Login
- Table of Contents
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 01-VXLAN commands | 281.87 KB |
selective-flooding mac-address
statistics enable (tunnel interface view)
vxlan invalid-udp-checksum discard
vxlan source udp-port five-tuple
vxlan tunnel mac-learning disable
arp distributed-gateway dynamic-entry synchronize
display interface vsi-interface
reset counters interface vsi-interface
vxlan tunnel arp-learning disable
VXLAN commands
Basic VXLAN commands
arp suppression enable
Use arp suppression enable to enable ARP flood suppression.
Use undo arp suppression enable to disable ARP flood suppression.
Syntax
arp suppression enable
undo arp suppression enable
Default
ARP flood suppression is disabled.
Views
VSI view
Predefined user roles
network-admin
Usage guidelines
ARP flood suppression reduces ARP request broadcasts by enabling the VTEP to reply to ARP requests on behalf of VMs.
This feature snoops ARP packets to populate the ARP flood suppression table with local and remote MAC addresses. If an ARP request has a matching entry, the VTEP replies to the request on behalf of the VM. If no match is found, the VTEP floods the request to both local and remote sites.
Examples
# Enable ARP flood suppression for VSI vsi1.
<Sysname> system-view
[Sysname] vsi vsi1
[Sysname-vsi-vsi1] arp suppression enable
Related commands
display arp suppression vsi
reset arp suppression vsi
description
Use description to configure a description for a VSI.
Use undo description to restore the default.
Syntax
description text
undo description
Default
A VSI does not have a description.
Views
VSI view
Predefined user roles
network-admin
Parameters
text: Specifies a description, a case-sensitive string of 1 to 80 characters.
Examples
# Configure a description for VSI vpn1.
<Sysname> system-view
[Sysname] vsi vpn1
[Sysname-vsi-vpn1] description vsi for vpn1
Related commands
display l2vpn vsi
display arp suppression vsi
Use display arp suppression vsi to display ARP flood suppression entries.
Syntax
In standalone mode:
display arp suppression vsi [ name vsi-name ] [ count ]
In IRF mode:
display arp suppression vsi [ name vsi-name ] [ slot slot-number ] [ count ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
name vsi-name: Specifies a VSI by its name, a case-sensitive string of 1 to 31 characters. If you do not specify a VSI, this command displays entries for all VSIs.
slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command displays entries on the master device. (In IRF mode.)
count: Displays the number of ARP flood suppression entries that match the command.
Examples
# Display ARP flood suppression entries.
<Sysname> display arp suppression vsi
IP address MAC address Vsi Name Link ID Aging
1.1.1.2 000f-e201-0101 vsi1 0x70000 14
1.1.1.3 000f-e201-0202 vsi1 0x80000 18
1.1.1.4 000f-e201-0203 vsi2 0x90000 10
# Display the number of ARP flood suppression entries.
<Sysname> display arp suppression vsi count
Total entries: 3
Table 1 Command output
|
Field |
Description |
|
Link ID |
Link ID that uniquely identifies an AC or a VXLAN tunnel on a VSI. |
|
Aging |
Remaining lifetime (in minutes) of the ARP flood suppression entry. When the timer expires, the entry is deleted. |
Related commands
arp suppression enable
reset arp suppression vsi
display l2vpn interface
Use display l2vpn interface to display L2VPN information for Layer 3 interfaces that are mapped to VSIs.
Syntax
display l2vpn interface [ vsi vsi-name | interface-type interface-number ] [ verbose ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
vsi vsi-name: Specifies a VSI name, a case-sensitive string of 1 to 31 characters.
interface-type interface-number: Specifies an interface by its type and number.
verbose: Displays detailed information about Layer 3 interfaces. If you do not specify this keyword, the command displays brief information about Layer 3 interfaces.
Usage guidelines
If you do not specify any parameters, this command displays brief L2VPN information for all Layer 3 interfaces that are mapped to VSIs.
Examples
# Display brief L2VPN information for all Layer 3 interfaces that are mapped to VSIs.
<Sysname> display l2vpn interface
Total number of interfaces: 2, 1 up, 1 down
Interface Owner Link ID State Type
GE1/0 vxlan3 1 Up VSI
GE2/0 vxlan4 2 Down VSI
Table 2 Command output
|
Field |
Description |
|
Interface |
Layer 3 interface name. |
|
Owner |
VSI name. |
|
Link ID |
The interface's link ID on the VSI. |
|
State |
Physical state of the interface: · Up—The interface is physically up. · Down—The interface is physically down. |
|
Type |
L2VPN type of the interface. This field displays VSI for the VXLAN feature. |
# Display detailed L2VPN information for all Layer 3 interfaces that are mapped to VSIs.
<Sysname> display l2vpn interface verbose
Interface: GE1/0
Owner : vsi1
Link ID : 0
State : Up
Type : VSI
Statistics : Enabled
Input Statistics:
Octets :994496
Packets :15539
Output Statistics:
Octets :0
Packets :0
Interface: GE2/0
Owner : vsi2
Link ID : 0
State : Down
Type : VSI
Statistics : Enabled
Input Statistics:
Octets :0
Packets :0
Output Statistics:
Octets :0
Packets :0
Table 3 Command output
|
Field |
Description |
|
Interface |
Layer 3 interface name. |
|
Owner |
VSI name. |
|
Link ID |
The interface's link ID on the VSI. |
|
State |
Physical state of the interface: · Up—The interface is physically up. · Down—The interface is physically down. |
|
Type |
L2VPN type of the interface. This field displays VSI for the VXLAN feature. |
|
Statistics |
Packet statistics state: · Enabled—The packet statistics feature is enabled for the interface. · Disabled—The packet statistics feature is disabled for the interface. |
|
Input Statistics |
Incoming traffic statistics: · Octets—Number of incoming bytes. · Packets—Number of incoming packets. |
|
Output Statistics |
Outgoing traffic statistics: · Octets—Number of outgoing bytes. · Packets—Number of outgoing packets. |
display l2vpn mac-address
Use display l2vpn mac-address to display MAC address entries for VSIs.
Syntax
display l2vpn mac-address [ vsi vsi-name ] [ dynamic ] [ count ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
vsi vsi-name: Specifies a VSI name, a case-sensitive string of 1 to 31 characters. If you do not specify a VSI, this command displays MAC address entries for all VSIs.
dynamic: Specifies dynamic MAC address entries learned in the data plane. If you do not specify this keyword, the command displays all MAC address entries, including:
· Dynamic remote- and local-MAC entries.
· Remote-MAC entries advertised through BGP EVPN.
· Manually added static remote-MAC entries.
· Remote-MAC entries issued through OpenFlow.
· Remote-MAC entries issued through OVSDB.
VXLAN does not support static local-MAC entries.
count: Displays the number of MAC address entries. If you do not specify this keyword, the command displays detailed information about MAC address entries.
Examples
# Display MAC address entries for all VSIs.
<Sysname> display l2vpn mac-address
MAC Address State VSI Name Link ID/Name Aging
0000-0000-000b Static vpn1 Tunnel10 NotAging
0000-0000-000c Dynamic vpn1 Tunnel60 Aging
0000-0000-000d Dynamic vpn1 Tunnel99 Aging
--- 3 mac address(es) found ---
# Display the total number of MAC address entries in all VSIs.
<Sysname> display l2vpn mac-address count
3 mac address(es) found
Table 4 Command output
|
Field |
Description |
|
State |
Entry state: · Dynamic—Local- or remote-MAC entry dynamically learned in the data plane. · Static—Static remote-MAC entry. · EVPN—Remote-MAC entry advertised through BGP EVPN. · OpenFlow—Remote-MAC entry issued by a remote controller through OpenFlow. · OVSDB—Remote-MAC entry issued by a remote controller through OVSDB. |
|
Link ID/Name |
For a local MAC address, this field displays the AC's link ID on the VSI. For a remote MAC address, this field displays the tunnel interface name. |
|
Aging |
Entry aging state: · Aging. · NotAging. |
Related commands
reset l2vpn mac-address
display l2vpn vsi
Use display l2vpn vsi to display information about VSIs.
Syntax
display l2vpn vsi [ name vsi-name ] [ verbose ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
name vsi-name: Specifies a VSI by its name, a case-sensitive string of 1 to 31 characters. If you do not specify a VSI, this command displays information about all VSIs.
verbose: Displays detailed information about VSIs. If you do not specify this keyword, the command displays brief information about VSIs.
