option: Specifies the debugging option for a module. Available options vary by module. To display the debugging options supported by a module, use the debugging module-name ? command.

Usage guidelines

Output from debugging commands is memory intensive. To guarantee system performance, enable debugging only for modules that are in an exceptional condition.

The system sends the debugging command output as debug messages to the device information center. The information center then sends the messages to appropriate destinations based on the log output configuration. For more information about configuring debug message output, see Network Management and Monitoring Configuration Guide.

Examples

# Enable debugging for the device management module.

<Sysname> debugging dev

Related commands

display debugging

Use display debugging to display the enabled debugging features for a module or for all modules.

Syntax

display debugging [ module-name ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

module-name: Specifies a module by its name. For a list of supported modules, use the display debugging ? command. If you do not specify a module name, this command displays the enabled debugging features for all modules.

Examples

# Display all enabled debugging features.

<Sysname> display debugging

DEV debugging switch is on

Related commands

debugging

ping

Use ping to test the reachability of the destination IP address and display ping statistics.

Syntax

ping [ ip ] [ -a source-ip | -c count | -f | -h ttl | -i interface-type interface-number | -m interval | -n | -p pad | -q | -r | -s packet-size | -t timeout | -tos tos | -v | { -topology topo-name | -vpn-instance vpn-instance-name } ] * host

Views

Any view

Predefined user roles

network-admin

Parameters

ip: Distinguishes between a destination host name and the ping command keywords if the name of the destination host is i, ip, ipv, or ipv6. For example, you must use the command in the form of ping ip ip instead of ping ip if the destination host name is ip.

-a source-ip: Specifies an IP address of the device as the source IP address of ICMP echo requests. If this option is not specified, the source IP address of ICMP echo requests is the primary IP address of the outbound interface.

-c count: Specifies the number of ICMP echo requests that are sent to the destination. The value range is 1 to 4294967295, and the default is 5.

-f: Sets the "do-not-fragment" bit in the IP header.

-h ttl: Specifies the TTL value of ICMP echo requests. The value range is 1 to 255, and the default is 255.

-i interface-type interface-number: Specifies the source interface for ICMP echo requests. If you do not specify this option, the system uses the primary IP address of the matching route's egress interface as the source interface for ICMP echo requests.

-m interval: Specifies the interval (in milliseconds) to send ICMP echo requests. The value range is 1 to 65535, and the default is 200.

-n: Disables domain name resolution for the host argument. If the host argument represents the host name of the destination, and if this keyword is not specified, the device translates host into an address.

-p pad: Specifies the value of the pad field in an ICMP echo request, in hexadecimal format, 1 to 8 bits. The pad argument is in the range of 0 to ffffffff. If the specified value is less than 8 bits, 0s are added in front of the value to extend it to 8 bits. For example, if pad is configured as 0x2f, then the packets are padded with 0x0000002f to make the total length of the packet meet the requirements of the device. By default, the padded value starts from 0x01 up to 0xff, where another round starts again if necessary, such as 0x010203…feff01….

-q: Displays only the summary statistics. If this keyword is not specified, the system displays all the ping statistics.

-r: Records the addresses of the hops (up to 9) the ICMP echo requests passed. If this keyword is not specified, the addresses of the hops that the ICMP echo requests passed are not recorded.

-s packet-size: Specifies the length (in bytes) of ICMP echo requests (excluding the IP packet header and the ICMP packet header). The value range is 20 to 8100, and the default is 56.

-t timeout: Specifies the timeout time (in milliseconds) of an ICMP echo reply. The value range is 0 to 65535, and the default is 2000. If the source does not receive an ICMP echo reply within the timeout, it considers the ICMP echo reply timed out.

-tos tos: Specifies the ToS value of ICMP echo requests. The value range is 0 to 255, and the default is 0.

-v: Displays non-ICMP echo reply packets. If this keyword is not specified, the system does not display non-ICMP echo reply packets.

-topology topo-name: Specifies the topology to which the destination belongs, where topo-name is a case-sensitive string of 1 to 31 characters. If the destination is on the public network, do not specify this option.

-vpn-instance vpn-instance-name: Specifies the MPLS L3VPN instance to which the destination belongs, where the vpn-instance-name argument is a case-sensitive string of 1 to 31 characters. If the destination is on the public network, do not specify this option.

host: Specifies the IP address or host name of the destination. The host name is a case-insensitive string of 1 to 253 characters. It can contain letters, digits, and special characters such as hyphen (-), underscore (_), and dot (.).

Usage guidelines

To ping a device identified by its host name, configure the DNS settings on the device first. If the DNS settings are not configured, the ping operation fails.

To abort the ping operation during the execution of the command, press Ctrl+C.

Examples

# Test whether the device with an IP address of 1.1.2.2 is reachable.

<Sysname> ping 1.1.2.2

Ping 1.1.2.2 (1.1.2.2): 56 data bytes, press CTRL_C to break

56 bytes from 1.1.2.2: icmp_seq=0 ttl=254 time=2.137 ms

56 bytes from 1.1.2.2: icmp_seq=1 ttl=254 time=2.051 ms

56 bytes from 1.1.2.2: icmp_seq=2 ttl=254 time=1.996 ms

56 bytes from 1.1.2.2: icmp_seq=3 ttl=254 time=1.963 ms

56 bytes from 1.1.2.2: icmp_seq=4 ttl=254 time=1.991 ms

--- Ping statistics for 1.1.2.2 ---

5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss

round-trip min/avg/max/std-dev = 1.963/2.028/2.137/0.062 ms

# Test whether the device with an IP address of 1.1.2.2 in VPN 1 is reachable.

<Sysname> ping -vpn-instance vpn1 1.1.2.2

Ping 1.1.2.2 (1.1.2.2): 56 data bytes, press CTRL_C to break

56 bytes from 1.1.2.2: icmp_seq=0 ttl=254 time=2.137 ms

56 bytes from 1.1.2.2: icmp_seq=1 ttl=254 time=2.051 ms

56 bytes from 1.1.2.2: icmp_seq=2 ttl=254 time=1.996 ms

56 bytes from 1.1.2.2: icmp_seq=3 ttl=254 time=1.963 ms

56 bytes from 1.1.2.2: icmp_seq=4 ttl=254 time=1.991 ms

--- Ping statistics for 1.1.2.2 in VPN instance vpn1 ---

5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss

round-trip min/avg/max/std-dev = 1.963/2.028/2.137/0.062 ms

# Test whether the device with an IP address of 1.1.2.2 is reachable. Only results are displayed.

<Sysname> ping -q 1.1.2.2

Ping 1.1.2.2 (1.1.2.2): 56 data bytes, press CTRL_C to break

--- Ping statistics for 1.1.2.2 ---

5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss

round-trip min/avg/max/std-dev = 1.962/2.196/2.665/0.244 ms

# Test whether the device with an IP address of 1.1.2.2 is reachable. The IP addresses of the hops that the ICMP packets passed in the path are displayed.

<Sysname> ping -r 1.1.2.2

Ping 1.1.2.2 (1.1.2.2): 56 data bytes, press CTRL_C to break

56 bytes from 1.1.2.2: icmp_seq=0 ttl=254 time=4.685 ms

RR: 1.1.2.1

1.1.2.2

1.1.1.2

1.1.1.1

56 bytes from 1.1.2.2: icmp_seq=1 ttl=254 time=4.834 ms (same route)

56 bytes from 1.1.2.2: icmp_seq=2 ttl=254 time=4.770 ms (same route)

56 bytes from 1.1.2.2: icmp_seq=3 ttl=254 time=4.812 ms (same route)

56 bytes from 1.1.2.2: icmp_seq=4 ttl=254 time=4.704 ms (same route)

--- Ping statistics for 1.1.2.2 ---

5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss

round-trip min/avg/max/std-dev = 4.685/4.761/4.834/0.058 ms

The output shows that:

· The destination is reachable.

· The route is 1.1.1.1 <-> {1.1.1.2; 1.1.2.1} <-> 1.1.2.2.

Table 1 Command output

Field	Description
Ping 1.1.2.2 (1.1.2.2): 56 data bytes, press CTRL_C to break	Test whether the device with IP address 1.1.2.2 is reachable. There are 56 bytes in each ICMP echo request. Press Ctrl+C to abort the ping operation.
56 bytes from 1.1.2.2: icmp_seq=0 ttl=254 time=4.685 ms	Received ICMP echo replies from the device whose IP address is 1.1.2.2. If no echo reply is received within the timeout period, no information is displayed. · bytes—Number of bytes in the ICMP echo reply. · icmp_seq—Packet sequence, used to determine whether a segment is lost, disordered or repeated. · ttl—TTL value in the ICMP echo reply. · time—Response time.
RR:	Routers through which the ICMP echo request passed. They are displayed in inversed order, which means the router with a smaller distance to the destination is displayed first.
--- Ping statistics for 1.1.2.2 ---	Statistics on data received and sent in the ping operation.
--- Ping statistics for 1.1.2.2 in VPN instance vpn1 ---	Ping statistics for a device in a VPN instance.
5 packet(s) transmitted	Number of ICMP echo requests sent.
5 packet(s) received	Number of ICMP echo replies received.
0.0% packet loss	Percentage of unacknowledged packets to the total packets sent.
round-trip min/avg/max/std-dev = 4.685/4.761/4.834/0.058 ms	Minimum/average/maximum/standard deviation response time, in milliseconds.

ping ipv6

Use ping ipv6 to test the reachability of the destination IPv6 address and display IPv6 ping statistics.

Syntax

Views

Any view

Predefined user roles

network-admin

Parameters

-a source-ipv6: Specifies an IPv6 address of the device as the source IP address of ICMP echo requests. If this option is not specified, the source IPv6 address of ICMP echo requests is the IPv6 address of the outbound interface. See RFC 3484 for information about the address selection rule.

-c count: Specifies the number of ICMPv6 echo requests that are sent to the destination. The value range is 1 to 4294967295, and the default is 5.

-i interface-type interface-number: Specifies the source interface for ICMPv6 echo requests. This option must be specified when the destination address is a multicast address or a link local address. If you do not specify this option, the system uses the primary IP address of the matching route's egress interface as the source interface for ICMPv6 echo requests.

-m interval: Specifies the interval (in milliseconds) to send an ICMPv6 echo reply. The value range is 1 to 65535, and the default is 1000.

-q: Displays only the summary statistics. If you do not specify this keyword, the system displays all the ping statistics.

-s packet-size: Specifies the length (in bytes) of ICMPv6 echo requests (excluding the IPv6 packet header and the ICMPv6 packet header). The value range is 20 to 8100, and the default is 56.

-t timeout: Specifies the timeout time (in milliseconds) of an ICMPv6 echo reply. The value range is 0 to 65535, and the default is 2000.

-tc traffic-class: Specifies the traffic class value in an ICMPv6 packet. The value range is 0 to 255 and the default is 0.

-v: Displays detailed information (including the dst field and the idx field) about ICMPv6 echo replies. If this keyword is not specified, the system only displays brief information (not including the dst field and the idx field) about ICMPv6 echo replies.

host: Specifies the IPv6 address or host name of the destination. The host name is a case-insensitive string of 1 to 253 characters. It can contain letters, digits, and special characters such as hyphen (-), underscore (_), and dot (.).

Usage guidelines

To ping a device identified by its host name, configure the DNS settings on the device first. If the DNS settings are not configured, the ping ipv6 operation fails.

To abort the ping ipv6 operation during the execution of the command, press Ctrl+C.

Examples

# Test whether the IPv6 address (2001::2) is reachable.

<Sysname> ping ipv6 2001::2

Ping6(56 data bytes) 2001::1 --> 2001::2, press CTRL_C to break

56 bytes from 2001::2, icmp_seq=0 hlim=64 time=62.000 ms

56 bytes from 2001::2, icmp_seq=1 hlim=64 time=23.000 ms

56 bytes from 2001::2, icmp_seq=2 hlim=64 time=20.000 ms

56 bytes from 2001::2, icmp_seq=3 hlim=64 time=4.000 ms

56 bytes from 2001::2, icmp_seq=4 hlim=64 time=16.000 ms

--- Ping6 statistics for 2001::2 ---

5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss

round-trip min/avg/max/std-dev = 4.000/25.000/62.000/20.000 ms

# Test whether the IPv6 address (2001::2) is reachable. Only the statistics are displayed.

<Sysname> ping ipv6 –q 2001::2

Ping6(56 data bytes) 2001::1 --> 2001::2, press CTRL_C to break

--- Ping6 statistics for 2001::2 ---

5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss

round-trip min/avg/max/std-dev = 4.000/25.000/62.000/20.000 ms

# Test whether the IPv6 address (2001::2) is reachable. Detailed ping information is displayed.

<Sysname> ping ipv6 –v 2001::2

Ping6(56 data bytes) 2001::1 --> 2001::2, press CTRL_C to break

56 bytes from 2001::2, icmp_seq=0 hlim=64 dst=2001::1 idx=3 time=62.000 ms

56 bytes from 2001::2, icmp_seq=1 hlim=64 dst=2001::1 idx=3 time=23.000 ms

56 bytes from 2001::2, icmp_seq=2 hlim=64 dst=2001::1 idx=3 time=20.000 ms

56 bytes from 2001::2, icmp_seq=3 hlim=64 dst=2001::1 idx=3 time=4.000 ms

56 bytes from 2001::2, icmp_seq=4 hlim=64 dst=2001::1 idx=3 time=16.000 ms

--- Ping6 statistics for 2001::2 ---

5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss

round-trip min/avg/max/std-dev = 4.000/25.000/62.000/20.000 ms

The output shows that:

· The destination is reachable, and ICMPv6 echo requests are replied.

· The minimum/average/maximum/standard deviation roundtrip time of packets is 4 milliseconds, 25 milliseconds, 62 milliseconds, and 20 milliseconds.

Table 2 Command output

Field	Description
Ping6(56 data bytes) 2001::1 --> 2001::2, press CTRL_C to break	An ICMPv6 echo reply with a data length of 56 bytes is sent from 2001::1 to 2001::2. Press Ctrl+C to abort the ping IPv6 operation.
56 bytes from 2001::2, icmp_seq=1 hlim=64 dst=2001::1 idx=3 time=62.000 ms	Received ICMPv6 echo replies from the device whose IPv6 address is 2001::2. · The number of data bytes is 56. · The packet sequence is 1. · The hop limit value is 64. · The destination address is 2001::1. Specify the -v keyword to display this field. · The index for the packet inbound interface is 3. Specify the -v keyword to display this field. · The response time is 62 milliseconds.
--- Ping6 statistics for 2001::2 ------	Statistics on data received and sent in an IPv6 ping operation.
5 packet(s) transmitted	Number of ICMPv6 echo requests sent.
5 packet(s) received	Number of ICMPv6 echo replies received.
0.0% packet loss	Percentage of unacknowledged packets to the total packets sent.
round-trip min/avg/max/ std-dev =4.000/25.000/62.000/20.000 ms	Minimum/average/maximum/standard deviation response time, in milliseconds.

tracert

Use tracert to trace the path the packets traverse from source to destination.

Syntax

tracert [ -a source-ip | -f first-ttl | -m max-ttl | -p port | -q packet-number | -t tos | { -topology topo-name |-vpn-instance vpn-instance-name [ -resolve-as { global | none | vpn } ] } | -w timeout ] * host

Views

Any view

Predefined user roles

network-admin

Parameters

-a source-ip: Specifies an IP address of the device as the source IP address of probe packets. If this option is not specified, the source IP address of probe packets is the primary IP address of the outbound interface.

-f first-ttl: Specifies the TTL of the first packet sent to the destination. The value range is 1 to 255, and the default is 1. It must be no greater than the value of the max-ttl argument.

-m max-ttl: Specifies the maximum number of hops allowed for a probe packet. The value range is 1 to 255, and the default is 30. It must be no smaller than the value of the first-ttl argument.

-p port: Specifies an invalid UDP port of the destination. The value range is 1 to 65535, and the default is 33434. If the destination address is an EID address at a remote LISP site, specify a port number in the range of 33434 to 65535.

-q packet-number: Specifies the number of probe packets to send per hop. The value range is 1 to 65535, and the default is 3.

-t tos: Specifies the ToS value of probe packets. The value range is 0 to 255, and the default is 0.

-resolve-as: Specifies a routing table for autonomous system (AS) resolution. Tracert searches the specified routing table for the AS that each hop along the path belongs to. If you do not specify this keyword, the global routing table is used. If the AS information is found, this command displays the AS number next to the address of the hop in the probe result.

· global: Specifies the global routing table.

· none: Disables AS resolution.

· vpn: Specifies the VPN routing table.

-w timeout: Specifies the timeout time in milliseconds of the reply packet for a probe packet. The value range is 1 to 65535, and the default is 5000.

Usage guidelines

After identifying network failure with the ping command, use the tracert command to locate failed nodes.

If the destination address is on the public network, you do not need to specify the -resolve-as keyword to obtain the AS information. The device automatically uses the global routing table for AS resolution.

If the destination address is on a private network, address information of intermediate hops might be stored in either the global routing table or the VPN routing table. To learn the AS path that the packets traverse, execute the tracert command twice, once with the -resolve-as global keywords and again with the -resolve-as vpn keywords.

The output from the tracert command includes IP addresses of all the Layer 3 devices that the packets traverse from source to destination. Asterisks (* * *) are displayed if the device cannot reply with an ICMP error message. The reason might be the destination is unreachable or sending ICMP timeout/destination unreachable packets is disabled.

To abort the tracert operation during the execution of the command, press Ctrl+C.

Examples

# Display the path that the packets traverse from source to destination (1.1.2.2).

<Sysname> tracert 1.1.2.2

traceroute to 1.1.2.2 (1.1.2.2), 30 hops at most, 40 bytes each packet, press CTRL_C to break

1 1.1.1.2 (1.1.1.2) 673 ms 425 ms 30 ms

2 1.1.2.2 (1.1.2.2) [AS 100] 580 ms 470 ms 80 ms

# Display the path that the packets traverse from source to destination (1.1.3.2) in VPN instance vpn1, as well as the AS information of the hops along the path.

<Sysname> tracert –vpn-instance vpn1 –resolve-as vpn 1.1.3.2

traceroute to 1.1.3.2 (1.1.3.2), 30 hops at most, 40 bytes each packet, press CTRL_C to break

1 1.1.1.2 (1.1.1.2) 673 ms 425 ms 30 ms

2 1.1.2.2 (1.1.2.2) 580 ms 470 ms 80 ms

3 1.1.3.2 (1.1.3.2) [AS 65535] 530 ms 472 ms 380 ms

# Trace the path to destination (192.168.0.46) over an MPLS network.

<Sysname> tracert 192.168.0.46

traceroute to 192.168.0.46(192.168.0.46), 30 hops at most, 40 bytes each packet, press CTRL_C to break

1 192.0.2.13 (192.0.2.13) 0.661 ms 0.618 ms 0.579 ms

2 192.0.2.9 (192.0.2.9) 0.861 ms 0.718 ms 0.679 ms

MPLS Label=100048 Exp=0 TTL=1 S=1

3 192.0.2.5 (192.0.2.5) 0.822 ms 0.731 ms 0.708 ms

MPLS Label=100016 Exp=0 TTL=1 S=1

4 192.0.2.1 (192.0.2.1) 0.961 ms 8.676 ms 0.875 ms

Table 3 Command output

Field	Description
traceroute to 1.1.2.2 (1.1.2.2)	Display the route that the IP packets traverse from the current device to the device whose IP address is 1.1.2.2.
hops at most	Maximum number of hops of the probe packets, which can be set by the -m keyword.
bytes each packet	Number of bytes of a probe packet.
press CTRL_C to break	During the execution of the command, press Ctrl+C to abort the tracert operation.
2 1.1.2.2 (1.1.2.2) [AS 100] 580 ms 470 ms 80 ms	Probe result of the probe packets that contain a TTL value of 2, including the following information about the second hop: · Domain name of the hop. If no domain name is configured, the IP address is displayed as the domain name. · IP address of the hop. The IP address is displayed in parentheses. · Number of the AS that the hop belongs to. The AS number appears only when it is found for the hop in the specified routing table. · The round-trip time of the probe packets. The number of packets that can be sent in each probe can be set by using the -q keyword.
MPLS Label=100048 Exp=0 TTL=1 S=1	ICMP timeout packets on an MPLS network, carrying MPLS label information: · Label—Label value that is used to identify a forwarding equivalence class (FEC). · Exp—Reserved, usually used for class of service (CoS). · TTL—TTL value. · S—MPLS supports multiple levels of labels. Value 1 indicates that the label is at the bottom of the label stack, and value 0 indicates that the label is in another label stack.

tracert ipv6

Use tracert ipv6 to display the path that the IPv6 packets traverse from source to destination.

Syntax

tracert ipv6 [ -f first-hop | -m max-hops | -p port | -q packet-number | -t traffic-class | -vpn-instance vpn-instance-name [ -resolve-as { global | none | vpn } ] | -w timeout ] * host

Views

Any view

Predefined user roles

network-admin

Parameters

-f first-hop: Specifies the TTL value of the first packet. The value range is 1 to 255, and the default is 1. The value must be no greater than the value of the max-hops argument.

-m max-hops: Specifies the maximum number of hops allowed for a packet. The value range is 1 to 255, and the default is 30. The value must be no smaller than the value of the first-hop argument.

-p port: Specifies an invalid UDP port of the destination. The value range is 1 to 65535, and the default is 33434.

-q packet-number: Specifies the number of probe packets sent each time. The value range is 1 to 65535, and the default is 3.

-t traffic-class: Specifies the traffic class value in an IPv6 probe packet. The value range is 0 to 255, and the default is 0.

-resolve-as: Specifies a routing table for AS resolution. Tracert searches the specified routing table for the AS that each hop along the path belongs to. If you do not specify this keyword, the global routing table is used. If the AS information is found, this command displays the AS number next to the address of the hop in the probe result.

· global: Specifies the global routing table.

· none: Disables AS resolution.

· vpn: Specifies the VPN routing table.

-w timeout: Specifies the timeout time (in milliseconds) of the reply packet of a probe packet. The value range is 1 to 65535, and the default is 5000.

Usage guidelines

After identifying network failure with the ping ipv6 command, you can use the tracert ipv6 command to locate failed nodes.

If the destination address is on a private network, address information of intermediate hops might be stored in either the global routing table or the VPN routing table. To learn the AS path that the packets traverse, execute the tracert ipv6 command twice, once with the -resolve-as global keywords and again with the -resolve-as vpn keywords.

The output from the tracert ipv6 command includes IPv6 addresses of all the Layer 3 devices that the packets traverse from source to destination. Asterisks (* * *) are displayed if the device cannot reply with an ICMP error message. The reason might be the destination is unreachable or sending ICMP timeout/destination unreachable packets is disabled.

To abort the tracert operation during the execution of the command, press Ctrl+C.

Examples

# Display the path that the packets traverse from source to destination (2001:3::2).

<Sysname> tracert ipv6 2001:3::2

traceroute to 2001:3::2(2001:3::2), 30 hops at most, 60 byte packets, press CTRL_C to break

1 2001:1::2 0.661 ms 0.618 ms 0.579 ms

2 2001:2::2 [AS 100] 0.861 ms 0.718 ms 0.679 ms

3 2001:3::2 [AS 200] 0.822 ms 0.731 ms 0.708 ms

# Display the path that the packets traverse from source to destination (2001:3::2) in VPN instance vpn1, as well as the AS information of the hops along the path.

<Sysname> tracert ipv6 –vpn-instance vpn1 –resolve-as vpn 2001:3::2

traceroute to 2001:3::2(2001:3::2), 30 hops at most, 60 byte packets , press CTRL_C to break

1 2001:1::2 0.661 ms 0.618 ms 0.579 ms

2 2001:2::2 0.861 ms 0.718 ms 0.679 ms

3 2001:3::2 [AS 65535] 0.822 ms 0.731 ms 0.708 ms

Table 4 Command output

Field	Description
traceroute to 2001:3::2	Display the route that the IPv6 packets traverse from the current device to the device whose IP address is 2001:3:2.
hops at most	Maximum number of hops of the probe packets, which can be set by the -m keyword.
byte packets	Number of bytes of a probe packet.
2 2001:2::2 [AS 100] 0.861 ms 0.718 ms 0.679 ms	Probe result of the probe packets that contain a hoplimit value of 2, including the following information about the second hop: · IPv6 address of the hop. · Number of the AS the hop belongs to. The AS number appears only when it is found for the hop in the specified routing table. · The round-trip time of the probe packets. The number of packets that can be sent in each probe can be set by using the -q keyword.

NQA commands

NQA client commands

advantage-factor

Use advantage-factor to set the advantage factor to be used for calculating Mean Opinion Scores (MOS) and Calculated Planning Impairment Factor (ICPIF) values.

Use undo advantage-factor to restore the default.

Syntax

advantage-factor factor

undo advantage-factor

Default

The advantage factor is 0.

Views

Voice operation view

Predefined user roles

network-admin

Parameters

factor: Specifies the advantage factor in the range of 0 to 20.

Usage guidelines

The evaluation of voice quality depends on users' tolerance for voice quality. For users with higher tolerance for voice quality, use the advantage-factor command to set an advantage factor. When the system calculates the ICPIF value, it subtracts the advantage factor to modify ICPIF and MOS values for voice quality evaluation.

Examples

# Set the advantage factor to 10 for the voice operation.

<Sysname> system-view

[Sysname] nqa entry admin test

[Sysname-nqa-admin-test] type voice

[Sysname-nqa-admin-test-voice] advantage-factor 10

codec-type

Use codec-type to configure the codec type for the voice operation.

Use undo codec-type to restore the default.

Syntax

codec-type { g711a | g711u | g729a }

undo codec-type

Default

The codec type for the voice operation is G.711 A-law.

Views

Voice operation view

Predefined user roles

network-admin

Parameters

g711a: Specifies G.711 A-law codec type.

g711u: Specifies G.711 µ-law codec type

g729a: Specifies G.729 A-law codec type.

Examples

# Set the codec type to g729a for the voice operation.

<Sysname> system-view

[Sysname] nqa entry admin test

[Sysname-nqa-admin-test] type voice

[Sysname-nqa-admin-test-voice] codec-type g729a

community read

Use community read to specify the community name for the SNMP operation.

Use undo community read to restore the default.

Syntax

community read { cipher | simple } community-name

undo community read

Default

The SNMP operation uses community name public.

Views

SNMP operation view

Predefined user roles

network-admin

Parameters

cipher: Specifies a community name in encrypted form.

simple: Specifies a community name in plaintext form. For security purposes, the community name specified in plaintext form will be stored in encrypted form.

community-name: Specifies the community name. Its plaintext form is a case-sensitive string of 1 to 32 characters. Its encrypted form is a case-sensitive string of 33 to 73 characters.

Usage guidelines

You must specify the community name for the SNMP operation when both of the following conditions exist:

· The SNMP operation uses the SNMPv1 or SNMPv2c agent.

· The SNMPv1 or SNMPv2c agent is configured with a read-only or read-write community name.

The specified community name must be the same as the community name configured on the SNMP agent.

The community name configuration is not required if the SNMP operation uses the SNMPv3 agent.

For more information about SNMP, see "Configuring SNMP."

Examples

# Specify readaccess as the community name for the SNMP operation.

<Sysname> system-view

[Sysname] nqa entry admin test

[Sysname-nqa-admin-test] type snmp

[Sysname-nqa-admin-test-snmp] community read simple readaccess

data-fill

Use data-fill to configure the payload fill string for probe packets.

Use undo data-fill to restore the default.

Syntax

data-fill string

undo data-fill

Default

The default payload fill string is 0123456789.

Views

ICMP/UDP echo operation view

Path/UDP jitter operation view

Voice operation view

Predefined user roles

network-admin

Parameters

string: Specifies a case-sensitive string of 1 to 200 characters.

Usage guidelines

If the payload length is smaller than the string length, only the first part of the string is filled. For example, if you configure the string as abcd and set the payload size to 3 bytes, abc is filled.

If the payload length is greater than the string length, the system fills the payload with the string cyclically until the payload is full. For example, if you configure the string as abcd and the payload size as 6 bytes, abcdab is filled.

How the string is filled depends on the operation type.

· For the ICMP echo operation, the string fills the whole payload of an ICMP echo request.

· For the UDP echo operation, the first five bytes of the payload of a UDP packet are for special purpose. The string fills the remaining part of payload.

· For the UDP jitter operation, the first 68 bytes of the payload of a UDP packet are for special purpose. The string fills the remaining part of the payload.

· For the voice operation, the first 16 bytes of the payload of a UDP packet are for special purpose. The string fills the remaining part of the payload.

· For the path jitter operation, the first four bytes of the payload of an ICMP echo request are for special purpose. The string fills the remaining part of payload.

Examples

# Specify abcd as the payload fill string for ICMP echo requests.

<Sysname> system-view

[Sysname] nqa entry admin test

[Sysname-nqa-admin-test] type icmp-echo

[Sysname-nqa-admin-test-icmp-echo] data-fill abcd

data-size

Use data-size to set the payload size for each probe packet.

Use undo data-size to restore the default.

Syntax

data-size size

undo data-size

Default

The default payload size of a probe packet for different operations is described in Table 5.

Table 5 Default payload size of a probe packet

Operation type	Codec type	Default size (bytes)
ICMP echo	N/A	100
UDP echo	N/A	100
UDP jitter	N/A	100
UDP tracert	N/A	100
Path jitter	N/A	100
Voice	G.711 A-law	172
Voice	G.711 µ-law	172
Voice	G.729 A-law	32

Views

ICMP/UDP echo operation view

Path/UDP jitter operation view

UDP tracert operation view

Voice operation view

Predefined user roles

network-admin

Parameters

size: Specifies the payload size. Available value ranges include:

· 20 to 65507 bytes for the ICMP echo, UDP echo, or UDP tracert operation.

· 68 to 65507 bytes for the UDP jitter or path jitter operation.

· 16 to 65507 bytes for the voice operation.

Usage guidelines

In ICMP echo and path jitter operations, the command sets the payload size for each ICMP echo request.

In UDP echo, UDP jitter, UDP tracert, and voice operations, the command sets the payload size for each UDP packet.

Examples

# Set the payload size to 80 bytes for each ICMP echo request.

<Sysname> system-view

[Sysname] nqa entry admin test

[Sysname-nqa-admin-test] type icmp-echo

[Sysname-nqa-admin-test-icmp-echo] data-size 80

description

Use description to configure a description for an NQA operation, such as the operation type or purpose.

Use undo description to restore the default.

Syntax

description text

undo description

Default

No description is configured for an NQA operation.

Views

DHCP/DLSw/DNS/FTP/HTTP/SNMP/TCP/voice operation view

ICMP/UDP echo operation view

ICMP/path/UDP jitter operation view

UDP tracert operation view

Predefined user roles

network-admin

Parameters

text: Specifies a description, a case-sensitive string of 1 to 200 characters.

Examples

# Configure the description as icmp-probe for the ICMP echo operation.

<Sysname> system-view

[Sysname] nqa entry admin test

[Sysname-nqa-admin-test] type icmp-echo

[Sysname-nqa-admin-test-icmp-echo] description icmp-probe

destination ip

Use destination ip to configure the destination IPv4 address for the operation.

Use undo destination ip to restore the default.

Syntax

destination ip ip-address

undo destination ip

Default

No destination IPv4 address is configured for an operation.

Views

DHCP/DLSw/DNS/SNMP/TCP/voice operation view

ICMP/UDP echo operation view

ICMP/path/UDP jitter operation view

UDP tracert operation view

Predefined user roles

network-admin

Parameters

ip-address: Specifies the destination IPv4 address for the operation.

Examples

# Specify 10.1.1.1 as the destination IPv4 address for the ICMP echo operation.

<Sysname> system-view

[Sysname] nqa entry admin test

[Sysname-nqa-admin-test] type icmp-echo

[Sysname-nqa-admin-test-icmp-echo] destination ip 10.1.1.1

destination ipv6

Use destination ipv6 to configure the destination IPv6 address for the operation.

Use undo destination ipv6 to restore the default.

Syntax

destination ipv6 ipv6-address

undo destination ipv6

Default

No destination IPv6 address is configured for an operation.

Views

ICMP echo operation view

Predefined user roles

network-admin

Parameters

ipv6-address: Specifies the destination IPv6 address for the operation. IPv6 link-local addresses are not supported.

Examples

# In ICMP echo operation view, specify 1::1 as the destination IPv6 address for ICMP echo requests.

<Sysname> system-view

[Sysname] nqa entry admin test

[Sysname-nqa-admin-test] type icmp-echo

[Sysname-nqa-admin-test-icmp-echo] destination ipv6 1::1

destination port

Use destination port to configure the destination port number for the operation.

Use undo destination port to restore the default.

Syntax

destination port port-number

undo destination port

Default

The destination port number is 33434 for the UDP tracert operation and 161 for the SNMP operation.

No destination port number is configured for other types of operations.

Views

SNMP/TCP/voice operation view

UDP echo operation view

UDP jitter operation view

UDP tracert operation view

Predefined user roles

network-admin

Parameters

port-number: Specifies the destination port number for the operation, in the range of 1 to 65535.

Examples

# Set the destination port number to 9000 for the UDP echo operation.

<Sysname> system-view

[Sysname] nqa entry admin test

[Sysname-nqa-admin-test] type udp-echo

[Sysname-nqa-admin-test-udp-echo] destination port 9000

display nqa history

Use display nqa history to display the history records of NQA operations.

Syntax

display nqa history [ admin-name operation-tag ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

admin-name operation-tag: Specifies an NQA operation by its administrator name and operation tag. The admin-name argument represents the name of the administrator who creates the NQA operation. The operation-tag argument represents the operation tag. Each of the arguments is a case-insensitive string of 1 to 32 characters that cannot contain hyphens (-). If you do not specify an NQA operation, the command displays the history records of all NQA operations.

Usage guidelines

The display nqa history command does not display the results or statistics of the following operations:

· ICMP jitter.

· Path jitter.

· UDP jitter.

· Voice.

To view the results or statistics of the ICMP jitter, path jitter, UDP jitter, and voice operations, use the display nqa result or display nqa statistics command.

Examples

# Display the history records of the UDP tracert operation with administrator name administrator and operation tag tracert.

<Sysname> display nqa history administrator tracert

NQA entry (admin administrator, tag tracert) history records:

Index TTL Response Hop IP Status Time

1 2 328 4.1.1.1 Succeeded 2013-09-09 14:46:06.2

1 2 328 4.1.1.1 Succeeded 2013-09-09 14:46:05.2

1 2 328 4.1.1.1 Succeeded 2013-09-09 14:46:04.2

1 1 328 3.1.1.2 Succeeded 2013-09-09 14:46:03.2

1 1 328 3.1.1.1 Succeeded 2013-09-09 14:46:02.2

1 1 328 3.1.1.1 Succeeded 2013-09-09 14:46:01.2

# Display the history records of the NQA operation with administrator name administrator and operation tag test.

<Sysname> display nqa history administrator test

NQA entry (admin administrator, tag test) history records:

Index Response Status Time

10 329 Succeeded 2011-04-29 20:54:26.5

9 344 Succeeded 2011-04-29 20:54:26.2

8 328 Succeeded 2011-04-29 20:54:25.8

7 328 Succeeded 2011-04-29 20:54:25.5

6 328 Succeeded 2011-04-29 20:54:25.1

5 328 Succeeded 2011-04-29 20:54:24.8

4 328 Succeeded 2011-04-29 20:54:24.5

3 328 Succeeded 2011-04-29 20:54:24.1

2 328 Succeeded 2011-04-29 20:54:23.8

1 328 Succeeded 2011-04-29 20:54:23.4

Table 6 Command output

Field	Description
Index	History record ID. The history records in one UDP tracert operation have the same ID.
TTL	TTL value in the probe packet.
Response	Round-trip time if the operation succeeds, timeout time upon timeout, or 0 if the operation cannot be completed, in milliseconds.
Hop IP	IP address of the node that sent the reply packet.
Status	Status of the operation result: · Succeeded. · Unknown error. · Internal error. · Timeout.
Time	Time when the operation was completed.

display nqa reaction counters

Use display nqa reaction counters to display the current monitoring results of reaction entries.

Syntax

display nqa reaction counters [ admin-name operation-tag [ item-number ] ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

item-number: Specifies a reaction entry by its ID in the range of 1 to 10. If you do not specify a reaction entry, the command displays the results of all reaction entries.

Usage guidelines

The result fields display hyphens (-) in one of the following conditions:

· The threshold type is the average value.

· The monitored performance metric is ICPIF or MOS of the voice operation.

The monitoring results of an operation are accumulated, and are not cleared after the operation completes.

Examples

# Display the monitoring results of all reaction entries of the ICMP echo operation with administrator name admin and operation tag test.

<Sysname> display nqa reaction counters admin test

NQA entry (admin admin, tag test) reaction counters:

Index Checked Element Threshold Type Checked Num Over-threshold Num

1 probe-duration accumulate 12 4

2 probe-duration average - -

3 probe-duration consecutive 160 56

4 probe-fail accumulate 12 0

5 probe-fail consecutive 162 2

Table 7 Command output

Field	Description
Index	ID of a reaction entry.
Checked Element	Monitored performance metric.
Threshold Type	Threshold type.
Checked Num	Number of targets that have been monitored for data collection.
Over-threshold Num	Number of threshold violations.

Table 8 Description of the threshold monitoring fields

Monitored performance metric	Threshold type	Collect data in	Checked Num	Over-threshold Num
probe-duration	accumulate	Probes after the operation starts.	Number of completed probes.	Number of probes with duration exceeding the threshold.
	average	N/A	N/A	N/A
	consecutive	Probes after the operation starts.	Number of completed probes.	Number of probes with duration exceeding the threshold.
probe-fail	accumulate	Probes after the operation starts.	Number of completed probes.	Number of probe failures.
probe-fail	consecutive	Probes after the operation starts.	Number of completed probes.	Number of probe failures.
RTT	accumulate	Packets sent after the operation starts.	Number of sent packets.	Number of packets with round-trip time exceeding threshold.
RTT	average	N/A	N/A	N/A
jitter-DS/jitter-SD	accumulate	Packets sent after the operation starts.	Number of sent packets.	Number of packets with the one-way jitter exceeding the threshold.
jitter-DS/jitter-SD	average	N/A	N/A	N/A
OWD-DS/OWD-SD	N/A	Packets sent after the operation starts.	Number of sent packets.	Number of packets with the one-way delay exceeding the threshold.
packet-loss	accumulate	Packets sent after the operation starts.	Number of sent packets.	Total packet loss.
ICPIF	N/A	N/A	N/A	N/A
MOS	N/A	N/A	N/A	N/A

display nqa result

Use display nqa result to display the most recent result of the specified NQA operation.

Syntax

display nqa result [ admin-name operation-tag ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

Examples

# Display the most recent result of the TCP operation with administrator name admin and operation tag test.

<Sysname> display nqa result admin test

NQA entry (admin admin, tag test) test results:

Send operation times: 1 Receive response times: 1

Min/Max/Average round trip time: 35/35/35

Square-Sum of round trip time: 1225

Last succeeded probe time: 2011-05-29 10:50:33.2

Extended results:

Packet loss ratio: 0%

Failures due to timeout: 0

Failures due to disconnect: 0

Failures due to no connection: 0

Failures due to internal error: 0

Failures due to other errors: 0

# Display the most recent result of the ICMP jitter operation with administrator name admin and operation tag test.

<Sysname> display nqa result admin test

NQA entry (admin admin, tag test) test results:

Send operation times: 10 Receive response times: 10

Min/Max/Average round trip time: 1/2/1

Square-Sum of round trip time: 13

Last packet received time: 2015-03-09 17:40:29.8

Extended results:

Packet loss ratio: 0%

Failures due to timeout: 0

Failures due to internal error: 0

Failures due to other errors: 0

Packets out of sequence: 0

Packets arrived late: 0

ICMP-jitter results:

RTT number: 10

Min positive SD: 0 Min positive DS: 0

Max positive SD: 0 Max positive DS: 0

Positive SD number: 0 Positive DS number: 0

Positive SD sum: 0 Positive DS sum: 0

Positive SD average: 0 Positive DS average: 0

Positive SD square-sum: 0 Positive DS square-sum: 0

Min negative SD: 1 Min negative DS: 2

Max negative SD: 1 Max negative DS: 2

Negative SD number: 1 Negative DS number: 1

Negative SD sum: 1 Negative DS sum: 2

Negative SD average: 1 Negative DS average: 2

Negative SD square-sum: 1 Negative DS square-sum: 4

One way results:

Max SD delay: 1 Max DS delay: 2

Min SD delay: 1 Min DS delay: 2

Number of SD delay: 1 Number of DS delay: 1

Sum of SD delay: 1 Sum of DS delay: 2

Square-Sum of SD delay: 1 Square-Sum of DS delay: 4

Lost packets for unknown reason: 0

# Display the most recent result of the UDP jitter operation with administrator name admin and operation tag test.

<Sysname> display nqa result admin test

NQA entry (admin admin, tag test) test results:

Send operation times: 10 Receive response times: 10

Min/Max/Average round trip time: 15/46/26

Square-Sum of round trip time: 8103

Last packet received time: 2011-05-29 10:56:38.7

Extended results:

Packet loss ratio: 0%

Failures due to timeout: 0

Failures due to internal error: 0

Failures due to other errors: 0

Packets out of sequence: 0

Packets arrived late: 0

UDP-jitter results:

RTT number: 10

Min positive SD: 8 Min positive DS: 8

Max positive SD: 18 Max positive DS: 8

Positive SD number: 5 Positive DS number: 2

Positive SD sum: 75 Positive DS sum: 32

Positive SD average: 15 Positive DS average: 16

Positive SD square-sum: 1189 Positive DS square-sum: 640

Min negative SD: 8 Min negative DS: 1

Max negative SD: 24 Max negative DS: 30

Negative SD number: 4 Negative DS number: 7

Negative SD sum: 56 Negative DS sum: 99

Negative SD average: 14 Negative DS average: 14

Negative SD square-sum: 946 Negative DS square-sum: 1495

One way results:

Max SD delay: 22 Max DS delay: 23

Min SD delay: 7 Min DS delay: 7

Number of SD delay: 10 Number of DS delay: 10

Sum of SD delay: 125 Sum of DS delay: 132

Square-Sum of SD delay: 1805 Square-Sum of DS delay: 1988

SD lost packets: 0 DS lost packets: 0

Lost packets for unknown reason: 0

# Display the most recent result of the voice operation with administrator name admin and operation tag test.

<Sysname> display nqa result admin test

NQA entry (admin admin, tag test) test results:

Send operation times: 1000 Receive response times: 0

Min/Max/Average round trip time: 0/0/0

Square-Sum of round trip time: 0

Last packet received time: 0-00-00 00:00:00.0

Extended results:

Packet loss ratio: 100%

Failures due to timeout: 1000

Failures due to internal error: 0

Failures due to other errors: 0

Packets out of sequence: 0

Packets arrived late: 0

Voice results:

RTT number: 0

Min positive SD: 0 Min positive DS: 0

Max positive SD: 0 Max positive DS: 0

Positive SD number: 0 Positive DS number: 0

Positive SD sum: 0 Positive DS sum: 0

Positive SD average: 0 Positive DS average: 0

Positive SD square-sum: 0 Positive DS square-sum: 0

Min negative SD: 0 Min negative DS: 0

Max negative SD: 0 Max negative DS: 0

Negative SD number: 0 Negative DS number: 0

Negative SD sum: 0 Negative DS sum: 0

Negative SD average: 0 Negative DS average: 0

Negative SD square-sum: 0 Negative DS square-sum: 0

One way results:

Max SD delay: 0 Max DS delay: 0

Min SD delay: 0 Min DS delay: 0

Number of SD delay: 0 Number of DS delay: 0

Sum of SD delay: 0 Sum of DS delay: 0

Square-Sum of SD delay: 0 Square-Sum of DS delay: 0

SD lost packets: 0 DS lost packets: 0

Lost packets for unknown reason: 1000

Voice scores:

MOS value: 0.99 ICPIF value: 87

# Display the most recent result of the path jitter operation with administrator name admin and operation tag test.

<Sysname> display nqa result admin test

NQA entry (admin admin, tag test) test results:

Hop IP 192.168.40.210

Basic Results:

Send operation times: 10

Receive response times: 10

Min/Max/Average round trip time: 1/1/1

Square-Sum of round trip time: 10

Extended Results:

Packet loss ratio: 0%

Failures due to timeout: 0

Failures due to internal error: 0

Failures due to other errors: 0

Packets out of sequence: 0

Packets arrived late: 0

Path-Jitter Results:

Jitter number: 9

Min/Max/Average jitter: 0/0/0

Positive jitter number: 0

Min/Max/Average positive jitter: 0/0/0

Sum/Square-Sum positive jitter: 0/0

Negative jitter number: 0

Min/Max/Average negative jitter: 0/0/0

Sum/Square-Sum negative jitter: 0/0

Hop IP 192.168.50.209

Basic Results:

Send operation times: 10

Receive response times: 10

Min/Max/Average round trip time: 1/1/1

Square-Sum of round trip time: 10

Extended Results:

Packet loss ratio: 0%

Failures due to timeout: 0

Failures due to internal error: 0

Failures due to other errors: 0

Packets out of sequence: 0

Packets arrived late: 0

Path-Jitter Results:

Jitter number: 9

Min/Max/Average jitter: 0/0/0

Positive jitter number: 0

Min/Max/Average positive jitter: 0/0/0

Sum/Square-Sum positive jitter: 0/0

Negative jitter number: 0

Min/Max/Average negative jitter: 0/0/0

Sum/Square-Sum negative jitter: 0/0

# Display the most recent result of the UDP tracert operation with administrator name admin and operation tag test.

<Sysname> display nqa result admin test

NQA entry (admin admin, tag test) test results:

Send operation times: 6 Receive response times: 6

Min/Max/Average round trip time: 35/35/35

Square-Sum of round trip time: 1225

Last succeeded probe time: 2013-09-09 14:23:24.5

Extended results:

Packet loss ratio: 0%

Failures due to timeout: 0

Failures due to internal error: 0

Failures due to other errors: 0

UDP-tracert results:

TTL Hop IP Time

1 3.1.1.1 2013-09-09 14:23:24.5

2 4.1.1.1 2013-09-09 14:23:24.5

Table 9 Command output

Field	Description
Data collecting in progress	The operation is in progress.
Send operation times	Number of operations.
Receive response times	Number of response packets received.
Min/Max/Average round trip time	Minimum/maximum/average round-trip time in milliseconds.
Square-Sum of round trip time	Square sum of round-trip time.
Last succeeded probe time	Time when the last successful probe was completed. If no probes are successful in an operation, the field displays 0. This field is not available for UDP jitter, path jitter, and voice operations.
Last packet received time	Time when the last response packet was received. If no response packets in a probe were received, the field displays 0. This field is available only for UDP jitter and voice operations.
Packet loss ratio	Average packet loss ratio.
Failures due to timeout	Number of timeout occurrences in an operation.
Failures due to disconnect	Number of disconnections by the peer.
Failures due to no connection	Number of failures to connect with the peer.
Failures due to internal error	Number of failures due to internal errors.
Failures due to other errors	Failures due to other errors.
Packets out of sequence	Number of failures due to out-of-sequence packets.
Packets arrived late	Number of response packets received after a probe times out.
UDP-jitter results	UDP jitter operation results. This field is available only for the UDP jitter operation.
ICMP-jitter results	ICMP jitter operation results. This field is available only for the ICMP jitter operation.
Voice results	Voice operation results. This field is available only for the voice operation.
RTT number	Number of response packets received.
Min positive SD	Minimum positive jitter from source to destination.
Min positive DS	Minimum positive jitter from destination to source.
Max positive SD	Maximum positive jitter from source to destination.
Max positive DS	Maximum positive jitter from destination to source.
Positive SD number	Number of positive jitters from source to destination.
Positive DS number	Number of positive jitters from destination to source.
Positive SD sum	Sum of positive jitters from source to destination.
Positive DS sum	Sum of positive jitters from destination to source.
Positive SD average	Average positive jitters from source to destination.
Positive DS average	Average positive jitters from destination to source.
Positive SD square-sum	Square sum of positive jitters from source to destination.
Positive DS square-sum	Square sum of positive jitters from destination to source.
Min negative SD	Minimum absolute value among negative jitters from source to destination.
Min negative DS	Minimum absolute value among negative jitters from destination to source.
Max negative SD	Maximum absolute value among negative jitters from source to destination.
Max negative DS	Maximum absolute value among negative jitters from destination to source.
Negative SD number	Number of negative jitters from source to destination.
Negative DS number	Number of negative jitters from destination to source.
Negative SD sum	Sum of absolute values of negative jitters from source to destination.
Negative DS sum	Sum of absolute values of negative jitters from destination to source.
Negative SD average	Average absolute value of negative jitters from source to destination.
Negative DS average	Average absolute value of negative jitters from destination to source.
Negative SD square-sum	Square sum of negative jitters from source to destination.
Negative DS square-sum	Square sum of negative jitters from destination to source.
One way results	Unidirectional delay. This field is available only for the ICMP jitter, UDP jitter, and voice operations.
Max SD delay	Maximum delay from source to destination.
Max DS delay	Maximum delay from destination to source.
Min SD delay	Minimum delay from source to destination.
Min DS delay	Minimum delay from destination to source.
Number of SD delay	Number of delays from source to destination.
Number of DS delay	Number of delays from destination to source.
Sum of SD delay	Sum of delays from source to destination.
Sum of DS delay	Sum of delays from destination to source.
Square-Sum of SD delay	Square sum of delays from source to destination.
Square-Sum of DS delay	Square sum of delays from destination to source.
SD lost packets	Number of lost packets from the source to the destination.
DS lost packets	Number of lost packets from the destination to the source.
Lost packets for unknown reason	Number of lost packets for unknown reasons.
Voice scores	Voice parameters. This field is available only for the voice operation.
MOS value	MOS value calculated for the voice operation.
ICPIF value	ICPIF value calculated for the voice operation.
Hop IP	IP address of the hop. This field is available only for the path jitter operation.
Path-jitter results	Path jitter operation results. This field is available only for the path jitter operation.
Jitter number	Number of jitters. This field is available only for the path jitter operation.
Min/Max/Average jitter	Minimum/maximum/average jitter in milliseconds. This field is available only for the path jitter operation.
Positive jitter number	Number of positive jitter. This field is available only for the path jitter operation.
Min/Max/Average positive jitter	Minimum/maximum/average positive jitter in milliseconds. This field is available only for the path jitter operation.
Sum/Square-Sum positive jitter	Sum/square sum of the positive jitter. This field is available only for the path jitter operation.
Negative jitter number	Number of negative jitter. This field is available only for the path jitter operation.
Min/Max/Average negative jitter	Minimum/maximum/average negative jitter in milliseconds. This field is available only for the path jitter operation.
Sum/Square-Sum negative jitter	Sum/square sum of the negative jitter. This field is available only for the path jitter operation.
TTL	TTL value in the received reply packet.
Hop IP	IP address of the node that sent the reply packet.
Time	Time when the NQA client received the reply packet.

display nqa statistics

Use display nqa statistics to display NQA operation statistics.

Syntax

display nqa statistics [ admin-name operation-tag ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

Usage guidelines

The statistics are generated after the NQA operation completes. If you execute the display nqa statistics command before the operation completes, the statistics are displayed as all 0s.

If a reaction entry is configured, the command displays the monitoring results of the reaction entry in the period specified by the statistics internal command. The result fields display hyphens (-) in one of the following conditions:

· The threshold type is average value.

· The monitored performance metric is ICPIF or MOS for the voice operation.

The command is not available for the UDP tracert operation.

Examples

# Display the statistics for the TCP operation with administrator name admin and operation tag test.

<Sysname> display nqa statistics admin test

NQA entry (admin admin, tag test) test statistics:

NO. : 1

Start time: 2007-01-01 09:30:20.0

Life time: 2 seconds

Send operation times: 1 Receive response times: 1

Min/Max/Average round trip time: 13/13/13

Square-Sum of round trip time: 169

Extended results:

Packet loss ratio: 0%

Failures due to timeout: 0

Failures due to disconnect: 0

Failures due to no connection: 0

Failures due to internal error: 0

Failures due to other errors: 0

# Display the statistics for the ICMP jitter operation with administrator name admin and operation tag test.

<Sysname> display nqa statistics admin test

NQA entry (admin admin, tag test) test statistics:

NO. : 1

Start time: 2015-03-09 17:42:10.7

Life time: 156 seconds

Send operation times: 1560 Receive response times: 1560

Min/Max/Average round trip time: 1/2/1

Square-Sum of round trip time: 1563

Extended results:

Packet loss ratio: 0%

Failures due to timeout: 0

Failures due to internal error: 0

Failures due to other errors: 0

Packets out of sequence: 0

Packets arrived late: 0

ICMP-jitter results:

RTT number: 1560

Min positive SD: 1 Min positive DS: 1

Max positive SD: 1 Max positive DS: 2

Positive SD number: 18 Positive DS number: 46

Positive SD sum: 18 Positive DS sum: 49

Positive SD average: 1 Positive DS average: 1

Positive SD square-sum: 18 Positive DS square-sum: 55

Min negative SD: 1 Min negative DS: 1

Max negative SD: 1 Max negative DS: 2

Negative SD number: 24 Negative DS number: 57

Negative SD sum: 24 Negative DS sum: 58

Negative SD average: 1 Negative DS average: 1

Negative SD square-sum: 24 Negative DS square-sum: 60

One way results:

Max SD delay: 1 Max DS delay: 2

Min SD delay: 1 Min DS delay: 1

Number of SD delay: 4 Number of DS delay: 4

Sum of SD delay: 4 Sum of DS delay: 5

Square-Sum of SD delay: 4 Square-Sum of DS delay: 7

Lost packets for unknown reason: 0

Reaction statistics:

Index Checked Element Threshold Type Checked Num Over-threshold Num

1 jitter-DS accumulate 1500 10

2 jitter-SD average - -

3 OWD-DS - 1560 2

4 OWD-SD - 1560 0

5 packet-loss accumulate 0 0

6 RTT accumulate 1560 0

# Display the statistics for the UDP jitter operation with administrator name admin and operation tag test.

<Sysname> display nqa statistics admin test

NQA entry (admin admin, tag test) test statistics:

NO. : 1

Start time: 2007-01-01 09:33:22.3

Life time: 23 seconds

Send operation times: 100 Receive response times: 100

Min/Max/Average round trip time: 1/11/5

Square-Sum of round trip time: 24360

Extended results:

Packet loss ratio: 0%

Failures due to timeout: 0

Failures due to internal error: 0

Failures due to other errors: 0

Packets out of sequence: 0

Packets arrived late: 0

UDP-jitter results:

RTT number: 550

Min positive SD: 1 Min positive DS: 1

Max positive SD: 7 Max positive DS: 1

Positive SD number: 220 Positive DS number: 97

Positive SD sum: 283 Positive DS sum: 287

Positive SD average: 1 Positive DS average: 2

Positive SD square-sum: 709 Positive DS square-sum: 1937

Min negative SD: 2 Min negative DS: 1

Max negative SD: 10 Max negative DS: 1

Negative SD number: 81 Negative DS number: 94

Negative SD sum: 556 Negative DS sum: 191

Negative SD average: 6 Negative DS average: 2

Negative SD square-sum: 4292 Negative DS square-sum: 967

One way results:

Max SD delay: 5 Max DS delay: 5

Min SD delay: 1 Min DS delay: 1

Number of SD delay: 550 Number of DS delay: 550

Sum of SD delay: 1475 Sum of DS delay: 1201

Square-Sum of SD delay: 5407 Square-Sum of DS delay: 3959

SD lost packets: 0 DS lost packets: 0

Lost packets for unknown reason: 0

Reaction statistics:

Index Checked Element Threshold Type Checked Num Over-threshold Num

1 jitter-DS accumulate 90 25

2 jitter-SD average - -

3 OWD-DS - 100 24

4 OWD-SD - 100 13

5 packet-loss accumulate 0 0

6 RTT accumulate 100 52

# Display the statistics for the voice operation with administrator name admin and operation tag test.

<Sysname> display nqa statistics admin test

NQA entry (admin admin, tag test) test statistics:

NO. : 1

Start time: 2007-01-01 09:33:45.3

Life time: 120 seconds

Send operation times: 10 Receive response times: 10

Min/Max/Average round trip time: 1/12/7

Square-Sum of round trip time: 620

Extended results:

Packet loss ratio: 0%

Failures due to timeout: 0

Failures due to internal error: 0

Failures due to other errors: 0

Packets out of sequence: 0

Packets arrived late: 0

Voice results:

RTT number: 10

Min positive SD: 3 Min positive DS: 1

Max positive SD: 10 Max positive DS: 1

Positive SD number: 3 Positive DS number: 2

Positive SD sum: 18 Positive DS sum: 2

Positive SD average: 6 Positive DS average: 1

Positive SD square-sum: 134 Positive DS square-sum: 2

Min negative SD: 3 Min negative DS: 1

Max negative SD: 9 Max negative DS: 1

Negative SD number: 4 Negative DS number: 2

Negative SD sum: 25 Negative DS sum: 2

Negative SD average: 6 Negative DS average: 1

Negative SD square-sum: 187 Negative DS square-sum: 2

One way results:

Max SD delay: 0 Max DS delay: 0

Min SD delay: 0 Min DS delay: 0

Number of SD delay: 0 Number of DS delay: 0

Sum of SD delay: 0 Sum of DS delay: 0

Square-Sum of SD delay: 0 Square-Sum of DS delay: 0

SD lost packets: 0 DS lost packets: 0

Lost packets for unknown reason: 0

Voice scores:

Max MOS value: 4.40 Min MOS value: 4.40

Max ICPIF value: 0 Min ICPIF value: 0

Reaction statistics:

Index Checked Element Threshold Type Checked Num Over-threshold Num

1 ICPIF - - -

2 MOS - - -

# Display the statistics for the path jitter operation with administrator name admin and operation tag test.

<Sysname> display nqa statistics admin test

NQA entry (admin admin, tag test) test statistics:

NO. : 1

Path 1:

Hop IP 192.168.40.210

Basic Results:

Send operation times: 10

Receive response times: 10

Min/Max/Average round trip time: 1/1/1

Square-Sum of round trip time: 10

Extended Results:

Packet loss ratio: 0%

Failures due to timeout: 0

Failures due to internal error: 0

Failures due to other errors: 0

Packets out of sequence: 0

Packets arrived late: 0

Path-Jitter Results:

Jitter number: 9

Min/Max/Average jitter: 0/0/0

Positive jitter number: 0

Min/Max/Average positive jitter: 0/0/0

Sum/Square-Sum positive jitter: 0/0

Negative jitter number: 0

Min/Max/Average negative jitter: 0/0/0

Sum/Square-Sum negative jitter: 0/0

Hop IP 192.168.50.209

Basic Results:

Send operation times: 10

Receive response times: 10

Min/Max/Average round trip time: 1/1/1

Square-Sum of round trip time: 10

Extended Results:

Packet loss ratio: 0%

Failures due to timeout: 0

Failures due to internal error: 0

Failures due to other errors: 0

Packets out of sequence: 0

Packets arrived late: 0

Path-Jitter Results:

Jitter number: 9

Min/Max/Average jitter: 0/0/0

Positive jitter number: 0

Min/Max/Average positive jitter: 0/0/0

Sum/Square-Sum positive jitter: 0/0

Negative jitter number: 0

Min/Max/Average negative jitter: 0/0/0

Sum/Square-Sum negative jitter: 0/0

Table 10 Command output

Field	Description
No.	Statistics group ID.
Start time	Time when the operation started.
Life time	Duration of the operation in seconds.
Send operation times	Number of probe packets sent.
Receive response times	Number of response packets received.
Min/Max/Average round trip time	Minimum/maximum/average round-trip time in milliseconds.
Square-Sum of round trip time	Square sum of round-trip time.
Packet loss ratio	Average packet loss ratio.
Failures due to timeout	Number of timeout occurrences in an operation.
Failures due to disconnect	Number of disconnections by the peer.
Failures due to no connection	Number of failures to connect with the peer.
Failures due to internal error	Number of failures due to internal errors.
Failures due to other errors	Failures due to other errors.
Packets out of sequence	Number of failures due to out-of-sequence packets.
Packets arrived late	Number of response packets received after a probe times out.
UDP-jitter results	UDP jitter operation results. This field is available only for the UDP jitter operation.
ICMP-jitter results	ICMP jitter operation results. This field is available only for the ICMP jitter operation.
Voice results	Voice operation results. This field is available only for the voice operation.
RTT number	Number of response packets received.
Min positive SD	Minimum positive jitter from source to destination.
Min positive DS	Minimum positive jitter from destination to source.
Max positive SD	Maximum positive jitter from source to destination.
Max positive DS	Maximum positive jitter from destination to source.
Positive SD number	Number of positive jitters from source to destination.
Positive DS number	Number of positive jitters from destination to source.
Positive SD sum	Sum of positive jitters from source to destination.
Positive DS sum	Sum of positive jitters from destination to source.
Positive SD average	Average positive jitters from source to destination.
Positive DS average	Average positive jitters from destination to source.
Positive SD square-sum	Square sum of positive jitters from source to destination.
Positive DS square-sum	Square sum of positive jitters from destination to source.
Min negative SD	Minimum absolute value among negative jitters from source to destination.
Min negative DS	Minimum absolute value among negative jitters from destination to source.
Max negative SD	Maximum absolute value among negative jitters from source to destination.
Max negative DS	Maximum absolute value among negative jitters from destination to source.
Negative SD number	Number of negative jitters from source to destination.
Negative DS number	Number of negative jitters from destination to source.
Negative SD sum	Sum of absolute values of negative jitters from source to destination.
Negative DS sum	Sum of absolute values of negative jitters from destination to source.
Negative SD average	Average absolute value of negative jitters from source to destination.
Negative DS average	Average absolute value of negative jitters from destination to source.
Negative SD square-sum	Square sum of negative jitters from source to destination.
Negative DS square-sum	Square sum of negative jitters from destination to source.
One way results	Unidirectional delay result. This field is available only for the ICMP jitter, UDP jitter, and voice operations.
Max SD delay	Maximum delay from source to destination.
Max DS delay	Maximum delay from destination to source.
Min SD delay	Minimum delay from source to destination.
Min DS delay	Minimum delay from destination to source.
Number of SD delay	Number of delays from source to destination.
Number of DS delay	Number of delays from destination to source.
Sum of SD delay	Sum of delays from source to destination.
Sum of DS delay	Sum of delays from destination to source.
Square-Sum of SD delay	Square sum of delays from source to destination.
Square-Sum of DS delay	Square sum of delays from destination to source.
SD lost packets	Number of lost packets from the source to the destination.
DS lost packets	Number of lost packets from the destination to the source.
Lost packets for unknown reason	Number of lost packets for unknown reasons.
Voice scores	Voice parameters. This field is available only for the voice operation.
Max MOS value	Maximum MOS value.
Min MOS value	Minimum MOS value.
Max ICPIF value	Maximum ICPIF value.
Min ICPIF value	Minimum ICPIF value.
Reaction statistics	Statistics about the reaction entry in the counting interval.
Index	ID of a reaction entry.
Checked Element	Monitored element.
Threshold Type	Threshold type.
Checked Num	Number of targets that have been monitored for data collection.
Over-threshold Num	Number of threshold violations.
Path	Serial number for the path in the path jitter operation. This field is available only for the path jitter operation.
Hop IP	IP address of the hop. This field is available only for the path jitter operation.
Path-jitter results	Path jitter operation results. This field is available only for the path jitter operation.
Jitter number	Number of jitters. This field is available only for the path jitter operation.
Min/Max/Average jitter	Minimum/maximum/average positive jitter in milliseconds. This field is available only for the path jitter operation.
Positive jitter number	Number of positive jitters. This field is available only for the path jitter operation.
Min/Max/Average positive jitter	Minimum/maximum/average positive jitter in milliseconds. This field is available only for the path jitter operation.
Sum/Square-Sum positive jitter	Sum/square sum of positive jitters. This field is available only for the path jitter operation.
Negative jitter number	Number of negative jitters. This field is available only for the path jitter operation.
Min/Max/Average negative jitter	Minimum/maximum/average negative jitter in milliseconds. This field is available only for the path jitter operation.
Sum/Square-Sum negative jitter	Sum/square sum of negative jitters. This field is available only for the path jitter operation.

Table 11 Description of the threshold monitoring fields

Monitored performance metric	Threshold type	Collect data in	Checked Num	Over-threshold Num
probe-duration	accumulate	Probes in the counting interval.	Number of completed probes.	Number of probes of which the duration exceeds the threshold.
	average	N/A	N/A	N/A
	consecutive	Probes in the counting interval.	Number of completed probes.	Number of probes of which the duration exceeds the threshold.
probe-fail	accumulate	Probes in the counting interval.	Number of completed probes.	Number of probe failures.
probe-fail	consecutive	Probes in the counting interval.	Number of completed probes.	Number of probe failures.
RTT	accumulate	Packets sent in the counting interval.	Number of sent packets.	Number of packets of which the round-trip time exceeds the threshold.
RTT	average	N/A	N/A	N/A
jitter-DS/jitter-SD	accumulate	Packets sent in the counting interval.	Number of sent packets.	Number of packets of which the one-way jitter exceeds the threshold.
jitter-DS/jitter-SD	average	N/A	N/A	N/A
OWD-DS/OWD-SD	N/A	Packets sent in the counting interval.	Number of sent packets.	Number of packets of which the one-way delay exceeds the threshold.
packet-loss	accumulate	Packets sent in the counting interval.	Number of sent packets.	Number of packet loss.
ICPIF	N/A	N/A	N/A	N/A
MOS	N/A	N/A	N/A	N/A

Related commands

statistics interval

filename

Use filename to specify a file to be transferred between the FTP server and the FTP client.

Use undo filename to restore the default.

Syntax

filename filename

undo filename

Default

No file is specified.

Views

FTP operation view

Predefined user roles

network-admin

Parameters

filename: Specifies the name of a file, a case-sensitive string of 1 to 200 characters that cannot contain slashes (/).

Examples

# Specify config.txt as the file to be transferred between the FTP server and the FTP client for the FTP operation.

<Sysname> system-view

[Sysname] nqa entry admin test

[Sysname-nqa-admin-test] type ftp

[Sysname-nqa-admin-test-ftp] filename config.txt

frequency

Use frequency to specify the interval at which the NQA operation repeats.

Use undo frequency to restore the default.

Syntax

frequency interval

undo frequency

Default

The interval between two consecutive voice or path jitter operations is 60000 milliseconds. The interval between two consecutive operations of other types is 0 milliseconds.

Views

DHCP/DLSw/DNS/FTP/HTTP/SNMP/TCP/voice operation view

ICMP/UDP echo operation view

ICMP/path/UDP jitter operation view

UDP tracert operation view

Predefined user roles

network-admin

Parameters

interval: Specifies the interval between two consecutive operations, in the range of 0 to 604800000 milliseconds. An interval of 0 milliseconds configures NQA to perform the operation only once, and not to generate any statistics.

Usage guidelines

If an operation is not completed when the interval is reached, the next operation does not start.

Examples

# Configure the ICMP echo operation to repeat every 1000 milliseconds.

<Sysname> system-view

[Sysname] nqa entry admin test

[Sysname-nqa-admin-test] type icmp-echo

[Sysname-nqa-admin-test-icmp-echo] frequency 1000

history-record enable

Use history-record enable to enable the saving of history records for the NQA operation.

Use undo history-record enable to disable the saving of history records.

Syntax

history-record enable

undo history-record enable

Default

The saving of history records is enabled only for the UDP tracert operation.

Views

DHCP/DLSw/DNS/FTP/HTTP/SNMP/TCP operation view

ICMP/UDP echo operation view

UDP tracert operation view

Predefined user roles

network-admin

Usage guidelines

To display the history records of the NQA operation, use the display nqa history command.

The undo form of the command also removes existing history records of an NQA operation.

Examples

# Enable the saving of history records for the NQA operation.

<Sysname> system-view

[Sysname] nqa entry admin test

[Sysname-nqa-admin-test] type icmp-echo

[Sysname-nqa-admin-test-icmp-echo] history-record enable

Related commands

display nqa history

history-record keep-time

Use history-record keep-time to set the lifetime of history records for an NQA operation.

Use undo history-record keep-time to restore the default.

Syntax

history-record keep-time keep-time

undo history-record keep-time

Default

The history records of an NQA operation are kept for 120 minutes.

Views

DHCP/DLSw/DNS/FTP/HTTP/SNMP/TCP operation view

ICMP/UDP echo operation view

UDP tracert operation view

Predefined user roles

network-admin

Parameters

keep-time: Specifies how long the history records can be saved. The value range is 1 to 1440 minutes.

Usage guidelines

When an NQA operation completes, the timer starts. All records are removed when the lifetime is reached.

Examples

# Set the lifetime of the history records to 100 minutes for the ICMP echo operation.

<Sysname> system-view

[Sysname] nqa entry admin test

[Sysname-nqa-admin-test] type icmp-echo

[Sysname-nqa-admin-test-icmp-echo] history-record keep-time 100

history-record number

Use history-record number to set the maximum number of history records that can be saved for an NQA operation.

Use undo history-record number to restore the default.

Syntax

history-record number number

undo history-record number

Default

A maximum of 50 history records can be saved for an NQA operation.

Views

DHCP/DLSw/DNS/FTP/HTTP/SNMP/TCP operation view

ICMP/UDP echo operation view

UDP tracert operation view

Predefined user roles

network-admin

Parameters

number: Specifies the maximum number of history records that can be saved for an NQA operation. The value range is 0 to 50.

Usage guidelines

If the number of history records for an NQA operation exceeds the maximum number, earliest history records are removed.

Examples

# Set the maximum number of history records to 10 for the ICMP echo operation.

<Sysname> system-view

[Sysname] nqa entry admin test

[Sysname-nqa-admin-test] type icmp-echo

[Sysname-nqa-admin-test-icmp-echo] history-record number 10

init-ttl

Use init-ttl to set the TTL value for UDP packets in the start round of the UDP tracert operation.

Use undo init-ttl to restore the default.

Syntax

init-ttl value

undo init-ttl

Default

The NQA client sends a UDP packet with the TTL value 1 to start the UDP tracert operation.

Views

UDP tracert operation view

Predefined user roles

network-admin

Parameters

value: Specifies the TTL value in the range of 1 to 255.

Examples

# Set the TTL value to 5 for the UDP packets in the start round.

<Sysname> system-view

[Sysname] nqa entry admin test

[Sysname-nqa-admin-test] type udp-tracert

[Sysname-nqa-admin-test-udp-tracert] init-ttl 5

lsr-path

Use lsr-path to specify a loose source routing (LSR) path.

Use undo lsr-path to restore the default.

Syntax

lsr-path ip-address&<1-8>

undo lsr-path

Default

No LSR path is configured.

Views

Path jitter operation view

Predefined user roles

network-admin

Parameters

ip-address&<1-8>: Specifies a space-separated list of up to eight IP addresses. Each IP address represents a hop on the path.

Usage guidelines

The path jitter operation first uses tracert to detect each hop to the destination. It then sends ICMP echo requests to measure the delay and jitters from the source to each node. If multiple routes exist between the source and destination, the operation uses the path specified by using lsr-path command.

Examples

# Specify 10.1.1.20 and 10.1.2.10 as the hops on the LSR path for the path jitter operation.

<Sysname> system-view

[Sysname] nqa entry admin test

[Sysname-nqa-admin-test] type path-jitter

[Sysname-nqa-admin-test- path-jitter] lsr-path 10.1.1.20 10.1.2.10

max-failure

Use max-failure to set the maximum number of consecutive probe failures in a UDP tracert operation.

Use undo max-failure to restore the default.

Syntax

max-failure times

undo max-failure

Default

A UDP tracert operation stops and fails when it detects five consecutive probe failures.

Views

UDP tracert operation view

Predefined user roles

network-admin

Parameters

times: Specifies the maximum number in the range of 0 to 255. When this argument is set to 0 or 255, the UDP tracert operation does not stop when consecutive probe failures occur.

Usage guidelines

When a UDP tracert operation detects the maximum number of consecutive probe failures, the operation fails and stops probing the path.

Examples

# Set the maximum number of consecutive probe failures to 20 in a UDP tracert operation.

<Sysname> system-view

[Sysname] nqa entry admin test

[Sysname-nqa-admin-test] type udp-tracert

[Sysname-nqa-admin-test-udp-tracert] max-failure 20

mode

Use mode to set the data transmission mode for the FTP operation.

Use undo mode to restore the default.

Syntax

mode { active | passive }

undo mode

Default

The FTP operation uses the active data transmission mode.

Views

FTP operation view

Predefined user roles

network-admin

Parameters

active: Sets the data transmission mode to active. The FTP server initiates a connection request.

passive: Sets the data transmission mode to passive. The FTP client initiates a connection request.

Examples

# Set the data transmission mode to passive for the FTP operation.

<Sysname> system-view

[Sysname] nqa entry admin test

[Sysname-nqa-admin-test] type ftp

[Sysname-nqa-admin-test-ftp] mode passive

next-hop ip

Use next-hop ip to specify the next hop IPv4 address for probe packets.

Use undo next-hop ip to restore the default.

Syntax

next-hop ip ip-address

undo next-hop ip

Default

No next hop IPv4 address is specified for probe packets.

Views

ICMP echo operation view

Predefined user roles

network-admin

Parameters

ip-address: Specifies the IPv4 address of the next hop.

Usage guidelines

If the next hop IPv4 address is not configured, the device searches the routing table to determine the next hop IPv4 address for the probe packets.

Examples

# Specify 10.1.1.1 as the next hop IPv4 address for the ICMP echo operation.

<Sysname> system-view

[Sysname] nqa entry admin test

[Sysname-nqa-admin-test] type icmp-echo

[Sysname-nqa-admin-test-icmp-echo] next-hop ip 10.1.1.1

next-hop ipv6

Use next-hop ipv6 to specify the next hop IPv6 address for probe packets.

Use undo next-hop ipv6 to restore the default.

Syntax

next-hop ipv6 ipv6-address

undo next-hop ipv6

Default

No next hop IPv6 address is specified for probe packets.

Views

ICMP echo operation view

Predefined user roles

network-admin

Parameters

ipv6-address: Specifies the IPv6 address of the next hop. IPv6 link-local addresses are not supported.

Usage guidelines

If the next hop IPv6 address is not configured, the device searches the routing table to determine the next hop IPv6 address for the probe packets.

Examples

# Specify 10::1 as the next hop IPv6 address for the ICMP echo operation.

<Sysname> system-view

[Sysname] nqa entry admin test

[Sysname-nqa-admin-test] type icmp-echo

[Sysname-nqa-admin-test-icmp-echo] next-hop ipv6 10::1

no-fragment enable

Use no-fragment enable to enable the no-fragmentation feature.

Use undo no-fragment enable to disable the no-fragmentation feature.

Syntax

no-fragment enable

undo no-fragment enable

Default

The no-fragmentation feature is disabled.

Views

UDP tracert operation view

Predefined user roles

network-admin

Usage guidelines

The no-fragmentation feature sets the DF field to 1. Packets with the DF field set cannot be fragmented during the forwarding process.

You can use this command to test the path MTU of a link.

Examples

# Enable the no-fragmentation feature for the UDP tracert operation.

<Sysname> system-view

[Sysname] nqa entry admin test

[Sysname-nqa-admin-test] type udp-tracert

[Sysname-nqa-admin-test-udp-tracert] no-fragment enable

nqa

Use nqa to create an NQA operation and enter its view, or enter the view of an existing NQA operation.

Use undo nqa to remove the operation.

Syntax

nqa entry admin-name operation-tag

undo nqa { all | entry admin-name operation-tag }

Default

No NQA operations exist.

Views

System view

Predefined user roles

network-admin

Parameters

all: Removes all NQA operations.

Usage guidelines

After you create an NQA operation, use the type command to specify the operation type for it. Then, you can use the nqa entry command to directly enter the NQA operation type view.

Only one operation type can be specified for one NQA operation.

Examples

# Create an NQA operation with administrator name admin and operation tag test, and enter NQA operation view.

<Sysname> system-view

[Sysname] nqa entry admin test

[Sysname-nqa-admin-test]

nqa agent enable

Use nqa agent enable to enable the NQA client.

Use undo nqa agent enable to disable the NQA client and stop all operations being performed.

Syntax

nqa agent enable

undo nqa agent enable

Default

The NQA client is enabled.

Views

System view

Predefined user roles

network-admin

Examples

# Enable the NQA client.

<Sysname> system-view

[Sysname] nqa agent enable

Related commands

nqa server enable

nqa schedule

Use nqa schedule to configure scheduling parameters for an NQA operation.

Use undo nqa schedule to stop the operation.

Syntax

nqa schedule admin-name operation-tag start-time { hh:mm:ss [ yyyy/mm/dd | mm/dd/yyyy ] | now } lifetime { lifetime | forever } [ recurring ]

undo nqa schedule admin-name operation-tag

Default

No schedule is configured for an NQA operation.

Views

System view

Predefined user roles

network-admin

Parameters

start-time: Specifies the start time and date of the NQA operation.

hh:mm:ss: Specifies the start time of an NQA operation.

yyyy/mm/dd: Specifies the start date of an NQA operation. The default value is the current system time, and the value for the yyyy argument is in the range of 2000 to 2035.

mm/dd/yyyy: Specifies the start date of an NQA operation. The default value is the current system time, and the value for the yyyy argument is in the range of 2000 to 2035.

now: Starts the operation immediately.

lifetime: Specifies the duration of an operation.

lifetime: Specifies the duration of an operation in seconds. The value range is 1 to 2147483647.

forever: Performs the operation until you stop it by using the undo nqa schedule command.

recurring: Runs the operation automatically at the start time and for the specified duration. If you do not specify this keyword, the NQA operation is performed only once at the specified date and time.

Usage guidelines

You cannot enter the view of a scheduled NQA operation. If you want to enter such a view, use the undo nqa schedule command to stop the NQA operation first.

The NQA operation works between the specified start time and the end time (the start time plus operation duration). If the specified start time is ahead of the system time, the operation starts immediately. If both the specified start time and end time are ahead of the system time, the operation does not start. To display the current system time, use the display clock command.

Specify a lifetime long enough for an operation to complete.

Examples

# Schedule the operation with administrator name admin and operation tag test to start on 08:08:08 2008/08/08 and last 1000 seconds.

<Sysname> system-view

[Sysname] nqa schedule admin test start-time 08:08:08 2008/08/08 lifetime 1000 recurring

Related commands

destination ip

display clock (Fundamentals Command Reference)

nqa entry

type

operation (FTP operation view)

Use operation to specify the operation type for the FTP operation.

Use undo operation to restore the default.

Syntax

operation { get | put }

undo operation

Default

The FTP operation type is get.

Views

FTP operation view

Predefined user roles

network-admin

Parameters

get: Gets a file from the FTP server.

put: Transfers a file to the FTP server.

Usage guidelines

When you perform the put operation with the filename command configured, make sure the file exists on the NQA client.

If you get a file from the FTP server, make sure the file specified in the URL exists on the FTP server. The NQA client does not save the file obtained from the FTP server.

Use a small file for the FTP operation. A big file might result in transfer failure because of timeout, or might affect other services for occupying much network bandwidth.

Examples

# Set the operation type to put for the FTP operation.

<Sysname> system-view

[Sysname] nqa entry admin test

[Sysname-nqa-admin-test] type ftp

[Sysname-nqa-admin-test-ftp] operation put

Related commands

password

username

operation (HTTP operation view)

Use operation to specify the operation type for the HTTP operation.

Use undo operation to restore the default.

Syntax

operation { get | post | raw }

undo operation

Default

The HTTP operation type is get.

Views

HTTP operation view

Predefined user roles

network-admin

Parameters

get: Gets data from the HTTP server.

post: Transfers data to the HTTP server.

raw: Sends the RAW request to the HTTP server.

Usage guidelines

The HTTP operation use HTTP requests as probe packets.

For the get or post operation, the content in the request is obtained from the URL specified by the url command.

For the raw operation, the content in the request is configured in raw request view. You can use the raw-request command to enter the raw request view.

Examples

# Set the operation type to raw for the HTTP operation.

<Sysname> system-view

[Sysname] nqa entry admin test

[Sysname-nqa-admin-test] type http

[Sysname-nqa-admin-test-http] operation raw

Related commands

password

raw-request

username

out interface

Use out interface to specify the output interface for probe packets.

Use undo out interface to restore the default.

Syntax

out interface interface-type interface-number

undo out interface

Default

The output interface for probe packets is not specified. The NQA client determines the output interface based on the routing table lookup.

Views

DHCP operation view

ICMP echo operation view

UDP jitter operation view

UDP tracert operation view

Predefined user roles

network-admin

Parameters

interface-type interface-number: Specifies an interface by its type and number.

Usage guidelines

For successful operation, the specified output interface must be up.

If both the next-hop and out interface commands are configured for the ICMP echo operation, the out interface command does not take effect.

Examples

# Specify GigabitEthernet 1/0/1 as the output interface for probe packets in the UDP tracert operation.

<Sysname> system-view

[Sysname] nqa entry admin test

[Sysname-nqa-admin-test] type udp-tracert

[Sysname-nqa-admin-test-udp-tracert] out interface gigabitethernet 1/0/1

password

Use password to specify a password.

Use undo password to restore the default.

Syntax

password { cipher | simple } string

undo password

Default

No password is specified.

Views

FTP operation view

HTTP operation view

Predefined user roles

network-admin

Parameters

cipher: Specifies a password in encrypted form.

simple: Specifies a password in plaintext form. For security purposes, the password specified in plaintext form will be stored in encrypted form.

string: Specifies the password. The plaintext form of the password is a case-sensitive string of 1 to 32 characters. The encrypted form of the password is a case-sensitive string of 1 to 73 characters.

Examples

# Set the FTP login password to ftpuser.

<Sysname> system-view

[Sysname] nqa entry admin test

[Sysname-nqa-admin-test] type ftp

[Sysname-nqa-admin-test-ftp] password simple ftpuser

Related commands

operation

username

probe count

Use probe count to specify the probe times.

Use undo probe count to restore the default.

Syntax

probe count times

undo probe count

Default

In an UDP tracert operation, the NQA client sends three probe packets to each hop along the path.

In other types of operations, the NQA client performs one probe to the destination per operation.

Views

DHCP/DLSw/DNS/FTP/HTTP/SNMP/TCP operation view

ICMP/UDP echo operation view

ICMP/UDP jitter operation view

UDP tracert operation view

Predefined user roles

network-admin

Parameters

times: Specifies the probe times.

· For the UDP tracert operation, this argument specifies the times of probes to each hop along the path. The value range for this argument is 1 to 10.

· For other types of operations, this argument specifies the times of probes to the destination per operation. The value range for this argument is 1 to 15.

Usage guidelines

The following describes how NQA performs different types of operations:

· A TCP or DLSw operation sets up a connection.

· A UDP jitter operation sends a number of probe packets. The number of probe packets is set by using the probe packet-number command.

· An FTP operation uploads or downloads a file.

· An HTTP operation gets a Web page.

· A DHCP operation gets an IP address through DHCP.

· A DNS operation translates a domain name to an IP address.

· An ICMP echo sends an ICMP echo request.

· A UDP echo operation sends a UDP packet.

· An SNMP operation sends one SNMPv1 packet, one SNMPv2c packet, and one SNMPv3 packet.

· A path jitter operation is accomplished in the following steps:

a. The operation uses tracert to obtain the path from the NQA client to the destination. A maximum of 64 hops can be detected.

b. The NQA client sends ICMP echo requests to each hop along the path. The number of ICMP echo requests is set by using the probe packet-number command.

· A UDP tracert operation determines the routing path from the source to the destination. The number of probe packets sent to each hop is set by using the probe count command.

If an operation is to perform multiple probes, the NQA client starts a new probe in one of the following conditions:

· The NQA client receives responses to packets sent in the last probe.

· The probe timeout time expires.

This command is not available for the voice or path jitter operations. Each of these operations performs only one probe.

Examples

# Configure the ICMP echo operation to perform 10 probes.

<Sysname> system-view

[Sysname] nqa entry admin test

[Sysname-nqa-admin-test] type icmp-echo

[Sysname-nqa-admin-test-icmp-echo] probe count 10

probe packet-interval

Use probe packet-interval to configure the packet sending interval in the probe.

Use undo probe packet-interval to restore the default.

Syntax

probe packet-interval interval

undo probe packet-interval

Default

The packet sending interval is 20 milliseconds.

Views

ICMP jitter operation view

Path jitter operation view

UDP jitter operation view

Voice operation view

Predefined user roles

network-admin

Parameters

interval: Specifies the sending interval in the range of 10 to 60000 milliseconds.

Examples

# Configure the UDP jitter operation to send packets every 100 milliseconds.

<Sysname> system-view

[Sysname] nqa entry admin test

[Sysname-nqa-admin-test] type udp-jitter

[Sysname-nqa-admin-test-udp-jitter] probe packet-interval 100

probe packet-number

Use probe packet-number to set the number of packets to be sent in a UDP jitter, path jitter, or voice probe.

Use undo probe packet-number to restore the default.

Syntax

probe packet-number packet-number

undo probe packet-number

Default

A UDP jitter or path jitter probe sends 10 packets and a voice probe sends 1000 packets.

Views

ICMP jitter operation view

Path jitter operation view

UDP jitter operation view

Voice operation view

Predefined user roles

network-admin

Parameters

packet-number: Specifies the number of packets to be sent per probe. Available value ranges include:

· 10 to 1000 for the ICMP jitter, UDP jitter, or path jitter operation.

· 10 to 60000 for the voice operation.

Examples

# Configure the UDP jitter probe to send 100 packets.

<Sysname> system-view

[Sysname] nqa entry admin test

[Sysname-nqa-admin-test] type udp-jitter

[Sysname-nqa-admin-test-udp-jitter] probe packet-number 100

probe packet-timeout

Use probe packet-timeout to set the timeout time for waiting for a response in the UDP jitter, path jitter, or voice operation.

Use undo probe packet-timeout to restore the default.

Syntax

probe packet-timeout timeout

undo probe packet-timeout

Default

The response timeout time in the ICMP jitter, UDP jitter, and path jitter operations is 3000 milliseconds.

The response timeout time in the voice operation is 5000 milliseconds.

Views

ICMP jitter operation view

Path jitter operation view

UDP jitter operation view

Voice operation view

Predefined user roles

network-admin

Parameters

timeout: Specifies the timeout time in milliseconds. The value range is 10 to 3600000.

Examples

# Set the response timeout time to 100 milliseconds in the UDP jitter operation.

<Sysname> system-view

[Sysname] nqa entry admin test

[Sysname-nqa-admin-test] type udp-jitter

[Sysname-nqa-admin-test-udp-jitter] probe packet-timeout 100

probe timeout

Use probe timeout to set the probe timeout time.

Use undo probe timeout to restore the default.

Syntax

probe timeout timeout

undo probe timeout

Default

The timeout time of a probe is 3000 milliseconds.

Views

DHCP/DLSw/DNS/FTP/HTTP/SNMP/TCP operation view

ICMP/UDP echo operation view

UDP tracert operation view

Predefined user roles

network-admin

Parameters

timeout: Specifies the probe timeout time in milliseconds. Available value ranges include:

· 10 to 86400000 for the FTP or HTTP operation.

· 10 to 3600000 for the DHCP, DNS, DLSw, ICMP echo, SNMP, TCP, UDP echo, or UDP tracert operation.

Usage guidelines

If a probe does not complete within the period, the probe is timed out.

Examples

# Set the probe timeout time to 10000 milliseconds for the DHCP operation.

<Sysname> system-view

[Sysname] nqa entry admin test

[Sysname-nqa-admin-test] type dhcp

[Sysname-nqa-admin-test-dhcp] probe timeout 10000

raw-request

Use raw-request to enter raw request view and specify the content of an HTTP request.

Use undo raw-request to restore the default.

Syntax

raw-request

undo raw-request

Default

The contents of an HTTP raw request are not specified.

Views

HTTP operation view

Predefined user roles

network-admin

Usage guidelines

This command places you in raw request view and deletes the previously configured request content. To ensure successful operations, make sure the request content is in the correct format.

If the HTTP operation type is set to raw, you must enter raw request view and configure the request content to be sent to the HTTP server.

Examples

# Enter raw request view and specify the content of a GET request for the HTTP operation.

<Sysname> system-view

[Sysname] nqa entry admin test

[Sysname-nqa-admin-test] type http

[Sysname-nqa-admin-test-http] raw-request

[Sysname-nqa-admin-test-http-raw-request] GET /sdn/ui/app/index HTTP/1.0\r\nHost: 172.0.0.2\r\n\r\n

reaction checked-element { jitter-ds | jitter-sd }

Use reaction checked-element { jitter-ds | jitter-sd } to configure a reaction entry for monitoring one-way jitter in the NQA operation.

Use undo reaction to delete the specified reaction entry.

Syntax

reaction item-number checked-element { jitter-ds | jitter-sd } threshold-type { accumulate accumulate-occurrences | average } threshold-value upper-threshold lower-threshold [ action-type { none | trap-only } ]

undo reaction item-number

Default

No reaction entries for monitoring one-way jitter exist.

Views

ICMP jitter operation view

UDP jitter operation view

Voice operation view

Predefined user roles

network-admin

Parameters

item-number: Assigns an ID to the reaction entry, in the range of 1 to 10.

jitter-ds: Specifies the destination-to-source jitter of each probe packet as the monitored element (or performance metric).

jitter-sd: Specifies source-to-destination jitter of each probe packet as the monitored element.

threshold-type: Specifies a threshold type.

accumulate accumulate-occurrences: Checks the total number of threshold violations in the operation. The value range is 1 to 14999 for the ICMP jitter and UDP jitter operations, and 1 to 59999 for the voice operation.

average: Checks the average one-way jitter.

threshold-value: Specifies threshold range in milliseconds.

upper-threshold: Specifies the upper limit in the range of 0 to 3600000.

lower-threshold: Specifies the lower limit in the range of 0 to 3600000. It must not be greater than the upper limit.

action-type: Specifies the action to be triggered. The default action is none.

none: Specifies the action of displaying results on the terminal display.

trap-only: Specifies the action of displaying results on the terminal display and meanwhile sending SNMP trap messages to the NMS.

Usage guidelines

You cannot edit a reaction entry after it is created. To change the attributes in a reaction entry, use the undo reaction command to delete the entry, and then configure a new one.

Only successful probe packets are monitored. Statistics about failed probe packets are not collected.

Examples

# Create reaction entry 1 for monitoring the average destination-to-source jitter of UDP jitter packets, and set the upper limit to 50 milliseconds and the lower limit to 5 milliseconds. Before the NQA operation starts, the initial state of the reaction entry is invalid. After the operation, the average destination-to-source jitter is checked against the threshold range. If it exceeds the upper limit, the state of the reaction entry is set to over-threshold. If it is below the lower limit, the state is set to below-threshold. Once the state of the reaction entry changes, a trap message is generated and sent to the NMS.

<Sysname> system-view

[Sysname] nqa entry admin test

[Sysname-nqa-admin-test] type udp-jitter

[Sysname-nqa-admin-test-udp-jitter] reaction 1 checked-element jitter-ds threshold-type average threshold-value 50 5 action-type trap-only

# Create reaction entry 2 for monitoring the destination-to-source jitter of UDP jitter probe packets, and set the upper limit to 50 milliseconds, and the lower limit to 5 milliseconds. Before the NQA operation starts, the initial state of the reaction entry is invalid. After the operation, the destination-to-source jitter is checked against the threshold range. If the total number of threshold violations reaches or exceeds 100, the state of the entry is set to over-threshold. Otherwise, the state of the entry is set to below-threshold. Once the state of the reaction entry changes, a trap message is generated and sent to the NMS.

<Sysname> system-view

[Sysname] nqa entry admin test

[Sysname-nqa-admin-test] type udp-jitter

[Sysname-nqa-admin-test-udp-jitter] reaction 2 checked-element jitter-ds threshold-type accumulate 100 threshold-value 50 5 action-type trap-only

reaction checked-element { owd-ds | owd-sd }

Use reaction checked-element { owd-ds | owd-sd } to configure a reaction entry for monitoring the one-way delay.

Use undo reaction to delete the specified reaction entry.

Syntax

reaction item-number checked-element { owd-ds | owd-sd } threshold-value upper-threshold lower-threshold

undo reaction item-number

Default

No reaction entries for monitoring the one-way delay exist.

Views

ICMP jitter operation view

UDP jitter operation view

Voice operation view

Predefined user roles

network-admin

Parameters

item-number: Assigns an ID to the reaction entry, in the range of 1 to 10.

owd-ds: Specifies the destination-to-source delay of each probe packet as the monitored element.

owd-sd: Specifies the source-to-destination delay of each probe packet as the monitored element.

threshold-value: Specifies threshold range in milliseconds.

upper-threshold: Specifies the upper limit in the range of 0 to 3600000.

lower-threshold: Specifies the lower limit in the range of 0 to 3600000. It must not be greater than the upper limit.

Usage guidelines

You cannot edit a reaction entry after it is created. To change the attributes in a reaction entry, use the undo reaction command to delete the entry, and then configure a new one.

Only successful probe packets are monitored. Statistics about failed probe packets are not collected.

No actions can be configured for a reaction entry of monitoring one-way delays. To display the monitoring results and statistics, use the display nqa reaction counters and display nqa statistics commands.

Examples

# Create reaction entry 1 for monitoring the destination-to-source delay of every UDP jitter packet, and set the upper limit to 50 milliseconds and lower limit to 5 milliseconds. Before the NQA operation starts, the initial state of the reaction entry is invalid. The destination-to-source delay is calculated after the response to the probe packet arrives. If the delay exceeds the upper limit, the state of the reaction entry is set to over-threshold. If it is below the lower limit, the state is set to below-threshold. Once the state of the reaction entry changes, a trap message is generated and sent to the NMS.

<Sysname> system-view

[Sysname] nqa entry admin test

[Sysname-nqa-admin-test] type udp-jitter

[Sysname-nqa-admin-test-udp-jitter] reaction 1 checked-element owd-ds threshold-value 50 5

reaction checked-element icpif

Use reaction checked-element icpif to configure a reaction entry for monitoring the ICPIF value in the voice operation.

Use undo reaction to delete the specified reaction entry.

Syntax

reaction item-number checked-element icpif threshold-value upper-threshold lower-threshold [ action-type { none | trap-only } ]

undo reaction item-number

Default

No reaction entries for monitoring ICPIF values exist.

Views

Voice operation view

Predefined user roles

network-admin

Parameters

item-number: Assigns an ID to the reaction entry, in the range of 1 to 10.

threshold-value: Specifies threshold range.

upper-threshold: Specifies the upper limit in the range of 1 to 100.

lower-threshold: Specifies the lower limit in the range of 1 to 100. It must not be greater than the upper limit.

action-type: Specifies what action to be triggered. The default action is none.

none: Specifies the action of displaying results on the terminal display.

trap-only: Specifies the action of displaying results on the terminal display and meanwhile sending SNMP trap messages to the NMS.

Usage guidelines

You cannot edit a reaction entry after it is created. To change the attributes in a reaction entry, use the undo reaction command to delete the entry, and then configure a new one.

Examples

# Create reaction entry 1 for monitoring the ICPIF value in the voice operation, and set the upper limit to 50 and lower limit to 5. Before the voice operation starts, the initial state of the reaction entry is invalid. After the operation, the ICPIF value is checked against the threshold range. If it exceeds the upper limit, the state of the reaction entry is set to over-threshold. If it is below the lower limit, the state is set to below-threshold. Once the state of the reaction entry changes, a trap message is generated and sent to the NMS.

<Sysname> system-view

[Sysname] nqa entry admin test

[Sysname-nqa-admin-test] type voice

[Sysname-nqa-admin-test-voice] reaction 1 checked-element icpif threshold-value 50 5 action-type trap-only

reaction checked-element mos

Use reaction checked-element mos to configure a reaction entry for monitoring the MOS value in the voice operation.

Use undo reaction to delete the specified reaction entry.

Syntax

reaction item-number checked-element mos threshold-value upper-threshold lower-threshold [ action-type { none | trap-only } ]

undo reaction item-number

Default

No reaction entries for monitoring the MOS value exist.

Views

Voice operation view

Predefined user roles

network-admin

Parameters

item-number: Assigns an ID to the reaction entry, in the range of 1 to 10.

threshold-value: Specifies threshold range.

upper-threshold: Specifies the upper limit in the range of 1 to 500.

lower-threshold: Specifies the lower limit in the range of 1 to 500. It must not be greater than the upper limit.

action-type: Specifies what action to be triggered. The default action is none.

none: Specifies the action of displaying results on the terminal display.

trap-only: Specifies the action of displaying results on the terminal display and meanwhile sending SNMP trap messages to the NMS.

Usage guidelines

You cannot edit a reaction entry after it is created. To change the attributes in a reaction entry, use the undo reaction command to delete the entry, and then configure a new one.

For the MOS threshold, the number is expressed in three digits representing ones, tenths, and hundredths. For example, to express a MOS threshold of 1, enter 100.

Examples

# Create reaction entry 1 for monitoring the MOS value of the voice operation, and set the upper limit to 2 and lower limit to 1. Before the NQA operation starts, the initial state of the reaction entry is invalid. After the operation, the MOS value is checked against the threshold range. If it exceeds the upper limit, the state of the reaction entry is set to over-threshold. If it is below the lower limit, the state is set to below-threshold. Once the state of the reaction entry changes, a trap message is generated and sent to the NMS.

<Sysname> system-view

[Sysname] nqa entry admin test

[Sysname-nqa-admin-test] type voice

[Sysname-nqa-admin-test-voice] reaction 1 checked-element mos threshold-value 200 100 action-type trap-only

reaction checked-element packet-loss

Use reaction checked-element packet-loss to configure a reaction entry for monitoring packet loss in UDP jitter or voice operation.

Use undo reaction to delete the specified reaction entry.

Syntax

reaction item-number checked-element packet-loss threshold-type accumulate accumulate-occurrences [ action-type { none | trap-only } ]

undo reaction item-number

Default

No reaction entries for monitoring packet loss exist.

Views

ICMP jitter operation view

UDP jitter operation view

Voice operation view

Predefined user roles

network-admin

Parameters

item-number: Assigns an ID to the reaction entry, in the range of 1 to 10.

threshold-type: Specifies a threshold type.

accumulate accumulate-occurrences: Specifies the total number of lost packets in the operation. The value range is 1 to 15000 for the ICMP jitter and UDP jitter operations, and 1 to 60000 for the voice operation.

action-type: Specifies what action to be triggered. The default action is none.

none: Specifies the action of displaying results on the terminal display.

trap-only: Specifies the action of displaying results on the terminal display and meanwhile sending SNMP trap messages to the NMS.

Usage guidelines

You cannot edit a reaction entry after it is created. To change the attributes in a reaction entry, use the undo reaction command to delete the entry, and then configure a new one.

