slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays batch hot-backup state information on all cards.

Usage guidelines

Before you install or remove a card, or modify card configuration, use this command to verify that the batch hot-backup state of the card is Not running. If the batch hot-backup state of the card is Running, do not perform those card operations.

Examples

# Display batch hot-backup state information for all cards.

<Sysname> display session batch-hot-backup state

Failover group 1:

Slot 1 batch-hot-backup state: Not running

Slot 10 batch-hot-backup state: Not running

Failover group 2:

Slot 1 batch-hot-backup state: Not running

Slot 10 batch-hot-backup state: Not running

Failover group 3:

Slot 1 batch-hot-backup state: Not running

Slot 10 batch-hot-backup state: Not running

Table 3 Command output

Field	Description
Failover group	Name of the failover group. This field is not supported in the current software version.
batch-hot-backup state	· Running—The batch hot backup operation is in process. Do not perform operations such as installing or removing the card or modifying card configuration. · Not running—The batch hot backup operation is not in process. You can perform operations such as installing or removing the card or modifying card configuration.

Field

Description

Failover group

Name of the failover group. This field is not supported in the current software version.

batch-hot-backup state

· Running—The batch hot backup operation is in process. Do not perform operations such as installing or removing the card or modifying card configuration.

· Not running—The batch hot backup operation is not in process. You can perform operations such as installing or removing the card or modifying card configuration.

display session relation-table

Use display session relation-table to display relation entries.

Syntax

display session relation-table { ipv4 | ipv6 } [ slot slot-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

ipv4: Specifies IPv4 relation entries.

ipv6: Specifies IPv6 relation entries.

slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays relation entries on all cards.

Examples

# Display all IPv4 relation entries.

<Sysname> display session relation-table ipv4

Slot 1:

Source IP/port: 192.168.1.100/-

Destination IP/port: 192.168.2.100/99

DS-Lite tunnel peer: -

VPN instance/VLAN ID/VLL ID: 1/-/-

Protocol: TCP(6) TTL: 589s App: FTP-DATA

Source IP/port: -/-

Destination IP/port: 192.168.2.200/1212

DS-Lite tunnel peer: -

VPN instance/VLAN ID/VLL ID: -/-/-

Protocol: TCP(6) TTL: 3100s App: H225

Total entries found: 2

# Display all IPv6 relation entries.

<Sysname> display session relation-table ipv6

Slot 1:

Source IP: 2011::0002

Destination IP/port: 2011::0008/1212

DS-Lite tunnel peer: -

VPN instance/VLAN ID/VLL ID: -/-/-

Protocol: TCP(6) TTL: 589s App: FTP-DATA

Total entries found: 1

Table 4 Command output

Field	Description
Source IP/port	Source IP address and port number of the session. If the IP or port number is not specified, this field displays a hyphen (-). For an IPv6 relation entry, the source port number is not displayed.
Destination IP/port	Destination IP address and port number of the session.
DS-Lite tunnel peer	Peer tunnel interface address of the DS-Lite tunnel to which the session belongs. If no peer tunnel interface address is specified, a hyphen (-) is displayed. This field is not supported in the current software version.
VPN instance/VLAN ID/VLL ID	MPLS L3VPN instance to which the relation entry belongs. ‌ VLAN to which the relation entry belongs during Layer 2 forwarding.‌VLL ID to which the relation entry belongs during Layer 2 forwarding.‌ If a parameter is not specified, a hyphen (-) is displayed for the proper field.
Protocol	Transport layer protocol.
TTL	Remaining lifetime of the relation entry, in seconds.
App	Application layer protocol.
Total entries found	Total number of found relation entries.

‌

display session statistics

Use display session statistics to display unicast session statistics.

Syntax

display session statistics [ summary ] [ slot slot-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

summary: Displays summary information about unicast session statistics. If you do not specify this keyword, the command displays detailed information about unicast session statistics.

slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays unicast session statistics on all cards.

Examples

# Display detailed information about unicast session statistics.

<Sysname> display session statistics

Slot 1:

Current sessions: 3

TCP sessions: 0

UDP sessions: 0

ICMP sessions: 3

ICMPv6 sessions: 0

UDP-Lite sessions: 0

SCTP sessions: 0

DCCP sessions: 0

RAWIP sessions: 0

History average sessions per second:

Past hour: 1

Past 24 hours: 0

Past 30 days: 0

History average session establishment rate:

Past hour: 0/s

Past 24 hours: 0/s

Past 30 days: 0/s

Current relation-table entries: 0

Session establishment rate: 0/s

TCP: 0/s

UDP: 0/s

ICMP: 0/s

ICMPv6: 0/s

UDP-Lite: 0/s

SCTP: 0/s

DCCP: 0/s

RAWIP: 0/s

Received TCP : 0 packets 0 bytes

Received UDP : 118 packets 13568 bytes

Received ICMP : 105 packets 8652 bytes

Received ICMPv6 : 0 packets 0 bytes

Received UDP-Lite : 0 packets 0 bytes

Received SCTP : 0 packets 0 bytes

Received DCCP : 0 packets 0 bytes

Received RAWIP : 0 packets 0 bytes

Table 5 Command output

Field	Description
Current sessions	Total number of unicast sessions.
TCP sessions	Number of TCP unicast sessions.
UDP sessions	Number of UDP unicast sessions.
ICMP sessions	Number of ICMP unicast sessions.
ICMPv6 sessions	Number of ICMPv6 unicast sessions.
UDP-Lite sessions	Number of UDP-Lite unicast sessions.
SCTP sessions	Number of SCTP unicast sessions.
DCCP sessions	Number of DCCP unicast sessions.
RAWIP sessions	Number of Raw IP unicast sessions.
History average sessions per second	History statistics of average unicast sessions per second.
Past hour	The average number of unicast sessions per second in the most recent hour.
Past 24 hours	The average number of unicast sessions per second in the most recent 24 hours.
Past 30 days	The average number of unicast sessions per second in the most recent 30 days.
History average session establishment rate	History statistics of average unicast session establishment rates.
Past hour	The average unicast session establishment rate in the most recent hour.
Past 24 hours	The average unicast session establishment rate in the most recent 24 hours.
Past 30 days	The average unicast session establishment rate in the most recent 30 days.
Current relation-table entries	Total number of relation entries.
Session establishment rate	Unicast session establishment rate, and rates for establishing unicast sessions of different protocols.
Received TCP	Number of received TCP packets and bytes.
Received UDP	Number of received UDP packets and bytes.
Received ICMP	Number of received ICMP packets and bytes.
Received ICMPv6	Number of received ICMPv6 packets and bytes.
Received UDP-Lite	Number of received UDP-Lite packets and bytes.
Received SCTP	Number of received SCTP packets and bytes.
Received DCCP	Number of received DCCP packets and bytes.
Received RAWIP	Number of received Raw IP packets and bytes.

