This feature snoops ARP packets to populate the ARP flood suppression table with local and remote MAC addresses. If an ARP request has a matching entry, the VTEP replies to the request on behalf of the VM. If no match is found and the no-broadcast keyword is not specified, the VTEP floods the request to both local and remote sites.

Examples

# Enable ARP flood suppression and disable flooding the ARP requests that do not match any ARP flood suppression entries for VSI vsi1.

<Sysname> system-view

[Sysname] vsi vsi1

[Sysname-vsi-vsi1] arp suppression enable no-broadcast

Related commands

arp suppression mode

display arp suppression vsi

reset arp suppression vsi

arp suppression mode

Use arp suppression mode to set the ARP flood suppression mode.

Use undo arp suppression mode to restore the default.

Syntax

arp suppression mode { proxy-reply | unicast-forward } [ mismatch-discard ]

undo arp suppression mode

Default

If ARP flood suppression is enabled, the default ARP flood suppression mode is proxy reply. In proxy reply mode, the device broadcasts the ARP requests that are not targeted at the device and do not match any ARP flood suppression entries.

Views

VSI view

Predefined user roles

network-admin

Parameters

proxy-reply: Specifies proxy reply mode. If an ARP request is not targeted at the device and matches an ARP flood suppression entry, the device replies to the ARP request on behalf of the target IP address. The ARP reply carries the following information:

· Sender IP address—Target IP address in the ARP request.

· Sender MAC address—MAC address in the matching ARP flood suppression entry.

· Source MAC address—MAC address in the matching ARP flood suppression entry.

unicast-forward: Specifies unicast forwarding mode. If an ARP request is not targeted at the device and matches an ARP flood suppression entry, the device acts as follows:

1. Replaces the target MAC address and destination MAC address in the ARP request with the MAC address in the entry.

2. Unicasts the ARP request.

mismatch-discard: Specifies mismatch discarding mode. In this mode, the device discards an ARP request that is not targeted at the device and does not match any ARP flood suppression entry. If you do not specify this keyword, the device will broadcast such an ARP request.

Usage guidelines

The device does not forward ARP requests in proxy reply mode, which decreases system resource consumption. Unicast forwarding mode reduces the ARP entry learning errors caused by the delay in refreshing ARP flood suppression entries at the expense of high system resource usage.

Examples

# Enable ARP flood suppression and set its mode to unicast forwarding on VSI vsi1.

<Sysname> system-view

[Sysname] vsi vsi1

[Sysname-vsi-vsi1] arp suppression enable

[Sysname-vsi-vsi1] arp suppression mode unicast-forward

Related commands

arp suppression enable

description

Use description to configure a description for a VSI.

Use undo description to restore the default.

Syntax

description text

undo description

Default

A VSI does not have a description.

Views

VSI view

Predefined user roles

network-admin

Parameters

text: Specifies a description, a case-sensitive string of 1 to 80 characters.

Examples

# Configure a description for VSI vpn1.

<Sysname> system-view

[Sysname] vsi vpn1

[Sysname-vsi-vpn1] description vsi for vpn1

Related commands

display l2vpn vsi

display arp suppression vsi

Use display arp suppression vsi to display ARP flood suppression entries.

Syntax

display arp suppression vsi [ name vsi-name ] [ slot slot-number ] [ count ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

name vsi-name: Specifies a VSI by its name, a case-sensitive string of 1 to 31 characters. If you do not specify a VSI, this command displays entries for all VSIs.

slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command displays entries on the master device.

count: Displays the number of ARP flood suppression entries that match the command.

Examples

# Display ARP flood suppression entries.

<Sysname> display arp suppression vsi

IP address MAC address VSI name Link ID Aging(min)

1.1.1.2 000f-e201-0101 vsi1 0x70000 14

1.1.1.3 000f-e201-0202 vsi1 0x80000 18

1.1.1.4 000f-e201-0203 vsi2 0x90000 10

# Display the number of ARP flood suppression entries.

<Sysname> display arp suppression vsi count

Total entries: 3

Table 1 Command output

Field	Description
Link ID	Link ID that uniquely identifies an AC or a VXLAN tunnel on a VSI.
Aging(min)	Remaining lifetime (in minutes) of the ARP flood suppression entry. When the timer expires, the entry is deleted.

Related commands

arp suppression enable

reset arp suppression vsi

display ipv6 nd suppression vsi

Use display ipv6 nd suppression vsi to display ND flood suppression entries.

Syntax

display ipv6 nd suppression vsi [ name vsi-name ] [ slot slot-number ] [ count ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

name vsi-name: Specifies a VSI by its name, a case-sensitive string of 1 to 31 characters. If you do not specify a VSI, this command displays entries for all VSIs.

slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command displays entries on the master device.

count: Displays the number of ND flood suppression entries that match the command.

Examples

# Display ND flood suppression entries.

<Sysname> display ipv6 nd suppression vsi

IPv6 address MAC address VSI name Link ID Aging (min)

1000::2 000f-e201-0101 vsi1 0x70000 5

1000::3 000f-e201-0202 vsi1 0x80000 5

1000::4 000f-e201-0203 vsi2 0x90000 5

# Display the number of ND flood suppression entries.

<Sysname> display ipv6 nd suppression vsi count

Total entries: 3

Table 2 Command output

Field	Description
Link ID	Link ID that uniquely identifies an AC or a VXLAN tunnel on a VSI.
Aging (min)	Remaining lifetime (in minutes) of the ND flood suppression entry. When the timer expires, the entry is deleted.

Related commands

ipv6 nd suppression enable

reset ipv6 nd suppression vsi

display l2vpn m-lag arp

Use display l2vpn m-lag arp to display L2VPN ARP entries on an M-LAG member device.

Syntax

display l2vpn m-lag arp [ local | remote ] [ count | { public-instance | vpn-instance vpn-instance-name } [ count | ip-address ] ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

local: Specifies locally learned L2VPN ARP entries.

remote: Specifies M-LAG-synchronized L2VPN ARP entries.

count: Displays the number of L2VPN ARP entries. If you do not specify this keyword, the command displays detailed information about L2VPN ARP entries.

public-instance: Specifies the public instance.

vpn-instance vpn-instance-name: Specifies an instance by its name, a case-sensitive string of 1 to 31 characters.

ip-address: Specifies an IPv4 address. If you do not specify an IPv4 address, this command displays all L2VPN ARP entries that match the specified criteria.

Usage guidelines

If you do not specify the local or remote keyword, this command displays both locally learned and M-LAG-synchronized L2VPN ARP entries.

If you do not specify the public-instance keyword or the vpn-instance vpn-instance-name option, this command displays L2VPN ARP entries for the public instance and all VPN instances.

Examples

# Display all L2VPN ARP entries on the local M-LAG member device.

<Sysname> display l2vpn m-lag arp

Flags: D – Dynamic L - Local R – Remote S – Static I - Invalid

G - Gateway V - MLAG Virtual

VPN instance: vpn1 Interface: Vsi-interface1

IP address MAC address VSI index Link ID Flags

10.1.1.1 0003-0003-0003 0 0x1 DL

10.1.1.11 0001-0001-0001 0 0x1 DL

10.1.1.12 0001-0001-0011 0 0x2 DR

10.1.1.13 0001-0001-0021 0 0x2 DR

10.1.1.101 0001-0011-0101 0 0x1 SL

10.1.1.102 0001-0011-0102 0 0x1 SL

Public instance Interface: Vsi-interface2

IP address MAC address VSI index Link ID Flags

11.1.1.1 0033-0033-0033 0 0x1 DL

11.1.1.11 0011-0011-0011 0 0x1 DL

# Display the total number of L2VPN ARP entries on the local M-LAG member device.

<Sysname> display l2vpn m-lag arp count

Total number of entries: 8

Table 3 Command output

Field	Description
Interface	VSI interface.
Link ID	Link ID that uniquely identifies an AC or a VXLAN tunnel on a VSI.
Flags	ARP entry type: · D—The entry is a valid dynamically learned entry. · L—The entry is a valid local entry. · R—The entry is a valid M-LAG-synchronized entry. · S—The entry is a valid static entry. · I—The entry is invalid. Possible reasons: ¡ The VSI has been administratively shut down by using the shutdown command. ¡ The outgoing tunnel interface does not exist. · G—The entry is for a gateway. · V—The entry is for the M-LAG virtual IPv4 address of a gateway interface.

display l2vpn m-lag arp suppression

Use display l2vpn m-lag arp suppression to display L2VPN ARP flood suppression entries on an M-LAG member device.

