S3900 Command Manual PDF

HUAWEI
Quidway S3900 Series Ethernet Switches

Command Manual
Release 1510
Huawei Technologies Proprietary

Quidway S3900 Series Ethernet Switches
Command Manual
Manual Version T2-081950-20060626C-1.00
Product Version Release 1510
BOM 3119A050
Huawei Technologies Co., Ltd. provides customers with comprehensive technical support
and service. If you purchase the products from the sales agent of Huawei Technologies Co.,
Ltd., please contact our sales agent. If you purchase the products from Huawei
Technologies Co., Ltd. directly, Please feel free to contact our local office, customer care
center or company headquarters.
Huawei Technologies Co., Ltd.
Address: Administration Building, Huawei Technologies Co., Ltd.,
Bantian, Longgang District, Shenzhen, P. R. China
Postal Code: 518129
Website: http://www.huawei.com

Copyright © 2006 Huawei Technologies Co., Ltd.
All Rights Reserved
No part of this manual may be reproduced or transmitted in any form or by any

means without prior written consent of Huawei Technologies Co., Ltd.
Trademarks
, HUAWEI, C&C08, EAST8000, HONET, , ViewPoint, INtess, ETS, DMC,

TELLIN, InfoLink, Netkey, Quidway, SYNLOCK, Radium, M900/M1800,
TELESIGHT, Quidview, Musa, Airbridge, Tellwin, Inmedia, VRP, DOPRA,
iTELLIN, HUAWEI OptiX, C&C08 iNET, NETENGINE, OptiX, iSite, U-SYS, iMUSE,
OpenEye, Lansway, SmartAX, infoX, and TopEng are trademarks of Huawei
Technologies Co., Ltd.
All other trademarks and trade names mentioned in this manual are the property of
their respective holders.
Notice
The information in this manual is subject to change without notice. Every effort has
been made in the preparation of this manual to ensure accuracy of the contents,
but all statements, information, and recommendations in this manual do not
constitute the warranty of any kind, express or implied.

About This Manual
Release Notes
The product version that corresponds to the manual is VRP 3.10.
Related Manuals
The related manuals are listed in the following table.
Manual Content
Quidway S3900 Series Ethernet
It provides information for the system installation.
Switches Installation Manual
Quidway S3900 Series Ethernet It is used for assisting the users in data
Switches Operation Manual configurations and typical applications.
Organization
Quidway S3900 Series Ethernet Switches Command Manual consists of the

following parts:
z 1 CLI
Introduces the commands used for switching between the command levels and
command level setting.
z 2 Login
Introduces the commands used for logging into the Ethernet switch.
z 3 Configuration File Management
Introduces the commands used for configuration file management.
z 4 VLAN
Introduces the commands used for configuring VLAN.
z 5 IP Address and Performance Configuration
Introduces the commands used for IP address configuration and IP performance
configuration.
z 6 Management VLAN

Introduces the commands used for configuring the management VLAN and
DHCP/BOOTP client configuration.
z 7 Voice VLAN
Introduces the commands used for voice VLAN configuration.
z 8 GVRP
Introduces the commands used for GVRP configuration.
z 9 Port Basic Configuration
Introduces the commands used for basic port configuration.
z 10 Link Aggregation
Introduces the commands used for link aggregation.
z 11 Port Isolation
Introduces the commands used for port isolation.
z 12 Port Security&Port Binding
Introduces the commands used for port security configuration and port binding.
z 13 DLDP
Introduces the commands used for DLDP configuration.
z 14 MAC Address Table
Introduces the commands used for MAC address forwarding table management.
z 15 Auto Detect
Introduces the commands used for auto detect configuration.
z 16 MSTP
Introduces the STP-related commands.
z 17 Routing Protocol
Introduces the commands used for routing protocol configuration.
z 18 Multicast
Introduces the commands used for multicast configuration.
z 19 802.1x
Introduces the commands used for 802.1x configuration.
z 20 AAA&RADIUS&HWTACACS&EAD
Introduces the commands used for AAA, RADIUS, HWTACACS, and EAD
configuration.
z 21 VRRP
Introduces the commands used for VRRP configuration.
z 22 Centralized MAC Address Authentication

Introduces the commands used for centralized MAC address authentication
configuration.
z 23 ARP
Introduces the ARP-related commands.
z 24 DHCP
Introduces the commands used for DHCP server, DHCP relay, and
DHCP-snooping configuration.
z 25 ACL
Introduces the ACL-related commands.
z 26 QoS&QoS Profile
Introduces the commands used for QoS and QoS profile configuration.
z 27 Web Cache Redirection
Introduces the commands used for Web cache redirection configuration.
z 28 Mirroring
Introduces the commands used for port mirroring.
z 29 IRF Fabric
Introduces the commands used for IRF fabric configuration.
z 30 Cluster
Introduces the commands used for cluster management.
z 31 PoE&PoE Profile
Introduces the commands used for PoE and PoE profile configuration.
z 32 UDP Helper
Introduces the commands used for UDP Helper configuration.
z 33 SNMP&RMON
Introduces the commands used for SNMP and RMON configuration.
z 34 NTP
Introduces the NTP-related commands.
z 35 SSH Terminal Service
Introduces the commands used for SSH configuration.
z 36 File System Management
Introduces the commands used for file system management.
z 37 FTP and TFTP
Introduces the FTP-/TFTP-related commands.
z 38 Information Center

Introduces the commands used for information center configuration.
z 39 System Maintenance and Debugging
Introduces the commands used for system maintenance and debugging.
z 40 VLAN VPN
Introduces the commands used for VLAN VPN configuration.
z 41 HWPing
Introduces the commands used for HWPing configuration.
z 42 DNS
Introduces the commands used for DNS configuration.
z 43 Appendix A Command Index
Lists all the commands described in this command manual in an alphabetic order.
The parts and pages where the commands are described are also given.
Intended Audience
The manual is intended for the following readers:

z Network engineers
z Network administrators
z Customers who are familiar with network fundamentals
Conventions
The manual uses the following conventions:
I. General conventions
Convention Description
Arial Normal paragraphs are in Arial.
Boldface Headings are in Boldface.

Courier New Terminal Display is in Courier New.
II. Command conventions
Boldface The keywords of a command line are in Boldface.
italic Command arguments are in italic.

[] Items (keywords or arguments) in square brackets [ ] are

optional.
Alternative items are grouped in braces and separated by
{ x | y | ... }
vertical bars. One is selected.
Optional alternative items are grouped in square brackets
[ x | y | ... ]
and separated by vertical bars. One or none is selected.
Alternative items are grouped in braces and separated by
{ x | y | ... } * vertical bars. A minimum of one or a maximum of all can be
selected.
Optional alternative items are grouped in square brackets
[ x | y | ... ] * and separated by vertical bars. Many or none can be
selected.
# A line starting with the # sign is comments.
III. GUI conventions
Button names and menu items are in Boldface. For
Boldface
example, click OK.
Multi-level menus are in bold and separated by forward
/
slashes. For example, select the File/Create/Folder menu.
IV. Keyboard operation
Format Description
Press the key with the key name inside angle brackets. For
<Key>
example, <Enter>, <Tab>, <Backspace>, or <A>.
Press the keys concurrently. For example, <Ctrl+Alt+A>
<Key1+Key2>
means the three keys should be pressed concurrently.
Press the keys in turn. For example, <Alt, A> means the
<Key1, Key2>
two keys should be pressed in turn.

V. Mouse operation
Action Description
Press and hold the primary mouse button (left mouse
Select
button by default).
Select and release the primary mouse button without
Click
moving the pointer.
Press the primary mouse button twice continuously and
Double-Click
quickly without moving the pointer.
Press and hold the primary mouse button and move the
Drag
pointer to a certain position.
VI. Symbols
Eye-catching symbols are also used in the manual to highlight the points worthy of
special attention during the operation. They are defined as follows:
Caution, Warning, Danger: Means reader be extremely careful during the

operation.
Note, Comment, Tip, Knowhow, Thought: Means a complementary

description.

Command Manual - CLI
Quidway S3900 Series Ethernet Switches-Release 1510 Table of Contents
Table of Contents
Chapter 1 CLI Configuration Commands.................................................................................... 1-1

1.1 CLI Configuration Commands ........................................................................................... 1-1
1.1.1 command-privilege level ......................................................................................... 1-1
1.1.2 display history-command ........................................................................................ 1-2
1.1.3 super ....................................................................................................................... 1-2
1.1.4 super password ....................................................................................................... 1-3
i
Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 CLI Configuration Commands
Chapter 1 CLI Configuration Commands
1.1 CLI Configuration Commands

1.1.1 command-privilege level
Syntax
command-privilege level level view view command

undo command-privilege view view command
View
System view
Parameter
level: Command Level. This argument ranges from 0 to 3.

view: Command view. This argument can be any command view the switch supports.
command: Command to be specified.
Description
Use the command-privilege level command to set the level of the specified
command in a specified view.
Use the undo command-privilege view command to restore the level of the specified
command in the specified view to the default.
Commands fall into four command levels: visit, monitor, system, and manage, which
are identified as 0, 1, 2, and 3 respectively. The administrator can change the level of a
command to enable users of specific level to utilize the command.
By default, the ping, tracert, and telnet commands are at the visit level (level 0); the
display and debugging commands are at the monitor level (level 1); all configuration
commands are at the system level (level 2); and FTP/TFTP/XModem and file system
related commands are at the manage level (level 3).
Example
# Specify the interface command in system view to be of level 0.

<Quidway> system-view
System View: return to User View with Ctrl+Z.
[Quidway] command-privilege level 0 view system interface
1-1
1.1.2 display history-command
Syntax
display history-command
View
Any view
Parameter
None
Description
Use the display history-command command to display history commands. All the
history commands are saved in the history command cache. When the history
command cache is full, the old information in it will be overlaid.
Related command: history-command max-size.
Example
# Display history commands.

<Quidway> display history-command
system-view
quit
display history-command
1.1.3 super
Syntax
super [ level ]
View
User view
Parameter
level: User level. This argument ranges from 0 to 3 and defaults to 3. If you execute
this command with the level argument not provided, this command switches the
current user level to level 3.
Description
Use the super command to switch the current user level to the one identified by the
level argument. If a password is previously set by using the super password [ level
level ] { simple | cipher } password command, you need to provide the password as
1-2
well to switch to the higher user level. You will remain in the original user level if you
fail to provide the correct password.
Note that:
z Users logging into a switch also fall into four levels, each of which corresponding
to one of the command levels. Users at a specific level can only use the
commands at the same level and the commands at the lower levels.
z You can specify an AUX user to provide a password when he switches from a
lower user level to a higher user level and specify the password by using the
super password [ level level ] { simple | cipher } password command. With a
password configured, an AUX user remains in the original user level if the
password provided is incorrect when the AUX user attempts to switch to a higher
user level. If the password is not configured, an AUX user can switch to a higher
user level directly.
z A password is necessary for a VTY user to switch to a higher user level. You can
use the super password [ level level ] { simple | cipher } password command to
set the password. With the password not configured, a VTY user is prompted the
message reading “Password is not set” and remains in the previous level.
z An AUX user or a VTY user can switch to a lower user level directly regardless of
the password.
Related command: super password.
Example
# Switch to user level 3.

<Quidway> super 3
Password:
1.1.4 super password
Syntax
super password [ level level ] { simple | cipher } password

undo super password [ level level ]
View
System view
Parameter
level: User level. This argument ranges from 1 to 3 and defaults to 3. If you execute
this command with the level argument not provided, this command sets the password
to switch to level 3.
simple: Specifies to provide the password in plain text.
cipher: Specifies to provide the password in encrypted text.
1-3
password: Password to be set. If you specify the simple keyword, provide this
argument in plain text. If you specify the cipher keyword, you can provide this
argument in either encrypted text or plain text. In this case, a password containing no
more than 16 characters (such as 123) is regarded to be in plain text and is converted
to the corresponding 24-character encrypted form ( such
as !TP<\*EMUHL,408`W7TH!Q!!) automatically. You can also provide a 24-character
encrypted password directly if you are aware of the actual password.
Description
Use the super password command to set the password for users to switch to a higher
user level. To prevent unauthorized accesses, you can use this command to require
users to provide the password when they switch to a higher user level. For security
purpose, the password a user enters when switching to a higher user level is not
displayed. A user will remain at the original user level if the user has tried three times
to enter the correct password but fails to do this.
Use the undo super password command to cancel the configuration.
Note that no matter what form of the password (plain text or encrypted text) is in, the
password entered for verification must be in plain text.
Example
# Set the password to switch from the current user level to user level 3 to “zbr”.
[Quidway] super password level 3 simple zbr
1-4
Command Manual – Login
Table of Contents
Chapter 1 Login Commands ........................................................................................................ 1-1

1.1 Login Commands............................................................................................................... 1-1
1.1.1 authentication-mode................................................................................................ 1-1
1.1.2 auto-execute command........................................................................................... 1-2
1.1.3 databits.................................................................................................................... 1-3
1.1.4 display telnet-server source-ip ................................................................................ 1-4
1.1.5 display telnet source-ip ........................................................................................... 1-4
1.1.6 display user-interface .............................................................................................. 1-5
1.1.7 display users ........................................................................................................... 1-6
1.1.8 free user-interface ................................................................................................... 1-8
1.1.9 header ..................................................................................................................... 1-8
1.1.10 history-command max-size ................................................................................. 1-11
1.1.11 idle-timeout.......................................................................................................... 1-11
1.1.12 ip http shutdown .................................................................................................. 1-12
1.1.13 lock ...................................................................................................................... 1-13
1.1.14 parity.................................................................................................................... 1-14
1.1.15 protocol inbound.................................................................................................. 1-15
1.1.16 screen-length....................................................................................................... 1-16
1.1.17 send..................................................................................................................... 1-16
1.1.18 service-type ......................................................................................................... 1-17
1.1.19 set authentication password................................................................................ 1-19
1.1.20 shell ..................................................................................................................... 1-20
1.1.21 speed................................................................................................................... 1-20
1.1.22 stopbits ................................................................................................................ 1-21
1.1.23 sysname .............................................................................................................. 1-22
1.1.24 telnet.................................................................................................................... 1-23
1.1.25 telnet-server source-interface ............................................................................. 1-23
1.1.26 telnet-server source-ip ........................................................................................ 1-24
1.1.27 telnet source-interface......................................................................................... 1-25
1.1.28 telnet source-ip.................................................................................................... 1-25
1.1.29 user-interface ...................................................................................................... 1-26
1.1.30 user privilege level .............................................................................................. 1-27
Chapter 2 Commands for User Control....................................................................................... 2-1

2.1 Commands for Controlling Logging in Users..................................................................... 2-1
2.1.1 acl............................................................................................................................ 2-1
2.1.2 free web-users......................................................................................................... 2-1
2.1.3 ip http acl ................................................................................................................. 2-2
i
2.1.4 snmp-agent community........................................................................................... 2-3

2.1.5 snmp-agent group ................................................................................................... 2-3
ii
Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 Login Commands
Chapter 1 Login Commands
1.1 Login Commands

1.1.1 authentication-mode
Syntax
authentication-mode { password | scheme [ command-authorization ] | none }
View
User interface view
Parameter
password: Authenticates users using the local password.

scheme: Authenticates users locally or remotely using usernames and passwords.
command-authorization: Performs command authorization on TACACS
authentication server.
none: Does not authenticate users.
Description
Use the authentication-mode command to specify the authentication mode.

z If you specify the password keyword to authenticate users using the local
password, remember to set the local password using the set authentication
password { cipher | simple } password command.
z If you specify the scheme keyword to authenticate users locally or remotely using
usernames and passwords, the actual authentication mode, that is, local or
remote, depends on other related configuration.
z If this command is executed with the command-authorization keywords
specified, authorization is performed on the TACACS server whenever you
attempt to execute a command, and the command can be executed only when you
pass the authorization. Normally, a TACACS server contains a list of the
commands available to different users.
If you specify to perform local authentication when a user logs in through the Console
port, a user can log into the switch with the password not configured. But for a VTY user
interface, a password is needed for a user to log into the switch through it under the
same circumstance.
By default, users logging in through the Console port are not authenticated, whereas
modem users and Telnet users are authenticated.
1-1
Note:
To improve security and avoid malicious attack to the unused SOCKETs, TCP 23 and
TCP 22 ports for Telnet and SSH services respectively will be enabled or disabled after
corresponding configurations.
z If the authentication mode is none, TCP 23 will be enabled, and TCP 22 will be
disabled.
z If the authentication mode is password, and the corresponding password has been
set, TCP 23 will be enabled, and TCP 22 will be disabled.
z If the authentication mode is scheme, there are three scenarios: when the
supported protocol is specified as telnet, TCP 23 will be enabled; when the
supported protocol is specified as ssh, TCP 22 will be enabled; when the supported
protocol is specified as all, both the TCP 23 and TCP 22 port will be enabled.
Example
# Configure to authenticate users using the local password on the AUX interface.
[Quidway] user-interface aux 0
[Quidway-ui-aux0] authentication-mode password
1.1.2 auto-execute command
Syntax
auto-execute command text

undo auto-execute command
View
User interface view
Parameter
text: Command to be executed automatically.
Description
Use the auto-execute command command to set the command that is executed
automatically after a user logs in.
Use the undo auto-execute command command to disable the specified command
from being automatically executed.
Normally, the telnet command is specified to be executed automatically to enable the
user to Telnet to a specific network device automatically.
1-2
By default, no command is automatically executed.
Caution:
z The auto-execute command command may cause you unable to perform common
configuration in the user interface, so use it with caution.
z Before executing the auto-execute command command and save your
configuration, make sure you can log into the switch in other modes and cancel the
configuration.
Example
# Configure the telnet 10.110.100.1 command to be executed automatically after users

log into VTY 0.
[Quidway] user-interface vty 0
[Quidway-ui-vty0] auto-execute command telnet 10.110.100.1
% This action will lead to configuration failure through ui-vty0. Are you sure?[
Y/N]y
1.1.3 databits
Syntax
databits { 7 | 8 }
undo databits
View
User interface view
Parameter
7: Sets the data bits to 7.

8: Sets the data bits to 8.
Description
Use the databits command to set the databits for the user interface.
Use the undo databits command to revert to the default data bits.
Execute these two commands in AUX user interface view only.
The default data bits is 8.
1-3
Example
# Set the data bits to 7.

[Quidway-ui-aux0] databits 7
1.1.4 display telnet-server source-ip
Syntax
display telnet-server source-ip
View
Any view
Parameter
None
Description
Use the display telnet-server source-ip command to display the source IP address
configured for the switch operating as the Telnet server. If the source interface is also
configured for the switch, this command displays the IP address of the source interface.
If no source IP address is specified, 0.0.0.0 is displayed.
Example
# Display the source IP address configured for the switch operating as the Telnet
server.
<Quidway> display telnet-server source-ip
The source IP you specified is 192.168.1.1
1.1.5 display telnet source-ip
Syntax
display telnet source-ip
View
Any view
Parameter
None
1-4
Description
Use the display telnet source-ip command to display the source IP address
configured for the switch operating as the Telnet client. If the source interface is also
configured for the switch, this command displays the IP address of the source interface.
If no source address is configured, 0.0.0.0 is displayed.
Example
# Display the source IP address configured for the switch operating as the Telnet client.
<Quidway> display telnet source-ip
1.1.6 display user-interface
Syntax
display user-interface [ type number | number ] [ summary ]
View
Any view
Parameter
type: User interface type.

number: User interface number.
summary: Displays the summary information about a user interface.
Description
Use the display user-interface command to display the information about a specified
user interface or all user interfaces. If the summary keyword is not specified, this
command displays user interface type, absolute/relative user interface number,
transmission speed, available command level, authentication mode, and physical
position. If the summary keyword is specified, this command displays the number and
type of the user interfaces, including those that are in use and those that are not in use.
Example
# Display the information about user interface 0.

<Quidway> display user-interface 0
Idx Type Tx/Rx Modem Privi Auth Int
F 0 AUX 0 9600 - 3 N -
+ : Current user-interface is active.

F : Current user-interface is active and work in async mode.
Idx : Absolute index of user-interface.
1-5
Type : Type and relative index of user-interface.

Privi: The privilege of user-interface.
Auth : The authentication mode of user-interface.
Int : The physical location of UIs.
A : Authenticate use AAA.
N : Current UI need not authentication.
P : Authenticate use current UI's password.
Table 1-1 Descriptions on the fields of the display user-interface command
Filed Description
+ The user interface is in use.
F The user interface operates in asynchronous mode.

Idx The absolute index of the user interface
Type User interface type and the relative index
Tx/Rx Transmission speed of the user interface

Modem Indicates whether or not a modem is used.
Privi Available command level
Auth Authentication mode

Int Physical position of the user interface
A The current user is authenticated by AAA.
N Users are not authenticated.

P Users need to provide passwords to pass the authentication.
# Display the summary information about the user interface.

<Quidway>display user-interface summary
User interface type : [AUX]
0:UXXX XXXX
User interface type : [VTY]
8:UUUU X
5 character mode users. (U)

8 UI never used. (X)
5 total UI in use
1.1.7 display users
Syntax
display users [ all ]
1-6
View
Any view
Parameter
all: Displays the information about all user interfaces.
Description
Use the display users command to display the information about user interfaces. If
you do not specify the all keyword, only the information about the current user interface
is displayed.
Example
# Display the information about the current user interface.

<Quidway> display users
UI Delay Type Ipaddress Username Userlevel
F 0 AUX 0 00:00:00 3
1 VTY 0 00:06:08 TEL 192.168.0.3
+ : Current operation user.

F : Current operation user work in async mode.F 0 AUX 0 00:00:00
Table 1-2 Descriptions on the fields of the display users command
Field Description
The information is about the current user interface, and the
F
current user interface operates in asynchronous mode.
The numbers in the left sub-column are the absolute user
UI interface indexes, and those in the right sub-column are the
relative user interface indexes.
Delay The period (in seconds) the user interface idles for.
Type User type
IPaddress The IP address form which the user logs in.

Username The login name of the user that logs into the user interface.
The level of the commands available to the users logging into
Userlevel
the user interface
+ The user interface is in use.
1-7
1.1.8 free user-interface
Syntax
free user-interface [ type ] number
View
User view
Parameter

number: Index of the user interface. This argument can be an absolute user interface
index (if you do not provide the type argument) or a relative user interface index (if you
provide the type argument).
Description
Use the free user-interface command to release a specified user interface. If you
execute this command, the corresponding user interface will be disconnected.
Note that the current user interface cannot be released.
Example
# Release user interface VTY 0.

<Quidway> free user-interface vty 0
Are you sure you want to free user-interface vty0 [Y/N]? y
[OK]
After you execute this command, user interface VTY 0 will be disconnected. The user in
it must log in again to connect to the switch.
1.1.9 header
Syntax
header [ incoming | login | shell ] text

undo header [ incoming | login | shell ]
View
System view
Parameter
Incoming: Sets the login banner for users that log in through modems. If you specify to
authenticate login users, the banner appears after a user passes the authentication.
(The session does not appear in this case.)
1-8
login: Sets the login banner. The banner set by this keyword is valid only when users
are authenticated before they log into the switch and appears while the switch prompts
for user name and password.
shell: Sets the session banner, which appears after a session is established. If you
specify to authenticate login users, the banner appears after a user passes the
authentication.
text: Banner to be displayed. If no keyword is specified, this argument is the login
banner. You can provide this argument in two ways. One is to enter the banner in the
same line as the command (A command line can accept up to 254 characters.) The
other is to enter the banner in multiple lines (you can start a new line by pressing
<Enter>,) where you can enter a banner that can contain up to 2000 characters
(including the invisible characters). Note that the first character is the beginning
character and the end character of the banner. After entering the end character, you
can press <Enter> to exit the interaction.
Description
Use the header command to set the banners that are displayed when a user logs into a
switch. The login banner is displayed on the terminal when the connection is
established. And the session banner is displayed on the terminal if a user successfully
logs in.
Use the undo header command to disable displaying a specific banner or all banners.
Note that if you specify any one of the three keywords without providing the text
argument, the specified keyword will be regarded as the login information.
You can specify the banner in the following three ways, each of which requires that the
first character and the last character of the banner be the same.
z Enter the banner in multiple lines. If you only type one character in the first line of a
banner, the character and the last character do not act as part of the banner. The
following gives an example of this way.
[Quidway] header shell 0
Input banner text, and quit with the character '0'.
Welcome!0
When you log in the next time, “Welcome!” is displayed as the banner. The beginning
character and the end character (character 0) do not appear.
z Enter the banner in multiple lines. If you type multiple characters in the first line of
a banner and the beginning and the end characters of the banner in this line are
not the same, the beginning character is part of the banner. The following is an
example.
[Quidway] header shell hello
Input banner text, and quit with the character 'h'.
my friend !
1-9
When you log in the next time, “hello” and “my friend !“ is displayed respectively in two
lines as the banner. The beginning character “h” appears in the banner.
z Enter the banner in a single line. You can also specify the banner in a single line. In
this case, the banner does contain the beginning and the end character. The
following is an example.
[Quidway] header shell 0welcome,my friend!0
When you log in the next time, “welcome, my friend!” is displayed as the banner.
Example
# Set the session banner.

Option 1: Enter the banner in the same line as the command.
[Quidway] header shell %SHELL: Hello! Welcome%
(Make sure the beginning and end characters of the banner are the same.)
When you log in the next time, the session banner appears on the terminal as the
following:
[Quidway] quit
<Quidway> quit
Please press ENTER
SHELL: Hello! Welcome
(The beginning and end characters of the banner are not displayed.)
<Quidway>
Option 2: Enter the banner in multiple lines.

[Quidway] header shell %SHELL:
(Following appears after you press <Enter>:)

Input banner text, and quit with the character '%'.
Continue entering the banner and end the banner with the character identical with the
beginning character of the banner.
Hello! Welcome %
(Press <Enter>.)
[Quidway]
When you log in the next time, the session banner appears on the terminal as the
following:
1-10
[Quidway] quit
<Quidway> quit
Please press ENTER
%SHELL:
(Note that the beginning character of the banner appears.)

Hello! Welcome
<Quidway>
1.1.10 history-command max-size
Syntax
history-command max-size value

undo history-command max-size
View
User interface view
Parameter
value: Size of the history command buffer. This argument ranges from 0 to 256 and
defaults to 10. That is, the history command buffer can store 10 commands by default.
Description
Use the history-command max-size command to set the size of the history command
buffer.
Use the undo history-command max-size command to revert to the default history
command buffer size.
Example
# Set the size of the history command buffer of AUX 0 to 20 to enable it to store up to 20
commands.
[Quidway-ui-aux0] history-command max-size 20
1.1.11 idle-timeout
Syntax
idle-timeout minutes [ seconds ]

undo idle-timeout
1-11
View
User interface view
Parameter
minutes: Number of minutes. This argument ranges from 0 to 35,791.

seconds: Number of seconds. This argument ranges from 0 to 59.
Description
Use the idle-timeout command to set the timeout time. The connection to a user
interface is terminated if no operation is performed in the user interface within the
timeout time.
Use the undo idle-timeout command to revert to the default timeout time.
You can use the idle-timeout 0 command to disable the timeout function.
The default timeout time is 10 minutes.
Example
# Set the timeout time of AUX 0 to 1 minute.

[Quidway-ui-aux0] idle-timeout 1 0
1.1.12 ip http shutdown
Syntax
ip http shutdown
undo ip http shutdown
View
System view
Parameter
None
Description
Use the ip http shutdown command to shut down the Web server.
Use the undo ip http shutdown command to launch the Web server.
By default, the Web server is launched.
1-12
Note:
To improve security and avoid malicious attack to the unused SOCKETs, TCP 80 port
for HTTP service will be enabled or disabled after corresponding configurations.
If you use the undo ip http shutdown command to enable the Web Server, TCP 80
will be enabled; if you use the ip http shutdown command to disabled the Web Server,
TCP 80 will be disabled.
Caution:
After the Web file is upgraded, you need to reboot and then specify the new Web file in
the Boot menu. Otherwise, you cannot use the Web Server normally.
Example
# Shut down the Web server.

[Quidway] ip http shutdown
%Apr 4 01:30:12:080 2000 Quidway HTTPD/5/Log:- 1 -Stopped HTTP server.
# Launch the Web server.

[Quidway] undo ip http shutdown
%Apr 4 01:33:16:212 2000 Quidway HTTPD/5/Log:- 1 -Starting HTTP server.
1.1.13 lock
Syntax
lock
View
User view
Parameter
None
Description
Use the lock command to lock the current user interface to prevent unauthorized
operations in the user interface.
1-13
After the command is executed, you are prompted to enter a password of 1 to 16

characters and make a confirmation. Then the current user interface is locked.
Enter the right password and press <Enter>, and then the user interface is unlocked. If
you have set a password longer than 16 characters, the system only matches the first
16 characters during unlocking. That is, once the first 16 characters are correct, the
user interface will be unlocked.
Example
# Lock the current user interface.

<Quidway> lock
Password:
Again:
locked !
1.1.14 parity
Syntax
parity { even | none | odd | }

undo parity
View
User interface view
Parameter
even: Performs even checks.

none: Does not check.
odd: Performs odd checks.
Description
Use the parity command to set the check mode of the user interface.
Use the undo parity command to revert to the default check mode.
Use these two commands in AUX user interface view only.
No check is performed by default.
Example
# Set to perform even checks.

[Quidway-ui-aux0] parity even
1-14
1.1.15 protocol inbound
Syntax
protocol inbound { all | ssh | telnet }
View
User interface view
Parameter
all: Supports both Telnet protocol and SSH protocol.

ssh: Supports SSH protocol.
telnet: Supports Telnet protocol.
Description
Use the protocol inbound command to specify the protocols supported by the user
interface.
Both Telnet protocol and SSH protocol are supported by default.
Related command: user-interface vty.
Note:
To improve security and avoid malicious attack to the unused SOCKETs, TCP 23 and
TCP 22 ports for Telnet and SSH services respectively will be enabled or disabled after
corresponding configurations.
z If the authentication mode is none, TCP 23 will be enabled, and TCP 22 will be
disabled.
z If the authentication mode is password, and the corresponding password has been
set, TCP 23 will be enabled, and TCP 22 will be disabled.
z If the authentication mode is scheme, there are three scenarios: when the
supported protocol is specified as telnet, TCP 23 will be enabled; when the
supported protocol is specified as ssh, TCP 22 will be enabled; when the supported
protocol is specified as all, both the TCP 23 and TCP 22 port will be enabled.
Example
# Configure that only SSH protocol is supported in VTY 0.

[Quidway-ui-vty0] protocol inbound ssh
1-15
1.1.16 screen-length
Syntax
screen-length screen-length
undo screen-length
View
User interface view
Parameter
screen-length: Number of lines the screen can contain. This argument ranges from 0 to
512 and defaults to 24.
Description
Use the screen-length command to set the number of lines the terminal screen can
contain.
Use the undo screen-length command to revert to the default number of lines.
By default, the terminal screen can contain up to 24 lines.
You can use the screen-length 0 command to disable the function to display
information in pages.
Example
# Set the number of lines the terminal screen can contain to 20.
[Quidway] user-interface aux0
[Quidway-ui-aux0] screen-length 20
1.1.17 send
Syntax
send { all | number | type number }
View
User view
Parameter
all: Sends messages to all user interfaces.

number: Absolute or relative index of the user interface.
1-16
Description
Use the send command to send messages to a specified user interface or all user
interfaces.
Example
# Send “hello” to all user interfaces.

<Quidway> send all
Enter message, end with CTRL+Z or Enter; abort with CTRL+C:
hello^Z
Send message? [Y/N]y
1.1.18 service-type
Syntax
service-type { ftp | lan-access | { ssh | telnet | terminal }* [ level level ] }

undo service-type { ftp | lan-access | { ssh | telnet | terminal }* }
View
Local user view
Parameter
ftp: Specifies the users to be of FTP type.

lan-access: Specifies the users to be of LAN-access type, which normally means
Ethernet users, such as 802.1x users.
ssh: Specifies the users to be of SSH type.
telnet: Specifies the users to be of Telnet type.
terminal: Makes terminal services available to users logging in through the Console
port.
level level: Specifies the user level for Telnet users, Terminal users, or SSH users. The
level argument ranges from 0 to 3 and defaults to 0.
Description
Use the service-type command to specify the login type and the corresponding
available command level.
Use the undo service-type command to cancel login type configuration.
Commands fall into four command levels: access, monitor, system, and administration,
which are described as follows:
z Access level: Commands of this level are used to diagnose network and change
the language mode of user interface, such as the ping, tracert, and
1-17
language-mode command. The Telnet command is also of this level. Commands

of this level cannot be saved in configuration files.
z Monitor level: Commands of this level are used to maintain the system, to debug
service problems, and so on. The display and debugging command are of
monitor level. Commands of this level cannot be saved in configuration files.
z System level: Commands of this level are used to configure services. Commands
concerning routing and network layers are of system level. You can utilize network
services by using these commands.
z Administration level: Commands of this level are for the operation of the entire
system and the system supporting modules. Services are supported by these
commands. Commands concerning file system, file transfer protocol (FTP), trivial
file transfer protocol (TFTP), downloading using XModem, user management, and
level setting are of administration level.
Example
# Configure commands of level 0 are available to the users logging in using the user
name of “zbr”.
[Quidway] local-user zbr
[Quidway-luser-zbr] service-type telnet level 0
# To verify the above configuration, you can quit the system, log in again using the user
name of “zbr”, and then list the available commands, as listed in the following.
[Quidway] quit
<Quidway> ?
User view commands:
cluster Run cluster command
language-mode Specify the language environment
nslookup Query Internet name servers
ping Ping function
quit Exit from current command view
super Set the current user priority level
telnet Establish one Telnet connection
tracert Trace route function
undo Cancel current setting
1-18
1.1.19 set authentication password
Syntax
set authentication password { cipher | simple } password

undo set authentication password
View
User interface view
Parameter
cipher: Specifies to display the local password in encrypted text when you display the
current configuration.
simple: Specifies to display the local password in plain text when you display the
current configuration.
password: Password. The password must be in plain text if you specify the simple
keyword in the set authentication password command. If you specify the cipher
keyword, the password can be in either encrypted text or plain text. When you enter the
password in plain text containing up to 16 characters (such as 123), the system
converts the password to the corresponding 24-character encrypted password (such
as !TP<\*EMUHL,408`W7TH!Q!!). Make sure you are aware of the corresponding plain
password if you enter the password in ciphered text (such
as !TP<\*EMUHL,408`W7TH!Q!!).
Description
Use the set authentication password command to set the local password.
Use the undo set authentication password command to remove the local password.
Note that only plain text passwords are expected when users are authenticated.
Note:
By default, modem users and Telnet users need to provide their passwords to log in. If
no password is set, the “Login password has not been set !” message appears on the
terminal when users log in.
Example
# Set the local password of VTY 0 to “123”.

1-19

[Quidway-ui-vty0] set authentication password simple 123
1.1.20 shell
Syntax
shell
undo shell
View
User interface view
Parameter
None
Description
Use the shell command to make terminal services available for the user interface.
Use the undo shell command to make terminal services unavailable to the user
interface.
By default, terminal services are available in all user interfaces.
Note the following when using the undo shell command:
z This command is available in all user interfaces except the AUX (Console) user
interface.
z This command is unavailable in the current user interface.
z This command prompts for confirmation when being executed in any valid user
interface.
Example
# Log into user interface 0 and make terminal services unavailable in VTY 0 through
VTY 4.
[Quidway] user-interface vty 0 4
[Quidway-ui-vty0-4] undo shell
1.1.21 speed
Syntax
speed speed-value
undo speed
1-20
View
User interface view
Parameter
speed-value: Transmission speed (in bps). This argument can be 300, 600, 1200, 2400,
4800, 9600, 19,200, 38,400, 57,600, and 115,200 and defaults to 9,600.
Description
Use the speed command to set the transmission speed of the user interface.
Use the undo speed command to revert to the default transmission speed.
Use these two commands in the AUX user interface view only.
Example
# Set the transmission speed of the AUX user interface to 115,200 bps.
[Quidway-ui-aux0] speed 115200
1.1.22 stopbits
Syntax
stopbits { 1 | 1.5 | 2 }
undo stopbits
View
User interface view
Parameter
1: Sets the stop bits to 1.

1.5: Sets the stop bits to 1.5.
2: Sets the stop bits to 2.
Description
Use the stopbits command to set the stop bits of the user interface.
Use the undo stopbits command to revert to the default stop bits.
Use these two commands in the AUX user interface only.
By default, the stop bits is 1.
1-21
Note:
Changing the value of the stop bits does not affect the communications.
Example
# Set the stop bits to 2.

[Quidway-ui-aux0] stopbits 2
1.1.23 sysname
Syntax
sysname string
undo sysname
View
System view
Parameter
string: Domain name of the switch. This argument can contain 1 to 30 characters and
defaults to “Quidway”.
Description
Use the sysname command to set a domain name for the switch.
Use the undo sysname command to revert to the default domain name.
The CLI prompt reflects the domain name of a switch. For example, if the domain name
of a switch is “Quidway”, then the prompt of user view is <Quidway>.
Example
# Set the domain name of the switch to “ABC”.

[Quidway] sysname ABC
[ABC]
1-22
1.1.24 telnet
Syntax
telnet { hostname | ip-address } [ service-port ]
View
User view
Parameter
hostname: Host name of the remote switch. You can use the ip host command to
assign a host name to a switch.
ip-address: IP address of the remote switch.
service-port: TCP port number of the port that provides Telnet service on the switch.
This argument ranges from 0 to 65,535.
Description
Use the telnet command to Telnet to another switch from the current switch to manage
the former remotely. You can terminate a Telnet connection by pressing <Ctrl + K> or by
executing the quit command.
The default TCP port number is 23.
Related command: display tcp status, and ip host.
Example
# Telnet to the switch with the host name of Quidway2 and IP address of 129.102.0.1
from the current switch (with the host name of Quidway1).
<Quidway1> telnet 129.102.0.1
Trying 129.102.0.1 ...
Press CTRL+K to abort
Connected to 129.102.0.1 ...
<Quidway2>
1.1.25 telnet-server source-interface
Syntax
telnet-server source-interface interface-type interface-number

undo telnet-server source-interface
View
System view
1-23
Parameter
interface-type: Type of the interface to be specified as the source interface.

interface-number: Number of the interface to be specified as the source interface.
Description
Use the telnet-server source-interface interface command to specify the source

interface for a Telnet server. If the interface specified does not existent, your
configuration fails.
Use the undo telnet-server source-interface command to clear the source interface
configuration. After that, you can access the Telnet server from Telnet client using the
IP address determined by the system.
Example
# Specify VLAN-interface 2 as the source interface for the Telnet server.

[Quidway] telnet-server source-interface Vlan-interface 2
1.1.26 telnet-server source-ip
Syntax
telnet-server source-ip ip-address

undo telnet-server source-ip
View
System view
Parameter
ip-address: Source IP address to be set.
Description
Use the telnet-server source-ip command to specify the source IP address for a
Telnet server. If the IP address specified by the ip-address argument in the command is
not an IP address of the device, your configuration fails.
Use the undo telnet-server source-ip command to cancel the source IP address
Example
# Set the source IP address to 192.168.1.1 for the Telnet server.
1-24
[Quidway] telnet-server source-ip 192.168.1.1
1.1.27 telnet source-interface
Syntax
telnet source-interface interface-type interface-number

undo telnet source-interface
View
System view
Parameter
interface-type: Type of the interface to be specified as the source interface.

interface-number: Number of the interface to be specified as the source interface.
Description
Use the telnet source-interface command to specify the source interface for a Telnet
client. If the interface specified does not exist, your configuration fails.
Use the undo telnet source-interface command to clear the source interface
Example
# Specify VLAN-interface 2 as the source interface for the Telnet client.

[Quidway] telnet source-interface Vlan-interface 2
1.1.28 telnet source-ip
Syntax
telnet source-ip ip-address

undo telnet source-ip
View
System view
Parameter
ip-address: Source IP address to set.
1-25
Description
Use the telnet source-ip command to specify the source IP address for a Telnet client.
If the IP address specified is not an IP address of the device, your configuration fails.
Use the undo telnet source-ip command to clear the source IP address configuration.
After that, you can access the Telnet server from Telnet client using the IP address
determined by the system.
Example
# Specify the source IP address to be 192.168.1.1 for the Telnet client.

[Quidway] telnet source-ip 192.168.1.1
1.1.29 user-interface
Syntax
user-interface [ type ] first-number [ last-number ]
View
System view
Parameter

first-number: User interface index, which identifies the first user interface to be
configured.
last-number: User interface index, which identifies the last user interface to be
configured.
Description
Use the user-interface command to enter one or more user interface views to perform
configuration.
Example
# Enter VTY 0 user interface view.

[Quidway-ui-vty0]
1-26
1.1.30 user privilege level
Syntax
user privilege level level

undo user privilege level
View
User interface view
Parameter
level: Command level ranging from 0 to 3.
Description
Use the user privilege level command to configure the command level available to the
users logging into the user interface.
Use the undo user privilege level command to revert to the default command level.
By default, the commands of level 3 are available to the users logging into the AUX user
interface. The commands of level 0 are available to the users logging into VTY user
interfaces.
Example
# Configure that commands of level 0 are available to the users logging into VTY 0.
[Quidway-ui-vty0] user privilege level 0
# You can verify the above configuration by Telneting to VTY 0 and displaying the
available commands, as listed in the following.
<Quidway> ?
User view commands:
cluster Run cluster command
language-mode Specify the language environment
nslookup Query Internet name servers
ping Ping function
quit Exit from current command view
super Set the current user priority level
telnet Establish one Telnet connection
tracert Trace route function
undo Cancel current setting
1-27
Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 2 Commands for User Control
Chapter 2 Commands for User Control
2.1 Commands for Controlling Logging in Users

2.1.1 acl
Syntax
acl acl-number { inbound | outbound }

undo acl { inbound | outbound }
View
User interface view
Parameter
acl-number: ACL number ranging from 2,000 to 4,999.

inbound: Filters the users Telneting to the current switch.
outbound: Filters the users Telneting to other switches from the current switch.
Description
Use the acl command to apply an ACL to filter Telnet users.

Use the undo acl command to disable the switch from filtering Telnet users using the
ACL.
By default, Telnet users are not filtered by ACLs.
Example
# Apply ACL 2000 to filter users Telneting to the current switch (assuming that ACL
2,000 already exists.)
[Quidway-ui-vty0-4] acl 2000 inbound
2.1.2 free web-users
Syntax
free web-users { all | user-id user-id | user-name user-name }
2-1
View
User view
Parameter
user-id: Web user ID.

user-name: User name of the Web user. This argument can contain 1 to 80 characters.
all: Specifies all Web users.
Description
Use the free web-users command to disconnect a specified Web user or all Web users
by force.
Example
# Disconnect all Web users by force.

<Quidway> free web-users all
2.1.3 ip http acl
Syntax
ip http acl acl-number

undo ip http acl
View
System view
Parameter
acl-number: ACL number ranging from 2,000 to 2,999.
Description
Use the ip http acl command to apply an ACL to filter Web users.
Use the undo ip http acl command to disable the switch from filtering Web users using
the ACL.
By default, the switch does not use the ACL to filter Web users.
Example
# Apply ACL 2000 to filter Web users (assuming that ACL 2,000 already exists.)
[Quidway] ip http acl 2000
2-2
2.1.4 snmp-agent community
Syntax
snmp-agent community { read | write } community-name [ [ mib-view view-name ] |

[ acl acl-number ] ]*
undo snmp-agent community community-name
View
System view
Parameter
read: Specifies that the community has read-only permission in the specified view.
Write: Specifies that the community has read/write permission in the specified view.
community-name: Community name.
mib-view: Sets the name of the MIB view accessible to the community.
view-name: MIB view name.
acl acl-number: Specifies the ACL number. The acl-number argument ranges from
2,000 to 2,999.
Description
Use the snmp-agent community command to set a community name and to enable
users to access the switch through SNMP. You can also optionally use this command to
apply an ACL to filter network management users.
Use the undo snmp-agent community command to cancel community-related
configuration for the specified community.
By default, SNMPv1 and SNMPv2c access a switch by community names.
Example
# Set the community name to “h123”, enable users to access the switch in the name of
the community (with read-only permission), and apply ACL 2,000 to filter network
management users (assuming that ACL 2000 already exists.)
[Quidway] snmp-agent community read h123 acl 2000
2.1.5 snmp-agent group
Syntax
snmp-agent group { v1 | v2c } group-name [ read-view read-view ] [ write-view

write-view ] [ notify-view notify-view ] [ acl acl-number ]
2-3
undo snmp-agent group { v1 | v2c } group-name

snmp-agent group v3 group-name [ authentication | privacy ] [ read-view
read-view ] [ write-view write-view ] [ notify-view notify-view ] [ acl acl-number ]
undo snmp-agent group v3 group-name [ authentication | privacy ]
View
System view
Parameter
v1: Specifies to adopt v1 security scheme.

v2c: Specifies to adopt v2c security scheme.
v3: Specifies to adopt v3 security scheme.
group-name: Group name. This argument can be of 1 to 32 characters.
authentication: Specifies to authenticate SNMP data without encrypting the data.
privacy: Authenticates and encrypts packets.
read-view: Sets a read-only view.
read-view: Name of the view to be set to read-only. This argument can be of 1 to 32
characters.
write-view: Sets a readable & writable view.
write-view: Name of the view to be set to readable & writable. This argument can be of
1 to 32 characters.
notify-view: Sets a notifying view.
notify-view: Name of the view to be set to a notifying view. This argument can be of 1 to
32 characters.
acl acl-number: Specifies an ACL. The acl-number argument ranges from 2,000 to
2,999.
Description
Use the snmp-agent group command to create a SNMP group. You can also
optionally use this command to apply an ACL to filter network management users.
Use the undo snmp-agent group command to remove a specified SNMP group.
By default, the snmp-agent group v3 group-name command is provided without the
authentication and privacy keyword. That is, the switch does not authenticate or
encrypt the specified group.
Example
# Create a SNMP group named “h123” and apply ACL 2001 to filter network
management users (assuming that ACL 2001 already exists).
2-4
[Quidway] snmp-agent group v1 h123 acl 2001
2-5
Command Manual – Configuration File Management
Table of Contents
Chapter 1 Configuration File Management Commands ............................................................ 1-1

1.1 File Attribute Configuration Commands............................................................................. 1-1
1.1.1 display current-configuration ................................................................................... 1-1
1.1.2 display saved-configuration..................................................................................... 1-7
1.1.3 display startup ....................................................................................................... 1-10
1.1.4 display this............................................................................................................. 1-10
1.1.5 reset saved-configuration...................................................................................... 1-11
1.1.6 save....................................................................................................................... 1-13
1.1.7 startup saved-configuration................................................................................... 1-15
i
Command Manual – Configuration File Management Chapter 1 Configuration File Management
Quidway S3900 Series Ethernet Switches-Release 1510 Commands
Chapter 1 Configuration File Management

Commands
Note:
File path and file name can be represented in one of the following ways:
z In universal resource locator (URL) format and starting with “unit [No.]>flash:/” ( [No.]
represents the unit ID of the switch). This method is used to specify a file on a
specified unit. For example, if the unit ID of the switch is 1, the URL of the file named
text.txt in the root directory of the switch is unit1>flash:/text.txt;
z URL starting with “flash:/”. This method can be used to specify the files saved in the
flash of the current unit;
z Inputting the path name or file name directly. This method can be used to specify the
path to go to or a file in the current work directory.
1.1 File Attribute Configuration Commands

1.1.1 display current-configuration
Syntax
display current-configuration [ configuration [ configuration-type ] | interface

[ interface-type ] [ interface-number ] | vlan [ vlan-id ] ] [ by-linenum [ | { begin | include
| exclude } regular-expression ]
View
Any view
Parameter
configuration: Displays the specified configuration.

configuration-type: Configuration type, which can be one of the following: acl-adv,
acl-basic, acl-ethernetframe, acl-user, hwping, isp, radius-template, system, and
user-interface.
interface: Displays port configuration.
interface-type: Port/interface type, which can be one of the following: Aux, Ethernet,
GigabitEthernet, Loopback, NULL and VLAN.
1-1
interface-number: Port/interface number.

vlan: Displays VLAN configuration.
vlan-id: VLAN ID.
by-linenum: Displays line numbers.
|: Uses a regular expression to filter the configuration of the device to be displayed.
begin: Displays the configuration starting with the string specified by the
regular-expression argument.
include: Displays the configuration including the string specified by the
exclude: Displays the configuration not including the string specified by the
regular-expression: A regular expression.
Table 1-1 Special characters used in a regular expression
Character Meaning Description

Match the strings starting
^user matches configuration
^ with the sub-expressions
files starting with “user”.
following “^”
Matches the strings starting user$ matches the
$ with the sub-expressions configuration ending with
before “$” “user”
If the first character of a

regular expression is not “_”,
the number of the underline
characters in a regular
expression is only limited by
the length of a command line.
Underline, which can
If the first character of a
represent the following
regular expression is “_”,
_ characters: (^|$|[,{}]), space,
there can be up to four other
starting character, and
successive underline
ending character.
characters following it.
If the underline characters are
not successive, only the first
underline character group is
matched. The subsequent
underline groups are ignored.
You are not recommended to
Left parenthesis,
( use this character in a regular
push-in-stack signal
expression.
Period. A wildcard, it can
. represent any single —
character, including spaces.
1-2
Character Meaning Description

Asterisk. It means that the
preceding sub-expression
* zo* matches “z” and “zoo”.
can be matched for zero or
multiple times.
Plus sign. It means that the
preceding sub-expression zo+ matches "zo" and “zoo”,
+
can be matched for one or but not "z".
multiple times.
Description
Use the display current-configuration command to display the current configuration

of a switch.
Parameters that are the same as the default are not displayed.
As the display current-configuration command can be used to view the currently
valid parameters, you can use this command to verify a group of configurations. The
configured parameter whose corresponding function does not take effect is not
displayed.
Related command: save, reset saved-configuration, display saved-configuration.
Example
# Display the currently valid configuration parameters of the Ethernet switch.

<Quidway> display current-configuration
#
sysname Quidway
#
gvrp
#
MAC-authentication
#
queue-scheduler strict-priority
#
interface Aux1/0/0
#
interface Ethernet1/0/1
priority 7
webcache address 1.1.1.1 mac 0000-0000-0001 vlan 1
traffic-limit inbound ip-group 3001 rule 1 640 exceed remark-dscp 4
traffic-priority inbound ip-group 2000 rule 0 dscp ef
line-rate inbound 128
#
1-3
voice vlan enable
#
port link-type hybrid
port hybrid vlan 1 3 untagged
voice vlan enable
port hybrid protocol-vlan vlan 3 1
#
mirroring-group 1 monitor-port
#
port link-type trunk
port trunk permit vlan 1 25
#
#
#
#
voice vlan enable
#
port hybrid vlan 1 3 to 4 untagged
lacp enable
#
#
#
#
#
#
1-4
#
#
#
#
port access vlan 2
#
#
#
#
#
interface GigabitEthernet1/1/1
#
#
#
#
undo irf-fabric authentication-mode
#
interface NULL0
#
user-interface aux 0 4
idle-timeout 0 0
user-interface vty 0 4
authentication-mode none
user privilege level 3
set authentication password simple 1
#
return
# Display the lines that include the stings matching “10*” in the configuration
information. (The character “*” means that the character 0 in the string before it can
appear multiple times or does not appear.)
1-5
<Quidway> display current-configuration | include 10*

route-policy song permit node 1
# Display the configuration information starting with the string “user”.

<Quidway> display current-configuration | include ^user
user-interface aux 0
1-6
1.1.2 display saved-configuration
Syntax
display saved-configuration [ unit unit-id ] [ by-linenum ]
View
Any view
Parameter
unit unit-id: Specifies the unit ID of a switch.

Description
Use the display saved-configuration command to display the content of the primary
configuration file in the Flash of a switch.
Related command: save, reset saved-configuration, display
current-configuration.
Example
# Display the content of the primary configuration file in the Flash.

<Quidway>display saved-configuration
#
sysname Quidway
#
gvrp
#
MAC-authentication
#
interface Aux1/0/0
#
priority 7
webcache address 1.1.1.1 mac 0000-0000-0001 vlan 1
traffic-limit inbound ip-group 3001 rule 1 640 exceed remark-dscp 4
traffic-priority inbound ip-group 2000 rule 0 dscp ef
#
voice vlan enable
#
1-7

voice vlan enable
#
#
port link-type trunk
#
#
#
#
voice vlan enable
#
lacp enable
#
#
#
#
#
#
#
#
1-8
#
#
#
#
#
#
#
#
#
#
#TOPOLOGYCFG. MUST NOT DELETE
#
#GLBCFG. MUST NOT DELETE
#
interface NULL0
#
idle-timeout 0 0
#
return
The configurations are listed in this order: global configuration, port configuration, and
user interface configuration.
1-9
1.1.3 display startup
Syntax
display startup [ unit unit-id ]
View
Any view
Parameter
Description
Use the display startup command to display the startup configuration of a switch,
including the name of the current startup configuration file, the names of the primary
startup configuration file and secondary startup configuration file to be used when the
switch starts the next time, and so on.
Related command: startup saved-configuration.
Example
# Display the startup configuration of unit 1.

<Quidway>display startup unit 1
MainBoard:
Current Startup saved-configuration file: NULL
Next main startup saved-configuration file: flash:/123.cfg
Next backup startup saved-configuration file: flash:/back.cfg
Bootrom-access enable state: enabled
1.1.4 display this
Syntax
display this [ by-linenum ]
View
Any view
Parameter
1-10
Description
Use the display this command to display the current configuration performed in the
current view. To verify the configuration performed in a view, you can use this command
to display the parameters that are valid in the current view.
Parameters that are the same as the default are not displayed. And parameters
corresponding to the functions that do not take effect are not displayed either.
When you execute this command in different interface views, the configurations
performed in the corresponding interfaces are displayed. When you execute this
command in different protocol views, the configurations performed in the corresponding
protocol views are displayed. And when you execute this command in different protocol
sub-views, the configurations performed in the corresponding protocol sub-views are
displayed.
Related command: save, reset saved-configuration, display saved-configuration,
and display current-configuration.
Example
# Display the configuration parameters that take effect in AUX 0 interface view.
[Quidway-ui-aux0] display this
#
idle-timeout 0 0
user-interface vty 0
idle-timeout 0 0
idle-timeout 0 0
#
return
1.1.5 reset saved-configuration
Syntax
reset saved-configuration [ backup | main ]
1-11
View
User view
Parameter
backup: Specifies the secondary configuration file.

main: Specifies the primary configuration file.
Description
Use the reset saved-configuration command to remove a specified configuration file

from the Flash.
If you execute this command with neither the backup nor the main keyword specified,
the primary configuration file is removed.
The reset saved-configuration command is usually used when:
z The configuration files in the Flash are not compatible with the system software.
(This may occur after you upgrade the software of the switch.)
z The network where the switch operates changes. In this case, the existing
configuration files may conflict with the new network. You can remove the existing
configuration files and configure the switch again.
Caution:
z Execute the reset saved-configuration command with caution or with the

presence of the technicians.
z Upon powered on, a switch initiates using the default parameters if the Flash
contains no configuration file.
z An error occurs when you execute this command if the configuration file removed
does not exist.
Related command: save.
Example
# Remove the primary configuration file to be used in the next startup.

<Quidway> reset saved-configuration main
The saved configuration will be erased.
Are you sure?[Y/N]y
Configuration in flash memory is being cleared.
Please wait ...
....
1-12
Unit1 reset saved-configuration successfully.
1.1.6 save
Syntax
save [ cfgfile | [ safely ] [ backup | main ] ]
View
Any view
Parameter
cfgfile: Path name or file name of a configuration file in the Flash, a string comprising 5
to 56 characters.
safely: Saves the current configuration in the safe mode. Although the saving process
in the safe mode is slow, the configuration can be saved to the Flash even if the device
restarts or is powered off when the saving operation is being processed.
backup: Saves the configuration to the secondary configuration file.
main: Saves the configuration to the primary configuration file.
Description
Use the save command to save the current configuration to a configuration file in the
Flash.
If you execute this command with neither the backup nor the main keyword specified,
the current configuration is saved in the primary configuration file.
The safely keyword determines the way to save the current configuration, as described
in the following.
z If you execute this command with the safely keyword not specified, the system
saves the current configuration in the fast mode. In this mode, the configuration
gets lost if the device restarts or is powered off when the saving operation is being
processed.
z If you execute this command with the safely keyword specified, the system saves
the current configuration in the safe mode. Although this mode takes more time
than the fast mode, the configuration can be saved to the Flash even if the device
restarts or is powered off when the saving operation is being processed.
The fast mode is recommended under the circumstances where the power systems are
reliable, while the safe mode is recommended when power system is unreliable or you
are performing a remote maintenance operation.
1-13
Note:
z If you execute the save command with the cfgfile argument not specified, the
current configuration is saved in the configuration file with which the device latest
starts. If the device starts using the default configuration, the current configuration is
saved in the default configuration file.
z To make a switch to adopt the current configuration when it starts the next time,
save the current configuration using the save command before restarting the
switch.
Example
# Save the current configuration to the primary configuration file.

<Quidway> save main
The configuration will be written to the device.
Are you sure?[Y/N]y
Please input the file name(*.cfg)(To leave the existing filename
unchanged press the enter key):123.cfg
Now saving current configuration to the device.

Saving configuration. Please wait...
............
Unit1 save configuration flash:/123.cfg successfully
Unit2 save configuration flash:/123.cfg successfully
%Apr 2 02:58:01:682 2000 Quidway CFM/3/CFM_LOG:- 1 -Unit1 save configuration

successfully.
%Apr 2 02:58:01:783 2000 Quidway CFM/3/CFM_LOG:- 1 -Unit2 save configuration
successfully.
# Save the current configuration to 234.cfg in unit 1.

<Quidway> save unit1>flash:/234.cfg
The current configuration will be saved to unit1>flash:/234.cfg [Y/N]:y
Now saving current configuration to the device.
Saving configuration. Please wait...
...........
Unit1 save configuration unit1>flash:/234.cfg successfully
<Quidway>
%Apr 2 04:07:21:805 2000 5500-EI CFM/3/CFM_LOG:- 1 -Unit1 save configuration
successfully.
1-14
1.1.7 startup saved-configuration
Syntax
startup saved-configuration cfgfile [ backup | main ]

undo startup saved-configuration [ unit unit-id ]
View
User view
Parameter
cfgfile: Path name or file name of a configuration file in the Flash, a string comprising 5
to 56 characters. Note that the current configuration file is saved in the root directory of
the Flash.
backup: Specifies the configuration file to be the primary configuration file.
main: Specifies the configuration file to be the secondary configuration file.
Description
Use the startup saved-configuration command to specify a configuration file to be the

primary configuration file or the secondary configuration file.
Use the undo startup saved-configuration command to specify a switch to start
without loading the configuration file.
If you execute the startup saved-configuration command with neither the backup nor
the main keyword specified, the configuration file identified by the cfgfile argument is
specified as the primary configuration file.
If the unit keyword is not provided, the undo startup saved-configuration command
will specify all the devices in the stack fabric to start without loading the configuration
profile. You can cross-the-switch specify a unit in the fabric to start without loading the
configuration file.
Caution:
To make a switch to start without loading the configuration file, do not execute the save
command after executing the undo startup saved-configuration command.
Related command: display startup.
1-15
Example
# Configure the configuration file named vrpcfg.cfg as the primary configuration file of
the switches in the Fabric.
<Quidway> startup saved-configuration vrpcfg.cfg main
Please wait......Done!
%Apr 2 02:55:10:025 2000 Quidway CFM/3/CFM_LOG:- 1 -Unit1 set the
configuration
successfully.
<Quidway>
%Apr 2 02:55:10:134 2000 Quidway CFM/3/CFM_LOG:- 1 -Unit2 set the
configuration
successfully.
# Configure the configuration file named 123.cfg as the secondary configuration file of
Unit1.
<Quidway> startup saved-configuration unit1>flash:/123.cfg backup
Please wait......Done!
%Apr 2 02:55:54:797 2000 Quidway CFM/3/CFM_LOG:- 1 –Unit1 set the
configuration
successfully.
1-16
Command Manual – VLAN
Table of Contents
Chapter 1 VLAN Configuration Commands................................................................................ 1-1

1.1 VLAN Configuration Commands........................................................................................ 1-1
1.1.1 description ............................................................................................................... 1-1
1.1.2 display interface Vlan-interface ............................................................................... 1-1
1.1.3 display vlan.............................................................................................................. 1-3
1.1.4 interface Vlan-interface ........................................................................................... 1-4
1.1.5 name ....................................................................................................................... 1-5
1.1.6 shutdown ................................................................................................................. 1-6
1.1.7 vlan.......................................................................................................................... 1-6
1.1.8 vlan to...................................................................................................................... 1-7
1.2 Port-Based VLAN Configuration Commands .................................................................... 1-9
1.2.1 port .......................................................................................................................... 1-9
1.3 Protocol-Based VLAN Configuration Commands............................................................ 1-10
1.3.1 display protocol-vlan interface............................................................................... 1-10
1.3.2 display protocol-vlan vlan...................................................................................... 1-11
1.3.3 port hybrid protocol-vlan vlan ................................................................................ 1-12
1.3.4 protocol-vlan.......................................................................................................... 1-13

i
Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 VLAN Configuration Commands
Chapter 1 VLAN Configuration Commands
1.1 VLAN Configuration Commands

1.1.1 description
Syntax
description text
undo description
View
VLAN view, VLAN interface view
Parameter
text: String to describe the current VLAN or VLAN interface.

z In the range of 1 to 32 characters when describing the current VLAN.
z In the range of 1 to 80 characters when describing the current VLAN interface.
Description
Use the description command to assign a description string to the current VLAN or
VLAN interface.
Use the undo description command to restore the default description string.
By default, the description string of the current VLAN is its VLAN ID, such as “VLAN
0001”; the description string of the current VLAN interface is its name, such as
“Vlan-interface 1 Interface”.
Related command: display vlan, and display interface Vlan-interface.
Example
# Specify the description string of the current VLAN as “RESEARCH”.

[Quidway] vlan 1
[Quidway-vlan1] description RESEARCH
1.1.2 display interface Vlan-interface
Syntax
display interface Vlan-interface [ vlan-id ]
1-1
View
Any view
Parameter
vlan-id: ID of the specific VLAN interface.
Description
Use the display interface Vlan-interface command to display the information about
the VLAN interface, including:
z Physical state and link state of the VLAN interface
z Format of the sent frames
z MAC address, IP address and subnet mask of the VLAN interface
z Description string and MTU of the VLAN interface
If the vlan-id argument is specified, the information about the specified VLAN interface
is displayed; if the vlan-id argument is not specified, the information about all the
created VLAN interfaces is displayed.
Related command: interface Vlan-interface.
Example
# Display the information about Vlan-interface 2.

<Quidway> display interface Vlan-interface 2
Vlan-interface2 current state : DOWN
Line protocol current state : DOWN
IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is
00e0-fc07-4101
Internet Address is 10.1.1.1/24 Primary
Description : Vlan-interface2 Interface
The Maximum Transmit Unit is 1500
Table 1-1 Description on the fields of the display interface Vlan-interface command
Field Description
Vlan-interface2 current state Current state of the VLAN interface
Line protocol current state Current state of the Line protocol
IP Sending Frames' Format Format of the frames that IP sends
MAC address corresponding to the VLAN
Hardware address
interface
IP address corresponding to the VLAN
Internet Address
interface
Description Description on the VLAN interface
1-2
Field Description
The Maximum Transmit Unit Maximum transmission unit
1.1.3 display vlan
Syntax
display vlan [ vlan-id [ to vlan-id ] | all | dynamic | static ]
View
Any view
Parameter
vlan-id: Specifies the VLAN ID, in the range of 1 to 4094.

to: Specifies multiple contiguous VLAN IDs.
all: Displays the information about all the VLANs.
dynamic: Displays the VLANs created dynamically.
static: Displays the VLANs created statically.
Description
Use the display vlan command to display the information about the specified VLANs
or all VLANs.
If the vlan-id argument or the all keyword is specified, the information about the
specified VLANs or the all VLANs is displayed, including:
z VLAN ID
z VLAN type (dynamic or static)
z Whether the routing function is enabled (If yes, the primary IP address and mask
are displayed)
z VLAN description
z Member ports
If no argument/keyword is specified, this command displays the VLAN IDs of all the
existing VLANs. If the dynamic or static keyword is specified, this command displays
the amount and VLAN IDs of the existing VLANs that are created dynamically or
statically.
Related command: vlan.
Example
# Display the information about VLAN 1.

<Quidway> display vlan 1
1-3
VLAN ID: 1
VLAN Type: static
Route Interface: not configured
IP Address: 192.168.0.39
Subnet Mask: 255.255.255.0
Description: VLAN 0001
Name: VLAN 0001
Tagged Ports: none
Untagged Ports:
Ethernet1/0/1 Ethernet1/0/2 Ethernet1/0/3
Table 1-2 Description on the fields of the display vlan command
Field Description
VLAN ID VLAN ID
VLAN Type VLAN type (dynamic or static)

Whether the routing interface function is enable for this
Route Interface
VLAN
IP Address IP address
Subnet Mask Subnet mask
Description Description on the VLAN

Name VLAN name
Tagged Ports The ports that tag packets when sending packets
Untagged Ports The ports that do not tag packets when sending packets
1.1.4 interface Vlan-interface
Syntax
interface Vlan-interface vlan-id

undo interface Vlan-interface vlan-id
View
System view
1-4
Parameter
vlan-id: ID of the VLAN interface, in the range of 1 to 4,094.
Description
Use the interface Vlan-interface command to create a VLAN interface or enter VLAN
interface view.
Use the undo interface Vlan-interface command to delete the VLAN interface.
Related command: display interface Vlan-interface.
Example
# Enter Vlan-interface 1 view

[Quidway] interface Vlan-interface 1
[Quidway-Vlan-interface1]
1.1.5 name
Syntax
name text
undo name
View
VLAN view
Parameter
text: String that refers to the name of the current VLAN, in the range of 1 character to 32
characters. It can contain special characters and space.
Parameter
Use the name command to assign a name to a VLAN.

Use the undo name command to restore to the default VLAN name.
By default, the name of a VLAN is its VLAN ID, such as “VLAN 0001”.
Example
# Specify the name of VLAN 2 to ”test vlan”.

[Quidway] vlan 2
[Quidway-vlan2] name test vlan
1-5
1.1.6 shutdown
Syntax
shutdown
undo shutdown
View
VLAN interface view
Parameter
None
Description
Use the shutdown command to disable the VLAN interface.

Use the undo shutdown command to enable the VLAN interface.
By default, a VLAN interface is enabled. In this scenario, a VLAN interface’s status is
determined by the status of its Ethernet ports, that is, if all the Ethernet ports of the
VLAN interface are down, the VLAN interface is down (disabled); if one or more
Ethernet ports of the VLAN interface are up, the VLAN interface is up (enabled).
If a VLAN interface is disabled, its status is not determined by the status of its Ethernet
ports.
You can use the undo shutdown command to enable a VLAN interface when its
related parameters and protocols are configured. When a VLAN interface fails, you can
use the shutdown command to disable the interface, and then use the undo
shutdown command to enable this interface again, which may restore the interface.
The operation of enabling/disabling a VLAN interface does not influence all the
Ethernet ports belonging to this VLAN.
Example
# Disable Vlan-interface2.
[Quidway-Vlan-interface2] shutdown
1.1.7 vlan
Syntax
vlan vlan-id
undo vlan vlan-id1
1-6
View
System view
Parameter
vlan-id: ID of the VLAN which you want to create and whose view you want to enter.
This argument ranges from 1 to 4,094.
Description
Use the vlan command to enter VLAN view. If the VLAN identified by the vlan-id
argument does not exist, this command creates the VLAN and then enters VLAN view.
Use the undo vlan command to remove a VLAN.
Caution:
z VLAN 1 is the default VLAN and cannot be removed.

z When you use the undo vlan command to remove a VLAN which is the default
VLAN of a trunk port or a hybrid port on the device, the configuration of the default
VLAN of the trunk port or hybrid port does not change after the undo vlan command
is executed, that is, the trunk port or the hybrid port will use the removed VLAN as its
default VLAN.
Example
# Enter VLAN 1 view.

[Quidway] vlan 1
[Quidway-vlan1]
# Remove VLAN 5.
[Quidway] undo vlan 5
1.1.8 vlan to
Syntax
vlan { vlan-id1 to vlan-id2 | all }

undo vlan { vlan-id1 to vlan-id2 | all }
1-7
View
System view
Parameter
vlan-id1: ID of the initial VLAN to be created, in the range of 1 to 4,094.

to: Specifies the VLAN range.
vlan-id2: ID of the terminal VLAN to be created, in the range of 1 to 4,094. The
argument is no smaller than the vlan-id1 argument
all: Specifies all VLANs.
Description
Use the vlan to command to create multiple VLANs once.

Use the undo vlan to command to remove multiple VLANs once.
Caution:
The undo vlan to command or the undo vlan all command cannot be used to remove
the VLANs kept by the protocol, the Voice VLANs, the default VLANs (VLAN 1), the
management VLANs and the probe VLANs for remote mirroring.
Example
# Create VLAN 4 through VLAN 100.

[Quidway] vlan 4 to 100
Note:The VLAN kept by protocol, the voice VLAN, the default VLAN, the manageme
nt VLAN and the remote probe VLAN will not be deleted!
Please wait............. Done.
# Remove VLAN 2 through VLAN 9 once, in which VLAN 5 is a Voice VLAN.

[Quidway] undo vlan 2 to 9
Note:The VLAN kept by protocol, the voice VLAN, the default VLAN, the manageme
nt VLAN and the remote probe VLAN will not be deleted!
Please wait... Done.
[Quidway] display vlan
The following VLANs exist:
1-8
1(default), 5
1.2 Port-Based VLAN Configuration Commands

1.2.1 port
Syntax
port interface-list
undo port interface-list
View
VLAN view
Parameter
interface-list: List of Ethernet ports to be added to or removed from a VLAN. You need
to provide this argument in the form of interface-list = { interface-type interface-number
[ to interface-type interface-number ] } &<1-10>, where:
z interface-type is port type and interface-number is port number.
z The port number to the right of the to keyword must be larger than or equal to the
one to the left of the keyword.
z &<1-10> means that you can provide this argument repeatedly for up to 10 times.
Parameter
Use the port command to add a port or multiple ports to a VLAN.

Use the undo port command to remove a port or multiple ports from a VLAN.
Caution:
The port command is only applicable to access ports. To add trunk ports and hybrid
ports to a VLAN, you can use the port trunk permit vlan and port hybrid vlan
commands in Ethernet port view. For the configuration procedure, refer to the section
“Port Basic Configuration” in Quidway S3900 Series Ethernet Switches – Operation
Manual.
Related command: display vlan.
Example
# Add Ethernet1/0/2 through Ethernet1/0/4 to VLAN 2.

1-9

[Quidway] vlan 2
[Quidway-vlan2] port Ethernet1/0/2 to Ethernet1/0/4
1.3 Protocol-Based VLAN Configuration Commands

1.3.1 display protocol-vlan interface
Syntax
display protocol-vlan interface { { interface-type interface-number [ to interface-type

interface-number ] } | all }
View
Any view
Parameter
{ interface-type interface-number [ to interface-type interface-number ] }: Specifies the
port number of the protocol to be displayed. If you do not use the to keyword, only one
port is specified. If you use the to keyword, multiple contiguous ports are specified. The
interface-type argument refers to the port type and the interface-number argument
refers to the port number.
all: Displays the protocol-related information about all ports.
Description
Use the display protocol-vlan interface command to display the protocol information
and protocol indexes configured for specified ports.
Example
# Display protocol information and protocol index configured for Ethernet1/0/1 and
Ethernet1/0/2 ports.
<Quidway> display protocol-vlan interface Ethernet1/0/1 to Ethernet1/0/2
Interface: Ethernet1/0/1
VLAN ID Protocol-Index Protocol-type
50 0 ip
80 1 ip
100 0 ip
100 1 ipx ethernetii
VLAN ID Protocol-Index Protocol-type
1-10
50 1 ipx raw
80 2 at
100 3 snap etype 0x0abc
100 4 llc dsap 0xac ssap 0xbd
1.3.2 display protocol-vlan vlan
Syntax
display protocol-vlan vlan { vlan-id [ to vlan-id ] | all }
View
Any view
Parameter
vlan-id: VLAN ID in the range of 1 to 4094.

to: Specifies a VLAN ID range. Make sure the vlan-id argument to the right of this
keyword is larger than or equal to the argument to the left of this keyword.
all: Specifies all VLANs.
Description
Use the display protocol-vlan vlan command to display the protocol information and
protocol indexes configured for specified VLANs.
Related command: display vlan.
Example
# Display the protocol information and protocol indexes configured for VLAN 10
through VLAN 20.
<Quidway> display protocol-vlan vlan 10 to 20
VLAN ID: 10
VLAN Type: Protocol-based VLAN
Protocol-Index Protocol-Type
0 ip
1 ip
2 ipx ethernetii
3 at
VLAN ID: 15
VLAN Type: Protocol-based VLAN
Protocol-Index Protocol-Type
0 ip
1 snap etype 0x0abcd
1-11
1.3.3 port hybrid protocol-vlan vlan
Syntax
port hybrid protocol-vlan vlan vlan-id { protocol-index [ to protocol-end ] | all }

undo port hybrid protocol-vlan vlan vlan-id { protocol-index [ to protocol-end ] | all }
View
Ethernet port view
Parameter
vlan-id: VLAN ID in the range of 1 to 4094.

protocol-index: Beginning protocol index in the range of 0 to 4.
protocol-end: End protocol index in the range of 0 to 4. Note that this argument must be
larger than or equal to the protocol-index argument.
all: Specifies all protocols.
Description
Use the port hybrid protocol-vlan vlan command to associate a port with the
protocol-based VLAN.
Use the undo port hybrid protocol-vlan vlan command to remove the association
between the specified protocol-based VLAN and a port.
Note:
z The port hybrid protocol-vlan vlan command can be executed on hybrid ports
only.
z Before you associate a port with the protocol-based VLAN, make sure the port
belongs to the protocol-based VLAN.
z When the undo port hybrid protocol-vlan vlan command is being executed, the
switch will prompt operation failure if the index of the specified protocol to be
removed does not exist. If a part of the specified protocol indexes to be removed do
not exist, the switch will remove the existing indexes when it prompts errors.
Related command: display protocol-vlan interface.
Example
# Associate Ethernet1/0/1 with the protocols indexed from 0 to 4 of VLAN 3 (assuming

that VLAN 3 is a protocol-based VLAN).
1-12
[Quidway] interface Ethernet1/0/1
[Quidway-Ethernet1/0/1] port hybrid protocol-vlan vlan 3 0 to 4
1.3.4 protocol-vlan
Syntax
protocol-vlan [ procotol-index ] { at | ip | ipx { ethernetii | llc | raw | snap } | mode

{ ethernetii etype etype-id | llc { dsap dsap-id ssap ssap-id } | snap etype etype-id } }
undo protocol-vlan { protocol-index [ to protocol-end ] | all }
View
VLAN view
Parameter
at: Specifies the VLAN to be an AppleTalk-based VLAN.

ip: Specifies the VLAN to be an IP-based VLAN.
ipx: Specifies the VLAN to be an IPX-based VLAN. The ethernetii, llc, raw and snap
keywords specify the four IPX encapsulation types.
mode: Configures user-defined protocol templates.
ethernetii: Ethernet II encapsulation format.
etype-id: Protocol type of the packet, in the range of 600 to FFFF.
llc: LLC encapsulation format.
dsap-id: Destination service access point. This argument ranges from 0 to FF.
ssap-id: Source service access point. This argument ranges from 0 to FF.
snap: SNAP encapsulation format.
etype-id: Protocol type of the packet, in the range of 600 to FFFF.
protocol-index: Beginning protocol index ranging from 0 to 4. Note that this argument
must be less than or equal to the protocol-end argument. If you do not specify this
argument, the beginning protocol index will be determined by the system.
protocol-end: End protocol index ranging from 0 to 4. Note that this argument must be
larger than or equal to the protocol-index argument.
all: Specifies all the protocol indexes.
1-13
Note:
When you use the mode keyword to configure protocol-based VLANs, if you set the
etype arguments of Ethernet II or SNAP packets to 0x0800, 0x089b, and 0x8137, the
matched packets have the same format as that of IP, IPX, and Appletalk packets
respectively. In order that two commands do not configure the same protocol
repetitively, the switch will prompt you that you cannot specify the etype arguments of
Ethernet II and SNAP packets to 0x0800, 0x089b, and 0x8137.
Description
Use the protocol-vlan command to configure the protocol template used for
classifying protocol-based VLANs.
Use the undo protocol-vlan command to disable the configuration.
Related command: display protocol-vlan vlan.
Example
# Configure VLAN 3 as a protocol-based VLAN and assign IP packets to VLAN 3 for

transmission.
[Quidway] vlan 3
[Quidway-vlan3] protocol-vlan ip
Caution:
Because the IP protocol is closely associated with the ARP protocol, you are
recommended to configure the ARP protocol type when configuring the IP protocol type
and associate the two protocol types with the same port, in case that ARP packets and
IP packets are not assigned to the same VLAN, which will cause IP address resolution
failure.
# Configure an ARP protocol template. The code for the ARP protocol is 0x0806.
z Perform the following command when Ethernet encapsulation is used.

[Quidway-vlan3] protocol-vlan mode ethernetii etype 0806
z Perform the following configuration when 802.3 encapsulation format is used.

[Quidway-vlan3] protocol-vlan mode snap etype 0806
1-14
Command Manual – IP Address and IP Performance
Confiugration
Table of Contents
Chapter 1 IP Address Configuration Commands....................................................................... 1-1

1.1 IP Address Configuration Commands ............................................................................... 1-1
1.1.1 display ip interface .................................................................................................. 1-1
1.1.2 ip address................................................................................................................ 1-3
Chapter 2 IP Performance Configuration Commands ............................................................... 2-1

2.1 IP Performance Configuration Commands........................................................................ 2-1
2.1.1 display fib ................................................................................................................ 2-1
2.1.2 display fib ip-address .............................................................................................. 2-2
2.1.3 display fib acl........................................................................................................... 2-3
2.1.4 display fib | .............................................................................................................. 2-4
2.1.5 display fib ip-prefix .................................................................................................. 2-5
2.1.6 display fib statistics ................................................................................................. 2-6
2.1.7 display icmp statistics.............................................................................................. 2-7
2.1.8 display ip socket ...................................................................................................... 2-8
2.1.9 display ip statistics ................................................................................................ 2-10
2.1.10 display tcp statistics ............................................................................................ 2-11
2.1.11 display tcp status................................................................................................. 2-14
2.1.12 display udp statistics ........................................................................................... 2-15
2.1.13 ip forward-broadcast ........................................................................................... 2-17
2.1.14 reset ip statistics.................................................................................................. 2-17
2.1.15 reset tcp statistics................................................................................................ 2-18
2.1.16 reset udp statistics .............................................................................................. 2-18
2.1.17 tcp timer fin-timeout............................................................................................. 2-19
2.1.18 tcp timer syn-timeout........................................................................................... 2-19
2.1.19 tcp window........................................................................................................... 2-20
i
Command Manual – IP Address and Performance
Confiugration
Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 IP Address Configuration Commands
Chapter 1 IP Address Configuration Commands
1.1 IP Address Configuration Commands

1.1.1 display ip interface
Syntax
display ip interface [ brief [ interface-type [ interface-number ] ] | [ interface-type

interface-number ] ]
View
Any view
Parameter
interface-type interface-number: interface-type indicates a interface type and

interface-number indicates a interface number. For details, see the description of the
interface command in Port Basic Configuration Command Manual.
brief: Displays the basic interface configuration information.
Description
Use the display ip interface command to display information about one specific or all
interfaces.
Example
# Display information about VLAN interface 1.

<Quidway>display ip interface Vlan-interface 1
Vlan-interface1 current state :UP
Line protocol current state :UP
Broadcast address : 192.168.0.255
The Maximum Transmit Unit : 1500 bytes
IP packets input number: 9678, bytes: 475001, multicasts: 7
IP packets output number: 8622, bytes: 391084, multicasts: 0
TTL invalid packet number: 0
ICMP packet input number: 0
Echo reply: 0
Unreachable: 0
Source quench: 0
Routing redirect: 0
Echo request: 0
1-1
Confiugration
Router advert: 0
Router solicit: 0
Time exceed: 0
IP header bad: 0
Timestamp request: 0
Timestamp reply: 0
Information request: 0
Information reply: 0
Netmask request: 0
Netmask reply: 0
Unknown type: 0
Table 1-1 Description on the fields of the display ip interface command
Field Description
Vlan-interface1 current state Current state of VLAN interface 1
Line protocol current state Current state of the Line protocol
Internet Address IP address
Broadcast address Broadcast address
The Maximum Transmit Unit Max transmit unit
IP packets input number: 9678, bytes:

Number of input/output unicast
475001, multicasts: 7
packets, bytes, and multicast
IP packets output number: 8622, bytes:
packets
391084, multicasts: 0
Number of received invalid TTL

TTL invalid packet number
packets
1-2
Confiugration
Field Description

Echo reply: 0
Unreachable: 0
Total number of received ICMP
Source quench: 0 packets, including:
Routing redirect: 0 Echo reply packet, unreachable
Echo request: 0 packet, source quench packet,
routing redirect packet, Echo
Router advert: 0
request packet, router advert
Router solicit: 0
packet, router solicit packet, time
Time exceed: 0 exceed packet, IP header bad
IP header bad: 0 packet, timestamp request packet,
timestamp reply packet,
information request packet,
Timestamp reply: 0
information reply packet, netmask
Information request: 0 request packet, netmask reply
Information reply: 0 packet, and unknown types of
packets.
Netmask request: 0
Netmask reply: 0
Unknown type: 0
1.1.2 ip address
Syntax
ip address ip-address { mask | mask-length } [ sub ]

undo ip address [ ip-address { mask | mask-length } [ sub ] ]
View
VLAN interface view, loopback interface view
Parameter
Ip-address: IP address, in dotted decimal notation.

mask: Subnet mask, in dotted decimal notation.
mask-length: Length of a subnet mask.
sub: Secondary IP address of a VLAN or loopback interface.
1-3
Confiugration
Description
Use the ip address command to specify an IP address and mask for a VLAN or
loopback interface.
Use the undo ip address command to remove an IP address and mask of a VLAN or
loopback interface.
By default, a VLAN or loopback interface has no IP address.
Generally, it is enough to configure one IP address for an interface. However, you can
configure up to five IP addresses for an interface so that it can be connected to several
subnets. Among these IP addresses, one is the primary IP address and all the others
are secondary ones. The relationship between the primary address and the secondary
addresses is as follows:
z When you configure a primary IP address for an interface which already has a
primary IP address, the new address will replace the old one.
z If you execute the undo ip address command without any parameter, the switch
deletes both primary and secondary IP addresses of the interface. The undo ip
address ip-address { mask | mask-length } command is used to delete the
primary IP address. The undo ip address ip-address { mask | mask-length } sub
command is used to delete secondary IP addresses.
Note that a VLAN interface cannot be configured with a secondary IP address if the
interface has been configured to obtain an IP address by BOOTP or DHCP.
Related command: display ip interface.
Example
# Specify the IP address and subnet mask of VLAN interface 1 to 129.12.0.1 and
255.255.255.0 respectively.
<Quidway>system-view
[Quidway]interface Vlan-interface 1
[Quidway-Vlan-interface1] ip address 129.12.0.1 255.255.255.0
1-4
Command Manual – IP Address and Confiugration
Quidway S3900 Series Ethernet Switches-Release
1510 Chapter 2 IP Performance Configuration Commands
Chapter 2 IP Performance Configuration

Commands
2.1 IP Performance Configuration Commands

2.1.1 display fib
Syntax
display fib
View
Any view
Parameter
None
Description
Use the display fib command to view the summary of the forwarding information base
(FIB). Each line indicates an FIB entry. The information includes: destination
address/mask length, next hop, current flag, timestamp, and output interface.
Example
# View the FIB summary.

<Quidway> display fib
Flag:
U:Usable G:Gateway H:Host B:Blackhole D:Dynamic S:Static
R:Reject E:Equal cost multi-path L:Generated by ARP or ESIS
Destination/Mask Nexthop Flag TimeStamp Interface
10.153.17.0/24 10.153.17.99 U t[191954] Vlan-interface1
10.153.18.88/32 127.0.0.1 GHU t[191954] InLoopBack0
10.153.18.0/24 10.153.18.88 U t[191954] LoopBack0
10.153.17.99/32 127.0.0.1 GHU t[181648] InLoopBack0
127.0.0.0/8 127.0.0.1 U t[181648] InLoopBack0
Table 2-1 Description on the fields of the display fib command
Field Description
Destination/Mask Destination address/mask length
2-1
Field Description
Nexthop Next hop address
Flags:
U: A route is up and available.
G: Gateway route
H: Local host route
B: Blackhole route
Flag
D: Dynamic route
S: Static route
R: Rejected route
E: Multi-path equal-cost route
L: Route generated by ARP or ESIS
TimeStamp Timestamp
Interface Forwarding interface
2.1.2 display fib ip-address
Syntax
display fib ip-address1 [ { mask1 | mask-length1 } [ ip-address2 { mask2 |

mask-length2 } | longer ] | longer ]
View
Any view
Parameter
ip-address1, ip-address2: Destination IP addresses, in dotted decimal notation.

ip_address1 and ip_address2 together define an address range. The FIB entries in
this address range will be displayed.
mask1, mask2: IP address masks, in dotted decimal notation.
mask-length1, mask-length2: Integers in the range of 0 to 32, representing the mask
length.
longer: Displays the FIB entries matching specific network/mask.
2-2
Description
Use the display fib ip-address command to view the FIB entries matching the
destination IP address. Each line indicates an FIB entry. The information includes:
destination address/mask length, next hop, current flag, timestamp, and outbound
interface.
Example
# View the FIB entries whose destination addresses match 12.158.10.0 in the natural
mask range.
<Quidway>display fib 12.158.10.0
Route Entry Count: 1
Flag:
# Display the FIB entries whose destination addresses are in the range of
12.158.10.0/24 to 12.158.10.6/24.
<Quidway>display fib 12.158.10.0 255.255.255.0 12.158.10.6 255.255.255.0
Route Entry Count: 1
Flag:
For details about the displayed information, see Table 2-1.
2.1.3 display fib acl
Syntax
display fib acl number
View
Any view
Parameter
number: ACL in the number form, in the range of 2000 to 2999.
2-3
Description
Use the display fib acl command to view the FIB entries matching a specific ACL. For
ACL, refer to the ACL module of this manual.
Example
# View all the FIB entries.

<Quidway>display fib
Flag:
211.71.75.0/24 1.1.1.2 GSU t[250763] Vlan-interface2
1.1.2.1/32 127.0.0.1 GHU t[37] InLoopBack0
127.0.0.1/32 127.0.0.1 GHU t[37] InLoopBack0
127.0.0.0/8 127.0.0.1 U t[37] InLoopBack0
1.1.1.1/32 127.0.0.1 GHU t[37] InLoopBack0
# View ACL 2001.

<Quidway>display acl 2001
Basic ACL 2001, 1 rule
Acl's step is 1
rule 0 permit source 211.71.75.0 0.0.0.255
# View the FIB entries filtered by ACL 2001.

<Quidway>display fib acl 2001
Route Entry matched by access-list 2001
Summary Counts :1
Flag:
2.1.4 display fib |
Syntax
display fib | { begin | exclude | include } text
View
Any view
2-4
Parameter
begin: Displays the FIB entries from the first one containing the string identified by the
argument text.
exclude: Displays only those FIB entries excluding the character string text.
include: Display only those FIB entries containing the character string text.
text: Character string.
Description
Use the display fib | command to view the FIB entries output from the buffer
according to the regular expression and are related to the specific character string. For
the format of the regular expression, refer to the Configuration File Management
module of this manual.
Example
# View the lines starting from the first one containing the string 169.254.0.0.
<Quidway> display fib | begin 169.254.0.0
2.1.5 display fib ip-prefix
Syntax
display fib ip-prefix listname
View
Any view
Parameter
listname: Prefix list name, a string of one to 19 characters.
Description
Use the display fib ip-prefix command to view the FIB entries matching a specific
prefix list. For the prefix list, refer to IP Routing Policy Configuration of the Routing
Protocol module of this manual.
Example# View the prefix list abc.
<Quidway>display ip ip-prefix abc
name index conditions ip-prefix / mask GE LE
abc 10 permit 211.71.75.0/24 -- --
2-5
# View all the FIB entries.

<Quidway>display fib
Flag:
1.1.2.1/32 127.0.0.1 GHU t[37] InLoopBack0
127.0.0.1/32 127.0.0.1 GHU t[37] InLoopBack0
127.0.0.0/8 127.0.0.1 U t[37] InLoopBack0
1.1.1.1/32 127.0.0.1 GHU t[37] InLoopBack0
# View the FIB entries matching prefix list abc.

<Quidway> display fib ip-prefix abc
Route Entry matched by prefix-list abc
Summary Counts :1
Flag:
2.1.6 display fib statistics
Syntax
display fib statistics
View
Any view
Parameter
None
Description
Use the display fib statistics command to view the total number of FIB entries.
Example
# View the total number of FIB entries.

<Quidway> display fib statistics
2-6
Route Entry Count : 30
2.1.7 display icmp statistics
Syntax
display icmp statistics
View
Any view
Parameter
None
Description
Use the display icmp statistics command to view the statistics about ICMP packets.
Related command: display ip interface and reset ip statistics.
Example
# View the statistics about ICMP packets.

<Quidway> display icmp statistics
Input: bad formats 0 bad checksum 0
echo 5 destination unreachable 0
source quench 0 redirects 0
echo reply 10 parameter problem 0
timestamp 0 information request 0
mask requests 0 mask replies 0
time exceeded 0
Output:echo 10 destination unreachable 0
source quench 0 redirects 0
echo reply 5 parameter problem 0
timestamp 0 information reply 0
mask requests 0 mask replies 0
time exceeded 0
Table 2-2 Description on the fields of the display icmp statistics command
Field Description
bad formats Number of input packets in bad formats
bad checksum Number of input packets with bad checksum
echo Number of input/output echo request packets
2-7
Field Description
destination unreachable Number of input/output packets with unreachable

destination
source quench Number of input/output source quench packets
redirects Number of input/output redirected packets
echo reply Number of input/output echo reply packets
parameter problem Number of input/output packets with parameter

problem
timestamp Number of input/output timestamp packets
information request Number of input information request packets
mask requests Number of input/output mask request packets
mask replies Number of input/output mask reply packets
information reply Number of output information reply packets
time exceeded Number of time exceeded packets
2.1.8 display ip socket
Syntax
display ip socket [ socktype sock-type ] [ task-id socket-id ]
View
Any view
Parameter
sock-type: Type of a socket, ranging from 1 to 3. These values correspond to

SOCK_STREAM (TCP socket), SOCK_DGRAM (UDP socket or socket based on the
link layer), and SOCK_RAW (RAW IP socket).
task-id: ID of a task, with the value ranging from 1 to 100.
socket-id: ID of a socket, with the value ranging from 0 to 3072.
Description
Use the display ip socket command to display the information of the current socket.
2-8
Example
# Display the information about the socket of the TCP type.

<Quidway> display ip socket socktype 1
SOCK_STREAM:
Task = VTYD(18), socketid = 1, Proto = 6,
LA = 0.0.0.0:23, FA = 0.0.0.0:0,
sndbuf = 8192, rcvbuf = 8192, sb_cc = 0, rb_cc = 0,
socket option = SO_ACCEPTCONN SO_KEEPALIVE SO_SENDVPNID SO_SETKEEPALIVE,
socket state = SS_PRIV SS_ASYNC

LA = 10.153.17.99:23, FA = 10.153.17.56:1161,
socket option = SO_KEEPALIVE SO_OOBINLINE SO_SENDVPNID SO_SETKEEPALIVE,
socket state = SS_ISCONNECTED SS_PRIV SS_ASYNC

LA = 10.153.17.99:23, FA = 10.153.17.82:1121,
socket option = SO_KEEPALIVE SO_OOBINLINE SO_SENDVPNID SO_SETKEEPALIVE,
socket state = SS_ISCONNECTED SS_PRIV SS_ASYNC
Table 2-3 Description on the fields of the display ip socket command
Field Description
Type of a socket. Three types are available:

SOCK_STREAM (TCP socket), SOCK_DGRAM
SOCK_STREAM
(UDP socket or socket supporting link layer access),
and SOCK_RAW (RAW IP socket).
Task Task ID
socketid Socket ID
Proto Protocol number used by the socket
sndbuf Sending buffer size of the socket
rcvbuf Receiving buffer size of the socket
Current data size in the sending buffer. The value

sb_cc makes sense only for the socket of TCP type,
because only TCP is able to cache data.
2-9
Field Description
rb_cc Current data size in the receiving buffer
socket option Option of a socket
socket state State of a socket
2.1.9 display ip statistics
Syntax
display ip statistics
View
Any view
Parameter
None
Description
Use the display ip statistics command to view the statistics about IP packets.
Related command: display ip interface and reset ip statistics.
Example
# View the statistics about IP packets.

<Quidway> display ip statistics
Input: sum 7120 local 112
bad protocol 0 bad format 0
bad checksum 0 bad options 0
Output: forwarding 0 local 27
dropped 0 no route 2
compress fails 0
Fragment:input 0 output 0
dropped 0
fragmented 0 couldn't fragment 0
Reassembling:sum 0 timeouts 0
Table 2-4 Description on the fields of the display ip statistics command
Field Description
Input: sum Sum of input packets
2-10
Field Description
Local Number of received packets whose

destination address is the local device
bad protocol Number of packets with wrong protocol

number
bad format Number of packets in bad format
bad checksum Number of packets with bad checksum
bad options Number of packets with wrong options
Output: forwarding Number of forwarded packets
local Number of packets sent by the local

device
dropped Number of dropped packets during

transmission
no route Number of packets that cannot be routed
compress fails Number of packets that cannot be

compressed
Fragment: input Number of input fragments
output Number of output fragments
dropped Number of dropped fragments
fragmented Number of packets that are fragmented
couldn't fragment Number of packets that cannot be

fragmented
Reassembling: sum Number of reassembled packets
timeouts Number of timeout fragment packets
2.1.10 display tcp statistics
Syntax
display tcp statistics
2-11
View
Any view
Parameter
None
Description
Use the display tcp statistics command to view the statistics about TCP packets.
Related command: display tcp status and reset tcp statistics.
Example
# View the statistics about TCP packets.

<Quidway> display tcp statistics
Received packets:
Total: 753
packets in sequence: 412 (11032 bytes)
window probe packets: 0, window update packets: 0
checksum error: 0, offset error: 0, short error: 0
duplicate packets: 4 (88 bytes), partially duplicate packets: 5 (7 bytes)
out-of-order packets: 0 (0 bytes)
packets of data after window: 0 (0 bytes)
packets received after close: 0
ACK packets: 481 (8776 bytes)
duplicate ACK packets: 7, too much ACK packets: 0
Sent packets:
Total: 665
urgent packets: 0
control packets: 5 (including 1 RST)
window probe packets: 0, window update packets: 2
data packets: 618 (8770 bytes) data packets retransmitted: 0 (0 bytes)
ACK-only packets: 40 (28 delayed)
Retransmitted timeout: 0, connections dropped in retransmitted timeout: 0

Keepalive timeout: 0, keepalive probe: 0, Keepalive timeout, so connections
disconnected : 0
Initiated connections: 0, accepted connections: 0, established connections:
0
Closed connections: 0 (dropped: 0, initiated dropped: 0)
Packets dropped with MD5 authentication: 0
Packets permitted with MD5 authentication: 0
2-12
Table 2-5 Description on the fields of the display tcp statistics command
Field Description
Received Total Total number of received packets

packets
packets in sequence Number of packets in sequence
window probe packets/ Number of window probe

window update packets packets/number of window update
packets
checksum error/ offset Number of checksum errors/number

error/ short error of offset errors/number of short
errors
duplicate packets/ partially Number of duplicate packets/number

duplicate packets of partially duplicate packets
out-of-order packets Number of out-of-order packets
packets of data after Number of packets out of window

window
packets received after close Number of received packets after

close
ACK packets Number of ACK packets
duplicate ACK packets/ too Number of duplicate ACK

much ACK packets packets/number of ACK packets for
data not sent.
Sent packets Total Total number of sent packets
urgent packets Number of urgent packets
control packets (including 1 Number of control packets, including

RST) one retransmitted packet
window probe packets/ Number of window probe

window update packets packets/number of window update
packets
data packets/ data packets Number of data packets/number of

retransmitted retransmitted packets
ACK-only packets Number of ACK packets (28 delay

ACK packets)
2-13
Field Description
Retransmitted timeout/ connections Times of retransmission timer

dropped in retransmitted timeout timeout/number of dropped
connections because retransmission
times exceed the limit
Keepalive timeout/ keepalive probe/ Times of keepalive timer

Keepalive timeout, so connections timeout/number of transmitted
disconnected keepalive probe packets/number of
dropped connections due to
keepalive probe failure
Initiated connections/ accepted Number of initiated

connections/ established connections connections/number of accepted
connections/number of established
connections
Closed connections (dropped:/ initiated Number of closed connections

dropped: ) (number of dropped
connections/number of failed
connection attempts)
Packets dropped with MD5 authentication Number of dropped packets with

MD5 authentication
Packets permitted with MD5 authentication Number of permitted packets with

MD5 authentication
2.1.11 display tcp status
Syntax
display tcp status
View
Any view
Parameter
None
Description
Use the display tcp status command to view the state of all the TCP connections so
that you can monitor TCP connections in real time.
2-14
Example
# View the state of all the TCP connections.

<Quidway> display tcp status
*: TCP MD5 Connection
TCPCB Local Add:port Foreign Add:port State
03e37dc4 0.0.0.0:4001 0.0.0.0:0 Listening
04217174 100.0.0.204:23 100.0.0.253:65508 Established
Table 2-6 Description on the fields of the display tcp status command
Field Description
If there is an asterisk before a connection, it means that the

*
TCP connection is authenticated through the MD5 algorithm
TCPCB Address of the TCP control block
Local Add:port Local IP address; port number
Foreign Add:port Remote IP address; port number
State TCP connection state
2.1.12 display udp statistics
Syntax
display udp statistics
View
Any view
Parameter
None
Description
Use the display udp statistics command to view the statistics about UDP packets.
Related command: reset udp statistics.
Example
# View the statistics about UDP packets.

<Quidway>display udp statistics
Received packets:
2-15
Total: 26320
checksum error: 0
shorter than header: 0, data length larger than packet: 0
no socket on port: 0
total broadcast or multicast packets : 25006
no socket broadcast or multicast packets: 24989
not delivered, input socket full: 0
input packets missing pcb cache: 1314
Sent packets:
Total: 7187
Table 2-7 Description on the fields of the display udp statistics command
Field Description
Total Total number of received UDP packets
checksum error Number of packets with checksum errors
Number of packets whose lengths are shorter

shorter than header,
than their headers
data length larger than Number of packets whose lengths are larger
packet than the packets
Number of packets dropped because the

no socket on port socket corresponding to the port number is not
Received
found
packets:
total broadcast or Total number of transmitted broadcast or
multicast packets multicast packets
no socket broadcast or Total number of transmitted broadcast or

multicast packets multicast packets whose sockets are not found
not delivered, input Number of not delivered packets because the

socket full socket cache is full
input packets missing

Number of packets missing pcb cache
pcb cache
Sent
Total Total number of transmitted UDP packets
packet:
2-16
2.1.13 ip forward-broadcast
Syntax
ip forward-broadcast
undo ip forward-broadcast
View
System view
Parameter
None
Description
Use the ip forward-broadcast command to enable broadcast from directly-connected

network segment.
Use the undo ip forward-broadcast command to disable broadcast from
directly-connected network segment.
By default, it is disabled to receive broadcast from directly-connected network
segment.
Example
# Enable broadcast from directly-connected broadcast.

[Quidway] ip forward-broadcast
2.1.14 reset ip statistics
Syntax
reset ip statistics
View
User view
Parameter
None
Description
Use the reset ip statistics command to clear the statistics about IP packets.
Related command: display ip interface and display ip statistics.
2-17
Example
# Clear the statistics about IP packets.

<Quidway> reset ip statistics
2.1.15 reset tcp statistics
Syntax
reset tcp statistics
View
User view
Parameter
None
Description
Use the reset tcp statistics command to clear the statistics about TCP packets.
Related command: display tcp statistics.
Example
# Clear the statistics about TCP packets.

<Quidway> reset tcp statistics
2.1.16 reset udp statistics
Syntax
reset udp statistics
View
User view
Parameter
None
Description
Use the reset udp statistics command to clear the statistics about UDP packets.
Example
# Clear the statistics about UDP packets.

<Quidway> reset udp statistics
2-18
2.1.17 tcp timer fin-timeout
Syntax
tcp timer fin-timeout time-value

undo tcp timer fin-timeout
View
System view
Parameter
time-value: TCP finwait timer value, in seconds, with the value ranging from 76 to
3600.
Description
Use the tcp timer fin-timeout command to configure the TCP finwait timer.
Use the undo tcp timer fin-timeout command to restore the default value of the TCP
finwait timer.
The default value is 675 seconds.
When the TCP connection state changes from FIN_WAIT_1 to FIN_WAIT_2, the
finwait timer is enabled. If the switch does not receive FIN packets before finwait timer
time outs, the TCP connection will be terminated.
Related command: tcp timer syn-timeout and tcp window.
Example
# Configure the default value of the TCP finwait timer to 800 seconds.
[Quidway] tcp timer fin-timeout 800
2.1.18 tcp timer syn-timeout
Syntax
tcp timer syn-timeout time-value

undo tcp timer syn-timeout
View
System view
Parameter
time-value: TCP synwait timer value, in seconds, with the value ranging from 2 to 600.
2-19
Description
Use the tcp timer syn-timeout command to configure the TCP synwait timer.
Use the undo tcp timer syn-timeout command to restore the default value of the
TCP synwait timer.
The default value is 75 seconds.
When sending the SYN packet, TCP starts the synwait timer. If the response packet is
not received before synwait times out, the TCP connection will be terminated.
Related command: tcp timer fin-timeout and tcp window.
Example
# Configure the default value of the TCP synwait timer to 80 seconds.

[Quidway] tcp timer syn-timeout 80
2.1.19 tcp window
Syntax
tcp window window-size

undo tcp window
View
System view
Parameter
window-size: The size of the transmission and receiving buffers measured in kilobytes
(KB), whose value ranges from 1 to 32.
Description
Use the tcp window command to configure the size of the transmission and receiving
buffers of the connection-oriented socket.
Use the undo tcp window command to restore the default size of the transmission
and receiving buffers of the connection-oriented socket.
By default, the size of the transmission and receiving buffers is 8 KB.
Related command: tcp timer fin-timeout and tcp timer syn-timeout.
Example
# Configure the size of the transmission and receiving buffers to 3KB.

2-20

[Quidway] tcp window 3
2-21
Command Manual - Management VLAN
Table of Contents
Chapter 1 Management VLAN Configuration Commands......................................................... 1-1

1.1 Management VLAN Configuration Commands ................................................................. 1-1
1.1.1 description ............................................................................................................... 1-1
1.1.2 display interface Vlan-interface ............................................................................... 1-2
1.1.3 display ip host.......................................................................................................... 1-3
1.1.4 display ip interface Vlan-interface ........................................................................... 1-3
1.1.5 display ip routing-table ............................................................................................ 1-5
1.1.6 display ip routing-table acl....................................................................................... 1-6
1.1.7 display ip routing-table ip-address ........................................................................ 1-10
1.1.8 display ip routing-table ip-address1 ip-address2 .................................................. 1-12
1.1.9 display ip routing-table ip-prefix ............................................................................ 1-13
1.1.10 display ip routing-table protocol .......................................................................... 1-14
1.1.11 display ip routing-table radix ............................................................................... 1-15
1.1.12 display ip routing-table statistics ......................................................................... 1-16
1.1.13 display ip routing-table verbose .......................................................................... 1-17
1.1.14 interface Vlan-interface ....................................................................................... 1-19
1.1.15 ip address............................................................................................................ 1-19
1.1.16 ip host.................................................................................................................. 1-20
1.1.17 ip route-static....................................................................................................... 1-21
1.1.18 management-vlan ............................................................................................... 1-22
1.1.19 shutdown ............................................................................................................. 1-23
Chapter 2 DHCP/BOOTP Client Configuration ........................................................................... 2-1

2.1 DHCP Client Configuration Commands ............................................................................ 2-1
2.1.1 debugging dhcp client ............................................................................................. 2-1
2.1.2 debugging dhcp irf xha............................................................................................ 2-2
2.1.3 display dhcp client................................................................................................... 2-2
2.1.4 ip address dhcp-alloc .............................................................................................. 2-4
2.2 BOOTP Client Configuration Commands .......................................................................... 2-4
2.2.1 display bootp client.................................................................................................. 2-4
2.2.2 ip address bootp-alloc ............................................................................................. 2-5
i
Command Manual - Management VLAN Chapter 1 Management VLAN Configuration
Chapter 1 Management VLAN Configuration

Commands
1.1 Management VLAN Configuration Commands

1.1.1 description
Syntax
description text
undo description
View
VLAN view, VLAN interface view
Parameter
text: Description string to be assigned to the current VLAN or VLAN interface.

z The description string of a VLAN comprises 1 to 32 characters and defaults to the
ID of the VLAN (for example, VLAN 0001).
z The description string of a VLAN interface comprises 1 to 80 characters and
defaults to the name of the VLAN interface (for example, Vlan-interface1
Interface).
Description
Use the description command to assign a description string to a VLAN or a VLAN

interface.
Use the undo description command to restore the default description string.
Related command: display vlan, display interface Vlan-interface.
Example
# Configure VLAN 2 to be the management VLAN and specify the description string of
the VLAN 2 interface to be RESEARCH.
[Quidway] vlan 2
[Quidway-vlan2] quit
[Quidway] management-vlan 2
[Quidway-Vlan-interface2] description RESEARCH
1-1
1.1.2 display interface Vlan-interface
Syntax
display interface Vlan-interface [ vlan-id ]
View
Any view
Parameter
vlan-id: ID of the management VLAN interface the information about which is to be

displayed.
Description
Use the display interface Vlan-interface command to display the information about
the management VLAN interface, including the physical and link status, the format of
the sent frames, the MAC address, IP address (and subnet mask), description string
and MTU (maximum transmit unit) of the management VLAN.
Related command: interface Vlan-interface.
Example
# Display the information about the management VLAN interface. (Assume that VLAN
1 is the management VLAN.)
<Quidway> display interface Vlan-interface 1
Vlan-interface1 current state : DOWN
Line protocol current state : DOWN
00e0-fc07-4101
Description : HUAWEI, Quidway Series, Vlan-interface1 Interface
The Maximum Transmit Unit is 1500
Table 1-1 Description on the fields of the display interface Vlan-interface command
Field Description
Vlan-interface current state Current state of Vlan-interface1
Line protocol current state Current state of the line protocol
IP Sending Frames' Format Format of the frames that IP sends
MAC address corresponding to the
Hardware address
management VLAN interface
Internet Address Primary Primary IP address
Description VLAN interface description
1-2
Field Description
The Maximum Transmit Unit The maximum transmit unit (MTU)
1.1.3 display ip host
Syntax
display ip host
View
Any view
Parameter
None
Description
Use the display ip host command to display the names of all the hosts and their IP
addresses.
Example
# Display the names of all the hosts and their IP addresses.

<Quidway> display ip host
Host Age Flags Address
My 0 static 1.1.1.1
Aa 0 static 2.2.2.4
Table 1-2 Description on the fields of the display ip host command
Field Description
Host Host name
Age Valid duration of the host address
Flag. Only the static flag, namely, the
Flags host name configured manually is
supported currently
Address Host IP address
1.1.4 display ip interface Vlan-interface
Syntax
display ip interface [ brief ] [ Vlan-interface [ vlan-id ] ]
1-3
View
Any view
Parameter
vlan-id: ID of the management VLAN interface, in the range of 1 to 4094.

brief: Displays the configuration information about the specified interface in brief.
Description
Use the display ip interface Vlan-interface command to display the information about
a specified interface.
Example
# Display the information about VLAN 1 interface.

<Quidway> display ip interface Vlan-interface 1
Vlan-interface1 current state :UP
Line protocol current state :UP
Broadcast address : 192.168.0.255
The Maximum Transmit Unit : 1500 bytes
IP packets input number: 7420, bytes: 557679, multicasts: 1
IP packets output number: 7509, bytes: 385809, multicasts: 0
TTL invalid packet number: 0
Echo reply: 0
Unreachable: 0
Source quench: 0
Routing redirect: 0
Echo request: 0
Router advert: 0
Router solicit: 0
Time exceed: 0
IP header bad: 0
Timestamp reply: 0
Information request: 0
Netmask request: 0
Netmask reply: 0
Unknown type: 0
1-4
Table 1-3 Description on the fields of the display ip interface command
Field Description
Vlan-interface1 current state Current state of Vlan-interface1
Line protocol current state Current state of the line protocol
Internet Address IP address
Broadcast address Broadcast address
The Maximum Transmit Unit The maximum transmit unit (MTU)
IP input packets : 0, bytes : 0,
multicasts : 0 The number of input/output unicast
packets, bytes and multicast packets is
IP output packets : 0, bytes : 0, 0 respectively
multicasts : 0
TTL invalid packet number Number of TTL invalid packets received
Echo reply: 0
Unreachable: 0
Source quench: 0
Routing redirect: 0 The total number of ICMP packets
received, including echo reply packets,
Echo request: 0
unreachable packets, source quench
Router advert: 0 packets, routing redirect packets, echo
Router solicit: 0 request packets, router advert packets,
router solicit packets, time exceed
Time exceed: 0
packets, IP header bad packets,
IP header bad: 0 timestamp request packets, timestamp
Timestamp request: 0 reply packets, information request
packets, information reply packets,
Timestamp reply: 0
netmask request packets, netmask reply
Information request: 0 packets, and unknown type packets
Netmask request: 0
Netmask reply: 0
Unknown type: 0
1.1.5 display ip routing-table
Syntax
display ip routing-table
View
Any view
1-5
Parameter
None
Description
Use the display ip routing-table command to display the summary information about
the routing table.
This command displays the summary information about a routing table, with the items
of a routing entry contained in one line. The information displayed includes destination
IP address/mask length, protocol, preference, cost, next hop and outbound interface.
The display ip routing-table command only displays the routes currently in use, that is,
the optimal routes.
Example
# Display the summary information about the routing table.

<Quidway> display ip routing-table
Routing Table: public net
Destination/Mask Protocol Pre Cost Nexthop Interface
1.1.1.0/24 DIRECT 0 0 1.1.1.1 Vlan-interface1
1.1.1.1/32 DIRECT 0 0 127.0.0.1 InLoopBack0
Table 1-4 Description on the fields of the display ip routing-table command
Field Description
Destination/Mask Destination IP address/mask length
Protocol Routing protocol that discovers the route
Pre Route preference

Cost Route cost
Nexthop Next hop IP address of the route
Outbound interface, through which packets destined for the
Interface
destination network segment are to be transmitted
1.1.6 display ip routing-table acl
Syntax
display ip routing-table acl acl-number [ verbose ]
1-6
View
Any view
Parameter
acl-number: Number of a basic access control list (ACL), in the range of 2000 to 2999.
verbose: Displays the detailed information about the active and inactive routes filtered
by the specified ACL. If you do not specify this keyword, the summary information about
the active routes filtered by the specified ACL is displayed.
Description
Use the display ip routing-table acl command to display the routes permitted by the
specified basic ACL.
As this command displays the routes filtered by a basic ACL, you can use it to trace
routing policies.
Example
# Display the summary information about the active routes permitted by ACL 2000.
[Quidway] acl number 2000
[Quidway-acl-basic-2000] rule permit source 10.1.1.1 0.0.0.255
[Quidway-acl-basic-2000] rule deny source any
[Quidway-acl-basic-2000] display ip routing-table acl 2000
Routes matched by access-list 2000:
Summary count: 2
The above output information is described in Table 1-4.

# Display the detailed information about the active and inactive routes permitted by
ACL 2000.
<Quidway> display ip routing-table acl 2000 verbose
+ = Active Route, - = Last Active, # = Both * = Next hop in use
Summary count: 2
**Destination: 10.1.1.0 Mask: 255.255.255.0

Protocol: #DIRECT Preference: 0
*NextHop: 10.1.1.2 Interface: 10.1.1.2(Vlan-interface1)
1-7
Vlinkindex: 0
State: <Int ActiveU Retain Unicast>
Age: 7:24 Cost: 0/0 tag: 0

*NextHop: 127.0.0.1 Interface: 127.0.0.1(InLoopBack0)
Vlinkindex: 0
State: <NoAdvise Int ActiveU Retain Gateway Unicast>
Age: 7:24 Cost: 0/0 tag: 0
Table 1-5 Description on the fields of the display ip routing-table acl command
Field Description
Destination Destination address
Mask Mask
Protocol Routing protocol that discovers the route
Preference Route preference
Nexthop Next hop IP address

Outbound interface, through which packets destined for the
Interface
destination network segment are to be transmitted
Vlinkindex Virtual link index
1-8
Field Description
Descriptions on the route state are as follows:
ActiveU Valid unicast route. “U” stands for unicast.
Blackhole route is the same as reject route except that a
router drops a packet traveling along a blackhole route
Blackhole
without sending ICMP unreachable messages to the
source of the packets.
Delete The route is deleted.
Gateway The route is not a direct route.
The route is a hidden route. For routes that are
temporarily unavailable for some reasons (such as the
Hidden
policy configured or the interface is down), you can hide
them for later use.
The route is held down. Holddown is a kind of route
advertisement policy used in some D-V (distance vector)
routing protocols (such as RIP) to avoid the propagation
Holddown
of some incorrect routes and improve the transmission
speed of route-unreachable information. For details,
refer to corresponding routing protocols.
State The route is discovered by the internal gateway protocol

Int
(IGP).
The route is not advertised when the router advertises
NoAdvise
routes based on policies
The route are not loaded to the core routing table but can
be advertised. Normally, the routes with the highest
NotInstall
preference in the routing table are loaded to the core
routing table and are advertised.
The packets travel along the route will be dropped.
Besides, the router sends ICMP unreachable messages
Reject
to the source of the dropped packets. The Reject routes
are usually used for network testing.
The route is not deleted when the routes read from the
core routing table are deleted. You can enable static
Retain
routes to remain in the core routing table by configure
them to be in retain state.
The route is not lost when you perform the save
Static operation and then restart the router. Routes marked as
Static are configured manually.
Unicast The route is an unicast route.
Time period during which the route is allowed in the routing table, in
Age
the form of hh:mm:ss.
Cost Cost of the route
1-9
1.1.7 display ip routing-table ip-address
Syntax
display ip routing-table ip-address [ mask ] [ longer-match ] [ verbose ]
View
Any view
Parameter
ip-address: Destination IP address, in dotted decimal notation.

mask: Mask of the destination IP address, which can be in dotted decimal notation or
be an integer ranging from 0 to 32.
longer-match: Displays all the routes leading to the destination coupled with the
default mask.
verbose: Displays the detailed information about the active and inactive routes leading
to the destination. If this keyword is not specified, only the summary information about
the active routes is displayed.
Description
Use the display ip routing-table ip-address command to display the information about
the routes leading to the destination.
The output information of this command differs with the arguments/keywords specified
as follows:
z display ip routing-table ip-address
For the destination address ip-address, if there are some routes matched within the
natural mask range, all subnet routes will be displayed. Otherwise, only the active
routes which match ip-address longest will be displayed.
z display ip routing-table ip-address mask
Only the routes which match exactly the specified destination address and mask are
displayed.
z display ip routing-table ip-address longer-match
All routes with destination addresses matched within the natural mask range will be
displayed.
z display ip routing-table ip_address mask longer-match
All routes with destination addresses matched within the specified mask range will be
displayed.
1-10
Example
# Display the summary information of the corresponding routes with destination

addresses matched within the natural mask range.
<Quidway> display ip routing-table 169.0.0.0
169.0.0.0/16 Static 60 0 2.1.1.1 LoopBack1
For the explanations of the displayed information, see Table 1-4.

# Display the summary information the longest matched routes.
169.0.0.0/8 Static 60 0 2.1.1.1 LoopBack1
# Display the detailed information of the routes with destination addresses matched
within the natural mask range.
<Quidway> display ip routing-table 169.0.0.0 verbose
Routing Tables:
Generate Default: no
Summary count:2
Protocol: #Static Preference: 60
*NextHop: 2.1.1.1 Interface: 2.1.1.1(LoopBack1)
Vlinkindex: 0
State: <Int ActiveU Static Unicast>
Age: 3:47 Cost: 0/0 Tag: 0
Protocol: #Static Preference: 60
Vlinkindex: 0
Age: 3:47 Cost: 0/0 Tag: 0
# Display the detailed information of the longest matched routes.

Routing Tables:
Generate Default: no
Summary count:1
Protocol: #Static Preference: -60
*NextHop: 2.1.1.1
Vlinkindex: 0
1-11

Age: 3:47 Cost: 0/0 Tag: 0
Refer to Table 1-5 for the description on the output fields.
1.1.8 display ip routing-table ip-address1 ip-address2
Syntax
display ip routing-table ip-address1 mask1 ip-address2 mask2 [ verbose ]
View
Any view
Parameter
ip-address1, ip-address2: Destination IP addresses in dotted decimal notation.

ip-address1 and mask1, together with ip-address2 and mask2, determine an IP
address range. The starting address of the IP address range is obtained by performing
AND operation between the ip-address1 and mask1 arguments; and the end address
of the IP address range is obtained by performing AND operation between the
ip-address2 and mask2 arguments.
mask1, mask2: IP address masks. These two arguments can be in dotted decimal
notation or two integers ranging from 0 to 32.
verbose: Displays the detailed information about the active and inactive routes. If you
do not specify this keyword, only the summary information about the active routes is
displayed.
Description
Use the display ip routing-table ip-address1 ip-address2 command to display the

information about the routes with their destinations within the specified destination IP
address range.
Example
# Display the information about the routes with their destinations within the range of
1.1.1.0 to 2.2.2.0.
<Quidway> display ip routing-table 1.1.1.0 24 2.2.2.0 24
Routing tables:
Summary count: 3
1-12
1.1.9 display ip routing-table ip-prefix
Syntax
display ip routing-table ip-prefix ip-prefix-name [ verbose ]
View
Any view
Parameter
ip-prefix-name: Name of an IP prefix list, a string comprising 1 to 19 characters.

verbose: Displays the detailed information about the active and inactive routes
matching a specified IP prefix list. If you do not specify this keyword, only the summary
information about the active routes matching the IP prefix list is displayed.
Description
Use the display ip routing-table ip-prefix command to display the information about
the routes matching a specified IP prefix list.
You can use this command to trace routing policies and display the routes matching a
specified IP prefix list.
If the specified IP prefix list does not exist, the detailed information about all the active
and inactive routes is displayed when you execute this command with the verbose
keyword specified, and only the summary information about all the active routes is
displayed if you execute this command with the verbose keyword not specified.
Example
# Display the summary information about the active routes matching the IP prefix list
named abc2.
[Quidway] display ip routing-table ip-prefix abc2
Routes matched by ip-prefix abc2:
Summary count: 2

# Display the detailed information about the active and inactive routes matching the IP
prefix list named abc2.
<Quidway> display ip routing-table ip-prefix abc2 verbose
1-13
Summary count: 2
Vlinkindex: 0
Age: 3:23:44 Cost: 0/0 Tag: 0

Vlinkindex: 0
Age: 3:23:44 Cost: 0/0 Tag: 0
1.1.10 display ip routing-table protocol
Syntax
display ip routing-table protocol protocol [ inactive | verbose ]
View
Any view
Parameter
protocol: This argument can be one of the following:

z direct: Displays the information about the direct routes.
z ospf: Displays the information about OSPF routes.
z ospf-ase: Displays the information about ASE routes.
z ospf-nssa: Displays the information about NSSA routes.
z rip: Displays the information about RIP routes.
z static: Displays the information about the static routes.
inactive: Displays the information about the inactive routes. If you do not specify this
keyword, the information about both active and inactive routes is displayed.
verbose: Displays the detailed route information. If you do not specify this keyword,
only the summary route information is displayed.
Description
Use the display ip routing-table protocol command to display the information about
specific routes.
1-14
Note:
The information about the OSPF protocol cannot be displayed on S3900-SI series
switches.
Example
# Display the summary information about all the direct routes.

<Quidway> display ip routing-table protocol direct
DIRECT Routing tables:
Summary count: 4
DIRECT Routing tables status:<active>:
Summary count: 3
DIRECT Routing tables status:<inactive>:
Summary count: 1
# Display the summary information about the static routing table.

<Quidway> display ip routing-table protocol static
STATIC Routing tables:
Summary count: 1
STATIC Routing tables status:<active>:
Summary count: 0
STATIC Routing tables status:<inactive>:
Summary count: 1
1.2.3.0/24 STATIC 60 0 1.2.4.5 Vlan-interface1
1.1.11 display ip routing-table radix
Syntax
display ip routing-table radix
View
Any view
1-15
Parameter
None
Description
Use the display ip routing-table radix command to display the information about the
routes in a routing table in a hierarchical way.
Example
<Quidway> display ip routing-table radix

Radix tree for INET (2) inodes 2 routes 2:
+--8+--{127.0.0.0
+-32+--{127.0.0.1
Table 1-6 Description on the fields of the display ip routing-table radix command
Field Description
INET Address family
Inodes Number of nodes
Routes Number of routes
1.1.12 display ip routing-table statistics
Syntax
display ip routing-table statistics
View
Any view
Parameter
None
Description
Use the display ip routing-table statistics command to display the statistics of a

routing table.
The statistics information displayed by this command includes:
z The total number of routes
z The number of the active routes
z The number of added routes
z The number of the routes with deleted flags
1-16
Example
# Display the statistics information about the routing table.

<Quidway> display ip routing-table statistics
Routing tables:
Proto route active added deleted
DIRECT 4 4 20 16
STATIC 2 2 2 0
RIP 0 0 0 0
OSPF 0 0 0 0
O_ASE 0 0 0 0
O_NSSA 0 0 0 0
Total 6 6 22 16
Table 1-7 Description on the fields of the display ip routing-table statistics

command
Field Description
Routing protocol: O_ASE indicates OSPF_ASE routes,
Proto O_NSSA indicates OSPF NSSA routes, and AGGRE
indicates the aggregated routes.
route Total number of routes
active Number of the active routes that are in currently in use
Number of the routes that are added to the routing table after
added
the switch starts or the routing table is cleared last time
Number of the routes with deleted flags (this type of routes
deleted
will be freed after a period of time)
Total Total number of various routes
1.1.13 display ip routing-table verbose
Syntax
display ip routing-table verbose
View
Any view
Parameter
None
1-17
Description
Use the display ip routing-table verbose command to display the detailed

information about a routing table.
This command displays the detailed information about the routing table, in the order of
route state, statistics of the routing table, and the information about each route.
You can use this command to display all the routes, including the inactive and invalid
routes.
Example
# Display the detailed information about the routing table.

<Quidway> display ip routing-table verbose
Routing Tables:
Destinations: 2 Routes: 2
Holddown: 0 Delete: 0 Hidden: 0

State: <NoAdvise Int ActiveU Retain Unicast>
Age: 57:12 Cost: 0/0

State: <NotInstall NoAdvise Int ActiveU Retain Gateway Unicast>
Age: 57:12 Cost: 0/0
The statistics of the routing table are displayed first, and then the detailed descriptions
of each route. Table 1-5 describes the route states and Table 1-8 describes the
statistics information about the routing table.
Table 1-8 Description on the fields of the display ip routing-table verbose command
Field Description
Holddown Number of the routes that are held down
Delete Number of the deleted routes
Hidden Number of the hidden routes
1-18
1.1.14 interface Vlan-interface
Syntax
interface Vlan-interface vlan-id

undo interface Vlan-interface vlan-id
View
System view
Parameter
vlan-id: ID of the management VLAN, in the range of 1 to 4094.
Description
Use the interface Vlan-interface command to create a management VLAN interface

and enter management VLAN interface view.
Use the undo interface Vlan-interface command to remove the management VLAN
interface.
Before creating a management VLAN interface, make sure the VLAN identified by the
vlan-id argument is created and is configured to be the management VLAN.
Note that:
To configure the management VLAN of a switch operating as a cluster management
device to be a cluster management VLAN (using the management-vlan vlan-id
command) successfully, make sure the vlan-id argument provided in the
management-vlan vlan-id command is consistent with that of the management VLAN.
Example
# Create VLAN 10 and configure it to be the management VLAN. Enter VLAN 10

interface view.
[Quidway] vlan 10
[Quidway-Vlan-interface10]
1.1.15 ip address
Syntax
ip address ip-address mask [ sub ]
1-19
undo ip address [ ip-address mask [ sub ] ]
View
VLAN interface view
Parameter
ip-address: IP address to be assigned to the management VLAN interface.

mask: Mask of the IP address to be assigned to the management VLAN interface. The
mask length is expressed as dotted decimal notation or integer in the range of 0 to 32.
sub: Specifies the secondary IP address.
Description
Use the ip address command to assign an IP address (and mask) to a management

VLAN interface.
Use the undo ip address command to remove the IP address assigned to a
management VLAN interface.
Related command: display interface Vlan-interface.
Example
# Assign an IP address (and the mask) to the management VLAN interface. (Assume
that VLAN 1 is the management VLAN.)
[Quidway-Vlan-interface1] ip address 192.168.0.39 255.255.255.0
1.1.16 ip host
Syntax
ip host hostname ip-address

undo ip host hostname [ ip-address ]
View
System view
Parameter
hostname: Host name, a character string comprising 1 to 20 characters. The character

string can include letters, numbers, “_”, and “,”, and must contain at least one letter.
ip-address: Host IP address, in dotted decimal notation.
1-20
Description
Use the ip host command to configure a host name and the corresponding IP address
for a switch.
Use the undo ip host command to remove the host name and the corresponding IP
address of a switch.
By default, the host name and the corresponding IP address of a switch are null.
Related command: display ip host.
Example
# Configure the host name and the corresponding IP address of a switch to be

Lanswitch2 and 10.110.0.2.
[Quidway] ip host Lanswitch2 10.110.0.2
1.1.17 ip route-static
Syntax
ip route-static ip-address mask { NULL null-interface-number | next-hop }

[ preference preference-value ] [ reject | blackhole ] [ detect-group detect-group-id ]
[ description text ]
undo ip route-static ip-address mask [ NULL null-interface-number | next-hop ]
[ preference preference-value ]
View
System view
Parameter
ip-address: Destination IP address in dotted decimal notation.

mask: IP address mask. The mask length is expressed as dotted decimal notation or
integer in the range of 0 to 32.
NULL null-interface-number: Specifies a null interface. A null interface is a virtual
interface. Packets destined for a null interface is discarded. Null interface helps to
reduce system load.
next-hop: IP address of the next hop of this route, in dotted decimal notation.
preference-value: Preference of this route, in the range of 1 to 255.
reject: Specifies the route to be an unreachable route.
blackhole: Specifies the route to be a blackhole route.
detect-group: Specifies the detect group for the route.
1-21
detect-group-id: Detect group number in the range of 1 to 25.

description text: Specifies a descriptive string for the static route. The text argument is
a string comprising 1 to 60 characters.
Description
Use the ip route-static command to configure a static route.

Use the undo ip route-static command to remove a static route.
By default, the system can obtain the routes to the subnets directly connected to a
router. If you do not specify the preference when configuring a static route, the value
specified by the ip route-static default-preference command (which defaults to 60) is
adopted. Note that routes with the same destinations, the same next hops, but different
preferences are different routes. Among these routes, the one with least preference
(which means the highest preference) is chosen to be the current route. A route
configured using the ip route-static command is a reachable route if neither of the
reject and blackhole keywords is specified.
Note the following when configuring a static route:
z The next hop address of a static route cannot be the VLAN interface address of
the local switch.
z A static route with both its destination IP address and mask both being 0.0.0.0 is
the default route. When no matched entry is found in the routing table, a received
packet is forwarded according to the default route.
Related command: display ip routing-table, ip route-static default-preference.
Example
# Configure the next hop of the default route to be 129.102.0.2.

[Quidway] ip route-static 0.0.0.0 0.0.0.0 129.102.0.2
1.1.18 management-vlan
Syntax
management-vlan vlan-id
undo management-vlan
View
System view
Parameter
vlan-id: ID of a management VLAN, in the range of 1 to 4094. It is 1 by default.
1-22
Description
Use the management-vlan command to set the management VLAN.

Use the undo management vlan command to restore the default management VLAN.
By default, VLAN 1 is the management VLAN.
Example
# Set VLAN 2 as the management VLAN.

1.1.19 shutdown
Syntax
shutdown
undo shutdown
View
VLAN interface view
Parameter
None
Description
Use the shutdown command to shut down a management VLAN interface.

Use the undo shutdown command to bring up a management VLAN interface.
By default, a management VLAN interface is down if all the Ethernet ports in the
management VLAN are down, and the management VLAN interface is up if one or
more Ethernet ports in the management VLAN are up.
Example
# Bring up the management VLAN interface. (Assume that VLAN 1 is the management
VLAN.)
[Quidway-Vlan-interface1] undo shutdown
1-23
Command Manual - Management VLAN Chapter 2 DHCP/BOOTP Client
Quidway S3900 Series Ethernet Switches-Release 1510 Configuration
Chapter 2 DHCP/BOOTP Client Configuration
2.1 DHCP Client Configuration Commands

2.1.1 debugging dhcp client
Syntax
debugging dhcp client { all | error | event | packet }

undo debugging dhcp client { all | error | event | packet }
View
User view
Parameter
all: Enables all types of debugging for dynamic host configuration protocol (DHCP) or
bootstrap protocol (BOOTP) client.
error: Enables debugging for DHCP/BOOTP client error messages (including the
information about unidentified packets).
event: Enables debugging for DHCP/BOOTP client events (including address
allocation and data update).
packet: Enables debugging for packets received/transmitted by a DHCP/BOOTP
client.
Description
Use the debugging dhcp client command to enable debugging for the DHCP/BOOTP
client.
Use the undo debugging dhcp client command to disable debugging output.
By default, debugging for DHCP/BOOTP client is disabled.
Disable debugging as soon as debugging is over, because debugging occupies plenty
of system resources.
Example
# Enable debugging for DHCP/BOOTP client events.

<Quidway> debugging dhcp client event
2-1
2.1.2 debugging dhcp irf xha
Syntax
debugging dhcp irf xha

undo debugging dhcp irf xha
View
User view
Parameter
None
Description
Use the debugging dhcp irf xha command to enable the hot backup debugging for
the DHCP/BOOTP client.
Use the undo debugging dhcp irf xha command to disable the hot backup debugging
for the DHCP/BOOTP client.
The hot backup debugging for the DHCP/BOOTP client is disabled by default.
Example
# Enable the hot backup debugging for the DHCP/BOOTP client.

<Quidway> debugging dhcp irf xha
2.1.3 display dhcp client
Syntax
display dhcp client [ verbose ]
View
Any view
Parameter
verbose: Displays the detailed the DHCP client information about address allocation.
Description
Use the display dhcp client command to display the DHCP client-related information.
Example
# Display the DHCP client information about address allocation.

<Quidway> display dhcp client verbose
DHCP client statistic information:
2-2
Vlan-interface1:
Current machine state: BOUND
Alloced IP: 169.254.0.2 255.255.0.0
Alloced lease: 86400 seconds, T1: 43200 seconds, T2: 75600 seconds
Lease from 2002.09.20 01:05:03 to 2002.09.21 01:05:03
Server IP: 169.254.0.1
Transaction ID = 0x3d8a7431
Default router: 2.2.2.2
DNS server: 1.1.1.1
Domain name: huawei-3com.com
Client ID: 00e0-fc0a-c3ef
Next timeout will happen after 0 days 11 hours 56 minutes 1 seconds.
The statistics information above shows that:

z The IP address 169.254.0.2/16 is allocated to VLAN interface1;
z The current state of the client state machine is BOUND;
z The lease period of the address is 86400 seconds;
z The value of the renewal timer and rebinding timer is 43200 seconds and 75600
seconds respectively;
z The lease period is from 2002.09.20 01:05:03 to 2002.09.21 01:05:03;
z The IP address of the DHCP server is 169.254.0.1;
z The IP address of the gateway is 2.2.2.2;
z Next timeout will happen after 11 hours 56 minutes 1 second.
Table 2-1 Description on the fields of the display dhcp client command
Field Description
VLAN interface operating as a DHCP client to obtain an
Vlan-interface1
IP address dynamically
Current machine state The state of the client state machine
Alloced IP IP address allocated to the DHCP client
lease Lease period
T1 Renewal timer readout

T2 Rebinding timer readout
Lease from….to…. The starting and end time of the lease period
Server IP IP address of the DHCP server
Transaction ID Transaction ID
Default router Gateway address
2-3
2.1.4 ip address dhcp-alloc
Syntax
ip address dhcp-alloc
undo ip address dhcp-alloc
View
VLAN interface view
Parameter
None
Description
Use the ip address dhcp-alloc command to configure a VLAN interface to obtain an IP

address through DHCP.
Use the undo ip address dhcp-alloc command to cancel the configuration.
By default, a VLAN interface does not use DHCP to obtain an IP address.
Example
# Configure the management VLAN interface to obtain an IP address through DHCP.

(Assume that VLAN 1 is the management VLAN.)
[Quidway-Vlan-interface1] ip address dhcp-alloc
2.2 BOOTP Client Configuration Commands

2.2.1 display bootp client
Syntax
display bootp client [ interface Vlan-interface vlan-id ]
View
Any view
Parameter
vlan-id: ID of the management VLAN interface.
2-4
Description
Use the display bootp client command to display BOOTP client-related information,
including the MAC address of the BOOTP client and the IP address obtained.
Example
# Display the BOOTP client-related information.

<Quidway> display bootp client interface Vlan-interface 1
Vlan-interface1:
Allocated IP: 169.254.0.2 255.255.0.0
Transaction ID = 0x3d8a7431
Mac Address 00e0-fc0a-c3ef
Table 2-2 Description on the fields of the display bootp client command
Field Description
Management VLAN interface 1 is configured to obtain
Vlan-interface1
an IP address through BOOTP.
Allocated IP IP address allocated to VLAN interface 1
Transaction ID Value of the XID field in BOOTP packets
Mac Address MAC address of the BOOTP client
2.2.2 ip address bootp-alloc
Syntax
ip address bootp-alloc
undo ip address bootp-alloc
View
VLAN interface view
Parameter
None
Description
Use the ip address bootp-alloc command to configure a VLAN interface to obtain an

IP address through BOOTP.
Use the undo ip address bootp-alloc command to cancel the configuration.
By default, a VLAN interface does not use BOOTP to obtain an IP address.
Related command: display bootp client.
2-5
Example
# Configure the management VLAN interface to obtain an IP address through BOOTP.