# Display summary information about unicast session statistics.

<Sysname> display session statistics summary

Slot Sessions TCP UDP Rate TCP rate UDP rate

1 3 0 0 0/s 0/s 0/s

Table 6 Command output

Field	Description
Sessions	Total number of unicast sessions.
TCP	Number of TCP unicast sessions.
UDP	Number of UDP unicast sessions.
Rate	Rate of unicast session creation.
TCP rate	Rate of TCP unicast session creation.
UDP rate	Rate of UDP unicast session creation.

display session statistics ipv4

Use display session statistics ipv4 to display IPv4 unicast session statistics.

Syntax

display session statistics ipv4 { source-ip source-ip | destination-ip destination-ip | protocol { dccp | icmp | raw-ip | sctp | tcp | udp | udp-lite } | source-port source-port | destination-port destination-port } * [ slot slot-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

source-ip source-ip: Specifies a source IPv4 address for a unicast session from the initiator to the responder.

destination-ip destination-ip: Specifies a destination IPv4 address for a unicast session from the initiator to the responder.

protocol { dccp | icmp | raw-ip | sctp | tcp | udp | udp-lite }: Specifies an IPv4 protocol.

source-port source-port: Specifies a source port by its number. The source-port argument specifies the source port of an IPv4 unicast session from the initiator to the responder. The value range for the source-port argument is 0 to 65535.

destination-port destination-port: Specifies a destination port by its number. The destination-port argument specifies the destination port of an IPv6 unicast session from the initiator to the responder. The value range for the destination-port argument is 0 to 65535.

slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays IPv4 unicast session statistics on all cards. (Distributed devices in standalone mode.)

Examples

# Display statistics for IPv4 unicast sessions from port 1024.

<Sysname> display session statistics ipv4 source-port 1024

Slot 1:

Current sessions: 1

TCP sessions: 0

UDP sessions: 1

ICMP sessions: 0

ICMPv6 sessions: 0

UDP-Lite sessions: 0

SCTP sessions: 0

DCCP sessions: 0

RAWIP sessions: 0

Table 7 Command output

Field	Description
Current sessions	Total number of current unicast sessions.
TCP sessions	Number of TCP unicast sessions.
UDP sessions	Number of UDP unicast sessions.
ICMP sessions	Number of ICMP unicast sessions.
ICMPv6 sessions	Number of ICMPv6 unicast sessions.
UDP-Lite sessions	Number of UDP-Lite unicast sessions.
SCTP sessions	Number of SCTP unicast sessions.
DCCP sessions	Number of DCCP unicast sessions.
RAWIP sessions	Number of Raw IP unicast sessions.

display session statistics ipv6

Use display session statistics ipv6 to display IPv6 unicast session statistics.

Syntax

display session statistics ipv6 { source-ip source-ip | destination-ip destination-ip | protocol { dccp | icmpv6 | raw-ip | sctp | tcp | udp | udp-lite } | source-port source-port | destination-port destination-port } * [ slot slot-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

source-ip source-ip: Specifies a source IPv6 address for a unicast session from the initiator to the responder.

destination-ip destination-ip: Specifies a destination IPv6 address for a unicast session from the initiator to the responder.

protocol { dccp | icmpv6 | raw-ip | sctp | tcp | udp | udp-lite }: Specifies an IPv6 protocol.

source-port source-port: Specifies a source port by its number. The source-port argument specifies the source port of an IPv6 unicast session from the initiator to the responder. The value range for the source-port argument is 0 to 65535.

slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays IPv6 unicast session statistics on all cards.

Examples

# Display statistics for IPv6 unicast sessions from port 1024.

<Sysname> display session statistics ipv6 source-port 1024

Slot 1:

Current sessions: 1

TCP sessions: 0

UDP sessions: 1

ICMP sessions: 0

ICMPv6 sessions: 0

UDP-Lite sessions: 0

SCTP sessions: 0

DCCP sessions: 0

RAWIP sessions: 0

Table 8 Command output

Field	Description
Current sessions	Total number of current unicast sessions.
TCP sessions	Number of TCP unicast sessions.
UDP sessions	Number of UDP unicast sessions.
ICMP sessions	Number of ICMP unicast sessions.
ICMPv6 sessions	Number of ICMPv6 unicast sessions.
UDP-Lite sessions	Number of UDP-Lite unicast sessions.
SCTP sessions	Number of SCTP unicast sessions.
DCCP sessions	Number of DCCP unicast sessions.
RAWIP sessions	Number of Raw IP unicast sessions.

display session statistics multicast

Use display session statistic multicast to display multicast session statistics.

Syntax

display session statistics multicast [ slot slot-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays multicast session statistics on all cards.

Examples

# Display information about multicast session statistics.

<Sysname> display session statistics multicast

Slot 1:

Current sessions: 0

Session establishment rate: 0/s

Received: 0 packets 0 bytes

Sent : 0 packets 0 bytes

Slot 10:

Current sessions: 0

Session establishment rate: 0/s

Received: 0 packets 0 bytes

Sent : 0 packets 0 bytes

Table 9 Command output

Field	Description
Current sessions	Total number of multicast sessions.
Session establishment rate	Rate of multicast session creation.
Received	Number of received multicast packets and bytes.
Sent	Number of sent multicast packets and bytes.

display session table ipv4

Use display session table ipv4 to display information about IPv4 unicast session entries that match specific criteria.

Syntax

display session table ipv4 [ slot slot-number ] [ source-ip start-source-ip [ end-source-ip ] ] [ destination-ip start-destination-ip [ end-destination-ip ] ] [ protocol { dccp | icmp | raw-ip | sctp | tcp | udp | udp-lite } ] [ source-port source-port ] [ destination-port destination-port ] [ vpn-instance vpn-instance-name ] [ verbose ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays information on all cards.

source-ip start-source-ip [ end-source-ip ]: Specifies a source IPv4 address or IPv4 address range for a unicast session from the initiator to the responder. The start source-ip argument specifies the start source IPv4 address. The end source-ip argument specifies the end source IPv4 address.

destination-ip start-destination-ip [ end-destination-ip ]: Specifies a destination IPv4 address or IPv4 address range for a unicast session from the initiator to the responder. The start destination-ip argument specifies the start destination IPv4 address. The end destination-ip argument specifies the end destination IPv4 address.

protocol { dccp | icmp | raw-ip | sctp | tcp | udp | udp-lite }: Specifies an IPv4 transport layer protocol, including DCCP, ICMP, Raw IP, SCTP, TCP, UDP, and UDP-Lite.

source-port source-port: Specifies a source port by its number. The source-port argument specifies the source port of a unicast session from the initiator to the responder. The value range for the source-port argument is 0 to 65535.

destination-port destination-port: Specifies a destination port by its number. The destination-port argument specifies the destination port of a unicast session from the initiator to the responder. The value range for the destination-port argument is 0 to 65535.

vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters. If you do not specify this option, the command displays IPv4 unicast session entries in the public network.

verbose: Displays detailed information about IPv4 unicast session entries. If you do not specify this keyword, the command displays brief information about IPv4 unicast session entries.