Syntax

display l2vpn m-lag arp suppression [ local | remote ] [ count | vsi vsi-name [ count | ip-address ] ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

local: Specifies L2VPN ARP flood suppression entries that are learned locally.

remote: Specifies L2VPN ARP flood suppression entries that are synchronized by M-LAG.

count: Displays the number of L2VPN ARP flood suppression entries. If you do not specify this keyword, the command displays detailed information about L2VPN ARP flood suppression entries.

vsi vsi-name: Specifies a VSI name, a case-sensitive string of 1 to 31 characters. If you do not specify a VSI, this command displays L2VPN ARP flood suppression entries for all VSIs.

ip-address: Specifies an IPv4 address. If you do not specify an IPv4 address, this command displays all L2VPN ARP flood suppression entries that match the specified criteria.

Usage guidelines

If you do not specify the local or remote keyword, this command displays both locally learned and M-LAG-synchronized L2VPN ARP flood suppression entries.

Examples

# Display all L2VPN ARP flood suppression entries on the local M-LAG member device.

<Sysname> display l2vpn m-lag arp suppression

Flags: D - Dynamic L – Local R – Remote S - Static I – Invalid

VSI name: vpna

IP address MAC address Link ID Flags

10.1.1.12 0002-0002-0002 0x1 DL

10.1.1.13 0002-0002-0002 0x2 RI

10.1.1.101 0001-0011-0101 0x2 SR

# Display the total number of L2VPN ARP flood suppression entries on the local M-LAG member device.

<Sysname> display l2vpn m-lag arp suppression count

Total number of entries: 3

Table 4 Command output

Field	Description
Link ID	Link ID that uniquely identifies an AC or a VXLAN tunnel on a VSI.
Flags	ARP flood suppression entry type: · D—The entry is a valid dynamically learned entry. · L—The entry is a valid local entry. · R—The entry is a valid M-LAG-synchronized entry. · S—The entry is a valid static entry. · I—The entry is invalid. Possible reasons: ¡ The VSI has been administratively shut down by using the shutdown command. ¡ The outgoing tunnel interface does not exist.

Field

Description

Link ID

Link ID that uniquely identifies an AC or a VXLAN tunnel on a VSI.

Flags

ARP flood suppression entry type:

· D—The entry is a valid dynamically learned entry.

· L—The entry is a valid local entry.

· R—The entry is a valid M-LAG-synchronized entry.

· S—The entry is a valid static entry.

· I—The entry is invalid. Possible reasons:

¡ The VSI has been administratively shut down by using the shutdown command.

¡ The outgoing tunnel interface does not exist.

display l2vpn m-lag mac-address

Use display l2vpn m-lag mac-address to display L2VPN MAC address entries on an M-LAG member device.

Syntax

display l2vpn m-lag mac-address [ local | remote ] [ count | vsi vsi-name [ count | mac-address ] ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

local: Specifies L2VPN MAC address entries that are learned locally.

remote: Specifies L2VPN MAC address entries that are synchronized by M-LAG.

count: Displays the number of L2VPN MAC address entries. If you do not specify this keyword, the command displays detailed information about L2VPN MAC address entries.

vsi vsi-name: Specifies a VSI name, a case-sensitive string of 1 to 31 characters. If you do not specify a VSI, this command displays L2VPN MAC address entries for all VSIs.

mac-address: Specifies a MAC address. The MAC address is in the format of H-H-H. You can omit the consecutive zeros at the beginning of each segment. For example, you can enter f-e2-1 for 000f-00e2-0001. If you do not specify a MAC address, this command displays all L2VPN MAC address entries that match the specified criteria.

Usage guidelines

If you do not specify the local or remote keyword, this command displays both locally learned and M-LAG-synchronized L2VPN MAC address entries.

Examples

# Display all L2VPN MAC address entries on the local M-LAG member device.

<Sysname> display l2vpn m-lag mac-address

Flags: D – Dynamic L - Local R – Remote S – Static A - MAC-authentication

VSI name: bbb

MAC address Link ID Interface Flags

0000-0000-000a 0x1 BAGG10 DL

0000-0000-0009 0x1 Tunnel1 DL

# Display the total number of L2VPN MAC address entries on the local M-LAG member device.

<Sysname> display l2vpn m-lag mac-address count

Total number of entries: 2

Table 5 Command output

Field	Description
Link ID	Link ID that uniquely identifies an AC or a VXLAN tunnel on a VSI.
Interface	Outgoing interface.
Flags	MAC address entry type: · D—The entry is a valid dynamically learned entry. · L—The entry is a valid local entry. · R—The entry is a valid M-LAG-synchronized entry. · S—The entry is a valid static entry. · A—The entry is learned by MAC authentication.

display l2vpn m-lag nd

Use display l2vpn m-lag nd to display L2VPN ND entries on an M-LAG member device.

Syntax

display l2vpn m-lag nd [ local | remote ] [ count | { public-instance | vpn-instance vpn-instance-name } [ ipv6-address | count ] ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

local: Specifies locally learned L2VPN ND entries.

remote: Specifies M-LAG-synchronized L2VPN ND entries.

count: Displays the number of L2VPN ND entries. If you do not specify this keyword, the command displays detailed information about L2VPN ND entries.

public-instance: Specifies the public instance.

vpn-instance vpn-instance-name: Specifies an instance by its name, a case-sensitive string of 1 to 31 characters.

ipv6-address: Specifies an IPv6 address. If you do not specify an IPv6 address, this command displays all L2VPN ND entries that match the specified criteria.

Usage guidelines

If you do not specify the local or remote keyword, this command displays both locally learned and M-LAG-synchronized L2VPN ND entries.

If you do not specify the public-instance keyword or the vpn-instance vpn-instance-name option, this command displays L2VPN ND entries for the public instance and all VPN instances.

Examples

# Display all L2VPN ND entries on the local M-LAG member device.

<Sysname> display l2vpn m-lag nd

Flags: D - Dynamic L – Local R – Remote S - Static I - Invalid

G - Gateway V - MLAG Virtual

VPN instance: vpna Interface: Vsi-interface1

IPv6 address : 20::2

MAC address : 0001-0001-0001 Flags : DL

VSI index : 0 Link ID : 0x1

# Display the total number of L2VPN ND entries on the local M-LAG member device.

<Sysname> display l2vpn m-lag nd count

Total number of entries: 1

Table 6 Command output

Field	Description
Interface	VSI interface.
Flags	ND entry type: · D—The entry is a valid dynamically learned entry. · L—The entry is a valid local entry. · R—The entry is a valid M-LAG-synchronized entry. · S—The entry is a valid static entry. · I—The entry is invalid. Possible reasons: ¡ The VSI has been administratively shut down by using the shutdown command. ¡ The outgoing tunnel interface does not exist. · G—The entry is for a gateway. · V—The entry is for the M-LAG virtual IPv6 address of a gateway interface.
Link ID	Link ID that uniquely identifies an AC or a VXLAN tunnel on a VSI.

display l2vpn m-lag nd suppression

Use display l2vpn m-lag nd suppression to display L2VPN ND flood suppression entries on an M-LAG member device.

Syntax

display l2vpn m-lag nd suppression [ local | remote ] [ count | vsi vsi-name [ ipv6-address | count ] ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

local: Specifies L2VPN ND flood suppression entries that are learned locally.

remote: Specifies L2VPN ND flood suppression entries that are synchronized by M-LAG.

count: Displays the number of L2VPN ND flood suppression entries. If you do not specify this keyword, the command displays detailed information about L2VPN ND flood suppression entries.

vsi vsi-name: Specifies a VSI name, a case-sensitive string of 1 to 31 characters. If you do not specify a VSI, this command displays L2VPN ND flood suppression entries for all VSIs.

ipv6-address: Specifies an IPv6 address. If you do not specify an IPv6 address, this command displays all L2VPN ND flood suppression entries that match the specified criteria.

Usage guidelines

If you do not specify the local or remote keyword, this command displays both locally learned and M-LAG-synchronized L2VPN ND flood suppression entries.

Examples

# Display all L2VPN ND flood suppression entries on the local M-LAG member device.

[Sysname]display l2vpn m-lag nd suppression

Flags: D - Dynamic L – Local R – Remote S - Static I - Invalid

VSI name: vpna

IPv6 address MAC address Link ID Flags

11::8 72cb-ce9b-0a06 0x1 DL

11::9 0001-0001-0001 0x2 SR

# Display the total number of L2VPN ND flood suppression entries on the local M-LAG member device.

<Sysname> display l2vpn m-lag nd suppression count

Total number of entries: 2

Table 7 Command output

Field	Description
Link ID	Link ID that uniquely identifies an AC or a VXLAN tunnel on a VSI.
Flags	ND flood suppression entry type: · D—The entry is a valid dynamically learned entry. · L—The entry is a valid local entry. · R—The entry is a valid M-LAG-synchronized entry. · S—The entry is a valid static entry. · I—The entry is invalid. Possible reasons: ¡ The VSI has been administratively shut down by using the shutdown command. ¡ The outgoing tunnel interface does not exist.

