Contents

mGRE commands· 1

display mgre session· 1

display nhrp history-map· 4

display nhrp map· 5

display nhrp statistics· 7

nhrp authentication· 8

nhrp dscp· 9

nhrp holdtime· 10

nhrp network-id· 10

nhrp nhs· 11

nhrp registration no-unique· 12

nhrp registration time-out 12

nhrp server-only· 13

reset mgre session· 14

reset mgre statistics· 14

reset nhrp history-map· 15

reset nhrp statistics· 15

 

mGRE commands

display mgre session

Use display mgre session to display mGRE session information.

Syntax

display mgre session [ interface tunnel interface-number [ peer ipv4-address ] ] [ verbose ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

interface tunnel interface-number: Specifies an mGRE tunnel interface by its number. The value range for the interface-number argument is 0 to 10239. If you do not specify this option, the command displays mGRE session information for all mGRE tunnel interfaces.

peer ipv4-address: Specifies a peer public address. If you do not specify this option, the command displays all mGRE session information for the specified mGRE tunnel interface.

verbose: Displays detailed information about IPv4 mGRE sessions. If you do not specify this keyword, the command displays brief information about mGRE sessions.

Usage guidelines

If you do not specify any parameters, this command displays brief information about all mGRE sessions on all tunnel interfaces.

Examples

# Display brief information about all mGRE sessions.

<Sysname> display mgre session

Interface        : Tunnel1

Number of sessions: 2

Peer NBMA address  Peer protocol address    Type   State         State duration

10.0.0.3           192.168.180.136          C-S    Succeeded     00:30:01

10.0.1.4           192.168.180.137          C-C    Establishing  00:30:02

# Display brief information about the mGRE session with the specified peer address.

<Sysname> display mgre session interface tunnel 1 peer 10.0.0.3

Interface         : Tunnel1

Number of sessions: 1

Peer NBMA address  Peer protocol address    Type   State       State duration

10.0.0.3           192.168.180.136          C-S    Succeeded   00:30:01

Table 1 Command output

Field	Description
Interface	Name of the mGRE tunnel interface.
Number of sessions	Total number of mGRE sessions on the tunnel interface.
Peer NBMA address	Public address of the peer.
Peer protocol address	IP address of the peer tunnel interface.
Type	mGRE session type: ·     C-S—The local end is an NHC, and the peer end is the NHS. ·     C-C—Both the local and peer ends are NHCs. ·     UNKNOWN—The local end is an NHC, and the peer end type is unknown.
State	mGRE session state: ·     Succeeded. ·     Establishing.
State duration	Duration of the current session state, in the format of hh:mm:ss.

 

# Display detailed information about all mGRE sessions.

<Sysname> display mgre session verbose

Interface         : Tunnel1

Link protocol     : GRE

Number of sessions: 2

  Peer NBMA address    : 10.0.1.3

  Peer protocol address: 192.168.180.136

  Session type         : C-S

  State                : Succeeded

  State duration       : 00:30:01

  Input : 2201 packets, 218 data packets, 3 control packets

          2191 multicasts, 0 errors

  Output: 2169 packets, 2168 data packets, 1 control packets

          2163 multicasts, 0 errors

 

  Peer NBMA address    : 10.0.1.4

  Peer protocol address: 192.168.180.137

  Session type         : C-S

  State                : Succeeded

  State duration       : 00:31:01

  Input : 1 packets, 0 data packets, 1 control packets

          0 multicasts, 0 errors

  Output: 16 packets, 0 data packets, 16 control packets

          0 multicasts, 0 errors

 

Interface         : Tunnel2

Link protocol     : IPsec-GRE

Number of sessions: 1

  Peer NBMA address     : 20.0.0.3

  Peer protocol address : 192.168.181.137

  Behind NAT            : No

  Session type          : C-C

  SA's SPI              :

      Inbound : 187199087 (0xb286e6f) [ESP]

      Outbound: 3562274487 (0xd453feb7) [ESP]

