This feature snoops ARP packets to populate the ARP flood suppression table with local and remote MAC addresses. If an ARP request has a matching entry, the VTEP replies to the request on behalf of the VM. If no match is found, the VTEP floods the request to both local and remote sites.

Examples

# Enable ARP flood suppression for VSI vsi1.

<Sysname> system-view

[Sysname] vsi vsi1

[Sysname-vsi-vsi1] arp suppression enable

Related commands

display arp suppression vsi

reset arp suppression vsi

arp suppression mode

Use arp suppression mode to set the ARP flood suppression mode.

Use undo arp suppression mode to restore the default.

Syntax

arp suppression mode { proxy-reply | unicast-forward } [ mismatch-discard ]

undo arp suppression mode

Default

If ARP flood suppression is enabled, the default ARP flood suppression mode is proxy reply. In proxy reply mode, the device broadcasts the ARP requests that are not targeted at the device and do not match any ARP flood suppression entries.

Views

VSI view

Predefined user roles

network-admin

Parameters

proxy-reply: Specifies proxy reply mode. If an ARP request is not targeted at the device and matches an ARP flood suppression entry, the device replies to the ARP request on behalf of the target IP address. The ARP reply carries the following information:

· Sender IP address—Target IP address in the ARP request.

· Sender MAC address—MAC address in the matching ARP flood suppression entry.

· Source MAC address—MAC address in the matching ARP flood suppression entry.

unicast-forward: Specifies unicast forwarding mode. If an ARP request is not targeted at the device and matches an ARP flood suppression entry, the device acts as follows:

1. Replaces the target MAC address and destination MAC address in the ARP request with the MAC address in the entry.

2. Unicasts the ARP request.

mismatch-discard: Specifies mismatch discarding mode. In this mode, the device discards an ARP request that is not targeted at the device and does not match any ARP flood suppression entry. If you do not specify this keyword, the device will broadcast such an ARP request.

Usage guidelines

The device does not forward ARP requests in proxy reply mode, which decreases system resource consumption. Unicast forwarding mode reduces the ARP entry learning errors caused by the delay in refreshing ARP flood suppression entries at the expense of high system resource usage.

Examples

# Enable ARP flood suppression and set its mode to unicast forwarding on VSI vsi1.

<Sysname> system-view

[Sysname] vsi vsi1

[Sysname-vsi-vsi1] arp suppression enable

[Sysname-vsi-vsi1] arp suppression mode unicast-forward

Related commands

arp suppression enable

description

Use description to configure a description for a VSI.

Use undo description to restore the default.

Syntax

description text

undo description

Default

A VSI does not have a description.

Views

VSI view

Predefined user roles

network-admin

Parameters

text: Specifies a description, a case-sensitive string of 1 to 80 characters.

Examples

# Configure a description for VSI vpn1.

<Sysname> system-view

[Sysname] vsi vpn1

[Sysname-vsi-vpn1] description vsi for vpn1

Related commands

display l2vpn vsi

display arp suppression vsi

Use display arp suppression vsi to display ARP flood suppression entries.

Syntax

display arp suppression vsi [ name vsi-name ] [ slot slot-number ] [ count ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

name vsi-name: Specifies a VSI by its name, a case-sensitive string of 1 to 31 characters. If you do not specify a VSI, this command displays entries for all VSIs.

slot slot-number: Specifies the slot number of the device, which is fixd at 1.

count: Displays the number of ARP flood suppression entries that match the command.

Examples

# Display ARP flood suppression entries.

<Sysname> display arp suppression vsi

IP address MAC address VSI name Link ID Aging(min)

1.1.1.2 000f-e201-0101 vsi1 0x70000 14

1.1.1.3 000f-e201-0202 vsi1 0x80000 18

1.1.1.4 000f-e201-0203 vsi2 0x90000 10

# Display the number of ARP flood suppression entries.

<Sysname> display arp suppression vsi count

Total entries: 3

Table 1 Command output

Field	Description
Link ID	Link ID that uniquely identifies an AC or a VXLAN tunnel on a VSI.
Aging	Remaining lifetime (in minutes) of the ARP flood suppression entry. When the timer expires, the entry is deleted.

Related commands

arp suppression enable

reset arp suppression vsi

display ipv6 nd suppression vsi

Use display ipv6 nd suppression vsi to display ND flood suppression entries.

Syntax

display ipv6 nd suppression vsi [ name vsi-name ] [ slot slot-number ] [ count ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

name vsi-name: Specifies a VSI by its name, a case-sensitive string of 1 to 31 characters. If you do not specify a VSI, this command displays entries for all VSIs.

slot slot-number: Specifies the slot number of the device, which is fixed at 1.

count: Displays the number of ND flood suppression entries that match the command.

Examples

# Display ND flood suppression entries.

<Sysname> display ipv6 nd suppression vsi

IPv6 address MAC address VSI name Link ID Aging (min)

1000::2 000f-e201-0101 vsi1 0x70000 5

1000::3 000f-e201-0202 vsi1 0x80000 5

1000::4 000f-e201-0203 vsi2 0x90000 5

# Display the number of ND flood suppression entries.

<Sysname> display ipv6 nd suppression vsi count

Total entries: 3

Table 2 Command output

Field	Description
Link ID	Link ID that uniquely identifies an AC or a VXLAN tunnel on a VSI.
Aging (min)	Remaining lifetime (in minutes) of the ND flood suppression entry. When the timer expires, the entry is deleted.

Related commands

ipv6 nd suppression enable

reset ipv6 nd suppression vsi

display l2vpn m-lag arp

Use display l2vpn m-lag arp to display L2VPN ARP entries on an M-LAG member device.

Syntax

display l2vpn m-lag arp [ local | remote ] [ count | { public-instance | vpn-instance vpn-instance-name } [ count | ip-address ] ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

local: Specifies locally learned L2VPN ARP entries.

remote: Specifies M-LAG-synchronized L2VPN ARP entries.

count: Displays the number of L2VPN ARP entries. If you do not specify this keyword, the command displays detailed information about L2VPN ARP entries.

public-instance: Specifies the public instance.

vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters.

ip-address: Specifies an IPv4 address. If you do not specify an IPv4 address, this command displays all L2VPN ARP entries that match the specified criteria.

Usage guidelines

If you do not specify the local or remote keyword, this command displays both locally learned and M-LAG-synchronized L2VPN ARP entries.

If you do not specify the public-instance keyword or the vpn-instance vpn-instance-name option, this command displays L2VPN ARP entries for the public instance and all VPN instances.

Examples

# Display all L2VPN ARP entries on the local M-LAG member device.

<Sysname> display l2vpn m-lag arp

Flags: D – Dynamic L - Local R – Remote S – Static I - Invalid

VPN instance: vpn1 Interface: Vsi-interface1

IP address MAC address VSI index Link ID Flags

10.1.1.1 0003-0003-0003 0 0x1 DL

10.1.1.11 0001-0001-0001 0 0x1 DL

10.1.1.12 0001-0001-0011 0 0x2 DR

10.1.1.13 0001-0001-0021 0 0x2 DR

10.1.1.101 0001-0011-0101 0 0x1 SL

10.1.1.102 0001-0011-0102 0 0x1 SL

Public instance Interface: Vsi-interface2

IP address MAC address VSI index Link ID Flags

11.1.1.1 0033-0033-0033 0 0x1 DL

11.1.1.11 0011-0011-0011 0 0x1 DL

# Display the total number of L2VPN ARP entries on the local M-LAG member device.

<Sysname> display l2vpn m-lag arp count

Total number of entries: 8

Table 3 Command output

Field	Description
Interface	VSI interface.
Link ID	Link ID that uniquely identifies an AC or a VXLAN tunnel on a VSI.
Flags	ARP entry type: · D—The entry is a valid dynamically learned entry. · L—The entry is a valid local entry. · R—The entry is a valid M-LAG-synchronized entry. · S—The entry is a valid static entry. · I—The entry is invalid. Possible reasons: ¡ The VSI has been administratively shut down by using the shutdown command. ¡ The outgoing tunnel interface does not exist.

display l2vpn m-lag arp suppression

Use display l2vpn m-lag arp suppression to display L2VPN ARP flood suppression entries on an M-LAG member device.

Syntax

display l2vpn m-lag arp suppression [ local | remote ] [ count | vsi vsi-name [ count | ip-address ] ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

local: Specifies L2VPN ARP flood suppression entries that are learned locally.

remote: Specifies L2VPN ARP flood suppression entries that are synchronized by M-LAG.

count: Displays the number of L2VPN ARP flood suppression entries. If you do not specify this keyword, the command displays detailed information about L2VPN ARP flood suppression entries.

vsi vsi-name: Specifies a VSI name, a case-sensitive string of 1 to 31 characters. If you do not specify a VSI, this command displays L2VPN ARP flood suppression entries for all VSIs.

ip-address: Specifies an IPv4 address. If you do not specify an IPv4 address, this command displays all L2VPN ARP flood suppression entries that match the specified criteria.

Usage guidelines

If you do not specify the local or remote keyword, this command displays both locally learned and M-LAG-synchronized L2VPN ARP flood suppression entries.