Field

Description

Link ID

Link ID that uniquely identifies an AC or a VXLAN tunnel on a VSI.

Flags

ND flood suppression entry type:

· D—The entry is a valid dynamically learned entry.

· L—The entry is a valid local entry.

· R—The entry is a valid M-LAG-synchronized entry.

· S—The entry is a valid static entry.

· I—The entry is invalid. Possible reasons:

¡ The VSI has been administratively shut down by using the shutdown command.

¡ The outgoing tunnel interface does not exist.

display l2vpn mac-address

Use display l2vpn mac-address to display MAC address entries for VSIs.

Syntax

display l2vpn mac-address[ vsi vsi-name ] [ dynamic ] [ count | verbose ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

vsi vsi-name: Specifies a VSI name, a case-sensitive string of 1 to 31 characters. If you do not specify a VSI, this command displays MAC address entries for all VSIs.

dynamic: Specifies dynamic MAC address entries learned in the data plane. If you do not specify this keyword, the command displays all MAC address entries, including:

· Dynamic remote- and local-MAC entries.

· Remote-MAC entries advertised through BGP EVPN.

· Manually added static remote-MAC entries.

· Remote-MAC entries issued through OpenFlow.

· Remote-MAC entries issued through OVSDB.

count: Displays the number of MAC address entries.

verbose: Displays detailed information about MAC address entries.

Usage guidelines

If you do not specify the count or verbose keyword, this command displays brief information about MAC address entries.

Examples

# Display brief information about MAC address entries for all VSIs.

<Sysname> display l2vpn mac-address

* - The output interface is issued to another VSI

MAC Address State VSI Name Link ID/Name Aging

0001-0001-0001 Static aaa Tunnel10 NotAging

52f6-bc1e-0d06 Dynamic vpna GE1/0/1 Aging

0000-0000-000c Dynamic TTP_vxlan10 GE1/0/1* Aging

--- 3 mac address(es) found ---

# Display the total number of MAC address entries in all VSIs.

<Sysname> display l2vpn mac-address count

2 mac address(es) found

Table 8 Command output

Field	Description
State	Entry state: · Dynamic—Local- or remote-MAC entry dynamically learned in the data plane. · Static—Static remote-MAC entry. · EVPN—Remote-MAC entry advertised through BGP EVPN. · OpenFlow—Remote-MAC entry issued by a remote controller through OpenFlow. · OVSDB—Remote-MAC entry issued by a remote controller through OVSDB.
Link ID/Name	For a local MAC address, this field displays the name of the interface that hosts the Ethernet service instance for the MAC address. For a remote MAC address, this field displays the tunnel interface name. The asterisk suffix (*) indicates that the MAC address belongs to another VSI and is issued by the controller through TTP.
Aging	Entry aging state: · Aging. · NotAging.

# Display detailed information about MAC address entries for all VSIs.

<Sysname> display l2vpn mac-address verbose

MAC Address : 0000-0000-000b

VSI Name : vpn1

VXLAN ID : 123

Interface : GE1/0/1

Link ID : 1

State : Dynamic

Aging : Aging

Table 9 Command output

Field	Description
Interface	For a local MAC address, this field displays the name of the interface that hosts the Ethernet service instance for the MAC address. For a remote MAC address, this field displays the tunnel interface name.
VSI Name	VSI name in one of the following formats: · vsi-name—VSI name for the MAC address entry. · vsi1 (vsi2)—The MAC address belongs to vsi1 and has been issued to vsi2 by the controller.
Link ID	Link ID that uniquely identifies an AC or a VXLAN tunnel on a VSI.
State	Entry state: · Dynamic—Local- or remote-MAC entry dynamically learned in the data plane. · Static—Static remote-MAC entry. · EVPN—Remote-MAC entry advertised through BGP EVPN. · Openflow—Remote-MAC entry issued by a remote controller through OpenFlow. · OVSDB—Remote-MAC entry issued by a remote controller through OVSDB.
Aging	Entry aging state: · Aging. · NotAging.

Related commands

reset l2vpn mac-address

display l2vpn mac-address mac-move

Use display l2vpn mac-address mac-move to display MAC move records for VSIs.

Syntax

display l2vpn mac-address mac-move [ slot slot-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

slot slot-number: Specifies an IRF member device by its member ID. If you do not specify a member device, this command displays MAC move records on the master device.

Usage guidelines

When a MAC address frequently moves between two interfaces, Layer 2 loops might occur in the network. To discover and locate loops, you can view the MAC address move records.

This command displays the MAC move events that have occurred on VSIs since startup of the device. The MAC move records with the same MAC address, VSI name, source port, and current port are considered to be one record.

An IRF member device can generate a maximum of 200 MAC address move records.

Examples

# Display MAC move records for all VSIs.

<Sysname> display l2vpn mac-address mac-move

MAC address : 0000-4900-03e7 VSI name : 3

Current port: GE1/0/1 srv2 Source port: GE1/0/2 srv3

Last time : 2019-02-19 20:44:15 Move count : 1

--- 1 MAC address moving records found ---

Table 10 Command output

Field	Description
Current port	Interface to which the MAC address was moved.
Source port	Interface from which the MAC address was moved.
Last time	Last time when the MAC address was moved.
Move count	Number of times that the MAC address has moved.

display l2vpn service-instance

Use display l2vpn service-instance to display information about Ethernet service instances.

Syntax

display l2vpn service-instance [ interface interface-type interface-number [ service-instance instance-id ] ] [ verbose ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

interface interface-type interface-number: Specifies a Layer 2 Ethernet interface or Layer 2 aggregate interface by its interface type and number. If you do not specify an interface, this command displays Ethernet service instance information for all Layer 2 Ethernet interfaces and Layer 2 aggregate interfaces.

service-instance instance-id: Specifies an Ethernet service instance by its ID in the range of 1 to 4096. If you do not specify an Ethernet service instance, this command displays information about all Ethernet service instances on the specified Layer 2 Ethernet interface or Layer 2 aggregate interface.

verbose: Displays detailed information about Ethernet service instances. If you do not specify this keyword, the command displays brief information about Ethernet service instances.

Examples

# Display brief information about all Ethernet service instances.

<Sysname> display l2vpn service-instance

Total number of service-instances: 2, 2 up, 0 down

Total number of ACs: 2, 2 up, 0 down

Interface ID Owner LinkID State Type

GE1/0/1 3 vsi12 1 Up VSI

GE1/0/1 4 vsi13 1 Up VSI

Table 11 Command output

Field	Description
Total number of ACs	Total number of attachment circuits (ACs) and the number of ACs in each state (up or down).
Interface	Name of a Layer 2 Ethernet interface or Layer 2 aggregate interface.
ID	Ethernet service instance ID.
Owner	VSI name. This field is empty if an Ethernet service instance is not mapped to any VSI.
LinkID	Ethernet service instance's link ID on the VSI.
State	Ethernet service instance state: · Up. · Down.
Type	L2VPN type of the Ethernet service instance: · VSI. · VPWS.

# Display detailed information about all Ethernet service instances on GigabitEthernet 1/0/1.

<Sysname> display l2vpn service-instance interface gigabitethernet 1/0/1 verbose

Interface: GE1/0/1

Service Instance: 1

Type : Manual

Encapsulation : s-vid 16

Bandwidth : -

VSI Name : vsi10

Link ID : 1

State : Up

Statistics : Enabled

Input Statistics:

Octets :0

Packets :0

Output Statistics:

Octets :0

Packets :0

Table 12 Command output

Field	Description
Interface	Name of a Layer 2 Ethernet interface or Layer 2 aggregate interface.
Service Instance	Ethernet service instance ID.
Type	Type and traffic match mode of the Ethernet service instance: · Dynamic (M-LAG)—Dynamic Ethernet service instance created on the peer link, in VLAN-based traffic match mode. · Manual—Static Ethernet service instance in VLAN-based traffic match mode.
Encapsulation	Frame match criterion of the Ethernet service instance. If the Ethernet service instance does not contain a frame match criterion, the command does not display this field.
Bandwidth	This field is not supported in the current software version. Bandwidth limit in kbps. If no bandwidth limit is set for the Ethernet service instance, Unlimited is displayed.
Link ID	Ethernet service instance's link ID on the VSI.
State	Ethernet service instance state: · Up. · Down.
Statistics	Packet statistics state: · Enabled—The packet statistics feature is enabled for the Ethernet service instance. · Disabled—The packet statistics feature is disabled for the Ethernet service instance.
Input Statistics	Incoming traffic statistics: · Octets—Number of incoming bytes. · Packets—Number of incoming packets.
Output Statistics	Outgoing traffic statistics: · Octets—Number of outgoing bytes. · Packets—Number of outgoing packets.

