- Table of Contents
- Related Documents
-
Title | Size | Download |
---|---|---|
01-VXLAN commands | 437.40 KB |
display ipv6 nd suppression vsi
display l2vpn service-instance
mac-address mac-learning priority
selective-flooding mac-address
statistics enable (Ethernet service instance view)
statistics enable (tunnel interface view)
vxlan invalid-vlan-tag discard
vxlan tunnel arp-learning disable
vxlan tunnel mac-learning disable
vxlan tunnel nd-learning disable
arp distributed-gateway dynamic-entry synchronize
display interface vsi-interface
ipv6 nd distributed-gateway dynamic-entry synchronize
reset counters interface vsi-interface
VXLAN commands
Basic VXLAN commands
ac statistics enable
Use ac statistics enable to enable packet statistics for a Layer 3 interface that acts as an AC.
Use undo ac statistics enable to disable packet statistics for a Layer 3 interface that acts as an AC.
Syntax
ac statistics enable
undo ac statistics enable
Default
The packet statistics feature is disabled for a Layer 3 interface that acts as an AC.
Views
Layer 3 aggregate interface view
Layer 3 aggregate subinterface view
Layer 3 Ethernet interface view
Layer 3 Ethernet subinterface view
Predefined user roles
network-admin
Usage guidelines
For this command to take effect, you must map the Layer 3 interface to a VSI. If you modify the VSI mapping, packet statistics of the interface are cleared.
Examples
# Map Ten-GigabitEthernet 3/0/1 to VSI vsia and enable packet statistics on the interface.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 3/0/1
[Sysname-Ten-GigabitEthernet3/0/1] xconnect vsi vsia
[Sysname-Ten-GigabitEthernet3/0/1] ac statistics enable
Related commands
display l2vpn interface verbose
reset l2vpn statistics ac
arp suppression enable
Use arp suppression enable to enable ARP flood suppression.
Use undo arp suppression enable to disable ARP flood suppression.
Syntax
arp suppression enable
undo arp suppression enable
Default
ARP flood suppression is disabled.
Views
VSI view
Predefined user roles
network-admin
Usage guidelines
ARP flood suppression reduces ARP request broadcasts by enabling the VTEP to reply to ARP requests on behalf of VMs.
This feature snoops ARP packets to populate the ARP flood suppression table with local and remote MAC addresses. If an ARP request has a matching entry, the VTEP replies to the request on behalf of the VM. If no match is found, the VTEP floods the request to both local and remote sites.
Examples
# Enable ARP flood suppression for VSI vsi1.
<Sysname> system-view
[Sysname] vsi vsi1
[Sysname-vsi-vsi1] arp suppression enable
Related commands
display arp suppression vsi
reset arp suppression vsi
description
Use description to configure a description for a VSI.
Use undo description to restore the default.
Syntax
description text
undo description
Default
A VSI does not have a description.
Views
VSI view
Predefined user roles
network-admin
Parameters
text: Specifies a description, a case-sensitive string of 1 to 80 characters.
Examples
# Configure a description for VSI vpn1.
<Sysname> system-view
[Sysname] vsi vpn1
[Sysname-vsi-vpn1] description vsi for vpn1
Related commands
display l2vpn vsi
display arp suppression vsi
Use display arp suppression vsi to display ARP flood suppression entries.
Syntax
display arp suppression vsi [ name vsi-name ] [ slot slot-number ] [ count ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
name vsi-name: Specifies a VSI by its name. If you do not specify a VSI, this command displays entries for all VSIs.
slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays entries on the active MPU.
count: Displays the number of ARP flood suppression entries that match the command.
Examples
# Display ARP flood suppression entries.
<Sysname> display arp suppression vsi
IP address MAC address Vsi Name Link ID Aging
1.1.1.2 000f-e201-0101 vsi1 0x70000 14
1.1.1.3 000f-e201-0202 vsi1 0x80000 18
1.1.1.4 000f-e201-0203 vsi2 0x90000 10
# Display the number of ARP flood suppression entries.
<Sysname> display arp suppression vsi count
Total entries: 3
Table 1 Command output
Field |
Description |
Link ID |
Link ID that uniquely identifies an AC or a VXLAN tunnel on a VSI. |
Aging |
Remaining lifetime (in minutes) of the ARP flood suppression entry. When the timer expires, the entry is deleted. |
Related commands
arp suppression enable
reset arp suppression vsi
display igmp host group
Use display igmp host group to display information about the multicast groups that contain IGMP host-enabled interfaces.
Syntax
display igmp [ vpn-instance vpn-instance-name ] host group [ group-address | interface interface-type interface-number ] [ verbose ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters. If you do not specify a VPN instance, this command displays information about the multicast groups that contain IGMP host-enabled interfaces for the public network.
group-address: Specifies a multicast group address in the range of 224.0.1.0 to 239.255.255.255. If you do not specify a multicast group, this command displays information about all multicast groups.
interface interface-type interface-number: Specifies an interface by its type and number. If you do not specify an interface, this command displays multicast group information for all interfaces.
verbose: Displays detailed multicast group information. If you do not specify this keyword, the command displays brief multicast group information.
Usage guidelines
For the VXLAN multicast source interface of a multicast-mode VXLAN to join its VXLAN multicast group, enable the IGMP host feature on the interface. The VXLAN multicast source interface provides the source IP address for multicast VXLAN packets.
Use this command to verify the following information:
· Multicast group information for VXLANs.
· Group membership status of VXLAN multicast source interfaces.
Examples
# Display brief information about all multicast groups that contain IGMP host-enabled interfaces.
<Sysname> display igmp host group
IGMP host groups in total: 2
Ten-GigabitEthernet3/0/1(1.1.1.20):
IGMP host groups in total: 2
Group address Member state Expires
225.1.1.1 Idle Off
225.1.1.2 Idle Off
Table 2 Command output
Field |
Description |
IGMP host groups in total |
Total number of multicast groups that contain IGMP host-enabled interfaces. |
Vlan-interface10(1.1.1.20) |
Name and IP address of the IGMP host-enabled interface. |
IGMP host groups in total |
Total number of multicast groups on the interface. |
Group address/Group |
Address of the multicast group. |
Member state |
Member state: · Delay—The interface has joined the multicast group, and it has started the delay timer for sending IGMP reports. · Idle—The interface has joined the multicast group, but it has not started the delay timer for sending IGMP reports. The delay timer is not user configurable. |
Expires |
Remaining delay time for the interface to send an IGMP report. This field displays Off if the delay timer is disabled. |
Group mode |
Multicast source filtering mode: · Include. · Exclude. |
Source list |
Multicast sources of the multicast group. |
sources in total |
Total number of multicast sources. |
|
NOTE: For more information about the command output, see IGMP in IP Multicast Configuration Guide. |
Related commands
igmp host enable
display ipv6 nd suppression vsi
Use display ipv6 nd suppression vsi to display ND flood suppression entries.
Syntax
display ipv6 nd suppression vsi [ name vsi-name ] [ slot slot-number ] [ count ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
name vsi-name: Specifies a VSI by its name, a case-sensitive string of 1 to 31 characters. If you do not specify a VSI, this command displays entries for all VSIs.
slot slot-number: Specifies a card by its slot number. If you do not specify a card, this command displays entries on the active MPU.
count: Displays the number of ND flood suppression entries that match the command.
Examples
# Display ND flood suppression entries.
<Sysname> display ipv6 nd suppression vsi
IPv6 address MAC address VSI name Link ID Aging (min)
1000::2 000f-e201-0101 vsi1 0x70000 5
1000::3 000f-e201-0202 vsi1 0x80000 5
1000::4 000f-e201-0203 vsi2 0x90000 5
# Display the number of ND flood suppression entries.
<Sysname> display ipv6 nd suppression vsi count
Total entries: 3
Table 3 Command output
Field |
Description |
Link ID |
Link ID that uniquely identifies an AC or a VXLAN tunnel on a VSI. |
Aging (min) |
Remaining lifetime (in minutes) of the ND flood suppression entry. When the timer expires, the entry is deleted. |
Related commands
ipv6 nd suppression enable
reset ipv6 nd suppression vsi
display l2vpn interface
Use display l2vpn interface to display L2VPN information for Layer 3 interfaces that are mapped to VSIs.
Syntax
display l2vpn interface [ vsi vsi-name | interface-type interface-number ] [ verbose ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
vsi vsi-name: Specifies a VSI name, a case-sensitive string of 1 to 31 characters.
interface-type interface-number: Specifies an interface by its type and number.
verbose: Displays detailed information about Layer 3 interfaces. If you do not specify this keyword, the command displays brief information about Layer 3 interfaces.
Usage guidelines
If you do not specify any parameters, this command displays brief L2VPN information for all Layer 3 interfaces that are mapped to VSIs.
Examples
# Display brief L2VPN information for all Layer 3 interfaces that are mapped to VSIs.
<Sysname> display l2vpn interface
Total number of interfaces: 2, 1 up, 1 down
Interface Owner Link ID State Type
XGE3/0/1 vxlan3 1 Up VSI
XGE3/0/2 vxlan4 2 Down VSI
Table 4 Command output
Field |
Description |
Interface |
Layer 3 interface name. |
Owner |
VSI name. |
Link ID |
The interface's link ID on the VSI. |
State |
Physical state of the interface: · Up—The interface is physically up. · Down—The interface is physically down. |
Type |
L2VPN type of the interface. This field displays VSI for the VXLAN feature. |
# Display detailed L2VPN information for all Layer 3 interfaces that are mapped to VSIs.
<Sysname> display l2vpn interface verbose
Interface: XGE3/0/1
Owner : vsi1
Link ID : 0
State : Down
Type : VSI
E-Tree Mode : root
AC VNID : -
End.Dx2 SID : -
End.Dx2l SID : -
Statistics : Enabled
Table 5 Command output
Field |
Description |
Interface |
Layer 3 interface name. |
Owner |
VSI name. |
Link ID |
The interface's link ID on the VSI. |
State |
Physical state of the interface: · Up—The interface is physically up. · Down—The interface is physically down. |
Type |
L2VPN type of the interface. This field displays VSI for the VXLAN feature. |
E-Tree Mode |
Role of the AC in EVPN E-tree in the EVPN VPLS or EVPN VPLS over SRv6 network: · root. · leaf. |
AC VNID |
Virtual nexthop for the AC. This field is available only when AC bypass is configured for the AC. |
End.Dx2 SID |
End.DX2 SID assigned to the AC in the EVPN VPLS over SRv6 network. This field displays a hyphen (-) if the AC is not assigned any End.DX2 SID. |
End.Dx2l SID |
End.Dx2l SID assigned to the AC in the EVPN VPLS over SRv6 network. This field displays a hyphen (-) if the AC is not assigned any End.Dx2l SID. |
DF State |
Whether the device is the designated forwarder for the AC at a multihomed EVPN site: · BDF—The device is a backup designated forwarder. · DF—The device is the designated forwarder. This field is not displayed if no Ethernet segment identifiers are configured on the interface. |
Track SRv6 PW |
Whether the device is enabled to monitor the state of SRv6 PWs on the interface: · Enabled. · Disabled. This field is available only for L2VE interfaces and L2VE subinterfaces. |
Statistics |
Packet statistics state: · Enabled—The packet statistics feature is enabled for the interface. · Disabled—The packet statistics feature is disabled for the interface. |
Input Statistics |
Incoming traffic statistics: · Octets—Number of incoming bytes. · Packets—Number of incoming packets. · Errors—Number of error packets. · Discards—Number of dropped packets. |
Output Statistics |
Outgoing traffic statistics: · Octets—Number of outgoing bytes. · Packets—Number of outgoing packets. · Errors—Number of error packets. · Discards—Number of dropped packets. |
Related commands
display l2vpn service-instance
display l2vpn mac-address
Use display l2vpn mac-address to display L2VPN MAC address entries.