Examples

# Display all L2VPN ARP flood suppression entries on the local M-LAG member device.

<Sysname> display l2vpn m-lag arp suppression

Flags: D - Dynamic L – Local R – Remote S - Static I – Invalid

VSI name: vpna

IP address MAC address Link ID Flags

10.1.1.12 0002-0002-0002 0x1 DL

10.1.1.13 0002-0002-0002 0x2 RI

10.1.1.101 0001-0011-0101 0x2 SR

# Display the total number of L2VPN ARP flood suppression entries on the local M-LAG member device.

<Sysname> display l2vpn m-lag arp suppression count

Total number of entries: 3

Table 4 Command output

Field	Description
Link ID	Link ID that uniquely identifies an AC or a VXLAN tunnel on a VSI.
Flags	ARP flood suppression entry type: · D—The entry is a valid dynamically learned entry. · L—The entry is a valid local entry. · R—The entry is a valid M-LAG-synchronized entry. · S—The entry is a valid static entry. · I—The entry is invalid. Possible reasons: ¡ The VSI has been administratively shut down by using the shutdown command. ¡ The outgoing tunnel interface does not exist.

Field

Description

Link ID

Link ID that uniquely identifies an AC or a VXLAN tunnel on a VSI.

Flags

ARP flood suppression entry type:

· D—The entry is a valid dynamically learned entry.

· L—The entry is a valid local entry.

· R—The entry is a valid M-LAG-synchronized entry.

· S—The entry is a valid static entry.

· I—The entry is invalid. Possible reasons:

¡ The VSI has been administratively shut down by using the shutdown command.

¡ The outgoing tunnel interface does not exist.

display l2vpn m-lag mac-address

Use display l2vpn m-lag mac-address to display L2VPN MAC address entries on an M-LAG member device.

Syntax

display l2vpn m-lag mac-address [ local | remote ] [ count | vsi vsi-name [ count | mac-address ] ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

local: Specifies L2VPN MAC address entries that are learned locally.

remote: Specifies L2VPN MAC address entries that are synchronized by M-LAG.

count: Displays the number of L2VPN MAC address entries. If you do not specify this keyword, the command displays detailed information about L2VPN MAC address entries.

vsi vsi-name: Specifies a VSI name, a case-sensitive string of 1 to 31 characters. If you do not specify a VSI, this command displays L2VPN MAC address entries for all VSIs.

mac-address: Specifies a MAC address. The MAC address is in the format of H-H-H. You can omit the consecutive zeros at the beginning of each segment. For example, you can enter f-e2-1 for 000f-00e2-0001. If you do not specify a MAC address, this command displays all L2VPN MAC address entries that match the specified criteria.

Usage guidelines

If you do not specify the local or remote keyword, this command displays both locally learned and M-LAG-synchronized L2VPN MAC address entries.

Examples

# Display all L2VPN MAC address entries on the local M-LAG member device.

<Sysname> display l2vpn m-lag mac-address

Flags: D – Dynamic L - Local R – Remote S – Static

VSI name: bbb

MAC address Link ID Interface Flags

0000-0000-000a 0x1 BAGG10 DL

0000-0000-0009 0x1 Tunnel1 DL

# Display the total number of L2VPN MAC address entries on the local M-LAG member device.

<Sysname> display l2vpn m-lag mac-address count

Total number of entries: 2

Table 5 Command output

Field	Description
Link ID	Link ID that uniquely identifies an AC or a VXLAN tunnel on a VSI.
Interface	Outgoing interface.
Flags	MAC address entry type: · D—The entry is a valid dynamically learned entry. · L—The entry is a valid local entry. · R—The entry is a valid M-LAG-synchronized entry. · S—The entry is a valid static entry.

display l2vpn m-lag nd

Use display l2vpn m-lag nd to display L2VPN ND entries on an M-LAG member device.

Syntax

display l2vpn m-lag nd [ local | remote ] [ count | { public-instance | vpn-instance vpn-instance-name } [ ipv6-address | count ] ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

local: Specifies locally learned L2VPN ND entries.

remote: Specifies M-LAG-synchronized L2VPN ND entries.

count: Displays the number of L2VPN ND entries. If you do not specify this keyword, the command displays detailed information about L2VPN ND entries.

public-instance: Specifies the public instance.

vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters.

ipv6-address: Specifies an IPv6 address. If you do not specify an IPv6 address, this command displays all L2VPN ND entries that match the specified criteria.

Usage guidelines

If you do not specify the local or remote keyword, this command displays both locally learned and M-LAG-synchronized L2VPN ND entries.

If you do not specify the public-instance keyword or the vpn-instance vpn-instance-name option, this command displays L2VPN ND entries for the public instance and all VPN instances.

Examples

# Display all L2VPN ND entries on the local M-LAG member device.

<Sysname> display l2vpn m-lag nd

Flags: D - Dynamic L – Local R – Remote S - Static I - Invalid

VPN instance: vpna Interface: Vsi-interface1

IPv6 address : 20::2

MAC address : 0001-0001-0001 Flags : DL

VSI index : 0 Link ID : 0x1

# Display the total number of L2VPN ND entries on the local M-LAG member device.

<Sysname> display l2vpn m-lag nd count

Total number of entries: 1

Table 6 Command output

Field	Description
Interface	VSI interface.
Flags	ND entry type: · D—The entry is a valid dynamically learned entry. · L—The entry is a valid local entry. · R—The entry is a valid M-LAG-synchronized entry. · S—The entry is a valid static entry. · I—The entry is invalid. Possible reasons: ¡ The VSI has been administratively shut down by using the shutdown command. ¡ The outgoing tunnel interface does not exist.
Link ID	Link ID that uniquely identifies an AC or a VXLAN tunnel on a VSI.

display l2vpn m-lag nd suppression

Use display l2vpn m-lag nd suppression to display L2VPN ND flood suppression entries on an M-LAG member device.

Syntax

display l2vpn m-lag nd suppression [ local | remote ] [ count | vsi vsi-name [ ipv6-address | count ] ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

local: Specifies L2VPN ND flood suppression entries that are learned locally.

remote: Specifies L2VPN ND flood suppression entries that are synchronized by M-LAG.

count: Displays the number of L2VPN ND flood suppression entries. If you do not specify this keyword, the command displays detailed information about L2VPN ND flood suppression entries.

vsi vsi-name: Specifies a VSI name, a case-sensitive string of 1 to 31 characters. If you do not specify a VSI, this command displays L2VPN ND flood suppression entries for all VSIs.

ipv6-address: Specifies an IPv6 address. If you do not specify an IPv6 address, this command displays all L2VPN ND flood suppression entries that match the specified criteria.

Usage guidelines

If you do not specify the local or remote keyword, this command displays both locally learned and M-LAG-synchronized L2VPN ND flood suppression entries.

Examples

# Display all L2VPN ND flood suppression entries on the local M-LAG member device.

[Sysname]display l2vpn m-lag nd suppression

Flags: D - Dynamic L – Local R – Remote S - Static I - Invalid

VSI name: vpna

IPv6 address MAC address Link ID Flags

11::8 72cb-ce9b-0a06 0x1 DL

11::9 0001-0001-0001 0x2 SR

# Display the total number of L2VPN ND flood suppression entries on the local M-LAG member device.

<Sysname> display l2vpn m-lag nd suppression count

Total number of entries: 2

Table 7 Command output

Field	Description
Link ID	Link ID that uniquely identifies an AC or a VXLAN tunnel on a VSI.
Flags	ND flood suppression entry type: · D—The entry is a valid dynamically learned entry. · L—The entry is a valid local entry. · R—The entry is a valid M-LAG-synchronized entry. · S—The entry is a valid static entry. · I—The entry is invalid. Possible reasons: ¡ The VSI has been administratively shut down by using the shutdown command. ¡ The outgoing tunnel interface does not exist.

Field

Description

Link ID

Link ID that uniquely identifies an AC or a VXLAN tunnel on a VSI.

Flags

ND flood suppression entry type:

· D—The entry is a valid dynamically learned entry.

· L—The entry is a valid local entry.

· R—The entry is a valid M-LAG-synchronized entry.

· S—The entry is a valid static entry.

· I—The entry is invalid. Possible reasons:

¡ The VSI has been administratively shut down by using the shutdown command.

¡ The outgoing tunnel interface does not exist.

display l2vpn forwarding ac

Use display l2vpn forwarding ac to display L2VPN AC forwarding information.

Syntax

display l2vpn forwarding ac [ vsi vsi-name ] [ slot slot-number ] [ verbose ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

vsi vsi-name: Displays L2VPN forwarding information for a VSI. The vsi-name argument specifies the VSI name, a case-sensitive string of 1 to 31 characters. If you do not specify a VSI, this command displays L2VPN forwarding information for all VSIs.

slot slot-number: Specifies the slot number of the device, which is fixed at 1.

verbose: Displays detailed information. If you do not specify this keyword, the command displays brief information.

Examples

# Display brief AC forwarding information for all VSIs.

<Sysname> display l2vpn forwarding ac

Total number of VSIs: 1

Total number of ACs: 1 up, 0 down

AC VSI Name Link ID State

BAGG1 srv1 1 0x1 Up

Table 8 Command output

Field	Description
Total number of VSIs	Total number of VSIs, including VSIs that are not bound to any ACs.
AC	AC type: Layer 2 interface and Ethernet service instance.
Link ID	Link ID of the AC in the VSI.
State	AC state, up or down.