Examples

# Create reaction entry 1 for monitoring packet loss in the UDP jitter operation. Before the NQA operation starts, the initial state of the reaction entry is invalid. After the operation, the total number of the lost packets is checked against the threshold. If the number reaches or exceeds 100, the state of the reaction entry is set to over-threshold. Otherwise, the state is set to below-threshold. Once the state of the reaction entry changes, a trap message is generated and sent to the NMS.

<Sysname> system-view

[Sysname] nqa entry admin test

[Sysname-nqa-admin-test] type udp-jitter

[Sysname-nqa-admin-test-udp-jitter] reaction 1 checked-element packet-loss threshold-type accumulate 100 action-type trap-only

reaction checked-element probe-duration

Use reaction checked-element probe-duration to configure a reaction entry for monitoring the probe duration.

Use undo reaction to delete the specified reaction entry.

Syntax

reaction item-number checked-element probe-duration threshold-type { accumulate accumulate-occurrences | average | consecutive consecutive-occurrences } threshold-value upper-threshold lower-threshold [ action-type { none | trap-only } ]

undo reaction item-number

Default

No reaction entries for monitoring the probe duration exist.

Views

DHCP/DLSw/DNS/FTP/HTTP/SNMP/TCP operation view

ICMP/UDP echo operation view

Predefined user roles

network-admin

Parameters

item-number: Assigns an ID to the reaction entry, in the range of 1 to 10.

threshold-type: Specifies a threshold type.

accumulate accumulate-occurrences: Checks the total number of threshold violations. The value range is 1 to 15.

average: Checks the average probe duration.

consecutive consecutive-occurrences: Specifies the number of consecutive threshold violations after the NQA operation starts. The value range is 1 to 16.

threshold-value: Specifies threshold range in milliseconds.

upper-threshold: Specifies the upper limit in the range of 0 to 3600000.

lower-threshold: Specifies the lower limit in the range of 0 to 3600000. It must not be greater than the upper threshold.

action-type: Specifies what action to be triggered. The default action is none.

none: Specifies the action of displaying results on the terminal display.

trap-only: Specifies the action of displaying results on the terminal display and meanwhile sending SNMP trap messages to the NMS. This keyword is not available for the DNS operation.

Usage guidelines

You cannot edit a reaction entry after it is created. To change the attributes in a reaction entry, use the undo reaction command to delete the entry, and then configure a new one.

Only successful probe packets are monitored. Statistics about failed probe packets are not collected.

Examples

# Create reaction entry 1 for monitoring the average probe duration of ICMP echo operation, and set the upper limit to 50 milliseconds and lower limit to 5 milliseconds. Before the NQA operation starts, the initial state of the reaction entry is invalid. After the operation, the average probe duration is checked. If it exceeds the upper limit, the state is set to over-threshold. If it is below the lower limit, the state of the reaction entry is set to below-threshold. Once the state of the reaction entry changes, a trap message is generated and sent to the NMS.

<Sysname> system-view

[Sysname] nqa entry admin test

[Sysname-nqa-admin-test] type icmp-echo

[Sysname-nqa-admin-test-icmp-echo] reaction 1 checked-element probe-duration threshold-type average threshold-value 50 5 action-type trap-only

# Create reaction entry 2 for monitoring the probe duration of ICMP echo operation, and set the upper limit to 50 milliseconds and the lower limit to 5 milliseconds. Before the NQA operation starts, the initial state of the reaction entry is invalid. After the operation, the accumulated probe duration is checked against the threshold range. If the total number of threshold violations reaches or exceeds 10, the state of the entry is set to over-threshold. If it is below the lower threshold, the state of the entry is set to below-threshold. Once the state of the reaction entry changes, a trap message is generated and sent to the NMS.

<Sysname> system-view

[Sysname] nqa entry admin test

[Sysname-nqa-admin-test] type icmp-echo

[Sysname-nqa-admin-test-icmp-echo] reaction 2 checked-element probe-duration threshold-type accumulate 10 threshold-value 50 5 action-type trap-only

# Create reaction entry 3 for monitoring the probe duration time of ICMP echo operation, and set the upper limit to 50 milliseconds and the lower limit to 5 milliseconds. Before the NQA operation starts, the initial state of the reaction entry is invalid. After the operation, the consecutive probe duration is checked against the threshold range. If the total number of consecutive threshold violations reaches or exceeds 10, the state of the entry is set to over-threshold. If it is below the lower threshold, the state of the entry is set to below-threshold. Once the state of the reaction entry changes, a trap message is generated and sent to the NMS.

<Sysname> system-view

[Sysname] nqa entry admin test

[Sysname-nqa-admin-test] type icmp-echo

[Sysname-nqa-admin-test-icmp-echo] reaction 3 checked-element probe-duration threshold-type consecutive 10 threshold-value 50 5 action-type trap-only

reaction checked-element probe-fail (for trap)

Use reaction checked-element probe-fail to configure a reaction entry for monitoring the probe failures of the operation.

Use undo reaction to delete the specified reaction entry.

Syntax

reaction item-number checked-element probe-fail threshold-type { accumulate accumulate-occurrences | consecutive consecutive-occurrences } [ action-type { none | trap-only } ]

undo reaction item-number

Default

No reaction entries for monitoring probe failures exist.

Views

DHCP/DLSw/DNS/FTP/HTTP/SNMP/TCP operation view

ICMP/UDP echo operation view

Predefined user roles

network-admin

Parameters

item-number: Assigns an ID to the reaction entry, in the range of 1 to 10.

threshold-type: Specifies a threshold type.

accumulate accumulate-occurrences: Checks the total number of probe failures. The value range is 1 to 15.

consecutive consecutive-occurrences: Checks the maximum number of consecutive probe failures. The value range is 1 to 16.

action-type: Specifies what action to be triggered. The default action is none.

none: Specifies the action of displaying results on the terminal display.

trap-only: Specifies the action of displaying results on the terminal display and meanwhile sending SNMP trap messages to the NMS. This keyword is not available for the DNS operation.

Usage guidelines

You cannot edit a reaction entry after it is created. To change the attributes in a reaction entry, use the undo reaction command to delete the entry, and then configure a new one.

Examples

# Create reaction entry 1 for monitoring the probe failures in ICMP echo operation. Before the NQA operation starts, the initial state of the reaction entry is invalid. If the total number of probe failures reaches or exceeds 10, the state of the entry is set to over-threshold. If it is below the threshold, the state of the entry is set to below-threshold. Once the state of the reaction entry changes, a trap message is generated and sent to the NMS.

<Sysname> system-view

[Sysname] nqa entry admin test

[Sysname-nqa-admin-test] type icmp-echo

[Sysname-nqa-admin-test-icmp-echo] reaction 1 checked-element probe-fail threshold-type accumulate 10 action-type trap-only

# Create reaction entry 2 for monitoring the probe failures in ICMP echo operation. Before the NQA operation starts, the initial state of the reaction entry is invalid. If the number of consecutive probe failures reaches or exceeds 10, the state of the entry is set to over-threshold. If it is below the threshold, the state of the entry is set to below-threshold. Once the state of the reaction entry changes, a trap message is generated and sent to the NMS.

<Sysname> system-view

[Sysname] nqa entry admin test

[Sysname-nqa-admin-test] type icmp-echo

[Sysname-nqa-admin-test-icmp-echo] reaction 2 checked-element probe-fail threshold-type consecutive 10 action-type trap-only

reaction checked-element probe-fail (for trigger)

Use reaction checked-element probe-fail to configure a reaction entry for monitoring probe failures.

Use undo reaction to remove the specified reaction entry.

Syntax

reaction item-number checked-element probe-fail threshold-type consecutive consecutive-occurrences action-type trigger-only

undo reaction item-number

Default

No reaction entries for monitoring probe failures exist.

Views

DHCP/DLSw/DNS/FTP/HTTP/SNMP/TCP operation view

ICMP/UDP echo operation view

Predefined user roles

network-admin

Parameters

item-number: Assigns an ID to the reaction entry, in the range of 1 to 10.

threshold-type: Specifies a threshold type.

consecutive consecutive-occurrences: Checks the maximum number of consecutive probe failures, in the range of 1 to 16.

action-type: Specifies what action to be triggered.

trigger-only: Triggers other modules to react to certain conditions.

Usage guidelines

You cannot edit a reaction entry after it is created. To change the attributes in a reaction entry, use the undo reaction command to delete the entry, and then configure a new one.

Examples

# Create reaction entry 1. If the number of consecutive probe failures reaches 3, collaboration is triggered.

<Sysname> system-view

[Sysname] nqa entry admin test

[Sysname-nqa-admin-test] type tcp

[Sysname-nqa-admin-test-tcp] reaction 1 checked-element probe-fail threshold-type consecutive 3 action-type trigger-only

Related commands

track (High Availability Command Reference)

reaction checked-element rtt

Use reaction checked-element rtt to configure a reaction entry for monitoring packet round-trip time.

Use undo reaction to delete the specified reaction entry.

Syntax

reaction item-number checked-element rtt threshold-type { accumulate accumulate-occurrences | average } threshold-value upper-threshold lower-threshold [ action-type { none | trap-only } ]

undo reaction item-number

Default

No reaction entries for monitoring packet round-trip time exist.

Views

ICMP jitter operation view

UDP jitter operation view

Voice operation view

Predefined user roles

network-admin

Parameters

item-number: Assigns an ID to the reaction entry, in the range of 1 to 10.

threshold-type: Specifies a threshold type.

accumulate accumulate-occurrences: Checks the total number of threshold violations. Available value ranges include:

· 1 to 15000 for the ICMP jitter and UDP jitter operations.

· 1 to 60000 for the voice operation.

average: Checks the packet average round-trip time.

threshold-value: Specifies threshold range in milliseconds.

upper-threshold: Specifies the upper limit in the range of 0 to 3600000.

lower-threshold: Specifies the lower limit in the range of 0 to 3600000. It must not be greater than the upper limit.

action-type: Specifies what action to be triggered. The default action is none.

none: Specifies the action of displaying results on the terminal display.

trap-only: Specifies the action of displaying results on the terminal display and meanwhile sending SNMP trap messages to the NMS.

Usage guidelines

You cannot edit a reaction entry after it is created. To change the attributes in a reaction entry, use the undo reaction command to delete the entry, and then configure a new one.

Only successful probe packets are monitored. Statistics about failed probe packets are not collected.

Examples

# Create reaction entry 1 for monitoring the average round-trip time of UDP jitter probe packets, and set the upper limit to 50 milliseconds and lower limit to 5 milliseconds. Before the NQA operation starts, the initial state of the reaction entry is invalid. After the operation, the average packet round-trip time is checked. If it exceeds the upper limit, the state is set to over-threshold. If it is below the lower limit, the state is set to below-threshold. Once the reaction entry state changes, a trap message is generated and sent to the NMS.

<Sysname> system-view

[Sysname] nqa entry admin test

[Sysname-nqa-admin-test] type udp-jitter

[Sysname-nqa-admin-test-udp-jitter] reaction 1 checked-element rtt threshold-type average threshold-value 50 5 action-type trap-only

# Create reaction entry 2 for monitoring the round-trip time of UDP jitter probe packets, and set the upper limit to 50 milliseconds and lower limit to 5 milliseconds. Before the NQA operation starts, the initial state of the reaction entry is invalid. After the operation, the packet round-trip time is checked. If the total number of threshold violations reaches or exceeds 100, the state of the entry is set to over-threshold. Otherwise, the state of the entry is set to below-threshold. Once the state of the reaction entry changes, a trap message is generated and sent to the NMS.

<Sysname> system-view

[Sysname] nqa entry admin test

[Sysname-nqa-admin-test] type udp-jitter

[Sysname-nqa-admin-test-udp-jitter] reaction 1 checked-element rtt threshold-type accumulate 100 threshold-value 50 5 action-type trap-only

reaction trap

Use reaction trap to configure the sending of traps to the NMS under specific conditions.

Use undo reaction trap to restore the default.

Syntax

reaction trap { path-change | probe-failure consecutive-probe-failures | test-complete | test-failure [ accumulate-probe-failures ] }

undo reaction trap { path-change | probe-failure | test-complete | test-failure }

Default

No traps are sent to the NMS.

Views

DHCP/DLSw/DNS/FTP/HTTP/SNMP/TCP/voice operation view

ICMP/UDP echo operation view

ICMP/UDP jitter operation view

UDP tracert operation view

Predefined user roles

network-admin

Parameters

path-change: Sends a trap when the UDP tracert operation detects a different path to the destination.

probe-failure consecutive-probe-failures: Sends a trap to the NMS if the number of consecutive probe failures in an operation is greater than or equal to consecutive-probe-failures. The value range for the consecutive-probe-failures argument is 1 to 15. The system counts the number of consecutive probe failures for each operation, so multiple traps might be sent.

test-complete: Sends a trap to indicate that the operation is completed.

test-failure: Sends a trap when an operation fails. For operations other than UDP tracert operation, the system counts the total number of probe failures in an operation. If the number reaches or exceeds the value for the accumulate-probe-failures argument, a trap is sent for the operation failure.

accumulate-probe-failures: Specifies the total number of probe failures in an operation. The value range is 1 to 15. This argument is not supported by the UDP tracert operation.

Usage guidelines

The ICMP jitter, UDP jitter, and voice operations support only the test-complete keyword.

The following parameters are not available for the UDP tracert operation:

· The probe-failure consecutive-probe-failures option.

· The accumulate-probe-failures argument.

Examples

# Configure the system to send a trap if five or more consecutive probe failures occur in an ICMP echo operation.

<Sysname> system-view

[Sysname] nqa entry admin test

[Sysname-nqa-admin-test] type icmp-echo

[Sysname-nqa-admin-test-icmp-echo] reaction trap probe-failure 5

rresolve-target

Use resolve-target to specify the domain name to be resolved in the DNS operation.

Use undo resolve-target to restore the default.

Syntax

resolve-target domain-name

undo resolve-target

Default

The domain name to be resolved in the DNS operation is not specified.

Views

DNS operation view

Predefined user roles

network-admin

Parameters

domain-name: Specifies the domain name to be resolved. It is a dot-separated case-sensitive string of 1 to 255 characters including letters, digits, hyphens (-), and underscores (_) (for example, aabbcc.com). Each part consists of 1 to 63 characters, and consecutive dots (.) are not allowed.

Examples

# Specify domain1 as the domain name to be resolved.

<Sysname> system-view

[Sysname] nqa entry admin test

[Sysname-nqa-admin-test] type dns

[Sysname-nqa-admin-test-dns] resolve-target domain1

route-option bypass-route

Use route-option bypass-route to enable the routing table bypass feature to test the connectivity to the direct destination.

Use undo route-option bypass-route to disable the routing table bypass feature.

Syntax

route-option bypass-route

undo route-option bypass-route

Default

The routing table bypass feature is disabled.

Views

DLSw/DNS/FTP/HTTP/SNMP/TCP/voice operation view

ICMP/UDP echo operation view

ICMP/UDP jitter operation view

UDP tracert operation view

Predefined user roles

network-admin

Usage guidelines

When the routing table bypass feature is enabled, the following events occur:

· The routing table is not searched. Packets are sent to the destination in a directly connected network.

· The TTL value in the probe packet is set to 1. The TTL set in the ttl command does not take effect.

Examples

# Enable the routing table bypass feature.

<Sysname> system-view

[Sysname] nqa entry admin test

[Sysname-nqa-admin-test] type icmp-echo

[Sysname-nqa-admin-test-icmp-echo] route-option bypass-route

source interface

Use source interface to specify the IP address of the specified interface as the source IP address of probe packets.

Use undo source interface to restore the default.

Syntax

source interface interface-type interface-number

undo source interface

Default

The probe packets take the primary IP address of the outgoing interface as their source IP address.

Views

ICMP echo operation view

UDP tracert operation view

Predefined user roles

network-admin

Parameters

interface-type interface-number: Specifies an interface by its type and number.

Usage guidelines

If you execute this command and the source ip or source ipv6 command for an ICMP echo operation multiple times, the most recent configuration takes effect.

If you execute this command and the source ip command for a UDP tracert operation multiple times, the most recent configuration takes effect.

The specified source interface must be up. Otherwise, no probe requests can be sent out.

Examples

# Specify the IP address of interface GigabitEthernet 1/0/1 as the source IP address of ICMP echo request packets.

<Sysname> system-view

[Sysname] nqa entry admin test

[Sysname-nqa-admin-test] type icmp-echo

[Sysname-nqa-admin-test-icmp-echo] source interface gigabitethernet 1/0/1

Related commands

source ip

source ipv6

source ip

Use source ip to configure the source IPv4 address for probe packets.

Use undo source ip to restore the default.

Syntax

source ip ip-address

undo source ip

Default

The probe packets takes the primary IP address of their output interface as the source IP address.

Views

DHCP/DLSw/FTP/HTTP/SNMP/TCP/voice operation view

ICMP/UDP echo operation view

ICMP/path/UDP jitter operation view

UDP tracert operation view

Predefined user roles

network-admin

Parameters

ip-address: Specifies the source IPv4 address for probe packets.

Usage guidelines

If you execute the source interface and source ip commands for an ICMP echo or UDP tracert operation multiple times, the most recent configuration takes effect.

The specified source IPv4 address must be the IPv4 address of a local interface, and the local interface must be up. Otherwise, no probe packets can be sent out.

Examples

# Specify 10.1.1.1 as the source IPv4 address for ICMP echo requests.

<Sysname> system-view

[Sysname] nqa entry admin test

[Sysname-nqa-admin-test] type icmp-echo

[Sysname-nqa-admin-test-icmp-echo] source ip 10.1.1.1

Related commands

source interface

source ipv6

Use source ipv6 to configure the source IPv6 address for probe packets.

Use undo source ipv6 to restore the default.

Syntax

source ipv6 ipv6-address

undo source ipv6

Default

The probe packets takes the IPv6 address of their output interface as the source IPv6 address.

Views

ICMP echo operation view

Predefined user roles

network-admin

Parameters

ipv6-address: Specifies the source IPv6 address for probe packets. IPv6 link-local addresses are not supported.

Usage guidelines

If you execute the source interface and source ipv6 commands for an ICMP echo operation multiple times, the most recent configuration takes effect.

The specified source IPv6 address must be the IPv6 address of a local interface. The local interface must be up. Otherwise, no probe packets can be sent out.

Examples

# In ICMP echo operation view, specify 1::1 as the source IPv6 address for ICMP echo requests.

<Sysname> system-view

[Sysname] nqa entry admin test

[Sysname-nqa-admin-test] type icmp-echo

[Sysname-nqa-admin-test-icmp-echo] source ipv6 1::1

Related commands

source interface

source port

Use source port to configure the source port number for probe packets.

Use undo source port to restore the default.

Syntax

source port port-number

undo source port

Default

The source port number is not specified.

Views

SNMP/voice operation view

UDP echo operation view

UDP jitter operation view

UDP tracert operation view

Predefined user roles

network-admin

Parameters

port-number: Specifies the source port number in the range of 1 to 65535.

Examples

# Set the source port number to 8000 for probe packets in the UDP echo operation.

<Sysname> system-view

[Sysname] nqa entry admin test

[Sysname-nqa-admin-test] type udp-echo

[Sysname-nqa-admin-test-udp-echo] source port 8000

statistics hold-time

Use statistics hold-time to set the hold time of statistics groups for an NQA operation.

Use undo statistics hold-time to restore the default.

Syntax

statistics hold-time hold-time

undo statistics hold-time

Default

The hold time of statistics groups for an NQA operation is 120 minutes.

Views

DHCP/DLSw/DNS/FTP/HTTP/SNMP/TCP/voice operation view

ICMP/UDP echo operation view

ICMP/path/UDP jitter operation view

Predefined user roles

network-admin

Parameters

hold-time: Specifies the hold time in minutes, in the range of 1 to 1440.

Usage guidelines

A statistics group is deleted when its hold time expires.

Examples

# Set the hold time to 3 minutes for statistics groups of the ICMP echo operation.

<Sysname> system-view

[Sysname] nqa entry admin test

[Sysname-nqa-admin-test] type icmp-echo

[Sysname-nqa-admin-test-icmp-echo] statistics hold-time 3

statistics interval

Use statistics interval to set the statistics collection interval for an NQA operation.

Use undo statistics interval to restore the default.

Syntax

statistics interval interval

undo statistics interval

Default

The statistics collection interval is 60 minutes.

Views

DHCP/DLSw/DNS/FTP/HTTP/SNMP/TCP/voice operation view

ICMP/UDP echo operation view

ICMP/path/UDP jitter operation view

Predefined user roles

network-admin

Parameters

interval: Specifies the interval in minutes, in the range of 1 to 35791394.

Usage guidelines

NQA forms statistics within the same collection interval as a statistics group. To display information about the statistics groups, use the display nqa statistics command.

Examples

# Configure NQA to collect the ICMP echo operation statistics every 2 minutes.

<Sysname> system-view

[Sysname] nqa entry admin test

[Sysname-nqa-admin-test] type icmp-echo

[Sysname-nqa-admin-test-icmp-echo] statistics interval 2

statistics max-group

Use statistics max-group to set the maximum number of statistics groups that can be saved.

Use undo statistics max-group to restore the default.

Syntax

statistics max-group number

undo statistics max-group

Default

A maximum of two statistics groups can be saved.

Views

DHCP/DLSw/DNS/FTP/HTTP/SNMP/TCP/voice operation view

ICMP/UDP echo operation view

ICMP/path/UDP jitter operation view

Predefined user roles

network-admin

Parameters

number: Specifies the maximum number of statistics groups, in the range of 0 to 100. To disable statistics collection, set the value to 0.

Usage guidelines

When the maximum number of statistics groups is reached and a new statistics group is to be saved, the earliest statistics group is deleted.

Examples

# Configure NQA to save a maximum of five statistics groups for the ICMP echo operation.

<Sysname> system-view

[Sysname] nqa entry admin test

[Sysname-nqa-admin-test] type icmp-echo

[Sysname-nqa-admin-test-icmp-echo] statistics max-group 5

target-only

Use target-only to perform the path jitter operation only on the destination address.

Use undo target-only to restore the default.

Syntax

target-only

undo target-only

Default

NQA performs the path jitter operation to the destination hop by hop.

Views

Path jitter operation view

Predefined user roles

network-admin

Examples

# Perform the path jitter operation only on the destination address.

<Sysname> system-view

[Sysname] nqa entry admin test

[Sysname-nqa-admin-test] type path-jitter

[Sysname-nqa-admin-test-path-jitter] target-only

tos

Use tos to set the ToS value in the IP header for probe packets.

Use undo tos to restore the default.

Syntax

tos value

undo tos

Default

The ToS value in the IP header of probe packets is 0.

Views

Any operation view

Predefined user roles

network-admin

Parameters

value: Specifies the ToS value in the range of 0 to 255.

Examples

# In ICMP echo operation view, set the ToS value to 1 in the IP header for probe packets.

<Sysname> system-view

[Sysname] nqa entry admin test

[Sysname-nqa-admin-test] type icmp-echo

[Sysname-nqa-admin-test-icmp-echo] tos 1

ttl

Use ttl to set the maximum number of hops that the probe packets can traverse.

Use undo ttl to restore the default.

Syntax

ttl value

undo ttl

Default

The maximum number of hops is 30 for probe packets of the UDP tracert operation, and is 20 for probe packets of other types of operations.

Views

DLSw/DNS/FTP/HTTP/SNMP/TCP/voice operation view

ICMP/UDP echo operation view

ICMP/UDP jitter operation view

UDP tracert operation view

Predefined user roles

network-admin

Parameters

value: Specifies the maximum number of hops that the probe packets can traverse, in the range of 1 to 255.

Usage guidelines

The route-option bypass-route command sets the TTL to 1 for probe packets. If you configure both the route-option bypass-route and ttl commands for an operation, the ttl command does not take effect.

For a successful UDP tracert operation, make sure the maximum number of hops is not smaller than the value set in the init-ttl command.

Examples

# Set the maximum number of hops to 16 for probe packets in the ICMP echo operation.

<Sysname> system-view

[Sysname] nqa entry admin test

[Sysname-nqa-admin-test] type icmp-echo

[Sysname-nqa-admin-test-icmp-echo] ttl 16

type

Use type to specify an NQA operation type and enter its view.

Syntax

type { dhcp | dlsw | dns | ftp | http | icmp-echo | icmp-jitter | path-jitter | snmp | tcp | udp-echo | udp-jitter | udp-tracert | voice }

Default

No operation type is specified.

Views

NQA operation view

Predefined user roles

network-admin

Parameters

dhcp: Specifies the DHCP operation type.

dlsw: Specifies the DLSw operation type.

dns: Specifies the DNS operation type.

ftp: Specifies the FTP operation type.

http: Specifies the HTTP operation type.

icmp-echo: Specifies the ICMP echo operation type.

icmp-jitter: Specifies the ICMP jitter operation type.

path-jitter: Specifies the path jitter operation type.

snmp: Specifies the SNMP operation type.

tcp: Specifies the TCP operation type.

udp-echo: Specifies the UDP echo operation type.

udp-jitter: Specifies the UDP jitter operation type.

udp-tracert: Specifies the UDP tracert operation type.

voice: Specifies the voice operation type.

Usage guidelines

You can specify only one type for an NQA operation. After that, you can configure the operation type-related settings for the NQA operation. To change the type of the NQA operation, remove the NQA operation in system view, and then re-create the NQA operation.

Examples

# Specify FTP as the NQA operation type and enter FTP operation view.

<Sysname> system-view

[Sysname] nqa entry admin test

[Sysname-nqa-admin-test] type ftp

[Sysname-nqa-admin-test-ftp]

url

Use url to specify the URL of the destination.

Use undo url to restore the default.

Syntax

url url

undo url

Default

The destination URL is not specified.

Views

FTP operation view

HTTP operation view

Predefined user roles

network-admin

Parameters

url: Specifies the URL of the destination server, a case-sensitive string of 1 to 255 characters. The following table describes the URL format and parameters for different operations.

Operation	URL format	Parameter description
HTTP operation	http://host/resource http://host:port/resource	The host parameter represents the host name of the destination server. The host name is a dot-separated case-sensitive string including letters, digits, hyphens (-), and underscores (_). Host names are composed of series of labels, aabbcc.com for example. Each label consists of 1 to 63 characters. Consecutive dots (.) and question marks are not allowed. For description about the filename parameter, see Fundamentals Configuration Guide.
FTP operation	ftp://host/filename ftp://host:port/filename

Operation

URL format

Parameter description

HTTP operation

http://host/resource

http://host:port/resource

The host parameter represents the host name of the destination server. The host name is a dot-separated case-sensitive string including letters, digits, hyphens (-), and underscores (_). Host names are composed of series of labels, aabbcc.com for example. Each label consists of 1 to 63 characters. Consecutive dots (.) and question marks are not allowed.

For description about the filename parameter, see Fundamentals Configuration Guide.

FTP operation

ftp://host/filename

ftp://host:port/filename

Examples

# Configure the URL that the HTTP operation visits as http://www.company.com/index.htm.

<Sysname> system-view

[Sysname] nqa entry admin test

[Sysname-nqa-admin-test] type http

[Sysname-nqa-admin-test-http] url http://www.company.com/index.html

username

Use username to specify a username.

Use undo username to restore the default.

Syntax

username username

undo username

Default

No username is configured.

Views

FTP operation view

HTTP operation view

Predefined user roles

network-admin

Parameters

username: Specifies the username, a case-sensitive string of 1 to 32 characters.

Examples

# Set the FTP login username to administrator.

<Sysname> system-view

[Sysname] nqa entry admin test

[Sysname-nqa-admin-test] type ftp

[Sysname-nqa-admin-test-ftp] username administrator

Related commands

operation

password

version

Use version to specify the version used in the HTTP operation.

Use undo version to restore the default.

Syntax

version { v1.0 | v1.1 }

undo version

Default

Version 1.0 is used in the HTTP operation.

Views

HTTP operation view

Predefined user roles

network-admin

Parameters

v1.0: Uses version 1.0.

v1.1: Uses version 1.1.

Examples

# Configure the HTTP operation to use HTTP version 1.1.

<Sysname> system-view

[Sysname] nqa entry admin test

[Sysname-nqa-admin-test] type http

[Sysname-nqa-admin-test-http] version v1.1

vpn-instance

Use vpn-instance to apply the operation to a VPN instance.

Use undo vpn-instance to restore the default.

Syntax

vpn-instance vpn-instance-name

undo vpn-instance

Default

The operation applies to the public network.

Views

DHCP/DLSw/DNS/FTP/HTTP/SNMP/TCP/voice operation view

ICMP/UDP echo operation view

ICMP/path/UDP jitter operation view

UDP tracert operation view

Predefined user roles

network-admin

Parameters

vpn-instance-name: Specifies a VPN instance by its name, a case-sensitive string of 1 to 31 characters.

Usage guidelines

After you specify the VPN, the NQA operation tests the connectivity in the specified VPN instance.

Examples

# Apply the ICMP echo operation to vpn1.

<Sysname> system-view

[Sysname] nqa entry admin test

[Sysname-nqa-admin-test] type icmp-echo

[Sysname-nqa-admin-test-icmp-echo] vpn-instance vpn1

NQA server commands

display nqa server

Use display nqa server status to display NQA server status.

Syntax

display nqa server

Views

Any view

Predefined user roles

network-admin

network-operator

Examples

# Display NQA server status.

<Sysname> display nqa server

NQA server status: Enabled

TCP connect:

IP Address Port ToS VPN instance

2.2.2.2 2000 200 -

UDP echo:

IP Address Port ToS VPN instance

3.3.3.3 3000 255 vpn1

Table 12 Command output

Field	Description
NQA server status	Whether the NQA server is enabled.
TCP-connect	Information about the TCP listening service on the NQA server.
UDP-echo	Information about the UDP listening service on the NQA server.
IP Address	IP address specified for the TCP/UDP listening service on the NQA server.
Port	Port number specified for the TCP/UDP listening service on the NQA server.
ToS	ToS value in reply packets sent by the NQA server.
VPN instance	Name of the VPN instance to which the IP address that the NQA server listens on belongs. This field displays a hyphen (-) if the NQA server listens on a public IP address.

Related commands

nqa server enable

nqa server tcp-connect

nqa server udp-echo

nqa server enable

Use nqa server enable to enable the NQA server.

Use undo nqa server enable to disable the NQA server.

Syntax

nqa server enable

undo nqa server enable

Default

The NQA server is disabled.

Views

System view

Predefined user roles

network-admin

Examples

# Enable the NQA server.

<Sysname> system-view

[Sysname] nqa server enable

Related commands

display nqa server

nqa server tcp-connect

nqa server udp-echo

nqa server tcp-connect

Use nqa server tcp-connect to configure a TCP listening service to enable the NQA server to listen to a port on the specified IP address.

Use undo nqa server tcp-connect to remove a TCP listening service.

Syntax

nqa server tcp-connect ip-address port-number [ vpn-instance vpn-instance-name ] [ tos tos ]

undo nqa server tcp-connect ip-address port-number

Default

No TCP listening services exist.

Views

System view

Predefined user roles

network-admin

Parameters

ip-address: Specifies the IP address for the TCP listening service.

port-number: Specifies the port number for the TCP listening service, in the range of 1 to 65535.

vpn-instance vpn-instance-name: Specifies a VPN instance by its name, a case-sensitive string of 1 to 31 characters. If you do not specify this option, the NQA server listens on the public IP address.

tos tos: Specifies the ToS value in the IP header for reply packets. The value range is 0 to 255, and the default value is 0.

Usage guidelines

Use this command on the NQA server only for the TCP operation.

When you configure the IP address and port number for a TCP listening service on the NQA server, follow these restrictions and guidelines:

· The IP address and port number must be unique on the NQA server and match the configuration on the NQA client.

· The IP address must be the address of an interface on the NQA server.

· To ensure successful NQA operations and avoid affecting existing services, do not configure the TCP listening service on well-known ports from 1 to 1023.

Examples

# Configure a TCP listening service to enable the NQA server to listen to port 9000 on the IP address 169.254.10.2.

<Sysname> system-view

[Sysname] nqa server tcp-connect 169.254.10.2 9000

Related commands

display nqa server

nqa server enable

nqa server udp-echo

Use nqa server udp-echo to configure a UDP listening service to enable the NQA server to listen to a port on the specified IP address.

Use undo nqa server udp-echo to remove the UDP listening service created.

Syntax

nqa server udp-echo ip-address port-number [ vpn-instance vpn-instance-name ] [ tos tos ]

undo nqa server udp-echo ip-address port-number

Default

No UDP listening services exist.

Views

System view

Predefined user roles

network-admin

Parameters

ip-address: Specifies the IP address for the UDP listening service.

port-number: Specifies the port number for the UDP listening service, in the range of 1 to 65535.

vpn-instance vpn-instance-name: Specifies a VPN instance by its name, a case-sensitive string of 1 to 31 characters. If you do not specify this option, the NQA server listens on a public IP address.

tos tos: Specifies the ToS value in the IP header for reply packets. The value range for this argument is 0 to 255, and the default value is 0.

Usage guidelines

Use this command on the NQA server only for the UDP jitter, UDP echo, and voice operations.

When you configure the IP address and port number for a UDP listening service on the NQA server, follow these restrictions and guidelines:

· The IP address and port number must be unique on the NQA server and match the configuration on the NQA client.

· The IP address must be the address of an interface on the NQA server.

· To ensure successful NQA operations and avoid affecting existing services, do not configure the UDP listening service on well-known ports from 1 to 1023.

Examples

# Configure a UDP listening service to enable the NQA server to listen to port 9000 on the IP address 169.254.10.2.

<Sysname> system-view

[Sysname] nqa server udp-echo 169.254.10.2 9000

Related commands

display nqa server

nqa server enable

NTP commands

NTP is supported only on the following Layer 3 interfaces:

· Layer 3 Ethernet interfaces.

· Layer 3 aggregate interfaces.

· Layer 3 aggregate subinterfaces.

· VLAN interfaces.

· Tunnel interfaces.

display ntp-service ipv6 sessions

Use display ntp-service ipv6 sessions to display information about all IPv6 NTP associations.

Syntax

display ntp-service ipv6 sessions [ verbose ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

verbose: Displays detailed information about all IPv6 NTP associations. If you do not specify this keyword, the command displays only brief information about the IPv6 NTP associations.

Examples

# Display brief information about all IPv6 NTP associations.

<Sysname>display ntp-service ipv6 sessions

Notes: 1 source(master), 2 source(peer), 3 selected, 4 candidate, 5 configured.

Source: [125]3000::32

Reference: 127.127.1.0 Clock stratum: 2

Reachabilities: 1 Poll interval: 64

Last receive time: 6 Offset: -0.0

Roundtrip delay: 0.0 Dispersion: 0.0

Total sessions : 1

Table 13 Command output

Field	Description
[12345]	· 1—Clock source selected by the system (the current reference source). · 2—The stratum level of the clock source is less than or equal to 15. · 3—The clock source has survived the clock selection algorithm. · 4—The clock source is a candidate clock source. · 5—The clock source was created by a command.
Source	IPv6 address of the NTP server. If this field displays::, the IPv6 address of the NTP server has not been resolved successfully.
Reference	Reference clock ID of the NTP server: · If the reference clock is the local clock, the value of this field is related to the value of the Clock stratum field: ¡ When the value of the Clock stratum field is 0 or 1, this field displays LOCL. ¡ When the Clock stratum field has another value, this field displays the MD5 digest value of the first 32 bits of the IPv6 address. The MD5 digest value is in dotted decimal format. · If the reference clock is the clock of another device on the network, this field displays the MD5 digest value of the first 32 bits of the IPv6 address. The MD5 digest value is in dotted decimal format. If this field displays INIT, the local device has not established a connection with the NTP server.
Clock stratum	Stratum level of the NTP server, which determines the clock accuracy. The value is in the range of 1 to 16. A lower stratum level represents higher clock accuracy. A stratum 16 clock is not synchronized and cannot be used as a reference clock.
Reachabilities	Reachability count of the NTP server. 0 indicates that the NTP server is unreachable.
Poll interval	Polling interval in seconds. It is the maximum interval between successive NTP messages.
Last receive time	Length of time from when the last NTP message was received or when the local clock was last updated to the current time. Time is in seconds by default. · If the time length is greater than 2048 seconds, it is displayed in minutes(m). · If the time length is greater than 300 minutes, it is displayed in hours (h). · If the time length is greater than 96 hours, it is displayed in days (d). · If the time length is greater than 999 days, it is displayed in years (y). If the time when the most recent NTP message was received or when the local clock was updated most recently is behind the current time, this field displays a hyphen (-).
Offset	Offset of the system clock relative to the reference clock, in milliseconds.
Roundtrip delay	Roundtrip delay from the local device to the clock source, in milliseconds.
Dispersion	Maximum error of the system clock relative to the reference source.
Total sessions	Total number of associations.

# Display detailed information about all IPv6 NTP associations.

<Sysname>display ntp-service ipv6 sessions verbose

Clock source: 1::1

Session ID: 36144

Clock stratum: 16

Clock status: configured, insane, valid, unsynced

Reference clock ID: INIT

VPN instance: Not specified

Local mode: sym_active, local poll interval: 6

Peer mode: unspec, peer poll interval: 10

Offset: 0.0000ms, roundtrip delay: 0.0000ms, dispersion: 15937ms

Root roundtrip delay: 0.0000ms, root dispersion: 0.0000ms

Reachabilities:0, sync distance: 15.938

Precision: 2^10, version: 4, source interface: Not specified

Reftime: 00000000.00000000 Thu, Feb 7 2036 6:28:16.000

Orgtime: d17cbb21.0f318106 Tue, May 17 2011 9:15:13.059

Rcvtime: 00000000.00000000 Thu, Feb 7 2036 6:28:16.000

Xmttime: 00000000.00000000 Thu, Feb 7 2036 6:28:16.000

Roundtrip delay samples: 0.000 0.000 0.000 0.000 0.000 0.000 0.000 0.000

Offset samples: 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00

Filter order: 0 1 2 3 4 5 6 7

Total sessions: 1

Table 14 Command output

Field	Description
Clock source	IPv6 address of the clock source. If this field displays::, the IPv6 address of the NTP server has not been resolved successfully.
Clock stratum	Stratum level of the NTP server, which determines the clock precision. The value is in the range of 1 to 16. A lower stratum level represents higher clock accuracy. A stratum 16 clock is not synchronized and cannot be used as a reference clock.
Clock status	Status of the clock source corresponding to this association: · configured—The association was created at the CLI. · dynamic—The association is established dynamically. · master—The clock source is the primary time server of the current system. · selected—The clock source has survived the clock selection algorithm. · candidate—The clock source is the candidate reference source. · sane—The clock source has passed authentication and will be used as the reference source. · insane—The clock source has not passed authentication, or it has passed authentication but will not be used as the reference source. · valid—The clock source is valid, which means the clock source meets the following requirements: ¡ It has been authenticated and synchronized. ¡ Its stratum level is valid. ¡ Its root delay and root dispersion values are within their ranges. · invalid—The clock source is invalid. · unsynced—The clock source has not been synchronized or the value of the stratum level is invalid.
Reference clock ID	· If the reference clock is the local clock, the value of this field is related to the value of the Clock stratum field: ¡ When the value of the Clock stratum field is 0 or 1, this field displays LOCL. ¡ When the Clock stratum field has another value, this field displays the MD5 digest value of the first 32 bits of the IPv6 address. The MD5 digest value is in dotted decimal format. · If the reference clock is the clock of another device on the network, this field displays the MD5 digest value of the first 32 bits of the IPv6 address. The MD5 digest value is in dotted decimal format. If this field displays INIT, the local device has not established a connection with the NTP server.
VPN instance	VPN instance of the NTP server. If the NTP server is in a public network, this field displays Not specified.
Local mode	Operation mode of the local device: · unspec—The mode is unspecified. · sym_active—Active mode. · sym_passive—Passive mode. · client—Client mode. · server—Server mode. · broadcast—Broadcast or multicast server mode. · bclient—Broadcast or multicast client mode.
local poll interval	Polling interval for the local device, in seconds. The value displayed is a power of 2. For example, if the displayed value is 6, the poll interval of the local device is 26, or 64 seconds.
peer mode	Operation mode of the peer device: · unspec—The mode is unspecified. · sym_active—Active mode. · sym_passive—Passive mode. · client—Client mode. · server—Server mode. · broadcast—Broadcast or multicast server mode. · bclient—Broadcast or multicast client mode.
peer poll interval	Polling interval for the peer device, in seconds. The value displayed is a power of 2. For example, if the displayed value is 6, the polling interval of the local device is 26, or 64 seconds.
Offset	Offset of the system clock relative to the reference clock, in milliseconds.
roundtrip delay	Roundtrip delay from the local device to the clock source, in milliseconds.
dispersion	Maximum error of the system clock relative to the reference clock.
Root roundtrip delay	Roundtrip delay from the local device to the primary time server, in milliseconds.
root dispersion	Maximum error of the system clock relative to the primary reference clock, in milliseconds.
Reachabilities	Reachability count of the clock source. 0 indicates that the clock source is unreachable.
sync distance	Synchronization distance relative to the upper-level clock, in seconds, and calculated from dispersion and roundtrip delay values.
Precision	Accuracy of the system clock.
version	NTP version in the range of 1 to 4.
source interface	Source interface. If the source interface is not specified, this field displays Not specified.
Reftime	Reference timestamp in the NTP message.
Orgtime	Originate timestamp in the NTP message.
Rcvtime	Receive timestamp in the NTP message.
Xmttime	Transmit timestamp in the NTP message.
Filter order	Dispersion information.
Reference clock status	Status of the local clock. The field is displayed only when you use the ntp-service refclock-master command to set the local clock as a reference clock. When the reach field of the local clock is 255, the field is displayed as working normally. Otherwise, the field is displayed as working abnormally.
Total sessions	Total number of associations.

display ntp-service sessions

Use display ntp-service sessions to display information about all IPv4 NTP associations.

Syntax

display ntp-service sessions [verbose]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

verbose: Displays detailed information about all IPv4 NTP associations. If you do not specify this keyword, the command displays only brief information about the NTP associations.

Usage guidelines

When a device is operating in NTP broadcast or multicast server mode, the display ntp-service sessions command does not display the IPv4 NTP association information corresponding to the broadcast or multicast server. However, the associations are counted in the total number of associations.

Examples

# Display brief information about all IPv4 NTP associations.

<Sysname>display ntp-service sessions

source reference stra reach poll now offset delay disper

********************************************************************************

[12345]LOCAL(0) LOCL 0 1 64 - 0.0000 0.0000 7937.9

[5]0.0.0.0 INIT 16 0 64 - 0.0000 0.0000 0.0000

Notes: 1 source(master), 2 source(peer), 3 selected, 4 candidate, 5 configured.

Total sessions: 1

Table 15 Command output

Field	Description
source	· When the reference clock is the local clock, the field displays LOCAL (number). It indicates that the IP address of the local clock is 127.127.1.number, where number represents the NTP process number in the range of 0 to 3. · When the reference clock is the clock of another device, the field displays the IP address of the NTP server. If this field displays 0.0.0.0, the IP address of the NTP server has not been resolved successfully.
reference	Reference clock ID of the NTP server: · If the reference clock is the local clock, the value of this field is related to the value of the stra field: ¡ When the value of the stra field is 0 or 1, this field displays LOCL. ¡ When the stra field has another value, this field displays the IP address of the local clock. · If the reference clock is the clock of another device on the network, this field displays the IP address of the device. If the device supports IPv6, this field displays the MD5 digest of the first 32 bits of the IPv6 address of the device. If this field displays INIT, the local device has not established a connection with the NTP server.
stra	Stratum level of the clock source, which determines the clock accuracy. The value is in the range of 1 to 16. The clock accuracy decreases from stratum 1 to stratum 16. A stratum 1 clock has the highest precision, and a stratum 16 clock is not synchronized and cannot be used as a reference clock.
reach	Reachability count of the clock source. 0 indicates that the clock source is unreachable.
poll	Polling interval in seconds. It is the maximum interval between successive NTP messages.
now	Length of time from when the last NTP message was received or when the local clock was last updated to the current time. Time is in seconds by default. · If the time length is greater than 2048 seconds, it is displayed in minutes (m). · If the time length is greater than 300 minutes, it is displayed in hours (h). · If the time length is greater than 96 hours, it is displayed in days (d). · If the time length is greater than 999 days, it is displayed in years (y). If the time when the most recent NTP message was received or when the local clock was updated most recently is behind the current time, this field displays a hyphen (-).
offset	Offset of the system clock relative to the reference clock, in milliseconds.
delay	Roundtrip delay from the local device to the NTP server, in milliseconds.
disper	Maximum error of the system clock relative to the reference source, in milliseconds.
[12345]	· 1—Clock source selected by the system(the current reference source). · 2—The stratum level of the clock source is less than or equal to 15. · 3—The clock source has survived the clock selection algorithm. · 4—The clock source is a candidate clock source. · 5—The clock source was created by a configuration command.
Total sessions	Total number of associations.

# Display detailed information about all IPv4 NTP associations.

<Sysname>display ntp-service sessions verbose

Clock source: 192.168.1.40

Session ID: 35888

Clock stratum: 2

Clock status: configured, master, sane, valid

Reference clock ID: 127.127.1.0

VPN instance: Not specified

Local mode: client, local poll interval: 6

Peer mode: server, peer poll interval: 6

Offset: 0.2862ms, roundtrip delay: 3.2653ms, dispersion: 4.5166ms

Root roundtrip delay: 0.0000ms, root dispersion: 10.910ms

Reachabilities:31, sync distance: 0.0194

Precision: 2^18, version: 3, source interface: Not specified

Reftime: d17cbba5.1473de1e Tue, May 17 2011 9:17:25.079

Orgtime: 00000000.00000000 Thu, Feb 7 2036 6:28:16.000

Rcvtime: d17cbbc0.b1959a30 Tue, May 17 2011 9:17:52.693

Xmttime: d17cbbc0.b1959a30 Tue, May 17 2011 9:17:52.693

Roundtrip delay samples: 0.007 0.010 0.006 0.011 0.010 0.005 0.007 0.003

Offset samples: 5629.55 3913.76 5247.27 6526.92 31.99 148.72 38.27 0.29

Filter order: 7 5 2 6 0 4 1 3

Total sessions: 1

Table 16 Command output

Field	Description
Clock source	IP address of the NTP server. If this field displays 0.0.0.0, the IP address of the NTP server has not been resolved successfully.
Clock stratum	Stratum level of the NTP server, which determines the clock accuracy. The value is in the range of 1 to 16. A lower stratum level represents greater clock accuracy. A stratum 16 clock is not synchronized and cannot be used as a reference clock.
Clock status	Status of the clock source corresponding to this association: · configured—The association was created by a configuration command. · dynamic—The association is established dynamically. · master—The clock source is the primary time server of the current system. · selected—The clock source has survived the clock selection algorithm. · candidate—The clock source is the candidate reference source. · sane—The clock source has passed authentication and will be used as the reference source. · insane—The clock source has not passed authentication, or has passed authentication but will not be used as the reference source. · valid—The clock source is valid, which means the clock source meets the following requirements: ¡ It has been authenticated and synchronized. ¡ Its stratum level is valid. ¡ Its root delay and root dispersion values are within their ranges. · invalid—The clock source is invalid. · unsynced—The clock source has not been synchronized or the value of the stratum level is invalid.
Reference clock ID	Reference clock ID of the NTP server: · If the reference clock is the local clock, the value of this field is related to the value of the Clock stratum field: ¡ When the value of the Clock stratum field is 0 or 1, this field displays LOCL. ¡ When the Clock stratum field has another value, this field displays the IP address of the local clock. · If the reference clock is the clock of another device on the network, this field displays the IP address of the device. If the device supports IPv6, this field displays the MD5 digest of the first 32 bits of the IPv6 address of the device. If this field displays INIT, the local device has not established a connection with the NTP server.
VPN instance	VPN instance to which the NTP server belongs. If the NTP server is in a public network, the field displays Not specified.
Local mode	Operation mode of the local device: · unspec—The mode is unspecified. · active—Active mode. · passive—Passive mode. · client—Client mode. · server—Server mode. · broadcast—Broadcast or multicast server mode. · bclient—Broadcast or multicast client mode.
local poll interval	Polling interval of the local device, in seconds. The value displayed is a power of 2. For example, if the displayed value is 6, the poll interval of the local device is 26, or 64 seconds.
Peer mode	Operation mode of the peer device: · unspec—The mode is unspecified. · active—Active mode. · passive—Passive mode. · client—Client mode. · server—Server mode. · broadcast—Broadcast or multicast server mode. · bclient—Broadcast or multicast client mode.
peer poll interval	Polling interval of the peer device, in seconds. The value displayed is a power of 2. For example, if the displayed value is 6, the poll interval of the local device is 26, or 64 seconds.
Offset	Offset of the system clock relative to the reference clock, in milliseconds.
Roundtrip delay	Roundtrip delay from the local device to the NTP server, in milliseconds.
dispersion	Maximum error of the system clock relative to the reference clock.
Root roundtrip delay	Roundtrip delay from the local device to the primary timer server, in milliseconds.
root dispersion	Maximum error of the system clock relative to the primary reference clock, in milliseconds.
Reachabilities	Reachability count of the clock source. 0 indicates that the clock source is unreachable.
sync distance	Synchronization distance relative to the upper-level clock, in seconds, and calculated from dispersion and roundtrip delay values.
Precision	Accuracy of the system clock.
version	NTP version in the range of 1 to 4.
source interface	Source interface. If the source interface is not specified, this field is Not specified.
Reftime	Reference timestamp in the NTP message.
Orgtime	Originate timestamp in the NTP message.
Rcvtime	Receive timestamp in the NTP message.
Xmttime	Transmit timestamp in the NTP message.
Filter order	Sample information order.
Reference clock status	Status of the local clock. The field is displayed only when you use the ntp-service refclock-master command to set the local clock as a reference clock. When the reach field of the local clock is 255, the field is displayed as working normally. Otherwise, the field is displayed as working abnormally.
Total sessions	Total number of associations.

display ntp-service status

Use display ntp-service status to display NTP service status.

Syntax

display ntp-service status

Views

Any view

Predefined user roles

network-admin

network-operator

Examples

# Display NTP service status after time synchronization.

<Sysname>display ntp-service status

Clock status: synchronized

Clock stratum: 2

System peer: LOCAL(0)

Local mode: client

Reference clock ID: 127.127.1.0

Leap indicator: 00

Clock jitter: 0.000977 s

Stability: 0.000 pps

Clock precision: 2^-10

Root delay: 0.00000 ms

Root dispersion: 3.96367 ms

Reference time: d0c5fc32.92c70b1e Wed, Dec 29 2010 18:28:02.573

# Display the NTP service status when time is not synchronized.

<Sysname>display ntp-service status

Clock status: unsynchronized

Clock stratum: 16

Reference clock ID: none

Clock jitter: 0.000000 s

Stability: 0.000 pps

Clock precision: 2^-10

Root delay: 0.00000 ms

Root dispersion: 0.00002 ms

Reference time: d0c5fc32.92c70b1e Wed, Dec 29 2010 18:28:02.573

Table 17 Command output

Field	Description
Clock status	Status of the system clock: · synchronized—The system clock has been synchronized. · unsynchronized—The system clock has not been synchronized.
Clock stratum	Stratum level of the system clock.
System peer	IP address of the selected NTP server.
Local mode	Operation mode of the local device: · unspec—The mode is unspecified. · active—Active mode. · passive—Passive mode. · client—Client mode. · server—Server mode. · broadcast—Broadcast or multicast server mode. · bclient—Broadcast or multicast client mode.
Reference clock ID	For an IPv4 NTP server: The field represents the IP address of the remote server when the local device is synchronized to a remote NTP server. The field represents the local clock when the local device uses the local clock as the reference source. · When the local clock has a stratum level of 1, this field displays LOCL. · When the local clock has any other stratum, this field displays the IP address of the local clock. For an IPv6 NTP server: The field represents the MD5 digest of the first 32 bits of the IPv6 address of the remote server when the local device is synchronized to a remote IPv6 NTP server. The field represents the local clock when the local device uses the local clock as a reference source. · When the local clock has a stratum level of 1, this field displays LOCL. · When the local clock has any other stratum, this field displays the MD5 digest of the first 32 bits of the IPv6 address of the local clock.
Leap indicator	Alarming status: · 00—Normal. · 01—Leap second, indicates that the last minute in a day has 61 seconds. · 10—Leap second, indicates that the last minute in a day has 59 seconds. · 11—Time is not synchronized.
Clock jitter	Difference between the system clock and reference clock, in seconds.
Stability	Clock frequency stability. A lower value represents better stability.
Clock precision	Accuracy of the system clock.
Root delay	Roundtrip delay from the local device to the primary time server, in milliseconds.
Root dispersion	Maximum error of the system clock relative to the primary time server, in milliseconds.
Reference time	Reference timestamp.

display ntp-service trace

Use display ntp-service trace to display brief information about each NTP server from the local device back to the primary time server.

Syntax

display ntp-service trace [ source interface-type interface-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

source interface-type interface-number: Specifies the source interface for sending NTP packets to trace each NTP server from the local device back to the primary time server. The source IP address of the NTP packets is the IPv4 address/IPv6 address of the specified source interface. If the IP address of an NTP server is a link-local address, the link-local address of the outgoing interface of NTP packets is used as the source IP address of the NTP packets. If you do not specify this option, the interface that sends the tracing NTP packets acts as the source interface.

Usage guidelines

To trace back to the primary time server from the source interface, make sure the source interface and the NTP servers from the local device to the primacy time server are reachable to each other.

Examples

#Display brief information about each NTP server from the local device back to the primary time server.

<Sysname>display ntp-service trace

Server 127.0.0.1

Stratum 3, jitter 0.000, synch distance 0.0000.

Server 3000::32

Stratum 2 , jitter 790.00, synch distance 0.0000.

RefID 127.127.1.0

The output shows that server 127.0.0.1 is synchronized to server 3000::32, and server 3000::32 is synchronized to the local clock.

Table 18 Command output

Field	Description
Server	IP address of the NTP server.
Stratum	Stratum level of the NTP server.
jitter	Root mean square (RMS) value of the clock offset relative to the upper-level clock, in seconds.
synch distance	Synchronization distance relative to the upper-level NTP server, in seconds, calculated from dispersion and roundtrip delay values.
RefID	Identifier of the primary time server. When the stratum level of the primary reference clock is 0, it is displayed as LOCL. Otherwise, it is displayed as the IP address of the primary time server.

Related commands

ntp-service ipv6 source

ntp-service ipv6 unicast-peer

ntp-service ipv6 unicast-server

ntp-service source

ntp-service unicast-peer

ntp-service unicast-server

ntp-service acl

Use ntp-service acl to configure the right for peer devices to access the NTP services on the local device.

Use undo ntp-service acl to remove the configured NTP service access right.

Syntax

ntp-service { peer | query | server | synchronization } acl ipv4-acl-number

undo ntp-service { peer | query | server | synchronization } [ acl ipv4-acl-number ]

Default

The right for the peer devices to access the NTP services on the local device is peer.

Views

System view

Predefined user roles

network-admin

Parameters

peer: Allows time requests and NTP control queries (such as alarms, authentication status, and time server information) from a peer device and allows the local device to synchronize itself to a peer device.

query: Allows only NTP control queries from a peer device to the local device.

server: Allows time requests and NTP control queries from a peer device, but does not allow the local device to synchronize itself to a peer device.

synchronization: Allows only time requests from a peer device.

acl ipv4-acl-number: Specifies an IPv4 ACL by its number. The peer devices that match the IPv4 ACL have the access right specified in the command. The ipv4-acl-number argument represents an IPv4 basic ACL number in the range of 2000 to 2999 or an IPv4 advanced ACL number in the range of 3000 to 3999.

Usage guidelines

When the device receives an NTP request, it matches the request with the access rights in order from the least restrictive to the most restrictive: peer, server, synchronization, and query.

· If no NTP access control is configured, the peer access right applies.

· If the IP address of the peer device matches a permit statement in an IPv4 ACL, the access right is granted to the peer device. If a deny statement or no IPv4 ACL is matched, no access right is granted.

· If no IPv4 ACL is specified for an access right or the IPv4 ACL specified for the access right is not created, the access right is not granted.

· If none of the IPv4 ACLs specified for the access rights is created, the peer access right applies.

· If none of the IPv4 ACLs specified for the access rights contains rules, no access right is granted.

The ntp-service acl command provides minimal security for a system running NTP. A more secure method is NTP authentication.

Examples

# Configure the peer devices on subnet 10.10.0.0/16 to have full access to the local device.

<Sysname> system-view

[Sysname] acl basic 2001

[Sysname-acl-ipv4-basic-2001] rule permit source 10.10.0.0 0.0.255.255

[Sysname-acl-ipv4-basic-2001] quit

[Sysname] ntp-service peer acl 2001

Related commands

ntp-service authentication enable

ntp-service authentication-keyid

ntp-service reliable authentication-keyid

ntp-service authentication enable

Use ntp-service authentication enable to enable NTP authentication.

Use undo ntp-service authentication enable to disable NTP authentication.

Syntax

ntp-service authentication enable

undo ntp-service authentication enable

Default

NTP authentication is disabled.

Views

System view

Predefined user roles

network-admin

Usage guidelines

Enable NTP authentication in networks that require time synchronization security to make sure NTP clients are synchronized only to authenticated NTP servers.

To authenticate an NTP server, set an authentication key and specify it as a trusted key.

Examples

# Enable NTP authentication.

<Sysname> system-view

[Sysname] ntp-service authentication enable

Related commands

ntp-service authentication-keyid

ntp-service reliable authentication-keyid

ntp-service authentication-keyid

Use ntp-service authentication-keyid to set an NTP authentication key.

Use undo ntp-service authentication-keyid to remove an NTP authentication key.

Syntax

ntp-service authentication-keyid keyid authentication-mode md5 { cipher | simple } string [ acl ipv4-acl-number | ipv6 acl ipv6-acl-number ] *

undo ntp-service authentication-keyid keyed

Default

No NTP authentication key is set.

Views

System view

Predefined user roles

network-admin

Parameters

keyid: Specifies a key ID to identify an authentication key, in the range of 1 to 4294967295.

authentication-mode md5 value: Uses the MD5 algorithm for key authentication.

cipher: Specifies a key in encrypted form.

simple: Specifies a key in plaintext form. For security purposes, the key specified in plaintext form will be stored in encrypted form.

string: Specifies the key. Its plaintext form is a case-sensitive string of 1 to 32 characters. Its encrypted form is a case-sensitive string of 1 to 73 characters.

acl ipv4-acl-number: Specifies an IPv4 basic ACL by its number in the range of 2000 to 2999. Only the devices permitted by the ACL can use the key ID for authentication.

ipv6 acl ipv6-acl-number: Specifies an IPv6 basic ACL by its number in the range of 2000 to 2999. Only the devices permitted by the ACL can use the key ID for authentication.

Usage guidelines

In a network where there is a high security demand, the NTP authentication feature must be enabled for a system running NTP. This feature enhances the network security by using client-server key authentication, which prohibits a client from synchronizing to a device that has failed the authentication.

The key ID in the message from the peer device identifies the key used for authentication. The acl ipv4-acl-number and acl ipv6-acl-number options are used to identify the peer device that can use the key ID.

· If the specified IPv4 or IPv6 ACL does not exist, any device can use the key ID for authentication.

· If the specified IPv4 or IPv6 ACL does not contain any rules, no device can use the key ID for authentication.

To ensure a successful NTP authentication, configure the same key ID, authentication algorithm, and key on the time server and client.

After you specify an NTP authentication key, use the ntp-service reliable authentication-keyid command to configure the key as a trusted key. The key automatically changes to untrusted after you delete the key. In this case, you do not need to execute the undo ntp-service reliable authentication-keyid command.

You can set a maximum of 128 keys by executing the command.

Examples

# Set a plaintext MD5 authentication key, with the key ID of 10 and key value of BetterKey.

<Sysname> system-view

[Sysname] ntp-service authentication enable

[Sysname] ntp-service authentication-keyid 10 authentication-mode md5 simple BetterKey

Related commands

ntp-service authentication enable

ntp-service reliable authentication-keyid

ntp-service broadcast-client

Use ntp-service broadcast-client to configure the device to operate in NTP broadcast client mode and use the current interface to receive NTP broadcast packets.

Use undo ntp-service broadcast-client to remove the configuration.

Syntax

ntp-service broadcast-client

undo ntp-service broadcast-client

Default

The device does not operate in any NTP association mode.

Views

Interface view

Predefined user roles

network-admin

Usage guidelines

After you configure the command, the device listens to NTP messages sent by the NTP broadcast server and is synchronized based on the received NTP messages.

If you have configured the device to operate in broadcast client mode on an interface with the command, do not add the interface to any aggregate group. To add the interface to an aggregate group, remove the configuration of the command.

Examples

# Configure the device to operate in broadcast client mode and receive NTP broadcast messages on GigabitEthernet 1/0/1.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] ntp-service broadcast-client

Related commands

ntp-service broadcast-server

Use ntp-service broadcast-server to configure the device to operate in NTP broadcast server mode and use the current interface to send NTP broadcast packets.

Use undo ntp-service broadcast-server to remove the configuration.

Syntax

ntp-service broadcast-server [ authentication-keyid keyid | version number ] *

undo ntp-service broadcast-server

Default

The device does not operate in any NTP association mode.

Views

Interface view

Predefined user roles

network-admin

Parameters

authentication-keyid keyid: Specifies the key ID to be used for sending broadcast messages to broadcast clients. The value range for the keyid argument is 1 to 4294967295. If you do not specify this option, the local device cannot synchronize broadcast clients enabled with NTP authentication.

version number: Specifies the NTP version. The value range for the number argument is 1 to 4, and the default is 4.

Usage guidelines

After you configure the command, the device periodically sends NTP messages to the broadcast address 255.255.255.255.

If you have configured the device to operate in broadcast server mode on an interface with the command, do not add the interface to any aggregate group. To add the interface to an aggregate group, remove the configuration of the command.

Examples

# Configure the device to operate in broadcast server mode and send NTP broadcast messages on GigabitEthernet 1/0/1, using key 4 for encryption. Set the NTP version to 4.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] ntp-service broadcast-server authentication-keyid 4 version 4

Related commands

ntp-service broadcast-client

ntp-service dscp

Use ntp-server dscp to set a DSCP value for IPv4 NTP packets.

Use undo ntp-server dscp to restore the default.

Syntax

ntp-service dscp dscp-value

undo ntp-service dscp

Default

The DSCP value for IPv4 NTP packets is 48.

Views

System view

Predefined user roles

network-admin

Parameters

dscp-value: Sets a DSCP value in the range of 0 to 63 for IPv4 NTP packets.

Usage guidelines

The DSCP value is included in the ToS field of an IPv4 packet to identify the packet priority.

Examples

# Set the DSCP value for IPv4 NTP packets to 30.

<Sysname> system-view

[Sysname] ntp-service dscp 30

ntp-service enable

Use ntp-service enable to enable the NTP service.

Use undo ntp-service enable to disable the NTP service.

Syntax

ntp-service enable

undo ntp-service enable

Default

The NTP service is disabled.

Views

System view

Predefined user roles

network-admin

Examples

# Enable the NTP service.

<Sysname> system-view

[Sysname] ntp-service enable

ntp-service inbound enable

Use ntp-service inbound enable to enable an interface to receive NTP messages.

Use undo ntp-service inbound enable to disable an interface from receiving NTP messages.

Syntax

ntp-service inbound enable

undo ntp-service inbound enable

Default

An interface receives NTP messages.

Views

Interface view

Predefined user roles

network-admin

Usage guidelines

Execute the undo ntp-service inbound enable command on an interface in the following cases:

· You do not want the interface to synchronize the peer device in the corresponding subnet.

· You do not want the device to be synchronized by the peer device in the subnet corresponding to the interface.

Examples

# Disable GigabitEthernet 1/0/1 from receiving NTP messages.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] undo ntp-service inboundenable

ntp-service ipv6 acl

Use ntp-service ipv6 acl to configure the right for the peer devices to access the IPv6 NTP services of the local device.

Use undo ntp-service ipv6 acl to remove the configured IPv6 NTP service access right.

Syntax

ntp-service ipv6 { peer |query | server | synchronization } acl ipv6-acl-number

undo ntp-service ipv6 { peer |query | server | synchronization } [ acl ipv6-acl-number ]

Default

The right for the peer devices to access the IPv6 NTP services on the local device is peer.

Views

System view

Predefined user roes

network-admin

Parameters

peer: Allows time requests and NTP control queries (such as alarms, authentication status, and time server information) and allows the local device to synchronize itself to a peer device.

query: Allows only NTP control queries from a peer device to the local device.

server: Allows time requests and NTP control queries, but does not allow the local device to synchronize itself to a peer device.

synchronization: Allows only time requests from a system whose address passes the access list criteria.

ipv6-acl-number: Specifies an IPv6 ACL by its number. The peer devices that match the IPv6 ACL have the access right specified in the command. The ipv6-acl-number argument represents an IPv6 basic ACL number in the range of 2000 to 2999 or an IPv6 advanced ACL number in the range of 3000 to 3999.

Usage guidelines

When the device receives an NTP request, it matches the request with the access rights in order from the least restrictive to the most restrictive: peer, server, synchronization, and query.

· If no NTP access control is configured, the peer access right applies.

· If the IP address of the peer device matches a permit statement in an IPv6 ACL, the access right is granted to the peer device. If a deny statement or no IPv6 ACL is matched, no access right is granted.

· If no IPv6 ACL is specified for an access right or the IPv6 ACL specified for the access right is not created, the access right is not granted.

· If none of the IPv6 ACLs specified for the access rights is created, the peer access right applies.

· If none of the IPv6 ACLs specified for the access rights contains rules, no access right is granted.

The ntp-service ipv6 acl command provides a minimum security method. NTP authentication is more secure.

Examples

# Configure the peer devices on subnet 2001::1 to have full access to the local device.

<Sysname> system-view

[Sysname] acl ipv6 basic 2001

[Sysname-acl-ipv6-basic-2001] rule permit source 2001::1 64

[Sysname-acl-ipv6-basic-2001] quit

[Sysname] ntp-service ipv6 peer acl 2001

Related commands

ntp-service authentication enable

ntp-service authentication-keyid

ntp-service reliable authentication-keyid

ntp-service ipv6 dscp

Use ntp-service ipv6 dscp to set a DSCP value for IPv6 NTP packets.

Use undo ntp-service ipv6 dscp to restore the default.

Syntax

ntp-service ipv6 dscp dscp-value

undo ntp-service ipv6 dscp

Default

The DSCP value for IPv6 NTP packets is 56.

Views

System view

Predefined user roles

network-admin

Parameters

dscp-value: Specifies a DSCP value in the range of 0 to 63 for IPv6 NTP packets.

Usage guidelines

The DSCP value is included in the Traffic Class field of an IPv6 packet to identify the packet priority.

Examples

# Set the DSCP value for IPv6 NTP packets to 30.

<Sysname> system-view

[Sysname] ntp-service ipv6 dscp 30

ntp-service ipv6 inbound enable

Use ntp-service ipv6 inbound enable to enable an interface to receive IPv6 NTP messages.

Use undo ntp-service ipv6 inbound enable to disable an interface from receiving IPv6 NTP messages.

Syntax

ntp-service ipv6 inbound enable

undo ntp-service ipv6 inbound enable

Default

An interface receives IPv6 NTP messages.

Views

Interface view

Predefined user roles

network-admin

Usage guidelines

Execute the undo ntp-service ipv6 inbound enable command on an interface in the following cases:

· You do not want the interface to synchronize the peer devices in the corresponding subnet.

· You do not want the device to be synchronized by the peer devices in the subnet corresponding to the interface.

Examples

# Disable GigabitEthernet 1/0/1 from receiving IPv6 NTP messages.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] undo ntp-service ipv6 inboundenable

ntp-service ipv6 multicast-client

Use ntp-service ipv6 multicast-client to configure the device to operate in IPv6 NTP multicast client mode and use the current interface to receive IPv6 NTP multicast packets.

Use undo ntp-service ipv6 multicast-client to remove the configuration.

Syntax

ntp-service ipv6 multicast-client ipv6-address

undo ntp-service ipv6 multicast-client ipv6-address

Default

The device does not operate in any NTP association mode.

Views

Interface view

Predefined user roles

network-admin

Parameters

ipv6-address: Specifies an IPv6 multicast address. An IPv6 broadcast client and an IPv6 broadcast server must be configured with the same multicast address.

Usage guidelines

After you configure the command, the device listens to IPv6 NTP messages using the specified multicast address as the destination address. It is synchronized based on the received IPv6 NTP messages.

If you have configured the device to operate in IPv6 multicast client mode on an interface by using the command, do not add the interface to any aggregate group. To add the interface to an aggregate group, remove the configuration of the command.

Examples

# Configure the device to operate in IPv6 multicast client mode and receive IPv6 NTP multicast messages with the destination FF21::1 on GigabitEthernet 1/0/1.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] ntp-service ipv6 multicast-client ff21::1

Related commands

ntp-service ipv6 multicast-server

Use ntp-service ipv6 multicast-server to configure the device to operate in IPv6 NTP multicast server mode and use the current interface to send IPv6 NTP multicast packets.

Use undo ntp-service ipv6 multicast-server to remove the configuration.

Syntax

ntp-service ipv6 multicast-server ipv6-address [authentication-keyid keyid | ttl ttl-number] *

undo ntp-service ipv6 multicast-server ipv6-address

Default

The device does not operate in any NTP association mode.

Views

Interface view

Predefined user roles

network-admin

Parameters

ipv6-address: Specifies an IPv6 multicast address. An IPv6 multicast client and server must be configured with the same multicast address.

authentication-keyid keyid: Specifies the key ID to be used for sending multicast messages to multicast clients. The value range for the keyid argument is 1 to 4294967295. If you do not specify this option, the local device cannot synchronize clients enabled with NTP authentication.

ttl ttl-number: Specifies the TTL of NTP multicast messages. The value range for the ttl-number argument is 1 to 255, and the default is 16.

Usage guidelines

After you configure the command, the device periodically sends NTP messages to the specified IPv6 multicast address.

If you have configured the device to operate in IPv6 multicast server mode on an interface with the command, do not add the interface to any aggregate group. To add the interface to an aggregate group, remove the configuration of the command.

Examples

# Configure the device to operate in IPv6 multicast server mode and send IPv6 NTP multicast messages on GigabitEthernet 1/0/1 to the multicast address FF21::1, using key 4 for encryption.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] ntp-service ipv6 multicast-server ff21::1

Related commands

ntp-service ipv6 multicast-client

ntp-service ipv6 source

Use ntp-service ipv6 source to specify a source interface for IPv6 NTP messages.

Use undo ntp-service ipv6 source to restore the default.

Syntax

ntp-service ipv6 source interface-type interface-number

undo ntp-service ipv6 source

Default

No source interface is specified for IPv6 NTP messages. The device automatically selects the source IP address for IPv6 NTP messages. For more information, see RFC 3484.

Views

System view

Predefined user roles

network-admin

Parameters

interface-type interface-number: Specifies an interface by its type and number.

Usage guidelines

If you specify a source interface for IPv6 NTP messages, the device uses the IPv6 address of the source interface as the source address to send IPv6 NTP messages. Consequently, the destination address of the IPv6 NTP response messages becomes the address of the source interface.

When the device responds to an IPv6 NTP request, the source IPv6 address of the NTP response is always the IPv6 address of the interface that has received the IPv6 NTP request.

If you do not want the IPv6 address of an interface on the local device to become the destination address for response messages, use this command to specify another interface as the source interface for IPv6 NTP messages..

The source interface for IPv6 NTP messages can also be specified in the following ways:

· In NTP client/server mode, if you have specified the source interface for IPv6 NTP messages in the ntp-service ipv6 unicast-server command, the specified interface acts as the source interface for IPv6 NTP messages.

· In NTP symmetric active/passive mode, if you have specified the source interface for IPv6 NTP messages in the ntp-service ipv6 unicast-peer command, the specified interface acts as the source interface for IPv6 NTP messages.

· In NTP multicast mode, if you have configured the ntp-service ipv6 multicast-server command on an interface, the interface acts as the source interface for NTP multicast messages.

If the specified source interface is down, the device does not send IPv6 NTP messages.

Examples

# Specify the source interface of IPv6 NTP messages as GigabitEthernet 1/0/1.

<Sysname> system-view

[Sysname] ntp-service ipv6 source gigabitethernet 1/0/1

ntp-service ipv6 unicast-peer

Use ntp-service ipv6 unicast-peer to specify an IPv6 symmetric-passive peer for the device.

Use undo ntp-service ipv6 unicast-peer to remove the IPv6 symmetric-passive peer specified for the device.

Syntax

ntp-service ipv6 unicast-peer { peer-name | ipv6-address } [ vpn-instance vpn-instance-name ] [ authentication-keyid keyid | priority | source interface-type interface-number ] *

undo ntp-service ipv6 unicast-peer { peer-name | ipv6-address } [ vpn-instance vpn-instance-name ]

Default

No IPv6 symmetric-passive peer is specified.

Views

System view

Predefined user roles

network-admin

Parameters

peer-name: Specifies a symmetric-passive peer by its host name, a case-insensitive string of 1 to 253 characters.

ipv6-address: Specifies asymmetric-passive peer by its IPv6 address. It must be a unicast address, rather than a multicast address.

vpn-instance vpn-instance-name: Specifies the VPN to which the symmetric-passive peer belongs. The vpn-instance-name argument is a case-sensitive string of 1 to 31 characters. If the symmetric-passive peer is on the public network, do not specify this option.

authentication-keyid keyid: Specifies the key ID to be used for sending NTP messages to the peer. The value range for the keyid argument is 1 to 4294967295. If you do not specify this option, the local device and the peer do not authenticate each other.

priority: Specifies the peer specified by ipv6-address or peer-name as the first choice under the same condition.

Source interface-type interface-number: Specifies the source interface for IPv6 NTP messages. If the specified passive peer address is not a link local address, the source IPv6 address for IPv6 NTP messages sent by the local device is the IPv6 address of the specified source interface. If the specified passive peer address is a link local address, the IPv6 NTP messages are sent from the specified source interface, and the source address of the messages is the link local address of the interface. The interface-type interface-number argument represents the interface type and number. If you do not specify an interface, the device automatically selects the source IPv6 address of IPv6 NTP messages. For more information, see RFC 3484.

Usage guidelines

When you specify an IPv6 passive peer for the device, the device and its IPv6 passive peer can be synchronized to each other. If their clocks are in synchronized state, the clock with a high stratum level is synchronized to the clock with a lower stratum level.

To synchronize the PE to a PE or CE in a VPN, provide the vpn-instance vpn-instance-name option in the command.

If you include the vpn-instance vpn-instance-name option in the undo ntp-service ipv6 unicast-peer command, the command removes the symmetric-passive peer with the IPv6 address of ipv6-address in the specified VPN. If you do not include the vpn-instance vpn-instance-name option in the command, the command removes the symmetric-passive peer with the IPv6 address of ipv6-address in the public network.

If the specified IPv6 address of the passive peer is a link local address, you must specify the source interface for NTP messages and cannot specify a VPN for the passive peer.

Examples

# Specify the device with the IPv6 address of 2001::1 as the symmetric-passive peer of the local device, and specify the source interface for IPv6 NTP messages as GigabitEthernet 1/0/1.

<Sysname> system-view

[Sysname] ntp-service ipv6 unicast-peer 2001::1 source gigabitethernet 1/0/1

Related commands

ntp-service authentication enable

ntp-service authentication-keyid

ntp-service reliable authentication-keyid

ntp-service ipv6 unicast-server

Use ntp-service ipv6 unicast-server to specify an IPv6 NTP server for the device.

Use undo ntp-service ipv6 unicast-server to remove an IPv6 NTP server specified for the device.

Syntax

ntp-service ipv6 unicast-server { server-name | ipv6-address } [ vpn-instance vpn-instance-name ] [ authentication-keyid keyid | priority | source interface-type interface-number ] *

undo ntp-service ipv6 unicast-server { server-name | ipv6-address } [ vpn-instance vpn-instance-name ]

Default

No IPv6 NTP server is specified.

Views

System view

Predefined user roles

network-admin

Parameters

server-name: Specifies an NTP server by its host name, a case-insensitive string of 1 to 253 characters.

ipv6-address: Specifies an NTP server by its IPv6 address. It must be a unicast address, rather than a multicast address.

vpn-instance vpn-instance-name: Specifies the VPN to which the NTP server belongs. The vpn-instance-name argument is a case-sensitive string of 1 to 31 characters. If the NTP server is on the public network, do not specify this option.

authentication-keyid keyid: Specifies the key ID to be used for sending NTP messages to the NTP server. The value range for the keyid argument is 1 to 4294967295. If you do not specify this option, the local device and NTP server do not authenticate each other.

priority: Specifies this NTP server as the first choice under the same condition.

Source interface-type interface-number: Specifies the source interface for IPv6 NTP messages. If the specified IPv6 NTP server address is not a link local address, the source IPv6 address for IPv6 NTP messages sent by the local device to the NTP server is the IPv6 address of the specified source interface. If the specified IPv6 NTP server address is a link local address, the IPv6 NTP messages are sent from the specified source interface, and the source address of the messages is the link local address of the interface. The interface-type interface-number argument represents the interface type and number. If you do not specify an interface, the device automatically selects the source IPv6 address of IPv6 NTP messages. For more information, see RFC 3484.

Usage guidelines

When you specify an IPv6 NTP server for the device, the device is synchronized to the IPv6 NTP server, but the IPv6 NTP server is not synchronized to the device.

To synchronize the PE to a PE or CE in a VPN, specify the vpn-instance vpn-instance-name option in the command.

If you include the vpn-instance vpn-instance-name option in the undo ntp-service unicast-server command, the command removes the NTP server with the IP address of ip-address in the specified VPN. If you do not include the vpn-instance vpn-instance-name option in the command, the command removes the NTP server with the IP address of ip-address in the public network.

If the specified IPv6 address of the NTP server is a link local address, you must specify the source interface for NTP messages and cannot specify a VPN for the NTP server.

Examples

# Specify the IPv6 NTP server 2001::1 for the device.

<Sysname> system-view

[Sysname] ntp-service ipv6 unicast-server 2001::1

Related commands

ntp-service authentication enable

ntp-service authentication-keyid

ntp-service reliable authentication-keyid

ntp-service max-dynamic-sessions

Use ntp-service max-dynamic-sessions to set the maximum number of dynamic NTP sessions.

Use undo ntp-service max-dynamic-sessions to restore the default.

Syntax

ntp-service max-dynamic-sessions number

undo ntp-service max-dynamic-sessions

Default

The maximum number of dynamic NTP sessions is 100.

Views

System view

Predefined user roles

network-admin

Parameters

number: Sets the maximum number of dynamic NTP associations, in the range of 0 to 100.

Usage guidelines

A device can have a maximum of 128 concurrent associations, including static associations and dynamic associations. A static association refers to an association that a user has manually created by using an NTP command. A dynamic association is a temporary association created by the system during operation.

This command limits the number of dynamic NTP associations and prevents dynamic NTP associations from occupying too many system resources.

Examples

# Set the maximum number of dynamic NTP associations to 50.

<Sysname> system-view

[Sysname] ntp-service max-dynamic-sessions 50

Related commands

display ntp-service sessions

ntp-service multicast-client

Use ntp-service multicast-client to configure the device to operate in NTP multicast client mode and use the current interface to receive NTP multicast packets.

Use undo ntp-service multicast-client to remove the configuration.

Syntax

ntp-service multicast-client [ ip-address ]

undo ntp-service multicast-client [ ip-address ]

Default

The device does not operate in any NTP association mode.

Views

Interface view

Predefined user roles

network-admin

Parameters

ip-address: Specifies a multicast IP address. The default is 224.0.1.1. A multicast server and client must be configured with the same multicast IP address.

Usage guidelines

After you configure the command, the device listens to NTP messages using the specified multicast address as the destination address.

If you have configured the device to operate in multicast client mode on an interface with the command, do not add the interface to any aggregate group. To add the interface to an aggregate group, remove the configuration of the command.

Examples

# Configure the device to operate in multicast client mode and receive NTP multicast messages on GigabitEthernet 1/0/1, and set the multicast address to 224.0.1.1.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] ntp-service multicast-client 224.0.1.1

Related commands

ntp-service multicast-server

Use ntp-service multicast-server to configure the device to operate in NTP multicast server mode and use the current interface to send NTP multicast packets.

Use undo ntp-service multicast-server to remove the configuration.

Syntax

ntp-service multicast-server [ ip-address ] [ authentication-keyid keyid | ttl ttl-number | version number ] *

undo ntp-service multicast-server [ ip-address ]

Default

The device does not operate in any NTP association mode.

Views

Interface view

Predefined user roles

network-admin

Parameters

ip-address: Specifies a multicast IP address. The default is 224.0.1.1. A multicast server and client must be configured with the same multicast IP address.

ttl ttl-number: Specifies the TTL of NTP multicast messages. The value range for the ttl-number argument is 1 to 255. The default value is 16.

version number: Specifies the NTP version. The value range for the number argument is 1 to 4. The default value is 4.

Usage guidelines

After you configure the command, the device periodically sends NTP messages to the specified multicast address.

If you have configured the device to operate in multicast server mode on an interface with the command, do not add the interface to any aggregate group. To add the interface to an aggregate group, remove the configuration of the command.

Examples

# Configure the device to operate in multicast server mode and send NTP multicast messages on GigabitEthernet 1/0/1 to the multicast address 224.0.1.1, using key 4 for encryption. Set the NTP version to 4.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] ntp-service multicast-server 224.0.1.1 version 4 authentication-keyid 4

Related commands

ntp-service multicast-client

ntp-service refclock-master

Use ntp-service refclock-master to configure the local clock as the reference source.

Use undo ntp-service refclock-master to remove the configuration.

Syntax

ntp-service refclock-master [ ip-address ] [ stratum ]

undo ntp-service refclock-master [ ip-address ]

Default

The device does not use its local clock as the reference clock.

Views

System view

Predefined user roles

network-admin

Parameters

ip-address: IP address of the local clock, 127.127.1.u, where u is the NTP process ID in the range of 0 to 3. The default value is 127.127.1.0.

stratum: Stratum level of the local clock, in the range of 1 to 15. The default value is 8. A lower stratum level represents higher clock accuracy.

Usage guidelines

Typically an NTP server that gets its time from an authoritative time source, such as an atomic clock has stratum 1 and operates as the primary time server to provide time synchronization for other devices in the network. The accuracy of each server is the stratum, with the topmost level (primary servers) assigned as one and each level downwards (secondary servers) in the hierarchy assigned as one greater than the preceding level.

If the devices in a network cannot synchronize to an authoritative time source, you can perform the following tasks:

· Select a device that has a relatively accurate clock from the network.

· Use the local clock of the device as the reference clock to synchronize other devices in the network.

Use the command with caution to avoid time errors. As a best practice, adjust the local system time to a correct value before you execute the command.

Examples

# Specify the local clock as the reference source, with the stratum level 2.

<Sysname> system-view

[Sysname] ntp-service refclock-master 2

ntp-service reliable authentication-keyid

Use ntp-service reliable authentication-keyid to specify an authentication key as a trusted key.

Use undo ntp-service reliable authentication-keyid to remove the configuration.

Syntax

ntp-service reliable authentication-keyid keyid

undo ntp-service reliable authentication-keyid keyid

Default

No trusted key is specified.

Views

System view

Predefined user roles

network-admin

Parameters

keyid: Specifies an authentication key by its ID in the range of 1 to 4294967295.

Usage guidelines

When NTP authentication is enabled, a client can be synchronized only to a server that can provide a trusted authentication key.

Before you use the command, make sure NTP authentication is enabled and an authentication key is configured. The key automatically changes to untrusted after you delete the key. In this case, you do not need to execute the undo ntp-service reliable authentication-keyid command.

You can set a maximum of 128 keys by executing the command.

Examples

# Enable NTP authentication, specify the MD5 algorithm, with the key ID of 37 and key value of BetterKey.

<Sysname> system-view

[Sysname] ntp-service authentication enable

[Sysname] ntp-service authentication-keyid37 authentication-mode md5 simple BetterKey

# Specify this key as a trusted key.

[Sysname] ntp-service reliable authentication-keyid37

Related commands

ntp-service authentication enable

ntp-service authentication-keyid

ntp-service source

Use ntp-service source to specify a source interface for NTP messages.

Use undo ntp-service source to restore the default.

Syntax

ntp-service source interface-type interface-number

undo ntp-service source

Default

No source interface is specified for NTP messages. The device performs the following operations:

· Searches the routing table for the outbound interface of NTP messages.

· Uses the primary IP address of the outbound interface as the source IP address for NTP messages.

Views

System view

Predefined user roles

network-admin

Parameters

interface-type interface-number: Specifies an interface by its type and number.

Usage guidelines

If you specify the source interface for NTP messages, the device uses the primary IP address of the specified interface as the source IP address to send NTP messages. Consequently, the destination address of the NTP response messages becomes the primary IP address of the source interface.

If you do not want the IP address of an interface on the local device to become the destination address for response messages, use this command to specify another interface as the source interface for NTP messages.

The source interface for NTP messages can also be specified in the following ways:

· In NTP client/server mode, if you have specified the source interface for NTP messages in the ntp-service unicast-server command, the specified interface acts as the source interface for NTP messages.

· In NTP symmetric active/passive mode, if you have specified the source interface for NTP messages in the ntp-service unicast-peer command, the specified interface acts as the source interface for NTP messages.

· In NTP multicast mode, if you have configured the ntp-service multicast-server command on an interface, the interface acts as the source interface for NTP multicast messages.

· In NTP broadcast mode, if you have configured the ntp-service broadcast-server command on an interface, the interface acts as the source interface for NTP broadcast messages.

If the specified source interface is down, the device does not send NTP messages.

Examples

# Specify the source interface for NTP messages as GigabitEthernet 1/0/1.

<Sysname> system-view

[Sysname] ntp-service source gigabitethernet 1/0/1

ntp-service unicast-peer

Use ntp-service unicast-peer to specify a symmetric-passive peer for the device.

Use undo ntp-service unicast-peer to remove the symmetric-passive peer specified for the device.

Syntax

ntp-service unicast-peer { peer-name | ip-address } [ vpn-instance vpn-instance-name ] [ authentication-keyid keyid | priority | source interface-type interface-number | version number ] *

undo ntp-service unicast-peer { peer-name | ip-address } [ vpn-instance vpn-instance-name ]

Default

No symmetric-passive peer is specified.

Views

System view

Predefined user roles

network-admin

Parameters

peer-name: Specifies a symmetric-passive peer by its host name, a case-insensitive string of 1 to 253 characters.

ip-address: Specifies a symmetric-passive peer by its IP address. It must be a unicast address, rather than a broadcast address, a multicast address, or the IP address of the local clock.

priority: Specifies the peer specified by ip-address or peer-name as the first choice under the same condition.

Source interface-type interface-number: Specifies the source interface for NTP messages. In an NTP message the local device sends to its peer, the source IP address is the primary IP address of this interface. The interface-type interface-number argument represents the interface type and number. If you do not specify this option, the device searches the routing table for the outgoing interface and uses the primary IP address of the outgoing interface as the source IP address of the NTP messages.

Version number: Specifies the NTP version. The value range for the number argument is 1 to 4. The default value is 4.

Usage guidelines

When you specify a passive peer for the device, the device and its passive peer can be synchronized to each other. If their clocks are in synchronized state, the clock with a high stratum level is synchronized to the clock with a lower stratum level.

To synchronize the PE to a PE or CE in a VPN, provide vpn-instance vpn-instance-name in your command.

If you include vpn-instance vpn-instance-name in the undo ntp-service unicast-peer command, the command removes the symmetric-passive peer with the IP address of ip-address in the specified VPN. If you do not include vpn-instance vpn-instance-name in the command, the command removes the symmetric-passive peer with the IP address of ip-address in the public network.

Examples

# Specify the device with the IP address of 10.1.1.1 as the symmetric-passive peer of the local device, and configure the local device to run NTP version 4. Specify the source interface of NTP messages as GigabitEthernet 1/0/1.

<Sysname> system-view

[Sysname] ntp-service unicast-peer 10.1.1.1 version 4 source gigabitethernet 1/0/1

Related commands

ntp-service authentication enable

ntp-service authentication-keyid

ntp-service reliable authentication-keyid

ntp-service unicast-server

Use ntp-service unicast-server to specify an NTP server for the device.

Use undo ntp-service unicast-server to remove an NTP server specified for the device.

Syntax

ntp-service unicast-server { server-name | ip-address } [ vpn-instance vpn-instance-name ] [ authentication-keyid keyid | priority | source interface-type interface-number | version number ] *

undo ntp-service unicast-server { server-name | ip-address } [ vpn-instance vpn-instance-name ]

Default

No NTP server is specified.

Views

System view

Predefined user roles

network-admin

Parameters

server-name: Specifies an NTP server by its host name, a case-insensitive string of 1 to 253 characters.

ip-address: Specifies an NTP server by its IP address. It must be a unicast address, rather than a broadcast address, a multicast address, or the IP address of the local clock.

priority: Specifies this NTP server as the first choice under the same condition.

Source interface-type interface-number: Specifies the source interface for NTP messages. For an NTP message the local device sends to the NTP server, the source IP address is the primary IP address of this interface. The interface-type interface-number argument represents the interface type and number. If you do not specify this option, the device searches the routing table for the outgoing interface and uses the primary IP address of the outgoing interface as the source IP address of the NTP messages.

Version number: Specifies the NTP version. The value range for the number argument is 1 to 4. The default value is 4.

Usage guidelines

When you specify an NTP server for the device, the device is synchronized to the NTP server, but the NTP server is not synchronized to the device.

To synchronize the PE to a PE or CE in a VPN, provide vpn-instance vpn-instance-name in your command.

Examples

# Specify NTP server 10.1.1.1 for the device, and configure the device to run NTP version 4.

<Sysname> system-view

[Sysname] ntp-service unicast-server 10.1.1.1 version 4

Related commands

ntp-service authentication enable

ntp-service authentication-keyid

ntp-service reliable authentication-keyid

SNTP commands

display sntp ipv6 sessions

Use display sntp ipv6 sessions to display information about all IPv6 SNTP associations.

Syntax

display sntp ipv6 sessions

Views

Any view

Predefined user roles

network-admin

network-operator

Examples

# Display information about all IPv6 SNTP associations.

<Sysname> display sntp ipv6 sessions

SNTP server: 2001::1

Stratum: 16

Version: 4

Last receive time: No packet was received.

SNTP server: 2001::100

Stratum: 3

Version: 4

Last receive time: Fri, Oct 21 2011 11:28:28.058 (Synced)

Table 19 Command output

Field	Description
SNTP server	SNTP server (NTP server). If this field displays ::, the IPv6 address of the NTP server has not been resolved successfully.
Stratum	Stratum level of the NTP server, which determines the clock accuracy. It is in the range of 1 to 16. A lower stratum level represents a higher clock accuracy. A clock with stratum level 16 is not synchronized.
Version	SNTP version.
Last receive time	Time when the last message was received: · Synced—The local clock is synchronized to the NTP server. · No packet was received—The device has not received any SNTP session information from the server.

display sntp sessions

Use display sntp sessions to display information about all IPv4 SNTP associations.

Syntax

display sntp sessions

Views

Any view

Predefined user roles

network-admin

network-operator

Examples

# Display information about all IPv4 SNTP associations.

<Sysname>display sntp sessions

SNTP server Stratum Version Last receive time

1.0.1.112 4 Tue, May 17 2011 9:11:20.833 (Synced)

Table 20 Command output

Field	Description
SNTP server	SNTP server (NTP server). If this field displays 0.0.0.0, the IP address of the NTP server has not been resolved successfully.
Stratum	Stratum level of the NTP server, which determines the clock accuracy. It is in the range of 1 to 16. A lower stratum level represents higher clock accuracy. A clock with stratum level 16 is not synchronized.
Version	SNTP version.
Last receive time	Time when the last message was received. Synced means the local clock is synchronized to the NTP server.

sntp authentication enable

Use sntp authentication enable to enable SNTP authentication.

Use undo sntp authentication enable to disable SNTP authentication.

Syntax

sntp authentication enable

undo sntp authentication enable

Default

SNTP authentication is disabled.

Views

System view

Predefined user roles

network-admin

Usage guidelines

You need to enable SNTP authentication in networks that require time synchronization security to make sure SNTP clients are synchronized only to authenticated NTP servers.

To authenticate an NTP server, set an authentication key and specify it as a trusted key.

Examples

# Enable SNTP authentication.

<Sysname> system-view

[Sysname] sntp authentication enable

Related commands

sntp authentication-keyid

sntp reliable authentication-keyid

sntp authentication-keyid

Use sntp authentication-keyid to set an SNTP authentication key.

Use undo sntp authentication-keyid to remove an SNTP authentication key.

Syntax

sntp authentication-keyid keyid authentication-mode md5 { cipher | simple } string [ acl ipv4-acl-number | ipv6 acl ipv6-acl-number ] *

undo sntp authentication-keyid keyid

Default

No SNTP authentication key is set.

Views

System view

Predefined user roles

network-admin

Parameters

keyid: Specifies a key ID to identify an authentication key, in the range of 1 to 4294967295.

authentication-mode md5 value: Uses the MD5 algorithm for key authentication.

cipher: Specifies a key in encrypted form.

simple: Specifies a key in plaintext form. For security purposes, the key specified in plaintext form will be stored in encrypted form.

string: Specifies the key. Its plaintext form is a case-sensitive string of 1 to 32 characters. Its encrypted form is a case-sensitive string of 1 to 73 characters.

acl ipv4-acl-number: Specifies an IPv4 basic ACL by its number in the range of 2000 to 2999. Only the devices permitted by the ACL can use the key ID for authentication.

ipv6 acl ipv6-acl-number: Specifies an IPv6 basic ACL by its number in the range of 2000 to 2999. Only the devices permitted by the ACL can use the key ID for authentication.

Usage guidelines

You need to enable SNTP authentication in networks that require time synchronization security to make sure SNTP clients are synchronized only to authenticated NTP servers.

· If the specified IPv4 or IPv6 ACL does not exist, any device can use the key ID for authentication.

· If the specified IPv4 or IPv6 ACL does not contain any rules, no device can use the key ID for authentication.

To ensure a successful authentication, configure the same key ID, authentication algorithm, and key on the time server and client.

After you configure an SNTP authentication key, use the sntp reliable authentication-keyid command to set it as a trusted key. The key automatically changes to untrusted after you delete the key. In this case, you do not need to execute the undo sntp-service reliable authentication-keyid command.

You can set a maximum of 128 keys by executing the command.

Examples

# Set an MD5 authentication key, with the key ID of 10 and key value of BetterKey. Input the key in plain text.

<Sysname> system-view

[Sysname] sntp authentication enable

[Sysname]sntp authentication-keyid 10 authentication-mode md5 simple BetterKey

Related commands

sntp authentication enable

sntp reliable authentication-keyid

sntp enable

Use sntp enable to enable the SNTP service.

Use undo sntp enable to disable the SNTP service.

Syntax

Sntp enable

undo sntp enable

Default

The SNTP service is disabled.

Views

System view

Predefined user roles

network-admin

Examples

# Enable the SNTP service.

<Sysname> system-view

[Sysname]sntp enable

sntp ipv6 unicast-server

Use sntp ipv6 unicast-server to specify an IPv6 NTP server for the device.

Use undo sntp ipv6 unicast-server to remove the IPv6 NTP server specified for the device.

Syntax

sntp ipv6 unicast-server { server-name | ipv6-address } [ vpn-instance vpn-instance-name ] [ authentication-keyid keyid | source interface-type interface-number ] *

undo sntp ipv6 unicast-server { server-name | ipv6-address } [ vpn-instance vpn-instance-name ]

Default

No IPv6 NTP server is specified.

Views

System view

Predefined user roles

network-admin

Parameters

server-name: Specifies an NTP server by its host name, a case-insensitive string of 1 to 253 characters.

ipv6-address: Specifies an NTP server by its IPv6 address.

source interface-type interface-number: Specifies the source interface for IPv6 NTP messages. If the specified IPv6 NTP server address is not a link local address, the source IPv6 address for IPv6 NTP messages sent by the local device to the NTP server is the IPv6 address of the specified source interface. If the specified IPv6 NTP server address is a link local address, the IPv6 NTP messages are sent from the specified source interface, and the source address of the messages is the link local address of the interface. The interface-type interface-number argument represents the interface type and number. If you do not specify an interface, the device automatically selects the source IPv6 address of IPv6 NTP messages. For more information, see RFC 3484.

Usage guidelines

When you specify an IPv6 NTP server for the device, the device is synchronized to the NTP server, but the NTP server is not synchronized to the device.

To synchronize the PE to a PE or CE in a VPN, provide the vpn-instance vpn-instance-name option in your command.

If the specified IPv6 address of the NTP server is a link local address, you must specify the source interface for NTP messages and cannot specify a VPN for the NTP server.

Examples

# Specify the IPv6 NTP server 2001::1 for the device.

<Sysname> system-view

[Sysname] sntp ipv6 unicast-server 2001::1

Related commands

sntp authentication enable

sntp authentication-keyid

sntp reliable authentication-keyid

Use sntp reliable authentication-keyid to specify an authentication key as a trusted key.

Use undo sntp reliable authentication-keyid to remove the specified trusted key.

Syntax

sntp reliable authentication-keyid keyid

undo sntp reliable authentication-keyid keyid

Default

No trusted key is specified.

Views

System view

Predefined user roles

network-admin

Parameters

keyid: Specifies an authentication key by its ID in the range of 1 to 4294967295.

Usage guidelines

If SNTP is enabled, the SNTP client is synchronized only to an NTP server that provides a trusted key.

Before you use the command, make sure SNTP authentication is enabled and an authentication key is configured. The key automatically changes to untrusted after you delete the key. In this case, you do not need to execute the undo sntp-service reliable authentication-keyid command.

Examples

# Enable NTP authentication, and specify the MD5 encryption algorithm, with the key ID of 37 and key value of BetterKey.

<Sysname> system-view

[Sysname] sntp authentication enable

[Sysname] sntp authentication-keyid 37 authentication-mode md5 simple BetterKey

# Specify this key as a trusted key.

[Sysname] sntp reliable authentication-keyid 37

Related commands

sntp authentication-keyid

sntp authentication enable

sntp unicast-server

Use sntp unicast-server to specify an NTP server for the device.

Use undo sntp unicast-server to remove an NTP server specified for the device.

Syntax

sntp unicast-server { server-name | ip-address } [ vpn-instance vpn-instance-name ] [ authentication-keyid keyid | source interface-type interface-number | version number ] *

undo sntp unicast-server { server-name | ip-address } [ vpn-instance vpn-instance-name ]

Default

No NTP server is specified.

