G.711 A-law |
172 |
Voice |
G.711 µ-law |
172 |
Voice |
G.729 A-law |
32 |
Views
ICMP/UDP echo operation view
Path/UDP jitter operation view
UDP tracert operation view
Voice operation view
Predefined user roles
network-admin
Parameters
size: Specifies the payload size. Available value ranges include:
· 20 to 65507 bytes for the ICMP echo, UDP echo, or UDP tracert operation.
· 68 to 65507 bytes for the UDP jitter or path jitter operation.
· 16 to 65507 bytes for the voice operation.
Usage guidelines
In ICMP echo and path jitter operations, the command sets the payload size for each ICMP echo request.
In UDP echo, UDP jitter, UDP tracert, and voice operations, the command sets the payload size for each UDP packet.
Examples
# Set the payload size to 80 bytes for each ICMP echo request.
<Sysname> system-view
[Sysname] nqa entry admin test
[Sysname-nqa-admin-test] type icmp-echo
[Sysname-nqa-admin-test-icmp-echo] data-size 80
description
Use description to configure a description for an NQA operation, such as the operation type or purpose.
Use undo description to restore the default.
Syntax
description text
undo description
Default
No description is configured for an NQA operation.
Views
DHCP/DLSw/DNS/FTP/HTTP/SNMP/TCP/voice operation view
ICMP/UDP echo operation view
ICMP/path/UDP jitter operation view
UDP tracert operation view
Predefined user roles
network-admin
Parameters
text: Specifies a description, a case-sensitive string of 1 to 200 characters.
Examples
# Configure the description as icmp-probe for the ICMP echo operation.
<Sysname> system-view
[Sysname] nqa entry admin test
[Sysname-nqa-admin-test] type icmp-echo
[Sysname-nqa-admin-test-icmp-echo] description icmp-probe
destination ip
Use destination ip to configure the destination IPv4 address for the operation.
Use undo destination ip to restore the default.
Syntax
destination ip ip-address
undo destination ip
Default
No destination IPv4 address is configured for an operation.
Views
DHCP/DLSw/DNS/SNMP/TCP/voice operation view
ICMP/path/UDP jitter operation view
UDP tracert operation view
Predefined user roles
network-admin
Parameters
ip-address: Specifies the destination IPv4 address for the operation.
Examples
# Specify 10.1.1.1 as the destination IPv4 address for the ICMP echo operation.
<Sysname> system-view
[Sysname] nqa entry admin test
[Sysname-nqa-admin-test] type icmp-echo
[Sysname-nqa-admin-test-icmp-echo] destination ip 10.1.1.1
destination ipv6
Use destination ipv6 to configure the destination IPv6 address for the operation.
Use undo destination ipv6 to restore the default.
Syntax
destination ipv6 ipv6-address
undo destination ipv6
Default
No destination IPv6 address is configured for an operation.
Views
ICMP echo operation view
Predefined user roles
network-admin
Parameters
ipv6-address: Specifies the destination IPv6 address for the operation. IPv6 link-local addresses are not supported.
Examples
# In ICMP echo operation view, specify 1::1 as the destination IPv6 address for ICMP echo requests.
[Sysname] nqa entry admin test
[Sysname-nqa-admin-test] type icmp-echo
[Sysname-nqa-admin-test-icmp-echo] destination ipv6 1::1
destination port
Use destination port to configure the destination port number for the operation.
Use undo destination port to restore the default.
Syntax
destination port port-number
undo destination port
Default
The destination port number is 33434 for the UDP tracert operation and 161 for the SNMP operation.
No destination port number is configured for other types of operations.
Views
SNMP/TCP/voice operation view
UDP echo operation view
UDP jitter operation view
UDP tracert operation view
Predefined user roles
network-admin
Parameters
port-number: Specifies the destination port number for the operation, in the range of 1 to 65535.
Examples
# Set the destination port number to 9000 for the UDP echo operation.
<Sysname> system-view
[Sysname] nqa entry admin test
[Sysname-nqa-admin-test] type udp-echo
[Sysname-nqa-admin-test-udp-echo] destination port 9000
display nqa history
Use display nqa history to display the history records of NQA operations.
Syntax
display nqa history [ admin-name operation-tag ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
admin-name operation-tag: Specifies an NQA operation by its administrator name and operation tag. The admin-name argument represents the name of the administrator who creates the NQA operation. The operation-tag argument represents the operation tag. Each of the arguments is a case-insensitive string of 1 to 32 characters that cannot contain hyphens (-). If you do not specify an NQA operation, the command displays the history records of all NQA operations.
Usage guidelines
The display nqa history command does not display the results or statistics of the following operations:
· ICMP jitter.
· Path jitter.
· UDP jitter.
· Voice.
To view the results or statistics of the ICMP jitter, path jitter, UDP jitter, and voice operations, use the display nqa result or display nqa statistics command.
Examples
# Display the history records of the UDP tracert operation with administrator name administrator and operation tag tracert.
<Sysname> display nqa history administrator tracert
NQA entry (admin administrator, tag tracert) history records:
Index TTL Response Hop IP Status Time
1 2 328 4.1.1.1 Succeeded 2013-09-09 14:46:06.2
1 2 328 4.1.1.1 Succeeded 2013-09-09 14:46:05.2
1 2 328 4.1.1.1 Succeeded 2013-09-09 14:46:04.2
1 1 328 3.1.1.2 Succeeded 2013-09-09 14:46:03.2
1 1 328 3.1.1.1 Succeeded 2013-09-09 14:46:02.2
1 1 328 3.1.1.1 Succeeded 2013-09-09 14:46:01.2
# Display the history records of the NQA operation with administrator name administrator and operation tag test.
<Sysname> display nqa history administrator test
NQA entry (admin administrator, tag test) history records:
Index Response Status Time
10 329 Succeeded 2011-04-29 20:54:26.5
9 344 Succeeded 2011-04-29 20:54:26.2
8 328 Succeeded 2011-04-29 20:54:25.8
7 328 Succeeded 2011-04-29 20:54:25.5
6 328 Succeeded 2011-04-29 20:54:25.1
5 328 Succeeded 2011-04-29 20:54:24.8
4 328 Succeeded 2011-04-29 20:54:24.5
3 328 Succeeded 2011-04-29 20:54:24.1
2 328 Succeeded 2011-04-29 20:54:23.8
1 328 Succeeded 2011-04-29 20:54:23.4
Table 6 Command output
Field |
Description |
Index |
History record ID. The history records in one UDP tracert operation have the same ID. |
TTL |
TTL value in the probe packet. |
Response |
Round-trip time if the operation succeeds, timeout time upon timeout, or 0 if the operation cannot be completed, in milliseconds. |
IP address of the node that sent the reply packet. |
|
Status |
Status of the operation result: · Succeeded. · Unknown error. · Internal error. · Timeout. |
Time |
Time when the operation was completed. |
display nqa reaction counters
Use display nqa reaction counters to display the current monitoring results of reaction entries.
Syntax
display nqa reaction counters [ admin-name operation-tag [ item-number ] ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
admin-name operation-tag: Specifies an NQA operation by its administrator name and operation tag. The admin-name argument represents the name of the administrator who creates the NQA operation. The operation-tag argument represents the operation tag. Each of the arguments is a case-insensitive string of 1 to 32 characters that cannot contain hyphens (-). If you do not specify an NQA operation, the command displays the current monitoring results of reaction entries for all NQA operations.
item-number: Specifies a reaction entry by its ID in the range of 1 to 10. If you do not specify a reaction entry, the command displays the results of all reaction entries.
Usage guidelines
The result fields display hyphens (-) in one of the following conditions:
· The threshold type is the average value.
· The monitored performance metric is ICPIF or MOS of the voice operation.
The monitoring results of an operation are accumulated, and are not cleared after the operation completes.
Examples
# Display the monitoring results of all reaction entries of the ICMP echo operation with administrator name admin and operation tag test.
<Sysname> display nqa reaction counters admin test
NQA entry (admin admin, tag test) reaction counters:
Index Checked Element Threshold Type Checked Num Over-threshold Num
1 probe-duration accumulate 12 4
2 probe-duration average - -
3 probe-duration consecutive 160 56
4 probe-fail accumulate 12 0
5 probe-fail consecutive 162 2
Table 7 Command output
Field |
Description |
Index |
ID of a reaction entry. |
Checked Element |
Monitored performance metric. |
Threshold Type |
Threshold type. |
Checked Num |
Number of targets that have been monitored for data collection. |
Over-threshold Num |
Number of threshold violations. |
Table 8 Description of the threshold monitoring fields
Monitored performance metric |
Threshold type |
Collect data in |
Checked Num |
Over-threshold Num |
probe-duration |
accumulate |
Probes after the operation starts. |
Number of completed probes. |
Number of probes with duration exceeding the threshold. |
average |
N/A |
N/A |
N/A |
|
consecutive |
Probes after the operation starts. |
Number of completed probes. |
Number of probes with duration exceeding the threshold. |
|
probe-fail |
accumulate |
Probes after the operation starts. |
Number of completed probes. |
Number of probe failures. |
consecutive |
Probes after the operation starts. |
Number of completed probes. |
Number of probe failures. |
|
RTT |
accumulate |
Packets sent after the operation starts. |
Number of sent packets. |
Number of packets with round-trip time exceeding threshold. |
average |
N/A |
N/A |
N/A |
|
jitter-DS/jitter-SD |
accumulate |
Packets sent after the operation starts. |
Number of sent packets. |
Number of packets with the one-way jitter exceeding the threshold. |
average |
N/A |
N/A |
N/A |
|
OWD-DS/OWD-SD |
N/A |
Packets sent after the operation starts. |
Number of sent packets. |
Number of packets with the one-way delay exceeding the threshold. |
packet-loss |
accumulate |
Packets sent after the operation starts. |
Number of sent packets. |
Total packet loss. |
ICPIF |
N/A |
N/A |
N/A |
N/A |
MOS |
N/A |
N/A |
N/A |
N/A |
display nqa result
Use display nqa result to display the most recent result of the specified NQA operation.
Syntax
display nqa result [ admin-name operation-tag ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
admin-name operation-tag: Specifies an NQA operation by its administrator name and operation tag. The admin-name argument represents the name of the administrator who creates the NQA operation. The operation-tag argument represents the operation tag. Each of the arguments is a case-insensitive string of 1 to 32 characters that cannot contain hyphens (-). If you do not specify an NQA operation, the command displays the most recent results of all NQA operations.
Examples
# Display the most recent result of the TCP operation with administrator name admin and operation tag test.
<Sysname> display nqa result admin test
NQA entry (admin admin, tag test) test results:
Send operation times: 1 Receive response times: 1
Min/Max/Average round trip time: 35/35/35
Square-Sum of round trip time: 1225
Last succeeded probe time: 2011-05-29 10:50:33.2
Extended results:
Packet loss ratio: 0%
Failures due to timeout: 0
Failures due to disconnect: 0
Failures due to no connection: 0
Failures due to internal error: 0
Failures due to other errors: 0
# Display the most recent result of the ICMP jitter operation with administrator name admin and operation tag test.
<Sysname> display nqa result admin test
NQA entry (admin admin, tag test) test results:
Send operation times: 10 Receive response times: 10
Min/Max/Average round trip time: 1/2/1
Square-Sum of round trip time: 13
Last packet received time: 2015-03-09 17:40:29.8
Extended results:
Packet loss ratio: 0%
Failures due to timeout: 0
Failures due to internal error: 0
Failures due to other errors: 0
Packets out of sequence: 0
Packets arrived late: 0
ICMP-jitter results:
RTT number: 10
Min positive SD: 0 Min positive DS: 0
Max positive SD: 0 Max positive DS: 0
Positive SD number: 0 Positive DS number: 0
Positive SD sum: 0 Positive DS sum: 0
Positive SD average: 0 Positive DS average: 0
Positive SD square-sum: 0 Positive DS square-sum: 0
Min negative SD: 1 Min negative DS: 2
Max negative SD: 1 Max negative DS: 2
Negative SD number: 1 Negative DS number: 1
Negative SD sum: 1 Negative DS sum: 2
Negative SD average: 1 Negative DS average: 2
Negative SD square-sum: 1 Negative DS square-sum: 4
One way results:
Max SD delay: 1 Max DS delay: 2
Min SD delay: 1 Min DS delay: 2
Number of SD delay: 1 Number of DS delay: 1
Sum of SD delay: 1 Sum of DS delay: 2
Square-Sum of SD delay: 1 Square-Sum of DS delay: 4
Lost packets for unknown reason: 0
# Display the most recent result of the UDP jitter operation with administrator name admin and operation tag test.
<Sysname> display nqa result admin test
NQA entry (admin admin, tag test) test results:
Send operation times: 10 Receive response times: 10
Min/Max/Average round trip time: 15/46/26
Square-Sum of round trip time: 8103
Last packet received time: 2011-05-29 10:56:38.7
Extended results:
Packet loss ratio: 0%
Failures due to timeout: 0
Failures due to internal error: 0
Failures due to other errors: 0
Packets out of sequence: 0
Packets arrived late: 0
UDP-jitter results:
RTT number: 10
Min positive SD: 8 Min positive DS: 8
Max positive SD: 18 Max positive DS: 8
Positive SD number: 5 Positive DS number: 2
Positive SD sum: 75 Positive DS sum: 32
Positive SD average: 15 Positive DS average: 16
Positive SD square-sum: 1189 Positive DS square-sum: 640
Min negative SD: 8 Min negative DS: 1
Max negative SD: 24 Max negative DS: 30
Negative SD number: 4 Negative DS number: 7
Negative SD sum: 56 Negative DS sum: 99
Negative SD average: 14 Negative DS average: 14
Negative SD square-sum: 946 Negative DS square-sum: 1495
One way results:
Max SD delay: 22 Max DS delay: 23
Min SD delay: 7 Min DS delay: 7
Number of SD delay: 10 Number of DS delay: 10
Sum of SD delay: 125 Sum of DS delay: 132
Square-Sum of SD delay: 1805 Square-Sum of DS delay: 1988
SD lost packets: 0 DS lost packets: 0
Lost packets for unknown reason: 0
# Display the most recent result of the voice operation with administrator name admin and operation tag test.
<Sysname> display nqa result admin test
NQA entry (admin admin, tag test) test results:
Send operation times: 1000 Receive response times: 0
Min/Max/Average round trip time: 0/0/0
Square-Sum of round trip time: 0
Last packet received time: 0-00-00 00:00:00.0
Extended results:
Packet loss ratio: 100%
Failures due to timeout: 1000
Failures due to internal error: 0
Failures due to other errors: 0
Packets out of sequence: 0
Packets arrived late: 0
Voice results:
RTT number: 0
Min positive SD: 0 Min positive DS: 0
Max positive SD: 0 Max positive DS: 0
Positive SD number: 0 Positive DS number: 0
Positive SD sum: 0 Positive DS sum: 0
Positive SD average: 0 Positive DS average: 0
Positive SD square-sum: 0 Positive DS square-sum: 0
Min negative SD: 0 Min negative DS: 0
Max negative SD: 0 Max negative DS: 0
Negative SD number: 0 Negative DS number: 0
Negative SD sum: 0 Negative DS sum: 0
Negative SD average: 0 Negative DS average: 0
Negative SD square-sum: 0 Negative DS square-sum: 0
One way results:
Max SD delay: 0 Max DS delay: 0
Min SD delay: 0 Min DS delay: 0
Number of SD delay: 0 Number of DS delay: 0
Sum of SD delay: 0 Sum of DS delay: 0
Square-Sum of SD delay: 0 Square-Sum of DS delay: 0
SD lost packets: 0 DS lost packets: 0
Lost packets for unknown reason: 1000
Voice scores:
MOS value: 0.99 ICPIF value: 87
# Display the most recent result of the path jitter operation with administrator name admin and operation tag test.
<Sysname> display nqa result admin test
NQA entry (admin admin, tag test) test results:
Hop IP 192.168.40.210
Basic Results:
Send operation times: 10
Receive response times: 10
Min/Max/Average round trip time: 1/1/1
Square-Sum of round trip time: 10
Extended Results:
Packet loss ratio: 0%
Failures due to timeout: 0
Failures due to internal error: 0
Failures due to other errors: 0
Packets out of sequence: 0
Packets arrived late: 0
Path-Jitter Results:
Jitter number: 9
Min/Max/Average jitter: 0/0/0
Positive jitter number: 0
Min/Max/Average positive jitter: 0/0/0
Sum/Square-Sum positive jitter: 0/0
Negative jitter number: 0
Min/Max/Average negative jitter: 0/0/0
Sum/Square-Sum negative jitter: 0/0
Hop IP 192.168.50.209
Basic Results:
Send operation times: 10
Receive response times: 10
Min/Max/Average round trip time: 1/1/1
Square-Sum of round trip time: 10
Extended Results:
Packet loss ratio: 0%
Failures due to timeout: 0
Failures due to internal error: 0
Failures due to other errors: 0
Packets out of sequence: 0
Packets arrived late: 0
Path-Jitter Results:
Jitter number: 9
Min/Max/Average jitter: 0/0/0
Positive jitter number: 0
Min/Max/Average positive jitter: 0/0/0
Sum/Square-Sum positive jitter: 0/0
Negative jitter number: 0
Min/Max/Average negative jitter: 0/0/0
Sum/Square-Sum negative jitter: 0/0
# Display the most recent result of the UDP tracert operation with administrator name admin and operation tag test.
<Sysname> display nqa result admin test
NQA entry (admin admin, tag test) test results:
Send operation times: 6 Receive response times: 6
Min/Max/Average round trip time: 35/35/35
Square-Sum of round trip time: 1225
Last succeeded probe time: 2013-09-09 14:23:24.5
Extended results:
Packet loss ratio: 0%
Failures due to timeout: 0
Failures due to internal error: 0
Failures due to other errors: 0
UDP-tracert results:
TTL Hop IP Time
1 3.1.1.1 2013-09-09 14:23:24.5
2 4.1.1.1 2013-09-09 14:23:24.5
Table 9 Command output
Field |
Description |
Data collecting in progress |
The operation is in progress. |
Send operation times |
Number of operations. |
Receive response times |
Number of response packets received. |
Min/Max/Average round trip time |
Minimum/maximum/average round-trip time in milliseconds. |
Square-Sum of round trip time |
Square sum of round-trip time. |
Last succeeded probe time |
Time when the last successful probe was completed. If no probes are successful in an operation, the field displays 0. This field is not available for UDP jitter, path jitter, and voice operations. |
Last packet received time |
Time when the last response packet was received. If no response packets in a probe were received, the field displays 0. This field is available only for UDP jitter and voice operations. |
Packet loss ratio |
Average packet loss ratio. |
Failures due to timeout |
Number of timeout occurrences in an operation. |
Failures due to disconnect |
Number of disconnections by the peer. |
Failures due to no connection |
Number of failures to connect with the peer. |
Failures due to internal error |
Number of failures due to internal errors. |
Failures due to other errors |
Failures due to other errors. |
Packets out of sequence |
Number of failures due to out-of-sequence packets. |
Packets arrived late |
Number of response packets received after a probe times out. |
UDP-jitter results |
UDP jitter operation results. This field is available only for the UDP jitter operation. |
ICMP-jitter results |
ICMP jitter operation results. This field is available only for the ICMP jitter operation. |
Voice results |
Voice operation results. This field is available only for the voice operation. |
RTT number |
Number of response packets received. |
Min positive SD |
Minimum positive jitter from source to destination. |
Min positive DS |
Minimum positive jitter from destination to source. |
Max positive SD |
Maximum positive jitter from source to destination. |
Max positive DS |
Maximum positive jitter from destination to source. |
Positive SD number |
Number of positive jitters from source to destination. |
Positive DS number |
Number of positive jitters from destination to source. |
Positive SD sum |
Sum of positive jitters from source to destination. |
Positive DS sum |
Sum of positive jitters from destination to source. |
Positive SD average |
Average positive jitters from source to destination. |
Positive DS average |
Average positive jitters from destination to source. |
Positive SD square-sum |
Square sum of positive jitters from source to destination. |
Positive DS square-sum |
Square sum of positive jitters from destination to source. |
Min negative SD |
Minimum absolute value among negative jitters from source to destination. |
Min negative DS |
Minimum absolute value among negative jitters from destination to source. |
Max negative SD |
Maximum absolute value among negative jitters from source to destination. |
Max negative DS |
Maximum absolute value among negative jitters from destination to source. |
Negative SD number |
Number of negative jitters from source to destination. |
Negative DS number |
Number of negative jitters from destination to source. |
Negative SD sum |
Sum of absolute values of negative jitters from source to destination. |
Negative DS sum |
Sum of absolute values of negative jitters from destination to source. |
Negative SD average |
Average absolute value of negative jitters from source to destination. |
Negative DS average |
Average absolute value of negative jitters from destination to source. |
Negative SD square-sum |
Square sum of negative jitters from source to destination. |
Negative DS square-sum |
Square sum of negative jitters from destination to source. |
One way results |
Unidirectional delay. This field is available only for the ICMP jitter, UDP jitter, and voice operations. |
Max SD delay |
Maximum delay from source to destination. |
Max DS delay |
Maximum delay from destination to source. |
Min SD delay |
Minimum delay from source to destination. |
Min DS delay |
Minimum delay from destination to source. |
Number of SD delay |
Number of delays from source to destination. |
Number of DS delay |
Number of delays from destination to source. |
Sum of SD delay |
Sum of delays from source to destination. |
Sum of DS delay |
Sum of delays from destination to source. |
Square-Sum of SD delay |
Square sum of delays from source to destination. |
Square-Sum of DS delay |
Square sum of delays from destination to source. |
SD lost packets |
Number of lost packets from the source to the destination. |
DS lost packets |
Number of lost packets from the destination to the source. |
Lost packets for unknown reason |
Number of lost packets for unknown reasons. |
Voice scores |
Voice parameters. This field is available only for the voice operation. |
MOS value |
MOS value calculated for the voice operation. |
ICPIF value |
ICPIF value calculated for the voice operation. |
Hop IP |
IP address of the hop. This field is available only for the path jitter operation. |
Path-jitter results |
Path jitter operation results. This field is available only for the path jitter operation. |
Jitter number |
Number of jitters. This field is available only for the path jitter operation. |
Min/Max/Average jitter |
Minimum/maximum/average jitter in milliseconds. This field is available only for the path jitter operation. |
Positive jitter number |
Number of positive jitter. This field is available only for the path jitter operation. |
Min/Max/Average positive jitter |
Minimum/maximum/average positive jitter in milliseconds. This field is available only for the path jitter operation. |
Sum/Square-Sum positive jitter |
Sum/square sum of the positive jitter. This field is available only for the path jitter operation. |
Negative jitter number |
Number of negative jitter. This field is available only for the path jitter operation. |
Min/Max/Average negative jitter |
Minimum/maximum/average negative jitter in milliseconds. This field is available only for the path jitter operation. |
Sum/Square-Sum negative jitter |
Sum/square sum of the negative jitter. This field is available only for the path jitter operation. |
TTL value in the received reply packet. |
|
IP address of the node that sent the reply packet. |
|
Time when the NQA client received the reply packet. |
display nqa statistics
Use display nqa statistics to display NQA operation statistics.
Syntax
display nqa statistics [ admin-name operation-tag ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
admin-name operation-tag: Specifies an NQA operation by its administrator name and operation tag. The admin-name argument represents the name of the administrator who creates the NQA operation. The operation-tag argument represents the operation tag. Each of the arguments is a case-insensitive string of 1 to 32 characters that cannot contain hyphens (-). If you do not specify an NQA operation, the command displays statistics for all NQA operations.
Usage guidelines
The statistics are generated after the NQA operation completes. If you execute the display nqa statistics command before the operation completes, the statistics are displayed as all 0s.
If a reaction entry is configured, the command displays the monitoring results of the reaction entry in the period specified by the statistics internal command. The result fields display hyphens (-) in one of the following conditions:
· The threshold type is average value.
· The monitored performance metric is ICPIF or MOS for the voice operation.
The command is not available for the UDP tracert operation.
Examples
# Display the statistics for the TCP operation with administrator name admin and operation tag test.
<Sysname> display nqa statistics admin test
NQA entry (admin admin, tag test) test statistics:
NO. : 1
Start time: 2007-01-01 09:30:20.0
Life time: 2 seconds
Send operation times: 1 Receive response times: 1
Min/Max/Average round trip time: 13/13/13
Square-Sum of round trip time: 169
Extended results:
Packet loss ratio: 0%
Failures due to timeout: 0
Failures due to disconnect: 0
Failures due to no connection: 0
Failures due to internal error: 0
Failures due to other errors: 0
# Display the statistics for the ICMP jitter operation with administrator name admin and operation tag test.
<Sysname> display nqa statistics admin test
NQA entry (admin admin, tag test) test statistics:
NO. : 1
Start time: 2015-03-09 17:42:10.7
Life time: 156 seconds
Send operation times: 1560 Receive response times: 1560
Min/Max/Average round trip time: 1/2/1
Square-Sum of round trip time: 1563
Extended results:
Packet loss ratio: 0%
Failures due to timeout: 0
Failures due to internal error: 0
Failures due to other errors: 0
Packets out of sequence: 0
Packets arrived late: 0
ICMP-jitter results:
RTT number: 1560
Min positive SD: 1 Min positive DS: 1
Max positive SD: 1 Max positive DS: 2
Positive SD number: 18 Positive DS number: 46
Positive SD sum: 18 Positive DS sum: 49
Positive SD average: 1 Positive DS average: 1
Positive SD square-sum: 18 Positive DS square-sum: 55
Min negative SD: 1 Min negative DS: 1
Max negative SD: 1 Max negative DS: 2
Negative SD number: 24 Negative DS number: 57
Negative SD sum: 24 Negative DS sum: 58
Negative SD average: 1 Negative DS average: 1
Negative SD square-sum: 24 Negative DS square-sum: 60
One way results:
Max SD delay: 1 Max DS delay: 2
Min SD delay: 1 Min DS delay: 1
Number of SD delay: 4 Number of DS delay: 4
Sum of SD delay: 4 Sum of DS delay: 5
Square-Sum of SD delay: 4 Square-Sum of DS delay: 7
Lost packets for unknown reason: 0
Reaction statistics:
Index Checked Element Threshold Type Checked Num Over-threshold Num
1 jitter-DS accumulate 1500 10
2 jitter-SD average - -
3 OWD-DS - 1560 2
4 OWD-SD - 1560 0
5 packet-loss accumulate 0 0
6 RTT accumulate 1560 0
# Display the statistics for the UDP jitter operation with administrator name admin and operation tag test.
<Sysname> display nqa statistics admin test
NQA entry (admin admin, tag test) test statistics:
NO. : 1
Start time: 2007-01-01 09:33:22.3
Life time: 23 seconds
Send operation times: 100 Receive response times: 100
Min/Max/Average round trip time: 1/11/5
Square-Sum of round trip time: 24360
Extended results:
Packet loss ratio: 0%
Failures due to timeout: 0
Failures due to internal error: 0
Failures due to other errors: 0
Packets out of sequence: 0
Packets arrived late: 0
UDP-jitter results:
RTT number: 550
Min positive SD: 1 Min positive DS: 1
Max positive SD: 7 Max positive DS: 1
Positive SD number: 220 Positive DS number: 97
Positive SD sum: 283 Positive DS sum: 287
Positive SD average: 1 Positive DS average: 2
Positive SD square-sum: 709 Positive DS square-sum: 1937
Min negative SD: 2 Min negative DS: 1
Max negative SD: 10 Max negative DS: 1
Negative SD number: 81 Negative DS number: 94
Negative SD sum: 556 Negative DS sum: 191
Negative SD average: 6 Negative DS average: 2
Negative SD square-sum: 4292 Negative DS square-sum: 967
One way results:
Max SD delay: 5 Max DS delay: 5
Min SD delay: 1 Min DS delay: 1
Number of SD delay: 550 Number of DS delay: 550
Sum of SD delay: 1475 Sum of DS delay: 1201
Square-Sum of SD delay: 5407 Square-Sum of DS delay: 3959
SD lost packets: 0 DS lost packets: 0
Lost packets for unknown reason: 0
Reaction statistics:
Index Checked Element Threshold Type Checked Num Over-threshold Num
1 jitter-DS accumulate 90 25
2 jitter-SD average - -
3 OWD-DS - 100 24
4 OWD-SD - 100 13
5 packet-loss accumulate 0 0
6 RTT accumulate 100 52
# Display the statistics for the voice operation with administrator name admin and operation tag test.
<Sysname> display nqa statistics admin test
NQA entry (admin admin, tag test) test statistics:
NO. : 1
Start time: 2007-01-01 09:33:45.3
Life time: 120 seconds
Send operation times: 10 Receive response times: 10
Min/Max/Average round trip time: 1/12/7
Square-Sum of round trip time: 620
Extended results:
Packet loss ratio: 0%
Failures due to timeout: 0
Failures due to internal error: 0
Failures due to other errors: 0
Packets out of sequence: 0
Packets arrived late: 0
Voice results:
RTT number: 10
Min positive SD: 3 Min positive DS: 1
Max positive SD: 10 Max positive DS: 1
Positive SD number: 3 Positive DS number: 2
Positive SD sum: 18 Positive DS sum: 2
Positive SD average: 6 Positive DS average: 1
Positive SD square-sum: 134 Positive DS square-sum: 2
Min negative SD: 3 Min negative DS: 1
Max negative SD: 9 Max negative DS: 1
Negative SD number: 4 Negative DS number: 2
Negative SD sum: 25 Negative DS sum: 2
Negative SD average: 6 Negative DS average: 1
Negative SD square-sum: 187 Negative DS square-sum: 2
One way results:
Max SD delay: 0 Max DS delay: 0
Min SD delay: 0 Min DS delay: 0
Number of SD delay: 0 Number of DS delay: 0
Sum of SD delay: 0 Sum of DS delay: 0
Square-Sum of SD delay: 0 Square-Sum of DS delay: 0
SD lost packets: 0 DS lost packets: 0
Lost packets for unknown reason: 0
Voice scores:
Max MOS value: 4.40 Min MOS value: 4.40
Max ICPIF value: 0 Min ICPIF value: 0
Reaction statistics:
Index Checked Element Threshold Type Checked Num Over-threshold Num
1 ICPIF - - -
2 MOS - - -
# Display the statistics for the path jitter operation with administrator name admin and operation tag test.
<Sysname> display nqa statistics admin test
NQA entry (admin admin, tag test) test statistics:
NO. : 1
Path 1:
Hop IP 192.168.40.210
Basic Results:
Send operation times: 10
Receive response times: 10
Min/Max/Average round trip time: 1/1/1
Square-Sum of round trip time: 10
Extended Results:
Packet loss ratio: 0%
Failures due to timeout: 0
Failures due to internal error: 0
Failures due to other errors: 0
Packets out of sequence: 0
Packets arrived late: 0
Path-Jitter Results:
Jitter number: 9
Min/Max/Average jitter: 0/0/0
Positive jitter number: 0
Min/Max/Average positive jitter: 0/0/0
Sum/Square-Sum positive jitter: 0/0
Negative jitter number: 0
Min/Max/Average negative jitter: 0/0/0
Sum/Square-Sum negative jitter: 0/0
Hop IP 192.168.50.209
Basic Results:
Send operation times: 10
Receive response times: 10
Min/Max/Average round trip time: 1/1/1
Square-Sum of round trip time: 10
Extended Results:
Packet loss ratio: 0%
Failures due to timeout: 0
Failures due to internal error: 0
Failures due to other errors: 0
Packets out of sequence: 0
Packets arrived late: 0
Path-Jitter Results:
Jitter number: 9
Min/Max/Average jitter: 0/0/0
Positive jitter number: 0
Min/Max/Average positive jitter: 0/0/0
Sum/Square-Sum positive jitter: 0/0
Negative jitter number: 0
Min/Max/Average negative jitter: 0/0/0
Sum/Square-Sum negative jitter: 0/0
Table 10 Command output
Field |
Description |
No. |
Statistics group ID. |
Start time |
Time when the operation started. |
Life time |
Duration of the operation in seconds. |
Send operation times |
Number of probe packets sent. |
Receive response times |
Number of response packets received. |
Min/Max/Average round trip time |
Minimum/maximum/average round-trip time in milliseconds. |
Square-Sum of round trip time |
Square sum of round-trip time. |
Packet loss ratio |
Average packet loss ratio. |
Failures due to timeout |
Number of timeout occurrences in an operation. |
Failures due to disconnect |
Number of disconnections by the peer. |
Failures due to no connection |
Number of failures to connect with the peer. |
Failures due to internal error |
Number of failures due to internal errors. |
Failures due to other errors |
Failures due to other errors. |
Packets out of sequence |
Number of failures due to out-of-sequence packets. |
Packets arrived late |
Number of response packets received after a probe times out. |
UDP-jitter results |
UDP jitter operation results. This field is available only for the UDP jitter operation. |
ICMP-jitter results |
ICMP jitter operation results. This field is available only for the ICMP jitter operation. |
Voice results |
Voice operation results. This field is available only for the voice operation. |
RTT number |
Number of response packets received. |
Min positive SD |
Minimum positive jitter from source to destination. |
Min positive DS |
Minimum positive jitter from destination to source. |
Max positive SD |
Maximum positive jitter from source to destination. |
Max positive DS |
Maximum positive jitter from destination to source. |
Positive SD number |
Number of positive jitters from source to destination. |
Positive DS number |
Number of positive jitters from destination to source. |
Positive SD sum |
Sum of positive jitters from source to destination. |
Positive DS sum |
Sum of positive jitters from destination to source. |
Positive SD average |
Average positive jitters from source to destination. |
Positive DS average |
Average positive jitters from destination to source. |
Positive SD square-sum |
Square sum of positive jitters from source to destination. |
Positive DS square-sum |
Square sum of positive jitters from destination to source. |
Min negative SD |
Minimum absolute value among negative jitters from source to destination. |
Min negative DS |
Minimum absolute value among negative jitters from destination to source. |
Max negative SD |
Maximum absolute value among negative jitters from source to destination. |
Max negative DS |
Maximum absolute value among negative jitters from destination to source. |
Negative SD number |
Number of negative jitters from source to destination. |
Negative DS number |
Number of negative jitters from destination to source. |
Negative SD sum |
Sum of absolute values of negative jitters from source to destination. |
Negative DS sum |
Sum of absolute values of negative jitters from destination to source. |
Negative SD average |
Average absolute value of negative jitters from source to destination. |
Negative DS average |
Average absolute value of negative jitters from destination to source. |
Negative SD square-sum |
Square sum of negative jitters from source to destination. |
Negative DS square-sum |
Square sum of negative jitters from destination to source. |
One way results |
Unidirectional delay result. This field is available only for the ICMP jitter, UDP jitter, and voice operations. |
Max SD delay |
Maximum delay from source to destination. |
Max DS delay |
Maximum delay from destination to source. |
Min SD delay |
Minimum delay from source to destination. |
Min DS delay |
Minimum delay from destination to source. |
Number of SD delay |
Number of delays from source to destination. |
Number of DS delay |
Number of delays from destination to source. |
Sum of SD delay |
Sum of delays from source to destination. |
Sum of DS delay |
Sum of delays from destination to source. |
Square-Sum of SD delay |
Square sum of delays from source to destination. |
Square-Sum of DS delay |
Square sum of delays from destination to source. |
SD lost packets |
Number of lost packets from the source to the destination. |
DS lost packets |
Number of lost packets from the destination to the source. |
Lost packets for unknown reason |
Number of lost packets for unknown reasons. |
Voice scores |
Voice parameters. This field is available only for the voice operation. |
Max MOS value |
Maximum MOS value. |
Min MOS value |
Minimum MOS value. |
Max ICPIF value |
Maximum ICPIF value. |
Min ICPIF value |
Minimum ICPIF value. |
Reaction statistics |
Statistics about the reaction entry in the counting interval. |
Index |
ID of a reaction entry. |
Checked Element |
Monitored element. |
Threshold Type |
Threshold type. |
Checked Num |
Number of targets that have been monitored for data collection. |
Over-threshold Num |
Number of threshold violations. |
Path |
Serial number for the path in the path jitter operation. This field is available only for the path jitter operation. |
Hop IP |
IP address of the hop. This field is available only for the path jitter operation. |
Path-jitter results |
Path jitter operation results. This field is available only for the path jitter operation. |
Jitter number |
Number of jitters. This field is available only for the path jitter operation. |
Min/Max/Average jitter |
Minimum/maximum/average positive jitter in milliseconds. This field is available only for the path jitter operation. |
Positive jitter number |
Number of positive jitters. This field is available only for the path jitter operation. |
Min/Max/Average positive jitter |
Minimum/maximum/average positive jitter in milliseconds. This field is available only for the path jitter operation. |
Sum/Square-Sum positive jitter |
Sum/square sum of positive jitters. This field is available only for the path jitter operation. |
Negative jitter number |
Number of negative jitters. This field is available only for the path jitter operation. |
Min/Max/Average negative jitter |
Minimum/maximum/average negative jitter in milliseconds. This field is available only for the path jitter operation. |
Sum/Square-Sum negative jitter |
Sum/square sum of negative jitters. This field is available only for the path jitter operation. |
Table 11 Description of the threshold monitoring fields
Monitored performance metric |
Threshold type |
Collect data in |
Checked Num |
Over-threshold Num |
probe-duration |
accumulate |
Probes in the counting interval. |
Number of completed probes. |
Number of probes of which the duration exceeds the threshold. |
average |
N/A |
N/A |
N/A |
|
consecutive |
Probes in the counting interval. |
Number of completed probes. |
Number of probes of which the duration exceeds the threshold. |
|
probe-fail |
accumulate |
Probes in the counting interval. |
Number of completed probes. |
Number of probe failures. |
consecutive |
Probes in the counting interval. |
Number of completed probes. |
Number of probe failures. |
|
RTT |
accumulate |
Packets sent in the counting interval. |
Number of sent packets. |
Number of packets of which the round-trip time exceeds the threshold. |
average |
N/A |
N/A |
N/A |
|
jitter-DS/jitter-SD |
accumulate |
Packets sent in the counting interval. |
Number of sent packets. |
Number of packets of which the one-way jitter exceeds the threshold. |
average |
N/A |
N/A |
N/A |
|
OWD-DS/OWD-SD |
N/A |
Packets sent in the counting interval. |
Number of sent packets. |
Number of packets of which the one-way delay exceeds the threshold. |
packet-loss |
accumulate |
Packets sent in the counting interval. |
Number of sent packets. |
Number of packet loss. |
ICPIF |
N/A |
N/A |
N/A |
N/A |
MOS |
N/A |
N/A |
N/A |
N/A |
Related commands
statistics interval
filename
Use filename to specify a file to be transferred between the FTP server and the FTP client.
Use undo filename to restore the default.
Syntax
filename filename
undo filename
Default
No file is specified.
Views
FTP operation view
Predefined user roles
network-admin
Parameters
filename: Specifies the name of a file, a case-sensitive string of 1 to 200 characters that cannot contain slashes (/).
Examples
# Specify config.txt as the file to be transferred between the FTP server and the FTP client for the FTP operation.
<Sysname> system-view
[Sysname] nqa entry admin test
[Sysname-nqa-admin-test] type ftp
[Sysname-nqa-admin-test-ftp] filename config.txt
frequency
Use frequency to specify the interval at which the NQA operation repeats.
Use undo frequency to restore the default.
Syntax
frequency interval
undo frequency
Default
The interval between two consecutive voice or path jitter operations is 60000 milliseconds. The interval between two consecutive operations of other types is 0 milliseconds.
Views
DHCP/DLSw/DNS/FTP/HTTP/SNMP/TCP/voice operation view
ICMP/UDP echo operation view
ICMP/path/UDP jitter operation view
UDP tracert operation view
Predefined user roles
network-admin
Parameters
interval: Specifies the interval between two consecutive operations, in the range of 0 to 604800000 milliseconds. An interval of 0 milliseconds configures NQA to perform the operation only once, and not to generate any statistics.
Usage guidelines
If an operation is not completed when the interval is reached, the next operation does not start.
Examples
# Configure the ICMP echo operation to repeat every 1000 milliseconds.
<Sysname> system-view
[Sysname] nqa entry admin test
[Sysname-nqa-admin-test] type icmp-echo
[Sysname-nqa-admin-test-icmp-echo] frequency 1000
history-record enable
Use history-record enable to enable the saving of history records for the NQA operation.
Use undo history-record enable to disable the saving of history records.
Syntax
history-record enable
undo history-record enable
Default
The saving of history records is enabled only for the UDP tracert operation.
Views
DHCP/DLSw/DNS/FTP/HTTP/SNMP/TCP operation view
ICMP/UDP echo operation view
UDP tracert operation view
Predefined user roles
network-admin
Usage guidelines
To display the history records of the NQA operation, use the display nqa history command.
The undo form of the command also removes existing history records of an NQA operation.
Examples
# Enable the saving of history records for the NQA operation.
<Sysname> system-view
[Sysname] nqa entry admin test
[Sysname-nqa-admin-test] type icmp-echo
[Sysname-nqa-admin-test-icmp-echo] history-record enable
Related commands
display nqa history
history-record keep-time
Use history-record keep-time to set the lifetime of history records for an NQA operation.
Use undo history-record keep-time to restore the default.
Syntax
history-record keep-time keep-time
undo history-record keep-time
Default
The history records of an NQA operation are kept for 120 minutes.
Views
DHCP/DLSw/DNS/FTP/HTTP/SNMP/TCP operation view
ICMP/UDP echo operation view
UDP tracert operation view
Predefined user roles
network-admin
Parameters
keep-time: Specifies how long the history records can be saved. The value range is 1 to 1440 minutes.
Usage guidelines
When an NQA operation completes, the timer starts. All records are removed when the lifetime is reached.
Examples
# Set the lifetime of the history records to 100 minutes for the ICMP echo operation.
<Sysname> system-view
[Sysname] nqa entry admin test
[Sysname-nqa-admin-test] type icmp-echo
[Sysname-nqa-admin-test-icmp-echo] history-record keep-time 100
history-record number
Use history-record number to set the maximum number of history records that can be saved for an NQA operation.
Use undo history-record number to restore the default.
Syntax
history-record number number
undo history-record number
Default
A maximum of 50 history records can be saved for an NQA operation.
Views
DHCP/DLSw/DNS/FTP/HTTP/SNMP/TCP operation view
ICMP/UDP echo operation view
UDP tracert operation view
Predefined user roles
network-admin
Parameters
number: Specifies the maximum number of history records that can be saved for an NQA operation. The value range is 0 to 50.
Usage guidelines
If the number of history records for an NQA operation exceeds the maximum number, earliest history records are removed.
Examples
# Set the maximum number of history records to 10 for the ICMP echo operation.
<Sysname> system-view
[Sysname] nqa entry admin test
[Sysname-nqa-admin-test] type icmp-echo
[Sysname-nqa-admin-test-icmp-echo] history-record number 10
init-ttl
Use init-ttl to set the TTL value for UDP packets in the start round of the UDP tracert operation.
Use undo init-ttl to restore the default.
Syntax
Default
The NQA client sends a UDP packet with the TTL value 1 to start the UDP tracert operation.
Views
UDP tracert operation view
Predefined user roles
Parameters
value: Specifies the TTL value in the range of 1 to 255.
Examples
# Set the TTL value to 5 for the UDP packets in the start round.
[Sysname] nqa entry admin test
[Sysname-nqa-admin-test] type udp-tracert
[Sysname-nqa-admin-test-udp-tracert] init-ttl 5
lsr-path
Use lsr-path to specify a loose source routing (LSR) path.
Use undo lsr-path to restore the default.
Syntax
lsr-path ip-address&<1-8>
undo lsr-path
Default
No LSR path is configured.
Views
Path jitter operation view
Predefined user roles
network-admin
Parameters
ip-address&<1-8>: Specifies a space-separated list of up to eight IP addresses. Each IP address represents a hop on the path.
Usage guidelines
The path jitter operation first uses tracert to detect each hop to the destination. It then sends ICMP echo requests to measure the delay and jitters from the source to each node. If multiple routes exist between the source and destination, the operation uses the path specified by using lsr-path command.
Examples
# Specify 10.1.1.20 and 10.1.2.10 as the hops on the LSR path for the path jitter operation.
<Sysname> system-view
[Sysname] nqa entry admin test
[Sysname-nqa-admin-test] type path-jitter
[Sysname-nqa-admin-test- path-jitter] lsr-path 10.1.1.20 10.1.2.10
max-failure
Use max-failure to set the maximum number of consecutive probe failures in a UDP tracert operation.
Use undo max-failure to restore the default.
Syntax
Default
A UDP tracert operation stops and fails when it detects five consecutive probe failures.
Views
UDP tracert operation view
Predefined user roles
Parameters
Usage guidelines
When a UDP tracert operation detects the maximum number of consecutive probe failures, the operation fails and stops probing the path.
Examples
# Set the maximum number of consecutive probe failures to 20 in a UDP tracert operation.
[Sysname] nqa entry admin test
[Sysname-nqa-admin-test] type udp-tracert
[Sysname-nqa-admin-test-udp-tracert] max-failure 20
mode
Use mode to set the data transmission mode for the FTP operation.
Use undo mode to restore the default.
Syntax
mode { active | passive }
undo mode
Default
The FTP operation uses the active data transmission mode.
Views
FTP operation view
Predefined user roles
network-admin
Parameters
active: Sets the data transmission mode to active. The FTP server initiates a connection request.
passive: Sets the data transmission mode to passive. The FTP client initiates a connection request.
Examples
# Set the data transmission mode to passive for the FTP operation.
<Sysname> system-view
[Sysname] nqa entry admin test
[Sysname-nqa-admin-test] type ftp
[Sysname-nqa-admin-test-ftp] mode passive
next-hop ip
Use next-hop ip to specify the next hop IPv4 address for probe packets.
Use undo next-hop ip to restore the default.
Syntax
next-hop ip ip-address
undo next-hop ip
Default
No next hop IPv4 address is specified for probe packets.
Views
ICMP echo operation view
Predefined user roles
network-admin
Parameters
ip-address: Specifies the IPv4 address of the next hop.
Usage guidelines
If the next hop IPv4 address is not configured, the device searches the routing table to determine the next hop IPv4 address for the probe packets.
Examples
# Specify 10.1.1.1 as the next hop IPv4 address for the ICMP echo operation.
<Sysname> system-view
[Sysname] nqa entry admin test
[Sysname-nqa-admin-test] type icmp-echo
[Sysname-nqa-admin-test-icmp-echo] next-hop ip 10.1.1.1
next-hop ipv6
Use next-hop ipv6 to specify the next hop IPv6 address for probe packets.
Use undo next-hop ipv6 to restore the default.
Syntax
next-hop ipv6 ipv6-address
undo next-hop ipv6
Default
No next hop IPv6 address is specified for probe packets.
Views
ICMP echo operation view
Predefined user roles
network-admin
Parameters
ipv6-address: Specifies the IPv6 address of the next hop. IPv6 link-local addresses are not supported.
Usage guidelines
If the next hop IPv6 address is not configured, the device searches the routing table to determine the next hop IPv6 address for the probe packets.
Examples
# Specify 10::1 as the next hop IPv6 address for the ICMP echo operation.
[Sysname] nqa entry admin test
[Sysname-nqa-admin-test] type icmp-echo
[Sysname-nqa-admin-test-icmp-echo] next-hop ipv6 10::1
no-fragment enable
Use no-fragment enable to enable the no-fragmentation feature.
Use undo no-fragment enable to disable the no-fragmentation feature.
Syntax
Default
The no-fragmentation feature is disabled.
Views
UDP tracert operation view
Predefined user roles
Usage guidelines
You can use this command to test the path MTU of a link.
Examples
# Enable the no-fragmentation feature for the UDP tracert operation.
[Sysname] nqa entry admin test
[Sysname-nqa-admin-test] type udp-tracert
[Sysname-nqa-admin-test-udp-tracert] no-fragment enable
nqa
Use nqa to create an NQA operation and enter its view, or enter the view of an existing NQA operation.
Use undo nqa to remove the operation.
Syntax
nqa entry admin-name operation-tag
undo nqa { all | entry admin-name operation-tag }
Default
No NQA operations exist.
Views
System view
Predefined user roles
network-admin
Parameters
admin-name operation-tag: Specifies an NQA operation by its administrator name and operation tag. The admin-name argument represents the name of the administrator who creates the NQA operation. The operation-tag argument represents the operation tag. Each of the arguments is a case-insensitive string of 1 to 32 characters that cannot contain hyphens (-).
all: Removes all NQA operations.
Usage guidelines
After you create an NQA operation, use the type command to specify the operation type for it. Then, you can use the nqa entry command to directly enter the NQA operation type view.
Only one operation type can be specified for one NQA operation.
Examples
# Create an NQA operation with administrator name admin and operation tag test, and enter NQA operation view.
<Sysname> system-view
[Sysname] nqa entry admin test
[Sysname-nqa-admin-test]
nqa agent enable
Use nqa agent enable to enable the NQA client.
Use undo nqa agent enable to disable the NQA client and stop all operations being performed.
Syntax
nqa agent enable
undo nqa agent enable
Default
The NQA client is enabled.
Views
System view
Predefined user roles
network-admin
Examples
# Enable the NQA client.
<Sysname> system-view
[Sysname] nqa agent enable
Related commands
nqa server enable
nqa schedule
Use nqa schedule to configure scheduling parameters for an NQA operation.
Use undo nqa schedule to stop the operation.
Syntax
nqa schedule admin-name operation-tag start-time { hh:mm:ss [ yyyy/mm/dd | mm/dd/yyyy ] | now } lifetime { lifetime | forever } [ recurring ]
undo nqa schedule admin-name operation-tag
Default
No schedule is configured for an NQA operation.
Views
System view
Predefined user roles
network-admin
Parameters
admin-name operation-tag: Specifies an NQA operation by its administrator name and operation tag. The admin-name argument represents the name of the administrator who creates the NQA operation. The operation-tag argument represents the operation tag. Each of the arguments is a case-insensitive string of 1 to 32 characters that cannot contain hyphens (-).
start-time: Specifies the start time and date of the NQA operation.
hh:mm:ss: Specifies the start time of an NQA operation.
yyyy/mm/dd: Specifies the start date of an NQA operation. The default value is the current system time, and the value for the yyyy argument is in the range of 2000 to 2035.
mm/dd/yyyy: Specifies the start date of an NQA operation. The default value is the current system time, and the value for the yyyy argument is in the range of 2000 to 2035.
now: Starts the operation immediately.
lifetime: Specifies the duration of an operation.
lifetime: Specifies the duration of an operation in seconds. The value range is 1 to 2147483647.
forever: Performs the operation until you stop it by using the undo nqa schedule command.
recurring: Runs the operation automatically at the start time and for the specified duration. If you do not specify this keyword, the NQA operation is performed only once at the specified date and time.
Usage guidelines
You cannot enter the view of a scheduled NQA operation. If you want to enter such a view, use the undo nqa schedule command to stop the NQA operation first.
The NQA operation works between the specified start time and the end time (the start time plus operation duration). If the specified start time is ahead of the system time, the operation starts immediately. If both the specified start time and end time are ahead of the system time, the operation does not start. To display the current system time, use the display clock command.
Specify a lifetime long enough for an operation to complete.
Examples
# Schedule the operation with administrator name admin and operation tag test to start on 08:08:08 2008/08/08 and last 1000 seconds.
<Sysname> system-view
[Sysname] nqa schedule admin test start-time 08:08:08 2008/08/08 lifetime 1000 recurring
Related commands
destination ip
display clock (Fundamentals Command Reference)
nqa entry
type
operation (FTP operation view)
Use operation to specify the operation type for the FTP operation.
Use undo operation to restore the default.
Syntax
operation { get | put }
undo operation
Default
The FTP operation type is get.
Views
FTP operation view
Predefined user roles
network-admin
Parameters
get: Gets a file from the FTP server.
put: Transfers a file to the FTP server.
Usage guidelines
When you perform the put operation with the filename command configured, make sure the file exists on the NQA client.
If you get a file from the FTP server, make sure the file specified in the URL exists on the FTP server. The NQA client does not save the file obtained from the FTP server.
Use a small file for the FTP operation. A big file might result in transfer failure because of timeout, or might affect other services for occupying much network bandwidth.
Examples
# Set the operation type to put for the FTP operation.
<Sysname> system-view
[Sysname] nqa entry admin test
[Sysname-nqa-admin-test] type ftp
[Sysname-nqa-admin-test-ftp] operation put
Related commands
operation (HTTP operation view)
Use operation to specify the operation type for the HTTP operation.
Use undo operation to restore the default.
Syntax
operation { get | post | raw }
undo operation
Default
The HTTP operation type is get.
Views
HTTP operation view
Predefined user roles
network-admin
Parameters
get: Gets data from the HTTP server.
post: Transfers data to the HTTP server.
raw: Sends the RAW request to the HTTP server.
Usage guidelines
The HTTP operation use HTTP requests as probe packets.
For the get or post operation, the content in the request is obtained from the URL specified by the url command.
For the raw operation, the content in the request is configured in raw request view. You can use the raw-request command to enter the raw request view.
Examples
# Set the operation type to raw for the HTTP operation.
<Sysname> system-view
[Sysname] nqa entry admin test
[Sysname-nqa-admin-test] type http
[Sysname-nqa-admin-test-http] operation raw
password
raw-request
username
out interface
Use out interface to specify the output interface for probe packets.
Use undo out interface to restore the default.
Syntax
out interface interface-type interface-number
Default
The output interface for probe packets is not specified. The NQA client determines the output interface based on the routing table lookup.
Views
ICMP echo operation view
UDP jitter operation view
UDP tracert operation view
Predefined user roles
Parameters
interface-type interface-number: Specifies an interface by its type and number.
Usage guidelines
For successful operation, the specified output interface must be up.
Examples
# Specify GigabitEthernet 1/0/1 as the output interface for probe packets in the UDP tracert operation.
[Sysname] nqa entry admin test
[Sysname-nqa-admin-test] type udp-tracert
[Sysname-nqa-admin-test-udp-tracert] out interface gigabitethernet 1/0/1
password
Use password to specify a password.
Use undo password to restore the default.
Syntax
password { cipher | simple } string
undo password
Default
No password is specified.
Views
FTP operation view
HTTP operation view
Predefined user roles
network-admin
Parameters
cipher: Specifies a password in encrypted form.
simple: Specifies a password in plaintext form. For security purposes, the password specified in plaintext form will be stored in encrypted form.
string: Specifies the password. The plaintext form of the password is a case-sensitive string of 1 to 32 characters. The encrypted form of the password is a case-sensitive string of 1 to 73 characters.
Examples
# Set the FTP login password to ftpuser.
<Sysname> system-view
[Sysname] nqa entry admin test
[Sysname-nqa-admin-test] type ftp
[Sysname-nqa-admin-test-ftp] password simple ftpuser
Related commands
operation
username
probe count
Use probe count to specify the probe times.
Use undo probe count to restore the default.
Syntax
probe count times
undo probe count
Default
In an UDP tracert operation, the NQA client sends three probe packets to each hop along the path.
In other types of operations, the NQA client performs one probe to the destination per operation.
Views
DHCP/DLSw/DNS/FTP/HTTP/SNMP/TCP operation view
ICMP/UDP echo operation view
ICMP/UDP jitter operation view
UDP tracert operation view
Predefined user roles
network-admin
Parameters
times: Specifies the probe times.
· For the UDP tracert operation, this argument specifies the times of probes to each hop along the path. The value range for this argument is 1 to 10.
· For other types of operations, this argument specifies the times of probes to the destination per operation. The value range for this argument is 1 to 15.
Usage guidelines
The following describes how NQA performs different types of operations:
· A TCP or DLSw operation sets up a connection.
· A UDP jitter operation sends a number of probe packets. The number of probe packets is set by using the probe packet-number command.
· An FTP operation uploads or downloads a file.
· An HTTP operation gets a Web page.
· A DHCP operation gets an IP address through DHCP.
· A DNS operation translates a domain name to an IP address.
· An ICMP echo sends an ICMP echo request.
· A UDP echo operation sends a UDP packet.
· An SNMP operation sends one SNMPv1 packet, one SNMPv2c packet, and one SNMPv3 packet.
· A path jitter operation is accomplished in the following steps:
a. The operation uses tracert to obtain the path from the NQA client to the destination. A maximum of 64 hops can be detected.
b. The NQA client sends ICMP echo requests to each hop along the path. The number of ICMP echo requests is set by using the probe packet-number command.
· A UDP tracert operation determines the routing path from the source to the destination. The number of probe packets sent to each hop is set by using the probe count command.
If an operation is to perform multiple probes, the NQA client starts a new probe in one of the following conditions:
· The NQA client receives responses to packets sent in the last probe.
· The probe timeout time expires.
This command is not available for the voice or path jitter operations. Each of these operations performs only one probe.
Examples
# Configure the ICMP echo operation to perform 10 probes.
<Sysname> system-view
[Sysname] nqa entry admin test
[Sysname-nqa-admin-test] type icmp-echo
[Sysname-nqa-admin-test-icmp-echo] probe count 10
probe packet-interval
Use probe packet-interval to configure the packet sending interval in the probe.
Use undo probe packet-interval to restore the default.
Syntax
probe packet-interval interval
undo probe packet-interval
Default
The packet sending interval is 20 milliseconds.
Views
ICMP jitter operation view
Path jitter operation view
UDP jitter operation view
Voice operation view
Predefined user roles
network-admin
Parameters
interval: Specifies the sending interval in the range of 10 to 60000 milliseconds.
Examples
# Configure the UDP jitter operation to send packets every 100 milliseconds.
<Sysname> system-view
[Sysname] nqa entry admin test
[Sysname-nqa-admin-test] type udp-jitter
[Sysname-nqa-admin-test-udp-jitter] probe packet-interval 100
probe packet-number
Use probe packet-number to set the number of packets to be sent in a UDP jitter, path jitter, or voice probe.
Use undo probe packet-number to restore the default.
Syntax
probe packet-number packet-number
undo probe packet-number
Default
A UDP jitter or path jitter probe sends 10 packets and a voice probe sends 1000 packets.
Views
ICMP jitter operation view
Path jitter operation view
UDP jitter operation view
Voice operation view
Predefined user roles
network-admin
Parameters
packet-number: Specifies the number of packets to be sent per probe. Available value ranges include:
· 10 to 1000 for the ICMP jitter, UDP jitter, or path jitter operation.
· 10 to 60000 for the voice operation.
Examples
# Configure the UDP jitter probe to send 100 packets.
<Sysname> system-view
[Sysname] nqa entry admin test
[Sysname-nqa-admin-test] type udp-jitter
[Sysname-nqa-admin-test-udp-jitter] probe packet-number 100
probe packet-timeout
Use probe packet-timeout to set the timeout time for waiting for a response in the UDP jitter, path jitter, or voice operation.
Use undo probe packet-timeout to restore the default.
Syntax
probe packet-timeout timeout
undo probe packet-timeout
Default
The response timeout time in the ICMP jitter, UDP jitter, and path jitter operations is 3000 milliseconds.
The response timeout time in the voice operation is 5000 milliseconds.
Views
ICMP jitter operation view
Path jitter operation view
UDP jitter operation view
Voice operation view
Predefined user roles
network-admin
Parameters
timeout: Specifies the timeout time in milliseconds. The value range is 10 to 3600000.
Examples
# Set the response timeout time to 100 milliseconds in the UDP jitter operation.
<Sysname> system-view
[Sysname] nqa entry admin test
[Sysname-nqa-admin-test] type udp-jitter
[Sysname-nqa-admin-test-udp-jitter] probe packet-timeout 100
probe timeout
Use probe timeout to set the probe timeout time.
Use undo probe timeout to restore the default.
Syntax
probe timeout timeout
undo probe timeout
Default
The timeout time of a probe is 3000 milliseconds.
Views
DHCP/DLSw/DNS/FTP/HTTP/SNMP/TCP operation view
ICMP/UDP echo operation view
UDP tracert operation view
Predefined user roles
network-admin
Parameters
timeout: Specifies the probe timeout time in milliseconds. Available value ranges include:
· 10 to 86400000 for the FTP or HTTP operation.
· 10 to 3600000 for the DHCP, DNS, DLSw, ICMP echo, SNMP, TCP, UDP echo, or UDP tracert operation.
Usage guidelines
If a probe does not complete within the period, the probe is timed out.
Examples
# Set the probe timeout time to 10000 milliseconds for the DHCP operation.
<Sysname> system-view
[Sysname] nqa entry admin test
[Sysname-nqa-admin-test] type dhcp
[Sysname-nqa-admin-test-dhcp] probe timeout 10000
raw-request
Use raw-request to enter raw request view and specify the content of an HTTP request.
Use undo raw-request to restore the default.
Syntax
raw-request
undo raw-request
Default
The contents of an HTTP raw request are not specified.
Views
HTTP operation view
Predefined user roles
network-admin
Usage guidelines
This command places you in raw request view and deletes the previously configured request content. To ensure successful operations, make sure the request content is in the correct format.
If the HTTP operation type is set to raw, you must enter raw request view and configure the request content to be sent to the HTTP server.
Examples
# Enter raw request view and specify the content of a GET request for the HTTP operation.
<Sysname> system-view
[Sysname] nqa entry admin test
[Sysname-nqa-admin-test] type http
[Sysname-nqa-admin-test-http] raw-request
[Sysname-nqa-admin-test-http-raw-request] GET /sdn/ui/app/index HTTP/1.0\r\nHost: 172.0.0.2\r\n\r\n
reaction checked-element { jitter-ds | jitter-sd }
Use reaction checked-element { jitter-ds | jitter-sd } to configure a reaction entry for monitoring one-way jitter in the NQA operation.
Use undo reaction to delete the specified reaction entry.
Syntax
reaction item-number checked-element { jitter-ds | jitter-sd } threshold-type { accumulate accumulate-occurrences | average } threshold-value upper-threshold lower-threshold [ action-type { none | trap-only } ]
undo reaction item-number
Default
No reaction entries for monitoring one-way jitter exist.
Views
ICMP jitter operation view
UDP jitter operation view
Voice operation view
Predefined user roles
network-admin
Parameters
item-number: Assigns an ID to the reaction entry, in the range of 1 to 10.
jitter-ds: Specifies the destination-to-source jitter of each probe packet as the monitored element (or performance metric).
jitter-sd: Specifies source-to-destination jitter of each probe packet as the monitored element.
threshold-type: Specifies a threshold type.
accumulate accumulate-occurrences: Checks the total number of threshold violations in the operation. The value range is 1 to 14999 for the ICMP jitter and UDP jitter operations, and 1 to 59999 for the voice operation.
average: Checks the average one-way jitter.
threshold-value: Specifies threshold range in milliseconds.
upper-threshold: Specifies the upper limit in the range of 0 to 3600000.
lower-threshold: Specifies the lower limit in the range of 0 to 3600000. It must not be greater than the upper limit.
action-type: Specifies the action to be triggered. The default action is none.
none: Specifies the action of displaying results on the terminal display.
trap-only: Specifies the action of displaying results on the terminal display and meanwhile sending SNMP trap messages to the NMS.
Usage guidelines
You cannot edit a reaction entry after it is created. To change the attributes in a reaction entry, use the undo reaction command to delete the entry, and then configure a new one.
Only successful probe packets are monitored. Statistics about failed probe packets are not collected.
Examples
# Create reaction entry 1 for monitoring the average destination-to-source jitter of UDP jitter packets, and set the upper limit to 50 milliseconds and the lower limit to 5 milliseconds. Before the NQA operation starts, the initial state of the reaction entry is invalid. After the operation, the average destination-to-source jitter is checked against the threshold range. If it exceeds the upper limit, the state of the reaction entry is set to over-threshold. If it is below the lower limit, the state is set to below-threshold. Once the state of the reaction entry changes, a trap message is generated and sent to the NMS.
<Sysname> system-view
[Sysname] nqa entry admin test
[Sysname-nqa-admin-test] type udp-jitter
[Sysname-nqa-admin-test-udp-jitter] reaction 1 checked-element jitter-ds threshold-type average threshold-value 50 5 action-type trap-only
# Create reaction entry 2 for monitoring the destination-to-source jitter of UDP jitter probe packets, and set the upper limit to 50 milliseconds, and the lower limit to 5 milliseconds. Before the NQA operation starts, the initial state of the reaction entry is invalid. After the operation, the destination-to-source jitter is checked against the threshold range. If the total number of threshold violations reaches or exceeds 100, the state of the entry is set to over-threshold. Otherwise, the state of the entry is set to below-threshold. Once the state of the reaction entry changes, a trap message is generated and sent to the NMS.
<Sysname> system-view
[Sysname] nqa entry admin test
[Sysname-nqa-admin-test] type udp-jitter
[Sysname-nqa-admin-test-udp-jitter] reaction 2 checked-element jitter-ds threshold-type accumulate 100 threshold-value 50 5 action-type trap-only
reaction checked-element { owd-ds | owd-sd }
Use reaction checked-element { owd-ds | owd-sd } to configure a reaction entry for monitoring the one-way delay.
Use undo reaction to delete the specified reaction entry.
Syntax
reaction item-number checked-element { owd-ds | owd-sd } threshold-value upper-threshold lower-threshold
undo reaction item-number
Default
No reaction entries for monitoring the one-way delay exist.
Views
ICMP jitter operation view
UDP jitter operation view
Voice operation view
Predefined user roles
network-admin
Parameters
item-number: Assigns an ID to the reaction entry, in the range of 1 to 10.
owd-ds: Specifies the destination-to-source delay of each probe packet as the monitored element.
owd-sd: Specifies the source-to-destination delay of each probe packet as the monitored element.
threshold-value: Specifies threshold range in milliseconds.
upper-threshold: Specifies the upper limit in the range of 0 to 3600000.
lower-threshold: Specifies the lower limit in the range of 0 to 3600000. It must not be greater than the upper limit.
Usage guidelines
You cannot edit a reaction entry after it is created. To change the attributes in a reaction entry, use the undo reaction command to delete the entry, and then configure a new one.
Only successful probe packets are monitored. Statistics about failed probe packets are not collected.
No actions can be configured for a reaction entry of monitoring one-way delays. To display the monitoring results and statistics, use the display nqa reaction counters and display nqa statistics commands.
Examples
# Create reaction entry 1 for monitoring the destination-to-source delay of every UDP jitter packet, and set the upper limit to 50 milliseconds and lower limit to 5 milliseconds. Before the NQA operation starts, the initial state of the reaction entry is invalid. The destination-to-source delay is calculated after the response to the probe packet arrives. If the delay exceeds the upper limit, the state of the reaction entry is set to over-threshold. If it is below the lower limit, the state is set to below-threshold. Once the state of the reaction entry changes, a trap message is generated and sent to the NMS.
<Sysname> system-view
[Sysname] nqa entry admin test
[Sysname-nqa-admin-test] type udp-jitter
[Sysname-nqa-admin-test-udp-jitter] reaction 1 checked-element owd-ds threshold-value 50 5
reaction checked-element icpif
Use reaction checked-element icpif to configure a reaction entry for monitoring the ICPIF value in the voice operation.
Use undo reaction to delete the specified reaction entry.
Syntax
reaction item-number checked-element icpif threshold-value upper-threshold lower-threshold [ action-type { none | trap-only } ]
undo reaction item-number
Default
No reaction entries for monitoring ICPIF values exist.
Views
Voice operation view
Predefined user roles
network-admin
Parameters
item-number: Assigns an ID to the reaction entry, in the range of 1 to 10.
threshold-value: Specifies threshold range.
upper-threshold: Specifies the upper limit in the range of 1 to 100.
lower-threshold: Specifies the lower limit in the range of 1 to 100. It must not be greater than the upper limit.
action-type: Specifies what action to be triggered. The default action is none.
none: Specifies the action of displaying results on the terminal display.
trap-only: Specifies the action of displaying results on the terminal display and meanwhile sending SNMP trap messages to the NMS.
Usage guidelines
You cannot edit a reaction entry after it is created. To change the attributes in a reaction entry, use the undo reaction command to delete the entry, and then configure a new one.
Examples
# Create reaction entry 1 for monitoring the ICPIF value in the voice operation, and set the upper limit to 50 and lower limit to 5. Before the voice operation starts, the initial state of the reaction entry is invalid. After the operation, the ICPIF value is checked against the threshold range. If it exceeds the upper limit, the state of the reaction entry is set to over-threshold. If it is below the lower limit, the state is set to below-threshold. Once the state of the reaction entry changes, a trap message is generated and sent to the NMS.
<Sysname> system-view
[Sysname] nqa entry admin test
[Sysname-nqa-admin-test] type voice
[Sysname-nqa-admin-test-voice] reaction 1 checked-element icpif threshold-value 50 5 action-type trap-only
reaction checked-element mos
Use reaction checked-element mos to configure a reaction entry for monitoring the MOS value in the voice operation.
Use undo reaction to delete the specified reaction entry.
Syntax
reaction item-number checked-element mos threshold-value upper-threshold lower-threshold [ action-type { none | trap-only } ]
undo reaction item-number
Default
No reaction entries for monitoring the MOS value exist.
Views
Voice operation view
Predefined user roles
network-admin
Parameters
item-number: Assigns an ID to the reaction entry, in the range of 1 to 10.
threshold-value: Specifies threshold range.
upper-threshold: Specifies the upper limit in the range of 1 to 500.
lower-threshold: Specifies the lower limit in the range of 1 to 500. It must not be greater than the upper limit.
action-type: Specifies what action to be triggered. The default action is none.
none: Specifies the action of displaying results on the terminal display.
trap-only: Specifies the action of displaying results on the terminal display and meanwhile sending SNMP trap messages to the NMS.
Usage guidelines
You cannot edit a reaction entry after it is created. To change the attributes in a reaction entry, use the undo reaction command to delete the entry, and then configure a new one.
For the MOS threshold, the number is expressed in three digits representing ones, tenths, and hundredths. For example, to express a MOS threshold of 1, enter 100.
Examples
# Create reaction entry 1 for monitoring the MOS value of the voice operation, and set the upper limit to 2 and lower limit to 1. Before the NQA operation starts, the initial state of the reaction entry is invalid. After the operation, the MOS value is checked against the threshold range. If it exceeds the upper limit, the state of the reaction entry is set to over-threshold. If it is below the lower limit, the state is set to below-threshold. Once the state of the reaction entry changes, a trap message is generated and sent to the NMS.
<Sysname> system-view
[Sysname] nqa entry admin test
[Sysname-nqa-admin-test] type voice
[Sysname-nqa-admin-test-voice] reaction 1 checked-element mos threshold-value 200 100 action-type trap-only
reaction checked-element packet-loss
Use reaction checked-element packet-loss to configure a reaction entry for monitoring packet loss in UDP jitter or voice operation.
Use undo reaction to delete the specified reaction entry.
Syntax
reaction item-number checked-element packet-loss threshold-type accumulate accumulate-occurrences [ action-type { none | trap-only } ]
undo reaction item-number
Default
No reaction entries for monitoring packet loss exist.
Views
ICMP jitter operation view
UDP jitter operation view
Voice operation view
Predefined user roles
network-admin
Parameters
item-number: Assigns an ID to the reaction entry, in the range of 1 to 10.
threshold-type: Specifies a threshold type.
accumulate accumulate-occurrences: Specifies the total number of lost packets in the operation. The value range is 1 to 15000 for the ICMP jitter and UDP jitter operations, and 1 to 60000 for the voice operation.
action-type: Specifies what action to be triggered. The default action is none.
none: Specifies the action of displaying results on the terminal display.
trap-only: Specifies the action of displaying results on the terminal display and meanwhile sending SNMP trap messages to the NMS.
Usage guidelines
You cannot edit a reaction entry after it is created. To change the attributes in a reaction entry, use the undo reaction command to delete the entry, and then configure a new one.
Examples
# Create reaction entry 1 for monitoring packet loss in the UDP jitter operation. Before the NQA operation starts, the initial state of the reaction entry is invalid. After the operation, the total number of the lost packets is checked against the threshold. If the number reaches or exceeds 100, the state of the reaction entry is set to over-threshold. Otherwise, the state is set to below-threshold. Once the state of the reaction entry changes, a trap message is generated and sent to the NMS.
<Sysname> system-view
[Sysname] nqa entry admin test
[Sysname-nqa-admin-test] type udp-jitter
[Sysname-nqa-admin-test-udp-jitter] reaction 1 checked-element packet-loss threshold-type accumulate 100 action-type trap-only
reaction checked-element probe-duration
Use reaction checked-element probe-duration to configure a reaction entry for monitoring the probe duration.
Use undo reaction to delete the specified reaction entry.
Syntax
reaction item-number checked-element probe-duration threshold-type { accumulate accumulate-occurrences | average | consecutive consecutive-occurrences } threshold-value upper-threshold lower-threshold [ action-type { none | trap-only } ]
undo reaction item-number
Default
No reaction entries for monitoring the probe duration exist.
Views
DHCP/DLSw/DNS/FTP/HTTP/SNMP/TCP operation view
ICMP/UDP echo operation view
Predefined user roles
network-admin
Parameters
item-number: Assigns an ID to the reaction entry, in the range of 1 to 10.
threshold-type: Specifies a threshold type.
accumulate accumulate-occurrences: Checks the total number of threshold violations. The value range is 1 to 15.
average: Checks the average probe duration.
consecutive consecutive-occurrences: Specifies the number of consecutive threshold violations after the NQA operation starts. The value range is 1 to 16.
threshold-value: Specifies threshold range in milliseconds.
upper-threshold: Specifies the upper limit in the range of 0 to 3600000.
lower-threshold: Specifies the lower limit in the range of 0 to 3600000. It must not be greater than the upper threshold.
action-type: Specifies what action to be triggered. The default action is none.
none: Specifies the action of displaying results on the terminal display.
trap-only: Specifies the action of displaying results on the terminal display and meanwhile sending SNMP trap messages to the NMS. This keyword is not available for the DNS operation.
Usage guidelines
You cannot edit a reaction entry after it is created. To change the attributes in a reaction entry, use the undo reaction command to delete the entry, and then configure a new one.
Only successful probe packets are monitored. Statistics about failed probe packets are not collected.
Examples
# Create reaction entry 1 for monitoring the average probe duration of ICMP echo operation, and set the upper limit to 50 milliseconds and lower limit to 5 milliseconds. Before the NQA operation starts, the initial state of the reaction entry is invalid. After the operation, the average probe duration is checked. If it exceeds the upper limit, the state is set to over-threshold. If it is below the lower limit, the state of the reaction entry is set to below-threshold. Once the state of the reaction entry changes, a trap message is generated and sent to the NMS.
<Sysname> system-view
[Sysname] nqa entry admin test
[Sysname-nqa-admin-test] type icmp-echo
[Sysname-nqa-admin-test-icmp-echo] reaction 1 checked-element probe-duration threshold-type average threshold-value 50 5 action-type trap-only
# Create reaction entry 2 for monitoring the probe duration of ICMP echo operation, and set the upper limit to 50 milliseconds and the lower limit to 5 milliseconds. Before the NQA operation starts, the initial state of the reaction entry is invalid. After the operation, the accumulated probe duration is checked against the threshold range. If the total number of threshold violations reaches or exceeds 10, the state of the entry is set to over-threshold. If it is below the lower threshold, the state of the entry is set to below-threshold. Once the state of the reaction entry changes, a trap message is generated and sent to the NMS.
<Sysname> system-view
[Sysname] nqa entry admin test
[Sysname-nqa-admin-test] type icmp-echo
[Sysname-nqa-admin-test-icmp-echo] reaction 2 checked-element probe-duration threshold-type accumulate 10 threshold-value 50 5 action-type trap-only
# Create reaction entry 3 for monitoring the probe duration time of ICMP echo operation, and set the upper limit to 50 milliseconds and the lower limit to 5 milliseconds. Before the NQA operation starts, the initial state of the reaction entry is invalid. After the operation, the consecutive probe duration is checked against the threshold range. If the total number of consecutive threshold violations reaches or exceeds 10, the state of the entry is set to over-threshold. If it is below the lower threshold, the state of the entry is set to below-threshold. Once the state of the reaction entry changes, a trap message is generated and sent to the NMS.
<Sysname> system-view
[Sysname] nqa entry admin test
[Sysname-nqa-admin-test] type icmp-echo
[Sysname-nqa-admin-test-icmp-echo] reaction 3 checked-element probe-duration threshold-type consecutive 10 threshold-value 50 5 action-type trap-only
reaction checked-element probe-fail (for trap)
Use reaction checked-element probe-fail to configure a reaction entry for monitoring the probe failures of the operation.
Use undo reaction to delete the specified reaction entry.
Syntax
reaction item-number checked-element probe-fail threshold-type { accumulate accumulate-occurrences | consecutive consecutive-occurrences } [ action-type { none | trap-only } ]
undo reaction item-number
Default
No reaction entries for monitoring probe failures exist.
Views
DHCP/DLSw/DNS/FTP/HTTP/SNMP/TCP operation view
ICMP/UDP echo operation view
Predefined user roles
network-admin
Parameters
item-number: Assigns an ID to the reaction entry, in the range of 1 to 10.
threshold-type: Specifies a threshold type.
accumulate accumulate-occurrences: Checks the total number of probe failures. The value range is 1 to 15.
consecutive consecutive-occurrences: Checks the maximum number of consecutive probe failures. The value range is 1 to 16.
action-type: Specifies what action to be triggered. The default action is none.
none: Specifies the action of displaying results on the terminal display.
trap-only: Specifies the action of displaying results on the terminal display and meanwhile sending SNMP trap messages to the NMS. This keyword is not available for the DNS operation.
Usage guidelines
You cannot edit a reaction entry after it is created. To change the attributes in a reaction entry, use the undo reaction command to delete the entry, and then configure a new one.
Examples
# Create reaction entry 1 for monitoring the probe failures in ICMP echo operation. Before the NQA operation starts, the initial state of the reaction entry is invalid. If the total number of probe failures reaches or exceeds 10, the state of the entry is set to over-threshold. If it is below the threshold, the state of the entry is set to below-threshold. Once the state of the reaction entry changes, a trap message is generated and sent to the NMS.
<Sysname> system-view
[Sysname] nqa entry admin test
[Sysname-nqa-admin-test] type icmp-echo
[Sysname-nqa-admin-test-icmp-echo] reaction 1 checked-element probe-fail threshold-type accumulate 10 action-type trap-only
# Create reaction entry 2 for monitoring the probe failures in ICMP echo operation. Before the NQA operation starts, the initial state of the reaction entry is invalid. If the number of consecutive probe failures reaches or exceeds 10, the state of the entry is set to over-threshold. If it is below the threshold, the state of the entry is set to below-threshold. Once the state of the reaction entry changes, a trap message is generated and sent to the NMS.
<Sysname> system-view
[Sysname] nqa entry admin test
[Sysname-nqa-admin-test] type icmp-echo
[Sysname-nqa-admin-test-icmp-echo] reaction 2 checked-element probe-fail threshold-type consecutive 10 action-type trap-only
reaction checked-element probe-fail (for trigger)
Use reaction checked-element probe-fail to configure a reaction entry for monitoring probe failures.
Use undo reaction to remove the specified reaction entry.
Syntax
reaction item-number checked-element probe-fail threshold-type consecutive consecutive-occurrences action-type trigger-only
undo reaction item-number
Default
No reaction entries for monitoring probe failures exist.
Views
DHCP/DLSw/DNS/FTP/HTTP/SNMP/TCP operation view
ICMP/UDP echo operation view
Predefined user roles
network-admin
Parameters
item-number: Assigns an ID to the reaction entry, in the range of 1 to 10.
threshold-type: Specifies a threshold type.
consecutive consecutive-occurrences: Checks the maximum number of consecutive probe failures, in the range of 1 to 16.
action-type: Specifies what action to be triggered.
trigger-only: Triggers other modules to react to certain conditions.
Usage guidelines
You cannot edit a reaction entry after it is created. To change the attributes in a reaction entry, use the undo reaction command to delete the entry, and then configure a new one.
Examples
# Create reaction entry 1. If the number of consecutive probe failures reaches 3, collaboration is triggered.
<Sysname> system-view
[Sysname] nqa entry admin test
[Sysname-nqa-admin-test] type tcp
[Sysname-nqa-admin-test-tcp] reaction 1 checked-element probe-fail threshold-type consecutive 3 action-type trigger-only
Related commands
track (High Availability Command Reference)
reaction checked-element rtt
Use reaction checked-element rtt to configure a reaction entry for monitoring packet round-trip time.
Use undo reaction to delete the specified reaction entry.
Syntax
reaction item-number checked-element rtt threshold-type { accumulate accumulate-occurrences | average } threshold-value upper-threshold lower-threshold [ action-type { none | trap-only } ]
undo reaction item-number
Default
No reaction entries for monitoring packet round-trip time exist.
Views
ICMP jitter operation view
UDP jitter operation view
Voice operation view
Predefined user roles
network-admin
Parameters
item-number: Assigns an ID to the reaction entry, in the range of 1 to 10.
threshold-type: Specifies a threshold type.
accumulate accumulate-occurrences: Checks the total number of threshold violations. Available value ranges include:
· 1 to 15000 for the ICMP jitter and UDP jitter operations.
· 1 to 60000 for the voice operation.
average: Checks the packet average round-trip time.
threshold-value: Specifies threshold range in milliseconds.
upper-threshold: Specifies the upper limit in the range of 0 to 3600000.
lower-threshold: Specifies the lower limit in the range of 0 to 3600000. It must not be greater than the upper limit.
action-type: Specifies what action to be triggered. The default action is none.
none: Specifies the action of displaying results on the terminal display.
trap-only: Specifies the action of displaying results on the terminal display and meanwhile sending SNMP trap messages to the NMS.
Usage guidelines
You cannot edit a reaction entry after it is created. To change the attributes in a reaction entry, use the undo reaction command to delete the entry, and then configure a new one.
Only successful probe packets are monitored. Statistics about failed probe packets are not collected.
Examples
# Create reaction entry 1 for monitoring the average round-trip time of UDP jitter probe packets, and set the upper limit to 50 milliseconds and lower limit to 5 milliseconds. Before the NQA operation starts, the initial state of the reaction entry is invalid. After the operation, the average packet round-trip time is checked. If it exceeds the upper limit, the state is set to over-threshold. If it is below the lower limit, the state is set to below-threshold. Once the reaction entry state changes, a trap message is generated and sent to the NMS.
<Sysname> system-view
[Sysname] nqa entry admin test
[Sysname-nqa-admin-test] type udp-jitter
[Sysname-nqa-admin-test-udp-jitter] reaction 1 checked-element rtt threshold-type average threshold-value 50 5 action-type trap-only
# Create reaction entry 2 for monitoring the round-trip time of UDP jitter probe packets, and set the upper limit to 50 milliseconds and lower limit to 5 milliseconds. Before the NQA operation starts, the initial state of the reaction entry is invalid. After the operation, the packet round-trip time is checked. If the total number of threshold violations reaches or exceeds 100, the state of the entry is set to over-threshold. Otherwise, the state of the entry is set to below-threshold. Once the state of the reaction entry changes, a trap message is generated and sent to the NMS.
<Sysname> system-view
[Sysname] nqa entry admin test
[Sysname-nqa-admin-test] type udp-jitter
[Sysname-nqa-admin-test-udp-jitter] reaction 1 checked-element rtt threshold-type accumulate 100 threshold-value 50 5 action-type trap-only
reaction trap
Use reaction trap to configure the sending of traps to the NMS under specific conditions.
Use undo reaction trap to restore the default.
Syntax
reaction trap { path-change | probe-failure consecutive-probe-failures | test-complete | test-failure [ accumulate-probe-failures ] }
undo reaction trap { path-change | probe-failure | test-complete | test-failure }
Default
No traps are sent to the NMS.
Views
DHCP/DLSw/DNS/FTP/HTTP/SNMP/TCP/voice operation view
ICMP/UDP echo operation view
ICMP/UDP jitter operation view
UDP tracert operation view
Predefined user roles
network-admin
Parameters
path-change: Sends a trap when the UDP tracert operation detects a different path to the destination.
probe-failure consecutive-probe-failures: Sends a trap to the NMS if the number of consecutive probe failures in an operation is greater than or equal to consecutive-probe-failures. The value range for the consecutive-probe-failures argument is 1 to 15. The system counts the number of consecutive probe failures for each operation, so multiple traps might be sent.
test-complete: Sends a trap to indicate that the operation is completed.
test-failure: Sends a trap when an operation fails. For operations other than UDP tracert operation, the system counts the total number of probe failures in an operation. If the number reaches or exceeds the value for the accumulate-probe-failures argument, a trap is sent for the operation failure.
accumulate-probe-failures: Specifies the total number of probe failures in an operation. The value range is 1 to 15. This argument is not supported by the UDP tracert operation.
Usage guidelines
The ICMP jitter, UDP jitter, and voice operations support only the test-complete keyword.
The following parameters are not available for the UDP tracert operation:
· The probe-failure consecutive-probe-failures option.
· The accumulate-probe-failures argument.
Examples
# Configure the system to send a trap if five or more consecutive probe failures occur in an ICMP echo operation.
<Sysname> system-view
[Sysname] nqa entry admin test
[Sysname-nqa-admin-test] type icmp-echo
[Sysname-nqa-admin-test-icmp-echo] reaction trap probe-failure 5
rresolve-target
Use resolve-target to specify the domain name to be resolved in the DNS operation.
Use undo resolve-target to restore the default.
Syntax
resolve-target domain-name
undo resolve-target
Default
The domain name to be resolved in the DNS operation is not specified.
Views
DNS operation view
Predefined user roles
network-admin
Parameters
domain-name: Specifies the domain name to be resolved. It is a dot-separated case-sensitive string of 1 to 255 characters including letters, digits, hyphens (-), and underscores (_) (for example, aabbcc.com). Each part consists of 1 to 63 characters, and consecutive dots (.) are not allowed.
Examples
# Specify domain1 as the domain name to be resolved.
<Sysname> system-view
[Sysname] nqa entry admin test
[Sysname-nqa-admin-test] type dns
[Sysname-nqa-admin-test-dns] resolve-target domain1
route-option bypass-route
Use route-option bypass-route to enable the routing table bypass feature to test the connectivity to the direct destination.
Use undo route-option bypass-route to disable the routing table bypass feature.
Syntax
route-option bypass-route
undo route-option bypass-route
Default
The routing table bypass feature is disabled.
Views
DLSw/DNS/FTP/HTTP/SNMP/TCP/voice operation view
ICMP/UDP echo operation view
ICMP/UDP jitter operation view
UDP tracert operation view
Predefined user roles
network-admin
Usage guidelines
When the routing table bypass feature is enabled, the following events occur:
· The routing table is not searched. Packets are sent to the destination in a directly connected network.
· The TTL value in the probe packet is set to 1. The TTL set in the ttl command does not take effect.
Examples
# Enable the routing table bypass feature.
<Sysname> system-view
[Sysname] nqa entry admin test
[Sysname-nqa-admin-test] type icmp-echo
[Sysname-nqa-admin-test-icmp-echo] route-option bypass-route
source interface
Use source interface to specify the IP address of the specified interface as the source IP address of probe packets.
Use undo source interface to restore the default.
Syntax
source interface interface-type interface-number
undo source interface
Default
The probe packets take the primary IP address of the outgoing interface as their source IP address.
Views
ICMP echo operation view
UDP tracert operation view
Predefined user roles
network-admin
Parameters
interface-type interface-number: Specifies an interface by its type and number.
Usage guidelines
If you execute this command and the source ip or source ipv6 command for an ICMP echo operation multiple times, the most recent configuration takes effect.
If you execute this command and the source ip command for a UDP tracert operation multiple times, the most recent configuration takes effect.
The specified source interface must be up. Otherwise, no probe requests can be sent out.
Examples
# Specify the IP address of interface GigabitEthernet 1/0/1 as the source IP address of ICMP echo request packets.
<Sysname> system-view
[Sysname] nqa entry admin test
[Sysname-nqa-admin-test] type icmp-echo
[Sysname-nqa-admin-test-icmp-echo] source interface gigabitethernet 1/0/1
Related commands
source ip
source ip
Use source ip to configure the source IPv4 address for probe packets.
Use undo source ip to restore the default.
Syntax
source ip ip-address
undo source ip
Default
The probe packets takes the primary IP address of their output interface as the source IP address.
Views
DHCP/DLSw/FTP/HTTP/SNMP/TCP/voice operation view
ICMP/UDP echo operation view
ICMP/path/UDP jitter operation view
UDP tracert operation view
Predefined user roles
network-admin
Parameters
ip-address: Specifies the source IPv4 address for probe packets.
Usage guidelines
If you execute the source interface and source ip commands for an ICMP echo or UDP tracert operation multiple times, the most recent configuration takes effect.
The specified source IPv4 address must be the IPv4 address of a local interface, and the local interface must be up. Otherwise, no probe packets can be sent out.
Examples
# Specify 10.1.1.1 as the source IPv4 address for ICMP echo requests.
<Sysname> system-view
[Sysname] nqa entry admin test
[Sysname-nqa-admin-test] type icmp-echo
[Sysname-nqa-admin-test-icmp-echo] source ip 10.1.1.1
Related commands
source interface
source ipv6
Use source ipv6 to configure the source IPv6 address for probe packets.
Use undo source ipv6 to restore the default.
Syntax
source ipv6 ipv6-address
undo source ipv6
Default
The probe packets takes the IPv6 address of their output interface as the source IPv6 address.
Views
ICMP echo operation view
Predefined user roles
network-admin
Parameters
ipv6-address: Specifies the source IPv6 address for probe packets. IPv6 link-local addresses are not supported.
Usage guidelines
If you execute the source interface and source ipv6 commands for an ICMP echo operation multiple times, the most recent configuration takes effect.
The specified source IPv6 address must be the IPv6 address of a local interface. The local interface must be up. Otherwise, no probe packets can be sent out.
Examples
# In ICMP echo operation view, specify 1::1 as the source IPv6 address for ICMP echo requests.
[Sysname] nqa entry admin test
[Sysname-nqa-admin-test] type icmp-echo
[Sysname-nqa-admin-test-icmp-echo] source ipv6 1::1
Related commands
source interface
source port
Use source port to configure the source port number for probe packets.
Use undo source port to restore the default.
Syntax
source port port-number
undo source port
Default
The source port number is not specified.
Views
SNMP/voice operation view
UDP echo operation view
UDP jitter operation view
UDP tracert operation view
Predefined user roles
network-admin
Parameters
port-number: Specifies the source port number in the range of 1 to 65535.
Examples
# Set the source port number to 8000 for probe packets in the UDP echo operation.
<Sysname> system-view
[Sysname] nqa entry admin test
[Sysname-nqa-admin-test] type udp-echo
[Sysname-nqa-admin-test-udp-echo] source port 8000
statistics hold-time
Use statistics hold-time to set the hold time of statistics groups for an NQA operation.
Use undo statistics hold-time to restore the default.
Syntax
statistics hold-time hold-time
undo statistics hold-time
Default
The hold time of statistics groups for an NQA operation is 120 minutes.
Views
DHCP/DLSw/DNS/FTP/HTTP/SNMP/TCP/voice operation view
ICMP/UDP echo operation view
ICMP/path/UDP jitter operation view
Predefined user roles
network-admin
Parameters
hold-time: Specifies the hold time in minutes, in the range of 1 to 1440.
Usage guidelines
A statistics group is deleted when its hold time expires.
Examples
# Set the hold time to 3 minutes for statistics groups of the ICMP echo operation.
<Sysname> system-view
[Sysname] nqa entry admin test
[Sysname-nqa-admin-test] type icmp-echo
[Sysname-nqa-admin-test-icmp-echo] statistics hold-time 3
statistics interval
Use statistics interval to set the statistics collection interval for an NQA operation.
Use undo statistics interval to restore the default.
Syntax
statistics interval interval
undo statistics interval
Default
The statistics collection interval is 60 minutes.
Views
DHCP/DLSw/DNS/FTP/HTTP/SNMP/TCP/voice operation view
ICMP/UDP echo operation view
ICMP/path/UDP jitter operation view
Predefined user roles
network-admin
Parameters
interval: Specifies the interval in minutes, in the range of 1 to 35791394.
Usage guidelines
NQA forms statistics within the same collection interval as a statistics group. To display information about the statistics groups, use the display nqa statistics command.
Examples
# Configure NQA to collect the ICMP echo operation statistics every 2 minutes.
<Sysname> system-view
[Sysname] nqa entry admin test
[Sysname-nqa-admin-test] type icmp-echo
[Sysname-nqa-admin-test-icmp-echo] statistics interval 2
statistics max-group
Use statistics max-group to set the maximum number of statistics groups that can be saved.
Use undo statistics max-group to restore the default.
Syntax
statistics max-group number
undo statistics max-group
Default
A maximum of two statistics groups can be saved.
Views
DHCP/DLSw/DNS/FTP/HTTP/SNMP/TCP/voice operation view
ICMP/UDP echo operation view
ICMP/path/UDP jitter operation view
Predefined user roles
network-admin
Parameters
number: Specifies the maximum number of statistics groups, in the range of 0 to 100. To disable statistics collection, set the value to 0.
Usage guidelines
When the maximum number of statistics groups is reached and a new statistics group is to be saved, the earliest statistics group is deleted.
Examples
# Configure NQA to save a maximum of five statistics groups for the ICMP echo operation.
<Sysname> system-view
[Sysname] nqa entry admin test
[Sysname-nqa-admin-test] type icmp-echo
[Sysname-nqa-admin-test-icmp-echo] statistics max-group 5
target-only
Use target-only to perform the path jitter operation only on the destination address.
Use undo target-only to restore the default.
Syntax
target-only
undo target-only
Default
NQA performs the path jitter operation to the destination hop by hop.
Views
Path jitter operation view
Predefined user roles
network-admin
Examples
# Perform the path jitter operation only on the destination address.
<Sysname> system-view
[Sysname] nqa entry admin test
[Sysname-nqa-admin-test] type path-jitter
[Sysname-nqa-admin-test-path-jitter] target-only
tos
Use tos to set the ToS value in the IP header for probe packets.
Use undo tos to restore the default.
Syntax
tos value
undo tos
Default
The ToS value in the IP header of probe packets is 0.
Views
Any operation view
Predefined user roles
network-admin
Parameters
value: Specifies the ToS value in the range of 0 to 255.
Examples
# In ICMP echo operation view, set the ToS value to 1 in the IP header for probe packets.
<Sysname> system-view
[Sysname] nqa entry admin test
[Sysname-nqa-admin-test] type icmp-echo
[Sysname-nqa-admin-test-icmp-echo] tos 1
ttl
Use ttl to set the maximum number of hops that the probe packets can traverse.
Use undo ttl to restore the default.
Syntax
ttl value
undo ttl
Default
The maximum number of hops is 30 for probe packets of the UDP tracert operation, and is 20 for probe packets of other types of operations.
Views
DLSw/DNS/FTP/HTTP/SNMP/TCP/voice operation view
ICMP/UDP echo operation view
ICMP/UDP jitter operation view
UDP tracert operation view
Predefined user roles
network-admin
Parameters
value: Specifies the maximum number of hops that the probe packets can traverse, in the range of 1 to 255.
Usage guidelines
The route-option bypass-route command sets the TTL to 1 for probe packets. If you configure both the route-option bypass-route and ttl commands for an operation, the ttl command does not take effect.
For a successful UDP tracert operation, make sure the maximum number of hops is not smaller than the value set in the init-ttl command.
Examples
# Set the maximum number of hops to 16 for probe packets in the ICMP echo operation.
<Sysname> system-view
[Sysname] nqa entry admin test
[Sysname-nqa-admin-test] type icmp-echo
[Sysname-nqa-admin-test-icmp-echo] ttl 16
type
Use type to specify an NQA operation type and enter its view.
Syntax
type { dhcp | dlsw | dns | ftp | http | icmp-echo | icmp-jitter | path-jitter | snmp | tcp | udp-echo | udp-jitter | udp-tracert | voice }
Default
No operation type is specified.
Views
NQA operation view
Predefined user roles
network-admin
Parameters
dhcp: Specifies the DHCP operation type.
dlsw: Specifies the DLSw operation type.
dns: Specifies the DNS operation type.
ftp: Specifies the FTP operation type.
http: Specifies the HTTP operation type.
icmp-echo: Specifies the ICMP echo operation type.
icmp-jitter: Specifies the ICMP jitter operation type.
path-jitter: Specifies the path jitter operation type.
snmp: Specifies the SNMP operation type.
tcp: Specifies the TCP operation type.
udp-echo: Specifies the UDP echo operation type.
udp-jitter: Specifies the UDP jitter operation type.
udp-tracert: Specifies the UDP tracert operation type.
voice: Specifies the voice operation type.
Usage guidelines
You can specify only one type for an NQA operation. After that, you can configure the operation type-related settings for the NQA operation. To change the type of the NQA operation, remove the NQA operation in system view, and then re-create the NQA operation.
Examples
# Specify FTP as the NQA operation type and enter FTP operation view.
<Sysname> system-view
[Sysname] nqa entry admin test
[Sysname-nqa-admin-test] type ftp
[Sysname-nqa-admin-test-ftp]
url
Use url to specify the URL of the destination.
Use undo url to restore the default.
Syntax
url url
undo url
Default
The destination URL is not specified.