# Display detailed AC forwarding information for all VSIs.

<Sysname> display l2vpn forwarding ac verbose

VSI Name: vpls2

Interface: HGE1/0/3 Service Instance: 4

Link ID : 1

State : UP

Access Mode : VLAN

Encapsulation: s-vid 10

Type : Manual

Table 9 Command output

Field	Description
Service Instance	Ethernet service instance ID. This field is displayed only when the AC is an Ethernet service instance on a Layer 2 interface.
Link ID	Link ID of the AC in the VSI.
Access Mode	AC access mode: · VLAN. · Ethernet.
State	AC state.
Encapsulation	Frame match criterion of the Ethernet service instance.
Type	Ethernet service instance type: · Dynamic (MAC-based)—Dynamic Ethernet service instance in MAC-based traffic match mode. · Dynamic (VLAN-based)—Dynamic Ethernet service instance in VLAN-based traffic match mode. · Manual—Static Ethernet service instance in VLAN-based traffic match mode.

display l2vpn interface

Use display l2vpn interface to display L2VPN information for Layer 3 interfaces that are mapped to VSIs.

Syntax

display l2vpn interface [ vsi vsi-name | interface-type interface-number ] [ verbose ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

vsi vsi-name: Specifies a VSI name, a case-sensitive string of 1 to 31 characters.

interface-type interface-number: Specifies an interface by its type and number.

verbose: Displays detailed information about Layer 3 interfaces. If you do not specify this keyword, the command displays brief information about Layer 3 interfaces.

Usage guidelines

If you do not specify any parameters, this command displays brief L2VPN information for all Layer 3 interfaces that are mapped to VSIs.

Examples

# Display brief L2VPN information for all Layer 3 interfaces that are mapped to VSIs.

<Sysname> display l2vpn interface

Total number of interfaces: 2, 2 up, 0 down

Total number of interfaces: 1, 1 up, 0 down

Interface Owner Link ID State Type

Vlan10 1 0 Up VSI

Table 10 Command output

Field	Description
Interface	Layer 3 interface name.
Owner	VSI name.
Link ID	The interface's link ID on the VSI.
State	Physical state of the interface: · Up—The interface is physically up. · Down—The interface is physically down.
Type	L2VPN type of the interface. This field displays VSI for the VXLAN feature.

# Display detailed L2VPN information for all Layer 3 interfaces that are mapped to VSIs.

<Sysname> display l2vpn interface verbose

Interface: Vlan10

Owner : vsi1

Link ID : 0

State : Up

Type : VSI

Statistics : Enabled

Input Statistics:

Octets :994496

Packets :15539

Output Statistics:

Octets :0

Packets :0

Interface: Vlan11

Owner : vsi2

Link ID : 0

State : Down

Type : VSI

Statistics : Enabled

Input Statistics:

Octets :0

Packets :0

Output Statistics:

Octets :0

Packets :0

Table 11 Command output

Field	Description
Interface	Layer 3 interface name.
Owner	VSI name.
Link ID	The interface's link ID on the VSI.
State	Physical state of the interface: · Up—The interface is physically up. · Down—The interface is physically down.
Type	L2VPN type of the interface. This field displays VSI for the VXLAN feature.
Statistics	Packet statistics state: · Enabled—The packet statistics feature is enabled for the interface. · Disabled—The packet statistics feature is disabled for the interface.
Input Statistics	Incoming traffic statistics: · Octets—Number of incoming bytes. · Packets—Number of incoming packets.
Output Statistics	Outgoing traffic statistics: · Octets—Number of outgoing bytes. · Packets—Number of outgoing packets.

Related commands

display l2vpn service-instance

display l2vpn mac-address

Use display l2vpn mac-address to display MAC address entries for VSIs.

Syntax

display l2vpn mac-address [ vsi vsi-name ] [ dynamic ] [ count | verbose ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

vsi vsi-name: Specifies a VSI name, a case-sensitive string of 1 to 31 characters. If you do not specify a VSI, this command displays MAC address entries for all VSIs.

dynamic: Specifies dynamic MAC address entries learned in the data plane. If you do not specify this keyword, the command displays all MAC address entries, including:

· Dynamic remote- and local-MAC entries.

· Remote-MAC entries advertised through BGP EVPN.

· Manually added static remote- and local-MAC entries.

· Remote-MAC entries issued through OpenFlow.

count: Displays the number of MAC address entries.

verbose: Displays detailed information about MAC address entries.

Usage guidelines

If you do not specify the count or verbose keyword, this command displays brief information about MAC address entries.

Examples

# Display brief information about MAC address entries for all VSIs.

<Sysname> display l2vpn mac-address

MAC Address State VSI Name Link ID/Name Aging

0000-0000-000b Static vpn1 Tunnel10 NotAging

0000-0000-000c Dynamic vpn1 Tunnel60 Aging

0000-0000-000d Dynamic vpn1 Tunnel99 Aging

--- 3 mac address(es) found ---

# Display the total number of MAC address entries in all VSIs.

<Sysname> display l2vpn mac-address count

3 mac address(es) found

Table 12 Command output

Field	Description
State	Entry state: · Dynamic—Local- or remote-MAC entry dynamically learned in the data plane. · Static—Static local- and remote-MAC entry. · EVPN—Remote-MAC entry advertised through BGP EVPN. · OpenFlow—Remote-MAC entry issued by a remote controller through OpenFlow.
Link ID/Name	For a local MAC address, this field displays the name of the interface that hosts the Ethernet service instance for the MAC address. For a remote MAC address, this field displays the tunnel interface name.
Aging	Entry aging state: · Aging. · NotAging.

# Display detailed information about MAC address entries for all VSIs.

<Sysname> display l2vpn mac-address verbose

MAC Address : 0000-0000-000b

VSI Name : vpn1

VXLAN ID : 123

Interface : HGE1/0/1

Link ID : 1

State : Dynamic

Aging : Aging

Table 13 Command output

Field	Description
Interface	For a local MAC address, this field displays the interface name if the AC is a Layer 3 interface. If the AC is an Ethernet service instance, this field displays the name of the interface that hosts the Ethernet service instance for the MAC address. For a remote MAC address, this field displays the tunnel interface name.
Link ID	Link ID that uniquely identifies an AC or a VXLAN tunnel on a VSI.
State	Entry state: · Dynamic—Local- or remote-MAC entry dynamically learned in the data plane. · Static—Static local- or remote-MAC entry. · EVPN—Remote-MAC entry advertised through BGP EVPN. · OpenFlow—Remote-MAC entry issued by a remote controller through OpenFlow.
Aging	Entry aging state: · Aging. · NotAging.

Related commands

reset l2vpn mac-address

display l2vpn service-instance

Use display l2vpn service-instance to display information about Ethernet service instances.

Syntax

display l2vpn service-instance [ interface interface-type interface-number [ service-instance instance-id ] ] [ verbose ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

interface interface-type interface-number: Specifies a Layer 2 Ethernet interface or Layer 2 aggregate interface by its interface type and number. If you do not specify an interface, this command displays Ethernet service instance information for all Layer 2 Ethernet interfaces and Layer 2 aggregate interfaces.

service-instance instance-id: Specifies an Ethernet service instance by its ID in the range of 1 to 4096. If you do not specify an Ethernet service instance, this command displays information about all Ethernet service instances on the specified Layer 2 Ethernet interface or Layer 2 aggregate interface.

verbose: Displays detailed information about Ethernet service instances. If you do not specify this keyword, the command displays brief information about Ethernet service instances.

Examples

# Display brief information about all Ethernet service instances.

<Sysname> display l2vpn service-instance

Total number of service-instances: 1, 0 up, 1 down

Total number of ACs: 1, 0 up, 1 down

Interface SrvID Owner LinkID State Type

BAGG1 1 1 1 Down VSI

Table 14 Command output

Field	Description
Total number of ACs	Total number of attachment circuits (ACs) and the number of ACs in each state (up or down).
Interface	Name of a Layer 2 Ethernet interface or Layer 2 aggregate interface.
SrvID	Ethernet service instance ID.
Owner	VSI name. This field is empty if an Ethernet service instance is not mapped to any VSI.
LinkID	Ethernet service instance's link ID on the VSI.
State	Ethernet service instance state: · Up. · Down.
Type	L2VPN type of the Ethernet service instance:

# Display detailed information about all Ethernet service instances on HundredGigE 1/0/1.

<Sysname> display l2vpn service-instance interface hundredgige 1/0/1 verbose

Interface: HGE1/0/1

Service Instance: 1

Type : Manual

Encapsulation : s-vid 16

VSI Name : vsi10

Link ID : 1

State : Up

Table 15 Command output

Field	Description
Interface	Name of a Layer 2 Ethernet interface or Layer 2 aggregate interface.
Service Instance	Ethernet service instance ID.
Type	Type and traffic match mode of the Ethernet service instance: · Dynamic (MAC-based)—Dynamic Ethernet service instance in MAC-based traffic match mode. · Dynamic (VLAN-based)—Dynamic Ethernet service instance in VLAN-based traffic match mode. · Manual—Static Ethernet service instance in VLAN-based traffic match mode.
Encapsulation	Frame match criterion of the Ethernet service instance. If the Ethernet service instance does not contain a match criterion, the command does not display this field.
Link ID	Ethernet service instance's link ID on the VSI.
State	Ethernet service instance state: · Up. · Down.
E-Tree Mode	This field is not supported in the current software version. Role of the AC in EVPN E-tree in the EVPN VPLS or EVPN VPLS over SRv6 network: · root. · leaf.
End.Dx2 SID	This field is not supported in the current software version. End.DX2 SID assigned to the AC in the EVPN VPLS over SRv6 network. This field displays a hyphen (-) if the AC is not assigned any End.DX2 SID.
End.Dx2l SID	This field is not supported in the current software version. End.Dx2l SID assigned to the AC in the EVPN VPLS over SRv6 network. This field displays a hyphen (-) if the AC is not assigned any End.Dx2l SID.
Statistics	This field is not supported in the current software version. Packet statistics state: · Enabled—The packet statistics feature is enabled for the Ethernet service instance. · Disabled—The packet statistics feature is disabled for the Ethernet service instance.
Input Statistics	Incoming traffic statistics: · Octets—Number of incoming bytes. · Packets—Number of incoming packets. · Errors—Number of error packets. · Discards—Number of dropped packets.
Output Statistics	Outgoing traffic statistics: · Octets—Number of outgoing bytes. · Packets—Number of outgoing packets. · Errors—Number of error packets. · Discards—Number of dropped packets.