Views

System view

Predefined user roles

network-admin

Parameters

server-name: Specifies an NTP server by its host name, a case-insensitive string of 1 to 253 characters.

ip-address: Specifies an NTP server by its IP address. It must be a unicast address, rather than a broadcast address, a multicast address, or the IP address of the local clock.

source interface-type interface-number: Specifies the source interface for NTP messages. In an NTP message the local device sends to the NTP server, the source IP address is the primary IP address of this interface. The interface-type interface-number argument represents the interface type and number.

version number: Specifies the NTP version. The value range for the number argument is 1 to 4. The default value is 4.

Usage guidelines

When you specify an NTP server for the device, the device is synchronized to the NTP server, but the NTP server is not synchronized to the device.

To synchronize the PE to a PE or CE in a VPN, provide vpn-instance vpn-instance-name in your command.

Examples

# Specify NTP server 10.1.1.1 for the device, and configure the device to run NTP version 4.

<Sysname> system-view

[Sysname] sntp unicast-server 10.1.1.1 version 4

Related commands

sntp authentication enable

sntp authentication-keyid

sntp reliable authentication-keyid

PoE commands

The following matrixes show the feature and hardware compatibility:

Hardware	PoE compatibility
MSR810/810-W/810-W-DB/810-LM/810-W-LM/810-LM-HK/810-W-LM-HK/810-LMS/810-LUS	Yes
MSR810-10-PoE	No
MSR2600-6-X1/2600-10-X1	No
MSR 2630	No
MSR3600-28/3600-51	No
MSR3600-28-SI/3600-51-SI	No
MSR3610-X1/3610-X1-DP/3610-X1-DC/3610-X1-DP-DC	No
MSR 3610/3620/3620-DP/3640/3660	Yes The routers must be installed with the SIC-4FSWP, DSIC-9FSWP, or HMIM-24GSWP interface modules.
MSR5620/5660/5680	Yes The routers must be installed with the SIC-4FSWP, DSIC-9FSWP, or HMIM-24GSWP interface modules.

Hardware	PoE compatibility
MSR810-LM-GL	No
MSR810-W-LM-GL	No
MSR830-6EI-GL	No
MSR830-10EI-GL	No
MSR830-6HI-GL	No
MSR830-10HI-GL	No
MSR2600-6-X1-GL	No
MSR3600-28-SI-GL	No

This feature is supported only by the MSR810-10-PoE router and the following PoE-capable routers installed with the SIC-4FSWP, DSIC-9FSWP, or HMIM-24GSWP interface modules:

· MSR 3610/3620/3620-DP/3640/3660.

· MSR5620/5660/5680

Commands and descriptions for centralized devices apply to the following routers:

· MSR810-10-PoE.

· MSR 3610/3620/3620-DP/3640/3660.

Commands and descriptions for distributed devices apply to the following routers:

· MSR5620.

· MSR 5660.

· MSR 5680.

apply poe-profile

Use apply poe-profile to apply a PoE profile to a power interface (PI).

Use undo apply poe-profile to restore the default.

Syntax

apply poe-profile { index index | name profile-name }

undo apply poe-profile { index index | name profile-name }

Default

No PoE profile is applied to PIs.

Views

PI view

Predefined user roles

network-admin

Parameters

index index: Specifies a PoE profile by its index number in the range of 1 to 100.

name profile-name: Specifies a PoE profile by its name, a case-sensitive string of 1 to 15 characters.

Examples

# Apply the PoE profile named forIPphone to GigabitEthernet 1/0/1.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] apply poe-profile name forIPphone

Related commands

apply poe-profile interface

display poe-profile

apply poe-profile interface

Use apply poe-profile interface to apply a PoE profile to PIs.

Use undo apply poe-profile interface to remove the PoE profile application from PIs.

Syntax

apply poe-profile { index index | name profile-name } interface interface-range

undo apply poe-profile { index index | name profile-name } interface interface-range

Default

No PoE profile is applied to a PI.

Views

System view

Predefined user roles

network-admin

Parameters

index index: Specifies a PoE profile by its index number in the range of 1 to 100.

name profile-name: Specifies a PoE profile by its name, a case-sensitive string of 1 to 15 characters.

interface-range: Specifies a range of Ethernet interfaces in the form of interface-type interface-number [ to interface-type interface-number ], where interface-type interface-number represents the interface type and interface number. The start interface number must be smaller than the end interface number. If an interface in the specified range does not support PoE, it is ignored when the PoE profile is applied.

Examples

# Apply the PoE profile named forIPphone to GigabitEthernet 1/0/1.

<Sysname> system-view

[Sysname] apply poe-profile name forIPphone interface gigabitethernet 1/0/1

# Apply the PoE profile with index number 1 to PIs GigabitEthernet 1/0/2 to GigabitEthernet 1/0/8.

<Sysname> system-view

[Sysname] apply poe-profile index 1 interface gigabitethernet 1/0/2 to gigabitethernet 1/0/8

Related commands

apply poe-profile

display poe-profile interface

display poe device

Use display poe device to display general PSE information.

Syntax

Distributed devices in standalone mode/centralized devices in standalone or IRF mode:

display poe device

Distributed devices in IRF mode:

display poe device [ chassis chassis-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

chassis chassis-number: Specifies an IRF member device by its member ID. If you do not specify a member device, the command displays information about all PSEs in the IRF fabric. (Distributed devices in IRF mode.)

Examples

# Display general PSE information.

<Sysname> display poe device

PSE ID Slot No. SSlot No. PortNum MaxPower(W) State Model

7 2 0 24 370 Off LSP2LTSUC

10 3 0 24 370 Off LSP2LTSUC

# (Distributed devices in IRF mode.) Display general PSE information.

<Sysname> display poe device

Chassis 1:

PSE ID Slot No. SSlot No. PortNum MaxPower(W) State Model

4 1 0 1 200 Off LSBMPOEGV48TP

7 1 4 8 200 Off LSBMPOEGV48TP

Chassis 2:

PSE ID Slot No. SSlot No. PortNum MaxPower(W) State Model

43 10 4 8 200 Off LSBMPOEGV48TP

Table 21 Command output

Field	Description
Chassis 1	Information for member device 1. (Distributed devices in IRF mode.)
PSE ID	ID of the PSE.
Slot No.	Slot number of the PSE.
SSlot No.	Sub-slot number of the PSE.
PortNum	Number of PIs on the PSE.
MaxPower(W)	Maximum power of the PSE.
State	PSE status: · On—The PSE is supplying power. · Off—The PSE is not supplying power. · Faulty—The PSE has failed.
Model	PSE model.

display poe interface

Use display poe interface to display power supplying information for PIs.

Syntax

display poe interface [ interface-type interface-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

interface-type interface-number: Specifies an interface by its type and number. If you do not specify an interface, this command displays power supplying information for all PIs.

Examples

# Display power supplying information for GigabitEthernet 1/0/1.

<Sysname> display poe interface gigabitethernet 1/0/1

PoE Status : Enabled

Power Priority : Critical

Oper : On

IEEE Class : 1

Detection Status : Delivering power

Power Mode : Signal

Current Power : 11592 mW

Average Power : 11610 mW

Peak Power : 11684 mW

Max Power : 15400 mW

Electric Current : 244 mA

Voltage : 51.7 V

PD Description : IP Phone For Room 101

Table 22 Command output

Field	Description
PoE status	PoE status: · Enabled. · Disabled.
Power Priority	Power supply priority of the PI: · Critical (highest). · High. · Low.
Oper	Operating status of a PI: · Off—PoE is disabled. · On—Power is being supplied to the PI correctly. · Power-lack—Remaining guaranteed power is insufficient for a critical PI. · Power-deny—The PSE refuses to supply power. The power required by the PD is higher than the configured power. · Power-itself—The PD is using another power supply. · Power-limit—The PSE is supplying power to the PD based on the configured power though the PD requires more power than the configured power.
IEEE Class	PD power class: 0, 1, 2, 3, or 4. If the PSE does not support PD classification, this field displays a hyphen (-).
Detection Status	Power detection status of a PI: · Disabled—The PoE function is disabled. · Searching—The PI is searching for the PD. · Delivering power—The PI is supplying power to the PD. · Fault—A fault occurred during the test. · Test—The PI is undergoing a test. · Other fault—A fault has caused the PSE to enter the idle status. · PD disconnected—The PD is disconnected.
Power Mode	Power transmission mode of a PI: · Signal—Power is being supplied over signal cables. · Spare—Power is being supplied over spare cables.
Current Power	Current power of a PI, including PD consumption power and transmission loss. Typical transmission loss is within 1 watt.
Average Power	Average power of a PI.
Peak Power	Peak power of a PI.
Max Power	Maximum power of a PI.
Electric Current	Current of a PI.
Voltage	Voltage of a PI.
PD Description	Type and location description for the PD connected to the PI.

# Display power supplying information for all PIs.

<Sysname> display poe interface

Interface PoE Priority CurPower Oper IEEE Detection

(W) Class Status

GE1/0/1 Enabled Low 4.4 On 1 Delivering Power

GE1/0/2 Enabled Critical 0.0 On - Disabled

GE1/0/3 Enabled Low 0.0 On - Disabled

GE1/0/4 Enabled Critical 0.0 On - Searching

GE1/0/5 Enabled Low 4.0 On 2 Delivering Power

GE1/0/6 Enabled Low 0.0 On - Disabled

GE1/0/7 Disabled Low 0.0 Off - Fault

--- On State Ports: 2; Used: 8.4(W); Remaining: 171.6(W) ---

Table 23 Command output

Field	Description
Interface	Interface name of a PI.
PoE	PoE status: · Enabled. · Disabled.
Priority	Power priority of a PI: · Critical (highest). · High. · Low.
CurPower	Current power of a PI.
Oper	Operating status of a PI: · Off—PoE is disabled. · On—Power is being supplied to the PI correctly. · Power-lack—Remaining guaranteed power is insufficient for a critical PI. · Power-deny—The PSE refuses to supply power. The power required by the PD is higher than the configured power. · Power-itself—The PD is using another power supply. · Power-limit—The PSE is supplying power to the PD based on the configured power though the PD requires more power than the configured power.
IEEE Class	PD power class: 0, 1, 2, 3, or 4.
Detection Status	Power detection status of a PI: · Disabled—PoE function is disabled. · Searching—The PI is searching for the PD. · Delivering Power—The PI is supplying power for the PD. · Fault—A fault occurred during the test. · Test—The PI is undergoing a test. · Other fault—A fault has caused the PSE to enter the idle status. · PD disconnected—The PD is disconnected.
On State Ports	Number of PIs that are supplying power.
Used	Power consumed by the current PI.
Remaining	Total remaining power of the system.

display poe interface power

Use display poe interface power to display power information for PIs.

Syntax

display poe interface power [ interface-type interface-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

interface-type interface-number: Specifies an interface by its type and number. If you do not specify an interface, this command displays power information for all PIs.

Examples

# Display power information for GigabitEthernet 1/0/1.

<Sysname> display poe interface power gigabitethernet 1/0/1

Interface Current Peak Max PD Description

(W) (W) (W)

GE1/0/1 15.0 15.3 15.4 Access Point on Room 509 for Peter

# Display power information for all PIs.

<Sysname> display poe interface power

Interface Current Peak Max PD Description

(W) (W) (W)

GE1/0/25 4.4 4.5 4.6 IP Phone in Room 309 for Peter Smith

GE1/0/26 4.4 4.5 15.4 IP Phone in Room 409 for Peter Pan

GE1/0/27 15.0 15.3 15.4 Access Point in Room 509 for Peter

GE1/0/28 0.0 0.0 0.0 IP Phone in Room 609 for Peter John

GE1/0/29 0.0 0.0 0.0 IP Phone in Room 709 for Jack

GE1/0/30 0.0 0.0 0.0 IP Phone in Room 809 for Alien

--- On State Ports: 3; Used: 23.8(W); Remaining: 776.2(W) ---

Table 24 Command output

Field	Description
Interface	Interface name of a PI.
CurPower	Current power of a PI.
PeakPower	Peak power of a PI.
MaxPower	Maximum power of a PI.
PD Description	Type and location description for the PD connected to a PI.
Ports On	Number of PIs that are supplying power.
Used	Power consumed by all PIs.
Remaining	Total remaining power of the system.

display poe power-usage

Use display poe power-usage to display power usage statistics for PoE power supplies and PSEs.

Syntax

Distributed devices in standalone mode/centralized devices in IRF mode:

display poe power-usage

Distributed devices in IRF mode:

display poe power-usage [ chassis chassis-number ]

Centralized devices in IRF mode

display poe power-usage [ slot slot-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

chassis chassis-number: Specifies an IRF member device by its member ID. If you do not specify a member device, the command displays information about all PoE power supplies and PSEs in the IRF fabric. (Distributed devices in IRF mode.)

slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, the command displays information about all PSEs in the IRF fabric. (Centralized devices in IRF mode.)

Examples

# Display power usage statistics for the PoE power supply and all PSEs.

<Sysname> display poe power-usage

PoE Current Power : 12 W

PoE Max Power : 2000 W

PoE Max Guaranteed Power : 2000 W

PoE Remaining Allocable Power : 1800 W

PoE Remaining Guaranteed Power : 2000 W

Powered PoE Ports : 1

Statistics by PSE:

PSE ID Max Current Peak Average Remaining Powered

(W) (W) (W) (W) Guaranteed(W) Ports

5 200 12 12 6 200 1

# (Distributed devices in IRF mode.) Display power usage statistics for all PoE power supplies and PSEs.

<Sysname> display poe power-usage

Chassis 1 :

PoE Current Power : 600 W

PoE Max Power : 2000 W

PoE Max Guaranteed Power : 1000 W

PoE Remaining Allocable Power : 800 W

PoE Remaining Guaranteed Power : 600 W

Powered PoE Ports : 60

Statistics by PSE:

PSE ID Max Current Peak Average Remaining Powered

(W) (W) (W) (W) Guaranteed(W) Ports

4 300 200 230 205 100 20

7 400 300 345 290 200 30

10 500 100 120 110 300 10

Chassis 2 :

PoE Current Power : 600 W

PoE Max Power : 2000 W

PoE Max Guaranteed Power : 1000 W

PoE Remaining Allocable Power : 800 W

PoE Remaining Guaranteed Power : 600 W

Powered PoE Ports : 60

Statistics by PSE:

PSE ID Max Current Peak Average Remaining Powered

(W) (W) (W) (W) Guaranteed(W) Ports

35 300 200 230 205 100 20

# (Centralized devices in IRF mode.) Display power usage statistics for all PoE power supplies and PSEs.

<Sysname> display poe power-usage

Slot 1 :

PoE Current Power : 600 W

PoE Max Power : 2000 W

PoE Max Guaranteed Power : 1000 W

PoE Remaining Allocable Power : 800 W

PoE Remaining Guaranteed Power : 600 W

Powered PoE Ports : 60

Statistics by PSE:

PSE ID Max Current Peak Average Remaining Powered

(W) (W) (W) (W) Guaranteed(W) Ports

4 300 200 230 205 100 20

7 400 300 345 290 200 30

10 500 100 120 110 300 10

Slot 2 :

PoE Current Power : 600 W

PoE Max Power : 2000 W

PoE Max Guaranteed Power : 1000 W

PoE Remaining Allocable Power : 800 W

PoE Remaining Guaranteed Power : 600 W

Powered PoE Ports : 60

Statistics by PSE:

PSE ID Max Current Peak Average Remaining Powered

(W) (W) (W) (W) Guaranteed(W) Ports

35 300 200 230 205 100 20

Table 25 Command output

Field	Description
Chassis 1	PoE power and PSE power information for member device 1. (Distributed devices in IRF mode.)
Slot 1	PoE power and PSE power information for member device 1. (Centralized devices in IRF mode.)
PoE Current Power	Total power that has been consumed by PSEs.
PoE Max Power	Maximum PoE power.
PoE Max Guaranteed Power	Maximum power that can be supplied to critical PSEs.
PoE Remaining Allocable Power	Remaining allocable PoE power = Maximum PoE power – Total maximum power of all PoE-enabled PSEs.
PoE Remaining Guaranteed Power	Remaining guaranteed PoE power = Maximum guaranteed PoE power – Total maximum power of all critical PSEs. Typically, the maximum guaranteed PoE power is equal to the maximum PoE power.
Powered PoE Ports	Number of PIs that are supplying power.
PSE ID	ID of the PSE.
Max	Maximum power of the PSE.
Current	Current power of the PSE.
Peak	Peak power of the PSE.
Average	Average power of the PSE.
Remaining Guaranteed	Remaining guaranteed power of the PSE = Maximum guaranteed power of the PSE – Total maximum power of all critical PIs of the PSE Typically, the maximum guaranteed PSE power is equal to the maximum PSE power.
Powered Ports	Number of PIs that are receiving power from the PSE.

display poe pse

Use display poe pse to display detailed PSE information.

Syntax

display poe pse [ pse-id ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

pse-id: Specifies a PSE by its ID. If you do not specify a PSE, this command displays information about all PSEs.

Examples

# Display detailed information about PSE 7.

<Sysname> display poe pse 7

PSE ID : 7

Slot No. : 2

PSE Model : LSBMPOEGV48TP

PSE Status : Enabled

PSE Preempted : No

Power Priority : Low

Current Power : 130 W

Average Power : 20 W

Peak Power : 240 W

Max Power : 200 W

Remaining Guaranteed Power : 120 W

PSE CPLD Version : 100

PSE Software Version : 200

PSE Hardware Version : 100

Legacy PD Detection : Disabled

Power Utilization Threshold : 80

PSE Power Policy : Disabled

PD Power Policy : Disabled

PD Disconnect-Detection Mode : DC

# (Distributed devices in IRF mode.) Display detailed information about PSE 7.

<Sysname> display poe pse 7

PSE ID : 7

Chassis : 1

Slot No. : 2

SSlot No. : 0

PSE Model : LSBMPOEGV48TP

PSE Status : Disabled

PSE Preempted : No

Power Priority : Low

Current Power : 0 W

Average Power : 0 W

Peak Power : 0 W

Max Power : 200 W

Remaining Guaranteed Power : 200 W

PSE CPLD Version : 100

PSE Software Version : 200

PSE Hardware Version : 100

Legacy PD Detection : Disabled

Power Utilization Threshold : 80

PSE Power Policy : Disabled

PD Power Policy : Disabled

PD Disconnect Detection Mode : DC

Table 26 Command output

Field	Description
PSE ID	ID of the PSE.
Slot No.	Slot number of the PSE.
SSlot No.	Subslot number of the PSE.
Chassis	In IRF mode, member ID of the device where the PSE resides.
PSE Status	PoE status of the PSE: · Enabled. · Disabled.
Preempted	Power preemption status for the PSE: · No—The system has sufficient power for the PSE. · Yes—The system has supplied power to other PSEs and does not have sufficient power for this PSE.
Power Priority	Power priority of the PSE.
Current Power	Current power of the PSE.
Average Power	Average power of the PSE.
Peak Power	Peak power of the PSE.
Max Power	Maximum power of the PSE.
Remaining Guaranteed Power	Remaining guaranteed power of the PSE = Maximum guaranteed power of the PSE – Total maximum power of all critical PIs of the PSE.
PSE CPLD Version	PSE CPLD version number.
PSE Software Version	PSE software version number.
PSE Hardware Version	PSE hardware version number.
Legacy PD Detection	Nonstandard PD detection status: · Enabled. · Disabled.
Power Utilization Threshold	PSE power alarm threshold.
PSE Power Policy	PSE power management policy mode.
PD Power Policy	PD power management policy mode.
PD Disconnect Detection Mode	PD disconnection detection mode.

display poe pse interface

Use display poe pse interface to display the PoE status of all PIs on a PSE.

Syntax

display poe pse pse-id interface

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

pse pse-id: Specifies a PSE ID. To display PSE ID and slot mappings, use the display poe device command.

Examples

# Display the status of all PIs on PSE 7.

<Sysname> display poe pse 7 interface

Interface PoE Priority CurPower Oper IEEE Detection

(W) Class Status

GE1/0/1 Enabled Low 4.4 On 1 Delivering Power

GE1/0/2 Enabled Critical 0.0 Power-lack - Disabled

GE1/0/3 Enabled Low 0.0 Power-deny - Disabled

GE1/0/4 Enabled Critical 0.0 On - Searching

GE1/0/5 Enabled Low 4.0 Power-limit 2 Delivering Power

GE1/0/6 Enabled Low 0.0 Power-itself - Disabled

GE1/0/7 Disabled Low 0.0 Off - Fault

--- On State Ports: 2; Used: 8.4(W); Remaining: 171.6 (W) ---

Table 27 Command output

Field	Description
Interface	Interface name of a PI.
PoE	PoE status of a PI: · Enabled. · Disabled.
Priority	Priority of a PI: · Critical (highest). · High. · Low.
CurPower	Current power of a PI.
Oper	Operating status of a PI: · Off—PoE is disabled. · On—Power is being supplied to the PI correctly. · Power-lack—Remaining guaranteed power is insufficient for a critical PI. · Power-deny—The PSE refuses to supply power. The power required by the PD is higher than the configured power. · Power-itself—The PD is using another power supply. · Power-limit—The PSE is supplying power to the PD based on the configured power though the PD requires more power than the configured power.
IEEE Class	PD power class: 0, 1, 2, 3, or 4. If the PSE does not support PD classification, this field displays a hyphen (-).
Detection Status	Power detection status of a PI: · Disabled—PoE function is disabled. · Searching—The PI is searching for the PD. · Delivering Power—The PI is supplying power to the PD. · Fault—A fault occurred during the test. · Test—The PI is undergoing a test. · Other Fault—A fault has caused the PSE to enter the idle status. · PD Disconnected—The PD is disconnected.
On State Ports	Number of PIs that are supplying power.
Used	Power consumed by PIs on the PSE.
Remaining	Remaining power on the PSE.

display poe pse interface power

Use display poe pse interface power to display power information for PIs on a PSE.

Syntax

display poe pse pse-id interface power

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

pse pse-id: Specifies a PSE by its ID. To display PSE ID and slot mappings, use the display poe device command.

Examples

# Display power information for PIs on PSE 7.

<Sysname> display poe pse 7 interface power

Interface Current Peak Max PD Description

(W) (W) (W)

GE1/0/25 4.4 4.5 4.6 IP Phone on Room 309 for Peter Smith

GE1/0/26 4.4 4.5 15.4 IP Phone on Room 409 for Peter Pan

GE1/0/27 15.0 15.3 15.4 Access Point on Room 509 for Peter

GE1/0/28 0.0 0.0 5.0 IP Phone on Room 609 for Peter John

GE1/0/29 0.0 0.0 4.0 IP Phone on Room 709 for Jack

GE1/0/30 0.0 0.0 5.0 IP Phone on Room 809 for Alien

--- On State Ports: 3; Used: 23.8(W); Remaining: 776.2(W) ---

Table 28 Command output

Field	Description
Interface	Interface name of a PI.
Current	Current power of a PI.
Peak	Peak power of a PI.
Max	Maximum power of a PI.
PD Description	Type and location description for the PD connected with a PI.
Ports On	Number of PIs that are supplying power.
Used	Power consumed by all PIs.
Remaining	Remaining power on the PSE.

display poe-profile

Use display poe-profile to display information about the PoE profile.

Syntax

display poe-profile [ index index | name profile-name ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

index index: Specifies a PoE profile by its index number in the range of 1 to 100.

name profile-name: Specifies a PoE profile by its name, a case-sensitive string of 1 to 15 characters.

Usage guidelines

If you do not specify a profile, the command displays information about all PoE profiles.

Examples

# Display information about all PoE profiles.

<Sysname> display poe-profile

PoE Profile Index ApplyNum Interfaces Configuration

forIPphone 1 6 GE1/0/5 poe enable

GE1/0/6 poe priority critical

GE1/0/7

GE1/0/8

GE1/0/9

GE1/0/10

forAP 2 2 GE1/0/11 poe enable

GE1/0/12 poe max-power 14000

--- Total PoE profiles: 2, total ports: 8 ---

# Display information about the PoE profile with index number 1.

<Sysname> display poe-profile index 1

PoE Profile Index ApplyNum Interfaces Configuration

forIPphone 1 6 GE1/0/5 poe enable

GE1/0/6 poe priority critical

GE1/0/7

GE1/0/8

GE1/0/9

GE1/0/1

--- Total ports: 6 ---

Table 29 Command output

Field	Description
PoE Profile	Name of the PoE profile.
Index	Index number of the PoE profile.
ApplyNum	Number of PIs to which the PoE profile is applied.
Interfaces	Interface name of the PI to which the PoE configuration is applied.
Configuration	Configurations of the PoE profile.
Total PoE profiles	Number of PoE profiles.
Total ports	Number of PIs to which all PoE profiles are applied.

display poe-profile interface

Use display poe-profile interface to display information about the PoE profile on a PI.

Syntax

display poe-profile interface interface-type interface-number

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

interface-type interface-number: Specifies an interface by its type and number.

Examples

# Display information about the PoE profile on GigabitEthernet 1/0/1.

<Sysname> display poe-profile interface gigabitethernet 1/0/1

PoEProfile Index ApplyNum Interface Effective configuration

forIPphone 1 6 GE1/0/1 poe enable

poe priority critical

The Effective configuration field displays the configurations that have taken effect. For the descriptions of other fields, see Table 29.

poe disconnect

Use poe disconnect to configure a PD disconnection detection mode.

Use undo poe disconnect to restore the default.

Syntax

poe disconnect { ac | dc }

undo poe disconnect

Default

The PD disconnection detection mode is ac.

Views

System view

Predefined user roles

network-admin

Parameters

ac: Specifies the PD disconnection detection mode as ac.

dc: Specifies the PD disconnection detection mode as dc.

Usage guidelines

If you change the PD disconnection detection mode while the device is running, the connected PDs are powered off.

Examples

# Set the PD disconnection detection mode to dc.

<Sysname> system-view

[Sysname] poe disconnect dc

Related commands

display poe pse

poe enable

Use poe enable to enable PoE on a PI.

Use undo poe enable to disable PoE on a PI.

Syntax

poe enable

undo poe enable

Default

PoE is disabled on a PI.

Views

PI view

PoE profile view

Predefined user roles

network-admin

Usage guidelines

If a PoE profile has been applied to a PI, remove the application before configuring the PI in PoE profile view.

If a PI has been configured, remove the configuration before configuring the PI in PI view.

Examples

# Enable PoE on a PI in PI view.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] poe enable

# Enable PoE on a PI in PoE profile view.

<Sysname> system-view

[Sysname] poe-profile abc

[Sysname-poe-profile-abc-1] poe enable

Related commands

display poe interface

poe-profile

poe enable pse

Use poe enable pse to enable PoE for a PSE.

Use undo poe enable pse to disable PoE for the PSE.

Syntax

poe enable pse pse-id

undo poe enable pse pse-id

Default

PoE is disabled on PSEs.

Views

System view

Predefined user roles

network-admin

Parameters

pse-id: Specifies a PSE by its ID.

Examples

# Enable PoE for PSE 7.

<Sysname> system-view

[Sysname] poe enable pse 7

Related commands

display poe pse

poe legacy enable

Use poe legacy enable to enable a PSE to detect nonstandard PDs.

Use undo poe legacy enable to disable the PSE from detecting nonstandard PDs.

Syntax

poe legacy enable pse pse-id

undo poe legacy enable pse pse-id

Default

Nonstandard PD detection is disabled.

Views

System view

Predefined user roles

network-admin

Parameters

pse pse-id: Specifies a PSE by its ID.

Examples

# Enable PSE 7 to detect nonstandard PDs.

<Sysname> system-view

[Sysname] poe legacy enable pse 7

Related commands

display poe pse

poe max-power

Use poe max-power to set the maximum PI power.

Use undo poe max-power to restore the default.

Syntax

poe max-power max-power

undo poe max-power

Default

The maximum PI power is 15400 milliwatts.

Views

PI view

PoE profile view

Predefined user roles

network-admin

Parameters

max-power: Sets the maximum PI power in milliwatts.

Examples

# Set the maximum PI power to 12000 milliwatts in PI view.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] poe max-power 12000

# Set the maximum PI power to 12000 milliwatts in PoE profile view.

<Sysname> system-view

[Sysname] poe-profile abc

[Sysname-poe-profile-abc-1] poe max-power 12000

Related commands

poe max-power (system view)

Use poe max-power to set the maximum PSE power.

Use undo poe max-power to restore the default.

Syntax

poe pse pse-id max-power max-power

undo poe pse pse-id max-power

Default

The maximum PSE power is 37 watts.

Views

System view

Predefined user roles

network-admin

Parameters

max-power: Sets the maximum PSE power in watts. The value range for the SIC-4FSWP is from 37 watts to 87 watts. The value range for the DSIC-9FSWP is from 37 watts to 174 watts.

pse pse-id: Specifies a PSE by its ID.

Usage guidelines

To avoid the PSE power overload situation, make sure the total power of all PSEs is less than the maximum PoE power.

The maximum power of the PSE must be greater than or equal to the total maximum power of all its critical PIs on the PSE to guarantee these PIs power.

Examples

# Set the maximum PSE power of PSE 7 to 150 watts.

<Sysname> system-view

[Sysname] poe pse 7 max-power 150

Related commands

poe priority pse

poe pd-description

Use poe pd-description to configure a description for the PD that connects to a PI.

Use undo poe pd-description to restore the default.

Syntax

poe pd-description text

undo poe pd-description

Default

No description is configured for the PD that connects to a PI.

Views

PI view

Predefined user roles

network-admin

Parameters

text: Configures a description for the PD connected to the PI, a case-sensitive string of 1 to 80 characters.

Examples

# Configure the description for the PD as IP Phone for Room 101.

<Sysname> system-view

[Sysname] interface gigabitEthernet 1/0/1

[Sysname-GigabitEthernet1/0/1] poe pd-description IP Phone For Room 101

poe pd-policy priority

Use poe pd-policy priority to enable PI power management.

Use undo poe pd-policy priority to restore the default.

Syntax

poe pd-policy priority

undo poe pd-policy priority

Default

PI power management is disabled.

Views

System view

Predefined user roles

network-admin

Usage guidelines

If PI power management is disabled, the PSE does not supply power to new PDs when PSE power overload occurs.

If PI power management is enabled, when a PSE is overloaded, the PSE allocates power to PDs based on the priority of their PIs.

Examples

# Enable PI power management.

<Sysname> system-view

[Sysname] poe pd-policy priority

Related commands

poe priority

Use poe priority to set the power supply priority for a PI.

Use undo poe priority to restore the default.

Syntax

poe priority { critical | high | low }

undo poe priority

Default

The power supply priority of a PI is low.

Views

PI view

PoE profile view

Predefined user roles

network-admin

Parameters

critical: Sets the power supply priority to critical. The PI with critical power priority operates in guaranteed mode. Power is first supplied to the PD connected to the critical PI.

high: Sets the power supply priority to high.

low: Sets the power supply priority to low.

Usage guidelines

When the PoE power is insufficient, power is first supplied to PIs with higher priority.

For PIs with same power supply priority, the PI with the smallest ID is allocated with power first.

If a PoE profile has been applied to a PI, remove the application before configuring the PI in PoE profile view.

If a PI has been configured, remove the configuration before configuring the PI in PI view.

Examples

# Set the power supply priority of the PI to critical in PI view.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] poe priority critical

# Set the power supply priority of the PI to critical in PoE profile view.

<Sysname> system-view

[Sysname] poe-profile abc

[Sysname-poe-profile-abc-1] poe priority critical

[Sysname-poe-profile-abc-1] quit

[Sysname] interface gigabitEthernet 1/0/1

[Sysname-GigabitEthernet1/0/1] apply poe-profile name abc

Related commands

poe pd-policy priority

poe priority (system view)

Use poe priority to set the power supply priority for a PSE.

Use undo poe priority to restore the default.

Syntax

poe priority { critical | high | low } pse pse-id

undo poe priority pse pse-id

Default

The power supply priority of a PSE is low.

Views

System view

Predefined user roles

network-admin

Parameters

critical: Sets the power supply priority to critical. The PSE with critical power priority operates in guaranteed mode, and power is supplied to it first.

high: Sets the power supply priority to high.

low: Sets the power supply priority to low.

pse pse-id: Specifies a PSE by its ID.

Usage guidelines

If PSE power management is disabled, the system does not supply power to new PSEs when PoE power overload occurs.

If PSE power management is enabled, when PSE power overload occurs, the system supplies power to a PSE with higher priority. For multiple PSEs with the same priority, the PSE with a smaller ID gets power supplied first.

For example, if PoE is enabled for a PSE, and the PSE has higher priority, the system performs the following operations:

· Stops supplying power to a PSE with lower priority.

· Supplies power to the PSE that has higher priority.

Examples

# Set the power supply priority of PSE 7 to critical.

<Sysname> system-view

[Sysname] poe priority critical pse 7

Related commands

poe pse-policy priority

Use poe pse-policy priority to enable PSE power management.

Use undo poe pse-policy priority to disable PSE power management.

Syntax

poe pse-policy priority

undo poe pse-policy priority

Default

PSE power management is disabled.

Views

System view

Predefined user roles

network-admin

Usage guidelines

If PSE power management is disabled, the system does not supply power to new PSEs when PoE power overload occurs.

If PSE power management is enabled, the system supplies power based on the PSE priority and PSE ID when a new PSE causes PoE power overload.

Examples

# Enable PSE power management.

<Sysname> system-view

[Sysname] poe pse-policy priority

Related commands

poe priority (system view)

poe update

Use poe update to upgrade a PSE firmware when the device is operating.

Syntax

poe update { full | refresh } filename [ pse pse-id ]

Views

System view

Predefined user roles

network-admin

Parameters

full: Upgrades the PSE firmware in full mode.

refresh: Upgrades the PSE firmware in refresh mode.

filename: Specifies the name of the upgrade file, a case-insensitive string of 1 to 64 characters. The specified file must be in the root directory of the file system of the device.

pse pse-id: Specifies a PSE by its ID. If you do not specify a PSE, all PSEs are upgraded.

Usage guidelines

You can upgrade the PSE firmware in service in either of the following modes:

· Refresh mode—Updates the PSE firmware without deleting it. You can use the refresh mode in most cases.

· Full mode—Deletes the current PSE firmware and reloads a new one. Use the full mode if the PSE firmware is damaged and you cannot execute any PoE commands.

Examples

# Upgrade the firmware of PSE 7 in service.

<Sysname> system-view

[Sysname] poe update refresh POE-168.bin pse 7

poe-profile

Use poe-profile to create a PoE profile and enter its view, or enter the view of an existing PoE profile.

Use undo poe-profile to delete a PoE profile.

Syntax

poe-profile profile-name [ index ]

undo poe-profile { index index | name profile-name }

Default

No PoE profiles exist.

Views

System view

Predefined user roles

network-admin

Parameters

profile-name: Specifies a PoE profile name, a case-sensitive string of 1 to 15 characters. A PoE configuration file name begins with a letter and must not contain reserved keywords including undo, all, name, interface, user, poe, disable, max-power, mode, priority, or enable.

index: Specifies the index number of a PoE profile, in the range of 1 to 100.

Usage guidelines

To configure PIs in batches, use the PoE profile.

If you do not specify a profile index, the system automatically assigns an index (starting from 1) to the PoE profile.

If a PoE profile is applied, use the undo apply poe-profile command to remove the application before deleting the PoE profile.

Examples

# Create a PoE profile, name it abc, and specify the index number as 3.

<Sysname> system-view

[Sysname] poe-profile abc 3

[Sysname-poe-profile-abc-3]

# Create a PoE profile and name it def. Do not specify the index number.

<Sysname> system-view

[Sysname] poe-profile def

[Sysname-poe-profile-def-1]

Related commands

apply poe-profile

poe enable

poe max-power

poe priority

poe utilization-threshold

Use poe utilization-threshold to configure a power alarm threshold for a PSE.

Use undo poe utilization-threshold to restore the default power alarm threshold of a PSE.

Syntax

poe utilization-threshold value pse pse-id

undo poe utilization-threshold pse pse-id

Default

The power alarm threshold for the PSE is 80%.

Views

System view

Predefined user roles

network-admin

Parameters

value: Specifies alarm threshold as a percentage of 1 to 99.

pse pse-id: Specifies a PSE by its ID.

Usage guidelines

If PSE power usage crosses the threshold multiple times in succession, the system sends notification messages only for the first crossing. For more information, see "Configuring SNMP."

Examples

# Set the power alarm threshold of PSE 7 to 90%.

<Sysname> system-view

[Sysname] poe utilization-threshold 90 pse 7

SNMP commands

The device supports the FIPS mode that complies with NIST FIPS 140-2 requirements. Support for features, commands, and parameters might differ in FIPS mode and non-FIPS mode. For more information about FIPS mode, see Security Configuration Guide.

The SNMP agent sends notifications (traps and informs) to inform the NMS of significant events, such as link state changes and user logins or logouts. Unless otherwise stated, the trap keyword in the command line includes both traps and informs.

display snmp-agent community

Use display snmp-agent community to display SNMPv1 or SNMPv2c community information.

Syntax

display snmp-agent community [ read | write ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

read: Specifies SNMP read-only communities.

write: Specifies SNMP read and write communities.

Usage guidelines

This command is not supported in FIPS mode.

If no keyword is specified, this command displays information about all SNMPv1 and SNMPv2c communities.

The communities include:

· Those configured with the snmp-agent community command.

· Those automatically created by the system for SNMPv1 and SNMPv2c users that have been assigned to an existing SNMP group.

Examples

# Display information about all SNMPv1 and SNMPv2c communities.

<Sysname> display snmp-agent community

Community name: aa

Group name: aa

ACL:2001

Storage-type: nonVolatile

Context name: con1

Community name: bb

Role name: bb

Storage-type: nonVolatile

Community name: userv1

Group name: testv1

Storage type: nonvolatile

Community name: cc

Group name: cc

ACL name: testacl

Storage type: nonVolatile

Table 30 Command output

Field	Description
Community name	Community name created by using the snmp-agent community command or username created by using the snmp-agent usm-user { v1 \| v2c } command.
Group name	SNMP group name. · If the community is created by using the snmp-agent community command in VACM mode, the group name is the same as the community name. · If the community is created by using the snmp-agent usm-user { v1 \| v2c } command, the name of the group that has the user is displayed.
Role name	User role name for the community. If the community is created by using the snmp-agent community command in RBAC mode, a user role can be bound to the community name.
ACL	Number of the ACL that controls the access of the NMSs in the community to the device. Only the NMSs with the IP addresses permitted in the ACL can access the device with the community name. This field appears only when an SNMPv1 or SNMPv2c user is associated with an ACL rule. It is exclusive with the ACL name field.
ACL name	Name of the ACL that controls the access of the NMSs in the community to the device. Only the NMSs with the IP addresses permitted in the ACL can access the device with the community name. This field appears only when an SNMPv1 or SNMPv2c user is associated with an ACL rule. It is exclusive with the ACL field.
Storage type	Storage type: · volatile—Settings are lost when the system reboots. · nonVolatile—Settings remain after the system reboots. · permanent—Settings remain after the system reboots and can be modified but not deleted. · readOnly—Settings remain after the system reboots and cannot be modified or deleted. · other—Any other storage type.
Context name	SNMP context: · If a mapping between an SNMP community and an SNMP context is configured, the SNMP context is displayed. · If no mapping between an SNMP community and an SNMP context exists, this field is empty.

Related commands

snmp-agent community

snmp-agent usm-user { v1 | v2c }

display snmp-agent context

Use display snmp-agent context to display an SNMP context.

Syntax

display snmp-agent context [ context-name ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

context-name: Specifies an SNMP context by its name, a case-sensitive string of 1 to 32 characters. If no SNMP context is specified, this command displays all SNMP contexts created on the device.

Examples

# Display all SNMP contexts created on the device.

<Sysname> display snmp-agent context

testcontext

Related commands

snmp-agent context

display snmp-agent group

Use display snmp-agent group to display SNMP group information, including the group name, security model, MIB view, and storage-type.

Syntax

display snmp-agent group [ group-name ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

group-name: Specifies an SNMPv1, SNMPv2c, or SNMPv3 group name in non-FIPS mode, and an SNMPv3 group name in FIPS mode. It is a case-sensitive string of 1 to 32 characters. If no group is specified, this command displays information about all SNMP groups.

Examples

# Display information about all SNMP groups.

<Sysname> display snmp-agent group

Group name: groupv3

Security model: v3 noAuthnoPriv

Readview: ViewDefault

Writeview: <no specified>

Notifyview: <no specified>

Storage-type: nonvolatile

ACL name: testacl

Table 31 Command output

Field	Description
Group name	SNMP group name.
Security model	Security model of the SNMP group: · authPriv—Authentication with privacy. · authNoPriv—Authentication without privacy. · noAuthNoPriv—No authentication, no privacy. Security model of an SNMPv1 or SNMPv2c group can only be noAuthNoPriv.
Readview	Read-only MIB view accessible to the SNMP group.
Writeview	Write MIB view accessible to the SNMP group.
Notifyview	Notify MIB view for the SNMP group. The SNMP users in the group can send notifications only for the nodes in the notify MIB view.
Storage-type	Storage type, including volatile, nonvolatile, permanent, readOnly, and other (see Table 30).
ACL	Number of the ACL that controls the access of the NMSs in the SNMP group to the device. This field appears only when an ACL is assigned to the SNMP group. It is exclusive with the ACL name field.
ACL name	Name of the ACL that controls the access of the NMSs in the SNMP group to the device. This field appears only when an ACL is assigned to the SNMP group. It is exclusive with the ACL field.

Related commands

snmp-agent group

display snmp-agent local-engineid

Use display snmp-agent local-engineid to display the local SNMP engine ID.

Syntax

display snmp-agent local-engineid

Views

Any view

Predefined user roles

network-admin

network-operator

Usage guidelines

Every SNMP agent has one SNMP engine to provide services for sending and receiving messages, authenticating and encrypting messages, and controlling access to managed objects.

The local SNMP engine ID uniquely identifies the SNMP engine of the SNMP agent in an SNMP domain.

Examples

# Display the local engine ID.

<Sysname> display snmp-agent local-engineid

SNMP local engine ID: 800063A2800084E52BED7900000001

Related commands

snmp-agent local-engineid

display snmp-agent mib-node

Use display snmp-agent mib-node to display SNMP MIB node information.

Syntax

display snmp-agent mib-node [ details | index-node | trap-node | verbose ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

details: Specifies detailed MIB node information, including node name, last octet of an OID string, and name of the next leaf node.

index-node: Specifies SNMP MIB tables, and node names and OIDs of MIB index nodes.

trap-node: Specifies node names and OIDs of MIB notification nodes, and node names and OIDs of notification objects.

verbose: Specifies detailed information about SNMP MIB nodes, including node names, OIDs, node types, permissions to MIB nodes, data types, MORs, and parent, child, and sibling nodes.

Usage guidelines

If no keywords are specified, this command displays information about all SNMP MIB nodes, including node name, OID, and permissions to MIB nodes.

The SNMP software package includes different MIB files. Support for MIBs varies by SNMP software versions.

Examples

# Display SNMP MIB node information.

<Sysname> display snmp-agent mib-node

iso<1>(NA)

|-std<1.0>(NA)

|-iso8802<1.0.8802>(NA)

|-ieee802dot1<1.0.8802.1>(NA)

|-ieee802dot1mibs<1.0.8802.1.1>(NA)

|-lldpMIB<1.0.8802.1.1.2>(NA)

|-lldpNotifications<1.0.8802.1.1.2.0>(NA)

|-lldpNotificationPrefix<1.0.8802.1.1.2.0.0>(NA)

|-lldpRemTablesChange<1.0.8802.1.1.2.0.0.1>(NA)

|-lldpObjects<1.0.8802.1.1.2.1>(NA)

|-lldpConfiguration<1.0.8802.1.1.2.1.1>(NA)

|-*lldpMessageTxInterval<1.0.8802.1.1.2.1.1.1>(RW)

|-*lldpMessageTxHoldMultiplier<1.0.8802.1.1.2.1.1.2>(RW)

|-*lldpReinitDelay<1.0.8802.1.1.2.1.1.3>(RW)

Table 32 Command output

Field	Description
-std	MIB node name.
<1.0>	OID of a MIB node.
(NA)	Permissions to MIB nodes: · NA—Not accessible. · NF—Notifications. · RO—Read-only access. · RW—Read and write access. · RC—Read-write-create access. · WO—Write-only access.
*	Leaf node or MIB table node.

# Display detailed MIB node information.

<Sysname> display snmp-agent mib-node details

iso(1)(lldpMessageTxInterval)

|-std(0)(lldpMessageTxInterval)

|-iso8802(8802)(lldpMessageTxInterval)

|-ieee802dot1(1)(lldpMessageTxInterval)

|-ieee802dot1mibs(1)(lldpMessageTxInterval)

|-lldpMIB(2)(lldpMessageTxInterval)

|-lldpNotifications(0)(lldpMessageTxInterval)

|-lldpNotificationPrefix(0)(lldpMessageTxInterval)

|-lldpRemTablesChange(1)(NULL)

|-lldpObjects(1)(lldpMessageTxInterval)

|-lldpConfiguration(1)(lldpMessageTxInterval)

|-*lldpMessageTxInterval(1)(lldpMessageTxHoldMultiplier)

|-*lldpMessageTxHoldMultiplier(2)(lldpReinitDelay)

|-*lldpReinitDelay(3)(lldpTxDelay)

|-*lldpTxDelay(4)(lldpNotificationInterval)

|-*lldpNotificationInterval(5)(lldpPortConfigPortNum)

|-lldpPortConfigTable(6)(lldpPortConfigPortNum)

|-lldpPortConfigEntry(1)(lldpPortConfigPortNum)

|-*lldpPortConfigPortNum(1)(lldpPortConfigAdminStatus)

|-*lldpPortConfigAdminStatus(2)(lldpPortConfigNotificationEnable)

|-*lldpPortConfigNotificationEnable(3)(lldpPortConfigTLVsTxEnable)

|-*lldpPortConfigTLVsTxEnable(4)(lldpConfigManAddrPortsTxEnable)

Table 33 Command output

Field	Description
-std	MIB node name.
(0)	Last bit of a MIB OID string.
(lldpMessageTxInterval)	Name of a leaf node.
*	Leaf node or MIB table node.

# Display MIB table names, and node names and OIDs of MIB index nodes.

<Sysname> display snmp-agent mib-node index-node

Table |lldpPortConfigTable

Index ||lldpPortConfigPortNum

OID ||| 1.0.8802.1.1.2.1.1.6.1.1

Table |lldpConfigManAddrTable

Index ||lldpLocManAddrSubtype

OID ||| 1.0.8802.1.1.2.1.3.8.1.1

Index ||lldpLocManAddr

OID ||| 1.0.8802.1.1.2.1.3.8.1.2

Table |lldpStatsTxPortTable

Index ||lldpStatsTxPortNum

OID ||| 1.0.8802.1.1.2.1.2.6.1.1

Table |lldpStatsRxPortTable

Index ||lldpStatsRxPortNum

OID ||| 1.0.8802.1.1.2.1.2.7.1.1

Table |lldpLocPortTable

Index ||lldpLocPortNum

OID ||| 1.0.8802.1.1.2.1.3.7.1.1

Table 34 Command output

Field	Description
Table	MIB table name.
Index	Name of a MIB index node.
OID	OID of a MIB index node.

# Display names and OIDs of MIB notification nodes, and names and OIDs of notification objects.

<Sysname> display snmp-agent mib-node trap-node

Name |lldpRemTablesChange

OID ||1.0.8802.1.1.2.0.0.1

Trap Object

Name |||lldpStatsRemTablesInserts

OID ||||1.0.8802.1.1.2.1.2.2

Name |||lldpStatsRemTablesDeletes

OID ||||1.0.8802.1.1.2.1.2.3

Name |||lldpStatsRemTablesDrops

OID ||||1.0.8802.1.1.2.1.2.4

Name |||lldpStatsRemTablesAgeouts

OID ||||1.0.8802.1.1.2.1.2.5

Name |lldpXMedTopologyChangeDetected

OID ||1.0.8802.1.1.2.1.5.4795.0.1

Trap Object

Name |||lldpRemChassisIdSubtype

OID ||||1.0.8802.1.1.2.1.4.1.1.4

Name |||lldpRemChassisId

OID ||||1.0.8802.1.1.2.1.4.1.1.5

Name |||lldpXMedRemDeviceClass

OID ||||1.0.8802.1.1.2.1.5.4795.1.3.1.1.3

Name |mplsL3VpnVrfUp

OID ||1.3.6.1.2.1.10.166.11.0.1

Trap Object

Name |||mplsL3VpnIfConfRowStatus

OID ||||1.3.6.1.2.1.10.166.11.1.2.1.1.5

Name |||mplsL3VpnVrfOperStatus

OID ||||1.3.6.1.2.1.10.166.11.1.2.2.1.6

Table 35 Command output

Field	Description
Name	Name of a MIB notification node.
OID	OID of a MIB notification node.
Trap Object	Name and OID of a notification object.

# Display detailed information about SNMP MIB nodes, including node names, OIDs, node types, permissions to MIB nodes, data types, MORs, and parent, child, and sibling nodes.

<Sysname> display snmp-agent mib-node verbose

Name |lldpNotificationInterval

OID ||1.0.8802.1.1.2.1.1.5

Properties ||NodeType: Leaf

||AccessType: RW

||DataType: Integer32

||MOR: 0x020c1105

Parent ||lldpConfiguration

First child ||

Next leaf ||lldpPortConfigPortNum

Next sibling ||lldpPortConfigTable

Allow ||get/set/getnext

Value range || [5..3600]

Name |lldpPortConfigTable

OID ||1.0.8802.1.1.2.1.1.6

Properties ||NodeType: Table

||AccessType: NA

||DataType: NA

||MOR: 0x00000000

Parent ||lldpConfiguration

First child ||lldpPortConfigEntry

Next leaf ||lldpPortConfigPortNum

Next sibling ||lldpConfigManAddrTable

Name |lldpPortConfigEntry

OID ||1.0.8802.1.1.2.1.1.6.1

Properties ||NodeType: Row

||AccessType: NA

||DataType: NA

||MOR: 0x00000000

Parent ||lldpPortConfigTable

First child ||lldpPortConfigPortNum

Next leaf ||lldpPortConfigPortNum

Next sibling ||

Index ||[indexImplied:0, indexLength:1]:

Name |lldpPortConfigPortNum

OID ||1.0.8802.1.1.2.1.1.6.1.1

Properties ||NodeType: Column

||AccessType: NA

||DataType: Integer32

||MOR: 0x020c1201

Parent ||lldpPortConfigEntry

First child ||

Next leaf ||lldpPortConfigAdminStatus

Next sibling ||lldpPortConfigAdminStatus

Allow ||get/set/getnext

Index ||[indexImplied:0, indexLength:1]:

Value range || [1..4096]

Name |lldpPortConfigAdminStatus

OID ||1.0.8802.1.1.2.1.1.6.1.2

Properties ||NodeType: Column

||AccessType: RW

||DataType: Integer

||MOR: 0x020c1202

Parent ||lldpPortConfigEntry

First child ||

Next leaf ||lldpPortConfigNotificationEnable

Next sibling ||lldpPortConfigNotificationEnable

Allow ||get/set/getnext

Index ||[indexImplied:0, indexLength:1]:

Value range ||

|| ['txOnly', 1]

|| ['rxOnly', 2]

|| ['txAndRx', 3]

|| ['disabled', 4]

Table 36 Command output

Field	Description
Name	MIB node name.
OID	OID of a MIB node.
NodeType	MIB node types: · Table—Table node. · Row—Row node in a MIB table. · Column—Column node in a MIB table. · Leaf—Leaf node. · Group—Group node (parent node of a leaf node). · Trapnode—Notification node. · Other—Other node types.
AccessType	Permissions to MIB nodes: · NA—Not accessible. · NF—Supports notifications. · RO—Supports read-only access. · RW—Supports read and write access. · RC—Supports read-write-create access. · WO—Supports write-only access.
DataType	Data types of MIB nodes: · Integer—An integer. · Integer32—A 32-bit integer. · Unsigned32—A 32-bit integer with no mathematical sign. · Gauge—A non-negative integer that might increase or decrease. · Gauge32—A 32-bit non-negative integer that might increase or decrease. · Counter—A non-negative integer that might increase but not decrease. · Counter32—A 32-bit non-negative integer that might increase but not decrease. · Counter64—A 64-bit non-negative integer that might increase but not decrease. · Timeticks—A non-negative integer for time keeping. · Octstring—An octal string. · OID—Object identifier. · IPaddress—A 32-bit IP address. · Networkaddress—A network IP address. · Opaque—Any data. · Userdefined—User-defined data. · BITS—Bit enumeration.
MOR	MOR for a MIB node.
Parent	Name of a parent node.
First child	Name of the first leaf node.
Next leaf	Name of the next leaf node.
Next sibling	Name of the next sibling node.
Allow	Operation types allowed: · get/set/getnext—All operations. · get—Get operation. · set—Set operation. · getnext—GetNext operation.
Value range	Value range of a MIB node.
Index	Table index. This field appears only for a table node.

display snmp-agent mib-view

Use display snmp-agent mib-view to display MIB views.

Syntax

display snmp-agent mib-view [ exclude | include | viewname view-name ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

exclude: Displays the subtrees excluded from any MIB view.

include: Displays the subtrees included in any MIB view.

viewname view-name: Displays information about the specified MIB view. The view-name argument is a case-sensitive string of 1 to 32 characters.

Usage guidelines

If you do not specify any parameters, this command displays all MIB views.

Examples

# Display all MIB views.

<Sysname> display snmp-agent mib-view

View name: ViewDefault

MIB Subtree: iso

Subtree mask:

Storage-type: nonVolatile

View Type: included

View status: active

View name: ViewDefault

MIB Subtree: snmpUsmMIB

Subtree mask:

Storage-type: nonVolatile

View Type: excluded

View status: active

View name: ViewDefault

MIB Subtree: snmpVacmMIB

Subtree mask:

Storage-type: nonVolatile

View Type: excluded

View status: active

View name: ViewDefault

MIB Subtree: snmpModules.18

Subtree mask:

Storage-type: nonVolatile

View Type: excluded

View status: active

ViewDefault is the default MIB view. The output shows that except for the MIB objects in the snmpUsmMIB, snmpVacmMIB, and snmpModules.18 subtrees, all the MIB objects in the iso subtree are accessible.

Table 37 Command output

Field	Description
View name	MIB view name.
MIB Subtree	MIB subtree covered by the MIB view.
Subtree mask	MIB subtree mask.
Storage-type	Type of the medium (see Table 30) where the subtree view is stored.
View Type	Access privilege for the MIB subtree in the MIB view: · Included—All objects in the MIB subtree are accessible in the MIB view. · Excluded—None of the objects in the MIB subtree is accessible in the MIB view.
View status	Status of the MIB view: · active—MIB view is effective. · inactive—MIB view is ineffective. MIB views are active upon their creation at the CLI. To temporarily disable a MIB view without deleting it, you can perform an SNMP set operation to set its status to inactive.

Related commands

snmp-agent mib-view

display snmp-agent remote

Use display snmp-agent remote to display remote SNMP engine IDs configured by using the snmp-agent remote command.

Syntax

display snmp-agent remote [ { ipv4-address | ipv6 ipv6-address } [ vpn-instance vpn-instance-name ] ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

ipv4-address: Specifies the IPv4 address of a remote SNMP entity to display its SNMP engine ID.

ipv6 ipv6-address: Specifies the IPv6 address of a remote SNMP entity to display its SNMP engine ID.

vpn-instance vpn-instance-name: Specifies the VPN for a remote SNMP entity. The vpn-instance-name argument specifies the name of the MPLS L3VPN, a case-sensitive string of 1 to 31 characters. If this parameter is not specified, the remote SNMP entity is in the public network.

Usage guidelines

Every SNMP agent has one SNMP engine to provide services for sending and receiving messages, authenticating and encrypting messages, and controlling access to managed objects.

If no IP address is specified, this command displays all remote SNMP engine IDs you have configured.

Examples

# Display all remote SNMP engine IDs.

<Sysname> display snmp-agent remote

Remote engineID: 800063A28000A0FC00580400000001

IPv4 address: 1.1.1.1

VPN instance: vpn1

Table 38 Command output

Field	Description
Remote engineID	Remote SNMP engine ID you have configured using the snmp-agent remote command.
IPv4 address	IPv4 address of the remote SNMP entity. For remote SNMP entities that are configured with an IPv6 address, the field name is "IPv6 address."
VPN instance	This field is available only if a VPN has been specified for the remote SNMP entity in the snmp-agent remote command.

Related commands

snmp-agent remote

display snmp-agent statistics

Use display snmp-agent statistics to display SNMP message statistics.

Syntax

display snmp-agent statistics

Views

Any view

Predefined user roles

network-admin

network-operator

Examples

# Display SNMP message statistics.

<Sysname> display snmp-agent statistics

1684 messages delivered to the SNMP entity.

5 messages were for an unsupported version.

0 messages used an unknown SNMP community name.

0 messages represented an illegal operation for the community supplied.

0 ASN.1 or BER errors in the process of decoding.

1679 messages passed from the SNMP entity.

0 SNMP PDUs had badValue error-status.

0 SNMP PDUs had genErr error-status.

0 SNMP PDUs had noSuchName error-status.

0 SNMP PDUs had tooBig error-status (Maximum packet size 1500).

16544 MIB objects retrieved successfully.

2 MIB objects altered successfully.

7 GetRequest-PDU accepted and processed.

7 GetNextRequest-PDU accepted and processed.

1653 GetBulkRequest-PDU accepted and processed.

1669 GetResponse-PDU accepted and processed.

2 SetRequest-PDU accepted and processed.

0 Trap PDUs accepted and processed.

0 alternate Response Class PDUs dropped silently.

0 forwarded Confirmed Class PDUs dropped silently.

Table 39 Command output

Field	Description
messages delivered to the SNMP entity	Number of messages that the SNMP agent has received.
messages were for an unsupported version	Number of messages that had an SNMP version not configured on the SNMP agent.
messages used an unknown SNMP community name	Number of messages that used an unknown SNMP community name.
messages represented an illegal operation for the community supplied	Number of messages carrying an operation that the community has no right to perform.
ASN.1 or BER errors in the process of decoding	Number of messages that had ASN.1 or BER errors during decoding.
messages passed from the SNMP entity	Number of messages sent by the SNMP agent.
SNMP PDUs had badValue error-status	Number of PDUs with a BadValue error.
SNMP PDUs had genErr error-status	Number of PDUs with a genErr error.
SNMP PDUs had noSuchName error-status	Number of PDUs with a NoSuchName error.
SNMP PDUs had tooBig error-status	Number of PDUs with a TooBig error (the maximum packet size is 1500 bytes).
MIB objects retrieved successfully	Number of MIB objects that have been successfully retrieved.
MIB objects altered successfully	Number of MIB objects that have been successfully modified.
GetRequest-PDU accepted and processed	Number of GetRequest requests that have been received and processed.
GetNextRequest-PDU accepted and processed	Number of getNext requests that have been received and processed.
GetBulkRequest-PDU accepted and processed	Number of getBulk requests that have been received and processed.
GetResponse-PDU accepted and processed	Number of get responses that have been received and processed.
SetRequest-PDU accepted and processed	Number of set requests that have been received and processed.
Trap PDUs accepted and processed	Number of notifications that have been received and processed.
alternate Response Class PDUs dropped silently	Number of dropped response packets.
forwarded Confirmed Class PDUs dropped silently	Number of forwarded packets that have been dropped.

display snmp-agent sys-info

Use display snmp-agent sys-info to display SNMP agent system information.

Syntax

display snmp-agent sys-info [ contact | location | version ] *

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

contact: Displays the system contact.

location: Displays the physical location of the device.

version: Displays the SNMP agent version.

Usage guidelines

If none of the parameters is specified, this command displays all SNMP agent system information.

Examples

# Display all SNMP agent system information.

<Sysname> display snmp-agent sys-info

The contact information of the agent:

New H3C Technologies Co., Ltd.

The location information of the agent:

Hangzhou, China

The SNMP version of the agent:

SNMPv3

Related commands

snmp-agent sys-info

display snmp-agent trap queue

Use display snmp-agent trap queue to display basic information about the trap queue, including the queue size and number of traps in the queue.

Syntax

display snmp-agent trap queue

Views

Any view

Predefined user roles

network-admin

network-operator

Examples

# Display the trap queue configuration and usage status.

<Sysname> display snmp-agent trap queue

Queue size: 100

Message number: 6

Related commands

snmp-agent trap life

snmp-agent trap queue-size

display snmp-agent trap-list

Use display snmp-agent trap-list to display SNMP notifications enabling status for modules.

Syntax

display snmp-agent trap-list

Views

Any view

Usage guidelines

If a module has multiple sub-modules and SNMP notifications are enabled for one of its sub-modules, the command output shows that the module is SNMP notifications-enabled.

To determine whether a module supports SNMP notifications, execute the snmp-agent trap enable ? command.

The display snmp-agent trap-list command output varies by the snmp-agent trap enable command configuration and the module configuration.

Examples

# Display SNMP notifications enabling status for modules.

arp notification is disabled.

configuration notification is enabled.

l3vpn notification is enabled.

mac-address notification is enabled.

mpls notification is disabled.

ospfv3 notification is enabled.

radius notification is disabled.

standard notification is enabled.

stp notification is disabled.

syslog notification is disabled.

system notification is enabled.

Enabled notifications: 6; Disabled notifications: 5

Related commands

snmp-agent trap enable

display snmp-agent usm-user

Use display snmp-agent usm-user to display SNMPv3 user information.

Syntax

display snmp-agent usm-user [ engineid engineid | group group-name | username user-name ] *

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

engineid engineid: Displays SNMPv3 user information for the SNMP engine ID identified by engineid. When an SNMPv3 user is created, the system records the local SNMP entity engine ID. The user becomes invalid when the engine ID changes, and it becomes valid again when the recorded engine ID is restored.

group group-name: Displays SNMPv3 user information for a specified SNMP group name. The group name is case sensitive.

username user-name: Displays information about the specified SNMPv3 user. The username is case sensitive.

Usage guidelines

This command displays only SNMPv3 users that you have created by using the snmp-agent usm-user v3 command. To display SNMPv1 or SNMPv2c users created by using the snmp-agent usm-user { v1 | v2c } command, use the display snmp-agent community command.

Examples

# Display information about all SNMPv3 users.

<Sysname> display snmp-agent usm-user

Username: userv3

Group name: mygroupv3

Engine ID: 800063A203000FE240A1A6

Storage type: nonVolatile

User status: active

ACL: 2000

Username: userv3

Group name: mygroupv3

Engine ID: 8000259503000BB3100A508

Storage type: nonVolatile

User status: active

ACL name: testacl

Username: userv3code

Role name: groupv3code

network-operator

Engine ID: 800063A203000FE240A1A6

Storage type: nonVolatile

User status: active

Username: userv3code

Role name: snmprole

network-operator

Engine ID: 800063A280000002BB0001

Storage type: nonVolatile

User status: active

Table 40 Command output

Field	Description
Username	SNMP username.
Group name	SNMP group name.
Role name	SNMP user role name.
Engine ID	Engine ID that the SNMP agent used when the SNMP user was created.
Storage type	Storage type: · volatile. · nonvolatile. · permanent. · readOnly. · other. For more information about these storage types, see Table 30.
User status	SNMP user status: · active—The SNMP user is effective. · notInService—The SNMP user is correctly configured but not activated. · notReady—The SNMP user configuration is incomplete. · other—Any other status. SNMP users are active upon their creation at the CLI. To temporarily disable an SNMP user without deleting it, you can perform an SNMP set operation to change its status.
ACL	Number of the ACL that controls the access of the SNMP user (the NMS) to the device. To access the device, the IP address of the NMS must be permitted in the ACL. This field appears only when an SNMPv3 user is associated with an ACL rule. It is exclusive with the ACL name field.
ACL name	Name of the ACL that controls the access of the SNMP user (the NMS) to the device. To access the device, the IP address of the NMS must be permitted in the ACL. This field appears only when an SNMPv3 user is associated with an ACL rule. It is exclusive with the ACL field.

Related commands

snmp-agent usm-user v3

enable snmp trap updown

Use enable snmp trap updown to enable link state notifications on an interface.

Use undo enable snmp trap updown to disable link state notifications on an interface.

Syntax

enable snmp trap updown

undo enable snmp trap updown

Default

Link state notifications are enabled.

Views

Interface view

Predefined user roles

network-admin

Usage guidelines

For an interface to generate linkUp/linkDown notifications when its state changes, you must also enable the linkUp/linkDown notification function globally by using the snmp-agent trap enable standard [ linkdown | linkup ] * command.

Examples

# Enable GigabitEthernet 1/0/1 to send linkUp/linkDown SNMP traps to 10.1.1.1 in the community public.

<Sysname> system-view

[Sysname] snmp-agent trap enable

[Sysname] snmp-agent target-host trap address udp-domain 10.1.1.1 params securityname public

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] enable snmp trap updown

Related commands

snmp-agent target-host

snmp-agent trap enable

snmp-agent

Use snmp-agent to enable the SNMP agent.

Use undo snmp-agent to disable the SNMP agent.

Syntax

snmp-agent

undo snmp-agent

Default

The SNMP agent is disabled.

Views

System view

Predefined user roles

network-admin

Usage guidelines

The SNMP agent is automatically enabled when you execute any command that begins with snmp-agent except for the snmp-agent calculate-password command.

Examples

# Enable the SNMP agent.

<Sysname> system-view

[Sysname] snmp-agent

snmp-agent calculate-password

Use snmp-agent calculate-password to calculate the encrypted form for a key in plaintext form.

Syntax

In non-FIPS mode:

snmp-agent calculate-password plain-password mode { 3desmd5 | 3dessha | md5 | sha } { local-engineid | specified-engineid engineid }

In FIPS mode:

snmp-agent calculate-password plain-password mode sha { local-engineid | specified-engineid engineid }

Views

System view

Predefined user roles

network-admin

Parameters

plain-password: Specifies a key in plaintext form. The plain-password argument is a case-sensitive string of 1 to 64 characters.

mode: Specifies an authentication algorithm and encryption algorithm. The device supports the HMAC-MD5 and HMAC-SHA1 authentication algorithms. The HMAC-MD5 algorithm is faster than the HMAC-SHA1 algorithm. The HMAC-SHA1 algorithm provides more security than the HMAC-MD5 algorithm. The AES, 3DES, and DES encryption algorithms (in descending order of security strength) are available for the device. A more secure algorithm calculates slower. DES is enough to meet general security requirements.

· 3desmd5: Calculates the encrypted form for the encryption key by using the 3DES encryption algorithm and HMAC-MD5 authentication algorithm.

· 3dessha: Calculates the encrypted form for the encryption key by using the 3DES encryption algorithm and HMAC-SHA1 authentication algorithm.

· md5: Calculates the encrypted form for the authentication key or encryption key by using the HMAC-MD5 authentication algorithm and AES or DES encryption algorithm. When the HMAC-MD5 authentication algorithm is used, you can get the same authentication key or encryption key in encrypted form regardless of whether the AES or DES encryption algorithm is used.

· sha: Calculates the encrypted form for the authentication key or encryption key by using HMAC-SHA1 authentication algorithm and AES or DES encryption algorithm. When the HMAC-SHA1 authentication algorithm is used, you can get the same authentication key or encryption key in encrypted form regardless of whether the AES or DES encryption algorithm is used.

local-engineid: Uses the local engine ID to calculate the encrypted form for the key.. You can configure the local engine ID by using the snmp-agent local-engineid command.

specified-engineid engineid: Uses a user-defined engine ID to calculate the encrypted form for the key. The engineid argument is an even number of case-insensitive hexadecimal characters. All-zero and all-F strings are invalid. The even number is in the range of 10 to 64.

Usage guidelines

Make sure the SNMP agent is enabled before you execute the snmp-agent calculate-password command.

For security purposes, use the encrypted-form key generated using this command when you create an SNMPv3 users by specifying the cipher keyword in the snmp-agent usm-user v3 command.

The encrypted form of the key is valid only when the engine ID specified for key conversion exists.

Examples

# Use the local engine ID and the SHA-1 algorithm to calculate the encrypted form for key authkey.

<Sysname> system-view

[Sysname] snmp-agent calculate-password authkey mode sha local-engineid

The encrypted key is: 09659EC5A9AE91BA189E5845E1DDE0CC

Related commands

snmp-agent local-engineid

snmp-agent usm-user v3

snmp-agent community

Use snmp-agent community to configure an SNMPv1 or SNMPv2c community.

Use undo snmp-agent community to delete an SNMPv1 or SNMPv2c community.

Syntax

In VACM mode:

snmp-agent community { read | write } [ simple | cipher ] community-name [ mib-view view-name ] [ acl { ipv4-acl-number | name ipv4-acl-name } | acl ipv6 { ipv6-acl-number | name ipv6-acl-name } ] *

undo snmp-agent community [ cipher ] community-name

In RBAC mode:

snmp-agent community [ simple | cipher ] community-name user-role role-name [ acl { ipv4-acl-number | name ipv4-acl-name } | acl ipv6 { ipv6-acl-number | name ipv6-acl-name } ] *

undo snmp-agent community [ cipher ] community-name

Default

No SNMPv1 or SNMPv2c communities exist.

Views

System view

Predefined user roles

network-admin

Parameters

read: Assigns the specified community read-only access to MIB objects. A read-only community can only inquire MIB information.

write: Assigns the specified community read and write access to MIB objects. A read and write community can configure MIB information.

simple: Specifies a community name in plaintext form. For security purposes, the community name specified in plaintext form will be stored in encrypted form.

cipher: Specifies a community name in encrypted form.

community-name: Specifies the community name. The plaintext form is a case-sensitive string of 1 to 32 characters. The encrypted form is a case-sensitive string of 33 to 73 characters. Input a string as escape characters after a backslash (\).

mib-view view-name: Specifies the MIB view available for the community. The view-name argument represents a MIB view name, a string of 1 to 32 characters. A MIB view represents a set of accessible MIB objects. If you do not specify a view, the specified community can access the MIB objects in the default MIB view ViewDefault.

user-role role-name: Specifies a user role name for the community, a case-sensitive string of 1 to 63 characters.

acl: Specifies a basic or advanced IPv4 ACL for the community.

ipv4-acl-number: Specifies a basic or advanced IPv4 ACL by its number. The basic IPv4 ACL number is in the range of 2000 to 2999. The advanced IPv4 ACL number is in the range of 3000 to 3999..

name ipv4-acl-name: Specifies a basic or advanced IPv4 ACL by its name, a case-insensitive string of 1 to 63 characters.

acl ipv6: Specifies a basic or advanced IPv6 ACL for the community.

ipv6-acl-number: Specifies a basic or advanced IPv6 ACL by its number. The basic IPv6 ACL number is in the range of 2000 to 2999. The advanced IPv6 ACL number is in the range of 3000 to 3999.

name ipv6-acl-name: Specifies a basic or advanced IPv6 ACL by its name, a case-insensitive string of 1 to 63 characters.

Usage guidelines

This command is not available in FIPS mode.

Only users with the network-admin or level-15 user role can execute this command. Users with other user roles cannot execute this command even if these roles are granted access to this command or commands of the SNMP feature.

An SNMP community is identified by a community name. It contains a set of NMSs and SNMP agents. Devices in an SNMP community authenticate each other by using the community name. An NMS and an SNMP agent can communicate only when they use the same community name.

Typically, public is used as the read-only community name and private is used as the read and write community name. To enhance security, you can assign your SNMP communities a name other than public and private.

The snmp-agent community command allows you to use either of the following modes to control SNMP community access to MIB objects:

· View-based access control model—VACM mode controls access to MIB objects by assigning MIB views to SNMP communities.

· Role based access control—RBAC mode controls access to MIB objects by assigning user roles to SNMP communities.

¡ The pre-defined network-admin and level-15 user roles have the read and write access to all MIB objects.

¡ The pre-defined network-operator user role has the read-only access to all MIB objects.

You can also use the role command to configure user roles. For more information about user roles, see Fundamentals Configuration Guide.

RBAC mode controls access on a per MIB object basis, and VACM mode controls access on a MIB view basis. As a best practice to enhance MIB security, use RBAC mode.

You can create a maximum of 10 SNMP communities by using the snmp-agent community command.

If you execute the command multiple times to specify the same community name but different other settings each time, the most recent configuration takes effect.

To set and save a community name in plain text, do not specify the simple or cipher keyword.

The ACL is used to filter illegitimate NMSs.

· If you do not specify an ACL, the specified ACL does not exist, or the specified ACL does not have any rules, all NMSs that use the community name can access the SNMP agent.

· If you specify an ACL and the ACL has rules, only NMSs permitted by the ACL can access the SNMP agent.

For more information about ACL, see ACL and QoS Configuration Guide.

You can also create an SNMP community by using the snmp-agent usm-user { v1 | v2c } and snmp-agent group { v1 | v2c } commands. These two commands create an SNMPv1 or SNMPv2c user and the group to which the user is assigned. The system automatically creates an SNMP community by using the SNMPv1 or SNMPv2c username.

Examples

# Create the read-only community readaccess in plain text so an SNMPv1 or SNMPv2c NMS can use the community name readaccess to read the MIB objects in the default view ViewDefault.

<Sysname> system-view

[Sysname] snmp-agent sys-info version v1 v2c

[Sysname] snmp-agent community read simple readaccess

# Create the read and write community writeaccess in plain text so only the SNMPv2c NMS at 1.1.1.1 can use the community name writeaccess to read or set the MIB objects in the default view ViewDefault.

<Sysname> system-view

[Sysname] acl basic 2001

[Sysname-acl-ipv4-basic-2001] rule permit source 1.1.1.1 0.0.0.0

[Sysname-acl-ipv4-basic-2001] rule deny source any

[Sysname-acl-ipv4-basic-2001] quit

[Sysname] snmp-agent sys-info version v2c

[Sysname] snmp-agent community write simple writeaccess acl 2001

# Create the read and write community writeaccess in plain text so only the SNMPv2c NMS at 1.1.1.2 can use the community name writeaccess to read or set the MIB objects in the default view ViewDefault.

<Sysname> system-view

[Sysname] acl basic name testacl

[Sysname-acl-ipv4-basic-testacl] rule permit source 1.1.1.2 0.0.0.0

[Sysname-acl-ipv4-basic-testacl] rule deny source any

[Sysname-acl-ipv4-basic-testacl] quit

[Sysname] snmp-agent sys-info version v2c

[Sysname] snmp-agent community write simple writeaccess acl name testacl

# Create the read and write community wr-sys-acc in plain text so an SNMPv1 or SNMPv2c NMS can use the community name wr-sys-acc to read or set the MIB objects in the system subtree (OID 1.3.6.1.2.1.1).

<Sysname> system-view

[Sysname] snmp-agent sys-info version v1 v2c

[Sysname] undo snmp-agent mib-view ViewDefault

[Sysname] snmp-agent mib-view included test system

[Sysname] snmp-agent community write simple wr-sys-acc mib-view test

Related commands

display snmp-agent community

snmp-agent mib-view

snmp-agent community-map

Use snmp-agent community-map to map an SNMP community to an SNMP context.

Use undo snmp-agent community-map to delete the mapping between an SNMP community and an SNMP context.

Syntax

snmp-agent community-map community-name context context-name

undo snmp-agent community-map community-name context context-name

Default

No mapping exists between an SNMP community and an SNMP context.

Views

System view

Predefined user roles

network-admin

Parameters

community-name: Specifies an SNMP community, a case-sensitive string of 1 to 32 characters.

context-name: Specifies an SNMP context, a case-sensitive string of 1 to 32 characters.

Usage guidelines

This command enables a module on an agent to obtain the context mapped to a community name when an NMS accesses the agent by using SNMPv1 or SNMPv2c.

You can configure a maximum of 10 community-context mappings on the device.

Examples

# Map SNMP community private to SNMP context testcontext.

<Sysname> system-view

[Sysname] snmp-agent community-map private context testcontext

Related commands

display snmp-agent community

snmp-agent context

Use snmp-agent context to create an SNMP context.

Use undo snmp-agent context to delete an SNMP context.

Syntax

snmp-agent context context-name

undo snmp-agent context context-name

Default

No SNMP contexts exist.

Views

System view

Predefined use roles

network-admin

Parameters

context-name: Specifies an SNMP context, a case-sensitive string of 1 to 32 characters.

Usage guidelines

For an NMS and an SNMP agent to communicate, configure the same SNMP context for them or do not configure a context for the NMS.

You can create a maximum of 20 SNMP contexts.

Examples

# Create SNMP context testcontext.

<Sysname> system-view

[Sysname] snmp-agent context testcontext

Related commands

display snmp-agent context

snmp-agent group

Use snmp-agent group to create an SNMP group.

Use undo snmp-agent group to delete an SNMP group.

Syntax

SNMPv1 and SNMP v2c:

snmp-agent group { v1 | v2c } group-name [ read-view view-name ] [ write-view view-name ] [ notify-view view-name ] [ acl { ipv4-acl-number | name ipv4-acl-name } | acl ipv6 { ipv6-acl-number | name ipv6-acl-name } ] *

undo snmp-agent group { v1 | v2c } group-name

SNMPv3 (in non-FIPS mode):

snmp-agent group v3 group-name [ authentication | privacy ] [ read-view read-view ] [ write-view write-view ] [ notify-view notify-view ] [ acl { ipv4-acl-number | name ipv4-acl-name } | acl ipv6 { ipv6-acl-number | name ipv6-acl-name } ] *

SNMPv3 (in FIPS mode):

snmp-agent group v3 group-name { authentication | privacy } [ read-view read-view ] [ write-view write-view ] [ notify-view notify-view ] [ acl { ipv4-acl-number | name ipv4-acl-name } | acl ipv6 { ipv6-acl-number | name ipv6-acl-name } ] *

undo snmp-agent group v3 group-name [ authentication | privacy ]

Default

No SNMP groups exist.

Views

System view

Predefined use roles

network-admin

Parameters

v1: Specifies SNMPv1.

v2c: Specifies SNMPv2c.

v3: Specifies SNMPv3.

group-name: Specifies an SNMP group name, a string of 1 to 32 case-sensitive characters.

authentication: Specifies the authentication without privacy security model for the SNMPv3 group.

privacy: Specifies the authentication with privacy security model for the SNMPv3 group.

read-view view-name: Specifies a read-only MIB view. The view-name represents a MIB view name, a string of 1 to 32 characters. If no read-only MIB view is specified, the SNMP group has read access to the default view ViewDefault.

write-view view-name: Specifies a read and write MIB view. The view-name represents a MIB view name, a string of 1 to 32 characters. If no read and write view is specified, the SNMP group cannot set any MIB object on the SNMP agent.

notify-view view-name: Specifies a notify MIB view. The view-name represents a MIB view name, a string of 1 to 32 characters. The SNMP agent sends notifications to the users in the specified group only for the MIB objects included in the notify view. If no notify view is specified, the SNMP agent does not send any notification to the users in the specified group.

acl: Specifies a basic or advanced IPv4 ACL for the group.

ipv4-acl-number: Specifies a basic or advanced IPv4 ACL by its number. The basic IPv4 ACL number is in the range of 2000 to 2999. The advanced IPv4 ACL number is in the range of 3000 to 3999.

name ipv4-acl-name: Specifies a basic or advanced IPv4 ACL by its name, a case-insensitive string of 1 to 63 characters.

acl ipv6: Specifies a basic or advanced IPv6 ACL for the group.

ipv6-acl-number: Specifies a basic or advanced IPv6 ACL by its number. The basic IPv6 ACL number is in the range of 2000 to 2999. The advanced IPv6 ACL number is in the range of 3000 to 3999.

name ipv6-acl-name: Specifies a basic or advanced IPv6 ACL by its name, a case-insensitive string of 1 to 63 characters.

Usage guidelines

SNMPv1 and SNMPv2c settings in this command are not supported in FIPS mode.

All users in an SNMP group share the security model and access rights of the group.

You can create a maximum of 20 SNMP groups, including SNMPv1, SNMPv2c, and SNMPv3 groups.

All SNMPv3 users in a group share the same security model, but can use different authentication and privacy key settings. To implement a security model for a user and avoid SNMP communication failures, make sure the security model configuration for the group and the security key settings for the user are compliant with Table 41 and match the settings on the NMS.

Table 41 Basic security setting requirements for different security models

Security model	Security model keyword for the group	Security key settings for the user	Remarks
Authentication with privacy	privacy	Authentication key, privacy key	If the authentication key or the privacy key is not configured, SNMP communication will fail.
Authentication without privacy	authentication	Authentication key	If no authentication key is configured, SNMP communication will fail. The privacy key (if any) for the user does not take effect.
No authentication, no privacy	Neither authentication nor privacy	None	The authentication and privacy keys, if configured, do not take effect.

You can specify an ACL for the user and group, respectively, to filter illegitimate NMSs. Only the NMSs permitted by the ACLs for both the user and group can access the SNMP agent. The following rules apply to the ACLs for the user and group:

· If you do not specify an ACL, the specified ACL does not exist, or the specified ACL does not have any rules, all NMSs that use the username can access the SNMP agent.

· If you have specified an ACL and the ACL has rules, only the NMSs permitted by the ACL can access the agent.

For more information about ACL, see ACL and QoS Configuration Guide.

Examples

# Create the SNMPv3 group group1, and assign the no authentication, no privacy security model to the group.

<Sysname> system-view

[Sysname] snmp-agent group v3 group1

Related commands

display snmp-agent group

snmp-agent mib-view

snmp-agent usm-user

snmp-agent local-engineid

Use snmp-agent local-engineid to set the SNMP engine ID for the local device.

Use undo snmp-agent local-engineid to restore the default.

Syntax

snmp-agent local-engineid engineid

undo snmp-agent local-engineid

Default

The engine ID of a device is the combination of the company ID and the device ID. The device ID varies by device model.

Views

System view

Predefined user roles

network-admin

Parameters

engineid: Specifies an SNMP engine ID, a hexadecimal string. Its length is an even number in the range of 10 to 64. All-zero and all-F strings are invalid.

Usage guidelines

An SNMP engine ID uniquely identifies a device in an SNMP managed network. Make sure the local SNMP engine ID is unique within your SNMP managed network to avoid communication problems.

If you have configured SNMPv3 users, change the local SNMP engine ID only when necessary. The change can void the SNMPv3 usernames and encrypted keys you have configured.

Examples

# Set the local SNMP engine ID to 123456789A.

<Sysname> system-view

[Sysname] snmp-agent local-engineid 123456789A

Related commands

display snmp-agent local-engineid

snmp-agent usm-user

snmp-agent log

Use snmp-agent log to enable SNMP logging.

Use undo snmp-agent log to disable SNMP logging.

Syntax

snmp-agent log { all | authfail | get-operation | set-operation }

undo snmp-agent log { all | authfail | get-operation | set-operation }

Default

SNMP logging operations are disabled.

Views

System view

Predefined user roles

network-admin

Parameters

all: Enables logging SNMP authentication failures, Get operations, and Set operations.

authfail: Enables logging SNMP authentication failures.

get-operation: Enables logging SNMP Get operations.

set-operation: Enables logging SNMP Set operations.

Usage guidelines

Use SNMP logging to record the SNMP operations performed on the SNMP agent or authentication failures from the NMS to the agent for auditing NMS behaviors. The SNMP agent sends log data to the information center. You can configure the information center to output the data to a destination as needed.

Examples

# Enable logging SNMP Get operations.

<Sysname> system-view

[Sysname] snmp-agent log get-operation

# Enable logging SNMP Set operations.

<Sysname> system-view

[Sysname] snmp-agent log set-operation

# Enable logging SNMP authentication failures.

<Sysname> system-view

[Sysname] snmp-agent log authfail

snmp-agent mib-view

Use snmp-agent mib-view to create or update a MIB view.

Use undo snmp-agent mib-view to delete a MIB view.

Syntax

snmp-agent mib-view { excluded | included } view-name oid-tree [ mask mask-value ]

undo snmp-agent mib-view view-name

Default

The system creates the ViewDefault view when the SNMP agent is enabled. In this default MIB view, all MIB objects in the iso subtree but the snmpUsmMIB, snmpVacmMIB, and snmpModules.18 subtrees are accessible.

Views

System view

Predefined user roles

network-admin

Parameters

excluded: Denies access to any node in the specified MIB subtree.

included: Permits access to all the nodes in the specified MIB subtree.

view-name: Specifies a view name, a string of 1 to 32 characters.

oid-tree: Specifies a MIB subtree by its root node's OID (for example, 1.3.6.1.2.1.1) or object name (for example, system), a case-sensitive string of 1 to 255 characters. An OID is a dotted numeric string that uniquely identifies an object in the MIB tree.

mask mask-value: Sets a MIB subtree mask, a hexadecimal string. Its length is an even number in the range of 2 to 32.

Usage guidelines

A MIB view represents a set of MIB objects (or MIB object hierarchies) with certain access privilege. The MIB objects included in the MIB view are accessible while those excluded from the MIB view are inaccessible.

Each view-name oid-tree pair represents a view record. If you specify the same record with different MIB subtree masks multiple times, the most recent configuration takes effect.

Be cautious with deleting the default MIB view. The operation blocks the access to any MIB object on the device from NMSs that use the default view.

Examples

# Include the mib-2 (OID 1.3.6.1.2.1) subtree in the mibtest view and exclude the system subtree from this view.

<Sysname> system-view

[Sysname] snmp-agent sys-info version v1

[Sysname] snmp-agent mib-view included mibtest 1.3.6.1.2.1

[Sysname] snmp-agent mib-view excluded mibtest system

[Sysname] snmp-agent community read public mib-view mibtest

An SNMPv1 NMS in the public community can query the objects in the mib-2 subtree but not any object (for example, the sysDescr or sysObjectID node) in the system subtree.

Related commands

display snmp-agent mib-view

snmp-agent group

snmp-agent packet max-size

Use snmp-agent packet max-size to set the maximum size (in bytes) of SNMP packets that the SNMP agent can receive or send.

Use undo snmp-agent packet max-size to restore the default.

Syntax

snmp-agent packet max-size byte-count

undo snmp-agent packet max-size

Default

An SNMP agent can process SNMP packets with a maximum size of 1500 bytes.

Views

System view

Predefined user roles

network-admin

Parameters

byte-count: Sets the maximum size (in bytes) of SNMP packets that the SNMP agent can receive or send. The value range is 484 to 17940.

Usage guidelines

If any device on the path to the NMS does not support packet fragmentation, limit the SNMP packet size to prevent large-sized packets from being discarded. For most networks, the default value is sufficient.

Examples

# Set the maximum SNMP packet size to 1024 bytes.

<Sysname> system-view

[Sysname] snmp-agent packet max-size 1024

snmp-agent port

Use snmp-agent port to specify the UDP port for receiving SNMP packets.

Use undo snmp-agent port to restore the default.

Syntax

snmp-agent port port-num

undo snmp-agent port

Default

The device uses UDP port 161 for receiving SNMP packets.

Views

System view

Predefined user roles

network-admin

Parameters

port-num: Specifies the UDP port for receiving SNMP packets, in the range of 1 to 65535. The default is 161.

Usage guidelines

After changing the port number for receiving SNMP packets, reconnect the device by using the port number for SNMP get and set operations.

To display UDP port information, use the display current-configuration command.

Examples

# Specify the UDP port for receiving SNMP packets as 5555.

<Sysname> system-view

[Sysname] snmp-agent port 5555

# Restore the default UDP port.

<Sysname> system-view

[Sysname] undo snmp-agent port

snmp-agent remote

Use snmp-agent remote to set the SNMP engine ID for a remote SNMP entity.

Use undo snmp-agent remote to delete a remote SNMP engine ID.

Syntax

snmp-agent remote { ipv4-address | ipv6 ipv6-address } [ vpn-instance vpn-instance-name ] engineid engineid

undo snmp-agent remote ip-address

Default

No remote SNMP engine IDs exist.

Views

System view

Predefined user roles

network-admin

Parameters

ipv4-address: Specifies the IP address of a remote SNMP entity.

ipv6 ipv6-address: Specifies the IPv6 address of a remote SNMP entity.

vpn-instance vpn-instance-name: Specifies the VPN for a remote SNMP entity. The vpn-instance-name argument specifies the name of the MPLS L3VPN, a case-sensitive string of 1 to 31 characters. If this option is not specified, the remote SNMP entity is in the public network.

engineid: Specifies the SNMP engine ID of the remote SNMP entity. This argument is a hexadecimal string. Its length is an even number in the range of 10 to 64. All-zero and all-F strings are invalid.

Usage guidelines

To send informs to an NMS, you must configure the SNMP engine ID of the NMS on the SNMP agent.

The NMS accepts the SNMPv3 informs from the SNMP agent only if the engine ID in the informs is the same as its local engine ID.

You can configure a maximum of 20 remote SNMP engine IDs.

Examples

# Set the SNMP engine ID to 123456789A for the remote entity 10.1.1.1.

<Sysname> system-view

[Sysname] snmp-agent remote 10.1.1.1 engineid 123456789A

Related commands

display snmp-agent remote

snmp-agent { inform | trap } source

Use snmp-agent { inform | trap } source to specify a source IP address for the informs or traps sent by the SNMP agent.

Use undo snmp-agent { inform | trap } source to restore the default.

Syntax

snmp-agent { inform | trap } source interface-type { interface-number | interface-number.subnumber }

undo snmp-agent { inform | trap } source

Default

The SNMP agent uses the IP address of the outgoing interface as the source IP address of notifications.

Views

System view

Predefined user roles

network-admin

Parameters

inform: Specifies informs.

trap: Specifies traps.

interface-type { interface-number | interface-number.subnumber }: Specifies an interface by its type and number. The interface-number argument specifies a main interface number. The subnumber argument specifies a subinterface number in the range of 1 to 4094.

Usage guidelines

The snmp-agent source command enables the SNMP agent to use the primary IP address of an interface or subinterface as the source IP address in all its SNMP informs or traps, regardless of their outgoing interfaces. An NMS can use this IP address to filter all the informs or traps sent by the SNMP agent.

Make sure the specified interface has been created and assigned a valid IP address. The configuration will fail if the interface has not been created and will take effect only after a valid IP address is assigned to the specified interface.

Examples

# Configure the primary IP address of GigabitEthernet 1/0/1 as the source address of SNMP traps.

<Sysname> system-view

[Sysname] snmp-agent trap source gigabitethernet 1/0/1

# Configure the primary IP address of GigabitEthernet 1/0/2 as the source address of SNMP informs.

<Sysname> system-view

[Sysname] snmp-agent inform source gigabitethernet 1/0/2

Related commands

snmp-agent target-host

snmp-agent trap enable

snmp-agent sys-info contact

Use snmp-agent sys-info contact to configure the system contact.

Use undo snmp-agent sys-info contact to restore the default contact.

Syntax

snmp-agent sys-info contact sys-contact

undo snmp-agent sys-info contact

Default

The system contact is Hangzhou H3C Tech. Co., Ltd..

Views

System view

Predefined user roles

network-admin

Parameters

sys-contact: Specifies the system contact, a case-sensitive string of 1 to 255 characters.

Usage guidelines

Configure the system contact for system maintenance and management.

Examples

# Configure the system contact as Dial System Operator # 27345.

<Sysname> system-view

[Sysname] snmp-agent sys-info contact Dial System Operator # 27345

Related commands

display snmp-agent sys-info

snmp-agent sys-info location

Use snmp-agent sys-info location to configure the system location.

Use undo snmp-agent sys-info location to restore the default location.

Syntax

snmp-agent sys-info location sys-location

undo snmp-agent sys-info location

Default

The system location is Hangzhou, China.

Views

System view

Predefined user roles

network-admin

Parameters

sys-location: Specifies the system location, a case-sensitive string of 1 to 255 characters.

Usage guidelines

Configure the location of the device for system maintenance and management.

Examples

# Configure the system location as Room524-row1-3.

<Sysname> system-view

[Sysname] snmp-agent sys-info location Room524-row1-3

Related commands

display snmp-agent sys-info

snmp-agent sys-info version

Use snmp-agent sys-info version to enable SNMP versions.

Use undo snmp-agent sys-info version to disable SNMP versions.

Syntax

In non-FIPS mode:

snmp-agent sys-info contact version { all | { v1 | v2c | v3 } * }

undo snmp-agent sys-info version { all | { v1 | v2c | v3 } * }

In FIPS mode:

snmp-agent sys-info version v3

undo snmp-agent sys-info version v3

Default

SNMPv3 is enabled.

Views

System view

Predefined user roles

network-admin

Parameters

all: Specifies SNMPv1, SNMPv2c, and SNMPv3.

v1: Specifies SNMPv1.

v2c: Specifies SNMPv2c.

v3: Specifies SNMPv3.

Usage guidelines

SNMPv1 and SNMPv2c settings in this command are not supported in FIPS mode.

Configure the SNMP agent with the same SNMP version as the NMS for successful communications between them.

Examples

# Enable SNMPv3.

<Sysname> system-view

[Sysname] snmp-agent sys-info version v3

Related commands

display snmp-agent sys-info

snmp-agent target-host

Use snmp-agent target-host to configure an SNMP notification target host.

Use undo snmp-agent target-host to remove an SNMP notification target host.

Syntax

In non-FIPS mode:

snmp-agent target-host inform address udp-domain { ipv4-address | ipv6 ipv6-address } [ udp-port port-number ] [ vpn-instance vpn-instance-name ] params securityname security-string { v2c | v3 [ authentication | privacy ] }

snmp-agent target-host trap address udp-domain { ipv4-address | ipv6 ipv6-address } [ udp-port port-number ] [ vpn-instance vpn-instance-name ] params securityname security-string [ v1 | v2c | v3 [ authentication | privacy ] ]

undo snmp-agent target-host { trap | inform } address udp-domain { ipv4-address | ipv6 ipv6-address } params securityname security-string [ vpn-instance vpn-instance-name ]

In FIPS mode:

undo snmp-agent target-host { trap | inform } address udp-domain { ipv4-address | ipv6 ipv6-address } params securityname security-string [ vpn-instance vpn-instance-name ]

Default

No SNMP notification target hosts exist.

Views

System view

Predefined user roles

network-admin

Parameters

inform: Sends notifications as informs.

trap: Sends notifications as traps.

address: Specifies the destination address of SNMP notifications.

udp-domain: Specifies UDP as the transport protocol.

ipv4-address: Specifies a target host by its IPv4 address or host name. The host name is a case-insensitive string of 1 to 253 characters. The string can only contain letters, numbers, hyphens (-), underscores (_), and dots (.). If you specify a host name, the IPv4 address of the target host can be obtained.

ipv6 ipv6-address: Specifies a target host by its IPv6 address or host name. The host name is a case-insensitive string of 1 to 253 characters, which only contains letters, numbers, hyphens (-), underscores (_), and dots (.). If you specify a host name, the IPv6 address of the target host can be obtained. If you specify an IPv6 address, the address cannot be a link local address.

udp-port port-number: Specifies the UDP port for SNMP notifications. If no UDP port is specified, UDP port 162 is used.

vpn-instance vpn-instance-name: Specifies the VPN for the target host. The vpn-instance-name argument specifies the name of the MPLS L3VPN, a case-sensitive string of 1 to 31 characters. If this parameter is not specified, the target host is in the public network.

params securityname security-string: Specifies the authentication parameter. The security-string argument specifies an SNMPv1 or SNMPv2c community name or an SNMPv3 username, a string of 1 to 32 characters.

v1: Specifies SNMPv1.

v2c: Specifies SNMPv2c.

v3: Specifies SNMPv3.

· authentication: Specifies the security model to be authentication without privacy. You must specify the authentication key when you create the SNMPv3 user.

· privacy: Specifies the security model to be authentication with privacy. You must specify the authentication key and privacy key when you create the SNMPv3 user.

Usage guidelines

You can specify a maximum of 20 SNMP notification target hosts.

Make sure the SNMP agent uses the same UDP port for SNMP notifications as the target host. Typically, NMSs, for example, IMC and MIB Browser, use port 162 for SNMP notifications as defined in the SNMP protocols.

If none of the keywords v1, v2c, or v3 is specified, SNMPv1 is used. Make sure the SNMP agent uses the same SNMP version as the target host so the host can receive the notification.

If neither authentication nor privacy is specified, the security model is no authentication, no privacy.

Examples

# Configure the SNMP agent to send SNMPv3 traps to 10.1.1.1 in the user public.

<Sysname> system-view

[Sysname] snmp-agent trap enable standard

[Sysname] snmp-agent target-host trap address udp-domain 10.1.1.1 params securityname public v3

Related commands

snmp-agent { inform | trap } source

snmp-agent trap enable

snmp-agent trap life

snmp-agent trap enable

Use snmp-agent trap enable to enable SNMP notifications.

Use undo snmp-agent trap enable to disable SNMP notifications.

Syntax

Default

SNMP configuration notifications, standard notifications, and system notifications are enabled. Whether other SNMP notifications are enabled varies by modules.

Views

System view

Predefined user roles

network-admin

Parameters

configuration: Specifies configuration notifications. If configuration notifications are enabled, the system checks the running configuration and the startup configuration every 10 minutes for any change and generates a notification for the most recent change.

protocol: Specifies a module for enabling SNMP notifications. For more information about this argument, see the command reference for each module.

standard: Specifies SNMP standard notifications.

Table 42 Standard SNMP notifications

Keyword	Definition
authentication	Authentication failure notification sent when an NMS fails to authenticate to the SNMP agent.
coldstart	Notification sent when the device restarts.
linkdown	Notification sent when the link of a port goes down.
linkup	Notification sent when the link of a port comes up.
warmstart	Notification sent when the SNMP agent restarts.

system: Specifies system notifications sent when the system time is modified, the system reboots, or the main system software image is not available.

Usage guidelines

To enable SNMP notifications for a protocol, first enable the procotol.

The snmp-agent trap enable command enables the device to generate notifications, including both informs and traps, even though the keyword trap is used in this command.

You can use the snmp-agent target-host command to enable the device to send the notifications as informs or traps to a host.

If no optional parameters are specified, this command or its undo form enables or disables all SNMP notifications supported by the device.

Examples

# Enable the SNMP agent to send SNMP authentication failure traps to 10.1.1.1 in the community public.

<Sysname> system-view

[Sysname] snmp-agent target-host trap address udp-domain 10.1.1.1 params securityname public

[Sysname] snmp-agent trap enable standard authentication

Related commands

snmp-agent target-host

snmp-agent trap if-mib link extended

Use snmp-agent trap if-mib link extended to configure the SNMP agent to send extended linkUp/linkDown notifications.

Use undo snmp-agent trap if-mib link extended to restore the default.

Syntax

snmp-agent trap if-mib link extended

undo snmp-agent trap if-mib link extended

Default

The SNMP agent sends standard linkUp/linkDown notifications.

Views

System view

Predefined user roles

network-admin

Usage guidelines

Extended linkUp and linkDown notifications add interface description and interface type to the standard linkUp/linkDown notifications for fast failure point identification.