Views
FTP operation view
HTTP operation view
Predefined user roles
network-admin
Parameters
url: Specifies the URL of the destination server, a case-sensitive string of 1 to 255 characters. The following table describes the URL format and parameters for different operations.
Operation |
URL format |
Parameter description |
HTTP operation |
http://host/resource http://host:port/resource |
The host parameter represents the host name of the destination server. The host name is a dot-separated case-sensitive string including letters, digits, hyphens (-), and underscores (_). Host names are composed of series of labels, aabbcc.com for example. Each label consists of 1 to 63 characters. Consecutive dots (.) and question marks are not allowed. For description about the filename parameter, see Fundamentals Configuration Guide. |
FTP operation |
ftp://host/filename ftp://host:port/filename |
Examples
# Configure the URL that the HTTP operation visits as http://www.company.com/index.htm.
<Sysname> system-view
[Sysname] nqa entry admin test
[Sysname-nqa-admin-test] type http
[Sysname-nqa-admin-test-http] url http://www.company.com/index.html
username
Use username to specify a username.
Use undo username to restore the default.
Syntax
username username
undo username
Default
No username is configured.
Views
FTP operation view
HTTP operation view
Predefined user roles
network-admin
Parameters
username: Specifies the username, a case-sensitive string of 1 to 32 characters.
Examples
# Set the FTP login username to administrator.
<Sysname> system-view
[Sysname] nqa entry admin test
[Sysname-nqa-admin-test] type ftp
[Sysname-nqa-admin-test-ftp] username administrator
Related commands
operation
password
version
Use version to specify the version used in the HTTP operation.
Use undo version to restore the default.
Syntax
version { v1.0 | v1.1 }
undo version
Default
Version 1.0 is used in the HTTP operation.
Views
HTTP operation view
Predefined user roles
network-admin
Parameters
v1.0: Uses version 1.0.
v1.1: Uses version 1.1.
Examples
# Configure the HTTP operation to use HTTP version 1.1.
<Sysname> system-view
[Sysname] nqa entry admin test
[Sysname-nqa-admin-test] type http
[Sysname-nqa-admin-test-http] version v1.1
vpn-instance
Use vpn-instance to apply the operation to a VPN instance.
Use undo vpn-instance to restore the default.
Syntax
vpn-instance vpn-instance-name
undo vpn-instance
Default
The operation applies to the public network.
Views
DHCP/DLSw/DNS/FTP/HTTP/SNMP/TCP/voice operation view
ICMP/UDP echo operation view
ICMP/path/UDP jitter operation view
UDP tracert operation view
Predefined user roles
network-admin
Parameters
vpn-instance-name: Specifies a VPN instance by its name, a case-sensitive string of 1 to 31 characters.
Usage guidelines
After you specify the VPN, the NQA operation tests the connectivity in the specified VPN instance.
Examples
# Apply the ICMP echo operation to vpn1.
<Sysname> system-view
[Sysname] nqa entry admin test
[Sysname-nqa-admin-test] type icmp-echo
[Sysname-nqa-admin-test-icmp-echo] vpn-instance vpn1
NQA server commands
display nqa server
Use display nqa server status to display NQA server status.
Syntax
display nqa server
Views
Any view
Predefined user roles
network-admin
network-operator
Examples
# Display NQA server status.
<Sysname> display nqa server
NQA server status: Enabled
TCP connect:
IP Address Port ToS VPN instance
2.2.2.2 2000 200 -
UDP echo:
IP Address Port ToS VPN instance
3.3.3.3 3000 255 vpn1
Table 12 Command output
Field |
Description |
Whether the NQA server is enabled. |
|
TCP-connect |
Information about the TCP listening service on the NQA server. |
UDP-echo |
Information about the UDP listening service on the NQA server. |
IP Address |
IP address specified for the TCP/UDP listening service on the NQA server. |
Port |
Port number specified for the TCP/UDP listening service on the NQA server. |
ToS value in reply packets sent by the NQA server. |
|
VPN instance |
Name of the VPN instance to which the IP address that the NQA server listens on belongs. This field displays a hyphen (-) if the NQA server listens on a public IP address. |
nqa server enable
nqa server enable
Use nqa server enable to enable the NQA server.
Use undo nqa server enable to disable the NQA server.
Syntax
nqa server enable
undo nqa server enable
Default
The NQA server is disabled.
Views
System view
Predefined user roles
network-admin
Examples
# Enable the NQA server.
<Sysname> system-view
[Sysname] nqa server enable
Related commands
display nqa server
nqa server tcp-connect
nqa server udp-echo
nqa server tcp-connect
Use nqa server tcp-connect to configure a TCP listening service to enable the NQA server to listen to a port on the specified IP address.
Use undo nqa server tcp-connect to remove a TCP listening service.
Syntax
nqa server tcp-connect ip-address port-number [ vpn-instance vpn-instance-name ] [ tos tos ]
undo nqa server tcp-connect ip-address port-number
Default
No TCP listening services exist.
Views
System view
Predefined user roles
network-admin
Parameters
ip-address: Specifies the IP address for the TCP listening service.
port-number: Specifies the port number for the TCP listening service, in the range of 1 to 65535.
vpn-instance vpn-instance-name: Specifies a VPN instance by its name, a case-sensitive string of 1 to 31 characters. If you do not specify this option, the NQA server listens on the public IP address.
tos tos: Specifies the ToS value in the IP header for reply packets. The value range is 0 to 255, and the default value is 0.
Usage guidelines
Use this command on the NQA server only for the TCP operation.
When you configure the IP address and port number for a TCP listening service on the NQA server, follow these restrictions and guidelines:
· The IP address and port number must be unique on the NQA server and match the configuration on the NQA client.
· The IP address must be the address of an interface on the NQA server.
· To ensure successful NQA operations and avoid affecting existing services, do not configure the TCP listening service on well-known ports from 1 to 1023.
Examples
# Configure a TCP listening service to enable the NQA server to listen to port 9000 on the IP address 169.254.10.2.
<Sysname> system-view
[Sysname] nqa server tcp-connect 169.254.10.2 9000
Related commands
display nqa server
nqa server enable
nqa server udp-echo
Use nqa server udp-echo to configure a UDP listening service to enable the NQA server to listen to a port on the specified IP address.
Use undo nqa server udp-echo to remove the UDP listening service created.
Syntax
nqa server udp-echo ip-address port-number [ vpn-instance vpn-instance-name ] [ tos tos ]
undo nqa server udp-echo ip-address port-number
Default
No UDP listening services exist.
Views
System view
Predefined user roles
network-admin
Parameters
ip-address: Specifies the IP address for the UDP listening service.
port-number: Specifies the port number for the UDP listening service, in the range of 1 to 65535.
vpn-instance vpn-instance-name: Specifies a VPN instance by its name, a case-sensitive string of 1 to 31 characters. If you do not specify this option, the NQA server listens on a public IP address.
tos tos: Specifies the ToS value in the IP header for reply packets. The value range for this argument is 0 to 255, and the default value is 0.
Usage guidelines
Use this command on the NQA server only for the UDP jitter, UDP echo, and voice operations.
When you configure the IP address and port number for a UDP listening service on the NQA server, follow these restrictions and guidelines:
· The IP address and port number must be unique on the NQA server and match the configuration on the NQA client.
· The IP address must be the address of an interface on the NQA server.
· To ensure successful NQA operations and avoid affecting existing services, do not configure the UDP listening service on well-known ports from 1 to 1023.
Examples
# Configure a UDP listening service to enable the NQA server to listen to port 9000 on the IP address 169.254.10.2.
<Sysname> system-view
[Sysname] nqa server udp-echo 169.254.10.2 9000
Related commands
display nqa server
nqa server enable
NTP commands
NTP is supported only on the following Layer 3 interfaces:
· Layer 3 Ethernet interfaces.
· Layer 3 aggregate interfaces.
· Layer 3 aggregate subinterfaces.
· VLAN interfaces.
· Tunnel interfaces.
display ntp-service ipv6 sessions
Use display ntp-service ipv6 sessions to display information about all IPv6 NTP associations.
Syntax
display ntp-service ipv6 sessions [ verbose ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
verbose: Displays detailed information about all IPv6 NTP associations. If you do not specify this keyword, the command displays only brief information about the IPv6 NTP associations.
Examples
# Display brief information about all IPv6 NTP associations.
<Sysname>display ntp-service ipv6 sessions
Notes: 1 source(master), 2 source(peer), 3 selected, 4 candidate, 5 configured.
Source: [125]3000::32
Reference: 127.127.1.0 Clock stratum: 2
Reachabilities: 1 Poll interval: 64
Last receive time: 6 Offset: -0.0
Roundtrip delay: 0.0 Dispersion: 0.0
Total sessions : 1
Table 13 Command output
Field |
Description |
[12345] |
· 1—Clock source selected by the system (the current reference source). · 2—The stratum level of the clock source is less than or equal to 15. · 3—The clock source has survived the clock selection algorithm. · 4—The clock source is a candidate clock source. · 5—The clock source was created by a command. |
Source |
IPv6 address of the NTP server. If this field displays::, the IPv6 address of the NTP server has not been resolved successfully. |
Reference |
Reference clock ID of the NTP server: · If the reference clock is the local clock, the value of this field is related to the value of the Clock stratum field: ¡ When the value of the Clock stratum field is 0 or 1, this field displays LOCL. ¡ When the Clock stratum field has another value, this field displays the MD5 digest value of the first 32 bits of the IPv6 address. The MD5 digest value is in dotted decimal format. · If the reference clock is the clock of another device on the network, this field displays the MD5 digest value of the first 32 bits of the IPv6 address. The MD5 digest value is in dotted decimal format. If this field displays INIT, the local device has not established a connection with the NTP server. |
Clock stratum |
Stratum level of the NTP server, which determines the clock accuracy. The value is in the range of 1 to 16. A lower stratum level represents higher clock accuracy. A stratum 16 clock is not synchronized and cannot be used as a reference clock. |
Reachabilities |
Reachability count of the NTP server. 0 indicates that the NTP server is unreachable. |
Poll interval |
Polling interval in seconds. It is the maximum interval between successive NTP messages. |
Last receive time |
Length of time from when the last NTP message was received or when the local clock was last updated to the current time. Time is in seconds by default. · If the time length is greater than 2048 seconds, it is displayed in minutes(m). · If the time length is greater than 300 minutes, it is displayed in hours (h). · If the time length is greater than 96 hours, it is displayed in days (d). · If the time length is greater than 999 days, it is displayed in years (y). If the time when the most recent NTP message was received or when the local clock was updated most recently is behind the current time, this field displays a hyphen (-). |
Offset |
Offset of the system clock relative to the reference clock, in milliseconds. |
Roundtrip delay |
Roundtrip delay from the local device to the clock source, in milliseconds. |
Dispersion |
Maximum error of the system clock relative to the reference source. |
Total sessions |
Total number of associations. |
# Display detailed information about all IPv6 NTP associations.
<Sysname>display ntp-service ipv6 sessions verbose
Clock source: 1::1
Session ID: 36144
Clock stratum: 16
Clock status: configured, insane, valid, unsynced
Reference clock ID: INIT
VPN instance: Not specified
Local mode: sym_active, local poll interval: 6
Peer mode: unspec, peer poll interval: 10
Offset: 0.0000ms, roundtrip delay: 0.0000ms, dispersion: 15937ms
Root roundtrip delay: 0.0000ms, root dispersion: 0.0000ms
Reachabilities:0, sync distance: 15.938
Precision: 2^10, version: 4, source interface: Not specified
Reftime: 00000000.00000000 Thu, Feb 7 2036 6:28:16.000
Orgtime: d17cbb21.0f318106 Tue, May 17 2011 9:15:13.059
Rcvtime: 00000000.00000000 Thu, Feb 7 2036 6:28:16.000
Xmttime: 00000000.00000000 Thu, Feb 7 2036 6:28:16.000
Roundtrip delay samples: 0.000 0.000 0.000 0.000 0.000 0.000 0.000 0.000
Offset samples: 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00
Filter order: 0 1 2 3 4 5 6 7
Total sessions: 1
Table 14 Command output
Field |
Description |
Clock source |
IPv6 address of the clock source. If this field displays::, the IPv6 address of the NTP server has not been resolved successfully. |
Clock stratum |
Stratum level of the NTP server, which determines the clock precision. The value is in the range of 1 to 16. A lower stratum level represents higher clock accuracy. A stratum 16 clock is not synchronized and cannot be used as a reference clock. |
Clock status |
Status of the clock source corresponding to this association: · configured—The association was created at the CLI. · dynamic—The association is established dynamically. · master—The clock source is the primary time server of the current system. · selected—The clock source has survived the clock selection algorithm. · candidate—The clock source is the candidate reference source. · sane—The clock source has passed authentication and will be used as the reference source. · insane—The clock source has not passed authentication, or it has passed authentication but will not be used as the reference source. · valid—The clock source is valid, which means the clock source meets the following requirements: ¡ It has been authenticated and synchronized. ¡ Its stratum level is valid. ¡ Its root delay and root dispersion values are within their ranges. · invalid—The clock source is invalid. · unsynced—The clock source has not been synchronized or the value of the stratum level is invalid. |
Reference clock ID |
· If the reference clock is the local clock, the value of this field is related to the value of the Clock stratum field: ¡ When the value of the Clock stratum field is 0 or 1, this field displays LOCL. ¡ When the Clock stratum field has another value, this field displays the MD5 digest value of the first 32 bits of the IPv6 address. The MD5 digest value is in dotted decimal format. · If the reference clock is the clock of another device on the network, this field displays the MD5 digest value of the first 32 bits of the IPv6 address. The MD5 digest value is in dotted decimal format. If this field displays INIT, the local device has not established a connection with the NTP server. |
VPN instance |
VPN instance of the NTP server. If the NTP server is in a public network, this field displays Not specified. |
Local mode |
Operation mode of the local device: · unspec—The mode is unspecified. · sym_active—Active mode. · sym_passive—Passive mode. · client—Client mode. · server—Server mode. · broadcast—Broadcast or multicast server mode. · bclient—Broadcast or multicast client mode. |
local poll interval |
Polling interval for the local device, in seconds. The value displayed is a power of 2. For example, if the displayed value is 6, the poll interval of the local device is 26, or 64 seconds. |
peer mode |
Operation mode of the peer device: · unspec—The mode is unspecified. · sym_active—Active mode. · sym_passive—Passive mode. · client—Client mode. · server—Server mode. · broadcast—Broadcast or multicast server mode. · bclient—Broadcast or multicast client mode. |
peer poll interval |
Polling interval for the peer device, in seconds. The value displayed is a power of 2. For example, if the displayed value is 6, the polling interval of the local device is 26, or 64 seconds. |
Offset |
Offset of the system clock relative to the reference clock, in milliseconds. |
roundtrip delay |
Roundtrip delay from the local device to the clock source, in milliseconds. |
dispersion |
Maximum error of the system clock relative to the reference clock. |
Root roundtrip delay |
Roundtrip delay from the local device to the primary time server, in milliseconds. |
root dispersion |
Maximum error of the system clock relative to the primary reference clock, in milliseconds. |
Reachabilities |
Reachability count of the clock source. 0 indicates that the clock source is unreachable. |
sync distance |
Synchronization distance relative to the upper-level clock, in seconds, and calculated from dispersion and roundtrip delay values. |
Precision |
Accuracy of the system clock. |
version |
NTP version in the range of 1 to 4. |
source interface |
Source interface. If the source interface is not specified, this field displays Not specified. |
Reftime |
Reference timestamp in the NTP message. |
Orgtime |
Originate timestamp in the NTP message. |
Rcvtime |
Receive timestamp in the NTP message. |
Xmttime |
Transmit timestamp in the NTP message. |
Filter order |
Dispersion information. |
Reference clock status |
Status of the local clock. The field is displayed only when you use the ntp-service refclock-master command to set the local clock as a reference clock. When the reach field of the local clock is 255, the field is displayed as working normally. Otherwise, the field is displayed as working abnormally. |
Total sessions |
Total number of associations. |
display ntp-service sessions
Use display ntp-service sessions to display information about all IPv4 NTP associations.
Syntax
display ntp-service sessions [verbose]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
verbose: Displays detailed information about all IPv4 NTP associations. If you do not specify this keyword, the command displays only brief information about the NTP associations.
Usage guidelines
When a device is operating in NTP broadcast or multicast server mode, the display ntp-service sessions command does not display the IPv4 NTP association information corresponding to the broadcast or multicast server. However, the associations are counted in the total number of associations.
Examples
# Display brief information about all IPv4 NTP associations.
<Sysname>display ntp-service sessions
source reference stra reach poll now offset delay disper
********************************************************************************
[12345]LOCAL(0) LOCL 0 1 64 - 0.0000 0.0000 7937.9
[5]0.0.0.0 INIT 16 0 64 - 0.0000 0.0000 0.0000
Notes: 1 source(master), 2 source(peer), 3 selected, 4 candidate, 5 configured.
Total sessions: 1
Table 15 Command output
Field |
Description |
source |
· When the reference clock is the local clock, the field displays LOCAL (number). It indicates that the IP address of the local clock is 127.127.1.number, where number represents the NTP process number in the range of 0 to 3. · When the reference clock is the clock of another device, the field displays the IP address of the NTP server. If this field displays 0.0.0.0, the IP address of the NTP server has not been resolved successfully. |
reference |
Reference clock ID of the NTP server: · If the reference clock is the local clock, the value of this field is related to the value of the stra field: ¡ When the value of the stra field is 0 or 1, this field displays LOCL. ¡ When the stra field has another value, this field displays the IP address of the local clock. · If the reference clock is the clock of another device on the network, this field displays the IP address of the device. If the device supports IPv6, this field displays the MD5 digest of the first 32 bits of the IPv6 address of the device. If this field displays INIT, the local device has not established a connection with the NTP server. |
stra |
Stratum level of the clock source, which determines the clock accuracy. The value is in the range of 1 to 16. The clock accuracy decreases from stratum 1 to stratum 16. A stratum 1 clock has the highest precision, and a stratum 16 clock is not synchronized and cannot be used as a reference clock. |
reach |
Reachability count of the clock source. 0 indicates that the clock source is unreachable. |
poll |
Polling interval in seconds. It is the maximum interval between successive NTP messages. |
now |
Length of time from when the last NTP message was received or when the local clock was last updated to the current time. Time is in seconds by default. · If the time length is greater than 2048 seconds, it is displayed in minutes (m). · If the time length is greater than 300 minutes, it is displayed in hours (h). · If the time length is greater than 96 hours, it is displayed in days (d). · If the time length is greater than 999 days, it is displayed in years (y). If the time when the most recent NTP message was received or when the local clock was updated most recently is behind the current time, this field displays a hyphen (-). |
offset |
Offset of the system clock relative to the reference clock, in milliseconds. |
delay |
Roundtrip delay from the local device to the NTP server, in milliseconds. |
disper |
Maximum error of the system clock relative to the reference source, in milliseconds. |
[12345] |
· 1—Clock source selected by the system(the current reference source). · 2—The stratum level of the clock source is less than or equal to 15. · 3—The clock source has survived the clock selection algorithm. · 4—The clock source is a candidate clock source. · 5—The clock source was created by a configuration command. |
Total sessions |
Total number of associations. |
# Display detailed information about all IPv4 NTP associations.
<Sysname>display ntp-service sessions verbose
Clock source: 192.168.1.40
Session ID: 35888
Clock stratum: 2
Clock status: configured, master, sane, valid
Reference clock ID: 127.127.1.0
VPN instance: Not specified
Local mode: client, local poll interval: 6
Peer mode: server, peer poll interval: 6
Offset: 0.2862ms, roundtrip delay: 3.2653ms, dispersion: 4.5166ms
Root roundtrip delay: 0.0000ms, root dispersion: 10.910ms
Reachabilities:31, sync distance: 0.0194
Precision: 2^18, version: 3, source interface: Not specified
Reftime: d17cbba5.1473de1e Tue, May 17 2011 9:17:25.079
Orgtime: 00000000.00000000 Thu, Feb 7 2036 6:28:16.000
Rcvtime: d17cbbc0.b1959a30 Tue, May 17 2011 9:17:52.693
Xmttime: d17cbbc0.b1959a30 Tue, May 17 2011 9:17:52.693
Roundtrip delay samples: 0.007 0.010 0.006 0.011 0.010 0.005 0.007 0.003
Offset samples: 5629.55 3913.76 5247.27 6526.92 31.99 148.72 38.27 0.29
Filter order: 7 5 2 6 0 4 1 3
Total sessions: 1
Table 16 Command output
Field |
Description |
Clock source |
IP address of the NTP server. If this field displays 0.0.0.0, the IP address of the NTP server has not been resolved successfully. |
Clock stratum |
Stratum level of the NTP server, which determines the clock accuracy. The value is in the range of 1 to 16. A lower stratum level represents greater clock accuracy. A stratum 16 clock is not synchronized and cannot be used as a reference clock. |
Clock status |
Status of the clock source corresponding to this association: · configured—The association was created by a configuration command. · dynamic—The association is established dynamically. · master—The clock source is the primary time server of the current system. · selected—The clock source has survived the clock selection algorithm. · candidate—The clock source is the candidate reference source. · sane—The clock source has passed authentication and will be used as the reference source. · insane—The clock source has not passed authentication, or has passed authentication but will not be used as the reference source. · valid—The clock source is valid, which means the clock source meets the following requirements: ¡ It has been authenticated and synchronized. ¡ Its stratum level is valid. ¡ Its root delay and root dispersion values are within their ranges. · invalid—The clock source is invalid. · unsynced—The clock source has not been synchronized or the value of the stratum level is invalid. |
Reference clock ID |
Reference clock ID of the NTP server: · If the reference clock is the local clock, the value of this field is related to the value of the Clock stratum field: ¡ When the value of the Clock stratum field is 0 or 1, this field displays LOCL. ¡ When the Clock stratum field has another value, this field displays the IP address of the local clock. · If the reference clock is the clock of another device on the network, this field displays the IP address of the device. If the device supports IPv6, this field displays the MD5 digest of the first 32 bits of the IPv6 address of the device. If this field displays INIT, the local device has not established a connection with the NTP server. |
VPN instance |
VPN instance to which the NTP server belongs. If the NTP server is in a public network, the field displays Not specified. |
Local mode |
Operation mode of the local device: · unspec—The mode is unspecified. · active—Active mode. · passive—Passive mode. · client—Client mode. · server—Server mode. · broadcast—Broadcast or multicast server mode. · bclient—Broadcast or multicast client mode. |
local poll interval |
Polling interval of the local device, in seconds. The value displayed is a power of 2. For example, if the displayed value is 6, the poll interval of the local device is 26, or 64 seconds. |
Peer mode |
Operation mode of the peer device: · unspec—The mode is unspecified. · active—Active mode. · passive—Passive mode. · client—Client mode. · server—Server mode. · broadcast—Broadcast or multicast server mode. · bclient—Broadcast or multicast client mode. |
peer poll interval |
Polling interval of the peer device, in seconds. The value displayed is a power of 2. For example, if the displayed value is 6, the poll interval of the local device is 26, or 64 seconds. |
Offset |
Offset of the system clock relative to the reference clock, in milliseconds. |
Roundtrip delay |
Roundtrip delay from the local device to the NTP server, in milliseconds. |
dispersion |
Maximum error of the system clock relative to the reference clock. |
Root roundtrip delay |
Roundtrip delay from the local device to the primary timer server, in milliseconds. |
root dispersion |
Maximum error of the system clock relative to the primary reference clock, in milliseconds. |
Reachabilities |
Reachability count of the clock source. 0 indicates that the clock source is unreachable. |
sync distance |
Synchronization distance relative to the upper-level clock, in seconds, and calculated from dispersion and roundtrip delay values. |
Precision |
Accuracy of the system clock. |
version |
NTP version in the range of 1 to 4. |
source interface |
Source interface. If the source interface is not specified, this field is Not specified. |
Reftime |
Reference timestamp in the NTP message. |
Orgtime |
Originate timestamp in the NTP message. |
Rcvtime |
Receive timestamp in the NTP message. |
Xmttime |
Transmit timestamp in the NTP message. |
Filter order |
Sample information order. |
Reference clock status |
Status of the local clock. The field is displayed only when you use the ntp-service refclock-master command to set the local clock as a reference clock. When the reach field of the local clock is 255, the field is displayed as working normally. Otherwise, the field is displayed as working abnormally. |
Total sessions |
Total number of associations. |
display ntp-service status
Use display ntp-service status to display NTP service status.
Syntax
display ntp-service status
Views
Any view
Predefined user roles
network-admin
network-operator
Examples
# Display NTP service status after time synchronization.
<Sysname>display ntp-service status
Clock status: synchronized
Clock stratum: 2
System peer: LOCAL(0)
Local mode: client
Reference clock ID: 127.127.1.0
Leap indicator: 00
Clock jitter: 0.000977 s
Stability: 0.000 pps
Clock precision: 2^-10
Root delay: 0.00000 ms
Root dispersion: 3.96367 ms
Reference time: d0c5fc32.92c70b1e Wed, Dec 29 2010 18:28:02.573
# Display the NTP service status when time is not synchronized.
<Sysname>display ntp-service status
Clock status: unsynchronized
Clock stratum: 16
Reference clock ID: none
Clock jitter: 0.000000 s
Stability: 0.000 pps
Clock precision: 2^-10
Root delay: 0.00000 ms
Root dispersion: 0.00002 ms
Reference time: d0c5fc32.92c70b1e Wed, Dec 29 2010 18:28:02.573
Table 17 Command output
Field |
Description |
Clock status |
Status of the system clock: · synchronized—The system clock has been synchronized. · unsynchronized—The system clock has not been synchronized. |
Clock stratum |
Stratum level of the system clock. |
System peer |
IP address of the selected NTP server. |
Local mode |
Operation mode of the local device: · unspec—The mode is unspecified. · active—Active mode. · passive—Passive mode. · client—Client mode. · server—Server mode. · broadcast—Broadcast or multicast server mode. · bclient—Broadcast or multicast client mode. |
Reference clock ID |
For an IPv4 NTP server: The field represents the IP address of the remote server when the local device is synchronized to a remote NTP server. The field represents the local clock when the local device uses the local clock as the reference source. · When the local clock has a stratum level of 1, this field displays LOCL. · When the local clock has any other stratum, this field displays the IP address of the local clock. For an IPv6 NTP server: The field represents the MD5 digest of the first 32 bits of the IPv6 address of the remote server when the local device is synchronized to a remote IPv6 NTP server. The field represents the local clock when the local device uses the local clock as a reference source. · When the local clock has a stratum level of 1, this field displays LOCL. · When the local clock has any other stratum, this field displays the MD5 digest of the first 32 bits of the IPv6 address of the local clock. |
Leap indicator |
Alarming status: · 00—Normal. · 01—Leap second, indicates that the last minute in a day has 61 seconds. · 10—Leap second, indicates that the last minute in a day has 59 seconds. · 11—Time is not synchronized. |
Clock jitter |
Difference between the system clock and reference clock, in seconds. |
Stability |
Clock frequency stability. A lower value represents better stability. |
Clock precision |
Accuracy of the system clock. |
Root delay |
Roundtrip delay from the local device to the primary time server, in milliseconds. |
Root dispersion |
Maximum error of the system clock relative to the primary time server, in milliseconds. |
Reference time |
Reference timestamp. |
display ntp-service trace
Use display ntp-service trace to display brief information about each NTP server from the local device back to the primary time server.
Syntax
display ntp-service trace [ source interface-type interface-number ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
source interface-type interface-number: Specifies the source interface for sending NTP packets to trace each NTP server from the local device back to the primary time server. The source IP address of the NTP packets is the IPv4 address/IPv6 address of the specified source interface. If the IP address of an NTP server is a link-local address, the link-local address of the outgoing interface of NTP packets is used as the source IP address of the NTP packets. If you do not specify this option, the interface that sends the tracing NTP packets acts as the source interface.
Usage guidelines
To trace back to the primary time server from the source interface, make sure the source interface and the NTP servers from the local device to the primacy time server are reachable to each other.
Examples
#Display brief information about each NTP server from the local device back to the primary time server.
<Sysname>display ntp-service trace
Server 127.0.0.1
Stratum 3, jitter 0.000, synch distance 0.0000.
Server 3000::32
Stratum 2 , jitter 790.00, synch distance 0.0000.
RefID 127.127.1.0
The output shows that server 127.0.0.1 is synchronized to server 3000::32, and server 3000::32 is synchronized to the local clock.
Table 18 Command output
Field |
Description |
Server |
IP address of the NTP server. |
Stratum |
Stratum level of the NTP server. |
jitter |
Root mean square (RMS) value of the clock offset relative to the upper-level clock, in seconds. |
synch distance |
Synchronization distance relative to the upper-level NTP server, in seconds, calculated from dispersion and roundtrip delay values. |
RefID |
Identifier of the primary time server. When the stratum level of the primary reference clock is 0, it is displayed as LOCL. Otherwise, it is displayed as the IP address of the primary time server. |
ntp-service ipv6 unicast-peer
ntp-service ipv6 unicast-server
ntp-service source
ntp-service unicast-server
ntp-service acl
Use ntp-service acl to configure the right for peer devices to access the NTP services on the local device.
Use undo ntp-service acl to remove the configured NTP service access right.
Syntax
ntp-service { peer | query | server | synchronization } acl ipv4-acl-number
undo ntp-service { peer | query | server | synchronization } [ acl ipv4-acl-number ]
Default
The right for the peer devices to access the NTP services on the local device is peer.
Views
System view
Predefined user roles
network-admin
Parameters
peer: Allows time requests and NTP control queries (such as alarms, authentication status, and time server information) from a peer device and allows the local device to synchronize itself to a peer device.
query: Allows only NTP control queries from a peer device to the local device.
server: Allows time requests and NTP control queries from a peer device, but does not allow the local device to synchronize itself to a peer device.
synchronization: Allows only time requests from a peer device.
acl ipv4-acl-number: Specifies an IPv4 ACL by its number. The peer devices that match the IPv4 ACL have the access right specified in the command. The ipv4-acl-number argument represents an IPv4 basic ACL number in the range of 2000 to 2999 or an IPv4 advanced ACL number in the range of 3000 to 3999.
Usage guidelines
When the device receives an NTP request, it matches the request with the access rights in order from the least restrictive to the most restrictive: peer, server, synchronization, and query.
· If no NTP access control is configured, the peer access right applies.
· If the IP address of the peer device matches a permit statement in an IPv4 ACL, the access right is granted to the peer device. If a deny statement or no IPv4 ACL is matched, no access right is granted.
· If no IPv4 ACL is specified for an access right or the IPv4 ACL specified for the access right is not created, the access right is not granted.
· If none of the IPv4 ACLs specified for the access rights is created, the peer access right applies.
· If none of the IPv4 ACLs specified for the access rights contains rules, no access right is granted.
The ntp-service acl command provides minimal security for a system running NTP. A more secure method is NTP authentication.
Examples
# Configure the peer devices on subnet 10.10.0.0/16 to have full access to the local device.
[Sysname] acl basic 2001
[Sysname-acl-ipv4-basic-2001] rule permit source 10.10.0.0 0.0.255.255
[Sysname-acl-ipv4-basic-2001] quit
[Sysname] ntp-service peer acl 2001
Related commands
ntp-service authentication enable
ntp-service authentication-keyid
ntp-service reliable authentication-keyid
ntp-service authentication enable
Use ntp-service authentication enable to enable NTP authentication.
Use undo ntp-service authentication enable to disable NTP authentication.
Syntax
ntp-service authentication enable
undo ntp-service authentication enable
Default
NTP authentication is disabled.
Views
System view
Predefined user roles
network-admin
Usage guidelines
Enable NTP authentication in networks that require time synchronization security to make sure NTP clients are synchronized only to authenticated NTP servers.
To authenticate an NTP server, set an authentication key and specify it as a trusted key.
Examples
# Enable NTP authentication.
<Sysname> system-view
[Sysname] ntp-service authentication enable
Related commands
ntp-service authentication-keyid
ntp-service reliable authentication-keyid
ntp-service authentication-keyid
Use ntp-service authentication-keyid to set an NTP authentication key.
Use undo ntp-service authentication-keyid to remove an NTP authentication key.
Syntax
ntp-service authentication-keyid keyid authentication-mode md5 { cipher | simple } string [ acl ipv4-acl-number | ipv6 acl ipv6-acl-number ] *
undo ntp-service authentication-keyid keyed
Default
No NTP authentication key is set.
Views
System view
Predefined user roles
network-admin
Parameters
keyid: Specifies a key ID to identify an authentication key, in the range of 1 to 4294967295.
authentication-mode md5 value: Uses the MD5 algorithm for key authentication.
cipher: Specifies a key in encrypted form.
simple: Specifies a key in plaintext form. For security purposes, the key specified in plaintext form will be stored in encrypted form.
string: Specifies the key. Its plaintext form is a case-sensitive string of 1 to 32 characters. Its encrypted form is a case-sensitive string of 1 to 73 characters.
acl ipv4-acl-number: Specifies an IPv4 basic ACL by its number in the range of 2000 to 2999. Only the devices permitted by the ACL can use the key ID for authentication.
ipv6 acl ipv6-acl-number: Specifies an IPv6 basic ACL by its number in the range of 2000 to 2999. Only the devices permitted by the ACL can use the key ID for authentication.
Usage guidelines
In a network where there is a high security demand, the NTP authentication feature must be enabled for a system running NTP. This feature enhances the network security by using client-server key authentication, which prohibits a client from synchronizing to a device that has failed the authentication.
The key ID in the message from the peer device identifies the key used for authentication. The acl ipv4-acl-number and acl ipv6-acl-number options are used to identify the peer device that can use the key ID.
· If the specified IPv4 or IPv6 ACL does not exist, any device can use the key ID for authentication.
· If the specified IPv4 or IPv6 ACL does not contain any rules, no device can use the key ID for authentication.
To ensure a successful NTP authentication, configure the same key ID, authentication algorithm, and key on the time server and client.
After you specify an NTP authentication key, use the ntp-service reliable authentication-keyid command to configure the key as a trusted key. The key automatically changes to untrusted after you delete the key. In this case, you do not need to execute the undo ntp-service reliable authentication-keyid command.
You can set a maximum of 128 keys by executing the command.
Examples
# Set a plaintext MD5 authentication key, with the key ID of 10 and key value of BetterKey.
<Sysname> system-view
[Sysname] ntp-service authentication enable
[Sysname] ntp-service authentication-keyid 10 authentication-mode md5 simple BetterKey
Related commands
ntp-service authentication enable
ntp-service reliable authentication-keyid
ntp-service broadcast-client
Use ntp-service broadcast-client to configure the device to operate in NTP broadcast client mode and use the current interface to receive NTP broadcast packets.
Use undo ntp-service broadcast-client to remove the configuration.
Syntax
ntp-service broadcast-client
undo ntp-service broadcast-client
Default
The device does not operate in any NTP association mode.
Views
Interface view
Predefined user roles
network-admin
Usage guidelines
After you configure the command, the device listens to NTP messages sent by the NTP broadcast server and is synchronized based on the received NTP messages.
If you have configured the device to operate in broadcast client mode on an interface with the command, do not add the interface to any aggregate group. To add the interface to an aggregate group, remove the configuration of the command.
Examples
# Configure the device to operate in broadcast client mode and receive NTP broadcast messages on GigabitEthernet 1/0/1.
<Sysname> system-view
[Sysname] interface gigabitethernet 1/0/1
[Sysname-GigabitEthernet1/0/1] ntp-service broadcast-client
Related commands
ntp-service broadcast-server
Use ntp-service broadcast-server to configure the device to operate in NTP broadcast server mode and use the current interface to send NTP broadcast packets.
Use undo ntp-service broadcast-server to remove the configuration.
Syntax
ntp-service broadcast-server [ authentication-keyid keyid | version number ] *
undo ntp-service broadcast-server
Default
The device does not operate in any NTP association mode.
Views
Interface view
Predefined user roles
network-admin
Parameters
authentication-keyid keyid: Specifies the key ID to be used for sending broadcast messages to broadcast clients. The value range for the keyid argument is 1 to 4294967295. If you do not specify this option, the local device cannot synchronize broadcast clients enabled with NTP authentication.
version number: Specifies the NTP version. The value range for the number argument is 1 to 4, and the default is 4.
Usage guidelines
After you configure the command, the device periodically sends NTP messages to the broadcast address 255.255.255.255.
If you have configured the device to operate in broadcast server mode on an interface with the command, do not add the interface to any aggregate group. To add the interface to an aggregate group, remove the configuration of the command.
Examples
# Configure the device to operate in broadcast server mode and send NTP broadcast messages on GigabitEthernet 1/0/1, using key 4 for encryption. Set the NTP version to 4.
<Sysname> system-view
[Sysname] interface gigabitethernet 1/0/1
[Sysname-GigabitEthernet1/0/1] ntp-service broadcast-server authentication-keyid 4 version 4
Related commands
ntp-service broadcast-client
ntp-service dscp
Use ntp-server dscp to set a DSCP value for IPv4 NTP packets.
Use undo ntp-server dscp to restore the default.
Syntax
ntp-service dscp dscp-value
undo ntp-service dscp
Default
The DSCP value for IPv4 NTP packets is 48.
Views
System view
Predefined user roles
network-admin
Parameters
dscp-value: Sets a DSCP value in the range of 0 to 63 for IPv4 NTP packets.
Usage guidelines
The DSCP value is included in the ToS field of an IPv4 packet to identify the packet priority.
Examples
# Set the DSCP value for IPv4 NTP packets to 30.
<Sysname> system-view
[Sysname] ntp-service dscp 30
ntp-service enable
Use ntp-service enable to enable the NTP service.
Use undo ntp-service enable to disable the NTP service.
Syntax
ntp-service enable
undo ntp-service enable
Default
The NTP service is disabled.
Views
System view
Predefined user roles
network-admin
Examples
# Enable the NTP service.
<Sysname> system-view
[Sysname] ntp-service enable
ntp-service inbound enable
Use ntp-service inbound enable to enable an interface to receive NTP messages.
Use undo ntp-service inbound enable to disable an interface from receiving NTP messages.
Syntax
ntp-service inbound enable
undo ntp-service inbound enable
Default
An interface receives NTP messages.
Views
Interface view
Predefined user roles
network-admin
Usage guidelines
Execute the undo ntp-service inbound enable command on an interface in the following cases:
· You do not want the interface to synchronize the peer device in the corresponding subnet.
· You do not want the device to be synchronized by the peer device in the subnet corresponding to the interface.
Examples
# Disable GigabitEthernet 1/0/1 from receiving NTP messages.
<Sysname> system-view
[Sysname] interface gigabitethernet 1/0/1
[Sysname-GigabitEthernet1/0/1] undo ntp-service inboundenable
ntp-service ipv6 acl
Use ntp-service ipv6 acl to configure the right for the peer devices to access the IPv6 NTP services of the local device.
Use undo ntp-service ipv6 acl to remove the configured IPv6 NTP service access right.
Syntax
ntp-service ipv6 { peer |query | server | synchronization } acl ipv6-acl-number
undo ntp-service ipv6 { peer |query | server | synchronization } [ acl ipv6-acl-number ]
Default
The right for the peer devices to access the IPv6 NTP services on the local device is peer.
Views
System view
Predefined user roes
network-admin
Parameters
peer: Allows time requests and NTP control queries (such as alarms, authentication status, and time server information) and allows the local device to synchronize itself to a peer device.
query: Allows only NTP control queries from a peer device to the local device.
server: Allows time requests and NTP control queries, but does not allow the local device to synchronize itself to a peer device.
synchronization: Allows only time requests from a system whose address passes the access list criteria.
ipv6-acl-number: Specifies an IPv6 ACL by its number. The peer devices that match the IPv6 ACL have the access right specified in the command. The ipv6-acl-number argument represents an IPv6 basic ACL number in the range of 2000 to 2999 or an IPv6 advanced ACL number in the range of 3000 to 3999.
Usage guidelines
When the device receives an NTP request, it matches the request with the access rights in order from the least restrictive to the most restrictive: peer, server, synchronization, and query.
· If no NTP access control is configured, the peer access right applies.
· If the IP address of the peer device matches a permit statement in an IPv6 ACL, the access right is granted to the peer device. If a deny statement or no IPv6 ACL is matched, no access right is granted.
· If no IPv6 ACL is specified for an access right or the IPv6 ACL specified for the access right is not created, the access right is not granted.
· If none of the IPv6 ACLs specified for the access rights is created, the peer access right applies.
· If none of the IPv6 ACLs specified for the access rights contains rules, no access right is granted.
The ntp-service ipv6 acl command provides a minimum security method. NTP authentication is more secure.
Examples
# Configure the peer devices on subnet 2001::1 to have full access to the local device.
[Sysname] acl ipv6 basic 2001
[Sysname-acl-ipv6-basic-2001] rule permit source 2001::1 64
[Sysname-acl-ipv6-basic-2001] quit
[Sysname] ntp-service ipv6 peer acl 2001
Related commands
ntp-service authentication enable
ntp-service authentication-keyid
ntp-service reliable authentication-keyid
ntp-service ipv6 dscp
Use ntp-service ipv6 dscp to set a DSCP value for IPv6 NTP packets.
Use undo ntp-service ipv6 dscp to restore the default.
Syntax
ntp-service ipv6 dscp dscp-value
undo ntp-service ipv6 dscp
Default
The DSCP value for IPv6 NTP packets is 56.
Views
System view
Predefined user roles
network-admin
Parameters
dscp-value: Specifies a DSCP value in the range of 0 to 63 for IPv6 NTP packets.
Usage guidelines
The DSCP value is included in the Traffic Class field of an IPv6 packet to identify the packet priority.
Examples
# Set the DSCP value for IPv6 NTP packets to 30.
<Sysname> system-view
[Sysname] ntp-service ipv6 dscp 30
ntp-service ipv6 inbound enable
Use ntp-service ipv6 inbound enable to enable an interface to receive IPv6 NTP messages.
Use undo ntp-service ipv6 inbound enable to disable an interface from receiving IPv6 NTP messages.
Syntax
ntp-service ipv6 inbound enable
undo ntp-service ipv6 inbound enable
Default
An interface receives IPv6 NTP messages.
Views
Interface view
Predefined user roles
network-admin
Usage guidelines
Execute the undo ntp-service ipv6 inbound enable command on an interface in the following cases:
· You do not want the interface to synchronize the peer devices in the corresponding subnet.
· You do not want the device to be synchronized by the peer devices in the subnet corresponding to the interface.
Examples
# Disable GigabitEthernet 1/0/1 from receiving IPv6 NTP messages.
<Sysname> system-view
[Sysname] interface gigabitethernet 1/0/1
[Sysname-GigabitEthernet1/0/1] undo ntp-service ipv6 inboundenable
ntp-service ipv6 multicast-client
Use ntp-service ipv6 multicast-client to configure the device to operate in IPv6 NTP multicast client mode and use the current interface to receive IPv6 NTP multicast packets.
Use undo ntp-service ipv6 multicast-client to remove the configuration.
Syntax
ntp-service ipv6 multicast-client ipv6-address
undo ntp-service ipv6 multicast-client ipv6-address
Default
The device does not operate in any NTP association mode.
Views
Interface view
Predefined user roles
network-admin
Parameters
ipv6-address: Specifies an IPv6 multicast address. An IPv6 broadcast client and an IPv6 broadcast server must be configured with the same multicast address.
Usage guidelines
After you configure the command, the device listens to IPv6 NTP messages using the specified multicast address as the destination address. It is synchronized based on the received IPv6 NTP messages.
If you have configured the device to operate in IPv6 multicast client mode on an interface by using the command, do not add the interface to any aggregate group. To add the interface to an aggregate group, remove the configuration of the command.
Examples
# Configure the device to operate in IPv6 multicast client mode and receive IPv6 NTP multicast messages with the destination FF21::1 on GigabitEthernet 1/0/1.
<Sysname> system-view
[Sysname] interface gigabitethernet 1/0/1
[Sysname-GigabitEthernet1/0/1] ntp-service ipv6 multicast-client ff21::1
Related commands
ntp-service ipv6 multicast-server
ntp-service ipv6 multicast-server
Use ntp-service ipv6 multicast-server to configure the device to operate in IPv6 NTP multicast server mode and use the current interface to send IPv6 NTP multicast packets.
Use undo ntp-service ipv6 multicast-server to remove the configuration.
Syntax
ntp-service ipv6 multicast-server ipv6-address [authentication-keyid keyid | ttl ttl-number] *
undo ntp-service ipv6 multicast-server ipv6-address
Default
The device does not operate in any NTP association mode.
Views
Interface view
Predefined user roles
network-admin
Parameters
ipv6-address: Specifies an IPv6 multicast address. An IPv6 multicast client and server must be configured with the same multicast address.
authentication-keyid keyid: Specifies the key ID to be used for sending multicast messages to multicast clients. The value range for the keyid argument is 1 to 4294967295. If you do not specify this option, the local device cannot synchronize clients enabled with NTP authentication.
ttl ttl-number: Specifies the TTL of NTP multicast messages. The value range for the ttl-number argument is 1 to 255, and the default is 16.
Usage guidelines
After you configure the command, the device periodically sends NTP messages to the specified IPv6 multicast address.
If you have configured the device to operate in IPv6 multicast server mode on an interface with the command, do not add the interface to any aggregate group. To add the interface to an aggregate group, remove the configuration of the command.
Examples
# Configure the device to operate in IPv6 multicast server mode and send IPv6 NTP multicast messages on GigabitEthernet 1/0/1 to the multicast address FF21::1, using key 4 for encryption.
<Sysname> system-view
[Sysname] interface gigabitethernet 1/0/1
[Sysname-GigabitEthernet1/0/1] ntp-service ipv6 multicast-server ff21::1
Related commands
ntp-service ipv6 multicast-client
ntp-service ipv6 source
Use ntp-service ipv6 source to specify a source interface for IPv6 NTP messages.
Use undo ntp-service ipv6 source to restore the default.
Syntax
ntp-service ipv6 source interface-type interface-number
undo ntp-service ipv6 source
Default
No source interface is specified for IPv6 NTP messages. The device automatically selects the source IP address for IPv6 NTP messages. For more information, see RFC 3484.
Views
System view
Predefined user roles
network-admin
Parameters
interface-type interface-number: Specifies an interface by its type and number.
Usage guidelines
If you specify a source interface for IPv6 NTP messages, the device uses the IPv6 address of the source interface as the source address to send IPv6 NTP messages. Consequently, the destination address of the IPv6 NTP response messages becomes the address of the source interface.
When the device responds to an IPv6 NTP request, the source IPv6 address of the NTP response is always the IPv6 address of the interface that has received the IPv6 NTP request.
If you do not want the IPv6 address of an interface on the local device to become the destination address for response messages, use this command to specify another interface as the source interface for IPv6 NTP messages..
The source interface for IPv6 NTP messages can also be specified in the following ways:
· In NTP client/server mode, if you have specified the source interface for IPv6 NTP messages in the ntp-service ipv6 unicast-server command, the specified interface acts as the source interface for IPv6 NTP messages.
· In NTP symmetric active/passive mode, if you have specified the source interface for IPv6 NTP messages in the ntp-service ipv6 unicast-peer command, the specified interface acts as the source interface for IPv6 NTP messages.
· In NTP multicast mode, if you have configured the ntp-service ipv6 multicast-server command on an interface, the interface acts as the source interface for NTP multicast messages.
If the specified source interface is down, the device does not send IPv6 NTP messages.
Examples
# Specify the source interface of IPv6 NTP messages as GigabitEthernet 1/0/1.
<Sysname> system-view
[Sysname] ntp-service ipv6 source gigabitethernet 1/0/1
ntp-service ipv6 unicast-peer
Use ntp-service ipv6 unicast-peer to specify an IPv6 symmetric-passive peer for the device.
Use undo ntp-service ipv6 unicast-peer to remove the IPv6 symmetric-passive peer specified for the device.
Syntax
ntp-service ipv6 unicast-peer { peer-name | ipv6-address } [ vpn-instance vpn-instance-name ] [ authentication-keyid keyid | priority | source interface-type interface-number ] *
undo ntp-service ipv6 unicast-peer { peer-name | ipv6-address } [ vpn-instance vpn-instance-name ]
Default
No IPv6 symmetric-passive peer is specified.
Views
System view
Predefined user roles
network-admin
Parameters
peer-name: Specifies a symmetric-passive peer by its host name, a case-insensitive string of 1 to 253 characters.
ipv6-address: Specifies asymmetric-passive peer by its IPv6 address. It must be a unicast address, rather than a multicast address.
vpn-instance vpn-instance-name: Specifies the VPN to which the symmetric-passive peer belongs. The vpn-instance-name argument is a case-sensitive string of 1 to 31 characters. If the symmetric-passive peer is on the public network, do not specify this option.
authentication-keyid keyid: Specifies the key ID to be used for sending NTP messages to the peer. The value range for the keyid argument is 1 to 4294967295. If you do not specify this option, the local device and the peer do not authenticate each other.
priority: Specifies the peer specified by ipv6-address or peer-name as the first choice under the same condition.
Source interface-type interface-number: Specifies the source interface for IPv6 NTP messages. If the specified passive peer address is not a link local address, the source IPv6 address for IPv6 NTP messages sent by the local device is the IPv6 address of the specified source interface. If the specified passive peer address is a link local address, the IPv6 NTP messages are sent from the specified source interface, and the source address of the messages is the link local address of the interface. The interface-type interface-number argument represents the interface type and number. If you do not specify an interface, the device automatically selects the source IPv6 address of IPv6 NTP messages. For more information, see RFC 3484.
Usage guidelines
When you specify an IPv6 passive peer for the device, the device and its IPv6 passive peer can be synchronized to each other. If their clocks are in synchronized state, the clock with a high stratum level is synchronized to the clock with a lower stratum level.
To synchronize the PE to a PE or CE in a VPN, provide the vpn-instance vpn-instance-name option in the command.
If you include the vpn-instance vpn-instance-name option in the undo ntp-service ipv6 unicast-peer command, the command removes the symmetric-passive peer with the IPv6 address of ipv6-address in the specified VPN. If you do not include the vpn-instance vpn-instance-name option in the command, the command removes the symmetric-passive peer with the IPv6 address of ipv6-address in the public network.
If the specified IPv6 address of the passive peer is a link local address, you must specify the source interface for NTP messages and cannot specify a VPN for the passive peer.
Examples
# Specify the device with the IPv6 address of 2001::1 as the symmetric-passive peer of the local device, and specify the source interface for IPv6 NTP messages as GigabitEthernet 1/0/1.
<Sysname> system-view
[Sysname] ntp-service ipv6 unicast-peer 2001::1 source gigabitethernet 1/0/1
Related commands
ntp-service authentication enable
ntp-service authentication-keyid
ntp-service reliable authentication-keyid
ntp-service ipv6 unicast-server
Use ntp-service ipv6 unicast-server to specify an IPv6 NTP server for the device.
Use undo ntp-service ipv6 unicast-server to remove an IPv6 NTP server specified for the device.
Syntax
ntp-service ipv6 unicast-server { server-name | ipv6-address } [ vpn-instance vpn-instance-name ] [ authentication-keyid keyid | priority | source interface-type interface-number ] *
undo ntp-service ipv6 unicast-server { server-name | ipv6-address } [ vpn-instance vpn-instance-name ]
Default
No IPv6 NTP server is specified.
Views
System view
Predefined user roles
network-admin
Parameters
server-name: Specifies an NTP server by its host name, a case-insensitive string of 1 to 253 characters.
ipv6-address: Specifies an NTP server by its IPv6 address. It must be a unicast address, rather than a multicast address.
vpn-instance vpn-instance-name: Specifies the VPN to which the NTP server belongs. The vpn-instance-name argument is a case-sensitive string of 1 to 31 characters. If the NTP server is on the public network, do not specify this option.
authentication-keyid keyid: Specifies the key ID to be used for sending NTP messages to the NTP server. The value range for the keyid argument is 1 to 4294967295. If you do not specify this option, the local device and NTP server do not authenticate each other.
priority: Specifies this NTP server as the first choice under the same condition.
Source interface-type interface-number: Specifies the source interface for IPv6 NTP messages. If the specified IPv6 NTP server address is not a link local address, the source IPv6 address for IPv6 NTP messages sent by the local device to the NTP server is the IPv6 address of the specified source interface. If the specified IPv6 NTP server address is a link local address, the IPv6 NTP messages are sent from the specified source interface, and the source address of the messages is the link local address of the interface. The interface-type interface-number argument represents the interface type and number. If you do not specify an interface, the device automatically selects the source IPv6 address of IPv6 NTP messages. For more information, see RFC 3484.
Usage guidelines
When you specify an IPv6 NTP server for the device, the device is synchronized to the IPv6 NTP server, but the IPv6 NTP server is not synchronized to the device.
To synchronize the PE to a PE or CE in a VPN, specify the vpn-instance vpn-instance-name option in the command.
If you include the vpn-instance vpn-instance-name option in the undo ntp-service unicast-server command, the command removes the NTP server with the IP address of ip-address in the specified VPN. If you do not include the vpn-instance vpn-instance-name option in the command, the command removes the NTP server with the IP address of ip-address in the public network.
If the specified IPv6 address of the NTP server is a link local address, you must specify the source interface for NTP messages and cannot specify a VPN for the NTP server.
Examples
# Specify the IPv6 NTP server 2001::1 for the device.
<Sysname> system-view
[Sysname] ntp-service ipv6 unicast-server 2001::1
Related commands
ntp-service authentication enable
ntp-service authentication-keyid
ntp-service reliable authentication-keyid
ntp-service max-dynamic-sessions
Use ntp-service max-dynamic-sessions to set the maximum number of dynamic NTP sessions.
Use undo ntp-service max-dynamic-sessions to restore the default.
Syntax
ntp-service max-dynamic-sessions number
undo ntp-service max-dynamic-sessions
Default
The maximum number of dynamic NTP sessions is 100.
Views
System view
Predefined user roles
network-admin
Parameters
number: Sets the maximum number of dynamic NTP associations, in the range of 0 to 100.
Usage guidelines
A device can have a maximum of 128 concurrent associations, including static associations and dynamic associations. A static association refers to an association that a user has manually created by using an NTP command. A dynamic association is a temporary association created by the system during operation.
This command limits the number of dynamic NTP associations and prevents dynamic NTP associations from occupying too many system resources.
Examples
# Set the maximum number of dynamic NTP associations to 50.
<Sysname> system-view
[Sysname] ntp-service max-dynamic-sessions 50
Related commands
display ntp-service sessions
ntp-service multicast-client
Use ntp-service multicast-client to configure the device to operate in NTP multicast client mode and use the current interface to receive NTP multicast packets.
Use undo ntp-service multicast-client to remove the configuration.
Syntax
ntp-service multicast-client [ ip-address ]
undo ntp-service multicast-client [ ip-address ]
Default
The device does not operate in any NTP association mode.
Views
Interface view
Predefined user roles
network-admin
Parameters
ip-address: Specifies a multicast IP address. The default is 224.0.1.1. A multicast server and client must be configured with the same multicast IP address.
Usage guidelines
After you configure the command, the device listens to NTP messages using the specified multicast address as the destination address.
If you have configured the device to operate in multicast client mode on an interface with the command, do not add the interface to any aggregate group. To add the interface to an aggregate group, remove the configuration of the command.
Examples
# Configure the device to operate in multicast client mode and receive NTP multicast messages on GigabitEthernet 1/0/1, and set the multicast address to 224.0.1.1.
<Sysname> system-view
[Sysname] interface gigabitethernet 1/0/1
[Sysname-GigabitEthernet1/0/1] ntp-service multicast-client 224.0.1.1
Related commands
ntp-service multicast-server
ntp-service multicast-server
Use ntp-service multicast-server to configure the device to operate in NTP multicast server mode and use the current interface to send NTP multicast packets.
Use undo ntp-service multicast-server to remove the configuration.
Syntax
ntp-service multicast-server [ ip-address ] [ authentication-keyid keyid | ttl ttl-number | version number ] *
undo ntp-service multicast-server [ ip-address ]
Default
The device does not operate in any NTP association mode.
Views
Interface view
Predefined user roles
network-admin
Parameters
ip-address: Specifies a multicast IP address. The default is 224.0.1.1. A multicast server and client must be configured with the same multicast IP address.
ttl ttl-number: Specifies the TTL of NTP multicast messages. The value range for the ttl-number argument is 1 to 255. The default value is 16.
version number: Specifies the NTP version. The value range for the number argument is 1 to 4. The default value is 4.
Usage guidelines
After you configure the command, the device periodically sends NTP messages to the specified multicast address.
If you have configured the device to operate in multicast server mode on an interface with the command, do not add the interface to any aggregate group. To add the interface to an aggregate group, remove the configuration of the command.
Examples
# Configure the device to operate in multicast server mode and send NTP multicast messages on GigabitEthernet 1/0/1 to the multicast address 224.0.1.1, using key 4 for encryption. Set the NTP version to 4.
<Sysname> system-view
[Sysname] interface gigabitethernet 1/0/1
[Sysname-GigabitEthernet1/0/1] ntp-service multicast-server 224.0.1.1 version 4 authentication-keyid 4
Related commands
ntp-service multicast-client
ntp-service refclock-master
Use ntp-service refclock-master to configure the local clock as the reference source.
Use undo ntp-service refclock-master to remove the configuration.
Syntax
ntp-service refclock-master [ ip-address ] [ stratum ]
undo ntp-service refclock-master [ ip-address ]
Default
The device does not use its local clock as the reference clock.
Views
System view
Predefined user roles
network-admin
Parameters
ip-address: IP address of the local clock, 127.127.1.u, where u is the NTP process ID in the range of 0 to 3. The default value is 127.127.1.0.
stratum: Stratum level of the local clock, in the range of 1 to 15. The default value is 8. A lower stratum level represents higher clock accuracy.
Usage guidelines
Typically an NTP server that gets its time from an authoritative time source, such as an atomic clock has stratum 1 and operates as the primary time server to provide time synchronization for other devices in the network. The accuracy of each server is the stratum, with the topmost level (primary servers) assigned as one and each level downwards (secondary servers) in the hierarchy assigned as one greater than the preceding level.
If the devices in a network cannot synchronize to an authoritative time source, you can perform the following tasks:
· Select a device that has a relatively accurate clock from the network.
· Use the local clock of the device as the reference clock to synchronize other devices in the network.
Use the command with caution to avoid time errors. As a best practice, adjust the local system time to a correct value before you execute the command.
Examples
# Specify the local clock as the reference source, with the stratum level 2.
<Sysname> system-view
[Sysname] ntp-service refclock-master 2
ntp-service reliable authentication-keyid
Use ntp-service reliable authentication-keyid to specify an authentication key as a trusted key.
Use undo ntp-service reliable authentication-keyid to remove the configuration.
Syntax
ntp-service reliable authentication-keyid keyid
undo ntp-service reliable authentication-keyid keyid
Default
No trusted key is specified.
Views
System view
Predefined user roles
network-admin
Parameters
keyid: Specifies an authentication key by its ID in the range of 1 to 4294967295.
Usage guidelines
When NTP authentication is enabled, a client can be synchronized only to a server that can provide a trusted authentication key.
Before you use the command, make sure NTP authentication is enabled and an authentication key is configured. The key automatically changes to untrusted after you delete the key. In this case, you do not need to execute the undo ntp-service reliable authentication-keyid command.
You can set a maximum of 128 keys by executing the command.
Examples
# Enable NTP authentication, specify the MD5 algorithm, with the key ID of 37 and key value of BetterKey.
<Sysname> system-view
[Sysname] ntp-service authentication enable
[Sysname] ntp-service authentication-keyid37 authentication-mode md5 simple BetterKey
# Specify this key as a trusted key.
[Sysname] ntp-service reliable authentication-keyid37
Related commands
ntp-service authentication enable
ntp-service authentication-keyid
ntp-service source
Use ntp-service source to specify a source interface for NTP messages.
Use undo ntp-service source to restore the default.
Syntax
ntp-service source interface-type interface-number
undo ntp-service source
Default
No source interface is specified for NTP messages. The device performs the following operations:
· Searches the routing table for the outbound interface of NTP messages.
· Uses the primary IP address of the outbound interface as the source IP address for NTP messages.
Views
System view
Predefined user roles
network-admin
Parameters
interface-type interface-number: Specifies an interface by its type and number.
Usage guidelines
If you specify the source interface for NTP messages, the device uses the primary IP address of the specified interface as the source IP address to send NTP messages. Consequently, the destination address of the NTP response messages becomes the primary IP address of the source interface.
If you do not want the IP address of an interface on the local device to become the destination address for response messages, use this command to specify another interface as the source interface for NTP messages.
The source interface for NTP messages can also be specified in the following ways:
· In NTP client/server mode, if you have specified the source interface for NTP messages in the ntp-service unicast-server command, the specified interface acts as the source interface for NTP messages.
· In NTP symmetric active/passive mode, if you have specified the source interface for NTP messages in the ntp-service unicast-peer command, the specified interface acts as the source interface for NTP messages.
· In NTP multicast mode, if you have configured the ntp-service multicast-server command on an interface, the interface acts as the source interface for NTP multicast messages.
· In NTP broadcast mode, if you have configured the ntp-service broadcast-server command on an interface, the interface acts as the source interface for NTP broadcast messages.
If the specified source interface is down, the device does not send NTP messages.
Examples
# Specify the source interface for NTP messages as GigabitEthernet 1/0/1.
<Sysname> system-view
[Sysname] ntp-service source gigabitethernet 1/0/1
ntp-service unicast-peer
Use ntp-service unicast-peer to specify a symmetric-passive peer for the device.
Use undo ntp-service unicast-peer to remove the symmetric-passive peer specified for the device.
Syntax
ntp-service unicast-peer { peer-name | ip-address } [ vpn-instance vpn-instance-name ] [ authentication-keyid keyid | priority | source interface-type interface-number | version number ] *
undo ntp-service unicast-peer { peer-name | ip-address } [ vpn-instance vpn-instance-name ]
Default
No symmetric-passive peer is specified.
Views
System view
Predefined user roles
network-admin
Parameters
peer-name: Specifies a symmetric-passive peer by its host name, a case-insensitive string of 1 to 253 characters.
ip-address: Specifies a symmetric-passive peer by its IP address. It must be a unicast address, rather than a broadcast address, a multicast address, or the IP address of the local clock.
vpn-instance vpn-instance-name: Specifies the VPN to which the symmetric-passive peer belongs. The vpn-instance-name argument is a case-sensitive string of 1 to 31 characters. If the symmetric-passive peer is on the public network, do not specify this option.
authentication-keyid keyid: Specifies the key ID to be used for sending NTP messages to the peer. The value range for the keyid argument is 1 to 4294967295. If you do not specify this option, the local device and the peer do not authenticate each other.
priority: Specifies the peer specified by ip-address or peer-name as the first choice under the same condition.
Source interface-type interface-number: Specifies the source interface for NTP messages. In an NTP message the local device sends to its peer, the source IP address is the primary IP address of this interface. The interface-type interface-number argument represents the interface type and number. If you do not specify this option, the device searches the routing table for the outgoing interface and uses the primary IP address of the outgoing interface as the source IP address of the NTP messages.
Version number: Specifies the NTP version. The value range for the number argument is 1 to 4. The default value is 4.
Usage guidelines
When you specify a passive peer for the device, the device and its passive peer can be synchronized to each other. If their clocks are in synchronized state, the clock with a high stratum level is synchronized to the clock with a lower stratum level.
To synchronize the PE to a PE or CE in a VPN, provide vpn-instance vpn-instance-name in your command.
If you include vpn-instance vpn-instance-name in the undo ntp-service unicast-peer command, the command removes the symmetric-passive peer with the IP address of ip-address in the specified VPN. If you do not include vpn-instance vpn-instance-name in the command, the command removes the symmetric-passive peer with the IP address of ip-address in the public network.
Examples
# Specify the device with the IP address of 10.1.1.1 as the symmetric-passive peer of the local device, and configure the local device to run NTP version 4. Specify the source interface of NTP messages as GigabitEthernet 1/0/1.
<Sysname> system-view
[Sysname] ntp-service unicast-peer 10.1.1.1 version 4 source gigabitethernet 1/0/1
Related commands
ntp-service authentication enable
ntp-service authentication-keyid
ntp-service reliable authentication-keyid
ntp-service unicast-server
Use ntp-service unicast-server to specify an NTP server for the device.
Use undo ntp-service unicast-server to remove an NTP server specified for the device.
Syntax
ntp-service unicast-server { server-name | ip-address } [ vpn-instance vpn-instance-name ] [ authentication-keyid keyid | priority | source interface-type interface-number | version number ] *
undo ntp-service unicast-server { server-name | ip-address } [ vpn-instance vpn-instance-name ]
Default
No NTP server is specified.
Views
System view
Predefined user roles
network-admin
Parameters
server-name: Specifies an NTP server by its host name, a case-insensitive string of 1 to 253 characters.
ip-address: Specifies an NTP server by its IP address. It must be a unicast address, rather than a broadcast address, a multicast address, or the IP address of the local clock.
vpn-instance vpn-instance-name: Specifies the VPN to which the NTP server belongs. The vpn-instance-name argument is a case-sensitive string of 1 to 31 characters. If the NTP server is on the public network, do not specify this option.
authentication-keyid keyid: Specifies the key ID to be used for sending NTP messages to the NTP server. The value range for the keyid argument is 1 to 4294967295. If you do not specify this option, the local device and NTP server do not authenticate each other.
priority: Specifies this NTP server as the first choice under the same condition.
Source interface-type interface-number: Specifies the source interface for NTP messages. For an NTP message the local device sends to the NTP server, the source IP address is the primary IP address of this interface. The interface-type interface-number argument represents the interface type and number. If you do not specify this option, the device searches the routing table for the outgoing interface and uses the primary IP address of the outgoing interface as the source IP address of the NTP messages.
Version number: Specifies the NTP version. The value range for the number argument is 1 to 4. The default value is 4.
Usage guidelines
When you specify an NTP server for the device, the device is synchronized to the NTP server, but the NTP server is not synchronized to the device.
To synchronize the PE to a PE or CE in a VPN, provide vpn-instance vpn-instance-name in your command.
If you include the vpn-instance vpn-instance-name option in the undo ntp-service unicast-server command, the command removes the NTP server with the IP address of ip-address in the specified VPN. If you do not include the vpn-instance vpn-instance-name option in the command, the command removes the NTP server with the IP address of ip-address in the public network.
Examples
# Specify NTP server 10.1.1.1 for the device, and configure the device to run NTP version 4.
<Sysname> system-view
[Sysname] ntp-service unicast-server 10.1.1.1 version 4
Related commands
ntp-service authentication enable
ntp-service authentication-keyid
ntp-service reliable authentication-keyid
SNTP commands
display sntp ipv6 sessions
Use display sntp ipv6 sessions to display information about all IPv6 SNTP associations.
Syntax
display sntp ipv6 sessions
Views
Any view
Predefined user roles
network-admin
network-operator
Examples
# Display information about all IPv6 SNTP associations.
<Sysname> display sntp ipv6 sessions
SNTP server: 2001::1
Stratum: 16
Version: 4
Last receive time: No packet was received.
SNTP server: 2001::100
Stratum: 3
Version: 4
Last receive time: Fri, Oct 21 2011 11:28:28.058 (Synced)
Table 19 Command output
Field |
Description |
SNTP server |
SNTP server (NTP server). If this field displays ::, the IPv6 address of the NTP server has not been resolved successfully. |
Stratum |
Stratum level of the NTP server, which determines the clock accuracy. It is in the range of 1 to 16. A lower stratum level represents a higher clock accuracy. A clock with stratum level 16 is not synchronized. |
Version |
SNTP version. |
Last receive time |
Time when the last message was received: · Synced—The local clock is synchronized to the NTP server. · No packet was received—The device has not received any SNTP session information from the server. |
display sntp sessions
Use display sntp sessions to display information about all IPv4 SNTP associations.
Syntax
display sntp sessions
Views
Any view
Predefined user roles
network-admin
network-operator
Examples
# Display information about all IPv4 SNTP associations.
<Sysname>display sntp sessions
SNTP server Stratum Version Last receive time
1.0.1.112 4 Tue, May 17 2011 9:11:20.833 (Synced)
Table 20 Command output
Field |
Description |
SNTP server |
SNTP server (NTP server). If this field displays 0.0.0.0, the IP address of the NTP server has not been resolved successfully. |
Stratum |
Stratum level of the NTP server, which determines the clock accuracy. It is in the range of 1 to 16. A lower stratum level represents higher clock accuracy. A clock with stratum level 16 is not synchronized. |
Version |
SNTP version. |
Last receive time |
Time when the last message was received. Synced means the local clock is synchronized to the NTP server. |
sntp authentication enable
Use sntp authentication enable to enable SNTP authentication.
Use undo sntp authentication enable to disable SNTP authentication.
Syntax
sntp authentication enable
undo sntp authentication enable
Default
SNTP authentication is disabled.
Views
System view
Predefined user roles
network-admin
Usage guidelines
You need to enable SNTP authentication in networks that require time synchronization security to make sure SNTP clients are synchronized only to authenticated NTP servers.
To authenticate an NTP server, set an authentication key and specify it as a trusted key.
Examples
# Enable SNTP authentication.
<Sysname> system-view
[Sysname] sntp authentication enable
Related commands
sntp authentication-keyid
sntp reliable authentication-keyid
sntp authentication-keyid
Use sntp authentication-keyid to set an SNTP authentication key.
Use undo sntp authentication-keyid to remove an SNTP authentication key.
Syntax
sntp authentication-keyid keyid authentication-mode md5 { cipher | simple } string [ acl ipv4-acl-number | ipv6 acl ipv6-acl-number ] *
undo sntp authentication-keyid keyid
Default
No SNTP authentication key is set.
Views
System view
Predefined user roles
network-admin
Parameters
keyid: Specifies a key ID to identify an authentication key, in the range of 1 to 4294967295.
authentication-mode md5 value: Uses the MD5 algorithm for key authentication.
cipher: Specifies a key in encrypted form.
simple: Specifies a key in plaintext form. For security purposes, the key specified in plaintext form will be stored in encrypted form.
string: Specifies the key. Its plaintext form is a case-sensitive string of 1 to 32 characters. Its encrypted form is a case-sensitive string of 1 to 73 characters.
acl ipv4-acl-number: Specifies an IPv4 basic ACL by its number in the range of 2000 to 2999. Only the devices permitted by the ACL can use the key ID for authentication.
ipv6 acl ipv6-acl-number: Specifies an IPv6 basic ACL by its number in the range of 2000 to 2999. Only the devices permitted by the ACL can use the key ID for authentication.
Usage guidelines
You need to enable SNTP authentication in networks that require time synchronization security to make sure SNTP clients are synchronized only to authenticated NTP servers.
The key ID in the message from the peer device identifies the key used for authentication. The acl ipv4-acl-number and acl ipv6-acl-number options are used to identify the peer device that can use the key ID.
· If the specified IPv4 or IPv6 ACL does not exist, any device can use the key ID for authentication.
· If the specified IPv4 or IPv6 ACL does not contain any rules, no device can use the key ID for authentication.
To ensure a successful authentication, configure the same key ID, authentication algorithm, and key on the time server and client.
After you configure an SNTP authentication key, use the sntp reliable authentication-keyid command to set it as a trusted key. The key automatically changes to untrusted after you delete the key. In this case, you do not need to execute the undo sntp-service reliable authentication-keyid command.
You can set a maximum of 128 keys by executing the command.
Examples
# Set an MD5 authentication key, with the key ID of 10 and key value of BetterKey. Input the key in plain text.
<Sysname> system-view
[Sysname] sntp authentication enable
[Sysname]sntp authentication-keyid 10 authentication-mode md5 simple BetterKey
Related commands
sntp authentication enable
sntp reliable authentication-keyid
sntp enable
Use sntp enable to enable the SNTP service.
Use undo sntp enable to disable the SNTP service.
Syntax
Sntp enable
undo sntp enable
Default
The SNTP service is disabled.
Views
System view
Predefined user roles
network-admin
Examples
# Enable the SNTP service.
<Sysname> system-view
[Sysname]sntp enable
sntp ipv6 unicast-server
Use sntp ipv6 unicast-server to specify an IPv6 NTP server for the device.
Use undo sntp ipv6 unicast-server to remove the IPv6 NTP server specified for the device.
Syntax
sntp ipv6 unicast-server { server-name | ipv6-address } [ vpn-instance vpn-instance-name ] [ authentication-keyid keyid | source interface-type interface-number ] *
undo sntp ipv6 unicast-server { server-name | ipv6-address } [ vpn-instance vpn-instance-name ]
Default
No IPv6 NTP server is specified.
Views
System view
Predefined user roles
network-admin
Parameters
server-name: Specifies an NTP server by its host name, a case-insensitive string of 1 to 253 characters.
ipv6-address: Specifies an NTP server by its IPv6 address.
vpn-instance vpn-instance-name: Specifies the VPN to which the NTP server belongs. The vpn-instance-name argument is a case-sensitive string of 1 to 31 characters. If the NTP server is on the public network, do not specify this option.
authentication-keyid keyid: Specifies the key ID to be used for sending NTP messages to the NTP server. The value range for the keyid argument is 1 to 4294967295. If you do not specify this option, the local device and NTP server do not authenticate each other.
source interface-type interface-number: Specifies the source interface for IPv6 NTP messages. If the specified IPv6 NTP server address is not a link local address, the source IPv6 address for IPv6 NTP messages sent by the local device to the NTP server is the IPv6 address of the specified source interface. If the specified IPv6 NTP server address is a link local address, the IPv6 NTP messages are sent from the specified source interface, and the source address of the messages is the link local address of the interface. The interface-type interface-number argument represents the interface type and number. If you do not specify an interface, the device automatically selects the source IPv6 address of IPv6 NTP messages. For more information, see RFC 3484.
Usage guidelines
When you specify an IPv6 NTP server for the device, the device is synchronized to the NTP server, but the NTP server is not synchronized to the device.
To synchronize the PE to a PE or CE in a VPN, provide the vpn-instance vpn-instance-name option in your command.
If you include the vpn-instance vpn-instance-name option in the undo ntp-service unicast-server command, the command removes the NTP server with the IP address of ip-address in the specified VPN. If you do not include the vpn-instance vpn-instance-name option in the command, the command removes the NTP server with the IP address of ip-address in the public network.
If the specified IPv6 address of the NTP server is a link local address, you must specify the source interface for NTP messages and cannot specify a VPN for the NTP server.
Examples
# Specify the IPv6 NTP server 2001::1 for the device.
<Sysname> system-view
[Sysname] sntp ipv6 unicast-server 2001::1
Related commands
sntp authentication enable
sntp authentication-keyid
sntp reliable authentication-keyid
sntp reliable authentication-keyid
Use sntp reliable authentication-keyid to specify an authentication key as a trusted key.
Use undo sntp reliable authentication-keyid to remove the specified trusted key.
Syntax
sntp reliable authentication-keyid keyid
undo sntp reliable authentication-keyid keyid
Default
No trusted key is specified.
Views
System view
Predefined user roles
network-admin
Parameters
keyid: Specifies an authentication key by its ID in the range of 1 to 4294967295.
Usage guidelines
If SNTP is enabled, the SNTP client is synchronized only to an NTP server that provides a trusted key.
Before you use the command, make sure SNTP authentication is enabled and an authentication key is configured. The key automatically changes to untrusted after you delete the key. In this case, you do not need to execute the undo sntp-service reliable authentication-keyid command.
Examples
# Enable NTP authentication, and specify the MD5 encryption algorithm, with the key ID of 37 and key value of BetterKey.
<Sysname> system-view
[Sysname] sntp authentication enable
[Sysname] sntp authentication-keyid 37 authentication-mode md5 simple BetterKey
# Specify this key as a trusted key.
[Sysname] sntp reliable authentication-keyid 37
Related commands
sntp authentication-keyid
sntp authentication enable
sntp unicast-server
Use sntp unicast-server to specify an NTP server for the device.
Use undo sntp unicast-server to remove an NTP server specified for the device.
Syntax
sntp unicast-server { server-name | ip-address } [ vpn-instance vpn-instance-name ] [ authentication-keyid keyid | source interface-type interface-number | version number ] *
undo sntp unicast-server { server-name | ip-address } [ vpn-instance vpn-instance-name ]
Default
No NTP server is specified.
Views
System view
Predefined user roles
network-admin
Parameters
server-name: Specifies an NTP server by its host name, a case-insensitive string of 1 to 253 characters.
ip-address: Specifies an NTP server by its IP address. It must be a unicast address, rather than a broadcast address, a multicast address, or the IP address of the local clock.
vpn-instance vpn-instance-name: Specifies the VPN to which the NTP server belongs. The vpn-instance-name argument is a case-sensitive string of 1 to 31 characters. If the NTP server is on the public network, do not specify this option.
authentication-keyid keyid: Specifies the key ID to be used for sending NTP messages to the NTP server. The value range for the keyid argument is 1 to 4294967295. If you do not specify this option, the local device and NTP server do not authenticate each other.
source interface-type interface-number: Specifies the source interface for NTP messages. In an NTP message the local device sends to the NTP server, the source IP address is the primary IP address of this interface. The interface-type interface-number argument represents the interface type and number.
version number: Specifies the NTP version. The value range for the number argument is 1 to 4. The default value is 4.
Usage guidelines
When you specify an NTP server for the device, the device is synchronized to the NTP server, but the NTP server is not synchronized to the device.
To synchronize the PE to a PE or CE in a VPN, provide vpn-instance vpn-instance-name in your command.
If you include the vpn-instance vpn-instance-name option in the undo ntp-service unicast-server command, the command removes the NTP server with the IP address of ip-address in the specified VPN. If you do not include the vpn-instance vpn-instance-name option in the command, the command removes the NTP server with the IP address of ip-address in the public network.
Examples
# Specify NTP server 10.1.1.1 for the device, and configure the device to run NTP version 4.
<Sysname> system-view
[Sysname] sntp unicast-server 10.1.1.1 version 4
Related commands
sntp authentication enable
sntp authentication-keyid
sntp reliable authentication-keyid
PoE commands
The following matrixes show the feature and hardware compatibility:
Hardware |
PoE compatibility |
MSR810/810-W/810-W-DB/810-LM/810-W-LM/810-LM-HK/810-W-LM-HK/810-LMS/810-LUS |
Yes |
MSR810-10-PoE |
No |
MSR2600-6-X1/2600-10-X1 |
No |
MSR 2630 |
No |
MSR3600-28/3600-51 |
No |
MSR3600-28-SI/3600-51-SI |
No |
MSR3610-X1/3610-X1-DP/3610-X1-DC/3610-X1-DP-DC |
No |
MSR 3610/3620/3620-DP/3640/3660 |
Yes The routers must be installed with the SIC-4FSWP, DSIC-9FSWP, or HMIM-24GSWP interface modules. |
MSR5620/5660/5680 |
Yes The routers must be installed with the SIC-4FSWP, DSIC-9FSWP, or HMIM-24GSWP interface modules. |
Hardware |
PoE compatibility |
MSR810-LM-GL |
No |
MSR810-W-LM-GL |
No |
MSR830-6EI-GL |
No |
MSR830-10EI-GL |
No |
MSR830-6HI-GL |
No |
MSR830-10HI-GL |
No |
MSR2600-6-X1-GL |
No |
MSR3600-28-SI-GL |
No |
This feature is supported only by the MSR810-10-PoE router and the following PoE-capable routers installed with the SIC-4FSWP, DSIC-9FSWP, or HMIM-24GSWP interface modules:
· MSR 3610/3620/3620-DP/3640/3660.
· MSR5620/5660/5680
Commands and descriptions for centralized devices apply to the following routers:
· MSR810-10-PoE.
· MSR 3610/3620/3620-DP/3640/3660.
Commands and descriptions for distributed devices apply to the following routers:
· MSR5620.
· MSR 5660.
· MSR 5680.
apply poe-profile
Use apply poe-profile to apply a PoE profile to a power interface (PI).
Use undo apply poe-profile to restore the default.
Syntax
apply poe-profile { index index | name profile-name }
undo apply poe-profile { index index | name profile-name }
Default
No PoE profile is applied to PIs.
Views
PI view
Predefined user roles
network-admin
Parameters
index index: Specifies a PoE profile by its index number in the range of 1 to 100.
name profile-name: Specifies a PoE profile by its name, a case-sensitive string of 1 to 15 characters.
Examples
# Apply the PoE profile named forIPphone to GigabitEthernet 1/0/1.
<Sysname> system-view
[Sysname] interface gigabitethernet 1/0/1
[Sysname-GigabitEthernet1/0/1] apply poe-profile name forIPphone
Related commands
apply poe-profile interface
display poe-profile
apply poe-profile interface
Use apply poe-profile interface to apply a PoE profile to PIs.
Use undo apply poe-profile interface to remove the PoE profile application from PIs.
Syntax
apply poe-profile { index index | name profile-name } interface interface-range
undo apply poe-profile { index index | name profile-name } interface interface-range
Default
No PoE profile is applied to a PI.
Views
System view
Predefined user roles
network-admin
Parameters
index index: Specifies a PoE profile by its index number in the range of 1 to 100.
name profile-name: Specifies a PoE profile by its name, a case-sensitive string of 1 to 15 characters.
interface-range: Specifies a range of Ethernet interfaces in the form of interface-type interface-number [ to interface-type interface-number ], where interface-type interface-number represents the interface type and interface number. The start interface number must be smaller than the end interface number. If an interface in the specified range does not support PoE, it is ignored when the PoE profile is applied.
Examples
# Apply the PoE profile named forIPphone to GigabitEthernet 1/0/1.
<Sysname> system-view
[Sysname] apply poe-profile name forIPphone interface gigabitethernet 1/0/1
# Apply the PoE profile with index number 1 to PIs GigabitEthernet 1/0/2 to GigabitEthernet 1/0/8.
<Sysname> system-view
[Sysname] apply poe-profile index 1 interface gigabitethernet 1/0/2 to gigabitethernet 1/0/8
Related commands
apply poe-profile
display poe-profile interface
display poe device
Use display poe device to display general PSE information.
Syntax
Distributed devices in standalone mode/centralized devices in standalone or IRF mode:
display poe device
Distributed devices in IRF mode:
display poe device [ chassis chassis-number ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
chassis chassis-number: Specifies an IRF member device by its member ID. If you do not specify a member device, the command displays information about all PSEs in the IRF fabric. (Distributed devices in IRF mode.)
Examples
# Display general PSE information.
<Sysname> display poe device
PSE ID Slot No. SSlot No. PortNum MaxPower(W) State Model
7 2 0 24 370 Off LSP2LTSUC
10 3 0 24 370 Off LSP2LTSUC
# (Distributed devices in IRF mode.) Display general PSE information.
<Sysname> display poe device
Chassis 1:
PSE ID Slot No. SSlot No. PortNum MaxPower(W) State Model
4 1 0 1 200 Off LSBMPOEGV48TP
7 1 4 8 200 Off LSBMPOEGV48TP
Chassis 2:
PSE ID Slot No. SSlot No. PortNum MaxPower(W) State Model
43 10 4 8 200 Off LSBMPOEGV48TP
Table 21 Command output
Field |
Description |
Chassis 1 |
Information for member device 1. (Distributed devices in IRF mode.) |
PSE ID |
ID of the PSE. |
Slot No. |
Slot number of the PSE. |
SSlot No. |
Sub-slot number of the PSE. |
PortNum |
Number of PIs on the PSE. |
MaxPower(W) |
Maximum power of the PSE. |
State |
PSE status: · On—The PSE is supplying power. · Off—The PSE is not supplying power. · Faulty—The PSE has failed. |
Model |
PSE model. |
display poe interface
Use display poe interface to display power supplying information for PIs.
Syntax
display poe interface [ interface-type interface-number ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
interface-type interface-number: Specifies an interface by its type and number. If you do not specify an interface, this command displays power supplying information for all PIs.
Examples
# Display power supplying information for GigabitEthernet 1/0/1.
<Sysname> display poe interface gigabitethernet 1/0/1
PoE Status : Enabled
Power Priority : Critical
Oper : On
IEEE Class : 1
Detection Status : Delivering power
Power Mode : Signal
Current Power : 11592 mW
Average Power : 11610 mW
Peak Power : 11684 mW
Max Power : 15400 mW
Electric Current : 244 mA
Voltage : 51.7 V
PD Description : IP Phone For Room 101
Field |
Description |
PoE status |
PoE status: · Enabled. · Disabled. |
Power Priority |
Power supply priority of the PI: · Critical (highest). · High. · Low. |
Oper |
Operating status of a PI: · Off—PoE is disabled. · On—Power is being supplied to the PI correctly. · Power-lack—Remaining guaranteed power is insufficient for a critical PI. · Power-deny—The PSE refuses to supply power. The power required by the PD is higher than the configured power. · Power-itself—The PD is using another power supply. · Power-limit—The PSE is supplying power to the PD based on the configured power though the PD requires more power than the configured power. |
IEEE Class |
PD power class: 0, 1, 2, 3, or 4. If the PSE does not support PD classification, this field displays a hyphen (-). |
Detection Status |
Power detection status of a PI: · Disabled—The PoE function is disabled. · Searching—The PI is searching for the PD. · Delivering power—The PI is supplying power to the PD. · Fault—A fault occurred during the test. · Test—The PI is undergoing a test. · Other fault—A fault has caused the PSE to enter the idle status. · PD disconnected—The PD is disconnected. |
Power Mode |
Power transmission mode of a PI: · Signal—Power is being supplied over signal cables. · Spare—Power is being supplied over spare cables. |
Current Power |
Current power of a PI, including PD consumption power and transmission loss. Typical transmission loss is within 1 watt. |
Average Power |
Average power of a PI. |
Peak Power |
Peak power of a PI. |
Max Power |
Maximum power of a PI. |
Electric Current |
Current of a PI. |
Voltage |
Voltage of a PI. |
PD Description |
Type and location description for the PD connected to the PI. |
# Display power supplying information for all PIs.
<Sysname> display poe interface
Interface PoE Priority CurPower Oper IEEE Detection
(W) Class Status
GE1/0/1 Enabled Low 4.4 On 1 Delivering Power
GE1/0/2 Enabled Critical 0.0 On - Disabled
GE1/0/3 Enabled Low 0.0 On - Disabled
GE1/0/4 Enabled Critical 0.0 On - Searching
GE1/0/5 Enabled Low 4.0 On 2 Delivering Power
GE1/0/6 Enabled Low 0.0 On - Disabled
GE1/0/7 Disabled Low 0.0 Off - Fault
--- On State Ports: 2; Used: 8.4(W); Remaining: 171.6(W) ---
Table 23 Command output
Field |
Description |
Interface |
Interface name of a PI. |
PoE |
PoE status: · Enabled. · Disabled. |
Priority |
Power priority of a PI: · Critical (highest). · High. · Low. |
CurPower |
Current power of a PI. |
Oper |
Operating status of a PI: · Off—PoE is disabled. · On—Power is being supplied to the PI correctly. · Power-lack—Remaining guaranteed power is insufficient for a critical PI. · Power-deny—The PSE refuses to supply power. The power required by the PD is higher than the configured power. · Power-itself—The PD is using another power supply. · Power-limit—The PSE is supplying power to the PD based on the configured power though the PD requires more power than the configured power. |
IEEE Class |
PD power class: 0, 1, 2, 3, or 4. |
Detection Status |
Power detection status of a PI: · Disabled—PoE function is disabled. · Searching—The PI is searching for the PD. · Delivering Power—The PI is supplying power for the PD. · Fault—A fault occurred during the test. · Test—The PI is undergoing a test. · Other fault—A fault has caused the PSE to enter the idle status. · PD disconnected—The PD is disconnected. |
On State Ports |
Number of PIs that are supplying power. |
Used |
Power consumed by the current PI. |
Remaining |
Total remaining power of the system. |
display poe interface power
Use display poe interface power to display power information for PIs.
Syntax
display poe interface power [ interface-type interface-number ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
interface-type interface-number: Specifies an interface by its type and number. If you do not specify an interface, this command displays power information for all PIs.
Examples
# Display power information for GigabitEthernet 1/0/1.
<Sysname> display poe interface power gigabitethernet 1/0/1
Interface Current Peak Max PD Description
(W) (W) (W)
GE1/0/1 15.0 15.3 15.4 Access Point on Room 509 for Peter
# Display power information for all PIs.
<Sysname> display poe interface power
Interface Current Peak Max PD Description
(W) (W) (W)
GE1/0/25 4.4 4.5 4.6 IP Phone in Room 309 for Peter Smith
GE1/0/26 4.4 4.5 15.4 IP Phone in Room 409 for Peter Pan
GE1/0/27 15.0 15.3 15.4 Access Point in Room 509 for Peter
GE1/0/28 0.0 0.0 0.0 IP Phone in Room 609 for Peter John
GE1/0/29 0.0 0.0 0.0 IP Phone in Room 709 for Jack
GE1/0/30 0.0 0.0 0.0 IP Phone in Room 809 for Alien
--- On State Ports: 3; Used: 23.8(W); Remaining: 776.2(W) ---
Table 24 Command output
Field |
Description |
Interface |
Interface name of a PI. |
CurPower |
Current power of a PI. |
PeakPower |
Peak power of a PI. |
MaxPower |
Maximum power of a PI. |
PD Description |
Type and location description for the PD connected to a PI. |
Ports On |
Number of PIs that are supplying power. |
Used |
Power consumed by all PIs. |
Remaining |
Total remaining power of the system. |
display poe power-usage
Use display poe power-usage to display power usage statistics for PoE power supplies and PSEs.
Syntax
Distributed devices in standalone mode/centralized devices in IRF mode:
display poe power-usage
Distributed devices in IRF mode:
display poe power-usage [ chassis chassis-number ]
Centralized devices in IRF mode
display poe power-usage [ slot slot-number ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
chassis chassis-number: Specifies an IRF member device by its member ID. If you do not specify a member device, the command displays information about all PoE power supplies and PSEs in the IRF fabric. (Distributed devices in IRF mode.)
slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, the command displays information about all PSEs in the IRF fabric. (Centralized devices in IRF mode.)
Examples
# Display power usage statistics for the PoE power supply and all PSEs.
<Sysname> display poe power-usage
PoE Current Power : 12 W
PoE Max Power : 2000 W
PoE Max Guaranteed Power : 2000 W
PoE Remaining Allocable Power : 1800 W
PoE Remaining Guaranteed Power : 2000 W
Powered PoE Ports : 1
Statistics by PSE:
PSE ID Max Current Peak Average Remaining Powered
(W) (W) (W) (W) Guaranteed(W) Ports
5 200 12 12 6 200 1
# (Distributed devices in IRF mode.) Display power usage statistics for all PoE power supplies and PSEs.
<Sysname> display poe power-usage
Chassis 1 :
PoE Current Power : 600 W
PoE Max Power : 2000 W
PoE Max Guaranteed Power : 1000 W
PoE Remaining Allocable Power : 800 W
PoE Remaining Guaranteed Power : 600 W
Powered PoE Ports : 60
Statistics by PSE:
PSE ID Max Current Peak Average Remaining Powered
(W) (W) (W) (W) Guaranteed(W) Ports
4 300 200 230 205 100 20
7 400 300 345 290 200 30
10 500 100 120 110 300 10
Chassis 2 :
PoE Current Power : 600 W
PoE Max Power : 2000 W
PoE Max Guaranteed Power : 1000 W
PoE Remaining Allocable Power : 800 W
PoE Remaining Guaranteed Power : 600 W
Powered PoE Ports : 60
Statistics by PSE:
PSE ID Max Current Peak Average Remaining Powered
(W) (W) (W) (W) Guaranteed(W) Ports
35 300 200 230 205 100 20
# (Centralized devices in IRF mode.) Display power usage statistics for all PoE power supplies and PSEs.
<Sysname> display poe power-usage
Slot 1 :
PoE Current Power : 600 W
PoE Max Power : 2000 W
PoE Max Guaranteed Power : 1000 W
PoE Remaining Allocable Power : 800 W
PoE Remaining Guaranteed Power : 600 W
Powered PoE Ports : 60
Statistics by PSE:
PSE ID Max Current Peak Average Remaining Powered
(W) (W) (W) (W) Guaranteed(W) Ports
4 300 200 230 205 100 20
7 400 300 345 290 200 30
10 500 100 120 110 300 10
Slot 2 :
PoE Current Power : 600 W
PoE Max Power : 2000 W
PoE Max Guaranteed Power : 1000 W
PoE Remaining Allocable Power : 800 W
PoE Remaining Guaranteed Power : 600 W
Powered PoE Ports : 60
Statistics by PSE:
PSE ID Max Current Peak Average Remaining Powered
(W) (W) (W) (W) Guaranteed(W) Ports
35 300 200 230 205 100 20
Table 25 Command output
Field |
Description |
Chassis 1 |
PoE power and PSE power information for member device 1. (Distributed devices in IRF mode.) |
Slot 1 |
PoE power and PSE power information for member device 1. (Centralized devices in IRF mode.) |
PoE Current Power |
Total power that has been consumed by PSEs. |
PoE Max Power |
Maximum PoE power. |
PoE Max Guaranteed Power |
Maximum power that can be supplied to critical PSEs. |
PoE Remaining Allocable Power |
Remaining allocable PoE power = Maximum PoE power – Total maximum power of all PoE-enabled PSEs. |
PoE Remaining Guaranteed Power |
Remaining guaranteed PoE power = Maximum guaranteed PoE power – Total maximum power of all critical PSEs. Typically, the maximum guaranteed PoE power is equal to the maximum PoE power. |
Powered PoE Ports |
Number of PIs that are supplying power. |
PSE ID |
ID of the PSE. |
Max |
Maximum power of the PSE. |
Current |
Current power of the PSE. |
Peak |
Peak power of the PSE. |
Average |
Average power of the PSE. |
Remaining Guaranteed |
Remaining guaranteed power of the PSE = Maximum guaranteed power of the PSE – Total maximum power of all critical PIs of the PSE Typically, the maximum guaranteed PSE power is equal to the maximum PSE power. |
Powered Ports |
Number of PIs that are receiving power from the PSE. |
display poe pse
Use display poe pse to display detailed PSE information.
Syntax
display poe pse [ pse-id ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
pse-id: Specifies a PSE by its ID. If you do not specify a PSE, this command displays information about all PSEs.
Examples
# Display detailed information about PSE 7.
<Sysname> display poe pse 7
PSE ID : 7
Slot No. : 2
PSE Model : LSBMPOEGV48TP
PSE Status : Enabled
PSE Preempted : No
Power Priority : Low
Current Power : 130 W
Average Power : 20 W
Peak Power : 240 W
Max Power : 200 W
Remaining Guaranteed Power : 120 W
PSE CPLD Version : 100
PSE Software Version : 200
PSE Hardware Version : 100
Legacy PD Detection : Disabled
Power Utilization Threshold : 80
PSE Power Policy : Disabled
PD Power Policy : Disabled
PD Disconnect-Detection Mode : DC
# (Distributed devices in IRF mode.) Display detailed information about PSE 7.
<Sysname> display poe pse 7
PSE ID : 7
Chassis : 1
Slot No. : 2
SSlot No. : 0
PSE Model : LSBMPOEGV48TP
PSE Status : Disabled
PSE Preempted : No
Power Priority : Low
Current Power : 0 W
Average Power : 0 W
Peak Power : 0 W
Max Power : 200 W
Remaining Guaranteed Power : 200 W
PSE CPLD Version : 100
PSE Software Version : 200
PSE Hardware Version : 100
Legacy PD Detection : Disabled
Power Utilization Threshold : 80
PSE Power Policy : Disabled
PD Power Policy : Disabled
PD Disconnect Detection Mode : DC
Table 26 Command output
Field |
Description |
PSE ID |
ID of the PSE. |
Slot No. |
Slot number of the PSE. |
SSlot No. |
Subslot number of the PSE. |
Chassis |
In IRF mode, member ID of the device where the PSE resides. |
PSE Status |
PoE status of the PSE: · Enabled. · Disabled. |
Preempted |
Power preemption status for the PSE: · No—The system has sufficient power for the PSE. · Yes—The system has supplied power to other PSEs and does not have sufficient power for this PSE. |
Power Priority |
Power priority of the PSE. |
Current Power |
Current power of the PSE. |
Average Power |
Average power of the PSE. |
Peak Power |
Peak power of the PSE. |
Max Power |
Maximum power of the PSE. |
Remaining Guaranteed Power |
Remaining guaranteed power of the PSE = Maximum guaranteed power of the PSE – Total maximum power of all critical PIs of the PSE. |
PSE CPLD Version |
PSE CPLD version number. |
PSE Software Version |
PSE software version number. |
PSE Hardware Version |
PSE hardware version number. |
Legacy PD Detection |
Nonstandard PD detection status: · Enabled. · Disabled. |
Power Utilization Threshold |
PSE power alarm threshold. |
PSE Power Policy |
PSE power management policy mode. |
PD Power Policy |
PD power management policy mode. |
PD Disconnect Detection Mode |
PD disconnection detection mode. |
display poe pse interface
Use display poe pse interface to display the PoE status of all PIs on a PSE.
Syntax
display poe pse pse-id interface
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
pse pse-id: Specifies a PSE ID. To display PSE ID and slot mappings, use the display poe device command.