(Assume that VLAN 1 is the management VLAN.)
[Quidway-Vlan-interface1] ip address bootp-alloc
2-6
Command Manual – Voice VLAN
Table of Contents
Chapter 1 Voice VLAN Configuration Commands ..................................................................... 1-1

1.1 Voice VLAN Configuration Commands ............................................................................. 1-1
1.1.1 display voice vlan error-info .................................................................................... 1-1
1.1.2 display voice vlan oui .............................................................................................. 1-1
1.1.3 display voice vlan status ......................................................................................... 1-2
1.1.4 display vlan.............................................................................................................. 1-3
1.1.5 voice vlan ................................................................................................................ 1-4
1.1.6 voice vlan aging....................................................................................................... 1-5
1.1.7 voice vlan enable .................................................................................................... 1-6
1.1.8 voice vlan mac-address .......................................................................................... 1-7
1.1.9 voice vlan mode ...................................................................................................... 1-8
1.1.10 voice vlan security enable ..................................................................................... 1-8
i
Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 Voice VLAN Configuration Commands
Chapter 1 Voice VLAN Configuration Commands
1.1 Voice VLAN Configuration Commands

1.1.1 display voice vlan error-info
Syntax
display voice vlan error-info
View
Any view
Parameter
None
Description
Use the display voice error-info command to display the ports on which the voice
VLAN function fails to be enabled.
Note:
When the number of ACL applied to a port reaches to its upper limit, the voice VLAN
function can not be enabled on the port.
Example
# Display the ports on which the voice VLAN function fails to be enabled.
<Quidway> display voice vlan error-info
Fail to apply voice VLAN ACL rules to the following port(s):
Ethernet1/0/10 Ethernet1/0/15
1.1.2 display voice vlan oui
Syntax
display voice vlan oui
View
Any view
1-1
Parameter
None
Description
Use the display voice vlan oui command to display the currently supported OUI
addresses and the related information.
Related command: voice vlan voice, vlan enable.
Example
# Display the OUI addresses and the related information of the voice VLAN.
<Quidway> display voice vlan oui
Oui Address Mask Description
0003-6b00-0000 ffff-ff00-0000 Cisco phone
00ef-e200-0000 ffff-ff00-0000 H3C Aolynk phone
00d0-1e00-0000 ffff-ff00-0000 Pingtel phone
00e0-7500-0000 ffff-ff00-0000 Polycom phone
00e0-bb00-0000 ffff-ff00-0000 3Com phone
1.1.3 display voice vlan status
Syntax
display voice vlan status
View
Any view
Parameter
None
Description
Use the display voice vlan status command to display voice VLAN-related
information, including voice VLAN operation mode, port mode (manual mode or
automatic mode), and so on.
Related command: voice vlan, voice vlan enable.
Example
# Display the information about the voice VLAN.

<Quidway> display voice vlan status
Voice Vlan status: ENABLE
Voice Vlan ID: 2
Voice Vlan security mode: Security
1-2
Voice Vlan aging time: 100 minutes

Current voice vlan enabled port mode:
PORT MODE
--------------------------------
Ethernet1/0/2 AUTO
Ethernet1/0/3 MANUAL
Table 1-1 Description on the fields of the display voice vlan status command
Field Description
The status of global voice VLAN function:
Voice Vlan status
enabled/disabled
The VLAN which is currently enabled with voice
Voice Vlan ID
VLAN function.
The status of voice VLAN security mode:
Voice Vlan security mode
enabled/disabled.
Voice Vlan aging time The voice VLAN aging time
Current voice vlan enable port

The ports with the voice VLAN function enabled
mode
Caution:
The “Current voice vlan enable port mode” field lists the ports with the voice VLAN
function enabled. Note that a port listed in this field may not currently operate in a voice
VLAN. To check the ports operating in the current voice VLAN, use the display vlan
command, which is described in section 0“
display vlan”.
1.1.4 display vlan
Syntax
display vlan vlan-id
View
Any view
Parameter
vlan-id: Voice VLAN ID in the range of 1 to 4094. VLAN 1 can not be enabled with voice
VLAN function.
1-3
Description
Use the display vlan command to display the ports in the current voice VLAN.
Related command: voice vlan.
Example
# Display the ports included in the current voice VLAN, assuming that the current voice
VLAN is VLAN 6.
<Quidway> display vlan 6
VLAN ID: 6
VLAN Type: static
Route Interface: not configured
Description: VLAN 0006
Name: VLAN 0006
Tagged Ports:
Ethernet1/0/5
Untagged Ports:
Ethernet1/0/6
The output indicates that Ethernet1/0/5 and Ethernet1/0/6 ports are in the current voice
VLAN.
1.1.5 voice vlan
Syntax
voice vlan vlan-id enable

undo voice vlan enable
View
System view
Parameter
vlan-id: ID of the VLAN that needs to be enabled with the voice VLAN function, ranging
from 2 to 4094.
Description
Use the voice vlan command to enable the voice VLAN function globally.
Use the undo voice vlan enable command to disable the voice VLAN function
globally.
1-4
Caution:
z When you are enabling voice VLAN function for a specified VLAN, the specified
VLAN must exist, otherwise, your configuration fails.
z If you want to delete a VLAN with voice VLAN function enabled, you must disable
the voice VLAN function first.
z The voice VLAN function can be enabled for only one VLAN at the same time.
Related command: display voice vlan status.
Example
# Create VLAN 2, and enable the voice VLAN function for it.
[Quidway] vlan 2
[Quidway] voice vlan 2 enable
# After the voice function of VLAN2 is enabled, if you enable the voice VLAN function
for other VLANs, the system will prompt that your configuration fails.
[Quidway] voice vlan 4 enable
Can't change voice vlan configuration when other voice vlan is running
1.1.6 voice vlan aging
Syntax
voice vlan aging minutes

undo voice vlan aging
View
System view
Parameter
minutes: Aging time (in minutes) to be set for a voice VLAN. This argument ranges from
5 to 43,200 and defaults to 1,440.
Description
Use the voice vlan aging command to set the aging time for a voice VLAN.
Use the undo voice vlan aging command to restore the default aging time for a voice
VLAN.
1-5
Example
# Set the aging time of the voice VLAN to 100 minutes.

[Quidway] voice vlan aging 100
1.1.7 voice vlan enable
Syntax
voice vlan enable

undo voice vlan enable
View
Ethernet port view
Parameter
None
Description
Use the voice vlan enable command to enable the voice VLAN function for a port.
Use the undo voice vlan enable command to disable the voice VLAN function for a
port.
The voice VLAN function takes effect on a port only when it is enabled in both system
view and port view. Note that the operation to enable the voice VLAN function for a port
is independent of that to enable the function globally.
Example
# Enable the voice VLAN function for Ethernet1/0/2 port.

[Quidway-Ethernet1/0/2] voice vlan enable
1-6
1.1.8 voice vlan mac-address
Syntax
voice vlan mac-address oui mask oui-mask [ description text ]

undo voice vlan mac-address oui
View
System view
Parameter
oui: MAC address to be set. You need to provide this argument in the format of H-H-H.
oui-mask: MAC address mask in the format of H-H-H. This argument specifies the valid
bits of the MAC address.
text: Description string of the MAC address. This argument can contain 1 to 30
characters.
Description
Use the voice vlan mac-address command to set a MAC address used for a voice
VLAN to identify voice devices.
Use the undo voice vlan mac-address command to disable a MAC address from
being used to identify voice devices.
A switch can use up to 16 MAC addresses to identify voice devices, including the five
default OUI addresses (as listed in Table 1-2). When the number of MAC addresses
reaches 16, you will fail to add new MAC addresses.
Table 1-2 Default OUI addresses of a switch
Number OUI address Vendor

1 0003-6b00-0000 Cisco phone
2 000f-e200-0000 H3C Aolynk phone
3 00d0-1e00-0000 Pingtel phone
4 00e0-7500-0000 Polycom phone
5 00e0-bb00-0000 3Com phone
Related command: display voice vlan oui.
Example
# Set 00aa-bb00-0000 as an OUI address, with the description string being “ABC”.
1-7

[Quidway] voice vlan mac-address 00aa-bb00-0000 mask ffff-ff00-0000
description ABC
1.1.9 voice vlan mode
Syntax
voice vlan mode auto

undo voice vlan mode auto
View
Ethernet port view
Parameter
None
Description
Use the voice vlan mode auto command to configure an Ethernet port to operate in
the automatic voice VLAN mode.
Use the undo voice vlan mode auto command to configure an Ethernet port to
operate in the manual voice VLAN mode.
By default, an Ethernet port operates in the automatic voice VLAN mode.
Example
# Configure Ethernet1/0/2 port to operate in the manual voice VLAN mode.

[Quidway] interface Ethernet 1/0/2
[Quidway-Ethernet1/0/2] undo voice vlan mode auto
1.1.10 voice vlan security enable
Syntax
voice vlan security enable

undo voice vlan security enable
View
System view
1-8
Parameter
None
Description
Use the voice vlan security enable command to enable the voice VLAN security
mode.
Use the undo voice vlan security enable command to disable the voice VLAN
security mode.
In the voice VLAN security mode, the ports in a voice VLAN and with voice devices
attached to can only forward voice data. Data packets with their MAC addresses not
among the OUI addresses that can be identified by the system will be dropped. This
mode has no effects on other VLANs.
By default, the voice VLAN security mode is enabled.
Example
# Disable the voice VLAN security mode.

[Quidway] undo voice vlan security enable
1-9
Command Manual – GVRP
Table of Contents
Chapter 1 GVRP Configuration Commands ............................................................................... 1-1

1.1 GARP Configuration Commands....................................................................................... 1-1
1.1.1 display garp statistics .............................................................................................. 1-1
1.1.2 display garp timer .................................................................................................... 1-2
1.1.3 garp timer ................................................................................................................ 1-2
1.1.4 garp timer leaveall ................................................................................................... 1-4
1.1.5 reset garp statistics ................................................................................................. 1-5
1.2 GVRP Configuration Commands....................................................................................... 1-6
1.2.1 display gvrp statistics .............................................................................................. 1-6
1.2.2 display gvrp status .................................................................................................. 1-7
1.2.3 gvrp ......................................................................................................................... 1-7
1.2.4 gvrp registration....................................................................................................... 1-8
i
1510 Chapter 1 GVRP Configuration Commands
Chapter 1 GVRP Configuration Commands
1.1 GARP Configuration Commands

1.1.1 display garp statistics
Syntax
display garp statistics [ interface interface-list ]
View
Any view
Parameter
interface-list: List of Ethernet ports. You can specify multiple Ethernet ports by providing
this argument in the form of interface-list = { interface-type interface-number [ to
interface-type interface-number ] } &<1-10>, where &<1-10> means that you can
provide up to 10 port indexes/port index lists for this argument.
Description
Use the display garp statistics command to display the GARP statistics of specified
ports or all ports.
This command displays the following information:
z Number of the GMRP packets received
z Number of the GVRP packets received
z Number of the GMRP packets transmitted
z Number of the GVRP packets transmitted
z Number of the packets discarded
Example
# Display the GARP statistics of port Ethernet1/0/1.

<Quidway> display garp statistics interface Ethernet1/0/1
GARP statistics on port Ethernet1/0/1
Number Of GMRP Frames Received : 0
Number Of GVRP Frames Received : 0
Number Of GMRP Frames Transmitted : 0
Number Of GVRP Frames Transmitted : 0
Number Of Frames Discarded : 0
1-1
1.1.2 display garp timer
Syntax
display garp timer [ interface interface-list ]
View
Any view
Parameter
Description
Use the display garp timer command to display the settings of the GARP timers on
specified ports or all ports.
This command displays the settings of the following timers:
z Join timer
z Leave timer
z LeaveAll timer
z Hold timer
Related command: garp timer, garp timer leaveall.
Example
# Display the settings of the GARP timers on port Ethernet1/0/1.

<Quidway> display garp timer interface Ethernet1/0/1
GARP timers on port Ethernet1/0/1
Garp Join Time : 20 centiseconds

Garp Leave Time : 60 centiseconds
Garp LeaveAll Time : 1000 centiseconds
Garp Hold Time : 10 centiseconds
1.1.3 garp timer
Syntax
garp timer { hold | join | leave } timer-value

undo garp timer { hold | join | leave }
1-2
View
Ethernet port view
Parameter
hold: Sets the GARP Hold timer. When a GARP entity receives a piece of registration
information, it does not send out a Join message immediately. Instead, to save the
bandwidth resources, it starts the Hold timer, puts all registration information it receives
before the timer times out into one Join message and sends out the message after the
timer times out.
join: Sets the GARP Join timer. To transmit the Join messages reliably to other entities,
a GARP entity sends each Join message two times. The Join timer is used to define the
interval between the two sending operations of each Join message.
leave: Sets the GARP Leave timer. When a GARP entity expects to deregister a piece
of attribute information, it sends out a Leave message. Any GARP entity receiving this
message starts its Leave timer, and deregisters the attribute information if it does not
receives a Join message again before the timer times out.
timer-value: Timeout time (in centiseconds) of the GARP timer (Hold, Join or Leave) to
be set. This argument needs to be a multiple of 5. By default, it is 10, 20, and 60 for
Hold, Join and Leave timers respectively.
Description
Use the garp timer command to set a GARP timer (that is, the Hold timer, the Join timer,
or the Leaver timer) for an Ethernet port.
Use the undo garp timer command to restore the default setting of a GARP timer.
The timeout ranges of the timers vary depending on the timeout values you set for other
timers. If you want to set the timeout time of a timer to a value out of the current range,
you can set the timeout time of the associated timer to another value to change the
timeout range of this timer.
The following table describes the relations between the timers:
Table 1-1 Relations between the timers
Timer Lower threshold Upper threshold

This upper threshold is less than or
equal to one-half of the timeout time
Hold 10 centiseconds of the Join timer. You can change the
threshold by changing the timeout
time of the Join timer.
1-3
Timer Lower threshold Upper threshold

This lower threshold is
greater than or equal to twice This upper threshold is less than
the timeout time of the Hold one-half of the timeout time of the
Join timer. You can change the Leave timer. You can change the
threshold by changing the threshold by changing the timeout
timeout time of the Hold time of the Leave timer.
timer.
This upper threshold is less than the
greater than twice the timeout
timeout time of the LeaveAll timer.
time of the Join timer. You
Leave You can change the threshold by
can change the threshold by
changing the timeout time of the
changing the timeout time of
LeaveAll timer.
the Join timer.
greater than the timeout time
of the Leave timer. You can
LeaveAll 32,765 centiseconds
change threshold by
changing the timeout time of
the Leave timer.
Related command: display garp timer.
Example
# Set the GARP Join timer to 20 centiseconds for port Ethernet1/0/1.

[Quidway-Ethernet1/0/1] garp timer join 20
1.1.4 garp timer leaveall
Syntax
garp timer leaveall timer-value

undo garp timer leaveall
View
System view
Parameter
timer-value: Setting (in centiseconds) of the GARP LeaveAll timer. You need to set this
argument with the Leave timer settings of other Ethernet ports as references. That is,
this argument needs to be larger than the Leave timer settings of any Ethernet ports.
Also note that this argument needs to be a multiple of 5 and cannot be larger than
32,765.
1-4
By default, the LeaveAll timer is set to 1,000 centiseconds (that is, 10 seconds).
Description
Use the garp timer leaveall command to set the GARP LeaveAll timer.
Use the undo garp timer leaveall command to restore the default setting of the GARP
LeaveAll timer.
Once a GARP entity starts up, it starts the LeaveAll timer, and sends out a LeaveALL
message after the timer times out, so that other GARP entities can re-register all the
attribute information on this entity. After that, the entity restarts the LeaveAll timer to
begin a new cycle.
Related command: display garp timer.
Example
# Set the GARP LeaveAll timer to 100 centiseconds.

[Quidway] garp timer leaveall 100
1.1.5 reset garp statistics
Syntax
reset garp statistics [ interface interface-list ]
View
User view
Parameter
Description
Use the reset garp statistics command to clear the GARP statistics (such as the
information about the packets received/sent/discarded by GVRP/GMRP) on specified
or all ports.
Executing the reset garp statistics command without any parameter clears the GARP
statistics of all ports.
Related command: display garp statistics.
1-5
Example
# Clear GARP statistics of all ports.

<Quidway> reset garp statistics
1.2 GVRP Configuration Commands

1.2.1 display gvrp statistics
Syntax
display gvrp statistics [ interface interface-list ]
View
Any view
Parameter
Description
Use the display gvrp statistics command to display the GVRP statistics of specified
or all trunk ports.
This command displays the following information:
z GVRP status
z Number of the GVRP entries that fail to be registered
z Source MAC address of the previous GVRP PDU
z GVRP registration type of a port
Example
# Display the GVRP statistics of port Ethernet1/0/1, assuming that the port is a trunk
port.
<Quidway> display gvrp statistics interface Ethernet1/0/1
GVRP statistics on port Ethernet1/0/1
GVRP Status : Enabled

GVRP Failed Registrations : 0
GVRP Last Pdu Origin : 0000-0000-0000
GVRP Registration Type : Normal
1-6
1.2.2 display gvrp status
Syntax
display gvrp status
View
Any view
Parameter
None
Description
Use the display gvrp status command to display the global GVRP status (enabled or
disabled).
Example
# Display the global GVRP status.

<Quidway> display gvrp status
GVRP is enabled
The above information indicates that GVRP is enabled globally.
1.2.3 gvrp
Syntax
gvrp
undo gvrp
View
System view, Ethernet port view
Parameter
None
Description
Use the gvrp command to enable GVRP globally (in system view) or for a port (in
Ethernet port view).
Use the undo gvrp command to disable GVRP globally (in system view) or on a port (in
Ethernet port view).
By default, GVRP is disabled both globally and on ports.
Note that:
1-7
z To enable GVRP for a port, you need to enable GVRP globally first.
z GVRP is disabled on any ports if GVRP is disabled globally. In this case, you
cannot enable GVRP for a port.
z You can enable/disable GVRP only on trunk ports.
z After you enable GVRP on a trunk port, you cannot change the port to other types.
Related command: display gvrp status.
Example
# Enable GVRP globally.

[Quidway] gvrp
GVRP is enabled globally.
1.2.4 gvrp registration
Syntax
gvrp registration { fixed | forbidden | normal }

undo gvrp registration
View
Ethernet port view
Parameter
fixed: Allows the manual creation and registration of VLANs on the current port, and
inhibits the dynamic registration and deregistration of VLANs on the current port.
forbidden: Deregisters all the VLANs except VLAN 1 on the current port, and inhibits
the creation and registration of any other VLAN on the current port.
normal: Allows both manual and dynamic creation, registration, and Deregistration of
VLANs on the current port.
Description
Use the gvrp registration command to configure the GVRP registration type on a port.
Use the undo gvrp registration command to restore the default GVRP registration
type on a port.
By default, the registration type is normal.
Note that these commands can be operated only on trunk ports.
Related command: display gvrp statistics
1-8
Example
# Configure the GVRP registration type on the port Ethernet1/0/1 to fixed.

[Quidway-Ethernet1/0/1] gvrp registration fixed
1-9
Command Manual – Port BasicConfiguration
Table of Contents
Chapter 1 Port Basic Configuration Commands........................................................................ 1-1

1.1.1 Port Basic Configuration Commands...................................................................... 1-1
1.1.2 broadcast-suppression............................................................................................ 1-1
1.1.3 copy configuration ................................................................................................... 1-2
1.1.4 description ............................................................................................................... 1-4
1.1.5 display brief interface .............................................................................................. 1-5
1.1.6 display interface ...................................................................................................... 1-6
1.1.7 display loopback-detection...................................................................................... 1-9
1.1.8 display transceiver-information interface .............................................................. 1-10
1.1.9 display port ............................................................................................................ 1-11
1.1.10 display unit .......................................................................................................... 1-11
1.1.11 duplex.................................................................................................................. 1-13
1.1.12 flow-control .......................................................................................................... 1-14
1.1.13 flow interval ......................................................................................................... 1-14
1.1.14 giant-frame statistics enable ............................................................................... 1-15
1.1.15 interface............................................................................................................... 1-16
1.1.16 jumboframe enable ............................................................................................. 1-17
1.1.17 loopback .............................................................................................................. 1-18
1.1.18 loopback-detection control enable ...................................................................... 1-19
1.1.19 loopback-detection enable .................................................................................. 1-20
1.1.20 loopback-detection interval-time ......................................................................... 1-20
1.1.21 loopback-detection per-vlan enable .................................................................... 1-21
1.1.22 mdi....................................................................................................................... 1-22
1.1.23 multicast-suppression ......................................................................................... 1-23
1.1.24 port access vlan .................................................................................................. 1-24
1.1.25 port hybrid pvid vlan ............................................................................................ 1-25
1.1.26 port hybrid vlan.................................................................................................... 1-25
1.1.27 port link-type........................................................................................................ 1-26
1.1.28 port trunk permit vlan .......................................................................................... 1-27
1.1.29 port trunk pvid vlan.............................................................................................. 1-28
1.1.30 reset counters interface....................................................................................... 1-29
1.1.31 shutdown ............................................................................................................. 1-30
1.1.32 speed................................................................................................................... 1-30
1.1.33 unicast-suppression ............................................................................................ 1-31
1.1.34 virtual-cable-test.................................................................................................. 1-32
i
Command Manual – Port Basic Configuration Chapter 1 Port Basic Configuration
Chapter 1 Port Basic Configuration Commands
1.1.1 Port Basic Configuration Commands
1.1.2 broadcast-suppression
Syntax
broadcast-suppression { ratio | pps max-pps }

undo broadcast-suppression
View
System view or Ethernet port view
Parameter
ratio: Maximum ratio of the received broadcast traffic to the total bandwidth on an
Ethernet port. The value ranges from 1 to 100 (in step of 1) and defaults to 100. The
smaller the ratio is, the less broadcast traffic is allowed.
max-pps: Maximum number of broadcast packets allowed to be received per second
on an Ethernet port (in pps).
z In system view, the max-pps argument is in the range of 1 to 262,143.
z In Ethernet port view, the max-pps argument is in the range of 1 to 148,810.
Description
Use the broadcast-suppression command to limit broadcast traffic allowed to be

received on each port (in system view) or on a specified port (in Ethernet port view).
Use the undo broadcast-suppression command to restore the default broadcast
suppression setting.
The broadcast-suppression command is used to enable broadcast suppression. By
default, broadcast suppression is disabled.
When incoming broadcast traffic exceeds the broadcast traffic threshold you set, the
system drops the packets exceeding the threshold to reduce the broadcast traffic ratio
to the reasonable range, so as to keep normal network service.
z You can use the undo broadcast-suppression command in system view to
cancel the broadcast suppression settings on all ports, or use the
broadcast-suppression command in system view to make a global setting.
z Executing the commands in Ethernet port view only takes effect on the current
port.
1-1
Note:
The global broadcast suppression setting configured by the broadcast-suppression
command in system view takes effect on all Ethernet ports in the system except for the
reflection ports, stack ports and ports having their own broadcast suppression settings.
Example
# Allow incoming broadcast traffic on the Ethernet1/0/1 port to occupy at most 20% of
the bandwidth on the port.
[Quidway] interface ethernet 1/0/1
[Quidway-Ethernet1/0/1] broadcast-suppression 20
# Set the maximum number of broadcast packets that can be received per second by
the Ethernet1/0/1 port to 1000 pps.
[Quidway-Ethernet1/0/1] broadcast-suppression pps 1000
1.1.3 copy configuration
Syntax
copy configuration source { interface-type interface-number | aggregation-group

source-agg-id } destination { interface-list [ aggregation-group destination-agg-id ] |
aggregation-group destination-agg-id }
View
System view
Parameter
interface-type: Port type.

interface-number: Port number.
source-agg-id: Source aggregation group number, in the range of 1 to 416. The port
with the smallest port number in the aggregation group is used as the source port.
destination-agg-id: Destination aggregation group number, in the range of 1 to 416.
interface-list: Destination port list, interface-list =interface-type interface-number [ to
interface-type interface-number ] &<1-10. &<1-10> means that you can input up to 10
ports/port ranges.
1-2
Description
Use the copy configuration command to copy the configuration on a port to some
other ports to keep consistent configuration on them.
Note:
z If you specify a source aggregation group ID, the system uses the port with the
smallest port number in the aggregation group as the source.
z If you specify a destination aggregation group ID, the configuration of the source
port will be copied to all ports in the aggregation group and all ports in the group will
have the same configuration as that of the source port.
The configuration that can be copied includes: VLAN configuration, protocol-based

VLAN configuration, LACP configuration, QoS configuration, GARP configuration, STP
configuration and initial port configuration.
z VALN configuration: includes IDs of the VLANs allowed on the port and the default
VLAN ID of the port;
z Protocol-based VLAN configuration: includes IDs and indexes of the
protocol-based VLANs allowed on the port;
z Link aggregation control protocol (LACP) configuration: includes LACP
enable/disable status;
z QoS configuration: includes rate limit, port priority, and default 802.1p priority on
the port;
z STP configuration: includes STP enable/disable status on the port, link attribute on
the port (point-to-point or non-point-to-point), STP priority, path cost, packet
transmission rate limit, whether loop protection is enabled, whether root protection
is enabled, and whether the port is an edge port;
z Generic attribute registration protocol (GARP) configuration: includes GVRP
enable/disable status, timer settings, and registration mode;
z Port configuration: includes link type of the port, port rate and duplex mode.
Example
# Copy the configuration of Ethernet1/0/1 to Ethernet1/0/2 and Ethernet1/0/3.

[Quidway] copy configuration source ethernet 1/0/1 destination ethernet 1/0/2
ethernet 1/0/3
Note: The following will be removed from destination port list:
Aggregation port(s),Voice vlan port(s).
Copying VLAN configuration...
1-3
Copying Protocol based VLAN configuration...

Copying LACP configuration...
Copying QOS configuration...
Copying GARP configuration...
Copying STP configuration...
Copying speed/duplex configuration...
Note:
z Any aggregation group port you input in the destination port list will be removed from
the list and the copy command will not take effect on the port. If you want an
aggregation group port to have the same configuration with the source port, you can
specify the aggregation group of the port as the destination (with the
destination-agg-id argument).
z Any voice-VLAN-enabled port you input in the destination port list will be removed
from the list.
1.1.4 description
Syntax
description text
undo description
View
Ethernet port view
Parameter
text: Port description, a string of 1 to 80 characters.
Description
Use the description command to set a port description string.

Use the undo description command to remove the port description string.
By default, no description is defined for a port.
Example
# Set description string "lanswitch-interface" for the Ethernet1/0/1 port.

[Quidway] interface ethernet1/0/1
[Quidway-Ethernet1/0/1] description lanswitch-interface
1-4
1.1.5 display brief interface
Syntax
display brief interface [ interface-type interface-number ] [ | { begin | include |

exclude } string ]
View
Any view
Parameter

|: Specifies to use a regular expression to describe the configuration information entries
to be displayed.
begin: Each entry must begin with a specified character string.
include: Each entry must include a specified character string.
exclude: Each entry must not include a specified character string.
string: Regular expression, a character string of 1 to 256 characters.
Note:
For details about regular expression, refer to the “Configuration File Management”
module in this manual.
Description
Use the display brief interface command to display the brief configuration information
about one or all interfaces, including: interface type, link state, link rate, duplex attribute,
link type, default VLAN ID and description string.
This command is similar to the display interface command, but the information it
displays is briefer.
Note:
Currently, for the port types other than Ethernet port, this command only displays the
link state, and shows "--" in all other configuration information fields.
Related command: display interface.
1-5
Example
# Display the brief configuration information about the Ethernet1/0/1 port.

<Quidway> display brief interface Ethernet1/0/1
Interface:
Eth - Ethernet GE - GigabitEthernet TENGE - tenGigabitEthernet
Loop - LoopBack Vlan - Vlan-interface Cas - Cascade
Speed/Duplex:
A - auto-negotiation
Interface Link Speed Duplex Type PVID Description

------------------------------------------------------------------------
Eth1/0/1 DOWN A A hybrid 1 home
Table 1-1 Description on the fields of the display brief interface command
Field Description
Interface Port type
Link Link state: UP or DOWN

Speed Link rate
Duplex Duplex attribute
Type Link type: access, hybrid or trunk

PVID Default VLAN ID
Description Port description string
1.1.6 display interface
Syntax
display interface [ interface-type | interface-type interface-number ]
View
Any view
Parameter

For details about the arguments, refer to the parameter description of the interface
command.
1-6
Description
Use the display interface command to display port configuration.

When using this command:
z If you specify neither port type nor port number, the command displays information
about all ports.
z If you specify only port type, the command displays information about all ports of
the specified type.
z If you specify both port type and port number, the command displays information
about the specified port.
Example
# Display the configuration information of the Ethernet1/0/1 port.

<Quidway> display interface ethernet1/0/1
Ethernet1/0/1 current state : DOWN
0012-a990-2240
Media type is twisted pair, loopback not set
Port hardware type is 100_BASE_TX
100Mbps-speed mode, full-duplex mode
Link speed type is force link, link duplex type is force link
Flow-control is enabled
The Maximum Frame Length is 9216
Broadcast MAX-pps: 500
Unicast MAX-ratio: 100%
Multicast MAX-ratio: 100%
Allow jumbo frame to pass
PVID: 1
Mdi type: auto
Port link-type: access
Tagged VLAN ID : none
Untagged VLAN ID : 1
Last 300 seconds input: 0 packets/sec 0 bytes/sec
Last 300 seconds output: 0 packets/sec 0 bytes/sec
Input(total): 0 packets, 0 bytes
0 broadcasts, 0 multicasts, - pauses
Input(normal): - packets, - bytes
- broadcasts, - multicasts, - pauses
Input: 0 input errors, 0 runts, 0 giants, - throttles, 0 CRC
0 frame, - overruns, 0 aborts, 0 ignored, - parity errors
Output(total): 0 packets, 0 bytes
0 broadcasts, 0 multicasts, 0 pauses
1-7
Output(normal): - packets, - bytes

Output: 0 output errors, - underruns, - buffer failures
0 aborts, 0 deferred, 0 collisions, 0 late collisions
0 lost carrier, - no carrier
Table 1-2 Description on the fields of the display interface command
Field Description
Current Ethernet port status: up or
Ethernet1/0/1 current state
down
IP Sending Frames' Format Ethernet frame format
Hardware address Port hardware address
Media type Media type
Port hardware type Port hardware type
100Mbps-speed mode, full-duplex mode Current speed mode and duplex mode
Link speed type is force link, link duplex Link speed and duplex status ( force or
type is force link auto-negotiation)
Flow-control is enabled Status of flow-control on the port
Maximum frame length allowed on the
The Maximum Frame Length
port
Broadcast suppression ratio on the
Broadcast MAX-ratio
port
Unknown unicast suppression ratio on
Unicast MAX-ratio
the port
Multicast MAX-ratio Multicast suppression ratio on the port
Whether Jumbo frame is allowed on
the port.
PVID Default VLAN ID of the port
Mdi type Network cable type
Port link-type Port link type
Identify the VLANs whose packets will
Tagged VLAN ID
be forwarded with tags on the port.
Identify the VLANs whose packets will
Untagged VLAN ID
be forwarded without tags on the port.
Last 300 seconds input: 0 packets/sec 0
bytes/sec Rate and number of incoming and
outgoing packets in the last 300
Last 300 seconds output: 0 packets/sec 0 seconds
bytes/sec
1-8
Field Description
Input: 0 input errors, 0 runts, 0 giants, -
throttles, 0 CRC
0 frame, - overruns, 0 aborts, 0 Statistics on the incoming and
ignored, - parity errors outgoing packets and errors on the
Output(total): 0 packets, 0 bytes port
0 broadcasts, 0 multicasts, 0 pauses The “-” indicates that the statistical
item is not supported.
Output: 0 output errors, - underruns, -
buffer failures
0 aborts, 0 deferred, 0 collisions, 0
late collisions
1.1.7 display loopback-detection
Syntax
display loopback-detection
View
Any view
Parameter
None
Description
Use the display loopback-detection command to display the loopback detection

status on the port. If loopback detection is enabled, this information will also be
displayed: time interval for loopback detection and the loopback ports.
Example
# Display the loopback detection status on the port.

<Quidway> display loopback-detection
Port Ethernet1/0/1 loopback-detection is running
system Loopback-detection is running
Detection interval time is 30 seconds
1-9
There is no port existing loopback link
Table 1-3 Description on the fields of the display loopback-detection command
Field Description
Port Ethernet1/0/1 Loopback detection is enabled on the
loopback-detection is running Ethernet1/0/1.
system Loopback-detection is
Loopback detection is enabled globally.
running
Time interval for loopback detection is 30
Detection interval time is 30 seconds
seconds.
There is no port existing loopback link No loopback port exists.
1.1.8 display transceiver-information interface
Syntax
display transceiver-information interface interface-type interface-number
View
Any view
Parameter
interface-type: Port type

interface-number: Port number
Description
Use the display port display transceiver-information interface command to display

information about a specified optical port.
This command will display the following information about an optical port:
z Hardware type
z Interface type
z Wavelength
z Vendor name
z Serial number
z Transfer distance
Example
# Display the information about the optical interface GigabitEthernet1/1/1.

<Quidway> display transceiver-information interface GigabitEthernet 1/1/1
Hardware Type : -
Interface Type : SFP
1-10
Wave Length(nm) : -
Vendor Name : 3Com
Serial Number : L1RP3N0067090
3C Number :
Transfer Distance(m)
9um Fiber : 0
50um Fiber : 550
62.5um Fiber : 270
Copper Line : 0
1.1.9 display port
Syntax
display port { hybrid | trunk }
View
Any view
Parameter
hybrid: Displays hybrid ports.

trunk: Displays trunk ports.
Description
Use the display port command to check whether there are hybrid or trunk ports in the
current system and display such ports (if available).
Example
# Display the hybrid ports in the current system.

<Quidway> display port hybrid
The following hybrid ports exist:
Ethernet1/0/1 Ethernet1/0/2
The above information shows the current system has two hybrid ports: Ethernet1/0/1
and Ethernet1/0/2.
1.1.10 display unit
Syntax
display unit unit-id interface
View
Any view
1-11
Parameter
unit-id: Unit ID, in the range of 1 to 8.
Description
Use the display unit command to display information about the ports on a specified
unit.
Example
# Display information about the ports on unit 1.

<Quidway> display unit 1 interface
Aux1/0/0
Description : Aux Interface
Ethernet1/0/1 current state : DOWN

0012-a990-2240
Media type is twisted pair, loopback not set
Port hardware type is 100_BASE_TX
100Mbps-speed mode, full-duplex mode
Link speed type is force link, link duplex type is force link
Flow-control is enabled
The Maximum Frame Length is 9216
Broadcast MAX-pps: 500
Unicast MAX-ratio: 100%
Multicast MAX-ratio: 100%
PVID: 1
Mdi type: auto
Port link-type: access
Tagged VLAN ID : none
Untagged VLAN ID : 1
Input: 0 input errors, 0 runts, 0 giants, - throttles, 0 CRC
0 frame, - overruns, 0 aborts, 0 ignored, - parity errors
Output(total): 0 packets, 0 bytes
0 broadcasts, 0 multicasts, 0 pauses
1-12

Output: 0 output errors, - underruns, - buffer failures
0 aborts, 0 deferred, 0 collisions, 0 late collisions
(The following displayed information is omitted)
Table 1-4 Description on the fields of the display unit command
Field Description
Aux1/0/0 The description string of the AUX port is "Aux
Description : Aux Interface Interface".
For the description of other fields, refer to Table 1-2.
1.1.11 duplex
Syntax
duplex { auto | full | half }

undo duplex
View
Ethernet port view
Parameter
auto: Sets the port to auto-negotiation mode.

full: Sets the port to full duplex mode.
half: Sets the port to half duplex mode.
Description
Use the duplex command to set the duplex mode of the current port.
Use the undo duplex command to restore the default duplex mode, that is,
auto-negotiation.
By default, the port is in auto-negotiation mode.
Related command: speed.
Example
# Set the Ethernet1/0/1 port to auto-negotiation mode.

1-13
[Quidway-Ethernet1/0/1] duplex auto
1.1.12 flow-control
Syntax
flow-control
undo flow-control
View
Ethernet port view
Parameter
None
Description
Use the flow-control command to enable flow control on the current Ethernet port.
Use the undo flow-control command to disable flow control on the port.
Suppose flow control is enabled on both the local and peer switches. When congestion
occurs on the local switch,
z the local switch sends a message to notify the peer switch of stopping sending
packets to itself temporarily,
z the peer switch will stop sending packets to the local switch temporarily when it
receives the message; and vice versa. By this way, packet loss is avoided and the
network service operates normally.
By default, flow control is disabled on a port.
Example
# Enable flow control on the Ethernet1/0/1 port.

[Quidway-Ethernet1/0/1] flow-control
[Quidway-Ethernet1/0/1]
1.1.13 flow interval
Syntax
flow-interval interval
undo flow-interval
1-14
View
Ethernet port view
Parameter
Interval: Interval (in seconds) to perform statistics on port information. This argument
ranges from 5 to 300 (in step of 5) and is 300 by default.
Description
Use the flow-interval command to set the interval to perform statistics on port
information.
Use the undo flow-interval command to restore the default interval.
By default, this interval is 300 seconds.
When you use the display interface interface-type interface-number command to
display the information of a port, the system performs statistical analysis on the traffic
flow passing through the port during the specified interval and displays the average
rates in the interval. For example, if you set the interval to 100 seconds, the displayed
information is as follows:
Related command: display interface.
Example
# Set the interval to perform statistics on the Ethernet1/0/1 port to 100 seconds.
[Quidway-Ethernet1/0/1] flow-interval 100
1.1.14 giant-frame statistics enable
Syntax
giant-frame statistics enable

undo giant-frame statistics enabl
View
System view
Parameter
None
1-15
Description
Use the giant-frame statistics enable command to enable the giant-frame statistics
function.
Use the undo giant-frame statistics enable command to disable the giant-frame
statistics function.
By default, the giant-frame statistics function is not enabled.
Example
# Enable the giant-frame statistics function.

[Quidway] giant-frame statistics enable
1.1.15 interface
Syntax
interface interface-type interface-number
View
System view
Parameter
interface-type: Port type, which can be Aux, Ethernet, GigabitEthernet, LoopBack,

NULL or Vlan-interface.
interface-number: Port number, in the format of Unit ID/slot number/port number,
where:
z Unit ID is in the range of 1 to 8;
z The slot number is 0 if the port is an Ethernet port;
z The slot number is 1 if the port is a GigabitEthernet port.
For details about the types and port number ranges of the ports on S3900 series
Ethernet switches, refer to Table 1-5.
Table 1-5 Description on port types and port number ranges
Range of port number

Switch model
Ethernet port GigabitEthernet port
S3924-SI 1 to 24 —
1-16
Range of port number

Switch model
Ethernet port GigabitEthernet port
S3928P-SI
S3928TP-SI
S3928P-PWR-SI
1 to 24 1 to 4
S3928P-EI
S3928F-EI
S3928P-PWR-EI
S3952P-SI
S3952P-EI 1 to 48 1 to 4
S3952P-PWR-EI
Description
Use the interface command to enter Ethernet port view. To configure parameters for a
port, you must enter the port view first.
Example
# Enter Ethernet1/0/1 port view.

1.1.16 jumboframe enable
Syntax
jumboframe enable
undo jumboframe enable
View
Ethernet port view
Parameter
None
Description
Use the jumboframe enable command to allow jumbo frames that are not larger than
9216 bytes to pass through the current Ethernet port.
1-17
Use the undo jumboframe enable command to allow frames that are not larger than
1536 bytes to pass through the current Ethernet port.
By default, frames that are not larger than 9216 bytes are allowed to pass through the
Ethernet port.
Example
# Allow frames that are not larger than 9216 bytes to pass through
GigabitEthernet1/0/1.
[Quidway-Ethernet1/0/1] jumboframe enable
1.1.17 loopback
Syntax
loopback { external | internal }
View
Ethernet port view
Parameter
external: Performs external loop test. In the external loop test, self-loop headers
(which are made from four cores of the 8-core cables) must be used on the port of the
switch. The external loop test can locate the hardware failures on the port.
internal: Performs internal loop test. In the internal loop test, self loop is established in
the switching chip to locate the chip failure which is related to the port.
Description
Use the loopback command to perform a loopback test on the current Ethernet port to
check whether the Ethernet port works normally. The loopback test terminates
automatically after running for a specific period.
By default, no loopback test is performed on the Ethernet port.
Example
# Perform an internal loop test on Ethernet1/0/1.

[Quidway-Ethernet1/0/1] loopback internal
Loopback internal succeeded.
1-18
1.1.18 loopback-detection control enable
Syntax
loopback-detection control enable

undo loopback-detection control enable
View
Ethernet port view
Parameter
None
Description
Use the loopback-detection control enable command to enable the loopback

detection control feature on the current trunk or hybrid port.
Use the undo loopback-detection control enable command to disable the loopback
detection control feature on the trunk or hybrid port.
After loopback detection is enabled by using the loopback-detection enable
command, the loopback-detection control enable command can be used to control
the working status of the trunk port or hybrid port where loopback is found in a VLAN.
z If this feature is enabled on a trunk or hybrid port, when loopback is found on the
port, the system sets the port to a controlled working state and removes the MAC
address entries corresponding to the port.
z If this feature is disabled on a trunk or hybrid port, when loopback is found on the
port, the system just reports a Trap message, and the port still works normally.
By default, the loopback detection control feature is disabled on the trunk or hybrid port.
Note that this command is invalid for an access port.
Related command: loopback-detection enable.
Example
# Enable the loopback detection control feature on Ethernet1/0/1.

[Quidway-Ethernet1/0/1] port link-type trunk
[Quidway-Ethernet1/0/1] loopback-detection control enable
1-19
1.1.19 loopback-detection enable
Syntax
loopback-detection enable
undo loopback-detection enable
View
Parameter
None
Description
Use the loopback-detection enable command to enable the loopback detection

feature on ports to detect whether external loopback occurs on a port.
Use the undo loopback-detection enable command to disable the loopback
detection feature on port.
z If loopback is found on an access port, the switch will set the port to a controlled
working state.
z For a trunk or hybrid port, the loopback detection control feature can be
implemented by using this command and the loopback-detection control
enable command together.
The loopback detection feature takes effect on a specified port only when the loopback
detection feature is enabled in both system view and the specified port view.
By default, the loopback detection feature is disabled on any port.
Related command: loopback-detection control enable.
Example
# Enable the loopback detection feature on Ethernet1/0/1.

[Quidway] loopback-detection enable
[Quidway-Ethernet1/0/1] loopback-detection enable
1.1.20 loopback-detection interval-time
Syntax
loopback-detection interval-time time
1-20
undo loopback-detection interval-time
View
System view
Parameter
time: Time interval for loopback detection, in the range of 5 to 300 (in seconds). It is 30
seconds by default.
Description
Use the loopback-detection interval-time command to set time interval for loopback
detection.
Use the undo loopback-detection interval-time command to restore the default time
interval.
Example
# Set time interval for loopback detection to 10 seconds.

[Quidway] loopback-detection interval-time 10
[Quidway]
1.1.21 loopback-detection per-vlan enable
Syntax
loopback-detection per-vlan enable

undo loopback-detection per-vlan enable
View
Ethernet port view
Parameter
None
Description
Use the loopback-detection per-vlan enable command to configure the system to

run loopback detection on all VLANs of the current trunk or hybrid port.
Use the undo loopback-detection per-vlan enable command to restore the default
setting.
By default, the system runs loopback detection only on the default VLAN of the trunk or
hybrid port.
1-21
Note that the command is invalid for any access port.
Example
# Configure the system to run loopback detection on all VLANs of the Ethernet1/0/1
port (suppose it is a trunk or hybrid port).
[Quidway-Ethernet1/0/1] loopback-detection per-vlan enable
1.1.22 mdi
Syntax
mdi { across | auto | normal }

undo mdi
View
Ethernet port view
Parameter
across: Sets the port to support MDIX.

auto: Sets the port to support auto-MDI/MDIX.
normal: Sets the port to support MDI.
Description
Use the mdi command to set port MDI attribute.

Use the undo mdi command to restore the default setting.
By default, the port MDI attribute is auto.
Example
# Set the MDI attribute of Ethernet1/0/1 to across.

[Quidway-Ethernet1/0/1] mdi auto
1-22
1.1.23 multicast-suppression
Syntax
multicast-suppression { ratio | pps max-pps }

undo multicast-suppression
View
Ethernet port view
Parameter
ratio: Maximum ratio of received multicast traffic to the total bandwidth on the Ethernet
port. The value ranges from 1 to 100 (in step of 1) and defaults to 100. The smaller the
ratio is, the less multicast traffic is allowed to be received.
max-pps: Maximum number of multicast packets allowed to be received per second on
the Ethernet port (in pps). The value ranges from 1 to 148,810.
Description
Use the multicast-suppression command to limit multicast traffic allowed to be

received on the current port.
Use the undo multicast-suppression command to restore the default multicast
suppression setting on the current port.
When incoming multicast traffic on the port exceeds the multicast traffic threshold you
set, the system drops the packets exceeding the threshold to reduce the multicast
traffic ratio to the reasonable range, so as to keep normal network service.
By default, the switch does not suppress multicast traffic.
Example
# Allow the incoming multicast traffic on the Ethernet1/0/1 port to occupy at most 20%
of the bandwidth on the port.
[Quidway-Ethernet1/0/1] multicast-suppression 20
# Set the maximum number of multicast packets that can be received per second by the
Ethernet1/0/1 port to 1000 pps.
[Quidway-Ethernet1/0/1] multicast-suppression pps 1000
1-23
1.1.24 port access vlan
Syntax
port access vlan vlan-id

undo port access vlan
View
Ethernet port view
Parameter
vlan-id: VLAN ID defined in IEEE802.1Q, in the range of 1 to 4094.
Caution:
All access ports belong to VLAN 1, which is the default VLAN of the system, so you are
not allowed to add an access port to VLAN 1 or remove an access port from VLAN 1.
Otherwise, the system will prompt: “Can't delete ports from or add ports to the default
VLAN!”.
Description
Use the port access vlan command to add the access port into the specified VLAN.
Use the undo port access vlan command to remove the access port from the
specified VLAN.
You must specify the ID of an existing VLAN in the command.
Example
# Add Ethernet1/0/1 into VLAN 3.

[Quidway] vlan 3
[Quidway-Ethernet1/0/1] port access vlan 3
1-24
1.1.25 port hybrid pvid vlan
Syntax
port hybrid pvid vlan vlan-id

undo port hybrid pvid
View
Ethernet port view
Parameter
vlan-id: VLAN ID defined in IEEE802.1Q, in the range of 1 to 4094. It is 1 by default.
Description
Use the port hybrid pvid vlan command to set the default VLAN ID for the hybrid port.
Use the undo port hybrid pvid command to restore the default VLAN ID of the port.
Related command: port link-type.
Caution:
You are recommended to set the default VLAN ID of the local hybrid or trunk ports to
the same value as that of the hybrid or trunk ports on the peer switch. Otherwise,
packet forwarding may fail on the ports.
Example
# Set the default VLAN ID of the hybrid port Ethernet1/0/1 to 100.

[Quidway-Ethernet1/0/1] port link-type hybrid
[Quidway-Ethernet1/0/1] port hybrid pvid vlan 100
1.1.26 port hybrid vlan
Syntax
port hybrid vlan vlan-id-list { tagged | untagged }

undo port hybrid vlan vlan-id-list
View
Ethernet port view
1-25
Parameter
vlan-id-list: VLAN range to which the hybrid port will be added. vlan-id-list = [ vlan-id1
[ to vlan-id2 ] ]&<1-10>, where, vlan-id is in the range of 1 to 4094 and can be discrete,
and &<1-10> means you can input up to ten VLAN IDs/ID ranges.
tagged: Keeps VLAN tags when the packets of the specified VLANs are forwarded on
this port.
untagged: Keeps no VLAN tags when the packets of the specified VLANs are
forwarded on this port.
Description
Use the port hybrid vlan command to add the hybrid port into specified VLANs.
Use the undo port hybrid vlan command to remove the hybrid port from specified
VLANs.
A hybrid port can belong to multiple VLANs. When you use the command several times,
all VLAN specified in the commands will be allowed to pass the port.
The VLAN specified by the vlan-id argument must be existing. Otherwise, this
command is invalid. Related command: port link-type.
Example
# Add the hybrid port Ethernet1/0/1 to VLAN 2, VLAN 4 and VLAN 50 through VLAN
100, with tags assigned to their packets.
[Quidway] vlan 2
[Quidway-Ethernet1/0/1] port link-type hybrid
[Quidway-Ethernet1/0/1] port hybrid vlan 2 4 50 to 100 tagged
Operation complete, except these VLAN(s):
Non-existent VLAN(s)
1.1.27 port link-type
Syntax
port link-type { access | hybrid | trunk | irf-fabric }

undo port link-type
View
Ethernet port view
1-26
Parameter
access: Sets the port as an access port.

hybrid: Sets the port as a hybrid port.
trunk: Sets the port as a trunk port.
irf-fabric: Sets the port as a fabric port.
Description
Use the port link-type command to set the link type of the current Ethernet port.
Use the undo port link-type command to restore the default link type.
By default, the link type of any port is access.
Pay attention to the following:
z The four types of ports can co-exist on the same Ethernet switch. However, the
trunk, hybrid and fabric ports cannot be directly switched between the three types
(trunk, hybrid and fabric). To set a trunk/hybrid/fabric port to another type (different
from access), you must first set the port to an access port and then set the access
port to the required type. For example, a trunk port cannot be set to a hybrid port
directly. You must set the trunk port to an access port and then set it to a hybrid
port.
z If you set a fabric port to an access port after the IRF stack is formed, the stack will
be split and the system will prompt “Warning! This operation maybe split the
fabric.” For details about fabric port, refer to module “IRF Fabric” in this manual.
Example
# Set Ethernet1/0/1 as a trunk port.

1.1.28 port trunk permit vlan
Syntax
port trunk permit vlan { vlan-id-list | all }

undo port trunk permit vlan { vlan-id-list | all }
View
Ethernet port view
1-27
Parameter
vlan-id-list: VLAN range to which the trunk port will be added. vlan-id-list = [ vlan-id1 [ to
vlan-id2 ] ]&<1-10>, where, vlan-id is in the range of 1 to 4094 and can be discrete, and
&<1-10> means you can input up to ten VLAN IDs/ID ranges.
all: Adds the trunk port into all VLANs.
Description
Use the port trunk permit vlan command to add the trunk port into the specified
VLAN.
Use the undo port trunk permit vlan command to remove the hybrid port from the
specified VLAN.
A trunk port can belong to multiple VLANs. When you use the command several times,
all VLAN specified in the commands will be allowed to pass the port.
Example
# Add the trunk port Ethernet1/0/1 to VLAN 2, VLAN 4 and VLAN 50 through VLAN
100.
[Quidway-Ethernet1/0/1] port trunk permit vlan 2 4 50 to 100
1.1.29 port trunk pvid vlan
Syntax
port trunk pvid vlan vlan-id

undo port trunk pvid
View
Ethernet port view
Parameter
vlan-id: VLAN ID defined in IEEE802.1Q, in the range of 1 to 4094. It is 1 by default.
Description
Use the port trunk pvid vlan command to set the default VLAN ID for the trunk port.
Use the undo port trunk pvid command to restore the default setting.
1-28
To guarantee the proper packet transmission, the default VLAN ID of the local trunk port
must be identical with that of the trunk port on the peer switch connected with the local
trunk port.
Example
# Set the default VLAN ID of the trunk port Ethernet1/0/1 to 100.

[Quidway-Ethernet1/0/1] port trunk pvid vlan 100
1.1.30 reset counters interface
Syntax
reset counters interface [ interface-type | interface-type interface-number ]
View
User view
Parameter

For details about the parameters, see the parameter description of the interface
command.
Description
Use the reset counters interface command to clear the statistics of the port, preparing
for a new statistics collection.
z If you specify neither port type nor port number, the command clears statistics of
all ports.
z If specify only port type, the command clears statistics of all ports of this type.
z If specify both port type and port number, the command clears statistics of the
specified port.
The statistics of the 802.1x-enabled ports cannot be cleared.
Example
# Clear the statistics of Ethernet1/0/1.

<Quidway> reset counters interface ethernet1/0/1
1-29
1.1.31 shutdown
Syntax
shutdown
undo shutdown
View
Ethernet port view
Parameter
None
Description
Use the shutdown command to disable an Ethernet port.

Use the undo shutdown command to enable an Ethernet port.
By default, an Ethernet port is enabled.
Example
# Enable Ethernet1/0/1.
[Quidway-Ethernet1/0/1] shutdown
[Quidway-Ethernet1/0/1] undo shutdown
1.1.32 speed
Syntax
speed { 10 | 100 | 1000 | auto }

undo speed
View
Ethernet port view
Parameter
10: Specifies the port speed to 10 Mbps.

100: Specifies the port speed to 100 Mbps.
1000: Specifies the port speed to 1000 Mbps (this argument is valid for Gigabit ports
only).
auto: Specifies the port speed to the auto-negotiation mode.
1-30
Description
Use the speed command to set the port speed.

Use the undo speed command to restore the port speed to the default setting.
By default, the port speed is in the auto-negotiation mode.
Note that the speed of a Gigabit port can be set to 1000 Mbps or auto-negotiation mode
only.
Related command: duplex.
Example
# Set the speed of Ethernet1/0/1 to 10 Mbps.

[Quidway-Ethernet1/0/1] speed 10
1.1.33 unicast-suppression
Syntax
unicast-suppression { ratio | pps max-pps }

undo unicast-suppression
View
Ethernet port view
Parameter
ratio: Maximum ratio of received unknown unicast traffic to the total bandwidth on the
Ethernet port. The value ranges from 1 to 100 (in step of 1) and defaults to 100. The
smaller the ratio is, the lesser unknown unicast traffic is allowed to be received.
max-pps: Maximum number of unknown unicast packets allowed to be received per
second on the Ethernet port (in pps). The value ranges from 1 to 148,810.
Description
Use the unicast-suppression command to limit the unknown unicast traffic allowed to
be received on the current port.
Use the undo broadcast-suppression command to restore the default unknown
unicast suppression setting on the port.
When incoming unknown unicast traffic exceeds the unknown unicast traffic threshold
you set, the system drops the packets exceeding the threshold to reduce the unknown
unicast traffic ratio to the reasonable range, so as to keep normal network service.
1-31
By default, the switch does not suppress unknown unicast traffic.
Example
# Allow unknown incoming unicast traffic on the Ethernet1/0/1 port to occupy at most
20% of the bandwidth on the port.
[Quidway-Ethernet1/0/1] unicast-suppression 20
# Set the maximum number of unknown unicast packets that can be received per
second by the Ethernet1/0/1 port to 1000 pps.
[Quidway-Ethernet1/0/1] unicast-suppression pps 1000
1.1.34 virtual-cable-test
Syntax
virtual-cable-test
View
Ethernet port view
Parameter
None
Description
Use the virtual-cable-test command to enable the system to test the cable connected
to a specific port and to display the results. The system can test these attributes of the
cable:
z Cable status, including normal, abnormal, abnormal-open, abnormal-short and
failure
z Cable length
Note:
z If the cable is in normal state, the displayed length value is the total length of the
cable.
z If the cable is in any other state, the displayed length value is the length from the
port to the faulty point.
z Pair impedance mismatch
1-32
z Pair skew
z Pair swap
z Pair polarity
z Insertion loss
z Return loss
z Near-end crosstalk
By default, the system does not test the cable connected to the Ethernet port.
Note:
The combo port does not support the virtual-cable-test command.
Example
# Enable the system to test the cable connected to Ethernet1/0/1.

[Quidway-Ethernet0/1] virtual-cable-test
Cable status: abnormal(open), 7 metres
Pair Impedance mismatch: yes
Pair skew: 4294967294 ns
Pair swap: swap
Pair polarity: normal
Insertion loss: 7 db
Return loss: 7 db
Near-end crosstalk: 7 db
1-33
Command Manual – Link Aggregation
Table of Contents
Chapter 1 Link Aggregation Configuration Commands............................................................ 1-1

1.1 Link Aggregation Configuration Commands...................................................................... 1-1
1.1.1 display link-aggregation interface............................................................................ 1-1
1.1.2 display link-aggregation summary........................................................................... 1-2
1.1.3 display link-aggregation verbose............................................................................. 1-4
1.1.4 display lacp system-id ............................................................................................. 1-5
1.1.5 lacp enable .............................................................................................................. 1-6
1.1.6 lacp port-priority....................................................................................................... 1-7
1.1.7 lacp system-priority ................................................................................................. 1-7
1.1.8 link-aggregation group agg-id description............................................................... 1-8
1.1.9 link-aggregation group agg-id mode ....................................................................... 1-9
1.1.10 port link-aggregation group ................................................................................... 1-9
1.1.11 reset lacp statistics.............................................................................................. 1-10
i
Command Manual – Link Aggregation Chapter 1 Link Aggregation Configuration
Chapter 1 Link Aggregation Configuration

Commands
1.1 Link Aggregation Configuration Commands

1.1.1 display link-aggregation interface
Syntax
display link-aggregation interface interface-type interface-number [ to

interface-type interface-number ]
View
Any view
Parameter

to: Specifies a group of contiguous ports..
Description
Use the display link-aggregation interface command to display the link aggregation
details about a specified port or port range, including:
z Link aggregation group ID, port priority, operation key and protocol status flag of
the port at the local end,
z Device ID, port number, port priority, operation key and protocol status flag at the
remote end, and,
z LACP protocol packet statistics.
Note that, for a manual aggregation group, value 0 is displayed for all the above items
of the remote end (which does not indicate the real information of the remote end),
since information about the remote end cannot be obtained for a manual aggregation
group.
Example
# Display the link aggregation details on Ethernet1/0/1.

<Quidway> display link-aggregation interface Ethernet1/0/1
Ethernet1/0/1:
Selected AggID: 1
Local:
1-1
Port-Priority: 32768, Oper key: 2, Flag: 0x45

Remote:
System ID: 0x8000, 0000-0000-0000
Port Number: 0, Port-Priority: 32768 , Oper-key: 0, Flag: 0x38
Received LACP Packets: 0 packet(s), Illegal: 0 packet(s)
Sent LACP Packets: 0 packet(s)
Table 1-1 Description on the fields of the display link-aggregation interface

command
Field Description
ID of the aggregation group to which the

Selected AggID
specified port belongs
Local Information about the local end
Port-Priority Port priority
Oper key Operation key
Flag Protocol status flag
Information about the remote end is

Remote
displayed below.
System ID Remote device ID
Port number Port number
Received LACP Packets: 0 packet(s),

Illegal: 0 packet(s) Statistics about LACP packets
Sent LACP Packets: 0 packet(s)
1.1.2 display link-aggregation summary
Syntax
display link-aggregation summary
View
Any view
Parameter
None
1-2
Description
Use the display link-aggregation summary command to display summary

information of all aggregation groups, including device ID of the local end, aggregation
group ID, aggregation group type, device ID of the remote end, number of the selected
ports, number of the unselected ports, load sharing type and master port number.
Example
# Display summary information of all aggregation groups.

<Quidway> display link-aggregation summary
Aggregation Group Type:D -- Dynamic, S -- Static , M -- Manual

Loadsharing Type: Shar -- Loadsharing, NonS -- Non-Loadsharing
Actor ID: 0x8000, 00e0-fc00-5104
AL AL Partner ID Select Unselect Share Master

ID Type Ports Ports Type Port
--------------------------------------------------------------------------
1 S 0x8000,0000-0000-0000 0 1 NonS Ethernet1/0/2
2 M none 0 1 NonS Ethernet1/0/3
Table 1-2 Description on the fields of the display link-aggregation summary

command
Field Description
Aggregation
Aggregation group type
Group Type
Actor ID Local device ID
AL ID Aggregation group ID
AL Type Aggregation group type: D (dynamic), S (static), or M (manual)
ID of the remote device, including the system priority and

system MAC address of the remote device (in the dynamic or
Partner ID static aggregation group, if the LACP protocol is disabled on
the remote port of the logical master port, the partner ID
displays 0x8000,0000-0000-0000 )
Select Ports Number of the selected ports
Unselect Ports Number of the unselected ports
Load sharing type: Shar (load-sharing), or NonS

Share Type
(non-load-sharing)
1-3
Field Description
Master Port Number of the master port
1.1.3 display link-aggregation verbose
Syntax
display link-aggregation verbose [ agg-id ]
View
Any view
Parameter
agg-id: Aggregation group ID, which ranges from 1 to 416 and must be the ID of an
existing aggregation group.
Description
Use the display link-aggregation verbose command to display the details about a
specified aggregation group, including:
z Aggregation group ID, aggregation group type, load sharing type, aggregation
group description string, and device ID;
z Local end details: local port, port status, port priority, operation key and protocol
status flag;
z Remote end details: local port, remote port index, remote port priority, operation
key, device ID and protocol status flag.
Note that, for a manual aggregation group, value 0 is displayed for all the above items
of the remote end (which does not indicate the real information of the remote end),
since information about the remote end cannot be obtained for a manual aggregation
group.
Example
# Display the details about aggregation group 1.

<Quidway> display link-aggregation verbose 1
Loadsharing Type: Shar -- Loadsharing, NonS -- Non-Loadsharing
Flags: A -- LACP_Activity, B -- LACP_timeout, C -- Aggregation,
D -- Synchronization, E -- Collecting, F -- Distributing,
G -- Defaulted, H -- Expired
Aggregation ID: 1, AggregationType: Static, Loadsharing Type: NonS

Aggregation Description: abc
1-4
System ID: 0x16, 0012-a990-2240

Port Status: S -- Selected, U -- Unselected
Local:
Port Status Priority Key Flag
-------------------------------------------------------------------------
Ethernet1/0/4 S 32768 2 {ACDEFG}
Ethernet1/0/5 U 32768 2 {ACG}
Remote:
Actor Partner Priority Key SystemID Flag
--------------------------------------------------------------------------
Ethernet1/0/4 0 32768 0 0x8000,0000-0000-0000 {DEF}
Ethernet1/0/5 0 32768 0 0x8000,0000-0000-0000 {DEF}
Table 1-3 Description on the fields of the display link-aggregation verbose

command
Field Description
Loadsharing type, including Loadsharing and

Loadsharing Type
Non-Loadsharing
Flags Flag types of LACP
Aggregation ID Aggregation group ID
Aggregation Description Aggregation group description string
AggregationType Aggregation group type
System ID Device ID
Port Status Port status, including selected and unselected
1.1.4 display lacp system-id
Syntax
display lacp system-id
View
Any view
Parameter
None
1-5
Description
Use the display lacp system-id command to display the device ID of the local system,
including the system priority and the MAC address.
Related command: link-aggregation.
Example
# Display the device ID of the local system.

<Quidway> display lacp system-id
Actor System ID: 0x8000, 00e0-fc00-0100
Table 1-4 Description on the fields of the display lacp system-id command
Field Description
Device ID of the local system, including the system

Actor System ID
priority and the system MAC address
1.1.5 lacp enable
Syntax
lacp enable
undo lacp enable
View
Ethernet port view
Parameter
None
Description
Use the lacp enable command to enable the LACP protocol.

Use the undo lacp enable command to disable the LACP protocol.
Example
# Enable the LACP protocol on Ethernet1/0/1.

[Quidway-Ethernet1/0/1] lacp enable
1-6
1.1.6 lacp port-priority
Syntax
lacp port-priority port-priority

undo lacp port-priority
View
Ethernet port view
Parameter
port-priority: Port priority, ranging from 0 to 65,535 and defaulting to 32,768.
Description
Use the lacp port-priority command to set the priority of the current port.
Use the undo lacp port-priority command to restore the default port priority.
Related command: display link-aggregation verbose, and display
link-aggregation interface.
Example
# Set the priority of Ethernet1/0/1 to 64.

[Quidway-Ethernet1/0/1] lacp port-priority 64
1.1.7 lacp system-priority
Syntax
lacp system-priority system-priority

undo lacp system-priority
View
System view
Parameter
system-priority: System priority, ranging from 0 to 65,535 and defaulting to 32,768.
Description
Use the lacp system-priority command to set the system priority.

Use the undo lacp system-priority command to restore the default system priority.
1-7
Example
# Set the system priority to 64.

[Quidway] lacp system-priority 64
1.1.8 link-aggregation group agg-id description
Syntax
link-aggregation group agg-id description agg-name

undo link-aggregation group agg-id description
View
System view
Parameter
agg-id: Aggregation group ID, in the range of 1 to 416.

agg-name: Aggregation group name, a string of 1 to 32 characters.
Description
Use the link-aggregation group agg-id description command to set a description for
an aggregation group.
Use the undo link-aggregation group agg-id description command to remove the
description of the aggregation group.
Note:
If you have saved the current configuration with the save command, after system
reboot, the manual and static aggregation groups and their descriptions still exist, but
the dynamic aggregation groups and their descriptions disappear.
Related command: display link-aggregation verbose.
Example
# Set the description "abc" for aggregation group 1.

[Quidway] link-aggregation group 1 description abc
1-8
1.1.9 link-aggregation group agg-id mode
Syntax
link-aggregation group agg-id mode { manual | static }

undo link-aggregation group agg-id
View
System view
Parameter

manual: Creates a manual aggregation group.
static: Creates a static aggregation group.
Description
Use the link-aggregation group agg-id mode command to create a manual or static
aggregation group.
Use the undo link-aggregation group command to remove an aggregation group.
Related command: display link-aggregation summary.
Example
# Create manual aggregation group 22

[Quidway] link-aggregation group 22 mode manual
1.1.10 port link-aggregation group
Syntax
port link-aggregation group agg-id

undo port link-aggregation group
View
Ethernet port view
Parameter
1-9
Description
Use the port link-aggregation group command to add the current Ethernet port to a
manual or static aggregation group.
Use the undo port link-aggregation group command to remove the current Ethernet
port from the aggregation group.
Related command: display link-aggregation verbose.
Example
# Add Ethernet 1/0/1 to aggregation group 22.

[Quidway-Ethernet1/0/1] port link-aggregation group 22
1.1.11 reset lacp statistics
Syntax
reset lacp statistics [ interface interface-type interface-number [ to interface-type

interface-number ] ]
View
User view
Parameter
interface-type: Port type

interface-number: Port number
to: Specifies a group of contiguous ports.
Description
Use the reset lacp statistics command to clear LACP statistics on specified port(s),
or on all ports if no port is specified.
Related command: display link-aggregation interface.
Example
# Clear LACP statistics on all Ethernet ports.

<Quidway> reset lacp statistics
1-10
Command Manual - Port Isolation
Table of Contents
Chapter 1 Port Isolation Configuration Commands .................................................................. 1-1

1.1 Port Isolation Configuration Commands............................................................................ 1-1
1.1.1 display isolate port .................................................................................................. 1-1
1.1.2 port isolate............................................................................................................... 1-1
i
Command Manual - Port Isolation Chapter 1 Port Isolation Configuration
Chapter 1 Port Isolation Configuration Commands
1.1 Port Isolation Configuration Commands

1.1.1 display isolate port
Syntax
display isolate port
View
Any view
Parameter
None
Description
Use the display isolate port command to display the information about the Ethernet
ports added to an isolation group.
Example
# Display the information about the Ethernet ports added to the isolation group.
<Quidway> display isolate port
Isolated port(s) on UNIT 1:
Ethernet1/0/2, Ethernet1/0/3, Ethernet1/0/4
The information above shows that Ethernet1/0/2, Ethernet1/0/3, and Ethernet1/04 are
in the isolation group.
1.1.2 port isolate
Syntax
port isolate
undo port isolate
View
Ethernet port view
Parameter
None
1-1
Command Manual - Port Isolation Chapter 1 Port Isolation Configuration
Description
Use the port isolate command to add an Ethernet port to the isolation group.
Use the undo port isolate command to remove an Ethernet port from the isolation
group.
Note:
When the port isolate command or undo port isolate command is executed, the
other ports which are in the same aggregation group with the current port in the local
unit will be added to or removed from the isolation group together at the same time.
By default, an isolation group contains no port.
Example
# Add Ethernet1/0/1 port to the isolation group.

[Quidway-Ethernet1/0/1] port isolate
All aggregated ports in same unit will join isolated group together
# Remove Ethernet1/0/1 from the isolation group.

[Quidway-Ethernet1/0/1] undo port isolate
All aggregated ports in same unit will join isolated group together
1-2
Command Manual – Port Security & Port Binding
Table of Contents
Chapter 1 Port Security Commands............................................................................................ 1-1

1.1 Port Security Commands................................................................................................... 1-1
1.1.1 display mac-address security.................................................................................. 1-1
1.1.2 display port-security ................................................................................................ 1-1
1.1.3 mac-address security .............................................................................................. 1-4
1.1.4 port-security enable................................................................................................. 1-5
1.1.5 port-security intrusion-mode.................................................................................... 1-6
1.1.6 port-security authorization ignore............................................................................ 1-8
1.1.7 port-security max-mac-count................................................................................... 1-9
1.1.8 port-security ntk-mode ............................................................................................ 1-9
1.1.9 port-security oui..................................................................................................... 1-11
1.1.10 port-security port-mode ....................................................................................... 1-12
1.1.11 port-security timer disableport............................................................................. 1-14
1.1.12 port-security trap ................................................................................................. 1-15
Chapter 2 Port Binding Commands............................................................................................. 2-1

2.1 Port Binding Commands.................................................................................................... 2-1
2.1.1 am user-bind interface ............................................................................................ 2-1
2.1.2 am user-bind ........................................................................................................... 2-2
2.1.3 display am user-bind ............................................................................................... 2-3
i
Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 Port Security Commands
Chapter 1 Port Security Commands
1.1 Port Security Commands

1.1.1 display mac-address security
Syntax
display mac-address security [ interface interface-type interface-number ] [ vlan

vlan-id ] [ count ]
View
Any view
Parameter
interface-type: Interface type.

interface-number: Interface number.
vlan-id: VLAN ID, in the range of 1 to 4094.
count: Displays the number of Security MAC addresses.
Description
Use the display mac-address security command to display the information about
Security MAC address, including the MAC address learned by the port, VLAN ID of the
port, current port state, port number, and MAC address aging time.
By checking the output of this command, you can verify the current configuration.
Example
# Display the Security MAC address configuration on Ethernet1/0/1 port.

<Quidway> display mac-address security interface Ethernet1/0/1
MAC ADDR VLAN ID STATE PORT INDEX AGING TIME(s)
0001-0001-0001 1 Security Ethernet1/0/1 NOAGED
--- 1 mac address(es) found on port Ethernet1/0/1 ---
1.1.2 display port-security
Syntax
display port-security [ interface interface-list ]
1-1
View
Any view
Parameter
interface-list: Specifies an Ethernet port list, which can contain multiple Ethernet ports.
The interface-list argument is in the format of { interface-type interface-number [ to
interface-type interface-number ] } & <1-10>, where interface-type represents the port
type, interface-number represents the port number, and & <1-10> means that you can
Description
Use the display port-security command to display the information about port security
configuration (including global configuration and all or specific port configuration).
Caution:
z This command will display global and all ports' security configuration information if
the interface-list argument is not specified.
z This command will display global and particular port's security configuration
information if the interface-list argument is specified.
Example
# Display global and all ports' security configuration information.

<Quidway> display port-security
Equipment port-security is enabled
AddressLearn trap is Enabled
Intrusion trap is Enabled
Dot1x logon trap is Enabled
Dot1x logoff trap is Enabled
Dot1x logfailure trap is Enabled
RALM logon trap is Enabled
RALM logoff trap is Enabled
RALM logfailure trap is Enabled
Vlan id assigned is NULL
Disableport Timeout: 20 s
OUI value:
Index is 5, OUI value is 00efec
1-2
Ethernet1/0/1 is link-down
Port mode is noRestriction
NeedtoKnow mode is needtoknowonly
Intrusion mode is disableport
Max mac-address num is 100
Stored mac-address num is 0
Authorization is permit
(Any display that follows is omitted.)
Table 1-1 Description on the fields of the display port-security command
Field Description
The port security function is enabled on
Equipment port security is enabled
the switch.
The sending of address-learning trap
AddressLearn trap is Enabled
information is enabled.
The sending of intrusion-detection trap
Intrusion trap is Enabled
The sending of 802.1x user logon
Dot1x logon trap is Enabled (authentication success) trap
The sending of 802.1x user logoff trap
Dot1x logoff trap is Enabled
The sending of 802.1x user
Dot1x logfailure trap is Enabled authentication failure trap information is
enabled.
The sending of RALM logon trap
RALM logon trap is Enabled
The sending of RALM logoff trap
RALM logoff trap is Enabled
The sending of RALM logfailure trap
RALM logfailure trap is Enabled
Vlan id assigned is NULL The delivered VLAN ID is Null.
The temporary port-disabling time is 20
Disableport Timeout: 20 s
seconds.
OUI value The OUI value
The link state of the port Ethernet 1/0/1
is "down".
The security mode of the port is
Port mode is Userlogin
Userlogin.
NeedtoKnow mode is disabled The NTK mode is disabled.
1-3
Field Description
Intrusion mode is The intrusion detection mode is
disableportTemporarily disableportTemporarily.
The maximum number of MAC
Max mac-address num is not configured addresses allowed to access the port is
not configured here.
The number of stored MAC address is
Stored mac-address num is 0
zero.
Authorization information delivered by
Authorization is permit the RADIUS server will be applied on the
port.
1.1.3 mac-address security
Syntax
mac-address security mac-address [ interface interface-type interface-number ] vlan

vlan-id
undo mac-address security mac-address [ interface interface-type
interface-number ] vlan vlan-id
View
System view/Ethernet port view
Parameter

Note:
You may configure the parameter interface interface-type interface-number if the
command is run under system view.
vlan-id: VLAN ID, in the range of 1 to 4094.
Description
Use the mac-address security command to add Security MAC address manually.
Use the undo mac-address security command to delete Security MAC address.
By default, no Security MAC address is added.
1-4
Note:
You can add Security MAC address only when the port-security is enabled globally and
the port-security port-mode autolearn command is configured on the port.
Example
# Enter system view.

# Enable port-security feature globally.

[Quidway] port-security enable
# Enter the Ethernet1/0/1 port view.

# Configure the maximum number of MAC addresses allowed to access the port to 100.
[Quidway-Ethernet1/0/1] port-security max-mac-count 100
# Configure the port mode to autolearn.

[Quidway-Ethernet1/0/1] port-security port-mode autolearn
# Add the Security MAC address 0001-0001-0001 to VLAN 1.

[Quidway-Ethernet1/0/1] mac-address security 0001-0001-0001 vlan 1
1.1.4 port-security enable
Syntax
port-security enable
undo port-security enable
View
System view
Parameter
None
Description
Use the port-security enable command to enable port security.

Use the undo port-security enable command to disable port security.
By default, port security is disabled.
1-5
Caution:
To avoid confliction, the following limitation on the 802.1x and the MAC address
authentication will be taken after port security is enabled:
z The access control mode (set by the dot1x port-control command) automatically
changes to auto.
z The dot1x, dot1x port-method, dot1x port-control and mac-authentication
commands cannot be used.
Example

# Enable port security.

Ethernet1/0/1
Notice: The port-control of 802.1x will be restricted to auto when
port-security is enabled.
1.1.5 port-security intrusion-mode
Syntax
port-security intrusion-mode { disableport | disableport-temporarily | blockmac }

undo port-security intrusion-mode
View
Ethernet port view
Parameter
disableport: Permanently disables the port and the sending of trap messages.
disableport-temporarily: Temporarily disables the port before re-enabling the port
after a prescribed period, and sending trap messages.
blockmac: Discards packets with illegal source MAC addresses and sends trap
information.
1-6
Note:
You can use the port-security timer disableport command to set the time period
during which the port is disconnected in the disableport-temporarily mode
Description
Use the port-security intrusion-mode command to set the corresponding action to be

taken by the device when the Intrusion Protection feature is enabled.
Use the undo port-security intrusion-mode command to cancel the corresponding
action that has been set.
By default, no action is set to be taken by the device when the Intrusion Protection
feature is enabled.
Note:
By checking the source MAC addresses or the username and password for 802.1x
authentication in the inbound packets through a given port, intrusion protection detects
illegal packets and events and takes actions accordingly. These include disconnecting
ports temporarily/permanently and filtering packets with the MAC address, thereby
ensuring port security.
Intrusion Protection is enabled in the following cases:
z With MAC address learning disabled, the port receives the packets whose source
address is an unknown MAC address.
z When the number of MAC addresses that can be received through the port reaches
the preset maximum value, the port receives the packets whose source address is
an unknown MAC address.
z The user fails to pass 802.1x authentication or MAC address authentication.
After you have issued the intrusion-mode blockmac command, you can only use the
display port-security command to display blocked MAC addresses, which cannot be
configured as static MAC addresses again.
Example


1-7

# Set the action mode of the Intrusion Protection feature on Ethernet1/0/1 port to
disableport.
[Quidway-Ethernet1/0/1] port-security intrusion-mode disableport
1.1.6 port-security authorization ignore
Syntax
port-security authorization ignore

undo port-security authorization ignore
View
Ethernet port view
Parameter
None
Description
Use the port-security authorization ignore command to ignore the authorization

information delivered by the RADIUS server.
Use the undo port-security authorization ignore command to restore the default.
By default, the authorization information delivered by the RADIUS server is applied on
the port
z With the port-security authorization ignore command used, issuing the display
port-security interface command displays the "Authorization is ignore" message.
z With the undo port-security authorization ignore command used, issuing the
display port-security interface command displays the "Authorization is permit"
message.
Example
# Configure not to apply the authorization information delivered by the RADIUS server
on the port Ethernet1/0/2.
[Quidway-Ethernet1/0/2] port-security authorization ignore
1-8
1.1.7 port-security max-mac-count
Syntax
port-security max-mac-count count-value

undo port-security max-mac-count
View
Ethernet port view
Parameter
count-value: Maximum number of MAC addresses, in the range of 1 to 1024.
Description
Use the port-security max-mac-count command to set the maximum number of MAC
addresses allowed to access the port. The number is the sum of the following:
z Number of MAC addresses that pass 802.1x authentication
z Number of MAC addresses that pass MAC address authentication
z Number of Security MAC addresses
Use the undo port-security max-mac-count command to cancel this limit.
By default, there is no limit on the number of MAC addresses allowed to access the
port.
Example
# Enter system view



# Set the maximum number of MAC addresses allowed to access the port to 100.
[Quidway-Ethernet1/0/1] port-security max-mac-count 100
1.1.8 port-security ntk-mode
Syntax
port-security ntk-mode { ntkonly | ntk-withbroadcasts | ntk-withmulticasts }

undo port-security ntk-mode
1-9
View
Ethernet port view
Parameter
ntkonly: Allows the system to transmit only unicast packets with

successfully-authenticated destination MAC addresses.
ntk-withbroadcasts: Allows the system to transmit the broadcast packets and the
unicast packets with successfully-authenticated destination MAC addresses.
ntk-withmulticasts: Allows the system to transmit the multicast packets, broadcast
packets and the unicast packets with successfully-authenticated destination MAC
addresses.
Description
Use the port-security ntk-mode command to set the packet transmission mode when
the NTK feature is enabled.
Use the undo port-security ntk-mode command to cancel the packet transmission
mode that has been set.
Table 1-2 shows the modes in which the NTK feature is enabled.
Note:
By checking the destination MAC addresses of the data frames to be sent from a port,
this feature ensures that only successfully authenticated devices can obtain data
frames from the port so as to prevent illegal devices from filching network data.
Example



# Set the packet transmission mode of the NTK feature to ntk-withbroadcasts on the
current port.
[Quidway-Ethernet1/0/1] port-security ntk-mode ntk-withbroadcasts
1-10
1.1.9 port-security oui
Syntax
port-security oui OUI-value index index-value

undo port-security oui index id-value
View
System view
Parameter
OUI-value: OUI value. You can input a complete MAC address (hexadecimal) for this
argument and the system will calculate the OUI value from your input.
index-value: OUI index, ranging from 1 to 16.
Note:
z The organizationally unique identifiers (OUIs) are assigned by IEEE to different
equipment providers. Each OUI uniquely identifies an equipment provider in the
world and is the higher 24 bits of MAC address.
z You need only to input a complete hexadecimal MAC address for providing the
OUI-value argument in this command, and the system will automatically convert the
address to binary format and then take the higher 24 bits of the resulting binary data
as the OUI value.
Description
Use the port-security oui command to set an OUI value for authentication.
Use the undo port-security oui command to cancel an OUI value setting.
Caution:
The OUI value set by this command takes effect only when the security mode of the
port is set to userlogin-withoui (by the port-security port-mode command).
Related command: port-security port-mode.
1-11
Example
# Set an OUI value by specifying the MAC address 00ef-ec00-0000, and set the OUI
index to 5
[Quidway] port-security oui 00ef-ec00-0000 index 5
1.1.10 port-security port-mode
Syntax
port-security port-mode mode

undo port-security port-mode
View
Ethernet port view
Parameter
mode: Security mode of the port. See Table 1-2 for the values of this argument..
Description
Use the port-security port-mode command to set the security mode of the port.
Use the undo port-security port-mode command to restore the normal operating
mode of the port
Port Security mainly functions to define various security modes that allow devices to
learn legal source MAC addresses for network management. Any packet whose source
MAC address a device cannot learn in a security mode is considered illegal.
Table 1-2 details the available security modes:
Table 1-2 Description of the port security modes
Security
Description Feature
mode
In this mode, the learned MAC addresses will
change to Security MAC addresses. In the autolearn
and secure
This security mode will automatically change to
mode, the
the secure mode after the number of Security
device enables
MAC addresses from this port has reached that
the NTK and
autolearn configured with the port-security max mac
Intrusion
count command.
Protection
After this, new Security MAC address cannot be features upon
added. Only the packets whose source MAC detecting an
address is the Security MAC address can pass illegal packet.
the port.
1-12
Security
Description Feature
mode
In this mode, the system is disabled from learning
MAC addresses from this port.
secure Only the packets whose original MAC addresses
are the configured static MAC addresses can
pass the port.
In this mode, the
NTK and
In this mode, port-based 802.1x authentication is Intrusion
userlogin
performed for connected users. Protection
features are not
enabled.
The port is enabled only after the access user
passes the 802.1x authentication. Even after the
port is enabled, only the packets of the In these modes,
successfully authenticated user can pass through the device
the port. enables the NTK
userlogin- In this mode, only one 802.1x-authenticated user and Intrusion
secure is allowed to access the port. Protection
When the port changes from the normal mode to features upon
this security mode, the system automatically detecting an
removes the existing dynamic MAC address illegal packet.
entries and authenticated MAC address entries
on the port.
This mode is similar to the userlogin-secure
mode, except that there can be one OUI-carrying
MAC address being successfully authenticated in
addition to the single 802.1x-authenticated user
userlogin- who is allowed to access the port.
withoui
When the port changes from the normal mode to
this security mode, the system automatically
removes the existing dynamic/authenticated MAC
address entries on the port.
mac-authe In this mode, MAC address–based authentication

ntication is performed for access users.
In this mode, the two kinds of authentication in

mac-authentication and userlogin-secure
userlogin-
modes can be performed simultaneously. If both
secure-or-
kinds of authentication succeed, the
mac
userlogin-secure mode takes precedence over
the mac-authentication mode.
In this mode, first the MAC-based authentication
userlogin- is performed. If this authentication succeeds, the
secure-els mac-authentication mode is adopted, or else,
e-mac the authentication in userlogin-secure mode is
performed.
This mode is similar to the userlogin-secure
userlogin-
mode, except that there can be more than one
secure-ext
802.1x-authenticated user on the port.
1-13
Security
Description Feature
mode
This mode is similar to the
userlogin-
userlogin-secure-or-mac mode, except that
secure-or-
there can be more than one 802.1x-authenticated
mac-ext
user on the port.
This mode is similar to the
userlogin-
userlogin-secure-else-mac mode, except that
secure-els
there can be more than one 802.1x-authenticated
e-mac-ext
user on the port.
By default, no security mode is set on the port.
Example



# Set the security mode on Ethernet1/0/1 port to userlogin.

[Quidway-Ethernet1/0/1] port-security port-mode userlogin
1.1.11 port-security timer disableport
Syntax
port-security timer disableport timer

undo port-security timer disableport
View
System view
Parameter
timer: This argument ranges from 20 to 300 and defaults to 20 (in seconds)
Description
Use the port-security timer disableport command to set the time during which the
system temporarily disables a port.
Use undo port-security timer disableport command restore the default time.
1-14
Note:
The time set by the port-security timer disableport command takes effect when the
disableport-temporarily mode is set by the port-security intrusion-mode
command.
Example
# Set the time during which the system temporarily disables a port to 50 seconds.
[Quidway] port-security timer disableport 50
1.1.12 port-security trap
Syntax
port-security trap { addresslearned | intrusion | dot1xlogon | dot1xlogoff |

dot1xlogfailure | ralmlogon | ralmlogoff | ralmlogfailure }*
undo port-security trap { addresslearned | intrusion | dot1xlogon | dot1xlogoff |
dot1xlogfailure | ralmlogon | ralmlogoff | ralmlogfailure }*
View
System view
Parameter
addresslearned: Enables/disables the sending of MAC address learning trap

messages.
intrusion: Enables/disables the sending of intrusion packet discovery trap messages.
dot1xlogon: Enables/disables the sending of 802.1x user logon trap messages.
dot1xlogoff: Enables/disables the sending of 802.1x user logoff trap messages.
dot1xlogfailure: Enables/disables the sending of 802.1x user authentication failure
trap messages.
ralmlogon: Enables/disables the sending of RALM user logon trap messages.
ralmlogoff: Enables/disables the sending of RALM user logoff trap messages.
ralmlogfailure: Enables/disables the sending of RALM user authentication failure trap
messages.
1-15
Note:
RADIUS authenticated login using MAC-address (RALM) refers to MAC
address–based RADIUS authentication.
Description
Use the port-security trap command to enable the sending of the specified type(s) of
trap messages.
Use the undo port-security trap command to disable the sending of the specified
type(s) of trap messages.
By default, the system disables the sending of any types of trap messages.
Note:
This command is designed based on the Device Tracking feature. The Device Tracking
feature enables the switch to send trap messages in case special data packets
(generated by special actions such as illegal intrusion, and abnormal user logon/logoff)
pass through a port for the convenience of network administrator to monitor these
special actions.
When you use the display port-security command to view global information, the
system will display the trap messages enabled.
Related command: display port-security.
Example
# Allow the sending of the intrusion packet discovery trap messages.

[Quidway] port-security trap intrusion
1-16
Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 2 Port Binding Commands
Chapter 2 Port Binding Commands
2.1 Port Binding Commands

2.1.1 am user-bind interface
Syntax
am user-bind mac-addr mac-address ip-addr ip-address interface interface-type

interface-number
undo am user-bind mac-addr mac-address ip-addr ip-address interface
interface-type interface-number
View
System view
Parameter
mac-address: MAC address to be bound.

ip-address: IP address to be bound.
interface-type: Type of the port to be bound to.
interface-number: Number of the port to be bound to.
Description
Use the am user-bind interface command to bind the MAC and IP addresses of a
legal user to a specified port.
Use the undo am user-bind interface command to cancel the binding.
After such a binding operation, only the valid user's packets can pass through the port.
Note:
The system allows only one binding operation for the same MAC address.
Example
# Bind the legal user whose MAC address is 00e0-fc00-5101 and IP address is
10.153.1.1 to Ethernet1/0/1 port.
2-1
[Quidway] am user-bind mac-addr 00e0-fc00-5101 ip-addr 10.153.1.1 interface

Ethernet1/0/1
2.1.2 am user-bind
Syntax
am user-bind mac-addr mac-address ip-addr ip-address

undo am user-bind mac-addr mac-address ip-addr ip-address
View
Ethernet port view
Parameter
mac-address: MAC address to be bound.

ip-address: IP address to be bound.
Description
Use the am user-bind command to bind the MAC and IP addresses of a legal user to
the current port.
Use the undo am user-bind command to cancel the binding.
After such a binding operation, only the valid user's packets can pass through the port.
Note:
The system allows only one binding operation for the same MAC address.
Example
# Bind the legal user whose MAC address is 00e0-fc00-5102 and whose IP address is
10.153.1.2 to Ethernet1/0/2 port.
[Quidway-Ethernet1/0/2] am user-bind mac-addr 00e0-fc00-5102 ip-addr
10.153.1.2
2-2
2.1.3 display am user-bind
Syntax
display am user-bind [ interface interface-type interface-number | mac-addr |

ip-addr ]
View
Any view
Parameter
interface: Displays the binding information of specified interface.

interface-type: Specifies the interface type.
interface-number: Specifies the interface number.
mac-addr: Displays the binding information of MAC address.
ip-addr: Displays the binding information of IP address.
Description
Use the display am user-bind command to display the information about port binding.
Example
# Display the information about port binding.

<Quidway> display am user-bind
Following User address bind have been configured:
Mac IP Port
00e0-fc00-5101 10.153.1.1 Ethernet1/0/1
00e0-fc00-5102 10.153.1.2 Ethernet1/0/2
Unit 1:Total 2 found, 2 listed.
Total: 2 found.
The display shows that the following MAC addresses and IP addresses are bound to
two ports on Unit 1:
z MAC address 00e0-fc00-5101 and IP address 10.153.1.1 are bound to
Ethernet1/0/1.
z MAC address 00e0-fc00-5102 and IP address 10.153.1.2 are bound to
Ethernet1/0/2.
2-3
Command Manual - DLDP
Table of Contents
Chapter 1 DLDP Configuration Commands................................................................................ 1-1

1.1 DLDP Configuration Commands ....................................................................................... 1-1
1.1.1 display dldp ............................................................................................................. 1-1
1.1.2 dldp.......................................................................................................................... 1-2
1.1.3 dldp authentication-mode........................................................................................ 1-3
1.1.4 dldp interval ............................................................................................................. 1-4
1.1.5 dldp reset................................................................................................................. 1-5
1.1.6 dldp unidirectional-shutdown................................................................................... 1-5
1.1.7 dldp work-mode....................................................................................................... 1-6
1.1.8 dldp delaydown-timer .............................................................................................. 1-7
i
Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 DLDP Configuration Commands
Chapter 1 DLDP Configuration Commands
1.1 DLDP Configuration Commands

1.1.1 display dldp
Syntax
display dldp { unit-id | interface-type interface-number }
View
Any view
Parameter
unit-id: Unit number of the device.

Description
Use the display dldp command to display the DLDP configuration information of the
specified Unit or the specified port.
The configuration information includes the following:
z The configuration information of the DLDP-enabled port includes the interval,
authentication mode, password, DLDP operating mode, and handling mode when
a unidirectional link is found.
z The status information includes the neighbor status, local port status and link
status
z The neighbor table includes the MAC address, port ID, neighbor status and aging
time items.
Example
# Display information about all the DLDP-enabled ports on Unit 1.

<Quidway> display dldp 1
dldp interval 10
dldp work-mode enhance
dldp authentication-mode none
dldp unidirectional-shutdown manual
The port number of unit 1 with DLDP is 1.
1-1
dldp port state : advertisement
dldp link state : up
The neighbor number of the port is 1.
neighbor mac address : 00e0-fc27-750d
neighbor port index : 98
neighbor state : two way
neighbor aged time : 24
1.1.2 dldp
Syntax
dldp { enable | disable }
View
Parameter
None
Description
In system view:
Use the dldp enable command to enable DLDP globally on all optical ports of the
switch.
Use the dldp disable command to disable DLDP globally on all optical ports of the
switch.
In Ethernet port view:
Use the dldp enable command to enable DLDP on the current port.
Use the dldp disable command to disable DLDP on the current port.
The commands can apply to a non-optical port as well as an optical port.
By default, DLDP is disabled.
Note:
When you use the dldp enable/dldp disable commands in system view to
enable/disable DLDP globally on all optical ports of the switch, these commands are
only valid for the existing optical ports on the device, however, they are not valid for
those added subsequently.
1-2
Example
# Enable DLDP globally on all optical ports of the switch.

[Quidway] dldp enable
All fiber ports except fabric ports have enabled DLDP!
1.1.3 dldp authentication-mode
Syntax
dldp authentication-mode { none | simple simple-password | md5 md5-password }

undo dldp authentication-mode
View
System view
Parameter
none: Performs no authentication with the peer port.

simple: Sets the authentication mode with the peer port to plain text.
simple-password: Simple text authentication password, which is a string in plain text
consisting of 1 to 16 characters.
md5: Sets the authentication mode with the peer port to MD5.
md5-password: Authentication password with the peer port, which is a string in plain
text consisting of 1 to 16 characters, or the text correspond to the plain text.
Description
Use the dldp authentication-mode command to set the DLDP authentication mode
and password for the ports of the local and peer devices.
Use the undo dldp authentication-mode to cancel the DLDP authentication mode
and password for the ports of the local and peer devices.
By default, authentication mode is none.
Note that:
When you configure the DLDP authentication mode and authentication password,
make sure the same DLDP authentication mode and password are set for the ports of
the local and peer devices, which are connected with the optical fiber cable or copper
twisted pair. Otherwise, DLDP authentication fails. DLDP cannot work when DLDP
authentication fails.
1-3
Related command: dldp unidirectional-shutdown.
Example
# Set the DLDP authentication mode and password for the ports connected with fiber
cables or copper twisted pairs between Quidway A and Quidway B to plain text and abc
respectively.
z Configure Quidway A:
<QuidwayA> system-view
[QuidwayA] dldp authentication-mode simple abc
z Configure Quidway B:
<QuidwayB> system-view
[QuidwayB] dldp authentication-mode simple abc
1.1.4 dldp interval
Syntax
dldp interval integer

undo dldp interval
View
System view
Parameter
Integer: Interval of sending DLDP packets, in the range of 5 seconds to 100 seconds. It
is 10 seconds by default.
Description
Use the dldp interval command to set the interval of sending advertisement packets
when all the DLDP-enabled ports are in the Advertisement status.
Use the undo dldp interval command to restore the interval to the default value 10
seconds.
By default, the interval of sending advertisement packets is 10 seconds.
Note that:
z The interval you define is applicable to all DLDP-enabled ports.
z The interval must be shorter than one-third of the STP convergence time. If too
long an interval is set, an STP loop may occur before DLDP shuts down
unidirectional links. On the contrary, if too short an interval is set, network traffic
increases, and port bandwidth is reduced. Generally, the STP convergence time is
30 seconds.
1-4
Example
# Set the interval of sending advertisement packets to 20 seconds when all the
DLDP-enabled ports are in the Advertisement status.
[Quidway] dldp interval 20
1.1.5 dldp reset
Syntax
dldp reset
View
Parameter
None
Description
In system view:
Use the dldp reset command to reset the DLDP status of all the ports disabled by
DLDP.
In Ethernet port view:
Use the dldp reset command to reset the DLDP status of the current port disabled by
DLDP.
After the dldp reset command is executed, the DLDP status of these ports changes
from disable to active and DLDP restarts to probe the link status of the fiber cables or
copper twisted pairs.
Related command: dldp, and dldp unidirectional-shutdown.
Example
# Reset the DLDP status of all the ports disabled by DLDP.

[Quidway] dldp reset
1.1.6 dldp unidirectional-shutdown
Syntax
dldp unidirectional-shutdown { auto | manual }
1-5
undo dldp unidirectional-shutdown
View
System view
Parameter
auto: In this mode, when DLDP finds an unidirectional link or finds (in the enhanced
mode) that the peer port is down , it automatically disables the corresponding port.
manual: In this mode, when DLDP finds an unidirectional link or finds (in the enhanced
mode) that the peer port is down, instead of disabling the port automatically, it prompts
the user to disable the port manually and stops the DLDP packets sending/receiving on
the port at the same time.
Description
Use the dldp unidirectional-shutdown command to set the DLDP handling mode
when a unidirectional link is found.
Use the dldp unidirectional-shutdown command to restore the default setting.
By default, the operating mode of DLDP after unidirectional links are found is auto..
Related command: dldp work-mode.
Example
# Configure DLDP to automatically disable the corresponding port when a

unidirectional link is found.
[Quidway] dldp unidirectional-shutdown auto
1.1.7 dldp work-mode
Syntax
dldp work-mode { enhance | normal }

undo dldp work-mode
View
System view
Parameter
enhance: Configures DLDP to work in enhanced mode. In this mode, DLDP probes
actively whether neighbors exist when neighbor tables are aging.
1-6
normal: Configures DLDP to work in normal mode. In this mode, DLDP does not probe
actively whether neighbors exist when neighbor tables are aging.
Description
Use the dldp work-mode command to set the DLDP operating mode.
Use the undo dldp work-mode command to restore the default DLDP operating
mode.
By default, DLDP works in normal mode.
Note:
z When the DLDP protocol works in normal mode, the system can identify only one
type of unidirectional links: cross-connected fibers.
z When the DLDP protocol works in enhanced mode, the system can identify two
types of unidirectional links: the first type is the fiber which is cross connected, and
the second type is the fiber which is not connected or the fiber which is
disconnected.
Example
# Configure DLDP to work in enhanced mode.

[Quidway] dldp work-mode enhance
1.1.8 dldp delaydown-timer
Syntax
dldp delaydown-timer delaydown-time

undo dldp delaydown-timer
View
System view
Parameter
delaydown-time: Delaydown timer to be set (in seconds). This argument ranges from 1
to 5. By default, the delaydown timer expires after 1 second it is triggered.
Description
Use the dldp delaydown-timer command to set the delaydown timer.
1-7
Use the undo dldp delaydown-timer command to restore the default delaydown timer
setting.
Example
# Set the delaydown timer to 2 seconds.

[Quidway] dldp delaydown-timer 2
1-8
Command Manual – MAC Address Table
Table of Contents
Chapter 1 MAC Address Table Configuration Commands ....................................................... 1-1

1.1 MAC Address Table Configuration Commands................................................................. 1-1
1.1.1 display mac-address aging-time ............................................................................. 1-1
1.1.2 display mac-address ............................................................................................... 1-2
1.1.3 mac-address............................................................................................................ 1-4
1.1.4 mac-address max-mac-count.................................................................................. 1-5
1.1.5 mac-address timer .................................................................................................. 1-6
i
Command Manual – MAC Address Table Chapter 1 MAC Address Table Configuration
Chapter 1 MAC Address Table Configuration

Commands
Note:
This chapter describes the management of static, dynamic, and blackhole MAC
address entries. For information about the management of multicast MAC address
entries, refer to the section related to multicast protocol in Quidway S3900 Series
Ethernet Switches Command Manual.
1.1 MAC Address Table Configuration Commands

1.1.1 display mac-address aging-time
Syntax
display mac-address aging-time
View
Any view
Parameter
None
Description
Use the display mac-address aging-time command to display the aging time of the
dynamic MAC address entries in the MAC address table.
Related command: mac-address, mac-address timer, display mac-address.
Example
# Display the aging time of the dynamic MAC address entries.

<Quidway>display mac-address aging-time
Mac address aging time: 300s
The output information indicates that the aging time of the dynamic MAC address
entries is 300 seconds.
<Quidway> display mac-address aging-time
1-1
Mac address aging time: no-aging
The output information indicates that dynamic MAC address entries do not age out.
1.1.2 display mac-address
Syntax
display mac-address [ display-option ]
View
Any view
Parameter
display-option: Option used to display specific MAC address table information, as

described in Table 1-1.
Table 1-1 Description on the display-option argument
Value Description
Displays information about a specified
mac-address [ vlan vlan-id ]
MAC address entry.
{ static | dynamic | blackhole }
Displays information about dynamic,
[ interface interface-type
static, or blackhole MAC address
interface-number ] [ vlan vlan-id ]
entries.
[ count ]
Displays information about the MAC
interface interface-type
address entries concerning a specified
interface-number [ vlan vlan-id ] [ count ]
port.
Displays information about the MAC
vlan vlan-id [ count ] address entries concerning a specified
VLAN.
Displays the total number of the MAC
count address entries maintained by the
switch.
mac-address: MAC address.

static: Displays static MAC address entries. (A static MAC address entry does not age.)
dynamic: Displays dynamic MAC address entries. (A dynamic MAC address entry
ages with time.)
blackhole: Displays blackhole MAC address entries. (A blackhole MAC address entry
does not age.)
1-2
vlan-id: VLAN ID. This argument ranges from 1 to 4094.

count: Displays only the total number of the MAC address entries.
Description
Use the display mac-address command to display information about MAC address
entries in a MAC address table, including: MAC address, VLAN and port corresponding
to the MAC address, the type (static or dynamic) of a MAC address entry, aging time
and so on.
Example
# Display the information about the MAC address 00e0-fc01-0101.

<Quidway> display mac-address 00e0-fc01-0101
00e0-fc01-0101 1 Learned Ethernet1/0/1 AGING
# Display the MAC address entries for the port Ethernet1/0/4.

<Quidway> display mac-address interface Ethernet 1/0/4
000d-88f6-44ba 1 Learned Ethernet1/0/4 AGING
000d-88f7-9f7d 1 Learned Ethernet1/0/4 AGING
000d-88f7-b094 1 Learned Ethernet1/0/4 AGING
000f-e200-00cc 1 Learned Ethernet1/0/4 AGING
000f-e200-2201 1 Learned Ethernet1/0/4 AGING
000f-e207-f2e0 1 Learned Ethernet1/0/4 AGING
000f-e209-ecf9 1 Learned Ethernet1/0/4 AGING
--- 7 mac address(es) found on port Ethernet1/0/4 ---
# Display the total number of MAC address entries found in VLAN 2.

<Quidway> display mac-address vlan 2 count
9 mac address(es) found in vlan 2
Table 1-2 Description on the fields of the display mac-address command
Field Description
MAC ADDR MAC address
ID of the VLAN to which the network
VLAN ID device identified by the MAC address
belongs
The state of the MAC address. The
STATE value of this field can be “Static”,
“Learned”, and so on.
Port index (including port type and port
PORT INDEX
number)
1-3
Field Description
Indicates whether a MAC address entry
AGING TIME(s)
is aging
1.1.3 mac-address
Syntax
z In system view:
mac-address { static | dynamic | blackhole } mac-address interface interface-type
interface-number vlan vlan-id
undo mac-address [ mac-address-attribute ]
z In port view:
mac-address { static | dynamic | blackhole } mac-address vlan vlan-id
undo mac-address { static | dynamic | blackhole } mac-address vlan vlan-id
View
System view, port view
Parameter
static: Specifies that the MAC address entry to be added/updated is of static type.
dynamic: Specifies that the MAC address entry to be added/updated is of dynamic
type.
blackhole: Specifies the MAC address entry to be added/updated is of blackhole type.
mac-address: MAC address.
vlan-id: VLAN ID. This argument ranges from 1 to 4,094.
mac-address-attribute: String used to specify the MAC address entries to be removed,
as described in Table 1-3.
Table 1-3 Description on the mac-address-attribute argument
Value Description
{ static | dynamic | blackhole } Removes the static, dynamic, or
interface interface-type blackhole MAC address entries
interface-number concerning a specified port.
Removes the static, dynamic, or
{ static | dynamic | blackhole } vlan
blackhole MAC address entries
vlan-id
concerning a specified VLAN.
1-4
Value Description
{ static | dynamic | blackhole }
Removes a specified static, dynamic, or
mac-address [ interface interface-type
blackhole MAC address entry.
interface-number ] vlan vlan-id
interface interface-type Removes all the MAC address entries

interface-number concerning a specified port.
Removes all the MAC address entries
vlan vlan-id
concerning a specified VLAN.
mac-address [ interface interface-type Removes a specified MAC address
interface-number ] vlan vlan-id entry.
Description
Use the mac-address command to add/modify a MAC address entry.

Use the undo mac-address command to remove one or more MAC address entries.
When being executed in port view, these two commands only apply to the current port.
In this case, the interface keyword is unnecessary.
If the MAC address you input in the mac-address command already exists in the MAC
address table, the system will modify the attributes of the corresponding MAC address
entry according to your settings in the command.
You can remove all MAC address entries (unicast MAC addresses only) concerning a
specific port, or remove a specific type of MAC address entries, such as the addresses
learnt by the system, dynamic or static MAC address entries configured, or blackhole
addresses.
Example
# Configure a static MAC address entry with the following settings:

z MAC address: 00e0-fc01-0101
z Outbound port: Ethernet1/0/1 port
z Ethernet1/0/1 port belongs to VLAN 2.
[Quidway] mac-address static 00e0-fc01-0101 interface Ethernet 1/0/1 vlan 2
1.1.4 mac-address max-mac-count
Syntax
mac-address max-mac-count count

undo mac-address max-mac-count
1-5
View
Ethernet port view
Parameter
count: Maximum number of MAC addresses a port can learn. This argument ranges
from 0 to 4,096. A value of 0 disables the port from learning MAC addresses.
Description
Use the mac-address max-mac-count command to set the maximum number of MAC
addresses an Ethernet port can learn.
Use the undo mac-address max-mac-count command to cancel the limitation on the
number of MAC addresses an Ethernet port can learn.
By default, the number of MAC addresses an Ethernet port can learn is unlimited.
When you use the mac-address max-mac-count command, the port stops learning
MAC addresses after the number of MAC addresses it learned reaches the value of the
count argument you provided. You can use the undo command to cancel this limit so
that the port can learn an unlimited number of MAC addresses. By default, the port
learns an unlimited number of MAC addresses.
Related command: mac-address, mac-address timer.
Example
# Set the maximum number of MAC addresses Ethernet1/0/3 port can learn to 600.
[Quidway-Ethernet1/0/3] mac-address max-mac-count 600
1.1.5 mac-address timer
Syntax
mac-address timer { aging age | no-aging }

undo mac-address timer aging
View
System view
Parameter
aging age: Specifies the aging time (in seconds) for layer 2 dynamic MAC address
entries. The age argument ranges from 10 to 1000000 and defaults to 300.
no-aging: Specifies not to age dynamic MAC address entries.
1-6
Description
Use the mac-address timer command to set the aging time for dynamic MAC address
entries.
Use the undo mac-address timer command to restore the default aging time.
Set the aging time of dynamic MAC address entries as required but ensure that the
aging time does not decrease the layer 2 packet forwarding performance of the switch.
z If the aging time is too short, the MAC address entries that are still valid may be
removed. Upon receiving a packet destined for a MAC address that is already
removed, the switch broadcasts the packet through all its ports in the VLAN which
the packet belongs to. This decreases the operating performance of the switch.
z If the aging time is too long, MAC address entries may still exist even if they turn
invalid. This causes the switch to be unable to update its MAC address table in
time. In this case, the MAC address table cannot reflect the position changes of
network devices in time.
Example
# Set the aging time of MAC address entries to 500 seconds.

[Quidway] mac-address timer aging 500
1-7
Command Manual – Auto Detect
Table of Contents
Chapter 1 Auto Detect Configuration Commands ..................................................................... 1-1

1.1 Auto Detect Configuration Commands .............................................................................. 1-1
1.1.1 detect-group ............................................................................................................ 1-1
1.1.2 detect-list ................................................................................................................. 1-1
1.1.3 display detect-group................................................................................................ 1-2
1.1.4 option....................................................................................................................... 1-4
1.1.5 retry ......................................................................................................................... 1-5
1.1.6 timer loop................................................................................................................. 1-5
1.1.7 timer wait ................................................................................................................. 1-6
Chapter 2 Commands for Auto Detect Implementation ............................................................ 2-1

2.1 Commands for Auto Detect Implementation...................................................................... 2-1
2.1.1 ip route-static........................................................................................................... 2-1
2.1.2 standby detect-group .............................................................................................. 2-2
2.1.3 vrrp vrid track detect-group ..................................................................................... 2-3
i
Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 Auto Detect Configuration Commands
Chapter 1 Auto Detect Configuration Commands
1.1 Auto Detect Configuration Commands

1.1.1 detect-group
Syntax
detect-group group-number
undo detect-group group-number
View
System view
Parameter
group-number: Detecting group number ranging from 1 to 25.
Description
Use the detect-group command to create a detecting group and enter detecting
group view.
Use the undo detect-group command to remove a detecting group.
Example
# Create detecting group 10.

[Quidway] detect-group 10
[Quidway-detect-group-10]
1.1.2 detect-list
Syntax
detect-list list-number ip address ip-address [ nexthop ip-address ]

undo detect-list list-number ip address ip-address [ nexthop ip-address ]
View
Detecting group view
1-1
Parameter
list-number: Sequence number of the IP address to be added to the detecting group.

This argument ranges from 1 to 10.
ip address ip-address: Specifies the IP address (in dotted decimal notation) to be
detected.
nexthop ip-address: Specifies the next hop IP address.
Description
Use the detect-list command to add an IP address to a detecting group. This

command also specifies the order in which the IP addresses in a detecting group are
detected.
Use the undo detect-list command to specify to skip a specified IP address when
performing auto detect operations.
When performing auto detect operations, a switch detects the IP addresses by their
list-number values in an ascending order. Up to 100 IP addresses can be configured
in a detecting group. You can specify how the detecting result is generated using the
option command.
Related command: option.
Example
# Add the IP address of 202.13.1.55 to detecting group 10, with list-number set to 1,
the next hop IP address set to 1.2.3.4.
[Quidway-detect-group-10] detect-list 1 ip address 202.13.1.55 nexthop
1.2.3.4
1.1.3 display detect-group
Syntax
display detect-group [ group-number ]
View
Any view
Parameter
1-2
Description
Use the display detect-group command to display the configuration of a specified

detecting group or all detecting groups.
Example
# Display the configuration of detecting group 1.

<Quidway> display detect-group 1
detect-group 1 :
detect loop time(s) : 15
ping wait time(s) : 2
detect retry times : 2
detect ip option : and
group state : not detecting
register module num : 0
detect ip count : 1
detect-list ip address next hop
1 202.13.1.55 1.2.3.4
Table 1-1 Description on the fields of the display detect-group command
Field Description
detect-group 1 Detecting group number 1
detect loop time(s): 15 Detecting interval is 15 seconds.
ping wait time(s): 2 Timeout time of a ping operation is two seconds.

detect retry times: 2 Number of retries of an auto detect operation is 2.
A detecting group is reachable only when all the IP
detect ip option: and
addresses contained in it are reachable.
group state: not
Current state of a detecting group is "not detecting".
detecting
Number of registered modules (that is, the number of the
register module num: 0
modules utilizing the detecting group.)
detect ip number: 1 Number of the IP addresses contained in a detecting group
Sequence number of an IP address contained in a
detect-list
detecting group
ip address IP address to be detected
next hop Next hop IP address
1-3
1.1.4 option
Syntax
option [ and | or ]
undo option
View
Parameter
and: Specifies the detecting result is reachable only when all the IP addresses
contained in the detecting group are reachable.
or: Specifies the detecting result is reachable if one of the IP addresses contained in
the detecting group is reachable.
Description
Use the option command to specify the way to generate detecting results.
Use the undo option command to restore the default way to generate detecting
results.
By default, the and keyword is specified.
When a detecting operation is being carried out, the switch detects each IP address
contained in the detecting group in an ascending order by the list-number values of
the IP addresses.
z If you specify the and keyword, the switch returns unreachable as the detecting
result when the switch fails to ping an IP address contained in the detecting
group and stops detecting.
z If you specify the or keyword, the switch returns reachable as the detecting
result if the switch succeeds in pinging an IP address contained in the detecting
group and stops detecting.
Example
# Specify the or keyword for detecting group 10.

[Quidway-detect-group-10] option or
1-4
1.1.5 retry
Syntax
retry retry-times
View
Parameter
retry-times: Retry times during a detect operation. This argument ranges from 0 to 10
and defaults to 2.
Description
Use the retry command to set the maximum retry times during a detect operation.
Example
# Specify the maximum number of retires to 3 for detecting group 10.

[Quidway-detect-group-10] retry 3
1.1.6 timer loop
Syntax
timer loop seconds
View
Parameter
seconds: Detecting interval. This argument ranges form 1 to 86,400 (in seconds) and
defaults to 15.
Description
Use the timer loop command to set the detecting interval, that is, the frequency to
perform auto detect operations.
Example
# Set the detecting interval to 60 seconds for detecting group 10.

1-5

[Quidway-detect-group-10] timer loop 60
1.1.7 timer wait
Syntax
timer wait seconds
View
Parameter
seconds: Timeout time of detect operations. This argument ranges from 1 to 30 (in
seconds) and defaults to 2.
Description
Use the timer wait command to set the timeout time for detect operations.
Example
# Set the timeout time to 3 seconds for detecting group 10.

[Quidway-detect-group-10] timer wait 3
1-6
Command Manual – Auto Detect Chapter 2 Commands for Auto Detect
Quidway S3900 Series Ethernet Switches-Release 1510 Implementation
Chapter 2 Commands for Auto Detect

Implementation
Note:
z Refer to the Routing Protocol chapter in this manual for information about static
routing.
z Refer to the VRRP chapter in this manual for information about VRRP.
2.1 Commands for Auto Detect Implementation

Syntax
ip route-static ip-address { mask | mask-length } next-hop [ preference

preference-value ] [ reject | blackhole ] detect-group group-number
undo ip route-static ip-address { mask | mask-length } [ next-hop ] [ preference
preference-value ]
View
System view
Parameter
ip-address: IP address in dotted decimal notation.

mask: Subnet mask.
mask-length: Length of the subnet mask, that is, the number of successive bits in the
subnet mask whose values are 1.
interface-type: Type of the next hop egress interface.
interface-number: Number of the next hop egress interface.
next-hop: Next hop IP address in dotted decimal notation.
preference-value: Priority of the route. This argument ranges from 1 to 255.
reject: Specifies the route to be unreachable. If you specify this keyword when
executing this command, any packet destined for the specified IP address is discarded,
and the system informs the source that the destination is unreachable.
2-1
blackhole: Specifies the route to be a blackhole route. If you specify this keyword when
executing this command, all outbound interfaces of the static route are the Null 0
interfaces regardless of the next hop. In addition, the system discards any packet
transmitted along this route without informing the source.
Description
Use the ip route-static command to configure a static route, whose validity depends
on detecting results as follows:
z The route is valid when the detecting result is reachable.
z The route is invalid when the detecting result is unreachable.
Use the undo ip route-static command to remove an existing static route.
Example
# Configure a static route to 192.168.0.5/24 with 192.168.0.2 as the next hop. The route
is to be enabled when the result of detecting group 10 is reachable.
[Quidway] ip route-static 192.168.0.5 24 192.168.0.2 detect-group 10
2.1.2 standby detect-group
Syntax
standby detect-group group-number

undo standby detect-group group-number
View
VLAN interface view
Parameter
Description
Use the standby detect-group command to enable the VLAN interface backup
function by using the auto detect function.
Use the undo standby detect-group command to disable the VLAN interface backup
function.
You can enable VLAN interface backup function according to auto detecting results in
the following ways:
z Enable the primary interface when the result of the detecting group is reachable.
2-2
z Enable the secondary interface when the result of the detecting group is
unreachable.
z When the link between the primary VLAN interface and the destination comes
back up, that is, the result of the detecting group is reachable again, the system
enables the primary VLAN interface and shuts down the secondary.
Example
# Specify to enable VLAN interface 2 when the result of detecting group 10 is

unreachable.
[Quidway] interface vlan-interface 2
[Quidway-Vlan-interface2] standby detect-group 10
2.1.3 vrrp vrid track detect-group
Syntax
vrrp vrid virtual-router-id track detect-group group-number [ reduced

value-reduced ]
undo vrrp vrid virtual-router-id track detect-group group-number
View
VLAN interface view
Parameter
virtual-router-id: Virtual router ID ranging from 1 to 255.

value-reduced: Value by which the priority is to be reduced. This argument ranges from
1 to 255 and defaults to 10.
Description
Use the vrrp vrid command to enable the auto detect function when employing VRRP.
Use the undo vrrp vrid command to disable the auto detect function when employing
VRRP.
You can control the priority of a VRRP backup group according to the result of a
detecting group to enable automatic switch between the primary switch and the
secondary switch. That is,
z Decrease the priority of a backup group when the result of the detecting group is
unreachable.
z Restore the priority of a backup group when the result of the detecting group is
reachable.
2-3
Note:
Currently, auto detect in VRRP is only supported in S3900-EI series switches.
Example
# Create detecting group 10 and specify to detect the IP address of 202.12.1.55.

[Quidway-detect-group-10] detect-list 1 ip address 202.12.1.55
# Specify to decrease the priority of backup group 1 by 20 when the result of detecting
group 10 is unreachable.
[Quidway-Vlan-interface2] vrrp vrid 1 track detect-group 10 reduced 20
2-4
Command Manual – MSTP
Table of Contents
Chapter 1 MSTP Configuration Commands ............................................................................... 1-1

1.1 MSTP Configuration Commands ....................................................................................... 1-1
1.1.1 active region-configuration ...................................................................................... 1-1
1.1.2 bpdu-drop any ......................................................................................................... 1-2
1.1.3 check region-configuration ...................................................................................... 1-2
1.1.4 display stp ............................................................................................................... 1-4
1.1.5 display stp region-configuration .............................................................................. 1-5
1.1.6 instance ................................................................................................................... 1-6
1.1.7 region-name ............................................................................................................ 1-8
1.1.8 reset stp................................................................................................................... 1-8
1.1.9 revision-level ........................................................................................................... 1-9
1.1.10 stp........................................................................................................................ 1-10
1.1.11 stp bpdu-protection ............................................................................................. 1-11
1.1.12 stp bridge-diameter ............................................................................................. 1-12
1.1.13 stp compliance .................................................................................................... 1-13
1.1.14 stp config-digest-snooping .................................................................................. 1-14
1.1.15 stp cost ................................................................................................................ 1-15
1.1.16 stp edged-port ..................................................................................................... 1-16
1.1.17 stp interface......................................................................................................... 1-17
1.1.18 stp interface config-digest-snooping ................................................................... 1-18
1.1.19 stp interface cost ................................................................................................. 1-20
1.1.20 stp interface edged-port ...................................................................................... 1-21
1.1.21 stp interface loop-protection................................................................................ 1-22
1.1.22 stp interface mcheck ........................................................................................... 1-23
1.1.23 stp interface no-agreement-check....................................................................... 1-24
1.1.24 stp interface point-to-point................................................................................... 1-25
1.1.25 stp interface port priority...................................................................................... 1-27
1.1.26 stp interface root-protection ................................................................................ 1-28
1.1.27 stp interface transmit-limit ................................................................................... 1-29
1.1.28 stp loop-protection............................................................................................... 1-30
1.1.29 stp max-hops....................................................................................................... 1-31
1.1.30 stp mcheck .......................................................................................................... 1-32
1.1.31 stp mode.............................................................................................................. 1-32
1.1.32 stp no-agreement-check ..................................................................................... 1-33
1.1.33 stp pathcost-standard.......................................................................................... 1-34
1.1.34 stp point-to-point ................................................................................................. 1-36
1.1.35 stp port priority..................................................................................................... 1-37
1.1.36 stp priority............................................................................................................ 1-38
i
1.1.37 stp region-configuration....................................................................................... 1-39

1.1.38 stp root primary ................................................................................................... 1-40
1.1.39 stp root secondary............................................................................................... 1-41
1.1.40 stp root-protection ............................................................................................... 1-42
1.1.41 stp tc-protection................................................................................................... 1-43
1.1.42 stp timer forward-delay........................................................................................ 1-44
1.1.43 stp timer hello ...................................................................................................... 1-45
1.1.44 stp timer max-age ............................................................................................... 1-46
1.1.45 stp timer-factor .................................................................................................... 1-47
1.1.46 stp transmit-limit .................................................................................................. 1-48
1.1.47 vlan-mapping modulo.......................................................................................... 1-49
Chapter 2 BPDU Tunnel Configuration Commands .................................................................. 2-1

2.1 BPDU Tunnel Configuration Commands........................................................................... 2-1
2.1.1 vlan-vpn tunnel ........................................................................................................ 2-1
ii
Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 MSTP Configuration Commands
Chapter 1 MSTP Configuration Commands
1.1 MSTP Configuration Commands

1.1.1 active region-configuration
Syntax
active region-configuration
View
MST region view
Parameter
None
Description
Use the active region-configuration command to activate the settings of an MST

(multiple spanning tree) region.
Configuring MST region-related parameters (especially the VLAN mapping table) result
in spanning trees being regenerated. To reduce network topology jitter caused by the
configuration, MSTP (multiple spanning tree protocol) does not regenerate spanning
trees immediately after the configuration; it does this only after you activate the new
MST region-related settings or enable MSTP, and then the new settings can really take
effect.
This command causes the switch to operate with the new MST region-related settings
you configured and spanning trees to be regenerated.
Related command: instance, region-name, revision-level, vlan-mapping modulo,
and check region-configuration.
Example
# Activate the MST region-related settings.

[Quidway] stp region-configuration
[Quidway-mst-region] active region-configuration
1-1
1.1.2 bpdu-drop any
Syntax
bpdu-drop any
undo bpdu-drop any
View
Ethernet port view
Parameter
None
Description
Use the bpdu-drop any command to configure the BPDU packets drop function on an
Ethernet port.
Use the undo bpdu-drop any command to disable the BPDU packets drop function on
an Ethernet port.
By default, the BPDU packets drop function is disabled on a port.
In an STP-enabled network, someone may ceaselessly send BPDU packets to a switch
for malicious purpose. The switch forwards BPDU packets to other switches by
receiving them, making the STP calculation occurs constantly. Those result in high
CPU consumption, error protocol state of BPDU packets, and so on.
To avoid those problems, you can enable the BPDU packets drop function on the
Ethernet port of the switch. With this function enabled, the port will neither receive nor
forward the BPDU packets, so as to avoid the BPDU packets attack and ensure correct
STP calculation.
Example
# Enable the BPDU packets drop function on Ethernet1/0/1.

[Quidway-Ethernet1/0/1] bpdu-drop any
1.1.3 check region-configuration
Syntax
check region-configuration
View
MST region view
1-2
Parameter
None
Description
Use the check region-configuration command to display the current MST region
configuration (maybe inactivated), including region name, revision level, and VLAN
mapping table.
MSTP-enabled switches are in the same region only when they have the same MST
region-related configuration. A switch cannot be in a respected region if any one of the
above three MST region-related settings does not be consistent with that of another
switch in the region.
You can use this command to find the MST region the switch currently belongs to or
check to see whether or not the MST region-related configuration is correct.
Related command: instance, region-name, revision-level, vlan-mapping modulo,
and active region-configuration.
Example
# Display the MST region configuration of the current switch.

[Quidway-mst-region] check region-configuration
Admin Configuration
Format selector :0
Region name :00e0fc003900
Revision level :0
Instance Vlans Mapped

0 1 to 9, 11 to 4094
16 10
Table 1-1 Description on the fields of the check region-configuration command
Field Description
Format selector The selector specified by MSTP
Region name The name of the MST region
Revision level The revision level of the MST region
Spanning tree instance-to-VLAN mappings in the
MST region
1-3
1.1.4 display stp
Syntax
display stp [ instance instance-id ] [ interface interface-list | slot slot-number ] [ brief ]
View
Any view
Parameter
instance-id: ID of the spanning tree instance ranging from 0 to 16. A value of 0 specifies
the common and internal spanning tree (CIST).
interface-list: Ethernet port list. You can specify multiple Ethernet ports by providing this
argument in the form of interface-list = { interface-type interface-number [ to
provide up to 10 port indexes/port index ranges for this argument.
Slot slot-number: Specifies a slot, the STP-related information about which is to be
displayed.
brief: Displays only port state and protection measures taken on the port.
Description
Use the display stp command to display the state and statistical information about one
or all spanning trees.
The state and statistical information about MSTP can be used to analyze and maintain
the topology of a network. It also can be used to make MSTP operating properly.
z If neither spanning tree instance nor port list is specified, the command displays
spanning tree information about all spanning tree instances on all ports in order of
port number.
z If only a spanning tree instance is specified, the command displays information
about the specified spanning tree instance on all ports in the order of the port
number.
z If only a port list is specified, the command displays information about all spanning
tree instances on these ports in the order of the port number.
z If both a spanning tree instance and a port list are specified, the command
displays spanning tree information about the specified spanning tree instance and
the specified ports in order of spanning tree instance ID.
MSTP state information includes:
z Global CIST parameters: Protocol operation mode, switch priority in the CIST
instance, MAC address, Hello time, Max age, Forward delay, Max hops, the
common root of the CIST, the external path cost for the switch to reach the CIST
common root, region root, the internal path cost for the switch to reach the region
1-4
root, CIST root port of the switch, the state of the BPDU (bridge protocol data unit)
protection function (enabled or disabled), and the state of the digest snooping
feature (enabled or disabled).
z CIST port parameters: Port protocol, port role, port priority, path cost, designated
bridge, designated port, edge port/non-edge port, whether or not the link on the
port is a point-to-point link, the maximum transmitting speed, type of the enabled
protection function, state of the digest snooping feature (enabled or disabled),
VLAN mappings, Hello time, Max age, Forward delay, Message-age time, and
Remaining-hops.
z Global MSTI parameters: MSTI instance ID, bridge priority of the instance, region
root, internal path cost, MSTI root port, and master bridge.
z MSTI port parameters: Port state, role, priority, path cost, designated bridge,
designated port, and Remaining Hops.
The statistical information includes: the numbers of the TCN BPDUs, the configuration
BPDUs, the RST BPDUs, and the MST BPDUs transmitted/received by each port.
Related command: reset stp.
Example
# Display the state and statistical information about a spanning tree.

<Quidway> display stp instance 0 interface Ethernet 1/0/1 to Ethernet 1/0/4
brief
MSTID Port Role STP State Protection
0 Ethernet1/0/1 ALTE DISCARDING LOOP
0 Ethernet1/0/2 DESI FORWARDING NONE
Table 1-2 Description on the fields of the display stp command
Field Description
MSTID ID of a spanning tree instance in the MST region
Port Port index
Role Port role
STP State STP state on the port, which can be forwarding and discarding.
Protection Protection type of the port
1.1.5 display stp region-configuration
Syntax
display stp region-configuration
1-5
View
Any view
Parameter
None
Description
Use the display stp region-configuration command to display the activated MST
region configuration, including the region name, region revision level, and spanning
tree instance-to-VLAN mappings configured for the switch.
Related command: stp region-configuration.
Example
# Display the activated MST region configuration.

<Quidway> display stp region-configuration
Oper Configuration
Format selector :0
Region name :hello
Revision level :0

0 21 to 4094
1 1 to 10
2 11 to 20
Table 1-3 Description on the fields of the display stp region-configuration command
Field Description
Format selector The selector specified by MSTP
Region name The name of the MST region
Revision level The revision level of the MST region
Spanning tree instance-to-VLAN mappings in the
MST region
1.1.6 instance
Syntax
instance instance-id vlan vlan-list

undo instance instance-id [ vlan vlan-list ]
1-6
View
MST region view
Parameter
instance-id: ID of a spanning tree instance ranging from 0 to 16. A value of 0 specifies

the CIST.
vlan-list: List of VLANs. You need to provide this argument in the form of vlan-list =
{ vlan-id [ to vlan-id ] }&<1-10>, where &<1-10> means that you can provide up to 10
VLAN IDs/VLAN ID ranges for this argument. Normally, a VLAN ID can be a number
ranging from 1 to 4094. VLANs with their IDs beyond this range (if the switch supports
this kind VLAN IDs), such as VLAN 4095, VLAN 4096, can only be mapped to the CIST
(spanning tree instance 0).
Description
Use the instance command to map specified VLANs to a specified spanning tree
instance.
Use the undo instance command to remove the mappings from the specified VLANs
to the specified spanning tree instance and remap the specified VLANs to the CIST
(spanning tree instance 0). If you specify no VLAN in the undo instance command, all
VLANs that are mapped to the specified spanning tree instance are remapped to the
CIST.
By default, all VLANs are mapped to the CIST.
VLAN-to-spanning tree instance mappings are recorded in the VLAN mapping table of
an MSTP switch. So these two commands are actually used to manipulate the VLAN
mapping table. You can add/remove a VLAN to/from the VLAN mapping table of a
specific spanning tree instance by using these two commands.
Note that a VLAN cannot be mapped to multiple spanning tree instances at the same
time. A VLAN-to-spanning tree instance mapping is automatically removed if you map
the VLAN to another spanning tree instance.
Related command: region-name, revision-level, vlan-mapping modulo, check
region-configuration, and active region-configuration.
Example
# Map VLAN 2 to spanning tree instance 1.

[Quidway-mst-region] instance 1 vlan 2
1-7
1.1.7 region-name
Syntax
region-name name
undo region-name
View
MST region view
Parameter
name: MST region name to be set for the switch, a string of 1 to 32 characters.
Description
Use the region-name command to set an MST region name for a switch.
Use the undo region-name command to revert to the default MST region name.
The default MST region name of a switch is its MAC address.
MST region name, along with VLAN mapping table and MSTP revision level,
determines the MST region which a switch belongs to.
Related command: instance, revision-level, check region-configuration,
vlan-mapping modulo, and active region-configuration.
Example
# Set the MST region name of the switch to “hello”.

[Quidway-mst-region] region-name hello
1.1.8 reset stp
Syntax
reset stp [ interface interface-list ]
View
User view
Parameter
1-8

Description
Use the reset stp command to clear spanning tree-related statistics on Ethernet ports.
The spanning tree statistics include the numbers of the TCN BPDUs, configuration
BPDUs, RST BPDUs, and MST BPDUs sent/received through one or more specified
ports or all ports (note that STP BPDUs and TCN BPDUs are counted only for CISTs.)
This command clears the spanning tree-related statistics on specified ports if you
specify the interface-list argument. If you do not specify the interface-list argument, this
command clears the spanning tree-related statistics on all ports.
Related command: display stp.
Example
# Clear the spanning tree-related statistics on ports Ethernet1/0/1 through

Ethernet1/0/3.
<Quidway> reset stp interface Ethernet 1/0/1 to Ethernet 1/0/3
1.1.9 revision-level
Syntax
revision-level level
undo revision-level
View
MST region view
Parameter
level: MSTP revision level to be set for the switch. This argument ranges from 0 to
65,535. By default, the MSTP revision level of a switch is 0.
Description
Use the revision-level command to set the MSTP revision level for a switch.
Use the undo revision-level command to revert to the default revision level.
MSTP revision level, along with MST region name and VLAN mapping table,
determines the MST region which a switch belongs to.
Related command: instance, region-name, check region-configuration,
vlan-mapping modulo, and active region-configuration.
1-9
Example
# Set the MSTP revision level of the MST region to 5.

[Quidway-mst-region] revision-level 5
1.1.10 stp
Syntax
stp { enable | disable }

undo stp
View
Parameter
enable: Enables MSTP globally or on a port.

disable: Disables MSTP globally or on a port.
Description
Use the stp command to enable/disable MSTP globally or on a port.

Use the undo stp command to revert to the default MSTP state globally or on a port.
By default, MSTP is disabled.
After MSTP is enabled, the actual operation mode, which can be STP-compatible mode,
RSTP-compatible mode, and MSTP mode, is determined by the protocol mode
configured by users. A switch becomes a transparent bridge if MSTP is disabled.
After being enabled, MSTP maintains spanning trees by processing configuration
BPDUs of different VLANs. After being disabled, it stops maintaining spanning trees.
Related command: stp mode, and stp interface.
Example
# Enable MSTP globally.

[Quidway] stp enable
# Disable MSTP on Ethernet1/0/1 port.

1-10

[Quidway-Ethernet1/0/1] stp disable
1.1.11 stp bpdu-protection
Syntax
stp bpdu-protection
undo stp bpdu-protection
View
System view
Parameter
None
Description
Use the stp bpdu-protection command to enable the BPDU protection function.
Use the undo stp bpdu-protection command to revert to the default state of the
BPDU protection function.
By default, the BPDU protection function is disabled.
Normally, the access ports of the devices operating on the access layer directly connect
to terminals (such as PCs) or file servers. These ports are usually configured as edge
ports to achieve rapid transition. But they resume non-edge ports automatically upon
receiving configuration BPDUs, which causes spanning trees regeneration and
network topology jitter.
Normally, no configuration BPDU will reach edge ports. But malicious users can attack
a network by sending configuration BPDUs deliberately to edge ports to cause network
jitter. You can prevent this type of attacks by utilizing the BPDU protection function.
With this function enabled on a switch, the switch shuts down the edge ports that
receive configuration BPDUs and then reports these cases to the administrator. If a port
is shut down, only the administrator can restore it.
Example
# Enable the BPDU protection function.

[Quidway] stp bpdu-protection
1-11
Caution:
As Gigabit ports of an S3900 series switch cannot be shut down, the BPDU protection
function is not applicable to these ports even if you enable the BPDU protection
function and specify these ports to be MSTP edge ports.
1.1.12 stp bridge-diameter
Syntax
stp bridge-diameter bridgenum

undo stp bridge-diameter
View
System view
Parameter
bridgenum: Network diameter to be set for a switched network. This argument ranges
from 2 to 7 and defaults to 7.
Description
Use the stp bridge-diameter command to set the network diameter of a switched
network. The network diameter of a switched network is represented by the maximum
possible number of switches between any two terminals in a switched network.
Use the undo stp bridge-diameter command to revert to the default network diameter.
After you configure the network diameter of a switched network, MSTP adjusts its Hello
time, Forward delay, and Max age settings accordingly. With the network diameter set
to 7 (the default), the three time-relate settings, Hello time, Forward delay, and Max age,
are set to their defaults as well.
The stp bridge-diameter command only applies to CIST; it is invalid for MSTIs.
Related command: stp timer forward-delay, stp timer hello, and stp timer max-age.
Example
# Set the network diameter to 5.

[Quidway] stp bridge-diameter 5
1-12
1.1.13 stp compliance
Syntax
stp compliance { auto | legacy | dot1s }
undo stp compliance
View
Ethernet port view
Parameter
auto: Sets the MSTP packet format as auto.

legacy: Sets the MSTP packet format as legacy.
dot1s: Sets the MSTP packet format as dot1s.
Description
Use the stp compliance command to set the MSTP packet format of a port.
Use the undo stp compliance command to restore the default MSTP packet format.
By default, the MSTP packet format is legacy.
z With the MSTP packet format set to auto, the port automatically determines the
format of the packets to be transmitted according to that of the received MSTP
packets. If the format of the received packets changes repeatedly, MSTP will shut
down the corresponding port to prevent network storm. A port shut down in this
way can only be enabled again by the network administrator.
z With the MSTP packet format set to legacy, the port only processes and
transmits MSTP packets in legacy format. If packets in dot1s format are received,
the corresponding ports are set as discarding ports to prevent network storm.
z With the MSTP packet format set to dot1s, the port only processes and transmits
MSTP packets in dot1s format. If packets in legacy format are received, the
corresponding ports are set as discarding ports to prevent network storm.
z All the ports in an aggregation group use the same MSTP packet format.
Example
# Configure MSTP packet format as dot1s (802.1s).

Enter system view, return to user view with Ctrl+Z.
[Quidway-Ethernet1/0/1] stp compliance dot1s
1-13
# Restore the default MSTP packet format.

[Quidway-Ethernet1/0/1] undo stp compliance
1.1.14 stp config-digest-snooping
Syntax
stp config-digest-snooping
undo stp config-digest-snooping
View
Ethernet port view
Parameter
None
Description
Use the stp config-digest-snooping command to enable the digest snooping feature.
Use the undo stp config-digest-snooping command to disable the digest snooping
feature.
The digest snooping feature is disabled by default.
According to IEEE 802.1s, two connected switches can interwork with each other
through MSTIs in an MST region only when the two switches have the same MST
region-related configuration. With MSTP employed, interconnected switches determine
whether or not they are in the same MST region by checking the configuration IDs of
the BPDUs between them. (A configuration ID contains information such as region ID
and configuration digest.)
As some partners' switches adopt proprietary spanning tree protocols, they cannot
interwork with other switches in an MST region even if they are configured with the
same MST region-related settings as other switches in the MST region.
This kind of problems can be overcome by implementing the digest snooping feature. If
a switch port is connected to a partner's switch that has the same MST region-related
settings but adopts a proprietary spanning tree protocol, you can enable digest
snooping on the port. Then the switch regards the peer switch connected to the port as
in the same region and records the configuration digests carried in the BPDUs received
from the switch, which will be put in the BPDUs to be send to the peer switch.. In this
way, the switch can interwork with the partners' switches in an MST region.
1-14
Note:
z The digest snooping feature is needed only when your S3900 series switch is
connected to partner's proprietary protocol-adopted switches.
z To enable the digest snooping feature successfully, you must first enable it on all the
switch ports that connect to partner's proprietary protocol-adopted switches and
then enable it globally.
z To enable the digest snooping feature, the interconnected switches must be
configured with exactly the same MST settings.
z The digest snooping feature must be enabled on all the switch ports that connect to
partners' proprietary protocol-adopted switches in the same MST region.
z With the digest snooping feature enabled, the VLAN-to-MSTI mapping cannot be
modified.
z The digest snooping feature is not applicable to MST region edge ports.
Example
# Enable the digest snooping feature for Ethernet1/0/1 port.