Syntax
display l2vpn mac-address [ interface interface-type interface-number [ service-instance instance-id ] | mac-address | vsi vsi-name [ ac | mac-address ] ] [ dynamic ] [ count ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
interface interface-type interface-number: Specifies an interface by its interface type and number.
service-instance instance-id: Specifies an Ethernet service instance by its ID in the range of 1 to 4096. Do not specify this option if a Layer 3 interface is specified. If you specify a Layer 2 Ethernet interface or Layer 2 aggregate interface, you must specify this option.
mac-address: Specifies a MAC address in H-H-H format. You can omit the consecutive zeros at the beginning of each segment. For example, you can enter f-e2-1 for 000f-00e2-0001.
vsi vsi-name: Specifies a VSI name, a case-sensitive string of 1 to 31 characters.
ac: Specifies all ACs in the specified VSI. If you do not specify this keyword, the command displays MAC address entries for all ACs and VXLAN tunnels in the specified VSI.
dynamic: Specifies dynamic MAC address entries learned in the data plane. If you do not specify this keyword, the command displays all MAC address entries, including:
· Dynamic remote- and local-MAC entries.
· Remote-MAC entries advertised through VXLAN IS-IS.
· Remote-MAC entries advertised through BGP EVPN.
· Manually added static remote- and local-MAC entries.
· Remote-MAC entries issued through OpenFlow.
count: Displays the number of MAC address entries. If you do not specify this keyword, the command displays detailed information about MAC address entries.
Usage guidelines
This command displays all L2VPN MAC address entries if you do not specify any of the following parameters:
· interface interface-type interface-number.
· service-instance instance-id.
· vsi vsi-name.
Examples
# Display all L2VPN MAC address entries.
<Sysname> display l2vpn mac-address
MAC Address State VSI Name Link ID/Name/Peer
Aging
0000-0000-000a Dynamic vpn1 XGE3/0/1
Aging
0000-0000-000b Static vpn1 Tunnel10
NotAging
0000-0000-000c Dynamic vpn1 Tunnel60
Aging
0000-0000-000d Dynamic vpn1 Tunnel99
Aging
0001-0001-0003 EVPN vpna Tunnel0
NotAging
Tunnel1
NotAging
00e0-fc09-0001 EVPN vpna XGE3/0/1
NotAging
--- 6 mac address(es) found ---
# Display the total number of L2VPN MAC address entries.
<Sysname> display l2vpn mac-address count
6 mac address(es) found
Table 6 Command output
Field |
Description |
State |
Entry state: · Dynamic—Local- or remote-MAC entry dynamically learned in the data plane. · Static—Static local- and remote-MAC entry. · EVPN—Remote-MAC entry advertised through BGP EVPN. · OpenFlow—Remote-MAC entry issued by a remote controller through OpenFlow. |
Link ID/Name/Peer |
For a local MAC address, this field displays an interface name. · If the AC is a Layer 3 interface, this field displays the name of that interface. · If the AC is an Ethernet service instance, this field displays the name of the interface where the Ethernet service instance is configured. For a remote MAC address, this field displays the following information: · Peer address of an SRv6 PW for EVPN VPLS over SRv6. · Tunnel interface name for VXLAN or EVPN VXLAN. If this filed displays a hyphen (-), the MAC address is unreachable. |
Aging |
Entry aging state: · Aging. · NotAging. |
Related commands
reset l2vpn mac-address
display l2vpn service-instance
Use display l2vpn service-instance to display information about Ethernet service instances.
Syntax
display l2vpn service-instance [ interface interface-type interface-number [ service-instance instance-id ] ] [ verbose ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
interface interface-type interface-number: Specifies a Layer 2 Ethernet interface or Layer 2 aggregate interface by its interface type and number. If you do not specify an interface, this command displays Ethernet service instance information for all Layer 2 Ethernet interfaces and Layer 2 aggregate interfaces.
service-instance instance-id: Specifies an Ethernet service instance by its ID in the range of 1 to 4096. If you do not specify an Ethernet service instance, this command displays information about all Ethernet service instances on the specified interface.
verbose: Displays detailed information about Ethernet service instances. If you do not specify this keyword, the command displays brief information about Ethernet service instances.
Examples
# Display brief information about all Ethernet service instances.
<Sysname> display l2vpn service-instance
Total number of service-instances: 4, 4 up, 0 down
Total number of ACs: 2, 2 up, 0 down
Interface SrvID Owner LinkID State Type
XGE3/0/1 3 vsi12 1 Up VSI
XGE3/0/1 4 vsi13 1 Up VSI
Table 7 Command output
Field |
Description |
Total number of ACs |
Total number of attachment circuits (ACs) and the number of ACs in each state (up or down). |
Interface |
Name of a Layer 2 Ethernet interface or Layer 2 aggregate interface. |
SrvID |
Ethernet service instance ID. |
Owner |
VSI name. This field is empty if an Ethernet service instance is not mapped to any VSI. |
LinkID |
Ethernet service instance's link ID on the VSI. |
State |
Ethernet service instance state: · Up. · Down. |
Type |
L2VPN type of the Ethernet service instance: · VSI. · VPWS. |
# Display detailed information about all Ethernet service instances on Ten-GigabitEthernet 3/0/1.
<Sysname> display l2vpn service-instance interface ten-gigabitethernet 3/0/1 verbose
Interface: XGE3/0/1
Service Instance : 1
Encapsulation : s-vid 16
VSI Name : vsi10
Link ID : 1
State : Up
E-Tree Mode : root
AC VNID : -
End.DX2 SID : -
End.DX2l SID : -
Statistics : Disabled
Table 8 Command output
Field |
Description |
Interface |
Name of a Layer 2 Ethernet interface or Layer 2 aggregate interface. |
Service Instance |
Ethernet service instance ID. |
Encapsulation |
Frame match criterion of the Ethernet service instance. If the Ethernet service instance does not contain a match criterion, the command does not display this field. |
Link ID |
Ethernet service instance's link ID on the VSI. |
State |
Ethernet service instance state: · Up. · Down. |
E-Tree Mode |
Role of the AC in EVPN E-tree in the EVPN VPLS or EVPN VPLS over SRv6 network: · root. · leaf. |
AC VNID |
ID of the virtual next hop for the AC. This field is displayed only when the AC is configured with an AC bypass. |
End.Dx2 SID |
End.DX2 SID assigned to the AC in the EVPN VPLS over SRv6 network. This field displays a hyphen (-) if the AC is not assigned any End.DX2 SID. |
End.Dx2l SID |
End.Dx2l SID assigned to the AC in the EVPN VPLS over SRv6 network. This field displays a hyphen (-) if the AC is not assigned any End.Dx2l SID. |
DF State |
Whether the device is the designated forwarder for the AC at a multihomed EVPN site: · BDF—The device is a backup designated forwarder. · DF—The device is the designated forwarder. This field is not displayed if no Ethernet segment identifiers are configured on the interface. |
Statistics |
Packet statistics state: · Enabled—The packet statistics feature is enabled for the Ethernet service instance. · Disabled—The packet statistics feature is disabled for the Ethernet service instance. |
Input Statistics |
Incoming traffic statistics: · Octets—Number of incoming bytes. · Packets—Number of incoming packets. · Errors—Number of error packets. · Discards—Number of dropped packets. |
Output Statistics |
Outgoing traffic statistics: · Octets—Number of outgoing bytes. · Packets—Number of outgoing packets. · Errors—Number of error packets. · Discards—Number of dropped packets. |
Related commands
service-instance
display l2vpn vsi
Use display l2vpn vsi to display information about VSIs.
Syntax
display l2vpn vsi [ name vsi-name | evpn-vpls | evpn-vxlan | vpls | vxlan ] [ count | verbose ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
name vsi-name: Specifies a VSI by its name, a case-sensitive string of 1 to 31 characters. If you do not specify a VSI, this command displays information about all VSIs.
evpn-vpls: Specifies EVPN VPLS.
evpn-vxlan: Specifies EVPN VXLAN.
vpls: Specifies VPLS.
vxlan: Specifies VXLAN.
count: Displays the number of matching VSIs.
verbose: Displays detailed information about VSIs. If you do not specify this keyword, the command displays brief information about VSIs.
Usage guidelines
If you do not specify a network type or VSI name, this command displays information about all VSIs.
Examples
# Display brief information about all VSIs.
<Sysname> display l2vpn vsi
Total number of VSIs: 1, 1 up, 0 down, 0 admin down
VSI Name VSI Index MTU State
vpna 0 1500 Up
# Display the total number of VSIs.
<Sysname> display l2vpn vsi count
Total number of VSIs: 1, 1 up, 0 down, 0 admin down
Table 9 Command output
Field |
Description |
MTU |
MTU on the VSI. |
State |
VSI state: · Up—The VSI is up. · Down—The VSI is down. · Admin down—The VSI has been manually shut down by using the shutdown command. |