Examples
# Display the status of all PIs on PSE 7.
<Sysname> display poe pse 7 interface
Interface PoE Priority CurPower Oper IEEE Detection
(W) Class Status
GE1/0/1 Enabled Low 4.4 On 1 Delivering Power
GE1/0/2 Enabled Critical 0.0 Power-lack - Disabled
GE1/0/3 Enabled Low 0.0 Power-deny - Disabled
GE1/0/4 Enabled Critical 0.0 On - Searching
GE1/0/5 Enabled Low 4.0 Power-limit 2 Delivering Power
GE1/0/6 Enabled Low 0.0 Power-itself - Disabled
GE1/0/7 Disabled Low 0.0 Off - Fault
--- On State Ports: 2; Used: 8.4(W); Remaining: 171.6 (W) ---
Table 27 Command output
Field |
Description |
Interface |
Interface name of a PI. |
PoE |
PoE status of a PI: · Enabled. · Disabled. |
Priority |
Priority of a PI: · Critical (highest). · High. · Low. |
CurPower |
Current power of a PI. |
Oper |
Operating status of a PI: · Off—PoE is disabled. · On—Power is being supplied to the PI correctly. · Power-lack—Remaining guaranteed power is insufficient for a critical PI. · Power-deny—The PSE refuses to supply power. The power required by the PD is higher than the configured power. · Power-itself—The PD is using another power supply. · Power-limit—The PSE is supplying power to the PD based on the configured power though the PD requires more power than the configured power. |
IEEE Class |
PD power class: 0, 1, 2, 3, or 4. If the PSE does not support PD classification, this field displays a hyphen (-). |
Detection Status |
Power detection status of a PI: · Disabled—PoE function is disabled. · Searching—The PI is searching for the PD. · Delivering Power—The PI is supplying power to the PD. · Fault—A fault occurred during the test. · Test—The PI is undergoing a test. · Other Fault—A fault has caused the PSE to enter the idle status. · PD Disconnected—The PD is disconnected. |
On State Ports |
Number of PIs that are supplying power. |
Used |
Power consumed by PIs on the PSE. |
Remaining |
Remaining power on the PSE. |
display poe pse interface power
Use display poe pse interface power to display power information for PIs on a PSE.
Syntax
display poe pse pse-id interface power
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
pse pse-id: Specifies a PSE by its ID. To display PSE ID and slot mappings, use the display poe device command.
Examples
# Display power information for PIs on PSE 7.
<Sysname> display poe pse 7 interface power
Interface Current Peak Max PD Description
(W) (W) (W)
GE1/0/25 4.4 4.5 4.6 IP Phone on Room 309 for Peter Smith
GE1/0/26 4.4 4.5 15.4 IP Phone on Room 409 for Peter Pan
GE1/0/27 15.0 15.3 15.4 Access Point on Room 509 for Peter
GE1/0/28 0.0 0.0 5.0 IP Phone on Room 609 for Peter John
GE1/0/29 0.0 0.0 4.0 IP Phone on Room 709 for Jack
GE1/0/30 0.0 0.0 5.0 IP Phone on Room 809 for Alien
--- On State Ports: 3; Used: 23.8(W); Remaining: 776.2(W) ---
Table 28 Command output
Field |
Description |
Interface |
Interface name of a PI. |
Current |
Current power of a PI. |
Peak |
Peak power of a PI. |
Max |
Maximum power of a PI. |
PD Description |
Type and location description for the PD connected with a PI. |
Ports On |
Number of PIs that are supplying power. |
Used |
Power consumed by all PIs. |
Remaining |
Remaining power on the PSE. |
display poe-profile
Use display poe-profile to display information about the PoE profile.
Syntax
display poe-profile [ index index | name profile-name ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
index index: Specifies a PoE profile by its index number in the range of 1 to 100.
name profile-name: Specifies a PoE profile by its name, a case-sensitive string of 1 to 15 characters.
Usage guidelines
If you do not specify a profile, the command displays information about all PoE profiles.
Examples
# Display information about all PoE profiles.
<Sysname> display poe-profile
PoE Profile Index ApplyNum Interfaces Configuration
forIPphone 1 6 GE1/0/5 poe enable
GE1/0/6 poe priority critical
GE1/0/7
GE1/0/8
GE1/0/9
GE1/0/10
forAP 2 2 GE1/0/11 poe enable
GE1/0/12 poe max-power 14000
--- Total PoE profiles: 2, total ports: 8 ---
# Display information about the PoE profile with index number 1.
<Sysname> display poe-profile index 1
PoE Profile Index ApplyNum Interfaces Configuration
forIPphone 1 6 GE1/0/5 poe enable
GE1/0/6 poe priority critical
GE1/0/7
GE1/0/8
GE1/0/9
GE1/0/1
--- Total ports: 6 ---
Field |
Description |
PoE Profile |
Name of the PoE profile. |
Index |
Index number of the PoE profile. |
ApplyNum |
Number of PIs to which the PoE profile is applied. |
Interfaces |
Interface name of the PI to which the PoE configuration is applied. |
Configuration |
Configurations of the PoE profile. |
Total PoE profiles |
Number of PoE profiles. |
Total ports |
Number of PIs to which all PoE profiles are applied. |
display poe-profile interface
Use display poe-profile interface to display information about the PoE profile on a PI.
Syntax
display poe-profile interface interface-type interface-number
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
interface-type interface-number: Specifies an interface by its type and number.
Examples
# Display information about the PoE profile on GigabitEthernet 1/0/1.
<Sysname> display poe-profile interface gigabitethernet 1/0/1
PoEProfile Index ApplyNum Interface Effective configuration
forIPphone 1 6 GE1/0/1 poe enable
poe priority critical
The Effective configuration field displays the configurations that have taken effect. For the descriptions of other fields, see Table 29.
poe disconnect
Use poe disconnect to configure a PD disconnection detection mode.
Use undo poe disconnect to restore the default.
Syntax
poe disconnect { ac | dc }
undo poe disconnect
Default
The PD disconnection detection mode is ac.
Views
System view
Predefined user roles
network-admin
Parameters
ac: Specifies the PD disconnection detection mode as ac.
dc: Specifies the PD disconnection detection mode as dc.
Usage guidelines
If you change the PD disconnection detection mode while the device is running, the connected PDs are powered off.
Examples
# Set the PD disconnection detection mode to dc.
<Sysname> system-view
[Sysname] poe disconnect dc
Related commands
display poe pse
poe enable
Use poe enable to enable PoE on a PI.
Use undo poe enable to disable PoE on a PI.
Syntax
poe enable
undo poe enable
Default
PoE is disabled on a PI.
Views
PI view
PoE profile view
Predefined user roles
network-admin
Usage guidelines
If a PoE profile has been applied to a PI, remove the application before configuring the PI in PoE profile view.
If a PI has been configured, remove the configuration before configuring the PI in PI view.
Examples
# Enable PoE on a PI in PI view.
<Sysname> system-view
[Sysname] interface gigabitethernet 1/0/1
[Sysname-GigabitEthernet1/0/1] poe enable
# Enable PoE on a PI in PoE profile view.
<Sysname> system-view
[Sysname] poe-profile abc
[Sysname-poe-profile-abc-1] poe enable
Related commands
display poe interface
poe-profile
poe enable pse
Use poe enable pse to enable PoE for a PSE.
Use undo poe enable pse to disable PoE for the PSE.
Syntax
poe enable pse pse-id
undo poe enable pse pse-id
Default
PoE is disabled on PSEs.
Views
System view
Predefined user roles
network-admin
Parameters
pse-id: Specifies a PSE by its ID.
Examples
# Enable PoE for PSE 7.
<Sysname> system-view
[Sysname] poe enable pse 7
Related commands
display poe pse
poe legacy enable
Use poe legacy enable to enable a PSE to detect nonstandard PDs.
Use undo poe legacy enable to disable the PSE from detecting nonstandard PDs.
Syntax
poe legacy enable pse pse-id
undo poe legacy enable pse pse-id
Default
Nonstandard PD detection is disabled.
Views
System view
Predefined user roles
network-admin
Parameters
pse pse-id: Specifies a PSE by its ID.
Examples
# Enable PSE 7 to detect nonstandard PDs.
<Sysname> system-view
[Sysname] poe legacy enable pse 7
Related commands
display poe pse
poe max-power
Use poe max-power to set the maximum PI power.
Use undo poe max-power to restore the default.
Syntax
poe max-power max-power
undo poe max-power
Default
The maximum PI power is 15400 milliwatts.
Views
PI view
PoE profile view
Predefined user roles
network-admin
Parameters
max-power: Sets the maximum PI power in milliwatts.
Examples
# Set the maximum PI power to 12000 milliwatts in PI view.
<Sysname> system-view
[Sysname] interface gigabitethernet 1/0/1
[Sysname-GigabitEthernet1/0/1] poe max-power 12000
# Set the maximum PI power to 12000 milliwatts in PoE profile view.
<Sysname> system-view
[Sysname] poe-profile abc
[Sysname-poe-profile-abc-1] poe max-power 12000
Related commands
poe max-power (system view)
poe max-power (system view)
Use poe max-power to set the maximum PSE power.
Use undo poe max-power to restore the default.
Syntax
poe pse pse-id max-power max-power
undo poe pse pse-id max-power
Default
The maximum PSE power is 37 watts.
Views
System view
Predefined user roles
network-admin
Parameters
max-power: Sets the maximum PSE power in watts. The value range for the SIC-4FSWP is from 37 watts to 87 watts. The value range for the DSIC-9FSWP is from 37 watts to 174 watts.
pse pse-id: Specifies a PSE by its ID.
Usage guidelines
To avoid the PSE power overload situation, make sure the total power of all PSEs is less than the maximum PoE power.
The maximum power of the PSE must be greater than or equal to the total maximum power of all its critical PIs on the PSE to guarantee these PIs power.
Examples
# Set the maximum PSE power of PSE 7 to 150 watts.
<Sysname> system-view
[Sysname] poe pse 7 max-power 150
Related commands
poe priority pse
poe pd-description
Use poe pd-description to configure a description for the PD that connects to a PI.
Use undo poe pd-description to restore the default.
Syntax
poe pd-description text
undo poe pd-description
Default
No description is configured for the PD that connects to a PI.
Views
PI view
Predefined user roles
network-admin
Parameters
text: Configures a description for the PD connected to the PI, a case-sensitive string of 1 to 80 characters.
Examples
# Configure the description for the PD as IP Phone for Room 101.
<Sysname> system-view
[Sysname] interface gigabitEthernet 1/0/1
[Sysname-GigabitEthernet1/0/1] poe pd-description IP Phone For Room 101
poe pd-policy priority
Use poe pd-policy priority to enable PI power management.
Use undo poe pd-policy priority to restore the default.
Syntax
poe pd-policy priority
undo poe pd-policy priority
Default
PI power management is disabled.
Views
System view
Predefined user roles
network-admin
Usage guidelines
If PI power management is disabled, the PSE does not supply power to new PDs when PSE power overload occurs.
If PI power management is enabled, when a PSE is overloaded, the PSE allocates power to PDs based on the priority of their PIs.
Examples
# Enable PI power management.
<Sysname> system-view
[Sysname] poe pd-policy priority
Related commands
poe priority
poe priority
Use poe priority to set the power supply priority for a PI.
Use undo poe priority to restore the default.
Syntax
poe priority { critical | high | low }
undo poe priority
Default
The power supply priority of a PI is low.
Views
PI view
PoE profile view
Predefined user roles
network-admin
Parameters
critical: Sets the power supply priority to critical. The PI with critical power priority operates in guaranteed mode. Power is first supplied to the PD connected to the critical PI.
high: Sets the power supply priority to high.
low: Sets the power supply priority to low.
Usage guidelines
When the PoE power is insufficient, power is first supplied to PIs with higher priority.
For PIs with same power supply priority, the PI with the smallest ID is allocated with power first.
If a PoE profile has been applied to a PI, remove the application before configuring the PI in PoE profile view.
If a PI has been configured, remove the configuration before configuring the PI in PI view.
Examples
# Set the power supply priority of the PI to critical in PI view.
<Sysname> system-view
[Sysname] interface gigabitethernet 1/0/1
[Sysname-GigabitEthernet1/0/1] poe priority critical
# Set the power supply priority of the PI to critical in PoE profile view.
<Sysname> system-view
[Sysname] poe-profile abc
[Sysname-poe-profile-abc-1] poe priority critical
[Sysname-poe-profile-abc-1] quit
[Sysname] interface gigabitEthernet 1/0/1
[Sysname-GigabitEthernet1/0/1] apply poe-profile name abc
Related commands
poe pd-policy priority
poe priority (system view)
Use poe priority to set the power supply priority for a PSE.
Use undo poe priority to restore the default.
Syntax
poe priority { critical | high | low } pse pse-id
undo poe priority pse pse-id
Default
The power supply priority of a PSE is low.
Views
System view
Predefined user roles
network-admin
Parameters
critical: Sets the power supply priority to critical. The PSE with critical power priority operates in guaranteed mode, and power is supplied to it first.
high: Sets the power supply priority to high.
low: Sets the power supply priority to low.
pse pse-id: Specifies a PSE by its ID.
Usage guidelines
If PSE power management is disabled, the system does not supply power to new PSEs when PoE power overload occurs.
If PSE power management is enabled, when PSE power overload occurs, the system supplies power to a PSE with higher priority. For multiple PSEs with the same priority, the PSE with a smaller ID gets power supplied first.
For example, if PoE is enabled for a PSE, and the PSE has higher priority, the system performs the following operations:
· Stops supplying power to a PSE with lower priority.
· Supplies power to the PSE that has higher priority.
Examples
# Set the power supply priority of PSE 7 to critical.
<Sysname> system-view
[Sysname] poe priority critical pse 7
Related commands
poe pse-policy priority
poe pse-policy priority
Use poe pse-policy priority to enable PSE power management.
Use undo poe pse-policy priority to disable PSE power management.
Syntax
poe pse-policy priority
undo poe pse-policy priority
Default
PSE power management is disabled.
Views
System view
Predefined user roles
network-admin
Usage guidelines
If PSE power management is disabled, the system does not supply power to new PSEs when PoE power overload occurs.
If PSE power management is enabled, the system supplies power based on the PSE priority and PSE ID when a new PSE causes PoE power overload.
Examples
# Enable PSE power management.
<Sysname> system-view
[Sysname] poe pse-policy priority
Related commands
poe priority (system view)
poe update
Use poe update to upgrade a PSE firmware when the device is operating.
Syntax
poe update { full | refresh } filename [ pse pse-id ]
Views
System view
Predefined user roles
network-admin
Parameters
full: Upgrades the PSE firmware in full mode.
refresh: Upgrades the PSE firmware in refresh mode.
filename: Specifies the name of the upgrade file, a case-insensitive string of 1 to 64 characters. The specified file must be in the root directory of the file system of the device.
pse pse-id: Specifies a PSE by its ID. If you do not specify a PSE, all PSEs are upgraded.
Usage guidelines
You can upgrade the PSE firmware in service in either of the following modes:
· Refresh mode—Updates the PSE firmware without deleting it. You can use the refresh mode in most cases.
· Full mode—Deletes the current PSE firmware and reloads a new one. Use the full mode if the PSE firmware is damaged and you cannot execute any PoE commands.
Examples
# Upgrade the firmware of PSE 7 in service.
<Sysname> system-view
[Sysname] poe update refresh POE-168.bin pse 7
poe-profile
Use poe-profile to create a PoE profile and enter its view, or enter the view of an existing PoE profile.
Use undo poe-profile to delete a PoE profile.
Syntax
poe-profile profile-name [ index ]
undo poe-profile { index index | name profile-name }
Default
No PoE profiles exist.
Views
System view
Predefined user roles
network-admin
Parameters
profile-name: Specifies a PoE profile name, a case-sensitive string of 1 to 15 characters. A PoE configuration file name begins with a letter and must not contain reserved keywords including undo, all, name, interface, user, poe, disable, max-power, mode, priority, or enable.
index: Specifies the index number of a PoE profile, in the range of 1 to 100.
Usage guidelines
To configure PIs in batches, use the PoE profile.
If you do not specify a profile index, the system automatically assigns an index (starting from 1) to the PoE profile.
If a PoE profile is applied, use the undo apply poe-profile command to remove the application before deleting the PoE profile.
Examples
# Create a PoE profile, name it abc, and specify the index number as 3.
<Sysname> system-view
[Sysname] poe-profile abc 3
[Sysname-poe-profile-abc-3]
# Create a PoE profile and name it def. Do not specify the index number.
<Sysname> system-view
[Sysname] poe-profile def
[Sysname-poe-profile-def-1]
Related commands
apply poe-profile
poe enable
poe max-power
poe priority
poe utilization-threshold
Use poe utilization-threshold to configure a power alarm threshold for a PSE.
Use undo poe utilization-threshold to restore the default power alarm threshold of a PSE.
Syntax
poe utilization-threshold value pse pse-id
undo poe utilization-threshold pse pse-id
Default
The power alarm threshold for the PSE is 80%.
Views
System view
Predefined user roles
network-admin
Parameters
value: Specifies alarm threshold as a percentage of 1 to 99.
pse pse-id: Specifies a PSE by its ID.
Usage guidelines
If PSE power usage crosses the threshold multiple times in succession, the system sends notification messages only for the first crossing. For more information, see "Configuring SNMP."
Examples
# Set the power alarm threshold of PSE 7 to 90%.
<Sysname> system-view
[Sysname] poe utilization-threshold 90 pse 7
SNMP commands
The device supports the FIPS mode that complies with NIST FIPS 140-2 requirements. Support for features, commands, and parameters might differ in FIPS mode and non-FIPS mode. For more information about FIPS mode, see Security Configuration Guide.
The SNMP agent sends notifications (traps and informs) to inform the NMS of significant events, such as link state changes and user logins or logouts. Unless otherwise stated, the trap keyword in the command line includes both traps and informs.
display snmp-agent community
Use display snmp-agent community to display SNMPv1 or SNMPv2c community information.
Syntax
display snmp-agent community [ read | write ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
read: Specifies SNMP read-only communities.
write: Specifies SNMP read and write communities.
Usage guidelines
This command is not supported in FIPS mode.
If no keyword is specified, this command displays information about all SNMPv1 and SNMPv2c communities.
The communities include:
· Those configured with the snmp-agent community command.
· Those automatically created by the system for SNMPv1 and SNMPv2c users that have been assigned to an existing SNMP group.
Examples
# Display information about all SNMPv1 and SNMPv2c communities.
<Sysname> display snmp-agent community
Community name: aa
Group name: aa
ACL:2001
Storage-type: nonVolatile
Context name: con1
Community name: bb
Role name: bb
Storage-type: nonVolatile
Community name: userv1
Group name: testv1
Storage type: nonvolatile
Community name: cc
Group name: cc
ACL name: testacl
Storage type: nonVolatile
Field |
Description |
Community name |
Community name created by using the snmp-agent community command or username created by using the snmp-agent usm-user { v1 | v2c } command. |
Group name |
SNMP group name. · If the community is created by using the snmp-agent community command in VACM mode, the group name is the same as the community name. · If the community is created by using the snmp-agent usm-user { v1 | v2c } command, the name of the group that has the user is displayed. |
User role name for the community. |
|
ACL |
Number of the ACL that controls the access of the NMSs in the community to the device. Only the NMSs with the IP addresses permitted in the ACL can access the device with the community name. This field appears only when an SNMPv1 or SNMPv2c user is associated with an ACL rule. It is exclusive with the ACL name field. |
ACL name |
Name of the ACL that controls the access of the NMSs in the community to the device. Only the NMSs with the IP addresses permitted in the ACL can access the device with the community name. This field appears only when an SNMPv1 or SNMPv2c user is associated with an ACL rule. It is exclusive with the ACL field. |
Storage type |
Storage type: · volatile—Settings are lost when the system reboots. · nonVolatile—Settings remain after the system reboots. · permanent—Settings remain after the system reboots and can be modified but not deleted. · readOnly—Settings remain after the system reboots and cannot be modified or deleted. · other—Any other storage type. |
Context name |
SNMP context: · If a mapping between an SNMP community and an SNMP context is configured, the SNMP context is displayed. · If no mapping between an SNMP community and an SNMP context exists, this field is empty. |
Related commands
snmp-agent community
snmp-agent usm-user { v1 | v2c }
display snmp-agent context
Use display snmp-agent context to display an SNMP context.
Syntax
display snmp-agent context [ context-name ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
context-name: Specifies an SNMP context by its name, a case-sensitive string of 1 to 32 characters. If no SNMP context is specified, this command displays all SNMP contexts created on the device.
Examples
# Display all SNMP contexts created on the device.
<Sysname> display snmp-agent context
testcontext
Related commands
snmp-agent context
display snmp-agent group
Use display snmp-agent group to display SNMP group information, including the group name, security model, MIB view, and storage-type.
Syntax
display snmp-agent group [ group-name ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
group-name: Specifies an SNMPv1, SNMPv2c, or SNMPv3 group name in non-FIPS mode, and an SNMPv3 group name in FIPS mode. It is a case-sensitive string of 1 to 32 characters. If no group is specified, this command displays information about all SNMP groups.
Examples
# Display information about all SNMP groups.
<Sysname> display snmp-agent group
Group name: groupv3
Security model: v3 noAuthnoPriv
Readview: ViewDefault
Writeview: <no specified>
Notifyview: <no specified>
Storage-type: nonvolatile
ACL name: testacl
Table 31 Command output
Field |
Description |
Group name |
SNMP group name. |
Security model |
Security model of the SNMP group: · authPriv—Authentication with privacy. · authNoPriv—Authentication without privacy. · noAuthNoPriv—No authentication, no privacy. Security model of an SNMPv1 or SNMPv2c group can only be noAuthNoPriv. |
Readview |
Read-only MIB view accessible to the SNMP group. |
Writeview |
Write MIB view accessible to the SNMP group. |
Notifyview |
Notify MIB view for the SNMP group. The SNMP users in the group can send notifications only for the nodes in the notify MIB view. |
Storage-type |
Storage type, including volatile, nonvolatile, permanent, readOnly, and other (see Table 30). |
ACL |
Number of the ACL that controls the access of the NMSs in the SNMP group to the device. This field appears only when an ACL is assigned to the SNMP group. It is exclusive with the ACL name field. |
Name of the ACL that controls the access of the NMSs in the SNMP group to the device. This field appears only when an ACL is assigned to the SNMP group. It is exclusive with the ACL field. |
Related commands
snmp-agent group
display snmp-agent local-engineid
Use display snmp-agent local-engineid to display the local SNMP engine ID.
Syntax
display snmp-agent local-engineid
Views
Any view
Predefined user roles
network-admin
network-operator
Usage guidelines
Every SNMP agent has one SNMP engine to provide services for sending and receiving messages, authenticating and encrypting messages, and controlling access to managed objects.
The local SNMP engine ID uniquely identifies the SNMP engine of the SNMP agent in an SNMP domain.
Examples
# Display the local engine ID.
<Sysname> display snmp-agent local-engineid
SNMP local engine ID: 800063A2800084E52BED7900000001
Related commands
snmp-agent local-engineid
display snmp-agent mib-node
Use display snmp-agent mib-node to display SNMP MIB node information.
Syntax
display snmp-agent mib-node [ details | index-node | trap-node | verbose ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
details: Specifies detailed MIB node information, including node name, last octet of an OID string, and name of the next leaf node.
index-node: Specifies SNMP MIB tables, and node names and OIDs of MIB index nodes.
trap-node: Specifies node names and OIDs of MIB notification nodes, and node names and OIDs of notification objects.
verbose: Specifies detailed information about SNMP MIB nodes, including node names, OIDs, node types, permissions to MIB nodes, data types, MORs, and parent, child, and sibling nodes.
Usage guidelines
If no keywords are specified, this command displays information about all SNMP MIB nodes, including node name, OID, and permissions to MIB nodes.
The SNMP software package includes different MIB files. Support for MIBs varies by SNMP software versions.
Examples
# Display SNMP MIB node information.
<Sysname> display snmp-agent mib-node
iso<1>(NA)
|-std<1.0>(NA)
|-iso8802<1.0.8802>(NA)
|-ieee802dot1<1.0.8802.1>(NA)
|-ieee802dot1mibs<1.0.8802.1.1>(NA)
|-lldpMIB<1.0.8802.1.1.2>(NA)
|-lldpNotifications<1.0.8802.1.1.2.0>(NA)
|-lldpNotificationPrefix<1.0.8802.1.1.2.0.0>(NA)
|-lldpRemTablesChange<1.0.8802.1.1.2.0.0.1>(NA)
|-lldpObjects<1.0.8802.1.1.2.1>(NA)
|-lldpConfiguration<1.0.8802.1.1.2.1.1>(NA)
|-*lldpMessageTxInterval<1.0.8802.1.1.2.1.1.1>(RW)
|-*lldpMessageTxHoldMultiplier<1.0.8802.1.1.2.1.1.2>(RW)
|-*lldpReinitDelay<1.0.8802.1.1.2.1.1.3>(RW)
Table 32 Command output
Field |
Description |
-std |
MIB node name. |
<1.0> |
OID of a MIB node. |
(NA) |
Permissions to MIB nodes: · NA—Not accessible. · NF—Notifications. · RO—Read-only access. · RW—Read and write access. · RC—Read-write-create access. · WO—Write-only access. |
* |
Leaf node or MIB table node. |
# Display detailed MIB node information.
<Sysname> display snmp-agent mib-node details
iso(1)(lldpMessageTxInterval)
|-std(0)(lldpMessageTxInterval)
|-iso8802(8802)(lldpMessageTxInterval)
|-ieee802dot1(1)(lldpMessageTxInterval)
|-ieee802dot1mibs(1)(lldpMessageTxInterval)
|-lldpMIB(2)(lldpMessageTxInterval)
|-lldpNotifications(0)(lldpMessageTxInterval)
|-lldpNotificationPrefix(0)(lldpMessageTxInterval)
|-lldpRemTablesChange(1)(NULL)
|-lldpObjects(1)(lldpMessageTxInterval)
|-lldpConfiguration(1)(lldpMessageTxInterval)
|-*lldpMessageTxInterval(1)(lldpMessageTxHoldMultiplier)
|-*lldpMessageTxHoldMultiplier(2)(lldpReinitDelay)
|-*lldpReinitDelay(3)(lldpTxDelay)
|-*lldpTxDelay(4)(lldpNotificationInterval)
|-*lldpNotificationInterval(5)(lldpPortConfigPortNum)
|-lldpPortConfigTable(6)(lldpPortConfigPortNum)
|-lldpPortConfigEntry(1)(lldpPortConfigPortNum)
|-*lldpPortConfigPortNum(1)(lldpPortConfigAdminStatus)
|-*lldpPortConfigAdminStatus(2)(lldpPortConfigNotificationEnable)
|-*lldpPortConfigNotificationEnable(3)(lldpPortConfigTLVsTxEnable)
|-*lldpPortConfigTLVsTxEnable(4)(lldpConfigManAddrPortsTxEnable)
Table 33 Command output
Field |
Description |
-std |
MIB node name. |
(0) |
Last bit of a MIB OID string. |
(lldpMessageTxInterval) |
Name of a leaf node. |
* |
Leaf node or MIB table node. |
# Display MIB table names, and node names and OIDs of MIB index nodes.
<Sysname> display snmp-agent mib-node index-node
Table |lldpPortConfigTable
Index ||lldpPortConfigPortNum
OID ||| 1.0.8802.1.1.2.1.1.6.1.1
Table |lldpConfigManAddrTable
Index ||lldpLocManAddrSubtype
OID ||| 1.0.8802.1.1.2.1.3.8.1.1
Index ||lldpLocManAddr
OID ||| 1.0.8802.1.1.2.1.3.8.1.2
Table |lldpStatsTxPortTable
Index ||lldpStatsTxPortNum
OID ||| 1.0.8802.1.1.2.1.2.6.1.1
Table |lldpStatsRxPortTable
Index ||lldpStatsRxPortNum
OID ||| 1.0.8802.1.1.2.1.2.7.1.1
Table |lldpLocPortTable
Index ||lldpLocPortNum
OID ||| 1.0.8802.1.1.2.1.3.7.1.1
Table 34 Command output
Field |
Description |
Table |
MIB table name. |
Index |
Name of a MIB index node. |
OID |
OID of a MIB index node. |
# Display names and OIDs of MIB notification nodes, and names and OIDs of notification objects.
<Sysname> display snmp-agent mib-node trap-node
Name |lldpRemTablesChange
OID ||1.0.8802.1.1.2.0.0.1
Trap Object
Name |||lldpStatsRemTablesInserts
OID ||||1.0.8802.1.1.2.1.2.2
Name |||lldpStatsRemTablesDeletes
OID ||||1.0.8802.1.1.2.1.2.3
Name |||lldpStatsRemTablesDrops
OID ||||1.0.8802.1.1.2.1.2.4
Name |||lldpStatsRemTablesAgeouts
OID ||||1.0.8802.1.1.2.1.2.5
Name |lldpXMedTopologyChangeDetected
OID ||1.0.8802.1.1.2.1.5.4795.0.1
Trap Object
Name |||lldpRemChassisIdSubtype
OID ||||1.0.8802.1.1.2.1.4.1.1.4
Name |||lldpRemChassisId
OID ||||1.0.8802.1.1.2.1.4.1.1.5
Name |||lldpXMedRemDeviceClass
OID ||||1.0.8802.1.1.2.1.5.4795.1.3.1.1.3
Name |mplsL3VpnVrfUp
OID ||1.3.6.1.2.1.10.166.11.0.1
Trap Object
Name |||mplsL3VpnIfConfRowStatus
OID ||||1.3.6.1.2.1.10.166.11.1.2.1.1.5
Name |||mplsL3VpnVrfOperStatus
OID ||||1.3.6.1.2.1.10.166.11.1.2.2.1.6
Table 35 Command output
Field |
Description |
Name |
Name of a MIB notification node. |
OID |
OID of a MIB notification node. |
Trap Object |
Name and OID of a notification object. |
# Display detailed information about SNMP MIB nodes, including node names, OIDs, node types, permissions to MIB nodes, data types, MORs, and parent, child, and sibling nodes.
<Sysname> display snmp-agent mib-node verbose
Name |lldpNotificationInterval
OID ||1.0.8802.1.1.2.1.1.5
Properties ||NodeType: Leaf
||AccessType: RW
||DataType: Integer32
||MOR: 0x020c1105
Parent ||lldpConfiguration
First child ||
Next leaf ||lldpPortConfigPortNum
Next sibling ||lldpPortConfigTable
Allow ||get/set/getnext
Value range || [5..3600]
Name |lldpPortConfigTable
OID ||1.0.8802.1.1.2.1.1.6
Properties ||NodeType: Table
||AccessType: NA
||DataType: NA
||MOR: 0x00000000
Parent ||lldpConfiguration
First child ||lldpPortConfigEntry
Next leaf ||lldpPortConfigPortNum
Next sibling ||lldpConfigManAddrTable
Name |lldpPortConfigEntry
OID ||1.0.8802.1.1.2.1.1.6.1
Properties ||NodeType: Row
||AccessType: NA
||DataType: NA
||MOR: 0x00000000
Parent ||lldpPortConfigTable
First child ||lldpPortConfigPortNum
Next leaf ||lldpPortConfigPortNum
Next sibling ||
Index ||[indexImplied:0, indexLength:1]:
Name |lldpPortConfigPortNum
OID ||1.0.8802.1.1.2.1.1.6.1.1
Properties ||NodeType: Column
||AccessType: NA
||DataType: Integer32
||MOR: 0x020c1201
Parent ||lldpPortConfigEntry
First child ||
Next leaf ||lldpPortConfigAdminStatus
Next sibling ||lldpPortConfigAdminStatus
Allow ||get/set/getnext
Index ||[indexImplied:0, indexLength:1]:
Value range || [1..4096]
Name |lldpPortConfigAdminStatus
OID ||1.0.8802.1.1.2.1.1.6.1.2
Properties ||NodeType: Column
||AccessType: RW
||DataType: Integer
||MOR: 0x020c1202
Parent ||lldpPortConfigEntry
First child ||
Next leaf ||lldpPortConfigNotificationEnable
Next sibling ||lldpPortConfigNotificationEnable
Allow ||get/set/getnext
Index ||[indexImplied:0, indexLength:1]:
Value range ||
|| ['txOnly', 1]
|| ['rxOnly', 2]
|| ['txAndRx', 3]
|| ['disabled', 4]
Table 36 Command output
Field |
Description |
Name |
MIB node name. |
OID |
OID of a MIB node. |
NodeType |
MIB node types: · Table—Table node. · Row—Row node in a MIB table. · Column—Column node in a MIB table. · Leaf—Leaf node. · Group—Group node (parent node of a leaf node). · Trapnode—Notification node. · Other—Other node types. |
AccessType |
Permissions to MIB nodes: · NA—Not accessible. · NF—Supports notifications. · RO—Supports read-only access. · RW—Supports read and write access. · RC—Supports read-write-create access. · WO—Supports write-only access. |
DataType |
Data types of MIB nodes: · Integer—An integer. · Integer32—A 32-bit integer. · Unsigned32—A 32-bit integer with no mathematical sign. · Gauge—A non-negative integer that might increase or decrease. · Gauge32—A 32-bit non-negative integer that might increase or decrease. · Counter—A non-negative integer that might increase but not decrease. · Counter32—A 32-bit non-negative integer that might increase but not decrease. · Counter64—A 64-bit non-negative integer that might increase but not decrease. · Timeticks—A non-negative integer for time keeping. · Octstring—An octal string. · OID—Object identifier. · IPaddress—A 32-bit IP address. · Networkaddress—A network IP address. · Opaque—Any data. · Userdefined—User-defined data. · BITS—Bit enumeration. |
MOR |
MOR for a MIB node. |
Parent |
Name of a parent node. |
First child |
Name of the first leaf node. |
Next leaf |
Name of the next leaf node. |
Next sibling |
Name of the next sibling node. |
Allow |
Operation types allowed: · get/set/getnext—All operations. · get—Get operation. · set—Set operation. · getnext—GetNext operation. |
Value range |
Value range of a MIB node. |
Index |
Table index. This field appears only for a table node. |
display snmp-agent mib-view
Use display snmp-agent mib-view to display MIB views.
Syntax
display snmp-agent mib-view [ exclude | include | viewname view-name ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
exclude: Displays the subtrees excluded from any MIB view.
include: Displays the subtrees included in any MIB view.
viewname view-name: Displays information about the specified MIB view. The view-name argument is a case-sensitive string of 1 to 32 characters.
Usage guidelines
If you do not specify any parameters, this command displays all MIB views.
Examples
# Display all MIB views.
<Sysname> display snmp-agent mib-view
View name: ViewDefault
MIB Subtree: iso
Subtree mask:
Storage-type: nonVolatile
View Type: included
View status: active
View name: ViewDefault
MIB Subtree: snmpUsmMIB
Subtree mask:
Storage-type: nonVolatile
View Type: excluded
View status: active
View name: ViewDefault
MIB Subtree: snmpVacmMIB
Subtree mask:
Storage-type: nonVolatile
View Type: excluded
View status: active
View name: ViewDefault
MIB Subtree: snmpModules.18
Subtree mask:
Storage-type: nonVolatile
View Type: excluded
View status: active
ViewDefault is the default MIB view. The output shows that except for the MIB objects in the snmpUsmMIB, snmpVacmMIB, and snmpModules.18 subtrees, all the MIB objects in the iso subtree are accessible.
Table 37 Command output
Field |
Description |
View name |
MIB view name. |
MIB Subtree |
MIB subtree covered by the MIB view. |
Subtree mask |
MIB subtree mask. |
Storage-type |
Type of the medium (see Table 30) where the subtree view is stored. |
View Type |
Access privilege for the MIB subtree in the MIB view: · Included—All objects in the MIB subtree are accessible in the MIB view. · Excluded—None of the objects in the MIB subtree is accessible in the MIB view. |
View status |
Status of the MIB view: · active—MIB view is effective. · inactive—MIB view is ineffective. MIB views are active upon their creation at the CLI. To temporarily disable a MIB view without deleting it, you can perform an SNMP set operation to set its status to inactive. |
Related commands
snmp-agent mib-view
display snmp-agent remote
Use display snmp-agent remote to display remote SNMP engine IDs configured by using the snmp-agent remote command.
Syntax
display snmp-agent remote [ { ipv4-address | ipv6 ipv6-address } [ vpn-instance vpn-instance-name ] ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
ipv4-address: Specifies the IPv4 address of a remote SNMP entity to display its SNMP engine ID.
ipv6 ipv6-address: Specifies the IPv6 address of a remote SNMP entity to display its SNMP engine ID.
vpn-instance vpn-instance-name: Specifies the VPN for a remote SNMP entity. The vpn-instance-name argument specifies the name of the MPLS L3VPN, a case-sensitive string of 1 to 31 characters. If this parameter is not specified, the remote SNMP entity is in the public network.
Usage guidelines
Every SNMP agent has one SNMP engine to provide services for sending and receiving messages, authenticating and encrypting messages, and controlling access to managed objects.
If no IP address is specified, this command displays all remote SNMP engine IDs you have configured.
Examples
# Display all remote SNMP engine IDs.
<Sysname> display snmp-agent remote
Remote engineID: 800063A28000A0FC00580400000001
IPv4 address: 1.1.1.1
VPN instance: vpn1
Table 38 Command output
Field |
Description |
Remote engineID |
Remote SNMP engine ID you have configured using the snmp-agent remote command. |
IPv4 address |
IPv4 address of the remote SNMP entity. For remote SNMP entities that are configured with an IPv6 address, the field name is "IPv6 address." |
VPN instance |
This field is available only if a VPN has been specified for the remote SNMP entity in the snmp-agent remote command. |
Related commands
snmp-agent remote
display snmp-agent statistics
Use display snmp-agent statistics to display SNMP message statistics.
Syntax
display snmp-agent statistics
Views
Any view
Predefined user roles
network-admin
network-operator
Examples
# Display SNMP message statistics.
<Sysname> display snmp-agent statistics
1684 messages delivered to the SNMP entity.
5 messages were for an unsupported version.
0 messages used an unknown SNMP community name.
0 messages represented an illegal operation for the community supplied.
0 ASN.1 or BER errors in the process of decoding.
1679 messages passed from the SNMP entity.
0 SNMP PDUs had badValue error-status.
0 SNMP PDUs had genErr error-status.
0 SNMP PDUs had noSuchName error-status.
0 SNMP PDUs had tooBig error-status (Maximum packet size 1500).
16544 MIB objects retrieved successfully.
2 MIB objects altered successfully.
7 GetRequest-PDU accepted and processed.
7 GetNextRequest-PDU accepted and processed.
1653 GetBulkRequest-PDU accepted and processed.
1669 GetResponse-PDU accepted and processed.
2 SetRequest-PDU accepted and processed.
0 Trap PDUs accepted and processed.
0 alternate Response Class PDUs dropped silently.
0 forwarded Confirmed Class PDUs dropped silently.
Table 39 Command output
Field |
Description |
messages delivered to the SNMP entity |
Number of messages that the SNMP agent has received. |
messages were for an unsupported version |
Number of messages that had an SNMP version not configured on the SNMP agent. |
messages used an unknown SNMP community name |
Number of messages that used an unknown SNMP community name. |
messages represented an illegal operation for the community supplied |
Number of messages carrying an operation that the community has no right to perform. |
ASN.1 or BER errors in the process of decoding |
Number of messages that had ASN.1 or BER errors during decoding. |
messages passed from the SNMP entity |
Number of messages sent by the SNMP agent. |
SNMP PDUs had badValue error-status |
Number of PDUs with a BadValue error. |
SNMP PDUs had genErr error-status |
Number of PDUs with a genErr error. |
SNMP PDUs had noSuchName error-status |
Number of PDUs with a NoSuchName error. |
SNMP PDUs had tooBig error-status |
Number of PDUs with a TooBig error (the maximum packet size is 1500 bytes). |
MIB objects retrieved successfully |
Number of MIB objects that have been successfully retrieved. |
MIB objects altered successfully |
Number of MIB objects that have been successfully modified. |
GetRequest-PDU accepted and processed |
Number of GetRequest requests that have been received and processed. |
GetNextRequest-PDU accepted and processed |
Number of getNext requests that have been received and processed. |
GetBulkRequest-PDU accepted and processed |
Number of getBulk requests that have been received and processed. |
GetResponse-PDU accepted and processed |
Number of get responses that have been received and processed. |
SetRequest-PDU accepted and processed |
Number of set requests that have been received and processed. |
Trap PDUs accepted and processed |
Number of notifications that have been received and processed. |
alternate Response Class PDUs dropped silently |
Number of dropped response packets. |
forwarded Confirmed Class PDUs dropped silently |
Number of forwarded packets that have been dropped. |
display snmp-agent sys-info
Use display snmp-agent sys-info to display SNMP agent system information.
Syntax
display snmp-agent sys-info [ contact | location | version ] *
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
contact: Displays the system contact.
location: Displays the physical location of the device.
version: Displays the SNMP agent version.
Usage guidelines
If none of the parameters is specified, this command displays all SNMP agent system information.
Examples
# Display all SNMP agent system information.
<Sysname> display snmp-agent sys-info
The contact information of the agent:
New H3C Technologies Co., Ltd.
The location information of the agent:
Hangzhou, China
The SNMP version of the agent:
SNMPv3
Related commands
snmp-agent sys-info
display snmp-agent trap queue
Use display snmp-agent trap queue to display basic information about the trap queue, including the queue size and number of traps in the queue.
Syntax
display snmp-agent trap queue
Views
Any view
Predefined user roles
network-admin
network-operator
Examples
# Display the trap queue configuration and usage status.
<Sysname> display snmp-agent trap queue
Queue size: 100
Message number: 6
Related commands
snmp-agent trap life
snmp-agent trap queue-size
display snmp-agent trap-list
Use display snmp-agent trap-list to display SNMP notifications enabling status for modules.
Syntax
display snmp-agent trap-list
Views
Any view
Usage guidelines
If a module has multiple sub-modules and SNMP notifications are enabled for one of its sub-modules, the command output shows that the module is SNMP notifications-enabled.
To determine whether a module supports SNMP notifications, execute the snmp-agent trap enable ? command.
The display snmp-agent trap-list command output varies by the snmp-agent trap enable command configuration and the module configuration.
Examples
# Display SNMP notifications enabling status for modules.
arp notification is disabled.
configuration notification is enabled.
l3vpn notification is enabled.
mac-address notification is enabled.
mpls notification is disabled.
ospfv3 notification is enabled.
radius notification is disabled.
standard notification is enabled.
stp notification is disabled.
syslog notification is disabled.
system notification is enabled.
Enabled notifications: 6; Disabled notifications: 5
Related commands
snmp-agent trap enable
display snmp-agent usm-user
Use display snmp-agent usm-user to display SNMPv3 user information.
Syntax
display snmp-agent usm-user [ engineid engineid | group group-name | username user-name ] *
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
engineid engineid: Displays SNMPv3 user information for the SNMP engine ID identified by engineid. When an SNMPv3 user is created, the system records the local SNMP entity engine ID. The user becomes invalid when the engine ID changes, and it becomes valid again when the recorded engine ID is restored.
group group-name: Displays SNMPv3 user information for a specified SNMP group name. The group name is case sensitive.
username user-name: Displays information about the specified SNMPv3 user. The username is case sensitive.
Usage guidelines
This command displays only SNMPv3 users that you have created by using the snmp-agent usm-user v3 command. To display SNMPv1 or SNMPv2c users created by using the snmp-agent usm-user { v1 | v2c } command, use the display snmp-agent community command.
Examples
# Display information about all SNMPv3 users.
<Sysname> display snmp-agent usm-user
Username: userv3
Group name: mygroupv3
Engine ID: 800063A203000FE240A1A6
Storage type: nonVolatile
User status: active
ACL: 2000
Username: userv3
Group name: mygroupv3
Engine ID: 8000259503000BB3100A508
Storage type: nonVolatile
User status: active
ACL name: testacl
Username: userv3code
Role name: groupv3code
network-operator
Engine ID: 800063A203000FE240A1A6
Storage type: nonVolatile
User status: active
Username: userv3code
Role name: snmprole
network-operator
Engine ID: 800063A280000002BB0001
Storage type: nonVolatile
User status: active
Table 40 Command output
Field |
Description |
Username |
SNMP username. |
Group name |
SNMP group name. |
SNMP user role name. |
|
Engine ID |
Engine ID that the SNMP agent used when the SNMP user was created. |
Storage type |
Storage type: · volatile. · nonvolatile. · permanent. · readOnly. · other. For more information about these storage types, see Table 30. |
User status |
SNMP user status: · active—The SNMP user is effective. · notInService—The SNMP user is correctly configured but not activated. · notReady—The SNMP user configuration is incomplete. · other—Any other status. SNMP users are active upon their creation at the CLI. To temporarily disable an SNMP user without deleting it, you can perform an SNMP set operation to change its status. |
ACL |
Number of the ACL that controls the access of the SNMP user (the NMS) to the device. To access the device, the IP address of the NMS must be permitted in the ACL. This field appears only when an SNMPv3 user is associated with an ACL rule. It is exclusive with the ACL name field. |
ACL name |
Name of the ACL that controls the access of the SNMP user (the NMS) to the device. To access the device, the IP address of the NMS must be permitted in the ACL. This field appears only when an SNMPv3 user is associated with an ACL rule. It is exclusive with the ACL field. |
Related commands
snmp-agent usm-user v3
enable snmp trap updown
Use enable snmp trap updown to enable link state notifications on an interface.
Use undo enable snmp trap updown to disable link state notifications on an interface.
Syntax
enable snmp trap updown
undo enable snmp trap updown
Default
Link state notifications are enabled.
Views
Interface view
Predefined user roles
network-admin
Usage guidelines
For an interface to generate linkUp/linkDown notifications when its state changes, you must also enable the linkUp/linkDown notification function globally by using the snmp-agent trap enable standard [ linkdown | linkup ] * command.
Examples
# Enable GigabitEthernet 1/0/1 to send linkUp/linkDown SNMP traps to 10.1.1.1 in the community public.
<Sysname> system-view
[Sysname] snmp-agent trap enable
[Sysname] snmp-agent target-host trap address udp-domain 10.1.1.1 params securityname public
[Sysname] interface gigabitethernet 1/0/1
[Sysname-GigabitEthernet1/0/1] enable snmp trap updown
Related commands
snmp-agent target-host
snmp-agent trap enable
snmp-agent
Use snmp-agent to enable the SNMP agent.
Use undo snmp-agent to disable the SNMP agent.
Syntax
snmp-agent
undo snmp-agent
Default
The SNMP agent is disabled.
Views
System view
Predefined user roles
network-admin
Usage guidelines
The SNMP agent is automatically enabled when you execute any command that begins with snmp-agent except for the snmp-agent calculate-password command.
Examples
# Enable the SNMP agent.
<Sysname> system-view
[Sysname] snmp-agent
snmp-agent calculate-password
Use snmp-agent calculate-password to calculate the encrypted form for a key in plaintext form.
Syntax
In non-FIPS mode:
snmp-agent calculate-password plain-password mode { 3desmd5 | 3dessha | md5 | sha } { local-engineid | specified-engineid engineid }
In FIPS mode:
snmp-agent calculate-password plain-password mode sha { local-engineid | specified-engineid engineid }
Views
System view
Predefined user roles
network-admin
Parameters
plain-password: Specifies a key in plaintext form. The plain-password argument is a case-sensitive string of 1 to 64 characters.
mode: Specifies an authentication algorithm and encryption algorithm. The device supports the HMAC-MD5 and HMAC-SHA1 authentication algorithms. The HMAC-MD5 algorithm is faster than the HMAC-SHA1 algorithm. The HMAC-SHA1 algorithm provides more security than the HMAC-MD5 algorithm. The AES, 3DES, and DES encryption algorithms (in descending order of security strength) are available for the device. A more secure algorithm calculates slower. DES is enough to meet general security requirements.
· 3desmd5: Calculates the encrypted form for the encryption key by using the 3DES encryption algorithm and HMAC-MD5 authentication algorithm.
· 3dessha: Calculates the encrypted form for the encryption key by using the 3DES encryption algorithm and HMAC-SHA1 authentication algorithm.
· md5: Calculates the encrypted form for the authentication key or encryption key by using the HMAC-MD5 authentication algorithm and AES or DES encryption algorithm. When the HMAC-MD5 authentication algorithm is used, you can get the same authentication key or encryption key in encrypted form regardless of whether the AES or DES encryption algorithm is used.
· sha: Calculates the encrypted form for the authentication key or encryption key by using HMAC-SHA1 authentication algorithm and AES or DES encryption algorithm. When the HMAC-SHA1 authentication algorithm is used, you can get the same authentication key or encryption key in encrypted form regardless of whether the AES or DES encryption algorithm is used.
local-engineid: Uses the local engine ID to calculate the encrypted form for the key.. You can configure the local engine ID by using the snmp-agent local-engineid command.
specified-engineid engineid: Uses a user-defined engine ID to calculate the encrypted form for the key. The engineid argument is an even number of case-insensitive hexadecimal characters. All-zero and all-F strings are invalid. The even number is in the range of 10 to 64.
Usage guidelines
Make sure the SNMP agent is enabled before you execute the snmp-agent calculate-password command.
For security purposes, use the encrypted-form key generated using this command when you create an SNMPv3 users by specifying the cipher keyword in the snmp-agent usm-user v3 command.
The encrypted form of the key is valid only when the engine ID specified for key conversion exists.
Examples
# Use the local engine ID and the SHA-1 algorithm to calculate the encrypted form for key authkey.
<Sysname> system-view
[Sysname] snmp-agent calculate-password authkey mode sha local-engineid
The encrypted key is: 09659EC5A9AE91BA189E5845E1DDE0CC
Related commands
snmp-agent local-engineid
snmp-agent usm-user v3
snmp-agent community
Use snmp-agent community to configure an SNMPv1 or SNMPv2c community.
Use undo snmp-agent community to delete an SNMPv1 or SNMPv2c community.
Syntax
In VACM mode:
snmp-agent community { read | write } [ simple | cipher ] community-name [ mib-view view-name ] [ acl { ipv4-acl-number | name ipv4-acl-name } | acl ipv6 { ipv6-acl-number | name ipv6-acl-name } ] *
undo snmp-agent community [ cipher ] community-name
In RBAC mode:
undo snmp-agent community [ cipher ] community-name
Default
No SNMPv1 or SNMPv2c communities exist.
Views
System view
Predefined user roles
network-admin
Parameters
read: Assigns the specified community read-only access to MIB objects. A read-only community can only inquire MIB information.
write: Assigns the specified community read and write access to MIB objects. A read and write community can configure MIB information.
simple: Specifies a community name in plaintext form. For security purposes, the community name specified in plaintext form will be stored in encrypted form.
cipher: Specifies a community name in encrypted form.
community-name: Specifies the community name. The plaintext form is a case-sensitive string of 1 to 32 characters. The encrypted form is a case-sensitive string of 33 to 73 characters. Input a string as escape characters after a backslash (\).
mib-view view-name: Specifies the MIB view available for the community. The view-name argument represents a MIB view name, a string of 1 to 32 characters. A MIB view represents a set of accessible MIB objects. If you do not specify a view, the specified community can access the MIB objects in the default MIB view ViewDefault.
user-role role-name: Specifies a user role name for the community, a case-sensitive string of 1 to 63 characters.
acl: Specifies a basic or advanced IPv4 ACL for the community.
ipv4-acl-number: Specifies a basic or advanced IPv4 ACL by its number. The basic IPv4 ACL number is in the range of 2000 to 2999. The advanced IPv4 ACL number is in the range of 3000 to 3999..
name ipv4-acl-name: Specifies a basic or advanced IPv4 ACL by its name, a case-insensitive string of 1 to 63 characters.
acl ipv6: Specifies a basic or advanced IPv6 ACL for the community.
ipv6-acl-number: Specifies a basic or advanced IPv6 ACL by its number. The basic IPv6 ACL number is in the range of 2000 to 2999. The advanced IPv6 ACL number is in the range of 3000 to 3999.
name ipv6-acl-name: Specifies a basic or advanced IPv6 ACL by its name, a case-insensitive string of 1 to 63 characters.
Usage guidelines
This command is not available in FIPS mode.
Only users with the network-admin or level-15 user role can execute this command. Users with other user roles cannot execute this command even if these roles are granted access to this command or commands of the SNMP feature.
An SNMP community is identified by a community name. It contains a set of NMSs and SNMP agents. Devices in an SNMP community authenticate each other by using the community name. An NMS and an SNMP agent can communicate only when they use the same community name.
Typically, public is used as the read-only community name and private is used as the read and write community name. To enhance security, you can assign your SNMP communities a name other than public and private.
The snmp-agent community command allows you to use either of the following modes to control SNMP community access to MIB objects:
· View-based access control model—VACM mode controls access to MIB objects by assigning MIB views to SNMP communities.
· Role based access control—RBAC mode controls access to MIB objects by assigning user roles to SNMP communities.
¡ The pre-defined network-admin and level-15 user roles have the read and write access to all MIB objects.
¡ The pre-defined network-operator user role has the read-only access to all MIB objects.
You can also use the role command to configure user roles. For more information about user roles, see Fundamentals Configuration Guide.
RBAC mode controls access on a per MIB object basis, and VACM mode controls access on a MIB view basis. As a best practice to enhance MIB security, use RBAC mode.
You can create a maximum of 10 SNMP communities by using the snmp-agent community command.
If you execute the command multiple times to specify the same community name but different other settings each time, the most recent configuration takes effect.
To set and save a community name in plain text, do not specify the simple or cipher keyword.
The ACL is used to filter illegitimate NMSs.
· If you do not specify an ACL, the specified ACL does not exist, or the specified ACL does not have any rules, all NMSs that use the community name can access the SNMP agent.
· If you specify an ACL and the ACL has rules, only NMSs permitted by the ACL can access the SNMP agent.
For more information about ACL, see ACL and QoS Configuration Guide.
You can also create an SNMP community by using the snmp-agent usm-user { v1 | v2c } and snmp-agent group { v1 | v2c } commands. These two commands create an SNMPv1 or SNMPv2c user and the group to which the user is assigned. The system automatically creates an SNMP community by using the SNMPv1 or SNMPv2c username.
Examples
# Create the read-only community readaccess in plain text so an SNMPv1 or SNMPv2c NMS can use the community name readaccess to read the MIB objects in the default view ViewDefault.
<Sysname> system-view
[Sysname] snmp-agent sys-info version v1 v2c
[Sysname] snmp-agent community read simple readaccess
# Create the read and write community writeaccess in plain text so only the SNMPv2c NMS at 1.1.1.1 can use the community name writeaccess to read or set the MIB objects in the default view ViewDefault.
<Sysname> system-view
[Sysname] acl basic 2001
[Sysname-acl-ipv4-basic-2001] rule permit source 1.1.1.1 0.0.0.0
[Sysname-acl-ipv4-basic-2001] rule deny source any
[Sysname-acl-ipv4-basic-2001] quit
[Sysname] snmp-agent sys-info version v2c
[Sysname] snmp-agent community write simple writeaccess acl 2001
# Create the read and write community writeaccess in plain text so only the SNMPv2c NMS at 1.1.1.2 can use the community name writeaccess to read or set the MIB objects in the default view ViewDefault.
[Sysname] acl basic name testacl
[Sysname-acl-ipv4-basic-testacl] rule permit source 1.1.1.2 0.0.0.0
[Sysname-acl-ipv4-basic-testacl] rule deny source any
[Sysname-acl-ipv4-basic-testacl] quit
[Sysname] snmp-agent sys-info version v2c
[Sysname] snmp-agent community write simple writeaccess acl name testacl
# Create the read and write community wr-sys-acc in plain text so an SNMPv1 or SNMPv2c NMS can use the community name wr-sys-acc to read or set the MIB objects in the system subtree (OID 1.3.6.1.2.1.1).
<Sysname> system-view
[Sysname] snmp-agent sys-info version v1 v2c
[Sysname] undo snmp-agent mib-view ViewDefault
[Sysname] snmp-agent mib-view included test system
[Sysname] snmp-agent community write simple wr-sys-acc mib-view test
Related commands
display snmp-agent community
snmp-agent mib-view
snmp-agent community-map
Use snmp-agent community-map to map an SNMP community to an SNMP context.
Use undo snmp-agent community-map to delete the mapping between an SNMP community and an SNMP context.
Syntax
snmp-agent community-map community-name context context-name
undo snmp-agent community-map community-name context context-name
Default
No mapping exists between an SNMP community and an SNMP context.
Views
System view
Predefined user roles
network-admin
Parameters
community-name: Specifies an SNMP community, a case-sensitive string of 1 to 32 characters.
context-name: Specifies an SNMP context, a case-sensitive string of 1 to 32 characters.
Usage guidelines
This command enables a module on an agent to obtain the context mapped to a community name when an NMS accesses the agent by using SNMPv1 or SNMPv2c.
You can configure a maximum of 10 community-context mappings on the device.
Examples
# Map SNMP community private to SNMP context testcontext.
<Sysname> system-view
[Sysname] snmp-agent community-map private context testcontext
Related commands
display snmp-agent community
snmp-agent context
Use snmp-agent context to create an SNMP context.
Use undo snmp-agent context to delete an SNMP context.
Syntax
snmp-agent context context-name
undo snmp-agent context context-name
Default
No SNMP contexts exist.
Views
System view
Predefined use roles
network-admin
Parameters
context-name: Specifies an SNMP context, a case-sensitive string of 1 to 32 characters.
Usage guidelines
For an NMS and an SNMP agent to communicate, configure the same SNMP context for them or do not configure a context for the NMS.
You can create a maximum of 20 SNMP contexts.
Examples
# Create SNMP context testcontext.
<Sysname> system-view
[Sysname] snmp-agent context testcontext
Related commands
display snmp-agent context
snmp-agent group
Use snmp-agent group to create an SNMP group.
Use undo snmp-agent group to delete an SNMP group.
Syntax
SNMPv1 and SNMP v2c:
snmp-agent group { v1 | v2c } group-name [ read-view view-name ] [ write-view view-name ] [ notify-view view-name ] [ acl { ipv4-acl-number | name ipv4-acl-name } | acl ipv6 { ipv6-acl-number | name ipv6-acl-name } ] *
undo snmp-agent group { v1 | v2c } group-name
SNMPv3 (in non-FIPS mode):
SNMPv3 (in FIPS mode):
snmp-agent group v3 group-name { authentication | privacy } [ read-view read-view ] [ write-view write-view ] [ notify-view notify-view ] [ acl { ipv4-acl-number | name ipv4-acl-name } | acl ipv6 { ipv6-acl-number | name ipv6-acl-name } ] *
undo snmp-agent group v3 group-name [ authentication | privacy ]
Default
No SNMP groups exist.
Views
System view
Predefined use roles
network-admin
Parameters
v1: Specifies SNMPv1.
v2c: Specifies SNMPv2c.
v3: Specifies SNMPv3.
group-name: Specifies an SNMP group name, a string of 1 to 32 case-sensitive characters.
authentication: Specifies the authentication without privacy security model for the SNMPv3 group.
privacy: Specifies the authentication with privacy security model for the SNMPv3 group.
read-view view-name: Specifies a read-only MIB view. The view-name represents a MIB view name, a string of 1 to 32 characters. If no read-only MIB view is specified, the SNMP group has read access to the default view ViewDefault.
write-view view-name: Specifies a read and write MIB view. The view-name represents a MIB view name, a string of 1 to 32 characters. If no read and write view is specified, the SNMP group cannot set any MIB object on the SNMP agent.
notify-view view-name: Specifies a notify MIB view. The view-name represents a MIB view name, a string of 1 to 32 characters. The SNMP agent sends notifications to the users in the specified group only for the MIB objects included in the notify view. If no notify view is specified, the SNMP agent does not send any notification to the users in the specified group.
acl: Specifies a basic or advanced IPv4 ACL for the group.
ipv4-acl-number: Specifies a basic or advanced IPv4 ACL by its number. The basic IPv4 ACL number is in the range of 2000 to 2999. The advanced IPv4 ACL number is in the range of 3000 to 3999.
name ipv4-acl-name: Specifies a basic or advanced IPv4 ACL by its name, a case-insensitive string of 1 to 63 characters.
acl ipv6: Specifies a basic or advanced IPv6 ACL for the group.
ipv6-acl-number: Specifies a basic or advanced IPv6 ACL by its number. The basic IPv6 ACL number is in the range of 2000 to 2999. The advanced IPv6 ACL number is in the range of 3000 to 3999.
name ipv6-acl-name: Specifies a basic or advanced IPv6 ACL by its name, a case-insensitive string of 1 to 63 characters.
Usage guidelines
SNMPv1 and SNMPv2c settings in this command are not supported in FIPS mode.
Only users with the network-admin or level-15 user role can execute this command. Users with other user roles cannot execute this command even if these roles are granted access to this command or commands of the SNMP feature.
All users in an SNMP group share the security model and access rights of the group.
You can create a maximum of 20 SNMP groups, including SNMPv1, SNMPv2c, and SNMPv3 groups.
All SNMPv3 users in a group share the same security model, but can use different authentication and privacy key settings. To implement a security model for a user and avoid SNMP communication failures, make sure the security model configuration for the group and the security key settings for the user are compliant with Table 41 and match the settings on the NMS.
Table 41 Basic security setting requirements for different security models
Security model |
Security model keyword for the group |
Security key settings for the user |
Remarks |
Authentication with privacy |
privacy |
Authentication key, privacy key |
If the authentication key or the privacy key is not configured, SNMP communication will fail. |
Authentication without privacy |
authentication |
Authentication key |
If no authentication key is configured, SNMP communication will fail. The privacy key (if any) for the user does not take effect. |
No authentication, no privacy |
Neither authentication nor privacy |
None |
The authentication and privacy keys, if configured, do not take effect. |
You can specify an ACL for the user and group, respectively, to filter illegitimate NMSs. Only the NMSs permitted by the ACLs for both the user and group can access the SNMP agent. The following rules apply to the ACLs for the user and group:
· If you do not specify an ACL, the specified ACL does not exist, or the specified ACL does not have any rules, all NMSs that use the username can access the SNMP agent.
· If you have specified an ACL and the ACL has rules, only the NMSs permitted by the ACL can access the agent.
For more information about ACL, see ACL and QoS Configuration Guide.
Examples
# Create the SNMPv3 group group1, and assign the no authentication, no privacy security model to the group.
<Sysname> system-view
[Sysname] snmp-agent group v3 group1
Related commands
display snmp-agent group
snmp-agent mib-view
snmp-agent usm-user
snmp-agent local-engineid
Use snmp-agent local-engineid to set the SNMP engine ID for the local device.
Use undo snmp-agent local-engineid to restore the default.
Syntax
snmp-agent local-engineid engineid
undo snmp-agent local-engineid
Default
The engine ID of a device is the combination of the company ID and the device ID. The device ID varies by device model.
Views
System view
Predefined user roles
network-admin
Parameters
engineid: Specifies an SNMP engine ID, a hexadecimal string. Its length is an even number in the range of 10 to 64. All-zero and all-F strings are invalid.
Usage guidelines
An SNMP engine ID uniquely identifies a device in an SNMP managed network. Make sure the local SNMP engine ID is unique within your SNMP managed network to avoid communication problems.
If you have configured SNMPv3 users, change the local SNMP engine ID only when necessary. The change can void the SNMPv3 usernames and encrypted keys you have configured.
Examples
# Set the local SNMP engine ID to 123456789A.
<Sysname> system-view
[Sysname] snmp-agent local-engineid 123456789A
Related commands
display snmp-agent local-engineid
snmp-agent usm-user
snmp-agent log
Use snmp-agent log to enable SNMP logging.
Use undo snmp-agent log to disable SNMP logging.
Syntax
snmp-agent log { all | authfail | get-operation | set-operation }
undo snmp-agent log { all | authfail | get-operation | set-operation }
Default
SNMP logging operations are disabled.
Views
System view
Predefined user roles
network-admin
Parameters
all: Enables logging SNMP authentication failures, Get operations, and Set operations.
authfail: Enables logging SNMP authentication failures.
get-operation: Enables logging SNMP Get operations.
set-operation: Enables logging SNMP Set operations.
Usage guidelines
Use SNMP logging to record the SNMP operations performed on the SNMP agent or authentication failures from the NMS to the agent for auditing NMS behaviors. The SNMP agent sends log data to the information center. You can configure the information center to output the data to a destination as needed.
Examples
# Enable logging SNMP Get operations.
<Sysname> system-view
[Sysname] snmp-agent log get-operation
# Enable logging SNMP Set operations.
<Sysname> system-view
[Sysname] snmp-agent log set-operation
# Enable logging SNMP authentication failures.
[Sysname] snmp-agent log authfail
snmp-agent mib-view
Use snmp-agent mib-view to create or update a MIB view.
Use undo snmp-agent mib-view to delete a MIB view.
Syntax
snmp-agent mib-view { excluded | included } view-name oid-tree [ mask mask-value ]
undo snmp-agent mib-view view-name
Default
The system creates the ViewDefault view when the SNMP agent is enabled. In this default MIB view, all MIB objects in the iso subtree but the snmpUsmMIB, snmpVacmMIB, and snmpModules.18 subtrees are accessible.
Views
System view
Predefined user roles
network-admin
Parameters
excluded: Denies access to any node in the specified MIB subtree.
included: Permits access to all the nodes in the specified MIB subtree.
view-name: Specifies a view name, a string of 1 to 32 characters.
oid-tree: Specifies a MIB subtree by its root node's OID (for example, 1.3.6.1.2.1.1) or object name (for example, system), a case-sensitive string of 1 to 255 characters. An OID is a dotted numeric string that uniquely identifies an object in the MIB tree.
mask mask-value: Sets a MIB subtree mask, a hexadecimal string. Its length is an even number in the range of 2 to 32.
Usage guidelines
A MIB view represents a set of MIB objects (or MIB object hierarchies) with certain access privilege. The MIB objects included in the MIB view are accessible while those excluded from the MIB view are inaccessible.
Each view-name oid-tree pair represents a view record. If you specify the same record with different MIB subtree masks multiple times, the most recent configuration takes effect.
Be cautious with deleting the default MIB view. The operation blocks the access to any MIB object on the device from NMSs that use the default view.
Examples
# Include the mib-2 (OID 1.3.6.1.2.1) subtree in the mibtest view and exclude the system subtree from this view.
<Sysname> system-view
[Sysname] snmp-agent sys-info version v1
[Sysname] snmp-agent mib-view included mibtest 1.3.6.1.2.1
[Sysname] snmp-agent mib-view excluded mibtest system
[Sysname] snmp-agent community read public mib-view mibtest
An SNMPv1 NMS in the public community can query the objects in the mib-2 subtree but not any object (for example, the sysDescr or sysObjectID node) in the system subtree.
Related commands
display snmp-agent mib-view
snmp-agent group
snmp-agent packet max-size
Use snmp-agent packet max-size to set the maximum size (in bytes) of SNMP packets that the SNMP agent can receive or send.
Use undo snmp-agent packet max-size to restore the default.
Syntax
snmp-agent packet max-size byte-count
undo snmp-agent packet max-size
Default
An SNMP agent can process SNMP packets with a maximum size of 1500 bytes.
Views
System view
Predefined user roles
network-admin
Parameters
byte-count: Sets the maximum size (in bytes) of SNMP packets that the SNMP agent can receive or send. The value range is 484 to 17940.
Usage guidelines
If any device on the path to the NMS does not support packet fragmentation, limit the SNMP packet size to prevent large-sized packets from being discarded. For most networks, the default value is sufficient.
Examples
# Set the maximum SNMP packet size to 1024 bytes.
<Sysname> system-view
[Sysname] snmp-agent packet max-size 1024
snmp-agent port
Use snmp-agent port to specify the UDP port for receiving SNMP packets.
Use undo snmp-agent port to restore the default.
Syntax
snmp-agent port port-num
undo snmp-agent port
Default
The device uses UDP port 161 for receiving SNMP packets.
Views
System view
Predefined user roles
network-admin
Parameters
port-num: Specifies the UDP port for receiving SNMP packets, in the range of 1 to 65535. The default is 161.
Usage guidelines
After changing the port number for receiving SNMP packets, reconnect the device by using the port number for SNMP get and set operations.
To display UDP port information, use the display current-configuration command.
Examples
# Specify the UDP port for receiving SNMP packets as 5555.
<Sysname> system-view
[Sysname] snmp-agent port 5555
# Restore the default UDP port.
<Sysname> system-view
[Sysname] undo snmp-agent port
snmp-agent remote
Use snmp-agent remote to set the SNMP engine ID for a remote SNMP entity.
Use undo snmp-agent remote to delete a remote SNMP engine ID.
Syntax
snmp-agent remote { ipv4-address | ipv6 ipv6-address } [ vpn-instance vpn-instance-name ] engineid engineid
undo snmp-agent remote ip-address
Default
No remote SNMP engine IDs exist.
Views
System view
Predefined user roles
network-admin
Parameters
ipv4-address: Specifies the IP address of a remote SNMP entity.
ipv6 ipv6-address: Specifies the IPv6 address of a remote SNMP entity.
vpn-instance vpn-instance-name: Specifies the VPN for a remote SNMP entity. The vpn-instance-name argument specifies the name of the MPLS L3VPN, a case-sensitive string of 1 to 31 characters. If this option is not specified, the remote SNMP entity is in the public network.
engineid: Specifies the SNMP engine ID of the remote SNMP entity. This argument is a hexadecimal string. Its length is an even number in the range of 10 to 64. All-zero and all-F strings are invalid.
Usage guidelines
To send informs to an NMS, you must configure the SNMP engine ID of the NMS on the SNMP agent.
The NMS accepts the SNMPv3 informs from the SNMP agent only if the engine ID in the informs is the same as its local engine ID.
You can configure a maximum of 20 remote SNMP engine IDs.
Examples
# Set the SNMP engine ID to 123456789A for the remote entity 10.1.1.1.
<Sysname> system-view
[Sysname] snmp-agent remote 10.1.1.1 engineid 123456789A
Related commands
display snmp-agent remote
snmp-agent { inform | trap } source
Use snmp-agent { inform | trap } source to specify a source IP address for the informs or traps sent by the SNMP agent.
Use undo snmp-agent { inform | trap } source to restore the default.
Syntax
snmp-agent { inform | trap } source interface-type { interface-number | interface-number.subnumber }
undo snmp-agent { inform | trap } source
Default
The SNMP agent uses the IP address of the outgoing interface as the source IP address of notifications.
Views
System view
Predefined user roles
network-admin
Parameters
inform: Specifies informs.
trap: Specifies traps.
interface-type { interface-number | interface-number.subnumber }: Specifies an interface by its type and number. The interface-number argument specifies a main interface number. The subnumber argument specifies a subinterface number in the range of 1 to 4094.
Usage guidelines
The snmp-agent source command enables the SNMP agent to use the primary IP address of an interface or subinterface as the source IP address in all its SNMP informs or traps, regardless of their outgoing interfaces. An NMS can use this IP address to filter all the informs or traps sent by the SNMP agent.
Make sure the specified interface has been created and assigned a valid IP address. The configuration will fail if the interface has not been created and will take effect only after a valid IP address is assigned to the specified interface.
Examples
# Configure the primary IP address of GigabitEthernet 1/0/1 as the source address of SNMP traps.
<Sysname> system-view
[Sysname] snmp-agent trap source gigabitethernet 1/0/1
# Configure the primary IP address of GigabitEthernet 1/0/2 as the source address of SNMP informs.
<Sysname> system-view
[Sysname] snmp-agent inform source gigabitethernet 1/0/2
Related commands
snmp-agent target-host
snmp-agent trap enable
snmp-agent sys-info contact
Use snmp-agent sys-info contact to configure the system contact.
Use undo snmp-agent sys-info contact to restore the default contact.
Syntax
snmp-agent sys-info contact sys-contact
undo snmp-agent sys-info contact
Default
The system contact is Hangzhou H3C Tech. Co., Ltd..
Views
System view
Predefined user roles
network-admin
Parameters
sys-contact: Specifies the system contact, a case-sensitive string of 1 to 255 characters.
Usage guidelines
Configure the system contact for system maintenance and management.
Examples
# Configure the system contact as Dial System Operator # 27345.
<Sysname> system-view
[Sysname] snmp-agent sys-info contact Dial System Operator # 27345
Related commands
display snmp-agent sys-info
snmp-agent sys-info location
Use snmp-agent sys-info location to configure the system location.
Use undo snmp-agent sys-info location to restore the default location.
Syntax
snmp-agent sys-info location sys-location
undo snmp-agent sys-info location
Default
The system location is Hangzhou, China.
Views
System view
Predefined user roles
network-admin
Parameters
sys-location: Specifies the system location, a case-sensitive string of 1 to 255 characters.
Usage guidelines
Configure the location of the device for system maintenance and management.
Examples
# Configure the system location as Room524-row1-3.
<Sysname> system-view
[Sysname] snmp-agent sys-info location Room524-row1-3
Related commands
display snmp-agent sys-info
snmp-agent sys-info version
Use snmp-agent sys-info version to enable SNMP versions.
Use undo snmp-agent sys-info version to disable SNMP versions.
Syntax
In non-FIPS mode:
snmp-agent sys-info contact version { all | { v1 | v2c | v3 } * }
undo snmp-agent sys-info version { all | { v1 | v2c | v3 } * }
In FIPS mode:
snmp-agent sys-info version v3
undo snmp-agent sys-info version v3
Default
SNMPv3 is enabled.
Views
System view
Predefined user roles
network-admin
Parameters
all: Specifies SNMPv1, SNMPv2c, and SNMPv3.
v1: Specifies SNMPv1.
v2c: Specifies SNMPv2c.
v3: Specifies SNMPv3.
Usage guidelines
SNMPv1 and SNMPv2c settings in this command are not supported in FIPS mode.
Configure the SNMP agent with the same SNMP version as the NMS for successful communications between them.
Examples
# Enable SNMPv3.
<Sysname> system-view
[Sysname] snmp-agent sys-info version v3
Related commands
display snmp-agent sys-info
snmp-agent target-host
Use snmp-agent target-host to configure an SNMP notification target host.
Use undo snmp-agent target-host to remove an SNMP notification target host.
Syntax
In non-FIPS mode:
snmp-agent target-host inform address udp-domain { ipv4-address | ipv6 ipv6-address } [ udp-port port-number ] [ vpn-instance vpn-instance-name ] params securityname security-string { v2c | v3 [ authentication | privacy ] }
snmp-agent target-host trap address udp-domain { ipv4-address | ipv6 ipv6-address } [ udp-port port-number ] [ vpn-instance vpn-instance-name ] params securityname security-string [ v1 | v2c | v3 [ authentication | privacy ] ]
undo snmp-agent target-host { trap | inform } address udp-domain { ipv4-address | ipv6 ipv6-address } params securityname security-string [ vpn-instance vpn-instance-name ]
In FIPS mode:
snmp-agent target-host inform address udp-domain { ipv4-address | ipv6 ipv6-address } [ udp-port port-number ] [ vpn-instance vpn-instance-name ] params securityname security-string v3 { authentication | privacy }
snmp-agent target-host trap address udp-domain { ipv4-address | ipv6 ipv6-address } [ udp-port port-number ] [ vpn-instance vpn-instance-name ] params securityname security-string v3 { authentication | privacy }
undo snmp-agent target-host { trap | inform } address udp-domain { ipv4-address | ipv6 ipv6-address } params securityname security-string [ vpn-instance vpn-instance-name ]
Default
No SNMP notification target hosts exist.
Views
System view
Predefined user roles
network-admin
Parameters
inform: Sends notifications as informs.
trap: Sends notifications as traps.
address: Specifies the destination address of SNMP notifications.
udp-domain: Specifies UDP as the transport protocol.
ipv4-address: Specifies a target host by its IPv4 address or host name. The host name is a case-insensitive string of 1 to 253 characters. The string can only contain letters, numbers, hyphens (-), underscores (_), and dots (.). If you specify a host name, the IPv4 address of the target host can be obtained.
ipv6 ipv6-address: Specifies a target host by its IPv6 address or host name. The host name is a case-insensitive string of 1 to 253 characters, which only contains letters, numbers, hyphens (-), underscores (_), and dots (.). If you specify a host name, the IPv6 address of the target host can be obtained. If you specify an IPv6 address, the address cannot be a link local address.
udp-port port-number: Specifies the UDP port for SNMP notifications. If no UDP port is specified, UDP port 162 is used.
vpn-instance vpn-instance-name: Specifies the VPN for the target host. The vpn-instance-name argument specifies the name of the MPLS L3VPN, a case-sensitive string of 1 to 31 characters. If this parameter is not specified, the target host is in the public network.
params securityname security-string: Specifies the authentication parameter. The security-string argument specifies an SNMPv1 or SNMPv2c community name or an SNMPv3 username, a string of 1 to 32 characters.
v1: Specifies SNMPv1.
v2c: Specifies SNMPv2c.
v3: Specifies SNMPv3.
· authentication: Specifies the security model to be authentication without privacy. You must specify the authentication key when you create the SNMPv3 user.
· privacy: Specifies the security model to be authentication with privacy. You must specify the authentication key and privacy key when you create the SNMPv3 user.
Usage guidelines
You can specify a maximum of 20 SNMP notification target hosts.
Make sure the SNMP agent uses the same UDP port for SNMP notifications as the target host. Typically, NMSs, for example, IMC and MIB Browser, use port 162 for SNMP notifications as defined in the SNMP protocols.
If none of the keywords v1, v2c, or v3 is specified, SNMPv1 is used. Make sure the SNMP agent uses the same SNMP version as the target host so the host can receive the notification.
If neither authentication nor privacy is specified, the security model is no authentication, no privacy.
Examples
# Configure the SNMP agent to send SNMPv3 traps to 10.1.1.1 in the user public.
<Sysname> system-view
[Sysname] snmp-agent trap enable standard
[Sysname] snmp-agent target-host trap address udp-domain 10.1.1.1 params securityname public v3
Related commands
snmp-agent { inform | trap } source
snmp-agent trap enable
snmp-agent trap life
snmp-agent trap enable
Use snmp-agent trap enable to enable SNMP notifications.
Use undo snmp-agent trap enable to disable SNMP notifications.
Syntax
snmp-agent trap enable [ configuration | protocol | standard [ authentication | coldstart | linkdown | linkup | warmstart ] * | system ]
undo snmp-agent trap enable [ configuration | protocol | standard [ authentication | coldstart | linkdown | linkup | warmstart ] * | system ]
Default
SNMP configuration notifications, standard notifications, and system notifications are enabled. Whether other SNMP notifications are enabled varies by modules.
Views
System view
Predefined user roles
network-admin
Parameters
configuration: Specifies configuration notifications. If configuration notifications are enabled, the system checks the running configuration and the startup configuration every 10 minutes for any change and generates a notification for the most recent change.
protocol: Specifies a module for enabling SNMP notifications. For more information about this argument, see the command reference for each module.
standard: Specifies SNMP standard notifications.
Table 42 Standard SNMP notifications
Keyword |
Definition |
authentication |
Authentication failure notification sent when an NMS fails to authenticate to the SNMP agent. |
coldstart |
Notification sent when the device restarts. |
linkdown |
Notification sent when the link of a port goes down. |
linkup |
Notification sent when the link of a port comes up. |
warmstart |
Notification sent when the SNMP agent restarts. |
system: Specifies system notifications sent when the system time is modified, the system reboots, or the main system software image is not available.
Usage guidelines
To enable SNMP notifications for a protocol, first enable the procotol.
The snmp-agent trap enable command enables the device to generate notifications, including both informs and traps, even though the keyword trap is used in this command.
You can use the snmp-agent target-host command to enable the device to send the notifications as informs or traps to a host.
If no optional parameters are specified, this command or its undo form enables or disables all SNMP notifications supported by the device.
Examples
# Enable the SNMP agent to send SNMP authentication failure traps to 10.1.1.1 in the community public.
<Sysname> system-view
[Sysname] snmp-agent target-host trap address udp-domain 10.1.1.1 params securityname public
[Sysname] snmp-agent trap enable standard authentication
Related commands
snmp-agent target-host
snmp-agent trap if-mib link extended
Use snmp-agent trap if-mib link extended to configure the SNMP agent to send extended linkUp/linkDown notifications.
Use undo snmp-agent trap if-mib link extended to restore the default.
Syntax
snmp-agent trap if-mib link extended
undo snmp-agent trap if-mib link extended
Default
The SNMP agent sends standard linkUp/linkDown notifications.
Views
System view
Predefined user roles
network-admin
Usage guidelines
Extended linkUp and linkDown notifications add interface description and interface type to the standard linkUp/linkDown notifications for fast failure point identification.
When you use this command, make sure the NMS supports the extended linkup and linkDown notifications.
Examples
# Enable extended linkUp/linkDown notifications.
<Sysname> system-view
[Sysname] snmp-agent trap if-mib link extended
snmp-agent trap life
Use snmp-agent trap life to set the lifetime of notifications in the SNMP notification queue.
Use undo snmp-agent trap life to restore the default notification lifetime.
Syntax
snmp-agent trap life seconds
undo snmp-agent trap life
Default
The SNMP notification lifetime is 120 seconds.
Views
System view
Predefined user roles
network-admin
Parameters
seconds: Sets a lifetime in seconds, in the range of 1 to 2592000.
Usage guidelines
When congestion occurs, the SNMP agent buffers notifications in a queue. The notification lifetime sets how long a notification can stay in the queue. A notification is deleted when its lifetime expires.
Examples
# Set the SNMP notification lifetime to 60 seconds.
<Sysname> system-view
[Sysname] snmp-agent trap life 60
Related commands
snmp-agent target-host
snmp-agent trap enable
snmp-agent trap queue-size
snmp-agent trap log
Use snmp-agent trap log to enable SNMP notification logging.
Use undo snmp-agent trap log to disable SNMP notification logging.
Syntax
snmp-agent trap log
undo snmp-agent trap log
Default
SNMP notification logging is disabled.
Views
System view
Predefined user roles
network-admin
Usage guidelines
Use SNMP notification logging to record SNMP notifications sent by the SNMP agent for notification tracking. The SNMP agent sends the logs to the information center. You can configure the information center to output the logs to a destination as needed.
Examples
# Enable SNMP notification logging.
<Sysname> system-view
[Sysname] snmp-agent trap log
snmp-agent trap queue-size
Use snmp-agent trap queue-size to set the SNMP notification queue size.
Use undo snmp-agent trap queue-size to restore the default queue size.
Syntax
snmp-agent trap queue-size size
undo snmp-agent trap queue-size
Default
The SNMP notification queue can store up to 100 notifications.
Views
System view
Predefined user roles
network-admin
Parameters
size: Specifies the maximum number of notifications that the SNMP notification queue can hold. The value range is 1 to 1000.
Usage guidelines
When congestion occurs, the SNMP agent buffers notifications in a queue. SNMP notification queue size sets the maximum number of notifications that this queue can hold. When the queue size is reached, the oldest notifications are dropped for new notifications.
Examples
# Set the SNMP notification queue size to 200.
<Sysname> system-view
[Sysname] snmp-agent trap queue-size 200
Related commands
snmp-agent target-host
snmp-agent trap enable
snmp-agent trap life
snmp-agent usm-user { v1 | v2c }
Use snmp-agent usm-user { v1 | v2c } to create an SNMPv1 or SNMPv2c user.
Use undo snmp-agent usm-user { v1 | v2c } to delete an SNMPv1 or SNMPv2c user.
Syntax
snmp-agent usm-user { v1 | v2c } user-name group-name [ acl { ipv4-acl-number | name ipv4-acl-name } | acl ipv6 { ipv6-acl-number | name ipv6-acl-name } ] *
undo snmp-agent usm-user { v1 | v2c } user-name
Default
No SNMPv1 or SNMPv2c users exist.
Views
System view
Predefined user roles
network-admin
Parameters
v1: Specifies SNMPv1.
v2c: Specifies SNMPv2c.
user-name: Specifies an SNMP username, a case-sensitive string of 1 to 32 characters.
group-name: Specifies an SNMPv1 or SNMPv2c group name, a case-sensitive string of 1 to 32 characters. The group can be one that has been created or not. If the group has not been created, the user takes effect after you create the group.
acl: Specifies a basic or advanced IPv4 ACL for the user.
ipv4-acl-number: Specifies a basic or advanced IPv4 ACL by its number. The basic IPv4 ACL number is in the range of 2000 to 2999. The advanced IPv4 ACL number is in the range of 3000 to 3999.
name ipv4-acl-name: Specifies a basic or advanced IPv4 ACL by its name, a case-insensitive string of 1 to 63 characters.
acl ipv6: Specifies a basic or advanced IPv6 ACL for the user.
ipv6-acl-number: Specifies a basic or advanced IPv6 ACL by its number. The basic IPv6 ACL number is in the range of 2000 to 2999. The advanced IPv6 ACL number is in the range of 3000 to 3999..
name ipv6-acl-name: Specifies a basic or advanced IPv6 ACL by its name, a case-insensitive string of 1 to 63 characters.
Usage guidelines
This command is not available in FIPS mode.
Only users with the network-admin or level-15 user role can execute this command. Users with other user roles cannot execute this command even if these roles are granted access to this command or commands of the SNMP feature.
On an SNMPv1 or SNMPv2c network, NMSs and agents authenticate each other by using the community name. On an SNMPv3 network, NMSs and agents authenticate each other by using the username.
You can create an SNMPv1 or SNMPv2c community by using either of the following ways:
· Execute the snmp-agent community command.
· Execute the snmp-agent usm-user { v1 | v2c } and snmp-agent group { v1 | v2c } commands to create an SNMPv1 or SNMPv2c user and the group that the user is assigned to. The system automatically creates an SNMP community by using the SNMPv1 or SNMPv2c username.
You can specify an ACL for the user and group, respectively, to filter illegitimate NMSs from accessing the agent. Only the NMSs permitted by the ACLs for both the user and group can access the SNMP agent. The following rules apply to the ACLs for the user and group:
· If you do not specify an ACL, the specified ACL does not exist, or the specified ACL does not have any rules, all NMSs that use the username can access the SNMP agent.
· If you have specified an ACL and the ACL has rules, only the NMSs permitted by the ACL can access the agent.
For more information about ACL, see ACL and QoS Configuration Guide.
Examples
# Add the user userv2c to the SNMPv2c group readCom so an NMS can use the protocol SNMPv2c and the read-only community name userv2c to access the device.
<Sysname> system-view
[Sysname] snmp-agent sys-info version v2c
[Sysname] snmp-agent group v2c readCom
[Sysname] snmp-agent usm-user v2c userv2c readCom
# Add the user userv2c in the SNMPv2c group readCom so only the NMS at 1.1.1.1 can use the protocol SNMPv2c and read-only community name userv2c to access the device.
<Sysname> system-view
[Sysname] acl basic 2001
[Sysname-acl-ipv4-basic-2001] rule permit source 1.1.1.1 0.0.0.0
[Sysname-acl-ipv4-basic-2001] rule deny source any
[Sysname-acl-ipv4-basic-2001] quit
[Sysname] snmp-agent sys-info version v2c
[Sysname] snmp-agent group v2c readCom
[Sysname] snmp-agent usm-user v2c userv2c readCom acl 2001
# Add the user userv2c in the SNMPv2c group readCom so only the NMS at 1.1.1.2 can use the protocol SNMPv2c and read-only community name userv2c to access the device.
[Sysname] acl basic name testacl
[Sysname-acl-ipv4-basic-testacl] rule permit source 1.1.1.2 0.0.0.0
[Sysname-acl-ipv4-basic-testacl] rule deny source any
[Sysname-acl-ipv4-basic-testacl] quit
[Sysname] snmp-agent sys-info version v2c
[Sysname] snmp-agent group v2c readCom
[Sysname] snmp-agent usm-user v2c userv2c readCom acl name testacl
Related commands
display snmp-agent community
snmp-agent community
snmp-agent group
snmp-agent usm-user v3
Use snmp-agent usm-user v3 to create an SNMPv3 user.
Use undo snmp-agent usm-user v3 to delete an SNMPv3 user.
Syntax
In non-FIPS mode (in VACM mode):
snmp-agent usm-user v3 user-name group-name [ remote { ipv4-address | ipv6 ipv6-address } [ vpn-instance vpn-instance-name ] ] [ { cipher | simple } authentication-mode { md5 | sha } auth-password [ privacy-mode { aes128 | 3des | des56 } priv-password ] ] [ acl { ipv4-acl-number | name ipv4-acl-name } | acl ipv6 { ipv6-acl-number | name ipv6-acl-name } ] *
undo snmp-agent usm-user v3 user-name { local | engineid engineid-string | remote { ipv4-address | ipv6 ipv6-address } [ vpn-instance vpn-instance-name ] }
In non-FIPS mode (in RBAC mode):
In FIPS mode (in VACM mode):
snmp-agent usm-user v3 user-name group-name [ remote { ipv4-address | ipv6 ipv6-address } [ vpn-instance vpn-instance-name ] ] { cipher | simple } authentication-mode sha auth-password [ privacy-mode aes128 priv-password ] [ acl { ipv4-acl-number | name ipv4-acl-name } | acl ipv6 { ipv6-acl-number | name ipv6-acl-name } ] *
undo snmp-agent usm-user v3 user-name { local | engineid engineid-string | remote { ipv4-address | ipv6 ipv6-address } [ vpn-instance vpn-instance-name ] }
In FIPS mode (in RBAC mode):
Default
No SNMPv3 users exist.
Views
System view
Predefined user roles
network-admin
Parameters
user-name: Specifies an SNMPv3 username, a case-sensitive string of 1 to 32 characters.
group-name: Specifies an SNMPv3 group name, a case-sensitive string of 1 to 32 characters. The group can be one that has been created or not. The user takes effect only after you create the group.
user-role role-name: Specifies a user role name, a case-sensitive string of 1 to 63 characters.
remote { ipv4-address | ipv6 ipv6-address }: Specifies a target host by its IPv4 or IPv6 address, typically the NMS, to receive the notifications. To send SNMPv3 notifications to a target host, you need to specify this option and use the snmp-agent remote command to bind the IPv4 or IPv6 address to the remote engine ID.
vpn-instance vpn-instance-name: Specifies the VPN for the target host receiving SNMP notifications. The vpn-instance-name argument specifies the name of the MPLS L3VPN, a case-sensitive string of 1 to 31 characters. If this parameter is not specified, the target host is in the public network.
cipher: Specifies an authentication key and an encryption key in encrypted form. The keys will be converted to a digest in encrypted form and stored in the device.
simple: Specifies an authentication key and an encryption key in plaintext from. The keys will be converted to a digest in encrypted form and stored in the device.
authentication-mode: Specifies an authentication algorithm. If you do not specify this keyword, the system does not perform authentication. For more information about authentication algorithms, see IPSec configuration in Security Configuration Guide.
· md5: Specifies the HMAC-MD5 authentication algorithm.
· sha: Specifies the HMAC-SHA-1 authentication algorithm.
auth-password: Specifies the authentication key. This argument is case sensitive.
· The plaintext form of the key in non-FIPS mode is a string of 1 to 64 characters. The plaintext form of the key in FIPS mode is a string of 15 to 64 characters, which must contain numbers, uppercase letters, lowercase letters, and special characters.
· The encrypted form of the key can be calculated by using the snmp-agent calculate-password command.
privacy-mode: Specifies an encryption algorithm. If you do not specify this keyword, the system does not perform encryption.
· aes128: Specifies the AES encryption algorithm that uses a 128-bit key.
· 3des: Specifies the 3DES encryption algorithm that uses a 168-bit key.
· des56: Specifies the DES encryption algorithm that uses a 56-bit key.
priv-password: Specifies an encryption key. This argument is case sensitive.
· The plaintext form of the key in non-FIPS mode is a string of 1 to 64 characters. The plaintext form of the key in FIPS mode is a string of 15 to 64 characters, which must contain numbers, uppercase letters, lowercase letters, and special characters.
· The encrypted form of the key can be calculated by using the snmp-agent calculate-password command.
acl: Specifies a basic or advanced IPv4 ACL for the user.
ipv4-acl-number: Specifies a basic or advanced IPv4 ACL by its number. The basic IPv4 ACL number is in the range of 2000 to 2999. The advanced IPv4 ACL number is in the range of 3000 to 3999.
name ipv4-acl-name: Specifies a basic or advanced IPv4 ACL by its name, a case-insensitive string of 1 to 63 characters.
acl ipv6: Specifies a basic or advanced IPv6 ACL for the user.
ipv6-acl-number: Specifies a basic or advanced IPv6 ACL by its number. The basic IPv6 ACL number is in the range of 2000 to 2999. The advanced IPv6 ACL number is in the range of 3000 to 3999.
name ipv6-acl-name: Specifies a basic or advanced IPv6 ACL by its name, a case-insensitive string of 1 to 63 characters.
local: Specifies the local SNMP engine. By default, an SNMPv3 user is associated with the local SNMP engine.
engineid engineid-string: Specifies an SNMP engine ID. The engineid-string argument is an even number of hexadecimal characters. All-zero and all-F strings are invalid. The even number is in the range of 10 to 64. If you change the local engine ID, the existing SNMPv3 users and keys become invalid. To delete an invalid username, specify the engine ID associated with the username in the undo snmp-agent usm-user v3 command.
Usage guidelines
Only users with the network-admin or level-15 user role can execute this command. Users with other user roles cannot execute this command even if these roles are granted access to this command or commands of the SNMP feature.
You can use either of the following modes to control SNMPv3 user access to MIB objects.
· VACM—Controls user access to MIB objects by assigning the user to an SNMP group. To make sure the user takes effect, make sure the group has been created. An SNMP group contains one or multiple users and specifies the MIB views and security model for the users. The authentication and encryption algorithms for each user are specified when they are created.
· RBAC—Controls user access to MIB objects by assigning user roles to the user. A user role specifies the MIB objects accessible to the user and the operations that the user can perform on the objects. After you create a user in RBAC mode, you can use the snmp-agent usm-user v3 user-role command to assign more user roles to the user. You can assign a maximum of 64 user roles to a user.
RBAC mode controls access on a per MIB object basis, and VACM mode controls access on a MIB view basis. As a best practice to enhance MIB security, use RBAC mode.
You can execute the snmp-agent usm-user v3 command multiple times to create different SNMPv3 users in VACM mode. If you do not change the username each time, the most recent configuration takes effect.
You can execute the snmp-agent usm-user v3 command in RBAC mode multiple times to assign different user roles to an SNMPv3 user. The following restrictions and guidelines apply:
· If you specify only user roles but do not change any other settings each time, the snmp-agent usm-user v3 command assigns different user roles to the user. Other settings remain unchanged.
· If you specify user roles and also change other settings each time, the snmp-agent usm-user v3 command assigns different user roles to the user. The most recent configuration for other settings takes effect.
You can specify an ACL for the user and group, respectively, to filter illegitimate NMSs from accessing the agent. Only the NMSs permitted by the ACLs for both the user and group can access the SNMP agent. The following rules apply to the ACLs for the user and group:
· If you do not specify an ACL, the specified ACL does not exist, or the specified ACL does not have any rules, all NMSs that use the username can access the SNMP agent.
· If you have specified an ACL and the ACL has rules, only the NMSs permitted by the ACL can access the agent.
For more information about ACL, see ACL and QoS Configuration Guide.
Examples
In VACM mode:
# Create SNMPv3 group testGroup and specify the authentication without privacy security model for the group. Add user testUser to the group. Specify authentication algorithm HMAC-SHA1 and plaintext-form authentication key 123456TESTplat&! for the user.
<Sysname> system-view
[Sysname] snmp-agent group v3 testGroup authentication
[Sysname] snmp-agent usm-user v3 testUser testGroup simple authentication-mode sha 123456TESTplat&!
For an NMS to access the MIB objects in default view, make sure the following configurations are the same on both the NMS and the SNMP agent:
· SNMP protocol version.
· SNMPv3 username.
· Authentication algorithm and key.
# Create SNMPv3 group testGroup and specify the authentication with privacy security model for the group. Add user testUser to the group. Specify authentication algorithm HMAC-SHA1, encryption algorithm AES, plaintext-form authentication key 123456TESTauth&!, and plaintext-form encryption key 123456TESTencr&! for the user.
<Sysname> system-view
[Sysname] snmp-agent group v3 testGroup privacy
[Sysname] snmp-agent usm-user v3 testUser testGroup simple authentication-mode sha 123456TESTauth&! privacy-mode aes128 123456TESTencr&!
For an NMS to access the MIB objects in default view, make sure the following configurations are the same on both the NMS and the SNMP agent:
· SNMP protocol version.
· SNMPv3 username.
· Authentication algorithm.
· Privacy algorithm.
· Plaintext authentication and privacy keys.
# Specify engine ID 123456789A for the NMS at 10.1.1.1. Create SNMPv3 group testGroup and specify the authentication with privacy security model for the group. Add user testUser to the group. Specify NMS at 10.1.1.1 as the target host. Specify authentication algorithm HMAC-SHA1, encryption algorithm AES, plaintext-form authentication key 123456TESTauth&!, and plaintext-form encryption key 123456TESTencr&! for the user.
<Sysname> system-view
[Sysname] snmp-agent remote 10.1.1.1 engineid 123456789A
[Sysname] snmp-agent group v3 testGroup privacy
[Sysname] snmp-agent usm-user v3 remoteUser testGroup remote 10.1.1.1 simple authentication-mode sha 123456TESTauth&! privacy-mode aes128 123456TESTencr&!