When you use this command, make sure the NMS supports the extended linkup and linkDown notifications.

Examples

# Enable extended linkUp/linkDown notifications.

<Sysname> system-view

[Sysname] snmp-agent trap if-mib link extended

snmp-agent trap life

Use snmp-agent trap life to set the lifetime of notifications in the SNMP notification queue.

Use undo snmp-agent trap life to restore the default notification lifetime.

Syntax

snmp-agent trap life seconds

undo snmp-agent trap life

Default

The SNMP notification lifetime is 120 seconds.

Views

System view

Predefined user roles

network-admin

Parameters

seconds: Sets a lifetime in seconds, in the range of 1 to 2592000.

Usage guidelines

When congestion occurs, the SNMP agent buffers notifications in a queue. The notification lifetime sets how long a notification can stay in the queue. A notification is deleted when its lifetime expires.

Examples

# Set the SNMP notification lifetime to 60 seconds.

<Sysname> system-view

[Sysname] snmp-agent trap life 60

Related commands

snmp-agent target-host

snmp-agent trap enable

snmp-agent trap queue-size

snmp-agent trap log

Use snmp-agent trap log to enable SNMP notification logging.

Use undo snmp-agent trap log to disable SNMP notification logging.

Syntax

snmp-agent trap log

undo snmp-agent trap log

Default

SNMP notification logging is disabled.

Views

System view

Predefined user roles

network-admin

Usage guidelines

Use SNMP notification logging to record SNMP notifications sent by the SNMP agent for notification tracking. The SNMP agent sends the logs to the information center. You can configure the information center to output the logs to a destination as needed.

Examples

# Enable SNMP notification logging.

<Sysname> system-view

[Sysname] snmp-agent trap log

snmp-agent trap queue-size

Use snmp-agent trap queue-size to set the SNMP notification queue size.

Use undo snmp-agent trap queue-size to restore the default queue size.

Syntax

snmp-agent trap queue-size size

undo snmp-agent trap queue-size

Default

The SNMP notification queue can store up to 100 notifications.

Views

System view

Predefined user roles

network-admin

Parameters

size: Specifies the maximum number of notifications that the SNMP notification queue can hold. The value range is 1 to 1000.

Usage guidelines

When congestion occurs, the SNMP agent buffers notifications in a queue. SNMP notification queue size sets the maximum number of notifications that this queue can hold. When the queue size is reached, the oldest notifications are dropped for new notifications.

Examples

# Set the SNMP notification queue size to 200.

<Sysname> system-view

[Sysname] snmp-agent trap queue-size 200

Related commands

snmp-agent target-host

snmp-agent trap enable

snmp-agent trap life

snmp-agent usm-user { v1 | v2c }

Use snmp-agent usm-user { v1 | v2c } to create an SNMPv1 or SNMPv2c user.

Use undo snmp-agent usm-user { v1 | v2c } to delete an SNMPv1 or SNMPv2c user.

Syntax

snmp-agent usm-user { v1 | v2c } user-name group-name [ acl { ipv4-acl-number | name ipv4-acl-name } | acl ipv6 { ipv6-acl-number | name ipv6-acl-name } ] *

undo snmp-agent usm-user { v1 | v2c } user-name

Default

No SNMPv1 or SNMPv2c users exist.

Views

System view

Predefined user roles

network-admin

Parameters

v1: Specifies SNMPv1.

v2c: Specifies SNMPv2c.

user-name: Specifies an SNMP username, a case-sensitive string of 1 to 32 characters.

group-name: Specifies an SNMPv1 or SNMPv2c group name, a case-sensitive string of 1 to 32 characters. The group can be one that has been created or not. If the group has not been created, the user takes effect after you create the group.

acl: Specifies a basic or advanced IPv4 ACL for the user.

ipv4-acl-number: Specifies a basic or advanced IPv4 ACL by its number. The basic IPv4 ACL number is in the range of 2000 to 2999. The advanced IPv4 ACL number is in the range of 3000 to 3999.

name ipv4-acl-name: Specifies a basic or advanced IPv4 ACL by its name, a case-insensitive string of 1 to 63 characters.

acl ipv6: Specifies a basic or advanced IPv6 ACL for the user.

ipv6-acl-number: Specifies a basic or advanced IPv6 ACL by its number. The basic IPv6 ACL number is in the range of 2000 to 2999. The advanced IPv6 ACL number is in the range of 3000 to 3999..

name ipv6-acl-name: Specifies a basic or advanced IPv6 ACL by its name, a case-insensitive string of 1 to 63 characters.

Usage guidelines

This command is not available in FIPS mode.

On an SNMPv1 or SNMPv2c network, NMSs and agents authenticate each other by using the community name. On an SNMPv3 network, NMSs and agents authenticate each other by using the username.

You can create an SNMPv1 or SNMPv2c community by using either of the following ways:

· Execute the snmp-agent community command.

· Execute the snmp-agent usm-user { v1 | v2c } and snmp-agent group { v1 | v2c } commands to create an SNMPv1 or SNMPv2c user and the group that the user is assigned to. The system automatically creates an SNMP community by using the SNMPv1 or SNMPv2c username.

You can specify an ACL for the user and group, respectively, to filter illegitimate NMSs from accessing the agent. Only the NMSs permitted by the ACLs for both the user and group can access the SNMP agent. The following rules apply to the ACLs for the user and group:

· If you do not specify an ACL, the specified ACL does not exist, or the specified ACL does not have any rules, all NMSs that use the username can access the SNMP agent.

· If you have specified an ACL and the ACL has rules, only the NMSs permitted by the ACL can access the agent.

For more information about ACL, see ACL and QoS Configuration Guide.

Examples

# Add the user userv2c to the SNMPv2c group readCom so an NMS can use the protocol SNMPv2c and the read-only community name userv2c to access the device.

<Sysname> system-view

[Sysname] snmp-agent sys-info version v2c

[Sysname] snmp-agent group v2c readCom

[Sysname] snmp-agent usm-user v2c userv2c readCom

# Add the user userv2c in the SNMPv2c group readCom so only the NMS at 1.1.1.1 can use the protocol SNMPv2c and read-only community name userv2c to access the device.

<Sysname> system-view

[Sysname] acl basic 2001

[Sysname-acl-ipv4-basic-2001] rule permit source 1.1.1.1 0.0.0.0

[Sysname-acl-ipv4-basic-2001] rule deny source any

[Sysname-acl-ipv4-basic-2001] quit

[Sysname] snmp-agent sys-info version v2c

[Sysname] snmp-agent group v2c readCom

[Sysname] snmp-agent usm-user v2c userv2c readCom acl 2001

# Add the user userv2c in the SNMPv2c group readCom so only the NMS at 1.1.1.2 can use the protocol SNMPv2c and read-only community name userv2c to access the device.

[Sysname] acl basic name testacl

[Sysname-acl-ipv4-basic-testacl] rule permit source 1.1.1.2 0.0.0.0

[Sysname-acl-ipv4-basic-testacl] rule deny source any

[Sysname-acl-ipv4-basic-testacl] quit

[Sysname] snmp-agent sys-info version v2c

[Sysname] snmp-agent group v2c readCom

[Sysname] snmp-agent usm-user v2c userv2c readCom acl name testacl

Related commands

display snmp-agent community

snmp-agent community

snmp-agent group

snmp-agent usm-user v3

Use snmp-agent usm-user v3 to create an SNMPv3 user.

Use undo snmp-agent usm-user v3 to delete an SNMPv3 user.

Syntax

In non-FIPS mode (in VACM mode):

snmp-agent usm-user v3 user-name group-name [ remote { ipv4-address | ipv6 ipv6-address } [ vpn-instance vpn-instance-name ] ] [ { cipher | simple } authentication-mode { md5 | sha } auth-password [ privacy-mode { aes128 | 3des | des56 } priv-password ] ] [ acl { ipv4-acl-number | name ipv4-acl-name } | acl ipv6 { ipv6-acl-number | name ipv6-acl-name } ] *

undo snmp-agent usm-user v3 user-name { local | engineid engineid-string | remote { ipv4-address | ipv6 ipv6-address } [ vpn-instance vpn-instance-name ] }

In non-FIPS mode (in RBAC mode):

snmp-agent usm-user v3 user-name user-role role-name [ remote { ipv4-address | ipv6 ipv6-address } [ vpn-instance vpn-instance-name ] ] [ { cipher | simple } authentication-mode { md5 | sha } auth-password [ privacy-mode { aes128 | 3des | des56 } priv-password ] ] [ acl { ipv4-acl-number | name ipv4-acl-name } | acl ipv6 { ipv6-acl-number | name ipv6-acl-name } ] *

undo snmp-agent usm-user v3 user-name { local | engineid engineid-string | remote { ipv4-address | ipv6 ipv6-address } [ vpn-instance vpn-instance-name ] }

In FIPS mode (in VACM mode):

snmp-agent usm-user v3 user-name group-name [ remote { ipv4-address | ipv6 ipv6-address } [ vpn-instance vpn-instance-name ] ] { cipher | simple } authentication-mode sha auth-password [ privacy-mode aes128 priv-password ] [ acl { ipv4-acl-number | name ipv4-acl-name } | acl ipv6 { ipv6-acl-number | name ipv6-acl-name } ] *

undo snmp-agent usm-user v3 user-name { local | engineid engineid-string | remote { ipv4-address | ipv6 ipv6-address } [ vpn-instance vpn-instance-name ] }

In FIPS mode (in RBAC mode):

snmp-agent usm-user v3 user-name user-role role-name [ remote { ipv4-address | ipv6 ipv6-address } [ vpn-instance vpn-instance-name ] ] [ { cipher | simple } authentication-mode sha auth-password [ privacy-mode aes128 priv-password ] ] [ acl { ipv4-acl-number | name ipv4-acl-name } | acl ipv6 { ipv6-acl-number | name ipv6-acl-name } ] *

undo snmp-agent usm-user v3 user-name { local | engineid engineid-string | remote { ipv4-address | ipv6 ipv6-address } [ vpn-instance vpn-instance-name ] }

Default

No SNMPv3 users exist.

Views

System view

Predefined user roles

network-admin

Parameters

user-name: Specifies an SNMPv3 username, a case-sensitive string of 1 to 32 characters.

group-name: Specifies an SNMPv3 group name, a case-sensitive string of 1 to 32 characters. The group can be one that has been created or not. The user takes effect only after you create the group.

user-role role-name: Specifies a user role name, a case-sensitive string of 1 to 63 characters.

remote { ipv4-address | ipv6 ipv6-address }: Specifies a target host by its IPv4 or IPv6 address, typically the NMS, to receive the notifications. To send SNMPv3 notifications to a target host, you need to specify this option and use the snmp-agent remote command to bind the IPv4 or IPv6 address to the remote engine ID.

vpn-instance vpn-instance-name: Specifies the VPN for the target host receiving SNMP notifications. The vpn-instance-name argument specifies the name of the MPLS L3VPN, a case-sensitive string of 1 to 31 characters. If this parameter is not specified, the target host is in the public network.

cipher: Specifies an authentication key and an encryption key in encrypted form. The keys will be converted to a digest in encrypted form and stored in the device.

simple: Specifies an authentication key and an encryption key in plaintext from. The keys will be converted to a digest in encrypted form and stored in the device.

authentication-mode: Specifies an authentication algorithm. If you do not specify this keyword, the system does not perform authentication. For more information about authentication algorithms, see IPSec configuration in Security Configuration Guide.

· md5: Specifies the HMAC-MD5 authentication algorithm.

· sha: Specifies the HMAC-SHA-1 authentication algorithm.

auth-password: Specifies the authentication key. This argument is case sensitive.

· The plaintext form of the key in non-FIPS mode is a string of 1 to 64 characters. The plaintext form of the key in FIPS mode is a string of 15 to 64 characters, which must contain numbers, uppercase letters, lowercase letters, and special characters.

· The encrypted form of the key can be calculated by using the snmp-agent calculate-password command.

privacy-mode: Specifies an encryption algorithm. If you do not specify this keyword, the system does not perform encryption.

· aes128: Specifies the AES encryption algorithm that uses a 128-bit key.

· 3des: Specifies the 3DES encryption algorithm that uses a 168-bit key.

· des56: Specifies the DES encryption algorithm that uses a 56-bit key.

priv-password: Specifies an encryption key. This argument is case sensitive.

· The encrypted form of the key can be calculated by using the snmp-agent calculate-password command.

acl: Specifies a basic or advanced IPv4 ACL for the user.

ipv4-acl-number: Specifies a basic or advanced IPv4 ACL by its number. The basic IPv4 ACL number is in the range of 2000 to 2999. The advanced IPv4 ACL number is in the range of 3000 to 3999.

name ipv4-acl-name: Specifies a basic or advanced IPv4 ACL by its name, a case-insensitive string of 1 to 63 characters.

acl ipv6: Specifies a basic or advanced IPv6 ACL for the user.

ipv6-acl-number: Specifies a basic or advanced IPv6 ACL by its number. The basic IPv6 ACL number is in the range of 2000 to 2999. The advanced IPv6 ACL number is in the range of 3000 to 3999.

name ipv6-acl-name: Specifies a basic or advanced IPv6 ACL by its name, a case-insensitive string of 1 to 63 characters.

local: Specifies the local SNMP engine. By default, an SNMPv3 user is associated with the local SNMP engine.

engineid engineid-string: Specifies an SNMP engine ID. The engineid-string argument is an even number of hexadecimal characters. All-zero and all-F strings are invalid. The even number is in the range of 10 to 64. If you change the local engine ID, the existing SNMPv3 users and keys become invalid. To delete an invalid username, specify the engine ID associated with the username in the undo snmp-agent usm-user v3 command.

Usage guidelines

You can use either of the following modes to control SNMPv3 user access to MIB objects.

· VACM—Controls user access to MIB objects by assigning the user to an SNMP group. To make sure the user takes effect, make sure the group has been created. An SNMP group contains one or multiple users and specifies the MIB views and security model for the users. The authentication and encryption algorithms for each user are specified when they are created.

· RBAC—Controls user access to MIB objects by assigning user roles to the user. A user role specifies the MIB objects accessible to the user and the operations that the user can perform on the objects. After you create a user in RBAC mode, you can use the snmp-agent usm-user v3 user-role command to assign more user roles to the user. You can assign a maximum of 64 user roles to a user.

RBAC mode controls access on a per MIB object basis, and VACM mode controls access on a MIB view basis. As a best practice to enhance MIB security, use RBAC mode.

You can execute the snmp-agent usm-user v3 command multiple times to create different SNMPv3 users in VACM mode. If you do not change the username each time, the most recent configuration takes effect.

You can execute the snmp-agent usm-user v3 command in RBAC mode multiple times to assign different user roles to an SNMPv3 user. The following restrictions and guidelines apply:

· If you specify only user roles but do not change any other settings each time, the snmp-agent usm-user v3 command assigns different user roles to the user. Other settings remain unchanged.

· If you specify user roles and also change other settings each time, the snmp-agent usm-user v3 command assigns different user roles to the user. The most recent configuration for other settings takes effect.

· If you do not specify an ACL, the specified ACL does not exist, or the specified ACL does not have any rules, all NMSs that use the username can access the SNMP agent.

· If you have specified an ACL and the ACL has rules, only the NMSs permitted by the ACL can access the agent.

For more information about ACL, see ACL and QoS Configuration Guide.

Examples

In VACM mode:

# Create SNMPv3 group testGroup and specify the authentication without privacy security model for the group. Add user testUser to the group. Specify authentication algorithm HMAC-SHA1 and plaintext-form authentication key 123456TESTplat&! for the user.

<Sysname> system-view

[Sysname] snmp-agent group v3 testGroup authentication

[Sysname] snmp-agent usm-user v3 testUser testGroup simple authentication-mode sha 123456TESTplat&!

For an NMS to access the MIB objects in default view, make sure the following configurations are the same on both the NMS and the SNMP agent:

· SNMP protocol version.

· SNMPv3 username.

· Authentication algorithm and key.

# Create SNMPv3 group testGroup and specify the authentication with privacy security model for the group. Add user testUser to the group. Specify authentication algorithm HMAC-SHA1, encryption algorithm AES, plaintext-form authentication key 123456TESTauth&!, and plaintext-form encryption key 123456TESTencr&! for the user.

<Sysname> system-view

[Sysname] snmp-agent group v3 testGroup privacy

[Sysname] snmp-agent usm-user v3 testUser testGroup simple authentication-mode sha 123456TESTauth&! privacy-mode aes128 123456TESTencr&!

For an NMS to access the MIB objects in default view, make sure the following configurations are the same on both the NMS and the SNMP agent:

· SNMP protocol version.

· SNMPv3 username.

· Authentication algorithm.

· Privacy algorithm.

· Plaintext authentication and privacy keys.

# Specify engine ID 123456789A for the NMS at 10.1.1.1. Create SNMPv3 group testGroup and specify the authentication with privacy security model for the group. Add user testUser to the group. Specify NMS at 10.1.1.1 as the target host. Specify authentication algorithm HMAC-SHA1, encryption algorithm AES, plaintext-form authentication key 123456TESTauth&!, and plaintext-form encryption key 123456TESTencr&! for the user.

<Sysname> system-view

[Sysname] snmp-agent remote 10.1.1.1 engineid 123456789A

[Sysname] snmp-agent group v3 testGroup privacy

[Sysname] snmp-agent usm-user v3 remoteUser testGroup remote 10.1.1.1 simple authentication-mode sha 123456TESTauth&! privacy-mode aes128 123456TESTencr&!

In RBAC mode:

# Create SNMPv3 user testUser with user role network-operator. Specify authentication algorithm HMAC-SHA1 and plaintext-form authentication key 123456TESTplat&! for the user.

<Sysname> system-view

[Sysname] snmp-agent usm-user v3 testUser user-role network-operator simple authentication-mode sha 123456TESTplat&!

For an NMS to have read-only access to all MIB objects, make sure the following configurations are the same on both the NMS and the SNMP agent:

· SNMP protocol version.

· SNMPv3 username.

· Authentication algorithm and key.

Related commands

display snmp-agent usm-user

snmp-agent calculate-password

snmp-agent group

snmp-agent remote

snmp-agent usm-user v3 user-role

Use snmp-agent usm-user v3 user-role to assign a user role to an SNMPv3 user created in RBAC mode.

Use undo snmp-agent usm-user user-role to remove a user role.

Syntax

snmp-agent usm-user v3 user-name user-role role-name

undo snmp-agent usm-user v3 user-name user-role role-name

Default

An SNMPv3 user has the user role assigned to it at its creation.

Views

System view

Predefined user roles

network-admin

Parameters

user-name: Specifies an SNMPv3 username, a case-sensitive string of 1 to 32 characters.

user-role role-name: Specifies a user role name, a case-sensitive string of 1 to 63 characters.

Usage guidelines

You can assign a maximum of 64 user roles to an SNMPv3 user.

An SNMPv3 user must have a minimum of one user role.

Examples

# Assign the user role testRole2 to the SNMPv3 user testUser.

<Sysname> system-view

[Sysname] snmp-agent usm-user v3 testUser user-role testRole2

Related commands

snmp-agent usm-user v3

RMON commands

The following matrix shows the feature and hardware compatibility:

Hardware	RMON compatibility
MSR810/810-W/810-W-DB/810-LM/810-W-LM/810-10-PoE/810-LM-HK/810-W-LM-HK	Yes
MSR810-LMS/810-LUS	No
MSR2600-6-X1/2600-10-X1	Yes
MSR 2630	Yes
MSR3600-28/3600-51	Yes
MSR3600-28-SI/3600-51-SI	Yes
MSR 3610/3620/3620-DP/3640/3660	Yes
MSR3610-X1/3610-X1-DP/3610-X1-DC/3610-X1-DP-DC	Yes
MSR5620/5660/5680	Yes

Hardware	RMON compatibility
MSR810-LM-GL	Yes
MSR810-W-LM-GL	Yes
MSR830-6EI-GL	Yes
MSR830-10EI-GL	Yes
MSR830-6HI-GL	Yes
MSR830-10HI-GL	Yes
MSR2600-6-X1-GL	Yes
MSR3600-28-SI-GL	Yes

display rmon alarm

Use display rmon alarm to display information about RMON alarm entries.

Syntax

display rmon alarm [ entry-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

entry-number: Specifies an alarm entry by its index in the range of 1 to 65535. If you do not specify an entry, the command displays all RMON alarm entries.

Examples

# Display information about all RMON alarm entries.

<Sysname> display rmon alarm

AlarmEntry 1 owned by user1 is VALID.

Sample type : absolute

Sampled variable : 1.3.6.1.2.1.16.1.1.1.4.1<etherStatsOctets.1>

Sampling interval (in seconds) : 10

Rising threshold : 50(associated with event 1)

Falling threshold : 5(associated with event 2)

Alarm sent upon entry startup : risingOrFallingAlarm

Latest value : 0

Table 43 Command output

Field	Description
AlarmEntry entry-number owned by owner is status.	Alarm entry owner and status: · entry-number—Alarm entry index. · owner—Entry owner. · status—Entry status: ¡ VALID—The entry is valid. ¡ UNDERCREATION—The entry is invalid. The status field is not configurable at the CLI. All alarm entries created from the CLI are valid by default. The display rmon alarm command can display invalid entries, but the display current-configuration and display this commands do not display their settings.
Sample type	Sample type: · absolute—RMON compares the value of the variable with the rising and falling thresholds at the end of the sampling interval. · delta—RMON subtracts the value of the variable at the previous sample from the current value, and then compares the difference with the rising and falling thresholds.
Sampled variable	Monitored variable.
Sampling interval	Interval (in seconds) at which data is sampled and compared with the rising and falling thresholds.
Rising threshold	Alarm rising threshold. A rising alarm is generated when the following conditions are met: · The current sampled value is greater than or equal to this threshold. · The value at the previous sampling interval was less than this threshold. A rising alarm is also generated when the following conditions are met: · The first sample after this entry becomes valid is greater than or equal to this threshold. · The associated alarmStartupAlarm instance is equal to risingAlarm or risingOrFallingAlarm.
associated with event	Event index (EventEntry) associated with the alarm.
Falling threshold	Alarm falling threshold. A falling alarm is generated when the following conditions are met: · The current sampled value is less than or equal to this threshold · The value at the previous sampling interval was greater than this threshold. A falling alarm is also generated when the following conditions are met: · The first sample after this entry becomes valid is less than or equal to this threshold. · The associated alarmStartupAlarm is equal to fallingAlarm or risingOrFallingAlarm.
Alarm sent upon entry startup	Alarm that can be generated when the entry becomes valid: · risingAlarm—Generates a rising alarm if the first sample after the entry becomes valid is greater than or equal to the rising threshold. · fallingAlarm—Generates a falling alarm if the first sample after the entry becomes valid is less than or equal to the rising threshold. · risingOrFallingAlarm—Generates a rising alarm or falling alarm if the first sample after the entry becomes valid crosses the rising threshold or falling threshold. The default is risingOrFallingAlarm.
Latest value	Most recent sampled value.

Related commands

rmon alarm

display rmon event

Use display rmon event to display information about RMON event entries.

Syntax

display rmon event [ entry-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

entry-number: Specifies an event entry by its index in the range of 1 to 65535. If you do not specify an entry, the command displays all event entries.

Usage guidelines

An event entry includes the following information:

· Event index.

· Event owner.

· Event description.

· Action triggered by the event (such as logging the event or sending an SNMP notification).

· Last time when the event occurred (seconds that elapsed since the system startup).

Examples

# Display information about all RMON event entries.

<Sysname> display rmon event

EventEntry 1 owned by user1 is VALID.

Description: N/A

Community: Security

Take the action log-trap when triggered, last triggered at 0days 00h:02m:27s uptime.

Table 44 Command output

Field	Description
EventEntry entry-number owned by owner is status.	Event entry owner and status: · entry-number—Event entry index. · owner—Entry owner. · status—Entry status: ¡ VALID—The entry is valid. ¡ UNDERCREATION—The entry is invalid. The status field is not configurable at the CLI. All alarm entries created from the CLI are valid by default. The display rmon event command can display invalid entries, but the display current-configuration and display this commands do not display their settings.
Description	Event description.
Community	SNMP community name for the RMON event. You can specify an SNMP community name when you create an RMON event entry, but the setting does not take effect. The system always uses the settings configured with the SNMP feature when it sends RMON event notifications.
Take the action action when triggered	Actions that the system takes when the event occurs: · none—Takes no action. · log—Logs the event. · trap—Sends an SNMP notification. · log-trap—Logs the event and sends an SNMP notification.
last triggered at time uptime	Last time when the event occurred, which is represented as the amount of time that elapsed since the system startup.

Related commands

rmon event

display rmon eventlog

Use display rmon eventlog to display information about event log entries.

Syntax

display rmon eventlog [ entry-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

entry-number: Specifies an event entry by its index in the range of 1 to 65535. If you do not specify an entry, the command displays log entries for all event entries.

Usage guidelines

If the log action is specified for an event, the system adds a record in the event log table each time the event occurs. Each record contains the log entry index, time when the event was logged (the amount of time that elapsed since system startup), and event description.

The system can maintain a maximum of 10 records for an event. The most recent record replaces the oldest record if the number of records reaches 10.

Examples

# Display the RMON log for event entry 99.

<Sysname> display rmon eventlog 99

EventEntry 99 owned by ww is VALID.

LogEntry 99.1 created at 50days 08h:54m:44s uptime.

Description: The 1.3.6.1.2.1.16.1.1.1.4.5 defined in alarmEntry 77,

uprise 16760000 with alarm value 16776314. Alarm sample type is absolute.

LogEntry 99.2 created at 50days 09h:11m:13s uptime.

Description: The 1.3.6.1.2.1.16.1.1.1.4.5 defined in alarmEntry 77,

less than(or =) 20000000 with alarm value 16951648. Alarm sample type is absolute.

LogEntry 99.3 created at 50days 09h:18m:43s uptime.

Description: The alarm formula defined in prialarmEntry 777,

less than(or =) 15000000 with alarm value 14026493. Alarm sample type is absolute.

LogEntry 99.4 created at 50days 09h:23m:28s uptime.

Description: The alarm formula defined in prialarmEntry 777,

uprise 17000000 with alarm value 17077846. Alarm sample type is absolute.

This example shows that the event log table has four records for event 99:

· Two records were created when event 99 was triggered by alarm entry 77.

· Two records were created when event 99 was triggered by private alarm entry 777.

Table 45 Command output

Field	Description
EventEntry entry-number owned by owner is status.	Event log entry owner and status: · entry-number—Event log entry index, which is the same as the event entry index for which this log entry is generated. · owner—Entry owner. · status—Entry status: ¡ VALID—The entry is valid (default value). ¡ UNDERCREATION—The entry is invalid. The status field is not configurable at the CLI. All event log entries are valid by default. The display rmon eventlog command can display invalid entries, but the display current-configuration and display this commands do not display their settings.
LogEntry entry-number created at created-time uptime.	Time when an event record was created: · entry-number—Event record index (represented as logEventIndex.logIndex), which uniquely identifies the record among all records for the event. · created-time—Time when the event entry was created.
Description	Record description.

Related commands

rmon event

display rmon history

Use display rmon history to display RMON history control entries and history samples of Ethernet statistics for Ethernet interfaces.

Syntax

display rmon history [ interface-type interface-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

interface-type interface-number: Specifies an interface by its type and number. If you do not specify an interface, the command displays history samples for all interfaces that have an RMON history control entry.

Usage guidelines

RMON uses the etherHistoryTable object to store the history samples of Ethernet statistics for Ethernet interfaces.

To collect history samples for an Ethernet interface, you must first create a history control entry on the interface.

To configure the number of history samples that can be displayed and the history sampling interval, use the rmon history command.

Examples

# Display the RMON history control entry and history samples for GigabitEthernet 1/0/1.

<Sysname> display rmon history gigabitethernet 1/0/1

HistoryControlEntry 6 owned by user1 is VALID.

Sampled interface : GigabitEthernet1/0/1<ifIndex.117>

Sampling interval : 8(sec) with 3 buckets max

Sampling record 1 :

dropevents : 0 , octets : 5869

packets : 54 , broadcast packets : 9

multicast packets : 23 , CRC alignment errors : 0

undersize packets : 0 , oversize packets : 0

fragments : 0 , jabbers : 0

collisions : 0 , utilization : 0

Sampling record 2 :

dropevents : 0 , octets : 5367

packets : 55 , broadcast packets : 1

multicast packets : 7 , CRC alignment errors : 0

undersize packets : 0 , oversize packets : 0

fragments : 0 , jabbers : 0

collisions : 0 , utilization : 0

Sampling record 3 :

dropevents : 0 , octets : 936

packets : 10 , broadcast packets : 0

multicast packets : 6 , CRC alignment errors : 0

undersize packets : 0 , oversize packets : 0

fragments : 0 , jabbers : 0

collisions : 0 , utilization : 0

HistoryControlEntry 7 owned by user1 is VALID.

Sampled interface : GigabitEthernet1/0/1<ifIndex.117>

Sampling interval : 9(sec) with 1 buckets max

Sampling record 1 :

dropevents : 0 , octets : 1150

packets : 12 , broadcast packets : 0

multicast packets : 8 , CRC alignment errors : 0

undersize packets : 0 , oversize packets : 0

fragments : 0 , jabbers : 0

collisions : 0 , utilization : 0

Table 46 Command output

Field	Description
HistoryControlEntry entry-number owned by owner is status.	Status and owner of the history control entry: · entry-number—History control entry index. · owner—Entry owner. · status—Entry status: ¡ VALID—The entry is valid. ¡ UNDERCREATION—The entry is invalid. The status field is not configurable at the CLI. All history control entries created from the CLI are valid by default. The display rmon history command can display invalid entries, but the display current-configuration and display this commands do not display their settings.
Sampled Interface	Sampled interface.
Sampling interval	Sampling interval in seconds.
buckets max	Maximum number of samples that can be saved for the history control entry. If the expected bucket size specified with the rmon history command exceeds the available history table size, RMON sets the bucket size as closely to the expected bucket size as possible. If the bucket has been full, RMON overwrites the oldest sample with the new sample.
Sampling record	History sample index.
dropevents	Total number of events in which packets were dropped during the sampling interval. NOTE: This statistic is the number of times that a drop condition occurred. It is not necessarily the total number of dropped packets.
octets	Total number of octets received during the sampling interval.
packets	Total number of packets (including bad packets) received during the sampling interval.
broadcast packets	Number of broadcasts received during the sampling interval.
multicast packets	Number of multicasts received during the sampling interval.
CRC alignment errors	Number of packets received with CRC alignment errors during the sampling interval.
undersize packets	Number of undersize packets received during the sampling interval. Undersize packets are shorter than 64 octets (excluding framing bits but including FCS octets).
oversize packets	Number of oversize packets received during the sampling interval. Oversize packets are longer than 1518 octets (excluding framing bits but including FCS octets).
fragments	Number of undersize packets with CRC errors received during the sampling interval.
jabbers	Number of oversize packets with CRC errors received during the sampling interval.
collisions	Number of colliding packets received during the sampling interval.
utilization	Bandwidth utilization (in hundreds of a percent) during the sampling period.

Related commands

rmon history

display rmon prialarm

Use display rmon prialarm to display information about RMON private alarm entries.

Syntax

display rmon prialarm [ entry-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

entry-number: Specifies an alarm entry index in the range of 1 to 65535. If you do not specify an entry, the command displays all private alarm entries.

Examples

# Display information about all RMON private alarm entries.

<Sysname> display rmon prialarm

PrialarmEntry 1 owned by user1 is VALID.

Sample type : absolute

Variable formula : (.1.3.6.1.2.1.16.1.1.1.6.1*100/.1.3.6.1.2.1.16.1.1.1.5.1)

Description : ifUtilization.GigabitEthernet1/0/1

Sampling interval (in seconds) : 10

Rising threshold : 80(associated with event 1)

Falling threshold : 5(associated with event 2)

Alarm sent upon entry startup : risingOrFallingAlarm

Entry lifetime : forever

Latest value : 85

Table 47 Command output

Field	Description
PrialarmEntry entry-number owned by owner is status.	Alarm entry owner and status: · entry-number—Alarm entry index. · owner—Entry owner. · status—Entry status: ¡ VALID—The entry is valid. ¡ UNDERCREATION—The entry is invalid. The status field is not configurable at the CLI. All alarm entries created from the CLI are valid by default. The display rmon prialarm command can display invalid entries, but the display current-configuration and display this commands do not display their settings.
Sample type	Sample type: · absolute—RMON compares the calculation result of the variable formula with the rising and falling thresholds at the end of the sampling interval. · delta—RMON subtracts the calculation result of the variable formula for the previous sampling interval from the current calculation result, and then compares the difference with the rising and falling thresholds.
Variable formula	Variable formula.
Description	Description of the alarm entry.
Sampling interval	Interval (in seconds) at which data is sampled and compared with the rising and falling thresholds.
Rising threshold	Alarm rising threshold. A rising alarm is generated when the following conditions are met: · The current sampled value is greater than or equal to this threshold. · The value at the previous sampling interval was less than this threshold. A rising alarm is also generated when the following conditions are met: · The first sample after this entry becomes valid is greater than or equal to this threshold. · The associated hh3cRmonExtAlarmStartupAlarm instance is equal to risingAlarm or risingOrFallingAlarm.
Falling threshold	Alarm falling threshold. A falling alarm is generated when the following conditions are met: · The current sampled value is less than or equal to this threshold. · The value at the previous sampling interval was greater than this threshold. A falling alarm is also generated when the following conditions are met: · The first sample after this entry becomes valid is less than or equal to this threshold. · The associated hh3cRmonExtAlarmStartupAlarm instance is equal to fallingAlarm or risingOrFallingAlarm.
associated with event	Event index associated with the alarm.
Alarm sent upon entry startup	Alarm that can be generated when the entry becomes valid: · risingAlarm—Generates a rising alarm if the first sample after the entry becomes valid is greater than or equal to the rising threshold. · fallingAlarm—Generates a falling alarm if the first sample after the entry becomes valid is less than or equal to the rising threshold. · risingOrFallingAlarm—Generates a rising alarm or falling alarm if the first sample after the entry becomes valid crosses the rising threshold or falling threshold. The default is risingOrFallingAlarm.
Entry lifetime	Lifetime of the entry. · If the lifetime is set to forever, the entry never expires. · If the lifetime is set to an amount of time, the entry is removed when the timer expires.
Latest value	Most recent sampled value.

NOTE:

The prefix of the MIB objects varies by device brands.

Related commands

rmon prialarm

display rmon statistics

Use display rmon statistics to display RMON statistics.

Syntax

display rmon statistics [ interface-type interface-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

interface-type interface-number: Specifies an interface by its type and number. If you do not specify an interface, the command displays RMON statistics for all interfaces.

Usage guidelines

This command displays the cumulative interface statistics for the period from the time the statistics entry was created to the time the command was executed. The statistics are cleared when the device reboots.

Examples

# Display RMON statistics for GigabitEthernet 1/0/1.

<Sysname> display rmon statistics gigabitethernet 1/0/1

EtherStatsEntry 1 owned by user1 is VALID.

Interface : GigabitEthernet1/0/1<ifIndex.3>

etherStatsOctets : 43393306 , etherStatsPkts : 619825

etherStatsBroadcastPkts : 503581 , etherStatsMulticastPkts : 44013

etherStatsUndersizePkts : 0 , etherStatsOversizePkts : 0

etherStatsFragments : 0 , etherStatsJabbers : 0

etherStatsCRCAlignErrors : 0 , etherStatsCollisions : 0

etherStatsDropEvents (insufficient resources): 0

Incoming packets by size:

64 : 0 , 65-127 : 0 , 128-255 : 0

256-511: 0 , 512-1023: 0 , 1024-1518: 0

Table 48 Command output

Field	Description
EtherStatsEntry entry-number owned by owner is status.	Statistics entry owner and status: · entry-number—Statistics entry index. · owner—Entry owner. · status—Entry status: ¡ VALID—The entry is valid. ¡ UNDERCREATION—The entry is invalid. The status field is not configurable at the CLI. All alarm entries created from the CLI are valid by default. The display rmon statistics command can display invalid entries, but the display current-configuration and display this commands do not display their settings.
Interface	Interface on which statistics are gathered.
etherStatsOctets	Total number of octets received on the interface.
etherStatsPkts	Total number of packets received on the interface.
etherStatsBroadcastPkts	Total number of broadcast packets received on the interface.
etherStatsMulticastPkts	Total number of multicast packets received on the interface.
etherStatsUndersizePkts	Total number of undersize packets received on the interface.
etherStatsOversizePkts	Total number of oversize packets received on the interface.
etherStatsFragments	Total number of undersize packets received with CRC errors on the interface.
etherStatsJabbers	Total number of oversize packets received with CRC errors on the interface.
etherStatsCRCAlignErrors	Total number of packets received with CRC errors on the interface.
etherStatsCollisions	Total number of colliding packets received on the interface.
etherStatsDropEvents	Total number of events in which packets were dropped. NOTE: This statistic is the number of times that a drop condition occurred. It is not necessarily the total number of dropped packets.
Incoming packets by size:	Incoming-packet statistics by packet length: · 64—Number of packets with a length less than or equal to 64 bytes. · 65-127—Number of 65- to 127-byte packets.. · 128-255—Number of 128- to 255-byte packets. · 256-511—Number of 256- to 511-byte packets. · 512-1023—Number of 512- to 1023-byte packets. · 1024-1518—Number of 1024- to 1518-byte packets.

Related commands

rmon statistics

rmon alarm

Use rmon alarm to create an RMON alarm entry.

Use undo rmon alarm to remove an RMON alarm entry.

Syntax

rmon alarm entry-number alarm-variable sampling-interval { absolute | delta } [ startup-alarm { falling | rising | rising-falling } ] rising-threshold threshold-value1 event-entry1 falling-threshold threshold-value2 event-entry2 [ owner text ]

undo rmon alarm entry-number

Default

No RMON alarm entries exist.

Views

System view

Predefined user roles

network-admin

Parameters

entry-number: Specifies an alarm entry index in the range of 1 to 65535.

alarm-variable: Specifies an alarm variable, a string of 1 to 255 characters. You can only specify variables that can be parsed as an ASN.1 INTEGER value (INTEGER, INTEGER32, Unsigned32, Counter32, Counter64, Gauge, or TimeTicks) for the alarm-variable argument. The alarm variables must use one of the formats in Table 49.

Table 49 Alarm variable formats

Format

Examples

Dotted OID format:

entry.integer.instance

1.3.6.1.2.1.2.1.10.1

Object name.instance

etherStatsOctets.1

etherStatsPkts.1

etherStatsBroadcastPkts.1

ifInOctets.1

ifInUcastPkts.1

ifInNUcastPkts.1

sampling-interval: Sets the sampling interval in the range of 5 to 65535 seconds.

absolute: Specifies absolute sampling. RMON compares the value of the variable with the rising and falling thresholds at the end of the sampling interval.

delta: Specifies delta sampling. RMON subtracts the value of the variable at the previous sample from the current value, and then compares the difference with the rising and falling thresholds.

startup-alarm: Specifies alarms that can be generated when the alarm entry becomes valid. If you do not specify an alarm, RMON can generate a rising alarm or a falling alarm depending on the first sample.

rising: Generates a rising alarm if the first sample after the entry becomes valid is greater than or equal to the rising threshold.

falling: Generates a falling alarm if the first sample after the entry becomes valid is less than or equal to the rising threshold.

rising-falling: Generates a rising alarm if the first sample crosses the rising threshold, or generates a falling alarm if the first sample crosses the falling threshold.

rising-threshold threshold-value1 event-entry1: Sets the rising threshold. The threshold-value1 argument represents the rising threshold in the range of –2147483648 to +2147483647. The event-entry1 argument represents the index of the event that is triggered when the rising threshold is crossed. The value range for the event-entry1 argument is 0 to 65535. If 0 is specified, the alarm does not trigger any event.

falling-threshold threshold-value2 event-entry2: Sets the falling threshold. The threshold-value2 argument represents the falling threshold in the range of –2147483648 to +2147483647. The event-entry2 argument represents the index of the event that is triggered when the falling threshold is crossed. The value range for the event-entry2 argument is 0 to 65535. If 0 is specified, the alarm does not trigger any event.

owner text: Specifies the entry owner, a case-sensitive string of 1 to 127 characters.

Usage guidelines

You can create a maximum of 60 RMON alarm entries.

Each alarm entry must have a unique alarm variable, sampling interval, sample type, rising threshold, or falling threshold. You cannot create an alarm entry if all these parameters for the entry are the same as an existing entry.

To trigger the event associated with an alarm condition, you must create the event with the rmon event command.

RMON samples the monitored alarm variable at the specified sampling interval, compares the sampled value with the predefined thresholds, and does one of the following:

· Triggers the event associated with the rising alarm if the sampled value is equal to or greater than the rising threshold.

· Triggers the event associated with the falling alarm if the sampled value is equal to or less than the falling threshold.

Examples

# Create an alarm entry to perform absolute sampling on the number of octets received on GigabitEthernet 1/0/1 (object instance 1.3.6.1.2.1.16.1.1.1.4.1) at 10-seconds intervals. If the sampled value reaches or exceeds 5000, log the rising alarm event. If the sampled value is equal to or less than 5, take no actions.

<Sysname> system-view

[Sysname] rmon event 1 log

[Sysname] rmon event 2 none

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] rmon statistics 1

[Sysname-GigabitEthernet1/0/1] quit

[Sysname] rmon alarm 1 1.3.6.1.2.1.16.1.1.1.4.1 10 absolute rising-threshold 5000 1 falling-threshold 5 2 owner user1

In this example, you can replace 1.3.6.1.2.1.16.1.1.1.4.1 with etherStatsOctets.1, where 1 is the statistics entry index for the interface. If you execute the rmon statistics 5 command, you can use etherStatsOctets.5 to replace 1.3.6.1.2.1.16.1.1.1.4.5.

Related commands

display rmon alarm

rmon event

Use rmon event to create an RMON event entry.

Use undo rmon event to remove an RMON event entry.

Syntax

rmon event entry-number [ description string ] { log | log-trap security-string | none | trap security-string } [ owner text ]

undo rmon event entry-number

Default

No RMON event entries exist.

Views

System view

Predefined user roles

network-admin

Parameters

entry-number: Specifies an event entry index in the range of 1 to 65535.

description string: Configures an event description, a case-sensitive string of 1 to 127 characters.

log: Logs the event when it occurs.

log-trap: Logs the event and sends an SNMP notification when the event occurs.

security-string: Represents the SNMP community name, a case-sensitive string of 1 to 127 characters.

none: Performs no action when the event occurs.

trap: Sends an SNMP notification when the event occurs.

owner text: Specifies the entry owner, a case-sensitive string of 1 to 127 characters.

NOTE:

The SNMP community name setting for the security-string argument does not take effect even though you can configure it with the command. Instead, the system uses the settings you configure with SNMP when it sends RMON SNMP notifications. For more information about SNMP notifications, see Network Management and Monitoring Configuration Guide.

Usage guidelines

You can create a maximum of 60 event entries.

You can associate an event entry with a standard or private alarm entry to specify the action to take when an alarm condition occurs. Depending on your configuration, the system logs the event, sends an SNMP notification, does both, or does neither.

You can associate an event with multiple alarm entries.

Examples

# Create an RMON log event entry. Specify its index as 10 and the entry owner as user1.

<Sysname> system-view

[Sysname] rmon event 10 log owner user1

Related commands

display rmon event

rmon alarm

rmon prialarm

rmon history

Use rmon history to create an RMON history control entry.

Use undo rmon history to remove an RMON history control entry.

Syntax

rmon history entry-number buckets number interval interval [ owner text ]

undo rmon history entry-number

Default

No RMON history control entries exist.

Views

Ethernet interface view

Predefined user roles

network-admin

Parameters

entry-number: Specifies a history control entry index in the range of 1 to 65535.

buckets number: Specifies the expected maximum number of samples to be retained for the entry, in the range of 1 to 65535. RMON can retain a maximum of 50 samples for each history control entry. If the expected bucket size exceeds the available history table size, RMON sets the bucket size as closely to the expected bucket size as is possible. However, the granted bucket size will not exceed 50. For example, the bucket size for a history control entry will be 30 if the expected bucket size is set to 55, but the available bucket size is only 30.

interval interval: Specifies the sampling interval in the range of 5 to 3600 seconds.

owner text: Specifies the entry owner, a case-sensitive string of 1 to 127 characters.

Usage guidelines

You can create RMON history control entries only for Layer 2 or Layer 3 Ethernet interfaces.

The system supports a maximum of 100 history control entries.

If an Ethernet interface has a history control entry, RMON periodically samples packet statistics on the interface and stores the samples to the history table. When the bucket size for the history control entry is reached, RMON overwrites the oldest sample with the most recent sample.

You can configure multiple history control entries for one interface. Make sure their entry numbers and sampling intervals are different.

Examples

# Create RMON history control entry 1 for GigabitEthernet 1/0/1.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] rmon history 1 buckets 10 interval 5 owner user1

Related commands

display rmon history

rmon prialarm

Use rmon prialarm to create an RMON private alarm entry.

Use undo rmon prialarm to remove an RMON private alarm entry.

Syntax

rmon prialarm entry-number prialarm-formula prialarm-des sampling-interval { absolute | delta } [ startup-alarm { falling | rising | rising-falling } ] rising-threshold threshold-value1 event-entry1 falling-threshold threshold-value2 event-entry2 entrytype { forever | cycle cycle-period } [ owner text ]

undo rmon prialarm entry-number

Default

No RMON private alarm entries exist.

Views

System view

Predefined user roles

network-admin

Parameters

entry-number: Specifies a private alarm entry index in the range of 1 to 65535.

prialarm-formula: Configures a private alarm variable formula, a string of 1 to 255 characters. The variables in the formula must be represented in OID format that starts with a dot (.), for example, (.1.3.6.1.2.1.2.1.10.1)*8. You can configure a formula to perform the basic math operations of addition, subtraction, multiplication, and division on these variables. To get a correct calculation result, make sure the following conditions are met:

· The values of the variables in the formula are positive integers.

· The result of each calculating step is in the value range for long integers.

prialarm-des: Configures an entry description, a case-sensitive string of 1 to 127 characters.

sampling-interval: Sets the sampling interval in the range of 10 to 65535 seconds.

absolute: Specifies absolute sampling. RMON compares the value of the variable with the rising and falling thresholds at the end of the sampling interval.

delta: Specifies delta sampling. RMON subtracts the value of the variable at the previous sample from the current value, and then compares the difference with the rising and falling thresholds.

startup-alarm: Specifies alarms that can be generated when the alarm entry becomes valid. If you do not specify an alarm, RMON does the following:

· Generates a rising alarm if the first sample crosses the rising threshold.

· Generates a falling alarm if the first sample crosses the falling threshold.

rising: Generates a rising alarm if the first sample after the entry becomes valid is greater than or equal to the rising threshold.

falling: Generates a falling alarm if the first sample after the entry becomes valid is less than or equal to the rising threshold.

rising-falling: Generates a rising alarm or falling alarm if the first sample after the entry becomes valid crosses the rising threshold or falling threshold.

forever: Configures the entry as a permanent entry. RMON retains a permanent private alarm entry until it is manually deleted.

cycle cycle-period: Sets the lifetime of the entry, in the range of 0 to 4294967 seconds. RMON deletes the entry when its lifetime expires.

owner text: Specifies the entry owner, a case-sensitive string of 1 to 127 characters.

Usage guidelines

You can create a maximum of 50 private alarm entries.

To trigger the event associated with an alarm condition, you must create the event with the rmon event command.

The RMON agent samples variables and takes an alarm action based on a private alarm entry as follows:

1. Periodically samples the variables specified in the private alarm formula.

2. Processes the sampled values with the formula.

3. Compares the calculation result with the predefined thresholds, and then takes one of the following actions:

¡ Triggers the event associated with the rising alarm event if the result is equal to or greater than the rising threshold.

¡ Triggers the event associated with the falling alarm event if the result is equal to or less than the falling threshold.

Examples

# Add a permanent private alarm entry to monitor the ratio of incoming broadcasts to the total number of incoming packets on GigabitEthernet 1/0/1. Log the rising alarm event when the ratio exceeds 80%, and take no actions when the ratio drops to 5%. The formula is (1.3.6.1.2.1.16.1.1.1.6.1*100/.1.3.6.1.2.1.16.1.1.1.5.1), where 1.3.6.1.2.1.16.1.1.1.6.1 is the OID of the object instance etherStatsBroadcastPkts.1, and 1.3.6.1.2.1.16.1.1.1.5.1 is the OID of the object instance etherStatsPkts.1.

<Sysname> system-view

[Sysname] rmon event 1 log

[Sysname] rmon event 2 none

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] rmon statistics 1

[Sysname-GigabitEthernet1/0/1] quit

[Sysname] rmon prialarm 1 (.1.3.6.1.2.1.16.1.1.1.6.1*100/.1.3.6.1.2.1.16.1.1.1.5.1) BroadcastPktsRatioOfEth1/1 10 absolute rising-threshold 80 1 falling-threshold 5 2 entrytype forever owner user1

The last number in the OID forms of variables must be the same as the statistics entry index for the interface. For example, if you execute the rmon statistics 5 command, you must replace 1.3.6.1.2.1.16.1.1.1.6.1 and 1.3.6.1.2.1.16.1.1.1.5.1 with 1.3.6.1.2.1.16.1.1.1.6.5 and 1.3.6.1.2.1.16.1.1.1.5.5, respectively.

Related commands

display rmon prialarm

rmon event

rmon statistics

Use rmon statistics to create an RMON statistics entry.

Use undo rmon statistics to remove an RMON statistics entry.

Syntax

rmon statistics entry-number [ owner text ]

undo rmon statistics entry-number

Default

No RMON statistics entry exists.

Views

Ethernet interface view

Predefined user roles

network-admin

Parameters

entry-number: Specifies a statistics entry index in the range of 1 to 65535.

owner text: Specifies the entry owner, a case-sensitive string of 1 to 127 characters.

Usage guidelines

You can create RMON statistics entries only for Layer 2 or Layer 3 Ethernet interfaces.

You can create one statistics entry for each Ethernet interface, and a maximum of 100 statistics entries on the device.

Each RMON statistics entry provides a set of cumulative traffic statistics collected up to the present time for an interface. Statistics include number of collisions, CRC alignment errors, number of undersize or oversize packets, number of broadcasts, number of multicasts, number of bytes received, and number of packets received. The statistics are cleared at a reboot.

To display the RMON statistics table, use the display rmon statistics command.

Examples

# Create an RMON statistics entry for GigabitEthernet 1/0/1. The index is 20 and the owner is user1.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] rmon statistics 20 owner user1

Related commands

display rmon statistics

Event MIB commands

action

Use action to set an action for an event.

Use undo action to remove an action.

Syntax

action { notification | set }

undo action { notification | set }

Default

An event does not have an action.

Views

Event view

Predefined user roles

network-admin

Parameters

notification: Sets the notification action. The system sends a notification to the NMS when the event is triggered.

set: Sets the set action. The system sets a value for the specified MIB object when the event is triggered.

Usage guidelines

You can set both the set and notification actions for an event.

· When you set the set action, the system automatically creates a set entry and enters action-set view. You can configure the set action in this view.

· When you set the notification action, the system automatically creates a notification entry and enters action-notification view. You can configure the notification action in this view.

Examples

# Set the notification action for an event and specify the notification OID mteEventSetFailure for the action. Set the set action for the event and set the value to 2 for the monitored object ipForwarding.0.

<Sysname> system-view

[Sysname] snmp mib event owner owner1 name EventA

[Sysname-event-owner1-EventA] action notification

[Sysname-event-owner1-EventA-notification] oid mteEventSetFailure

[Sysname-event-owner1-EventA-notification] quit

[Sysname-event-owner1-EventA] action set

[Sysname-event-owner1-EventA-set] oid ipForwarding.0

[Sysname-event-owner1-EventA-set] value 2

Related commands

event enable

snmp mib event

comparison

Use comparison to specify a Boolean comparison type for the sampled value and the reference value.

Use undo comparison to restore the default.

Syntax

comparison { equal | greater | greaterorequal | less | lessorequal | unequal }

undo comparison

Default

The Boolean comparison type is unequal.

Views

Trigger-Boolean view

Predefined user roles

network-admin

Parameters

equal: Specifies the Boolean comparison type as equal. When the sampled value equals the reference value, the trigger condition is met.

greater: Specifies the Boolean comparison type as greater than. When the sampled value is greater than the reference value, the trigger condition is met.

greaterorequal: Specifies the Boolean comparison type as greater than or equal to. When the sampled value is greater than or equal to the reference value, the trigger condition is met.

less: Specifies the Boolean comparison type as smaller than. When the sampled value is smaller than the reference value, the trigger condition is met.

lessorequal: Specifies the Boolean comparison type as smaller than or equal to. When the sampled value is smaller than or equal to the reference value, the trigger condition is met.

unequal: Specifies the Boolean comparison type as unequal. When the sampled value is unequal to the reference value, the trigger condition is met.

Usage guidelines

If the sampled value meets the trigger condition at two or more samplings in succession, an event is triggered only at the first sampling.

For an event to be triggered at the first sampling, execute the startup enable command.

Examples

# Specify the Boolean comparison type as unequal.

<Sysname> system-view

[Sysname] snmp mib event trigger owner owner1 name triggerA

[Sysname-trigger-owner1-triggerA] test boolean

[Sysname-trigger-owner1-triggerA-boolean] comparison unequal

Related commands

snmp mib event trigger

test

context (action-set view)

Use context to configure a context for the set-action object.

Use undo context to restore the default.

Syntax

context context-name

undo context

Default

A set action does not have a context.

Views

Action-set view

Predefined user roles

network-admin

Parameters

context-name: Specifies a context, a case-sensitive string of 1 to 32 characters.

Usage guidelines

To uniquely identify a set-action object, configure a context for it.

Examples

# Configure the context contextname1 for the set-action object.

<Sysname>system-view

[Sysname] snmp mib event owner owner1 name EventA

[Sysname-event-owner1-EventA] action set

[Sysname-event-owner1-EventA-set] context contextname1

Related commands

action

snmp mib event owner

wildcard context

context (trigger view)

Use context to configure a context for a monitored object.

Use undo context to restore the default.

Syntax

context context-name

undo context

Default

A monitored object does not have a context.

Views

Trigger view

Predefined user roles

network-admin

Parameters

context-name: Specifies a context, a case-sensitive string of 1 to 32 characters.

Usage guidelines

To uniquely identify a monitored object, configure a context for it.

Examples

# Configure the context contextname1 for a monitored object.

<Sysname> system-view

[Sysname] snmp mib event trigger owner owner1 name triggerA

[Sysname-trigger-owner1-triggerA] context contextname1

Related commands

snmp mib event trigger

wildcard context

delta falling

Use delta falling to set a delta falling threshold and specify a falling event..

Use undo delta falling to restore the default.

Syntax

delta falling { event owner event-owner name event-name | value integer-value }

undo delta falling { event | value }

Default

The delta falling threshold is 0, and no falling event is specified.

Views

Trigger-threshold view

Predefined user roles

network-admin

Parameters

event owner event-owner name event-name: Specifies an event by its owner and its name. Use the trigger owner as the event owner. The event-name argument is a case-sensitive string of 1 to 32 characters.

value integer-value: Specifies a delta falling threshold in the range of –2147483648 to 2147483647. The value must be smaller than or equal to the delta rising threshold.

Usage guidelines

A falling event is triggered if the delta value (difference between the current sampled value and the previous sampled value) is smaller than or equal to the delta falling threshold.

If the delta value crosses the delta falling threshold multiple times in succession, a falling event is triggered only for the first crossing.

Examples

# Set the delta falling threshold to 20.

<Sysname> system-view

[Sysname] snmp mib event trigger owner owner1 name triggerA

[Sysname-trigger-owner1-triggerA] test threshold

[Sysname-trigger-owner1-triggerA-threshold] delta falling value 20

Related commands

sample

snmp mib event trigger

test

delta rising

Use delta rising to set a delta rising threshold and specify a rising event.

Use undo delta rising to restore the default.

Syntax

delta rising { event owner event-owner name event-name | value integer-value }

undo delta rising { event | value }

Default

The delta rising threshold is 0, and no rising event is specified.

Views

Trigger-threshold view

Predefined user roles

network-admin

Parameters

value integer-value: Specifies a delta rising threshold in the range of –2147483648 to 2147483647. The value must be greater than or equal to the delta falling threshold.

Usage guidelines

A rising event is triggered if the delta value is greater than or equal to the delta rising threshold.

If the delta value of the monitored object crosses the delta rising threshold multiple times in succession, a rising event is triggered only for the first crossing.

Examples

# Set the delta rising threshold to 50, and specify the event with the owner owner1 and the name event1 as the rising event.

<Sysname> system-view

[Sysname] snmp mib event trigger owner owner1 name triggerA

[Sysname-trigger-owner1-triggerA] test threshold

[Sysname-trigger-owner1-triggerA-threshold] delta rising value 50

[Sysname-trigger-owner1-triggerA-threshold] delta rising event owner owner1 name event1

Related commands

sample

snmp mib event trigger

test

description (event view)

Use description to configure a description for an event.

Use undo description to restore the default.

Syntax

description text

undo description

Default

An event does not have a description.

Views

Event view

Predefined user roles

network-admin

Parameters

text: Specifies a description, a case-sensitive string of 1 to 255 characters.

Examples

# Configure the description EventA is an RMON event for the event with the owner owner1 and the name eventA.

<Sysname> system-view

[Sysname] snmp mib event owner owner1 name EventA

[Sysname-event-owner1-EventA] description EventA is an RMON event

Related commands

snmp mib event owner

description (trigger view)

Use description to configure a description for a trigger.

Use undo description to restore the default.

Syntax

description text

undo description

Default

A trigger does not have a description.

Views

Trigger view

Predefined user roles

network-admin

Parameters

text: Specifies a description, a case-sensitive string of 1 to 255 characters.

Examples

# Configure the description triggerA is configured for configured for network management events for the trigger with the owner owner1 and the name triggerA.

<Sysname> system-view

[Sysname] snmp mib event trigger owner owner1 name triggerA

[Sysname-trigger-owner1-triggerA] description triggerA is configured for network management events

Related commands

snmp mib event trigger

display snmp mib event

Use display snmp mib event to display Event MIB configuration and statistics.

Syntax

display snmp mib event

Views

Any view

Predefined user roles

network-admin

network-operator

Examples

# Display Event MIB configuration and statistics.

<Sysname> display snmp mib event

TriggerFailures : 0

EventFailures : 0

SampleMinimum : 1

SampleInstanceMaximum : 0

SampleInstance : 0

SampleInstancesHigh : 0

SampleInstanceLacks : 0

Trigger entry triggerA owned by owner1:

TriggerComment : triggerA is to monitor the state of the interface

TriggerTest : boolean

TriggerSampleType : absoluteValue

TriggerValueID : 1.3.6.1.2.1.2.2.1.7.3<ifAdminStatus.3>

TriggerValueIDWildcard : false

TriggerTargetTag : N/A

TriggerContextName : context1

TriggerContextNameWildcard : true

TriggerFrequency(in seconds): 600

TriggerEnabled : true

Boolean entry:

BoolCmp : unequal

BoolValue : 1

BoolStartUp : true

BoolObjOwner : owner1

BoolObjName : Objects1

BoolEvtOwner : N/A

BoolEvtName : N/A

Event entry eventA owned by owner2:

EvtComment : event is to set ifAdminStatus

EvtAction : Notification | Set

EvtEnabled : true

Notification entry:

NotifyOID : 1.3.6.1.2.1.88.2.0.1<mteTriggerFired>

NotifyObjOwner : N/A

NotifyObjName : N/A

Set entry:

SetObj : 1.3.6.1.2.1.2.2.1.7<ifAdminStatus>

SetObjWildcard : true

SetValue : 2

SetTargetTag : N/A

SetContextName : context1

SetContextNameWildcard : false

Object list objectA owned by owner3:

ObjIndex : 1

ObjID : 1.3.6.1.2.1.2.1.0<ifNumber.0>

ObjIDWildcard : false

Object list objectA owned by owner3:

ObjIndex : 2

ObjID : 1.3.6.1.2.1.2.2.1.2.0<ifDescr.0>

ObjIDWildcard : false

For more information about the command output, see Table 50 to Table 53.

Related commands

snmp mib event

snmp mib event object list

snmp mib event trigger

display snmp mib event event

Use display snmp mib event event to display information about an event and the event actions.

Syntax

display snmp mib event event [ owner event-owner name event-name ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

owner event-owner name event-name: Specifies an event by its owner and name. The event-owner argument must be an existing SNMPv3 user. The event-name argument is a case-sensitive string of 1 to 32 characters. If you do not specify an event, this command displays information about all events and event actions.

Examples

# Display information about the event with the owner owner2 and name eventA and the event actions.

<Sysname> display snmp mib event event owner owner2 name eventA

Event entry eventA owned by owner2:

EvtComment : event is to set ifAdminStatus

EvtAction : Notification | Set

EvtEnabled : true

Notification entry:

NotifyOID : 1.3.6.1.2.1.88.2.0.1<mteTriggerFired>

NotifyObjOwner : N/A

NotifyObjName : N/A

Set entry:

SetObj : 1.3.6.1.2.1.2.2.1.7<ifAdminStatus>

SetObjWildcard : true

SetValue : 2

SetTargetTag : N/A

SetContextName : context1

SetContextNameWildcard : false

Table 50 Command output

Field	Description
Event entry
EvtComment	Description for the event.
EvtAction	Event actions: · Set action. · Notification action.
EvtEnabled	Event status: · Enabled. · Disabled.
Notification entry
NotifyOID	Notification OID.
NotifyObjOwner	Owner of the notification-action object.
NotifyObjName	Name of the object list to be added to the notification.
Set entry
SetObj	OID of the set-action object.
SetObjWildcard	Wildcarding option for the OID: · false—Specifies an object by its OID. · true—Enables wildcard search for OIDs.
SetValue	Value of the set-action object.
SetTargetTag	Remote tag for the set-action object..
SetContextName	Context for the set-action object.
SetContextNameWildcard	Wildcarding option for the context · false—Specifies a context. · true—Enables wildcard search for the context.

Related commands

snmp mib event

display snmp mib event object list

Use display snmp mib event event to display information about object lists.

Syntax

display snmp mib event object list [ owner objects-owner name objects-name ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

owner objects-owner name objects name: Specifies an object list by its owner and name. The objects-owner argument must be an existing SNMPv3 user. The objects name argument is a case-sensitive string of 1 to 32 characters. If you do not specify an object list, this command displays information about all object lists.

Examples

# Display information about the object list with the owner owner3 and name objectA.

<Sysname> display snmp mib event object list owner owner3 name objectA

Object list objectA owned by owner3:

ObjIndex : 1

ObjID : 1.3.6.1.2.1.2.1.0<ifNumber.0>

ObjIDWildcard : false

Object list objectA owned by owner3:

ObjIndex : 2

ObjID : 1.3.6.1.2.1.2.2.1.2.0<ifDescr.0>

ObjIDWildcard : false

Table 51 Command output

Field	Description
ObjIndex	Index of the object.
ObjID	OID of the object.
ObjIDWildcard	Wildcarding option for the OID: · false—Specifies the OID. · true—Enables wildcarded search for the OID.

Related commands

snmp mib event object list

display snmp mib event summary

Use display snmp mib event summary to display the Event MIB brief information.

Syntax

display snmp mib event summary

Views

Any view

Predefined user roles

network-admin

network-operator

Examples

# Display Event MIB brief information.

<Sysname> display snmp mib event summary

TriggerFailures : 0

EventFailures : 0

SampleMinimum : 1

SampleInstanceMaximum : 0

SampleInstance : 0

SampleInstancesHigh : 0

SampleInstanceLacks : 0

Table 52 Command output

Field	Description
TriggerFailures	Number of trigger test failures.
EventFailures	Number of notification or set action failures.
SampleMinimum	Minimum sampling interval.
SampleInstanceMaximum	Maximum number of sampled instances.
SampleInstance	Number of current sampled instances..
SampleInstancesHigh	Maximum number of sampled instances.
SampleInstanceLacks	Number of sampling failures after the maximum number of sampled instances is reached.

Related commands

display snmp mib event

display snmp mib event trigger

Use display snmp mib event trigger to display information about a trigger and the trigger tests.

Syntax

display snmp mib event trigger [ owner trigger-owner name trigger-name ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

owner trigger-owner name trigger name: Specifies a trigger by its owner and name. The trigger-owner argument must be an existing SNMPv3 user. The trigger-name argument is case-sensitive string of 1 to 32 characters. If you do not specify a trigger, this command displays information about all triggers and trigger tests.

Examples

# Display information about the trigger with the owner owner1 and the name triggerA and the trigger tests.

<Sysname> display snmp mib event trigger owner owner1 name triggerA

Trigger entry triggerA owned by owner1:

TriggerComment : triggerA is to monitor the state of the interface

TriggerTest : existence | boolean | threshold

TriggerSampleType : absoluteValue

TriggerValueID : 1.3.6.1.2.1.2.2.1.7.3<ifAdminStatus.3>

TriggerValueIDWildcard : false

TriggerTargetTag : N/A

TriggerContextName : context1

TriggerContextNameWildcard : true

TriggerFrequency(in seconds): 600

TriggerObjOwner : owner1

TriggerObjName : obj1

TriggerEnabled : true

Existence entry:

ExiTest : present | absent

ExiStartUp : present | absent

ExiObjOwner : owner1

ExiObjName : object1

ExiEvtOwner : owner1

ExiEvtName : event1

Boolean entry:

BoolCmp : unequal

BoolValue : 1

BoolStartUp : true

BoolObjOwner : owner1

BoolObjName : Objects1

BoolEvtOwner : N/A

BoolEvtName : N/A

Threshold entry:

ThresStartUp : falling

ThresRising : 40

ThresFalling : 20

ThresDeltaRising : 40

ThresDeltaFalling : 20

ThresObjOwner : N/A

ThresObjName : N/A

ThresRisEvtOwner : owner1

ThresRisEvtName : event1

ThresFalEvtOwner : owner1

ThresFalEvtName : event1

ThresDeltaRisEvtOwner : owner1

ThresDeltaRisEvtName : event1

ThresDeltaFalEvtOwner : owner1

ThresDeltaFalEvtName : event1

Table 53 Command output

Field	Description
Trigger entry
TriggerComment	Description for the trigger.
TriggerTest	Trigger test type: · Existence. · Boolean. · Threshold.
TriggerSampleType	Trigger sampling method: · absoluteValue—Absolute sampling. · deltaValue—Delta sampling.
TriggerValueID	OID of the monitored object.
TriggerValueIDWildcard	Wildcarding option for the OID: · false—Object OIDs are fully specified. · true—Object OIDs are wildcarded.
TriggerTargetTag	Remote tag for the monitored object.
TriggerContextName	Context for an object.
TriggerContextNameWildcard	Wildcarding option for the context · false—Contexts are fully specified. · true—Contexts are wildcarded.
TriggerFrequency	Trigger sampling interval.
TriggerObjOwner	Owner of the trigger object.
TriggerObjName	Name of the trigger object.
TriggerEnabled	Trigger status: · Enabled. · Disabled.
Existence entry
ExiTest	Type of the existence test: · present. · absent. · changed.
ExiStartUp	Type of the existence test for the first sampling: · present. · absent. · changed.
ExiObjOwner	Owner of the existence test object.
ExiObjName	Name of the existence test object.
ExiEvtOwner	Owner of the existence test event.
ExiEvtName	Name of the existence test event.
Boolean entry
BoolCmp	Boolean test type: · unequal. · equal. · less. · lessorequal. · greater. · greaterorequal.
BoolValue	Reference value for the Boolean test.
BoolStartUp	Whether the event is enabled for the first sampling: · true—The event is enabled for the first sampling. · false—The event is disabled for the first sampling.
BoolObjOwner	Owner of the Boolean test object.
BoolObjName	Name of the Boolean test object.
BoolEvtOwner	Owner of the Boolean event.
BoolEvtName	Name of the Boolean event.
Threshold entry
ThresStartUp	Threshold trigger test for the first sampling: · rising. · falling. · risingOrFalling.
ThresRising	Rising threshold.
ThresFalling	Falling threshold.
ThresDeltaRising	Delta rising threshold.
ThresDeltaFalling	Delta falling threshold.
ThresObjOwner	Owner of the threshold test object.
ThresObjName	Name of the threshold test object.
ThresRisEvtOwner	Owner of the rising event.
ThresRisEvtName	Name of the rising event.
ThresFalEvtOwner	Owner of the falling event.
ThresFalEvtName	Name of the falling event.
ThresDeltaRisEvtOwner	Owner of the Delta rising event.
ThresDeltaRisEvtName	Name of the Delta rising event.
ThresDeltaFalEvtOwner	Owner of the Delta falling event.
ThresDeltaFalEvtName	Name of the Delta falling event.

Related commands

snmp mib event trigger

event enable

Use event enable to enable an event.

Use undo event enable to disable an event.

Syntax

event enable

undo event enable

Default

An event is disabled.

Views

Event view

Predefined user roles

network-admin

Usage guidelines

For an event to be triggered when the trigger condition is met, execute the event enable command.

Examples

# Enable the event with the owner owner1 and the name EventA.

<Sysname> system-view

[Sysname] snmp mib event owner owner1 name EventA

[Sysname-event-owner1-EventA] event enable

Related commands

action

snmp mib event

event owner (trigger-Boolean view)

Use event owner to specify an event for a Boolean test.

Use undo event to restore the default.

Syntax

event owner event-owner name event-name

undo event

Default

No event is specified for a Boolean test.

Views

Trigger-Boolean view

Predefined user roles

network-admin

Parameters

event owner event-owner: Specifies the owner of an event. Use the trigger owner as the event owner.

name event-name: Specifies the name of an event, a case-sensitive string of 1 to 32 characters.

Examples

# Specify an event for a Boolean test.

<Sysname> system-view

[Sysname] snmp mib event trigger owner owner1 name triggerA

[Sysname-trigger-owner1-triggerA] test boolean

[Sysname-trigger-owner1-triggerA-boolean] event owner owner1 name event1

Related commands

snmp mib event trigger

test

event owner (trigger-existence view)

Use event owner to specify an event for an existence test.

Use undo event to restore the default.

Syntax

event owner event-owner name event-name

undo event

Default

No event is specified for an existence test.

Views

Trigger-existence view

Predefined user roles

network-admin

Parameters

event owner event-owner: Specifies the owner of an event. Use the trigger owner as the event owner.

name event-name: Specifies the name of an event, a case-sensitive string of 1 to 32 characters.

Examples

# Specify an event for an existence test.

<Sysname> system-view

[Sysname] snmp mib event trigger owner owner1 name triggerA

[Sysname-trigger-owner1-triggerA] test existence

[Sysname-trigger-owner1-triggerA-existence] event owner owner1 name event1

Related commands

snmp mib event trigger

test

falling

Use falling to set a falling threshold and specify a falling event.

Use undo falling to restore the default.

Syntax

falling { event owner event-owner name event-name | value integer-value }

undo falling { event | value }

Default

The falling threshold is 0, and no falling event is specified.

Views

Trigger-threshold view

Predefined user roles

network-admin

Parameters

event owner event-owner: Specifies the owner of an event. Use the trigger owner as the event owner.

name event-name: Specifies the name of an event, a case-sensitive string of 1 to 32 characters.

value integer-value: Specifies a falling threshold in the range of –2147483648 to 2147483647. The value must be smaller than or equal to the rising threshold.

Usage guidelines

A falling event is triggered if the value of the monitored object is smaller than or equal to the falling threshold.

If the value of the monitored object crosses the falling threshold at two or more samplings in succession, the event is triggered only at the first sampling.

Examples

# Set the falling threshold to 20.

<Sysname> system-view

[Sysname] snmp mib event trigger owner owner1 name triggerA

[Sysname-trigger-owner1-triggerA] test threshold

[Sysname-trigger-owner1-triggerA-threshold] falling value 20

Related commands

sample

snmp mib event trigger

test

frequency

Use frequency to set a sampling interval.

Use undo event to restore the default.

Syntax

frequency interval

undo frequency

Default

The sampling interval is 600 seconds.

Views

Trigger view

Predefined user roles

network-admin

Parameters

interval: Specifies a sampling interval in the range of 1 to 4294967295 seconds. The sampling interval must be greater than or equal to the minimum sampling interval.

Usage guidelines

To set the minimum sampling interval, execute the snmp mib event sample minimum command.

To avoid sampling failure, do not set the sampling interval too small when there are a large number of sampled objects.

Examples

# Set the sampling interval for a trigger to 360 seconds.

<Sysname> system-view

[Sysname] snmp mib event trigger owner owner1 name triggerA

[Sysname-trigger-owner1-triggerA] frequency 360

Related commands

snmp mib event sample minimum

snmp mib event trigger

object list (action-notification view)

Use object list to specify an object list for a notification action. The objects in the list will be added to the notification when the notification action is triggered.

Use undo object list to restore the default.

Syntax

object list owner objects-owner name objects-name

undo object list

Default

No object list is specified for a notification action.

Views

Action-notification view

Predefined user roles

network-admin

Parameters

owner objects-owner: Specifies an object list owner. Use the event owner as the object list owner.

name objects-name: Specifies an object list name, a case-sensitive string of 1 to 32 characters.

Usage guidelines

If you do not specify an object list for a notification action or the specified object list does not contain objects, no objects will be added to the triggered notification.

For more information, see "object list (trigger view)."

Examples

# Specify the object list with the owner owner1 and name listA for an event with the owner owner1 and name EventA.

<Sysname> system-view

[Sysname] snmp mib event owner owner1 name EventA

[Sysname-event-owner1-EventA] action notification

[Sysname-event-owner1-EventA-notification] object list owner owner1 name listA

Related commands

action

snmp mib event owner

object list (trigger view)

Use object list to specify an object list for a trigge. The objects in the list will be added to the triggered notification.

Use undo object list to restore the default.

Syntax

object list owner objects-owner name objects-name

undo object list

Default

No object list is specified for a trigger.

Views

Trigger view

Predefined user roles

network-admin

Parameters

owner objects-owner: Specifies an object list owner. Use the trigger owner as the object list owner.

name objects-name: Specifies an object list name, a case-sensitive string of 1 to 32 characters.

Usage guidelines

An object list is identified by its owner and name. After you specify a list of objects for a trigger, the objects in the list are added to the notification when the notification action is triggered.

You can configure the object list command in trigger view, trigger-test view (including trigger-Boolean view, trigger existence view, and trigger threshold view), and action-notification view. If the command is configured in any two of the views or all the three views, the object lists are added to the notification in the sequence: trigger view, trigger-test view, and action-notification view.

Examples

# Specify the object list with the owner owner1 and name objectA for a trigger.

<Sysname> system-view

[Sysname] snmp mib event trigger owner owner1 name triggerA

[Sysname-trigger-owner1-triggerA] object list owner owner1 name objectA

Related commands

snmp mib event trigger

object list (trigger-Boolean view)

Use object list to specify an object list for a Boolean trigger test. The objects in the list will be added to the notification triggered by the test.

Use undo object list to restore the default.

Syntax

object list objects-owner name objects-name

undo object list

Default

No object list is specified for a Boolean trigger test.

Views

Trigger-Boolean view

Predefined user roles

network-admin

Parameters

owner objects-owner: Specifies an object list owner. Use the trigger owner as the object list owner.

name objects-name: Specifies an object list name, a case-sensitive string of 1 to 32 characters.

Usage guidelines

For more information, see "object list (trigger view)."

Examples

# Specify the object list with the owner owner1 and name objectA for the trigger-Boolean trigger test.

<Sysname> system-view

[Sysname] snmp mib event trigger owner owner1 name triggerA

[Sysname-trigger-owner1-triggerA] test boolean

[Sysname-trigger-owner1-triggerA-boolean] object list owner owner1 name objectA

Related commands

snmp mib event trigger

test

object list (trigger-existence view)

Use object list to specify an object list for a Boolean trigger test. The objects in the list will be added to the notification triggered by the test.

Use undo object list to restore the default.

Syntax

object list owner objects-owner name objects-name

undo object list

Default

No object list is specified for a trigger-existence test.

Views

Trigger-existence view

Predefined user roles

network-admin

Parameters

owner objects-owner: Specifies an object list owner. Use the trigger owner as the object list owner.

name objects-name: Specifies an object list name, a case-sensitive string of 1 to 32 characters.

Usage guidelines

For more information, see "object list (trigger view)."

Examples

# Specify the object list with the owner owner1 and name objectA for the trigger-existence test.

<Sysname> system-view

[Sysname] snmp mib event trigger owner owner1 name triggerA

[Sysname-trigger-owner1-triggerA] test existence

[Sysname-trigger-owner1-triggerA-existence] object list owner owner1 name objectA

Related commands

snmp mib event trigger

test

object list (trigger-threshold view)

Use object list to specify an object list for a trigger-threshold test. The objects in the list will be added to the notification triggered by the test.

Use undo object list to restore the default.

Syntax

object list owner objects-owner name objects-name

undo object list

Default

No object list is specified for a trigger-threshold test.

Views

Trigger-threshold view

Predefined user roles

network-admin

Parameters

owner objects-owner: Specifies an object list owner. Use the trigger owner as the object list owner.

name objects-name: Specifies an object list name, a case-sensitive string of 1 to 32 characters.

Usage guidelines

For more information, see "object list (trigger view)."

Examples

# Specify the object list with the owner owner1 and name objectA for the trigger-threshold test.

<Sysname> system-view

[Sysname] snmp mib event trigger owner owner1 name triggerA

[Sysname-trigger-owner1-triggerA] test threshold

[Sysname-trigger-owner1-triggerA-threshold] object list owner owner1 name objectA

Related commands

snmp mib event trigger

test

oid (action-notification view)

Use oid to specify a notification to be sent when the notification action is triggered.

Use undo oid to restore the default.

Syntax

oid object-identifier

undo oid

Default

The OID is 0.0. No notification is specified for a notification action.

Views

Action-notification view

Predefined user roles

network-admin

Parameters

object-identifier: Specifies a notification OID, a case-sensitive string of 1 to 255 characters. It must be a trap node.

Usage guidelines

The notification OID configured by using this command will be carried in the notification when the notification action is taken.

Examples

# Specify the notification OID 1.3.6.1.2.1.14.16.2.1 for the event with the owner owner1 and name EventA.

<Sysname> system-view

[Sysname] snmp mib event owner owner1 name EventA

[Sysname-event-owner1-EventA] action notification

[Sysname-event-owner1-EventA-notification] oid 1.3.6.1.2.1.14.16.2.1

Related commands

action

snmp mib event owner

oid (action-set view)

Use oid to specify a set-action object.

Use undo oid to restore the default.

Syntax

oid object-identifier

undo oid

Default

The OID is 0.0. No object is specified for a set action.

Views

Action-set view

Predefined user roles

network-admin

Parameters

object-identifier: Specifies an object by its OID or name, a case-sensitive string of 1 to 255 characters. The object can be a table node, conceptual row node, table column node, leaf node, or parent leaf node.

Examples

# Specify the object with the OID 1.3.6.1.2.1.2.2.1.7.3 for the set action of an event with the owner owner1 and name EventA.

<Sysname> system-view

[Sysname] snmp mib event owner owner1 name EventA

[Sysname-event-owner1-EventA] action set

[Sysname-event-owner1-EventA-set] oid 1.3.6.1.2.1.2.2.1.7.3

Related commands

action

snmp mib event owner

wildcard oid (action-set view)

oid (trigger view)

Use oid to specify a MIB object for trigger sampling.

Use undo oid to restore the default.

Syntax

oid object-identifier

undo oid

Default

The OID is 0.0. No MIB object is specified for trigger sampling.

Views

Trigger view

Predefined user roles

network-admin

Parameters

Examples

# Specify the object with the OID 1.3.6.1.2.1.2.2.1.1.3 for trigger sampling.

<Sysname> system-view

[Sysname] snmp mib event trigger owner owner1 name triggerA

[Sysname-trigger-owner1-triggerA] oid 1.3.6.1.2.1.2.2.1.1.3

Related commands

snmp mib event trigger

rising

Use rising to specify a rising threshold.

Use undo rising to restore the default.

Syntax

rising { event owner event-owner name event-name | value integer-value }

undo rising { event | value }

Default

The rising threshold is 0, and no rising event is specified.

Views

Trigger-threshold view

Predefined user roles

network-admin

Parameters

event owner event-owner: Specifies an event owner. Use the trigger owner as the event owner.

name event-name: Specifies an event name, a case-sensitive string of 1 to 32 characters.

value integer-value: Specifies a rising threshold in the range of –2147483648 to 2147483647. The value must be greater than or equal to the falling threshold.

Usage guidelines

If the value of the monitored object crosses the rising threshold at two or more samplings in succession, an event is triggered only at the first sampling.

Examples

# Set the rising threshold to 50 and specify the rising event with the owner owner1 and name event1 for the threshold test.

<Sysname> system-view

[Sysname] snmp mib event trigger owner owner1 name triggerA

[Sysname-trigger-owner1-triggerA] test threshold

[Sysname-trigger-owner1-triggerA-threshold] rising value 50

[Sysname-trigger-owner1-triggerA-threshold] rising event owner owner1 name event1

Related commands

sample

snmp mib event trigger

test

sample

Use sample to specify a sampling method.

Use undo sample to restore the default.

Syntax

sample { absolute | delta }

undo sample

Default

The sampling method is absolute.

Views

Trigger view

Predefined user roles

network-admin

Parameters

absolute: Specifies the absolute sampling method. Use the current sampled value.

delta: Specifies the delta sampling method. Use the difference between the current sampled value and previous sampled value.

Usage guidelines

For delta sampling, obtain the difference between the current sampled value and previous sampled value as follows:

· If the object value is UINT type, use the larger value to subtract the smaller value.

· If the object value is INT type, use the present sampled value to subtract the previous sampled value.

Examples

# Specify the absolute sampling method.

<Sysname>system-view

[Sysname] snmp mib event trigger owner owner1 name triggerA

[Sysname-trigger-owner1-triggerA] sample absolute

Related commands

snmp mib event trigger

snmp mib event

Use snmp mib event to create an event and enter its view, or enter the view of an exsiting event.

Use undo snmp mib event to remove an event.

Syntax

snmp mib event owner event-owner name event-name

undo snmp mib event owner event-owner name event-name

Default

No event exists.

Views

System view

Predefined user roles

network-admin

Parameters

event-owner: Specifies an event owner. The event owner must be an existing SNMPv3 user.

event-name: Specifies an event name, a case-sensitive string of 1 to 32 characters.

Usage guidelines

An event is identified by its owner and name.

Examples

# Create an event with the owner owner1 and the name EventA and enter its view.

<Sysname> system-view

[Sysname] snmp mib event owner owner1 name EventA

[Sysname-event-owner1-EventA]

Related commands

action

description

event enable

snmp mib event

snmp mib event object list

Use snmp mib event object list to configure an Event MIB object list.

Use undo snmp mib event object list to restore the default.

Syntax

snmp mib event object list owner objects-owner name objects-name objects-index oid object-identifier [ wildcard ]

undo snmp mib event object list owner objects-owner name objects-name objects-index

Default

No Event MIB object list is configured.

Views

System view

Predefined user roles

network-admin

Parameters

owner group-owner: Specifies an object list owner. The object list owner must be an existing SNMPv3 user.

name group-name: Specifies an object list name, a case-sensitive string of 1 to 32 characters.

object-index argument: Specifies an object list index in the range of 1 to 4294967295.

oid object-identifier: Specifies an object by its OID or name, a case-sensitive string of 1 to 255 characters. The object can be a table node, a conceptual row node, a table column node, a leaf mode, or a parent leaf node.

wildcard: Enables wildcard search for objects. If you do not specify this keyword, the object is specified.

Usage guidelines

An object list is identified by its owner, name, and index. The specified objects in the object list will be carried in the triggered notification to the NMS.

Examples

# Configure an object list with the owner owner1, name objectA, and index 10. Specify the object with the OID 1.3.6.1.2.1.2.2.1.1.3 to be carried in the triggered notification.

<Sysname> system-view

[Sysname] snmp mib event object list owner owner1 name objectA 10 oid 1.3.6.1.2.1.2.2.1.1.3

Related commands

snmp mib event

snmp mib event trigger

snmp mib event sample instance maximum

Use snmp mib event sample instance maximum to specify the maximum number of object instances that can be concurrently sampled.

Use undo snmp mib event sample instance maximum to restore the default.

Syntax

snmp mib event sample instance maximum max-number

undo snmp mib event sample instance maximum

Default

The maximum number of object instances that can be concurrently sampled is limited by the available resources. The value is 0.

Views

System view

Predefined user roles

network-admin

Parameters

max-number: Specifies the maximum number of object instances that can be concurrently sampled. The value is in the range of 0 to 4294967295.

Usage guidelines

If you use the wildcard option for an object, Event MIB also samples the wildcarded object instances. Include the wildcarded object instances when you calculate the number of the concurrently sampled instances.

Changing the maximum number of object instances that can be concurrently sampled does not affect the existing instances. If the maximum number of object instances that can be concurrently sampled is changed to a value smaller than the number of existing instances, the existing instances will continue to be sampled.

Examples

# Set the maximum number to 10 for the object instances that can be concurrently sampled.

<Sysname> system-view

[Sysname] snmp mib event sample instance maximum 10

Related commands

snmp mib event sample minimum

Use snmp mib event sample minimum to specify the minimum sampling interval.

Use undo snmp mib event sample minimum to restore the default.

Syntax

snmp mib event sample minimum min-number

undo snmp mib event sample minimum

Default

The minimum sampling interval is 1 second.

Views

System view

Predefined user roles

network-admin

Parameters

min-number: Specifies the minimum sampling interval in the range of 1 to 2147483647, in seconds.

Usage guidelines

After you configure the minimum sampling interval, make sure the trigger sampling interval is greater than or equal to the minimum sampling interval.

Changing the minimum sampling interval does not affect the existing instances. If the minimum sampling interval is changed to a value smaller than the sampling interval of a trigger, the existing instances of the trigger will continue to be sampled at its interval.

Examples

# Set the minimum sampling interval to 50 seconds.

<Sysname> system-view

[Sysname] snmp mib event sample minimum 50

Related commands

frequency

snmp mib event trigger

Use snmp mib event trigger to create a trigger and enter its view, or enter the view of an existing trigger.

Use undo snmp mib event trigger to remove a trigger.

Syntax

snmp mib event trigger owner trigger-owner name trigger-name

undo snmp mib event trigger owner trigger-owner name trigger-name

Default

No trigger exists.

Views

System view

Predefined user roles

network-admin

Parameters

trigger-owner: Specifies an owner for a trigger, which must be an existing SNMPv3 user.

trigger-name: Specifies a name for a trigger, a case-sensitive string of 1 to 32 characters.

Usage guidelines

A trigger is identified by its owner and name. In trigger view, you can specify a monitored object and set an interval for sampling the object. An event is triggered when the sampled object meets the trigger condition.

If the trigger owner has no read access to the monitored object configured in trigger view, sampling on the object cannot be performed. For more information about SNMPv3 user access rights, see Network Management and Monitoring Configuration Guide.

Examples

# Create a trigger with the owner owner1 and name triggerA.

<Sysname> system-view

[Sysname] snmp mib event trigger owner owner1 name triggerA

[Sysname-trigger-owner1-triggerA]

snmp-agent trap enable event-mib

Use snmp-agent trap enable event-mib to enable the Event MIB trap feature.

Use undo snmp-agent trap enable event-mib to disable the Event MIB trap feature.

Syntax

snmp-agent trap enable event-mib

undo snmp-agent trap enable event-mib

Default

The Event MIB trap feature is enabled.

Views

System view

Predefined user roles

network-admin

Usage guidelines

After you enable the Event MIB trap feature, traps are generated when object sampling fails or a trigger condition is met and sent to the SNMP module. Traps include trigger trap, rising threshold break trap, falling threshold break trap, trigger-condition detection failure trap, and set-action trigger failure trap.

For the traps to be sent correctly, you must also configure SNMP on the device. For more information about SNMP configuration, see Network Management and Monitoring Configuration Guide.

Examples

# Enable the event MIB trap feature.

<Sysname> system-view

[Sysname] snmp-agent trap enable event-mib

startup (trigger-existence view)

Use startup to specify existence trigger test types for the first sampling.

Use undo startup to remove the existence trigger test types for the first sampling.

Syntax

startup { absent | present }

undo startup { absent | present }

Default

The existence test types for the first sampling are present and absent.

Views

Trigger-existence view

Predefined user roles

network-admin

Parameters

absent: Monitors the absence of a MIB object.

present: Monitors the presence of a MIB object.

Usage guidelines

For the first sampling, an event is triggered when the following conditions are met:

· Both the startup and type commands specify the existence test type as present and the state of the monitored object changes to present at the first sampling. If the monitored objects are wildcarded, the event is triggered independently for each wildcarded object.

· Both the startup command and type commands specify the existence trigger test type as absent and the state of the monitored object changes to absent at the first sampling. If the monitored objects are wildcarded, no event is triggered.

Examples

# Remove the present test configuration for the first sampling.

<Sysname> system-view

[Sysname] snmp mib event trigger owner owner1 name triggerA

[Sysname-trigger-owner1-triggerA] test existence

[Sysname-trigger-owner1-triggerA-existence] undo startup present

Related commands

type

startup (trigger-threshold view)

Use startup to specify a threshold trap type for the first sampling.

Use undo startup to restore the default.

Syntax

startup { falling | rising | rising-or-falling }

undo startup

Default

The threshold trap type for the first sampling is rising-or-falling.

Views

Trigger-threshold view

Predefined user roles

network-admin

Parameters

falling: Specifies the falling trap.

rising: Specifies the rising trap.

rising-or-falling: Specifies the rising or falling trap.

Usage guidelines

If the trap type for the first sampling is rising or rising-or-falling, a rising trap is triggered when the first sample value is greater than or equal to the rising threshold.

If the trap type for the first sampling is rising or rising-or-falling, a falling trap is triggered when the first sample value is smaller than or equal to the rising threshold.

If the first sampling fails or the monitored object does not exist at the first sampling, the second sampling is considered the first sampling.

Examples

# Specify the rising trap for the first sampling.

<Sysname> system-view

[Sysname] snmp mib event trigger owner owner1 name triggerA

[Sysname-trigger-owner1-triggerA] test threshold

[Sysname-trigger-owner1-triggerA-threshold] startup rising

Related commands

sample

snmp mib event trigger

test

startup enable

Use startup enable to enable an event to be triggered for the first Boolean sampling.

Use undo startup enable to disable an event to be triggered for the first Boolean sampling.

Syntax

startup enable

undo startup enable

Default

An event is triggered for the first Boolean sampling.

Views

Trigger-Boolean view

Predefined user roles

network-admin

Usage guidelines

For an event to be triggered when a trigger condition is met at the first Boolean sampling, execute the startup enable command.

If the first sampling fails or the monitored object does not exist at the first sampling, the second sampling is considered the first sampling.

Examples

# Trigger an event for the first Boolean sampling.

<Sysname> system-view

[Sysname] snmp mib event trigger owner owner1 name triggerA

[Sysname-trigger-owner1-triggerA] test boolean

[Sysname-trigger-owner1-triggerA-boolean] startup enable

Related commands

comparison

value

test

Use test to specify a trigger test type and enter its view.

Use undo test to remove a trigger test type.

Syntax

test { boolean | existence | threshold }

undo test { boolean | existence | threshold }

Default

No test type is specified for a trigger.

Views

Trigger view

Predefined user roles

network-admin

Parameters

boolean: Specifies the Boolean test. This test compares the value of the monitored object with the reference value.

existence: Specifies the existence test. This test monitors the absence, presence, and change of the monitored object.

threshold: Specifies the threshold test. This test compares the value of the monitored object with the specified thresholds, such as rising threshold and falling threshold.

Usage guidelines

For more information about the trigger tests, see the commands in the trigger-Boolean view, trigger-existence view, and trigger-threshold view .

Examples

# Specify the existence test for a trigger.

<Sysname> system-view

[Sysname] snmp mib event trigger owner owner1 name triggerA

[Sysname-trigger-owner1-triggerA] test existence

Related commands

snmp mib event trigger

trigger enable

Use trigger enable to enable a trigger.

Use undo trigger enable to disable a trigger.

Syntax

trigger enable

undo trigger enable

Default

A trigger is disabled.

Views

Trigger view

Predefined user roles

network-admin

Usage guidelines

Before you enable a trigger, make sure the trigger meets the following conditions:

· A monitored object is specified for the trigger.

· The trigger sampling interval is greater than or equal to the minimum sampling interval.

Examples

# Create and enable a trigger.

<Sysname>system-view

[Sysname] snmp mib event trigger owner owner1 name triggerA

[Sysname-trigger-owner1-triggerA] oid 1.3.6.1.2.1.2.2.1.1.3

[Sysname-trigger-owner1-triggerA] frequency 360

[Sysname-trigger-owner1-triggerA] trigger enable

Related commands

snmp mib event trigger

type

Use type to specify existence trigger test types.

Use undo type to remove the existence trigger test types.

Syntax

type { absent | changed | present }

undo type { absent |changed | present }

Default

The existence test types are present and absent.

Views

Trigger-existence view

Predefined user roles

network-admin

Parameters

absent: Monitors the absence of an object.

changed: Monitors the change of the value of an object. If the last sampling does not obtain a value, the event is not triggered.

present: Monitors the presence of an object.

Usage guidelines

For the first sampling, see "startup (trigger-existence view)".

The existence trigger tests also apply to the wildcarded instances of the monitor object.

Examples

# Specify the existence test type as present.

<Sysname> system-view

[Sysname] snmp mib event trigger owner owner1 name triggerA

[Sysname-trigger-owner1-triggerA] test existence

[Sysname-trigger-owner1-triggerA-existence] type present

Related commands

snmp mib event trigger

startup

test

value (action-set view)

Use value to set a value for a set-action object.

Use undo value to restore the default.

Syntax

value integer-value

undo value

Default

The value of a set-action object is 0.

Views

Action-set view

Predefined user roles

network-admin

Parameters

integer-value: Specifies a value for a set-action object. The value is in the range of –2147483648 to +2147483647.

Examples

# Set the value to 5 for the set-action object with the OID 1.3.6.1.2.1.2.2.1.7.3.

<Sysname> system-view

[Sysname] snmp mib event owner owner1 name EventA

[Sysname-event-owner1-EventA] action set

[Sysname-event-owner1-EventA-set] oid 1.3.6.1.2.1.2.2.1.7.3

[Sysname-event-owner1-EventA-set] value 2

Related commands

action

mib event owner

oid

value (trigger-Boolean view)

Use value to set a reference value for a Boolean test.

Use undo value to restore the default.

Syntax

value integer-value

undo value

Default

The reference value is 0.

Views

Trigger-Boolean view

Predefined user roles

network-admin

Parameters

integer-value: Specifies a reference value in the range of –2147483648 to +2147483647.

Usage guidelines

A Boolean trigger test compares the sampled value with the reference value.

Examples

# Set the reference value to 5 for the Boolean test.

<Sysname> system-view

[Sysname] snmp mib event trigger owner owner1 name triggerA

[Sysname-trigger-owner1-triggerA] test boolean

[Sysname-trigger-owner1-triggerA-boolean] value 5

Related commands

snmp mib event trigger

startup

test

wildcard context (action-set view)

Use wildcard context to enable wildcard search for the contexts of a set-action object.

Use undo wildcard context to restore the default.

Syntax

wildcard context

undo wildcard context

Default

The context of the set action is fully specified.

Views

Action-set view

Predefined user roles

network-admin

Usage guidelines

This command must be used in conjunction with the context command. A wildcarded context has two parts: the context specified by the context command and the wildcarded part.

Examples

# Specify the context for the set-action object as contextname1 and enable wildcard search for the contexts.

<Sysname> system-view

[Sysname] snmp mib event owner owner1 name EventA

[Sysname-event-owner1-EventA] action set

[Sysname-event-owner1-EventA-set] context contextname1

[Sysname-event-owner1-EventA-set] wildcard context

Related commands

action set

context

snmp mib event owner

wildcard context (trigger view)

Use wildcard context to enable wildcard search for the contexts of a monitored object.

Use undo wildcard context to restore the default.

Syntax

wildcard context

undo wildcard context

Default

The context of an object is fully specified.

Views

Trigger view

Predefined user roles

network-admin

Usage guidelines

This command must be used with the context command. A wildcarded context has two parts: the context specified by the context command and the wildcarded part.

Examples

# Specify the contexts for the monitored object as contextname and enable wildcard search for the contexts.

<Sysname> system-view

[Sysname] snmp mib event trigger owner owner1 name triggerA

[Sysname-trigger-owner1-triggerA] context contextname

[Sysname-trigger-owner1-triggerA] wildcard context

Related commands

context

snmp mib event trigger

wildcard oid (action-set view)

Use wildcard oid to enable wildcard search for the set-action object OIDs.

Use undo wildcard oid to restore the default.

Syntax

wildcard oid

undo wildcard oid

Default

The set-action object OID is fully specified.

Views

Action-set view

Predefined user roles

network-admin

Usage guidelines

This command must be used in conjunction with the oid command. A wildcarded OID has two parts: the OID specified by the oid command and the wildcarded part.

Examples

# Specify the set-action object by its OID 1.3.6.1.2.1.2.2.1.7 for the event with the owner owner1 and the name EventA. Enable wildcard search for the sec-action object OIDs.

<Sysname> system-view

[Sysname] snmp mib event owner owner1 name EventA

[Sysname-event-owner1-EventA] action set

[Sysname-event-owner1-EventA-set] oid 1.3.6.1.2.1.2.2.1.7

[Sysname-event-owner1-EventA-set] wildcard oid

Related commands

action set

oid

snmp mib event owner

wildcard oid (trigger view)

Use wildcard oid to enable wildcard search for the monitored object OIDs.

Use undo wildcard oid to restore the default.

Syntax

wildcard oid

undo wildcard oid

Default

A MIB object OID is fully specified.

Views

Trigger view

Predefined user roles

network-admin

Usage guidelines

This command must be used in conjunction with the oid command.

A wildcarded OID has two parts: the OID specified by the oid command and the wildcarded part.

For example, to specify interface description nodes of all interfaces, execute the oid ifDescr and wildcard oid commands.

Examples

# Specify the sampled object by its OID 1.3.6.1.2.1.1.6 for a trigger and enable wildcard search for the monitored object OIDs.

<Sysname> system-view

[Sysname] snmp mib event trigger owner owner1 name triggerA

[Sysname-trigger-owner1-triggerA] oid 1.3.6.1.2.1.1.6

[Sysname-trigger-owner1-triggerA] wildcard oid

Related commands

oid

snmp mib event trigger

NETCONF commands

display netconf service

Use display netconf service to display current NETCONF service status and global NETCONF service statistics.