Examples
# Display brief information about all VSIs.
<Sysname> display l2vpn vsi
Total number of VSIs: 1, 1 up, 0 down, 0 admin down
VSI Name VSI Index MTU State
vpna 0 1500 Up
Table 5 Command output
|
Field |
Description |
|
MTU |
MTU on the VSI. |
|
State |
VSI state: · Up—The VSI is up. · Down—The VSI is down. · Admin down—The VSI has been manually shut down by using the shutdown command. |
# Display detailed information about all VSIs.
<Sysname> display l2vpn vsi verbose
VSI Name: vpna
VSI Index : 0
VSI State : Up
MTU : 1500
Bandwidth : -
Broadcast Restrain : -
Multicast Restrain : -
Unknown Unicast Restrain: -
MAC Learning : Enabled
MAC Table Limit : -
MAC Leacning rate : -
Drop Unknown : -
PW Redundancy : Slave
Flooding : Enabled
Statistics : Enabled
Input Statistics:
Octets : 0
Packets : 0
Errors : 0
Discards : 0
Output Statistics:
Octets : 0
Packets : 0
Errors : 0
Discards : 0
Gateway Interface : VSI-interface 100
VXLAN ID : 10
Tunnels:
Tunnel Name Link ID State Type Flood Proxy Split horizon
Tunnel1 0x5000001 Up Manual Disabled Enabled
Tunnel2 0x5000002 Up Manual Disabled Enabled
ACs:
AC Link ID State
GE1/0 0 Up
Table 6 Command output
|
Field |
Description |
|
VSI Description |
Description of the VSI. If the VSI does not have a description, the command does not display this field. |
|
VSI State |
VSI state: · Up—The VSI is up. · Down—The VSI is down. · Administratively down—The VSI has been manually shut down by using the shutdown command. |
|
MTU |
MTU on the VSI. |
|
Bandwidth |
Maximum bandwidth (in kbps) for known unicast traffic on the VSI. This field displays a hyphen (-) if it is not available in the current software version. |
|
Broadcast Restrain |
Broadcast restraint bandwidth (in kbps). This field displays a hyphen (-) if it is not available in the current software version. |
|
Multicast Restrain |
Multicast restraint bandwidth (in kbps). This field displays a hyphen (-) if it is not available in the current software version. |
|
Unknown Unicast Restrain |
Unknown unicast restraint bandwidth (in kbps). This field displays a hyphen (-) if it is not available in the current software version. |
|
MAC Learning |
State of the MAC learning feature. |
|
MAC Table Limit |
Maximum number of MAC address entries on the VSI. This field displays a hyphen (-) if it is not available in the current software version. |
|
Drop Unknown |
Action on source MAC-unknown frames received after the maximum number of MAC entries is reached. |
|
Flooding |
State of the VSI's flooding feature: · Enabled—Flooding is enabled on the VSI. The VTEP floods unknown unicast frames to both local and remote sites. · Disabled—Flooding is disabled on the VSI. The VTEP floods unknown unicast frames only to local sites. |
|
Statistics |
Packet statistics state: · Enabled—The packet statistics feature is enabled for the VSI. · Disabled—The packet statistics feature is disabled for the VSI. |
|
Input Statistics |
Incoming traffic statistics: · Octets—Number of incoming bytes. · Packets—Number of incoming packets. · Errors—Number of error packets. · Discards—Number of discarded packets. |
|
Output Statistics |
Outgoing traffic statistics: · Octets—Number of outgoing bytes. · Packets—Number of outgoing packets. · Errors—Number of error packets. · Discards—Number of discarded packets. |
|
Gateway Interface |
VSI interface name. |
|
State |
Tunnel state: · Up—The tunnel is operating correctly. · Blocked—The tunnel is a backup proxy tunnel. Its tunnel interface is up, but the tunnel is blocked because the primary proxy tunnel is operating correctly. · Defect—The tunnel interface is up, but BFD cannot detect the remote VTEP. This state is not supported in the current software version. · Down—The tunnel interface is down. |
|
Type |
Tunnel assignment method: · Auto—The tunnel was automatically assigned to the VXLAN through EVPN. · Manual—The tunnel was manually assigned to the VXLAN. |
|
Flood Proxy |
Flood proxy state: · Enabled—Flood proxy is enabled. The VTEP sends broadcast, multicast, and unknown unicast traffic to a flood proxy server through the tunnel. The flood proxy server replicates and forwards flood traffic to remote VTEPs. · Disabled—Flood proxy is disabled. |
|
Split horizon |
State of split horizon: · Enabled—Split horizon is enabled on the VXLAN tunnel. The VXLAN tunnel does not forward the traffic that is received on other VXLAN tunnels. · Disabled—Split horizon is disabled on the VXLAN tunnel. The VXLAN tunnel forwards the traffic that is received on other VXLAN tunnels. |
|
ACs |
ACs that are bound to the VSI. |
|
Link ID |
AC's link ID on the VSI. |
|
State |
AC state: · Up. · Down. |
display vxlan tunnel
Use display vxlan tunnel to display VXLAN tunnel information for VXLANs.
Syntax
display vxlan tunnel [ vxlan-id vxlan-id [ tunnel tunnel-number ] ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
vxlan-id: Specifies a VXLAN ID in the range of 0 to 16777215. If you do not specify a VXLAN, this command displays VXLAN tunnel information for all VXLANs.
tunnel tunnel-number: Specifies a VXLAN tunnel. The tunnel-number argument represents the tunnel interface number. The value range for the tunnel-number argument is 0 to 65534. If you do not specify a VXLAN tunnel, this command displays information about all VXLAN tunnels associated with the specified VXLAN.
Examples
# Display VXLAN tunnel information for all VXLANs.
<Sysname> display vxlan tunnel
Total number of VXLANs: 1
VXLAN ID: 10, VSI name: vpna, Total tunnels: 3 (3 up, 0 down, 0 defect, 0 blocked)
Tunnel name Link ID State Type Flood proxy Split horizon
Tunnel1 0x5000001 Up Manual Disabled Enabled
Tunnel2 0x5000002 Up Manual Disabled Enabled
# Display VXLAN tunnel information for VXLAN 10.
<Sysname> display vxlan tunnel vxlan-id 10
VXLAN ID: 10, VSI name: vpna, Total tunnels: 3 (3 up, 0 down, 0 defect, 0 blocked)
Tunnel name Link ID State Type Flood proxy Split horizon
Tunnel1 0x5000001 Up Manual Disabled Enabled
Tunnel2 0x5000002 Up Manual Disabled Enabled
# Display information about VXLAN tunnel 0 for VXLAN 10.
<Sysname> display vxlan tunnel vxlan-id 10 tunnel 0
Interface: Tunnel0
Link ID : 0x5000000
State : Up
Type : Auto
Flood Proxy: Disabled
Statistics : Enabled
Input statistics:
Octets : 994496
Packets: 15539
Output statistics:
Octets : 0
Packets: 0
Table 7 Command output
|
Field |
Description |
|
Link ID |
Tunnel's link ID in the VXLAN. |
|
State |
Tunnel state: · Up—The tunnel is operating correctly. · Blocked—The tunnel is a backup proxy tunnel. Its tunnel interface is up, but the tunnel is blocked because the primary proxy tunnel is operating correctly. · Down—The tunnel interface is down. |
|
Type |
Tunnel assignment method: · Auto—The tunnel was automatically assigned to the VXLAN through EVPN. · Manual—The tunnel was manually assigned to the VXLAN. |
|
Flood proxy |
Flood proxy state: · Enabled—Flood proxy is enabled. The VTEP sends broadcast, multicast, and unknown unicast traffic to a flood proxy server through the tunnel. The flood proxy server replicates and forwards flood traffic to remote VTEPs. · Disabled—Flood proxy is disabled. |
|
Split horizon |
State of split horizon: · Enabled—Split horizon is enabled on the VXLAN tunnel. The VXLAN tunnel does not forward the traffic that is received on other VXLAN tunnels. · Disabled—Split horizon is disabled on the VXLAN tunnel. The VXLAN tunnel forwards the traffic that is received on other VXLAN tunnels. |
Related commands
tunnel
vxlan
flooding disable
Use flooding disable to disable flooding for a VSI.
Use undo flooding disable to enable flooding for a VSI.
Syntax
flooding disable
undo flooding disable
Default
Flooding is enabled for a VSI.
Views
VSI view
Predefined user roles
network-admin
Usage guidelines
By default, the device floods unknown unicast frames received from the local site to the following interfaces in the frame's VXLAN:
· All site-facing interfaces except for the incoming interface.
· All VXLAN tunnel interfaces.
To confine unknown unicast traffic to the site-facing interfaces, use this command to disable flooding for the VSI bound to the VXLAN. The VSI will not flood unknown unicast frames to VXLAN tunnel interfaces.
Examples
# Disable flooding for VSI vsi1.
<Sysname> system-view
[Sysname] vsi vsi1
[Sysname-vsi-vsi1] flooding disable
l2vpn enable
Use l2vpn enable to enable L2VPN.
Use undo l2vpn enable to disable L2VPN.
Syntax
l2vpn enable
undo l2vpn enable
Default
L2VPN is disabled.
Views
System view
Predefined user roles
network-admin
Usage guidelines
You must enable L2VPN before you can configure L2VPN settings.
Examples
# Enable L2VPN.
<Sysname> system-view
[Sysname] l2vpn enable
l2vpn rewrite inbound tag
Use l2vpn rewrite inbound tag to configure the VLAN tag processing rule for incoming traffic.
Use undo l2vpn rewrite inbound to restore the default.
Syntax
l2vpn rewrite inbound tag { nest { c-vid vlan-id | s-vid vlan-id [ c-vid vlan-id ] } | remark 1-to-2 s-vid vlan-id c-vid vlan-id } [ symmetric ]
undo l2vpn rewrite inbound
Default
VLAN tags of incoming traffic are not processed.
Views
Layer 3 aggregate interface view
Layer 3 Ethernet interface view
Predefined user roles
network-admin
Parameters
nest: Adds VLAN tags.
c-vid: Specifies an inner VLAN tag.
s-vid: Specifies an outer VLAN tag.
vlan-id: Specifies a VLAN ID in the range of 1 to 4094.
remark: Maps VLAN tags.
1-to-2: Performs one-to-two mapping to replace the VLAN tag of single tagged packets with the specified outer and inner VLAN tags.
symmetric: Applies the reverse VLAN tag processing rule to outgoing traffic. If you do not specify this keyword, VLAN tags of outgoing traffic are not processed.