In RBAC mode:
# Create SNMPv3 user testUser with user role network-operator. Specify authentication algorithm HMAC-SHA1 and plaintext-form authentication key 123456TESTplat&! for the user.
[Sysname] snmp-agent usm-user v3 testUser user-role network-operator simple authentication-mode sha 123456TESTplat&!
For an NMS to have read-only access to all MIB objects, make sure the following configurations are the same on both the NMS and the SNMP agent:
· SNMP protocol version.
· SNMPv3 username.
· Authentication algorithm and key.
Related commands
display snmp-agent usm-user
snmp-agent calculate-password
snmp-agent group
snmp-agent usm-user v3 user-role
snmp-agent usm-user v3 user-role
Use snmp-agent usm-user v3 user-role to assign a user role to an SNMPv3 user created in RBAC mode.
Use undo snmp-agent usm-user user-role to remove a user role.
Syntax
snmp-agent usm-user v3 user-name user-role role-name
undo snmp-agent usm-user v3 user-name user-role role-name
Default
An SNMPv3 user has the user role assigned to it at its creation.
Views
System view
Predefined user roles
Parameters
user-name: Specifies an SNMPv3 username, a case-sensitive string of 1 to 32 characters.
user-role role-name: Specifies a user role name, a case-sensitive string of 1 to 63 characters.
Usage guidelines
You can assign a maximum of 64 user roles to an SNMPv3 user.
An SNMPv3 user must have a minimum of one user role.
Examples
# Assign the user role testRole2 to the SNMPv3 user testUser.
[Sysname] snmp-agent usm-user v3 testUser user-role testRole2
Related commands
RMON commands
The following matrix shows the feature and hardware compatibility:
Hardware |
RMON compatibility |
MSR810/810-W/810-W-DB/810-LM/810-W-LM/810-10-PoE/810-LM-HK/810-W-LM-HK |
Yes |
MSR810-LMS/810-LUS |
No |
MSR2600-6-X1/2600-10-X1 |
Yes |
MSR 2630 |
Yes |
MSR3600-28/3600-51 |
Yes |
MSR3600-28-SI/3600-51-SI |
Yes |
MSR 3610/3620/3620-DP/3640/3660 |
Yes |
MSR3610-X1/3610-X1-DP/3610-X1-DC/3610-X1-DP-DC |
Yes |
MSR5620/5660/5680 |
Yes |
Hardware |
RMON compatibility |
MSR810-LM-GL |
Yes |
MSR810-W-LM-GL |
Yes |
MSR830-6EI-GL |
Yes |
MSR830-10EI-GL |
Yes |
MSR830-6HI-GL |
Yes |
MSR830-10HI-GL |
Yes |
MSR2600-6-X1-GL |
Yes |
MSR3600-28-SI-GL |
Yes |
display rmon alarm
Use display rmon alarm to display information about RMON alarm entries.
Syntax
display rmon alarm [ entry-number ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
entry-number: Specifies an alarm entry by its index in the range of 1 to 65535. If you do not specify an entry, the command displays all RMON alarm entries.
Examples
# Display information about all RMON alarm entries.
AlarmEntry 1 owned by user1 is VALID.
Sample type : absolute
Sampled variable : 1.3.6.1.2.1.16.1.1.1.4.1<etherStatsOctets.1>
Sampling interval (in seconds) : 10
Rising threshold : 50(associated with event 1)
Falling threshold : 5(associated with event 2)
Alarm sent upon entry startup : risingOrFallingAlarm
Latest value : 0
Field |
Description |
AlarmEntry entry-number owned by owner is status. |
Alarm entry owner and status: · entry-number—Alarm entry index. · owner—Entry owner. · status—Entry status: ¡ VALID—The entry is valid. ¡ UNDERCREATION—The entry is invalid. The status field is not configurable at the CLI. All alarm entries created from the CLI are valid by default. The display rmon alarm command can display invalid entries, but the display current-configuration and display this commands do not display their settings. |
Sample type |
Sample type: · absolute—RMON compares the value of the variable with the rising and falling thresholds at the end of the sampling interval. · delta—RMON subtracts the value of the variable at the previous sample from the current value, and then compares the difference with the rising and falling thresholds. |
Sampled variable |
Monitored variable. |
Sampling interval |
Interval (in seconds) at which data is sampled and compared with the rising and falling thresholds. |
Rising threshold |
Alarm rising threshold. A rising alarm is generated when the following conditions are met: · The current sampled value is greater than or equal to this threshold. · The value at the previous sampling interval was less than this threshold. A rising alarm is also generated when the following conditions are met: · The first sample after this entry becomes valid is greater than or equal to this threshold. · The associated alarmStartupAlarm instance is equal to risingAlarm or risingOrFallingAlarm. |
associated with event |
Event index (EventEntry) associated with the alarm. |
Falling threshold |
Alarm falling threshold. A falling alarm is generated when the following conditions are met: · The current sampled value is less than or equal to this threshold · The value at the previous sampling interval was greater than this threshold. A falling alarm is also generated when the following conditions are met: · The first sample after this entry becomes valid is less than or equal to this threshold. · The associated alarmStartupAlarm is equal to fallingAlarm or risingOrFallingAlarm. |
Alarm sent upon entry startup |
Alarm that can be generated when the entry becomes valid: · risingAlarm—Generates a rising alarm if the first sample after the entry becomes valid is greater than or equal to the rising threshold. · fallingAlarm—Generates a falling alarm if the first sample after the entry becomes valid is less than or equal to the rising threshold. · risingOrFallingAlarm—Generates a rising alarm or falling alarm if the first sample after the entry becomes valid crosses the rising threshold or falling threshold. The default is risingOrFallingAlarm. |
Latest value |
Most recent sampled value. |
Related commands
rmon alarm
display rmon event
Use display rmon event to display information about RMON event entries.
Syntax
display rmon event [ entry-number ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
entry-number: Specifies an event entry by its index in the range of 1 to 65535. If you do not specify an entry, the command displays all event entries.
Usage guidelines
An event entry includes the following information:
· Event index.
· Event owner.
· Event description.
· Action triggered by the event (such as logging the event or sending an SNMP notification).
· Last time when the event occurred (seconds that elapsed since the system startup).
Examples
# Display information about all RMON event entries.
<Sysname> display rmon event
EventEntry 1 owned by user1 is VALID.
Description: N/A
Community: Security
Take the action log-trap when triggered, last triggered at 0days 00h:02m:27s uptime.
Table 44 Command output
Field |
Description |
EventEntry entry-number owned by owner is status. |
Event entry owner and status: · entry-number—Event entry index. · owner—Entry owner. · status—Entry status: ¡ VALID—The entry is valid. ¡ UNDERCREATION—The entry is invalid. The status field is not configurable at the CLI. All alarm entries created from the CLI are valid by default. The display rmon event command can display invalid entries, but the display current-configuration and display this commands do not display their settings. |
Description |
Event description. |
Community |
SNMP community name for the RMON event. You can specify an SNMP community name when you create an RMON event entry, but the setting does not take effect. The system always uses the settings configured with the SNMP feature when it sends RMON event notifications. |
Take the action action when triggered |
Actions that the system takes when the event occurs: · none—Takes no action. · log—Logs the event. · trap—Sends an SNMP notification. · log-trap—Logs the event and sends an SNMP notification. |
last triggered at time uptime |
Last time when the event occurred, which is represented as the amount of time that elapsed since the system startup. |
Related commands
rmon event
display rmon eventlog
Use display rmon eventlog to display information about event log entries.
Syntax
display rmon eventlog [ entry-number ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
entry-number: Specifies an event entry by its index in the range of 1 to 65535. If you do not specify an entry, the command displays log entries for all event entries.
Usage guidelines
If the log action is specified for an event, the system adds a record in the event log table each time the event occurs. Each record contains the log entry index, time when the event was logged (the amount of time that elapsed since system startup), and event description.
The system can maintain a maximum of 10 records for an event. The most recent record replaces the oldest record if the number of records reaches 10.
Examples
# Display the RMON log for event entry 99.
<Sysname> display rmon eventlog 99
EventEntry 99 owned by ww is VALID.
LogEntry 99.1 created at 50days 08h:54m:44s uptime.
Description: The 1.3.6.1.2.1.16.1.1.1.4.5 defined in alarmEntry 77,
uprise 16760000 with alarm value 16776314. Alarm sample type is absolute.
LogEntry 99.2 created at 50days 09h:11m:13s uptime.
Description: The 1.3.6.1.2.1.16.1.1.1.4.5 defined in alarmEntry 77,
less than(or =) 20000000 with alarm value 16951648. Alarm sample type is absolute.
LogEntry 99.3 created at 50days 09h:18m:43s uptime.
Description: The alarm formula defined in prialarmEntry 777,
less than(or =) 15000000 with alarm value 14026493. Alarm sample type is absolute.
LogEntry 99.4 created at 50days 09h:23m:28s uptime.
Description: The alarm formula defined in prialarmEntry 777,
uprise 17000000 with alarm value 17077846. Alarm sample type is absolute.
This example shows that the event log table has four records for event 99:
· Two records were created when event 99 was triggered by alarm entry 77.
· Two records were created when event 99 was triggered by private alarm entry 777.
Table 45 Command output
Field |
Description |
EventEntry entry-number owned by owner is status. |
Event log entry owner and status: · entry-number—Event log entry index, which is the same as the event entry index for which this log entry is generated. · owner—Entry owner. · status—Entry status: ¡ VALID—The entry is valid (default value). ¡ UNDERCREATION—The entry is invalid. The status field is not configurable at the CLI. All event log entries are valid by default. The display rmon eventlog command can display invalid entries, but the display current-configuration and display this commands do not display their settings. |
LogEntry entry-number created at created-time uptime. |
Time when an event record was created: · entry-number—Event record index (represented as logEventIndex.logIndex), which uniquely identifies the record among all records for the event. · created-time—Time when the event entry was created. |
Description |
Record description. |
Related commands
rmon event
display rmon history
Use display rmon history to display RMON history control entries and history samples of Ethernet statistics for Ethernet interfaces.
Syntax
display rmon history [ interface-type interface-number ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
interface-type interface-number: Specifies an interface by its type and number. If you do not specify an interface, the command displays history samples for all interfaces that have an RMON history control entry.
Usage guidelines
RMON uses the etherHistoryTable object to store the history samples of Ethernet statistics for Ethernet interfaces.
To collect history samples for an Ethernet interface, you must first create a history control entry on the interface.
To configure the number of history samples that can be displayed and the history sampling interval, use the rmon history command.
Examples
# Display the RMON history control entry and history samples for GigabitEthernet 1/0/1.
<Sysname> display rmon history gigabitethernet 1/0/1
HistoryControlEntry 6 owned by user1 is VALID.
Sampled interface : GigabitEthernet1/0/1<ifIndex.117>
Sampling interval : 8(sec) with 3 buckets max
Sampling record 1 :
dropevents : 0 , octets : 5869
packets : 54 , broadcast packets : 9
multicast packets : 23 , CRC alignment errors : 0
undersize packets : 0 , oversize packets : 0
fragments : 0 , jabbers : 0
collisions : 0 , utilization : 0
Sampling record 2 :
dropevents : 0 , octets : 5367
packets : 55 , broadcast packets : 1
multicast packets : 7 , CRC alignment errors : 0
undersize packets : 0 , oversize packets : 0
fragments : 0 , jabbers : 0
collisions : 0 , utilization : 0
Sampling record 3 :
dropevents : 0 , octets : 936
packets : 10 , broadcast packets : 0
multicast packets : 6 , CRC alignment errors : 0
undersize packets : 0 , oversize packets : 0
fragments : 0 , jabbers : 0
collisions : 0 , utilization : 0
HistoryControlEntry 7 owned by user1 is VALID.
Sampled interface : GigabitEthernet1/0/1<ifIndex.117>
Sampling interval : 9(sec) with 1 buckets max
Sampling record 1 :
dropevents : 0 , octets : 1150
packets : 12 , broadcast packets : 0
multicast packets : 8 , CRC alignment errors : 0
undersize packets : 0 , oversize packets : 0
fragments : 0 , jabbers : 0
collisions : 0 , utilization : 0
Table 46 Command output
Field |
Description |
HistoryControlEntry entry-number owned by owner is status. |
Status and owner of the history control entry: · entry-number—History control entry index. · owner—Entry owner. · status—Entry status: ¡ VALID—The entry is valid. ¡ UNDERCREATION—The entry is invalid. The status field is not configurable at the CLI. All history control entries created from the CLI are valid by default. The display rmon history command can display invalid entries, but the display current-configuration and display this commands do not display their settings. |
Sampled Interface |
Sampled interface. |
Sampling interval |
Sampling interval in seconds. |
buckets max |
Maximum number of samples that can be saved for the history control entry. If the expected bucket size specified with the rmon history command exceeds the available history table size, RMON sets the bucket size as closely to the expected bucket size as possible. If the bucket has been full, RMON overwrites the oldest sample with the new sample. |
Sampling record |
History sample index. |
dropevents |
Total number of events in which packets were dropped during the sampling interval. NOTE: This statistic is the number of times that a drop condition occurred. It is not necessarily the total number of dropped packets. |
octets |
Total number of octets received during the sampling interval. |
packets |
Total number of packets (including bad packets) received during the sampling interval. |
broadcast packets |
Number of broadcasts received during the sampling interval. |
multicast packets |
Number of multicasts received during the sampling interval. |
CRC alignment errors |
Number of packets received with CRC alignment errors during the sampling interval. |
undersize packets |
Number of undersize packets received during the sampling interval. Undersize packets are shorter than 64 octets (excluding framing bits but including FCS octets). |
oversize packets |
Number of oversize packets received during the sampling interval. Oversize packets are longer than 1518 octets (excluding framing bits but including FCS octets). |
fragments |
Number of undersize packets with CRC errors received during the sampling interval. |
jabbers |
Number of oversize packets with CRC errors received during the sampling interval. |
collisions |
Number of colliding packets received during the sampling interval. |
utilization |
Bandwidth utilization (in hundreds of a percent) during the sampling period. |
Related commands
rmon history
display rmon prialarm
Use display rmon prialarm to display information about RMON private alarm entries.
Syntax
display rmon prialarm [ entry-number ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
entry-number: Specifies an alarm entry index in the range of 1 to 65535. If you do not specify an entry, the command displays all private alarm entries.
Examples
# Display information about all RMON private alarm entries.
<Sysname> display rmon prialarm
PrialarmEntry 1 owned by user1 is VALID.
Sample type : absolute
Variable formula : (.1.3.6.1.2.1.16.1.1.1.6.1*100/.1.3.6.1.2.1.16.1.1.1.5.1)
Description : ifUtilization.GigabitEthernet1/0/1
Sampling interval (in seconds) : 10
Rising threshold : 80(associated with event 1)
Falling threshold : 5(associated with event 2)
Alarm sent upon entry startup : risingOrFallingAlarm
Entry lifetime : forever
Latest value : 85
Field |
Description |
PrialarmEntry entry-number owned by owner is status. |
Alarm entry owner and status: · entry-number—Alarm entry index. · owner—Entry owner. · status—Entry status: ¡ VALID—The entry is valid. ¡ UNDERCREATION—The entry is invalid. The status field is not configurable at the CLI. All alarm entries created from the CLI are valid by default. The display rmon prialarm command can display invalid entries, but the display current-configuration and display this commands do not display their settings. |
Sample type |
Sample type: · absolute—RMON compares the calculation result of the variable formula with the rising and falling thresholds at the end of the sampling interval. · delta—RMON subtracts the calculation result of the variable formula for the previous sampling interval from the current calculation result, and then compares the difference with the rising and falling thresholds. |
Variable formula |
Variable formula. |
Description |
Description of the alarm entry. |
Sampling interval |
Interval (in seconds) at which data is sampled and compared with the rising and falling thresholds. |
Rising threshold |
Alarm rising threshold. A rising alarm is generated when the following conditions are met: · The current sampled value is greater than or equal to this threshold. · The value at the previous sampling interval was less than this threshold. A rising alarm is also generated when the following conditions are met: · The first sample after this entry becomes valid is greater than or equal to this threshold. · The associated hh3cRmonExtAlarmStartupAlarm instance is equal to risingAlarm or risingOrFallingAlarm. |
Falling threshold |
Alarm falling threshold. A falling alarm is generated when the following conditions are met: · The current sampled value is less than or equal to this threshold. · The value at the previous sampling interval was greater than this threshold. A falling alarm is also generated when the following conditions are met: · The first sample after this entry becomes valid is less than or equal to this threshold. · The associated hh3cRmonExtAlarmStartupAlarm instance is equal to fallingAlarm or risingOrFallingAlarm. |
associated with event |
Event index associated with the alarm. |
Alarm sent upon entry startup |
Alarm that can be generated when the entry becomes valid: · risingAlarm—Generates a rising alarm if the first sample after the entry becomes valid is greater than or equal to the rising threshold. · fallingAlarm—Generates a falling alarm if the first sample after the entry becomes valid is less than or equal to the rising threshold. · risingOrFallingAlarm—Generates a rising alarm or falling alarm if the first sample after the entry becomes valid crosses the rising threshold or falling threshold. The default is risingOrFallingAlarm. |
Entry lifetime |
Lifetime of the entry. · If the lifetime is set to forever, the entry never expires. · If the lifetime is set to an amount of time, the entry is removed when the timer expires. |
Latest value |
Most recent sampled value. |
|
NOTE: The prefix of the MIB objects varies by device brands. |
Related commands
rmon prialarm
display rmon statistics
Use display rmon statistics to display RMON statistics.
Syntax
display rmon statistics [ interface-type interface-number ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
interface-type interface-number: Specifies an interface by its type and number. If you do not specify an interface, the command displays RMON statistics for all interfaces.
Usage guidelines
This command displays the cumulative interface statistics for the period from the time the statistics entry was created to the time the command was executed. The statistics are cleared when the device reboots.
Examples
# Display RMON statistics for GigabitEthernet 1/0/1.
<Sysname> display rmon statistics gigabitethernet 1/0/1
EtherStatsEntry 1 owned by user1 is VALID.
Interface : GigabitEthernet1/0/1<ifIndex.3>
etherStatsOctets : 43393306 , etherStatsPkts : 619825
etherStatsBroadcastPkts : 503581 , etherStatsMulticastPkts : 44013
etherStatsUndersizePkts : 0 , etherStatsOversizePkts : 0
etherStatsFragments : 0 , etherStatsJabbers : 0
etherStatsCRCAlignErrors : 0 , etherStatsCollisions : 0
etherStatsDropEvents (insufficient resources): 0
Incoming packets by size:
64 : 0 , 65-127 : 0 , 128-255 : 0
256-511: 0 , 512-1023: 0 , 1024-1518: 0
Table 48 Command output
Field |
Description |
EtherStatsEntry entry-number owned by owner is status. |
Statistics entry owner and status: · entry-number—Statistics entry index. · owner—Entry owner. · status—Entry status: ¡ VALID—The entry is valid. ¡ UNDERCREATION—The entry is invalid. The status field is not configurable at the CLI. All alarm entries created from the CLI are valid by default. The display rmon statistics command can display invalid entries, but the display current-configuration and display this commands do not display their settings. |
Interface |
Interface on which statistics are gathered. |
etherStatsOctets |
Total number of octets received on the interface. |
etherStatsPkts |
Total number of packets received on the interface. |
etherStatsBroadcastPkts |
Total number of broadcast packets received on the interface. |
etherStatsMulticastPkts |
Total number of multicast packets received on the interface. |
etherStatsUndersizePkts |
Total number of undersize packets received on the interface. |
etherStatsOversizePkts |
Total number of oversize packets received on the interface. |
etherStatsFragments |
Total number of undersize packets received with CRC errors on the interface. |
etherStatsJabbers |
Total number of oversize packets received with CRC errors on the interface. |
etherStatsCRCAlignErrors |
Total number of packets received with CRC errors on the interface. |
etherStatsCollisions |
Total number of colliding packets received on the interface. |
etherStatsDropEvents |
Total number of events in which packets were dropped. NOTE: This statistic is the number of times that a drop condition occurred. It is not necessarily the total number of dropped packets. |
Incoming packets by size: |
Incoming-packet statistics by packet length: · 64—Number of packets with a length less than or equal to 64 bytes. · 65-127—Number of 65- to 127-byte packets.. · 128-255—Number of 128- to 255-byte packets. · 256-511—Number of 256- to 511-byte packets. · 512-1023—Number of 512- to 1023-byte packets. · 1024-1518—Number of 1024- to 1518-byte packets. |
Related commands
rmon statistics
rmon alarm
Use rmon alarm to create an RMON alarm entry.
Use undo rmon alarm to remove an RMON alarm entry.
Syntax
rmon alarm entry-number alarm-variable sampling-interval { absolute | delta } [ startup-alarm { falling | rising | rising-falling } ] rising-threshold threshold-value1 event-entry1 falling-threshold threshold-value2 event-entry2 [ owner text ]
undo rmon alarm entry-number
Default
No RMON alarm entries exist.
Views
System view
Predefined user roles
network-admin
Parameters
entry-number: Specifies an alarm entry index in the range of 1 to 65535.
alarm-variable: Specifies an alarm variable, a string of 1 to 255 characters. You can only specify variables that can be parsed as an ASN.1 INTEGER value (INTEGER, INTEGER32, Unsigned32, Counter32, Counter64, Gauge, or TimeTicks) for the alarm-variable argument. The alarm variables must use one of the formats in Table 49.
Table 49 Alarm variable formats
Format |
Examples |
Dotted OID format: entry.integer.instance |
1.3.6.1.2.1.2.1.10.1 |
Object name.instance |
etherStatsOctets.1 etherStatsPkts.1 etherStatsBroadcastPkts.1 ifInOctets.1 ifInUcastPkts.1 ifInNUcastPkts.1 |
sampling-interval: Sets the sampling interval in the range of 5 to 65535 seconds.
absolute: Specifies absolute sampling. RMON compares the value of the variable with the rising and falling thresholds at the end of the sampling interval.
delta: Specifies delta sampling. RMON subtracts the value of the variable at the previous sample from the current value, and then compares the difference with the rising and falling thresholds.
startup-alarm: Specifies alarms that can be generated when the alarm entry becomes valid. If you do not specify an alarm, RMON can generate a rising alarm or a falling alarm depending on the first sample.
rising: Generates a rising alarm if the first sample after the entry becomes valid is greater than or equal to the rising threshold.
falling: Generates a falling alarm if the first sample after the entry becomes valid is less than or equal to the rising threshold.
rising-falling: Generates a rising alarm if the first sample crosses the rising threshold, or generates a falling alarm if the first sample crosses the falling threshold.
rising-threshold threshold-value1 event-entry1: Sets the rising threshold. The threshold-value1 argument represents the rising threshold in the range of –2147483648 to +2147483647. The event-entry1 argument represents the index of the event that is triggered when the rising threshold is crossed. The value range for the event-entry1 argument is 0 to 65535. If 0 is specified, the alarm does not trigger any event.
falling-threshold threshold-value2 event-entry2: Sets the falling threshold. The threshold-value2 argument represents the falling threshold in the range of –2147483648 to +2147483647. The event-entry2 argument represents the index of the event that is triggered when the falling threshold is crossed. The value range for the event-entry2 argument is 0 to 65535. If 0 is specified, the alarm does not trigger any event.
owner text: Specifies the entry owner, a case-sensitive string of 1 to 127 characters.
Usage guidelines
You can create a maximum of 60 RMON alarm entries.
Each alarm entry must have a unique alarm variable, sampling interval, sample type, rising threshold, or falling threshold. You cannot create an alarm entry if all these parameters for the entry are the same as an existing entry.
To trigger the event associated with an alarm condition, you must create the event with the rmon event command.
RMON samples the monitored alarm variable at the specified sampling interval, compares the sampled value with the predefined thresholds, and does one of the following:
· Triggers the event associated with the rising alarm if the sampled value is equal to or greater than the rising threshold.
· Triggers the event associated with the falling alarm if the sampled value is equal to or less than the falling threshold.
Examples
# Create an alarm entry to perform absolute sampling on the number of octets received on GigabitEthernet 1/0/1 (object instance 1.3.6.1.2.1.16.1.1.1.4.1) at 10-seconds intervals. If the sampled value reaches or exceeds 5000, log the rising alarm event. If the sampled value is equal to or less than 5, take no actions.
<Sysname> system-view
[Sysname] rmon event 1 log
[Sysname] rmon event 2 none
[Sysname] interface gigabitethernet 1/0/1
[Sysname-GigabitEthernet1/0/1] rmon statistics 1
[Sysname-GigabitEthernet1/0/1] quit
[Sysname] rmon alarm 1 1.3.6.1.2.1.16.1.1.1.4.1 10 absolute rising-threshold 5000 1 falling-threshold 5 2 owner user1
In this example, you can replace 1.3.6.1.2.1.16.1.1.1.4.1 with etherStatsOctets.1, where 1 is the statistics entry index for the interface. If you execute the rmon statistics 5 command, you can use etherStatsOctets.5 to replace 1.3.6.1.2.1.16.1.1.1.4.5.
Related commands
display rmon alarm
rmon event
rmon event
Use rmon event to create an RMON event entry.
Use undo rmon event to remove an RMON event entry.
Syntax
rmon event entry-number [ description string ] { log | log-trap security-string | none | trap security-string } [ owner text ]
undo rmon event entry-number
Default
No RMON event entries exist.
Views
System view
Predefined user roles
network-admin
Parameters
entry-number: Specifies an event entry index in the range of 1 to 65535.
description string: Configures an event description, a case-sensitive string of 1 to 127 characters.
log: Logs the event when it occurs.
log-trap: Logs the event and sends an SNMP notification when the event occurs.
security-string: Represents the SNMP community name, a case-sensitive string of 1 to 127 characters.
none: Performs no action when the event occurs.
trap: Sends an SNMP notification when the event occurs.
owner text: Specifies the entry owner, a case-sensitive string of 1 to 127 characters.
|
NOTE: The SNMP community name setting for the security-string argument does not take effect even though you can configure it with the command. Instead, the system uses the settings you configure with SNMP when it sends RMON SNMP notifications. For more information about SNMP notifications, see Network Management and Monitoring Configuration Guide. |
Usage guidelines
You can create a maximum of 60 event entries.
You can associate an event entry with a standard or private alarm entry to specify the action to take when an alarm condition occurs. Depending on your configuration, the system logs the event, sends an SNMP notification, does both, or does neither.
You can associate an event with multiple alarm entries.
Examples
# Create an RMON log event entry. Specify its index as 10 and the entry owner as user1.
<Sysname> system-view
[Sysname] rmon event 10 log owner user1
Related commands
display rmon event
rmon alarm
rmon prialarm
rmon history
Use rmon history to create an RMON history control entry.
Use undo rmon history to remove an RMON history control entry.
Syntax
rmon history entry-number buckets number interval interval [ owner text ]
undo rmon history entry-number
Default
No RMON history control entries exist.
Views
Ethernet interface view
Predefined user roles
network-admin
Parameters
entry-number: Specifies a history control entry index in the range of 1 to 65535.
buckets number: Specifies the expected maximum number of samples to be retained for the entry, in the range of 1 to 65535. RMON can retain a maximum of 50 samples for each history control entry. If the expected bucket size exceeds the available history table size, RMON sets the bucket size as closely to the expected bucket size as is possible. However, the granted bucket size will not exceed 50. For example, the bucket size for a history control entry will be 30 if the expected bucket size is set to 55, but the available bucket size is only 30.
interval interval: Specifies the sampling interval in the range of 5 to 3600 seconds.
owner text: Specifies the entry owner, a case-sensitive string of 1 to 127 characters.
Usage guidelines
You can create RMON history control entries only for Layer 2 or Layer 3 Ethernet interfaces.
The system supports a maximum of 100 history control entries.
If an Ethernet interface has a history control entry, RMON periodically samples packet statistics on the interface and stores the samples to the history table. When the bucket size for the history control entry is reached, RMON overwrites the oldest sample with the most recent sample.
You can configure multiple history control entries for one interface. Make sure their entry numbers and sampling intervals are different.
Examples
# Create RMON history control entry 1 for GigabitEthernet 1/0/1.
<Sysname> system-view
[Sysname] interface gigabitethernet 1/0/1
[Sysname-GigabitEthernet1/0/1] rmon history 1 buckets 10 interval 5 owner user1
Related commands
display rmon history
rmon prialarm
Use rmon prialarm to create an RMON private alarm entry.
Use undo rmon prialarm to remove an RMON private alarm entry.
Syntax
rmon prialarm entry-number prialarm-formula prialarm-des sampling-interval { absolute | delta } [ startup-alarm { falling | rising | rising-falling } ] rising-threshold threshold-value1 event-entry1 falling-threshold threshold-value2 event-entry2 entrytype { forever | cycle cycle-period } [ owner text ]
undo rmon prialarm entry-number
Default
No RMON private alarm entries exist.
Views
System view
Predefined user roles
network-admin
Parameters
entry-number: Specifies a private alarm entry index in the range of 1 to 65535.
prialarm-formula: Configures a private alarm variable formula, a string of 1 to 255 characters. The variables in the formula must be represented in OID format that starts with a dot (.), for example, (.1.3.6.1.2.1.2.1.10.1)*8. You can configure a formula to perform the basic math operations of addition, subtraction, multiplication, and division on these variables. To get a correct calculation result, make sure the following conditions are met:
· The values of the variables in the formula are positive integers.
· The result of each calculating step is in the value range for long integers.
prialarm-des: Configures an entry description, a case-sensitive string of 1 to 127 characters.
sampling-interval: Sets the sampling interval in the range of 10 to 65535 seconds.
absolute: Specifies absolute sampling. RMON compares the value of the variable with the rising and falling thresholds at the end of the sampling interval.
delta: Specifies delta sampling. RMON subtracts the value of the variable at the previous sample from the current value, and then compares the difference with the rising and falling thresholds.
startup-alarm: Specifies alarms that can be generated when the alarm entry becomes valid. If you do not specify an alarm, RMON does the following:
· Generates a rising alarm if the first sample crosses the rising threshold.
· Generates a falling alarm if the first sample crosses the falling threshold.
rising: Generates a rising alarm if the first sample after the entry becomes valid is greater than or equal to the rising threshold.
falling: Generates a falling alarm if the first sample after the entry becomes valid is less than or equal to the rising threshold.
rising-falling: Generates a rising alarm or falling alarm if the first sample after the entry becomes valid crosses the rising threshold or falling threshold.
rising-threshold threshold-value1 event-entry1: Sets the rising threshold. The threshold-value1 argument represents the rising threshold in the range of –2147483648 to +2147483647. The event-entry1 argument represents the index of the event that is triggered when the rising threshold is crossed. The value range for the event-entry1 argument is 0 to 65535. If 0 is specified, the alarm does not trigger any event.
falling-threshold threshold-value2 event-entry2: Sets the falling threshold. The threshold-value2 argument represents the falling threshold in the range of –2147483648 to +2147483647. The event-entry2 argument represents the index of the event that is triggered when the falling threshold is crossed. The value range for the event-entry2 argument is 0 to 65535. If 0 is specified, the alarm does not trigger any event.
forever: Configures the entry as a permanent entry. RMON retains a permanent private alarm entry until it is manually deleted.
cycle cycle-period: Sets the lifetime of the entry, in the range of 0 to 4294967 seconds. RMON deletes the entry when its lifetime expires.
owner text: Specifies the entry owner, a case-sensitive string of 1 to 127 characters.
Usage guidelines
You can create a maximum of 50 private alarm entries.
Each alarm entry must have a unique alarm variable, sampling interval, sample type, rising threshold, or falling threshold. You cannot create an alarm entry if all these parameters for the entry are the same as an existing entry.
To trigger the event associated with an alarm condition, you must create the event with the rmon event command.
The RMON agent samples variables and takes an alarm action based on a private alarm entry as follows:
1. Periodically samples the variables specified in the private alarm formula.
2. Processes the sampled values with the formula.
3. Compares the calculation result with the predefined thresholds, and then takes one of the following actions:
¡ Triggers the event associated with the rising alarm event if the result is equal to or greater than the rising threshold.
¡ Triggers the event associated with the falling alarm event if the result is equal to or less than the falling threshold.
Examples
# Add a permanent private alarm entry to monitor the ratio of incoming broadcasts to the total number of incoming packets on GigabitEthernet 1/0/1. Log the rising alarm event when the ratio exceeds 80%, and take no actions when the ratio drops to 5%. The formula is (1.3.6.1.2.1.16.1.1.1.6.1*100/.1.3.6.1.2.1.16.1.1.1.5.1), where 1.3.6.1.2.1.16.1.1.1.6.1 is the OID of the object instance etherStatsBroadcastPkts.1, and 1.3.6.1.2.1.16.1.1.1.5.1 is the OID of the object instance etherStatsPkts.1.
<Sysname> system-view
[Sysname] rmon event 1 log
[Sysname] rmon event 2 none
[Sysname] interface gigabitethernet 1/0/1
[Sysname-GigabitEthernet1/0/1] rmon statistics 1
[Sysname-GigabitEthernet1/0/1] quit
[Sysname] rmon prialarm 1 (.1.3.6.1.2.1.16.1.1.1.6.1*100/.1.3.6.1.2.1.16.1.1.1.5.1) BroadcastPktsRatioOfEth1/1 10 absolute rising-threshold 80 1 falling-threshold 5 2 entrytype forever owner user1
The last number in the OID forms of variables must be the same as the statistics entry index for the interface. For example, if you execute the rmon statistics 5 command, you must replace 1.3.6.1.2.1.16.1.1.1.6.1 and 1.3.6.1.2.1.16.1.1.1.5.1 with 1.3.6.1.2.1.16.1.1.1.6.5 and 1.3.6.1.2.1.16.1.1.1.5.5, respectively.
Related commands
display rmon prialarm
rmon event
rmon statistics
Use rmon statistics to create an RMON statistics entry.
Use undo rmon statistics to remove an RMON statistics entry.
Syntax
rmon statistics entry-number [ owner text ]
undo rmon statistics entry-number
Default
No RMON statistics entry exists.
Views
Ethernet interface view
Predefined user roles
network-admin
Parameters
entry-number: Specifies a statistics entry index in the range of 1 to 65535.
owner text: Specifies the entry owner, a case-sensitive string of 1 to 127 characters.
Usage guidelines
You can create RMON statistics entries only for Layer 2 or Layer 3 Ethernet interfaces.
You can create one statistics entry for each Ethernet interface, and a maximum of 100 statistics entries on the device.
Each RMON statistics entry provides a set of cumulative traffic statistics collected up to the present time for an interface. Statistics include number of collisions, CRC alignment errors, number of undersize or oversize packets, number of broadcasts, number of multicasts, number of bytes received, and number of packets received. The statistics are cleared at a reboot.
To display the RMON statistics table, use the display rmon statistics command.
Examples
# Create an RMON statistics entry for GigabitEthernet 1/0/1. The index is 20 and the owner is user1.
<Sysname> system-view
[Sysname] interface gigabitethernet 1/0/1
[Sysname-GigabitEthernet1/0/1] rmon statistics 20 owner user1
Related commands
display rmon statistics
Event MIB commands
action
Use action to set an action for an event.
Use undo action to remove an action.
Syntax
undo action { notification | set }
Default
An event does not have an action.
Views
Event view
Predefined user roles
network-admin
Parameters
notification: Sets the notification action. The system sends a notification to the NMS when the event is triggered.
set: Sets the set action. The system sets a value for the specified MIB object when the event is triggered.
Usage guidelines
You can set both the set and notification actions for an event.
· When you set the set action, the system automatically creates a set entry and enters action-set view. You can configure the set action in this view.
· When you set the notification action, the system automatically creates a notification entry and enters action-notification view. You can configure the notification action in this view.
Examples
# Set the notification action for an event and specify the notification OID mteEventSetFailure for the action. Set the set action for the event and set the value to 2 for the monitored object ipForwarding.0.
[Sysname] snmp mib event owner owner1 name EventA
[Sysname-event-owner1-EventA] action notification
[Sysname-event-owner1-EventA-notification] oid mteEventSetFailure
[Sysname-event-owner1-EventA-notification] quit
[Sysname-event-owner1-EventA] action set
[Sysname-event-owner1-EventA-set] oid ipForwarding.0
[Sysname-event-owner1-EventA-set] value 2
Related commands
snmp mib event
comparison
Use comparison to specify a Boolean comparison type for the sampled value and the reference value.
Use undo comparison to restore the default.
Syntax
comparison { equal | greater | greaterorequal | less | lessorequal | unequal }
Default
The Boolean comparison type is unequal.
Views
Trigger-Boolean view
Predefined user roles
network-admin
Parameters
equal: Specifies the Boolean comparison type as equal. When the sampled value equals the reference value, the trigger condition is met.
greater: Specifies the Boolean comparison type as greater than. When the sampled value is greater than the reference value, the trigger condition is met.
greaterorequal: Specifies the Boolean comparison type as greater than or equal to. When the sampled value is greater than or equal to the reference value, the trigger condition is met.
less: Specifies the Boolean comparison type as smaller than. When the sampled value is smaller than the reference value, the trigger condition is met.
lessorequal: Specifies the Boolean comparison type as smaller than or equal to. When the sampled value is smaller than or equal to the reference value, the trigger condition is met.
unequal: Specifies the Boolean comparison type as unequal. When the sampled value is unequal to the reference value, the trigger condition is met.
Usage guidelines
If the sampled value meets the trigger condition at two or more samplings in succession, an event is triggered only at the first sampling.
For an event to be triggered at the first sampling, execute the startup enable command.
Examples
# Specify the Boolean comparison type as unequal.
[Sysname] snmp mib event trigger owner owner1 name triggerA
[Sysname-trigger-owner1-triggerA] test boolean
[Sysname-trigger-owner1-triggerA-boolean] comparison unequal
context (action-set view)
Use context to configure a context for the set-action object.
Use undo context to restore the default.
Syntax
context context-name
undo context
Default
A set action does not have a context.
Views
Action-set view
Predefined user roles
network-admin
Parameters
context-name: Specifies a context, a case-sensitive string of 1 to 32 characters.
Usage guidelines
To uniquely identify a set-action object, configure a context for it.
Examples
# Configure the context contextname1 for the set-action object.
<Sysname>system-view
[Sysname] snmp mib event owner owner1 name EventA
[Sysname-event-owner1-EventA] action set
[Sysname-event-owner1-EventA-set] context contextname1
Related commands
action
snmp mib event owner
wildcard context
context (trigger view)
Use context to configure a context for a monitored object.
Use undo context to restore the default.
Syntax
Default
A monitored object does not have a context.
Views
Trigger view
Predefined user roles
network-admin
Parameters
context-name: Specifies a context, a case-sensitive string of 1 to 32 characters.
Usage guidelines
To uniquely identify a monitored object, configure a context for it.
Examples
# Configure the context contextname1 for a monitored object.
[Sysname] snmp mib event trigger owner owner1 name triggerA
[Sysname-trigger-owner1-triggerA] context contextname1
Related commands
delta falling
Use delta falling to set a delta falling threshold and specify a falling event..
Use undo delta falling to restore the default.
Syntax
delta falling { event owner event-owner name event-name | value integer-value }
undo delta falling { event | value }
Default
The delta falling threshold is 0, and no falling event is specified.
Views
Trigger-threshold view
Predefined user roles
network-admin
Parameters
event owner event-owner name event-name: Specifies an event by its owner and its name. Use the trigger owner as the event owner. The event-name argument is a case-sensitive string of 1 to 32 characters.
value integer-value: Specifies a delta falling threshold in the range of –2147483648 to 2147483647. The value must be smaller than or equal to the delta rising threshold.
Usage guidelines
A falling event is triggered if the delta value (difference between the current sampled value and the previous sampled value) is smaller than or equal to the delta falling threshold.
If the delta value crosses the delta falling threshold multiple times in succession, a falling event is triggered only for the first crossing.
Examples
# Set the delta falling threshold to 20.
[Sysname] snmp mib event trigger owner owner1 name triggerA
[Sysname-trigger-owner1-triggerA] test threshold
[Sysname-trigger-owner1-triggerA-threshold] delta falling value 20
Related commands
snmp mib event trigger
delta rising
Use delta rising to set a delta rising threshold and specify a rising event.
Use undo delta rising to restore the default.
Syntax
delta rising { event owner event-owner name event-name | value integer-value }
undo delta rising { event | value }
Default
The delta rising threshold is 0, and no rising event is specified.
Views
Trigger-threshold view
Predefined user roles
network-admin
Parameters
event owner event-owner name event-name: Specifies an event by its owner and its name. Use the trigger owner as the event owner. The event-name argument is a case-sensitive string of 1 to 32 characters.
value integer-value: Specifies a delta rising threshold in the range of –2147483648 to 2147483647. The value must be greater than or equal to the delta falling threshold.
Usage guidelines
A rising event is triggered if the delta value is greater than or equal to the delta rising threshold.
If the delta value of the monitored object crosses the delta rising threshold multiple times in succession, a rising event is triggered only for the first crossing.
Examples
# Set the delta rising threshold to 50, and specify the event with the owner owner1 and the name event1 as the rising event.
[Sysname] snmp mib event trigger owner owner1 name triggerA
[Sysname-trigger-owner1-triggerA] test threshold
[Sysname-trigger-owner1-triggerA-threshold] delta rising value 50
[Sysname-trigger-owner1-triggerA-threshold] delta rising event owner owner1 name event1
Related commands
sample
snmp mib event trigger
test
description (event view)
Use description to configure a description for an event.
Use undo description to restore the default.
Syntax
description text
undo description
Default
An event does not have a description.
Views
Event view
Predefined user roles
network-admin
Parameters
text: Specifies a description, a case-sensitive string of 1 to 255 characters.
Examples
# Configure the description EventA is an RMON event for the event with the owner owner1 and the name eventA.
[Sysname] snmp mib event owner owner1 name EventA
[Sysname-event-owner1-EventA] description EventA is an RMON event
Related commands
snmp mib event owner
description (trigger view)
Use description to configure a description for a trigger.
Use undo description to restore the default.
Syntax
Default
A trigger does not have a description.
Views
Trigger view
Predefined user roles
network-admin
Parameters
text: Specifies a description, a case-sensitive string of 1 to 255 characters.
Examples
# Configure the description triggerA is configured for configured for network management events for the trigger with the owner owner1 and the name triggerA.
[Sysname] snmp mib event trigger owner owner1 name triggerA
[Sysname-trigger-owner1-triggerA] description triggerA is configured for network management events
snmp mib event trigger
display snmp mib event
Use display snmp mib event to display Event MIB configuration and statistics.
Syntax
display snmp mib event
Views
Any view
Predefined user roles
Examples
# Display Event MIB configuration and statistics.
<Sysname> display snmp mib event
TriggerFailures : 0
EventFailures : 0
SampleMinimum : 1
SampleInstanceMaximum : 0
SampleInstance : 0
SampleInstancesHigh : 0
SampleInstanceLacks : 0
Trigger entry triggerA owned by owner1:
TriggerComment : triggerA is to monitor the state of the interface
TriggerTest : boolean
TriggerSampleType : absoluteValue
TriggerValueID : 1.3.6.1.2.1.2.2.1.7.3<ifAdminStatus.3>
TriggerValueIDWildcard : false
TriggerTargetTag : N/A
TriggerContextName : context1
TriggerContextNameWildcard : true
TriggerFrequency(in seconds): 600
TriggerEnabled : true
Boolean entry:
BoolCmp : unequal
BoolValue : 1
BoolStartUp : true
BoolObjOwner : owner1
BoolObjName : Objects1
BoolEvtOwner : N/A
BoolEvtName : N/A
Event entry eventA owned by owner2:
EvtComment : event is to set ifAdminStatus
EvtAction : Notification | Set
EvtEnabled : true
Notification entry:
NotifyOID : 1.3.6.1.2.1.88.2.0.1<mteTriggerFired>
NotifyObjOwner : N/A
NotifyObjName : N/A
Set entry:
SetObj : 1.3.6.1.2.1.2.2.1.7<ifAdminStatus>
SetObjWildcard : true
SetValue : 2
SetTargetTag : N/A
SetContextName : context1
SetContextNameWildcard : false
Object list objectA owned by owner3:
ObjIndex : 1
ObjID : 1.3.6.1.2.1.2.1.0<ifNumber.0>
ObjIDWildcard : false
Object list objectA owned by owner3:
ObjIndex : 2
ObjID : 1.3.6.1.2.1.2.2.1.2.0<ifDescr.0>
ObjIDWildcard : false
For more information about the command output, see Table 50 to Table 53.
Related commands
snmp mib event trigger
display snmp mib event event
Use display snmp mib event event to display information about an event and the event actions.
Syntax
display snmp mib event event [ owner event-owner name event-name ]
Views
Any view
Predefined user roles
Parameters
owner event-owner name event-name: Specifies an event by its owner and name. The event-owner argument must be an existing SNMPv3 user. The event-name argument is a case-sensitive string of 1 to 32 characters. If you do not specify an event, this command displays information about all events and event actions.
Examples
# Display information about the event with the owner owner2 and name eventA and the event actions.
<Sysname> display snmp mib event event owner owner2 name eventA
Event entry eventA owned by owner2:
EvtComment : event is to set ifAdminStatus
EvtAction : Notification | Set
EvtEnabled : true
Notification entry:
NotifyOID : 1.3.6.1.2.1.88.2.0.1<mteTriggerFired>
NotifyObjOwner : N/A
NotifyObjName : N/A
Set entry:
SetObj : 1.3.6.1.2.1.2.2.1.7<ifAdminStatus>
SetObjWildcard : true
SetValue : 2
SetTargetTag : N/A
SetContextName : context1
SetContextNameWildcard : false
Field |
Description |
Event entry |
|
Description for the event. |
|
Event actions: · Set action. · Notification action. |
|
Event status: · Enabled. · Disabled. |
|
Notification entry |
|
Notification OID. |
|
Owner of the notification-action object. |
|
Name of the object list to be added to the notification. |
|
Set entry |
|
OID of the set-action object. |
|
Wildcarding option for the OID: · false—Specifies an object by its OID. · true—Enables wildcard search for OIDs. |
|
Value of the set-action object. |
|
Remote tag for the set-action object.. |
|
Context for the set-action object. |
|
Wildcarding option for the context · false—Specifies a context. · true—Enables wildcard search for the context. |
snmp mib event
display snmp mib event object list
Use display snmp mib event event to display information about object lists.
Syntax
display snmp mib event object list [ owner objects-owner name objects-name ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
owner objects-owner name objects name: Specifies an object list by its owner and name. The objects-owner argument must be an existing SNMPv3 user. The objects name argument is a case-sensitive string of 1 to 32 characters. If you do not specify an object list, this command displays information about all object lists.
Examples
# Display information about the object list with the owner owner3 and name objectA.
<Sysname> display snmp mib event object list owner owner3 name objectA
Object list objectA owned by owner3:
ObjIndex : 1
ObjID : 1.3.6.1.2.1.2.1.0<ifNumber.0>
ObjIDWildcard : false
Object list objectA owned by owner3:
ObjIndex : 2
ObjID : 1.3.6.1.2.1.2.2.1.2.0<ifDescr.0>
ObjIDWildcard : false
Table 51 Command output
Field |
Description |
Index of the object. |
|
OID of the object. |
|
Wildcarding option for the OID: · false—Specifies the OID. · true—Enables wildcarded search for the OID. |
Related commands
display snmp mib event summary
Use display snmp mib event summary to display the Event MIB brief information.
Syntax
display snmp mib event summary
Views
Any view
Predefined user roles
Examples
# Display Event MIB brief information.
<Sysname> display snmp mib event summary
TriggerFailures : 0
EventFailures : 0
SampleMinimum : 1
SampleInstanceMaximum : 0
SampleInstance : 0
SampleInstancesHigh : 0
SampleInstanceLacks : 0
Field |
Description |
Number of trigger test failures. |
|
Number of notification or set action failures. |
|
Minimum sampling interval. |
|
Maximum number of sampled instances. |
|
Number of current sampled instances.. |
|
Maximum number of sampled instances. |
|
Number of sampling failures after the maximum number of sampled instances is reached. |
Related commands
display snmp mib event trigger
Use display snmp mib event trigger to display information about a trigger and the trigger tests.
Syntax
display snmp mib event trigger [ owner trigger-owner name trigger-name ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
owner trigger-owner name trigger name: Specifies a trigger by its owner and name. The trigger-owner argument must be an existing SNMPv3 user. The trigger-name argument is case-sensitive string of 1 to 32 characters. If you do not specify a trigger, this command displays information about all triggers and trigger tests.
Examples
# Display information about the trigger with the owner owner1 and the name triggerA and the trigger tests.
<Sysname> display snmp mib event trigger owner owner1 name triggerA
Trigger entry triggerA owned by owner1:
TriggerComment : triggerA is to monitor the state of the interface
TriggerTest : existence | boolean | threshold
TriggerSampleType : absoluteValue
TriggerValueID : 1.3.6.1.2.1.2.2.1.7.3<ifAdminStatus.3>
TriggerValueIDWildcard : false
TriggerTargetTag : N/A
TriggerContextName : context1
TriggerContextNameWildcard : true
TriggerFrequency(in seconds): 600
TriggerObjOwner : owner1
TriggerObjName : obj1
TriggerEnabled : true
Existence entry:
ExiTest : present | absent
ExiStartUp : present | absent
ExiObjOwner : owner1
ExiObjName : object1
ExiEvtOwner : owner1
ExiEvtName : event1
Boolean entry:
BoolCmp : unequal
BoolValue : 1
BoolStartUp : true
BoolObjOwner : owner1
BoolObjName : Objects1
BoolEvtOwner : N/A
BoolEvtName : N/A
Threshold entry:
ThresStartUp : falling
ThresRising : 40
ThresFalling : 20
ThresDeltaRising : 40
ThresDeltaFalling : 20
ThresObjOwner : N/A
ThresObjName : N/A
ThresRisEvtOwner : owner1
ThresRisEvtName : event1
ThresFalEvtOwner : owner1
ThresFalEvtName : event1
ThresDeltaRisEvtOwner : owner1
ThresDeltaRisEvtName : event1
ThresDeltaFalEvtOwner : owner1
ThresDeltaFalEvtName : event1
Field |
Description |
Trigger entry |
|
Description for the trigger. |
|
Trigger test type: · Existence. · Boolean. · Threshold. |
|
Trigger sampling method: · absoluteValue—Absolute sampling. · deltaValue—Delta sampling. |
|
OID of the monitored object. |
|
Wildcarding option for the OID: · false—Object OIDs are fully specified. · true—Object OIDs are wildcarded. |
|
Remote tag for the monitored object. |
|
Context for an object. |
|
Wildcarding option for the context · false—Contexts are fully specified. · true—Contexts are wildcarded. |
|
Trigger sampling interval. |
|
Owner of the trigger object. |
|
Name of the trigger object. |
|
Trigger status: · Enabled. · Disabled. |
|
Existence entry |
|
Type of the existence test: · present. · absent. · changed. |
|
Type of the existence test for the first sampling: · present. · absent. · changed. |
|
Owner of the existence test object. |
|
Name of the existence test object. |
|
Owner of the existence test event. |
|
Name of the existence test event. |
|
Boolean entry |
|
Boolean test type: · unequal. · equal. · less. · lessorequal. · greater. · greaterorequal. |
|
Reference value for the Boolean test. |
|
Whether the event is enabled for the first sampling: · true—The event is enabled for the first sampling. · false—The event is disabled for the first sampling. |
|
Owner of the Boolean test object. |
|
Name of the Boolean test object. |
|
Owner of the Boolean event. |
|
Name of the Boolean event. |
|
Threshold entry |
|
Threshold trigger test for the first sampling: · rising. · falling. · risingOrFalling. |
|
Rising threshold. |
|
Falling threshold. |
|
Delta rising threshold. |
|
Delta falling threshold. |
|
Owner of the threshold test object. |
|
Name of the threshold test object. |
|
Owner of the rising event. |
|
Name of the rising event. |
|
Owner of the falling event. |
|
Name of the falling event. |
|
Owner of the Delta rising event. |
|
Name of the Delta rising event. |
|
Owner of the Delta falling event. |
|
Name of the Delta falling event. |
Related commands
event enable
Use event enable to enable an event.
Use undo event enable to disable an event.
Syntax
Default
An event is disabled.
Views
Event view
Predefined user roles
network-admin
Usage guidelines
For an event to be triggered when the trigger condition is met, execute the event enable command.
Examples
# Enable the event with the owner owner1 and the name EventA.
[Sysname] snmp mib event owner owner1 name EventA
[Sysname-event-owner1-EventA] event enable
Related commands
snmp mib event
event owner (trigger-Boolean view)
Use event owner to specify an event for a Boolean test.
Use undo event to restore the default.
Syntax
event owner event-owner name event-name
Default
No event is specified for a Boolean test.
Views
Trigger-Boolean view
Predefined user roles
network-admin
Parameters
event owner event-owner: Specifies the owner of an event. Use the trigger owner as the event owner.
name event-name: Specifies the name of an event, a case-sensitive string of 1 to 32 characters.
Examples
# Specify an event for a Boolean test.
[Sysname] snmp mib event trigger owner owner1 name triggerA
[Sysname-trigger-owner1-triggerA] test boolean
[Sysname-trigger-owner1-triggerA-boolean] event owner owner1 name event1
Related commands
event owner (trigger-existence view)
Use event owner to specify an event for an existence test.
Use undo event to restore the default.
Syntax
event owner event-owner name event-name
undo event
Default
No event is specified for an existence test.
Views
Trigger-existence view
Predefined user roles
network-admin
Parameters
event owner event-owner: Specifies the owner of an event. Use the trigger owner as the event owner.
name event-name: Specifies the name of an event, a case-sensitive string of 1 to 32 characters.
Examples
# Specify an event for an existence test.
[Sysname] snmp mib event trigger owner owner1 name triggerA
[Sysname-trigger-owner1-triggerA] test existence
[Sysname-trigger-owner1-triggerA-existence] event owner owner1 name event1
Related commands
snmp mib event trigger
test
falling
Use falling to set a falling threshold and specify a falling event.
Use undo falling to restore the default.
Syntax
falling { event owner event-owner name event-name | value integer-value }
undo falling { event | value }
Default
The falling threshold is 0, and no falling event is specified.
Views
Trigger-threshold view
Predefined user roles
network-admin
Parameters
event owner event-owner: Specifies the owner of an event. Use the trigger owner as the event owner.
name event-name: Specifies the name of an event, a case-sensitive string of 1 to 32 characters.
value integer-value: Specifies a falling threshold in the range of –2147483648 to 2147483647. The value must be smaller than or equal to the rising threshold.
Usage guidelines
A falling event is triggered if the value of the monitored object is smaller than or equal to the falling threshold.
If the value of the monitored object crosses the falling threshold at two or more samplings in succession, the event is triggered only at the first sampling.
Examples
# Set the falling threshold to 20.
[Sysname] snmp mib event trigger owner owner1 name triggerA
[Sysname-trigger-owner1-triggerA] test threshold
[Sysname-trigger-owner1-triggerA-threshold] falling value 20
Related commands
snmp mib event trigger
frequency
Use frequency to set a sampling interval.
Use undo event to restore the default.
Syntax
frequency interval
undo frequency
Default
The sampling interval is 600 seconds.
Views
Trigger view
Predefined user roles
network-admin
Parameters
interval: Specifies a sampling interval in the range of 1 to 4294967295 seconds. The sampling interval must be greater than or equal to the minimum sampling interval.
Usage guidelines
To set the minimum sampling interval, execute the snmp mib event sample minimum command.
To avoid sampling failure, do not set the sampling interval too small when there are a large number of sampled objects.
Examples
# Set the sampling interval for a trigger to 360 seconds.
<Sysname> system-view
[Sysname] snmp mib event trigger owner owner1 name triggerA
[Sysname-trigger-owner1-triggerA] frequency 360
Related commands
snmp mib event sample minimum
snmp mib event trigger
object list (action-notification view)
Use object list to specify an object list for a notification action. The objects in the list will be added to the notification when the notification action is triggered.
Use undo object list to restore the default.
Syntax
object list owner objects-owner name objects-name
undo object list
Default
No object list is specified for a notification action.
Views
Action-notification view
Predefined user roles
network-admin
Parameters
owner objects-owner: Specifies an object list owner. Use the event owner as the object list owner.
name objects-name: Specifies an object list name, a case-sensitive string of 1 to 32 characters.
Usage guidelines
If you do not specify an object list for a notification action or the specified object list does not contain objects, no objects will be added to the triggered notification.
For more information, see "object list (trigger view)."
Examples
# Specify the object list with the owner owner1 and name listA for an event with the owner owner1 and name EventA.
[Sysname] snmp mib event owner owner1 name EventA
[Sysname-event-owner1-EventA] action notification
[Sysname-event-owner1-EventA-notification] object list owner owner1 name listA
Related commands
snmp mib event owner
object list (trigger view)
Use object list to specify an object list for a trigge. The objects in the list will be added to the triggered notification.
Use undo object list to restore the default.
Syntax
object list owner objects-owner name objects-name
Default
No object list is specified for a trigger.
Views
Trigger view
Predefined user roles
network-admin
Parameters
owner objects-owner: Specifies an object list owner. Use the trigger owner as the object list owner.
name objects-name: Specifies an object list name, a case-sensitive string of 1 to 32 characters.
Usage guidelines
An object list is identified by its owner and name. After you specify a list of objects for a trigger, the objects in the list are added to the notification when the notification action is triggered.
You can configure the object list command in trigger view, trigger-test view (including trigger-Boolean view, trigger existence view, and trigger threshold view), and action-notification view. If the command is configured in any two of the views or all the three views, the object lists are added to the notification in the sequence: trigger view, trigger-test view, and action-notification view.
Examples
# Specify the object list with the owner owner1 and name objectA for a trigger.
[Sysname] snmp mib event trigger owner owner1 name triggerA
[Sysname-trigger-owner1-triggerA] object list owner owner1 name objectA
Related commands
object list (trigger-Boolean view)
Use object list to specify an object list for a Boolean trigger test. The objects in the list will be added to the notification triggered by the test.
Use undo object list to restore the default.
Syntax
object list objects-owner name objects-name
undo object list
Default
No object list is specified for a Boolean trigger test.
Views
Trigger-Boolean view
Predefined user roles
network-admin
Parameters
owner objects-owner: Specifies an object list owner. Use the trigger owner as the object list owner.
name objects-name: Specifies an object list name, a case-sensitive string of 1 to 32 characters.
Usage guidelines
For more information, see "object list (trigger view)."
Examples
# Specify the object list with the owner owner1 and name objectA for the trigger-Boolean trigger test.
[Sysname] snmp mib event trigger owner owner1 name triggerA
[Sysname-trigger-owner1-triggerA] test boolean
[Sysname-trigger-owner1-triggerA-boolean] object list owner owner1 name objectA
Related commands
object list (trigger-existence view)
Use object list to specify an object list for a Boolean trigger test. The objects in the list will be added to the notification triggered by the test.
Use undo object list to restore the default.
Syntax
object list owner objects-owner name objects-name
undo object list
Default
No object list is specified for a trigger-existence test.
Views
Trigger-existence view
Predefined user roles
network-admin
Parameters
owner objects-owner: Specifies an object list owner. Use the trigger owner as the object list owner.
name objects-name: Specifies an object list name, a case-sensitive string of 1 to 32 characters.
Usage guidelines
For more information, see "object list (trigger view)."
Examples
# Specify the object list with the owner owner1 and name objectA for the trigger-existence test.
[Sysname] snmp mib event trigger owner owner1 name triggerA
[Sysname-trigger-owner1-triggerA] test existence
[Sysname-trigger-owner1-triggerA-existence] object list owner owner1 name objectA
Related commands
snmp mib event trigger
test
object list (trigger-threshold view)
Use object list to specify an object list for a trigger-threshold test. The objects in the list will be added to the notification triggered by the test.
Use undo object list to restore the default.
Syntax
object list owner objects-owner name objects-name
undo object list
Default
No object list is specified for a trigger-threshold test.
Views
Trigger-threshold view
Predefined user roles
network-admin
Parameters
owner objects-owner: Specifies an object list owner. Use the trigger owner as the object list owner.
name objects-name: Specifies an object list name, a case-sensitive string of 1 to 32 characters.
Usage guidelines
For more information, see "object list (trigger view)."
Examples
# Specify the object list with the owner owner1 and name objectA for the trigger-threshold test.
[Sysname] snmp mib event trigger owner owner1 name triggerA
[Sysname-trigger-owner1-triggerA] test threshold
[Sysname-trigger-owner1-triggerA-threshold] object list owner owner1 name objectA
Related commands
snmp mib event trigger
test
oid (action-notification view)
Use oid to specify a notification to be sent when the notification action is triggered.
Use undo oid to restore the default.
Syntax
oid object-identifier
undo oid
Default
The OID is 0.0. No notification is specified for a notification action.
Views
Action-notification view
Predefined user roles
network-admin
Parameters
object-identifier: Specifies a notification OID, a case-sensitive string of 1 to 255 characters. It must be a trap node.
Usage guidelines
The notification OID configured by using this command will be carried in the notification when the notification action is taken.
Examples
# Specify the notification OID 1.3.6.1.2.1.14.16.2.1 for the event with the owner owner1 and name EventA.
[Sysname] snmp mib event owner owner1 name EventA
[Sysname-event-owner1-EventA] action notification
[Sysname-event-owner1-EventA-notification] oid 1.3.6.1.2.1.14.16.2.1
Related commands
snmp mib event owner
oid (action-set view)
Use oid to specify a set-action object.
Use undo oid to restore the default.
Syntax
oid object-identifier
undo oid
Default
The OID is 0.0. No object is specified for a set action.
Views
Action-set view
Predefined user roles
network-admin
Parameters
object-identifier: Specifies an object by its OID or name, a case-sensitive string of 1 to 255 characters. The object can be a table node, conceptual row node, table column node, leaf node, or parent leaf node.
Examples
# Specify the object with the OID 1.3.6.1.2.1.2.2.1.7.3 for the set action of an event with the owner owner1 and name EventA.
[Sysname] snmp mib event owner owner1 name EventA
[Sysname-event-owner1-EventA] action set
[Sysname-event-owner1-EventA-set] oid 1.3.6.1.2.1.2.2.1.7.3
Related commands
snmp mib event owner
wildcard oid (action-set view)
oid (trigger view)
Use oid to specify a MIB object for trigger sampling.
Use undo oid to restore the default.
Syntax
Default
The OID is 0.0. No MIB object is specified for trigger sampling.
Views
Trigger view
Predefined user roles
network-admin
Parameters
object-identifier: Specifies an object by its OID or name, a case-sensitive string of 1 to 255 characters. The object can be a table node, conceptual row node, table column node, leaf node, or parent leaf node.
Examples
# Specify the object with the OID 1.3.6.1.2.1.2.2.1.1.3 for trigger sampling.
[Sysname] snmp mib event trigger owner owner1 name triggerA
[Sysname-trigger-owner1-triggerA] oid 1.3.6.1.2.1.2.2.1.1.3
Related commands
rising
Use rising to specify a rising threshold.
Use undo rising to restore the default.
Syntax
rising { event owner event-owner name event-name | value integer-value }
undo rising { event | value }
Default
The rising threshold is 0, and no rising event is specified.
Views
Trigger-threshold view
Predefined user roles
network-admin
Parameters
event owner event-owner: Specifies an event owner. Use the trigger owner as the event owner.
name event-name: Specifies an event name, a case-sensitive string of 1 to 32 characters.
value integer-value: Specifies a rising threshold in the range of –2147483648 to 2147483647. The value must be greater than or equal to the falling threshold.
Usage guidelines
If the value of the monitored object crosses the rising threshold at two or more samplings in succession, an event is triggered only at the first sampling.
Examples
# Set the rising threshold to 50 and specify the rising event with the owner owner1 and name event1 for the threshold test.
[Sysname] snmp mib event trigger owner owner1 name triggerA
[Sysname-trigger-owner1-triggerA] test threshold
[Sysname-trigger-owner1-triggerA-threshold] rising value 50
[Sysname-trigger-owner1-triggerA-threshold] rising event owner owner1 name event1
Related commands
snmp mib event trigger
sample
Use sample to specify a sampling method.
Use undo sample to restore the default.
Syntax
Default
The sampling method is absolute.
Views
Trigger view
Predefined user roles
network-admin
Parameters
absolute: Specifies the absolute sampling method. Use the current sampled value.
delta: Specifies the delta sampling method. Use the difference between the current sampled value and previous sampled value.
Usage guidelines
For delta sampling, obtain the difference between the current sampled value and previous sampled value as follows:
· If the object value is UINT type, use the larger value to subtract the smaller value.
· If the object value is INT type, use the present sampled value to subtract the previous sampled value.
Examples
# Specify the absolute sampling method.
[Sysname] snmp mib event trigger owner owner1 name triggerA
[Sysname-trigger-owner1-triggerA] sample absolute
Related commands
snmp mib event
Use snmp mib event to create an event and enter its view, or enter the view of an exsiting event.
Use undo snmp mib event to remove an event.
Syntax
snmp mib event owner event-owner name event-name
undo snmp mib event owner event-owner name event-name
Default
No event exists.
Views
System view
Predefined user roles
Parameters
event-owner: Specifies an event owner. The event owner must be an existing SNMPv3 user.
event-name: Specifies an event name, a case-sensitive string of 1 to 32 characters.
Usage guidelines
An event is identified by its owner and name.
Examples
# Create an event with the owner owner1 and the name EventA and enter its view.
[Sysname] snmp mib event owner owner1 name EventA
[Sysname-event-owner1-EventA]
Related commands
description
snmp mib event
snmp mib event object list
Use snmp mib event object list to configure an Event MIB object list.
Use undo snmp mib event object list to restore the default.
Syntax
undo snmp mib event object list owner objects-owner name objects-name objects-index
Default
No Event MIB object list is configured.
Views
System view
Predefined user roles
network-admin
Parameters
owner group-owner: Specifies an object list owner. The object list owner must be an existing SNMPv3 user.
name group-name: Specifies an object list name, a case-sensitive string of 1 to 32 characters.
object-index argument: Specifies an object list index in the range of 1 to 4294967295.
oid object-identifier: Specifies an object by its OID or name, a case-sensitive string of 1 to 255 characters. The object can be a table node, a conceptual row node, a table column node, a leaf mode, or a parent leaf node.
wildcard: Enables wildcard search for objects. If you do not specify this keyword, the object is specified.
Usage guidelines
An object list is identified by its owner, name, and index. The specified objects in the object list will be carried in the triggered notification to the NMS.
Examples
# Configure an object list with the owner owner1, name objectA, and index 10. Specify the object with the OID 1.3.6.1.2.1.2.2.1.1.3 to be carried in the triggered notification.
[Sysname] snmp mib event object list owner owner1 name objectA 10 oid 1.3.6.1.2.1.2.2.1.1.3
Related commands
snmp mib event sample instance maximum
Use snmp mib event sample instance maximum to specify the maximum number of object instances that can be concurrently sampled.
Use undo snmp mib event sample instance maximum to restore the default.
Syntax
snmp mib event sample instance maximum max-number
undo snmp mib event sample instance maximum
Default
The maximum number of object instances that can be concurrently sampled is limited by the available resources. The value is 0.
Views
System view
Predefined user roles
network-admin
Parameters
max-number: Specifies the maximum number of object instances that can be concurrently sampled. The value is in the range of 0 to 4294967295.
Usage guidelines
If you use the wildcard option for an object, Event MIB also samples the wildcarded object instances. Include the wildcarded object instances when you calculate the number of the concurrently sampled instances.
Changing the maximum number of object instances that can be concurrently sampled does not affect the existing instances. If the maximum number of object instances that can be concurrently sampled is changed to a value smaller than the number of existing instances, the existing instances will continue to be sampled.
Examples
# Set the maximum number to 10 for the object instances that can be concurrently sampled.
[Sysname] snmp mib event sample instance maximum 10
Related commands
snmp mib event sample minimum
Use snmp mib event sample minimum to specify the minimum sampling interval.
Use undo snmp mib event sample minimum to restore the default.
Syntax
snmp mib event sample minimum min-number
undo snmp mib event sample minimum
Default
The minimum sampling interval is 1 second.
Views
System view
Predefined user roles
network-admin
Parameters
min-number: Specifies the minimum sampling interval in the range of 1 to 2147483647, in seconds.
Usage guidelines
After you configure the minimum sampling interval, make sure the trigger sampling interval is greater than or equal to the minimum sampling interval.
Changing the minimum sampling interval does not affect the existing instances. If the minimum sampling interval is changed to a value smaller than the sampling interval of a trigger, the existing instances of the trigger will continue to be sampled at its interval.
Examples
# Set the minimum sampling interval to 50 seconds.
[Sysname] snmp mib event sample minimum 50
Related commands
snmp mib event trigger
snmp mib event trigger
Use snmp mib event trigger to create a trigger and enter its view, or enter the view of an existing trigger.
Use undo snmp mib event trigger to remove a trigger.
Syntax
snmp mib event trigger owner trigger-owner name trigger-name
undo snmp mib event trigger owner trigger-owner name trigger-name
Default
No trigger exists.
Views
System view
Predefined user roles
network-admin
Parameters
trigger-owner: Specifies an owner for a trigger, which must be an existing SNMPv3 user.
trigger-name: Specifies a name for a trigger, a case-sensitive string of 1 to 32 characters.
Usage guidelines
A trigger is identified by its owner and name. In trigger view, you can specify a monitored object and set an interval for sampling the object. An event is triggered when the sampled object meets the trigger condition.
If the trigger owner has no read access to the monitored object configured in trigger view, sampling on the object cannot be performed. For more information about SNMPv3 user access rights, see Network Management and Monitoring Configuration Guide.
Examples
# Create a trigger with the owner owner1 and name triggerA.
<Sysname> system-view
[Sysname] snmp mib event trigger owner owner1 name triggerA
[Sysname-trigger-owner1-triggerA]
snmp-agent trap enable event-mib
Use snmp-agent trap enable event-mib to enable the Event MIB trap feature.
Use undo snmp-agent trap enable event-mib to disable the Event MIB trap feature.
Syntax
snmp-agent trap enable event-mib
undo snmp-agent trap enable event-mib
Default
The Event MIB trap feature is enabled.
Views
System view
Predefined user roles
network-admin
Usage guidelines
After you enable the Event MIB trap feature, traps are generated when object sampling fails or a trigger condition is met and sent to the SNMP module. Traps include trigger trap, rising threshold break trap, falling threshold break trap, trigger-condition detection failure trap, and set-action trigger failure trap.
For the traps to be sent correctly, you must also configure SNMP on the device. For more information about SNMP configuration, see Network Management and Monitoring Configuration Guide.
Examples
# Enable the event MIB trap feature.
[Sysname] snmp-agent trap enable event-mib
startup (trigger-existence view)
Use startup to specify existence trigger test types for the first sampling.
Use undo startup to remove the existence trigger test types for the first sampling.
Syntax
undo startup { absent | present }
Default
The existence test types for the first sampling are present and absent.
Views
Trigger-existence view
Predefined user roles
network-admin
Parameters
absent: Monitors the absence of a MIB object.
present: Monitors the presence of a MIB object.
Usage guidelines
For the first sampling, an event is triggered when the following conditions are met:
· Both the startup and type commands specify the existence test type as present and the state of the monitored object changes to present at the first sampling. If the monitored objects are wildcarded, the event is triggered independently for each wildcarded object.
· Both the startup command and type commands specify the existence trigger test type as absent and the state of the monitored object changes to absent at the first sampling. If the monitored objects are wildcarded, no event is triggered.
Examples
# Remove the present test configuration for the first sampling.
[Sysname] snmp mib event trigger owner owner1 name triggerA
[Sysname-trigger-owner1-triggerA] test existence
[Sysname-trigger-owner1-triggerA-existence] undo startup present
Related commands
type
startup (trigger-threshold view)
Use startup to specify a threshold trap type for the first sampling.
Use undo startup to restore the default.
Syntax
startup { falling | rising | rising-or-falling }
Default
The threshold trap type for the first sampling is rising-or-falling.
Views
Trigger-threshold view
Predefined user roles
network-admin
Parameters
falling: Specifies the falling trap.
rising: Specifies the rising trap.
rising-or-falling: Specifies the rising or falling trap.
Usage guidelines
If the trap type for the first sampling is rising or rising-or-falling, a rising trap is triggered when the first sample value is greater than or equal to the rising threshold.
If the trap type for the first sampling is rising or rising-or-falling, a falling trap is triggered when the first sample value is smaller than or equal to the rising threshold.
If the first sampling fails or the monitored object does not exist at the first sampling, the second sampling is considered the first sampling.
Examples
# Specify the rising trap for the first sampling.
[Sysname] snmp mib event trigger owner owner1 name triggerA
[Sysname-trigger-owner1-triggerA] test threshold
[Sysname-trigger-owner1-triggerA-threshold] startup rising
Related commands
snmp mib event trigger
startup enable
Use startup enable to enable an event to be triggered for the first Boolean sampling.
Use undo startup enable to disable an event to be triggered for the first Boolean sampling.
Syntax
Default
An event is triggered for the first Boolean sampling.
Views
Trigger-Boolean view
Predefined user roles
network-admin
Usage guidelines
For an event to be triggered when a trigger condition is met at the first Boolean sampling, execute the startup enable command.
If the first sampling fails or the monitored object does not exist at the first sampling, the second sampling is considered the first sampling.
Examples
# Trigger an event for the first Boolean sampling.
[Sysname] snmp mib event trigger owner owner1 name triggerA
[Sysname-trigger-owner1-triggerA] test boolean
[Sysname-trigger-owner1-triggerA-boolean] startup enable
Related commands
test
Use test to specify a trigger test type and enter its view.
Use undo test to remove a trigger test type.
Syntax
test { boolean | existence | threshold }
undo test { boolean | existence | threshold }
Default
No test type is specified for a trigger.
Views
Trigger view
Predefined user roles
network-admin
Parameters
boolean: Specifies the Boolean test. This test compares the value of the monitored object with the reference value.
existence: Specifies the existence test. This test monitors the absence, presence, and change of the monitored object.
threshold: Specifies the threshold test. This test compares the value of the monitored object with the specified thresholds, such as rising threshold and falling threshold.
Usage guidelines
For more information about the trigger tests, see the commands in the trigger-Boolean view, trigger-existence view, and trigger-threshold view .
Examples
# Specify the existence test for a trigger.
[Sysname] snmp mib event trigger owner owner1 name triggerA
[Sysname-trigger-owner1-triggerA] test existence
Related commands
trigger enable
Use trigger enable to enable a trigger.
Use undo trigger enable to disable a trigger.
Syntax
Default
A trigger is disabled.
Views
Trigger view
Predefined user roles
network-admin
Usage guidelines
Before you enable a trigger, make sure the trigger meets the following conditions:
· A monitored object is specified for the trigger.
· The trigger sampling interval is greater than or equal to the minimum sampling interval.
Examples
# Create and enable a trigger.
[Sysname] snmp mib event trigger owner owner1 name triggerA
[Sysname-trigger-owner1-triggerA] oid 1.3.6.1.2.1.2.2.1.1.3
[Sysname-trigger-owner1-triggerA] frequency 360
[Sysname-trigger-owner1-triggerA] trigger enable
Related commands
snmp mib event trigger
type
Use type to specify existence trigger test types.
Use undo type to remove the existence trigger test types.
Syntax
type { absent | changed | present }
undo type { absent |changed | present }
Default
The existence test types are present and absent.
Views
Trigger-existence view
Predefined user roles
network-admin
Parameters
absent: Monitors the absence of an object.
changed: Monitors the change of the value of an object. If the last sampling does not obtain a value, the event is not triggered.
present: Monitors the presence of an object.
Usage guidelines
For the first sampling, see "startup (trigger-existence view)".
The existence trigger tests also apply to the wildcarded instances of the monitor object.
Examples
# Specify the existence test type as present.
[Sysname] snmp mib event trigger owner owner1 name triggerA
[Sysname-trigger-owner1-triggerA] test existence
[Sysname-trigger-owner1-triggerA-existence] type present
Related commands
test
value (action-set view)
Use value to set a value for a set-action object.
Use undo value to restore the default.
Syntax
value integer-value
undo value
Default
The value of a set-action object is 0.
Views
Action-set view
Predefined user roles
network-admin
Parameters
integer-value: Specifies a value for a set-action object. The value is in the range of –2147483648 to +2147483647.
Examples
# Set the value to 5 for the set-action object with the OID 1.3.6.1.2.1.2.2.1.7.3.
[Sysname] snmp mib event owner owner1 name EventA
[Sysname-event-owner1-EventA] action set
[Sysname-event-owner1-EventA-set] oid 1.3.6.1.2.1.2.2.1.7.3
[Sysname-event-owner1-EventA-set] value 2
Related commands
action
mib event owner
oid
value (trigger-Boolean view)
Use value to set a reference value for a Boolean test.
Use undo value to restore the default.
Syntax
Default
The reference value is 0.
Views
Trigger-Boolean view
Predefined user roles
network-admin
Parameters
integer-value: Specifies a reference value in the range of –2147483648 to +2147483647.
Usage guidelines
A Boolean trigger test compares the sampled value with the reference value.
Examples
# Set the reference value to 5 for the Boolean test.
[Sysname] snmp mib event trigger owner owner1 name triggerA
[Sysname-trigger-owner1-triggerA] test boolean
[Sysname-trigger-owner1-triggerA-boolean] value 5
Related commands
snmp mib event trigger
startup
test
wildcard context (action-set view)
Use wildcard context to enable wildcard search for the contexts of a set-action object.
Use undo wildcard context to restore the default.
Syntax
wildcard context
undo wildcard context
Default
The context of the set action is fully specified.
Views
Action-set view
Predefined user roles
network-admin
Usage guidelines
This command must be used in conjunction with the context command. A wildcarded context has two parts: the context specified by the context command and the wildcarded part.
Examples
# Specify the context for the set-action object as contextname1 and enable wildcard search for the contexts.
[Sysname] snmp mib event owner owner1 name EventA
[Sysname-event-owner1-EventA] action set
[Sysname-event-owner1-EventA-set] context contextname1
[Sysname-event-owner1-EventA-set] wildcard context
Related commands
context
snmp mib event owner
wildcard context (trigger view)
Use wildcard context to enable wildcard search for the contexts of a monitored object.
Use undo wildcard context to restore the default.
Syntax
Default
The context of an object is fully specified.
Views
Trigger view
Predefined user roles
network-admin
Usage guidelines
This command must be used with the context command. A wildcarded context has two parts: the context specified by the context command and the wildcarded part.
Examples
# Specify the contexts for the monitored object as contextname and enable wildcard search for the contexts.
[Sysname] snmp mib event trigger owner owner1 name triggerA
[Sysname-trigger-owner1-triggerA] context contextname
[Sysname-trigger-owner1-triggerA] wildcard context
Related commands
snmp mib event trigger
wildcard oid (action-set view)
Use wildcard oid to enable wildcard search for the set-action object OIDs.
Use undo wildcard oid to restore the default.
Syntax
Default
The set-action object OID is fully specified.
Views
Action-set view
Predefined user roles
network-admin
Usage guidelines
This command must be used in conjunction with the oid command. A wildcarded OID has two parts: the OID specified by the oid command and the wildcarded part.
Examples
# Specify the set-action object by its OID 1.3.6.1.2.1.2.2.1.7 for the event with the owner owner1 and the name EventA. Enable wildcard search for the sec-action object OIDs.
[Sysname] snmp mib event owner owner1 name EventA
[Sysname-event-owner1-EventA] action set
[Sysname-event-owner1-EventA-set] oid 1.3.6.1.2.1.2.2.1.7
[Sysname-event-owner1-EventA-set] wildcard oid
Related commands
oid
snmp mib event owner
wildcard oid (trigger view)
Use wildcard oid to enable wildcard search for the monitored object OIDs.
Use undo wildcard oid to restore the default.
Syntax
wildcard oid
undo wildcard oid
Default
A MIB object OID is fully specified.
Views
Trigger view
Predefined user roles
network-admin
Usage guidelines
This command must be used in conjunction with the oid command.
A wildcarded OID has two parts: the OID specified by the oid command and the wildcarded part.
For example, to specify interface description nodes of all interfaces, execute the oid ifDescr and wildcard oid commands.
Examples
# Specify the sampled object by its OID 1.3.6.1.2.1.1.6 for a trigger and enable wildcard search for the monitored object OIDs.
[Sysname] snmp mib event trigger owner owner1 name triggerA
[Sysname-trigger-owner1-triggerA] oid 1.3.6.1.2.1.1.6
[Sysname-trigger-owner1-triggerA] wildcard oid
Related commands
snmp mib event trigger
NETCONF commands
The device supports the FIPS mode that complies with NIST FIPS 140-2 requirements. Support for features, commands, and parameters might differ in FIPS mode and non-FIPS mode. For more information about FIPS mode, see Security Configuration Guide.
display netconf service
Use display netconf service to display current NETCONF service status and global NETCONF service statistics.
Syntax
display netconf service
Views
Any view
Predefined user roles
network-admin
network-operator
Examples
# Display the current NETCONF service status and global NETCONF service statistics.
<Sysname> display netconf service
NETCONF over SOAP over HTTP: Enabled (port 80)
NETCONF over SOAP over HTTPS: Enabled (port 443)
NETCONF over SSH: Enabled (port 830)
NETCONF over Telnet: Enabled
NETCONF over Console: Enabled
SOAP timeout: 10 minutes Agent timeout: 10 minutes
Active sessions: 1
Service statistics:
NETCONF start time: 2015-10-10T08:08:08
Output notifications: 50
Output RPC errors: 20
Dropped sessions: 0
Sessions: 100
Received bad hellos: 0
Received RPCs: 1000
Received bad RPCs: 20
Table 54 Command output
Field |
Description |
SOAP timeout |
NETCONF session idle timeout time for NETCONF over SOAP over HTTP sessions and NETCONF over SOAP over HTTPS sessions. |
Agent timeout |
NETCONF session idle timeout time for NETCONF over SSH sessions, NETCONF over Telnet sessions, and NETCONF over console sessions. |
Active sessions |
Number of active NETCONF sessions. |
NETCONF start time |
Time when the NETCONF service was started. |
Output notifications |
Number of subscribed notifications output by the device. |
Output RPC errors |
Number of erroneous RPC requests output by the device. |
Dropped sessions |
Number of NETCONF sessions dropped due to timeout or abnormal network disconnection. |
Sessions |
Number of established NETCONF sessions. |
Received bad hellos |
Number of received erroneous hello messages. |
Received RPCs |
Total number of RPC requests received by the device. |
Received bad RPCs |
Number of received erroneous RPC requests. |
display netconf session
Use display netconf session to display NETCONF session status and statistics.
Syntax
display netconf session
Views
Any view
Predefined user roles
network-admin
network-operator
Examples
# Display NETCONF session status and statistics.
<Sysname> display netconf session
Session ID: 1 Session type: Agent
Username: test
Login time: 2015-10-10T08:08:08
Client IP address: 192.168.1.1
Session statistics:
Received RPCs : 10 Received bad RPCs : 0
Output RPC errors: 10 Output notifications: 0
Session ID: 2 Session type: SOAP
Username: test
Login time: 2015-10-10T08:08:08
Client IP address: 192.168.1.1
Session statistics:
Received RPCs : 10 Received bad RPCs : 0
Output RPC errors: 10 Output notifications: 0
Table 55 Command output
Field |
Description |
Session ID |
ID of the NETCONF session. |
Session type |
NETCONF session type: · soap—NETCONF over SOAP over HTTP or NETCONF over SOAP over HTTPS. · agent—NETCONF over SSH, NETCONF over Telnet, or NETCONF over console. |
Username |
Username used by the NETCONF client to establish the session. If the session type is agent and login authentication was not performed, this field displays a hyphen (-). |
Login time |
Time when the NETCONF session was established. |
Client IP address |
IP address of the NETCONF client. This field displays a hyphen (-) for NETCONF over console sessions or NETCONF over AUX sessions. |
Received RPCs |
Number of received RPC requests. |
Received bad RPCs |
Number of received erroneous RPC requests. |
Output RPC errors |
Number of erroneous RPC requests output by the device. |
Output notifications |
Number of subscribed notifications output by the device. |
netconf capability specific-namespace
Use netconf capability specific-namespace to configure the device to use module-specific namespaces.
Use undo netconf capability specific-namespace to restore the default.
Syntax
netconf capability specific-namespace
undo netconf capability specific-namespace
Default
The device uses the common namespace.
Views
System view
Predefined user roles
network-admin
Usage guidelines
NETCONF supports both the common namespace and module-specific namespaces. The common namespace is incompatible with module-specific namespaces. To set up a NETCONF session, the device and the client must use the same type of namespaces. By default, the common namespace is used. If the client does not support the common namespace, use this command to configure the device to use module-specific namespaces.
For this command to take effect, you must reestablish the NETCONF session.
Examples
# Configure the device to use module-specific namespaces.
<Sysname> system-view
[Sysname] netconf capability specific-namespace
netconf idle-timeout
Use netconf idle-timeout to set the NETCONF session idle timeout time.
Use undo netconf idle-timeout to restore the default.
Syntax
netconf { soap | agent } idle-timeout minute
undo netconf { soap | agent } idle-timeout
Default
The NETCONF session idle timeout time is 10 minutes for NETCONF over SOAP over HTTP sessions and NETCONF over SOAP over HTTPS sessions.
The NETCONF session idle timeout time is 0 minutes for NETCONF over SSH sessions, NETCONF over Telnet sessions, and NETCONF over console sessions. The sessions never time out.
Views
System view
Predefined user roles
network-admin
Parameters
soap: Specifies the NETCONF over SOAP over HTTP sessions and NETCONF over SOAP over HTTPS sessions.
agent: Specifies the NETCONF over SSH sessions, NETCONF over Telnet sessions, and NETCONF over console sessions.
minute: Specifies the NETCONF session idle timeout time in minutes. The value range is as follows:
· 1 to 999 for NETCONF over SOAP over HTTP sessions and NETCONF over SOAP over HTTPS sessions.
· 0 to 999 for NETCONF over SSH sessions, NETCONF over Telnet sessions, and NETCONF over console sessions. To disable the timeout feature, set this argument to 0.
Usage guidelines
If no NETCONF packets are exchanged on a NETCONF session within the NETCONF session idle timeout time, the device tears down the session.
Examples
# Set the NETCONF session idle timeout time to 20 minutes for NETCONF over SOAP over HTTP sessions and NETCONF over SOAP over HTTPS sessions.
<Sysname> system-view
[Sysname] netconf soap idle-timeout 20
netconf log
Use netconf log to enable NETCONF logging.
Use undo netconf log to remove the configuration for the specified NETCONF operation sources and NETCONF operations.
Syntax
netconf log source { all | { agent | soap | web } * } { { protocol-operation { all | { action | config | get | set | session | syntax | others } * } } | verbose }
undo netconf log source { all | { agent | soap | web } * } { { protocol-operation { all | { action | config | get | set | session | syntax | others } * } } | verbose }
Default
NETCONF logging is disabled.
Views
System view
Predefined user roles
network-admin
Parameters
source: Specifies a NETCONF operation source that represents clients that use a protocol.
· all: Specifies NETCONF clients that use all protocols.
· agent: Specifies clients that use Telnet, SSH, console, or NETCONF over SSH.
· soap: Specifies clients that use SOAP over HTTP, or SOAP over HTTPS.
· web: Specifies clients that use Web.
protocol-operation: Specifies a NETCONF operation type.
· all: Specifies all NETCONF operations.
· action: Specifies the action operation.
· config: Specifies the configuration-related NETCONF operations, including the CLI, save, load, rollback, lock, unlock, and save-point operations.
· get: Specifies the data retrieval-related NETCONF operations, including the get, get-config, get-bulk, get-bulk-config, and get-sessions operations.
· set: Specifies all edit-config operations.
· session: Specifies session-related NETCONF operations, including the kill-session and close-session operations, and capability exchanges by hello messages.
· syntax: Specifies the requests that include XML and schema errors.
· others: Specifies NETCONF operations except for those specified by keywords action, config, get, set, session, and syntax.
verbose: Logs detailed NETCONF information. For request operations, this keyword logs the texts of the requests after brief information. For service operations, this keyword takes effect only on edit-config operations. When an edit-config operation error occurs, this keyword logs detailed error information.
Usage guidelines
For NETCONF to correctly send the generated logs to the information center, you must also configure the information center. For information about information center configuration, see the network management and monitoring configuration guide for the device.
Examples
# Configure the device to log NETCONF edit-config information sourced from agent clients.
<Sysname> system-view
[Sysname] netconf log source agent protocol-operation set
netconf soap domain
Use netconf soap domain to specify a mandatory authentication domain for NETCONF users.
Use undo netconf soap domain to restore the default.
Syntax
netconf soap domain domain-name
undo netconf soap domain domain-name
Default
No mandatory authentication domain is specified for NETCONF users.
Views
System view
Predefined user roles
network-admin
Parameters
domain-name: Specifies an ISP domain by its name, a case-insensitive string of 1 to 255 characters. For information about ISP domains, see AAA in Security Configuration Guide.
Usage guidelines
You can use one of the following methods to specify an authentication domain:
· Execute the netconf soap domain command to specify a mandatory authentication domain. After this command is executed, all NETCONF users are placed in the domain for authentication.
· Add an authentication domain to the <UserName> parameter of a SOAP request. The authentication domain takes effect only on the current request.
The authentication domain specified by using this command takes precedence over the authentication domain specified by the <UserName> parameter of a SOAP request.
If you execute this command multiple times, the most recent configuration takes effect.
Examples
# Specify mandatory authentication domain my-domain for NETCONF users.
<Sysname> system-view
[Sysname] netconf soap domain my-domain
netconf soap http acl
Use netconf soap http acl to apply an IPv4 ACL to control NETCONF over SOAP over HTTP access.
Use undo netconf soap http acl to restore the default.
Syntax
netconf soap http acl { ipv4-acl-number | name ipv4-acl-name }
undo netconf soap http acl
Default
No IPv4 ACL is applied to control NETCONF over SOAP over HTTP access.
Views
System view
Predefined user roles
network-admin
Parameters
ipv4-acl-number: Specifies an IPv4 ACL by its number in the range of 2000 to 2999.
name ipv4-acl-name: Specifies an IPv4 ACL by its name. The ipv4-acl-name argument is a case-insensitive string of 1 to 63 characters. It must start with an English letter. To avoid confusion, it cannot be all.
Usage guidelines
This command is not available in FIPS mode.
Only NETCONF clients permitted by the IPv4 ACL can establish NETCONF over SOAP over HTTP sessions.
This command takes effect only if the IPv4 ACL is an existing IPv4 basic ACL and has rules. For more information about ACL configuration, see ACL and QoS Configuration Guide.
If you execute this command multiple times, the most recent configuration takes effect.
Examples
# Use ACL 2001 to allow only NETCONF clients from subnet 10.10.0.0/16 to establish NETCONF over SOAP over HTTP sessions.
<Sysname> system-view
[Sysname] acl basic 2001
[Sysname-acl-ipv4-basic-2001] rule permit source 10.10.0.0 0.0.255.255
[Sysname-acl-ipv4-basic-2001] quit
[Sysname] netconf soap http acl 2001
netconf soap http enable
Use netconf soap http enable to enable NETCONF over SOAP over HTTP.
Use undo netconf soap http enable to disable NETCONF over SOAP over HTTP.
Syntax
netconf soap http enable
undo netconf soap http enable
Default
NETCONF over SOAP over HTTP is disabled.
Views
System view
Predefined user roles
network-admin
Usage guidelines
This command is not available in FIPS mode.
This command enables the device to resolve NETCONF messages that are encapsulated with SOAP in HTTP packets.
Examples
# Enable NETCONF over SOAP over HTTP.
<Sysname> system-view
[Sysname] netconf soap http enable
netconf soap https acl
Use netconf soap https acl to apply an IPv4 ACL to control NETCONF over SOAP over HTTPS access.
Use undo netconf soap https acl to restore the default.
Syntax
netconf soap https acl { ipv4-acl-number | name ipv4-acl-name }
undo netconf soap https acl
Default
No IPv4 ACL is applied to control NETCONF over SOAP over HTTPS access.
Views
System view
Predefined user roles
network-admin
Parameters
ipv4-acl-number: Specifies an IPv4 ACL by its number in the range of 2000 to 2999.
name ipv4-acl-name: Specifies an IPv4 ACL by its name. The ipv4-acl-name argument is a case-insensitive string of 1 to 63 characters. It must start with an English letter. To avoid confusion, it cannot be all.
Usage guidelines
Only NETCONF clients permitted by the IPv4 ACL can establish NETCONF over SOAP over HTTPS sessions.
This command takes effect only if the IPv4 ACL is an existing IPv4 basic ACL and has rules. For more information about ACL configuration, see ACL and QoS Configuration Guide.
If you execute this command multiple times, the most recent configuration takes effect.
Examples
# Use ACL 2001 to allow only NETCONF clients from subnet 10.10.0.0/16 to establish NETCONF over SOAP over HTTPS sessions.
<Sysname> system-view
[Sysname] acl basic 2001
[Sysname-acl-ipv4-basic-2001] rule permit source 10.10.0.0 0.0.255.255
[Sysname-acl-ipv4-basic-2001] quit
[Sysname] netconf soap https acl 2001
netconf soap https enable
Use netconf soap https enable to enable NETCONF over SOAP over HTTPS.
Use undo netconf soap https enable to disable NETCONF over SOAP over HTTPS.
Syntax
netconf soap https enable
undo netconf soap https enable
Default
NETCONF over SOAP over HTTPS is disabled.
Views
System view
Predefined user roles
network-admin
Usage guidelines
This command enables the device to resolve NETCONF messages that are encapsulated with SOAP in HTTPS packets.
Examples
# Enable NETCONF over SOAP over HTTPS.
<Sysname> system-view
[Sysname] netconf soap https enable
netconf ssh acl
Use netconf ssh acl to apply an IPv4 ACL to control NETCONF over SSH access.
Use undo netconf ssh acl to restore the default.
Syntax
netconf ssh acl { ipv4-acl-number | name ipv4-acl-name }
undo netconf ssh acl
Default
No IPv4 ACL is applied to control NETCONF over SSH access.
Views
System view
Predefined user roles
network-admin
Parameters
ipv4-acl-number: Specifies an IPv4 ACL by its number in the range of 2000 to 2999.
name ipv4-acl-name: Specifies an IPv4 ACL by its name. The ipv4-acl-name argument is a case-insensitive string of 1 to 63 characters. It must start with an English letter. To avoid confusion, it cannot be all.
Usage guidelines
Only NETCONF clients permitted by the IPv4 ACL can establish NETCONF over SSH sessions.
This command takes effect only if the IPv4 ACL is an existing IPv4 basic ACL and has rules. For more information about ACL configuration, see ACL and QoS Configuration Guide.
If you execute this command multiple times, the most recent configuration takes effect.
Examples
# Use IPv4 ACL 2001 to allow only NETCONF clients from subnet 10.10.0.0/16 to establish NETCONF over SSH sessions.
<Sysname> system-view
[Sysname] acl basic 2001
[Sysname-acl-ipv4-basic-2001] rule permit source 10.10.0.0 0.0.255.255
[Sysname-acl-ipv4-basic-2001] quit
[Sysname] netconf ssh acl 2001
Related commands
netconf soap http acl
netconf soap https acl
netconf ssh server enable
Use netconf ssh server enable to enable NETCONF over SSH.
Use undo netconf ssh server enable to disable NETCONF over SSH.
Syntax
netconf ssh server enable
undo netconf ssh server enable
Default
NETCONF over SSH is disabled.
Views
System view
Predefined user roles
network-admin
Usage guidelines
This feature allows you to use an SSH client to invoke NETCONF as an SSH subsystem. Then, you can directly use XML messages to perform NETCONF operations without using the xml command.
Before you execute this command, configure the authentication mode for users as scheme on the device. Then, the NETCONF-over-SSH-enabled user terminals can access the device through NETCONF over SSH.
Only capability set urn:ietf:params:netconf:base:1.0 is available. It is supported by both the device and user terminals.
Examples
# Enable NETCONF over SSH.
<Sysname> system-view
[Sysname] netconf ssh server enable
netconf ssh server port
Use netconf ssh server port to specify a port to listen for NETCONF over SSH connections.
Use undo netconf ssh server port to restore the default.
Syntax
netconf ssh server port port-number
undo netconf ssh server port
Default
Port 830 listens for NETCONF over SSH connections.
Views
System view
Predefined user roles
network-admin
Parameters
port-number: Specifies a port by its number in the range of 1 to 65535.
Usage guidelines
When assigning a listening port, make sure the specified port is not being used by other services. The SSH service can share the same port with other services, but it might not operate correctly.
Examples
# Specify port 800 to listen for NETCONF over SSH connections.
<Sysname> system-view
[Sysname] netconf ssh server port 800
reset netconf service statistics
Use reset netconf service statistics to clear current global NETCONF service statistics.
Syntax
reset netconf service statistics
Views
User view
Predefined user roles
network-admin
Examples
# Clear current global NETCONF service statistics.
<Sysname> reset netconf service statistics
display netconf service
reset netconf session statistics
Use reset netconf session statistics to clear current NETCONF session statistics.