Syntax

display netconf service

Views

Any view

Predefined user roles

network-admin

network-operator

Examples

# Display the current NETCONF service status and global NETCONF service statistics.

<Sysname> display netconf service

NETCONF over SOAP over HTTP: Enabled (port 80)

NETCONF over SOAP over HTTPS: Enabled (port 443)

NETCONF over SSH: Enabled (port 830)

NETCONF over Telnet: Enabled

NETCONF over Console: Enabled

SOAP timeout: 10 minutes Agent timeout: 10 minutes

Active sessions: 1

Service statistics:

NETCONF start time: 2015-10-10T08:08:08

Output notifications: 50

Output RPC errors: 20

Dropped sessions: 0

Sessions: 100

Received bad hellos: 0

Received RPCs: 1000

Received bad RPCs: 20

Table 54 Command output

Field	Description
SOAP timeout	NETCONF session idle timeout time for NETCONF over SOAP over HTTP sessions and NETCONF over SOAP over HTTPS sessions.
Agent timeout	NETCONF session idle timeout time for NETCONF over SSH sessions, NETCONF over Telnet sessions, and NETCONF over console sessions.
Active sessions	Number of active NETCONF sessions.
NETCONF start time	Time when the NETCONF service was started.
Output notifications	Number of subscribed notifications output by the device.
Output RPC errors	Number of erroneous RPC requests output by the device.
Dropped sessions	Number of NETCONF sessions dropped due to timeout or abnormal network disconnection.
Sessions	Number of established NETCONF sessions.
Received bad hellos	Number of received erroneous hello messages.
Received RPCs	Total number of RPC requests received by the device.
Received bad RPCs	Number of received erroneous RPC requests.

display netconf session

Use display netconf session to display NETCONF session status and statistics.

Syntax

display netconf session

Views

Any view

Predefined user roles

network-admin

network-operator

Examples

# Display NETCONF session status and statistics.

<Sysname> display netconf session

Session ID: 1 Session type: Agent

Username: test

Client IP address: 192.168.1.1

Session statistics:

Received RPCs : 10 Received bad RPCs : 0

Output RPC errors: 10 Output notifications: 0

Session ID: 2 Session type: SOAP

Username: test

Client IP address: 192.168.1.1

Session statistics:

Received RPCs : 10 Received bad RPCs : 0

Output RPC errors: 10 Output notifications: 0

Table 55 Command output

Field	Description
Session ID	ID of the NETCONF session.
Session type	NETCONF session type: · soap—NETCONF over SOAP over HTTP or NETCONF over SOAP over HTTPS. · agent—NETCONF over SSH, NETCONF over Telnet, or NETCONF over console.
Username	Username used by the NETCONF client to establish the session. If the session type is agent and login authentication was not performed, this field displays a hyphen (-).
Login time	Time when the NETCONF session was established.
Client IP address	IP address of the NETCONF client. This field displays a hyphen (-) for NETCONF over console sessions or NETCONF over AUX sessions.
Received RPCs	Number of received RPC requests.
Received bad RPCs	Number of received erroneous RPC requests.
Output RPC errors	Number of erroneous RPC requests output by the device.
Output notifications	Number of subscribed notifications output by the device.

netconf capability specific-namespace

Use netconf capability specific-namespace to configure the device to use module-specific namespaces.

Use undo netconf capability specific-namespace to restore the default.

Syntax

netconf capability specific-namespace

undo netconf capability specific-namespace

Default

The device uses the common namespace.

Views

System view

Predefined user roles

network-admin

Usage guidelines

NETCONF supports both the common namespace and module-specific namespaces. The common namespace is incompatible with module-specific namespaces. To set up a NETCONF session, the device and the client must use the same type of namespaces. By default, the common namespace is used. If the client does not support the common namespace, use this command to configure the device to use module-specific namespaces.

For this command to take effect, you must reestablish the NETCONF session.

Examples

# Configure the device to use module-specific namespaces.

<Sysname> system-view

[Sysname] netconf capability specific-namespace

netconf idle-timeout

Use netconf idle-timeout to set the NETCONF session idle timeout time.

Use undo netconf idle-timeout to restore the default.

Syntax

netconf { soap | agent } idle-timeout minute

undo netconf { soap | agent } idle-timeout

Default

The NETCONF session idle timeout time is 10 minutes for NETCONF over SOAP over HTTP sessions and NETCONF over SOAP over HTTPS sessions.

The NETCONF session idle timeout time is 0 minutes for NETCONF over SSH sessions, NETCONF over Telnet sessions, and NETCONF over console sessions. The sessions never time out.

Views

System view

Predefined user roles

network-admin

Parameters

soap: Specifies the NETCONF over SOAP over HTTP sessions and NETCONF over SOAP over HTTPS sessions.

agent: Specifies the NETCONF over SSH sessions, NETCONF over Telnet sessions, and NETCONF over console sessions.

minute: Specifies the NETCONF session idle timeout time in minutes. The value range is as follows:

· 1 to 999 for NETCONF over SOAP over HTTP sessions and NETCONF over SOAP over HTTPS sessions.

· 0 to 999 for NETCONF over SSH sessions, NETCONF over Telnet sessions, and NETCONF over console sessions. To disable the timeout feature, set this argument to 0.

Usage guidelines

If no NETCONF packets are exchanged on a NETCONF session within the NETCONF session idle timeout time, the device tears down the session.

Examples

# Set the NETCONF session idle timeout time to 20 minutes for NETCONF over SOAP over HTTP sessions and NETCONF over SOAP over HTTPS sessions.

<Sysname> system-view

[Sysname] netconf soap idle-timeout 20

netconf log

Use netconf log to enable NETCONF logging.

Use undo netconf log to remove the configuration for the specified NETCONF operation sources and NETCONF operations.

Syntax

netconf log source { all | { agent | soap | web } * } { { protocol-operation { all | { action | config | get | set | session | syntax | others } * } } | verbose }

undo netconf log source { all | { agent | soap | web } * } { { protocol-operation { all | { action | config | get | set | session | syntax | others } * } } | verbose }

Default

NETCONF logging is disabled.

Views

System view

Predefined user roles

network-admin

Parameters

source: Specifies a NETCONF operation source that represents clients that use a protocol.

· all: Specifies NETCONF clients that use all protocols.

· agent: Specifies clients that use Telnet, SSH, console, or NETCONF over SSH.

· soap: Specifies clients that use SOAP over HTTP, or SOAP over HTTPS.

· web: Specifies clients that use Web.

protocol-operation: Specifies a NETCONF operation type.

· all: Specifies all NETCONF operations.

· action: Specifies the action operation.

· config: Specifies the configuration-related NETCONF operations, including the CLI, save, load, rollback, lock, unlock, and save-point operations.

· get: Specifies the data retrieval-related NETCONF operations, including the get, get-config, get-bulk, get-bulk-config, and get-sessions operations.

· set: Specifies all edit-config operations.

· session: Specifies session-related NETCONF operations, including the kill-session and close-session operations, and capability exchanges by hello messages.

· syntax: Specifies the requests that include XML and schema errors.

· others: Specifies NETCONF operations except for those specified by keywords action, config, get, set, session, and syntax.

verbose: Logs detailed NETCONF information. For request operations, this keyword logs the texts of the requests after brief information. For service operations, this keyword takes effect only on edit-config operations. When an edit-config operation error occurs, this keyword logs detailed error information.

Usage guidelines

For NETCONF to correctly send the generated logs to the information center, you must also configure the information center. For information about information center configuration, see the network management and monitoring configuration guide for the device.

Examples

# Configure the device to log NETCONF edit-config information sourced from agent clients.

<Sysname> system-view

[Sysname] netconf log source agent protocol-operation set

netconf soap domain

Use netconf soap domain to specify a mandatory authentication domain for NETCONF users.

Use undo netconf soap domain to restore the default.

Syntax

netconf soap domain domain-name

undo netconf soap domain domain-name

Default

No mandatory authentication domain is specified for NETCONF users.

Views

System view

Predefined user roles

network-admin

Parameters

domain-name: Specifies an ISP domain by its name, a case-insensitive string of 1 to 255 characters. For information about ISP domains, see AAA in Security Configuration Guide.

Usage guidelines

You can use one of the following methods to specify an authentication domain:

· Execute the netconf soap domain command to specify a mandatory authentication domain. After this command is executed, all NETCONF users are placed in the domain for authentication.

· Add an authentication domain to the <UserName> parameter of a SOAP request. The authentication domain takes effect only on the current request.

The authentication domain specified by using this command takes precedence over the authentication domain specified by the <UserName> parameter of a SOAP request.

If you execute this command multiple times, the most recent configuration takes effect.

Examples

# Specify mandatory authentication domain my-domain for NETCONF users.

<Sysname> system-view

[Sysname] netconf soap domain my-domain

netconf soap http acl

Use netconf soap http acl to apply an IPv4 ACL to control NETCONF over SOAP over HTTP access.

Use undo netconf soap http acl to restore the default.

Syntax

netconf soap http acl { ipv4-acl-number | name ipv4-acl-name }

undo netconf soap http acl

Default

No IPv4 ACL is applied to control NETCONF over SOAP over HTTP access.

Views

System view

Predefined user roles

network-admin

Parameters

ipv4-acl-number: Specifies an IPv4 ACL by its number in the range of 2000 to 2999.

name ipv4-acl-name: Specifies an IPv4 ACL by its name. The ipv4-acl-name argument is a case-insensitive string of 1 to 63 characters. It must start with an English letter. To avoid confusion, it cannot be all.

Usage guidelines

This command is not available in FIPS mode.

Only NETCONF clients permitted by the IPv4 ACL can establish NETCONF over SOAP over HTTP sessions.

This command takes effect only if the IPv4 ACL is an existing IPv4 basic ACL and has rules. For more information about ACL configuration, see ACL and QoS Configuration Guide.

If you execute this command multiple times, the most recent configuration takes effect.

Examples

# Use ACL 2001 to allow only NETCONF clients from subnet 10.10.0.0/16 to establish NETCONF over SOAP over HTTP sessions.

<Sysname> system-view

[Sysname] acl basic 2001

[Sysname-acl-ipv4-basic-2001] rule permit source 10.10.0.0 0.0.255.255

[Sysname-acl-ipv4-basic-2001] quit

[Sysname] netconf soap http acl 2001

netconf soap http enable

Use netconf soap http enable to enable NETCONF over SOAP over HTTP.

Use undo netconf soap http enable to disable NETCONF over SOAP over HTTP.

Syntax

netconf soap http enable

undo netconf soap http enable

Default

NETCONF over SOAP over HTTP is disabled.

Views

System view

Predefined user roles

network-admin

Usage guidelines

This command is not available in FIPS mode.

This command enables the device to resolve NETCONF messages that are encapsulated with SOAP in HTTP packets.

Examples

# Enable NETCONF over SOAP over HTTP.

<Sysname> system-view

[Sysname] netconf soap http enable

netconf soap https acl

Use netconf soap https acl to apply an IPv4 ACL to control NETCONF over SOAP over HTTPS access.

Use undo netconf soap https acl to restore the default.

Syntax

netconf soap https acl { ipv4-acl-number | name ipv4-acl-name }

undo netconf soap https acl

Default

No IPv4 ACL is applied to control NETCONF over SOAP over HTTPS access.

Views

System view

Predefined user roles

network-admin

Parameters

ipv4-acl-number: Specifies an IPv4 ACL by its number in the range of 2000 to 2999.

Usage guidelines

Only NETCONF clients permitted by the IPv4 ACL can establish NETCONF over SOAP over HTTPS sessions.

This command takes effect only if the IPv4 ACL is an existing IPv4 basic ACL and has rules. For more information about ACL configuration, see ACL and QoS Configuration Guide.

If you execute this command multiple times, the most recent configuration takes effect.

Examples

# Use ACL 2001 to allow only NETCONF clients from subnet 10.10.0.0/16 to establish NETCONF over SOAP over HTTPS sessions.

<Sysname> system-view

[Sysname] acl basic 2001

[Sysname-acl-ipv4-basic-2001] rule permit source 10.10.0.0 0.0.255.255

[Sysname-acl-ipv4-basic-2001] quit

[Sysname] netconf soap https acl 2001

netconf soap https enable

Use netconf soap https enable to enable NETCONF over SOAP over HTTPS.

Use undo netconf soap https enable to disable NETCONF over SOAP over HTTPS.

Syntax

netconf soap https enable

undo netconf soap https enable

Default

NETCONF over SOAP over HTTPS is disabled.

Views

System view

Predefined user roles

network-admin

Usage guidelines

This command enables the device to resolve NETCONF messages that are encapsulated with SOAP in HTTPS packets.

Examples

# Enable NETCONF over SOAP over HTTPS.

<Sysname> system-view

[Sysname] netconf soap https enable

netconf ssh acl

Use netconf ssh acl to apply an IPv4 ACL to control NETCONF over SSH access.

Use undo netconf ssh acl to restore the default.

Syntax

netconf ssh acl { ipv4-acl-number | name ipv4-acl-name }

undo netconf ssh acl

Default

No IPv4 ACL is applied to control NETCONF over SSH access.

Views

System view

Predefined user roles

network-admin

Parameters

ipv4-acl-number: Specifies an IPv4 ACL by its number in the range of 2000 to 2999.

Usage guidelines

Only NETCONF clients permitted by the IPv4 ACL can establish NETCONF over SSH sessions.

This command takes effect only if the IPv4 ACL is an existing IPv4 basic ACL and has rules. For more information about ACL configuration, see ACL and QoS Configuration Guide.

If you execute this command multiple times, the most recent configuration takes effect.

Examples

# Use IPv4 ACL 2001 to allow only NETCONF clients from subnet 10.10.0.0/16 to establish NETCONF over SSH sessions.

<Sysname> system-view

[Sysname] acl basic 2001

[Sysname-acl-ipv4-basic-2001] rule permit source 10.10.0.0 0.0.255.255

[Sysname-acl-ipv4-basic-2001] quit

[Sysname] netconf ssh acl 2001

Related commands

netconf soap http acl

netconf soap https acl

netconf ssh server enable

Use netconf ssh server enable to enable NETCONF over SSH.

Use undo netconf ssh server enable to disable NETCONF over SSH.

Syntax

netconf ssh server enable

undo netconf ssh server enable

Default

NETCONF over SSH is disabled.

Views

System view

Predefined user roles

network-admin

Usage guidelines

This feature allows you to use an SSH client to invoke NETCONF as an SSH subsystem. Then, you can directly use XML messages to perform NETCONF operations without using the xml command.

Before you execute this command, configure the authentication mode for users as scheme on the device. Then, the NETCONF-over-SSH-enabled user terminals can access the device through NETCONF over SSH.

Only capability set urn:ietf:params:netconf:base:1.0 is available. It is supported by both the device and user terminals.

Examples

# Enable NETCONF over SSH.

<Sysname> system-view

[Sysname] netconf ssh server enable

netconf ssh server port

Use netconf ssh server port to specify a port to listen for NETCONF over SSH connections.

Use undo netconf ssh server port to restore the default.

Syntax

netconf ssh server port port-number

undo netconf ssh server port

Default

Port 830 listens for NETCONF over SSH connections.

Views

System view

Predefined user roles

network-admin

Parameters

port-number: Specifies a port by its number in the range of 1 to 65535.

Usage guidelines

When assigning a listening port, make sure the specified port is not being used by other services. The SSH service can share the same port with other services, but it might not operate correctly.

Examples

# Specify port 800 to listen for NETCONF over SSH connections.

<Sysname> system-view

[Sysname] netconf ssh server port 800

reset netconf service statistics

Use reset netconf service statistics to clear current global NETCONF service statistics.

Syntax

reset netconf service statistics

Views

User view

Predefined user roles

network-admin

Examples

# Clear current global NETCONF service statistics.

<Sysname> reset netconf service statistics

Related commands

display netconf service

reset netconf session statistics

Use reset netconf session statistics to clear current NETCONF session statistics.

Syntax

reset netconf session statistics

Views

User view

Predefined user roles

network-admin

Examples

# Clear current NETCONF session statistics.

<Sysname> reset netconf session statistics

Related commands

display netconf session

xml

Use xml to enter XML view.

Syntax

xml

Views

User view

Predefined user roles

network-admin

network-operator

Usage guidelines

In XML view, use NETCONF messages to configure the device or obtain data from the device. The NETCONF operations you can perform depend on the user roles you have, as shown in Table 56.

Table 56 NETCONF operations available for the predefined user roles

User role

NETCONF operations

network-admin

All NETCONF operations

network-operator

· Get

· Get-bulk

· Get-bulk-config

· Get-config

· Get-sessions

· Close-session

To ensure the format correctness of NETCONF messages in XML view, do not enter NETCONF messages manually. Copy and paste the messages.

While the device is performing a NETCONF operation, do not perform any other operations, such as pasting a NETCONF message or pressing Enter.

For the device to identify NETCONF messages, you must add end mark ]]>]]> at the end of each NETCONF message.

After you enter XML view, the device automatically advertises its NETCONF capabilities to the client. In response, you must configure the client to notify the device of its supported NETCONF capabilities. After the capability exchange, you can use the client to configure the device.

NETCONF messages must comply with the XML format requirements and semantic and syntactic requirements in the NETCONF XML API reference for the device. As a best practice, use third-party software to generate NETCONF messages to ensure successful configuration.

To quit XML view, use a NETCONF message instead of the quit command.

If you have configured a shortcut key (Ctrl + C, by default) by using the escape-key command in user line/user line class view, the NETCONF message should not contain the shortcut key string. If the NETCONF message contains the shortcut key string, relevant configurations in XML view might be affected. For example, in user line view, you configured "a" as the shortcut key by using the escape-key a command. When a NETCONF message includes the character "a," only the contents after the last "a" in the message can be processed.

Examples

# Enter XML view.

<Sysname> xml

<?xml version="1.0" encoding="UTF-8"?><hello xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"><capabilities><capability>urn:ietf:params:netconf:base:1.0</capability><capability>urn:ietf:params:netconf:capability:writable-running:1.0</capability><capability>urn:ietf:params:netconf:capability:notification:1.0</capability><capability>urn:ietf:params:netconf:capability:validate:1.0</capability><capability>urn:ietf:params:netconf:capability:interleave:1.0</capability><capability>urn:ietf:params:netconf:capability:rollback-on-error:1.0</capability><capability>urn:hp:params:netconf:capability:hp-netconf-ext:1.0</capability><capability>urn:hp:params:netconf:capability:hp-save-point::1.0</capability></capabilities><session-id>1</session-id></hello>]]>]]>

# Notify the device of the NETCONF capabilities supported on the client.

urn:ietf:params:netconf:base:1.0

</capability>

</capabilities>

</hello>]]>]]>

# Quit XML view.

<close-session>

</close-session>

</rpc>]]>]]>

CWMP commands

cwmp

Use cwmp to enter CWMP view.

Syntax

cwmp

Views

System view

Predefined user roles

network-admin

Examples

# Enter CWMP view.

<Sysname> system-view

[Sysname] cwmp

Related commands

cwmp enable

cwmp acs default password

Use cwmp acs default password to configure a password for authentication to the default ACS URL.

Use undo cwmp acs default password to restore the default.

Syntax

cwmp acs default password { cipher | simple } string

undo cwmp acs default password

Default

No password is configured for authentication to the default ACS URL.

Views

CWMP view

Predefined user roles

network-admin

Parameters

cipher: Specifies a password in encrypted form.

simple: Specifies a password in plaintext form. For security purposes, the password specified in plaintext form will be stored in encrypted form.

string: Specifies the password. Its plaintext form is a case-sensitive string of 1 to 255 characters. Its encrypted form is a case-sensitive string of 33 to 373 characters.

Usage guidelines

You can configure only one password for authentication to the default ACS URL. If you execute this command multiple times, the most recent configuration takes effect.

For a successful connection, make sure the CPE has the same username and password settings as the ACS.

You do not need to configure this command if the default ACS URL does not require a password for authentication.

Examples

# Configure the password used for authentication to the default ACS URL.

<Sysname> system-view

[Sysname] cwmp

[Sysname-cwmp] cwmp acs default password simple newpsw

Related commands

cwmp acs default url

cwmp acs default username

cwmp acs default url

Use cwmp acs default url to specify a default ACS URL.

Use undo cwmp acs default url to restore the default.

Syntax

cwmp acs default url url

undo cwmp acs default url

Default

No default ACS URL is specified.

Views

CWMP view

Predefined user roles

network-admin

Parameters

url: Specifies the default ACS URL, a string of 8 to 255 characters. The URL must use the http://host[:port]/path or https://host[:port]/path format.

Usage guidelines

The CPE attempts to connect to the default ACS URL if no ACS URL has been assigned to it through the cwmp acs url command or DHCP.

You can configure only one default ACS URL. If you execute this command multiple times, the most recent configuration takes effect.

Examples

# Specify the default ACS URL.

<Sysname> system-view

[Sysname] cwmp

[Sysname-cwmp] cwmp acs default url http://www.acs.com:80/acs

Related commands

cwmp acs default password

cwmp acs default username

Use cwmp acs default username to configure the username for authentication to the default ACS.

Use undo cwmp acs default username to restore the default.

Syntax

cwmp acs default username username

undo cwmp acs default username

Default

No username is configured for authentication to the default ACS.

Views

CWMP view

Predefined user roles

network-admin

Parameters

username: Specifies a username, a case-sensitive string of 1 to 255 characters.

Usage guidelines

You can configure only one username for authentication to the default ACS URL. If you execute this command multiple times, the most recent configuration takes effect.

For a successful connection, make sure the CPE has the same username and password settings as the ACS.

Examples

# Configure the username for authentication to the default ACS URL.

<Sysname> system-view

[Sysname] cwmp

[Sysname-cwmp] cwmp acs default username newname

Related commands

cwmp acs default password

cwmp acs default url

cwmp acs password

Use cwmp acs password to configure the password for authentication to the preferred ACS URL.

Use undo cwmp acs password to restore the default.

Syntax

cwmp acs password { cipher | simple } string

undo cwmp acs password

Default

No password is configured for authentication to the preferred ACS URL.

Views

CWMP view

Predefined user roles

network-admin

Parameters

cipher: Specifies a password in encrypted form.

simple: Specifies a password in plaintext form. For security purposes, the password specified in plaintext form will be stored in encrypted form.

string: Specifies the password. Its plaintext form is a case-sensitive string of 1 to 255 characters. Its encrypted form is a case-sensitive string of 33 to 373 characters.

Usage guidelines

You can configure only one password for authentication to the preferred ACS URL. If you execute this command multiple times, the most recent configuration takes effect.

For a successful connection, make sure the CPE has the same username and password settings as the ACS.

You do not need to configure this command if the default ACS URL does not require a password for authentication.

Examples

# Configure the password used for authentication to the preferred ACS URL.

<Sysname> system-view

[Sysname] cwmp

[Sysname-cwmp] cwmp acs password simple newpsw

Related commands

cwmp acs url

cwmp acs username

cwmp acs url

Use cwmp acs url to specify a preferred ACS URL.

Use undo cwmp acs url to restore the default.

Syntax

cwmp acs url url

undo cwmp acs url

Default

No preferred ACS URL is specified.

Views

CWMP view

Predefined user roles

network-admin

Parameters

url: Specifies the preferred ACS URL, a string of 8 to 255 characters. The URL must use the http://host[:port]/path or https://host[:port]/path format.

Usage guidelines

The device supports only one preferred ACS URL. If you execute this command multiple times, the most recent configuration takes effect.

The preferred ACS URL is configurable from the CPE's CLI, the DHCP server, and the ACS. The CLI- and ACS-assigned URLs have higher priority than the DHCP-assigned URL. The CLI- and ACS-assigned URLs overwrite each other.

The CPE uses the default ACS attributes for connection establishment only when it is not assigned a preferred ACS URL from the CLI, ACS, or DHCP server.

Examples

# Specify the ACS URL.

<Sysname> system-view

[Sysname] cwmp

[Sysname-cwmp] cwmp acs url http://www.acs.com:80/acs

cwmp acs username

Use cwmp acs username to configure the username for authentication to the preferred ACS URL.

Use undo cwmp acs username to restore the default.

Syntax

cwmp acs username username

undo cwmp acs username

Default

No username is configured for authentication to the preferred ACS URL.

Views

CWMP view

Predefined user roles

network-admin

Parameters

username: Specifies a username, a case-sensitive string of 1 to 255 characters.

Usage guidelines

You can configure only one username for authentication to the preferred ACS URL. If you execute this command multiple times, the most recent configuration takes effect.

For a successful connection, make sure the CPE has the same username and password settings as the ACS.

Examples

# Configure the username used for authentication to the preferred ACS URL.

<Sysname> system-view

[Sysname] cwmp

[Sysname-cwmp] cwmp acs username newname

Related commands

cwmp acs password

cwmp cpe connect interface

Use cwmp cpe connect interface to specify the CWMP connection interface.

Use undo cwmp cpe connect interface to restore the default.

Syntax

cwmp cpe connect interface interface-type interface-number

undo cwmp cpe connect interface

Default

No CWMP connection interface is specified. The CPE automatically selects the CWMP connection interface.

Views

CWMP view

Predefined user roles

network-admin

Parameters

interface-type interface-number: Specifies the type and number of the CWMP connection interface.

Usage guidelines

A CWMP connection interface is the interface that the CPE uses to communicate with the ACS. To establish a CWMP connection, the CPE sends the IP address of this interface in the Inform message, and the ACS replies to this IP address.

If the interface that connects the CPE to the ACS is the only Layer 3 interface that has an IP address on the device, you do not need to specify the CWMP connection interface.

If the CPE has multiple Layer 3 interfaces, specify the interface that connects to the ACS as the CWMP connection interface. This manual setting prevents incorrect CWMP connection interface selection, which might occur with automatic selection.

Examples

# Specify GigabitEthernet 1/0/1 as the CWMP connection interface.

<Sysname> system-view

[Sysname] cwmp

[Sysname-cwmp] cwmp cpe connect interface gigabitethernet 1/0/1

cwmp cpe connect retry

Use cwmp cpe connect retry to set the maximum number of attempts the CPE can make to retry a failed CWMP connection.

Use undo cwmp cpe connect retry to restore the default.

Syntax

cwmp cpe connect retry retries

undo cwmp cpe connect retry

Default

The CPE retries a failed connection until the connection is established with the ACS.

Views

CWMP view

Predefined user roles

network-admin

Parameters

retries: Specifies the maximum number of CWMP connection retries. The value range is 0 to 100. To disable the CPE to retry a CWMP connection, set this argument to 0.

Usage guidelines

The CPE retries connecting to the ACS when its initial connection attempt fails or the CWMP session is ended before the CPE receives a session closed message from the ACS. The CPE does not stop its connection retry attempts until the connection is established or the number of connection retries reaches the upper limit.

Examples

# Set the maximum number of CWMP connection retries to 5.

<Sysname> system-view

[Sysname] cwmp

[Sysname-cwmp] cwmp cpe connect retry 5

cwmp cpe inform interval

Use cwmp cpe inform interval to set the periodic Inform interval.

Use undo cwmp cpe inform interval to restore the default.

Syntax

cwmp cpe inform interval interval

undo cwmp cpe inform interval

Default

The periodic Inform interval is 600 seconds.

Views

CWMP view

Predefined user roles

network-admin

Parameters

interval: Sets the periodic Inform interval in the range of 10 to 86400 seconds.

Usage guidelines

This command sets the interval for the CPE to send Inform messages automatically to the ACS. For the command to take effect, you must configure the cwmp cpe inform interval enable command.

Examples

# Set the periodic Inform interval to 3600 seconds.

<Sysname> system-view

[Sysname] cwmp

[Sysname-cwmp] cwmp cpe inform interval enable

[Sysname-cwmp] cwmp cpe inform interval 3600

Related commands

cwmp cpe inform interval enable

Use cwmp cpe inform interval enable to enable the periodic Inform feature.

Use undo cwmp cpe inform interval enable to restore the default.

Syntax

cwmp cpe inform interval enable

undo cwmp cpe inform interval enable

Default

The CPE does not send Inform messages periodically.

Views

CWMP view

Predefined user roles

network-admin

Usage guidelines

If this command is configured, the CPE sends Inform messages regularly to establish a CWMP session with the ACS. To set the periodic Inform interval, use the cwmp cpe inform interval command.

Examples

# Enable the periodic Inform feature.

<Sysname> system-view

[Sysname] cwmp

[Sysname-cwmp] cwmp cpe inform interval enable

Related commands

cwmp cpe inform interval

cwmp cpe inform time

Use cwmp cpe inform time to schedule a connection initiation for the CPE to connect to the ACS.

Use undo cwmp cpe inform time to restore the default.

Syntax

cwmp cpe inform time time

undo cwmp cpe inform time

Default

No connection initiation has been scheduled.

Views

CWMP view

Predefined user roles

network-admin

Parameters

time: Specifies the time at which the CPE sends an Inform message. The time format is yyyy-mm-ddThh:mm:ss, and the value range is 1970-01-01T00:00:00 to 2035-12-31T23:59:59. The specified time must be greater than the current system time.

Examples

# Configure the CPE to send an Inform message at 2007-12-01T20:00:00.

<Sysname> system-view

[Sysname] cwmp

[Sysname-cwmp] cwmp cpe inform time 2012-12-01T20:00:00

cwmp cpe password

Use cwmp cpe password to configure the password for the CPE to authenticate the ACS.

Use undo cwmp cpe password to restore the default.

Syntax

cwmp cpe password { cipher | simple } string

undo cwmp cpe password

Default

No password is configured for authenticating the ACS.

Views

CWMP view

Predefined user roles

network-admin

Parameters

cipher: Specifies a password in encrypted form.

simple: Specifies a password in plaintext form. For security purposes, the password specified in plaintext form will be stored in encrypted form.

string: Specifies the password. Its plaintext form is a case-sensitive string of 1 to 255 characters. Its encrypted form is a case-sensitive string of 33 to 373 characters.

Usage guidelines

You can configure only one password for the ACS to authenticate to the CPE when it initiates a connection. If you execute this command multiple times, the most recent configuration takes effect.

For a successful connection, make sure the ACS has the same username and password settings as the CPE.

If a password is configured, the ACS must provide the correct password when it requests the CPE to initiate a CWMP session. If the password is incorrect, the CPE denies the connection request from the ACS.

You do not need to configure this command if you want to disable ACS authentication or authenticate the ACS only based on its username.

Examples

# Configure the password used for authenticating the ACS.

<Sysname> system-view

[Sysname] cwmp

[Sysname-cwmp] cwmp cpe password simple newpsw

Related commands

cwmp cpe username

cwmp cpe provision-code

Use cwmp cpe provision-code to configure the provision code of the CPE.

Use undo cwmp cpe provision-code to restore the default.

Syntax

cwmp cpe provision-code provision-code

undo cwmp cpe provision-code

Default

The provision code is PROVISIONCODE.

Views

CWMP view

Predefined user roles

network-admin

Parameters

provision-code: Specifies a provision code, a string of 1 to 64 characters. The string can contain uppercase letters, digits, and the full stop (.).

Usage guidelines

The ACS can use the provision code to identify services assigned to each CPE. For correct configuration deployment, make sure the same provision code is configured on the CPE and the ACS. For information about the support of your ACS for provision codes, see the ACS documentation.

The CPE can have only one provision code. If you execute this command multiple times, the most recent configuration takes effect.

Examples

# Set the provision code to ABC20150714.

<Sysname> system

[Sysname] cwmp

[Sysname-cwmp] cwmp cpe provision-code ABC20150714

cwmp cpe stun enable

Use cwmp cpe stun enable to enable NAT traversal for the connection requests from the ACS to reach the CPE through a NAT gateway.

Use undo cwmp cpe stun enable to disable NAT traversal for the connection requests from the ACS to reach the CPE through a NAT gateway.

Syntax

cwmp cpe stun enable

undo cwmp cpe stun enable

Default

NAT traversal is disabled for CWMP.

Views

CWMP view

Predefined user roles

network-admin

Usage guidelines

Connection requests initiated from the CPE can reach the ACS through a NAT gateway without NAT traversal. However, for the connection request initiated from the ACS to reach the CPE, you must enable NAT traversal on the CPE when a NAT gateway resides between the CPE and the ACS.

The NAT traversal feature complies with Simple Traversal of UDP Through NATs (STUN), RFC 3489. The feature enables the CPE to do the following:

· Discovers the NAT gateway.

· Obtains an open NAT binding (a public IP address and port binding) through which the ACS can send unsolicited packets.

The CPE sends the binding to the ACS when it initiates a connection to the ACS. For the connection requests sent by the ACS at any time to reach the CPE, the CPE maintains the open NAT binding.

For more information about NAT, see Layer 3—IP Services Configuration Guide.

Examples

# Enable NAT traversal for the CPE.

<Sysname> system-view

[Sysname] cwmp

[Sysname-cwmp] cwmp cpe stun enable

cwmp cpe username

Use cwmp cpe username to configure the username for the CPE to authenticate the ACS.

Use undo cwmp cpe username to restore the default.

Syntax

cwmp cpe username username

undo cwmp cpe username

Default

No username is configured for authenticating the ACS.

Views

CWMP view

Predefined user roles

network-admin

Parameters

username: Specifies a username, a case-sensitive string of 1 to 255 characters.

Usage guidelines

You can configure only one username for the ACS to authenticate to the CPE when it initiates a connection. If you execute this command multiple times, the most recent configuration takes effect.

For a successful connection, make sure the ACS has the same username setting as the CPE. If a password is required, you must also make sure the ACS has the same password setting as the CPE.

The ACS must provide the correct username when it requests the CPE to initiate a CWMP session. If the username is incorrect, the CPE denies the connection request from the ACS.

You do not need to configure this command if you want to disable ACS authentication.

Examples

# Configure the username used for authenticating the ACS.

<Sysname> system-view

[Sysname] cwmp

[Sysname-cwmp] cwmp cpe username newname

Related commands

cwmp cpe password

cwmp cpe wait timeout

Use cwmp cpe wait timeout to set the close-wait timer for the CPE to close an idle connection.

Use undo cwmp cpe wait timeout to restore the default.

Syntax

cwmp cpe wait timeout seconds

undo cwmp cpe wait timeout

Default

The close-wait timer is 30 seconds.

Views

CWMP view

Predefined user roles

network-admin

Parameters

seconds: Sets the close-wait timer, in the range of 30 to 1800 seconds.

Usage guidelines

The close-wait timer specifies the amount of time the connection to the ACS can be idle before it is terminated. The CPE terminates the connection to the ACS if no traffic is transmitted before the timer expires.

The timer also specifies the maximum amount of time the CPE waits for the response to a session request. The CPE determines that its session attempt has failed when the timer expires. By default, the CPE retries a failed session until the session is established with the ACS. To limit the number of retries, use the cwmp cpe connect retry command.

Examples

# Set the close-wait time to 60 seconds.

<Sysname> system-view

[Sysname] cwmp

[Sysname-cwmp] cwmp cpe wait timeout 60

cwmp enable

Use cwmp enable to enable CWMP.

Use undo cwmp enable to disable CWMP.

Syntax

cwmp enable

undo cwmp enable

Default

CWMP is disabled.

Views

CWMP view

Predefined user roles

network-admin

Usage guidelines

CWMP configuration takes effect only after CWMP is enabled.

Examples

# Enable CWMP.

<Sysname> system-view

[Sysname] cwmp

[Sysname-cwmp] cwmp enable

Related commands

cwmp

display cwmp configuration

Use display cwmp configuration to display the CWMP configuration.

Syntax

display cwmp configuration

Views

Any view

Predefined user roles

network-admin

network-operator

Examples

# Display the CWMP configuration after CWMP is enabled.

<Sysname> display cwmp configuration

CWMP state : Enabled

ACS URL : http://www.acs.com:80/acs

ACS username : newname

ACS default URL : Null

ACS default username : defname

Periodic inform : Disabled

Inform interval : 600s

Inform time : None

Wait timeout : 30s

Connection retries : Unlimited

Source IP interface : None

STUN state : Disabled

SSL policy name : Null

Table 57 Command output

Field	Description
CWMP state	Status of CWMP: Enabled or Disabled.
ACS URL	Preferred ACS URL. This field displays Null if no preferred ACS URL has been specified.
ACS username	Username for the CPE to authenticate to the ACS. This field displays Null if no username has been configured for authentication to the preferred ACS URL.
ACS default URL	Default ACS URL. The CPE attempts to connect to the default ACS URL if no ACS URL has been assigned to it through the cwmp acs url command, ACS, or DHCP. This field displays Null if no default ACS URL has been configured.
ACS default username	Username for the CPE to authenticate to the default ACS URL. This field displays Null if no username has been configured for authentication to the default ACS URL.
Periodic inform	Status of the periodic Inform feature: Enabled or Disabled.
Inform interval	Periodic Inform interval. The default interval is 600 seconds.
Inform time	Date and time at which an Inform message is scheduled to be sent. If you do not schedule an Inform sending, this field displays None.
Wait timeout	Close-wait timer. This timer is configurable with the cwmp cpe wait timeout command.
Connection retries	Number of attempts the CPE can make to retry a failed CWMP connection. This field displays Unlimited if the default setting is used. The CPE retries a failed session until the session is established with the ACS.
Source IP interface	IP address of the specified CWMP connection interface. This field displays None if you have not specified a CWMP connection interface.
STUN state	Status of NAT traversal for CWMP: Enabled or Disabled. For the connection request initiated from the ACS to reach the CPE, you must enable NAT traversal when a NAT gateway resides between the CPE and the ACS.
SSL policy name	SSL client policy specified for the CPE to authenticate the ACS for establishing an HTTPS connection. You must specify an SSL client policy when HTTPS is used. This field displays Null if you have not specified an SSL client policy.

Related commands

display cwmp status

Use display cwmp status to display CWMP state information.

Syntax

display cwmp status

Views

Any view

Predefined user roles

network-admin

network-operator

Examples

# Display CWMP state information.

<Sysname> display cwmp status

CWMP state : Enabled

ACS URL of most recent connection : http://www.acs.com:80/acs

ACS information source : User

ACS username of most recent connection : newname

Connection status : Disconnected

Data transfer status : None

Most recent successful connection attempt : None

Length of time before next connection attempt : 1096832s

Table 58 Command output

Field	Description
CWMP state	Status of CWMP: Enabled or Disabled.
ACS URL of most recent connection	ACS URL used for the most recent connection attempt. This field displays Null if no ACS URL was available.
ACS information source	Source from which the CPE obtained the ACS URL: · User—ACS URL assigned by using the cwmp acs url command or by ACS. · DHCP—ACS URL assigned by the DHCP server. · Default—ACS URL assigned by using the cwmp acs default url command. This field displays None if no ACS URL was available.
ACS username of most recent connection	Username used for the most recent connection to the ACS. This field displays Null if no ACS username was available.
Connection status	Current CWMP session status: · Connected—A CWMP session has been established to the ACS. · Disconnected—No CWMP session has been established to the ACS. · Waiting response—The CPE is waiting for the connection response from the ACS.
Data transfer status	Data transfer status of the CPE: · Uploading—The CPE is uploading data. · Downloading—The CPE is downloading data. · None—No data is transferred.
Most recent successful connection attempt	Time of the most recent successful CWMP connection. This field displays None if no CWMP session was established.
Length of time before next connection attempt	Amount of time (in seconds) that the CPE must wait before it initiates the next connection. This field displays None if the CPE does not detect an event that will trigger a connection attempt.

Related commands

display cwmp configuration

ssl client-policy

Use ssl client-policy to specify an SSL client policy for CWMP.

Use undo ssl client-policy to restore the default.

Syntax

ssl client-policy policy-name

undo ssl client-policy

Default

No SSL client policy is specified for CWMP.

Views

CWMP view

Predefined user roles

network-admin

Parameters

policy-name: Specifies the name of an SSL client policy, a string of 1 to 31 characters.

Usage guidelines

CWMP uses HTTP or HTTPS for data transmission. If the ACS uses HTTPS for secure access, its URL begins with https://. You must configure an SSL client policy for the CPE to authenticate the ACS for establishing an HTTPS connection. For more information about configuring SSL client policies, see Security Configuration Guide.

Examples

# Specify the SSL client policy test for CWMP.

<Sysname> system

[Sysname] cwmp

[Sysname-cwmp] ssl client-policy test

EAA commands

Commands and descriptions for centralized devices apply to the following routers:

· MSR810/810-W/810-W-DB/810-LM/810-W-LM/810-10-PoE/810-LM-HK/810-W-LM-HK/810-LMS/810-LUS.

· MSR2600-6-X1/2600-10-X1.

· MSR 2630.

· MSR3600-28/3600-51.

· MSR3600-28-SI/3600-51-SI.

· MSR3610-X1/3610-X1-DP/3610-X1-DC/3610-X1-DP-DC.

· MSR 3610/3620/3620-DP/3640/3660.

· MSR810-LM-GL/810-W-LM-GL/830-6EI-GL/830-10EI-GL/830-6HI-GL/830-10HI-GL/2600-6-X1-GL/3600-28-SI-GL.

Commands and descriptions for distributed devices apply to the following routers:

· MSR5620.

· MSR 5660.

· MSR 5680.

action cli

Use action cli to add a CLI action to a monitor policy.

Use undo action to remove an action.

Syntax

action number cli command-line

undo action number

Default

Monitor policies do not contain any actions.

Views

CLI-defined policy view

Predefined user roles

network-admin

Parameters

number: Specifies an action ID in the range of 0 to 231.

cli command-line: Specifies the command line to be executed when the event occurs. You can enter abbreviated forms of command keywords, but you must make sure the forms can uniquely identify the command keywords. For example, you can enter int loop 1 for the interface loopback 1 command.

Usage guidelines

You can configure a series of actions to be executed in response to the event specified in a monitor policy. If two actions have the same ID, the most recent one takes effect.

EAA executes the actions in ascending order of action IDs. When you add actions to a policy, you must make sure the execution order is correct.

To execute a command in a view other than user view, you must define actions required for accessing the target view before defining the command execution action. In addition, you must number the actions in the order they should be executed, starting with entering system view.

For example, to shut down an interface, you must create the following actions in order:

1. Action to enter system view.

2. Action to enter interface view.

3. Action to shut down the interface.

When you define an action, you can specify a value or specify a variable name for an argument. For more information about using EAA environment variables, see "rtm environment."

Examples

# Configure the CLI-defined policy test to shut down GigabitEthernet 1/0/1 when the policy is triggered.

<Sysname> system-view

[Sysname] rtm cli-policy test

[Sysname-rtm-test] action 1 cli system-view

[Sysname-rtm-test] action 2 cli interface gigabitethernet 1/0/1

[Sysname-rtm-test] action 3 cli shutdown

action reboot

Use action reboot to add a reboot action to a monitor policy.

Use undo action to remove an action.

Syntax

Centralized devices in standalone mode:

action number reboot

undo action number

Distributed devices in standalone mode/centralized devices in IRF mode:

action number reboot [ slot slot-number [ subslot subslot-number ] ]

undo action number

Distributed devices in IRF mode:

action number reboot [ chassis chassis-number [ slot slot-number [ subslot subslot-number ] ] ]

undo action number

Default

Monitor policies do not contain any actions.

Views

CLI-defined policy view

Predefined user roles

network-admin

Parameters

number: Specifies an action ID in the range of 0 to 231.

chassis chassis-number: Specifies an IRF member device by its member ID. If you do not specify a member device, the command reboots all IRF member devices. (Distributed devices in IRF mode.)

slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command reboots all cards. (Distributed devices in standalone mode.)

slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command reboots all cards. (Distributed devices in IRF mode.)

slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, the command reboots all IRF member devices. (Centralized devices in IRF mode.)

subslot subslot-number: Specifies a subcard by its slot number. If you do not specify a subcard, the command reboots the slot.

The following matrix shows the subslot subslot-number option and hardware compatibility:

Hardware	Option compatibility
MSR810/810-W/810-W-DB/810-LM/810-W-LM/810-10-PoE /810-LM-HK/810-W-LM-HK/810-LMS/810-LUS	No
MSR2600-6-X1/2600-10-X1	No
MSR 2630	No
MSR3600-28/3600-51	No
MSR3600-28-SI/3600-51-SI	No
MSR3610-X1/3610-X1-DP/3610-X1-DC/3610-X1-DP-DC	No
MSR 3610/3620/3620-DP/3640/3660	No
MSR5620/5660/5680	Yes

Hardware	Option compatibility
MSR810-LM-GL	No
MSR810-W-LM-GL	No
MSR830-6EI-GL	No
MSR830-10EI-GL	No
MSR830-6HI-GL	No
MSR830-10HI-GL	No
MSR2600-6-X1-GL	No
MSR3600-28-SI-GL	No

Usage guidelines

You can configure a series of actions to be executed in response to the event specified in a monitor policy. If two actions have the same ID, the most recent one takes effect.

EAA executes the actions in ascending order of action IDs. When you add actions to a policy, you must make sure the execution order is correct.

The reboot action configured with this command reboots devices or cards without saving the running configuration. If you want to save the running configuration, use the action cli command to configure reboot actions.

When you define an action, you can specify a value or specify a variable name for an argument. For more information about using EAA environment variables, see "rtm environment."

Examples

# (Distributed devices in standalone mode/centralized devices in standalone mode.) Configure an action for the CLI-defined policy test to reboot the device.

<Sysname> system-view

[Sysname] rtm cli-policy test

[Sysname-rtm-test] action 3 reboot

# (Centralized devices in IRF mode.) Configure an action for the CLI-defined policy test to reboot IRF member device 1.

<Sysname> system-view

[Sysname] rtm cli-policy test

[Sysname-rtm-test] action 3 reboot slot 1

# (Distributed devices in IRF mode.) Configure an action for the CLI-defined policy test to reboot IRF member device 1.

<Sysname> system-view

[Sysname] rtm cli-policy test

[Sysname-rtm-test] action 3 reboot chassis 1

action switchover

Use action switchover to add an active/standby switchover action to a monitor policy.

Use undo action to remove an action.

Syntax

action number switchover

undo action number

Default

Monitor policies do not contain any actions.

Views

CLI-defined policy view

Predefined user roles

network-admin

Parameters

number: Specifies an action ID in the range of 0 to 231.

Usage guidelines

You can configure a series of actions to be executed in response to the event specified in a monitor policy. EAA executes the actions in ascending order of action IDs. When you add actions to a policy, you must make sure the execution order is correct. If two actions have the same ID, the most recent one takes effect.

(Centralized devices in standalone mode.) This command does not trigger an active/standby switchover.

(Distributed devices in standalone mode.) This command does not trigger an active/standby switchover in either of the following situations:

· The device has only one MPU.

· The standby MPU is not in up state.

(Centralized devices in IRF mode.) This command does not trigger an active/standby switchover in either of the following situations:

· No subordinate device is configured.

· The subordinate device is not in up state.

(Distributed devices in IRF mode.) This command does not trigger an active/standby switchover in either of the following situations:

· No global standby MPU is configured.

· The global standby MPU is not in up state.

Examples

# Configure an action for the CLI-defined policy test to perform an active/standby switchover.

<Sysname> system-view

[Sysname] rtm cli-policy test

[Sysname-rtm-test] action 3 switchover

action syslog

Use action syslog to add a Syslog action to a monitor policy.

Use undo action to remove an action.

Syntax

action number syslog priority priority facility local-number msg msg-body

undo action number

Default

Monitor policies do not contain any actions.

Views

CLI-defined policy view

Predefined user roles

network-admin

Parameters

number: Specifies an action ID in the range of 0 to 231.

priority priority: Specifies the log severity level in the range of 0 to 7. A lower value represents a higher severity level.

facility local-number: Specifies a logging facility by its facility number in the range of local0 to local7. Facility numbers are used by a log host to identify log creation facilities for filtering log messages.

msg msg-body: Configures the log message body.

Usage guidelines

EAA sends log messages to the information center. You can configure the information center to output these messages to certain destinations. For more information about the information center, see "Configuring the information center."

You can configure a series of actions to be executed in response to the event specified in a monitor policy.

EAA executes the actions in ascending order of action IDs. When you add actions to a policy, you must make sure the execution order is correct.

If two actions have the same ID, the most recent one takes effect.

When you define an action, you can specify a value or specify a variable name for an argument. For more information about using EAA environment variables, see "rtm environment."

Examples

# Configure an action for the CLI-defined policy test to send a log message "hello" with a severity of 7 from the facility device local3.

<Sysname> system-view

[Sysname] rtm cli-policy test

[Sysname-rtm-test] action 3 syslog priority 7 facility local3 msg hello

commit

Use commit to enable a CLI-defined monitor policy.

Syntax

commit

Default

No CLI-defined policies are enabled.

Views

CLI-defined policy view

Predefined user roles

network-admin

Usage guidelines

You must execute this command for a CLI-defined policy to take effect.

After changing the settings in a policy that has been enabled, you must re-execute this command for the changes to take effect.

Examples

# Enable the CLI-defined policy test.

<Sysname> system-view

[Sysname] rtm cli-policy test

[Sysname-rtm-test] commit

display rtm environment

Use display rtm environment to display user-defined EAA environment variables and their values.

Syntax

display rtm environment [ var-name ]

Views

Any view

Predefined user roles

network-admin

Parameters

var-name: Specifies a user-defined EAA environment variable by its name, a case-sensitive string of 1 to 63 characters. The name can contain digits, letters, and the underscore sign (_), but its leading character cannot be the underscore sign. If you do not specify a variable, this command displays all user-defined EAA environment variables.

Examples

# Display all user-defined EAA environment variables.

<Sysname> display rtm environment

Name Value

save_cmd save main force

show_run_cmd display current-configuration

Table 59 Command output

Field	Description
Name	Name of a user-defined EAA environment variable. This field displays a maximum of 30 characters. To display a user-defined EAA environment variable name of more than 30 characters, use the display current-configuration command.
Value	Value of the user-defined EAA environment variable. This field displays a maximum of 30 characters. To display a user-defined EAA environment variable value of more than 30 characters, use the display current-configuration command.

display rtm policy

Use display rtm policy to display monitor policies.

Syntax

display rtm policy { active | registered [ verbose ] } [ policy-name ]

Views

Any view

Predefined user roles

network-admin

Parameters

active: Displays policies that are running.

registered: Displays policies that have been created.

policy-name: Specifies a policy by its name. If you do not specify a policy, the command displays all monitor policies that are running or have been created.

verbose: Displays detailed information about monitor policies.

Usage guidelines

To display the running configuration of CLI-defined monitor policies, execute the display current-configuration command in any view or execute the display this command in CLI-defined monitor policy view.

Examples

# Display all running monitor policies.

<Sysname> display rtm policy active

JID Type Event TimeActive PolicyName

507 TCL INTERFACE Aug 29 14:55:55 2013 test

# Display all monitor policies that have been created.

<Sysname> display rtm policy registered

Total number: 1

Type Event TimeRegistered PolicyName

CLI Aug 29 14:54:50 2013 test

# Display detailed information about all monitor policies.

<Sysname> display rtm policy registered verbose

Total number: 1

Policy Name: test

Policy Type: CLI

Event Type: INTERFACE

TimeRegistered: Aug 29 14:54:50 2013

User-role: network-operator

network-admin

Table 60 Command output

Field	Description
JID	Job ID. This field is available for the display rtm policy active command.
PolicyName	Monitor policy name.
Type Policy Type	Policy creation method: · TCL—The policy was configured by using Tcl. · CLI—The policy was configured from the CLI.
Event Event Type	Event type, including CLI, hotplug, interface, process, SNMP, SNMP-Notification, Syslog, and track.
TimeActive	Time when the policy started to execute.
TimeRegistered	Time when the policy was created.
Total number	Total number of policies.
User-role	User roles for executing the monitor policy. To execute the monitor policy, an administrator must have at least one of the displayed user roles.

event cli

Use event cli to configure a CLI event for a CLI-defined monitor policy.

Use undo event to delete the event in a CLI-defined monitor policy.

Syntax

event cli { async [ skip ] | sync } mode { execute | help | tab } pattern regular-exp

undo event

Default

No CLI event is configured.

Views

CLI-defined policy view

Predefined user roles

network-admin

Parameters

async [ skip ]: Enables or disables the system to execute the command that triggers the policy. If you specify the skip keyword, the system executes the actions in the policy without executing the command that triggers the policy. If you do not specify the skip keyword, the system executes both the actions in the policy and the command entered at the CLI.

sync: Enables the system to execute the command that triggers the event only if the policy has been executed successfully.

execute: Triggers the policy when a matching command is entered.

help: Triggers the policy when a question mark (?) is entered at a matching command line.

tab: Triggers the policy when the Tab key is pressed to complete a parameter in a matching command line.

pattern regular-exp: Specifies a regular expression for matching commands that trigger the policy. For more information about using regular expressions, see Fundamentals Configuration Guide.

Usage guidelines

Use CLI event monitor policies to monitor operations performed at the CLI.

You can configure only one event for a monitor policy. If the monitor policy already contains an event, the new event replaces the old event.

Examples

# Configure a CLI-defined policy to monitor execution of commands that contain the dis inter brief string. Enable the system to execute the actions in the policy without executing the command that triggers the policy.

<Sysname>system-view

[Sysname] rtm cli-policy test

[Sysname-rmt-test] event cli async skip mode execute pattern dis inter brief

# Configure a CLI-defined policy to monitor the use of the Tab key at command lines that contain the dis inter brief string. Enable the system to execute the actions in the policy and display the complete parameter when Tab is pressed at a policy-matching command line.

<Sysname> system-view

[Sysname] rtm cli-policy test

[Sysname-rmt-test] event cli async mode tab pattern dis inter brief

# Configure a CLI-defined policy to monitor the use of the question mark (?) at command lines that contain the dis inter brief string. Enable the system to execute a policy-matching command line only if the actions in the policy are executed successfully when a question mark is entered at the command line.

<Sysname>system-view

[Sysname] rtm cli-policy test

[Sysname-rmt-test] event cli sync mode help pattern dis inter brief

event hotplug

(Centralized devices in standalone mode.) Use event hotplug to configure a subcard hot-swapping event.

(Centralized devices in IRF mode.) Use event hotplug to configure an event to monitor a member device for joining or leaving the IRF fabric or a subcard slot for subcard hot-swapping.

(Distributed devices.) Use event hotplug to configure a card hot-swapping event.

Syntax

Distributed devices in standalone mode/centralized devices in standalone or IRF mode:

event hotplug [ insert | remove ] slot slot-number [ subslot subslot-number ]

undo event

Distributed devices in IRF mode:

event hotplug [ insert | remove ] chassis chassis-number slot slot-number [ subslot subslot-number ]

undo event

Default

No hotplug event is configured.

Views

CLI-defined policy view

Predefined user roles

network-admin

Parameters

insert: Specifies the card insert event. EAA executes the policy when card insertion occurs while the device is operating.

remove: Specifies the card remove event. EAA executes the policy when card removal occurs while the device is operating.

slot slot-number: 0. (Centralized devices in standalone mode.)

slot slot-number: Specifies a card by its slot number. (Distributed devices in standalone mode.)

slot slot-number: Specifies an IRF member device by its member ID. (Centralized devices in IRF mode.)

subslot subslot-number: Specifies a subcard by its subslot number. If you do not specify a subcard, EAA monitors the slot.

The following matrix shows the subslot subslot-number option and hardware compatibility:

Hardware	Option compatibility
MSR810/810-W/810-W-DB/810-LM/810-W-LM/810-10-PoE /810-LM-HK/810-W-LM-HK/810-LMS/810-LUS	No
MSR2600-6-X1/2600-10-X1	No
MSR 2630/810-LM-HK/810-W-LM-HK	No
MSR3600-28/3600-51	No
MSR3600-28-SI/3600-51-SI	No
MSR3610-X1/3610-X1-DP/3610-X1-DC/3610-X1-DP-DC	No
MSR 3610/3620/3620-DP/3640/3660	No
MSR5620/5660/5680	Yes

Hardware	Option compatibility
MSR810-LM-GL	No
MSR810-W-LM-GL	No
MSR830-6EI-GL	No
MSR830-10EI-GL	No
MSR830-6HI-GL	No
MSR830-10HI-GL	No
MSR2600-6-X1-GL	No
MSR3600-28-SI-GL	No

Usage guidelines

(Centralized devices in standalone mode.) After you configure the event, the monitor policy is triggered when a subcard is inserted in or removed from the specified slot. If you do not specify the insert or remove keyword, EAA monitors the subcard slot for both insert and remove actions.

(Centralized devices in IRF mode.) After you configure the event, the monitor policy is triggered when the member device joins or leaves the IRF fabric, or when a subcard is inserted in or removed from the specified subcard slot. If you do not specify the insert or remove keyword, EAA monitors the member device for joining or leaving the IRF fabric and the subcard slot for subcard hot-swapping.

(Distributed devices.) After you configure the event, the monitor policy is triggered when a card is inserted in or removed from the specified slot. If you do not specify the insert or remove keyword, EAA monitors the card slot for both insert and remove actions.

You can configure only one event entry for a monitor policy. If the monitor policy already contains an event entry, the new event entry replaces the old event entry.

Examples

# (Centralized devices in standalone mode.) Configure a CLI-defined policy to monitor slot 2 for subcard swapping.

<Sysname> system-view

[Sysname] rtm cli-policy test

[Sysname-rtm-test] event hotplug slot 2

# (Distributed devices in standalone mode.) Configure a CLI-defined policy to monitor the card in slot 2 for card swapping.

<Sysname> system-view

[Sysname] rtm cli-policy test

[Sysname-rtm-test] event hotplug slot 2

# (Centralized devices in IRF mode.) Configure a CLI-defined policy to monitor the cards on IRF member device 2 for card swapping.

<Sysname> system-view

[Sysname] rtm cli-policy test

[Sysname-rtm-test] event hotplug slot 2

# (Distributed devices in IRF mode.) Configure a CLI-defined policy to monitor the card in slot 2 of IRF member device 1 for card swapping.

<Sysname> system-view

[Sysname] rtm cli-policy test

[Sysname-rtm-test] event hotplug chassis 1 slot 2

event interface

Use event interface to configure an interface event for a CLI-defined monitor policy.

Use undo event to delete the event in a CLI-defined monitor policy.

Syntax

event interface interface-type interface-number monitor-obj monitor-obj start-op start-op start-val start-val restart-op restart-op restart-val restart-val [ interval interval ]

undo event

Default

No interface event is configured.

Views

CLI-defined policy view

Predefined user roles

network-admin

Parameters

interface-type interface-number: Specifies an interface by its type and number.

monitor-obj monitor-obj: Specifies the traffic statistic to be monitored on the interface. For keywords available for the monitor-obj argument, see Table 61.

start-op start-op: Specifies the operator for comparing the monitored traffic statistic with the start threshold. The start threshold is crossed if the comparison result meets the condition. For keywords available for the start-op argument, see Table 62.

start-val start-val: Specifies the start threshold to be compared with the monitored traffic statistic. The value range is 0 to 4294967295.

restart-op restart-op: Specifies the operator for comparing the monitored traffic statistic with the restart threshold. The restart threshold is crossed if the comparison result meets the condition. For keywords available for the restart-op argument, see Table 62.

restart-val restart-val: Specifies the restart threshold to be compared with the monitored traffic statistic. The value range is 0 to 4294967295.

interval interval: Specifies the interval to sample the monitored traffic statistic for a comparison. The value range is 1 to 4294967295, in seconds. The default value is 300.

Table 61 Monitored objects

Monitored traffic statistic	Description
input-drops	Number of discarded incoming packets during the sampling interval
input-errors	Number of incoming error packets during the sampling interval
output-drops	Number of discarded outgoing packets during the sampling interval
output-errors	Number of outgoing error packets during the sampling interval
rcv-bps	Receive rate, in bps
rcv-broadcasts	Number of incoming broadcasts during the sampling interval
rcv-pps	Receive rate, in packets per second.
tx-bps	Transmit rate, in bps.
tx-pps	Transmit rate, in packets per second.

Table 62 Comparison operators

Comparison operator	Description
eq	Equal to.
ge	Greater than or equal to.
gt	Greater than.
le	Less than or equal to.
lt	Less than.
ne	Not equal to.

Usage guidelines

Use interface event monitor policies to monitor traffic statistics on an interface.

You can configure only one event for a monitor policy. If the monitor policy already contains an event, the new event replaces the old event.

EAA executes an interface event policy when the monitored interface traffic statistic crosses the start threshold in the following situations:

· The statistic crosses the start threshold for the first time.

· The statistic crosses the start threshold each time after it crosses the restart threshold.

The following is the interface event monitor process of EAA:

1. Compares the traffic statistic sample with the start threshold at sampling intervals until the start threshold is crossed.

2. Executes the policy.

3. Compares the traffic statistic sample with the restart threshold at sampling intervals until the restart threshold is crossed.

4. Compares the traffic statistic sample with the start threshold at sampling intervals until the start threshold is crossed.

5. Executes the policy again.

This process cycles for the monitor policy to be executed and re-executed.

Examples

# Configure a CLI-defined policy to monitor the incoming error packet statistic on GigabitEthernet 1/0/1 every 60 seconds. Set the start threshold to 1000 and the restart threshold to 50. Enable EAA to execute the policy when the statistic exceeds 1000 for the first time. Enable EAA to re-execute the policy if the statistic exceeds 1000 each time after the statistic has dropped below 50.

<Sysname> system-view

[Sysname] rtm cli-policy test

[Sysname-rtm-test] event interface gigabitethernet 1/0/1 monitor-obj input-errors start-op gt start-val 1000 restart-op lt restart-val 50 interval 60

event process

Use event process to configure a process event for a CLI-defined monitor policy.

Use undo event to delete the event in a CLI-defined monitor policy.

Syntax

Distributed devices in standalone mode/centralized devices in standalone or IRF mode:

event process { exception | restart | shutdown | start } [ name process-name [ instance instance-id ] ] [ slot slot-number ]

undo event

Distributed devices in IRF mode:

event process { exception | restart | shutdown | start } [ name process-name [ instance instance-id ] ] [ chassis chassis-number [ slot slot-number ] ]

undo event

Default

No process event is configured.

Views

CLI-defined policy view

Predefined user roles

network-admin

Parameters

exception: Monitors the specified process for exceptional events. EAA executes the policy when an exception occurs to the monitored process.

restart: Monitors the specified process for restart events. EAA executes the policy when the monitored process restarts.

shutdown: Monitors the specified process for shutdown events. EAA executes the policy when the monitored process is shut down.

start: Monitors the specified process for start events. EAA executes the policy when the monitored process starts.

name process-name: Specifies a user-mode process by its name. The process can be one that is running or not running. If you do not specify a name, this command monitors all use-mode processes.

instance instance-id: Specifies a process instance ID in the range of 0 to 4294967295. The instance ID can be one that has not been created yet. If you specify an instance, EAA only monitors the process instance. If you do not specify an instance, EAA monitors all instances of the process.

slot slot-number: Specifies a card by its slot number. If you do not specify a card, the policy applies to all cards. (Distributed devices in standalone mode.)

slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, the policy applies to all IRF member devices. (Centralized devices in IRF mode.)

slot slot-number: Specifies a card by its slot number. If you do not specify a card, the policy applies to all cards. (Distributed devices in IRF mode.)

chassis chassis-number: Specifies an IRF member device by its member ID. If you do not specify a member device, the policy applies to all IRF member devices. (Distributed devices in IRF mode.)

chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the card. If you do not specify a card, the policy applies to all cards on the specified member device. (Distributed devices in IRF mode.)

Usage guidelines

Use process event monitor policies to monitor process state changes. These changes can result from manual operations or automatic system operations.

You can configure only one event for a monitor policy. If the monitor policy already contains an event, the new event replaces the old event.

Examples

# Configure a CLI-defined policy to monitor all instances of the process snmpd for restart events.

<Sysname>system-view

[Sysname] rtm cli-policy test

[Sysname-rtm-test] event process restart name snmpd

event snmp oid

Use event snmp oid to configure an SNMP event for a CLI-defined monitor policy.

Use undo event to delete the event in a CLI-defined monitor policy.

Syntax

event snmp oid oid monitor-obj { get | next } start-op start-op start-val start-val restart-op restart-op restart-val restart-val [ interval interval ]

undo event

Default

No SNMP event is configured.

Views

CLI-defined policy view

Predefined user roles

network-admin

Parameters

oid oid: Specifies the OID of the monitored MIB variable, a string of 1 to 256 characters.

monitor-obj { get | next }: Specifies the SNMP operation used for sampling variable values. The get keyword represents the SNMP get operation, and the next keyword represents the SNMP getNext operation.

start-op start-op: Specifies the operator for comparing the sampled value with the start threshold. The start threshold is crossed if the comparison result meets the condition. For keywords available for the start-op argument, see Table 62.

start-val start-val: Specifies the start threshold to be compared with the sampled value. The start-val argument can be any data type supported by SNMP, including numerals and character strings. The CLI online help system displays the value range as character strings of 1 to 512 characters. If the threshold value contains spaces, you must enclose the value in quotation marks (" ").

restart-op op: Specifies the operator for comparing the sampled value with the restart threshold. The restart threshold is crossed if the comparison result meets the condition. For keywords available for the start-op argument, see Table 62.

restart-op restart-val: Specifies the restart threshold to be compared with the sampled value. The restart-val argument can be any data type supported by SNMP, including numerals and character strings. The CLI online help system displays the value range as character strings of 1 to 512 characters. If the threshold value contains spaces, you must enclose the value in quotation marks (" ").

interval interval: Specifies the sampling interval in the range of 1 to 4294967295, in seconds. The default value is 300.

Usage guidelines

Use SNMP event monitor policy to monitor value changes of MIB variables.

You can configure only one event for a monitor policy. If the monitor policy already contains an event, the new event replaces the old event.

EAA executes an SNMP event policy when the monitored MIB variable's value crosses the start threshold in the following situations:

· The monitored variable's value crosses the start threshold for the first time.

· The monitored variable's value crosses the start threshold each time after it crosses the restart threshold.

The following is the SNMP event monitor process of EAA:

1. Compares the variable sample with the start threshold at sampling intervals until the start threshold is crossed.

2. Executes the policy.

3. Compares the variable sample with the restart threshold at sampling intervals until the restart threshold is crossed.

4. Compares the variable sample with the start threshold at sampling intervals until the start threshold is crossed.

5. Executes the policy again.

This process cycles for the monitor policy to be executed and re-executed.

Examples

# Configure a CLI-defined policy to get the value of the MIB variable 1.3.6.4.9.9.42.1.2.1.6.4 every five seconds. Set the start threshold to 1 and the restart threshold to 2. Enable EAA to execute the policy when the value changes to 1 for the first time. Enable EAA to re-execute the policy if the value changes to 1 each time after the value has changed to 2.

<Sysname> system-view

[Sysname] rtm cli-policy test

[Sysname-rtm-test] event snmp oid 1.3.6.4.9.9.42.1.2.1.6.4 monitor-obj get start-op eq start-val 1 restart-op eq restart-val 2 interval 5

event snmp-notification

Use event snmp-notification to configure an SNMP-Notification event for a CLI-defined policy.

Use undo event to remove the event in a CLI-defined policy.

Syntax

event snmp-notification oid oid oid-val oid-val op op [ drop ]

undo event

Default

No SNMP-Notification event is configured.

Views

CLI-defined policy view

Predefined user roles

network-admin

Parameters

oid oid: Specifies the OID of the monitored MIB variable, a string of 1 to 256 characters.

oid-val oid-val: Specifies the threshold to be compared with the sampled value. The oid-val argument can be any data type supported by SNMP, including numerals and character strings. The CLI online help system displays the value range as character strings of 1 to 512 characters. If the threshold value contains spaces, you must enclose the value in quotation marks (" ").

op op: Specifies the operator for comparing the sampled value with the threshold. The policy is executed if the comparison result meets the condition. For keywords available for the start-op argument, see Table 62.

drop: Drops the notification if the comparison result meets the condition. If this keyword is not specified, the system sends the notification.

Usage guidelines

Use SNMP-Notification event monitor policies to monitor variables in SNMP notifications.

EAA executes an SNMP-Notification event monitor policy when the value of the monitored variable in an SNMP notification meets the specified condition.

You can configure only one event for a monitor policy. If the monitor policy already contains an event, the new event replaces the old event.

Examples

# Configure a CLI-defined policy test to monitor SNMP notifications that contain the variable OID 1.3.6.1.4.1.25506.2.2.1.1.2.1.0. Enable the system to drop an SNMP notification and execute the policy if the variable in the notification contains the user name admin.

<Sysname> system-view

[Sysname] rtm cli-policy test

[Sysname-rtm-test] event snmp-notification oid 1.3.6.1.4.1.25506.2.2.1.1.2.1.0 oid-val admin op eq drop

event syslog

Use event syslog to configure a Syslog event for a CLI-defined monitor policy.

Use undo event to delete the event in a CLI-defined monitor policy.

Syntax

event syslog priority priority msg msg occurs times period period

undo event

Default

No Syslog event is configured.

Views

CLI-defined policy view

Predefined user roles

network-admin

Parameters

priority priority: Specifies the lowest severity level for matching log messages. The level argument can be an integer in the range of 0 to 7, or the word all, which represents any severity level from 0 to 7. A lower number represents higher priority level. For example, specify a severity level of 3 to match log messages from level 3 to level 0.

msg msg: Specifies a regular expression to match the message body, a string of 1 to 255 characters. The log message must use the H3C format. For more information about log message formats, see information center configuration in Network Management and Monitoring Configuration Guide For more information about regular expressions, see CLI configuration in Fundalmentals Configuration Guide.

occurs times period period: Executes the policy if the number of log matches over an interval exceeds the limit. The times argument specifies the maximum number of log matches in the range of 1 to 32. The period argument specifies an interval in the range of 1 to 4294967295 seconds.

Usage guidelines

Use Syslog event monitor policies to monitor log messages.

EAA executes a Syslog event monitor policy when the number of matching logs over an interval reaches the limit.

NOTE:

EAA does not count log messages generated by the RTM module when it counts log matches.

You can configure only one event for a monitor policy. If the monitor policy already contains an event, the new event replaces the old event.

Examples

# Configure a CLI-defined policy to monitor Syslog messages for level 3 to level 0 messages that contain the down string. Enable the policy to execute when five log matches are found within 6 seconds.

<Sysname> system-view

[Sysname] rtm cli-policy test

[Sysname-rtm-test] event syslog priority 3 msg down occurs 5 period 6

event track

Use event track to configure a track event for a CLI-defined monitor policy.

Use undo event to delete the event in a CLI-defined monitor policy.

Syntax

event track track-list state { negative | positive } [ suppress-time suppress-time ]

undo event

Default

No track event is configured.

Views

CLI-defined policy view

Predefined user roles

network-admin

Parameters

track-list: Specifies a space-separated list of up to 16 track items. Each item specifies a track entry number or a range of track entry numbers in the form of track-entry-number to track-entry-number. The value range for the track-entry-number argument is 1 to 1024.

state { negative | positive }: Monitors state change of the track entries.

· negative: Triggers the policy when the state of the track entries changes from Positive to Negative.

· positive: Triggers the policy when the state of the track entries changes from Negative to Positive.

suppress-time suppress-time: Sets a suppress time in the range of 1 to 4294967295, in seconds. The default value is 0.

Usage guidelines

Use track event monitor policies to monitor state change of track entries. If you specify one track entry for a policy, EAA triggers the policy when the state of the track entry changes from Positive to Negative or from Negative to Positive. If you specify multiple track entries for a policy, EAA triggers the policy only when the state of all the track entries changes from Positive (Negative) to Negative (Positive).

If you set a suppress time for a track event monitor policy, the timer starts when the policy is triggered. The system does not process the messages that report the track entry state change Positive (Negative) to Negative (Positive) until the timer times out.

For example, to automatically disconnect the sessions between the local device and its down link BGP peers when the sessions between the local device and its uplink BGP peers are disconnected, you can configure a track event monitor policy as follows:

· Configure a track event for the policy and specify track entries to monitor the links between the local device and its uplink BGP peers.

· Add the CLI action peer ignore to the policy to disable BGP session establishment between the local device and its downlink BGP peers.

You can configure only one event entry for a monitor policy. If the monitor policy already contains an event entry, the new event entry replaces the old event entry.

Examples

# Create CLI-defined monitor policy test. Configure a track event for the policy that occurs when the state of track entry 1 to track entry 8 changes from Positive to Negative. Set the suppress time to 180 seconds for the policy.

<Sysname>system-view

[Sysname] rtm cli-policy test

[Sysname-rtm-test] event track 1 to 8 state negative suppress-time 180

rtm cli-policy

Use rtm cli-policy to create a CLI-defined EAA monitor policy and enter its view, or enter the view of an existing CLI-defined EAA monitor policy.

Use undo rtm cli-policy to delete a CLI-defined monitor policy.

Syntax

rtm cli-policy policy-name

undo rtm cli-policy policy-name

Default

No CLI-defined monitor policies exist.

Views

System view

Predefined user roles

network-admin

Parameters

policy-name: Specifies the name of a CLI-defined monitor policy, a case-sensitive string of 1 to 63 characters.

Usage guidelines

You must create a CLI-defined monitor policy before you can use the CLI to configure settings in the policy.

You can assign the same policy name to a CLI-defined policy and a Tcl-defined policy, but you cannot assign the same name to policies that are the same type.

For a CLI-defined monitor policy to take effect, you must execute the commit command after you complete configuring the policy.

Examples

# Create a CLI-defined policy and enter its view.

<Sysname> system-view

[Sysname] rtm cli-policy test

Related commands

commit

rtm environment

Use rtm environment to configure an EAA environment variable.

Use undo rtm environment to delete a user-defined EAA environment variable.

Syntax

rtm environment var-name var-value

undo rtm environment var-name

Default

No user-defined EAA environment variables exist.

The system provides the variables in Table 63. You cannot create, delete, or modify these system-defined variables.

Table 63 System-defined EAA environment variables by event type

Variable name	Description
Any event:
_event_id	Event ID.
_event_type	Event type.
_event_type_string	Event type description.
_event_time	Time when the event occurs.
_event_severity	Severity level of an event.
CLI:
_cmd	Commands that are matched.
Syslog:
_syslog_pattern	Log message content.
Hotplug:
_slot	(Centralized devices in standalone mode.) 0. (Distributed devices.) ID of the slot where card hot-swapping occurs. (Centralized devices in IRF mode.) ID of the member device that joins or leaves the IRF fabric.
_subslot	ID of the subslot where a hot swap event occurs.
Interface:
_ifname	Interface name.
SNMP:
_oid	OID of the MIB variable where an SNMP operation is performed.
_oid_value	Value of the MIB variable.
SNMP-Notification:
_oid	OID that is included in the SNMP notification.
Process:
_process_name	Process name.

Views

System view

Predefined user roles

network-admin

Parameters

var-value: Specifies the variable value.

Usage guidelines

When you define an action, you can enter a variable name with a leading dollar sign ($variable_name) instead of entering a value for an argument. EAA will replace the variable name with the variable value when it performs the action.

For an action argument, you can specify a list of variable names in the form of $variable_name1$variable_name2...$variable_nameN.

Examples

# Create an environment variable: set its name to if and set its value to interface.

<Sysname> system-view

[Sysname] rtm environment if interface

rtm scheduler suspend

Use rtm scheduler suspend to suspend monitor policies.

Use undo rtm scheduler suspend to resume monitor policies.

Syntax

rtm scheduler suspend

undo rtm scheduler suspend

Views

System view

Predefined user roles

network-admin

Usage guidelines

This command disables all CLI-defined and Tcl-defined monitor policies except for the monitor policies that are running.

To revise the Tcl script of a policy, you must suspend all monitor policies first, and then resume the policies after you finish revising the script. The system cannot execute a Tcl-defined policy if you edit its Tcl script without suspending all monitor policies.

Examples

# Suspend monitor policies.

<Sysname> system-view

[Sysname] rtm scheduler suspend

rtm tcl-policy

Use rtm tcl-policy to create a Tcl-defined policy and bind it to a Tcl script file.

Use undo rtm tcl-policy to delete a Tcl policy.

Syntax

rtm tcl-policy policy-name tcl-filename

undo rtm tcl-policy policy-name

Default

No Tcl policies exist.

Views

System view

Predefined user roles

network-admin

Parameters

policy-name: Specifies a policy name, a case-sensitive string of 1 to 63 characters.

tcl-filename: Specifies a .tcl script file name. The file name is case sensitive. You must make sure the file is available on a storage medium of the device.

Usage guidelines

When you use this command to create a Tcl-defined policy, follow these guidelines:

(Centralized devices in IRF mode.) Make sure the script file is saved on all IRF member devices. This practice ensures that the policy can run correctly after a master/subordinate switchover occurs or the member device where the script file resides leaves the IRF.

(Distributed devices in IRF or standalone mode.) Make sure the script file is saved on all MPUs. This practice ensures that the policy can run correctly after an active/standby or master/standby switchover occurs or the MPU where the script file resides fails or is removed.

This command both creates and enables the specified Tcl-defined monitor policy. To revise the Tcl script of a Tcl-defined policy, you must suspend all monitor policies first, and then resume the policies after you finish revising the script. The system cannot execute a Tcl-defined policy if you edit its Tcl script without suspending all monitor policies.

To bind a Tcl-defined policy to a different Tcl script file:

1. Execute the undo rtm tcl-policy policy-name command to delete the Tcl policy.

2. Create the Tcl policy again, and then bind it to the new Tcl script file.

You can assign the same policy name to a CLI-defined policy and a Tcl-defined policy. However, you cannot assign the same name to policies that are the same type.

Examples

# Create a Tcl policy and bind it to a Tcl script file.

<Sysname> system-view

[Sysname] rtm tcl-policy test test.tcl

running-time

Use running-time to set the duration that a CLI-defined policy executes its actions.

Use undo running-time to restore the default.

Syntax

running-time time

undo running-time

Default

A CLI-defined policy executes its actions for a period of 20 seconds.

Views

CLI-defined policy view

Predefined user roles

network-admin

Parameters

time: Specifies the duration that a CLI-defined policy execute its actions, in the range of 0 to 31536000, in seconds. If you specify 0, the policy runs its actions forever until it is manually interrupted.

Usage guidelines

This command limits the amount of time that a CLI-defined policy executes its actions from the time the policy is triggered. When the duration expires, the policy stops executing its actions even if the execution is not finished.

This setting prevents a CLI-defined policy from executing its actions permanently to occupy resources.

Examples

# Set the duration for CLI-defined policy test to execute its actions to 60 seconds.

<Sysname> system-view

[Sysname] rtm cli-policy test

[Sysname-rtm-test] running-time 60

user-role

Use user-role to assign a user role to a CLI-defined policy.

Use undo user-role to remove a user role from a CLI-defined policy.

Syntax

user-role role-name

undo user-role role-name

Default

A monitor policy contains user roles that its creator had at the time of policy creation.

Views

CLI-defined policy view

Predefined user roles

network-admin

Parameters

role-name: Specifies a user role by its name, a case-sensitive string of 1 to 63 characters.

Usage guidelines

For EAA to execute an action in a monitor policy, you must assign the policy the user role that has access to the action-specific commands and resources. If EAA lacks access to an action-specific command or resource, EAA does not perform the action and all the subsequent actions.

For example, a monitor policy has four actions numbered from 1 to 4. The policy has user roles that are required for performing actions 1, 3, and 4, but it does not have the user role required for performing action 2. When the policy is triggered, EAA executes only action 1.

A monitor policy supports a maximum of 64 valid user roles. User roles added after this limit is reached do not take effect.

An EAA policy cannot have both the security-audit user role and any other user roles. Any previously assigned user roles are automatically removed when you assign the security-audit user role to the policy. The previously assigned security-audit user role is automatically removed when you assign any other user roles to the policy.

Examples

# Assign user roles to a CLI-defined policy.

<Sysname> system-view

[Sysname] rtm cli-policy test

[Sysname-rtm-test] user-role network-admin

[Sysname-rtm-test] user-role admin

Process monitoring and maintenance commands

Commands and descriptions for centralized devices apply to the following routers:

· MSR810/810-W/810-W-DB/810-LM/810-W-LM/810-10-PoE/810-LM-HK/810-W-LM-HK/810-LMS/810-LUS.

· MSR2600-6-X1/2600-10-X1.

· MSR 2630.

· MSR3600-28/3600-51.

· MSR3600-28-SI/3600-51-SI.

· MSR3610-X1/3610-X1-DP/3610-X1-DC/3610-X1-DP-DC.

· MSR 3610/3620/3620-DP/3640/3660.

· MSR810-LM-GL/810-W-LM-GL/830-6EI-GL/830-10EI-GL/830-6HI-GL/830-10HI-GL/2600-6-X1-GL/3600-28-SI-GL.

Commands and descriptions for distributed devices apply to the following routers:

· MSR5620.

· MSR 5660.

· MSR 5680.

The display memory, display process, display process cpu, monitor process, and monitor thread commands display information about both user processes and kernel threads. In these commands, "process" refers to both user processes and kernel threads.

display exception context

Use display exception context to display context information for process exceptions.

Syntax

Centralized devices in standalone mode:

display exception context [ count value ]

Distributed devices in standalone mode/centralized devices in IRF mode:

display exception context [ count value ] [ slot slot-number [ cpu cpu-number ] ]

Distributed devices in IRF mode:

display exception context [ count value ] [ chassis chassis-number slot slot-number [ cpu cpu-number ] ]

Views

Any view

Predefined user roles

network-admin

Parameters

count value: Specifies the number of context information entries, in the range of 1 to 20. The default value is 1.

slot slot-number: Specifies an MPU by its slot number. If you do not specify this option, the command displays context information for process exceptions on the active MPU. (Distributed devices in standalone mode.)

slot slot-number: Specifies an IRF member device by its ID. If you do not specify this option, the command displays context information for process exceptions on the IRF master device. (Centralized devices in IRF mode.)

chassis chassis-number slot slot-number: Specifies an MPU on an IRF member device. If you do not specify this option, the command displays context information for process exceptions on the global active MPU. (Distributed devices in IRF mode.)

cpu cpu-number: Specifies a CPU by its number. (Centralized devices in IRF mode/distributed devices in IRF or standalone mode.)

Usage guidelines

The system generates a context information entry for each process exception. A context information entry includes the process ID, the crash time, the core file directory, stack information, and register information.

Examples

# Display the exception context information on the x86-based 32-bit device.

<Sysname> display exception context

Index 1 of 1

------------------------------

Crashed PID: 120 (routed)

Crash signal: SIGBUS

Crash time: Tue Apr 9 17:14:30 2013

Core file path:

flash:/core/node0_routed_120_7_20130409-171430_1365527670.core

#0 0xb7caba4a

#1 0x0804cb79

#2 0xb7cd77c4

#3 0x08049f45

Backtrace stopped.

Registers' content

eax:0xfffffffc ebx:0x00000003 ecx:0xbfe244ec edx:0x0000000a

esp:0xbfe244b8 ebp:0xbfe244c8 esi:0xffffffff edi:0xbfe24674

eip:0xb7caba4a eflag:0x00000292 cs:0x00000073 ss:0x0000007b

ds:0x0000007b es:0x0000007b fs:0x00000000 gs:0x00000033

# Display the exception context information on the x86-based 64-bit device.

<Sysname> display exception context

Index 1 of 1

------------------------------

Crashed PID: 121 (routed)

Crash signal: SIGBUS

Crash time: Sun Mar 31 11:12:21 2013

Core file path:

flash:/core/node0_routed_121_7_20130331-111221_1364728341.core

#0 0x00007fae7dbad20c

#1 0x00000000004059fa

#2 0x00007fae7dbd96c0

#3 0x0000000000402b29

Backtrace stopped.

Registers' content

rax:0xfffffffffffffffc rbx:0x00007fff88a5dd10

rcx:0xffffffffffffffff rdx:0x000000000000000a

rsi:0x00007fff88a5dd10 rdi:0x0000000000000003

rbp:0x00007fff88a5dcf0 rsp:0x00007fff88a5dcf0

r8:0x00007fae7ea587e0 r9:0x0000000000000079

r10:0xffffffffffffffff r11:0x0000000000000246

r12:0x0000000000405b18 r13:0x00007fff88a5ff7a

r14:0x00007fff88a5de30 r15:0x0000000000000000

rip:0x00007fae7dbad20c flag:0x0000000000000246

cs:0x0000000000000033 ss:0x000000000000002b

ds:0x0000000000000000 es:0x0000000000000000

fs:0x0000000000000000 gs:0x0000000000000000

fs_base:0x00007fae80a5d6a0 gs_base:0x0000000000000000

orig_ax:0x00000000000000e8

# Display the exception context information on the PowerPC-based 32-bit device.

<Sysname> display exception context

Index 1 of 1

------------------------------

Crashed PID: 133 (routed)

Crash signal: SIGBUS

Crash time: Wed Apr 10 15:47:49 2013

Core file path:

flash:/core/node0_routed_133_7_20130410-154749_1365608869.core

#0 0x184720bc

#1 0x10006b4c

Backtrace stopped.

Registers' content

grp00: 0x000000ee 0x7ffd6ad0 0x1800f440 0x00000004

grp04: 0x7ffd6af8 0x0000000a 0xffffffff 0x184720bc

grp08: 0x0002d200 0x00000003 0x00000001 0x1847209c

grp12: 0x10006b4c 0x10020534 0xd6744100 0x00000000

grp16: 0x00000000 0xa0203ff0 0xa028b12c 0xa028b13c

grp20: 0xa028b148 0xa028b168 0xa028b178 0xa028b190

grp24: 0xa028b1a8 0xa028b1b8 0x00000000 0x7ffd6c08

grp28: 0x10006cac 0x7ffd6f92 0x184c1b84 0x7ffd6ae0

nip:0x184720bc lr:0x10006b4c cr:0x38000022 ctr:0x1847209c

msr:0x0002db00 xer:0x00000000 ret:0xfffffffc dsisr:0x08000000

gr3:0x00000003 mq:0x00000000 trap:0x00000c00 dar:0x1833114c

# Display the exception context information on the PowerPC-based 64-bit device.

<Sysname> display exception context

Index 1 of 1

------------------------------

Crashed PID: 172 (routed)

Crash signal: SIGBUS

Crash time: Sat Sep 15 16:53:16 2007

Core file path:

cfa0:/core/node1_routed_172_7_20070915-165316_1189875196.core

#0 0x00000fff803c66b4

#1 0x0000000010009b94

#2 0x00000fff80401814

Backtrace stopped.

Registers' content

grp00: 0x00000000000000ee 0x00000fffffd04840

grp02: 0x00000fff80425c28 0x0000000000000004

grp04: 0x00000fffffd048c0 0x000000000000000a

grp06: 0xffffffffffffffff 0x00000fff803c66b4

grp08: 0x000000008002d000 0x0000000000000000

grp10: 0x0000000000000000 0x0000000000000000

grp12: 0x0000000000000000 0x00000fff80a096b0

grp14: 0x000000007b964c00 0x000000007b7d0000

grp16: 0x0000000000000001 0x000000000000000b

grp18: 0x0000000000000031 0x0000000000a205b8

grp20: 0x0000000000a20677 0x0000000000000000

grp22: 0x000000007bb91014 0x0000000000000000

grp24: 0xc0000000005ae1c8 0x0000000000000000

grp26: 0xc0000001f00bff20 0xc0000001f00b0000

grp28: 0x00000fffffd04a30 0x000000001001aed8

grp30: 0x00000fffffd04fae 0x00000fffffd04840

nip:0x00000fff803c66b4 lr:0x0000000010009b94

cr:0x0000000058000482 ctr:0x00000fff803c66ac

msr:0x000000008002d000 xer:0x0000000000000000

ret:0xfffffffffffffffc dsisr:0x0000000000000000

gr3:0x0000000000000003 softe:0x0000000000000001

trap:0x0000000000000c00 dar:0x00000fff8059d14c

# Display the exception context information on the MIPS-based 32-bit device.

<Sysname> display exception context

Index 1 of 1

------------------------------

Crashed PID: 182 (routed)

Crash signal: SIGBUS

Crash time: Sun Jan 2 08:11:38 2013

Core file path:

flash:/core/node4_routed_182_10_20130102-081138_1293955898.core

#0 0x2af2faf4

#1 0x00406d8c

Backtrace stopped.

Registers' content

zero:0x00000000 at:0x1000dc00 v0:0x00000004 v1:0x00000003

a0:0x00000003 a1:0x7fd267e8 a2:0x0000000a a3:0x00000001

t0:0x00000000 t1:0xcf08fa14 t2:0x80230510 t3:0xfffffff8

t4:0x69766520 t5:0x00000000 t6:0x63cc6000 t7:0x44617461

s0:0x7fd26f81 s1:0x00401948 s2:0x7fd268f8 s3:0x803e1db0

s4:0x803e1da0 s5:0x803e1d88 s6:0x803e1d70 s7:0x803e1d60

t8:0x00000008 t9:0x2af2fae0 k0:0x00000000 k1:0x00000000

gp:0x2af9a3a0 sp:0x7fd267c0 s8:0x7fd267c0 ra:0x00406d8c

sr:0x0000dc13 lo:0xef9db265 hi:0x0000003f bad:0x2add2010

cause:0x00800020 pc:0x2af2faf4

# Display the exception context information on the MIPS-based 64-bit device.

<Sysname> display exception context

Index 1 of 1

------------------------------

Crashed PID: 270 (routed)

Crash signal: SIGBUS

Crash time: Wed Mar 27 12:39:12 2013

Core file path:

flash:/core/node16_routed_270_10_20130327-123912_1364387952.core

#0 0x0000005555a3bcb4

#1 0x0000000120006c1c

Backtrace stopped.

Registers' content

zero:0x0000000000000000 at:0x0000000000000014

v0:0x0000000000000004 v1:0x0000000000000003

a0:0x0000000000000003 a1:0x000000ffff899d90

a2:0x000000000000000a a3:0x0000000000000001

a4:0x0000005555a9b4e0 a5:0x0000000000000000

a6:0xffffffff8021349c a7:0x20696e206368616e

t0:0x0000000000000000 t1:0xffffffff80105068

t2:0xffffffff80213890 t3:0x0000000000000008

s0:0x0000005555a99c40 s1:0x000000ffff89af5f

s2:0x0000000120007320 s3:0x0000005555a5f470

s4:0x000000ffff899f80 s5:0xffffffff803cc6c0

s6:0xffffffff803cc6a8 s7:0xffffffff803cc690

t8:0x0000000000000002 t9:0x0000005555a3bc98

k0:0x0000000000000000 k1:0x0000000000000000

gp:0x0000000120020460 sp:0x000000ffff899d70

s8:0x000000ffff899d80 ra:0x0000000120006c1c

sr:0x000000000400fff3 lo:0xdf3b645a1cac08c9

hi:0x000000000000007f bad:0x000000555589ba84

cause:0x0000000000800020 pc:0x0000005555a3bcb4

Table 64 Command output

Filed	Description
Crashed PID	ID of the crashed process.
Crash signal	Signals that led to the crash: · SIGABRT—Abort. · SIGBUS—Bus error. · SIGFPE—Erroneous arithmetic operation. · SIGILL—Illegal hardware instructions. · SIGQUIT—Quit signal sent by the controlling terminal. · SIGSEGV—Invalid memory access. · SIGSYS—Invalid system call. · SIGTRAP—Trap message. · SIGXCPU—CPU usage limit exceeded. · SIGXFSZ—File size limit exceeded. · SIGUNKNOW—Unknown reason.
Crash time	Time when the crash occurred.
Core file path	Directory where the core file is saved.
Backtrace stopped	All stack information has been displayed.

Related commands

reset exception context

display exception filepath

Use display exception filepath to display the core file directory.

Syntax

Centralized devices in standalone mode:

display exception filepath

Distributed devices in standalone mode/centralized devices in IRF mode:

display exception filepath [ slot slot-number [ cpu cpu-number ] ]

Distributed devices in IRF mode:

display exception filepath [ chassis chassis-number slot slot-number [ cpu cpu-number ] ]

Views

Any view

Predefined user roles

network-admin

Parameters

slot slot-number: Specifies an MPU by its slot number. If you do not specify this option, the command displays the core file directory on the active MPU. (Distributed devices in standalone mode.)

slot slot-number: Specifies an IRF member device by its ID. If you do not specify this option, the command displays the core file directory on the IRF master device. (Centralized devices in IRF mode.)

chassis chassis-number slot slot-number: Specifies an MPU on an IRF member device. If you do not specify this option, the command displays the core file directory on the global active MPU. (Distributed devices in IRF mode.)

cpu cpu-number: Specifies a CPU by its number. (Centralized devices in IRF mode/distributed devices in IRF or standalone mode.)

Examples

# Display the core file directory on the MPU. (Centralized devices in standalone mode.)

<Sysname> display exception filepath

The exception filepath is flash:.

# Display the core file directory on the active MPU. (Distributed devices in standalone mode/centralized devices in IRF mode.)

<Sysname> display exception filepath

The exception filepath on slot 0 is flash:.

# Display the core file directory on the standby MPU. (Distributed devices in standalone mode/centralized devices in IRF mode.)

<Sysname> display exception filepath slot 1

The exception filepath on slot 1 is NULL.

# Display the core file directory on the global active MPU. (Distributed devices in IRF mode.)

<Sysname> display exception filepath

The exception filepath on chassis 0 slot 1 is flash:.

display kernel deadloop

Use display kernel deadloop to display kernel thread deadloop information.

Syntax

Centralized devices in standalone mode:

display kernel deadloop show-number [ offset ] [ verbose ]

Distributed devices in standalone mode/centralized devices in IRF mode:

display kernel deadloop show-number [ offset ] [ verbose ] [ slot slot-number [ cpu cpu-number ] ]

Distributed devices in IRF mode:

display kernel deadloop show-number [ offset ] [ verbose ] [ chassis chassis-number slot slot-number [ cpu cpu-number ] ]

Views

Any view

Predefined user roles

network-admin

Parameters

show-number: Specifies the number of deadloops to display, in the range of 1 to 10.

offset: Specifies the offset between the starting deadloop and the latest deadloop, in the range of 0 to 9. The default value is 0.

verbose: Displays detailed information. If you do not specify this keyword, the command displays brief information.

slot slot-number: Specifies an MPU by its slot number. If you do not specify this option, the command displays kernel thread deadloop information for the active MPU. (Distributed devices in standalone mode.)

slot slot-number: Specifies an IRF member device by its ID. If you do not specify this option, the command displays kernel thread deadloop information for the master device. (Centralized devices in IRF mode.)

chassis chassis-number slot slot-number: Specifies an MPU on an IRF member device. If you do not specify this option, the command displays kernel thread deadloop information for the global active MPU. (Distributed devices in IRF mode.)

cpu cpu-number: Specifies a CPU by its number. (Centralized devices in IRF mode/distributed devices in IRF or standalone mode.)

Examples

# Display brief information about the latest kernel thread deadloop.

<Sysname> display kernel deadloop 1

----------------- Deadloop record 1 -----------------

Description : BUG: soft lockup - CPU#0 stuck for 61! [comsh: 16306]

Recorded at : 2013-05-01 11:16:00.823018

Occurred at : 2013-05-01 11:16:00.823018

Instruction address : 0x4004158c

Thread : comsh (TID: 16306)

Context : thread context

Chassis : 0

Slot : 0

Cpu : 0

VCPU ID : 0

Kernel module info : module name (mrpnc) module address (0xe332a000)

# Display detailed information about the latest kernel thread deadloop.

<Sysname> display kernel deadloop 1 verbose

----------------- Deadloop record 1 -----------------

Description : BUG: soft lockup - CPU#0 stuck for 61! [comsh: 16306]

Recorded at : 2013-05-01 11:16:00.823018

Occurred at : 2013-05-01 11:16:00.823018

Instruction address : 0x4004158c

Thread : comsh (TID: 16306)

Context : thread context

Chassis : 0

Slot : 0

Cpu : 0

VCPU ID : 0

Kernel module info : module name (mrpnc) module address (0xe332a000)

Last 5 thread switches : migration/0 (11:16:00.823018)-->

swapper (11:16:00.833018)-->

kthreadd (11:16:00.833518)-->

swapper (11:16:00.833550)-->

disk (11:16:00.833560)

Reg: r0, Val = 0x00000000 ; Reg: r1, Val = 0xe2be5ea0 ;

Reg: r2, Val = 0x00000000 ; Reg: r3, Val = 0x77777777 ;

Reg: r4, Val = 0x00000000 ; Reg: r5, Val = 0x00001492 ;

Reg: r6, Val = 0x00000000 ; Reg: r7, Val = 0x0000ffff ;

Reg: r8, Val = 0x77777777 ; Reg: r9, Val = 0x00000000 ;

Reg: r10, Val = 0x00000001 ; Reg: r11, Val = 0x0000002c ;

Reg: r12, Val = 0x057d9484 ; Reg: r13, Val = 0x00000000 ;

Reg: r14, Val = 0x00000000 ; Reg: r15, Val = 0x02000000 ;

Reg: r16, Val = 0xe2be5f00 ; Reg: r17, Val = 0x00000000 ;

Reg: r18, Val = 0x00000000 ; Reg: r19, Val = 0x00000000 ;

Reg: r20, Val = 0x024c10f8 ; Reg: r21, Val = 0x057d9244 ;

Reg: r22, Val = 0x00002000 ; Reg: r23, Val = 0x0000002c ;

Reg: r24, Val = 0x00000002 ; Reg: r25, Val = 0x24000024 ;

Reg: r26, Val = 0x00000000 ; Reg: r27, Val = 0x057d9484 ;

Reg: r28, Val = 0x0000002c ; Reg: r29, Val = 0x00000000 ;

Reg: r30, Val = 0x0000002c ; Reg: r31, Val = 0x00000000 ;

Reg: cr, Val = 0x84000028 ; Reg: nip, Val = 0x057d9550 ;

Reg: xer, Val = 0x00000000 ; Reg: lr, Val = 0x0186eff0 ;

Reg: ctr, Val = 0x682f7344 ; Reg: msr, Val = 0x00784b5c ;

Reg: trap, Val = 0x0000b030 ; Reg: dar, Val = 0x77777777 ;

Reg: dsisr, Val = 0x40000000 ; Reg: result, Val = 0x00020300 ;

Dump stack (total 1024 bytes, 16 bytes/line):

0xe2be5ea0: 02 be 5e c0 24 00 00 24 00 00 00 00 05 7d 94 84

0xe2be5eb0: 00 00 00 04 00 00 00 00 00 00 00 28 05 8d 34 c4

0xe2be5ec0: 02 be 60 a0 01 86 ef f0 00 00 00 00 00 00 00 00

0xe2be5ed0: 02 04 05 b4 00 00 00 00 00 00 00 00 00 00 00 00

0xe2be5ee0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

0xe2be5ef0: 95 47 73 35 00 00 00 00 00 00 00 00 00 00 00 00

0xe2be5f00: a0 e1 64 21 00 00 00 00 00 00 00 00 00 00 00 00

0xe2be5f10: 00 00 00 00 00 00 00 00 00 00 00 00 01 e9 00 00

0xe2be5f20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

0xe2be5f30: 00 00 00 00 00 00 00 00 02 be 66 c0 02 be 66 d0

0xe2be5f40: 02 be 61 e0 00 00 00 02 00 00 00 00 02 44 b3 a4

0xe2be5f50: 02 be 5f 90 00 00 00 08 02 be 5f e0 00 00 00 08

0xe2be5f60: 02 be 5f 80 00 ac 1b 14 00 00 00 00 00 00 00 00

0xe2be5f70: 05 b4 5f 90 02 be 5f e0 00 00 00 30 02 be 5f e0

0xe2be5f80: 02 be 5f c0 00 ac 1b f4 00 00 00 00 02 45 00 00

0xe2be5f90: 00 03 00 00 00 00 00 00 02 be 5f e0 00 00 00 30

0xe2be5fa0: 02 be 5f c0 00 ac 1b 14 61 f1 2e ae 02 45 00 00

0xe2be5fb0: 02 44 b3 74 02 be 5f d0 00 00 00 30 02 be 5f e0

0xe2be5fc0: 02 be 60 60 01 74 ff f8 00 00 00 00 00 00 08 00

0xe2be5fd0: 02 be 5f f0 00 e8 93 7e 02 be 5f f8 02 be 5f fc

0xe2be5fe0: 00 00 00 00 00 00 00 00 00 00 00 00 02 be 60 18

0xe2be5ff0: 02 be 60 10 00 e9 65 98 00 00 00 58 00 00 2a 4f

0xe2be6000: 02 be 60 10 00 00 00 00 00 00 00 00 02 be 60 68

0xe2be6010: 02 be 60 40 00 e8 c6 a0 00 00 11 17 00 00 00 00

0xe2be6020: 02 be 60 40 00 00 00 00 00 00 00 00 02 be 60 98

0xe2be6030: 02 27 00 00 00 00 00 00 00 00 00 00 02 be 60 68

0xe2be6040: 02 be 60 60 00 00 00 01 00 00 b0 30 02 be 60 98

0xe2be6050: 00 00 00 04 02 21 00 00 00 00 00 00 01 e9 00 00

0xe2be6060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

0xe2be6070: 00 00 00 00 00 00 00 00 02 be 66 c0 02 be 66 d0

0xe2be6080: 02 be 61 e0 00 00 00 02 00 00 00 00 02 be 61 70

0xe2be6090: 00 00 00 00 02 21 00 00 05 8d 34 c4 05 7d 92 44

Call trace:

Function Address = 0x8012a4b4

Function Address = 0x8017989c

Function Address = 0x80179b30

Function Address = 0x80127438

Function Address = 0x8012d734

Function Address = 0x80100a00

Function Address = 0xe0071004

Function Address = 0x8016ce0c

Function Address = 0x801223a0

Instruction dump:

41a2fe9c 812300ec 800200ec 7f890000 409efe8c 80010014 540b07b9 40a2fe80

4bfffe6c 80780290 7f64db78 4804ea35 <807f002c> 38800000 38a00080 3863000c

Table 65 Command output

Field	Description
Description	Description for the kernel thread deadloop, including the CPU number, thread running time, thread name, and thread number.
Recorded at	Time when the kernel thread deadloop was recorded on the MPU, with microsecond precision.
Occurred at	Time when the kernel thread deadloop occurred, with microsecond precision.
Instruction address	Instruction address for the kernel thread deadloop.
Thread	Name and number of the kernel thread deadloop.
Context	Context for the kernel thread deadloop.
Chassis	Number of the IRF member device on which the kernel thread ran.
Slot	Slot number of the MPU on which the kernel thread ran. (Distributed devices in IRF or standalone mode.) ID of the IRF member device on which the kernel thread ran. (Centralized devices in IRF mode.) Fixed to 0 without any special meaning. (Centralized devices in standalone mode.)
Cpu	Number of the CPU where the kernel thread ran.
VCPU ID	Number of the CPU core where the kernel thread ran.
Kernel module info	Information about kernel modules that had been loaded when the kernel thread deadloop was detected, including kernel module name and memory address.
Last 5 thread switches	Last five kernel thread switches on the CPU before the kernel thread deadloop was detected, including kernel thread name and kernel thread switching time with microsecond precision.
Register content	Register information: · Reg—Name of a register. · Val—Value saved in a register.
Dump stack	Stack information.
Call trace	Function call stack information, which shows the instruction address of a called function at each level.
Instruction dump	Instruction code when the kernel thread deadloop was detected. ffffffff indicates an illegitimate instruction code.
No information to display	No kernel thread deadloop information.