[Quidway-Ethernet1/0/1] stp config-digest-snooping
[Quidway-Ethernet1/0/1] quit
[Quidway]stp config-digest-snooping
1.1.15 stp cost
Syntax
stp [ instance instance-id ] cost cost

undo stp [ instance instance-id ] cost
View
Ethernet port view
Parameter
instance-id: ID of a spanning tree instance ranging from 0 to 16. A value of 0 specifies

the CIST.
cost: Path cost to be set for the port. This argument ranges from 1 to 200,000.
1-15
Description
Use the stp cost command to set the path cost of the current port in a specified
spanning tree instance.
Use the undo stp cost command to revert to the default path cost of the current port in
the specified spanning tree instance.
By default, a switch automatically calculates the path costs of a port in different
spanning tree instances based on a specified standard.
If you specify the instance-id argument to be 0 or do not specify this argument, the stp
cost command sets the path cost of the port on CIST.
The path costs of a port in spanning tree instances affect the roles of the ports in the
spanning tree instances. By configuring different path costs for the same port in
different MSTIs, you can make flows of different VLANs traveling along different
physical links, so as to achieve VLAN-based load balancing. Changing the path cost of
a port in a spanning tree instance may change the role of the port in the instance and
put it in state transition.
Related command: stp interface cost.
Example
# Set the path cost of Ethernet1/0/3 port in spanning tree instance 2 to 200.
[Quidway-Ethernet1/0/3] stp instance 2 cost 200
1.1.16 stp edged-port
Syntax
stp edged-port { enable | disable }

undo stp edged-port
View
Ethernet port view
Parameter
enable: Configures the current Ethernet port as an edge port.

disable: Configures the current Ethernet port as a non-edge port.
Description
Use the stp edged-port enable command to configure the current Ethernet port as an
edge port.
1-16
Use the stp edged-port disable command to configure the current Ethernet port as a
non-edge port.
Use the undo stp edged-port command to restore the current Ethernet port to its
default state.
By default, all Ethernet ports of a switch are non-edge ports.
An edge port is a port that is directly connected to a user terminal instead of another
switch or a network segment. Rapid transition is applied to edge ports because, on
these ports, no loops can be incurred by network topology changes. You can enable a
port to transit to the forwarding state rapidly by setting it to an edge port. And you are
recommended to configure the Ethernet ports directly connected to user terminals as
edge ports to enable them to transit to the forwarding state rapidly.
Normally, configuration BPDUs cannot reach an edge port because the port is not
connected to another switch. But when the BPDU protection function is disabled on an
edge port, configuration BPDUs sent deliberately by a malicious user may reach the
port. If an edge port receives a BPDU, it turns to a non-edge port.
Related command: stp interface edged-port.
Caution:
Among loop prevention function, root protection function and edge port setting, only
one can be valid on a port at one time.
Example
# Configure Ethernet1/0/1 port as a non-edge port.

[Quidway-Ethernet1/0/1] stp edged-port disable
1.1.17 stp interface
Syntax
stp interface interface-list { enable | disable }
View
System view
1-17
Parameter
enable: Enables MSTP on the specified ports.
disable: Disables MSTP on the specified ports.
Description
Use the stp interface command to enable or disable MSTP on specified ports in
system view.
By default, MSTP is enabled on the ports of a switch if MSTP is globally enabled on the
switch, and is disabled on the ports if MSTP is globally disabled.
An MSTP-disabled port does not participate in any calculation of spanning tree and is
always in forwarding state.
Caution:
Disabling MSTP on ports may result in loops.
Related command: stp mode, stp.
Example
# Enable MSTP on Ethernet1/0/1 port in system view.

[Quidway] stp interface Ethernet 1/0/1 enable
1.1.18 stp interface config-digest-snooping
Syntax
stp interface interface-list config-digest-snooping

undo stp interface interface-list config-digest-snooping
View
System view
1-18
Parameter
argument in the format of interface-list ={ interface-type interface-number [ to
Description
Use the stp interface config-digest-snooping command to enable the digest

snooping feature.
Use the undo stp interface config-digest-snooping command to disable the digest
snooping feature.
By default, the digest snooping feature is disabled.
According to IEEE 802.1s, two interconnected MSTP switches can interwork with each
other through MSTIs in an MST region only when the two switches have the same MST
region-related configuration. Interconnected MSTP switches determine whether or not
they are in the same MST region by checking the configuration IDs of the BPDUs
between them. (A configuration ID contains information such as region ID and
configuration digest.)
As some partners' switches adopt proprietary spanning tree protocols, they cannot
interwork with other switches in an MST region even if they are configured with the
same MST region-related settings as other switches in the MST region.
This problem can be overcome by implementing the digest snooping feature. If a port
on an S3900I series switch is connected to a partner's switch that has the same MST
region-related settings as its own but adopts a proprietary spanning tree protocol, you
can enable digest snooping on the port. Then the S3900 switch regards the partner's
switch as in the same region; it records the configuration digests carried in the BPDUs
received from the partner's switch, and put them in the BPDUs to be send to the
partner's switch. In this way, the S3900 switches can interwork with the partners'
switches in the same MST region.
1-19
Note:
z The digest snooping feature is needed only when your S3900 series switch is
connected to partner's proprietary protocol-adopted switches.
z To enable the digest snooping feature successfully, you must first enable it on all the
ports of your S3900 series switch that are connected to partner's proprietary
protocol-adopted switches and then enable it globally.
z To enable the digest snooping feature, the interconnected switches must be
configured with exactly the same MST region-related configuration.
z The digest snooping feature must be enabled on all the ports of your S3900 series
switch that are connected to partners' proprietary protocol-adopted switches in the
same MST region.
z With the digest snooping feature enabled, the VLAN-to-MSTI mapping cannot be
modified.
z The digest snooping feature is not applicable to MST region edge ports.
Example
# Enable the digest snooping feature on Ethernet1/0/1 port in system view.

[Quidway] stp interface Ethernet 1/0/1 config-digest-snooping
1.1.19 stp interface cost
Syntax
stp interface interface-list [ instance instance-id ] cost cost

undo stp interface interface-list [ instance instance-id ] cost
View
System view
Parameter
instance-id: Spanning tree instance ID ranging from 0 to 16. A value of 0 specifies the
CIST.
cost: Port path cost to be set. This argument ranges from 1 to 200,000,000.
1-20
Description
Use the stp interface cost command to set the path cost(s) of the specified port(s) in a
specified spanning tree instance in system view.
Use the undo stp interface cost command to revert to the default path cost(s) of the
specified port(s) in the specified spanning tree instance in system view.
By default, a switch automatically calculates the path costs of a port in different
spanning tree instances based on a specified standard.
If you specify the instance-id argument to be 0 or do not specify this argument, the stp
interface cost command sets the path cost(s) of the specified port(s) in the CIST.
The path costs of a port in spanning tree instances affect the roles of the ports in the
spanning tree instances. By configuring different path costs for the same port in
different MSTIs, you can make flows of different VLANs traveling along different
physical links, so as to achieve VLAN-based load balancing. Changing the path cost of
a port in a spanning tree instance may change the role of the port in the instance and
put it in state transition.
The default port path cost differs with port speed. Refer to Table 1-4 for details.
Related command: stp cost.
Example
# Set the path cost of Ethernet1/0/3 port in spanning tree instance 2 to 400 in system
view.
[Quidway] stp instance 2 interface Ethernet 1/0/3 cost 400
1.1.20 stp interface edged-port
Syntax
stp interface interface-list edged-port { enable | disable }

undo stp interface interface-list edged-port
View
System view
Parameter
enable: Configures the specified Ethernet ports to be edge ports.
1-21
disable: Configures the specified Ethernet ports to be non-edge ports.
Description
Use the stp interface edged-port enable command to configure the specified
Ethernet port(s) as edge ports in system view.
Use the stp interface edged-port disable command to configure the specified
Ethernet port(s) as non-edge ports in system view.
Use the undo stp interface edged-port command to restore the specified Ethernet
port(s) to their default states.
By default, all Ethernet ports of a switch are non-edge ports.
An edge port is a port that is directly connected to a user terminal instead of another
switch or a network segment. Rapid transition is applied to edge ports because, on
these ports, no loops can be incurred by network topology changes. You can enable a
port to transit to the forwarding state rapidly by setting it to an edge port. And you are
recommended to configure the Ethernet ports directly connected to user terminals as
edge ports to enable them to transit to the forwarding state rapidly.
Normally, configuration BPDUs cannot reach an edge port because the port is not
connected to another switch. But when the BPDU protection function is disabled on an
edge port, configuration BPDUs sent deliberately by a malicious user may reach the
port. If an edge port receives a BPDU, it turns to a non-edge port.
Related command: stp edged-port.
Caution:
Example
# Configure Ethernet1/0/3 port as an edge port in system view.

[Quidway] stp interface Ethernet 1/0/3 edged-port enable
1.1.21 stp interface loop-protection
Syntax
stp interface interface-list loop-protection
1-22
undo stp interface interface-list loop-protection
View
System view
Parameter
Description
Use the stp interface loop-protection command to enable the loop prevention
function in system view.
Use the undo stp interface loop-protection command to revert to the default state of
the loop prevention function in system view.
The loop prevention function is disabled by default.
Related command: stp loop-protection.
Caution:
one can be valid on the same port.
Example
# Enable the loop prevention function on Ethernet1/0/1 port.

[Quidway] stp interface Ethernet 1/0/1 loop-protection
1.1.22 stp interface mcheck
Syntax
stp [ interface interface-list ] mcheck
View
System view
1-23
Parameter
Description
Use the stp interface mcheck command to perform the mCheck operation on
specified port(s) in system view.
A port on an MSTP-enabled switch toggles to the STP-/RSTP-compatible mode
automatically if an STP-/RSTP-enabled switch is connected to it. But when the
STP-/RSTP-enabled switch is disconnected from the port, the port cannot toggle back
to the MSTP mode automatically. In this case, you can force the port to toggle to the
MSTP mode by performing the mCheck operation on the port.
Related command: stp mcheck, and stp mode.
Example
# Perform the mCheck operation for Ethernet1/0/3 port in system view.

[Quidway] stp interface Ethernet 1/0/3 mcheck
1.1.23 stp interface no-agreement-check
Syntax
stp interface interface-type interface-number no-agreement-check

undo stp interface interface-type interface-number no-agreement-check
View
System view
Parameter

Description
Use the stp interface no-agreement-check command to enable the rapid transition
feature on a specified port.
Use the undo stp interface no-agreement-check command to disable the rapid
transition feature on a specified port.
1-24
The rapid transition feature is disabled on any port by default.

Some manufactures' switches adopt proprietary spanning tree protocols that are
similar to RSTP in the way to implement rapid transition on designated ports. When a
switch of this kind operates as the upstream switch of an S3900 series switch running
MSTP, the upstream designated port fails to change their states rapidly.
The rapid transition feature is developed to avoid this case. When an S3900 series
switch running MSTP is connected in the upstream direction to a manufacture's switch
running proprietary spanning tree protocol, you can enable the rapid transition feature
on the ports of the S3900 series switch operating as the downstream switch. Among
these ports, those operating as the root ports will then send agreement packets to their
upstream ports after they receive proposal packets from the upstream designated ports,
instead of waiting for agreement packets from the upstream switch. This enables
designated ports of the upstream switch to change their states rapidly.
Related command: stp no-agreement-check.
Note:
z The rapid transition feature can be enabled on root ports or alternate ports only.
z If you configure the rapid transition feature on the designated port, the feature does
not take effect on the port.
Example
# Enable the rapid transition feature for Ethernet1/0/1 port.

[Quidway]stp interface Ethernet1/0/1 no-agreement-check
1.1.24 stp interface point-to-point
Syntax
stp interface interface-list point-to-point { force-true | force-false | auto }

undo stp interface interface-list point-to-point
View
System view
Parameter
1-25

force-true: Specifies that the links connected to the specified Ethernet ports are
point-to-point links.
force-false: Specifies that the links connected to the specified Ethernet ports are not
point-to-point links.
auto: Specifies to automatically determine whether or not the links connected to the
specified Ethernet ports are point-to-point links.
Description
Use the stp interface point-to-point command to specify whether the links connected
to the specified Ethernet ports are point-to-point links in system view.
Use the undo stp interface point-to-point command to restore the links connected to
the specified ports to their default link types, which are automatically determined by
MSTP.
If no keyword is specified in the stp interface point-to-point command, the auto
keyword is used by default, and so MSTP automatically determines the types of the
links connected to the specified ports.
The rapid transition feature is not applicable to ports on non-point-to-point links.
If an Ethernet port is the master port of an aggregated port or operates in full-duplex
mode, the link connected to the port is a point-to-point link.
You are recommended to let MSTP automatically determine the link types.
These two commands only apply to CIST and MSTIs. If you configure the link to which
a port is connected to be a point-to-point link (or a non-point-to-point link), the
configuration applies to all spanning tree instances (that is, the port is configured to
connect to a point-to-point link (or a non-point-to-point link) in all spanning tree
instances). If the actual physical link is not a point-to-point link and you configure the
link to which the port is connected to be a point-to-point link, loops may temporarily
occur.
Related command: stp point-to-point.
Example
# Configure the link connected to Ethernet1/0/3 port as a point-to-point link in system

view.
[Quidway] stp interface Ethernet 1/0/3 point-to-point force-true
1-26
1.1.25 stp interface port priority
Syntax
stp interface interface-list instance instance-id port priority priority

undo stp interface interface-list instance instance-id port priority
View
System view
Parameter
CIST.
priority: Port priority to be set. This argument ranges from 0 to 240 and must be a
multiple of 16 (such as 0, 16, and 32). The default port priority of a port in any spanning
tree instance is 128.
Description
Use the stp interface port priority command to set a port priority for the specified
ports in the specified spanning tree instance.
Use the undo stp interface port priority command to restore the specified ports to the
default port priority in the specified spanning tree instance.
If you specify the instance-id argument to be 0, these two commands apply to the port
priorities on the CIST. The role a port plays in a spanning tree instance is determined by
the port priority in the instance. A port on an MSTP-enabled switch can have different
port priorities and play different roles in different MSTIs. This enables packets of
different VLANs to be forwarded along different physical paths, so as to achieve load
balancing by VLANs. Changing port priorities results in port roles being re-determined
and may cause state transitions.
Related command: stp port priority.
Example
# Set the port priority of Ethernet1/0/3 port (with regard to spanning tree instance 2) to
16.
[Quidway] stp interface Ethernet 1/0/3 instance 2 port priority 16
1-27
1.1.26 stp interface root-protection
Syntax
stp interface interface-list root-protection

undo stp interface interface-list root-protection
View
System view
Parameter
Description
Use the stp interface root-protection command to enable the root protection function
on specified port(s).
Use the undo stp interface root-protection command to restore the root protection
function to the default state on specified port(s).
By default, the root protection function is disabled.
Configuration errors or attacks may result in configuration BPDUs with their priorities
higher than that of a root bridge, which causes new root bridge to be elected and
network topology jitter to occur. In this case, flows that should travel along high-speed
links may be led to low-speed links, and network congestion may occur.
You can avoid this by utilizing the root protection function. Ports with this function
enabled can only be kept as designated ports in all spanning tree instances. When a
port of this type receives configuration BPDUs with higher priorities, it changes to
Discarding state (rather than becomes a non-designated port) and stops forwarding
packets (as if it is disconnected from the link). It resumes the normal state if it does not
receive any configuration BPDUs with higher priorities for a specified period.
Related command: stp root-protection.
Caution:
1-28
Example
# Enable the root protection function on Ethernet1/0/1 port.

[Quidway] stp interface Ethernet 1/0/1 root-protection
1.1.27 stp interface transmit-limit
Syntax
stp interface interface-list transmit-limit packetnum

undo stp interface interface-list transmit-limit
View
System view
Parameter
packetnum: Also known as maximum transmitting speed, the maximum number of
configuration BPDUs a port can send in each Hello time. This argument ranges from 1
to 255 and defaults to 10.
Description
Use the stp interface transmit-limit command to set the maximum number of
configuration BPDUs each specified port can send in each Hello time.
Use the undo stp interface transmit-limit command to revert to the default maximum
number.
The larger the packetnum argument is, the more packets a port can transmit in each
Hello time. Configure the packetnum argument to a proper value to limit the number of
BPDUs a port can send in each Hello time to avoid MSTP from occupying too much
network resources when network topology jitter occur.
Related command: stp transmit-limit.
Example
# Set the maximum transmitting speed of Ethernet1/0/3 port to 15.

[Quidway] stp interface Ethernet 1/0/3 transmit-limit 15
1-29
1.1.28 stp loop-protection
Syntax
stp loop-protection
undo stp loop-protection
View
Ethernet port view
Parameter
None
Description
Use the stp loop-protection command to enable the loop prevention function on the
current port.
Use the undo stp loop-protection command to restore the loop prevention function to
the default state on the current port.
By default, the loop prevention function is disabled.
A switch maintains the states of the root port and other blocked ports by receiving and
processing BPDUs from the upstream switch. These BPDUs may get lost because of
network congestions and link failures. If a switch does not receive BPDUs from the
upstream switch for a certain period, the switch selects a new root port; the original root
port becomes a designated port; and the blocked ports transit to forwarding state. This
may cause loops in the network.
The loop prevention function suppresses loops. With this function enabled, if link
congestions or link failures happen, a root port becomes a designated port, and the port
state becomes discarding. The blocked port also becomes designated port and the port
state becomes discarding (do not forward packets), and thereby loops can be
prevented.
Example
# Enable the loop prevention function on Ethernet1/0/1 port.

[Quidway-Ethernet1/0/1] stp loop-protection
1-30
1.1.29 stp max-hops
Syntax
stp max-hops hops

undo stp max-hops
View
System view
Parameter
hops: Maximum hops to be set. This argument ranges from 1 to 40. The default
maximum hops value of an MST region is 20.
Description
Use the stp max-hops command to set the maximum hops for the MST region the
current switch belongs to.
Use the undo stp max-hops command to revert to the default maximum hops.
The maximum hops values configured on the region roots of the CIST and MSTIs in an
MST region limit the size of the MST region.
A configuration BPDU contains a field that maintains the remaining hops of the
configuration BPDU. And a switch discards the configuration BPDUs whose remaining
hops are 0. After a configuration BPDU reaches a root bridge of a spanning tree in a
MST region, the value of the remaining hops field in the configuration BPDU is
decreased by 1 every time the configuration BPDU passes a switch. Such a
mechanism disables the switches that are beyond the maximum hops from
participating in spanning tree generation, and thus limits the size of an MST region.
With such a mechanism, the maximum hops configured on the switch operating as the
root bridge of the CIST or an MSTI in a MST region becomes the network diameter of
the spanning tree, which limits the size of the spanning tree in the current MST region.
The switches that are not root bridges in the MST region adopt the maximum hops
settings of their root bridges.
Example
# Set the maximum hops of the current MST region to 35.

[Quidway] stp max-hops 35
1-31
1.1.30 stp mcheck
Syntax
stp mcheck
View
Parameter
None
Description
Use the stp mcheck command to perform the mCheck operation on the current port.
When a port on an MSTP-enabled upstream switch connects with an STP enabled
downstream switch, the port transits to the STP-compatible mode. But when the STP
enabled downstream switch is then replaced by an MSTP-enabled switch, the port
cannot automatically transit to the MSTP mode but remains in the STP-compatible
mode. In this case, you can force the port to transit to the MSTP mode by performing
the mCheck operation on the port.
Similarly, when a port on an RSTP-enabled upstream switch connects with an
STP-enabled downstream switch, the port transits to the STP-compatible mode. But
when the STP enabled downstream switch is then replaced by an MSTP-enabled
switch, the port cannot automatically transit to the MSTP mode but remains in the
STP-compatible mode. In this case, you can force the port to transit to the MSTP mode
by performing the mCheck operation on the port.
Related command: stp mode, stp interface mcheck.
Example
# Perform the mCheck operation for Ethernet1/0/1 port.

[Quidway-Ethernet1/0/1] stp mcheck
1.1.31 stp mode
Syntax
stp mode { stp | rstp | mstp }

undo stp mode
1-32
View
System view
Parameter
stp: Enables the STP-compatible mode.

mstp: Enables the MSTP mode.
rstp: Enables RSTP-compatible.
Description
Use the stp mode command to set the MSTP operation mode.
Use the undo stp mode command to revert to the default MSTP operation mode.
By default, a switch operates in MSTP mode.
To make a switch compatible with STP/RSTP, MSTP provides following three operation
modes:
STP-compatible mode, where a switch sends out STP BPDU packets
RSTP-compatible mode, where a switch sends out RSTP BPDU packets
MSTP mode, where a switch sends out MSTP BPDU packets
Related command: stp mcheck, stp, stp interface, and stp interface mcheck.
Example
# Configure the switch to operate in STP-compatible mode.

[Quidway] stp mode stp
1.1.32 stp no-agreement-check
Syntax
stp no-agreement-check
undo stp no-agreement-check
View
Ethernet port view
Parameter
None
1-33
Description
Use the stp no-agreement-check command to enable the rapid transition feature for a
port.
Use the stp no-agreement-check command to disable the rapid transition feature.
By default, the rapid transition feature is disabled on a port.
Some manufactures' switches adopt proprietary spanning tree protocols that are
similar to RSTP in the way to implement rapid transition on designated ports. When a
switch of this kind operates as the upstream switch of an S3900 series switch running
MSTP, the upstream designated port fails to change their states rapidly.
The rapid transition feature aims to resolve this problem. When an S3900 series switch
running MSTP is connected in the upstream direction to a manufacture's switch running
proprietary spanning tree protocol, you can enable the rapid transition feature on the
ports of the S3900 series switch operating as the downstream switch. Among these
ports, those operating as the root ports will then send agreement packets to their
upstream ports after they receive proposal packets from the upstream designated ports,
instead of waiting for agreement packets from the upstream switch. This enables
designated ports of the upstream switch to change their states rapidly.
Related command: stp interface no-agreement-check.
Note:
z The rapid transition feature can be enabled on root ports or alternate ports only.
z If you configure the rapid transition feature on the designated port, the feature does
not take effect on the port.
Example
# Enable the rapid transition feature for Ethernet1/0/1 port.

[Quidway]interface Ethernet1/0/1
[Quidway-Ethernet1/0/1]stp no-agreement-check
1.1.33 stp pathcost-standard
Syntax
stp pathcost-standard { dot1d-1998 | dot1t | legacy }

undo stp pathcost-standard
1-34
View
System view
Parameter
dot1d-1998: Uses the IEEE 802.1D-1998 standard to calculate the default path costs
of ports.
dot1t: Uses the IEEE 802.1t standard to calculate the default path costs of ports.
legacy: Uses the proprietary standard to calculate the default path costs of ports.
Description
Use the stp pathcost-standard command to set the standard to be used to calculate
the default path costs of the links connected to the switch.
Use the undo stp pathcost-standard command to specify to use the default standard.
By default, a switch uses the IEEE 802.1t standard to calculate the default path costs of
ports.
Table 1-4 Transmission speeds and the corresponding path costs
Transm Standard
Operation mode
ission 802.1D-1998 IEEE 802.1t defined by
(half-/full-duplex)
speed Private
0 - 65,535 200,000,000 200,000
Half-duplex/Full-duplex 100 200,000 2,000
10 Aggregated link 2 ports 95 1,000,000 1,800
Mbps Aggregated link 3 ports 95 666,666 1,600
Aggregated link 4 ports 95 500,000 1,400
Half-duplex/Full-duplex 19 200,000 200
100 Aggregated link 2 ports 15 100,000 180
Mbps Aggregated link 3 ports 15 66,666 160
Aggregated link 4 ports 15 50,000 140
Full-duplex 4 200,000 20
1,000 Aggregated link 2 ports 3 10,000 18
Mbps Aggregated link 3 ports 3 6,666 16
Aggregated link 4 ports 3 5,000 14
Full-duplex 2 200,000 2
10 Aggregated link 2 ports 1 1,000 1
Gbps Aggregated link 3 ports 1 666 1
Aggregated link 4 ports 1 500 1
1-35
Normally, when a port operates in full-duplex mode, the corresponding path cost is
slightly less than that when the port operates in half-duplex mode.
When calculating the path cost of an aggregated link, the 802.1D-1998 standard does
not take the number of the ports on the aggregated link into account, whereas the
802.1T standard does. The following formula is used to calculate the path cost of an
aggregated link:
Path cost = 200,000 / link transmission speed,
Where the link transmission speed is the sum of the speeds of the unblocked ports on
the aggregated link, which is measured in 100 Kbps.
Example
# Configure to use the IEEE 802.1D-1998 standard to calculate the default path costs
of ports.
[Quidway] stp pathcost-standard dot1d-1998
# Configure to use the IEEE 802.1t standard to calculate the default path costs of ports.
[Quidway] stp pathcost-standard dot1t
1.1.34 stp point-to-point
Syntax
stp point-to-point { force-true | force-false | auto }

undo stp point-to-point
View
Ethernet port view
Parameter
force-true: Specifies that the link connected to the current Ethernet port is a
point-to-point link.
force-false: Specifies that the link connected to the current Ethernet port is not a
point-to-point link.
auto: Specifies to automatically determine whether or not the link connected to the
current Ethernet port is a point-to-point link.
1-36
Description
Use the stp point-to-point command to specify whether the link connected to the
current Ethernet port is a point-to-point link.
Use the undo stp point-to-point command to restore the link connected to the current
Ethernet port to its default link type, which is automatically determined by MSTP.
If no keyword is specified in the stp point-to-point command, the auto keyword is
used by default, and so MSTP automatically determines the type of the link connected
to the current port.
The rapid transition feature is not applicable to ports on non-point-to-point links.
If an Ethernet port is the master port of an aggregation port or operates in full-duplex
mode, the link connected to the port is a point-to-point link.
You are recommended to let MSTP automatically determine the link types of ports.
These two commands only apply to CISTs and MSTIs. If you configure the link to which
a port is connected is a point-to-point link (or a non-point-to-point link), the configuration
applies to all spanning tree instances (that is, the port is configured to connect to a
point-to-point link [or a non-point-to-point link] in all spanning tree instances). If the
actual physical link is not a point-to-point link and you configure the link to which the
port is connected to be a point-to-point link, loops may temporarily occur.
Related command: stp interface point-to-point.
Example
# Configure the link connected to Ethernet1/0/3 port as a point-to-point link.

[Quidway-Ethernet1/0/3] stp point-to-point force-true
1.1.35 stp port priority
Syntax
stp [ instance instance-id ] port priority priority

undo stp [ instance instance-id ] port priority
View
Ethernet port view
Parameter
CIST.
1-37
port priority priority: Sets the port priority. The priority argument ranges from 0 to 240
and must be a multiple of 16 (such as 0, 16, and 32). The default port priority of a port in
any spanning tree instance is 128.
Description
Use the stp port priority command to set the port priority of the current port in the
specified spanning tree instance.
Use the undo stp port priority command to restore the current port to the default port
priority in the specified spanning tree instance.
If you specify the instance-id argument to be 0 or do not specify the argument, these
two commands apply to the port priorities on the CIST. The role a port plays in a
spanning tree instance is determined by the port priority in the instance. A port on a
MSTP-enabled switch can have different port priorities and play different roles in
different MSTIs. This enables packets of different VLANs to be forwarded along
different physical paths, so as to achieve load balancing by VLANs. Changing port
priorities result in port roles being re-determined and may cause state transitions.
Related command: stp interface port priority.
Example
# Set the port priority of Ethernet1/0/3 port in spanning tree instance 2 to 16.
[Quidway-Ethernet1/0/3] stp instance 2 port priority 16
1.1.36 stp priority
Syntax
stp [ instance instance-id ] priority priority

undo stp [ instance instance-id ] priority
View
System view
Parameter
CIST.
priority: Switch priority to be set. This argument ranges from 0 to 61,440 and must be a
multiple of 4,096 (such as 0, 4,096, and 8,192). There are totally 16 available switch
priorities.
1-38
Description
Use the stp priority command to set the priority of the switch in the specified spanning
tree instance.
Use the undo stp priority command to restore the switch to the default priority in the
specified spanning tree instance.
The default priority of a switch is 32,768.
The priorities of switches are used for spanning tree generation. Switch priorities are
spanning tree-specific. That is, you can set different priorities for the same switch in
different spanning tree instances.
If you do not specify the instance-id argument, the two commands apply to the CIST.
Example
# Set the priority of the switch in spanning tree instance 1 to 4,096.

[Quidway] stp instance 1 priority 4096
1.1.37 stp region-configuration
Syntax
stp region-configuration
undo stp region-configuration
View
System view
Parameter
None
Description
Use the stp region-configuration command to enter MST region view.

Use the undo stp region-configuration command to revert to the default MST
region-related settings.
MST region-related settings include: region name, revision level, and VLAN mapping
table. The three MST region-related settings default to:
z MST region name: The first MAC address of the switch
z VLAN mapping table: All VLANs are mapped to the CIST.
z MSTP revision level: 0
1-39
And you can modify the three settings after entering MST region view by using the stp
region-configuration command.
Example
# Enter MST region view.

[Quidway-mst-region]
1.1.38 stp root primary
Syntax
stp [ instance instance-id ] root primary [ bridge-diameter bridgenum ] [ hello-time

centi-seconds ]
undo stp [ instance instance-id ] root
View
System view
Parameter
CIST.
bridgenum: Network diameter of the specified spanning tree. This argument ranges
centi-seconds: Hello time (in centiseconds) of the specified spanning tree. This
argument ranges from 100 to 1,000 and defaults to 200.
Description
Use the stp root primary command to configure the current switch as the root bridge
of a specified spanning tree instance.
Use the undo stp root command to cancel the current configuration.
By default, a switch is not configured as a root bridge.
If you do not specify the instance-id argument, these two commands apply to the CIST.
You can specify the current switch as the root bridge of a spanning tree instance
regardless of the priority of the switch. You can also specify the network diameter of the
switched network by using the stp root primary command. The switch will then figure
out the following three time parameters: Hello time, Forward delay, and Max age. As
the Hello time figured out by the network diameter is not always the optimal one, you
can set it manually through the hello-time centi-seconds parameter. Normally, you are
1-40
recommended to set the network diameter and leave the Forward delay and Max age
parameters being automatically determined by the network diameter you set.
Caution:
z You can configure only one root bridge for a spanning tree instance and can
configure one or more secondary root bridges for a spanning tree instance.
Configuring multiple root bridges for a spanning tree instance causes unpredictable
spanning tree computing results.
z Once a switch is configured as the root bridge or a secondary root bridge, its priority
cannot be modified.
Example
# Configure the current switch as the root bridge of spanning tree instance 1, setting the
network diameter of the switched network to 4, and the Hello time to 500 centiseconds.
[Quidway] stp instance 1 root primary bridge-diameter 4 hello-time 500
1.1.39 stp root secondary
Syntax
stp [ instance instance-id ] root secondary [ bridge-diameter bridgenum ]

[ hello-time centi-seconds ]
undo stp [ instance instance-id ] root
View
System view
Parameter
CIST.
bridgenum: Network diameter of the specified spanning tree. This argument ranges
centi-seconds: Hello time in centiseconds of the specified spanning tree. This argument
ranges from 100 to 1,000 and defaults to 200.
1-41
Description
Use the stp root secondary command to configure the current switch as a secondary
root bridge of a specified spanning tree instance.
Use the undo stp root command to cancel the current configuration.
By default, a switch does not operate as a secondary root bridge.
If you do not specify the instance-id argument, these two commands apply to the CIST.
You can configure one or more secondary root bridges for a spanning tree instance. If
the switch operating as the root bridge fails or is turned off, the secondary root bridge
with the least MAC address becomes the root bridge.
You can also specify the network diameter and the Hello time of the switch that you are
configuring as a secondary root bridge. The switch will then figures out the other two
time parameters: Forward delay and Max age. You can configure only one root bridge
for a spanning tree instance but you can configure one or more secondary root bridges
for a spanning tree instance. Once a switch is configured as the root bridge or a
secondary root bridge, its priority cannot be modified.
Example
# Configure the current switch as a secondary root bridge of spanning tree instance 4,
setting the network diameter of the switched network to 5 and the Hello time to 300
centiseconds.
[Quidway] stp instance 4 root secondary bridge-diameter 5 hello-time 300
1.1.40 stp root-protection
Syntax
stp root-protection
undo stp root-protection
View
Ethernet port view
Parameter
None
Description
Use the stp root-protection command to enable the root protection function on the
current port.
1-42
Use the undo stp root-protection command to restore the root protection function to
the default state on the current port.
By default, the root protection function is disabled.
Configuration errors or attacks may result in configuration BPDUs with their priorities
higher than that of a root bridge, which causes new root bridge to be elected and
network topology jitter to occur. In this case, flows that are to travel along high-speed
links may be led to low-speed links, and network congestion may occur.
You can avoid this by utilizing the root protection function. Ports with this function
enabled can only be kept as designated ports in all spanning tree instances. When a
port of this type receives configuration BPDUs with higher priorities, it changes to
Discarding state (rather than becomes a non-designated port) and stops forwarding
packets (as if it is disconnected from the link). It resumes the normal state if it does not
receive any configuration BPDUs with higher priorities for a specified period.
Related command: stp interface root-protection.
Example
# Enable the root protection function on Ethernet1/0/1 port.

[Quidway-Ethernet1/0/1] stp root-protection
1.1.41 stp tc-protection
Syntax
stp tc-protection enable

stp tc-protection disable
View
System view
Parameter
None
Description
Use the stp tc-protection enable command to enable the TC-BPDU prevention
function.
Use the stp tc-protection disable command to disable the TC-BPDU prevention
function.
By default, the TC-BPDU prevention function is enabled.
1-43
A switch removes MAC address entries and ARP entries upon receiving TC-BPDUs. If
a malicious user sends a large amount of TC-BPDUs to a switch in a short period, the
switch may busy itself in removing MAC address entries and ARP entries, which may
decreases the performance and stability of the switch.
With the TC-BPDU prevention function enabled, a switch performs only one removing
operation in a specified period (it is 10 seconds by default) after it receives a TC-BPDU.
The switch also checks to see if other TC-BPDUs arrive in this period and performs
another removing operation in the next period if a TC-BPDU is received. Such a
mechanism prevents a switch from being busying itself in performing removing
operations.
Example
# Enable the TC-BPDU prevention function on the switch.

[Quidway] stp tc-protection enable
1.1.42 stp timer forward-delay
Syntax
stp timer forward-delay centi-seconds

undo stp timer forward-delay
View
System view
Parameter
centi-seconds: Forward delay in centiseconds to be set. This argument ranges from

400 to 3,000 and defaults to 1,500.
Description
Use the stp timer forward-delay command to set the Forward delay of the switch.
Use the undo stp timer forward-delay command to revert to the default Forward
delay.
To prevent the occurrence of temporary loops, when a port changes its state from
discarding to forwarding, it undergoes an intermediate state and waits for a specific
period to synchronize with the remote switches. This state transition period is
determined by the Forward delay configured on the root bridge.
The Forward delay setting configured on a root bridge applies to all switches operating
in the same spanning tree instance.
1-44
As for the configuration of the three time-related parameters (that is, the Hello time,
Forward delay, and Max age parameters), the following formulas must be met to
prevent network jitter.
2 x (Forward delay – 1 second) >= Max age
Max age >= 2 x (Hello time + 1 second)
You are recommended to specify the network diameter of the switched network and the
Hello time by using the stp root primary or stp root secondary command. After that,
the three proper time-related parameters are automatically determined.
Related command: stp timer hello, stp timer max-age, and stp bridge-diameter.
Example
# Set the Forward delay to 2,000 centiseconds.

[Quidway] stp timer forward-delay 2000
1.1.43 stp timer hello
Syntax
stp timer hello centi-seconds

undo stp timer hello
View
System view
Parameter
centi-seconds: Hello time in centiseconds to be set. This argument ranges from 100 to
1,000 and defaults to 200.
Description
Use the stp timer hello command to set the Hello time of the switch.
Use the undo stp timer hello command to revert to the default Hello time.
A root bridge regularly sends out configuration BPDUs to maintain the existing
spanning trees. The Hello time is used to set the sending interval. When a switch
becomes a root bridge, it regularly sends BPDUs at the interval specified by the hello
time you have configured on it. While, the other none-root-bridge switches listen to the
BPDUs; if they do not receive a BPDU in a specific period, spanning trees will be
regenerated.
1-45
2 * (Forward delay – 1 second) >= Max age
Max age >= 2 * (Hello time + 1 second)
Hello time by using the stp root primary or stp root secondary command. After that,
the three proper time-related parameters are automatically determined.
Related command: stp timer forward-delay, stp timer max-age, and stp
bridge-diameter.
Example
# Set the Hello time to 400 centiseconds.

[Quidway] stp timer hello 400
1.1.44 stp timer max-age
Syntax
stp timer max-age centi-seconds

undo stp timer max-age
View
System view
Parameter
centi-seconds: Max age in centiseconds to be set. This argument ranges from 600 to
4,000 and defaults to 2,000.
Description
Use the stp timer max-age command to set the Max age of the switch.
Use the undo stp timer max-age command to revert to the default Max age.
MSTP is capable of detecting link problems and automatically restoring redundant links
to forwarding state. In CIST, switches use the Max age parameter to judge whether or
not a received configuration BPDU times out. And spanning trees will be regenerated if
a configuration BPDU received by a port times out.
The Max age is meaningless to MSTIs. The Max age configured for the root bridge of
the CIST applies to all switches operating on the CIST, including the root bridge.
1-46
2 * (Forward delay – 1 second) >= Max age,
Max age >= 2 * (Hello time + 1 second).
Hello time parameter by using the stp root primary or stp root secondary command.
After that, the three proper time-related parameters are automatically determined.
Related command: stp timer forward-delay, stp timer hello, and stp
bridge-diameter.
Example
# Set the Max age to 1,000 centiseconds.

[Quidway] stp timer max-age 1000
1.1.45 stp timer-factor
Syntax
stp timer-factor number

undo stp timer-factor
View
System view
Parameter
number: Hello time factor. This argument ranges from 1 to 10 and defaults to 3.
Description
Use the stp timer-factor command to set the timeout time of MSTP protocol packets
on a switch in the form of a multiple of the Hello time. For example, with the number
argument set to 3, the timeout time is three times of the Hello time.
Use the undo stp timer-factor command to revert to the default Hello time factor.
A switch regularly sends protocol packets to its neighboring devices at the interval
specified by the Hello time parameter to test the links. Normally, a switch regards its
upstream switch faulty if the former does receive any protocol packets from the latter in
a period three times of the Hello time and then initiates the spanning tree regeneration
process.
1-47
Spanning trees may be regenerated even in a steady network if an upstream switch

continues to be busy. You can configure the timeout time factor to a larger number to
avoid this. Normally, the timeout time can be four (or more) times of the Hello time. For
a steady network, the timeout time can be five to seven times of the Hello time.
Example
# Set the Hello time factor to 7.

[Quidway] stp timer-factor 7
1.1.46 stp transmit-limit
Syntax
stp transmit-limit packetnum

undo stp transmit-limit
View
Ethernet port view
Parameter
packetnum: Maximum number of configuration BPDUs a port can transmit in each

Hello time. This argument ranges from 1 to 255 and defaults to 10.
Description
Use the stp transmit-limit command to set the maximum number of configuration
BPDUs the current port can transmit in each Hello time.
Use the undo stp transmit-limit command to revert to the default maximum number.
A larger number configured by the stp transmit-limit command allows more
configuration BPDUs can be transmitted in each Hello time, which may occupy more
switch resources. So configure it to a proper value to avoid MSTP from occupying too
many network resources.
Related command: stp interface transmit-limit.
Example
# Set the maximum number of configuration BPDUs that can be transmitted by the
Ethernet1/0/1 port in each Hello time to 15.
[Quidway-Ethernet1/0/1] stp transmit-limit 15
1-48
1.1.47 vlan-mapping modulo
Syntax
vlan-mapping modulo modulo
View
MST region view
Parameter
modulo: Modulo ranging from 1 to 16.
Description
Use the vlan-mapping modulo command to map VLANs to specific spanning tree
instances.
By default, all VLANs in a network are mapped to the CIST (spanning tree instance 0).
MSTP uses a VLAN mapping table to describe VLAN-to-spanning-tree-instance
mappings. You can use this command to establish the VLAN mapping table and to map
VLANs to specific spanning tree instances.
Note that a VLAN cannot be mapped to multiple different spanning tree instances at the
same time. A VLAN-to-spanning-tree-instance mapping becomes invalid when you
map the VLAN to another spanning tree instance.
Note:
You can map VLANs to specific spanning tree instances quickly by using the
vlan-mapping modulo modulo command. The ID of the spanning tree instance to
which a VLAN is mapped can be figured out by using the following expression:
(VLAN ID-1) % modulo + 1,
Where (VLAN ID-1) % modulo yields the module of (VLAN ID-1) with regards to modulo.
For example, if you set the modulo argument to 16, then VLAN 1 is mapped to spanning
tree instance 1, VLAN 2 is mapped to spanning tree instance 2, …, VLAN 16 is mapped
to spanning tree instance 16, VLAN 17 is mapped to spanning tree instance 1, and so
on.
Related command: check region-configuration, revision-level, region-name, and

active region-configuration.
Example
# Map VLANs to spanning tree instances, with the modulo being 16.
1-49

[Quidway-mst-region] vlan-mapping modulo 16
1-50
Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 2 BPDU Tunnel Configuration Commands
Chapter 2 BPDU Tunnel Configuration Commands
2.1 BPDU Tunnel Configuration Commands

2.1.1 vlan-vpn tunnel
Syntax
vlan-vpn tunnel
undo vlan-vpn tunnel
View
System view
Parameter
None
Description
Use the vlan-vpn tunnel command to enable the BPDU Tunnel function for a switch.
Use the undo vlan-vpn tunnel command to disable the BPDU Tunnel function.
The BPDU Tunnel function enables BPDUs to be transparently transmitted between
geographically dispersed user networks through specified VLAN VPNs in operator’s
networks, through which spanning trees can be generated across these user networks
and are independent of those of the operator’s network.
By default, the BPDU Tunnel function is disabled.
Note:
z The BPDU Tunnel function can only be enabled on devices with STP employed.
z The BPDU Tunnel function can only be enabled on access ports.
z To enable the BPDU Tunnel function, make sure the links between operator’s
networks are trunk links.
z If a fabric port exists on a switch, you cannot enable the VLAN-VPN function for any
port of the switch.
z As the VLAN-VPN function is unavailable on ports with 802.1x, GVRP, GMRP, STP,
or NTDP employed, the BPDU Tunnel function is not applicable to these ports.
2-1
Example
# Enable the BPDU Tunnel function for the switch.

[Quidway] vlan-vpn tunnel
2-2
Command Manual – Routing Protocol
Table of Contents
Chapter 1 Static Route Configuration Commands .................................................................... 1-1

1.1 Routing Table Monitoring Commands ............................................................................... 1-1
1.1.1 display ip routing-table ............................................................................................ 1-1
1.1.2 display ip routing-table acl....................................................................................... 1-2
1.1.3 display ip routing-table ip-address .......................................................................... 1-5
1.1.4 display ip routing-table ip-address1 ip-address2 .................................................... 1-7
1.1.5 display ip routing-table ip-prefix .............................................................................. 1-8
1.1.6 display ip routing-table protocol ............................................................................ 1-10
1.1.7 display ip routing-table radix ................................................................................. 1-11
1.1.8 display ip routing-table statistics ........................................................................... 1-12
1.1.9 display ip routing-table verbose ............................................................................ 1-13
1.2 Static Route Configuration Commands ........................................................................... 1-14
1.2.1 delete static-routes all ........................................................................................... 1-14
1.2.2 ip route-static......................................................................................................... 1-15
Chapter 2 RIP Configuration Commands.................................................................................... 2-1

2.1 RIP Configuration Commands ........................................................................................... 2-1
2.1.1 checkzero ................................................................................................................ 2-1
2.1.2 default cost .............................................................................................................. 2-2
2.1.3 display rip ................................................................................................................ 2-2
2.1.4 display rip interface ................................................................................................. 2-3
2.1.5 display rip routing .................................................................................................... 2-4
2.1.6 filter-policy export .................................................................................................... 2-5
2.1.7 filter-policy import .................................................................................................... 2-6
2.1.8 host-route ................................................................................................................ 2-8
2.1.9 import-route ............................................................................................................. 2-8
2.1.10 network.................................................................................................................. 2-9
2.1.11 peer ..................................................................................................................... 2-10
2.1.12 preference ........................................................................................................... 2-11
2.1.13 reset .................................................................................................................... 2-12
2.1.14 rip ........................................................................................................................ 2-12
2.1.15 rip authentication-mode....................................................................................... 2-13
2.1.16 rip input................................................................................................................ 2-15
2.1.17 rip metricin........................................................................................................... 2-15
2.1.18 rip metricout......................................................................................................... 2-16
2.1.19 rip output ............................................................................................................. 2-17
2.1.20 rip split-horizon .................................................................................................... 2-18
2.1.21 rip version............................................................................................................ 2-19
i
2.1.22 rip work................................................................................................................ 2-20

2.1.23 summary.............................................................................................................. 2-20
2.1.24 timers................................................................................................................... 2-21
2.1.25 traffic-share-across-interface .............................................................................. 2-22
Chapter 3 OSPF Configuration Commands................................................................................ 3-1

3.1 OSPF Configuration Commands ....................................................................................... 3-1
3.1.1 abr-summary ........................................................................................................... 3-1
3.1.2 area ......................................................................................................................... 3-2
3.1.3 asbr-summary ......................................................................................................... 3-3
3.1.4 authentication-mode................................................................................................ 3-4
3.1.5 default cost .............................................................................................................. 3-5
3.1.6 default interval ......................................................................................................... 3-5
3.1.7 default limit .............................................................................................................. 3-6
3.1.8 default tag................................................................................................................ 3-7
3.1.9 default type.............................................................................................................. 3-8
3.1.10 default-cost............................................................................................................ 3-8
3.1.11 default-route-advertise .......................................................................................... 3-9
3.1.12 display debugging ospf ....................................................................................... 3-11
3.1.13 display ospf abr-asbr........................................................................................... 3-11
3.1.14 display ospf asbr-summary ................................................................................. 3-12
3.1.15 display ospf brief ................................................................................................. 3-13
3.1.16 display ospf cumulative ....................................................................................... 3-15
3.1.17 display ospf error................................................................................................. 3-17
3.1.18 display ospf interface .......................................................................................... 3-19
3.1.19 display ospf lsdb.................................................................................................. 3-21
3.1.20 display ospf nexthop ........................................................................................... 3-23
3.1.21 display ospf peer ................................................................................................. 3-24
3.1.22 display ospf request-queue ................................................................................. 3-27
3.1.23 display ospf retrans-queue.................................................................................. 3-28
3.1.24 display ospf routing ............................................................................................. 3-30
3.1.25 display ospf vlink ................................................................................................. 3-31
3.1.26 filter-policy export ................................................................................................ 3-32
3.1.27 filter-policy import ................................................................................................ 3-33
3.1.28 import-route ......................................................................................................... 3-34
3.1.29 log-peer-change .................................................................................................. 3-35
3.1.30 multi-path-number ............................................................................................... 3-36
3.1.31 network................................................................................................................ 3-36
3.1.32 nssa..................................................................................................................... 3-37
3.1.33 ospf...................................................................................................................... 3-38
3.1.34 ospf authentication-mode.................................................................................... 3-39
3.1.35 ospf cost .............................................................................................................. 3-40
3.1.36 ospf dr-priority ..................................................................................................... 3-40
ii
3.1.37 ospf mib-binding .................................................................................................. 3-41

3.1.38 ospf mtu-enable .................................................................................................. 3-42
3.1.39 ospf network-type................................................................................................ 3-43
3.1.40 ospf timer dead.................................................................................................... 3-44
3.1.41 ospf timer hello .................................................................................................... 3-45
3.1.42 ospf timer poll ...................................................................................................... 3-45
3.1.43 ospf timer retransmit ........................................................................................... 3-46
3.1.44 ospf trans-delay................................................................................................... 3-47
3.1.45 peer ..................................................................................................................... 3-48
3.1.46 preference ........................................................................................................... 3-48
3.1.47 reset ospf............................................................................................................. 3-49
3.1.48 router id ............................................................................................................... 3-50
3.1.49 silent-interface ..................................................................................................... 3-51
3.1.50 snmp-agent trap enable ospf .............................................................................. 3-52
3.1.51 spf-schedule-interval ........................................................................................... 3-53
3.1.52 stub...................................................................................................................... 3-54
3.1.53 vlink-peer............................................................................................................. 3-54
Chapter 4 IP Routing Policy Configuration Commands............................................................ 4-1

4.1 IP Routing Policy Configuration Commands ..................................................................... 4-1
4.1.1 apply cost ................................................................................................................ 4-1
4.1.2 apply tag.................................................................................................................. 4-2
4.1.3 display ip ip-prefix ................................................................................................... 4-2
4.1.4 display route-policy ................................................................................................. 4-3
4.1.5 if-match acl ............................................................................................................. 4-4
4.1.6 if-match cost ............................................................................................................ 4-5
4.1.7 if-match interface..................................................................................................... 4-6
4.1.8 if-match ip next-hop................................................................................................. 4-7
4.1.9 if-match tag.............................................................................................................. 4-8
4.1.10 ip ip-prefix.............................................................................................................. 4-8
4.1.11 route-policy.......................................................................................................... 4-10
Chapter 5 Route Capacity Configuration Commands ............................................................... 5-1

5.1 Route Capacity Configuration Commands ........................................................................ 5-1
5.1.1 display memory ....................................................................................................... 5-1
5.1.2 display memory limit................................................................................................ 5-2
5.1.3 memory auto-establish disable ............................................................................... 5-3
5.1.4 memory auto-establish enable ................................................................................ 5-4
5.1.5 memory safety | limit .............................................................................................. 5-5
iii
Command Manual – Routing Protocol Chapter 1 Static Route Configuration
Chapter 1 Static Route Configuration Commands
Note:
When running a routing protocol, the Ethernet switch also functions as a router. The
words “router” and the router icons covered in the following text represent routers in
common sense and Ethernet switches running a routing protocol. To improve
readability, this will not be mentioned again in this manual.
This manual deals with the S3900-EI series switches. The ospf, ospf-ase, and
ospf-nssa commands are supported by the S3900-EI series, but not supported by any
other S3900 switch. This will not be mentioned again in this manual.
1.1 Routing Table Monitoring Commands

1.1.1 display ip routing-table
Syntax
display ip routing-table
View
Any view
Parameter
None
Description
Use the display ip routing-table command to display the routing table summary.
This command displays the summary of the routing table. Each line represents one
route, containing destination address/mask length, protocol, preference, cost, next hop,
and output interface.
This command displays only the currently used routes, that is, the optimal routes.
Example
# Display the summary of the current routing table.

<Quidway> display ip routing-table
Routing Table: public net
1-1

127.0.0.0/8 DIRECT 0 0 127.0.0.1
InLoopBack0
127.0.0.1/32 DIRECT 0 0 127.0.0.1
InLoopBack0
Table 1-1 Description on the fields of the display ip routing-table command
Field Description
Destination/Mask Destination address/mask length
Protocol Routing protocol

Pre Route preference
Cost Route cost

Output interface, through which the data
Interface packets destined for the destination
network segment are sent
1.1.2 display ip routing-table acl
Syntax
display ip routing-table acl acl-number [ verbose ]
View
Any view
Parameter
acl-number: Basic access control list (ACL) number, ranging from 2000 to 2999.
verbose: With this argument, this command displays the verbose information of both
active and inactive routes that filtered through the specified ACL. Without this argument,
this command only displays the summary of the active routes that filtered through the
specified ACL.
1-2
Description
Use the display ip routing-table acl command to display the routes that filtered
through a specific basic ACL.
This command is used to track and display the results of route policy. It displays and
only displays the routes that filtered through the basic ACL you specified by an ACL
number.
Example
# Display the summary of the active routes that filtered through basic acl 2000.
[Quidway-acl-basic-2000] display ip routing-table acl 2000
Summary count: 2
10.1.1.2/32 DIRECT 0 0 127.0.0.1
InLoopBack0
For detailed description of the output information, see Table 1-1.

# Display the verbose information of the active and inactive routes that filtered through
basic acl 2000.
<Quidway> display ip routing-table acl 2000 verbose

Age: 35:37:03 Cost: 0/0

Age: 35:37:03 Cost: 0/0
1-3
Table 1-2 Description on the fields of the display ip routing-table acl command
Field Description
Destination Destination address
Mask Mask
Protocol Routing protocol
Preference Routing preference
Output interface, through which the data packets destined for the
Interface
destination network segment are sent
State Route state description:
This is an active unicast route.
ActiveU
"U" means "unicast".
Blackhole route is similar to

Reject route, except that a
Blackhole Blackhole route sends no ICMP
unreachable message to the
source end.
Delete The route is deleted
The route is not directly
Gateway
reachable.
The route is hidden. That is, the
route exists, but it is hidden
because it is unavailable for the
moment due to some reason
Hidden
(e.g., a configured policy or a
down interface) and is not
expected to be deleted, and it
can be restored later.
Holddown is a route
redistribution policy adopted by
some distance-vector (D-V)
routing protocols such as RIP.
Through Holddown, a routing
protocol can avoid the flooding
of error routes and deliver route
Holddown unreachable messages
accurately. It redistributes a
certain route every a period of
time regardless of whether the
actually found routes destined
for the same destination
change. For more details, refer
to the specific routing protocols.
The route is discovered by
Int
interior gateway protocol (IGP).
1-4
Field Description
The routing protocol does not
redistribute NoAdvise route
NoAdvise
when it redistributes routes
based on the policy.
Normally, the routing protocol
selects the route with the
highest preference from its
routing table, places it in its core
NotInstall routing table, and redistributes
it. Although the NotInstall route
cannot be placed in the core
routing table, it is possibly that it
is selected and redistributed.
Unlike the normal routes, the
Reject route will discard the
packets that select it as their
Reject route, and the router will send
ICMP unreachable message to
the source end. Reject route is
usually used for the network test
When the routes from the
routing table are deleted, the
routes with Retain flag will not
Retain be deleted. Using this function
you can set Retain flag for some
static routes, so that they can
exist in the core routing table.
The route with Static flag will not
be cleared from the routing table
after you save it and reboot the
Static
router. Generally, the static
route configured manually in the
router belongs to a Static route.
Unicast Unicast route
Age Time to live, in the format of hour/minute/second (hh:mm:ss).
Cost Value of the cost
1.1.3 display ip routing-table ip-address
Syntax
display ip routing-table ip-address [ mask ] [ longer-match ] [ verbose ]
View
Any view
1-5
Parameter

mask: IP address mask, length in dotted decimal notation or expressed as an integer. It
ranges from 0 to 32 when expressed as an integer.
longer-match: Specifies all the routes that lead to the destination address and match
the specified mask. If you do not specify the mask argument, those that match the
natural mask are specified.
verbose: With the verbose argument specified, this command displays the verbose
information of both the active and inactive routes. Without the argument specified, this
command only displays the summary of active routes.
Description
Use the display ip routing-table ip-address command to display the routing

information of the specified destination address.
With different arguments provided, the command output is different. The following is the
command output with different arguments provided:
z display ip routing-table ip-address
If the destination address ip-address corresponds to a route in the natural mask range,
this command displays the route that is the longest match of the destination address
ip-address and is active.
z display ip routing-table ip-address mask
This command only displays the routes exactly matching the specified destination
address and mask.
z display ip routing-table ip-address longer-match
This command displays all destination address routes matching the specified
destination address in the natural mask range.
z display ip routing-table ip-address mask longer-match
This command displays all destination address routes matching the specified
destination address in the specified mask range.
Example
# There is a corresponding route in the natural mask range. Display the summary.
169.0.0.0/16 Static 60 0 2.1.1.1 LoopBack1

# There is no corresponding route (only the longest matching route is displayed) in the
natural mask range. Display the summary.
1-6

169.0.0.0/8 Static 60 0 2.1.1.1 LoopBack1
# There are corresponding routes in the natural mask range. Display detailed
information.
Routing tables:
Summary count: 1
Protocol: #STATIC Preference: 60
Vlinkindex: 0
State: <Int ActiveU Gateway Static Unicast>
Age: 4:49 Cost: 0/0 Tag: 0
# There is no corresponding route in the natural mask range (only the longest matched
route is displayed). Display the detailed information.
Routing Tables:
Summary count:1
Protocol: #Static Preference: -60
Vlinkindex: 0
Age: 3:47 Cost: 0/0 Tag: 0
1.1.4 display ip routing-table ip-address1 ip-address2
Syntax
display ip routing-table ip-address1 mask1 ip-address2 mask2 [ verbose ]
View
Any view
Parameter
ip-address1, ip-address2: Destination IP address in dotted decimal notation.

ip-address1, mask1 and ip-address2, mask2 determine one address range
together. .ip-address1 ANDed with mask1 specifies the start of the range, while
1-7
ip-address2 ANDed with mask2 specifies the end. This command displays the route in
this address range.
mask1, mask2: IP address mask, length in dotted decimal notation or expressed as an
integer. It ranges from 0 to 32 when expressed as an integer.
verbose: With the verbose argument provided, this command displays the verbose
information of both active and inactive routes. Without this argument provided, this
command displays the summary of active routes only.
Description
Use the display ip routing-table ip-address1 ip-address2 command to display the

route information in the specified destination address range.
Example
# Display the routing information of destination addresses ranging from 1.1.1.0 to

2.2.2.0.
<Quidway>display ip routing-table 1.1.1.0 24 2.2.2.0 24
Routing tables:
Summary count: 3
1.1.5 display ip routing-table ip-prefix
Syntax
display ip routing-table ip-prefix ip-prefix-name [ verbose ]
View
Any view
Parameter
ip-prefix-name: ip-prefix list name.

verbose: With this argument provided, this command displays the verbose information
of both the active and inactive routes that filtered through the rules. Without this
argument provided, this command displays the summary of the active routes that
filtered through the rules.
1-8
Description
Use the display ip routing-table ip-prefix command to display the routes that filtered
through a specific ip-prefix list.
This command is mainly used to track and display the results of route policy. It displays
and only displays the routes that filtered through the ip-prefix list you specified.
If the specified ip-prefix list does not exist, with the verbose argument provided, this
command displays the verbose information of all active and inactive routes; without the
verbose argument provided, this command display the summary of active routes only.
Example
# Display the summary of the active route that filtered through ip-prefix list abc2, which
permits the routes with a prefix of 10.1.1.0 and a mask length ranging 24 to 32.
[Quidway] ip ip-prefix abc2 permit 10.1.1.0 24 less-equal 32
[Quidway] display ip routing-table ip-prefix abc2
Summary count: 2

# Display the verbose information of the active and inactive routes that filtered through
ip-prefix list abc2.
[Quidway] display ip routing-table ip-prefix abc2 verbose
Summary count: 2
Vlinkindex: 0
Age: 3:23:44 Cost: 0/0 Tag: 0

Vlinkindex: 0
Age: 3:23:44 Cost: 0/0 Tag: 0
1-9
1.1.6 display ip routing-table protocol
Syntax
display ip routing-table protocol protocol [ inactive | verbose ]
View
Any view
Parameter
protocol: You can provide one of the following values for this argument.
z direct: Displays direct-connect route information
z static: Displays static route information.
z ospf: Displays OSPF route information.
z ospf-ase: Displays OSPF ASE route information.
z ospf-nssa: Displays OSPF NSSA route information.
z rip: Displays RIP route information.
inactive: With this argument provided, this command displays the inactive route
information. Without this argument provided, this command displays both active and
inactive route information.
verbose: With this argument provided, this command displays the verbose route
information. Without this argument provided, this command displays route summary
only.
Description
Use the display ip routing-table protocol command to display the route information
of a specific protocol.
Example
# Display the summary of all direct-connect routes.

<Quidway> display ip routing-table protocol direct
DIRECT Routing tables:
Summary count: 4
DIRECT Routing tables status:<active>:
Summary count: 3
DIRECT Routing tables status:<inactive>:
Summary count: 1
1-10
# Display the static routing table.

<Quidway> display ip routing-table protocol static
STATIC Routing tables:
Summary count: 1
STATIC Routing tables status:<active>:
Summary count: 0
STATIC Routing tables status:<inactive>:
Summary count: 1
1.2.3.0/24 STATIC 60 0 1.2.4.5 Vlan-interface10
1.1.7 display ip routing-table radix
Syntax
display ip routing-table radix
View
Any view
Parameter
None
Description
Use the display ip routing-table radix command to display the route information in a
tree structure.
Example
<Quidway> display ip routing-table radix

Radix tree for INET (2) inodes 7 routes 5:
+-32+--{210.0.0.1
+--0+
| | +--8+--{127.0.0.0
| | | +-32+--{127.0.0.1
| +--1+
| +--8+--{20.0.0.0
| +-32+--{20.1.1.1
1-11
Table 1-3 Description on the fields of the display ip routing-table radix command
Field Description
INET Address suite
inodes Number of nodes
routes Number of routes
1.1.8 display ip routing-table statistics
Syntax
display ip routing-table statistics
View
Any view
Parameter
None
Description
Use the display ip routing-table statistics command to display the integrated routing
information.
The integrated routing information includes the total number of routes, the number of
active routes, the number of routes added by protocols, and the number of routes
deleted.
Example
# Display the integrated route information.

<Quidway> display ip routing-table statistics
Routing tables:
Proto route active added deleted
DIRECT 24 4 25 1
STATIC 4 1 4 0
RIP 0 0 0 0
OSPF 0 0 0 0
O_ASE 0 0 0 0
O_NSSA 0 0 0 0
Total 28 5 29 1
1-12
Table 1-4 Description on the fields of the display ip routing-table statistics

command
Field Description
Routing protocol. O_ASE stands for
OSPF_ASE routes; O_NSSA stands for
Proto
OSPF NSSA routes; AGGRE stands for
aggregated routes.
route Number of routes
active Number of active routes
Number of routes added after the router
added is rebooted or the routing table is cleared
last time.
Number of routes deleted (Such routes
deleted
will be freed in a period of time)
Total number of the different kinds of
Total
routes.
1.1.9 display ip routing-table verbose
Syntax
display ip routing-table verbose
View
Any view
Parameter
None
Description
Use the display ip routing-table verbose command to display the verbose routing
table information.
With the verbose argument provided, this command displays the verbose routing table
information. The descriptor describing the route state will be displayed first. Then, the
statistics of the entire routing table will be output. Finally, the verbose description of
each route will be output.
The display ip routing-table verbose command can display all current routes,
including inactive routes and invalid routes.
Example
# Display the verbose routing table information.
1-13
<Quidway> display ip routing-table verbose

Routing Tables:
Age: 20:17:41 Cost: 0/0
Age: 20:17:42 Cost: 0/0
Age: 20:08:05 Cost: 0/0
First, display statistics of the whole routing table. Then, output detailed information of
every route entry in turn. Table 1-2 shows the meaning of route status. Table 1-5 shows
routing table statistics.
Table 1-5 Description on the fields of the display ip routing-table verbose command
Field Description
Holddown Number of held-down routes
Delete Number of deleted routes
Hidden Number of hidden routes
1.2 Static Route Configuration Commands

1.2.1 delete static-routes all
Syntax
delete static-routes all
View
System view
1-14
Parameter
None
Description
Use the delete static-routes all command to delete all static routes.
The system will request your confirmation before it deletes all the configured static
routes.
Related command: ip route-static and display ip routing-table.
Example
# Delete all the static routes in the router.

[Quidway] delete static-routes all
Are you sure to delete all the unicast static routes?[Y/N]y
Syntax
ip route-static ip-address { mask | mask-length } { interface-type interface-number |

next-hop } [ preference preference-value ] [ reject | blackhole ] [ description text |
detect-group group number ]*
undo ip route-static ip-address { mask | mask-length } [ interface-type
interface-number | next-hop ] [ preference preference-value ] [ reject | blackhole ]
[ description text | detect-group group number ]*
View
System view
Parameter

mask: Mask.
mask-length: Mask length. Since 1s in a 32-bit mask must be consecutive, a mask in
dotted decimal notation can be replaced by mask-length, which is the number of the
consecutive 1s in the mask.
interface-type interface-number: Next-hop outgoing interface. The packets sent to a
null interface, which is a virtual interface, will be discarded immediately. This can
decrease the system load.
next-hop: Next hop IP address of the route, in dotted decimal notation.
1-15
preference-value: Preference level of the route, in the range from 1 to 255. The default
preference is 60.
reject: Indicates an unreachable route. If a static route to a destination has the "reject"
attribute, all the IP packets destined for this destination will be discarded, and the
source host will be informed that the destination is unreachable.
blackhole: Indicates a blackhole route. If a static route to a destination has the
“blackhole” attribute, the outgoing interface of this route is the Null 0 interface
regardless of the next hop address, and all the IP packet addresses destined for this
destination are dropped without the source host being notified.
description text: Provides a description for the current route.
detect-group group number: Specifies a detect group.
Description
Use the ip route-static command to configure a static route.

Use the undo ip route-static command to delete a manually configured static route.
By default, the system can obtain the subnet route directly connected to the router.
When you configure a static route, if no preference is specified for the route, the
preference defaults to 60, and if the route is not specified as reject or blackhole, the
route will be reachable by default.
When configuring a static route, note the following points:
z If the destination IP address and the mask are both 0.0.0.0, what you are
configuring is a default route. All the packets that fail to find a routing entry will be
forwarded through this default route.
z You cannot configure an interface address of the local switch as the next hop
address of a static route.
z You can configure a different preference to implement flexible route management
policy.
Related command: display ip routing-table.
Example
# Configure the next hop of the default route as 129.102.0.2.

[Quidway] ip route-static 0.0.0.0 0.0.0.0 129.102.0.2
1-16
Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 2 RIP Configuration Commands
Chapter 2 RIP Configuration Commands
Note:
word “router” and the router icons covered in the following text represent routers in
2.1 RIP Configuration Commands

2.1.1 checkzero
Syntax
checkzero
undo checkzero
View
RIP view
Parameter
None
Description
Use the checkzero command to enable zero field check of RIP-1 packets.
Use the undo checkzero command to disable zero field check.
By default, RIP-1 performs zero field check.
According to the protocol (RFC 1058) specifications, some fields in RIP-1 packets must
be zero and these fields are called zero fields. You can use the checkzero command to
enable/disable zero field check of RIP-1 packets. When zero field check is enabled, if
an incoming RIP-1 packet has a non-zero zero field, the packet will be rejected.
This command does not apply to RIP-2 packets because they have no zero fields.
Example
# Disable zero field check on RIP-1 packets.

2-1

[Quidway] rip
[Quidway-rip] undo checkzero
2.1.2 default cost
Syntax
default cost value

undo default cost
View
RIP view
Parameter
value: Default routing cost to be set, ranging from 1 to 16. It is 1 by default.
Description
Use the default cost command to set the default routing cost of imported routes.
Use the undo default cost command to restore the default value.
If no routing cost is specified when you use the import-route command to import
routes from another routing protocol, the routes will be imported with the default routing
cost specified with the default cost command.
Related command: import-route.
Example
# Set the default routing cost of the routes imported from other routing protocols to 3.
[Quidway] rip
[Quidway-rip] default cost 3
2.1.3 display rip
Syntax
display rip
View
Any view
Parameter
None
2-2
Description
Use the display rip command to display the current RIP operation state and RIP
configuration.
Example
# Display the current RIP operation state and configuration.

<Quidway> display rip
RIP is running
Checkzero is on Default cost : 1
Summary is on Preference : 100
Traffic-share-across-interface is off
Period update timer : 30
Timeout timer : 180
Garbage-collection timer : 120
No peer router
Network :
202.38.168.0
Table 2-1 Description on the fields of the display rip command
Field Description
RIP is running RIP is active.
Checkzero is on Zero field checking is enabled.
Default cost : 1 The default route cost is 1

Summary is on Routes are aggregated automatically
Preference : 100 The preference of RIP is 100
Period update timer : 30
Timeout timer : 180 Settings of the three timers of RIP
Garbage-collection timer : 120
No destination address of a
No peer router
transmission is specified
RIP is enabled on network segment
Network :202.38.168.0
202.38.168.0
Traffic is shared across equivalent
Traffic-share-across-interface is off
routes.
2.1.4 display rip interface
Syntax
display rip interface
2-3
View
Any view
Parameter
View
Description
Use the display rip interface command to display RIP interface information.
Example
# Display RIP interface information.

<Quidway> display rip interface
RIP Interface: public net
Address Interface Ver MetrIn/Out Input Output Split-horizon

1.0.0.1 Vlan-interface100 2 0/1 on on on
Table 2-2 Description on the fields of the display rip interface command
Field Description
IP address of the interface running RIP (You need to
Address use the network command to enable the network
segment on which the address resides.)
Name of the interface running RIP. The IP address of
Interface
the interface corresponds to that in the Address field.
Ver Version of RIP running on the interface
Additional routing metric added when a route is
MetrIn/Out
received/sent
Indicates whether to allow the interface to receive RIP
Input
packets ("on" means yes; "off" means no).
Indicates whether to allow the interface to send RIP
Output
packets ("on" means yes; "off" means no).
Indicates whether split horizon is enabled ("on" means
Split-horizon
yes; "off" means no)
2.1.5 display rip routing
Syntax
display rip routing
2-4
View
Any view
Parameter
None
Description
Use the display rip routing command to display RIP routing information.
Example
# Display RIP routing table information.

<Quidway> display rip routing
RIP routing table: public net
A = Active I = Inactive G = Garbage collection

C = Change T = Trigger RIP
Destination/Mask Cost NextHop Age SourceGateway Att

192.168.110.0/24 1 31.31.31.8 7s 31.31.31.8 A
200.1.1.0/24 1 31.31.31.8 7s 31.31.31.8 A
130.1.0.0/16 1 31.31.31.8 7s 31.31.31.8 A
Table 2-3 Description on the fields of the display rip routing command
Field Description
Destination/Mask Destination address/Mask
Cost Cost
NextHop Net hop address
Amount of time that elapsed after the route is
Age
advertised
SourceGateway Gateway originating the route
Indicates whether to allow the interface to send
Output
RIP packets ("on" means yes; "off" means no).
Indicates whether split horizon is enabled ("on"
Split-horizon
means yes; "off" means no)
2.1.6 filter-policy export
Syntax
filter-policy { acl-number | ip-prefix ip-prefix-name } export [ routing-protocol ]
2-5
filter-policy route-policy route-policy-name export

undo filter-policy { acl-number | ip-prefix ip-prefix-name } export [ routing-protocol ]
undo filter-policy route-policy route-policy-name export
View
RIP view
Parameter
acl-number: Number of the basic or advanced ACL used to filter routing information by
destination address.
ip-prefix-name: Name of the address ip-prefix list used to filter routing information by
route-policy-name: Name of the route-policy used to filter routing information. A
route-policy can enable RIP to determine which routes are to be sent/received based
on such fields as acl/cost/interface/ip/ip-prefix/tag.
routing-protocol: Routing protocol whose routing information is to be filtered. Currently,
this can be direct, ospf, ospf-ase, ospf-nssa, or static.
Description
Use the filter-policy export command to enable RIP to filter the routing information to
be advertised.
Use the undo filter-policy export command to cancel the filtering of the routing
information to be advertised.
By default, RIP does not filter routing information before advertising.
Related command: acl, filter-policy import, ip ip-prefix.
Example
# Configure to filter route information by ACL 2000 before the information is advertised.
[Quidway] rip
[Quidway-rip] filter-policy 2000 export
2.1.7 filter-policy import
Syntax
filter-policy gateway ip-prefix-name import

undo filter-policy gateway ip-prefix-name import
2-6
filter-policy { acl-number | ip-prefix ip-prefix-name [ gateway ip-prefix-name ] |

route-policy route-policy-name } import
undo filter-policy { acl-number | ip-prefix ip-prefix-name [ gateway ip-prefix-name ] |
route-policy route-policy-name } import
View
RIP view
Parameter
acl-number: Number of the ACL used to filter routing information by destination

address.
ip-prefix-name: Name of the address prefix list used to filter routing information by
gateway ip-prefix-name: Name of the address prefix list used to filter routing
information by the address of the neighbor router advertising the information.
route-policy-name: Name of the route-policy that filters routing information. A
route-policy can enable RIP to determine which routes are to be sent/received based
on such fields as acl/cost/interface/ip/ip-prefix/tag.
Description
Use the filter-policy gateway command to enable RIP to filter received routing
information by a specified address so that the routing information advertised by the
address can pass the filter.
Use the undo filter-policy gateway command to disable the above filtering.
Use the filter-policy import command to enable RIP to filter the received global
routing information.
Use the undo filter-policy import command to disable the above filtering.
By default, RIP does not filter the received routing information.
You can control the range of routes received by RIP by specifying an ACL and ip-prefix
list.
Related command: acl, filter-policy export, ip ip-prefix.
Example
# Configure to filter incoming routing information by acl 2000.

[Quidway] rip
[Quidway-rip] filter-policy 2000 import
2-7
2.1.8 host-route
Syntax
host-route
undo host-route
View
RIP view
Parameter
None
Description
Use the host-route command to enable RIP to accept host routes.

Use the undo host-route command to reject host routes.
By default, RIP accepts host routes.
In some special cases, RIP receives a great number of host routes from the same
network segment. These routes are of little help to path searching and occupy a lot of
resources. In this case, the undo host-route command can be used to reject host
routes.
Example
# Enable RIP to reject host routes.

[Quidway] rip
[Quidway-rip] undo host-route
2.1.9 import-route
Syntax
import-route protocol [ cost value | route-policy route-policy-name ]*

undo import-route protocol
View
RIP view
Parameter
protocol: Source routing protocol whose routes will be imported by RIP. At present, RIP
can import the following types of routes: direct, ospf, ospf-ase, ospf-nssa and static.
2-8
value: Cost value of the routes to be imported.

route-policy route-policy-name: Specifies to import only the routes matching the
conditions of the specified route-policy
Description
Use the import-route command to import the routes of another protocol into RIP.
Use the undo import-route command to cancel the routes imported from another
protocol.
By default, RIP does not import routes from other protocols.
The import-route command is used to import the routes of another protocol with a
specified cost.. RIP regards the imported routes as its own routes and transmits them
with the specified cost. This command can greatly enhance the capability of RIP to
obtain routes, thereby improving RIP performance.
If the cost value is not specified, routes will be imported with the default routing cost
(set by the default cost command, ranging from 1 to 16). If the cost of an imported
route is 16, RIP marks the route as HOLD DOWN (however, the route can still be used
to forward packets), and continues to announce the route with this cost to other routers
running RIP until the Garbage Collection timer times out (the timeout time defaults to
120 seconds).
Related command: default cost.
Example
# Import static routes with the cost of 4.

[Quidway] rip
[Quidway-rip] import-route static cost 4
# Set the default cost and import OSPF routes with the default cost.
[Quidway] rip
[Quidway-rip] default cost 3
[Quidway-rip] import-route ospf
2.1.10 network
Syntax
network network-address
undo network network-address
2-9
View
RIP view
Parameter
network-address: Address of the network for which RIP is enabled/disabled. It can be

the IP network address of any interface.
Description
Use the network command to enable RIP on a specified interface.

Use the undo network command to disable RIP on the interface.
By default, RIP is disabled on any interface.
After a RIP routing process is started, it is disabled on any interface. To enable RIP
routing on an interface, you must use the network command.
The undo network command is similar to the undo rip work command in function. But
they are not identical.
Their similarity is that the interface using either command will not receive/transmit RIP
routes any more.
The difference between them is that, in the case of undo rip work, other interfaces will
still forward the routes of the interface on which the undo rip work command is
executed. In the case of undo network, other interfaces will not forward the routes of
the interface on which the undo network command is executed and it seems that the
interface disappeared.
When the network command is used on an address, the effect is that the interface on
the network segment at this address is enabled. For example, the results of viewing the
network 129.102.1.1 with both the display current-configuration command and the
display rip command are shown as network 129.102.0.0.
Related command: rip work.
Example
# Enable RIP on the interface with the network address 129.102.0.0.

[Quidway] rip
[Quidway-rip] network 129.102.0.0
2.1.11 peer
Syntax
peer ip-address
2-10
undo peer ip-address
View
RIP view
Parameter
ip-address: IP address of the interface on the peer router with which routing information
needs to be exchanged, in dotted decimal notation.
Description
Use the peer command to configure the destination address of the peer device with
which routing information should be exchanged in unicast mode.
Use the undo peer command to cancel a unicast address.
By default, RIP does not send packets to any address in unicast mode.
This command is used to for non-broadcast networks to which protocol packets cannot
be sent in broadcast mode. And you are not recommended to use this command in
normal situation.
Example
# Specify a unicast destination address of 202.38.165.1.

[Quidway] rip
[Quidway-rip] peer 202.38.165.1
2.1.12 preference
Syntax
preference value
undo preference
View
RIP view
Parameter
value: Preference level, ranging from 1 to 255. By default, the value is 100.
Description
Use the preference command to configure the route preference of RIP.

Use the undo preference command to restore the default preference.
2-11
Every routing protocol has its own preference. Its default value is determined by the
specific routing policy. The preferences of routing protocols will finally determine which
routing algorithm's routes will be selected as the optimal routes in the IP routing table.
You can use this command to modify the RIP preference manually.
Example
# Specify the RIP preference as 20.

[Quidway] rip
[Quidway-rip] preference 20
2.1.13 reset
Syntax
reset
View
RIP view
Parameter
None
Description
Use the reset command to reset the system configuration parameters of RIP.
When you need to re-configure the parameters of RIP, you can use this command to
restore the default setting.
Example
# Reset the RIP system configuration.

[Quidway] rip
[Quidway-rip] reset
% Reset RIP's configuration and restart RIP? [Y/N]y
2.1.14 rip
Syntax
rip
undo rip
2-12
View
System view
Parameter
None
Description
Use the rip command to enable RIP and enter RIP view.
Use the undo rip command to disable RIP.
By default, the system does not run RIP.
RIP must be enabled before you can enter the RIP view and configure various RIP
global parameters. You can, however, configure the interface-based parameters
regardless of whether RIP is enabled.
Note:
Note that the interface parameters configured previously would be invalid when RIP is
disabled.
Example
# Enable RIP and enter RIP view.

[Quidway] rip
[Quidway-rip]
2.1.15 rip authentication-mode
Syntax
rip authentication-mode { simple password | md5 { rfc2453 key-string | rfc2082

key-string key-id } }
undo rip authentication-mode
View
Interface view
Parameter
simple: Specifies to use simple text authentication mode.
2-13
password: Simple text authentication key, containing 1 to 16 characters.

md5: Specifies to use MD5 cipher text authentication mode.
rfc2453: Specifies that MD5 cipher text authentication packets will use a packet format
(IETF standard) stipulated by RFC2453.
rfc2082: Specifies that MD5 cipher text authentication packets will use a packet format
stipulated by RFC2082.
key-string: MD5 cipher text authentication key. If it is input in a plain text form, MD5 key
is a character string not exceeding 16 characters. And it will be displayed in a cipher
text form in a length of 24 characters when you use the display current-configuration
command. You can also input the MD5 key in a cipher text form with a length of 24
characters.
key-id: MD5 cipher text authentication identifier, ranging from 1 to 255.
Description
Use the rip authentication-mode command to configure RIP-2 authentication mode

and its parameters.
Use the undo rip authentication-mode command to cancel all authentication.
Only one authentication key is supported each time authentication is performed. An
authentication key newly input overwrites an old one.
Related command: rip version.
Example
# Specify the interface Vlan-interface 10 to use the simple authentication with the
authentication key of aaa.
[Quidway-Vlan-interface10] rip version 2
[Quidway-Vlan-interface10] rip authentication-mode simple aaa
# Specify Vlan-interface 10 to use the MD5 cipher text authentication, with the
authentication key of aaa and the packet format of rfc2453.
[Quidway-Vlan-interface10] rip authentication-mode md5 rfc2453 aaa
2-14
2.1.16 rip input
Syntax
rip input
undo rip input
View
Interface view
Parameter
None
Description
Use the rip input command to enable an interface to receive RIP packets.
Use the undo rip input command to disable an interface from receiving RIP packets.
By default, all interfaces, except loopback interfaces, can receive RIP packets.
This command is used in cooperation with another two commands: rip output and rip
work. Functionally, rip work is equivalent to rip input & rip output. The latter two
control the receipt and the transmission of RIP packets respectively on an interface.
The former command equals the functional combination of the latter two commands.
Related command: rip output, rip work.
Example
# Configure the interface Vlan-interface 10 not to receive RIP packets.

[Quidway-Vlan-interface10] undo rip input
2.1.17 rip metricin
Syntax
rip metricin value

undo rip metricin
View
Interface view
2-15
Parameter
value: Additional route metric added when receiving a RIP route, ranging from 0 to 16.
By default, the value is 0.
Description
Use the rip metricin command to configure the additional route metric added to the
RIP routes received on an interface.
Use the undo rip metricin command to restore the default value of this additional route
metric.
Related command: rip metricout.
Example
# Set the additional route metric added to RIP routes received on Vlan-interface 10 to 2.
[Quidway-Vlan-interface10] rip metricin 2
2.1.18 rip metricout
Syntax
rip metricout value

undo rip metricout
View
Interface view
Parameter
value: Additional route metric added when transmitting a RIP route, ranging from 1 to
16. By default, the value is 1.
2-16
Description
Use the rip metricout command to configure the additional route metric added to the
RIP routes to be transmitted on an interface.
Use the undo rip metricout command to restore the default value of this additional
route metric.
Note:
The metricout configuration only applies to the RIP routes learnt by the router and
those generated by the router itself. It does not apply to any route imported to RIP by
any other routing protocol.
Related command: rip metricin.
Example
# Set the additional route metric added to the RIP routes to be transmitted on
Vlan-interface 10 to 2.
[Quidway-Vlan-interface10] rip metricout 2
2.1.19 rip output
Syntax
rip output
undo rip output
View
Interface view
Parameter
None
Description
Use the rip output command to enable an interface to transmit RIP packets.
Use the undo rip output command to disable an interface from transmitting RIP
packets.
2-17
By default, all interfaces except loopback interfaces are enabled to transmit RIP
packets to the external.
This command is used in cooperation with another two commands: rip input and rip
work . Functionally, rip work is equivalent to rip input & rip output. The latter two
control the receipt and the transmission of RIP packets respectively on an interface.
The former command equals the functional combination of the latter two commands.
Related command: rip input, rip work.
Example
# Disable the interface Vlan-interface 10 from transmitting RIP packets.

[Quidway-Vlan-interface10] undo rip output
2.1.20 rip split-horizon
Syntax
rip split-horizon
undo rip split-horizon
View
Interface view
Parameter
None
Description
Use the rip split-horizon command to configure an interface to use split horizon when
transmitting RIP packets.
Use the undo rip split-horizon command to configure an interface not to use split
horizon when transmitting RIP packets.
By default, an interface is enabled to use split horizon when transmitting RIP packets.
Normally, split horizon is necessary for avoiding route loop. Only in some special cases
does split horizon need to be disabled to ensure the correct execution of the protocol.
So, disable split horizon only when necessary.
Example
# Specify the interface Vlan-interface 10 not to use split horizon when processing RIP
packets.
2-18
[Quidway-Vlan-interface10] undo rip split-horizon
2.1.21 rip version
Syntax
rip version { 1 | 2 [ broadcast | multicast ] }

undo rip version
View
Interface view
Parameter
1: Interface version is RIP-1.

2: Interface version is RIP-2.
broadcast: Transmission mode of RIP-2 packets is broadcast.
multicast: Transmission mode of RIP-2 packets is multicast.
Description
Use the rip version command to specify the version of RIP packets on an interface.
Use the undo rip version command to restore the default RIP packet version on the
interface.
By default, the interface RIP version is RIP-1. RIP-1 transmits packets in broadcast
mode, while RIP-2 transmits packets in multicast mode by default.
When running RIP-1, the interface only receives and transmits RIP-1 broadcast
packets, and receives RIP-2 broadcast packets, but does not receive RIP-2 multicast
packets. When running RIP-2 in broadcast mode, the interface receives and transmits
RIP-2 broadcast packets, receives RIP-1 broadcast packets. When running RIP-2 in
multicast mode, the interface only receives and transmits RIP-2 multicast packets,
receives RIP-2 broadcast packets, but does not receive RIP-1 broadcast packets.
Example
# Configure the interface Vlan-interface 10 as RIP-2 broadcast mode.

[Quidway-Vlan-interface10] rip version 2 broadcast
2-19
2.1.22 rip work
Syntax
rip work
undo rip work
View
Interface view
Parameter
None
Description
Use the rip work command to enable RIP to transmit and receive RIP packets on an
interface.
Use the undo rip work command to disable RIP from transmitting and receiving RIP
packets on an interface.
By default, RIP is enabled from transmitting and receiving RIP packets on an interface.
This command is used in cooperation with rip input, rip output and network
commands.
Related command: network, rip input, rip output.
Example
# Disable RIP from transmitting and receiving RIP packets on the interface
Vlan-interface 10.
[Quidway-Vlan-interface10] undo rip work
2.1.23 summary
Syntax
summary
undo summary
View
RIP view
2-20
Parameter
None
Description
Use the summary command to enable RIP-2 automatic route aggregation.

Use the undo summary command to disable RIP-2 automatic route aggregation.
By default, RIP-2 route aggregation is enabled.
Route aggregation can be used to reduce the routing traffic on the network as well as to
reduce the size of the routing table. If RIP-2 is used, route aggregation function can be
disabled with the undo summary command when it is necessary to broadcast subnet
routes.
RIP-1 does not support subnet mask. Forwarding subnet routes may cause ambiguity.
Therefore, RIP-1always uses route aggregation.
Related command: rip version.
Example
# Set RIP version on the interface Vlan-interface 10 as RIP-2 and disable route
aggregation.
[Quidway-Vlan-interface10] quit
[Quidway] rip
[Quidway-rip] undo summary
2.1.24 timers
Syntax
timers { update update-timer | timeout timeout-timer } *

undo timers { update | timeout } *
View
RIP view
Parameter
update-timer: Value of the Period Update timer, ranging from 1 to 3,600 seconds. By
default, it is 30 seconds.
timeout-timer: Value of the Timeout timer, ranging from 1 to 3,600 seconds. By default,
it is 180 seconds.
2-21
Description
Use the timers command to modify the values of the three RIP timers: Period Update,
Timeout, and Garbage-collection (which is usually set to a value four times that of the
Period Update timer).
Use the undo timers command to restore the default settings.
By default, the Period Update, Timeout, and Garbage-collection timers are 30 seconds,
180 seconds, and 120 seconds, respectively.
Generally, it is regarded that the value of the Garbage-collection timer is fixed at four
times that of the Period Update timer. Adjusting the Period Update timer will affect the
Garbage-collection timer.
The modification of RIP timers is validated immediately.
Related command: display rip.
Example
# Set the values of the Period Update timer and the Timeout timer of RIP to 10 seconds
and 30 seconds respectively.
[Quidway] rip
[Quidway-rip] timers update 10 timeout 30
2.1.25 traffic-share-across-interface
Syntax
traffic-share-across-interface
undo traffic-share-across-interface
View
RIP view
Parameter
None
Description
Use the traffic-share-across-interface command to enable traffic sharing across RIP

interfaces, so as to distribute traffic evenly over equal-cost routes across the interfaces
on a router.
Use the undo traffic-share-across-interface command to cancel traffic sharing.
2-22
By default, traffic sharing across RIP interfaces is disabled.
Example
# Enable traffic sharing across RIP interfaces.

[Quidway] rip
[Quidway-rip] traffic-share-across-interface
2-23
Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 3 OSPF Configuration Commands
Chapter 3 OSPF Configuration Commands
Note:
Among S3900 Series Ethernet Switches, only S3900-EI series support OSPF protocol.
Note:
words “router” and the router icons covered in the following text represent routers in
3.1 OSPF Configuration Commands

3.1.1 abr-summary
Syntax
abr-summary ip-address mask [ advertise | not-advertise ]

undo abr-summary ip-address mask
View
OSPF Area view
Parameter
ip-address: Network segment address.

mask: Network mask.
advertise: Specifies to advertise the aggregated route that match a specific IP address
and mask.
not-advertise: Specifies not to advertise the aggregated route that match a specific IP
address and mask.
Description
Use the abr-summary command to enable route aggregation on an area border router
(ABR).
3-1
Use the undo abr-summary command to disable route aggregation on an ABR.

By default, an ABR does not aggregate routes.
This command is applicable to ABRs only and is used for route aggregation in an area.
It allows the ABR to transmit an aggregated route to other areas.
Route aggregation means that routing information is processed by an ABR, which
transmits only one route to other areas for each network segment configured with route
aggregation. You can configure multiple aggregation routes in an area so that OSPF
can aggregate multiple network segments.
Example
# Aggregate the routes in the two network segments, 36.42.10.0 and 36.42.110.0, in
OSPF area 1 into one summary route 36.42.0.0 and transmit it to other areas.
[Quidway] ospf 1
[Quidway-ospf-1] area 1
[Quidway-ospf-1-area-0.0.0.1] network 36.42.10.0 0.0.0.255
[Quidway-ospf-1-area-0.0.0.1] abr-summary 36.42.0.0 255.255.0.0
3.1.2 area
Syntax
area area-id
undo area area-id
View
OSPF view
Parameter
area-id: ID of an OSPF area, which can be a decimal integer (ranging from 0 to

4294967295) or in the form of an IP address.
Description
Use the area command to enter OSPF area view.

Use the undo area command to cancel the specified area.
Example
# Enter OSPF area 0 view.

3-2
[Quidway] ospf 1
[Quidway-ospf-1-area-0.0.0.0]
3.1.3 asbr-summary
Syntax
asbr-summary ip-address mask [ not-advertise | tag value ]

undo asbr-summary ip-address mask
View
OSPF view
Parameter
ip-address: IP address to be matched, in dotted decimal notation.

mask: IP address mask, in dotted decimal notation.
not-advertise: Specifies not to advertise the aggregated route matching the specified
IP address and mask. If this argument is not provided, the aggregated route will be
advertised.
tag value: Tag value, which is mainly used to control route advertisement via
route-policy. It ranges from 0 to 4294967295 and defaults to 1.
Description
Use the asbr-summary command to configure the aggregation of imported routes by

OSPF.
Use the undo asbr-summary command to cancel the aggregation.
By default, imported routes are not aggregated.
After the aggregation of imported routes is configured, if the local router is an
autonomous system border router (ASBR), this command aggregates the imported
Type-5 LSAs in the aggregation address range. If an NSSA is configured, this
command also aggregates the imported Type-7 LSAs in the summary address range.
If the local router acts as both an ABR and a transit router in the NSSA, this command
aggregates Type-5 LSAs transformed from Type-7 LSAs. If the router is not the router
in the NSSA, the aggregation is disabled.
Related command: display ospf asbr-summary.
Example
# Set aggregation of routes imported by the router Quidway.

3-3
[Quidway] ospf 1
[Quidway-ospf-1] asbr-summary 10.2.0.0 255.255.0.0 not-advertise
3.1.4 authentication-mode
Syntax
authentication-mode { simple | md5 }

undo authentication-mode
View
OSPF Area view
Parameter
simple: Uses simple text authentication mode.

md5: Uses MD5 cipher text authentication mode.
Description
Use the authentication-mode command to configure one area of OSPF to support the
authentication attribute.
Use the undo authentication-mode command to cancel the authentication attribute of
this area.
By default, an area does not support authentication attribute.
All the routers in one area must use the same authentication mode (no authentication,
simple text authentication, or MD5 cipher text authentication). If the mode of supporting
authentication is configured, all routers on the same segment must use the same
authentication key.
Use the ospf authentication-mode simple command to configure a simple text
authentication key.
Use the ospf authentication-mode md5 command to configure the MD5 cipher text
authentication key if the area is configured to support MD5 cipher text authentication
mode.
Related command: ospf authentication-mode.
Example
# Enter area 0 view.

[Quidway] ospf 1
# Specify the OSPF area 0 to support MD5 cipher text authentication.
3-4
[Quidway-ospf-1-area-0.0.0.0] authentication-mode md5
3.1.5 default cost
Syntax
default cost value

undo default cost
View
OSPF view
Parameter
value: Default routing cost of external route imported by OSPF, ranging from 0 to
16,777,214. By default, its value is 1.
Description
Use the default cost command to configure the default cost for OSPF to import
external routes.
Use the undo default cost command to restore the default routing cost of external
routes to its default value.
Since OSPF can import external routing information and propagate the information to
the entire autonomous system, routing cost of external routes can influence route
selection and calculation. Therefore, it is necessary to specify the default routing cost
for the protocol to import external routes.
Example
# Specify the default routing cost for OSPF to import external routes as 10.
[Quidway] ospf 1
[Quidway-ospf-1] default cost 10
3.1.6 default interval
Syntax
default interval seconds

undo default interval
View
OSPF view
3-5
Parameter
seconds: Default interval, in seconds, of importing external routes. It ranges from 1 to

Description
Use the default interval command to configure the default interval for OSPF to import
external routes.
Use the undo default interval command to restore the default value of the default
interval of importing external routes.
OSPF can import external routing information and propagate it to the entire
autonomous system. However, importing routes too often greatly affects the
performance of the device. Therefore, it is necessary to specify the default interval for
the protocol to import external routes.
Example
# Specify the default interval for OSPF to import external routes as 10 seconds.
[Quidway] ospf 1
[Quidway-ospf-1] default interval 10
3.1.7 default limit
Syntax
default limit routes

undo default limit
View
OSPF view
Parameter
routes: Default limit on the number of external routes imported in a unit time. It ranges
from 200 to 2147483647 and defaults to1000.
Description
Use the default limit command to configure the default limit on the number of routes
imported by OSPF in a unit time.
Use the undo default limit command to restore the default value.
OSPF can import external routing information and advertise them to the whole AS.
Importing too many external routes at a time greatly affects the performance of the
3-6
device. Therefore, it is necessary to limit the number of external routes imported during
each import interval.
Related command: default interval.
Example
# Specify the default limit on the number of external routes imported by OSPF in each
import interval as 200.
[Quidway] ospf 1
[Quidway-ospf-1] default limit 200
3.1.8 default tag
Syntax
default tag tag

undo default tag
View
OSPF view
Parameter
tag: Default tag, ranging from 0 to 4294967295.
Description
Use the default tag command to configure the default tag of OSPF when it imports an
external route.
Use the undo default tag command to restore the default tag of OSPF when it imports
the external route.
When OSPF imports a route found by another routing protocol in the router and uses it
as the external routing information of its own autonomous system, some additional
parameters are required, including the default cost and the default tag of the route.
Related command: default type.
Example
# Set the default tag of OSPF imported external route of the autonomous system as 10.
[Quidway] ospf 1
[Quidway-ospf-1] default tag 10
3-7
3.1.9 default type
Syntax
default type { 1 | 2 }
undo default type
View
OSPF view
Parameter
type 1: External routes of type 1.

type 2: External routes of type 2.
Description
Use the default type command to configure the default type when OSPF imports
external routes.
Use the undo default type command to restore the default type when OSPF imports
external routes.
By default, the external routes of type 2 are imported.
OSPF specifies the two types of external routing information. You can use the
command described in this section to specify the default type when external routes are
imported.
Related command: default tag.
Example
# Configure OSPF to import external routes of type 1 by default.

[Quidway] ospf 1
[Quidway-ospf-1] default type 1
3.1.10 default-cost
Syntax
default-cost value
undo default-cost
View
OSPF Area view
3-8
Parameter
value: Cost value of the default route transmitted by OSPF to the STUB or NSSA area.
It ranges from 0 to 16,777,214 and defaults to 1.
Description
Use the default-cost command to configure the cost of the default route transmitted by
OSPF to the STUB or NSSA area.
Use the undo default-cost command to restore the default cost of the default route
transmitted by OSPF to the STUB or NSSA area.
This command only applies to an ABR in a STUB area or NSSA area.
To configure a STUB area, you need to use the stub and default-cost commands.
You must use the stub command on all the routers connected to a STUB area to
configure the area with the STUB attribute.
Use the default-cost command to configure the cost of the default route transmitted by
an ABR to the STUB area or NSSA area.
Related command: stub, nssa.
Example
# Set area 1 as the STUB area and the cost of the default route transmitted to this
STUB area to 60.
[Quidway] ospf 1
[Quidway-ospf-1-area-0.0.0.1] stub
[Quidway-ospf-1-area-0.0.0.1] default-cost 60
3.1.11 default-route-advertise
Syntax
default-route-advertise [ always | cost value | type type-value | route-policy

route-policy-name ]*
undo default-route-advertise [ always | cost | type | route-policy ]*
View
OSPF view
3-9
Parameter
always: Generates an ase lsa describing the default route and advertises it if the local
router is not configured with the default route. If this keyword is not provided, the local
router must be configured with the default route before it can import the ase lsa, which
generates the default route.
cost value: Specifies the cost value of this ase lsa. The value of value ranges from 0 to
type type-value: Specifies the cost type of this ase lsa. The value of type-value ranges
from 1 to 2 and defaults 2.
route-policy route-policy-name: If the default route matches the route-policy specified
by route-policy-name, the route-policy will affect the value in ase lsa. The
route-policy-name argument is a string containing 1 to 19 characters.
Description
Use the default-route-advertise command to import the default route to OSPF route
area.
Use the undo default-route-advertise command to cancel the import of the default
route.
By default, OSPF does not import the default route.
The import-route command cannot import the default route. To import the default route
to the route area, the default-route-advertise command must be used. If the local
router is not configured with the default route, the keyword always should be specified
so that ase lsa of the default route is generated.
Related command: import-route.
Example
# The ase lsa of the default route is generated only if the local router has the default
route.
[Quidway] ospf 1
[Quidway-ospf-1] default-route-advertise
# The ase lsa of default route will be generated and advertised to OSPF route area
even the local router has no default route.
[Quidway-ospf-1] default-route-advertise always
3-10
3.1.12 display debugging ospf
Syntax
display debugging ospf
View
Any view
Description
Use the display debugging ospf command to display the debugging states of OSPF
processes.
Example
# Display the debugging states of OSPF processes.

<Quidway> display debugging ospf
OSPF process 1 debugging state:
OSPF EVENT debugging switch is on
3.1.13 display ospf abr-asbr
Syntax
display ospf [ process-id ] abr-asbr
View
Any view
Parameter
process-id: OSPF Process ID. If you do not specify a process ID, this command applies
to all current OSPF processes .
Description
Use the display ospf abr-asbr command to display the information about the ABR and
ASBR of OSPF.
Example
# Display the information about the OSPF ABRs and ASBRs.

<Quidway> display ospf abr-asbr
OSPF Process 1 with Router ID 1.1.1.1
Routing Table to ABR and ASBR
I = Intra i = Inter A = ASBR B = ABR S = SumASBR
Destination Area Cost Nexthop Interface
3-11
IA 2.2.2.2 0.0.0.0 10 10.153.17.89 Vlan-interface1
Table 3-1 Description on the fields of the display ospf abr-asbr command
Field Description
Destination Router ID of the ABR or ASBR
Area where the router is connected to
Area
the ASBR
Cost Routing overhead value of the route
Nexthop Nexthop address to the destination
Interface Local output interface
3.1.14 display ospf asbr-summary
Syntax
display ospf [ process-id ] asbr-summary [ ip-address mask ]
View
Any view
Parameter
to all current OSPF processes.
ip-address: Matched IP address, in dotted decimal notation.
mask: IP address mask, in dotted decimal notation.
Description
Use the display ospf asbr-summary command to display the summary information of
OSPF imported route.
If you do not specify an IP address or mask, the summary information of all OSPF
imported routes will be displayed.
Related command: asbr-summary .
Example
# Display the summary information of all OSPF imported routes.

<Quidway> display ospf asbr-summary
Summary Addresses
Total summary address count: 2
3-12
Summary Address
net : 168.10.0.0
mask : 255.254.0.0
tag : 1
status : Advertise
The Count of Route is 0
Summary Address
net : 1.1.0.0
mask : 255.255.0.0
tag : 100
status : DoNotAdvertise
The Count of Route is 0
Table 3-2 Description on the fields of the display ospf asbr-summary command.
Field Description
net Destination network segment
mask Mask
tag Tag
Status information, which takes one of the following two values:
DoNotAdv The summary routing information to the network

status ertise segment will not be advertised.
The summary routing information to the network
Advertise
segment will be advertised.
3.1.15 display ospf brief
Syntax
display ospf [ process-id ] brief
View
Any view
Parameter
Description
Use the display ospf brief command to display brief OSPF information.
3-13
Example
# Display brief OSPF information.

<Quidway> display ospf brief
OSPF Protocol Information
RouterID: 10.110.95.189 Border Router: Area AS
spf-schedule-interval: 5
Routing preference: Inter/Intra: 10 External: 150
Default ASE parameters: Metric: 1 Tag: 1 Type: 2
SPF computation count: 16
Area Count: 1 Nssa Area Count: 0
Area 0.0.0.0:
Authtype: none Flags: <>
SPF scheduled: <>
Interface: 201.1.1.4 (Vlan-interface1)
Cost: 1 State: DR Type: Broadcast
Priority: 1
Designated Router: 201.1.1.4
Backup Designated Router: 201.1.1.3
Timers: Hello 10, Dead 40, Poll 40, Retransmit 5, Transmit Delay 1
Table 3-3 Description on the fields of the display ospf brief command
Field Description
RouterID Router ID of the router
Border routers for connection to the area, including
Border Router
ASBRs and ABRs
spf-schedule-interval Interval of SPF schedule
Authtype Authentication type of OSPF
Routing preference of OSPF. The internal route of OSPF
includes intra/inter area route, and its default routing
Routing preference
preference is 10, while that of the external route of OSPF
is 150 by default
Default ASE Default ASE parameters of OSPF, including metric, type
parameters and tag
SPF computation
SPF computation count since OSPF is enabled
count
Area Count Areas for connection to this router
Nssa Area Count Number of NSSA areas
SPF scheduled SPF scheduled (flag)
3-14
Field Description
Interface Name of interface belonging to this area
Cost Cost of routes
State State information
Type Network type of OSPF interface
Priority Priority
Designated Router IP address of designated router (DR)
Backup Designated
IP address of backup designated router (BDR)
Router
OSPF timers, defined as follows:
Hello Interval of hello packet
Timers Dead Interval of dead neighbors
Poll Interval of poll
Retransmit Interval of retransmitting LSA

Transmit Delay Delay time of transmitting LSA
3.1.16 display ospf cumulative
Syntax
display ospf [ process-id ] cumulative
View
Any view
Parameter
Description
Use the display ospf cumulative command to display cumulative OSPF statistics.
Example
# Display cumulative OSPF statistics.

<Quidway> display ospf cumulative
Cumulations
IO Statistics
3-15
Type Input Output

Hello 225 437
DB Description 78 86
Link-State Req 18 18
Link-State Update 48 53
Link-State Ack 25 21
ASE: 1 Checksum Sum: FCAF
LSAs originated by this router
Router: 50 SumNet: 40 SumASB: 2
LSAs Originated: 92 LSAs Received: 33
Area 0.0.0.0:
Neighbors: 1 Interfaces: 1
Spf: 54 Checksum Sum F020
rtr: 2 net: 0 sumasb: 0 sumnet: 1
Area 0.0.0.1:
Neighbors: 0 Interfaces: 1
Spf: 19 Checksum Sum 14EAD
rtr: 1 net: 0 sumasb: 1 sumnet: 1
Routing Table:
Intra Area: 2 Inter Area: 0 ASE: 1
Table 3-4 Description on the fields of the display ospf cumulative command
Field Description
Type Type of input/output OSPF packet
IO Statistics Input Number of received packets
Output Number of transmitted packets
ASE Number of all ASE LSAs
checksum sum Checksum of ASE LSA
originated Number of originated LSAs
LSAs Number of received LSAs generated by other
received
routers
Router Number of all Router LSAs
SumNet Number of all Sumnet LSAs

SumASB Number of all SumASB LSAs
Area Neighbors Number of neighbors in this area
Interfaces Number of interfaces in this area
Spf Number of SPF computation count in this area
3-16
Field Description
rtr, net, sumasb,
Number of all LSAs in this area
sumnet
Intra Area Number of intra-area routes
Routing Table Inter Area Number of inter-area routes
ASE Number of external routes
3.1.17 display ospf error
Syntax
display ospf [ process-id ] error
View
Any view
Parameter
Description
Use the display ospf error command to display OSPF error information.
Example
# Display the OSPF error information.

<Quidway> display ospf error
OSPF packet error statistics:
OSPF packet error statistics:
0: IP: received my own packet 0: OSPF: wrong packet type
0: OSPF: wrong version 0: OSPF: wrong checksum
0: OSPF: wrong area id 0: OSPF: area mismatch
0: OSPF: wrong virtual link 0: OSPF: wrong authentication type
0: OSPF: wrong authentication key 0: OSPF: too small packet
0: OSPF: packet size > ip length 0: OSPF: transmit error
0: OSPF: interface down 0: OSPF: unknown neighbor
0: HELLO: netmask mismatch 0: HELLO: hello timer mismatch
0: HELLO: dead timer mismatch 0: HELLO: extern option mismatch
0: HELLO: router id confusion 0: HELLO: virtual neighbor unknown
0: HELLO: NBMA neighbor unknown 0: DD: neighbor state low
0: DD: router id confusion 0: DD: extern option mismatch
3-17
0: DD: unknown LSA type 0: LS ACK: neighbor state low

0: LS ACK: wrong ack 1: LS ACK: duplicate ack
0: LS ACK: unknown LSA type 0: LS REQ: neighbor state low
0: LS REQ: empty request 0: LS REQ: wrong request
0: LS UPD: neighbor state low 0: LS UPD: newer self-generate LSA
0: LS UPD: LSA checksum wrong 0: LS UPD: received less recent LSA
0: LS UPD: unknown LSA type 0: OSPF routing: next hop not exist
0: DD: MTU option mismatch 0: ROUTETYPE: wrong type value
0: LS UPD: LSA length wrong
Table 3-5 Description on the fields of the display ospf error command
Field Description
IP: received my own packet Received my own packet
OSPF: wrong packet type OSPF packet type error
OSPF: wrong version OSPF version error
OSPF: wrong checksum OSPF checksum error
OSPF: wrong area id OSPF area ID error

OSPF: area mismatch OSPF area mismatch
OSPF: wrong virtual link OSPF virtual link error
OSPF: wrong authentication

OSPF authentication type error
type
OSPF: wrong authentication
OSPF authentication key error
key
OSPF: too small packet OSPF packet too small
OSPF: packet size > ip length OSPF packet size exceeds IP packet length
OSPF: transmit error OSPF transmission error
OSPF: interface down OSPF interface is down, unavailable
OSPF: unknown neighbor OSPF neighbors are unknown
HELLO: netmask mismatch Network mask mismatch
HELLO: hello timer mismatch Interval of HELLO packet is mismatched
HELLO: dead timer mismatch Interval of dead neighbor packet is mismatched
HELLO: extern option
Extern option of Hello packet is mismatched
mismatch
HELLO: router id confusion Hello packet: Router ID confusion
HELLO: virtual neighbor
Hello packet: unknown virtual neighbor
unknown
HELLO: NBMA neighbor
Hello packet: unknown NBMA neighbor
unknown
3-18
Field Description
Database description (DD) packet: asynchronous
DD: neighbor state low
neighbor state
DD: unknown LSA type DD packet: unknown LSA type
DD: router id confusion DD packet: router id unidentifiable
DD: extern option mismatch DD packet: external route flag error
Link state acknowledgment (LS ACK) packet:
LS ACK: neighbor state low
asynchronous neighbor state
LS ACK: wrong ack Link state acknowledgment packet: ack error
Link state acknowledgment packet: ack
LS ACK: duplicate ack
duplication
Link state acknowledgment packet: unknown LSA
LS ACK: unknown LSA type
type
LS REQ: neighbor state low Link state request (LS REQ) packet
LS REQ: empty request Link state request packet: empty request
LS REQ: wrong request Link state request packet: erroneous request
Link state update packet: asynchronous neighbor
LS UPD: neighbor state low
state
LS UPD: newer self-generate Link state update packet: newer LSA generated by
LSA itself
LS UPD: LSA checksum
Link state update packet: LSA checksum error
wrong
LS UPD:received less recent Link state update packet: received less recent
LSA LSA
LS UPD: unknown LSA type Link state update packet: unknown LSA type
LS UPD: LSA length wrong Link state update packet: LSA length error
OSPF routing: next hop not
Next hop of OSPF routing does not exist
exist
DD: MTU option mismatch MTU option of DD packet is mismatched
ROUTETYPE: wrong type
Route type: the value of the type is wrong
value
3.1.18 display ospf interface
Syntax
display ospf [ process-id ] interface [ interface-type interface-number ]
3-19
View
Any view
Parameter
interface-type interface-number: Interface type and interface number.
Description
Use the display ospf interface command to display the OSPF interface information.
Example
# Display the OSPF interface information of Vlan-interface1.

<Quidway> display ospf interface vlan-interface 1
Interfaces
Interface: 10.110.10.2 (Vlan-interface1)
Cost: 1 State: BackupDR Type: Broadcast
Priority: 1
Designated Router: 10.110.10.1
Backup Designated Router: 10.110.10.2
Table 3-6 Description on the fields of the display ospf interface command
Field Description
Cost Cost of the interface
State State of the interface state machine
Type Network type of OSPF
Priority Priority of DR for interface election
Designated Router DR on the network in which the interface resides
Backup Designated Router BDR on the network in which the interface resides
3-20
3.1.19 display ospf lsdb
Syntax
display ospf [ process-id ] [ area-id ] lsdb [ brief | [ asbr | ase | network | nssa |
router | summary [ ip-address ] ] [ originate-router ip-address | self-originate ] ]
View
Any view
Parameter
area-id: OSPF area ID, which can be a decimal integer (ranging from 0 to 4294967295)
or in the form of an IP address.
brief: Displays brief database information.
asbr: Displays the database information about Type-4 LSAs (summary-Asbr-LSAs)
advertised by ASBR routers.
ase: Displays the database information about the Type-5 LSAs (AS-external-LSAs).
This argument is unavailable if you have provided a value for area-id.
network: Displays the database information about the Type-2 LSAs (network-LSAs).
nssa: Displays the database information about the Type-7 LSAs
(NSSA-external-LSAs).
router: Displays the database information about the Type-1 LSAs (router-LSAs).
summary: Displays the database information about the Type-3 LSAs
(summary-net-LSAs).
ip-address: Link state identifier (in the form of an IP address).
originate-router ip-address: Specifies the IP address of the router advertising the
LSAs.
self-originate: Displays the database information about the LSAs generated by the
local router (self-originate LSAs).
Description
Use the display ospf lsdb command to display the database information about OSPF
connecting state.
Example
# Display the database information about OSPF connection state.

<Quidway> display ospf lsdb
3-21
Link State Database

Area: 0.0.0.0
Type LinkState ID AdvRouter Age Len Sequence Metric Where
Rtr 2.2.2.2 2.2.2.2 465 36 8000000c 0 SpfTree
Rtr 1.1.1.1 1.1.1.1 449 36 80000004 0 SpfTree
Net 10.153.17.89 2.2.2.2 465 32 80000004 0 SpfTree
SNet 10.153.18.0 1.1.1.1 355 28 80000003 10 Inter List
Area: 0.0.0.1
Rtr 1.1.1.1 1.1.1.1 449 36 80000004 0 SpfTree
Rtr 3.3.3.3 3.3.3.3 429 36 8000000a 0 Clist
Net 10.153.18.89 3.3.3.3 429 32 80000003 0 SpfTree
SNet 10.153.17.0 1.1.1.1 355 28 80000003 10 Inter List
ASB 2.2.2.2 1.1.1.1 355 28 80000003 10 SumAsb List
AS External Database:
ASE 10.153.18.0 1.1.1.1 1006 36 80000002 1 Ase List
ASE 10.153.16.0 2.2.2.2 798 36 80000002 1 Uninitialized
ASE 10.153.17.0 2.2.2.2 623 36 80000003 1 Uninitialized
ASE 10.153.17.0 1.1.1.1 1188 36 80000002 1 Ase List
Table 3-7 Description on the fields of the display ospf lsdb command
Field Description
Type Type of the LSA
LinkStateID Link state ID of the LSA

AdvRouter Router ID of the router that advertises the LSA
Age Age of the LSA
Len Length of the LSA
Sequence Sequence number of the LSA
Cost from the router that advertises the LSA to LSA
Metric
destination
Where Location of the LSA
<Quidway> display ospf lsdb ase

Link State Data Base
type: ASE
ls id : 2.2.0.0
adv rtr: 1.1.1.1
ls age: 349
3-22
len: 36
seq#: 80000001
chksum: 0xfcaf
Options: (DC)
Net mask:255.255.0.0
Tos 0 metric: 1
E type : 2
Forwarding Address: 0.0.0.0
Tag: 1
Table 3-8 Description on the fields of the display ospf lsdb ase command
Field Description
type Type of the LSA
ls id Link state ID of the LSA
Router ID of the router that advertises
adv rtr
the LSA
ls age Age of the LSA
len Length of the LSA
seq# Sequence number of the LSA

chksum Checksum of the LSA
Options Options of the LSA
Net mask Network mask

E type Type of external route
Forwarding Address Forwarding address
Tag Tag
3.1.20 display ospf nexthop
Syntax
display ospf [ process-id ] nexthop
View
Any view
Parameter
3-23
Description
Use the display ospf nexthop command to display the OSPF next-hop information.
Example
# Display the OSPF next-hop information.

<Quidway> display ospf nexthop
Next hops:
Address Type Refcount Intf Addr Intf Name
---------------------------------------------------------------
202.38.160.1 Direct 3 202.38.160.1 Vlan-interface2
202.38.160.2 Neighbor 1 202.38.160.1 Vlan-interface2
Table 3-9 Description on the fields of the display ospf nexthop command
Field Description
Address Address of next hop
Type Type of next hop
Reference count of the next hop,
Refcount namely, number of routes using the next
hop
IP address of the interface to the next
Intf Addr
hop
Intf Name Interface to the next hop
nexthop Next hop
3.1.21 display ospf peer
Syntax
display ospf [ process-id ] peer [ brief | statistics ]
View
Any view
Parameter
Description
Use the display ospf peer command to display the information about OSPF peer.
3-24
Use the display ospf peer brief command to display the brief information, including
router ID, interface, and state, about every OSPF peer.
Use the display ospf peer statistics command to display the statistics of every OSPF
peer, namely, the number of peers in various states in every area.
Example
# Display the information about OSPF peer.

<Quidway> display ospf peer
Neighbors
Area 0.0.0.0 interface 10.153.17.88(Vlan-interface1)'s neighbor(s)
RouterID: 2.2.2.2 Address: 10.153.17.89
State: Full Mode: Nbr is Master Priority: 1
DR: 10.153.17.89 BDR: 10.153.17.88
Dead timer expires in 31s
Neighbor has been up for 01:14:14
Table 3-10 Description on the fields of the display ospf peer command
Field Description
RouterID Router ID of neighbor router
Address of the interface, through which
Address neighbor router communicates with the
router
State State of adjacency relation
Master/Slave mode formed by
Mode
negotiation in exchanging DD packet
Priority Priority of DR/BDR for neighbor election
DR IP address of the interface of elected DR
IP address of the interface of elected
BDR
BDR
If no hello packet is received from the
Dead timer expires in 31s peer within this interval, the peer will be
considered to be invalid.
Neighbor has been up for 01:14:14 Time of neighbor connection
# Display the brief information about every peer.

<Quidway> display ospf peer brief
Neighbor Brief Information
Area 0.0.0.1:
3-25
Router ID Address Pri DeadTime(s) Interface State

2.2.2.2 192.168.0.2 1 39 Vlan-interface 1 Full/BDR
Table 3-11 Description on the fields of the display ospf peer brief command
Field Description
Router ID Router ID of neighbor router
Address of the interface adjacent to the
Address
neighbor router
Pri Priority of neighbor router
Dead time, in seconds, of neighbor
DeadTime(s)
router
Type and number of the local router
Interface interface connected to the neighbor
router
Neighbor router states:

If the neighbor router is a designated
router, its state is displayed as
State "state/DR";
If the neighbor router is a backup
designated router, its state is displayed
as "state/BDR".
# Display OSPF peer statistics.

<Quidway> display ospf peer statistics
Neighbor Statistics
Area ID Down Attempt Init 2-Way ExStart Exchange Loading Full Total
0.0.0.1 0 0 0 0 0 0 0 1 1
Total 0 0 0 0 0 0 0 1 1
Table 3-12 Description on the fields of the display ospf peer statistics command
Field Description
Area ID Area ID
Initial state for OSPF to establish
neighbor relation, which indicates that
Down OSPF router does not receive the
message from a certain neighbor router
within a period of time
3-26
Field Description
It is enabled in an NBMA environment,
such as Frame Relay, X.25 or ATM. It
indicates that OSPF router does not
receive the message from a certain
Attempt
neighbor router within a period of time,
but still attempts to send Hello packet to
the adjacent routers for their
communications with a lower frequency.
It indicates that OSPF router has
received Hello packet from a neighbor
router, but its IP address is not
Init
contained in the Hello packet. Therefore,
a two-way communication between
them has not been established.
It indicates that a two-way
communication between OSPF router
2-Way and neighbor router has been
established. DR and BDR can be
selected in this state (or higher state).
In this state, the router determines the
sequence number of initial database
ExStart description (DD) packet used for data
exchange, so that it can obtain the latest
link state information
It indicates that OSPF router sends DD
Exchange packet to its neighbor routers to
exchange link state information
In this state, OSPF router requests

neighbor routers based on the updated
Loading link state information from neighbor
routers and its expired information, and
waits for response from neighbor routers
It indicates that database
synchronization between the routers
Full that have established neighbor relation
has been completed, and their link state
databases have been consistent
Total number of neighbors in various
Total
states
3.1.22 display ospf request-queue
Syntax
display ospf [ process-id ] request-queue
3-27
View
Any view
Parameter
Description
Use the display ospf request-queue command to display the information about the
OSPF request-queue.
Example
# Display the information about the OSPF request-queue.

<Quidway> display ospf request-queue
The Router's Neighbors is
Interface: 1.1.1.3 Area: 0.0.0.0
LSID:1.1.1.3 AdvRouter:1.1.1.3 Sequence:80000017 Age:35
Table 3-13 Description on the fields of the display ospf request-queue command
Field Description
Address neighbor routers communicate with the
router
Address of the interface on the network
Interface
segment
Area Area number of OSPF
LSID:1.1.1.3 Link State ID of the LSA
Router ID of the router that advertised
AdvRouter
the LSA
Sequence number of the LSA, used to
Sequence
discover old and repeated LSAs
Age Age of the LSA
3.1.23 display ospf retrans-queue
Syntax
display ospf [ process-id ] retrans-queue
3-28
View
Any view
Parameter
Description
Use the display ospf retrans-queue command to display the information about the
OSPF retransmission queue.
Example
# Display the information about the OSPF retransmission queue.

<Quidway> display ospf retrans-queue
Retransmit List
The Router's Neighbors is
Interface: 103.169.2.5 Area: 0.0.0.1
Retrans list:
Type: ASE LSID:129.11.77.0 AdvRouter:103.160.1.1
Type: ASE LSID:129.11.108.0 AdvRouter:103.160.1.1
Table 3-14 Description on the fields of the display ospf retrans-queue command
Field Description
Address neighbor routers communicate with the
router
Address of the interface on the network
Interface
segment
Area Area number of OSPF
Type Type of the LSA
LSID Link State ID of the LSA
Router ID of the router that advertises
AdvRouter
the LSA
3-29
3.1.24 display ospf routing
Syntax
display ospf [ process-id ] routing
View
Any view
Parameter
Description
Use the display ospf routing command to display the information about OSPF routing
table.
Example
# Display OSPF routing information.

<Quidway> display ospf routing
Routing Tables
Routing for Network
Destination Cost Type NextHop AdvRouter Area
10.110.0.0/16 1 Net 10.110.10.1 10.10.10.1 0.0.0.0
10.10.0.0/16 1 Stub 10.10.0.1 3.3.3.3 0.0.0.0
Total Nets: 2
Intra Area: 2 Inter Area: 0 ASE: 0 NSSA: 0
Table 3-15 Description on the fields of the display ospf routing command
Field Description
Destination Destination network segment
Cost Cost of route
Type Type of route

NextHop Next hop of route
AdvRouter ID of the router that advertises the route
Area Area ID
Intra Area Number of intra-area routes
Inter Area Number of inter-area routes
3-30
Field Description
ASE Number of external routes
NSSA Number of NSSA routes
3.1.25 display ospf vlink
Syntax
display ospf [ process-id ] vlink
View
Any view
Parameter
Description
Use the display ospf vlink command to display the information about OSPF virtual
links.
Example
# Display OSPF virtual link information.

<Quidway> display ospf vlink
Virtual Links
Virtual-link Neighbor-id -> 2.2.2.2, State: Full
Cost: 0 State: Full Type: Virtual
Transit Area: 0.0.0.2
Table 3-16 Description on the fields of the display ospf vlink command
Field Description
Virtual-link
Router ID of virtual-link neighbor router
Neighbor-id
State State
Interface IP address of the interface on the virtual link
Cost Route cost of the interface
Type Type: virtual link
3-31
Field Description
ID of transit area that the virtual link passes, and it cannot be
Transit Area
backbone area, STUB area, or NSSA area

3.1.26 filter-policy export
Syntax
filter-policy { acl-number | ip-prefix ip-prefix-name } export [ routing-protocol ]

undo filter-policy { acl-number | ip-prefix ip-prefix-name} export [ routing-protocol ]
View
OSPF view
Parameter
acl-number: Basic or advanced ACL number.

ip-prefix-name: Name of the address prefix list.
routing-protocol: Routing protocol advertising the routing information. At present, it can
be direct, rip, or static.
Description
Use the filter-policy export command to configure the rule for filtering the advertised
routing information by OSPF.
Use the undo filter-policy export command to cancel the filtering rule configured.
By default, no filtering of the advertised routing information is performed.
In some cases, it may be required that only the routing information meeting some
conditions can be advertised. You can use the filter-policy command to set the filtering
conditions for the routing information to be advertised. Only the routing information
passing the filtration can be advertised.
This command affects the external routes imported (with the import-route command)
by OSPF. If the routing-protocol argument is specified, this command filters only the
imported routes generated by the specified protocol, not affecting the routes generated
3-32
by any other protocol. If the routing-protocol argument is not specified, the imported
routes generated by any protocol will be filtered.
Related command: acl, ip ip-prefix.
Example
# Configure OSPF to advertise only the routing information permitted by acl 2000.
[Quidway-ospf-1] filter-policy 2000 export
3.1.27 filter-policy import
Syntax
filter-policy { acl-number | ip-prefix ip-prefix-name | gateway prefix-list-name }

import
undo filter-policy { acl-number | ip-prefix ip-prefix-name | gateway ip-prefix-name }
import
View
OSPF view
Parameter
acl-number: Basic or advanced Access control list used for filtering the destination
addresses of the routing information.
ip-prefix-name: Name of the address prefix list used for filtering the destination
addresses of the routing information.
gateway ip-prefix-name: Specifies the name of the address prefix list used for filtering
the addresses of the neighbor routers advertising the routing information.
Description
Use the filter-policy import command to configure the OSPF rules for filtering the
routing information received.
Use the undo filter-policy import command to cancel the filtering of the routing
information received.
By default, no filtering of the received routing information is performed.
In some cases, it may be required that only the routing information meeting some
conditions can be received. You can use the filter-policy command to set the filtering
3-33
conditions for the routing information to be received. Only the routing information
passing the filter can be received.
The filter-policy import command filters the routes calculated by OSPF. Only the
routes passing the filter can be added to the routing table. The routes can be filtered
based on next hop and destination address.
OSPF is a dynamic routing protocol based on link state, with routing information hidden
in LSAs. Therefore, OSPF cannot filter any advertised or received LSA. This command
is used much less in OSPF than in distance-vector routing protocols.
Example
# Filter the received routing information according to the rule defined by ACL 2000.
[Quidway-ospf-1] filter-policy 2000 import
3.1.28 import-route
Syntax
import-route protocol [ cost value | type value | tag value | route-policy

route-policy-name ]*
undo import-route protocol
View
OSPF view
Parameter
protocol: Source routing protocol whose routes will be imported. At present, it can be
direct, mip, rip, static, ospf-ase, and ospf-nssa.
route-policy route-policy-name: Imports only the routes matching the specified
route-policy.
cost value: Specifies the cost of imported external routes.
type value: Specifies the cost type of imported external routes. The value ranges from
1 to 2.
tag value: Specifies the tag of imported external routes.
Description
Use the import-route command to import external routes.
3-34
Use the undo import-route command to cancel the importing of external routes.
Note:
You are recommended to configure the route type, cost and tag together in one
command. When you configure them individually, the new configuration for an attribute
will overwrite the old configuration for the attribute.
By default, the routing information of other protocols is not imported.
Example
# Configure to import RIP routes as type-2 routes, with the route tag of 33 and the route
cost of 50.
[Quidway] ospf 1
[Quidway-ospf-1] import-route rip type 2 tag 33 cost 50
3.1.29 log-peer-change
Syntax
log-peer-change
View
OSPF view
Parameter
None
Description
Use the log-peer-change command to enable OSPF to log OSPF peer status
changes.
Example
# Enable OSPF to log peer status changes.

[Quidway] ospf 1
[Quidway-ospf-1] log-peer-change
3-35
3.1.30 multi-path-number
Syntax
multi-path-number value
View
OSPF view
Parameter
value: Number of equivalent routes, ranging from 1 to 3.
Description
Use the multi-path-number command to set the number of OSPF equivalent routes.
Example
# Set the number of OSPF equivalent routes to 2.

[Quidway] ospf 1
[Quidway-ospf-1] multi-path-number 2
3.1.31 network
Syntax
network ip-address ip-mask

undo network ip-address ip-mask
View
OSPF Area view
Parameter
ip-address: Address of the network segment where the interface resides.

ip-mask: IP address wildcard shielded text (similar to the complement of the IP address
mask).
Description
Use the network command to enable an interface to run the OSPF protocol.
Use the undo network command to disable an interface from running OSPF.
By default, the interface does not belong to any area.
3-36
To run OSPF on an interface, the master IP address of this interface must be in the
range of the network segment specified by this command. If only the slave IP address
of the interface is in the range of the network segment specified by this command, this
interface will not run OSPF.
Related command: ospf.
Example
# Specify the interfaces whose master IP addresses are in the segment range of
10.110.36.0 to run OSPF and specify the number of the OSPF area (where these
interfaces reside) as 6.
[Quidway] ospf 1
[Quidway-ospf-1-area-0.0.0.6] network 10.110.36.0.0 0.0.0.255
3.1.32 nssa
Syntax
nssa [ default-route-advertise | no-import-route | no-summary ]*

undo nssa
View
OSPF Area view
Parameter
default-route-advertise: Imports the default route to the NSSA area.

no-import-route: Specifies not to import route to the NSSA area.
no-summary: An ABR is disabled from transmitting summary_net LSAs to the NSSA
area.
Description
Use the nssa command to configure an OSPF area as an NSSA area.

Use the undo nssa command to cancel the function.
By default, no NSSA area is configured.
For all the routers connected to the NSSA area, the nssa command must be used to
configure the area as the NSSA attribute.
The default-route-advertise argument is used to generate the default type-7 LSA. No
matter whether the route 0.0.0.0 exists in the routing table on the ABR, the type-7 LSA
3-37
default route will always be generated. The type-7 LSA default route is generated only
when the route 0.0.0.0 exists in the routing table on the ASBR.
On the ASBR, if the no-import-route argument is provided, the external route imported
by OSPF with the import-route command will not be advertised to NSSA area.
Example
# Configure area 1 as NSSA area.

[Quidway] ospf 1
[Quidway-ospf-1-area-0.0.0.1] nssa
3.1.33 ospf
Syntax
ospf [ process-id [ router-id router-id ] ]

undo ospf [ process-id ]
View
System view
Parameter
process-id: OSPF Process ID, ranging from 1 to 65535. By default, the process ID is 1.
process-id is locally significant.
router-id: Router ID used by an OSPF process, in dotted decimal notation.
Description
Use the ospf command to enable OSPF

Use the undo ospf command to disable OSPF
After OSPF is enabled, you can perform the related configuration in OSPF view.
By default, the system does not run OSPF.
Related command: network.
Example
# Enable OSPF.
[Quidway] router id 10.110.1.8
3-38
[Quidway] ospf
[Quidway-ospf-1]
# Enable the running of the OSPF protocol with process ID specified as 120.
[Quidway] ospf 120
[Quidway-ospf-120]
3.1.34 ospf authentication-mode
Syntax
ospf authentication-mode { simple password | md5 key-id key }

undo ospf authentication-mode { simple | md5 }
View
Interface view
Parameter
simple password: Uses plain text authentication. The password argument is a string of
up to eight characters.
key-id: ID of the authentication key in MD5 authentication mode, ranging from 1 to 255.
key: MD5 authentication key. If it is input in a plain text form, MD5 key is a string of 1 to
16 characters. It is displayed in a cipher text form with 24 characters in length when the
display current-configuration command is executed. Inputting the MD5 key in a
cipher text form with 24 characters in length is also supported.
Description
Use the ospf authentication-mode command to configure the authentication mode

and key between adjacent routers.
Use the undo ospf authentication-mode command to cancel the authentication key
that has been set.
By default, the interface does not authenticate the OSPF packets.
The passwords for authentication keys of the routers on the same network segment
must be identical. In addition, you need to use the authentication-mode command to
set the authentication type of the area, so as to validate the configuration.
Related command: authentication-mode.
Example
# Configure area 1 where the network segment 131.119.0.0 of interface Vlan-interface

10 resides to support MD5 cipher text authentication. Set the authentication key
identifier to 15 and the authentication key to Huawei.
3-39
[Quidway] ospf 1
[Quidway-ospf-1-area-0.0.0.1] authentication-mode md5
[Quidway-Vlan-interface10] ospf authentication-mode md5 15 Huawei
3.1.35 ospf cost
Syntax
ospf cost value

undo ospf cost
View
Interface view
Parameter
value: Cost for running OSPF protocol, ranging from 1 to 65,535.
Description
Use the ospf cost command to configure different packets sending costs so as to send
packets from different interfaces.
Use the undo ospf cost command to restore the default costs.
For the switch, the default cost for running OSPF protocol on a VLAN interface is 10.
Example
# Specify the cost spent when an interface runs OSPF as 33.

[Quidway-Vlan-interface10] ospf cost 33
3.1.36 ospf dr-priority
Syntax
ospf dr-priority priority

undo ospf dr-priority
View
Interface view
3-40
Parameter
priority: Interface priority for electing the "designated router", ranging from 0 to 255. The
default value is 1.
Description
Use the ospf dr-priority command to configure the priority for electing the "designated
router" on an interface.
Use the undo ospf dr-priority command to restore the default value.
The priority of the interface determines the qualification of the interface when the
"designated router" is elected. The interface with higher priority will be preferred when
the election conflict occurs.
Example
# Set the priority of the interface Vlan-interface 10 to 8 during DR election.

[Quidway-Vlan-interface10] ospf dr-priority 8
3.1.37 ospf mib-binding
Syntax
ospf mib-binding process-id

undo ospf mib-binding
View
System view
Parameter
process-id: OSPF Process ID. It ranges from 1 to 65535 and defaults to 1.
Description
Use the ospf mib-binding command to bind MIB operation to the specified OSPF
process.
Use the undo ospf mib-binding command to restore the default settings.
When OSPF enables the first process, OSPF always binds MIB operation to this
process. You can use this command to bind MIB operation to another OSPF process.
To cancel the binding, use the undo ospf mib-binding command. OSPF will
automatically re-bind MIB operation to the first process that it enables.
By default, MIB operation is bound to the OSPF process enabled first.
3-41
Example
# Bind MIB operation to OSPF process 100.

[Quidway] ospf mib-binding 100
# Bind MIB operation to OSPF process 200.

[Quidway] ospf mib-binding 200
# Cancel the binding of MIB operation.

[Quidway] undo ospf mib-binding
3.1.38 ospf mtu-enable
Syntax
ospf mtu-enable
undo ospf mtu-enable
View
Interface view
Parameter
None.
Description
Use the ospf mtu-enable command to enable the interface to write MTU value when
sending DD packets.
Use the undo ospf mtu-enable command to restore the default settings.
By default, the MTU value is 0 when sending DD packets. That is, the actual MTU value
of the interface is not written.
Database Description (DD) packets are used to describe its own LSDB when the router
running OSPF protocol is synchronizing the database.
The default MTU value of DD packet is 0. You can use this command to configure the
specified interface manually to write the MTU value area in DD packets when sending
DD packets. That is, the actual MTU value of the interface is written in.
Example
# Configure interface Vlan-interface 3 to write MTU value area when sending DD

packets.
3-42

[Quidway-Vlan-interface3] ospf mtu-enable
3.1.39 ospf network-type
Syntax
ospf network-type { broadcast | nbma | p2mp | p2p }

undo ospf network-type
View
Interface view
Parameter
broadcast: Changes the interface network type to broadcast.

nbma: Changes the interface network type to NBMA.
p2mp: Changes the interface network type to point-to-multipoint.
p2p: Changes the interface network type to point-to-point.
Description
Use the ospf network-type command to configure the network type of OSPF interface.
Use the undo ospf network-type command to restore the default network type of the
OSPF interface.
OSPF divides networks into four types based on link layer protocol:
z Broadcast: If Ethernet or FDDI is adopted, OSPF defaults the network type to
broadcast.
z Non-Broadcast Multi-access (nbma): If Frame Relay, ATM, HDLC or X.25 is
adopted, OSPF defaults the network type to NBMA.
z Point-to-Multipoint (p2mp): OSPF will not default the network type of any link layer
protocol to p2mp. The general undertaking is to change a partially connected
NBMA network to p2mp network if the NBMA network is not fully-meshed.
z Point-to-point (p2p): If PPP, LAPB or POS is adopted, OSPF defaults the network
type to p2p.
If there is any router not supporting multicast addresses on a broadcast network, the
network type of the interface can be changed to NBMA. Alternatively, the network type
of the interface can be changed from NBMA to broadcast.
For a non-broadcast multi-accessible network to be of NBMA type, any two routers in
the network must be directly reachable to each other through a virtual circuit. In other
words, the network must be fully-meshed.
For a network not meeting this condition, the network type of the interface must be
changed to point-to-multipoint. In this way, routing information can be exchanged
3-43
between two routers not directly reachable to each other through another router that is
directly reachable to the two routers.
If only two routers run OSPF in the same network segment, the network type of the
interface can also be changed to point-to-point.
Note that you must use the peer command to configure the peer if the network type of
the interface is NBMA or manually changed to NBMA with the ospf network-type
command.
Related command: ospf dr-priority.
Example
# Set the interface Vlan-interface 10 to NBMA type.