Syntax
reset netconf session statistics
Views
User view
Predefined user roles
network-admin
Examples
# Clear current NETCONF session statistics.
<Sysname> reset netconf session statistics
Related commands
display netconf session
xml
Use xml to enter XML view.
Syntax
xml
Views
User view
Predefined user roles
network-admin
network-operator
Usage guidelines
In XML view, use NETCONF messages to configure the device or obtain data from the device. The NETCONF operations you can perform depend on the user roles you have, as shown in Table 56.
Table 56 NETCONF operations available for the predefined user roles
User role |
NETCONF operations |
network-admin |
All NETCONF operations |
network-operator |
· Get · Get-bulk · Get-bulk-config · Get-config · Get-sessions · Close-session |
To ensure the format correctness of NETCONF messages in XML view, do not enter NETCONF messages manually. Copy and paste the messages.
While the device is performing a NETCONF operation, do not perform any other operations, such as pasting a NETCONF message or pressing Enter.
For the device to identify NETCONF messages, you must add end mark ]]>]]> at the end of each NETCONF message.
After you enter XML view, the device automatically advertises its NETCONF capabilities to the client. In response, you must configure the client to notify the device of its supported NETCONF capabilities. After the capability exchange, you can use the client to configure the device.
NETCONF messages must comply with the XML format requirements and semantic and syntactic requirements in the NETCONF XML API reference for the device. As a best practice, use third-party software to generate NETCONF messages to ensure successful configuration.
To quit XML view, use a NETCONF message instead of the quit command.
If you have configured a shortcut key (Ctrl + C, by default) by using the escape-key command in user line/user line class view, the NETCONF message should not contain the shortcut key string. If the NETCONF message contains the shortcut key string, relevant configurations in XML view might be affected. For example, in user line view, you configured "a" as the shortcut key by using the escape-key a command. When a NETCONF message includes the character "a," only the contents after the last "a" in the message can be processed.
Examples
# Enter XML view.
<Sysname> xml
<?xml version="1.0" encoding="UTF-8"?><hello xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"><capabilities><capability>urn:ietf:params:netconf:base:1.0</capability><capability>urn:ietf:params:netconf:capability:writable-running:1.0</capability><capability>urn:ietf:params:netconf:capability:notification:1.0</capability><capability>urn:ietf:params:netconf:capability:validate:1.0</capability><capability>urn:ietf:params:netconf:capability:interleave:1.0</capability><capability>urn:ietf:params:netconf:capability:rollback-on-error:1.0</capability><capability>urn:hp:params:netconf:capability:hp-netconf-ext:1.0</capability><capability>urn:hp:params:netconf:capability:hp-save-point::1.0</capability></capabilities><session-id>1</session-id></hello>]]>]]>
# Notify the device of the NETCONF capabilities supported on the client.
<hello xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<capabilities>
<capability>
urn:ietf:params:netconf:base:1.0
</capability>
</capabilities>
</hello>]]>]]>
# Quit XML view.
<rpc message-id="101" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<close-session>
</close-session>
</rpc>]]>]]>
CWMP commands
cwmp
Use cwmp to enter CWMP view.
Syntax
cwmp
Views
System view
Predefined user roles
network-admin
Examples
# Enter CWMP view.
<Sysname> system-view
[Sysname] cwmp
Related commands
cwmp enable
cwmp acs default password
Use cwmp acs default password to configure a password for authentication to the default ACS URL.
Use undo cwmp acs default password to restore the default.
Syntax
cwmp acs default password { cipher | simple } string
undo cwmp acs default password
Default
No password is configured for authentication to the default ACS URL.
Views
CWMP view
Predefined user roles
network-admin
Parameters
cipher: Specifies a password in encrypted form.
simple: Specifies a password in plaintext form. For security purposes, the password specified in plaintext form will be stored in encrypted form.
string: Specifies the password. Its plaintext form is a case-sensitive string of 1 to 255 characters. Its encrypted form is a case-sensitive string of 33 to 373 characters.
Usage guidelines
You can configure only one password for authentication to the default ACS URL. If you execute this command multiple times, the most recent configuration takes effect.
For a successful connection, make sure the CPE has the same username and password settings as the ACS.
You do not need to configure this command if the default ACS URL does not require a password for authentication.
Examples
# Configure the password used for authentication to the default ACS URL.
<Sysname> system-view
[Sysname] cwmp
[Sysname-cwmp] cwmp acs default password simple newpsw
Related commands
cwmp acs default url
cwmp acs default username
cwmp acs default url
Use cwmp acs default url to specify a default ACS URL.
Use undo cwmp acs default url to restore the default.
Syntax
cwmp acs default url url
undo cwmp acs default url
Default
No default ACS URL is specified.
Views
CWMP view
Predefined user roles
network-admin
Parameters
url: Specifies the default ACS URL, a string of 8 to 255 characters. The URL must use the http://host[:port]/path or https://host[:port]/path format.
Usage guidelines
The CPE attempts to connect to the default ACS URL if no ACS URL has been assigned to it through the cwmp acs url command or DHCP.
You can configure only one default ACS URL. If you execute this command multiple times, the most recent configuration takes effect.
Examples
# Specify the default ACS URL.
<Sysname> system-view
[Sysname] cwmp
[Sysname-cwmp] cwmp acs default url http://www.acs.com:80/acs
Related commands
cwmp acs default password
cwmp acs default username
cwmp acs default username
Use cwmp acs default username to configure the username for authentication to the default ACS.
Use undo cwmp acs default username to restore the default.
Syntax
cwmp acs default username username
undo cwmp acs default username
Default
No username is configured for authentication to the default ACS.
Views
CWMP view
Predefined user roles
network-admin
Parameters
username: Specifies a username, a case-sensitive string of 1 to 255 characters.
Usage guidelines
You can configure only one username for authentication to the default ACS URL. If you execute this command multiple times, the most recent configuration takes effect.
For a successful connection, make sure the CPE has the same username and password settings as the ACS.
Examples
# Configure the username for authentication to the default ACS URL.
<Sysname> system-view
[Sysname] cwmp
[Sysname-cwmp] cwmp acs default username newname
Related commands
cwmp acs default password
cwmp acs default url
cwmp acs password
Use cwmp acs password to configure the password for authentication to the preferred ACS URL.
Use undo cwmp acs password to restore the default.
Syntax
cwmp acs password { cipher | simple } string
undo cwmp acs password
Default
No password is configured for authentication to the preferred ACS URL.
Views
CWMP view
Predefined user roles
network-admin
Parameters
cipher: Specifies a password in encrypted form.
simple: Specifies a password in plaintext form. For security purposes, the password specified in plaintext form will be stored in encrypted form.
string: Specifies the password. Its plaintext form is a case-sensitive string of 1 to 255 characters. Its encrypted form is a case-sensitive string of 33 to 373 characters.
Usage guidelines
You can configure only one password for authentication to the preferred ACS URL. If you execute this command multiple times, the most recent configuration takes effect.
For a successful connection, make sure the CPE has the same username and password settings as the ACS.
You do not need to configure this command if the default ACS URL does not require a password for authentication.
Examples
# Configure the password used for authentication to the preferred ACS URL.
<Sysname> system-view
[Sysname] cwmp
[Sysname-cwmp] cwmp acs password simple newpsw
Related commands
cwmp acs url
cwmp acs username
cwmp acs url
Use cwmp acs url to specify a preferred ACS URL.
Use undo cwmp acs url to restore the default.
Syntax
cwmp acs url url
undo cwmp acs url
Default
No preferred ACS URL is specified.
Views
CWMP view
Predefined user roles
network-admin
Parameters
url: Specifies the preferred ACS URL, a string of 8 to 255 characters. The URL must use the http://host[:port]/path or https://host[:port]/path format.
Usage guidelines
The device supports only one preferred ACS URL. If you execute this command multiple times, the most recent configuration takes effect.
The preferred ACS URL is configurable from the CPE's CLI, the DHCP server, and the ACS. The CLI- and ACS-assigned URLs have higher priority than the DHCP-assigned URL. The CLI- and ACS-assigned URLs overwrite each other.
The CPE uses the default ACS attributes for connection establishment only when it is not assigned a preferred ACS URL from the CLI, ACS, or DHCP server.
Examples
# Specify the ACS URL.
<Sysname> system-view
[Sysname] cwmp
[Sysname-cwmp] cwmp acs url http://www.acs.com:80/acs
cwmp acs username
Use cwmp acs username to configure the username for authentication to the preferred ACS URL.
Use undo cwmp acs username to restore the default.
Syntax
cwmp acs username username
undo cwmp acs username
Default
No username is configured for authentication to the preferred ACS URL.
Views
CWMP view
Predefined user roles
network-admin
Parameters
username: Specifies a username, a case-sensitive string of 1 to 255 characters.
Usage guidelines
You can configure only one username for authentication to the preferred ACS URL. If you execute this command multiple times, the most recent configuration takes effect.
For a successful connection, make sure the CPE has the same username and password settings as the ACS.
Examples
# Configure the username used for authentication to the preferred ACS URL.
<Sysname> system-view
[Sysname] cwmp
[Sysname-cwmp] cwmp acs username newname
Related commands
cwmp acs password
cwmp cpe connect interface
Use cwmp cpe connect interface to specify the CWMP connection interface.
Use undo cwmp cpe connect interface to restore the default.
Syntax
cwmp cpe connect interface interface-type interface-number
undo cwmp cpe connect interface
Default
No CWMP connection interface is specified. The CPE automatically selects the CWMP connection interface.
Views
CWMP view
Predefined user roles
network-admin
Parameters
interface-type interface-number: Specifies the type and number of the CWMP connection interface.
Usage guidelines
A CWMP connection interface is the interface that the CPE uses to communicate with the ACS. To establish a CWMP connection, the CPE sends the IP address of this interface in the Inform message, and the ACS replies to this IP address.
If the interface that connects the CPE to the ACS is the only Layer 3 interface that has an IP address on the device, you do not need to specify the CWMP connection interface.
If the CPE has multiple Layer 3 interfaces, specify the interface that connects to the ACS as the CWMP connection interface. This manual setting prevents incorrect CWMP connection interface selection, which might occur with automatic selection.
Examples
# Specify GigabitEthernet 1/0/1 as the CWMP connection interface.
<Sysname> system-view
[Sysname] cwmp
[Sysname-cwmp] cwmp cpe connect interface gigabitethernet 1/0/1
cwmp cpe connect retry
Use cwmp cpe connect retry to set the maximum number of attempts the CPE can make to retry a failed CWMP connection.
Use undo cwmp cpe connect retry to restore the default.
Syntax
cwmp cpe connect retry retries
undo cwmp cpe connect retry
Default
The CPE retries a failed connection until the connection is established with the ACS.
Views
CWMP view
Predefined user roles
network-admin
Parameters
retries: Specifies the maximum number of CWMP connection retries. The value range is 0 to 100. To disable the CPE to retry a CWMP connection, set this argument to 0.
Usage guidelines
The CPE retries connecting to the ACS when its initial connection attempt fails or the CWMP session is ended before the CPE receives a session closed message from the ACS. The CPE does not stop its connection retry attempts until the connection is established or the number of connection retries reaches the upper limit.
Examples
# Set the maximum number of CWMP connection retries to 5.
<Sysname> system-view
[Sysname] cwmp
[Sysname-cwmp] cwmp cpe connect retry 5
cwmp cpe inform interval
Use cwmp cpe inform interval to set the periodic Inform interval.
Use undo cwmp cpe inform interval to restore the default.
Syntax
cwmp cpe inform interval interval
undo cwmp cpe inform interval
Default
The periodic Inform interval is 600 seconds.
Views
CWMP view
Predefined user roles
network-admin
Parameters
interval: Sets the periodic Inform interval in the range of 10 to 86400 seconds.
Usage guidelines
This command sets the interval for the CPE to send Inform messages automatically to the ACS. For the command to take effect, you must configure the cwmp cpe inform interval enable command.
Examples
# Set the periodic Inform interval to 3600 seconds.
<Sysname> system-view
[Sysname] cwmp
[Sysname-cwmp] cwmp cpe inform interval enable
[Sysname-cwmp] cwmp cpe inform interval 3600
Related commands
cwmp cpe inform interval enable
cwmp cpe inform interval enable
Use cwmp cpe inform interval enable to enable the periodic Inform feature.
Use undo cwmp cpe inform interval enable to restore the default.
Syntax
cwmp cpe inform interval enable
undo cwmp cpe inform interval enable
Default
The CPE does not send Inform messages periodically.
Views
CWMP view
Predefined user roles
network-admin
Usage guidelines
If this command is configured, the CPE sends Inform messages regularly to establish a CWMP session with the ACS. To set the periodic Inform interval, use the cwmp cpe inform interval command.
Examples
# Enable the periodic Inform feature.
<Sysname> system-view
[Sysname] cwmp
[Sysname-cwmp] cwmp cpe inform interval enable
Related commands
cwmp cpe inform interval
cwmp cpe inform time
Use cwmp cpe inform time to schedule a connection initiation for the CPE to connect to the ACS.
Use undo cwmp cpe inform time to restore the default.
Syntax
cwmp cpe inform time time
undo cwmp cpe inform time
Default
No connection initiation has been scheduled.
Views
CWMP view
Predefined user roles
network-admin
Parameters
time: Specifies the time at which the CPE sends an Inform message. The time format is yyyy-mm-ddThh:mm:ss, and the value range is 1970-01-01T00:00:00 to 2035-12-31T23:59:59. The specified time must be greater than the current system time.
Examples
# Configure the CPE to send an Inform message at 2007-12-01T20:00:00.
<Sysname> system-view
[Sysname] cwmp
[Sysname-cwmp] cwmp cpe inform time 2012-12-01T20:00:00
cwmp cpe password
Use cwmp cpe password to configure the password for the CPE to authenticate the ACS.
Use undo cwmp cpe password to restore the default.
Syntax
cwmp cpe password { cipher | simple } string
undo cwmp cpe password
Default
No password is configured for authenticating the ACS.
Views
CWMP view
Predefined user roles
network-admin
Parameters
cipher: Specifies a password in encrypted form.
simple: Specifies a password in plaintext form. For security purposes, the password specified in plaintext form will be stored in encrypted form.
string: Specifies the password. Its plaintext form is a case-sensitive string of 1 to 255 characters. Its encrypted form is a case-sensitive string of 33 to 373 characters.
Usage guidelines
You can configure only one password for the ACS to authenticate to the CPE when it initiates a connection. If you execute this command multiple times, the most recent configuration takes effect.
For a successful connection, make sure the ACS has the same username and password settings as the CPE.
If a password is configured, the ACS must provide the correct password when it requests the CPE to initiate a CWMP session. If the password is incorrect, the CPE denies the connection request from the ACS.
You do not need to configure this command if you want to disable ACS authentication or authenticate the ACS only based on its username.
Examples
# Configure the password used for authenticating the ACS.
<Sysname> system-view
[Sysname] cwmp
[Sysname-cwmp] cwmp cpe password simple newpsw
Related commands
cwmp cpe username
cwmp cpe provision-code
Use cwmp cpe provision-code to configure the provision code of the CPE.
Use undo cwmp cpe provision-code to restore the default.
Syntax
cwmp cpe provision-code provision-code
undo cwmp cpe provision-code
Default
The provision code is PROVISIONCODE.
Views
CWMP view
Predefined user roles
network-admin
Parameters
provision-code: Specifies a provision code, a string of 1 to 64 characters. The string can contain uppercase letters, digits, and the full stop (.).
Usage guidelines
The ACS can use the provision code to identify services assigned to each CPE. For correct configuration deployment, make sure the same provision code is configured on the CPE and the ACS. For information about the support of your ACS for provision codes, see the ACS documentation.
The CPE can have only one provision code. If you execute this command multiple times, the most recent configuration takes effect.
Examples
# Set the provision code to ABC20150714.
<Sysname> system
[Sysname] cwmp
[Sysname-cwmp] cwmp cpe provision-code ABC20150714
cwmp cpe stun enable
Use cwmp cpe stun enable to enable NAT traversal for the connection requests from the ACS to reach the CPE through a NAT gateway.
Use undo cwmp cpe stun enable to disable NAT traversal for the connection requests from the ACS to reach the CPE through a NAT gateway.
Syntax
cwmp cpe stun enable
undo cwmp cpe stun enable
Default
NAT traversal is disabled for CWMP.
Views
CWMP view
Predefined user roles
network-admin
Usage guidelines
Connection requests initiated from the CPE can reach the ACS through a NAT gateway without NAT traversal. However, for the connection request initiated from the ACS to reach the CPE, you must enable NAT traversal on the CPE when a NAT gateway resides between the CPE and the ACS.
The NAT traversal feature complies with Simple Traversal of UDP Through NATs (STUN), RFC 3489. The feature enables the CPE to do the following:
· Discovers the NAT gateway.
· Obtains an open NAT binding (a public IP address and port binding) through which the ACS can send unsolicited packets.
The CPE sends the binding to the ACS when it initiates a connection to the ACS. For the connection requests sent by the ACS at any time to reach the CPE, the CPE maintains the open NAT binding.
For more information about NAT, see Layer 3—IP Services Configuration Guide.
Examples
# Enable NAT traversal for the CPE.
<Sysname> system-view
[Sysname] cwmp
[Sysname-cwmp] cwmp cpe stun enable
cwmp cpe username
Use cwmp cpe username to configure the username for the CPE to authenticate the ACS.
Use undo cwmp cpe username to restore the default.
Syntax
cwmp cpe username username
undo cwmp cpe username
Default
No username is configured for authenticating the ACS.
Views
CWMP view
Predefined user roles
network-admin
Parameters
username: Specifies a username, a case-sensitive string of 1 to 255 characters.
Usage guidelines
You can configure only one username for the ACS to authenticate to the CPE when it initiates a connection. If you execute this command multiple times, the most recent configuration takes effect.
For a successful connection, make sure the ACS has the same username setting as the CPE. If a password is required, you must also make sure the ACS has the same password setting as the CPE.
The ACS must provide the correct username when it requests the CPE to initiate a CWMP session. If the username is incorrect, the CPE denies the connection request from the ACS.
You do not need to configure this command if you want to disable ACS authentication.
Examples
# Configure the username used for authenticating the ACS.
<Sysname> system-view
[Sysname] cwmp
[Sysname-cwmp] cwmp cpe username newname
Related commands
cwmp cpe password
cwmp cpe wait timeout
Use cwmp cpe wait timeout to set the close-wait timer for the CPE to close an idle connection.
Use undo cwmp cpe wait timeout to restore the default.
Syntax
cwmp cpe wait timeout seconds
undo cwmp cpe wait timeout
Default
The close-wait timer is 30 seconds.
Views
CWMP view
Predefined user roles
network-admin
Parameters
seconds: Sets the close-wait timer, in the range of 30 to 1800 seconds.
Usage guidelines
The close-wait timer specifies the amount of time the connection to the ACS can be idle before it is terminated. The CPE terminates the connection to the ACS if no traffic is transmitted before the timer expires.
The timer also specifies the maximum amount of time the CPE waits for the response to a session request. The CPE determines that its session attempt has failed when the timer expires. By default, the CPE retries a failed session until the session is established with the ACS. To limit the number of retries, use the cwmp cpe connect retry command.
Examples
# Set the close-wait time to 60 seconds.
<Sysname> system-view
[Sysname] cwmp
[Sysname-cwmp] cwmp cpe wait timeout 60
cwmp enable
Use cwmp enable to enable CWMP.
Use undo cwmp enable to disable CWMP.
Syntax
cwmp enable
undo cwmp enable
Default
CWMP is disabled.
Views
CWMP view
Predefined user roles
network-admin
Usage guidelines
CWMP configuration takes effect only after CWMP is enabled.
Examples
# Enable CWMP.
[Sysname] cwmp
[Sysname-cwmp] cwmp enable
Related commands
cwmp
display cwmp configuration
Use display cwmp configuration to display the CWMP configuration.
Syntax
display cwmp configuration
Views
Any view
Predefined user roles
network-admin
network-operator
Examples
# Display the CWMP configuration after CWMP is enabled.
<Sysname> display cwmp configuration
CWMP state : Enabled
ACS URL : http://www.acs.com:80/acs
ACS username : newname
ACS default URL : Null
ACS default username : defname
Periodic inform : Disabled
Inform interval : 600s
Inform time : None
Wait timeout : 30s
Connection retries : Unlimited
Source IP interface : None
STUN state : Disabled
SSL policy name : Null
Table 57 Command output
Field |
Description |
CWMP state |
Status of CWMP: Enabled or Disabled. |
ACS URL |
Preferred ACS URL. This field displays Null if no preferred ACS URL has been specified. |
ACS username |
Username for the CPE to authenticate to the ACS. This field displays Null if no username has been configured for authentication to the preferred ACS URL. |
ACS default URL |
Default ACS URL. The CPE attempts to connect to the default ACS URL if no ACS URL has been assigned to it through the cwmp acs url command, ACS, or DHCP. This field displays Null if no default ACS URL has been configured. |
ACS default username |
Username for the CPE to authenticate to the default ACS URL. This field displays Null if no username has been configured for authentication to the default ACS URL. |
Periodic inform |
Status of the periodic Inform feature: Enabled or Disabled. |
Inform interval |
Periodic Inform interval. The default interval is 600 seconds. |
Inform time |
Date and time at which an Inform message is scheduled to be sent. If you do not schedule an Inform sending, this field displays None. |
Wait timeout |
Close-wait timer. This timer is configurable with the cwmp cpe wait timeout command. |
Connection retries |
Number of attempts the CPE can make to retry a failed CWMP connection. This field displays Unlimited if the default setting is used. The CPE retries a failed session until the session is established with the ACS. |
Source IP interface |
IP address of the specified CWMP connection interface. This field displays None if you have not specified a CWMP connection interface. |
STUN state |
Status of NAT traversal for CWMP: Enabled or Disabled. For the connection request initiated from the ACS to reach the CPE, you must enable NAT traversal when a NAT gateway resides between the CPE and the ACS. |
SSL policy name |
SSL client policy specified for the CPE to authenticate the ACS for establishing an HTTPS connection. You must specify an SSL client policy when HTTPS is used. This field displays Null if you have not specified an SSL client policy. |
Related commands
display cwmp status
display cwmp status
Use display cwmp status to display CWMP state information.
Syntax
display cwmp status
Views
Any view
Predefined user roles
network-admin
network-operator
Examples
# Display CWMP state information.
<Sysname> display cwmp status
CWMP state : Enabled
ACS URL of most recent connection : http://www.acs.com:80/acs
ACS information source : User
ACS username of most recent connection : newname
Connection status : Disconnected
Data transfer status : None
Most recent successful connection attempt : None
Length of time before next connection attempt : 1096832s
Table 58 Command output
Field |
Description |
CWMP state |
Status of CWMP: Enabled or Disabled. |
ACS URL of most recent connection |
ACS URL used for the most recent connection attempt. This field displays Null if no ACS URL was available. |
ACS information source |
Source from which the CPE obtained the ACS URL: · User—ACS URL assigned by using the cwmp acs url command or by ACS. · DHCP—ACS URL assigned by the DHCP server. · Default—ACS URL assigned by using the cwmp acs default url command. This field displays None if no ACS URL was available. |
ACS username of most recent connection |
Username used for the most recent connection to the ACS. This field displays Null if no ACS username was available. |
Connection status |
Current CWMP session status: · Connected—A CWMP session has been established to the ACS. · Disconnected—No CWMP session has been established to the ACS. · Waiting response—The CPE is waiting for the connection response from the ACS. |
Data transfer status |
Data transfer status of the CPE: · Uploading—The CPE is uploading data. · Downloading—The CPE is downloading data. · None—No data is transferred. |
Most recent successful connection attempt |
Time of the most recent successful CWMP connection. This field displays None if no CWMP session was established. |
Length of time before next connection attempt |
Amount of time (in seconds) that the CPE must wait before it initiates the next connection. This field displays None if the CPE does not detect an event that will trigger a connection attempt. |
Related commands
display cwmp configuration
ssl client-policy
Use ssl client-policy to specify an SSL client policy for CWMP.
Use undo ssl client-policy to restore the default.
Syntax
ssl client-policy policy-name
undo ssl client-policy
Default
No SSL client policy is specified for CWMP.
Views
CWMP view
Predefined user roles
network-admin
Parameters
policy-name: Specifies the name of an SSL client policy, a string of 1 to 31 characters.
Usage guidelines
CWMP uses HTTP or HTTPS for data transmission. If the ACS uses HTTPS for secure access, its URL begins with https://. You must configure an SSL client policy for the CPE to authenticate the ACS for establishing an HTTPS connection. For more information about configuring SSL client policies, see Security Configuration Guide.
Examples
# Specify the SSL client policy test for CWMP.
<Sysname> system
[Sysname] cwmp
[Sysname-cwmp] ssl client-policy test
EAA commands
Commands and descriptions for centralized devices apply to the following routers:
· MSR810/810-W/810-W-DB/810-LM/810-W-LM/810-10-PoE/810-LM-HK/810-W-LM-HK/810-LMS/810-LUS.
· MSR2600-6-X1/2600-10-X1.
· MSR 2630.
· MSR3600-28/3600-51.
· MSR3600-28-SI/3600-51-SI.
· MSR3610-X1/3610-X1-DP/3610-X1-DC/3610-X1-DP-DC.
· MSR 3610/3620/3620-DP/3640/3660.
· MSR810-LM-GL/810-W-LM-GL/830-6EI-GL/830-10EI-GL/830-6HI-GL/830-10HI-GL/2600-6-X1-GL/3600-28-SI-GL.
Commands and descriptions for distributed devices apply to the following routers:
· MSR5620.
· MSR 5660.
· MSR 5680.
action cli
Use action cli to add a CLI action to a monitor policy.
Use undo action to remove an action.
Syntax
action number cli command-line
undo action number
Default
Monitor policies do not contain any actions.
Views
CLI-defined policy view
Predefined user roles
network-admin
Parameters
number: Specifies an action ID in the range of 0 to 231.
cli command-line: Specifies the command line to be executed when the event occurs. You can enter abbreviated forms of command keywords, but you must make sure the forms can uniquely identify the command keywords. For example, you can enter int loop 1 for the interface loopback 1 command.
Usage guidelines
You can configure a series of actions to be executed in response to the event specified in a monitor policy. If two actions have the same ID, the most recent one takes effect.
EAA executes the actions in ascending order of action IDs. When you add actions to a policy, you must make sure the execution order is correct.
To execute a command in a view other than user view, you must define actions required for accessing the target view before defining the command execution action. In addition, you must number the actions in the order they should be executed, starting with entering system view.
For example, to shut down an interface, you must create the following actions in order:
1. Action to enter system view.
2. Action to enter interface view.
3. Action to shut down the interface.
When you define an action, you can specify a value or specify a variable name for an argument. For more information about using EAA environment variables, see "rtm environment."
Examples
# Configure the CLI-defined policy test to shut down GigabitEthernet 1/0/1 when the policy is triggered.
<Sysname> system-view
[Sysname] rtm cli-policy test
[Sysname-rtm-test] action 1 cli system-view
[Sysname-rtm-test] action 2 cli interface gigabitethernet 1/0/1
[Sysname-rtm-test] action 3 cli shutdown
action reboot
Use action reboot to add a reboot action to a monitor policy.
Use undo action to remove an action.
Syntax
Centralized devices in standalone mode:
action number reboot
undo action number
Distributed devices in standalone mode/centralized devices in IRF mode:
action number reboot [ slot slot-number [ subslot subslot-number ] ]
undo action number
Distributed devices in IRF mode:
action number reboot [ chassis chassis-number [ slot slot-number [ subslot subslot-number ] ] ]
undo action number
Default
Monitor policies do not contain any actions.
Views
CLI-defined policy view
Predefined user roles
network-admin
Parameters
number: Specifies an action ID in the range of 0 to 231.
chassis chassis-number: Specifies an IRF member device by its member ID. If you do not specify a member device, the command reboots all IRF member devices. (Distributed devices in IRF mode.)
slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command reboots all cards. (Distributed devices in standalone mode.)
slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command reboots all cards. (Distributed devices in IRF mode.)
slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, the command reboots all IRF member devices. (Centralized devices in IRF mode.)
subslot subslot-number: Specifies a subcard by its slot number. If you do not specify a subcard, the command reboots the slot.
The following matrix shows the subslot subslot-number option and hardware compatibility:
Hardware |
Option compatibility |
MSR810/810-W/810-W-DB/810-LM/810-W-LM/810-10-PoE /810-LM-HK/810-W-LM-HK/810-LMS/810-LUS |
No |
MSR2600-6-X1/2600-10-X1 |
No |
MSR 2630 |
No |
MSR3600-28/3600-51 |
No |
MSR3600-28-SI/3600-51-SI |
No |
MSR3610-X1/3610-X1-DP/3610-X1-DC/3610-X1-DP-DC |
No |
MSR 3610/3620/3620-DP/3640/3660 |
No |
MSR5620/5660/5680 |
Yes |
Hardware |
Option compatibility |
MSR810-LM-GL |
No |
MSR810-W-LM-GL |
No |
MSR830-6EI-GL |
No |
MSR830-10EI-GL |
No |
MSR830-6HI-GL |
No |
MSR830-10HI-GL |
No |
MSR2600-6-X1-GL |
No |
MSR3600-28-SI-GL |
No |
Usage guidelines
You can configure a series of actions to be executed in response to the event specified in a monitor policy. If two actions have the same ID, the most recent one takes effect.
EAA executes the actions in ascending order of action IDs. When you add actions to a policy, you must make sure the execution order is correct.
The reboot action configured with this command reboots devices or cards without saving the running configuration. If you want to save the running configuration, use the action cli command to configure reboot actions.
When you define an action, you can specify a value or specify a variable name for an argument. For more information about using EAA environment variables, see "rtm environment."
Examples
# (Distributed devices in standalone mode/centralized devices in standalone mode.) Configure an action for the CLI-defined policy test to reboot the device.
<Sysname> system-view
[Sysname] rtm cli-policy test
[Sysname-rtm-test] action 3 reboot
# (Centralized devices in IRF mode.) Configure an action for the CLI-defined policy test to reboot IRF member device 1.
<Sysname> system-view
[Sysname] rtm cli-policy test
[Sysname-rtm-test] action 3 reboot slot 1
# (Distributed devices in IRF mode.) Configure an action for the CLI-defined policy test to reboot IRF member device 1.
<Sysname> system-view
[Sysname] rtm cli-policy test
[Sysname-rtm-test] action 3 reboot chassis 1
action switchover
Use action switchover to add an active/standby switchover action to a monitor policy.
Use undo action to remove an action.
Syntax
action number switchover
undo action number
Default
Monitor policies do not contain any actions.
Views
CLI-defined policy view
Predefined user roles
network-admin
Parameters
number: Specifies an action ID in the range of 0 to 231.
Usage guidelines
You can configure a series of actions to be executed in response to the event specified in a monitor policy. EAA executes the actions in ascending order of action IDs. When you add actions to a policy, you must make sure the execution order is correct. If two actions have the same ID, the most recent one takes effect.
(Centralized devices in standalone mode.) This command does not trigger an active/standby switchover.
(Distributed devices in standalone mode.) This command does not trigger an active/standby switchover in either of the following situations:
· The device has only one MPU.
· The standby MPU is not in up state.
(Centralized devices in IRF mode.) This command does not trigger an active/standby switchover in either of the following situations:
· No subordinate device is configured.
· The subordinate device is not in up state.
(Distributed devices in IRF mode.) This command does not trigger an active/standby switchover in either of the following situations:
· No global standby MPU is configured.
· The global standby MPU is not in up state.
Examples
# Configure an action for the CLI-defined policy test to perform an active/standby switchover.
<Sysname> system-view
[Sysname] rtm cli-policy test
[Sysname-rtm-test] action 3 switchover
action syslog
Use action syslog to add a Syslog action to a monitor policy.
Use undo action to remove an action.
Syntax
action number syslog priority priority facility local-number msg msg-body
undo action number
Default
Monitor policies do not contain any actions.
Views
CLI-defined policy view
Predefined user roles
network-admin
Parameters
number: Specifies an action ID in the range of 0 to 231.
priority priority: Specifies the log severity level in the range of 0 to 7. A lower value represents a higher severity level.
facility local-number: Specifies a logging facility by its facility number in the range of local0 to local7. Facility numbers are used by a log host to identify log creation facilities for filtering log messages.
msg msg-body: Configures the log message body.
Usage guidelines
EAA sends log messages to the information center. You can configure the information center to output these messages to certain destinations. For more information about the information center, see "Configuring the information center."
You can configure a series of actions to be executed in response to the event specified in a monitor policy.
EAA executes the actions in ascending order of action IDs. When you add actions to a policy, you must make sure the execution order is correct.
If two actions have the same ID, the most recent one takes effect.
When you define an action, you can specify a value or specify a variable name for an argument. For more information about using EAA environment variables, see "rtm environment."
Examples
# Configure an action for the CLI-defined policy test to send a log message "hello" with a severity of 7 from the facility device local3.
<Sysname> system-view
[Sysname] rtm cli-policy test
[Sysname-rtm-test] action 3 syslog priority 7 facility local3 msg hello
commit
Use commit to enable a CLI-defined monitor policy.
Syntax
commit
Default
No CLI-defined policies are enabled.
Views
CLI-defined policy view
Predefined user roles
network-admin
Usage guidelines
You must execute this command for a CLI-defined policy to take effect.
After changing the settings in a policy that has been enabled, you must re-execute this command for the changes to take effect.
Examples
# Enable the CLI-defined policy test.
<Sysname> system-view
[Sysname] rtm cli-policy test
[Sysname-rtm-test] commit
display rtm environment
Use display rtm environment to display user-defined EAA environment variables and their values.
Syntax
display rtm environment [ var-name ]
Views
Any view
Predefined user roles
network-admin
Parameters
var-name: Specifies a user-defined EAA environment variable by its name, a case-sensitive string of 1 to 63 characters. The name can contain digits, letters, and the underscore sign (_), but its leading character cannot be the underscore sign. If you do not specify a variable, this command displays all user-defined EAA environment variables.
Examples
# Display all user-defined EAA environment variables.
<Sysname> display rtm environment
Name Value
save_cmd save main force
show_run_cmd display current-configuration
Table 59 Command output
Field |
Description |
Name |
Name of a user-defined EAA environment variable. This field displays a maximum of 30 characters. To display a user-defined EAA environment variable name of more than 30 characters, use the display current-configuration command. |
Value |
Value of the user-defined EAA environment variable. This field displays a maximum of 30 characters. To display a user-defined EAA environment variable value of more than 30 characters, use the display current-configuration command. |
display rtm policy
Use display rtm policy to display monitor policies.
Syntax
display rtm policy { active | registered [ verbose ] } [ policy-name ]
Views
Any view
Predefined user roles
network-admin
Parameters
active: Displays policies that are running.
registered: Displays policies that have been created.
policy-name: Specifies a policy by its name. If you do not specify a policy, the command displays all monitor policies that are running or have been created.
verbose: Displays detailed information about monitor policies.
Usage guidelines
To display the running configuration of CLI-defined monitor policies, execute the display current-configuration command in any view or execute the display this command in CLI-defined monitor policy view.
Examples
# Display all running monitor policies.
<Sysname> display rtm policy active
JID Type Event TimeActive PolicyName
507 TCL INTERFACE Aug 29 14:55:55 2013 test
# Display all monitor policies that have been created.
<Sysname> display rtm policy registered
Total number: 1
Type Event TimeRegistered PolicyName
CLI Aug 29 14:54:50 2013 test
# Display detailed information about all monitor policies.
<Sysname> display rtm policy registered verbose
Total number: 1
Policy Name: test
Policy Type: CLI
Event Type: INTERFACE
TimeRegistered: Aug 29 14:54:50 2013
User-role: network-operator
network-admin
Table 60 Command output
Field |
Description |
JID |
Job ID. This field is available for the display rtm policy active command. |
PolicyName |
Monitor policy name. |
Type Policy Type |
Policy creation method: · TCL—The policy was configured by using Tcl. · CLI—The policy was configured from the CLI. |
Event Event Type |
Event type, including CLI, hotplug, interface, process, SNMP, SNMP-Notification, Syslog, and track. |
TimeActive |
Time when the policy started to execute. |
TimeRegistered |
Time when the policy was created. |
Total number |
Total number of policies. |
User-role |
User roles for executing the monitor policy. To execute the monitor policy, an administrator must have at least one of the displayed user roles. |
event cli
Use event cli to configure a CLI event for a CLI-defined monitor policy.
Use undo event to delete the event in a CLI-defined monitor policy.
Syntax
event cli { async [ skip ] | sync } mode { execute | help | tab } pattern regular-exp
undo event
Default
No CLI event is configured.
Views
CLI-defined policy view
Predefined user roles
network-admin
Parameters
async [ skip ]: Enables or disables the system to execute the command that triggers the policy. If you specify the skip keyword, the system executes the actions in the policy without executing the command that triggers the policy. If you do not specify the skip keyword, the system executes both the actions in the policy and the command entered at the CLI.
sync: Enables the system to execute the command that triggers the event only if the policy has been executed successfully.
execute: Triggers the policy when a matching command is entered.
help: Triggers the policy when a question mark (?) is entered at a matching command line.
tab: Triggers the policy when the Tab key is pressed to complete a parameter in a matching command line.
pattern regular-exp: Specifies a regular expression for matching commands that trigger the policy. For more information about using regular expressions, see Fundamentals Configuration Guide.
Usage guidelines
Use CLI event monitor policies to monitor operations performed at the CLI.
You can configure only one event for a monitor policy. If the monitor policy already contains an event, the new event replaces the old event.
Examples
# Configure a CLI-defined policy to monitor execution of commands that contain the dis inter brief string. Enable the system to execute the actions in the policy without executing the command that triggers the policy.
<Sysname>system-view
[Sysname] rtm cli-policy test
[Sysname-rmt-test] event cli async skip mode execute pattern dis inter brief
# Configure a CLI-defined policy to monitor the use of the Tab key at command lines that contain the dis inter brief string. Enable the system to execute the actions in the policy and display the complete parameter when Tab is pressed at a policy-matching command line.
<Sysname> system-view
[Sysname] rtm cli-policy test
[Sysname-rmt-test] event cli async mode tab pattern dis inter brief
# Configure a CLI-defined policy to monitor the use of the question mark (?) at command lines that contain the dis inter brief string. Enable the system to execute a policy-matching command line only if the actions in the policy are executed successfully when a question mark is entered at the command line.
<Sysname>system-view
[Sysname] rtm cli-policy test
[Sysname-rmt-test] event cli sync mode help pattern dis inter brief
event hotplug
(Centralized devices in standalone mode.) Use event hotplug to configure a subcard hot-swapping event.
(Centralized devices in IRF mode.) Use event hotplug to configure an event to monitor a member device for joining or leaving the IRF fabric or a subcard slot for subcard hot-swapping.
(Distributed devices.) Use event hotplug to configure a card hot-swapping event.
Syntax
Distributed devices in standalone mode/centralized devices in standalone or IRF mode:
event hotplug [ insert | remove ] slot slot-number [ subslot subslot-number ]
undo event
Distributed devices in IRF mode:
event hotplug [ insert | remove ] chassis chassis-number slot slot-number [ subslot subslot-number ]
undo event
Default
No hotplug event is configured.
Views
CLI-defined policy view
Predefined user roles
network-admin
Parameters
insert: Specifies the card insert event. EAA executes the policy when card insertion occurs while the device is operating.
remove: Specifies the card remove event. EAA executes the policy when card removal occurs while the device is operating.
slot slot-number: 0. (Centralized devices in standalone mode.)
slot slot-number: Specifies a card by its slot number. (Distributed devices in standalone mode.)
slot slot-number: Specifies an IRF member device by its member ID. (Centralized devices in IRF mode.)
chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the card. (Distributed devices in IRF mode.)
subslot subslot-number: Specifies a subcard by its subslot number. If you do not specify a subcard, EAA monitors the slot.
The following matrix shows the subslot subslot-number option and hardware compatibility:
Hardware |
Option compatibility |
MSR810/810-W/810-W-DB/810-LM/810-W-LM/810-10-PoE /810-LM-HK/810-W-LM-HK/810-LMS/810-LUS |
No |
MSR2600-6-X1/2600-10-X1 |
No |
MSR 2630/810-LM-HK/810-W-LM-HK |
No |
MSR3600-28/3600-51 |
No |
MSR3600-28-SI/3600-51-SI |
No |
MSR3610-X1/3610-X1-DP/3610-X1-DC/3610-X1-DP-DC |
No |
MSR 3610/3620/3620-DP/3640/3660 |
No |
MSR5620/5660/5680 |
Yes |
Hardware |
Option compatibility |
MSR810-LM-GL |
No |
MSR810-W-LM-GL |
No |
MSR830-6EI-GL |
No |
MSR830-10EI-GL |
No |
MSR830-6HI-GL |
No |
MSR830-10HI-GL |
No |
MSR2600-6-X1-GL |
No |
MSR3600-28-SI-GL |
No |
Usage guidelines
(Centralized devices in standalone mode.) After you configure the event, the monitor policy is triggered when a subcard is inserted in or removed from the specified slot. If you do not specify the insert or remove keyword, EAA monitors the subcard slot for both insert and remove actions.
(Centralized devices in IRF mode.) After you configure the event, the monitor policy is triggered when the member device joins or leaves the IRF fabric, or when a subcard is inserted in or removed from the specified subcard slot. If you do not specify the insert or remove keyword, EAA monitors the member device for joining or leaving the IRF fabric and the subcard slot for subcard hot-swapping.
(Distributed devices.) After you configure the event, the monitor policy is triggered when a card is inserted in or removed from the specified slot. If you do not specify the insert or remove keyword, EAA monitors the card slot for both insert and remove actions.
You can configure only one event entry for a monitor policy. If the monitor policy already contains an event entry, the new event entry replaces the old event entry.
Examples
# (Centralized devices in standalone mode.) Configure a CLI-defined policy to monitor slot 2 for subcard swapping.
<Sysname> system-view
[Sysname] rtm cli-policy test
[Sysname-rtm-test] event hotplug slot 2
# (Distributed devices in standalone mode.) Configure a CLI-defined policy to monitor the card in slot 2 for card swapping.
<Sysname> system-view
[Sysname] rtm cli-policy test
[Sysname-rtm-test] event hotplug slot 2
# (Centralized devices in IRF mode.) Configure a CLI-defined policy to monitor the cards on IRF member device 2 for card swapping.
<Sysname> system-view
[Sysname] rtm cli-policy test
[Sysname-rtm-test] event hotplug slot 2
# (Distributed devices in IRF mode.) Configure a CLI-defined policy to monitor the card in slot 2 of IRF member device 1 for card swapping.
<Sysname> system-view
[Sysname] rtm cli-policy test
[Sysname-rtm-test] event hotplug chassis 1 slot 2
event interface
Use event interface to configure an interface event for a CLI-defined monitor policy.
Use undo event to delete the event in a CLI-defined monitor policy.
Syntax
event interface interface-type interface-number monitor-obj monitor-obj start-op start-op start-val start-val restart-op restart-op restart-val restart-val [ interval interval ]
undo event
Default
No interface event is configured.
Views
CLI-defined policy view
Predefined user roles
network-admin
Parameters
interface-type interface-number: Specifies an interface by its type and number.
monitor-obj monitor-obj: Specifies the traffic statistic to be monitored on the interface. For keywords available for the monitor-obj argument, see Table 61.
start-op start-op: Specifies the operator for comparing the monitored traffic statistic with the start threshold. The start threshold is crossed if the comparison result meets the condition. For keywords available for the start-op argument, see Table 62.
start-val start-val: Specifies the start threshold to be compared with the monitored traffic statistic. The value range is 0 to 4294967295.
restart-op restart-op: Specifies the operator for comparing the monitored traffic statistic with the restart threshold. The restart threshold is crossed if the comparison result meets the condition. For keywords available for the restart-op argument, see Table 62.
restart-val restart-val: Specifies the restart threshold to be compared with the monitored traffic statistic. The value range is 0 to 4294967295.
interval interval: Specifies the interval to sample the monitored traffic statistic for a comparison. The value range is 1 to 4294967295, in seconds. The default value is 300.
Monitored traffic statistic |
Description |
input-drops |
Number of discarded incoming packets during the sampling interval |
input-errors |
Number of incoming error packets during the sampling interval |
output-drops |
Number of discarded outgoing packets during the sampling interval |
output-errors |
Number of outgoing error packets during the sampling interval |
rcv-bps |
Receive rate, in bps |
rcv-broadcasts |
Number of incoming broadcasts during the sampling interval |
rcv-pps |
Receive rate, in packets per second. |
tx-bps |
Transmit rate, in bps. |
tx-pps |
Transmit rate, in packets per second. |
Comparison operator |
Description |
eq |
Equal to. |
ge |
Greater than or equal to. |
gt |
Greater than. |
le |
Less than or equal to. |
lt |
Less than. |
ne |
Not equal to. |
Usage guidelines
Use interface event monitor policies to monitor traffic statistics on an interface.
You can configure only one event for a monitor policy. If the monitor policy already contains an event, the new event replaces the old event.
EAA executes an interface event policy when the monitored interface traffic statistic crosses the start threshold in the following situations:
· The statistic crosses the start threshold for the first time.
· The statistic crosses the start threshold each time after it crosses the restart threshold.
The following is the interface event monitor process of EAA:
1. Compares the traffic statistic sample with the start threshold at sampling intervals until the start threshold is crossed.
2. Executes the policy.
3. Compares the traffic statistic sample with the restart threshold at sampling intervals until the restart threshold is crossed.
4. Compares the traffic statistic sample with the start threshold at sampling intervals until the start threshold is crossed.
5. Executes the policy again.
This process cycles for the monitor policy to be executed and re-executed.
Examples
# Configure a CLI-defined policy to monitor the incoming error packet statistic on GigabitEthernet 1/0/1 every 60 seconds. Set the start threshold to 1000 and the restart threshold to 50. Enable EAA to execute the policy when the statistic exceeds 1000 for the first time. Enable EAA to re-execute the policy if the statistic exceeds 1000 each time after the statistic has dropped below 50.
<Sysname> system-view
[Sysname] rtm cli-policy test
[Sysname-rtm-test] event interface gigabitethernet 1/0/1 monitor-obj input-errors start-op gt start-val 1000 restart-op lt restart-val 50 interval 60
event process
Use event process to configure a process event for a CLI-defined monitor policy.
Use undo event to delete the event in a CLI-defined monitor policy.
Syntax
Distributed devices in standalone mode/centralized devices in standalone or IRF mode:
event process { exception | restart | shutdown | start } [ name process-name [ instance instance-id ] ] [ slot slot-number ]
undo event
Distributed devices in IRF mode:
event process { exception | restart | shutdown | start } [ name process-name [ instance instance-id ] ] [ chassis chassis-number [ slot slot-number ] ]
undo event
Default
No process event is configured.
Views
CLI-defined policy view
Predefined user roles
network-admin
Parameters
exception: Monitors the specified process for exceptional events. EAA executes the policy when an exception occurs to the monitored process.
restart: Monitors the specified process for restart events. EAA executes the policy when the monitored process restarts.
shutdown: Monitors the specified process for shutdown events. EAA executes the policy when the monitored process is shut down.
start: Monitors the specified process for start events. EAA executes the policy when the monitored process starts.
name process-name: Specifies a user-mode process by its name. The process can be one that is running or not running. If you do not specify a name, this command monitors all use-mode processes.
instance instance-id: Specifies a process instance ID in the range of 0 to 4294967295. The instance ID can be one that has not been created yet. If you specify an instance, EAA only monitors the process instance. If you do not specify an instance, EAA monitors all instances of the process.
slot slot-number: Specifies a card by its slot number. If you do not specify a card, the policy applies to all cards. (Distributed devices in standalone mode.)
slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, the policy applies to all IRF member devices. (Centralized devices in IRF mode.)
slot slot-number: Specifies a card by its slot number. If you do not specify a card, the policy applies to all cards. (Distributed devices in IRF mode.)
chassis chassis-number: Specifies an IRF member device by its member ID. If you do not specify a member device, the policy applies to all IRF member devices. (Distributed devices in IRF mode.)
chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the card. If you do not specify a card, the policy applies to all cards on the specified member device. (Distributed devices in IRF mode.)
Usage guidelines
Use process event monitor policies to monitor process state changes. These changes can result from manual operations or automatic system operations.
You can configure only one event for a monitor policy. If the monitor policy already contains an event, the new event replaces the old event.
Examples
# Configure a CLI-defined policy to monitor all instances of the process snmpd for restart events.
<Sysname>system-view
[Sysname] rtm cli-policy test
[Sysname-rtm-test] event process restart name snmpd
event snmp oid
Use event snmp oid to configure an SNMP event for a CLI-defined monitor policy.
Use undo event to delete the event in a CLI-defined monitor policy.
Syntax
event snmp oid oid monitor-obj { get | next } start-op start-op start-val start-val restart-op restart-op restart-val restart-val [ interval interval ]
undo event
Default
No SNMP event is configured.
Views
CLI-defined policy view
Predefined user roles
network-admin
Parameters
oid oid: Specifies the OID of the monitored MIB variable, a string of 1 to 256 characters.
monitor-obj { get | next }: Specifies the SNMP operation used for sampling variable values. The get keyword represents the SNMP get operation, and the next keyword represents the SNMP getNext operation.
start-op start-op: Specifies the operator for comparing the sampled value with the start threshold. The start threshold is crossed if the comparison result meets the condition. For keywords available for the start-op argument, see Table 62.
start-val start-val: Specifies the start threshold to be compared with the sampled value. The start-val argument can be any data type supported by SNMP, including numerals and character strings. The CLI online help system displays the value range as character strings of 1 to 512 characters. If the threshold value contains spaces, you must enclose the value in quotation marks (" ").
restart-op op: Specifies the operator for comparing the sampled value with the restart threshold. The restart threshold is crossed if the comparison result meets the condition. For keywords available for the start-op argument, see Table 62.
restart-op restart-val: Specifies the restart threshold to be compared with the sampled value. The restart-val argument can be any data type supported by SNMP, including numerals and character strings. The CLI online help system displays the value range as character strings of 1 to 512 characters. If the threshold value contains spaces, you must enclose the value in quotation marks (" ").
interval interval: Specifies the sampling interval in the range of 1 to 4294967295, in seconds. The default value is 300.
Usage guidelines
Use SNMP event monitor policy to monitor value changes of MIB variables.
You can configure only one event for a monitor policy. If the monitor policy already contains an event, the new event replaces the old event.
EAA executes an SNMP event policy when the monitored MIB variable's value crosses the start threshold in the following situations:
· The monitored variable's value crosses the start threshold for the first time.
· The monitored variable's value crosses the start threshold each time after it crosses the restart threshold.
The following is the SNMP event monitor process of EAA:
1. Compares the variable sample with the start threshold at sampling intervals until the start threshold is crossed.
2. Executes the policy.
3. Compares the variable sample with the restart threshold at sampling intervals until the restart threshold is crossed.
4. Compares the variable sample with the start threshold at sampling intervals until the start threshold is crossed.
5. Executes the policy again.
This process cycles for the monitor policy to be executed and re-executed.
Examples
# Configure a CLI-defined policy to get the value of the MIB variable 1.3.6.4.9.9.42.1.2.1.6.4 every five seconds. Set the start threshold to 1 and the restart threshold to 2. Enable EAA to execute the policy when the value changes to 1 for the first time. Enable EAA to re-execute the policy if the value changes to 1 each time after the value has changed to 2.
<Sysname> system-view
[Sysname] rtm cli-policy test
[Sysname-rtm-test] event snmp oid 1.3.6.4.9.9.42.1.2.1.6.4 monitor-obj get start-op eq start-val 1 restart-op eq restart-val 2 interval 5
event snmp-notification
Use event snmp-notification to configure an SNMP-Notification event for a CLI-defined policy.
Use undo event to remove the event in a CLI-defined policy.
Syntax
event snmp-notification oid oid oid-val oid-val op op [ drop ]
undo event
Default
No SNMP-Notification event is configured.
Views
CLI-defined policy view
Predefined user roles
network-admin
Parameters
oid oid: Specifies the OID of the monitored MIB variable, a string of 1 to 256 characters.
oid-val oid-val: Specifies the threshold to be compared with the sampled value. The oid-val argument can be any data type supported by SNMP, including numerals and character strings. The CLI online help system displays the value range as character strings of 1 to 512 characters. If the threshold value contains spaces, you must enclose the value in quotation marks (" ").
op op: Specifies the operator for comparing the sampled value with the threshold. The policy is executed if the comparison result meets the condition. For keywords available for the start-op argument, see Table 62.
drop: Drops the notification if the comparison result meets the condition. If this keyword is not specified, the system sends the notification.
Usage guidelines
Use SNMP-Notification event monitor policies to monitor variables in SNMP notifications.
EAA executes an SNMP-Notification event monitor policy when the value of the monitored variable in an SNMP notification meets the specified condition.
You can configure only one event for a monitor policy. If the monitor policy already contains an event, the new event replaces the old event.
Examples
# Configure a CLI-defined policy test to monitor SNMP notifications that contain the variable OID 1.3.6.1.4.1.25506.2.2.1.1.2.1.0. Enable the system to drop an SNMP notification and execute the policy if the variable in the notification contains the user name admin.
<Sysname> system-view
[Sysname] rtm cli-policy test
[Sysname-rtm-test] event snmp-notification oid 1.3.6.1.4.1.25506.2.2.1.1.2.1.0 oid-val admin op eq drop
event syslog
Use event syslog to configure a Syslog event for a CLI-defined monitor policy.
Use undo event to delete the event in a CLI-defined monitor policy.
Syntax
event syslog priority priority msg msg occurs times period period
undo event
Default
No Syslog event is configured.
Views
CLI-defined policy view
Predefined user roles
network-admin
Parameters
priority priority: Specifies the lowest severity level for matching log messages. The level argument can be an integer in the range of 0 to 7, or the word all, which represents any severity level from 0 to 7. A lower number represents higher priority level. For example, specify a severity level of 3 to match log messages from level 3 to level 0.
msg msg: Specifies a regular expression to match the message body, a string of 1 to 255 characters. The log message must use the H3C format. For more information about log message formats, see information center configuration in Network Management and Monitoring Configuration Guide For more information about regular expressions, see CLI configuration in Fundalmentals Configuration Guide.
occurs times period period: Executes the policy if the number of log matches over an interval exceeds the limit. The times argument specifies the maximum number of log matches in the range of 1 to 32. The period argument specifies an interval in the range of 1 to 4294967295 seconds.
Usage guidelines
Use Syslog event monitor policies to monitor log messages.
EAA executes a Syslog event monitor policy when the number of matching logs over an interval reaches the limit.
|
NOTE: EAA does not count log messages generated by the RTM module when it counts log matches. |
You can configure only one event for a monitor policy. If the monitor policy already contains an event, the new event replaces the old event.
Examples
# Configure a CLI-defined policy to monitor Syslog messages for level 3 to level 0 messages that contain the down string. Enable the policy to execute when five log matches are found within 6 seconds.
<Sysname> system-view
[Sysname] rtm cli-policy test
[Sysname-rtm-test] event syslog priority 3 msg down occurs 5 period 6
event track
Use event track to configure a track event for a CLI-defined monitor policy.
Use undo event to delete the event in a CLI-defined monitor policy.
Syntax
event track track-list state { negative | positive } [ suppress-time suppress-time ]
undo event
Default
No track event is configured.
Views
CLI-defined policy view
Predefined user roles
network-admin
Parameters
track-list: Specifies a space-separated list of up to 16 track items. Each item specifies a track entry number or a range of track entry numbers in the form of track-entry-number to track-entry-number. The value range for the track-entry-number argument is 1 to 1024.
state { negative | positive }: Monitors state change of the track entries.
· negative: Triggers the policy when the state of the track entries changes from Positive to Negative.
· positive: Triggers the policy when the state of the track entries changes from Negative to Positive.
suppress-time suppress-time: Sets a suppress time in the range of 1 to 4294967295, in seconds. The default value is 0.
Usage guidelines
Use track event monitor policies to monitor state change of track entries. If you specify one track entry for a policy, EAA triggers the policy when the state of the track entry changes from Positive to Negative or from Negative to Positive. If you specify multiple track entries for a policy, EAA triggers the policy only when the state of all the track entries changes from Positive (Negative) to Negative (Positive).
If you set a suppress time for a track event monitor policy, the timer starts when the policy is triggered. The system does not process the messages that report the track entry state change Positive (Negative) to Negative (Positive) until the timer times out.
For example, to automatically disconnect the sessions between the local device and its down link BGP peers when the sessions between the local device and its uplink BGP peers are disconnected, you can configure a track event monitor policy as follows:
· Configure a track event for the policy and specify track entries to monitor the links between the local device and its uplink BGP peers.
· Add the CLI action peer ignore to the policy to disable BGP session establishment between the local device and its downlink BGP peers.
You can configure only one event entry for a monitor policy. If the monitor policy already contains an event entry, the new event entry replaces the old event entry.
Examples
# Create CLI-defined monitor policy test. Configure a track event for the policy that occurs when the state of track entry 1 to track entry 8 changes from Positive to Negative. Set the suppress time to 180 seconds for the policy.
<Sysname>system-view
[Sysname] rtm cli-policy test
[Sysname-rtm-test] event track 1 to 8 state negative suppress-time 180
rtm cli-policy
Use rtm cli-policy to create a CLI-defined EAA monitor policy and enter its view, or enter the view of an existing CLI-defined EAA monitor policy.
Use undo rtm cli-policy to delete a CLI-defined monitor policy.
Syntax
rtm cli-policy policy-name
undo rtm cli-policy policy-name
Default
No CLI-defined monitor policies exist.
Views
System view
Predefined user roles
network-admin
Parameters
policy-name: Specifies the name of a CLI-defined monitor policy, a case-sensitive string of 1 to 63 characters.
Usage guidelines
You must create a CLI-defined monitor policy before you can use the CLI to configure settings in the policy.
You can assign the same policy name to a CLI-defined policy and a Tcl-defined policy, but you cannot assign the same name to policies that are the same type.
For a CLI-defined monitor policy to take effect, you must execute the commit command after you complete configuring the policy.
Examples
# Create a CLI-defined policy and enter its view.
<Sysname> system-view
[Sysname] rtm cli-policy test
Related commands
commit
rtm environment
Use rtm environment to configure an EAA environment variable.
Use undo rtm environment to delete a user-defined EAA environment variable.
Syntax
rtm environment var-name var-value
undo rtm environment var-name
Default
No user-defined EAA environment variables exist.
The system provides the variables in Table 63. You cannot create, delete, or modify these system-defined variables.
Table 63 System-defined EAA environment variables by event type
Variable name |
Description |
Any event: |
|
_event_id |
Event ID. |
_event_type |
Event type. |
_event_type_string |
Event type description. |
_event_time |
Time when the event occurs. |
_event_severity |
Severity level of an event. |
CLI: |
|
_cmd |
Commands that are matched. |
Syslog: |
|
_syslog_pattern |
Log message content. |
Hotplug: |
|
_slot |
(Centralized devices in standalone mode.) 0. (Distributed devices.) ID of the slot where card hot-swapping occurs. (Centralized devices in IRF mode.) ID of the member device that joins or leaves the IRF fabric. |
_subslot |
ID of the subslot where a hot swap event occurs. |
Interface: |
|
_ifname |
Interface name. |
SNMP: |
|
_oid |
OID of the MIB variable where an SNMP operation is performed. |
_oid_value |
Value of the MIB variable. |
SNMP-Notification: |
|
_oid |
OID that is included in the SNMP notification. |
Process: |
|
_process_name |
Process name. |
Views
System view
Predefined user roles
network-admin
Parameters
var-name: Specifies a user-defined EAA environment variable by its name, a case-sensitive string of 1 to 63 characters. The name can contain digits, letters, and the underscore sign (_), but its leading character cannot be the underscore sign.
var-value: Specifies the variable value.
Usage guidelines
When you define an action, you can enter a variable name with a leading dollar sign ($variable_name) instead of entering a value for an argument. EAA will replace the variable name with the variable value when it performs the action.
For an action argument, you can specify a list of variable names in the form of $variable_name1$variable_name2...$variable_nameN.
Examples
# Create an environment variable: set its name to if and set its value to interface.
<Sysname> system-view
[Sysname] rtm environment if interface
rtm scheduler suspend
Use rtm scheduler suspend to suspend monitor policies.
Use undo rtm scheduler suspend to resume monitor policies.
Syntax
rtm scheduler suspend
undo rtm scheduler suspend
Views
System view
Predefined user roles
network-admin
Usage guidelines
This command disables all CLI-defined and Tcl-defined monitor policies except for the monitor policies that are running.
To revise the Tcl script of a policy, you must suspend all monitor policies first, and then resume the policies after you finish revising the script. The system cannot execute a Tcl-defined policy if you edit its Tcl script without suspending all monitor policies.
Examples
# Suspend monitor policies.
<Sysname> system-view
[Sysname] rtm scheduler suspend
rtm tcl-policy
Use rtm tcl-policy to create a Tcl-defined policy and bind it to a Tcl script file.
Use undo rtm tcl-policy to delete a Tcl policy.
Syntax
rtm tcl-policy policy-name tcl-filename
undo rtm tcl-policy policy-name
Default
No Tcl policies exist.
Views
System view
Predefined user roles
network-admin
Parameters
policy-name: Specifies a policy name, a case-sensitive string of 1 to 63 characters.
tcl-filename: Specifies a .tcl script file name. The file name is case sensitive. You must make sure the file is available on a storage medium of the device.
Usage guidelines
When you use this command to create a Tcl-defined policy, follow these guidelines:
(Centralized devices in IRF mode.) Make sure the script file is saved on all IRF member devices. This practice ensures that the policy can run correctly after a master/subordinate switchover occurs or the member device where the script file resides leaves the IRF.
(Distributed devices in IRF or standalone mode.) Make sure the script file is saved on all MPUs. This practice ensures that the policy can run correctly after an active/standby or master/standby switchover occurs or the MPU where the script file resides fails or is removed.
This command both creates and enables the specified Tcl-defined monitor policy. To revise the Tcl script of a Tcl-defined policy, you must suspend all monitor policies first, and then resume the policies after you finish revising the script. The system cannot execute a Tcl-defined policy if you edit its Tcl script without suspending all monitor policies.
To bind a Tcl-defined policy to a different Tcl script file:
1. Execute the undo rtm tcl-policy policy-name command to delete the Tcl policy.
2. Create the Tcl policy again, and then bind it to the new Tcl script file.
You can assign the same policy name to a CLI-defined policy and a Tcl-defined policy. However, you cannot assign the same name to policies that are the same type.
Examples
# Create a Tcl policy and bind it to a Tcl script file.
<Sysname> system-view
[Sysname] rtm tcl-policy test test.tcl
running-time
Use running-time to set the duration that a CLI-defined policy executes its actions.
Use undo running-time to restore the default.
Syntax
running-time time
undo running-time
Default
A CLI-defined policy executes its actions for a period of 20 seconds.
Views
CLI-defined policy view
Predefined user roles
network-admin
Parameters
time: Specifies the duration that a CLI-defined policy execute its actions, in the range of 0 to 31536000, in seconds. If you specify 0, the policy runs its actions forever until it is manually interrupted.
Usage guidelines
This command limits the amount of time that a CLI-defined policy executes its actions from the time the policy is triggered. When the duration expires, the policy stops executing its actions even if the execution is not finished.
This setting prevents a CLI-defined policy from executing its actions permanently to occupy resources.
Examples
# Set the duration for CLI-defined policy test to execute its actions to 60 seconds.
<Sysname> system-view
[Sysname] rtm cli-policy test
[Sysname-rtm-test] running-time 60
user-role
Use user-role to assign a user role to a CLI-defined policy.
Use undo user-role to remove a user role from a CLI-defined policy.
Syntax
user-role role-name
undo user-role role-name
Default
A monitor policy contains user roles that its creator had at the time of policy creation.
Views
CLI-defined policy view
Predefined user roles
network-admin
Parameters
role-name: Specifies a user role by its name, a case-sensitive string of 1 to 63 characters.
Usage guidelines
For EAA to execute an action in a monitor policy, you must assign the policy the user role that has access to the action-specific commands and resources. If EAA lacks access to an action-specific command or resource, EAA does not perform the action and all the subsequent actions.
For example, a monitor policy has four actions numbered from 1 to 4. The policy has user roles that are required for performing actions 1, 3, and 4, but it does not have the user role required for performing action 2. When the policy is triggered, EAA executes only action 1.
A monitor policy supports a maximum of 64 valid user roles. User roles added after this limit is reached do not take effect.
An EAA policy cannot have both the security-audit user role and any other user roles. Any previously assigned user roles are automatically removed when you assign the security-audit user role to the policy. The previously assigned security-audit user role is automatically removed when you assign any other user roles to the policy.
Examples
# Assign user roles to a CLI-defined policy.
<Sysname> system-view
[Sysname] rtm cli-policy test
[Sysname-rtm-test] user-role network-admin
[Sysname-rtm-test] user-role admin
Process monitoring and maintenance commands
Commands and descriptions for centralized devices apply to the following routers:
· MSR810/810-W/810-W-DB/810-LM/810-W-LM/810-10-PoE/810-LM-HK/810-W-LM-HK/810-LMS/810-LUS.
· MSR2600-6-X1/2600-10-X1.
· MSR 2630.
· MSR3600-28/3600-51.
· MSR3600-28-SI/3600-51-SI.
· MSR3610-X1/3610-X1-DP/3610-X1-DC/3610-X1-DP-DC.
· MSR 3610/3620/3620-DP/3640/3660.
· MSR810-LM-GL/810-W-LM-GL/830-6EI-GL/830-10EI-GL/830-6HI-GL/830-10HI-GL/2600-6-X1-GL/3600-28-SI-GL.
Commands and descriptions for distributed devices apply to the following routers:
· MSR5620.
· MSR 5660.
· MSR 5680.
The display memory, display process, display process cpu, monitor process, and monitor thread commands display information about both user processes and kernel threads. In these commands, "process" refers to both user processes and kernel threads.
display exception context
Use display exception context to display context information for process exceptions.
Syntax
Centralized devices in standalone mode:
display exception context [ count value ]
Distributed devices in standalone mode/centralized devices in IRF mode:
display exception context [ count value ] [ slot slot-number [ cpu cpu-number ] ]
Distributed devices in IRF mode:
display exception context [ count value ] [ chassis chassis-number slot slot-number [ cpu cpu-number ] ]
Views
Any view
Predefined user roles
network-admin
Parameters
count value: Specifies the number of context information entries, in the range of 1 to 20. The default value is 1.
slot slot-number: Specifies an MPU by its slot number. If you do not specify this option, the command displays context information for process exceptions on the active MPU. (Distributed devices in standalone mode.)
slot slot-number: Specifies an IRF member device by its ID. If you do not specify this option, the command displays context information for process exceptions on the IRF master device. (Centralized devices in IRF mode.)
chassis chassis-number slot slot-number: Specifies an MPU on an IRF member device. If you do not specify this option, the command displays context information for process exceptions on the global active MPU. (Distributed devices in IRF mode.)
cpu cpu-number: Specifies a CPU by its number. (Centralized devices in IRF mode/distributed devices in IRF or standalone mode.)
Usage guidelines
The system generates a context information entry for each process exception. A context information entry includes the process ID, the crash time, the core file directory, stack information, and register information.
Examples
# Display the exception context information on the x86-based 32-bit device.
<Sysname> display exception context
Index 1 of 1
------------------------------
Crashed PID: 120 (routed)
Crash signal: SIGBUS
Crash time: Tue Apr 9 17:14:30 2013
Core file path:
flash:/core/node0_routed_120_7_20130409-171430_1365527670.core
#0 0xb7caba4a
#1 0x0804cb79
#2 0xb7cd77c4
#3 0x08049f45
Backtrace stopped.
Registers' content
eax:0xfffffffc ebx:0x00000003 ecx:0xbfe244ec edx:0x0000000a
esp:0xbfe244b8 ebp:0xbfe244c8 esi:0xffffffff edi:0xbfe24674
eip:0xb7caba4a eflag:0x00000292 cs:0x00000073 ss:0x0000007b
ds:0x0000007b es:0x0000007b fs:0x00000000 gs:0x00000033
# Display the exception context information on the x86-based 64-bit device.
<Sysname> display exception context
Index 1 of 1
------------------------------
Crashed PID: 121 (routed)
Crash signal: SIGBUS
Crash time: Sun Mar 31 11:12:21 2013
Core file path:
flash:/core/node0_routed_121_7_20130331-111221_1364728341.core
#0 0x00007fae7dbad20c
#1 0x00000000004059fa
#2 0x00007fae7dbd96c0
#3 0x0000000000402b29
Backtrace stopped.
Registers' content
rax:0xfffffffffffffffc rbx:0x00007fff88a5dd10
rcx:0xffffffffffffffff rdx:0x000000000000000a
rsi:0x00007fff88a5dd10 rdi:0x0000000000000003
rbp:0x00007fff88a5dcf0 rsp:0x00007fff88a5dcf0
r8:0x00007fae7ea587e0 r9:0x0000000000000079
r10:0xffffffffffffffff r11:0x0000000000000246
r12:0x0000000000405b18 r13:0x00007fff88a5ff7a
r14:0x00007fff88a5de30 r15:0x0000000000000000
rip:0x00007fae7dbad20c flag:0x0000000000000246
cs:0x0000000000000033 ss:0x000000000000002b
ds:0x0000000000000000 es:0x0000000000000000
fs:0x0000000000000000 gs:0x0000000000000000
fs_base:0x00007fae80a5d6a0 gs_base:0x0000000000000000
orig_ax:0x00000000000000e8
# Display the exception context information on the PowerPC-based 32-bit device.
<Sysname> display exception context
Index 1 of 1
------------------------------
Crashed PID: 133 (routed)
Crash signal: SIGBUS
Crash time: Wed Apr 10 15:47:49 2013
Core file path:
flash:/core/node0_routed_133_7_20130410-154749_1365608869.core
#0 0x184720bc
#1 0x10006b4c
Backtrace stopped.
Registers' content
grp00: 0x000000ee 0x7ffd6ad0 0x1800f440 0x00000004
grp04: 0x7ffd6af8 0x0000000a 0xffffffff 0x184720bc
grp08: 0x0002d200 0x00000003 0x00000001 0x1847209c
grp12: 0x10006b4c 0x10020534 0xd6744100 0x00000000
grp16: 0x00000000 0xa0203ff0 0xa028b12c 0xa028b13c
grp20: 0xa028b148 0xa028b168 0xa028b178 0xa028b190
grp24: 0xa028b1a8 0xa028b1b8 0x00000000 0x7ffd6c08
grp28: 0x10006cac 0x7ffd6f92 0x184c1b84 0x7ffd6ae0
nip:0x184720bc lr:0x10006b4c cr:0x38000022 ctr:0x1847209c
msr:0x0002db00 xer:0x00000000 ret:0xfffffffc dsisr:0x08000000
gr3:0x00000003 mq:0x00000000 trap:0x00000c00 dar:0x1833114c
# Display the exception context information on the PowerPC-based 64-bit device.
<Sysname> display exception context
Index 1 of 1
------------------------------
Crashed PID: 172 (routed)
Crash signal: SIGBUS
Crash time: Sat Sep 15 16:53:16 2007
Core file path:
cfa0:/core/node1_routed_172_7_20070915-165316_1189875196.core
#0 0x00000fff803c66b4
#1 0x0000000010009b94
#2 0x00000fff80401814
Backtrace stopped.
Registers' content
grp00: 0x00000000000000ee 0x00000fffffd04840
grp02: 0x00000fff80425c28 0x0000000000000004
grp04: 0x00000fffffd048c0 0x000000000000000a
grp06: 0xffffffffffffffff 0x00000fff803c66b4
grp08: 0x000000008002d000 0x0000000000000000
grp10: 0x0000000000000000 0x0000000000000000
grp12: 0x0000000000000000 0x00000fff80a096b0
grp14: 0x000000007b964c00 0x000000007b7d0000
grp16: 0x0000000000000001 0x000000000000000b
grp18: 0x0000000000000031 0x0000000000a205b8
grp20: 0x0000000000a20677 0x0000000000000000
grp22: 0x000000007bb91014 0x0000000000000000
grp24: 0xc0000000005ae1c8 0x0000000000000000
grp26: 0xc0000001f00bff20 0xc0000001f00b0000
grp28: 0x00000fffffd04a30 0x000000001001aed8
grp30: 0x00000fffffd04fae 0x00000fffffd04840
nip:0x00000fff803c66b4 lr:0x0000000010009b94
cr:0x0000000058000482 ctr:0x00000fff803c66ac
msr:0x000000008002d000 xer:0x0000000000000000
ret:0xfffffffffffffffc dsisr:0x0000000000000000
gr3:0x0000000000000003 softe:0x0000000000000001
trap:0x0000000000000c00 dar:0x00000fff8059d14c
# Display the exception context information on the MIPS-based 32-bit device.
<Sysname> display exception context
Index 1 of 1
------------------------------
Crashed PID: 182 (routed)
Crash signal: SIGBUS
Crash time: Sun Jan 2 08:11:38 2013
Core file path:
flash:/core/node4_routed_182_10_20130102-081138_1293955898.core
#0 0x2af2faf4
#1 0x00406d8c
Backtrace stopped.
Registers' content
zero:0x00000000 at:0x1000dc00 v0:0x00000004 v1:0x00000003
a0:0x00000003 a1:0x7fd267e8 a2:0x0000000a a3:0x00000001
t0:0x00000000 t1:0xcf08fa14 t2:0x80230510 t3:0xfffffff8
t4:0x69766520 t5:0x00000000 t6:0x63cc6000 t7:0x44617461
s0:0x7fd26f81 s1:0x00401948 s2:0x7fd268f8 s3:0x803e1db0
s4:0x803e1da0 s5:0x803e1d88 s6:0x803e1d70 s7:0x803e1d60
t8:0x00000008 t9:0x2af2fae0 k0:0x00000000 k1:0x00000000
gp:0x2af9a3a0 sp:0x7fd267c0 s8:0x7fd267c0 ra:0x00406d8c
sr:0x0000dc13 lo:0xef9db265 hi:0x0000003f bad:0x2add2010
cause:0x00800020 pc:0x2af2faf4
# Display the exception context information on the MIPS-based 64-bit device.
<Sysname> display exception context
Index 1 of 1
------------------------------
Crashed PID: 270 (routed)
Crash signal: SIGBUS
Crash time: Wed Mar 27 12:39:12 2013
Core file path:
flash:/core/node16_routed_270_10_20130327-123912_1364387952.core
#0 0x0000005555a3bcb4
#1 0x0000000120006c1c
Backtrace stopped.
Registers' content
zero:0x0000000000000000 at:0x0000000000000014
v0:0x0000000000000004 v1:0x0000000000000003
a0:0x0000000000000003 a1:0x000000ffff899d90
a2:0x000000000000000a a3:0x0000000000000001
a4:0x0000005555a9b4e0 a5:0x0000000000000000
a6:0xffffffff8021349c a7:0x20696e206368616e
t0:0x0000000000000000 t1:0xffffffff80105068
t2:0xffffffff80213890 t3:0x0000000000000008
s0:0x0000005555a99c40 s1:0x000000ffff89af5f
s2:0x0000000120007320 s3:0x0000005555a5f470
s4:0x000000ffff899f80 s5:0xffffffff803cc6c0
s6:0xffffffff803cc6a8 s7:0xffffffff803cc690
t8:0x0000000000000002 t9:0x0000005555a3bc98
k0:0x0000000000000000 k1:0x0000000000000000
gp:0x0000000120020460 sp:0x000000ffff899d70
s8:0x000000ffff899d80 ra:0x0000000120006c1c
sr:0x000000000400fff3 lo:0xdf3b645a1cac08c9
hi:0x000000000000007f bad:0x000000555589ba84
cause:0x0000000000800020 pc:0x0000005555a3bcb4
Table 64 Command output
Filed |
Description |
Crashed PID |
ID of the crashed process. |
Crash signal |
Signals that led to the crash: · SIGABRT—Abort. · SIGBUS—Bus error. · SIGFPE—Erroneous arithmetic operation. · SIGILL—Illegal hardware instructions. · SIGQUIT—Quit signal sent by the controlling terminal. · SIGSEGV—Invalid memory access. · SIGSYS—Invalid system call. · SIGTRAP—Trap message. · SIGXCPU—CPU usage limit exceeded. · SIGXFSZ—File size limit exceeded. · SIGUNKNOW—Unknown reason. |
Crash time |
Time when the crash occurred. |
Core file path |
Directory where the core file is saved. |
Backtrace stopped |
All stack information has been displayed. |
Related commands
reset exception context
display exception filepath
Use display exception filepath to display the core file directory.
Syntax
Centralized devices in standalone mode:
display exception filepath
Distributed devices in standalone mode/centralized devices in IRF mode:
display exception filepath [ slot slot-number [ cpu cpu-number ] ]
Distributed devices in IRF mode:
display exception filepath [ chassis chassis-number slot slot-number [ cpu cpu-number ] ]
Views
Any view
Predefined user roles
network-admin
Parameters
slot slot-number: Specifies an MPU by its slot number. If you do not specify this option, the command displays the core file directory on the active MPU. (Distributed devices in standalone mode.)
slot slot-number: Specifies an IRF member device by its ID. If you do not specify this option, the command displays the core file directory on the IRF master device. (Centralized devices in IRF mode.)
chassis chassis-number slot slot-number: Specifies an MPU on an IRF member device. If you do not specify this option, the command displays the core file directory on the global active MPU. (Distributed devices in IRF mode.)
cpu cpu-number: Specifies a CPU by its number. (Centralized devices in IRF mode/distributed devices in IRF or standalone mode.)
Examples
# Display the core file directory on the MPU. (Centralized devices in standalone mode.)
<Sysname> display exception filepath
The exception filepath is flash:.
# Display the core file directory on the active MPU. (Distributed devices in standalone mode/centralized devices in IRF mode.)
<Sysname> display exception filepath
The exception filepath on slot 0 is flash:.
# Display the core file directory on the standby MPU. (Distributed devices in standalone mode/centralized devices in IRF mode.)
<Sysname> display exception filepath slot 1
The exception filepath on slot 1 is NULL.
# Display the core file directory on the global active MPU. (Distributed devices in IRF mode.)
<Sysname> display exception filepath
The exception filepath on chassis 0 slot 1 is flash:.
display kernel deadloop
Use display kernel deadloop to display kernel thread deadloop information.
Syntax
Centralized devices in standalone mode:
display kernel deadloop show-number [ offset ] [ verbose ]
Distributed devices in standalone mode/centralized devices in IRF mode:
display kernel deadloop show-number [ offset ] [ verbose ] [ slot slot-number [ cpu cpu-number ] ]
Distributed devices in IRF mode:
display kernel deadloop show-number [ offset ] [ verbose ] [ chassis chassis-number slot slot-number [ cpu cpu-number ] ]
Views
Any view
Predefined user roles
network-admin
Parameters
show-number: Specifies the number of deadloops to display, in the range of 1 to 10.
offset: Specifies the offset between the starting deadloop and the latest deadloop, in the range of 0 to 9. The default value is 0.
verbose: Displays detailed information. If you do not specify this keyword, the command displays brief information.
slot slot-number: Specifies an MPU by its slot number. If you do not specify this option, the command displays kernel thread deadloop information for the active MPU. (Distributed devices in standalone mode.)
slot slot-number: Specifies an IRF member device by its ID. If you do not specify this option, the command displays kernel thread deadloop information for the master device. (Centralized devices in IRF mode.)
chassis chassis-number slot slot-number: Specifies an MPU on an IRF member device. If you do not specify this option, the command displays kernel thread deadloop information for the global active MPU. (Distributed devices in IRF mode.)
cpu cpu-number: Specifies a CPU by its number. (Centralized devices in IRF mode/distributed devices in IRF or standalone mode.)
Examples
# Display brief information about the latest kernel thread deadloop.
<Sysname> display kernel deadloop 1
----------------- Deadloop record 1 -----------------
Description : BUG: soft lockup - CPU#0 stuck for 61! [comsh: 16306]
Recorded at : 2013-05-01 11:16:00.823018
Occurred at : 2013-05-01 11:16:00.823018
Instruction address : 0x4004158c
Thread : comsh (TID: 16306)
Context : thread context
Chassis : 0
Slot : 0
Cpu : 0
VCPU ID : 0
Kernel module info : module name (mrpnc) module address (0xe332a000)
# Display detailed information about the latest kernel thread deadloop.
<Sysname> display kernel deadloop 1 verbose
----------------- Deadloop record 1 -----------------
Description : BUG: soft lockup - CPU#0 stuck for 61! [comsh: 16306]
Recorded at : 2013-05-01 11:16:00.823018
Occurred at : 2013-05-01 11:16:00.823018
Instruction address : 0x4004158c
Thread : comsh (TID: 16306)
Context : thread context
Chassis : 0
Slot : 0
Cpu : 0
VCPU ID : 0
Kernel module info : module name (mrpnc) module address (0xe332a000)
Last 5 thread switches : migration/0 (11:16:00.823018)-->
swapper (11:16:00.833018)-->
kthreadd (11:16:00.833518)-->
swapper (11:16:00.833550)-->
disk (11:16:00.833560)
Register content:
Reg: r0, Val = 0x00000000 ; Reg: r1, Val = 0xe2be5ea0 ;
Reg: r2, Val = 0x00000000 ; Reg: r3, Val = 0x77777777 ;
Reg: r4, Val = 0x00000000 ; Reg: r5, Val = 0x00001492 ;
Reg: r6, Val = 0x00000000 ; Reg: r7, Val = 0x0000ffff ;
Reg: r8, Val = 0x77777777 ; Reg: r9, Val = 0x00000000 ;
Reg: r10, Val = 0x00000001 ; Reg: r11, Val = 0x0000002c ;
Reg: r12, Val = 0x057d9484 ; Reg: r13, Val = 0x00000000 ;
Reg: r14, Val = 0x00000000 ; Reg: r15, Val = 0x02000000 ;
Reg: r16, Val = 0xe2be5f00 ; Reg: r17, Val = 0x00000000 ;
Reg: r18, Val = 0x00000000 ; Reg: r19, Val = 0x00000000 ;
Reg: r20, Val = 0x024c10f8 ; Reg: r21, Val = 0x057d9244 ;
Reg: r22, Val = 0x00002000 ; Reg: r23, Val = 0x0000002c ;
Reg: r24, Val = 0x00000002 ; Reg: r25, Val = 0x24000024 ;
Reg: r26, Val = 0x00000000 ; Reg: r27, Val = 0x057d9484 ;
Reg: r28, Val = 0x0000002c ; Reg: r29, Val = 0x00000000 ;
Reg: r30, Val = 0x0000002c ; Reg: r31, Val = 0x00000000 ;
Reg: cr, Val = 0x84000028 ; Reg: nip, Val = 0x057d9550 ;
Reg: xer, Val = 0x00000000 ; Reg: lr, Val = 0x0186eff0 ;
Reg: ctr, Val = 0x682f7344 ; Reg: msr, Val = 0x00784b5c ;
Reg: trap, Val = 0x0000b030 ; Reg: dar, Val = 0x77777777 ;
Reg: dsisr, Val = 0x40000000 ; Reg: result, Val = 0x00020300 ;
Dump stack (total 1024 bytes, 16 bytes/line):
0xe2be5ea0: 02 be 5e c0 24 00 00 24 00 00 00 00 05 7d 94 84
0xe2be5eb0: 00 00 00 04 00 00 00 00 00 00 00 28 05 8d 34 c4
0xe2be5ec0: 02 be 60 a0 01 86 ef f0 00 00 00 00 00 00 00 00
0xe2be5ed0: 02 04 05 b4 00 00 00 00 00 00 00 00 00 00 00 00
0xe2be5ee0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0xe2be5ef0: 95 47 73 35 00 00 00 00 00 00 00 00 00 00 00 00
0xe2be5f00: a0 e1 64 21 00 00 00 00 00 00 00 00 00 00 00 00
0xe2be5f10: 00 00 00 00 00 00 00 00 00 00 00 00 01 e9 00 00
0xe2be5f20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0xe2be5f30: 00 00 00 00 00 00 00 00 02 be 66 c0 02 be 66 d0
0xe2be5f40: 02 be 61 e0 00 00 00 02 00 00 00 00 02 44 b3 a4
0xe2be5f50: 02 be 5f 90 00 00 00 08 02 be 5f e0 00 00 00 08
0xe2be5f60: 02 be 5f 80 00 ac 1b 14 00 00 00 00 00 00 00 00
0xe2be5f70: 05 b4 5f 90 02 be 5f e0 00 00 00 30 02 be 5f e0
0xe2be5f80: 02 be 5f c0 00 ac 1b f4 00 00 00 00 02 45 00 00
0xe2be5f90: 00 03 00 00 00 00 00 00 02 be 5f e0 00 00 00 30
0xe2be5fa0: 02 be 5f c0 00 ac 1b 14 61 f1 2e ae 02 45 00 00
0xe2be5fb0: 02 44 b3 74 02 be 5f d0 00 00 00 30 02 be 5f e0
0xe2be5fc0: 02 be 60 60 01 74 ff f8 00 00 00 00 00 00 08 00
0xe2be5fd0: 02 be 5f f0 00 e8 93 7e 02 be 5f f8 02 be 5f fc
0xe2be5fe0: 00 00 00 00 00 00 00 00 00 00 00 00 02 be 60 18
0xe2be5ff0: 02 be 60 10 00 e9 65 98 00 00 00 58 00 00 2a 4f
0xe2be6000: 02 be 60 10 00 00 00 00 00 00 00 00 02 be 60 68
0xe2be6010: 02 be 60 40 00 e8 c6 a0 00 00 11 17 00 00 00 00
0xe2be6020: 02 be 60 40 00 00 00 00 00 00 00 00 02 be 60 98
0xe2be6030: 02 27 00 00 00 00 00 00 00 00 00 00 02 be 60 68
0xe2be6040: 02 be 60 60 00 00 00 01 00 00 b0 30 02 be 60 98
0xe2be6050: 00 00 00 04 02 21 00 00 00 00 00 00 01 e9 00 00
0xe2be6060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0xe2be6070: 00 00 00 00 00 00 00 00 02 be 66 c0 02 be 66 d0
0xe2be6080: 02 be 61 e0 00 00 00 02 00 00 00 00 02 be 61 70
0xe2be6090: 00 00 00 00 02 21 00 00 05 8d 34 c4 05 7d 92 44
Call trace:
Function Address = 0x8012a4b4
Function Address = 0x8017989c
Function Address = 0x80179b30
Function Address = 0x80127438
Function Address = 0x8012d734
Function Address = 0x80100a00
Function Address = 0xe0071004
Function Address = 0x8016ce0c
Function Address = 0x801223a0
Instruction dump:
41a2fe9c 812300ec 800200ec 7f890000 409efe8c 80010014 540b07b9 40a2fe80
4bfffe6c 80780290 7f64db78 4804ea35 <807f002c> 38800000 38a00080 3863000c
Field |
Description |
Description |
Description for the kernel thread deadloop, including the CPU number, thread running time, thread name, and thread number. |
Recorded at |
Time when the kernel thread deadloop was recorded on the MPU, with microsecond precision. |
Occurred at |
Time when the kernel thread deadloop occurred, with microsecond precision. |
Instruction address |
Instruction address for the kernel thread deadloop. |
Thread |
Name and number of the kernel thread deadloop. |
Context |
Context for the kernel thread deadloop. |
Chassis |
Number of the IRF member device on which the kernel thread ran. |
Slot |
Slot number of the MPU on which the kernel thread ran. (Distributed devices in IRF or standalone mode.) ID of the IRF member device on which the kernel thread ran. (Centralized devices in IRF mode.) Fixed to 0 without any special meaning. (Centralized devices in standalone mode.) |
Cpu |
Number of the CPU where the kernel thread ran. |
VCPU ID |
Number of the CPU core where the kernel thread ran. |
Kernel module info |
Information about kernel modules that had been loaded when the kernel thread deadloop was detected, including kernel module name and memory address. |
Last 5 thread switches |
Last five kernel thread switches on the CPU before the kernel thread deadloop was detected, including kernel thread name and kernel thread switching time with microsecond precision. |
Register content |
Register information: · Reg—Name of a register. · Val—Value saved in a register. |
Dump stack |
Stack information. |
Call trace |
Function call stack information, which shows the instruction address of a called function at each level. |
Instruction dump |
Instruction code when the kernel thread deadloop was detected. ffffffff indicates an illegitimate instruction code. |
No information to display |
No kernel thread deadloop information. |
Related commands
reset kernel deadloop
display kernel deadloop configuration
Use display kernel deadloop configuration to display kernel thread deadloop detection configuration.
Syntax
Centralized devices in standalone mode:
display kernel deadloop configuration
Distributed devices in standalone mode/centralized devices in IRF mode:
display kernel deadloop configuration [ slot slot-number [ cpu cpu-number ] ]
Distributed devices in IRF mode:
display kernel deadloop configuration [ chassis chassis-number slot slot-number [ cpu cpu-number ] ]
Views
Any view
Predefined user roles
network-admin
Parameters
slot slot-number: Specifies an MPU by its slot number. If you do not specify this option, the command displays kernel thread deadloop detection configuration for the active MPU. (Distributed devices in standalone mode.)
slot slot-number: Specifies an IRF member device by its ID. If you do not specify this option, the command displays kernel thread deadloop detection configuration for the master device. (Centralized devices in IRF mode.)
chassis chassis-number slot slot-number: Specifies an MPU on an IRF member device. If you do not specify this option, the command displays kernel thread deadloop detection configuration for the global active MPU. (Distributed devices in IRF mode.)
cpu cpu-number: Specifies a CPU by its number. (Centralized devices in IRF mode/distributed devices in IRF or standalone mode.)
Examples
# Display kernel thread deadloop detection configuration.
<Sysname> display kernel deadloop configuration
Thread dead loop detection: Enabled
Dead loop timer (in seconds): 60
Threads excluded from monitoring: 1
TID: 15 Name: co0
Table 66 Command output
Field |
Description |
Dead loop timer (in seconds): n |
Time interval (in seconds) to identify a kernel thread deadloop. A kernel thread deadloop occurs if a kernel thread runs more than n seconds. |
Threads excluded from monitoring |
Kernel threads excluded from kernel thread deadloop detection. This field appears only if the monitor kernel deadloop exclude-thread command is configured. |
Name |
Kernel thread name. |
TID |
Kernel thread number. |
No thread is excluded from monitoring |
All kernel threads are monitored by kernel thread deadloop detection. |
display kernel exception
Use display kernel exception to display kernel thread exception information.
Syntax
Centralized devices in standalone mode:
display kernel exception show-number [ offset ] [ verbose ]
Distributed devices in standalone mode/centralized devices in IRF mode:
display kernel exception show-number [ offset ] [ verbose ] [ slot slot-number [ cpu cpu-number ] ]
Distributed devices in IRF mode:
display kernel exception show-number [ offset ] [ verbose ] [ chassis chassis-number slot slot-number [ cpu cpu-number ] ]
Views
Any view
Predefined user roles
network-admin
Parameters
show-number: Specifies the number of kernel exceptions to display, in the range of 1 to 10.
offset: Specifies the offset between the starting exception and the latest exception, in the range of 0 to 9. The default value is 0.
verbose: Displays detailed information. If you do not specify this keyword, the command displays brief information.
slot slot-number: Specifies an MPU by its slot number. If you do not specify this option, the command displays kernel thread exception information for the active MPU. (Distributed devices in standalone mode.)
slot slot-number: Specifies an IRF member device by its ID. If you do not specify this option, the command displays kernel thread exception information for the master device. (Centralized devices in IRF mode.)
chassis chassis-number slot slot-number: Specifies an MPU on an IRF member device. If you do not specify this option, the command displays kernel thread exception information for the global active MPU. (Distributed devices in IRF mode.)
cpu cpu-number: Specifies a CPU by its number. (Centralized devices in IRF mode/distributed devices in IRF or standalone mode.)
Usage guidelines
If an exception occurs to a running kernel thread, the system automatically records the exception information.
Examples
# Display brief information about the latest kernel thread exception.
<Sysname> display kernel exception 1
----------------- Exception record 1 -----------------
Description : Oops[#0]
Recorded at : 2013-05-01 11:16:00.823018
Occurred at : 2013-05-01 11:16:00.823018
Instruction address : 0x4004158c
Thread : comsh (TID: 16306)
Context : thread context
Chassis : 0
Slot : 0
Cpu : 0
VCPU ID : 0
Kernel module info : module name (mrpnc) module address (0xe332a000)
module name (disk) module address (0xe00bd000)
# Display detailed information about the latest kernel thread exception.
<Sysname> display kernel exception 1 verbose
----------------- Exception record 1 -----------------
Description : Oops[#0]
Recorded at : 2013-05-01 11:16:00.823018
Occurred at : 2013-05-01 11:16:00.823018
Instruction address : 0x4004158c
Thread : comsh (TID: 16306)
Context : thread context
Chassis : 0
Slot : 0
Cpu : 0
VCPU ID : 0
Kernel module info : module name (mrpnc) module address (0xe332a000)
module name (12500) module address (0xe00bd000)
Last 5 thread switches : migration/0 (11:16:00.823018)-->
swapper (11:16:00.833018)-->
kthreadd (11:16:00.833518)-->
swapper (11:16:00.833550)-->
disk (11:16:00.833560)
Register content:
Reg: r0, Val = 0x00000000 ; Reg: r1, Val = 0xe2be5ea0 ;
Reg: r2, Val = 0x00000000 ; Reg: r3, Val = 0x77777777 ;
Reg: r4, Val = 0x00000000 ; Reg: r5, Val = 0x00001492 ;
Reg: r6, Val = 0x00000000 ; Reg: r7, Val = 0x0000ffff ;
Reg: r8, Val = 0x77777777 ; Reg: r9, Val = 0x00000000 ;
Reg: r10, Val = 0x00000001 ; Reg: r11, Val = 0x0000002c ;
Reg: r12, Val = 0x057d9484 ; Reg: r13, Val = 0x00000000 ;
Reg: r14, Val = 0x00000000 ; Reg: r15, Val = 0x02000000 ;
Reg: r16, Val = 0xe2be5f00 ; Reg: r17, Val = 0x00000000 ;
Reg: r18, Val = 0x00000000 ; Reg: r19, Val = 0x00000000 ;
Reg: r20, Val = 0x024c10f8 ; Reg: r21, Val = 0x057d9244 ;
Reg: r22, Val = 0x00002000 ; Reg: r23, Val = 0x0000002c ;
Reg: r24, Val = 0x00000002 ; Reg: r25, Val = 0x24000024 ;
Reg: r26, Val = 0x00000000 ; Reg: r27, Val = 0x057d9484 ;
Reg: r28, Val = 0x0000002c ; Reg: r29, Val = 0x00000000 ;
Reg: r30, Val = 0x0000002c ; Reg: r31, Val = 0x00000000 ;
Reg: cr, Val = 0x84000028 ; Reg: nip, Val = 0x057d9550 ;
Reg: xer, Val = 0x00000000 ; Reg: lr, Val = 0x0186eff0 ;
Reg: ctr, Val = 0x682f7344 ; Reg: msr, Val = 0x00784b5c ;
Reg: trap, Val = 0x0000b030 ; Reg: dar, Val = 0x77777777 ;
Reg: dsisr, Val = 0x40000000 ; Reg: result, Val = 0x00020300 ;
Dump stack (total 1024 bytes, 16 bytes/line):
0xe2be5ea0: 02 be 5e c0 24 00 00 24 00 00 00 00 05 7d 94 84
0xe2be5eb0: 00 00 00 04 00 00 00 00 00 00 00 28 05 8d 34 c4
0xe2be5ec0: 02 be 60 a0 01 86 ef f0 00 00 00 00 00 00 00 00
0xe2be5ed0: 02 04 05 b4 00 00 00 00 00 00 00 00 00 00 00 00
0xe2be5ee0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0xe2be5ef0: 95 47 73 35 00 00 00 00 00 00 00 00 00 00 00 00
0xe2be5f00: a0 e1 64 21 00 00 00 00 00 00 00 00 00 00 00 00
0xe2be5f10: 00 00 00 00 00 00 00 00 00 00 00 00 01 e9 00 00
0xe2be5f20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0xe2be5f30: 00 00 00 00 00 00 00 00 02 be 66 c0 02 be 66 d0
0xe2be5f40: 02 be 61 e0 00 00 00 02 00 00 00 00 02 44 b3 a4
0xe2be5f50: 02 be 5f 90 00 00 00 08 02 be 5f e0 00 00 00 08
0xe2be5f60: 02 be 5f 80 00 ac 1b 14 00 00 00 00 00 00 00 00
0xe2be5f70: 05 b4 5f 90 02 be 5f e0 00 00 00 30 02 be 5f e0
0xe2be5f80: 02 be 5f c0 00 ac 1b f4 00 00 00 00 02 45 00 00
0xe2be5f90: 00 03 00 00 00 00 00 00 02 be 5f e0 00 00 00 30
0xe2be5fa0: 02 be 5f c0 00 ac 1b 14 61 f1 2e ae 02 45 00 00
0xe2be5fb0: 02 44 b3 74 02 be 5f d0 00 00 00 30 02 be 5f e0
0xe2be5fc0: 02 be 60 60 01 74 ff f8 00 00 00 00 00 00 08 00
0xe2be5fd0: 02 be 5f f0 00 e8 93 7e 02 be 5f f8 02 be 5f fc
0xe2be5fe0: 00 00 00 00 00 00 00 00 00 00 00 00 02 be 60 18
0xe2be5ff0: 02 be 60 10 00 e9 65 98 00 00 00 58 00 00 2a 4f
0xe2be6000: 02 be 60 10 00 00 00 00 00 00 00 00 02 be 60 68
0xe2be6010: 02 be 60 40 00 e8 c6 a0 00 00 11 17 00 00 00 00
0xe2be6020: 02 be 60 40 00 00 00 00 00 00 00 00 02 be 60 98
0xe2be6030: 02 27 00 00 00 00 00 00 00 00 00 00 02 be 60 68
0xe2be6040: 02 be 60 60 00 00 00 01 00 00 b0 30 02 be 60 98
0xe2be6050: 00 00 00 04 02 21 00 00 00 00 00 00 01 e9 00 00
0xe2be6060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0xe2be6070: 00 00 00 00 00 00 00 00 02 be 66 c0 02 be 66 d0
0xe2be6080: 02 be 61 e0 00 00 00 02 00 00 00 00 02 be 61 70
0xe2be6090: 00 00 00 00 02 21 00 00 05 8d 34 c4 05 7d 92 44
Call trace:
Function Address = 0x8012a4b4
Function Address = 0x8017989c
Function Address = 0x80179b30
Function Address = 0x80127438
Function Address = 0x8012d734
Function Address = 0x80100a00
Function Address = 0xe0071004
Function Address = 0x8016ce0c
Function Address = 0x801223a0
Instruction dump:
41a2fe9c 812300ec 800200ec 7f890000 409efe8c 80010014 540b07b9 40a2fe80
4bfffe6c 80780290 7f64db78 4804ea35 <807f002c> 38800000 38a00080 3863000c
For detailed information about the command output, see Table 65.