Related commands

service-instance

display l2vpn vsi

Use display l2vpn vsi to display information about VSIs.

Syntax

display l2vpn vsi [ name vsi-name | evpn-vxlan | vxlan ] [ count | verbose ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

name vsi-name: Specifies a VSI by its name, a case-sensitive string of 1 to 31 characters.

evpn-vxlan: Specifies VSIs of EVPN VXLAN.

vxlan: Specifies VSIs of VXLAN.

count: Displays VSI state statistics.

verbose: Displays detailed information about VSIs. If you do not specify this keyword, the command displays brief information about VSIs.

Usage guidelines

If you do not specify a VSI or network type, this command displays information about all VSIs.

Examples

# Display brief information about all VSIs.

<Sysname> display l2vpn vsi

Total number of VSIs: 2, 1 up, 1 down, 0 admin down

VSI Name VSI Index MTU State

vpls1 0 1500 Up

vpls2 1 1500 Down

# Display state statistics about all VSIs.

<Sysname> display l2vpn vsi count

Total number of VSIs: 1, 1 up, 0 down, 0 admin down

Table 16 Command output

Field	Description
State	VSI state: · Up—The VSI is up. · Down—The VSI is down. · Admin down—The VSI has been manually shut down by using the shutdown command.

Field

Description

State

VSI state:

· Up—The VSI is up.

· Down—The VSI is down.

· Admin down—The VSI has been manually shut down by using the shutdown command.

# Display detailed information about all VSIs of EVPN VXLAN.

<Sysname> display l2vpn vsi evpn-vxlan verbose

VSI Name: vpna

VSI Index : 0

VSI Description : vsi for vxlan10

VSI State : Up

MTU : -

Bandwidth : -

Broadcast Restrain : -

Multicast Restrain : -

Unknown Unicast Restrain: -

MAC Learning : Enabled

MAC Table Limit : -

MAC Learning rate : -

Drop Unknown : -

PW Redundancy Mode : Slave

Flooding : Enabled

ESI : 0000.0000.0000.0000.0000

Redundancy Mode : All-active

Statistics : Enabled

Input statistics :

Octets : 0

Packets : 0

Errors : 0

Discards : 0

Output statistics:

Octets : 0

Packets : 0

Errors : 0

Discards : 0

Input Rate :

Bytes per second : 0

Packets per second : 0

Output Rate :

Bytes per second : 0

Packets per second : 0

Gateway Interface : VSI-interface 100

VXLAN ID : 10

EVPN Encapsulation : VXLAN

Tunnels:

Tunnel Name Link ID State Type Flood proxy

Tunnel1 0x5000001 Up Manual Disabled

Tunnel2 0x5000002 Up Manual Disabled

ACs:

AC Link ID State Type

BAGG1 srv1 0x1 Down Manual

Statistics: Disabled

Table 17 Command output

Field	Description
VSI Description	Description of the VSI. If the VSI does not have a description, the command does not display this field.
VSI State	VSI state: · Up—The VSI is up. · Down—The VSI is down. · Administratively down—The VSI has been manually shut down by using the shutdown command.
MTU	MTU on the VSI.
Bandwidth	Bandwidth limit in kbps. If no bandwidth limit is set for the VSI, Unlimited is displayed.
Broadcast Restrain	Broadcast restraint bandwidth (in kbps).
Multicast Restrain	Multicast restraint bandwidth (in kbps).
Unknown Unicast Restrain	Unknown unicast restraint bandwidth (in kbps).
MAC Learning	State of the MAC learning feature.
MAC Table Limit	Maximum number of MAC address entries on the VSI.
MAC Learning rate	MAC address entry learning rate of the VSI.
Drop Unknown	Action on source MAC-unknown frames received after the maximum number of MAC entries is reached.
PW Redundancy Mode	PW redundancy operation mode: · Slave—Master/slave mode and the local PE operates as the slave node. · Master—Master/slave mode and the local PE operates as the master node. · Independent—Independent mode.
Flooding	State of the VSI's flooding feature: · Enabled—Flooding is enabled on the VSI. · Disabled—Flooding is disabled on the VSI.
ESI	ESI assigned to the VSI.
Redundancy Mode	ES redundancy mode for the VSI: · A—All-active mode. · S—Single-active mode.
Input Rate	Incoming traffic rate for the VSI, in Bps and pps.
Output Rate	Outgoing traffic rate for the VSI, in Bps and pps.
Gateway Interface	VSI interface name.
EVPN Encapsulation	EVPN encapsulation type.
State	Tunnel state: · Up—The tunnel is operating correctly. · Blocked—The tunnel is a backup tunnel. Its tunnel interface is up, but the tunnel is blocked because the primary tunnel is operating correctly. · Down—The tunnel interface is down.
Type	Tunnel assignment method: · Auto—The tunnel was automatically assigned to the VXLAN by EVPN. · Manual—The tunnel was manually assigned to the VXLAN.
Flood proxy	This field is not supported in the current software version. Flood proxy state.
ACs	ACs that are bound to the VSI.
Link ID	AC's link ID on the VSI.
State	AC state: · Up. · Down.
Type	Type and traffic match mode of the Ethernet service instance: · Dynamic (M-LAG)—Dynamic Ethernet service instance created on the peer link, in VLAN-based traffic match mode. · Dynamic (VLAN-based)—Dynamic Ethernet service instance in VLAN-based traffic match mode. · Manual—Static Ethernet service instance in VLAN-based traffic match mode.
Statistics	State of AC traffic statistics: · Enabled. · Disabled.

display vxlan tunnel

Use display vxlan tunnel to display VXLAN tunnel information for VXLANs.

Syntax

display vxlan tunnel [ vxlan-id vxlan-id ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

vxlan-id: Specifies a VXLAN ID in the range of 0 to 16777215. If you do not specify a VXLAN, this command displays VXLAN tunnel information for all VXLANs.

Examples

# Display VXLAN tunnel information for all VXLANs.

<Sysname> display vxlan tunnel

Total number of VXLANs: 1

VXLAN ID: 10, VSI name: vpna, Total tunnels: 2 (2 up, 0 down, 0 defect, 0 blocked)

Tunnel name Link ID State Type Flood proxy

Tunnel1 0x5000001 Up Manual Disabled

Tunnel2 0x5000002 Up Manual Disabled

# Display VXLAN tunnel information for VXLAN 10.

<Sysname> display vxlan tunnel vxlan-id 10

VXLAN ID: 10, VSI name: vpna, Total tunnels: 2 (2 up, 0 down, 0 defect, 0 blocked)

Tunnel name Link ID State Type Flood proxy

Tunnel1 0x5000001 Up Manual Disabled

Tunnel2 0x5000002 Up Manual Disabled

Table 18 Command output

Field	Description
Link ID	Tunnel's link ID in the VXLAN.
State	Tunnel state: · Up—The tunnel is operating correctly. · Blocked—The tunnel is a backup tunnel. Its tunnel interface is up, but the tunnel is blocked because the primary tunnel is operating correctly. · Down—The tunnel interface is down.
Type	Tunnel assignment method: · Auto—The tunnel was automatically assigned to the VXLAN by EVPN. · Manual—The tunnel was manually assigned to the VXLAN.
Flood proxy	This field is not supported in the current software version. Flood proxy state.

Related commands

tunnel

vxlan

encapsulation

Use encapsulation to configure a frame match criterion for an Ethernet service instance.

Use undo encapsulation to restore the default.

Syntax

encapsulation s-vid vlan-id [ only-tagged ]

encapsulation s-vid vlan-id c-vid vlan-id

encapsulation { default | tagged | untagged }

undo encapsulation

Default

An Ethernet service instance does not contain a frame match criterion.

Views

Ethernet service instance view

Predefined user roles

network-admin

Parameters

s-vid: Matches frames that are tagged with the specified outer 802.1Q VLAN IDs.

c-vid: Matches frames that are tagged with the specified inner 802.1Q VLAN IDs.

vlan-id: Specifies an 802.1Q VLAN ID in the range of 1 to 4094.

only-tagged: Matches tagged frames. If the outer 802.1Q VLAN is not the PVID, the matching result does not differ, whether or not you specify the only-tagged keyword. If the outer 802.1Q VLAN is the PVID, the matching result depends on whether or not the only-tagged keyword is specified.

· To match only PVID-tagged frames, specify the only-tagged keyword.

· To match both untagged frames and PVID-tagged frames, do not specify the only-tagged keyword.

Exceptionally, for the S9825 Switch Series, even after you specify this keyword, Ethernet service instances will still match untagged frames.

default: Matches frames that do not match any other Ethernet service instance on the interface. On an interface, you can configure this criterion only in one Ethernet service instance. The Ethernet service instance matches any frames if it is the only instance on the interface.

tagged: Matches any frames that have an 802.1Q VLAN tag.

untagged: Matches any frames that do not have an 802.1Q VLAN tag.