Usage guidelines

If you do not specify any parameters, this command displays all IPv4 unicast session entries.

Examples

# Display brief information about all IPv4 unicast session entries.

<Sysname> display session table ipv4

Slot 1:

Initiator:

Source IP/port: 192.168.1.18/1877

Destination IP/port: 192.168.1.55/22

DS-Lite tunnel peer: -

VPN instance/VLAN ID/VLL ID: -/-/-

Protocol: TCP(6)

Inbound interface: Ten-GigabitEthernet3/0/1

Initiator:

Source IP/port: 192.168.1.18/1792

Destination IP/port: 192.168.1.55/2048

DS-Lite tunnel peer: -

VPN instance/VLAN ID/VLL ID: -/-/-

Protocol: ICMP(1)

Inbound interface: Ten-GigabitEthernet3/0/1

Total sessions found: 2

# Display detailed information about all IPv4 unicast session entries.

<Sysname> display session table ipv4 verbose

Slot 1:

Initiator:

Source IP/port: 192.168.1.18/1877

Destination IP/port: 192.168.1.55/22

DS-Lite tunnel peer: -

VPN instance/VLAN ID/VLL ID: -/-/-

Protocol: TCP(6)

Inbound interface: Ten-GigabitEthernet3/0/1

Responder:

Source IP/port: 192.168.1.55/22

Destination IP/port: 192.168.1.18/1877

DS-Lite tunnel peer: -

VPN instance/VLAN ID/VLL ID: -/-/-

Protocol: TCP(6)

Inbound interface: Ten-GigabitEthernet3/0/2

State: TCP_SYN_SENT

Application: SSH

Start time: 2011-07-29 19:12:36

Initiator->Responder: 1 packets 48 bytes

Responder->Initiator: 0 packets 0 bytes

Initiator:

Source IP/port: 192.168.1.18/1792

Destination IP/port: 192.168.1.55/2048

DS-Lite tunnel peer: -

VPN instance/VLAN ID/VLL ID: -/-/-

Protocol: ICMP(1)

Inbound interface: Ten-GigabitEthernet3/0/1

Responder:

Source IP/port: 192.168.1.55/1792

Destination IP/port: 192.168.1.18/0

DS-Lite tunnel peer: -

VPN instance/VLAN ID/VLL ID: -/-/-

Protocol: ICMP(1)

Inbound interface: Ten-GigabitEthernet3/0/2

State: ICMP_REQUEST

Application: OTHER

Start time: 2011-07-29 19:12:33

Initiator->Responder: 1 packets 60 bytes

Responder->Initiator: 0 packets 0 bytes

Total sessions found: 2

Table 10 Command output

Field	Description
Initiator	Information about the unicast session from the initiator to the responder.
Responder	Information about the unicast session from the responder to the initiator.
DS-Lite tunnel peer	Address of the DS-Lite tunnel peer. When the unicast session does not belong to any DS-Lite tunnel, this field displays a hyphen (-). This field is not supported in the current software version.
VPN instance/VLAN ID/VLL ID	MPLS L3VPN instance to which the unicast session belongs. ‌ VLAN to which the session belongs during Layer 2 forwarding.‌VLL ID to which the session belongs during Layer 2 forwarding.‌ If a parameter is not specified, a hyphens (-) is displayed for the proper field.
Protocol	Transport layer protocol: · DCCP. · ICMP. · ICMPv6. · Raw IP. · SCTP. · TCP. · UDP. · UDP-Lite. The number in the brackets indicates the protocol number.
State	Unicast session state.
Application	Application layer protocol, FTP or DNS. If it is an unknown protocol identified by an unknown port, this field displays OTHER.
Start time	Unicast session establishment time.
Initiator->Responder	Number of packets and bytes from the initiator to the responder.
Responder->Initiator	Number of packets and bytes from the responder to the initiator.
Total sessions found	Total number of found unicast session entries.

‌

display session table ipv6

Use display session table ipv6 to display information about IPv6 unicast session entries that match specific criteria.

Syntax

display session table ipv6 [ slot slot-number ] [ source-ip start-source-ip [ end-source-ip ] ] [ destination-ip start-destination-ip [ end-destination-ip ] ] [ protocol { dccp | icmpv6 | raw-ip | sctp | tcp | udp | udp-lite } ] [ source-port source-port ] [ destination-port destination-port ] [ vpn-instance vpn-instance-name ] [ verbose ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays information on all cards.

source-ip start-source-ip [ end-source-ip ]: Specifies a source IPv6 address or IPv6 address range for a unicast session from the initiator to the responder. The start source-ip argument specifies the start source IPv6 address. The end source-ip argument specifies the end source IPv6 address.

destination-ip start-destination-ip [ end-destination-ip ]: Specifies a destination IPv6 address or IPv6 address range for a unicast session from the initiator to the responder. The start destination-ip argument specifies the start destination IPv6 address. The end destination-ip argument specifies the end destination IPv6 address.

protocol { dccp | icmpv6 | raw-ip | sctp | tcp | udp | udp-lite }: Specifies an IPv6 transport layer protocol, including DCCP, ICMPv6, Raw IP, SCTP, TCP, UDP, and UDP-Lite.

verbose: Displays detailed information about IPv6 unicast session entries. If you do not specify this keyword, the command displays brief information about IPv6 unicast session entries.

Usage guidelines

If you do not specify any parameters, this command displays all IPv6 unicast session entries.

Examples

# Display brief information about all IPv6 unicast session entries.

<Sysname> display session table ipv6

Slot 1:

Initiator:

Source IP/port: 2011::2/58473

Destination IP/port: 2011::8/32768

DS-Lite tunnel peer: -

VPN instance/VLAN ID/VLL ID: -/-/-

Protocol: IPV6-ICMP(58)

Inbound interface: Ten-GigabitEthernet3/0/1

Total sessions found: 1

# Display detailed information about all IPv6 unicast session entries.

<Sysname> display session table ipv6 verbose

Slot 1:

Initiator:

Source IP/port: 2011::2/58473

Destination IP/port: 2011::8/32768

DS-Lite tunnel peer: -

VPN instance/VLAN ID/VLL ID: -/-/-

Protocol: IPV6-ICMP(58)

Inbound interface: Ten-GigabitEthernet3/0/1

Responder:

Source IP/port: 2011::8/58473

Destination IP/port: 2011::2/33024

DS-Lite tunnel peer: -

VPN instance/VLAN ID/VLL ID: -/-/-

Protocol: IPV6-ICMP(58)