# Display detailed information about all VSIs.
<Sysname> display l2vpn vsi verbose
VSI Name: vpna
VSI Index : 0
VSI State : Up
MTU : 1500
Diffserv Mode : -
Bandwidth : Unlimited
Broadcast Restrain : 5120 kbps
Multicast Restrain : 5120 kbps
Unknown Unicast Restrain: 5120 kbps
MAC Learning : Enabled
MAC Table Limit : Unlimited
MAC Learning rate : -
Local MAC aging time : 300 sec
Remote MAC aging time : 300 sec
Drop Unknown : Disabled
PW Redundancy Mode : Slave
DSCP : -
Service Class : -
Flooding : Enabled
ESI : 0000.0000.0000.0000.0000
Redundancy Mode : All-active
Straight-fwd PW-to-AC : Disabled
Statistics : Disabled
Gateway Interface : VSI-interface 100
VXLAN ID : 10
Tunnel Statistics : Enabled
Tunnels:
Tunnel Name Link ID State Type Flood Proxy
Tunnel1 0x5000001 Up Manual Disabled
Tunnel2 0x5000002 Up Manual Disabled
ACs:
AC Link ID State
XGE3/0/1 0x0 Up
…
Table 10 Command output
Field |
Description |
VSI Description |
Description of the VSI. If the VSI does not have a description, the command does not display this field. |
VSI State |
VSI state: · Up—The VSI is up. · Down—The VSI is down. · Administratively down—The VSI has been manually shut down by using the shutdown command. |
MTU |
MTU on the VSI. |
Diffserv Mode |
DiffServ mode. Options include the following: · ingress—DiffServ mode for the inbound direction. · egress—DiffServ mode for the outbound direction. · pipe—Pipe mode. · short-pipe—Short-pipe mode. · uniform—Uniform mode. · trust—Priority trust mode: ¡ inner-dot1p—Trusts the inner 802.1p priority in packets. ¡ dscp—Trusts the DSCP in packets. af1, af2, af3, af4, be, cs6, cs7, or ef represents the MPLS EXP value. If no DiffServ mode is configured, this field displays a hyphen (-). |
Bandwidth |
Maximum bandwidth (in kbps) for known unicast traffic on the VSI. If no bandwidth limit is set for the VSI, Unlimited is displayed. If this field is not supported, a hyphen (-) is displayed. |
Broadcast Restrain |
Broadcast restraint bandwidth (in kbps). If the broadcast restraint bandwidth is not set, Unlimited is displayed. If this field is not supported, a hyphen (-) is displayed. |
Multicast Restrain |
Multicast restraint bandwidth (in kbps). If the multicast restraint bandwidth is not set, Unlimited is displayed. If this field is not supported, a hyphen (-) is displayed. |
Unknown Unicast Restrain |
Unknown unicast restraint bandwidth (in kbps). If the unknown unicast restraint bandwidth is not set, Unlimited is displayed. If this field is not supported, a hyphen (-) is displayed. |
MAC Learning |
State of the MAC learning feature. |
MAC Table Limit |
Maximum number of MAC address entries on the VSI. If this field is not supported, a hyphen (-) is displayed. |
MAC Learning rate |
MAC address entry learning rate of the VSI. |
Local MAC aging time |
MAC aging time for dynamic local-MAC entries, in seconds. If dynamic local-MAC entries do not age out, this field displays NotAging. |
Remote MAC aging time |
MAC aging time for dynamic remote-MAC entries, in seconds. If dynamic remote-MAC entries do not age out, this field displays NotAging. |
Drop Unknown |
Action on source MAC-unknown frames received after the maximum number of MAC entries is reached. |
DSCP |
DSCP value of outgoing VXLAN packets. |
Service Class |
This field is not supported in the current software version. Service class value of outgoing VXLAN packets. |
Flooding |
State of the VSI's flooding feature: · Enabled—Flooding is enabled on the VSI. The VTEP floods unknown unicast frames to both local and remote sites. · Disabled—Flooding is disabled on the VSI. The VTEP floods unknown unicast frames only to local sites. |
ESI |
ESI assigned to the VSI. |
Redundancy Mode |
ES redundancy mode for the VSI: · A—All-active mode. · S—Single-active mode. |
Straight-fwd PW-to-AC |
State of direct PW-to-AC forwarding on the VSI: · Enabled. · Disabled. |
Statistics |
Packet statistics state: · Enabled—The packet statistics feature is enabled for the VSI. · Disabled—The packet statistics feature is disabled for the VSI. |
Input Statistics |
Incoming traffic statistics: · Octets—Number of incoming bytes. · Packets—Number of incoming packets. · Errors—Number of error packets. · Discards—Number of discarded packets. |
Output Statistics |
Outgoing traffic statistics: · Octets—Number of outgoing bytes. · Packets—Number of outgoing packets. · Errors—Number of error packets. · Discards—Number of discarded packets. |
Input Rate |
Incoming traffic rate. |
Output Rate |
Outgoing traffic rate. |
Gateway Interface |
VSI interface name. |
EVPN Encapsulation |
EVPN encapsulation type: · VXLAN. · MPLS. · SRv6. |
Tunnel Statistics |
Packet statistics state: · Enabled—The packet statistics feature is enabled for the VXLAN tunnels of the VSI. · Disabled—The packet statistics feature is disabled for the VXLAN tunnels of the VSI. |
State |
Tunnel state: · Up—The tunnel is operating correctly. · Blocked—The tunnel is a backup proxy tunnel. Its tunnel interface is up, but the tunnel is blocked because the primary proxy tunnel is operating correctly. · Defect—The tunnel interface is up, but BFD cannot detect the remote VTEP. · Down—The tunnel interface is down. |
Type |
Tunnel assignment method: · Auto—The tunnel was automatically assigned to the VXLAN: ¡ EVPN automatically assigned the tunnel to the VXLAN. ¡ For a multicast-mode VXLAN, the tunnel (MTunnel) was automatically created and assigned to the VXLAN to transmit flood traffic. · Manual—The tunnel was manually assigned to the VXLAN. |
Flood Proxy |
This field is not supported in the current software version. Flood proxy state: · Enabled—Flood proxy is enabled. The VTEP sends broadcast, multicast, and unknown unicast traffic to a flood proxy server through the tunnel. The flood proxy server replicates and forwards flood traffic to remote VTEPs. · Disabled—Flood proxy is disabled. |
EVPN MPLS Labels |
MPLS labels for the VSI. |
MPLS label |
MPLS label in MAC/IP advertisement routes. |
IMET MPLS label |
MPLS label in IMET routes. |
Peer |
IP address of the remote PE. |
Link ID |
Link ID of the PW in the VSI. |
Flag |
PW attribute flag: · Main—Primary PW. · BackUp—Backup PW. |
Create time |
Time when the PW was created. |
Last time status changed |
Time when the most recent PW state change occurred. |
ACs |
ACs that are bound to the VSI. |
Link ID |
AC's link ID on the VSI. |
State |
AC state: · Up. · Down. |
Statistics |
State of AC traffic statistics. |
display vxlan tunnel
Use display vxlan tunnel to display VXLAN tunnel information for VXLANs.
Syntax
display vxlan tunnel [ vxlan-id vxlan-id [ tunnel tunnel-number ] ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
vxlan-id: Specifies a VXLAN ID in the range of 0 to 16777215. If you do not specify a VXLAN, this command displays VXLAN tunnel information for all VXLANs.
tunnel tunnel-number: Specifies a VXLAN tunnel. The tunnel-number argument represents the tunnel interface number. The value range for the tunnel-number argument is 0 to 32767. If you do not specify a VXLAN tunnel, this command displays information about all VXLAN tunnels associated with the specified VXLAN.
Examples
# Display VXLAN tunnel information for all VXLANs.
<Sysname> display vxlan tunnel
Total number of VXLANs: 1
VXLAN ID: 10, VSI name: vpna, Total tunnels: 4 (4 up, 0 down, 0 defect, 0 blocked)
Tunnel name Link ID State Type Flood Proxy
Tunnel0 0x5000000 Up Auto Disabled
Tunnel1 0x5000001 Up Manual Disabled
Tunnel2 0x5000002 Up Manual/Auto Disabled
MTunnel0 0x6002710 Up Auto Disabled
# Display VXLAN tunnel information for VXLAN 10.
<Sysname> display vxlan tunnel vxlan-id 10
VXLAN ID: 10, VSI name: vpna, Total tunnels: 4 (4 up, 0 down, 0 defect, 0 blocked)
Tunnel name Link ID State Type Flood Proxy
Tunnel0 0x5000000 Up Auto Disabled
Tunnel1 0x5000001 Up Manual Disabled
Tunnel2 0x5000002 Up Manual/Auto Disabled
MTunnel0 0x6002710 Up Auto Disabled
# Display information about VXLAN tunnel 0 for VXLAN 10.
<Sysname> display vxlan tunnel vxlan-id 10 tunnel 0
Interface: Tunnel0
Link ID : 0x5000000
State : Up
Type : Manual
Flood Proxy: Disabled
Statistics : Enabled
Input Statistics:
Octets : 994496
Packets: 15539
Output Statistics:
Octets : 0
Packets: 0
Table 11 Command output
Field |
Description |
Link ID |
Tunnel's link ID in the VXLAN. |
State |
Tunnel state: · Up—The tunnel is operating correctly. · Blocked—The tunnel is a backup proxy tunnel. Its tunnel interface is up, but the tunnel is blocked because the primary proxy tunnel is operating correctly. · Defect—The tunnel interface is up, but BFD cannot detect the remote VTEP. · Down—The tunnel interface is down. |
Type |
Tunnel assignment method: · Auto—The tunnel was automatically assigned to the VXLAN: ¡ EVPN automatically assigned the tunnel to the VXLAN. ¡ For a multicast-mode VXLAN, the tunnel (MTunnel) was automatically created and assigned to the VXLAN to transmit flood traffic. · Manual—The tunnel was manually assigned to the VXLAN. |
Flood Proxy |
This field is not supported in the current software version. Flood proxy state: · Enabled—Flood proxy is enabled. The VTEP sends broadcast, multicast, and unknown unicast traffic to a flood proxy server through the tunnel. The flood proxy server replicates and forwards flood traffic to remote VTEPs. · Disabled—Flood proxy is disabled. |
Statistics |
Packet statistics state: · Enabled—The packet statistics feature is enabled for the VXLAN tunnel. · Disabled—The packet statistics feature is disabled for the VXLAN tunnel. |
Input Statistics |
Incoming traffic statistics: · Octets—Number of incoming bytes. · Packets—Number of incoming packets. |
Output Statistics |
Outgoing traffic statistics: · Octets—Number of outgoing bytes. · Packets—Number of outgoing packets. |
Related commands
negotiate-vni enable
tunnel
vxlan
dscp
Use dscp to set the DSCP value of outgoing VXLAN packets.
Use undo dscp to restore the default.
Syntax
dscp dscp-value
undo dscp
Default
If a ToS value has been configured for a VXLAN tunnel by using the tunnel tos command, the DSCP value of outgoing VXLAN packets transmitted over the tunnel is the configured ToS value. If the tunnel tos command is not executed for a VXLAN tunnel, the DSCP value of outgoing VXLAN packets transmitted over the tunnel is 0.
Views
VSI view
Predefined user roles
network-admin
Parameters
dscp-value: Specifies a DSCP value in the range of 0 to 63.
Usage guidelines
The DSCP value is carried in the ToS field of an IPv4 packet or the Traffic Class field of an IPv6 packet to determine the transmission priority of the packet. A larger DSCP value represents a higher priority.
This command takes effect on both IPv4 and IPv6 VXLAN packets.
If you execute this command multiple times for a VSI, the most recent configuration takes effect.
Examples
# Set the DSCP value to 30 for outgoing VXLAN packets.
<Sysname> system-view
[Sysname] vsi vpna
[Sysname-vsi-vpna] dscp 30
Related commands
display l2vpn vsi
encapsulation
Use encapsulation to configure a frame match criterion for an Ethernet service instance.
Use undo encapsulation to restore the default.
Syntax
encapsulation s-vid vlan-id
undo encapsulation
Default
An Ethernet service instance does not contain a frame match criterion.
Views
Ethernet service instance view
Predefined user roles
network-admin
Parameters
s-vid vlan-id: Matches frames that are tagged with the specified outer 802.1Q VLAN ID. The vlan-id argument specifies a VLAN ID in the range of 1 to 4094.
Usage guidelines
An Ethernet service instance can contain only one match criterion. To change the match criterion, first execute the undo encapsulation command to remove the original criterion. When you remove the match criterion in an Ethernet service instance, the mapping between the service instance and the VSI is removed automatically.
For more information about outer and inner 802.1Q VLAN IDs, see QinQ in Layer 2—LAN Switching Configuration Guide.
Examples
# Configure Ethernet service instance 1 on Ten-GigabitEthernet 3/0/1. The service instance matches frames that have an outer 802.1Q VLAN ID of 111.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 3/0/1
[Sysname-Ten-GigabitEthernet3/0/1] service-instance 1
[Sysname-Ten-GigabitEthernet3/0/1-srv1] encapsulation s-vid 111
Related commands
display l2vpn service-instance
flooding disable
Use flooding disable to disable flooding for a VSI.
Use undo flooding disable to enable flooding for a VSI.
Syntax
flooding disable { all | { broadcast | unknown-multicast | unknown-unicast } * }
undo flooding disable
Default
Flooding is enabled for a VSI.