[Quidway-Vlan-interface10] ospf network-type nbma
3.1.40 ospf timer dead
Syntax
ospf timer dead seconds

undo ospf timer dead
View
Interface view
Parameter
seconds: Dead interval of the OSPF neighbor. It is in seconds and ranges from 1 to
65535.
Description
Use the ospf timer dead command to configure the dead interval of the OSPF peer.
Use the undo ospf timer dead command to restore the default value of the dead
interval of the peer.
By default, the dead interval is 40 seconds for the OSPF peers of p2p and broadcast
interfaces and is 120 seconds for those of p2mp and nbma interfaces.
The dead interval of OSPF peers means that, within this interval, if no Hello message is
received from the peer, the peer will be considered to be invalid. The value of dead
seconds should be at least four times of that of the Hello seconds. The dead seconds
for the routers on the same network segment must be identical.
Related command: ospf timer hello.
3-44
Example
# Set the peer dead interval on the interface Vlan-interface 10 to 80 seconds.

[Quidway-Vlan-interface10] ospf timer dead 80
3.1.41 ospf timer hello
Syntax
ospf timer hello seconds

undo ospf timer hello
View
Interface view
Parameter
seconds: Interval, in seconds, at which an interface transmits hello packet. It ranges

from 1 to 255.
Description
Use the ospf timer hello command to configure the interval for transmitting Hello
messages on an interface.
Use the undo ospf timer hello command to restore the interval to the default value.
By default, the interval is 10 seconds for an interface of p2p or broadcast type to
transmit Hello messages, and 30 seconds for an interface of p2mp or nbma type.
Related command: ospf timer dead.
Example
# Configure the interval of transmitting Hello messages on the interface Vlan-interface

10 to 20 seconds.
[Quidway-Vlan-interface10] ospf timer hello 20
3.1.42 ospf timer poll
Syntax
ospf timer poll seconds
3-45
undo ospf timer poll
View
Interface view
Parameter
seconds: Poll Hello interval in seconds. It ranges from 1 to 65535 and defaults to 40.
Description
Use the ospf timer poll command to configure the poll Hello packet interval on NBMA
and p2mp network.
Use the undo ospf timer poll command to restore the default poll interval.
On an NBMA or p2mp network, if a neighbor becomes invalid, Hello packet will be
transmitted at the interval of poll seconds. You can configure the poll seconds to
specify how often the interface transmits Hello packet before it establishes adjacency
with the adjacent router. Poll seconds should be no less than 3 times of Hello.
Example
# Configure to transmit poll Hello packet through interface Vlan-interface 20 every 130
seconds.
[Quidway-Vlan-interface20] ospf timer poll 130
3.1.43 ospf timer retransmit
Syntax
ospf timer retransmit interval

undo ospf timer retransmit
View
Interface view
Parameter
interval: Interval, in seconds, for retransmitting LSA on an interface. It ranges from 1 to

Description
Use the ospf timer retransmit command to configure the interval for LSA
retransmission on an interface.
3-46
Use the undo ospf timer retransmit command to restore the default interval value for
LSA retransmission on the interface.
If a router running OSPF transmits a "link state advertisement" (LSA) to the peer, it
needs to wait for the acknowledgement packet from the peer. If no acknowledgement is
received from the peer within the LSA retransmission interval, this LSA will be
retransmitted.
The LSA retransmit between adjacent routers should not be set too short; otherwise,
unexpected retransmission will occur (See RFC2328).
Example
# Specify the retransmit for LSA transmission between the interface Vlan-interface 10
and the adjacent routers to 12 seconds.
[Quidway-Vlan-interface10] ospf timer retransmit 12
3.1.44 ospf trans-delay
Syntax
ospf trans-delay seconds

undo ospf trans-delay
View
Interface view
Parameter
seconds: LSA transmission delay on an interface. It ranges from 1 to 3,600 and defaults
to 1 (in seconds).
Description
Use the ospf trans-delay command to configure the LSA transmission delay on an
interface.
Use the undo ospf trans-delay command to restore the default LSA transmission
delay on an interface.
LSA ages in the "link state database" (LSDB) of the router as time goes by (1 added
every second), but it does not age during network transmission. Therefore, it is
necessary to add a period of time set by this command to the aging time of LSA before
transmitting it.
3-47
Example
# Specify the trans-delay of transmitting LSA on the interface Vlan-interface 10 as 3

seconds.
[Quidway-Vlan-interface10] ospf trans-delay 3
3.1.45 peer
Syntax
peer ip-address [ dr-priority dr-priority ]

undo peer ip-address
View
OSPF view
Parameter
ip-address: IP address of the peer.

dr-priority: Value of the corresponding priority of a neighbor in the NBMA network. It
ranges from 0 to 255 and defaults to 1.
Description
Use the peer command to configure the IP address of the neighbor router and specify
DR priority on an NBMA network.
Use the undo peer command to cancel this configuration.
Example
# Configure the IP address of the neighbor router as 10.1.1.1.

[Quidway] ospf 1
[Quidway-ospf-1] peer 10.1.1.1
3.1.46 preference
Syntax
preference [ ase ] value

undo preference [ ase ]
3-48
View
OSPF view
Parameter
value: OSPF protocol route preference, ranging from 1 to 255.

ase: Indicates the preference of an imported external route of the AS.
Description
Use the preference command to configure the preference of an OSPF protocol route.
Use the undo preference command to restore the default value of the OSPF protocol
route.
By default, the preference of an OSPF protocol internal route is 10 and the preference
of an external route is 150.
Because multiple dynamic routing protocols could be running on a router, there is the
problem of routing information sharing among routing protocols and selection.
Therefore, a default preference is specified for each routing protocol. When a route is
identified by different protocols, the protocol with the highest preference selected for
forwarding IP packets.
Example
# Specify the preference of an imported external route of the AS as 160.

[Quidway] ospf 1
[Quidway-ospf-1] preference ase 160
3.1.47 reset ospf
Syntax
reset ospf [ statistics ] { all | process-id }
View
User view
Parameter
all: Resets all OSPF processes.

process-id: OSPF Process ID, ranging from 1 to 65535. If this argument is not specified,
all OSPF processes will be reset.
statistics: Resets OSPF statistics.
3-49
Description
Use the reset ospf all command to reset all OSPF processes.
Use the reset ospf process-id command to reset the specified OSPF process and
clear the statistics.
After you use this command to reset an OSPF process:
z Invalid LSA is cleared immediately before LSA times out.
z A new Router ID takes effect if the Router ID changes.
z DR and BDR are re-elected conveniently.
z OSPF configuration before the restart will not lose.
After this command is issued, the system will prompt you to confirm whether to
re-enable OSPF.
Example
# Reset all the OSPF processes.

<Quidway> reset ospf all
# Reset OSPF process 200.

<Quidway> reset ospf 200
3.1.48 router id
Syntax
router id router-id
undo router id
View
System view
Parameter
router-id: Router ID, in dotted decimal notation.
Description
Use the router id command to configure the ID of a router running the OSPF protocol.
Use the undo router id command to cancel the router ID that has been set.
By default, if a LoopBack interface address exists, the system chooses the LoopBack
address with the greatest IP address value as the router ID. If no LoopBack interface is
configured, the address of the physical interface with the greatest IP address value will
be the router ID.
Router ID is a 32-bit unsigned integer that uniquely identifies a router in an OSPF
autonomous system. You can specify the ID for a router. If you do not specify a router
3-50
ID, the router will automatically select one from configured IP addresses as the ID of
this router. If no IP address is configured for any interface of the router, the router ID
must be configured in OSPF view. Otherwise, OSPF protocol cannot be enabled.
When the router ID is configured manually, the IDs of any two routers cannot be same
in the autonomous system. Thus, you can select the IP address of an interface as the
ID of this router.
Note:
A modified router ID takes effect only after OSPF is re-enabled.
Related command: ospf.
Example
# Set the router ID to 10.1.1.3.

3.1.49 silent-interface
Syntax
silent-interface silent-interface-type silent-interface-number

undo silent-interface silent-interface-type silent-interface-number
View
OSPF view
Parameter
silent-interface-type: Interface type

silent-interface-number: Interface number.
Description
Use the silent-interface command to disable an interface from transmitting OSPF

packet.
Use the undo silent-interface command to restore the default setting.
By default, the interface is enabled to transmit OSPF packet.
To prevent the router on some network from receiving the OSPF routing information,
you can use this command to disable this interface from transmitting OSPF packet. On
3-51
the switch, this command can be used to enable/disable OSPF packet transmission
through the specified VLAN interface.
Example
# Disable interface Vlan-interface 20 from transmitting OSPF packet.

[Quidway] ospf 1
[Quidway-ospf-1] silent-interface Vlan-interface 20
3.1.50 snmp-agent trap enable ospf
Syntax
snmp-agent trap enable ospf [ process-id ] [ ifstatechange | iftxretransmit |

virifstatechange | nbrstatechange | virnbrstatechange | ifcfgerror | virifcfgerror |
ifauthfail | virifauthfail | ifrxbadpkt | virifrxbadpkt | viriftxretransmit | originatelsa |
maxagelsa | lsdboverflow | lsdbapproachoverflow ]
undo snmp-agent trap enable ospf [ process-id ] [ ifstatechange | iftxretransmit |
virifstatechange | nbrstatechange | virnbrstatechange | ifcfgerror | virifcfgerror |
ifauthfail | virifauthfail | ifrxbadpkt | virifrxbadpkt | viriftxretransmit | originatelsa |
maxagelsa | lsdboverflow | lsdbapproachoverflow ]*
View
System view
Parameter
ifstatechange, virifstatechange, nbrstatechange, virnbrstatechange, ifcfgerror,
virifcfgerror, ifauthfail, virifauthfail, ifrxbadpkt, virifrxbadpkt, iftxretransmit,
viriftxretransmit, originatelsa, maxagelsa, lsdboverflow, lsdbapproachoverflow:
Types of TRAP packets that the switch produces in case of OSPF anomalies.
Description
Use the snmp-agent trap enable ospf command to enable the OSPF TRAP function.
Use the undo snmp-agent trap enable ospf command to disable the OSPF TRAP
function.
This command does not apply to the OSPF processes that are started after the
command is executed.
By default, the switch does not send TRAP packets in case of OSPF anomalies.
3-52
For detailed configuration of SNMP TRAP, refer to section "System Management" in

this manual.
Example
# Enable the TRAP function for OSPF process 100.

[Quidway] snmp-agent trap enable ospf 100
3.1.51 spf-schedule-interval
Syntax
spf-schedule-interval interval
undo spf-schedule-interval
View
OSPF view
Parameter
interval: SPF calculation interval of OSPF, in seconds. It ranges from 1 to 10 and

defaults to 5.
Description
Use the spf-schedule-interval command to configure the route calculation interval of

OSPF.
Use the undo spf-schedule-interval command to restore the default setting.
According to the Link State Database (LSDB), the router running OSPF can calculate
the shortest path tree taking itself as the root and determine the next hop to the
destination network according to the shortest path tree. Adjusting SPF calculation
interval restrains frequent network changes, which may occupy too many bandwidth
resources and router resources.
Example
# Set the OSPF route calculation interval of Quidway to 6 seconds.

[Quidway] ospf 1
[Quidway-ospf-1] spf-schedule-interval 6
3-53
3.1.52 stub
Syntax
stub [ no-summary ]
undo stub
View
OSPF Area view
Parameter
no-summary: Disables an ABR from transmitting Summary LSAs to the STUB area.
Description
Use the stub command to configure the type of an OSPF area as "stub".
Use the undo stub command to cancel the settings.
By default, no area is set to be the STUB area.
If the router is an ABR, it will send a default route to the connected stub area . Use the
default-cost command to configure the default route cost. In addition, you can specify
the no-summary argument in the stub command to disable the receiving of type-3
LSAs by the stub area connected to the ABR.
Related command: default-cost.
Example
# Set the type of OSPF area 1 to STUB.

[Quidway] ospf 1
[Quidway-ospf-1-area-0.0.0.1] stub
3.1.53 vlink-peer
Syntax
vlink-peer router-id [ hello seconds | retransmit seconds | trans-delay seconds |

dead seconds | simple password | md5 keyid key ]*
undo vlink-peer router-id
View
OSPF Area view
3-54
Parameter
route-id: Router ID of virtual link peer.

hello seconds: Specifies the interval, in seconds, at which the router transmits hello
packet. It ranges from 1 to 8192 and defaults to 10. This value must equal the hello
seconds value of the router virtually linked to the interface.
retransmit seconds: Specifies the interval, in seconds, for retransmitting the LSA
packets on an interface. It ranges from 1 to 8192 and defaults to 5.
trans-delay seconds: Specifies the delay, in seconds, for transmitting LSA packets on
an interface. It ranges from 1 to 8192 and defaults to 1.
dead seconds: Specifies the interval, in seconds, of death timer. It ranges from 1 to
8192 and defaults to 40. This value must equal the dead seconds of the router virtually
linked to it and must be at least four times of the hello seconds.
simple password: Specifies the simple text authentication password, which contains up
to eight characters, of the interface. This value must equal the authentication key of the
virtually linked peer.
keyid: MD5 authentication key ID. It ranges from 1 to 255. It must be equal to the
authentication key ID of the virtually linked peer.
key: MD5 authentication key. If you use simple text authentication key, you can input a
string containing 1 to 16 characters. When you use the display current-configuration
command to display system information, the MD5 authentication key is displayed in the
form of cipher text with a length of 24 characters. Inputting the key in the form of cipher
text with a length of 24 characters is also supported.
Description
Use the vlink-peer command to create and configure a virtual link.

Use the undo vlink-peer command to cancel an existing virtual link.
According to RFC2328, an OSPF area must be connected to the backbone network.
You can use the vlink-peer command to keep the connectivity. Virtual link can be
regarded as a common interface that uses OSPF because the principle for configuring
the parameters such as hello, retransmit, and trans-delay on it is similar.
Note that, when configuring virtual link authentication, you use the
authentication-mode command to specify the authentication mode as MD5 cipher
text or simple text on the backbone network.
Related command: authentication-mode, display ospf.
Example
# Create a virtual link to 10.110.0.3 and use the MD5 cipher authentication mode.
3-55
[Quidway] ospf 1
[Quidway-ospf-1] area 10.0.0.0
[Quidway-ospf-1-area-10.0.0.0] vlink-peer 10.110.0.3 md5 3 345
3-56
Command Manual – Routing Protocol Chapter 4 IP Routing Policy Configuration
Chapter 4 IP Routing Policy Configuration

Commands
Note:
4.1 IP Routing Policy Configuration Commands

4.1.1 apply cost
Syntax
apply cost value

undo apply cost
View
Route policy view
Parameter
value: Route cost value of route information.
Description
Use the apply cost command to configure the route cost value of route information.
Use the undo apply cost command to cancel the apply clause.
By default, no apply clause is defined.
An apply clause of Route-policy sets the cost of the routes passing the filtering.
Related command: if-match interface, if-match acl, if-match ip-prefix, if-match ip
next-hop, if-match cost, if-match tag, route-policy, and apply tag.
Example
# Define an apply clause. When it is used for setting route information attribute, it sets
the route cost value of route information as 120.
4-1
[Quidway] route-policy policy permit node 1
%New sequence of this list
[Quidway-route-policy] apply cost 120
4.1.2 apply tag
Syntax
apply tag value

undo apply tag
View
Route policy view
Parameter
value: Tag value of route information.
Description
Use the apply tag command to configure to set the tag area of route information.
Use the undo apply tag command to cancel the apply clause.
next-hop, if-match cost, if-match tag, route-policy, and apply cost.
Example
# Define an apply clause. When it is used for setting route information attribute, it sets
the tag area of route information as 100.
[Quidway-route-policy] apply tag 100
4.1.3 display ip ip-prefix
Syntax
display ip ip-prefix [ ip-prefix-name ]
View
Any view
4-2
Parameter
ip-prefix-name: Name of the address prefix list to be displayed.
Description
Use the display ip ip-prefix command to display an address prefix list.

Related command: ip ip-prefix.
Example
# Display the information about the address prefix list named p1.
[Quidway-route-policy] apply tag 100
Table 4-1 Description on the fields of the display ip ip-prefix command
Field Description
name Name of ip-prefix
index Internal sequence number of ip-prefix

conditions Mode: permit or deny
Address and network segment length of
ip-prefix / mask
ip-prefix
Greater-equal value of ip-prefix network
GE
segment length
Less-equal value of ip-prefix network
LE
segment length
4.1.4 display route-policy
Syntax
display route-policy [ route-policy-name ]
View
Any view
Parameter
route-policy-name: Name of the route-policy .to be displayed.
4-3
Description
Use the display route-policy command to display the configured Route-policy.

If you do not specify a route policy name, this command displays all route-policies
configured.
Related command: route-policy.
Example
# Display the information about Route-policy named policy1.

<Quidway> display route-policy policy1
Route-policy : policy1
Permit 10 : if-match (ip-prefix) p1
apply cost 100
matched : 0 denied : 0
Table 4-2 Description on the fields of the display route-policy command
Field Description
Route-policy Name of ip-prefix
Information about the route-policy with the mode configured as

permit and the node as 10:
if-match
if-match clause configured
(prefixlist) p1
Apply routing cost 100 to the routes matching
Permit 10 apply cost 100
the conditions defined by if-match clause
Number of routes matching the conditions set
matched
by if-match clause
Number of routes not matching the conditions
denied
set by if-match clause
4.1.5 if-match acl
Syntax
if-match { acl acl-number | ip-prefix ip-prefix-name }

undo if-match { acl | ip-prefix }
View
Route policy view
Parameter
acl-number: Number of the ACL used for filter
4-4
ip-prefix-name: Name of the prefix address list used for filter
Description
Use the if-match { acl | ip-prefix } command to configure a rule for the route-policy and
specify an matching IP address range.
Use the undo if-match { acl | ip-prefix } command to cancel the setting of the rule.
The if-match { acl | ip-prefix } command implements a filter by referencing an ACL or a
prefix address list.
Related command: if-match interface, if-match ip next-hop, if-match cost, if-match
tag, route-policy, apply cost, and apply tag.
Example
# Define an if-match clause. When the clause is used for filtering route information, the
route information filtered by route destination address through address prefix list p1 is
permitted to pass the if-match clause.
[Quidway-route-policy] if-match ip-prefix p1
4.1.6 if-match cost
Syntax
if-match cost value

undo if-match cost
View
Route policy view
Parameter
value: Route cost value, ranging from 0 to 4,294,967,295.
Description
Use the if-match cost command to configure one of the match rules of the route-policy
to match the cost of routing information.
Use the undo if-match cost command to cancel the configuration of the match rule.
By default, no if-match clause is defined.
An if-match clause of the route-policy specifies the route cost of the routing information
meeting the condition.
4-5

next-hop, if-match tag, route-policy, apply cost, and apply tag.
Example
# Define an if-match clause and allow the routing information with a routing cost of 8 to
pass this if-match clause.
[Quidway-route-policy] if-match cost 8
4.1.7 if-match interface
Syntax
if-match interface { interface-type interface-number }

undo if-match interface
View
Route policy view
Parameter

Description
Use the if-match interface command to configure to match the route whose next hop
is the designated interface.
Use the undo if-match interface command to cancel the setting of matching condition.
As an if-match clause of route-policy, it matches the corresponding interface of route
next hop when filtering route.
Related command: if-match acl, if-match ip-prefix, if-match ip next-hop, if-match
cost, if-match tag, route-policy, apply cost, and apply tag.
Example
# Define an if-match clause to match the route whose next hop interface is
Vlan-interface 1
4-6

[Quidway-route-policy] if-match interface Vlan-interface 1
4.1.8 if-match ip next-hop
Syntax
if-match ip next-hop { acl acl-number | ip-prefix ip-prefix-name }

undo if-match ip next-hop [ ip-prefix ]
View
Route policy view
Parameter
acl-number: Number of the ACL used for filter. It ranges from 2,000 to 2,999.
ip-prefix-name: Name of the prefix address list used for filter.
Description
Use the if-match ip next-hop command to configure one of the match rules of
route-policy on the next hop address of the routing information.
Use the undo if-match ip next-hop command to cancel the setting of ACL matching
condition.
Use the undo if-match ip next-hop ip-prefix command to cancel the setting of
address prefix list matching condition.
An if-match clause of route-policy is used to specify the next hop matching the routing
information when filtering the routes. It performs filter by referencing an ACL or an
address prefix list.
Related command: if-match interface, if-match acl, if-match ip-prefix, if-match
cost, if-match tag, route-policy, apply cost, and apply tag.
Example
# Define an if-match clause. It permits the routing information whose route next hop
address filtered through prefix address list p1 to pass this if-match clause.
[Quidway-route-policy] if-match ip next-hop ip-prefix p1
4-7
4.1.9 if-match tag
Syntax
if-match tag value

undo if-match tag
View
Route policy view
Parameter
value: Tag field value.
Description
Use the if-match tag command to configure to match the tag field of route information.
Use the undo if-match tag command to cancel the existing matching rules.
next-hop, if-match cost, route-policy, apply cost, and apply tag.
Example
# Define an if-match clause to permit the OSPF route information whose tag value is 8
to pass the if-match clause.
[Quidway-route-policy] if-match tag 8
4.1.10 ip ip-prefix
Syntax
ip ip-prefix ip-prefix-name [ index index-number ] { permit | deny } network len

[ greater-equal greater-equal | less-equal less-equal ] *
undo ip ip-prefix ip-prefix-name [ index index-number | permit | deny ]
View
System view
Parameter
ip-prefix-name: Name of address prefix list. It identifies an address prefix list uniquely.
4-8
index-number: Identifier of an item in the prefix address list. The item with a smaller
index-number will be tested first.
permit: Specifies the match mode of the defined address prefix list items as permit
mode. If the permit mode is specified and the IP address to be filtered is in the ip-prefix
range specified by the item, the item is filtered through and the next item is not tested. If
the IP address to be filtered is not in the ip-prefix range specified by the item, the next
item is tested
deny: Specifies the match mode of the defined address prefix list items as deny mode.
If the deny mode is specified and the IP address to be filtered is in the ip-prefix range
specified by the item, the item is not filtered through and the next item is not tested;
otherwise, the next item is tested.
network: IP address prefix range (IP address). If it is specified as 0.0.0.0 0, all the IP
addresses are matched.
len: IP address prefix range (mask length). If it is specified as 0.0.0.0 0, all the IP
addresses are matched.
greater-equal, less-equal: Address prefix range [greater-equal, less-equal] to be
matched after the address prefix network len has been matched. The meaning of
greater-equal is "greater than or equal to" , and the meaning of less-equal is "less
than or equal to". The range is len <= greater-equal <= less-equal <= 32. When only
greater-equal is used, it denotes the prefix range [greater-equal, 32]. When only
less-equal is used, it denotes the prefix range [len, less-equal].
Description
Use the ip ip-prefix command to configure an address prefix list or one of its items.
Use the undo ip ip-prefix command to delete an address prefix list or one of its items.
An address prefix list is used for IP address filtering. An address prefix list may contain
several items, and each item specifies one address prefix range. The inter-item filtering
relation is "OR". That is, passing an item means filtering through this address prefix list.
Not filtering through any item means not filtering through this prefix address list.
The address prefix range may contain two parts, which are determined by len and
[greater-equal, less-equal], respectively. If the prefix ranges of these two parts are both
specified, the IP to be filtered must match the prefix ranges of these two parts.
If you specify network len as 0.0.0.0 0, it matches the default route only.
Example
# Define an ip-prefix named p1 to permit only the routes whose mask lengths are 17 or
18 on network segment 10.0.192.0 8 to pass.
[Quidway] ip ip-prefix p1 permit 10.0.192.0 8 greater-equal 17 less-equal 18
4-9
4.1.11 route-policy
Syntax
route-policy route-policy-name { permit | deny } node { node-number }

undo route-policy route-policy-name [ permit | deny | node node-number ]
View
System view
Parameter
route-policy-name: Name of the Route-policy that identifies a Route-policy uniquely.

permit: Specifies the match mode of the defined Route-policy node as permit mode.
When a route entry meets all the if-match clauses of the node, the entry is permitted to
filter through the node and the apply clause of the node will be performed. If a route
entry does not meet the if-match clause of the node, the next node of the route-policy
will be tested.
deny: Specifies the match mode of the defined Route-policy node as deny mode.
When a route entry meets all the if-match clauses of the node, the entry is prohibited
from filtering through the node and the next node will not be tested.
node: Specifies the node of the route policy.
node-number: Index of the node in the route-policy. When this route-policy is used for
routing information filter, the node with smaller node-number will be matched first.
Description
Use the route-policy command to enter the Route-policy view.

Use the undo route-policy command to delete the created Route-policy.
By default, no Route-policy is defined.
Route-policy is used for route information filter or route policy. A Route-policy
comprises some nodes and each node comprises some if-match clauses and apply
clauses.
An if-match clause defines the match rules of this node. An apply clause defines the
actions after filtering through this node. The filtering relationship between the if-match
clauses of the node is "and". That is, all if-match clauses of the node must be met.
The filtering relation between Route-policy nodes is "OR". That is, filtering through one
node means filtering through this Route-policy. If the information does not filter through
any node, it cannot filter through this Route-policy.
next-hop, if-match cost, if-match tag, apply cost, and apply tag.
4-10
Example
# Configure Route-policy policy1, with the node number of 10 and the match mode of
permit, and enter Route policy view.
[Quidway] route-policy policy1 permit node 10
[Quidway-route-policy]
4-11
Command Manual – Routing Protocol Chapter 5 Route Capacity Configuration
Chapter 5 Route Capacity Configuration

Commands
Note:
5.1 Route Capacity Configuration Commands

5.1.1 display memory
Syntax
display memory [ unit unit-id ]
Mode
Any view
Parameter
unit-id: Unit ID.
Description
Use the display memory command to display the memory setting.
Example
# Display the current memory setting of the switch.

<Quidway> display memory
Unit 1
System Available Memory(bytes): 33631488
System Used Memory(bytes): 16122304
Used Rate: 47%
The following table shows describes the fields of the command:
5-1
Table 5-1 Description on the fields of the display memory command
Field Description
Unit Specifies a Unit ID
System Available Memory(bytes) Free memory size, in bytes, of the switch
Occupied memory size, in bytes, of the
System Used Memory(bytes)
switch
Used Rate Memory occupation rate
5.1.2 display memory limit
Syntax
display memory limit
Mode
Any view
Parameter
None
Description
Use the display memory limit command to display the memory setting and state
information related to route capacity.
This command displays the current memory limit configuration, free memory, and state
information about connections, such as times of disconnection, times of reconnection,
and whether the current state is normal.
Example
# Display the current memory setting and state information.

<Quidway> display memory limit
Current memory limit configuration information:
system memory safety: 5 (MBytes)
system memory limit: 4 (MBytes)
auto-establish enabled
Free Memory: 17506496 (Bytes)
The state information about connection:

The times of disconnect: 0
The times of reconnect: 0
5-2
The current state: Normal
The information displayed by this command includes Ethernet switch memory limit,
size of free memory, times of disconnection, times of reconnection, and the current
state.
The following table describes the fields of the command:
Table 5-2 Description on the fields of the display memory limit command
Field Description
memory safety Safety value of the switch memory.
memory limit Lower limit of the switch memory.
Automatic connection restoration is
enabled (If automatic connection
memory auto-establish enabled
restoration is disabled, "auto-establish
disabled" is displayed).
Free Memory Size of the current free memory in bytes
The times of the disconnection of the
routing protocol is 0.
The times of reconnection of the routing
protocol is 0.
The current state is normal (If the current
The current state: Normal state is emergent, "Exigence" is
displayed).
5.1.3 memory auto-establish disable
Syntax
memory auto-establish disable
View
System view
Parameter
None
Description
Use the memory auto-establish disable command to disable the automatic

restoration of routing protocol connection (even if the free memory recovers to a safety
value).
5-3
By default, when the free memory of the switch recovers to a safety value, connections
of all the routing protocols will always recover (when the free memory of the switch
decreases to a lower limit, the connection will be disconnected forcibly).
After this command is used, connections of all the routing protocols will not recover
when the free memory of the switch recovers to a safety value. In this case, you need to
restart the routing protocol to recover the connections.
Use this command with caution.
Related command: memory auto-establish enable, memory { safety | limit },
display memory limit.
Example
# Disable automatic restoration of the routing protocol connections when the free
memory of the current switch recovers.
[Quidway] memory auto-establish disable
5.1.4 memory auto-establish enable
Syntax
memory auto-establish enable
View
System view
Parameter
None
Description
Use the memory auto-establish enable command to enable automatic restoration of

routing protocol connections when the free memory of the switch recovers to the
specified value.
Use the memory auto-establish disable command to disable this function.
By default, when the free memory of the switch recovers to a safety value, connections
of all the routing protocols will always recover (when the free memory of the switch
decreases to a lower limit, the connection will be disconnected forcibly).
By default, this function is enabled.
Related command: memory auto-establish disable, memory { safety | limit },
display memory limit.
5-4
Example
# Enable automatic restoration of the connections of all the routing protocols when the
free memory of the current switch recovers.
[Quidway] memory auto-establish enable
5.1.5 memory safety | limit
Syntax
memory { safety safety-value | limit limit-value }*

undo memory [ safety | limit ]
View
System view
Parameter
safety-value: Safety free memory of the switch , in Mbytes. Its value range depends on
the free memory of the current switch. This value defaults to 5.
limit-value: Lower limit of the switch free memory, in Mbytes. Its value range depends
on the free memory of the current switch. This value defaults to 4.
Description
Use the memory limit limit-value command to configure the lower limit of the switch
free memory.
When the free memory of the switch is less than this limit, all the routing protocol
connections will be disconnected forcibly. The limit-value argument in the command
must be less than the current free memory safety value; otherwise, the configuration
will fail.
Use the memory safety safety-value command to configure the safety value of the
switch free memory.
If you use the memory auto-establish enable command (the default configuration),
the routing protocol connection that is forcibly disconnected automatically recovers
when the free memory of the switch reaches this value. The safety-value argument in
the command must be greater than the current free memory lower limit; otherwise, the
configuration will fail.
Use the memory safety safety-value limit limit-value command to change both the
safety value and lower limit of the switch free memory. The value of safety-value must
be greater than that of limit-value; otherwise, the configuration will fail.
5-5
Use the undo memory command to restore the default safety value and lower limit of
the switch free memory.
Related command: memory auto-establish disable, memory auto-establish enable,
and display memory limit.
Example
# Set the lower limit of the switch free memory to 1 MB and the safety value to 3 MB.
[Quidway] memory safety 3 limit 1
5-6
Command Manual – Multicast Protocol
Table of Contents
Chapter 1 IGMP Snooping Configuration Commands............................................................... 1-1

1.1 IGMP Snooping Configuration Commands ....................................................................... 1-1
1.1.1 display igmp-snooping configuration....................................................................... 1-1
1.1.2 display igmp-snooping group .................................................................................. 1-2
1.1.3 display igmp-snooping statistics.............................................................................. 1-3
1.1.4 igmp-snooping......................................................................................................... 1-4
1.1.5 igmp-snooping fast-leave ........................................................................................ 1-4
1.1.6 igmp-snooping general-query source-ip ................................................................. 1-5
1.1.7 igmp-snooping group-limit....................................................................................... 1-6
1.1.8 igmp-snooping group-policy .................................................................................... 1-7
1.1.9 igmp-snooping host-aging-time............................................................................... 1-9
1.1.10 igmp-snooping max-response-time..................................................................... 1-10
1.1.11 igmp-snooping querier ........................................................................................ 1-10
1.1.12 igmp-snooping query-interval.............................................................................. 1-11
1.1.13 igmp-snooping router-aging-time ........................................................................ 1-12
1.1.14 reset igmp-snooping statistics............................................................................. 1-13
1.1.15 service-type multicast.......................................................................................... 1-13
Chapter 2 Common IP Multicast Configuration Commands..................................................... 2-1

2.1 Common IP Multicast Configuration Commands............................................................... 2-1
2.1.1 display multicast forwarding-table ........................................................................... 2-1
2.1.2 display multicast routing-table................................................................................. 2-2
2.1.3 display multicast-source-deny................................................................................. 2-4
2.1.4 multicast route-limit ................................................................................................. 2-5
2.1.5 multicast routing-enable .......................................................................................... 2-5
2.1.6 multicast-source-deny ............................................................................................. 2-6
2.1.7 reset multicast forwarding-table .............................................................................. 2-7
2.1.8 reset multicast routing-table .................................................................................... 2-8
Chapter 3 Multicast MAC Address Entry Configuration Commands....................................... 3-1

3.1 Multicast MAC Address Entry Configuration Commands .................................................. 3-1
3.1.1 mac-address multicast interface ............................................................................. 3-1
3.1.2 mac-address multicast vlan..................................................................................... 3-2
3.1.3 display mac-address multicast static....................................................................... 3-2
Chapter 4 Unknown Multicast Drop Configuration Command ................................................. 4-1

4.1 Unknown Multicast Drop Configuration Command............................................................ 4-1
4.1.1 unknown-multicast drop enable .............................................................................. 4-1
i
Chapter 5 IGMP Configuration Commands ................................................................................ 5-1

5.1 IGMP Configuration Commands........................................................................................ 5-1
5.1.1 display igmp group .................................................................................................. 5-1
5.1.2 display igmp interface ............................................................................................. 5-2
5.1.3 igmp enable............................................................................................................. 5-3
5.1.4 igmp group-limit....................................................................................................... 5-4
5.1.5 igmp group-policy.................................................................................................... 5-5
5.1.6 igmp group-policy vlan ............................................................................................ 5-6
5.1.7 igmp host-join port................................................................................................... 5-7
5.1.8 igmp host-join vlan .................................................................................................. 5-8
5.1.9 igmp lastmember-queryinterval............................................................................... 5-9
5.1.10 igmp max-response-time..................................................................................... 5-10
5.1.11 igmp proxy........................................................................................................... 5-11
5.1.12 igmp robust-count ............................................................................................... 5-12
5.1.13 igmp timer other-querier-present......................................................................... 5-13
5.1.14 igmp timer query.................................................................................................. 5-14
5.1.15 igmp version ........................................................................................................ 5-15
5.1.16 reset igmp group ................................................................................................. 5-16
Chapter 6 PIM Configuration Commands ................................................................................... 6-1

6.1 PIM Configuration Commands........................................................................................... 6-1
6.1.1 bsr-policy ................................................................................................................. 6-1
6.1.2 c-bsr ........................................................................................................................ 6-2
6.1.3 c-rp .......................................................................................................................... 6-3
6.1.4 crp-policy ................................................................................................................. 6-4
6.1.5 display pim bsr-info ................................................................................................. 6-5
6.1.6 display pim interface ............................................................................................... 6-6
6.1.7 display pim neighbor ............................................................................................... 6-7
6.1.8 display pim routing-table ......................................................................................... 6-8
6.1.9 display pim rp-info ................................................................................................... 6-9
6.1.10 pim....................................................................................................................... 6-10
6.1.11 pim bsr-boundary ................................................................................................ 6-11
6.1.12 pim dm................................................................................................................. 6-12
6.1.13 pim neighbor-limit................................................................................................ 6-13
6.1.14 pim neighbor-policy ............................................................................................. 6-13
6.1.15 pim sm................................................................................................................. 6-14
6.1.16 pim timer hello ..................................................................................................... 6-15
6.1.17 register-policy ...................................................................................................... 6-16
6.1.18 reset pim neighbor .............................................................................................. 6-16
6.1.19 reset pim routing-table ........................................................................................ 6-17
6.1.20 spt-switch-threshold ............................................................................................ 6-18
6.1.21 source-policy ....................................................................................................... 6-19
6.1.22 static-rp................................................................................................................ 6-20
ii
Chapter 7 MSDP Configuration Commands ............................................................................... 7-1

7.1 MSDP Configuration Commands....................................................................................... 7-1
7.1.1 cache-sa-enable...................................................................................................... 7-1
7.1.2 display msdp brief ................................................................................................... 7-1
7.1.3 display msdp peer-status ........................................................................................ 7-2
7.1.4 display msdp sa-cache............................................................................................ 7-3
7.1.5 display msdp sa-count ............................................................................................ 7-5
7.1.6 import-source .......................................................................................................... 7-6
7.1.7 msdp........................................................................................................................ 7-6
7.1.8 msdp-tracert ............................................................................................................ 7-7
7.1.9 originating-rp ........................................................................................................... 7-9
7.1.10 peer description................................................................................................... 7-10
7.1.11 peer mesh-group ................................................................................................. 7-11
7.1.12 peer minimum-ttl.................................................................................................. 7-11
7.1.13 peer request-sa-enable ....................................................................................... 7-12
7.1.14 peer sa-cache-maximum..................................................................................... 7-13
7.1.15 peer connect-interface ........................................................................................ 7-14
7.1.16 peer sa-policy ...................................................................................................... 7-14
7.1.17 peer sa-request-policy......................................................................................... 7-15
7.1.18 reset msdp peer .................................................................................................. 7-16
7.1.19 reset msdp sa-cache........................................................................................... 7-17
7.1.20 reset msdp statistics............................................................................................ 7-17
7.1.21 shutdown ............................................................................................................. 7-18
7.1.22 static-rpf-peer ...................................................................................................... 7-19
7.1.23 timer retry ............................................................................................................ 7-20
iii
Command Manual – Multicast Protocol Chapter 1 IGMP Snooping Configuration
Chapter 1 IGMP Snooping Configuration

Commands
Note:
z The multicast protocol supported by S3900-SI series Ethernet switches is IGMP
Snooping only.
z Ethernet switches serve as routers when an IP multicast protocol is running on it.
The routers mentioned here refer to common routers and Layer 3 Ethernet switches
where the IP multicast protocol is running.
1.1 IGMP Snooping Configuration Commands

1.1.1 display igmp-snooping configuration
Syntax
display igmp-snooping configuration
View
Any view
Parameter
None
Description
Use the display igmp-snooping configuration command to display IGMP Snooping

configuration information.
When IGMP Snooping is enabled on the switch, this command displays the following
information: IGMP Snooping status, aging time of the router port, query response
timeout time, and aging time of multicast member ports.
Related command: igmp-snooping.
Example
# Display IGMP Snooping configuration information on the switch.

<Quidway> display igmp-snooping configuration
1-1
Enable IGMP-Snooping.
The router port timeout is 105 second(s).
The max response timeout is 1 second(s).
The host port timeout is 260 second(s).
The above information shows: IGMP Snooping is enabled, the aging time of the router
port is 105 seconds, the query response timeout time is one second, and the aging time
of multicast member ports is 260 seconds.
1.1.2 display igmp-snooping group
Syntax
display igmp-snooping group [ vlan vlan-id ]
View
Any view
Parameter
vlan-id: Specifies a VLAN ID.
Description
Use the display igmp-snooping group command to display information about the IP
and MAC multicast groups under one specified VLAN (with vlan vlan-id) or all VLANs
(without vlan vlan-id).
This command displays the following information: VLAN ID, router port, IP multicast
group address, member ports included in the IP multicast group, MAC multicast group,
MAC multicast group address, and member ports included in the MAC multicast group.
Example
# Display information about the multicast groups under VLAN 2.

<Quidway> display igmp-snooping group vlan 2
Vlan(id):2.
Total 1 IP Group(s).
Total 1 MAC Group(s).
Router port(s):Ethernet1/0/1
IP group(s):the following ip group(s) match to one mac group.
IP group address:230.45.45.1
Host
The information above means:

z Multicast groups exist in VLAN 2.
z The router port is Ethernet 1/0/1.
z The address of the IP multicast group is 230.45.45.1.
1-2
1.1.3 display igmp-snooping statistics
Syntax
display igmp-snooping statistics
View
Any view
Parameter
None
Description
Use the display igmp-snooping statistics command to display IGMP Snooping

message statistics.
This command displays the following information: the numbers of the IGMP general
query messages, IGMP group-specific query messages, IGMP V1 report messages,
IGMP V2 report messages, IGMP leave messages and error IGMP messages received,
and the number of the IGMP group-specific query messages sent.
Example
# Display IGMP Snooping message statistics.

<Quidway> display igmp-snooping statistics
Received IGMP general query packet(s) number:0.
Received IGMP specific query packet(s) number:0.
Received IGMP V1 report packet(s) number:0.
Received IGMP V2 report packet(s) number:0.
Received IGMP leave packet(s) number:0.
Received error IGMP packet(s) number:0.
Sent IGMP specific query packet(s) number:0.
The information above shows that IGMP receives:

z zero IGMP general query packets
z zero IGMP specific query packets
z zero IGMP V1 report packets
z zero IGMP V2 report packets
z zero IGMP leave packets
z zero IGMP error packets
IGMP Snooping sends:
z zero IGMP specific query packets
1-3
1.1.4 igmp-snooping
Syntax
igmp-snooping { enable | disable }
View
System view
Parameter
enable: Enables the IGMP Snooping feature.

disable: Disables the IGMP Snooping feature.
Description
Use the igmp-snooping enable command to enable the IGMP Snooping feature.
Use the igmp-snooping disable command to disable the IGMP Snooping feature.
By default, the IGMP Snooping feature is disabled.
Example
# Enable the IGMP Snooping feature on the switch.

[Quidway] igmp-snooping enable
Enable IGMP-Snooping ok.
1.1.5 igmp-snooping fast-leave
Syntax
igmp-snooping fast-leave [ vlan vlan-list ]

undo igmp-snooping fast-leave [ vlan vlan-list ]
View
Parameter
vlan-list: VLAN list representing multiple VLANs in the form of vlan-list = { vlan-id [ to
vlan-id ] } & < 1-10 >. The vlan-id argument is the ID of the VLAN, in the range of 1 to
4,094. &<1-10> means that you can provide the argument repeatedly for up to ten
times.
Description
Use the igmp-snooping fast-leave command to enable IGMP fast leave processing.
1-4
Use the undo igmp-snooping fast-leave command to cancel the configuration.

By default, IGMP fast leave processing is disabled.
Normally, when receiving an IGMP Leave message, IGMP Snooping does not
immediately remove the port from the multicast group, but sends a group-specific query
message. If no response is received in a given period, it then removes the port from the
multicast group.
If this command is executed, when receiving an IGMP Leave packet, IGMP Snooping
removes the port from the multicast group directly. When the port has only one user,
enabling IGMP fast leave processing can save bandwidth.
Note:
z This feature is effective for IGMP-V2-enabled clients.
z When this feature is enabled, if one of the multiple users on a port leaves, the
multicast services for the other users in the same multicast group may be
interrupted.
Example
# Enable IGMP fast leave processing on Ethernet1/0/1 port.

[Quidway-Ethernet1/0/1] igmp-snooping fast-leave
1.1.6 igmp-snooping general-query source-ip
Syntax
igmp-snooping general-query source-ip { current-interface | ip-address }

undo igmp-snooping general-query source-ip
View
VLAN view
Parameter
current-interface: Current interface whose IP address is selected by the Layer 2

multicast switch.
ip-address: Source IP address of the general query packet that the Layer 2 multicast
switch sends.
1-5
Description
Use the igmp-snooping general-query source-ip current-interface command to

configure the Layer 2 multicast switch to use the IP address of the current VLAN
interface as the source IP address of the general query packets that the Layer 2
multicast switch sends. If no IP address is configured on the current VLAN interface,
the default IP address 0.0.0.0. is used as the default source IP address.
Use the igmp-snooping general-query source-ip ip-address command to configure
the Layer 2 multicast switch to use the specified IP address as the source IP address
when sending general query packets.
Use the undo igmp-snooping general-query source-ip command to configure the
Layer 2 switch to use the default IP address as the source address when sending
general query packets.
These commands are effective after the IGMP Snooping querier is enabled on the
switch. Otherwise, the switch cannot send general query packets.
By default, the Layer 2 multicast switch sends general query packets with the source IP
address 0.0.0.0.
Example
# Configure the Layer 2 multicast switch to send general query packets with the source
IP address 2.2.2.2.
System view, return to user view with Ctrl+Z.
[Quidway] vlan 3
[Quidway-vlan3] igmp-snooping enable
[Quidway-vlan3] igmp-snooping querier
[Quidway-vlan3] igmp-snooping general-query source-ip 2.2.2.2
1.1.7 igmp-snooping group-limit
Syntax
igmp-snooping group-limit limit

undo igmp-snooping group-limit
View
Ethernet port view
Parameter
limit: Maximum number of multicast groups the port can join, in the range of 1 to 256.
1-6
Description
Use the igmp-snooping group-limit command to define the maximum number of

multicast groups the port can join.
Use the undo igmp-snooping group-limit command to restore the default setting.
By default, there is no limit on the number of multicast groups the port can join.
Example
# Allow the GigabitEthernet1/0/1 port to join at most 200 multicast groups.

[Quidway] interface GigabitEthernet 1/0/1
[Quidway-GigabitEthernet1/0/1] igmp-snooping group-limit 200
1.1.8 igmp-snooping group-policy
Syntax
igmp-snooping group-policy acl-number vlan vlan-list

undo igmp-snooping group-policy vlan vlan-list
View
Parameter
acl-number: Basic ACL number, in the range of 2000 to 2999.

vlan-id: ID of the VLAN for the Ethernet port, in the range of 1 to 4094.
Description
Use the igmp-snooping group-policy command to configure an IGMP Snooping

filtering ACL.
Use the undo igmp-snooping group-policy command to remove the IGMP Snooping
filtering ACL.
By default, no IGMP Snooping filtering ACL is configured.
You can configure multicast filtering ACLs globally or on the switch ports connected to
user ends so as to use the IGMP Snooping filter function to limit the multicast streams
that the users can access. With this function, you can treat different VoD users in
different ways by allowing them to access the multicast streams in different multicast
groups.
In practice, when a user orders a multicast program, an IGMP host report message is
generated. When the message arrives at the switch, the switch examines the multicast
1-7
filtering ACL configured on the access port to determine if the port can join the
corresponding multicast group or not. If yes, it adds the port to the forward port list of
the multicast group. If not, it drops the IGMP host report message and does not forward
the corresponding data stream to the port. In this way, you can control the multicast
streams that users can access.
An ACL rule defines a multicast address or a multicast address range (for example
224.0.0.1 to 239.255.255.255) and is used to.
z Allow the port(s) to join only the multicast group(s) defined in the rule by a permit
statement.
z Inhibit the port(s) from joining the multicast group(s) defined in the rule by a deny
statement.
Note:
z One port can belong to multiple VLANs. But for each VLAN on the port, you can
configure only one ACL.
z If no ACL rule is configured or the port does not belong to the specified VLAN, the
filter ACL you configured does not take effect on the port.
z Since most devices broadcast unknown multicast packets, this function is often
used together with the unknown multicast packet drop function to prevent multicast
streams from being broadcasted to a filtered port as unknown multicast.
Example
# Configure ACL 2000 to allow users under port Ethernet 1/0/1 to access the multicast
streams in groups 225.0.0.0 to 225.255.255.255.
z Configure ACL 2000.
[Quidway-acl-basic-2000] quit
z Create VLAN 2 and add Ethernet 1/0/1 port to VLAN 2.
[Quidway] vlan 2
[Quidway-vlan2] port Ethernet 1/0/1
Gigabit[Quidway-vlan2] quit
z Configure ACL 2000 on Ethernet 1/0/1 to allow this VLAN 2 port to join only the
IGMP multicast groups defined in the rule of ACL 2000.
[Quidway-Ethernet1/0/1] igmp-snooping group-policy 2000 vlan 2
1-8
# Configure ACL 2001 to allow users under Ethernet 1/0/2 to access the multicast
streams in any groups except groups 225.0.0.0 to 225.0.0.255.
z Configure ACL 2001.
[Quidway-acl-basic-2001] rule deny source 225.0.0.0 0.0.0.255
[Quidway-acl-basic-2001] rule permit source any
z Create VLAN 2 and add Ethernet 1/0/2 to VLAN 2.
[Quidway] vlan 2
[Quidway-vlan2] port Ethernet 1/0/2
z Configure ACL 2001 on Ethernet 1/0/2 to allow this VLAN 2 port to join any IGMP
multicast groups except those defined in the deny rule of ACL 2001.
[Quidway-Ethernet1/0/2] igmp-snooping group-policy 2001 vlan 2
1.1.9 igmp-snooping host-aging-time
Syntax
igmp-snooping host-aging-time seconds

undo igmp-snooping host-aging-time
View
System view
Parameter
seconds: Aging time of multicast member ports, in the range of 200 to 1000 in seconds.
Description
Use the igmp-snooping host-aging-time command to configure the aging time of

multicast member port.
Use the undo igmp-snooping host-aging-time command to restore the default aging
time.
By default, the aging time of multicast member ports is 260 seconds.
The aging time of multicast member ports determines the refresh frequency of multicast
group members. In an environment where multicast group members change frequently,
a relatively shorter aging time is required.
Example
# Set the aging time of multicast member ports to 300 seconds.
1-9
[Quidway] igmp-snooping host-aging-time 300
1.1.10 igmp-snooping max-response-time
Syntax
igmp-snooping max-response-time seconds

undo igmp-snooping max-response-time
View
System view
Parameter
seconds: Query response timeout time, in the range of 1 to 25 in seconds.
Description
Use the igmp-snooping max-response-time command to configure the query

response timeout time.
Use the undo igmp-snooping max-response-time command to restore the default
timeout time.
By default, the query response timeout time is 10 seconds.
The maximum response time you configured determines how long the switch can wait
for a response to an IGMP Snooping query message.
Related command: igmp-snooping, igmp-snooping router-aging-time.
Example
# Set the query response timeout time to 15 seconds.

[Quidway] igmp-snooping max-response-time 15
1.1.11 igmp-snooping querier
Syntax
igmp-snooping querier
undo igmp-snooping querier
View
VLAN view
1-10
Parameter
None
Description
Use the igmp-snooping querier command to enable the IGMP Snooping querier
feature on the current VLAN of the Layer 2 multicast switch.
Use the undo igmp-snooping querier command to disable the IGMP Snooping
querier feature on the current VLAN of the Layer 2 multicast switch.
By default, the IGMP Snooping querier feature of the Layer 2 multicast switch is
disabled.
Example
# Enable the IGMP Snooping feature on VLAN 3 of the Layer 2 multicast switch.
[Quidway] vlan 3
1.1.12 igmp-snooping query-interval
Syntax
igmp-snooping query-interval seconds

undo igmp-snooping query-interval
View
VLAN view
Parameter
seconds: Interval for the Layer 2 multicast to send general query packets.
Description
Use the igmp-snooping query-interval command to configure the interval for the
Layer 2 multicast switch to send general query packets.
Use the undo igmp-snooping query-interval command to restore the interval to the
default value.
These commands are effective after the IGMP Snooping querier feature is enabled.
Otherwise, the switch will not send general query packets. The configured query
interval must be longer than the maximum response interval of the host,
1-11
The Layer 2 multicast switch sends general query packets at the interval of 50 seconds.
Example
# Configure the Layer 2 multicast switch to send general query packets at the interval of
100 seconds on VLAN 3.
[Quidway] vlan 3
[Quidway-vlan3] igmp-snooping query-interval 100
1.1.13 igmp-snooping router-aging-time
Syntax
igmp-snooping router-aging-time seconds

undo igmp-snooping router-aging-time
View
System view
Parameter
seconds: Aging time of the router port, in the range of 1 to 1000 in seconds.
Description
Use the igmp-snooping router-aging-time command to configure the aging time of

the router port.
Use the undo igmp-snooping router-aging-time command to restore the default
aging time.
By default, the aging time of the router port is 105 seconds.
The router port here refers to the port connecting the Layer 2 switch to the router. The
Layer 2 switch receives IGMP general query messages from the router through this
port. The aging time of the router port should be a value about 2.5 times of the general
query interval.
Related command: igmp-snooping max-response-time, igmp-snooping.
Example
# Set the aging time of the router port to 500 seconds.

1-12
[Quidway] igmp-snooping router-aging-time 500
1.1.14 reset igmp-snooping statistics
Syntax
reset igmp-snooping statistics
View
User view
Parameter
None
Description
Use the reset igmp-snooping statistics command to clear IGMP Snooping statistics.
Example
# Clear IGMP Snooping statistics.

<Quidway> reset igmp-snooping statistics
1.1.15 service-type multicast
Syntax
service-type multicast
undo service-type multicast
View
VLAN view
Parameter
None
Description
Use the service-type multicast command to set the current VLAN as a multicast
VLAN.
Use the undo service-type multicast command to cancel the multicast VLAN setting.
By default, no VLAN is a multicast VLAN.
By configuring a multicast VLAN, adding corresponding switch ports to the multicast
VLAN and enabling IGMP Snooping, you can make users in different VLANs share the
same multicast VLAN. This saves bandwidth since multicast stream is transmitted only
1-13
within the multicast VLAN, and also guarantees the security because the multicast
VLAN is completely isolated from the user VLANs.
Note:
z Isolate VLANs cannot be set as multicast VLANs.
z One port belongs to one multicast VLAN only.
z The type of ports connecting to the user terminal must be hybrid.
z The multicast member port must be in the same multicast VLAN with the router port.
Otherwise, the port cannot receive multicast packets.
z If a router port is added to a multicast VLAN, the router port must be set as a trunk
port or tagged hybrid port. Otherwise, all the multicast member ports in this multicast
VLAN cannot receive multicast packets.
z If a multicast member port needs to receive packets forwarded by the router port
which does not belong to any multicast VLAN, the multicast member port must be
removed from the multicast VLAN. Otherwise, the port cannot receive multicast
packets.
Example
# Configure VLAN 2 as a multicast VLAN.

[Quidway] vlan 2
[Quidway-vlan2] service-type multicast
1-14
Command Manual – Multicast Protocol Chapter 2 Common IP Multicast Configuration
Chapter 2 Common IP Multicast Configuration

Commands
2.1 Common IP Multicast Configuration Commands

2.1.1 display multicast forwarding-table
Syntax
display multicast forwarding-table [ group-address [ mask { group-mask |

mask-length } ] | source-address [ mask { group-mask | mask-length } ] |
incominginterface { interfacetype interfacenumber ] register } ]*
View
Any view
Parameter
group-address: Multicast group address to specify a multicast group, in the range of

224.0.0.0 to 239.255.255.255.
source-address: Unicast IP address of the multicast source.
incoming-interface: Specifies the incoming interface of multicast forwarding entries.
register: Registration VLAN interface of PIM-SM.
Description
Use the display multicast forwarding-table command to display the information

about multicast forwarding tables.
Related command: display multicast routing-table.
Example
# Query the information about the multicast forwarding table.

<Quidway> display multicast forwarding-table
Multicast Forwarding Cache Table
Total 1 entry: 0 entry created by IP, 1 entry created by protocol
00001. (10.0.0.4, 225.1.1.1), iif Vlan-interface2, 0 oifs,

Protocol Create
Matched 122 pkts(183000 bytes), Wrong If 0 pkts
Forwarded 122 pkts(183000 bytes)
2-1
Total 1 entry Listed
The following table describes the fields in the displayed information above:
Table 2-1 Description on the fields of the display multicast forwarding-table command
Field Description
Multicast Forwarding Cache Table Multicast forwarding table
Total 1 entries Total number of entries
00001 Serial number of an entry
(10.0.0.4, 225.1.1.1) (s,g)
The incoming interface of the multicast
forwarding table is vlan-interface 2, and the
iif Vlan-interface2, 0 oifs
multicast forwarding table does not have an
outgoing interface.
Matched 122 pkts(183000 bytes), 122 packets which are 183,000 bytes in all
Wrong If 0 pkts match with the (s,g) entry, and 0 wrong
Forwarded 122 pkts(183000 packet matches with the (s,g) entry.
bytes) 122 packets which are 183,000 bytes in all
are forwarded.
2.1.2 display multicast routing-table
Syntax
display multicast routing-table [ group-address [ mask { mask | mask-length } ] |

source-address [ mask { mask | mask-length } ] | incoming-interface { interface-type
interface-number | register } ]*
View
Any view
Parameter
group-address: Multicast group address to specify a multicast group and display the
routing table information corresponding to this group, in the range of 224.0.0.0 to
239.255.255.255.
source-address: Unicast IP address of the multicast source.
incoming-interface: Specifies the incoming interface of the multicast routing entry.
register: Registration interface of PIM-SM.
2-2
Description
Use the display multicast routing-table command to display the information about
the IP multicast routing table.
This command is used to display the information about the multicast routing table, while
the display multicast forwarding-table command is used to display the information
about the multicast forwarding table.
Example
# Query the information about the routing entries corresponding to the multicast group
225.1.1.1.1 in the multicast routing table.
<Quidway> display multicast routing-table
Multicast Routing Table
Total 3 entries
(4.4.4.4, 224.2.149.17)
Uptime: 00:15:16, Timeout in 272 sec
Upstream interface: Vlan-interface1(4.4.4.6)
Downstream interface list:
Vlan-interface2(2.2.2.4), Protocol 0x1: IGMP
(4.4.4.4, 224.2.254.84)
Downstream interface list: NULL
(4.4.4.4, 239.255.2.2)
Matched 3 entries
The following table describes the fields in the displayed information.
Table 2-2 Description on the fields of the display multicast routing-table command
Field Description
Multicast Routing Table Multicast routing table
Total 3 entries There are 3 entries in all in the multicast routing
table.
(4.4.4.4, 224.2.149.17) (s,g) of the multicast routing table
Uptime: 00:15:16, Timeout in The entry is up for 15 minutes and 16 seconds,
2-3
Field Description
272 sec and it times out in 272 seconds.
Upstream interface: The IP address of the upstream interface is
Vlan-interface1(4.4.4.6) 4.4.4.6.
Downstream interface list: Downstream interface list:
Vlan-interface2(2.2.2.4), The IP address of the downstream interface is
Protocol 0x1: IGMP 2.2.2.4.
The downstream interface is added by the
IGMP protocol.
Matched 3 entries Three entries match the configuration.
2.1.3 display multicast-source-deny
Syntax
display multicast-source-deny [ interface interface-type [ interface-number ] ]
View
Any view
Parameter

Description
Use the display multicast-source-deny command to display the configuration

information about the multicast source port check.
When you use this command to display the information,
z If you specify neither the port type nor the port number, the multicast source port
check information about all the ports on the switch is displayed.
z If you specify the port type only, the multicast source port check information about
all ports of this type is displayed.
z If you specify both the port type and the port number, the multicast source port
check information about the specified port is displayed.
Example
# Display the multicast source port suppression state of Ethernet 1/0/1.

[Quidway] display multicast-source-deny interface Ethernet 1/0/1
# Display the multicast source port suppression state of all the 100M Ethernet ports.
2-4
[Quidway] display multicast-source-deny interface Ethernet
2.1.4 multicast route-limit
Syntax
multicast route-limit limit

undo multicast route-limit
View
System view
Parameter
limit: Limit on the capacity of the multicast routing table, in the range of 0 to 256.
Description
Use the multicast route-limit command to limit the capacity of the multicast routing
table. The router will drop the protocols and packets of the new (S, G).
Use the undo multicast route-limit command to restore the default limit on the
capacity of the multicast routing table.
The limit on the capacity of the multicast routing table is 256 by default.
If the number of existing routing entries exceeds the value to be configured when you
configure this command, the existing entries in the routing table will not be removed.
Instead, the system will prompt that the number of existing routing entries is more than
the limit to be configured.
If you execute this command again, the new configuration will overlap the former
configuration.
Example
# Set the limit on the capacity of the multicast routing table to 100.
[Quidway] multicast route-limit 100
2.1.5 multicast routing-enable
Syntax
multicast routing-enable
undo multicast routing-enable
2-5
View
System view
Parameter
None
Description
Use the multicast routing-enable command to enable the IP multicast routing feature.
Use the undo multicast routing-enable command to disable the IP multicast routing
feature.
The IP multicast routing feature is disabled by default.
Related command: pim dm, pim sm.
Example
# Enable the IP multicast routing feature.

[Quidway] multicast routing-enable
2.1.6 multicast-source-deny
Syntax
multicast-source-deny [ interface interface-list ]

undo multicast-source-deny [ interface interface-list ]
View
Parameter
interface-list: Specifies Ethernet port list, expressed in the form of interface-list =

{ { interface-type interface-num | interface-name } [ to { interface-type interface-num |
interface-name } ] }&<1-10>. The interface-number argument refers to one single
Ethernet port, expressed in the form of interface-number = { interface-type
interface-number | interface-name }, where the interface-type argument refers to the
port type, the interface-number argument refers to the port number, and the
interface-name argument refers to the port name. For meanings and value ranges of
interface-type, interface-number and interface-name, refer to the parameters in the
section “Port Basic Configuration” in this manual.
2-6
Description
Use the multicast-source-deny command to enable the multicast source port

suppression feature.
Use the undo multicast-source-deny command to restore the default setting.
By default, the multicast source port suppression feature is disabled on all the ports.
The multicast source port suppression feature can filter multicast packets on the
unauthorized multicast source port in order to avoid the case that the user connected to
the port sets the multicast server privately.
In the system view, if the interface-list argument is not specified, the multicast source
port suppression feature is enabled globally, that is, the feature is enabled on all the
ports of the switch; if the interface-list argument is specified, the multicast source port
suppression feature is enabled on the specified ports. In Ethernet port view, the
interface-list argument cannot be specified in the command and you can use the
command to enable the multicast source port suppression feature on the current port
only.
Example
# Enable the multicast source port suppression feature on all the ports of the switch.
[Quidway] multicast-source-deny
# Enable the multicast source port suppression feature on Ethernet 1/0/1 through
Ethernet 1/0/10 and Ethernet 1/0/12.
[Quidway] multicast-source-deny interface Ethernet 1/0/1 to Ethernet 1/0/10
Ethernet 1/0/12
2.1.7 reset multicast forwarding-table
Syntax
reset multicast forwarding-table [ statistics ] { all | { group-address [ mask

{ group-mask | group-mask-length } ] | source-address [ mask { source-mask |
source-mask-length } ] | incoming-interface interface-type interface-number } * }
View
User view
Parameter
statistics: Clears the statistics information about MFC forwarding entries if this
keyword is specified. Otherwise, MFC forwarding entries will be cleared.
all: Refers to all MFC forwarding entries.
2-7
group-address: Specifies the group address.

group-mask: Specifies the mask of the group address.
group-mask-length: Specifies the mask length of the group address.
source-address: Specifies the source address.
source-mask: Specifies the mask of the source address.
source-mask-length: Specifies the mask length of the source address.
incoming-interface: Specifies the incoming interface of the forwarding entry.
interface-type interface-number: VLAN interface type and VLAN interface number.
Description
Use the reset multicast forwarding-table command to clear MFC forwarding entries
or the statistics information about MFC forwarding entries.
The order of the group-address argument and the source-address argument can be
turned over. However, you must input valid group addresses and source addresses.
Otherwise, the system prompts error.
Related command: reset pim routing-table, reset multicast routing-table, and
display multicast forwarding-table.
Example
# Clear the forwarding entries whose group address is 225.5.4.3 in the MFC forwarding
table.
<Quidway> reset multicast forwarding-table 225.5.4.3
# Clear the statistics information about the forwarding entries whose group address is
225.5.4.3 in the MFC forwarding table.
<Quidway> reset multicast forwarding-table statistics 225.5.4.3
2.1.8 reset multicast routing-table
Syntax
reset multicast routing-table { all | { group-address [ mask { group-mask |

group-mask-length } ] | source-address [ mask { source-mask | source-mask-length } ]
| incoming-interface interface-type interface-number } * }
View
User view
Parameter
all: All routing entries in the multicast core routing table.

group-address: Specifies the group address.
2-8
group-mask: Specifies the mask of the group address.

group-mask-length: Specifies the mask length of the group address.
source-address: Specifies the source address.
source-mask: Specifies the mask of the source address.
source-mask-length: Specifies the mask length of the source address.
incoming-interface: Specifies the incoming interface of the routing entry.
Description
Use the reset multicast routing-table command to clear the routing entries in the
multicast core routing table and remove the corresponding forwarding entries in the
MFC forwarding table.
The order of the group-address argument and the source-address argument can be
turned over. However, you must input valid group addresses and source addresses.
Otherwise, the system prompts error.
Related command: reset pim routing-table, reset multicast forwarding-table and
display multicast forwarding-table.
Example
# Clear the routing entries whose group address is 225.5.4.3 from the multicast core
routing table.
<Quidway> reset multicast routing-table 225.5.4.3
2-9
Command Manual – Multicast Protocol Chapter 3 Multicast MAC Address Entry
Quidway S3900 Series Ethernet Switches-Release 1510 Configuration Commands
Chapter 3 Multicast MAC Address Entry

Configuration Commands
3.1 Multicast MAC Address Entry Configuration Commands

3.1.1 mac-address multicast interface
Syntax
mac-address multicast mac-address interface interface-list vlan vlan-id

undo mac-address multicast [ mac-address [ interface interface-list ] vlan vlan-id ]
View
System view
Parameter
mac-address: Multicast MAC address.

vlan-id: VLAN ID.
interface-list: Forwarding port list, in the format of { { interface-type interface-num } [ to
{ interface-type interface-num } ] }&<1-10>. Where, interface-type is a port type,
interface-number is a port number (refer to the parameter description of the interface
command in the port command module of this document), to is used to specify a port
range, and &<1-10> represents you can totally specify up to 10 ports and port ranges.
Description
Use the mac-address multicast command to manually add a multicast MAC address
entry.
Use the undo mac-address multicast command to remove a multicast MAC address
entry.
Each multicast MAC address entry contains: multicast address, forward port, VLAN ID,
and so on.
Related command: display mac-address multicast static.
Example
# Add a multicast MAC address entry, with multicast address 0100-5e0a-0805, forward
port Ethernet 1/0/1, and VLAN 1 to which the entry belongs.
3-1
[Quidway] mac-address multicast 0100-5e0a-0805 interface Ethernet 1/0/1 vlan

1
3.1.2 mac-address multicast vlan
Syntax
mac-address multicast mac-address vlan vlan-id

undo mac-address multicast [ [ mac-address ] vlan vlan-id ]
View
Ethernet port view
Parameter
mac-address: Multicast MAC address.

vlan-id: VLAN ID.
Description
Use the mac-address multicast vlan command to add a multicast MAC address
entry.
Use the undo mac-address multicast vlan command to remove a multicast MAC
address entry.
Each multicast MAC address entry contains: multicast address, VLAN ID, and so on.
Related command: display mac-address multicast static.
Example
# Add a multicast MAC address entry on Ethernet1/0/1, with multicast address

0100-1000-1000 and VLAN 1 to which the entry belongs.
[Quidway-Ethernet1/0/1]mac-address multicast 0100-1000-1000 vlan 1
3.1.3 display mac-address multicast static
Syntax
display mac-address multicast [ static { { { mac-address vlan vlan-id | vlan vlan-id }

[ count ] } | count } ]
View
Any view
3-2
Parameter
mac-address vlan vlan-id: Multicast MAC address entry in the specified VLAN.
count: Number of MAC entries.
vlan-id: ID of the specific VLAN.
Description
Use the display mac-address multicast static command to display the multicast
MAC address entry/entries manually configured on the switch.
z Executing this command with neither mac-address nor vlan vlan-id will display the
information about all the multicast MAC address entries manually added on the
switch, including the multicast MAC address, VLAN ID, state of the MAC address,
port number and aging time.
z Executing this command with vlan vlan-id but without mac-address will display the
information about all the multicast MAC address entries manually added in the
specified VLAN, including the multicast MAC address, VLAN ID, state of the MAC
address, port number and aging time.
z Executing this command with both mac-address and vlan vlan-id will display the
information about the multicast MAC address entries manually added in the
specified VLAN with the specified multicast MAC address, including the multicast
MAC address, VLAN ID, state of the MAC address, port number and aging time.
z Executing this command with count will display the information about the number
of multicast MAC address entries added on the switch.
Example
# Display all the multicast MAC address entries manually added in VLAN 1.
<Quidway>display mac-address multicast static vlan 1
0100-0001-0001 1 Config static Ethernet1/0/1 N/A
Ethernet1/0/2
Ethernet1/0/3
Ethernet1/0/4
--- 1 static mac address(es) found ---
3-3
Command Manual – Multicast Protocol Chapter 4 Unknown Multicast Drop Configurat
Quidway S3900 Series Ethernet Switches-Release 1510 ion Command
Chapter 4 Unknown Multicast Drop Configuration

Command
4.1 Unknown Multicast Drop Configuration Command

4.1.1 unknown-multicast drop enable
Syntax
unknown-multicast drop enable

undo unknown-multicast drop enable
View
System view
Parameter
None
Description
Use the unknown-multicast drop enable command to enable the unknown multicast
drop feature on the switch.
Use the undo unknown-multicast drop enable command to disable the unknown
multicast drop feature on the switch.
Example
Enable the unknown multicast drop feature.

[Quidway] unknown-multicast drop enable
4-1
Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 5 IGMP Configuration Commands
Chapter 5 IGMP Configuration Commands
Note:
When running IP multicast protocols, Ethernet switches also provide the functions of
switches. We use routers in this manual to stand for not only the common routers but
also the layer 3 Ethernet switches running IP multicast protocols.
5.1 IGMP Configuration Commands

5.1.1 display igmp group
Syntax
display igmp group [ group-address | interface interface-type interface-number ]
View
Any view
Parameter
group-address: Address of the multicast group.

interface-type interface-number: VLAN interface type and VLAN interface number of
the router which are used to specify a VLAN interface. .
Description
Use the display igmp group command to view the member information of the IGMP
multicast group.
You can specify to show the information of a group or the member information of the
multicast group on a VLAN interface. The displayed information contains the multicast
groups which are joined by the downstream hosts through IGMP or through command
line.
Related command: igmp host-join.
Example
# View the member information of multicast group in the system.

<Quidway> display igmp group
LoopBack0 (20.20.20.20): Total 3 IGMP Groups reported:
5-1
Group Address Last Reporter Uptime Expires

225.1.1.1 20.20.20.20 00:02:04 00:01:15
225.1.1.3 20.20.20.20 00:02:04 00:01:15
225.1.1.2 20.20.20.20 00:02:04 00:01:17
Table 5-1 Output description of the display igmp group command
Field Description
Group address Multicast group address
Last Reporter The last host reporting to join in the multicast group
Uptime Time passed since multicast group is discovered (hh: mm: ss).
Specifies when the member will be removed from the multicast
Expires
group (hh: mm: ss).
5.1.2 display igmp interface
Syntax
display igmp interface [ interface-type interface-number ]
View
Any view
Parameter
interface-type interface-number: VLAN interface type and VLAN interface number of

the router which are used to specify a VLAN interface. If this argument is not specified,
the information about all the VLAN interfaces where IGMP is running is displayed.
Description
Use the display igmp interface command to view the IGMP configuration and running
information on a VLAN interface.
Example
# View the IGMP configuration and running information of all VLAN interfaces.
<Quidway> display igmp interface
Vlan-interface1 (10.153.17.99):
IGMP is enabled
Current IGMP version is 2
Value of query interval for IGMP(in seconds): 60
Value of other querier time out for IGMP(in seconds): 120
Value of maximum query response time for IGMP(in seconds): 10
Value of robust count for IGMP: 2
5-2
Value of startup query interval for IGMP(in seconds): 15

Value of last member query interval for IGMP(in seconds): 1
Value of query timeout for IGMP version 1(in seconds): 400
Policy to accept IGMP reports: none
Querier for IGMP: 10.153.17.99 (this router)
IGMP group limit is 256
No IGMP group reported
Table 5-2 Description on the fields of the display igmp interface command
Field Description
IGMP version IGMP version
query interval Interval of general query
querier timeout Timeout time of the querier

max query response time Maximum time of response to query
IGMP robust count, that is, the times of sending IGMP
robust count group-specific query packets before the IGMP querier
receives the IGMP leave packet from the host
startup query interval The startup interval of IGMP to send query packets
The interval of sending IGMP group-specific query
last member query interval packets when the IGMP querier receives the IGMP
leave packets from the host
query timeout Query timeout in IGMP version 1
Policy to accept IGMP The filtering policy of the IGMP multicast group to
reports control the access to IP multicast groups
Querier for IGMP IGMP querier
Limit on the number of IGMP groups added to the
VLAN interface. The router does not process new
IGMP group limit
IGMP packets when the number of IGMP packet
exceeds the limit
5.1.3 igmp enable
Syntax
igmp enable
undo igmp enable
View
VLAN interface view
5-3
Parameter
None
Description
Use igmp enable command to enable IGMP on an interface.

Use the undo igmp enable command to disable IGMP on the interface.
By default, IGMP is disabled on a VALN interface. .
These commands do not take effect until the multicast routing feature is enabled. After
this configuration, start to configure other IGMP features.
Related command: multicast routing-enable.
Example
# Enable IGMP on Vlan-interface 10.

[Quidway-Vlan-interface10] igmp enable
5.1.4 igmp group-limit
Syntax
igmp group-limit limit

undo igmp group-limit
View
VALN interface view
Parameter
limit: Quantity of multicast groups, in the range of 0 to 256.
Description
Use the igmp group-limit command to limit the number of multicast groups on an
interface. The router does not process new packets when number of IGMP groups
exceeds the limit.
Use the undo igmp group-limit command to restore the default setting.
By default to add up to 256 IGMP groups on an interface.
The new configuration overwrites the old one if you run the command for a second time.
5-4
Caution:
z New groups cannot be added when the number of IGMP multicast groups has
exceeded the configured limit.
z When the limit on the number of IGMP packets is 1, the new group enjoys priority,
that is, the system will automatically replace the former multicast group with the new
multicast group, and the former multicast group will leave the interface
automatically.
z If the number of existing multicast groups on the interface is more than the
configured limit, the system will remove some old groups automatically to satisfy the
configured limit.
Example
# Limit the maximum number of IGMP groups on Vlan-interface10 to 100.

[Quidway-Vlan-interface10] igmp group-limit 100
5.1.5 igmp group-policy
Syntax
igmp group-policy acl-number [ 1 | 2 | port interface-list

undo igmp group-policy [ port interface-list
View
VLAN interface view
Parameter
acl-number: Number of the basic IP access control list number, defining a multicast
group range. The value ranges from 2000 to 2999.
1: IGMP version 1.
2: IGMP version 2. If IGMP version is not specified, version 2 will be used by default.
port: Limits the IGMP packets passing the port and matching with the ACL rules.
interface-list: Forwarding port list in the form of interface-list = { interface-type
interface-number [ to { interface-type interface-number } ] }&<1-10>. The interface-type
argument refers to the port type, and the interface-number argument refers to the port
5-5
number. For the meanings and ranges of the two arguments, refer to the parameter
descriptions in part “Port Basic Configuration” in this manual.
Description
Use the igmp group-policy command to set the filter of multicast groups on the VLAN
interface to control the access to IP multicast groups.
Use undo igmp group-policy command to remove the filter configured.
By default, no filter is configured, that is, a host can join any multicast group.
If you do not want the hosts on the network that the VLAN interface is on to join some
multicast groups and receive packets from the multicast groups to use this command to
limit the range of the multicast groups serviced by the VLAN interface.
Related command: igmp host-join.
Caution:
Ethernet ports must belong to the igmp-group-policy-enabled VLAN interfaces only.
Example
# Configure the access-list 2000.

# Configure that only the hosts matching ACL 2000 rules on VLAN-interface10 can be
added to the multicast group whose IGMP version is specified to 2.
[Quidway-vlan-interface10] igmp group-policy 2000 2
5.1.6 igmp group-policy vlan
Syntax
igmp group-policy acl-number vlan vlan-id

undo igmp group-policy vlan vlan-id
View
Port view
5-6
Parameter
acl-number: Number of the basic IP access control list number, defining a multicast
group range. The value ranges from 2000 to 2999.
vlan-id: Specifies the ID for the VLAN to which the port belongs.
Description
Use the igmp group-policy vlan command to set the filter of multicast groups on a
port to control the access to the IP multicast groups.
Use the undo igmp group-policy vlan command to remove the configured filter.
By default, no filter is configured, that is, a host can join any multicast group.
This command has the same function with the igmp group-policy command. Note that
the configured port must belong to the specified VLAN, and the IGMP protocol must be
enabled on this port; otherwise, the configuration does not function.
Related command: igmp group-policy, igmp host-join vlan, and igmp host-join
port.
Example
# Configure that only the hosts matching ACL 2000 rules on Ethernet1/0/1 in
VLAN-interface10 can be added to the multicast group.
[Quidway] interface Ethernet 0/1
[Quidway-Ethernet0/1] port access vlan 10
[Quidway-Ethernet0/1] igmp group-policy 2000 vlan 10
5.1.7 igmp host-join port
Syntax
igmp host-join group-address port interface-list

undo igmp host-join group-address port interface-list
View
VLAN interface view
Parameter
group-address: Multicast address of the multicast group that an interface will join.
port: Specifies the port in the VLAN interface.
5-7
interface-list: Forwarding port list in the form of interface-list = { interface-type

interface-number [ to { interface-type interface-number } ] }&<1-10>. The interface-type
argument refers to the port type, and the interface-number argument refers to the port
number. For the meanings and ranges of the two arguments, refer to the parameter
descriptions in part “Port Basic Configuration” in this manual.
Description
Use the igmp host-join port command to enable a port in the VLAN interface of a
switch to join a multicast group.
Use undo igmp host-join port command to disable the configuration.
By default, VLAN interfaces of a switch do not belong to any multicast group.
Related command: igmp group-policy.
Example
# Add port Ethernet 1/0/1 in VLAN-interface10 to the multicast group at 225.0.0.1.

[Quidway-Vlan-interface10] igmp host-join 225.0.0.1 port Ethernet 1/0/1
5.1.8 igmp host-join vlan
Syntax
igmp host-join group-address vlan vlan-id

undo igmp host-join group-address vlan vlan-id
View
Port view
Parameter
group-address: Multicast address of the multicast group that an interface will join.
vlan-id: Specifies the ID for the VLAN to which the port belongs.
Description
Use the igmp host-join vlan command to enable an Ethernet port to join a multicast
group.
Use the undo igmp host-join vlan command to disable the configuration.
By default, an Ethernet port does not join any multicast group.
Related command: igmp group-policy.
5-8
Example
# Add Ethernet 1/0/1 in VLAN-interface10 to the multicast group at 225.0.0.1.

[Quidway] interface Ethernet 0/1
[Quidway-Ethernet0/1] port access vlan 10
[Quidway-Ethernet0/1] igmp host-join 225.0.0.1 vlan 10
5.1.9 igmp lastmember-queryinterval
Syntax
igmp lastmember-queryinterval seconds

undo igmp lastmember-queryinterval
View
VLAN interface view
Parameter
seconds: Interval for the IGMP querier to send IGMP group-specific query packets
when it receives IGMP leave packets from the host. It is in the range of 1 second to 5
seconds.
Description
Use the igmp lastmember-queryinterval command to set the Interval for the IGMP
querier to send IGMP group-specific query packets when it receives IGMP leave
packets from the host.
Use the undo igmp lastmember-queryinterval command to restore the default value.
The interval for the IGMP querier to send IGMP group-specific query packets is one
second by default.
In the shared network, that is, a same network segment including multiple hosts and
multicast routers, the query router (also known as querier) is responsible for
maintaining the IGMP group membership on the interface. When the IGMP v2 host
leaves a group, it sends an IGMP Leave message.
When receiving the IGMP Leave message, the IGMP querier must send the IGMP
group-specific query messages for specified times (by the robust-value argument in the
igmp robust-count command, with default value as 2) in a specified time interval (by
the seconds argument in the igmp lastmember-queryinterval command, with default
5-9
value as 1 second). If other hosts which are interested in the specified group receive
the IGMP query message from the IGMP query router, they will send back the IGMP
Membership Report message within the specified maximum response time interval. If it
receives the IGMP Membership Report message within the defined period (equal to
robust-value × seconds), the IGMP query router continue to maintain the membership
of this group. When receiving no IGMP Membership Report message from any hosts
within the defined period, the IGMP query router considers it as timeout and stops
membership maintenance for the group.
This command is only available on the IGMP query router running IGMP v2. For the
host running IGMP v1, this command cannot take effect for the host may not send the
IGMP Leave message when it leaves a group.
For the related command, see igmp robust-count and display igmp interface.
Example
# Set the query interval at the Vlan-interface10 as 3 seconds.

[Quidway-Vlan-interface10] igmp lastmember-queryinterval 3
5.1.10 igmp max-response-time
Syntax
igmp max-response-time seconds

undo igmp max-response-time
View
VLAN interface view
Parameter
seconds: Maximum response time in the IGMP query messages in second in the range
from 1 to 25. By default, the value is 10 seconds.
Description
Use the igmp max-response-time command to configure the maximum response

time contained in the IGMP query messages.
Use the undo igmp max-response-time command to restore the default value.
The maximum query response time is 10 seconds by default.
The maximum query response time determines the period for a router to quickly detect
that there are no more directly connected group members in a LAN.
5-10
Related command: display igmp group.
Example
# Set the maximum response time carried in host-query packets to 8 seconds.

[Quidway-Vlan-interface10] igmp max-response-time 8
5.1.11 igmp proxy
Syntax
igmp proxy Vlan-interface interface-number

undo igmp proxy
View
VLAN view
Parameter
interface-number: Proxy interface number.
Description
Use the igmp proxy command to specify an interface of the Layer 3 endpoint switch as
the IGMP proxy interface of another interface.
Use the undo igmp proxy command to disable this configuration.
The IGMP proxy feature is disabled by default.
You must enable the PIM protocol on the interface first before enabling the igmp proxy
command on the interface. One interface cannot serve as the IGMP proxy interface of
two or more interfaces.
If the IGMP proxy feature is configured on the same interface for multiple times, the
latest configuration takes effect.
Related command: pim neighbor-policy.
5-11
Caution:
z The multicast route feature and the IGMP protocol must be enabled on the proxy
interface.
z You must enable the PIM protocol on the interface first before enabling the igmp
proxy command on the interface.
z One interface cannot serve as the IGMP proxy interface of two or more interfaces.
Example
# Configure VLAN-interface 2 as the IGMP proxy interface of VLAN-interface 1 on the

Layer 3 switch.
[Quidway- Vlan-interface1] igmp proxy vlan-interface 2
5.1.12 igmp robust-count
Syntax
igmp robust-count robust-value

undo igmp robust-count
View
VLAN interface view
Parameter
robust-value: IGMP robust value, number of sending the IGMP group-specific query
packets after the IGMP querier receives the IGMP Leave packet from the host. It is in
the range of 2 times to 5 times.
Description
Use the igmp robust-count command to set the number of sending the IGMP group
query message after the IGMP query router receives the IGMP Leave message from
the host.
Use the undo igmp robust-count command to restore the default value.
By default, an IGMP querier sends IGMP group-specific query packets twice.
5-12
In the shared network, that is, a same network segment including multiple hosts and
multicast routers, the query router is responsible for maintaining the IGMP group
membership on the interface. When the IGMP v2 host leaves a group, it sends an
IGMP Leave message. When receiving the IGMP Leave message, IGMP query router
must send the IGMP group-specific query message for specified times (by the
robust-value parameter in the igmp robust-count command, with default value as 2)
in a specified time interval (by the seconds parameter in the igmp
lastmember-queryinterval command, with default value as 1 second). If other hosts
which are interested in the specific group receive the IGMP group-specific query
packets from the IGMP query router, they will send back the IGMP Membership Report
packets within the specified maximum response time interval. If it receives the IGMP
Membership Report packets within the defined period (equal to robust-value ×
seconds), the IGMP query router continue to maintain the membership of this group.
When receiving no IGMP Membership Report packet from any hosts within the defined
period, the IGMP query router considers it as timeout and stops membership
maintenance for the group.
This command is only available on the IGMP query router running IGMP v2. For the
host running IGMP v1, this command cannot take effect for the host may not send
IGMP Leave packets when it leaves a group.
Related command: igmp lastmember-queryinterval and display igmp interface.
Example
# Set the robust value of the Vlan-interface 10 to 3.

[Quidway-Vlan-interface10] igmp robust-count 3
5.1.13 igmp timer other-querier-present
Syntax
igmp timer other-querier-present seconds

undo igmp timer other-querier-present
View
VLAN interface view
Parameter
seconds: Presence time of the IGMP querier, in the range of 1 to 131,070 in seconds.
5-13
Description
Use the igmp timer other-querier-present command to configure the presence time
of the IGMP querier.
Use the undo igmp timer other-querier-present command to restore the default
value.
By default, the presence time of the IGMP querier is twice the value of IGMP query
message interval, that is, 120 seconds.
On a shared network, i.e., there are multiple multicast routers on the same network
segment, the query router (querier for short) takes charge of sending query messages
periodically on the interface. If other non-queriers receive no query messages within
the valid period, the router will consider the previous querier to be invalid and the router
itself becomes a querier.
In IGMP version 1, the selection of a querier is determined by the multicast routing
protocol. In IGMP version 2, the router with the lowest IP address on the shared
network segment acts as the querier.
Related command: igmp timer query, and display igmp interface.
Example
# Set the querier to expire after 300 seconds.

[Quidway-Vlan-interface10] igmp timer other-querier-present 300
5.1.14 igmp timer query
Syntax
igmp timer query seconds

undo igmp timer query
View
VLAN interface view
Parameter
seconds: Interval at which a router transmits IGMP query messages, in the range of 1
to 65,535 seconds.
Description
Use the igmp timer query command to configure the interval at which a router
interface sends IGMP query messages.
5-14
Use the undo igmp timer query command to restore the default value.
By default, a router interface transmits IGMP query messages at the interval of 60
seconds.
A multicast router periodically sends out IGMP query messages to attached segments
to find hosts that belong to different multicast groups. The query interval can be
modified according to the practical conditions of the network.
For the related command, see igmp timer other-querier-present.
Example
# Configure to transmit the host-query message every 150 seconds via

VLAN-interface2.
[Quidway-Vlan-interface2] igmp timer query 150
5.1.15 igmp version
Syntax
igmp version { 1 | 2 }
undo igmp version
View
VLAN interface view
Parameter
1: IGMP Version 1.
2: IGMP Version 2.
Description
Use the igmp version command to specify the version of IGMP that a router uses.
Use the undo igmp version command to restore the default value.
The default IGMP version is IGMP version 2.
All routers on a subnet must support the same version of IGMP. After detecting the
presence of IGMP Version 1 system, a router cannot automatically switch to Version 1.
Example
# Run IGMP Version 1 on VLAN-interface10.

5-15

[Quidway-Vlan-interface10] igmp version 1
5.1.16 reset igmp group
Syntax
reset igmp group { all | interface interface-type interface-number { all ||

group-address [ group-mask ] } }
View
User view
Parameter
all: All IGMP groups.

group-address: IGMP group address.
group-mask: Mask of IGMP group address.
Description
Use the reset igmp group command to delete an existing IGMP group from the VLAN
interface. The deleted group can be added to the VLAN interface again.
Example
# Delete all IGMP groups on all the VLAN interfaces.

<Quidway> reset igmp group all
# Delete all IGMP groups on Vlan-interface10.

<Quidway> reset igmp group interface Vlan-interface10 all
# Delete the group 225.0.0.1 from Vlan-interface10.

<Quidway> reset igmp group interface Vlan-interface10 225.0.0.1
# Delete the IGMP groups ranging from 225.1.1.0 to 225.1.1.255 on Vlan-interface10.

<Quidway> reset igmp group interface Vlan-interface10 225.1.1.0 255.255.255.0
5-16
Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 6 PIM Configuration Commands
Chapter 6 PIM Configuration Commands
6.1 PIM Configuration Commands

6.1.1 bsr-policy
Syntax
bsr-policy acl-number
undo bsr-policy
View
PIM view
Parameter
acl-number: ACL number imported in BSR filtering policy, in the range of 2,000 to
2,999.
Description
Use the bsr-policy command to limit the range of legal BSRs to prevent BSR proofing.
Use the undo bsr-policy command to restore the default setting, that is, no range limit
is set and all received messages are taken as legal.
In the PIM SM network using BSR (bootstrap router) mechanism, every router can set
itself as C-BSR (candidate BSR) and take the authority to advertise RP information in
the network once it wins in the contention. To prevent malicious BSR proofing in the
network, the following two measures need to be taken:
z Prevent the router from being spoofed by hosts though faking legal BSR
messages to modify RP mapping. BSR messages are of multicast type and their
TTL is 1, so this type of attacks often hit edge routers. Fortunately, BSRs are
inside the network, while assaulting hosts are outside, therefore neighbor and
RPF checks can be used to stop this type of attacks.
z If a router in the network is manipulated by an attacker, or an illegal router is
accessed into the network, the attacker may set itself as C-BSR and try to win the
contention and gain authority to advertise RP information among the network.
Since the router configured as C-BSR shall propagate BSR messages, which are
multicast messages sent hop by hop with TTL as 1, among the network, then the
network cannot be affected as long as the peer routers do not receive these BSR
messages. One way is to configure bsr-policy on each router to limit legal BSR
range, for example, only 1.1.1.1/32 and 1.1.1.2/32 can be BSR, thus the routers
6-1
cannot receive or forward BSR messages other than these two. Even legal BSRs
cannot contest with them.
Problems may still exist if a legal BSR is attacked, though these two measures can
effectively guarantee high BSR security.
The source parameter in the rule command is translated as BSR address in the
bsr-policy command.
Related command: acl and rule.
Example
# Configure BSR filtering policy on routers, only 101.1.1.1/32 can be BSR.

[Quidway] pim
[Quidway-pim] bsr-policy 2000
[Quidway-pim] quit
[Quidway-acl-basic-2000] rule 0 permit source 101.1.1.1 0
6.1.2 c-bsr
Syntax
c-bsr interface-type interface-number hash-mask-len [ priority ]

undo c-bsr
View
PIM view
Parameter
interface-type interface-number: Specifies the VLAN interface. The candidate BSR is

configured on the VLAN interface. PIM-SM must be enabled on the VLAN interface
first.
hash-mask-len: Length of the mask. The value ranges from 0 to 32.
priority: Priority of the candidate BSR. The larger the value of the priority, the higher the
priority of the BSR. The value ranges from 0 to 255. By default, the priority is 0.
Description
Use the c-bsr command to configure a candidate BSR.

Use the undo c-bsr command to remove the candidate BSR configured.
By default, no candidate BSR is set.
6-2
When configure the candidate BSR, the larger bandwidth should be guaranteed since a
great amount of information will be exchanged between BSR and other devices in the
PIM domain.
Related command: pim sm.
Example
# Configure the switch as a BSR with priority 2 (and the C-BSR address is designated
as the IP address of VLAN-interface10).
[Quidway] pim
[Quidway-pim] c-bsr vlan-interface 10 24 2
6.1.3 c-rp
Syntax
c-rp interface-type interface-number [ group-policy acl-number | priority

priority-value ]*
undo c-rp { interface-type interface-number | all }
View
PIM view
Parameter
interface-type interface-number: Specifies the VLAN interface whose IP address is

advertised as a candidate RP address.
acl-number: Number of the basic ACL that defines a group range, which is the service
range of the advertised RP. The value ranges from 2000 to 2999.
priority-value: Priority value of candidate RP, in the range of 0 to 255. The greatest
value corresponds to the lowest priority level
all: Remove all candidate RP configurations.
Description
Use the c-rp command to configure the router to advertise itself as a candidate RP.
Use the undo c-rp command to remove the configuration.
By default, no candidate RP is configured, and the value of RP priority is 0.
When configuring the candidate RP, a relatively large bandwidth should be reserved for
the router and other devices in the PIM domain.
For the related command, see c-bsr.
6-3
Example
# Configure the switch to advertise the BSR that the switch itself is the C-RP in the PIM.
The standard access list 2000 defines the groups related to the RP. The address of
C-RP is designated as the IP address of VLAN-interface10.
[Quidway] pim
[Quidway-pim] c-rp vlan-interface 10 group-policy 2000
6.1.4 crp-policy
Syntax
crp-policy acl-number
undo crp-policy
View
PIM view
Parameter
acl-number: ACL number imported in C-RP filtering policy, ranging from 3000 to 3999.
Description
Use the crp-policy command to limit the range of legal C-RP, as well as target service
group range of each C-RP, prevent C-RP proofing.
Use the undo crp-policy command to restore the default setting, that is, no range limit
is set and all received messages are taken as legal.
In the PIM SM network using BSR mechanism, every router can set itself as C-RP
(candidate rendezvous point) servicing particular groups. If elected, a C-RP becomes
the RP servicing the current group.
In BSR mechanism, a C-RP router unicast C-RP messages to the BSR, which then
propagates the C-RP messages among the network by BSR message. To prevent
C-RP spoofing, you need to configure crp-policy on the BSR to limit legal C-RP range
and their service group range. Since each C-BSR has the chance to become BSR, you
must configure the same filtering policy on each C-BSR router.
This command uses the ACLs numbered between 3000 and 3999. The source
parameter in the rule command is translated as C-RP address in the crp-policy
command, and the destination parameter as the service group range of this C-RP
6-4
address. For the C-RP messages received, only when their C-RP addresses match the
source address and their server group addresses are subset of those in ACL, can the
be considered as matched.
Related command: acl, and rule.
Example
# Configure C-RP filtering policy on the C-BSR routers, allowing only 1.1.1.1/32 as
C-RP and to serve only for the groups 225.1.0.0/16.
[Quidway] pim
[Quidway-pim] crp-policy 3000
[Quidway-pim] quit
[Quidway-acl-adv-3000] rule 0 permit source 1.1.1.1 0 destination 225.1.0.0
0.0.255.255
6.1.5 display pim bsr-info
Syntax
display pim bsr-info
View
Any view
Parameter
None
Description
Use the display pim bsr-info command to view the BSR information.
Related command: c-bsr, and c-rp.
Example
# Display the BSR information.

<Quidway> display pim bsr-info
Current BSR Address: 20.20.20.30
Priority: 0
Mask Length: 30
Expires: 00:01:55
Local host is BSR
6-5
Table 6-1 Description on the fields of the display pim bsr-info command
Field Description
BSR BootStrap router
Priority Priority of BSR
Mask Length: 30 Length of mask
Expires: 00:01:55 Value of the timer
6.1.6 display pim interface
Syntax
display pim interface [ interface-type interface-number ]
View
Any view
Parameter
interface-type interface-number: Interface type and interface number, used to specify

the VLAN interface.
Description
Use the display pim interface command to view the PIM configuration information of
the interface.
If neither the VLAN interface type nor the VLAN interface number is specified, the PIM
configuration information of all VLAN interfaces is displayed; if both the VLAN interface
type and the VLAN interface number are specified, the PIM configuration information
about the specified VLAN interface is displayed.
Example
# Display the PIM configuration information about the VLAN interface.

<Quidway> display pim interface
PIM information of VLAN-interface 2:
IP address of the interface is 10.10.1.20
PIM is enabled on interface
PIM version is 2
PIM mode is Sparse
PIM query interval is 30 seconds
PIM neighbor limit is 128
PIM neighbor policy is none
Total 1 PIM neighbor on interface
6-6
PIM DR(designated router) is 10.10.1.20
Table 6-2 Description on the fields of the display pim interface command
Field Description
PIM version Version of PIM
PIM mode PIM mode enabled on the VLAN interface (DM or SM)
PIM query interval Hello packet interval

Limit of the PIM neighbors on the VLAN interface. No
PIM neighbor limit
neighbor can be added any more when the limit is reached
Filtering policy of the PIM neighbors on the current
PIM neighbor policy
interface
PIM DR Designated router
6.1.7 display pim neighbor
Syntax
display pim neighbor [ interface interface-type interface-number ]
View
Any view
Parameter
interface-type interface-number: Interface type and interface number, used to specify

the VLAN interface.
Description
Use the display pim neighbor command to view the PIM neighbor information
discovered by the VLAN interface of the switch. If the VLAN interface parameter is
specified, only the PIM neighbor information about the specified VLAN interface is
displayed.
Example
# Display the PIM neighbor information discovered by the VLAN interface of the
neighbor.
<Quidway> display pim neighbor
Neighbor Address Interface Name Uptime Expires
8.8.8.6 VLAN-interface10 1637 89
6-7
Table 6-3 Description on the fields of the display pim neighbor command
Field Description
Neighbor Address Neighbor address
Interface VLAN interface where the neighbor has been discovered

Uptime Time passed since the multicast group has been discovered
Expires Specifies when the member will be removed from the group
6.1.8 display pim routing-table
Syntax
display pim routing-table [ { { *g [ group-address [ mask { mask-length | mask } ] ] |

**rp [ rp-address [ mask { mask-length | mask } ] ] } | { group-address [ mask
{ mask-length | mask } ] | source-address [ mask { mask-length | mask } ] } * } |
incoming-interface { interface-type interface-number | null } | { dense-mode |
sparse-mode } ] *
View
Any view
Parameter
**rp: (*, *, RP) route entry.

*g: (*, G) route entry.
group-address: Address of the multicast group.
source-address: IP address of the multicast source.
incoming-interface interface-type interface-number: View the route entry whose
incoming VLAN interface is the specified VLAN interface.
null: Specifies the VLAN interface type as Null.
dense-mode: Specifies the multicast routing protocol as PIM-DM.
sparse-mode: Specifies the multicast routing protocol as PIM-SM.
Description
Use the display pim routing-table command to view information about the PIM
multicast routing table.
The displayed information about the PIM multicast routing table includes the SPT
information and RPF information.
6-8
Example
# Display the information about the PIM multicast routing table.

<Quidway> display pim routing-table
PIM-SM Routing Table
Total 0 (*,*,RP)entry, 0 (*,G)entry, 2 (S,G)entries
(192.168.1.2, 224.2.178.130),
Protocol 0x20: PIMSM, Flag 0x4: SPT
UpTime: 23:59, Timeout after 196 seconds
Upstream interface: VLAN-interface2, RPF neighbor: NULL
(192.168.1.2, 224.2.181.90),
Protocol 0x20: PIMSM, Flag 0x4: SPT
UpTime: 23:59, Timeout after 196 seconds
Upstream interface: VLAN-interface2, RPF neighbor: NULL
Total 2 entries listed
Table 6-4 Description on the fields of the display routing-table command
Field Description
RP Rendezvous Point
(S,G) (source address, multicast group)
PIM-SM PIM Sparse Mode
SPT Shortest Path Tree
RPF Reverse Path Forwarding
6.1.9 display pim rp-info
Syntax
display pim rp-info [ group-address ]
View
Any view
Parameter
group-address: Specifies the group address to display. If no multicast group is specified,

the RP information about all multicast groups will be displayed.
6-9
Description
Use the display pim rp-info command to view the RP information of the multicast
group.
In addition, this command can also display the BSR and static RP information.
Example
# View the RP information of the multicast group

<Quidway> display pim rp-info
PIM-SM RP-SET information:
BSR is: 4.4.4.6
Group/MaskLen: 224.0.0.0/4
RP 4.4.4.6
Version: 2
Priority: 0
Uptime: 00:39:50
Expires: 00:01:40
Table 6-5 Description on the fields of the display pim rp-info command
Field Description
PIM-SM RP-SET information: Combination of RP information
BSR is the VLAN interface of 4.4.4.6 in the
BSR is: 4.4.4.6
network
Group/MaskLen: 224.0.0.0/4
The RP whose group address is 224.0.0.0 and
RP 4.4.4.6 mask length is 4 is the virtual interface of the IP
Version: 2 address 4.4.4.6.
Priority: 0 The priority of the version 2 RP is 0. It is up for 39
Uptime: 00:39:50 minutes and 50 seconds and expires in one
minutes and forty seconds
Expires: 00:01:40
6.1.10 pim
Syntax
pim
undo pim
View
System view
6-10
Parameter
None
Description
Use the pim command to enter PIM view to configure the global PIM parameters. You
cannot use the pim command to enable the PIM protocol.
Use the undo pim command to exit PIM view to system view and clear the global PIM
configuration parameters.
Example
# Enter PIM view.

[Quidway] pim
[Quidway-pim]
6.1.11 pim bsr-boundary
Syntax
pim bsr-boundary
undo pim bsr-boundary
View
VLAN interface view
Parameter
None
Description
Use the pim bsr-boundary command to configure a VLAN interface of the switch as
the PIM domain boundary.
Use the undo pim bsr-boundary command to remove the configured PIM domain
boundary.
The switch does not set any PIM domain boundary by default.
After you use this command to set a PIM area boundary on a VLAN interface, all
Bootstrap messages cannot cross this domain boundary. However, the other PIM
packets can pass this domain boundary. In this way, you can divide the
PIM-SM-running network into multiple domains, each of which uses a different
Bootstrap router.
6-11
Note that you cannot use this command to set up a multicast boundary. Instead, what
you use this command to set up is just a PIM Bootstrap packet boundary.
Related command: c-bsr.
Example
# Configure domain boundary on VLAN-interface10.

[Quidway] pim
[Quidway-Vlan-interface10] pim bsr-boundary
6.1.12 pim dm
Syntax
pim dm
undo pim dm
View
VLAN interface view
Parameter
None
Description
Use the pim dm command to enable PIM-DM.

Use the undo pim dm command to disable PIM-DM.
By default, PIM-DM is disabled.
Once enabled PIM-DM on an interface, PIM-SM cannot be enabled on the same
interface and vice versa.
Example
# Enable the PIM-DM protocol on VLAN-interface10 of the Ethernet switch.

[Quidway-Vlan-interface10] pim dm
6-12
6.1.13 pim neighbor-limit
Syntax
pim neighbor-limit limit

undo pim neighbor-limit
View
VLAN interface view
Parameter
limit: Upper limit of PIM neighbors on the VLAN interface, in the range of 0~128.
Description
Use the pim neighbor-limit command to limit the number PIM neighbors on a router
interface. No neighbor can be added to the router any more when the limit is reached.
Use the undo pim neighbor-limit command to restore the default setting.
By default, the number of PIM neighbors on a VLAN interface is limited within 128.
If the number of existing PIM neighbors exceeds the configured limit, they will not be
deleted.
Example
# Limit the number of PIM neighbors on Vlan-interface10 within 50.

[Quidway-Vlan-interface10] pim neighbor-limit 50
6.1.14 pim neighbor-policy
Syntax
pim neighbor-policy acl-number

undo pim neighbor-policy
View
VLAN interface view
Parameter
acl-number: Basic ACL number, in the range of 2000 to 2999.
6-13
Description
Use the pim neighbor-policy command to configure the router to filter the PIM
neighbors on the current VLAN interface.
Use the undo pim neighbor-policy command to disable the filtering.
Only the routers that match the filtering rule in the ACL can serve as a PIM neighbor of
the current VLAN interface.
Example
# Configure that 10.10.1.2 can serve as a PIM neighbor of the Vlan-interface10, but not
10.10.1.1.
[Quidway-Vlan-interface10] pim neighbor-policy 2000
[Quidway-acl-basic-2000] rule permit source 10.10.1.2 0
[Quidway-acl-basic-2000] rule deny source 10.10.1.1 0
6.1.15 pim sm
Syntax
pim sm
undo pim sm
View
VLAN interface view
Parameter
None
Description
Use the pim sm command to enable the PIM-SM protocol.

Use the undo pim sm command to disable the PIM-SM protocol.
By default, the switch disables the PIM-SM protocol.
You must enable the PIM-SM protocol on each VLAN interface respectively. Generally,
the PIM-SM protocol is enabled on each VLAN interface.
6-14
Related command: multicast routing-enable.
Example
# Enable the PIM-SM protocol on VLAN-interface10.

[Quidway-Vlan-interface10] pim sm
6.1.16 pim timer hello
Syntax
pim timer hello seconds

undo pim timer hello
View
VLAN interface view
Parameter
seconds: Interval at which a VLAN interface sends Hello packets, in the range of 1
second to 18,000 seconds.
Description
Use the pim timer hello command to set the interval at which a VLAN interface sends
Hello packets.
Use the undo pim timer hello command to restore the default value of the interval.
By default, a VLAN interface sends Hello packets at the interval of 30 seconds.
When the PIM-SM protocol is enabled on a VLAN interface, the switch will periodically
send Hello packets to the network devices supporting PIM. If the VLAN interface
receives Hello packets, it means that the VLAN interface has neighboring network
devices supporting PIM, and the VLAN interface will add the neighbors into its own
neighbor list. If the VLAN interface does not receive any Hello packet from a neighbor in
its neighbor list within the specified time, the neighbor is considered to have left the
multicast group.
Example
# Configure to VLAN-interfaceo10 of the switch to send Hello packet at the interval of

40 seconds.
6-15

[Quidway-Vlan-interface10] pim timer hello 40
6.1.17 register-policy
Syntax
register-policy acl-number
undo register-policy
View
PIM view
Parameter
acl-number: Number of IP advanced ACL, defining the rule of filtering the source and
group addresses. The value ranges from 3000 to 3999.
Description
Use the register-policy command to configure a RP to filter the register packets sent
by the DR in the PIM-SM network and to accept the specified packets only.
Use the undo register-policy command to remove the configured packet filtering.
Example
# If the local device is the RP in the network, using the following command can only
accept multicast message register of the source sending multicast address in the range
of 225.1.0.0/16 on network segment 10.10.0.0/16.
[Quidway-acl-adv-3010] rule permit ip source 10.10.0.0 0.0.255.255
destination 225.1.0.0 0.0.255.255
[Quidway-acl-adv-3010] quit
[Quidway] pim
[Quidway-pim] register-policy 3010
6.1.18 reset pim neighbor
Syntax
reset pim neighbor { all | { neighbor-address | interface interface-type

interface-number } * }
6-16
View
User view
Parameter
all: All PIM neighbors

neighbor-address: Specifies neighbor address.
interface interface-type interface-number: Specifies VLAN interface.
Description
Use the reset pim neighbor command to clear all PIM neighbors or PIM neighbors on
the specified VLAN interface.
Related command: display pim neighbor.
Example
# Clear the PIM neighbor 25.5.4.3.

<Quidway> reset pim neighbor 25.5.4.3
6.1.19 reset pim routing-table
Syntax
reset pim routing-table { all | { group-address [ mask group-mask | mask-length

group-mask-length ] | source-address [ mask source-mask | mask-length
source-mask-length ] | { incoming-interface interface-type interface-number } } * }
View
User view
Parameter
all: All PIM neighbors

group-address: Specifies group address.
mask group-mask: Specifies group mask.
group-mask-length: Specifies mask length of the group address.
source-address: Specifies source address.
mask source-mask: Specifies source mask.
source-mask-length: Specifies mask length of the group address.
incoming-interface: Specifies incoming interface for the route entry in PIM routing
table.
interface-type interface-number: Specifies the VLAN interface.
6-17
Description
Use the reset pim routing-table command to clear all PIM route entries or the
specified PIM route entry.
You can type in source address first and group address after in the command, as long
as they are valid. Error information will be given if you type in invalid addresses.
If in this command, the group-address is 224.0.0.0/24 and source-address is the RP
address (where group address can have a mask, but the resulted IP address must be
224.0.0.0, and source address has no mask), then it means only the (*, *, RP) item will
be cleared.
If in this command, the group-address is any a group address, and source-address is 0
(where group address can have a mask, and source address has no mask), then only
the (*, G) item will be cleared.
This command shall clear not only multicast route entries from PIM routing table, but
also the corresponding route entries and forward entries in the multicast core routing
table and MFC.
Related command: reset multicast routing-table, reset multicast forwarding-table,
and display pim routing-table.
Example
# Clear the route entries with group address 225.5.4.3 from the PIM routing table.
<Quidway> reset pim neighbor 25.5.4.3
6.1.20 spt-switch-threshold
Syntax
spt-switch-threshold { traffic-rate | infinity } [ group-policy acl-number [ order

order-value ] ]
undo spt-switch-threshold [ group-policy acl-number ]
View
PIM view
Parameter
traffic-rate: Rate at which the multicast packets are sent, in the range of 0 to 65,535 in
kbps. When this argument is not 0, the shared tree will not be switched to the short path
tree (SPT).
infinity: Indicates that the shared tree will never be switched to the SPT.
acl-number: Basic ACL number, in the range of 2,000 to 2,999. This argument defines a
group range. The rate of the multicast packets in this group range is limited.
6-18
Description
Use the spt-switch-threshold command to configure the threshold value at which the
shared tree is switched to the SPT.
Use the undo spt-switch-threshold command to restore the threshold to the default
value.
By default, the shared tree is switched to the SPT when the threshold is 0.
In PIM-SM, Ethernet switches forward multicast packets through the shared tree at the
beginning. If the threshold is set to 0, the Ethernet switch at the last hop of multicast
packets will switch the shared tree to the SPT; if the threshold is set to other value
rather than 0, the switch will not switch the shared tree to the SPT.
If the acl-number argument is not specified, the threshold applies to all multicast
groups.
Example
# Specify the switch at the last hop to switch the shared tree to the SPT when it receives
the first multicast packet.
[Quidway]pim
[Quidway-pim] spt-switch-threshold 0
6.1.21 source-policy
Syntax
source-policy acl-number
undo source-policy
View
PIM view
Parameter
acl-number: Basic or advanced ACL, in the range of 2000 to 3999.
Description
Use the source-policy command to configure the router to filter the received multicast
data packets according to the source address or group address.
Use the undo source-policy command to remove the configuration.
If resource address filtering is configured, as well as basic ACLs, then the router filters
the resource addresses of all multicast data packets received. Those not matched will
be discarded.
6-19
If resource address filtering is configured, as well as advanced ACLs, then the router
filters the resource and group addresses of all multicast data packets received. Those
not matched will be discarded.
When this feature is configured, the router filters not only multicast data, but the
multicast data encapsulated in the registration packets.
Example
# Set to receive the multicast data packets from source address 10.10.1.2, but discard
those from 10.10.1.1.
[Quidway] pim
[Quidway-pim] source-policy 2000
[Quidway-pim] quit
[Quidway-acl-basic-2000] rule permit source 10.10.1.2 0
6.1.22 static-rp
Syntax
static-rp rp-address [ acl-number ]

undo static-rp
View
PIM view
Parameter
rp-address: Static RP address, only being legal unicast IP address.

acl-number: Basic ACL, used to control the range of multicast group served by static RP,
which ranges from 2000 to 2999. If an ACL is not specified upon configuration, static
RP will serve all multicast groups; if an ACL is specified, static RP will only serve the
multicast group passing the ACL.
Description
Use the static-rp command to configure static RP.

Use the undo static-rp command to remove the configuration.
6-20
Static RP functions as the backup of dynamic RP so as to improve the network

robustness. If the RP elected by BSR mechanism is valid, static RP will not work. All
routers in the PIM domain must be configured with this command and be specified with
the same RP address.
The new configuration overwrites the old one if you execute the command for a second
time.
Related command: display pim rp-info.
Example
# Configure 10.110.0.6 as a static RP.

[Quidway] pim
[Quidway-pim] static-rp 10.110.0.6
6-21
Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 7 MSDP Configuration Commands
Chapter 7 MSDP Configuration Commands
7.1 MSDP Configuration Commands

7.1.1 cache-sa-enable
Syntax
cache-sa-enable
undo cache-sa-enable
View
MSDP view
Parameter
None
Description
Use the cache-sa-enable command to enable the SA message cache mechanism.

Use the undo cache-sa-enable command to disable the cache mechanism.
By default, a router caches (S, G) entries after it receives an SA message.
If the router is in the cache state, it does not send an SA request message to the
specified MSDP peer when it receives a Join message.
Example
# Enable the router to cache all SA states.

[Quidway] msdp
[Quidway-msdp] cache-sa-enable
7.1.2 display msdp brief
Syntax
display msdp brief
View
Any view
7-1
Parameter
None
Description
Use the display msdp brief command to display the brief information of the MSDP
peer state.
Example
# Display the brief information of the MSDP peer state.

<Quidway> display msdp brief
MSDP Peer Brief Information
Peer's Address State Up/Down time AS SA Count Reset Count
20.20.20.20 Up 00:00:13 100 0 0
Table 7-1 Description on the fields of the display msdp brief command
Field Description
Peer's Address Address of the MSDP peer
State State
Up/Down time Up/down time
AS AS number
SA Count SA count
Reset Count Times of peer connection resets
7.1.3 display msdp peer-status
Syntax
display msdp peer-status [ peer-address ]
View
Any view
Parameter
peer-address: IP address of an MSDP peer.
Description
Use the display msdp peer-status command to display the detailed information of the
MSDP peer state.
Related command: peer.
7-2
Example
# Display the detailed information of MSDP peer state.

<Quidway> display msdp peer-status 10.110.11.11
MSDP Peer 20.20.20.20, AS 100
Description:
Information about connection status:
State: Up
Up/down time: 14:41:08
Resets: 0
Connection interface: LoopBack0 (20.20.20.30)
Number of sent/received messages: 867/947
Number of discarded output messages: 0
Elapsed time since last connection or counters clear: 14:42:40
Information about (Source, Group)-based SA filtering policy:
Import policy: none
Export policy: none
Information about SA-Requests:
Policy to accept SA-Request messages: none
Sending SA-Requests status: disable
Minimum TTL to forward SA with encapsulated data: 0
SAs learned from this peer: 0, SA-cache maximum for the peer: none
Input queue size: 0, Output queue size: 0
Counters for MSDP message:
Count of RPF check failure: 0
Incoming/outgoing SA messages: 0/0
Incoming/outgoing SA requests: 0/0
Incoming/outgoing SA responses: 0/0
Incoming/outgoing data packets: 0/0
7.1.4 display msdp sa-cache
Syntax
display msdp sa-cache [ group-address | [ source-address ] ]

[ autonomous-system-number ]
View
Any view
Parameter
group-address: Group address of the (S, G) entry.
7-3
source-address: Source address of the (S, G) entry. If you do not specify a source
address, the system displays all source information of the specified group. If you
specify neither a group address nor a source address, the system displays all SA
caches.
autonomous-system-number: Number of the AS where the (S,G) entry comes from.
The value ranges from 1 to 65535.
Description
Use the display msdp sa-cache command to display (S, G) state learned from an
MSDP peer.
You must configure the cache-sa-enable command before the system can display the
cache state information.
Example
# Display SA messages learned from the MSDP peer.

<Quidway> display msdp sa-cache
MSDP Total Source-Active Cache - 5 entries
(Source, Group) Origin RP Pro AS Uptime Expires

(10.10.1.2, 225.1.1.1) 10.10.10.10 ? ? 00:00:10 00:05:50
(10.10.1.3, 225.1.1.1) 10.10.10.10 ? ? 00:00:11 00:05:49
(10.10.1.2, 225.1.1.2) 10.10.10.10 ? ? 00:00:11 00:05:49
(10.10.2.1, 225.1.1.2) 10.10.10.10 ? ? 00:00:11 00:05:49
(10.10.1.2, 225.1.2.2) 10.10.10.10 ? ? 00:00:11 00:05:49
MSDP matched 5 entries
Table 7-2 Description on the fields of the display msdp sa-cache command
Field Description
(Source, Group) (S, G) entry
Origin RP Source RP address
Pro Inter-domain unicast routing protocol
AS AS number
Uptime Up time
Expires Expiry of a (S, G) entry
7-4
7.1.5 display msdp sa-count
Syntax
display msdp sa-count [ autonomous-system-number ]
View
Any view
Parameter
autonomous-system-number: Specifies the AS where a source and group come from.

The value ranges from 1 to 65535.
Description
Use the display msdp sa-count command to display the number of sources and
groups in MSDP cache.
The debugging output of this command is available only after the configuration of the
cache-sa-enable command.
Example
# View the number of sources and groups in MSDP cache.

<Quidway> display msdp sa-count
Number of cached Source-Active entries, counted by Peer
Peer's Address Number of SA
10.10.10.10 5
Number of source and group, counted by AS

AS Number of source Number of group
100 3 3
Total Source-Active entries: 5
Table 7-3 Description on the fields of the display msdp sa-count command
Field Description
Peer's Address Address of an MSDP peer
Number of SA Number of SA messages
AS AS number
Number of source Number of sources
Number of group Number of groups
7-5
7.1.6 import-source
Syntax
import-source [ acl acl-number ]

undo import-source
View
MSDP view
Parameter
acl-number: Basic or advanced IP ACL number, ranging from 2000 to 3999. An ACL
controls SA message advertisement by filtering sources (basic ACL) and filtering
sources or groups (advanced ACL). If you do not specify this argument, no multicast
source is advertised.
Description
Use the import-source command to specify the (S, G) entries in this domain that need
to be advertised when an MSDP peer creates an SA message.
Use the undo import-source command to cancel the configuration.
By default, an SA message advertise all the (S, G) entries in the domain.
In addition, you can also use the peer sa-policy import command or the peer
sa-policy export command to filter forwarded SA messages.
Example
# Specify the (S, G) entries in the multicast routing table to be advertised when an
MSDP peer creates an SA message.
destination 225.1.0.0 0.0.255.255
[Quidway] msdp
[Quidway-msdp] import-source acl 3101
7.1.7 msdp
Syntax
msdp
undo msdp
7-6
View
System view
Parameter
None
Description
Use the msdp command to enable MSDP and enter MSDP view.
Use the undo msdp command to clear all configurations in MSDP view, release
resources occupied by MSDP, and restore initial state.
Example
# Clear all configurations in MSDP view.

[Quidway] undo msdp
7.1.8 msdp-tracert
Syntax
msdp-tracert source-address group-address rp-address [ max-hops max-hops ]

[ next-hop-info | sa-info | peer-info ]* [ skip-hops skip-hops ]
View
Any view
Parameter
source-address: Multicast source address

group-address: Multicast group address
rp-address: IP address of an RP
max-hops: Maximum number of hops to be traced, ranging from 1 to 255.The default
value is 16.
next-hop-info: Collects the next hop information.
sa-info: Collects the SA entity information.
peer-info: Collects the MSDP peer information.
skip-hops: Number of skipped hops before the detailed information is collected, in the
range of 0 to 255.
7-7
Description
Use the msdp-tracert command to trace the path along which an SA message travels,
so as to locate message loss and minimize configuration errors. After determining the
path of the SA message, you can prevent SA flooding through correct configuration.
By default, the number of skipped hops before the switch collects the detailed
information is 0.
Example
# Trace path information of (10.10.1.1, 225.2.2.2, 20.20.20.20).

<Quidway> msdp-tracert 10.10.1.1 225.2.2.2 20.20.20.20
# Specify the maximum number of hops to be traced and collect the detailed SA and
MSDP peer information.
<Quidway> msdp-tracert 10.10.1.1 225.2.2.2 20.20.20.20 max-hops 10 sa-info
peer-info
MSDP tracert: press CTRL_C to break
D-bit: set if have this (S,G) in cache but with a different RP
RP-bit: set if this router is an RP
NC-bit: set if this router is not caching SA's
C-bit: set if this (S,G,RP) tuple is in the cache
MSDP trace route path information:
Router Address: 20.20.1.1
Fixed-length response info:
Peer Uptime: 10 minutes, Cache Entry Uptime: 30 minutes
D-bit: 0, RP-bit: 1, NC-bit: 0, C-bit: 1
Return Code: Reached-max-hops
Next Hop info:
Next-Hop Router Address: 0.0.0.0
SA info:
Count of SA messages received for this (S,G,RP): 0
Count of encapsulated data packets received for this (S,G,RP):0
SA cache entry uptime: 00:30:00 , SA cache entry expiry time: 00:03:32
Peering info:
Peering Uptime: 10 minutes, Count of Peering Resets: 3
Table 7-4 Description on the fields of the msdp-tracert command
Field Description
The address used by the local router to establish an
Router Address
peering session with the Peer-PRF neighbor
The time of the peering session between the local router
Peer Uptime and a Peer-RPF neighbor, in minutes. The maximum value
is 255.
7-8
Field Description
Up time of the (S, G, RP) entry in SA cache of the local
Cache Entry Uptime
router, in minutes. The maximum value is 255.
An (S, G, RP) entry exists in the SA cache of the local
D-bit: 1 router, but the RP is different from the RP specified in the
request message.
The local router is an RP, but it may be another RP than the
RP-bit: 1
source RP in the (S, G, RP) entry.
NC-bit: 0 SA cache is enabled on the local router.
C-bit: 1 An (S, G, RP) entry exists in SA cache of the local router.
Maximum number of hops is reached. Another possible

Return Code: value is:
Reached-max-hops Hit-src-RP: The router of this hop is the source RP in the
(S, G, RP) entry.
Next-Hop Router If you use the next-hop-info keyword, the address of
Address: 0.0.0.0 Peer-RPF neighbor is displayed.
Count of SA
The number of SA messages received to trace the (S, G,
messages received
RP) entry.
for this (S,G,RP)
Count of
encapsulated data The number of packets received to trace the (S, G, RP)
packets received for entry.
this (S,G,RP)
SA cache entry
The up time of an SA cache entry
uptime
SA cache entry expiry
The expiry time of an SA cache entry
time
Peering Uptime: 10 The time of the peering session between the local router
minutes and a Peer-PRF neighbor
Count of Peering
Count of session resets
Resets
7.1.9 originating-rp
Syntax
originating-rp interface-type interface-number

undo originating-rp
View
MSDP view
7-9
Parameter
interface-type: Interface type

interface-number: Interface number
Description
Use the originating-rp command to allow MSDP peer to use the specified interface IP
address as the RP address in the SA message when the MSDP peer creates SA
messages.
Use the undo originating-rp command to cancel configuration.
By default, the RP address in an SA message is the RP address configured by PIM.
Example
# Configure the IP address of the interface Vlan-interface 100 as the RP address of the
created SA message.
[Quidway] msdp
[Quidway-msdp] originating-rp Vlan-interface 100
7.1.10 peer description
Syntax
peer peer-address description text

undo peer peer-address description
View
MSDP view
Parameter
peer-address: IP address of the MSDP peer.

text: Description text, which is case sensitive. The maximum length is 80 characters.
Description
Use the peer description command to configure the description text for an MSDP peer.
Use the undo peer description command to delete the configured description text.
By default, an MSDP peer has no description text.
The administrator can distinguish MSDP peers by means of the description texts.
Related command: display msdp peer-status.
7-10
Example
# Add the description text “router CstmrA” for the router 125.10.7.6 to specify that the
router is customer A.
[Quidway] msdp
[Quidway-msdp] peer 125.10.7.6 description router CstmrA
7.1.11 peer mesh-group
Syntax
peer peer-address mesh-group name

undo peer peer-address mesh-group
View
MSDP view
Parameter
peer-address: IP address of an MSDP peer in a mesh group.

name: Name of a mesh group, case sensitive, containing 1 to 32 characters.
Description
Use the peer mesh-group command to add an MSDP peer in a mesh group.
Use the undo peer mesh-group command to cancel the configuration.
By default, an MSDP peer does not belong to any mesh group.
Example
# Configure the MSDP peer whose address is 125.10.7.6 as a member of the mesh
group Grp1.
[Quidway] msdp
[Quidway-msdp] peer 125.10.7.6 mesh-group Grp1
7.1.12 peer minimum-ttl
Syntax
peer peer-address minimum-ttl ttl-value

undo peer peer-address minimum-ttl
7-11
View
MSDP view
Parameter
peer-address: IP address of the MSDP peer to which the TTL threshold applies.
ttl-value: TTL threshold, ranging from 0 to 255.
Description
Use the peer minimum-ttl command to configure the minimum TTL value of the
multicast data packets encapsulated in SA messages and to be sent to the specified
MSDP peer.
Use the undo peerminimum-ttl command to restore the default TTL threshold.
By default, the value of TTL threshold is 0.
Example
# Set the TTL threshold to 10, so that only those multicast data packets with a TTL
value greater than or equal to 10 can be forwarded to the MSDP peer 110.10.10.1.
[Quidway] msdp
[Quidway-msdp] peer 110.10.10.1 minimum-ttl 10
7.1.13 peer request-sa-enable
Syntax
peer peer-address request-sa-enable

undo peer peer-address request-sa-enable
View
MSDP view
Parameter
Description
Use the peer request-sa-enable command to enable the router to send an SA request
message to the specified MSDP peer upon receipt of a Join message.
Use the undo peer request-sa-enable command to remove the configuration.
7-12
By default, upon receipt of a Join message, the router sends no SA request message to
the MSDP peer but waits for the next SA message.
Related command: cache-sa-enable.
Example
# Configure to send an SA request message to the MSDP peer 125.10.7.6.

[Quidway] msdp
[Quidway-msdp] peer 125.10.7.6 request-sa-enable
7.1.14 peer sa-cache-maximum
Syntax
peer peer-address sa-cache-maximum sa-limit

undo peer peer-address sa-cache-maximum
View
MSDP view
Parameter

sa-limit: Maximum number of SA messages cached, ranging from 1 to 2,048.
Description
Use the peer sa-cache-maximum command to set the maximum number of SA

messages cached on the router.
Use the undo peer sa-cache-maximum command to restore the default configuration.
By default, the maximum number of SA messages cached on a router is 2,048.
It is recommended to perform this configuration on all MSDP peers on a network that is
vulnerable to DoS attacks.
Related command: display msdp sa-count, display msdp peer-status, and display
msdp brief.
Example
# Configure the SA cache of the router so that it caches a maximum of 100 SA

messages received from the MSDP peer 125.10.7.6.
[Quidway] msdp
7-13
[Quidway-msdp] peer 125.10.7.6 sa-cache-maximum 100
7.1.15 peer connect-interface
Syntax
peer peer-address connect-interface interface-type interface-number

undo peer peer-address
View
MSDP view
Parameter

interface-type interface-number: Interface type and interface number. The local router
uses the primary address of this interface as the source IP to establish TCP connection
with the remote MSDP peer.
Description
Use the peer connect-interface command to configure a MSDP peer.

Use the undo peer connect-interface command to disable the configured MSDP
peer.
If the MSDP router of the local router is also a BGP peer, the MSDP peer and the BGP
peer must use the same IP addresses.
Related command: static-rpf-peer.
Example
# Configure the router whose IP address is 125.10 .7.6 as the MSDP peer of the local
router.
[Quidway] msdp
[Quidway-msdp] peer 125.10.7.6 connect-interface Vlan-interface 100
7.1.16 peer sa-policy
Syntax
peer peer-address sa-policy { import | export } [ acl acl-number ]

undo peer peer-address sa-policy { import | export }
7-14
View
MSDP view
Parameter
import: Receives the SA messages from the specified MSDP peer.

export: Forwards the SA messages from the specified MSDP peer.
peer-address: IP address of the MSDP peer whose SA messages need to be filtered.
acl acl-number: Advanced IP ACL number, ranging from 3000 to 3999.If no ACL is
specified, all (S, G) entries are filtered out.
Description
Use the peer sa-policy command to configure the filtering list for receiving or
forwarding the SA messages from the specified MSDP peer.
Use the undo peer sa-policy command to remove the configuration.
By default, no filtering is imposed on SA messages to be received or forwarded, namely
all SA messages from MSDP peers are received or forwarded.
Example
# Configure a filtering list so that only those SA messages permitted by the advanced IP
ACL 3100 are forwarded.
destination 225.1.0.0 0.0.255.255
[Quidway] msdp
[Quidway-msdp] peer 125.10.7.6 sa-policy export acl 3100
7.1.17 peer sa-request-policy
Syntax
peer peer-address sa-request-policy [ acl acl-number ]

undo peer peer-address sa-request-policy
View
MSDP view
7-15
Parameter
peer-address: IP address of an MSDP peer, the SA request messages sent from which
will be filtered
acl-number: basic IP ACL number, describing a multicast group address, in the range
of 2000 to 2999. If no ACL is specified, all SA request messages will be ignored.
Description
Use the peer sa-request-policy command to limit the SA request messages the router
receives from an MSDP peer.
Use the undo peer sa-request-policy command to remove the limitation.
By default, the router receives all SA request messages from the MSDP peer.
If no ACL is specified, all SA requests will be ignored. If an ACL is specified, only those
SA request messages from the groups that match the ACL rule will be processed while
others are ignored.
Example
# Configure an ACL so that SA request messages from the group address range of
225.1.1.0/24 and from the MSDP peer 175.58.6.5 are received while other SA
messages are ignored.
[Quidway] msdp
[Quidway-msdp] peer 175.58.6.5 sa-request-policy acl 2001
7.1.18 reset msdp peer
Syntax
reset msdp peer peer-address
View
User view
Parameter
peer-address: IP address of the MSDP peer
7-16
Description
Use the reset msdp peer command to reset the TCP connection with the specified
MSDP peer and clear all statistics information of that MSDP peer.
Example
# Reset the TCP connection with the MSDP peer 125.10.7.6 and the statistics of the
MSDP peer.
<Quidway> reset msdp peer 125.10.7.6
7.1.19 reset msdp sa-cache
Syntax
reset msdp sa-cache [ group-address ]
View
User view
Parameter
group-address: Group address; the cached (S, G) entries matching this address are to
be deleted from the SA cache. If no multicast group address is specified, all cached SA
entries will be cleared.
Description
Use the reset msdp sa-cache command to clear cached SA entries of the MSDP peer.
Related command: cache-sa-enable, and display msdp sa-cache.
Example
# Clear the cached entries whose group address is 225.5.4.3 from the SA cache.
<Quidway> reset msdp sa-cache 225.5.4.3
7.1.20 reset msdp statistics
Syntax
reset msdp statistics [ peer-address ]
View
User view
7-17
Parameter
peer-address: Address of the MSDP peer whose statistics, reset information and
input/output information will be cleared. If no MSDP peer address is specified, the
statistics information of all MSDP peers will be cleared.
Description
Use the reset msdp statistics command to clear the statistics information of one or
more MSDP peers without resetting the MSDP peer(s).
Example
# Clear the statistics information of the MSDP peer 125.10.7.6.

<Quidway> reset msdp statistics 125.10.7.6
7.1.21 shutdown
Syntax
shutdown peer-address
undo shutdown peer-address
View
MSDP view
Parameter
peer-address: IP address of an MSDP peer.
Description
Use the shutdown command to shut down the specified MSDP peer.
Use the undo shutdown command to remove the configuration.
By default, no MSDP peer is shut down.
Example
# Shut down the MSDP peer 125.10.7.6.

[Quidway] msdp
[Quidway-msdp] shutdown 125.10.7.6
7-18
7.1.22 static-rpf-peer
Syntax
static-rpf-peer peer-address [ rp-policy ip-prefix-name ]

undo static-rpf-peer peer-address
View
MSDP view
Parameter
peer-address: Address of the static RPF peer receiving SA messages.

rp-policy ip-prefix-name: Specifies a filtering policy based on RP addresses to filter
RPs in SA messages. ip-prefix-name is the IP address prefix list, in the range of 1 to 19
characters.
Description
Use the static-rpf-peer command to configure a static RPF peer.

Use the undo static-rpf-peer command to remove a static RPF peer.
By default, no static RPF peer is configured.
If only one MSDP peer is configured with the peer command, the MSDP peer will be
regarded as a static RPF peer. When configuring multiple static RPF peers for the
same router, you must follow the following two configuration methods::
z In the case that all the peers use the rp-policy keyword: Multiple static RPF peers
take effect at the same time. RPs in SA messages are filtered according to the
prefix list configured; only SA messages whose RP addresses pass the filtering
are received. If multiple static RPF peers using the same rp-policy keyword are
configured, when any of the peers receives an SA message, it will forward the SA
message to the other peers.
z In the case that none of the peers use the rp-policy keyword: According to the
configuration sequence, only the first static RPF peer whose connection state is
UP is active. All the SA messages from this peer will be received and those from
other static RPF peers will be discarded. Once the active static RPF peer fails
(because the configuration is removed or the connection is terminated), based on
the configuration sequence, the subsequent first static RPF peer whose
connection is in the UP state will be selected as the active static RPF peer.
Related command: peer and ip ip-prefix.
Example
# Configure a static RPF peer.

7-19
[Quidway] ip ip-prefix list1 permit 130.10.0.0 16 greater-equal 16 less-equal

32
[Quidway] msdp
[Quidway-msdp] static-rpf-peer 130.10.7.6 rp-policy list1
7.1.23 timer retry
Syntax
timer retry seconds

undo timer retry
View
MSDP view
Parameter
seconds: Connection request retry interval in seconds, ranging from 1 to 60.
Description
Use the timer retry command to configure a connection request retry interval.
Use the undo timer retry command to restore the default value.
By default, the connection request retry interval is 30 seconds.
Example
# Set the connection request retry interval to 60 seconds.

<Qudiway> system-view
[Quidway] msdp
[Quidway-msdp] timer retry 60
7-20
Command Manual – 802.1x
Table of Contents
Chapter 1 802.1x Configuration Commands .............................................................................. 1-1

1.1 802.1x Configuration Commands ...................................................................................... 1-1
1.1.1 display dot1x ........................................................................................................... 1-1
1.1.2 dot1x........................................................................................................................ 1-5
1.1.3 dot1x authentication-method................................................................................... 1-6
1.1.4 dot1x dhcp-launch................................................................................................... 1-7
1.1.5 dot1x guest-vlan ...................................................................................................... 1-8
1.1.6 dot1x max-user........................................................................................................ 1-9
1.1.7 dot1x port-control .................................................................................................. 1-10
1.1.8 dot1x port-method ................................................................................................. 1-12
1.1.9 dot1x quiet-period ................................................................................................. 1-13
1.1.10 dot1x retry ........................................................................................................... 1-14
1.1.11 dot1x retry-version-max ...................................................................................... 1-14
1.1.12 dot1x supp-proxy-check ...................................................................................... 1-15
1.1.13 dot1x timer........................................................................................................... 1-17
1.1.14 dot1x version-check ............................................................................................ 1-19
1.1.15 reset dot1x statistics............................................................................................ 1-20
Chapter 2 HABP Configuration Commands ............................................................................... 2-1

2.1 HABP Configuration Commands ....................................................................................... 2-1
2.1.1 display habp ............................................................................................................ 2-1
2.1.2 display habp table ................................................................................................... 2-2
2.1.3 display habp traffic .................................................................................................. 2-2
2.1.4 habp enable............................................................................................................. 2-3
2.1.5 habp server vlan...................................................................................................... 2-4
2.1.6 habp timer ............................................................................................................... 2-5
i
Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 802.1x Configuration Commands
Chapter 1 802.1x Configuration Commands
1.1 802.1x Configuration Commands

1.1.1 display dot1x
Syntax
display dot1x [ sessions | statistics ] [ interface interface-list ]
View
Any view
Parameter
sessions: Displays the formation about 802.1x sessions.

statistics: Displays the statistics information about 802.1x.
interface: Display the 802.1x-related information about a specified port.
interface-list: Ethernet port list. You can specify multiple Ethernet ports by providing
this argument in the form of interface-list = { interface-name [ to interface- name] & <
1-10 >. The interface-name argument is the port index of an Ethernet port and can be
specified in this form: interface-name = { interface-type interface-num }, in which,
interface-type specifies the type of an Ethernet port and interface-num identifies the
number of the port. Note that the interface name after the keyword to must have an
interface-num that is greater than or equal to that of the interface-name before to.
“&<1-10>” means that up to 10 port indexes/port index lists can be provided.
Description
Use the display dot1x command to display 802.1x-related information, such as

configuration information, operation information (session information), and statistics.
When the interface-list argument is not provided, this command displays
802.1x-related information on all ports. The output information can be used to verify
802.1 x-related configurations and to troubleshoot.
Related commands: reset dot1x statistics, dot1x, dot1x retry, dot1x max-user,
dot1x port-control, dot1x port-method, and dot1x timer.
Example
# Display 802.1x-related configuration information.