Inbound interface: Ten-GigabitEthernet3/0/2

State: ICMPV6_REQUEST

Application: OTHER

Start time: 2011-07-29 19:23:41

Initiator->Responder: 1 packets 104 bytes

Responder->Initiator: 0 packets 0 bytes

Total sessions found: 1

Table 11 Command output

Field	Description
Initiator	Information about the unicast session from the initiator to the responder.
Responder	Information about the unicast session from the responder to the initiator.
DS-Lite tunnel peer	Address of the DS-Lite tunnel peer.When the unicast session is not tunneled by DS-Lite, this field displays a hyphen (-). This field is not supported in the current software version.
VPN instance/VLAN ID/VLL ID	MPLS L3VPN instance to which the unicast session belongs. ‌ VLAN to which the unicast session belongs during Layer 2 forwarding.‌VLL ID to which the unicast session belongs during Layer 2 forwarding.‌ If a parameter is not specified, a hyphens (-) is displayed for the proper field.
Protocol	Transport layer protocol: · DCCP. · ICMP. · ICMPv6. · Raw IP. · SCTP. · TCP. · UDP. · UDP-Lite. The number in the brackets indicates the protocol number.
State	Unicast session state.
Application	Application layer protocol, FTP or DNS. If it is an unknown protocol identified by an unknown port, this field displays OTHER.
Start time	Unicast session establishment time.
Initiator->Responder	Number of packets and bytes from the initiator to the responder.
Responder->Initiator	Number of packets and bytes from the responder to the initiator.
Total sessions found	Total number of found unicast session entries.

‌

display session table multicast ipv4

Use display session table multicast ipv4 to display information about IPv4 multicast session entries that match specific criteria.

Syntax

display session table multicast ipv4 [ slot slot-number ] [ source-ip start-source-ip [ end-source-ip ] ] [ destination-ip start-destination-ip [ end-destination-ip ] ] [ protocol { dccp | icmp | raw-ip | sctp | tcp | udp | udp-lite } ] [ source-port source-port ] [ destination-port destination-port ] [ verbose ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays information on all cards.

source-ip start-source-ip [ end-source-ip ]: Specifies a source IPv4 address or IPv4 address range for a multicast session from the initiator to the responder. The start source-ip argument specifies the start source IPv4 address. The end source-ip argument specifies the end source IPv4 address.

destination-ip start-destination-ip [ end-destination-ip ]: Specifies a destination IPv4 address or IPv4 address range for a multicast session from the initiator to the responder. The start destination-ip argument specifies the start destination IPv4 address. The end destination-ip argument specifies the end destination IPv4 address.

protocol { dccp | icmp | raw-ip | sctp | tcp | udp | udp-lite }: Specifies an IPv4 transport layer protocol, including DCCP, ICMP, Raw IP, SCTP, TCP, UDP, and UDP-Lite.

source-port source-port: Specifies a source port by its number. The source-port argument specifies the source port of a multicast session from the initiator to the responder. The value range for the source-port argument is 0 to 65535.

destination-port destination-port: Specifies a destination port by its number. The destination-port argument specifies the destination port of a multicast session from the initiator to the responder. The value range for the destination-port argument is 0 to 65535.

verbose: Displays detailed information about IPv4 multicast session entries. If you do not specify this keyword, the command displays brief information about IPv4 multicast session entries.

Usage guidelines

If you do not specify any parameters, this command displays all IPv4 multicast session entries.

Examples

# Display brief information about all IPv4 multicast session entries.

<Sysname> display session table multicast ipv4

Slot 1:

Total sessions found: 0

Slot 10:

Inbound initiator:

Source IP/port: 3.3.3.4/1609

Destination IP/port: 232.0.0.1/1025

DS-Lite tunnel peer: -

VPN instance/VLAN ID/VLL ID: -/-/-

Protocol: UDP(17)

Inbound interface: Ten-GigabitEthernet3/0/1

Outbound interface list:

Ten-GigabitEthernet3/0/2

Ten-GigabitEthernet3/0/3

Total sessions found: 3

# Display detailed information about all IPv4 multicast session entries.

<Sysname> display session table multicast ipv4 verbose

Slot 1:

Total sessions found: 0

Slot 10:

Inbound initiator:

Source IP/port: 3.3.3.4/1609

Destination IP/port: 232.0.0.1/1025

DS-Lite tunnel peer: -

VPN instance/VLAN ID/VLL ID: -/-/-

Protocol: UDP(17)

Inbound responder:

Source IP/port: 232.0.0.1/1025

Destination IP/port: 3.3.3.4/1609

DS-Lite tunnel peer: -

VPN instance/VLAN ID/VLL ID: -/-/-

Protocol: UDP(17)

Inbound interface: Ten-GigabitEthernet3/0/1

State: UDP_OPEN

Application: OTHER

Start time: 2014-03-03 15:59:22 TTL: 18s

Initiator->Responder: 1 packets 84 bytes

Outbound initiator:

Source IP/port: 3.3.3.4/1609

Destination IP/port: 232.0.0.1/1025

DS-Lite tunnel peer: -

VPN instance/VLAN ID/VLL ID: -/-/-

Protocol: UDP(17)

Outbound responder:

Source IP/port: 232.0.0.1/1025

Destination IP/port: 3.3.3.4/1609

DS-Lite tunnel peer: -

VPN instance/VLAN ID/VLL ID: -/-/-

Protocol: UDP(17)

Outbound interface: Ten-GigabitEthernet3/0/2

State: UDP_OPEN

Application: OTHER

Start time: 2014-03-03 15:59:22 TTL: 18s

Initiator->Responder: 1 packets 84 bytes

Outbound initiator:

Source IP/port: 3.3.3.4/1609

Destination IP/port: 232.0.0.1/1025

DS-Lite tunnel peer: -

VPN instance/VLAN ID/VLL ID: -/-/-

Protocol: UDP(17)

Outbound responder:

Source IP/port: 232.0.0.1/1025

Destination IP/port: 3.3.3.4/1609

DS-Lite tunnel peer: -

VPN instance/VLAN ID/VLL ID: -/-/-

Protocol: UDP(17)

Outbound interface: Ten-GigabitEthernet3/0/3

State: UDP_OPEN

Application: OTHER

Start time: 2014-03-03 15:59:22 TTL: 18s

Initiator->Responder: 1 packets 84 bytes

Total sessions found: 3

Table 12 Command output

Field	Description
Inbound initiator	Information about the multicast session from the initiator to the responder on the inbound interface.
Inbound responder	Information about the multicast session from the responder to the initiator on the inbound interface.
Outbound initiator	Information about the multicast session from the initiator to the responder on the outbound interface.
Outbound responder	Information about the multicast session from the responder to the initiator on the outbound interface.
DS-Lite tunnel peer	Address of the DS-Lite tunnel peer. If the multicast session is not tunneled by DS-Lite, this field displays a hyphen (-). This field is not supported in the current software version.
VPN instance/VLAN ID/VLL ID	MPLS L3VPN instance to which the multicast session belongs. ‌ VLAN to which the multicast session belongs during Layer 2 forwarding.‌INLINE to which the multicast session belongs during Layer 2 forwarding.‌ If a parameter is not specified, a hyphens (-) is displayed for the proper field.
Protocol	Transport layer protocol: · DCCP. · ICMP. · Raw IP. · SCTP. · TCP. · UDP. · UDP-Lite. The number in the brackets indicates the protocol number.
State	Multicast session state.
Application	Application layer protocol, FTP or DNS. If it is an unknown protocol identified by an unknown port, this field displays OTHER.
Start time	Time when the multicast session was created.
TTL	Remaining lifetime of the multicast session, in seconds.
Inbound interface	Inbound interface of the first packet from the initiator to responder.
Outbound interface	Outbound interface of the first packet from the initiator to responder.
Outbound interface list	Outbound interfaces of the first packet from the initiator to responder.
Initiator->Responder	Number of packets and bytes from the initiator to the responder.
Total sessions found	Total number of found multicast session entries.