Views
VSI view
Predefined user roles
network-admin
Parameters
all: Specifies broadcast, unknown unicast, and unknown multicast traffic.
broadcast: Specifies broadcast traffic. This keyword is not supported in the current software version.
unknown-multicast: Specifies unknown multicast traffic. This keyword is not supported in the current software version.
unknown-unicast: Specifies unknown unicast traffic. This keyword is not supported in the current software version.
Usage guidelines
By default, the device floods broadcast, unknown unicast, and unknown multicast frames received from the local site to the following interfaces in the frame's VXLAN:
· All site-facing interfaces except for the incoming interface.
· All VXLAN tunnel interfaces.
To confine a kind of flood traffic to the site-facing interfaces, use this command to disable flooding for that kind of flood traffic on the VSI bound to the VXLAN. The VSI will not flood the corresponding frames to VXLAN tunnel interfaces.
Examples
# Disable flooding for VSI vsi1.
<Sysname> system-view
[Sysname] vsi vsi1
[Sysname-vsi-vsi1] flooding disable all
group
Use group to assign a VXLAN a multicast group address for flood traffic, and specify a source IP address for multicast VXLAN packets.
Use undo group to restore the default.
Syntax
group group-address source source-address
undo group group-address source source-address
Default
A VXLAN uses unicast mode (head-end replication) for flood traffic. No multicast group address or source IP address is specified for multicast VXLAN packets.
Views
VXLAN view
Predefined user roles
network-admin
Parameters
group-address: Specifies a multicast address in the range of 224.0.1.0 to 239.255.255.255.
source source-address: Specifies a source IP address for multicast VXLAN packets.
Usage guidelines
To reduce traffic sent to the transport network, use multicast mode if the network has dense flood traffic or many VTEPs.
The multicast mode supports the following multicast methods:
· PIM—VTEPs and transport network devices run PIM to generate multicast forwarding entries. On a VTEP, you can use the IP address of a loopback interface as the source IP address for multicast VXLAN packets. If the VTEP has multiple transport-facing interfaces, PIM dynamically selects the outgoing interfaces for multicast VXLAN packets.
· IGMP host—VTEPs and transport network devices run PIM and IGMP to generate multicast forwarding entries.
¡ Transport-facing interfaces of VTEPs act as IGMP hosts.
¡ Transport network devices connected to a VTEP run IGMP.
¡ All transport network devices run PIM.
On a VTEP, you must use the IP address of the transport-facing interface as the source IP address for multicast VXLAN packets. If the VTEP has multiple transport-facing interfaces, multicast VXLAN packets are sent to the transport network through the interface that provides the source IP address for multicast VXLAN packets.
VTEPs in a multicast-mode VXLAN can use different multicast methods.
To forward multicast traffic correctly, you must use the source IP address of an up VXLAN tunnel as the source IP address for multicast VXLAN packets.
For multicast-mode VXLANs, transport network devices must maintain multicast group and forwarding information. To reduce the multicast forwarding entries maintained by transport network devices, assign a multicast group address to multiple VXLANs. The VTEP separates traffic between VXLANs by VXLAN IDs.
|
NOTE: For VXLANs that use the same multicast group address, you must configure the same source IP address for their multicast VXLAN packets. |
If you execute the group command multiple times for a VXLAN, the most recent configuration takes effect.
Examples
<Sysname> system-view
[Sysname] vsi aaa
[Sysname-vsi-aaa] vxlan 100
[Sysname-vsi-aaa-vxlan-100] group 233.1.1.1 source 2.1.1.1
Related commands
igmp host enable
pim dm (IP Multicast Command Reference)
pim sm (IP Multicast Command Reference)
igmp host enable
Use igmp host enable to enable the IGMP host feature on an interface.
Use undo igmp host enable to disable the IGMP host feature on an interface.
Syntax
igmp host enable
undo igmp host enable
Default
The IGMP host feature is disabled on an interface.
Views
Interface view
Predefined user roles
network-admin
Usage guidelines
You must configure an interface as an IGMP host if its IP address is the source IP address of multicast VXLAN packets. The IGMP host feature enables the interface to send IGMP reports in response to IGMP queries before it can receive traffic from a multicast group.
For this command to take effect, you must use the multicast routing command to enable IP multicast routing.
Examples
# Enable IP multicast routing, and then enable the IGMP host feature on Ten-GigabitEthernet 3/0/1.
<Sysname> system-view
[Sysname] multicast routing
[Sysname-mrib] quit
[Sysname] interface ten-gigabitethernet 3/0/1
[Sysname-Ten-GigabitEthernet3/0/1] igmp host enable
Related commands
display igmp host group
group
multicast routing (IP Multicast Command Reference)
ipv6 nd suppression enable
Use ipv6 nd suppression enable to enable ND flood suppression.
Use undo ipv6 nd suppression enable to disable ND flood suppression.
Syntax
ipv6 nd suppression enable
undo ipv6 nd suppression enable
Default
ND flood suppression is disabled.
Views
VSI view
Predefined user roles
network-admin
Usage guidelines
ND flood suppression reduces ND request multicasts by enabling the VTEP to reply to ND requests on behalf of user terminals.
This feature snoops ND packets to populate the ND flood suppression table with local and remote MAC addresses. If an ND request has a matching entry, the VTEP replies to the request on behalf of the user terminal. If no match is found, the VTEP floods the request to both local and remote sites.
Examples
# Enable ND flood suppression for VSI vsi1.
<Sysname> system-view
[Sysname] vsi vsi1
[Sysname-vsi-vsi1] ipv6 nd suppression enable
Related commands
display ipv6 nd suppression vsi
reset ipv6 nd suppression vsi
l2vpn enable
Use l2vpn enable to enable L2VPN.
Use undo l2vpn enable to disable L2VPN.
Syntax
l2vpn enable
undo l2vpn enable
Default
L2VPN is disabled.
Views
System view
Predefined user roles
network-admin
Usage guidelines
You must enable L2VPN before you can configure L2VPN settings.
Examples
# Enable L2VPN.
<Sysname> system-view
[Sysname] l2vpn enable
l2vpn statistics interval
Use l2vpn statistics interval to set the VXLAN statistics collection interval.
Use undo l2vpn statistics interval to restore the default.
Syntax
l2vpn statistics interval interval
undo l2vpn statistics interval
Default
The VXLAN statistics collection interval is 15 minutes.
Views
System view
Predefined user roles
network-admin
Parameters
interval: Specifies an interval value in the range of 5 to 65535 seconds.
Examples
# Set the VXLAN statistics collection interval to 30 seconds.
<Sysname> system-view
[Sysname] l2vpn statistics interval 30
mac-address mac-learning priority
Use mac-address mac-learning priority to set the MAC learning priority of an AC.
Use undo mac-address mac-learning priority to restore the default.
Syntax
mac-address mac-learning priority { high | low }
undo mac-address mac-learning priority
Default
The MAC learning priority of an AC is low.
Views
Layer 3 Ethernet interface view
Layer 3 aggregate interface view
Ethernet service instance view
Predefined user roles
network-admin
Parameters
high: Specifies high MAC learning priority.
low: Specifies low MAC learning priority.
Usage guidelines
This setting takes effect only after the AC is mapped to a VSI.
A VSI uses the MAC learning priority to limit the ACs from which an AC can learn MAC addresses. A low-priority AC cannot learn MAC addresses from a high-priority AC. A high-priority AC can learn MAC addresses from a low-priority AC or another high-priority AC. If an AC learns a MAC address from another AC, the new MAC address entry overwrites the old one.
Examples
# Set the MAC learning priority to high for Ten-GigabitEthernet 3/0/1.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 3/0/1
[Sysname-Ten-GigabitEthernet3/0/1] mac-address mac-learning priority high
mac-address static
Use mac-address static to add a static MAC address entry for a VXLAN VSI.
Use undo mac-address static to remove a static MAC address entry for a VXLAN VSI.
Syntax
mac-address static mac-address { interface interface-type interface-number | interface interface-type interface-number service-instance instance-id | interface tunnel tunnel-number } vsi vsi-name
undo mac-address static [ mac-address ] [ interface interface-type interface-number | interface interface-type interface-number service-instance instance-id | interface tunnel tunnel-number ] vsi vsi-name
Default
VXLAN VSIs do not have static MAC address entries.
Views
System view
Predefined user roles
network-admin
Parameters
mac-address: Specifies a MAC address in H-H-H format. Do not specify a multicast MAC address or an all-zeros MAC address. You can omit the consecutive zeros at the beginning of each segment. For example, you can enter f-e2-1 for 000f-00e2-0001.
interface interface-type interface-number: Specifies a Layer 3 interface by its type and number.
interface interface-type interface-number service-instance instance-id: Specifies an Ethernet service instance on a Layer 2 interface. The interface-type interface-number argument specifies the interface by its type and number. The instance-id argument specifies the Ethernet service instance by its ID in the range of 1 to 4096. This option applies to local MAC addresses.
interface tunnel tunnel-number: Specifies a VXLAN tunnel interface. The tunnel-number argument represents the tunnel interface number. The tunnel interface must already exist. This option applies to remote MAC addresses.
vsi vsi-name: Specifies the VSI name, a case-sensitive string of 1 to 31 characters.
Usage guidelines
A local MAC address is the MAC address of a VM in the local site. Local MAC entries include manually added entries and dynamically learned entries.
A remote MAC address is the MAC address of a VM in a remote site. Remote MAC entries can be generated by a variety of methods, including MAC entries manually added, dynamically learned, and advertised by BGP EVPN.
When you add a local MAC address entry, make sure the specified Layer 3 interface or Ethernet service instance has been mapped to the VSI. When you add a remote MAC address entry, make sure the VSI's VXLAN has been specified on the VXLAN tunnel.
Do not configure static remote-MAC entries for VXLAN tunnels that are automatically established by using EVPN.
· EVPN re-establishes VXLAN tunnels if the transport-facing interface goes down and then comes up. If you have configured static remote-MAC entries, the entries are deleted when the tunnels are re-established.
· EVPN re-establishes VXLAN tunnels if you perform configuration rollback. If the tunnel IDs change during tunnel re-establishment, configuration rollback fails, and static remote-MAC entries on the tunnels cannot be restored.
For more information about EVPN, see EVPN Configuration Guide.
The undo mac-address static vsi vsi-name command removes all static MAC address entries for a VSI.
Examples
# Add MAC address 000f-e201-0101 to VSI vsi1. Specify Tunnel-interface 1 as the outgoing interface.
<Sysname> system-view
[Sysname] mac-address static 000f-e201-0101 interface tunnel 1 vsi vsi1
# Add MAC address 000f-e201-0102 of Ethernet service instance 1 to VSI vsi1. Specify Ten-GigabitEthernet 3/0/1 as the outgoing interface.
<Sysname> system-view
[Sysname] mac-address static 000f-e201-0102 interface ten-gigabitethernet 3/0/1 service-instance 1 vsi vsi1
Related commands
vxlan tunnel mac-learning disable
reset arp suppression vsi
Use reset arp suppression vsi to clear ARP flood suppression entries on VSIs.
Syntax
reset arp suppression vsi [ name vsi-name ]
Views
User view
Predefined user roles
network-admin
Parameters
name vsi-name: Specifies a VSI by its name, a case-sensitive string of 1 to 31 characters. If you do not specify a VSI, this command clears ARP flood suppression entries on all VSIs.
Examples
# Clear ARP flood suppression entries on all VSIs.
<Sysname> reset arp suppression vsi
This command will delete all entries. Continue? [Y/N]:y
Related commands
arp suppression enable
display arp suppression vsi
reset ipv6 nd suppression vsi
Use reset ipv6 nd suppression vsi to clear ND flood suppression entries on VSIs.