Related commands

reset kernel deadloop

display kernel deadloop configuration

Use display kernel deadloop configuration to display kernel thread deadloop detection configuration.

Syntax

Centralized devices in standalone mode:

display kernel deadloop configuration

Distributed devices in standalone mode/centralized devices in IRF mode:

display kernel deadloop configuration [ slot slot-number [ cpu cpu-number ] ]

Distributed devices in IRF mode:

display kernel deadloop configuration [ chassis chassis-number slot slot-number [ cpu cpu-number ] ]

Views

Any view

Predefined user roles

network-admin

Parameters

slot slot-number: Specifies an MPU by its slot number. If you do not specify this option, the command displays kernel thread deadloop detection configuration for the active MPU. (Distributed devices in standalone mode.)

slot slot-number: Specifies an IRF member device by its ID. If you do not specify this option, the command displays kernel thread deadloop detection configuration for the master device. (Centralized devices in IRF mode.)

chassis chassis-number slot slot-number: Specifies an MPU on an IRF member device. If you do not specify this option, the command displays kernel thread deadloop detection configuration for the global active MPU. (Distributed devices in IRF mode.)

cpu cpu-number: Specifies a CPU by its number. (Centralized devices in IRF mode/distributed devices in IRF or standalone mode.)

Examples

# Display kernel thread deadloop detection configuration.

<Sysname> display kernel deadloop configuration

Thread dead loop detection: Enabled

Dead loop timer (in seconds): 60

Threads excluded from monitoring: 1

TID: 15 Name: co0

Table 66 Command output

Field	Description
Dead loop timer (in seconds): n	Time interval (in seconds) to identify a kernel thread deadloop. A kernel thread deadloop occurs if a kernel thread runs more than n seconds.
Threads excluded from monitoring	Kernel threads excluded from kernel thread deadloop detection. This field appears only if the monitor kernel deadloop exclude-thread command is configured.
Name	Kernel thread name.
TID	Kernel thread number.
No thread is excluded from monitoring	All kernel threads are monitored by kernel thread deadloop detection.

display kernel exception

Use display kernel exception to display kernel thread exception information.

Syntax

Centralized devices in standalone mode:

display kernel exception show-number [ offset ] [ verbose ]

Distributed devices in standalone mode/centralized devices in IRF mode:

display kernel exception show-number [ offset ] [ verbose ] [ slot slot-number [ cpu cpu-number ] ]

Distributed devices in IRF mode:

display kernel exception show-number [ offset ] [ verbose ] [ chassis chassis-number slot slot-number [ cpu cpu-number ] ]

Views

Any view

Predefined user roles

network-admin

Parameters

show-number: Specifies the number of kernel exceptions to display, in the range of 1 to 10.

offset: Specifies the offset between the starting exception and the latest exception, in the range of 0 to 9. The default value is 0.

verbose: Displays detailed information. If you do not specify this keyword, the command displays brief information.

slot slot-number: Specifies an MPU by its slot number. If you do not specify this option, the command displays kernel thread exception information for the active MPU. (Distributed devices in standalone mode.)

slot slot-number: Specifies an IRF member device by its ID. If you do not specify this option, the command displays kernel thread exception information for the master device. (Centralized devices in IRF mode.)

chassis chassis-number slot slot-number: Specifies an MPU on an IRF member device. If you do not specify this option, the command displays kernel thread exception information for the global active MPU. (Distributed devices in IRF mode.)

cpu cpu-number: Specifies a CPU by its number. (Centralized devices in IRF mode/distributed devices in IRF or standalone mode.)

Usage guidelines

If an exception occurs to a running kernel thread, the system automatically records the exception information.

Examples

# Display brief information about the latest kernel thread exception.

<Sysname> display kernel exception 1

----------------- Exception record 1 -----------------

Description : Oops[#0]

Recorded at : 2013-05-01 11:16:00.823018

Occurred at : 2013-05-01 11:16:00.823018

Instruction address : 0x4004158c

Thread : comsh (TID: 16306)

Context : thread context

Chassis : 0

Slot : 0

Cpu : 0

VCPU ID : 0

Kernel module info : module name (mrpnc) module address (0xe332a000)

module name (disk) module address (0xe00bd000)

# Display detailed information about the latest kernel thread exception.

<Sysname> display kernel exception 1 verbose

----------------- Exception record 1 -----------------

Description : Oops[#0]

Recorded at : 2013-05-01 11:16:00.823018

Occurred at : 2013-05-01 11:16:00.823018

Instruction address : 0x4004158c

Thread : comsh (TID: 16306)

Context : thread context

Chassis : 0

Slot : 0

Cpu : 0

VCPU ID : 0

Kernel module info : module name (mrpnc) module address (0xe332a000)

module name (12500) module address (0xe00bd000)

Last 5 thread switches : migration/0 (11:16:00.823018)-->

swapper (11:16:00.833018)-->

kthreadd (11:16:00.833518)-->

swapper (11:16:00.833550)-->

disk (11:16:00.833560)

Reg: r0, Val = 0x00000000 ; Reg: r1, Val = 0xe2be5ea0 ;

Reg: r2, Val = 0x00000000 ; Reg: r3, Val = 0x77777777 ;

Reg: r4, Val = 0x00000000 ; Reg: r5, Val = 0x00001492 ;

Reg: r6, Val = 0x00000000 ; Reg: r7, Val = 0x0000ffff ;

Reg: r8, Val = 0x77777777 ; Reg: r9, Val = 0x00000000 ;

Reg: r10, Val = 0x00000001 ; Reg: r11, Val = 0x0000002c ;

Reg: r12, Val = 0x057d9484 ; Reg: r13, Val = 0x00000000 ;

Reg: r14, Val = 0x00000000 ; Reg: r15, Val = 0x02000000 ;

Reg: r16, Val = 0xe2be5f00 ; Reg: r17, Val = 0x00000000 ;

Reg: r18, Val = 0x00000000 ; Reg: r19, Val = 0x00000000 ;

Reg: r20, Val = 0x024c10f8 ; Reg: r21, Val = 0x057d9244 ;

Reg: r22, Val = 0x00002000 ; Reg: r23, Val = 0x0000002c ;

Reg: r24, Val = 0x00000002 ; Reg: r25, Val = 0x24000024 ;

Reg: r26, Val = 0x00000000 ; Reg: r27, Val = 0x057d9484 ;

Reg: r28, Val = 0x0000002c ; Reg: r29, Val = 0x00000000 ;

Reg: r30, Val = 0x0000002c ; Reg: r31, Val = 0x00000000 ;

Reg: cr, Val = 0x84000028 ; Reg: nip, Val = 0x057d9550 ;

Reg: xer, Val = 0x00000000 ; Reg: lr, Val = 0x0186eff0 ;

Reg: ctr, Val = 0x682f7344 ; Reg: msr, Val = 0x00784b5c ;

Reg: trap, Val = 0x0000b030 ; Reg: dar, Val = 0x77777777 ;

Reg: dsisr, Val = 0x40000000 ; Reg: result, Val = 0x00020300 ;

Dump stack (total 1024 bytes, 16 bytes/line):

0xe2be5ea0: 02 be 5e c0 24 00 00 24 00 00 00 00 05 7d 94 84

0xe2be5eb0: 00 00 00 04 00 00 00 00 00 00 00 28 05 8d 34 c4

0xe2be5ec0: 02 be 60 a0 01 86 ef f0 00 00 00 00 00 00 00 00

0xe2be5ed0: 02 04 05 b4 00 00 00 00 00 00 00 00 00 00 00 00

0xe2be5ee0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

0xe2be5ef0: 95 47 73 35 00 00 00 00 00 00 00 00 00 00 00 00

0xe2be5f00: a0 e1 64 21 00 00 00 00 00 00 00 00 00 00 00 00

0xe2be5f10: 00 00 00 00 00 00 00 00 00 00 00 00 01 e9 00 00

0xe2be5f20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

0xe2be5f30: 00 00 00 00 00 00 00 00 02 be 66 c0 02 be 66 d0

0xe2be5f40: 02 be 61 e0 00 00 00 02 00 00 00 00 02 44 b3 a4

0xe2be5f50: 02 be 5f 90 00 00 00 08 02 be 5f e0 00 00 00 08

0xe2be5f60: 02 be 5f 80 00 ac 1b 14 00 00 00 00 00 00 00 00

0xe2be5f70: 05 b4 5f 90 02 be 5f e0 00 00 00 30 02 be 5f e0

0xe2be5f80: 02 be 5f c0 00 ac 1b f4 00 00 00 00 02 45 00 00

0xe2be5f90: 00 03 00 00 00 00 00 00 02 be 5f e0 00 00 00 30

0xe2be5fa0: 02 be 5f c0 00 ac 1b 14 61 f1 2e ae 02 45 00 00

0xe2be5fb0: 02 44 b3 74 02 be 5f d0 00 00 00 30 02 be 5f e0

0xe2be5fc0: 02 be 60 60 01 74 ff f8 00 00 00 00 00 00 08 00

0xe2be5fd0: 02 be 5f f0 00 e8 93 7e 02 be 5f f8 02 be 5f fc

0xe2be5fe0: 00 00 00 00 00 00 00 00 00 00 00 00 02 be 60 18

0xe2be5ff0: 02 be 60 10 00 e9 65 98 00 00 00 58 00 00 2a 4f

0xe2be6000: 02 be 60 10 00 00 00 00 00 00 00 00 02 be 60 68

0xe2be6010: 02 be 60 40 00 e8 c6 a0 00 00 11 17 00 00 00 00

0xe2be6020: 02 be 60 40 00 00 00 00 00 00 00 00 02 be 60 98

0xe2be6030: 02 27 00 00 00 00 00 00 00 00 00 00 02 be 60 68

0xe2be6040: 02 be 60 60 00 00 00 01 00 00 b0 30 02 be 60 98

0xe2be6050: 00 00 00 04 02 21 00 00 00 00 00 00 01 e9 00 00

0xe2be6060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

0xe2be6070: 00 00 00 00 00 00 00 00 02 be 66 c0 02 be 66 d0

0xe2be6080: 02 be 61 e0 00 00 00 02 00 00 00 00 02 be 61 70

0xe2be6090: 00 00 00 00 02 21 00 00 05 8d 34 c4 05 7d 92 44

Call trace:

Function Address = 0x8012a4b4

Function Address = 0x8017989c

Function Address = 0x80179b30

Function Address = 0x80127438

Function Address = 0x8012d734

Function Address = 0x80100a00

Function Address = 0xe0071004

Function Address = 0x8016ce0c

Function Address = 0x801223a0

Instruction dump:

41a2fe9c 812300ec 800200ec 7f890000 409efe8c 80010014 540b07b9 40a2fe80

4bfffe6c 80780290 7f64db78 4804ea35 <807f002c> 38800000 38a00080 3863000c

For detailed information about the command output, see Table 65.

Related commands

reset kernel exception

display kernel starvation configuration

Use display kernel starvation configuration to display kernel thread starvation detection configuration.

Syntax

Centralized devices in standalone mode:

display kernel starvation configuration

Distributed devices in standalone mode/centralized devices in IRF mode:

display kernel starvation configuration [ slot slot-number [ cpu cpu-number ] ]

Distributed devices in IRF mode:

display kernel starvation configuration [ chassis chassis-number slot slot-number [ cpu cpu-number ] ]

Views

Any view

Predefined user roles

network-admin

Parameters

slot slot-number: Specifies a card by its slot number. If you do not specify this option, the command displays kernel thread starvation detection configuration on the active MPU. (Distributed devices in standalone mode.)

slot slot-number: Specifies an IRF member device by its ID. If you do not specify this option, the command displays kernel thread starvation detection configuration for the master device. (Centralized devices in IRF mode.)

chassis chassis-number slot slot-number: Specifies a card on an IRF member device. If you do not specify this option, the command displays kernel thread starvation detection configuration for the global active MPU. (Distributed devices in IRF mode.)

cpu cpu-number: Specifies a CPU by its number. (Centralized devices in IRF mode/distributed devices in IRF or standalone mode.)

Examples

# Display kernel thread starvation detection configuration.

<Sysname> display kernel starvation configuration

Thread starvation detection: Enabled

Starvation timer (in seconds): 10

Threads excluded from monitoring: 1

TID: 123 Name: co0

Table 67 Command output

Field	Description
Starvation timer (in seconds): n	Time interval (in seconds) to identify a kernel thread starvation. A kernel thread starvation occurs if a kernel thread does not run within n seconds.
Threads excluded from monitoring	Kernel threads excluded from kernel thread starvation detection.
Name	Kernel thread name.
TID	Kernel thread number.

Related commands

monitor kernel starvation enable

monitor kernel starvation exclude-thread

monitor kernel starvation time

display process

Use display process to display process state information.

Syntax

Centralized devices in standalone mode:

display process [ all | job job-id | name process-name ]

Distributed devices in standalone mode/centralized devices in IRF mode:

display process [ all | job job-id | name process-name ] [ slot slot-number [ cpu cpu-number ] ]

Distributed devices in IRF mode:

display process [ all | job job-id | name process-name ] [ chassis chassis-number slot slot-number [ cpu cpu-number ] ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

all: Specifies all processes. With the all keyword or without any parameters, the command displays state information for all processes.

job job-id: Specifies a process by its job ID, in the range of 1 to 2147483647. Each process has a fixed job ID.

name process-name: Specifies a process by its name, a case-insensitive string of 1 to 15 characters that must not contain question marks or spaces.

slot slot-number: Specifies a card by its slot number. If you do not specify this option, the command displays process state information for the active MPU. (Distributed devices in standalone mode.)

slot slot-number: Specifies an IRF member device by its ID. If you do not specify this option, the command displays process state information for the master device. (Centralized devices in IRF mode .)

chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the card. If you do not specify a card, this command displays information for the global active MPU. (Distributed devices in IRF mode.)

cpu cpu-number: Specifies a CPU by its number. (Centralized devices in IRF mode/distributed devices in IRF or standalone mode.)

Examples

# Display state information for process scmd.

<Sysname> display process name scmd

Job ID: 1

PID: 1

Parent JID: 0

Parent PID: 0

Executable path: -

Instance: 0

Respawn: OFF

Respawn count: 1

Max. spawns per minute: 0

Last started: Wed Jun 1 14:45:46 2013

Process state: sleeping

Max. core: 0

ARGS: -

TID LAST_CPU Stack PRI State HH:MM:SS:MSEC Name

1 0 0K 120 S 0:0:5:220 scmd

Table 68 Command output

Field	Description
Job ID	Job ID of the process. The job ID never changes.
PID	Number of the process. The number identifies the process, and it might change as the process restarts.
Parent JID	Job ID of the parent process.
Parent PID	Number of the parent process.
Executable path	Executable path of the process. For a kernel thread, this field displays a hyphen (-).
Instance	Instance number of the process. Whether a process can run multiple instances depends on the software implementation.
Respawn	Indicates whether the process restarts when an error occurs: · ON—The process automatically restarts. · OFF—The process does not automatically restarts.
Respawn count	Times that the process has restarted. The starting value is 1.
Max. spawns per minute	Maximum number of times that the process can restart within one minute. If the threshold is reached, the system automatically shuts down the process.
Last started	Time when the latest restart occurred.
Process state	State of the process: · running—Running or waiting in the queue. · sleeping—Interruptible sleep. · traced or stopped—Stopped. · uninterruptible sleep—Uninterruptible sleep. · zombie—The process has quit, but some resources are not released.
Max. core	Maximum number of core files that the process can create. 0 indicates that the process never creates a core file. A process creates a core file after it abnormally restarts. If the number of core files reaches the maximum value, no more core files are created. Core files are helpful for troubleshooting.
ARGS	Parameters carried by the process during startup. If the process carries no parameters, this field displays a hyphen (-).
TID	Thread ID.
LAST_CPU	Number of the CPU on which the process is last scheduled.
Stack	Stack size.
PRI	Thread priority.
State	Thread state: · R—Running. · S—Sleeping. · T—Traced or stopped. · D—Uninterruptible sleep. · Z—Zombie.
HH:MM:SS:MSEC	Running time since the latest start.
Name	Process name.

# Display state information for all processes.

<Sysname> display process all

JID PID %CPU %MEM STAT PRI TTY HH:MM:SS COMMAND

1 1 0.0 0.0 S 120 - 00:00:04 scmd

2 2 0.0 0.0 S 115 - 00:00:00 [kthreadd]

3 3 0.0 0.0 S 99 - 00:00:00 [migration/0]

4 4 0.0 0.0 S 115 - 00:00:05 [ksoftirqd/0]

5 5 0.0 0.0 S 99 - 00:00:00 [watchdog/0]

6 6 0.0 0.0 S 115 - 00:00:00 [events/0]

7 7 0.0 0.0 S 115 - 00:00:00 [khelper]

8 8 0.0 0.0 S 115 - 00:00:00 [kblockd/0]

9 9 0.0 0.0 S 115 - 00:00:00 [ata/0]

10 10 0.0 0.0 S 115 - 00:00:00 [ata_aux]

11 11 0.0 0.0 S 115 - 00:00:00 [kseriod]

12 12 0.0 0.0 S 120 - 00:00:00 [vzmond]

13 13 0.0 0.0 S 120 - 00:00:00 [pdflush]

14 14 0.0 0.0 S 120 - 00:00:00 [pdflush]

15 15 0.0 0.0 S 115 - 00:00:00 [kswapd0]

16 16 0.0 0.0 S 115 - 00:00:00 [aio/0]

17 17 0.0 0.0 S 115 - 00:00:00 [scsi_eh_0]

18 18 0.0 0.0 S 115 - 00:00:00 [scsi_eh_1]

19 19 0.0 0.0 S 115 - 00:00:00 [scsi_eh_2]

35 35 0.0 0.0 D 100 - 00:00:00 [lipc_topology]

---- More ----

Table 69 Command output

Field	Description
JID	Job ID of a process. It never changes.
PID	Number of a process.
%CPU	CPU usage in percentage (%).
%MEM	Memory usage in percentage (%).
STAT	State of a process: · R—Running. · S—Sleeping. · T—Traced or stopped. · D—Uninterruptible sleep. · Z—Zombie.
PRI	Priority of a process for scheduling.
TTY	TTY used by a process.
HH:MM:SS	Running time since the latest start. If the running time reaches or exceeds 100 hours, this field displays only the number of hours.
COMMAND	Name and parameters of a process. If square brackets ([ ]) exist in a process name, the process is a kernel thread.

display process cpu

Use display process cpu to display CPU usage for all processes.

Syntax

Centralized devices in standalone mode:

display process cpu

Distributed devices in standalone mode/centralized devices in IRF mode:

display process cpu [ slot slot-number [ cpu cpu-number ] ]

Distributed devices in IRF mode:

display process cpu [ chassis chassis-number slot slot-number [ cpu cpu-number ] ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

slot slot-number: Specifies a card by its slot number. If you do not specify this option, the command displays CPU usage for all processes on the active MPU. (Distributed devices in standalone mode.)

slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command displays information for the master device. (Centralized devices in IRF mode.)

chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the card. If you do not specify a card, this command displays information for the global active MPU. (Distributed devices in IRF mode.)

cpu cpu-number: Specifies a CPU by its number. (Centralized devices in IRF mode/distributed devices in IRF or standalone mode.)

Examples

# Display CPU usage for all processes.

<Sysname> display process cpu

CPU utilization in 5 secs: 16.8%; 1 min: 4.7%; 5 mins: 4.7%

JID 5Sec 1Min 5Min Name

1 0.0% 0.0% 0.0% scmd

2 0.0% 0.0% 0.0% [kthreadd]

3 0.1% 0.0% 0.0% [ksoftirqd/0]

4 0.0% 0.0% 0.0% [watchdog/0]

5 0.0% 0.0% 0.0% [events/0]

6 0.0% 0.0% 0.0% [khelper]

29 0.0% 0.0% 0.0% [kblockd/0]

49 0.0% 0.0% 0.0% [vzmond]

52 0.0% 0.0% 0.0% [pdflush]

53 0.0% 0.0% 0.0% [pdflush]

54 0.0% 0.0% 0.0% [kswapd0]

110 0.0% 0.0% 0.0% [aio/0]

712 0.0% 0.0% 0.0% [mtdblockd]

719 0.0% 0.0% 0.0% [TNetJob]

720 0.0% 0.0% 0.0% [TMTH]

727 0.0% 0.0% 0.0% [CF]

730 0.0% 0.0% 0.0% [DIBC]

752 0.0% 0.0% 0.0% [lipc_topology]

762 0.0% 0.0% 0.0% [MNET]

763 0.0% 0.0% 0.0% [SYSM]

---- More ----

Table 70 Command output

Field	Description
CPU utilization in 5 secs: 16.8%; 1 min: 4.7%; 5 mins: 4.7%	System CPU usage within the last 5 seconds, 1 minute, and 5 minutes.
JID	Job ID of a process. It never changes.
5Sec	CPU usage of the process within the last 5 seconds.
1Min	CPU usage of the process within the last minute.
5Min	CPU usage of the process within the last 5 minutes.
Name	Name of the process. If square brackets ([ ]) exist in a process name, the process is a kernel thread.

display process log

Use display process log to display log information for all user processes.

Syntax

Centralized devices in standalone mode:

display process log

Distributed devices in standalone mode/centralized devices in IRF mode:

display process log [ slot slot-number [ cpu cpu-number ] ]

Distributed devices in IRF mode:

display process log [ chassis chassis-number slot slot-number [ cpu cpu-number ] ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command displays information for the master device. (Centralized devices in IRF mode.)

chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the card. If you do not specify a card, this command displays information for the global active MPU. (Distributed devices in IRF mode.)

cpu cpu-number: Specifies a CPU by its number. (Centralized devices in IRF mode/distributed devices in IRF or standalone mode.)

Examples

# Display log information for all user processes.

<Sysname> display process log

Process JobID PID Abort Core Exit Kill StartTime EndTime

knotify 92 92 N N 0 36 12-17 07:10:27 12-17 07:10:27

knotify 93 93 N N 0 -- 12-17 07:10:27 12-17 07:10:27

automount 94 94 N N 0 -- 12-17 07:10:27 12-17 07:10:28

knotify 111 111 N N 0 -- 12-17 07:10:28 12-17 07:10:28

comsh 121 121 N N 0 -- 12-17 07:10:30 12-17 07:10:30

knotify 152 152 N N 0 -- 12-17 07:10:31 12-17 07:10:31

autocfgd 155 155 N N 0 -- 12-17 07:10:31 12-17 07:10:31

pkg_update 122 122 N N 0 -- 12-17 07:10:30 12-17 07:10:31

Table 71 Command output

Field	Description
Process	Name of a user process.
JobID	Job ID of a user process.
PID	ID of a user process.
Abort	Indicates whether the process exited abnormally: · Y—Yes. · N—No.
Core	Indicates whether the process can generate core files: · Y—Yes. · N—No.
Exit	Process exit code. This field displays two hyphens (--) if the process was killed by a signal.
Kill	Code of the signal that killed the process. This field displays two hyphens (--) if the process exited instead of being killed.
StartTime	Time when the user process started.
EndTime	Time when the user process ended.

display process memory

Use display process memory to display memory usage for all user processes.

Syntax

Centralized devices in standalone mode:

display process memory

Distributed devices in standalone mode/centralized devices in IRF mode:

display process memory [ slot slot-number [ cpu cpu-number ] ]

Distributed devices in IRF mode:

display process memory [ chassis chassis-number slot slot-number [ cpu cpu-number ] ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

slot slot-number: Specifies a card by its slot number. If you do not specify this option, the command displays memory usage for all user processes on the active MPU. (Distributed devices in standalone mode.)

slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command displays information for the master device. (Centralized devices in IRF mode.)

chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the card. If you do not specify a card, this command displays information for the global active MPU. (Distributed devices in IRF mode.)

cpu cpu-number: Specifies a CPU by its number. (Centralized devices in IRF mode/distributed devices in IRF or standalone mode.)

Usage guidelines

When a user process starts, it requests the following types of memory from the system:

· Text memory—Stores code for the user process.

· Data memory—Stores data for the user process.

· Stack memory—Stores temporary data.

· Dynamic memory—Heap memory dynamically assigned and released by the system according to the needs of the user process. To view dynamic memory information, execute the display process memory heap command.

Examples

# Display memory usage for all user processes.

<Sysname> display process memory

JID Text Data Stack Dynamic Name

1 384 1800 16 36 scmd

2 0 0 0 0 [kthreadd]

3 0 0 0 0 [ksoftirqd/0]

4 0 0 0 0 [watchdog/0]

5 0 0 0 0 [events/0]

6 0 0 0 0 [khelper]

29 0 0 0 0 [kblockd/0]

49 0 0 0 0 [vzmond]

52 0 0 0 0 [pdflush]

---- More ----

Table 72 Command output

Field	Description
JID	Job ID of a process. It never changes.
Text	Text memory used by the user process, in KB. The value for a kernel thread is 0.
Data	Data memory used by the user process, in KB. The value for a kernel thread is 0.
Stack	Stack memory used by the user process, in KB. The value for a kernel thread is 0.
Dynamic	Dynamic memory used by the user process, in KB. The value for a kernel thread is 0.
Name	Name of the user process. If square brackets ([ ]) exist in a process name, the process is a kernel thread.

Related commands

display process memory heap

display process memory heap address

display process memory heap size

display process memory heap

Use display process memory heap to display heap memory usage for a user process.

Syntax

Centralized devices in standalone mode:

display process memory heap job job-id [ verbose ]

Distributed devices in standalone mode/centralized devices in IRF mode:

display process memory heap job job-id [ verbose ] [ slot slot-number [ cpu cpu-number ] ]

Distributed devices in IRF mode:

display process memory heap job job-id [ verbose ] [ chassis chassis-number slot slot-number [ cpu cpu-number ] ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

job job-id: Specifies a user process by its job ID, in the range of 1 to 2147483647.

verbose: Displays detailed information. If you do not specify this keyword, the command displays brief information.

slot slot-number: Specifies a card by its slot number. If you do not specify this option, the command displays heap memory usage for the user process on the active MPU. (Distributed devices in standalone mode.)

slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command displays information for the master device. (Centralized devices in IRF mode.)

chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the card. If you do not specify a card, this command displays information for the global active MPU. (Distributed devices in IRF mode.)

cpu cpu-number: Specifies a CPU by its number. (Centralized devices in IRF mode/distributed devices in IRF or standalone mode.)

Usage guidelines

Heap memory comprises fixed-sized blocks such as 16-byte or 64-byte blocks. It stores data and variables used by the user process. When a user process starts, the system dynamically allocates heap memory to the process.

Each memory block has an address represented in hexadecimal format, which can be used to access the memory block. You can view memory block addresses by using the display process memory heap size command, and view memory block contents by using the display process memory heap address command.

Examples

# Display brief information about heap memory usage for the process identified by job ID 148.

<Sysname> display process memory heap job 148

Total virtual memory heap space(in bytes) : 2228224

Total physical memory heap space(in bytes) : 262144

Total allocated memory(in bytes) : 161576

# Display detailed information about heap memory usage for the process identified by job ID 148.

<Sysname> display process memory heap job 148 verbose

Heap usage:

Size Free Used Total Free Ratio

16 8 52 60 13%

64 3 1262 1265 0.2%

128 2 207 209 1%

512 3 55 58 5.1%

4096 3 297 300 1%

8192 1 19 20 5%

81920 0 1 1 0%

Summary:

Total virtual memory heap space (in bytes) : 2293760

Total physical memory heap space (in bytes) : 58368

Total allocated memory (in bytes) : 42368

Table 73 Command output

Field	Description
Size	Size of each memory block, in bytes.
Free	Number of free memory blocks.
Used	Number of used memory blocks.
Total	Total number of memory blocks.
Free Ratio	Ratio of free memory to total memory. It helps identify fragment information.

Related commands

display process memory

display process memory heap address

display process memory heap size

display process memory heap address

Use display process memory heap address to display heap memory content starting from a specified memory block for a process.

Syntax

Centralized devices in standalone mode:

display process memory heap job job-id address starting-address length memory-length

Distributed devices in standalone mode/centralized devices in IRF mode:

display process memory heap job job-id address starting-address length memory-length [ slot slot-number [ cpu cpu-number ] ]

Distributed devices in IRF mode:

display process memory heap job job-id address starting-address length memory-length [ chassis chassis-number slot slot-number [ cpu cpu-number ] ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

job job-id: Specifies a user process by its job ID, in the range of 1 to 2147483647.

address starting-address: Specifies the starting memory block by its address.

length memory-length: Specifies the memory block length in the range of 1 to 1024 bytes.

slot slot-number: Specifies a card by its slot number. If you do not specify this option, the command displays memory content information on the active MPU. (Distributed devices in standalone mode.)

slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command displays information for the master device. (Centralized devices in IRF mode.)

chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the card. If you do not specify a card, this command displays information for the global active MPU. (Distributed devices in IRF mode.)

cpu cpu-number: Specifies a CPU by its number. (Centralized devices in IRF mode/distributed devices in IRF or standalone mode.)

Usage guidelines

When a user process runs abnormally, the command helps locate the problem.

Examples

# Display 128-byte memory block content starting from the memory block 0xb7e30580 for the process job 1.

<Sysname> display process memory heap job 1 address b7e30580 length 128

B7E30580: 14 00 EF FF 00 00 00 00 E4 39 E2 B7 7C 05 E3 B7 .........9..|...

B7E30590: 14 00 EF FF 2F 73 62 69 6E 2F 73 6C 62 67 64 00 ..../sbin/slbgd.

B7E305A0: 14 00 EF FF 00 00 00 00 44 3B E2 B7 8C 05 E3 B7 ........D;......

B7E305B0: 14 00 EF FF 2F 73 62 69 6E 2F 6F 73 70 66 64 00 ..../sbin/ospfd.

B7E305C0: 14 00 EF FF 00 00 00 00 A4 3C E2 B7 AC 05 E3 B7 .........<......

B7E305D0: 14 00 EF FF 2F 73 62 69 6E 2F 6D 73 74 70 64 00 ..../sbin/mstpd.

B7E305E0: 14 00 EF FF 00 00 00 00 04 3E E2 B7 CC 05 E3 B7 .........>......

B7E305F0: 14 00 EF FF 2F 73 62 69 6E 2F 6E 74 70 64 00 00 ..../sbin/ntpd..

Related commands

display process memory heap

display process memory heap size

Use display process memory heap size to display the addresses of heap memory blocks with a specified size used by a process.

Syntax

Centralized devices in standalone mode:

display process memory heap job job-id size memory-size [ offset offset-size ]

Distributed devices in standalone mode/centralized devices in IRF mode:

display process memory heap job job-id size memory-size [ offset offset-size ] [ slot slot-number [ cpu cpu-number ] ]

Distributed devices in IRF mode:

display process memory heap job job-id size memory-size [ offset offset-size ] [ chassis chassis-number slot slot-number [ cpu cpu-number ] ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

job job-id: Specifies a process by its job ID, in the range of 1 to 2147483647.

size memory-size: Specifies the memory block size in the range of 1 to 4294967295.

offset offset-size: Specifies an offset in the range of 0 to 4294967295. The default value is 128. For example, suppose the system allocates 100 16-byte memory blocks to process job 1, and the process has used 66 blocks. Then if you execute the display process memory heap job 1 size 16 offset 50 command, the output shows the addresses of the 51st through 66th 16-byte blocks used by the process.

slot slot-number: Specifies a card by its slot number. If you do not specify this option, the command displays block address information on the active MPU. (Distributed devices in standalone mode.)

slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command displays information for the master device. (Centralized devices in IRF mode.)

chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the card. If you do not specify a card, this command displays information for the global active MPU. (Distributed devices in IRF mode.)

cpu cpu-number: Specifies a CPU by its number. (Centralized devices in IRF mode/distributed devices in IRF or standalone mode.)

Usage guidelines

The command displays memory block addresses in hexadecimal format. To view memory block content, execute the display process memory heap address command.

Examples

# Display the addresses of 16-byte memory blocks used by process job 1.

<Sysname> display process memory heap job 1 size 16

0xb7e300c0 0xb7e300d0 0xb7e300e0 0xb7e300f0

0xb7e30100 0xb7e30110 0xb7e30120 0xb7e30130

0xb7e30140 0xb7e30150 0xb7e30160 0xb7e30170

0xb7e30180 0xb7e30190 0xb7e301a0 0xb7e301b0

0xb7e301c0 0xb7e301d0 0xb7e301e0 0xb7e301f0

0xb7e30200 0xb7e30210 0xb7e30220 0xb7e30230

# Display the addresses of 16-byte memory blocks starting from the fifth block used by process job 1.

<Sysname> display process memory heap job 1 size 16 offset 4

0xb7e30100 0xb7e30110 0xb7e30120 0xb7e30130

0xb7e30140 0xb7e30150 0xb7e30160 0xb7e30170

0xb7e30180 0xb7e30190 0xb7e301a0 0xb7e301b0

0xb7e301c0 0xb7e301d0 0xb7e301e0 0xb7e301f0

0xb7e30200 0xb7e30210 0xb7e30220 0xb7e30230

Related commands

display process memory heap

display process memory heap address

exception filepath

Use exception filepath to specify the directory for saving core files.

Use undo exception filepath to remove the specified directory.

Syntax

exception filepath directory

undo exception filepath directory

Default

The default directory is the root directory of the default file system.

Views

User view

Predefined user roles

network-admin

Parameters

directory: Specifies the directory for saving core files.

Usage guidelines

(Centralized devices.) The specified directory must be the root directory of a file system on the device.

(Centralized devices in IRF mode.) The specified directory must be the root directory of a file system on the master.

(Distributed devices in standalone mode.) The specified directory must be the root directory of a file system on the active MPU.

(Distributed devices in IRF mode.) The specified directory must be the root directory of a file system on the global active MPU.

The system saves core files to the core directory in the specified directory. If the core directory does not exist in the specified directory, the system creates the core directory before saving core files.

If no directory is specified or the specified directory is not accessible, the system cannot save core files.

Examples

# Specify the directory for saving core files as flash:/.

<Sysname> exception filepath flash:/

Related commands

display exception filepath

process core

monitor kernel deadloop enable

Use monitor kernel deadloop enable to enable kernel thread deadloop detection.

Use undo monitor kernel deadloop enable to disable kernel thread deadloop detection.

Syntax

Centralized devices in standalone mode:

monitor kernel deadloop enable

undo monitor kernel deadloop enable

Distributed devices in standalone mode/centralized devices in IRF mode:

monitor kernel deadloop enable [ slot slot-number [ cpu cpu-number ] ]

undo monitor kernel deadloop enable [ slot slot-number [ cpu cpu-number ] ]

Distributed devices in IRF mode:

monitor kernel deadloop enable [ chassis chassis-number slot slot-number [ cpu cpu-number ] ]

undo monitor kernel deadloop enable [ chassis chassis-number slot slot-number [ cpu cpu-number ] ]

Default

Kernel thread deadloop detection is disabled.

Views

System view

Predefined user roles

network-admin

Parameters

slot slot-number: Specifies a card by its slot number. If you do not specify this option, the active MPU is specified. (Distributed devices in standalone mode.)

slot slot-number: Specifies an IRF member device by its ID. If you do not specify this option, the master device is specified. (Centralized devices in IRF mode.)

chassis chassis-number slot slot-number: Specifies a card on an IRF member device. If you do not specify this option, the global active MPU is specified. (Distributed devices in IRF mode.)

cpu cpu-number: Specifies a CPU by its number. (Centralized devices in IRF mode/distributed devices in IRF or standalone mode.)

Usage guidelines

Kernel threads share resources in kernel space. If a kernel thread monopolizes the CPU for a long time, other threads cannot run, resulting in a deadloop.

The command enables the device to detect deadloops. If a thread occupies the CPU regularly, the device considers that a deadloop has occurred. It outputs a deadloop message and reboots to remove the deadloop.

Inappropriate use of the command can cause service problems or system breakdown. Make sure you understand the impact of the command on your network before you use it.

Examples

# Enable kernel thread deadloop detection.

<Sysname> system-view

[Sysname] monitor kernel deadloop enable

Related commands

display kernel deadloop

display kernel deadloop configuration

monitor kernel deadloop exclude-thread

monitor kernel deadloop time

monitor kernel deadloop exclude-thread

Use monitor kernel deadloop exclude-thread to disable kernel thread deadloop detection for a kernel thread.

Use undo monitor kernel deadloop exclude-thread to enable kernel thread deadloop detection for a kernel thread.

Syntax

Centralized devices in standalone mode:

monitor kernel deadloop exclude-thread tid

undo monitor kernel deadloop exclude-thread [ tid ]

Distributed devices in standalone mode/centralized devices in IRF mode:

monitor kernel deadloop exclude-thread tid [ slot slot-number [ cpu cpu-number ] ]

undo monitor kernel deadloop exclude-thread [ tid ] [ slot slot-number [ cpu cpu-number ] ]

Distributed devices in IRF mode:

monitor kernel deadloop exclude-thread tid [ chassis chassis-number slot slot-number [ cpu cpu-number ] ]

undo monitor kernel deadloop exclude-thread [ tid ] [ chassis chassis-number slot slot-number [ cpu cpu-number ] ]

Default

Kernel thread deadloop detection monitors all kernel threads.

Views

System view

Predefined user roles

network-admin

Parameters

tid: Specifies a kernel thread by its ID, in the range of 1 to 2147483647. If no kernel thread is specified for the undo command, the default is restored.

slot slot-number: Specifies a card by its slot number. If you do not specify this option, the active MPU is specified. (Distributed devices in standalone mode.)

slot slot-number: Specifies an IRF member device by its ID. If you do not specify this option, the master device is specified. (Centralized devices in IRF mode.)

chassis chassis-number slot slot-number: Specifies a card on an IRF member device. If you do not specify this option, the global active MPU is specified. (Distributed devices in IRF mode.)

cpu cpu-number: Specifies a CPU by its number. (Centralized devices in IRF mode/distributed devices in IRF or standalone mode.)

Usage guidelines

You can disable kernel thread deadloop detection for up to 128 kernel threads by executing the command.

Inappropriate use of the command can cause service problems or system breakdown. Make sure you understand the impact of the command on your network before you use it.

Examples

# Disable kernel thread deadloop detection for kernel thread 15.

<Sysname> system-view

[Sysname]monitor kernel deadloop exclude-thread 15

Related commands

display kernel deadloop configuration

display kernel deadloop

monitor kernel deadloop enable

monitor kernel deadloop time

Use monitor kernel deadloop time to set the interval for identifying a kernel thread deadloop.

Use undo monitor kernel deadloop time to restore the default.

Syntax

Centralized devices in standalone mode:

monitor kernel deadloop time time

undo monitor kernel deadloop time

Distributed devices in standalone mode/centralized devices in IRF mode:

monitor kernel deadloop time time [ slot slot-number [ cpu cpu-number ] ]

undo monitor kernel deadloop time [ slot slot-number [ cpu cpu-number ] ]

Distributed devices in IRF mode:

monitor kernel deadloop time time [ chassis chassis-number slot slot-number [ cpu cpu-number ] ]

undo monitor kernel deadloop time [ chassis chassis-number slot slot-number [ cpu cpu-number ] ]

Default

The interval for identifying a kernel thread deadloop is 8 seconds.

Views

System view

Predefined user roles

network-admin

Parameters

time time: Specifies the interval for identifying a kernel thread deadloop, in the range of 1 to 65535 seconds.

slot slot-number: Specifies a card by its slot number. If you do not specify this option, the active MPU is specified. (Distributed devices in standalone mode.)

slot slot-number: Specifies an IRF member device by its ID. If you do not specify this option, the master device is specified. (Centralized devices in IRF mode.)

chassis chassis-number slot slot-number: Specifies a card on an IRF member device. If you do not specify this option, the global active MPU is specified. (Distributed devices in IRF mode.)

cpu cpu-number: Specifies a CPU by its number. (Centralized devices in IRF mode/distributed devices in IRF or standalone mode.)

Usage guidelines

If a kernel thread runs for the specified interval, kernel thread deadloop detection considers that a deadloop has occurred. The system records the deadloop and restarts.

Inappropriate use of the command can cause service problems or system breakdown. Make sure you understand the impact of the command on your network before you use it.

Examples

# Set the interval for identifying a kernel thread deadloop to 8 seconds.

<Sysname> system-view

[Sysname] monitor kernel deadloop time 8

Related commands

display kernel deadloop configuration

display kernel deadloop

monitor kernel deadloop enable

monitor kernel deadloop exclude-thread

monitor kernel starvation enable

Use monitor kernel starvation enable to enable kernel thread starvation detection.

Use undo monitor kernel starvation enable to disable kernel thread starvation detection.

Syntax

Centralized devices in standalone mode:

monitor kernel starvation enable

undo monitor kernel starvation enable

Distributed devices in standalone mode/centralized devices in IRF mode:

monitor kernel starvation enable [ slot slot-number [ cpu cpu-number ] ]

undo monitor kernel starvation enable [ slot slot-number [ cpu cpu-number ] ]

Distributed devices in IRF mode:

monitor kernel starvation enable [ chassis chassis-number slot slot-number [ cpu cpu-number ] ]

undo monitor kernel starvation enable [ chassis chassis-number slot slot-number [ cpu cpu-number ] ]

Default

Kernel thread starvation detection is disabled.

Views

System view

Predefined user roles

network-admin

Parameters

slot slot-number: Specifies a card by its slot number. If you do not specify this option, the active MPU is specified. (Distributed devices in standalone mode.)

slot slot-number: Specifies an IRF member device by its ID. If you do not specify this option, the master device is specified. (Centralized devices in IRF mode.)

chassis chassis-number slot slot-number: Specifies a card on an IRF member device. If you do not specify this option, the global active MPU is specified. (Distributed devices in IRF mode.)

cpu cpu-number: Specifies a CPU by its number. (Centralized devices in IRF mode/distributed devices in IRF or standalone mode.)

Usage guidelines

Starvation occurs when a thread is unable to access shared resources.

The command enables the system to detect and report thread starvation. If a thread is not executed within an interval, the system considers that a starvation has occurred, and outputs a starvation message.

Thread starvation does not impact system operation. A starved thread can automatically run when certain conditions are met.

Inappropriate use of the command can cause service problems or system breakdown. Make sure you understand the impact of the command on your network before you use it.

Examples

# Enable kernel thread starvation detection.

<Sysname> system-view

[Sysname] monitor kernel starvation enable

Related commands

display kernel starvation configuration

display kernel starvation

monitor kernel starvation time

monitor kernel starvation exclude-thread

Use monitor kernel starvation exclude-thread to disable kernel thread starvation detection for a kernel thread.

Use undo monitor kernel starvation exclude-thread to enable kernel thread starvation detection for a kernel thread.

Syntax

Centralized devices in standalone mode:

monitor kernel starvation exclude-thread tid

undo monitor kernel starvation exclude-thread [ tid ]

Distributed devices in standalone mode/centralized devices in IRF mode:

monitor kernel starvation exclude-thread tid [ slot slot-number [ cpu cpu-number ] ]

undo monitor kernel starvation exclude-thread [ tid ] [ slot slot-number [ cpu cpu-number ] ]

Distributed devices in IRF mode:

monitor kernel starvation exclude-thread tid [ chassis chassis-number slot slot-number [ cpu cpu-number ] ]

undo monitor kernel starvation exclude-thread [ tid ] [ chassis chassis-number slot slot-number [ cpu cpu-number ] ]

Default

Kernel thread starvation detection, if enabled, monitors all kernel threads.

Views

System view

Predefined user roles

network-admin

Parameters

tid: Specifies a kernel thread by its ID, in the range of 1 to 2147483647. If no kernel thread is specified for the undo command, the default is restored.

slot slot-number: Specifies a card by its slot number. If you do not specify this option, the active MPU is specified. (Distributed devices in standalone mode.)

slot slot-number: Specifies an IRF member device by its ID. If you do not specify this option, the master device is specified. (Centralized devices in IRF mode.)

chassis chassis-number slot slot-number: Specifies a card on an IRF member device. If you do not specify this option, the global active MPU is specified. (Distributed devices in IRF mode.)

cpu cpu-number: Specifies a CPU by its number. (Centralized devices in IRF mode/distributed devices in IRF or standalone mode.)

Usage guidelines

You can disable kernel thread starvation detection for up to 128 kernel threads by executing the command.

Inappropriate use of the command can cause service problems or system breakdown. Make sure you understand the impact of the command on your network before you use it.

Examples

# Disable kernel thread starvation detection for kernel thread 15.

<Sysname> system-view

[Sysname] monitor kernel starvation exclude-thread 15

Related commands

display kernel starvation

display kernel starvation configuration

monitor kernel starvation time

monitor kernel starvation enable

monitor kernel starvation time

Use monitor kernel starvation time to set the interval for identifying a kernel thread starvation.

Use undo monitor kernel starvation time to restore the default.

Syntax

Centralized devices in standalone mode:

monitor kernel starvation time time

undo monitor kernel starvation time

Distributed devices in standalone mode/centralized devices in IRF mode:

monitor kernel starvation time time [ slot slot-number [ cpu cpu-number ] ]

undo monitor kernel starvation time [ slot slot-number [ cpu cpu-number ] ]

Distributed devices in IRF mode:

monitor kernel starvation time time [ chassis chassis-number slot slot-number [ cpu cpu-number ] ]

undo monitor kernel starvation time [ chassis chassis-number slot slot-number [ cpu cpu-number ] ]

Default

The interval for identifying a kernel thread starvation is 120 seconds.

Views

System view

Predefined user roles

network-admin

Parameters

time time: Specifies the interval for identifying a kernel thread starvation, in the range of 1 to 65535 seconds.

slot slot-number: Specifies a card by its slot number. If you do not specify this option, the active MPU is specified. (Distributed devices in standalone mode.)

slot slot-number: Specifies an IRF member device by its ID. If you do not specify this option, the master device is specified. (Centralized devices in IRF mode.)

chassis chassis-number slot slot-number: Specifies a card on an IRF member device. If you do not specify this option, the global active MPU is specified. (Distributed devices in IRF mode.)

cpu cpu-number: Specifies a CPU by its number. (Centralized devices in IRF mode/distributed devices in IRF or standalone mode.)

Usage guidelines

If a thread is not executed within the specified interval, the system considers that a starvation has occurred, and outputs a starvation message.

Inappropriate use of the command can cause service problems or system breakdown. Make sure you understand the impact of the command on your network before you use it.

Examples

# Set the interval for identifying a kernel thread starvation to 120 seconds.

<Sysname> system-view

[Sysname] monitor kernel starvation time 120

Related commands

display kernel starvation

display kernel starvation configuration

monitor kernel starvation enable

monitor kernel starvation exclude-thread

monitor process

Use monitor process to display process statistics.

Syntax

Centralized devices in standalone mode:

monitor process [ dumbtty ] [ iteration number ]

Distributed devices in standalone mode/centralized devices in IRF mode:

monitor process [ dumbtty ] [ iteration number ] [ slot slot-number [ cpu cpu-number ] ]

Distributed devices in IRF mode:

monitor process [ dumbtty ] [ iteration number ] [ chassis chassis-number slot slot-number [ cpu cpu-number ] ]

Views

Any view

Predefined user roles

network-admin

Parameters

dumbtty: Specifies dumbtty mode. In this mode, the command displays process statistics in descending order of CPU usage without refreshing statistics. If you do not specify this keyword, the command displays statistics for the top 10 processes in descending order of CPU usage in an interactive mode, and refreshes statistics every 5 seconds by default.

iteration number: Specifies the number of display times, in the range of 1 to 4294967295. If you specify the dumbtty keyword, the number argument is 1 by default. If neither the dumbtty keyword nor the number argument is specified, there is no limit to the display times and process statistics are refreshed every 5 seconds.

slot slot-number: Specifies a card by its slot number. If you do not specify this option, the command displays process statistics for the active MPU. (Distributed devices in standalone mode.)

slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command displays information for the master device. (Centralized devices in IRF mode.)

chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the card. If you do not specify a card, this command displays information for the global active MPU. (Distributed devices in IRF mode.)

cpu cpu-number: Specifies a CPU by its number. (Centralized devices in IRF mode/distributed devices in IRF or standalone mode.)

Usage guidelines

If you do not specify the dumbtty keyword, the command displays process statistics in an interactive mode. In this mode, the system automatically determines the number of displayed processes according to the screen size, and does not display exceeding processes. You can also input interactive commands as shown in Table 74 to perform relevant operations.

Table 74 Interactive commands

Commands	Description
? or h	Displays help information that includes available interactive commands.
1	Displays state information for physical CPUs. For example, if you enter 1 for the first time, the state of each physical CPU is displayed in a separate row. If you enter 1 again, the average value of all CPU states is displayed. If you enter 1 for the third time, separate states are displayed. By default, the average value of all CPU states is displayed.
c	Sorts processes by CPU usage in descending order, which is the default setting.
d	Sets the interval for refreshing process statistics, in the range of 1 to 2147483647 seconds. The default value is 5 seconds.
f	Sorts processes by the number of open files in descending order. Files are identified by file descriptors (FDs).
k	Kills a process. Because the command can impact system operation, be cautious to use it.
l	Refreshes the screen.
m	Sorts processes by memory usage in descending order.
n	Changes the maximum number of processes displayed within a screen, in the range of 0 to 2147483647. The default value is 10. A value of 0 means no limit. Only processes not exceeding the screen size can be displayed.
q	Quits the interactive mode.
t	Sorts processes by running time in descending order.
<	Moves sort field to the next left column.
>	Moves sort field to the next right column.

Examples

# Display process statistics in dumbtty mode. In this mode, the system displays process statistics once, and then returns to command view.

<Sysname> monitor process dumbtty

76 processes; 103 threads; 687 fds

Thread states: 1 running, 102 sleeping, 0 stopped, 0 zombie

CPU states: 77.16% idle, 0.00% user, 14.96% kernel, 7.87% interrupt

Memory: 496M total, 341M available, page size 4K

JID PID PRI State FDs MEM HH:MM:SS CPU Name

1047 1047 120 R 9 1420K 00:02:23 13.53% diagd

1 1 120 S 17 1092K 00:00:20 7.61% scmd

1000 1000 115 S 0 0K 00:00:09 0.84% [sock/1]

1026 1026 120 S 20 26044K 00:00:05 0.84% syslogd

2 2 115 S 0 0K 00:00:00 0.00% [kthreadd]

3 3 99 S 0 0K 00:00:00 0.00% [migration/0]

4 4 115 S 0 0K 00:00:06 0.00% [ksoftirqd/0]

5 5 99 S 0 0K 00:00:00 0.00% [watchdog/0]

6 6 115 S 0 0K 00:00:01 0.00% [events/0]

7 7 115 S 0 0K 00:00:00 0.00% [khelper]

4797 4797 120 S 8 28832K 00:00:02 0.00% comsh

5117 5117 120 S 8 1496K 00:00:00 0.00% top

# Display process statistics twice in dumbtty mode.

<Sysname> monitor process dumbtty iteration 2

76 processes; 103 threads; 687 fds

Thread states: 1 running, 102 sleeping, 0 stopped, 0 zombie

CPU states: 44.84% idle, 0.51% user, 39.17% kernel, 15.46% interrupt

Memory: 496M total, 341M available, page size 4K

JID PID PRI State FDs MEM HH:MM:SS CPU Name

1047 1047 120 R 9 1420K 00:02:30 37.11% diagd

1 1 120 S 17 1092K 00:00:21 11.34% scmd

1000 1000 115 S 0 0K 00:00:09 2.06% [sock/1]

1026 1026 120 S 20 26044K 00:00:05 1.54% syslogd

1027 1027 120 S 12 9280K 00:01:12 1.03% devd

4 4 115 S 0 0K 00:00:06 0.51% [ksoftirqd/0]

1009 1009 115 S 0 0K 00:00:08 0.51% [karp/1]

1010 1010 115 S 0 0K 00:00:13 0.51% [kND/1]

5373 5373 120 S 8 1496K 00:00:00 0.51% top

2 2 115 S 0 0K 00:00:00 0.00% [kthreadd]

3 3 99 S 0 0K 00:00:00 0.00% [migration/0]

5 5 99 S 0 0K 00:00:00 0.00% [watchdog/0]

6 6 115 S 0 0K 00:00:01 0.00% [events/0]

7 7 115 S 0 0K 00:00:00 0.00% [khelper]

4796 4796 120 S 11 2744K 00:00:00 0.00% login

4797 4797 120 S 8 28832K 00:00:03 0.00% comsh

Five seconds later, the system refreshes process statistics as follows (which is the same as executing the monitor process dumbtty command twice at a 5-second interval):

76 processes; 103 threads; 687 fds

Thread states: 1 running, 102 sleeping, 0 stopped, 0 zombie

CPU states: 78.71% idle, 0.16% user, 14.86% kernel, 6.25% interrupt

Memory: 496M total, 341M available, page size 4K

JID PID PRI State FDs MEM HH:MM:SS CPU Name

1047 1047 120 R 9 1420K 00:02:31 14.25% diagd

1 1 120 S 17 1092K 00:00:21 4.25% scmd

1027 1027 120 S 12 9280K 00:01:12 1.29% devd

1000 1000 115 S 0 0K 00:00:09 0.37% [sock/1]

5373 5373 120 S 8 1500K 00:00:00 0.37% top

6 6 115 S 0 0K 00:00:01 0.18% [events/0]

1009 1009 115 S 0 0K 00:00:08 0.18% [karp/1]

1010 1010 115 S 0 0K 00:00:13 0.18% [kND/1]

4795 4795 120 S 11 2372K 00:00:01 0.18% telnetd

2 2 115 S 0 0K 00:00:00 0.00% [kthreadd]

3 3 99 S 0 0K 00:00:00 0.00% [migration/0]

4 4 115 S 0 0K 00:00:06 0.00% [ksoftirqd/0]

5 5 99 S 0 0K 00:00:00 0.00% [watchdog/0]

7 7 115 S 0 0K 00:00:00 0.00% [khelper]

4796 4796 120 S 11 2744K 00:00:00 0.00% login

4797 4797 120 S 8 28832K 00:00:03 0.00% comsh

# Display process statistics in interactive mode.

<Sysname> monitor process

76 processes; 103 threads; 687 fds

Thread states: 1 running, 102 sleeping, 0 stopped, 0 zombie

CPU states: 78.98% idle, 0.16% user, 14.57% kernel, 6.27% interrupt

Memory: 496M total, 341M available, page size 4K

JID PID PRI State FDs MEM HH:MM:SS CPU Name

1047 1047 120 R 9 1420K 00:02:39 14.13% diagd

1 1 120 S 17 1092K 00:00:23 3.98% scmd

1027 1027 120 S 12 9280K 00:01:13 1.44% devd

1000 1000 115 S 0 0K 00:00:09 0.36% [sock/1]

1009 1009 115 S 0 0K 00:00:09 0.36% [karp/1]

4 4 115 S 0 0K 00:00:06 0.18% [ksoftirqd/0]

1010 1010 115 S 0 0K 00:00:13 0.18% [kND/1]

4795 4795 120 S 11 2372K 00:00:01 0.18% telnetd

5491 5491 120 S 8 1500K 00:00:00 0.18% top

2 2 115 S 0 0K 00:00:00 0.00% [kthreadd]

The system refreshes process statistics every 5 seconds. You can enter interactive commands to perform operation as follows:

· Enter h or a question mark (?) to display help information as follows:

Help for interactive commands:

?,h Show the available interactive commands

1 Toggle SMP view: '1' single/separate states

c Sort by the CPU field(default)

d Set the delay interval between screen updates

f Sort by number of open files

k Kill a job

l Refresh the screen

m Sort by memory used

n Set the maximum number of processes to display

q Quit the interactive display

t Sort by run time of processes since last restart

< Move sort field to the next left column

> Move sort field to the next right column

Press any key to continue

· Enter d, and then enter a number to modify the refresh interval. If you enter 3, statistics are refreshed every 3 seconds.

Enter the delay interval between updates(1~2147483647): 3

· Enter n, and then enter a number to modify the maximum number of displayed processes. If you enter 5, statistics for five processes are displayed.

Enter the max number of processes to display(0 means unlimited):

87 processes; 113 threads; 735 fds

Thread states: 2 running, 111 sleeping, 0 stopped, 0 zombie

CPU states: 86.57% idle, 0.83% user, 11.74% kernel, 0.83% interrupt

Memory: 755M total, 414M available, page size 4K

JID PID PRI State FDs MEM HH:MM:SS CPU Name

864 864 120 S 24 27020K 00:00:43 8.95% syslogd

1173 1173 120 R 24 2664K 00:00:01 2.37% top

866 866 120 S 18 10276K 00:00:09 0.69% devd

1 1 120 S 16 1968K 00:00:04 0.41% scmd

881 881 120 S 8 2420K 00:00:07 0.41% diagd

· Enter f to sort processes by FDs in descending order. (You can also enter command c, m, or t to sort processes.)

87 processes; 113 threads; 735 fds

Thread states: 1 running, 112 sleeping, 0 stopped, 0 zombie

CPU states: 90.66% idle, 0.88% user, 5.77% kernel, 2.66% interrupt

Memory: 755M total, 414M available, page size 4K

JID PID PRI State FDs MEM HH:MM:SS CPU Name

862 862 120 S 61 5384K 00:00:01 0.00% dbmd

905 905 120 S 35 2464K 00:00:02 0.00% ipbased

863 863 120 S 31 1956K 00:00:00 0.00% had

884 884 120 S 31 30600K 00:00:00 0.00% lsmd

889 889 120 S 29 61592K 00:00:00 0.00% routed

· Enter k and then enter a JID to kill a process. If you enter 884, the process with the JID of 884 is killed.

Enter the JID to kill: 884

84 processes; 107 threads; 683 fds

Thread states: 1 running, 106 sleeping, 0 stopped, 0 zombie

CPU states: 59.03% idle, 1.92% user, 37.88% kernel, 1.15% interrupt

Memory: 755M total, 419M available, page size 4K

JID PID PRI State FDs MEM HH:MM:SS CPU Name

862 862 120 S 56 5384K 00:00:01 0.00% dbmd

905 905 120 S 35 2464K 00:00:02 0.00% ipbased

863 863 120 S 30 1956K 00:00:00 0.00% had

889 889 120 S 29 61592K 00:00:00 0.00% routed

1160 1160 120 S 28 23096K 00:00:01 0.19% sshd

· Enter q to quit interactive mode.

Table 75 Command output

Field	Description
84 processes; 107 threads; 683 fds	Numbers of processes, threads, and open files.
JID	Job ID of a process, which never changes.
PID	ID of a process.
PRI	Priority level of a process.
State	State of a process: · R—Running. · S—Sleeping. · T—Traced or stopped. · D—Uninterruptible sleep. · Z—Zombie.
FDs	Number of open files for a process.
MEM	Memory usage. It displays 0 for a kernel thread.
HH:MM:SS	Running time of a process since last restart.
CPU	CPU usage of a process.
Name	Name of a process. If square brackets ([ ]) exist in a process name, the process is a kernel thread.

monitor thread

Use monitor thread to display thread statistics.

Syntax

Centralized devices in standalone mode:

monitor thread [ dumbtty ] [ iteration number ]

Distributed devices in standalone mode/centralized devices in IRF mode:

monitor thread [ dumbtty ] [ iteration number ] [ slot slot-number [ cpu cpu-number ] ]

Distributed devices in IRF mode:

monitor thread [ dumbtty ] [ iteration number ] [ chassis chassis-number slot slot-number [ cpu cpu-number ] ]

Views

Any view

Predefined user roles

network-admin

Parameters

dumbtty: Specifies dumbtty mode. In this mode, the command displays all thread statistics in descending order of CPU usage without refreshing statistics. If you do not specify the keyword, the command displays statistics for top 10 processes in descending order of CPU usage in an interactive mode, and refreshes statistics every 5 seconds by default.

slot slot-number: Specifies a card by its slot number. If you do not specify this option, the command displays thread statistics for the active MPU. (Distributed devices in standalone mode.)

slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command displays information for the master device. (Centralized devices in IRF mode.)

chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the card. If you do not specify a card, this command displays information for the global active MPU. (Distributed devices in IRF mode.)

cpu cpu-number: Specifies a CPU by its number. (Centralized devices in IRF mode/distributed devices in IRF or standalone mode.)

Usage guidelines

If you do not specify the dumbtty keyword, the command displays thread statistics in an interactive mode. In this mode, the system automatically determines the number of displayed thread processes according to the screen size and does not display exceeding processes. You can also input interactive commands as shown in Table 76 to perform relevant operations.

Table 76 Interactive commands

Commands	Description
? or h	Displays help information that includes available interactive commands.
d	Sets the interval for refreshing statistics. The default interval is 5 seconds.
k	Kills a process. Because the command can impact system operation, be cautious when you use it.
l	Refreshes the screen.
n	Changes the maximum number of threads displayed within a screen, in the range of 0 to 2147483647. The default value is 10. A value of 0 means no limit. Only threads not exceeding the screen size can be displayed.
q	Quits interactive mode.
<	Moves sort field to the next left column.
>	Moves sort field to the next right column.

Examples

# Display thread statistics in dumbtty mode.

<Sysname> monitor thread dumbtty

84 processes; 107 threads

Thread states: 1 running, 106 sleeping, 0 stopped, 0 zombie

CPU states: 83.19% idle, 1.68% user, 10.08% kernel, 5.04% interrupt

Memory: 755M total, 417M available, page size 4K

JID TID LAST_CPU PRI State HH:MM:SS MAX CPU Name

1175 1175 0 120 R 00:00:00 1 10.75% top

1 1 0 120 S 00:00:06 1 2.68% scmd

881 881 0 120 S 00:00:09 1 2.01% diagd

776 776 0 120 S 00:00:01 0 0.67% [DEVD]

866 866 0 120 S 00:00:11 1 0.67% devd

2 2 0 115 S 00:00:00 0 0.00% [kthreadd]

3 3 0 115 S 00:00:01 0 0.00% [ksoftirqd/0]

4 4 0 99 S 00:00:00 1 0.00% [watchdog/0]

5 5 0 115 S 00:00:00 0 0.00% [events/0]

6 6 0 115 S 00:00:00 0 0.00% [khelper]

796 796 0 115 S 00:00:00 0 0.00% [kip6fs/1]

# Display thread statistics in interactive mode.

<Sysname> monitor thread

84 processes; 107 threads

Thread states: 1 running, 106 sleeping, 0 stopped, 0 zombie

CPU states: 94.43% idle, 0.76% user, 3.64% kernel, 1.15% interrupt

Memory: 755M total, 417M available, page size 4K

JID TID LAST_CPU PRI State HH:MM:SS MAX CPU Name

1176 1176 0 120 R 00:00:01 1 3.42% top

866 866 0 120 S 00:00:12 1 0.85% devd

881 881 0 120 S 00:00:09 1 0.64% diagd

1 1 0 120 S 00:00:06 1 0.42% scmd

1160 1160 0 120 S 00:00:01 1 0.21% sshd

2 2 0 115 S 00:00:00 0 0.00% [kthreadd]

3 3 0 115 S 00:00:01 0 0.00% [ksoftirqd/0]

4 4 0 99 S 00:00:00 1 0.00% [watchdog/0]

5 5 0 115 S 00:00:00 0 0.00% [events/0]

6 6 0 115 S 00:00:00 0 0.00% [khelper]

· Enter h or a question mark (?) to display help information as follows:

Help for interactive commands:

?,h Show the available interactive commands

c Sort by the CPU field(default)

d Set the delay interval between screen updates

k Kill a job

l Refresh the screen

n Set the maximum number of threads to display

q Quit the interactive display

t Sort by run time of threads since last restart

< Move sort field to the next left column

> Move sort field to the next right column

Press any key to continue

· Enter d, and then enter a number to modify the refresh interval. If you enter 3, statistics are refreshed every 3 seconds.

Enter the delay interval between screen updates (1~2147483647): 3

· Enter n, and then enter a number to modify the maximum number of displayed threads. If you enter 5, statistics for five threads are displayed.

Enter the max number of threads to display(0 means unlimited): 5

84 processes; 107 threads

Thread states: 1 running, 106 sleeping, 0 stopped, 0 zombie

CPU states: 93.26% idle, 0.99% user, 4.23% kernel, 1.49% interrupt

Memory: 755M total, 417M available, page size 4K

JID TID LAST_CPU PRI State HH:MM:SS MAX CPU Name

1176 1176 0 120 R 00:00:02 1 3.71% top

1 1 0 120 S 00:00:06 1 0.92% scmd

866 866 0 120 S 00:00:13 1 0.69% devd

881 881 0 120 S 00:00:10 1 0.69% diagd

720 720 0 115 D 00:00:01 0 0.23% [TMTH]

· Enter k and then enter a JID to kill a thread. If you enter 881, the thread with the JID of 881 is killed.

Enter the JID to kill: 881

83 processes; 106 threads

Thread states: 1 running, 105 sleeping, 0 stopped, 0 zombie

CPU states: 96.26% idle, 0.54% user, 2.63% kernel, 0.54% interrupt

Memory: 755M total, 418M available, page size 4K

JID TID LAST_CPU PRI State HH:MM:SS MAX CPU Name

1176 1176 0 120 R 00:00:04 1 1.86% top

866 866 0 120 S 00:00:14 1 0.87% devd

1 1 0 120 S 00:00:07 1 0.49% scmd

730 730 0 0 S 00:00:04 1 0.12% [DIBC]

762 762 0 120 S 00:00:22 1 0.12% [MNET]

· Enter q to quit interactive mode.

Table 77 Command output

Field	Description
84 processes; 107 threads	Numbers of processes and threads.
JID	Job ID of a thread, which never changes.
TID	ID of a thread.
LAST_CPU	Number of the CPU on which the latest thread scheduling occurs.
PRI	Priority level of a thread.
State	State of a thread: · R—Running. · S—Sleeping. · T—Traced or stopped. · D—Uninterruptible sleep. · Z—Zombie.
HH:MM:SS	Running time of a thread since last restart.
MAX	Longest time that a single thread scheduling occupies the CPU, in milliseconds.
CPU	CPU usage of a thread.
Name	Name of a thread. If square brackets ([ ]) exist in a thread name, the thread is a kernel thread.

process core

Use process core to enable or disable a process to generate core files for exceptions and set the maximum number of core files.

Syntax

Centralized devices in standalone mode:

process core { maxcore value | off } { job job-id | name process-name }

Distributed devices in standalone mode/centralized devices in IRF mode:

process core { maxcore value | off } { job job-id | name process-name } [ slot slot-number [ cpu cpu-number ] ]

Distributed devices in IRF mode:

process core { maxcore value | off } { job job-id | name process-name } [ chassis chassis-number slot slot-number [ cpu cpu-number ] ]

Views

User view

Default

A process generates a core file for the first exception and does not generate any core files for subsequent exceptions.

Predefined user roles

network-admin

Parameters

off: Disables core file generation.

maxcore value: Enables core file generation and sets the maximum number of core files, in the range of 1 to 10.

name process-name: Specifies a process by its name, a case-insensitive string of 1 to 15 characters.

job job-id: Specifies a process by its job ID, in the range of 1 to 2147483647. The job ID does not change after the process restarts.

slot slot-number: Specifies a card by its slot number. If you do not specify this option, the command enables or disables core file generation for a process and sets the maximum number of core files on the active MPU. (Distributed devices in standalone mode.)

slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command displays information for the master device. (Centralized devices in IRF mode.)

chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the card. If you do not specify a card, this command displays information for the global active MPU. (Distributed devices in IRF mode.)

cpu cpu-number: Specifies a CPU by its number. (Centralized devices in IRF mode/distributed devices in IRF or standalone mode.)

Usage guidelines

The command applies to all instances of a process.

The command enables the system to generate a core file each time the specified process crashes until the maximum number of core files is reached. A core file records the exception information.

Because the core files consume system storage resources, you can disable core file generation for processes for which you do not need to review exception information.

Examples

# Disable core file generation for process routed.

<Sysname> process core off name routed

# Enable core file generation for process routed and set the maximum number of core files to 5.

<Sysname> process core maxcore 5 name routed

Related commands

display exception context

exception filepath

reset exception context

Use reset exception context to clear context information for process exceptions.

Syntax

Centralized devices in standalone mode:

reset exception context

Distributed devices in standalone mode/centralized devices in IRF mode:

reset exception context [ slot slot-number [ cpu cpu-number ] ]

Distributed devices in IRF mode:

reset exception context [ chassis chassis-number slot slot-number [ cpu cpu-number ] ]

Views

User view

Predefined user roles

network-admin

Parameters

slot slot-number: Specifies an MPU by its slot number. If you do not specify this option, the command clears context information for process exceptions on the active MPU. (Distributed devices in standalone mode.)

slot slot-number: Specifies an IRF member device by its ID. If you do not specify this option, the command clears context information for process exceptions on the IRF master device. (Centralized devices in IRF mode.)

chassis chassis-number slot slot-number: Specifies an MPU on an IRF member device. If you do not specify this option, the command clears context information for process exceptions on the global active MPU. (Distributed devices in IRF mode.)

cpu cpu-number: Specifies a CPU by its number. (Centralized devices in IRF mode/distributed devices in IRF or standalone mode.)

Examples

# Clear context information for exceptions.

<Sysname> reset exception context

Related commands

display exception context

reset kernel deadloop

Use reset kernel deadloop to clear kernel thread deadloop information.

Syntax

Centralized devices in standalone mode:

reset kernel deadloop

Distributed devices in standalone mode/centralized devices in IRF mode:

reset kernel deadloop [ slot slot-number [ cpu cpu-number ] ]

Distributed devices in IRF mode:

reset kernel deadloop [ chassis chassis-number slot slot-number [ cpu cpu-number ] ]

Views

User view

Predefined user roles

network-admin

Parameters

slot slot-number: Specifies an MPU by its slot number. If you do not specify this option, the command clears kernel thread deadloop information for the active MPU. (Distributed devices in standalone mode.)

slot slot-number: Specifies an IRF member device by its ID. If you do not specify this option, the command clears kernel thread deadloop information for the master device. (Centralized devices in IRF mode.)

chassis chassis-number slot slot-number: Specifies an MPU on an IRF member device. If you do not specify this option, the command clears kernel thread deadloop information for the global active MPU. (Distributed devices in IRF mode.)

cpu cpu-number: Specifies a CPU by its number. (Centralized devices in IRF mode/distributed devices in IRF or standalone mode.)

Examples

# Clear kernel thread deadloop information.

<Sysname> reset kernel deadloop

Related commands

display kernel deadloop

reset kernel exception

Use reset kernel exception to clear kernel thread exception information.

Syntax

Centralized devices in standalone mode:

reset kernel exception

Distributed devices in standalone mode/centralized devices in IRF mode:

reset kernel exception [ slot slot-number [ cpu cpu-number ] ]

Distributed devices in IRF mode:

reset kernel exception [ chassis chassis-number slot slot-number [ cpu cpu-number ] ]

Views

User view

Predefined user roles

network-admin

Parameters

slot slot-number: Specifies an MPU by its slot number. If you do not specify this option, the command clears kernel thread exception information for the active MPU. (Distributed devices in standalone mode.)

slot slot-number: Specifies an IRF member device by its ID. If you do not specify this option, the command clears kernel thread exception information for the master device. (Centralized devices in IRF mode.)

chassis chassis-number slot slot-number: Specifies an MPU on an IRF member device. If you do not specify this option, the command clears kernel thread exception information for the global active MPU. (Distributed devices in IRF mode.)

cpu cpu-number: Specifies a CPU by its number. (Centralized devices in IRF mode/distributed devices in IRF or standalone mode.)

Examples

# Clear kernel thread exception information.

<Sysname> reset kernel exception

Related commands

display kernel exception

third-part-process start

Use third-part-process start to start a third-party process.

Syntax

third-part-process start name process-name [ arg args ]

Views

System view

Predefined user roles

network-admin

Parameters

name process-name: Specifies the name of a third-party process.

arg args: Specifies the arguments used when the third-party process is started. The value and format of the arguments must conform to the rules of the third party process. If you do not specify this option, the command starts a third-party process without any arguments.

Usage guidelines

The following matrix shows the command and hardware compatibility:

Hardware	Command compatibility
MSR810/810-W/810-W-DB/810-LM/810-W-LM/810-10-PoE/810-LM-HK/810-W-LM-HK	Yes
MSR810-LMS/810-LUS	No
MSR2600-6-X1/2600-10-X1	No
MSR 2630	No
MSR3600-28/3600-51	No
MSR3600-28-SI/3600-51-SI	No
MSR3610-X1/3610-X1-DP/3610-X1-DC/3610-X1-DP-DC	No
MSR 3610/3620/3620-DP/3640/3660	No
MSR5620/5660/5680	No

Hardware	Command compatibility
MSR810-LM-GL	Yes
MSR810-W-LM-GL	Yes
MSR830-6EI-GL	Yes
MSR830-10EI-GL	Yes
MSR830-6HI-GL	Yes
MSR830-10HI-GL	Yes
MSR2600-6-X1-GL	No
MSR3600-28-SI-GL	No

Third-party processes are not automatically started at system startup.

Examples

# Start third-party process wifidog.

<Sysname> system-view

[Sysname] third-part-process start name wifidog

Related commands

third-part-process stop

Use third-part-process stop to stop a third-party process.

Syntax

third-part-process stop pid pid&<1-10>

Views

System view

Predefined user roles

network-admin

Parameters

pid&<1-10>: Specifies a space-separated list of up to 10 third-party processes that have been started.

Usage guidelines

The following matrix shows the command and hardware compatibility:

Hardware	Command compatibility
MSR810/810-W/810-W-DB/810-LM/810-W-LM/810-10-PoE/810-LM-HK/810-W-LM-HK	Yes
MSR810-LMS/810-LUS	No
MSR2600-6-X1/2600-10-X1	No
MSR 2630	No
MSR3600-28/3600-51	No
MSR3600-28-SI/3600-51-SI	No
MSR3610-X1/3610-X1-DP/3610-X1-DC/3610-X1-DP-DC	No
MSR 3610/3620/3620-DP/3640/3660	No
MSR5620/5660/5680	No

Hardware	Command compatibility
MSR810-LM-GL	Yes
MSR810-W-LM-GL	Yes
MSR830-6EI-GL	Yes
MSR830-10EI-GL	Yes
MSR830-6HI-GL	Yes
MSR830-10HI-GL	Yes
MSR2600-6-X1-GL	No
MSR3600-28-SI-GL	No

This command can be used to stop only processes started by the third-part-process start command. To display the IDs of third-party processes, use the display process all command. "Y" in the THIRD field from the output indicates the third-party process and the PID field indicates the ID of the process.

Examples

# Stop third party process wifidog.

<Sysname> display process all

JID PID %CPU %MEM STAT PRI THIRD TTY HH:MM:SS COMMAND

1 1 0.0 0.0 S 120 N - 00:00:04 scmd

2 2 0.0 0.0 S 115 N - 00:00:00 [kthreadd]

3 3 0.0 0.0 S 99 N - 00:00:00 [migration/0]

4 4 0.0 0.0 S 115 N - 00:00:05 [ksoftirqd/0]

5 5 0.0 0.0 S 99 N - 00:00:00 [watchdog/0]

6 6 0.0 0.0 S 115 N - 00:00:00 [events/0]

7 7 0.0 0.0 S 115 N - 00:00:00 [khelper]

8 8 0.0 0.0 S 115 N - 00:00:00 [kblockd/0]

9 9 0.0 0.0 S 115 N - 00:00:00 [ata/0]

10 10 0.0 0.0 S 115 N - 00:00:00 [ata_aux]

11 11 0.0 0.0 S 115 N - 00:00:00 [kseriod]

12 12 0.0 0.0 S 120 N - 00:00:00 [vzmond]

13 13 0.0 0.0 S 120 N - 00:00:00 [pdflush]

14 14 0.0 0.0 S 120 N - 00:00:00 [pdflush]

15 15 0.0 0.0 S 115 N - 00:00:00 [kswapd0]

16 16 0.0 0.0 S 115 N - 00:00:00 [aio/0]

17 17 0.0 0.0 S 115 N - 00:00:00 [scsi_eh_0]

18 18 0.0 0.0 S 115 N - 00:00:00 [scsi_eh_1]

19 19 0.0 0.0 S 115 N - 00:00:00 [scsi_eh_2]

20 35 0.0 0.0 D 100 Y - 00:00:00 wifidog

---- More ----

<Sysname> system-view

[Sysname] third-part-process stop pid 35

Related commands

display process all

third-part-process start

Sampler commands

The following matrix shows the feature and hardware compatibility:

Hardware	Sampler compatibility
MSR810/810-W/810-W-DB/810-LM/810-W-LM/810-10-PoE/810-LM-HK/810-W-LM-HK	Yes
MSR810-LMS/810-LUS	No
MSR2600-6-X1/2600-10-X1	Yes
MSR 2630	Yes
MSR3600-28/3600-51	Yes
MSR3600-28-SI/3600-51-SI	Yes
MSR3610-X1/3610-X1-DP/3610-X1-DC/3610-X1-DP-DC	Yes
MSR 3610/3620/3620-DP/3640/3660	Yes
MSR5620/5660/5680	Yes

Hardware	Sampler compatibility
MSR810-LM-GL	Yes
MSR810-W-LM-GL	Yes
MSR830-6EI-GL	Yes
MSR830-10EI-GL	Yes
MSR830-6HI-GL	Yes
MSR830-10HI-GL	Yes
MSR2600-6-X1-GL	Yes
MSR3600-28-SI-GL	Yes

Commands and descriptions for centralized devices apply to the following routers:

· MSR810/810-W/810-W-DB/810-LM/810-W-LM/810-10-PoE/810-LM-HK/810-W-LM-HK/810-LMS/810-LUS.

· MSR2600-6-X1/2600-10-X1.

· MSR 2630.

· MSR3600-28/3600-51.

· MSR3600-28-SI/3600-51-SI.

· MSR3610-X1/3610-X1-DP/3610-X1-DC/3610-X1-DP-DC.

· MSR 3610/3620/3620-DP/3640/3660.

· MSR810-LM-GL/810-W-LM-GL/830-6EI-GL/830-10EI-GL/830-6HI-GL/830-10HI-GL/2600-6-X1-GL/3600-28-SI-GL.

Commands and descriptions for distributed devices apply to the following routers:

· MSR5620.

· MSR 5660.

· MSR 5680.

display sampler

Use display sampler to display configuration information for a sampler.

Syntax

Centralized devices in standalone mode:

display sampler [ sampler-name ]

Distributed devices in standalone mode/centralized devices in IRF mode:

display sampler [ sampler-name ] [ slot slot-number ]

Distributed devices in IRF mode:

display sampler [ sampler-name ] [ chassis chassis-number slot slot-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

sampler-name: Specifies a sampler by its name, a case-insensitive string of 1 to 31 characters. If you do not specify a sampler, this command displays configuration information for all samplers.

slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays sampler configuration information for the active MPU. (Distributed devices in standalone mode.)

slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command displays sampler configuration information for the master device. (Centralized devices in IRF mode.)

chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the card. If you do not specify a card, this command displays sampler configuration information for the global active MPU. (Distributed devices in IRF mode.)

Examples

# Display the configuration information about sampler 256.

<Sysname> display sampler 256

Sampler name: 256

Mode: Fixed; Packet-interval: 8; IsNpower: Y

# (Distributed devices in standalone mode.) Display the configuration information about sampler 256 for card 1.

<Sysname> display sampler 256 slot 1

Sampler name: 256

Mode: Fixed; Packet-interval: 8; IsNpower: Y

# (Distributed devices in IRF mode.) Display the configuration information about sampler 256 for card 1 on IRF member device 1.

<Sysname> display sampler 256 chassis 1 slot 1

Sampler name: 256

Mode: Fixed; Packet-interval: 8; IsNpower: Y

Table 78 Command output

Field	Description
Sampler name	Name of the sampler.
Mode	Sampling mode, including fixed mode and random mode.
Packet-interval	Sampling rate.
IsNpower	Whether the sampling rate is 2 to the nth power: · Y—Yes. · N—No.

sampler

Use sampler to create a sampler.

Use undo sampler to delete a sampler.

Syntax

sampler sampler-name mode { fixed | random } packet-interval [ n-power ] rate

undo sampler sampler-name

Default

No samplers exist.

Views

System view

Predefined user roles

network-admin

Parameters

sampler-name: Specifies a sampler by its name, a case-insensitive string of 1 to 31 characters.

fixed: Specifies the fixed sampling mode. A sampler in this mode selects the first packet per sampling.

random: Specifies the random sampling mode. A sampler in this mode randomly selects a packet out of a group of packets. Which packet is selected for each sampling varies.

rate: Specifies the sampling rate. The value range for this argument is 1 to 65536.

n-power: Specifies the sampling rate. If n-power is not specified, the sampling rate is the value of the rate argument. For example, if the rate argument is set to 100, one packet is selected from 100 packets in each sampling. The value range is 1 to 65536. If n-power is not specified, the sampling rate is 2 to the nth power, where n is value of the rate argument. The value range is 1 to 16. For example, if the rate argument is set to 8, one packet is selected from 256 (2 to the 8th power) packets in each sampling.

Usage guidelines

This command takes effect on all cards. (Distributed devices in IRF or standalone mode.)

Examples

# Create sampler abc in fixed sampling mode. Set the sampling rate to 8.

<Sysname> system-view

[Sysname] sampler abc mode fixed packet-interval 8

Port mirroring commands

The following matrix shows the feature and hardware compatibility:

Hardware	Port mirroring compatibility
MSR810/810-W/810-W-DB/810-LM/810-W-LM/810-10-PoE/810-LM-HK/810-W-LM-HK	Yes
MSR810-LMS/810-LUS	No
MSR2600-6-X1/2600-10-X1	Yes
MSR 2630	Yes
MSR3600-28/3600-51	Yes
MSR3600-28-SI/3600-51-SI	Yes
MSR3610-X1/3610-X1-DP/3610-X1-DC/3610-X1-DP-DC	Yes
MSR 3610/3620/3620-DP/3640/3660	Yes
MSR5620/5660/5680	Yes

display mirroring-group

Use display mirroring-group to display mirroring group information.

Syntax

display mirroring-group { group-id | all | local }

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

group-id: Specifies a mirroring group by its ID in the range of 1 to 6.

all: Specifies all mirroring groups.

local: Specifies local mirroring groups.

Usage guidelines

Mirroring group information includes the type, status, and content of a mirroring group. It is sorted by mirroring group number.

Examples

# Display information about all mirroring groups.

<Sysname> display mirroring-group all

Mirroring group 1:

Type: Local

Status: Active

Mirroring port:

GigabitEthernet1/0/1 Inbound

Monitor port: GigabitEthernet1/0/2

Mirroring group 3:

Type: Local

Status: Active

Mirroring port:

GigabitEthernet1/0/5 Inbound

GigabitEthernet1/0/6 Both

Monitor port: GigabitEthernet1/0/7

Table 79 Command output

Field	Description
Mirroring group	Number of the mirroring group.
Type	Type of the mirroring group: Local.
Status	Status of the mirroring group: · Active—The mirroring group has taken effect. · Incomplete—The mirroring group configuration is not complete and does not take effect.
Mirroring port	Source port.
Monitor port	Destination port.

mirroring-group

Use mirroring-group to create a mirroring group.

Use undo mirroring-group to delete mirroring groups.

Syntax

mirroring-group group-id local

undo mirroring-group { group-id | all | local }

Default

No mirroring groups exist.

Views

System view

Predefined user roles

network-admin

Parameters

group-id: Specifies a mirroring group ID in the range of 1 to 6.

local: Specifies local mirroring groups.

all: Specifies all mirroring groups.

Examples

# Create local mirroring group 1.

<Sysname> system-view

[Sysname] mirroring-group 1 local

mirroring-group mirroring-port (interface view)

Use mirroring-group mirroring-port to configure a port as a source port for a mirroring group.

Use undo mirroring-group mirroring-port to restore the default.

Syntax

mirroring-group group-id mirroring-port { both | inbound | outbound }

undo mirroring-group group-id mirroring-port

Default

A port does not act as a source port for any mirroring groups.

Views

Interface view

Predefined user roles

network-admin

Parameters

group-id: Specifies an existing mirroring group by its ID in the range of 1 to 6.

both: Mirrors both received and sent packets.

inbound: Mirrors only received packets.

outbound: Mirrors only sent packets.

Usage guidelines

You can configure source ports only for local mirroring groups.

A port can act as a source port for only one mirroring group.

A source port cannot be configured as a egress port or a monitor port.

Examples

# Create local mirroring group 1 to monitor the bidirectional traffic of GigabitEthernet 1/0/1.

<Sysname> system-view

[Sysname] mirroring-group 1 local

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] mirroring-group 1 mirroring-port both

Related commands

mirroring-group

mirroring-group mirroring-port (system view)

Use mirroring-group mirroring-port to configure source ports for a mirroring group.

Use undo mirroring-group mirroring-port to remove source ports from a mirroring group.

Syntax

mirroring-group group-id mirroring-port interface-list { both | inbound | outbound }

undo mirroring-group group-id mirroring-port interface-list

Default

No source port is configured for a mirroring group.

Views

System view

Predefined user roles

network-admin

Parameters

group-id: Specifies an existing mirroring group by its ID in the range of 1 to 6.

interface-list: Specifies a space-separated list of up to eight port items. Each item specifies a single port or a port range in the form of interface-type interface-number1 to interface-type interface-number2. The specified ports must be of the same type and on the same card. The value for the interface-number2 argument must be equal to or greater than the value for the interface-number1 argument.

both: Mirrors both received and sent packets.

inbound: Mirrors only received packets.

outbound: Mirrors only sent packets.

Usage guidelines

You can configure source ports only for local mirroring groups.

A port can act as a source port for only one mirroring group.

A source port cannot be configured as a egress port or a monitor port.

Examples

# Create local mirroring group 1 to monitor the bidirectional traffic of GigabitEthernet 1/0/1.

<Sysname> system-view

[Sysname] mirroring-group 1 local

[Sysname] mirroring-group 1 mirroring-port gigabitethernet 1/0/1 both

Related commands

mirroring-group

mirroring-group monitor-port (interface view)

Use mirroring-group monitor-port to configure a port as a monitor port for a mirroring group.

Use undo mirroring-group monitor-port to restore the default.

Syntax

mirroring-group group-id monitor-port

undo mirroring-group group-id monitor-port

Default

A port does not act as a monitor port for any mirroring groups.

Views

Interface view

Predefined user roles

network-admin

Parameters

group-id: Specifies an existing mirroring group by its ID in the range of 1 to 6.

Usage guidelines

You can configure monitor ports only for local mirroring groups.

Use a monitor port only for port mirroring, so the data monitoring device receives and analyzes only the mirrored traffic.

Do not configure a port of an existing mirroring group as a monitor port.

Examples

# Create local mirroring group 1 and configure GigabitEthernet 1/0/1 as its monitor port.

<Sysname> system-view

[Sysname] mirroring-group 1 local

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] mirroring-group 1 monitor-port

Related commands

mirroring-group

mirroring-group monitor-port (system view)

Use mirroring-group monitor-port to configure the monitor ports for a mirroring group.

Use undo mirroring-group monitor-port to remove the monitor ports from a mirroring group.

Syntax

mirroring-group group-id monitor-port interface-type interface-number

undo mirroring-group group-id monitor-port interface-type interface-number

Default

No monitor port is configured for a mirroring group.

Views

System view

Predefined user roles

network-admin

Parameters

group-id: Specifies an existing mirroring group by its ID in the range of 1 to 6.

interface-type interface-number: Specifies an interface by its type and number.

Usage guidelines

You can configure monitor ports only for local mirroring groups.

Use a monitor port only for port mirroring, so the data monitoring device receives only the mirrored traffic.

Do not configure a port of an existing mirroring group as a monitor port.

Examples

# Create local mirroring group 1 and configure GigabitEthernet 1/0/1 as its monitor port.

<Sysname> system-view

[Sysname] mirroring-group 1 local

[Sysname] mirroring-group 1 monitor-port gigabitethernet 1/0/1

Related commands

mirroring-group

Flow mirroring commands

The following matrix shows the feature and hardware compatibility:

Hardware	Flow mirroring compatibility
MSR810/810-W/810-W-DB/810-LM/810-W-LM/810-10-PoE/810-LM-HK/810-W-LM-HK	Yes
MSR810-LMS/810-LUS	No
MSR2600-6-X1/2600-10-X1	Yes
MSR 2630	Yes
MSR3600-28/3600-51	Yes
MSR3600-28-SI/3600-51-SI	Yes
MSR3610-X1/3610-X1-DP/3610-X1-DC/3610-X1-DP-DC	Yes
MSR 3610/3620/3620-DP/3640/3660	Yes
MSR5620/5660/5680	Yes

mirror-to

Use mirror-to to configure a mirroring action for a traffic behavior.

Use undo mirror-to to delete a mirroring action.

Syntax

mirror-to interface interface-type interface-number

undo mirror-to interface interface-type interface-number

Default

No mirroring action is configured for a traffic behavior.

Views

Traffic behavior view

Predefined user roles

network-admin

Parameters

interface interface-type interface-number: Specifies an interface by its type and number.

Examples

# Create traffic behavior 1 and configure the action of mirroring traffic to GigabitEthernet 1/0/1 for the traffic behavior.

<Sysname> system-view

[Sysname] traffic behavior 1

[Sysname-behavior-1] mirror-to interface gigabitethernet 1/0/1

NetStream configuration commands

Commands and descriptions for centralized devices apply to the following routers:

· MSR810.

· MSR810-W.

· MSR810-W-DB.

· MSR810-LM.

· MSR810-W-LM.

· MSR810-10-PoE.

· MSR810-LM-HK.

· MSR810-W-LM-HK.

· MSR2600-6-X1/2600-10-X1.

· MSR 2630.

· MSR 3610.

· MSR3610-X1.

· MSR3610-X1-DP.

· MSR3610-X1-DC.

· MSR3610-X1-DP-DC.

· MSR 3620.

· MSR 3620-DP.

· MSR 3640.

· MSR 3660.

· MSR3600-28.

· MSR3600-51.

· MSR810-LM-GL/810-W-LM-GL/830-6EI-GL/830-10EI-GL/830-6HI-GL/830-10HI-GL/2600-6-X1-GL/3600-28-SI-GL.

Commands and descriptions for distributed devices apply to the following routers:

· MSR5620.

· MSR 5660.

· MSR 5680.

display ip netstream cache

Use display ip netstream cache to display NetStream entry information.

Syntax

Centralized devices in standalone mode:

display ip netstream cache [ verbose ] [ type { ip | ipl2 | l2 | mpls [ label-position1 label-value1 [ label-position2 label-value2 [ label-position3 label-value3 ] ] ] } ] [ destination destination-ip | destination-port destination-port | interface interface-type interface-number | protocol protocol | source source-ip | source-port source-port ] * [ arrived-time start-date start-time end-date end-time ]

Distributed devices in standalone mode/centralized devices in IRF mode:

Distributed devices in IRF mode:

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

verbose: Displays detailed information about NetStream entries.

type: Specifies the NetStream entry type. If you do not specify this keyword, this commands displays information about all types of NetStream entries.

ip: Specifies Layer 3 NetStream entries.

ipl2: Specifies Layer 2 and Layer 3 NetStream entries.

l2: Specifies Layer 2 NetStream entries.

mpls: Specifies MPLS NetStream entries.

label-position1 label-value1: Specifies a label by its position and value. The value range for the label-position1 argument is 1 to 6. The value range for the label-value1 argument is 0 to 1048575.

label-position2 label-value2: Specifies a label by its position and value. The value range for the label-position2 argument is 1 to 6. The value range for the label-value2 argument is 0 to 1048575.

label-position3 label-value3: Specifies a label by its position and value. The value range for the label-position3 argument is 1 to 6. The value range for the label-value3 argument is 0 to 1048575.

destination destination-ip: Specifies a destination IP address in dotted-decimal notation. If you specify this option, this command does not display Layer 2 NetStream entries.

destination-port destination-port: Specifies a destination port number in the range of 0 to 65535. If you specify this option, this command does not display Layer 2 NetStream entries.

interface interface-type interface-number: Specifies an interface by its type and number.

protocol protocol: Specifies a protocol by its number in the range of 0 to 255 or by its name such as GRE, OSPF, TCP, or UDP. If you specify this option, this command does not display Layer 2 NetStream entries.

source source-ip: Specifies a source IP address in dotted-decimal notation. If you specify this option, this command does not display Layer 2 NetStream entries.

source-port source-port: Specifies a source port number in the range of 0 to 65535. If you specify this option, this command does not display Layer 2 NetStream entries.

arrived-time: Specifies an arrived time range to display NetStream entries. If you do not specify this keyword, the arrived time is not used as a criterion for filtering the NetStream entries to be displayed.

start-date: Specifies the start date in the format of MM/DD/YYYY or YYYY/MM/DD, where MM is in the range of 1 to 12 and YYYY is in the range of 2000 to 2035. The value range for DD varies by the value of MM.

start-time: Specifies the start time in the format of HH:MM:SS, where HH is in the range of 0 to 23, MM and SS are in the range of 0 to 59. The SS element can be omitted if its value is 00. Both the SS and MM elements can be omitted if their values are 0. For example, the start time of 0 indicates 00:00:00.

end-date: Specifies the end date in the format of MM/DD/YYYY or YYYY/MM/DD, where MM is in the range of 1 to 12 and YYYY is in the range of 2000 to 2035. The value range for DD varies by the value of MM.

end-time: Specifies the end time in the format of HH:MM:SS, where HH is in the range of 0 to 23, MM and SS are in the range of 0 to 59. The SS element can be omitted if its value is 00. Both the SS and MM elements can be omitted if their values are 0. For example, the end time of 0 indicates 00:00:00.

slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays information about NetStream entries for all cards. (Distributed devices in standalone mode.)

slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command displays information about NetStream entries for all member devices. (Centralized devices in IRF mode.)

chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the card. If you do not specify a card, this command displays information about NetStream entries for all cards. (Distributed devices in IRF mode.)

Examples

# Display information about NetStream entries with a protocol number of 17.

<Sysname> display ip netstream cache protocol 17

Type DstIP(Port) SrcIP(Port) Pro ToS VNI APPID If(Direct) Pkts

DstMAC(VLAN) SrcMAC(VLAN)

TopLblType(IP/Mask) Lbl-Exp-S-List

--------------------------------------------------------------------------

IP 11.1.1.1(1024) 11.1.1.2(21) 17 128 10 0xe GE1/0/1(I) 42996

# Display information about NetStream entries arrived at the NetStream cache between 14:19:03 and 14:23:03 on July 28, 2017.