  State                 : Establishing

  State duration        : 00:31:01

  Input : 0 packets, 0 data packets, 0 control packets

         0 multicasts, 0 errors

  Output: 1 packets, 0 data packets, 1 control packets

         0 multicasts, 0 errors

Table 2 Command output

Field	Description
Interface	Name of the mGRE tunnel interface.
Link protocol	Encapsulation protocol used by the mGRE tunnel: ·     GRE. ·     IPsec-GRE.
Number of sessions	Total number of mGRE sessions on the tunnel interface.
Peer NBMA address	Public address of the peer.
Peer protocol address	IP address of the peer tunnel interface.
SA's SPI	SPI of the inbound and outbound SAs. This field is available when the mGRE tunnel is carried over IPsec.
Behind NAT	Whether the peer NHC has traversed a NAT device.
Session type	mGRE session type: ·     C-S—The local end is an NHC, and the peer end is the NHS. ·     C-C—Both the local and peer ends are NHCs.
State	mGRE session state: ·     Succeeded. ·     Establishing.
State duration	Duration of the current session state, in the format of hh:mm:ss.
Input	Statistics on received packets: ·     packets—Total number of packets. ·     data packets—Number of data packets. ·     control packets—Number of control packets. ·     multicasts—Number of multicast packets. ·     errors—Number of error packets.
Output	Statistics on sent packets: ·     packets—Total number of packets. ·     data packets—Number of data packets. ·     control packets—Number of control packets. ·     multicasts—Number of multicast packets. ·     errors—Number of error packets.

 

Related commands

reset mgre session

display nhrp history-map

Use display nhrp history-map to display NHRP mapping entries that were cleared or have expired.

Syntax

display nhrp history-map [ count count-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

count count-number: Displays the specified number of NHRP mapping entries that were cleared or have expired. The value range for the count-number argument is 1 to 2000. If you do not specify this option, the command displays all NHRP mapping entries that were cleared or have expired.

Usage guidelines

Use this command to display the following NHRP mapping entries:

·     NHRP mapping entries that were cleared by using the reset nhrp dynamic map command.

·     NHRP mapping entries that have expired because their storage time exceeded the value set by using the nhrp holdtime command.

The display nhrp history-map command can display a maximum of 2000 entries. A new entry will overwrite the oldest entry for this command when the maximum number is reached.

Examples

# Display the most recent two NHRP mapping entries that were cleared or have expired.

<Sysname> display nhrp history-map count 2

Number of off-line map: 1984. Alloc memory: 214272

Interface   : Tunnel634

  Destination/mask: 182.134.3.1/32

  Next hop        : 182.134.3.1

  Creation time   : Mon Apr 12 10:23:31 2022

  Delete time     : Mon Apr 12 13:04:28 2022

  Delete reason   : expire

  Hold time       : 7200

  Type            : dynamic

  NBMA address    : 20.1.1.1

Interface   : Tunnel311

  Destination/mask: 182.61.2.1/32

  Next hop        : 182.61.2.1

  Creation time   : Mon Apr 12 10:23:36 2022

  Delete time     : Mon Apr 12 13:04:23 2022

  Delete reason   : expire

  Hold time       : 7200

  Type            : dynamic

  NBMA address    : 20.1.1.1

Table 3 Command output

Field	Description
Number of off-line map	Number of recorded history NHRP mapping entries that were deleted.
Alloc memory	Amount of memory used by the entries, in bytes.
Interface	Name of an mGRE tunnel interface.
Destination/mask	Protocol address of an NHRP peer NHC.
Next hop	Tunnel address of the NHRP peer NHC.
Creation time	Time when the mapping entry was created.
Delete time	Time when the mapping entry was deleted.
Delete reason	Reason why the mapping entry was deleted: ·     Expire—The mapping entry holdtime expired. ·     Tunnel down—Exceptions occurred for the tunnel or public network. ·     Client purge—The NHC sent purge packets. ·     Unknown—Other unknown errors.
Hold time	Mapping entry holdtime, in seconds.
Type	Mapping entry type: ·     static—The entry is statically configured. ·     cached—The entry is dynamically obtained. ·     Incomplete—The entry is dynamic and incomplete. ·     dynamic—The entry is dynamically negotiated.
NBMA address	NBMA network address.