Syntax
reset ipv6 nd suppression vsi [ name vsi-name ]
Views
User view
Predefined user roles
network-admin
Parameters
name vsi-name: Specifies a VSI by its name, a case-sensitive string of 1 to 31 characters. If you do not specify a VSI, this command clears ND flood suppression entries on all VSIs.
Examples
# Clear ND flood suppression entries on all VSIs.
<Sysname> reset ipv6 nd suppression vsi
This command will delete all entries. Continue? [Y/N]:y
Related commands
display ipv6 nd suppression vsi
ipv6 nd suppression enable
reset l2vpn mac-address
Use reset l2vpn mac-address to clear dynamic MAC address entries on VSIs.
Syntax
reset l2vpn mac-address [ vsi vsi-name ]
Views
User view
Predefined user roles
network-admin
Parameters
vsi vsi-name: Specifies a VSI by its name, a case-sensitive string of 1 to 31 characters. If you do not specify a VSI, this command clears all dynamic MAC address entries on all VSIs.
Usage guidelines
Use this command when the number of dynamic MAC address entries reaches the limit or the device learns incorrect MAC addresses.
Examples
# Clear the dynamic MAC address entries on VSI vpn1.
<Sysname> reset l2vpn mac-address vsi vpn1
Related commands
display l2vpn mac-address vsi
reset l2vpn statistics ac
Use reset l2vpn statistics ac to clear packet statistics on ACs.
Syntax
reset l2vpn statistics ac [ interface interface-type interface-number [ service-instance instance-id ] ]
Views
User view
Predefined user roles
network-admin
Parameters
interface interface-type interface-number: Specifies an interface by its type and number.
service-instance instance-id: Specifies an Ethernet service instance ID in the range of 1 to 4096. You must specify this option if the interface interface-type interface-number option specifies a Layer 2 interface. You cannot specify this option if the interface interface-type interface-number option specifies a Layer 3 interface.
Usage guidelines
If you do not specify any parameters, this command clears packet statistics on all ACs.
Examples
# Clear packet statistics for Layer 3 interface Ten-GigabitEthernet 3/0/1.
<Sysname> reset l2vpn statistics ac interface ten-gigabitethernet 3/0/1
Related commands
ac statistics enable
display l2vpn interface
display l2vpn service-instance verbose
statistics enable (Ethernet service instance view)
reset l2vpn statistics tunnel
Use reset l2vpn statistics tunnel to clear packet statistics on VXLAN tunnel interfaces.
Syntax
reset l2vpn statistics tunnel [ vsi vsi-name ]
Views
User view
Predefined user roles
network-admin
Parameters
vsi vsi-name: Specifies a VSI by its name, a case-sensitive string of 1 to 31 characters. If you do not specify a VSI, this command clears packet statistics on VXLAN tunnel interfaces of all VSIs.
Examples
# Clear packet statistics on VXLAN tunnel interfaces of all VSIs.
<Sysname> reset l2vpn statistics tunnel
Related commands
tunnel statistics enable
reset l2vpn statistics vsi
Use reset l2vpn statistics vsi to clear packet statistics on VSIs.
Syntax
reset l2vpn statistics vsi [ name vsi-name ]
Views
User view
Predefined user roles
network-admin
Parameters
name vsi-name: Specifies a VSI by its name, a case-sensitive string of 1 to 31 characters. If you do not specify a VSI, this command clears packet statistics on all VSIs.
Examples
# Clear packet statistics on all VSIs.
<Sysname> reset l2vpn statistics vsi
Related commands
statistics enable (VSI view)
rewrite inbound tag
Use rewrite inbound tag to configure the VLAN tag processing rule for incoming traffic.
Use undo rewrite inbound tag to restore the default.
Syntax
rewrite inbound tag { nest s-vid vlan-id [ c-vid vlan-id ] | remark { { 1-to-1 | 2-to-1 } s-vid vlan-id | { 1-to-2 | 2-to-2 } s-vid vlan-id c-vid vlan-id } | strip s-vid [ c-vid ] | swap } [ symmetric ]
undo rewrite inbound tag
Default
VLAN tags of incoming traffic are not processed.
Views
Layer 3 interface view
Predefined user roles
network-admin
Parameters
nest: Adds VLAN tags.
c-vid: Specifies an inner VLAN tag.
s-vid: Specifies an outer VLAN tag.
vlan-id: Specifies a VLAN ID in the range of 1 to 4094.
remark: Maps VLAN tags.
1-to-1: Performs one-to-one mapping to replace one VLAN tag of packets with the specified VLAN tag.
2-to-1: Performs two-to-one mapping to replace the outer and inner VLAN tags of double tagged packets with the specified VLAN tag.
1-to-2: Performs one-to-two mapping to replace the VLAN tag of single tagged packets with the specified outer and inner VLAN tags.
2-to-2: Performs two-to-two mapping to replace the outer and inner VLAN tags of double tagged packets with the specified outer and inner VLAN tags.
strip: Removes VLAN tags.
swap: Swaps the outer and inner VLAN tags.
symmetric: Applies the reverse VLAN tag processing rule to outgoing traffic.
Usage guidelines
To modify the VLAN tag processing rule for incoming traffic, you must first delete the existing rule by using the undo rewrite inbound tag command.
When you use this command, follow these restrictions:
· The rewrite inbound tag nest s-vid vlan-id c-vid vlan-id command does not take effect on tagged packets.
· The rewrite inbound tag nest s-vid vlan-id command does not take effect on double tagged packets.
· You cannot both specify the symmetric keyword in this command and configure the rewrite outbound tag command.
Examples
# Configure Ten-GigabitEthernet 3/0/1 to replace outer VLAN tag 10 with outer VLAN tag 100 for incoming traffic.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 3/0/1
[Sysname-Ten-GigabitEthernet3/0/1] rewrite inbound tag remark 1-to-1 s-vid 100
selective-flooding mac-address
Use selective-flooding mac-address to enable selective flood for a MAC address.
Use undo selective-flooding mac-address to disable selective flood for a MAC address.
Syntax
selective-flooding mac-address mac-address
undo selective-flooding mac-address mac-address
Default
Selective flood is disabled for all MAC addresses.
Views
VSI view
Predefined user roles
network-admin
Parameters
mac-address: Specifies a MAC address. The MAC address cannot be all Fs.
Usage guidelines
This command excludes a remote MAC address from the flood suppression done by using the flooding disable command. The VTEP will flood the frames destined for the specified MAC address to remote sites when unknown-unicast floods are confined to the local site.
Examples
# Enable selective flood for 000f-e201-0101 on VSI vsi1.
<Sysname> system-view
[Sysname] vsi vsi1
[Sysname-vsi-vsi1] selective-flooding mac-address 000f-e201-0101
Related commands
flooding disable
service-instance
Use service-instance to create an Ethernet service instance and enter its view, or enter the view of an existing Ethernet service instance.
Use undo service-instance to delete an Ethernet service instance.
Syntax
service-instance instance-id
undo service-instance instance-id
Default
No Ethernet service instances exist.
Views
Layer 2 aggregate interface view
Layer 2 Ethernet interface view
Predefined user roles
network-admin
Parameters
instance-id: Specifies an Ethernet service instance ID in the range of 1 to 4096.
Examples
# On the Layer 2 Ethernet interface Ten-GigabitEthernet 3/0/1, create Ethernet service instance 1 and enter Ethernet service instance view.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 3/0/1
[Sysname-Ten-GigabitEthernet3/0/1] service-instance 1
[Sysname-Ten-GigabitEthernet3/0/1-srv1]
Related commands
display l2vpn service-instance
shutdown
Use shutdown to shut down a VSI.
Use undo shutdown to bring up a VSI.
Syntax
shutdown
undo shutdown
Default
A VSI is not manually shut down.
Views
VSI view
Predefined user roles
network-admin
Usage guidelines
Use this command to temporarily disable a VSI to provide Layer 2 switching services. The shutdown action does not change settings on the VSI. You can continue to configure the VSI. After you bring up the VSI again, the VSI provides services based on the latest settings.
Examples
# Shut down VSI vpn1.
<Sysname> system-view
[Sysname] vsi vpn1
[Sysname-vsi-vpn1] shutdown
Related commands
display l2vpn vsi
statistics enable (Ethernet service instance view)
Use statistics enable to enable packet statistics for an Ethernet service instance.
Use undo statistics enable to disable packet statistics for an Ethernet service instance.
Syntax
statistics enable
undo statistics enable
Default
The packet statistics feature is disabled for an Ethernet service instance.
Views
Ethernet service instance view
Predefined user roles
network-admin
Usage guidelines
For this command to take effect, you must configure a frame match criterion for the Ethernet service instance and map it to a VSI. If you modify the frame match criterion or VSI mapping, packet statistics of the instance are cleared.
Examples
# Enable packet statistics for Ethernet service instance 200 on Ten-GigabitEthernet 3/0/1.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 3/0/1
[Sysname-Ten-GigabitEthernet3/0/1] service-instance 200
[Sysname-Ten-GigabitEthernet3/0/1-srv200] statistics enable
Related command
display l2vpn service-instance verbose
reset l2vpn statistics ac
statistics enable (tunnel interface view)
Use statistics enable to enable packet statistics for a manually created VXLAN or VXLAN-DCI tunnel.
Use undo statistics enable to disable packet statistics for a manually created VXLAN or VXLAN-DCI tunnel.
Syntax
statistics enable
undo statistics enable
Default
The packet statistics feature is disabled for a manually created VXLAN or VXLAN-DCI tunnel.
Views
VXLAN tunnel interface view
VXLAN-DCI tunnel interface view
Predefined user roles
network-admin
Examples
# Enable packet statistics for VXLAN tunnel interface Tunnel 0.
<Sysname> system-view
[Sysname] interface tunnel 0 mode vxlan
[Sysname-Tunnel0] statistics enable
Related commands
display interface tunnel (Layer 3—IP Services Command Reference)
reset counters interface tunnel (Layer 3—IP Services Command Reference)
tunnel statistics vxlan
statistics enable (VSI view)
Use statistics enable to enable packet statistics for a VSI.
Use undo statistics enable to disable packet statistics for a VSI.
Syntax
statistics enable
undo statistics enable
Default
The packet statistics feature is disabled for a VSI.
Views
VSI view
Predefined user roles
network-admin
Examples
# Enable packet statistics for VSI vpls1.
<Sysname> system-view
[Sysname] vsi vpls1
[Sysname-vsi-vpls1] statistics enable
Related commands
display l2vpn vsi verbose
reset l2vpn statistics vsi
tunnel
Use tunnel to assign a VXLAN tunnel to a VXLAN.
Use undo tunnel to remove a VXLAN tunnel from a VXLAN.
Syntax
tunnel tunnel-number [ remote-vni vxlan-id ]
undo tunnel tunnel-number
Default
A VXLAN does not contain VXLAN tunnels.
Views
VXLAN view
Predefined user roles
network-admin
Parameters
tunnel-number: Specifies a tunnel interface number. The value range for this argument is 0 to 32767. The tunnel must be a VXLAN tunnel.
remote-vni vxlan-id: Specifies a remote VXLAN ID in the range of 0 to 16777215. You can specify this option only for a VXLAN-DCI tunnel.