‌

display session table multicast ipv6

Use display session table multicast ipv6 to display information about IPv6 multicast session entries that match specific criteria.

Syntax

display session table multicast ipv6 [ slot slot-number ] [ source-ip start-source-ip [ end-source-ip ] ] [ destination-ip start-destination-ip [ end-destination-ip ] ] [ protocol { dccp | icmpv6 | raw-ip | sctp | tcp | udp | udp-lite } ] [ source-port source-port ] [ destination-port destination-port ] [ verbose ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays information on all cards.

source-ip start-source-ip [ end-source-ip ]: Specifies a source IPv6 address or IPv6 address range for a multicast session from the initiator to the responder. The start source-ip argument specifies the start source IPv6 address. The end source-ip argument specifies the end source IPv6 address.

destination-ip start-destination-ip [ end-destination-ip ]: Specifies a destination IPv6 address or IPv6 address range for a multicast session from the initiator to the responder. The start destination-ip argument specifies the start destination IPv6 address. The end destination-ip argument specifies the end destination IPv6 address.

protocol { dccp | icmpv6 | raw-ip | sctp | tcp | udp | udp-lite }: Specifies an IPv6 transport layer protocol, including DCCP, ICMPv6, Raw IP, SCTP, TCP, UDP, and UDP-Lite.

verbose: Displays detailed information about IPv6 multicast session entries. If you do not specify this keyword, the command displays brief information about IPv6 multicast session entries.

Usage guidelines

If you do not specify any parameters, this command displays all IPv6 multicast session entries.

Examples

# Display brief information about all IPv6 multicast session entries.

<Sysname> display session table multicast ipv6

Slot 1:

Total sessions found: 0

Slot 10:

Inbound initiator:

Source IP/port: 3::4/1617

Destination IP/port: FF0E::1/1025

DS-Lite tunnel peer: -

VPN instance/VLAN ID/VLL ID: -/-/-

Protocol: UDP(17)

Inbound interface: Ten-GigabitEthernet3/0/1

Outbound interface list:

Ten-GigabitEthernet3/0/2

Ten-GigabitEthernet3/0/3

Total sessions found: 3

# Display detailed information about all IPv6 multicast session entries.

<Sysname> display session table multicast ipv6 verbose

Slot 1:

Total sessions found: 0

Slot 10:

Inbound initiator:

Source IP/port: 3::4/1617

Destination IP/port: FF0E::1/1025

DS-Lite tunnel peer: -

VPN instance/VLAN ID/VLL ID: -/-/-

Protocol: UDP(17)

Inbound responder:

Source IP/port: FF0E::1/1025

Destination IP/port: 3::4/1617

DS-Lite tunnel peer: -

VPN instance/VLAN ID/VLL ID: -/-/-

Protocol: UDP(17)

Inbound interface: Ten-GigabitEthernet3/0/1

State: UDP_OPEN

Application: OTHER

Start time: 2014-03-03 16:10:58 TTL: 23s

Initiator->Responder: 5 packets 520 bytes

Outbound initiator:

Source IP/port: 3::4/1617

Destination IP/port: FF0E::1/1025

DS-Lite tunnel peer: -

VPN instance/VLAN ID/VLL ID: -/-/-

Protocol: UDP(17)

Outbound responder:

Source IP/port: FF0E::1/1025

Destination IP/port: 3::4/1617

DS-Lite tunnel peer: -

VPN instance/VLAN ID/VLL ID: -/-/-

Protocol: UDP(17)

Outbound interface: Ten-GigabitEthernet3/0/2

State: UDP_OPEN

Application: OTHER

Start time: 2014-03-03 16:10:58 TTL: 23s

Initiator->Responder: 5 packets 520 bytes

Outbound initiator:

Source IP/port: 3::4/1617

Destination IP/port: FF0E::1/1025

DS-Lite tunnel peer: -

VPN instance/VLAN ID/VLL ID: -/-/-

Protocol: UDP(17)

Outbound responder:

Source IP/port: FF0E::1/1025

Destination IP/port: 3::4/1617

DS-Lite tunnel peer: -

VPN instance/VLAN ID/VLL ID: -/-/-

Protocol: UDP(17)

Outbound interface: Ten-GigabitEthernet3/0/3

State: UDP_OPEN

Application: OTHER

Start time: 2014-03-03 16:10:58 TTL: 23s

Initiator->Responder: 5 packets 520 bytes

Total sessions found: 3

Table 13 Command output

Field	Description
Inbound initiator	Information about the multicast session from the initiator to the responder on the inbound interface.
Inbound responder	Information about the multicast session from the responder to the initiator on the inbound interface.
Outbound initiator	Information about the multicast session from the initiator to the responder on the outbound interface.
Outbound responder	Information about the multicast session from the responder to the initiator on the outbound interface.
DS-Lite tunnel peer	Address of the DS-Lite tunnel peer. If the multicast session is not tunneled by DS-Lite, this field displays a hyphen (-). This field is not supported in the current software version.
VPN instance/VLAN ID/VLL ID	MPLS L3VPN instance to which the multicast session belongs. ‌ VLAN to which the multicast session belongs during Layer 2 forwarding.‌INLINE to which the multicast session belongs during Layer 2 forwarding.‌ If a parameter is not specified, a hyphens (-) is displayed for the proper field.
Protocol	Transport layer protocol: · DCCP. · ICMPv6. · Raw IP. · SCTP. · TCP. · UDP. · UDP-Lite. The number in the brackets indicates the protocol number.
State	Multicast session state.
Application	Application layer protocol, FTP or DNS. If it is an unknown protocol identified by an unknown port, this field displays OTHER.
Start time	Time when the multicast session was created.
TTL	Remaining lifetime of the multicast session, in seconds.
Inbound interface	Inbound interface of the first packet from the initiator to responder.
Outbound interface	Outbound interface of the first packet from the initiator to responder.
Outbound interface list	Outbound interfaces of the first packet from the initiator to responder.
Initiator->Responder	Number of packets and bytes from the initiator to the responder.
Total sessions found	Total number of found multicast session entries.

‌

identity-number

Use identity-number to set the identity number of a port.

Use undo identity-number to restore the default.

Syntax

identity-number number

undo identity-number

Default

No identity number is set for a port.