 

Related commands

display nhrp map

 

display nhrp map

Use display nhrp map to display information about NHRP mapping entries.

Syntax

display nhrp map [ interface tunnel interface-number [ peer ipv4-address ] ] [ verbose ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

interface tunnel interface-number: Specifies an mGRE tunnel interface by its number. The value range for the interface-number argument is 0 to 10239. If you do not specify this option, the command displays NHRP mapping table information for all mGRE tunnel interfaces.

peer ipv4-address: Specifies a peer public address. If you do not specify this option, the command displays NHRP mapping entries for all peers.

verbose: Displays detailed information about NHRP mapping entries. If you do not specify this keyword, the command displays brief information about NHRP mapping entries.

Usage guidelines

If you do not specify any parameters, this command displays brief information about all NHRP mapping entries.

Examples

# Display brief information about all NHRP mapping entries.

<Sysname> display nhrp map

Destination/mask   Next hop       NBMA address    Type     Interface

172.16.1.1/32      172.16.1.1     105.112.100.4   cached   Tunnel0

172.16.1.2/32      172.16.1.2     105.112.100.92  cached   Tunnel0

 

# Display detailed information about all NHRP mapping entries.

<Sysname> display nhrp map verbose

Interface   : Tunnel0

  Destination/mask    : 172.16.1.1/32

  Next hop            : 172.16.1.1

  Creation time       : 00:38:44

  Expiration time     : 01:21:15

  Type                : cached

  Flags               : unique up used

  NBMA address        : 105.112.100.4

 

Interface   : Tunnel0

  Destination/mask    : 172.16.1.2/32

  Next hop            : 172.16.1.2

  Creation time       : 00:25:53

  Expiration time     : 01:34:06

  Type                : cached

  Flags               : unique up used ipsec

  NBMA address        : 105.112.100.92

Table 4 Command output

Field	Description
Destination/mask	Destination tunnel interface address and mask.
Next hop	Next hop address to reach the destination network.
Creation time	Period of time for which the mapping entry has been created.
Expiration time	Period of time in which the mapping entry will expire.
Type	Mapping entry type: ·     static—The entry is statically configured. ·     cached—The entry is dynamically obtained. ·     Incomplete—The entry is dynamic and incomplete.
Flags	Mapping entry flags: ·     unique—The mapping entry in the registration request cannot be overwritten by a mapping entry that has the same private address and different public addresses. A client can register the new entry with the server only after the mapping entry on the server expires. ·     used—This mapping entry is used for packet forwarding. ·     up—This mapping entry can be used for packet forwarding. ·     ipsec—IPsec negotiation succeeded. Packets will be protected by IPsec. ·     init—Initialization state.

 

display nhrp statistics

Use display nhrp statistics to display NHRP packet statistics for a tunnel interface.

Syntax

display nhrp statistics [ interface tunnel interface-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

interface tunnel interface-number: Specifies an mGRE tunnel interface by its number. The value range for the interface-number argument is 0 to 10239. If you do not specify this option, the command displays NHRP packet statistics for all tunnel interfaces.

Examples

# Display NHRP packet statistics.

<Sysname> display nhrp statistics

Tunnel0:

  NHRP packets sent       : 815

    Resolution requests   : 15

    Resolution replies    : 1

    Registration requests : 0

    Registration replies  : 797

    Purge requests        : 2

    Purge replies         : 0

    Error indications     : 0

    Traffic indications   : 0

 

  NHRP packets received   : 1453

    Resolution requests   : 15

    Resolution replies    : 1

    Registration requests : 1435

    Registration replies  : 2

    Purge requests        : 0

    Purge replies         : 0

    Error indications     : 0

    Traffic indications   : 0

 

Tunnel1:

  NHRP packets sent       : 3

    Resolution Requests   : 0

    Resolution replies    : 0

    Registration requests : 0

    Registration replies  : 3

    Purge requests        : 0

    Purge replies         : 0

    Error indications     : 0

    Traffic indications   : 0

 

  NHRP packets received   : 3

    Resolution requests   : 0

    Resolution replies    : 0

    Registration requests : 3

    Registration replies  : 0

    Purge requests        : 0

    Purge replies         : 0

    Error indications     : 0

    Traffic indications   : 0

Related commands

reset nhrp statistics

nhrp authentication

Use nhrp authentication to configure an NHRP packet authentication key.