Usage guidelines

An Ethernet service instance can contain only one match criterion. To change the match criterion, first execute the undo encapsulation command to remove the original criterion.

When you remove the match criterion in an Ethernet service instance, the mapping between the service instance and the VSI is removed automatically.

Examples

# Configure Ethernet service instance 1 on HundredGigE 1/0/1 to match frames that have an outer 802.1Q VLAN ID of 111.

<Sysname> system-view

[Sysname] interface hundredgige 1/0/1

[Sysname-HundredGigE1/0/1] service-instance 1

[Sysname-HundredGigE1/0/1-srv1] encapsulation s-vid 111

Related commands

display l2vpn service-instance

flooding disable (VSI view)

Use flooding disable to disable flooding for a VSI.

Use undo flooding disable to enable flooding for a VSI.

Syntax

flooding disable { all | { broadcast | unknown-multicast | unknown-unicast } * } [ all-direction | dci ]

undo flooding disable

Default

Flooding is enabled for a VSI.

Views

VSI view

Predefined user roles

network-admin

Parameters

all: Specifies broadcast, unknown unicast, and unknown multicast traffic.

broadcast: Specifies broadcast traffic.

unknown-multicast: Specifies unknown multicast traffic.

unknown-unicast: Specifies unknown unicast traffic.

all-direction: Disables flooding traffic received from an AC, VXLAN tunnel interface to any other ACs and VXLAN tunnel interfaces of the same VSI. If you do not specify this keyword, the command only disables flooding traffic received from ACs to VXLAN tunnel interfaces of the VSI.

dci: Disables flooding only to VXLAN-DCI tunnel interfaces. If you do not specify this keyword, the command disables flooding to both VXLAN tunnel interfaces and VXLAN-DCI tunnel interfaces.

Usage guidelines

By default, the device floods broadcast, unknown unicast, and unknown multicast frames received from the local site to the following interfaces in the frame's VXLAN:

· All site-facing interfaces except for the incoming interface.

· All VXLAN tunnel interfaces.

When receiving broadcast, unknown unicast, and unknown multicast frames on VXLAN tunnel interfaces, the device floods the frames to all site-facing interfaces in the frames' VXLAN.

To confine a kind of flood traffic, use this command to disable flooding for that kind of flood traffic on the VSI bound to the VXLAN.

On the S9855 Switch Series, you cannot specify the unknown-multicast or unknown-unicast keyword alone. If you specify one of the keywords, you must also specify the other.

If VXLAN-DCI is configured, flood traffic is also sent out of VXLAN-DCI tunnel interfaces. To confine flood traffic to the site-facing interfaces and VXLAN tunnels within a data center, you can specify the dci keyword to disable flooding only to VXLAN-DCI tunnel interfaces.

The all-direction keyword disables flooding traffic received from an AC or VXLAN tunnel interface to any other ACs and VXLAN tunnel interfaces of the same VSI. If VXLAN-DCI is configured, this keyword also disables flooding between VXLAN tunnel interfaces and VXLAN-DCI tunnel interfaces.

Examples

# Disable flooding of local broadcast traffic to remote sites for VSI vsi1.

<Sysname> system-view

[Sysname] vsi vsi1

[Sysname-vsi-vsi1] flooding disable broadcast

ipv6 nd suppression enable

Use ipv6 nd suppression enable to enable ND flood suppression.

Use undo ipv6 nd suppression enable to disable ND flood suppression.

Syntax

ipv6 nd suppression enable [ no-broadcast ]

undo ipv6 nd suppression enable

Default

ND flood suppression is disabled.

Views

VSI view

Predefined user roles

network-admin

Parameters

no-broadcast: Disables the device from flooding the ND requests that do not match any ND flood suppression entry.

Usage guidelines

ND flood suppression reduces ND request multicasts by enabling the VTEP to reply to ND requests on behalf of user terminals.

This feature snoops ND packets to populate the ND flood suppression table with local and remote MAC addresses. If an ND request has a matching entry, the VTEP replies to the request on behalf of the user terminal. If no match is found, the VTEP floods the request to both local and remote sites.

Examples

# Enable ND flood suppression for VSI vsi1.

<Sysname> system-view

[Sysname] vsi vsi1

[Sysname-vsi-vsi1] ipv6 nd suppression enable

Related commands

display ipv6 nd suppression vsi

reset ipv6 nd suppression vsi

ipv6 nd suppression mode

Use ipv6 nd suppression mode to set the ND flood suppression mode.

Use undo ipv6 nd suppression mode to restore the default.

Syntax

ipv6 nd suppression mode { proxy-reply | unicast-forward } [ mismatch-discard ]

undo ipv6 nd suppression mode

Default

If ND flood suppression is enabled, the default ND flood suppression mode is proxy reply. In proxy reply mode, the device broadcasts the NS packets that are not targeted at the device and do not match any ND flood suppression entries.

Views

VSI view

Predefined user roles

network-admin

Parameters

proxy-reply: Specifies proxy reply mode. If an NS packet is not targeted at the device and matches an ND flood suppression entry, the device replies to the NS packet on behalf of the target IP address. The replied NA packet carries the following information:

· Sender IP address—Target IP address in the NS packet.

· Source MAC address—MAC address in the matching ND flood suppression entry.

unicast-forward: Specifies unicast forwarding mode. If an NS packet is not targeted at the device and matches an ND flood suppression entry, the device acts as follows:

1. Replaces the destination MAC address in the NS packet with the MAC address in the entry.

2. Unicasts the NS packet.

mismatch-discard: Specifies mismatch discarding mode. In this mode, the device discards an NS packet that is not targeted at the device and does not match any ND flood suppression entry. If you do not specify this keyword, the device will broadcast such an NS packet.

Usage guidelines

The device does not forward NS packets in proxy reply mode, which decreases system resource consumption. Unicast forwarding mode reduces the ND entry learning errors caused by the delay in refreshing ND flood suppression entries at the expense of high system resource usage.

Examples

# Enable ND flood suppression and set its mode to unicast forwarding on VSI vsi1.

<Sysname> system-view

[Sysname] vsi vsi1

[Sysname-vsi-vsi1] ipv6 nd suppression enable

[Sysname-vsi-vsi1] nd suppression mode unicast-forward

Related commands

ipv6 nd suppression enable

l2vpn m-lag peer-link ac-match-rule vxlan-mapping

Use l2vpn m-lag peer-link ac-match-rule vxlan-mapping to enable the device to create frame match criteria based on VXLAN IDs for the dynamic ACs on the direct peer link.

Use undo l2vpn m-lag peer-link ac-match-rule vxlan-mapping to restore the default.

NOTE:

This command is not supported on the S9825 Switch Series.

Syntax

l2vpn m-lag peer-link ac-match-rule vxlan-mapping

undo l2vpn m-lag peer-link ac-match-rule vxlan-mapping

Default

On an M-LAG system that uses a direct peer link, dynamic ACs on the peer link use frame match criteria that are identical to those of site-facing ACs.

Views

System view

Predefined user roles

network-admin

Usage guidelines

By default, if an M-LAG system uses a direct peer link, each M-LAG member device creates a dynamic AC on the peer link when an AC is configured on a site-facing interface. The dynamic AC and the site-facing AC have the same frame match criteria and VSI mapping. If two site-facing ACs on different interfaces have the same frame match criteria but different VSI mappings, the dynamic ACs created for the site-facing ACs will conflict with each other. To prevent this issue, enable the M-LAG member devices to create frame match criteria based on VXLAN IDs for the dynamic ACs on the peer link.

With this command configured, an M-LAG member device creates dynamic ACs on the peer link and maps them to the VSIs of VXLANs after the VXLANs are created. The matching VLAN IDs in frame match criteria are calculated for the dynamic ACs according to the following rules:

· Outer VLAN ID = VXLAN ID / 4094 + 1.

· Inner VLAN ID = VXLAN ID % 4094 + 1.

· If the calculated outer VLAN ID of a dynamic AC is the PVID of the peer-link interface, the device uses the calculated inner VLAN ID as the outer VLAN ID. The device does not add a matching inner VLAN ID to the frame match criterion of the dynamic AC.

After you execute this command, do not create VXLANs with IDs larger than 16000000.

This command deletes existing dynamic ACs from peer-link interfaces and takes effect on all VXLANs.

Examples

# Enable the device to create frame match criteria based on VXLAN IDs for the dynamic ACs on the direct peer link.

<Sysname> system-view

[Sysname] l2vpn m-lag peer-link ac-match-rule vxlan-mapping

l2vpn enable

Use l2vpn enable to enable L2VPN.

Use undo l2vpn enable to disable L2VPN.

Syntax

l2vpn enable

undo l2vpn enable

Default

L2VPN is disabled.

Views

System view

Predefined user roles

network-admin

Usage guidelines

You must enable L2VPN before you can configure L2VPN settings.

Examples

# Enable L2VPN.

<Sysname> system-view

[Sysname] l2vpn enable

l2vpn statistics interval

Use l2vpn statistics interval to set the L2VPN statistics collection interval.

Use undo l2vpn statistics interval to restore the default.

NOTE:

The S9855 Switch Series supports only inbound VXLAN traffic statistics.

Syntax

l2vpn statistics interval interval

undo l2vpn statistics interval

Default

The L2VPN statistics collection interval is 15 minutes.

Views

System view

Predefined user roles

network-admin

Parameters

interval: Sets the L2VPN statistics collection interval in seconds, in the range of 5 to 65535.

Examples

# Set the L2VPN statistics collection interval to 30 seconds.

<Sysname> system-view

[Sysname] l2vpn statistics interval 30

mac-address static vsi

Use mac-address static vsi to add a static MAC address entry for a VXLAN VSI.