<Sysname> display ip netstream cache arrived-time 7/28/2017 14:19:03 7/28/2017 14:23:03

Type DstIP(Port) SrcIP(Port) Pro ToS VNI If(Direct) Pkts

DstMAC(VLAN) SrcMAC(VLAN)

TopLblType(IP/Mask) Lbl-Exp-S-List

IP 11.1.1.1(1024) 11.1.1.2(21) 6 128 10 GE1/0/1(I) 1253

First packet arrived: 7/28/2017, 14:20:03

Last packet arrived: 7/28/2017, 14:21:03

L2 0012-3f86-e94c(10) 0012-3f86-e86a(0) GE1/0/1(I) 1253

First packet arrived: 7/28/2017, 14:20:00

Last packet arrived: 7/28/2017, 14:21:03

MPLS LDP(3.3.3.3/24) 1:18-6-0 GE1/0/2(O) 291

2:24-6-0

3:30-6-1

First packet arrived: 7/28/2017, 14:20:01

Last packet arrived: 7/28/2017, 14:21:03

IP& 192.168.123.1(2048) 192.168.1.1(0) 1 0 N/A GE1/0/2(O) 10

L2 0012-3f86-e95d(0) 0012-3f86-e116(1008)

First packet arrived: 7/28/2017, 14:20:04

Last packet arrived: 7/28/2017, 14:21:03

IP& 172.16.1.1(68) 172.16.2.1(67) 17 64 N/A GE1/0/3(I) 1848

MPLS LDP(4.4.4.4/24) 1:55-6-0

2:16-6-1

First packet arrived: 7/28/2017, 14:20:03

Last packet arrived: 7/28/2017, 14:23:03

# (Centralized devices in standalone mode.) Display detailed information about NetStream entries.

<Sysname> display ip netstream cache verbose

IP NetStream cache information:

Active flow timeout : 60 min

Inactive flow timeout : 10 sec

Max number of entries : 1000

IP active flow entries : 1

MPLS active flow entries : 2

L2 active flow entries : 1

IPL2 active flow entries : 1

IP flow entries counted : 10

MPLS flow entries counted : 20

L2 flow entries counted : 10

IPL2 flow entries counted : 20

Last statistics resetting time : 01/01/2000 at 00:01:02

IP packet size distribution (1103746 packets in total):

1-32 64 96 128 160 192 224 256 288 320 352 384 416 448 480

.249 .694 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000

512 544 576 1024 1536 2048 2560 3072 3584 4096 4608 >4608

.000 .000 .027 .000 .027 .000 .000 .000 .000 .000 .000 .000

Protocol Total Packets Flows Packets Active(sec) Idle(sec)

Flows /sec /sec /flow /flow /flow

--------------------------------------------------------------------------

TCP-Telnet 2656855 372 4 86 49 27

TCP-FTP 5900082 86 9 9 11 33

TCP-FTPD 3200453 1006 5 193 45 33

TCP-WWW 546778274 11170 887 12 8 32

TCP-other 49148540 3752 79 47 30 32

UDP-DNS 117240379 570 190 3 7 34

UDP-other 45502422 2272 73 30 8 37

ICMP 14837957 125 24 5 12 34

IP-other 77406 5 0 47 52 27

Type DstIP(Port) SrcIP(Port) Pro ToS VNI APPID If(Direct) Pkts

DstMAC(VLAN) SrcMAC(VLAN)

TopLblType(IP/Mask) Lbl-Exp-S-List

--------------------------------------------------------------------------

IP 11.1.1.1(1024) 11.1.1.2(21) 6 128 10 0xe ET1/1(I) 42996

TCPFlag: 27

DstMask: 24 SrcMask: 24 NextHop: 0.0.0.0

DstAS: 0 SrcAS: 0 BGPNextHop: 0.0.0.0

InVRF: mvpn

SamplerMode: Random SamplerInt: 256

Active: 120.600 Bytes/Pkt: 152

First packet arrived: 7/28/2017, 14:10:03

Last packet arrived: 7/28/2017, 14:21:03

L2 0012-3f86-e94c(10) 0012-3f86-e86a(0) GE1/4/1(I) 1253

SamplerMode: Fixed SamplerInt: 64

Active: 5.510 Bytes/Pkt: 210

First packet arrived: 7/28/2017, 14:10:00

Last packet arrived: 7/28/2017, 14:21:03

MPLS LDP(3.3.3.3/24) 1:18-6-0 GE1/0/2(O) 291

2:24-6-0

3:30-6-1

SamplerMode: N/A SamplerInt: 0

Active: 660.084 Bytes/Pkt: 100

First packet arrived: 7/28/2017, 14:10:01

Last packet arrived: 7/28/2017, 14:21:03

IP& 192.168.123.1(2- 192.168.1.1(0) 1 0 N/A 0x0 GE1/0/2(O) 10

48)

L2 0012-3f86-e95d(0) 0012-3f86-e116(1008)

TCPFlag: 27

DstMask: 24 SrcMask: 24 NextHop: 192.168.1.2

DstAS: 0 SrcAS: 0 BGPNextHop: 0.0.0.0

OutVRF: vpn1 TCPFlag: 0

SamplerMode: N/A SamplerInt: 0

Active: 12.030 Bytes/Pkt: 86

First packet arrived: 7/28/2017, 14:10:04

Last packet arrived: 7/28/2017, 14:21:03

IP& 172.16.1.1(68) 172.16.2.1(67) 17 64 N/A 0x0 GE1/0/3(I) 1848

MPLS LDP(4.4.4.4/24) 1:55-6-0

2:16-6-1

TCPFlag: 0

DstMask: 24 SrcMask: 24 NextHop: 172.16.2.10

DstAS: 0 SrcAS: 0 BGPNextHop: 0.0.0.0

InVRF: vpn1

SamplerMode: N/A SamplerInt: 0

Active: 382.542 Bytes/Pkt: 1426

First packet arrived: 7/28/2017, 14:12:03

Last packet arrived: 7/28/2017, 14:23:03

# (Distributed devices in standalone mode.) Display detailed information about NetStream entries for the card in slot 1.

<Sysname> display ip netstream cache verbose slot 1

IP NetStream information:

Active flow timeout : 60 min

Inactive flow timeout : 10 sec

Max number of entries : 1000

IP active flow entries : 1

MPLS active flow entries : 2

L2 active flow entries : 1

IPL2 active flow entries : 1

IP flow entries counted : 10

MPLS flow entries counted : 20

L2 flow entries counted : 10

IPL2 flow entries counted : 20

Last statistics resetting time : 01/01/2012 at 00:01:02

IP packet size distribution (1103746 packets in total):

1-32 64 96 128 160 192 224 256 288 320 352 384 416 448 480

.249 .694 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000

512 544 576 1024 1536 2048 2560 3072 3584 4096 4608 >4608

.000 .000 .027 .000 .027 .000 .000 .000 .000 .000 .000 .000

Protocol Total Packets Flows Packets Active(sec) Idle(sec)

Flows /sec /sec /flow /flow /flow

--------------------------------------------------------------------------

TCP-Telnet 2656855 372 4 86 49 27

TCP-FTP 5900082 86 9 9 11 33

TCP-FTPD 3200453 1006 5 193 45 33

TCP-WWW 546778274 11170 887 12 8 32

TCP-other 49148540 3752 79 47 30 32

UDP-DNS 117240379 570 190 3 7 34

UDP-other 45502422 2272 73 30 8 37

ICMP 14837957 125 24 5 12 34

IP-other 77406 5 0 47 52 27

Type DstIP(Port) SrcIP(Port) Pro ToS VNI APPID If(Direct) Pkts

DstMAC(VLAN) SrcMAC(VLAN)

TopLblType(IP/Mask) Lbl-Exp-S-List

--------------------------------------------------------------------------

IP 11.1.1.1(1024) 11.1.1.2(21) 6 128 N/A 0x0 ET1/1(I) 42996

TCPFlag: 27

DstMask: 24 SrcMask: 24 NextHop: 0.0.0.0

DstAS: 0 SrcAS: 0 BGPNexthop: 0.0.0.0

InVRF: mvpn

SamplerMode: Random SamplerInt: 256

Active: 120.600 Bytes/Pkt: 152

First packet arrived: 7/28/2017, 14:12:03

Last packet arrived: 7/28/2017, 14:23:03

L2 0012-3f86-e94c(10) 0012-3f86-e86a(0) GE1/4/1(I) 1253

SamplerMode: Fixed SamplerInt: 64

Active: 5.510 Bytes/Pkt: 210

First packet arrived: 7/28/2017, 14:12:03

Last packet arrived: 7/28/2017, 14:23:03

MPLS LDP(3.3.3.3/24) 1:18-6-0 GE1/0/2(O) 291

2:24-6-0

3:30-6-1

SamplerMode: N/A SamplerInt: 0

Active: 660.084 Bytes/Pkt: 100

First packet arrived: 7/28/2017, 14:12:03

Last packet arrived: 7/28/2017, 14:23:03

IP& 192.168.123.1(2- 192.168.1.1(0) 1 0 N/A 0x0 GE1/0/2(O) 10

048)

L2 0012-3f86-e95d(0) 0012-3f86-e116(1008)

DstMask: 24 SrcMask: 24 NextHop: 192.168.1.2

DstAS: 0 SrcAS: 0 BGPNexthop: 0.0.0.0

OutVRF: vpn1 TCPFlag: 0

SamplerMode: N/A SamplerInt: 0

Active: 12.030 Bytes/Pkt: 86

First packet arrived: 7/28/2017, 14:12:03

Last packet arrived: 7/28/2017, 14:23:03

IP& 172.16.1.1(68) 172.16.2.1(67) 17 64 N/A 0x0 GE1/0/3(I) 1848

MPLS LDP(4.4.4.4/24) 1:55-6-0

2:16-6-1

DstMask: 24 SrcMask: 24 NextHop: 172.16.2.10

DstAS: 0 SrcAS: 0 BGPNextHop: 0.0.0.0

InVRF: vpn1

SamplerMode: N/A SamplerInt: 0

Active: 382.542 Bytes/Pkt: 1426

First packet arrived: 7/28/2017, 14:12:03

Last packet arrived: 7/28/2017, 14:23:03

Table 80 Command output

Field	Description
Active flow timeout	Aging timer for active flows, in minutes.
Inactive flow timeout	Aging timer for inactive flows, in seconds.
Max number of entries	Maximum number of flows allowed in the cache.
IP active flow entries	Number of active IP flows in the cache.
MPLS active flow entries	Number of active MPLS flows in the cache.
L2 active flow entries	Number of active Layer 2 flows in the cache.
IPL2 active flow entries	Number of active Layer 2 and Layer 3 flows in the cache.
IP flow entries counted	Number of IP flows that have been counted.
MPLS flow entries counted	Number of MPLS flows that have been counted.
L2 flow entries counted	Number of Layer 2 flows that have been counted.
IPL2 flow entries counted	Number of Layer 2 and Layer 3 flows that have been counted.
Last statistics resetting time	Last time the reset ip netstream statistics command was executed. This field displays Never if you have never executed this command.
IP packet size distribution (1103746 packets in total)	Distribution of IP packets by packet size, and the bracketed number is the total number of IP packets. The value is displayed in the proportion of the number of IP packets of the specified sizes to the total number of IP packets, and the value is displayed with 3 decimal places.
1-32 64 96 128 160 192 224 256 288 320 352 384 416 448 480 512 544 576 1024 1536 2048 2560 3072 3584 4096 4608	Range of IP packet length (excluding data link layer header) in bytes. · For the values in the range of 1 to 576, the range increases in the step of 32. For example, 1-32 shows the number of packets with the size of 1 to 32 bytes. 64 shows the number of packets with the size of 33 to 64 bytes. · For the values greater than 1024, the range increases in the step of 512. For example, 1536 shows the number of packets with the size of 1025 to 1536 bytes. · Packets with the size of 577 to 1024 bytes are recorded in the 1024 entry.
Protocol Total Flows Packets /sec Flows/sec Packets/flow Active(sec)/flow Idle(sec)/flow	Statistics of packets by protocol type: · Protocol type. · Total number of flows. · Number of packets per second. · Number of flows per second. · Number of packets per flow. · Active time (in seconds) of each flow. · Inactive time (in seconds) of each flow.
Type DstIP(Port) SrcIP(Port) Pro ToS VNI APPID If(Direct) Pkts	Statistics of the active flows in the current cache: · Flow type. Flows are classified into the following types: ¡ Layer 3 flows. ¡ Layer 2 flows. ¡ Layer 2 and Layer 3 flows. ¡ MPLS flows without IP options. ¡ MPLS flows with IP options. · Destination IP address (destination port). · Source IP address (source port). · Protocol number. · ToS. · Application layer protocol ID. · Interface name (direction). · Number of packets. ICMP packets do not contain port number fields, so the type and code fields are captured. The value for the destination port represents these two fields: · The highest 8 bits represent the type field. · The lowest 8 bits represent the code field. The value for the source port is set to 0 and does not indicate any statistics.
DstMAC(VLAN) SrcMAC(VLAN)	Layer 2 information of the active flows in the current cache: · Destination MAC address. · Destination VLAN ID. · Source MAC address. · Source VLAN ID.
TopLblType(IP/Mask) Lbl-Exp-S-List	Information about the active MPLS flows in the current cache: · Type of the labels at the top of the label stack: ¡ IP address associated with the label. ¡ Mask associated with the label. · Label list. Up to three labels can be listed in one label list.
TCPFlag: DstMask: SrcMask: NextHop: DstAS: SrcAS: BGPNextHop: OutVRF: InVRF: SamplerMode: SamplerInt: Active: Bytes/Pkt: First packet arrived: Last packet arrived:	Other information about the active flows in the cache: · TCP tag. · Destination mask. · Source mask. · Routing next hop. · Destination AS. · Source AS. · BGP next hop. · VPN instance to which the outbound packets belong. · VPN instance to which the inbound packets belong. · Sampling mode. NetStream supports the following sampling modes: ¡ 0—No sampling. ¡ 1—Fixed sampling. ¡ 2—Random sampling. · Sampling interval. · Flow's active time. · Number of bytes per packet. · Arrival time of the first packet of the flow. · Arrival time of the last packet of the flow.

display ip netstream export

Use display ip netstream export to display information about the NetStream data export.

Syntax

display ip netstream export

Views

Any view

Predefined user roles

network-admin

network-operator

Examples

# Display information about the NetStream data export.

<Sysname> display ip netstream export

IP export information:

Flow source interface : GigabitEthernet1/0/1

Flow destination VPN instance : VPN1

Flow destination IP address (UDP) : 10.10.0.10 (30000)

Version 5 exported flows number : 16

Version 5 exported UDP datagrams number (failed) : 16 (0)

Version 9 exported flows number : 20

Version 9 exported UDP datagrams number (failed) : 2 (0)

MPLS export information:

Flow source interface : GigabitEthernet1/0/1

Flow destination VPN instance : VPN1

Flow destination IP address (UDP) : 10.10.0.10 (30000)

Version 9 exported flows number : 20

Version 9 exported UDP datagrams number (failed) : 2 (0)

as aggregation export information:

Flow source interface : GigabitEthernet1/0/1

Flow destination VPN instance : VPN1

Flow destination IP address (UDP) : 10.10.0.10 (30000)

Version 8 exported flows number : 16

Version 8 exported UDP datagrams number (failed) : 2 (0)

Version 9 exported flows number : 16

Version 9 exported UDP datagrams number (failed) : 2 (0)

Table 81 Command output

Field	Description
IP export information	NetStream data export information.
Flow source interface	Source interface from which the NetStream data is exported.
Flow destination VPN instance	VPN to which the destination address of the NetStream data export belongs.
Flow destination IP address (UDP)	Destination IP address and UDP port number of the NetStream data export.
Version 5 exported flows number	Number of flows that are exported in version 5 format.
Version 5 exported UDP datagrams number (failed)	Number of UDP packets that are sent in version 5 format. The field in the parentheses indicates the number of UDP packets that failed to be sent.
Version 9 exported flows number	Number of flows that are exported in version 9 format.
Version 9 exported UDP datagrams number (failed)	Number of UDP packets that are sent in version 9 format. The value in the parentheses displays the number of UDP packets that failed to be sent.
MPLS export information	Statistics of the MPLS-aware NetStream data export in version 9.
as aggregation export information	Statistics of NetStream AS aggregation in version 8 format.
Version 8 exported flows number	Number of flows that are exported in version 8 format.
Version 8 exported UDP datagrams number (failed)	Number of UDP packets that are sent in version 8 format. The field in the parentheses indicates the number of UDP packets that failed to be sent.

display ip netstream template

Use display ip netstream template to display NetStream template information.

Syntax

Centralized devices in standalone mode:

display ip netstream template

Distributed devices in standalone mode/centralized devices in IRF mode:

display ip netstream template [ slot slot-number ]

Distributed devices in IRF mode:

display ip netstream template [ chassis chassis-number slot slot-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

slot slot-number: Specifies a card by its slot number. If you do not specify a card, the command displays NetStream template information for the active MPU. (Distributed devices in standalone mode.)

slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command displays NetStream template information for the master device. (Centralized devices in IRF mode.)

chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the card. If you do not specify a card, this command displays NetStream template information for the global active MPU. (Distributed devices in IRF mode.)

Usage guidelines

IP NetStream templates vary by aggregation mode. This command displays IP NetStream template information for all the configured aggregation modes.

Examples

# Display NetStream template information.

<Sysname> display ip netstream template

Flow template refresh frequency : 20

Flow template refresh interval : 30 min

Active flow templates : 4

Created flow templates : 4

L3 outbound template:

Template ID : 3282

Field count : 28

Field type Field length (bytes)

------------------------------------------------------------------------------

Out packets 8

Out bytes 8

First forwarded 4

Last forwarded 4

Input interface index 4

Output interface index 4

Source IPv4 address 4

Destination IPv4 address 4

Next hop IPv4 address 4

Source AS 4

Destination AS 4

L4 source port 2

L4 destination port 2

IP protocol version 1

TCP flags 1

Protocol 1

Source ToS 1

Source address mask 1

Destination address mask 1

Direction 1

Forwarding status 1

Out VPN ID 2

Sampling algorithm 1

PAD 1

Sampling interval 4

VXLAN ID 4

App ID 4

VPN instance name 65535

L3 inbound template:

Template ID : 3281

Packets : 0

Last template export time : Never

Field count : 28

Field type Field length (bytes)

------------------------------------------------------------------------------

Flows 4

In packets 8

In bytes 8

First forwarded 4

Last forwarded 4

Input interface index 4

Output interface index 4

Source IPv4 address 4

Destination IPv4 address 4

Next hop IPv4 address 4

Source AS 4

Destination AS 4

L4 source port 2

L4 destination port 2

IP protocol version 1

TCP flags 1

Protocol 1

Source ToS 1

Source address mask 1

Destination address mask 1

Direction 1

Forwarding status 1

In VPN ID 2

Sampling algorithm 1

PAD 1

Sampling interval 4

VPN instance name 65535

AS outbound template:

Template ID : 3258

Packets : 0

Last template export time : Never

Field count : 14

Field type Field length (bytes)

---------------------------------------------------------------------------

Flows 4

Out packets 8

Out bytes 8

First forwarded 4

Last forwarded 4

Source AS 4

Destination AS 4

Input interface index 4

Output interface index 4

Direction 1

Sampling algorithm 1

PAD 1

Sampling interval 4

AS inbound template:

Template ID : 3257

Packets : 0

Last template export time : Never

Field count : 14

Field type Field length (bytes)

---------------------------------------------------------------------------

Flows 4

In packets 8

In bytes 8

First forwarded 4

Last forwarded 4

Source AS 4

Destination AS 4

Input interface index 4

Output interface index 4

Direction 1

Sampling algorithm 1

PAD 1

Sampling interval 4

Table 82 Command output

Field	Description
Flow template refresh frequency	Refresh frequency at which the templates are sent, in packets.
Flow template refresh interval	Refresh interval at which the templates are sent, in minutes.
Active flow templates	Number of active NetStream templates.
Created flow templates	Number of templates that have been created.
L3 outbound template	Information of the Layer 3 template in the outbound direction.
L3 inbound template	Information of the Layer 3 template in the inbound direction.
Packets	Number of packets sent by using the template.
Last template export time	Time when the template was last exported.
Field count	Total number of fields in a template.
Field type	Type of a field in the template.
Field length (bytes)	Length of the field in bytes.
Flows	Number of aggregate flows.
Out packets	Number of sent packets.
In packets	Number of received packets.
Out bytes	Size of sent packets, in bytes.
In bytes	Size of received packets, in bytes.
First forwarded	System time when the first packet was forwarded, accurate to milliseconds.
Last forwarded	System time when the last packet was forwarded, accurate to milliseconds.
PAD	Padding string.
App ID	Application ID.
L4 source port	Source port number.
L4 destination port	Destination port number.
TCP flags	TCP flag of the flow.
Protocol	Layer 4 protocol type.
VPN instance name	VPN instance name. If the packets belong to the public network, this field displays N/A.
Out VPN ID	Name of the VPN instance to which the egress interface of the packets belong.
In VPN ID	Name of the VPN instance to which the ingress interface of the packets belong.

enable

Use enable to enable a NetStream aggregation mode.

Use undo enable to disable a NetStream aggregation mode.

Syntax

enable

undo enable

Default

No NetStream aggregation mode is enabled.

Views

NetStream aggregation mode view

Predefined user roles

network-admin

Examples

# Enable NetStream AS aggregation mode.

<Sysname> system-view

[Sysname] ip netstream aggregation as

[Sysname-ns-aggregation-as] enable

Related commands

ip netstream aggregation

ip netstream

Use ip netstream to enable NetStream on an interface.

Use undo ip netstream to disable NetStream on an interface.

Syntax

ip netstream { inbound | outbound }

undo ip netstream { inbound | outbound }

Default

NetStream is disabled on an interface.

Views

Interface view

Predefined user roles

network-admin

Parameters

inbound: Enables NetStream for incoming traffic.

outbound: Enables NetStream for outgoing traffic.

Examples

# Enable NetStream for incoming traffic on GigabitEthernet 1/0/1.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] ip netstream inbound

ip netstream filter

Use ip netstream filter to enable NetStream filtering on an interface.

Use undo ip netstream filter to disable NetStream filtering.

Syntax

ip netstream { inbound | outbound } filter acl ipv4-acl-number

undo ip netstream { inbound | outbound } filter

Default

NetStream filtering is disabled. NetStream collects statistics about all IPv4 packets passing through an interface.

Views

Interface view

Predefined user roles

network-admin

Parameters

inbound: Filters incoming traffic.

outbound: Filters outgoing traffic.

acl ipv4-acl-number: Specifies an IPv4 ACL by its number. For an IPv4 basic ACL, the value range is 2000 to 2999. For an IPv4 advanced ACL, the value range is 3000 to 3999.

Usage guidelines

NetStream filtering uses an ACL to identify intended packets.

· If you want to collect data for specific flows, use the ACL permit statements to identify the flows. NetStream collects data only for these flows.

· If you do not want to collect data for specific flows, use the ACL deny statements to identify the flows. NetStream does not collect data for these flows.

Examples

# Use ACL 2003 for outbound NetStream filtering on GigabitEthernet 1/0/1.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] ip netstream outbound

[Sysname-GigabitEthernet1/0/1] ip netstream outbound filter acl 2003

ip netstream ipsec raw-packet

Use ip netstream ipsec raw-packet to enable NetStream for outgoing packets before IPsec encapsulation.

Use undo ip netstream ipsec raw-packet to restore the default.

Syntax

ip netstream ipsec raw-packet

undo ip netstream ipsec raw-packet

Default

NetStream is enabled for outgoing IPsec encapsulated packets.

Views

Interface view

Predefined user roles

network-admin

Usage guidelines

This command takes effect only after you enable NetStream in the outbound direction of the interface.

Examples

# Enable NetStream for outgoing packets before IPsec encapsulation on GigabitEthernet 1/0/1.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] ip netstream outbound

[Sysname-GigabitEthernet1/0/1] ip netstream ipsec raw-packet

ip netstream sampler

Use ip netstream sampler to enable NetStream sampling.

Use undo ip netstream sampler to disable NetStream sampling.

Syntax

ip netstream [ inbound | outbound ] sampler sampler-name

undo ip netstream [ inbound | outbound ] sampler

Default

NetStream sampling is disabled.

Views

Interface view

Predefined user roles

network-admin

Parameters

inbound: Enables NetStream sampling in the inbound direction.

outbound: Enables NetStream sampling in the outbound direction.

sampler sampler-name: Specifies a sampler by its name, a case-insensitive string of 1 to 31 characters.

Examples

# Use sampler abc for inbound NetStream sampling on GigabitEthernet 1/0/1.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] ip netstream inbound

[Sysname-GigabitEthernet1/0/1] ip netstream inbound sampler abc

ip netstream aggregation

Use ip netstream aggregation to specify a NetStream aggregation mode and enter its view.

Use undo ip netstream aggregation to remove the configuration for a NetStream aggregation mode.

Syntax

ip netstream aggregation { as | destination-prefix | prefix | prefix-port | protocol-port | source-prefix | tos-as | tos-bgp-nexthop | tos-destination-prefix | tos-prefix | tos-protocol-port | tos-source-prefix }

undo ip netstream aggregation { as | destination-prefix | prefix | prefix-port | protocol-port | source-prefix | tos-as | tos-bgp-nexthop | tos-destination-prefix | tos-prefix | tos-protocol-port | tos-source-prefix }

Default

No NetStream aggregation mode is specified.

Views

System view

Predefined user roles

network-admin

Parameters

as: Specifies the AS aggregation by source AS number, destination AS number, inbound interface index, and outbound interface index.

destination-prefix: Specifies the destination-prefix aggregation by destination AS number, destination address mask length, destination prefix, and outbound interface index.

prefix: Specifies the source and destination prefix aggregation by the following criteria:

· Source AS number.

· Destination AS number.

· Source address mask length.

· Destination address mask length.

· Source prefix.

· Destination prefix.

· Inbound interface index.

· Outbound interface index.

prefix-port: Specifies the prefix-port aggregation by the following criteria:

· Source prefix.

· Destination prefix.

· Source address mask length.

· Destination address mask length.

· ToS.

· Protocol number.

· Source port.

· Destination port.

· Inbound interface index.

· Outbound interface index.

protocol-port: Specifies the protocol-port aggregation by protocol number, source port, and destination port.

source-prefix: Specifies the source-prefix aggregation by source AS number, source address mask length, source prefix, and inbound interface index.

tos-as: Specifies the ToS-AS aggregation by ToS, source AS number, destination AS number, inbound interface index, and outbound interface index.

tos-bgp-nexthop: Specifies the ToS-BGP nexthop aggregation by ToS, BGP next hop address, and outbound interface index. ToS-BGP next hop aggregation is supported by the version 9 template.

tos-destination-prefix: Specifies the ToS-destination-prefix aggregation by ToS, destination AS number, destination address mask length, destination prefix, and outbound interface index.

tos-prefix: Specifies the ToS-prefix aggregation by the following criteria:

· ToS.

· Source AS number.

· Source prefix.

· Source address mask length.

· Destination AS number.

· Destination address mask length.

· Destination prefix.

· Inbound interface index.

· Outbound interface index.

tos-protocol-port: Specifies the ToS-protocol-port aggregation by ToS, protocol number, source port, destination port, inbound interface index, and outbound interface index.

tos-source-prefix: Specifies the ToS-source-prefix aggregation by ToS, source AS number, source prefix, source address mask length, and inbound interface index.

Usage guidelines

In NetStream aggregation mode view, you can perform the following tasks:

· Enable or disable the specified NetStream aggregation mode.

· Configure source interface, destination IP address, and destination port for the NetStream data export.

A flow matching multiple aggregation modes is counted as multiple aggregate flows.

Examples

# Set the NetStream aggregation mode to AS, and enter NetStream AS aggregation mode view.

<Sysname> system-view

[Sysname] ip netstream aggregation as

[Sysname-ns-aggregation-as]

Related commands

enable

ip netstream export host

ip netstream export source

ip netstream export host

Use ip netstream export host to specify a destination host for NetStream data export.

Use undo ip netstream export host to remove the specified destination host or all destination hosts that are configured in the current view.

Syntax

ip netstream export host ip-address udp-port [ vpn-instance vpn-instance-name ]

undo ip netstream export host [ ip-address [ vpn-instance vpn-instance-name ] ]

Default

No destination host is specified.

Views

System view

NetStream aggregation mode view

Predefined user roles

network-admin

Parameters

ip-address: Specifies the destination IP address.

udp-port: Specifies the destination UDP port number in the range of 0 to 65535.

vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance to which the destination host belongs. The vpn-instance-name argument is a case-sensitive string of 1 to 31 characters. If the destination is on the public network, do not specify this option.

Usage guidelines

You can specify the same destination IP address and UDP port in different NetStream aggregation mode views. If an aggregation mode is not enabled, the display ip netstream export command cannot display the destination host configuration for the mode.

If no destination host is specified in a NetStream aggregation mode view, the destination host in system view applies. If destination hosts are specified in a NetStream aggregation view and system view, the destination hosts in aggregation view take effect.

You can specify a maximum of four destination hosts in system view or a NetStream aggregation mode view. If you specify a destination host with the same IP address but different UDP ports in the same view, the most recent configuration takes effect. You can specify destination hosts with the same IP address and UDP port but different VPN instances.

NetStream traditional data is exported to all destination hosts in system view. NetStream aggregation data is exported to all destination hosts in the related NetStream aggregation mode view. If you expect only the aggregation data, specify destination hosts only in the NetStream aggregation mode view. Aggregation data export reduces bandwidth usage.

Examples

# In system view, specify 172.16.105.48 as the IP address of the destination host and UDP port 5000 as the export destination port number.

<Sysname> system-view

[Sysname] ip netstream export host 172.16.105.48 5000

# In AS aggregation mode view, specify 172.16.105.50 as the IP address of the destination host and UDP port 6000 as the export destination port number.

<Sysname> system-view

[Sysname] ip netstream aggregation as

[Sysname-ns-aggregation-as] ip netstream export host 172.16.105.50 6000

Related commands

ip netstream aggregation

ip netstream export source

ip netstream export rate

Use ip netstream export rate to limit the NetStream data export rate.

Use undo ip netstream export rate to restore the default.

Syntax

ip netstream export rate rate

undo ip netstream export rate

Default

The export rate of NetStream data is not limited.

Views

System view

Predefined user roles

network-admin

Parameters

rate: Specifies the maximum number of packets to be exported per second. The value range is 1 to 1000.

Examples

# Allow a maximum of 10 packets to be exported per second.

<Sysname> system-view

[Sysname] ip netstream export rate 10

ip netstream export source

Use ip netstream export source to specify the source interface for data packets sent to NetStream servers. The IP address of the interface is used as the source IP of the data packets.

Use undo ip netstream export source to restore the default.

Syntax

ip netstream export source interface interface-type interface-number

undo ip netstream export source

Default

The packets take the primary IP address of the output interface as the source IP address.

Views

System view

NetStream aggregation mode view

Predefined user roles

network-admin

Parameters

interface-type interface-number: Specifies a source interface by its type and number.

Usage guidelines

You can configure different source interfaces in different NetStream aggregation mode views.

If no source interface is configured in NetStream aggregation mode view, the source interface in system view applies.

Examples

# In system view, specify GigabitEthernet 1/0/1 as the source interface for NetStream traditional data packets.

<Sysname> system-view

[Sysname] ip netstream export source interface gigabitethernet 1/0/1

# In AS aggregation mode view, specify GigabitEthernet 1/0/2 as the source interface for NetStream aggregation data packets.

<Sysname> system-view

[Sysname] ip netstream aggregation as

[Sysname-ns-aggregation-as] ip netstream export source interface gigabitethernet 1/0/2

Related commands

ip netstream aggregation

ip netstream export v9-template refresh-rate packet

Use ip netstream export v9-template refresh-rate packet to configure the refresh frequency (in packets) for NetStream version 9 templates. The templates are sent after the specified number of packets are sent.

Use undo ip netstream export v9-template refresh-rate packet to restore the default.

Syntax

ip netstream export v9-template refresh-rate packet packets

undo ip netstream export v9-template refresh-rate packet

Default

Version 9 templates are sent every 20 packets.

Views

System view

Predefined user roles

network-admin

Parameters

packets: Specifies the number of packets that are sent before version 9 templates are sent to NetStream servers for an update. The value range is 1 to 600.

Usage guidelines

Version 9 is template-based and supports user-defined formats. A NetStream device must send the version 9 templates to NetStream servers regularly, because the servers do not permanently save templates.

You can configure the refresh frequency or refresh interval for the device to send version 9 templates. If both settings are configured, templates are sent when either of the conditions is met.

To configure the refresh interval for version 9 templates, use the ip netstream export v9-template refresh-rate time command.

Examples

# Configure the device to send version 9 templates to NetStream servers every 100 packets.

<Sysname> system-view

[Sysname] ip netstream export v9-template refresh-rate packet 100

Related commands

ip netstream export v9-template refresh-rate time

Use ip netstream export v9-template refresh-rate time to configure the sending interval for version 9 templates.

Use undo ip netstream export version to restore the default.

Syntax

ip netstream export v9-template refresh-rate time minutes

undo ip netstream export v9-template refresh-rate time

Default

Version 9 templates are sent every 30 minutes.

Views

System view

Predefined user roles

network-admin

Parameters

minutes: Specifies the refresh interval in the range of 1 to 3600 minutes.

Usage guidelines

Version 9 is template-based and supports user-defined formats. An NetStream device must send the version 9 templates to NetStream servers regularly, because the servers do not permanently save templates.

You can adjust the refresh frequency or refresh interval for the device to send version 9 templates. If both settings are configured, templates are sent when either of the conditions is met.

To configure the refresh frequency for version 9 templates, use the ip netstream export v9-template refresh-rate packet command.

Examples

# Configure the device to send version 9 templates every 60 minutes.

<Sysname> system-view

[Sysname] ip netstream export v9-template refresh-rate time 60

Related commands

ip netstream export v9-template refresh-rate packet

ip netstream export version

Use ip netstream export version 5 to export NetStream data in the version 5 format and choose whether to record AS information.

Use ip netstream export version 9 to export NetStream data in the version 9 format and choose whether to record AS and BGP next hop information.

Use undo ip netstream export version to restore the default.

Syntax

ip netstream export version 5 [ origin-as | peer-as ]

ip netstream export version 9 [ origin-as | peer-as ] [ bgp-nexthop ]

undo ip netstream export version

Default

NetStream traditional data export uses the version 9 format. MPLS flow data is not exported. The peer AS numbers are exported. The BGP next hop is not recorded.

Views

System view

Predefined user roles

network-admin

Parameters

origin-as: Records the source AS of the source address and the destination AS of the destination address.

peer-as: Records the ASs before and after the AS where the NetStream device resides as the source AS and destination AS, respectively.

bgp-nexthop: Records BGP next hops.

Usage guidelines

A NetStream entry records the source IP address and destination IP address, and two AS numbers for each IP address. You can choose to configure which AS numbers are to be exported as the source AS and destination AS.

You can choose to record BGP next hop data only when you configure the version 9 format.

You can configure only one version format on the device. If you execute the ip netstream export version 5 and ip netstream export version 9 commands multiple times, the most recent configuration takes effect.

If the version 5 format is configured, the NetStream aggregation data export uses the version 8 format.

If the version 9 format is configured, the NetStream aggregation data export uses the version 9 format.

Examples

# Configure the device to export NetStream data in the version 5 format and to specify the NetStream data to include the source AS and destination AS.

<Sysname> system-view

[Sysname] ip netstream export version 5 origin-as

ip netstream max-entry

Use ip netstream max-entry to set the upper limit for NetStream entries.

Use undo ip netstream max-entry to restore the default.

Syntax

ip netstream max-entry max-entries

undo ip netstream max-entry

Default

The upper limit for NetStream entries is 10000.

Views

System view

Predefined user roles

network-admin

Parameters

max-entries: Specifies the upper limit for NetStream entries that the cache can accommodate. The value range is 1000 to 100000.

Usage guidelines

(Distributed devices in standalone mode.) The max-entries argument takes effect on each card.

(Distributed devices in IRF mode.) The max-entries argument takes effect on each card of each IRF member device.

(Centralized devices in IRF mode.) The max-entries argument takes effect on each IRF member device.

If you execute this command multiple times, the most recent configuration takes effect.

Examples

# Set the upper limit to 5000 for NetStream entries.

<Sysname> system-view

[Sysname] ip netstream max-entry 5000

ip netstream mpls

Use ip netstream mpls to enable MPLS packet statistics collection.

Use undo ip netstream mpls to disable MPLS packet statistics collection.

Syntax

ip netstream mpls [ label-positions label-position1 [ label-position2 [ label-position3 ] ] ] [ no-ip-fields ]

undo ip netstream mpls

Default

MPLS packet statistics collection is disabled.

Views

System view

Predefined user roles

network-admin

Parameters

label-positions: Specifies position of the labels to be counted.

label-position1: Specifies the position of the first label in the label stack, in the range of 1 to 6.

label-position2: Specifies the position of the second label in the label stack, in the range of 1 to 6.

label-position3: Specifies the position of the third label in the label stack, in the range of 1 to 6.

no-ip-fields: Specifies not to count IP fields.

Usage guidelines

This command enables statistics collection of MPLS packets for both IPv4 and IPv6 NetStream.

If you do not specify any keywords or options, the top label and IP fields are counted.

If multiple labels are to be counted, the label positions specified cannot be the same and are in ascending order.

Examples

# Enable NetStream for MPLS packets with top label counted but without IP fields.

<Sysname> system-view

[Sysname] ip netstream mpls no-ip-fields

ip netstream timeout active

Use ip netstream timeout active to set the aging timer for active flows.

Use undo ip netstream timeout active to restore the default.

Syntax

ip netstream timeout active minutes

undo ip netstream timeout active

Default

The aging timer is 30 minutes for active flows.

Views

System view

Predefined user roles

network-admin

Parameters

minutes: Sets the aging timer for active flows, in the range of 1 to 60 minutes.

Usage guidelines

A flow is considered active if packets for the NetStream entry arrive before the timer set by this command expires.

Examples

# Set the aging timer to 60 minutes for active flows.

<Sysname> system-view

[Sysname] ip netstream timeout active 60

Related commands

ip netstream timeout inactive

Use ip netstream timeout inactive to set the aging timer for inactive flows.

Use undo ip netstream timeout inactive to restore the default.

Syntax

ip netstream timeout inactive seconds

undo ip netstream timeout inactive

Default

The aging timer is 30 seconds for inactive flows.

Views

System view

Predefined user roles

network-admin

Parameters

seconds: Sets the aging timer for inactive flows, in the range of 10 to 600 seconds.

Usage guidelines

A flow is considered inactive if no packet for the NetStream entry arrives before the timer set by this command expires.

Examples

# Set the aging timer to 60 seconds for inactive flows.

<Sysname> system-view

[Sysname] ip netstream timeout inactive 60

Related commands

ip netstream timeout active

reset ip netstream statistics

Use reset ip netstream statistics to age out all flows in the cache and export NetStream data.

Syntax

reset ip netstream statistics

Views

User view

Predefined user roles

network-admin

Usage guidelines

It takes the system several minutes to execute the command. During this period, the system does not collect NetStream data.

Examples

# Age out and export all NetStream data.

<Sysname> reset ip netstream statistics

This process may take a few minutes.

Netstream statistic function is disabled during this process.

IPv6 NetStream commands

Commands and descriptions for centralized devices apply to the following routers:

· MSR810/810-W/810-W-DB/810-LM/810-W-LM/810-10-PoE/810-LM-HK/810-W-LM-HK/810-LMS/810-LUS.

· MSR2600-6-X1/2600-10-X1.

· MSR 2630.

· MSR3600-28/3600-51.

· MSR3600-28-SI/3600-51-SI.

· MSR3610-X1/3610-X1-DP/3610-X1-DC/3610-X1-DP-DC.

· MSR 3610/3620/3620-DP/3640/3660.

· MSR810-LM-GL/810-W-LM-GL/830-6EI-GL/830-10EI-GL/830-6HI-GL/830-10HI-GL/2600-6-X1-GL/3600-28-SI-GL.

Commands and descriptions for distributed devices apply to the following routers:

· MSR5620.

· MSR 5660.

· MSR 5680.

display ipv6 netstream cache

Use display ipv6 netstream cache to display IPv6 NetStream entry information.

Syntax

Centralized devices in standalone mode:

display ipv6 netstream cache [ verbose ] [ type { ip | ipl2 | l2 | mpls [ label-position1 label-value1 [ label-position2 label-value2 [ label-position3 label-value3 ] ] ] } ] [ destination destination-ip | destination-port destination-port | interface interface-type interface-number | protocol protocol | source source-ip | source-port source-port ] * [ arrived-time start-date start-time end-date end-time ]

Distributed devices in standalone mode/centralized devices in IRF mode:

Distributed devices in IRF mode:

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

verbose: Displays detailed information about IPv6 NetStream entries.

type: Specifies the IPv6 NetStream entry type. If you do not specify this keyword, this commands displays information about all types of IPv6 NetStream entries.

ip: Specifies IP flow NetStream entries.

ipl2: Specifies Layer 2 and Layer 3 flow NetStream entries.

l2: Specifies Layer 2 flow NetStream entries.

mpls: Specifies MPLS flow NetStream entries.

label-position1 label-value1: Specifies a label by its position and value. The value range for the label-position1 argument is 1 to 6, representing labels from the outermost to the innermost. The value range for the label-value1 argument is 0 to 1048575.

label-position2 label-value2: Specifies a label by its position and value. The value range for the label-position2 argument is 1 to 6, representing labels from the outermost to the innermost. The value range for the label-value2 argument is 0 to 1048575.

label-position3 label-value3: Specifies a label by its position and value. The value range for the label-position3 argument is 1 to 6, representing labels from the outermost to the innermost. The value range for the label-value3 argument is 0 to 1048575.

destination destination-ipv6: Specifies a destination IPv6 address. If you specify this option, this command does not display Layer 2 NetStream entries.

destination-port destination-port: Specifies a destination port number in the range of 0 to 65535. If you specify this option, this command does not display Layer 2 NetStream entries.

interface interface-type interface-number: Specifies an interface by its type and number.

source source-ipv6: Specifies a source IPv6 address. If you specify this option, this command does not display Layer 2 NetStream entries.

source-port source-port: Specifies a source port number in the range of 0 to 65535. If you specify this option, this command does not display Layer 2 NetStream entries.

arrived-time: Specifies an arrived time range to display IPv6 NetStream entries. If you do not specify this keyword, the arrived time is not used as a criterion for filtering the IPv6 NetStream entries to be displayed.

slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays information about IPv6 NetStream entries for all cards. (Distributed devices in standalone mode.)

slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command displays information about IPv6 NetStream entries for all member devices. (Centralized devices in IRF mode.)

chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the card. If you do not specify a card, this command displays information about IPv6 NetStream entries for all cards. (Distributed devices in IRF mode.)

verbose: Displays detailed information about IPv6 NetStream entries.

Examples

# Display information about IPv6 NetStream entries with a protocol number of 17.

<Sysname> display ipv6 netstream cache protocol 17

Type DstIP(Port) SrcIP(Port) Pro ToS VNI APPID If(Direct) Pkts

DstMAC(VLAN) SrcMAC(VLAN)

TopLblType(IP/Mask) Lbl-Exp-S-List

--------------------------------------------------------------------------

IP 2010::1(1024) 2020::1(21) 17 128 10 0xe GE1/0/1(I) 42996

# Display information about IPv6 NetStream entries arrived at the IPv6 NetStream cache between 14:19:03 and 14:23:03 on July 28, 2017.

<Sysname> display ipv6 netstream cache arrived-time 7/28/2017 14:19:03 7/28/2017 14:23:03

Type DstIP(Port) SrcIP(Port) Pro ToS VNI If(Direct) Pkts

DstMAC(VLAN) SrcMAC(VLAN)

TopLblType(IP/Mask) Lbl-Exp-S-List

--------------------------------------------------------------------------

IP 2001::1(1024) 2002::1(21) 6 128 10 GE1/0/1(I) 42996

First packet arrived: 7/28/2017, 14:20:03

Last packet arrived: 7/28/2017, 14:21:03

MPLS LDP(3.3.3.3/24) 1:18-6-0 GE1/0/2(O) 291

2:24-6-0

3:30-6-1

First packet arrived: 7/28/2017, 14:20:01

Last packet arrived: 7/28/2017, 14:21:03

IP& 2003::1(2048) 2008::1(0) 1 0 N/A GE1/0/2(O) 10

L2 0012-3f86-e95d(0) 0012-3f86-e116(1008)

First packet arrived: 7/28/2017, 14:20:04

Last packet arrived: 7/28/2017, 14:21:03

IP& 2010::1(1024) 2002::1(21) 17 64 N/A GE1/0/3(I) 1848

MPLS LDP(4.4.4.4/24) 1:55-6-0

2:16-6-1

First packet arrived: 7/28/2017, 14:20:03

Last packet arrived: 7/28/2017, 14:23:03

# (Centralized devices in standalone mode.) Display information about IPv6 NetStream entries.

<Sysname> display ipv6 netstream cache verbose

IPv6 NetStream cache information:

Active flow timeout : 60 min

Inactive flow timeout : 10 sec

Max number of entries : 1000

IPv6 active flow entries : 1

MPLS active flow entries : 2

IPL2 active flow entries : 1

IPv6 flow entries counted : 10

MPLS flow entries counted : 20

IPL2 flow entries counted : 20

Last statistics resetting time : 01/01/2000 at 00:01:02

IPv6 packet size distribution (1103746 packets in total):

1-32 64 96 128 160 192 224 256 288 320 352 384 416 448 480

.249 .694 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000

512 544 576 1024 1536 2048 2560 3072 3584 4096 4608 >4608

.000 .000 .027 .000 .027 .000 .000 .000 .000 .000 .000 .000

Protocol Total Packets Flows Packets Active(sec) Idle(sec)

Flows /sec /sec /flow /flow /flow

--------------------------------------------------------------------------

TCP-Telnet 2656855 372 4 86 49 27

TCP-FTP 5900082 86 9 9 11 33

TCP-FTPD 3200453 1006 5 193 45 33

TCP-WWW 546778274 11170 887 12 8 32

TCP-other 49148540 3752 79 47 30 32

UDP-DNS 117240379 570 190 3 7 34

UDP-other 45502422 2272 73 30 8 37

ICMP 14837957 125 24 5 12 34

IP-other 77406 5 0 47 52 27

Type DstIP(Port) SrcIP(Port) Pro TC FlowLbl APPID If(Direct) Pkts

DstMAC(VLAN) SrcMAC(VLAN)

TopLblType(IP/MASK) Lbl-Exp-S-List

--------------------------------------------------------------------------

IP 2001::1(1024) 2002::1(21) 6 0 0x6000 0x0 GE1/0/1(I) 42996

MPLS LDP(3.3.3.3/24) 1:18-6-0 GE1/0/2(O) 291

2:24-6-0

3:30-6-1

IP& 2010::1(1024) 2020::1(67) 17 0 0x12345 0x0 GE1/0/3(I) 1848

MPLS LDP(4.4.4.4/24) 1:55-6-0

2:16-6-1

# (Distributed devices in standalone mode.) Display information about IPv6 NetStream entries for the card in slot 1.

<Sysname> display ipv6 netstream cache slot 1 verbose

IPv6 NetStream cache information:

Active flow timeout : 60 min

Inactive flow timeout : 10 sec

Max number of entries : 1000

IPv6 active flow entries : 1

MPLS active flow entries : 2

IPL2 active flow entries : 1

IPv6 flow entries counted : 10

MPLS flow entries counted : 20

IPL2 flow entries counted : 20

Last statistics resetting time : 01/01/2000 at 00:01:02

IPv6 packet size distribution (1103746 packets in total):

1-32 64 96 128 160 192 224 256 288 320 352 384 416 448 480

.249 .694 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000

512 544 576 1024 1536 2048 2560 3072 3584 4096 4608 >4608

.000 .000 .027 .000 .027 .000 .000 .000 .000 .000 .000 .000

Protocol Total Packets Flows Packets Active(sec) Idle(sec)

Flows /sec /sec /flow /flow /flow

--------------------------------------------------------------------------

TCP-Telnet 2656855 372 4 86 49 27

TCP-FTP 5900082 86 9 9 11 33

TCP-FTPD 3200453 1006 5 193 45 33

TCP-WWW 546778274 11170 887 12 8 32

TCP-other 49148540 3752 79 47 30 32

UDP-DNS 117240379 570 190 3 7 34

UDP-other 45502422 2272 73 30 8 37

ICMP 14837957 125 24 5 12 34

IP-other 77406 5 0 47 52 27

Type DstIP(Port) SrcIP(Port) Pro TC FlowLbl APPID If(Direct) Pkts

DstMAC(VLAN) SrcMAC(VLAN)

TopLblType(IP/MASK)Lbl-Exp-S-List

--------------------------------------------------------------------------

IP 2001::1(1024) 2002::1(21) 6 0 0x0 0x0 ET1/1(I) 42996

TcpFlag: 0x1b

DstMask: 24 SrcMask: 24

DstAS: 0 SrcAS: 0

NextHop: 2001::2

BGPNextHop: 0:0:0:0:0:0:0:0

InVRF: mvpn

SamplerMode:Random SamplerInt: 0

Active: 120 Bytes/Pkt: 152

MPLS LDP(3.3.3.3/24) 1:18-6-0 GE1/0/2(O) 291

2:24-6-0

3:30-6-1

SamplerMode:Random SamplerInt: 0

Active: 660 Bytes/Pkt: 100

IP 2003::1(2048) 2008::1(0) 1 0 0x0 0x0 GE1/0/2(O) 10

IP& 2010::1(1024) 2020::1(67) 17 255 0x12345 0x0 GE1/0/3(I) 1848

MPLS LDP(4.4.4.4/24) 1:55-6-0

2:16-6-1

3:0-0-0

TcpFlag: 0

DstMask: 24 SrcMask: 24

DstAS: 0 SrcAS: 0

NextHop: 2020::2

BGPNextHop: 0:0:0:0:0:0:0:0

InVRF: vpn1

SamplerMode:Random SamplerInt: 0

Active: 382 Bytes/Pkt: 1426

Table 83 Command output

Field	Description
Active flow timeout	Aging timer for active flows, in minutes.
Inactive flow timeout	Aging timer for inactive flows, in seconds.
Max number of entries	Maximum number of IPv6 flows allowed in the cache.
IPv6 active flow entries	Number of active IPv6 flows in the cache.
MPLS active flow entries	Number of active IPv6 MPLS flows in the cache.
IPL2 active flow entries	Number of active Layer 2 flows with IPv6 protocol information.
IPv6 flow entries counted	Number of IPv6 flows that have been counted.
MPLS flow entries counted	Number of MPLS flows that have been counted.
IPL2 flow entries counted	Number of Layer 2 flows (with IPv6 protocol information) that have been counted.
Last statistics resetting time	Last time the reset ipv6 netstream statistics command was executed. This field displays Never if you have never executed this command.
IPv6 packet size distribution (1103746 packets in total):	Distribution of IPv6 packets by packet size, and the bracketed number is the total number of IPv6 packets. The value is displayed in the proportion of the number of IPv6 packets of the specified sizes to the total number of IPv6 packets. The value is displayed with three decimal places.
1-32 64 96 128 160 192 224 256 288 320 352 384 416 448 480 512 544 576 1024 1536 2048 2560 3072 3584 4096 4608 >4608	Range of IPv6 packet length (excluding data link layer header). · For the values in the range of 1 to 576 bytes, the range increases in the step of 32 bytes. For example, 1-32 shows the number of packets with the size of 1 to 32 bytes. 64 shows the number of packets with the size of 33 to 64 bytes. · For the values greater than 1024 bytes, the range increases in the step of 512 bytes. For example, 1536 shows the number of packets with the size of 1025 to 1536 bytes. · Packets with the size of 577 to 1024 bytes are recorded in the 1024 entry.
Protocol Total Flows Packets/Sec Flow/Sec Packets/flow Active(sec)/ flow Idle(sec)/flow	Statistics of packets by protocol type: · Protocol type. · Total number of flows. · Number of packets per second. · Number of flows per second. · Number of packets per flow. · Active time (in seconds) of each flow. · Inactive time (in seconds) of each flow.
Type DstIP(Port) SrcIP(Port) Pro TC FlowLbl APPID If(Direct) Pkts	Statistics of the active flows in the current cache: · Flow type. Flows are classified into the following types: ¡ IP flows. ¡ Layer 2 flows with IPv6 protocol information (IPL2). ¡ MPLS flows without IP options (MPLS). ¡ MPLS flows with IP options (IP&MPLS). · Destination IPv6 address (destination port). · Source IPv6 address (source port). · Protocol number. · Traffic classification. · Flow label. · Application layer protocol ID. · Interface name (direction). · Number of packets. ICMPv6 packets do not contain port number fields, so the type and code fields are captured. The value for the destination port represents these two fields: · The highest 8 bits represent the type field. · The lowest 8 bits represent the code field. The value for the source port is set to 0 and does not indicate any statistics.
DstMAC(VLAN) SrcMAC(VLAN)	Layer 2 information for the active flows in the current cache: · Destination MAC address. · Destination VLAN ID. · Source MAC address. · Source VLAN ID.
TopLblType(IP/MASK) Lbl-Exp-S-List	Information about the active MPLS flows in the current cache: · Type of the labels at the top of the label stack: ¡ IP address associated with the label. ¡ Mask associated with the label. · Label list: ¡ Lbl—20-bit label value. ¡ Exp—3-bit field for implementing QoS. ¡ S—1-bit bottom of stack flag. The S field is set to 1 if the label is the bottom label and set to 0 if not.
TcpFlag: DstMask: SrcMask: DstAS: SrcAS: NextHop: BGPNextHop: OutVRF: InVRF: SamplerMode: SamplerInt: Active: Bytes/Pkt: First packet arrived: Last packet arrived:	Other information about the active flows in the cache: · TCP flag. · Destination mask. · Source mask. · Destination AS. · Source AS. · Routing next hop. · BGP next hop. · VPN to which the outbound packets belong. · VPN to which the inbound packets belong. · Sampling mode. IPv6 NetStream supports the following sampling modes: ¡ N/A—No sampling. ¡ Fixed—Fixed sampling. ¡ Random—Random sampling. · Sampling interval. · Flow's active time. · Number of bytes per packet. · Arrival time of the first packet of the flow. · Arrival time of the last packet of the flow.

display ipv6 netstream export

Use display ipv6 netstream export to display information about the IPv6 NetStream data export.

Syntax

display ipv6 netstream export

Views

Any view

Predefined user roles

network-admin

network-operator

Examples

# Display information about the IPv6 NetStream data export.

<Sysname> display ipv6 netstream export

as aggregation export information:

Flow source interface : GigabitEthernet1/0/1

Flow destination VPN instance : VPN1

Flow destination IP address (UDP) : 40::1 (30000)

Version 9 exported flow number : 16

Version 9 exported UDP datagrams number (failed) : 2 (0)

IPv6 export information:

Flow source interface : GigabitEthernet1/0/1

Flow destination VPN instance : VPN1

Flow destination IP address (UDP) : 40::1 (30000)

Version 9 exported flow number : 16

Version 9 exported UDP datagrams number (failed): 16 (0)

MPLS export information:

Flow source interface : GigabitEthernet1/0/1

Flow destination VPN instance : VPN1

Flow destination IP address (UDP) : 40::1 (30000)

Version 9 exported flow number : 20

Version 9 exported UDP datagrams number (failed) : 2 (0)

Table 84 Command output

Field	Description
IPv6 export information	Information about the IPv6 NetStream data export.
Flow source interface	Source interface from which the IPv6 NetStream data is exported.
Flow destination VPN instance	VPN to which the destination address of the IPv6 NetStream data export belongs.
Flow destination IP address (UDP)	Destination IP address and UDP port number of the IPv6 NetStream data export.
Version 9 exported flow number	Number of flows that are exported in the version 9 format.
Version 9 exported UDP datagrams number (failed)	Number of UDP packets that are sent in the version 9 format. The value in the parentheses displays the number of UDP packets that failed to be sent.
MPLS export information	Statistics of the MPLS-aware IPv6 NetStream data export in version 9.
as aggregation export information	Statistics of IPv6 NetStream AS aggregation in the version 9 format.

display ipv6 netstream template

Use display ipv6 netstream template to display IPv6 NetStream template information.

Syntax

Centralized devices in standalone mode:

display ipv6 netstream template

Distributed devices in standalone mode/centralized devices in IRF mode:

display ipv6 netstream template [ slot slot-number ]

Distributed devices in IRF mode:

display ipv6 netstream template [ chassis chassis-number slot slot-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

slot slot-number: Specifies a card by its slot number. If you do not specify a card, the command displays IPv6 NetStream template information for the active MPU. (Distributed devices in standalone mode.)

slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command displays IPv6 NetStream template information for the master device. (Centralized devices in IRF mode.)

chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the card. If you do not specify a card, this command displays IPv6 NetStream template information for the global active MPU. (Distributed devices in IRF mode.)

Usage guidelines

IPv6 NetStream templates vary by aggregation mode. This command displays IPv6 NetStream template information for all the configured aggregation modes.

Examples

# Display IPv6 NetStream template information.

<Sysname> display ipv6 netstream template

Flow template refresh frequency : 20

Flow template refresh interval : 30 min

Active flow templates : 4

Created flow templates : 4

L3 outbound template:

Template ID : 3305

Field count : 27

Field type Field length (bytes)

---------------------------------------------------------------------------

Out packets 8

Out bytes 8

First forwarded 4

Last forwarded 4

Input Interface Index 4

Output Interface Index 4

Source IPv6 address 16

Destination IPv6 address 16

Next hop IPv6 address 16

PAD 1

IPv6 flow label 3

Source AS 4

Destination AS 4

L4 source port 2

L4 destination port 2

IP protocol version 1

TCP flags 1

Protocol 1

Source ToS 1

Source address mask 1

Destination address mask 1

Direction 1

Forwarding status 1

Out VPN ID 2

Sampling algorithm 1

PAD 1

Sampling interval 4

VPN instance name 65535

L3 inbound template:

Template ID : 3306

Field count : 27

Field type Field length (bytes)

---------------------------------------------------------------------------

In packets 8

In bytes 8

First forwarded 4

Last forwarded 4

Input Interface Index 4

Output Interface Index 4

Source IPv6 address 16

Destination IPv6 address 16

Next hop IPv6 address 16

PAD 1

IPv6 flow label 3

Source AS 4

Destination AS 4

L4 source port 2

L4 destination port 2

IP protocol version 1

TCP flags 1

Protocol 1

Source ToS 1

Source address mask 1

Destination address mask 1

Direction 1

Forwarding status 1

In VPN ID 2

Sampling algorithm 1

PAD 1

Sampling interval 4

VPN instance name 65535

AS outbound template:

Template ID : 3293

Field count : 14

Field type Field length (bytes)

---------------------------------------------------------------------------

Flows 4

Out packets 8

Out bytes 8

First forwarded 4

Last forwarded 4

Source AS 4

Destination AS 4

Input Interface Index 4

Output Interface Index 4

IP protocol version 1

Direction 1

Sampling algorithm 1

PAD 1

Sampling interval 4

AS inbound template:

Template ID : 3292

Field count : 14

Field type Field length (bytes)

---------------------------------------------------------------------------

Flows 4

In packets 8

In bytes 8

First forwarded 4

Last forwarded 4

Source AS 4

Destination AS 4

Input Interface Index 4

Output Interface Index 4

IP protocol version 1

Direction 1

Sampling algorithm 1

PAD 1

Sampling interval 4

Table 85 Command output

Field	Description
Flow template refresh frequency	Refresh frequency at which the templates are sent, in packets.
Flow template refresh interval	Refresh interval at which the templates are sent, in minutes.
Active flow templates	Number of active IPv6 NetStream templates.
Created flow templates	Number of templates that have been created.
L3 outbound template	Information about the Layer 3 template in the outbound direction.
L3 inbound template	Information about the Layer 3 template in the inbound direction.
AS outbound template	Information about the AS template in the outbound direction.
AS inbound template	Information about the AS template in the inbound direction.
Packets	Number of packets sent by using the template.
Last template export time	Time when the template was exported most recently.
Field count	Total number of fields in the template.
Field type	Type of a field in the template.
Field length (bytes)	Length of the field, in bytes.
Flows	Number of flows.
Out packets	Number of sent packets.
In packets	Number of received packets.
Out bytes	Number of sent bytes.
In bytes	Number of received bytes.
First forwarded	System time when the first packet was forwarded, accurate to milliseconds.
Last forwarded	System time when the last packet was forwarded, accurate to milliseconds.
PAD	Padding string.
Sampling interval	Sampling rate.
TCP flags	TCP flag of the flow.
Protocol	Layer 4 protocol type.
VPN instance name	VPN instance name. If the packets belong to the public network, this field displays N/A.
Out VPN ID	Name of the VPN instance to which the egress interface of the packets belong.
In VPN ID	Name of the VPN instance to which the ingress interface of the packets belong.

enable

Use enable to enable an IPv6 NetStream aggregation mode.

Use undo enable to disable an IPv6 NetStream aggregation mode.

Syntax

enable

undo enable

Default

No IPv6 NetStream aggregation mode is enabled.

Views

IPv6 NetStream aggregation mode view

Predefined user roles

network-admin

Examples

# Enable IPv6 NetStream AS aggregation mode.

<Sysname> system-view

[Sysname] ipv6 netstream aggregation as

[Sysname-ns6-aggregation-as] enable

Related commands

ipv6 netstream aggregation

ipv6 netstream

Use ipv6 netstream to enable IPv6 NetStream on an interface.

Use undo ipv6 netstream to disable IPv6 NetStream on an interface.

Syntax

ipv6 netstream { inbound | outbound }

undo ipv6 netstream { inbound | outbound }

Default

IPv6 NetStream is disabled on an interface.

Views

Interface view

Predefined user roles

network-admin

Parameters

inbound: Enables IPv6 NetStream for incoming traffic.

outbound: Enables IPv6 NetStream for outgoing traffic.

Examples

# Enable IPv6 NetStream for incoming traffic on GigabitEthernet 1/0/1.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] ipv6 netstream inbound

ipv6 netstream filter

Use ipv6 netstream filter to enable IPv6 NetStream filtering on an interface.

Use undo ipv6 netstream filter to disable IPv6 NetStream filtering.

Syntax

ipv6 netstream { inbound | outbound } filter acl ipv6-acl-number

undo ipv6 netstream { inbound | outbound } filter

Default

IPv6 NetStream filtering is disabled. IPv6 NetStream collects statistics about all IPv6 packets passing through an interface.

Views

Interface view

Predefined user roles

network-admin

Parameters

inbound: Filters incoming traffic.

outbound: Filters outgoing traffic.

acl ipv6-acl-number: Specifies an IPv6 ACL by its number. For an IPv6 basic ACL, the value range is 2000 to 2999. For an IPv6 advanced ACL, the value range is 3000 to 3999.

Usage guidelines

IPv6 NetStream filtering uses an ACL to identify intended packets.

· If you want to collect data for specific flows, use the ACL permit statements to identify the flows. IPv6 NetStream collects data only for these flows.

· If you do not want to collect data for specific flows, use the ACL deny statements to identify the flows. IPv6 NetStream does not collect data for these flows.

Examples

# Use ACL 2003 for outbound IPv6 NetStream filtering on GigabitEthernet 1/0/1.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] ipv6 netstream outbound

[Sysname-GigabitEthernet1/0/1] ipv6 netstream outbound filter acl 2003

ipv6 netstream ipsec raw-packet

Use ipv6 netstream ipsec raw-packet to configure IPv6 NetStream to collect statistics for outgoing IPsec packets before IPsec encapsulation.

Use undo ipv6 netstream ipsec raw-packet to restore the default.

Syntax

ipv6 netstream ipsec raw-packet

undo ipv6 netstream ipsec raw-packet

Default

IPv6 NetStream collects statistics for outgoing IPsec packets after IPsec encapsulation.

Views

Interface view

Predefined user roles

network-admin

Usage guidelines

IPv6 NetStream collects statistics for outgoing IPsec packets on an interface either before or after IPsec encapsulation.

For NetStream to collects statistics for outgoing IPsec packets on an interface, you must enable NetStream in the outbound direction of the interface.

Examples

# Enable IPv6 NetStream to collect statistics for outgoing IPsec packets before IPsec encapsulation on GigabitEthernet 1/0/1.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] ipv6 netstream outbound

[Sysname-GigabitEthernet1/0/1] ipv6 netstream ipsec raw-packet

ipv6 netstream sampler

Use ipv6 netstream sampler to enable IPv6 NetStream sampling.

Use undo ipv6 netstream sampler to disable IPv6 NetStream sampling.

Syntax

ipv6 netstream [ inbound | outbound ] sampler sampler-name

undo ipv6 netstream [ inbound | outbound ] sampler

Default

IPv6 NetStream sampling is disabled.

Views

Interface view

Predefined user roles

network-admin

Parameters

inbound: Enables IPv6 NetStream sampling in the inbound direction.

outbound: Enables IPv6 NetStream sampling in the outbound direction.

sampler sampler-name: Specifies a sampler by its name. The name is a case-insensitive string of 1 to 31 characters.

Examples

# Use sampler abc for inbound IPv6 NetStream sampling on GigabitEthernet 1/0/1.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] ipv6 netstream inbound

[Sysname-GigabitEthernet1/0/1] ipv6 netstream inbound sampler abc

ipv6 netstream aggregation

Use ipv6 netstream aggregation to specify an IPv6 NetStream aggregation mode and enter its view.

Use undo ipv6 netstream aggregation to remove the configuration for an IPv6 NetStream aggregation mode.

Syntax

ipv6 netstream aggregation { as | bgp-nexthop | destination-prefix | prefix | protocol-port | source-prefix }

undo ipv6 netstream aggregation { as | bgp-nexthop | destination-prefix | prefix | protocol-port | source-prefix }

Default

No IPv6 NetStream aggregation mode is specified.

Views

System view

Predefined user roles

network-admin

Parameters

as: Specifies the AS aggregation by source AS number, destination AS number, input interface index, and output interface index.

bgp-nexthop: Specifies the BGP nexthop aggregation by BGP next hop IPv6 address and output interface index.

destination-prefix: Specifies the destination-prefix aggregation by destination AS number, destination address mask length, destination prefix, and output interface index.

prefix: Specifies the source and destination prefix aggregation by the following criteria:

· Source AS number.

· Destination AS number.

· Source address mask length.

· Destination address mask length.

· Source prefix.

· Destination prefix.

· Input interface index.

· Output interface index.

protocol-port: Specifies the protocol-port aggregation by protocol number, source port, and destination port.

source-prefix: Specifies the source-prefix aggregation by source AS number, source address mask length, source prefix, and input interface index.

Usage guidelines

In IPv6 NetStream aggregation mode view, you can perform the following tasks:

· Enable or disable the specified IPv6 NetStream aggregation mode.

· Configure source interface, destination IPv6 address, and destination port for the IPv6 NetStream data export.

A flow matching multiple aggregation modes is counted as multiple aggregate flows.

Examples

# Set the IPv6 NetStream aggregation mode to AS, and enter IPv6 NetStream AS aggregation mode view.

<Sysname> system-view

[Sysname] ipv6 netstream aggregation as

[Sysname-ns-aggregation-as]

Related commands

enable

ipv6 netstream export host

ipv6 netstream export source

ipv6 netstream export host

Use ipv6 netstream export host to specify a destination host for IPv6 NetStream data export.

Use undo ipv6 netstream export host to remove the specified destination host or all destination hosts that are configured in the current view.

Syntax

ipv6 netstream export host { ipv4-address | ipv6-address } udp-port [ vpn-instance vpn-instance-name ]

undo ipv6 netstream export host [ ipv4-address | ipv6-address [ vpn-instance vpn-instance-name ] ]

Default

No destination host is specified.

Views

System view

IPv6 NetStream aggregation mode view

Predefined user roles

network-admin

Parameters

ipv4-address: Specifies the destination IPv4 address.

ipv6-address: Specifies the destination IPv6 address.

udp-port: Specifies the destination UDP port number in the range of 0 to 65535.

Usage guidelines

You can specify the same destination host address and UDP port in different IPv6 NetStream aggregation mode views. If an aggregation mode is not enabled, the display ipv6 netstream export command cannot display the destination host configuration for the mode.

If no destination host is specified in an IPv6 NetStream aggregation mode view, the destination host in system view applies. If destination hosts are specified in an IPv6 NetStream aggregation view and system view, the destination hosts in aggregation view take effect.

You can specify a maximum of four destination hosts in system view or in IPv6 NetStream aggregation mode view. If you specify a destination host with the same destination address but different UDP ports in the same view, the most recent configuration takes effect. You can specify destination hosts with the same destination address and UDP port but different VPN instances.

IPv6 NetStream traditional data is exported to all destination hosts in system view. IPv6 NetStream aggregation data is exported to all destination hosts in the related aggregation view. If you expect only IPv6 NetStream aggregation data, specify destination hosts only in the IPv6 NetStream aggregation mode view. Aggregation data export reduces bandwidth usage.

Examples

# In system view, specify 40::1 as the IPv6 address of the destination host and UDP port 5000 as the export destination port number.

<Sysname> system-view

[Sysname] ipv6 netstream export host 40::1 5000

# In AS aggregation mode view, specify 40::1 as the IPv6 address of the destination host and UDP port 6000 as the export destination port number.

<Sysname> system-view

[Sysname] ipv6 netstream aggregation as

[Sysname-ns6-aggregation-as] ipv6 netstream export host 40::1 6000

Related commands

ipv6 netstream aggregation

ipv6 netstream export source

ipv6 netstream export rate

Use ipv6 netstream export rate to limit the IPv6 NetStream data export rate.

Use undo ipv6 netstream export rate to restore the default.

Syntax

ipv6 netstream export rate rate

undo ipv6 netstream export rate

Default

The export rate of IPv6 NetStream data is not limited.

Views

System view

Predefined user roles

network-admin

Parameters

rate: Specifies the maximum number of packets to be exported per second. The value range is 1 to 1000.

Examples

# Allow a maximum of 10 packets to be exported per second.

<Sysname> system-view

[Sysname] ipv6 netstream export rate 10

ipv6 netstream export source

Use ipv6 netstream export source to specify the source interface for data packets sent to NetStream servers. The IPv6 address of the interface is used as the source IPv6 address of the data packets.

Use undo ipv6 netstream export source to restore the default.

Syntax

ipv6 netstream export source interface interface-type interface-number

undo ipv6 netstream export source

Default

The packets take the primary IPv6 address of the output interface as the source IPv6 address.

Views

System view

IPv6 NetStream aggregation mode view

Parameters

interface-type interface-number: Specifies a source interface by its type and number for the IPv6 NetStream data export.

Usage guidelines

You can configure different source interfaces in different IPv6 NetStream aggregation mode views.

If no source interface is configured in IPv6 NetStream aggregation mode view, the source interface in system view applies.

As a best practice, connect the management Ethernet interface to a NetStream server, and configure the interface as the source interface.

Examples

# In system view, specify GigabitEthernet 1/0/1 as the source interface for IPv6 NetStream traditional data packets.

<Sysname> system-view

[Sysname] ipv6 netstream export source interface gigabitethernet 1/0/1

# In AS aggregation mode view, specify GigabitEthernet 1/0/2 as the source interface for IPv6 NetStream aggregation data packets.

<Sysname> system-view

[Sysname] ipv6 netstream aggregation as

[Sysname-ns6-aggregation-as] ipv6 netstream export source interface gigabitethernet 1/0/2

Related commands

ipv6 netstream aggregation

ipv6 netstream export v9-template refresh-rate packet

Use ipv6 netstream export v9-template refresh-rate packet to configure the refresh frequency (in packets) for IPv6 NetStream version 9 templates. The templates are sent after the specified number of packets are sent.

Use undo ipv6 netstream export v9-template refresh-rate packet to restore the default.

Syntax

ipv6 netstream export v9-template refresh-rate packet packets

undo ipv6 netstream export v9-template refresh-rate packet

Default

Version 9 templates are sent every 20 packets.

Views

System view

Predefined user roles

network-admin

Parameters

packets: Specifies the number of packets that are sent before version 9 templates are sent to NetStream servers for an update. The value range is 1 to 600.

Usage guidelines

Version 9 is template-based and supports user-defined formats. An IPv6 NetStream device must send the version 9 templates to NetStream servers regularly, because the servers do not permanently save templates.

You can configure the refresh frequency or refresh interval for the device to send version 9 templates. If both settings are configured, templates are sent when either of the conditions is met.

To configure the refresh interval for version 9 templates, use the ipv6 netstream export v9-template refresh-rate time command.

Examples

# Configure the device to send IPv6 NetStream version 9 templates every 100 packets.

<Sysname> system-view

[Sysname] ipv6 netstream export v9-template refresh-rate packet 100

Related commands

ipv6 netstream export v9-template refresh-rate time

Use ipv6 netstream export v9-template refresh-rate time to configure the sending interval for IPv6 NetStream version 9 templates.

Use undo ipv6 netstream export v9-template refresh-rate time to restore the default.

Syntax

ipv6 netstream export v9-template refresh-rate time minutes

undo ipv6 netstream export v9-template refresh-rate time

Default

Version 9 templates are sent every 30 minutes.

Views

System view

Predefined user roles

network-admin

Parameters

minutes: Specifies the interval in the range of 1 to 3600 minutes.

Usage guidelines

You can adjust the refresh frequency or refresh interval for the device to send version 9 templates. If both settings are configured, templates are sent when either of the conditions is met.

To configure the refresh frequency for version 9 templates, use the ipv6 netstream export v9-template refresh-rate packet command.

Examples

# Configure the device to send version 9 templates every 60 minutes.

<Sysname> system-view

[Sysname] ipv6 netstream export v9-template refresh-rate time 60

Related commands

ipv6 netstream export v9-template refresh-rate packet

ipv6 netstream export version 9

Use ipv6 netstream export version 9 to export IPv6 NetStream data in the version 9 format and choose whether to record AS and BGP next hop information.

Use undo ipv6 netstream export version to restore the default.

Syntax

ipv6 netstream export version 9 { origin-as | peer-as } [ bgp-nexthop ]

undo ipv6 netstream export version

Default

The version 9 format is used to export IPv6 NetStream traditional data, IPv6 NetStream aggregation data, and MPLS flow data with IPv6 fields.

The peer AS numbers are recorded. The BGP next hop is not recorded.

Views

System view

Predefined user roles

network-admin

Parameters

origin-as: Records the source AS of the source address and the destination AS of the destination address.

peer-as: Records the ASs before and after the AS where the NetStream device resides as the source AS and destination AS, respectively.

bgp-nexthop: Records BGP next hops.

Usage guidelines

An IPv6 NetStream entry records the source IPv6 address, destination IPv6 address, and two AS numbers for each address. You can choose to configure which AS numbers are to be exported as the source AS and destination AS.

When you execute the command without any keywords, the peer AS numbers are recorded, and the BGP next hop is not recorded.

Examples

# Configure the device to export IPv6 NetStream data in the version 9 format, and specify the IPv6 NetStream data to include the source AS and destination AS.

<Sysname> system-view

[Sysname] ipv6 netstream export version 9 origin-as

ipv6 netstream max-entry

Use ipv6 netstream max-entry to set the upper limit for IPv6 NetStream entries.

Use undo ipv6 netstream max-entry to restore the default.

Syntax

ipv6 netstream max-entry max-entries

undo ipv6 netstream max-entry

Default

The upper limit for IPv6 NetStream entries is 10000.

Views

System view

Predefined user roles

network-admin

Parameters

max-entries: Specifies the upper limit for IPv6 NetStream entries that the cache can accommodate. The value range is 1000 to 100000.

Usage guidelines

(Distributed devices in standalone mode.) The max-entries argument takes effect on each card.

(Distributed devices in IRF mode.) The max-entries argument takes effect on each card of each IRF member device.

(Centralized devices in IRF mode.) The max-entries argument takes effect on each IRF member device.

If you execute the ipv6 netstream max-entry max-entries command multiple times, the most recent configuration takes effect.

Examples

# Set the upper limit to 5000 for IPv6 NetStream entries.

<Sysname> system-view

[Sysname] ipv6 netstream max-entry 5000

ipv6 netstream timeout active

Use ipv6 netstream timeout active to set the aging timer for active flows.

Use undo ipv6 netstream timeout active to restore the default.

Syntax

ipv6 netstream timeout active minutes

undo ipv6 netstream timeout active

Default

The aging timer is 30 minutes for active flows.

Views

System view

Predefined user roles

network-admin

Parameters

minutes: Sets the aging timer for active flows, in the range of 1 to 60 minutes.

Usage guidelines

A flow is considered active if packets for the IPv6 NetStream entry arrive before the timer set by this command expires.

Examples

# Set the aging timer to 60 minutes for active flows.

<Sysname> system-view

[Sysname] ipv6 netstream timeout active 60

Related commands

ipv6 netstream timeout inactive

Use ipv6 netstream timeout inactive to set the aging timer for inactive flows.

Use undo ipv6 netstream timeout inactive to restore the default.

Syntax

ipv6 netstream timeout inactive seconds

undo ipv6 netstream timeout inactive

Default

The aging timer is 30 seconds for inactive flows.

Views

System view

Predefined user roles

network-admin

Parameters

seconds: Sets the aging timer for inactive flows, in the range of 10 to 600 seconds.

Usage guidelines

A flow is considered inactive if no packet for the IPv6 NetStream entry arrives before the timer set by this command expires.

Examples

# Set the aging timer to 60 seconds for inactive flows.

<Sysname> system-view

[Sysname] ipv6 netstream timeout inactive 60

Related commands

ipv6 netstream timeout active

reset ipv6 netstream statistics

Use reset ipv6 netstream statistics to age out all flows in the cache and export IPv6 NetStream data.

Syntax

reset ipv6 netstream statistics

Views

User view

Predefined user roles

network-admin

Usage guidelines

It takes the system several minutes to execute the command. During this period, the system does not collect IPv6 NetStream data.

Examples

# Age out and export all IPv6 NetStream data.

<Sysname> reset ipv6 netstream statistics

This process may take a few minutes.

NetStream statistic function is disabled during this process.

sFlow commands

sFlow sampling is not supported on Layer 2 Ethernet interfaces and Layer-configurable Ethernet interfaces.

The following matrix shows the feature and hardware compatibility:

Hardware	sFlow compatibility
MSR810/810-W/810-W-DB/810-LM/810-W-LM/810-10-PoE/810-LM-HK/810-W-LM-HK/810-LMS/810-LUS	No
MSR2600-6-X1	No
MSR2600-10-X1	Yes
MSR 2630	Yes
MSR3600-28/3600-51	Yes
MSR3600-28-SI/3600-51-SI	No
MSR3610-X1/3610-X1-DP/3610-X1-DC/3610-X1-DP-DC	Yes
MSR 3610/3620/3620-DP/3640/3660	Yes
MSR5620/5660/5680	No on the management Ethernet interfaces of the MPUs Yes on Ethernet interfaces of the SPUs

Hardware	sFlow compatibility
MSR810-LM-GL	No
MSR810-W-LM-GL	No
MSR830-6EI-GL	No
MSR830-10EI-GL	No
MSR830-6HI-GL	No
MSR830-10HI-GL	No
MSR2600-6-X1-GL	No
MSR3600-28-SI-GL	No

display sflow

Use display sflow to display sFlow configuration and operation information.

Syntax

display sflow

Views

Any view

Predefined user roles

network-admin

network-operator

Examples

# Display sFlow configuration and operation information.

<Sysname> display sflow

sFlow datagram version: 5

Global information:

Agent IP: 10.10.10.1(CLI)

Source address: 10.0.0.1 2001::1

Collector information:

ID IP Port Aging Size VPN-instance Description

1 22:2:20::10 6535 N/A 1400 vpn1 netserver

2 192.168.3.5 6543 500 1400 Office

Port information:

Interface CID Interval(s) FID MaxHLen Rate Mode Status

GE1/0/1 1 100 1 128 1000 Determine Active

GE1/0/2 2 100 2 128 1000 Determine Active

Table 86 Command output

Field	Description
sFlow datagram version	sFlow version, which can only take the value of 5. The device can send only sFlow packets whose sFlow version is 5.
Global information	Global sFlow information.
Agent IP	IP address of the sFlow agent: · CLI—Manually configured IP address. · Auto—Automatically configured IP address.
Source address	Source IP address of sFlow packets.
Collector information	sFlow collector information.
ID	sFlow collector ID.
IP	sFlow collector IP address.
Port	sFlow collector port.
Aging	Remaining lifetime of the sFlow collector. If this field displays N/A, the sFlow collector never ages out.
Size	Maximum length of the sFlow data portion in an sFlow packet.
VPN-instance	Name of the VPN instance to which the sFlow collector belongs.
Description	Description of the sFlow collector.
Port information	Information about interfaces configured with sFlow.
Interface	Interface configured with sFlow.
CID	ID of the sFlow collector for receiving counter sampled packets. If no sFlow collector ID is specified, this field displays 0.
Interval(s)	Counter sampling interval, in seconds.
FID	ID of the sFlow collector for receiving flow sampled packets. If no sFlow collector ID is specified, this field displays 0.
MaxHLen	Maximum number of bytes that can be copied in a sampled packet (starting from the packet header).
Rate	Number of packets out of which the interface samples a packet by using flow sampling.
Mode	Flow sampling mode. Determine indicates that sFlow samples a fixed number of packets.
Status	sFlow status of the port: · Suspended—The sFlow feature is suspended because the port is down. · Active—The sFlow feature is active because the port is up.

sflow agent

Use sflow agent to configure an IP address for the sFlow agent.

Use undo sflow agent to restore the default.

Syntax

sflow agent { ip ipv4-address | ipv6 ipv6-address }

undo sflow agent { ip | ipv6 }

Default

No IP address is configured for the sFlow agent. The device periodically identifies whether the sFlow agent has an IP address. If the sFlow agent does not have an IP address, the device automatically selects an IPv4 address for the sFlow agent. It does not save the IPv4 address in the configuration file.

Views

System view

Predefined user roles

network-admin

Parameters

ip ipv4-address: Specifies an IPv4 address for the sFlow agent.

ipv6 ipv6-address: Specifies an IPv6 address for the sFlow agent.

Usage guidelines

As a best practice, manually configure an IP address for the sFlow agent.

If you execute this command multiple times, the most recent configuration takes effect.

Examples

# Specify IP address 10.10.10.1 for the sFlow agent.

<Sysname> system-view

[Sysname] sflow agent ip 10.10.10.1

sflow collector

Use sflow collector to configure parameters for an sFlow collector.

Use undo sflow collector to remove an sFlow collector.

Syntax

sflow collector collector-id [ vpn-instance vpn-instance-name ] { ip ipv4-address | ipv6 ipv6-address } [ port port-number ] [ datagram-size size ] [ time-out seconds ] [ description string ]

undo sflow collector collector-id

Default

No sFlow collector information is configured.

Views

System view

Predefined user roles

network-admin

Parameters

collector-id: Specifies an sFlow collector by its ID. The value range for this argument is 1 to 10.

vpn-instance vpn-instance-name: Specifies a VPN instance by its name for the sFlow collector. A VPN instance name is a case-sensitive string of 1 to 31 characters and cannot contain spaces. By default, the sFlow collector belongs to the public network.

ip ipv4-address: Specifies an IPv4 address for the sFlow collector.

ipv6 ipv6-address: Specifies an IPv6 address for the sFlow collector.

description string: Specifies a description, a case-sensitive string of 1 to 127 characters. The default description is "CLI Collector."

datagram-size size: Specifies the maximum length of the sFlow data portion in an sFlow packet. The value range for the size argument is 200 to 3000 bytes, and the default value is 1400 bytes.

port port-number: Specifies the UDP port number of the sFlow collector, in the range of 1 to 65535. The default is 6343.

time-out seconds: Specifies the aging timer of the sFlow collector, in the range of 1 to 2147483647 seconds. When the aging timer expires, the sFlow collector settings are deleted. The sFlow collector settings do not age out by default.

Examples

# Configure the following parameters for sFlow collector 2:

· VPN name—vpn1.

· IP address—3.3.3.1.

· Port number—Default.

· Description—netserver.

· Aging timer—1200 seconds.

· Maximum length of the sFlow data portion in the sFlow packet—1000 bytes.

<Sysname> system-view

[Sysname] sflow collector 2 vpn-instance vpn1 ip 3.3.3.1 description netserver time-out 1200 datagram-size 1000

sflow counter interval

Use sflow counter interval to enable counter sampling and set a counter sampling interval on an interface.

Use undo sflow counter interval to disable counter sampling on an interface.

Syntax

sflow counter interval interval

undo sflow counter interval

Default

Counter sampling is disabled.

Views

Layer 3 Ethernet interface view

Predefined user roles

network-admin

Parameters

interval: Specifies the counter sampling interval in the range of 2 to 86400 seconds.

Examples

# Enable counter sampling and set the counter sampling interval to 120 seconds on GigabitEthernet 1/0/1.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] sflow counter interval 120

sflow counter collector

Use sflow counter collector to specify an sFlow collector for counter sampling.

Use undo sflow counter collector to restore the default.

Syntax

sflow counter collector collector-id

undo sflow counter collector

Default

No sFlow collector is specified for counter sampling.

Views

Layer 3 Ethernet interface view

Predefined user roles

network-admin

Parameters

collector-id: Specifies an sFlow collector by its ID. The value range for this argument is 1 to 10.

Examples

# Specify sFlow collector 2 on GigabitEthernet 1/0/1 for counter sampling.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] sflow counter collector 2

sflow flow collector

Use sflow flow collector to specify an sFlow collector for flow sampling.

Use undo sflow flow collector to restore the default.

Syntax

sflow flow collector collector-id

undo sflow flow collector

Default

No sFlow collector is specified for flow sampling.

Views

Layer 3 Ethernet interface view

Predefined user roles

network-admin

Parameters

collector-id: Specifies an sFlow collector by its ID. The value range for this argument is 1 to 10.

Examples

# Specify sFlow collector 2 on GigabitEthernet 1/0/1 for flow sampling.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] sflow flow collector 2

sflow flow max-header

Use sflow flow max-header to set the maximum number of bytes (starting from the packet header) that flow sampling can copy per packet.

Use undo sflow flow max-header to restore the default.

Syntax

sflow flow max-header length

undo sflow flow max-header

Default

Flow sampling can copy up to 128 bytes of a packet.

Views

Layer 3 Ethernet interface view

Predefined user roles

network-admin

Parameters

length: Specifies the maximum number of bytes that can be copied, in the range of 18 to 512. As a best practice, use the default value.

Examples

# Set the maximum number of bytes to 60 for flow sampling to copy per packet on GigabitEthernet 1/0/1.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] sflow flow max-header 60

sflow sampling-mode

Use sflow sampling-mode to specify a flow sampling mode.

Use undo sflow sampling-mode to restore the default.

Syntax

sflow sampling-mode determine

undo sflow sampling-mode

Default

Fixed sampling mode is used.

Views

Layer 3 Ethernet interface view

Predefined user roles

network-admin

Parameters

determine: Specifies the fixed sampling mode. For example, if the flow sampling interval is set to 4000 (by using the sflow sampling-rate command), the device samples packets as follows:

· The device randomly samples a packet, like the tenth packet, from the first 4000 packets.

· The next time the device samples the 4010th packet, and so on.

Examples

# Specify fixed flow sampling mode on GigabitEthernet 1/0/1.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] sflow sampling-mode determine

Related commands

sflow sampling-rate

Use sflow sampling-rate to enable flow sampling and specify the number of packets out of which flow sampling will sample a packet on an interface.

Use undo sflow sampling-rate to disable flow sampling on an interface.

Syntax

sflow sampling-rate rate

undo sflow sampling-rate

Default

Flow sampling is disabled.

Views

Layer 3 Ethernet interface view

Predefined user roles

network-admin

Parameters

rate: Specifies the number of packets out of which flow sampling will sample a packet on the interface. The value range for this argument is 1000 to 5000.

Examples

# Enable flow sampling to sample a packet out of 4000 packets on GigabitEthernet 1/0/1.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] sflow sampling-rate 4000

Related commands

sflow sampling-mode

sflow source

Use sflow source to specify the source IP address of sent sFlow packets.

Use undo sflow source to restore the default.

Syntax

sflow source { ip ipv4-address | ipv6 ipv6-address } *

undo sflow source { ip | ipv6 } *

Default

The source IP address of sent sFlow packets is determined by routing.

Views

System view

Predefined user roles

network-admin

Parameters

ip ipv4-address: Specifies the source IPv4 address of sent sFlow packets.

ipv6 ipv6-address: Specifies the source IPv6 address of sent sFlow packets.

Examples

# Specify the source IPv4 address of sent sFlow packets as 10.0.0.1.

<Sysname> system-view

[Sysname] sflow source ip 10.0.0.1

Information center commands

Commands and descriptions for centralized devices apply to the following routers:

· MSR810/810-W/810-W-DB/810-LM/810-W-LM/810-10-PoE/810-LM-HK/810-W-LM-HK/810-LMS/810-LUS.

· MSR2600-6-X1/2600-10-X1.

· MSR 2630.

· MSR3600-28/3600-51.

· MSR3600-28-SI/3600-51-SI.

· MSR3610-X1/3610-X1-DP/3610-X1-DC/3610-X1-DP-DC.

· MSR 3610/3620/3620-DP/3640/3660.

· MSR810-LM-GL/810-W-LM-GL/830-6EI-GL/830-10EI-GL/830-6HI-GL/830-10HI-GL/2600-6-X1-GL/3600-28-SI-GL.

Commands and descriptions for distributed devices apply to the following routers:

· MSR5620.

· MSR 5660.

· MSR 5680.

diagnostic-logfile save

Use diagnostic-logfile save to manually save diagnostic logs from the diagnostic log file buffer to the diagnostic log file.

Syntax

diagnostic-logfile save

Views

Any view

Predefined user roles

network-admin

Usage guidelines

You can specify the directory to save the diagnostic log file by using the info-center diagnostic-logfile directory command.

The system clears the diagnostic log file buffer after saving the buffered diagnostic logs to the diagnostic log file.

If the diagnostic log file buffer is empty, this command displays a success message event though no logs are saved to the diagnostic log file.

Examples

# Manually save diagnostic logs from the diagnostic log file buffer to the diagnostic log file.

<Sysname> diagnostic-logfile save

The contents in the diagnostic log file buffer have been saved to the file flash:/diagfile/diagfile.log.

Related commands

info-center diagnostic-logfile enable

info-center diagnostic-logfile directory

display diagnostic-logfile summary

Use display diagnostic-logfile summary to display the diagnostic log file configuration.

Syntax

display diagnostic-logfile summary

Views

Any view

Predefined user roles

network-admin

network-operator

Examples

# Display the diagnostic log file configuration.

<Sysname> display diagnostic-logfile summary

Diagnostic log file: Enabled.

Diagnostic log file size quota: 10 MB

Diagnostic log file directory: flash:/diagfile

Writing frequency: 24 hour 0 min 0 sec

Table 87 Command output

Field	Description
Diagnostic log file	· Enabled—Diagnostic logs can be output to the diagnostic log file. · Disabled—Diagnostic logs cannot be output to the diagnostic log file.
Diagnostic log file size quota	Maximum size for the diagnostic log file, in MB.
Log file directory	Directory where the diagnostic log file is saved.
Writing frequency	Interval at which the system saves diagnostic logs from the buffer to the diagnostic log file.

display info-center

Use display info-center to display information center configuration.

Syntax

display info-center

Views

Any view

Predefined user roles

network-admin

network-operator

Examples

# Display information center configuration.

<Sysname> display info-center

Information Center: Enabled

Console: Enabled

Monitor: Enabled

Log host: Enabled

192.168.0.1,

port number: 514, host facility: local7

Log buffer: Enabled

Max buffer size 1024, current buffer size 512,

Current messages 0, dropped messages 0, overwritten messages 0

Log file: Enabled

Security log file: Enabled

Information timestamp format:

Log host: Date

Other output destination: Date

display logbuffer

Use display logbuffer to display the state of the log buffer and the log information in the log buffer.

Syntax

Centralized devices in standalone mode:

display logbuffer [ reverse ] [ level severity | size buffersize ] *

Distributed devices in standalone mode/centralized devices in IRF mode:

display logbuffer [ reverse ] [ level severity | size buffersize | slot slot-number ] *

Distributed devices in IRF mode:

display logbuffer [ reverse ] [ level severity | size buffersize | chassis chassis-number slot slot-number ] *

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

reverse: Displays log entries chronologically, with the most recent entry at the top. If you do not specify this keyword, the command displays log entries chronologically, with the oldest entry at the top.

level severity: Specifies a severity level in the range of 0 to 7. If you do not specify a severity level, this command displays log information for all levels.

Table 88 Log levels

Severity value	Level	Description	Corresponding keyword in commands
0	Emergency	The system is unusable. For example, the system authorization has expired.	emergency
1	Alert	Action must be taken immediately. For example, traffic on an interface exceeds the upper limit.	alert
2	Critical	Critical condition. For example, the device temperature exceeds the upper limit, the power module fails, or the fan tray fails.	critical
3	Error	Error condition. For example, the link state changes.	error
4	Warning	Warning condition. For example, an interface is disconnected, or the memory resources are used up.	warning
5	Notification	Normal but significant condition. For example, a terminal logs in to the device, or the device reboots.	notification
6	Informational	Informational message. For example, a command or a ping operation is executed.	informational
7	Debugging	Debugging message.	debugging

size buffersize: Specifies the number of latest logs to be displayed. The value range is 1 to 1024. If you do not specify this option, the command displays all logs in the log buffer.

slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays information for all cards. (Distributed devices in standalone mode.)

slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command displays information for all member devices. (Centralized devices in IRF mode.)

chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the card. If you do not specify a card, this command displays information for all cards. (Distributed devices in IRF mode.)

Examples

# (Centralized devices in standalone mode.) Display the state and log information of the log buffer.

<Sysname> display logbuffer

Log buffer: Enabled

Max buffer size: 1024

Actual buffer size: 512

Dropped messages: 0

Overwritten messages: 718

Current messages: 512

%Jun 17 15:57:09:578 2006 Sysname SYSLOG/7/SYS_RESTART:System restarted --

…

# (Distributed devices in standalone mode/centralized devices in IRF mode.) Display the state and log information of the log buffer.

<Sysname> display logbuffer slot 1

Log buffer: Enabled

Max buffer size: 1024

Actual buffer size: 512

Dropped messages: 0

Overwritten messages: 0

Current messages: 127

%Jun 19 18:03:24:55 2006 Sysname SYSLOG /7/SYS_RESTART:System restarted

…

# (Distributed devices in IRF mode.) Display the state and log information of the log buffer.

<Sysname> display logbuffer chassis 0 slot 1

Log buffer: Enabled

Max buffer size: 1024

Actual buffer size: 512

Dropped messages: 0

Overwritten messages: 0

Current messages: 127

%Jun 19 18:03:24:55 2006 Sysname SYSLOG/7/SYS_RESTART:System restarted

…

Table 89 Command output

Field	Description
Log buffer	· Enabled—Logs can be output to the log buffer. · Disabled—Logs cannot be output to the buffer.
Max buffer size	Maximum buffer size supported by the device.
Actual buffer size	Maximum buffer size configured by using the info-center logbuffer size command.
Dropped messages	Number of dropped messages.
Overwritten messages	Number of overwritten messages.
Current messages	Number of current messages.

Related commands

info-center logbuffer

reset logbuffer

display logbuffer summary

Use display logbuffer summary to display the summary of the log buffer.

Syntax

Centralized devices in standalone mode:

display logbuffer summary [ level severity ]

Distributed devices in standalone mode/centralized devices in IRF mode:

display logbuffer summary [ level severity | slot slot-number ] *

Distributed devices in IRF mode:

display logbuffer summary [ level severity | chassis chassis-number slot slot-number ] *

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

level severity: Specifies a severity level in the range of 0 to 7. If you do not specify a severity level, this command displays log information of all levels in the log buffer. For more information about log levels, see Table 88.

slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays information for all cards. (Distributed devices in standalone mode.)

slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command displays information for all member devices. (Centralized devices in IRF mode.)

chassis chassis-number slot slot-number: Specifies a card on an IRF member device. The chassis-number argument represents the member ID of the IRF member device. The slot-number argument represents the slot number of the card. If you do not specify a card, this command displays information for all cards. (Distributed devices in IRF mode.)

Examples

# (Centralized devices in standalone mode.) Display the summary of the log buffer.

<Sysname> display logbuffer summary

Slot EMERG ALERT CRIT ERROR WARN NOTIF INFO DEBUG

0 0 0 0 0 22 0 1 0

# (Centralized devices in IRF mode.) Display the summary of the log buffer.

<Sysname> display logbuffer summary

SLOT EMERG ALERT CRIT ERROR WARN NOTIF INFO DEBUG

1 0 0 0 7 0 34 38 0

2 0 0 0 0 0 0 0 0

3 0 0 0 0 0 0 0 0

4 0 0 0 0 0 0 0 0

# (Distributed devices in standalone mode.) Display the summary of the log buffer.

<Sysname> display logbuffer summary

SLOT EMERG ALERT CRIT ERROR WARN NOTIF INFO DEBUG

0 0 0 0 0 0 0 0 0

1 0 0 0 0 0 0 0 0

2 0 0 0 0 0 0 0 0

3 0 0 0 0 16 0 1 0

# (Distributed devices in IRF mode.) Display the summary of the log buffer.

<Sysname> display logbuffer summary

CHASSIS SLOT EMERG ALERT CRIT ERROR WARN NOTIF INFO DEBUG

1 0 0 0 0 1 238 0 1 0

1 1 0 0 0 0 0 0 0 0

1 2 0 0 0 0 1 0 0 0

2 0 0 0 0 0 5 0 0 0

2 1 0 0 0 0 1 0 0 0

Table 90 Command output

Field	Description
CHASSIS	Member ID of the device in the IRF fabric. (Distributed devices in IRF mode.)
SLOT	Slot number of the card. (Distributed devices.)
SLOT	Device ID. (Centralized devices in IRF mode.)
EMERG	Represents emergency. For more information, see Table 88.
ALERT	Represents alert. For more information, see Table 88.
CRIT	Represents critical. For more information, see Table 88.
ERROR	Represents error. For more information, see Table 88.
WARN	Represents warning. For more information, see Table 88.
NOTIF	Represents notification. For more information, see Table 88.
INFO	Represents informational. For more information, see Table 88.
DEBUG	Represents debug. For more information, see Table 88.

display logfile summary

Use display logfile summary to display the log file configuration.

Syntax

display logfile summary

Views

Any view

Predefined user roles

network-admin

network-operator

Examples

# Display the log file configuration.

<Sysname> display logfile summary

Log file: Enabled.

Log file size quota: 10 MB

Log file directory: flash:/logfile

Writing frequency: 0 hour 1 min 10 sec

Table 91 Command output

Field	Description
Log file	· Enabled—Logs can be output to a log file. · Disabled—Logs cannot be output to a log file.
Log file size quota	Maximum storage space reserved for a log file, in MB.
Log file directory	Log file directory.
Writing frequency	Log file writing frequency.

display security-logfile summary

Use display security-logfile summary to display the summary of the security log file.