Usage guidelines
This command assigns a VXLAN tunnel to a VXLAN to provide Layer 2 connectivity for the VXLAN between two sites. Alternatively, you can use VXLAN IS-IS for automatic VXLAN tunnel assignment.
You can assign multiple VXLAN tunnels to a VXLAN, and configure a VXLAN tunnel to trunk multiple VXLANs. For a unicast-mode VXLAN, the system floods unknown unicast, multicast, and broadcast traffic to each tunnel in the VXLAN.
If two data centers use different VXLANs to convey the same service, you can use the remote-vni vxlan-id option to specify the remote VXLAN ID on each ED for the VXLANs to communicate. The EDs will replace the local VXLAN ID in VXLAN packets with the remote VXLAN ID before sending the packets to a remote ED.
Examples
# Assign VXLAN tunnels 0 and 1 to VXLAN 10000.
<Sysname> system-view
[Sysname] vsi vpna
[Sysname-vsi-vpna] vxlan 10000
[Sysname-vsi-vpna-vxlan-10000] tunnel 0
[Sysname-vsi-vpna-vxlan-10000] tunnel 1
Related commands
display vxlan tunnel
tunnel global source-address
Use tunnel global source-address to specify a global source address for VXLAN tunnels.
Use undo tunnel global source-address to restore the default.
Syntax
tunnel global source-address { ipv4-address | ipv6 ipv6-address }
undo tunnel global source-address [ ipv6 ]
Default
No global source address is specified for VXLAN tunnels.
Views
System view
Predefined user roles
network-admin
Parameters
ipv4-address: Specifies an IPv4 address.
ipv6 ipv6-address: Specifies an IPv6 address.
ipv6: Specifies the global IPv6 source address. If you do not specify this keyword when using the undo form of the command, the global IPv4 address is deleted.
Usage guidelines
A VXLAN tunnel uses the global source address if you do not specify a source interface or source address for the tunnel.
The global source address takes effect only on VXLAN tunnels. IPv4 VXLAN tunnels use the global IPv4 source address. IPv6 VXLAN tunnels use the global IPv6 source address.
Examples
# Specify 1.1.1.1 as the global source address for VXLAN tunnels.
<Sysname> system-view
[Sysname] tunnel global source-address 1.1.1.1
tunnel statistics enable
Use tunnel statistics enable to enable packet statistics for all VXLAN tunnels associated with a VSI.
Use undo tunnel statistics enable to disable packet statistics for all VXLAN tunnels associated with a VSI.
Syntax
tunnel statistics enable
undo tunnel statistics enable
Default
The packet statistics feature is disabled for the VXLAN tunnels associated with a VSI.
Views
VSI view
Predefined user roles
network-admin
Usage guidelines
This command enables packet statistics only for VXLAN tunnels. It does not take effect on VXLAN-DCI tunnels.
To view packet statistics about the VXLAN tunnels associated with a VSI, use the display vxlan tunnel vxlan-id vxlan-id tunnel tunnel-number command. The packet statistics displayed by using the display interface tunnel command are inaccurate.
Examples
# Enable packet statistics for all VXLAN tunnels associated with VSI vpna.
<Sysname> system-view
[Sysname] vsi vpna
[Sysname-vsi-vpna] tunnel statistics enable
tunnel statistics vxlan
Use tunnel statistics vxlan to enable packet statistics for VXLAN tunnels.
Use undo tunnel statistics vxlan to disable packet statistics for VXLAN tunnels.
Syntax
tunnel statistics vxlan { auto | l3-vni }
undo tunnel statistics vxlan { auto | l3-vni }
Default
The packet statistics feature is disabled for VXLAN tunnels.
Views
System view
Predefined user roles
network-admin
Parameters
auto: Specifies automatically created VXLAN tunnels.
l3-vni: Specifies VXLAN tunnels associated with L3 VXLAN IDs. For more information about L3 VXLAN IDs, see EVPN VXLAN configuration in EVPN Configuration Guide.
Usage guidelines
You can use this command to enable the device to collect packet statistics for all VXLAN tunnels that are automatically created by EVPN. This command takes effect on both existing VXLAN tunnels and VXLAN tunnels created after execution of this command.
Examples
# Enable packet statistics for automatically created VXLAN tunnels.
<Sysname> system-view
[Sysname] tunnel statistics vxlan auto
Related commands
display interface tunnel (Layer 3—IP Services Command Reference)
reset counters interface tunnel (Layer 3—IP Services Command Reference)
statistics enable (tunnel interface view)
vsi
Use vsi to create a VSI and enter its view, or enter the view of an existing VSI.
Use undo vsi to delete a VSI.
Syntax
vsi vsi-name
undo vsi vsi-name
Default
No VSIs exist.
Views
System view
Predefined user roles
network-admin
Parameters
vsi-name: Specifies a VSI name, a case-sensitive string of 1 to 31 characters.
Usage guidelines
A VSI acts as a virtual switch to provide Layer 2 switching services for a VXLAN on a VTEP. A VSI has all functions of a physical Ethernet switch, including source MAC address learning, MAC address aging, and flooding.
A VSI can provide services only for one VXLAN.
Examples
# Create VSI vxlan10 and enter VSI view.
<Sysname> system-view
[Sysname] vsi vxlan10
[Sysname-vsi-vxlan10]
Related commands
display l2vpn vsi
vtep access port
Use vtep access port to specify a site-facing interface as a VTEP access port.
Use undo vtep access port to restore the default.
Syntax
vtep access port
undo vtep access port
Default
An interface is not a VTEP access port.
Views
Layer 2 aggregate interface view
Layer 2 Ethernet interface view
Layer 3 interface view
Predefined user roles
network-admin
Usage guidelines
For controllers to manage a site-facing interface, you must specify the interface as a VTEP access port.
Examples
# Specify Ten-GigabitEthernet 3/0/1 as a VTEP access port.
<Sysname> system-view
[Sysname] interface ten-gigabitethernet 3/0/1
[Sysname-Ten-GigabitEthernet3/0/1] vtep access port
vxlan
Use vxlan to create a VXLAN and enter its view, or enter the view of an existing VXLAN.
Use undo vxlan to restore the default.
Syntax
vxlan vxlan-id
undo vxlan
Default
No VXLANs exist.
Views
VSI view
Predefined user roles
network-admin
Parameters
vxlan-id: Specifies a VXLAN ID in the range of 0 to 16777215.
Usage guidelines
You can create only one VXLAN for a VSI. The VXLAN ID for each VSI must be unique.
Examples
# Create VXLAN 10000 for VSI vpna and enter VXLAN view.
<Sysname> system-view
[Sysname] vsi vpna
[Sysname-vsi-vpna] vxlan 10000
[Sysname-vsi-vpna-vxlan-10000]
Related commands
vsi
vxlan invalid-vlan-tag discard
Use vxlan invalid-vlan-tag discard to enable the device to drop the VXLAN packets that have 802.1Q VLAN tags in the inner Ethernet header.
Use undo vxlan invalid-vlan-tag discard to restore the default.
Syntax
vxlan invalid-vlan-tag discard
undo vxlan invalid-vlan-tag discard
Default
The device does not check whether a VXLAN packet has 802.1Q VLAN tags in the inner Ethernet header.
Views
System view
Predefined user roles
network-admin
Usage guidelines
If a remote VTEP uses the Ethernet access mode, its VXLAN packets might contain 802.1Q VLAN tags. To prevent the local VTEP from dropping the VXLAN packets, do not execute the vxlan invalid-vlan-tag discard command on the local VTEP.
To configure the access mode, use the xconnect vsi command.
Examples
# Enable the device to drop VXLAN packets that have 802.1Q VLAN tags.
<Sysname> system-view
[Sysname] vxlan invalid-vlan-tag discard
Related commands
xconnect vsi
vxlan tunnel arp-learning disable
Use vxlan tunnel arp-learning disable to disable remote ARP learning for VXLANs.
Use undo vxlan tunnel arp-learning disable to enable remote ARP learning for VXLANs.
Syntax
vxlan tunnel arp-learning disable
undo vxlan tunnel arp-learning disable
Default
Remote ARP learning is enabled for VXLANs.
Views
System view
Predefined user roles
network-admin
Usage guidelines
By default, the device learns ARP information of remote VMs from packets received on VXLAN tunnel interfaces. To save resources on VTEPs in an SDN transport network, you can temporarily disable remote ARP learning when the controller and VTEPs are synchronizing entries. After the entry synchronization is completed, use the undo vxlan tunnel arp-learning disable command to enable remote ARP learning.
As a best practice, disable remote ARP learning for VXLANs only when the controller and VTEPs are synchronizing entries.
Examples
# Disable remote ARP learning for VXLANs.
<Sysname> system
[Sysname] vxlan tunnel arp-learning disable
vxlan tunnel mac-learning disable
Use vxlan tunnel mac-learning disable to disable remote-MAC address learning.
Use undo vxlan tunnel mac-learning disable to enable remote-MAC address learning.
Syntax
vxlan tunnel mac-learning disable
undo vxlan tunnel mac-learning disable
Default
Remote-MAC address learning is enabled.
Views
System view
Predefined user roles
network-admin
Usage guidelines
When network attacks occur, use this command to prevent the device from learning incorrect remote MAC addresses in the data plane.
Examples
# Disable remote-MAC address learning.
<Sysname> system-view
[Sysname] vxlan tunnel mac-learning disable
vxlan tunnel nd-learning disable
Use vxlan tunnel nd-learning disable to disable remote ND learning for VXLANs.
Use undo vxlan tunnel nd-learning disable to enable remote ND learning for VXLANs.
Syntax
vxlan tunnel nd-learning disable
undo vxlan tunnel nd-learning disable
Default
Remote ND learning is enabled for VXLANs.
Views
System view
Predefined user roles
network-admin
Usage guidelines
By default, the device learns ND information of remote VMs from packets received on VXLAN tunnel interfaces. To save resources on VTEPs in an SDN transport network, you can temporarily disable remote ND learning when the controller and VTEPs are synchronizing entries. After the entry synchronization is completed, use the undo vxlan tunnel nd-learning disable command to enable remote ND learning.
As a best practice, disable remote ND learning for VXLANs only when the controller and VTEPs are synchronizing entries.
Examples
# Disable remote ND learning for VXLANs.
<Sysname> system
[Sysname] vxlan tunnel nd-learning disable
vxlan udp-port
Use vxlan udp-port to set the destination UDP port number for VXLAN packets.
Use undo vxlan udp-port to restore the default.
Syntax
vxlan udp-port port-number
undo vxlan udp-port
Default
The destination UDP port number is 4789 for VXLAN packets.
Views
System view
Predefined user roles
network-admin
Parameters
port-number: Specifies a UDP port number in the range of 1 to 65535. As a best practice, specify a port number in the range of 1024 to 65535 to avoid conflict with well-known ports.
Usage guidelines
You must configure the same destination UDP port number on all VTEPs in a VXLAN.
Examples
# Set the destination UDP port number to 6666 for VXLAN packets.
<Sysname> system-view
[Sysname] vxlan udp-port 6666
xconnect vsi
Use xconnect vsi to map an AC to a VSI.
Use undo xconnect vsi to restore the default.
Syntax
xconnect vsi vsi-name [ access-mode { ethernet | vlan } ] [ track track-entry-number&<1-3> ]
undo xconnect vsi
Default
An AC is not mapped to any VSI.
Views
Ethernet service instance view
Interface view
Predefined user roles
network-admin
Parameters
vsi-name: Specifies the VSI name, a case-sensitive string of 1 to 31 characters.
access-mode: Specifies an access mode. The default access mode varies by AC type.