Use undo mac-address static vsi to remove a static MAC address entry for a VXLAN VSI.

Syntax

mac-address static mac-address { interface interface-type interface-number service-instance instance-id | interface tunnel tunnel-number } vsi vsi-name

undo mac-address static [ mac-address ] [ interface interface-type interface-number service-instance instance-id | interface tunnel tunnel-number ] vsi vsi-name

Default

VXLAN VSIs do not have static MAC address entries.

Views

System view

Predefined user roles

network-admin

Parameters

mac-address: Specifies a MAC address in H-H-H format. Do not specify a multicast MAC address or an all-zeros MAC address. You can omit the consecutive zeros at the beginning of each segment. For example, you can enter f-e2-1 for 000f-00e2-0001.

interface interface-type interface-number service-instance instance-id: Specifies an AC. The interface-type interface-number argument specifies the interface by its type and number. The instance-id argument specifies the Ethernet service instance by its ID in the range of 1 to 4096. This option applies to local MAC addresses.

interface tunnel tunnel-number: Specifies a VXLAN or VXLAN-DCI tunnel interface by its tunnel interface number. The tunnel interface must already exist. This option applies to remote MAC addresses.

vsi vsi-name: Specifies a VSI name, a case-sensitive string of 1 to 31 characters.

Usage guidelines

A local MAC address is the MAC address of a VM in the local site. Local MAC entries include manually added entries and dynamically learned entries.

A remote MAC address is the MAC address of a VM in a remote site. Remote MAC entries include manually added MAC entries, dynamically learned MAC entries, and MAC entries advertised through BGP EVPN.

When you add a local MAC address entry, make sure the specified Ethernet service instance has been mapped to the VSI. When you add a remote MAC address entry, make sure the VSI's VXLAN has been specified on the VXLAN or VXLAN-DCI tunnel.

Do not configure static remote-MAC entries for tunnels that are automatically established by using EVPN.

· EVPN re-establishes tunnels if the transport-facing interface goes down and then comes up. If you have configured static remote-MAC entries, the entries are deleted when the tunnels are re-established.

· EVPN re-establishes tunnels if you perform configuration rollback. If the tunnel IDs change during tunnel re-establishment, configuration rollback fails, and static remote-MAC entries on the tunnels cannot be restored.

The undo mac-address static vsi vsi-name command removes all static MAC address entries for a VSI.

Examples

# Add MAC address 000f-e201-0101 to VSI vsi1. Specify Tunnel-interface 1 as the outgoing interface.

<Sysname> system-view

[Sysname] mac-address static 000f-e201-0101 interface tunnel 1 vsi vsi1

# Add MAC address 000f-e201-0102 of Ethernet service instance 1 to VSI vsi1. Specify HundredGigE 1/0/1 as the outgoing interface.

<Sysname> system-view

[Sysname] mac-address static 000f-e201-0102 interface hundredgige 1/0/1 service-instance 1 vsi vsi1

Related commands

vxlan tunnel mac-learning disable

reset arp suppression vsi

Use reset arp suppression vsi to clear ARP flood suppression entries on VSIs.

Syntax

reset arp suppression vsi [ name vsi-name ]

Views

User view

Predefined user roles

network-admin

Parameters

name vsi-name: Specifies a VSI by its name, a case-sensitive string of 1 to 31 characters. If you do not specify a VSI, this command clears ARP flood suppression entries on all VSIs.

Examples

# Clear ARP flood suppression entries on all VSIs.

<Sysname> reset arp suppression vsi

This command will delete all entries. Continue? [Y/N]:y

Related commands

arp suppression enable

display arp suppression vsi

reset ipv6 nd suppression vsi

Use reset ipv6 nd suppression vsi to clear ND flood suppression entries on VSIs.

Syntax

reset ipv6 nd suppression vsi [ name vsi-name ]

Views

User view

Predefined user roles

network-admin

Parameters

name vsi-name: Specifies a VSI by its name, a case-sensitive string of 1 to 31 characters. If you do not specify a VSI, this command clears ND flood suppression entries on all VSIs.

Examples

# Clear ND flood suppression entries on all VSIs.

<Sysname> reset ipv6 nd suppression vsi

This command will delete all entries. Continue? [Y/N]:y

Related commands

display ipv6 nd suppression vsi

ipv6 nd suppression enable

reset l2vpn mac-address

Use reset l2vpn mac-address to clear dynamic MAC address entries on VSIs.

Syntax

reset l2vpn mac-address [ vsi vsi-name ]

Views

User view

Predefined user roles

network-admin

Parameters

vsi vsi-name: Specifies a VSI by its name, a case-sensitive string of 1 to 31 characters. If you do not specify a VSI, this command clears all dynamic MAC address entries on all VSIs.

Usage guidelines

Use this command when the number of dynamic MAC address entries reaches the limit or the device learns incorrect MAC addresses.

Examples

# Clear the dynamic MAC address entries on VSI vpn1.

<Sysname> reset l2vpn mac-address vsi vpn1

Related commands

display l2vpn mac-address vsi

reset l2vpn statistics ac

Use reset l2vpn statistics ac to clear packet statistics on ACs.

Syntax

reset l2vpn statistics ac [ interface interface-type interface-number service-instance instance-id ]

Views

User view

Predefined user roles

network-admin

Parameters

interface interface-type interface-number: Specifies an interface by its type and number.

service-instance instance-id: Specifies an Ethernet service instance ID in the range of 1 to 4096. You must specify this option if the interface interface-type interface-number option specifies a Layer 2 interface. You cannot specify this option if the interface interface-type interface-number option specifies a Layer 3 interface.

Usage guidelines

If you do not specify any parameters, this command clears packet statistics on all ACs.

Examples

# Clear packet statistics for Ethernet service instance 1 on HundredGigE 1/0/1.

<Sysname> reset l2vpn statistics ac interface hundredgige 1/0/1 service-instance 1

Related commands

display l2vpn interface

display l2vpn service-instance verbose

statistics enable (Ethernet service instance view)

reset l2vpn statistics vsi

Use reset l2vpn statistics vsi to clear packet statistics on VSIs.

Syntax

reset l2vpn statistics vsi [ name vsi-name ]

Views

User view

Predefined user roles

network-admin

Parameters

name vsi-name: Specifies a VSI by its name, a case-sensitive string of 1 to 31 characters. If you do not specify a VSI, this command clears packet statistics on all VSIs.

Examples

# Clear packet statistics on all VSIs.

<Sysname> reset l2vpn statistics vsi

Related commands

statistics enable (VSI view)

restrain

Use restrain to set the broadcast, multicast, or unknown unicast restraint bandwidth for a VSI.

Use undo restrain to restore the default.

NOTE:

This command is supported only in R9323 and later.

Syntax

restrain { broadcast | multicast | unknown-unicast } bandwidth

undo restrain { broadcast | multicast | unknown-unicast }

Default

The broadcast, multicast, or unknown unicast restraint bandwidth is not set for a VSI.

Views

VSI view

Predefined user roles

network-admin

Parameters

broadcast: Specifies the broadcast restraint bandwidth for a VSI.

multicast: Specifies the multicast restraint bandwidth for a VSI.

unknown-unicast: Specifies the unknown unicast restraint bandwidth for a VSI. Unknown unicast packets refer to unicast packets whose destination MAC addresses are not in the MAC address table.

bandwidth: Specifies the restraint bandwidth value. The value range for this argument is 64 to 4194303 in kbps.

Usage guidelines

When the broadcast, multicast, or unknown unicast traffic in the inbound direction of a VXLAN tunnel exceeds the configured restraint bandwidth, the device drops the exceeding traffic.

If you execute both the restrain and bandwidth commands in VSI view, and the restraint bandwidth configured by the restrain command is not 0, the bandwidth command takes effect.

Examples

# Set the broadcast, multicast, and unknown unicast restraint bandwidth for the VSI named vpn1 to 100 kbps.

<Sysname> system-view

[Sysname] vsi vpn1

[Sysname-vsi-vpn1] restrain broadcast 100

[Sysname-vsi-vpn1] restrain multicast 100

[Sysname-vsi-vpn1] restrain unknown-unicast 100

Related commands

display l2vpn vsi

service-instance

Use service-instance to create an Ethernet service instance and enter its view, or enter the view of an existing Ethernet service instance.

Use undo service-instance to delete an Ethernet service instance.

Syntax

service-instance instance-id

undo service-instance instance-id

Default

No Ethernet service instances exist.

Views

Layer 2 aggregate interface view

Layer 2 Ethernet interface view

Predefined user roles

network-admin

Parameters

instance-id: Specifies an Ethernet service instance ID in the range of 1 to 4096.

Examples

# On Layer 2 Ethernet interface HundredGigE 1/0/1, create Ethernet service instance 1 and enter Ethernet service instance view.

<Sysname> system-view

[Sysname] interface hundredgige 1/0/1

[Sysname-HundredGigE1/0/1] service-instance 1

[Sysname-HundredGigE1/0/1-srv1]

Related commands

display l2vpn service-instance

shutdown

Use shutdown to shut down a VSI.

Use undo shutdown to bring up a VSI.

Syntax

shutdown

undo shutdown

Default

VSIs are up.

Views

VSI view

Predefined user roles

network-admin

Usage guidelines

Use this command to temporarily disable a VSI to provide Layer 2 switching services. The shutdown action does not change settings on the VSI. You can continue to configure the VSI. After you bring up the VSI again, the VSI provides services based on the latest settings.