Use undo nhrp authentication to restore the default.

Syntax

nhrp authentication { cipher | simple } string

undo nhrp authentication

Default

No NHRP packet authentication key is configured. NHRP nodes do not authenticate NHRP packets received from each other.

Views

mGRE tunnel interface view

Predefined user roles

network-admin

Parameters

cipher: Specifies an authentication key in encrypted form.

simple: Specifies an authentication key in plaintext form. For security purposes, the key specified in plaintext form will be stored in encrypted form.

string: Specifies the key string. Its plaintext form is a case-sensitive string of 1 to 8 characters. Its encrypted form is a case-sensitive string of 1 to 41 characters.

Usage guidelines

After an NHRP packet authentication key is configured for a tunnel interface, the tunnel interface adds the key in packets sent to the peer. The tunnel interface also uses the key to authenticate NHRP packets it receives. If a packet fails the authentication, the packet will be dropped.

For mGRE tunnels to be established successfully, configure the same NHRP authentication key for all NHCs and NHSs in the same mGRE network.

Examples

# On interface Tunnel1, set the NHRP packet authentication key to 123456.

<Sysname> system-view

[Sysname] interface tunnel 1 mode mgre

[Sysname-Tunnel1] nhrp authentication simple 123456

nhrp dscp

Use nhrp dscp to specify a DSCP value for the outgoing NHRP packets on an NHS or NHC.

Use undo nhrp dscp to restore the default.

Syntax

nhrp dscp dscp-value

undo nhrp dscp

Default

The DSCP value is 48.

Views

mGRE tunnel interface view

Predefined user roles

network-admin

Parameters

dscp-value: Specifies a DSCP value in the range of 0 to 63.

Usage guidelines

In an mGRE scenario, if the DSCP value of NHRP packets is too small when network congestion occurs, the NHRP packets might be dropped. As a result, mGRE tunnel interruption occurs. You can use this command to adjust the DSCP value of NHRP packets to ensure that NHRP packets are preferentially transmitted.

Examples

# On tunnel interface Tunnel 1, configure the DSCP value of outgoing NHRP packets as 50.

<Sysname> system-view

[Sysname] interface tunnel 1 mode mgre

[Sysname-Tunnel1] nhrp dscp 50

nhrp holdtime

Use nhrp holdtime to configure the holdtime for NHRP mapping entries.

Use undo nhrp holdtime to restore the default.

Syntax

nhrp holdtime seconds

undo nhrp holdtime

Default

The holdtime of NHRP mapping entries is 7200 seconds.

Views

mGRE tunnel interface view

Predefined user roles

network-admin

Parameters

seconds: Specifies the holdtime in the range of 1 to 65535 seconds.

Usage guidelines

After the holdtime is configured, the local NHRP holdtime carried in outgoing packets is updated to the configured holdtime.

Examples

# On interface Tunnel1, set the holdtime of NHRP mapping entries to 600 seconds

<Sysname> system-view

[Sysname] interface tunnel 1 mode mgre

[Sysname-Tunnel1] nhrp holdtime 600

Related commands

interface tunnel (Layer 3—IP Services Command Reference)

nhrp network-id

Use nhrp network-id to configure an NHRP network ID for an mGRE tunnel.

Use undo nhrp network-id to restore the default.

Syntax

nhrp network-id number

undo nhrp network-id

Default

No NHRP network ID is configured for an mGRE tunnel.

Views

mGRE tunnel interface view

Predefined user roles

network-admin

Parameters

number: Specifies an NHRP network ID in the range of 1 to 4294967295.

Usage guidelines

A network ID is only locally significant. You can configure different NHRP network IDs for different tunnel interfaces on the device. The NHC and NHS can have different NHRP network IDs.