· If the AC is a Layer 3 interface or subinterface, the default access mode is as follows:
¡ For a Layer 3 interface, the default access mode is Ethernet.
¡ For a Layer 3 subinterface, the default access mode is VLAN.
· If the AC is an Ethernet service instance, the default access mode is VLAN.
ethernet: Specifies the Ethernet access mode.
vlan: Specifies the VLAN access mode.
track track-entry-number&<1-3>: Specifies a space-separated list of up to three track entry numbers in the range of 1 to 1024. The AC is up only if a minimum of one associated track entry is in positive state.
Usage guidelines
To monitor the status of an AC, associate it with track entries.
To configure this command for an Ethernet service instance, you must first use the encapsulation command to add a traffic match criterion to the service instance.
For traffic that matches an AC of a VSI, the system uses the VSI's MAC address table to make a forwarding decision.
The access mode determines how a VTEP processes the 802.1Q VLAN tags in the inner Ethernet frames assigned to the VSI.
· VLAN access mode—Ethernet frames received from or sent to the local site must contain 802.1Q VLAN tags.
¡ For an Ethernet frame received from the local site, the VTEP removes all its 802.1Q VLAN tags before forwarding the frame.
¡ For an Ethernet frame destined for the local site, the VTEP adds 802.1Q VLAN tags to the frame before forwarding the frame.
In VLAN access mode, VXLAN packets sent between VXLAN sites do not contain 802.1Q VLAN tags. VXLAN can provide Layer 2 connectivity for different 802.1Q VLANs between sites. You can use different 802.1Q VLANs to provide the same service in different sites.
· Ethernet access mode—The VTEP does not process the 802.1Q VLAN tags of Ethernet frames received from or sent to the local site.
¡ For an Ethernet frame received from the local site, the VTEP forwards the frame with the 802.1Q VLAN tags intact.
¡ For an Ethernet frame destined for the local site, the VTEP forwards the frame without adding 802.1Q VLAN tags.
In Ethernet access mode, VXLAN packets sent between VXLAN sites contain 802.1Q VLAN tags. VXLAN cannot provide Layer 2 connectivity for different 802.1Q VLANs between sites. You must use the same 802.1Q VLAN to provide the same service between sites.
After you modify the access mode on a Layer 3 subinterface AC, local VMs that access the VXLAN network through the subinterface cannot communicate with remote VMs. To resolve this issue, you must clear the ARP entries on the local VMs or configure them to periodically send gratuitous ARP packets.
Examples
# Map Ten-GigabitEthernet 3/0/1 to VSI vpn1.
<Sysname> system-view
[Sysname] vsi vpn1
[Sysname-vsi-vpn1] quit
[Sysname] interface ten-gigabitethernet 3/0/1
[Sysname-Ten-GigabitEthernet3/0/1] xconnect vsi vpn1
Related commands
display l2vpn interface
display l2vpn service-instance
encapsulation
vsi
VXLAN IP gateway commands
arp distributed-gateway dynamic-entry synchronize
Use arp distributed-gateway dynamic-entry synchronize to enable dynamic ARP entry synchronization for distributed VXLAN IP gateways.
Use undo arp distributed-gateway dynamic-entry synchronize to disable dynamic ARP entry synchronization for distributed VXLAN IP gateways.
Syntax
arp distributed-gateway dynamic-entry synchronize
undo arp distributed-gateway dynamic-entry synchronize
Default
Dynamic ARP entry synchronization is disabled for distributed VXLAN IP gateways.
Views
System view
Predefined user roles
network-admin
Usage guidelines
When local proxy ARP is enabled on distributed VXLAN IP gateways, each gateway learns ARP information independently. A gateway does not forward ARP packets destined for it to other gateways. For distributed VXLAN IP gateways to have the same ARP entries, you must enable dynamic ARP entry synchronization.
A controller or the EVPN feature can also synchronize ARP entries among distributed VXLAN IP gateways. When you use a controller or EVPN, do not enable dynamic ARP entry synchronization.
Examples
# Enable dynamic ARP entry synchronization for distributed VXLAN IP gateways.
<Sysname> system-view
[Sysname] arp distributed-gateway dynamic-entry synchronize
Related commands
distributed-gateway local
local-proxy-arp enable (Layer 3—IP Services Command Reference)
arp send-rate
Use arp send-rate to set an ARP packet sending rate limit for a VSI interface.
Use undo arp send-rate to remove the ARP packet sending rate limit for a VSI interface.
Syntax
arp send-rate pps
undo arp send-rate
Default
The ARP packet sending rate is not limited for a VSI interface.
Views
VSI interface view
Predefined user roles
network-admin
Parameters
pps: Specifies a rate limit in the range of 1 to 500 pps.
Usage guidelines
VMs have limited capacity to process packets. To prevent packet processing from degrading VM performance, limit the ARP packet sending rate of the VSI interface for VMs. The VTEP will drop excess ARP packets if the rate limit is exceeded.
Examples
# Set the ARP packet sending rate limit to 50 pps for VSI-interface 1.
<Sysname> system
[Sysname] interface vsi-interface 1
[Sysname-Vsi-interface1] arp send-rate 50
bandwidth
Use bandwidth to set the expected bandwidth for a VSI interface or VSI subinterface.
Use undo bandwidth to restore the default.
Syntax
bandwidth bandwidth-value
undo bandwidth
Default
The expected bandwidth (in kbps) equals the interface baudrate divided by 1000.
Views
VSI interface view
Predefined user roles
network-admin
Parameters
bandwidth-value: Specifies the expected bandwidth, in the range of 1 to 400000000 kbps.
Usage guidelines
The expected bandwidth is an informational parameter used only by higher-layer protocols for calculation. You cannot adjust the actual bandwidth of an interface by using this command.
Examples
# Set the expected bandwidth to 10000 kbps for VSI-interface 100.
<Sysname> system-view
[Sysname] interface vsi-interface 100
[Sysname-Vsi-interface100] bandwidth 10000
default
Use default to restore the default settings for a VSI interface or VSI subinterface.
Syntax
default
Views
VSI interface view
Predefined user roles
network-admin
Usage guidelines
CAUTION: The default command might interrupt ongoing network services. Make sure you are fully aware of the impact of this command when you use it on a live network. |
This command might fail to restore the default settings for some commands for reasons such as command dependencies and system restrictions.
To resolve this problem:
1. Use the display this command in interface view to identify these commands.
2. Use their undo forms or follow the command reference to restore their default settings.
3. If the restoration attempt still fails, follow the error message instructions to resolve the problem.
Examples
# Restore the default settings for VSI-interface 100.
<Sysname> system-view
[Sysname] interface vsi-interface 100
[Sysname-Vsi-interface100] default
This command will restore the default settings. Continue? [Y/N]:y
description
Use description to configure the description of a VSI interface or VSI subinterface.
Use undo description to restore the default.
Syntax
description text
undo description
Default
The description of a VSI interface or VSI subinterface is interface-name plus Interface (for example, Vsi-interface100 Interface).
Views
VSI interface view
Predefined user roles
network-admin
Parameters
text: Specifies a description, a case-sensitive string of 1 to 255 characters.
Examples
# Configure the description as gateway for VXLAN 10 for VSI-interface 100.
<Sysname> system-view
[Sysname] interface vsi-interface 100
[Sysname-Vsi-interface100] description gateway for VXLAN 10
display interface vsi-interface
Use display interface vsi-interface to display information about VSI interfaces.
Syntax
display interface [ vsi-interface [ vsi-interface-id ] ] [ brief [ description | down ] ]
Views
Any view
Predefined user roles
network-admin
network-operator
Parameters
vsi-interface [ vsi-interface-id ]: Specifies VSI interface information. If you do not specify the vsi-interface [ vsi-interface-id ] option, this command displays information about all interfaces. If you specify only the vsi-interface keyword, this command displays information about all VSI interfaces. If you specify a VSI interface by its number, this command displays information about the specified interface. Make sure the specified VSI interface has been created on the device.
brief: Display brief interface information. If you do not specify this keyword, the command displays detailed interface information.
description: Displays complete interface descriptions. If you do not specify this keyword, the command displays only the first 27 characters of interface descriptions.
down: Displays interfaces that are physically down as well as the down reason. If you do not specify this keyword, the command does not filter output by physical interface state.
Examples
# Display information about VSI-interface 100.
<Sysname> display interface vsi-interface 100
Vsi-interface100
Current state: UP
Line protocol state: UP
Description: Vsi-interface100 Interface
Bandwidth: 1000000 kbps
Maximum transmission unit: 1500
Internet address: 10.1.1.1/24 (primary)
IP packet frame type: Ethernet II, hardware address: 0011-2200-0102
IPv6 packet frame type: Ethernet II, hardware address: 0011-2200-0102
Physical: Unknown, baudrate: 1000000 kbps
Last clearing of counters: Never
Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Input: 0 packets, 0 bytes, 0 drops
Output: 0 packets, 0 bytes, 0 drops
Table 12 Command output
Field |
Description |
Current state |
Physical link state of the interface: · Administratively DOWN—The interface has been shut down by using the shutdown command. · DOWN—The interface is administratively up, but its physical state is down. · UP—The interface is both administratively and physically up. |
Line protocol state |
Data link layer state of the interface: · UP—The data link layer protocol is up. · UP(spoofing)—The data link layer protocol is up, but the link is an on-demand link or does not exist. · DOWN—The data link layer protocol is down. |
Description |
Description of the interface. |
Bandwidth |
Expected bandwidth of the interface. |
Maximum transmission unit |
MTU of the interface. |
Internet protocol processing: Disabled |
The interface is not assigned an IP address and cannot process IP packets. |
Internet address |
IP address of the interface. The primary attribute indicates that the address is the primary IP address. |
IP packet frame type |
IPv4 packet framing format. |
hardware address |
MAC address. |
IPv6 packet frame type |
IPv6 packet framing format. |
Physical |
Physical type of the interface, which is fixed at Unknown. |
baudrate |
Interface baudrate in kbps. |
Last clearing of counters |
Last time when the reset counters interface command was used to clear interface statistics. This field displays Never if the reset counters interface command has never been used on the interface since the device startup. |
Last 300 seconds input rate |
Average input rate for the last 300 seconds. |
Last 300 seconds output rate |
Average output rate for the last 300 seconds. |
Input: 0 packets, 0 bytes, 0 drops |
Incoming traffic statistics on the interface: · Number of incoming packets. · Number of incoming bytes. · Number of dropped incoming packets. |
Output: 0 packets, 0 bytes, 0 drops |
Outgoing traffic statistics on the interface: · Number of outgoing packets. · Number of outgoing bytes. · Number of dropped outgoing packets. |
# Display brief information about all VSI interfaces.
<Sysname> display interface vsi-interface brief
Brief information on interfaces in route mode:
Link: ADM - administratively down; Stby - standby
Protocol: (s) - spoofing
Interface Link Protocol Primary IP Description
Vsi100 DOWN DOWN --
# Display brief information and complete description for VSI-interface 100.
<Sysname> display interface vsi-interface 100 brief description
Brief information on interfaces in route mode:
Link: ADM - administratively down; Stby - standby
Protocol: (s) - spoofing
Interface Link Protocol Primary IP Description
Vsi100 UP UP 1.1.1.1 VSI-interface100
# Displays interfaces that are physically down and the down reason.
<Sysname> display interface brief down
Brief information on interfaces in route mode:
Link: ADM - administratively down; Stby - standby
Interface Link Cause
Vsi100 DOWN Administratively
Vsi200 DOWN Administratively
Table 13 Command output
Field |
Description |
Interface |
Abbreviated interface name. |
Link |
Physical link state of the interface: · UP—The interface is physically up. · DOWN—The interface is physically down. · ADM—The interface has been shut down by using the shutdown command. To restore the physical state of the interface, use the undo shutdown command. · Stby—The interface is a backup interface in standby state. |
Protocol |
Data link layer protocol state of the interface: · UP—The data link layer protocol of the interface is up. · UP (s)—The data link layer protocol of the interface is up, but the link is an on-demand link or does not exist. The (s) attribute represents the spoofing flag. · DOWN—The data link layer protocol of the interface is down. |
Primary IP |
Primary IP address of the interface. This field displays two hyphens (--) if the interface does not have an IP address. |
Description |
Description of the interface. |
Cause |
Cause for the physical link state of an interface to be DOWN: · Administratively—The interface has been manually shut down by using the shutdown command. To restore the physical state of the interface, use the undo shutdown command. · Not connected—The interface is not mapped to any VSI, or the mapped VSI does not have any AC or PW. |
Related commands
reset counters interface vsi-interface
distributed-gateway local
Use distributed-gateway local to specify a VSI interface as a distributed gateway to provide services for the local site.