Views

Interface view

Predefined user roles

network-admin

Parameters

number: Specifies the identity number of a port for session synchronization, in the range of 1 to 65535.

Usage guidelines

The port identity number identifies the ports to perform session synchronization from one system to another. For a successful session synchronization, make sure the ports on the two systems are configured with the same identity number.

Examples

# Set the identity number of Ten-GigabitEthernet3/0/1 to 1000.

<Sysname> system-view

[Sysname] interface ten-gigabitethernet 3/0/1

[Sysname-Ten-GigabitEthernet3/0/1] identity-number 1000

reset session relation-table

Use reset session relation-table to clear relation entries.

Syntax

reset session relation-table [ ipv4 | ipv6 ] [ slot slot-number ]

Views

User view

Predefined user roles

network-admin

Parameters

ipv4: Specifies IPv4 relation entries.

ipv6: Specifies IPv6 relation entries.

slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command clears relation entries on all cards.

Usage guidelines

If you do not specify the IPv4 keyword or the IPv6 keyword, this command clears all IPv4 and IPv6 relation entries.

Examples

# Clear all IPv4 relation entries.

<Sysname> reset session relation-table ipv4

Related commands

display session relation-table

reset session statistics

Use reset session statistics to clear unicast session statistics.

Syntax

reset session statistics [ slot slot-number ]

Views

User view

Predefined user roles

network-admin

Parameters

slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command clears unicast session statistics on all cards.

Examples

# Clear all unicast session statistics.

<Sysname> reset session statistics

Related commands

display session statistics

reset session statistics multicast

Use reset session statistics multicast to clear multicast session statistics.

Syntax

reset session statistics multicast [ slot slot-number ]

Views

User view

Predefined user roles

network-admin

Parameters

slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command clears multicast session statistics on all cards.

Examples

# Clear all multicast session statistics.

<Sysname> reset session statistics multicast

Related commands

display session statistics multicast

reset session table

Use reset session table to clear IPv4 and IPv6 unicast session entries.

Syntax

reset session table [ slot slot-number ]

Views

User view

Predefined user roles

network-admin

Parameters

slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command clears unicast session entries on all cards.

Examples

# Clear all IPv4 and IPv6 unicast session entries.

<Sysname> reset session table

Related commands

display session table ipv4

display session table ipv6

reset session table ipv4

Use reset session table ipv4 to clear information about IPv4 unicast session entries that match specific criteria.

Syntax

reset session table ipv4 [ slot slot-number ] [ source-ip source-ip ] [ destination-ip destination-ip ] [ protocol { dccp | icmp | raw-ip | sctp | tcp | udp | udp-lite } ] [ source-port source-port ] [ destination-port destination-port ] [ vpn-instance vpn-instance-name ]

Views

User view

Predefined user roles

network-admin

Parameters

slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command clears information on all cards.

source-ip source-ip: Specifies a source IPv4 address. The source-ip argument specifies the source IPv4 address of a unicast session from the initiator to the responder.

destination-ip destination-ip: Specifies a destination IPv4 address. The destination-ip argument specifies the destination IPv4 address of a unicast session from the initiator to the responder.

protocol { dccp | icmp | raw-ip | sctp | tcp | udp | udp-lite }: Specifies an IPv4 transport layer protocol, including DCCP, ICMP, Raw IP, SCTP, TCP, UDP, and UDP-Lite.

vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters. If you want to clear IPv4 unicast session entries on the public network, do not specify this option.

Usage guidelines

If you do not specify any parameters, this command clears all IPv4 unicast session entries on the public network.

Examples

# Clear all IPv4 unicast session entries.

<Sysname> reset session table ipv4

# Clear the IPv4 unicast session entries with the source IP address of 10.10.10.10.

<Sysname> reset session table ipv4 source-ip 10.10.10.10

Related commands

display session table ipv4

reset session table ipv6

Use reset session table ipv6 to clear information about IPv6 unicast session entries that match the specified criteria.

Syntax

reset session table ipv6 [ slot slot-number ] [ source-ip source-ip ] [ destination-ip destination-ip ] [ protocol { dccp | icmpv6 | raw-ip | sctp | tcp | udp | udp-lite } ] [ source-port source-port ] [ destination-port destination-port ] [ vpn-instance vpn-instance-name ]

Views

User view

Predefined user roles

network-admin

Parameters

slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command clears information on all cards.

source-ip source-ip: Specifies a source IPv6 address. The source-ip argument specifies the source IPv6 address of a unicast session from the initiator to the responder.

destination-ip destination-ip: Specifies a destination IPv6 address. The destination-ip argument specifies the destination IPv6 address of a unicast session from the initiator to the responder.

protocol { dccp | icmpv6 | raw-ip | sctp | tcp | udp | udp-lite }: Specifies an IPv6 transport layer protocol, including DCCP, ICMPv6, Raw IP, SCTP, TCP, UDP, and UDP-Lite.

vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters. If you want to clear IPv6 unicast session entries on the public network, do not specify this option.

Usage guidelines

If you do not specify any parameters, this command clears all IPv6 unicast session entries on the public network.

Examples

# Clear all IPv6 unicast session entries.

<Sysname> reset session table ipv6

# Clear the IPv6 unicast session entries with the source IP address of 2011::0002.

<Sysname> reset session table ipv6 source-ip 2011::0002

Related commands

display session table ipv6

reset session table multicast

Use reset session table multicast to clear IPv4 and IPv6 multicast session entries.

Syntax

reset session table multicast [ slot slot-number ]

Views

User view

Predefined user roles

network-admin

Parameters

slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command clears multicast session entries on all cards.

Examples

# Clear all IPv4 and IPv6 multicast session entries.

<Sysname> reset session table multicast

Related commands

display session table multicast ipv4

display session table multicast ipv6

reset session table multicast ipv4

Use reset session table multicast ipv4 to clear information about IPv4 multicast session entries that match specific criteria.

Syntax

reset session table multicast ipv4 [ slot slot-number ] [ source-ip source-ip ] [ destination-ip destination-ip ] [ protocol { dccp | icmp | raw-ip | sctp | tcp | udp | udp-lite } ] [ source-port source-port ] [ destination-port destination-port ] [ vpn-instance vpn-instance-name ]

Views

User view

Predefined user roles

network-admin

Parameters

slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command clears information for all cards.

source-ip source-ip: Specifies a source IPv4 address. The source-ip argument specifies the source IPv4 address of a multicast session from the initiator to the responder.

destination-ip destination-ip: Specifies a destination IPv4 address. The destination-ip argument specifies the destination IPv4 address of a multicast session from the initiator to the responder.

protocol { dccp | icmp | raw-ip | sctp | tcp | udp | udp-lite }: Specifies an IPv4 transport layer protocol, including DCCP, ICMP, Raw IP, SCTP, TCP, UDP, and UDP-Lite.

vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters. If you want to clear IPv4 multicast session entries on the public network, do not specify this option.