Related commands

service-instance

display l2vpn vsi

Use display l2vpn vsi to display information about VSIs.

Syntax

display l2vpn vsi [ name vsi-name ] [ verbose ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

name vsi-name: Specifies a VSI by its name, a case-sensitive string of 1 to 31 characters. If you do not specify a VSI, this command displays information about all VSIs.

verbose: Displays detailed information about VSIs. If you do not specify this keyword, the command displays brief information about VSIs.

Examples

# Display brief information about all VSIs.

<Sysname> display l2vpn vsi

Total number of VSIs: 1, 1 up, 0 down, 0 admin down

VSI Name VSI Index MTU State

vpna 0 1500 Up

Table 13 Command output

Field	Description
MTU	MTU on the VSI.
State	VSI state: · Up—The VSI is up. · Down—The VSI is down. · Admin down—The VSI has been manually shut down by using the shutdown command.

Field

Description

MTU

MTU on the VSI.

State

VSI state:

· Up—The VSI is up.

· Down—The VSI is down.

· Admin down—The VSI has been manually shut down by using the shutdown command.

# Display detailed information about all VSIs.

<Sysname> display l2vpn vsi verbose

VSI Name: vpna

VSI Index : 0

VSI State : Up

MTU : 1500

Bandwidth : -

Broadcast Restrain : -

Multicast Restrain : -

Unknown Unicast Restrain: -

MAC Learning : Enabled

MAC Table Limit : -

MAC Learning rate : -

Drop Unknown : -

Flooding : Enabled

Statistics : Enabled

Input statistics:

Octets : 0

Packets : 0

Errors : 0

Discards : 0

Output statistics:

Octets : 0

Packets : 0

Errors : 0

Discards : 0

Input Rate :

Bytes per second : 0

Packets per second : 0

Output Rate :

Bytes per second : 0

Packets per second : 0

Gateway Interface : VSI-interface 100

VXLAN ID : 10

Tunnels:

Tunnel Name Link ID State Type Flood proxy

Tunnel2 0x5000001 Up Manual Disabled

Tunnel3 0x5000002 Up Manual Disabled

MTunnel1 0x6002710 Up Auto Disabled

ACs:

AC Link ID State Type

GE1/0/1 srv1000 0 Up Manual

Table 14 Command output

Field	Description
VSI Description	Description of the VSI. If the VSI does not have a description, the command does not display this field.
VSI State	VSI state: · Up—The VSI is up. · Down—The VSI is down. · Administratively down—The VSI has been manually shut down by using the shutdown command.
MTU	MTU on the VSI.
Bandwidth	This field is not supported in the current software version. Bandwidth limit in kbps.
Broadcast Restrain	This field is not supported in the current software version. Broadcast restraint bandwidth (in kbps).
Multicast Restrain	This field is not supported in the current software version. Multicast restraint bandwidth (in kbps).
Unknown Unicast Restrain	This field is not supported in the current software version. Unknown unicast restraint bandwidth (in kbps).
MAC Learning	State of the MAC learning feature.
MAC Table Limit	This field is not supported in the current software version. Maximum number of MAC address entries on the VSI.
Drop Unknown	This field is not supported in the current software version. Action on source MAC-unknown frames received after the maximum number of MAC entries is reached.
Flooding	State of the VSI's flooding feature: · Enabled—Flooding is enabled on the VSI. · Disabled—Flooding is disabled on the VSI.
Statistics	Packet statistics state: · Enabled—The packet statistics feature is enabled for the VSI. · Disabled—The packet statistics feature is disabled for the VSI.
Input statistics	Incoming traffic statistics: · Octets—Number of incoming bytes. · Packets—Number of incoming packets. · Errors—Number of error packets. · Discards—Number of discarded packets.
Output statistics	Outgoing traffic statistics: · Octets—Number of outgoing bytes. · Packets—Number of outgoing packets. · Errors—Number of error packets. · Discards—Number of discarded packets.
Input Rate	Incoming traffic rate for the VSI, in bps and pps.
Output Rate	Outgoing traffic rate for the VSI, in bps and pps.
Gateway Interface	VSI interface name.
State	Tunnel state: · Up—The tunnel is operating correctly. · Blocked—The tunnel is a backup tunnel. Its tunnel interface is up, but the tunnel is blocked because the primary tunnel is operating correctly. ‌ · Down—The tunnel interface is down.
Type	Tunnel assignment method: · Auto—The tunnel was automatically assigned to the VXLAN: ¡ For an EVPN network, VXLAN tunnels are automatically assigned to VXLANs. ¡ For a multicast-mode VXLAN, the tunnel (MTunnel) was automatically created and assigned to the VXLAN to transmit flood traffic. · Manual—The tunnel was manually assigned to the VXLAN.
Flood proxy	This field is not supported in the current software version. Flood proxy state.
Private-VSI type	Private VSI type: · Community—A secondary VSI whose ACs have Layer 2 connectivity to one another. · Isolated—A secondary VSI whose ACs are isolated at Layer 2. · Primary.
ACs	ACs that are bound to the VSI.
Link ID	AC's link ID on the VSI.
State	AC state: · Up. · Down.
Type	Type and traffic match mode of the Ethernet service instance: · Dynamic (M-LAG)—Dynamic Ethernet service instance created on the peer link, in VLAN-based traffic match mode. · Dynamic (MAC-based)—Dynamic Ethernet service instance in MAC-based traffic match mode. · Dynamic (VLAN-based)—Dynamic Ethernet service instance in VLAN-based traffic match mode. · Manual—Static Ethernet service instance in VLAN-based traffic match mode.
PexGroupID	PEX group ID.

display vxlan tunnel

Use display vxlan tunnel to display VXLAN tunnel information for VXLANs.

Syntax

display vxlan tunnel [ vxlan-id vxlan-id ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

vxlan-id: Specifies a VXLAN ID. The value range for this argument is 0 to 16777215. If you do not specify a VXLAN, this command displays VXLAN tunnel information for all VXLANs.

Examples

# Display VXLAN tunnel information for all VXLANs.

<Sysname> display vxlan tunnel

Total number of VXLANs: 1

Total number of VXLAN tunnels: 1

VXLAN ID: 10, VSI name: aaa, Total tunnels: 1 (1 up, 0 down, 0 defect, 0 blocked)

Tunnel name Source Destination State Type Flood proxy Out VNI

Tun1 1.1.1.1 3.3.3.3 UP Manual Disabled -

# Display VXLAN tunnel information for VXLAN 10.

<Sysname> display vxlan tunnel vxlan-id 10

VXLAN ID: 10, VSI name: aaa, Total tunnels: 1 (1 up, 0 down, 0 defect, 0 blocked)

Tunnel name Source Destination State Type Flood proxy Out VNI

Tun1 1.1.1.1 3.3.3.3 UP Manual Disabled -

Table 15 Command output

Field	Description
State	Tunnel state: · Up—The tunnel is operating correctly. · Down—The tunnel interface is down.
Type	Tunnel assignment method. Auto indicates that the tunnel was automatically assigned to the VXLAN. Manual—The tunnel was manually assigned to the VXLAN.
Flood proxy	Flood proxy state. This field is not supported in the current software version.
Out VNI	This field is not supported in the current software version. Remote VXLAN ID mapped to the local VXLAN ID.

Related commands

tunnel

vxlan

display vxlan tunnel-interface

Use display vxlan tunnel-interface to display information about VXLAN tunnel interfaces.

Syntax

display vxlan tunnel-interface [ tunnel number [ verbose ] ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

tunnel number: Specifies an existing tunnel interface number. If you do not specify a VXLAN tunnel interface, this command displays information about all VXLAN tunnel interfaces.

verbose: Displays detailed information about VXLAN tunnel interfaces. If you do not specify this keyword, the command displays brief information about VXLAN tunnel interfaces.