If you execute this command multiple times, the most recent configuration takes effect.

Examples

# Set the NHRP network ID to 10 for mGRE tunnel interface Tunnel1.

<Sysname> system-view

[Sysname] interface tunnel 1 mode mgre

[Sysname-Tunnel1] nhrp network-id 10

nhrp nhs

Use nhrp nhs to configure an NHS private-to-public address mapping.

Use undo nhrp nhs to delete an NHS private-to-public address mapping.

Syntax

nhrp nhs nhs-address nbma { dns-name | nbma-address }

undo nhrp nhs nhs-address nbma { dns-name | nbma-address }

Default

No NHS private-to-public address mappings are configured.

Views

mGRE tunnel interface view

Predefined user roles

network-admin

Parameters

nhs-address: Specifies the private address of an NHS.

dns-name: Specifies the public DNS name of the NHS, a case-sensitive string of 1 to 253 characters. The string cannot contain a space.

nbma-address: Specifies the public address (NBMA address) of the NHS.

Usage guidelines

You can execute this command multiple times to configure multiple NHSs for redundancy. If multiple NHSs are configured, NHCs register with all the NHSs.

If you execute this command multiple times for the same NHS private address, the most recently configured public address or DNS name takes effect.

Examples

# On interface Tunnel1, configure the NHS private address as 1.1.1.1 and public address as 120.1.1.120.

<Sysname> system-view

[Sysname] interface tunnel 1 mode mgre

[Sysname-Tunnel1] nhrp nhs 1.1.1.1 nbma 120.1.1.120

# On interface Tunnel 2, configure the NHS private address as 2.2.2.2 and public DNS name as dns.

<Sysname> system-view

[Sysname] interface tunnel 2 mode mgre

[Sysname-Tunnel1] nhrp nhs 2.2.2.2 nbma dns

Related commands

interface tunnel (Layer 3—IP Services Command Reference)

nhrp registration no-unique

Use nhrp registration no-unique to configure an NHC to include the no-unique flag into outgoing NHRP packets.

Use undo nhrp registration no-unique to restore the default.

Syntax

nhrp registration no-unique

undo nhrp registration no-unique

Default

An outgoing NHRP packet does not include the no-unique flag on an NHC.

Views

mGRE tunnel interface view

Predefined user roles

network-admin

Usage guidelines

When an NHC is registering NHRP information with an NHS, the NHS generates an NHRP mapping entry for the NHC. When the public address of the NHC is changed, the NHC reregisters its latest NHRP information with the NHS. As a result, NHRP mapping entry conflict occurs on the NHS for the NHC. The NHS denies the reregistration of the NHC.

To resolve the issue, use this command on the NHC. With this command, the NHC includes the no-unique flag into NHRP registration and response packets to notify the NHS to overwrite the conflicting NHRP mapping entry with the latest NHC information.

As a best practice to ensure successful NHC reregistration with an NHS in scenarios where the NHCs dynamically obtain addresses, for example, through DHCP, use this command on the NHCs.

Examples

# On tunnel interface Tunnel 1, configure mGRE tunnel registration packets to include the no-unique flag.

<Sysname> system-view

[Sysname] interface tunnel 1 mode mgre

[Sysname-Tunnel1] nhrp registration no-unique

nhrp registration time-out

Use nhrp registration time-out to set the interval at which an NHC sends NHRP registration packets.

Use undo nhrp registration time-out to restore the default.

Syntax

nhrp registration time-out seconds

undo nhrp registration time-out

Default

An NHC sends NHRP registration packets at intervals of 2400 seconds.

Views

mGRE tunnel interface view

Predefined user roles

network-admin

Parameters

seconds: Sets the NHRP registration interval, in seconds. The value range is 1 to 65535.

Usage guidelines

To prevent an NHS from failing to update NHC information in time after the public address of an NHC is modified or the NHRP mapping entry for an NHC on the NHS ages out, use this command on the NHC. To ensure that the NHS can update NHC information in time, make sure the interval at which the NHC sends registration packets is shorter than the holdtime of NHRP mapping entries on the NHS.