Use undo distributed-gateway local to restore the default.
Syntax
distributed-gateway local
undo distributed-gateway local
Default
A VSI interface is not a distributed gateway.
Views
VSI interface view
Predefined user roles
network-admin
Usage guidelines
If a VXLAN uses distributed gateway services, you must assign the same IP address to the VXLAN's VSI interfaces on different VTEPs. To avoid IP address conflicts, you must specify the VSI interface on each VTEP as a distributed gateway.
Examples
# Specify VSI-interface 100 as a distributed gateway.
<Sysname> system-view
[Sysname] interface vsi-interface 100
[Sysname-Vsi-interface100] distributed-gateway local
gateway subnet
Use gateway subnet to assign a subnet to a VSI.
Use undo gateway subnet to remove a subnet from a VSI.
Syntax
gateway subnet { ipv4-address wildcard-mask | ipv6-address prefix-length }
undo gateway subnet { ipv4-address wildcard-mask | ipv6-address prefix-length }
Default
No subnet is assigned to a VSI.
Views
VSI view
Predefined user roles
network-admin
Parameters
ipv4-address: Specifies an IPv4 subnet address in dotted-decimal notation.
wildcard-mask: Specifies a wildcard mask in dotted decimal notation. In contrast to a network mask, the 0 bits in a wildcard mask represent "do care" bits, and the 1 bits represent "don't care" bits. If the "do care" bits in a packet's IP address are identical to the "do care" bits in the specified subnet address, the packet is assigned to the VSI. All "don't care" bits are ignored. The 0s and 1s in a wildcard mask can be noncontiguous. For example, 0.255.0.255 is a valid wildcard mask.
ipv6-address prefix-length: Specifies an IPv6 subnet address and the address prefix length in the range of 1 to 128.
Usage guidelines
You must execute this command on VSIs that share a gateway interface. This command enables the VSI interface to identify the VSI of a packet.
You must specify a gateway interface for a VSI before you can assign subnets to the VSI. If you remove the gateway interface from the VSI, the VSI's subnet settings are automatically deleted.
For VSIs that share a gateway interface, the subnets must be unique.
Examples
# Assign subnet 100.0.10.0/24 to VSI vxlan.
<Sysname> system-view
[Sysname] vsi vxlan
[Sysname-vsi-vxlan] gateway subnet 100.0.10.0 0.0.0.255
gateway vsi-interface
Use gateway vsi-interface to specify a gateway interface for a VSI.
Use undo gateway vsi-interface to restore the default.
Syntax
gateway vsi-interface vsi-interface-id
undo gateway vsi-interface
Default
No gateway interface is specified for a VSI.
Views
VSI view
Predefined user roles
network-admin
Parameters
vsi-interface-id: Specifies a VSI interface by its number. The value range for this argument is 1 to 32766.
Usage guidelines
A VSI can have only one gateway interface.
For multiple VSIs to share a VSI interface, you must assign IP addresses of different subnets to the VSI interface and specify a subnet for each VSI. If the IP addresses of a VSI interface belong to the same subnet, the VSI interface can be assigned only to one VSI.
Examples
# Specify VSI-interface 100 as the gateway interface for VSI vpna.
<Sysname> system-view
[Sysname] vsi vpna
[Sysname-vsi-vpna] gateway vsi-interface 100
Related commands
interface vsi-interface
interface vsi-interface
Use interface vsi-interface to create a VSI interface and enter its view, or enter the view of an existing VSI interface.
Use undo interface vsi-interface to delete a VSI interface.
Syntax
interface vsi-interface vsi-interface-id
undo interface vsi-interface vsi-interface-id
Default
No VSI interfaces exist.
Views
System view
Predefined user roles
network-admin
Parameters
vsi-interface-id: Specifies a VSI interface number. The value range for this argument is 1 to 32766.
Examples
# Create VSI-interface 100 and enter VSI interface view.
<Sysname> system-view
[Sysname] interface vsi-interface 100
[Sysname-Vsi-interface100]
Related commands
gateway vsi-interface
ipv6 nd distributed-gateway dynamic-entry synchronize
Use ipv6 nd distributed-gateway dynamic-entry synchronize to enable dynamic ND entry synchronization for distributed VXLAN IP gateways.
Use undo ipv6 nd distributed-gateway dynamic-entry synchronize to disable dynamic ND entry synchronization for distributed VXLAN IP gateways.
Syntax
ipv6 nd distributed-gateway dynamic-entry synchronize
undo ipv6 nd distributed-gateway dynamic-entry synchronize
Default
Dynamic ND entry synchronization is disabled for distributed VXLAN IP gateways.
Views
System view
Predefined user roles
network-admin
Usage guidelines
When local ND proxy is enabled on distributed VXLAN IP gateways, each gateway learns ND information independently. A gateway does not forward ND packets destined for its local VSI interfaces to other gateways. For distributed VXLAN IP gateways to have the same ND entries, you must enable dynamic ND entry synchronization.
A controller or the EVPN feature can also synchronize ND entries among distributed VXLAN IP gateways. When you use a controller or the EVPN feature, do not enable dynamic ND entry synchronization.
Examples
# Enable dynamic ND entry synchronization for distributed VXLAN IP gateways.
<Sysname> system-view
[Sysname] ipv6 nd distributed-gateway dynamic-entry synchronize
Related commands
distributed-gateway local
local-proxy-nd enable (Layer 3—IP Services Command Reference)
mac-address
Use mac-address to assign a MAC address to a VSI interface or VSI subinterface.
Use undo mac-address to restore the default.
Syntax
mac-address mac-address
undo mac-address
Default
The MAC address of a VSI interface is the bridge MAC address plus 2.
Views
VSI interface view
Predefined user roles
network-admin
Parameters
mac-address: Specifies a MAC address in H-H-H format.
Examples
# Assign MAC address 0001-0001-0001 to VSI-interface 100.
<Sysname> system-view
[Sysname] interface vsi-interface 100
[Sysname-Vsi-interface100] mac-address 1-1-1
mtu
Use mtu to set the MTU for a VSI interface or VSI subinterface.
Use undo mtu to restore the default.
Syntax
mtu size
undo mtu
Default
The MTU of a VSI interface is 1500 bytes.
Views
VSI interface view
Predefined user roles
network-admin
Parameters
size: Specifies an MTU value in the range of . The value range for this argument varies by device model bytes.
Usage guidelines
When you set the MTU of a VSI interface, you can specify the spread keyword to issue the MTU setting to all its subinterfaces. If you do not specify the spread keyword, the MTU setting takes effect only on the VSI interface.
On a VSI subinterface, the MTU set in subinterface view takes precedence over the MTU inherited from the main interface.
Examples
# Set the MTU to 1430 bytes for VSI-interface 100.
<Sysname> system-view
[Sysname] interface vsi-interface 100
[Sysname-Vsi-interface100] mtu 1430
reset counters interface vsi-interface
Use reset counters interface vsi-interface to clear packet statistics on VSI interfaces.
Syntax
reset counters interface [ vsi-interface [ vsi-interface-id ] ]
Views
User view
Predefined user roles
network-admin
Parameters
vsi-interface [ vsi-interface-id ]: Specifies VSI interface information. If you do not specify the vsi-interface [ vsi-interface-id ] option, this command clears packet statistics on all interfaces. If you specify only the vsi-interface keyword, this command clears packet statistics on all VSI interfaces. If you specify a VSI interface by its number, this command clears packet statistics on the specified interface. Make sure the specified VSI interface has been created on the device.
Usage guidelines
Use this command to clear history statistics before you collect traffic statistics for a time period.
Examples
# Clear packet statistics on VSI-interface 100.
<Sysname> reset counters interface vsi-interface 100
Related commands
display interface vsi-interface
shutdown
Use shutdown to shut down a VSI interface or VSI subinterface.
Use undo shutdown to bring up a VSI interface or VSI subinterface.
Syntax
shutdown
undo shutdown
Default
A VSI interface is not manually shut down.
Views
VSI interface view
Predefined user roles
network-admin
Usage guidelines
CAUTION: If you shut down a VSI interface, the VXLAN network using this VSI interface as the gateway will be unable to communicate with other networks at Layer 3. Make sure you are fully aware of the impact of this command when you use it on a live network. |
Examples
# Shut down VSI-interface 100.
<Sysname> system-view
[Sysname] interface vsi-interface 100
[Sysname-Vsi-interface100] shutdown
vtep group member local
Use vtep group member local to assign the local VTEP to a VTEP group.
Use undo vtep group member local to remove the local VTEP from a VTEP group.
Syntax
vtep group group-ip member local member-ip
undo vtep group group-ip member local
Default
A VTEP is not assigned to any VTEP group.
Views
System view
Predefined user roles
network-admin
Parameters
group-ip: Specifies a VTEP group by its group IP address. The IP address must already exist on the local VTEP.
member-ip: Specifies the member VTEP IP address for the local VTEP. The IP address must already exist on the local VTEP.
Usage guidelines
Member VTEPs in a VTEP group cannot use the group IP address or share an IP address.
Examples
# Assign the local VTEP to VTEP group 1.1.1.1, and specify 2.2.2.2 as the member VTEP IP address of the local VTEP.
<Sysname> system-view
[Sysname] vtep group 1.1.1.1 member local 2.2.2.2
Related commands
vtep group member remote
vtep group member remote
Use vtep group member remote to specify a VTEP group and its member VTEPs.
Use undo vtep group member remote to remove a VTEP group and its member VTEPs.
Syntax
vtep group group-ip member remote member-ip&<1-8>
undo vtep group group-ip member remote
Default
No VTEP group is specified.
Views
System view
Predefined user roles
network-admin
Parameters
group-ip: Specifies a VTEP group by its group IP address.
member-ip&<1-8>: Specifies a space-separated list of up to eight member VTEP IP addresses.
Examples
# Specify VTEP group 1.1.1.1 and its member VTEPs at 2.2.2.2, 3.3.3.3, and 4.4.4.4.
<Sysname> system-view
[Sysname] vtep group 1.1.1.1 member remote 2.2.2.2 3.3.3.3 4.4.4.4
Related commands
vtep group member local