<Quidway> display dot1x
Equipment 802.1X protocol is enabled
1-1
CHAP authentication is enabled

DHCP-launch is enabled
Proxy trap checker is disabled
Proxy logoff checker is disabled
Configuration: Transmit Period 30 s, Handshake Period 15 s

Quiet Period 60 s, Quiet Period Timer is disabled
Supp Timeout 30 s, Server Timeout 100 s
Interval between version requests is 30s
Maximal request times for version information is 3
The maximal retransmitting times 2
Total maximum 802.1x user resource number is 1024

Total current used 802.1x resource number is 1
802.1X protocol is disabled
Version-Check is disabled
The port is an authenticator
Authentication Mode is Auto
Port Control Type is Mac-based
Max number of on-line users is 256
Authentication Success: 0, Failed: 0

EAPOL Packets: Tx 0, Rx 0
Sent EAP Request/Identity Packets : 0
EAP Request/Challenge Packets: 0
Received EAPOL Start Packets : 0
EAPOL LogOff Packets: 0
EAP Response/Identity Packets : 0
EAP Response/Challenge Packets: 0
Error Packets: 0
Controlled User(s) amount to 0
802.1X protocol is disabled
Version-Check is disabled
The port is an authenticator
1-2
Authentication Mode is Auto

Port Control Type is Mac-based
Max number of on-line users is 256
Authentication Success: 0, Failed: 0

EAPOL Packets: Tx 0, Rx 0
Sent EAP Request/Identity Packets : 0
EAP Request/Challenge Packets: 0
Received EAPOL Start Packets : 0
EAPOL LogOff Packets: 0
EAP Response/Identity Packets : 0
EAP Response/Challenge Packets: 0
Error Packets: 0
Controlled User(s) amount to 0
Ethernet1/0/3
……
Table 1-1 Description on the fields of the display dot1x command
Field Description
Equipment 802.1X protocol is 802.1x protocol (802.1x for short) is enabled on

enabled the switch.
CHAP authentication is enabled CHAP authentication is enabled.
DHCP-launch is disabled DHCP-triggered.802.1x authentication is disabled.
Whether to check a supplicant system that logs in

through a proxy:
z Disable means the switch does not send Trap
Proxy trap checker is disabled packets when it detects that a supplicant
system logs in through a proxy.
z Enable means the switch sends Trap packets
when it detects that a supplicant system logs in
through a proxy.
through a proxy:
z Disable means the switch does not disconnect
Proxy logoff checker is disabled a supplicant system when it detects that the
latter logs in through a proxy.
z Enable means the switch disconnects a
supplicant system when it detects that the latter
logs in through a proxy.
Setting of the Transmission period timer (the
Transmit Period
tx-period)
1-3
Field Description
Setting of the handshake period timer (the

Handshake Period
handshake-period)
Quiet Period Setting of the quiet period timer (the quiet-period)
The quiet period timer is disabled here. It can also

Quiet Period Timer is disabled
be configured as enabled when necessary.
Setting of the supplicant timeout timer

Supp Timeout
(supp-timeout)
Setting of the server-timeout timer

Server Timeout
(server-timeout)
The maximum number of times that a switch can

The maximal retransmitting
send authentication request packets to a
times
supplicant system
Total maximum 802.1x user The maximum number of 802.1x users that a
resource number switch can accommodate
Total current used 802.1x

The number of online supplicant systems
resource number
Ethernet1/0/1 is link-up Ethernet1/0/1 port is in up state.
802.1X protocol is disabled 802.1x is disabled on the port

through a proxy:
z Disable means the switch does not send Trap
Proxy trap checker is disabled packets when it detects that a supplicant
system logs in through a proxy.
z Enable means the switch sends Trap packets
when it detects that a supplicant system logs in
through a proxy.
through a proxy:
z Disable means the switch does not disconnect
Proxy logoff checker is disabled a supplicant system when it detects that the
latter logs in through a proxy.
z Enable means the switch disconnects a
supplicant system when it detects that the latter
logs in through a proxy.
Whether the client version checking function is
enabled:
Version-Check is disabled z Disable means the switch does not checks
client version.
z Enable means the switch checks client version.
The port is an authenticator The port acts as an authenticator system.
Authentication Mode is Auto The port access control mode is Auto.
1-4
Field Description
The port access control method is MAC-based.

Port Control Type is Mac-based That is, supplicant systems are authenticated
based on their MAC addresses.
The maximum number of online users that the port

Max number of on-line users
can accommodate
… Information omitted here
1.1.2 dot1x
Syntax
dot1x [ interface interface-list ]

undo dot1x [ interface interface-list ]
View
Parameter
argument in the form of interface-list = { interface-name [ to interface- name] & < 1-10 >.
The interface-name argument is the port index of an Ethernet port and can be specified
in this form: interface-name = { interface-type interface-num }, in which, interface-type
specifies the type of a port and interface-num identifies the port number. Note that the
interface name after the keyword to must have an interface-num that is greater than or
equal to that of the interface-name before to. &<1-10> means that up to 10 port
indexes/port index lists can be provided,
Description
Use the dot1x command to enable 802.1x globally or for specified Ethernet ports.
Use the undo dot1x command to disable 802.1x globally or for specified Ethernet
ports.
By default, 802.1x is disabled globally and also on all ports
When being executed in system view, the dot1x command enables 802.1x globally if
you do not provide the interface-list argument. And if you specify the interface-list
argument, the command enables 802.1x for the specified Ethernet ports. When being
executed in Ethernet port view, this command enables 802.1x for the current Ethernet
port only. In this case, the interface-list argument is not needed.
You can perform 802.1x-related configurations (globally or on specified ports) either
before or after 802.1x is enabled. If you do not previously perform other 802.1x-related
1-5
configurations when enabling 802.1x globally, the switch adopts the default 802.1x
settings.
802.1x-related configurations take effect on a port only after 802.1x is enabled both
globally and on the port.
Configurations of 8021.x and the maximum number of MAX addresses that can be
learnt are mutually exclusive. This means that when 802.1x is enabled for a port, it
cannot also have the maximum number of MAX addresses to be learned configured at
the same time. And if you configure the maximum number of MAX addresses that can
be learnt for a port, 802.1x is unavailable to it.
Related command: display dot1x.
Example
# Enable 802.1x for Ethernet1/0/1 port.

[Quidway] dot1x interface Ethernet 1/0/1
# Enable 802.1x globally.

[Quidway] dot1x
1.1.3 dot1x authentication-method
Syntax
dot1x authentication-method { chap | pap | eap }

undo dot1x authentication-method
View
System view
Parameter
chap: Authenticates with the help of challenge handshake authentication protocol

(CHAP).
pap: Authenticates with the help of password authentication protocol (PAP).
eap: Authenticates with the help of extensible authentication protocol (EAP).
Description
Use the dot1x authentication-method command to set the 802.1x authentication

method.
1-6
Use the undo dot1x authentication-method command to revert to the default 802.1x
authentication method.
The default 802.1x authentication method is CHAP.
PAP applies a two-way handshaking procedure. In this method, passwords are
transmitted in plain text.
CHAP applies a three-way handshaking procedure. In this method, user names are
transmitted rather than passwords. Therefore this method is safer.
In an EAP authentication method, a switch sends 802.1x authentication information
directly to the RADIUS server in EAP packets, instead of having to convert them into
RADIUS packets before forwarding to the RADIUS server. EAP authentication can be
realized in one of the four sub-methods: PEAP, EAP-TLS, EAP-TTLS and EAP-MD5.
Note:
When the device itself functions as the authentication server, the 802.1X authentication
method cannot be configured to EAP.
Example
# Specify the authentication method to be PAP.

[Quidway] dot1x authentication-method pap
1.1.4 dot1x dhcp-launch
Syntax
dot1x dhcp-launch
undo dot1x dhcp-launch
View
System view
Parameter
None
1-7
Description
Use the dot1x dhcp-launch command to specify an 802.1x-enqbled switch to launch

the process to authenticate a supplicant system when the supplicant system applies for
a dynamic IP address through DHCP.
Use the undo dot1x dhcp-launch command to disable an 802.1x-enqbled switch from
authenticating a supplicant system when the supplicant system applies for a dynamic
IP address through DHCP.
By default, an 802.1x-enabled switch does not authenticate a supplicant system when
the latter applies for a dynamic IP address through DHCP.
Example
# Configure to authenticate a supplicant system when it applies for a dynamic IP

address through DHCP.
[Quidway] dot1x dhcp-launch
1.1.5 dot1x guest-vlan
Syntax
dot1x guest-vlan vlan-id [ interface interface-list ]

undo dot1x guest-vlan vlan-id [ interface interface-list ]
View
Parameter
vlan-id: VLAN ID of a Guest VLAN, in the range from 1 to 4,094.

interface-list: Ethernet port list. You can specify multiple ports by providing this
argument. interface-list = { interface-name [ to interface- name] & < 1-10 >. The
interface-name argument is the port index of a port and can be specified in this form:
interface-name = { interface-type interface-num }, in which, interface-type specifies the
type of a port and interface-num identifies the port number. Note that the interface
name after the keyword to must have an interface-num that is greater than or equal to
that of the interface-name before to. &<1-10>means that up to 10 port indexes/port
index lists can be provided.
1-8
Description
Use the dot1x guest-vlan command to enable the Guest VLAN function for specified
ports.
Use the undo dot1x guest-vlan command to disable the Guest VLAN function for
specified ports.
When being executed in system view:
z If you do not provide the interface-list argument, these two commands apply to all
ports of the switch.
z If you specify the interface-list argument, these two commands apply to the
specified Ethernet ports.
When being executed in Ethernet port view, these two commands apply to the current
Ethernet port only. In this case, the interface-list argument is not needed.
Caution:
z The Guest VLAN function is available only when the switch operates in a port-based
authentication mode.
z Only one Guest VLAN can be configured for each switch.
z The Guest VLAN function is unavailable when the dot1x dhcp-launch command is
configured on the switch, because the switch does not send authentication request
packets.
Related commands: name, vlan-assignment-mode.
Example
# Specify the authentication method to be port-based authentication.

[Quidway] dot1x port-method portbased
# Enable the Guest VLAN function for all ports.

[Quidway] dot1x guest-vlan 1
1.1.6 dot1x max-user
Syntax
dot1x max-user user-number [ interface interface-list ]

undo dot1x max-user [ interface interface-list ]
1-9
View
Parameter
user-number: Maximum number of users a port can accommodate, ranging from 1 to

256. The default number is 256.
interface-list = { interface-name [ to interface- name] & < 1-10 >. The interface-name
argument is the port index of an Ethernet port and can be specified in this form:
interface-name = { interface-type interface-num }, in which, interface-type specifies the
type of a port and interface-num identifies the port number. Note that the interface
name after the keyword to must have an interface-num that is greater than or equal to
that of the interface-name before the to keyword. &<1-10> means that up to 10 port
indexes/port index lists can be provided,
Description
Use the dot1x max-user command to set the maximum number of supplicant systems
an Ethernet port can accommodate.
Use the undo dot1x max-user command to revert to the default maximum supplicant
system number.
When being executed in system view, these two commands apply to all Ethernet ports
of the switch if you do not provide the interface-list argument. And if you specify the
interface-list argument, these commands apply to the specified Ethernet ports.
Example
# Configure the maximum number of users that Ethernet1/01 can accommodate to be

32.
[Quidway] dot1x max-user 32 interface Ethernet 1/0/1
1.1.7 dot1x port-control
Syntax
dot1x port-control { auto | authorized-force | unauthorized-force } [ interface

interface-list ]
undo dot1x port-control [ interface interface-list ]
1-10
View
Parameter
auto: Specifies to operate in auto access control mode. In this mode, a port is
initialized to take all users as unauthorized: it only allows EAPoL packets to pass
through and grants users no permission to network resources. Only after the users
have passed the authentication will the port classify them as authorized and allow them
access to the network resources, which is often the case.
authorized-force: Specifies to operate in authorized-force access control mode.
unauthorized-force: Specifies to operate in unauthorized-force access control mode.
Ports in this mode are constantly in unauthorized state. Supplicant systems connected
to them cannot access the network.
equal to that of the interface-name before the to keyword. &<1-10> means that up to 10
port indexes/port index lists can be provided.
Description
Use the dot1x port-control command to specify the access control method for
Use the undo dot1x port-control command to revert to the default access control
method.
The default access control method is auto.
Use the dot1x port-control command to configure the access control method for
specified 802.1x-enabled ports.
interface-list argument, these commands apply to the specified Ethernet ports.
Example
# Specify Ethernet1/0/1 port to operate in unauthorized-force access control mode.

1-11

[Quidway] dot1x port-control unauthorized-force interface Ethernet 1/0/1
1.1.8 dot1x port-method
Syntax
dot1x port-method { macbased | portbased } [ interface interface-list ]

undo dot1x port-method [ interface interface-list ]
View
Parameter
macbased: Authenticates supplicant systems by MAC addresses.

portbased: Authenticates supplicant system by port numbers.
The default access control method is MAC address-based. That is, the macbased
keyword is specified by default.
Description
Use the dot1x port-method command to specify the access control method for
Use the undo dot1x port-method command to revert to the default access control
method.
If you specify to authenticate supplicant systems by MAC addresses (that is, the
macbased keyword is specified), all supplicant systems connected to the specified
Ethernet ports are authenticated separately. And if an online user logs off, others are
not affected.
If you specify to authenticate supplicant systems by port numbers (that is, the
portbased keyword is specified), all supplicant systems connected to a specified
Ethernet port are able to access the network without being authenticated if a supplicant
system among them passes the authentication. And when the supplicant system logs
off, the network is inaccessible to all other supplicant systems either.
1-12
interface-list argument, these commands apply to the specified Ethernet ports. When
being executed in Ethernet port view, these two commands apply to the current
Example
# Specify to authenticate supplicant systems connected to Ethernet1/0/1 port by port

numbers.
[Quidway] dot1x port-method portbased interface Ethernet 1/0/1
1.1.9 dot1x quiet-period
Syntax
dot1x quiet-period
undo dot1x quiet-period
View
System view
Parameter
None
Description
Use the dot1x quiet-period command to enable the quiet-period timer.

Use the undo dot1x quiet-period command to disable the quiet-period timer.
When a supplicant system fails to pass the authentication, the authenticator system
(such as a Quidway Ethernet switch) will stay quiet for a period (determined by the
quiet-period timer) before it performs another authentication. During the quiet period,
the authenticator system performs no 802.1x authentication.
By default, the quiet-period timer is disabled.
Related commands: display dot1x, dot1x timer.
Example
# Enable the quiet-period timer.

1-13
[Quidway] dot1x quiet-period
1.1.10 dot1x retry
Syntax
dot1x retry max-retry-value

undo dot1x retry
View
System view
Parameter
max-retry-value: Maximum number of times that a switch sends authentication request

packets to online supplicant systems. This argument ranges from 1 to 10.
Description
Use the dot1x retry command to specify the maximum number of times that a switch
will send authentication request packets to supplicant systems.
Use the undo dot1x retry command to revert to the default value.
The default value is 2 times.
Having sent authentication request packets to a supplicant system, a switch will resend
the packets if within a preset period it still has not received any response from the
supplicant system. The dot1x retry command is used to set the maximum number of
times that a switch will resend the request packets. When set to 1, it means that the
switch will only send request packets once, and 2 represents that the switch will resend
the packets once if no response comes back, and so on. This command applies to all
ports.
Example
# Specify the maximum number of times that the switch will resend authentication
request packets to be 9.
[Quidway] dot1x retry 9
1.1.11 dot1x retry-version-max
Syntax
dot1x retry-version-max max-retry-version-value
1-14
undo dot1x retry-version-max
View
System view
Parameter
max-retry-version-value: Maximum number of times that a switch will resend version

request packets to a supplicant system. This argument ranges from 1 to 10.
Description
Use the dot1x retry-version-max command to set the maximum number of times that
a switch will resend version request packets to a connected supplicant system.
Use the undo dot1x retry-version-max command to revert to the default value.
The default value is 3 times.
Having sent a version request packet to the supplicant system, the switch will resend
the packet if within a preset period (as determined by the client version timer) it still has
not received any response from the supplicant system. When the number set by this
command has reached and there is still no response from the supplicant system, the
switch will continue its following authentication without sending further version requests.
This command applies to all ports.
Related commands: display dot1x, dot1x timer.
Example
# Configure the maximum number of times that the switch will resend version request
packets to be 6.
[Quidway] dot1x retry-version-max 6
1.1.12 dot1x supp-proxy-check
Syntax
dot1x supp-proxy-check { logoff | trap } [ interface interface-list ]

undo dot1x supp-proxy-check { logoff | trap } [ interface interface-list ]
View
Parameter
logoff: Disconnects a supplicant system if it logs in through a proxy or through multiple

network cards.
1-15
trap: Sends Trap packets if a supplicant system logs in through a proxy or through
multiple network cards.
Description
Use the dot1x supp-proxy-check command to enable 802.1X client checking for
specified ports.
Use the undo dot1x supp-proxy-check command to disable 802.1X client checking
for specified ports.
By default, 802.1X client checking is disabled for all Ethernet ports.
In system view, execution of the dot1x supp-proxy-check command enables the
supplicant system proxy checking function for specified ports if the interface-list
argument is provided; in Ethernet port view, the interface-list argument is not needed,
only the current port can have the function.
In system view, after enabling global supplicant proxy checking, you also need to
enable this function on specific ports for the function to take effect on these ports.
802.1x proxy checking checks for:
z Supplicant systems logging in through proxies
z Supplicant systems logging in through IE proxies
z Whether or not a supplicant system logs in through multiple network cards (that is,
when supplicant system attempts to log in, it contains more than one active
network cards)
A switch may take the following actions in response to any of the above three cases:
z Disconnects the supplicant system and sends Trap packets (using the dot1x
supp-proxy-check logoff command.)
z Sends Trap packets without disconnecting the supplicant system (using the dot1x
supp-proxy-check trap command.)
This function needs the support of 802.1x clients and CAMS:
z The 802.1x supplicant system must be able to detect whether the client uses
multiple network cards, a proxy, or IE proxy;
z CAMS has disabled the use of multiple network cards, a proxy server, and an IE
proxy server.
1-16
By default, an 802.1x supplicant system enables the use of multiple network cards,
proxies, or IE proxies. If CAMS has these features disabled, it would notify the 802.1
supplicant system to have the corresponding features disabled as well after the latter
has successfully passed the authentication.
Note:
z The supplicant system proxy checking function needs the support of Huawei's
802.1x client program.
z The supplicant system proxy checking function takes effect only after it has been
enabled on CAMS and the client version checking function is enabled on the switch
(using the dot1x version-check command).
Example
# Configure to disconnect any supplicant system connected to Ethernet1/0/1 through

Ethernet1/0/8 ports if it has been detected logging in through a proxy.
[Quidway] dot1x supp-proxy-check logoff
[Quidway] dot1x supp-proxy-check logoff interface Ethernet 1/0/1 to Ethernet
1/0/8
# Configure the switch to send Trap packets if a supplicant system connected to

Ethernet1/0/9 port is detected logging in through a proxy.
[Quidway] dot1x supp-proxy-check trap
[Quidway] dot1x supp-proxy-check trap interface Ethernet 1/0/9
Or
[Quidway] dot1x supp-proxy-check trap
[Quidway-Ethernet1/0/9] dot1x supp-proxy-check trap
1.1.13 dot1x timer
Syntax
dot1x timer { handshake-period handshake-period-value | quiet-period

quiet-period-value | tx-period tx-period-value | supp-timeout supp-timeout-value |
server-timeout server-timeout-value | ver-period ver-period-value }
1-17
undo dot1x timer { handshake-period | quiet-period | tx-period | supp-timeout |

server-timeout | ver-period }
View
System view
Parameter
tx-period: This timer sets the tx-period and is triggered by the switch in one of the
following two cases: The first case is when the client requests for authentication. The
switch sends a unicast request/identity packet to a supplicant system and then enables
the transmission timer. The switch sends another request/identity packet to the
supplicant system if the supplicant system fails to send a reply packet to the switch
when this timer times out. The second case is when the switch authenticates the 802.1x
client who does not request for authentication actively. The switch sends multicast
request/identity packets continuously through the port enabled with 802.1x function,
with the interval of tx-period.
supp-timeout: Supplicant timeout timer, triggered when the switch sends a
request/challenge packet (for MD5 ciphered text) to the supplicant system. If within the
period, no response has been sent back from the supplicant system, the switch will
resend the request/challenge packet.
supp-timeout-value: Time interval of the authentication timer, in seconds. This value
can range from 10 to 120 with a default value of 30.
server-timeout: Server-timeout timer, if within the period, no response has been sent
back from the Authentication server, the switch will resend the request/Identity packet.
server-timeout-value: Value of the server timeout timer, in seconds. This value can
range from 100 to 300 with a default value of 100.
handshake-period: Handshake period timer, triggered when the user has successfully
passed the authentication. It sets the time interval for the switch to resend handshake
request packets to check whether the user is still online. If after N times (as specified by
the dot1x retry command) of retries, the switch still has not received any response
packet from the supplicant system, it will assume that the user is offline.
handshake-period-value: Value of the handshake timer, in seconds. This value can
range from 5 to 1,024 with a default value of 15.
quiet-period: Quiet-period timer, triggered after the user has failed the authentication.
After the time (as specified by the quiet-period timer) has elapsed, the user can resend
the authentication request. During the period, the switch will perform no authentication.
quiet-period-value: Value of the quiet-period timer, in seconds. This value can range
from 10 to 120 with a default value of 60.
1-18
ver-period: Client-version-checking period timer, if within the period, no response

packet has been sent back from the supplicant system, the switch will resend the client
version checking request packet.
ver-period-value: Value of the client-version-checking period timer, in seconds. This
value can range from 1 to 30 with a default value of 30.
Description
Use the dot1x timer command to set a specified 802.1x timer.

Use the undo dot1x timer command to resume the default value of a specified 802.1x
timer.
During an 802.1x authentication process, multiple timers are triggered to ensure that
the supplicant systems, the authenticator systems, and the Authentication servers
interact with each other in an arranged way. To make authentications being processed
in a desired way, you can use the dot1x timer command to set values for these timers
as needed. This may be necessary in certain situations or for some tough network
environments. Normally, the defaults are recommended. (Note that some timers cannot
be adjusted.)
Example
# Set the server-timeout to 150 seconds.

[Quidway] dot1x timer server-timeout 150
1.1.14 dot1x version-check
Syntax
dot1x version-check [ interface interface-list ]

undo dot1x version-check [ interface interface-list ]
View
Parameter
1-19
Description
Use the dot1x version-check command to enable 802.1x client version checking for
Use the undo dot1x version-check command to disable 802.1x client version
checking for specified Ethernet ports.
By default, 802.1x client version checking is disabled on all Ethernet ports.
In system view, execution of the dot1x version-check command enables the client
version checking function for specified ports if the interface-list argument is specified,
otherwise it enables the function globally. In Ethernet port view, only the current port
can have their client version checking function enabled by executing this command and
the interface-list argument is not needed.
Example
# Configure Ethernet1/0/1 port to check the version of the 802.1x client upon receiving
authentication packets.
[Quidway-Ethernet1/0/1] dot1x version-check
1.1.15 reset dot1x statistics
Syntax
reset dot1x statistics [ interface interface-list ]
View
User view
Parameter
1-20
Description
Use the reset dot1x statistics command to clear 802.1x-related statistics.

Use this command to reset 802.1x-related statistics.
In this command:
If the interface-list argument is not specified, this command clears statistics globally
and the 802.1X statistics on all ports.
If the interface-list argument is specified, this command clears statistics on the ports
specified by the argument.
Example
# Clear 802.1x-related statistics on Ethernet1/0/1 port.

<Quidway> reset dot1x statistics interface Ethernet 1/0/1
1-21
Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 2 HABP Configuration Commands
Chapter 2 HABP Configuration Commands
2.1 HABP Configuration Commands

2.1.1 display habp
Syntax
display habp
View
Any view
Parameter
None
Description
Use the display habp command to display HABP configuration and status information.
Example
# Display HABP configuration and status information.

[Quidway] display habp
Global HABP information:
HABP Mode: Server
Sending HABP request packets every 20 seconds
Bypass VLAN: 2
Table 2-1 Description on the fields of the display habp command
Field Description
Indicates the HABP mode of the switch. A switch can
HABP Mode operate as an HABP server (displayed as Server) or an
HABP client (displayed as Client).
Sending HABP request HABP request packets are sent once in every 20
packets every 20 seconds seconds.
Indicates the ID(s) of the VALN(s) to which HABP request
Bypass VLAN
packets are sent
2-1
2.1.2 display habp table
Syntax
display habp table
View
Any view
Parameter
None
Description
Use the display habp table command to display the MAC address table maintained by
HABP.
Example
# Display the MAC address table maintained by HABP.

[Quidway] display habp table
MAC Holdtime Receive Port
001f-3c00-0030 53 Ethernet1/0/1
Table 2-2 Description on the fields of the display habp table command
Field Description
MAC MAC addresses listed in the HABP MAC address table.
Hold time of the entries in the HABP MAC address table. An
Holdtime address will be removed from the table if it has not been updated
during the hold time.
Receive Port The port from which a MAC address is learned
2.1.3 display habp traffic
Syntax
display habp traffic
View
Any view
2-2
Parameter
None
Description
Use the display habp traffic command to display statistics on HABP packets.
Example
# Display statistics on HABP packets.

[Quidway] display habp traffic
HABP counters :
Packets output: 0, Input: 0
ID error: 0, Type error: 0, Version error: 0
Sent failed: 0
Table 2-3 Description on the fields of the display habp traffic command
Field Description
Packets output Number of the HABP packets sent
Input Number of the HABP packets received
ID error Number of HABP packets with ID errors
Type error Number of HABP packets with type errors

Version error Number of HABP packets with version errors
Sent failed Number of HABP packets that failed to be sent
2.1.4 habp enable
Syntax
habp enable
undo habp enable
View
System view
Parameter
None
2-3
Description
Use the habp enable command to enable HABP for a switch.

Use the undo habp enable command to disable HABP for a switch.
By default, HABP is enabled on a switch.
If an 802.1x-enabled switch does not have HABP enabled, it cannot manage the
switches attached to it.
Example
# Enable HABP.
[Quidway] habp enable
2.1.5 habp server vlan
Syntax
habp server vlan vlan-id

undo habp server
View
System view
Parameter
vlan-id: VLAN ID, ranging from 1 to 4,094.
Description
Use the habp server vlan command to configure a switch to operate as an HABP
server and HABP packets to be broadcast in specified VLAN.
Use the undo habp server vlan command to revert to the default HABP mode.
By default, a switch operates as an HABP client.
To specify a switch to operate as an HABP server, you need to enable HABP (using the
habp enable command) for the switch first. Even if HABP is not enabled, the client can
still configure the switch to work as an HABP client, although this has no effect.
Example
# Specify the switch to operate as an HABP server and the HABP packets to be
broadcast in VLAN 2.
[Quidway] habp server vlan 2
2-4
2.1.6 habp timer
Syntax
habp timer interval

undo habp timer
View
System view
Parameter
interval: Interval (in seconds) to send HABP request packets. This argument ranges
from 5 to 600.
Description
Use the habp timer command to set the interval for a switch to send HABP request
packets.
Use the undo habp timer command to revert to the default interval.
The default interval for a switch to send HABP request packets is 20 seconds.
Use these two commands on switches operating as HABP servers only.
Example
# Configure the switch to send HABP request packets once in every 50 seconds
[Quidway] habp timer 50
2-5
Command Manual – AAA & RADIUS & HWTACACS & EAD
Table of Contents
Chapter 1 AAA & RADIUS & HWTACACS Configuration Commands ..................................... 1-1
1.1 AAA Configuration Commands.......................................................................................... 1-1
1.1.1 access-limit.............................................................................................................. 1-1
1.1.2 attribute ................................................................................................................... 1-2
1.1.3 accounting ............................................................................................................... 1-3
1.1.4 accounting optional ................................................................................................. 1-4
1.1.5 authentication .......................................................................................................... 1-5
1.1.6 authorization............................................................................................................ 1-6
1.1.7 cut connection ......................................................................................................... 1-7
1.1.8 display connection................................................................................................... 1-8
1.1.9 display domain ...................................................................................................... 1-10
1.1.10 display local-user ................................................................................................ 1-12
1.1.11 domain................................................................................................................. 1-13
1.1.12 idle-cut................................................................................................................. 1-14
1.1.13 level ..................................................................................................................... 1-15
1.1.14 local-user............................................................................................................. 1-16
1.1.15 local-user password-display-mode...................................................................... 1-17
1.1.16 messenger........................................................................................................... 1-18
1.1.17 name ................................................................................................................... 1-19
1.1.18 password ............................................................................................................. 1-19
1.1.19 radius-scheme..................................................................................................... 1-20
1.1.20 scheme................................................................................................................ 1-21
1.1.21 self-service-url ..................................................................................................... 1-22
1.1.22 service-type ......................................................................................................... 1-24
1.1.23 state..................................................................................................................... 1-25
1.1.24 vlan-assignment-mode........................................................................................ 1-26
1.2 RADIUS Configuration Commands ................................................................................. 1-27
1.2.1 accounting optional ............................................................................................... 1-27
1.2.2 accounting-on enable............................................................................................ 1-28
1.2.3 data-flow-format .................................................................................................... 1-30
1.2.4 display local-server statistics................................................................................. 1-31
1.2.5 display radius scheme........................................................................................... 1-32
1.2.6 display radius statistics ......................................................................................... 1-34
1.2.7 display stop-accounting-buffer .............................................................................. 1-35
1.2.8 key......................................................................................................................... 1-37
1.2.9 local-server............................................................................................................ 1-38
1.2.10 local-server nas-ip............................................................................................... 1-38
1.2.11 nas-ip................................................................................................................... 1-40
i
1.2.12 primary accounting.............................................................................................. 1-41

1.2.13 primary authentication......................................................................................... 1-42
1.2.14 radius client ......................................................................................................... 1-43
1.2.15 radius nas-ip........................................................................................................ 1-43
1.2.16 radius scheme ..................................................................................................... 1-45
1.2.17 radius trap ........................................................................................................... 1-46
1.2.18 reset radius statistics........................................................................................... 1-47
1.2.19 reset stop-accounting-buffer ............................................................................... 1-47
1.2.20 retry ..................................................................................................................... 1-48
1.2.21 retry realtime-accounting..................................................................................... 1-49
1.2.22 retry stop-accounting........................................................................................... 1-50
1.2.23 secondary accounting ......................................................................................... 1-51
1.2.24 secondary authentication .................................................................................... 1-52
1.2.25 server-type .......................................................................................................... 1-53
1.2.26 state..................................................................................................................... 1-54
1.2.27 stop-accounting-buffer enable............................................................................. 1-55
1.2.28 timer .................................................................................................................... 1-56
1.2.29 timer quiet............................................................................................................ 1-57
1.2.30 timer realtime-accounting.................................................................................... 1-58
1.2.31 timer response-timeout ....................................................................................... 1-59
1.2.32 user-name-format................................................................................................ 1-60
1.3 HWTACACS Configuration Commands .......................................................................... 1-61
1.3.1 data-flow-format .................................................................................................... 1-61
1.3.2 display hwtacacs ................................................................................................... 1-62
1.3.3 display stop-accounting-buffer .............................................................................. 1-63
1.3.4 hwtacacs nas-ip..................................................................................................... 1-64
1.3.5 hwtacacs scheme.................................................................................................. 1-65
1.3.6 key......................................................................................................................... 1-66
1.3.7 nas-ip..................................................................................................................... 1-66
1.3.8 primary accounting................................................................................................ 1-67
1.3.9 primary authentication........................................................................................... 1-68
1.3.10 primary authorization........................................................................................... 1-69
1.3.11 reset hwtacacs statistics ..................................................................................... 1-70
1.3.12 reset stop-accounting-buffer ............................................................................... 1-71
1.3.13 retry stop-accounting........................................................................................... 1-72
1.3.14 secondary accounting ......................................................................................... 1-72
1.3.15 secondary authentication .................................................................................... 1-73
1.3.16 secondary authorization ...................................................................................... 1-74
1.3.17 timer quiet............................................................................................................ 1-75
1.3.18 timer realtime-accounting.................................................................................... 1-76
1.3.19 timer response-timeout ....................................................................................... 1-77
1.3.20 user-name-format................................................................................................ 1-78
ii
Chapter 2 EAD Configuration Commands .................................................................................. 2-1

2.1 EAD Configuration Commands.......................................................................................... 2-1
2.1.1 security-policy-server .............................................................................................. 2-1
iii
Command Manual – AAA & RADIUS & HWTACACS & EAD Chapter 1 AAA & RADIUS & HWTACACS
Chapter 1 AAA & RADIUS & HWTACACS

Configuration Commands
1.1 AAA Configuration Commands

1.1.1 access-limit
Syntax
access-limit { disable | enable max-user-number }

undo access-limit
View
ISP domain view
Parameter
disable: Specifies not to limit the number of access users that can be contained in
current ISP domain.
enable max-user-number: Specifies the maximum number of access users that can
be contained in current ISP domain. Where, max-user-number ranges from 1 to 2072.
Description
Use the access-limit command to set the maximum number of access users that can
be contained in current ISP domain.
Use the undo access-limit command to restore the default maximum number.
By default, the number of access users that can be contained in current ISP domain is
unlimited.
Because resource contention may occur between access users, there is a need to
properly limit the number of access users in an ISP domain to provide reliable
performance to the users in the ISP domain.
Example
# Allow ISP domain aabbc.net to contain at most 500 access users.

[Quidway] domain aabbc.net
New Domain added.
[Quidway-isp-aabbcc.net] access-limit enable 500
1-1
1.1.2 attribute
Syntax
attribute { ip ip-address | mac mac-address | idle-cut second | access-limit

max-user-number | vlan vlan-id | location { nas-ip ip-address port port-number |
port port-number } }*
undo attribute { ip | mac | idle-cut | access-limit | vlan | location }*
View
Local user view
Parameter
ip ip-address: Sets the IP address of the user.

mac mac-address: Sets the MAC address of the user. Where, mac-address is in
H-H-H format.
idle-cut second: Allows the local user to enable the idle-cut function. Where, second
is the idle time before cutting down, which ranges from 60 seconds to 7200 seconds.
access-limit max-user-number: Sets the maximum number of users who can access
the switch with current user name. Where, max-user-number ranges from 1 to 1024.
vlan vlan-id: Sets the VLAN attribute of the user (that is, which VLAN the user belongs
to). Where, vlan-id is an integer ranging from 1 to 4094.
location: Sets the port binding attribute of the user.
nas-ip ip-address: Sets the IP address of the access server to which the user is
bound to. Where, ip-address is in dotted decimal notation and is 127.0.0.1
(representing this device) by default. If the user is bound to a remote port, you must
specify the nas-ip parameter. If the user is bound to a local port, you need not specify
the nas-ip parameter.
port port-number: Sets the port bound with the user. Where, port-number is in the
following format: device ID/slot number/port number; the device ID ranges from 1 to 8,
the slot number ranges from 0 to 15 (if the bound port has no slot number, just input 0
for this item) and the port number ranges from 1 to 255.
Description
Use the attribute command to set the attributes of a user whose service type is
lan-access.
Use the undo attribute command to cancel attribute settings of the user.
Related command: display local-user.
Example
# Set the IP address of user1 to 10.110.50.1.
1-2
[Quidway] local-user user1
New local user added.
[Quidway-luser-user1] attribute ip 10.110.50.1
1.1.3 accounting
Syntax
accounting { none | radius-scheme radius-scheme-name | hwtacacs-scheme

hwtacacs-scheme-name }
undo accounting
View
ISP domain view
Parameter
none: Specifies not to perform user accounting.

radius-scheme radius-scheme-name: Name of a RADIUS scheme, a character
string of up to 32 characters.
hwtacacs-scheme hwtacacs-scheme-name: Name of a HWTACACS scheme, a
Description
Use the accounting command to configure the accounting scheme that will be used
by current ISP domain.
Use the undo accounting command to remove the accounting scheme used by
current ISP domain.
By default, no accounting scheme is configured for the ISP domain.
When you use the accounting command to reference a RADIUS scheme or
HWTACACS scheme for current ISP domain, the RADIUS scheme or HWTACACS
scheme must have already been configured.
If the accounting command is used in ISP domain view, the system uses the scheme
referenced in this command to charge the users. Or else, the system uses the
scheme referenced in the scheme command to charge the users.
Related command: scheme and radius scheme, hwtacacs scheme.
Example
# Specify "radius" as the RADIUS accounting scheme that will be referenced by

current ISP domain.
1-3
[Quidway] domain aabbcc.net
New Domain added.
[Quidway-isp-aabbcc.net] accounting radius-scheme radius
1.1.4 accounting optional
Syntax
accounting optional
undo accounting optional
View
ISP domain view
Parameter
None
Description
Use the accounting optional command to open the accounting-optional switch.

Use the undo accounting optional command to close the accounting-optional
switch.
By default, the accounting-optional switch is closed.
Note that:
When the system charges an online user but it does not find any available RADIUS
accounting server or fails to communicate with any RADIUS accounting server, the
user can continue the access to network resources if the accounting optional
command has been used; otherwise, the user is disconnected from the system. The
accounting optional command is often used in the cases where only authentication
is needed and no accounting is needed.
Example
# Open the accounting-optional switch for the ISP domain named aabbcc.net.
New Domain added.
[Quidway-isp-aabbcc.net] accounting optional
1-4
1.1.5 authentication
Syntax
authentication { radius-scheme radius-scheme-name [ local ] | hwtacacs-scheme

hwtacacs-scheme-name [ local ] | local | none }
View
ISP domain view
Parameter
radius-scheme radius-scheme-name: Specifies to use a RADIUS authentication

scheme.
local: Specifies to use local authentication scheme.
none: Specifies not to perform authentication.
Description
Use the authentication command to configure an authentication scheme for current

ISP domain.
Use the undo authentication command to restore the default authentication scheme
of current domain.
By default, no separate authentication scheme is configured.
Before you use the authentication command to specify a RADIUS scheme to be
referenced by current ISP domain, the RADIUS scheme must has already been
configured.
If you execute the authentication radius-scheme radius-scheme-name local
command, the local scheme is used as the secondary authentication scheme in case
the RADIUS server does not respond normally. That is, if the communication between
the switch and the RADIUS server is normal, no local authentication is performed;
otherwise, local authentication is performed.
If you execute the authentication hwtacacs-scheme hwtacacs-scheme-name local
command, the local scheme is used as the secondary authentication scheme in case
the TACACS server does not respond normally. That is, if the communication
between the switch and the TACACS server is normal, no local authentication is
performed; otherwise, local authentication is performed.
If you execute the authentication local command, the local scheme is used as the
primary scheme. In this case, only local authentication is performed. If you execute
the authentication none command, no authentication is performed.
1-5
With the authentication command configured in an ISP domain view, the system
adopts the authentication scheme referenced in the command to authenticate the
users in the domain, or else it adopts the scheme referenced in the scheme
command.
Example
# Specify "radius" as the RADIUS authentication scheme to be referenced by the ISP

domain aabbcc.net.
New Domain added.
[Quidway-isp-aabbcc.net] authentication radius-scheme radius
# Specify "rd" as the RADIUS authentication scheme to be referenced by the ISP

domain aabbcc, and the local scheme as the secondary authentication scheme.
[Quidway] domain aabbcc
New Domain added.
[Quidway-isp-aabbcc] authentication radius-scheme rd local
1.1.6 authorization
Syntax
authorization { none | hwtacacs-scheme hwtacacs-scheme-name }

undo authorization
View
ISP domain view
Parameter
none: No authentication scheme is adopted.

Description
Use the authorization command to configure the authorization scheme of the current
ISP domain.
Use the undo authorization command to restore the default authorization scheme of
the ISP domain.
1-6
By default, no separate authorization scheme is configured.

Example
# Allow users in current ISP domain to access the network services without being
authorized.
New Domain added.
[Quidway-isp-aabbcc.net] authorization none
1.1.7 cut connection
Syntax
cut connection { all | access-type { dot1x | mac-authentication } | domain

isp-name | interface interface-type interface-number | ip ip-address | mac
mac-address | radius-scheme radius-scheme-name | vlan vlan-id | ucibindex
ucib-index | user-name user-name }
View
System view
Parameter
all: Cuts down all user connections.

access-type { dot1x | mac-authentication }: Cuts down user connections using the
specified access method. dot1x is used to cut down all 802.1x user connections, and
mac-authentication is used to cut down all MAC authentication user connections.
domain isp-name: Cuts down all user connections in the specified ISP domain.
Where, isp-name is the name of an ISP domain. It is a character string of up to 24
characters. You can only specify an existing ISP domain.
interface interface-type interface-number: Cuts down all user connections under the
specified port. Where interface-type is the port type and interface-number is the port
number.
ip ip-address: Cuts down the connection of the user with the specified IP address.
mac mac-address: Cuts down the user connection with the specified MAC address.
Where, mac-address is in the H-H-H format.
radius-scheme radius-scheme-name: Cuts down all user connections using the
specified RADIUS scheme. Where, radius-scheme-name is a character string of up to
32 characters.
1-7
vlan vlan-id: Cuts down all user connections of the specified VLAN. Where, vlan-id
ranges from 1 to 4094.
ucibindex ucib-index: Cuts down the user connection with the specified connection
index. Where, ucib-index ranges from 0 to 2071.
user-name user-name: Cuts down the user connection of the specified user. Where,
user-name is a character string of up to 80 characters. The string cannot contain the
following characters: /:*?<>. It can contain no more than one @ character. The pure
user name (user ID, that is, the part before @) cannot contain more than 55
characters, and the domain name (the part behind @) cannot contain more than 24
characters.
Description
Use the cut connection command to cut down one user connection or one type of
user connections forcibly.
This command cannot cut down the connections of Telnet and FTP users.
Related command: display connection.
Example
# Cut down all user connections in the ISP domain named aabbcc.net.
[Quidway] cut connection domain aabbcc.net
1.1.8 display connection
Syntax
display connection [ access-type { dot1x | mac-authentication } | domain

isp-name | interface interface-type interface-number | ip ip-address | mac
mac-address | radius-scheme radius-scheme-name | hwtacacs-scheme
hwtacacs-scheme-name | vlan vlan-id | ucibindex ucib-index | user-name
user-name ]
View
Any view
Parameter
access-type { dot1x | mac-authentication }: Displays the user connections in

specified access mode. Where, dot1x is used to display all 802.1x user connections,
and mac-authentication is used to display all MAC authentication user connections.
1-8
domain isp-name: Displays all user connections under the specified ISP domain.
Where, isp-name is the name of an ISP domain, a character string of up to 24
interface interface-type interface-number: Displays all user connections on the
specified port.
ip ip-address: Displays all user connections with the specified IP address.
mac mac-address: Displays the connection of the user with the specified MAC
address. Where, mac-address is in dotted hexadecimal notation (in the form of
H.H.H).
radius-scheme radius-scheme-name: Displays all user connections using the
specified RADIUS scheme. Where, radius-scheme-name is a character string of up to
32 characters.
hwtacacs-scheme hwtacacs-scheme-name: Displays all user connections using the
specified RADIUS scheme. Where, hwtacacs-scheme-name is a character string of
up to 32 characters.
vlan vlan-id: Displays all user connections of the specified VLAN. Where, vlan-id
ucibindex ucib-index: Displays the user connection with the specified connection
index. Where, ucib-index ranges from 0 to 2071.
user-name user-name: Displays the user connection with the specified user name.
Where, user-name is a character string in the format of
pure-username@domain-name. The pure-username cannot be longer than 55
characters, the domain-name cannot contain more than 24 characters, and the whole
string cannot be longer than 80 characters.
Description
Use the display connection command to display information about specified or all
user connections.
If you execute this command without specifying any parameter, all user connections
will be displayed.
This command cannot display information about the connections of the FTP users.
Related command: cut connection.
Example
# Display information about all user connections.

<Quidway> display connection
------------------unit 1------------------------
On Unit 1: Total 0 connections matched, 0 listed.
1-9
------------------unit 2------------------------
Index=40 , Username=user1@domain1
MAC=000f-3d80-4ce5 , IP=0.0.0.0
On Unit 2: Total 1 connections matched, 1 listed.
------------------unit 3------------------------
On Unit 3:Total 0 connections matched, 0 listed.
Total 1 connections matched, 1 listed.
# Display information about the user connection with index 0.

[Quidway] display connection ucibindex 0
Index=0 , Username=user1@system
MAC=000f-3d80-4ce5 , IP=192.168.0.3
Access=8021X ,Auth=CHAP ,Port=Ether ,Port NO=0x10003001
Initial VLAN=1, Authorization VLAN=1
ACL Group=Disable
CAR=Disable
Priority=Disable
Start=2000-04-03 02:51:53 ,Current=2000-04-03 02:52:22 ,Online=00h00m29s
On Unit 1:Total 1 connections matched, 1 listed.
Total 1 connections matched, 1 listed.
Here, Port NO=0x10003001 means (by the binary bits):
Table 1-1 Description of the Port NO field
31 to 28 27 to 24 23 to 20 19 to 12 11 to 0
UNIT ID Slot number Subslot number Port number VLAN ID
1.1.9 display domain
Syntax
display domain [ isp-name ]
View
Any view
Parameter
isp-name: Name of an ISP domain, a character string of up to 24 characters. This

must be the name of an existing ISP domain.
1-10
Description
Use the display domain command to display the configuration information about one
specific or all ISP domains.
Related command: access-limit, domain, scheme and state.
Example
# Display the configuration information about all ISP domains.

<Quidway> display domain
0 Domain = system
State = Active
Scheme = LOCAL
Access-limit = Disable
Vlan-assignment-mode = Integer
Domain User Template:
Idle-cut = Disable
Self-service = Disable
Messenger Time = Disable
Default Domain Name: system

Total 1 domain(s).1 listed.
Table 1-2 Description on the fields of the display domain command
Field Description
Domain Domain name
State State
Scheme AAA scheme
Access-Limit Limit on the number of access users

Vlan-assignment-mode VLAN assignment mode
Domain User Template Domain user template
Idle-Cut State of the idle-cut function
Self-service State of the self service
Messenger Time State of the messenger time service
1-11
1.1.10 display local-user
Syntax
display local-user [ domain isp-name | idle-cut { disable | enable } | vlan vlan-id |

service-type { ftp | lan-access | ssh | telnet | terminal } | state { active | block } |
user-name user-name ]
View
Any view
Parameter
domain isp-name: Displays all local users belonging to the specified ISP domain.
Where, isp-name is the name of an ISP domain, a character string of up to 24
idle-cut { disable | enable }: Displays the local users who are inhibited from enabling
the idle-cut function, or the local users who are allowed to enable the idle-cut function.
Where, disable specifies the inhibited local users and enable specifies the allowed
local users.
vlan vlan-id: Displays the local users belonging to the specified VLAN. Where, vlan-id
service-type: Displays the local users of the specified type. You can specify one of
the following user types: ftp, lan-access (generally, this type of users are Ethernet
access users, for example, 802.1x users), ssh, telnet, terminal (this type of users are
terminal users who log into the switch through the Console port).
state { active | block }: Displays the local users in the specified state. Where active
represents the users allowed to request network services, and block represents the
users inhibited to request network services.
user-name user-name: Displays the local user who has the specified user name.
Where, user-name is a character string of up to 80 characters. The string cannot
contain the following characters: /:*?<>. It can contain no more than one @ character.
The pure user name (user ID, that is, the part before @) cannot be longer than 55
characters, and the domain name (the part behind @) cannot be longer than 24
characters.
Description
Use the display local-user command to display information about specified or all
local users.
Related command: local-user.
Example
# Display information about all local users.
1-12
<Quidway> display local-user

The contents of local user user1:
State: Active ServiceType Mask: None
Idle-cut: Disable
Access-limit: Disable Current AccessNum: 0
Bind location: Disable
Vlan ID: Disable
IP address: Disable
MAC address: Disable
Total 1 local user(s) Matched, 1 listed.

ServiceType Mask Meaning: C--Terminal F--FTP L--LanAccess S--SSH T—Telnet
Table 1-3 describes the fields in the above display output.
Table 1-3 Description on the fields of the display local-user command
Field Description
State State of the local user
ServiceType Mask Service type mark
Idle-Cut State of the idle-cut function

Access-Limit Limit on the number of access users
Current AccessNum Number of current access users
Bind location Whether or not bound to a port

Vlan ID VLAN of the user
IP address IP address of the user
MAC address MAC address of the user
1.1.11 domain
Syntax
domain { isp-name | default { disable | enable isp-name } }

undo domain isp-name
View
System view
Parameter
isp-name: Name of a ISP domain, a character string of up to than 24 characters. This

string cannot contain the following characters: /:*?<>.
1-13
default: Manually configures the default ISP domain, which is "system" by default.
There is one and only one default ISP domain.
disable: Disables the configured default ISP domain.
enable: Enables the configured default ISP domain.
Description
Use the domain command to create an ISP domain and enter its view, or enter the
view of an existing ISP domain, or configure the default ISP domain.
Use the undo domain command to delete a specified ISP domain.
By default, an ISP domain "system" has already existed in the system, and you can
use the display domain command to check the settings of this default ISP domain.
After you execute the domain command, the system creates a new ISP domain if the
specified ISP domain does not exist. Once an ISP domain is created, it is in the active
state. You can manually configure the default domain only when it has already
existed.
Related command: access-limit, scheme, state and display domain.
Example
# Create a new ISP domain aabbcc.net.

New Domain added.
[Quidway-isp-aabbcc.net]
1.1.12 idle-cut
Syntax
idle-cut { disable | enable minute flow }
View
ISP domain view
Parameter
disable: Inhibits users from enabling the idle-cut function.

enable: Allows users to enable the idle-cut function.
minute: Maximum idle time, ranging from 1 minute to 120 minutes.
flow: Minimum data flow, ranging from 1 byte to 10,240,000 bytes.
1-14
Description
Use the idle-cut command to set the user idle-cut function in current ISP domain.
By default, this function is disabled.
Related command: domain.
Example
# Allow users in ISP domain aabbcc.net to enable the idle-cut attribute in user
template (that is, allow the user to use the idle-cut function), with the maximum idle
time of 50 minutes and the minimum data flow of 500 bytes.
New Domain added.
[Quidway-isp-aabbcc.net] idle-cut enable 50 500
1.1.13 level
Syntax
level level
undo level
View
Local user view
Parameter
level: Priority level of the user. It is an integer ranging from 0 to 3 and defaulting to 0.
Description
Use the level command to set the priority level of the user. The priority level of the
user corresponds to the command level of the user. Refer to the description of the
command-privilege level command in the command line interface module.
Use the undo level command to restore the default priority level of the user.
Note that:
z If the configured authentication method is none or requires a password, the
command level that a user can access after login is determined by the level of the
user interface.
z If the configured authentication method requires a user name and a password,
the command level that a user can access after login is determined by the priority
level of the user. For SSH users, when they use RSA shared keys for
1-15
authentication, the commands they can access are determined by the levels sets
on the user interfaces.
Related command: local-user.
Example
# Set the level of user1 to 3.

[Quidway-luser-user1] level 3
1.1.14 local-user
Syntax
local-user user-name
undo local-user { user-name | all [ service-type { ftp | lan-access | ssh | telnet |
terminal } ] }
View
System view
Parameter
user-name: Name of the local user, a character string of up to 80 characters. This

string cannot contain the following characters: /:*?<>. It can contain no more than one
@ character. The pure user name (user ID, that is, the part before @) cannot be
longer than 55 characters, and the domain name (the part behind @) cannot be
longer than 24 characters. The local user name is case insensitive.
all: Specifies all local users.
service-type: Specifies the local users of the specified type. You can specify one of
the following user types: ftp, lan-access (generally, this type of users are Ethernet
access users, for example, 802.1x users), ssh, telnet, and terminal (this type of
users are terminal users who log into the switch through the Console port).
Description
Use the local-user command to add a local user and enter local user view.
Use the undo local-user command to delete one or more specified local users.
By default, there is no local user in the system.
Related command: display local-user and service-type.
1-16
Example
# Add a local user named user1.

[Quidway-luser-user1]
1.1.15 local-user password-display-mode
Syntax
local-user password-display-mode { cipher-force | auto }

undo local-user password-display-mode
View
System view
Parameter
cipher-force: Adopts the forcible cipher mode so that the passwords of all local users
must be displayed in cipher text.
auto: Adopts the automatic mode so that the passwords of local users are displayed
in the modes set with the password command.
Description
Use the local-user password-display-mode command to set the password display

mode of all local users
Use the undo local-user password-display-mode command to restore the default
password display mode of all local users.
By default, the password display mode of all access users is auto.
When the cipher-force mode is adopted, all passwords will be displayed in cipher
text even through some users have specified to display their passwords in plain text
by using the password command with the simple keyword.
Related command: display local-user and password.
Example
# Specify to display all local user passwords in cipher text forcibly.

[Quidway] local-user password-display-mode cipher-force
1-17
1.1.16 messenger
Syntax
messenger time { enable limit interval | disable }

undo messenger time
View
ISP domain view
Parameter
limit: Time limit in minutes, ranging from 1 to 60. The switch will send prompt
messages at regular intervals to users whose remaining online time is less than this
limit.
interval: Interval to send prompt messages (in minutes). This argument ranges from 5
to 60 and must be a multiple of 5.
Description
Use the messenger time enable command to enable the messenger function and
set the related parameters.
Use the messenger time disable command to disable the messenger function.
Use the undo messenger time command to restore the messenger function to its
default state.
By default, the messenger function is disabled on the switch.
The purpose of this function is to remind online users of their remaining online time
through clients in the form of message dialog.
You can use messenger time enable command to set a remaining online time limit
and the interval to send prompt messages. After that, the switch regularly sends
prompt messages at the set interval to the clients of the users whose remaining online
time is less than the set limit, and the clients inform the users of their remaining online
time in the form of message dialog.
Example
# Enable the switch to send prompt messages at intervals of 5 minutes to the users in
the ISP domain "system" after their remaining online time is less than 30 minutes.
[Quidway] domain system
[Quidway-isp-system] messenger time enable 30 5
1-18
1.1.17 name
Syntax
name string
undo name
View
VLAN view
Parameter
string: VLAN Name for VLAN assignment, a character string of up to 32 characters.
Description
Use the name command to set a VLAN name, which will be used for VLAN
assignment.
Use the undo name command to cancel the VLAN name.
By default, an VLAN uses its VLAN ID (like VLAN 0001) as its name.
This command is used for the dynamic VLAN assignment function. For details about
this function, refer to the vlan-assignment-mode command.
Related command: vlan-assignment-mode.
Example
# Set the name of VLAN 100 to test.

[Quidway] vlan 100
[Quidway-vlan100] name test
1.1.18 password
Syntax
password { simple | cipher } password

undo password
View
Local user view
Parameter
simple: Specifies to display the password in plain text.

cipher: Specifies to display the password in cipher text.
1-19
password: Password you want to set, a character string.

z For simple mode, the password must be in plain text.
z For cipher mode, the password can be either in cipher text or in plain text, which
it is depends on your input.
A password in plain text can be a string with of up to 63 consecutive characters, for
example, aabbcc. A password in cipher text can be a string with 1 to 63 characters, or
88 characters, for example, _(TT8F]Y\5SQ=^Q`MAF4<1!!.
Description
Use the password command to set a password for the local user.
Use the undo password command to cancel the password of the local user.
Note that, after the local-user password-display-mode cipher-force command is
executed, the password will be displayed in cipher text even though you use the
password command to set the display mode of the password to simple.
Related command: display local-user.
Example
# Set the password of user1 to 20030422 and specify to display the password in plain
text.
[Quidway-luser-user1] password simple 20030422
1.1.19 radius-scheme
Syntax
radius-scheme radius-scheme-name
View
ISP domain view
Parameter
radius-scheme-name: Name of a RADIUS scheme, a character string of up to 32

characters.
Description
Use the radius-scheme command to specify the RADIUS scheme to be used by

current ISP domain.
1-20
Once an ISP domain is created, it uses the local AAA scheme instead of any RADIUS
scheme by default.
The RADIUS scheme you specified in the radius-scheme command must be an
existing scheme. This command is equivalent to the scheme radius-scheme
command.
Related command: radius scheme, scheme, and display radius scheme.
Example
# Specify the scheme "huawei" as the RADIUS scheme to be used by current ISP
domain "huawei163.net".
[Quidway] domain huawei163.net
New Domain added.
[Quidway-isp-huawei163.net] radius-scheme huawei
1.1.20 scheme
Syntax
scheme { local | none | radius-scheme radius-scheme-name [ local ] |

hwtacacs-scheme hwtacacs-scheme-name [ local ] }
undo scheme { none | radius-scheme | hwtacacs-scheme }
View
ISP domain view
Parameter

characters.
hwtacacs-scheme-name: Name of a HWTACACS scheme, a character string of up to
32 characters.
local: Specifies to use local authentication.
none: Specifies not to perform authentication.
Description
Use the scheme command to configure the AAA scheme used by current ISP
domain.
Use the undo scheme command to restore the default AAA scheme used by the ISP
domain.
By default, the ISP domain uses the local AAA scheme.
1-21
Note that:
z When the scheme command is used to specify the RADIUS scheme to be
referenced by current ISP domain, the specified RADIUS scheme must has
already been configured.
z If you execute the scheme radius-scheme radius-scheme-name local
command, the local scheme becomes the secondary scheme in case the
RADIUS server does not response normally. That is, if the communication
between the switch and the RADIUS server is normal, no local authentication is
z If you execute the scheme hwtacacs-scheme hwtacacs-scheme-name local
command, the local scheme becomes the secondary scheme in case the
TACACS server does not response normally. That is, if the communication
between the switch and the TACACS server is normal, no local authentication is
z If you execute the scheme local command, the local scheme is adopted as the
primary scheme. In this case, only local authentication is performed, no RADIUS
authentication is performed. If you execute the scheme none command, no
authentication is performed.
Related command: radius scheme.
Example
# Specify the RADIUS scheme radius1 as the primary AAA scheme referenced by the
ISP domain aabbcc.net and specify the local scheme as the secondary authentication
scheme.
New Domain added.
[Quidway-isp-aabbcc.net] scheme radius-scheme raduis1 local
1.1.21 self-service-url
Syntax
self-service-url { disable | enable url-string }

undo self-service-url
View
ISP domain view
1-22
Parameter
url-string: URL of the web page used to modify user password on the self-service
server. It is a character string with 1 character to 64 characters. This string cannot
contain a question mark "?". If the actual URL of the self-service server contains any
question mark, you should change it to an elect bar "|".
Description
Use the self-service-url enable command to enable the self-service server location
function
Use the self-service-url disable command to disable the self-service server location
function
Use the undo self-service-url command to restore the default state of this function.
Note that:
z This command must be used with the cooperation of a self-service-supported
RADIUS server (such as CAMS). Through self-service, users can manage and
control their accounts or card numbers by themselves. A server installed with the
self-service software is called a self-service server.
z After this command is executed on the switch, users can locate the self-service
server through the following operation: choose [change user password] on the
802.1x client, the client opens the default browser (for example, IE or NetScape)
and locates the specified URL page used to change user password on the
self-service server. Then, the user can change the password.
z A user can choose the [change user password] option on the client only after
passing the authentication. If the user fails the authentication, this option is in
grey and is unavailable.
Note:
Huawei's CAMS Server is a service management system used to manage networks
and secure networks and user information. Cooperating with other network devices
(such as switches) in a network, the CAMS Server accomplishes the AAA
(authentication, authorization and accounting) services and rights management.
Example
# Under the default ISP domain "system", set the URL of the web page used to modi
fy user password on the self-service server to http://10.153.89.94/selfservice/modPa
sswd1x.jsp|userName.
1-23
[Quidway] domain system
[Quidway-isp-system] self-service-url enable
http://10.153.89.94/selfservice/modPasswd1x.jsp|userName
1.1.22 service-type
Syntax
service-type { ftp | lan-access | { telnet | ssh | terminal }* [ level level ] }

undo service-type { ftp | lan-access | { telnet | ssh | terminal }* }
View
Local user view
Parameter
ftp: Specifies that this is a ftp user.

lan-access: Specifies that this is a LAN access user (who is generally an Ethernet
access user, for example, 802.1x user).
telnet: Authorizes the user to access the Telnet service.
ssh: Authorizes the user to access the SSH service.
terminal: Authorizes the user to access the terminal service (that is, allows the user to
log into the switch through the Console port).
level level: Specifies the level of the Telnet, terminal or SSH user. Where, level is an
integer ranging from 0 to 3 and defaulting to 0.
Description
Use the service-type command to authorize the user to access the specified type(s)
of service(s).
Use the undo service-type command to inhibit the user from accessing the specified
type(s) of service(s).
By default, the user is inhibited from accessing any type of service.
Example
# Authorize user1 to access the Telnet service.

[Quidway-luser-user1] service-type telnet
1-24
1.1.23 state
Syntax
state { active | block }
View
ISP domain view or local user view
Parameter
active: Activates the current ISP domain (in ISP domain view) or local user (in local
user view), to allow users in current ISP domain or current local user to access the
network.
block: Hangs up the current ISP domain (in ISP domain view) or local user (in local
user view), to inhibit users in current ISP domain or current local user from accessing
the network.
Description
Use the state command to set the status of current ISP domain (in ISP domain view)
or the status of the local user (in local user view).
By default, an ISP domain is in the active state once it is created, and a local user is in
the active state once the user is created.
After an ISP domain is set to the block state, except the online users, the users under
this domain are not allowed to access the network.
After the local user is set to the block state, the user is not allowed to access the
network.
Related command: domain.
Example
# Set the ISP domain aabbcc.net to the block state, so that all its offline users cannot
access the network.
New Domain added.
[Quidway-isp-aabbcc.net] state block
# Set user1 to the block state.

[Quidway-user-user1] state block
1-25
1.1.24 vlan-assignment-mode
Syntax
vlan-assignment-mode { integer | string }
View
ISP domain name
Parameter
integer: Sets the VLAN assignment mode to integer.

string: Sets the VLAN assignment mode to string.
Description
Use the vlan-assignment-mode command to set the VLAN assignment mode

(integer or string) on the switch.
By default, the VLAN assignment mode is integer, that is, the switch supports its
RADIUS authentication server to assign integer VLAN IDs.
The dynamic VLAN assignment feature enables a switch to dynamically add the ports
of the successfully authenticated users to different VLANs according to the attributes
assigned by the RADIUS server, so as to control the network resources that different
users can access.
In actual applications, to use this feature together with Guest VLAN, you should better
set port control to port-based mode.
Currently, the switch supports the RADIUS authentication server to assign the
following two types of VLAN IDs: integer and string.
z Integer: If the RADIUS server assigns integer type of VLAN IDs, you can set the
VLAN assignment mode to integer on the switch (this is also the default mode on
the switch). Then, upon receiving an integer ID assigned by the RADIUS
authentication server, the switch adds the port to the VLAN whose VLAN ID is
equal to the assigned integer ID. If no such a VLAN exists, the switch first creates
a VLAN with the assigned ID, and then adds the port to the newly created VLAN.
z String: If the RADIUS server assigns string type of VLAN IDs, you can set the
VLAN assignment mode to string on the switch. Then, upon receiving a string ID
assigned by the RADIUS authentication server, the switch compares the ID with
existing VLAN names on the switch. If it finds a match, it adds the port to the
corresponding VLAN. Otherwise, the VLAN assignment fails and the user cannot
pass the authentication.
The two dynamic VLAN assignment modes supported by the switch are set according
to the authentication server. Different authentication servers adopt different dynamic
1-26
VLAN assignment modes, you are recommended to configure the device according to
the dynamic VLAN assignment mode in use.
Table 1-4 lists some common dynamic VLAN assignment modes.
Table 1-4 Common dynamic VLAN assignment modes
Server type Dynamic VLAN assignment mode

Integer (the latest version is determined
CAMS
by the attribute)
ACS String
Determined by the attribute (100 is
FreeRADIUS
integer; “100” is string)
Shiva Access Manager String
Steel-Belted Radius Administrator String
Note:
In string mode, if the VLAN ID assigned by the RADIUS server is a character string
containing only digits (for example, 1024), the switch first regards it as an integer
VLAN ID: the switch transforms the string to an integer value and judges if the value is
in the valid VLAN ID range; if it is, the switch adds the authenticated port to the VLAN
with the value as the VLAN ID (VLAN 1024, for example).
Related command: name.
Example
# Set the VLAN assignment mode to string.

[Quidway] domain huawei163.net
New Domain added.
[Quidway-isp-huawei163.net] vlan-assignment-mode string
1.2 RADIUS Configuration Commands

1.2.1 accounting optional
Syntax
accounting optional
undo accounting optional
1-27
View
RADIUS scheme view
Parameter
None
Description
Use the accounting optional command to open the accounting-optional switch.

Use the undo accounting optional command to close the accounting-optional
switch so that users are charged forcibly.
By default, once an ISP domain is created, the accounting-optional switch is closed.
Note that:
z When the system charges an online user but it does not find any available
RADIUS accounting server or fails to communicate with any RADIUS accounting
server, the user can continue the access to network resources if the accounting
optional command has been used; otherwise, the user is disconnected from the
system. The accounting optional command is often used in the cases that only
authentication is needed and no accounting is needed.
z After the accounting optional command is used for a RADIUS scheme, the
system will no longer send real-time accounting update packets and
stop-accounting packets for any user who adopts the RADIUS scheme.
z This configuration takes effect only on the accounting using this RADIUS
scheme.
Example
# Execute the accounting-optional command for the RADIUS scheme radius1.

[Quidway] radius scheme radius1
New Radius scheme
[Quidway-radius-radius1] accounting optional
1.2.2 accounting-on enable
Syntax
accounting-on enable [ send times | interval interval ]

undo accounting-on { enable | send | interval }
View
RADIUS scheme view
1-28
Parameter
times: Maximum number of attempts to send Accounting-On packets, ranging from 1

to 256 and defaulting to 15.
interval: Interval to send Accounting-On packets, ranging from 1 to 30 and defaulting
to 3 seconds.
Description
Use the accounting-on enable command to enable the user re-authentication upon
device restart function.
Use the undo accounting-on enable command to disable the user re-authentication
upon device restart function and restore the default interval and maximum number of
attempts to transmit Accounting-On packets.
Use the undo accounting-on send command to restore the default maximum
number of attempts to transmit Accounting-On packets.
Use the undo accounting-on interval command to restore the default interval to
transmit Accounting-On packets.
The purpose of this function is to resolve this problem: users cannot re-log into the
switch after the switch restarts because they are already online. After this function is
enabled, every time the switch restarts:
z The switch generates an Accounting-On packet, which mainly contains the
following information: NAS-ID, NAS-IP address (source IP address), and session
ID.
z The switch sends the Accouting-On packet to CAMS at regular intervals.
z Once the CAMS receives the Accounting-On packet, it sends a response to the
switch. At the same time it finds and deletes the original online information of the
users who accessed the network through the switch before the restart according
to the information contained in this packet (NAS-ID, NAS-IP address and session
ID), and ends the accounting of the users based on the last accounting update
packet.
z Once the switch receives the response from the CAMS, it stops sending other
Accounting-On packets.
z If the switch does not receives any response from the CAMS after the times it
transmit Accounting-On packet reaches the configured maximum times, it does
not send any more Accounting-On packets.
1-29
Note:
The switch can automatically generate the main attributes (NAS-ID, NAS-IP address
and session ID) in the Accounting-On packets. However, you can also manually
configure the NAS-IP address with the nas-ip command. If you choose to manually
configure this attribute, be sure to configure an appropriate and legal IP address. If
this attribute is not configured, the switch will automatically use the IP address of the
VLAN interface as the NAS-IP address.
Related command: nas-ip.
Example
# Enable the user re-authentication upon device restart function for the RADIUS
scheme named CAMS.
[Quidway] radius scheme CAMS
[Quidway-radius-CAMS] accounting-on enable
1.2.3 data-flow-format
Syntax
data-flow-format data { byte | giga-byte | kilo-byte | mega-byte } packet

{ giga-packet | kilo-packet | mega-packet | one-packet }
undo data-flow-format
View
RADIUS scheme view
Parameter
data: Sets the unit of measure for data.

byte: Specifies to measure data in bytes.
giga-byte: Specifies to measure data in gigabytes.
kilo-byte: Specifies to measure data in kilobytes.
mega-byte: Specifies to measure data in megabytes.
packet: Sets the unit of measure for packets.
giga-packet: Specifies to measure packets in giga-packets.
kilo-packet: Specifies to measure packets in kilo-packets.
mega-packet: Specifies to measure packets in mega-packets.
one-packet: Specifies to measure packets in packets.
1-30
Description
Use the data-flow-format command to set the units of measure for data flows sent to
RADIUS servers.
Use the undo data-flow-format command to restore the default units of measure.
By default, the unit of measure for data is byte and that for packets is one-packet.
Related command: display radius scheme.
Example
# Specify to measure data and packets in data flows sent to RADIUS server in
kilobytes and kilo-packets respectively.
New Radius scheme
[Quidway-radius-radius1] data-flow-format data kilo-byte packet kilo-packet
1.2.4 display local-server statistics
Syntax
display local-server statistics
View
Any view
Parameter
None
Description
Use the display local-server statistics command to display the statistics about all
local RADIUS authentication servers.
Related command: local-server.
Example
# Display the statistics about local RADIUS authentication server.

<Quidway> display local-server statistics
On Unit 1:
The localserver packet statistics:
Receive: 30 Send: 30
Discard: 0 Receive Packet Error: 0
Auth Receive: 10 Auth Send: 10
1-31
Acct Receive: 20 Acct Send: 20
1.2.5 display radius scheme
Syntax
display radius [ radius-scheme-name ]
View
Any view
Parameter

characters.
Description
Use the display radius scheme command to display the configuration information
about one specific or all RADIUS schemes
Example
# Display the configuration information about all RADIUS schemes.

<Quidway> display radius scheme
------------------------------------------------------------------
SchemeName =system Index=0 Type=huawei
Primary Auth IP =127.0.0.1 Port=1645
Primary Acct IP =127.0.0.1 Port=1646
Second Auth IP =0.0.0.0 Port=1812
Second Acct IP =0.0.0.0 Port=1813
Auth Server Encryption Key= huawei
Acct Server Encryption Key= huawei
Accounting method = required
Accounting-On packet enable, send times = 15 , interval = 3s
TimeOutValue(in second)=3 RetryTimes=3 RealtimeACCT(in minute)=12
Permitted send realtime PKT failed counts =5
Retry sending times of noresponse acct-stop-PKT =500
Quiet-interval(min) =5
Username format =without-domain
Data flow unit =Byte
Packet unit =1
unit 1 :
Primary Auth State=active, Second Auth State=block
Primary Acc State=active, Second Acc State=block
1-32
------------------------------------------------------------------
Total 1 RADIUS scheme(s). 1 listed
Table 1-5 Description on the fields of the display radius command
Field Description
SchemeName Name of the RADIUS scheme
Index Index number of the RADIUS scheme
Type Type of the RADIUS servers
IP address/access port number of the primary
Primary Auth IP/ Port
authentication server
IP address/access port number of the primary
Primary Acct IP/ Port
accounting server
IP address/access port number of the secondary
Second Auth IP/ Port
authentication server
IP address/access port number of the secondary
Second Acct IP/ Port
accounting server
Auth Server Encryption Key Shared key of the authentication servers
Acct Server Encryption Key Shared key of the accounting servers

Accounting method Accounting method
Accounting-On packet enable, The system sends up to 15 Accounting-on
send times = 15 , interval = 3s packets at intervals of 3 seconds after restarting.
TimeOutValue (seconds) RADIUS server response timeout time
RetryTimes Maximum number of transmission attempts
RealtimeACCT(in minute) Real-time accounting interval in minutes
Permitted send realtime PKT Maximum allowed number of continuous
failed counts no-response real-time accounting requests
Retry sending times of Maximum number of transmission attempts of
nonresponse acct-stop-PKT the buffered stop-accounting requests
Wait time for the primary servers to restore the
Quiet-interval(min)
active state
Username format User name format
Data flow unit Unit of measure for data in data flows
Packet unit Unit of measure for packets
Primary Auth State Status of the primary authentication server
Second Auth State Status of the secondary authentication server
Primary Acc State Status of the primary accounting server
1-33
Field Description
Second Acc State Status of the secondary accounting server
1.2.6 display radius statistics
Syntax
display radius statistics
View
Any view
Parameter
None
Description
Use the display radius statistics command to display the statistics about RADIUS
packets.
Example
# Display the statistics about RADIUS packets.

<Quidway> display radius statistics
state statistic(total=2072):
DEAD=2072 AuthProc=0 AuthSucc=0
AcctStart=0 RLTSend=0 RLTWait=0
AcctStop=0 OnLine=0 Stop=0
StateErr=0
Received and Sent packets statistic:

Unit 1........................................
Sent PKT total :0 Received PKT total:0
RADIUS received packets statistic:
Code= 2,Num=0 ,Err=0
Code=11,Num=0 ,Err=0
Running statistic:
RADIUS received messages statistic:
Normal auth request , Num=0 , Err=0 , Succ=0
1-34
EAP auth request , Num=0 , Err=0 , Succ=0

Account request , Num=0 , Err=0 , Succ=0
Account off request , Num=0 , Err=0 , Succ=0
PKT auth timeout , Num=0 , Err=0 , Succ=0
PKT acct_timeout , Num=0 , Err=0 , Succ=0
Realtime Account timer , Num=0 , Err=0 , Succ=0
PKT response , Num=0 , Err=0 , Succ=0
EAP reauth_request , Num=0 , Err=0 , Succ=0
PORTAL access , Num=0 , Err=0 , Succ=0
Update ack , Num=0 , Err=0 , Succ=0
PORTAL access ack , Num=0 , Err=0 , Succ=0
Session ctrl pkt , Num=0 , Err=0 , Succ=0
Set policy result , Num=0 , Err=0 , Succ=0
RADIUS sent messages statistic:
Auth accept , Num=0
Auth reject , Num=0
EAP auth replying , Num=0
Account success , Num=0
Account failure , Num=0
Cut req , Num=0
Set policy result , Num=0
RecError_MSG_sum:0 SndMSG_Fail_sum :0
Timer_Err :0 Alloc_Mem_Err :0
State Mismatch :0 Other_Error :0
No-response-acct-stop packet =0
Discarded No-response-acct-stop packet for buffer overflow =0
1.2.7 display stop-accounting-buffer
Syntax
display stop-accounting-buffer { radius-scheme radius-scheme-name |

session-id session-id | time-range start-time stop-time | user-name user-name }
View
Any view
Parameter
radius-scheme radius-scheme-name: Displays the buffered stop-accounting

requests of the specified RADIUS scheme. Where, radius-scheme-name is a
character string of up to 32 characters.
1-35
session-id session-id: Displays the buffered stop-accounting requests of the

specified session ID. Where, session-id is a character string of up to 50 characters.
time-range start-time stop-time: Displays the buffered stop-accounting requests in
the specified request time range. Where, start-time is the start time of the request time
range, stop-time is the end time of the request time range, and both are in the format
hh:mm:ss-mm/dd/yyyy or hh:mm:ss-yyyy/mm/dd.
user-name user-name: Displays the buffered stop-accounting requests of the
specified user. Where, user-name is a character string of up to 80 characters. This
string cannot contain the following characters: /:*?<>, and can contain no more than
one @ character. The pure user name (user ID, that is, the part before @) cannot be
longer than 55 characters, and the domain name (the part behind @) cannot be
longer than 24 characters. The user name is case insensitive.
Description
Use the display stop-accounting-buffer command to display the no-response

stop-accounting request packets buffered in the device.
Note:
z You can choose to display the buffered stop-accounting packets of a specified
RADIUS scheme, session ID, or user name. You can also specify a time range to
display those which are sent within the specified time range. The displayed packet
information helps you to diagnose and resolve problems relevant to RADIUS.
z When the switch sends out a stop-accounting packet but gets no response from
the RADIUS server, it first buffers the packet and then retransmits it until the
maximum number of retransmission attempts (set by the retry stop-accounting
command) is reached.
Related command: reset stop-accounting-buffer, stop-accounting-buffer enable

and retry stop-accounting.
Example
# Display the buffered stop-accounting requests from 0:0:0 08/31/2002 to 23:59:59

08/31/2002.
<Quidway> display stop-accounting-buffer time-range 00:00:00-08/31/2002
23:59:59-08/31/2002
Total find 0 record
display stop-accounting-buffer time-range 00:00:00-2002/08/31

23:59:59-2002/08/31
1-36
1.2.8 key
Syntax
key { accounting | authentication } string

undo key { accounting | authentication }
View
RADIUS scheme view
Parameter
accounting: Specifies to set a shared key for the RADIUS accounting packets.
authentication: Specifies to set a shared key for the RADIUS
authentication/authorization packets.
string: Shared key, a character string of up to 16 characters.
Description
Use the key command to set a shared key for the RADIUS
authentication/authorization packets or accounting packets.
Use the undo key command to restore the corresponding default shared key.
By default, there is no shared key.
The RADIUS client and server adopt MD5 algorithm to encrypt the RADIUS packets
exchanged with each other. The two parties verify the validity of the exchanged
packets by using the shared keys that have been set on them, and can accept and
respond to the packets sent from each other only if both of them have the same
shared keys. If the authentication/authorization server and the accounting server are
two separate devices and the two servers have different shared keys, you must set
the shared keys for authentication/authorization packets and accounting packets
respectively on the switch.
Related command: primary accounting, primary authentication and radius
scheme.
Example
# Set the shared key for the RADIUS authentication/authorization packets in RADIUS
scheme radius1 to hello.
New Radius scheme
[Quidway-radius-radius1] key authentication hello
1-37
# Set the shared key for the RADIUS accounting packets in RADIUS scheme radius1
to ok.
New Radius scheme
[Quidway-radius-radius1] key accounting ok
1.2.9 local-server
Syntax
local-server enable
undo local-server
View
System view
Parameter
None
Description
Use the local-server enable command to enable UDP port for local RADIUS
Use the undo local-server command to disable UDP port for local RADIUS
By default, UDP port for local RADIUS authentication server is enabled.
Related command: radius scheme, state and local-server nas-ip.
Example
# Enable UDP port for local RADIUS authentication server.

[Quidway] local-server enable
1.2.10 local-server nas-ip
Syntax
local-server nas-ip ip-address key password

undo local-server nas-ip ip-address
1-38
View
System view
Parameter
nas-ip ip-address: Specifies the IP address of the local RADIUS server. Where,
ip-address is in dotted decimal notation.
key password: Specifies the shared key of the authentication server and access
server. Where, password is a character string of up to 16 characters.
Description
Use the local-server nas-ip command to create a local RADIUS authentication

server (that is, set the related parameters of the server).
Use the undo local-server nas-ip command to delete the specified local RADIUS
By default, a local RADIUS authentication server is used, whose default NAS-IP and
key are 127.0.0.1 and huawei respectively. That is, the local device serves as a
RADIUS authentication server and a network access server, and all authentications
are performed locally.
Note that:
z The switch not only supports the traditional RADIUS client service to accomplish
user AAA management through foreign authentication/authorization server and
accounting server, but also provides a simple local RADIUS server function for
authentication and authorization. This function is called local RADIUS
authentication server function.
z When you use the local RADIUS authentication server function, the UDP port
number for the authentication/authorization service must be 1645, the UDP port
number for the accounting service is 1646.
z The packet encryption key set by the local-server nas-ip command with the key
password parameter must be identical with the authentication/authorization
packet encryption key set by the key authentication command in RADIUS
scheme view.
z The switch supports at most 16 IP addresses and shared keys of the network
access server (including the default local RADIUS authentication server); that is,
when the switch serves as a RADIUS authentication server, it can support at
most 16 network access servers simultaneously to provide authentication.
z As a local RADIUS authentication server, the switch does not support EAP
authentication.
Related command: radius scheme, state and local-server enable.
1-39
Example
# Create a network access server granted by the RADIUS authentication server with
an IP address of 10.110.1.2 and a shared key of aabbcc.
[Quidway] local-server nas-ip 10.110.1.2 key aabbcc
1.2.11 nas-ip
Syntax
nas-ip ip-address
undo nas-ip
View
RADIUS scheme view
Parameter
ip-address: Source IP address for RADIUS packets, an IP address of this device. This
address can neither be the all zero address nor be a Class-D address.
Description
Use the nas-ip command to set the source IP address used by the switch to send
RADIUS packets.
Use the undo nas-ip command to remove the source IP address setting.
By default, the IP address of the outbound interface is used as the source IP address
of the packet.
Note:
The nas-ip command in RADIUS scheme view has the same function as the radius
nas-ip command in system view; and the priority of configuration in RADIUS scheme
view is higher than in system view.
You can specify the source IP address used to send RADIUS packets to prevent the
unreachability of the packets returned from the server due to physical interface
trouble. It is recommended to use the loopback interface address as the source IP
address.
Related command: display radius scheme, radius nas-ip.
1-40
Example
# Set the source IP address used by the switch to send the RADIUS packets to
10.1.1.1.
New Radius scheme
[Quidway-radius-radius1] nas-ip 10.1.1.1
1.2.12 primary accounting
Syntax
primary accounting ip-address [ port-number ]

undo primary accounting
View
RADIUS scheme view
Parameter
ip-address: IP address, in dotted decimal notation. By default, the IP address of the

primary accounting server is 0.0.0.0.
port-number: UDP port number, ranging from 1 to 65535. By default, the UDP port
number of the primary accounting service is 1813.
Description
Use the primary accounting command to set the IP address and port number of the
primary RADIUS accounting server.
Use the undo primary accounting command to restore the default IP address and
port number of the primary RADIUS accounting server.
The IP address and UDP port number of the primary accounting server used by the
default RADIUS scheme "system" are 127.0.0.1 and 1646.
Related command: key, radius scheme and state.
Example
# Set the IP address and UDP port number of the primary accounting server of the
RADIUS scheme radius1 to 10.110.1.2 and 1813.
New Radius scheme
1-41
[Quidway-radius-radius1] primary accounting 10.110.1.2 1813
1.2.13 primary authentication
Syntax
primary authentication ip-address [ port-number ]

undo primary authentication
View
RADIUS scheme view
Parameter

primary authentication/authorization server is 0.0.0.0.
number of the primary authentication/authorization service is 1812.
Description
Use the primary authentication command to set the IP address and port number of
the primary RADIUS authentication/authorization server.
Use the undo primary authentication command to restore the default IP address
and port number of the primary RADIUS authentication/authorization server.
Note that:
z After creating a new RADIUS scheme, you should configure the IP address and
UDP port number of each RADIUS server you want to use in this scheme. These
RADIUS servers fall into two types: authentication/authorization, and accounting.
And for each kind of server, you can configure two servers in a RADIUS scheme:
primary and secondary servers. A RADIUS scheme has the following attributes:
IP addresses of the primary and secondary servers, shared keys, and types of
the RADIUS servers.
z In an actual network environment, you can configure the above parameters as
required. But you should configure at least one authentication/authorization
server and one accounting server, and at the same time, you should keep the
RADIUS service port settings on the switch consistent with those on the RADIUS
servers.
z The IP address and port number of the primary authentication server used by the
default RADIUS scheme "system" are 127.0.0.1 and 1645.
1-42
Example
# Set the IP address and UDP port number of the primary authentication/authorization
server used by the RADIUS scheme radius1 to 10.110.1.1 and 1812.
New Radius scheme
[Quidway-radius-radius1] primary authentication 10.110.1.1 1812
1.2.14 radius client
Syntax
radius client enable

undo radius client
View
System view
Parameter
None
Parameter
Use the radius client enable command to enable UDP port for AAA RADIUS client.
Use the undo radius client command to disable UDP port for AAA RADIUS client.
By default, UDP port for AAA RADIUS client is enabled.
Example
# Enable UDP port for AAA RADIUS client.

[Quidway] radius client enable
1.2.15 radius nas-ip
Syntax
radius nas-ip ip-address

undo radius nas-ip
1-43
View
System view
Parameter
ip-address: Source IP address, an IP address of this device. This address can be

neither an all zero address nor a Class-D address.
Description
Use the radius nas-ip command to set the source IP address used by the switch to
send RADIUS packets.
Use the undo radius nas-ip command to restore the default setting.
By default, no source IP address is specified, and the IP address of the outbound
interface is used as the source IP address of the packet.
Note:
The nas-ip command in RADIUS scheme view has the same function as the radius
nas-ip command in system view; and the priority of configuration in RADIUS scheme
view is higher than in system view.
Note that:
z You can specify the source IP address used to send RADIUS packet to prevent
the unreachability of the packets returned from the server due to physical
interface trouble. It is recommended to use the loopback interface address as the
source IP address.
z You can specify only one source IP address by using this command. When you
use this command again, the newly specified source IP address will overwrite the
old one.
Example
# Set the source IP address used by the switch to send the RADIUS packets to
129.10.10.1.
[Quidway] radius nas-ip 129.10.10.1
1-44
1.2.16 radius scheme
Syntax
radius scheme radius-scheme-name

undo radius scheme radius-scheme-name
View
System view
Parameter
radius-scheme-name: Name of the RADIUS scheme, a character string of up to 32

characters.
Description
Use the radius scheme command to create a RADIUS scheme and enter its view.
Use the undo radius scheme command to delete the specified RADIUS scheme.
By default, a RADIUS scheme named "system" has already been created in the
system.
Note that:
z All the attributes of the RADIUS scheme "system" take the default values, which
you can see by using the display radius scheme command.
z The RADIUS protocol configuration is performed on a RADIUS scheme basis.
For each RADIUS scheme, you should specify at least the IP addresses and
UDP port numbers of the RADIUS authentication/authorization and accounting
servers, and the parameters required for the RADIUS client to interact with the
RADIUS servers. You should first create a RADIUS scheme and enter its view
before performing other RADIUS protocol configurations.
z A RADIUS scheme can be referenced by multiple ISP domains simultaneously.
z The undo radius scheme command cannot be used to delete the default
RADIUS scheme. In addition, you are not allowed to delete a RADIUS scheme
which is being used by an online user.
Related command: key, retry realtime-accounting, scheme, timer
realtime-accounting, stop-accounting-buffer enable, retry stop-accounting,
server-type, state, user-name-format, retry, display radius scheme and display
radius statistics.
Example
# Create a RADIUS scheme named radius1 and enter its view.

1-45

New Radius scheme
[Quidway-radius-radius1]
1.2.17 radius trap
Syntax
radius trap { authentication-server-down | accounting-server-down }

undo radius trap { authentication-server-down | accounting-server-down }
View
System view
Parameter
None
Description
Use the radius trap command to enable the switch to send trap messages when its
RADIUS authentication or accounting server turns down.
Use the undo radius trap command to disable the switch from sending trap
messages when its RADIUS authentication or accounting server turns down.
This configuration takes effect on all RADIUS scheme.
Note:
A device considers its RADIUS server as being down if it has tried the configured
maximum times to send packets to the RADIUS server but does not receive any
response.
Example
# Enable the switch to send trap messages when its RADIUS authentication server
turns down.
[Quidway] radius trap authentication-server-down
1-46
1.2.18 reset radius statistics
Syntax
reset radius statistics
View
User view
Parameter
None
Description
Use the reset radius statistics command to clear the statistics about the RADIUS
protocol.
Example
# Clear the statistics about the RADIUS protocol.

<Quidway> reset radius statistics
1.2.19 reset stop-accounting-buffer
Syntax
reset stop-accounting-buffer { radius-scheme radius-scheme-name | session-id

session-id | time-range start-time stop-time | user-name user-name }
View
User view
Parameter
radius-scheme radius-scheme-name: Deletes the buffered stop-accounting

requests depending on the specified RADIUS scheme. Where, radius-scheme-name
is the name of a RADIUS scheme. This name is a character string of up to 32
characters.
session-id session-id: Deletes the buffered stop-accounting requests depending on
the specified session ID. Where, session-id is a character string of up to 50
characters.
time-range start-time stop-time: Deletes the buffered stop-accounting requests
depending on the time of the stop-accounting request. Where, start-time is the start
time of the request period, the stop-time is the end time of the request period, and
both are in the format hh:mm:ss-mm/dd/yyyy or hh:mm:ss-yyyy/mm/dd.
1-47
user-name user-name: Deletes the buffered stop-accounting request packets

depending on the specified user name. Where, user-name is a character string of up
to 80 characters. This string cannot contain the following characters: /:*?<>, and can
contain no more than one @ character. The pure user name (user ID, that is, the part
before @) cannot be longer than 55 characters, and the domain name (the part
behind @) cannot be longer than 24 characters. The user name is case insensitive.
Description
Use the reset stop-accounting-buffer command to delete the buffered no-response

stop-accounting request packets.
Related command: stop-accounting-buffer enable, retry stop-accounting and
display stop-accounting-buffer.
Example
# Delete the stop-accounting request packets buffered in the system for the user
user0001@aabbcc.net.
<Quidway> reset stop-accounting-buffer user-name user0001@aabbcc.net
# Delete the stop-accounting request packets buffered from 0:0:0 08/31/2002 to

23:59:59 08/31/2002 in the system.
<Quidway> reset stop-accounting-buffer time-range 00:00:00-08/31/2002
23:59:59-08/31/2002
1.2.20 retry
Syntax
retry retry-times
undo retry
View
RADIUS scheme view
Parameter
retry-times: Maximum number of transmission attempts, ranging from 1 to 20 and

defaulting to 3.
Description
Use the retry command to set the maximum number of transmission attempts of
RADIUS requests.
Use the undo retry command to restore the default maximum number of
transmission attempts.
1-48
Note that:
z The communication in RADIUS is unreliable because this protocol adopts UDP
packets to carry data. Therefore, it is necessary for the switch to retransmit a
RADIUS request if it gets no response from the RADIUS server after the
response timeout timer expires. If the maximum number of transmission
attempts is reached but the switch still receives no response, the switch
considers that the request fails.
z Appropriately set this maximum number of transmission attempts according to
the network situation can improve the reacting speed of the system.
Example
# Set the maximum transmission times of RADIUS requests in the RADIUS scheme
radius1 to five.
New Radius scheme
[Quidway-radius-radius1] retry 5
1.2.21 retry realtime-accounting
Syntax
retry realtime-accounting retry-times

undo retry realtime-accounting
View
RADIUS scheme view
Parameter
retry-times: Maximum number of real-time accounting request attempts, ranging from

1 to 255.
Description
Use the retry realtime-accounting command to set the maximum number of

real-time accounting request attempts.
Use the undo retry realtime-accounting command to restore the default maximum
number of real-time accounting request attempts.
By default, the system can allow five real-time accounting request attempts at most.
Note that:
1-49
z Generally, the RADIUS server uses the connection timeout timer to determine
whether a user is online or not. If the RADIUS server receives no real-time
accounting packet for a specified period of time, it will consider that the line or the
switch is in trouble and stop the accounting of the user. To make the switch
cooperate with this feature on the RADIUS server, it is necessary to cut down the
user connection on the switch as soon as possible after the RADIUS server
terminates the charging and connection of the user in the case of unforeseen
trouble. For this purpose, you can limit the number of continuous real-time
no-response accounting requests, and the switch will cut down the user
connection if it sends out the maximum number of real-time accounting requests
but does not receive any response.
z A real-time account request may be sent multiple times (set by the retry
command in RADIUS scheme view) for an accounting attempt. If no response is
received even after the number of transmission attempts reaches the maximum,
the accounting attempt fails. Suppose that the response timeout time of the
RADIUS server is three seconds (set by the timer response-timeout command),
that the maximum number of transmission attempts (set by the retry command)
is 3, and that the real-time accounting interval is 12 minutes (set by the timer
realtime-accounting command), the maximum number of real-time accounting
request attempts is 5 (set by the retry realtime-accounting command). In this
case, the switch sends an accounting request every 12 minutes; if the switch
does not receive a response within 3 seconds after it sends out an accounting
request, it resends the request; if the switch continuously sends the accounting
request for three times but does not receive any response; it considers this
real-time accounting a failure. Then, the switch sends the accounting request
every 12 minutes; if the number of accounting failures exceeds five, the user
connection is cut down.
Related command: radius scheme and timer realtime-accounting.
Example
# Allow the switch to continuously send at most 10 real-time accounting requests if it

gets no response for the RADIUS scheme radius1.
New Radius scheme
[Quidway-radius-radius1] retry realtime-accounting 10
1.2.22 retry stop-accounting
Syntax
retry stop-accounting retry-times
1-50
undo retry stop-accounting
View
RADIUS scheme view
Parameter
retry-times: Maximum number of transmission attempts of the buffered

stop-accounting requests, ranging from 10 to 65535 and defaulting to 500.
Description
Use the retry stop-accounting command to set the maximum number of

transmission attempts of the stop-accounting requests buffered due to no response.
Use the undo retry stop-accounting command to restore the default maximum
number of transmission attempts of the buffered stop-accounting requests.
Stop-accounting requests are critical to billing and will eventually affect the charges of
the users; they are important for both the users and the ISP. Therefore, the switch
should do its best to transmit them to the RADIUS accounting server. If the RADIUS
server does not respond to such a request, the switch should first buffer the request
on itself, and then retransmit the request to the RADIUS accounting server until it gets
a response, or the maximum number of transmission attempts is reached (in this case,
it discards the request).
Related command: reset stop-accounting-buffer, radius scheme and display
stop-accounting-buffer.
Example
# In RADIUS scheme radius1, specify that the switch can transmit a buffered
stop-accounting request at most 1000 times
New Radius scheme
[Quidway-radius-radius1] retry stop-accounting 1000
1.2.23 secondary accounting
Syntax
secondary accounting ip-address [ port-number ]

undo secondary accounting
View
RADIUS scheme view
1-51
Parameter

secondary accounting server is 0.0.0.0.
number of the secondary accounting service is 1813.
Description
Use the secondary accounting command to set the IP address and port number of
the secondary RADIUS accounting server.
Use the undo secondary accounting command to restore the default IP address
and port number of the secondary RADIUS accounting server.
Example
# Set the IP address and UDP port number of the secondary accounting server of the
RADIUS scheme radius1 to 10.110.1.1 and 1813.
New Radius scheme
[Quidway-radius-radius1] secondary accounting 10.110.1.1 1813
1.2.24 secondary authentication
Syntax
secondary authentication ip-address [ port-number ]

undo secondary authentication
View
RADIUS scheme view
Parameter

secondary authentication/authorization server is 0.0.0.0.
number of the secondary authentication/authorization service is 1812.
Description
Use the secondary authentication command to set the IP address and port number
of the secondary RADIUS authentication/authorization server.
1-52
Use the undo secondary authentication command to restore the default IP address
and port number of the secondary RADIUS authentication/authorization server.
Example
# Set the IP address and UDP port number of the secondary

authentication/authorization server used by the RADIUS scheme radius1 to
10.110.1.2 and 1812.
New Radius scheme
[Quidway-radius-radius1] secondary authentication 10.110.1.2 1812
1.2.25 server-type
Syntax
server-type { huawei | standard }

undo server-type
View
RADIUS scheme view
Parameter
huawei: Specifies to use Huawei's private RADIUS protocol (such as the procedure
and packet format) to interact with the Huawei RADIUS server, which is generally the
CAMS.
standard: Specifies to use the standard RADIUS protocol. That is, it is required that
the RADIUS client (on the switch) and the RADIUS server interact with each other
following the procedure and packet format of the standard RADIUS protocol
(RFC2865/2866 or above).
Description
Use the server-type command to specify the RADIUS server type supported by the
switch.
Use the undo server-type command to restore the default RADIUS server type
supported by the switch.
Example
# Set the RADIUS server type in RADIUS scheme radius1 to huawei.
1-53
New Radius scheme
[Quidway-radius-radius1] server-type huawei
1.2.26 state
Syntax
state { primary | secondary } { accounting | authentication } { block | active }
View
RADIUS scheme view
Parameter
primary: Specifies the server to be set is a primary RADIUS server.

secondary: Specifies the server to be set is a secondary RADIUS server.
accounting: Specifies the server to be set is a RADIUS accounting server.
authentication: Specifies the server to be set is a RADIUS
authentication/authorization server.
block: Sets the status of the specified RADIUS server to block (that is, the down
state).
active: Sets the status of the specified RADIUS server to active (that is, the normal
working state).
Description
Use the state command to set the status of a RADIUS server.

By default, all the RADIUS servers in a user-defined RADIUS scheme are in the
block state; and the primary RADIUS servers in the default RADIUS scheme
"system" are in the active state, secondary RADIUS servers are in the block state.
For the primary and secondary servers (authentication/authorization servers, or
accounting servers) in a RADIUS scheme, note that:
z When the switch fails to communicate with the primary server due to some server
trouble, the switch will actively exchange packets with the secondary server.
z After the time the primary server keeps in the block state exceeds the time set
with the timer quiet command, the switch will try to communicate with the
primary server again when it has a RADIUS request. If the primary server
recovers, the switch immediately restores the communication with the primary
server instead of communicating with the secondary server, and at the same
1-54
time restores the status of the primary server on the switch to the active state
while keeping the status of the secondary server unchanged.
z When both the primary and secondary servers are in the active state, the switch
sends packets only to the primary server.
Related command: radius scheme, primary authentication, secondary
authentication, primary accounting and secondary accounting.
Example
# Set the status of the secondary authentication server in RADIUS scheme radius1 to
active.
New Radius scheme
[Quidway-radius-radius1] state secondary authentication active
1.2.27 stop-accounting-buffer enable
Syntax
stop-accounting-buffer enable
undo stop-accounting-buffer enable
View
RADIUS scheme view
Parameter
None
Description
Use the stop-accounting-buffer enable command to enable the switch to buffer the
stop-accounting requests that bring no response.
Use the undo stop-accounting-buffer enable command to disable the switch from
buffering the stop-accounting requests that bring no response.
By default, the switch is enabled to buffer the stop-accounting requests that bring no
response.
Stop-accounting requests are critical to billing and will eventually affect the charges;
they are important for both the users and the ISP. Therefore, the switch should do its
best to transmit them to the RADIUS server. If the RADIUS accounting server does
not respond to such a request, the switch should first buffer the request on itself, and
then retransmit the request to the RADIUS accounting server until it gets a response,
1-55
or the maximum number of transmission attempts is reached (in this case, it discards
the request).
Related command: reset stop-accounting-buffer, radius scheme and display
Example
# Enable the switch to buffer the stop-accounting requests that bring no response
from the servers in RADIUS scheme radius1.
New Radius scheme
[Quidway-radius-radius1] stop-accounting-buffer enable
1.2.28 timer
Syntax
timer seconds
undo timer
View
RADIUS scheme view
Parameter
seconds: Response timeout time of RADIUS server, ranging from 1 second to 10

seconds.
Description
Use the timer command to set the response timeout time of RADIUS server (that is,
the timeout time of the response timeout timer of RADIUS server).
Use the undo timer command to restore the default response timeout timer of
RADIUS server.
By default, the response timeout time of the RADIUS server is 3 seconds.
Note that:
z If the switch gets no response from the RADIUS server after sending out a
RADIUS request (authentication/authorization request or accounting request)
and waiting for a time, it should retransmit the packet to ensure that the user can
obtain the RADIUS service. This wait time is called response timeout time of
RADIUS server; and the timer in the switch system that is used to control this
time is called the response timeout timer of RADIUS server. You can use the
timer command to set the timeout time of this timer.
1-56
z Appropriately setting the timeout time of this timer according to the network
situation can improve the performance of the system.
z The timer command has the same effect with the timer response-timeout
command.
Related command: radius scheme and retry.
Example
# Set the timeout time of the response timeout timer for the RADIUS scheme radius1
to 5 seconds.
New Radius scheme
[Quidway-radius-radius1] timer 5
1.2.29 timer quiet
Syntax
timer quiet minutes

undo timer quiet
View
RADIUS scheme view
Parameter
minutes: Wait time, ranging from 1 minute to 255 minutes. By default, it is 5 minutes.
Description
Use the timer quiet command to set the wait time for the primary server to restore the
active state.
Use the undo timer quiet command to restore the default wait time.
By default, the primary server waits five minutes before restoring the active state.
Example
# Set the wait time for the primary server to restore the active state to 10 minutes.
New Radius scheme
[Quidway-radius-radius1] timer quiet 10
1-57
1.2.30 timer realtime-accounting
Syntax
timer realtime-accounting minutes

undo timer realtime-accounting
View
RADIUS scheme view
Parameter
minutes: Real-time accounting interval. It ranges from 3 minutes to 60 minutes and

must be a multiple of 3. By default, this interval is 12 minutes.
Description
Use the timer realtime-accounting command to set the real-time accounting

interval.
Use the undo timer realtime-accounting command to restore the default real-time
accounting interval.
Note that:
z To charge the users in real time, you should set the interval of real-time
accounting. After the setting, the switch sends the accounting information of
online users to the RADIUS server at regular intervals.
z The setting of the real-time accounting interval depends to some degree on the
performance of the switch and the RADIUS server. The higher the performance
of the switch and the RADIUS server is, the shorter the interval can be. You are
recommended to set the interval as long as possible when the number of users is
relatively great (ú1000). Table 1-6 lists the numbers of users and the
corresponding recommended intervals.
Table 1-6 Numbers of users and corresponding recommended intervals
Number of users Real-time accounting interval

1 to 99 3
100 to 499 6
500 to 999 12
ú1000 ú15
Related command: retry realtime-accounting and radius scheme.
1-58
Example
# Set the real-time accounting interval of the RADIUS scheme radius1 to 51 minutes.
New Radius scheme
[Quidway-radius-radius1] timer realtime-accounting 51
1.2.31 timer response-timeout
Syntax
timer response-timeout seconds

undo timer response-timeout
View
RADIUS scheme view
Parameter
seconds: Response timeout time of RADIUS servers, ranging from 1 second to 10

seconds.
Description
Use the timer response-timeout command to set the response timeout time of
RADIUS servers.
Use the undo timer response-timeout command to restore the default response
timeout timer of RADIUS servers.
By default, the response timeout time of the RADIUS server is 3 seconds.
Note that:
z If the switch gets no response from the RADIUS server after sending out a
RADIUS request (authentication/authorization request or accounting request)
and waiting for a time, it should retransmit the packet to ensure that the user can
obtain the RADIUS service. This wait time is called response timeout time of
RADIUS servers; and the timer in the switch system that is used to control this
time is called the response timeout timer of RADIUS servers. You can use the
timer response-timeout command to set the timeout time of this timer.
z Appropriately setting the timeout time of this timer according to the network
situation can improve the performance of the system.
z This command has the same effect with the timer command.
Related command: radius scheme and retry.
1-59
Example
# Set the response timeout time in the RADIUS scheme radius1 to five seconds.
New Radius scheme
[Quidway-radius-radius1] timer response-timeout 5
1.2.32 user-name-format
Syntax
user-name-format { with-domain | without-domain }
View
RADIUS scheme view
Parameter
with-domain: Specifies to include ISP domain names in the user names to be sent to
RADIUS servers.
without-domain: Specifies to exclude ISP domain names from the user names to be
sent to RADIUS servers.
Description
Use the user-name-format command to set the format of the user names to be sent
to RADIUS server
By default, except for the default RADIUS scheme "system", the user names sent to
RADIUS servers in any RADIUS scheme carry ISP domain names.
Note that:
z Generally, an access user is named in the userid@isp-name format. Where,
isp-name behind the @ character represents the ISP domain name, by which the
device determines which ISP domain it should ascribe the user to. However,
some old RADIUS servers cannot accept the user names that carry ISP domain
names. In this case, it is necessary to remove the domain names carried in the
user names before sending the user names to the RADIUS server. For this
reason, the user-name-format command is designed for you to specify whether
or not ISP domain names are carried in the user names sent to the RADIUS
server.
z For a RADIUS scheme, if you have specified that no ISP domain names are
carried in the user names, you should not use this RADIUS scheme in more than
one ISP domain. Otherwise, such errors may occur: the RADIUS server regards
1-60
two different users having the same name but belonging to different ISP domains
as the same user (because the user names sent to it are the same).
Example
# Specify that the user names sent to a RADIUS server in RADIUS scheme radius1
does not carry ISP domain names.
New Radius scheme
[Quidway-radius-radius1] user-name-format without-domain
1.3 HWTACACS Configuration Commands

1.3.1 data-flow-format
Syntax
data-flow-format data { byte | giga-byte | kilo-byte | mega-byte }

data-flow-format packet { giga-packet | kilo-packet | mega-packet | one-packet }
undo data-flow-format { data | packet }
View
HWTACACS view
Parameter
data: Sets data unit.

byte: Sets 'byte' as the unit of data flow.
giga-byte: Sets 'giga-byte' as the unit of data flow.
kilo-byte: Sets 'kilo-byte' as the unit of data flow.
mega-byte: Sets 'mega-byte' as the unit of data flow.
packet: Sets data packet unit.
giga-packet: Sets 'giga-packet' as the unit of packet flow.
kilo-packet: Sets 'kilo-packet' as the unit of packet flow.
mega-packet: Sets 'mega-packet' as the unit of packet flow.
one-packet: Sets 'one-packet' as the unit of packet flow.
1-61
Description
Use the data-flow-format command to configure the unit of data flows sent to the
TACACS server.
Use the undo data-flow-format command to restore the default.
By default, the data unit is byte and the data packet unit is one-packet.
Related command: display hwtacacs.
Example
# Set the unit of data flow destined for the HWTACACS server to kilo-byte and the
data packet unit to kilo-packet.
[Quidway] hwtacacs scheme hwt1
[Quidway- hwtacacs-hwt1] data-flow-format data kilo-byte
[Quidway- hwtacacs-hwt1] data-flow-format packet kilo-packet
1.3.2 display hwtacacs
Syntax
display hwtacacs [ hwtacacs-scheme-name [ statistics ] ]
View
Any view
Parameter
hwtacacs-scheme-name: HWTACACS scheme name, a string of 1 to 32

case-insensitive characters. If no HWTACACS scheme is specified, the system
displays the configuration of all HWTACACS schemes.
statistics: Displays complete statistics about the HWTACACS server.
Description
Use the display hwtacacs command to view configuration or statistics information of

specified or all HWTACACS schemes.
Related command: hwtacacs scheme.
Example
# View configuration information of HWTACACS scheme gy.

<Quidway> display hwtacacs gy
--------------------------------------------------------------------
HWTACACS-server template name : gy
1-62
Primary-authentication-server : 172.31.1.11:49
Primary-authorization-server : 172.31.1.11:49
Primary-accounting-server : 172.31.1.11:49
Secondary-authentication-server : 0.0.0.0:0
Secondary-authorization-server : 0.0.0.0:0
Secondary-accounting-server : 0.0.0.0:0
Current-authentication-server : 172.31.1.11:49
Current-authorization-server : 172.31.1.11:49
Current-accounting-server : 172.31.1.11:49
Source-IP-address : 0.0.0.0
key authentication : 790131
key authorization : 790131
key accounting : 790131
Quiet-interval(min) : 5
Response-timeout-Interval(sec) : 5
Domain-included : No
Traffic-unit : B
Packet traffic-unit : one-packet
1.3.3 display stop-accounting-buffer
Syntax
display stop-accounting-buffer { hwtacacs-scheme hwtacacs-scheme-name |

View
Any view
Parameter
hwtacacs-scheme hwtacacs-scheme-name: Displays information on buffered

stop-accounting requests according to the HWTACACS scheme specified by
hwtacacs-scheme-name, the name of HWTACACS scheme, a character string of up
to 32 characters.
session-id session-id: Displays information on buffered stop-accounting requests
according to the session ID specified by session-id, a character string of up to 50
characters.
time-range start-time stop-time: Displays information on buffered stop-accounting
requests according to the request time, where, start-time is the start time of the
stop-accounting request; stop-time is the end time of stop-accounting request. This
argument is in the format hh:mm:ss - mm/dd/yyyy or hh:mm:ss-yyyy/mm/dd and is
used to display the buffered stop-accounting requests from the start time to the end
time.
1-63
user-name user-name: Displays information on buffered stop-accounting requests

according to the user name specified by user-name, a character string of up to 80
characters, excluding forward slashes (/), colons (:), asterisks (*), question marks (?),
less-than signs (<), and greater-than signs (>). Moreover, “@” can appear no more
than once, and the user name (the part before “@”, the user ID) can not exceed 55
characters.
Description
Use the display stop-accounting-buffer command to view information on the

stop-accounting requests buffered in the switch.
Related command: reset stop-accounting-buffer, stop-accounting-buffer enable,
and retry stop-accounting.
Example
# Display the stop-accounting requests buffered in the HWTACACS scheme “hwt1".

<Quidway> display stop-accounting-buffer hwtacacs-scheme hwt1
1.3.4 hwtacacs nas-ip
Syntax
hwtacacs nas-ip ip-address

undo hwtacacs nas-ip
View
System view
Parameter
ip-address: Specifies a source IP address for the switch, which cannot be an all-zero
address, class D address or loopback address.
Description
Use the hwtacacs nas-ip command to specify the source address of the hwtacacs
packet sent from NAS.
Use the undo hwtacacs nas-ip command to restore the default setting.
By default, the source address is not specified, that is, the address of the interface
sending the packet serves as the source address.
Note that:
z By specifying the source address of the hwtacacs packet, you can avoid
destination unreachable packets as returned from the server upon interface
1-64
failure. The source address is normally recommended to be a loopback interface

address.
z This command specifies only one source address; therefore, the newly
configured source address may overwrite the original one.
Example
# Configure the router to send hwtacacs packets from 129.10.10.1.

[Quidway] hwtacacs nas-ip 129.10.10.1
1.3.5 hwtacacs scheme
Syntax
hwtacacs scheme hwtacacs-scheme-name

undo hwtacacs scheme hwtacacs-scheme-name
View
System view
Parameter
hwtacacs-scheme-name: Specifies an HWTACACS server scheme, with a character

string of up to characters.
Description
Use the hwtacacs scheme command to create an HWTACACS scheme and enter its
view.
Use the undo hwtacacs scheme command to delete the HWTACACS scheme.
By default, no HWTACACS scheme exists.
Note:
If Fabric is enabled on the switch, you cannot create an HWTACACS scheme
because they are exclusive to each other.
Example
# Create an HWTACACS scheme named "hwt1" and enter the relevant HWTACACS
view.
1-65
[Quidway-hwtacacs-hwt1]
1.3.6 key
Syntax
key { accounting | authentication | authorization } string

undo key { accounting | authentication | authorization }
View
HWTACACS scheme view
Parameter
accounting: Specifies a shared key for the accounting server.

authentication: Specifies a shared key for the authentication server.
authorization: Specifies a shared key for the authorization server.
string: Shared key, a string up to 16 characters.
Description
Use the key command to configure a shared key for HWTACACS authentication,
authorization or accounting.
Use the undo key command to delete the configuration.
By default, no key is set for any HWTACACS server.
Example
# Use hello as the shared key for HWTACACS accounting packets.

[Quidway-hwtacacs-hwt1] key accounting hello
1.3.7 nas-ip
Syntax
nas-ip ip-address
undo nas-ip
1-66
View
Parameter
ip-address: Specified source IP address which cannot be an all-zero address, class D

address or loopback address.
Description
Use the nas-ip command to specify the source address for sending HWTACACS
packets.
Use the undo nas-ip command to restore the default setting.
Note that:
z By specifying the source address of the hwtacacs packet, you can avoid
destination unreachable packets as returned from the server upon interface
failure. The source address is normally recommended to be a loopback interface
address.
z This command specifies only one source address; therefore, the newly
configured source address may overwrite the original one.
Example
# Set the source IP address of the HWTACACS packets to 10.1.1.1.

[Quidway-hwtacacs-hwt1] nas-ip 10.1.1.1
1.3.8 primary accounting
Syntax
primary accounting ip-address [ port ]

undo primary accounting
View
Parameter
ip-address: IP address of the server, a valid unicast address in dotted decimal format.
By default, the IP address of the primary accounting server is 0.0.0.0.
port: Port number of the server, which is in the range 1 to 65535 and defaults to 49.
1-67
Description
Use the primary accounting command to configure a primary HWTACACS

accounting server.
Use the undo primary accounting command to delete the configured primary
HWTACACS accounting server.
Note that:
z You are not allowed to assign the same IP address to both primary and
secondary accounting servers; otherwise, unsuccessful operation is prompted.
z If you repeatedly use this command, the latest configuration overwrites the
previous one.
z You can remove an accounting server only when it is not being used by any
active TCP connections, and the removal impacts only packets forwarded
afterwards.
Example
# Configure a primary accounting server.

[Quidway] hwtacacs scheme test1
[Quidway-hwtacacs-test1] primary accounting 10.163.155.12 49
1.3.9 primary authentication
Syntax
primary authentication ip-address [ port ]

undo primary authentication
View
Parameter
By default, the IP address of the primary authentication server is 0.0.0.0.
Description
Use the primary authentication command to configure a primary HWTACACS

Use the undo primary authentication command to delete the configured
1-68
Note that:
secondary authentication servers; otherwise, unsuccessful operation is
prompted.
previous one.
z You can remove an authentication server only when it is not being used by any
afterwards.
Example
# Configure a primary authentication server.

[Quidway-hwtacacs-hwt1] primary authentication 10.163.155.13 49
1.3.10 primary authorization
Syntax
primary authorization ip-address [ port ]

undo primary authorization
View
Parameter
By default, the IP address of the primary authentication server is 0.0.0.0.
Description
Use the primary authorization command to configure a primary HWTACACS

authorization server.
Use the undo primary authorization command to delete the configured primary
Note that:
secondary authorization servers; otherwise, unsuccessful operation is prompted.
1-69
previous one.
z You can remove an authorization server only when it is not being used by any
afterwards.
Example
# Configure a primary authorization server.

[Quidway-hwtacacs-hwt1] primary authorization 10.163.155.13 49
1.3.11 reset hwtacacs statistics
Syntax
reset hwtacacs statistics { accounting | authentication | authorization | all }
View
User view
Parameter
accounting: Clears all the HWTACACS accounting statistics.

authentication: Clears all the HWTACACS authentication statistics.
authorization: Clears all the HWTACACS authorization statistics.
all: Clears all statistics.
Description
Use the reset hwtacacs statistics command to clear HWTACACS protocol statistics.
Example
# Clear all HWTACACS protocol statistics.

<Quidway> reset hwtacacs statistics all
1-70
1.3.12 reset stop-accounting-buffer
Syntax
reset stop-accounting-buffer { hwtacacs-scheme hwtacacs-scheme-name |

View
User view
Parameter
hwtacacs-scheme hwtacacs-scheme-name: Configures to delete the

stop-accounting requests from the buffer according to the specified HWTACACS
scheme name. The hwtacacs-scheme-name specifies the HWTACACS scheme
name with a character string of up to 32 characters, excluding forward slashes (/),
colons (:), asterisks (*), question marks (?), less-than signs (<), and greater-than
signs (>).
session-id session-id: Displays information on buffered stop-accounting requests
according to the session ID specified by session-id, a character string of up to 50
characters.
time-range start-time stop-time: Displays information on buffered stop-accounting
requests according to the request time, where, start-time is the start time of the
stop-accounting request; stop-time is the end time of stop-accounting request. This
argument is in the format hh:mm:ss - mm/dd/yyyy or hh:mm:ss-yyyy/mm/dd and is
used to display the buffered stop-accounting requests from the start time to the end
time.
user-name user-name: Displays information on buffered stop-accounting requests
according to the user name specified by user-name, a character string of up to 80
characters, excluding forward slashes (/), colons (:), asterisks (*), question marks (?),
less-than signs (<), and greater-than signs (>). Moreover, “@” can appear no more
than once, and the user name (the part before “@”, the user ID) can not exceed 55
characters; the domain name (the rest part after “@”) cannot exceed 24 characters.
Description
Use the reset stop-accounting-buffer command to clear the stop-accounting

requests that have no response and are buffered on the switch.
Related command: stop-accounting-buffer enable, retry stop-accounting,
display stop-accounting-buffer.
Example
# Delete the buffered stop-accounting requests that are according to the HWTACACS
scheme “hwt1”.
1-71
<Quidway> reset stop-accounting-buffer hwtacacs-scheme hwt1
1.3.13 retry stop-accounting
Syntax
retry stop-accounting retry-times

undo retry stop-accounting
View
Parameter
retry-times: Maximum number of real-time stop-accounting request attempts. It is in

the range 1 to 300 and defaults to 100.
Description
Use the retry stop-accounting command to enable stop-accounting packet

retransmission and configure the maximum number of stop-accounting request
attempts.
Use the undo retry stop-accounting command to restore the default setting.
By default, stop-accounting packet retransmission is enabled and has 100 attempts
for each request.
Related command: reset stop-accounting-buffer, hwtacacs scheme, and display
Example
# Enable stop-accounting packet retransmission and allow up to 50 attempts for each

request.
[Quidway-hwtacacs-hwt1] retry stop-accounting 50
1.3.14 secondary accounting
Syntax
secondary accounting ip-address [ port ]

undo secondary accounting
1-72
View
Parameter
By default, the IP address of the secondary accounting server is 0.0.0.0.
port: Port number of the server, which is in the range of 1 to 65535 and defaults to 49.
Description
Use the secondary accounting command to configure a secondary HWTACACS

accounting server.
Use the undo secondary accounting command to delete the configured secondary
TACACS accounting server.
Note that:
secondary accounting servers; otherwise, unsuccessful operation is prompted.
previous one.
z You can remove an accounting server only when it is not being used by any
active TCP connections.
Example
# Configure a secondary accounting server.

[Quidway-hwtacacs-hwt1] secondary accounting 10.163.155.12 49
1.3.15 secondary authentication
Syntax
secondary authentication ip-address [ port ]

undo secondary authentication
View
Parameter
By default, the IP address of the secondary authentication server is 0.0.0.0.
1-73
port: Port number of the server, which is in the range of 1 to 65535 and defaults to 49.
Description
Use the secondary authentication command to configure a secondary HWTACACS

Use the undo secondary authentication command to delete the configured
secondary authentication server.
Note that:
secondary authentication servers; otherwise, unsuccessful operation is
prompted.
previous one.
z You can remove an authentication server only when it is not being used by any
Example
# Configure a secondary authentication server.

[Quidway-hwtacacs-hwt1] secondary authentication 10.163.155.13 49
1.3.16 secondary authorization
Syntax
secondary authorization ip-address [ port ]

undo secondary authorization
View
Parameter
By default, the IP address of the secondary authorization server is 0.0.0.0.
port: Port number of the server, in the range of 1 to 65535. By default, it is 49.
1-74
Description
Use the secondary authorization command to configure a secondary HWTACACS

Use the .undo secondary authorization command to delete the configured
secondary authorization server.
Note that:
secondary authorization servers.
previous one.
z You can remove an authorization server only when it is not being used by any
Example
# Configure the secondary authorization server.

[Quidway-hwtacacs-hwt1] secondary authorization 10.163.155.13 49
1.3.17 timer quiet
Syntax
timer quiet minutes

undo timer quiet
View
Parameter
minutes: Length of the timer in minutes, in the range of 1 to 255. By default, the
primary server must wait five minutes before it resumes the active state.
Description
Use the timer quiet command to set the duration that a primary server must wait
before it can resume the active state.
Use the undo timer quiet command to restore the default (five minutes).
Related command: display hwtacac.
1-75
Example
# Set the quiet timer for the primary server to ten minutes.
[Quidway-hwtacacs-hwt1] timer quiet 10
1.3.18 timer realtime-accounting
Syntax
timer realtime-accounting minutes

undo timer realtime-accounting
View
Parameter
minutes: Real-time accounting interval, which is a multiple of 3 in the range 3 to 60

minutes.
Description
Use the timer realtime-accounting command to configure a real-time accounting

interval.
Use the undo timer realtime-accounting command to restore the default interval.
By default, the real-time accounting interval is 12 minutes.
Note that:
z Real-time accounting interval is necessary for real-time accounting. After an
interval value is set, the switch transmits the accounting information of online
users to the TACACS accounting server at intervals of this value.
z The setting of real-time accounting interval depends somewhat on the
performance of the switch and the TACACS server: A shorter interval requires
higher device performance. You are therefore recommended to adopt a longer
interval when there are a large number of users (more than 1000, inclusive). The
following table recommends the real-time accounting intervals for different
numbers of users.
Table 1-7 Recommended intervals for different numbers of users
Number of users Real-time accounting interval (minute)

1 – 99 3
100 – 499 6
1-76
Number of users Real-time accounting interval (minute)

500 – 999 12
≥1000 ≥15
Example
# Set the real-time accounting interval in the HWTACACS scheme “hwt1” to 51

minutes.
[Quidway-hwtacacs-hwt1] timer realtime-accounting 51
1.3.19 timer response-timeout
Syntax
timer response-timeout seconds

undo timer response-timeout
View
Parameter
seconds: Length of the response timer in seconds. It ranges from 1 to 300 and
defaults to 5.
Description
Use the timer response-timeout command to set the response timeout timer of the
TACACS server.
Use the undo timer response-timeout command to restore the default (five
seconds).
As the HWTACACS is based on TCP, either the server response timeout and/or the
TCP timeout may cause disconnection to the TACACS server.
Example
# Set the response timeout time of the TACACS server to 30 seconds.

1-77
[Quidway-hwtacacs-hwt1] timer response-timeout 30
1.3.20 user-name-format
Syntax
user-name-format { with-domain | without-domain }
View
Parameter
with-domain: Specifies to send the username with a domain name to the TACACS
server.
without-domain: Specifies to send the username without any domain name to the
TACACS server.
Description
Use the user-name-format command to configure the username format sent to the
TACACS server.
By default, an HWTACACS scheme acknowledges that the username sent to it
includes an ISP domain name.
Note that:
z The supplicants are generally named in userid@isp-name format. The part
following the @ sign is the ISP domain name, according to which the switch
assigns a user to the corresponding ISP domain. However, some earlier
TACACS servers reject the user name including an ISP domain name. In this
case, the user name is sent to the TACACS server after its domain name is
removed. Accordingly, the switch provides this command to decide whether the
username sent to the TACACS server carries an ISP domain name or not.
z If a HWTACACS scheme is configured to reject usernames including ISP
domain names, the TACACS scheme shall not be simultaneously used in more
than one ISP domains. Otherwise, the TACACS server will regard two users in
different ISP domains as the same user by mistake, if they have the same
username. (excluding their respective domain names.)
Related command: hwtacacs scheme.
Example
# Specify to send the username without any domain name to the HWTACACS
scheme "hwt1".
1-78
[Quidway-hwtacacs-hwt1] user-name-format without-domain
1-79
Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 2 EAD Configuration Commands
Chapter 2 EAD Configuration Commands
2.1 EAD Configuration Commands

2.1.1 security-policy-server
Syntax
security-policy-server ip-address
undo security-policy-server [ ip-address | all ]
View
RADIUS scheme view
Parameter
ip-address: IP address of the security policy server.

all: All IP addresses of security policy servers.
Description
Use the security-policy-server command to specify an IP address for a security

policy server.
Use the undo security-policy-server command to delete the specified IP address.
You may specify up to eight security policy servers in a RADIUS scheme.
Each RADIUS scheme supports at most eight IP addresses of security policy servers.
The switch only responds to the session control packets coming from the
authentication server and security policy server.
Example
# Set the IP address of the security policy server to 192.168.0.1.

[Quidway] radius scheme Quidway
[Quidway-radius-Quidway] security-policy-server 192.168.0.1
[Quidway-radius-Quidway] display current-configuration
…
radius scheme Quidway
primary authentication 1.1.11.29 1812
secondary authentication 127.0.0.1 1645
security-policy-server 192.168.0.1
2-1
Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 2 EAD Configuration Commands
user-name-format without-domain
2-2
Command Manual – VRRP
Table of Contents
Chapter 1 VRRP Configuration Commands ............................................................................... 1-1

1.1 VRRP Configuration Commands ....................................................................................... 1-1
1.1.1 display vrrp .............................................................................................................. 1-1
1.1.2 reset vrrp statistics .................................................................................................. 1-3
1.1.3 vrrp authentication-mode ........................................................................................ 1-3
1.1.4 vrrp method ............................................................................................................. 1-4
1.1.5 vrrp ping-enable ...................................................................................................... 1-5
1.1.6 vrrp vlan-interface vrid track.................................................................................... 1-6
1.1.7 vrrp vrid preempt-mode........................................................................................... 1-7
1.1.8 vrrp vrid priority........................................................................................................ 1-8
1.1.9 vrrp vrid timer advertise........................................................................................... 1-9
1.1.10 vrrp vrid track....................................................................................................... 1-10
1.1.11 vrrp vrid track detect-group ................................................................................. 1-11
1.1.12 vrrp vrid virtual-ip................................................................................................. 1-12
i
Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 VRRP Configuration Commands
Chapter 1 VRRP Configuration Commands
Note:
The S3900-EI series switches support the VRRP feature, but not the S3900-SI series.
1.1 VRRP Configuration Commands

1.1.1 display vrrp
Syntax
display vrrp [ interface Vlan-interface valn-id | statistics [ Vlan-interface vlan-id ] ]

[ virtual-router-id ]
View
Any view
Parameter
interface: Displays VRRP information about the specified VLAN interface.

vlan-id: VLAN interface ID.
statistics: Displays VRRP statistics.
virtual-router-id: VRRP backup group ID ranging from 1 to 255.
Description
Use the display vrrp command to display the information about the VRRP state or
VRRP statistics.
When VRRP status information is displayed:
z If the interface index and backup group ID are not specified, the state information
about all the backup groups on the switch is displayed.
z If only the interface index is specified, the state information about all the backup
groups on the interface is displayed.
z If both the interface index and backup group ID are specified, the state information
about the specified backup group on the interface is displayed.
When VRRP statistics information is displayed:
1-1
z If the interface index and backup group ID are not specified, the statistics about all
the backup groups on the switch is displayed.
z If only the interface index is specified, the statistics about all the backup groups on
the interface is displayed.
z If both the interface index and backup group ID are specified, the statistics about
the specified backup group on the interface is displayed.
Example
# Display the statistics about all the backup groups on the switch.
<Quidway> display vrrp statistics
Interface : Vlan-interface10
VRID : 1
CheckSum Errors : 0 Version Errors : 0
VRID Errors : 0 Advertisement Interval Errors : 0
IP TTL Errors : 0 Auth Failures : 0
Invalid Auth Type : 0 Auth Type Mismatch : 0
Packet Length Errors : 0 Address List Errors : 0
Become Master : 2 Priority Zero Pkts Rcvd : 0
Advertise Rcvd : 0 Priority Zero Pkts Sent : 1
Invalid Type Pkts Rcvd: 0
Table 1-1 Description on the fields of the display vrrp statistics command
Field Description
Interface Interface in which the backup group resides
VRID Backup group ID
CheckSum Errors Number of checksum errors
Version Errors Number of version errors
VRID Errors Number of backup group ID errors
Advertisement Interval Errors Number of advertisement time interval errors
IP TTL Errors Number of TTL errors
Auth Failures Number of authentication errors
Invalid Auth Type Number of invalid authentication types
Auth Type Mismatch Number of mismatched authentication types
Packet Length Errors Number of VRRP packet length errors
Address List Errors Number of the virtual IP address list errors
Number of the occasions where the switch
Become Master
operates as the master
Number of the received advertisement packets
Priority Zero Pkts Rcvd
with the priority of 0
1-2
Field Description
Advertise Rcvd Number of the received advertisement packets
Number of the sent advertisement packets with
Priority Zero Pkts Sent
the priority of 0
Invalid Type Pkts Rcvd Number of packet type errors
1.1.2 reset vrrp statistics
Syntax
reset vrrp statistics [ vlan-interface vlan-id ] [ virtual-router-id ]
View
User view
Parameter

virtual-router-id: VRRP virtual router ID ranging from 1 to 255.
Description
Use the reset vrrp command to clear the statistics information about VRRP.
When you execute this command,
z If the interface index and backup group ID are not specified, the statistics
information about all the backup groups on the switch is cleared.
z If only the interface index is specified, the statistics information about all the
backup groups on the interface will be cleared.
z If both the interface index and backup group ID are specified, the statistics
information about the specified backup group on the interface is cleared.
Example
# Clear the VRRP statistics on the switch.

<Quidway> reset vrrp statistics
1.1.3 vrrp authentication-mode
Syntax
vrrp authentication-mode authentication-type authentication-key

undo vrrp authentication-mode
1-3
View
VLAN interface view
Parameter
authentication-type: Authentication type, which can be:

z simple: Indicates to perform simple character authentication.
z md5: Indicates to perform the authentication with MD5 algorithm.
authentication-key: Authentication key. When you specify authentication-type to be
simple, the authentication key can contain up to eight characters. When you specify
authentication-type to be md5, the authentication key can be a string comprising up to
eight characters in plain text or a 24-character encrypted string.
Description
Use the vrrp authentication-mode command to specify the authentication type and
the authentication key for a VRRP backup group.
Use the undo vrrp authentication-mode command to clear the configured
authentication type and authentication key.
If the simple or md5 authentication is configured, the authentication key is required.
This command sets the authentication type and authentication key for all the VRRP
backup groups on an interface. As defined in the protocol, all the backup groups on an
interface share the same authentication type and authentication key. And all the
members joining the same backup group share the same authentication type and
authentication key too.
Note that the authentication key is case-sensitive.
Example
# Specify the authentication type as simple, and authentication key as aabbcc.

[Quidway-Vlan-interface2] vrrp authentication-mode simple aabbcc
1.1.4 vrrp method
Syntax
vrrp method { real-mac | virtual-mac }

undo vrrp method
View
System view
1-4
Parameter
real-mac: Maps the real MAC address of a Layer 3 switch routing interface to virtual
router IP addresses.
virtual-mac: Maps the virtual MAC address of a Layer 3 switch routing interface to
virtual router IP addresses.
Description
Use the vrrp method command to map the MAC address of a backup group to the
virtual router IP addresses. You can map the actual or virtual MAC address of a Layer 3
switch routing interface to virtual router IP addresses.
Use the undo vrrp method command to restore the default map settings.
By default, the virtual MAC address of a backup group is mapped to the IP address of
the virtual router.
Note that as the mapping relationship between the MAC addresses of a backup group
and a virtual router IP address cannot be configured after the backup group is created,
configure the mapping relationship before you create a backup group.
Example
# Map the real MAC address of a routing interface to a virtual router IP address.
[Quidway] vrrp method real-mac
1.1.5 vrrp ping-enable
Syntax
vrrp ping-enable
undo vrrp ping-enable
View
System view
Parameter
None
Description
Use the vrrp ping-enable command to enable a backup group to respond to ping
operations destined for its virtual router IP address.
Use the undo vrrp ping-enable command to revert to the default.
1-5
By default, a backup group does not respond to ping operations destined for its virtual
router IP address.
As these two commands are invalid to switches in backup groups, use them before you
create a backup group.
Example
# Enable a backup group to respond to ping operations destined for its virtual router IP
address.
[Quidway] vrrp ping-enable
1.1.6 vrrp vlan-interface vrid track
Syntax
vrrp vlan-interface vlan-id vrid virtual-router-id track [ reduced value-reduced ]

undo vrrp vlan-interface vlan-id vrid virtual-router-id track
View
Ethernet port view
Parameter

vlan-id: VLAN ID.
value-reduced: Value by which the priority of a switch is to decrease. This argument
Description
Use the vrrp vlan-Interface vrid track command to enable the port tracking function
on the physical ports of a backup group.
Use the undo vrrp vlan-Interface vrid track command to disable the port tracking
function.
By default, the value by which the priority of an Ethernet port decreases is 10.
The VRRP backup group port tracking function can track a specified port and decrease
the priority of the switch when the port fails.
Using this function, you can enable the priority of a master switch to decrease by
specific value when the uplink port of the master switch fails. This in turn triggers the
new master to be determined in the backup group.
1-6
Note:
The port to be tracked can be in the VLAN which the backup group VLAN interface
belongs to.
Up to eight ports can be tracked simultaneously.
Example
# Configure that the priority of the switch decreases by 50 if its Ethernet1/0/1 port fails.
[Quidway] vlan 2
[Quidway-vlan2] port Ethernet1/0/1
[Quidway-Ethernet1/0/1] vrrp vlan-interface 2 vrid 1 track reduced 50
1.1.7 vrrp vrid preempt-mode
Syntax
vrrp vrid virtual-router-id preempt-mode [ timer delay delay-value ]

undo vrrp vrid virtual-router-id preempt-mode
View
VLAN interface view
Parameter

delay-value: Delay period (in seconds) ranging from 0 to 255.
Description
Use the vrrp vrid preempt-mode command to configure a switch to operate in the
preemptive mode and set the delay period.
Use the undo vrrp vrid preempt-mode command to cancel the configuration.
By default, switches in a backup group operate in the preemptive mode, with the delay
period set to 0 seconds.
If you want backup switches to preempt the master switch, configure them to operate in
the preemptive mode. You can also set the delay period for preemption as needed.
As long as a switch in the backup group becomes the master switch, other switches,
even if they are configured with a higher priority later, do not preempt the master switch
unless they operate in preemptive mode. The switch operating in preemptive mode will
1-7
become the master switch when it finds its priority is higher than that of the current
master switch, and the former master switch becomes a backup switch accordingly.
You can configure an S3900 series switch to operate in preemptive mode. You can also
set the delay period. A backup switch waits for a period of time (the delay period) before
becoming a master switch. Setting a delay period aims at:
In an unstable network, backup switches in a backup group possibly cannot receive
packets from the master in time due to network congestions even if the master operates
properly. This causes the master of the backup group being determined frequently.
With the configuration of delay period, the backup switch will wait for a while if it does
not receive packets from the master switch in time. A new master is determined only
after the backup switches do not receive packets from the master switch after the
specified delay time.
Note:
You can use the undo vrrp vrid preempt-mode command to set switches in a backup
group to operate in non-preemptive mode.
Example
# Configure the switches to operate in the preemptive mode.

[Quidway-Vlan-interface2] vrrp vrid 1 preempt-mode
# Set the delay period.

[Quidway-Vlan-interface2] vrrp vrid 1 preempt-mode timer delay 5
# Configure the switches to operate in non-preemptive mode.