Examples

# On tunnel interface Tunnel 1, configure the device to send NHRP registration packets at intervals of 300 seconds.

<Sysname> system-view

[Sysname] interface tunnel 1 mode mgre

[Sysname-Tunnel1] nhrp registration time-out 300

Related commands

nhrp holdtime

nhrp server-only

Use nhrp server-only to enable the NHS-only feature.

Use undo nhrp server-only to disable the NHS-only feature.

Syntax

nhrp server-only

undo nhrp server-only

Default

The NHS-only feature is disabled.

Views

mGRE tunnel interface view

Predefined user roles

network-admin

Usage guidelines

When this feature is enabled, the device can act as only an NHS.

When this feature is enabled, the mappings configured by using the nhrp nhs command for an NHS cannot take effect. In addition, the device no longer sends registration request packets.

As a best practice, enable this feature only when the device only acts as an NHS.

Examples

# On Tunnel interface tunnel 1, enable the NHS-only feature.

<Sysname> system-view

[Sysname] interface tunnel 1 mode mgre

[Sysname-Tunnel1] nhrp server-only

reset mgre session

Use reset mgre session to reset dynamic mGRE sessions.

Syntax

reset mgre session [ interface tunnel interface-number [ peer ipv4-address ] ]

Views

User view

Predefined user roles

network-admin

Parameters

interface tunnel interface-number: Specifies an mGRE tunnel interface by its number. The value range for the interface-number argument is 0 to 10239. If you do not specify this option, the command resets dynamic mGRE sessions for all mGRE tunnel interfaces.

peer ipv4-address: Specifies a peer public address. If you do not specify this option, the command resets all dynamic mGRE sessions for the specified mGRE tunnel interface.

Usage guidelines

When an mGRE session is reset, the NHC reregisters with the NHS.

Examples

# Reset the mGRE sessions on interface Tunnel1.

<Sysname> reset mgre session interface tunnel 1

# Reset the mGRE session with peer address 202.12.12.12 on interface Tunnel1.

<Sysname> reset mgre session interface tunnel 1 peer 202.12.12.12

Related commands

display mgre session

reset mgre statistics

Use reset mgre statistics to clear mGRE session statistics.

Syntax

reset mgre statistics [ interface tunnel interface-number [ peer ipv4-address ] ]

Views

User view

Predefined user roles

network-admin

Parameters

interface tunnel interface-number: Specifies an mGRE tunnel interface by its number. The value range for the interface-number argument is 0 to 10239. If you do not specify this option, the command clears mGRE session statistics for all mGRE tunnel interfaces.

peer ipv4-address: Specifies a peer public address. If you do not specify this option, the command clears statistics about all mGRE sessions on the specified mGRE tunnel interface.

Examples

# Clear statistics about mGRE sessions on interface Tunnel1.

<Sysname> reset mgre statistics interface tunnel 1

# Clear statistics about the mGRE session with peer public address 192.168.1.200 on interface Tunnel1.

<Sysname> reset mgre statistics interface tunnel 1 peer 192.168.1.200

reset nhrp history-map

Use reset nhrp history-map to clear NHRP mapping entries recorded on the device.

Syntax

reset nhrp history-map

Views

User view

Predefined user roles

network-admin

Usage guidelines

Use this command to clear NHRP mapping entries recorded by the display nhrp history-map command.

Examples

# Clear NHRP mapping entries recorded on the device.

<Sysname> reset nhrp history-map

Related commands

display nhrp history-map

reset nhrp statistics

Use reset nhrp statistics to clear NHRP packet statistics.

Syntax

reset nhrp statistics [ interface tunnel interface-number ]

Views

User view

Predefined user roles

network-admin

Parameters

interface tunnel interface-number: Specifies an mGRE tunnel interface by its number. The value range for the interface-number argument is 0 to 10239. If you do not specify this option, the command clears NHRP packet statistics for all mGRE tunnel interfaces.

Examples

# Clear NHRP packet statistics for interface Tunnel1.

<Sysname> reset nhrp statistics interface tunnel 1

Related commands

display nhrp statistics