Usage guidelines
To modify the VLAN tag processing rule for incoming traffic, first execute the undo l2vpn rewrite inbound command to remove the existing rule, and then execute the l2vpn rewrite inbound command.
When you use this command, follow these restrictions:
· The l2vpn rewrite inbound tag nest s-vid vlan-id c-vid vlan-id command takes effect only on untagged packets.
· The l2vpn rewrite inbound tag remark 1-to-2 command takes effect only on single tagged packets.
Examples
# Configure Layer 3 Ethernet interface GigabitEthernet 1/0 to add outer VLAN tag 100 to incoming frames and remove outer VLAN tag 100 from outgoing frames.
<Sysname> system-view
[Sysname] interface gigabitethernet 1/0
[Sysname-GigabitEthernet1/0] l2vpn rewrite inbound tag nest s-vid 100 symmetric
mac-address static vsi
Use mac-address static vsi to add a static remote-MAC address entry for a VXLAN VSI.
Use undo mac-address static vsi to remove static remote-MAC address entries for a VXLAN VSI.
Syntax
mac-address static mac-address interface tunnel tunnel-number vsi vsi-name
undo mac-address static [ mac-address ] [ interface tunnel tunnel-number ] vsi vsi-name
Default
VXLAN VSIs do not have static remote-MAC address entries.
Views
System view
Predefined user roles
network-admin
Parameters
mac-address: Specifies a MAC address in H-H-H format. Do not specify a multicast MAC address or an all-zeros MAC address. You can omit the consecutive zeros at the beginning of each segment. For example, you can enter f-e2-1 for 000f-00e2-0001.
interface tunnel tunnel-number: Specifies a VXLAN tunnel interface by its tunnel interface number. The value range for the tunnel-number argument is 0 to 65534. The tunnel interface must already exist.
vsi vsi-name: Specifies a VSI name, a case-sensitive string of 1 to 31 characters.
Usage guidelines
A remote MAC address is the MAC address of a VM in a remote site. Remote MAC entries include manually added MAC entries, dynamically learned MAC entries, and MAC entries advertised through a protocol, for example, BGP EVPN.
When you add a remote MAC address entry, make sure the specified VSI's VXLAN has been assigned the specified VXLAN tunnel.
The undo mac-address static vsi vsi-name command removes all static MAC address entries for a VSI.
Do not configure static remote-MAC entries for tunnels that are automatically established by using EVPN.
· EVPN re-establishes tunnels if the transport-facing interface goes down and then comes up. If you have configured static remote-MAC entries, the entries are deleted when the tunnels are re-established.
· EVPN re-establishes tunnels if you perform configuration rollback. If the tunnel IDs change during tunnel re-establishment, configuration rollback fails, and static remote-MAC entries on the tunnels cannot be restored.
Examples
# Add MAC address 000f-e201-0101 to VSI vsi1. Specify Tunnel-interface 1 as the outgoing interface.
<Sysname> system-view
[Sysname] mac-address static 000f-e201-0101 interface tunnel 1 vsi vsi1
Related commands
vxlan tunnel mac-learning disable
mtu
Use mtu to set the MTU for a VSI.
Use undo mtu to restore the default.
Syntax
mtu size
undo mtu
Default
The default MTU of a VSI is 1500 bytes.
Views
VSI view
Predefined user roles
network-admin
Parameters
size: Specifies an MTU value. The value range for this argument is 46 to 9216.
Usage guidelines
The MTU set by using this command limits the maximum length of the packets that a VSI receives from ACs and forwards through VXLAN tunnels. The MTU does not limit the maximum length of other packets in the VXLAN VSI.
Fragmentation is disabled for a VSI that uses the default MTU. If you set a MTU for a VSI, the packets longer than the MTU are fragmented.
Examples
# Set the MTU to 1400 bytes for VSI vxlan1.
<Sysname> system-view
[Sysname] vsi vxlan1
[Sysname-vsi-vxlan1] mtu 1400
Related commands
display l2vpn vsi
reserved vxlan
Use reserved vxlan to specify a reserved VXLAN.
Use undo reserved vxlan to restore the default.
Syntax
reserved vxlan vxlan-id
undo reserved vxlan
Default
No VXLAN has been reserved.
Views
System view
Predefined user roles
network-admin
Parameters
vxlan-id: Specifies a VXLAN ID in the range of 0 to 16777215.
Usage guidelines
You can specify only one reserved VXLAN on the VTEP. The reserved VXLAN cannot be the VXLAN created on any VSI.
The reserved VXLAN ID cannot be the same as the remote VXLAN ID specified by using the mapping vni command.
Examples
# Specify VXLAN 10000 as the reserved VXLAN.
<Sysname> system-view
[Sysname] reserved vxlan 10000
Related commands
mapping vni (EVPN Command Reference)
reset arp suppression vsi
Use reset arp suppression vsi to clear ARP flood suppression entries on VSIs.
Syntax
reset arp suppression vsi [ name vsi-name ]
Views
User view
Predefined user roles
network-admin
Parameters
name vsi-name: Specifies a VSI by its name, a case-sensitive string of 1 to 31 characters. If you do not specify a VSI, this command clears ARP flood suppression entries on all VSIs.
Examples
# Clear ARP flood suppression entries on all VSIs.
<Sysname> reset arp suppression vsi
This command will delete all entries. Continue? [Y/N]:y
Related commands
arp suppression enable
display arp suppression vsi
reset l2vpn mac-address
Use reset l2vpn mac-address to clear dynamic MAC address entries on VSIs.
Syntax
reset l2vpn mac-address [ vsi vsi-name ]
Views
User view
Predefined user roles
network-admin
Parameters
vsi vsi-name: Specifies a VSI by its name, a case-sensitive string of 1 to 31 characters. If you do not specify a VSI, this command clears all dynamic MAC address entries on all VSIs.
Usage guidelines
Use this command when the number of dynamic MAC address entries reaches the limit or the device learns incorrect MAC addresses.
Examples
# Clear the dynamic MAC address entries on VSI vpn1.
<Sysname> reset l2vpn mac-address vsi vpn1
Related commands
display l2vpn mac-address vsi
reset l2vpn statistics vsi
Use reset l2vpn statistics vsi to clear packet statistics on VSIs.
Syntax
reset l2vpn statistics vsi [ name vsi-name ]
Views
User view
Predefined user roles
network-admin
Parameters
name vsi-name: Specifies a VSI by its name, a case-sensitive string of 1 to 31 characters. If you do not specify a VSI, this command clears packet statistics on all VSIs.
Examples
# Clear packet statistics on all VSIs.
<Sysname> reset l2vpn statistics vsi
Related commands
statistics enable (VSI view)
selective-flooding mac-address
Use selective-flooding mac-address to enable selective flood for a MAC address.
Use undo selective-flooding mac-address to disable selective flood for a MAC address.
Syntax
selective-flooding mac-address mac-address
undo selective-flooding mac-address mac-address
Default
Selective flood is disabled for all MAC addresses.
Views
VSI view
Predefined user roles
network-admin
Parameters
mac-address: Specifies a MAC address. The MAC address cannot be all Fs.
Usage guidelines
This command excludes a remote MAC address from the flood suppression done by using the flooding disable command. The VTEP will flood the frames destined for the specified MAC address to remote sites when unknown-unicast floods are confined to the local site.
Examples
# Enable selective flood for 000f-e201-0101 on VSI vsi1.
<Sysname> system-view
[Sysname] vsi vsi1
[Sysname-vsi-vsi1] selective-flooding mac-address 000f-e201-0101
Related commands
flooding disable
shutdown
Use shutdown to shut down a VSI.
Use undo shutdown to bring up a VSI.
Syntax
shutdown
undo shutdown
Default
VSIs are not manually shut down.
Views
VSI view
Predefined user roles
network-admin
Usage guidelines
Use this command to temporarily disable a VSI to provide Layer 2 switching services. The shutdown action does not change settings on the VSI. You can continue to configure the VSI. After you bring up the VSI again, the VSI provides services based on the latest settings.
Examples
# Shut down VSI vpn1.
<Sysname> system-view
[Sysname] vsi vpn1
[Sysname-vsi-vpn1] shutdown
Related commands
display l2vpn vsi
statistics enable (tunnel interface view)
Use statistics enable to enable packet statistics for a manually created VXLAN or VXLAN-DCI tunnel.
Use undo statistics enable to disable packet statistics for a manually created VXLAN or VXLAN-DCI tunnel.
Syntax
statistics enable
undo statistics enable
Default
The packet statistics feature is disabled for a manually created VXLAN or VXLAN-DCI tunnel.
Views
VXLAN tunnel interface view
VXLAN-DCI tunnel interface view
Predefined user roles
network-admin
Examples
# Enable packet statistics for VXLAN tunnel interface Tunnel 0.
<Sysname> system-view
[Sysname] interface tunnel 0 mode vxlan
[Sysname-Tunnel0] statistics enable
Related commands
display interface tunnel (Layer 3—IP Services Command Reference)
reset counters interface tunnel (Layer 3—IP Services Command Reference)
tunnel statistics vxlan auto
tunnel
Use tunnel to assign a VXLAN tunnel to a VXLAN.
Use undo tunnel to remove a VXLAN tunnel from a VXLAN.