Examples

# Shut down VSI vpn1.

<Sysname> system-view

[Sysname] vsi vpn1

[Sysname-vsi-vpn1] shutdown

Related commands

display l2vpn vsi

statistics enable (Ethernet service instance view)

Use statistics enable to enable packet statistics for an Ethernet service instance.

Use undo statistics enable to disable packet statistics for an Ethernet service instance.

NOTE:

The S9855 Switch Series supports only inbound VXLAN traffic statistics.

Syntax

statistics enable

undo statistics enable

Default

The packet statistics feature is disabled for an Ethernet service instance.

Views

Ethernet service instance view

Predefined user roles

network-admin

Usage guidelines

For this command to take effect, you must configure a frame match criterion for the Ethernet service instance and map it to a VSI. If you modify the frame match criterion or VSI mapping, packet statistics of the instance is cleared.

Examples

# Enable packet statistics for Ethernet service instance 200 on HundredGigE 1/0/1.

<Sysname> system-view

[Sysname] interface hundredgige 1/0/1

[Sysname-HundredGigE1/0/1] service-instance 200

[Sysname-HundredGigE1/0/1-srv200] statistics enable

Related command

display l2vpn service-instance verbose

reset l2vpn statistics ac

statistics enable (VSI view)

Use statistics enable to enable packet statistics for a VSI.

Use undo statistics enable to disable packet statistics for a VSI.

NOTE:

The S9855 Switch Series supports only inbound VXLAN traffic statistics.

Syntax

statistics enable

undo statistics enable

Default

The packet statistics feature is disabled for a VSI.

Views

VSI view

Predefined user roles

network-admin

Examples

# Enable packet statistics for VSI vsi1.

<Sysname> system-view

[Sysname] vsi vsi1

[Sysname-vsi-vsi1] statistics enable

Related commands

display l2vpn vsi verbose

reset l2vpn statistics vsi

tunnel

Use tunnel to assign VXLAN tunnels to a VXLAN.

Use undo tunnel to remove VXLAN tunnels from a VXLAN.

Syntax

tunnel { tunnel-number [ backup-tunnel tunnel-number | flooding-proxy | remote-vni vxlan-id ] | all }

undo tunnel { tunnel-number | all }

Default

A VXLAN does not contain VXLAN tunnels.

Views

VXLAN view

Predefined user roles

network-admin

Parameters

tunnel-number: Specifies a tunnel interface number. The value range for this argument is 1 to 4095. The tunnel interface must already exist. The tunnel must be a VXLAN tunnel.

backup-tunnel tunnel-number: Specifies a backup tunnel by its tunnel interface number. The value range for this argument is 1 to 8191. The tunnel interface must already exist. The tunnel must be a VXLAN tunnel.

flooding-proxy: Enables flood proxy on the tunnel for the VTEP to send flood traffic to the flood proxy server. The flood proxy server replicates and forwards flood traffic to remote VTEPs. If you do not specify this keyword, flood proxy is disabled on the tunnel.

all: Specifies all VXLAN tunnels.

Usage guidelines

This command assigns a VXLAN tunnel to a VXLAN to provide Layer 2 connectivity for the VXLAN between two sites. In unicast mode, the system floods unknown unicast, multicast, and broadcast traffic to each tunnel in the VXLAN.

You can assign multiple VXLAN tunnels to a VXLAN, and configure a VXLAN tunnel to trunk multiple VXLANs.

To assign a pair of primary and backup VXLAN tunnels to the VXLAN, specify the backup-tunnel tunnel-number option. When the primary VXLAN tunnel is operating correctly, the backup VXLAN tunnel does not forward traffic. When the primary VXLAN tunnel goes down, traffic is switched to the backup VXLAN tunnel.

On a VSI, you can enable flood proxy on multiple VXLAN tunnels. The first tunnel that is enabled with flood proxy works as the primary proxy tunnel to forward broadcast, multicast, and unknown unicast traffic. Other proxy tunnels are backups that do not forward traffic when the primary proxy tunnel is operating correctly.

To change a flood proxy tunnel for a VXLAN, perform the following tasks:

· Use the undo tunnel command to remove the flood proxy tunnel.

· Use the tunnel command to enable flood proxy on another tunnel and assign the tunnel to the VXLAN.

If you assign VXLAN tunnels to a VXLAN one by one, you cannot remove all the VXLAN tunnels by using the undo tunnel all command.

If you assign all VXLAN tunnels to a VXLAN by using the tunnel all command, you cannot remove the VXLAN tunnels one by one. You can only use the undo tunnel all command to remove all the VXLAN tunnels.

As a best practice, use the tunnel all command only when batch VXLAN tunnel assignment is necessary.

Examples

# Assign VXLAN tunnels 1 and 2 to VXLAN 10000.

<Sysname> system-view

[Sysname] vsi vpna

[Sysname-vsi-vpna] vxlan 10000

[Sysname-vsi-vpna-vxlan-10000] tunnel 1

[Sysname-vsi-vpna-vxlan-10000] tunnel 2

Related commands

display vxlan tunnel

tunnel global source-address

Use tunnel global source-address to specify a global source address for VXLAN tunnels.

Use undo tunnel global source-address to restore the default.

Syntax

tunnel global source-address { ipv4-address | ipv6 ipv6-address }

undo tunnel global source-address [ ipv6 ]

Default

No global source address is specified for VXLAN tunnels.

Views

System view

Predefined user roles

network-admin

Parameters

ipv4-address: Specifies an IPv4 address.

ipv6 ipv6-address: Specifies an IPv6 address. If you do not specify the ipv6 keyword when using the undo form of the command, the global IPv4 address is deleted.

Usage guidelines

A VXLAN tunnel uses the global source address if you do not specify a source interface or source address for the tunnel.

The global source address takes effect only on VXLAN tunnels (VXLAN-DCI tunnels not included).

IPv4 VXLAN tunnels use the global IPv4 source address. IPv6 VXLAN tunnels use the global IPv6 source address.

Examples

# Specify 1.1.1.1 as the global source address for VXLAN tunnels.

<Sysname> system-view

[Sysname] tunnel global source-address 1.1.1.1

vsi

Use vsi to create a VSI and enter its view, or enter the view of an existing VSI.

Use undo vsi to delete a VSI.

Syntax

vsi vsi-name

undo vsi vsi-name

Default

No VSIs exist.

Views

System view

Predefined user roles

network-admin

Parameters

vsi-name: Specifies a VSI name, a case-sensitive string of 1 to 31 characters.

Usage guidelines

A VSI acts as a virtual switch to provide Layer 2 switching services for a VXLAN on a VTEP. A VSI has all functions of a physical Ethernet switch, including source MAC address learning, MAC address aging, and flooding.

A VSI can provide services only for one VXLAN.

Examples

# Create VSI vxlan10 and enter VSI view.

<Sysname> system-view

[Sysname] vsi vxlan10

[Sysname-vsi-vxlan10]

Related commands

display l2vpn vsi

vxlan

Use vxlan to create a VXLAN and enter its view, or enter the view of an existing VXLAN.

Use undo vxlan to restore the default.

Syntax

vxlan vxlan-id

undo vxlan

Default

No VXLANs exist.

Views

VSI view

Predefined user roles

network-admin

Parameters

vxlan-id: Specifies a VXLAN ID in the range of 0 to 16777215.

Usage guidelines

You can create only one VXLAN for a VSI. The VXLAN ID for each VSI must be unique.

Examples

# Create VXLAN 10000 for VSI vpna and enter VXLAN view.

<Sysname> system-view

[Sysname] vsi vpna

[Sysname-vsi-vpna] vxlan 10000

[Sysname-vsi-vpna-vxlan-10000]

Related commands

vsi

vxlan default-decapsulation

Use vxlan default-decapsulation to enable default IPv4 VXLAN decapsulation.

Use undo vxlan default-decapsulation to disable default IPv4 VXLAN decapsulation.

Syntax

vxlan default-decapsulation source interface interface-type interface-number

undo vxlan default-decapsulation source interface

Default

Default IPv4 VXLAN decapsulation is disabled.

Views

System view

Predefined user roles

network-admin

Parameters

source interface interface-type interface-number: Specifies an interface by its type and number.

Usage guidelines

If an IPv4 VXLAN tunnel is configured on only one VTEP of a pair of VTEPs, the IPv4 VXLAN tunnel is a unidirectional tunnel to the VTEP not configured with the tunnel. In this situation, that VTEP drops the VXLAN packets received from the unidirectional VXLAN tunnel. For a VTEP to receive VXLAN packets from a unidirectional IPv4 VXLAN tunnel, enable default IPv4 VXLAN decapsulation on the interface whose IPv4 address is the tunnel destination address. The VTEP will decapsulate all the VXLAN packets destined for the IPv4 address of that interface.

This command takes effect only when the specified interface has an IPv4 address.

Default IPv4 VXLAN decapsulation does not take effect on bidirectional VXLAN tunnels. If you remove the one-way communication issue for an IPv4 VXLAN tunnel by configuring the tunnel on both the local and remote VTEPs, this feature no longer takes effect on that tunnel.

Examples

# Enable default IPv4 VXLAN decapsulation.

<Sysname> system-view

[Sysname] vxlan default-decapsulation source interface hundredgige 1/0/1

vxlan ipv6 default-decapsulation

Use vxlan ipv6 default-decapsulation to enable default IPv6 VXLAN decapsulation.

Use undo vxlan ipv6 default-decapsulation to disable default IPv6 VXLAN decapsulation.