Syntax

display security-logfile summary

Views

Any view

Predefined user roles

security-audit

Usage guidelines

A local user can use this command only after being authorized as the security log administrator by the system administrator through the authorization-attribute user-role security-audit command. For more information about the security log administrator, see Security Configuration Guide.

Examples

# Display the summary of the security log file.

<Sysname> display security-logfile summary

Security log file: Enabled

Security log file size quota: 10 MB

Security log file directory: flash:/seclog

Alarm threshold: 80%

Current usage: 30%

Writing frequency: 1 hour 0 min 0 sec

Table 92 Command output

Field	Description
Security log file	· Enabled—Security logs can be output to the security log file. · Disabled—Security logs cannot be output to the security log file.
Security log file size quota	Maximum storage space reserved for the security log file.
Security log file directory	Security log file directory.
Alarm-threshold	Alarm threshold of the security log file usage.
Current usage	Current usage of the security log file.
Writing frequency	Security log file writing frequency.

Related commands

authorization-attribute (Security Command Reference)

enable log updown

Use enable log updown to enable an interface to generate link up or link down logs when the interface state changes.

Use undo enable log updown to disable an interface from generating link up or link down logs when the interface state changes.

Syntax

enable log updown

undo enable log updown

Default

All interfaces are allowed to generate link up and link down logs.

Views

Interface view

Predefined user roles

network-admin

Examples

# Disable GigabitEthernet 1/0/1 from generating link up or link down logs.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] undo enable log updown

info-center diagnostic-logfile directory

Use info-center diagnostic-logfile directory to configure the directory to save the diagnostic log file.

Syntax

info-center diagnostic-logfile directory dir-name

Default

Diagnostic log files are saved in the diagfile directory under the root directory of the storage device.

Views

System view

Predefined user roles

network-admin

Parameters

dir-name: Specifies a directory by its name, a string of 1 to 64 characters.

Usage guidelines

The specified directory must have been created.

This command cannot survive a reboot. (Centralized devices in standalone mode.)

This command cannot survive a reboot or an active/standby switchover. (Distributed devices in standalone mode.)

This command cannot survive an IRF reboot or a master/subordinate switchover. (Centralized devices in IRF mode.)

This command cannot survive an IRF reboot or a global active/standby switchover in an IRF fabric. (Distributed devices in IRF mode.)

Examples

# Set the diagnostic log file directory to flash:/test.

<Sysname> mkdir test

Creating directory flash:/test... Done.

<Sysname> system-view

[Sysname] info-center diagnostic-logfile directory flash:/test

info-center diagnostic-logfile enable

Use info-center diagnostic-logfile enable to enable saving diagnostic logs to the diagnostic log file.

Use undo info-center diagnostic-logfile enable to disable saving diagnostic logs to the diagnostic log file.

Syntax

info-center diagnostic-logfile enable

undo info-center diagnostic-logfile enable

Default

Saving diagnostic logs to the diagnostic log file is enabled.

Views

System view

Predefined user roles

network-admin

Usage guidelines

This command enables saving diagnostic logs to the diagnostic log file for centralized management. Users can view the diagnostic logs to monitor device activities and to troubleshoot problems.

Examples

# Enable saving diagnostic logs to the diagnostic log file.

<Sysname> system-view

[Sysname] info-center diagnostic-logfile enable

info-center diagnostic-logfile frequency

Use info-center diagnostic-logfile frequency to configure the interval at which the system saves diagnostic logs from the diagnostic log file buffer to the diagnostic log file.

Use undo info-center diagnostic-logfile frequency to restore the default.

Syntax

info-center diagnostic-logfile frequency freq-sec

undo info-center diagnostic-logfile frequency

Default

The diagnostic log file saving interval is 86400 seconds.

Views

System view

Predefined user roles

network-admin

Parameters

freq-sec: Specifies the diagnostic log file saving interval in seconds. The value range is 10 to 86400.

Usage guidelines

The system outputs diagnostic logs to the diagnostic log file buffer, and then saves the buffered logs to the diagnostic log file at the specified interval.

Examples

# Set the diagnostic log file saving interval to 600 seconds.

<Sysname> system-view

[Sysname] info-center diagnostic-logfile frequency 600

Related commands

info-center diagnostic-logfile enable

info-center diagnostic-logfile quota

Use info-center diagnostic-logfile quota to set the maximum size for the diagnostic log file.

Use undo info-center diagnostic-logfile quota to restore the default.

Syntax

info-center diagnostic-logfile quota size

undo info-center diagnostic-logfile quota

Default

The maximum size for the diagnostic log file is 5 MB.

Views

System view

Predefined user roles

network-admin

Parameters

size: Specifies the maximum size for the diagnostic log file, in MB. The value range is 1 to 10.

Examples

# Set the maximum size to 6 MB for the diagnostic log file.

<Sysname> system-view

[Sysname] info-center diagnostic-logfile quota 6

info-center enable

Use info-center enable to enable the information center.

Use undo info-center enable to disable the information center.

Syntax

info-center enable

undo info-center enable

Default

The information center is enabled.

Views

System view

Predefined user roles

network-admin

Examples

# Enable the information center.

<Sysname> system-view

[Sysname] info-center enable

Information center is enabled.

info-center format

Use info-center format to set the format for logs sent to log hosts.

Use undo info-center format to restore the default.

Syntax

info-center format { cmcc | unicom }

undo info-center format

Default

Logs are sent to log hosts in standard format.

Views

System view

Predefined user roles

network-admin

Parameters

cmcc: Specifies the China Mobile Communications Corporation format.

unicom: Specifies the China Unicom format.

Usage guidelines

Logs can be sent to log hosts in standard, unicom, or cmcc format. For more information about log formats, see Network Management and Monitoring Configuration Guide.

Examples

# Set the log format to unicom for logs sent to log hosts.

<Sysname> system-view

[Sysname] info-center format unicom

info-center logbuffer

Use info-center logbuffer to enable log output to the log buffer.

Use undo info-center logbuffer to disable log output to the log buffer.

Syntax

info-center logbuffer

undo info-center logbuffer

Default

Log output to the log buffer is enabled.

Views

System view

Predefined user roles

network-admin

Examples

# Enable log output to the log buffer.

<Sysname> system-view

[Sysname] info-center logbuffer

Related commands

display logbuffer

info-center enable

info-center logbuffer size

Use info-center logbuffer size to set the maximum number of logs that can be stored in the log buffer.

Use undo info-center logbuffer size to restore the default.

Syntax

info-center logbuffer size buffersize

undo info-center logbuffer size

Default

The log buffer can store a maximum of 512 logs.

Views

System view

Predefined user roles

network-admin

Parameters

buffersize: Specifies the maximum number of logs that can be stored in the log buffer. The value range is 0 to 1024, and the default is 512.

Examples

# Set the maximum log buffer size to 50.

<Sysname> system-view

[Sysname] info-center logbuffer size 50

# Restore the default maximum log buffer size.

<Sysname> system-view

[Sysname] undo info-center logbuffer size

Related commands

display logbuffer

info-center enable

info-center logfile directory

Use info-center logfile directory to specify the directory to save the log file.

Syntax

info-center logfile directory dir-name

Default

Log files are saved in the logfile directory under the root directory of the storage device.

Views

System view

Predefined user roles

network-admin

Parameters

dir-name: Specifies a directory by its name, a string of 1 to 64 characters.

Usage guidelines

The specified directory must have been created.

The log file has a .log extension. When the default log file directory runs out of space, use this command to specify a new log file directory.

This command cannot survive a reboot. (Centralized devices in standalone mode.)

This command cannot survive a reboot or an active/standby switchover. (Distributed devices in standalone mode.)

This command cannot survive an IRF reboot or a master/subordinate switchover. (Centralized devices in IRF mode.)

This command cannot survive an IRF reboot or a global active/standby switchover in an IRF fabric. (Distributed devices in IRF mode.)

Examples

# Create a directory named test under the flash root directory.

<Sysname> mkdir test

Creating directory flash:/test... Done.

# Set the log file directory to flash:/test.

<Sysname> system-view

[Sysname] info-center logfile directory flash:/test

Related commands

info-center logfile enable

Use info-center logfile enable to enable the log file feature.

Use undo info-center logfile enable to disable the log file feature.

Syntax

info-center logfile enable

undo info-center logfile enable

Default

The log file feature is enabled.

Views

System view

Predefined user roles

network-admin

Examples

# Enable log output to the log file.

<Sysname> system-view

[Sysname] info-center logfile enable

info-center logfile frequency

Use info-center logfile frequency to configure the interval at which the system saves logs from the log file buffer to the log file.

Use undo info-center logfile frequency to restore the default.

Syntax

info-center logfile frequency freq-sec

undo info-center logfile frequency

Default

The log file saving interval is 86400 seconds.

Views

System view

Predefined user roles

network-admin

Parameters

freq-sec: Specifies the log file saving interval in seconds. The value range is 1 to 86400.

Usage guidelines

This command enables the system to automatically save logs in the log file buffer to the log file at the specified interval.

Examples

# Set the log file saving interval to 60000 seconds.

<Sysname> system-view

[Sysname] info-center logfile frequency 60000

Related commands

info-center logfile enable

info-center logfile size-quota

Use info-center logfile size-quota to set the maximum size for the log file.

Use undo info-center logfile size-quota to restore the default.

Syntax

info-center logfile size-quota size

undo info-center logfile size-quota

Default

The maximum size for the log file is 5 MB.

Views

System view

Predefined user roles

network-admin

Parameters

size: Specifies the maximum size for the log file, in MB. The value range is 1 to 10.

Examples

# Set the maximum size to 6 MB for the log file.

<Sysname> system-view

[Sysname] info-center logfile size-quota 6

Related commands

info-center logfile enable

info-center logging suppress duplicates

Use info-center logging suppress duplicates to enable duplicate log suppression.

Use undo info-center logging suppress duplicate to disable duplicate log suppression.

Syntax

info-center logging suppress duplicates

undo info-center logging suppress duplicates

Default

Duplicate log suppression is disabled.

Views

System view

Predefined user roles

network-admin

Usage guidelines

Outputting consecutive duplicate logs at an interval of less than 30 seconds wastes system and network resources.

With this feature enabled, the system starts a suppression period when outputting a new log:

· During the suppression period, the system does not output logs with the same module name, level, mnemonic, location, and text as the previous log.

· After the suppression period expires, if the same log continues to appear, the system outputs the suppressed logs and the log number and starts another suppression period. The suppression period is 30 seconds the first time, 2 minutes the second time, and 10 minutes for subsequent times.

· If a different log is generated during the suppression period, the system aborts the current suppression period, outputs suppressed logs and the log number and then outputs the new log, starting another suppression period.

Examples

# Enable duplicate log suppression.

<Sysname> system-view

[Sysname] info-center logging suppress duplicates

info-center loghost

Use info-center loghost to specify a log host and to configure output parameters.

Use undo info-center loghost to restore the default.

Syntax

info-center loghost [ vpn-instance vpn-instance-name ] { hostname | ipv4-address | ipv6 ipv6-address } [ port port-number ] [ facility local-number ]

undo info-center loghost [ vpn-instance vpn-instance-name ] { hostname | ipv4-address | ipv6 ipv6-address }

Default

No log hosts are specified.

Views

System view

Predefined user roles

network-admin

Parameters

vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters. If the log host is on the public network, do not specify this option.

hostname: Specifies a log host by its name, a case-insensitive string of 1 to 253 characters. The host name can contain letters, digits, and special characters including hyphen (-), underscore (_), and dot (.).

ipv4-address: Specifies a log host by its IPv4 address.

ipv6 ipv6-address: Specifies a log host by its IPv6 address.

port port-number: Specifies the port number of the log host, in the range of 1 to 65535. The default is 514. It must be the same as the value configured on the log host. Otherwise, logs cannot be sent to the log host.

facility local-number: Specifies a logging facility from local0 to local7 for the log host. The default value is local7. Logging facilities are used to mark different logging sources, and query and filer logs.

Usage guidelines

The info-center loghost command takes effect only after the information center is enabled by using info-center enable command.

The device supports a maximum of 20 log hosts.

Examples

# Output logs to the log host 1.1.1.1.

<Sysname> system-view

[Sysname] info-center loghost 1.1.1.1

info-center loghost source

Use info-center loghost source to specify a source IP address for logs sent to log hosts.

Use undo info-center loghost source to restore the default.

Syntax

info-center loghost source interface-type interface-number

undo info-center loghost source

Default

The source IP address of logs sent to log hosts is the primary IP address of their outgoing interfaces.

Views

System view

Predefined user roles

network-admin

Parameters

interface-type interface-number: Specifies a source interface. The interface's primary IP address will be used as the source IP address for logs sent to log hosts.

Usage guidelines

The info-center loghost source command takes effect only after the information center is enabled by using info-center enable command.

Examples

# Specify Loopback 0 as the source interface for logs sent to log hosts.

<Sysname> system-view

[Sysname] interface loopback 0

[Sysname-LoopBack0] ip address 2.2.2.2 32

[Sysname-LoopBack0] quit

[Sysname] info-center loghost source loopback 0

info-center security-logfile alarm-threshold

Use info-center security-logfile alarm-threshold to set the alarm threshold for security log file usage.

Use undo info-center security-logfile alarm-threshold to restore the default.

Syntax

info-center security-logfile alarm-threshold usage

undo info-center security-logfile alarm-threshold

Default

The alarm threshold for security log file usage is 80. When the usage of the security log file reaches 80%, the system outputs a message to inform the administrator.

Views

System view

Predefined user roles

network-admin

Parameters

usage: Specifies an alarm threshold. The value must be an integer in the range of 1 to 100.

Usage guidelines

When the security log file is full, the system deletes the oldest logs and then writes new logs to the security log file. This feature helps avoid security log loss by setting an alarm threshold for the security log file usage. When the threshold is reached, the system outputs log information to inform the administrator. The administrator can log in to the device as the security log administrator, and back up the security log file.

Examples

# Set the alarm threshold for security log file usage to 90.

<Sysname> system-view

[Sysname] info-center security-logfile alarm-threshold 90

Related commands

info-center security-logfile size-quota

info-center security-logfile directory

Use info-center security-logfile directory to specify the security log file directory.

Syntax

info-center security-logfile directory dir-name

Default

The security log file is saved in the seclog directory under the root directory of the storage device.

Views

System view

Predefined user roles

security-audit

Parameters

dir-name: Specifies a directory by its name, a string of 1 to 64 characters.

Usage guidelines

The specified directory must have been created.

To use this command, a local user must be authorized the security-audit user role. For information about configuring the security-audit user role, see Security Command Reference.

This command cannot survive a reboot. (Centralized devices in standalone mode.)

This command cannot survive a reboot or an active/standby switchover. (Distributed devices in standalone mode.)

This command cannot survive an IRF reboot or a master/subordinate switchover. (Centralized devices in IRF mode.)

This command cannot survive an IRF reboot or a global active/standby switchover in an IRF fabric. (Distributed devices in IRF mode.)

Examples

# Set the security log file directory to flash:/test.

<Sysname> mkdir test

Creating directory flash:/test... Done.

<Sysname> system-view

[Sysname] info-center security-logfile directory flash:/test

info-center security-logfile enable

Use info-center security-logfile enable to enable saving of security logs to the security log file.

Use undo info-center security-logfile enable to restore the default.

Syntax

info-center security-logfile enable

undo info-center security-logfile enable

Default

The saving of security logs to the security log file is disabled.

Views

System view

Predefined user roles

network-admin

Usage guidelines

This feature enables the system to output security logs to the security log file buffer, and then saves the buffered logs to the security log file regularly.

Examples

# Enable saving security logs to the security log file.

<Sysname> system-view

[Sysname] info-center security-logfile enable

info-center security-logfile frequency

Use info-center security-logfile frequency to configure the interval for saving security logs to the security log file.

Use undo info-center security-logfile frequency to restore the default.

Syntax

info-center security-logfile frequency freq-sec

undo info-center security-logfile frequency

Default

The security log file saving interval is 86400 seconds.

Views

System view

Predefined user roles

network-admin

Parameters

freq-sec: Specifies the security log file saving interval in seconds. The value range is 10 to 86400.

Usage guidelines

The system outputs security logs to the security log file buffer, and then saves the buffered logs to the security log file at the specified interval.

Examples

# Set the security log file saving interval to 600 seconds.

<Sysname> system-view

[Sysname] info-center security-logfile frequency 600

Related commands

info-center security-logfile enable

info-center security-logfile size-quota

Use info-center security-logfile size-quota to set the maximum size for the security log file.

Use undo info-center security-logfile size-quota to restore the default.

Syntax

info-center security-logfile size-quota size

undo info-center security-logfile size-quota

Default

The maximum size for the security log file is 10 MB.

Views

System view

Predefined user roles

network-admin

Parameters

size: Sets the maximum size for the security log file, in MB. The value range is 1 to 10.

Examples

# Set the maximum size to 6 MB for the security log file.

<Sysname> system-view

[Sysname] info-center security-logfile size-quota 6

Related commands

info-center security-logfile alarm-threshold

info-center source

Use info-center source to configure a log output rule for a module.

Use undo info-center source to restore the default.

Syntax

info-center source { module-name | default } { console | logbuffer | logfile | loghost | monitor } { deny | level severity }

undo info-center source { module-name | default } { console | logbuffer | logfile | loghost | monitor }

Default

Table 93 lists the default log output rules.

Table 93 Default output rules

Destination	Source modules	Standard system log	Security log	Diagnostic log	Hidden log
Console	All supported modules	debugging	Disabled	Disabled	Disabled
Monitor terminal	All supported modules	debugging	Disabled	Disabled	Disabled
Log host	All supported modules	informational	Disabled	Disabled	informational
Log buffer	All supported modules	informational	Disabled	Disabled	informational
Log file	All supported modules	informational	Disabled	Disabled	informational
Security log file	All supported modules, cannot be filtered	Disabled	Debugging, which cannot be filtered	Disabled	Disabled
Diagnostic log file	All supported modules, cannot be filtered	Disabled	Disabled	Debugging, which cannot be filtered	Disabled

Views

System view

Predefined user roles

network-admin

Parameters

module-name: Specifies a module by its name. For instance, to output FTP information, set this argument to FTP. You can use the info-center source ? command to view the modules supported by the device.

default: Specifies all supported modules, which can be displayed by using the info-center source ? command.

console: Outputs logs to the console.

logbuffer: Outputs logs to the log buffer.

logfile: Outputs logs to the log file.

loghost: Outputs logs to the log host.

monitor: Outputs logs to the monitor terminal.

deny: Disables log output.

level severity: Specifies a severity level in the range of 0 to 7. The smaller the severity value, the higher the severity level. See Table 88 for more information. Logs at the specified severity level and higher levels are allowed or denied to be output.

Usage guidelines

If you do not set an output rule for a module, the module uses the output rule set by using the default keyword. If no rule is set by using the default keyword, the module uses the default output rule.

To modify or remove an output rule set for a module, you must use the module-name argument. A new output rule configured by using the default keyword does not take effect on the module.

If you execute this command for a module multiple times, the most recent configuration takes effect.

If you execute this command for the default modules multiple times, the most recent configuration takes effect.

Examples

# Output only VLAN module's information with the emergency level to the console.

<Sysname> system-view

[Sysname] info-center source default console deny

[Sysname] info-center source vlan console level emergency

# Based on the previous configuration, disable output of VLAN module's information to the console so no system information is output to the console.

<Sysname> system-view

[Sysname] undo info-center source vlan console

info-center synchronous

Use info-center synchronous to enable synchronous information output.

Use undo info-center synchronous to disable synchronous information output.

Syntax

info-center synchronous

undo info-center synchronous

Default

Synchronous information output is disabled.

Views

System view

Predefined user roles

network-admin

Usage guidelines

System log output interrupts ongoing configuration operations, including obscuring previously entered commands. Synchronous information output shows the obscured commands. It also provides a command prompt in command editing mode, or a [Y/N] string in interaction mode so you can continue your operation from where you were stopped.

Examples

# Enable synchronous information output, and then execute the display current-configuration command to view the current configuration of the device.

<Sysname> system-view

[Sysname] info-center synchronous

Info-center synchronous output is on

[Sysname] display current-

At this time, the system receives log information. It displays the log information first, and then displays your previous input, which is display current- in this example.

%May 21 14:33:19:425 2007 Sysname SHELL/4/LOGIN: VTY login from 192.168.1.44

[Sysname] display current-

Enter configuration to complete the display current-configuration command, and press the Enter key to execute the command.

# Enable synchronous information output, and then save the current configuration (enter interactive information).

<Sysname> system-view

[Sysname] info-center synchronous

Info-center synchronous output is on

[Sysname] save

The current configuration will be written to the device. Are you sure? [Y/N]:

At this time, the system receives the log information. It displays the log information first and then displays [Y/N].

%May 21 14:33:19:425 2007 Sysname SHELL/4/LOGIN: VTY login from 192.168.1.44

[Y/N]:

Enter Y or N to complete your input.

info-center syslog min-age

Use info-center syslog min-age to set the minimum storage period for log files and logs in the log buffer.

Use undo info-center syslog min-age to restore the default.

Syntax

info-center syslog min-age min-age

undo info-center syslog min-age

Default

The minimum storage period for log files and logs in the log buffer is not set.

Views

System view

Predefined user roles

network-admin

Parameters

min-age: Sets the minimum storage period in hours. The value range is 1 to 8760.

Examples

# Set the minimum storage period to 168 hours for log files and logs in the log buffer.

<Sysname> system-view

[Sysname] info-center syslog min-age 168

info-center syslog trap buffersize

Use info-center syslog trap buffersize to set the maximum number of log traps that can be stored in the log trap buffer.

Use undo info-center syslog trap buffersize to restore the default.

Syntax

info-center syslog trap buffersize buffersize

undo info-center syslog trap buffersize

Default

The log trap buffer can store a maximum of 1024 traps.

Views

System view

Predefined user roles

network-admin

Parameters

buffersize: Specifies the maximum number of log traps that can be stored in the log trap buffer. The value range is 0 to 65535. Value 0 indicates that the device does not buffer log traps.

Usage guidelines

Log traps are SNMP notifications stored in the log trap buffer. After the snmp-agent trap enable syslog command is configured, the device sends log messages in SNMP notifications to the log trap buffer. You can view the log traps by accessing the MIB corresponding to the trap buffer.

The default buffer size is usually used. You can adjust the buffer size according to your network condition. New traps overwrite the oldest traps when the log trap buffer is full.

Examples

# Set the log trap buffer size to 2048.

<Sysname> system-view

[Sysname] info-center syslog trap buffersize 2048

Related commands

snmp-agent trap enable syslog

info-center timestamp

Use info-center timestamp to set the timestamp format for logs sent to the console, monitor terminal, log buffer, and log file.

Use undo info-center timestamp to restore the default.

Syntax

info-center timestamp { boot | date | none }

undo info-center timestamp

Default

The timestamp format for logs sent to the console, monitor terminal, log buffer, and log file is date.

Views

System view

Predefined user roles

network-admin

Parameters

boot: Sets the timestamp format to xxx.yyy, where xxx is the most significant 32 bits (in milliseconds) and yyy is the least significant 32 bits. For example, 0.21990989 equals Jun 25 14:09:26:881 2007. The boot time shows the time since system startup.

date: Sets the timestamp format to MMM DD hh:mm:ss:xxx YYYY, such as Dec 8 10:12:21:708 2007. The date time shows the current system time.

· MMM: Abbreviations of the months in English, which could be Jan, Feb, Mar, Apr, May, Jun, Jul, Aug, Sep, Oct, Nov, or Dec.

· DD: Date, starting with a space if it is less than 10, for example " 7".

· hh:mm:ss:xxx: Local time, with hh in the range of 00 to 23, mm and ss in the range of 00 to 59, and xxx in the range of 0 to 999.

· YYYY: Year.

none: Indicates no time information is provided.

Examples

# Set the timestamp format to boot for logs sent to the console, monitor terminal, log buffer, and log file.

<Sysname> system-view

[Sysname] info-center timestamp boot

Related commands

info-center timestamp loghost

Use info-center timestamp loghost to set the timestamp format for logs sent to log hosts.

Use undo info-center timestamp loghost to restore the default.

Syntax

info-center timestamp loghost { date | iso | no-year-date | none }

undo info-center timestamp loghost

Default

The timestamp format for logs sent to log hosts is date.

Views

System view

Predefined user roles

network-admin

Parameters

date: Sets the timestamp format to mmm dd hh:mm:ss yyyy, such as Dec 8 10:12:21 2007. The date time shows the current system time.

iso: Sets the ISO 8601 timestamp format, for example, 2009-09-21T15:32:55.

no-year-date: Sets the timestamp format to the current system date and time without year.

none: Indicates that no timestamp information is provided.

Examples

# Set the timestamp format to no-year-date for logs sent to log hosts.

<Sysname> system-view

[Sysname] info-center timestamp loghost no-year-date

Related commands

info-center timestamp

info-center trace-logfile quota

Use info-center trace-logfile quota to set the maximum size for the trace log file.

Use undo info-center trace-logfile quota to restore the default.

Syntax

info-center trace-logfile quota size

undo info-center trace-logfile quota

Default

The maximum size for the trace log file is 1 MB.

Views

System view

Predefined user roles

network-admin

Parameters

size: Sets the maximum size for the trace log file, in MB. The value range is 1 to 10.

Examples

# Set the maximum size to 6 MB for the trace log file.

<Sysname> system-view

[Sysname] info-center trace-logfile quota 6

logfile save

Use logfile save to manually save logs in the log file buffer to the log file.

Syntax

logfile save

Views

Any view

Predefined user roles

network-admin

Usage guidelines

You can specify the directory to save the log file by using the info-center logfile directory command.

The system clears the log file buffer after saving the buffered logs to the log file automatically or manually.

If the log file buffer is empty, this command displays a success message event though no logs are saved to the log file.

Examples

# Manually save logs from the log file buffer to a log file.

<Sysname> logfile save

The contents in the log file buffer have been saved to the file flash:/logfile/logfile.log.

Related commands

info-center logfile enable

info-center logfile directory

reset logbuffer

Use reset logbuffer to clear the log buffer.

Syntax

reset logbuffer

Views

User view

Predefined user roles

network-admin

Examples

# Clear the log buffer.

<Sysname> reset logbuffer

Related commands

display logbuffer

security-logfile save

Use security-logfile save to manually save security logs from the security log file buffer to the security log file.

Syntax

security-logfile save

Views

Any view

Predefined user roles

security-audit

Usage guidelines

The system clears the security log file buffer after saving the buffered security logs to the security log file automatically or manually.

If the security log file buffer is empty, this command displays a success message event though no security logs are saved to the security log file.

A local user can use this command only after being authorized as the security log administrator by the system administrator. For more information about the security log administrator, see Security Configuration Guide.

Examples

# Manually save the security logs in the security log file buffer to the security log file.

<Sysname> security-logfile save

The contents in the security log file buffer have been saved to the file flash:/seclog/seclog.log.

Related commands

info-center security-logfile directory

authorization-attribute (Security Command Reference)

snmp-agent trap enable syslog

Use snmp-agent trap enable syslog to enable SNMP notifications for log messages.

Use undo snmp-agent trap enable syslog to restore the default.

Syntax

snmp-agent trap enable syslog

undo snmp-agent trap enable syslog

Default

The device does not send SNMP notifications for log messages.

Views

System view

Predefined user roles

network-admin

Usage guidelines

This command enables the device to send an SNMP notification for each log message it outputs. The device encapsulates logs in SNMP notifications and then sends them to the SNMP module and the log trap buffer.

You can configure the SNMP module to send received SNMP notifications in SNMP traps or informs to remote hosts. For more information, see Network Management and Monitoring Configuration Guide.

To view the traps in the log trap buffer, access the MIB corresponding to the log trap buffer. The log trap buffer size can be set by using the info-center syslog trap buffersize command.

Examples

# Enable the device to send SNMP notifications for log messages.

<Sysname> system-view

[Sysname] snmp-agent trap enable syslog

Related commands

info-center syslog trap buffersize

terminal debugging

Use terminal debugging to enable the display of debug information on the current terminal.

Use undo terminal debugging to disable the display of debug information on the current terminal.

Syntax

terminal debugging

undo terminal debugging

Default

The display of debug information is disabled on the current terminal.

Views

User view

Predefined user roles

network-admin

Usage guidelines

To enable the display of debug information on the console, perform the following tasks:

1. Execute the terminal debugging command.

2. Enable the information center. The information center is enabled by default.

3. Use a debugging command to enable the related debugging.

To enable the display of debug information on the current terminal, perform the following tasks:

4. Execute the terminal monitor and terminal debugging commands.

5. Enable the information center. The information center is enabled by default.

6. Use a debugging command to enable the related debugging.

This command takes effect only for the current connection between the terminal and the device. If a new connection is established, the default is restored.

You can also enable the display of debug information on the current terminal by executing the terminal logging level 7 command. This command has the following differences from the terminal debugging command:

· The terminal logging level 7 command enables log display for all levels (levels 0 through 7) on the current terminal.

· The terminal debugging command only enables display of logs with the following severity levels:

¡ Debug level (level 7).

¡ Severity level higher than or equal to the level specified in the terminal logging level command.

Examples

# Enable the display of debug information on the current terminal.

<Sysname> terminal debugging

The current terminal is enabled to display debugging information.

Related commands

terminal logging level

terminal monitor

terminal logging level

Use terminal logging level to set the lowest level of logs that can be output to the current terminal.

Use undo terminal logging level to restore the default.

Syntax

terminal logging level severity

undo terminal logging level

Default

The lowest level of logs that can be output to the current terminal is 6 (Informational).

Views

User view

Predefined user roles

network-admin

Parameters

severity: Specifies a log severity level in the range of 0 to 7.

Usage guidelines

This command enables the device to output logs with a severity level higher than or equal to the specified level to the current terminal. For example, if you set the severity argument to 6, logs with a severity value from 0 to 6 are output to the current terminal.

This command takes effect only for the current connection between the terminal and the device. If a new connection is established, the default is restored.

Examples

# Configure the device to output logs with the debugging level and higher levels to the current terminal.

<Sysname> terminal logging level 7

terminal monitor

Use terminal monitor to enable the monitoring of logs on the current terminal.

Use undo terminal monitor to disable the monitoring of logs on the current terminal.

Syntax

terminal monitor

undo terminal monitor

Default

Monitoring of logs is enabled on the console and disabled on the monitor terminal.

Views

User view

Predefined user roles

network-admin

Usage guidelines

This command takes effect only for the current connection between the terminal and the device. If a new connection is established, the default is restored.

Examples

# Enable the monitoring of logs on the current terminal.

<Sysname> terminal monitor

The current terminal is enabled to display logs.

Flow log commands

The following matrix shows the feature and hardware compatibility:

Hardware	Flow log compatibility
MSR810/810-W/810-W-DB/810-LM/810-W-LM/810-10-PoE/810-LM-HK/810-W-LM-HK	Yes
MSR810-LMS/810-LUS	No
MSR2600-6-X1/2600-10-X1	Yes
MSR 2630	Yes
MSR3600-28/3600-51	Yes
MSR3600-28-SI/3600-51-SI	No
MSR3610-X1/3610-X1-DP/3610-X1-DC/3610-X1-DP-DC	Yes
MSR 3610/3620/3620-DP/3640/3660	Yes
MSR5620/5660/5680	Yes

Hardware	Flow log compatibility
MSR810-LM-GL	Yes
MSR810-W-LM-GL	Yes
MSR830-6EI-GL	Yes
MSR830-10EI-GL	Yes
MSR830-6HI-GL	Yes
MSR830-10HI-GL	Yes
MSR2600-6-X1-GL	Yes
MSR3600-28-SI-GL	Yes
MSR810-LM-GL	No

display userlog export

Use display userlog export to display flow log configuration and statistics.

Syntax

display userlog export

Views

Any view

Predefined user roles

network-admin

network-operator

Examples

# Display flow log configuration and statistics.

<Sysname> display userlog export

Flow:

Export flow log as UDP Packet.

Version: 3.0

Source ipv4 address: 2.2.2.2

Source ipv6 address:

Log load balance function: Disabled

Local time stamp: Disabled

Number of log hosts: 2

Log host 1:

Host/Port: 1.2.3.6/2000

Total logs/UDP packets exported: 112/87

Log host 2:

VPN instance:abc

Host/Port:1.1.1.1/2000

Total logs/UDP packets exported: 6553665536/409597846

Table 94 Command output

Field	Description
Flow	Flow log configuration and statistics.
Export flow log as UDP Packet	Flow log entries were sent to log hosts in UDP.
Version	Flow log feature version.
Source ipv4 address	Source IPv4 address of the flow log packets.
Source ipv6 address	Source IPv6 address of the flow log packets.
Log load balancing function	Load balancing status for flow log entries: · Enabled—Flow log entries are distributed among available log hosts. · Disabled—Every flow log entry is copied and sent to all available log hosts.
Local time stamp	Whether or not the local time is used in the log timestamp: · Enabled—The local time is used. · Disabled—The UTC time is used.
Number of log hosts	Total number of log hosts.
Log host	Information about the log host.
VPN instance	VPN instance to which the log host belongs.
Host/port	IP address and port number of the log host.
Total logs	Total number of flow log entries exported to the log hosts.
UDP packets exported	Total number of UDP packets used to export the flow log entries. A UDP packet can contain multiple flow log entries.

Related commands

userlog flow export

display userlog host-group

Use display userlog host-group to display flow log host group information.

Syntax

display userlog host-group [ ipv6 ] [ host-group-name ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

ipv6: Specifies an IPv6 flow log host group. Do not configure this keyword if you want to specify an IPv4 flow log host group.

host-group-name: Specify a flow log host group by its name, a case-sensitive string of 1 to 63 characters. If you do not specify a log host group, this command displays information about all log host groups.

Examples

# Display information about IPv4 flow log host group test.

<Sysname> display userlog host-group test

Userlog host-group test:

ACL number: 2000

Flow log host numbers: 1

Log host 1:

VPN-instance: test

Host/port: 1.1.1.2/2000

# Display information about all IPv4 flow log host groups.

<Sysname> display userlog host-group

There are 2 IPv4 host groups.

Userlog host-group test:

ACL number: 2000

Flow log host numbers: 1

Log host 1:

VPN-instance: test

Host/Port: 1.2.3.6/0

Userlog host-group test2:

ACL name: test

Flow log host numbers: 1

Log host 1:

Host/Port: 1.1.1.1/0

Table 95 Command output

Field	Description
Userlog host-group test	Information about a flow log host group.
ACL number/ACL name	ACL used by the log host group to match flow log entries.
Flow log host numbers	Number of flow log hosts in the group.
Log host	Information about a flow log host.
VPN-instance	VPN instance to which the log host belongs. This field is not displayed if no VPN instance is specified for the log host.
Host/Port	IP address and port number of the log host.

Related commands

userlog host-group

userlog host-group host flow

reset userlog flow export

Use reset userlog flow export to clear flow log statistics.

Syntax

reset userlog flow export

Views

User view

Predefined user roles

network-admin

Examples

# Clear flow log statistics.

<Sysname> reset userlog flow export

Related commands

userlog flow export

userlog flow export host

Use userlog flow export host to specify a log host to receive flow log entries.

Use undo userlog flow export host to remove a log host.

Syntax

userlog flow export [ vpn-instance vpn-instance-name ] host { hostname | ipv4-address | ipv6 ipv6-address } port udp-port

undo userlog flow export [ vpn-instance vpn-instance-name ] host { hostname | ipv4-address | ipv6 ipv6-address }

Default

No log hosts are specified.

Views

System view

Predefined user roles

network-admin

Parameters

vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters. If the log host is on the public network, do not specify this option.

ipv4-address: Specifies a log host by its IPv4 address. The address must be a valid unicast address and cannot be a loopback address.

ipv6 ipv6-address: Specifies a log host by its IPv6 address.

port udp-port: Specifies the UDP port number of the log host, in the range of 1 to 65535. As a best practice, use UDP port numbers in the range 1025 to 65535 to avoid collision with well-known UDP port numbers.

Examples

# Export flow log entries to UDP port 2000 on the log host at 1.2.3.6.

<Sysname> system-view

[Sysname] userlog flow export host 1.2.3.6 port 2000

Related commands

display userlog export

userlog flow export load-balancing

Use userlog flow export load-balancing to enable load balancing for flow log entries.

Use undo userlog flow export load-balancing to restore the default.

Syntax

userlog flow export load-balancing

undo userlog flow export load-balancing

Default

Load balancing is disabled. The device sends a copy of each flow log entry to all available log hosts.

Views

System view

Predefined user roles

network-admin

Usage guidelines

In load balancing mode, flow log entries are distributed among log hosts based on the source IP addresses (before NAT) that are recorded in the entries. The flow log entries generated for the same source IP address are sent to the same log host. If a log host goes down, the flow logs sent to it will be lost.

Examples

# Enable load balancing for flow logging.

<Sysname> system-view

[Sysname] userlog flow export load-balancing

Related commands

userlog flow export host

userlog flow export source-ip

Use userlog flow export source-ip to specify a source IP address for flow log packets.

Use undo userlog flow export source-ip to restore the default.

Syntax

userlog flow export source-ip { ipv4-address | ipv6 ipv6-address }

undo userlog flow export source-ip [ ipv6 ]

Default

The source IP address of flow log packets is the IP address of their outgoing interface.

Views

System view

Predefined user roles

network-admin

Parameters

ipv4-address: Specifies an IPv4 address.

ipv6 ipv6-address: Specifies an IPv6 address.

Examples

# Specify 1.2.1.2 as the source IP address for flow log packets.

<Sysname> system-view

[Sysname] userlog flow export source-ip 1.2.1.2

Related commands

userlog flow export host

userlog flow export timestamp localtime

Use userlog flow export timestamp localtime to configure the device to use the local time in the timestamp of flow logs.

Use undo userlog flow export timestamp localtime to restore the default.

Syntax

userlog flow export timestamp localtime

undo userlog flow export timestamp localtime

Default

The device uses the UTC time in the timestamp of flow logs.

Views

System view

Predefined user roles

network-admin

Usage guidelines

The device uses either the local time or the UTC time in the timestamp of flow logs.

· UTC time—Standard Greenwich Mean Time (GMT).

· Local time—Standard GMT plus or minus the time zone offset.

The time zone offset can be configured by using the clock timezone command. For more information, see Fundamentals Command Reference.

Examples

# Configure the device to use the local time in the timestamp of flow logs.

<Sysname> system-view

[Sysname] userlog flow export timestamp localtime

userlog flow export version

Use userlog flow export version to set the flow log version.

Use undo userlog flow export version to restore the default.

Syntax

userlog flow export version version-number

undo userlog flow export version

Default

The flow log version is 1.0.

Views

System view

Predefined user roles

network-admin

Parameters

version-number: Specifies a flow log version. Available options are 1, 3, and 5, which represent version 1.0, version 3.0, and version 5.0, respectively.

Usage guidelines

If you execute this command multiple times, the most recent configuration takes effect.

Examples

# Set the flow log version to 3.0.

<Sysname> system-view

[Sysname] userlog flow export version 3

Related commands

userlog flow export host

userlog flow syslog

Use userlog flow syslog to specify the information center as the destination for flow log export.

Use undo userlog flow syslog to restore the default.

Syntax

userlog flow syslog

undo userlog flow syslog

Default

Flow log entries are not exported.

Views

System view

Predefined user roles

network-admin

Usage guidelines

You can export flow log entries to log hosts or the information center, but not both. If both methods are configured, the system exports flow log entries to the information center.

Flow log entries are converted to the syslog format when they are exported to the information center. Their severity level is informational. With the information center, you can specify multiple log output destinations, including the console, log host, and log file.

Log entries in ASCII format are human readable. However, the log data volume is higher in ASCII format than in binary format.

Examples

# Specify the information center as the destination for flow log export.

<Sysname> system-view

[Sysname] userlog flow syslog

Related commands

userlog flow export host

userlog host-group

Use userlog host-group to create a flow log host group and enter its view, or enter the view of an existing flow log host group.

Use undo userlog host-group to delete a flow log host group.

Syntax

userlog host-group [ ipv6 ] host-group-name acl { name acl-name | number acl-number }

undo userlog host-group [ ipv6 ] host-group-name

Default

No flow log host groups exist.

Views

System view

Predefined user roles

network-admin

Parameters

ipv6: Creates an IPv6 flow log host group. Do not configure this keyword if you want to create an IPv4 flow log host group.

host-group-name: Specify a name for the flow log host group, a case-sensitive string of 1 to 63 characters.

acl: Specify an ACL to match the flow log entries to be sent to the flow log host group.

name acl-name: Specifies the ACL name, a case-insensitive string of 1 to 63 characters. The ACL name must start with a letter and cannot be all.

number acl-number: Specifies the ACL number, in the range of 2000 to 3999.

Usage guidelines

The flow log host group feature enables the device to send specific flow logs to specific group of log hosts. This facilitates log filtering and reduces the log sending and processing workload of the device.

A flow log host group uses an ACL to match the flow logs to be sent to it. Make sure the ACL exists and the ACL rules can identify the designated flow logs.

A flow log matches a log host group if it matches the group's ACL, and it is sent only to the log hosts in the matching group.

If a flow log matches multiple log host groups, the device sends the log to the group that comes first in alphabetical order of the matching group names.

If a flow log does not match any log host groups, the device ignores the log host group configuration and sends the log to all configured log hosts.

Examples

# Create an IPv4 flow log host group named test and specify ACL 2000 for it.

<Sysname> system-view

[Sysname] userlog host-group test acl number 2000

[Sysname-userlog-host-group-test]

Related commands

display userlog host-group

userlog host-group host flow

Use userlog host-group host flow to assign a log host to a flow log host group.

Use undo userlog host-group host flow to remove a log host from a flow log host group.

Syntax

In IPv4 flow log host group view:

userlog host-group [ vpn-instance vpn-instance-name ] host flow { hostname | ipv4-address | }

undo userlog host-group [ vpn-instance vpn-instance-name ] host flow { hostname | ipv4-address }

In IPv6 flow log host group view:

userlog host-group [ vpn-instance vpn-instance-name ] host flow ipv6 { hostname | ipv6-address }

undo userlog host-group [ vpn-instance vpn-instance-name ] host flow ipv6 { hostname | ipv6-address }

Default

No log hosts exist in a flow log host group.

Views

IPv4 flow log host group view

IPv6 flow log host group view

Predefined user roles

network-admin

Parameters

vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters. If the log host is on the public network, do not specify this option. Support for this option depends on the device model.

hostname: Specifies a log host by its name, a case-insensitive string of 1 to 253 characters. The host name can contain letters, digits, hyphens (-), underscores (_), and dots (.).

ipv4-address: Specifies a log host by its IPv4 address. The address must be a valid IPv4 unicast address and cannot be a loopback address.

ipv6 ipv6-address: Specifies a log host by its IPv6 address. The address must be a valid IPv6 unicast address and cannot be a loopback address or all zeros.

Usage guidelines

A flow log host group can contain multiple log hosts, and a log host can be assigned to multiple flow log host groups.

Before you assign a log host to a flow log host group, make sure the log host has been configured on the device by using userlog flow export host the command.

Examples

# Assign a log host to flow log host group test.

<Sysname> system-view

[Sysname] userlog host-group test acl number 2000

[Sysname-userlog-host-group-test] userlog host-group host flow 1.2.3.6

Related commands

display userlog host-group

userlog flow export host

userlog host-group

Packet capture commands

The term "AC" in this document refers to MSR routers that can function as ACs. The term "AP" in this document refers to MSR routers that support WLAN.

The following routers cannot function as ACs:

· MSR3600-28-SI/3600-51-SI.

· MSR3610-X1/3610-X1-DP/3610-X1-DC/3610-X1-DP-DC.

· MSR5620/5660/5680.

The following routers cannot act as fat APs:

· MSR810-W.

· MSR810-W-DB.

· MSR810-W-LM.

· MSR810-W-LM-HK.

display packet-capture status

Use display packet-capture status to display packet capture status information.

Syntax

display packet-capture status

Views

User view

Predefined user roles

network-admin

Examples

# Display packet capture status information.

<Sysname> display packet-capture status

Status : Capturing

File Name : flash:/a.pcap

User Name : N/A

Password : N/A

# Display packet capture status information for radio 1 of AP 1.

<Sysname> display packet-capture status

AP name : ap1

Radio ID : 1

Radio mode : 802.11n(2.4GHz)

Channel : 1

Status : Capturing

File name : database.dhcp

Username : 1

Password : ******

Table 96 Command output

Field	Description
Status	Packet capture status. Only the Capturing status is supported in the current software version.
Username	Username for logging in to the remote FTP server.
Password	Password for logging in to the remote FTP server. Both passwords in encrypted form and in plaintext form are displayed as ******. If no password is required or configured, this filed displays N/A.

Related commands

packet-capture local interface

packet-capture remote interface

packet-capture local ap (on ACs)

Use packet-capture local ap to capture incoming packets on an AP radio and save the captured packets to a file on an FTP server.

Syntax

packet-capture local ap ap-name radio radio-id [ capture-filter capt-expression | limit-frame-size bytes | autostop filesize kilobytes | autostop duration seconds ] * write url url [ username username [ password { cipher | simple } string ] ]

Views

User view

Predefined user roles

network-admin

Parameters

ap ap-name: Specifies an AP by its name, a case-insensitive string of 1 to 64 characters. The string can contain letters, digits, underscores (_), left brackets ([), right brackets (]), forward slashes (/), and hyphens (-).

radio radio-id: Specifies a radio by its ID.

capture-filter capt-expression: Specifies an expression to match packets to be captured, a case-sensitive string of 1 to 256 characters. If you do not specify a capture filter expression, the device captures all incoming packets on an interface. For information about building a capture filter expression, see packet capture in Network Management and Monitoring Configuration Guide.

limit-frame-size bytes: Specifies the maximum number of bytes to capture from a packet, in the range of 64 to 8000. The default is 8000.

autostop filesize kilobytes: Stops capturing packets if the maximum packet file size is exceeded when file rotation is disabled. The kilobytes argument sets the maximum packet file size. The value range is 1 to 65536 kilobytes. If you do not set a limit, the packet file size is unlimited.

autostop duration seconds: Stops capturing packets when the capturing duration expires. The seconds argument sets the capturing duration. The value range is 1 to 2147483647 seconds. If you do not set a limit, the capturing duration is unlimited.

write url url: Specifies the URL of the packet file on an FTP server used to store captured packet data. The URL must be a case-sensitive string of 1 to 255 characters. The URL string must not contain at signs (@), and the specified username and password. If you do not specify a URL, the captured packet data is not saved.

username username: Specifies a username for logging in to the FTP server. The username is a case-sensitive string of 1 to 32 characters.

password: Specifies a password for logging in to the FTP server.

cipher: Specifies a password in encrypted form.

simple: Specifies a password in plaintext form. For security purposes, the password specified in plaintext form will be stored in encrypted form.

string: Specifies the password. Its plaintext form is a case-sensitive string of 1 to 32 characters. Its encrypted form is a case-sensitive string of 1 to 73 characters.

Usage guidelines

To stop the packet capture, use the packet-capture stop command.

If you specify both the autostop filesize option and autostop duration option, the packet capture stops when any one of the limits is reached.

Follow these restrictions and guidelines to specify the URL, username, and password:

· The URL format is ftp://FTP server address:port number/file name, where the port number is optional. If you do not specify the port number, do not enter the colon (:) after the FTP server address.

· If the server address is an IPv6 address, enclose the address in a pair of brackets, for example, ftp://[2001::1]:21/test.cfg.

· You can also specify the DNS domain name for the server address field, for example, ftp://sdp:21/test.cfg.

· The username and password must be the same as those configured on the FTP server. If the server authenticates only the username, the password can be omitted.

Make sure the capturing duration for the autostop duration seconds option is long enough for the device to log in to the FTP server. If not, the FTP server does not create the specified packet file or save captured packet data.

Examples

# Capture incoming packets on radio 1 of AP 1.

<Sysname> packet-capture local ap ap1 radio 1 write url ftp://10.1.1.1/database.pcap username 1 password simple 1

Related commands

display packet-capture status

packet-capture stop

packet-capture local interface (on wired devices/fat APs)

Use packet-capture local interface to capture incoming packets on an interface and save the captured packets to a local file or to a remote file on an FTP server.

Syntax

packet-capture local interface interface-type interface-number [ capture-filter capt-expression | limit-frame-size bytes | autostop filesize kilobytes | autostop duration seconds ] * write { filepath | url url [ username username [ password { cipher | simple } string ] ] }

Views

User view

Predefined user roles

network-admin

Parameters

interface interface-type interface-number: Specifies a Layer 2 or Layer 3 Ethernet interface by its type and number.

limit-frame-size bytes: Sets the maximum number of bytes to capture for a packet. The value range is 64 to 8000 bytes, and the default value is 8000 bytes.

write: Stores the captured packet data.

filepath: Specifies the full path of a local packet file to store captured packet data. The path must be a case-sensitive string of up to 64 characters. The filename extension must be .pcap. For more information about setting a file path, see file system management in Fundamentals Configuration Guide.

url url: Specifies the URL of a remote packet file on an FTP server to store captured packet data. The URL must be a case-sensitive string of 1 to 255 characters. The URL string must not contain at signs (@), and the specified username and password. If you do not specify a URL, the captured packet data is not saved.

username username: Specifies a username for logging in to the FTP server. The username is a case-sensitive string of 1 to 32 characters.

password: Specifies a password for logging in to the FTP server.

cipher: Specifies a password in encrypted form.

simple: Specifies a password in plaintext form. For security purposes, the password specified in plaintext form will be stored in encrypted form.

string: Specifies the password. Its plaintext form is a case-sensitive string of 1 to 32 characters. Its encrypted form is a case-sensitive string of 1 to 73 characters.

Usage guidelines

To stop the capture while it is capturing packets, use the packet-capture stop command.

If you configure both the autostop filesize option and autostop duration option, the packet capture stops when any one of the limits for the stop options is reached.

Follow these restrictions and guidelines to specify the URL, username, and password:

· The URL format is ftp://FTP server address:port number/file name, where the port number is optional.

· If the server address is an IPv6 address, enclose the address in a pair of brackets, for example, ftp://[2001::1]:21/test.cfg.

· You can also specify the DNS domain name for the server address field, for example, ftp://sdp:21/test.cfg.

· The username and password must be the same as those configured on the FTP server. If the server authenticates only the username, the password can be omitted.

Do not set a short capturing duration in the autostop duration seconds option. If the duration is too short, the capture might stop when a user has not logged in to the FTP server. The captured packets cannot be saved because a packet file has not been created.

Examples

· On a wired device:

# Capture incoming packets and store the data in the database.pcap file on the FTP server at 10.1.1.1. The username and password for logging in to the FTP server are 1 and 1, respectively.

<Sysname> packet-capture local interface gigabitethernet 1/0/1 write url ftp://10.1.1.1/database.pcap username 1 password simple 1

· On a fat AP:

# Capture incoming packets and store the data in the database.pcap file on the FTP server at 10.1.1.1. The username and password for logging in to the FTP server are 1 and 1, respectively.

<Sysname> packet-capture local interface wlan-radio 1/0/1 write url ftp://10.1.1.1/database.pcap username 1 password simple 1

Related commands

display packet-capture status

packet-capture stop

packet-capture remote ap (on ACs)

Use packet-capture remote ap to capture incoming packets on an AP radio.

Syntax

packet-capture remote ap ap-name radio radio-id [ port port ]

Views

User view

Predefined user roles

network-admin

Parameters

radio radio-id: Specifies a radio by its ID.

port port: Specifies the RPCAP service port on the AP by its port number. If you do not specify a RPCAP service port, RPCAP service port 2002 is used.

Usage guidelines

After this command is executed, the client (such as Wireshark) connected to the RPCAP service port of the AP can obtain packets captured on the AP radio.

To stop the packet capture, use the packet-capture stop command.

Examples

# Capture incoming packets on radio 2 of AP 1. Set the RPCAP service port number to 2014.

<Sysname> packet-capture remote ap ap1 radio 2 port 2014

Related commands

display packet-capture status

packet-capture stop

packet-capture remote interface (on wired devices/fat APs)

Use packet-capture remote interface to capture incoming packets on an interface.

Syntax

packet-capture remote interface interface-type interface-number [ port port ]

Views

User view

Predefined user roles

network-admin

Parameters

interface interface-type interface-number: Specifies an Ethernet interface by its type and number.

port port: Specifies the RPCAP service port by its number. If you do not specify a RPCAP service port, RPCAP service port 2002 is used.

Usage guidelines

After this command is executed, the client (such as Wireshark) connected to the AP can obtain packets captured on the specified interface.

To stop the capture while it is capturing packets, use the packet-capture stop command.

Examples

· On a wired device:

# Capture incoming packets on GigabitEthernet 1/0/1 and specify the RPCAP service port number as 2014.

<Sysname> packet-capture remote interface gigabitethernet 1/0/1 port 2014

· On a fat AP:

# Capture incoming packets on WLAN-Radio 1/0/1 and specify the RPCAP service port number as 2014.

<Sysname> packet-capture remote interface wlan-radio 1/0/1 port 2014

Related commands

display packet-capture status

packet-capture stop

Use packet-capture stop to stop the packet capture.

Syntax

packet-capture stop

Views

User view

Predefined user roles

network-admin

Examples

# Stop the packet capture.

<Sysname> packet-capture stop

Related commands

packet-capture local interface

packet-capture remote interface

SmartMC commands

boot-loader

Use boot-loader to specify the upgrade startup software files for a SmartMC group.

Use undo boot-loader to restore the default.

Syntax

boot-loader file { ipe-filename | boot boot-filename system system-filename }

undo boot-loader

Default

No upgrade startup software files are specified for a SmartMC group.

Views

SmartMC group view

Predefined user roles

network-admin

Parameters

ipe-filename: Specifies an IPE software file by its name, a case-insensitive string of 5 to 45 characters. The file name must include the .ipe extension.

boot boot-filename: Specifies a boot image file by its name, a case-insensitive string of 5 to 45 characters. The file name must include the .bin extension.

system system-filename: Specifies a system image file by its name, a case-insensitive string of 5 to 45 characters. The file name must include the .bin extension.

Usage guidelines

If you execute this command multiple times, the most recent configuration takes effect.

Examples

# Specify IPE software file device.ipe for SmartMC group testgroup.

<Sysname> system-view

[Sysname] smartmc group testgroup

[Sysname-smartmc-group-testgroup] boot-loader file device.ipe

Related commands

smartmc group

startup-configuration

create batch-file

Use create batch-file to create a batch command line file.

Syntax

create batch-file batch-file-name

Default

No batch command line file exists.

Views

User view

Predefined user roles

network-admin

Parameters

batch-file-name: Specifies the name of the batch command line file, a case-insensitive string of 1 to 255 characters. If you do not specify a file extension when specifying a file name, the default extension .cmdset is used.

Usage guidelines

After executing this command, you will enter the batch command line edit mode. In this mode, each command occupies a line. When you finish editing all command lines, enter a percent sign (%) to return to user view.

Make sure the command lines that you enter are correct because the system does not verify whether the command lines are correct.

Examples

# Create batch command line file test.cmdset, and enter the command lines for specifying the device name as Sysname and enabling Telnet.

<Sysname> create batch-file test.cmdset

Begin to edit batch commands, and quit with the character '%'.

system-view

sysname Sysname

telnet server enable%

Related commands

display smartmc batch-file status

smartmc batch-file deploy

display smartmc backup configuration status

Use display smartmc backup configuration status to display the configuration file backup status on TCs.

Syntax

display smartmc backup configuration status

Views

Any view

Predefined user roles

network-admin

network-operator

Usage guidelines

This command displays the status of the ongoing backup task or the most recent backup task if the TC is not performing backup.

Examples

# Display the configuration file backup status on TCs.

<Sysname> display smartmc backup configuration status

ID IpAddress MacAddress Status Time

1 192.168.56.30 08d2-38ff-0300 Finished 2017-04-05 11:30:35

2 192.168.56.40 62d2-c21c-0400 Finished 2017-04-05 11:30:40

Table 97 Command output

Field	Description
ID	ID of the TC.
IpAddress	IP address of the TC.
MacAddress	MAC address of the TC.
Status	Backup status: · Waiting—The TC is waiting for configuration backup. · Processing—The TC is backing up the configuration. · Finished—The TC has finished backing up the configuration. · Timeout—Configuration backup times out. · Failed—The TC failed to back up the configuration.
Time	Time when the TC finished backing up the configuration. If the TC has not finished backing up the configuration, this field displays a hyphen (-).

Related commands

smartmc backup configuration

smartmc backup configuration interval

smartmc backup configuration max-number

display smartmc batch-file status

Use display smartmc batch-file status to display the bulk command line execution result.

Syntax

display smartmc batch-file status [ last number ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

last number: Specifies a configuration deployment by its number counting from the most recent configuration deployment, in the range of 1 to 5. If you do not specify this option, the command displays the execution result for the most recent configuration deployment.

Examples

# Display the bulk command line execution result.

<Sysname> display smartmc batch-file status last 1

TC ID 1

Device MAC : 201c-e7c3-0300

Start time : 2017-03-21 10:23:53

End time : 2017-03-21 10:23:57

Result :

<Sysname>system-view

System View: return to User View with Ctrl+Z.

[Sysname]display smartmc configuration

Device role : TC

TM IP address : 192.168.22.103

TM MAC address : 0ec3-6a94-0100

TM sysname : H3C

TC ID 2

Device MAC : 2409-600f-0400

Start time : 2017-05-06 17:47:20

End time : 2017-05-06 17:47:25

Result :

<Sysname>system-view

System View: return to User View with Ctrl+Z.

[Sysname]display smartmc configuration

Device role : TC

TM IP address : 192.168.22.103

TM MAC address : 0ec3-6a94-0100

TM sysname : H3C

Table 98 Command output

Field	Description
TC ID	ID of the TC.
Device MAC	MAC address of the TC.
Start time	Batch command line execution start time.
End time	Batch command line execution end time.
Result	Batch command line execution result in details.

Related commands

create batch-file

smartmc batch-file deploy

display smartmc configuration

Use display smartmc configuration to display the SmartMC configuration.

Syntax

display smartmc configuration

Views

Any view

Predefined user roles

network-admin

network-operator

Examples

# Display the SmartMC configuration on the TM.

<Sysname> display smartmc configuration

Device role : TM

FTP server IP : 192.168.22.103

FTP server username : admin

Topology-refresh interval : 60(s)

Backup startup-configuration interval : N/A

Sync backup number : 5

# Display the TM information on a TC.

<Sysname> display smartmc configuration

Device role : TC

TM IP : 192.168.22.103

TM MAC : 8288-468d-0100

TM sysname : Sysname

Table 99 Command output

Field	Description
Device role	Role of the device.
FTP server IP	IP address of the FTP server. If no FTP server IP address is configured, this field displays N/A.
FTP server username	FTP server username. If no username is configured, this field displays N/A.
Topology-refresh interval	Topology refresh interval, in seconds.
Backup startup-configuration interval	Automatic configuration file backup interval, in hours. If no interval is set, this field displays N/A.
Sync backup number	Number of TCs that can perform configuration backup at the same time.
TM IP	IP address of the TM. If the TC failed to obtain the TM IP address, this field displays N/A.
TM MAC	MAC address of the TM, If the TC failed to obtain the TM MAC address, this field displays N/A.
TM sysname	Name of the TM. If the TC failed to obtain the TM name, this field displays N/A.

display smartmc device-link

Use display smartmc device-link to display connections between devices in the SmartMC network.

Syntax

display smartmc device-link

Views

Any view

Predefined user roles

network-admin

network-operator

Usage guidelines

This command allows you to display the connections between the TM and TCs.

Examples

# Display connections between the devices in the SmartMC network.

<Sysname> display smartmc device-link

(TM IP)[192.168.56.20]

ID Hop LocalPort LocalIP PeerPort PeerIP

0 0 GigabitEthernet1/0/2 192.168.56.20 GigabitEthernet1/0/1 192.168.56.30

1 1 GigabitEthernet1/0/1 192.168.56.30 GigabitEthernet1/0/2 192.168.56.20

1 2 GigabitEthernet1/0/2 192.168.56.30 GigabitEthernet1/0/1 192.168.56.40

2 3 GigabitEthernet1/0/1 192.168.56.40 GigabitEthernet1/0/2 192.168.56.30

Table 100 Command output

Field	Description
TM IP	IP address of the TM.
ID	ID of the TM or TC.
Hop	Number of hops between the TM and TC.
LocalPort	Local port.
LocalIP	IP address of the local device.
PeerPort	Peer port.
PeerIP	IP address of the peer port.

Related commands

smartmc topology-refresh

smartmc topology-refresh interval

display smartmc group

Use display smartmc group to display SmartMC group information.

Syntax

display smartmc group [ group-name ] [ verbose ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

group-name: Specifies a SmartMC group by its name, a case-sensitive string of 1 to 31 characters. If you do not specify this argument, the command displays information about all SmartMC groups.

Verbose: Displays detailed SmartMC group information. If you do not specify this keyword, the command displays brief SmartMC group information.

Examples

# Display detailed SmartMC group information.

<Sysname> display smartmc group verbose

Group name : test

TC count : 5

Boot-loader file :

Startup-configuration file :

Rule:

Match Device-type S5560-EI

Match IP-address 192.168.56.0 24

Match MAC-address 0e74-ea13-0000 32

TCID DeviceType IpAddress MacAddress Status Version Sysname

1 S5560-EI 192.168.56.103 0e74-e2fb-0400 Normal R1306

2 S5560-EI 192.168.56.102 0e74-ea13-0500 Normal R1306

3 S5560-EI 192.168.56.104 0e74-db54-0300 Normal R1306

Table 101 Command output

Field	Description
GroupName	Name of the SmartMC group.
TC count	Number of TCs in the SmartMC group.
Boot-loader file	Names of the upgrade startup software files for upgrading the SmartMC group. If no upgrade startup software files are specified, this field displays null.
Startup-configuration file	Name of the configuration file for upgrading the SmartMC group. If no configuration file is specified, this field displays null.
Rule	Match criteria of the SmartMC group.
Match	Match type and its value. The match types include the following: · Device-type—Matches TCs by device type. · IP-address—Matches TCs by IP address. · MAC-address—Matches TCs by MAC address.
TCID	ID of the TC.
DeviceType	Device type of the TC.
IpAddress	IP address of the TC.
MacAddress	MAC address of the TC.
Version	Software version of the TC.
Status	Operating status of the TC: · Offline—The TC is offline. · Normal—The TC is online.
Sysname	Device name of the TC.

Related commands

match

smartmc group

display smartmc replace status

Use display smartmc replace status to display faulty TC replacement status.

Syntax

display smartmc replace status

Views

Any view

Predefined user roles

network-admin

network-operator

Examples

# Display faulty TC replacement status.

<Sysname> display smartmc replace status

Faulty ID : 2

Faulty MAC : 94e2-cdcb-0600

Replacement ID : 3

Replacement MAC: 2443-5f8c-0200

Mode : Manual

Status : Successful

Start time : 2017-03-21 15:01:31

End time : 2017-03-21 15:01:40

Table 102 Command output

Field	Description
Faulty ID	ID of the faulty TC.
Faulty MAC	MAC address of the faulty TC.
Replacement ID	ID of the new TC.
Replacement MAC	MAC address of the new TC.
Mode	Replacement method, which can be Manual or Auto.
Status	Replacement status: · Successful. · Failed. · Replacing.
Start time	Replacement start time
End time	Replacement end time.

Related commands

smartmc auto-replace enable

smartmc replace

display smartmc tc

Use display smartmc tc to display TC information.

Syntax

display smartmc tc [ tc-id ] [ verbose ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

tc-id: Specifies a TC by its ID in the range of 1 to 255. If you do not specify a TC, this command displays information about all TCs.

verbose: Displays detailed TC information. If you do not specify this keyword, the command displays brief TC information.

Examples

# Display brief information about all TCs.

<Sysname> display smartmc tc

TCID DeviceType IpAddress MacAddress Status Version Sysname

1 S5560-EI 192.168.22.104 201c-e7c3-0300 Normal R1308 H3C

# Display detailed information about all TCs.

<Sysname> display smartmc tc verbose

TC ID : 1

Adding method : Manual/Auto

Sysname : H3C

Model : S5560-54C-PWR-EI

Device type : S5560-EI

SYSOID :1.3.6.1.4.1.25506

MAC address : 0e74-e2fb-0400

IP address : 192.168.56.103

Boot image :

Boot image version :

System image :

System image version :

Current-configuration file :

uptime is: 0 week, 0 day, 0 hour, 0 minute

System CPU usage : 0%

System memory usage : 0%

Status : Offline

Boot-loader file :

Startup-configuration file :

Table 103 Command output

Field	Description
TC ID	ID of the TC.
Sysname	Device name of the TC.
Version	Software version of the TC.
Model	Serial number of the TC.
Device type	Device type of the TC.
SYSOID	SYSOID of the TC.
MAC address	MAC address of the TC.
IP address	IP address of the TC.
Boot image	Boot image file that the TC runs.
Boot image version	Version of the boot image file.
System image	System image file that the TC runs.
System image version	Version of the system image file.
Current-configuration file	Current startup configuration file used by the TC.
uptime is	Time when the TC came online.
System CPU usage	CPU usage on the TC.
System memory usage	Memory usage on the TC.
Status	Operating status of the TC: · Normal—The TC is operating correctly. · Offline—The TC is offline.
Boot-loader file	Upgrade startup software files.
Startup-configuration file	Upgrade configuration file.

display smartmc upgrade status

Use display smartmc upgrade status to display TC upgrade status.

Syntax

display smartmc upgrade status

Views

Any view

Predefined user roles

network-admin

network-operator

Examples

# Display TC upgrade status.

<Sysname> display smartmc upgrade status

ID IpAddress MacAddress Status UpdateTime UpdateFile

1 192.168.56.1 82dd-a434-0200 Finished Immediately bootloader.ipe

2 192.168.56.103 5caf-2e5f-0100 Finished Immediately bootloader.ipe

Table 104 Command output

Field	Description
ID	ID of the TC.
MacAddress	MAC address of the TC.
IpAddress	IP address of the TC.
Status	Upgrade status: · Waiting—The TC is waiting for downloading the upgrade file. · Download-failed—The TC failed to download the upgrade file. · Download-finished—The TC has downloaded the upgrade file. · Downloading—The TC is downloading the upgrade file. · Updating—The TC is upgrading. · Finished—The TC has finished upgrading. · Failed—The TC failed to upgrade.
Updated File	Name of the upgrade file.
UpdateTime	Upgrade time: · Immediately—Upgrade at once. · Delay(m)—Upgrade after the specified delay. · Time(HH:MM)—Upgrade at the specified time.

Related commands

smartmc upgrade group

smartmc upgrade tc

match

Use match to set a match criterion to add all matching TCs to a SmartMC group.

Use undo match to delete a match criterion.

Syntax

match { device-type device-type | ip-address ip-address { ip-mask-length | ip-mask } | mac-address mac-address mac-mask-length }

undo match { device-type device-type | ip-address ip-address { ip-mask-length | ip-mask } | mac-address mac-address mac-mask-length }

Default

No match criterion is set.

Views

SmartMC group view

Predefined user roles

network-admin

Parameters

device-type device-type: Sets a device type match criterion.

ip-address ip-address { ip-mask-length | ip-mask }: Sets an IP address match criterion. The ip-address argument specifies an IP address in dotted decimal notation. The ip-mask argument specifies the subnet mask in dotted decimal notation. The ip-mask-length argument specifies the subnet mask length in the range of 1 to 32.

mac-address mac-address mac-mask-length: Sets a MAC address match criterion. The mac-address argument specifies a MAC address in the format of H-H-H. The mac-mask-length argument specifies the mask length in the range of 1 to 48.

Examples

# Create SmartMC group a and add TCs in subnet 192.168.1.0/24 to the group.

<Sysname> system-view

[Sysname] smartmc group a

[Sysname-smartmc-group-a] match ip-address 192.168.1.0 24

Related commands

smartmc group

display smartmc group

smartmc auto-replace enable

Use smartmc auto-replace enable to enable the automatic faulty TC replacement feature.

Use undo smartmc auto-replace enable to disable the automatic faulty TC replacement feature.

Syntax

smartmc auto-replace enable

undo smartmc auto-replace enable

Default

The automatic faulty TC replacement feature is disabled.

Views

System view

Predefined user roles

network-admin

Usage guidelines

Before you execute this command, perform the following tasks:

1. Install the new TC at the location where the faulty TC was installed.

2. Connect all cables to the new TC.

Make sure the new TC and the faulty TC have the same neighbor relationship and device model.

Examples

# Enable the automatic faulty TC replacement feature.

<Sysname> system-view

[Sysname] smartmc auto-replace enable

Related commands

smartmc replace

smartmc backup configuration

Use smartmc backup configuration to manually back up the configuration file on TCs.

Syntax

smartmc backup configuration { group group-name-list | tc [ tc-id-list ] }

Views

System view

Predefined user roles

network-admin

Parameters

group group-name-list: Specifies a space-separated list of up to 10 SmartMC group items. Each item specifies a SmartMC group name, a case-sensitive string of 1 to 31 characters.

tc tc-id-list: Specifies a space-separated list of up to 10 TC items. Each item specifies a TC or a range of TCs in the form of tc-id1 to tc-id2. The value for tc-id2 must be greater than or equal to the value for tc-id1. The value range for the tc-id argument is 1 to 255. If you do not specify any TCs, all TCs will perform configuration backup.

Usage guidelines

After you execute this command, the TCs immediately save the running configuration to the next-startup configuration files and upload the configuration files to the FTP server.

The backup configuration files are named in the format of bridge MAC address_backup.cfg.

Examples

# Back up the configuration file on TC 1, TC 2, TC 3, and TC 4.

<Sysname> system-view

[Sysname] smartmc backup configuration tc 1 to 4

# Back up the configuration file on all TCs in SmartMC groups test1, test2, and test3.

<Sysname> system-view

[Sysname] smartmc backup configuration group test1 test2 test3

Related commands

display smartmc configuration

smartmc backup configuration interval

smartmc backup configuration max-number

Use smartmc backup configuration max-number to set the maximum number of TCs that can perform automatic configuration backup at the same time.

Use undo smartmc backup configuration max-number to restore the default.

Syntax

smartmc backup configuration max-number max-number

undo smartmc backup configuration max-number

Default

A maximum of five TCs can perform automatic configuration backup at the same time.

Views

System view

Predefined user roles

network-admin

Parameters

max-number: Specifies the maximum number of TCs that can perform automatic configuration backup at the same time, in the range of 2 to 20.

Examples

# Specify that a maximum of 10 TCs can perform automatic configuration backup at the same time.

<Sysname> system-view

[Sysname] smartmc backup configuration max-number 10

Related commands

display smartmc configuration

smartmc backup configuration

smartmc backup configuration interval

Use smartmc backup configuration interval to enable the automatic configuration file backup feature and set the automatic backup interval.

Use undo smartmc backup configuration interval to restore the default.

Syntax

smartmc backup configuration interval interval

undo smartmc backup configuration interval

Default

The automatic configuration file backup feature is disabled.

Views

System view

Predefined user roles

network-admin

Parameters

Interval: Specifies the automatic configuration file backup interval in the range of 1 to 720 hours.

Usage guidelines

This command enables the TM and TCs to back up their configuration files by saving the running configuration to the files and then uploading them to the FTP server. When you configure this command, the TM and TCs immediately perform a backup. After that, they back up the configuration files at the specified interval. The backup configuration files are named in the format of bridge MAC address_backup.cfg.

Examples

# Enable the automatic configuration file backup feature and set the backup interval to 24 hours.

<Sysname> system-view

[Sysname] smartmc backup configuration interval 24

Related commands

display smartmc configuration

smartmc backup configuration

smartmc batch-file deploy

Use smartmc batch-file deploy to deploy bulk command lines to a list of TCs or SmartMC groups.

Syntax

smartmc batch-file batch-file-name deploy { group group-name-list | tc tc-id-list }

Views

System view

Predefined user roles

network-admin

Parameters

batch-file-name: Specifies the name of a batch command line file, a string of 1 to 255 characters.

group group-name-list: Specifies a space-separated list of up to 10 SmartMC group items. Each item specifies a SmartMC group name, a case-sensitive string of 1 to 31 characters.

Examples

# Deploy batch command line file startup.cmdset to SmartMC group testgroup.

<Sysname> system-view

[Sysname] smartmc batch-file startup.cmdset deploy group testgroup

Related commands

create batch-file

display smartmc batch-file status

smartmc enable

Use smartmc enable to enable SmartMC and set the device role.

Use undo smartmc enable to disable SmartMC.

Syntax

smartmc { tm [ username username password { cipher | simple } string ] | tc } enable

undo smartmc enable

Default

SmartMC is disabled.

Views

System view

Predefined user roles

network-admin

Parameters

tm: Enables SmartMC and sets the device role to TM.

username username: Specifies a username for the local user, a case-sensitive string of 1 to 55 characters.

password: Specifies a password for the local user.

cipher: Specifies a password in encrypted form.

simple: Specifies a password in plaintext form.

string: Specifies the password. Its plaintext form is a case-sensitive string of 1 to 63 characters. Its encrypted form is a case-sensitive string of 1 to 113 characters.

tc: Enables SmartMC and sets the device role to TC.

Usage guidelines

A SmartMC network must have one and only one TM.

To enable SmartMC, execute this command on both the TM and TCs. To configure the other SmartMC features, execute associated commands only on the TM.

If you change the role of the TM to TC or disable SmartMC on the TM, all SmartMC settings in its running configuration will be cleared.

For manual SmartMC network establishment, the TM preferentially uses the user-specified username and password. If no username and password are specified, the TM uses the default username admin and password admin.

Examples

# Enable SmartMC and set the device role to TM.

<Sysname> system-view

[Sysname] smartmc tm enable

smartmc ftp-server

Use smartmc ftp-server to configure the FTP server information.

Use undo smartmc ftp-server to delete the FTP server information.

Syntax

smartmc ftp-server server-address username username password { cipher | simple } string

undo smartmc ftp-server

Default

No FTP server information is configured.

Views

System view

Predefined user roles

network-admin

Parameters

server-address: Specifies an FTP server by its IP address.

username username: Specifies the FTP server username, a case-sensitive string of 1 to 55 characters.

password: Specifies the FTP server password.

cipher: Specifies a password in encrypted form.

simple: Specifies a password in plaintext form.

string: Specifies the password. Its plaintext form is a case-sensitive string of 1 to 63 characters. Its encrypted form is a case-sensitive string of 1 to 113 characters.

Usage guidelines

If you execute this command multiple times, the most recent configuration takes effect.

Examples

# Set the FTP server IP address, username, and password to 192.168.22.19, admin, and admin, respectively.

<Sysname> system-view

[Sysname] smartmc ftp-server 192.168.22.19 username admin password simple admin

Related commands

display smartmc configuration

smartmc group

Use smartmc group to create a SmartMC group and enter its view, or enter the view of an existing SmartMC group.

Use undo smartmc group to delete a SmartMC group.

Syntax

smartmc group group-name

undo smartmc group group-name

Default

No SmartMC groups exist.

Views

System view

Predefined user roles

network-admin

Parameters

group-name: Specifies the name of the SmartMC group, a case-sensitive string of 1 to 31 characters.

Usage guidelines

When you perform the following operations, you can specify a SmartMC group to apply the operations to all TCs in the group:

· Startup software upgrade.

· Configuration file upgrade.

· Configuration deployment.

Examples

# Create SmartMC group testgroup.

<Sysname> system-view

[Sysname] smartmc group testgroup

[Sysname-smartmc-group-testgroup]

Related commands

match

smartmc replace

Use smartmc replace to manually replace a faulty TC.

Syntax

smartmc replace tc tc-id1 faulty-tc tc-id2

Views

System view

Predefined user roles

network-admin

Parameters

tc tc-id1: Specifies the ID of the new TC, in the range of 1 to 255.

faulty-tc tc-id2: Specifies the ID of the faulty TC, in the range of 1 to 255.

Usage guidelines

Before you execute this command, perform the following tasks:

1. Install the new TC at the location where the faulty TC was installed.

2. Connect all cables to the new TC.

Make sure the new TC and the faulty TC have the same neighbor relationship and device model.

Examples

# Replace faulty TC 5 with new TC 10.

<Sysname> system-view

[Sysname] smartmc replace tc 10 faulty-tc 5

Related commands

display smartmc replace status

smartmc auto-replace enable

smartmc tc boot-loader

Use smartmc tc boot-loader to specify the upgrade startup software files for a TC.

Use undo smartmc tc boot-loader to remove the configuration.

Syntax

smartmc tc tc-id boot-loader { ipe-filename | boot boot-filename system system-filename }

undo smartmc tc tc-id boot-loader

Views

System view

Predefined user roles

network-admin

Parameters

tc tc-id: Specifies a TC by its ID in the range of 1 to 255.

ipe-filename: Specifies an IPE software file by its name, a case-insensitive string of 5 to 45 characters. The file name must include the .ipe extension.

boot boot-filename: Specifies a boot image file by its name, a case-insensitive string of 5 to 45 characters. The file name must include the .bin extension.

system system-filename: Specifies a system image file by its name, a case-insensitive string of 5 to 45 characters. The file name must include the .bin extension.

Examples

# Specify upgrade boot image boot.bin and upgrade system image system.bin for TC 1.

<Sysname> system-view

[Sysname] smartmc tc 1 boot-loader boot boot.bin system system.bin

Related commands

display smartmc tc

smartmc tc device-type

Use smartmc tc device-type to define a TC type on the TM.

Use undo smartmc tc device-type to delete a TC type.

Syntax

smartmc tc sysoid sysoid device-type device-type

undo smartmc tc sysoid sysoid device-type device-type

Views

System view

Predefined user roles

network-admin

Parameters

sysoid sysoid: Specifies the SYSOID of a device.

device-type device-type: Specifies a device type.

Usage guidelines

To obtain the SYSOID of a TC, use the display smartmc tc verbose command.

Examples

# Define a TC type by specifying the SYSOID as 1.3.6.1.4.1.25506.1.1588 and the device type as S5130-EI.

<Sysname> system-view

[Sysname] smartmc tc sysoid 1.3.6.1.4.1.25506.1.1588 device-type S5130-EI

smartmc tc password

Use smartmc tc password to modify the password of the default user for TCs.

Syntax

smartmc tc password string

Views

System view

Predefined user roles

network-admin

Parameters

string: Specifies a password, a case-sensitive string of 1 to 63 characters.

Usage guidelines

During SmartMC network establishment, the TM establishes NETCONF sessions to TCs and adds them to the network. The default username and password on the TCs for NETCONF session establishment are admin and admin. To enhance security, you can perform this task to change the password for the default user admin of the TCs after the TM adds the TCs to the network.

Do not modify the password for TCs that are manually added to the SmartMC network. If you modify the password for a manually added TC, you will not be able to manage that TC from the TM.

Examples

# Modify the password of the default user to Admin123 for TCs.

<Sysname> system-view

[Sysname] smartmc tc password Admin123

smartmc tc startup-configuration

Use smartmc tc startup-configuration to specify the upgrade configuration file for a TC.

Use undo smartmc tc startup-configuration to remove the configuration.

Syntax

smartmc tc tc-id startup-configuration cfg-filename

undo smartmc tc tc-id startup-configuration

Views

System view

Predefined user roles

network-admin

Parameters

tc tc-id: Specifies a TC by its ID in the range of 1 to 255.

cfg-filename: Specifies a configuration file by its name, a case-insensitive string of 5 to 45 characters. The file name must include the .cfg extension.

Examples

# Specify upgrade configuration file startup.cfg for TC 1.

<Sysname> system-view

[Sysname] smartmc tc 1 startup-configuration startup.cfg

Related commands

display smartmc tc

smartmc topology-refresh

Use smartmc topology-refresh to manually refresh the network topology.

Syntax

smartmc topology-refresh

Views

Any view

Predefined user roles

network-admin

Usage guidelines

To display topology changes, use this command to manually refresh the topology.

Examples

# Manually refresh the network topology.

<Sysname> smartmc topology-refresh

Related commands

display smartmc device-link

smartmc topology-refresh interval

Use smartmc topology-refresh interval to set the automatic network topology refresh interval.

Use undo smartmc topology-refresh interval to restore the default.

Syntax

smartmc topology-refresh interval interval

undo smartmc topology-refresh interval

Default

The automatic network topology refresh interval is 60 seconds.

Views

System view

Predefined user roles

network-admin

Parameters

interval: Specifies the automatic network topology refresh interval in the range of 60 to 300 seconds.

Examples

# Set the automatic network topology refresh interval to 100 seconds.

<Sysname> system-view

[Sysname] smartmc topology-refresh interval 100

Related commands

display smartmc device-link

smartmc topology-save

Use smartmc topology-save to save the current network topology.

Syntax

smartmc topology-save

Views

System view

Predefined user roles

network-admin

Usage guidelines

This task allows you to save the current network topology to the topology.dba file in the flash memory. After the TM reboots, it uses the topology.dba file to restore the network topology.

Examples

# Save the current network topology

<Sysname> system-view

[Sysname] smartmc topology-save

Related commands

display smartmc device-link

smartmc upgrade boot-loader

Use smartmc upgrade boot-loader to upgrade the startup software on a list of TCs or SmartMC groups.

Use undo smartmc upgrade delete the startup software upgrade task.

Syntax

smartmc upgrade boot-loader { group | tc } list [ delay minutes | time time ]

smartmc upgrade boot-loader { group | tc } { list { boot boot-filename system system-filename | file ipe-filename } }&<1-40> [ delay delay-time | time time ]

undo smartmc upgrade

Views

System view

Predefined user roles

network-admin

Parameters

group: Specifies SmartMC group-based upgrade.

tc: Specifies TC-based upgrade.

list: Specifies a space-separated list of TC items or SmartMC group items.

· SmartMC group—Each item specifies a SmartMC group name, a case-sensitive string of 1 to 31 characters.

· TC—Each item specifies a TC ID or a range of TC IDs in the form of tc-id1 to tc-id2. The value for tc-id2 must be greater than or equal to the value for tc-id1. The value range for the tc-id argument is 1 to 255.

boot boot-filename: Specifies a boot image by its name.

system system-filename: Specifies a system image by its name.

file ipe-filename: Specifies an IPE file by its name.

delay delay-time: Specifies the upgrade delay time in the range of 1 to 1440 minutes.

time in-time: Specifies the upgrade time in the format of hh:mm. The value range for the hh argument is 0 to 23 hours. The value range for the mm argument is 0 to 59 minutes.

Usage guidelines

To use this command to upgrade the startup software on TCs without specifying the upgrade files, you must first perform one of the following tasks:

· Execute the smartmc tc boot-loader command to specify the upgrade files for TCs.

· Execute the boot-loader command to specify the upgrade files for a SmartMC group.

A TC can perform only one upgrade task at a time.

If you execute this command without specifying the delay time or update time, the TCs or SmartMC group immediately upgrades the startup software.

Examples

# Upgrade startup software images boot.bin and sys.bin on all TCs in SmartMC groups test1 and test2.

<Sysname> system-view

[Sysname] smartmc upgrade boot-loader group test1 test2 boot boot.bin system sys.bin

Related commands

boot-loader

startup-configuration

smartmc upgrade startup-configuration

Use smartmc upgrade startup-configuration to upgrade the configuration file on a list of TCs or on all TCs in SmartMC groups.

Use undo smartmc upgrade delete the configuration file upgrade task.

Syntax

smartmc upgrade startup-configuration { group | tc } list [ delay minutes | time time ]

smartmc upgrade startup-configuration { group | tc } { list cfg-filename }&<1-40> [ delay delay-time | time time ]

undo smartmc upgrade

Views

System view

Predefined user roles

network-admin

Parameters

group: Specifies SmartMC group-based upgrade.

tc: Specifies TC-based upgrade.

list: Specifies a space-separated list of TC items or SmartMC group items.

· SmartMC group—Each item specifies a SmartMC group name, a case-sensitive string of 1 to 31 characters.

cfg-filename: Specifies a configuration file by its name.

delay delay-time: Specifies the upgrade delay time in the range of 1 to 1440 minutes.

time in-time: Specifies the upgrade time in the format of hh:mm. The value range for the hh argument is 0 to 23 hours. The value range for the mm argument is 0 to 59 minutes.

Usage guidelines

To use this command to upgrade the configuration file on TCs without specifying the upgrade file, you must first perform one of the following tasks:

· Execute the smartmc tc startup-configuration command to specify the upgrade file for TCs.

· Execute the startup-configuration command to specify the upgrade file for a SmartMC group.

A TC can perform only one upgrade task at a time.

If you execute this command without specifying the delay time or update time, the TCs or SmartMC group immediately upgrades the configuration file.

Examples

# Upgrade configuration file startup.cfg on all TCs in SmartMC groups test1 and test2.

<Sysname> system-view

[Sysname] smartmc upgrade boot-loader group test1 test2 boot boot.bin system sys.bin

Related commands

boot-loader

startup-configuration

Use startup-configuration to specify an upgrade configuration file for a SmartMC group .

Use undo startup-configuration to restore the default.

Syntax

startup-configuration cfgfile

undo startup-configuration

Default

No upgrade configuration file is specified for the SmartMC group.

Views

SmartMC group view

Predefined user roles

network-admin

Parameters

cfgfile: Specifies a configuration file by its name, a string of 5 to 45 characters. The file name must include the .cfg extension.

Usage guidelines

If you execute this command multiple times, the most recent configuration takes effect.

Examples

# Specify configuration file startup.cfg for SmartMC group testgroup.

<Sysname> system-view

[Sysname] smartmc group testgroup

[Sysname-smartmc-group-testgroup] startup-configuration startup.cfg

Related commands

smartmc group

Index

A B C D E F H I L M N O P R S T U V W X

action,212

action cli,279

action reboot,280

action switchover,282

action syslog,283

advantage-factor,12

apply poe-profile,122

apply poe-profile interface,123

boot-loader,469

codec-type,12

commit,283

community read,13

comparison,213

context (action-set view),214

context (trigger view),214

create batch-file,469

cwmp,263

cwmp acs default password,263

cwmp acs default url,264

cwmp acs default username,265

cwmp acs password,265

cwmp acs url,266

cwmp acs username,267

cwmp cpe connect interface,268

cwmp cpe connect retry,268

cwmp cpe inform interval,269

cwmp cpe inform interval enable,270

cwmp cpe inform time,270

cwmp cpe password,271

cwmp cpe provision-code,272

cwmp cpe stun enable,272

cwmp cpe username,273

cwmp cpe wait timeout,274

cwmp enable,275

data-fill,14

data-size,15

debugging,1

delta falling,215

delta rising,216

description,16

description (event view),217

description (trigger view),217

destination ip,16

destination ipv6,17

destination port,18

diagnostic-logfile save,421

display cwmp configuration,275

display cwmp status,277

display debugging,1

display diagnostic-logfile summary,422

display exception context,303

display exception filepath,308

display info-center,422

display ip netstream cache,362

display ip netstream export,370

display ip netstream template,371

display ipv6 netstream cache,389

display ipv6 netstream export,395

display ipv6 netstream template,397

display kernel deadloop,309

display kernel deadloop configuration,313

display kernel exception,314

display kernel starvation configuration,317

display logbuffer,423

display logbuffer summary,425

display logfile summary,427

display mirroring-group,355

display netconf service,250

display netconf session,251

display nqa history,18

display nqa reaction counters,20

display nqa result,21

display nqa server,78

display nqa statistics,28

display ntp-service ipv6 sessions,82

display ntp-service sessions,86

display ntp-service status,90

display ntp-service trace,92

display packet-capture status,462

display poe device,123

display poe interface,124

display poe interface power,127

display poe power-usage,128

display poe pse,131

display poe pse interface,133

display poe pse interface power,134

display poe-profile,135

display poe-profile interface,136

display process,318

display process cpu,321

display process log,322

display process memory,324

display process memory heap,325

display process memory heap address,327

display process memory heap size,328

display rmon alarm,194

display rmon event,196

display rmon eventlog,197

display rmon history,198

display rmon prialarm,201

display rmon statistics,203

display rtm environment,284

display rtm policy,285

display sampler,352

display security-logfile summary,427

display sflow,413

display smartmc backup configuration status,470

display smartmc batch-file status,471

display smartmc configuration,472

display smartmc device-link,473

display smartmc group,474

display smartmc replace status,476

display smartmc tc,476

display smartmc upgrade status,478

display snmp mib event,218

display snmp mib event event,219

display snmp mib event object list,221

display snmp mib event summary,222

display snmp mib event trigger,222

display snmp-agent community,147

display snmp-agent context,149

display snmp-agent group,149

display snmp-agent local-engineid,150

display snmp-agent mib-node,151

display snmp-agent mib-view,157

display snmp-agent remote,158

display snmp-agent statistics,159

display snmp-agent sys-info,161

display snmp-agent trap queue,162

display snmp-agent trap-list,162

display snmp-agent usm-user,163

display sntp ipv6 sessions,115

display sntp sessions,115

display userlog export,452

display userlog host-group,453

enable,375

enable,401

enable log updown,428

enable snmp trap updown,165

event cli,286

event enable,226

event hotplug,287

event interface,289

event owner (trigger-Boolean view),226

event owner (trigger-existence view),227

event process,291

event snmp oid,292

event snmp-notification,294

event syslog,294

event track,295

exception filepath,329

falling,228

filename,37

frequency,37

frequency,228

history-record enable,38

history-record keep-time,39

history-record number,39

info-center diagnostic-logfile directory,429

info-center diagnostic-logfile enable,429

info-center diagnostic-logfile frequency,430

info-center diagnostic-logfile quota,431

info-center enable,431

info-center format,432

info-center logbuffer,432

info-center logbuffer size,433

info-center logfile directory,433

info-center logfile enable,434

info-center logfile frequency,435

info-center logfile size-quota,435

info-center logging suppress duplicates,436

info-center loghost,436

info-center loghost source,437

info-center security-logfile alarm-threshold,438

info-center security-logfile directory,439

info-center security-logfile enable,439

info-center security-logfile frequency,440

info-center security-logfile size-quota,441

info-center source,441

info-center synchronous,443

info-center syslog min-age,444

info-center syslog trap buffersize,444

info-center timestamp,445

info-center timestamp loghost,446

info-center trace-logfile quota,446

init-ttl,40

ip netstream,376

ip netstream aggregation,378

ip netstream export host,380

ip netstream export rate,381

ip netstream export source,382

ip netstream export v9-template refresh-rate packet,383

ip netstream export v9-template refresh-rate time,383

ip netstream export version,384

ip netstream filter,376

ip netstream ipsec raw-packet,377

ip netstream max-entry,385

ip netstream mpls,386

ip netstream sampler,378

ip netstream timeout active,386

ip netstream timeout inactive,387

ipv6 netstream,401

ipv6 netstream aggregation,404

ipv6 netstream export host,405

ipv6 netstream export rate,406

ipv6 netstream export source,407

ipv6 netstream export v9-template refresh-rate packet,408

ipv6 netstream export v9-template refresh-rate time,408

ipv6 netstream export version 9,409

ipv6 netstream filter,402

ipv6 netstream ipsec raw-packet,403

ipv6 netstream max-entry,410

ipv6 netstream sampler,403

ipv6 netstream timeout active,410

ipv6 netstream timeout inactive,411

logfile save,447

lsr-path,41

match,479

max-failure,41

mirroring-group,356

mirroring-group mirroring-port (interface view),357

mirroring-group mirroring-port (system view),357

mirroring-group monitor-port (interface view),358

mirroring-group monitor-port (system view),359

mirror-to,361

mode,42

monitor kernel deadloop enable,330

monitor kernel deadloop exclude-thread,331

monitor kernel deadloop time,333

monitor kernel starvation enable,334

monitor kernel starvation exclude-thread,335

monitor kernel starvation time,336

monitor process,337

monitor thread,342

netconf capability specific-namespace,252

netconf idle-timeout,253

netconf log,253

netconf soap domain,254

netconf soap http acl,255

netconf soap http enable,256

netconf soap https acl,257

netconf soap https enable,257

netconf ssh acl,258

netconf ssh server enable,259

netconf ssh server port,259

next-hop ip,43

next-hop ipv6,43

no-fragment enable,44

nqa,44

nqa agent enable,45

nqa schedule,46

nqa server enable,78

nqa server tcp-connect,79

nqa server udp-echo,80

ntp-service acl,93

ntp-service authentication enable,94

ntp-service authentication-keyid,95

ntp-service broadcast-client,96

ntp-service broadcast-server,97

ntp-service dscp,98

ntp-service enable,98

ntp-service inbound enable,99

ntp-service ipv6 acl,99

ntp-service ipv6 dscp,101

ntp-service ipv6 inbound enable,101

ntp-service ipv6 multicast-client,102

ntp-service ipv6 multicast-server,103

ntp-service ipv6 source,103

ntp-service ipv6 unicast-peer,104

ntp-service ipv6 unicast-server,106

ntp-service max-dynamic-sessions,107

ntp-service multicast-client,108

ntp-service multicast-server,108

ntp-service refclock-master,109

ntp-service reliable authentication-keyid,110

ntp-service source,111

ntp-service unicast-peer,112

ntp-service unicast-server,113

object list (action-notification view),229

object list (trigger view),230

object list (trigger-Boolean view),231

object list (trigger-existence view),231

object list (trigger-threshold view),232

oid (action-notification view),233

oid (action-set view),233

oid (trigger view),234

operation (FTP operation view),47

operation (HTTP operation view),48

out interface,48

packet-capture local ap (on ACs),463

packet-capture local interface (on wired devices/fat APs),464

packet-capture remote ap (on ACs),466

packet-capture remote interface (on wired devices/fat APs),467

packet-capture stop,467

password,49

ping,2

ping ipv6,5

poe disconnect,137

poe enable,137

poe enable pse,138

poe legacy enable,139

poe max-power,139

poe max-power (system view),140

poe pd-description,141

poe pd-policy priority,141

poe priority,142

poe priority (system view),143

poe pse-policy priority,144

poe update,144

poe utilization-threshold,146

poe-profile,145

probe count,50

probe packet-interval,51

probe packet-number,52

probe packet-timeout,52

probe timeout,53

process core,346

raw-request,54

reaction checked-element { jitter-ds | jitter-sd },54

reaction checked-element { owd-ds | owd-sd },56

reaction checked-element icpif,57

reaction checked-element mos,58

reaction checked-element packet-loss,59

reaction checked-element probe-duration,60

reaction checked-element probe-fail (for trap),61

reaction checked-element probe-fail (for trigger),63

reaction checked-element rtt,63

reaction trap,65

reset exception context,347

reset ip netstream statistics,388

reset ipv6 netstream statistics,412

reset kernel deadloop,348

reset kernel exception,348

reset logbuffer,447

reset netconf service statistics,260

reset netconf session statistics,260

reset userlog flow export,455

rising,235

rmon alarm,204

rmon event,206

rmon history,207

rmon prialarm,208

rmon statistics,210

route-option bypass-route,66

rresolve-target,66

rtm cli-policy,297

rtm environment,297

rtm scheduler suspend,299

rtm tcl-policy,299

running-time,300

sample,236

sampler,354

security-logfile save,448

sflow agent,414

sflow collector,415

sflow counter collector,417

sflow counter interval,416

sflow flow collector,417

sflow flow max-header,418

sflow sampling-mode,418

sflow sampling-rate,419

sflow source,419

smartmc auto-replace enable,480

smartmc backup configuration,480

smartmc backup configuration interval,482

smartmc backup configuration max-number,481

smartmc batch-file deploy,482

smartmc enable,483

smartmc ftp-server,484

smartmc group,485

smartmc replace,485

smartmc tc boot-loader,486

smartmc tc device-type,487

smartmc tc password,487

smartmc tc startup-configuration,488

smartmc topology-refresh,488

smartmc topology-refresh interval,489

smartmc topology-save,489

smartmc upgrade boot-loader,490

smartmc upgrade startup-configuration,491

snmp mib event,236

snmp mib event object list,237

snmp mib event sample instance maximum,238

snmp mib event sample minimum,239

snmp mib event trigger,239

snmp-agent,165

snmp-agent { inform | trap } source,178

snmp-agent calculate-password,166

snmp-agent community,167

snmp-agent community-map,170

snmp-agent context,171

snmp-agent group,171

snmp-agent local-engineid,173

snmp-agent log,174

snmp-agent mib-view,175

snmp-agent packet max-size,176

snmp-agent port,177

snmp-agent remote,177

snmp-agent sys-info contact,179

snmp-agent sys-info location,180

snmp-agent sys-info version,180

snmp-agent target-host,181

snmp-agent trap enable,183

snmp-agent trap enable event-mib,240

snmp-agent trap enable syslog,448

snmp-agent trap if-mib link extended,184

snmp-agent trap life,185

snmp-agent trap log,185

snmp-agent trap queue-size,186

snmp-agent usm-user { v1 | v2c },187

snmp-agent usm-user v3,188

snmp-agent usm-user v3 user-role,192

sntp authentication enable,116

sntp authentication-keyid,117

sntp enable,118

sntp ipv6 unicast-server,118

sntp reliable authentication-keyid,119

sntp unicast-server,120

source interface,67

source ip,68

source ipv6,69

source port,69

ssl client-policy,278

startup (trigger-existence view),241

startup (trigger-threshold view),242

startup enable,242

startup-configuration,492

statistics hold-time,70

statistics interval,71

statistics max-group,71

target-only,72

terminal debugging,449

terminal logging level,450

terminal monitor,451

test,243

third-part-process start,349

third-part-process stop,350

tos,73

tracert,7

tracert ipv6,10

trigger enable,244

ttl,73

type,74

type,244

url,75

userlog flow export host,455

userlog flow export load-balancing,456

userlog flow export source-ip,456

userlog flow export timestamp localtime,457

userlog flow export version,458

userlog flow syslog,458

userlog host-group,459

userlog host-group host flow,460

username,76

user-role,301

value (action-set view),245

value (trigger-Boolean view),246

version,76

vpn-instance,77

wildcard context (action-set view),247

wildcard context (trigger view),247

wildcard oid (action-set view),248

wildcard oid (trigger view),249

xml,261

17-Network Management and Monitoring Command Reference

debugging

ping

ping ipv6

NQA commands

NQA client commands

display nqa history

display nqa reaction counters

filename

operation (FTP operation view)

rresolve-target

statistics interval

target-only

tos

vpn-instance

nqa server udp-echo

display ntp-service ipv6 sessions

display ntp-service trace

ntp-service authentication enable

ntp-service authentication-keyid

ntp-service broadcast-server

ntp-service max-dynamic-sessions

ntp-service multicast-server

ntp-service reliable authentication-keyid

ntp-service unicast-peer

apply poe-profile interface

display poe-profile

display poe-profile interface

poe priority (system view)