Examples

# Display brief information about all VXLAN tunnel interfaces.

<Sysname> display vxlan tunnel-interface

Total number of VXLAN tunnels: 1

Tunnel name Source Destination State Type Uptime

Tunnel10 192.2.2.2 192.5.5.5 Up Manual 00:00:27

# Display detailed information about VXLAN tunnel interface 10.

<Sysname> display vxlan tunnel-interface tunnel 10 verbose

Tunnel Name : Tunnel10

Source : 192.2.2.2

Destination : 192.5.5.5

State : Up

Type : Manual

MAC learning : Enabled

Down reason : -

Uptime : 00:00:19

Table 16 Command output

Field	Description
Source	Tunnel source address.
Destination	Tunnel destination address.
State	Tunnel interface state: · Up. · Down.
Type	Tunnel assignment method: · Auto—The tunnel was automatically assigned to VXLANs by EVPN. · Manual—The tunnel was manually assigned to VXLANs.
MAC learning	Remote-MAC address learning state: · Enabled. · Disabled.
Uptime	Uptime of the VXLAN tunnel: · hh:mm:ss—The tunnel has been up for less than 24 hours. · xxxxhxxm—The tunnel has been up for more than 24 hours and less than 9999 hours. · ****hxxm—The tunnel has been up for more than 9999 hours. · -—The tunnel is down.

Related commands

tunnel

vxlan

encapsulation

Use encapsulation to configure a frame match criterion for an Ethernet service instance.

Use undo encapsulation to restore the default.

Syntax

encapsulation s-vid vlan-id [ only-tagged ]

encapsulation s-vid vlan-id c-vid { vlan-id | all }

encapsulation c-vid vlan-id

encapsulation { tagged | untagged }

undo encapsulation

Default

An Ethernet service instance does not contain a frame match criterion.

Views

Ethernet service instance view

Predefined user roles

network-admin

Parameters

s-vid: Matches frames that are tagged with the specified outer 802.1Q VLAN IDs.

c-vid: Matches frames that are tagged with the specified inner 802.1Q VLAN IDs.

vlan-id: Specifies an 802.1Q VLAN ID in the range of 1 to 4094.

only-tagged: Matches tagged frames. If the outer 802.1Q VLAN is not the PVID, the matching result does not differ, whether or not you specify the only-tagged keyword. If the outer 802.1Q VLAN is the PVID, the matching result depends on whether or not the only-tagged keyword is specified.

· To match only PVID-tagged frames, specify the only-tagged keyword.

· To match both untagged frames and PVID-tagged frames, do not specify the only-tagged keyword.

all: Specifies all 802.1Q VLAN IDs.

tagged: Matches any frames that have an 802.1Q VLAN tag.

untagged: Matches any frames that do not have an 802.1Q VLAN tag. This keyword is not supported in the current software version.

Usage guidelines

The encapsulation s-vid vlan-id [ only-tagged ] and encapsulation s-vid vlan-id c-vid { vlan-id | all } commands can specify the same outer VLAN ID for two Ethernet service instances on an interface. Frames that match both Ethernet service instances are assigned to the Ethernet service instance configured by using the encapsulation s-vid vlan-id c-vid { vlan-id | all } command.

If you configure the encapsulation tagged criterion for an Ethernet service instance, you must map the Ethernet service instance in Ethernet access mode to a VSI.

When you configure frame match criteria of different Ethernet service instances on an interface, follow these restrictions and guidelines:

· If both the encapsulation s-vid and encapsulation s-vid c-vid criteria exist on different Ethernet service instances, the specified outer VLAN IDs of different criteria can be identical.

· If both the encapsulation s-vid and encapsulation c-vid criteria exist on different Ethernet service instances, the specified inner VLAN IDs and outer VLAN IDs cannot be identical.

· If multiple Ethernet service instances match both the inner and outer VLAN IDs, the following restrictions apply:

¡ If the matching outer VLAN IDs are different, the inner VLAN IDs can be identical.

¡ If the matching inner VLAN IDs are different, the outer VLAN IDs can be identical.

· Ethernet service instances matching only the outer VLAN IDs conflict with those matching only the inner VLAN IDs. Do not configure both types of Ethernet service instances.

An Ethernet service instance can contain only one frame match criterion. To change the frame match criterion, first execute the undo encapsulation command to remove the original criterion. When you remove the frame match criterion in an Ethernet service instance, the mapping between the service instance and the VSI is removed automatically.

If multiple Ethernet service instances exist on an interface, configure a maximum of two types of frame match criteria for the Ethernet service instances. For example, if you have configured the encapsulation c-vid and encapsulation s-vid c-vid criteria for some Ethernet service instances, do not configure the encapsulation untagged criterion for the rest Ethernet service instances. If you configure three or more types of frame match criteria, some of the frame match criteria do not take effect.

Examples

# Configure Ethernet service instance 1 on GigabitEthernet 1/0/1 to match frames that have an outer 802.1Q VLAN ID of 111.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] service-instance 1

[Sysname-GigabitEthernet1/0/1-srv1] encapsulation s-vid 111

Related commands

display l2vpn service-instance

flooding disable

Use flooding disable to disable flooding for a VSI.

Use undo flooding disable to enable flooding for a VSI.

Syntax

flooding disable { all | { broadcast | unknown-multicast | unknown-unicast } * } [ all-direction ]

undo flooding disable

Default

Flooding is enabled for a VSI.

Views

VSI view

Predefined user roles

network-admin

Parameters

all: Specifies broadcast, unknown unicast, and unknown multicast traffic.

broadcast: Specifies broadcast traffic.

unknown-multicast: Specifies unknown multicast traffic.

unknown-unicast: Specifies unknown unicast traffic.

all-direction: Disables flooding traffic received from an AC or VXLAN tunnel interface to any other ACs and VXLAN tunnel interfaces of the same VSI. If you do not specify this keyword, the command only disables flooding traffic received from ACs to VXLAN tunnel interfaces of the VSI.

Usage guidelines

By default, the device floods broadcast, unknown unicast, and unknown multicast frames received from the local site to the following interfaces in the frame's VXLAN:

· All site-facing interfaces except for the incoming interface.

· All VXLAN tunnel interfaces.

When receiving broadcast, unknown unicast, and unknown multicast frames on VXLAN tunnel interfaces, the device floods the frames to all site-facing interfaces in the frames' VXLAN.

To confine a kind of flood traffic, use this command to disable flooding for that kind of flood traffic on the VSI bound to the VXLAN.

You must specify the unknown-multicast, broadcast, and unknown-unicast keywords simultaneously when you execute this command. You cannot specify only one or two of them.

Examples

# Disable flooding of local broadcast traffic to remote sites for VSI vsi1.

<Sysname> system-view

[Sysname] vsi vsi1

[Sysname-vsi-vsi1] flooding disable broadcast

ipv6 nd suppression enable

Use ipv6 nd suppression enable to enable ND flood suppression.

Use undo ipv6 nd suppression enable to disable ND flood suppression.

Syntax

ipv6 nd suppression enable [ no-broadcast ]

undo ipv6 nd suppression enable

Default

ND flood suppression is disabled.

Views

VSI view

Predefined user roles

network-admin

Parameters

no-broadcast: Disables flooding the ND requests that do not match any ND flood suppression entries.

Usage guidelines

ND flood suppression reduces ND request multicasts by enabling the VTEP to reply to ND requests on behalf of user terminals.

This feature snoops ND packets to populate the ND flood suppression table with local and remote MAC addresses. If an ND request has a matching entry, the VTEP replies to the request on behalf of the user terminal. If no match is found and the no-broadcast keyword is not specified, the VTEP floods the request to both local and remote sites.

Examples

# Enable ND flood suppression and disable flooding the ND requests that do not match any ND flood suppression entries for VSI vsi1.

<Sysname> system-view

[Sysname] vsi vsi1

[Sysname-vsi-vsi1] ipv6 nd suppression enable no-broadcast

Related commands

display ipv6 nd suppression vsi

ipv6 nd suppression mode

reset ipv6 nd suppression vsi

ipv6 nd suppression mode

Use ipv6 nd suppression mode to set the ND flood suppression mode.

Use undo ipv6 nd suppression mode to restore the default.

Syntax

ipv6 nd suppression mode { proxy-reply | unicast-forward } [ mismatch-discard ]

undo ipv6 nd suppression mode

Default

If ND flood suppression is enabled, the default ND flood suppression mode is proxy reply. In proxy reply mode, the device broadcasts the NS packets that are not targeted at the device and do not match any ND flood suppression entries.

Views

VSI view

Predefined user roles

network-admin

Parameters

proxy-reply: Specifies proxy reply mode. If an NS packet is not targeted at the device and matches an ND flood suppression entry, the device replies to the NS packet on behalf of the target IP address. The replied NA packet carries the following information:

· Sender IP address—Target IP address in the NS packet.