Syntax
tunnel tunnel-number { flooding-proxy | no-split-horizon }
undo tunnel tunnel-number
Default
A VXLAN does not contain VXLAN tunnels.
Views
VXLAN view
Predefined user roles
network-admin
Parameters
tunnel-number: Specifies a tunnel interface number. The value range for this argument is 0 to 65534. The tunnel must be a VXLAN tunnel.
flooding-proxy: Enables flood proxy on the tunnel for the VTEP to send flood traffic to the flood proxy server. The flood proxy server replicates and forwards flood traffic to remote VTEPs. If you do not specify this keyword, flood proxy is disabled on the tunnel.
no-split-horizon: Disables split horizon on the tunnel. The tunnel can forward the traffic that is received on ACs and other VXLAN tunnels. If you do not specify this keyword, split horizon is enabled on the tunnel, and it does not forward the traffic that is received on other VXLAN tunnels. You cannot disable split horizon on VXLAN-DCI tunnels.
remote-vni vxlan-id: Specifies a remote VXLAN ID. The value range for the vxlan-id argument varies by device model.
Usage guidelines
This command assigns a VXLAN tunnel to a VXLAN to provide Layer 2 connectivity for the VXLAN between two sites. In unicast mode, the system floods unknown unicast, multicast, and broadcast traffic to each tunnel in the VXLAN.
You can assign multiple VXLAN tunnels to a VXLAN, and configure a VXLAN tunnel to trunk multiple VXLANs.
On a VSI, you can enable flood proxy on multiple VXLAN tunnels. The first tunnel that is enabled with flood proxy works as the primary proxy tunnel to forward broadcast, multicast, and unknown unicast traffic. Other proxy tunnels are backups that do not forward traffic when the primary proxy tunnel is operating correctly.
If you disable split horizon on a VXLAN tunnel, make sure the corresponding VXLAN does not have another VXLAN tunnel that is destined for the same remote VTEP.
To modify the flood proxy or split horizon setting on a VXLAN tunnel, you must first use the undo tunnel command to remove the tunnel.
Examples
# Assign VXLAN tunnels 1 and 2 to VXLAN 10000.
<Sysname> system-view
[Sysname] vsi vpna
[Sysname-vsi-vpna] vxlan 10000
[Sysname-vsi-vpna-vxlan-10000] tunnel 1
[Sysname-vsi-vpna-vxlan-10000] tunnel 2
Related commands
display vxlan tunnel
tunnel bfd enable
Use tunnel bfd enable to enable BFD on a VXLAN tunnel interface.
Use undo tunnel bfd enable to disable BFD on a VXLAN tunnel interface.
Syntax
tunnel bfd enable destination-mac mac-address
undo tunnel bfd enable
Default
BFD is disabled on a VXLAN tunnel interface.
Views
VXLAN tunnel interface view
Predefined user roles
network-admin
Parameters
destination-mac mac-address: Specifies a destination MAC address in H-H-H format for BFD control packets. The MAC address can be a remote VTEP address or a multicast address. You can omit the consecutive zeros at the beginning of each segment. For example, you can enter f-e2-1 for 000f-00e2-0001.
Usage guidelines
Enable BFD on both ends of a VXLAN tunnel for quick link connectivity detection. The VTEPs periodically send BFD single-hop control packets to each other through the VXLAN tunnel. A VTEP sets the tunnel state to Defect if it has not received control packets from the remote end for 5 seconds. In this situation, the tunnel interface state is still Up. The tunnel state will change from Defect to Up if the VTEP can receive BFD control packets again.
Examples
# Enable BFD on VXLAN tunnel interface Tunnel 9, and specify 1-1-1 as the destination MAC address for BFD control packets.
<Sysname> system-view
[Sysname] interface tunnel 9 mode vxlan
[Sysname-Tunnel9] tunnel bfd enable destination-mac 1-1-1
tunnel global source-address
Use tunnel global source-address to specify a global source address for VXLAN tunnels.
Use undo tunnel global source-address to restore the default.
Syntax
tunnel global source-address { ipv4-address | ipv6 ipv6-address }
undo tunnel global source-address [ ipv6 ]
Default
No global source address is specified for VXLAN tunnels.
Views
System view
Predefined user roles
network-admin
Parameters
ipv4-address: Specifies an IPv4 address.
ipv6 ipv6-address: Specifies an IPv6 address. If you do not specify the ipv6 keyword when executing the undo tunnel global source-address command, the command deletes the global source IPv4 address for VXLAN tunnels.
Usage guidelines
|
|
IMPORTANT: For correct VXLAN deployment and VTEP management, do not manually specify tunnel-specific source addresses for VXLAN tunnels if OVSDB is used. |
A VXLAN tunnel uses the global source address if you do not specify a source interface or source address for the tunnel.
The global source address takes effect only on VXLAN tunnels.
IPv4 VXLAN tunnels use the global source IPv4 address, and IPv6 VXLAN tunnels use the global source IPv6 addresses.
Examples
# Specify 1.1.1.1 as the global source address for VXLAN tunnels.
<Sysname> system-view
[Sysname] tunnel global source-address 1.1.1.1
tunnel statistics enable
Use tunnel statistics enable to enable packet statistics for all VXLAN tunnels associated with a VSI.
Use undo tunnel statistics enable to disable packet statistics for all VXLAN tunnels associated with a VSI.
Syntax
tunnel statistics enable
undo tunnel statistics enable
Default
The packet statistics feature is disabled for the VXLAN tunnels associated with a VSI.
Views
VSI view
Predefined user roles
network-admin
Usage guidelines
This command enables packet statistics only for VXLAN tunnels. It does not take effect on VXLAN-DCI tunnels.
Examples
# Enable packet statistics for all VXLAN tunnels associated with VSI vpna.
<Sysname> system-view
[Sysname] vsi vpna
[Sysname-vsi-vpna] tunnel statistics enable
Related commands
display vxlan tunnel
vsi
Use vsi to create a VSI and enter its view, or enter the view of an existing VSI.
Use undo vsi to delete a VSI.
Syntax
vsi vsi-name
undo vsi vsi-name
Default
No VSIs exist.
Views
System view
Predefined user roles
network-admin
Parameters
vsi-name: Specifies a VSI name, a case-sensitive string of 1 to 31 characters.
Usage guidelines
A VSI acts as a virtual switch to provide Layer 2 switching services for a VXLAN on a VTEP. A VSI has all functions of a physical Ethernet switch, including source MAC address learning, MAC address aging, and flooding.
A VSI can provide services only for one VXLAN.
Examples
# Create VSI vxlan10 and enter VSI view.
<Sysname> system-view
[Sysname] vsi vxlan10
[Sysname-vsi-vxlan10]
Related commands
display l2vpn vsi
vxlan
Use vxlan to create a VXLAN and enter its view, or enter the view of an existing VXLAN.
Use undo vxlan to restore the default.
Syntax
vxlan vxlan-id
undo vxlan
Default
No VXLANs exist.
Views
VSI view
Predefined user roles
network-admin
Parameters
vxlan-id: Specifies a VXLAN ID in the range of 0 to 16777215.
Usage guidelines
You can create only one VXLAN for a VSI. The VXLAN ID for each VSI must be unique.
Examples
# Create VXLAN 10000 for VSI vpna and enter VXLAN view.
<Sysname> system-view
[Sysname] vsi vpna
[Sysname-vsi-vpna] vxlan 10000
[Sysname-vsi-vpna-vxlan-10000]
Related commands
vsi
vxlan fast-forwarding enable
Use vxlan fast-forwarding enable to enable VXLAN fast forwarding.
Use undo vxlan fast-forwarding enable to disable VXLAN fast forwarding.
Syntax
vxlan fast-forwarding enable
undo vxlan fast-forwarding enable
Default
VXLAN fast forwarding is disabled.
Views
System view
Predefined user roles
network-admin
Usage guidelines
VXLAN fast forwarding enables the device to bypass QoS and security services when the device forwards data traffic over VXLAN tunnels based on the software. As a best practice, enable this feature to improve forwarding speed only when QoS and security services are not configured on the following interfaces:
· VSI interfaces.
· VSI subinterfaces.
· Traffic outgoing interfaces for VXLAN tunnels.
When VXLAN fast forwarding is enabled, a VXLAN tunnel cannot use ECMP routes to load share traffic. Instead, it selects one route from the ECMP routes to forward VXLAN packets.
Examples
# Enable VXLAN fast forwarding.
<Sysname> system
[Sysname] vxlan fast-forwarding enable
vxlan invalid-udp-checksum discard
Use vxlan invalid-udp-checksum discard to enable the device to drop the VXLAN packets that fail UDP checksum check.
Use undo vxlan invalid-udp-checksum discard to restore the default.
Syntax
vxlan invalid-udp-checksum discard
undo vxlan invalid-udp-checksum discard
Default
The device does not check the UDP checksum of VXLAN packets.
Views
System view
Predefined user roles
network-admin
Usage guidelines
This command enables the device to check the UDP checksum of VXLAN packets.
The device always sets the UDP checksum of VXLAN packets to 0. For compatibility with third-party devices, a VXLAN packet can pass the check if its UDP checksum is 0 or correct. If its UDP checksum is incorrect, the VXLAN packet fails the check and is dropped.
Examples
# Enable the device to drop the VXLAN packets that fail UDP checksum check.
<Sysname> system-view
[Sysname] vxlan invalid-udp-checksum discard
vxlan local-mac report
Use vxlan local-mac report to enable local-MAC logging.