[Quidway-Vlan-interface2] undo vrrp vrid 1 preempt-mode
1.1.8 vrrp vrid priority
Syntax
vrrp vrid virtual-router-id priority priority

undo vrrp vrid virtual-router-id priority
View
VLAN interface view
1-8
Parameter

priority: Switch priority to be set. This argument ranges from 1 to 254.
Description
Use the vrrp vrid priority command to set the priority of a switch in a backup group.
Use the undo vrrp vrid priority command to revert to the default priority.
By default, the priority of a switch in a backup group is 100.
Switch priority determines the possibility for the switch to become a master switch. A
switch with larger priority is more likely to become a master switch. Note that the priority
of 0 is reserved for special use, and the priority of 255 is for IP address owners. That is,
the priority of a switch that owns a virtual router IP address is fixed to 255 and cannot be
modified.
Example
# Set the priority to 120 for the switch in the backup group.
[Quidway-Vlan-interface2] vrrp vrid 1 priority 120
1.1.9 vrrp vrid timer advertise
Syntax
vrrp vrid virtual-router-id timer advertise adver-interval

undo vrrp vrid virtual-router-id timer advertise
View
VLAN interface view
Parameter

adver-interval: Interval (in seconds) for the master switch of a backup group to send
VRRP packets. This argument ranges from 1 to 255.
Description
Use the vrrp vrid timer advertise command to set the interval for the master switch of
a backup group to send VRRP packets.
Use the undo vrrp vrid timer advertise command to revert to the default interval.
1-9
Note that configuration error occurs if switches of the same backup group are
configured with different adver-interval values.
By default, the interval for the master switch in a backup group to send VRRP packets
is 1 second.
Example
# Set the interval for the master switch to send VRRP packets to 15 seconds.
[Quidway-Vlan-interface2] vrrp vrid 1 timer advertise 15
1.1.10 vrrp vrid track
Syntax
vrrp vrid virtual-router-id track vlan-interface valn-id [ reduced value-reduced ]

undo vrrp vrid virtual-router-id track vlan-interface vlan-id [ reduced value-reduced ]
View
VLAN interface view
Parameter
virtual-router-id: VRRP backup group ID ranging form 1 to 255.

vlan-id: Specifies a VLAN interface ID.
value-reduced: Value by which the priority is to decrease. This argument ranges from 1
to 255.
Description
Use the vrrp vrid track command to set a VLAN interface to be tracked.
Use the undo vrrp vrid track command to disable a VLAN interface from being
tracked.
By default, the value by which the priority of the VLAN interface decreases is 10.
The VLAN interface tracking function extends the use of the backup function. With this
function enabled, the backup function is applicable to the VLAN interface that belongs
to a backup group and those that do not belong to a backup group. You can utilize the
VLAN interface tracking function by specifying monitored VLAN interfaces.
With the VLAN interface tracking function enabled, the priority of a master switch
decreases by the value set by the value-reduced argument when a tracked VLAN
interface on the switch goes down. And other switches in the backup group, whose
1-10
priorities are higher than the decreased priority of the master switch, may become the
master switch.
Note:
The VLAN interface tracking function is not applicable to switches operating as IP
address owners..
A backup group can track up to eight VLAN interfaces simultaneously.
Example
# Configure VLAN 2 interface to track VLAN 1 interface and specify the priority of the
master switch of backup group 1 (on VLAN 2 interface) decreases by 50 when VLAN 1
interface goes down.
[Quidway-Vlan-interface2] vrrp vrid 1 track vlan-interface 1 reduced 50
1.1.11 vrrp vrid track detect-group
Syntax
vrrp vrid virtual-router-id track detect-group group-number [ reduced

value-reduced ]
undo vrrp vrid virtual-router-id track detect-group group-number
View
VLAN interface view
Parameter
virtual-router-id: Virtual router ID ranging from 1 to 255.

value-reduced: Value by which the priority decreases. This argument ranges from 1 to
Description
Use the vrrp vrid command to enable the auto detect function when employing VRRP.
Use the undo vrrp vrid command to disable the auto detect function when employing
VRRP.
1-11
You can control the priority of the VRRP backup group according to the auto detect
result to enable automatic switch between the master switch and the standby switch.
z Decrease the priority of a backup group when the result of the detecting group is
unreachable.
z Restore the priority of a backup group when the result of the detecting group is
reachable.
Note:
A detecting group can be used to detect up to eight Layer 3 interfaces.
Currently, auto detect in VRRP is only supported in S3900-EI series switches.
Example
# Create detecting group 10 and specify to detect the IP address of 202.12.1.55.

[Quidway-detect-group-10] detect-list 1 ip address 202.12.1.55
# Specify to decrease the priority of backup group 1 by 20 when the result of the
detecting group is unreachable.
[Quidway- Vlan-interface2] vrrp vrid 1 track detect-group 10 reduced 20
1.1.12 vrrp vrid virtual-ip
Syntax
vrrp vrid virtual-router-id virtual-ip virtual-address

undo vrrp vrid virtual-router-id virtual-ip virtual-address
View
VLAN interface view
Parameter

virtual-address: Virtual router IP address to be configured.
Description
Use the vrrp vrid virtual-ip command to add a virtual router IP address to an existing
backup group.
1-12
Use the undo vrrp vrid virtual-ip command to remove a virtual router IP address from
an existing backup group.
The vrrp vrid virtual-ip command can also be used to create a backup group. You can
add up to 16 virtual router IP addresses to a backup group. The undo vrrp vrid
virtual-ip command can also be used to remove an existing backup group. A backup
group is removed if all the virtual router IP addresses configured for it are removed.
Example
# Create a backup group.

[Quidway-Vlan-interface2] vrrp vrid 1 virtual-ip 10.10.10.10
# Add a virtual router IP address to an existing backup group.

[Quidway-Vlan-interface2] vrrp vrid 1 virtual-ip 10.10.10.11
# Remove a virtual router IP address from a backup group.

[Quidway-Vlan-interface2] undo vrrp vrid 1 virtual-ip 10.10.10.10
# Remove a backup group.

[Quidway-Vlan-interface2] undo vrrp vrid 1
1-13
Command Manual – Centralized MAC Address Authentication
Table of Contents
Chapter 1 Centralized MAC Address Authentication Configuration Commands ................... 1-1

1.1 Centralized MAC Address Authentication Configuration Commands ............................... 1-1
1.1.1 display mac-authentication...................................................................................... 1-1
1.1.2 mac-authentication.................................................................................................. 1-3
1.1.3 mac-authentication interface ................................................................................... 1-4
1.1.4 mac-authentication authmode usernameasmacaddress ........................................ 1-5
1.1.5 mac-authentication authmode usernamefixed ........................................................ 1-6
1.1.6 mac-authentication authpassword .......................................................................... 1-7
1.1.7 mac-authentication authusername.......................................................................... 1-7
1.1.8 mac-authentication domain ..................................................................................... 1-8
1.1.9 mac-authentication timer......................................................................................... 1-9
1.1.10 reset mac-authentication....................................................................................... 1-9

i
Command Manual – Centralized MAC Address Authentication Chapter 1 Centralized MAC Address
Quidway S3900 Series Ethernet Switches-Release 1510 Authentication Configuration Commands
Chapter 1 Centralized MAC Address

Authentication Configuration Commands
1.1 Centralized MAC Address Authentication Configuration

Commands
1.1.1 display mac-authentication
Syntax
display mac-authentication [ interface interface-list ]
View
Any view
Parameter
Description
Use the display mac-authentication command to display global information about

centralized MAC address authentication, including:
z The state of centralized MAC address authentication (enabled/disabled)
z Timer settings
z The number of online users
z The MAC addresses in quiet period
z MAC authentication information about each port
Example
# Display the global information about centralized MAC address authentication.

<Quidway> display mac-authentication
mac address authentication is Enabled.
authentication mode is UsernameAsMacAddress
Fixed username:mac
Fixed password:not configured
offline detect period is 300s
quiet period is 60s.

1-1
server response timeout value is 100s

max allowed user number is 1024
current user number amounts to 1
current domain: not configured, use default domain
Silent Mac User info:
MAC ADDR From Port Port Index
Ethernet1/0/1 is link-up
MAC address authentication is Enabled
Authenticate success: 1, failed: 0
Current online user number is 1
MAC ADDR Authenticate state AuthIndex
000d-88f8-4e71 MAC_AUTHENTICATOR_SUCCESS 0
……
Table 1-1 Description on the fields of the display mac-authentication command
Field Description
mac address
Centralized MAC address authentication is enabled.
authentication is Enabled
Centralized MAC address authentication mode. The

authentication mode
default is the MAC address mode.
Fixed username User name used in the fixed mode, which defaults to mac.
Password used in the fixed mode, which is not configured

Fixed password
by default.
Setting of the offline detect timer, which sets the time

offline detect period interval to check whether a user goes offline and defaults
to 300 seconds.
Setting of the quiet timer, which sets the quiet period. A

switch goes through a quiet period if a user fails to pass
quiet period
the MAC address authentication. The default value is 60
seconds.
Setting of the server timeout timer, which sets the timeout

server response timeout
time for the connection between a switch and the RADIUS
value
server. By default, it is 100 seconds.
The maximum number of users supported by the switch. It

max allowed user number
is 1,024 by default.
current user number

The current number of users
amounts to
current domain The current domain. It is not configured by default.
The information about the silent user. When the user fails
to pass MAC address authentication because of inputting
Silent Mac User info error user name and password, the switch sets the user to
be in quiet state. During quiet period, the switch does not
process the authentication request of this user.

1-2
Field Description
Ethernet1/0/1 is link-up The link connected to Ethernet1/0/1 port is up.
MAC address MAC address authentication is enabled for Ethernet1/0/1

authentication is Enabled port.
Statistics of the MAC address authentications performed

Authenticate success: 1,
on the port, including the numbers of successful and failed
failed: 0
authentication operations.
Current online user The number of the users current access the network
number through the port
MAC ADDR Peer MAC address

The state of the users accessing the network through the
port, which can be:
z MAC_AUTHENTICATOR_CONNECTING:
Connecting
Authenticate state z MAC_AUTHENTICATOR_SUCCESS: Authentication
passed
z MAC_AUTHENTICATOR_FAILURE: Fail to pass
authentication
z MAC_AUTHENTICATOR_LOGOFF: Offline
Index of the current MAC address with regard to the
AuthIndex
authentication port
1.1.2 mac-authentication
Syntax
mac-authentication
undo mac-authentication
View
Parameter
None
Description
Use the mac-authentication command to enable centralized MAC address

authentication globally or for a specified port.
Use the undo mac-authentication command to disable centralized MAC address
authentication globally or for a specified port.
By default, centralized MAC address authentication is disabled both globally and for a
port.

1-3
When being executed in system view, the mac-authentication command enables

centralized MAC address authentication globally.
When being executed in Ethernet port view, the mac-authentication command
enables centralized MAC address authentication for the current port.
Note:
You can configure other MAC address authentication-related attributes before or after
you enable centralized MAC address authentication globally or for a port. With the
attributes not configured, the defaults are adopted when you enable centralized MAC
address authentication.
Example
# Enable centralized MAC address authentication globally.

[Quidway] mac-authentication
MAC-Authentication is already enabled globally.
# Enable centralized MAC address authentication for Ethernet 1/0/1 port.

[Quidway-Ethernet1/0/1] mac-authentication
1.1.3 mac-authentication interface
Syntax
mac-authentication interface interface-list

undo mac-authentication interface interface-list
View
System view
Parameter

1-4
Description
Use the mac-authentication interface command to enable the centralized MAC

address authentication for specified ports.
Use the undo mac-authentication interface command to disable the centralized
MAC address authentication on specified ports.
By default, centralized MAC address authentication is disabled on a port.
Note:
z To make the centralized MAC address authentication configuration takes effect on a
port, you need to enable the centralized MAC address authentication for the port
after you enable centralized MAC address authentication globally.
z The configuration of the maximum number of learned MAC addresses (configured
through the mac-address max-mac-count command) is unavailable for the ports
with centralized MAC address authentication enabled. Similarly, the centralized
MAC address authentication is unavailable for the ports with the maximum number
of learned MAC addresses configured.
Example
# Enable centralized MAC address authentication for Ethernet 1/0/1 port.

[Quidway] mac-authentication interface Ethernet 1/0/1
1.1.4 mac-authentication authmode usernameasmacaddress
Syntax
mac-authentication authmode usernameasmacaddress [ usernameformat

{ with-hyphen | without-hyphen } ]
undo mac-authentication authmode
View
System view
Parameter
usernameformat: Specifies the input format of the username and password.

with-hyphen: Uses hyphened MAC addresses as usernames and passwords,
00-05-e0-1c-02-e3 for example.

1-5
without-hyphen: Uses MAC addresses without hyphens as usernames and

passwords, 0005e01c02e3 for example.
Description
Use the mac-authentication authmode usernameasmacaddress command to

specify the centralized MAC address authentication mode as MAC address.
Use the undo mac-authentication authmode command to restore the default
centralized MAC address authentication mode.
By default, the MAC address mode is adopted for the centralized MAC address
authentication.
Example
# Specify centralized MAC address authentication mode as MAC address, using

hyphened MAC addresses as the usernames and passwords.
[Quidway] mac-authentication authmode usernameasmacaddress usernameformat
with-hyphen
1.1.5 mac-authentication authmode usernamefixed
Syntax
mac-authentication authmode usernamefixed

undo mac-authentication authmode
View
System view
Parameter
None
Description
Use the mac-authentication authmode usernamefixed command to specify the

centralized MAC address authentication mode as fixed mode.
Use the undo mac-authentication authmode command to restore the default
centralized MAC address authentication mode.
By default, the MAC address mode is adopted.
Example
# Specify centralized MAC address authentication mode as fixed mode.


1-6

[Quidway] mac-authentication authmode usernamefixed
1.1.6 mac-authentication authpassword
Syntax
mac-authentication authpassword password

undo mac-authentication authpassword
View
System view
Parameter
password: Password to be set, a string comprising 1 to 63 characters.
Description
Use the mac-authentication authpassword command to set a password for

centralized MAC address authentication when the fixed mode is adopted.
Use the undo mac-authentication authpassword command to cancel the configured
password.
By default, no password is set when the fixed mode is adopted.
Example
# Set the password to mac.

[Quidway] mac-authentication authpassword mac
1.1.7 mac-authentication authusername
Syntax
mac-authentication authusername username

undo mac-authentication authusername
View
System view
Parameter
username: User name to be set, a string comprising 1 to 55 characters.

1-7
Description
Use the mac-authentication authusername command to set a user name when the
fixed mode is adopted.
Use the undo mac-authentication authusername command to restore the default
user name.
By default, the user name used in MAC address authentication (in the fixed mode) is
mac.
Example
# Set the user name to vipuser for fixed mode.

[Quidway] mac-authentication authusername vipuser
1.1.8 mac-authentication domain
Syntax
mac-authentication domain isp-name

undo mac-authentication domain
View
System view
Parameter
isp-name: ISP domain name, a string comprising up to 24 characters. Note that this
argument cannot be null and cannot contain these characters: “/”, “:”, “*”, “?”, “<”, and
“>”.
Description
Use the mac-authentication domain command to configure an ISP domain for

centralized MAC address authentication.
Use the undo mac-authentication domain command to restore the default ISP
domain for centralized MAC address authentication.
By default, the domain for centralized MAC address authentication is not configured.
Use the “default domain” as the ISP domain name.
Example
# Configure the domain for centralized MAC address authentication to be Cams.


1-8
[Quidway] mac-authentication domain Cams
1.1.9 mac-authentication timer
Syntax
mac-authentication timer { offline-detect offline-detect-value | quiet quiet-value |

server-timeout server-timeout-value }
undo mac-authentication timer { offline-detect | quiet | server-timeout }
View
System view
Parameter
offline-detect-value: Offline detect timer (in seconds) setting. This argument ranges
from 1 to 65,535 and defaults to 300. The offline detect timer sets the time interval for a
switch to test whether a user goes offline.
quiet-value: Quiet timer (in seconds) setting. This argument ranges from 1 to 3,600 and
defaults to 60. After a user fails to pass the authentication performed by a switch, the
switch quiets for a specific period (the quiet period) before it authenticates users again.
server-timeout-value: Server timeout timer setting (in seconds). This argument ranges
from 1 to 65,535 and defaults to 100. During authentication, the switch prohibits a user
from accessing the network through the corresponding port if the connection between
the switch and the RADIUS server times out.
Description
Use the mac-authentication timer command to configure the timers used in

centralized MAC address authentication.
Use the undo mac-authentication timer command to restore a timer to its default
setting.
Related command: display mac-authentication.
Example
# Set the server timeout timer to 150 seconds.

[Quidway] mac-authentication timer server-timeout 150
1.1.10 reset mac-authentication
Syntax
reset mac-authentication statistics [ interface interface-type interface-number ]

1-9
View
User view
Parameter

Description
Use the reset mac-authentication command to clear the centralized MAC address
authentication statistics. If you execute this command with the interface keyword
specified, the centralized MAC address authentication statistics of the specified port is
cleared. If the keyword is not specified, the command clears the global centralized MAC
address authentication statistics.
Example
# Clear the centralized MAC address authentication statistics of Ethernet 1/0/1 port.
<Quidway> reset mac-authentication statistics interface Ethernet 1/0/1

1-10
Command Manual – ARP
Table of Contents
Chapter 1 ARP Configuration Commands .................................................................................. 1-1

1.1 ARP Configuration Commands.......................................................................................... 1-1
1.1.1 arp check enable ..................................................................................................... 1-1
1.1.2 arp static.................................................................................................................. 1-1
1.1.3 arp timer aging ........................................................................................................ 1-2
1.1.4 display arp ............................................................................................................... 1-3
1.1.5 display arp | ............................................................................................................. 1-5
1.1.6 display arp count ..................................................................................................... 1-6
1.1.7 display arp timer aging ............................................................................................ 1-6
1.1.8 gratuitous-arp-learning enable ................................................................................ 1-7
1.1.9 reset arp .................................................................................................................. 1-8
Chapter 2 Resilient ARP Configuration Commands.................................................................. 2-1

2.1 Resilient ARP Configuration Commands........................................................................... 2-1
2.1.1 display resilient-arp ................................................................................................. 2-1
2.1.2 resilient-arp enable.................................................................................................. 2-1
2.1.3 resilient-arp interface vlan-interface ........................................................................ 2-2
i
Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 ARP Configuration Commands
Chapter 1 ARP Configuration Commands
1.1 ARP Configuration Commands

1.1.1 arp check enable
Syntax
arp check enable

undo arp check enable
View
System view
Parameter
None
Description
Use the arp check enable command to enable the ARP entry checking function, that is,
to disable a switch from creating multicast MAC address ARP entries for MAC
addresses learned.
Use the undo arp check enable command to disable the ARP entry checking function.
In this case, a switch creates multicast MAC address ARP entries for MAC addresses
learned.
By default, the ARP entry checking function is enabled.
Example
# Configure to create multicast MAC address ARP entries for MAC addresses learned.
[Quidway] undo arp check enable
1.1.2 arp static
Syntax
arp static ip-address mac-address [ vlan-id interface-type interface-number ]

arp static ip-address mac-address vlan-id (Ethernet interface view)
undo arp ip-address
1-1
View
System view, Ethernet interface view
Parameter
ip-address: IP address contained in the ARP mapping entry to be created/removed.

mac-address: MAC address contained in the ARP mapping entry to be created, in the
format of H-H-H.
vlan-id: ID of the VLAN to which the static ARP entry belongs, in the range of 1 to 4094.
interface-type: Type of the port to which the static ARP entry belongs.
interface-number: Number of the port to which the static ARP entry belongs.
Description
Use the arp static command to create a static ARP mapping entry.
Use the undo arp command to remove an ARP mapping entry.
The system ARP mapping table is empty when a switch is just started. And the dynamic
address mapping entries are generated by ARP.
Note that:
z Static ARP mapping entries are valid as long as the Ethernet switch operates.
However, an ARP mapping entry is removed if the corresponding VLAN is
removed. By default, a dynamic ARP mapping entry remains valid for 20 minutes.
z As for the arp static command, the value of the vlan-id argument must be the ID of
an existing VLAN, and the port identified by the interface-type and
interface-number arguments must belong to the VLAN.
z Currently, it is not supported to configure static ARP mapping entry on aggregation
port
Related command: reset arp, display arp.
Example
# Create a static ARP mapping entry, with the IP address of 202.38.10.2, the MAC
address of 00e0-fc01-0000. The ARP mapping entry belongs to Ethernet1/0/1 port
(assuming that Ethernet1/0/1 port belongs to VLAN1).
[Quidway] arp static 202.38.10.2 00e0-fc01-0000 1 Ethernet 1/0/1
1.1.3 arp timer aging
Syntax
arp timer aging aging-time
1-2
undo arp timer aging
View
System view
Parameter
aging-time: Aging time (in minutes) of the dynamic ARP mapping entries. This
argument ranges from 1 to 1,440.
Description
Use the arp timer aging command to configure the aging time for dynamic ARP
mapping entries.
Use the undo arp timer aging command to restore the default aging time.
By default, the aging time for dynamic ARP mapping entries is 20 minutes.
Related command: display arp timer aging.
Example
# Configure the aging time to be 10 minutes for dynamic ARP mapping entries.
[Quidway] arp timer aging 10
1.1.4 display arp
Syntax
display arp [ dynamic | static | ip-address ]
View
Any view
Parameter
dynamic: Displays dynamic ARP mapping entries.

static: Displays static ARP mapping entries.
ip-address: IP address. ARP mapping entries containing the IP address are to be
displayed.
Description
Use the display arp command to display specific ARP mapping entries.
If you execute this command with no keyword/argument specified, all the ARP mapping
entries are displayed.
1-3
Related command: arp static, reset arp.
Example
# Display all the ARP mapping entries.

<Quidway> display arp
Type: S-Static D-Dynamic
IP Address MAC Address VLAN ID Port Name / AL ID Aging Type
10.2.72.162 000a-000a-0aaa N/A N/A N/A S
192.168.0.77 0000-e8f5-6a4a 1 Ethernet1/0/2 13 D
192.168.0.2 000d-88f8-4e88 1 Ethernet1/0/2 14 D
192.168.0.200 0014-222c-9d6a 1 Ethernet1/0/2 14 D
192.168.0.45 000d-88f6-44c1 1 Ethernet1/0/2 15 D
192.168.0.110 0011-4301-991e 1 Ethernet1/0/2 15 D
192.168.0.32 0000-e8f5-73ee 1 Ethernet1/0/2 16 D
192.168.0.3 0014-222c-aa69 1 Ethernet1/0/2 16 D
192.168.0.17 000d-88f6-379c 1 Ethernet1/0/2 17 D
192.168.0.115 000d-88f7-9f7d 1 Ethernet1/0/2 18 D
192.168.0.43 000c-760a-172d 1 Ethernet1/0/2 18 D
192.168.0.33 000d-88f6-44ba 1 Ethernet1/0/2 20 D
192.168.0.35 00e0-fc02-2181 1 Ethernet1/0/2 20 D
192.168.0.5 000f-3d80-2b38 1 Ethernet1/0/2 20 D
--- 14 entries found ---
Table 1-1 Description on the fields of the display arp command
Field Description
IP Address IP address contained in an ARP mapping entry
MAC address contained in an ARP mapping
MAC Address
entry
ID of the VLAN which an ARP mapping entry
VLAN ID
belongs to
Index of the port which an ARP mapping entry
Port Name / AL ID
belongs to
Aging time (in minutes) of a dynamic ARP
Aging
mapping entry
Type Type of an ARP mapping entry
1-4
1.1.5 display arp |
Syntax
display arp [ dynamic | static] | { begin | exclude | include } text
View
Any view
Parameter
dynamic: Displays dynamic ARP mapping entries.

static: Displays static ARP mapping entries.
| { begin | exclude | include } text: Regular expression, where:
begin: Displays the ARP mapping entries from the first ARP entry that contains the
specified string given by the text argument.
exclude: Displays the ARP mapping entries that do not contain the specified string
given by the text argument.
include: Displays the ARP mapping entries that contain the specified string given by
the text argument.
text: String used to filter ARP mapping entries.
Description
Use the display arp | command to display the ARP mapping entries related to string in
a specified way.
Example
# Display all the ARP mapping entries that contain the string “77”.
<Quidway>dis arp | include 77
192.168.0.77 0000-e8f5-6a4a 1 Ethernet1/0/2 12 D
--- 1 entry found ---
# Display all the ARP entries that do not contain the string “68”.
<Quidway>dis arp | exclude 68
10.2.72.162 000a-000a-0aaa N/A N/A N/A S
--- 1 entry found ---
1-5
Refer to Table 1-1 for the description on the above output information.
1.1.6 display arp count
Syntax
display arp count [ [ dynamic | static ] [ | { begin | exclude | include } text ] |

ip-address ]
View
Any view
Parameter
dynamic: Counts the dynamic ARP mapping entries.

static: Counts the static ARP mapping entries.
| { begin | exclude | include } text: Regular expression, where:
begin: Counts the ARP mapping entries from the first ARP entry that contains the string
given by the text argument.
exclude: Counts the ARP mapping entries that do not contain the string given by the
text argument.
Include: Counts the ARP mapping entries that contain the string given by the text
argument.
text: String used to filter ARP mapping entries.
ip-address: IP address. The ARP mapping entries containing the IP address are to be
counted in.
Description
Use the display arp count command to display the number of the specified ARP
mapping entries. If no parameter is specified, the total number of ARP mapping entries
is displayed.
Example
# Display the total number of ARP mapping entries.

<Quidway> display arp count
1 entry found
1.1.7 display arp timer aging
Syntax
display arp timer aging
1-6
View
Any view
Parameter
None
Description
Use the display arp timer aging command to display the setting of the ARP aging
timer.
Related command: arp timer aging.
Example
# Display the setting of the ARP aging timer.

<Quidway> display arp timer aging
Current ARP aging time is 20 minute(s)(default)
The displayed information shows that the ARP aging timer is set to 20 minutes.
1.1.8 gratuitous-arp-learning enable
Syntax
gratuitous-arp-learning enable
undo gratuitous-arp-learning enable
View
System view
Parameter
None
Description
Use the gratuitous-arp-learning enable command to enable the gratuitous ARP

packet learning function.
Use the undo gratuitous-arp-learning enable command to disable the gratuitous
ARP packet learning function.
By default, the gratuitous ARP packet learning function is enabled.
With the gratuitous ARP packet learning function enabled, a switch operates as follows
when receiving a gratuitous ARP packet:
If the cache of the switch contains ARP mapping entries that match the packet, the
switch updates the ARP mapping entries using the sender hardware address carried in
the gratuitous ARP packet.
1-7
If no ARP mapping entry in the cache matches the packet, an ARP mapping entry
corresponding to the packet is created.
Example
# Enable the gratuitous ARP packet learning function on the switch named QuidwayA.
<QuidwayA> system-view
[QuidwayA] gratuitous-arp-learning enable
1.1.9 reset arp
Syntax
reset arp [ dynamic | static | interface interface-type interface-number ]
View
User view
Parameter
dynamic: Clears dynamic ARP mapping entries.

static: Clears static ARP mapping entries.
Description
Use the reset arp command to clear specific ARP mapping entries.
Related command: arp static, display arp.
Example
# Clear static ARP mapping entries.

<Quidway> reset arp static
1-8
Command Manual – ARP Chapter 2 Resilient ARP Configuration
Chapter 2 Resilient ARP Configuration Commands
2.1 Resilient ARP Configuration Commands

2.1.1 display resilient-arp
Syntax
display resilient-arp [ unit unit-id ]
View
Any view
Parameter
unit-id: Unit ID ranging from 1 to 8.
Description
Use the display resilient-arp command to display the Resilient ARP state information
of each unit and the VLAN interface that can transmit Resilient ARP packets.
If the unit-id is not specified, this command is to display Resilient ARP state information
of all units. If the unit-id is specified, this command is to display the Resilient ARP state
information of the specified unit.
Example
# Display the information about Resilient ARP state of unit 1.

<Quidway> display resilient-arp unit 1
The state of unit 1 is: L3Master
The sending interface(s):
Vlan-interface1
Vlan-interface2
The above information displayed means that the current Resilient ARP state of unit 1 is
L3Master. Under this status, switch sends Resilient ARP packets periodically to notify
other fabrics that the local fabric is in the Layer 3 state. And VLAN interfaces through
which the Resilient ARP packets are sent are VLAN 1 interface and VLAN 2 interface.
2.1.2 resilient-arp enable
Syntax
resilient-arp enable
2-1
undo resilient-arp enable
View
System view
Parameter
None
Description
Use the resilient-arp enable command to enable the Resilient ARP function.
Use the undo resilient-arp enable command to disable the Resilient ARP function.
By default, the Resilient ARP function is enabled.
Related command: display resilient-arp.
Example
# Enable the Resilient ARP function.

[Quidway] resilient-arp enable
2.1.3 resilient-arp interface vlan-interface
Syntax
resilient-arp interface Vlan-interface vlan-id

undo resilient-arp interface Vlan-interface vlan-id
View
System view
Parameter
Description
Use the resilient-arp interface Vlan-interface command to configure the VLAN

interface through which Resilient ARP packets are sent.
Use the undo resilient-arp interface Vlan-interface command to remove the VLAN
interface through which Resilient ARP packets are sent.
By default, Resilient ARP packets are sent through the VLAN 1 interface.
Related command: display resilient-arp.
2-2
Example
# Configure the Resilient ARP packets to be sent from the VLAN 2 interface.
[Quidway] resilient-arp interface Vlan-interface 2
2-3
New Feature Manual - DHCP
Table of Contents
Chapter 1 DHCP Server Configuration Commands ................................................................... 1-1

1.1 DHCP Server Configuration Commands ........................................................................... 1-1
1.1.1 bims-server.............................................................................................................. 1-1
1.1.2 dhcp enable............................................................................................................. 1-2
1.1.3 dhcp select global ................................................................................................... 1-3
1.1.4 dhcp select interface ............................................................................................... 1-4
1.1.5 dhcp server bims-server.......................................................................................... 1-6
1.1.6 dhcp server detect................................................................................................... 1-7
1.1.7 dhcp server dns-list ................................................................................................. 1-7
1.1.8 dhcp server domain-name ...................................................................................... 1-9
1.1.9 dhcp server expired............................................................................................... 1-10
1.1.10 dhcp server forbidden-ip ..................................................................................... 1-11
1.1.11 dhcp server ip-pool.............................................................................................. 1-12
1.1.12 dhcp server nbns-list ........................................................................................... 1-13
1.1.13 dhcp server netbios-type..................................................................................... 1-14
1.1.14 dhcp server option............................................................................................... 1-16
1.1.15 dhcp server ping.................................................................................................. 1-17
1.1.16 dhcp server relay information enable.................................................................. 1-18
1.1.17 dhcp server static-bind ........................................................................................ 1-18
1.1.18 dhcp server voice-config ..................................................................................... 1-20
1.1.19 dhcp server voice-config interface ...................................................................... 1-21
1.1.20 display dhcp server conflict ................................................................................. 1-23
1.1.21 display dhcp server expired ................................................................................ 1-23
1.1.22 display dhcp server free-ip .................................................................................. 1-25
1.1.23 display dhcp server ip-in-use .............................................................................. 1-25
1.1.24 display dhcp server statistics .............................................................................. 1-27
1.1.25 display dhcp server tree ...................................................................................... 1-28
1.1.26 dns-list ................................................................................................................. 1-31
1.1.27 domain-name ...................................................................................................... 1-32
1.1.28 expired................................................................................................................. 1-32
1.1.29 gateway-list ......................................................................................................... 1-33
1.1.30 nbns-list ............................................................................................................... 1-34
1.1.31 netbios-type......................................................................................................... 1-35
1.1.32 network................................................................................................................ 1-36
1.1.33 option................................................................................................................... 1-37
1.1.34 reset dhcp server conflict .................................................................................... 1-38
1.1.35 reset dhcp server ip-in-use.................................................................................. 1-38
1.1.36 reset dhcp server statistics.................................................................................. 1-39
i
New Feature Manual - DHCP
1.1.37 static-bind client-identifier.................................................................................... 1-40

1.1.38 static-bind ip-address .......................................................................................... 1-40
1.1.39 static-bind mac-address ...................................................................................... 1-41
1.1.40 voice-config ......................................................................................................... 1-42
Chapter 2 DHCP Relay Configuration Commands..................................................................... 2-1

2.1 DHCP Relay Configuration Commands ............................................................................ 2-1
2.1.1 address-check ......................................................................................................... 2-1
2.1.2 dhcp-relay hand....................................................................................................... 2-2
2.1.3 dhcp relay information enable ................................................................................. 2-2
2.1.4 dhcp relay information strategy ............................................................................... 2-3
2.1.5 dhcp-security static ................................................................................................. 2-4
2.1.6 dhcp-security tracker............................................................................................... 2-5
2.1.7 dhcp-server ............................................................................................................. 2-6
2.1.8 dhcp-server detect .................................................................................................. 2-7
2.1.9 dhcp-server ip.......................................................................................................... 2-8
2.1.10 display dhcp-security............................................................................................. 2-8
2.1.11 display dhcp-server ............................................................................................... 2-9
2.1.12 display dhcp-server interface .............................................................................. 2-11
2.1.13 reset dhcp-server ................................................................................................ 2-12
Chapter 3 DHCP Snooping Configuration Commands.............................................................. 3-1

3.1 DHCP Snooping Configuration Commands ...................................................................... 3-1
3.1.1 dhcp-snooping......................................................................................................... 3-1
3.1.2 dhcp-snooping trust................................................................................................. 3-1
3.1.3 display dhcp-snooping ............................................................................................ 3-2
3.1.4 display dhcp-snooping trust .................................................................................... 3-3
Chapter 4 DHCP Accounting Configuration Commands .......................................................... 4-1

4.1 DHCP Accounting Configuration Commands.................................................................... 4-1
4.1.1 accounting domain .................................................................................................. 4-1
ii
New Feature Manual - DHCP Chapter 1 DHCP Server Configuration
Chapter 1 DHCP Server Configuration Commands
Note:
The contents of this chapter are only applicable to the S3900-EI series among S3900
Series Switches.
1.1 DHCP Server Configuration Commands

1.1.1 bims-server
Syntax
bims-server ip ip-address [ port port-number ] sharekey key

undo bims-server
View
DHCP address pool view
Parameter
ip ip-address: IP address of the remote BIMS server.

port port-number: Port number of the remote BIMS, ranging from 1 to 65534.
sharekey key: Shared key of the remote BIMS server, a string containing 1 to 16
characters. It cannot be null.
Description
Use the bims-server command to configure the connection between a DHCP global
address pool and a BIMS server.
Use the undo bims-server command to remove the configuration of the connection
between a DHCP global address pool and a BIMS server.
By default, no connection is configured.
Related command: dhcp server bims-server.
Note:
Branch intelligent management system (BIMS) is a network management software
provided by Huawei Technologies Co., Ltd.
1-1
Example
# Set the IP address of the remote BIMS server in the DHCP global address pool to
192.168.0.1, the port number to 651, and the shared key to aaa.
[Quidway] dhcp server ip-pool test
[Quidway-dhcp-pool-test] bims-server ip 192.168.0.1 port 651 sharekey aaa
1.1.2 dhcp enable
Syntax
dhcp enable
undo dhcp enable
View
System view
Parameter
None
Description
Use the dhcp enable command to enable DHCP.

Use the undo dhcp enable command to disable DHCP.
By default, DHCP is enabled.
You must first enable DHCP before performing other DHCP-related configurations.
This configuration is necessary for both DHCP servers and DHCP relays.
Note:
To prevent malicious attacks to unused sockets and enhance security, S3900 series
Ethernet switches provide the following functions:
z When DHCP is enabled, sockets UDP 67 and UDP 68 used by DHCP are enabled.
z When DHCP is disabled, sockets UDP 67 and UDP 68 are disabled at the same
time.
The preceding functions are implemented as follows:
1-2
z After you enable DHCP by using the dhcp enable command, if the DHCP server
and DHCP relay are not configured, sockets UDP 67 and UDP 68 will not be
enabled. If the DHCP server and DHCP relay are configured, sockets UDP 67 and
UDP 68 will be enabled.
z After you disable DHCP by using the undo dhcp enable command, even if the
DHCP server and DHCP relay are configured, sockets UDP 67 and UDP 68 will be
disabled.
Example

# Enable DHCP.
[Quidway] dhcp enable
1.1.3 dhcp select global
Syntax
VLAN interface view:

dhcp select global
undo dhcp select
System view:
dhcp select global { interface interface-type interface-number [ to interface-type
interface-number ] | all }
undo dhcp select { interface interface-type interface-number [ to interface-type
View
System view and VLAN interface view
Parameter
interface interface-type interface-number [ to interface-type interface-number ]:

Specifies the interface(s) to operate in global address pool mode. The interface-type
and interface-number arguments are the type and number of an interface. The to
keyword separates the start and the end of an interface range.
all: Specifies all ports to operate in global address pool mode.
1-3
Description
Use the dhcp select global command to configure the specified interface(s) or all
interfaces to operate in global DHCP address pool mode. Upon receiving a DHCP
packet from a DHCP client through an interface operating in global DHCP address
pool mode, the DHCP server chooses an IP address from a global DHCP address pool
of the local DHCP server and assigns the address to the DHCP client.
Use the undo dhcp select command to restore the default DHCP packet processing
mode.
By default, an interface operates in local DHCP server global address pool mode.
Example

# Configure all interfaces to operate in global DHCP address pool mode, so that when
a DHCP packet is received from a DHCP client through any interface, the DHCP
server assigns an IP address in local global DHCP address pools to the DHCP client.
[Quidway] dhcp select global all
1.1.4 dhcp select interface
Syntax

dhcp select interface
undo dhcp select
System view:
dhcp select interface { interface interface-type interface-number [ to interface-type
undo dhcp select { interface interface-type interface-number [ to interface-type
View
System view and VLAN interface view
Parameter

Specifies the interface(s) to operate in interface address pool mode.
all: Specifies all interfaces to operate in interface address pool mode.
1-4
Description
Use the dhcp select interface command to configure the specified interface(s) to
operate in DHCP interface address pool mode. Upon receiving a DHCP packet from a
DHCP client through an interface operating in interface address pool mode, the DHCP
server chooses an IP address from the interface address pool of the local DHCP
server and assigns the address to the DHCP client.
Use the undo dhcp select command to restore the default DHCP packet processing
mode.
By default, an interface operates in local DHCP server global address pool mode.
Note:
To prevent malicious attacks to unused sockets and enhance switch security, S3900
series Ethernet switches provide the following functions:
time.
z After you configure a DHCP interface address pool by using the dhcp select
interface command, sockets UDP 67 and UDP 68 will be enabled.
z After you delete the DHCP interface address pool by using the undo dhcp select
interface command and disable all the DHCP functions, sockets UDP 67 and UDP
68 will be disabled.
Example

# Configure all interfaces to operate in interface DHCP address pool mode, so that
when a DHCP packet is received from a DHCP client through any interface, the DHCP
server assigns an IP address in the local interface DHCP address pool to the DHCP
client.
[Quidway] dhcp select interface all
1-5
1.1.5 dhcp server bims-server
Syntax
dhcp server bims-server ip ip-address [ port port-number ] sharekey key { interface

interface-type interface-number [ to interface-type interface-number ] | all }
undo dhcp server bims-server { interface interface-type interface-number [ to
interface-type interface-number ] | all }
View
System view
Parameter
port port-number: Port number of the designated remote BIMS server.

sharekey key: Shared key of the remote BIMS server, a string containing 1 to 16
characters. It cannot be null.
Specifies an interface operating in the interface address pool mode.
all: Specifies all interfaces.
Description
Use the dhcp server bims-server command to configure the connection between a
DHCP interface address pool and a remote BIMS server.
Use the undo dhcp server bims-server command to remove the configuration of the
connection between a DHCP interface global address pool and a BIMS server.
Related command: bims-server.
Note:
Branch intelligent management system (BIMS) is a network management software
provided by Huawei Technologies Co., Ltd.
Example
# Set the IP address of the remote BIMS server of DHCP interface address pool 2 to
192.168.0.2, the port number to 111, and the shared key to aaa.
[Quidway]dhcp server bims-server ip 192.168.0.2 port 111 sharekey aaa interface
Vlan-interface 1
1-6
1.1.6 dhcp server detect
Syntax
dhcp server detect

undo dhcp server detect
View
System view
Parameter
None
Description
Use the dhcp server detect command to enable the private DHCP server detecting
function.
Use the undo dhcp server detect command to disable the private DHCP server
detecting function.
By default, the private DHCP server detecting function is disabled.
With the private DHCP server detecting function enabled, a DHCP server tracks the
information (such as the IP addresses and interfaces) of DHCP servers to enable the
administrator to detect private DHCP servers in time and take proper measures.
Example

# Enable the private DHCP server detecting function.

[Quidway] dhcp server detect
1.1.7 dhcp server dns-list
Syntax

dhcp server dns-list ip-address&<1-8>
undo dhcp server dns-list { ip-address | all }
System view:
dhcp server dns-list ip-address&<1-8> { interface interface-type interface-number
[ to interface-type interface-number ] | all }
1-7
undo dhcp server dns-list { ip-address | all } { interface interface-type

interface-number [ to interface-type interface-number ] | all }
View
System view/VLAN interface view
Parameter
ip-address&<1-8>: IP address of a DNS server. &<1-8> means you can provide up to

eight DNS server IP addresses. When inputting more than one DNS server IP address,
separate two neighboring IP addresses with a space.
Specifies the interface(s), through which you can specify the corresponding interface
address pools.
all: (In comparison with the ip-address argument) Specifies all DNS server IP
addresses.
all: (In comparison with the interface keyword) Specifies all interface address pools.
Description
Use the dhcp server dns-list command to configure DNS server IP address(es) for
the DHCP address pool(s) of specified interface(s).
Use the undo dhcp server dns-list command to remove the DNS server IP
address(es) configured for the DHCP address pool(s) of the specified interface(s).
By default, no DNS server IP address is configured for a DHCP interface address pool.
If you execute the dhcp server dns-list command repeatedly, the new configuration
overwrites the previous one.
Related command: dns-list.
Example

# Enter VLAN interface 1 view.

# Configure the DNS server IP address 1.1.1.254 for the DHCP address pool of the
VLAN interface 1.
[Quidway-Vlan-interface1] dhcp server dns-list 1.1.1.254
1-8
1.1.8 dhcp server domain-name
Syntax

dhcp server domain-name domain-name
undo dhcp server domain-name
System view:
dhcp server domain-name domain-name { interface interface-type interface-number
undo dhcp server domain-name { interface interface-type interface-number [ to
View
Parameter
domain-name: Domain name of the DHCP clients whose IP addresses are from the
specified interface address pool(s). This argument is a string of 3 to 50 characters.
address pool(s).
all: Specifies all interface address pools.
Description
Use the dhcp server domain-name command to configure a domain name for the
DHCP clients whose IP addresses are from the specified interface address pool(s).
Use the undo dhcp server domain-name command to remove the configured
domain name.
By default, no domain name is configured for the DHCP clients.
Related command: domain-name.
Example


1-9
# Configure the domain name aabbcc.com for the DHCP clients whose IP addresses
are from the DHCP address pool of the current VLAN interface.
[Quidway-Vlan-interface1] dhcp server domain-name aabbcc.com
1.1.9 dhcp server expired
Syntax

dhcp server expired { day day [ hour hour [ minute minute ] ] | unlimited }
undo dhcp server expired
System view:
dhcp server expired { day day [ hour hour [ minute minute ] ] | unlimited }
{ interface interface-type interface-number [ to interface-type interface-number ] | all }
undo dhcp server expired { interface interface-type interface-number [ to
View
Parameter
day day: Specifies the number of days. The day argument ranges from 0 to 365.
hour hour: Specifies the number of hours. The hour argument ranges from 0 to 23.
minute minute: Specifies the number of minutes. The minute argument ranges from 0
to 59.
unlimited: Specifies that the lease time is unlimited. (But actually, the system limits the
maximum lease time to about 25 years.)
address pool(s).
Description
Use the dhcp server expired command to configure the lease time of the IP
addresses in the specified interface address pool(s).
Use the undo dhcp server expired command to restore the default lease time.
The default lease time is one day.
Note that an IP address is considered to be expired if its lease time is after the year
2106.
1-10
Related command: expired.
Example

# Set the lease time of the IP addresses in all interface address pools to be 1 day, 2
hours and 3 minutes.
[Quidway] dhcp server expired day 1 hour 2 minute 3 all
1.1.10 dhcp server forbidden-ip
Syntax
dhcp server forbidden-ip low-ip-address [ high-ip-address ]

undo dhcp server forbidden-ip low-ip-address [ high-ip-address ]
View
System view
Parameter
low-ip-address: IP address that is not available for being assigned to DHCP clients
automatically (An IP address of this kind is known as a forbidden IP address). This
argument also marks the lower end of the range of the forbidden IP addresses.
high-ip-address: IP address that is not available for being assigned to DHCP clients.
This argument also marks the higher end of the range of the forbidden IP addresses.
Note that this argument cannot be less than the low-ip-address argument. If you do not
provide this argument, only the IP address specified by the low-ip-address argument is
forbidden.
Description
Use the dhcp server forbidden-ip command to forbid the specified IP addresses in a
DHCP address pool to be automatically assigned.
Use the undo dhcp server forbidden-ip command to cancel the forbiddance.
By default, all IP addresses in an address pool are allowed to be automatically
assigned.
Related command: dhcp server ip-pool, network, static-bind ip-address and dhcp
server static-bind.
1-11
Note:
z When you execute the undo dhcp server forbidden-ip command, make sure that
the specified address range does not contain any statically bound IP address.
z You can configure multiple IP address segments that are not to be automatically
configured by executing the dhcp server forbidden-ip command several times.
z If an IP address that is not to be automatically assigned has been configured as a
statically-bound IP address, the DHCP server still assigns this IP address to the
client whose MAC address has been bound.
Example

# Forbid the IP addresses in the range 10.110.1.1 to 10.110.1.63 to be automatically

assigned.
[Quidway] dhcp server forbidden-ip 10.110.1.1 10.110.1.63
1.1.11 dhcp server ip-pool
Syntax
dhcp server ip-pool pool-name

undo dhcp server ip-pool pool-name
View
System view
Parameter
pool-name: Name of a DHCP address pool, which uniquely identifies the address pool.
This argument is a string of 1 to 35 characters.
Description
Use the dhcp server ip-pool command to create a global DHCP address pool and
enter DHCP address pool view. If the address pool identified by the pool-name
argument already exists, this command leads you to DHCP address pool view.
Use the undo dhcp server ip-pool command to remove a specified DHCP address
pool.
By default, no global DHCP address pool is created.
Related command: dhcp enable.
1-12
Note:
z When DHCP is disabled, sockets UDP 67 and UDP 68 are shut down at the same
time.
z After you create a DHCP address pool by using the dhcp server ip-pool command,
sockets UDP 67 and UDP 68 will be enabled.
z After you delete the DHCP address pool by using the undo dhcp server ip-pool
command and disable all the DHCP functions, sockets UDP 67 and UDP 68 will be
disabled.
Example

# Create DHCP address pool 0.

[Quidway] dhcp server ip-pool 0
[Quidway-dhcp-pool-0]
1.1.12 dhcp server nbns-list
Syntax

dhcp server nbns-list ip-address&<1-8>
undo dhcp server nbns-list { ip-address | all }
System view:
dhcp server nbns-list ip-address&<1-8> { interface interface-type interface-number
undo dhcp server nbns-list { ip-address | all } { interface interface-type
interface-number [ to interface-type interface-number ] | all }
View
1-13
Parameter
ip-address&<1-8>: IP address of a NetBIOS server. &<1-8> means you can provide up

to eight NetBIOS server IP addresses. When inputting more than one NetBIOS server
IP address, separate two neighboring IP addresses with a space.
address pool(s).
all: (In comparison with the ip-address argument) Specifies all NetBIOS server IP
addresses.
all: (In comparison with the interface keyword) Specifies all interface address pools.
Description
Use the dhcp server nbns-list command to configure NetBIOS server IP address(es)
for the specified DHCP interface address pool(s).
Use the undo dhcp server nbns-list command to remove the NetBIOS server IP
address(es) configured for the specified DHCP interface address pool(s).
By default, no NetBIOS server IP address is configured for a DHCP interface address
pool.
If you execute the dhcp server nbns-list command repeatedly, the new configuration
Related command: nbns-list and dhcp server netbios-type.
Example

# Configure the NetBIOS server IP address 10.12.1.99 for all the DHCP interface
address pools.
[Quidway] dhcp server nbns-list 10.12.1.99 all
1.1.13 dhcp server netbios-type
Syntax

dhcp server netbios-type { b-node | h-node | m-node | p-node }
undo dhcp server netbios-type
System view:
1-14
dhcp server netbios-type { b-node | h-node | m-node | p-node } { interface

undo dhcp server netbios-type { interface interface-type interface-number [ to
View
Parameter
b-node: Specifies the broadcast type. Nodes of this type acquire host name-to-IP
address mapping by broadcasting.
p-node: Specifies the peer-to-peer type. Nodes of this type acquire host name-to-IP
address mapping by communicating with the NetBIOS server.
m-node: Specifies the m-typed mixed type. Nodes of this type are p-nodes with some
broadcasting features. (The character m here stands for mixed.)
h-node: Specifies the hybrid type. Nodes of this type are b-nodes with peer-to-peer
communicating features.
address pools.
Description
Use the dhcp server netbios-type command to configure the NetBIOS node type of
the DHCP clients whose IP addresses are from the specified interface address pool(s).
Use the undo dhcp server netbios-type command to restore the default NetBIOS
node type.
By default, no NetBIOS node type is specified and the default NetBIOS node type is
h-node.
Related command: netbios-type and dhcp server nbns-list.
Example

# Specify p-node as the NetBIOS node type of the DHCP clients whose IP addresses
are from the DHCP address pool of VLAN interface 1.
[Quidway-Vlan-interface1] dhcp server netbios-type p-node
1-15
1.1.14 dhcp server option
Syntax

dhcp server option code { ascii ascii-string | hex hex-string&<1-10> | ip-address
ip-address&<1-8> }
undo dhcp server option code
System view:
dhcp server option code { ascii ascii-string | hex hex-string&<1-10> | ip-address
ip-address&<1-8> } { interface interface-type interface-number [ to interface-type
undo dhcp server option code { interface interface-type interface-number [ to
View
Parameter
code: Customized option number ranging from 2 to 254. Note that this argument
cannot be 3, 6, 15, 44, 46, 50 through 55, 57 through 61, 82, or 217. Use the dhcp
server voice-config command and the dhcp server voice-config interface
command to configure option 184. You cannot configure option 184 by executing the
dhcp server option command.
ascii ascii-string: Specifies a string that is of 1 to 63 characters. Note that each
character of the string must be an ASCII character.
hex hex-string&<1-10>: Specifies strings, each of which comprises 1 to 8 hexadecimal
digits. &<1-10> means you can provide up to 10 such strings. When inputting more
than one string, separate two neighboring strings with a space. Note that the total
number of the hexadecimal digits (spaces not included) cannot exceed 64.
ip-address ip-address&<1-8>: Specifies IP addresses. &<1-8> means you can
provide up to eight IP addresses. When inputting more than one IP address, separate
two neighboring IP addresses with a space.
address pools.
1-16
Description
Use the dhcp server option command to customize DHCP options for the specified
DHCP interface address pool(s).
Use the undo dhcp server option command to remove the customized DHCP
options.
If you execute the dhcp server option command repeatedly, the new configuration
Related command: option.
Example

# Configure option 100 to be 0x11 and 0x22 for all DHCP interface address pools.
[Quidway] dhcp server option 100 hex 11 22 all
1.1.15 dhcp server ping
Syntax
dhcp server ping { packets number | timeout milliseconds }

undo dhcp server ping { packets | timeout }
View
System view
Parameter
packets number: Specifies the number of the packets to be sent in a ping test. The
number argument ranges from 0 to 10 and defaults to 2. Value 0 means no packet will
be sent.
timeout milliseconds: Specifies the timeout time (in milliseconds) of each packet. The
milliseconds argument ranges from 0 to 10,000 and defaults to 500.
Description
Use the dhcp server ping command to set the maximum number of the ICMP packets
a DHCP server sends in a ping test and the maximum response timeout time of each
ICMP packet.
Use the undo dhcp server ping command to restore the default settings.
1-17
Example

# Set the maximum number of the packets the DHCP server sends in a ping test to 10,
and the timeout time of each packet to 500 milliseconds.
[Quidway] dhcp server ping packets 10
1.1.16 dhcp server relay information enable
Syntax
dhcp server relay information enable

undo dhcp server relay information enable
View
System view
Parameter
None
Description
Use the dhcp server relay information enable command to enable the DHCP server
to support option 82.
Use the undo dhcp server relay information enable command to disable the DHCP
server from supporting option 82.
By default, the DHCP server supports option 82.
Example
# Disable the DHCP sever from supporting option 82.

[Quidway] undo dhcp server relay information enable
1.1.17 dhcp server static-bind
Syntax
dhcp server static-bind ip-address ip-address { client-identifier client-identifier |

mac-address mac-address }
undo dhcp server static-bind { client-identifier client-identifier | ip-address
ip-address | mac-address mac-address }
1-18
View
VLAN interface view
Parameter
ip-address: IP address to be statically bound. Note that the specified IP address must
belong to the same network segment as that of the VLAN interface.
client-identifier: Client ID to be statically bound, in the format of H-H-H. It contains 3 to
160 hexadecimal numbers.
mac-address: MAC address to which the IP address is statically bound.
Description
Use the dhcp server static-bind command to statically bind an IP address of the
current address pool to a MAC address.
Use the undo dhcp server static-bind command to cancel an IP-MAC address
binding.
By default, no IP address in an address pool is statically bound.
It should be noted that:
z An IP address can be statically bound to only one MAC address or one client ID.
A MAC address or client ID can be bound with only one IP address statically.
z The IP address to be statically bound cannot be an interface IP address of the
device; otherwise the static binding does not take effect. The bound MAC address
can also obtain another IP address.
Example

# Statically bind the client ID aaaa-bbbb to the IP address 10.1.1.1 (Assume that the
interface address pool of VLAN interface 1 already exists and the IP address belongs
to the address pool).
[Quidway-Vlan-interface1] dhcp server static-bind ip-address 10.1.1.1
client-identifier aaaa-bbbb
# Statically bind the IP address 10.1.1.1 to the MAC address 0000-e03f-0305.

(Assume that the interface address pool of VLAN interface 1 already exists and the IP
address belongs to the address pool.)
[Quidway-Vlan-interface1] dhcp server static-bind ip-address 10.1.1.1
mac-address 0000-e03f-0305
1-19
1.1.18 dhcp server voice-config
Syntax
dhcp server voice-config { ncp-ip ip-address | as-ip ip-address | voice-vlan vlan-id

{ enable | disable } | fail-over ip-address dialer-string }
undo dhcp server voice-config [ ncp-ip | as-ip | voice-vlan | fail-over ]
View
VLAN interface view
Parameter
ncp-ip: IP address of the network call processor.

as-ip: IP address of the alternative NCP server.
voice-vlan: Voice VLAN.
fail-over: Fail-over call route.
ip-address: IP address of the NCP, alternate server, or fail-over.
vlan-id: ID of the voice VLAN, in the range of 2 to 4,094.
enable: Enables a VLAN.
disable: Disables a VLAN.
dialer-string: Fail-over dial number string. The value contains 0 to 9 and the wildcard
asterisk (*).
Description
Use the dhcp server voice-config command to enable the DHCP server to assign IP
addresses with option 184 and its sub-options from the current interface address pool.
Use the undo dhcp server voice-config command to disable the DHCP server from
assigning IP addresses with option 184 and its sub-options from the current interface
address pool.
The DHCP server answers option 184 and the corresponding sub-options only after
the DHCP client requests for option 184.
Before configuring other sub-options, you must configure the sub-option ncp-ip;
otherwise other sub-options do not take effect.
By default, the DHCP server does not support option 184 and the corresponding
sub-options.
Related command: voice-config.
Example
# Enter system view
1-20
# Enter VLAN-interface 1 view.
# Enable the DHCP server to support all the sub-options of option 184 in
VLAN-interface 1. The NCP IP address is 1.1.1.1 and the IP address of the alternate
server is 2.2.2.2. The voice VLAN is enabled, with the ID being 3. The fail-over IP
address is 3.3.3.3 and the dial number string is 99*.
[Quidway-Vlan-interface1] dhcp select interface
[Quidway-Vlan-interface1] dhcp server voice-config ncp-ip 1.1.1.1
[Quidway-Vlan-interface1] dhcp server voice-config as-ip 2.2.2.2
[Quidway-Vlan-interface1] dhcp server voice-config voice-vlan 3 enable
[Quidway-Vlan-interface1] dhcp server voice-config fail-over 3.3.3.3 99*
1.1.19 dhcp server voice-config interface
Syntax
dhcp server voice-config { ncp-ip ip-address | as-ip ip-address | voice-vlan vlan-id

{ enable | disable } | fail-over ip-address dialer-string } { interface interface-type
interface-number [ to interface-type interface-number ] | all }}
undo dhcp server voice-config [ ncp-ip | as-ip | voice-vlan | fail-over ] { interface
View
System view
Parameter
ncp-ip: Specifies the IP address of the network call processor (NCP).

as-ip: Specifies the IP address of the alternate server (AS).
voice-vlan: Specifies the voice VLAN.
fail-over: Specifies the Fail-over call routing.
ip-address: IP address of the NCP, alternate server, or Fail-over.
vlan-id: ID of the voice VLAN. This argument ranges from 2 to 4094.
enable: Enables the voice VLAN.
disable: Disables the voice VLAN.
dialer-string: Dial number string. This argument comprises of number 0 through 9 and
the * character (acting as the wildcard).
1-21
interface-type interface-number [ to interface-type interface-number ]: Specifies all

interfaces in the interface range identified by the two interface indexes separated by
the to keyword (including the end interfaces). The interfaces must be VLAN interfaces.
all: Specifies that the sub-options apply to all VLAN interfaces.
Description
Use the dhcp server voice-config interface command to configure option 184 and
its sub-options, which will be sent to DHCP clients by a DHCP server as well when the
DHCP server assigns IP addresses of specified address pools to DHCP clients.
Use the undo dhcp server voice-config interface command to disable a DHCP
server from sending option 184 and the specified sub-option to DHCP clients when the
DHCP server assigns IP addresses to DHCP clients.
A DHCP server sends Option 184 and the corresponding sub-options to a DHCP client
only when the latter requests for option 184.
The NCP-IP sub-option is necessary for all other sub-options. You need to configure
the NCP-IP sub-option first to enable other sub-options.
By default, option 184 and its sub-options are not supported by a DHCP server.
Related command: voice-config.
Example

# Configure the DHCP server to support option 184 and all its sub-options when the
DHCP server assigns IP addresses to DHCP clients through Vlan-interface 1, with the
sub-options being set as follows:
z NCP-IP: 1.1.1.1
z AS-IP: 2.2.2.2
z Voice VLAN: Enabled
z Voice VLAN ID: 3
z IP address of Fail-over: 3.3.3.3
z Dialer-string: 99*
[Quidway] dhcp select interface Vlan-interface1
[Quidway] dhcp server voice-config ncp-ip 1.1.1.1 interface Vlan-interface1
[Quidway] dhcp server voice-config as-ip 2.2.2.2 interface Vlan-interface1
[Quidway] dhcp server voice-config voice-vlan 3 enable interface
Vlan-interface1
[Quidway] dhcp server voice-config fail-over 3.3.3.3 99* interface
Vlan-interface1
1-22
1.1.20 display dhcp server conflict
Syntax
display dhcp server conflict { all | ip ip-address }
View
Any view
Parameter
all: Specifies all IP addresses.

ip-address: Specifies one IP address.
Description
Use the display dhcp server conflict command to display the statistics of IP address
conflicts on the DHCP server.
Related command: reset dhcp server conflict.
Example
# Display the statistics of IP address conflicts.

<Quidway> display dhcp server conflict all
Address Discover Time
10.110.1.2 Jan 11 2003 11:57:07 PM
Table 1-1 Description on the fields of the display dhcp server conflict command
Field Description
Address Conflicting IP address
Discover Time Time when the conflict is detected
1.1.21 display dhcp server expired
Syntax
display dhcp server expired { ip ip-address | pool [ pool-name ] | interface

[ interface-type interface-number ] | all }
View
Any view
1-23
Parameter
ip ip-address: Specifies an IP address.

pool [ pool-name ]: Specifies a global address pool. The pool-name argument, a string
of 1 to 35 characters, is the name of an address pool. If you do not provide this
argument, this command applies to all global address pools.
interface [ interface-type interface-number ]: Specifies a VLAN interface. If you do not
specify a VLAN interface, this command applies to all VLAN interfaces.
all: Specifies all DHCP address pools.
Description
Use the display dhcp server expired command to display the lease expiration
information about one IP address, or the lease expiration information about all IP
addresses in one or all DHCP address pools. When all the IP addresses in an address
pool are assigned, the DHCP server assigns the IP addresses that are expired to
DHCP clients.
Example
# Display the lease expiration information about the IP addresses in all DHCP address
pools.
<Quidway> display dhcp server expired all
Global pool:
IP address Client-identifier/ Lease expiration Type
Hardware address
Interface pool:
Hardware address
--- total 0 entry ---
Table 1-2 Description on the fields of the display dhcp server expired command
Field Description
The information about the expired IP

Global pool
addresses of global address pools
The information about the expired IP

Interface pool
addresses of interface address pools
IP address Bound IP addresses
User ID or MAC addresses to which IP

Client-identifier/Hardware address
addresses are bound
1-24
Field Description
Lease expiration The time when a lease time expires
Type Address binding type
1.1.22 display dhcp server free-ip
Syntax
display dhcp server free-ip
View
Any view
Parameter
None
Description
Use the display dhcp server free-ip command to display the free (that is, unassigned)
IP addresses.
Example
# Display the free IP addresses.

<Quidway> display dhcp server free-ip
IP Range from 1.0.0.0 to 2.2.2.1
IP Range from 2.2.2.3 to 2.255.255.255
IP Range from 4.0.0.0 to 4.255.255.255
IP Range from 5.5.5.0 to 5.5.5.0
IP Range from 5.5.5.2 to 5.5.5.255
1.1.23 display dhcp server ip-in-use
Syntax
display dhcp server ip-in-use { ip ip-address | pool [ pool-name ] | interface

[ interface-type interface-number ] | all }
View
Any view
Parameter
ip ip-address: Specifies an IP address.
1-25
all: Specifies all address pools.
Description
Use the display dhcp server ip-in-use command to display the address binding
information of one IP address, the specified DHCP address pool(s) or all DHCP
address pools.
Related command: reset dhcp server ip-in-use.
Example
# Display the address binding information of all DHCP address pools.

<Quidway> display dhcp server ip-in-use all
Global pool:
Hardware address
2.2.2.2 44444-4444-4444 NOT Used Manual
Interface pool:
Hardware address
5.5.5.1 0050-ba28-930a Jun 5 2003 10:56: 7 AM Auto:COMMITTED
--- total 2 entry ---
Table 1-3 Description on the fields of the display dhcp server ip-in-use command
Field Description
Address binding information of global DHCP

Global pool
address pools
Address binding information of interface

Interface pool
DHCP address pools
IP address Bound IP address
User ID or MAC address to which the IP

Client-identifier/Hardware address
address is bound
Lease expiration Time when the lease expires
1-26
Field Description
Type Address binding type
1.1.24 display dhcp server statistics
Syntax
display dhcp server statistics
View
Any view
Parameter
None
Description
Use the display dhcp server statistics command to display the statistics on a DHCP
server.
Related command: reset dhcp server statistics.
Example
# Display the statistics on a DHCP server.

<Quidway> display dhcp server statistics
Global Pool:
Pool Number: 5
Binding
Auto: 0
Manual: 1
Expire: 0
Interface Pool:
Pool Number: 1
Binding
Auto: 1
Manual: 0
Expire: 0
Boot Request: 6
Dhcp Discover: 1
Dhcp Request: 4
Dhcp Decline: 0
Dhcp Release: 1
1-27
Dhcp Inform: 0
Boot Reply: 4
Dhcp Offer: 1
Dhcp Ack: 3
Dhcp Nak: 0
Bad Messages: 0
Table 1-4 Description on the fields of the display dhcp server statistics command
Field Description
Global Pool Statistics about global address pools
Interface Pool Statistics about interface address pools
Pool Number Number of address pools
Auto Number of the automatically bound IP addresses
Manual Number of the manually bound IP addresses
Expire Number of the expired IP addresses
Boot Request: 6
Dhcp Discover: 1
Dhcp Request: 4 Statistics about the DHCP packets received from
Dhcp Decline: 0 DHCP clients
Dhcp Release: 1
Dhcp Inform: 0
Boot Reply: 4
Dhcp Offer: 1 Statistics about the DHCP packets sent to DHCP
Dhcp Ack: 3 clients
Dhcp Nak: 0
Bad Messages Number of the error DHCP packets
1.1.25 display dhcp server tree
Syntax
display dhcp server tree { pool [ pool-name ] | interface [ interface-type

1-28
View
Any view
Parameter
all: Specifies all address pools.
Description
Use the display dhcp server tree command to display information about address
pool tree.
Example
# Display the information about address pool tree.

<Quidway> display dhcp server tree all
Global pool:
Pool name: 5
network 10.10.1.0 mask 255.255.255.0
Child node:6
Sibling node:7
option 1 ip-address 255.0.0.0
expired 1 0 0
Pool name: 6
static-bind ip-address 10.10.1.2 mask 255.0.0.0
static-bind mac-address 00e0-00fc-0001
Parent node:5
expired 1 0 0
Pool name: 7
network 10.10.1.64 mask 255.255.255.192
PrevSibling node:5
gateway-list 2.2.2.2
dns-list 1.1.1.1
domain-name 444444
nbns-list 3.3.3.3
1-29
expired 1 0 0
Table 1-5 Description on the fields of the display dhcp server tree command
Field Description
Global pool Information about global address pools
Interface pool Information about interface address pools
Pool name Address pool name
network Assignable IP address range
static-bind
ip-address
10.10.1.2 mask
255.0.0.0 Statically bound IP and MAC addresses
static-bind
mac-address
00e0-00fc-0001
The address pool 6 is the child node of this node.

This field can display the information about the following
types of node:
Child node: Displays the information about an address pool
that is a child of the current address pool.
Parent node: Displays the information about the address pool
Child node:6 that is the parent of the current address pool.
Sibling node: Displays the information about the next sibling
address pool of the current address pool. (The order of sibling
address pools are determined by the time when they are
configured.)
PrevSibling node: Displays the information about the previous
sibling address pool of the current address pool.
option Customized DHCP options
The address lease time (in terms of number of days, hours,

expired
and minutes)
gateway-list List of the gateways configured for the DHCP clients
dns-list List of the DNS servers configured for the DHCP clients
domain-name The domain name configured for the DHCP clients
1-30
Field Description
nbns-list List of the NetBIOS servers configured for the DHCP clients
1.1.26 dns-list
Syntax
dns-list ip-address&<1-8>
undo dns-list { ip-address | all }
View
Parameter
ip-address&<1-8>: IP address of a DNS server. &<1-8> string means you can provide
up to eight DNS server IP addresses. When inputting more than one IP address,
all: Specifies all configured DNS server IP addresses.
Description
Use the dns-list command to configure one or multiple DNS server IP addresses for a
global DHCP address pool.
Use the undo dns-list command to remove one or all DNS server IP addresses
configured for the DHCP address pool.
By default, no DNS server IP address is configured.
If you execute the dns-list command repeatedly, the new configuration overwrites the
previous one.
Related command: dhcp server dns-list and dhcp server ip-pool.
Example

# Configure the DNS server IP address 1.1.1.254 for global DHCP address pool 0.
[Quidway-dhcp-pool-0] dns-list 1.1.1.254
1-31
1.1.27 domain-name
Syntax
domain-name domain-name
undo domain-name
View
Parameter
domain-name: Domain name for the DHCP clients of a global DHCP address pool, a
string of 3 to 50 characters.
Description
Use the domain-name command to configure a domain name for the DHCP clients of
a global DHCP address pool.
Use the undo domain-name command to remove the domain name.
By default, no domain name is configured for the DHCP clients of a global DHCP
address pool.
Related command: dhcp server ip-pool and dhcp server domain-name.
Example

# Configure the domain name mydomain.com for the DHCP clients of the global
DHCP address pool 0.
[Quidway-dhcp-pool-0] domain-name mydomain.com
1.1.28 expired
Syntax
expired { day day [ hour hour [ minute minute ] ] | unlimited }

undo expired
View
1-32
Parameter
day day: Specifies the number of days. The day argument ranges from 0 to 365.
hour hour: Specifies the number of hours. The hour argument ranges from 0 to 23.
minute minute: Specifies the number of minutes. The minute argument ranges from 0
to 59.
unlimited: Specifies that the lease time is unlimited. (But actually, the system limits the
maximum lease time to about 25 years.)
Description
Use the expired command to configure the lease time of the IP addresses in a global
DHCP address pool.
Use the undo expired command to restore the default lease time.
The default lease time is one day.
Note that an IP address is considered to be expired if its lease time is after the year
2106.
Related command: dhcp server ip-pool and dhcp server expired.
Example

# Set the lease time of the IP addresses in the global DHCP address pool 0 to 1 day, 2
hours and 3 minutes.
[Quidway-dhcp-pool-0] expired day 1 hour 2 minute 3
1.1.29 gateway-list
Syntax
gateway-list ip-address&<1-8>
undo gateway-list { ip-address | all }
View
Parameter
ip-address&<1-8>: IP address of a gateway. &<1-8> means you can provide up to

eight gateway IP addresses. When inputting more than one IP address, separate two
neighboring IP addresses with a space.
1-33
all: Specifies all configured gateway IP addresses.
Description
Use the gateway-list command to configure one or multiple gateway IP addresses for
the DHCP clients of a DHCP address pool.
Use the undo gateway-list command to remove one or all the configured gateway IP
addresses configured for the DHCP address pool.
By default, no gateway IP address is configured.
If you execute the gateway-list command repeatedly, the new configuration
Example

# Configure the gateway IP address 10.110.1.99 for the global DHCP address pool 0.
[Quidway-dhcp-pool-0] gateway-list 10.110.1.99
1.1.30 nbns-list
Syntax
nbns-list ip-address&<1-8>
undo nbns-list { ip-address | all }
View
Parameter
ip-address&<1-8>: IP address of a NetBIOS server. &<1-8> means you can provide up

to eight NetBIOS server IP addresses. When inputting more than one IP address,
all: Specifies all configured NetBIOS server IP addresses.
Description
Use the nbns-list command to configure one or multiple NetBIOS server IP addresses
for the DHCP clients of a global DHCP address pool.
Use the undo nbns-list command to remove one or all NetBIOS server IP addresses
configured for the DHCP clients.
By default, no NetBIOS server IP address is configured.
1-34
If you execute the nbns-list command repeatedly, the new configuration overwrites
the previous one.
Related command: dhcp server ip-pool, dhcp server nbns-list and netbios-type.
Example

# Configure the NetBIOS server IP address 10.12.1.99 for the global DHCP address
pool 0.
[Quidway-dhcp-pool-0] nbns-list 10.12.1.99
1.1.31 netbios-type
Syntax
netbios-type { b-node | h-node | m-node | p-node }

undo netbios-type
View
Parameter
b-node: Specifies the broadcast type. Nodes of this type acquire host name-to-IP
address mapping by broadcasting.
p-node: Specifies the peer-to-peer type. Nodes of this type acquire host name-to-IP
address mapping by communicating with the NetBIOS server.
m-node: Specifies the mixed type. Nodes of this type are p-nodes with some
broadcasting features.
h-node: Specifies the hybrid type. Nodes of this type are b-nodes with peer-to-peer
communicating features.
Description
Use the netbios-type command to configure the DHCP clients of a global address
pool to be of specified NetBIOS node type.
Use the undo netbios-type command to restore the default NetBIOS node type.
By default, no NetBIOS node type is specified. In this case, the client uses h-node.
Related command: dhcp server ip-pool, dhcp server netbios-type and nbns-list.
1-35
Example

# Configure the DHCP clients of the global DHCP address pool 0 to be of b-node type.
[Quidway-dhcp-pool-0] netbios-type b-node
1.1.32 network
Syntax
network ip-address [ mask mask ]

undo network
View
Parameter
ip-address: IP address of a network segment., used to specify an IP address range.

mask mask: Specifies a subnet mask in dotted decimal notation.
If neither subnet mask nor mask length is specified in this command, the default
subnet mask is adopted.
Description
Use the network command to configure a dynamically assigned IP address range

(where IP addresses will be dynamically assigned to DHCP clients).
Use the undo network command to remove a dynamically assigned IP address
range.
By default, no such IP address range is configured for a DHCP address pool.
Note that you can configure only one such IP address range for a DHCP address pool.
If you execute the network command repeatedly, the new configuration overwrites the
previous one.
Related command: dhcp server ip-pool and dhcp server forbidden-ip.
Example

1-36
# Configure the dynamically assigned IP address range 192.168.8.0/24 for the global
DHCP address pool 0.
[Quidway-dhcp-pool-0] network 192.168.8.0 mask 255.255.255.0
1.1.33 option
Syntax
option code { ascii ascii-string | hex hex-string&<1-10> | ip-address

ip-address&<1-8> }
undo option code
View
Parameter
code: Customized option number ranging from 2 to 254. Note that this argument
cannot be 3, 6, 15, 44, 46, 50 through 55, 57 through 61, 82, or 217. Use the dhcp
server voice-config command and the dhcp server voice-config interface
command to configure option 184. You cannot configure option 184 by executing the
option command.
ascii ascii-string: Specifies a string that is of 1 to 63 characters. Note that each
character of the string needs to be an ASCII character.
hex hex-string&<1-10>: Specifies strings, each of which comprises of 1 to 8
hexadecimal digits. The &<1-10> means that you can provide up to 10 such strings.
When entering more than one strings, separate two neighboring strings with a space.
Note that the total number of hexadecimal digits (spaces not included) cannot exceed
64.
ip-address ip-address&<1-8>: Specifies IP addresses. The &<1-8> string means that
you can provide up to eight IP addresses. When entering more than one IP addresses,
Description
Use the option command to customize DHCP options for a global DHCP address
pool.
Use the undo option command to remove the customized DHCP options.
If you execute the option command repeatedly, the new configuration overwrites the
previous one.
Related command: dhcp server ip-pool and dhcp server option.
1-37
Example

# Configure option 100 to be 0x11 and 0x22 for the global DHCP address pools.
[Quidway-dhcp-pool-0] option 100 hex 11 22
1.1.34 reset dhcp server conflict
Syntax
reset dhcp server conflict { all | ip ip-address }
View
User view
Parameter
ip ip-address: Specifies an IP address, whose conflict statistics will be cleared.

all: Clears all address conflict statistics.
Description
Use the reset dhcp server conflict command to clear address conflict statistics.
Related command: display dhcp server conflict.
Example
# Clear all address conflict statistics.

<Quidway> reset dhcp server conflict all
1.1.35 reset dhcp server ip-in-use
Syntax
reset dhcp server ip-in-use { all | interface [ interface-type interface-number ] | ip

ip-address | pool [ pool-name ] }
View
User view
Parameter
all: Clears the dynamic address binding information about all IP addresses.
1-38
interface [ interface-type interface-number ]: Clears the dynamic address binding

information about a specified interface address pool. If you do not specify the
interface-number argument, this command clears the dynamic address binding
information about all interface address pools.
ip ip-address: Clears the dynamic address binding information about a specified IP
address.
pool [ pool-name ]: Clears the dynamic address binding information about a specified
address pool. The pool-name argument, a string of 1 to 35 characters, is the name of
an address pool. If you do not provide this argument, this command clears the
dynamic address binding information about all global address pools.
Description
Use the reset dhcp server ip-in-use command to clear the specified or all dynamic
address binding information.
Related command: display dhcp server ip-in-use.
Example
# Clear the dynamic address binding information about the IP address 10.110.1.1.
<Quidway> reset dhcp server ip-in-use ip 10.110.1.1
1.1.36 reset dhcp server statistics
Syntax
reset dhcp server statistics
View
User view
Parameter
None
Description
Use the reset dhcp server statistics command to clear the statistics on a DHCP
server, such as the number of DHCP unrecognized packets/request packets/response
packets.
Related command: display dhcp server statistics.
Example
# Clear the statistics on a DHCP server.

<Quidway> reset dhcp server statistics
1-39
1.1.37 static-bind client-identifier
Syntax
static-bind client-identifier client-identifier

undo static-bind client-identifier
View
Parameter
client-identifier: Client ID to be bound, in the format of H-H-H. It contains 3 to 160

hexadecimal numbers.
Description
Use the static-bind client-identifier command to configure a client ID to be statically

bound.
Use the undo static-bind client-identifier command to delete a client ID that is
statically bound.
By default, no client ID is statically bound.
Note that:
z The static-bind client-identifier command must be used together with the
static-bind ip-address command, to respectively specify a statically bound client
ID and an IP address.
z If you execute this command or the static-bind mac-address command
repeatedly, the new configuration overwrites the previous one.
Related command: dhcp server ip-pool, static-bind ip-address, and static-bind
mac-address.
Example# Enter system view.
# Bind the host aaaa-bbbb with the IP address 10.1.1.1. The mask is 255.255.255.0.
[Quidway-dhcp-pool-0] static-bind ip-address 10.1.1.1 mask 255.255.255.0
[Quidway-dhcp-pool-0] static-bind client-identifier aaaa-bbbb
1.1.38 static-bind ip-address
Syntax
static-bind ip-address ip-address [mask mask ]
1-40
undo static-bind ip-address
View
Parameter
ip-address: IP address to be bound. If you do not specify the mask-length or mask

argument, the default subnet mask is used.
mask mask: Subnet mask of the specified IP address. If you do not specify the
mask-length or mask argument, the default subnet mask is used.
Description
Use the static-bind ip-address command to specify an IP address which will be

bound statically to a MAC address.
Use the undo static-bind ip-address command to remove a statically bound IP
address.
By default, no IP address is statically bound.
Note that:
z The static-bind ip-address command must be used together with the
static-bind mac-address command or the static-bind client-identifier
command, to respectively specify a statically bound IP address, MAC address, or
client ID.
z If you execute the static-bind ip-address command repeatedly, the new
configuration overwrites the previous one.
Related command: dhcp server ip-pool and static-bind mac-address.
Example

# Bind the IP address 10.1.1.1 (with the subnet mask 255.255.255.0) to the MAC
address 0000-e03f-0305.
[Quidway-dhcp-pool-0] static-bind mac-address 0000-e03f-0305
1.1.39 static-bind mac-address
Syntax
static-bind mac-address mac-address
1-41
undo static-bind mac-address
View
Parameter
mac-address: MAC address of the host to which the IP address is to be bound. You
need to provide this argument in the form of H-H-H.
Description
Use the static-bind mac-address command to specify a MAC address to which an IP

address will be bound statically.
Use the undo static-bind mac-address command to remove such a MAC address.
By default, no such MAC address is specified.
Note that:
z The static-bind ip-address command must be used together with the
static-bind mac-address command, to respectively specify a statically bound IP
address and MAC address.
z If you execute the static-bind mac-address command or the static-bind
client-identifier command repeatedly, the new configuration overwrites the
previous one.
Related command: dhcp server ip-pool and static-bind ip-address.
Example

# Bind the IP address 10.1.1.1 (with the subnet mask 255.255.255.0) to the MAC
address 0000-e03f-0305.
[Quidway-dhcp-pool-0] static-bind mac-address 0000-e03f-0305
1.1.40 voice-config
Syntax
voice-config { ncp-ip ip-address | as-ip ip-address | voice-vlan vlan-id { disable |

enable } | fail-over ip-address dialer-string }
undo voice-config [ ncp-ip | as-ip | voice-vlan | fail-over ]
1-42
View
Parameter
ncp-ip: IP address of the network call processor (NCP).

as-ip: IP address of the alternate server.
voice-vlan: Voice VLAN.
fail-over: Fail-over call route.
ip-address: IP address of the NCP, alternate server, or fail-over.
vlan-id: ID of the voice VLAN, in the range of 2 to 4,094.
enable: Enables a VLAN.
disable: Disables a VLAN.
dialer-string: Fail-over dial number string. The value range is 0 to 9 and the wildcard
(*).
Description
Use the voice-config command to configure option 184 and its sub-options in the
global address pool.
Use the undo voice-config command to remove option 184 and its sub-options from
the global address pool.
The DHCP server answers option 184 and the corresponding sub-options only after
the DHCP client requests option 184.
By default, the DHCP server does not support option 184 and the corresponding
sub-options.
Related command: dhcp server voice-config.
Example
# Enter system view

# Enable the DHCP server to support option 184 in global address pool 123. The NCP
IP address is 1.1.1.1 and the IP address of the alternate server is 2.2.2.2. The voice
VLAN is enabled, with the ID being 3. The fail-over IP address is 3.3.3.3 and the dial
number string is 99*.
[Quidway] dhcp select global all
[Quidway-dhcp-pool-123] voice-config ncp-ip 1.1.1.1
[Quidway-dhcp-pool-123] voice-config as-ip 2.2.2.2
1-43
[Quidway-dhcp-pool-123] voice-config voice-vlan 3 enable

[Quidway-dhcp-pool-123] voice-config fail-over 3.3.3.3 99*
1-44
New Feature Manual - DHCP Chapter 2 DHCP Relay Configuration C
Quidway S3900 Series Ethernet Switches-Release 1510 ommands
Chapter 2 DHCP Relay Configuration Commands
2.1 DHCP Relay Configuration Commands

2.1.1 address-check
Syntax
address-check enable
address-check disable
View
VLAN interface view
Parameter
None
Description
Use the address-check enable command to enable DHCP relay security on a VLAN
interface, so as to start the validity check on user addresses under the VLAN interface.
Use the address-check disable command to disable DHCP relay security, so as to
stop the validity check on user addresses under the VLAN interface.
By default, DHCP relay security is disabled on a VLAN interface.
Note that among S3900 series switches, only S3900-EI series switches support the
two commands.
Example


# Enable DHCP relay security on VLAN interface 1.

[Quidway-Vlan-interface1] address-check enable
2-1
2.1.2 dhcp-relay hand
Syntax
dhcp-relay hand { enable | disable }
View
System view
Parameter
None
Description
Use the dhcp relay hand enable command to enable the DHCP relay handshake
function.
Use the dhcp relay hand disable command to disable the DHCP relay handshake
function.
By default, the DHCP relay handshake function is enabled.
Example
# Disable the DHCP relay handshake function.

[Quidway] dhcp relay hand disable
2.1.3 dhcp relay information enable
Syntax
dhcp relay information enable

undo dhcp relay information enable
View
System view
Parameter
None
Description
Use the dhcp relay information enable command to enable option 82 supporting on
a DHCP relay, through which you can enable the DHCP relay to insert option 82 into
DHCP request packets sent to a DHCP server.
2-2
Use the undo dhcp relay information enable command to disable option 82
supporting on a DHCP relay, through which you can disable the DHCP relay from
inserting option 82 into DHCP request packets sent to a DHCP server.
Note:
By default, after option 82 supporting is enabled on a DHCP relay, the device
processes a request packet containing option 82 with the replace policy. If other
processing policies have been configured before, after option 82 supporting is enabled
on the DHCP relay, the device does not change the configured processing policies.
Related command: dhcp relay information strategy.
Example

# Enable option 82 supporting on a DHCP relay.

[Quidway] dhcp relay information enable
# Disable option 82 supporting on a DHCP relay.

[Quidway] undo dhcp relay information enable
2.1.4 dhcp relay information strategy
Syntax
dhcp relay information strategy { drop | keep | replace }

undo dhcp relay information strategy
View
System view
Parameter
drop: Specifies to discard the DHCP request packets that carry option 82.
keep: Specifies to remain the DHCP request packets that carry option 82 unchanged.
replace: Specifies to replace the option 82 carried by a DHCP request packet with that
of the DHCP relay.
2-3
Description
Use the dhcp relay information strategy command to instruct a DHCP relay to
perform specified operations to DHCP request packets that carry option 82.
Use the undo dhcp relay information strategy command to instruct a DHCP relay to
perform the default operations to DHCP request packets that carry option 82.
By default, the DHCP relay replaces the option 82 carried by a DHCP request packet
with its own option 82.
Related command: dhcp relay information enable
Example

# Instruct the DHCP relay to discard the DHCP request packets that carry option 82.
[Quidway] dhcp relay information strategy drop
# Instruct the DHCP relay to perform the default operations to DHCP request packets
that carry option 82.
[Quidway] undo dhcp relay information strategy
2.1.5 dhcp-security static
Syntax
dhcp-security static ip-address mac-address

undo dhcp-security { ip-address | all | dynamic | static }
View
System view
Parameter
ip-address: User IP address.

mac-address: User MAC address.
all: Removes all user address entries.
dynamic: Removes dynamic user address entries.
static: Removes static user address entries.
Description
Use the dhcp-security static command to configure a static user address entry.
2-4
Use the undo dhcp-security command to remove one or all user address entries, or
all user address entries of a specified type.
Note that among S3900 series switches, only S3900-EI series switches support the
two commands.
Related Command: display dhcp-security.
Example

System View: return to User View with Ctrl+Z
# Configure a user address entry for the DHCP server group, with the user IP address
being 1.1.1.1 and the user MAC address being 0005-5D02-F2B3.
[Quidway] dhcp-security static 1.1.1.1 0005-5D02-F2B3
2.1.6 dhcp-security tracker
Syntax
dhcp-security tracker { interval | auto }

undo dhcp-security tracker [ interval ]
View
System view
Parameter
interval: Interval (in seconds) to update DHCP security entries. This argument ranges
from 1 to 120 seconds.
auto: Specifies that the interval to update DHCP security entries is automatically
determined by the number of the DHCP security entries. A larger number corresponds
to a longer interval.
Description
Use the dhcp-security tracker command to set the interval to update DHCP security
entries.
Use the undo dhcp-security tracker command to cancel the configuration.
By default, the update interval is determined by the number of the DHCP security
entries.
Note that among S3900 series switches, only S3900-EI series switches support these
two commands.
2-5
Example

# Set the interval to update dynamic address entries to 60 seconds.

[Quidway] dhcp-security tracker 60
2.1.7 dhcp-server
Syntax
dhcp-server groupNo
undo dhcp-server
View
VLAN interface view
Parameter
groupNo: DHCP server group number. This argument ranges from 0 to 19.
Description
Use the dhcp-server command to map the current VLAN interface to a DHCP server
group.
Use the undo dhcp-server command to cancel the mapping.
Related command: dhcp-server ip, display dhcp-server, and display dhcp-server
interface vlan-interface.
Note:
time.
z After you configure a DHCP server group by using the dhcp-server command,
sockets UDP 67 and UDP 68 will be enabled.
z After you delete the DHCP server group by using the undo dhcp-server command
and disable all the DHCP functions, sockets UDP 67 and UDP 68 will be disabled.
2-6
Example


# Specify that VLAN interface 1 corresponds to DHCP server group 1.

[Quidway-Vlan-interface1] dhcp-server 1
2.1.8 dhcp-server detect
Syntax
dhcp-server detect
undo dhcp-server detect
View
System view
Parameter
None
Description
Use the dhcp-server detect command to enable the switch serving as a DHCP relay
to detect pseudo DHCP servers.
Use the undo dhcp-server detect command to disable the pseudo DHCP server
detection function.
By default, the pseudo DHCP server detection function is disabled
Related command: dhcp server and display dhcp-server.
Example
# Enter system view

# Enable the pseudo-DHCP server detection function on the DHCP relay.

[Quidway] dhcp-server detect
2-7
2.1.9 dhcp-server ip
Syntax
dhcp-server groupNo ip ip-address&<1-8>

undo dhcp-server groupNo
View
System view
Parameter
groupNo: DHCP server group number, ranging from 0 to 19.

ip-address&<1-8>: IP address of the DNS server. &<1-8> indicates that up to eight IP
addresses can be input, with any two IP addresses separated by a space.
Description
Use the dhcp-server ip command to configure the DHCP server IP address(es) in a

specified DHCP server group.
Use the undo dhcp-server command to remove all DHCP server IP addresses in a
DHCP server group.
Related command: dhcp-server, and display dhcp-server.
Example

# Configure three DHCP server IP addresses 1.1.1.1, 2.2.2.2, and 3.3.3.3 for DHCP
server group 1, so that this group contains three DHCP servers (server 1, server 2 and
server 3).
[Quidway] dhcp-server 1 ip 1.1.1.1 2.2.2.2 3.3.3.3
2.1.10 display dhcp-security
Syntax
display dhcp-security [ ip-address | dynamic | static | tracker ]
View
Any view
2-8
Parameter
ip-address: IP address. This argument is used to display the user address entry with
the specified IP address.
dynamic: Displays the dynamic user address entries.
static: Displays the static user address entries.
tracker: Displays the interval to update the user address entries of a DHCP-security
table.
Description
Use the display dhcp-security command to display one or all user address entries, or
a specified type of user address entries in the valid user address table of a DHCP
server group.
Note that among S3900 series switches, only S3900-EI series switches support this
command.
Example
# Display all user address entries contained in the valid user address table of the
DHCP server group.
<Quidway> display dhcp-security
IP Address MAC Address IP Address Type
2.2.2.3 0005-5d02-f2b2 Static
3.3.3.3 0005-5d02-f2b3 Dynamic
--- 2 dhcp-security item(s) found ---
Table 2-1 Description on the fields of the display dhcp-security command
Field Description
IP Address IP address of a user of the DHCP server group
MAC Address MAC address of the user of the DHCP server group
IP Address Type Type of the user address entry (static/dynamic)
2.1.11 display dhcp-server
Syntax
display dhcp-server groupNo
View
Any view
2-9
Parameter
Description
Use the display dhcp-server command to display information about a specified

DHCP server group.
Related command: dhcp-server ip, dhcp-server, and display dhcp-server
interface vlan-interface.
Example
# Display information about DHCP server group 0.

<Quidway> display dhcp-server 0
IP address of DHCP server group 0: 1.1.1.1
Messages from this server group: 0
Messages to this server group: 0
Messages from clients to this server group: 0
Messages from this server group to clients: 0
DHCP_OFFER messages: 0
DHCP_ACK messages: 0
DHCP_NAK messages: 0
DHCP_DECLINE messages: 0
DHCP_DISCOVER messages: 0
DHCP_REQUEST messages: 0
DHCP_INFORM messages: 0
DHCP_RELEASE messages: 0
BOOTP_REQUEST messages: 0
BOOTP_REPLY messages: 0
Table 2-2 Description on the fields of the display dhcp-server command
Field Description
IP address of DHCP server

DHCP server IP addresses of DHCP server group 0
group 0:
2-10
Field Description
Messages from this server Number of the packets received from the DHCP
group server group
Messages to this server Number of the packets sent to the DHCP server
group group
Messages from clients to this Number of the packets received from the DHCP
server group clients
Messages from this server

Number of the packets sent to the DHCP clients
group to clients
DHCP_OFFER messages Number of the received DHCP-OFFER packets
DHCP_ACK messages Number of the received DHCP-ACK packets
DHCP_NAK messages Number of the received DHCP-NAK packets
DHCP_DECLINE messages Number of the received DHCP-DECLINE packets
DHCP_DISCOVER
Number of the received DHCP-DISCOVER packets
messages
DHCP_REQUEST
Number of the received DHCP-REQUEST packets
messages
DHCP_INFORM messages Number of the received DHCP-INFORM packets
DHCP_RELEASE
Number of the received DHCP-RELEASE packets
messages
BOOTP_REQUEST
Number of the BOOTP request packets
messages
BOOTP_REPLY messages Number of the BOOTP response packets
2.1.12 display dhcp-server interface
Syntax
display dhcp-server interface Vlan-interface vlan-id
View
Any view
2-11
Parameter
vlan-id: VLAN ID.
Description
Use the display dhcp-server interface command to display information about the
DHCP server group to which a VLAN interface is mapped.
Related command: dhcp-server and display dhcp-server.
Example
# Display information about the DHCP server group to which VLAN 2 interface is
mapped.
<Quidway> display dhcp-server interface vlan-interface 2
Dhcp-group 0 is configured on this interface
The above display information indicates the VLAN 2 interface is mapped to DHCP
server group 0.
2.1.13 reset dhcp-server
Syntax
reset dhcp-server groupNo
View
User view
Parameter
Description
Use the reset dhcp-server command to clear the statistics information of the
specified DHCP server group.
Related command: dhcp server and display dhcp-server.
Example
# Clear the statistics information of DHCP server group 2.

<Quidway> reset dhcp-server 2
2-12
New Feature Manual - DHCP Chapter 3 DHCP Snooping Configuratio
Quidway S3900 Series Ethernet Switches-Release 1510 n Commands
Chapter 3 DHCP Snooping Configuration

Commands
3.1 DHCP Snooping Configuration Commands

3.1.1 dhcp-snooping
Syntax
dhcp-snooping
undo dhcp-snooping
View
System view
Parameter
None
Description
Use the dhcp-snooping command to enable the DHCP snooping function, so as to

allow the switch to listen to the DHCP broadcast packets. Use the undo
dhcp-snooping command to disable the DHCP snooping function.
By default, the DHCP snooping function is disabled.
Related command: display dhcp-snooping.
Example

# Enable the DHCP snooping function.

[Quidway] dhcp-snooping
3.1.2 dhcp-snooping trust
Syntax
dhcp-snooping trust
undo dhcp-snooping trust
3-1
View
Ethernet port view
Parameter
None
Description
Use the dhcp-snooping trust command to set an Ethernet port to a trusted port.
Use the undo dhcp-snooping trust command to restore an Ethernet port to an
untrusted port.
DHCP snooping security allow you to set a port to a trusted port or an untrusted port,
so that DHCP clients can obtain IP addresses from only valid DHCP servers.
z Trusted ports can be used to connect DHCP servers or ports of other switches.
Untrusted ports can be used to connect DHCP clients or networks.
z Trusted ports forward any received DHCP packets to ensure that DHCP clients
can obtain IP addresses from valid DHCP servers. Untrusted ports discard the
DHCP-ACK and DHCP-OFF responses received from DHCP servers.
z By default, all the ports of a switch are untrusted ports.
Related command: display dhcp-snooping trust.
Example

# Set the Ethernet1/0/1 port to a trusted port.

[Quidway-Ethernet1/0/1] dhcp-snooping trust
3.1.3 display dhcp-snooping
Syntax
display dhcp-snooping [ unit unit-id ]
View
Any view
Parameter
unit unit-id: Displays the DHCP-snooping information on other devices in fabric when
the switch is in fabric. unit-id indicates the number of the device whose
DHCP-snooping information needs to be viewed.
3-2
Description
Use the display dhcp-snooping command to display the user IP-MAC address
mapping entries recorded by the DHCP snooping function.
Related command: dhcp-snooping.
Example
# Display the user IP-MAC address mapping entries recorded by the DHCP snooping
function.
<Quidway> display dhcp-snooping
DHCP-Snooping is enabled.
The client binding table for all untrusted ports.
Type : D--Dynamic , S--Static
Unit ID : 1
Type IP Address MAC Address Lease VLAN Interface
==== =============== =============== ========= ==== =================
--- 0 dhcp-snooping item(s) of unit 1 found ---
3.1.4 display dhcp-snooping trust
Syntax
display dhcp-snooping trust
View
Any view
Parameter
None
Description
Use the display dhcp-snooping trust command to display the (enabled/disabled)

state of the DHCP snooping function and the trusted ports.
Related command: dhcp-snooping trust.
Example
# Display the state of the DHCP snooping function and the trusted ports.
<Quidway> display dhcp-snooping trust
DHCP-Snooping is enabled.
DHCP-Snooping trust become effective
Interface Trusted
=================================
3-3
Ethernet1/0/10 Trusted
The above display information indicates that the DHCP snooping function is enabled,
and the Ethernet1/0/10 port is a trusted port.
3-4
New Feature Manual - DHCP Chapter 4 DHCP Accounting Configurati
Quidway S3900 Series Ethernet Switches-Release 1510 on Commands
Chapter 4 DHCP Accounting Configuration

Commands
4.1 DHCP Accounting Configuration Commands

4.1.1 accounting domain
Syntax
accounting domain domain-name

undo accounting domain
View
Parameter
domain-name: Name of a domain, a string of 1 to 24 characters. (You can use the

domain command to create a domain.)
Description
Use the accounting domain command to enable the DHCP accounting function.
Use the undo accounting domain command to disable the DHCP accounting
function.
Example

# Enter DHCP address pool view.

[Quidway] dhcp server ip-pool test
# Enable the DHCP accounting function (assuming that domain 123 already exists).
[Quidway-dhcp-pool-test] accounting domain 123
4-1
Command Manual – ACL
Table of Contents
Chapter 1 ACL Commands........................................................................................................... 1-1

1.1 ACL Configuration Commands .......................................................................................... 1-1
1.1.1 acl............................................................................................................................ 1-1
1.1.2 description ............................................................................................................... 1-2
1.1.3 display acl................................................................................................................ 1-3
1.1.4 display packet-filter ................................................................................................. 1-4
1.1.5 display time-range................................................................................................... 1-4
1.1.6 packet-filter.............................................................................................................. 1-6
1.1.7 rule (Basic ACL) ...................................................................................................... 1-7
1.1.8 rule (Advanced ACL)............................................................................................... 1-8
1.1.9 rule (Layer 2 ACL)................................................................................................. 1-14
1.1.10 rule (user-defined ACL)....................................................................................... 1-16
1.1.11 rule comment....................................................................................................... 1-18
1.1.12 time-range ........................................................................................................... 1-19
i
Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 ACL Commands
Chapter 1 ACL Commands
1.1 ACL Configuration Commands

1.1.1 acl
Syntax
acl number acl-number [ match-order { config | auto } ]

undo acl { number acl-number | all }
View
System view
Parameter
number acl-number: Specifies the number of an access control list (ACL) in the range
of:
2,000 to 2,999: identifies basic ACLs.
3,000 to 3,999: identifies advanced ACLs.
4,000 to 4,999: identifies layer 2 ACLs.
5,000 to 5,999: identifies user-defined ACLs.
match-order: Specifies the match order for the ACL rules. The match-order keyword
is not available for Layer 2 ACLs or user-defined ACLs. Match orders include:
z config: Specifies to match ACL rules in the order they are defined.
z auto: Specifies to match ACL rules according to the depth-first rule.
all: Specifies to delete all ACLs.
Description
Use the acl command to define an ACL and enter the corresponding ACL view.
Use the undo acl command to delete all entries of an ACL or to delete all ACLs.
By default, ACL rules are matched according to the configured order (config).
After entering the corresponding ACL view, you can use the rule command to add
entries to the ACL.
An ACL supports the following four types of match orders:
z Configured order: ACL rules are matched according to the configured order.
z Automatic ordering: ACL rules are matched according to the “depth-first” order
The “depth-first” order is described as follows:
1-1
z The “depth-first” ordering of rules in IP ACLs (basic and advanced ACLs) is

implemented based on the lengths of the source IP address masks and the
destination IP address masks. The rule with the longest masks is first matched,
and then comes the rule with the second longest masks, and so on. In the
ordering, the lengths of the source IP address masks are compared first; if the
source IP address masks have the same length, the lengths of the destination IP
address masks are compared. For example, the rule of which the source IP
address mask is 255.255.255.0 precedes the rule of which the source IP address
mask is 255.255.0.0 in the match order.
You can use the match-order keyword to specify whether to use the configured order
or “depth-first” order (rules with smaller ranges are matched first) to match rules. If
neither match orders are specified, the configured match order will be adopted.
You cannot modify the match order for an ACL once you have specified it, unless you
delete all the entries of the ACL.
The ACL match order feature is effective only when the ACL is referenced by software
for data filtering and traffic classification.
Related command: rule.
Example
# Define rules for ACL 2000, and specify “depth-first” order as the rule match order.
[Quidway] acl number 2000 match-order auto
[Quidway-acl-basic-2000]
1.1.2 description
Syntax
description text
undo description
View
Basic ACL view, advanced ACL view, Layer 2 ACL view, user-defined ACL view
Parameter
text: ACL description to be set, a string of up to 127 characters.
Description
Use the description command to define the description information of an ACL to

describe the specific purpose of the ACL.
Use the undo description to delete the description information of an ACL.
1-2
Example
# Define the description information of ACL 3100.

[Quidway-acl-adv-3100] description This acl is used in eth 0
# Delete the description information of ACL 3100.

[Quidway-acl-adv-3100] undo description
1.1.3 display acl
Syntax
display acl { all | acl-number }
View
Any view
Parameter
all: Specifies to display all ACLs.

acl-number: ACL number to be displayed, in the range of 2000 to 5999.
Description
Use the display acl command to view the detailed configuration information of an ACL,
including each rule and its number as well as the number and size in bytes of the data
packets that match the statement.
The number of times matched in the information displayed by this command is the
number of matched times processed by the software, namely the number of matched
times of the ACL to be processed by the CPU of the switch. To make statistics of
hardware matched times during packet forwarding, use the traffic-statistic command.
To view the statistics information of data forwarded by the hardware of the switch, use
the display qos-interface traffic-statistic command.
Example
# Display the contents of all ACLs.

<Quidway> display acl all
Total ACL Number: 2
Basic ACL 2000, 0 rule, match-order is auto
Acl's step is 1
Advanced ACL 3000, 1 rule

Acl's step is 1
1-3
rule 1 permit ip
1.1.4 display packet-filter
Syntax
display packet-filter { interface interface-type interface-num | unitid unit-id }
View
Any view
Parameter
interface-type interface-num: Port of the switch.

unit-id: Unit ID, used to specify to display the information of a specific unit.
Description
Use the display packet-filter command to view the application information of packet
filtering, including the ACL name, rule names, and application status.
Example
# Display the application information of packet filtering on Unit 1.

<Quidway> display packet-filter unitid 1
1.1.5 display time-range
Syntax
display time-range { all | name }
View
Any view
Parameter
all: Specifies to display all time ranges.

name: Name of a time range, a string that starts with [a-z, A-Z] and contains up to 32
characters.
Description
Use the display time-range command to view the configuration and status of the
current time range. For an active time range, this command displays “active”; for an
inactive time range, this command displays “inactive”.
Related command: time-range.
1-4
Example
# Display all time ranges.

<Quidway> display time-range all
Current time is 14:36:36 Apr/2/2003 Thursday
Time-range : hhy ( Inactive )

from 08:30 2/5/2005 to 18:00 2/19/2005
Time-range : hhy1 ( Inactive )

from 08:30 2/5/2003 to 18:00 2/19/2003
Table 1-1 Description on the fields of the display time-range command
Field Description
Current time is 14:36:36

System time
Apr/3/2003 Thursday
Time range hhy. “Inactive” indicates that this time

Time-range : hhy ( Inactive ) range is currently in the inactive state (while
from 08:30 2/5/2005 to 18:00 “Active” indicates that the time range is in the
2-19-2005 active state), and the time range is from 8:30
February 5, 2005 to 18:00 February 19 2005.
# Display the time range named “tm1”.

<Quidway> display time-range tm1
Current time is 14:37:31 Apr/3/2003 Thursday
Time-range : tm1 ( Inactive )

from 08:30 2/5/2005 to 18:00 2/19/2005
Table 1-2 Description of the fields of the display time-range command
Field Description
Current time is 14:36:36

The current time of the system.
Apr/3/2003 Thursday
Time range tm1. “Inactive” indicates that this

Time-range : tm1 ( Inactive ) time range is currently in the inactive state (while
from 08:30 2/5/2005 to 18:00 “Active” indicates that the time range is in the
2/19/2005 active state), and the time range is from 8:30
February 5, 2005 to 18:00 February 19 2005.
1-5
1.1.6 packet-filter
Syntax
packet-filter { inbound | outbound } acl-rule

undo packet-filter { inbound | outbound } acl-rule
View
Ethernet port view
Parameter
inbound: Specifies to filter packets received on the port.

outbound: Specifies to filter packets sent through the port.
acl-rule: Applied ACL rules, which can be the combination of different types of ACL
rules. The following table describes the ACL combinations.
Table 1-3 Combined application of ACLs
Combination mode Form of acl-rule
Apply all rules in an IP type ACL (either a

ip-group acl-number
basic ACL or an advanced ACL) separately
Apply one rule in an IP type ACL separately ip-group acl-number rule rule
Apply all rules in a Layer 2 ACL separately link-group acl-number
Apply one rule in a Layer 2 ACL separately link-group acl-number rule rule
Apply all rules in a user-defined ACL

user-group acl-number
separately
Apply one rule in a user-defined ACL

user-group acl-number rule rule
separately
Apply one rule in an IP type ACL and one ip-group acl-number rule rule
rule in a Link type ACL simultaneously link-group acl-number rule rule
In Table 1-3:
z ip-group acl-number: Specifies a basic or an advanced ACL. The acl-number
argument ranges from 2000 to 3999.
z link-group acl-number: Specifies a Layer 2 ACL. The acl-number argument
z user-group acl-number: Specifies a user-defined ACL. The acl-number
1-6
z rule rule: Specifies a rule of an ACL. The rule argument ranges from 0 to 65534.
If you do not specify the rule number, all the rules of an ACL are applied.
Description
Use the packet-filter command to apply ACL rules on the port to filter packets.
Use the undo packet-filter command to remove the ACL rules applied on the port.
Example
# Apply ACL 2100 on GigabitEthernet 1/1/1 to filter packets.

[Quidway] interface gigabitEthernet1/1/1
[Quidway-GigabitEthernet1/1/1] packet-filter inbound ip-group 2000
1.1.7 rule (Basic ACL)
Syntax
rule [ rule-id ] { permit | deny } [ fragment ] [ source { sour-addr sour-wildcard | any } ]

[ time-range time-name ]
undo rule rule-id [ fragment ] [ source ] [ time-range ]
View
Basic ACL view
Parameter
1) Parameters of the rule command:

rule-id: ACL rule ID, in the range of 0 to 65,534.
deny: Drops packets that satisfy the condition.
permit: Permits packets that satisfy the condition to pass.
fragment: Specifies that the rule takes effect on non-initial fragment packets.
source { sour-addr sour-wildcard | any }: Specifies the source address information in
the rule. sour-addr is used to specify the source IP address of the packet, expressed in
dotted decimal notation. sour-wildcard is used to specify the wildcard mask for the
source subnet mask of the packet, expressed in dotted decimal notation. For example,
you need to input 0.0.255.255 for the subnet mask 255.255.0.0. You can set
sour-wildcard to 0 to represent the host IP address. any is used to represent any
arbitrary IP address.
time-range time-name: Specifies a time range within which the rule is valid.
2) Parameters of the undo rule command
1-7
rule-id: Rule ID, which must the ID of an existing ACL rule. If no other arguments are
specified, the system will completely delete this ACL rule. If any argument is given, the
system will delete only the specified information of the ACL rule.
fragment: Deletes the settings effective for non-initial fragment packets in the rule
corresponding to the rule ID.
source: Deletes the settings of the source address part in the rule corresponding to
the rule ID.
time-range: Deletes the time range settings in the rule corresponding to the rule ID.
Description
Use the rule command to define an ACL rule.

Use the undo rule command to delete an ACL rule or the attribute information of an
ACL rule.
Before you can delete a rule, you need to specify the rule ID. If you do not know the
rule ID, you can view it by the display acl command.
In the case that you specify the rule ID when defining a rule:
z If the rule corresponding to the specified rule ID already exists, you will edit the
rule, and the modified part in the rule will replace the original content, while other
parts remain unchanged.
z If the rule corresponding to the specified rule ID does not exists, you will create
and define a new rule.
z The content of a modified or created rule must not be identical with the content of
any existing rule; otherwise the rule modification or creation will fail, and the
system will prompt that the rule already exists.
If you do not specify a rule ID, you will create and define a new rule, and the system
will assign an ID for the rule automatically.
Example
# Define a rule to deny the packets whose source IP addresses are 1.1.1.1.
1.1.8 rule (Advanced ACL)
Syntax
rule [ rule-id ] { permit | deny } rule-string

undo rule rule-id [ destination ] [ destination-port ] [ dscp ] [ fragment ]
[ icmp-type ] [ precedence ] [ source ] [ source-port ] [ time-range ] [ tos ]
1-8
View
Advanced ACL view
Parameter

rule-string: Rule information, which can be combination of the parameters described in
Table 1-4. You need to configure the protocol argument in the rule information before
you can configure other arguments.
Table 1-4 Rule information
Parameter Type Function Description
When expressed in numerals,

the value range is 1 to 255.
Type of the
Protocol When expressed with a name,
protocol protocols
type the value can be GRE, ICMP,
carried by IP
IGMP, IP, IPinIP, OSPF, TCP,
and UDP.
sour-addr sour-wildcard is used

source Specifies the to specify the source address of
Source
{ sour-addr source address the packet, expressed in dotted
address
sour-wildcard | information in decimal notation.
information
any } the rule any represents any source
address.
dest-addr dest-wildcard is used

Specifies the to specify the destination
destination
Destination destination address of the packet,
{ dest-addr
address address expressed in dotted decimal
dest-wildcard |
information information in notation.
any }
the rule any represents any destination
address.
precedence Packet
Packet priority Value range: 0 to 7
precedence precedence
Packet
tos tos ToS priority Value range: 0 to 15
precedence
1-9
Packet
dscp dscp DSCP priority Value range: 0 to 63
precedence
Specifies that
the rule is
Fragment effective for
fragment -
information non-initial
fragment
packets
Specifies the
time-range Time range time range in
-
time-name information which the rule
is active
Note:
sour-wildcard/dest-wildcard is the complement of the wildcard mask of the
source/destination subnet mask. For example, you need to input 0.0.255.255 to
specify the subnet mask 255.255.0.0. The arguments can be set as 0 to represent the
host IP address.
To define DSCP priority, you can directly input a value ranging from 0 to 63, or input a
keyword listed in 错误！未找到引用源。.
Table 1-5 Description of DSCP values
Keyword DSCP value in decimal DSCP value in decimal
ef 46 101110
af11 10 001010
af12 12 001100
af13 14 001110
af21 18 010010
af22 20 010100
af23 22 010110
af31 26 011010
af32 28 011100
af33 30 011110
1-10
Keyword DSCP value in decimal DSCP value in decimal
af41 34 100010
af42 36 100100
af43 38 100110
cs1 8 001000
cs2 16 010000
cs3 24 011000
cs4 32 100000
cs5 40 101000
cs6 48 110000
cs7 56 111000
be (default) 0 000000
If the protocol type is TCP or UDP, you can also define the following information:
Table 1-6 TCP/UDP-specific rule information
Defines the The value of operator can

source-port source port be lt (less than), gt (greater
Source
operator port1 information of than), eq (equal to), neq
port(s)
[ port2 ] UDP/TCP (not equal to) or range
packets (within the range of) Only
the range requires two port
numbers as the operands,
and other operators require
only one port number as the
Defines the
operand.
destination-port destination port
Destination
operator port1 information of port1 and port2: TCP/UDP
port(s)
[ port2 ] UDP/TCP port number(s), expressed
packets with name(s) or numerals;
when expressed with
numerals, the value range
is 0 to 65,535.
1-11
Specifies that
“TCP the rule will
connection match TCP
established TCP-specific argument
established” connection
flag packets with the
ack or rst flag
If the protocol type is ICMP, you can also define the following information:
Table 1-7 ICMP-specific rule information
Type and Specifies the

message type and icmp-type: ICMP message
icmp-type
code message code type, ranging 0 to 255
icmp-type
information information of icmp-code: ICMP message
icmp-code
of ICMP ICMP packets code, ranging 0 to 255
packets in the rule
If the protocol type is ICMP, you can also directly input the ICMP message name after
the icmp-type argument. Table 1-8 describes some common ICMP messages.
Table 1-8 ICMP messages
Name ICMP TYPE ICMP CODE
echo Type=8 Code=0
echo-reply Type=0 Code=0
fragmentneed-DFset Type=3 Code=4
host-redirect Type=5 Code=1
host-tos-redirect Type=5 Code=3
host-unreachable Type=3 Code=1
information-reply Type=16 Code=0
information-request Type=15 Code=0
net-redirect Type=5 Code=0
net-tos-redirect Type=5 Code=2
1-12
Name ICMP TYPE ICMP CODE
net-unreachable Type=3 Code=0
parameter-problem Type=12 Code=0
port-unreachable Type=3 Code=3
protocol-unreachable Type=3 Code=2
reassembly-timeout Type=11 Code=1
source-quench Type=4 Code=0
source-route-failed Type=3 Code=5
timestamp-reply Type=14 Code=0
timestamp-request Type=13 Code=0
ttl-exceeded Type=11 Code=0
2) Parameters of the undo rule command:

rule-id: Rule ID, which must the ID of an existing ACL rule. If no other arguments are
specified, the system will completely delete this ACL rule. If any argument is given, the
system will delete only the specified information of the ACL rule.
source: Deletes the settings of the source address part in the rule corresponding to
the rule ID.
source-port: Deletes the settings of the source port part in the rule corresponding to
the rule ID. This keyword is available only when TCP or UDP is defined in the rule.
destination: Deletes the settings of the destination address part in the rule
destination-port: Deletes the settings of the destination port part in the rule
corresponding to the rule ID. This keyword is available only when TCP or UDP is
defined in the rule.
icmp-type: Deletes the settings of the ICMP type and message code part in the rule
corresponding to the rule ID. This keyword is available only when ICMP is defined in
the rule.
precedence: Deletes the precedence-related settings in the rule corresponding to the
rule ID.
tos: Deletes the ToS-related settings in the rule corresponding to the rule ID.
dscp: Deletes the DSCP-related settings in the rule corresponding to the rule ID.
time-range: Deletes the time range settings in the rule corresponding to the rule ID.
1-13
fragment: Deletes the settings effective for non-initial fragment packets in the rule
Description

ACL rule.
Example
# Define a rule to permit packets from hosts in the network segment of 129.9.0.0 to
hosts in the network of 202.38.160.0 and with the port number of 80 to pass.
[Quidway-acl-adv-3101] rule permit tcp source 129.9.0.0 0.0.255.255
destination 202.38.160.0 0.0.0.255 destination-port eq 80
1.1.9 rule (Layer 2 ACL)
Syntax
rule [ rule-id ] { permit | deny } [ rule-string ]

undo rule rule-id
View
Layer 2 ACL view
Parameter
1-14

rule-string: Rule information, which can be combination of the parameters described in
Table 1-9.
Table 1-9 Rule information
Defines the link

Link layer format-type: the value can be
layer
format-type encapsulation 802.3/802.2, 802.3, ether_ii,
encapsulation
type or snap.
type in the rule
lsap-code: the encapsulation

format of data frames, a
16-bit hexadecimal number
lsap lsap-code Defines the lsap
lsap field lsap-wildcard: mask of the
lsap-wildcard field in the rule
lsap value, a 16-bit
hexadecimal number used to
specify the mask bit
source-addr: source MAC

address, in the format of
source Specifies the H-H-H
Source MAC
{ source-addr source MAC source- mask: source MAC
address
source-mask | address range address mask, in the format
information
vlan-id }* in the rule of H-H-H
vlan-id: source VLAN ID, in
the range of 1 to 4,094
dest-addr: destination MAC

Specifies the address, in the format of
Destination H-H-H
dest dest-addr destination MAC
MAC address
dest-mask address range dest- mask: destination MAC
information
in the rule address mask, in the format
of H-H-H
Defines the
vlan-pri: VLAN priority, in the
cos vlan-pri Priority 802.1p priority
range of 0 to 7
of the rule
Specifies the time-name: specifies the

time-range Time range time range in name of the time range in
time-name information which the rule is which the rule is active; a
active string of 1 to 32 characters
type Protocol type Defines the protocol-type: protocol type

protocol-type of Ethernet protocol type of protocol-mask: protocol type
protocol-mask frames Ethernet frames mask
1-15
2) Parameters of the undo rule command:

rule-id: Rule ID, which must the ID of an existing ACL rule.
Description

Use the undo rule command to delete an ACL rule.
Before you can delete a rule, you must specify the rule ID. If you do not know the rule
ID, you can view it by using the display acl command.
Example
# Define a rule to deny packets whose 802.1p priority is 3.

[Quidway-acl-ethernetframe-4000] rule deny cos 3
1.1.10 rule (user-defined ACL)
Syntax
rule [ rule-id ] { permit | deny } [ rule-string rule-mask offset ] &<1-8> [ time-range

name ]
undo rule rule-id
View
User-defined ACL view
Parameter
rule-string: User-defined string of the rule. It must be an even number containing 2 to

160 hexadecimal characters.
1-16
rule-mask: User-defined mask of the rule. It is used to perform the logical AND
operations with packets and must be an even number containing 2 to 160 hexadecimal
characters. Note that its length must be the same with that of rule-string.
offset: Mask offset of the rule. It specifies a byte, through its offset from the packet
header, in the packet as the starting point to perform logical AND operations. It ranges
from 0 to 79 bytes, and the maximum value becomes one byte less when the value of
rule-string (and rule-mask) has two more characters. For example, when rule-string
and rule-mask contains two characters respectively, the maximum value of offset is 79
bytes; when the former contains four characters respectively, the maximum value of
offset is 78 bytes, and so on.
Note:
Take the following into consideration when configuring the offset parameter:
z The packets processed by the switch have VLAN tags. One VLAN tag occupies 4
bytes.
z If VLAN VPN is disabled, the packets processed by the switch have 4 bytes of
VLAN tag.
z If VLAN VPN is enabled, a 4 bytes of VLAN tag is added to the packets that the
switch receives. The packets will have two VALN tags no matter the received
packets have VLAN tag or not.
&<1-8>: At most eight rules can be defined at one time.

time-range time-name: Specifies a time range within which the rule is valid.
Description

ACL rule.
Note:
For the user-defined ACL rules, if you set to match the fields after the VLAN tag, two
VLAN tags are added for matching of either tagged or untagged packets. For the
packets with their type filed as 0800, the offset value should be 20.
1-17
Example
# Define a rule to forbid all TCP packets to pass through.

[Quidway-acl-user-5001] rule 25 deny 06 ff 35 time-range t1
1.1.11 rule comment
Syntax
rule rule-id comment text

undo rule rule-id comment
View
Advanced ACL view, Layer 2 ACL view, user-defined ACL view
Parameter
comment text: Specifies the comment string for an ACL rule, which must a string of up
to 127 characters.
Description
Use the rule comment command to define the comment string for an ACL rule.
Use the undo rule comment command to delete the comment string for an ACL rule.
Before defining the comment string for an ACL rule, make sure that this ACL rule
exists.
Example
# Define the comment string of Rule 0 of ACL 3000 as “test”.

1-18

[Quidway-acl-adv-3000] rule 0 comment test
1.1.12 time-range
Syntax
time-range time-name { start-time to end-time days-of-the-week [ from start-time

start-date ] [ to end-time end-date ] | from start-time start-date [ to end-time end-date ]
| to end-time end-date }
undo time-range time-name [ start-time to end-time days-of-the-week [ from
start-time start-date ] [ to end-time end-date ] | from start-time start-date [ to end-time
end-date ] | to end-time end-date ]
View
System view
Parameter
time-name: Name of a special time range, used as the identifier of a reference.

start-time: Start time of a special time range, in the form of hh:mm. Optional argument.
end-time: End time of a special time range, in the form of hh:mm. Optional argument.
days-of-the-week: Day of the week when the special time range is effective. Optional
argument. Available arguments and argument combinations are as follows:
z Numerals (0 to 6)
z Monday, Tuesday, Wednesday, Thursday, Friday, Saturday, and Sunday
z Working days (Monday through Friday)
z Off days (Saturday and Sunday)
z Daily, namely everyday of the week
from start-time start-date: Specifies the start date of a special time range, optional. In
the form of hh:mm MM/DD/ YYYY, start-time start-date and end-time end-date jointly
define a date in which the special time range takes effect.
to end-time end-date: Specifies the end date of a special time range, optional. In the
form of hh:mm MM/DD/ YYYY, start-time start-date and end-time end-date jointly
define a date on which the special time range takes effect.
Description
Use the time-range command to define a time range.

Use the undo time-range command to delete a time range.
The time range defined by means of the time-range command can include absolute
time sections and periodic time sections. start-time and end-time days-of-the-week
1-19
jointly define a periodic time section, while start-time start-date and end-time end-date
jointly define an absolute time section.
If only a periodic time section is defined in a time range, the time range is active only
within the defined periodic time section.
If only an absolute time section is defined in a time, the time range is active only within
the defined absolute time section.
If both a periodic time section and an absolute time section are defined in a time range,
the time range is active only when the periodic time range and the absolute time range
are both matched. Assume that a time range defines an absolute time section from
00:00 January 1, 2004 to 23:59 December 31, 2004, and a periodic time section from
12:00 to 14:00 every Wednesday. This time range is active only from 12:00 to 14:00
every Wednesday in 2004.
If you include any argument undo time-range command, the system will delete only
the content defined by the argument from the time range.
Example
# Define a time range that is effective from 12:00 January 1, 2000 to 12:00 January 1,
2001.
[Quidway] time-range test from 12:00 1/1/2000 to 12:00 1/1/2001
1-20
Command Manual – QoS&QoS Profile
Table of Contents
Chapter 1 QoS Commands........................................................................................................... 1-1

1.1 QoS Commands ................................................................................................................ 1-1
1.1.1 display protocol priority ........................................................................................... 1-1
1.1.2 display qos cos-local-precedence-map................................................................... 1-1
1.1.3 display qos-interface all........................................................................................... 1-2
1.1.4 display qos-interface line-rate ................................................................................. 1-3
1.1.5 display qos-interface traffic-limit.............................................................................. 1-4
1.1.6 display qos-interface traffic-priority ......................................................................... 1-5
1.1.7 display qos-interface traffic-redirect ........................................................................ 1-5
1.1.8 display qos-interface traffic-statistic ........................................................................ 1-6
1.1.9 display queue-scheduler ......................................................................................... 1-7
1.1.10 line-rate ................................................................................................................. 1-7
1.1.11 priority.................................................................................................................... 1-8
1.1.12 priority trust............................................................................................................ 1-9
1.1.13 protocol-priority protocol-type.............................................................................. 1-10
1.1.14 qos cos-local-precedence-map ........................................................................... 1-12
1.1.15 queue-scheduler ................................................................................................. 1-14
1.1.16 reset traffic-statistic ............................................................................................. 1-16
1.1.17 traffic-limit ............................................................................................................ 1-17
1.1.18 traffic-priority........................................................................................................ 1-18
1.1.19 traffic-redirect ...................................................................................................... 1-20
1.1.20 traffic-statistic ...................................................................................................... 1-21
1.1.21 wred..................................................................................................................... 1-22
Chapter 2 QoS Profile Configuration Commands...................................................................... 2-1

2.1 QoS Profile Configuration Commands............................................................................... 2-1
2.1.1 apply qos-profile ...................................................................................................... 2-1
2.1.2 apply qos-profile interface ....................................................................................... 2-2
2.1.3 display qos-profile ................................................................................................... 2-2
2.1.4 packet-filter.............................................................................................................. 2-3
2.1.5 qos-profile................................................................................................................ 2-4
2.1.6 qos-profile port-based ............................................................................................. 2-5
2.1.7 traffic-limit ................................................................................................................ 2-6
2.1.8 traffic-priority............................................................................................................ 2-7
i
Command Manual - QoS&QoS Profile
Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 QoS Commands
Chapter 1 QoS Commands
1.1 QoS Commands
1.1.1 display protocol priority
Syntax
display protocol priority
View
Any view
Parameter
None
Description
Use the display protocol priority command to display the priority of the protocol
packet.
Example
# Display the priority of the protocol packet.

<Quidway> display protocol-priority
Protocol: telnet
DSCP: be(0)
1.1.2 display qos cos-local-precedence-map
Syntax
display qos cos-local-precedence-map
View
Any view
1-1
Parameter
None
Description
Use the display qos cos-local-precedence-map command to view the

“COS-to-local-precedence” mapping table.
Example
# Display the “COS-to-local-precedence” mapping table.

<Quidway> display qos cos-local-precedence-map
cos-local-precedence-map:
cos(802.1p) : 0 1 2 3 4 5 6 7
---------------------------------------------------------------------
local precedence(queue) : 0 1 2 3 4 5 6 7
1.1.3 display qos-interface all
Syntax
display qos-interface { interface-type interface-number | unit-id } all
View
Any view
Parameter
interface-type interface-number: Port index.
unit-id: Unit ID of the switch.
Description
Use the display qos-interface all command to view all the QoS configuration of the
ports. If you do not input port parameters, this command will display the QoS parameter
configuration of all the ports of the switch, including traffic policing, rate limit, etc; if you
input port parameters, this command will display QoS parameter configuration of the
port, including traffic policing, rate limit, etc.
When the IRF feature is enabled, the interface-type interface-number argument or the
unit-id argument must be input.
1-2
Example
# Display all the QoS parameter configuration on Ethernet 1/0/1.

<Quidway> display qos-interface Ethernet 1/0/1 all
Ethernet1/0/1: traffic-limit
Inbound:
Matches: Acl 3001 rule 1 running
Target rate: 640 Kbps
Exceed action: remark-dscp 4
Ethernet1/0/1: traffic-priority
Inbound:
Priority action: dscp ef
Ethernet1/0/1: line-rate
Inbound: 128 Kbps
Outbound: 1024 Kbps
Ethernet1/0/1:
Queue scheduling mode: strict-priority
1.1.4 display qos-interface line-rate
Syntax
display qos-interface { interface-type interface-number | unit-id } line-rate
View
Any view
Parameter
Description
Use the display qos-interface line-rate command to view the rate limit configuration
of a port or all the ports of a switch. If you do not specify the interface-type
interface-number argument, you will view the rate limit configuration of all the ports of a
1-3
switch; if you specify that argument, you will view the rate limit configuration of a
specific port.
Example
# Display the rate limit configuration of a specific port.

<Quidway]> display qos-interface 1 line-rate
Ethernet1/0/1: line-rate
Inbound: 128 kbps
1.1.5 display qos-interface traffic-limit
Syntax
display qos-interface { interface-type interface-number | unit-id } traffic-limit
View
Any view
Parameter
Description
Use the display qos-interface traffic-limit command to view the traffic limit
configuration of a port or all the ports of a switch, including the applied ACLs for traffic
limit, committed average rate (CAR), and the corresponding actions.
Related command: traffic-limit.
Example
# Display the traffic limit configuration.

<Quidway> display qos-interface Ethernet1/0/1 traffic-limit
Ethernet1/0/1: traffic-limit
Inbound:
Target rate: 640 Kbps
Exceed action: remark-dscp 4
1-4
1.1.6 display qos-interface traffic-priority
Syntax
display qos-interface { interface-type interface-number | unit-id } traffic-priority
View
Any view
Parameter
Description
Use the display qos-interface traffic-priority command to view the traffic priority
configuration. The information displayed includes the ACL corresponding to the traffic
tagged with priority, priority type and value.
Related command: traffic-priority.
Example
# Display the traffic priority configuration.

<Quidway> display qos-interface Ethernet 1/0/1 traffic-priority
Ethernet1/0/1: traffic-priority
Inbound:
Priority action: dscp ef
1.1.7 display qos-interface traffic-redirect
Syntax
display qos-interface { interface-type interface-number | unit-id } traffic-redirect
View
Any view
Parameter
1-5
Description
Use the display qos-interface traffic-redirect command to view the redirection

configuration of a port or all the ports of a switch. The displayed information includes
the corresponding ACLs of the traffic to be redirected, the redirected interfaces, etc.
Related command: traffic-redirect.
Example
# Display the redirect configuration.

<Quidway> display qos-interface Ethernet 1/0/1 traffic-redirect
1.1.8 display qos-interface traffic-statistic
Syntax
display qos-interface { interface-type interface-number | unit-id } traffic-statistic
View
Any view
Parameter
Description
Use the display qos-interface traffic-statistic command to view the traffic statistics
information. The information displayed includes the ACL corresponding to the traffic to
be counted and the number of packets counted.
Related command: traffic-statistic.
Example
# Display the traffic statistics information.

<Quidway> display qos-interface Ethernet 1/0/1 traffic-statistic
Ethernet1/0/1: traffic-statistic
Inbound:
1-6
0 packet inprofile
0 packet outprofile
1.1.9 display queue-scheduler
Syntax
display queue-scheduler
View
Any view
Parameter
None
Description
Use the display queue-scheduler command to view queue scheduling mode and
corresponding configuration.
Related command: queue-scheduler.
Example
# Display the queue scheduling mode.

<Quidway> display queue-scheduler
Queue scheduling mode: strict-priority
1.1.10 line-rate
Syntax
line-rate { inbound | outbound } target-rate
undo line-rate { inbound | outbound }
View
Ethernet port view
Parameter
inbound: Limits the rate of inbound packets.
outbound: Limits the rate of outbound packets.
1-7
target-rate: Total rate (in kbps) to limit both the inbound and outbound packets on the
port, with the granularity of rate limit being 64 kbps. If the number you input is in the
range of N*64 to (N+1)*64 (N is a natural number), the switch will set the value to
(N+1)*64 kbps automatically. The target rate range for fast Ethernet ports and Gigabit
Ethernet ports are:
z Fast Ethernet port: 64 to 99,968
z Gigabit Ethernet port: 64 to 1,000,000
Description
Use the line-rate command to limit the rate of the packets on the port.
Use the undo line-rate command to cancel the rate limit configuration on the port.
The granularity of rate limit is 64 kbps.
Example
# Limit the rate of inbound packets on Ethernet 1/0/1 to 128 kbps.

[Quidway-Ethernet1/0/1] line-rate inbound 128
1.1.11 priority
Syntax
priority priority-level
undo priority
View
Ethernet port view
Parameter
priority-level: Specifies the priority level of the port, ranging from 0 to 7.
Description
Use the priority command to configure the priority of Ethernet port.
Use the undo priority command to restore the default port priority.
1-8
By default, the switch uses the port priority instead of the 802.1p priority carried by a
packet.
After this command is configured, the switch will replace the packet 802.1p priority with
the priority of the received port, according to which the packet will be put into the
corresponding egress queue.
Example
# Set the priority of Ethernet 1/0/1 port to 7.

[Quidway-Ethernet1/0/1] priority 7
1.1.12 priority trust
Syntax
priority trust
undo priority
View
Ethernet port view
Parameter
None
Description
Use the priority trust command to configure system to use the packet 802.1p priority
instead of the port priority.
Use the undo priority command to configure the system not to use packet 802.1p
priority.
By default, the system replaces the 802.1p priority carried by a packet with the port
priority.
Example
# Configure the system to use the packet priority on Ethernet 1/0/1.

1-9

[Quidway-Ethernet1/0/1] priority trust
1.1.13 protocol-priority protocol-type
Syntax
protocol-priority protocol-type protocol-type { ip-precedence ip-precedence | dscp

dscp-value }
undo protocol-priority protocol-type protocol-type
View
System view
Parameter
protocol-type protocol-type: Specifies the protocol type. Only TELNET, SNMP, ICMP
and OSPF are supported currently.
ip-precedence ip-precedence: Specifies the IP precedence, in the range of 1 to 7. You

can enter the keywords as shown in Table 1-1 .
Table 1-1 Description on IP precedence values
Keyword IP precedence (decimal) IP precedence (binary)

routine 0 000
priority 1 001
immediate 2 010
flash 3 011
flash-override 4 100
critical 5 101
internet 6 110
network 7 111
dscp dscp-value: Specifies the DSCP priority, in the range of 0 to 63. You can also
enter the keywords in Table 1-2.
1-10
Table 1-2 Description on DSCP values
Keyword DSCP value (decimal) DSCP value (binary)

ef 46 101110
af11 10 001010
af12 12 001100
af13 14 001110
af21 18 010010
af22 20 010100
af23 22 010110
af31 26 011010
af32 28 011100
af33 30 011110
af41 34 100010
af42 36 100100
af43 38 100110
cs1 8 001000
cs2 16 010000
cs3 24 011000
cs4 32 100000
cs5 40 101000
cs6 48 110000
cs7 56 111000
be (default) 0 000000
Description
Use the protocol-priority command to set the global traffic priority for a specific
protocol type.
Use the undo protocol-priority command to cancel the settings.
Note:
The precedence of OSPF protocol packets cannot be changed on S3900-SI series
switches.
1-11
Example
# Set the IP precedence of SNMP protocol packets to 3.

[Quidway] protocol-priority protocol-type snmp ip-precedence 3
1.1.14 qos cos-local-precedence-map
Syntax
qos cos-local-precedence-map cos0-map-local-prec cos1-map-local-prec

cos2-map-local-prec cos3-map-local-prec cos4-map-local-prec cos5-map-local-prec
cos6-map-local-prec cos7-map-local-prec
undo qos cos-local-precedence-map
View
System view
Parameter
cos0-map-local-prec: Local precedence to which the CoS 0 is to be mapped, in the

range of 0 to 7.

range of 0 to 7.

range of 0 to 7.

range of 0 to 7.

range of 0 to 7.

range of 0 to 7.

range of 0 to 7.

range of 0 to 7.
1-12
Description
Use the qos cos-local-precedence-map command to configure the

“CoS-to-local-precedence” mapping table.
Use the undo qos cos-local-precedence-map command to restore the default

values.
The following is the default “CoS-to-local-precedence” mapping table.
Table 1-3 Default “CoS-to-local-precedence” mapping table
CoS value Local precedence

0 2
1 0
2 1
3 3
4 4
5 5
6 6
7 7
Example
# Configure the “CoS-to-local-precedence” mapping table.

[Quidway] qos cos-local-precedence-map 0 1 2 3 4 5 6 7
The following is the configured "CoS-to-local-precedence” mapping table.
1-13
Table 1-4 “CoS-to-local-precedence” mapping table
CoS value Local precedence

0 0
1 1
2 2
3 3
4 4
5 5
6 6
7 7
1.1.15 queue-scheduler
Syntax
1. In system view
queue-scheduler { strict-priority | wfq queue0-width queue1-width queue2-width

queue3-width queue4-width queue5-width queue6-width queue7-width | wrr
queue0-weight queue1-weight queue2-weight queue3-weight queue4-weight
queue5-weight queue6-weight queue7-weight }
undo queue-scheduler
2. In Ethernet port view
queue-scheduler { wfq queue0-width queue1-width queue2-width queue3-width

queue4-width queue5-width queue6-width queue7-width | wrr queue0-weight
queue6-weight queue7-weight }
undo queue-scheduler
View
Parameter
strict-priority: Indicates that the queue uses strict priority (SP) scheduling algorithm.
wfq: Indicates that the queue uses weighted fair queue (WFQ) scheduling.
1-14
queue0-width queue1-width queue2-width queue3-width queue4-width queue5-width

queue6-width queue7-width: Minimum delivery bandwidth of each WFQ queue in kbps.
Its granularity is 64 kbps. If the number you enter is in the range of N*64 to (N+1)*64 (N
is a natural number), the switch sets the value to (N+1)*64 automatically. The value for
100 M Ethernet ports is in the range of 64 to 99,968, and the value for Gigabit Ethernet
ports is in the range of 64 to 1,000,000. The value 0 means the corresponding queue
uses the SP scheduling.
wrr: Indicates that the queue uses weighted round robin (WRR) scheduling.

queue5-weight queue6-weight queue7-weight: Indicates that the queue uses the WRR
scheduling. The value ranges from 0 to 15. The value 0 means the corresponding
queue uses the SP scheduling.
Description
Use the queue-scheduler command to configure the queue scheduling mode.
Use the undo queue-scheduler command to restore the default value.
The queue scheduling algorithm defined by executing the queue-scheduler command

in system view takes effect on all the ports of the switch. The queue scheduling
algorithm defined by executing the queue-scheduler command in Ethernet port view
takes effect on the current port only. If the queue scheduling algorithm defined globally
cannot satisfy the requirement of a port, you can define other queue scheduling
algorithm for this port in Ethernet port view of this port. The newly configured queue
scheduling algorithm on this port will replace the globally defined one.
The port of the switch supports eight output queues and you can configure to choose
the queue schedules (SP, WRR, and WFQ) as needed to achieve the implementation
of WRR+SP or WFQ+SP. For example, when using WRR or WFQ, if you set the value
of some queues or the minimum bandwidth to 0, the SP applies to the queues and
WRR or WFQ apply to the rest queues.
By default, the WRR algorithm is selected for all outbound queues on a port, and their
weight values are 1, 2, 3, 4, 5, 9, 13, and 15.
Related command: display queue-scheduler.
Example
# Set WRR as the queue scheduling mode, and set the weight value of each queue to 1,
2, 3, 4, 5, 6, 7, and 8 respectively. .
1-15
[Quidway-Ethernet1/0/1] queue-scheduler wrr 1 2 3 4 5 6 7 8
1.1.16 reset traffic-statistic
Syntax
reset traffic-statistic inbound acl-rule
View
Ethernet port view
Parameter
inbound: Specify to clear the statistics of the inbound packets on the port.
acl-rule: Applied ACL which can be the combination of various ACL rules. For the ways
of combining ACLs and the description on related parameters, refer to Table 1-5 and
Table 1-6.
Table 1-5 Ways of applying combined ACLs
ACL combination Form of the acl-rule argument

Apply all the rules in an IP ACL
ip-group acl-number
separately
Apply a rule in an IP ACL separately ip-group acl-number rule rule
Apply all the rules in a Link ACL
link-group acl-number
separately
Apply a rule in a Link ACL separately link-group acl-number rule rule
Apply a rule in an IP ACL and a rule in ip-group acl-number rule rule link-group
a Link ACL at the same time acl-number rule rule
Table 1-6 Description on the parameters in the ACL combination
Parameter Description
The number of a basic or advanced ACL, in the range
ip-group acl-number
of 2,000 to 3,999
The number of a Layer 2 ACL, in the range of 4,000 to
4,999
The number of a user-defined ACL, in the range of
5,000 to 5,999
The number of an ACL rule, in the range of 0 to 65,534.
rule If the rule argument is not specified, it refers to all the
rules in the ACL
1-16
Description
Use the reset traffic-statistic command to clear the statistics of all or specified traffic.
Example
# Clear the statistics of the inbound traffic that matches ACL 2000 on Ethernet 1/0/1.
[Quidway-Ethernet1/0/1] reset traffic-statistic inbound ip-group 2000
1.1.17 traffic-limit
Syntax
traffic-limit inbound acl-rule target-rate [ exceed action ]
undo traffic-limit inbound acl-rule
View
Ethernet port view
Parameter
inbound: Performs traffic limit to the packets received by the interface.
acl-rule: Applied ACL rules which can be the combination of various ACL rules. For the
ways of combining ACLs and the description on related parameters, refer to Table 1-5
and Table 1-6.
target-rate: The total rate (in kbps) to be set, with the granularity of traffic limit being 64
kbps. If the specified number is in (N*64, (N+1)*64], in which N is a natural number, the
switch automatically sets (N+1)*64 as the parameter value. For a fast Ethernet port, this
argument ranges from 64 to 99,968 inclusive; for a Gigabit Ethernet port, from 64 to
1,000,000 inclusive.
exceed action: Optional. The action is taken when the traffic exceeds the threshold.
The action can be:
z drop: Drops the packets.
z remark-dscp value: Sets new DSCP value.
1-17
Description
Use the traffic-limit command to activate ACL and perform traffic limit.
Use the undo traffic-limit command to remove traffic limit.
The granularity of traffic limit is 64 kbps.
This command is only effective for the ACL rules whose actions are permit.
Example
# Perform traffic limit on packets which are received on Ethernet 1/0/1 and match the
permit rule in ACL 4000. Set the limit rate to 128 kbps and drop the packets exceeding
the rate.
[Quidway-Ethernet1/0/1] traffic-limit inbound link-group 4000 128 exceed drop
1.1.18 traffic-priority
Syntax
traffic-priority { inbound | outbound } acl-rule { { dscp dscp-value | ip-precedence

{ pre-value | from-cos } } | cos { pre-value | from-ipprec } | local-precedence
pre-value }*
undo traffic-priority { inbound | outbound } acl-rule
View
Ethernet port view
Parameter
inbound: Performs priority marking to the packets received by the interface.
outbound: Performs priority marking to the packets sent by the interface.
and Table 1-6.
dscp dscp-value: Set DSCP priority, ranging from 0 to 63. You can also enter the
keywords in Table 1-2.
1-18
ip-precedence { pre-value | from-cos }: Set IP priority, pre-value ranges from 0 to 7.