· Source MAC address—MAC address in the matching ND flood suppression entry.

unicast-forward: Specifies unicast forwarding mode. If an NS packet is not targeted at the device and matches an ND flood suppression entry, the device acts as follows:

1. Replaces the destination MAC address in the NS packet with the MAC address in the entry.

2. Unicasts the NS packet.

mismatch-discard: Specifies mismatch discarding mode. In this mode, the device discards an NS packet that is not targeted at the device and does not match any ND flood suppression entry. If you do not specify this keyword, the device will broadcast such an NS packet.

Usage guidelines

The device does not forward NS packets in proxy reply mode, which decreases system resource consumption. Unicast forwarding mode reduces the ND entry learning errors caused by the delay in refreshing ND flood suppression entries at the expense of high system resource usage.

Examples

# Enable ND flood suppression and set its mode to unicast forwarding on VSI vsi1.

<Sysname> system-view

[Sysname] vsi vsi1

[Sysname-vsi-vsi1] ipv6 nd suppression enable

[Sysname-vsi-vsi1] nd suppression mode unicast-forward

Related commands

ipv6 nd suppression enable

l2vpn enable

Use l2vpn enable to enable L2VPN.

Use undo l2vpn enable to disable L2VPN.

Syntax

l2vpn enable

undo l2vpn enable

Default

L2VPN is disabled.

Views

System view

Predefined user roles

network-admin

Usage guidelines

You must enable L2VPN before you can configure L2VPN settings.

Examples

# Enable L2VPN.

<Sysname> system-view

[Sysname] l2vpn enable

l2vpn statistics interval

Use l2vpn statistics interval to set the L2VPN statistics collection interval.

Use undo l2vpn statistics interval to restore the default.

Syntax

l2vpn statistics interval interval

undo l2vpn statistics interval

Default

The L2VPN statistics collection interval is 15 minutes.

Views

System view

Predefined user roles

network-admin

Parameters

Interval: Sets the L2VPN statistics collection interval in seconds, in the range of 5 to 65535.

Examples

# Set the L2VPN statistics collection interval to 30 seconds.

<Sysname> system-view

[Sysname] l2vpn statistics interval 30

mac-address static vsi

Use mac-address static vsi to add a static MAC address entry for a VXLAN VSI.

Use undo mac-address static vsi to remove a static MAC address entry for a VXLAN VSI.

Syntax

mac-address static mac-address interface tunnel tunnel-number vsi vsi-name

undo mac-address static [ mac-address ] interface tunnel tunnel-number vsi vsi-name

Default

VXLAN VSIs do not have static MAC address entries.

Views

System view

Predefined user roles

network-admin

Parameters

mac-address: Specifies a MAC address in H-H-H format. Do not specify a multicast MAC address or an all-zeros MAC address. You can omit the consecutive zeros at the beginning of each segment. For example, you can enter f-e2-1 for 000f-00e2-0001.

interface tunnel tunnel-number: Specifies a VXLAN tunnel interface by its tunnel interface number. The specified tunnel interface must already exist. This option applies to remote MAC addresses.

vsi vsi-name: Specifies a VSI name, a case-sensitive string of 1 to 31 characters.

Usage guidelines

A remote MAC address is the MAC address of a VM in a remote site. Remote MAC entries include manually added MAC entries, dynamically learned MAC entries, and MAC entries advertised through BGP EVPN.

When you add a remote MAC address entry, make sure the VSI's VXLAN has been specified on the VXLAN or VXLAN-DCI tunnel.

Do not configure static remote-MAC entries for tunnels that are automatically established by using EVPN.

· EVPN re-establishes tunnels if the transport-facing interface goes down and then comes up. If you have configured static remote-MAC entries, the entries are deleted when the tunnels are re-established.

· EVPN re-establishes tunnels if you perform configuration rollback. If the tunnel IDs change during tunnel re-establishment, configuration rollback fails, and static remote-MAC entries on the tunnels cannot be restored.

The undo mac-address static vsi vsi-name command removes all static MAC address entries for a VSI.

Examples

# Add MAC address 000f-e201-0101 to VSI vsi1. Specify Tunnel-interface 1 as the outgoing interface.

<Sysname> system-view

[Sysname] mac-address static 000f-e201-0101 interface tunnel 1 vsi vsi1

Related commands

vxlan tunnel mac-learning disable

mac-based ac

Use mac-based ac to enable MAC-based traffic match mode for dynamic Ethernet service instances on an interface.

Use undo mac-based ac to disable MAC-based traffic match mode for dynamic Ethernet service instances on an interface.

Syntax

mac-based ac

undo mac-based ac

Default

MAC-based traffic match mode is disabled for dynamic Ethernet service instances. Dynamic Ethernet service instances use VLAN-based traffic match mode.

Views

Layer 2 aggregate interface view

Layer 2 Ethernet interface view

Predefined user roles

network-admin

Usage guidelines

The 802.1X or MAC authentication feature can use the authorization VSI, the guest VSI, the Auth-Fail VSI, and the critical VSI to control the access of users to network resources. When assigning a user to a VSI, 802.1X or MAC authentication sends the VXLAN feature the VSI information and the user's access information, including access interface, VLAN, and MAC address. Then the VXLAN feature creates a dynamic Ethernet service instance for the user and maps it to the VSI.

A dynamic Ethernet service instance supports the following traffic match modes:

· VLAN-based mode—Matches frames by VLAN ID.

· MAC-based mode—Matches frames by VLAN ID and source MAC address.

To use MAC-based traffic match mode for dynamic Ethernet service instances, you must enable MAC authentication or 802.1X authentication that uses MAC-based access control.

This command takes effect only on dynamic Ethernet service instances. Static Ethernet service instances created by using the service-instance command match traffic only by the VLAN IDs specified by using the encapsulation command.

You cannot change the traffic match mode when dynamic Ethernet service instances already exist on an interface.

Examples

# Enable MAC-based traffic match mode for dynamic Ethernet service instances on GigabitEthernet 1/0/1.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] mac-based ac

Related commands

display l2vpn service-instance

overlay oam enable

Use overlay oam enable to enable overlay OAM.

Use undo overlay oam enable to disable overlay OAM.

Syntax

overlay oam enable

undo overlay oam enable

Default

Overlay OAM is disabled.

Views

System view

Predefined user roles

network-admin

Usage guidelines

You must enable overlay OAM on the tunnel destination device for a VXLAN tunnel before you can use the ping vxlan or tracert vxlan command to test reachability of the VXLAN tunnel on the tunnel source device. To specify the -r 3 parameter in the ping vxlan or tracert vxlan command on the tunnel source device, you must also enable overlay OAM on the tunnel source device.

Examples

# Enable overlay OAM.

<Sysname> system-view

[Sysname] overlay oam enable

Related commands

ping vxlan

tracert vxlan

ping vxlan

Use ping vxlan to ping a VXLAN tunnel destination.

Syntax

ping vxlan [ -a inner-src-address | -c count | -m interval | -r reply-mode | -t timeout | -tos tos-value ] * vxlan-id vxlan-id tunnel-source source-address tunnel-destination dest-address [ destination-udpport dest-port ] [ vxlan-source-address vxlan-source-address ] [ load-balance { vxlan-source-udpport vxlan-source-udpport [ end-vxlan-src-udpport ] | source-address lb-src-address destination-address lb-dest-address protocol { udp | lb-protocol-id } source-port lb-src-port destination-port lb-dest-port source-mac lb-source-mac destination-mac lb-destination-mac } ]

Views

Any view

Predefined user roles

network-admin

Parameters

-a inner-src-address: Specifies the source IP address in the inner IP header of VXLAN echo requests. If you do not specify this option, the primary IP address of the outgoing interface is used as the source IP address in the inner IP header of VXLAN echo requests. Make sure the tunnel destination device can reach this source IP address. For example, you can specify the tunnel source address as the source IP address in the inner IP header of VXLAN echo requests.

-c count: Specifies the number of VXLAN echo requests to send, in the range of 1 to 4294967295. The default value is 5.

-m interval: Specifies the interval for sending VXLAN echo requests, in milliseconds. The value range for the interval argument 1 to 10000, and the default is 200 milliseconds.

-r reply-mode: Sets the reply mode used by the receiver to reply to VXLAN echo requests. The value of the reply-mode argument can be 1, 2, or 3.

· 1—Do not reply.

· 2—Look up the IP forwarding table for the destination IP address.

· 3—Perform VXLAN encapsulation.

-t timeout: Specifies the timeout time for receiving VXLAN echo replies, in milliseconds. The value range for the timeout argument is 0 to 65535, and the default is 2000 milliseconds.