Use undo vxlan local-mac report to disable local-MAC logging.
Syntax
vxlan local-mac report
undo vxlan local-mac report
Default
Local-MAC logging is disabled.
Views
System view
Predefined user roles
network-admin
Usage guidelines
When the local-MAC logging feature is enabled, the VXLAN module immediately sends a log message with its local MAC addresses to the information center. When a local MAC address is added or removed, a log message is also sent to the information center to notify the local-MAC change.
With the information center, you can set log message filtering and output rules, including output destinations. For more information about configuring the information center, see Network Management and Monitoring Configuration Guide.
Examples
# Enable local-MAC logging.
<Sysname> system-view
[Sysname] vxlan local-mac report
vxlan source udp-port acl
Use vxlan source udp-port acl to configure an ACL match criterion and specify the source UDP port number in the VXLAN encapsulation for matching frames.
Use undo vxlan source udp-port to restore the default.
Syntax
vxlan source udp-port port-number acl acl-number
undo vxlan source udp-port
Default
The source UDP port number in the VXLAN encapsulation is generated based on the source and destination MAC addresses of the inner Ethernet frame.
Views
VXLAN tunnel interface view
VXLAN-DCI tunnel interface view
Predefined user roles
network-admin
Parameters
port-number: Specifies a UDP port number in the range of 1024 to 65535. As a best practice, specify a port number in the range of 1024 to 49151.
acl-number: Specifies an ACL by its number in the range of 3000 to 3999. The ACL must be an advanced ACL.
Usage guidelines
This command takes effect only on IPv4-based VXLAN. Only manually created VXLAN tunnel interfaces support this command.
This command enables a VXLAN tunnel interface to filter frames by using an ACL and encapsulate a specific source UDP port number for matching frames. This allows IPsec to identify the VXLAN packets to encrypt by the source UDP port number in the VXLAN encapsulation.
If the ACL specified by using this command does not exist or does not contain an IP address-related rule, frames are encapsulated based on the default setting.
This command has a higher priority than the vxlan source udp-port five-tuple command.
If you execute this command multiple times, the most recent configuration takes effect.
Examples
# Configure VXLAN tunnel interface Tunnel 1 to encapsulate source UDP port number 50001 for the frames that match ACL 3001.
<Sysname> system-view
[Sysname] interface tunnel 1 mode vxlan
[Sysname-Tunnel1] vxlan source udp-port 50001 acl 3001
Related commands
acl (ACL and QoS Command Reference)
vxlan source udp-port five-tuple
vxlan source udp-port five-tuple
Use vxlan source udp-port five-tuple to configure a VXLAN tunnel interface to generate the source UDP port number in the VXLAN encapsulation based on the IP five-tuple of the inner Ethernet frame.
Use undo vxlan source udp-port five-tuple to restore the default.
Syntax
vxlan source udp-port five-tuple
undo vxlan source udp-port five-tuple
Default
The source UDP port number in the VXLAN encapsulation is generated based on the source and destination MAC addresses of the inner Ethernet frame.
Views
VXLAN tunnel interface view
VXLAN-DCI tunnel interface view
Predefined user roles
network-admin
Usage guidelines
This command takes effect only on IPv4-based VXLAN. Only manually created VXLAN tunnel interfaces support this command.
This command has a lower priority than the vxlan source udp-port acl command. If you use both commands on a VXLAN tunnel interface, the vxlan source udp-port five-tuple command takes effect only on the frames that fail to match the ACL specified by using the vxlan source udp-port acl command.
Examples
# Configure VXLAN tunnel interface Tunnel 1 to generate the source UDP port number in the VXLAN encapsulation based on the IP five-tuple of the inner Ethernet frame.
<Sysname> system-view
[Sysname] interface tunnel 1 mode vxlan
[Sysname-Tunnel1] vxlan source udp-port five-tuple
Related commands
vxlan source udp-port acl
vxlan tunnel mac-learning disable
Use vxlan tunnel mac-learning disable to disable remote-MAC address learning.
Use undo vxlan tunnel mac-learning disable to enable remote-MAC address learning.
Syntax
vxlan tunnel mac-learning disable
undo vxlan tunnel mac-learning disable
Default
Remote-MAC address learning is enabled.
Views
System view
Predefined user roles
network-admin
Usage guidelines
When network attacks occur, use this command to prevent the device from learning incorrect remote MAC addresses in the data plane.
Examples
# Disable remote-MAC address learning.
<Sysname> system-view
[Sysname] vxlan tunnel mac-learning disable
vxlan udp-port
Use vxlan udp-port to set the destination UDP port number for VXLAN packets.
Use undo vxlan udp-port to restore the default.
Syntax
vxlan udp-port port-number
undo vxlan udp-port
Default
The destination UDP port number is 4789 for VXLAN packets.
Views
System view
Predefined user roles
network-admin
Parameters
port-number: Specifies a UDP port number in the range of 1 to 65535. As a best practice, specify a port number in the range of 1024 to 65535 to avoid conflict with well-known ports.
Usage guidelines
You must configure the same destination UDP port number on all VTEPs in a VXLAN.
Examples
# Set the destination UDP port number to 6666 for VXLAN packets.
<Sysname> system-view
[Sysname] vxlan udp-port 6666
xconnect vsi
Use xconnect vsi to map an AC to a VSI.
Use undo xconnect vsi to restore the default.
Syntax
xconnect vsi vsi-name [ access-mode { ethernet | vlan } ] [ track track-entry-number&<1-3> ]
undo xconnect vsi
Default
An AC is not mapped to any VSI.
Views
Ethernet service instance view
Interface view
Predefined user roles
network-admin
Parameters
vsi-name: Specifies the VSI name, a case-sensitive string of 1 to 31 characters.
track track-entry-number&<1-3>: Specifies a space-separated list of up to three track entry numbers in the range of 1 to 1024. The AC is up only if a minimum of one associated track entry is in positive state.
Usage guidelines
For traffic that matches a Layer 3 interface, the system uses the VSI's MAC address table to make a forwarding decision.
The access mode determines how a VTEP processes the 802.1Q VLAN tags in the inner Ethernet frames assigned to the VSI.
· VLAN access mode—Ethernet frames received from or sent to the local site must contain 802.1Q VLAN tags.
¡ For an Ethernet frame received from the local site, the VTEP removes all its 802.1Q VLAN tags before forwarding the frame.
¡ For an Ethernet frame destined for the local site, the VTEP adds 802.1Q VLAN tags to the frame before forwarding the frame.
In VLAN access mode, VXLAN packets sent between VXLAN sites do not contain 802.1Q VLAN tags. VXLAN can provide Layer 2 connectivity for different 802.1Q VLANs between sites. You can use different 802.1Q VLANs to provide the same service in different sites.
· Ethernet access mode—The VTEP does not process the 802.1Q VLAN tags of Ethernet frames received from or sent to the local site.
¡ For an Ethernet frame received from the local site, the VTEP forwards the frame with the 802.1Q VLAN tags intact.
¡ For an Ethernet frame destined for the local site, the VTEP forwards the frame without adding 802.1Q VLAN tags.
In Ethernet access mode, VXLAN packets sent between VXLAN sites contain 802.1Q VLAN tags. VXLAN cannot provide Layer 2 connectivity for different 802.1Q VLANs between sites. You must use the same 802.1Q VLAN to provide the same service between sites.
After you modify the access mode on a Layer 3 subinterface AC, local VMs that access the VXLAN network through the subinterface cannot communicate with remote VMs. To resolve this issue, you must clear the ARP entries on the local VMs or configure them to periodically send gratuitous ARP packets.
Examples
# Map GigabitEthernet 1/0 to VSI vpn1.
<Sysname> system-view
[Sysname] vsi vpn1
[Sysname-vsi-vpn1] quit
[Sysname] interface gigabitethernet 1/0
[Sysname-GigabitEthernet1/0] xconnect vsi vpn1
Related commands
display l2vpn interface
vsi
VXLAN IP gateway commands
arp distributed-gateway dynamic-entry synchronize
Use arp distributed-gateway dynamic-entry synchronize to enable dynamic ARP entry synchronization for distributed VXLAN IP gateways.
Use undo arp distributed-gateway dynamic-entry synchronize to disable dynamic ARP entry synchronization for distributed VXLAN IP gateways.
Syntax
arp distributed-gateway dynamic-entry synchronize
undo arp distributed-gateway dynamic-entry synchronize
Default
Dynamic ARP entry synchronization is disabled for distributed VXLAN IP gateways.
Views
System view
Predefined user roles
network-admin
Usage guidelines
When local proxy ARP is enabled on distributed VXLAN IP gateways, each gateway learns ARP information independently. A gateway does not forward ARP packets destined for its local VSI interfaces to other gateways. For distributed VXLAN IP gateways to have the same ARP entries, you must enable dynamic ARP entry synchronization.
A controller or the EVPN feature can also synchronize ARP entries among distributed VXLAN IP gateways. When you use a controller or the EVPN feature, do not enable dynamic ARP entry synchronization.
Examples
# Enable dynamic ARP entry synchronization for distributed VXLAN IP gateways.
<Sysname> system-view
[Sysname] arp distributed-gateway dynamic-entry synchronize
Related commands
distributed-gateway local
local-proxy-arp enable (Layer 3—IP Services Command Reference)
bandwidth
Use bandwidth to set the expected bandwidth for a VSI interface or VSI subinterface.
Use undo bandwidth to restore the default.