Usage guidelines

If you do not specify any parameters, this command clears all IPv4 multicast session entries on the public network.

Examples

# Clear all IPv4 multicast session entries.

<Sysname> reset session table multicast ipv4

# Clear the IPv4 multicast session entries with the source IP address of 10.10.10.10.

<Sysname> reset session table multicast ipv4 source-ip 10.10.10.10

Related commands

display session table multicast ipv4

reset session table multicast ipv6

Use reset session table multicast ipv6 to clear information about IPv6 multicast session entries that match specific criteria.

Syntax

reset session table multicast ipv6 [ slot slot-number ] [ source-ip source-ip ] [ destination-ip destination-ip ] [ protocol { dccp | icmpv6 | raw-ip | sctp | tcp | udp | udp-lite } ] [ source-port source-port ] [ destination-port destination-port ] [ vpn-instance vpn-instance-name ]

Views

User view

Predefined user roles

network-admin

Parameters

slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command clears information on all cards.

source-ip source-ip: Specifies a source IPv6 address. The source-ip argument specifies the source IPv6 address of a multicast session from the initiator to the responder.

destination-ip destination-ip: Specifies a destination IPv6 address. The destination-ip argument specifies the destination IPv6 address of a multicast session from the initiator to the responder.

protocol { dccp | icmpv6 | raw-ip | sctp | tcp | udp | udp-lite }: Specifies an IPv6 transport layer protocol, including DCCP, ICMPv6, Raw IP, SCTP, TCP, UDP, and UDP-Lite.

vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters. If you want to clear IPv6 multicast session entries on the public network, do not specify this option.

Usage guidelines

If you do not specify any parameters, this command clears all IPv6 multicast session entries on the public network.

Examples

# Clear all IPv6 multicast session entries.

<Sysname> reset session table multicast ipv6

# Clear the IPv6 multicast session entries with the source IP address of 2011::0002.

<Sysname> reset session table multicast ipv6 source-ip 2011::0002

Related commands

display session table multicast ipv6

session aging-time application

Use session aging-time application to set the aging time for sessions of an application layer protocol.

Use undo session aging-time application to restore the default. If you do not specify an application layer protocol, this command restores the default aging time for all sessions of the supported application layer protocols.

Syntax

session aging-time application { dns | ftp | gtp | h225 | h245 | ils | mgcp | nbt | pptp | ras | rsh | rtsp | sccp | sip | sqlnet | tftp | xdmcp } time-value

undo session aging-time application [ dns | ftp | gtp | h225 | h245 | ras | rtsp | sip | tftp ]

Default

The aging time for sessions of application layer protocols is as follows:

· DNS sessions: 1 second.

· FTP sessions: 240 seconds.

· GTP sessions: 60 seconds.

· H.225 sessions: 3600 seconds.

· H.245 sessions: 3600 seconds.

· ILS sessions: 3600 seconds.

· MGCP sessions: 60 seconds.

· NBT sessions: 3600 second.

· PPTP sessions: 3600 seconds.

· RAS sessions: 300 seconds.

· RSH sessions: 60 seconds.

· RTSP sessions: 3600 seconds.

· SCCP sessions: 3600 seconds.

· SIP sessions: 300 seconds.

· SQLNET sessions: 600 seconds.

· TFTP sessions: 60 seconds.

· XDMCP sessions: 3600 seconds.

Views

System view

Predefined user roles

network-admin

Parameters

dns: Specifies the DNS protocol.

ftp: Specifies the FTP protocol.

gtp: Specifies the GPRS Tunneling Protocol (GTP) protocol.

h225: Specifies the H.225 protocol.

h245: Specifies the H.245 protocol.

ils: Specifies the Internet Locator Service (ILS) protocol.

mgcp: Specifies the Media Gateway Control Protocol (MGCP) protocol.

nbt: Specifies the NetBIOS over TCP/IP (NBT) protocol.

pptp: Specifies the Point-to-Point Tunneling Protocol (PPTP) protocol.

ras: Specifies the RAS protocol.

rsh: Specifies the Remote Shell (RSH) protocol.

rtsp: Specifies the Real Time Streaming Protocol (RTSP) protocol.

sccp: Specifies the Skinny Client Control Protocol (SCCP) protocol.

sip: Specifies the Session Initiation Protocol (SIP) protocol.

sqlnet: Specifies the SQLNET protocol.

tftp: Specifies the TFTP protocol.

xdmcp: Specifies the X Display Manager Control Protocol (XDMCP) protocol.

time-value: Specifies the aging time in seconds. The value range is 5 to 100000. If you specify the dns keyword, the value range is 1 to 100000.If you specify FTP as the transport protocol for the application layer, the value range is 240 to 100000.

Usage guidelines

This command sets the aging time for stable sessions of the specified application layer protocols. For TCP sessions, the stable state is ESTABLISHED. For UDP sessions, the stable state is READY.

For sessions of application layer protocols that are not supported by this command, the aging time is set by the session aging-time state command. For persistent sessions, the aging time is set by the session persistent acl command.

Examples

# Set the aging time for FTP sessions to 1800 seconds.

<Sysname> system-view

[Sysname] session aging-time application ftp 1800

Related commands

display session aging-time application

session aging-time state

session persistent acl

session aging-time state

Use session aging-time state to set the aging time for the sessions in a protocol state.

Use undo session aging-time state to restore the default for the sessions in a protocol state. If you do not specify a protocol state, this command restores all aging time for sessions in different protocol states to the default.

Syntax

session aging-time state { fin | icmp-reply | icmp-request | icmpv6-reply | icmpv6-request | rawip-open | rawip-ready | syn | tcp-est | udp-open | udp-ready } time-value

Default

The aging time for sessions in different protocol states is as follows:

· FIN_WAIT: 30 seconds.

· ICMP-REPLY: 30 seconds.

· ICMP-REQUEST: 60 seconds.

· ICMPv6-REPLY: 30 seconds.

· ICMPv6-REQUEST: 60 seconds.

· RAWIP-OPEN: 30 seconds.

· RAWIP-READY: 60 seconds.

· TCP SYN-SENT and SYN-RCV: 30 seconds.

· TCP ESTABLISHED: 240 seconds

· UDP-OPEN: 30 seconds.

· UDP-READY: 240 seconds.

Views

System view

Predefined user roles

network-admin

Parameters

fin: Specifies the TCP FIN_WAIT state.

icmp-reply: Specifies the ICMP REPLY state.

icmp-request: Specifies the IGMP REQUEST state.

icmpv6-reply: Specifies the ICMPv6 REPLY state.

icmpv6-request: Specifies the IGMPv6 REQUEST state.

rawip-open: Specifies the RAWIP-OPEN state.

rawip-ready: Specifies the RAWIP-READY state.

syn: Specifies the TCP SYN-SENT and SYN-RCV states.

tcp-est: Specifies the TCP ESTABLISHED state.

udp-open: Specifies the UDP OPEN state.

udp-ready: Specifies the UDP READY state.

time-value: Specifies the aging time in seconds. The value range is 5 to 100000.If you specify the TCP ESTABLISHED and UDP OPEN states, the value range is 240 to 100000.