-tos tos-value: Specifies the ToS value in the outer IP header of VXLAN echo requests. The value range for the tos-value argument is 0 to 255, and the default is 0.

vxlan-id vxlan-id: Specifies a VXLAN ID in the range of 0 to 16777215.

tunnel-source source-address: Specifies a VXLAN tunnel source IPv4 address.

tunnel-destination dest-address: Specifies a VXLAN tunnel destination IPv4 address.

destination-udpport dest-port: Specifies the destination UDP port number in the inner header of VXLAN echo requests. The value range for the dest-port argument is 1 to 65535, and the default is 50001. Specify this parameter if a specific port number is required to be used as the inner destination UDP port number.

vxlan-source-address vxlan-source-address: Specifies the source IPv4 address in the outer IP header of VXLAN echo requests. If you do not specify this option, the source IPv4 address is the address specified with the tunnel-source source-address parameter. On an M-LAG member device, specify the source IPv4 address as the local VTEP IP address.

load-balance: Configures load balancing parameters. If you do not specify this keyword, the command tests only one of the multiple paths to the VXLAN tunnel destination.

vxlan-source-udpport vxlan-source-udpport end-vxlan-src-udpport: Specifies a source UDP port range for VXLAN echo requests. The value range for UDP port numbers is 49152 to 65535. The default start UDP port number is 4789. If you do not specify an end UDP port number, the end UDP port number is the start UDP port number.

source-address lb-src-address: Specifies the source IPv4 address used for load balancing calculation.

destination-address lb-dest-address: Specifies the destination IPv4 address used for load balancing calculation.

protocol: Specifies the protocol used for load balancing calculation.

udp: Specifies UDP.

lb-protocol-id: Specifies a protocol number in the range of 1 to 255.

source-port lb-src-port: Specifies a source port number used for load balancing calculation, in the range of 1 to 65535.

destination-port lb-dest-port: Specifies a destination port number used for load balancing calculation, in the range of 1 to 65535.

source-mac lb-source-mac: Specifies a source MAC address used for load balancing calculation.

destination-mac lb-destination-mac: Specifies a destination MAC address used for load balancing calculation.

Usage guidelines

Use this command to test the connectivity of a VXLAN tunnel in a VXLAN or EVPN VXLAN network when the tunnel has traffic loss or interruption issues.

Before you execute this command for a VXLAN tunnel, you must enable overlay OAM on the tunnel destination device by using the overlay oam enable command.

The VTEP can distribute VXLAN echo requests among multiple paths to the destination based on the source UDP port. When a VXLAN tunnel has multiple paths on the transport network, you can configure load sharing parameters to ensure accuracy of the test result. You can use one of the following methods to configure source UDP ports for VXLAN echo requests:

· Specify a source UDP port range. The device will send VXLAN echo requests sourced from each UDP port in the UDP port range. You need to execute the ping vxlan command only once.

· Specify load balancing parameters such as source and destination MAC addresses, source and destination IP addresses, and protocol for the VTEP to calculate a source UDP port number. You need to execute the ping vxlan command multiple times to test connectivity of all paths.

The load balancing parameters change only the source UDP port number of VXLAN echo requests. Other fields of the requests will not be changed.

If you specify the vxlan-source-udpport vxlan-source-udpport [ end-vxlan-src-udpport ] parameters, the number of VXLAN echo requests sourced from each UDP port in the UDP port range is determined by the -c count parameter.

Examples

# Test connectivity of VXLAN 1 that is sourced from 11.11.11.11 and destined for 22.22.22.22.

<Sysname> ping vxlan vxlan-id 1 tunnel-source 11.11.11.11 tunnel-destination 22.22.22.22

Ping VXLAN: VXLAN ID 1 source 11.11.11.11 destination 22.22.22.22:

Press CTRL+C to break.

40 bytes from 30.0.0.2: sequence=1 time=6 ms

40 bytes from 30.0.0.2: sequence=2 time=4 ms

40 bytes from 30.0.0.2: sequence=3 time=3 ms

40 bytes from 30.0.0.2: sequence=4 time=3 ms

40 bytes from 30.0.0.2: sequence=5 time=2 ms

--- Ping statistics for VXLAN 1 source 11.11.11.11 destination 22.22.22.22 ---

5 packets transmitted, 5 packets received, 0.0% packet loss

Round-trip min/avg/max = 2/3/6 ms

Table 17 Command output

Field	Description
Press CTRL+C to break	Press escape key Ctrl+C to abort the ping operation.
40 bytes from 30.0.0.2: sequence=1 time=6 ms	Received VXLAN echo replies from a device. If no echo reply is received within the timeout period, no information is displayed. · bytes—Number of bytes in the VXLAN echo reply. · sequence—Packet sequence number used to determine whether a packet is lost, disordered, or repeated. · time—Response time.
Return code	Return code: · 0—No return code. · 1—Echo request error. · 2—The VXLAN does not exist. · 3—The VXLAN does not have up tunnels. The number in parentheses is a sub code fixed at 0.
Ping statistics for VXLAN 1 source 11.11.11.11 destination 22.22.22.22	Statistics about the data received and sent in the ping operation.
packets transmitted	Number of sent VXLAN echo requests.
packets received	Number of received VXLAN echo replies.
packet loss	Percentage of unacknowledged requests to the total requests sent.
Round-trip min/avg/max	Minimum/average/maximum deviation response time, in milliseconds.

Related commands

overlay oam enable

tracert vxlan

private-vsi

Use private-vsi to configure a VSI as a primary or secondary VSI and enable the private VSI feature.

Use undo private-vsi to disable the private VSI feature.

Syntax

private-vsi { community | isolated | primary }

undo private-vsi

Default

The private VSI feature is disabled.

Views

VSI view

Predefined user roles

network-admin

Parameters

community: Specifies the VSI as a secondary VSI whose ACs have Layer 2 connectivity to one another.

isolated: Specifies the VSI as a secondary VSI whose ACs are isolated at Layer 2.

primary: Specifies the VSI as a primary VSI.

Usage guidelines

In a data center network, typically VMs on a server are assigned to the same subnet. For security purposes, you can configure private VSI on the attached VTEP and private VLAN on the server to isolate the VMs based on VM attributes, operating system, and VM name. The server will send inter-VM traffic to the VTEP, and the VTEP will isolate traffic of different VMs or apply security policies as configured.

Examples

# Configure VSI vpn1 as a primary VSI, and enable the private VSI feature.

<Sysname> system-view

[Sysname] vsi vpn1

[Sysname-vsi-vpn1] private-vsi primary

private-vsi secondary

Use private-vsi secondary to associate a secondary VSI with a primary VSI.

Use undo private-vsi secondary to remove a secondary VSI from a primary VSI.

Syntax

private-vsi secondary vsi-name&<1-8>

undo private-vsi secondary vsi-name&<1-8>

Default

A primary VSI is not associated with any secondary VSIs.

Views

VSI view

Predefined user roles

network-admin

Parameters

vsi-name: Specifies a space-separated list of up to eight VSI names. Each VSI name is a case-sensitive string of 1 to 31 characters.

Usage guidelines

Each primary VSI is associated with one or multiple secondary VSIs, and the secondary VSIs communicate at Layer 3 through the primary VSI.

Examples

# Associate secondary VSI vpn2 with primary VSI vpn1.

<Sysname> system-view

[Sysname] vsi vpn1

[Sysname-vsi-vpn1] private-vsi primary

[Sysname-vsi-vpn1] private-vsi secondary vpn2

reserved vxlan

Use reserved vxlan to specify a reserved VXLAN.

Use undo reserved vxlan to restore the default.

Syntax

reserved vxlan vxlan-id

undo reserved vxlan

Default

No VXLAN has been reserved.

Views

System view

Predefined user roles

network-admin

Parameters

vxlan-id: Specifies a VXLAN ID. The value range for this argument is 0 to 16777215.

Usage guidelines

You can specify only one reserved VXLAN on the VTEP. The reserved VXLAN cannot be the VXLAN created on any VSI.

Examples

# Specify VXLAN 10000 as the reserved VXLAN.

<Sysname> system-view

[Sysname] reserved vxlan 10000

Related commands

mapping vni (EVPN Command Reference)

reset arp suppression vsi

Use reset arp suppression vsi to clear ARP flood suppression entries on VSIs.

Syntax

reset arp suppression vsi [ name vsi-name ]

Views

User view

Predefined user roles

network-admin

Parameters

name vsi-name: Specifies a VSI by its name, a case-sensitive string of 1 to 31 characters. If you do not specify a VSI, this command clears ARP flood suppression entries on all VSIs.

Examples

# Clear ARP flood suppression entries on all VSIs.

<Sysname> reset arp suppression vsi

This command will delete all entries. Continue? [Y/N]:y

Related commands

arp suppression enable

display arp suppression vsi

reset ipv6 nd suppression vsi

Use reset ipv6 nd suppression vsi to clear ND flood suppression entries on VSIs.