Syntax
bandwidth bandwidth-value
undo bandwidth
Default
The expected bandwidth (in kbps) equals the interface baudrate divided by 1000.
Views
VSI interface view
VSI subinterface view
Predefined user roles
network-admin
Parameters
bandwidth-value: Specifies the expected bandwidth, in the range of 1 to 400000000 kbps.
Usage guidelines
The expected bandwidth is an informational parameter used only by higher-layer protocols for calculation. You cannot adjust the actual bandwidth of an interface by using this command.
Examples
# Set the expected bandwidth to 10000 kbps for VSI-interface 100.
<Sysname> system-view
[Sysname] interface vsi-interface 100
[Sysname-Vsi-interface100] bandwidth 10000
default
Use default to restore the default settings for a VSI interface or VSI subinterface.
Syntax
default
Views
VSI interface view
VSI subinterface view
Predefined user roles
network-admin
Usage guidelines
|
|
CAUTION: The default command might interrupt ongoing network services. Make sure you are fully aware of the impact of this command when you use it on a live network. |
This command might fail to restore the default settings for some commands for reasons such as command dependencies and system restrictions.
To resolve this problem:
1. Use the display this command in interface view to identify these commands.
2. Use their undo forms or follow the command reference to restore their default settings.
3. If the restoration attempt still fails, follow the error message instructions to resolve the problem.
Examples
# Restore the default settings for VSI-interface 100.
<Sysname> system-view
[Sysname] interface vsi-interface 100
[Sysname-Vsi-interface100] default
This command will restore the default settings. Continue? [Y/N]:y
description
Use description to configure the description of a VSI interface or VSI subinterface.
Use undo description to restore the default.
Syntax
description text
undo description
Default
The description of a VSI interface or VSI subinterface is interface-name plus Interface (for example, Vsi-interface100 Interface).
Views
VSI interface view
VSI subinterface view
Predefined user roles
network-admin
Parameters
text: Specifies a description, a case-sensitive string of 1 to 255 characters.
Examples
# Configure the description as gateway for VXLAN 10 for VSI-interface 100.
<Sysname> system-view
[Sysname] interface vsi-interface 100
[Sysname-Vsi-interface100] description gateway for VXLAN 10
display interface vsi-interface
Use display interface vsi-interface to display information about VSI interfaces or VSI subinterfaces.
Syntax
display interface [ vsi-interface [ vsi-interface-id | vsi-interface-id.subid ] ] [ brief [ description | down ] ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
vsi-interface [ vsi-interface-id | vsi-interface-id.subid ]: Specifies a VSI interface or VSI subinterface by its number. Make sure the specified VSI interface or VSI subinterface has been created on the device. If you do not specify the vsi-interface [ vsi-interface-id | vsi-interface-id.subid ] option, this command displays information about all interfaces except for VA interfaces. If you specify only the vsi-interface keyword, this command displays information about all VSI interfaces and VSI subinterfaces. If you specify a VSI interface or VSI subinterface, this command displays information about the specified interface or subinterface. For more information about VA interfaces, see PPPoE configuration in Layer 2—WAN Access Configuration Guide.
brief: Display brief interface information. If you do not specify this keyword, the command displays detailed interface information.
description: Displays complete interface descriptions. If you do not specify this keyword, the command displays only the first 27 characters of interface descriptions.
down: Displays interfaces that are physically down as well as the down reason. If you do not specify this keyword, the command does not filter output by physical interface state.
Examples
# Display information about VSI-interface 100.
<Sysname> display interface vsi-interface 100
Vsi-interface100
Current state: UP
Line protocol state: UP
Description: Vsi-interface100 Interface
Bandwidth: 1000000 kbps
Maximum transmission unit: 1500
Internet address: 10.1.1.1/24 (primary)
IP packet frame type: Ethernet II, hardware address: 0011-2200-0102
IPv6 packet frame type: Ethernet II, hardware address: 0011-2200-0102
Physical: Unknown, baudrate: 1000000 kbps
Last clearing of counters: Never
Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Input: 0 packets, 0 bytes, 0 drops
Output: 0 packets, 0 bytes, 0 drops
Table 8 Command output
|
Field |
Description |
|
Current state |
Physical link state of the interface: · Administratively DOWN—The interface has been shut down by using the shutdown command. · DOWN—The interface is administratively up, but its physical state is down. · UP—The interface is both administratively and physically up. |
|
Line protocol state |
Data link layer state of the interface: · UP—The data link layer protocol is up. · UP(spoofing)—The data link layer protocol is up, but the link is an on-demand link or does not exist. · DOWN—The data link layer protocol is down. |
|
Description |
Description of the interface. |
|
Bandwidth |
Expected bandwidth of the interface. |
|
Maximum transmission unit |
MTU of the interface. |
|
Internet protocol processing: Disabled |
The interface is not assigned an IP address and cannot process IP packets. |
|
Internet address: ip-address/mask-length (Type) |
IP address of the interface and type of the address in parentheses. Possible IP address types include: · Primary—Manually configured primary IP address. · Sub—Manually configured secondary IP address. If the interface has both primary and secondary IP addresses, the primary IP address is displayed. If the interface has only secondary IP addresses, the lowest secondary IP address is displayed. · DHCP-Allocated—DHCP allocated IP address. For more information, see DHCP client configuration in Layer 3—IP Services Configuration Guide. · BOOTP-Allocated—BOOTP allocated IP address. For more information, see BOOTP client configuration in Layer 3—IP Services Configuration Guide. · PPP-Negotiated—IP address assigned by a PPP server during PPP negotiation. For more information, see PPP configuration in Layer 2—WAN Access Configuration Guide. · Unnumbered—IP address borrowed from another interface. · MAD—IP address assigned to an IRF member device for MAD on the interface. For more information, see IRF configuration in Virtual Technologies Configuration Guide. · MTunnel—IP address of the multicast tunnel interface (MTI), which is the same as the IP address of the MVPN source interface. For more information, see multicast VPN configuration in IP Multicast Configuration Guide. |
|
IP packet frame type |
IPv4 packet framing format. |
|
hardware address |
MAC address. |
|
IPv6 packet frame type |
IPv6 packet framing format. |
|
Physical |
Physical type of the interface, which is fixed at Unknown. |
|
baudrate |
Interface baudrate in kbps. |
|
Last clearing of counters |
Last time when the reset counters interface vsi-interface command was used to clear interface statistics. This field displays Never if the reset counters interface vsi-interface command has never been used on the interface since the device startup. |
|
Last 300 seconds input rate |
Average input rate for the last 300 seconds. |
|
Last 300 seconds output rate |
Average output rate for the last 300 seconds. |
|
Input: 0 packets, 0 bytes, 0 drops |
Incoming traffic statistics on the interface: · Number of incoming packets. · Number of incoming bytes. · Number of dropped incoming packets. |
|
Output: 0 packets, 0 bytes, 0 drops |
Outgoing traffic statistics on the interface: · Number of outgoing packets. · Number of outgoing bytes. · Number of dropped outgoing packets. |
# Display brief information about all VSI interfaces.
<Sysname> display interface vsi-interface brief
Brief information on interfaces in route mode:
Link: ADM - administratively down; Stby - standby
Protocol: (s) - spoofing
Interface Link Protocol Primary IP Description
Vsi100 DOWN DOWN --
# Display brief information and complete description for VSI-interface 100.
<Sysname> display interface vsi-interface 100 brief description
Brief information on interfaces in route mode:
Link: ADM - administratively down; Stby - standby
Protocol: (s) - spoofing
Interface Link Protocol Primary IP Description
Vsi100 UP UP 1.1.1.1 VSI-interface100
# Displays interfaces that are physically down and the down reason.
<Sysname> display interface brief down
Brief information on interfaces in route mode:
Link: ADM - administratively down; Stby - standby
Interface Link Cause
Vsi100 DOWN Administratively
Vsi200 DOWN Administratively
Table 9 Command output
|
Field |
Description |
|
Interface |
Abbreviated interface name. |
|
Link |
Physical link state of the interface: · UP—The interface is physically up. · DOWN—The interface is physically down. · ADM—The interface has been shut down by using the shutdown command. To restore the physical state of the interface, use the undo shutdown command. · Stby—The interface is a backup interface in standby state. To see the primary interface, use the display interface-backup state command. |
|
Protocol |
Data link layer protocol state of the interface: · UP—The data link layer protocol of the interface is up. · UP (s)—The data link layer protocol of the interface is up, but the link is an on-demand link or does not exist. The (s) attribute represents the spoofing flag. · DOWN—The data link layer protocol of the interface is down. |
|
Primary IP |
Primary IP address of the interface. This field displays two hyphens (--) if the interface does not have an IP address. |
|
Description |
Description of the interface. |
|
Cause |
Cause for the physical link state of an interface to be DOWN: · Administratively—The interface has been manually shut down by using the shutdown command. To restore the physical state of the interface, use the undo shutdown command. · Not connected—The interface is not mapped to any VSI, or the mapped VSI does not have any AC or VXLAN tunnel. |
Related commands
reset counters interface vsi-interface
distributed-gateway local
Use distributed-gateway local to specify a VSI interface as a distributed gateway to provide services for the local site.
Use undo distributed-gateway local to restore the default.
Syntax
distributed-gateway local
undo distributed-gateway local
Default
A VSI interface is not a distributed gateway.