Syntax

vxlan ipv6 default-decapsulation source interface interface-type interface-number

undo vxlan ipv6 default-decapsulation source interface

Default

Default IPv6 VXLAN decapsulation is disabled.

Views

System view

Predefined user roles

network-admin

Parameters

source interface interface-type interface-number: Specifies an interface by its type and number.

Usage guidelines

If an IPv6 VXLAN tunnel is configured on only one VTEP of a pair of VTEPs, the IPv6 VXLAN tunnel is a unidirectional tunnel to the VTEP not configured with the tunnel. In this situation, that VTEP drops the VXLAN packets received from the unidirectional VXLAN tunnel. For a VTEP to receive VXLAN packets from a unidirectional IPv6 VXLAN tunnel, enable default IPv6 VXLAN decapsulation on the interface whose IPv6 address is the tunnel destination address. The VTEP will decapsulate all the VXLAN packets destined for the IPv6 address of that interface.

This command takes effect only when the specified interface has an IPv6 address.

Default IPv6 VXLAN decapsulation does not take effect on bidirectional VXLAN tunnels. If you remove the one-way communication issue for an IPv6 VXLAN tunnel by configuring the tunnel on both the local and remote VTEPs, this feature no longer takes effect on that tunnel.

Examples

# Enable default IPv6 VXLAN decapsulation.

<Sysname> system-view

[Sysname] vxlan ipv6 default-decapsulation source interface hundredgige 1/0/1

vxlan local-mac report

Use vxlan local-mac report to enable local-MAC logging.

Use undo vxlan local-mac report to disable local-MAC logging.

Syntax

vxlan local-mac report

undo vxlan local-mac report

Default

Local-MAC logging is disabled.

Views

System view

Predefined user roles

network-admin

Usage guidelines

When the local-MAC logging feature is enabled, the VXLAN module immediately sends a log message with its local MAC addresses to the information center. When a local MAC address is added or removed, a log message is also sent to the information center to notify the local-MAC change.

With the information center, you can set log message filtering and output rules, including output destinations. For more information about configuring the information center, see System Management Configuration Guide.

Examples

# Enable local-MAC logging.

<Sysname> system-view

[Sysname] vxlan local-mac report

vxlan tunnel mac-learning disable

Use vxlan tunnel mac-learning disable to disable remote-MAC address learning.

Use undo vxlan tunnel mac-learning disable to enable remote-MAC address learning.

Syntax

vxlan tunnel mac-learning disable

undo vxlan tunnel mac-learning disable

Default

Remote-MAC address learning is enabled.

Views

System view

Predefined user roles

network-admin

Usage guidelines

When network attacks occur, use this command to prevent the device from learning incorrect remote MAC addresses in the data plane.

Examples

# Disable remote-MAC address learning.

<Sysname> system-view

[Sysname] vxlan tunnel mac-learning disable

vxlan udp-port

Use vxlan udp-port to set the destination UDP port number for VXLAN packets.

Use undo vxlan udp-port to restore the default.

Syntax

vxlan udp-port port-number

undo vxlan udp-port

Default

The destination UDP port number is 4789 for VXLAN packets.

Views

System view

Predefined user roles

network-admin

Parameters

port-number: Specifies a UDP port number in the range of 1 to 65535. As a best practice, specify a port number in the range of 1024 to 65535 to avoid conflict with well-known ports.

Usage guidelines

You must configure the same destination UDP port number on all VTEPs in a VXLAN.

Examples

# Set the destination UDP port number to 6666 for VXLAN packets.

<Sysname> system-view

[Sysname] vxlan udp-port 6666

vxlan vlan-based

Use vxlan vlan-based to enable VLAN-based VXLAN assignment.

Use undo vxlan vlan-based to disable VLAN-based VXLAN assignment.

Syntax

vxlan vlan-based

undo vxlan vlan-based

Default

VLAN-based VXLAN assignment is disabled.

Views

System view

Predefined user roles

network-admin

Usage guidelines

When you use Ethernet service instances as ACs, you can assign customer traffic to a VXLAN by using one of the following methods:

· Ethernet service instance-to-VSI mapping—This method uses the frame match criterion of an Ethernet service instance to match a list of VLANs on a site-facing Layer 2 interface. The VTEP assigns customer traffic to a VXLAN by mapping the Ethernet service instance to a VSI.

· VLAN-based VXLAN assignment—This method maps a VLAN to a VXLAN. When a VLAN is mapped to a VXLAN and VLAN-based VXLAN assignment is enabled, the device automatically performs the following operations:

a. Creates an Ethernet service instance that uses the VLAN ID as its instance ID on each interface in the VLAN. The matching outer VLAN ID of the Ethernet service instances is the VLAN ID.

b. Maps the Ethernet service instances to the VSI of the VXLAN.

Do not configure both Ethernet service instance-to-VSI mapping and VLAN-based VXLAN assignment.

Examples

# Enable VLAN-based VXLAN assignment.

<Sysname> system-view

[Sysname] vxlan vlan-based

vxlan vni

Use vxlan vni to map a VLAN to a VXLAN.

Use undo vxlan vni to remove the VXLAN mapping for a VLAN.

Syntax

vxlan vni vxlan-id

undo vxlan vni

Default

A VLAN is not mapped to a VXLAN.

Views

VLAN view

Predefined user roles

network-admin

Parameters

vxlan-id: Specifies a VXLAN ID. The value range for this argument is 1 to 16777215.

Usage guidelines

Before you map VLANs to VXLANs, enable VLAN-based VXLAN assignment by using the vxlan vlan-based command.

You cannot map VLAN 1 to any VXLAN.

Do not map a VLAN to the L3 VXLAN ID of EVPN.

If you map a VLAN to a nonexistent VXLAN, the configuration takes effect after the VXLAN is created.

Examples

# Map VLAN 10 to VXLAN 100.

<Sysname> system-view

[Sysname] vlan 10

[Sysname-vlan10] vxlan vni 100

Related commands

vxlan vlan-based

xconnect vsi

Use xconnect vsi to map an AC to a VSI.

Use undo xconnect vsi to restore the default.

Syntax

xconnect vsi vsi-name [ access-mode { ethernet | vlan } ]

undo xconnect vsi

Default

An AC is not mapped to any VSI.

Views

Ethernet service instance view

Interface view

Predefined user roles

network-admin

Parameters

vsi-name: Specifies the VSI name, a case-sensitive string of 1 to 31 characters.

access-mode: Specifies an access mode. The default access mode is VLAN.

ethernet: Specifies the Ethernet access mode. On the S9825 switch series, the ethernet keyword is supported only when the Ethernet service instance is configured to match untagged packets.

vlan: Specifies the VLAN access mode.

Usage guidelines

To monitor the status of an AC, associate it with track entries.

To configure this command for an Ethernet service instance, you must first use the encapsulation command to add a traffic match criterion to the service instance.

For traffic that matches the AC, the system uses the VSI's MAC address table to make a forwarding decision.

The access mode determines how a VTEP processes the 802.1Q VLAN tags in the inner Ethernet frames assigned to the VSI.

· VLAN access mode—Ethernet frames received from or sent to the local site must contain 802.1Q VLAN tags.

¡ For an Ethernet frame received from the local site, the VTEP removes all its 802.1Q VLAN tags before forwarding the frame.

¡ For an Ethernet frame destined for the local site, the VTEP adds 802.1Q VLAN tags to the frame before forwarding the frame.

In VLAN access mode, VXLAN packets sent between VXLAN sites do not contain 802.1Q VLAN tags. VXLAN can provide Layer 2 connectivity for different 802.1Q VLANs between sites. You can use different 802.1Q VLANs to provide the same service in different sites.

· Ethernet access mode—The VTEP does not process the 802.1Q VLAN tags of Ethernet frames received from or sent to the local site.

¡ For an Ethernet frame received from the local site, the VTEP forwards the frame with the 802.1Q VLAN tags intact.

¡ For an Ethernet frame destined for the local site, the VTEP forwards the frame without adding 802.1Q VLAN tags.

In Ethernet access mode, VXLAN packets sent between VXLAN sites contain 802.1Q VLAN tags. VXLAN cannot provide Layer 2 connectivity for different 802.1Q VLANs between sites. You must use the same 802.1Q VLAN to provide the same service between sites.

Examples

# On HundredGigE 1/0/1, configure Ethernet service instance 200 to match frames with an outer 802.1Q VLAN tag of 200, and map the instance to VSI vpn1.

<Sysname> system-view

[Sysname] vsi vpn1

[Sysname-vsi-vpn1] quit

[Sysname] interface hundredgige 1/0/1

[Sysname-HundredGigE1/0/1] service-instance 200

[Sysname-HundredGigE1/0/1-srv200] encapsulation s-vid 200

[Sysname-HundredGigE1/0/1-srv200] xconnect vsi vpn1

Related commands

display l2vpn interface

display l2vpn service-instance

encapsulation

vsi

10-VXLAN Command Reference

Basic VXLAN commands

arp suppression enable

display arp suppression vsi

display l2vpn m-lag mac-address

display l2vpn forwarding ac

flooding disable (VSI view)

mac-address static vsi

statistics enable (Ethernet service instance view)

vxlan

vxlan ipv6 default-decapsulation

vxlan local-mac report

Intelligent Terminal Products

Product Support Services

Technical Service Solutions

Resource Center

Policy

Online Help

Become a Partner

Partner Policy & Program

Global Learning

Partner Sales Resources

Service Business

News & Events

Contact Us