Related commands
reset kernel exception
display kernel starvation configuration
Use display kernel starvation configuration to display kernel thread starvation detection configuration.
Syntax
Centralized devices in standalone mode:
display kernel starvation configuration
Distributed devices in standalone mode/centralized devices in IRF mode:
display kernel starvation configuration [ slot slot-number [ cpu cpu-number ] ]
Distributed devices in IRF mode:
display kernel starvation configuration [ chassis chassis-number slot slot-number [ cpu cpu-number ] ]
Views
Any view
Predefined user roles
network-admin
Parameters
slot slot-number: Specifies a card by its slot number. If you do not specify this option, the command displays kernel thread starvation detection configuration on the active MPU. (Distributed devices in standalone mode.)
slot slot-number: Specifies an IRF member device by its ID. If you do not specify this option, the command displays kernel thread starvation detection configuration for the master device. (Centralized devices in IRF mode.)
chassis chassis-number slot slot-number: Specifies a card on an IRF member device. If you do not specify this option, the command displays kernel thread starvation detection configuration for the global active MPU. (Distributed devices in IRF mode.)
cpu cpu-number: Specifies a CPU by its number. (Centralized devices in IRF mode/distributed devices in IRF or standalone mode.)
Examples
# Display kernel thread starvation detection configuration.
<Sysname> display kernel starvation configuration
Thread starvation detection: Enabled
Starvation timer (in seconds): 10
Threads excluded from monitoring: 1
TID: 123 Name: co0
Table 67 Command output
Field |
Description |
Starvation timer (in seconds): n |
Time interval (in seconds) to identify a kernel thread starvation. A kernel thread starvation occurs if a kernel thread does not run within n seconds. |
Threads excluded from monitoring |
Kernel threads excluded from kernel thread starvation detection. |
Name |
Kernel thread name. |
TID |
Kernel thread number. |
monitor kernel starvation enable
monitor kernel starvation exclude-thread
monitor kernel starvation time
display process
Use display process to display process state information.
Syntax
Centralized devices in standalone mode:
display process [ all | job job-id | name process-name ]
Distributed devices in standalone mode/centralized devices in IRF mode:
display process [ all | job job-id | name process-name ] [ slot slot-number [ cpu cpu-number ] ]
Distributed devices in IRF mode:
display process [ all | job job-id | name process-name ] [ chassis chassis-number slot slot-number [ cpu cpu-number ] ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
all: Specifies all processes. With the all keyword or without any parameters, the command displays state information for all processes.
job job-id: Specifies a process by its job ID, in the range of 1 to 2147483647. Each process has a fixed job ID.
name process-name: Specifies a process by its name, a case-insensitive string of 1 to 15 characters that must not contain question marks or spaces.
slot slot-number: Specifies a card by its slot number. If you do not specify this option, the command displays process state information for the active MPU. (Distributed devices in standalone mode.)
slot slot-number: Specifies an IRF member device by its ID. If you do not specify this option, the command displays process state information for the master device. (Centralized devices in IRF mode .)
chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the card. If you do not specify a card, this command displays information for the global active MPU. (Distributed devices in IRF mode.)
cpu cpu-number: Specifies a CPU by its number. (Centralized devices in IRF mode/distributed devices in IRF or standalone mode.)
Examples
# Display state information for process scmd.
<Sysname> display process name scmd
Job ID: 1
PID: 1
Parent JID: 0
Parent PID: 0
Executable path: -
Instance: 0
Respawn: OFF
Respawn count: 1
Max. spawns per minute: 0
Last started: Wed Jun 1 14:45:46 2013
Process state: sleeping
Max. core: 0
ARGS: -
TID LAST_CPU Stack PRI State HH:MM:SS:MSEC Name
1 0 0K 120 S 0:0:5:220 scmd
Table 68 Command output
Field |
Description |
Job ID |
Job ID of the process. The job ID never changes. |
PID |
Number of the process. The number identifies the process, and it might change as the process restarts. |
Parent JID |
Job ID of the parent process. |
Parent PID |
Number of the parent process. |
Executable path |
Executable path of the process. For a kernel thread, this field displays a hyphen (-). |
Instance |
Instance number of the process. Whether a process can run multiple instances depends on the software implementation. |
Respawn |
Indicates whether the process restarts when an error occurs: · ON—The process automatically restarts. · OFF—The process does not automatically restarts. |
Respawn count |
Times that the process has restarted. The starting value is 1. |
Max. spawns per minute |
Maximum number of times that the process can restart within one minute. If the threshold is reached, the system automatically shuts down the process. |
Last started |
Time when the latest restart occurred. |
Process state |
State of the process: · running—Running or waiting in the queue. · sleeping—Interruptible sleep. · traced or stopped—Stopped. · uninterruptible sleep—Uninterruptible sleep. · zombie—The process has quit, but some resources are not released. |
Max. core |
Maximum number of core files that the process can create. 0 indicates that the process never creates a core file. A process creates a core file after it abnormally restarts. If the number of core files reaches the maximum value, no more core files are created. Core files are helpful for troubleshooting. |
ARGS |
Parameters carried by the process during startup. If the process carries no parameters, this field displays a hyphen (-). |
TID |
Thread ID. |
LAST_CPU |
Number of the CPU on which the process is last scheduled. |
Stack |
Stack size. |
PRI |
Thread priority. |
State |
Thread state: · R—Running. · S—Sleeping. · T—Traced or stopped. · D—Uninterruptible sleep. · Z—Zombie. |
HH:MM:SS:MSEC |
Running time since the latest start. |
Name |
Process name. |
# Display state information for all processes.
<Sysname> display process all
JID PID %CPU %MEM STAT PRI TTY HH:MM:SS COMMAND
1 1 0.0 0.0 S 120 - 00:00:04 scmd
2 2 0.0 0.0 S 115 - 00:00:00 [kthreadd]
3 3 0.0 0.0 S 99 - 00:00:00 [migration/0]
4 4 0.0 0.0 S 115 - 00:00:05 [ksoftirqd/0]
5 5 0.0 0.0 S 99 - 00:00:00 [watchdog/0]
6 6 0.0 0.0 S 115 - 00:00:00 [events/0]
7 7 0.0 0.0 S 115 - 00:00:00 [khelper]
8 8 0.0 0.0 S 115 - 00:00:00 [kblockd/0]
9 9 0.0 0.0 S 115 - 00:00:00 [ata/0]
10 10 0.0 0.0 S 115 - 00:00:00 [ata_aux]
11 11 0.0 0.0 S 115 - 00:00:00 [kseriod]
12 12 0.0 0.0 S 120 - 00:00:00 [vzmond]
13 13 0.0 0.0 S 120 - 00:00:00 [pdflush]
14 14 0.0 0.0 S 120 - 00:00:00 [pdflush]
15 15 0.0 0.0 S 115 - 00:00:00 [kswapd0]
16 16 0.0 0.0 S 115 - 00:00:00 [aio/0]
17 17 0.0 0.0 S 115 - 00:00:00 [scsi_eh_0]
18 18 0.0 0.0 S 115 - 00:00:00 [scsi_eh_1]
19 19 0.0 0.0 S 115 - 00:00:00 [scsi_eh_2]
35 35 0.0 0.0 D 100 - 00:00:00 [lipc_topology]
---- More ----
Table 69 Command output
Field |
Description |
JID |
Job ID of a process. It never changes. |
PID |
Number of a process. |
%CPU |
CPU usage in percentage (%). |
%MEM |
Memory usage in percentage (%). |
STAT |
State of a process: · R—Running. · S—Sleeping. · T—Traced or stopped. · D—Uninterruptible sleep. · Z—Zombie. |
PRI |
Priority of a process for scheduling. |
TTY |
TTY used by a process. |
HH:MM:SS |
Running time since the latest start. If the running time reaches or exceeds 100 hours, this field displays only the number of hours. |
COMMAND |
Name and parameters of a process. If square brackets ([ ]) exist in a process name, the process is a kernel thread. |
display process cpu
Use display process cpu to display CPU usage for all processes.
Syntax
Centralized devices in standalone mode:
display process cpu
Distributed devices in standalone mode/centralized devices in IRF mode:
display process cpu [ slot slot-number [ cpu cpu-number ] ]
Distributed devices in IRF mode:
display process cpu [ chassis chassis-number slot slot-number [ cpu cpu-number ] ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
slot slot-number: Specifies a card by its slot number. If you do not specify this option, the command displays CPU usage for all processes on the active MPU. (Distributed devices in standalone mode.)
slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command displays information for the master device. (Centralized devices in IRF mode.)
chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the card. If you do not specify a card, this command displays information for the global active MPU. (Distributed devices in IRF mode.)
cpu cpu-number: Specifies a CPU by its number. (Centralized devices in IRF mode/distributed devices in IRF or standalone mode.)
Examples
# Display CPU usage for all processes.
<Sysname> display process cpu
CPU utilization in 5 secs: 16.8%; 1 min: 4.7%; 5 mins: 4.7%
JID 5Sec 1Min 5Min Name
1 0.0% 0.0% 0.0% scmd
2 0.0% 0.0% 0.0% [kthreadd]
3 0.1% 0.0% 0.0% [ksoftirqd/0]
4 0.0% 0.0% 0.0% [watchdog/0]
5 0.0% 0.0% 0.0% [events/0]
6 0.0% 0.0% 0.0% [khelper]
29 0.0% 0.0% 0.0% [kblockd/0]
49 0.0% 0.0% 0.0% [vzmond]
52 0.0% 0.0% 0.0% [pdflush]
53 0.0% 0.0% 0.0% [pdflush]
54 0.0% 0.0% 0.0% [kswapd0]
110 0.0% 0.0% 0.0% [aio/0]
712 0.0% 0.0% 0.0% [mtdblockd]
719 0.0% 0.0% 0.0% [TNetJob]
720 0.0% 0.0% 0.0% [TMTH]
727 0.0% 0.0% 0.0% [CF]
730 0.0% 0.0% 0.0% [DIBC]
752 0.0% 0.0% 0.0% [lipc_topology]
762 0.0% 0.0% 0.0% [MNET]
763 0.0% 0.0% 0.0% [SYSM]
---- More ----
Table 70 Command output
Field |
Description |
CPU utilization in 5 secs: 16.8%; 1 min: 4.7%; 5 mins: 4.7% |
System CPU usage within the last 5 seconds, 1 minute, and 5 minutes. |
JID |
Job ID of a process. It never changes. |
5Sec |
CPU usage of the process within the last 5 seconds. |
1Min |
CPU usage of the process within the last minute. |
5Min |
CPU usage of the process within the last 5 minutes. |
Name |
Name of the process. If square brackets ([ ]) exist in a process name, the process is a kernel thread. |
display process log
Use display process log to display log information for all user processes.
Syntax
Centralized devices in standalone mode:
display process log
Distributed devices in standalone mode/centralized devices in IRF mode:
display process log [ slot slot-number [ cpu cpu-number ] ]
Distributed devices in IRF mode:
display process log [ chassis chassis-number slot slot-number [ cpu cpu-number ] ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command displays information for the master device. (Centralized devices in IRF mode.)
chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the card. If you do not specify a card, this command displays information for the global active MPU. (Distributed devices in IRF mode.)
cpu cpu-number: Specifies a CPU by its number. (Centralized devices in IRF mode/distributed devices in IRF or standalone mode.)
Examples
# Display log information for all user processes.
<Sysname> display process log
Process JobID PID Abort Core Exit Kill StartTime EndTime
knotify 92 92 N N 0 36 12-17 07:10:27 12-17 07:10:27
knotify 93 93 N N 0 -- 12-17 07:10:27 12-17 07:10:27
automount 94 94 N N 0 -- 12-17 07:10:27 12-17 07:10:28
knotify 111 111 N N 0 -- 12-17 07:10:28 12-17 07:10:28
comsh 121 121 N N 0 -- 12-17 07:10:30 12-17 07:10:30
knotify 152 152 N N 0 -- 12-17 07:10:31 12-17 07:10:31
autocfgd 155 155 N N 0 -- 12-17 07:10:31 12-17 07:10:31
pkg_update 122 122 N N 0 -- 12-17 07:10:30 12-17 07:10:31
Table 71 Command output
Field |
Description |
Process |
Name of a user process. |
JobID |
Job ID of a user process. |
PID |
ID of a user process. |
Abort |
Indicates whether the process exited abnormally: · Y—Yes. · N—No. |
Core |
Indicates whether the process can generate core files: · Y—Yes. · N—No. |
Exit |
Process exit code. This field displays two hyphens (--) if the process was killed by a signal. |
Kill |
Code of the signal that killed the process. This field displays two hyphens (--) if the process exited instead of being killed. |
StartTime |
Time when the user process started. |
EndTime |
Time when the user process ended. |
display process memory
Use display process memory to display memory usage for all user processes.
Syntax
Centralized devices in standalone mode:
display process memory
Distributed devices in standalone mode/centralized devices in IRF mode:
display process memory [ slot slot-number [ cpu cpu-number ] ]
Distributed devices in IRF mode:
display process memory [ chassis chassis-number slot slot-number [ cpu cpu-number ] ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
slot slot-number: Specifies a card by its slot number. If you do not specify this option, the command displays memory usage for all user processes on the active MPU. (Distributed devices in standalone mode.)
slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command displays information for the master device. (Centralized devices in IRF mode.)
chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the card. If you do not specify a card, this command displays information for the global active MPU. (Distributed devices in IRF mode.)
cpu cpu-number: Specifies a CPU by its number. (Centralized devices in IRF mode/distributed devices in IRF or standalone mode.)
Usage guidelines
When a user process starts, it requests the following types of memory from the system:
· Text memory—Stores code for the user process.
· Data memory—Stores data for the user process.
· Stack memory—Stores temporary data.
· Dynamic memory—Heap memory dynamically assigned and released by the system according to the needs of the user process. To view dynamic memory information, execute the display process memory heap command.
Examples
# Display memory usage for all user processes.
<Sysname> display process memory
JID Text Data Stack Dynamic Name
1 384 1800 16 36 scmd
2 0 0 0 0 [kthreadd]
3 0 0 0 0 [ksoftirqd/0]
4 0 0 0 0 [watchdog/0]
5 0 0 0 0 [events/0]
6 0 0 0 0 [khelper]
29 0 0 0 0 [kblockd/0]
49 0 0 0 0 [vzmond]
52 0 0 0 0 [pdflush]
---- More ----
Table 72 Command output
Field |
Description |
JID |
Job ID of a process. It never changes. |
Text |
Text memory used by the user process, in KB. The value for a kernel thread is 0. |
Data |
Data memory used by the user process, in KB. The value for a kernel thread is 0. |
Stack |
Stack memory used by the user process, in KB. The value for a kernel thread is 0. |
Dynamic |
Dynamic memory used by the user process, in KB. The value for a kernel thread is 0. |
Name |
Name of the user process. If square brackets ([ ]) exist in a process name, the process is a kernel thread. |
Related commands
display process memory heap
display process memory heap address
display process memory heap size
display process memory heap
Use display process memory heap to display heap memory usage for a user process.
Syntax
Centralized devices in standalone mode:
display process memory heap job job-id [ verbose ]
Distributed devices in standalone mode/centralized devices in IRF mode:
display process memory heap job job-id [ verbose ] [ slot slot-number [ cpu cpu-number ] ]
Distributed devices in IRF mode:
display process memory heap job job-id [ verbose ] [ chassis chassis-number slot slot-number [ cpu cpu-number ] ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
job job-id: Specifies a user process by its job ID, in the range of 1 to 2147483647.
verbose: Displays detailed information. If you do not specify this keyword, the command displays brief information.
slot slot-number: Specifies a card by its slot number. If you do not specify this option, the command displays heap memory usage for the user process on the active MPU. (Distributed devices in standalone mode.)
slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command displays information for the master device. (Centralized devices in IRF mode.)
chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the card. If you do not specify a card, this command displays information for the global active MPU. (Distributed devices in IRF mode.)
cpu cpu-number: Specifies a CPU by its number. (Centralized devices in IRF mode/distributed devices in IRF or standalone mode.)
Usage guidelines
Heap memory comprises fixed-sized blocks such as 16-byte or 64-byte blocks. It stores data and variables used by the user process. When a user process starts, the system dynamically allocates heap memory to the process.
Each memory block has an address represented in hexadecimal format, which can be used to access the memory block. You can view memory block addresses by using the display process memory heap size command, and view memory block contents by using the display process memory heap address command.
Examples
# Display brief information about heap memory usage for the process identified by job ID 148.
<Sysname> display process memory heap job 148
Total virtual memory heap space(in bytes) : 2228224
Total physical memory heap space(in bytes) : 262144
Total allocated memory(in bytes) : 161576
# Display detailed information about heap memory usage for the process identified by job ID 148.
<Sysname> display process memory heap job 148 verbose
Heap usage:
Size Free Used Total Free Ratio
16 8 52 60 13%
64 3 1262 1265 0.2%
128 2 207 209 1%
512 3 55 58 5.1%
4096 3 297 300 1%
8192 1 19 20 5%
81920 0 1 1 0%
Summary:
Total virtual memory heap space (in bytes) : 2293760
Total physical memory heap space (in bytes) : 58368
Total allocated memory (in bytes) : 42368
Table 73 Command output
Field |
Description |
Size |
Size of each memory block, in bytes. |
Free |
Number of free memory blocks. |
Used |
Number of used memory blocks. |
Total |
Total number of memory blocks. |
Free Ratio |
Ratio of free memory to total memory. It helps identify fragment information. |
Related commands
display process memory
display process memory heap address
display process memory heap size
display process memory heap address
Use display process memory heap address to display heap memory content starting from a specified memory block for a process.
Syntax
Centralized devices in standalone mode:
display process memory heap job job-id address starting-address length memory-length
Distributed devices in standalone mode/centralized devices in IRF mode:
display process memory heap job job-id address starting-address length memory-length [ slot slot-number [ cpu cpu-number ] ]
Distributed devices in IRF mode:
display process memory heap job job-id address starting-address length memory-length [ chassis chassis-number slot slot-number [ cpu cpu-number ] ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
job job-id: Specifies a user process by its job ID, in the range of 1 to 2147483647.
address starting-address: Specifies the starting memory block by its address.
length memory-length: Specifies the memory block length in the range of 1 to 1024 bytes.
slot slot-number: Specifies a card by its slot number. If you do not specify this option, the command displays memory content information on the active MPU. (Distributed devices in standalone mode.)
slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command displays information for the master device. (Centralized devices in IRF mode.)
chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the card. If you do not specify a card, this command displays information for the global active MPU. (Distributed devices in IRF mode.)
cpu cpu-number: Specifies a CPU by its number. (Centralized devices in IRF mode/distributed devices in IRF or standalone mode.)
Usage guidelines
When a user process runs abnormally, the command helps locate the problem.
Examples
# Display 128-byte memory block content starting from the memory block 0xb7e30580 for the process job 1.
<Sysname> display process memory heap job 1 address b7e30580 length 128
B7E30580: 14 00 EF FF 00 00 00 00 E4 39 E2 B7 7C 05 E3 B7 .........9..|...
B7E30590: 14 00 EF FF 2F 73 62 69 6E 2F 73 6C 62 67 64 00 ..../sbin/slbgd.
B7E305A0: 14 00 EF FF 00 00 00 00 44 3B E2 B7 8C 05 E3 B7 ........D;......
B7E305B0: 14 00 EF FF 2F 73 62 69 6E 2F 6F 73 70 66 64 00 ..../sbin/ospfd.
B7E305C0: 14 00 EF FF 00 00 00 00 A4 3C E2 B7 AC 05 E3 B7 .........<......
B7E305D0: 14 00 EF FF 2F 73 62 69 6E 2F 6D 73 74 70 64 00 ..../sbin/mstpd.
B7E305E0: 14 00 EF FF 00 00 00 00 04 3E E2 B7 CC 05 E3 B7 .........>......
B7E305F0: 14 00 EF FF 2F 73 62 69 6E 2F 6E 74 70 64 00 00 ..../sbin/ntpd..
Related commands
display process memory heap
display process memory heap size
display process memory heap size
Use display process memory heap size to display the addresses of heap memory blocks with a specified size used by a process.
Syntax
Centralized devices in standalone mode:
display process memory heap job job-id size memory-size [ offset offset-size ]
Distributed devices in standalone mode/centralized devices in IRF mode:
display process memory heap job job-id size memory-size [ offset offset-size ] [ slot slot-number [ cpu cpu-number ] ]
Distributed devices in IRF mode:
display process memory heap job job-id size memory-size [ offset offset-size ] [ chassis chassis-number slot slot-number [ cpu cpu-number ] ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
job job-id: Specifies a process by its job ID, in the range of 1 to 2147483647.
size memory-size: Specifies the memory block size in the range of 1 to 4294967295.
offset offset-size: Specifies an offset in the range of 0 to 4294967295. The default value is 128. For example, suppose the system allocates 100 16-byte memory blocks to process job 1, and the process has used 66 blocks. Then if you execute the display process memory heap job 1 size 16 offset 50 command, the output shows the addresses of the 51st through 66th 16-byte blocks used by the process.
slot slot-number: Specifies a card by its slot number. If you do not specify this option, the command displays block address information on the active MPU. (Distributed devices in standalone mode.)
slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command displays information for the master device. (Centralized devices in IRF mode.)
chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the card. If you do not specify a card, this command displays information for the global active MPU. (Distributed devices in IRF mode.)
cpu cpu-number: Specifies a CPU by its number. (Centralized devices in IRF mode/distributed devices in IRF or standalone mode.)
Usage guidelines
The command displays memory block addresses in hexadecimal format. To view memory block content, execute the display process memory heap address command.
Examples
# Display the addresses of 16-byte memory blocks used by process job 1.
<Sysname> display process memory heap job 1 size 16
0xb7e300c0 0xb7e300d0 0xb7e300e0 0xb7e300f0
0xb7e30100 0xb7e30110 0xb7e30120 0xb7e30130
0xb7e30140 0xb7e30150 0xb7e30160 0xb7e30170
0xb7e30180 0xb7e30190 0xb7e301a0 0xb7e301b0
0xb7e301c0 0xb7e301d0 0xb7e301e0 0xb7e301f0
0xb7e30200 0xb7e30210 0xb7e30220 0xb7e30230
# Display the addresses of 16-byte memory blocks starting from the fifth block used by process job 1.
<Sysname> display process memory heap job 1 size 16 offset 4
0xb7e30100 0xb7e30110 0xb7e30120 0xb7e30130
0xb7e30140 0xb7e30150 0xb7e30160 0xb7e30170
0xb7e30180 0xb7e30190 0xb7e301a0 0xb7e301b0
0xb7e301c0 0xb7e301d0 0xb7e301e0 0xb7e301f0
0xb7e30200 0xb7e30210 0xb7e30220 0xb7e30230
Related commands
display process memory heap
display process memory heap address
exception filepath
Use exception filepath to specify the directory for saving core files.
Use undo exception filepath to remove the specified directory.
Syntax
exception filepath directory
undo exception filepath directory
Default
The default directory is the root directory of the default file system.
Views
User view
Predefined user roles
network-admin
Parameters
directory: Specifies the directory for saving core files.
Usage guidelines
(Centralized devices.) The specified directory must be the root directory of a file system on the device.
(Centralized devices in IRF mode.) The specified directory must be the root directory of a file system on the master.
(Distributed devices in standalone mode.) The specified directory must be the root directory of a file system on the active MPU.
(Distributed devices in IRF mode.) The specified directory must be the root directory of a file system on the global active MPU.
The system saves core files to the core directory in the specified directory. If the core directory does not exist in the specified directory, the system creates the core directory before saving core files.
If no directory is specified or the specified directory is not accessible, the system cannot save core files.
Examples
# Specify the directory for saving core files as flash:/.
<Sysname> exception filepath flash:/
Related commands
display exception filepath
process core
monitor kernel deadloop enable
Use monitor kernel deadloop enable to enable kernel thread deadloop detection.
Use undo monitor kernel deadloop enable to disable kernel thread deadloop detection.
Syntax
Centralized devices in standalone mode:
monitor kernel deadloop enable
undo monitor kernel deadloop enable
Distributed devices in standalone mode/centralized devices in IRF mode:
monitor kernel deadloop enable [ slot slot-number [ cpu cpu-number ] ]
undo monitor kernel deadloop enable [ slot slot-number [ cpu cpu-number ] ]
Distributed devices in IRF mode:
monitor kernel deadloop enable [ chassis chassis-number slot slot-number [ cpu cpu-number ] ]
undo monitor kernel deadloop enable [ chassis chassis-number slot slot-number [ cpu cpu-number ] ]
Default
Kernel thread deadloop detection is disabled.
Views
System view
Predefined user roles
network-admin
Parameters
slot slot-number: Specifies a card by its slot number. If you do not specify this option, the active MPU is specified. (Distributed devices in standalone mode.)
slot slot-number: Specifies an IRF member device by its ID. If you do not specify this option, the master device is specified. (Centralized devices in IRF mode.)
chassis chassis-number slot slot-number: Specifies a card on an IRF member device. If you do not specify this option, the global active MPU is specified. (Distributed devices in IRF mode.)
cpu cpu-number: Specifies a CPU by its number. (Centralized devices in IRF mode/distributed devices in IRF or standalone mode.)
Usage guidelines
Kernel threads share resources in kernel space. If a kernel thread monopolizes the CPU for a long time, other threads cannot run, resulting in a deadloop.
The command enables the device to detect deadloops. If a thread occupies the CPU regularly, the device considers that a deadloop has occurred. It outputs a deadloop message and reboots to remove the deadloop.
Inappropriate use of the command can cause service problems or system breakdown. Make sure you understand the impact of the command on your network before you use it.
Examples
# Enable kernel thread deadloop detection.
<Sysname> system-view
[Sysname] monitor kernel deadloop enable
Related commands
display kernel deadloop
display kernel deadloop configuration
monitor kernel deadloop exclude-thread
monitor kernel deadloop time
monitor kernel deadloop exclude-thread
Use monitor kernel deadloop exclude-thread to disable kernel thread deadloop detection for a kernel thread.
Use undo monitor kernel deadloop exclude-thread to enable kernel thread deadloop detection for a kernel thread.
Syntax
Centralized devices in standalone mode:
monitor kernel deadloop exclude-thread tid
undo monitor kernel deadloop exclude-thread [ tid ]
Distributed devices in standalone mode/centralized devices in IRF mode:
monitor kernel deadloop exclude-thread tid [ slot slot-number [ cpu cpu-number ] ]
undo monitor kernel deadloop exclude-thread [ tid ] [ slot slot-number [ cpu cpu-number ] ]
Distributed devices in IRF mode:
monitor kernel deadloop exclude-thread tid [ chassis chassis-number slot slot-number [ cpu cpu-number ] ]
undo monitor kernel deadloop exclude-thread [ tid ] [ chassis chassis-number slot slot-number [ cpu cpu-number ] ]
Default
Kernel thread deadloop detection monitors all kernel threads.
Views
System view
Predefined user roles
network-admin
Parameters
tid: Specifies a kernel thread by its ID, in the range of 1 to 2147483647. If no kernel thread is specified for the undo command, the default is restored.
slot slot-number: Specifies a card by its slot number. If you do not specify this option, the active MPU is specified. (Distributed devices in standalone mode.)
slot slot-number: Specifies an IRF member device by its ID. If you do not specify this option, the master device is specified. (Centralized devices in IRF mode.)
chassis chassis-number slot slot-number: Specifies a card on an IRF member device. If you do not specify this option, the global active MPU is specified. (Distributed devices in IRF mode.)
cpu cpu-number: Specifies a CPU by its number. (Centralized devices in IRF mode/distributed devices in IRF or standalone mode.)
Usage guidelines
You can disable kernel thread deadloop detection for up to 128 kernel threads by executing the command.
Inappropriate use of the command can cause service problems or system breakdown. Make sure you understand the impact of the command on your network before you use it.
Examples
# Disable kernel thread deadloop detection for kernel thread 15.
<Sysname> system-view
[Sysname]monitor kernel deadloop exclude-thread 15
Related commands
display kernel deadloop configuration
display kernel deadloop
monitor kernel deadloop enable
monitor kernel deadloop time
monitor kernel deadloop time
Use monitor kernel deadloop time to set the interval for identifying a kernel thread deadloop.
Use undo monitor kernel deadloop time to restore the default.
Syntax
Centralized devices in standalone mode:
monitor kernel deadloop time time
undo monitor kernel deadloop time
Distributed devices in standalone mode/centralized devices in IRF mode:
monitor kernel deadloop time time [ slot slot-number [ cpu cpu-number ] ]
undo monitor kernel deadloop time [ slot slot-number [ cpu cpu-number ] ]
Distributed devices in IRF mode:
monitor kernel deadloop time time [ chassis chassis-number slot slot-number [ cpu cpu-number ] ]
undo monitor kernel deadloop time [ chassis chassis-number slot slot-number [ cpu cpu-number ] ]
Default
The interval for identifying a kernel thread deadloop is 8 seconds.
Views
System view
Predefined user roles
network-admin
Parameters
time time: Specifies the interval for identifying a kernel thread deadloop, in the range of 1 to 65535 seconds.
slot slot-number: Specifies a card by its slot number. If you do not specify this option, the active MPU is specified. (Distributed devices in standalone mode.)
slot slot-number: Specifies an IRF member device by its ID. If you do not specify this option, the master device is specified. (Centralized devices in IRF mode.)
chassis chassis-number slot slot-number: Specifies a card on an IRF member device. If you do not specify this option, the global active MPU is specified. (Distributed devices in IRF mode.)
cpu cpu-number: Specifies a CPU by its number. (Centralized devices in IRF mode/distributed devices in IRF or standalone mode.)
Usage guidelines
If a kernel thread runs for the specified interval, kernel thread deadloop detection considers that a deadloop has occurred. The system records the deadloop and restarts.
Inappropriate use of the command can cause service problems or system breakdown. Make sure you understand the impact of the command on your network before you use it.
Examples
# Set the interval for identifying a kernel thread deadloop to 8 seconds.
<Sysname> system-view
[Sysname] monitor kernel deadloop time 8
Related commands
display kernel deadloop configuration
display kernel deadloop
monitor kernel deadloop enable
monitor kernel deadloop exclude-thread
monitor kernel starvation enable
Use monitor kernel starvation enable to enable kernel thread starvation detection.
Use undo monitor kernel starvation enable to disable kernel thread starvation detection.
Syntax
Centralized devices in standalone mode:
monitor kernel starvation enable
undo monitor kernel starvation enable
Distributed devices in standalone mode/centralized devices in IRF mode:
monitor kernel starvation enable [ slot slot-number [ cpu cpu-number ] ]
undo monitor kernel starvation enable [ slot slot-number [ cpu cpu-number ] ]
Distributed devices in IRF mode:
monitor kernel starvation enable [ chassis chassis-number slot slot-number [ cpu cpu-number ] ]
undo monitor kernel starvation enable [ chassis chassis-number slot slot-number [ cpu cpu-number ] ]
Default
Kernel thread starvation detection is disabled.
Views
System view
Predefined user roles
network-admin
Parameters
slot slot-number: Specifies a card by its slot number. If you do not specify this option, the active MPU is specified. (Distributed devices in standalone mode.)
slot slot-number: Specifies an IRF member device by its ID. If you do not specify this option, the master device is specified. (Centralized devices in IRF mode.)
chassis chassis-number slot slot-number: Specifies a card on an IRF member device. If you do not specify this option, the global active MPU is specified. (Distributed devices in IRF mode.)
cpu cpu-number: Specifies a CPU by its number. (Centralized devices in IRF mode/distributed devices in IRF or standalone mode.)
Usage guidelines
Starvation occurs when a thread is unable to access shared resources.
The command enables the system to detect and report thread starvation. If a thread is not executed within an interval, the system considers that a starvation has occurred, and outputs a starvation message.
Thread starvation does not impact system operation. A starved thread can automatically run when certain conditions are met.
Inappropriate use of the command can cause service problems or system breakdown. Make sure you understand the impact of the command on your network before you use it.
Examples
# Enable kernel thread starvation detection.
<Sysname> system-view
[Sysname] monitor kernel starvation enable
Related commands
display kernel starvation configuration
display kernel starvation
monitor kernel starvation time
monitor kernel starvation exclude-thread
monitor kernel starvation exclude-thread
Use monitor kernel starvation exclude-thread to disable kernel thread starvation detection for a kernel thread.
Use undo monitor kernel starvation exclude-thread to enable kernel thread starvation detection for a kernel thread.
Syntax
Centralized devices in standalone mode:
monitor kernel starvation exclude-thread tid
undo monitor kernel starvation exclude-thread [ tid ]
Distributed devices in standalone mode/centralized devices in IRF mode:
monitor kernel starvation exclude-thread tid [ slot slot-number [ cpu cpu-number ] ]
undo monitor kernel starvation exclude-thread [ tid ] [ slot slot-number [ cpu cpu-number ] ]
Distributed devices in IRF mode:
monitor kernel starvation exclude-thread tid [ chassis chassis-number slot slot-number [ cpu cpu-number ] ]
undo monitor kernel starvation exclude-thread [ tid ] [ chassis chassis-number slot slot-number [ cpu cpu-number ] ]
Default
Kernel thread starvation detection, if enabled, monitors all kernel threads.
Views
System view
Predefined user roles
network-admin
Parameters
tid: Specifies a kernel thread by its ID, in the range of 1 to 2147483647. If no kernel thread is specified for the undo command, the default is restored.
slot slot-number: Specifies a card by its slot number. If you do not specify this option, the active MPU is specified. (Distributed devices in standalone mode.)
slot slot-number: Specifies an IRF member device by its ID. If you do not specify this option, the master device is specified. (Centralized devices in IRF mode.)
chassis chassis-number slot slot-number: Specifies a card on an IRF member device. If you do not specify this option, the global active MPU is specified. (Distributed devices in IRF mode.)
cpu cpu-number: Specifies a CPU by its number. (Centralized devices in IRF mode/distributed devices in IRF or standalone mode.)
Usage guidelines
You can disable kernel thread starvation detection for up to 128 kernel threads by executing the command.
Inappropriate use of the command can cause service problems or system breakdown. Make sure you understand the impact of the command on your network before you use it.
Examples
# Disable kernel thread starvation detection for kernel thread 15.
<Sysname> system-view
[Sysname] monitor kernel starvation exclude-thread 15
Related commands
display kernel starvation
display kernel starvation configuration
monitor kernel starvation time
monitor kernel starvation enable
monitor kernel starvation time
Use monitor kernel starvation time to set the interval for identifying a kernel thread starvation.
Use undo monitor kernel starvation time to restore the default.
Syntax
Centralized devices in standalone mode:
monitor kernel starvation time time
undo monitor kernel starvation time
Distributed devices in standalone mode/centralized devices in IRF mode:
monitor kernel starvation time time [ slot slot-number [ cpu cpu-number ] ]
undo monitor kernel starvation time [ slot slot-number [ cpu cpu-number ] ]
Distributed devices in IRF mode:
monitor kernel starvation time time [ chassis chassis-number slot slot-number [ cpu cpu-number ] ]
undo monitor kernel starvation time [ chassis chassis-number slot slot-number [ cpu cpu-number ] ]
Default
The interval for identifying a kernel thread starvation is 120 seconds.
Views
System view
Predefined user roles
network-admin
Parameters
time time: Specifies the interval for identifying a kernel thread starvation, in the range of 1 to 65535 seconds.
slot slot-number: Specifies a card by its slot number. If you do not specify this option, the active MPU is specified. (Distributed devices in standalone mode.)
slot slot-number: Specifies an IRF member device by its ID. If you do not specify this option, the master device is specified. (Centralized devices in IRF mode.)
chassis chassis-number slot slot-number: Specifies a card on an IRF member device. If you do not specify this option, the global active MPU is specified. (Distributed devices in IRF mode.)
cpu cpu-number: Specifies a CPU by its number. (Centralized devices in IRF mode/distributed devices in IRF or standalone mode.)
Usage guidelines
If a thread is not executed within the specified interval, the system considers that a starvation has occurred, and outputs a starvation message.
Inappropriate use of the command can cause service problems or system breakdown. Make sure you understand the impact of the command on your network before you use it.
Examples
# Set the interval for identifying a kernel thread starvation to 120 seconds.
<Sysname> system-view
[Sysname] monitor kernel starvation time 120
Related commands
display kernel starvation
display kernel starvation configuration
monitor kernel starvation enable
monitor kernel starvation exclude-thread
monitor process
Use monitor process to display process statistics.
Syntax
Centralized devices in standalone mode:
monitor process [ dumbtty ] [ iteration number ]
Distributed devices in standalone mode/centralized devices in IRF mode:
monitor process [ dumbtty ] [ iteration number ] [ slot slot-number [ cpu cpu-number ] ]
Distributed devices in IRF mode:
monitor process [ dumbtty ] [ iteration number ] [ chassis chassis-number slot slot-number [ cpu cpu-number ] ]
Views
Any view
Predefined user roles
network-admin
Parameters
dumbtty: Specifies dumbtty mode. In this mode, the command displays process statistics in descending order of CPU usage without refreshing statistics. If you do not specify this keyword, the command displays statistics for the top 10 processes in descending order of CPU usage in an interactive mode, and refreshes statistics every 5 seconds by default.
iteration number: Specifies the number of display times, in the range of 1 to 4294967295. If you specify the dumbtty keyword, the number argument is 1 by default. If neither the dumbtty keyword nor the number argument is specified, there is no limit to the display times and process statistics are refreshed every 5 seconds.
slot slot-number: Specifies a card by its slot number. If you do not specify this option, the command displays process statistics for the active MPU. (Distributed devices in standalone mode.)
slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command displays information for the master device. (Centralized devices in IRF mode.)
chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the card. If you do not specify a card, this command displays information for the global active MPU. (Distributed devices in IRF mode.)
cpu cpu-number: Specifies a CPU by its number. (Centralized devices in IRF mode/distributed devices in IRF or standalone mode.)
Usage guidelines
If you do not specify the dumbtty keyword, the command displays process statistics in an interactive mode. In this mode, the system automatically determines the number of displayed processes according to the screen size, and does not display exceeding processes. You can also input interactive commands as shown in Table 74 to perform relevant operations.
Commands |
Description |
? or h |
Displays help information that includes available interactive commands. |
1 |
Displays state information for physical CPUs. For example, if you enter 1 for the first time, the state of each physical CPU is displayed in a separate row. If you enter 1 again, the average value of all CPU states is displayed. If you enter 1 for the third time, separate states are displayed. By default, the average value of all CPU states is displayed. |
c |
Sorts processes by CPU usage in descending order, which is the default setting. |
d |
Sets the interval for refreshing process statistics, in the range of 1 to 2147483647 seconds. The default value is 5 seconds. |
f |
Sorts processes by the number of open files in descending order. Files are identified by file descriptors (FDs). |
k |
Kills a process. Because the command can impact system operation, be cautious to use it. |
l |
Refreshes the screen. |
m |
Sorts processes by memory usage in descending order. |
n |
Changes the maximum number of processes displayed within a screen, in the range of 0 to 2147483647. The default value is 10. A value of 0 means no limit. Only processes not exceeding the screen size can be displayed. |
q |
Quits the interactive mode. |
t |
Sorts processes by running time in descending order. |
< |
Moves sort field to the next left column. |
> |
Moves sort field to the next right column. |
Examples
# Display process statistics in dumbtty mode. In this mode, the system displays process statistics once, and then returns to command view.
<Sysname> monitor process dumbtty
76 processes; 103 threads; 687 fds
Thread states: 1 running, 102 sleeping, 0 stopped, 0 zombie
CPU states: 77.16% idle, 0.00% user, 14.96% kernel, 7.87% interrupt
Memory: 496M total, 341M available, page size 4K
JID PID PRI State FDs MEM HH:MM:SS CPU Name
1047 1047 120 R 9 1420K 00:02:23 13.53% diagd
1 1 120 S 17 1092K 00:00:20 7.61% scmd
1000 1000 115 S 0 0K 00:00:09 0.84% [sock/1]
1026 1026 120 S 20 26044K 00:00:05 0.84% syslogd
2 2 115 S 0 0K 00:00:00 0.00% [kthreadd]
3 3 99 S 0 0K 00:00:00 0.00% [migration/0]
4 4 115 S 0 0K 00:00:06 0.00% [ksoftirqd/0]
5 5 99 S 0 0K 00:00:00 0.00% [watchdog/0]
6 6 115 S 0 0K 00:00:01 0.00% [events/0]
7 7 115 S 0 0K 00:00:00 0.00% [khelper]
4797 4797 120 S 8 28832K 00:00:02 0.00% comsh
5117 5117 120 S 8 1496K 00:00:00 0.00% top
<Sysname>
# Display process statistics twice in dumbtty mode.
<Sysname> monitor process dumbtty iteration 2
76 processes; 103 threads; 687 fds
Thread states: 1 running, 102 sleeping, 0 stopped, 0 zombie
CPU states: 44.84% idle, 0.51% user, 39.17% kernel, 15.46% interrupt
Memory: 496M total, 341M available, page size 4K
JID PID PRI State FDs MEM HH:MM:SS CPU Name
1047 1047 120 R 9 1420K 00:02:30 37.11% diagd
1 1 120 S 17 1092K 00:00:21 11.34% scmd
1000 1000 115 S 0 0K 00:00:09 2.06% [sock/1]
1026 1026 120 S 20 26044K 00:00:05 1.54% syslogd
1027 1027 120 S 12 9280K 00:01:12 1.03% devd
4 4 115 S 0 0K 00:00:06 0.51% [ksoftirqd/0]
1009 1009 115 S 0 0K 00:00:08 0.51% [karp/1]
1010 1010 115 S 0 0K 00:00:13 0.51% [kND/1]
5373 5373 120 S 8 1496K 00:00:00 0.51% top
2 2 115 S 0 0K 00:00:00 0.00% [kthreadd]
3 3 99 S 0 0K 00:00:00 0.00% [migration/0]
5 5 99 S 0 0K 00:00:00 0.00% [watchdog/0]
6 6 115 S 0 0K 00:00:01 0.00% [events/0]
7 7 115 S 0 0K 00:00:00 0.00% [khelper]
4796 4796 120 S 11 2744K 00:00:00 0.00% login
4797 4797 120 S 8 28832K 00:00:03 0.00% comsh
Five seconds later, the system refreshes process statistics as follows (which is the same as executing the monitor process dumbtty command twice at a 5-second interval):
76 processes; 103 threads; 687 fds
Thread states: 1 running, 102 sleeping, 0 stopped, 0 zombie
CPU states: 78.71% idle, 0.16% user, 14.86% kernel, 6.25% interrupt
Memory: 496M total, 341M available, page size 4K
JID PID PRI State FDs MEM HH:MM:SS CPU Name
1047 1047 120 R 9 1420K 00:02:31 14.25% diagd
1 1 120 S 17 1092K 00:00:21 4.25% scmd
1027 1027 120 S 12 9280K 00:01:12 1.29% devd
1000 1000 115 S 0 0K 00:00:09 0.37% [sock/1]
5373 5373 120 S 8 1500K 00:00:00 0.37% top
6 6 115 S 0 0K 00:00:01 0.18% [events/0]
1009 1009 115 S 0 0K 00:00:08 0.18% [karp/1]
1010 1010 115 S 0 0K 00:00:13 0.18% [kND/1]
4795 4795 120 S 11 2372K 00:00:01 0.18% telnetd
2 2 115 S 0 0K 00:00:00 0.00% [kthreadd]
3 3 99 S 0 0K 00:00:00 0.00% [migration/0]
4 4 115 S 0 0K 00:00:06 0.00% [ksoftirqd/0]
5 5 99 S 0 0K 00:00:00 0.00% [watchdog/0]
7 7 115 S 0 0K 00:00:00 0.00% [khelper]
4796 4796 120 S 11 2744K 00:00:00 0.00% login
4797 4797 120 S 8 28832K 00:00:03 0.00% comsh
<Sysname>
# Display process statistics in interactive mode.
<Sysname> monitor process
76 processes; 103 threads; 687 fds
Thread states: 1 running, 102 sleeping, 0 stopped, 0 zombie
CPU states: 78.98% idle, 0.16% user, 14.57% kernel, 6.27% interrupt
Memory: 496M total, 341M available, page size 4K
JID PID PRI State FDs MEM HH:MM:SS CPU Name
1047 1047 120 R 9 1420K 00:02:39 14.13% diagd
1 1 120 S 17 1092K 00:00:23 3.98% scmd
1027 1027 120 S 12 9280K 00:01:13 1.44% devd
1000 1000 115 S 0 0K 00:00:09 0.36% [sock/1]
1009 1009 115 S 0 0K 00:00:09 0.36% [karp/1]
4 4 115 S 0 0K 00:00:06 0.18% [ksoftirqd/0]
1010 1010 115 S 0 0K 00:00:13 0.18% [kND/1]
4795 4795 120 S 11 2372K 00:00:01 0.18% telnetd
5491 5491 120 S 8 1500K 00:00:00 0.18% top
2 2 115 S 0 0K 00:00:00 0.00% [kthreadd]
The system refreshes process statistics every 5 seconds. You can enter interactive commands to perform operation as follows:
· Enter h or a question mark (?) to display help information as follows:
Help for interactive commands:
?,h Show the available interactive commands
1 Toggle SMP view: '1' single/separate states
c Sort by the CPU field(default)
d Set the delay interval between screen updates
f Sort by number of open files
k Kill a job
l Refresh the screen
m Sort by memory used
n Set the maximum number of processes to display
q Quit the interactive display
t Sort by run time of processes since last restart
< Move sort field to the next left column
> Move sort field to the next right column
Press any key to continue
· Enter d, and then enter a number to modify the refresh interval. If you enter 3, statistics are refreshed every 3 seconds.
Enter the delay interval between updates(1~2147483647): 3
· Enter n, and then enter a number to modify the maximum number of displayed processes. If you enter 5, statistics for five processes are displayed.
Enter the max number of processes to display(0 means unlimited):
87 processes; 113 threads; 735 fds
Thread states: 2 running, 111 sleeping, 0 stopped, 0 zombie
CPU states: 86.57% idle, 0.83% user, 11.74% kernel, 0.83% interrupt
Memory: 755M total, 414M available, page size 4K
JID PID PRI State FDs MEM HH:MM:SS CPU Name
864 864 120 S 24 27020K 00:00:43 8.95% syslogd
1173 1173 120 R 24 2664K 00:00:01 2.37% top
866 866 120 S 18 10276K 00:00:09 0.69% devd
1 1 120 S 16 1968K 00:00:04 0.41% scmd
881 881 120 S 8 2420K 00:00:07 0.41% diagd
· Enter f to sort processes by FDs in descending order. (You can also enter command c, m, or t to sort processes.)
87 processes; 113 threads; 735 fds
Thread states: 1 running, 112 sleeping, 0 stopped, 0 zombie
CPU states: 90.66% idle, 0.88% user, 5.77% kernel, 2.66% interrupt
Memory: 755M total, 414M available, page size 4K
JID PID PRI State FDs MEM HH:MM:SS CPU Name
862 862 120 S 61 5384K 00:00:01 0.00% dbmd
905 905 120 S 35 2464K 00:00:02 0.00% ipbased
863 863 120 S 31 1956K 00:00:00 0.00% had
884 884 120 S 31 30600K 00:00:00 0.00% lsmd
889 889 120 S 29 61592K 00:00:00 0.00% routed
· Enter k and then enter a JID to kill a process. If you enter 884, the process with the JID of 884 is killed.
Enter the JID to kill: 884
84 processes; 107 threads; 683 fds
Thread states: 1 running, 106 sleeping, 0 stopped, 0 zombie
CPU states: 59.03% idle, 1.92% user, 37.88% kernel, 1.15% interrupt
Memory: 755M total, 419M available, page size 4K
JID PID PRI State FDs MEM HH:MM:SS CPU Name
862 862 120 S 56 5384K 00:00:01 0.00% dbmd
905 905 120 S 35 2464K 00:00:02 0.00% ipbased
863 863 120 S 30 1956K 00:00:00 0.00% had
889 889 120 S 29 61592K 00:00:00 0.00% routed
1160 1160 120 S 28 23096K 00:00:01 0.19% sshd
· Enter q to quit interactive mode.
Table 75 Command output
Field |
Description |
84 processes; 107 threads; 683 fds |
Numbers of processes, threads, and open files. |
JID |
Job ID of a process, which never changes. |
PID |
ID of a process. |
PRI |
Priority level of a process. |
State |
State of a process: · R—Running. · S—Sleeping. · T—Traced or stopped. · D—Uninterruptible sleep. · Z—Zombie. |
FDs |
Number of open files for a process. |
MEM |
Memory usage. It displays 0 for a kernel thread. |
HH:MM:SS |
Running time of a process since last restart. |
CPU |
CPU usage of a process. |
Name |
Name of a process. If square brackets ([ ]) exist in a process name, the process is a kernel thread. |
monitor thread
Use monitor thread to display thread statistics.
Syntax
Centralized devices in standalone mode:
monitor thread [ dumbtty ] [ iteration number ]
Distributed devices in standalone mode/centralized devices in IRF mode:
monitor thread [ dumbtty ] [ iteration number ] [ slot slot-number [ cpu cpu-number ] ]
Distributed devices in IRF mode:
monitor thread [ dumbtty ] [ iteration number ] [ chassis chassis-number slot slot-number [ cpu cpu-number ] ]
Views
Any view
Predefined user roles
network-admin
Parameters
dumbtty: Specifies dumbtty mode. In this mode, the command displays all thread statistics in descending order of CPU usage without refreshing statistics. If you do not specify the keyword, the command displays statistics for top 10 processes in descending order of CPU usage in an interactive mode, and refreshes statistics every 5 seconds by default.
iteration number: Specifies the number of display times, in the range of 1 to 4294967295. If you specify the dumbtty keyword, the number argument is 1 by default. If neither the dumbtty keyword nor the number argument is specified, there is no limit to the display times.
slot slot-number: Specifies a card by its slot number. If you do not specify this option, the command displays thread statistics for the active MPU. (Distributed devices in standalone mode.)
slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command displays information for the master device. (Centralized devices in IRF mode.)
chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the card. If you do not specify a card, this command displays information for the global active MPU. (Distributed devices in IRF mode.)
cpu cpu-number: Specifies a CPU by its number. (Centralized devices in IRF mode/distributed devices in IRF or standalone mode.)
Usage guidelines
If you do not specify the dumbtty keyword, the command displays thread statistics in an interactive mode. In this mode, the system automatically determines the number of displayed thread processes according to the screen size and does not display exceeding processes. You can also input interactive commands as shown in Table 76 to perform relevant operations.
Commands |
Description |
? or h |
Displays help information that includes available interactive commands. |
d |
Sets the interval for refreshing statistics. The default interval is 5 seconds. |
k |
Kills a process. Because the command can impact system operation, be cautious when you use it. |
l |
Refreshes the screen. |
n |
Changes the maximum number of threads displayed within a screen, in the range of 0 to 2147483647. The default value is 10. A value of 0 means no limit. Only threads not exceeding the screen size can be displayed. |
q |
Quits interactive mode. |
< |
Moves sort field to the next left column. |
> |
Moves sort field to the next right column. |
Examples
# Display thread statistics in dumbtty mode.
<Sysname> monitor thread dumbtty
84 processes; 107 threads
Thread states: 1 running, 106 sleeping, 0 stopped, 0 zombie
CPU states: 83.19% idle, 1.68% user, 10.08% kernel, 5.04% interrupt
Memory: 755M total, 417M available, page size 4K
JID TID LAST_CPU PRI State HH:MM:SS MAX CPU Name
1175 1175 0 120 R 00:00:00 1 10.75% top
1 1 0 120 S 00:00:06 1 2.68% scmd
881 881 0 120 S 00:00:09 1 2.01% diagd
776 776 0 120 S 00:00:01 0 0.67% [DEVD]
866 866 0 120 S 00:00:11 1 0.67% devd
2 2 0 115 S 00:00:00 0 0.00% [kthreadd]
3 3 0 115 S 00:00:01 0 0.00% [ksoftirqd/0]
4 4 0 99 S 00:00:00 1 0.00% [watchdog/0]
5 5 0 115 S 00:00:00 0 0.00% [events/0]
6 6 0 115 S 00:00:00 0 0.00% [khelper]
796 796 0 115 S 00:00:00 0 0.00% [kip6fs/1]
<Sysname>
# Display thread statistics in interactive mode.
<Sysname> monitor thread
84 processes; 107 threads
Thread states: 1 running, 106 sleeping, 0 stopped, 0 zombie
CPU states: 94.43% idle, 0.76% user, 3.64% kernel, 1.15% interrupt
Memory: 755M total, 417M available, page size 4K
JID TID LAST_CPU PRI State HH:MM:SS MAX CPU Name
1176 1176 0 120 R 00:00:01 1 3.42% top
866 866 0 120 S 00:00:12 1 0.85% devd
881 881 0 120 S 00:00:09 1 0.64% diagd
1 1 0 120 S 00:00:06 1 0.42% scmd
1160 1160 0 120 S 00:00:01 1 0.21% sshd
2 2 0 115 S 00:00:00 0 0.00% [kthreadd]
3 3 0 115 S 00:00:01 0 0.00% [ksoftirqd/0]
4 4 0 99 S 00:00:00 1 0.00% [watchdog/0]
5 5 0 115 S 00:00:00 0 0.00% [events/0]
6 6 0 115 S 00:00:00 0 0.00% [khelper]
· Enter h or a question mark (?) to display help information as follows:
Help for interactive commands:
?,h Show the available interactive commands
c Sort by the CPU field(default)
d Set the delay interval between screen updates
k Kill a job
l Refresh the screen
n Set the maximum number of threads to display
q Quit the interactive display
t Sort by run time of threads since last restart
< Move sort field to the next left column
> Move sort field to the next right column
Press any key to continue
· Enter d, and then enter a number to modify the refresh interval. If you enter 3, statistics are refreshed every 3 seconds.
Enter the delay interval between screen updates (1~2147483647): 3
· Enter n, and then enter a number to modify the maximum number of displayed threads. If you enter 5, statistics for five threads are displayed.
Enter the max number of threads to display(0 means unlimited): 5
84 processes; 107 threads
Thread states: 1 running, 106 sleeping, 0 stopped, 0 zombie
CPU states: 93.26% idle, 0.99% user, 4.23% kernel, 1.49% interrupt
Memory: 755M total, 417M available, page size 4K
JID TID LAST_CPU PRI State HH:MM:SS MAX CPU Name
1176 1176 0 120 R 00:00:02 1 3.71% top
1 1 0 120 S 00:00:06 1 0.92% scmd
866 866 0 120 S 00:00:13 1 0.69% devd
881 881 0 120 S 00:00:10 1 0.69% diagd
720 720 0 115 D 00:00:01 0 0.23% [TMTH]
· Enter k and then enter a JID to kill a thread. If you enter 881, the thread with the JID of 881 is killed.
Enter the JID to kill: 881
83 processes; 106 threads
Thread states: 1 running, 105 sleeping, 0 stopped, 0 zombie
CPU states: 96.26% idle, 0.54% user, 2.63% kernel, 0.54% interrupt
Memory: 755M total, 418M available, page size 4K
JID TID LAST_CPU PRI State HH:MM:SS MAX CPU Name
1176 1176 0 120 R 00:00:04 1 1.86% top
866 866 0 120 S 00:00:14 1 0.87% devd
1 1 0 120 S 00:00:07 1 0.49% scmd
730 730 0 0 S 00:00:04 1 0.12% [DIBC]
762 762 0 120 S 00:00:22 1 0.12% [MNET]
· Enter q to quit interactive mode.
Table 77 Command output
Field |
Description |
84 processes; 107 threads |
Numbers of processes and threads. |
JID |
Job ID of a thread, which never changes. |
TID |
ID of a thread. |
LAST_CPU |
Number of the CPU on which the latest thread scheduling occurs. |
PRI |
Priority level of a thread. |
State |
State of a thread: · R—Running. · S—Sleeping. · T—Traced or stopped. · D—Uninterruptible sleep. · Z—Zombie. |
HH:MM:SS |
Running time of a thread since last restart. |
MAX |
Longest time that a single thread scheduling occupies the CPU, in milliseconds. |
CPU |
CPU usage of a thread. |
Name |
Name of a thread. If square brackets ([ ]) exist in a thread name, the thread is a kernel thread. |
process core
Use process core to enable or disable a process to generate core files for exceptions and set the maximum number of core files.
Syntax
Centralized devices in standalone mode:
process core { maxcore value | off } { job job-id | name process-name }
Distributed devices in standalone mode/centralized devices in IRF mode:
process core { maxcore value | off } { job job-id | name process-name } [ slot slot-number [ cpu cpu-number ] ]
Distributed devices in IRF mode:
process core { maxcore value | off } { job job-id | name process-name } [ chassis chassis-number slot slot-number [ cpu cpu-number ] ]
Views
User view
Default
A process generates a core file for the first exception and does not generate any core files for subsequent exceptions.
Predefined user roles
network-admin
Parameters
off: Disables core file generation.
maxcore value: Enables core file generation and sets the maximum number of core files, in the range of 1 to 10.
name process-name: Specifies a process by its name, a case-insensitive string of 1 to 15 characters.
job job-id: Specifies a process by its job ID, in the range of 1 to 2147483647. The job ID does not change after the process restarts.
slot slot-number: Specifies a card by its slot number. If you do not specify this option, the command enables or disables core file generation for a process and sets the maximum number of core files on the active MPU. (Distributed devices in standalone mode.)
slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command displays information for the master device. (Centralized devices in IRF mode.)
chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the card. If you do not specify a card, this command displays information for the global active MPU. (Distributed devices in IRF mode.)
cpu cpu-number: Specifies a CPU by its number. (Centralized devices in IRF mode/distributed devices in IRF or standalone mode.)
Usage guidelines
The command applies to all instances of a process.
The command enables the system to generate a core file each time the specified process crashes until the maximum number of core files is reached. A core file records the exception information.
Because the core files consume system storage resources, you can disable core file generation for processes for which you do not need to review exception information.
Examples
# Disable core file generation for process routed.
<Sysname> process core off name routed
# Enable core file generation for process routed and set the maximum number of core files to 5.
<Sysname> process core maxcore 5 name routed
Related commands
display exception context
exception filepath
reset exception context
Use reset exception context to clear context information for process exceptions.
Syntax
Centralized devices in standalone mode:
reset exception context
Distributed devices in standalone mode/centralized devices in IRF mode:
reset exception context [ slot slot-number [ cpu cpu-number ] ]
Distributed devices in IRF mode:
reset exception context [ chassis chassis-number slot slot-number [ cpu cpu-number ] ]
Views
User view
Predefined user roles
network-admin
Parameters
slot slot-number: Specifies an MPU by its slot number. If you do not specify this option, the command clears context information for process exceptions on the active MPU. (Distributed devices in standalone mode.)
slot slot-number: Specifies an IRF member device by its ID. If you do not specify this option, the command clears context information for process exceptions on the IRF master device. (Centralized devices in IRF mode.)
chassis chassis-number slot slot-number: Specifies an MPU on an IRF member device. If you do not specify this option, the command clears context information for process exceptions on the global active MPU. (Distributed devices in IRF mode.)
cpu cpu-number: Specifies a CPU by its number. (Centralized devices in IRF mode/distributed devices in IRF or standalone mode.)
Examples
# Clear context information for exceptions.
<Sysname> reset exception context
Related commands
display exception context
reset kernel deadloop
Use reset kernel deadloop to clear kernel thread deadloop information.
Syntax
Centralized devices in standalone mode:
reset kernel deadloop
Distributed devices in standalone mode/centralized devices in IRF mode:
reset kernel deadloop [ slot slot-number [ cpu cpu-number ] ]
Distributed devices in IRF mode:
reset kernel deadloop [ chassis chassis-number slot slot-number [ cpu cpu-number ] ]
Views
User view
Predefined user roles
network-admin
Parameters
slot slot-number: Specifies an MPU by its slot number. If you do not specify this option, the command clears kernel thread deadloop information for the active MPU. (Distributed devices in standalone mode.)
slot slot-number: Specifies an IRF member device by its ID. If you do not specify this option, the command clears kernel thread deadloop information for the master device. (Centralized devices in IRF mode.)
chassis chassis-number slot slot-number: Specifies an MPU on an IRF member device. If you do not specify this option, the command clears kernel thread deadloop information for the global active MPU. (Distributed devices in IRF mode.)
cpu cpu-number: Specifies a CPU by its number. (Centralized devices in IRF mode/distributed devices in IRF or standalone mode.)
Examples
# Clear kernel thread deadloop information.
<Sysname> reset kernel deadloop
Related commands
display kernel deadloop
reset kernel exception
Use reset kernel exception to clear kernel thread exception information.
Syntax
Centralized devices in standalone mode:
reset kernel exception
Distributed devices in standalone mode/centralized devices in IRF mode:
reset kernel exception [ slot slot-number [ cpu cpu-number ] ]
Distributed devices in IRF mode:
reset kernel exception [ chassis chassis-number slot slot-number [ cpu cpu-number ] ]
Views
User view
Predefined user roles
network-admin
Parameters
slot slot-number: Specifies an MPU by its slot number. If you do not specify this option, the command clears kernel thread exception information for the active MPU. (Distributed devices in standalone mode.)
slot slot-number: Specifies an IRF member device by its ID. If you do not specify this option, the command clears kernel thread exception information for the master device. (Centralized devices in IRF mode.)
chassis chassis-number slot slot-number: Specifies an MPU on an IRF member device. If you do not specify this option, the command clears kernel thread exception information for the global active MPU. (Distributed devices in IRF mode.)
cpu cpu-number: Specifies a CPU by its number. (Centralized devices in IRF mode/distributed devices in IRF or standalone mode.)
Examples
# Clear kernel thread exception information.
<Sysname> reset kernel exception
Related commands
display kernel exception
third-part-process start
Use third-part-process start to start a third-party process.
Syntax
third-part-process start name process-name [ arg args ]
Views
System view
Predefined user roles
network-admin
Parameters
name process-name: Specifies the name of a third-party process.
arg args: Specifies the arguments used when the third-party process is started. The value and format of the arguments must conform to the rules of the third party process. If you do not specify this option, the command starts a third-party process without any arguments.
Usage guidelines
The following matrix shows the command and hardware compatibility:
Hardware |
Command compatibility |
MSR810/810-W/810-W-DB/810-LM/810-W-LM/810-10-PoE/810-LM-HK/810-W-LM-HK |
Yes |
MSR810-LMS/810-LUS |
No |
MSR2600-6-X1/2600-10-X1 |
No |
MSR 2630 |
No |
MSR3600-28/3600-51 |
No |
MSR3600-28-SI/3600-51-SI |
No |
MSR3610-X1/3610-X1-DP/3610-X1-DC/3610-X1-DP-DC |
No |
MSR 3610/3620/3620-DP/3640/3660 |
No |
MSR5620/5660/5680 |
No |
Hardware |
Command compatibility |
MSR810-LM-GL |
Yes |
MSR810-W-LM-GL |
Yes |
MSR830-6EI-GL |
Yes |
MSR830-10EI-GL |
Yes |
MSR830-6HI-GL |
Yes |
MSR830-10HI-GL |
Yes |
MSR2600-6-X1-GL |
No |
MSR3600-28-SI-GL |
No |
Third-party processes are not automatically started at system startup.
Examples
# Start third-party process wifidog.
<Sysname> system-view
[Sysname] third-part-process start name wifidog
Related commands
third-part-process stop
third-part-process stop
Use third-part-process stop to stop a third-party process.
Syntax
third-part-process stop pid pid&<1-10>
Views
System view
Predefined user roles
network-admin
Parameters
pid&<1-10>: Specifies a space-separated list of up to 10 third-party processes that have been started.
Usage guidelines
The following matrix shows the command and hardware compatibility:
Hardware |
Command compatibility |
MSR810/810-W/810-W-DB/810-LM/810-W-LM/810-10-PoE/810-LM-HK/810-W-LM-HK |
Yes |
MSR810-LMS/810-LUS |
No |
MSR2600-6-X1/2600-10-X1 |
No |
MSR 2630 |
No |
MSR3600-28/3600-51 |
No |
MSR3600-28-SI/3600-51-SI |
No |
MSR3610-X1/3610-X1-DP/3610-X1-DC/3610-X1-DP-DC |
No |
MSR 3610/3620/3620-DP/3640/3660 |
No |
MSR5620/5660/5680 |
No |
Hardware |
Command compatibility |
MSR810-LM-GL |
Yes |
MSR810-W-LM-GL |
Yes |
MSR830-6EI-GL |
Yes |
MSR830-10EI-GL |
Yes |
MSR830-6HI-GL |
Yes |
MSR830-10HI-GL |
Yes |
MSR2600-6-X1-GL |
No |
MSR3600-28-SI-GL |
No |
This command can be used to stop only processes started by the third-part-process start command. To display the IDs of third-party processes, use the display process all command. "Y" in the THIRD field from the output indicates the third-party process and the PID field indicates the ID of the process.
Examples
# Stop third party process wifidog.
<Sysname> display process all
JID PID %CPU %MEM STAT PRI THIRD TTY HH:MM:SS COMMAND
1 1 0.0 0.0 S 120 N - 00:00:04 scmd
2 2 0.0 0.0 S 115 N - 00:00:00 [kthreadd]
3 3 0.0 0.0 S 99 N - 00:00:00 [migration/0]
4 4 0.0 0.0 S 115 N - 00:00:05 [ksoftirqd/0]
5 5 0.0 0.0 S 99 N - 00:00:00 [watchdog/0]
6 6 0.0 0.0 S 115 N - 00:00:00 [events/0]
7 7 0.0 0.0 S 115 N - 00:00:00 [khelper]
8 8 0.0 0.0 S 115 N - 00:00:00 [kblockd/0]
9 9 0.0 0.0 S 115 N - 00:00:00 [ata/0]
10 10 0.0 0.0 S 115 N - 00:00:00 [ata_aux]
11 11 0.0 0.0 S 115 N - 00:00:00 [kseriod]
12 12 0.0 0.0 S 120 N - 00:00:00 [vzmond]
13 13 0.0 0.0 S 120 N - 00:00:00 [pdflush]
14 14 0.0 0.0 S 120 N - 00:00:00 [pdflush]
15 15 0.0 0.0 S 115 N - 00:00:00 [kswapd0]
16 16 0.0 0.0 S 115 N - 00:00:00 [aio/0]
17 17 0.0 0.0 S 115 N - 00:00:00 [scsi_eh_0]
18 18 0.0 0.0 S 115 N - 00:00:00 [scsi_eh_1]
19 19 0.0 0.0 S 115 N - 00:00:00 [scsi_eh_2]
20 35 0.0 0.0 D 100 Y - 00:00:00 wifidog
---- More ----
<Sysname> system-view
[Sysname] third-part-process stop pid 35
Related commands
display process all
third-part-process start
Sampler commands
The following matrix shows the feature and hardware compatibility:
Hardware |
Sampler compatibility |
MSR810/810-W/810-W-DB/810-LM/810-W-LM/810-10-PoE/810-LM-HK/810-W-LM-HK |
Yes |
MSR810-LMS/810-LUS |
No |
MSR2600-6-X1/2600-10-X1 |
Yes |
MSR 2630 |
Yes |
MSR3600-28/3600-51 |
Yes |
MSR3600-28-SI/3600-51-SI |
Yes |
MSR3610-X1/3610-X1-DP/3610-X1-DC/3610-X1-DP-DC |
Yes |
MSR 3610/3620/3620-DP/3640/3660 |
Yes |
MSR5620/5660/5680 |
Yes |
Hardware |
Sampler compatibility |
MSR810-LM-GL |
Yes |
MSR810-W-LM-GL |
Yes |
MSR830-6EI-GL |
Yes |
MSR830-10EI-GL |
Yes |
MSR830-6HI-GL |
Yes |
MSR830-10HI-GL |
Yes |
MSR2600-6-X1-GL |
Yes |
MSR3600-28-SI-GL |
Yes |
Commands and descriptions for centralized devices apply to the following routers:
· MSR810/810-W/810-W-DB/810-LM/810-W-LM/810-10-PoE/810-LM-HK/810-W-LM-HK/810-LMS/810-LUS.
· MSR2600-6-X1/2600-10-X1.
· MSR 2630.
· MSR3600-28/3600-51.
· MSR3600-28-SI/3600-51-SI.
· MSR3610-X1/3610-X1-DP/3610-X1-DC/3610-X1-DP-DC.
· MSR 3610/3620/3620-DP/3640/3660.
· MSR810-LM-GL/810-W-LM-GL/830-6EI-GL/830-10EI-GL/830-6HI-GL/830-10HI-GL/2600-6-X1-GL/3600-28-SI-GL.
Commands and descriptions for distributed devices apply to the following routers:
· MSR5620.
· MSR 5660.
· MSR 5680.
display sampler
Use display sampler to display configuration information for a sampler.
Syntax
Centralized devices in standalone mode:
display sampler [ sampler-name ]
Distributed devices in standalone mode/centralized devices in IRF mode:
display sampler [ sampler-name ] [ slot slot-number ]
Distributed devices in IRF mode:
display sampler [ sampler-name ] [ chassis chassis-number slot slot-number ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
sampler-name: Specifies a sampler by its name, a case-insensitive string of 1 to 31 characters. If you do not specify a sampler, this command displays configuration information for all samplers.
slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays sampler configuration information for the active MPU. (Distributed devices in standalone mode.)
slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command displays sampler configuration information for the master device. (Centralized devices in IRF mode.)
chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the card. If you do not specify a card, this command displays sampler configuration information for the global active MPU. (Distributed devices in IRF mode.)
Examples
# Display the configuration information about sampler 256.
<Sysname> display sampler 256
Sampler name: 256
Mode: Fixed; Packet-interval: 8; IsNpower: Y
# (Distributed devices in standalone mode.) Display the configuration information about sampler 256 for card 1.
<Sysname> display sampler 256 slot 1
Sampler name: 256
Mode: Fixed; Packet-interval: 8; IsNpower: Y
# (Distributed devices in IRF mode.) Display the configuration information about sampler 256 for card 1 on IRF member device 1.
<Sysname> display sampler 256 chassis 1 slot 1
Sampler name: 256
Mode: Fixed; Packet-interval: 8; IsNpower: Y
Table 78 Command output
Field |
Description |
Sampler name |
Name of the sampler. |
Mode |
Sampling mode, including fixed mode and random mode. |
Packet-interval |
Sampling rate. |
IsNpower |
Whether the sampling rate is 2 to the nth power: · Y—Yes. · N—No. |
sampler
Use sampler to create a sampler.
Use undo sampler to delete a sampler.
Syntax
sampler sampler-name mode { fixed | random } packet-interval [ n-power ] rate
undo sampler sampler-name
Default
No samplers exist.
Views
System view
Predefined user roles
network-admin
Parameters
sampler-name: Specifies a sampler by its name, a case-insensitive string of 1 to 31 characters.
fixed: Specifies the fixed sampling mode. A sampler in this mode selects the first packet per sampling.
random: Specifies the random sampling mode. A sampler in this mode randomly selects a packet out of a group of packets. Which packet is selected for each sampling varies.
rate: Specifies the sampling rate. The value range for this argument is 1 to 65536.
n-power: Specifies the sampling rate. If n-power is not specified, the sampling rate is the value of the rate argument. For example, if the rate argument is set to 100, one packet is selected from 100 packets in each sampling. The value range is 1 to 65536. If n-power is not specified, the sampling rate is 2 to the nth power, where n is value of the rate argument. The value range is 1 to 16. For example, if the rate argument is set to 8, one packet is selected from 256 (2 to the 8th power) packets in each sampling.
Usage guidelines
This command takes effect on all cards. (Distributed devices in IRF or standalone mode.)
Examples
# Create sampler abc in fixed sampling mode. Set the sampling rate to 8.
<Sysname> system-view
[Sysname] sampler abc mode fixed packet-interval 8
Port mirroring commands
The following matrix shows the feature and hardware compatibility:
Hardware |
Port mirroring compatibility |
MSR810/810-W/810-W-DB/810-LM/810-W-LM/810-10-PoE/810-LM-HK/810-W-LM-HK |
Yes |
MSR810-LMS/810-LUS |
No |
MSR2600-6-X1/2600-10-X1 |
Yes |
MSR 2630 |
Yes |
MSR3600-28/3600-51 |
Yes |
MSR3600-28-SI/3600-51-SI |
Yes |
MSR3610-X1/3610-X1-DP/3610-X1-DC/3610-X1-DP-DC |
Yes |
MSR 3610/3620/3620-DP/3640/3660 |
Yes |
MSR5620/5660/5680 |
Yes |
display mirroring-group
Use display mirroring-group to display mirroring group information.
Syntax
display mirroring-group { group-id | all | local }
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
group-id: Specifies a mirroring group by its ID in the range of 1 to 6.
all: Specifies all mirroring groups.
local: Specifies local mirroring groups.
Usage guidelines
Mirroring group information includes the type, status, and content of a mirroring group. It is sorted by mirroring group number.
Examples
# Display information about all mirroring groups.
<Sysname> display mirroring-group all
Mirroring group 1:
Type: Local
Status: Active
Mirroring port:
GigabitEthernet1/0/1 Inbound
Monitor port: GigabitEthernet1/0/2
Mirroring group 3:
Type: Local
Status: Active
Mirroring port:
GigabitEthernet1/0/5 Inbound
GigabitEthernet1/0/6 Both
Monitor port: GigabitEthernet1/0/7
Table 79 Command output
Field |
Description |
Mirroring group |
Number of the mirroring group. |
Type |
Type of the mirroring group: Local. |
Status |
Status of the mirroring group: · Active—The mirroring group has taken effect. · Incomplete—The mirroring group configuration is not complete and does not take effect. |
Mirroring port |
Source port. |
Monitor port |
Destination port. |
mirroring-group
Use mirroring-group to create a mirroring group.
Use undo mirroring-group to delete mirroring groups.
Syntax
mirroring-group group-id local
undo mirroring-group { group-id | all | local }
Default
No mirroring groups exist.
Views
System view
Predefined user roles
network-admin
Parameters
group-id: Specifies a mirroring group ID in the range of 1 to 6.
local: Specifies local mirroring groups.
all: Specifies all mirroring groups.
Examples
# Create local mirroring group 1.
<Sysname> system-view
[Sysname] mirroring-group 1 local
mirroring-group mirroring-port (interface view)
Use mirroring-group mirroring-port to configure a port as a source port for a mirroring group.
Use undo mirroring-group mirroring-port to restore the default.
Syntax
mirroring-group group-id mirroring-port { both | inbound | outbound }
undo mirroring-group group-id mirroring-port
Default
A port does not act as a source port for any mirroring groups.
Views
Interface view
Predefined user roles
network-admin
Parameters
group-id: Specifies an existing mirroring group by its ID in the range of 1 to 6.
both: Mirrors both received and sent packets.
inbound: Mirrors only received packets.
outbound: Mirrors only sent packets.
Usage guidelines
You can configure source ports only for local mirroring groups.
A port can act as a source port for only one mirroring group.
A source port cannot be configured as a egress port or a monitor port.
Examples
# Create local mirroring group 1 to monitor the bidirectional traffic of GigabitEthernet 1/0/1.
<Sysname> system-view
[Sysname] mirroring-group 1 local
[Sysname] interface gigabitethernet 1/0/1
[Sysname-GigabitEthernet1/0/1] mirroring-group 1 mirroring-port both
Related commands
mirroring-group
mirroring-group mirroring-port (system view)
Use mirroring-group mirroring-port to configure source ports for a mirroring group.
Use undo mirroring-group mirroring-port to remove source ports from a mirroring group.
Syntax
mirroring-group group-id mirroring-port interface-list { both | inbound | outbound }
undo mirroring-group group-id mirroring-port interface-list
Default
No source port is configured for a mirroring group.
Views
System view
Predefined user roles
network-admin
Parameters
group-id: Specifies an existing mirroring group by its ID in the range of 1 to 6.
interface-list: Specifies a space-separated list of up to eight port items. Each item specifies a single port or a port range in the form of interface-type interface-number1 to interface-type interface-number2. The specified ports must be of the same type and on the same card. The value for the interface-number2 argument must be equal to or greater than the value for the interface-number1 argument.
both: Mirrors both received and sent packets.
inbound: Mirrors only received packets.
outbound: Mirrors only sent packets.
Usage guidelines
You can configure source ports only for local mirroring groups.
A port can act as a source port for only one mirroring group.
A source port cannot be configured as a egress port or a monitor port.
Examples
# Create local mirroring group 1 to monitor the bidirectional traffic of GigabitEthernet 1/0/1.
<Sysname> system-view
[Sysname] mirroring-group 1 local
[Sysname] mirroring-group 1 mirroring-port gigabitethernet 1/0/1 both
mirroring-group
mirroring-group monitor-port (interface view)
Use mirroring-group monitor-port to configure a port as a monitor port for a mirroring group.
Use undo mirroring-group monitor-port to restore the default.
Syntax
mirroring-group group-id monitor-port
undo mirroring-group group-id monitor-port
Default
A port does not act as a monitor port for any mirroring groups.
Views
Interface view
Predefined user roles
network-admin
Parameters
group-id: Specifies an existing mirroring group by its ID in the range of 1 to 6.
Usage guidelines
You can configure monitor ports only for local mirroring groups.
Use a monitor port only for port mirroring, so the data monitoring device receives and analyzes only the mirrored traffic.
Do not configure a port of an existing mirroring group as a monitor port.
Examples
# Create local mirroring group 1 and configure GigabitEthernet 1/0/1 as its monitor port.
<Sysname> system-view
[Sysname] mirroring-group 1 local
[Sysname] interface gigabitethernet 1/0/1
[Sysname-GigabitEthernet1/0/1] mirroring-group 1 monitor-port
Related commands
mirroring-group
mirroring-group monitor-port (system view)
Use mirroring-group monitor-port to configure the monitor ports for a mirroring group.
Use undo mirroring-group monitor-port to remove the monitor ports from a mirroring group.
Syntax
mirroring-group group-id monitor-port interface-type interface-number
undo mirroring-group group-id monitor-port interface-type interface-number
Default
No monitor port is configured for a mirroring group.
Views
System view
Predefined user roles
network-admin
Parameters
group-id: Specifies an existing mirroring group by its ID in the range of 1 to 6.
interface-type interface-number: Specifies an interface by its type and number.
Usage guidelines
You can configure monitor ports only for local mirroring groups.
Use a monitor port only for port mirroring, so the data monitoring device receives only the mirrored traffic.
Do not configure a port of an existing mirroring group as a monitor port.
Examples
# Create local mirroring group 1 and configure GigabitEthernet 1/0/1 as its monitor port.
<Sysname> system-view
[Sysname] mirroring-group 1 local
[Sysname] mirroring-group 1 monitor-port gigabitethernet 1/0/1
Related commands
mirroring-group
Flow mirroring commands
The following matrix shows the feature and hardware compatibility:
Hardware |
Flow mirroring compatibility |
MSR810/810-W/810-W-DB/810-LM/810-W-LM/810-10-PoE/810-LM-HK/810-W-LM-HK |
Yes |
MSR810-LMS/810-LUS |
No |
MSR2600-6-X1/2600-10-X1 |
Yes |
MSR 2630 |
Yes |
MSR3600-28/3600-51 |
Yes |
MSR3600-28-SI/3600-51-SI |
Yes |
MSR3610-X1/3610-X1-DP/3610-X1-DC/3610-X1-DP-DC |
Yes |
MSR 3610/3620/3620-DP/3640/3660 |
Yes |
MSR5620/5660/5680 |
Yes |
mirror-to
Use mirror-to to configure a mirroring action for a traffic behavior.
Use undo mirror-to to delete a mirroring action.
Syntax
mirror-to interface interface-type interface-number
undo mirror-to interface interface-type interface-number
Default
No mirroring action is configured for a traffic behavior.
Views
Traffic behavior view
Predefined user roles
network-admin
Parameters
interface interface-type interface-number: Specifies an interface by its type and number.
Examples
# Create traffic behavior 1 and configure the action of mirroring traffic to GigabitEthernet 1/0/1 for the traffic behavior.
<Sysname> system-view
[Sysname] traffic behavior 1
[Sysname-behavior-1] mirror-to interface gigabitethernet 1/0/1
NetStream configuration commands
Commands and descriptions for centralized devices apply to the following routers:
· MSR810.
· MSR810-W.
· MSR810-W-DB.
· MSR810-LM.
· MSR810-W-LM.
· MSR810-10-PoE.
· MSR810-LM-HK.
· MSR810-W-LM-HK.
· MSR2600-6-X1/2600-10-X1.
· MSR 2630.
· MSR 3610.
· MSR3610-X1.
· MSR3610-X1-DP.
· MSR3610-X1-DC.
· MSR3610-X1-DP-DC.
· MSR 3620.
· MSR 3620-DP.
· MSR 3640.
· MSR 3660.
· MSR3600-28.
· MSR3600-51.
· MSR810-LM-GL/810-W-LM-GL/830-6EI-GL/830-10EI-GL/830-6HI-GL/830-10HI-GL/2600-6-X1-GL/3600-28-SI-GL.
Commands and descriptions for distributed devices apply to the following routers:
· MSR5620.
· MSR 5660.
· MSR 5680.
display ip netstream cache
Use display ip netstream cache to display NetStream entry information.
Syntax
Centralized devices in standalone mode:
Distributed devices in standalone mode/centralized devices in IRF mode:
Distributed devices in IRF mode:
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
verbose: Displays detailed information about NetStream entries.
type: Specifies the NetStream entry type. If you do not specify this keyword, this commands displays information about all types of NetStream entries.
ip: Specifies Layer 3 NetStream entries.
ipl2: Specifies Layer 2 and Layer 3 NetStream entries.
l2: Specifies Layer 2 NetStream entries.
mpls: Specifies MPLS NetStream entries.
label-position1 label-value1: Specifies a label by its position and value. The value range for the label-position1 argument is 1 to 6. The value range for the label-value1 argument is 0 to 1048575.
label-position2 label-value2: Specifies a label by its position and value. The value range for the label-position2 argument is 1 to 6. The value range for the label-value2 argument is 0 to 1048575.
label-position3 label-value3: Specifies a label by its position and value. The value range for the label-position3 argument is 1 to 6. The value range for the label-value3 argument is 0 to 1048575.
destination destination-ip: Specifies a destination IP address in dotted-decimal notation. If you specify this option, this command does not display Layer 2 NetStream entries.
destination-port destination-port: Specifies a destination port number in the range of 0 to 65535. If you specify this option, this command does not display Layer 2 NetStream entries.
interface interface-type interface-number: Specifies an interface by its type and number.
protocol protocol: Specifies a protocol by its number in the range of 0 to 255 or by its name such as GRE, OSPF, TCP, or UDP. If you specify this option, this command does not display Layer 2 NetStream entries.
source source-ip: Specifies a source IP address in dotted-decimal notation. If you specify this option, this command does not display Layer 2 NetStream entries.
source-port source-port: Specifies a source port number in the range of 0 to 65535. If you specify this option, this command does not display Layer 2 NetStream entries.
arrived-time: Specifies an arrived time range to display NetStream entries. If you do not specify this keyword, the arrived time is not used as a criterion for filtering the NetStream entries to be displayed.
start-date: Specifies the start date in the format of MM/DD/YYYY or YYYY/MM/DD, where MM is in the range of 1 to 12 and YYYY is in the range of 2000 to 2035. The value range for DD varies by the value of MM.
start-time: Specifies the start time in the format of HH:MM:SS, where HH is in the range of 0 to 23, MM and SS are in the range of 0 to 59. The SS element can be omitted if its value is 00. Both the SS and MM elements can be omitted if their values are 0. For example, the start time of 0 indicates 00:00:00.
end-date: Specifies the end date in the format of MM/DD/YYYY or YYYY/MM/DD, where MM is in the range of 1 to 12 and YYYY is in the range of 2000 to 2035. The value range for DD varies by the value of MM.
end-time: Specifies the end time in the format of HH:MM:SS, where HH is in the range of 0 to 23, MM and SS are in the range of 0 to 59. The SS element can be omitted if its value is 00. Both the SS and MM elements can be omitted if their values are 0. For example, the end time of 0 indicates 00:00:00.
slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays information about NetStream entries for all cards. (Distributed devices in standalone mode.)
slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command displays information about NetStream entries for all member devices. (Centralized devices in IRF mode.)
chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the card. If you do not specify a card, this command displays information about NetStream entries for all cards. (Distributed devices in IRF mode.)
Examples
# Display information about NetStream entries with a protocol number of 17.
<Sysname> display ip netstream cache protocol 17
Type DstIP(Port) SrcIP(Port) Pro ToS VNI APPID If(Direct) Pkts
DstMAC(VLAN) SrcMAC(VLAN)
TopLblType(IP/Mask) Lbl-Exp-S-List
--------------------------------------------------------------------------
IP 11.1.1.1(1024) 11.1.1.2(21) 17 128 10 0xe GE1/0/1(I) 42996
# Display information about NetStream entries arrived at the NetStream cache between 14:19:03 and 14:23:03 on July 28, 2017.
<Sysname> display ip netstream cache arrived-time 7/28/2017 14:19:03 7/28/2017 14:23:03
Type DstIP(Port) SrcIP(Port) Pro ToS VNI If(Direct) Pkts
DstMAC(VLAN) SrcMAC(VLAN)
TopLblType(IP/Mask) Lbl-Exp-S-List
IP 11.1.1.1(1024) 11.1.1.2(21) 6 128 10 GE1/0/1(I) 1253
First packet arrived: 7/28/2017, 14:20:03
Last packet arrived: 7/28/2017, 14:21:03
L2 0012-3f86-e94c(10) 0012-3f86-e86a(0) GE1/0/1(I) 1253
First packet arrived: 7/28/2017, 14:20:00
Last packet arrived: 7/28/2017, 14:21:03
MPLS LDP(3.3.3.3/24) 1:18-6-0 GE1/0/2(O) 291
2:24-6-0
3:30-6-1
First packet arrived: 7/28/2017, 14:20:01
Last packet arrived: 7/28/2017, 14:21:03
IP& 192.168.123.1(2048) 192.168.1.1(0) 1 0 N/A GE1/0/2(O) 10
L2 0012-3f86-e95d(0) 0012-3f86-e116(1008)
First packet arrived: 7/28/2017, 14:20:04
Last packet arrived: 7/28/2017, 14:21:03
IP& 172.16.1.1(68) 172.16.2.1(67) 17 64 N/A GE1/0/3(I) 1848
MPLS LDP(4.4.4.4/24) 1:55-6-0
2:16-6-1
First packet arrived: 7/28/2017, 14:20:03
Last packet arrived: 7/28/2017, 14:23:03
# (Centralized devices in standalone mode.) Display detailed information about NetStream entries.
<Sysname> display ip netstream cache verbose
IP NetStream cache information:
Active flow timeout : 60 min
Inactive flow timeout : 10 sec
Max number of entries : 1000
IP active flow entries : 1
MPLS active flow entries : 2
L2 active flow entries : 1
IPL2 active flow entries : 1
IP flow entries counted : 10
MPLS flow entries counted : 20
L2 flow entries counted : 10
IPL2 flow entries counted : 20
Last statistics resetting time : 01/01/2000 at 00:01:02
IP packet size distribution (1103746 packets in total):
1-32 64 96 128 160 192 224 256 288 320 352 384 416 448 480
.249 .694 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000
512 544 576 1024 1536 2048 2560 3072 3584 4096 4608 >4608
.000 .000 .027 .000 .027 .000 .000 .000 .000 .000 .000 .000
Protocol Total Packets Flows Packets Active(sec) Idle(sec)
Flows /sec /sec /flow /flow /flow
--------------------------------------------------------------------------
TCP-Telnet 2656855 372 4 86 49 27
TCP-FTP 5900082 86 9 9 11 33
TCP-FTPD 3200453 1006 5 193 45 33
TCP-WWW 546778274 11170 887 12 8 32
TCP-other 49148540 3752 79 47 30 32
UDP-DNS 117240379 570 190 3 7 34
UDP-other 45502422 2272 73 30 8 37
ICMP 14837957 125 24 5 12 34
IP-other 77406 5 0 47 52 27
Type DstIP(Port) SrcIP(Port) Pro ToS VNI APPID If(Direct) Pkts
DstMAC(VLAN) SrcMAC(VLAN)
TopLblType(IP/Mask) Lbl-Exp-S-List
--------------------------------------------------------------------------
IP 11.1.1.1(1024) 11.1.1.2(21) 6 128 10 0xe ET1/1(I) 42996
TCPFlag: 27
DstMask: 24 SrcMask: 24 NextHop: 0.0.0.0
DstAS: 0 SrcAS: 0 BGPNextHop: 0.0.0.0
InVRF: mvpn
SamplerMode: Random SamplerInt: 256
Active: 120.600 Bytes/Pkt: 152
First packet arrived: 7/28/2017, 14:10:03
Last packet arrived: 7/28/2017, 14:21:03
L2 0012-3f86-e94c(10) 0012-3f86-e86a(0) GE1/4/1(I) 1253
SamplerMode: Fixed SamplerInt: 64
Active: 5.510 Bytes/Pkt: 210
First packet arrived: 7/28/2017, 14:10:00
Last packet arrived: 7/28/2017, 14:21:03
MPLS LDP(3.3.3.3/24) 1:18-6-0 GE1/0/2(O) 291
2:24-6-0
3:30-6-1
SamplerMode: N/A SamplerInt: 0
Active: 660.084 Bytes/Pkt: 100
First packet arrived: 7/28/2017, 14:10:01
Last packet arrived: 7/28/2017, 14:21:03
IP& 192.168.123.1(2- 192.168.1.1(0) 1 0 N/A 0x0 GE1/0/2(O) 10
48)
L2 0012-3f86-e95d(0) 0012-3f86-e116(1008)
TCPFlag: 27
DstMask: 24 SrcMask: 24 NextHop: 192.168.1.2
DstAS: 0 SrcAS: 0 BGPNextHop: 0.0.0.0
OutVRF: vpn1 TCPFlag: 0
SamplerMode: N/A SamplerInt: 0
Active: 12.030 Bytes/Pkt: 86
First packet arrived: 7/28/2017, 14:10:04
Last packet arrived: 7/28/2017, 14:21:03
IP& 172.16.1.1(68) 172.16.2.1(67) 17 64 N/A 0x0 GE1/0/3(I) 1848
MPLS LDP(4.4.4.4/24) 1:55-6-0
2:16-6-1
TCPFlag: 0
DstMask: 24 SrcMask: 24 NextHop: 172.16.2.10
DstAS: 0 SrcAS: 0 BGPNextHop: 0.0.0.0
InVRF: vpn1
SamplerMode: N/A SamplerInt: 0
Active: 382.542 Bytes/Pkt: 1426
First packet arrived: 7/28/2017, 14:12:03
Last packet arrived: 7/28/2017, 14:23:03
# (Distributed devices in standalone mode.) Display detailed information about NetStream entries for the card in slot 1.
<Sysname> display ip netstream cache verbose slot 1
IP NetStream information:
Active flow timeout : 60 min
Inactive flow timeout : 10 sec
Max number of entries : 1000
IP active flow entries : 1
MPLS active flow entries : 2
L2 active flow entries : 1
IPL2 active flow entries : 1
IP flow entries counted : 10
MPLS flow entries counted : 20
L2 flow entries counted : 10
IPL2 flow entries counted : 20
Last statistics resetting time : 01/01/2012 at 00:01:02
IP packet size distribution (1103746 packets in total):
1-32 64 96 128 160 192 224 256 288 320 352 384 416 448 480
.249 .694 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000
512 544 576 1024 1536 2048 2560 3072 3584 4096 4608 >4608
.000 .000 .027 .000 .027 .000 .000 .000 .000 .000 .000 .000
Protocol Total Packets Flows Packets Active(sec) Idle(sec)
Flows /sec /sec /flow /flow /flow
--------------------------------------------------------------------------
TCP-Telnet 2656855 372 4 86 49 27
TCP-FTP 5900082 86 9 9 11 33
TCP-FTPD 3200453 1006 5 193 45 33
TCP-WWW 546778274 11170 887 12 8 32
TCP-other 49148540 3752 79 47 30 32
UDP-DNS 117240379 570 190 3 7 34
UDP-other 45502422 2272 73 30 8 37
ICMP 14837957 125 24 5 12 34
IP-other 77406 5 0 47 52 27
Type DstIP(Port) SrcIP(Port) Pro ToS VNI APPID If(Direct) Pkts
DstMAC(VLAN) SrcMAC(VLAN)
TopLblType(IP/Mask) Lbl-Exp-S-List
--------------------------------------------------------------------------
IP 11.1.1.1(1024) 11.1.1.2(21) 6 128 N/A 0x0 ET1/1(I) 42996
TCPFlag: 27
DstMask: 24 SrcMask: 24 NextHop: 0.0.0.0
DstAS: 0 SrcAS: 0 BGPNexthop: 0.0.0.0
InVRF: mvpn
SamplerMode: Random SamplerInt: 256
Active: 120.600 Bytes/Pkt: 152
First packet arrived: 7/28/2017, 14:12:03
Last packet arrived: 7/28/2017, 14:23:03
L2 0012-3f86-e94c(10) 0012-3f86-e86a(0) GE1/4/1(I) 1253
SamplerMode: Fixed SamplerInt: 64
Active: 5.510 Bytes/Pkt: 210
First packet arrived: 7/28/2017, 14:12:03
Last packet arrived: 7/28/2017, 14:23:03
MPLS LDP(3.3.3.3/24) 1:18-6-0 GE1/0/2(O) 291
2:24-6-0
3:30-6-1
SamplerMode: N/A SamplerInt: 0
Active: 660.084 Bytes/Pkt: 100
First packet arrived: 7/28/2017, 14:12:03
Last packet arrived: 7/28/2017, 14:23:03
IP& 192.168.123.1(2- 192.168.1.1(0) 1 0 N/A 0x0 GE1/0/2(O) 10
048)
L2 0012-3f86-e95d(0) 0012-3f86-e116(1008)
DstMask: 24 SrcMask: 24 NextHop: 192.168.1.2
DstAS: 0 SrcAS: 0 BGPNexthop: 0.0.0.0
OutVRF: vpn1 TCPFlag: 0
SamplerMode: N/A SamplerInt: 0
Active: 12.030 Bytes/Pkt: 86
First packet arrived: 7/28/2017, 14:12:03
Last packet arrived: 7/28/2017, 14:23:03
IP& 172.16.1.1(68) 172.16.2.1(67) 17 64 N/A 0x0 GE1/0/3(I) 1848
MPLS LDP(4.4.4.4/24) 1:55-6-0
2:16-6-1
DstMask: 24 SrcMask: 24 NextHop: 172.16.2.10
DstAS: 0 SrcAS: 0 BGPNextHop: 0.0.0.0
InVRF: vpn1
SamplerMode: N/A SamplerInt: 0
Active: 382.542 Bytes/Pkt: 1426
First packet arrived: 7/28/2017, 14:12:03
Last packet arrived: 7/28/2017, 14:23:03
Table 80 Command output
Field |
Description |
Aging timer for active flows, in minutes. |
|
Aging timer for inactive flows, in seconds. |
|
Max number of entries |
Maximum number of flows allowed in the cache. |
IP active flow entries |
Number of active IP flows in the cache. |
MPLS active flow entries |
Number of active MPLS flows in the cache. |
L2 active flow entries |
Number of active Layer 2 flows in the cache. |
IPL2 active flow entries |
Number of active Layer 2 and Layer 3 flows in the cache. |
IP flow entries counted |
Number of IP flows that have been counted. |
MPLS flow entries counted |
Number of MPLS flows that have been counted. |
L2 flow entries counted |
Number of Layer 2 flows that have been counted. |
IPL2 flow entries counted |
Number of Layer 2 and Layer 3 flows that have been counted. |
Last time the reset ip netstream statistics command was executed. This field displays Never if you have never executed this command. |
|
IP packet size distribution (1103746 packets in total) |
Distribution of IP packets by packet size, and the bracketed number is the total number of IP packets. The value is displayed in the proportion of the number of IP packets of the specified sizes to the total number of IP packets, and the value is displayed with 3 decimal places. |
1-32 64 96 128 160 192 224 256 288 320 352 384 416 448 480 512 544 576 1024 1536 2048 2560 3072 3584 4096 4608 |
Range of IP packet length (excluding data link layer header) in bytes. · For the values in the range of 1 to 576, the range increases in the step of 32. For example, 1-32 shows the number of packets with the size of 1 to 32 bytes. 64 shows the number of packets with the size of 33 to 64 bytes. · For the values greater than 1024, the range increases in the step of 512. For example, 1536 shows the number of packets with the size of 1025 to 1536 bytes. · Packets with the size of 577 to 1024 bytes are recorded in the 1024 entry. |
Protocol Total Flows Packets /sec Flows/sec Packets/flow Active(sec)/flow Idle(sec)/flow |
Statistics of packets by protocol type: · Protocol type. · Total number of flows. · Number of packets per second. · Number of flows per second. · Number of packets per flow. · Active time (in seconds) of each flow. · Inactive time (in seconds) of each flow. |
Type DstIP(Port) SrcIP(Port) Pro ToS VNI APPID If(Direct) Pkts |
Statistics of the active flows in the current cache: · Flow type. Flows are classified into the following types: ¡ Layer 3 flows. ¡ Layer 2 flows. ¡ Layer 2 and Layer 3 flows. ¡ MPLS flows without IP options. ¡ MPLS flows with IP options. · Destination IP address (destination port). · Source IP address (source port). · Protocol number. · ToS. · Application layer protocol ID. · Interface name (direction). · Number of packets. ICMP packets do not contain port number fields, so the type and code fields are captured. The value for the destination port represents these two fields: · The highest 8 bits represent the type field. · The lowest 8 bits represent the code field. The value for the source port is set to 0 and does not indicate any statistics. |
DstMAC(VLAN) SrcMAC(VLAN) |
Layer 2 information of the active flows in the current cache: · Destination MAC address. · Destination VLAN ID. · Source MAC address. · Source VLAN ID. |
TopLblType(IP/Mask) Lbl-Exp-S-List |
Information about the active MPLS flows in the current cache: · Type of the labels at the top of the label stack: ¡ IP address associated with the label. ¡ Mask associated with the label. · Label list. Up to three labels can be listed in one label list. |
TCPFlag: DstMask: SrcMask: NextHop: DstAS: SrcAS: BGPNextHop: OutVRF: InVRF: SamplerMode: SamplerInt: Active: Bytes/Pkt: |
Other information about the active flows in the cache: · TCP tag. · Destination mask. · Source mask. · Routing next hop. · Destination AS. · Source AS. · BGP next hop. · VPN instance to which the outbound packets belong. · VPN instance to which the inbound packets belong. · Sampling mode. NetStream supports the following sampling modes: ¡ 0—No sampling. ¡ 1—Fixed sampling. ¡ 2—Random sampling. · Sampling interval. · Flow's active time. · Number of bytes per packet. · Arrival time of the first packet of the flow. · Arrival time of the last packet of the flow. |
display ip netstream export
Use display ip netstream export to display information about the NetStream data export.