Views
VSI interface view
Predefined user roles
network-admin
Usage guidelines
If a VXLAN uses distributed gateway services, you must assign the same IP address to the VXLAN's VSI interfaces on different VTEPs. To avoid IP address conflicts, you must specify the VSI interface on each VTEP as a distributed gateway.
Examples
# Specify VSI-interface 100 as a distributed gateway.
<Sysname> system-view
[Sysname] interface vsi-interface 100
[Sysname-Vsi-interface100] distributed-gateway local
gateway subnet
Use gateway subnet to assign a subnet to a VSI.
Use undo gateway subnet to remove a subnet from a VSI.
Syntax
gateway subnet { ipv4-address wildcard-mask | ipv6-address prefix-length }
undo gateway subnet { ipv4-address wildcard-mask | ipv6-address prefix-length }
Default
No subnet is assigned to a VSI.
Views
VSI view
Predefined user roles
network-admin
Parameters
ipv4-address: Specifies an IPv4 subnet address in dotted-decimal notation.
wildcard-mask: Specifies a wildcard mask in dotted decimal notation. In contrast to a network mask, the 0 bits in a wildcard mask represent "do care" bits, and the 1 bits represent "don't care" bits. If the "do care" bits in a packet's IP address are identical to the "do care" bits in the specified subnet address, the packet is assigned to the VSI. All "don't care" bits are ignored. The 0s and 1s in a wildcard mask can be noncontiguous. For example, 0.255.0.255 is a valid wildcard mask.
ipv6-address prefix-length: Specifies an IPv6 subnet address and the address prefix length in the range of 1 to 128.
Usage guidelines
You must configure this command on VSIs that share a gateway interface. This command enables the VSI interface to identify the VSI of a packet.
You can assign a maximum of eight IPv4 and IPv6 subnets to a VSI.
You must specify a gateway interface for a VSI before you can assign subnets to the VSI. If you remove the gateway interface from the VSI, the VSI's subnet settings are automatically deleted.
For VSIs that share a gateway interface, the subnets must be unique.
Examples
# Assign subnet 100.0.10.0/24 to VSI vxlan.
<Sysname> system-view
[Sysname] vsi vxlan
[Sysname-vsi-vxlan] gateway subnet 100.0.10.0 0.0.0.255
gateway vsi-interface
Use gateway vsi-interface to specify a gateway interface for a VSI.
Use undo gateway vsi-interface to restore the default.
Syntax
gateway vsi-interface vsi-interface-id
undo gateway vsi-interface
Default
No gateway interface is specified for a VSI.
Views
VSI view
Predefined user roles
network-admin
Parameters
vsi-interface-id: Specifies a VSI interface by its number. The value range for this argument is 0 to 8191.
Usage guidelines
A VSI can have only one gateway interface. Multiple VSIs can share a gateway interface.
Examples
# Specify VSI-interface 100 as the gateway interface for VSI vpna.
<Sysname> system-view
[Sysname] vsi vpna
[Sysname-vsi-vpna] gateway vsi-interface 100
Related commands
interface vsi-interface
interface vsi-interface
Use interface vsi-interface to create a VSI interface or VSI subinterface and enter its view, or enter the view of an existing VSI interface or VSI subinterface.
Use undo interface vsi-interface to delete a VSI interface or VSI subinterface.
Syntax
interface vsi-interface { vsi-interface-id | vsi-interface-id.subid }
undo interface vsi-interface { vsi-interface-id | vsi-interface-id.subid }
Default
No VSI interfaces or VSI subinterfaces exist.
Views
System view
Predefined user roles
network-admin
Parameters
vsi-interface-id: Specifies a VSI interface number. The value range for this argument is 0 to 8191.
vsi-interface-id.subid: Specifies a VSI subinterface by its number. The value range for this argument is 1 to 8192.
Usage guidelines
Before you create a VSI subinterface, make sure its main VSI interface has been created.
The number of VSI subinterfaces that you can create varies by device model.
Examples
# Create VSI-interface 100 and enter VSI interface view.
<Sysname> system-view
[Sysname] interface vsi-interface 100
[Sysname-Vsi-interface100]
Related commands
gateway vsi-interface
mac-address
Use mac-address to assign a MAC address to a VSI interface or VSI subinterface.
Use undo mac-address to restore the default.
Syntax
mac-address mac-address
undo mac-address
Default
The MAC address of a VSI interface is the bridge MAC address.
Views
VSI interface view
VSI subinterface view
Predefined user roles
network-admin
Parameters
mac-address: Specifies a MAC address in H-H-H format.
Examples
# Assign MAC address 0001-0001-0001 to VSI-interface 100.
<Sysname> system-view
[Sysname] interface vsi-interface 100
[Sysname-Vsi-interface100] mac-address 1-1-1
mtu
Use mtu to set the MTU for a VSI interface or VSI subinterface.
Use undo mtu to restore the default.
Syntax
mtu size
undo mtu
Default
The MTU is 1500 bytes.
Views
VSI interface view
VSI subinterface view
Predefined user roles
network-admin
Parameters
size: Specifies an MTU value in the range of 46 to 9216 bytes.
Examples
# Set the MTU to 1430 bytes for VSI-interface 100.
<Sysname> system-view
[Sysname] interface vsi-interface 100
[Sysname-Vsi-interface100] mtu 1430
reset counters interface vsi-interface
Use reset counters interface vsi-interface to clear packet statistics on VSI interfaces or VSI subinterfaces.
Syntax
reset counters interface [ vsi-interface [ vsi-interface-id | vsi-interface-id.subid ] ]
Views
User view
Predefined user roles
network-admin
Parameters
vsi-interface [ vsi-interface-id | vsi-interface-id.subid ]: Specifies a VSI interface or VSI subinterface by its number. Make sure the specified VSI interface or VSI subinterface has been created on the device. If you do not specify the vsi-interface [ vsi-interface-id | vsi-interface-id.subid ] option, this command clears packet statistics on all interfaces except for VA interfaces. If you specify only the vsi-interface keyword, this command clears packet statistics on all VSI interfaces and VSI subinterfaces. If you specify a VSI interface or subinterface, this command clears packet statistics on the specified interface or subinterface.
Usage guidelines
Use this command to clear history statistics before you collect traffic statistics for a time period.
Examples
# Clear packet statistics on VSI-interface 100.
<Sysname> reset counters interface vsi-interface 100
Related commands
display interface vsi-interface
shutdown
Use shutdown to shut down a VSI interface or VSI subinterface.
Use undo shutdown to bring up a VSI interface or VSI subinterface.
Syntax
shutdown
undo shutdown
Default
A VSI interface or subinterface is not manually shut down.
Views
VSI interface view
VSI subinterface view
Predefined user roles
network-admin
Examples
# Shut down VSI-interface 100.
<Sysname> system-view
[Sysname] interface vsi-interface 100
[Sysname-Vsi-interface100] shutdown
vtep group member local
Use vtep group member local to assign the local VTEP to a VTEP group.
Use undo vtep group member local to remove the local VTEP from a VTEP group.
Syntax
vtep group group-ip member local member-ip
undo vtep group group-ip member local
Default
A VTEP is not assigned to any VTEP group.
Views
System view
Predefined user roles
network-admin
Parameters
group-ip: Specifies a VTEP group by its group IP address. The IP address must already exist on the local VTEP.
member-ip: Specifies the member VTEP IP address for the local VTEP. The IP address must already exist on the local VTEP.
Usage guidelines
Member VTEPs in a VTEP group cannot use the group IP address or share an IP address.
Examples
# Assign the local VTEP to VTEP group 1.1.1.1, and specify 2.2.2.2 as the member VTEP IP address of the local VTEP.
<Sysname> system-view
[Sysname] vtep group 1.1.1.1 member local 2.2.2.2
Related commands
vtep group member remote
Use vtep group member remote to specify a VTEP group and its member VTEPs.
Use undo vtep group member remote to remove a VTEP group and its member VTEPs.
Syntax
vtep group group-ip member remote member-ip&<1-8>
undo vtep group group-ip member remote
Default
No VTEP group is specified.
Views
System view
Predefined user roles
network-admin
Parameters
group-ip: Specifies a VTEP group by its group IP address.
member-ip&<1-8>: Specifies a space-separated list of up to eight member VTEP IP addresses.
Examples
# Specify VTEP group 1.1.1.1 and its member VTEPs at 2.2.2.2, 3.3.3.3, and 4.4.4.4.
<Sysname> system-view
[Sysname] vtep group 1.1.1.1 member remote 2.2.2.2 3.3.3.3 4.4.4.4
Related commands
vtep group member local
vxlan tunnel arp-learning disable
Use vxlan tunnel arp-learning disable to disable remote ARP learning for VXLANs.
Use undo vxlan tunnel arp-learning disable to enable remote ARP learning for VXLANs.
Syntax
vxlan tunnel arp-learning disable
undo vxlan tunnel arp-learning disable
Default
Remote ARP learning is enabled for VXLANs.
Views
System view
Predefined user roles
network-admin
Usage guidelines
By default, the device learns ARP information of remote VMs from packets received on VXLAN tunnel interfaces. To save resources on VTEPs in an SDN transport network, you can temporarily disable remote ARP learning when the controller and VTEPs are synchronizing entries. After the entry synchronization is completed, use the undo vxlan tunnel arp-learning disable command to enable remote ARP learning.
As a best practice, disable remote ARP learning for VXLANs only when the controller and VTEPs are synchronizing entries.