Syntax

reset ipv6 nd suppression vsi [ name vsi-name ]

Views

User view

Predefined user roles

network-admin

Parameters

name vsi-name: Specifies a VSI by its name, a case-sensitive string of 1 to 31 characters. If you do not specify a VSI, this command clears ND flood suppression entries on all VSIs.

Examples

# Clear ND flood suppression entries on all VSIs.

<Sysname> reset ipv6 nd suppression vsi

This command will delete all entries. Continue? [Y/N]:y

Related commands

display ipv6 nd suppression vsi

ipv6 nd suppression enable

reset l2vpn mac-address

Use reset l2vpn mac-address to clear dynamic MAC address entries on VSIs.

Syntax

reset l2vpn mac-address [ vsi vsi-name ]

Views

User view

Predefined user roles

network-admin

Parameters

vsi vsi-name: Specifies a VSI by its name, a case-sensitive string of 1 to 31 characters. If you do not specify a VSI, this command clears all dynamic MAC address entries on all VSIs.

Usage guidelines

Use this command when the number of dynamic MAC address entries reaches the limit or the device learns incorrect MAC addresses.

Examples

# Clear the dynamic MAC address entries on VSI vpn1.

<Sysname> reset l2vpn mac-address vsi vpn1

Related commands

display l2vpn mac-address vsi

reset l2vpn mac-address mac-move

Use reset l2vpn mac-address mac-move to clear MAC move records for all VSIs.

Syntax

reset l2vpn mac-address mac-move

Views

User view

Predefined user roles

network-admin

Examples

# Clear MAC move records for all VSIs.

<Sysname> reset l2vpn mac-address mac-move

Related commands

display l2vpn mac-address mac-move

reset l2vpn statistics ac

Use reset l2vpn statistics ac to clear packet statistics on ACs.

Syntax

reset l2vpn statistics ac [ interface interface-type interface-number service-instance instance-id ]

Views

User view

Predefined user roles

network-admin

Parameters

interface interface-type interface-number service-instance instance-id: Specifies an Ethernet service instance on an interface. The interface-type and interface-number arguments specify the interface type and number. The instance-id argument specifies an Ethernet service instance ID in the range of 1 to 4096.

Usage guidelines

If you do not specify any parameters, this command clears packet statistics on all ACs.

Examples

# Clear packet statistics for Ethernet service instance 1 on GigabitEthernet 1/0/1.

<Sysname> reset l2vpn statistics ac interface gigabitethernet 1/0/1 service-instance 1

Related commands

ac statistics enable

display l2vpn service-instance verbose

statistics enable (Ethernet service instance view)

reset l2vpn statistics vsi

Use reset l2vpn statistics vsi to clear packet statistics on VSIs.

Syntax

reset l2vpn statistics vsi [ name vsi-name ]

Views

User view

Predefined user roles

network-admin

Parameters

name vsi-name: Specifies a VSI by its name, a case-sensitive string of 1 to 31 characters. If you do not specify a VSI, this command clears packet statistics on all VSIs.

Examples

# Clear packet statistics on all VSIs.

<Sysname> reset l2vpn statistics vsi

Related commands

statistics enable (VSI view)

selective-flooding mac-address

Use selective-flooding mac-address to enable selective flood for a MAC address.

Use undo selective-flooding mac-address to disable selective flood for a MAC address.

Syntax

selective-flooding mac-address mac-address

undo selective-flooding mac-address mac-address

Default

Selective flood is disabled for all MAC addresses.

Views

VSI view

Predefined user roles

network-admin

Parameters

mac-address: Specifies a MAC address. The MAC address cannot be all Fs.

Usage guidelines

This command excludes a remote unicast or multicast MAC address from the remote flood suppression done by using the flooding disable command. The VTEP will flood the frames destined for the specified MAC address to remote sites when floods are confined to the local site.

Examples

# Enable selective flood for 000f-e201-0101 on VSI vsi1.

<Sysname> system-view

[Sysname] vsi vsi1

[Sysname-vsi-vsi1] selective-flooding mac-address 000f-e201-0101

Related commands

flooding disable (VSI view)

service-instance

Use service-instance to create an Ethernet service instance and enter its view, or enter the view of an existing Ethernet service instance.

Use undo service-instance to delete an Ethernet service instance.

Syntax

service-instance instance-id

undo service-instance instance-id

Default

No Ethernet service instances exist.

Views

Layer 2 aggregate interface view

Layer 2 Ethernet interface view

Predefined user roles

network-admin

Parameters

instance-id: Specifies an Ethernet service instance ID in the range of 1 to 4096.

Examples

# On Layer 2 Ethernet interface GigabitEthernet 1/0/1, create Ethernet service instance 1 and enter Ethernet service instance view.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] service-instance 1

[Sysname-GigabitEthernet1/0/1-srv1]

Related commands

display l2vpn service-instance

shutdown

Use shutdown to shut down a VSI.

Use undo shutdown to bring up a VSI.

Syntax

shutdown

undo shutdown

Default

VSIs are up.

Views

VSI view

Predefined user roles

network-admin

Usage guidelines

Use this command to temporarily disable a VSI to provide Layer 2 switching services. The shutdown action does not change settings on the VSI. You can continue to configure the VSI. After you bring up the VSI again, the VSI provides services based on the latest settings.

Examples

# Shut down VSI vpn1.

<Sysname> system-view

[Sysname] vsi vpn1

[Sysname-vsi-vpn1] shutdown

Related commands

display l2vpn vsi

statistics enable (Ethernet service instance view)

Use statistics enable to enable packet statistics for an Ethernet service instance.

Use undo statistics enable to disable packet statistics for an Ethernet service instance.

Syntax

statistics enable

undo statistics enable

Default

The packet statistics feature is disabled for an Ethernet service instance.

Views

Ethernet service instance view

Predefined user roles

network-admin

Usage guidelines

For this command to take effect, you must configure a frame match criterion for the Ethernet service instance and map it to a VSI. If you modify the frame match criterion or VSI mapping, packet statistics of the instance is cleared.

Examples

# Enable packet statistics for Ethernet service instance 200 on GigabitEthernet 1/0/1.

<Sysname> system-view

[Sysname] interface gigabitethernet 1/0/1

[Sysname-GigabitEthernet1/0/1] service-instance 200

[Sysname-GigabitEthernet1/0/1-srv200] statistics enable

Related command

display l2vpn service-instance verbose

reset l2vpn statistics ac

statistics enable (tunnel interface view)

Use statistics enable to enable packet statistics for a manually created VXLAN tunnel.

Use undo statistics enable to disable packet statistics for a manually created VXLAN tunnel.

Syntax

statistics enable

undo statistics enable

Default

The packet statistics feature is disabled for a manually created VXLAN tunnel.

Views

VXLAN tunnel interface view

Predefined user roles

network-admin

Examples

# Enable packet statistics for VXLAN tunnel interface Tunnel 10.

<Sysname> system-view

[Sysname] interface tunnel 1 mode vxlan

[Sysname-Tunnel1] statistics enable

Related commands

display interface tunnel (Layer 3—IP Services Command Reference)

reset counters interface tunnel (Layer 3—IP Services Command Reference)

tunnel statistics vxlan auto

statistics enable (VSI view)

Use statistics enable to enable packet statistics for a VSI.

Use undo statistics enable to disable packet statistics for a VSI.

Syntax

statistics enable

undo statistics enable

Default

The packet statistics feature is disabled for a VSI.

Views

VSI view

Predefined user roles

network-admin

Examples

# Enable packet statistics for VSI vsi1.

<Sysname> system-view

[Sysname] vsi vsi1

[Sysname-vsi-vsi1] statistics enable

Related commands

display l2vpn vsi verbose

reset l2vpn statistics vsi

tracert vxlan

Use tracert vxlan to trace the path to a VXLAN tunnel destination.

Syntax

tracert vxlan [ -a inner-src-address | -h ttl-value | -r reply-mode | -t timeout ] * vxlan-id vxlan-id tunnel-source source-address tunnel-destination dest-address [ destination-udpport dest-port ] [ vxlan-source-address vxlan-source-address ] [ load-balance { vxlan-source-udpport vxlan-source-udpport | source-address lb-src-address destination-address lb-dest-address protocol { udp | lb-protocol-id } source-port lb-src-port destination-port lb-dest-port source-mac lb-source-mac destination-mac lb-destination-mac } ]

Views

Any view

Predefined user roles

network-admin

Parameters

-h ttl-value: Specifies the maximum TTL value in the outer IP header of VXLAN echo requests. The value range for the ttl-value argument is 1 to 255, and the default is 30.