You can also enter the keywords in Table 1-1. from-cos means to set IP priority of the
packet the same to 802.1p priority.
cos { pre-value | from-ipprec }: Set 802.1p priority. The pre-value argument ranges
from 0 to 7. You can also enter the keywords in Table 1-7. from-ipprec means to set
802.1p priority of the packet the same to IP priority.
Table 1-7 Description on 802.1p priority values
Keyword CoS value (decimal) CoS value (binary)

best-effort 0 000
background 1 001
spare 2 010
excellent-effort 3 011
controlled-load 4 100
video 5 101
voice 6 110
network-management 7 111
local-precedence pre-value: Set local priority. The pre-value argument ranges from 0
to 7.
Description
Use the traffic-priority command to enable ACLs for traffic classification and remark
priority for the traffic matching the ACLs. This command is effective only for the ACL
rules whose actions are permit.
Use the undo traffic-priority command to remove the function of remarking priority for
the specified traffic.
Note:
The COS precedence and the local-precedence can not be applied simultaneously on
the switch.
Related command: display qos-interface traffic-priority.
1-19
Example
# Remark the 802.1p priority of the packets which are received on Ethernet 1/0/1 and
match the permit rule in ACL 4000 as 1.
[Quidway-Ethernet1/0/1] traffic-priority inbound link-group 4000 cos 1
1.1.19 traffic-redirect
Syntax
traffic-redirect { inbound | outbound } acl-rule { cpu | interface interface-type

interface-number }
undo traffic-redirect { inbound | outbound } acl-rule
View
Ethernet port view
Parameter
inbound: Performs traffic redirecting to the packets received by the interface.
outbound: Performs traffic redirecting to the packets sent by the interface.
and Table 1-6.
cpu: Configures to redirect the traffic to the CPU.
interface interface-type interface-number: Redirects the packets to the specified

Ethernet port. The interface-type argument refers to the port type.
Description
Use the traffic-redirect command to activate the ACL to recognize and redirect the
traffic (whose action is permit).
Use the undo traffic-redirect command to cancel the redirection.
Related command: display qos-global traffic-redirect.
1-20
Note:
z When the packets are redirected to CPU, they cannot be forwarded normally.
z If the traffic is redirected to a down Combo port, the system automatically redirects
the traffic to the up port that is corresponding to the Combo port.
Example
# Redirect the packets which are received on Ethernet 1/0/1 and match the permit rule
in ACL 2000 to Ethernet1/0/7.
[Quidway-Ethernet1/0/1] traffic-redirect inbound ip-group 2000 interface
Ethernet 1/0/7
1.1.20 traffic-statistic
Syntax
traffic-statistic inbound acl-rule
undo traffic-statistic inbound acl-rule
View
Ethernet port view
Parameter
inbound: Performs traffic statistic to the packets received by the interface.
outbound: Performs traffic statistic to the packets sent by the interface.
and Table 1-6.
Description
Use the traffic-statistic command to activate the ACL to recognize and count the traffic
(whose action is permit).
Use the undo traffic-statistic command to cancel the traffic statistics.
1-21
The statistics information of traffic-statistic command includes the matched times of

the transmitted data by switch. User can use display qos-interface traffic-statistic
command to display the statistics information.
Related command: display qos-interface traffic-statistic.
Example
# Perform traffic statistics on the packets which are received on Ethernet 1/0/1 and
match the permit rule in ACL 2000.
[Quidway-Ethernet1/0/1] traffic-statistic inbound ip-group 2000
1.1.21 wred
Syntax
wred queue-index qstart probability
undo wred queue-index
View
Ethernet port view
Parameter
queue-index: Queue index in the range of 0 to 7.
qstart: Number of the packets that the queue can hold, in the range of 1 to 128.
probability: Drop probability in the range of 0 to 92 (percentage).
Description
Use the wred command to configure WRED parameters.
Use the undo wred command to restore default setting.
By default, WRED function is disabled.
Example
# Configure WRED parameters for queue 2 on Ethernet 1/0/1. When the number of
packets in queue 2 exceeds 64, packets are dropped at random. The drop probability is
20%.
1-22
[Quidway-Ethernet1/0/1] wred 2 64 20
1-23
Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 2 QoS Profile Configuration Commands
Chapter 2 QoS Profile Configuration Commands
2.1 QoS Profile Configuration Commands
2.1.1 apply qos-profile
Syntax
apply qos-profile profile-name
undo apply qos-profile profile-name
View
Ethernet port view
Parameter
profile-name: QoS profile name, a string of 1 to 32 characters, starting with English

letters [a-z, A-Z] and excluding all, interface, user, undo, user-based, port-based and
name which are reserved keywords.
Description
Use the apply qos-profile command to apply the QoS profile configuration to the
current port manually.
Use the undo apply qos-profile command to remove the configuration.
You cannot delete the specific QoS profile which has been applied to the port.
Example
# Apply the QoS profile named a123 to Ethernet 1/0/1.

[Quidway-Ethernet1/0/1] apply qos-profile a123
2-1
2.1.2 apply qos-profile interface
Syntax
apply qos-profile profile-name interface interface-list
undo apply qos-profile profile-name interface-list
View
System view
Parameter
profile-name: QoS profile name, a string of one to 32 characters, starting with English
letters [a-z, A-Z] and excluding all, interface, user, undo, user-based, port-based and
name which are reserved keywords.
interface { interface-name | -list: Ethernet port list which refers to multiple Ethernet ports,
expressed in the format of interface-list = interface-type interface-number [ to
interface-type interface-number ].
Description
Use the apply qos-profile interface command to apply the QoS profile to one or more
consecutive ports manually.
Use the undo apply qos-profile command to remove the QoS profile configuration
from one or more consecutive ports.
Example
# Apply the QoS profile named a123 to Ethernet1/0/1 through Ethernet1/0/4 manually.
[Quidway] apply qos-profile a123 interface Ethernet 1/0/1 to Ethernet 1/0/4
2.1.3 display qos-profile
Syntax
display qos-profile { all | name profile-name | interface interface-type

interface-number | user user-name }
2-2
View
Any view
Parameter
all: Displays all QoS profiles.
profile-name: Displays the QoS profiles with specific names, profile-name is a string of
1 to 32 characters, starting with English letters [a-z, A-Z] and excluding all, interface,
user, undo, user-base, port-based and name which are reserved keywords.
interface interface-type interface-number: Display the QoS profile delivered to a

specific port.
user user-name: Displays the QoS profile mapped with a specific user. user-name is a
string with up to 80 characters.
Description
Use the display qos-profile command to view QoS profile configuration information.
Example
# Display QoS profile configuration information.

<Quidway> display qos-profile all
2.1.4 packet-filter
Syntax
packet-filter { inbound | outbound } acl-rule
undo packet-filter { inbound | outbound } acl-rule
View
QoS profile view
Parameter
inbound: Filters the inbound packets on the port.
outbound: Filters the outbound packets on the port.
and Table 1-6.
2-3
Description
Use the packet-filter command to add packet filtering action to the QoS profile.
Use the undo packet-filter command to remove packet filtering action from the QoS
profile.
Example
# Add the packet filtering action to the QoS profile named a123. The action is to filter
the inbound packets matching the ACL 4000.
[Quidway] qos-profile a123
[Quidway-qos-profile-a123] packet-filter inbound link-group 4000
2.1.5 qos-profile
Syntax
qos-profile profile-name
undo qos-profile profile-name
View
System view
Parameter
profile-name: QoS profile name, a string of one to 32 characters, a string of one to 32

characters, starting with English letters [a-z, A-Z] and excluding all, interface, user,
undo, user-based, port-based and name which are reserved keywords.
Description
Use the qos-profile command to create a QoS profile and enter the corresponding
view. For an existing QoS profile, use this command to directly enter the corresponding
view.
Use the undo qos-profile command to delete a QoS profile.
Example
# Create a QoS profile named a123.
2-4
[Quidway-qos-profile-a123]
2.1.6 qos-profile port-based
Syntax
qos-profile port-based
undo qos-profile port-based
View
Ethernet port view
Parameter
None
Description
Use the qos-profile port-based command to configure application mode on the port of
the QoS profile.
Use the undo qos-profile port-based command to restore the default application
mode.
By default, user-based application mode is selected on the port.

z If the 802.1x authentication is based on the MAC address, you must configure the
QoS profile application mode to be user-based.
z If the 802.1x authentication is based on the port, you must configure the QoS
profile application mode to be port-based.
After you configure the QoS profiles and the user pass the authentication, the switch
will deliver the right profile dynamically to the port from which the user is accessed. The
QoS profile can be delivered to the port in these different modes:
z User-based mode: If the source station information (source MAC address, source
IP address or source MAC address + IP address) has been defined in the ACL
which is referenced in the traffic actions, the switch cannot deliver the QoS profile;
if no source station information is available, the switch generates a new ACL by
adding the source MAC address and source IP address into the existing ACL, and
then delivers all traffic actions in the QoS profile to the user port.
2-5
z Port-based mode: The switch delivers the traffic actions in the QoS profile directly
to the user port. In this mode, all the accessed users through one port should use
the same profile.
Example
# Configure the application mode of the QoS profile on Ethernet 1/0/1 as the port-based
mode.
[Quidway-Ethernet1/0/1] qos-profile port-based
2.1.7 traffic-limit
Syntax
traffic-limit inbound acl-rule target-rate [ exceed exceed-action ]
undo traffic-limit inbound acl-rule
View
QoS profile view
Parameter
inbound: Set traffic limiting for the inbound packets on the port.
and Table 1-6.
target-rate: Total traffic (in kbps) to be set, with the granularity of traffic limit being
64kbps. If the number user input is in ( N*64, (N+1)*64], in which N is a natural number,
the switch automatically sets (N+1)*64 as the parameter value. For a fast Ethernet port,
this argument ranges from 64 to 99,968 inclusive; for a Gigabit Ethernet port, from 64 to
1,000,000 inclusive.
exceed action: Action taken when the traffic threshold is exceeded (optional). Two
actions are available:
z drop: Drops packets.
z remark-dscp value: Sets a new DSCP value.
2-6
Description
Use the traffic-limit command to add traffic policing action in the QoS profile.
Use the undo traffic-limit command to remove traffic policing action from the QoS
profile.
You cannot remove traffic policing action from the specific QoS profile which has been
applied to the port.
Example
# Add to the QoS profile named a123 this traffic policing action: Limit traffic for the
packets matching ACL 2000, the target rate is 128 kbps, drop the packets at a rate
exceeding this target rate.
[Quidway-qos-profile-a123] traffic-limit inbound ip-group 2000 128 exceed
drop
2.1.8 traffic-priority
Syntax
traffic-priority { inbound | outbound } acl-rule { { dscp dscp-value | ip-precedence

{ pre-value | from-cos } } | cos { pre-value | from-ipprec } | local-precedence
pre-value }*
undo traffic-priority { inbound | outbound } acl-rule
View
QoS profile view
Parameter
inbound: Resets the preference value for the inbound packets on the port.
outbound: Resets the preference value for the outbound packets on the port.
and Table 1-6.
dscp dscp-value: Sets DSCP preference value, in the range 0 to 63. You can also enter
keywords in Table 1-2.
2-7
ip-precedence { pre-value | from-cos }: Set IP preference value, pre-value is in the

range 0 to 7. from-cos sets the IP preference value consistent with 802.1p preference
value.
cos { pre-value | from-ipprec }: Sets 802.1p preference value, pre-value is in the

range 0 to 7. from-ipprec sets the 802.1p preference value consistent with the IP
preference value.
local-precedence pre-value: Sets local preference value, in the range 0 to 7.
Description
Use the traffic-priority command to enable the ACL and preference reset.
Use the undo traffic-priority command to remove the preference reset.
You cannot remove preference reset from the specific QoS profile which has been
applied to the port.
Note:
The COS precedence and the local-precedence can not be applied simultaneously on
the switch.
Example
# Add the preference reset to the QoS profile named a123. The action is to set local
preference 0 to the inbound packets matching the ACL 2000.
[Quidway-qos-profile-a123] traffic-priority inbound ip-group 2000
local-precedence 0
2-8
Command Manual – Web Cache Redirection
Table of Contents
Chapter 1 Web Cache Redirection Configuration Commands ................................................. 1-1

1.1 Web Cache Redirection Configuration Commands........................................................... 1-1
1.1.1 display webcache .................................................................................................... 1-1
1.1.2 webcache address .................................................................................................. 1-2
1.1.3 webcache redirect-vlan ........................................................................................... 1-3
i
Command Manual – Web Cache Redirection Chapter 1 Web Cache Redirection Configuration
Chapter 1 Web Cache Redirection Configuration

Commands
Note:
The S3900-SI series do not support Web cache redirection.
1.1 Web Cache Redirection Configuration Commands
1.1.1 display webcache
Syntax
display webcache
View
Any view
Parameter
None
Description
Use the display webcache command to view Web cache redirection configuration and
check whether or not the Web cache is accessible.
Example
# Display Web cache redirection configuration and check whether or not the Web
cache is accessible.
[Quidway] display webcache
webcache IP address: 1.1.1.1
webcache MAC address: 00e0-fc00-0000
webcache port: Ethernet1/0/1
webcache VLAN: 1
1-1
webcache TCP port: 80

webcache redirect VLAN:
VLAN 2 Valid
webcache exclusion lists:
2.2.2.2 255.255.0.0
webcache status: accessible
1.1.2 webcache address
Syntax
The syntax in system view:
webcache address ip-address mac mac-address vlan vlan-id port interface-type

interface-number [ tcpport tcpport-number ]
undo webcache all
The syntax in Ethernet port view:
webcache address ip-address mac mac-address vlan vlan-id [ tcpport

tcpport-number ]
View
Parameter
ip-address: IP address to be assigned to the Web cache.
mac-address: MAC address to be assigned to the Web cache.
vlan-id: ID of the VLAN where Web cache is located.
port interface-type interface-number: Specifies the port through which the switch is
connected to the Web cache.
tcpport tcpport-number: TCP port number used by HTTP packets. The default is 80.
Description
Use the webcache address command to enable Web Cache redirection on switch and
configure the related parameters of web cache at the same time. The Web cache
parameters include: IP address, MAC address, VLAN ID, the port connecting the switch
to Web cache, TCP port number in HTTP packets.
1-2
Use the undo webcache all command to remove all Web cache redirection
configurations on the switch.
You can configure the parameters of Web Cache in system view or Ethernet port view.
Note:
z If the configured Web cache is inaccessible, Web cache redirection cannot be
enabled.
z The switch supports only one Web cache. If you configure web cache for a second
time, the new configuration replaces the old one.
z If the VLAN where web cache is located does not have the corresponding VLAN
interface on the switch, this configuration will not be validated.
z If the VLAN interface does not go up, Web Cache redirection will not be validated.
Example
# Enable Web cache redirection on the switch in system view, configuring the Web
cache with the following parameters: IP address 1.1.1.1, MAC address 00e0-fc01-0101,
VLAN ID 40, the port through which the switch is connected to the Web cache to be
Ethernet 1/0/4, and the default TCP port number used by HTTP packets to be 80.
[Quidway] webcache address 1.1.1.1 mac 00e0-fc01-0101 vlan 40 port Ethernet
1/0/4
# Enable Web cache redirection on switch in Ethernet port view, configuring web cache
with the following parameters: IP address 1.1.1.1, MAC address 00e0-fc01-0101,
VLAN ID 40, the port through which the switch is connected to the Web cache to be
Ethernet 1/0/4, and the default TCP port number used by HTTP packets to be 80.
[Quidway-Ethernet1/0/1] webcache address 1.1.1.1 mac 00e0-fc01-0101 vlan 40
1.1.3 webcache redirect-vlan
Syntax
webcache redirect-vlan vlan-id
1-3
undo webcache redirect-vlan [ vlan-id ]
View
System view
Parameter
vlan-id: ID of the VLAN whose traffic is to be redirected.
Description
Use the webcache redirect-vlan command to specify a VLAN whose HTTP traffic is to
be redirected.
Use the undo webcache redirect-vlan command to disable the HTTP traffic of a
specified VLAN from being redirected.
By default, the HTTP traffic of the users in all VLANs is not redirected to the Web cache.
If you do not specify the vlan-id argument when executing the undo webcache
redirect-vlan command, Web cache redirection in all the VLANs is disabled.
Note:
This configuration will not be validated unless the VLAN interfaces corresponding to the
VLAN IDs exist.
If the VLAN interface does not go up, Web cache redirection will not be validated.
Example
# Redirect the HTTP traffic of VLAN 40 to the Web cache.

[Quidway] webcache redirect-vlan 40
1-4
Command Manual – Mirroring
Table of Contents
Chapter 1 Mirroring Commands .................................................................................................. 1-1

1.1 Mirroring Commands of S3900-EI ..................................................................................... 1-1
1.1.1 display mirroring-group ........................................................................................... 1-1
1.1.2 display qos-interface mirrored-to............................................................................. 1-2
1.1.3 mirrored-to............................................................................................................... 1-3
1.1.4 mirroring-group........................................................................................................ 1-4
1.1.5 mirroring-group mirroring-port ................................................................................. 1-5
1.1.6 mirroring-group monitor-port ................................................................................... 1-6
1.1.7 mirroring-group reflector-port .................................................................................. 1-7
1.1.8 mirroring-group remote-probe vlan ......................................................................... 1-7
1.1.9 mirroring-port........................................................................................................... 1-8
1.1.10 monitor-port ........................................................................................................... 1-9
1.1.11 remote-probe vlan ................................................................................................. 1-9
1.2 Mirroring Commands of S3900-SI ................................................................................... 1-10
1.2.1 display mirror......................................................................................................... 1-10
1.2.2 display qos-interface mirrored-to........................................................................... 1-11
1.2.3 mirrored-to............................................................................................................. 1-12
1.2.4 mirroring-port......................................................................................................... 1-13
1.2.5 monitor-port ........................................................................................................... 1-14
i
Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 Mirroring Commands
Chapter 1 Mirroring Commands
1.1 Mirroring Commands of S3900-EI

1.1.1 display mirroring-group
Syntax
display mirroring-group { group-id | all | local | remote-destination |

remote-source }
View
Any view
Parameter
group-id: Group number of a port mirroring group, in the range of 1 to 20.

local: The specified mirroring group is a local port mirroring group.
remote-destination: The specified mirroring group is the destination group for remote
mirroring.
remote-source: The specified mirroring group is the source group for remote
mirroring.
all: All mirroring groups
Description
Use the display mirroring-group command to display the parameter settings of a port
mirroring group.
Local mirroring group information includes:
z Group number
z Group type: local
z Group status
z Information of the monitored port
z Information of the monitoring port
Information displayed on the destination mirroring group for remote mirroring includes:
z Group number
z Group type: remote-destination
z Group status
z Information of the destination port
z Remote-probe VLAN information
1-1
Information displayed on the source mirroring group for remote mirroring includes:
z Group number
z Group type: remote-source
z Group status
z Information of the source port
z Information of the reflector port
z Remote-probe VLAN information
Example
# Display the parameter settings of the port mirroring group.

<Quidway> display mirroring-group all
mirroring-group 2:
type: local
status: active
mirroring port:
GigabitEthernet1/1/1 both
monitor port: GigabitEthernet1/1/4
1.1.2 display qos-interface mirrored-to
Syntax
display qos-interface { interface-type interface-number | unit-id } mirrored-to
View
Any view
Parameter
interface-type interface-number: port of the switch. If you enter this argument, the
switch will display the parameter settings of the specified port.
unit-id: Unit ID. If you enter this argument, the switch will display the parameter settings
on Unit.
Description
Use the display qos-interface mirrored-to command to display the parameter

settings of traffic mirroring.
Information displayed includes:
z Port name and action name of traffic mirroring
z Direction of traffic mirroring
z ACL for identifying traffics
z Destination port
Related command: mirrored-to
1-2
Example
# Display the parameter settings of traffic mirroring on Gigabitethernet1/1/1.

<Quidway> display qos-interface GigabitEthernet 1/1/1 mirrored-to
GigabitEthernet1/1/1: mirrored-to
Inbound:
Mirrored to: monitor interface
1.1.3 mirrored-to
Syntax
mirrored-to { inbound | outbound } acl-rule { monitor-interface | cpu }

undo mirrored-to { inbound | outbound } acl-rule
View
Ethernet port view
Parameter
inbound: Mirrors packets received on the port.

outbound: Mirrors packets sent on the port.
rules. Table 1-1 describes the ACL combinations.

Apply all rules in an IP type ACL (either a basic
ip-group acl-number
or an advanced ACL) separately
Apply one rule in an IP type ACL separately ip-group acl-number rule rule-id
Apply all rules in a Layer 2 ACL separately link-group acl-number
link-group acl-number rule
Apply one rule in a Layer 2 ACL separately
rule-id
separately
Apply all rules in a user-defined ACL user-group acl-number rule
separately rule-id
ip-group acl-number rule rule-id
Apply one rule in an IP type ACL and one rule
link-group acl-number rule
in a Layer 2 ACL simultaneously
rule-id
1-3
ip-group acl-number: ACL number of the basic or advanced ACL, ranging from 2000 to
3999.
link-group acl-number: ACL number of the Layer 2 ACL, ranging from 4000 to 4999.
user-group acl-number: ACL number of the user-defined ACL, ranging from 5000 to
5999.
rule rule-id: Rule number of the ACL rule, ranging from 0 to 65534. If this parameter is
not specified, all rules in the specified ACL will be applied.
monitor-interface: Mirrors traffics to the monitored interface.
cpu: Mirrors the data traffics to the CPU.
Description
Use the mirrored-to command to reference ACLs for identifying traffics and perform
traffic mirroring for packets that match.
Use the undo mirrored-to command to remove traffic mirroring configuration.
This command applies to the rules whose actions are permit in matching the specified
ACL.
LACP and TCP must be disabled on the destination port. Traffic mirroring does not
support aggregated synchronization and configuration copy.
Mirroring configuration takes effect only after a source port and a destination port are
specified.
Related command: display qos-interface mirrored-to, monitor-port
Example
# Mirror packets that match ACL 2000 on port GigabitEthernet1/1/1 to

GigabitEthernet1/1/4 through traffic mirroring.
[Quidway] interface GigabitEthernet1/1/4
[Quidway-GigabitEthernet1/1/4] monitor-port
[Quidway-GigabitEthernet1/1/4] quit
[Quidway-GigabitEthernet1/1/1] mirrored-to inbound ip-group 2000
monitor-interface
1.1.4 mirroring-group
Syntax
mirroring-group group-id { local | remote-destination | remote-source }

undo mirroring-group { group-id | all | local | remote-destination | remote-source }
1-4
View
System view
Parameter

local: Specifies the mirroring group as a local port mirroring group.
remote-destination: Specifies the mirroring group as the destination mirroring group
for remote port mirroring.
remote-source: Specifies the mirroring group as the source mirroring group for remote
mirroring.
all: Deletes all mirroring groups
Description
Use the mirroring-group command to configure a port mirroring group.

Use the undo mirroring-group command to delete a port mirroring group.
Example
# Configure a port mirroring group on the local switch.

[Quidway] mirroring-group 1 local
1.1.5 mirroring-group mirroring-port
Syntax
mirroring-group group-id mirroring-port mirroring-port-list { both | inbound |

outbound }
undo mirroring-group group-id mirroring-port mirroring-port-list
View
Parameter

mirroring-port mirroring-port-list: Specifies a list of mirrored ports. mirroring-port-list is
available in system view only, but not in Ethernet port view.
both: Mirrors packets both received and sent via the port.
inbound: Mirrors only packets received via the port.
outbound: Mirrors only packets sent via the port.
1-5
Description
Use the mirroring-group mirroring-port command to configure the source port.

Use the undo mirroring-group mirroring-port command to remove the configuration
of the source port.
Example
# Configure GigabitEthernet1/1/1 as the source port and mirror all packets received via
this port.
[Quidway] mirroring-group 1 mirroring-port Gigabitethernet1/1/1 inbound
1.1.6 mirroring-group monitor-port
Syntax
mirroring-group group-id monitor-port monitor-port

undo mirroring-group group-id monitor-port monitor-port
View
Parameter

monitor-port monitor-port: Specifies the destination port for port mirroring.
monitor-port is available in system view only, but not in Ethernet port view.
Description
Use the mirroring-group monitor-port command to configure the destination port.

Use the undo mirroring-group monitor-port to remove the configuration of the
destination port.
Note the following when you configure the destination port:
z LACP and TCP must be disabled on the destination port.

z The destination port for remote mirroring must be an Access port.
z After a port is configured as a reflector port, the switch does not allow you to
change the port type and its default VLAN ID.
Example
# Configure GigabitEthernet1/1/4 as the source port and monitor all packets received
via this port.
1-6
[Quidway] mirroring-group 1 monitor-port Gigabitethernet1/1/4
1.1.7 mirroring-group reflector-port
Syntax
mirroring-group group-id reflector-port reflector-port

undo mirroring-group group-id reflector-port reflector-port
View
Parameter

reflector-port reflector-port: Specifies the reflector port. reflector-port is available in
system view only, but not in Ethernet port view.
Description
Use the mirroring-group reflector-port command to specify the reflector port.

Use the undo mirroring-group reflector-port command to remove the configuration
of the reflector port..
Note the following when you configure the reflector port:
z The reflector port must be an Access port.

z LACP and TCP must be disabled on the reflector port.
z After a port is configured as a reflector port, the switch does not allow you to
change the port type and its default VLAN ID, or to add it to another VLAN.
z To mirror tagged packets, you need to configure VLAN VPN on the reflector port.
Example
# Configure GigabitEthernet1/1/2 as the reflector port.

[Quidway] mirroring-group 1 reflector-port GigabitEthernet1/1/2
1.1.8 mirroring-group remote-probe vlan
Syntax
mirroring-group group-id remote-probe vlan remote-probe-vlan-id
1-7
undo mirroring-group group-id remote-probe vlan remote-probe-vlan-id
View
System view
Parameter

remote-probe vlan remote-probe-vlan-id: Specifies the remote-probe VLAN for the
mirroring group.
Description
Use the mirroring-group remote-probe vlan command to specify the remote-probe

VLAN for a mirroring group.
Use the undo mirroring-group remote-probe vlan command to remove the
configuration of remote-probe VLAN for a mirroring group.
Example
# Configure VLAN 100 as the remote-probe VLAN.

[Quidway] mirroring-group 1 remote-probe vlan 100
1.1.9 mirroring-port
Syntax
mirroring-port { inbound | outbound | both }

undo mirroring-port
View
Ethernet port view
Parameter
inbound | outbound | both: Direction of mirrored packets. inbound: only mirrors the
packets received via the port; outbound: only mirrors the packets sent by the port;
both: mirrors all packets received and sent by the port.
Description
Use the mirroring-port command to configure a source port.

Use the undo mirroring-port command to remove the configuration of a source port.
Related command: display mirroring-group
1-8
Example
# Configure GigabitEthernet1/1/1 as the source port and mirror all packets received
and sent via this port.
[Quidway-GigabitEthernet1/1/1] mirroring-port both
1.1.10 monitor-port
Syntax
monitor-port
undo monitor-port
View
Ethernet port view
Parameter
None
Description
Use the monitor-port command to configure the destination port.

Use the undo monitor-port command to remove the configuration of a destination
port.
You can configure only one destination port on the switch; all mirrored packets will be
sent to the destination port.
Related command: display mirroring-group
Example
# Configure GigabitEthernet1/1/4 as the destination port.

1.1.11 remote-probe vlan
Syntax
remote-probe vlan enable

undo remote-probe vlan enable
1-9
View
VLAN view
Parameter
None
Description
Use the remote-probe vlan enable command to configure the current VLAN as the
remote-probe VLAN.
Use the undo remote-probe vlan enable command to configure the remote-probe
VLAN as a normal VLAN.
Before configuring the remote-probe VLAN, make sure that no Access or Hybrid port
belongs to this VLAN. If any Trunk port exists in this VLAN, the port PVID cannot be the
ID of remote-probe VLAN. After setting a VLAN as remote-probe VLAN, it is
recommended that you do not add Access or Hybrid port to the VLAN.
Example
# Configure VLAN 5 as remote-probe vlan.

[Quidway] vlan 5
[Quidway-vlan5] remote-probe vlan enable
1.2 Mirroring Commands of S3900-SI

1.2.1 display mirror
Syntax
Syntax
display mirror
View
Any view
Parameter
None
Description
Use the display mirror to display the port mirroring settings, including the monitor port,
monitored port and mirroring direction.
1-10
Example
# Display the port mirroring settings.

<Quidway> display mirror
Monitor-port:
Ethernet1/0/1
Mirroring-port:
Ethernet1/0/2 both
1.2.2 display qos-interface mirrored-to
Syntax
display qos-interface { interface-type interface-number | unit-id } mirrored-to
View
Any view
Parameter
interface-type interface-number: Port of the switch. If you enter this argument, the
switch will display the parameter settings of the specified port.
unit-id: Unit ID. If you enter this argument, the switch will display the parameter settings
on Unit.
Description
Use the display qos-interface mirrored-to command to display the parameter

settings of traffic mirroring.
Information displayed includes:
z Port name and action name of traffic mirroring
z Direction of traffic mirroring
z ACL for identifying traffics
z Destination port
Related command: mirrored-to
Example
# Display the parameter settings of traffic mirroring on Gigabitethernet1/1/1.

<Quidway> display qos-interface GigabitEthernet 1/1/1 mirrored-to
GigabitEthernet1/1/1: mirrored-to
Inbound:
Mirrored to: monitor interface
1-11
1.2.3 mirrored-to
Syntax
mirrored-to { inbound | outbound } acl-rule { monitor-interface | cpu }

undo mirrored-to inbound acl-rule
View
Ethernet port view
Parameter
inbound: Mirrors packets received on the port.

outbound: Mirrors packets sent on the port.
rules. Table 1-2describes the ACL combinations.

Apply all rules in an IP type ACL (either
a basic or an advanced ACL) ip-group acl-number
separately
Apply one rule in an IP type ACL
separately
Apply all rules in a Layer 2 ACL
separately
Apply one rule in a Layer 2 ACL
link-group acl-number rule rule-id
separately
separately
Apply all rules in a user-defined ACL
user-group acl-number rule rule-id
separately
Apply one rule in an IP type ACL and
one rule in a Layer 2 ACL
link-group acl-number rule rule-id
simultaneously
ip-group acl-number: ACL number of the basic or advanced ACL, ranging from 2000 to
3999.
link-group acl-numberr: ACL number of the Layer 2 ACL, ranging from 4000 to 4999.
user-group acl-number: ACL number of the user-defined ACL, ranging from 5000 to
5999.
1-12
rule rule-id: Rule number of the ACL rule, ranging from 0 to 65534. If this parameter is
not specified, all rules in the specified ACL will be applied.
monitor-interface: Mirrors traffics to the monitored interface.
cpu: Mirrors the data traffics to the CPU.
Description
Use the mirrored-to command to reference ACLs for identifying traffics and perform
traffic mirroring for packets that match.
Use the undo mirrored-to command to remove traffic mirroring configuration.
This command applies to the rules whose actions are permit in matching the specified
ACL.
LACP and TCP must be disabled on the destination port. Traffic mirroring does not
support aggregated synchronization and configuration copy.
Mirroring configuration takes effect only after a source port and a destination port are
specified.
Related command: display qos-interface mirrored-to, monitor-port
Example
# Mirror packets that match ACL 2000 on port GigabitEthernet1/1/1 to

GigabitEthernet1/1/4 through traffic mirroring.
[Quidway-GigabitEthernet1/1/4] quit
[Quidway-GigabitEthernet1/1/1] mirrored-to inbound ip-group 2000
monitor-interface
1.2.4 mirroring-port
Syntax
mirroring-port { inbound | outbound | both }

undo mirroring-port
View
Ethernet port view
1-13
Parameter
inbound | outbound | both: Direction of mirrored packets. inbound: only mirrors the
packets received via the port; outbound: only mirrors the packets sent by the port;
both: mirrors all packets received and sent by the port.
Description
Use the mirroring-port command to configure a source port.

Use the undo mirroring-port command to remove the configuration of a source port.
Related command: display mirror
Example
# Configure GigabitEthernet1/1/1 as the source port and mirror all packets received
and sent via this port.
[Quidway-GigabitEthernet1/1/1] mirroring-port both
1.2.5 monitor-port
Syntax
monitor-port
undo monitor-port
View
Ethernet port view
Parameter
None
Description
Use the monitor-port command to configure the destination port.

Use the undo monitor-port command to remove the configuration of the destination
port.
You can configure only one destination port on the switch; all mirrored packets will be
sent to the destination port.
Related command: display mirror
Example
# Configure GigabitEthernet1/1/4 as the destination port.
1-14
1-15
Command Manual – IRF Fabric
Table of Contents
Chapter 1 IRF Fabric Commands................................................................................................. 1-1

1.1 IRF Fabric Commands....................................................................................................... 1-1
1.1.1 change self-unit ....................................................................................................... 1-1
1.1.2 change unit-id.......................................................................................................... 1-1
1.1.3 display ftm ............................................................................................................... 1-3
1.1.4 display irf-fabric ....................................................................................................... 1-4
1.1.5 display rmon history unit ......................................................................................... 1-5
1.1.6 display rmon statistics unit ...................................................................................... 1-6
1.1.7 fabric save-unit-id .................................................................................................... 1-6
1.1.8 fabric-port enable .................................................................................................... 1-8
1.1.9 ftm fabric-vlan.......................................................................................................... 1-9
1.1.10 irf-fabric authentication-mode.............................................................................. 1-10
1.1.11 reset ftm statistics ............................................................................................... 1-10
1.1.12 set unit name....................................................................................................... 1-11
1.1.13 sysname .............................................................................................................. 1-12
i
Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 IRF Fabric Commands
Chapter 1 IRF Fabric Commands
1.1 IRF Fabric Commands

1.1.1 change self-unit
Syntax
change self-unit to { unit-id | auto-numbering }
View
System view
Parameter
unit-id: Unit ID to be set to.

auto-numbering: Changes the unit ID automatically.
Description
Use the change self-unit command to change the unit ID of the current switch. By
default, the unit ID of a switch that belongs to no IRF fabric is 1. After a switch is added
to an IRF fabric, the switch performs automatic numbering through FTM function. Unit
ID ranges from 1 to 8.
Note:
If you do not enable the fabric port, you cannot change the unit ID of the local switch.
Example
# Configure the uint ID of the current switch to be automatically numbered.

[Quidway] change self-unit to auto-numbering
1.1.2 change unit-id
Syntax
change unit-id unit-id1 to { unit-id2 | auto-numbering }
1-1
View
System view
Parameter
unit-id1: Current unit ID.

unit-id2: New unit ID.
auto-numbering: Change the unit ID automatically.
Description
Use the change unit-id command to configure the unit ID of a switch in an IRF fabric to
a new value. By default, when a switch is added to an IRF fabric, it uses the
automatically assigned unit ID.
z If the modified unit ID does not exist in the fabric, the system sets its priority to 5
and saves it in the unit Flash memory.
z If the modified unit ID is an existing one, the system prompt you to confirm if you
really want to change the unit ID. If you choose to change, the existing unit ID is
replaced and the priority is set to 5. Then you can use the fabric save-unit-id
command to save the modified unit ID into the unit Flash memory and clear the
information about the existing one.
z If auto-numbering is selected, the system sets the unit ID priority to 10. You can
use the fabric save-unit-id command to save the modified unit ID into the unit
Flash memory and clear the information about the existing one.
Note:
z Unit IDs in the fabric are not always arranged in order of 1 to 8.
z Unit IDs in an IRF fabric can be inconsecutive.
For the related command, see fabric save-unit-id.
Example
# Change the unit ID of the switch from 6 to 4. Use the display ftm command to display
information about each unit in the fabric.
<Quidway> display ftm topology-database
Total number of units in fabric : 2, My CPU ID : 6
UID CPU-Mac Priority Stack-Port Board-ID A/M
1 00e0-fc00-5002 10 /Right 1 A
2 00e0-fc03-5132 10 Left/ 1 A
3 00e0-fc04-5252 10 /Right 1 A
4 00e0-fc05-8922 10 Left/ 1 A
1-2
5 000f-cbb7-2142 10 /Right 1 A
*6 000f-cbb7-3264 10 Left/ 1 A
7 000f-cbb7-2260 10 /Right 1 A
8 000f-cbb7-2734 10 Left/ 1 A
[Quidway] change unit-id 1 to 2
The unit 2 already exists in fabric.
Continue? [Y/N] y
[Quidway]
%Apr 2 00:48:34:574 2000 Quidway FTM/3/DDPFLA:- 6 -Change unitid successful,
un
it 4 saved UnitID(4) in flash!
<Quidway>display ftm topology-database
Total number of units in fabric : 2, My Unit ID : 4
1 00e0-fc00-5002 10 /Right 1 A
2 00e0-fc03-5132 10 Left/ 1 A
3 00e0-fc04-5252 10 /Right 1 A
*4 000f-cbb7-3264 5 Left/ 1 A
5 000f-cbb7-2142 10 /Right 1 A
6 00e0-fc05-8922 10 Left/ 1 A
7 000f-cbb7-2260 10 /Right 1 A
8 000f-cbb7-2734 10 Left/ 1 A
From the above example, you can see the original unit ID of the device with MAC
address 000f-cbb7-3264 is 6. After the configuration, this unit ID changes to 4, and the
priority of the device changes to 5.
1.1.3 display ftm
Syntax
display ftm{ information | topology-database }
View
System view
Parameter
Information: Displays the FTM protocol information, including DDP status, unit ID, link
status of the fabric, status of the fabric port, and DDP packets statistics.
topology-database: Displays the topology database information of the fabric.
1-3
Description
Use the display ftm command to display the protocol information or the topology
database information of the current fabric.
Example
# Display the FTM protocol information of the switch.

<Quidway> display ftm information
FTM State : HB STATE
Unit ID : 2 (FTM-Master)
Fabric Type : Line

Fabric Auth : NONE
Fabric Vlan ID : 4093
Left Port : Disable
Right Port : Normal
Advertise : Send = 5, Receive = 3

Advertise ACK : Send = 0, Receive = 5
Heart Beat : Send = 20, Receive = 0
Left Port : Index = 255, IsEdge = 0

Right Port : Index = 25, IsEdge = 0
Units Num Left : 1

Units Num Right : 2
Units Num Backup: 2
1.1.4 display irf-fabric
Syntax
display irf-fabric [ port | status ]
View
Any view
Parameter
port : Displays the fabric port information.

status: Displays operation status of the current fabric, including fabric name and unit
ID.
1-4
Description
Use the display irf-fabric command to view the information of the entire fabric,
including unit ID, unit name, and operation mode of the system. If the fabric information
is displayed on the Console port of a device, an asterisk (*) will be added to the unit ID
of the current device.
Example
# Display fabric information on the Console port of unit 1.

<Quidway> display irf-fabric
Fabric name is Quidway, system mode is L3.
Unit Name Unit ID
First 1(*)
# Display fabric operation status on the Console port of unit 1.

<Quidway> display irf-fabric status
Unit Name Unit ID Status
First 1(*) Master
1.1.5 display rmon history unit
Syntax
display rmon history unit unit-id
View
Any view
Parameter
unit-id: Unit ID of a device in an IRF fabric.
Description
Use the display rmon history unit command to collect RMON history data of the local
device or other devices in the fabric.
Related command: rmon history.
Example
# Display the RMON history data of unit 3.

<Quidway> display rmon history unit 3
1-5
1.1.6 display rmon statistics unit
Syntax
display rmon statistics unit unit-id
View
Any view
Parameter
unit-id: Unit ID of a device in an IRF fabric.
Description
Use the display rmon statistics unit command to collect RMON statistics data of the
local device or other devices in the fabric.
Related command: rmon statistics.
Example
# Display the RMON statistics data of unit 2.

<Quidway> display rmon statistics unit 2
1.1.7 fabric save-unit-id
Syntax
fabric save-unit-id
undo fabric save-unit-id
View
User view
Parameter
None
Description
Use the fabric save-unit-id command to save the unit IDs of all the units in an IRF
fabric into the unit Flash. This command also sets the priority to 5.
Use the undo fabric save-unit-id command to remove the saved unit IDs. This
command also restores unit ID priority to 10.
Example
# Save the unit IDs of all the units in an IRF fabric to the unit Flash memory.
1-6

*1 00e0-fc00-5002 10 /Right 1 A
2 00e0-fc03-5132 10 Left/ 1 A
3 00e0-fc04-5252 10 /Right 1 A
4 00e0-fc05-8922 10 Left/ 1 A
5 000f-cbb7-2142 10 /Right 1 A
6 000f-cbb7-3264 10 Left/ 1 A
7 000f-cbb7-2260 10 /Right 1 A
8 000f-cbb7-2734 10 Left/ 1 A
<Quidway> fabric save-unit-id
The unit ID will be saved to the device.
Are you sure? [Y/N] y
%Apr 2 02:13:44:413 2000 3900 FTM/3/DDPFLA:- 4 -Save self unitid, unit 4 sav
ed UnitID(4) in flash!
Unit 1 saved unit ID successfully.
<Quidway>display ftm topology-database
*1 00e0-fc00-5002 5 /Right 1 M
2 00e0-fc03-5132 5 Left/ 1 M
3 00e0-fc04-5252 5 /Right 1 M
4 00e0-fc05-8922 5 Left/ 1 M
5 000f-cbb7-2142 5 /Right 1 M
6 000f-cbb7-3264 5 Left/ 1 M
7 000f-cbb7-2260 5 /Right 1 M
8 000f-cbb7-2734 5 Left/ 1 M
From the above example, you can see the priority of each unit change from 10 to 5, and
the numbering mode change from A (automatic numbering) to M (manual numbering).
# Remove the saved unit ID of each unit.
<Quidway> undo fabric save-unit-id
The saved unit ID will be erased.
Unit 1 removed unit ID successfully.
1-7
%Apr 2 19:43:24:368 2000 Quidway FTM/3/FTMCHIDAUTO:- 1 -Change unitid to auto

successful, unit 1 removed UnitID from flash!
*1 00e0-fc00-5002 10 /Right 1 A
2 00e0-fc03-5132 10 Left/ 1 A
3 00e0-fc04-5252 10 /Right 1 A
4 00e0-fc05-8922 10 Left/ 1 A
5 000f-cbb7-2142 10 /Right 1 A
6 000f-cbb7-3264 10 Left/ 1 A
7 000f-cbb7-2260 10 /Right 1 A
8 000f-cbb7-2734 10 Left/ 1 A
From the above example, you can see the priority of each unit restores to 10 and the
numbering mode changes from M (manual numbering) to A (automatic numbering).
1.1.8 fabric-port enable
Syntax
fabric-port interface-type interface-number enable

undo fabric-port interface-type interface-number enable
View
System view
Parameter
interface-type: Type of the port to be configured as a fabric port. Note that only
GigabitEthernet ports can be configured as fabric ports.
interface-number: Number of the port to be configured as a fabric port.
Description
Use the fabric-port enable command to configure a specified port as a fabric port.
Use the undo fabric-port enable command to disable the fabric port function for a port.
When the last fabric port on a switch is disabled, the fabric function is disabled globally.
1-8
Note:
z Establishing an IRF system requires a high consistency of the configuration of each
device. Hence, before you enable the fabric port, do not perform any configuration
for the port, and do not enable some functions that affect the IRF (such as
TACACAS and VLAN-VPN) for other ports or globally. Otherwise, you cannot
enable the fabric port. Refer to the error information output by devices for the detail
restricts.
z When you have enable fabric port function for a fabric port group, if you need to
change the fabric port group, you must disable the fabric function of the current
fabric port group before you execute the enable command on another group.
Otherwise, the system will prompt that the current fabric port group is in use, you
cannot change the fabric port group.
Example
# Set GigabitEthernet1/1/3 port as a fabric port.

[Quidway] fabric-port GigabitEthernet1/1/3 enable
1.1.9 ftm fabric-vlan
Syntax
ftm fabric-vlan vlan-id

undo ftm fabric-vlan
View
System view
Parameter
vlan-id: ID of the IRF fabric VLAN, in the range of 2 to 4094 By default, the number of
the IRF Fabric VLAN is 4093.
Description
Use the ftm fabric-vlan command to specify the VLAN that the switch uses for IRF
fabric.
Use the undo ftm fabric-vlan command to restore the default VLAN.
You need to specify the IRF fabric VLAN before the IRF fabric is established. Moreover,
the VLAN you specified must be the one that has not been created.
1-9
Example
# Specify VLAN 2 of the switch as an IRF fabric VLAN .

[Quidway] ftm fabric-vlan 2
1.1.10 irf-fabric authentication-mode
Syntax
irf-fabric authentication-mode { simple password | md5 key }

View
System view
Parameter
simple: Uses simple authentication mode.

password: Password for fabric authentication, a string comprising of 1 to 16 characters.
md5: Uses MD5 encryption authentication mode.
key: MD5 key, a string comprising of 1 to 16 characters.
Description
Use the irf-fabric authentication-mode command to configure the authentication

mode for an IRF fabric.
Use the undo irf-fabric authentication-mode command to cancel the IRF fabric
authentication configuration.
By default, no authentication mode is configured on a switch.
Example
# Set the authentication mode of the IRF fabric to simple, with the password "hello".
[Quidway] irf-fabric authentication-mode simple hello
1.1.11 reset ftm statistics
Syntax
reset ftm statistics
1-10
View
User view
Parameter
None
Description
Use the reset ftm statistics command to clear FTM statistics.
Example
# Clear FTM statistics.

<Quidway> reset ftm statistics
1.1.12 set unit name
Syntax
set unit unit-id name unit-name
View
System view
Parameter
unit-id: Unit ID of a device.

unit-name: Unit name to be set, a string comprising of 1 to 64 characters.
Description
Use the set unit name command to set a name for a device.
Example
# Set the name “hello” for the device with unit ID 1.

Fabric name(HostName): Quidway, Fabric authentication: md5
Fabric mode : L3, number of units in stack : 2.
Unit Name Unit ID
First 1
Second 2(*)
[Quidway] set unit 1 name hello
[Quidway] display irf-fabric
Fabric name(HostName): Quidway, Fabric authentication: md5
Fabric mode : L3, number of units in stack : 2.
Unit Name Unit ID
1-11
Hello 1
Second 2(*)
1.1.13 sysname
Syntax
sysname sysname
undo sysname
View
System view
Parameter
sysname: Fabric name to be set, a string comprising of 1 to 30 characters. By default,

the fabric name of an S3900 Series Ethernet switch is Quidway.
Description
Use the sysname command to set the name for the fabric where the current device
belongs. The modification will affect the prompt character in the command line interface.
For example, if the fabric name of the Ethernet switch is Quidway, the prompt character
in user view is <Quidway>.
Use the undo sysname command to restore the default fabric name.
Example
# Change the fabric name of the device to “hello”.

Unit Name Unit ID
First 1
Second 2(*)
[Quidway] sysname hello
[hello] display irf-fabric
Fabric name is hello, system mode is L3.
Unit Name Unit ID
First 1
Second 2(*)
1-12
Command Manual – Cluster
Table of Contents
Chapter 1 HGMPv2 Configuration Commands........................................................................... 1-1

1.1 NDP Configuration Commands ......................................................................................... 1-1
1.1.1 display ndp .............................................................................................................. 1-1
1.1.2 ndp enable............................................................................................................... 1-4
1.1.3 ndp timer aging........................................................................................................ 1-4
1.1.4 ndp timer hello......................................................................................................... 1-5
1.1.5 reset ndp statistics .................................................................................................. 1-6
1.2 NTDP Configuration Commands ....................................................................................... 1-7
1.2.1 display ntdp ............................................................................................................. 1-7
1.2.2 display ntdp device-list ............................................................................................ 1-8
1.2.3 ntdp enable............................................................................................................ 1-10
1.2.4 ntdp explore........................................................................................................... 1-11
1.2.5 ntdp hop ................................................................................................................ 1-12
1.2.6 ntdp timer .............................................................................................................. 1-12
1.2.7 ntdp timer hop-delay ............................................................................................. 1-13
1.2.8 ntdp timer port-delay ............................................................................................. 1-14
1.3 Cluster Configuration Commands.................................................................................... 1-15
1.3.1 add-member .......................................................................................................... 1-15
1.3.2 administrator-address ........................................................................................... 1-16
1.3.3 auto-build............................................................................................................... 1-17
1.3.4 build....................................................................................................................... 1-18
1.3.5 cluster.................................................................................................................... 1-20
1.3.6 cluster enable ........................................................................................................ 1-21
1.3.7 cluster switch-to..................................................................................................... 1-22
1.3.8 cluster-mac............................................................................................................ 1-23
1.3.9 cluster-mac syn-interval ........................................................................................ 1-23
1.3.10 delete-member .................................................................................................... 1-24
1.3.11 display cluster...................................................................................................... 1-25
1.3.12 display cluster candidates ................................................................................... 1-26
1.3.13 display cluster members ..................................................................................... 1-28
1.3.14 ftp cluster............................................................................................................. 1-31
1.3.15 ftp-server ............................................................................................................. 1-31
1.3.16 holdtime............................................................................................................... 1-32
1.3.17 ip-pool.................................................................................................................. 1-33
1.3.18 logging-host......................................................................................................... 1-34
1.3.19 management-vlan ............................................................................................... 1-34
1.3.20 nm-interface Vlan-interface ................................................................................. 1-35
1.3.21 reboot member .................................................................................................... 1-36
i
1.3.22 snmp-host............................................................................................................ 1-37

1.3.23 tftp cluster get...................................................................................................... 1-38
1.3.24 tftp cluster put...................................................................................................... 1-38
1.3.25 tftp-server ............................................................................................................ 1-39
1.3.26 timer .................................................................................................................... 1-40
ii
Quidway S3100 Series Ethernet Switches-Release 1510 Chapter 1 HGMPv2 Configuration Commands
Chapter 1 HGMPv2 Configuration Commands
1.1 NDP Configuration Commands

1.1.1 display ndp
Syntax
display ndp [ interface port-list ]
View
Any view
Parameter
interface port-list: Specifies a list of ports. The list can contain consecutive or
separated ports, or the combination of the both. You need to provide the port-list
argument in the form of interface-type interface-number [ to interface-type
interface-number ] &<1-10>, where interface-type specifies the port type, and
interface-number specifies the port number (in the form of slot number/port number).to:
Specifies a port range. &<1-10> means that you can provide up to ten port indexes/port
index ranges for this argument.
Description
Use the display ndp command to display the global NDP configuration information,
including the interval to send NDP packets, the holdtime of NDP information, and the
information about the neighbors of all the ports.
Example
# Display NDP configuration information.

<aaa_0.Quidway> display ndp
Neighbor Discovery Protocol is enabled.
Neighbor Discovery Protocol Ver: 1, Hello Timer: 60(s), Aging Timer: 180(s)
Status: Enabled, Pkts Snd: 15835, Pkts Rvd: 2879, Pkts Err: 0
1-1
# Display the information about the Ethernet 1/0/1 port.

<aaa_0.Quidway> display ndp interface Ethernet 1/0/1
Neighbor 1: Aging Time: 147(s)
MAC Address : 00e0-fc00-3900
Port Name : Ethernet1/0/1
Software Ver: V100R002B01D001
1-2
Device Name : Quidway S3928

Port Duplex : AUTO
Product Ver : 3900-001
Table 1-1 Description on the fields of the display ndp command

Field Description
Neighbor Discovery Protocol

NDP is enabled globally on the switch
is enabled
Neighbor Discovery Protocol
NDP version 1 is running
Ver: 1
Hello Timer The interval to send NDP packets
The holdtime of the NDP information
Aging Timer
sent by the local switch
Interface Port index to specify a specific port
Status NDP is enabled on the port
Number of the NDP packets
Pkts Snd
transmitted through the port
Number of the NDP packets received
Pkts Rvd
through the port
Number of the error NDP packets
Pkts Err
received through the port
The holdtime of the NDP information
Neighbor 1: Aging Time received from the neighbors
connected to the port
MAC Address MAC address of a neighbor device
Port Name Port name of a neighbor device
Software Ver Neighbor device software version
Device Name Device name of a neighbor device
Port Duplex Port duplex mode of a neighbor device
Product Ver Product version of a neighbor device
1-3
1.1.2 ndp enable
Syntax
ndp enable [ interface port-list ]

undo ndp enable [ interface port-list ]
View
Parameter
Description
Use the ndp enable command to enable NDP globally or on a port.

Use the undo ndp enable command to disable NDP globally or on a port.
When the ndp enable command is executed in system view, the NDP feature is
enabled globally if the port-list argument is not specified, while the NDP feature is
enabled on the specified port if the port-list argument is specified. When the ndp
enable command is executed in Ethernet port view, the NDP parameters cannot be
entered and the NDP feature can be enabled on the current port only.
By default, NDP is enabled both globally and on an Ethernet port.
Note that the NDP feature on a port does not take effect until the NDP feature is
enabled globally.
Example
# Enable NDP globally.

[Quidway] ndp enable
1.1.3 ndp timer aging
Syntax
ndp timer aging aging-in-secs
1-4
undo ndp timer aging
View
System view
Parameter
aging-in-secs: Holdtime (in seconds) to be set of the NDP information sent by the local
switch. This argument ranges from 5 to 255.
The default holdtime is 180 seconds.
Description
Use the ndp timer aging command to set the holdtime of the NDP information sent by
the local switch, that is, to specify how long a device will hold the NDP packets received
from the local device. After the aging timer expires, the device removes the received
NDP neighbor node information.
Use the undo timer aging command to restore the default NDP information holdtime.
You can specify how long an adjacent device will hold the NDP information sent by the
local device. An adjacent device holds the NDP information of the local switch
according to the holdtime carried in the NDP packets received from the local switch and
removes the NDP information when the aging timer expires.
Note that NDP information holdtime is longer than the interval to send NDP packets
normally. Otherwise, the neighbor information table of an NDP port will become
unstable.
Example
# Configure the holdtime of the NDP information sent by the local switch to be 60
seconds.
[Quidway] ndp timer aging 60
1.1.4 ndp timer hello
Syntax
ndp timer hello timer-in-seconds

undo ndp timer hello
View
System view
1-5
Parameter
timer-in-seconds: Interval (in seconds) to send NDP packets ranging from 5 to 254. By
default, the interval to send NDP packets is 60 seconds.
Description
Use the ndp timer hello command to set the interval to send NDP packets.
Use the undo ndp timer hello command to restore the default interval to send NDP
packets.
NDP information in a neighbor information table is updated regularly. This enables
neighbor information table to contain the actual network topology information. You can
use these two commands to adjust the updating frequency of NDP information.
Note that the valid reservation duration of NDP information is larger than the NDP send
interval. Otherwise, it may cause that the NDP neighbor information table becomes
unstable.
Example
# Configure the interval to send NDP packets to be 80 seconds.

[Quidway] ndp timer hello 80
1.1.5 reset ndp statistics
Syntax
reset ndp statistics [ interface port-list ]
View
User view
Parameter
Description
Use the reset ndp statistics command to clear NDP statistics.
1-6
Example
# Clear NDP statistics.

<Quidway> reset ndp statistics
1.2 NTDP Configuration Commands

1.2.1 display ntdp
Syntax
display ntdp
View
Any view
Parameter
None
Description
Use the display ntdp command to display the global NTDP information. The
information includes the range (in hop count) within which topology information is
collected, the interval to collect topology information (the NTDP timer), the delay time
for a device to forward topology-collection requests, the delay time for a
topology-collection request to be forwarded through a port, and the time cost during the
last topology collection.
Example
# Display the global NTDP information.

<Quidway> display ntdp
NTDP is running.
Hops : 4
Timer : 0 min(disable)
Hop Delay : 100 ms
Port Delay: 10 ms
Last collection total time: 92ms
Table 1-2 Description on the fields of the display ntdp command

Field Description
NTDP is running. NTDP is enabled globally on the local device.

Hops Hop count for topology collection
1-7
Field Description
Interval to collect topology information

Timer (disable) means that the device is not the
command switch and does not perform
periodical topology collection
Delay time for the device to forward topology
Hop Delay
collection requests
Delay time for a topology-collection request
Port Delay
to be forwarded through a port
Last collection total
Time cost during the last collection
time
1.2.2 display ntdp device-list
Syntax
display ntdp device-list [ verbose ]
View
Any view
Parameter
verbose: Displays the detailed device information.
Description
Use the display ntdp device-list command to display the device information collected
through NTDP.
Example
# Display the device list collected through NTDP.

<Quidway> display ntdp device-list
MAC HOP IP PLATFORM
00e0-fc00-3901 0 100.100.1.1/24 S3900
00e0-fc00-3190 1 16.1.1.1/24 S3900
Table 1-3 Description on the fields of the display ntdp device-list

command
Field Description
MAC MAC address of a device
1-8
Field Description
HOP Hops to the collecting device

PLATFORM Platform information about a device
IP address and mask length of the
IP
management VLAN interface on the device
# Display the detailed device information collected through NTDP.

<Quidway> display ntdp device-list verbose
Hostname : Quidway
MAC : 00e0-fc00-3900
Hop : 0
Platform : S3900
IP : 100.100.1.1/24
Version :
Huawei Versatile Routing Platform Software
VRP (tm) Software, Version 3.10
Copyright (c) 1998-2006 Huawei Tech. Co.,Ltd. All rights reserved.
S3900 3900-0002
Cluster : Candidate switch
Peer MAC Peer Port ID Native Port ID Speed Duplex

00e0-fc00-3190 Ethernet1/0/22 Ethernet3/0/21 100 FULL
--------------------------------------------------------------------------
---
Hostname : 3900-3
MAC : 00e0-fc00-3190
Hop : 1
Platform : S3900
IP : 16.1.1.1/24
Version :
S3900 3900-0002
Cluster : Candidate switch
Peer MAC Peer Port ID Native Port ID Speed Duplex
1-9
00e0-fc00-3900 Ethernet3/0/21 Ethernet1/0/22 100 FULL

5600-0000-3334 GigabitEthernet1/0/32 Ethernet1/0/4 100 FULL
Table 1-4 Description on the fields of the display ntdp device-list

verbose command
Field Description
Hostname System name of the device

MAC Mac address of the device
Number of hops from the device to the device
Hop
which launches the topology collection
Platform Software platform of the device
IP address of the cluster management VLAN
IP
interface on the device
Version Version of the device
Cluster The role of the device in the cluster
Peer MAC MAC address of a neighbor device
Name of the local port which a neighbor device is
Native Port ID
connected to
Peer Port ID Name of the peer port connected to the local port
Speed Speed of the neighbor device port
Duplex Duplex mode of the neighbor device port
1.2.3 ntdp enable
Syntax
ntdp enable
undo ntdp enable
View
Parameter
None
1-10
Description
Use the ntdp enable command to enable NTDP globally or on a port.

Use the undo ntdp enable command to disable NTDP globally or on a port.
By default, NTDP is enabled globally and on ports.
Note that the NDTP cannot operate if it is enabled on a port where NDP is disabled.
Example
# Enable NTDP globally on the switch.

[Quidway] ntdp enable
1.2.4 ntdp explore
Syntax
ntdp explore
View
User view
Parameter
None
Description
Use the ntdp explore command to start topology information collection manually.
Normally, NTDP collects network topology information periodically. You can also start
topology information collection manually whenever needed by executing this command.
When you execute this command, NTDP collects the NDP information of every device
and the information about the connections between the local switch and all of its
neighbor switches in the specified network scope. The information is useful for the
management device or network management system to acquire the network topology
and to manage and monitor the devices.
Example
# Start the topology collection.

<Quidway> ntdp explore
1-11
1.2.5 ntdp hop
Syntax
ntdp hop hop-value

undo ntdp hop
View
System view
Parameter
hop-value: Maximum hops for collecting topology information, ranging from 1 to 16. By
default, the value is 3.
Description
Use the ntdp hop command to set a range (in terms of hop count) for topology
information collection.
Use the undo ntdp hop command to restore the default range for topology information
collection.
With the ntdp hop command, you can specify to collect the topology information of the
devices within a specified range to avoid infinitive collection. The limit is performed by
controlling the permitted hops from collection origination. For example, if you set the
hop number limit to 2, only the switches less than 2 hops away from the switch starting
the topology collection are collected.
Note that this command is only applicable to the topology-collecting device. A broader
collection scope requires more memory of the topology-collecting device.
Example
# Set the hop count for topology information collection to 5.

<aaa_0.Quidway> system-view
[aaa_0.Quidway] ntdp hop 5
1.2.6 ntdp timer
Syntax
ntdp timer interval-in- minutes

undo ntdp timer
View
System view
1-12
Parameter
interval-in- minutes: Interval (in minutes) to collect topology information, ranging from 0
to 65,535. This argument defaults to 0, which specifies not to collect topology
information.
Description
Use the ntdp timer command to configure the interval to collect topology information.
Use the undo ntdp timer command to restore the default interval.
B y default, the interval to collect topology information is 1 minute.
A switch collects topology information once in each period set by the ntdp timer
command.
Note that:
z The (disable) prompt in the timer field of the display ntdp command means that
the device is not the member of the cluster and does not perform periodical
topology collection.
z After the cluster is set up, the S3900 switch will collect the topology information in
the network at the set interval and add the detected candidate switches into the
cluster automatically.
z If it is unnecessary to add the candidate switches into the cluster automatically,
you can set the interval of topology collection to 0.
Example
# Set the interval to collect topology information to 30 minutes.

[aaa_0.Quidway] ntdp timer 30
1.2.7 ntdp timer hop-delay
Syntax
ntdp timer hop-delay time

undo ntdp timer hop-delay
View
System view
Parameter
time: Delay time (in milliseconds) for a switch to forward topology-collection request
packets. This argument ranges from 1 to 1,000 and defaults to 200.
1-13
Description
Use the ntdp timer hop-delay command to set the delay time for a switch to forward
topology-collection request packets.
Use the undo ntdp timer hop-delay command to restore the default delay time.
To avoid network congestion caused by large amount of topology response packets
received in short periods, a switch delays for specific period before it forwards a
received topology-collection request packet through its first ports. You can use the ntdp
timer hop-delay command to set the delay time.
These two commands are intended for switches that collect topology information. They
actually set the hop-delay value for topology-collection request packets sent by these
switches. The hop-delay value determines the delay time for a switch receiving
topology-collection request packets to forward them through its first port.
Example
# Set the delay time for the switch to forward topology-collection request packets
through the first port to 300 ms.
[aaa_0.Quidway] ntdp timer hop-delay 300
1.2.8 ntdp timer port-delay
Syntax
ntdp timer port-delay time

undo ntdp timer port-delay
View
System view
Parameter
time: Delay time (in milliseconds) for a switch to forward a topology-collection request
packet through its successive ports. This argument ranges from 1 to 100 and defaults to
20.
Description
Use the ntdp timer port-delay command to set the delay time for a switch to forward a
received topology-collection request packet through its successive ports. A switch
forwards received topology request packets to all its ports in turn. After forwarding a
received topology-collection request packet through one port, the switch delays for
specific period before it forwards the packet through the next port.
1-14
Use the undo ntdp timer port-delay command to restore the default delay time.
To avoid network congestion caused by large amount of topology response packets
received in short periods, a switch delays for specific period before it forwards a
received topology-collection request packet through the next port. You can use the
ntdp timer port-delay command to set the delay time.
These two commands are intended for switches that collect topology information. They
actually set the port-delay value for topology-collection request packets sent by these
switches. The port-delay value determines the delay time for a switch receiving
topology-collection request packets to forward them through the next port.
Example
# Set the delay time for the switch to forward topology-collection request packets
through the successive ports to 40 ms.
[aaa_0.Quidway] ntdp timer port-delay 40
1.3 Cluster Configuration Commands

1.3.1 add-member
Syntax
add-member [ member- number] mac-address H-H-H [ password password ]
View
Cluster view
Parameter
member-number: Member number assigned to the candidate device to be added to a

cluster. This argument ranges from 1 to 255.
H-H-H: MAC address of the candidate device (in hexadecimal).
password: Password of the candidate device, a string comprising 1 to 256 characters.
The password is required when you add a candidate device to a cluster. However, this
argument is not needed if the candidate device is not configured with a password.
Description
Use the add-member command to add a candidate device to a cluster.

You can add a candidate device to a cluster on the management device only.
If you do not specify the member number when adding a cluster member, the
management device assigns the least available member number to it.
1-15
After a candidate device is added to a cluster, its device password becomes the
management device password.
Note that:
After the cluster is set up, the S3900 switch will collect the topology information of the
network at the set interval and add the detected candidate devices into the cluster
automatically. If it is unnecessary to add the candidate switches into the cluster
automatically, you can set the interval of topology collection to 0, that is, topology
collection is not performed periodically.
Example
# Add a candidate device to the cluster, setting the member number to 6. (Assume that
the MAC address and user password of the candidate device are 00E0-fc00-35e7 and
123456.)
[aaa_0.Quidway] cluster
[aaa_0.Quidway-cluster] add-member 6 mac-address 00E0-fc00-35e7 password
123456
1.3.2 administrator-address
Syntax
administrator-address mac-address name name

undo administrator-address
View
Cluster view
Parameter
mac-address: MAC address of the management device.

name name: Name of an existing cluster, a string comprising up to 8 characters, which
can only be alphanumeric characters, subtraction sign (-), and underline (_).
Description
Use the administrator-address command to set the MAC address of the management
device on a member device.
Use the undo administrator-address command to remove a member device from the
cluster, usually for debugging or restoration.
By default, a switch belongs to no cluster.
1-16
A cluster contains one (and only one) management device. After rebooting, a member
device identifies the management device by the MAC address of the management
device.
You are recommended to use the delete-member command to remove a cluster
member from a cluster on the management device.
Example
# Remove a member device from the cluster.

[aaa_1.Quidway] undo administrator-address
1.3.3 auto-build
Syntax
auto-build [ recover ]
View
Cluster view
Parameter
recover: Establishes communication with all the member devices again.
Description
Use the auto-build command to build a cluster automatically.

This command can be executed on a candidate device or a management device.
When you use this command on a candidate device, you will be required to enter the
cluster name and build a cluster. Then the system will collect candidates and add the
collected candidates into the cluster automatically.
When you use this command on a management device, the system will collect
candidates directly and add them into the cluster automatically.
The recover keyword is used to recover a cluster. Using the auto-build recover
command, you can find the members that are not currently in the member list and add
them to the cluster again.
Note: Ensure that NTDP is enabled, because it is the basis of candidate and member
collection. The collection range is also decided through NTDP. You can use the hop
command in system view to modify the collection range.
1-17
If a member is configured with a password different from the password of the

management device, it cannot be added to the cluster automatically.
Example
# Set up a cluster automatically.

[Quidway] cluster
[Quidway-cluster] auto-build
Please input cluster name:aaa

Collecting candidate list, please wait...
Candidate list:
Name Hops MAC Address Device

Processing...please wait
Cluster auto-build Finish!
0 member(s) added successfully.
[aaa_0.Quidway-cluster]
1.3.4 build
Syntax
build name
undo build
View
Cluster view
Parameter
name: Cluster name, a string comprising up to 8 characters, which can only be

alphanumeric characters, subtraction sign (-), and underline (_).
Description
Use the build command to configure or modify the cluster name.

Use the undo build command to remove a cluster.
If the build command is executed on the candidate device, the current switch will be
configured as the management device and assigned with a cluster name.
1-18
If the build command is executed on the management device, the cluster name will be
modified.
The member number of a management device is 0.
Example
# Configure the current switch to be a management device and specify the cluster
name to be aaa.
[Quidway] cluster
[Quidway-cluster] build aaa
1-19
Note:
To protect the unused sockets against malicious attacks and improve the switch
security, S3900 series Ethernet switches provide the following function:
z When the cluster function is enabled, socket UDP 40000 used by the cluster is
enabled;
z When the cluster function is disabled, socket UDP 40000 is disabled at the same
time.
This function is implemented on the command switch in the following scenarios:
z Use the build command or the auto-build command to create a cluster and enable
socket UDP 40000 used by the cluster at the same time.
z Use the undo build command or the undo cluster enable command to remove a
cluster and disable socket UDP 40000 at the same time.
This function is implemented on the member switch in the following scenarios:
z Use the add-member command on the management device to add a candidate
switch into the cluster and enable socket UDP 40000 of the new member.
z Use the auto-build command on the management device to add a candidate switch
into the cluster and enable socket UDP 40000 of the new member.
z Use the administrator-address command on the current switch to enable socket
UDP 40000.
z Use the delete-member command on the management device to delete a cluster
member and disable socket UDP 40000 of the member switch.
z Use the undo build command on the management device to delete a cluster and
disable sockets UDP 40000 of all the cluster members.
z Use the undo administrator-address command on a member switch to disable
socket UDP 40000 of the member switch.
1.3.5 cluster
Syntax
cluster
View
System view
Parameter
None
Description
Use the cluster command to enter cluster view.
1-20
Example
# Enter cluster view.

[Quidway] cluster
[Quidway-cluster]
1.3.6 cluster enable
Syntax
cluster enable
undo cluster enable
View
System view
Parameter
None
Description
Use the cluster enable command to enable the cluster function on a switch.
Use the undo cluster enable command to disable the cluster function on a switch.
By default, the cluster function is enabled on all the devices supporting cluster.
You need to create a cluster with the build command before using the cluster enable
command on the management device.
These two commands can be used on any device supporting the cluster function.
When you execute the undo cluster enable command on a management device, the
cluster is removed, and the switch stop operating as a management device. When you
execute this command on a member device, the cluster function is disabled on the
switch, and the switch quit the cluster. When you execute this command on a switch
that belongs to no cluster, the cluster function is disabled on the switch.
Example
# Enable the cluster function on a switch.

[Quidway] cluster enable
1-21
1.3.7 cluster switch-to
Syntax
cluster switch-to { member-number | mac-address H-H-H | administrator }
View
User view
Parameter
member-number: Member number of a switch in a cluster, ranging from 0 to 255.

mac-address H-H-H: Specifies the MAC address of a member device.
administrator: Redirects from a member device to the management device.
Description
Use the cluster switch-to command to switch between the management device and
member devices for configuration and management.
You can manage member devices in a cluster through the management device, on
which you can switch to member view to configure or manage specified member
devices, and then switch back to the management device.
z Authentication is performed when you switch from the management device to a
member device. Upon passing the member device authentication, you will switch
to the member device for configuration. If the password of the member device is
different from that of the management device, the switchover is rejected.
z The view will be inherited from the management device when you switch to a
member device from the management device. For example, user view remains
unchanged after you switch from the management device to a member device.
z Authentication is also performed when you switch from a member device to the
management device. After passing the authentication, you will enter user view
automatically.
When you execute this command on the management device with the member-number
argument provided, an error occurs if the member device identified by the
member-number argument does not exist. You can enter quit to cancel the switchover
operation.
Example
# Switch from the management device to the member device numbered 6 and then
switch back to the management device.
<aaa_0.Quidway> cluster switch-to 6
<aaa_0.Quidway> quit
<aaa_0.Quidway>
1-22
1.3.8 cluster-mac
Syntax
cluster-mac H-H-H
View
Cluster view
Parameter
H-H-H: Multicast MAC address (in hexadecimal), which can be 0180-C200-0000,

0180-C200-000A, and 0180-C200-0020 through 0180-C200-002F.
Description
Use the cluster-mac command to configure a multicast MAC address for cluster
management.
By default, the multicast MAC address is 0180-C200-000A.
Execute this command on management devices only.
Multicast MAC addresses enable the member devices of a cluster to receive multicast
information delivered by the management device, and thus multicast information
sending function is implemented on the management device.
Example
# Configure the multicast MAC address of the management device to be

0180-C200-0028.
[aaa_0.Quidway-cluster] cluster-mac 0180-C200-0028
1.3.9 cluster-mac syn-interval
Syntax
cluster-mac syn-interval time-interval
View
Cluster view
Parameter
time-interval: Interval (in minutes) to send multicast packets.
1-23
Description
Use the cluster-mac syn-interval command to set the interval for a management
device to send multicast packets. Execute this command on management devices only.
When the interval is set to 0, the management device does not send multicast packets
to member devices.
Example
# Set the interval to send multicast packets to 1 minute.

[aaa_0.Quidway-cluster] cluster-mac syn-interval 1
1.3.10 delete-member
Syntax
delete-member member-number
View
Cluster view
Parameter
Description
Use the delete-member command to remove a member device from the cluster.
Perform the operation to remove a member device from a cluster on the management
device only. Otherwise, errors occur.
Example
# Remove the member device numbered 2 from the cluster.

[aaa_0.Quidway-cluster] delete-member 2
1-24
1.3.11 display cluster
Syntax
display cluster
View
Any view
Parameter
None
Description
Use the display cluster command to display the state and statistics of the cluster to
which the current switch belongs.
When being executed on a member device, this command displays the information
such as cluster name, member number of the current switch, the MAC address and
state of the management device, holdtime, and the interval to send packets.
When being executed on a management device, this command displays the
information such as cluster name, the number of the member devices in the cluster,
cluster state, holdtime and the interval to send packets.
Errors occur if you execute this command on a switch that does not belong to any
cluster.
Example
# Display cluster information (assuming that the current switch is a management

device).
<aaa_0.Quidway-cluster> display cluster
Cluster name:"aaa"
Role:Administrator
Management-vlan:100
Handshake timer:10 sec

Handshake hold-time:60 sec
IP-Pool:20.1.1.1/24
cluster-mac:0180-c200-000a
No logging host configured
No SNMP host configured
No FTP server configured
No TFTP server configured
1-25
3 member(s) in the cluster, and 0 of them down.
# Display cluster information (assuming that the current switch is a member device).
[aaa_2.3900-3] display cluster
Cluster name:"aaa"
Role:Member
Member number:2
Management-vlan:100
cluster-mac:0180-c200-000a
Handshake timer:10 sec
Handshake hold-time:60 sec
Administrator device mac address:00e0-fc00-3901

Administrator status:Up
Table 1-5 Description on the fields of the display cluster command

Field Description
Cluster name Name of the cluster

Role Cluster role of the switch
Member number Member number of the switch
Handshake timer Value of handshake timer
Handshake hold-time Handshake holdtime
Administrator device mac MAC address of the management
address device
Administrator status State of the management device
1.3.12 display cluster candidates
Syntax
display cluster candidates [ mac-address H-H-H | verbose ]
View
Any view
Parameter
mac-address H-H-H: Specifies the MAC address of a candidate device.
1-26
verbose: Displays the detailed information about all the candidate devices.
Description
Use the display cluster candidates command to display the information about the
candidate devices of a cluster. The command is applicable to the management devices
only.
automatically. As a result, if the interval of topology collection is too short (which is 1
minute by default), the switch exists as the candidate device of the cluster for a short
time. If it is unnecessary to add the candidate switches into the cluster automatically,
you can set the interval of topology collection to 0, that is, topology collection is not
performed periodically.
Example
# Display the information about all the candidate devices.

<aaa_0.Quidway-cluster> display cluster candidates
MAC HOP IP PLATFORM
3900-0000-3334 2 16.1.1.11/24 S3900
00e0-fc00-3190 1 16.1.1.1/24 S3900
Table 1-6 Description on the fields of the display cluster candidates

command (A)
Field Description
MAC address of a candidate

MAC
device
Hops from a candidate device to
Hop
the management device
IP IP address of a candidate device
Platform Platform of a candidate device
# Display the information about a specified candidate device.

<aaa_0.Quidway-cluster> display cluster candidates mac-address
00e0-fc00-3190
Hostname : 3900-3
MAC : 00e0-fc00-3190
Hop : 1
1-27
Platform : S3900
IP : 16.1.1.1/24
# Display the detailed information about all the candidate devices.

[aaa_0.Quidway-cluster] display cluster candidates verbose
Hostname : Quidway
MAC : 3900-0000-3334
Hop : 2
Platform : S3900
IP : 16.1.1.11/24
Hostname : 3900-3
MAC : 00e0-fc00-3190
Hop : 1
Platform : S3900
IP : 16.1.1.1/24
Table 1-7 Description on the fields of the display cluster candidates

command (B)
Field Description
Hostname Name of a candidate device

MAC MAC address of a candidate device
Hops from a candidate device to the
Hop
management device
IP IP address of a candidate device
Platform Platform of a candidate device
1.3.13 display cluster members
Syntax
display cluster members [ member-number | verbose ]
View
Any view
Parameter

1-28
verbose: Displays the detailed information about all the devices in a cluster.
Description
Use the display cluster members command to display the information about cluster
members.
Example
# Display the information about all the devices in the cluster.

<aaa_0.Quidway-cluster> display cluster members
SN Device MAC Address Status Name
0 S3900 00e0-fc00-3901 Admin aaa_0.Quidway
1 S3900 3900-0000-3334 Up aaa_1.Quidway
2 S3900 00e0-fc00-3190 Up aaa_2.3900-3
Table 1-8 Description on the fields of the display cluster members

command (A)
Field Description
SN Member number
Device Device type
MAC Address MAC address of a device
Status State of a device
Name Name of a device
# Display the detailed information about the management device and all member
devices.
<aaa_0.Quidway-cluster> display cluster members verbose
Member number:0
Name:aaa_0.Quidway
Device:S3900
MAC Address:00e0-fc00-3901
Member status:Admin
Hops to administrator device:0
IP: 100.100.1.1/24
Version:
1-29
S3900 3900-0002
Member number:1
Name:aaa_1.Quidway
Device:S3900
MAC Address:3900-0000-3334
Member status:Up
IP: 16.1.1.11/24
Version:
S3900 3900-0002
Member number:2
Name: aaa_2.Quidway
Device:S3900
MAC Address:00e0-fc00-3190
Member status:Up
IP: 16.1.1.1/24
Version:
S3900 3900-0002
Table 1-9 Description on the fields of the display cluster members

verbose command
Field Description
Member number Device member number

Name Name of a device
Device Device type
MAC Address MAC address of a device
Member status State of a device
Hops from the current device to the
Hops to administrator device
management device
1-30
Field Description
IP IP address of a device
Version Software version of the current device
1.3.14 ftp cluster
Syntax
ftp cluster
View
User view
Parameter
None
Description
Use the ftp cluster command to establish control connection with the public FTP
server of the cluster and enter FTP client view.
Example
# Connect the FTP clients to the remote FTP server of the cluster.
<123_1.Quidway> ftp cluster
Trying ...
Connected.
220 FTP service ready.
User(none):hello
331 Password required for hello.
Password:
230 User logged in.
1.3.15 ftp-server
Syntax
ftp-server ip-address
undo ftp-server
1-31
View
Cluster view
Parameter
ip-address: IP address of the FTP server to be configured for the cluster.
Description
Use the ftp-server command to configure an FTP server on the management device
for the member devices in the cluster.
Use the undo ftp-server command to remove the FTP server configured for the
member devices in the cluster.
By default, the management device acts as the FTP Server.
You need to configure the IP address of an FTP server first for the member devices in a
cluster to access the FTP server through the management device.
Example
# Configure the IP address of an FTP server on the management device.

[aaa_0.Quidway-cluster] ftp-server 1.0.0.9
1.3.16 holdtime
Syntax
holdtime seconds
undo holdtime
View
Cluster view
Parameter
seconds: Holdtime (in seconds) ranging from 1 to 255.
Description
Use the holdtime command to configure the holdtime of a switch.

Use the undo holdtime command to restore the default holdtime value.
z If a switch does not receive any information of a peer device during the holdtime, it
sets the state of the peer device to “down”. When the communication between the
1-32
two resumes, the corresponding member device is re-added to the cluster

(automatically).
z If the downtime does not exceed the holdtime, the member device stays in the
normal state and needs not to be added again.
Execute these two commands on management devices only. The member devices in a
cluster acquire the holdtime setting from the management device.
Example
# Set the holdtime to 30 seconds.

[aaa_0.Quidway-cluster] holdtime 30
1.3.17 ip-pool
Syntax
ip-pool administrator-ip-address { ip-mask | ip-mask-length }

undo ip-pool
View
Cluster view
Parameter
administrator-ip-address: IP address of the management device of a cluster.

ip-mask: Mask of the cluster IP address pool.
ip-mask-length: Mask length of the cluster IP address pool.
Description
Use the ip-pool command to configure a private IP address range for cluster members
on the switch to be configured as the management device.
Use the undo ip-pool command to cancel the IP address range configuration.
Before establishing a cluster, you need to configure a private IP address pool for the
switches to be added to the cluster. When a candidate device is added to a cluster, the
management device assigns a private IP address to it for the candidate device to
communicate with other devices in the cluster. This enables you to manage and
maintain member devices in a cluster through the management device.
Execute these two commands on switches that belong to no cluster only. The IP
address range of an existing cluster cannot be modified.
1-33
Example
# Configure the IP address range of a cluster.

[Quidway] cluster
[Quidway-cluster] ip-pool 10.200.0.1 20
1.3.18 logging-host
Syntax
logging-host ip-address
undo logging-host
View
Cluster view
Parameter
ip-address: IP address of the logging host configured for the cluster.
Description
Use the logging-host command to configure a logging host on the management

device for the member devices in the cluster.
Use the undo logging-host command to cancel the logging host configuration.
By default, no logging host is configured.
Note that you need to configure the IP address of a logging host first for the member
devices in a cluster to send log information to the logging host through the
management device.
Example
# Configure the IP address of the logging host on the management device.

[aaa_0.Quidway-cluster] logging-host 10.10.10.9
1.3.19 management-vlan
Syntax
management-vlan vlan-id
1-34
undo management-vlan
View
System view
Parameter
vlan-id: ID of the VLAN to be specified as the management VLAN.
Description
Use the management-vlan command to specify the management VLAN on the switch.
Use the undo management-vlan command to restore the default management VLAN.
By default, VLAN 1 is the management VLAN.
Note the following when configuring the management VLAN:
z The management VLANs specified on different devices in the same cluster must
be the same VLAN.
z The management VLAN can only be specified before the cluster is created. Once
a switch is added to a cluster, the management VLAN configuration cannot be
modified. To modify management VLAN configuration on a switch belonging to a
cluster, you need to cancel the cluster-related configurations on the switch,
specify the desired VLAN to be the management VLAN, and then re-create the
cluster.
Example
# Specify VLAN 2 as the management VLAN on the current switch.

1.3.20 nm-interface Vlan-interface
Syntax
nm-interface Vlan-interface vlan-id
View
Cluster view
Parameter
vlan-id: ID of the VLAN.
1-35
Description
Use the nm-interface Vlan-interface command to configure the network management

interface of the management switch.
You can specify the network management interface of the management device, so that
the network administrator can access the management switch through the network
management interface to manage the devices in the cluster.
Note:
z By default, the network management interface is a management VLAN interface.
z There can be only one network management interface, and the reconfigured
network management interface will replace the old one.
Example
# Configure VLAN-interface 2 as the network management interface.

[Quidway] cluster
[Quidway-cluster] nm-interface Vlan-interface 2
1.3.21 reboot member
Syntax
reboot member { member-number | mac-address H-H-H } [ eraseflash ]
View
Cluster view
Parameter

mac-address H-H-H: MAC address of the member device to be rebooted.
eraseflash: Deletes the configuration file when the member device reboots.
Description
Use the reboot member command to reboot a specified member device on the
management device.
Communication between the management and member devices may be interrupted
due to some configuration errors. Through the remote control function of member
1-36
devices, you can control them remotely on the management device. For example, you
can reboot a member device that operates improperly and specify to delete the booting
configuration file when the member device reboots, and thus restore normal
communication between the management and member devices.
The eraseflash keyword specifies to delete the booting configuration file when the
member device reboots.
Example
# Reboot the member device numbered 2.

[aaa_0.Quidway-cluster] reboot member 2
1.3.22 snmp-host
Syntax
snmp-host ip-address
undo snmp-host
View
Cluster view
Parameter
ip-address: IP address of a SNMP host to be configured for a cluster.
Description
Use the snmp-host command to configure an SNMP host for the member devices
inside a cluster on the management device.
Use the undo snmp-host command to cancel the SNMP host configuration.
By default, no SNMP host is configured.
You need to configure the IP address of an SNMP host first for the cluster, in order that
the member devices in a cluster can send trap messages to the SNMP host through the
management device.
Execute these two commands on management devices only.
Example
# Configure an SNMP host for the cluster on the management device.

1-37

[aaa_0.Quidway-cluster] snmp-host 1.0.0.9
1.3.23 tftp cluster get
Syntax
tftp cluster get source-file [ destination-file ]
View
User view
Parameter
source-file: Name of the file to be downloaded from the public TFTP server of the
cluster.
destination-file: Name of the downloaded file which is saved in the switch.
Description
Use the tftp cluster get command to download files from the specified directory on the
public TFTP server to the switch.
Related command: tftp cluster put.
Example
# Download the file name LANSwitch.app from the public TFTP server of the cluster to
the switch and save it as vs.app.
<123_1.Quidway> tftp cluster get LANSwitch.app vs.app
1.3.24 tftp cluster put
Syntax
tftp cluster put source-file [ destination-file ]
View
User view
Parameter
source-file: File to be uploaded to the server.

destination-file: Name of the uploaded file saved in the storage directory of the TFTP
server.
1-38
Description
Use the tftp put command to upload the file in the switch to the specified directory in
the TFTP server.
Related command: tftp cluster get.
Example
# Upload the file named vrpcfg.txt in the switch to the public TFTP server of the cluster
and save it as temp.txt.
<123_1.Quidway> tftp cluster put vrpcfg.txt temp.txt
1.3.25 tftp-server
Syntax
tftp-server ip-address
undo tftp-server
View
Cluster view
Parameter
ip-address: IP address of a TFTP server to be configured for a cluster.
Description
Use the tftp-server command to configure a TFTP server for cluster members on the
management device.
Use the undo tftp-server command to cancel the TFTP server of the cluster members.
By default, no TFTP server is configured.
You need to configure the IP address of the TFTP server for the cluster, in order that the
member devices in the cluster can access the TFTP server through the management
device.
Execute these two commands on management devices only.
Example
# Configure a TFTP server on the management device.

[aaa_0.Quidway-cluster] tftp-server 1.0.0.9
1-39
1.3.26 timer
Syntax
timer interval
undo timer
View
Cluster view
Parameter
Interval: Interval (in seconds) to send handshake packets. This argument ranges from 1
to 255.
Description
Use the timer command to set the interval to send handshake packets.
Use the undo timer command to restore the default value of the interval.
By default, the interval to send handshake packets is 10 seconds.
Inside a cluster, the connections between member devices and the management
device are kept through transmitting handshake packets. Handshake packets in a
cluster enable the management device to acquire the information about member states
link states.
Execute these two commands on management devices only. All the member devices in
a cluster acquire the handshake interval setting from the management device.
Example
# Configure the interval to send handshake packets to be 3 seconds.

[aaa_0.Quidway-cluster] timer 3
1-40
Command Manual – PoE & PoE Profile
Table of Contents
Chapter 1 PoE Configuration Commands .................................................................................. 1-1

1.1 PoE Configuration Commands .......................................................................................... 1-1
1.1.1 display poe interface ............................................................................................... 1-1
1.1.2 display poe interface power .................................................................................... 1-4
1.1.3 display poe powersupply......................................................................................... 1-5
1.1.4 display poe temperature-protection......................................................................... 1-6
1.1.5 poe enable............................................................................................................... 1-7
1.1.6 poe legacy enable ................................................................................................... 1-8
1.1.7 poe max-power........................................................................................................ 1-8
1.1.8 poe mode ................................................................................................................ 1-9
1.1.9 poe power-management ....................................................................................... 1-10
1.1.10 poe priority........................................................................................................... 1-11
1.1.11 poe temperature-protection................................................................................. 1-12
1.1.12 poe update .......................................................................................................... 1-12
Chapter 2 PoE Profile Configuration Commands ...................................................................... 2-1

2.1 PoE Profile Configuration Commands ............................................................................... 2-1
2.1.1 apply poe-profile...................................................................................................... 2-1
2.1.2 display poe-profile ................................................................................................... 2-2
2.1.3 poe-profile ............................................................................................................... 2-3
i
Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 PoE Configuration Commands
Chapter 1 PoE Configuration Commands
1.1 PoE Configuration Commands

1.1.1 display poe interface
Syntax
display poe interface [ interface-type interface-number ]
View
Any view
Parameter
interface-type interface-number: Port on the switch. Refer to Command Manual – Basic

Port Configuration for details.
Description
Use the display poe interface command to view the PoE status of a specific port of the
switch. If the interface-type interface-number argument is not specified, the command
displays the PoE status of all ports of the switch.
Example
# Display the PoE status of Ethernet 1/0/10.

<Quidway> display poe interface Ethernet1/0/10
Port power enabled :enable
Port power ON/OFF :on
Port power status : Standard PD was detected
Port power mode :signal
Port PD class :0
port power priority :low
Port max power :15400 mW
Port current power :460 mW
Port peak power :552 mW
Port average power :547 mW
Port current :10 mA
Port voltage :51 V
1-1
Table 1-1 Description on the fields of the display poe interface command
Field Description
Port power enabled PoE is enabled on the port
Port power ON/OFF The power on the port is on/off
PoE status on the port:
z user command set port to off: PoE to the port is
turned off by the user
Port power status z Standard PD was detected: A standard PD is
detected
z PD detection is in process: PDs are being
detected
PoE mode on the port:
Port power mode z signal: PoE through the signal cable
z spare: PoE through the spare cable
Port PD class Class of power to the PD
PoE priority of the port:
Port power priority z critical: The highest

z high: High
z low: Low
Port max power The maximum available power on the port
Port current power The current power on the port
Port average power The average power on the port

Port peak power The peak power on the port
Port current The current on the port
Port voltage The voltage on the port
# Display the PoE status of all ports.

<Quidway> display poe interface
PORT INDEX POWER ENABLE MODE PRIORITY STATUS
Ethernet1/0/1 off disable signal low user command set port to off
1-2
Table 1-2 Description on the fields of the display poe interface command
Field Description
PORT INDEX Port index
POWER Power status on the port: ON/OFF
1-3
Field Description
ENABLE PoE enabled/disabled status on the port
PoE mode on the port:

MODE z signal: PoE through the signal cable
z spare: PoE through the spare cable
PoE priority of the port:
PRIORITY z critical: Highest

z high: High
z low: Low
PoE status on the port:
z user command set port to off: PoE to the port is
turned off by the user
STATUS z Standard PD was detected: A standard PD is
detected
z PD detection is in process: PDs are being
detected
1.1.2 display poe interface power
Syntax
display poe interface power [ interface-type interface-number ]
View
Any view
Parameter
interface-type interface-number: Port on the switch. Refer to Command Manual – Port

for details.
Description
Use the display poe interface power command to view the power information of a
specific port of the switch. If the interface-type interface-number argument is not
specified, the command displays the power information of all ports of the switch.
Example
# Display the power information of Ethernet 1/0/10.

<Quidway> display poe interface power Ethernet1/0/10
Port power :12400 mW
# Display the power information of all ports.

<Quidway> display poe interface power
PORT INDEX POWER (mW) PORT INDEX POWER (mW)
1-4
Ethernet1/0/1 0 Ethernet1/0/2 0
1.1.3 display poe powersupply
Syntax
display poe powersupply
View
Any view
Parameter
None
Description
Use the display poe powersupply command to view the parameters of the power
sourcing equipment (PSE).
Example
# Display the PSE parameters.
1-5
<Quidway> display poe powersupply

PSE ID :1
PSE Legacy Detection :disable
PSE Total Power Consumption :12000 mW
PSE Available Power :288000 mW
PSE Peak Value :12000 mW
PSE Average Value :12000 mW
PSE Software Version :290
PSE Hardware Version :000
PSE CPLD Version :021
PSE Power-Management mode :auto
Table 1-3 Description on the fields of the display poe powersupply command
Field Description
PSE ID Identification of the PSE
The enabled/disabled status of the nonstandard PD
PSE Legacy Detection
detection
PSE Total Power
Total power consumption of the PSE
Consumption
PSE Available Power Available power of the PSE
Power Peak Value Peak power value of the PSE
Power Average Value Average power value of the PSE
Power Software Version Version of the PSE software

Power Hardware Version Version of the PSE hardware
Version of the PSE complex programmable logical
PSE CPLD Version
device (CPLD)
PoE management mode on the port when the PSE is
overloaded:
The auto keyword indicates that the auto mode is
PSE Power-Management
adopted, that is, the PoE management mode based
mode
on the PoE priority of the port is adopted
The manual keyword indicates that the manual
mode is adopted in the PoE management on the port
1.1.4 display poe temperature-protection
Syntax
display poe temperature-protection
1-6
View
Any view
Parameter
None
Description
Use the display poe temperature-protection command to display the enable/disable

status of the PoE over-temperature protection function on the switch.
Example
# Display the enable/disable status of the PoE over-temperature protection function on

the switch.
<Quidway> display poe temperature-protection
The temperature protection is enabled.
1.1.5 poe enable
Syntax
poe enable
undo poe enable
View
Ethernet port view
Parameter
None
Description
Use the poe enable command to enable the PoE feature on a port.
Use the undo poe enable command to disable the PoE feature on a port.
By default, the PoE feature on each port is disabled.
Example
# Enable the PoE feature on the current port.

[Quidway-Ethernet1/0/3] poe enable
Port power supply is enabled
1-7
# Disable the PoE feature on the current port.

[Quidway-Ethernet1/0/3] undo poe enable
Port power supply is disabled
1.1.6 poe legacy enable
Syntax
poe legacy enable

undo poe legacy enable
View
System view
Parameter
None
Description
Use the poe legacy enable command to enable the nonstandard-PD detection
function.
Use the undo poe legacy enable command to disable the nonstandard-PD detection
function.
PDs compliant with 802.3af standards are called standard PDs.
By default, the nonstandard-PD detection function is disabled.
Example
# Enable the nonstandard-PD detection function.

[Quidway] poe legacy enable
Legacy detection is enabled
# Disable the nonstandard-PD detection function.

[Quidway] undo poe legacy enable
Legacy detection is disabled
1.1.7 poe max-power
Syntax
poe max-power max-power

undo poe max-power
1-8
View
Ethernet port view
Parameter
max-power: Maximum power distributed to the port, ranging from 1000 to 15400 in mW.
Description
Use the poe max-power command to configure the maximum power that can be
supplied by the current port.
Use the undo poe max-power command to restore the maximum power supplied by
the current port to the default value.
By default, the maximum power that a port can supply is 15400 mW.
Note that the unit of the power is mW and you can set the power in the granularity of
100 mW. The actual maximum power will be 5% larger than what you have set allowing
for the effect of transient peak power.
Example
# Set the maximum power supplied by current port.

[Quidway-Ethernet1/0/3] poe max-power 15000
# Restore the default maximum power on the current port.

[Quidway-Ethernet1/0/3] undo poe max-power
1.1.8 poe mode
Syntax
poe mode { signal | spare }

undo poe mode
View
Ethernet port view
Parameter
signal: Supplies power through a signal cable.

spare: Supplies power through a spare cable.
Description
Use the poe mode command to configure the PoE mode on the current port.
1-9
Use the undo poe mode command to restore the PoE mode on the current port to the
default mode.
By default, the port is powered through a signal cable.
Note that the S3900 series switches do not support the spare mode currently.
Example
# Set the PoE mode on current port to signal.

[Quidway-Ethernet1/0/3] poe mode signal
1.1.9 poe power-management
Syntax
poe power-management { auto| manual }

undo poe power-management
View
System view
Parameter
auto: Adopts the auto mode, namely, a PoE management mode based on PoE priority
of the port.
manual: Adopts the manual mode.
Description
Use the poe power-management command to configure the PoE management mode
of port used in the case of power overloading.
Use the undo poe power-management command to restore the default mode.
By default, the PoE management mode on port is auto.
Example
# Configure the PoE management mode on port to auto, that is, adopt the PoE
management mode based on the PoE priority of the port.
[Quidway] poe power-management auto
Auto Power Management is enabled
# Restore the default management mode.
1-10
[Quidway] undo poe power-management

Auto Power Management is enabled
1.1.10 poe priority
Syntax
poe priority { critical | high | low }

undo poe priority
View
Ethernet port view
Parameter
critical: Set the port priority to critical.

high: Set the port priority to high.
low: Set the port priority to low.
Description
Use the poe priority command to configure the PoE priority of a port.
Use the undo poe priority command to restore the default PoE priority.
By default, the PoE priority of a port is low.
When the available power of the PSE is too small, the PoE priority and the PoE
management mode are used together to determine how to allocate PoE power for the
new PDs.
When the manual PoE management mode is adopted:
The switch will not supply power to the new PDs if the available power of the PSE is
less than 18.8 W.
When the auto PoE management mode is adopted:
If a PD is plugged into the port with higher priority when the available power of the PSE
is less than 18.8 W, the power supply to the port with the smallest number in the port
group with the lowest priority is turned off, so that a part of power is released for the new
PD.
Example
# Set the port priority to critical.

[Quidway-Ethernet1/0/3] poe priority critical
1-11
# Restore the default PoE priority.

[Quidway-Ethernet1/0/3] undo poe priority
1.1.11 poe temperature-protection
Syntax
poe temperature-protection enable

undo poe temperature-protection enable
View
System view
Parameter
None
Description
Use the poe temperature-protection enable command to enable PoE

over-temperature protection on the switch.
Use the undo poe temperature-protection enable command to disable PoE
over-temperature protection on the switch.
The PoE over-temperature protection operates as follows: The switch disables the PoE
feature on all ports when its internal temperature exceeds 65°C (149°F) for self-protect,
and restores the PoE feature settings on all its ports when the temperature drops below
60°C (140°F).
By default, PoE over-temperature protection is enabled on the switch.
Example
# Disable PoE over-temperature protection on the switch.

[Quidway] undo poe temperature-protection enable
The temperature protection is disabled.
1.1.12 poe update
Syntax
poe update { refresh | full } filename
View
System view
1-12
Parameter
refresh: The refresh update mode is used when the PSE processing software is valid.
The refresh update mode is to upgrade the valid software in the PSE.
full: The full update mode is used when the PSE has no valid processing software. The
full update mode is to delete the invalid software in the PSE completely and then reload
the valid software.
filename: Update file name, with a length of 1 to 64 characters.
Description
Use the poe update command to update the PSE processing software online.
Note:
z The full mode is used only when you cannot use the refresh mode.
z When the PSE processing software is damaged (that is, all the PoE commands
cannot be successfully executed), you can use the full mode to update and restore
the software.
z When the upgrading procedure in refresh update mode is interrupted for some
unexpected reason (such as power-off) or some errors occur, if the upgrade in full
mode fails after restart, you must upgrade in full mode after power-off and restart of
the device, and then restart the device manually. In this way, the former PoE
configuration is restored.
Example
# Update the PSE processing software online.

[Quidway] poe update refresh 0290_021.s19
Update PoE board successfully
1-13
Command Manual – PoE & PoE Profile Chapter 2 PoE Profile Configuration Comma
Quidway S3900 Series Ethernet Switches-Release 1510 nds
Chapter 2 PoE Profile Configuration Commands
2.1 PoE Profile Configuration Commands

2.1.1 apply poe-profile
Syntax
In system view use the following commands:

apply poe-profile profilename interface interface-type interface-number [ to
undo apply poe-profile profilename interface interface-type interface-number [ to
In Ethernet port view use the following commands:
apply poe-profile profilename
undo apply poe-profile profilename
View
System view
Parameter
profilename: Name of PoE profile, a string of 1 to 15 characters. It starts with a letter

from a to z or from A to Z, and it cannot be any of reserved keywords like all, interface,
user, undo, and mode.
interface-type interface-number: interface-type indicates type of the interface,
interface-number specifies the port ID.
Description
Use the apply poe-profile command to apply the existing PoE profile configuration to
the specified Ethernet port.
Use the undo apply poe-profile command to cancel the PoE profile configuration for
the specified Ethernet port.
Only one PoE profile can be in use at any time for each Ethernet port.
2-1
Note:
PoE profile is a set of PoE configurations. One PoE profile can contain multiple PoE
features. When the poe apply command is used to apply a PoE profile to a port, some
PoE features can be applied successfully while some can not. PoE profiles are applied
to S3900 series Ethernet switches according to the following rules:
z When the apply poe-profile command is used to apply a PoE profile to a port, the
PoE profile is applied successfully only if one PoE feature in the PoE profile is
applied properly. When the display current-configuration command is used for
query, it is displayed that the PoE profile is applied properly to the port.
z If one or more features in the PoE profile are not applied properly on a port, the
switch will prompt explicitly which PoE features in the PoE profile are not applied
properly on which ports.
z The display current-configuration command can be used to query which PoE
profiles are applied to a port. However, the command cannot be used to query which
PoE features in a PoE profile are applied successfully.
Example
# Apply the existing PoE profile (profile-test) configuration to Ethernet1/0/1 through

Ethernet1/0/9 ports of the switch.
[Quidway] apply poe-profile profile-test interface ethernet1/0/1 to
ethernet1/0/9
2.1.2 display poe-profile
Syntax
display poe-profile { all-profile | interface interface-type interface-number | name

profilename }
View
Any view
Parameter
all-profile：Display all PoE Profiles.

interface-type interface-number: Port type and port number
profilename: Name of a specified PoE profile.
2-2
Description
Use the display poe-profile command to display detailed configuration information of

the created PoE profile for a switch.
Example
# Display detailed configuration information for the PoE profile by the name of
profile-test.
[Quidway] display poe-profile name profile-test
2.1.3 poe-profile
Syntax
poe-profile profilename
undo poe-profile profilename
View
System view
Parameter
profilename: Name of PoE profile, a string with 1 to 15 characters. It starts with a letter
from a to z or from A to Z, and it cannot be any of reserved keywords like all, interface,
user, undo, and mode.
Description
Use the poe-profile command to create a PoE profile.

Use the undo poe-profile command to delete an existing PoE profile.
The following PoE features can be configured in the PoE profile mode:
poe enable
poe mode { signal | spare }
poe priority { critical | high | low }
poe max-power max-power
The maximum number of PoE profiles that can be configured for an S3900 switch is
100.
Example
# Create a PoE profile by the name of profile-test.

2-3

[Quidway] poe-profile profile-test
2-4
Command Manual – UDP Helper
Table of Contents
Chapter 1 UDP Helper Configuration Commands...................................................................... 1-1

1.1 UDP Helper Configuration Commands.............................................................................. 1-1
1.1.1 display udp-helper server........................................................................................ 1-1
1.1.2 reset udp-helper packet .......................................................................................... 1-1
1.1.3 udp-helper enable ................................................................................................... 1-2
1.1.4 udp-helper port ........................................................................................................ 1-2
1.1.5 udp-helper server .................................................................................................... 1-3
i
Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 UDP Helper Configuration Commands
Chapter 1 UDP Helper Configuration Commands
1.1 UDP Helper Configuration Commands

1.1.1 display udp-helper server
Syntax
display udp-helper server [ interface Vlan-interface vlan-id ]
View
Any view
Parameter
vlan-id: VLAN interface number.
Description
Use the display udp-helper server command to display the information of the
destination server corresponding to the VLAN interface.
Example
# Display the information of the destination server corresponding to VLAN interface 1.

<Quidway> display udp-helper server interface Vlan-interface 1
interface name server address packets send
Vlan-interface1 192.1.1.2 0
The information above shows that the IP address of the destination server
corresponding to VLAN interface 1 is 192.1.1.2, and no packets have been forwarded.
1.1.2 reset udp-helper packet
Syntax
reset udp-helper packet
View
User view
Parameter
None
1-1
Description
Use the reset udp-helper packet command to clear statistics about the packets
forwarded by UDP Helper.
Example
# Clear statistics about the packets forwarded by UDP Helper.

<Quidway> reset udp-helper packet
1.1.3 udp-helper enable
Syntax
udp-helper enable
undo udp-helper enable
View
System view
Parameter
None
Description
Use the udp-helper enable command to enable UDP Helper function.

Use the undo udp-helper enable command to disable UDP Helper function.
By default, UDP Helper is disabled.
Example
# Enable UDP Helper.

[Quidway] udp-helper enable
1.1.4 udp-helper port
Syntax
udp-helper port { port-number | dns | netbios-ds | netbios-ns | tacacs | tftp | time }

undo udp-helper port { port-number | dns | netbios-ds | netbios-ns | tacacs | tftp |
time }
View
System view
1-2
Parameter
port-number: Port number whose UDP packets are to be forwarded, in the range 1 to
65535 (except for 67 and 68).
dns: Domain name system, corresponding to UDP port 53.
netbios-ds: NetBios datagram service, corresponding to UDP port 138.
netbios-ns: NetBios name service, corresponding to UDP port 137.
tacacs: TAC access control system, corresponding to UDP port 49.
tftp: Trivial file transfer protocol, corresponding to UDP port 69.
time: Time service, corresponding to UDP port 37.
Description
Use the udp-helper port command to specify the UDP port whose UDP broadcast
packets are to be forwarded.
Use the undo udp-helper port command to cancel the configuration.
Example
# Specify port 651 to be the UDP port to forward UDP broadcast packets.
[Quidway] udp-helper port dns 651
1.1.5 udp-helper server
Syntax
udp-helper server ip-address

undo udp-helper server [ ip-address ]
View
VLAN interface view
Parameter
ip-address: IP address of the destination server, in dotted decimal notation.
Description
Use the udp-helper server command to specify the destination server for the UDP
broadcast packets to be forwarded.
Use the undo udp-helper server [ ip-address ] command to delete the destination
server for the UDP broadcast packets to be forwarded.
1-3
No destination server is configured by default.

Related command: display udp-helper server.
Example
# Specify to forward UDP packets of VLAN1 interface to the destination server with IP
address of 192.1.1.2.
[Quidway-Vlan-interface1] udp-helper server 192.1.1.2
1-4
Command Manual – SNMP and RMON
Table of Contents
Chapter 1 SNMP Configuration Commands ............................................................................... 1-1

1.1 SNMP Configuration Commands....................................................................................... 1-1
1.1.1 display snmp-agent ................................................................................................. 1-1
1.1.2 display snmp-agent community............................................................................... 1-1
1.1.3 display snmp-agent group....................................................................................... 1-2
1.1.4 display snmp-agent mib-view.................................................................................. 1-3
1.1.5 display snmp-agent statistics .................................................................................. 1-5
1.1.6 display snmp-agent sys-info.................................................................................... 1-6
1.1.7 display snmp-agent trap-list .................................................................................... 1-6
1.1.8 display snmp-agent usm-user ................................................................................. 1-7
1.1.9 enable snmp trap updown....................................................................................... 1-8
1.1.10 snmp-agent ........................................................................................................... 1-9
1.1.11 snmp-agent community....................................................................................... 1-10
1.1.12 snmp-agent group ............................................................................................... 1-11
1.1.13 snmp-agent local-engineid .................................................................................. 1-12
1.1.14 snmp-agent log ................................................................................................... 1-13
1.1.15 snmp-agent mib-view .......................................................................................... 1-14
1.1.16 snmp-agent packet max-size .............................................................................. 1-14
1.1.17 snmp-agent sys-info............................................................................................ 1-15
1.1.18 snmp-agent target-host ....................................................................................... 1-16
1.1.19 snmp-agent trap enable ...................................................................................... 1-17
1.1.20 snmp-agent trap life ............................................................................................ 1-19
1.1.21 snmp-agent trap queue-size ............................................................................... 1-19
1.1.22 snmp-agent trap source ...................................................................................... 1-20
1.1.23 snmp-agent usm-user ......................................................................................... 1-21
Chapter 2 RMON Configuration Commands .............................................................................. 2-1

2.1 RMON Configuration Commands ...................................................................................... 2-1
2.1.1 display rmon alarm.................................................................................................. 2-1
2.1.2 display rmon event .................................................................................................. 2-2
2.1.3 display rmon eventlog ............................................................................................. 2-3
2.1.4 display rmon history ................................................................................................ 2-4
2.1.5 display rmon prialarm.............................................................................................. 2-5
2.1.6 display rmon statistics ............................................................................................. 2-7
2.1.7 rmon alarm .............................................................................................................. 2-9
2.1.8 rmon event ............................................................................................................ 2-11
2.1.9 rmon history........................................................................................................... 2-12
2.1.10 rmon prialarm ...................................................................................................... 2-13
i
2.1.11 rmon statistics ..................................................................................................... 2-15
ii
Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 SNMP Configuration Commands
Chapter 1 SNMP Configuration Commands
1.1 SNMP Configuration Commands

1.1.1 display snmp-agent
Syntax
display snmp-agent { local-engineid | remote-engineid }
View
Any view
Parameter
local-engineid: Engine ID of a local SNMP entity.

remote-engineid: Engine ID of a remote SNMP entity.
Description
Use the display snmp-agent command to view engine ID of the local or remote SNMP
entity.
An SNMP engine ID identifies an SNMP entity uniquely within an SNMP domain. As an
indispensable part of an SNMP entity, an SNMP engine performs the function of
sending, receiving and authenticating SNMP message, extracting PDU, packet
encapsulation and the communication with SNMP application.
Example
# Display the engine ID of a local device.

<Quidway> display snmp-agent local-engineid
SNMP local EngineID: 800007DB00E0FC0031006877
SNMP local EngineID in the above information represents the engine ID of the local
SNMP entity.
1.1.2 display snmp-agent community
Syntax
display snmp-agent community [ read | write ]
View
Any view
1-1
Parameter
read: Displays read-only community information.

write: Displays read-write community information.
Description
Use the display snmp-agent community command to view the information about the
currently configured community names for SNMPv1 or SNMPv2c.
Example
# Display the currently configured community names.

<Quidway> display snmp-agent community
Community name:public
Group name:public
Storage-type: nonVolatile
Community name:private
Group name:private
Table 1-1 Description on the fields of the display snmp-agent community command
Field Description
Community name Community name
Group name Group name

Storage type, including volatile, nonVolatile, permanent,
Storage-type
readOnly and other.
1.1.3 display snmp-agent group
Syntax
display snmp-agent group [ group-name ]
View
Any view
Parameter
groupname: The group name, ranging from 1 to 32 bytes.
1-2
Description
Use the display snmp-agent group command to view group name, security model,
state of various views and storage models.
Example
# Display SNMP group name and security model.

<Quidway> display snmp-agent group
Group name: v3r2
Security model: v3 noAuthnoPriv
Readview: ViewDefault
Writeview: <no specified>
Notifyview :<no specified>
Storage-type: nonvolatile
The following table describes the output fields.
Table 1-2 Description on the fields of the display snmp-agent group command
Field Description
Group name SNMP group name of the user
Security model of that group, including authorization and
encryption (AuthPriv), authorization and no encryption
Security model
(AuthnoPriv), no authorization and no encryption
(noAuthnoPriv).
Readview Read-only MIB view name corresponding to that group
Writeview Writable MIB view corresponding to that group

Notifyview The name of the notify MIB view corresponding to that group
storage-type
readOnly and other.
1.1.4 display snmp-agent mib-view
Syntax
display snmp-agent mib-view [ exclude | include | viewname view-name ]
View
Any view
Parameter
exclude: Displays the SNMP MIB view (excluded).

Include: Displays the SNMP MIB view (included).
1-3
view-name: SNMP MIB view to be displayed.
Description
Use the display snmp-agent mib-view command to view the MIB view configuration
information of the current Ethernet switch.
Example
# Display the information about the currently configured MIB view.

<Quidway> display snmp-agent mib-view
View name:ViewDefault
MIB Subtree:internet
Subtree mask:
View Type:included
View status:active
MIB Subtree:snmpUsmMIB
Subtree mask:
View Type:excluded
View status:active
MIB Subtree:snmpVacmMIB
Subtree mask:
View Type:excluded
View status:active
MIB Subtree:snmpModules.18
Subtree mask:
View Type:excluded
View status:active
Table 1-3 describes the output fields.
Table 1-3 Description on the fields of the display snmp-agent mib-view command
Field Description
View name View name
MIB Subtree MIB subtree
1-4
Field Description
Subtree mask Subtree mask
Storage-type Storage type
ViewType: included/excluded Permit or forbid access to an MIB object
View status Indicate the MIB view status
1.1.5 display snmp-agent statistics
Syntax
display snmp-agent statistics
View
Any view
Parameter
None
Description
Use the display snmp-agent statistics command to view the statistics information
about SNMP packets.
Example
# Display the statistics information about SNMP packets.

<Quidway> display snmp-agent statistics
1276 Messages delivered to the SNMP entity
0 Messages which were for an unsupported version
0 Messages which used a SNMP community name not known
0 Messages which represented an illegal operation for the community supplied
0 ASN.1 or BER errors in the process of decoding
1291 Messages passed from the SNMP entity
0 SNMP PDUs which had badValue error-status
0 SNMP PDUs which had genErr error-status
7 SNMP PDUs which had noSuchName error-status
0 SNMP PDUs which had tooBig error-status (Maximum packet size 1500)
3669 MIB objects retrieved successfully
26 MIB objects altered successfully
420 GetRequest-PDU accepted and processed
832 GetNextRequest-PDU accepted and processed
0 GetBulkRequest-PDU accepted and processed
1-5
1276 GetResponse-PDU accepted and processed

24 SetRequest-PDU accepted and processed
15 Trap PDUs accepted and processed
0 Alternate Response Class PDUs droped silently
0 Forwarded Confirmed Class PDUs droped silently
1.1.6 display snmp-agent sys-info
Syntax
display snmp-agent sys-info [ contact | location | version ]*
View
Any view
Parameter
contact: Displays the contact information of the current device.

location: Displays the physical location of the current device.
version: Displays the version information about the SNMP running in the system.
Description
Use the display snmp-agent sys-info command to view the system information about
the current SNMP device.
This command displays all information if you choose no parameter.
Example
# Display the system information about the SNMP device.

<Quidway> display snmp-agent sys-info
The contact person for this managed node:
R&D Beijing, Huawei Technologies Co.,Ltd.
The physical location of this node:

Hangzhou China
SNMP version running in the system:

SNMPv1 SNMPv2c SNMPv3
1.1.7 display snmp-agent trap-list
Syntax
display snmp-agent trap-list
1-6
View
Any view
Parameter
None
Description
Use the display snmp-agent trap-list command to view Trap list information.
Related command: snmp-agent trap enable.
Example
# Display Trap list information.

<Quidway> display snmp-agent trap-list
configuration trap enable
flash trap enable
ospf trap enable
standard trap enable
system trap enable
vrrp trap disable
Enable traps :5; Disable traps 1
1.1.8 display snmp-agent usm-user
Syntax
display snmp-agent usm-user [ engineid engineid | username user-name | group

group-name ]*
View
Any view
Parameter
engineid: Displays the SNMPv3 user information of the specified engine ID, which
ranges from 10 to 64 hexadecimal numerals.
username: Displays information about the specified SNMPv3 user, which ranges from
1 to 32 bytes.
groupname: Displays information about users in the specified group name, which
ranges from 1 to 32 bytes.
Description
Use the display snmp-agent usm-user command to view SNMP user information.
1-7
If you do not specify a parameter, all the information will be displayed.
Example
# Display all user information.

<Quidway> display snmp-agent usm-user
User name: usm-user
Group name: usm-group
Engine ID: 800007DB00E0FC0031006877
UserStatus: active
Table 1-4 describes the output fields.
Table 1-4 Description on the fields of the display snmp-agent usm-user command
Field Description
User name SNMP user name
Group name The group name which the SNMP user name belongs to
Engine ID The character string identifying the SNMP device
Storage-type
readOnly and other.
UserStatus SNMP user status
1.1.9 enable snmp trap updown
Syntax
enable snmp trap updown

undo enable snmp trap updown
View
Ethernet port view/interface view
Parameter
None
Description
Use the enable snmp trap updown command to enable the sending of port/interface
linkUp and linkDown traps.
Use the undo enable snmp trap updown command to disable the sending of linkUp
and linkDown traps.
By default, the sending of port/interface linkUp and linkDown traps is enabled.
1-8
The enable snmp trap updown and snmp-agent target-host commands are used at
the same time. You can use the snmp-agent target-host command to specify the
hosts that can receive Trap information. To send Trap information, you must configure
at least one snmp-agent target-host command.
Example
# Enable the port Ethernet 1/0/1 to send linkUp and linkDown SNMP traps, using the
community name “public” to the NMS whose IP address is 10.1.1.1.
[Quidway] snmp-agent trap enable
[Quidway] snmp-agent target-host trap address udp-domain 10.1.1.1 params
securityname public
[Quidway-Ethernet1/0/1] enable snmp trap updown
1.1.10 snmp-agent
Syntax
snmp-agent
undo snmp-agent
View
System view
Parameter
None
Description
Use the snmp-agent command to enable SNMP Agent.

Use the undo snmp-agent command to disable SNMP Agent.
By default, SNMP Agent is disabled.
Example
# Disable running SNMP Agent.

[Quidway] undo snmp-agent
1-9
Note:
To reduce the risk of being attacked by malicious users against opened socket and
enhance switch security, the S3900 series Ethernet switches provide the following
functions, so that a socket is opened only when it is needed:
z Opening UDP port 161 (used for SNMP Agent) and UDP port 1024 (used for
SNMP-trap Client) when SNMP function is enabled;
z Closing UDP port 161 and 1024 when SNMP is disabled.
z When you enable SNMP Agent by using the snmp-agent command or any of the
snmp-agent configuration commands, UDP port 161 and 1024 are opened at the
same time.
z When you disable SNMP Agent by using the undo snmp-agent command, UDP
port 161 and 1024 are closed at the same time.
1.1.11 snmp-agent community
Syntax
snmp-agent community { read | write } community-name [ [ acl acl-number ]

[ mib-view view-name ]*
undo snmp-agent community community-name
View
System view
Parameter
read: Indicates that MIB object can only be read. Only the read-only community can
query device information.
write: Indicates that MIB object can be read and written. The read-write community can
configure the device.
community-name: The community name, a character string of 1 to 32 characters.
view-name: The MIB view name, a character string of 1 to 32 characters.
acl-number: The basic access control list (ACL) number specified by the community,
ranging from 2,000 to 2,999.
Description
Use the snmp-agent community command to configure community access name and
enable the access to SNMP.
1-10
Use the undo snmp-agent community command to cancel the settings of community
access name.
Example
# Configure community name as comaccess and permit read-only access by this

community name.
[Quidway] snmp-agent community read comaccess
# Configure community name as mgr and permit read-write access.

[Quidway] snmp-agent community write mgr
# Remove community name comaccess.

[Quidway] undo snmp-agent community comaccess
1.1.12 snmp-agent group
Syntax
1) Versions V1 and V2C

snmp-agent group { v1 | v2c } group-name [ read-view read-view ] [ write-view
write-view ] [ notify-view notify-view ] [ acl acl-number ]
undo snmp-agent group { v1 | v2c } group-name
2) Version V3
snmp-agent group v3 group-name [ authentication | privacy ] [ read-view
read-view ] [ write-view write-view ] [ notify-view notify-view ] [ acl acl-number ]
undo snmp-agent group v3 group-name [ authentication | privacy ]
View
System view
Parameter
v1: Specifies SNMPv1.

v2c: Specifies SNMPv2c.
v3: Specifies SNMPv3.
groupname: Group name, ranging from 1 to 32 bytes.
authentication: Configures to authenticate the packet without encryption.
privacy: Configures to authenticate and encrypt the packet.
readview: Read-only view name, ranging from 1 to 32 bytes.
writeview: Name of read-write view, ranging from 1 to 32 bytes.
1-11
notifyview: Notification view name, ranging from 1 to 32 bytes.

acl-number: The basic access list number, ranging from 2,000 to 2,999.
Description
Use the snmp-agent group command to configure a new SNMP group, that is, to map
SNMP user to SNMP view.
Use the undo snmp-agent group command to cancel a specified SNMP group.
By default, the SNMP group configured with the snmp-agent group v3 command is
not authenticated and encrypted.
Related command: snmp-agent mib-view, snmp-agent usm-user.
Example
# Create SNMPv3 group 1.

[Quidway] snmp-agent group v3 group1
1.1.13 snmp-agent local-engineid
Syntax
snmp-agent local-engineid engineid

undo snmp-agent local-engineid
View
System view
Parameter
engineid: Specifies the engine ID with a character string, only composed of 10 to 64

hexadecimal numbers. Two hexadecimal characters form an octet.
Description
Use the snmp-agent local-engineid command to set the engine ID of the local SNMP
entity.
Use the undo snmp-agent local-engineid command to restore the default setting.
By default, the device engine ID is "Enterprise Number + device information". Device
information is determined according to different products. It can be IP address, MAC
address or user-defined hexadecimal numeral string.
Related command: snmp-agent usm-user.
1-12
Example
# Configure the local device name as 123456789A.

[Quidway] snmp-agent local-engineid 123456789A
1.1.14 snmp-agent log
Syntax
snmp-agent log { set-operation | get-operation | all }

undo snmp-agent log { set-operation | get-operation | all }
View
System view
Parameter
set-operation: Logs the information about the set operation.

get-operation: Logs the information about the get operation.
all: Logs the information about the set operations.
Description
Use the snmp-agent log command to enable the logging function for network
management.
Use the undo snmp-agent log command to disable the logging function.
By default, the logging function is disabled.
Note:
z In the environment of a single device, use the display logbuffer command to view
the logging information for the get and set operations sent from NMS.
z In the fabric environment, use the display logbuffer command on the master
device to view the logging information for the set operation. Use the display
logbuffer command on the device that has received the get message to view the
logging information for the get operation sent from NMS.
Example
# Enable the logging function for both the get and the set operations.
1-13

[Quidway] snmp-agent log all
1.1.15 snmp-agent mib-view
Syntax
snmp-agent mib-view { included | excluded } view-name oid-tree

undo snmp-agent mib-view view-name
View
System view
Parameter
view-name: View name.

oid-tree: The OID MIB subtree of the MIB object subtree. It can be a character string of
the variable OID (such as 1.4.5.3.1), or a variable name (such as system). The
character string can include wildcards (such as 1.4.5.*.*.1).
included: Includes this MIB subtree.
excluded: Excludes this MIB subtree.
Description
Use snmp-agent mib-view command to create or update the view information, limiting
the MIB objects to be accessed by the NMS.
Use the undo snmp-agent mib-view command to cancel the current setting.
By default, the view name is ViewDefault and OID is 1.
Related command: snmp-agent group.
Example
# Create an SNMP MIB view that consists of all the objects of MIB2 (the corresponding
OID is 1.3.6.1.2.1).
[Quidway] snmp-agent mib-view included mib2 1.3.6.1.2.1
1.1.16 snmp-agent packet max-size
Syntax
snmp-agent packet max-size byte-count

undo snmp-agent packet max-size
1-14
View
System view
Parameter
byte-count: Maximum size of the SNMP packet (in bytes) that the Agent can
send/receive, ranging from 484 to 17,940.
Description
Use the snmp-agent packet max-size command to set the maximum size of SNMP
packet that the Agent can send/receive.
Use undo snmp-agent packet max-size command to restore the default size of
SNMP packet.
By default, the maximum size of the SNMP packet (in bytes) that the Agent can
send/receive is 1,500 bytes.
Example
# Set the maximum size of the SNMP packet that the Agent can send/receive to 1,042
bytes.
[Quidway] snmp-agent packet max-size 1042
1.1.17 snmp-agent sys-info
Syntax
snmp-agent sys-info { contact sys-contact | location sys-location | version { { v1 |

v2c | v3 }* | all } }
undo snmp-agent sys-info { contact | location | version { { v1 | v2c | v3 }* | all } }
View
System view
Parameter
sysContact: The character string describing contact information for system

maintenance.
sys-location: The geographical location of the device.
version: Specifies version of running SNMP.
v1: SNMP V1.
v2c: SNMP V2C.
1-15
v3: SNMP V3.

all: All SNMP versions, including SNMP V1, SNMP V2C, SNMP V3.
Description
Use the snmp-agent sys-info command to configure system information such as

geographical location of the device, contact information for system maintenance and
version information of running SNMP.
Use the undo snmp-agent sys-info location command to restore the default value.
If the device fails, the device maintenance person can use contact information to
contact the manufacturer.
By default, the contact information is "R&D Beijing, Huawei Technologies Co.,Ltd.", the
system location is "Hangzhou China", the SNMP version is SNMP V3.
Related command: display snmp-agent sys-info.
Example
# Set contact information for system maintenance as Dial System Operator # 1234.
[Quidway] snmp-agent sys-info contact Dial System Operator # 1234
1.1.18 snmp-agent target-host
Syntax
snmp-agent target-host trap address udp-domain { ip-address } [ udp-port

port-number ] params securityname security-string [ v1 | v2c | v3 [authentication |
privacy ] ]
undo snmp-agent target-host ip-address securityname security-string
View
System view
Parameter
trap: Specifies the host to be a Trap host.

address: Specifies the address of the destination host for transmitting SNMP
messages.
udp-domain: Specifies transport domain over UDP for the target host.
ip-address: The IPv4 address of the host receiving Trap packets.
port-number: Number of the port receiving Trap packets.
1-16
params: Specifies SNMP target host information to be used in the generation of SNMP
messages.
security-string: The community name of SNMP V1 and SNMP V2C, or SNMP V3 user
name, ranging from 1 to 32 characters.
v1: Represents SNMPv1.
v2c: Represents SNMPv2C.
v3: RepresentsSNMPv3.
authentication: Configures to authenticate the packet without encryption.
privacy: Configures to authenticate and encrypt the packet.
Description
Use snmp-agent target-host command to configure destination of SNMP Trap

packets.
Use undo snmp-agent target-host command to cancel the current setting.
The snmp-agent target-host command and the snmp-agent trap enable or enable
snmp trap updown command must be used at the same time on the device to send
Trap packets.
1) Use the snmp-agent trap enable or enable snmp trap updown command to set
Trap packets allowed to send (all Trap packets can be sent by default).
2) Use the snmp-agent target-host command to set the address of the destination
host receiving SNMP Trap packets.
Related command: snmp-agent trap enable, snmp-agent trap source and
snmp-agent trap life.
Example
# Enable sending SNMP Trap packets to 10.1.1.1 with community name public.
[Quidway] snmp-agent trap enable standard
securityname public
1.1.19 snmp-agent trap enable
Syntax
snmp-agent trap enable [configuration | flash | ospf [ process-id ] [ ospf-trap-list ] |

standard [ authentication | coldstart | linkdown | linkup | warmstart ]* | system |
vrrp [ authfailure | newmaster ] ]
1-17
undo snmp-agent trap enable [configuration | flash | ospf [ process-id ]

[ ospf-trap-list ] | standard [ authentication | coldstart | linkdown | linkup |
warmstart ]* | system | vrrp [ authfailure | newmaster ] ]
View
System view
Parameter
Configuration: Configures to send configuration Trap packets.

flash: Configures to send flash Trap packets.
ospf [ process-id ] [ ospf-trap-list ]: Configures to send OSPF Trap packets. process-id
indicates a process ID. ospf-trap-list indicates a list of Trap packets to be sent.
standard: Configures to send SNMP standard notification or Trap messages.
Authentication: Sends SNMP authentication failure Trap messages in cases of
authentication failures.
coldstart: Configures to send SNMP cold start Trap messages when the device is
rebooted.
linkdown: Configures to send SNMP linkDown Trap messages when the port is down.
linkup: Configures to send SNMP linkUp Trap messages when the port is up.
warmstart: Configures to send SNMP warm start Trap messages when SNMP is
rebooted.
system: Configures to send H3C-SYS-MAN-MIB (private MIB) Trap packets.
vrrp [ authfailure | newmaster ]: Configures to send VRRP Trap packets.
Description
Use the snmp-agent trap enable command to enable the device to send Trap
packets.
Use the undo snmp-agent trap enable command to disable the device to send Trap
packets.
By default, the device is enabled to send Trap messages.
The snmp-agent trap enable and snmp-agent target-host commands must be used
at the same time. The snmp-agent target-host command specifies which hosts can
receive Trap message. However, to send Trap message, you must configure
snmp-agent target-host command.
Example
# Enable to send the Trap packet of SNMP authentication failure to 10.1.1.1. The
community name is public.
1-18

[Quidway] snmp-agent trap enable authentication
securityname public
1.1.20 snmp-agent trap life
Syntax
snmp-agent trap life seconds

undo snmp-agent trap life
View
System view
Parameter
seconds: Aging time, in seconds, ranging from 1 to 2,592,000.
Description
Use the snmp-agent trap life command to set aging time for Trap packets. The Trap
packets exceeding the aging time are discarded.
Use the undo snmp-agent trap life command to restore the default aging time for
Trap packets.
By default, the aging time of SNMP Trap packets is 120 seconds.
Related command: snmp-agent trap enable, snmp-agent target-host.
Example
# Set the aging time for Trap packets as 60 seconds.

[Quidway] snmp-agent trap life 60
1.1.21 snmp-agent trap queue-size
Syntax
snmp-agent trap queue-size size

undo snmp-agent trap queue-size
View
System view
1-19
Parameter
size: Length of a queue, ranging from 1 to 1,000.
Description
Use the snmp-agent trap queue-size command to configure the information queue
length of Trap packet sent to destination host.
Use the undo snmp-agent trap queue-size command to restore the default value.
Related command: snmp-agent trap enable, snmp-agent target-host and
snmp-agent trap life.
By default, the length is 100.
Example
# Configure the queue length to 200.

[Quidway] snmp-agent trap queue-size 200
1.1.22 snmp-agent trap source
Syntax
snmp-agent trap source interface-type interface-number

undo snmp-agent trap source
View
System view
Parameter
nterface-type: Interface type.

Description
Use the snmp-agent trap source command to configure the source address for
sending Trap message.
Use the undo snmp-agent trap source command to cancel the source address for
sending Trap message.
The SNMP Trap message sent from a server has a source IP address no matter which
interface the Trap message is sent from.
By default, SNMP chooses an outgoing interface.
1-20
You can configure this command to trace a specific event using the source address of a
Trap packet.
Note:
Before setting the IP address of an interface address as the source address of the sent
Trap packet, you must configure an IP address for the interface.
Related command: snmp-agent trap enable, snmp-agent target-host.
Example
# Configure the IP address of the VLAN interface 1 as the source address for
transmitting the Trap packets.
[Quidway] snmp-agent trap source Vlan-interface 1
1.1.23 snmp-agent usm-user
Syntax
1) Versions V1 and V2C

snmp-agent usm-user { v1 | v2c } user-name group-name [ acl acl-number ]
undo snmp-agent usm-user { v1 | v2c } user-name group-name
2) Version V3
snmp-agent usm-user v3 user-name group-name [ authentication-mode { md5 |
sha } auth-password [ privacy-mode des56 priv-password ] ] [ acl acl-number ]
undo snmp-agent usm-user v3 user-name group-name { local | engineid
engineid-string }
View
System view
Parameter
v1: Configures to use V1 security model.

v2c: Configures to use V2c security model.
v3: Configures to use V3 security model.
User-name: User name, ranging from 1 to 32 bytes.
1-21
Group-name: Group name corresponding to that user, a character string of 1 to 32

characters.
authentication-mode: Specifies the safety level as authentication required. Absence
of this parameter indicates that neither authentication nor encryption is required.
md5: Specifies the authentication protocol as HMAC MD5 algorithm.
sha: Specifies the authentication protocol as HMAC SHA algorithm.
auth-password: Authentication password, a character string of 1 to 64 characters.
privacy: Specifies the security level as encrypted.
des56: Specifies the authentication protocol as DES.
Priv-password: Encryption password, a character string of 1 to 64 characters.
acl-number: The basic ACL number, ranging from 2,000 to 2,999.
local: Represents a local entity user.
engineid-string: Engine ID related to the user, ranging from 10 to 64 hexadecimal
numerals.
Description
Use the snmp-agent usm-user command to add a new user to an SNMP group.
Use the undo snmp-agent usm-user command to cancel a user from the SNMP
group.
While using SNMPv3, SNMP engineID (for authentication) is required when you
configure a remote user for an agent. If you change engineID after configuring a user,
the user corresponding to the original engineID is not effective.
For V1 and V2C, this command will add a new community name. For SNMPv3, it will
add a new user for an SNMP group.
Related command: snmp-agent group, snmp-agent community and snmp-agent
local-engineid.
Example
# Add a user John to SNMPv3 group Johngroup. Configure to authenticate using

HMAC-MD5 algorithm, require authentication and set authentication password as
hello.
[Quidway] snmp-agent group v3 Johngroup
[Quidway] snmp-agent usm-user v3 John Johngroup authentication-mode md5 hello
1-22
Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 2 RMON Configuration Commands
Chapter 2 RMON Configuration Commands
2.1 RMON Configuration Commands

2.1.1 display rmon alarm
Syntax
display rmon alarm [ entry-number ]
View
Any view
Parameter
entry-number: Alarm entry index, in the range of 1 to 65535. If you do not specify this
argument, the configuration of all alarm entries is displayed.
Description
Use the display rmon alarm command to display the configuration of a specified alarm
entry or all the alarm entries.
Related command: rmon alarm.
Example
# Display the configuration of all the alarm entries.