Examples
# Disable remote ARP learning for VXLANs.
<Sysname> system
[Sysname] vxlan tunnel arp-learning disable
OVSDB commands
ovsdb server bootstrap ca-certificate
Use ovsdb server bootstrap ca-certificate to specify a CA certificate file for establishing OVSDB SSL connections.
Use undo ovsdb server bootstrap ca-certificate to restore the default.
Syntax
ovsdb server bootstrap ca-certificate ca-filename
undo ovsdb server bootstrap ca-certificate
Default
SSL uses the CA certificate file in the PKI domain.
Views
System view
Predefined user roles
network-admin
Parameters
ca-filename: Specifies the CA certificate file name, a case-insensitive string. The file name cannot contain the slot string, and the file must be stored on the active MPU.
Usage guidelines
For the specified certificate to take effect, you must execute the ovsdb server enable command to enable the OVSDB server. You must disable and then re-enable the OVSDB server if it has been enabled.
If the specified CA certificate file does not exist, the device obtains a self-signed certificate from the controller. The obtained file uses the name specified for the ca-filename argument.
Examples
# Specify CA certificate file ca-new for establishing OVSDB SSL connections.
<Sysname> system-view
[Sysname] ovsdb server bootstrap ca-certificate ca-new
Related commands
ovsdb server enable
ovsdb server pki domain
ovsdb server pssl
ovsdb server ssl
ovsdb server enable
Use ovsdb server enable to enable the OVSDB server.
Use undo ovsdb server enable to disable the OVSDB server.
Syntax
ovsdb server enable
undo ovsdb server enable
Default
The OVSDB server is disabled.
Views
System view
Predefined user roles
network-admin
Usage guidelines
To obtain configuration data from controllers, you must enable the OVSDB server.
Before you enable the OVSDB server, you must establish an OVSDB SSL or TCP connection with a minimum of one controller.
Examples
# Enable the OVSDB server.
<Sysname> system-view
ovsdb server pki domain
Use ovsdb server pki domain to specify a PKI domain for establishing OVSDB SSL connections.
Use undo ovsdb bootstrap server pki domain to restore the default.
Syntax
ovsdb server pki domain domain-name
undo ovsdb server pki domain
Default
No PKI domain is specified for establishing OVSDB SSL connections.
Views
System view
Predefined user roles
network-admin
Parameters
domain-name: Specifies a PKI domain name, a case-sensitive string of 1 to 31 characters. The PKI domain must already exist and contain a complete certificate and key.
Usage guidelines
To communicate with controllers through SSL, you must specify a PKI domain.
For the specified PKI domain to take effect, you must execute the ovsdb server enable command to enable the OVSDB server. You must disable and then re-enable the OVSDB server if it has been enabled.
For more information about PKI domains, see PKI in Security Configuration Guide.
Examples
# Specify PKI domain ovsdb_test for establishing OVSDB SSL connections.
<Sysname> system-view
[Sysname] ovsdb server pki domain ovsdb_test
Related commands
ovsdb server bootstrap ca-certificate
ovsdb server enable
ovsdb server pssl
ovsdb server ssl
ovsdb server pssl
Use ovsdb server pssl to enable the device to listen for OVSDB SSL connection requests.
Use undo ovsdb server pssl to restore the default.
Syntax
ovsdb server pssl [ port port-number ]
undo ovsdb server pssl
Default
The device does not listen for OVSDB SSL connection requests.
Views
System view
Predefined user roles
network-admin
Parameters
port port-number: Specifies a port to listen for OVSDB SSL connection requests. The value range for the port-number argument is 1 to 65535. If you do not specify a port, the device uses the port number 6640.
Usage guidelines
Before you use this command, you must specify a PKI domain for SSL.
You can specify only one port to listen for OVSDB SSL connection requests. If you execute this command multiple times, the most recent configuration takes effect.
For the specified port setting to take effect, you must execute the ovsdb server enable command to enable the OVSDB server. You must disable and then re-enable the OVSDB server if it has been enabled.
Examples
# Enable the device to listen for OVSDB SSL connection requests on port 6640.
<Sysname> system-view
[Sysname] ovsdb server pssl
ovsdb server bootstrap ca-certificate
ovsdb server enable
ovsdb server pki domain
ovsdb server ssl
ovsdb server ptcp
Use ovsdb server ptcp to enable the device to listen for OVSDB TCP connection requests.
Use undo ovsdb server ptcp to restore the default.
Syntax
ovsdb server ptcp [ port port-number ]
undo ovsdb server ptcp
Default
The device does not listen for OVSDB TCP connection requests.
Views
System view
Predefined user roles
network-admin
Parameters
port-number: Specifies a port to listen for OVSDB TCP connection requests. The value range for the port-number argument is 1 to 65535. If you do not specify a port, the device uses the port number 6640.
Usage guidelines
You can specify only one port to listen for OVSDB TCP connection requests. If you execute this command multiple times, the most recent configuration takes effect.
For the specified port setting to take effect, you must execute the ovsdb server enable command to enable the OVSDB server. You must disable and then re-enable the OVSDB server if it has been enabled.
Examples
# Enable the device to listen for OVSDB TCP connection requests on port 6640.
<Sysname> system-view
[Sysname] ovsdb server ptcp
ovsdb server enable
ovsdb server tcp
ovsdb server ssl
Use ovsdb server ssl to set up an active OVSDB SSL connection to a controller.
Use undo ovsdb server ssl to remove an OVSDB SSL connection from a controller.
Syntax
ovsdb server ssl ip ip-address port port-number
undo ovsdb server ssl ip ip-address port port-number
Default
The device does not have active OVSDB SSL connections to a controller.
Views
System view
Predefined user roles
network-admin
Parameters
ip ip-address: Specifies the destination IP address for the SSL connection.
port port-number: Specifies the destination port for the SSL connection. The value range for the port-number argument is 1 to 65535.
Usage guidelines
Before you use this command, you must specify a PKI domain for SSL.
The device can have a maximum of eight active SSL connections.
To establish the connection, you must execute the ovsdb server enable command. You must disable and then re-enable the OVSDB server if it has been enabled.
Examples
# Set up an active SSL connection to port 6632 at 192.168.12.2.
<Sysname> system-view
[Sysname] ovsdb server ssl ip 192.168.12.2 port 6632
ovsdb server bootstrap ca-certificate
ovsdb server enable
ovsdb server pki domain
ovsdb server pssl
ovsdb server tcp
Use ovsdb server tcp to set up an active OVSDB TCP connection to a controller.
Use undo ovsdb server tcp to remove an OVSDB TCP connection.
Syntax
ovsdb server tcp ip ip-address port port-number
undo ovsdb server tcp ip ip-address port port-number
Default
The device does not have active OVSDB TCP connections.
Views
System view
Predefined user roles
network-admin
Parameters
ip ip-address: Specifies the destination IP address for the TCP connection.
port port-number: Specifies the destination port for the TCP connection. The value range for the port-number argument is 1 to 65535.
Usage guidelines
The device can have a maximum of eight active OVSDB TCP connections.
To establish the connection, you must execute the ovsdb server enable command. You must disable and then re-enable the OVSDB server if it has been enabled.
Examples
# Set up an active OVSDB TCP connection to port 6632 at 192.168.12.2.
<Sysname> system-view
[Sysname] ovsdb server tcp ip 192.168.12.2 port 6632
ovsdb server enable
ovsdb server ptcp
vtep access port
Use vtep access port to specify a site-facing interface as a VTEP access port.
Use undo vtep access port to restore the default.
Syntax
vtep access port
undo vtep access port
Default
An interface is not a VTEP access port.
Views
Layer 2 aggregate interface view
Layer 2 Ethernet interface view
Layer 3 interface view
Predefined user roles
network-admin
Usage guidelines
For controllers to manage a site-facing interface, you must specify the interface as a VTEP access port.
Examples
# Specify GigabitEthernet 1/0 as a VTEP access port.
<Sysname> system-view
[Sysname] interface gigabitethernet 1/0
[Sysname-GigabitEthernet1/0] vtep access port
vtep enable
Use vtep enable to enable the OVSDB VTEP service.
Use undo vtep enable to disable the OVSDB VTEP service.
Syntax
vtep enable
undo vtep enable
Default
The OVSDB VTEP service is disabled.
Views
System view
Predefined user roles
network-admin
Examples
# Enable the OVSDB VTEP service.
<Sysname> system-view
[Sysname] vtep enable
vxlan tunnel flooding-proxy
Use vxlan tunnel flooding-proxy to enable flood proxy on multicast VXLAN tunnels.
Use undo vxlan tunnel flooding-proxy to disable flood proxy on multicast VXLAN tunnels.
Syntax
vxlan tunnel flooding-proxy
undo vxlan tunnel flooding-proxy
Default
Flood proxy is disabled on multicast VXLAN tunnels.
Views
System view
Predefined user roles
network-admin
Usage guidelines
If you use a flood proxy server, you must enable flood proxy globally on multicast tunnels. Then the multicast tunnels are converted into flood proxy tunnels. The VTEP sends broadcast, multicast, and unknown unicast traffic for a VXLAN to the flood proxy server through the tunnels. The flood proxy server then replicates and forwards flood traffic to remote VTEPs.
The vxlan tunnel flooding-proxy command and its undo form affect only VXLAN tunnels that are issued after the vxlan tunnel flooding-proxy command.
Examples
# Enable flood proxy on all multicast VXLAN tunnels.
<Sysname> system
[Sysname] vxlan tunnel flooding-proxy