Syntax
display ip netstream export
Views
Any view
Predefined user roles
network-admin
network-operator
Examples
# Display information about the NetStream data export.
<Sysname> display ip netstream export
IP export information:
Flow source interface : GigabitEthernet1/0/1
Flow destination VPN instance : VPN1
Flow destination IP address (UDP) : 10.10.0.10 (30000)
Version 5 exported flows number : 16
Version 5 exported UDP datagrams number (failed) : 16 (0)
Version 9 exported flows number : 20
Version 9 exported UDP datagrams number (failed) : 2 (0)
MPLS export information:
Flow source interface : GigabitEthernet1/0/1
Flow destination VPN instance : VPN1
Flow destination IP address (UDP) : 10.10.0.10 (30000)
Version 9 exported flows number : 20
Version 9 exported UDP datagrams number (failed) : 2 (0)
as aggregation export information:
Flow source interface : GigabitEthernet1/0/1
Flow destination VPN instance : VPN1
Flow destination IP address (UDP) : 10.10.0.10 (30000)
Version 8 exported flows number : 16
Version 8 exported UDP datagrams number (failed) : 2 (0)
Version 9 exported flows number : 16
Version 9 exported UDP datagrams number (failed) : 2 (0)
Table 81 Command output
Field |
Description |
IP export information |
NetStream data export information. |
Flow source interface |
Source interface from which the NetStream data is exported. |
Flow destination VPN instance |
VPN to which the destination address of the NetStream data export belongs. |
Destination IP address and UDP port number of the NetStream data export. |
|
Version 5 exported flows number |
Number of flows that are exported in version 5 format. |
Version 5 exported UDP datagrams number (failed) |
Number of UDP packets that are sent in version 5 format. The field in the parentheses indicates the number of UDP packets that failed to be sent. |
Version 9 exported flows number |
Number of flows that are exported in version 9 format. |
Version 9 exported UDP datagrams number (failed) |
Number of UDP packets that are sent in version 9 format. The value in the parentheses displays the number of UDP packets that failed to be sent. |
MPLS export information |
Statistics of the MPLS-aware NetStream data export in version 9. |
as aggregation export information |
Statistics of NetStream AS aggregation in version 8 format. |
Version 8 exported flows number |
Number of flows that are exported in version 8 format. |
Version 8 exported UDP datagrams number (failed) |
Number of UDP packets that are sent in version 8 format. The field in the parentheses indicates the number of UDP packets that failed to be sent. |
display ip netstream template
Use display ip netstream template to display NetStream template information.
Syntax
Centralized devices in standalone mode:
display ip netstream template
Distributed devices in standalone mode/centralized devices in IRF mode:
display ip netstream template [ slot slot-number ]
Distributed devices in IRF mode:
display ip netstream template [ chassis chassis-number slot slot-number ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
slot slot-number: Specifies a card by its slot number. If you do not specify a card, the command displays NetStream template information for the active MPU. (Distributed devices in standalone mode.)
slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command displays NetStream template information for the master device. (Centralized devices in IRF mode.)
chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the card. If you do not specify a card, this command displays NetStream template information for the global active MPU. (Distributed devices in IRF mode.)
Usage guidelines
IP NetStream templates vary by aggregation mode. This command displays IP NetStream template information for all the configured aggregation modes.
Examples
# Display NetStream template information.
<Sysname> display ip netstream template
Flow template refresh frequency : 20
Flow template refresh interval : 30 min
Active flow templates : 4
Created flow templates : 4
L3 outbound template:
Template ID : 3282
Field count : 28
Field type Field length (bytes)
------------------------------------------------------------------------------
Out packets 8
Out bytes 8
First forwarded 4
Last forwarded 4
Input interface index 4
Output interface index 4
Source IPv4 address 4
Destination IPv4 address 4
Next hop IPv4 address 4
Source AS 4
Destination AS 4
L4 source port 2
L4 destination port 2
IP protocol version 1
TCP flags 1
Protocol 1
Source ToS 1
Source address mask 1
Destination address mask 1
Direction 1
Forwarding status 1
Out VPN ID 2
Sampling algorithm 1
PAD 1
Sampling interval 4
VXLAN ID 4
App ID 4
VPN instance name 65535
L3 inbound template:
Template ID : 3281
Packets : 0
Last template export time : Never
Field count : 28
Field type Field length (bytes)
------------------------------------------------------------------------------
Flows 4
In packets 8
In bytes 8
First forwarded 4
Last forwarded 4
Input interface index 4
Output interface index 4
Source IPv4 address 4
Destination IPv4 address 4
Next hop IPv4 address 4
Source AS 4
Destination AS 4
L4 source port 2
L4 destination port 2
IP protocol version 1
TCP flags 1
Protocol 1
Source ToS 1
Source address mask 1
Destination address mask 1
Direction 1
Forwarding status 1
In VPN ID 2
Sampling algorithm 1
PAD 1
Sampling interval 4
VPN instance name 65535
AS outbound template:
Template ID : 3258
Packets : 0
Last template export time : Never
Field count : 14
Field type Field length (bytes)
---------------------------------------------------------------------------
Flows 4
Out packets 8
Out bytes 8
First forwarded 4
Last forwarded 4
Source AS 4
Destination AS 4
Input interface index 4
Output interface index 4
Direction 1
Sampling algorithm 1
PAD 1
Sampling interval 4
AS inbound template:
Template ID : 3257
Packets : 0
Last template export time : Never
Field count : 14
Field type Field length (bytes)
---------------------------------------------------------------------------
Flows 4
In packets 8
In bytes 8
First forwarded 4
Last forwarded 4
Source AS 4
Destination AS 4
Input interface index 4
Output interface index 4
Direction 1
Sampling algorithm 1
PAD 1
Sampling interval 4
Table 82 Command output
Field |
Description |
|
Flow template refresh frequency |
Refresh frequency at which the templates are sent, in packets. |
|
Flow template refresh interval |
Refresh interval at which the templates are sent, in minutes. |
|
Active flow templates |
Number of active NetStream templates. |
|
Created flow templates |
Number of templates that have been created. |
|
L3 outbound template |
Information of the Layer 3 template in the outbound direction. |
|
L3 inbound template |
Information of the Layer 3 template in the inbound direction. |
|
Packets |
Number of packets sent by using the template. |
|
Last template export time |
Time when the template was last exported. |
|
Field count |
Total number of fields in a template. |
|
Field type |
Type of a field in the template. |
|
Field length (bytes) |
Length of the field in bytes. |
|
Flows |
Number of aggregate flows. |
|
Out packets |
Number of sent packets. |
|
In packets |
Number of received packets. |
|
Out bytes |
Size of sent packets, in bytes. |
|
In bytes |
Size of received packets, in bytes. |
|
First forwarded |
System time when the first packet was forwarded, accurate to milliseconds. |
|
Last forwarded |
System time when the last packet was forwarded, accurate to milliseconds. |
|
PAD |
Padding string. |
|
App ID |
Application ID. |
|
L4 source port |
Source port number. |
|
L4 destination port |
Destination port number. |
|
TCP flags |
TCP flag of the flow. |
|
Protocol |
Layer 4 protocol type. |
|
VPN instance name |
VPN instance name. If the packets belong to the public network, this field displays N/A. |
|
Out VPN ID |
Name of the VPN instance to which the egress interface of the packets belong. |
|
In VPN ID |
Name of the VPN instance to which the ingress interface of the packets belong. |
enable
Use enable to enable a NetStream aggregation mode.
Use undo enable to disable a NetStream aggregation mode.
Syntax
enable
undo enable
Default
No NetStream aggregation mode is enabled.
Views
NetStream aggregation mode view
Predefined user roles
network-admin
Examples
# Enable NetStream AS aggregation mode.
<Sysname> system-view
[Sysname] ip netstream aggregation as
[Sysname-ns-aggregation-as] enable
ip netstream aggregation
ip netstream
Use ip netstream to enable NetStream on an interface.
Use undo ip netstream to disable NetStream on an interface.
Syntax
ip netstream { inbound | outbound }
undo ip netstream { inbound | outbound }
Default
NetStream is disabled on an interface.
Views
Interface view
Predefined user roles
network-admin
Parameters
inbound: Enables NetStream for incoming traffic.
outbound: Enables NetStream for outgoing traffic.
Examples
# Enable NetStream for incoming traffic on GigabitEthernet 1/0/1.
<Sysname> system-view
[Sysname] interface gigabitethernet 1/0/1
[Sysname-GigabitEthernet1/0/1] ip netstream inbound
ip netstream filter
Use ip netstream filter to enable NetStream filtering on an interface.
Use undo ip netstream filter to disable NetStream filtering.
Syntax
ip netstream { inbound | outbound } filter acl ipv4-acl-number
undo ip netstream { inbound | outbound } filter
Default
NetStream filtering is disabled. NetStream collects statistics about all IPv4 packets passing through an interface.
Views
Interface view
Predefined user roles
network-admin
Parameters
inbound: Filters incoming traffic.
outbound: Filters outgoing traffic.
acl ipv4-acl-number: Specifies an IPv4 ACL by its number. For an IPv4 basic ACL, the value range is 2000 to 2999. For an IPv4 advanced ACL, the value range is 3000 to 3999.
Usage guidelines
NetStream filtering uses an ACL to identify intended packets.
· If you want to collect data for specific flows, use the ACL permit statements to identify the flows. NetStream collects data only for these flows.
· If you do not want to collect data for specific flows, use the ACL deny statements to identify the flows. NetStream does not collect data for these flows.
Examples
# Use ACL 2003 for outbound NetStream filtering on GigabitEthernet 1/0/1.
<Sysname> system-view
[Sysname] interface gigabitethernet 1/0/1
[Sysname-GigabitEthernet1/0/1] ip netstream outbound
[Sysname-GigabitEthernet1/0/1] ip netstream outbound filter acl 2003
ip netstream ipsec raw-packet
Use ip netstream ipsec raw-packet to enable NetStream for outgoing packets before IPsec encapsulation.
Use undo ip netstream ipsec raw-packet to restore the default.
Syntax
ip netstream ipsec raw-packet
undo ip netstream ipsec raw-packet
Default
NetStream is enabled for outgoing IPsec encapsulated packets.
Views
Interface view
Predefined user roles
network-admin
Usage guidelines
This command takes effect only after you enable NetStream in the outbound direction of the interface.
Examples
# Enable NetStream for outgoing packets before IPsec encapsulation on GigabitEthernet 1/0/1.
<Sysname> system-view
[Sysname] interface gigabitethernet 1/0/1
[Sysname-GigabitEthernet1/0/1] ip netstream outbound
[Sysname-GigabitEthernet1/0/1] ip netstream ipsec raw-packet
ip netstream sampler
Use ip netstream sampler to enable NetStream sampling.
Use undo ip netstream sampler to disable NetStream sampling.
Syntax
ip netstream [ inbound | outbound ] sampler sampler-name
undo ip netstream [ inbound | outbound ] sampler
Default
NetStream sampling is disabled.
Views
Interface view
Predefined user roles
network-admin
Parameters
inbound: Enables NetStream sampling in the inbound direction.
outbound: Enables NetStream sampling in the outbound direction.
sampler sampler-name: Specifies a sampler by its name, a case-insensitive string of 1 to 31 characters.
Examples
# Use sampler abc for inbound NetStream sampling on GigabitEthernet 1/0/1.
<Sysname> system-view
[Sysname] interface gigabitethernet 1/0/1
[Sysname-GigabitEthernet1/0/1] ip netstream inbound
[Sysname-GigabitEthernet1/0/1] ip netstream inbound sampler abc
ip netstream aggregation
Use ip netstream aggregation to specify a NetStream aggregation mode and enter its view.
Use undo ip netstream aggregation to remove the configuration for a NetStream aggregation mode.
Syntax
ip netstream aggregation { as | destination-prefix | prefix | prefix-port | protocol-port | source-prefix | tos-as | tos-bgp-nexthop | tos-destination-prefix | tos-prefix | tos-protocol-port | tos-source-prefix }
undo ip netstream aggregation { as | destination-prefix | prefix | prefix-port | protocol-port | source-prefix | tos-as | tos-bgp-nexthop | tos-destination-prefix | tos-prefix | tos-protocol-port | tos-source-prefix }
Default
No NetStream aggregation mode is specified.
Views
System view
Predefined user roles
network-admin
Parameters
as: Specifies the AS aggregation by source AS number, destination AS number, inbound interface index, and outbound interface index.
destination-prefix: Specifies the destination-prefix aggregation by destination AS number, destination address mask length, destination prefix, and outbound interface index.
prefix: Specifies the source and destination prefix aggregation by the following criteria:
· Source AS number.
· Destination AS number.
· Source address mask length.
· Destination address mask length.
· Source prefix.
· Destination prefix.
· Inbound interface index.
· Outbound interface index.
prefix-port: Specifies the prefix-port aggregation by the following criteria:
· Source prefix.
· Destination prefix.
· Source address mask length.
· Destination address mask length.
· ToS.
· Protocol number.
· Source port.
· Destination port.
· Inbound interface index.
· Outbound interface index.
protocol-port: Specifies the protocol-port aggregation by protocol number, source port, and destination port.
source-prefix: Specifies the source-prefix aggregation by source AS number, source address mask length, source prefix, and inbound interface index.
tos-as: Specifies the ToS-AS aggregation by ToS, source AS number, destination AS number, inbound interface index, and outbound interface index.
tos-bgp-nexthop: Specifies the ToS-BGP nexthop aggregation by ToS, BGP next hop address, and outbound interface index. ToS-BGP next hop aggregation is supported by the version 9 template.
tos-destination-prefix: Specifies the ToS-destination-prefix aggregation by ToS, destination AS number, destination address mask length, destination prefix, and outbound interface index.
tos-prefix: Specifies the ToS-prefix aggregation by the following criteria:
· ToS.
· Source AS number.
· Source prefix.
· Source address mask length.
· Destination AS number.
· Destination address mask length.
· Destination prefix.
· Inbound interface index.
· Outbound interface index.
tos-protocol-port: Specifies the ToS-protocol-port aggregation by ToS, protocol number, source port, destination port, inbound interface index, and outbound interface index.
tos-source-prefix: Specifies the ToS-source-prefix aggregation by ToS, source AS number, source prefix, source address mask length, and inbound interface index.
Usage guidelines
In NetStream aggregation mode view, you can perform the following tasks:
· Enable or disable the specified NetStream aggregation mode.
· Configure source interface, destination IP address, and destination port for the NetStream data export.
A flow matching multiple aggregation modes is counted as multiple aggregate flows.
Examples
# Set the NetStream aggregation mode to AS, and enter NetStream AS aggregation mode view.
<Sysname> system-view
[Sysname] ip netstream aggregation as
[Sysname-ns-aggregation-as]
Related commands
enable
ip netstream export host
ip netstream export source
ip netstream export host
Use ip netstream export host to specify a destination host for NetStream data export.
Use undo ip netstream export host to remove the specified destination host or all destination hosts that are configured in the current view.
Syntax
ip netstream export host ip-address udp-port [ vpn-instance vpn-instance-name ]
undo ip netstream export host [ ip-address [ vpn-instance vpn-instance-name ] ]
Default
No destination host is specified.
Views
System view
NetStream aggregation mode view
Predefined user roles
network-admin
Parameters
ip-address: Specifies the destination IP address.
udp-port: Specifies the destination UDP port number in the range of 0 to 65535.
vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance to which the destination host belongs. The vpn-instance-name argument is a case-sensitive string of 1 to 31 characters. If the destination is on the public network, do not specify this option.
Usage guidelines
You can specify the same destination IP address and UDP port in different NetStream aggregation mode views. If an aggregation mode is not enabled, the display ip netstream export command cannot display the destination host configuration for the mode.
If no destination host is specified in a NetStream aggregation mode view, the destination host in system view applies. If destination hosts are specified in a NetStream aggregation view and system view, the destination hosts in aggregation view take effect.
You can specify a maximum of four destination hosts in system view or a NetStream aggregation mode view. If you specify a destination host with the same IP address but different UDP ports in the same view, the most recent configuration takes effect. You can specify destination hosts with the same IP address and UDP port but different VPN instances.
NetStream traditional data is exported to all destination hosts in system view. NetStream aggregation data is exported to all destination hosts in the related NetStream aggregation mode view. If you expect only the aggregation data, specify destination hosts only in the NetStream aggregation mode view. Aggregation data export reduces bandwidth usage.
Examples
# In system view, specify 172.16.105.48 as the IP address of the destination host and UDP port 5000 as the export destination port number.
<Sysname> system-view
[Sysname] ip netstream export host 172.16.105.48 5000
# In AS aggregation mode view, specify 172.16.105.50 as the IP address of the destination host and UDP port 6000 as the export destination port number.
[Sysname] ip netstream aggregation as
[Sysname-ns-aggregation-as] ip netstream export host 172.16.105.50 6000
Related commands
ip netstream aggregation
ip netstream export source
ip netstream export rate
Use ip netstream export rate to limit the NetStream data export rate.
Use undo ip netstream export rate to restore the default.
Syntax
ip netstream export rate rate
undo ip netstream export rate
Default
The export rate of NetStream data is not limited.
Views
System view
Predefined user roles
network-admin
Parameters
rate: Specifies the maximum number of packets to be exported per second. The value range is 1 to 1000.
Examples
# Allow a maximum of 10 packets to be exported per second.
<Sysname> system-view
[Sysname] ip netstream export rate 10
ip netstream export source
Use ip netstream export source to specify the source interface for data packets sent to NetStream servers. The IP address of the interface is used as the source IP of the data packets.
Use undo ip netstream export source to restore the default.
Syntax
ip netstream export source interface interface-type interface-number
undo ip netstream export source
Default
The packets take the primary IP address of the output interface as the source IP address.
Views
System view
NetStream aggregation mode view
Predefined user roles
network-admin
Parameters
interface-type interface-number: Specifies a source interface by its type and number.
Usage guidelines
You can configure different source interfaces in different NetStream aggregation mode views.
If no source interface is configured in NetStream aggregation mode view, the source interface in system view applies.
Examples
# In system view, specify GigabitEthernet 1/0/1 as the source interface for NetStream traditional data packets.
<Sysname> system-view
[Sysname] ip netstream export source interface gigabitethernet 1/0/1
# In AS aggregation mode view, specify GigabitEthernet 1/0/2 as the source interface for NetStream aggregation data packets.
[Sysname] ip netstream aggregation as
[Sysname-ns-aggregation-as] ip netstream export source interface gigabitethernet 1/0/2
Related commands
ip netstream aggregation
ip netstream export v9-template refresh-rate packet
Use ip netstream export v9-template refresh-rate packet to configure the refresh frequency (in packets) for NetStream version 9 templates. The templates are sent after the specified number of packets are sent.
Use undo ip netstream export v9-template refresh-rate packet to restore the default.
Syntax
ip netstream export v9-template refresh-rate packet packets
undo ip netstream export v9-template refresh-rate packet
Default
Version 9 templates are sent every 20 packets.
Views
System view
Predefined user roles
network-admin
Parameters
packets: Specifies the number of packets that are sent before version 9 templates are sent to NetStream servers for an update. The value range is 1 to 600.
Usage guidelines
Version 9 is template-based and supports user-defined formats. A NetStream device must send the version 9 templates to NetStream servers regularly, because the servers do not permanently save templates.
You can configure the refresh frequency or refresh interval for the device to send version 9 templates. If both settings are configured, templates are sent when either of the conditions is met.
To configure the refresh interval for version 9 templates, use the ip netstream export v9-template refresh-rate time command.
Examples
# Configure the device to send version 9 templates to NetStream servers every 100 packets.
<Sysname> system-view
[Sysname] ip netstream export v9-template refresh-rate packet 100
Related commands
ip netstream export v9-template refresh-rate time
ip netstream export v9-template refresh-rate time
Use ip netstream export v9-template refresh-rate time to configure the sending interval for version 9 templates.
Use undo ip netstream export version to restore the default.
Syntax
ip netstream export v9-template refresh-rate time minutes
undo ip netstream export v9-template refresh-rate time
Default
Version 9 templates are sent every 30 minutes.
Views
System view
Predefined user roles
network-admin
Parameters
minutes: Specifies the refresh interval in the range of 1 to 3600 minutes.
Usage guidelines
Version 9 is template-based and supports user-defined formats. An NetStream device must send the version 9 templates to NetStream servers regularly, because the servers do not permanently save templates.
You can adjust the refresh frequency or refresh interval for the device to send version 9 templates. If both settings are configured, templates are sent when either of the conditions is met.
To configure the refresh frequency for version 9 templates, use the ip netstream export v9-template refresh-rate packet command.
Examples
# Configure the device to send version 9 templates every 60 minutes.
<Sysname> system-view
[Sysname] ip netstream export v9-template refresh-rate time 60
Related commands
ip netstream export v9-template refresh-rate packet
ip netstream export version
Use ip netstream export version 5 to export NetStream data in the version 5 format and choose whether to record AS information.
Use ip netstream export version 9 to export NetStream data in the version 9 format and choose whether to record AS and BGP next hop information.
Use undo ip netstream export version to restore the default.
Syntax
ip netstream export version 5 [ origin-as | peer-as ]
ip netstream export version 9 [ origin-as | peer-as ] [ bgp-nexthop ]
undo ip netstream export version
Default
NetStream traditional data export uses the version 9 format. MPLS flow data is not exported. The peer AS numbers are exported. The BGP next hop is not recorded.
Views
System view
Predefined user roles
network-admin
Parameters
origin-as: Records the source AS of the source address and the destination AS of the destination address.
peer-as: Records the ASs before and after the AS where the NetStream device resides as the source AS and destination AS, respectively.
bgp-nexthop: Records BGP next hops.
Usage guidelines
A NetStream entry records the source IP address and destination IP address, and two AS numbers for each IP address. You can choose to configure which AS numbers are to be exported as the source AS and destination AS.
You can choose to record BGP next hop data only when you configure the version 9 format.
You can configure only one version format on the device. If you execute the ip netstream export version 5 and ip netstream export version 9 commands multiple times, the most recent configuration takes effect.
If the version 5 format is configured, the NetStream aggregation data export uses the version 8 format.
If the version 9 format is configured, the NetStream aggregation data export uses the version 9 format.
Examples
# Configure the device to export NetStream data in the version 5 format and to specify the NetStream data to include the source AS and destination AS.
<Sysname> system-view
[Sysname] ip netstream export version 5 origin-as
ip netstream max-entry
Use ip netstream max-entry to set the upper limit for NetStream entries.
Use undo ip netstream max-entry to restore the default.
Syntax
ip netstream max-entry max-entries
undo ip netstream max-entry
Default
The upper limit for NetStream entries is 10000.
Views
System view
Predefined user roles
network-admin
Parameters
max-entries: Specifies the upper limit for NetStream entries that the cache can accommodate. The value range is 1000 to 100000.
Usage guidelines
(Distributed devices in standalone mode.) The max-entries argument takes effect on each card.
(Distributed devices in IRF mode.) The max-entries argument takes effect on each card of each IRF member device.
(Centralized devices in IRF mode.) The max-entries argument takes effect on each IRF member device.
If you execute this command multiple times, the most recent configuration takes effect.
Examples
# Set the upper limit to 5000 for NetStream entries.
<Sysname> system-view
[Sysname] ip netstream max-entry 5000
ip netstream mpls
Use ip netstream mpls to enable MPLS packet statistics collection.
Use undo ip netstream mpls to disable MPLS packet statistics collection.
Syntax
ip netstream mpls [ label-positions label-position1 [ label-position2 [ label-position3 ] ] ] [ no-ip-fields ]
undo ip netstream mpls
Default
MPLS packet statistics collection is disabled.
Views
System view
Predefined user roles
network-admin
Parameters
label-positions: Specifies position of the labels to be counted.
label-position1: Specifies the position of the first label in the label stack, in the range of 1 to 6.
label-position2: Specifies the position of the second label in the label stack, in the range of 1 to 6.
label-position3: Specifies the position of the third label in the label stack, in the range of 1 to 6.
no-ip-fields: Specifies not to count IP fields.
Usage guidelines
This command enables statistics collection of MPLS packets for both IPv4 and IPv6 NetStream.
If you do not specify any keywords or options, the top label and IP fields are counted.
If multiple labels are to be counted, the label positions specified cannot be the same and are in ascending order.
Examples
# Enable NetStream for MPLS packets with top label counted but without IP fields.
<Sysname> system-view
[Sysname] ip netstream mpls no-ip-fields
ip netstream timeout active
Use ip netstream timeout active to set the aging timer for active flows.
Use undo ip netstream timeout active to restore the default.
Syntax
ip netstream timeout active minutes
undo ip netstream timeout active
Default
The aging timer is 30 minutes for active flows.
Views
System view
Predefined user roles
network-admin
Parameters
minutes: Sets the aging timer for active flows, in the range of 1 to 60 minutes.
Usage guidelines
A flow is considered active if packets for the NetStream entry arrive before the timer set by this command expires.
Examples
# Set the aging timer to 60 minutes for active flows.
<Sysname> system-view
[Sysname] ip netstream timeout active 60
ip netstream timeout inactive
ip netstream timeout inactive
Use ip netstream timeout inactive to set the aging timer for inactive flows.
Use undo ip netstream timeout inactive to restore the default.
Syntax
ip netstream timeout inactive seconds
undo ip netstream timeout inactive
Default
The aging timer is 30 seconds for inactive flows.
Views
System view
Predefined user roles
network-admin
Parameters
seconds: Sets the aging timer for inactive flows, in the range of 10 to 600 seconds.
Usage guidelines
A flow is considered inactive if no packet for the NetStream entry arrives before the timer set by this command expires.
Examples
# Set the aging timer to 60 seconds for inactive flows.
<Sysname> system-view
[Sysname] ip netstream timeout inactive 60
ip netstream timeout active
reset ip netstream statistics
Use reset ip netstream statistics to age out all flows in the cache and export NetStream data.
Syntax
reset ip netstream statistics
Views
User view
Predefined user roles
network-admin
Usage guidelines
It takes the system several minutes to execute the command. During this period, the system does not collect NetStream data.
Examples
# Age out and export all NetStream data.
<Sysname> reset ip netstream statistics
This process may take a few minutes.
Netstream statistic function is disabled during this process.
IPv6 NetStream commands
Commands and descriptions for centralized devices apply to the following routers:
· MSR810/810-W/810-W-DB/810-LM/810-W-LM/810-10-PoE/810-LM-HK/810-W-LM-HK/810-LMS/810-LUS.
· MSR2600-6-X1/2600-10-X1.
· MSR 2630.
· MSR3600-28/3600-51.
· MSR3600-28-SI/3600-51-SI.
· MSR3610-X1/3610-X1-DP/3610-X1-DC/3610-X1-DP-DC.
· MSR 3610/3620/3620-DP/3640/3660.
· MSR810-LM-GL/810-W-LM-GL/830-6EI-GL/830-10EI-GL/830-6HI-GL/830-10HI-GL/2600-6-X1-GL/3600-28-SI-GL.
Commands and descriptions for distributed devices apply to the following routers:
· MSR5620.
· MSR 5660.
· MSR 5680.
display ipv6 netstream cache
Use display ipv6 netstream cache to display IPv6 NetStream entry information.
Syntax
Centralized devices in standalone mode:
display ipv6 netstream cache [ verbose ] [ type { ip | ipl2 | l2 | mpls [ label-position1 label-value1 [ label-position2 label-value2 [ label-position3 label-value3 ] ] ] } ] [ destination destination-ip | destination-port destination-port | interface interface-type interface-number | protocol protocol | source source-ip | source-port source-port ] * [ arrived-time start-date start-time end-date end-time ]
Distributed devices in standalone mode/centralized devices in IRF mode:
display ipv6 netstream cache [ verbose ] [ type { ip | ipl2 | l2 | mpls [ label-position1 label-value1 [ label-position2 label-value2 [ label-position3 label-value3 ] ] ] } ] [ destination destination-ip | destination-port destination-port | interface interface-type interface-number | protocol protocol | source source-ip | source-port source-port ] * [ arrived-time start-date start-time end-date end-time ] [ slot slot-number ]
Distributed devices in IRF mode:
display ipv6 netstream cache [ verbose ] [ type { ip | ipl2 | l2 | mpls [ label-position1 label-value1 [ label-position2 label-value2 [ label-position3 label-value3 ] ] ] } ] [ destination destination-ip | destination-port destination-port | interface interface-type interface-number | protocol protocol | source source-ip | source-port source-port ] * [ arrived-time start-date start-time end-date end-time ] [ chassis chassis-number slot slot-number ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
verbose: Displays detailed information about IPv6 NetStream entries.
type: Specifies the IPv6 NetStream entry type. If you do not specify this keyword, this commands displays information about all types of IPv6 NetStream entries.
ip: Specifies IP flow NetStream entries.
ipl2: Specifies Layer 2 and Layer 3 flow NetStream entries.
l2: Specifies Layer 2 flow NetStream entries.
mpls: Specifies MPLS flow NetStream entries.
label-position1 label-value1: Specifies a label by its position and value. The value range for the label-position1 argument is 1 to 6, representing labels from the outermost to the innermost. The value range for the label-value1 argument is 0 to 1048575.
label-position2 label-value2: Specifies a label by its position and value. The value range for the label-position2 argument is 1 to 6, representing labels from the outermost to the innermost. The value range for the label-value2 argument is 0 to 1048575.
label-position3 label-value3: Specifies a label by its position and value. The value range for the label-position3 argument is 1 to 6, representing labels from the outermost to the innermost. The value range for the label-value3 argument is 0 to 1048575.
destination destination-ipv6: Specifies a destination IPv6 address. If you specify this option, this command does not display Layer 2 NetStream entries.
destination-port destination-port: Specifies a destination port number in the range of 0 to 65535. If you specify this option, this command does not display Layer 2 NetStream entries.
interface interface-type interface-number: Specifies an interface by its type and number.
protocol protocol: Specifies a protocol by its number in the range of 0 to 255 or by its name such as GRE, OSPF, TCP, or UDP. If you specify this option, this command does not display Layer 2 NetStream entries.
source source-ipv6: Specifies a source IPv6 address. If you specify this option, this command does not display Layer 2 NetStream entries.
source-port source-port: Specifies a source port number in the range of 0 to 65535. If you specify this option, this command does not display Layer 2 NetStream entries.
arrived-time: Specifies an arrived time range to display IPv6 NetStream entries. If you do not specify this keyword, the arrived time is not used as a criterion for filtering the IPv6 NetStream entries to be displayed.
start-date: Specifies the start date in the format of MM/DD/YYYY or YYYY/MM/DD, where MM is in the range of 1 to 12 and YYYY is in the range of 2000 to 2035. The value range for DD varies by the value of MM.
start-time: Specifies the start time in the format of HH:MM:SS, where HH is in the range of 0 to 23, MM and SS are in the range of 0 to 59. The SS element can be omitted if its value is 00. Both the SS and MM elements can be omitted if their values are 0. For example, the start time of 0 indicates 00:00:00.
end-date: Specifies the end date in the format of MM/DD/YYYY or YYYY/MM/DD, where MM is in the range of 1 to 12 and YYYY is in the range of 2000 to 2035. The value range for DD varies by the value of MM.
end-time: Specifies the end time in the format of HH:MM:SS, where HH is in the range of 0 to 23, MM and SS are in the range of 0 to 59. The SS element can be omitted if its value is 00. Both the SS and MM elements can be omitted if their values are 0. For example, the end time of 0 indicates 00:00:00.
slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays information about IPv6 NetStream entries for all cards. (Distributed devices in standalone mode.)
slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command displays information about IPv6 NetStream entries for all member devices. (Centralized devices in IRF mode.)
chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the card. If you do not specify a card, this command displays information about IPv6 NetStream entries for all cards. (Distributed devices in IRF mode.)
verbose: Displays detailed information about IPv6 NetStream entries.
Examples
# Display information about IPv6 NetStream entries with a protocol number of 17.
<Sysname> display ipv6 netstream cache protocol 17
Type DstIP(Port) SrcIP(Port) Pro ToS VNI APPID If(Direct) Pkts
DstMAC(VLAN) SrcMAC(VLAN)
TopLblType(IP/Mask) Lbl-Exp-S-List
--------------------------------------------------------------------------
IP 2010::1(1024) 2020::1(21) 17 128 10 0xe GE1/0/1(I) 42996
# Display information about IPv6 NetStream entries arrived at the IPv6 NetStream cache between 14:19:03 and 14:23:03 on July 28, 2017.
<Sysname> display ipv6 netstream cache arrived-time 7/28/2017 14:19:03 7/28/2017 14:23:03
Type DstIP(Port) SrcIP(Port) Pro ToS VNI If(Direct) Pkts
DstMAC(VLAN) SrcMAC(VLAN)
TopLblType(IP/Mask) Lbl-Exp-S-List
--------------------------------------------------------------------------
IP 2001::1(1024) 2002::1(21) 6 128 10 GE1/0/1(I) 42996
First packet arrived: 7/28/2017, 14:20:03
Last packet arrived: 7/28/2017, 14:21:03
MPLS LDP(3.3.3.3/24) 1:18-6-0 GE1/0/2(O) 291
2:24-6-0
3:30-6-1
First packet arrived: 7/28/2017, 14:20:01
Last packet arrived: 7/28/2017, 14:21:03
IP& 2003::1(2048) 2008::1(0) 1 0 N/A GE1/0/2(O) 10
L2 0012-3f86-e95d(0) 0012-3f86-e116(1008)
First packet arrived: 7/28/2017, 14:20:04
Last packet arrived: 7/28/2017, 14:21:03
IP& 2010::1(1024) 2002::1(21) 17 64 N/A GE1/0/3(I) 1848
MPLS LDP(4.4.4.4/24) 1:55-6-0
2:16-6-1
First packet arrived: 7/28/2017, 14:20:03
Last packet arrived: 7/28/2017, 14:23:03
# (Centralized devices in standalone mode.) Display information about IPv6 NetStream entries.
<Sysname> display ipv6 netstream cache verbose
IPv6 NetStream cache information:
Active flow timeout : 60 min
Inactive flow timeout : 10 sec
Max number of entries : 1000
IPv6 active flow entries : 1
MPLS active flow entries : 2
IPL2 active flow entries : 1
IPv6 flow entries counted : 10
MPLS flow entries counted : 20
IPL2 flow entries counted : 20
Last statistics resetting time : 01/01/2000 at 00:01:02
IPv6 packet size distribution (1103746 packets in total):
1-32 64 96 128 160 192 224 256 288 320 352 384 416 448 480
.249 .694 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000
512 544 576 1024 1536 2048 2560 3072 3584 4096 4608 >4608
.000 .000 .027 .000 .027 .000 .000 .000 .000 .000 .000 .000
Protocol Total Packets Flows Packets Active(sec) Idle(sec)
Flows /sec /sec /flow /flow /flow
--------------------------------------------------------------------------
TCP-Telnet 2656855 372 4 86 49 27
TCP-FTP 5900082 86 9 9 11 33
TCP-FTPD 3200453 1006 5 193 45 33
TCP-WWW 546778274 11170 887 12 8 32
TCP-other 49148540 3752 79 47 30 32
UDP-DNS 117240379 570 190 3 7 34
UDP-other 45502422 2272 73 30 8 37
ICMP 14837957 125 24 5 12 34
IP-other 77406 5 0 47 52 27
Type DstIP(Port) SrcIP(Port) Pro TC FlowLbl APPID If(Direct) Pkts
DstMAC(VLAN) SrcMAC(VLAN)
TopLblType(IP/MASK) Lbl-Exp-S-List
--------------------------------------------------------------------------
IP 2001::1(1024) 2002::1(21) 6 0 0x6000 0x0 GE1/0/1(I) 42996
MPLS LDP(3.3.3.3/24) 1:18-6-0 GE1/0/2(O) 291
2:24-6-0
3:30-6-1
IP& 2010::1(1024) 2020::1(67) 17 0 0x12345 0x0 GE1/0/3(I) 1848
MPLS LDP(4.4.4.4/24) 1:55-6-0
2:16-6-1
# (Distributed devices in standalone mode.) Display information about IPv6 NetStream entries for the card in slot 1.
<Sysname> display ipv6 netstream cache slot 1 verbose
IPv6 NetStream cache information:
Active flow timeout : 60 min
Inactive flow timeout : 10 sec
Max number of entries : 1000
IPv6 active flow entries : 1
MPLS active flow entries : 2
IPL2 active flow entries : 1
IPv6 flow entries counted : 10
MPLS flow entries counted : 20
IPL2 flow entries counted : 20
Last statistics resetting time : 01/01/2000 at 00:01:02
IPv6 packet size distribution (1103746 packets in total):
1-32 64 96 128 160 192 224 256 288 320 352 384 416 448 480
.249 .694 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000
512 544 576 1024 1536 2048 2560 3072 3584 4096 4608 >4608
.000 .000 .027 .000 .027 .000 .000 .000 .000 .000 .000 .000
Protocol Total Packets Flows Packets Active(sec) Idle(sec)
Flows /sec /sec /flow /flow /flow
--------------------------------------------------------------------------
TCP-Telnet 2656855 372 4 86 49 27
TCP-FTP 5900082 86 9 9 11 33
TCP-FTPD 3200453 1006 5 193 45 33
TCP-WWW 546778274 11170 887 12 8 32
TCP-other 49148540 3752 79 47 30 32
UDP-DNS 117240379 570 190 3 7 34
UDP-other 45502422 2272 73 30 8 37
ICMP 14837957 125 24 5 12 34
IP-other 77406 5 0 47 52 27
Type DstIP(Port) SrcIP(Port) Pro TC FlowLbl APPID If(Direct) Pkts
DstMAC(VLAN) SrcMAC(VLAN)
TopLblType(IP/MASK)Lbl-Exp-S-List
--------------------------------------------------------------------------
IP 2001::1(1024) 2002::1(21) 6 0 0x0 0x0 ET1/1(I) 42996
TcpFlag: 0x1b
DstMask: 24 SrcMask: 24
DstAS: 0 SrcAS: 0
NextHop: 2001::2
BGPNextHop: 0:0:0:0:0:0:0:0
InVRF: mvpn
SamplerMode:Random SamplerInt: 0
Active: 120 Bytes/Pkt: 152
MPLS LDP(3.3.3.3/24) 1:18-6-0 GE1/0/2(O) 291
2:24-6-0
3:30-6-1
SamplerMode:Random SamplerInt: 0
Active: 660 Bytes/Pkt: 100
IP 2003::1(2048) 2008::1(0) 1 0 0x0 0x0 GE1/0/2(O) 10
IP& 2010::1(1024) 2020::1(67) 17 255 0x12345 0x0 GE1/0/3(I) 1848
MPLS LDP(4.4.4.4/24) 1:55-6-0
2:16-6-1
3:0-0-0
TcpFlag: 0
DstMask: 24 SrcMask: 24
DstAS: 0 SrcAS: 0
NextHop: 2020::2
BGPNextHop: 0:0:0:0:0:0:0:0
InVRF: vpn1
SamplerMode:Random SamplerInt: 0
Active: 382 Bytes/Pkt: 1426
Table 83 Command output
Field |
Description |
Active flow timeout |
Aging timer for active flows, in minutes. |
Inactive flow timeout |
Aging timer for inactive flows, in seconds. |
Max number of entries |
Maximum number of IPv6 flows allowed in the cache. |
IPv6 active flow entries |
Number of active IPv6 flows in the cache. |
MPLS active flow entries |
Number of active IPv6 MPLS flows in the cache. |
IPL2 active flow entries |
Number of active Layer 2 flows with IPv6 protocol information. |
IPv6 flow entries counted |
Number of IPv6 flows that have been counted. |
MPLS flow entries counted |
Number of MPLS flows that have been counted. |
IPL2 flow entries counted |
Number of Layer 2 flows (with IPv6 protocol information) that have been counted. |
Last statistics resetting time |
Last time the reset ipv6 netstream statistics command was executed. This field displays Never if you have never executed this command. |
IPv6 packet size distribution (1103746 packets in total): |
Distribution of IPv6 packets by packet size, and the bracketed number is the total number of IPv6 packets. The value is displayed in the proportion of the number of IPv6 packets of the specified sizes to the total number of IPv6 packets. The value is displayed with three decimal places. |
1-32 64 96 128 160 192 224 256 288 320 352 384 416 448 480 512 544 576 1024 1536 2048 2560 3072 3584 4096 4608 >4608 |
Range of IPv6 packet length (excluding data link layer header). · For the values in the range of 1 to 576 bytes, the range increases in the step of 32 bytes. For example, 1-32 shows the number of packets with the size of 1 to 32 bytes. 64 shows the number of packets with the size of 33 to 64 bytes. · For the values greater than 1024 bytes, the range increases in the step of 512 bytes. For example, 1536 shows the number of packets with the size of 1025 to 1536 bytes. · Packets with the size of 577 to 1024 bytes are recorded in the 1024 entry. |
Protocol Total Flows Packets/Sec Flow/Sec Packets/flow Active(sec)/ flow Idle(sec)/flow |
Statistics of packets by protocol type: · Protocol type. · Total number of flows. · Number of packets per second. · Number of flows per second. · Number of packets per flow. · Active time (in seconds) of each flow. · Inactive time (in seconds) of each flow. |
Type DstIP(Port) SrcIP(Port) Pro TC FlowLbl APPID If(Direct) Pkts |
Statistics of the active flows in the current cache: · Flow type. Flows are classified into the following types: ¡ IP flows. ¡ Layer 2 flows with IPv6 protocol information (IPL2). ¡ MPLS flows without IP options (MPLS). ¡ MPLS flows with IP options (IP&MPLS). · Destination IPv6 address (destination port). · Source IPv6 address (source port). · Protocol number. · Traffic classification. · Flow label. · Application layer protocol ID. · Interface name (direction). · Number of packets. ICMPv6 packets do not contain port number fields, so the type and code fields are captured. The value for the destination port represents these two fields: · The highest 8 bits represent the type field. · The lowest 8 bits represent the code field. The value for the source port is set to 0 and does not indicate any statistics. |
DstMAC(VLAN) SrcMAC(VLAN) |
Layer 2 information for the active flows in the current cache: · Destination MAC address. · Destination VLAN ID. · Source MAC address. · Source VLAN ID. |
TopLblType(IP/MASK) Lbl-Exp-S-List |
Information about the active MPLS flows in the current cache: · Type of the labels at the top of the label stack: ¡ IP address associated with the label. ¡ Mask associated with the label. · Label list: ¡ Lbl—20-bit label value. ¡ Exp—3-bit field for implementing QoS. ¡ S—1-bit bottom of stack flag. The S field is set to 1 if the label is the bottom label and set to 0 if not. |
TcpFlag: DstMask: SrcMask: DstAS: SrcAS: NextHop: BGPNextHop: OutVRF: InVRF: SamplerMode: SamplerInt: Active: Bytes/Pkt: First packet arrived: Last packet arrived: |
Other information about the active flows in the cache: · TCP flag. · Destination mask. · Source mask. · Destination AS. · Source AS. · Routing next hop. · BGP next hop. · VPN to which the outbound packets belong. · VPN to which the inbound packets belong. · Sampling mode. IPv6 NetStream supports the following sampling modes: ¡ N/A—No sampling. ¡ Fixed—Fixed sampling. ¡ Random—Random sampling. · Sampling interval. · Flow's active time. · Number of bytes per packet. · Arrival time of the first packet of the flow. · Arrival time of the last packet of the flow. |
display ipv6 netstream export
Use display ipv6 netstream export to display information about the IPv6 NetStream data export.
Syntax
display ipv6 netstream export
Views
Any view
Predefined user roles
network-admin
network-operator
Examples
# Display information about the IPv6 NetStream data export.
<Sysname> display ipv6 netstream export
as aggregation export information:
Flow source interface : GigabitEthernet1/0/1
Flow destination VPN instance : VPN1
Flow destination IP address (UDP) : 40::1 (30000)
Version 9 exported flow number : 16
Version 9 exported UDP datagrams number (failed) : 2 (0)
IPv6 export information:
Flow source interface : GigabitEthernet1/0/1
Flow destination VPN instance : VPN1
Flow destination IP address (UDP) : 40::1 (30000)
Version 9 exported flow number : 16
Version 9 exported UDP datagrams number (failed): 16 (0)
MPLS export information:
Flow source interface : GigabitEthernet1/0/1
Flow destination VPN instance : VPN1
Flow destination IP address (UDP) : 40::1 (30000)
Version 9 exported flow number : 20
Version 9 exported UDP datagrams number (failed) : 2 (0)
Table 84 Command output
Field |
Description |
IPv6 export information |
Information about the IPv6 NetStream data export. |
Flow source interface |
Source interface from which the IPv6 NetStream data is exported. |
Flow destination VPN instance |
VPN to which the destination address of the IPv6 NetStream data export belongs. |
Flow destination IP address (UDP) |
Destination IP address and UDP port number of the IPv6 NetStream data export. |
Version 9 exported flow number |
Number of flows that are exported in the version 9 format. |
Version 9 exported UDP datagrams number (failed) |
Number of UDP packets that are sent in the version 9 format. The value in the parentheses displays the number of UDP packets that failed to be sent. |
MPLS export information |
Statistics of the MPLS-aware IPv6 NetStream data export in version 9. |
as aggregation export information |
Statistics of IPv6 NetStream AS aggregation in the version 9 format. |
display ipv6 netstream template
Use display ipv6 netstream template to display IPv6 NetStream template information.
Syntax
Centralized devices in standalone mode:
display ipv6 netstream template
Distributed devices in standalone mode/centralized devices in IRF mode:
display ipv6 netstream template [ slot slot-number ]
Distributed devices in IRF mode:
display ipv6 netstream template [ chassis chassis-number slot slot-number ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
slot slot-number: Specifies a card by its slot number. If you do not specify a card, the command displays IPv6 NetStream template information for the active MPU. (Distributed devices in standalone mode.)
slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command displays IPv6 NetStream template information for the master device. (Centralized devices in IRF mode.)
chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the card. If you do not specify a card, this command displays IPv6 NetStream template information for the global active MPU. (Distributed devices in IRF mode.)
Usage guidelines
IPv6 NetStream templates vary by aggregation mode. This command displays IPv6 NetStream template information for all the configured aggregation modes.
Examples
# Display IPv6 NetStream template information.
<Sysname> display ipv6 netstream template
Flow template refresh frequency : 20
Flow template refresh interval : 30 min
Active flow templates : 4
Created flow templates : 4
L3 outbound template:
Template ID : 3305
Field count : 27
Field type Field length (bytes)
---------------------------------------------------------------------------
Out packets 8
Out bytes 8
First forwarded 4
Last forwarded 4
Input Interface Index 4
Output Interface Index 4
Source IPv6 address 16
Destination IPv6 address 16
Next hop IPv6 address 16
PAD 1
IPv6 flow label 3
Source AS 4
Destination AS 4
L4 source port 2
L4 destination port 2
IP protocol version 1
TCP flags 1
Protocol 1
Source ToS 1
Source address mask 1
Destination address mask 1
Direction 1
Forwarding status 1
Out VPN ID 2
Sampling algorithm 1
PAD 1
Sampling interval 4
VPN instance name 65535
L3 inbound template:
Template ID : 3306
Field count : 27
Field type Field length (bytes)
---------------------------------------------------------------------------
In packets 8
In bytes 8
First forwarded 4
Last forwarded 4
Input Interface Index 4
Output Interface Index 4
Source IPv6 address 16
Destination IPv6 address 16
Next hop IPv6 address 16
PAD 1
IPv6 flow label 3
Source AS 4
Destination AS 4
L4 source port 2
L4 destination port 2
IP protocol version 1
TCP flags 1
Protocol 1
Source ToS 1
Source address mask 1
Destination address mask 1
Direction 1
Forwarding status 1
In VPN ID 2
Sampling algorithm 1
PAD 1
Sampling interval 4
VPN instance name 65535
AS outbound template:
Template ID : 3293
Field count : 14
Field type Field length (bytes)
---------------------------------------------------------------------------
Flows 4
Out packets 8
Out bytes 8
First forwarded 4
Last forwarded 4
Source AS 4
Destination AS 4
Input Interface Index 4
Output Interface Index 4
IP protocol version 1
Direction 1
Sampling algorithm 1
PAD 1
Sampling interval 4
AS inbound template:
Template ID : 3292
Field count : 14
Field type Field length (bytes)
---------------------------------------------------------------------------
Flows 4
In packets 8
In bytes 8
First forwarded 4
Last forwarded 4
Source AS 4
Destination AS 4
Input Interface Index 4
Output Interface Index 4
IP protocol version 1
Direction 1
Sampling algorithm 1
PAD 1
Sampling interval 4
Table 85 Command output
Field |
Description |
Flow template refresh frequency |
Refresh frequency at which the templates are sent, in packets. |
Flow template refresh interval |
Refresh interval at which the templates are sent, in minutes. |
Active flow templates |
Number of active IPv6 NetStream templates. |
Created flow templates |
Number of templates that have been created. |
L3 outbound template |
Information about the Layer 3 template in the outbound direction. |
L3 inbound template |
Information about the Layer 3 template in the inbound direction. |
AS outbound template |
Information about the AS template in the outbound direction. |
AS inbound template |
Information about the AS template in the inbound direction. |
Packets |
Number of packets sent by using the template. |
Last template export time |
Time when the template was exported most recently. |
Field count |
Total number of fields in the template. |
Field type |
Type of a field in the template. |
Field length (bytes) |
Length of the field, in bytes. |
Flows |
Number of flows. |
Out packets |
Number of sent packets. |
In packets |
Number of received packets. |
Out bytes |
Number of sent bytes. |
In bytes |
Number of received bytes. |
First forwarded |
System time when the first packet was forwarded, accurate to milliseconds. |
Last forwarded |
System time when the last packet was forwarded, accurate to milliseconds. |
PAD |
Padding string. |
Sampling interval |
Sampling rate. |
TCP flags |
TCP flag of the flow. |
Protocol |
Layer 4 protocol type. |
VPN instance name |
VPN instance name. If the packets belong to the public network, this field displays N/A. |
Out VPN ID |
Name of the VPN instance to which the egress interface of the packets belong. |
In VPN ID |
Name of the VPN instance to which the ingress interface of the packets belong. |
enable
Use enable to enable an IPv6 NetStream aggregation mode.
Use undo enable to disable an IPv6 NetStream aggregation mode.
Syntax
enable
undo enable
Default
No IPv6 NetStream aggregation mode is enabled.
Views
IPv6 NetStream aggregation mode view
Predefined user roles
network-admin
Examples
# Enable IPv6 NetStream AS aggregation mode.
<Sysname> system-view
[Sysname] ipv6 netstream aggregation as
[Sysname-ns6-aggregation-as] enable
Related commands
ipv6 netstream aggregation
ipv6 netstream
Use ipv6 netstream to enable IPv6 NetStream on an interface.
Use undo ipv6 netstream to disable IPv6 NetStream on an interface.
Syntax
ipv6 netstream { inbound | outbound }
undo ipv6 netstream { inbound | outbound }
Default
IPv6 NetStream is disabled on an interface.
Views
Interface view
Predefined user roles
network-admin
Parameters
inbound: Enables IPv6 NetStream for incoming traffic.
outbound: Enables IPv6 NetStream for outgoing traffic.
Examples
# Enable IPv6 NetStream for incoming traffic on GigabitEthernet 1/0/1.
<Sysname> system-view
[Sysname] interface gigabitethernet 1/0/1
[Sysname-GigabitEthernet1/0/1] ipv6 netstream inbound
ipv6 netstream filter
Use ipv6 netstream filter to enable IPv6 NetStream filtering on an interface.
Use undo ipv6 netstream filter to disable IPv6 NetStream filtering.
Syntax
ipv6 netstream { inbound | outbound } filter acl ipv6-acl-number
undo ipv6 netstream { inbound | outbound } filter
Default
IPv6 NetStream filtering is disabled. IPv6 NetStream collects statistics about all IPv6 packets passing through an interface.
Views
Interface view
Predefined user roles
network-admin
Parameters
inbound: Filters incoming traffic.
outbound: Filters outgoing traffic.
acl ipv6-acl-number: Specifies an IPv6 ACL by its number. For an IPv6 basic ACL, the value range is 2000 to 2999. For an IPv6 advanced ACL, the value range is 3000 to 3999.
Usage guidelines
IPv6 NetStream filtering uses an ACL to identify intended packets.
· If you want to collect data for specific flows, use the ACL permit statements to identify the flows. IPv6 NetStream collects data only for these flows.
· If you do not want to collect data for specific flows, use the ACL deny statements to identify the flows. IPv6 NetStream does not collect data for these flows.
Examples
# Use ACL 2003 for outbound IPv6 NetStream filtering on GigabitEthernet 1/0/1.
<Sysname> system-view
[Sysname] interface gigabitethernet 1/0/1
[Sysname-GigabitEthernet1/0/1] ipv6 netstream outbound
[Sysname-GigabitEthernet1/0/1] ipv6 netstream outbound filter acl 2003
ipv6 netstream ipsec raw-packet
Use ipv6 netstream ipsec raw-packet to configure IPv6 NetStream to collect statistics for outgoing IPsec packets before IPsec encapsulation.
Use undo ipv6 netstream ipsec raw-packet to restore the default.
Syntax
ipv6 netstream ipsec raw-packet
undo ipv6 netstream ipsec raw-packet
Default
IPv6 NetStream collects statistics for outgoing IPsec packets after IPsec encapsulation.
Views
Interface view
Predefined user roles
network-admin
Usage guidelines
IPv6 NetStream collects statistics for outgoing IPsec packets on an interface either before or after IPsec encapsulation.
For NetStream to collects statistics for outgoing IPsec packets on an interface, you must enable NetStream in the outbound direction of the interface.
Examples
# Enable IPv6 NetStream to collect statistics for outgoing IPsec packets before IPsec encapsulation on GigabitEthernet 1/0/1.
<Sysname> system-view
[Sysname] interface gigabitethernet 1/0/1
[Sysname-GigabitEthernet1/0/1] ipv6 netstream outbound
[Sysname-GigabitEthernet1/0/1] ipv6 netstream ipsec raw-packet
ipv6 netstream sampler
Use ipv6 netstream sampler to enable IPv6 NetStream sampling.
Use undo ipv6 netstream sampler to disable IPv6 NetStream sampling.
Syntax
ipv6 netstream [ inbound | outbound ] sampler sampler-name
undo ipv6 netstream [ inbound | outbound ] sampler
Default
IPv6 NetStream sampling is disabled.
Views
Interface view
Predefined user roles
network-admin
Parameters
inbound: Enables IPv6 NetStream sampling in the inbound direction.
outbound: Enables IPv6 NetStream sampling in the outbound direction.
sampler sampler-name: Specifies a sampler by its name. The name is a case-insensitive string of 1 to 31 characters.
Examples
# Use sampler abc for inbound IPv6 NetStream sampling on GigabitEthernet 1/0/1.
<Sysname> system-view
[Sysname] interface gigabitethernet 1/0/1
[Sysname-GigabitEthernet1/0/1] ipv6 netstream inbound
[Sysname-GigabitEthernet1/0/1] ipv6 netstream inbound sampler abc
ipv6 netstream aggregation
Use ipv6 netstream aggregation to specify an IPv6 NetStream aggregation mode and enter its view.
Use undo ipv6 netstream aggregation to remove the configuration for an IPv6 NetStream aggregation mode.
Syntax
ipv6 netstream aggregation { as | bgp-nexthop | destination-prefix | prefix | protocol-port | source-prefix }
undo ipv6 netstream aggregation { as | bgp-nexthop | destination-prefix | prefix | protocol-port | source-prefix }
Default
No IPv6 NetStream aggregation mode is specified.
Views
System view
Predefined user roles
network-admin
Parameters
as: Specifies the AS aggregation by source AS number, destination AS number, input interface index, and output interface index.
bgp-nexthop: Specifies the BGP nexthop aggregation by BGP next hop IPv6 address and output interface index.
destination-prefix: Specifies the destination-prefix aggregation by destination AS number, destination address mask length, destination prefix, and output interface index.
prefix: Specifies the source and destination prefix aggregation by the following criteria:
· Source AS number.
· Destination AS number.
· Source address mask length.
· Destination address mask length.
· Source prefix.
· Destination prefix.
· Input interface index.
· Output interface index.
protocol-port: Specifies the protocol-port aggregation by protocol number, source port, and destination port.
source-prefix: Specifies the source-prefix aggregation by source AS number, source address mask length, source prefix, and input interface index.
Usage guidelines
In IPv6 NetStream aggregation mode view, you can perform the following tasks:
· Enable or disable the specified IPv6 NetStream aggregation mode.
· Configure source interface, destination IPv6 address, and destination port for the IPv6 NetStream data export.
A flow matching multiple aggregation modes is counted as multiple aggregate flows.
Examples
# Set the IPv6 NetStream aggregation mode to AS, and enter IPv6 NetStream AS aggregation mode view.
<Sysname> system-view
[Sysname] ipv6 netstream aggregation as
[Sysname-ns-aggregation-as]
Related commands
enable
ipv6 netstream export host
ipv6 netstream export source
ipv6 netstream export host
Use ipv6 netstream export host to specify a destination host for IPv6 NetStream data export.
Use undo ipv6 netstream export host to remove the specified destination host or all destination hosts that are configured in the current view.
Syntax
ipv6 netstream export host { ipv4-address | ipv6-address } udp-port [ vpn-instance vpn-instance-name ]
undo ipv6 netstream export host [ ipv4-address | ipv6-address [ vpn-instance vpn-instance-name ] ]
Default
No destination host is specified.
Views
System view
IPv6 NetStream aggregation mode view
Predefined user roles
network-admin
Parameters
ipv4-address: Specifies the destination IPv4 address.
ipv6-address: Specifies the destination IPv6 address.
udp-port: Specifies the destination UDP port number in the range of 0 to 65535.
vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance to which the destination host belongs. The vpn-instance-name argument is a case-sensitive string of 1 to 31 characters. If the destination is on the public network, do not specify this option.
Usage guidelines
You can specify the same destination host address and UDP port in different IPv6 NetStream aggregation mode views. If an aggregation mode is not enabled, the display ipv6 netstream export command cannot display the destination host configuration for the mode.
If no destination host is specified in an IPv6 NetStream aggregation mode view, the destination host in system view applies. If destination hosts are specified in an IPv6 NetStream aggregation view and system view, the destination hosts in aggregation view take effect.
You can specify a maximum of four destination hosts in system view or in IPv6 NetStream aggregation mode view. If you specify a destination host with the same destination address but different UDP ports in the same view, the most recent configuration takes effect. You can specify destination hosts with the same destination address and UDP port but different VPN instances.
IPv6 NetStream traditional data is exported to all destination hosts in system view. IPv6 NetStream aggregation data is exported to all destination hosts in the related aggregation view. If you expect only IPv6 NetStream aggregation data, specify destination hosts only in the IPv6 NetStream aggregation mode view. Aggregation data export reduces bandwidth usage.
Examples
# In system view, specify 40::1 as the IPv6 address of the destination host and UDP port 5000 as the export destination port number.
<Sysname> system-view
[Sysname] ipv6 netstream export host 40::1 5000
# In AS aggregation mode view, specify 40::1 as the IPv6 address of the destination host and UDP port 6000 as the export destination port number.
<Sysname> system-view
[Sysname] ipv6 netstream aggregation as
[Sysname-ns6-aggregation-as] ipv6 netstream export host 40::1 6000
Related commands
ipv6 netstream aggregation
ipv6 netstream export source
ipv6 netstream export rate
Use ipv6 netstream export rate to limit the IPv6 NetStream data export rate.
Use undo ipv6 netstream export rate to restore the default.
Syntax
ipv6 netstream export rate rate
undo ipv6 netstream export rate
Default
The export rate of IPv6 NetStream data is not limited.
Views
System view
Predefined user roles
network-admin
Parameters
rate: Specifies the maximum number of packets to be exported per second. The value range is 1 to 1000.
Examples
# Allow a maximum of 10 packets to be exported per second.
<Sysname> system-view
[Sysname] ipv6 netstream export rate 10
ipv6 netstream export source
Use ipv6 netstream export source to specify the source interface for data packets sent to NetStream servers. The IPv6 address of the interface is used as the source IPv6 address of the data packets.
Use undo ipv6 netstream export source to restore the default.
Syntax
ipv6 netstream export source interface interface-type interface-number
undo ipv6 netstream export source
Default
The packets take the primary IPv6 address of the output interface as the source IPv6 address.
Views
System view
IPv6 NetStream aggregation mode view
Parameters
interface-type interface-number: Specifies a source interface by its type and number for the IPv6 NetStream data export.
Usage guidelines
You can configure different source interfaces in different IPv6 NetStream aggregation mode views.
If no source interface is configured in IPv6 NetStream aggregation mode view, the source interface in system view applies.
As a best practice, connect the management Ethernet interface to a NetStream server, and configure the interface as the source interface.
Examples
# In system view, specify GigabitEthernet 1/0/1 as the source interface for IPv6 NetStream traditional data packets.
<Sysname> system-view
[Sysname] ipv6 netstream export source interface gigabitethernet 1/0/1
# In AS aggregation mode view, specify GigabitEthernet 1/0/2 as the source interface for IPv6 NetStream aggregation data packets.
<Sysname> system-view
[Sysname] ipv6 netstream aggregation as
[Sysname-ns6-aggregation-as] ipv6 netstream export source interface gigabitethernet 1/0/2
Related commands
ipv6 netstream aggregation
ipv6 netstream export v9-template refresh-rate packet
Use ipv6 netstream export v9-template refresh-rate packet to configure the refresh frequency (in packets) for IPv6 NetStream version 9 templates. The templates are sent after the specified number of packets are sent.
Use undo ipv6 netstream export v9-template refresh-rate packet to restore the default.
Syntax
ipv6 netstream export v9-template refresh-rate packet packets
undo ipv6 netstream export v9-template refresh-rate packet
Default
Version 9 templates are sent every 20 packets.
Views
System view
Predefined user roles
network-admin
Parameters
packets: Specifies the number of packets that are sent before version 9 templates are sent to NetStream servers for an update. The value range is 1 to 600.
Usage guidelines
Version 9 is template-based and supports user-defined formats. An IPv6 NetStream device must send the version 9 templates to NetStream servers regularly, because the servers do not permanently save templates.
You can configure the refresh frequency or refresh interval for the device to send version 9 templates. If both settings are configured, templates are sent when either of the conditions is met.
To configure the refresh interval for version 9 templates, use the ipv6 netstream export v9-template refresh-rate time command.
Examples
# Configure the device to send IPv6 NetStream version 9 templates every 100 packets.
<Sysname> system-view
[Sysname] ipv6 netstream export v9-template refresh-rate packet 100
Related commands
ipv6 netstream export v9-template refresh-rate time
ipv6 netstream export v9-template refresh-rate time
Use ipv6 netstream export v9-template refresh-rate time to configure the sending interval for IPv6 NetStream version 9 templates.
Use undo ipv6 netstream export v9-template refresh-rate time to restore the default.
Syntax
ipv6 netstream export v9-template refresh-rate time minutes
undo ipv6 netstream export v9-template refresh-rate time
Default
Version 9 templates are sent every 30 minutes.
Views
System view
Predefined user roles
network-admin
Parameters
minutes: Specifies the interval in the range of 1 to 3600 minutes.
Usage guidelines
Version 9 is template-based and supports user-defined formats. An IPv6 NetStream device must send the version 9 templates to NetStream servers regularly, because the servers do not permanently save templates.
You can adjust the refresh frequency or refresh interval for the device to send version 9 templates. If both settings are configured, templates are sent when either of the conditions is met.
To configure the refresh frequency for version 9 templates, use the ipv6 netstream export v9-template refresh-rate packet command.
Examples
# Configure the device to send version 9 templates every 60 minutes.
<Sysname> system-view
[Sysname] ipv6 netstream export v9-template refresh-rate time 60
Related commands
ipv6 netstream export v9-template refresh-rate packet
ipv6 netstream export version 9
Use ipv6 netstream export version 9 to export IPv6 NetStream data in the version 9 format and choose whether to record AS and BGP next hop information.
Use undo ipv6 netstream export version to restore the default.
Syntax
ipv6 netstream export version 9 { origin-as | peer-as } [ bgp-nexthop ]
undo ipv6 netstream export version
Default
The version 9 format is used to export IPv6 NetStream traditional data, IPv6 NetStream aggregation data, and MPLS flow data with IPv6 fields.
The peer AS numbers are recorded. The BGP next hop is not recorded.
Views
System view
Predefined user roles
network-admin
Parameters
origin-as: Records the source AS of the source address and the destination AS of the destination address.
peer-as: Records the ASs before and after the AS where the NetStream device resides as the source AS and destination AS, respectively.
bgp-nexthop: Records BGP next hops.
Usage guidelines
An IPv6 NetStream entry records the source IPv6 address, destination IPv6 address, and two AS numbers for each address. You can choose to configure which AS numbers are to be exported as the source AS and destination AS.
When you execute the command without any keywords, the peer AS numbers are recorded, and the BGP next hop is not recorded.
Examples
# Configure the device to export IPv6 NetStream data in the version 9 format, and specify the IPv6 NetStream data to include the source AS and destination AS.
<Sysname> system-view
[Sysname] ipv6 netstream export version 9 origin-as
ipv6 netstream max-entry
Use ipv6 netstream max-entry to set the upper limit for IPv6 NetStream entries.
Use undo ipv6 netstream max-entry to restore the default.
Syntax
ipv6 netstream max-entry max-entries
undo ipv6 netstream max-entry
Default
The upper limit for IPv6 NetStream entries is 10000.
Views
System view
Predefined user roles
network-admin
Parameters
max-entries: Specifies the upper limit for IPv6 NetStream entries that the cache can accommodate. The value range is 1000 to 100000.
Usage guidelines
(Distributed devices in standalone mode.) The max-entries argument takes effect on each card.
(Distributed devices in IRF mode.) The max-entries argument takes effect on each card of each IRF member device.
(Centralized devices in IRF mode.) The max-entries argument takes effect on each IRF member device.
If you execute the ipv6 netstream max-entry max-entries command multiple times, the most recent configuration takes effect.
Examples
# Set the upper limit to 5000 for IPv6 NetStream entries.
<Sysname> system-view
[Sysname] ipv6 netstream max-entry 5000
ipv6 netstream timeout active
Use ipv6 netstream timeout active to set the aging timer for active flows.
Use undo ipv6 netstream timeout active to restore the default.
Syntax
ipv6 netstream timeout active minutes
undo ipv6 netstream timeout active
Default
The aging timer is 30 minutes for active flows.
Views
System view
Predefined user roles
network-admin
Parameters
minutes: Sets the aging timer for active flows, in the range of 1 to 60 minutes.
Usage guidelines
A flow is considered active if packets for the IPv6 NetStream entry arrive before the timer set by this command expires.
Examples
# Set the aging timer to 60 minutes for active flows.
<Sysname> system-view
[Sysname] ipv6 netstream timeout active 60
Related commands
ipv6 netstream timeout inactive
ipv6 netstream timeout inactive
Use ipv6 netstream timeout inactive to set the aging timer for inactive flows.
Use undo ipv6 netstream timeout inactive to restore the default.
Syntax
ipv6 netstream timeout inactive seconds
undo ipv6 netstream timeout inactive
Default
The aging timer is 30 seconds for inactive flows.
Views
System view
Predefined user roles
network-admin
Parameters
seconds: Sets the aging timer for inactive flows, in the range of 10 to 600 seconds.
Usage guidelines
A flow is considered inactive if no packet for the IPv6 NetStream entry arrives before the timer set by this command expires.
Examples
# Set the aging timer to 60 seconds for inactive flows.
<Sysname> system-view
[Sysname] ipv6 netstream timeout inactive 60
Related commands
ipv6 netstream timeout active
reset ipv6 netstream statistics
Use reset ipv6 netstream statistics to age out all flows in the cache and export IPv6 NetStream data.
Syntax
reset ipv6 netstream statistics
Views
User view
Predefined user roles
network-admin
Usage guidelines
It takes the system several minutes to execute the command. During this period, the system does not collect IPv6 NetStream data.
Examples
# Age out and export all IPv6 NetStream data.
<Sysname> reset ipv6 netstream statistics
This process may take a few minutes.
NetStream statistic function is disabled during this process.
sFlow commands
sFlow sampling is not supported on Layer 2 Ethernet interfaces and Layer-configurable Ethernet interfaces.
The following matrix shows the feature and hardware compatibility:
Hardware |
sFlow compatibility |
MSR810/810-W/810-W-DB/810-LM/810-W-LM/810-10-PoE/810-LM-HK/810-W-LM-HK/810-LMS/810-LUS |
No |
MSR2600-6-X1 |
No |
MSR2600-10-X1 |
Yes |
MSR 2630 |
Yes |
MSR3600-28/3600-51 |
Yes |
MSR3600-28-SI/3600-51-SI |
No |
MSR3610-X1/3610-X1-DP/3610-X1-DC/3610-X1-DP-DC |
Yes |
MSR 3610/3620/3620-DP/3640/3660 |
Yes |
MSR5620/5660/5680 |
No on the management Ethernet interfaces of the MPUs Yes on Ethernet interfaces of the SPUs |
Hardware |
sFlow compatibility |
MSR810-LM-GL |
No |
MSR810-W-LM-GL |
No |
MSR830-6EI-GL |
No |
MSR830-10EI-GL |
No |
MSR830-6HI-GL |
No |
MSR830-10HI-GL |
No |
MSR2600-6-X1-GL |
No |
MSR3600-28-SI-GL |
No |
display sflow
Use display sflow to display sFlow configuration and operation information.
Syntax
display sflow
Views
Any view
Predefined user roles
network-admin
network-operator
Examples
# Display sFlow configuration and operation information.
<Sysname> display sflow
sFlow datagram version: 5
Global information:
Agent IP: 10.10.10.1(CLI)
Source address: 10.0.0.1 2001::1
Collector information:
ID IP Port Aging Size VPN-instance Description
1 22:2:20::10 6535 N/A 1400 vpn1 netserver
2 192.168.3.5 6543 500 1400 Office
Port information:
Interface CID Interval(s) FID MaxHLen Rate Mode Status
GE1/0/1 1 100 1 128 1000 Determine Active
GE1/0/2 2 100 2 128 1000 Determine Active
Table 86 Command output
Field |
Description |
sFlow datagram version |
sFlow version, which can only take the value of 5. The device can send only sFlow packets whose sFlow version is 5. |
Global information |
Global sFlow information. |
Agent IP |
IP address of the sFlow agent: · CLI—Manually configured IP address. · Auto—Automatically configured IP address. |
Source address |
Source IP address of sFlow packets. |
Collector information |
sFlow collector information. |
ID |
sFlow collector ID. |
IP |
sFlow collector IP address. |
Port |
sFlow collector port. |
Aging |
Remaining lifetime of the sFlow collector. If this field displays N/A, the sFlow collector never ages out. |
Size |
Maximum length of the sFlow data portion in an sFlow packet. |
VPN-instance |
Name of the VPN instance to which the sFlow collector belongs. |
Description |
Description of the sFlow collector. |
Port information |
Information about interfaces configured with sFlow. |
Interface |
Interface configured with sFlow. |
CID |
ID of the sFlow collector for receiving counter sampled packets. If no sFlow collector ID is specified, this field displays 0. |
Interval(s) |
Counter sampling interval, in seconds. |
FID |
ID of the sFlow collector for receiving flow sampled packets. If no sFlow collector ID is specified, this field displays 0. |
MaxHLen |
Maximum number of bytes that can be copied in a sampled packet (starting from the packet header). |
Rate |
Number of packets out of which the interface samples a packet by using flow sampling. |
Mode |
Flow sampling mode. Determine indicates that sFlow samples a fixed number of packets. |
Status |
sFlow status of the port: · Suspended—The sFlow feature is suspended because the port is down. · Active—The sFlow feature is active because the port is up. |
sflow agent
Use sflow agent to configure an IP address for the sFlow agent.
Use undo sflow agent to restore the default.
Syntax
sflow agent { ip ipv4-address | ipv6 ipv6-address }
undo sflow agent { ip | ipv6 }
Default
No IP address is configured for the sFlow agent. The device periodically identifies whether the sFlow agent has an IP address. If the sFlow agent does not have an IP address, the device automatically selects an IPv4 address for the sFlow agent. It does not save the IPv4 address in the configuration file.
Views
System view
Predefined user roles
network-admin
Parameters
ip ipv4-address: Specifies an IPv4 address for the sFlow agent.
ipv6 ipv6-address: Specifies an IPv6 address for the sFlow agent.
Usage guidelines
As a best practice, manually configure an IP address for the sFlow agent.
If you execute this command multiple times, the most recent configuration takes effect.
Examples
# Specify IP address 10.10.10.1 for the sFlow agent.
<Sysname> system-view
[Sysname] sflow agent ip 10.10.10.1
sflow collector
Use sflow collector to configure parameters for an sFlow collector.
Use undo sflow collector to remove an sFlow collector.
Syntax
sflow collector collector-id [ vpn-instance vpn-instance-name ] { ip ipv4-address | ipv6 ipv6-address } [ port port-number ] [ datagram-size size ] [ time-out seconds ] [ description string ]
undo sflow collector collector-id
Default
No sFlow collector information is configured.
Views
System view
Predefined user roles
network-admin
Parameters
collector-id: Specifies an sFlow collector by its ID. The value range for this argument is 1 to 10.
vpn-instance vpn-instance-name: Specifies a VPN instance by its name for the sFlow collector. A VPN instance name is a case-sensitive string of 1 to 31 characters and cannot contain spaces. By default, the sFlow collector belongs to the public network.
ip ipv4-address: Specifies an IPv4 address for the sFlow collector.
ipv6 ipv6-address: Specifies an IPv6 address for the sFlow collector.
description string: Specifies a description, a case-sensitive string of 1 to 127 characters. The default description is "CLI Collector."
datagram-size size: Specifies the maximum length of the sFlow data portion in an sFlow packet. The value range for the size argument is 200 to 3000 bytes, and the default value is 1400 bytes.
port port-number: Specifies the UDP port number of the sFlow collector, in the range of 1 to 65535. The default is 6343.
time-out seconds: Specifies the aging timer of the sFlow collector, in the range of 1 to 2147483647 seconds. When the aging timer expires, the sFlow collector settings are deleted. The sFlow collector settings do not age out by default.
Examples
# Configure the following parameters for sFlow collector 2:
· VPN name—vpn1.
· IP address—3.3.3.1.
· Port number—Default.
· Description—netserver.
· Aging timer—1200 seconds.
· Maximum length of the sFlow data portion in the sFlow packet—1000 bytes.
<Sysname> system-view
[Sysname] sflow collector 2 vpn-instance vpn1 ip 3.3.3.1 description netserver time-out 1200 datagram-size 1000
sflow counter interval
Use sflow counter interval to enable counter sampling and set a counter sampling interval on an interface.
Use undo sflow counter interval to disable counter sampling on an interface.
Syntax
sflow counter interval interval
undo sflow counter interval
Default
Counter sampling is disabled.
Views
Layer 3 Ethernet interface view
Predefined user roles
network-admin
Parameters
interval: Specifies the counter sampling interval in the range of 2 to 86400 seconds.
Examples
# Enable counter sampling and set the counter sampling interval to 120 seconds on GigabitEthernet 1/0/1.
<Sysname> system-view
[Sysname] interface gigabitethernet 1/0/1
[Sysname-GigabitEthernet1/0/1] sflow counter interval 120
sflow counter collector
Use sflow counter collector to specify an sFlow collector for counter sampling.
Use undo sflow counter collector to restore the default.
Syntax
sflow counter collector collector-id
undo sflow counter collector
Default
No sFlow collector is specified for counter sampling.
Views
Layer 3 Ethernet interface view
Predefined user roles
network-admin
Parameters
collector-id: Specifies an sFlow collector by its ID. The value range for this argument is 1 to 10.
Examples
# Specify sFlow collector 2 on GigabitEthernet 1/0/1 for counter sampling.
<Sysname> system-view
[Sysname] interface gigabitethernet 1/0/1
[Sysname-GigabitEthernet1/0/1] sflow counter collector 2
sflow flow collector
Use sflow flow collector to specify an sFlow collector for flow sampling.
Use undo sflow flow collector to restore the default.
Syntax
sflow flow collector collector-id
undo sflow flow collector
Default
No sFlow collector is specified for flow sampling.
Views
Layer 3 Ethernet interface view
Predefined user roles
network-admin
Parameters
collector-id: Specifies an sFlow collector by its ID. The value range for this argument is 1 to 10.
Examples
# Specify sFlow collector 2 on GigabitEthernet 1/0/1 for flow sampling.
<Sysname> system-view
[Sysname] interface gigabitethernet 1/0/1
[Sysname-GigabitEthernet1/0/1] sflow flow collector 2
sflow flow max-header
Use sflow flow max-header to set the maximum number of bytes (starting from the packet header) that flow sampling can copy per packet.
Use undo sflow flow max-header to restore the default.
Syntax
sflow flow max-header length
undo sflow flow max-header
Default
Flow sampling can copy up to 128 bytes of a packet.
Views
Layer 3 Ethernet interface view
Predefined user roles
network-admin
Parameters
length: Specifies the maximum number of bytes that can be copied, in the range of 18 to 512. As a best practice, use the default value.
Examples
# Set the maximum number of bytes to 60 for flow sampling to copy per packet on GigabitEthernet 1/0/1.
<Sysname> system-view
[Sysname] interface gigabitethernet 1/0/1
[Sysname-GigabitEthernet1/0/1] sflow flow max-header 60
sflow sampling-mode
Use sflow sampling-mode to specify a flow sampling mode.
Use undo sflow sampling-mode to restore the default.
Syntax
sflow sampling-mode determine
undo sflow sampling-mode
Default
Fixed sampling mode is used.
Views
Layer 3 Ethernet interface view
Predefined user roles
network-admin
Parameters
determine: Specifies the fixed sampling mode. For example, if the flow sampling interval is set to 4000 (by using the sflow sampling-rate command), the device samples packets as follows:
· The device randomly samples a packet, like the tenth packet, from the first 4000 packets.
· The next time the device samples the 4010th packet, and so on.
Examples
# Specify fixed flow sampling mode on GigabitEthernet 1/0/1.
<Sysname> system-view
[Sysname] interface gigabitethernet 1/0/1
[Sysname-GigabitEthernet1/0/1] sflow sampling-mode determine
Related commands
sflow sampling-rate
sflow sampling-rate
Use sflow sampling-rate to enable flow sampling and specify the number of packets out of which flow sampling will sample a packet on an interface.
Use undo sflow sampling-rate to disable flow sampling on an interface.
Syntax
sflow sampling-rate rate
undo sflow sampling-rate
Default
Flow sampling is disabled.
Views
Layer 3 Ethernet interface view
Predefined user roles
network-admin
Parameters
rate: Specifies the number of packets out of which flow sampling will sample a packet on the interface. The value range for this argument is 1000 to 5000.
Examples
# Enable flow sampling to sample a packet out of 4000 packets on GigabitEthernet 1/0/1.
<Sysname> system-view
[Sysname] interface gigabitethernet 1/0/1
[Sysname-GigabitEthernet1/0/1] sflow sampling-rate 4000
Related commands
sflow sampling-mode
sflow source
Use sflow source to specify the source IP address of sent sFlow packets.
Use undo sflow source to restore the default.
Syntax
sflow source { ip ipv4-address | ipv6 ipv6-address } *
undo sflow source { ip | ipv6 } *
Default
The source IP address of sent sFlow packets is determined by routing.
Views
System view
Predefined user roles
network-admin
Parameters
ip ipv4-address: Specifies the source IPv4 address of sent sFlow packets.
ipv6 ipv6-address: Specifies the source IPv6 address of sent sFlow packets.
Examples
# Specify the source IPv4 address of sent sFlow packets as 10.0.0.1.
<Sysname> system-view
[Sysname] sflow source ip 10.0.0.1
Information center commands
Commands and descriptions for centralized devices apply to the following routers:
· MSR810/810-W/810-W-DB/810-LM/810-W-LM/810-10-PoE/810-LM-HK/810-W-LM-HK/810-LMS/810-LUS.
· MSR2600-6-X1/2600-10-X1.
· MSR 2630.
· MSR3600-28/3600-51.
· MSR3600-28-SI/3600-51-SI.
· MSR3610-X1/3610-X1-DP/3610-X1-DC/3610-X1-DP-DC.
· MSR 3610/3620/3620-DP/3640/3660.
· MSR810-LM-GL/810-W-LM-GL/830-6EI-GL/830-10EI-GL/830-6HI-GL/830-10HI-GL/2600-6-X1-GL/3600-28-SI-GL.
Commands and descriptions for distributed devices apply to the following routers:
· MSR5620.
· MSR 5660.
· MSR 5680.
diagnostic-logfile save
Use diagnostic-logfile save to manually save diagnostic logs from the diagnostic log file buffer to the diagnostic log file.
Syntax
diagnostic-logfile save
Views
Any view
Predefined user roles
network-admin
Usage guidelines
You can specify the directory to save the diagnostic log file by using the info-center diagnostic-logfile directory command.
The system clears the diagnostic log file buffer after saving the buffered diagnostic logs to the diagnostic log file.
If the diagnostic log file buffer is empty, this command displays a success message event though no logs are saved to the diagnostic log file.
Examples
# Manually save diagnostic logs from the diagnostic log file buffer to the diagnostic log file.
<Sysname> diagnostic-logfile save
The contents in the diagnostic log file buffer have been saved to the file flash:/diagfile/diagfile.log.
Related commands
info-center diagnostic-logfile enable
info-center diagnostic-logfile directory
display diagnostic-logfile summary
Use display diagnostic-logfile summary to display the diagnostic log file configuration.
Syntax
display diagnostic-logfile summary
Views
Any view
Predefined user roles
network-admin
network-operator
Examples
# Display the diagnostic log file configuration.
<Sysname> display diagnostic-logfile summary
Diagnostic log file: Enabled.
Diagnostic log file size quota: 10 MB
Diagnostic log file directory: flash:/diagfile
Writing frequency: 24 hour 0 min 0 sec
Table 87 Command output
Field |
Description |
Diagnostic log file |
· Enabled—Diagnostic logs can be output to the diagnostic log file. · Disabled—Diagnostic logs cannot be output to the diagnostic log file. |
Diagnostic log file size quota |
Maximum size for the diagnostic log file, in MB. |
Log file directory |
Directory where the diagnostic log file is saved. |
Writing frequency |
Interval at which the system saves diagnostic logs from the buffer to the diagnostic log file. |
display info-center
Use display info-center to display information center configuration.
Syntax
display info-center
Views
Any view
Predefined user roles
network-admin
network-operator
Examples
# Display information center configuration.
<Sysname> display info-center
Information Center: Enabled
Console: Enabled
Monitor: Enabled
Log host: Enabled
192.168.0.1,
port number: 514, host facility: local7
Log buffer: Enabled
Max buffer size 1024, current buffer size 512,
Current messages 0, dropped messages 0, overwritten messages 0
Log file: Enabled
Security log file: Enabled
Information timestamp format:
Log host: Date
Other output destination: Date
display logbuffer
Use display logbuffer to display the state of the log buffer and the log information in the log buffer.
Syntax
Centralized devices in standalone mode:
display logbuffer [ reverse ] [ level severity | size buffersize ] *
Distributed devices in standalone mode/centralized devices in IRF mode:
display logbuffer [ reverse ] [ level severity | size buffersize | slot slot-number ] *
Distributed devices in IRF mode:
display logbuffer [ reverse ] [ level severity | size buffersize | chassis chassis-number slot slot-number ] *
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
reverse: Displays log entries chronologically, with the most recent entry at the top. If you do not specify this keyword, the command displays log entries chronologically, with the oldest entry at the top.
level severity: Specifies a severity level in the range of 0 to 7. If you do not specify a severity level, this command displays log information for all levels.
Severity value |
Level |
Description |
Corresponding keyword in commands |
0 |
Emergency |
The system is unusable. For example, the system authorization has expired. |
emergency |
1 |
Alert |
Action must be taken immediately. For example, traffic on an interface exceeds the upper limit. |
alert |
2 |
Critical |
Critical condition. For example, the device temperature exceeds the upper limit, the power module fails, or the fan tray fails. |
critical |
3 |
Error |
Error condition. For example, the link state changes. |
error |
4 |
Warning |
Warning condition. For example, an interface is disconnected, or the memory resources are used up. |
warning |
5 |
Notification |
Normal but significant condition. For example, a terminal logs in to the device, or the device reboots. |
notification |
6 |
Informational |
Informational message. For example, a command or a ping operation is executed. |
informational |
7 |
Debugging |
Debugging message. |
debugging |
size buffersize: Specifies the number of latest logs to be displayed. The value range is 1 to 1024. If you do not specify this option, the command displays all logs in the log buffer.
slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays information for all cards. (Distributed devices in standalone mode.)
slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command displays information for all member devices. (Centralized devices in IRF mode.)
chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the card. If you do not specify a card, this command displays information for all cards. (Distributed devices in IRF mode.)
Examples
# (Centralized devices in standalone mode.) Display the state and log information of the log buffer.
<Sysname> display logbuffer
Log buffer: Enabled
Max buffer size: 1024
Actual buffer size: 512
Dropped messages: 0
Overwritten messages: 718
Current messages: 512
%Jun 17 15:57:09:578 2006 Sysname SYSLOG/7/SYS_RESTART:System restarted --
…
# (Distributed devices in standalone mode/centralized devices in IRF mode.) Display the state and log information of the log buffer.
<Sysname> display logbuffer slot 1
Log buffer: Enabled
Max buffer size: 1024
Actual buffer size: 512
Dropped messages: 0
Overwritten messages: 0
Current messages: 127
%Jun 19 18:03:24:55 2006 Sysname SYSLOG /7/SYS_RESTART:System restarted
…
# (Distributed devices in IRF mode.) Display the state and log information of the log buffer.
<Sysname> display logbuffer chassis 0 slot 1
Log buffer: Enabled
Max buffer size: 1024
Actual buffer size: 512
Dropped messages: 0
Overwritten messages: 0
Current messages: 127
%Jun 19 18:03:24:55 2006 Sysname SYSLOG/7/SYS_RESTART:System restarted
…
Table 89 Command output
Field |
Description |
Log buffer |
· Enabled—Logs can be output to the log buffer. · Disabled—Logs cannot be output to the buffer. |
Max buffer size |
Maximum buffer size supported by the device. |
Actual buffer size |
Maximum buffer size configured by using the info-center logbuffer size command. |
Dropped messages |
Number of dropped messages. |
Overwritten messages |
Number of overwritten messages. |
Current messages |
Number of current messages. |
Related commands
info-center logbuffer
reset logbuffer
display logbuffer summary
Use display logbuffer summary to display the summary of the log buffer.
Syntax
Centralized devices in standalone mode:
display logbuffer summary [ level severity ]
Distributed devices in standalone mode/centralized devices in IRF mode:
display logbuffer summary [ level severity | slot slot-number ] *
Distributed devices in IRF mode:
display logbuffer summary [ level severity | chassis chassis-number slot slot-number ] *
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
level severity: Specifies a severity level in the range of 0 to 7. If you do not specify a severity level, this command displays log information of all levels in the log buffer. For more information about log levels, see Table 88.
slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays information for all cards. (Distributed devices in standalone mode.)
slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command displays information for all member devices. (Centralized devices in IRF mode.)
chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the card. If you do not specify a card, this command displays information for all cards. (Distributed devices in IRF mode.)
Examples
# (Centralized devices in standalone mode.) Display the summary of the log buffer.
<Sysname> display logbuffer summary
Slot EMERG ALERT CRIT ERROR WARN NOTIF INFO DEBUG
0 0 0 0 0 22 0 1 0
# (Centralized devices in IRF mode.) Display the summary of the log buffer.
<Sysname> display logbuffer summary
SLOT EMERG ALERT CRIT ERROR WARN NOTIF INFO DEBUG
1 0 0 0 7 0 34 38 0
2 0 0 0 0 0 0 0 0
3 0 0 0 0 0 0 0 0
4 0 0 0 0 0 0 0 0
# (Distributed devices in standalone mode.) Display the summary of the log buffer.
<Sysname> display logbuffer summary
SLOT EMERG ALERT CRIT ERROR WARN NOTIF INFO DEBUG
0 0 0 0 0 0 0 0 0
1 0 0 0 0 0 0 0 0
2 0 0 0 0 0 0 0 0
3 0 0 0 0 16 0 1 0
# (Distributed devices in IRF mode.) Display the summary of the log buffer.
<Sysname> display logbuffer summary
CHASSIS SLOT EMERG ALERT CRIT ERROR WARN NOTIF INFO DEBUG
1 0 0 0 0 1 238 0 1 0
1 1 0 0 0 0 0 0 0 0
1 2 0 0 0 0 1 0 0 0
2 0 0 0 0 0 5 0 0 0
2 1 0 0 0 0 1 0 0 0
Table 90 Command output
Field |
Description |
CHASSIS |
Member ID of the device in the IRF fabric. (Distributed devices in IRF mode.) |
SLOT |
Slot number of the card. (Distributed devices.) |
SLOT |
Device ID. (Centralized devices in IRF mode.) |
EMERG |
Represents emergency. For more information, see Table 88. |
ALERT |
Represents alert. For more information, see Table 88. |
CRIT |
Represents critical. For more information, see Table 88. |
ERROR |
Represents error. For more information, see Table 88. |
WARN |
Represents warning. For more information, see Table 88. |
NOTIF |
Represents notification. For more information, see Table 88. |
INFO |
Represents informational. For more information, see Table 88. |
DEBUG |
Represents debug. For more information, see Table 88. |
display logfile summary
Use display logfile summary to display the log file configuration.
Syntax
display logfile summary
Views
Any view
Predefined user roles
network-admin
network-operator
Examples
# Display the log file configuration.
<Sysname> display logfile summary
Log file: Enabled.
Log file size quota: 10 MB
Log file directory: flash:/logfile
Writing frequency: 0 hour 1 min 10 sec
Table 91 Command output
Field |
Description |
Log file |
· Enabled—Logs can be output to a log file. · Disabled—Logs cannot be output to a log file. |
Log file size quota |
Maximum storage space reserved for a log file, in MB. |
Log file directory |
Log file directory. |
Writing frequency |
Log file writing frequency. |
display security-logfile summary
Use display security-logfile summary to display the summary of the security log file.
Syntax
display security-logfile summary
Views
Any view
Predefined user roles
security-audit
Usage guidelines
A local user can use this command only after being authorized as the security log administrator by the system administrator through the authorization-attribute user-role security-audit command. For more information about the security log administrator, see Security Configuration Guide.
Examples
# Display the summary of the security log file.
<Sysname> display security-logfile summary
Security log file: Enabled
Security log file size quota: 10 MB
Security log file directory: flash:/seclog
Alarm threshold: 80%
Current usage: 30%
Writing frequency: 1 hour 0 min 0 sec
Table 92 Command output
Field |
Description |
Security log file |
· Enabled—Security logs can be output to the security log file. · Disabled—Security logs cannot be output to the security log file. |
Security log file size quota |
Maximum storage space reserved for the security log file. |
Security log file directory |
Security log file directory. |
Alarm-threshold |
Alarm threshold of the security log file usage. |
Current usage |
Current usage of the security log file. |
Writing frequency |
Security log file writing frequency. |
Related commands
authorization-attribute (Security Command Reference)
enable log updown
Use enable log updown to enable an interface to generate link up or link down logs when the interface state changes.
Use undo enable log updown to disable an interface from generating link up or link down logs when the interface state changes.
Syntax
enable log updown
undo enable log updown
Default
All interfaces are allowed to generate link up and link down logs.
Views
Interface view
Predefined user roles
network-admin
Examples
# Disable GigabitEthernet 1/0/1 from generating link up or link down logs.
<Sysname> system-view
[Sysname] interface gigabitethernet 1/0/1
[Sysname-GigabitEthernet1/0/1] undo enable log updown
info-center diagnostic-logfile directory
Use info-center diagnostic-logfile directory to configure the directory to save the diagnostic log file.
Syntax
info-center diagnostic-logfile directory dir-name
Default
Diagnostic log files are saved in the diagfile directory under the root directory of the storage device.
Views
System view
Predefined user roles
network-admin
Parameters
dir-name: Specifies a directory by its name, a string of 1 to 64 characters.
Usage guidelines
The specified directory must have been created.
This command cannot survive a reboot. (Centralized devices in standalone mode.)
This command cannot survive a reboot or an active/standby switchover. (Distributed devices in standalone mode.)
This command cannot survive an IRF reboot or a master/subordinate switchover. (Centralized devices in IRF mode.)
This command cannot survive an IRF reboot or a global active/standby switchover in an IRF fabric. (Distributed devices in IRF mode.)
Examples
# Set the diagnostic log file directory to flash:/test.
<Sysname> mkdir test
Creating directory flash:/test... Done.
<Sysname> system-view
[Sysname] info-center diagnostic-logfile directory flash:/test
info-center diagnostic-logfile enable
Use info-center diagnostic-logfile enable to enable saving diagnostic logs to the diagnostic log file.
Use undo info-center diagnostic-logfile enable to disable saving diagnostic logs to the diagnostic log file.
Syntax
info-center diagnostic-logfile enable
undo info-center diagnostic-logfile enable
Default
Saving diagnostic logs to the diagnostic log file is enabled.