Usage guidelines

This command sets the aging time for stable sessions of the application layer protocols that are not supported by the session aging-time application command. For persistent sessions, the aging time is set by the session persistent acl command.

Examples

# Set the aging time for TCP sessions in SYN-SENT and SYN-RCV states to 60 seconds.

<Sysname> system-view

[Sysname] session aging-time state syn 60

Related commands

display session aging-time state

session aging-time application

session persistent acl

Use session persistent acl to specify persistent sessions.

Use undo session persistent acl to restore the default.

Syntax

session persistent acl [ ipv6 ] acl-number [ aging-time time-value ]

undo session persistent acl [ ipv6 ]

Default

No persistent sessions exist.

Views

System view

Predefined user roles

network-admin

Parameters

ipv6: Specifies an IPv6 ACL. To specify an IPv4 ACL, do not specify this keyword.

acl-number: Specifies an ACL by its number in the range of 2000 to 3999.

aging-time time-value: Specifies the aging time for persistent sessions in hours. The value range for the time-value argument is 0 to 360, and the default value is 24. To disable the aging for persistent sessions, set the value to 0.

Usage guidelines

This command is effective only on TCP sessions in ESTABLISHED state.

For a TCP session in ESTABLISHED state, the priority of the aging time is as follows:

· Aging time for persistent sessions.

· Aging time for sessions of application layer protocols.

· Aging time for sessions in different protocol states.

A persistent session is not removed until one of the following events occurs:

· The session entry ages out.

· The device receives a connection close request from the initiator or responder.

· You manually clear the session entries.

The configuration of persistent sessions applies only to new sessions. It has no effect on existing sessions.

Examples

# Specify IPv4 ACL 2000 for identifying persistent sessions and set the aging time to 72 hours.

<Sysname> system-view

[Sysname] session persistent acl 2000 aging-time 72

# Specify IPv6 ACL 3000 for identifying persistent sessions and set the aging time to 100 hours.

<Sysname> system-view

[Sysname] session persistent acl ipv6 3000 aging-time 100

Related commands

session aging-time application

session aging-time state

session resources log disable

Use session resources log disable to disable session entry resource logging.

Use undo session resources log disable to enable session entry resource logging.

Syntax

session resources log disable

undo session resources log disable

Default

Session entry resource logging is enabled.

Views

System view

Predefined user roles

network-admin

Usage guidelines

Session entry resource logging enables the device to generate logs when hardware session entry resources are exhausted and when the device recovers from the resource exhaustion condition.

Examples

# Disable session entry resource logging.

<Sysname> system-view

[Sysname] session resources log disable

session statistics enable

Use session statistics enable to enable session statistics collection.

Use undo session statistics enable to disable session statistics collection.

Syntax

session statistics enable

undo session statistics enable

Default

Session statistics collection is disabled.

Views

System view

Predefined user roles

network-admin

Usage guidelines

This command enables the device to collect the session-based outbound and inbound packets and bytes.

To display statistics per session, use the display session table command. To display statistics per packet type, use the display session statistics command.

Examples

# Enable session statistics collection.

<Sysname> system-view

[Sysname] session statistics enable

Related commands

display session statistics

display session table

session synchronization { dns | http } *

Use session synchronization { dns | http } * to enable session synchronization for DNS, HTTP, or both.

Use undo session synchronization { dns | http } * to disable session synchronization for DNS, HTTP, or both.

Syntax

session synchronization { dns | http } *

undo session synchronization { dns | http } *

Default

Session synchronization is disabled for DNS and HTTP.

Views

System view

Predefined user roles

network-admin

Parameters

dns: Specifies the DNS protocol.

http: Specifies the HTTP protocol.

Usage guidelines

For this command to take effect, you must also configure the session synchronization enable command.

Use this command to enable session synchronization for DNS and HTTP in the following conditions:

· Users are aware that the current HTTP or DNS sessions will last for a long time.

· HTTP or DNS session backup is required.

This command takes effect only on sessions of the application protocols HTTP and DNS. Sessions of other application protocols will be backed up if the session synchronization enable command is configured.

Examples

# Enable session synchronization for stateful failover, and enable session synchronization for HTTP.

<Sysname> system-view

[Sysname] session synchronization enable

[Sysname] session synchronization http

Related commands

session synchronization enable

session synchronization delay

Use session synchronization delay to set the delay time for session synchronization.

Use undo session synchronization delay to restore the default.

Syntax

session synchronization delay seconds

undo session synchronization delay

Default

The session synchronization delay time is 5 seconds.

Views

System view

Predefined user roles

network-admin

Parameters

seconds: Specifies the session synchronization delay time in the range of 0 to 600 seconds.

Usage guidelines

If session entries are frequently created and deleted on the master, session entries on the backup might be different from the master. Use this command to change the session synchronization delay time to avoid this issue.

As a best practice, use the default session synchronization delay time in most scenarios.

Examples

# Set the session synchronization delay time to 6 seconds.

<Sysname> system-view

[Sysname] session synchronization delay 6

session synchronization enable

Use session synchronization enable to enable session synchronization.

Use undo session synchronization enable to disable session synchronization.

Syntax

session synchronization enable

undo session synchronization enable

Default

Session synchronization is disabled.

Views

System view

Predefined user roles

network-admin

Usage guidelines

With this features enabled, devices can synchronize sessions and dynamic entries of session-based services, such as .

The undo form of the command will delete all session entries synchronized from another device.

Examples

# Enable session synchronization.

<Sysname> system-view

<Sysname> session synchronization enable

snmp-agent trap enable session resources

Use snmp-agent trap enable session resources to enable SNMP notifications for session entry resources.

Use undo snmp-agent trap enable session resources to disable SNMP notifications for session entry resources.

Syntax

snmp-agent trap enable session resources

undo snmp-agent trap enable session resources

Default

SNMP notifications are enabled for session entry resources.

Views

System view

Predefined user roles

network-admin

Usage guidelines

After you enable SNMP notifications for session entry resources, the device generates a notification when hardware session entry resources are exhausted or when the device recovers from the resource exhaustion condition.

For SNMP notifications to be sent correctly, you must also configure SNMP on the device. For more information about SNMP configuration, see Network Management and Monitoring Configuration Guide.

Examples

# Enable SNMP notifications for session entry resources.

<Sysname> system-view

[Sysname] snmp-agent trap enable session resources

12-Security Command Reference

display session statistics multicast

reset session table multicast

snmp-agent trap enable session resources

Intelligent Terminal Products

Product Support Services

Technical Service Solutions

Resource Center

Policy

Online Help

Become a Partner

Partner Policy & Program

Global Learning

Partner Sales Resources

Service Business

Company Information

News & Events

Contact Us