Views
System view
Predefined user roles
network-admin
Usage guidelines
This command enables saving diagnostic logs to the diagnostic log file for centralized management. Users can view the diagnostic logs to monitor device activities and to troubleshoot problems.
Examples
# Enable saving diagnostic logs to the diagnostic log file.
<Sysname> system-view
[Sysname] info-center diagnostic-logfile enable
info-center diagnostic-logfile frequency
Use info-center diagnostic-logfile frequency to configure the interval at which the system saves diagnostic logs from the diagnostic log file buffer to the diagnostic log file.
Use undo info-center diagnostic-logfile frequency to restore the default.
Syntax
info-center diagnostic-logfile frequency freq-sec
undo info-center diagnostic-logfile frequency
Default
The diagnostic log file saving interval is 86400 seconds.
Views
System view
Predefined user roles
network-admin
Parameters
freq-sec: Specifies the diagnostic log file saving interval in seconds. The value range is 10 to 86400.
Usage guidelines
The system outputs diagnostic logs to the diagnostic log file buffer, and then saves the buffered logs to the diagnostic log file at the specified interval.
Examples
# Set the diagnostic log file saving interval to 600 seconds.
<Sysname> system-view
[Sysname] info-center diagnostic-logfile frequency 600
Related commands
info-center diagnostic-logfile enable
info-center diagnostic-logfile quota
Use info-center diagnostic-logfile quota to set the maximum size for the diagnostic log file.
Use undo info-center diagnostic-logfile quota to restore the default.
Syntax
info-center diagnostic-logfile quota size
undo info-center diagnostic-logfile quota
Default
The maximum size for the diagnostic log file is 5 MB.
Views
System view
Predefined user roles
network-admin
Parameters
size: Specifies the maximum size for the diagnostic log file, in MB. The value range is 1 to 10.
Examples
# Set the maximum size to 6 MB for the diagnostic log file.
<Sysname> system-view
[Sysname] info-center diagnostic-logfile quota 6
info-center enable
Use info-center enable to enable the information center.
Use undo info-center enable to disable the information center.
Syntax
info-center enable
undo info-center enable
Default
The information center is enabled.
Views
System view
Predefined user roles
network-admin
Examples
# Enable the information center.
<Sysname> system-view
[Sysname] info-center enable
Information center is enabled.
info-center format
Use info-center format to set the format for logs sent to log hosts.
Use undo info-center format to restore the default.
Syntax
info-center format { cmcc | unicom }
undo info-center format
Default
Logs are sent to log hosts in standard format.
Views
System view
Predefined user roles
network-admin
Parameters
cmcc: Specifies the China Mobile Communications Corporation format.
unicom: Specifies the China Unicom format.
Usage guidelines
Logs can be sent to log hosts in standard, unicom, or cmcc format. For more information about log formats, see Network Management and Monitoring Configuration Guide.
Examples
# Set the log format to unicom for logs sent to log hosts.
<Sysname> system-view
[Sysname] info-center format unicom
info-center logbuffer
Use info-center logbuffer to enable log output to the log buffer.
Use undo info-center logbuffer to disable log output to the log buffer.
Syntax
info-center logbuffer
undo info-center logbuffer
Default
Log output to the log buffer is enabled.
Views
System view
Predefined user roles
network-admin
Examples
# Enable log output to the log buffer.
<Sysname> system-view
[Sysname] info-center logbuffer
Related commands
display logbuffer
info-center enable
info-center logbuffer size
Use info-center logbuffer size to set the maximum number of logs that can be stored in the log buffer.
Use undo info-center logbuffer size to restore the default.
Syntax
info-center logbuffer size buffersize
undo info-center logbuffer size
Default
The log buffer can store a maximum of 512 logs.
Views
System view
Predefined user roles
network-admin
Parameters
buffersize: Specifies the maximum number of logs that can be stored in the log buffer. The value range is 0 to 1024, and the default is 512.
Examples
# Set the maximum log buffer size to 50.
<Sysname> system-view
[Sysname] info-center logbuffer size 50
# Restore the default maximum log buffer size.
<Sysname> system-view
[Sysname] undo info-center logbuffer size
Related commands
display logbuffer
info-center enable
info-center logfile directory
Use info-center logfile directory to specify the directory to save the log file.
Syntax
info-center logfile directory dir-name
Default
Log files are saved in the logfile directory under the root directory of the storage device.
Views
System view
Predefined user roles
network-admin
Parameters
dir-name: Specifies a directory by its name, a string of 1 to 64 characters.
Usage guidelines
The specified directory must have been created.
The log file has a .log extension. When the default log file directory runs out of space, use this command to specify a new log file directory.
This command cannot survive a reboot. (Centralized devices in standalone mode.)
This command cannot survive a reboot or an active/standby switchover. (Distributed devices in standalone mode.)
This command cannot survive an IRF reboot or a master/subordinate switchover. (Centralized devices in IRF mode.)
This command cannot survive an IRF reboot or a global active/standby switchover in an IRF fabric. (Distributed devices in IRF mode.)
Examples
# Create a directory named test under the flash root directory.
<Sysname> mkdir test
Creating directory flash:/test... Done.
# Set the log file directory to flash:/test.
<Sysname> system-view
[Sysname] info-center logfile directory flash:/test
Related commands
info-center logfile enable
info-center logfile enable
Use info-center logfile enable to enable the log file feature.
Use undo info-center logfile enable to disable the log file feature.
Syntax
info-center logfile enable
undo info-center logfile enable
Default
The log file feature is enabled.
Views
System view
Predefined user roles
network-admin
Examples
# Enable log output to the log file.
<Sysname> system-view
[Sysname] info-center logfile enable
info-center logfile frequency
Use info-center logfile frequency to configure the interval at which the system saves logs from the log file buffer to the log file.
Use undo info-center logfile frequency to restore the default.
Syntax
info-center logfile frequency freq-sec
undo info-center logfile frequency
Default
The log file saving interval is 86400 seconds.
Views
System view
Predefined user roles
network-admin
Parameters
freq-sec: Specifies the log file saving interval in seconds. The value range is 1 to 86400.
Usage guidelines
This command enables the system to automatically save logs in the log file buffer to the log file at the specified interval.
Examples
# Set the log file saving interval to 60000 seconds.
<Sysname> system-view
[Sysname] info-center logfile frequency 60000
Related commands
info-center logfile enable
info-center logfile size-quota
Use info-center logfile size-quota to set the maximum size for the log file.
Use undo info-center logfile size-quota to restore the default.
Syntax
info-center logfile size-quota size
undo info-center logfile size-quota
Default
The maximum size for the log file is 5 MB.
Views
System view
Predefined user roles
network-admin
Parameters
size: Specifies the maximum size for the log file, in MB. The value range is 1 to 10.
Examples
# Set the maximum size to 6 MB for the log file.
<Sysname> system-view
[Sysname] info-center logfile size-quota 6
Related commands
info-center logfile enable
info-center logging suppress duplicates
Use info-center logging suppress duplicates to enable duplicate log suppression.
Use undo info-center logging suppress duplicate to disable duplicate log suppression.
Syntax
info-center logging suppress duplicates
undo info-center logging suppress duplicates
Default
Duplicate log suppression is disabled.
Views
System view
Predefined user roles
network-admin
Usage guidelines
Outputting consecutive duplicate logs at an interval of less than 30 seconds wastes system and network resources.
With this feature enabled, the system starts a suppression period when outputting a new log:
· During the suppression period, the system does not output logs with the same module name, level, mnemonic, location, and text as the previous log.
· After the suppression period expires, if the same log continues to appear, the system outputs the suppressed logs and the log number and starts another suppression period. The suppression period is 30 seconds the first time, 2 minutes the second time, and 10 minutes for subsequent times.
· If a different log is generated during the suppression period, the system aborts the current suppression period, outputs suppressed logs and the log number and then outputs the new log, starting another suppression period.
Examples
# Enable duplicate log suppression.
<Sysname> system-view
[Sysname] info-center logging suppress duplicates
info-center loghost
Use info-center loghost to specify a log host and to configure output parameters.
Use undo info-center loghost to restore the default.
Syntax
Default
No log hosts are specified.
Views
System view
Predefined user roles
network-admin
Parameters
vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters. If the log host is on the public network, do not specify this option.
hostname: Specifies a log host by its name, a case-insensitive string of 1 to 253 characters. The host name can contain letters, digits, and special characters including hyphen (-), underscore (_), and dot (.).
ipv4-address: Specifies a log host by its IPv4 address.
ipv6 ipv6-address: Specifies a log host by its IPv6 address.
port port-number: Specifies the port number of the log host, in the range of 1 to 65535. The default is 514. It must be the same as the value configured on the log host. Otherwise, logs cannot be sent to the log host.
facility local-number: Specifies a logging facility from local0 to local7 for the log host. The default value is local7. Logging facilities are used to mark different logging sources, and query and filer logs.
Usage guidelines
The info-center loghost command takes effect only after the information center is enabled by using info-center enable command.
The device supports a maximum of 20 log hosts.
Examples
# Output logs to the log host 1.1.1.1.
<Sysname> system-view
[Sysname] info-center loghost 1.1.1.1
info-center loghost source
Use info-center loghost source to specify a source IP address for logs sent to log hosts.
Use undo info-center loghost source to restore the default.
Syntax
info-center loghost source interface-type interface-number
undo info-center loghost source
Default
The source IP address of logs sent to log hosts is the primary IP address of their outgoing interfaces.
Views
System view
Predefined user roles
network-admin
Parameters
interface-type interface-number: Specifies a source interface. The interface's primary IP address will be used as the source IP address for logs sent to log hosts.
Usage guidelines
The info-center loghost source command takes effect only after the information center is enabled by using info-center enable command.
Examples
# Specify Loopback 0 as the source interface for logs sent to log hosts.
<Sysname> system-view
[Sysname] interface loopback 0
[Sysname-LoopBack0] ip address 2.2.2.2 32
[Sysname-LoopBack0] quit
[Sysname] info-center loghost source loopback 0
info-center security-logfile alarm-threshold
Use info-center security-logfile alarm-threshold to set the alarm threshold for security log file usage.
Use undo info-center security-logfile alarm-threshold to restore the default.
Syntax
info-center security-logfile alarm-threshold usage
undo info-center security-logfile alarm-threshold
Default
The alarm threshold for security log file usage is 80. When the usage of the security log file reaches 80%, the system outputs a message to inform the administrator.
Views
System view
Predefined user roles
network-admin
Parameters
usage: Specifies an alarm threshold. The value must be an integer in the range of 1 to 100.
Usage guidelines
When the security log file is full, the system deletes the oldest logs and then writes new logs to the security log file. This feature helps avoid security log loss by setting an alarm threshold for the security log file usage. When the threshold is reached, the system outputs log information to inform the administrator. The administrator can log in to the device as the security log administrator, and back up the security log file.
Examples
# Set the alarm threshold for security log file usage to 90.
<Sysname> system-view
[Sysname] info-center security-logfile alarm-threshold 90
Related commands
info-center security-logfile size-quota
info-center security-logfile directory
Use info-center security-logfile directory to specify the security log file directory.
Syntax
info-center security-logfile directory dir-name
Default
The security log file is saved in the seclog directory under the root directory of the storage device.
Views
System view
Predefined user roles
security-audit
Parameters
dir-name: Specifies a directory by its name, a string of 1 to 64 characters.
Usage guidelines
The specified directory must have been created.
To use this command, a local user must be authorized the security-audit user role. For information about configuring the security-audit user role, see Security Command Reference.
This command cannot survive a reboot. (Centralized devices in standalone mode.)
This command cannot survive a reboot or an active/standby switchover. (Distributed devices in standalone mode.)
This command cannot survive an IRF reboot or a master/subordinate switchover. (Centralized devices in IRF mode.)
This command cannot survive an IRF reboot or a global active/standby switchover in an IRF fabric. (Distributed devices in IRF mode.)
Examples
# Set the security log file directory to flash:/test.
<Sysname> mkdir test
Creating directory flash:/test... Done.
<Sysname> system-view
[Sysname] info-center security-logfile directory flash:/test
info-center security-logfile enable
Use info-center security-logfile enable to enable saving of security logs to the security log file.
Use undo info-center security-logfile enable to restore the default.
Syntax
info-center security-logfile enable
undo info-center security-logfile enable
Default
The saving of security logs to the security log file is disabled.
Views
System view
Predefined user roles
network-admin
Usage guidelines
This feature enables the system to output security logs to the security log file buffer, and then saves the buffered logs to the security log file regularly.
Examples
# Enable saving security logs to the security log file.
<Sysname> system-view
[Sysname] info-center security-logfile enable
info-center security-logfile frequency
Use info-center security-logfile frequency to configure the interval for saving security logs to the security log file.
Use undo info-center security-logfile frequency to restore the default.
Syntax
info-center security-logfile frequency freq-sec
undo info-center security-logfile frequency
Default
The security log file saving interval is 86400 seconds.
Views
System view
Predefined user roles
network-admin
Parameters
freq-sec: Specifies the security log file saving interval in seconds. The value range is 10 to 86400.
Usage guidelines
The system outputs security logs to the security log file buffer, and then saves the buffered logs to the security log file at the specified interval.
Examples
# Set the security log file saving interval to 600 seconds.
<Sysname> system-view
[Sysname] info-center security-logfile frequency 600
Related commands
info-center security-logfile enable
info-center security-logfile size-quota
Use info-center security-logfile size-quota to set the maximum size for the security log file.
Use undo info-center security-logfile size-quota to restore the default.
Syntax
info-center security-logfile size-quota size
undo info-center security-logfile size-quota
Default
The maximum size for the security log file is 10 MB.
Views
System view
Predefined user roles
network-admin
Parameters
size: Sets the maximum size for the security log file, in MB. The value range is 1 to 10.
Examples
# Set the maximum size to 6 MB for the security log file.
<Sysname> system-view
[Sysname] info-center security-logfile size-quota 6
Related commands
info-center security-logfile alarm-threshold
info-center source
Use info-center source to configure a log output rule for a module.
Use undo info-center source to restore the default.
Syntax
info-center source { module-name | default } { console | logbuffer | logfile | loghost | monitor } { deny | level severity }
undo info-center source { module-name | default } { console | logbuffer | logfile | loghost | monitor }
Default
Table 93 lists the default log output rules.
Destination |
Source modules |
Standard system log |
Security log |
Diagnostic log |
Hidden log |
Console |
All supported modules |
debugging |
Disabled |
Disabled |
Disabled |
Monitor terminal |
All supported modules |
debugging |
Disabled |
Disabled |
Disabled |
Log host |
All supported modules |
informational |
Disabled |
Disabled |
informational |
Log buffer |
All supported modules |
informational |
Disabled |
Disabled |
informational |
Log file |
All supported modules |
informational |
Disabled |
Disabled |
informational |
Security log file |
All supported modules, cannot be filtered |
Disabled |
Debugging, which cannot be filtered |
Disabled |
Disabled |
Diagnostic log file |
All supported modules, cannot be filtered |
Disabled |
Disabled |
Debugging, which cannot be filtered |
Disabled |
Views
System view
Predefined user roles
network-admin
Parameters
module-name: Specifies a module by its name. For instance, to output FTP information, set this argument to FTP. You can use the info-center source ? command to view the modules supported by the device.
default: Specifies all supported modules, which can be displayed by using the info-center source ? command.
console: Outputs logs to the console.
logbuffer: Outputs logs to the log buffer.
logfile: Outputs logs to the log file.
loghost: Outputs logs to the log host.
monitor: Outputs logs to the monitor terminal.
deny: Disables log output.
level severity: Specifies a severity level in the range of 0 to 7. The smaller the severity value, the higher the severity level. See Table 88 for more information. Logs at the specified severity level and higher levels are allowed or denied to be output.
Usage guidelines
If you do not set an output rule for a module, the module uses the output rule set by using the default keyword. If no rule is set by using the default keyword, the module uses the default output rule.
To modify or remove an output rule set for a module, you must use the module-name argument. A new output rule configured by using the default keyword does not take effect on the module.
If you execute this command for a module multiple times, the most recent configuration takes effect.
If you execute this command for the default modules multiple times, the most recent configuration takes effect.
Examples
# Output only VLAN module's information with the emergency level to the console.
<Sysname> system-view
[Sysname] info-center source default console deny
[Sysname] info-center source vlan console level emergency
# Based on the previous configuration, disable output of VLAN module's information to the console so no system information is output to the console.
<Sysname> system-view
[Sysname] undo info-center source vlan console
info-center synchronous
Use info-center synchronous to enable synchronous information output.
Use undo info-center synchronous to disable synchronous information output.
Syntax
info-center synchronous
Default
Synchronous information output is disabled.
Views
System view
Predefined user roles
network-admin
Usage guidelines
System log output interrupts ongoing configuration operations, including obscuring previously entered commands. Synchronous information output shows the obscured commands. It also provides a command prompt in command editing mode, or a [Y/N] string in interaction mode so you can continue your operation from where you were stopped.
Examples
# Enable synchronous information output, and then execute the display current-configuration command to view the current configuration of the device.
<Sysname> system-view
[Sysname] info-center synchronous
Info-center synchronous output is on
[Sysname] display current-
At this time, the system receives log information. It displays the log information first, and then displays your previous input, which is display current- in this example.
%May 21 14:33:19:425 2007 Sysname SHELL/4/LOGIN: VTY login from 192.168.1.44
[Sysname] display current-
Enter configuration to complete the display current-configuration command, and press the Enter key to execute the command.
# Enable synchronous information output, and then save the current configuration (enter interactive information).
<Sysname> system-view
[Sysname] info-center synchronous
Info-center synchronous output is on
[Sysname] save
The current configuration will be written to the device. Are you sure? [Y/N]:
At this time, the system receives the log information. It displays the log information first and then displays [Y/N].
%May 21 14:33:19:425 2007 Sysname SHELL/4/LOGIN: VTY login from 192.168.1.44
[Y/N]:
Enter Y or N to complete your input.
info-center syslog min-age
Use info-center syslog min-age to set the minimum storage period for log files and logs in the log buffer.
Use undo info-center syslog min-age to restore the default.
Syntax
info-center syslog min-age min-age
undo info-center syslog min-age
Default
The minimum storage period for log files and logs in the log buffer is not set.
Views
System view
Predefined user roles
network-admin
Parameters
min-age: Sets the minimum storage period in hours. The value range is 1 to 8760.
Examples
# Set the minimum storage period to 168 hours for log files and logs in the log buffer.
<Sysname> system-view
[Sysname] info-center syslog min-age 168
info-center syslog trap buffersize
Use info-center syslog trap buffersize to set the maximum number of log traps that can be stored in the log trap buffer.
Use undo info-center syslog trap buffersize to restore the default.
Syntax
info-center syslog trap buffersize buffersize
undo info-center syslog trap buffersize
Default
The log trap buffer can store a maximum of 1024 traps.
Views
System view
Predefined user roles
network-admin
Parameters
buffersize: Specifies the maximum number of log traps that can be stored in the log trap buffer. The value range is 0 to 65535. Value 0 indicates that the device does not buffer log traps.
Usage guidelines
Log traps are SNMP notifications stored in the log trap buffer. After the snmp-agent trap enable syslog command is configured, the device sends log messages in SNMP notifications to the log trap buffer. You can view the log traps by accessing the MIB corresponding to the trap buffer.
The default buffer size is usually used. You can adjust the buffer size according to your network condition. New traps overwrite the oldest traps when the log trap buffer is full.
Examples
# Set the log trap buffer size to 2048.
<Sysname> system-view
[Sysname] info-center syslog trap buffersize 2048
Related commands
snmp-agent trap enable syslog
info-center timestamp
Use info-center timestamp to set the timestamp format for logs sent to the console, monitor terminal, log buffer, and log file.
Use undo info-center timestamp to restore the default.
Syntax
info-center timestamp { boot | date | none }
undo info-center timestamp
Default
The timestamp format for logs sent to the console, monitor terminal, log buffer, and log file is date.
Views
System view
Predefined user roles
network-admin
Parameters
boot: Sets the timestamp format to xxx.yyy, where xxx is the most significant 32 bits (in milliseconds) and yyy is the least significant 32 bits. For example, 0.21990989 equals Jun 25 14:09:26:881 2007. The boot time shows the time since system startup.
date: Sets the timestamp format to MMM DD hh:mm:ss:xxx YYYY, such as Dec 8 10:12:21:708 2007. The date time shows the current system time.
· MMM: Abbreviations of the months in English, which could be Jan, Feb, Mar, Apr, May, Jun, Jul, Aug, Sep, Oct, Nov, or Dec.
· DD: Date, starting with a space if it is less than 10, for example " 7".
· hh:mm:ss:xxx: Local time, with hh in the range of 00 to 23, mm and ss in the range of 00 to 59, and xxx in the range of 0 to 999.
· YYYY: Year.
none: Indicates no time information is provided.
Examples
# Set the timestamp format to boot for logs sent to the console, monitor terminal, log buffer, and log file.
<Sysname> system-view
[Sysname] info-center timestamp boot
Related commands
info-center timestamp loghost
info-center timestamp loghost
Use info-center timestamp loghost to set the timestamp format for logs sent to log hosts.
Use undo info-center timestamp loghost to restore the default.
Syntax
info-center timestamp loghost { date | iso | no-year-date | none }
undo info-center timestamp loghost
Default
The timestamp format for logs sent to log hosts is date.
Views
System view
Predefined user roles
network-admin
Parameters
date: Sets the timestamp format to mmm dd hh:mm:ss yyyy, such as Dec 8 10:12:21 2007. The date time shows the current system time.
iso: Sets the ISO 8601 timestamp format, for example, 2009-09-21T15:32:55.
no-year-date: Sets the timestamp format to the current system date and time without year.
none: Indicates that no timestamp information is provided.
Examples
# Set the timestamp format to no-year-date for logs sent to log hosts.
<Sysname> system-view
[Sysname] info-center timestamp loghost no-year-date
Related commands
info-center timestamp
info-center trace-logfile quota
Use info-center trace-logfile quota to set the maximum size for the trace log file.
Use undo info-center trace-logfile quota to restore the default.
Syntax
info-center trace-logfile quota size
undo info-center trace-logfile quota
Default
The maximum size for the trace log file is 1 MB.
Views
System view
Predefined user roles
network-admin
Parameters
size: Sets the maximum size for the trace log file, in MB. The value range is 1 to 10.
Examples
# Set the maximum size to 6 MB for the trace log file.
<Sysname> system-view
[Sysname] info-center trace-logfile quota 6
logfile save
Use logfile save to manually save logs in the log file buffer to the log file.
Syntax
logfile save
Views
Any view
Predefined user roles
network-admin
Usage guidelines
You can specify the directory to save the log file by using the info-center logfile directory command.
The system clears the log file buffer after saving the buffered logs to the log file automatically or manually.
If the log file buffer is empty, this command displays a success message event though no logs are saved to the log file.
Examples
# Manually save logs from the log file buffer to a log file.
<Sysname> logfile save
The contents in the log file buffer have been saved to the file flash:/logfile/logfile.log.
Related commands
info-center logfile enable
info-center logfile directory
reset logbuffer
Use reset logbuffer to clear the log buffer.
Syntax
reset logbuffer
Views
User view
Predefined user roles
network-admin
Examples
# Clear the log buffer.
<Sysname> reset logbuffer
Related commands
display logbuffer
security-logfile save
Use security-logfile save to manually save security logs from the security log file buffer to the security log file.
Syntax
security-logfile save
Views
Any view
Predefined user roles
security-audit
Usage guidelines
The system clears the security log file buffer after saving the buffered security logs to the security log file automatically or manually.
If the security log file buffer is empty, this command displays a success message event though no security logs are saved to the security log file.
A local user can use this command only after being authorized as the security log administrator by the system administrator. For more information about the security log administrator, see Security Configuration Guide.
Examples
# Manually save the security logs in the security log file buffer to the security log file.
<Sysname> security-logfile save
The contents in the security log file buffer have been saved to the file flash:/seclog/seclog.log.
Related commands
info-center security-logfile directory
authorization-attribute (Security Command Reference)
snmp-agent trap enable syslog
Use snmp-agent trap enable syslog to enable SNMP notifications for log messages.
Use undo snmp-agent trap enable syslog to restore the default.
Syntax
snmp-agent trap enable syslog
undo snmp-agent trap enable syslog
Default
The device does not send SNMP notifications for log messages.
Views
System view
Predefined user roles
network-admin
Usage guidelines
This command enables the device to send an SNMP notification for each log message it outputs. The device encapsulates logs in SNMP notifications and then sends them to the SNMP module and the log trap buffer.
You can configure the SNMP module to send received SNMP notifications in SNMP traps or informs to remote hosts. For more information, see Network Management and Monitoring Configuration Guide.
To view the traps in the log trap buffer, access the MIB corresponding to the log trap buffer. The log trap buffer size can be set by using the info-center syslog trap buffersize command.
Examples
# Enable the device to send SNMP notifications for log messages.
<Sysname> system-view
[Sysname] snmp-agent trap enable syslog
Related commands
info-center syslog trap buffersize
terminal debugging
Use terminal debugging to enable the display of debug information on the current terminal.
Use undo terminal debugging to disable the display of debug information on the current terminal.
Syntax
terminal debugging
undo terminal debugging
Default
The display of debug information is disabled on the current terminal.
Views
User view
Predefined user roles
network-admin
Usage guidelines
To enable the display of debug information on the console, perform the following tasks:
1. Execute the terminal debugging command.
2. Enable the information center. The information center is enabled by default.
3. Use a debugging command to enable the related debugging.
To enable the display of debug information on the current terminal, perform the following tasks:
4. Execute the terminal monitor and terminal debugging commands.
5. Enable the information center. The information center is enabled by default.
6. Use a debugging command to enable the related debugging.
This command takes effect only for the current connection between the terminal and the device. If a new connection is established, the default is restored.
You can also enable the display of debug information on the current terminal by executing the terminal logging level 7 command. This command has the following differences from the terminal debugging command:
· The terminal logging level 7 command enables log display for all levels (levels 0 through 7) on the current terminal.
· The terminal debugging command only enables display of logs with the following severity levels:
¡ Debug level (level 7).
¡ Severity level higher than or equal to the level specified in the terminal logging level command.
Examples
# Enable the display of debug information on the current terminal.
<Sysname> terminal debugging
The current terminal is enabled to display debugging information.
Related commands
terminal logging level
terminal monitor
terminal logging level
Use terminal logging level to set the lowest level of logs that can be output to the current terminal.
Use undo terminal logging level to restore the default.
Syntax
terminal logging level severity
undo terminal logging level
Default
The lowest level of logs that can be output to the current terminal is 6 (Informational).
Views
User view
Predefined user roles
network-admin
Parameters
severity: Specifies a log severity level in the range of 0 to 7.
Usage guidelines
This command enables the device to output logs with a severity level higher than or equal to the specified level to the current terminal. For example, if you set the severity argument to 6, logs with a severity value from 0 to 6 are output to the current terminal.
This command takes effect only for the current connection between the terminal and the device. If a new connection is established, the default is restored.
Examples
# Configure the device to output logs with the debugging level and higher levels to the current terminal.
<Sysname> terminal logging level 7
terminal monitor
Use terminal monitor to enable the monitoring of logs on the current terminal.
Use undo terminal monitor to disable the monitoring of logs on the current terminal.
Syntax
terminal monitor
undo terminal monitor
Default
Monitoring of logs is enabled on the console and disabled on the monitor terminal.
Views
User view
Predefined user roles
network-admin
Usage guidelines
This command takes effect only for the current connection between the terminal and the device. If a new connection is established, the default is restored.
Examples
# Enable the monitoring of logs on the current terminal.
<Sysname> terminal monitor
Flow log commands
The following matrix shows the feature and hardware compatibility:
Hardware |
Flow log compatibility |
MSR810/810-W/810-W-DB/810-LM/810-W-LM/810-10-PoE/810-LM-HK/810-W-LM-HK |
Yes |
MSR810-LMS/810-LUS |
No |
MSR2600-6-X1/2600-10-X1 |
Yes |
MSR 2630 |
Yes |
MSR3600-28/3600-51 |
Yes |
MSR3600-28-SI/3600-51-SI |
No |
MSR3610-X1/3610-X1-DP/3610-X1-DC/3610-X1-DP-DC |
Yes |
MSR 3610/3620/3620-DP/3640/3660 |
Yes |
MSR5620/5660/5680 |
Yes |
Hardware |
Flow log compatibility |
MSR810-LM-GL |
Yes |
MSR810-W-LM-GL |
Yes |
MSR830-6EI-GL |
Yes |
MSR830-10EI-GL |
Yes |
MSR830-6HI-GL |
Yes |
MSR830-10HI-GL |
Yes |
MSR2600-6-X1-GL |
Yes |
MSR3600-28-SI-GL |
Yes |
MSR810-LM-GL |
No |
display userlog export
Use display userlog export to display flow log configuration and statistics.
Syntax
display userlog export
Views
Any view
Predefined user roles
network-admin
network-operator
Examples
# Display flow log configuration and statistics.
<Sysname> display userlog export
Flow:
Export flow log as UDP Packet.
Version: 3.0
Source ipv4 address: 2.2.2.2
Source ipv6 address:
Log load balance function: Disabled
Local time stamp: Disabled
Number of log hosts: 2
Log host 1:
Host/Port: 1.2.3.6/2000
Total logs/UDP packets exported: 112/87
Log host 2:
VPN instance:abc
Host/Port:1.1.1.1/2000
Total logs/UDP packets exported: 6553665536/409597846
Table 94 Command output
Field |
Description |
Flow |
Flow log configuration and statistics. |
Export flow log as UDP Packet |
Flow log entries were sent to log hosts in UDP. |
Version |
Flow log feature version. |
Source ipv4 address |
Source IPv4 address of the flow log packets. |
Source ipv6 address |
Source IPv6 address of the flow log packets. |
Log load balancing function |
Load balancing status for flow log entries: · Enabled—Flow log entries are distributed among available log hosts. · Disabled—Every flow log entry is copied and sent to all available log hosts. |
Local time stamp |
Whether or not the local time is used in the log timestamp: · Enabled—The local time is used. · Disabled—The UTC time is used. |
Number of log hosts |
Total number of log hosts. |
Log host |
Information about the log host. |
VPN instance |
VPN instance to which the log host belongs. |
Host/port |
IP address and port number of the log host. |
Total logs |
Total number of flow log entries exported to the log hosts. |
UDP packets exported |
Total number of UDP packets used to export the flow log entries. A UDP packet can contain multiple flow log entries. |
userlog flow export
display userlog host-group
Use display userlog host-group to display flow log host group information.
Syntax
display userlog host-group [ ipv6 ] [ host-group-name ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
ipv6: Specifies an IPv6 flow log host group. Do not configure this keyword if you want to specify an IPv4 flow log host group.
host-group-name: Specify a flow log host group by its name, a case-sensitive string of 1 to 63 characters. If you do not specify a log host group, this command displays information about all log host groups.
Examples
# Display information about IPv4 flow log host group test.
<Sysname> display userlog host-group test
Userlog host-group test:
ACL number: 2000
Flow log host numbers: 1
Log host 1:
VPN-instance: test
Host/port: 1.1.1.2/2000
# Display information about all IPv4 flow log host groups.
<Sysname> display userlog host-group
There are 2 IPv4 host groups.
Userlog host-group test:
ACL number: 2000
Flow log host numbers: 1
Log host 1:
VPN-instance: test
Host/Port: 1.2.3.6/0
Userlog host-group test2:
ACL name: test
Flow log host numbers: 1
Log host 1:
Host/Port: 1.1.1.1/0
Table 95 Command output
Field |
Description |
Userlog host-group test |
Information about a flow log host group. |
ACL number/ACL name |
ACL used by the log host group to match flow log entries. |
Flow log host numbers |
Number of flow log hosts in the group. |
Log host |
Information about a flow log host. |
VPN-instance |
VPN instance to which the log host belongs. This field is not displayed if no VPN instance is specified for the log host. |
Host/Port |
IP address and port number of the log host. |
Related commands
userlog host-group
userlog host-group host flow
reset userlog flow export
Use reset userlog flow export to clear flow log statistics.
Syntax
reset userlog flow export
Views
User view
Predefined user roles
network-admin
Examples
# Clear flow log statistics.
<Sysname> reset userlog flow export
Related commands
userlog flow export
userlog flow export host
Use userlog flow export host to specify a log host to receive flow log entries.
Use undo userlog flow export host to remove a log host.
Syntax
userlog flow export [ vpn-instance vpn-instance-name ] host { hostname | ipv4-address | ipv6 ipv6-address } port udp-port
undo userlog flow export [ vpn-instance vpn-instance-name ] host { hostname | ipv4-address | ipv6 ipv6-address }
Default
No log hosts are specified.
Views
System view
Predefined user roles
network-admin
Parameters
vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters. If the log host is on the public network, do not specify this option.
hostname: Specifies a log host by its name, a case-insensitive string of 1 to 253 characters. The host name can contain letters, digits, and special characters including hyphen (-), underscore (_), and dot (.).
ipv4-address: Specifies a log host by its IPv4 address. The address must be a valid unicast address and cannot be a loopback address.
ipv6 ipv6-address: Specifies a log host by its IPv6 address.
port udp-port: Specifies the UDP port number of the log host, in the range of 1 to 65535. As a best practice, use UDP port numbers in the range 1025 to 65535 to avoid collision with well-known UDP port numbers.
Examples
# Export flow log entries to UDP port 2000 on the log host at 1.2.3.6.
[Sysname] userlog flow export host 1.2.3.6 port 2000
Related commands
display userlog export
userlog flow export load-balancing
Use userlog flow export load-balancing to enable load balancing for flow log entries.
Use undo userlog flow export load-balancing to restore the default.
Syntax
userlog flow export load-balancing
undo userlog flow export load-balancing
Default
Load balancing is disabled. The device sends a copy of each flow log entry to all available log hosts.
Views
System view
Predefined user roles
network-admin
Usage guidelines
In load balancing mode, flow log entries are distributed among log hosts based on the source IP addresses (before NAT) that are recorded in the entries. The flow log entries generated for the same source IP address are sent to the same log host. If a log host goes down, the flow logs sent to it will be lost.
Examples
# Enable load balancing for flow logging.
<Sysname> system-view
[Sysname] userlog flow export load-balancing
Related commands
userlog flow export host
userlog flow export source-ip
Use userlog flow export source-ip to specify a source IP address for flow log packets.
Use undo userlog flow export source-ip to restore the default.
Syntax
userlog flow export source-ip { ipv4-address | ipv6 ipv6-address }
undo userlog flow export source-ip [ ipv6 ]
Default
The source IP address of flow log packets is the IP address of their outgoing interface.
Views
System view
Predefined user roles
network-admin
Parameters
ipv4-address: Specifies an IPv4 address.
ipv6 ipv6-address: Specifies an IPv6 address.
Examples
# Specify 1.2.1.2 as the source IP address for flow log packets.
<Sysname> system-view
[Sysname] userlog flow export source-ip 1.2.1.2
Related commands
userlog flow export host
userlog flow export timestamp localtime
Use userlog flow export timestamp localtime to configure the device to use the local time in the timestamp of flow logs.
Use undo userlog flow export timestamp localtime to restore the default.
Syntax
userlog flow export timestamp localtime
undo userlog flow export timestamp localtime
Default
The device uses the UTC time in the timestamp of flow logs.
Views
System view
Predefined user roles
network-admin
Usage guidelines
The device uses either the local time or the UTC time in the timestamp of flow logs.
· UTC time—Standard Greenwich Mean Time (GMT).
· Local time—Standard GMT plus or minus the time zone offset.
The time zone offset can be configured by using the clock timezone command. For more information, see Fundamentals Command Reference.
Examples
# Configure the device to use the local time in the timestamp of flow logs.
<Sysname> system-view
[Sysname] userlog flow export timestamp localtime
userlog flow export version
Use userlog flow export version to set the flow log version.
Use undo userlog flow export version to restore the default.
Syntax
userlog flow export version version-number
undo userlog flow export version
Default
The flow log version is 1.0.
Views
System view
Predefined user roles
network-admin
Parameters
version-number: Specifies a flow log version. Available options are 1, 3, and 5, which represent version 1.0, version 3.0, and version 5.0, respectively.
Usage guidelines
If you execute this command multiple times, the most recent configuration takes effect.
Examples
# Set the flow log version to 3.0.
<Sysname> system-view
[Sysname] userlog flow export version 3
Related commands
userlog flow export host
userlog flow syslog
Use userlog flow syslog to specify the information center as the destination for flow log export.
Use undo userlog flow syslog to restore the default.
Syntax
userlog flow syslog
undo userlog flow syslog
Default
Flow log entries are not exported.
Views
System view
Predefined user roles
network-admin
Usage guidelines
You can export flow log entries to log hosts or the information center, but not both. If both methods are configured, the system exports flow log entries to the information center.
Flow log entries are converted to the syslog format when they are exported to the information center. Their severity level is informational. With the information center, you can specify multiple log output destinations, including the console, log host, and log file.
Log entries in ASCII format are human readable. However, the log data volume is higher in ASCII format than in binary format.
Examples
# Specify the information center as the destination for flow log export.
<Sysname> system-view
[Sysname] userlog flow syslog
Related commands
userlog flow export host
userlog host-group
Use userlog host-group to create a flow log host group and enter its view, or enter the view of an existing flow log host group.
Use undo userlog host-group to delete a flow log host group.
Syntax
userlog host-group [ ipv6 ] host-group-name acl { name acl-name | number acl-number }
undo userlog host-group [ ipv6 ] host-group-name
Default
No flow log host groups exist.
Views
System view
Predefined user roles
network-admin
Parameters
ipv6: Creates an IPv6 flow log host group. Do not configure this keyword if you want to create an IPv4 flow log host group.
host-group-name: Specify a name for the flow log host group, a case-sensitive string of 1 to 63 characters.
acl: Specify an ACL to match the flow log entries to be sent to the flow log host group.
name acl-name: Specifies the ACL name, a case-insensitive string of 1 to 63 characters. The ACL name must start with a letter and cannot be all.
number acl-number: Specifies the ACL number, in the range of 2000 to 3999.
Usage guidelines
The flow log host group feature enables the device to send specific flow logs to specific group of log hosts. This facilitates log filtering and reduces the log sending and processing workload of the device.
A flow log host group uses an ACL to match the flow logs to be sent to it. Make sure the ACL exists and the ACL rules can identify the designated flow logs.
A flow log matches a log host group if it matches the group's ACL, and it is sent only to the log hosts in the matching group.
If a flow log matches multiple log host groups, the device sends the log to the group that comes first in alphabetical order of the matching group names.
If a flow log does not match any log host groups, the device ignores the log host group configuration and sends the log to all configured log hosts.
Examples
# Create an IPv4 flow log host group named test and specify ACL 2000 for it.
<Sysname> system-view
[Sysname] userlog host-group test acl number 2000
[Sysname-userlog-host-group-test]
Related commands
display userlog host-group
userlog host-group host flow
userlog host-group host flow
Use userlog host-group host flow to assign a log host to a flow log host group.
Use undo userlog host-group host flow to remove a log host from a flow log host group.
Syntax
In IPv4 flow log host group view:
userlog host-group [ vpn-instance vpn-instance-name ] host flow { hostname | ipv4-address | }
undo userlog host-group [ vpn-instance vpn-instance-name ] host flow { hostname | ipv4-address }
In IPv6 flow log host group view:
userlog host-group [ vpn-instance vpn-instance-name ] host flow ipv6 { hostname | ipv6-address }
undo userlog host-group [ vpn-instance vpn-instance-name ] host flow ipv6 { hostname | ipv6-address }
Default
No log hosts exist in a flow log host group.
Views
IPv4 flow log host group view
IPv6 flow log host group view
Predefined user roles
network-admin
Parameters
vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters. If the log host is on the public network, do not specify this option. Support for this option depends on the device model.
hostname: Specifies a log host by its name, a case-insensitive string of 1 to 253 characters. The host name can contain letters, digits, hyphens (-), underscores (_), and dots (.).
ipv4-address: Specifies a log host by its IPv4 address. The address must be a valid IPv4 unicast address and cannot be a loopback address.
ipv6 ipv6-address: Specifies a log host by its IPv6 address. The address must be a valid IPv6 unicast address and cannot be a loopback address or all zeros.
Usage guidelines
A flow log host group can contain multiple log hosts, and a log host can be assigned to multiple flow log host groups.
Before you assign a log host to a flow log host group, make sure the log host has been configured on the device by using userlog flow export host the command.
Examples
# Assign a log host to flow log host group test.
<Sysname> system-view
[Sysname] userlog host-group test acl number 2000
[Sysname-userlog-host-group-test] userlog host-group host flow 1.2.3.6
Related commands
display userlog host-group
userlog flow export host
userlog host-group
Packet capture commands
The term "AC" in this document refers to MSR routers that can function as ACs. The term "AP" in this document refers to MSR routers that support WLAN.
The following routers cannot function as ACs:
· MSR3600-28-SI/3600-51-SI.
· MSR3610-X1/3610-X1-DP/3610-X1-DC/3610-X1-DP-DC.
· MSR5620/5660/5680.
The following routers cannot act as fat APs:
· MSR810-W.
· MSR810-W-DB.
· MSR810-W-LM.
· MSR810-W-LM-HK.
display packet-capture status
Use display packet-capture status to display packet capture status information.
Syntax
display packet-capture status
Views
User view
Predefined user roles
network-admin
Examples
# Display packet capture status information.
<Sysname> display packet-capture status
Status : Capturing
File Name : flash:/a.pcap
User Name : N/A
Password : N/A
# Display packet capture status information for radio 1 of AP 1.
<Sysname> display packet-capture status
AP name : ap1
Radio ID : 1
Radio mode : 802.11n(2.4GHz)
Channel : 1
Status : Capturing
File name : database.dhcp
Username : 1
Password : ******
Table 96 Command output
Field |
Description |
Status |
Packet capture status. Only the Capturing status is supported in the current software version. |
Username |
Username for logging in to the remote FTP server. |
Password |
Password for logging in to the remote FTP server. Both passwords in encrypted form and in plaintext form are displayed as ******. If no password is required or configured, this filed displays N/A. |
Related commands
packet-capture local interface
packet-capture remote interface
packet-capture local ap (on ACs)
Use packet-capture local ap to capture incoming packets on an AP radio and save the captured packets to a file on an FTP server.
Syntax
packet-capture local ap ap-name radio radio-id [ capture-filter capt-expression | limit-frame-size bytes | autostop filesize kilobytes | autostop duration seconds ] * write url url [ username username [ password { cipher | simple } string ] ]
Views
User view
Predefined user roles
network-admin
Parameters
ap ap-name: Specifies an AP by its name, a case-insensitive string of 1 to 64 characters. The string can contain letters, digits, underscores (_), left brackets ([), right brackets (]), forward slashes (/), and hyphens (-).
radio radio-id: Specifies a radio by its ID.
capture-filter capt-expression: Specifies an expression to match packets to be captured, a case-sensitive string of 1 to 256 characters. If you do not specify a capture filter expression, the device captures all incoming packets on an interface. For information about building a capture filter expression, see packet capture in Network Management and Monitoring Configuration Guide.
limit-frame-size bytes: Specifies the maximum number of bytes to capture from a packet, in the range of 64 to 8000. The default is 8000.
autostop filesize kilobytes: Stops capturing packets if the maximum packet file size is exceeded when file rotation is disabled. The kilobytes argument sets the maximum packet file size. The value range is 1 to 65536 kilobytes. If you do not set a limit, the packet file size is unlimited.
autostop duration seconds: Stops capturing packets when the capturing duration expires. The seconds argument sets the capturing duration. The value range is 1 to 2147483647 seconds. If you do not set a limit, the capturing duration is unlimited.
write url url: Specifies the URL of the packet file on an FTP server used to store captured packet data. The URL must be a case-sensitive string of 1 to 255 characters. The URL string must not contain at signs (@), and the specified username and password. If you do not specify a URL, the captured packet data is not saved.
username username: Specifies a username for logging in to the FTP server. The username is a case-sensitive string of 1 to 32 characters.
password: Specifies a password for logging in to the FTP server.
cipher: Specifies a password in encrypted form.
simple: Specifies a password in plaintext form. For security purposes, the password specified in plaintext form will be stored in encrypted form.
string: Specifies the password. Its plaintext form is a case-sensitive string of 1 to 32 characters. Its encrypted form is a case-sensitive string of 1 to 73 characters.
Usage guidelines
To stop the packet capture, use the packet-capture stop command.
If you specify both the autostop filesize option and autostop duration option, the packet capture stops when any one of the limits is reached.
Follow these restrictions and guidelines to specify the URL, username, and password:
· The URL format is ftp://FTP server address:port number/file name, where the port number is optional. If you do not specify the port number, do not enter the colon (:) after the FTP server address.
· If the server address is an IPv6 address, enclose the address in a pair of brackets, for example, ftp://[2001::1]:21/test.cfg.
· You can also specify the DNS domain name for the server address field, for example, ftp://sdp:21/test.cfg.
· The username and password must be the same as those configured on the FTP server. If the server authenticates only the username, the password can be omitted.
Make sure the capturing duration for the autostop duration seconds option is long enough for the device to log in to the FTP server. If not, the FTP server does not create the specified packet file or save captured packet data.
Examples
# Capture incoming packets on radio 1 of AP 1.
<Sysname> packet-capture local ap ap1 radio 1 write url ftp://10.1.1.1/database.pcap username 1 password simple 1
Related commands
display packet-capture status
packet-capture stop
packet-capture local interface (on wired devices/fat APs)
Use packet-capture local interface to capture incoming packets on an interface and save the captured packets to a local file or to a remote file on an FTP server.
Syntax
packet-capture local interface interface-type interface-number [ capture-filter capt-expression | limit-frame-size bytes | autostop filesize kilobytes | autostop duration seconds ] * write { filepath | url url [ username username [ password { cipher | simple } string ] ] }
Views
User view
Predefined user roles
network-admin
Parameters
interface interface-type interface-number: Specifies a Layer 2 or Layer 3 Ethernet interface by its type and number.
capture-filter capt-expression: Specifies an expression to match packets to be captured, a case-sensitive string of 1 to 256 characters. If you do not specify a capture filter expression, the device captures all incoming packets on an interface.
limit-frame-size bytes: Sets the maximum number of bytes to capture for a packet. The value range is 64 to 8000 bytes, and the default value is 8000 bytes.
autostop filesize kilobytes: Stops capturing packets if the maximum packet file size is exceeded when file rotation is disabled. The kilobytes argument sets the maximum packet file size. The value range is 1 to 65536 kilobytes. If you do not set a limit, the packet file size is unlimited.
autostop duration seconds: Stops capturing packets when the capturing duration expires. The seconds argument sets the capturing duration. The value range is 1 to 2147483647 seconds. If you do not set a limit, the capturing duration is unlimited.
write: Stores the captured packet data.
filepath: Specifies the full path of a local packet file to store captured packet data. The path must be a case-sensitive string of up to 64 characters. The filename extension must be .pcap. For more information about setting a file path, see file system management in Fundamentals Configuration Guide.
url url: Specifies the URL of a remote packet file on an FTP server to store captured packet data. The URL must be a case-sensitive string of 1 to 255 characters. The URL string must not contain at signs (@), and the specified username and password. If you do not specify a URL, the captured packet data is not saved.
username username: Specifies a username for logging in to the FTP server. The username is a case-sensitive string of 1 to 32 characters.
password: Specifies a password for logging in to the FTP server.
cipher: Specifies a password in encrypted form.
simple: Specifies a password in plaintext form. For security purposes, the password specified in plaintext form will be stored in encrypted form.
string: Specifies the password. Its plaintext form is a case-sensitive string of 1 to 32 characters. Its encrypted form is a case-sensitive string of 1 to 73 characters.
Usage guidelines
To stop the capture while it is capturing packets, use the packet-capture stop command.
If you configure both the autostop filesize option and autostop duration option, the packet capture stops when any one of the limits for the stop options is reached.
Follow these restrictions and guidelines to specify the URL, username, and password:
· The URL format is ftp://FTP server address:port number/file name, where the port number is optional.
· If the server address is an IPv6 address, enclose the address in a pair of brackets, for example, ftp://[2001::1]:21/test.cfg.
· You can also specify the DNS domain name for the server address field, for example, ftp://sdp:21/test.cfg.
· The username and password must be the same as those configured on the FTP server. If the server authenticates only the username, the password can be omitted.
Do not set a short capturing duration in the autostop duration seconds option. If the duration is too short, the capture might stop when a user has not logged in to the FTP server. The captured packets cannot be saved because a packet file has not been created.
Examples
· On a wired device:
# Capture incoming packets and store the data in the database.pcap file on the FTP server at 10.1.1.1. The username and password for logging in to the FTP server are 1 and 1, respectively.
<Sysname> packet-capture local interface gigabitethernet 1/0/1 write url ftp://10.1.1.1/database.pcap username 1 password simple 1
· On a fat AP:
# Capture incoming packets and store the data in the database.pcap file on the FTP server at 10.1.1.1. The username and password for logging in to the FTP server are 1 and 1, respectively.
<Sysname> packet-capture local interface wlan-radio 1/0/1 write url ftp://10.1.1.1/database.pcap username 1 password simple 1
Related commands
display packet-capture status
packet-capture stop
packet-capture remote ap (on ACs)
Use packet-capture remote ap to capture incoming packets on an AP radio.
Syntax
packet-capture remote ap ap-name radio radio-id [ port port ]
Views
User view
Predefined user roles
network-admin
Parameters
ap ap-name: Specifies an AP by its name, a case-insensitive string of 1 to 64 characters. The string can contain letters, digits, underscores (_), left brackets ([), right brackets (]), forward slashes (/), and hyphens (-).
radio radio-id: Specifies a radio by its ID.
port port: Specifies the RPCAP service port on the AP by its port number. If you do not specify a RPCAP service port, RPCAP service port 2002 is used.
Usage guidelines
After this command is executed, the client (such as Wireshark) connected to the RPCAP service port of the AP can obtain packets captured on the AP radio.
To stop the packet capture, use the packet-capture stop command.
Examples
# Capture incoming packets on radio 2 of AP 1. Set the RPCAP service port number to 2014.
<Sysname> packet-capture remote ap ap1 radio 2 port 2014
Related commands
display packet-capture status
packet-capture stop
packet-capture remote interface (on wired devices/fat APs)
Use packet-capture remote interface to capture incoming packets on an interface.
Syntax
packet-capture remote interface interface-type interface-number [ port port ]
Views
User view
Predefined user roles
network-admin
Parameters
interface interface-type interface-number: Specifies an Ethernet interface by its type and number.
port port: Specifies the RPCAP service port by its number. If you do not specify a RPCAP service port, RPCAP service port 2002 is used.
Usage guidelines
After this command is executed, the client (such as Wireshark) connected to the AP can obtain packets captured on the specified interface.
To stop the capture while it is capturing packets, use the packet-capture stop command.
Examples
· On a wired device:
# Capture incoming packets on GigabitEthernet 1/0/1 and specify the RPCAP service port number as 2014.
<Sysname> packet-capture remote interface gigabitethernet 1/0/1 port 2014
· On a fat AP:
# Capture incoming packets on WLAN-Radio 1/0/1 and specify the RPCAP service port number as 2014.
<Sysname> packet-capture remote interface wlan-radio 1/0/1 port 2014
Related commands
display packet-capture status
packet-capture stop
packet-capture stop
Use packet-capture stop to stop the packet capture.
Syntax
packet-capture stop
Views
User view
Predefined user roles
network-admin
Examples
# Stop the packet capture.
<Sysname> packet-capture stop
Related commands
packet-capture local interface
packet-capture remote interface
SmartMC commands
boot-loader
Use boot-loader to specify the upgrade startup software files for a SmartMC group.
Use undo boot-loader to restore the default.
Syntax
boot-loader file { ipe-filename | boot boot-filename system system-filename }
undo boot-loader
Default
No upgrade startup software files are specified for a SmartMC group.
Views
SmartMC group view
Predefined user roles
network-admin
Parameters
ipe-filename: Specifies an IPE software file by its name, a case-insensitive string of 5 to 45 characters. The file name must include the .ipe extension.
boot boot-filename: Specifies a boot image file by its name, a case-insensitive string of 5 to 45 characters. The file name must include the .bin extension.
system system-filename: Specifies a system image file by its name, a case-insensitive string of 5 to 45 characters. The file name must include the .bin extension.
Usage guidelines
If you execute this command multiple times, the most recent configuration takes effect.
Examples
# Specify IPE software file device.ipe for SmartMC group testgroup.
<Sysname> system-view
[Sysname] smartmc group testgroup
[Sysname-smartmc-group-testgroup] boot-loader file device.ipe
Related commands
smartmc group
startup-configuration
create batch-file
Use create batch-file to create a batch command line file.
Syntax
create batch-file batch-file-name
Default
No batch command line file exists.
Views
User view
Predefined user roles
network-admin
Parameters
batch-file-name: Specifies the name of the batch command line file, a case-insensitive string of 1 to 255 characters. If you do not specify a file extension when specifying a file name, the default extension .cmdset is used.
Usage guidelines
After executing this command, you will enter the batch command line edit mode. In this mode, each command occupies a line. When you finish editing all command lines, enter a percent sign (%) to return to user view.
Make sure the command lines that you enter are correct because the system does not verify whether the command lines are correct.
Examples
# Create batch command line file test.cmdset, and enter the command lines for specifying the device name as Sysname and enabling Telnet.
<Sysname> create batch-file test.cmdset
Begin to edit batch commands, and quit with the character '%'.
system-view
sysname Sysname
telnet server enable%
<Sysname>
Related commands
display smartmc batch-file status
smartmc batch-file deploy
display smartmc backup configuration status
Use display smartmc backup configuration status to display the configuration file backup status on TCs.
Syntax
display smartmc backup configuration status
Views
Any view
Predefined user roles
network-admin
network-operator
Usage guidelines
This command displays the status of the ongoing backup task or the most recent backup task if the TC is not performing backup.
Examples
# Display the configuration file backup status on TCs.
<Sysname> display smartmc backup configuration status
ID IpAddress MacAddress Status Time
1 192.168.56.30 08d2-38ff-0300 Finished 2017-04-05 11:30:35
2 192.168.56.40 62d2-c21c-0400 Finished 2017-04-05 11:30:40
Table 97 Command output
Field |
Description |
ID |
ID of the TC. |
IpAddress |
IP address of the TC. |
MacAddress |
MAC address of the TC. |
Status |
Backup status: · Waiting—The TC is waiting for configuration backup. · Processing—The TC is backing up the configuration. · Finished—The TC has finished backing up the configuration. · Timeout—Configuration backup times out. · Failed—The TC failed to back up the configuration. |
Time |
Time when the TC finished backing up the configuration. If the TC has not finished backing up the configuration, this field displays a hyphen (-). |
Related commands
smartmc backup configuration
smartmc backup configuration interval
smartmc backup configuration max-number
display smartmc batch-file status
Use display smartmc batch-file status to display the bulk command line execution result.
Syntax
display smartmc batch-file status [ last number ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
last number: Specifies a configuration deployment by its number counting from the most recent configuration deployment, in the range of 1 to 5. If you do not specify this option, the command displays the execution result for the most recent configuration deployment.
Examples
# Display the bulk command line execution result.
<Sysname> display smartmc batch-file status last 1
TC ID 1
Device MAC : 201c-e7c3-0300
Start time : 2017-03-21 10:23:53
End time : 2017-03-21 10:23:57
Result :
<Sysname>system-view
System View: return to User View with Ctrl+Z.
[Sysname]display smartmc configuration
Device role : TC
TM IP address : 192.168.22.103
TM MAC address : 0ec3-6a94-0100
TM sysname : H3C
TC ID 2
Device MAC : 2409-600f-0400
Start time : 2017-05-06 17:47:20
End time : 2017-05-06 17:47:25
Result :
<Sysname>system-view
System View: return to User View with Ctrl+Z.
[Sysname]display smartmc configuration
Device role : TC
TM IP address : 192.168.22.103
TM MAC address : 0ec3-6a94-0100
TM sysname : H3C
Table 98 Command output
Field |
Description |
TC ID |
ID of the TC. |
Device MAC |
MAC address of the TC. |
Start time |
Batch command line execution start time. |
End time |
Batch command line execution end time. |
Result |
Batch command line execution result in details. |
Related commands
create batch-file
smartmc batch-file deploy
display smartmc configuration
Use display smartmc configuration to display the SmartMC configuration.
Syntax
display smartmc configuration
Views
Any view
Predefined user roles
network-admin
network-operator
Examples
# Display the SmartMC configuration on the TM.
<Sysname> display smartmc configuration
Device role : TM
FTP server IP : 192.168.22.103
FTP server username : admin
Topology-refresh interval : 60(s)
Backup startup-configuration interval : N/A
Sync backup number : 5
# Display the TM information on a TC.
<Sysname> display smartmc configuration
Device role : TC
TM IP : 192.168.22.103
TM MAC : 8288-468d-0100
TM sysname : Sysname
Table 99 Command output
Field |
Description |
Device role |
Role of the device. |
FTP server IP |
IP address of the FTP server. If no FTP server IP address is configured, this field displays N/A. |
FTP server username |
FTP server username. If no username is configured, this field displays N/A. |
Topology-refresh interval |
Topology refresh interval, in seconds. |
Backup startup-configuration interval |
Automatic configuration file backup interval, in hours. If no interval is set, this field displays N/A. |
Sync backup number |
Number of TCs that can perform configuration backup at the same time. |
TM IP |
IP address of the TM. If the TC failed to obtain the TM IP address, this field displays N/A. |
TM MAC |
MAC address of the TM, If the TC failed to obtain the TM MAC address, this field displays N/A. |
TM sysname |
Name of the TM. If the TC failed to obtain the TM name, this field displays N/A. |
display smartmc device-link
Use display smartmc device-link to display connections between devices in the SmartMC network.
Syntax
display smartmc device-link
Views
Any view
Predefined user roles
network-admin
network-operator
Usage guidelines
This command allows you to display the connections between the TM and TCs.
Examples
# Display connections between the devices in the SmartMC network.
<Sysname> display smartmc device-link
(TM IP)[192.168.56.20]
ID Hop LocalPort LocalIP PeerPort PeerIP
0 0 GigabitEthernet1/0/2 192.168.56.20 GigabitEthernet1/0/1 192.168.56.30
1 1 GigabitEthernet1/0/1 192.168.56.30 GigabitEthernet1/0/2 192.168.56.20
1 2 GigabitEthernet1/0/2 192.168.56.30 GigabitEthernet1/0/1 192.168.56.40
2 3 GigabitEthernet1/0/1 192.168.56.40 GigabitEthernet1/0/2 192.168.56.30
Table 100 Command output
Field |
Description |
TM IP |
IP address of the TM. |
ID |
ID of the TM or TC. |
Hop |
Number of hops between the TM and TC. |
LocalPort |
Local port. |
LocalIP |
IP address of the local device. |
PeerPort |
Peer port. |
PeerIP |
IP address of the peer port. |
Related commands
smartmc topology-refresh
smartmc topology-refresh interval
display smartmc group
Use display smartmc group to display SmartMC group information.
Syntax
display smartmc group [ group-name ] [ verbose ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
group-name: Specifies a SmartMC group by its name, a case-sensitive string of 1 to 31 characters. If you do not specify this argument, the command displays information about all SmartMC groups.
Verbose: Displays detailed SmartMC group information. If you do not specify this keyword, the command displays brief SmartMC group information.
Examples
# Display detailed SmartMC group information.
<Sysname> display smartmc group verbose
Group name : test
TC count : 5
Boot-loader file :
Startup-configuration file :
Match Device-type S5560-EI
Match IP-address 192.168.56.0 24
Match MAC-address 0e74-ea13-0000 32
TCID DeviceType IpAddress MacAddress Status Version Sysname
1 S5560-EI 192.168.56.103 0e74-e2fb-0400 Normal R1306
2 S5560-EI 192.168.56.102 0e74-ea13-0500 Normal R1306
3 S5560-EI 192.168.56.104 0e74-db54-0300 Normal R1306
Table 101 Command output
Field |
Description |
GroupName |
Name of the SmartMC group. |
TC count |
Number of TCs in the SmartMC group. |
Boot-loader file |
Names of the upgrade startup software files for upgrading the SmartMC group. If no upgrade startup software files are specified, this field displays null. |
Startup-configuration file |
Name of the configuration file for upgrading the SmartMC group. If no configuration file is specified, this field displays null. |
Rule |
Match criteria of the SmartMC group. |
Match |
Match type and its value. The match types include the following: · Device-type—Matches TCs by device type. · IP-address—Matches TCs by IP address. · MAC-address—Matches TCs by MAC address. |
TCID |
ID of the TC. |
DeviceType |
Device type of the TC. |
IpAddress |
IP address of the TC. |
MacAddress |
MAC address of the TC. |
Version |
Software version of the TC. |
Status |
Operating status of the TC: · Offline—The TC is offline. · Normal—The TC is online. |
Sysname |
Device name of the TC. |
Related commands
match
smartmc group
display smartmc replace status
Use display smartmc replace status to display faulty TC replacement status.
Syntax
display smartmc replace status
Views
Any view
Predefined user roles
network-admin
network-operator
Examples
# Display faulty TC replacement status.
<Sysname> display smartmc replace status
Faulty ID : 2
Faulty MAC : 94e2-cdcb-0600
Replacement ID : 3
Replacement MAC: 2443-5f8c-0200
Mode : Manual
Status : Successful
Start time : 2017-03-21 15:01:31
End time : 2017-03-21 15:01:40
Table 102 Command output
Field |
Description |
Faulty ID |
ID of the faulty TC. |
Faulty MAC |
MAC address of the faulty TC. |
Replacement ID |
ID of the new TC. |
Replacement MAC |
MAC address of the new TC. |
Mode |
Replacement method, which can be Manual or Auto. |
Status |
Replacement status: · Successful. · Failed. · Replacing. |
Start time |
Replacement start time |
End time |
Replacement end time. |
Related commands
smartmc auto-replace enable
smartmc replace
display smartmc tc
Use display smartmc tc to display TC information.
Syntax
display smartmc tc [ tc-id ] [ verbose ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
tc-id: Specifies a TC by its ID in the range of 1 to 255. If you do not specify a TC, this command displays information about all TCs.
verbose: Displays detailed TC information. If you do not specify this keyword, the command displays brief TC information.
Examples
# Display brief information about all TCs.
<Sysname> display smartmc tc
TCID DeviceType IpAddress MacAddress Status Version Sysname
1 S5560-EI 192.168.22.104 201c-e7c3-0300 Normal R1308 H3C
# Display detailed information about all TCs.
<Sysname> display smartmc tc verbose
TC ID : 1
Adding method : Manual/Auto
Sysname : H3C
Model : S5560-54C-PWR-EI
Device type : S5560-EI
SYSOID :1.3.6.1.4.1.25506
MAC address : 0e74-e2fb-0400
IP address : 192.168.56.103
Boot image :
Boot image version :
System image :
System image version :
Current-configuration file :
uptime is: 0 week, 0 day, 0 hour, 0 minute
System CPU usage : 0%
System memory usage : 0%
Status : Offline
Boot-loader file :
Startup-configuration file :
Table 103 Command output
Field |
Description |
TC ID |
ID of the TC. |
Sysname |
Device name of the TC. |
Version |
Software version of the TC. |
Model |
Serial number of the TC. |
Device type |
Device type of the TC. |
SYSOID |
SYSOID of the TC. |
MAC address |
MAC address of the TC. |
IP address |
IP address of the TC. |
Boot image |
Boot image file that the TC runs. |
Boot image version |
Version of the boot image file. |
System image |
System image file that the TC runs. |
System image version |
Version of the system image file. |
Current-configuration file |
Current startup configuration file used by the TC. |
uptime is |
Time when the TC came online. |
System CPU usage |
CPU usage on the TC. |
System memory usage |
Memory usage on the TC. |
Status |
Operating status of the TC: · Normal—The TC is operating correctly. · Offline—The TC is offline. |
Boot-loader file |
Upgrade startup software files. |
Startup-configuration file |
Upgrade configuration file. |
display smartmc upgrade status
Use display smartmc upgrade status to display TC upgrade status.
Syntax
display smartmc upgrade status
Views
Any view
Predefined user roles
network-admin
network-operator
Examples
# Display TC upgrade status.
<Sysname> display smartmc upgrade status
ID IpAddress MacAddress Status UpdateTime UpdateFile
1 192.168.56.1 82dd-a434-0200 Finished Immediately bootloader.ipe
2 192.168.56.103 5caf-2e5f-0100 Finished Immediately bootloader.ipe
Table 104 Command output
Field |
Description |
ID |
ID of the TC. |
MacAddress |
MAC address of the TC. |
IpAddress |
IP address of the TC. |
Status |
Upgrade status: · Waiting—The TC is waiting for downloading the upgrade file. · Download-failed—The TC failed to download the upgrade file. · Download-finished—The TC has downloaded the upgrade file. · Downloading—The TC is downloading the upgrade file. · Updating—The TC is upgrading. · Finished—The TC has finished upgrading. · Failed—The TC failed to upgrade. |
Updated File |
Name of the upgrade file. |
UpdateTime |
Upgrade time: · Immediately—Upgrade at once. · Delay(m)—Upgrade after the specified delay. · Time(HH:MM)—Upgrade at the specified time. |
Related commands
smartmc upgrade group
smartmc upgrade tc
match
Use match to set a match criterion to add all matching TCs to a SmartMC group.
Use undo match to delete a match criterion.
Syntax
match { device-type device-type | ip-address ip-address { ip-mask-length | ip-mask } | mac-address mac-address mac-mask-length }
undo match { device-type device-type | ip-address ip-address { ip-mask-length | ip-mask } | mac-address mac-address mac-mask-length }
Default
No match criterion is set.
Views
SmartMC group view
Predefined user roles
network-admin
Parameters
device-type device-type: Sets a device type match criterion.
ip-address ip-address { ip-mask-length | ip-mask }: Sets an IP address match criterion. The ip-address argument specifies an IP address in dotted decimal notation. The ip-mask argument specifies the subnet mask in dotted decimal notation. The ip-mask-length argument specifies the subnet mask length in the range of 1 to 32.
mac-address mac-address mac-mask-length: Sets a MAC address match criterion. The mac-address argument specifies a MAC address in the format of H-H-H. The mac-mask-length argument specifies the mask length in the range of 1 to 48.
Examples
# Create SmartMC group a and add TCs in subnet 192.168.1.0/24 to the group.
<Sysname> system-view
[Sysname] smartmc group a
[Sysname-smartmc-group-a] match ip-address 192.168.1.0 24
Related commands
smartmc group
display smartmc group
smartmc auto-replace enable
Use smartmc auto-replace enable to enable the automatic faulty TC replacement feature.
Use undo smartmc auto-replace enable to disable the automatic faulty TC replacement feature.
Syntax
smartmc auto-replace enable
undo smartmc auto-replace enable
Default
The automatic faulty TC replacement feature is disabled.
Views
System view
Predefined user roles
network-admin
Usage guidelines
Before you execute this command, perform the following tasks:
1. Install the new TC at the location where the faulty TC was installed.
2. Connect all cables to the new TC.
Make sure the new TC and the faulty TC have the same neighbor relationship and device model.
Examples
# Enable the automatic faulty TC replacement feature.
<Sysname> system-view
[Sysname] smartmc auto-replace enable
Related commands
smartmc replace
smartmc backup configuration
Use smartmc backup configuration to manually back up the configuration file on TCs.
Syntax
smartmc backup configuration { group group-name-list | tc [ tc-id-list ] }
Views
System view
Predefined user roles
network-admin
Parameters
group group-name-list: Specifies a space-separated list of up to 10 SmartMC group items. Each item specifies a SmartMC group name, a case-sensitive string of 1 to 31 characters.
tc tc-id-list: Specifies a space-separated list of up to 10 TC items. Each item specifies a TC or a range of TCs in the form of tc-id1 to tc-id2. The value for tc-id2 must be greater than or equal to the value for tc-id1. The value range for the tc-id argument is 1 to 255. If you do not specify any TCs, all TCs will perform configuration backup.
Usage guidelines
After you execute this command, the TCs immediately save the running configuration to the next-startup configuration files and upload the configuration files to the FTP server.
The backup configuration files are named in the format of bridge MAC address_backup.cfg.
Examples
# Back up the configuration file on TC 1, TC 2, TC 3, and TC 4.
<Sysname> system-view
[Sysname] smartmc backup configuration tc 1 to 4
# Back up the configuration file on all TCs in SmartMC groups test1, test2, and test3.
<Sysname> system-view
[Sysname] smartmc backup configuration group test1 test2 test3
Related commands
display smartmc configuration
smartmc backup configuration interval
smartmc backup configuration max-number
Use smartmc backup configuration max-number to set the maximum number of TCs that can perform automatic configuration backup at the same time.
Use undo smartmc backup configuration max-number to restore the default.
Syntax
smartmc backup configuration max-number max-number
undo smartmc backup configuration max-number
Default
A maximum of five TCs can perform automatic configuration backup at the same time.
Views
System view
Predefined user roles
network-admin
Parameters
max-number: Specifies the maximum number of TCs that can perform automatic configuration backup at the same time, in the range of 2 to 20.
Examples
# Specify that a maximum of 10 TCs can perform automatic configuration backup at the same time.
<Sysname> system-view
[Sysname] smartmc backup configuration max-number 10
Related commands
display smartmc configuration
smartmc backup configuration
smartmc backup configuration interval
smartmc backup configuration interval
Use smartmc backup configuration interval to enable the automatic configuration file backup feature and set the automatic backup interval.
Use undo smartmc backup configuration interval to restore the default.
Syntax
smartmc backup configuration interval interval
undo smartmc backup configuration interval
Default
The automatic configuration file backup feature is disabled.
Views
System view
Predefined user roles
network-admin
Parameters
Interval: Specifies the automatic configuration file backup interval in the range of 1 to 720 hours.
Usage guidelines
This command enables the TM and TCs to back up their configuration files by saving the running configuration to the files and then uploading them to the FTP server. When you configure this command, the TM and TCs immediately perform a backup. After that, they back up the configuration files at the specified interval. The backup configuration files are named in the format of bridge MAC address_backup.cfg.
Examples
# Enable the automatic configuration file backup feature and set the backup interval to 24 hours.
<Sysname> system-view
[Sysname] smartmc backup configuration interval 24
Related commands
display smartmc configuration
smartmc backup configuration
smartmc batch-file deploy
Use smartmc batch-file deploy to deploy bulk command lines to a list of TCs or SmartMC groups.
Syntax
smartmc batch-file batch-file-name deploy { group group-name-list | tc tc-id-list }
Views
System view
Predefined user roles
network-admin
Parameters
batch-file-name: Specifies the name of a batch command line file, a string of 1 to 255 characters.
group group-name-list: Specifies a space-separated list of up to 10 SmartMC group items. Each item specifies a SmartMC group name, a case-sensitive string of 1 to 31 characters.
tc tc-id-list: Specifies a space-separated list of up to 10 TC items. Each item specifies a TC or a range of TCs in the form of tc-id1 to tc-id2. The value for tc-id2 must be greater than or equal to the value for tc-id1. The value range for the tc-id argument is 1 to 255.
Examples
# Deploy batch command line file startup.cmdset to SmartMC group testgroup.
<Sysname> system-view
[Sysname] smartmc batch-file startup.cmdset deploy group testgroup
Related commands
create batch-file
display smartmc batch-file status
smartmc enable
Use smartmc enable to enable SmartMC and set the device role.
Use undo smartmc enable to disable SmartMC.
Syntax
smartmc { tm [ username username password { cipher | simple } string ] | tc } enable
undo smartmc enable
Default
SmartMC is disabled.
Views
System view
Predefined user roles
network-admin
Parameters
tm: Enables SmartMC and sets the device role to TM.
username username: Specifies a username for the local user, a case-sensitive string of 1 to 55 characters.
password: Specifies a password for the local user.
cipher: Specifies a password in encrypted form.
simple: Specifies a password in plaintext form.
string: Specifies the password. Its plaintext form is a case-sensitive string of 1 to 63 characters. Its encrypted form is a case-sensitive string of 1 to 113 characters.
tc: Enables SmartMC and sets the device role to TC.
Usage guidelines
A SmartMC network must have one and only one TM.
To enable SmartMC, execute this command on both the TM and TCs. To configure the other SmartMC features, execute associated commands only on the TM.
If you change the role of the TM to TC or disable SmartMC on the TM, all SmartMC settings in its running configuration will be cleared.
For manual SmartMC network establishment, the TM preferentially uses the user-specified username and password. If no username and password are specified, the TM uses the default username admin and password admin.
Examples
# Enable SmartMC and set the device role to TM.
<Sysname> system-view
[Sysname] smartmc tm enable
smartmc ftp-server
Use smartmc ftp-server to configure the FTP server information.
Use undo smartmc ftp-server to delete the FTP server information.
Syntax
smartmc ftp-server server-address username username password { cipher | simple } string
undo smartmc ftp-server
Default
No FTP server information is configured.
Views
System view
Predefined user roles
network-admin
Parameters
server-address: Specifies an FTP server by its IP address.
username username: Specifies the FTP server username, a case-sensitive string of 1 to 55 characters.
password: Specifies the FTP server password.
cipher: Specifies a password in encrypted form.
simple: Specifies a password in plaintext form.
string: Specifies the password. Its plaintext form is a case-sensitive string of 1 to 63 characters. Its encrypted form is a case-sensitive string of 1 to 113 characters.
Usage guidelines
If you execute this command multiple times, the most recent configuration takes effect.
Examples
# Set the FTP server IP address, username, and password to 192.168.22.19, admin, and admin, respectively.
<Sysname> system-view
[Sysname] smartmc ftp-server 192.168.22.19 username admin password simple admin
Related commands
display smartmc configuration
smartmc group
Use smartmc group to create a SmartMC group and enter its view, or enter the view of an existing SmartMC group.
Use undo smartmc group to delete a SmartMC group.
Syntax
smartmc group group-name
undo smartmc group group-name
Default
No SmartMC groups exist.
Views
System view
Predefined user roles
network-admin
Parameters
group-name: Specifies the name of the SmartMC group, a case-sensitive string of 1 to 31 characters.
Usage guidelines
When you perform the following operations, you can specify a SmartMC group to apply the operations to all TCs in the group:
· Startup software upgrade.
· Configuration file upgrade.
· Configuration deployment.
Examples
# Create SmartMC group testgroup.
<Sysname> system-view
[Sysname] smartmc group testgroup
[Sysname-smartmc-group-testgroup]
Related commands
match
smartmc replace
Use smartmc replace to manually replace a faulty TC.
Syntax
smartmc replace tc tc-id1 faulty-tc tc-id2
Views
System view
Predefined user roles
network-admin
Parameters
tc tc-id1: Specifies the ID of the new TC, in the range of 1 to 255.
faulty-tc tc-id2: Specifies the ID of the faulty TC, in the range of 1 to 255.
Usage guidelines
Before you execute this command, perform the following tasks:
1. Install the new TC at the location where the faulty TC was installed.
2. Connect all cables to the new TC.
Make sure the new TC and the faulty TC have the same neighbor relationship and device model.
Examples
# Replace faulty TC 5 with new TC 10.
<Sysname> system-view
[Sysname] smartmc replace tc 10 faulty-tc 5
Related commands
display smartmc replace status
smartmc auto-replace enable
smartmc tc boot-loader
Use smartmc tc boot-loader to specify the upgrade startup software files for a TC.
Use undo smartmc tc boot-loader to remove the configuration.
Syntax
smartmc tc tc-id boot-loader { ipe-filename | boot boot-filename system system-filename }
undo smartmc tc tc-id boot-loader
Views
System view
Predefined user roles
network-admin
Parameters
tc tc-id: Specifies a TC by its ID in the range of 1 to 255.
ipe-filename: Specifies an IPE software file by its name, a case-insensitive string of 5 to 45 characters. The file name must include the .ipe extension.
boot boot-filename: Specifies a boot image file by its name, a case-insensitive string of 5 to 45 characters. The file name must include the .bin extension.
system system-filename: Specifies a system image file by its name, a case-insensitive string of 5 to 45 characters. The file name must include the .bin extension.
Examples
# Specify upgrade boot image boot.bin and upgrade system image system.bin for TC 1.
<Sysname> system-view
[Sysname] smartmc tc 1 boot-loader boot boot.bin system system.bin
Related commands
display smartmc tc
smartmc tc device-type
Use smartmc tc device-type to define a TC type on the TM.
Use undo smartmc tc device-type to delete a TC type.
Syntax
smartmc tc sysoid sysoid device-type device-type
undo smartmc tc sysoid sysoid device-type device-type
Views
System view
Predefined user roles
network-admin
Parameters
sysoid sysoid: Specifies the SYSOID of a device.
device-type device-type: Specifies a device type.
Usage guidelines
To obtain the SYSOID of a TC, use the display smartmc tc verbose command.
Examples
# Define a TC type by specifying the SYSOID as 1.3.6.1.4.1.25506.1.1588 and the device type as S5130-EI.
<Sysname> system-view
[Sysname] smartmc tc sysoid 1.3.6.1.4.1.25506.1.1588 device-type S5130-EI
smartmc tc password
Use smartmc tc password to modify the password of the default user for TCs.
Syntax
smartmc tc password string
Views
System view
Predefined user roles
network-admin
Parameters
string: Specifies a password, a case-sensitive string of 1 to 63 characters.
Usage guidelines
During SmartMC network establishment, the TM establishes NETCONF sessions to TCs and adds them to the network. The default username and password on the TCs for NETCONF session establishment are admin and admin. To enhance security, you can perform this task to change the password for the default user admin of the TCs after the TM adds the TCs to the network.
Do not modify the password for TCs that are manually added to the SmartMC network. If you modify the password for a manually added TC, you will not be able to manage that TC from the TM.
Examples
# Modify the password of the default user to Admin123 for TCs.
<Sysname> system-view
[Sysname] smartmc tc password Admin123
smartmc tc startup-configuration
Use smartmc tc startup-configuration to specify the upgrade configuration file for a TC.
Use undo smartmc tc startup-configuration to remove the configuration.
Syntax
smartmc tc tc-id startup-configuration cfg-filename
undo smartmc tc tc-id startup-configuration
Views
System view
Predefined user roles
network-admin
Parameters
tc tc-id: Specifies a TC by its ID in the range of 1 to 255.
cfg-filename: Specifies a configuration file by its name, a case-insensitive string of 5 to 45 characters. The file name must include the .cfg extension.
Examples
# Specify upgrade configuration file startup.cfg for TC 1.
<Sysname> system-view
[Sysname] smartmc tc 1 startup-configuration startup.cfg
Related commands
display smartmc tc
smartmc topology-refresh
Use smartmc topology-refresh to manually refresh the network topology.
Syntax
smartmc topology-refresh
Views
Any view
Predefined user roles
network-admin
Usage guidelines
To display topology changes, use this command to manually refresh the topology.
Examples
# Manually refresh the network topology.
<Sysname> smartmc topology-refresh
Related commands
display smartmc device-link
smartmc topology-refresh interval
Use smartmc topology-refresh interval to set the automatic network topology refresh interval.
Use undo smartmc topology-refresh interval to restore the default.
Syntax
smartmc topology-refresh interval interval
undo smartmc topology-refresh interval
Default
The automatic network topology refresh interval is 60 seconds.
Views
System view
Predefined user roles
network-admin
Parameters
interval: Specifies the automatic network topology refresh interval in the range of 60 to 300 seconds.
Examples
# Set the automatic network topology refresh interval to 100 seconds.
<Sysname> system-view
[Sysname] smartmc topology-refresh interval 100
Related commands
display smartmc device-link
smartmc topology-save
Use smartmc topology-save to save the current network topology.
Syntax
smartmc topology-save
Views
System view
Predefined user roles
network-admin
Usage guidelines
This task allows you to save the current network topology to the topology.dba file in the flash memory. After the TM reboots, it uses the topology.dba file to restore the network topology.
Examples
# Save the current network topology
<Sysname> system-view
[Sysname] smartmc topology-save
Related commands
display smartmc device-link
smartmc upgrade boot-loader
Use smartmc upgrade boot-loader to upgrade the startup software on a list of TCs or SmartMC groups.
Use undo smartmc upgrade delete the startup software upgrade task.
Syntax
smartmc upgrade boot-loader { group | tc } list [ delay minutes | time time ]
smartmc upgrade boot-loader { group | tc } { list { boot boot-filename system system-filename | file ipe-filename } }&<1-40> [ delay delay-time | time time ]
undo smartmc upgrade
Views
System view
Predefined user roles
network-admin
Parameters
group: Specifies SmartMC group-based upgrade.
tc: Specifies TC-based upgrade.
list: Specifies a space-separated list of TC items or SmartMC group items.
· SmartMC group—Each item specifies a SmartMC group name, a case-sensitive string of 1 to 31 characters.
· TC—Each item specifies a TC ID or a range of TC IDs in the form of tc-id1 to tc-id2. The value for tc-id2 must be greater than or equal to the value for tc-id1. The value range for the tc-id argument is 1 to 255.
boot boot-filename: Specifies a boot image by its name.
system system-filename: Specifies a system image by its name.
file ipe-filename: Specifies an IPE file by its name.
delay delay-time: Specifies the upgrade delay time in the range of 1 to 1440 minutes.
time in-time: Specifies the upgrade time in the format of hh:mm. The value range for the hh argument is 0 to 23 hours. The value range for the mm argument is 0 to 59 minutes.
Usage guidelines
To use this command to upgrade the startup software on TCs without specifying the upgrade files, you must first perform one of the following tasks:
· Execute the smartmc tc boot-loader command to specify the upgrade files for TCs.
· Execute the boot-loader command to specify the upgrade files for a SmartMC group.
A TC can perform only one upgrade task at a time.
If you execute this command without specifying the delay time or update time, the TCs or SmartMC group immediately upgrades the startup software.
Examples
# Upgrade startup software images boot.bin and sys.bin on all TCs in SmartMC groups test1 and test2.
<Sysname> system-view
[Sysname] smartmc upgrade boot-loader group test1 test2 boot boot.bin system sys.bin
Related commands
boot-loader
startup-configuration
smartmc upgrade startup-configuration
Use smartmc upgrade startup-configuration to upgrade the configuration file on a list of TCs or on all TCs in SmartMC groups.
Use undo smartmc upgrade delete the configuration file upgrade task.
Syntax
smartmc upgrade startup-configuration { group | tc } list [ delay minutes | time time ]
smartmc upgrade startup-configuration { group | tc } { list cfg-filename }&<1-40> [ delay delay-time | time time ]
undo smartmc upgrade
Views
System view
Predefined user roles
network-admin
Parameters
group: Specifies SmartMC group-based upgrade.
tc: Specifies TC-based upgrade.
list: Specifies a space-separated list of TC items or SmartMC group items.
· SmartMC group—Each item specifies a SmartMC group name, a case-sensitive string of 1 to 31 characters.
· TC—Each item specifies a TC ID or a range of TC IDs in the form of tc-id1 to tc-id2. The value for tc-id2 must be greater than or equal to the value for tc-id1. The value range for the tc-id argument is 1 to 255.
cfg-filename: Specifies a configuration file by its name.
delay delay-time: Specifies the upgrade delay time in the range of 1 to 1440 minutes.
time in-time: Specifies the upgrade time in the format of hh:mm. The value range for the hh argument is 0 to 23 hours. The value range for the mm argument is 0 to 59 minutes.
Usage guidelines
To use this command to upgrade the configuration file on TCs without specifying the upgrade file, you must first perform one of the following tasks:
· Execute the smartmc tc startup-configuration command to specify the upgrade file for TCs.
· Execute the startup-configuration command to specify the upgrade file for a SmartMC group.
A TC can perform only one upgrade task at a time.
If you execute this command without specifying the delay time or update time, the TCs or SmartMC group immediately upgrades the configuration file.
Examples
# Upgrade configuration file startup.cfg on all TCs in SmartMC groups test1 and test2.
<Sysname> system-view
[Sysname] smartmc upgrade boot-loader group test1 test2 boot boot.bin system sys.bin
Related commands
boot-loader
startup-configuration
startup-configuration
Use startup-configuration to specify an upgrade configuration file for a SmartMC group .
Use undo startup-configuration to restore the default.
Syntax
startup-configuration cfgfile
undo startup-configuration
Default
No upgrade configuration file is specified for the SmartMC group.
Views
SmartMC group view
Predefined user roles
network-admin
Parameters
cfgfile: Specifies a configuration file by its name, a string of 5 to 45 characters. The file name must include the .cfg extension.
Usage guidelines
If you execute this command multiple times, the most recent configuration takes effect.
Examples
# Specify configuration file startup.cfg for SmartMC group testgroup.
<Sysname> system-view
[Sysname] smartmc group testgroup
[Sysname-smartmc-group-testgroup] startup-configuration startup.cfg
Related commands
smartmc group
action,212
action cli,279
action reboot,280
action switchover,282
action syslog,283
advantage-factor,12
apply poe-profile,122
apply poe-profile interface,123
boot-loader,469
codec-type,12
commit,283
community read,13
comparison,213
context (action-set view),214
context (trigger view),214
create batch-file,469
cwmp,263
cwmp acs default password,263
cwmp acs default url,264
cwmp acs default username,265
cwmp acs password,265
cwmp acs url,266
cwmp acs username,267
cwmp cpe connect interface,268
cwmp cpe connect retry,268
cwmp cpe inform interval,269
cwmp cpe inform interval enable,270
cwmp cpe inform time,270
cwmp cpe password,271
cwmp cpe provision-code,272
cwmp cpe stun enable,272
cwmp cpe username,273
cwmp cpe wait timeout,274
cwmp enable,275
data-fill,14
data-size,15
debugging,1
delta falling,215
delta rising,216
description,16
description (event view),217
description (trigger view),217
destination ip,16
destination ipv6,17
destination port,18
diagnostic-logfile save,421
display cwmp configuration,275
display cwmp status,277
display debugging,1
display diagnostic-logfile summary,422
display exception context,303
display exception filepath,308
display info-center,422
display ip netstream cache,362
display ip netstream export,370
display ip netstream template,371
display ipv6 netstream cache,389
display ipv6 netstream export,395
display ipv6 netstream template,397
display kernel deadloop,309
display kernel deadloop configuration,313
display kernel exception,314
display kernel starvation configuration,317
display logbuffer,423
display logbuffer summary,425
display logfile summary,427
display mirroring-group,355
display netconf service,250
display netconf session,251
display nqa history,18
display nqa reaction counters,20
display nqa result,21
display nqa server,78
display nqa statistics,28
display ntp-service ipv6 sessions,82
display ntp-service sessions,86
display ntp-service status,90
display ntp-service trace,92
display packet-capture status,462
display poe device,123
display poe interface,124
display poe interface power,127
display poe power-usage,128
display poe pse,131
display poe pse interface,133
display poe pse interface power,134
display poe-profile,135
display poe-profile interface,136
display process,318
display process cpu,321
display process log,322
display process memory,324
display process memory heap,325
display process memory heap address,327
display process memory heap size,328
display rmon alarm,194
display rmon event,196
display rmon eventlog,197
display rmon history,198
display rmon prialarm,201
display rmon statistics,203
display rtm environment,284
display rtm policy,285
display sampler,352
display security-logfile summary,427
display sflow,413
display smartmc backup configuration status,470
display smartmc batch-file status,471
display smartmc configuration,472
display smartmc device-link,473
display smartmc group,474
display smartmc replace status,476
display smartmc tc,476
display smartmc upgrade status,478
display snmp mib event,218
display snmp mib event event,219
display snmp mib event object list,221
display snmp mib event summary,222
display snmp mib event trigger,222
display snmp-agent community,147
display snmp-agent context,149
display snmp-agent group,149
display snmp-agent local-engineid,150
display snmp-agent mib-node,151
display snmp-agent mib-view,157
display snmp-agent remote,158
display snmp-agent statistics,159
display snmp-agent sys-info,161
display snmp-agent trap queue,162
display snmp-agent trap-list,162
display snmp-agent usm-user,163
display sntp ipv6 sessions,115
display sntp sessions,115
display userlog export,452
display userlog host-group,453
enable,375
enable,401
enable log updown,428
enable snmp trap updown,165
event cli,286
event enable,226
event hotplug,287
event interface,289
event owner (trigger-Boolean view),226
event owner (trigger-existence view),227
event process,291
event snmp oid,292
event snmp-notification,294
event syslog,294
event track,295
exception filepath,329
falling,228
filename,37
frequency,37
frequency,228
history-record enable,38
history-record keep-time,39
history-record number,39
info-center diagnostic-logfile directory,429
info-center diagnostic-logfile enable,429
info-center diagnostic-logfile frequency,430
info-center diagnostic-logfile quota,431
info-center enable,431
info-center format,432
info-center logbuffer,432
info-center logbuffer size,433
info-center logfile directory,433
info-center logfile enable,434
info-center logfile frequency,435
info-center logfile size-quota,435
info-center logging suppress duplicates,436
info-center loghost,436
info-center loghost source,437
info-center security-logfile alarm-threshold,438
info-center security-logfile directory,439
info-center security-logfile enable,439
info-center security-logfile frequency,440
info-center security-logfile size-quota,441
info-center source,441
info-center synchronous,443
info-center syslog min-age,444
info-center syslog trap buffersize,444
info-center timestamp,445
info-center timestamp loghost,446
info-center trace-logfile quota,446
init-ttl,40
ip netstream,376
ip netstream aggregation,378
ip netstream export host,380
ip netstream export rate,381
ip netstream export source,382
ip netstream export v9-template refresh-rate packet,383
ip netstream export v9-template refresh-rate time,383
ip netstream export version,384
ip netstream filter,376
ip netstream ipsec raw-packet,377
ip netstream max-entry,385
ip netstream mpls,386
ip netstream sampler,378
ip netstream timeout active,386
ip netstream timeout inactive,387
ipv6 netstream,401
ipv6 netstream aggregation,404
ipv6 netstream export host,405
ipv6 netstream export rate,406
ipv6 netstream export source,407
ipv6 netstream export v9-template refresh-rate packet,408
ipv6 netstream export v9-template refresh-rate time,408
ipv6 netstream export version 9,409
ipv6 netstream filter,402
ipv6 netstream ipsec raw-packet,403
ipv6 netstream max-entry,410
ipv6 netstream sampler,403
ipv6 netstream timeout active,410
ipv6 netstream timeout inactive,411
logfile save,447
lsr-path,41
match,479
max-failure,41
mirroring-group,356
mirroring-group mirroring-port (interface view),357
mirroring-group mirroring-port (system view),357
mirroring-group monitor-port (interface view),358
mirroring-group monitor-port (system view),359
mirror-to,361
mode,42
monitor kernel deadloop enable,330
monitor kernel deadloop exclude-thread,331
monitor kernel deadloop time,333
monitor kernel starvation enable,334
monitor kernel starvation exclude-thread,335
monitor kernel starvation time,336
monitor process,337
monitor thread,342
netconf capability specific-namespace,252
netconf idle-timeout,253
netconf log,253
netconf soap domain,254
netconf soap http acl,255
netconf soap http enable,256
netconf soap https acl,257
netconf soap https enable,257
netconf ssh acl,258
netconf ssh server enable,259
netconf ssh server port,259
next-hop ip,43
next-hop ipv6,43
no-fragment enable,44
nqa,44
nqa agent enable,45
nqa schedule,46
nqa server enable,78
nqa server tcp-connect,79
nqa server udp-echo,80
ntp-service acl,93
ntp-service authentication enable,94
ntp-service authentication-keyid,95
ntp-service broadcast-client,96
ntp-service broadcast-server,97
ntp-service dscp,98
ntp-service enable,98
ntp-service inbound enable,99
ntp-service ipv6 acl,99
ntp-service ipv6 dscp,101
ntp-service ipv6 inbound enable,101
ntp-service ipv6 multicast-client,102
ntp-service ipv6 multicast-server,103
ntp-service ipv6 source,103
ntp-service ipv6 unicast-peer,104
ntp-service ipv6 unicast-server,106
ntp-service max-dynamic-sessions,107
ntp-service multicast-client,108
ntp-service multicast-server,108
ntp-service refclock-master,109
ntp-service reliable authentication-keyid,110
ntp-service source,111
ntp-service unicast-peer,112
ntp-service unicast-server,113
object list (action-notification view),229
object list (trigger view),230
object list (trigger-Boolean view),231
object list (trigger-existence view),231
object list (trigger-threshold view),232
oid (action-notification view),233
oid (action-set view),233
oid (trigger view),234
operation (FTP operation view),47
operation (HTTP operation view),48
out interface,48
packet-capture local ap (on ACs),463
packet-capture local interface (on wired devices/fat APs),464
packet-capture remote ap (on ACs),466
packet-capture remote interface (on wired devices/fat APs),467
packet-capture stop,467
password,49
ping,2
ping ipv6,5
poe disconnect,137
poe enable,137
poe enable pse,138
poe legacy enable,139
poe max-power,139
poe max-power (system view),140
poe pd-description,141
poe pd-policy priority,141
poe priority,142
poe priority (system view),143
poe pse-policy priority,144
poe update,144
poe utilization-threshold,146
poe-profile,145
probe count,50
probe packet-interval,51
probe packet-number,52
probe packet-timeout,52
probe timeout,53
process core,346
raw-request,54
reaction checked-element { jitter-ds | jitter-sd },54
reaction checked-element { owd-ds | owd-sd },56
reaction checked-element icpif,57
reaction checked-element mos,58
reaction checked-element packet-loss,59
reaction checked-element probe-duration,60
reaction checked-element probe-fail (for trap),61
reaction checked-element probe-fail (for trigger),63
reaction checked-element rtt,63
reaction trap,65
reset exception context,347
reset ip netstream statistics,388
reset ipv6 netstream statistics,412
reset kernel deadloop,348
reset kernel exception,348
reset logbuffer,447
reset netconf service statistics,260
reset netconf session statistics,260
reset userlog flow export,455
rising,235
rmon alarm,204
rmon event,206
rmon history,207
rmon prialarm,208
rmon statistics,210
route-option bypass-route,66
rresolve-target,66
rtm cli-policy,297
rtm environment,297
rtm scheduler suspend,299
rtm tcl-policy,299
running-time,300
sample,236
sampler,354
security-logfile save,448
sflow agent,414
sflow collector,415
sflow counter collector,417
sflow counter interval,416
sflow flow collector,417
sflow flow max-header,418
sflow sampling-mode,418
sflow sampling-rate,419
sflow source,419
smartmc auto-replace enable,480
smartmc backup configuration,480
smartmc backup configuration interval,482
smartmc backup configuration max-number,481
smartmc batch-file deploy,482
smartmc enable,483
smartmc ftp-server,484
smartmc group,485
smartmc replace,485
smartmc tc boot-loader,486
smartmc tc device-type,487
smartmc tc password,487
smartmc tc startup-configuration,488
smartmc topology-refresh,488
smartmc topology-refresh interval,489
smartmc topology-save,489
smartmc upgrade boot-loader,490
smartmc upgrade startup-configuration,491
snmp mib event,236
snmp mib event object list,237
snmp mib event sample instance maximum,238
snmp mib event sample minimum,239
snmp mib event trigger,239
snmp-agent,165
snmp-agent { inform | trap } source,178
snmp-agent calculate-password,166
snmp-agent community,167
snmp-agent community-map,170
snmp-agent context,171
snmp-agent group,171
snmp-agent local-engineid,173
snmp-agent log,174
snmp-agent mib-view,175
snmp-agent packet max-size,176
snmp-agent port,177
snmp-agent remote,177
snmp-agent sys-info contact,179
snmp-agent sys-info location,180
snmp-agent sys-info version,180
snmp-agent target-host,181
snmp-agent trap enable,183
snmp-agent trap enable event-mib,240
snmp-agent trap enable syslog,448
snmp-agent trap if-mib link extended,184
snmp-agent trap life,185
snmp-agent trap log,185
snmp-agent trap queue-size,186
snmp-agent usm-user { v1 | v2c },187
snmp-agent usm-user v3,188
snmp-agent usm-user v3 user-role,192
sntp authentication enable,116
sntp authentication-keyid,117
sntp enable,118
sntp ipv6 unicast-server,118
sntp reliable authentication-keyid,119
sntp unicast-server,120
source interface,67
source ip,68
source ipv6,69
source port,69
ssl client-policy,278
startup (trigger-existence view),241
startup (trigger-threshold view),242
startup enable,242
startup-configuration,492
statistics hold-time,70
statistics interval,71
statistics max-group,71
target-only,72
terminal debugging,449
terminal logging level,450
terminal monitor,451
test,243
third-part-process start,349
third-part-process stop,350
tos,73
tracert,7
tracert ipv6,10
trigger enable,244
ttl,73
type,74
type,244
url,75
userlog flow export host,455
userlog flow export load-balancing,456
userlog flow export source-ip,456
userlog flow export timestamp localtime,457
userlog flow export version,458
userlog flow syslog,458
userlog host-group,459
userlog host-group host flow,460
username,76
user-role,301
value (action-set view),245
value (trigger-Boolean view),246
version,76
vpn-instance,77
wildcard context (action-set view),247
wildcard context (trigger view),247
wildcard oid (action-set view),248
wildcard oid (trigger view),249
xml,261