<Quidway> display rmon alarm
Alarm table 1 owned by user1 is Valid.
Samples type : absolute
Variable formula : 1.3.6.1.2.1.2.2.1.10.4228009<ifInOctets.4228009>
Sampling interval : 6(sec)
Rising threshold : 10000(linked with event 1)
Falling threshold : 2000(linked with event 1)
When startup enables : risingOrFallingAlarm
Latest value : 0
Table 2-1 Description on the fields of the display rmon alarm command
Field Description
Alarm table Alarm entry
user1 Creator
Valid Valid for alarm entries corresponding to the index
2-1
Field Description
Samples type Sample type: change value or absolute value
Variable formula Variable formula of the sampled node
Sampling interval Sampling interval
Rising threshold Rising threshold
Falling threshold Falling threshold
Alarm startup type:
risingOrFallingAlarm (an alarm is triggered when the
rising or falling threshold is reached)
When startup enables risingAlarm (an alarm is triggered when the rising
threshold is reached)
FallingAlarm (an alarm is triggered when the falling
Latest value Latest sampled value
2.1.2 display rmon event
Syntax
display rmon event [ event-entry ]
View
Any view
Parameter
event-entry: Event entry index, in the range of 1 to 65535. If you do not specify this
argument, the configuration of all the event entries is displayed.
Description
Use the display rmon event command to display the configuration of a specified event
entry or all the event entries.
The displayed information includes: event entry index, event entry owner, event
description, the action triggered by the event (log or alarm messages), and the time (in
seconds) when the latest event is triggered (in terms of the time elapsed since the
system is started/initialized).
Related command: rmon event.
Example
# Display the configuration of all the event entries.

<Quidway> display rmon event
2-2
Event table 1 owned by user1 is VALID.

Description: null.
Will cause log-trap when triggered, last triggered at 0days 00h:02m:27s.
Table 2-2 Description on the fields of the display rmon event command
Field Description
Event table Event entries
The status of the line corresponding to the
VALID
index is valid
Description Event description
Will cause log-trap when triggered The event triggers logs and an trap alarm
last triggered at Time the latest event is triggered
2.1.3 display rmon eventlog
Syntax
display rmon eventlog [ event-entry ]
View
Any view
Parameter
event-entry: Event entry index, in the range of 1 to 65535. If you do not specify this
argument, the log of all the event entries is displayed.
Description
Use the display rmon eventlog command to display the log of a specified event entry
or all the event entries.
The displayed information includes: the indexes and status of the event entries in the
event table, the time (in seconds) when an event log is generated (in terms of the time
elapsed since the system is started or initialized), and the event description.
Example
# Display the log generated by the event entry numbered 1.

<Quidway> display rmon eventlog 1
Event table 1 owned by user1 is VALID.
Generates eventLog 1.1 at 0days 00h:01m:39s.
Description: The 1.3.6.1.2.1.16.1.1.1.4.1 defined in alarm table 1,
less than(or =) 100 with alarm value 0. Alarm sample type is absolute.
2-3
Generates eventLog 1.2 at 0days 00h:02m:27s.

Description: The alarm formula defined in private alarm table 1,
less than(or =) 100 with alarm value 0. Alarm sample type is absolute.
Table 2-3 Description on the fields of the display rmon eventlog command
Field Description
Event table Event entries
VALID
line is valid
Time when the event is triggered. The event
Generates eventLog 1.1 at 0days
may be triggered several times. 1.1
00h:02m:27s
indicates the time event 1 is first triggered
Description Description of an event log
2.1.4 display rmon history
Syntax
display rmon history [ interface-type interface-number | unit unit-number ]
View
Any view
Parameter

unit unit-number: Specifies a unit number.
Description
Use the display rmon history command to display the RMON history information
about a specified port. The information about the latest sample, including utilization, the
number of errors, the total number of packets and so on, is also displayed.
Related command: rmon history.
Example
# Display the RMON history information about Ethernet1/0/1.

<Quidway> display rmon history Ethernet 1/0/1
History control entry 1 owned by user1 is VALID
Samples interface : Ethernet1/0/1<ifIndex.4227817>
Sampling interval : 5(sec) with 10 buckets max
Latest sampled values :
2-4
dropevents : 0 , octets : 0
packets : 0 , broadcast packets : 0
multicast packets : 0 , CRC alignment errors : 0
undersize packets : 0 , oversize packets : 0
fragments : 0 , jabbers : 0
collisions : 0 , utilization : 0
Table 2-4 Description on the fields of the display rmon eventlog command
Field Description
History control entry Index number in the history control table
VALID
index is valid
Samples interface Sampled interface
buckets Number of records in the history control table
Latest sampled values Latest sampled information

dropevents Event about dropping packets
Number of received or transmitted bytes
octets
during sampling duration
Number of received or transmitted packets
packets
during sampling duration
broadcastpackets Number of broadcast packets
multicastpackets Number of multicast packets

CRC alignment errors Number of checkerror packets
undersize packets Number of undersize packets
oversize packets Number of oversize packets
fragments Number of undersize and checkerror packets
jabbers Number of oversize and checkerror packets
collisions Number of collision packets

utilization Utilization ratio
2.1.5 display rmon prialarm
Syntax
display rmon prialarm [ prialarm-entry-number ]
2-5
View
Any view
Parameter
prialarm-entry-number: Extended alarm entry Index, in the range of 1 to 65535. If you

do not specify this argument, the configuration of all the extended alarm entries is
displayed.
Description
Use the display rmon prialarm command to display the configuration of a specified
RMON extended alarm entry or all the RMON extended alarm entries.
Related command: rmon prialarm.
Example
# Display the configuration of all the extended RMON alarm entries.

<Quidway> display rmon prialarm
Prialarm table 1 owned by user1 is VALID.
Samples type : absolute
Variable formula : .1.3.6.1.2.1.16.1.1.1.4.1
Description :
Sampling interval : 10(sec)
Rising threshold : 10000(linked with event 1)
Falling threshold : 2000(linked with event 1)
When startup enables : risingOrFallingAlarm
This entry will exist : forever.
Latest value : 0
Table 2-5 Description on the fields of the display rmon prialarm command
Field Description
Prialarm table Index number of a line of the extended alarm table
owned by user1 Creator user 1
VALID Valid
Samples type Sample type: change value or absolute value
Variable formula Variable formula of the sampled node
Description Description
Rising threshold. An alarm is triggered when the
Rising threshold
rising threshold is reached
2-6
Field Description
Falling threshold. An alarm is triggered when the
Falling threshold
falling threshold is reached
linked with event Event index corresponding to an alarm
Alarm startup type:

risingOrFallingAlarm (an alarm is triggered when
the rising or falling threshold is reached)
When startup enables:
risingOrFallingAlarm risingAlarm (an alarm is triggered when the rising
FallingAlarm (an alarm is triggered when the
falling threshold is reached)
Existing period. This entry can exist forever or
This entry will exist: forever
exist in the specified cycle
Latest value Latest sampled value
2.1.6 display rmon statistics
Syntax
display rmon statistics [ interface-type interface-number | unit unit-number ]
View
Any view
Parameter

unit unit-number: Specifies a unit number.
Description
Use the display rmon statistics command to display the RMON statistics of a
specified port.
The displayed information include the number of the following items: collisions, packets
with CRC errors, undersize or oversize packets, broadcast packets, multicast packets,
received bytes, and received packets.
Related command: rmon statistics.
Example
# Display the RMON statistics information.

<Quidway> display rmon statistics Ethernet 1/0/1
2-7
Statistics entry 1 owned by user1-rmon is VALID.

Interface : Ethernet1/0/1<ifIndex.4227817>
etherStatsOctets : 0 , etherStatsPkts : 0
etherStatsBroadcastPkts : 0 , etherStatsMulticastPkts : 0
etherStatsUndersizePkts : 0 , etherStatsOversizePkts : 0
etherStatsFragments : 0 , etherStatsJabbers : 0
etherStatsCRCAlignErrors : 0 , etherStatsCollisions : 0
etherStatsDropEvents (insufficient resources): 0
Packets received according to length:
64 : 0 , 65-127 : 0 , 128-255 : 0
256-511: 0 , 512-1023: 0 , 1024-1518: 0
Table 2-6 Description on the fields of the display rmon statistics command
Field Description
Index number of the statistics information
Statistics entry
table
VALID Valid
Interface for which information statistics is to
Interface
be made
etherStatsOctets Number of bytes
etherStatsPkts Number of packets
etherStatsBroadcastPkts Number of broadcast packets
etherStatsMulticastPkts Number of multicast packets

etherStatsUndersizePkts Number of undersize packets
etherStatsOversizePkts Number of oversize packets
Number of undersize and checkerror
etherStatsFragments
packets
etherStatsJabbers Number of oversize and checkerror packets
etherStatsCRCAlignErrors Number of checkerror packets
etherStatsCollisions Number of collision packets
etherStatsDropEvents Event about dropping packets

Number of received packets of different
Packets received according to length
lengths
2-8
2.1.7 rmon alarm
Syntax
rmon alarm entry-number alarm-variable sampling-time { delta | absolute }

rising-threshold threshold-value1 event-entry1 falling-threshold threshold-value2
event-entry2 [ owner text ]
undo rmon alarm entry-number
View
System view
Parameter
entry-number: Alarm entry index, in the range of 1 to 65535.

alarm-variable: Alarm variable, a string comprising 1 to 256 characters in dotted node
OID format (such as 1.3.6.1.2.1.2.1.10.1). Only the variables that can be resolved to
ASN.1 INTEGER data type (that is, INTEGER, Counter, Gauge, or TimeTicks) can be
used as alarm variables.
sampling-time: Sampling interval (in seconds), in the range of 5 to 65,535.
delta: Specifies to sample increments (that is, the current increment with regard to the
latest sample)
absolute: Specifies to sample absolute values.
rising-threshold threshold-value1: Specifies the upper threshold. The
threshold-value1 argument ranges from 0 to 2,147,483,647.
event-entry1: Index of the event entry corresponding to the upper threshold, in the
range of 0 to 65535.
falling-threshold threshold-value2: Specifies the lower threshold. The
threshold-value2 argument ranges from 0 to 2,147,483,647.
event-entry2: Index of the event entry corresponding to the lower threshold, in the
owner text: Specifies the owner of the entry. The text argument is a string comprising 1
to 127 characters.
Description
Use the rmon alarm command to add an alarm entry to the alarm table.
Use the undo rmon alarm command to remove an alarm entry from the alarm table.
You can use the rmon alarm command to define an alarm entry so that a specific alarm
event can be triggered under specific circumstances. The act (such as logging and
sending trap messages to NMS) taken after an alarm event occurs is determined by the
corresponding alarm entry.
2-9
With an alarm entry defined in an alarm group, a network device performs the following
operations accordingly:
z Sample the defined alarm variables (alarm-variable) once in each specified period,
which is specified by the sampling-time argument.
z Comparing the sampled value with the set threshold and performing the
corresponding operations, as described in Table 2-7.
Table 2-7 Sample value and the corresponding operation
Comparison Operation
The sample value is larger than or equal to the Triggering the event identified by
set upper threshold (threshold-value1) the event-entry1 argument
The sample value is smaller than the set lower Triggering the event identified by
threshold (threshold-value2) the event-entry2 argument
Note:
z Before adding an alarm entry, you need to use the rmon event command to define
the events to be referenced by the alarm entry.
z Make sure the node to be monitored exists before executing the rmon alarm
command.
Example
# Add the alarm entry numbered 1 as follows:

z The node to be monitored: 1.3.6.1.2.1.16.1.1.1.4.1
z Sampling interval: 10 seconds
z Upper threshold: 50
z The event-entry1 argument identifies event 1.
z Lower threshold: 5
z The event-entry2 argument identifies event 2
z Owner: user1.
[Quidway] rmon event 1 log
[Quidway] rmon event 2 none
[Quidway]rmon alarm 1 1.3.6.1.2.1.16.1.1.1.4.1 10 absolute rising_threshold
50 1 falling_threshold 5 2 owner user1
# Delete the alarm entry numbered 15 from the alarm table.

[Quidway] undo rmon alarm 15
2-10
2.1.8 rmon event
Syntax
rmon event event-entry [ description string ] { log | trap trap-community | log-trap

log-trapcommunity | none } [ owner text ]
undo rmon event event-entry
View
System view
Parameter
event-entry: Event entry index, in the range of 1 to 65535.

description string: Specifies the event description, a string comprising 1 to 127
characters.
log: Logs events.
trap: Sends trap message to the NMS.
trap-community: Community name of the NMS that receives the trap messages, a
string comprising 1 to 127 characters.
log-trap: Logs the event and sends trap messages to NMS.
log-trapcommunity: Community name of the NMS that receives the log messages, a
character string of 1 to 127 characters.
none: Specifies that the event triggers no action.
owner text: Specifies the owner of the event entry. The text argument is a string
comprising 1 to 127 characters.
Description
Use the rmon event command to add an entry to the event table.
Use the undo rmon event command to delete an entry from the event table.
When adding an event entry to an event table, you need to specify the event index. You
need also to specify the corresponding actions, including logging the event, sending
trap messages to the NMS, and the both, for the network device to perform
corresponding operation when an alarm referencing the event is triggered.
Example
# Add the event entry numbered 10 to the event table and configure it to be a log event.
[Quidway] rmon event 10 log
2-11
2.1.9 rmon history
Syntax
rmon history entry-number buckets number interval sampling-interval [ owner text ]

undo rmon history entry-number
View
Ethernet port view
Parameter
entry-number: History entry index, in the range of 1 to 65535.

buckets number: Specifies the size of the history table that corresponds to the entry, in
the range of 1 to 65535.
interval sampling-interval: Specifies the sampling interval (in seconds). The
sampling-interval argument ranges from 5 to 3,600.
owner text: Specifies the owner of the entry, a string comprising 1 to 127 characters.
Description
Use the rmon history command to add an entry to a history control table.
Use the undo rmon history command to delete an entry from a history control table.
You can use the rmon history command to sample a specific port. You can also set the
sampling interval and the number of the samples that can be saved. After you execute
this command, the RMON system samples the port periodically and stores the samples
for later retrieval. The sampled information includes utilization, the number of errors,
and total number of packets.
You can use the display rmon history command to display the statistics of the history
control table.
Example
# Create the history entry numbered 1 for Ethernet1/0/1 port, with the table size being
10, the sampling interval being 5 seconds, and the owner being user1.
[Quidway]interface Ethernet 1/0/1
[Quidway-Ethernet1/0/1]rmon history 1 buckets 10 interval 5 owner user1
# Remove the history entry numbered 15.

[Quidway-Ethernet1/0/1] undo rmon history 15
2-12
2.1.10 rmon prialarm
Syntax
rmon prialarm entry-number prialarm-formula prialarm-des sampling-timer { delta |

absolute | changeratio } rising_threshold threshold-value1 event-entry1
falling_threshold threshold-value2 event-entry2 entrytype { forever | cycle
cycle-period } [ owner text ]
undo rmon prialarm entry-number
View
System view
Parameter
entry-number: Extended alarm entry index, in the range of 1 to 65535.

prialarm-formula: Expression used to perform operations on the alarm variables, a
string comprising 1 to 256 characters. The alarm variables in the expression must be
represented by OIDs, for example, (.1.3.6.1.2.1.2.1.10.1)*8. The operations available
are addition, subtraction, multiplication and division operations. The operation results
are rounded to values that are of long integer type. To prevent invalid operation results,
make sure the operation results of each step are valid long integers.
prialarm-des: Alarm description, a string comprising 1 to 128 characters.
sampling-timer: Sampling interval (in seconds), in the range of 10 to 65,535.
delta | absolute | changeratio: Specifies sample type, which can be deltas, absolute
values or change ratios.
threshold-value1: Upper threshold, in the range of 0 to 2,147,483,647.
event-entry1: Index of the event entry that corresponds to the upper threshold, in the
threshold-value2: Lower threshold, in the range of 0 to 2,147,483,647.
event-entry2: Index of the event entry that corresponds to the lower threshold, in the
forever: Specifies the alarm entry is valid indefinitely.
cycle: Specifies the alarm entry is valid periodically.
cycle-period: Cycle period, in seconds, ranging from 0 to 2,147,483,647.
owner text: Specifies the owner of the alarm entry, a string comprising 1 to 127
characters.
Description
Use the rmon prialarm command to create an extended entry in an extended RMON
alarm table.
2-13
Use the undo rmon prialarm command to remove a specified extended alarm entry.
Note:
z Before adding an extended alarm entry, you need to use the rmon event command
to define the events to be referenced by the entry.
z Make sure the node to be monitored exists before executing the rmon event
command.
z You can define up to 50 extended alarm entries.
With an extended alarm entry defined in an extended alarm group, the network devices
perform the following operations accordingly:
z Sampling the alarm variables referenced in the defined extended alarm
expressions (prialarm-formula) once in each period specified by the
sampling-timer argument.
z Performing operations on sampled values according to the defined extended
alarm expressions (prialarm-formula)
z Comparing the operation result with the set thresholds and perform corresponding
operations, as described in Table 2-8.
Table 2-8 Operation result and corresponding operation
Comparison Operation
The operation result is larger than or equal to the Triggering the event identified
set upper threshold (threshold-value1) by the event-entry1 argument
The operation result is smaller than or equal to Triggering the event identified
the set lower threshold (threshold-value2) by the event-entry2 argument
Example
# Add the extended alarm entry numbered 2 as follows:

z Perform operations on the corresponding alarm variables using the expression
((1.3.6.1.2.1.16.1.1.1.4.1)*100).
z Sampling interval: 10 seconds
z Upper threshold: 50
z Lower threshold: 5
z Event 1 is triggered when the change ratio is larger than the upper threshold.
z Event 2 is triggered when the change ratio is less than the lower threshold.
z The alarm entry is valid forever.
z Entry owner: user1
2-14

[Quidway-Ethernet1/0/1] rmon statistics 1
[Quidway] rmon prialarm 2 ((.1.3.6.1.2.1.16.1.1.1.4.1)*100) test 10
changeratio rising_threshold 50 1 falling_threshold 5 2 entrytype forever
owner user1
# Remove the extended alarm entry numbered 2 from the extended alarm table.
[Quidway] undo rmon prialarm 2
2.1.11 rmon statistics
Syntax
rmon statistics entry-number [ owner text ]

undo rmon statistics entry-number
View
Ethernet port view
Parameter
entry-number: Statistics entry Index, in the range of 1 to 65535.

owner text: Specifies the owner of the entry, a string comprising 1 to 127 characters.
Description
Use the rmon statistics command to add an entry to the statistics table.
Use the undo rmon statistics command to remove an entry from the statistics table.
The RMON statistics management function is used to take statistics of the usage of the
monitored ports and errors occurred to them. The statistics includes the number of the
following items: collisions, packet with CRC errors, undersize (or oversize) packets,
broadcast and multicast packets, received packets and bytes and so on.
Note:
For each port, only one RMON alarm table entry can be created, that is to say, if one
RMON alarm table entry was already created for a given port, creation of another entry
with a different index number for the same port will not succeed.
You can use the display rmon statistics command to display the statistics entries.
2-15
Example
# Add the statistics entry numbered 20 to take statistics of Ethernet1/0/1 port.

[Quidway-Ethernet1/0/1] rmon statistics 20
2-16
Command Manual – NTP
Table of Contents
Chapter 1 NTP Configuration Commands .................................................................................. 1-1

1.1 NTP Configuration Commands.......................................................................................... 1-1
1.1.1 display ntp-service sessions ................................................................................... 1-1
1.1.2 display ntp-service status........................................................................................ 1-2
1.1.3 display ntp-service trace ......................................................................................... 1-4
1.1.4 ntp-service access .................................................................................................. 1-4
1.1.5 ntp-service authentication enable ........................................................................... 1-5
1.1.6 ntp-service authentication-keyid.............................................................................. 1-6
1.1.7 ntp-service broadcast-client .................................................................................... 1-7
1.1.8 ntp-service broadcast-server................................................................................... 1-7
1.1.9 ntp-service in-interface disable ............................................................................... 1-8
1.1.10 ntp-service max-dynamic-sessions ....................................................................... 1-9
1.1.11 ntp-service multicast-client.................................................................................... 1-9
1.1.12 ntp-service multicast-server ................................................................................ 1-10
1.1.13 ntp-service reliable authentication-keyid............................................................. 1-11
1.1.14 ntp-service source-interface................................................................................ 1-12
1.1.15 ntp-service unicast-peer...................................................................................... 1-13
1.1.16 ntp-service unicast-server ................................................................................... 1-14
i
Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 NTP Configuration Commands
Chapter 1 NTP Configuration Commands
Note:
To reduce the risk of being attacked by malicious users against opened socket and
enhance switch security, the S3900 series Ethernet switches provide the following
functions, so that a socket is opened only when it is needed:
z Opening UDP port 123 (used for NTP) when NTP is enabled;
z Close UDP port 123 when NTP is disabled.
z When you enable NTP by using the ntp-service unicast-server, ntp-service
unicast-peer, ntp-service broadcast-client, ntp-service broadcast-server,
ntp-service multicast-client, or ntp-service multicast-server command, UDP
port 123 is opened at the same time.
z When you disable NTP from operating in any modes by using the undo forms of the
preceding six commands, UDP port 123 is closed at the same time.
1.1 NTP Configuration Commands

1.1.1 display ntp-service sessions
Syntax
display ntp-service sessions [ verbose ]
View
Any view
Parameter
verbose: Displays detailed NTP session information.
Description
Use the display ntp-service sessions command to display the information about all
the sessions maintained by local NTP service.
If you do not specify the verbose keyword, the brief information about all the sessions
is displayed.
1-1
Caution:
An S3900 series switch attempts to establish connections in all NTP implementation

modes except NTP server mode.
Example
# View the status of all the sessions maintained by NTP service.

<Quidway> display ntp-service sessions
source reference stra reach poll now offset delay disper
********************************************************************
[12345]1.1.1.1 127.127.1.0 3 377 512 178 0.0 40.1 22.8
note: 1 source(master),2 source(peer),3 selected,4 candidate,5 configured
Table 1-1 Description on the fields of the display ntp-service sessions command
Field Description
IP address of the synchronization source (device to be
source
synchronized)
reference Reference clock ID of the synchronization source
stra Stratum of the clock of the synchronization source

Indicates whether or not the synchronization source is
reach
reachable.
Polling interval in seconds, that is, the maximum interval
poll
between two successive messages
now The time elapsed since the latest NTP packet is sent
offset Clock offset
delay Network delay

The maximum offset of the local clock with regard to the
disper
reference clock
1.1.2 display ntp-service status
Syntax
display ntp-service status
View
Any view
1-2
Parameter
None
Description
Use the display ntp-service status command to display the status of NTP service.
Example
# View the status of the local NTP service.

<Quidway> display ntp-service status
Clock status: unsynchronized
Clock stratum: 16
Reference clock ID: none
Nominal frequency: 100.0000 Hz
Actual frequency: 100.0000 Hz
Clock precision: 2^17
Clock offset: 0.0000 ms
Root delay: 0.00 ms
Root dispersion: 0.00 ms
Peer dispersion: 0.00 ms
Reference time: 00:00:00.000 UTC Jan 1 1900(00000000.00000000)
Table 1-2 Description on the fields of the display ntp-service status command
Field Description
Clock status Local clock status
Clock stratum Stratum of the local clock
Address of the remote server or the ID of the
reference clock after the local system is
Reference clock ID
synchronized to a remote NTP server or a
reference clock
Nominal frequency of the local system hardware
Nominal frequency
clock
Actual frequency of the local system hardware
Actual frequency
clock
Clock precision Precision of the local system clock
Offset of the local clock with regard to the NTP
Clock offset
server
Roundtrip delay between the local system and
Root delay the server that serves as the primary reference
clock
The maximum dispersion of the local clock with
Root dispersion
regard to the primary reference clock
1-3
Field Description
The maximum dispersion of the remote NTP
Peer dispersion
server
Reference time Reference timestamp
1.1.3 display ntp-service trace
Syntax
display ntp-service trace
View
Any view
Parameter
None
Description
Use the display ntp-service trace command to display the brief information of each
NTP time server along the time synchronization chain from the local device to the
reference clock source.
Example
# View the brief information of each NTP time server along the time synchronization
chain from the local device to the reference clock source.
<Quidway> display ntp-service trace
server4: stratum 4, offset 0.0019529, synch distance 0.144135
server1: stratum 1, offset 0.0019298, synch distance 0.011993 refid 'GPS
Receiver'
The above information displays the time synchronization chain of server4: serve4 is
synchronized to server3, server3 is synchronized to server2, server2 is synchronized to
server1, and server1 is synchronized to the reference clock source GPS Receiver.
1.1.4 ntp-service access
Syntax
ntp-service access { peer | server | synchronization | query } acl-number

undo ntp-service access { peer | server | synchronization |query }
1-4
View
System view
Parameter
peer: Allows time request and query on the local NTP server. The local clock can also
be synchronized to the remote server.
server: Allows time request and query on the local NTP server. The local clock cannot
be synchronized to the remote server.
synchronization: Allows only time request on the local NTP server.
query: Allows only query on the local NTP server.
acl-number: Basic access control list (ACL) number, in the range of 2000 to 2999.
Description
Use the ntp-service access command to set the access control permission to the local
NTP server.
Use the undo ntp-service access command to cancel the configured access control
permission.
By default, the access permission to the local NTP server is peer.
Configuring access control permission to the NTP server only provides a least security
measure. Performing authentication is a more reliable way to improve security.
A received access is matched in this order: peer, server, synchronization, and query.
Example
# Configure the access permission of the peer defined in ACL 2076 to be peer.
[Quidway] ntp-service access peer 2076
# Configure the access permission of the peer defined in ACL 2028 to be server.
[Quidway] ntp-service access server 2028
1.1.5 ntp-service authentication enable
Syntax
ntp-service authentication enable

undo ntp-service authentication enable
1-5
View
System view
Parameter
None
Description
Use the ntp-service authentication enable command to enable the NTP

authentication.
Use the undo ntp-service authentication enable command to disable the NTP
authentication.
By default, the NTP authentication is disabled.
Example
# Enable the NTP authentication.

[Quidway] ntp-service authentication enable
1.1.6 ntp-service authentication-keyid
Syntax
ntp-service authentication-keyid key-id authentication-mode md5 value

undo ntp-service authentication-keyid key-id
View
System view
Parameter
key-id: Authentication key ID, in the range of 1 to 4294967295.

value: Authentication key, a string comprising 1 to 32 characters. Up to 1024 keys can
be configured.
Description
Use the ntp-service authentication-keyid command to configure an NTP

authentication key.
Use the ntp-service authentication-keyid command to remove an NTP
authentication key.
By default, no NTP authentication key is configured.
As for encryption algorithm, only message digest 5 (MD5) is currently supported.
1-6
Example
# Configure an MD5 authentication key, with the key ID being 10 and the key being
BetterKey.
[Quidway] ntp-service authentication-keyid 10 authentication-mode md5
BetterKey
1.1.7 ntp-service broadcast-client
Syntax
ntp-service broadcast-client
undo ntp-service broadcast-client
View
VLAN interface view
Parameter
None
Description
Use the ntp-service broadcast-client command to configure an Ethernet switch to

operate in the NTP broadcast client mode and receive NTP broadcast packets through
the current interface.
Use the undo ntp-service broadcast-client command to cancel the configuration.
By default, no switch operates in the broadcast client mode.
Example
# Configure the switch to operate in the broadcast client mode and receive NTP
broadcast packets through VLAN interface 1.
[Quidway] interface Vlan-interface1
[Quidway-Vlan-interface1] ntp-service broadcast-client
1.1.8 ntp-service broadcast-server
Syntax
ntp-service broadcast-server [ authentication-keyid key-id | version number ]*

undo ntp-service broadcast-server
1-7
View
VLAN interface view
Parameter
authentication-keyid key-id: Specifies the key ID used when sending messages to the
broadcast clients. The key-id argument ranges from 1 to 4294967295. This parameter
is not needed if you specify not to perform authentication.
version number: Specifies the NTP version number which ranges from 1 to 3. The
default version number is 3.
Description
Use the ntp-service broadcast-server command to configure an Ethernet switch to

operate in the NTP broadcast server mode and send NTP broadcast packets through
Use the undo ntp-service broadcast-server command to cancel the configuration.
By default, no Ethernet switch operates in the NTP broadcast server mode.
Example
# Configure to send NTP broadcast packets through VLAN interface 1, using the key
numbered 4 for encryption and setting the NTP version number to 3.
[Quidway-Vlan-interface1] ntp-service broadcast-server authentication-key 4
version 3
1.1.9 ntp-service in-interface disable
Syntax
ntp-service in-interface disable

undo ntp-service in-interface disable
View
VLAN interface view
Parameter
None
Description
Use the ntp-service in-interface disable command to disable the interface from
receiving NTP packets.
1-8
Use the undo ntp-service in-interface disable command to enable the interface to
receive NTP packets.
By default, the interface can receive NTP packets.
Example
# Disable VLAN interface 1 from receiving NTP packets.

[Quidway-Vlan-interface1] ntp-service in-interface disable
1.1.10 ntp-service max-dynamic-sessions
Syntax
ntp-service max-dynamic-sessions number

undo ntp-service max-dynamic-sessions
View
System view
Parameter
number: Maximum number of the NTP sessions that can to be established locally. This
Description
Use the ntp-service max-dynamic-sessions command to set the maximum number

of NTP sessions that can be established locally.
Use the undo ntp-service max-dynamic-sessions command to restore the default.
By default, up to 100 NTP sessions can be established locally.
Example
# Configure the maximum number of dynamic NTP sessions that can be established
locally to be 50.
[Quidway] ntp-service max-dynamic-sessions 50
1.1.11 ntp-service multicast-client
Syntax
ntp-service multicast-client [ ip-address ]
1-9
undo ntp-service multicast-client [ ip-address ]
View
VLAN interface view
Parameter
ip-address: Multicast IP address, ranging from 224.0.1.1 to 224.0.1.255. The default IP

address is 224.0.1.1.
Description
Use the ntp-service multicast-client command to configure an Ethernet switch to

operate in the NTP multicast client mode and receive NTP multicast packets through
Use the undo ntp-service multicast-client command to cancel the configuration.
By default, no Ethernet switch operates in the NTP multicast client mode.
Example
# Configure to receive NTP multicast packets through VLAN interface 1, with the
corresponding multicast group address being 224.0.1.1.
[Quidway-Vlan-interface1] ntp-service multicast-client 224.0.1.1
1.1.12 ntp-service multicast-server
Syntax
ntp-service multicast-server [ ip-address ] [ authentication-keyid key-id | ttl

ttl-number | version number ]*
undo ntp-service multicast-server [ ip-address ]
View
VLAN interface view
Parameter
ip-address: Multicast IP address, which defaults to 224.0.1.1.

authentication-keyid key-id: Specifies the key ID when sending messages to the
multicast clients. The key-id argument ranges from 1 to 4294967295.
ttl ttl-number: Sets the lifetime of the multicast packets. The ttl-number argument
ranges from 1 to 255 and defaults to 16.
1-10
version number: Specifies the NTP version number which ranges from 1 to 3 and
defaults to 3.
Description
Use the ntp-service multicast-server command to configure an Ethernet switch to

operate in the NTP multicast server mode and send NTP multicast packets through the
current interface.
Use the undo ntp-service multicast-server command to cancel the configuration.
By default, an Ethernet switch does not operate in multicast server mode.
Example
# Configure to send NTP multicast packets through VLAN interface 1, with the multicast
group address being 224.0.1.1, the key numbered 4 used for encryption, and the NTP
version number set to 3.
[Quidway-Vlan-interface1]ntp-service multicast-server 224.0.1.1
authentication-keyid 4 version 3
1.1.13 ntp-service reliable authentication-keyid
Syntax
ntp-service reliable authentication-keyid key-id

undo ntp-service reliable authentication-keyid key-id
View
System view
Parameter
key-id: Authentication key ID, in the range of 1 to 4294967295.
Description
Use the ntp-service reliable authentication-keyid command to specify an

authentication key to be a trusted key.
If authentication is enabled, a client can only be synchronized to a server that can
provide a trusted key.
Use the undo ntp-service reliable authentication-keyid command to cancel the
configuration.
By default, an authentication key is not a trusted key.
1-11
Example
# Enable NTP authentication, with MD5 algorithm adopted, key ID being 37, the key of
BetterKey and being a trusted key.
[Quidway] ntp-service authentication enable
[Quidway] ntp-service authentication-keyid 37 authentication-mode md5
BetterKey
[Quidway] ntp-service reliable authentication-keyid 37
1.1.14 ntp-service source-interface
Syntax
ntp-service source-interface Vlan-interface vlan-id

undo ntp-service source-interface
View
System view
Parameter
Vlan-interface vlan-id: Specifies an interface. The IP address of the interface serves

as the source IP address contained in the NTP packet to be sent. vlan-id indicates the
ID of the specified VLAN interface, ranging from 1 to 4094.
Description
Use the ntp-service source-interface command to specify the VLAN interface

through which NTP packets are to be sent.
Use the undo ntp-service source-interface command to cancel the configuration.
If you do not want the IP addresses of other interfaces on the local device to be the
destination addresses of the response packets, you can use this command to specify a
specific interface to send all NTP packets. In this way, the IP address of the interface is
the source IP addresses of all the NTP packets sent by the local device.
Example
# Specify the source IP addresses of all the NTP packets sent to be the IP address of
VLAN interface 1.
[Quidway] ntp-service source-interface Vlan-interface 1
1-12
1.1.15 ntp-service unicast-peer
Syntax
ntp-service unicast-peer { remote-ip | peer-name } [ authentication-keyid key-id |

priority | source-interface Vlan-interface vlan-id | version number ]*
undo ntp-service unicast-peer { remote-ip | peer-name }
View
System view
Parameter
remote-ip: IP address of the NTP peer. This argument cannot be a broadcast address,
a multicast address or the IP address of a reference clock.
peer-name: Peer host name, a string comprising 1 to 20 characters.
peer. The key-id argument ranges from 1 to 4294967295. By default, the authentication
is not enabled.
Priority: Specifies the peer identified by the remote-ip argument to be the preferred
peer for synchronization.
source-interface Vlan-interface vlan-id: Specifies an interface whose IP address is to
be used as the IP addresses of the NTP packets sent to the peer.
version number: Specifies the NTP version number. The number ranges from 1 to 3
and defaults to 3.
Description
Use the ntp-service unicast-peer command to configure an Ethernet switch to be an

active NTP peer.
Use the undo ntp-service unicast-peer command to cancel the configuration.
By default, an Ethernet switch is not an active NTP peer.
Note:
If you specify a remote server to be the peer of the local Ethernet switch by providing
the remote-ip argument in the ntp-service unicast-peer command, the local switch
operates in the active peer mode. In this case, the local switch and the remote server
can be synchronized to each other.
1-13
Example
# Configure to obtain time information from the peer with the IP of 128.108.22.44. And
the local peer can also provide time information to the remote peer. Set the NTP version
number to 3. The source IP addresses of NTP packets sent are that of VLAN interface
1.
[Quidway] ntp-service unicast-peer 128.108.22.44 version 3 source-interface
Vlan-interface 1
1.1.16 ntp-service unicast-server
Syntax
ntp-service unicast-server { remote-ip | server-name } [ authentication-keyid key-id

| priority | source-interface Vlan-interface vlan-id | version number ]*
undo ntp-service unicast-server { remote-ip | server-name }
View
System view
Parameter
remote-ip: IP address of an NTP server. This argument cannot be a broadcast address,

multicast group address or the IP address of a reference clock.
server-name: NTP server name, a string comprising 1 to 20 characters.
NTP server. The key-id argument ranges from 1 to 4294967295. By default, the
authentication is enabled.
priority: Specifies the server identified by the remote-ip or the server-name argument
is the preferred server.
source-interface Vlan-interface vlan-id: Specifies an interface whose IP address is to
be used as the source IP addresses of the NTP packets sent by the local device to the
server. vlan-id is the interface number.
version number: Specifies the NTP version number. The number argument ranges
Description
Use the ntp-service unicast-server command to configure an Ethernet switch to

operate in the NTP client mode.
Use the undo ntp-service unicast-server command to cancel the configuration.
By default, an Ethernet switch does not operate in the NTP client mode.
1-14
Note:
An Ethernet can operate as a client and be synchronized to the remote NTP server
identified by the remote-ip argument. Note that an NTP server will not be synchronized
to the local switch.
Example
# Configure the local device to be synchronized to the NTP server using the IP address
of 128.108.22.44, with the version number set to 3.
[Quidway] ntp-service unicast-server 128.108.22.44 version 3
1-15
Command Manual – SSH Terminal Service
Table of Contents
Chapter 1 SSH Terminal Service Configuration Commands .................................................... 1-1

1.1 SSH Server Configuration Commands .............................................................................. 1-1
1.1.1 display rsa local-key-pair public .............................................................................. 1-1
1.1.2 display rsa peer-public-key ..................................................................................... 1-3
1.1.3 display ssh server ................................................................................................... 1-4
1.1.4 display ssh user-information ................................................................................... 1-5
1.1.5 display ssh-server source-ip ................................................................................... 1-5
1.1.6 peer-public-key end................................................................................................. 1-6
1.1.7 protocol inbound...................................................................................................... 1-7
1.1.8 public-key-code begin ............................................................................................. 1-8
1.1.9 public-key-code end ................................................................................................ 1-8
1.1.10 rsa local-key-pair create........................................................................................ 1-9
1.1.11 rsa local-key-pair destroy .................................................................................... 1-11
1.1.12 rsa peer-public-key.............................................................................................. 1-11
1.1.13 rsa peer-public-key import sshkey ...................................................................... 1-12
1.1.14 ssh authentication-type default ........................................................................... 1-13
1.1.15 ssh server authentication-retries ......................................................................... 1-13
1.1.16 ssh server compatible-ssh1x enable................................................................... 1-14
1.1.17 ssh server rekey-interval ..................................................................................... 1-15
1.1.18 ssh server timeout............................................................................................... 1-16
1.1.19 ssh user assign rsa-key ...................................................................................... 1-17
1.1.20 ssh user authentication-type ............................................................................... 1-17
1.1.21 ssh-server source-interface................................................................................. 1-19
1.1.22 ssh-server source-ip............................................................................................ 1-19
1.2 SSH Client Configuration Commands ............................................................................. 1-20
1.2.1 display ssh2 source-ip........................................................................................... 1-20
1.2.2 display ssh server-info .......................................................................................... 1-20
1.2.3 public-key-code begin ........................................................................................... 1-21
1.2.4 public-key-code end .............................................................................................. 1-22
1.2.5 quit......................................................................................................................... 1-23
1.2.6 rsa peer-public-key................................................................................................ 1-23
1.2.7 ssh client assign rsa-key ....................................................................................... 1-24
1.2.8 ssh client first-time enable..................................................................................... 1-24
1.2.9 ssh2....................................................................................................................... 1-25
1.2.10 ssh2 source-interface.......................................................................................... 1-27
1.2.11 ssh2 source-ip ..................................................................................................... 1-27
1.3 SFTP Server Configuration Commands .......................................................................... 1-28
1.3.1 sftp server enable.................................................................................................. 1-28
i
Command Manual – SSH Terminal Service
1.3.2 ssh user service-type ............................................................................................ 1-29

1.3.3 sftp timeout............................................................................................................ 1-29
1.4 SFTP Client Configuration Commands ........................................................................... 1-30
1.4.1 bye......................................................................................................................... 1-30
1.4.2 cd........................................................................................................................... 1-31
1.4.3 cdup....................................................................................................................... 1-31
1.4.4 delete..................................................................................................................... 1-32
1.4.5 dir .......................................................................................................................... 1-32
1.4.6 display sftp source-ip ............................................................................................ 1-33
1.4.7 exit......................................................................................................................... 1-34
1.4.8 get ......................................................................................................................... 1-34
1.4.9 help........................................................................................................................ 1-35
1.4.10 ls.......................................................................................................................... 1-35
1.4.11 mkdir.................................................................................................................... 1-36
1.4.12 put ....................................................................................................................... 1-36
1.4.13 pwd...................................................................................................................... 1-37
1.4.14 quit....................................................................................................................... 1-37
1.4.15 remove ................................................................................................................ 1-38
1.4.16 rename ................................................................................................................ 1-39
1.4.17 rmdir .................................................................................................................... 1-39
1.4.18 sftp....................................................................................................................... 1-40
1.4.19 sftp source-interface............................................................................................ 1-41
1.4.20 sftp source-ip....................................................................................................... 1-42
ii
Command Manual –SSH Terminal Service Chapter 1 SSH Terminal Service
Chapter 1 SSH Terminal Service Configuration

Commands
1.1 SSH Server Configuration Commands

1.1.1 display rsa local-key-pair public
Syntax
display rsa local-key-pair public
View
Any view
Parameter
None
Description
Use the display rsa local-key-pair public command to display the public key of the
server host key pair. If no key pair is generated, the system prompts “% RSA keys not
found”.
Related command: rsa local-key-pair create.
Example
# Display the public key of the server host key pair.

<Quidway> display rsa local-key-pair public
=====================================================
Time of Key pair created: 20:08:35 2000/04/02
Key name: Quidway_Host
Key type: RSA encryption Key
=====================================================
Key code:
3047
0240
DE99B540 87B666B9 69C948CD BBCC2B60 997F9C18
9AA6651C 6066EF76 242DEAD1 DEFEA162 61677BD4
1A7BFAE7 668EDAA9 FB048C37 A0F1354D 5798C202
2253F4F5
1-1
0203
010001
Host public key for PEM format code:

---- BEGIN SSH2 PUBLIC KEY ----
AAAAB3NzaC1yc2EAAAADAQABAAAAQQDembVAh7ZmuWnJSM27zCtgmX+cGJqmZRxg
Zu92JC3q0d7+oWJhZ3vUGnv652aO2qn7BIw3oPE1TVeYwgIiU/T1
---- END SSH2 PUBLIC KEY ----
Public key code for pasting into OpenSSH authorized_keys file :

ssh-rsa
AAAAB3NzaC1yc2EAAAADAQABAAAAQQDembVAh7ZmuWnJSM27zCtgmX+cGJqmZRxgZu92JC3q
0d7+oWJhZ3vUGnv652aO2qn7BIw3oPE1TVeYwgIiU/T1 rsa-key
=====================================================
Time of Key pair created: 20:08:46 2000/04/02
Key name: Quidway_Server
Key type: RSA encryption Key
=====================================================
Key code:
3067
0260
D6D70AE4 D2A900BE AC21B4E7 617CBEFA 2BAED61F
B637070C 093F43AF 9DB9D644 BCD921EF D056EF36
26825C2A 1FC0EFC3 E27B5110 3F20F790 6C83274B
D0FC303F 51072D6C B5D0054D 3673EBA0 A4748984
5EBF6EBE CF6A13B1 C7858241 A2A9AA79
0203
010001
Note:
With the rsa local-key-pair create command configured:
z When the switch works in the SSHv1.x compatible mode, if you execute the display
rsa local-key-pair public command, two public keys are displayed. They are
Quidway_Host and Quidway_Server.
z When the switch works in the SSHv2.0 mode, if you execute the display rsa
local-key-pair public command, only one public key is displayed. It is
Quidway_Host.
1-2
1.1.2 display rsa peer-public-key
Syntax
display rsa peer-public-key [ brief | name keyname ]
View
Any view
Parameter
brief: Displays brief information about all public keys on the client.
keyname: Name of the client public key, a string of 1 to 64 characters.
Description
Use the display rsa peer-public-key command to display the client public key of the
specified RSA key pair. If no key name is specified, the command displays all public
keys of the client.
Example
# Display all public keys on the client.

<Quidway> display rsa peer-public-key brief
Address Bits Name
---------------------------
1023 abcd
1024 hq
# Display the public key named abcd of the client key pair.
<Quidway> display rsa peer-public-key name abcd
=====================================
Key name: abcd
Key address:
=====================================
Key Code:
308186
028180
739A291A BDA704F5 D93DC8FD F84C4274 631991C1 64B0DF17 8C55FA83 3591C7D4
7D5381D0 9CE82913 D7EDF9C0 8511D83C A4ED2B30 B809808E B0D1F52D 045DE408
61B74A0E 135523CC D74CAC61 F8E58C45 2B2F3F2D A0DCC48E 3306367F E187BDD9
44018B3B 69F3CBB0 A573202C 16BB2FC1 ACF3EC8F 828D55A3 6F1CDDC4 BB45504F
0201
25
1-3
1.1.3 display ssh server
Syntax
display ssh server { status | session }
View
Any view
Parameter
status: Displays SSH status information.

session: Displays SSH session information.
Description
Use the display ssh server command to display the status or session information
about the SSH server.
Related command: ssh server authentication-retries, ssh server timeout.
Example
# Display the status information about the SSH server.

<Quidway> display ssh server status
SSH version : 1.99
SSH connection timeout : 60 seconds
SSH server key generating interval : 0 hours
SSH Authentication retries : 3 times
SFTP Server: Enable
Caution:
z If you use the ssh server compatible-ssh1x enable command to configure the server
to be compatible with the client of SSHv1.x version, the SSH version will be
displayed as 1.99.
z If you use the undo ssh server compatible-ssh1x enable command to configure the
server to be not compatible with the client of SSHv1.x version, the SSH version will
be displayed as 2.0.
# Display the session information about the SSH server.

<Quidway> display ssh server session
Conn Ver Encry State Retry SerType Username
VTY 0 2.0 AES started 0 stelnet kk
1-4
VTY 1 2.0 AES started 0 sFTP abc
Table 1-1 Description on the fields of the display ssh server session command
Field Description
Conn Number of VTY interface used for user login
Ver SSH version
Encry Encryption algorithm used by SSH
State Current state
Retry Number of retries
SerType Type of service
Username User name
1.1.4 display ssh user-information
Syntax
display ssh user-information [ username ]
View
Any view
Parameter
username: SSH user name, a string of 1 to 80 characters.
Description
Use the display ssh user-information command to display information about the
current SSH users, including user name, authentication mode, corresponding public
key name and authorized service types. If the username is specified, the command
displays information about the specified user.
Example
# Display information about the current user.

<Quidway> display ssh user-information
Username Authentication-type User-public-key-name Service-type
kk rsa test sftp
1.1.5 display ssh-server source-ip
Syntax
display ssh-server source-ip
1-5
View
Any view
Parameter
None
Description
Use the display ssh-server source-ip command to display the current source IP
address specified for the SSH Server. If you specify a source interface for the SSH
Server, the command displays the IP address of the interface. If not, the command
displays 0.0.0.0.
Example
# Display the current source IP address specified for the SSH Server.
<Quidway> display ssh-server source-ip
1.1.6 peer-public-key end
Syntax
peer-public-key end
View
Public key view
Parameter
None
Description
Use the peer-public-key end command to return to system view from public key view.
Related command: rsa peer-public-key, public-key-code begin.
Example
# Exit from public key view.

[Quidway] rsa peer-public-key quidway003
[Quidway-rsa-public-key] peer-public-key end
[Quidway]
1-6
1.1.7 protocol inbound
Syntax
protocol inbound { all | ssh | telnet }
View
VTY user interface view
Parameter
all: Supports all protocols, including Telnet and SSH.

ssh: Supports only SSH.
telnet: Supports only Telnet.
Description
Use the protocol inbound command to configure the protocols supported in the
current user interface.
By default, both SSH and Telnet are supported.
After you use this command with SSH enabled, your configuration cannot take effect
until next login if no RSA key pair is configured.
Caution:
z When SSH protocol is specified, to ensure a successful login, you must configure
the AAA authentication using the authentication-mode scheme command.
z The protocol inbound ssh configuration fails if you configured
authentication-mode password or authentication-mode none. When you
configured SSH protocol successfully for the user interface, then you cannot
configure authentication-mode password or authentication-mode none any
more.
Related command: user-interface vty.
Example
# Configure vty0 through vty4 to support SSH only.

[Quidway-ui-vty0-4] protocol inbound ssh
1-7
1.1.8 public-key-code begin
Syntax
public-key-code begin
View
Public key view
Parameter
None
Description
Use the public-key-code begin command to enter public key edit view and input the
client public key.
You can key in a blank space between characters (since the system can remove the
blank space automatically), or press <Enter> to continue your input at the next line. But
the public key, which is generated randomly by the SSHv2.0-supporting client software,
should be composed of hexadecimal characters.
Related command: rsa peer-public-key, public-key-code end.
Example
# Enter public key edit view and input client public keys.
[Quidway-rsa-public-key] public-key-code begin
[Quidway-key-code] 308186028180739A291ABDA704F5D93DC8FDF84C427463
[Quidway-key-code] 1991C164B0DF178C55FA833591C7D47D5381D09CE82913
[Quidway-key-code] D7EDF9C08511D83CA4ED2B30B809808EB0D1F52D045DE4
[Quidway-key-code] 0861B74A0E135523CCD74CAC61F8E58C452B2F3F2DA0DC
[Quidway-key-code] C48E3306367FE187BDD944018B3B69F3CBB0A573202C16
[Quidway-key-code] BB2FC1ACF3EC8F828D55A36F1CDDC4BB45504F020125
[Quidway-key-code] public-key-code end
[Quidway-rsa-public-key]
1.1.9 public-key-code end
Syntax
public-key-code end
1-8
View
Public key edit view
Parameter
None
Description
Use the public-key-code end command to return from public key edit view to public
key view and save the public keys you set.
After you use this command to terminate the public key editing, public key validity will
be checked before the keys are saved.
z If there are illegal characters in the keys, the prompt will be given and the keys will
be discarded. Your configuration this time fails.
z If the keys are valid, they will be saved in the local public key list.
Example
# Exit from public key edit view and save the public keys.
[Quidway]rsa peer-public-key kk
[Quidway-rsa-public-key]public-key-code begin
[Quidway-rsa-key-code] public-key-code end
1.1.10 rsa local-key-pair create
Syntax
rsa local-key-pair create
View
System view
Parameter
None
Description
Use the rsa local-key-pair create command to generate RSA key pairs, whose names
are in the format of switch name plus “_Host” and “_Server”, Quidway_Host and
Quidway_Server for example.
1-9
After you use the command, the system prompts you to define the key length.
z In SSHv1.x, the key length is in the range of 512 to 2,048 (bits).
z In SSHv2.0, the key length is in the range of 1024 to 2048 (bits). To make SSH 1.x
compatible, 512- to 2,048-bit keys are allowed on clients, but the length of server
keys must be more than 1,024 bits. Otherwise, clients cannot be authenticated.
z If you use this command to generate an RSA key provided an old one exists, the
system will prompt you to replace the previous one or not.
Note:
Quidway_Host.
For a successful SSH login, you must generate the local RSA key pairs first. You just
need to execute the command once, with no further action required even after the
system is rebooted.
Related command: rsa local-key-pair destroy, display rsa local-key-pair public.
Example
# Generate a local RSA key pair.

[Quidway] rsa local-key-pair create
The local-key-pair will be created.
The range of public key size is (512 ~ 2048).
NOTES: If the key modulus is greater than 512,
It will take a few minutes.
Input the bits in the modulus[default = 1024]:
Generating keys...
........................++++++
.......++++++
.................................++++++++
...++++++++
........Done!
1-10
1.1.11 rsa local-key-pair destroy
Syntax
rsa local-key-pair destroy
View
System view
Parameter
None
Description
Use the rsa local-key-pair destroy command to destroy all existing RSA key pairs at
the server end.
Related command: rsa local-key-pair create.
Example
# Destroy all existing RSA key pairs at the server end.

[Quidway] rsa local-key-pair destroy
% The local-key-pair will be destroyed.
% Confirm to destroy these keys? [Y/N]: y
.............Done!
1.1.12 rsa peer-public-key
Syntax
rsa peer-public-key key-name
View
System view
Parameter
key-name: Client public key name, a string of 1 to 64 characters.
Description
Use the rsa peer-public-key command to enter public key view.

You can use this command along with the public-key-code begin command to
configure on the server client public keys, which are generated randomly by the
SSHv2.0-supporting client software.
1-11
Related command: public-key-code begin, public-key-code end.
Example
# Enter quidway002 public key view.

1.1.13 rsa peer-public-key import sshkey
Syntax
rsa peer-public-key key-name import sshkey file-name
View
System view
Paramter
key-name: Name of the public key of the client, a string in the range of 1 character to 64
characters.
file-name: Name of the public key file (which has been loaded to the Flash in advance),
a string in the range of 1 character to 142 characters.
Description
Use the rsa peer-public-key import sshkey command to transform the format of the
public key files of the client into the public key cryptography standard (PKCS) codes
and configure them automatically.
In this way, you need not configure public keys manually. After the client transmits
public key files of the RSA keys to the server through FTP/TFTP, this command can
transform the public key files to public keys and configure them automatically.
Example
# Transform the format of the public key file named abc in the client into the public key
named 123 automatically.
[Quidway] rsa peer-public-key 123 import sshkey abc
1-12
1.1.14 ssh authentication-type default
Syntax
ssh authentication-type default { password | rsa | password-publickey | all }

undo ssh authentication-type default
View
System view
Parameter
password: Specifies the authentication type of SSH users to password authentication.

rsa: Specifies the authentication type of SSH users to RSA public key authentication.
password-publickey: Specifies the authentication type of SSH users to both password
authentication and public key authentication, that is, the password authentication and
public key authentication must be satisfied simultaneously.
all: Specifies the authentication type of SSH users to either password authentication or
public key authentication, that is, one of the two authentication types must be satisfied.
Description
Use the ssh authentication-type default command to specify a default authentication

type for SSH users. After this command is configured, if a new SSH user added through
the ssh command has not passed the authentication specified by the ssh user
authentication-type command for this user, this user will adopt the default
authentication type.
Use the undo ssh authentication-type default command to remove the specified
default authentication type, that is, no default authentication type is specified. When a
new SSH user is added, an authentication type must be specified for it simultaneously.
By default, no default authentication type is specified.
Related command: ssh user authentication-type.
Example
# Specify the default authentication type of SSH users to password authentication.

[Quidway] ssh authentication-type default password
1.1.15 ssh server authentication-retries
Syntax
ssh server authentication-retries times
1-13
undo ssh server authentication-retries
View
System view
Parameter
times: Authentication retry times. It is in the range of 1 to 5 and defaults to 3.
Description
Use the ssh server authentication-retries command to set the authentication retry
times for SSH connections.
Use the undo ssh server authentication-retries command to restore the default
authentication retry times, which will take effect at next login.
Related command: display ssh server.
Note:
If you have used the ssh user authentication-type command to configure the
authentication type to password-publickey, you must set the authentication retry
times to a number greater than or equal to 2, for one is counted when a client sends a
public key to the server.
Example
# Set the authentication retry number to 4.

[Quidway] ssh server authentication-retries 4
1.1.16 ssh server compatible-ssh1x enable
Syntax
ssh server compatible-ssh1x enable

undo ssh server compatible-ssh1x
View
System view
Parameter
None
1-14
Description
Use the ssh server compatible-ssh1x enable command to make the server
compatible with the SSHv1.x version-supporting client.
Use the undo ssh server compatible-ssh1x enable command to make the server not
compatible with the SSH1v.x version-supporting client.
By default, the server is compatible with the SSHv1.x version-supporting client.
Note:
Quidway_Host.
Example
# Specify the server compatible with the SSHv1.x version-supporting client.

[Quidway] ssh server compatible-ssh1x enable
1.1.17 ssh server rekey-interval
Syntax
ssh server rekey-interval hours

undo ssh server rekey-interval
View
System view
Parameter
hours: Update period of the server key, in hours, ranging from 1 to 24.
Description
Use the ssh server rekey-interval command to set the update interval for the server
key.
Use the undo ssh server rekey-interval command to cancel the current configuration.
1-15
By default, the system does not update the server key.
Caution:
This command is only effective on users whose client version is SSHv1.x.
Example
# Set the update interval of the server key to 3 hours.

[Quidway] ssh server rekey-interval 3
1.1.18 ssh server timeout
Syntax
ssh server timeout seconds

undo ssh server timeout
View
System view
Parameter
seconds: Authentication timeout time. It is in the range of 1 to 120 (seconds) and

defaults to 60 seconds.
Description
Use the ssh server timeout command to set authentication timeout time for SSH
connections.
Use the undo ssh server timeout command to restore the default timeout time. The
default value takes effect at next login.
Related command: display ssh server.
Example
# Set the authentication timeout time to 80 seconds.

[Quidway] ssh server timeout 80
1-16
1.1.19 ssh user assign rsa-key
Syntax
ssh user username assign rsa-key keyname

undo ssh user username assign rsa-key
View
System view
Parameter
username: SSH user name, a string of 1 to 80 characters.

keyname: Client public key name, a string of 1 to 64 characters.
Description
Use the ssh user assign rsa-key command to allocate public keys to SSH users.
Use the undo ssh user assign rsa-key command to remove the association between
the public keys and SSH users. The configuration takes effect at the next login.
If the user already has a public key, the new public key overrides the old one.
Related command: display ssh user-information.
Example
# Set the client public key for the kk user to key1.

[Quidway] ssh user kk assign rsa-key key1
[Quidway]
1.1.20 ssh user authentication-type
Syntax
ssh user username authentication-type { password | rsa | password-publickey |

all }
undo ssh user username authentication-type
View
System view
Parameter
username: Valid SSH user name, a string of 1 to 80 characters.

password: Specifies the authentication type as password.
1-17
rsa: Specifies the authentication type as RSA public key.

password-publickey: Specifies the authentication type as both password and RSA
public key. That is, the user can pass the authentication only if both the password and
RSA public key are correct.
Note:
For the password-publickey authentication type:
z SSH1.x client users can access the switch as long as they pass one of the two
authentications.
z SSH2.0 client users can access the switch only when they pass both the
authentications.
all: Specifies the authentication type as either password or RSA public key. That is, the
user can pass the authentication if either the password or RSA public key is correct.
Description
Use the ssh user authentication-type command to define on the server the available
authentication type for an SSH user.
Use the undo ssh user authentication-type command to restore the default setting.
Note:
This command defines available authentication type on the server. The actual
authentication type, however, is determined by the client.
By default, no authentication type is specified for new users, so they cannot access the
switch.
For new users, the server must specify authentication type for them through the ssh
user authentication-type command. Otherwise, they cannot access the switch. The
new authentication type configured takes effect at the next login.
Example
# Specify the authentication type for the kk user as password.

[Quidway] ssh user kk authentication-type password
1-18
1.1.21 ssh-server source-interface
Syntax
ssh-server source-interface interface-type interface-number

undo ssh-server source-interface
View
System view
Parameter
interface-type: Type of source interface, which can be LoopBack or Vlan-interface.

interface-number: Number of source interface.
Description
Use the ssh-server source-interface command to specify source interface for SSH
Server. When the specified interface does not exist, the command prompts the
Use the undo ssh-server source-interface command to cancel the specified source
interface. Then the address of the device determined by the system is for the user to
access to the switch.
Example
# Specify source interface Vlan-interface 2 for SSH Server.

[Quidway] ssh-server source-interface Vlan-interface 2
1.1.22 ssh-server source-ip
Syntax
ssh-server source-ip ip-address

undo ssh-server source-ip
View
System view
Parameter
ip-address: Source IP address needed to set.
1-19
Description
Use the ssh-server source-ip command to specify source IP address for SSH Server.
When the specified ip-address is not the IP address of the device, the command
prompts configuration fails.
Use the undo ssh-server source-ip command to cancel the specified IP address.
Then the address of the device determined by the system is for the user to access to
the switch.
Example
# Specify source IP address 192.168.0.1 for SSH Server.

[Quidway] ssh-server source-ip 192.168.0.1
1.2 SSH Client Configuration Commands

1.2.1 display ssh2 source-ip
Syntax
display ssh2 source-ip
View
Any view
Parameter
None
Description
Use the display ssh2 source-ip command to display the current source IP address set
for the SSH2 Client. If you specify a source interface for the SSH2 Client, the command
displays the IP address of the interface. If not, the command displays 0.0.0.0.
Example
# Display the current source IP address specified for the SSH2 Client.
<Quidway> display ssh2 source-ip
1.2.2 display ssh server-info
Syntax
display ssh server-info
1-20
View
Any view
Parameter
None
Description
Use the display ssh server-info command to display the association between the
server public keys configured on the client and the servers.
Example
# Display the association between the server public keys and the servers.
[Quidway] display ssh server-info
Server Name(IP) Server public key name
______________________________________________________
192.168.0.1 abc_key01
192.168.0.2 abc_key02
1.2.3 public-key-code begin
Syntax
public-key-code begin
View
Public key view
Parameter
None
Description
Use the public-key-code begin command to enter public key edit view and set server
public keys.
You can key in a blank space between characters (since the system can remove the
blank space automatically), or press <Enter> to continue your input at the next line. But
the public key, which are generated randomly after you use the rsa local-key-pair
create command on the server, should be composed of hexadecimal characters.
Related command: rsa peer-public-key, public-key-code end.
Example
# Enter public key edit view and set server public keys.
1-21

[Quidway-key-code] 308186028180739A291ABDA704F5D93DC8FDF84C427463
[Quidway-key-code] 1991C164B0DF178C55FA833591C7D47D5381D09CE82913
[Quidway-key-code] D7EDF9C08511D83CA4ED2B30B809808EB0D1F52D045DE4
[Quidway-key-code] 0861B74A0E135523CCD74CAC61F8E58C452B2F3F2DA0DC
[Quidway-key-code] C48E3306367FE187BDD944018B3B69F3CBB0A573202C16
[Quidway-key-code] BB2FC1ACF3EC8F828D55A36F1CDDC4BB45504F020125
[Quidway-key-code] public-key-code end
1.2.4 public-key-code end
Syntax
public-key-code end
View
Public key edit view
Parameter
None
Description
Use the public-key-code end command to return from public key edit view to public
key view and save the public keys you set.
After you use this command to terminate the public key editing, public key validity will
be checked before the keys are saved.
z If there are illegal characters in the keys, the prompt will be given and the keys will
be discarded. Your configuration this time fails.
z If the keys are valid, they will be saved in the client list.
Example
# Exit from public key edit view and save the public keys.
[Quidway-rsa-key-code] public-key-code end
1-22
1.2.5 quit
Syntax
quit
View
User view
Parameter
None
Description
Use the quit command to terminate the connection to the remote SSH server.
Example
# Terminate the connection to the remote SSH server.

<Quidway> quit
1.2.6 rsa peer-public-key
Syntax
rsa peer-public-key key-name
View
System view
Parameter
key-name: Server public key name, a string of 1 to 64 characters.
Description
Use the rsa peer-public-key command to enter public key view.

You can use this command along with the public-key-code begin command to
configure on the client the server public keys, which are generated randomly after you
use the rsa local-key-pair create command.
Related command: public-key-code begin, public-key-code end, rsa local-key-pair
create.
Example
# Enter quidway002 public key view.

1-23

1.2.7 ssh client assign rsa-key
Syntax
ssh client { server-ip | server-name } assign rsa-key keyname

undo ssh client server-ip assign rsa-key
View
System view
Parameter
server-ip: Server IP address.

server-name: Server name, a string of 1 to 80 characters.
keyname: Server public key name, a string of 1 to 64 characters.
Description
Use the ssh client assign rsa-key command to specify on the client the public key for
the server to be connected to guarantee the client can be connected to a reliable
server.
Use the undo ssh client assign rsa-key command to remove the association
between the public keys and servers.
Example
# Specify on the client the public key of the server (with IP address 192.168.0.1) as abc.
[Quidway] ssh client 192.168.0.1 assign rsa-key abc
1.2.8 ssh client first-time enable
Syntax
ssh client first-time enable

undo ssh client first-time
View
System view
Parameter
None
1-24
Description
Use the ssh client first-time enable command to configure the client to run the initial
authentication.
Use the undo ssh client first-time command to remove the configuration.
Note:
In the initial authentication, if the SSH client does not have the public key for the server
which it accesses for the first time, the client continues to access the server and save
locally the public key of the server. Then at the next access, the client can authenticate
the server with the public key saved locally.
When the initial authentication function is not available, the client does not access the
server if it does not have the public key of the server locally. In this case, you need first
to save the public key of the target server to the client in other ways.
By default, the client runs the initial authentication.
Example
# Configure the client to run the initial authentication.

[Quidway] ssh client first-time enable
1.2.9 ssh2
Syntax
ssh2 { host-ip | host-name } [ port-num ] [ prefer_kex { dh_group1 |

dh_exchange_group } ] [ prefer_ctos_cipher { des | aes128 } ] [ prefer_stoc_cipher
{ des | aes128 } ] [ prefer_ctos_hmac { sha1 | sha1_96 | md5 | md5_96 } ]
[ prefer_stoc_hmac { sha1 | sha1_96 | md5 | md5_96 } ]
View
System view
Parameter
host-ip: Server IP address.

host-name: Server name, a string of 1 to 20 characters.
port-num: Server port number. It is in the range of 0 to 65,535 and defaults to 22.
1-25
prefer_kex: Key exchange algorithm preference. Choose one of the two algorithms
available.
dh_group1: Diffie-Hellman-group1-sha1 key exchange algorithm. It is the default
algorithm.
dh_exchange_group: Diffie-Hellman-group-exchange-sha1 key exchange algorithm.
prefer_ctos_cipher: Encryption algorithm preference from the client to server. It
defaults to AES128.
prefer_stoc_cipher: Encryption algorithm preference from the server to client. It
defaults to AES128.
des: DES_cbc encryption algorithm.
aes128: AES_128 encryption algorithm.
prefer_ctos_hmac: HMAC algorithm preference from the client to server. It defaults to
SHA1_96.
prefer_stoc_hmac: HMAC algorithm preference from the server to client. It defaults to
SHA1_96.
sha1: HMAC-SHA1 algorithm.
sha1_96: HMAC-SHA1_96 algorithm.
md5: HMAC-MD5 algorithm.
md5_96: HMAC-MD5-96 algorithm.
Note:
z DES (Data Encryption Standard) is the standard algorithm for data encryption.
z AES (Advanced Encryption Standard) is the advanced encryption standard
algorithm.
Description
Use the ssh2 command to enable the connection between SSH client and server,
define key exchange algorithm preference, encryption algorithm preference and HMAC
algorithm preference on the server and client.
Example
# Log into the SSHv2.0 server with IP address 10.214.50.51 and make these settings:
z Key exchange algorithm preference as dh_exchange_group
z encryption algorithm preference from the server to client as aes128
z HMAC algorithm preference from the client to server as md5
z HMAC algorithm preference from the server to client as sha1_96
1-26
[Quidway] ssh2 10.214.50.51 prefer_kex dh_exchange_group prefer_stoc_cipher
aes128 prefer_ctos_hmac md5 prefer_stoc_hmac sha1_96
1.2.10 ssh2 source-interface
Syntax
ssh2 source-interface interface-type interface-number

undo ssh2 source-interface
View
System view
Parameter

Description
Use the ssh2 source-interface command to specify source interface for SSH2 Client.
When the specified interface does not exist, the command prompts the configuration
fails.
Use the undo ssh2 source-interface command to remove the specified source
access to the SSH2 Server.
Example
# Specify source interface Vlan-interface 1 for SSH2 Client.

[Quidway] ssh2 source-interface Vlan-interface 1
1.2.11 ssh2 source-ip
Syntax
ssh2 source-ip ip-address

undo ssh2 source-ip
View
System view
1-27
Parameter
Description
Use the ssh2 source-ip command to specify the source interface for SSH2 Client.
Use the undo ssh2 source-ip command to remove the specified source IP address.
Then, the address of the device determined by the system is for the user to access to
the SSH2 Server.
Example
# Specify source IP address 192.168.0.1 for SSH2 Client.

[Quidway] ssh2 source-ip 192.168.1.1
1.3 SFTP Server Configuration Commands

1.3.1 sftp server enable
Syntax
sftp server enable

undo sftp server
View
System view
Parameter
None
Description
Use the sftp server enable command to enable the secure FTP (SFTP) server.
Use the undo sftp server enable command to disable the SFTP server.
By default, the SFTP server is disabled.
Example
# Enable the SFTP server.

1-28
[Quidway] sftp server enable
1.3.2 ssh user service-type
Syntax
ssh user username service-type { stelnet | sftp | all }

undo ssh user username service-type
View
System view
Parameter
username: Local user name or the user name defined on the remote RADIUS server, a
stelnet: Sets the service type to Telnet.
sftp: Sets the service type to SFTP.
all: Includes Telnet and SFTP two services types.
Description
Use the ssh user service-type command to specify service type for a user.
Use the undo ssh user service-type command to restore the default service type for
the SSH user in the system.
The default service type for the SSH user is stelnet.
Example
# Specify SFTP service for SSH user kk.

[Quidway] ssh user kk service-type sftp
1.3.3 sftp timeout
Syntax
sftp timeout time-out-value

undo sftp timeout
View
System view
1-29
Parameter
Time-out-value: Timeout time. It is in the range of 1 to 35,791 (minutes) and defaults to

10 minutes.
Description
Use the sftp timeout command to set the timeout time for the SFTP user connection.
Use the undo sftp timeout command to restore the default timeout time.
After you set the timeout time for the SFTP user connection, the system will
automatically release the connection when the time is up.
Example
# Set the timeout time for the SFTP user connection to 500 minutes.
[Quidway] sftp timeout 500
1.4 SFTP Client Configuration Commands

1.4.1 bye
Syntax
bye
View
SFTP Client view
Parameter
None
Description
Use the bye command to terminate the connection to the remote SFTP server and
return to system view.
This command has the same function as the exit and quit commands.
Example
# Terminate the connection to the remote SFTP server (assume that the server IP
address is 10.1.1.2).
sftp-client> bye
Bye
[Quidway]
1-30
1.4.2 cd
Syntax
cd [ remote-path ]
View
SFTP Client view
Parameter
remote-path: Name of a path on the server.
Description
Use the cd command to change the current path on the remote SFTP server. If you did
not specify the remote-path argument, the current path is displayed.
Note:
You can use the cd.. command to return to the upper level directory.
You can use the cd / command to return to the root directory of the system (that is,
flash:/).
Example
# Change current path to new1.

sftp-client> cd new1
Current Directory is:
flash:/new1
1.4.3 cdup
Syntax
cdup
View
SFTP Client view
Parameter
None
1-31
Description
Use the cdup command to return the current path on the remote SFTP server to the
upper directory.
Example
# Return to the upper directory.

sftp-client> cdup
Current Directory is:
flash:/
1.4.4 delete
Syntax
delete remote-file
View
SFTP Client view
Parameter
remote-file: Name of a file on the server.
Description
Use the delete command to delete the specified file from the remote SFTP server.
This command has the same function as the remove command.
Example
# Delete file test.txt from the server.

sftp-client> delete test.txt
The followed File will be deleted:
Flash:/test.txt
Are you sure to delete it?(Y/N):y
This operation may take a long time.Please wait...
File successfully Removed
1.4.5 dir
Syntax
dir [ remote-path ]
1-32
View
SFTP Client view
Parameter
remote-path: Name of the intended directory.
Description
Use the dir command to display the specified directory on the remote SFTP server.
If the remote-path argument is not specified, the files in the current directory are
displayed.
This command has the same function as the ls command.
Example
# Display the files in directory flash:/.

sftp-client> dir flash:/
-rwxrwxrwx 1 noone nogroup 1759 Aug 23 06:52 vrpcfg.cfg
-rwxrwxrwx 1 noone nogroup 225 Aug 24 08:01 pubkey2
-rwxrwxrwx 1 noone nogroup 225 Sep 28 08:28 pub1
drwxrwxrwx 1 noone nogroup 0 Sep 28 08:24 new1
1.4.6 display sftp source-ip
Syntax
display sftp source-ip
View
Any view
Parameter
None
Description
Use the display sftp source-ip command to display the current source IP address
specified for the SFTP Client.
If you specify a source interface for the SFTP Client, the command displays the IP
address of the interface. If not, the command displays 0.0.0.0.
1-33
Example
# Display the current source IP address specified for the SFTP Client.
<Quidway> display sftp source-ip
1.4.7 exit
Syntax
exit
View
SFTP Client view
Parameter
None
Description
Use the exit command to terminate the connection to the remote SFTP server and
return to system view.
This command has the same function as the bye and quit commands.
Example
# Terminate the connection to the remote SFTP server.

sftp-client> exit
Bye
[Quidway]
1.4.8 get
Syntax
get remote-file [ local-file ]
View
SFTP Client view
Parameter
remote-file: Name of the source file on the remote SFTP server.

local-file: Name assigned to the file to be saved at the local end.
Description
Use the get command to download and save a file from a remote server.
1-34
If no local file name is specified, the name of the source file is used by default.
Example
# Download file tt.bak and save it with name tt.txt.

sftp-client>get tt.bak tt.txt....
Remote file:flash:/tt.bak ---> Local file: tt.txt..
Downloading file successfully ended
1.4.9 help
Syntax
help [ command ]
View
SFTP Client view
Parameter
command: Name of a command.
Description
Use the help command to get the help information about the specified or all SFTP client
commands.
If the command argument is not specified, the help information about all commands is
displayed.
Example
# Display the help information about the get command.

sftp-client> help get
get remote-path [local-path] Download file.Default local-path is the same
with remote-path
1.4.10 ls
Syntax
ls [ remote-path ]
View
SFTP Client view
Parameter
remote-path: Name of the intended directory.
1-35
Description
Use the ls command to display the files in the specified directory on the remote SFTP
server..
If the remote-path argument is not specified, the files in the current directory are
displayed.
This command has the same function as the dir command.
Example
# Display the files in directory flash:/.

sftp-client> ls flash:/
-rwxrwxrwx 1 noone nogroup 1759 Aug 23 06:52 vrpcfg.cfg
1.4.11 mkdir
Syntax
mkdir remote-path
View
SFTP Client view
Parameter
remote-path: Name of a directory on the remote SFTP server.
Description
Use the mkdir command to create a directory on the remote SFTP server.
Example
# Create directory hj test on the remote SFTP server.

sftp-client>mkdir hj
New directory created
1.4.12 put
Syntax
put local-file [ remote-file ]
1-36
View
SFTP Client view
Parameter
local-file: Name of the source file at the local end.

remote-file: Name assigned to the file to be saved on the remote SFTP server.
Description
Use the put command to upload a local file to the remote SFTP server.
If no name is specified for the file to be saved on the remote SFTP server, the name of
the source file is used.
Example
# Upload local file vrpcfg.cfg to the remote SFTP server and save it with the name 1.txt.
sftp-client>put temp.c vrpcfg.cfg 1.txt
Local file:vrpcfg.cfg ---> Remote file: flash:/1.txt
Uploading file successfully ended
1.4.13 pwd
Syntax
pwd
View
SFTP Client view
Parameter
None
Description
Use the pwd command to display the current directory on the SFTP server.
Example
# Display the current directory on the SFTP server.

sftp-client> pwd
flash:/
1.4.14 quit
Syntax
quit
1-37
View
SFTP Client view
Parameter
None
Description
Use the quit command to terminate the connection to the remote SFTP server and exit
to system view.
This command has the same function as the bye and exit commands.
Example
# Terminate the connection to the remote SFTP server.

sftp-client> quit
Bye
[Quidway]
1.4.15 remove
Syntax
remove remote-file
View
SFTP Client view
Parameter
remote-file: Name of a file on the server.
Description
Use the remove command to delete the specified file from the remote SFTP server.
This command has the same function as the delete command.
Example
# Delete file temp.c from the server.

sftp-client> remove temp.c
The followed File will be deleted:
flash:/test2.txt
Are you sure to delete it?(Y/N):y
This operation may take a long time.Please wait...
File successfully Removed
1-38
1.4.16 rename
Syntax
rename old name new name
View
SFTP Client view
Parameter
old name: Original file name.

new name: New file name.
Description
Use the rename command to change the name of the specified file on the SFTP server.
Example
# Change the name of file temp.bat on the SFTP server to temp.txt.

sftp-client> rename temp bat temp.txt
File successfully renamed
1.4.17 rmdir
Syntax
rmdir remote-path
View
SFTP Client view
Parameter
remote-path: Name of a directory on the remote SFTP server.
Description
Use the rmdir command to delete the specified directory from the remote SFTP server.
Example
# Delete directory hello from the remote SFTP server.

sftp-client>rmdir hello
The followed directory will be deleted
flash:/hello
Are you sure to remove it?(Y/N):y
1-39
Directory successfully removed
1.4.18 sftp
Syntax
sftp { host-ip | host-name } [ port-num ] [ prefer_kex { dh_group1 |

dh_exchange_group } ] [ prefer_ctos_cipher { des | aes128 } ] [ prefer_stoc_cipher
{ des | aes128 } ] [ prefer_ctos_hmac { sha1 | sha1_96 | md5 | md5_96 } ]
[ prefer_stoc_hmac { sha1 | sha1_96 | md5 | md5_96 } ]
View
System view
Parameter
host-ip: IP address of the server.

host-name: Name of the server, a string of 1 to 20 characters.
port-num: Port number of the server, in the range 0 to 65,535. The default port number
is 22.
prefer_kex: Key exchange algorithm preference. Choose one of the two algorithms
available.
dh_group1: Diffie-Hellman-group1-sha1 key exchange algorithm. It is the default key
exchange algorithm.
dh_exchange_group: Diffie-Hellman-group-exchange-sha1 key exchange algorithm.
prefer_ctos_cipher: Encryption algorithm preference from the client to server. It
defaults to AES128.
prefer_stoc_cipher: Encryption algorithm preference from the server to client. It
defaults to AES128.
des: DES_cbc encryption algorithm.
aes128: AES_128 encryption algorithm.
prefer_ctos_hmac: HMAC algorithm preference from the client to server. It defaults to
SHA1_96.
prefer_stoc_hmac: HMAC algorithm preference from the server to client. It defaults to
SHA1_96.
sha1: HMAC-SHA1 algorithm.
sha1_96: HMAC-SHA1_96 algorithm.
md5: HMAC-MD5 algorithm.
md5_96: HMAC-MD5-96 algorithm.
1-40
Description
Use the sftp command to establish a connection to the SFTP server and enter SFTP
Client view.
Example
# Establish a connection to the SFTP server with IP address 10.1.1.2 and use the
default encryption algorithms.
[Quidway]sftp 192.168.0.65
Input Username: kk
Trying 192.168.0.65 ...
Connected to 192.168.0.65 ...
The Server is not authenticated. Do you continue access it?(Y/N):y

Do you want to save the server's public key?(Y/N):y
Enter password:
sftp-client>
1.4.19 sftp source-interface
Syntax
sftp source-interface interface-type interface-number

undo sftp source-interface
View
System view
Parameter

Description
Use the sftp source-interface command to specify source interface for SFTP Client.
When the specified interface does not exist, the command prompts the configuration
fails.
Use the undo sftp source-interface command to remove the specified source
access to the SFTP Server.
1-41
Example
# Specify source interface Vlan-interface 2 for SFTP Client.

[Quidway] sftp source-interface Vlan-interface 2
1.4.20 sftp source-ip
Syntax
sftp source-ip ip-address

undo sftp source-ip
View
System view
Parameter
Description
Use the sftp source-ip command to specify the source IP address for SFTP Client.
Use the undo sftp source-ip command to remove the specified source IP address.
Then, the address of the device determined by the system is for the user to access to
the SFTP Server.
Example
# Specify source IP address 192.168.0.1 for SFTP Client.

[Quidway] sftp source-ip 192.168.0.1
1-42
Command Manual – File System Management
Table of Contents
Chapter 1 File System Management Configuration Commands .............................................. 1-1

1.1 File Attribute Configuration Commands............................................................................. 1-1
1.1.1 boot attribute-switch ................................................................................................ 1-1
1.1.2 boot boot-loader ...................................................................................................... 1-2
1.1.3 boot boot-loader backup-attribute ........................................................................... 1-3
1.1.4 boot web-package................................................................................................... 1-4
1.1.5 display boot-loader.................................................................................................. 1-5
1.1.6 startup bootrom-access enable............................................................................... 1-6
1.2 File System Configuration Commands .............................................................................. 1-6
1.2.1 cd............................................................................................................................. 1-6
1.2.2 copy......................................................................................................................... 1-7
1.2.3 delete....................................................................................................................... 1-8
1.2.4 dir ............................................................................................................................ 1-9
1.2.5 execute.................................................................................................................. 1-11
1.2.6 file prompt.............................................................................................................. 1-12
1.2.7 fixdisk .................................................................................................................... 1-13
1.2.8 format .................................................................................................................... 1-13
1.2.9 mkdir...................................................................................................................... 1-14
1.2.10 more .................................................................................................................... 1-15
1.2.11 move.................................................................................................................... 1-15
1.2.12 pwd...................................................................................................................... 1-16
1.2.13 rename ................................................................................................................ 1-16
1.2.14 reset recycle-bin .................................................................................................. 1-17
1.2.15 rmdir .................................................................................................................... 1-18
1.2.16 undelete............................................................................................................... 1-18
1.2.17 update fabric........................................................................................................ 1-19
1.3 Configuration Backup and Restore Commands .............................................................. 1-21
1.3.1 backup current-configuration to............................................................................. 1-21
1.3.2 restore startup-configuration from ......................................................................... 1-22
Chapter 2 FTP/TFTP Lighting Configuration Commands ......................................................... 2-1

2.1 FTP Commands................................................................................................................. 2-1
2.1.1 ftp server enable...................................................................................................... 2-1
2.1.2 local-user................................................................................................................. 2-1
2.1.3 local-user password-display-mode.......................................................................... 2-2
2.1.4 password ................................................................................................................. 2-3
2.1.5 ftp ............................................................................................................................ 2-4
2.1.6 get ........................................................................................................................... 2-5
i
Command Manual – File System Management
2.2 TFTP Command ................................................................................................................ 2-5

2.2.1 tftp get ..................................................................................................................... 2-5
ii
Command Manual – File System Management Chapter 1 File System Management Configuration
Chapter 1 File System Management Configuration

Commands
Note:
For Ethernet switches that support IRF (intelligent resilient framework), you can input a
file path and file name in one of the following ways:
z In universal resource locator (URL) format and starting with “unit[No.]>flash:/” ( [No.]
represents the unit ID of the switch). This method is used to specify a file on a
specified unit. For example, if the unit ID of the switch is 1, the URL of a file named
text.txt and residing in the root directory must be “unit1>flash:/text.txt”.
z In URL format and starting with “flash:/”. This method can be used to specify a file in
the Flash memory of the current unit.
z Inputting the path name or file name directly. This method can be used to specify a
path or a file in the current work directory.
1.1 File Attribute Configuration Commands

1.1.1 boot attribute-switch
Syntax
boot attribute-switch { all | app | configuration | web } fabric
View
User view
Parameter
all: Specifies all the files, including app files, configuration files and Web files.
app: Specifies app files.
configuration: Specifies configuration files.
web: Specifies Web files.
fabric: Applies the configuration to the whole fabric.
1-1
Description
Use the boot attribute-switch command to switch between the main and backup
attribute for all the files or a specified type of files. That is, changes a file with the main
attribute to one with the backup attribute, or vice versa.
Example
# Switch the attributes of all the files in the fabric.

<Quidway> boot attribute-switch all fabric
The boot, web and configuration file's backup-attribute and main-attribute
will exchange.
successfully exchanged on unit 1!
successfully exchanged on unit 2!
1.1.2 boot boot-loader
Syntax
boot boot-loader file-url [ fabric ]
View
User view
Parameter
file-url: Path or the name of the app file in the Flash, a string comprising 1 to 64
characters.
Description
Use the boot boot-loader command to configure an app file of the fabric or of a device
in the fabric to be of the main attribute. The app file specified by this command
becomes the main startup file when the device starts the next time.
If you execute the boot boot-loader command without the fabric keyword, the
configuration applies to the local unit only.
1-2
Caution:
Before configuring the main or backup attribute for a file in the fabric, make sure the file
already exists on all devices in the fabric. This is because Ethernet switches do not
allows you to specify an app file only existing in other unit’s Flash memory as the app
startup file of the local unit.
Example
# Configure the file named boot.bin to be the main startup file of the fabric.
<Quidway> boot boot-loader boot.bin fabric
The specified file will be booted next time on unit 1!
1.1.3 boot boot-loader backup-attribute
Syntax
boot boot-loader backup-attribute file-url [ fabric ]
View
User view
Parameter
file-url: Path or the name of the app file in the Flash, a string comprising 1 to 64
characters.
Description
Use the boot boot-loader backup-attribute command to configure an app file of the
fabric or of a device in the fabric to be of the backup attribute. The app file specified by
this command becomes the backup startup file when the device starts up the next time.
When the main startup file is unavailable, the backup startup file is used to start the
switch.
If you execute the boot boot-loader backup-attribute command without the fabric
keyword, the configuration applies to the local unit only.
1-3
Caution:
Before configuring the main or backup attribute for a file in the fabric, make sure the file
already exists on all devices in the fabric. This is because Ethernet switches do not
allows you to specify an app file only existing in other unit’s Flash memory as the app
startup file of the local unit.
Example
# Configure the file named backup.bin to be the backup startup file of the fabric.
<Quidway> boot boot-loader backup-attribute backup.bin fabric
Set boot file backup-attribute successfully on unit 1!
Set boot file backup-attribute successfully on unit 2!
1.1.4 boot web-package
Syntax
boot web-package webfile { backup | main }
View
User view
Parameter
webfile: Name of a Web file, a string comprising 5 to 127 characters.

main: Specifies the file to be of the main attribute.
backup: Specifies the file to be of the backup attribute.
Description
Use the boot web-package command to configure a Web file in the fabric to be of the
main or backup attribute.
1-4
Caution:
z Before configuring the main or backup attribute for a Web file in the fabric, make
sure the file exists on all devices in the fabric.
z The configuration of the main or backup attribute of a Web file takes effect
immediately without restarting the device.
z After you upgrade a Web file, you need to specify the new Web file in the Boot menu
after restarting the switch. Otherwise, the Web server cannot function normally.
Example
# Configure the Web file named boot.web to be of the main attribute.

<Quidway> boot web-package boot.web main
1.1.5 display boot-loader
Syntax
display boot-loader [ unit unit-id ]
View
Any view
Parameter
Description
Use the display boot-loader command to display the information about the app
startup files of the fabric or of a device in the fabric. Displayed information includes the
current app startup file name, and the main and backup app startup files to be used
when the switch starts the next time.
If you execute the display boot-loader command without unit unit-id, all app startup
files of the fabric will be displayed.
Example
# Display the information about the app startup files of unit 1.

<Quidway> display boot-loader unit 1
Unit 1
The current boot app is: s3900.bin
The main boot app is: s3900.bin
The backup boot app is: s3900bak.bin
1-5
1.1.6 startup bootrom-access enable
Syntax
startup bootrom-access enable

undo startup bootrom-access enable
View
User view
Parameter
None
Description
Use the startup bootrom-access enable command to specify a switch to prompt for
the customized password before entering the BOOT menu.
Use the undo startup bootrom-access enable command to disable the above
function.
By default, the above function is enabled.
You can use the display startup command to verify these two commands.
Example
# Specify to prompt for the customized password before entering the BOOT menu.
<Quidway> startup bootrom-access enable
1.2 File System Configuration Commands
Note:
Note to limit the lengths of file path and file name within the following ranges regulated
for the switch.
z A directory name should be no more than 91 characters.
z A file name plus its local path name should be no more than 127 characters.
z A device name should be no more than 14 characters.
z A file name plus its complete path name should be no more than 142 characters.
1.2.1 cd
Syntax
cd directory
1-6
View
User view
Parameter
directory: Target directory.
Description
Use the cd command to enter a specified directory on the Ethernet switch.

The default directory is the root directory of Flash.
Example
# Enter the directory named test.

<Quidway> cd test
<Quidway> pwd
unit1>flash:/test
1.2.2 copy
Syntax
copy fileurl-source fileurl-dest
View
User view
Parameter
fileurl-source: Path name or file name of the source file in the Flash.
fileurl-dest: Path name or file name of the destination file in the Flash.
Description
Use the copy command to copy a file.

If the fileurl-dest argument identifies an existing file, the system prompts you for the
confirmation to overwrite the existing file.
Example
# Copy the file from flash:/vrpcfg.cfg into flash:/test/1.cfg.

<Quidway> copy flash:/vrpcfg.cfg flash:/test/1.cfg
Copy unit1>flash:/vrpcfg.cfg to unit1>flash:/test/1.cfg?[Y/N]:y
..
%Copy file unit1>flash:/vrpcfg.cfg to unit1>flash:/test/1.cfg...Done.
1-7
1.2.3 delete
Syntax
delete [ /unreserved ] file-url

delete { running-files | standby-files } [ /fabric ] [ /unreserved ]
View
User view
Parameter
/unreserved: Deletes a file completely.

file-url: Path name or file name of a file in the Flash memory. You can use the *
character in this argument as a wildcard. For example, the delete *.txt command
deletes all the files with txt as their extensions.
running-files: Specifies all the files with the main attribute.
standby-files: Specifies all the files with the backup attribute.
fabric: Deletes all the specified files in the fabric.
Description
Use the delete command to delete a specified file from the Flash memory on a switch.
You can use the * character in this argument as a wildcard.
If you execute the delete command with the /unreserved keyword specified, the
specified file is completely deleted. That is, the file cannot be restored.
For a file that has both the main and backup attributes, the delete running-files
deletes its main attribute only, and the delete standby-files command deletes its
backup attribute only.
Deleted files are stored in the recycle bin.
Following are the notes on deleted files:
z The dir command cannot display the information about deleted files.
z To display the information about deleted files, use the dir /all command.
z To restore a deleted file, use the undelete command.
z To delete the files in the recycle bin, use the reset recycle-bin command.
When you use the delete running-file or delete standby-file command, you will be
prompted to confirm whether to delete all files with the main/backup attribute. If you
choose yes, the corresponding files are deleted. If you choose no, the system will
further to prompt you confirming the following items orderly:
1) Delete the image file with the main/backup attribute?
2) Delete the configuration file with the main/backup attribute?
3) Delete the Web file with the main/backup attribute?
1-8
The corresponding messages are displayed as follows:

Delete the running image file? [Y/N]:n
Delete the running config file? [Y/N]:n
Delete the running web file? [Y/N]:n
Delete the backup image file? [Y/N]:n

Delete the backup config file? [Y/N]:n
Delete the backup web file? [Y/N]:n
The files will be deleted after you choose yes.
Caution:
For deleted files whose names are the same, only the latest deleted file is stored in the
recycle bin and can be restored.
Example
# Delete the file test/test.txt on the local unit.

<Quidway> delete test/test.txt
Delete unit1>flash:/test/test.txt?[Y/N]:y
.
%Delete file unit1>flash:/test/test.txt...Done.
# Delete the files that are of the main attribute in the fabric.
<Quidway> delete running-files /fabric
Delete the running files ? [Y/N]:y
Start deleting ..........
Unit1 delete success!
Unit2 delete success!
%Apr 4 11:25:40:973 2000 Quidway VFS/6/OPLOG:- 1 - Unit1 delete success!
%Apr 4 11:25:41:56 2000 Quidway VFS/6/OPLOG:- 1 – Unit2 delete success!
Deleting ... done
1.2.4 dir
Syntax
dir [ /all ] [ /fabric | file-url ]
View
User view
1-9
Parameter
/all: Displays the information about all the files, including those in the recycle bin.
/fabric: Displays the information about all the specified files in the fabric.
file-ur: Path name or the name of a file in the Flash memory. You can use the *
character as a wildcard. For example, the dir *.txt command displays the information
about all the files with the extension of txt in the current directory.
Description
Use the dir command to display the information about the specified files or directories
in the Flash memory on a switch.
You can use the * character as a wildcard.
In the output information, files with the main, backup or main/backup attribute a
tagged..
Note:
In the output information of the dir /all command, deleted files (that is, those in the
recycle bin) are embraced in brackets.
Example
# Display the information about all the normal files in the root directory of the file system
on the local unit.
<Quidway> dir
Directory of unit1>flash:/
1 (*) -rw- 5792495 Apr 02 2000 00:06:50 s3900.bin
2 (*) -rw- 1965 Apr 01 2000 23:59:13 3comoscfg.cfg
3 -rw- 5841301 Apr 02 2000 21:42:13 s3900d8.bin
4 -rw- 224 Apr 02 2000 01:36:30 s3800.bin
5 -rw- 279296 Apr 02 2000 00:22:01 test.abc
15367 KB total (3720 KB free)
(*) -with main attribute (b) -with backup attribute
(*b) -with both main and backup attribute
# Display the information about all the files (including the files in the recycle bin) in the
root directory of the file system of the fabric.
<Quidway> dir /all /fabric
1 (*) -rw- 5792495 Apr 02 2000 00:06:50 s3900.bin
2 -rwh 4 Apr 01 2000 23:55:26 snmpboots
1-10
3 -rwh 151 Apr 02 2000 00:05:53 private-data.txt

5 -rw- 5841301 Apr 02 2000 21:42:13 s3900d8.bin
6 -rw- 224 Apr 02 2000 01:36:30 s3800.bin
7 -rw- 279296 Apr 02 2000 00:22:01 test.abc
8 -rw- 2370 Apr 02 2000 02:49:12 [1.cfg]
0 -rwh 4 Apr 01 2000 23:55:24 snmpboots
1 (*) -rw- 4724347 Apr 01 2000 23:59:45 s3900.bin
3 -rw- 1737 Apr 02 2000 00:46:21 cfg.cfg
4 -rw- 279296 Apr 02 2000 00:21:55 love.rar
5 -rw- 428 Apr 02 2000 13:07:11 hostkey
6 -rwh 151 Apr 01 2000 23:58:39 private-data.txt
7 -rw- 572 Apr 02 2000 13:07:20 serverkey
8 -rw- 1589 Apr 02 2000 00:58:20 1.cfg
# Display the information about all the files whose names begin with the character t
(including those in the recycle bin) in the local directory unit1>flash:/test/.
<Quidway> dir /all test/t*
Directory of unit1>flash:/test/
0 -rw- 279296 Apr 04 2000 14:45:19 test.txt
1.2.5 execute
Syntax
execute filename
View
System view
Parameter
filename: Batch file, with the extension .bat.
Description
Use the execute command to execute the specified batch file.
1-11
This command executes command lines in the batch file in sequence. Note that the
batch file cannot contain any invisible character. If any invisible character is found, the
command will quit execution and this process is irretrievable.
This command is the automation of executing commands in the batch file manually
except that the command:
z Does not guarantee that every command in the file is executed.
z Does not perform hot backup.
z Does not restrict the forms and contents of commands in the file.
Example
# Execute the batch file named test.bat under the directory flash:/.
[Quidway] execute test.bat
<Quidway>
....
%Created dir unit1>flash:/test3.
1.2.6 file prompt
Syntax
file prompt { alert | quiet }
View
System view
Parameter
alert: Prompts for confirmation before performing file-related operations that have
potential risks.
quiet: Disables prompts for file-related operations.
Description
Use the file prompt command to configure the prompt mode for file-related operations.
By default, a switch prompts for confirmation before performing file-related operations
that have potential risks.
If you set the prompt mode of the file-related operations to quiet, the switch does not
prompt for confirmation before performing file-related operations. In this case, the
system is more likely to operate improperly if irretrievable file-related operations are
performed. For example, when the prompt mode is set as alert, the following messages
will be displayed when you delete a file:
<Quidway> delete unit1>flash:/te.txt
1-12
Delete unit1>flash:/te.txt?[Y/N]:y
......
%Delete file unit1>flash:/te.txt...Done.
when the prompt mode is set as quiet, the following messages will be displayed when
you delete a file:
<Quidway> delete unit1>flash:/te.txt
....
%Delete file unit1>flash:/te.txt...Done.
Example
# Set the prompt mode to quiet for file-related operations.

[Quidway] file prompt quiet
1.2.7 fixdisk
Syntax
fixdisk device
View
User view
Parameter
device: Device name.
Description
Use the fixdisk command to restore space on the Flash memory.

In case that space on the Flash memory may become unavailable for reasons such as
abnormal operations, you can run this command to restore the damaged space.
Example
# Restore space on the Flash memory.

<Quidway> fixdisk flash:
Fixdisk flash: may take some time to complete.
%Fixdisk unit1>flash: completed.
1.2.8 format
Syntax
format device
1-13
View
User view
Parameter
device: Name of a device.
Description
Use the format command to format the Flash memory.
Caution:
The format operation leads to the loss of all the files on the Flash memory, and the
operation is irretrievable.
Example
# Format Flash.
<Quidway> format unit1>flash:
All data on unit1>flash: will be lost , proceed with format ? [Y/N]:y
% Now begin to format flash, please wait for a while...
Format winc: completed
1.2.9 mkdir
Syntax
mkdir directory
View
User view
Parameter
directory: Name of the directory.
Description
Use the mkdir command to create a directory in a specified directory of a specified

Flash.
Note that the names of the directories and files in the same directory must be unique.
1-14
Example
# Create a directory in the current directory, with the name being dd.
<Quidway> mkdir dd
% Created dir flash:/dd
1.2.10 more
Syntax
more file-url
View
User view
Parameter
file-url: Path name or file name of a file in the Flash.
Description
Use the more command to display the content of a specified file.

Currently, the content of a file can only be displayed in text.
Example
# Display the content of the file named test.txt.

<Quidway> more test.txt
AppWizard has created this test application for you.
This file contains a summary of what you will find in each of the files that
make up your test application.
Test.dsp
This file (the project file) contains information at the project level and is
used to build a single project or subproject. Other users can share the project
(.dsp) file, but they should export the makefiles locally.
1.2.11 move
Syntax
move fileurl-source fileurl-dest
View
User view
Parameter
fileurl-source: Path name or file name of the source file in the Flash.
1-15
fileurl-dest: Path name or file name of the target file in the Flash, a string comprising 1
to 142 characters.
Description
Use the move command to move a file to a specified directory. You can also assign a
new name for the file.
If the target file name is the name of an existing file, the system prompts you for the
confirmation to overwrite the existing file.
Example
# Move the file named sample.txt from flash:/test/ to flash:/, with the name not changed.
<Quidway> move flash:/test/sample.txt flash:/sample.txt
Move flash:/test/sample.txt to flash:/sample.txt ?[Y/N]:y
% Moved file flash:/test/sample.txt to flash:/sample.txt
1.2.12 pwd
Syntax
pwd
View
User view
Parameter
None
Description
Use the pwd command to display the current path.
Example
# Display the current path.

<Quidway> pwd
unit1>flash:
1.2.13 rename
Syntax
rename fileurl-source fileurl-dest
View
User view
1-16
Parameter
fileurl-source: Path name or file name of a file in the Flash.

fileurl-dest: Path name or a file name.
Description
Use the rename command to rename a file or a directory.

If the target file name or directory name is the same with any existing file name or
directory name, you will fail to rename a file.
Example
# Rename the file named sample.txt as sample.bak.

<Quidway> rename sample.txt sample.bak
Rename flash:/sample.txt to flash:/sample.bak ?[Y/N]:y
% Renamed file flash:/sample.txt to flash:/sample.bak
1.2.14 reset recycle-bin
Syntax
reset recycle-bin [ file-url ] [ /force ]

reset recycle-bin [ /fabric ]
View
User view
Parameter
file-url: Path name or file name of a file in the Flash. This argument supports the
wildcard “*”.
/force: Does not prompt for confirmation before deleting files.
/fabric: Clear the recycle bins of all Flash memories in the fabric.
Description
Use the reset recycle-bin command to clear the recycle bin in the Flash.
The files deleted using the delete command are actually moved to the recycle bin. To
delete them completely, you can use the reset recycle-bin command.
Note:
The system will not prompt you to confirm deletion of each file when you clear recycle
bins throughout the fabric.
1-17
Example
# Clear the recycle bin in unit 1 of the fabric.

<Quidway>reset recycle-bin unit1>flash:/
Clear unit1>flash:/te.txt ?[Y/N]:y
Clearing files from flash may take a long time. Please wait...
.....
%Cleared file unit1>flash:/~/te.txt.
Clear unit1>flash:/tex.txt ?[Y/N]:y
Clearing files from flash may take a long time. Please wait...
...
%Cleared file unit1>flash:/~/tex.txt.
1.2.15 rmdir
Syntax
rmdir directory
View
User view
Parameter
directory: Name of a directory.
Description
Use the rmdir command to delete a directory.

As only empty directories can be deleted, you need to clear a directory before deleting
it.
Example
# Delete the directory named MyDoc.

<Quidway> rmdir MyDoc
Rmdir MyDoc?[Y/N]:y
% Removed directory MyDoc
1.2.16 undelete
Syntax
undelete file-url
1-18
View
User view
Parameter
file-url: Path name or the file name of a file in the Flash.
Description
Use the undelete command to restore a deleted file in the recycle bin.
If the name of the file to be restored is the same as that of an existing file, the system
prompts you for the confirmation to overwrite the latter.
Example
# Restore the deleted file named sample.bak.

<Quidway> undelete sample.bak
Undelete flash:/sample.bak ?[Y/N]:y
% Undeleted file flash:/sample.bak
1.2.17 update fabric
Syntax
update fabric file-name
View
User view
Parameter
file-name: Name of the file to be upgraded.
Description
Use the update fabric command to use an app, Boot ROM or Web file on a device in
the fabric to upgrade all the units in the fabric.
Caution:
Use update fabric when all traffic flows are stopped only.
Global upgrade to app, Web and Boot ROM files are supported currently. You can
specify the type of files to be upgraded by the file extension. For example, S3900.bin,
1-19
S3900.btm and S3900.web represents host software, Boot ROM files and Web files
respectively.
Note:
z You can upgrade files with extensions web, bin and btm.
z The file used for upgrading must exist in the root directory of a unit in the fabric.
z After the file used for upgrading is synchronized, it will be copied to root directories
of other units in the fabric.
z When you execute the update fabric command, the system first collects the free
space information of each unit and then decides whether the available Flash space
is enough on each unit. The available space should be at least 1 K larger than the
size of file used for upgrading. If any space inefficiency is found, the system will
prompt the user to make room on the Flash memory of this unit to complete the
upgrade.
z Before the file is copied to all units, the system collects version information of files
with the corresponding type, compares the version compatibility, and outputs the
result. If the file used for upgrading cannot replace the corresponding file on any unit,
the command fails and a message is given, describing the failure reason.
Example
# Upgrade all devices in the fabric with the app file named s3900.bin on the local unit.
<Quidway>display irf-fabric
Fabric name is 3900-EI, system mode is L3.
Fabric authentication : no authentication, number of units in stack: 1.
Unit Name Unit ID
First 1(*)
First 2
First 8
<Quidway>update fabric s3900.bin
This will update the Fabric. Continue? [Y/N] y
The software is verifying ...
The result of verification is :
Unit ID Free space(bytes) Enough Version comparison
1 2126848 Y Y
2 2125824 Y Y
8 1439744 Y Y
warning: the verification is completed, start the file transmission [Y/N] y
The fabric is being updated, 100%
The s3900.bin is stored on unit 1 successfully
1-20

Do you want to set s3900.bin to be running agent next time to boot[Y/N] y
The s3900.bin is configured successfully
1.3 Configuration Backup and Restore Commands

1.3.1 backup current-configuration to
Syntax
backup { unit unit-id | fabric } current-configuration to dest-addr filename.cfg
View
User view
Parameter
unit-id: Unit ID of a switch.

fabric: Specifies the whole fabric system.
dest-addr: IP address of a TFTP server.
dest-hostname: Host name of a TFTP server.
filename.cfg: Name of the configuration file to which the current configuration will be
backed up, a string of 5 to 56 characters (including the extension .cfg).
Description
Use the backup unit current-configuration to command to back up the current

configuration of a specified switch to a file on a TFTP server.
Use the backup fabric current-configuration to command to back up the current
configurations of all the switches in the fabric to a file on a TFTP server.
Example
# Back up the current configuration of unit 8 to the file aaa.cfg on the TFTP server with
IP address 1.1.1.253.
<Quidway> backup unit 8 current-configuration to 1.1.1.253 aaa.cfg
Backup current configuration to 1.1.1.253. Please wait...
File will be transferred in binary mode.
Copying file to remote tftp server. Please wait...
TFTP: 1958 bytes sent in 0 second(s).
File uploaded successfully.
Unit 8: Backup current configuration finished!
1-21
# Back up the current configuration of the whole fabric to the file aaa.cfg on the TFTP
server with IP address 1.1.1.253.
<Quidway> backup fabric current-configuration to 1.1.1.253 aaa.cfg
Backup current configuration to 1.1.1.253. Please wait...
Copying file to remote tftp server. Please wait...

1.3.2 restore startup-configuration from
Syntax
restore { unit unit-id | fabric } startup-configuration from { source-addr |

source-hostname } filename.cfg
View
User view
Parameter

fabric: Specifies the whole fabric system.
source-addr: Host name or IP address of a TFTP server.
source-hostname: Host name of a TFTP server
filename.cfg: Name of the configuration file to be downloaded, a string of 5 to 56
characters (including the extension .cfg).
Description
Use the restore unit startup-configuration from command to restore the startup
configuration of a specified switch from a file on a TFTP server.
Use the restore fabric startup-configuration from command to restore the startup
configuration of the whole fabric from a file on a TFTP server.
Example
# Restore the startup configuration of unit 7 from the file aaa.cfg on the TFTP server
with the IP address 1.1.1.253.
<Quidway> restore unit 7 startup-configuration from 1.1.1.253 aaa.cfg
Restore startup configuration from 1.1.1.253. Please wait...
1-22

Downloading file from remote tftp server, please wait...
File downloaded successfully.
Unit 7: Restore startup current configuration finished!
# Restore the startup configuration of the whole fabric from the file bbb.cfg on the TFTP
server with the IP address 1.1.1.253.
<Quidway> restore fabric startup-configuration from 1.1.1.253 bbb.cfg
Restore startup configuration from 1.1.1.253. Please wait...
Downloading file from remote tftp server, please wait...

1-23
Command Manual - File System Management Chapter 2 FTP/TFTP Lighting Configuration
Quidway S5100-EI Series Ethernet Switches-Release 1510 Commands
Chapter 2 FTP/TFTP Lighting Configuration

Commands
2.1 FTP Commands

2.1.1 ftp server enable
Syntax
ftp server enable

undo ftp server
View
System view
Parameter
None
Description
Use the ftp server enable command to enable FTP server and allow FTP users to log
in.
Use the undo ftp server command to disable FTP server and inhibit FTP users from
logging in.
By default, FTP server is disabled.
You can use the commands here to enable or disable FTP server. Disabling FTP server
can ensure secure operating of the device.
Example
# Disable FTP server.

[Quidway] undo ftp server
% Close FTP server
2.1.2 local-user
Syntax
local-user user-name
2-1
undo local-user { user-name | all [ service-type { telnet | ftp | lan-access | ssh |

terminal } ] }
View
System view
Parameter
user-name: Local user name, a character string of no more than 80 characters. This
string cannot contain the following characters: /:*?<>. It can contain no more than one
"@" character; the pure user name (the part before "@", that is, the user ID) cannot be
longer than 55 characters. The user name is case-insensitive; that is, the system
considers UserA and usera you input as the same user.
service-type: Specifies a user type. You can specify one of the following user types:
telent, ftp, lan-access (this type of users are mainly Ethernet access users, for
example, 802.1x users), ssh, and terminal (this type of users can use terminal service,
that is, the users can log into the switch through Console port, AUX port, or
Asynchronous serial port).
all: Specifies all users.
Description
Use the local-user command to add a local user and enter local user view.
Use the undo local-user command to delete the specified local user(s).
Example
# Add a local user named hello1.

[Quidway] local-user hello1
[Quidway-luser-hello1]
2.1.3 local-user password-display-mode
Syntax
local-user password-display-mode { auto | cipher-force }

undo local-user password-display-mode
View
System view
2-2
Parameter
auto: Specifies to display passwords in the modes adopted when the passwords are
set. If a password is set in cipher mode, the password will be displayed in cipher text; or
else, the password will be displayed in plain text.
cipher-force: Specifies to display passwords in cipher text forcibly.
Description
Use the local-user password-display-mode command to set the password display

mode to be used when the switch displays the local users.
Use the undo local-user password-display-mode command to restore the default
password display mode.
If the cipher-force mode is adopted, the passwords will be displayed in cipher text
even though the password command is used to specify the password display mode to
simple.
By default, the password display mode of local users is auto.
Example
# Set the password display mode to be used when the switch displays local users to
cipher-force.
[Quidway] local-user password-display-mode cipher-force
2.1.4 password
Syntax
password { simple | cipher } password

undo password
View
Local user view
Parameter
simple: The password will be displayed in plain text.

cipher: The password will be displayed in cipher text.
password: Password to be set. In simple mode, it is a string of 1 to 63 characters; in
cipher mode, it is a character string of 1 to 63 characters or 88 characters.
Description
Use the password command to set a password for the local user.
2-3
Use the undo password command to cancel the password setting.

Note that, after the local-user password-display-mode cipher-force command is
used, the user password will be displayed in cipher text even though the password
command is used to specify the password display mode to simple.
Example
# Set the password of user hello1 to 20030422 in plain text.

[Quidway] local-user hello1
[Quidway-luser-hello1] password simple 20030422
2.1.5 ftp
Syntax
ftp [ ipaddress [ port ] ]
View
User view
Parameter
ipaddress: IP address of a remote FTP server.

port: Port number of the remote FTP server. If the port argument is not specified, the
default port number will be used.
Description
Use the ftp command to establish a control connection with a remote FTP server and
enter FTP client view.
Example
# Connect to the remote FTP server with IP address 1.1.1.1.

<Quidway> ftp 1.1.1.1
Trying ...
Connected.
User(none):hello
Password:
230 User logged in.
2-4
2.1.6 get
Syntax
get remotefile [ localfile ]
View
FTP client command view
Parameter
localfile: Local file name.

remotefile: File name on the FTP server.
Description
Use the get command to download a remote file and save the file to the local device.
If no local file name is specified, the switch will save the remote file locally with the
same file name as that on the remote FTP server
Example
# Download the file temp1.c and save it to the local file temp.c.
Trying ...
Connected.
User(none):hello
Password:
230 User logged in.
[ftp] get temp1.c temp.c
200 Port command okay.
150 Opening ASCII mode data connection for temp1.c.
..226 Transfer complete.
FTP: 1709 byte(s) received in 2.176 second(s) 0.00 byte(s)/sec.
[ftp]
2.2 TFTP Command

2.2.1 tftp get
Syntax
tftp tftp-server get source-file [ dest-file ]
2-5
View
User view
Parameter
tftp-server: IP address or host name of a TFTP server.

source-file: Name of the file which will be downloaded from the TFTP server.
dest-file: Name of the file to which the downloaded file will be saved on the switch.
Description
Use the tftp get command to download a file from a TFTP server to this switch.
Example
# Download the file LANSwitch.bin from the TFTP server with the IP address of
1.1.3.214 to this switch and save it to the file vs.bin.
<Quidway> tftp 1.1.3.214 get LANSwitch.bin vs.bin
2-6
Command Manual – FTP and TFTP
Table of Contents
Chapter 1 FTP and TFTP............................................................................................................... 1-1

1.1 FTP Server Configuration Commands............................................................................... 1-1
1.1.1 display ftp-server ..................................................................................................... 1-1
1.1.2 display ftp-server source-ip ..................................................................................... 1-2
1.1.3 display ftp-user ........................................................................................................ 1-2
1.1.4 ftp disconnect .......................................................................................................... 1-3
1.1.5 ftp server enable...................................................................................................... 1-4
1.1.6 ftp timeout................................................................................................................ 1-4
1.1.7 ftp-server source-interface ...................................................................................... 1-5
1.1.8 ftp-server source-ip ................................................................................................. 1-6
1.2 FTP Client Configuration Commands ................................................................................ 1-6
1.2.1 ascii ......................................................................................................................... 1-6
1.2.2 binary....................................................................................................................... 1-7
1.2.3 bye........................................................................................................................... 1-8
1.2.4 cd............................................................................................................................. 1-9
1.2.5 cdup......................................................................................................................... 1-9
1.2.6 close ...................................................................................................................... 1-10
1.2.7 debugging.............................................................................................................. 1-11
1.2.8 delete..................................................................................................................... 1-12
1.2.9 dir .......................................................................................................................... 1-13
1.2.10 disconnect ........................................................................................................... 1-14
1.2.11 display ftp source-ip ............................................................................................ 1-15
1.2.12 ftp ........................................................................................................................ 1-15
1.2.13 ftp { cluster | remote-server } source-interface.................................................... 1-16
1.2.14 ftp { cluster | remote-server } source-ip ............................................................... 1-17
1.2.15 ftp source-interface ............................................................................................. 1-17
1.2.16 ftp source-ip......................................................................................................... 1-18
1.2.17 get ....................................................................................................................... 1-19
1.2.18 lcd........................................................................................................................ 1-20
1.2.19 ls.......................................................................................................................... 1-21
1.2.20 mkdir.................................................................................................................... 1-22
1.2.21 open .................................................................................................................... 1-23
1.2.22 passive ................................................................................................................ 1-23
1.2.23 put ....................................................................................................................... 1-24
1.2.24 pwd...................................................................................................................... 1-25
1.2.25 quit....................................................................................................................... 1-26
1.2.26 remotehelp .......................................................................................................... 1-27
1.2.27 rename ................................................................................................................ 1-28
i
1.2.28 rmdir .................................................................................................................... 1-29

1.2.29 user ..................................................................................................................... 1-29
1.2.30 verbose................................................................................................................ 1-30
1.3 TFTP Configuration Commands ...................................................................................... 1-31
1.3.1 display tftp source-ip ............................................................................................. 1-31
1.3.2 tftp ......................................................................................................................... 1-32
1.3.3 tftp get ................................................................................................................... 1-32
1.3.4 tftp put ................................................................................................................... 1-33
1.3.5 tftp tftp-server source-interface ............................................................................. 1-34
1.3.6 tftp tftp-server source-ip ........................................................................................ 1-34
1.3.7 tftp source-interface .............................................................................................. 1-35
1.3.8 tftp source-ip.......................................................................................................... 1-36
1.3.9 tftp-server acl......................................................................................................... 1-37
ii
Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 FTP and TFTP
Chapter 1 FTP and TFTP
1.1 FTP Server Configuration Commands

1.1.1 display ftp-server
Syntax
display ftp-server
View
Any view
Parameter
None
Description
Use the display ftp-server command to display the FTP server-related settings of a
switch when it operates as an FTP server.
You can use this command to verify FTP server-related configurations.
Example
# Display the FTP server-related settings of the switch (assuming that the switch is
operating as an FTP server).
<Quidway> display ftp-server
FTP server is running
Max user number 1
User count 0
Timeout value(in minute) 30
Table 1-1 Description on the fields of the display ftp-server command
Field Description
FTP server is running The FTP server is started
The FTP server can accommodate up to
Max user number 1
one user.
User count 0 The current login user number is 0.
Timeout value (in minute) 30 The connection idle time is 30 minutes.
1-1
1.1.2 display ftp-server source-ip
Syntax
display ftp-server source-ip
View
Any view
Parameter
None
Description
Use the display ftp-server source-ip command to display the source IP address set
for an FTP server. If a source interface is specified for the FTP server, the IP address of
the source interface will be displayed. If neither source interface nor source IP address
is specified, 0.0.0.0 will be displayed.
Example
# Display the source IP address set for the FTP server.

<Quidway> display ftp-server source-ip
1.1.3 display ftp-user
Syntax
display ftp-user
View
Any view
Parameter
None
Description
Use the display ftp-user command to display the settings of the current FTP user,
including the user name, host IP address, port number, connection idle time, and
authorized directory.
Example
# Display FTP user settings.

<Quidway> display ftp-user
1-2
Username Host IP Port Idle Homedir

quidway 10.110.3.5 1074 2 flash:
# If the user name exceeds ten characters, characters behind the tenth will be
displayed in the second line with a left-aligning mode. Take username username@test
for example, the result is:
Username Host IP Port Idle Homedir
username@t 10.110.3.5 1074 2 flash:
est
1.1.4 ftp disconnect
Syntax
ftp disconnect user-name
View
System view
Parameter
user-name: Name of the user to be disconnected from the FTP server.
Description
Use the ftp disconnect command to terminate the connection between a specified
user and the FTP server.
Note:
If you attempt to disconnect a user that is uploading/downloading data to/from the FTP
server that is acted by an S3900, the S3900 will disconnect the user after the data
transmission is completed.
Example
# Display the current online FTP users.

UserName HostIP Port Idle HomeDir
test 192.168.0.3 1229 0 flash:
# Disconnect the user named “test” from the FTP server.

1-3
[Quidway] ftp disconnect test

% The user connection will be disconnected after the data transfer finished
1.1.5 ftp server enable
Syntax
ftp sever enable

undo ftp sever
View
System view
Parameter
None
Description
Use the ftp server enable command to enable the FTP server for users to log in.
Use the undo ftp server command to disable the FTP server.
By default, the FTP server is disabled to avoid potential security risks.
Example
# Enable the FTP server.

[Quidway] ftp server enable
% Start FTP server
1.1.6 ftp timeout
Syntax
ftp timeout minutes

undo ftp timeout
View
System view
Parameter
minutes: Connection idle time (in minutes) ranging from 1 to 35,791. The default
connection idle time is 30 minutes.
1-4
Description
Use the ftp timeout command to set the connection idle time.
Use the undo ftp timeout command to restore the default connection idle time.
If a FTP connection between an FTP server and an FTP client breaks down abnormally,
the FTP server is not acknowledged with this and will keep this connection as usual.
You can set a connection idle time, so that the FTP server considers a FTP connection
to be invalid and terminate it if no data exchange occurs on it in a specific period known
as connection idle time.
Example
# Set the connection idle time to 36 minutes.

[Quidway] ftp timeout 36
1.1.7 ftp-server source-interface
Syntax
ftp-server source-interface interface-type interface-number

undo ftp-server source-interface
View
System view
Parameter
interface-type: Type of the source interface.

interface-number: Number of the source interface.
Description
Use the ftp-server source-interface command to specify the source interface for an
FTP server. If the specified interface does not exist, a prompt appears to show the
Use the undo ftp-server source-interface command to cancel the source interface
setting. After you execute this command, the FTP server system decides which
interface will be used for being accessed by FTP clients.
Example
# Specify Vlan-interface2 as the source interface of the FTP server.

1-5
[Quidway] ftp-server source-interface Vlan-interface 2
1.1.8 ftp-server source-ip
Syntax
ftp-server source-ip ip-address

undo ftp-server source-ip
View
System view
Parameter
ip-address: IP address that is to be specified as the source IP address.
Description
Use the ftp-server source-ip command to specify the source IP address for an FTP
server. The value of argument ip-address must be an IP address on the device where
the configuration is performed, and otherwise a prompt appears to show the
Use the undo ftp-server source-ip command to cancel the source IP address setting.
After you execute this command, the FTP server system decides which IP address on it
will be used for being accessed by FTP clients.
Example
# Specify 192.168.1.1 as the source IP address of the FTP server.

[Quidway] ftp-server source-ip 192.168.1.1
1.2 FTP Client Configuration Commands

1.2.1 ascii
Syntax
ascii
View
FTP client view
Parameter
None
1-6
Description
Use the ascii command to specify that files be transferred in ASCII mode. That is, data
is transferred in ASCII characters.
By default, files are transferred in ASCII mode.
Example
# Enter FTP client view.

Trying ...
Connected.
220 WFTPD 2.0 service (by Texas Imperial Software) ready for new user
User(none):switch
331 Give me your password, please
Password:
230 Logged in successfully
[ftp]
# Specify to transfer text files in ASCII mode.

[ftp] ascii
200 Type set to A.
1.2.2 binary
Syntax
binary
View
FTP Client view
Parameter
None
Description
Use the binary command to specify that program files be transferred in binary mode.
Example

Trying ...
Connected.
1-7
User(none):switch
Password:
[ftp]
# Specify to transfer files in binary mode.

[ftp] binary
200 Type set to I.
1.2.3 bye
Syntax
bye
View
FTP client view
Parameter
None
Description
Use the bye command to terminate the control connection and data connection with
the remote FTP server and quit to user view.
This command has the same effect as that of the quit command.
Example

Trying ...
Connected.
User(none):switch
Password:
[ftp]
# Terminate the connections with the remote FTP server and quit to user view.
[ftp] bye
221 Server closing.
1-8
<Quidway>
1.2.4 cd
Syntax
cd pathname
View
FTP client view
Parameter
pathname: Path name
Description
Use the cd command to change the work directory on the remote FTP server.
Note that you can use this command to enter only authorized directories.
Example

Trying ...
Connected.
User(none):switch
Password:
[ftp]
# Change the work directory to flash:/temp.

[ftp] cd flash:/temp
# Display the current work directory.

[ftp] pwd
257 "flash:/temp" is current directory.
1.2.5 cdup
Syntax
cdup
1-9
View
FTP client view
Parameter
None
Description
Use the cdup command to exit the current work directory and enter the parent
directory.
Example

Trying ...
Connected.
User(none):switch
Password:
[ftp]
# Change the work directory to flash:/temp.

[ftp] cd flash:/temp
# Change the work directory to the parent directory.

[ftp] cdup
# Display the current directory.

[ftp] pwd
257 "flash:" is current directory.
1.2.6 close
Syntax
close
View
FTP client view
Parameter
None
1-10
Description
Use the close command to terminate an FTP connection without quitting FTP client
view.
This command has the same effect as that of the disconnect command.
Example

Trying ...
Connected.
User(none):switch
Password:
[ftp]
# Terminate the FTP connection without quitting FTP client view.

[ftp] close
221 Server closing.
[ftp]
1.2.7 debugging
Syntax
debugging
undo debugging
View
FTP client view
Parameter
None
Description
Use the debugging command to enable system debugging.

Use the undo debugging command to disable system debugging.
Example
1-11

Trying ...
Connected.
User(none):switch
Password:
[ftp]
# Enable system debugging.

[ftp] debugging
Debug is on.
1.2.8 delete
Syntax
delete remotefile
View
FTP client view
Parameter
remotefile: File name
Description
Use the delete command to delete a specified remote file.
Example

Trying ...
Connected.
User(none):switch
Password:
[ftp]
# Delete the file named temp.c.
1-12
[ftp] delete temp.c

250 DELE command successful.
1.2.9 dir
Syntax
dir [ filename [ localfile ] ]
View
FTP client view
Parameter
filename: Name of the file to be queried.

localfile: Name of the local file where the query result is to be saved.
Description
Use the dir command to query specified files on a remote FTP server, or to display file
information in the current directory. The output information, which includes the name,
size and creation time of files, will be saved in a local file.
If you do not specify the filename argument, the information about all the files in the
current directory is displayed.
Example

Trying ...
Connected.
User(none):switch
Password:
[ftp]
# Display the information about all the files in the current directory on the remote FTP
server.
[ftp] dir
200 PORT command okay
7 File Listing Follows in ASCII mode
-rwxrwxrwx 1 noone nogroup 430585 Dec 21 2004 4.bin
-rwxrwxrwx 1 noone nogroup 430585 Dec 21 2004 5.bin
1-13
-rwxrwxrwx 1 noone nogroup 430585 Dec 23 2004 6. bin

-rwxrwxrwx 1 noone nogroup 430585 Dec 21 2004 6. bin.bak
-rwxrwxrwx 1 noone nogroup 638912 Nov 15 2004 abc.BTM
drwxrwxrwx 1 noone nogroup 0 Dec 15 2004 TEST
-rwxrwxrwx 1 noone nogroup 3212176 Jul 14 2004 21.bin
226 Transfer finished successfully.
# Display the information about the file named 4.app and save the output information in
the file named temp1.
[ftp] dir 4.app temp1
-rwxrwxrwx 1 noone nogroup 430585 Dec 21 2004 4. bin
1.2.10 disconnect
Syntax
disconnect
View
FTP client view
Parameter
None
Description
Use the disconnect command to terminate a FTP connection without quitting FTP
client view.
This command has the same effect as that of the close command.
Example

Trying ...
Connected.
User(none):switch
1-14
Password:
[ftp]
# Terminate the FTP connection without quitting FTP Client view.

[ftp] disconnect
221 Server closing.
[ftp]
1.2.11 display ftp source-ip
Syntax
display ftp source-ip
View
Any view
Parameter
None
Description
Use the display ftp source-ip command to display the source IP address that the FTP
client uses every time it connects with an FTP server. If a source interface is specified
for the FTP client, the IP address of the source interface will be displayed. If neither a
source IP address nor source interface is specified for the FTP client, 0.0.0.0 will be
displayed.
Example
# Display the source IP address that the FTP client always uses to connect with an FTP
server.
<Quidway> display ftp source-ip
1.2.12 ftp
Syntax
ftp [ cluster | remote-server [ port-number ] ]
View
User view
1-15
Parameter
ip-address: Host name or the IP address of an FTP server. Note that the host name can
be a string comprising 1 to 20 characters.
port-number: Port number of the FTP server, ranging from 0 to 65535. The default is 21.
Description
Use the ftp command to establish a control connection with an FTP server and enter
FTP client view.
Example
# Connect to the FTP server whose IP address is 2.2.2.2.

Trying ...
Connected.
User(none):switch
Password:
[ftp]
1.2.13 ftp { cluster | remote-server } source-interface
Syntax
ftp { cluster | remote-server } source-interface interface-type interface-number
View
User view
Parameter
cluster: Specifies to connect to a cluster FTP server.

remote-server: IP address or host name of the FTP server.
Description
Use the ftp { cluster | remote-server } source-interface command to connect to an

FTP server through the specified source interface. This command will fail to be
executed if the specified interface does not exist.
1-16
Example
# Connect to the FTP server whose IP address is 192.168.8.8 through the source
interface Vlan-interface1.
<Quidway> ftp 192.168.8.8 source-interface Vlan-interface 1
1.2.14 ftp { cluster | remote-server } source-ip
Syntax
ftp { cluster | remote-server } source-ip ip-address
View
User view
Parameter
cluster: Specifies to connect to a cluster FTP server.

remote-server: IP address or host name of the FTP server.
ip-address: Source IP address.
Description
Use the ftp { cluster | remote-server } source-ip command to connect to an FTP

server through the specified source IP address. This command will fail to be executed if
the specified source IP address does not exist.
Example
# Connect to the FTP server whose IP address is 192.168.8.8 through the source IP
address 192.168.0.1.
<Quidway> ftp 192.168.8.8 source-ip 192.168.0.1
1.2.15 ftp source-interface
Syntax
ftp source-interface interface-type interface-number

undo ftp source-interface
View
System view
Parameter

1-17
Description
Use the ftp source-interface command to specify the source interface of an FTP client,
so that the FTP client always uses it to connect with an FTP server. This command will
fail to be executed if the specified interface does not exist.
Use the undo ftp source-interface command to cancel the source interface setting.
After you execute this command, the FTP client system decides which interface will be
used for accessing FTP servers.
Example
# Specify Vlan-interface1 as the source interface, so that the FTP client always uses it
to connect with an FTP server.
[Quidway] ftp source-interface Vlan-interface 1
1.2.16 ftp source-ip
Syntax
ftp source-ip ip-address

undo ftp source-ip
View
System view
Parameter
Description
Use the ftp source-ip command to specify the source IP address of an FTP client, so
that the FTP client always uses it to connect with an FTP server. The value of argument
ip-address must be an IP address on the device where the configuration is performed,
and otherwise a prompt appears to show the configuration fails.
Use the undo ftp source-ip command to cancel the source IP address setting. After
you execute this command, the FTP client system decides which IP address on it will
be used for accessing FTP servers.
Example
# Specify 192.168.0.1 as the source IP address, so that the FTP client always uses it to
connect with an FTP server.
1-18
[Quidway] ftp source-ip 192.168.0.1
1.2.17 get
Syntax
get remotefile [ localfile ]
View
FTP client view
Parameter
remotefile: Name of a file on an FTP server.

localfile: Name of a local file.
Description
Use the get command to download a remote file and save it as a local file.
If you do not specify the localfile argument, the downloaded file is saved using its
original name.
Caution:
When using the get command to download files from a remote FTP server, note to limit
the lengths of file path and file name within the following ranges regulated for the
S3900.
z A directory name should be no more than 91 characters.
z A file name plus its local path name should be no more than 127 characters.
z A device name should be no more than 14 characters.
z A file name plus its complete path name should be no more than 142 characters.
Example

Trying ...
Connected.
User(none):switch
1-19
Password:
[ftp]
# Download the file named temp.c.

[ftp] get temp.c
150 Opening ASCII mode data connection for temp.c.
...............226 Transfer complete.
FTP: 749881 byte(s) received in 17.186 second(s) 43.00K byte(s)/sec.
1.2.18 lcd
Syntax
lcd
View
FTP client view
Parameter
None
Description
Use the lcd command to display the local work directory on the FTP client.
Example

Trying ...
Connected.
User(none):switch
Password:
[ftp]
# Display the local work directory.

[ftp] lcd
% Local directory now flash:/temp
1-20
1.2.19 ls
Syntax
ls [ remotefile [ localfile ] ]
View
FTP client view
Parameter
remotefile: Name of the remote file to be queried.

Localfile: Name of the local file where the querying result is to be saved.
Description
Use the ls command to display the information about a specified file on a remote FTP
server.
If you do not specify the remotefile argument, names of all the files in the current remote
directory are displayed.
Caution:
The ls command only displays file names, while the dir command displays file
information in more detail, including file size, creation date and so on.
Example

Trying ...
Connected.
User(none):switch
Password:
[ftp]
# Display the names of all the files in the current directory on the remote FTP server.
[ftp] ls
1-21

4.app
5.app
6.app
6.app.bak
abc.BTM
TEST
21.bin
FTP: 1235 byte(s) received in 1.595 second(s) 774.00byte(s)/sec.
1.2.20 mkdir
Syntax
mkdir pathname
View
FTP client view
Parameter
Pathname: Path name.
Description
Use the mkdir command to create a directory on an FTP server.

This command is available only to the FTP clients that are assigned the permission to
create directories on FTP servers.
Example

Trying ...
Connected.
User(none):switch
Password:
[ftp]
# Create the directory flash:/lanswitch on the FTP server.

[ftp] mkdir flash:/lanswitch
1-22
257 "flash:/ lanswitch" new directory created.
1.2.21 open
Syntax
open { ip-address | server-name } [ port ]
View
FTP client view
Parameter
ip-address: IP address of an FTP server.

server-name: Host name of the FTP server, a string comprising 1 to 20 characters.
port: Port number on the remote FTP server, ranging from 0 to 65535. The default value
is 21.
Description
Use the open command to establish a control connection with an FTP server.
Related command: close.
Example

<Quidway> ftp
[ftp]
# Establish a control connection with the FTP server whose IP address is 1.1.1.1.
[ftp]open 1.1.1.1
Trying ...
Connected.
220-
User(none):abc
Password:
1.2.22 passive
Syntax
passive
1-23
undo passive
View
FTP client view
Parameter
None
Description
Use the passive command to set the data transfer mode to the passive mode.
Use the undo passive command to set the data transfer mode to the active mode.
By default, the passive mode is adopted.
Example

Trying ...
Connected.
User(none):switch
Password:
[ftp]
# Set the data transfer mode to the passive mode.

[ftp] passive
% Passive is on
1.2.23 put
Syntax
put localfile [ remotefile ]
View
FTP client view
Parameter
localfile: Name of a local file.

remotefile: File name which the local file is to be saved as.
1-24
Description
Use the put command to upload a local file to an FTP server.

If you do not specify the remotefile argument, the local file is saved on the FTP server
using the original name.
Example

Trying ...
Connected.
User(none):switch
Password:
[ftp]
# Upload the local file named temp.c to the FTP server.

[ftp] put temp.c
150 Opening ASCII mode data connection for temp.c.
226 Transfer complete.
FTP: 749881 byte(s) sent in 17.691 second(s) 42.00Kbyte(s)/sec.
1.2.24 pwd
Syntax
pwd
View
FTP Client view
Parameter
None
Description
Use the pwd command to display the work directory on an FTP server.
Example

1-25
Trying ...
Connected.
User(none):switch
Password:
[ftp]
# Display the work directory on the FTP server.

[ftp] pwd
257 "flash:/temp" is current directory.
1.2.25 quit
Syntax
quit
View
FTP client view
Parameter
None
Description
Use the quit command to terminate FTP control connection and FTP data connection
and quit to user view.
This command has the same effect as that of the bye command.
Example

Trying ...
Connected.
User(none):switch
Password:
[ftp]
1-26
# Terminate the FTP control connection and FTP data connection and quit to user view.
[ftp] quit
<Quidway>
1.2.26 remotehelp
Syntax
remotehelp [ protocol-command ]
View
FTP client view
Parameter
protocol-command: FTP protocol command.
Description
Use the remotehelp command to display the help information about an FTP protocol
command.
This command works only when the FTP server provides the help information about
FTP protocol commands.
Caution:
z This command is always valid when a Quidway series switch operates as the FTP
server.
z If you use other FTP server software, refer to related instructions to know whether it
provides help information about FTP protocol commands.
Example

Trying ...
Connected.
User(none):switch
Password:
1-27

[ftp]
# Display the syntax of the user command.

[ftp] remotehelp user
214 Syntax: USER <sp> <username>
1.2.27 rename
Syntax
rename remote-source remote-dest
View
FTP client view
Parameter
remote-source: Name of a file on a remote host.

remote-dest: Destination file name.
Description
Use the rename command to rename a file on a remote FTP server.

If the destination file name conflicts with the name of an existing file or directory, you will
fail to rename the file.
Example

Trying ...
Connected.
User(none):switch
Password:
[ftp]
# Rename the file named temp.c as forever.c.

[ftp] rename temp.c forever.c
350 Enter the name to rename it to...
250 File renamed successfully
1-28
1.2.28 rmdir
Syntax
rmdir pathname
View
FTP client view
Parameter
pathname: Name of a directory on an FTP server.
Description
Use the rmdir command to remove a specified directory on an FTP server.

Note that you can only use this command to remove directories that are empty.
Example

Trying ...
Connected.
User(none):switch
Password:
[ftp]
# Remove the directory flash:/temp1 on the FTP server. (Assume that the directory is
empty.)
[ftp] rmdir flash:/temp1
200 RMD command successful.
1.2.29 user
Syntax
user username [ password ]
View
FTP client view
1-29
Parameter
username: User name used to log into an FTP server.

password: Password used to log into an FTP server.
Description
Use the user command to log into an FTP server with the specified user name and
password.
Example

Trying ...
Connected.
User(none):switch
Password:
[ftp]
# Log into the FTP server using the user account with the user name being tom and the
password being 111.
[ftp] user tom 111
1.2.30 verbose
Syntax
verbose
undo verbose
View
FTP client view
Parameter
None
1-30
Description
Use the verbose command to enable the verbose function, which displays execution
and response information of other related commands.
Use the undo verbose command to disable the verbose function.
The verbose function is enabled by default.
Example

Trying ...
Connected.
User(none):switch
Password:
[ftp]
# Enable the verbose function.

[ftp] verbose
1.3 TFTP Configuration Commands

1.3.1 display tftp source-ip
Syntax
display tftp source-ip
View
Any view
Parameter
None
Description
Use the display tftp source-ip display the source IP address that the TFTP client
always uses to connect with a TFTP server. If a source interface is specified for the
TFTP client, the IP address of the source interface will be displayed. If neither source IP
address nor source interface is specified for the TFTP client, 0.0.0.0 will be displayed.
1-31
Example
# Display the source IP address that the TFTP client always uses to connect with a
TFTP server.
<Quidway> display tftp source-ip
1.3.2 tftp
Syntax
tftp { ascii | binary }
View
System view
Parameter
ascii: Transfers data in the ASCII mode.

binary: Transfers data in the binary mode.
Description
Use the tftp { ascii | binary } command to set the TFTP data transfer mode.
By default, the binary mode is adopted.
Example
# Specify to adopt the ASCII mode.

[Quidway] tftp ascii
TFTP transfer mode changed to ASCII.
1.3.3 tftp get
Syntax
tftp tftp-server get source-file [ dest-file ]
View
User view
Parameter
tftp-server: IP address or the host name of a TFTP server.

source-file: Name of the file to be downloaded from the TFTP server.
1-32
dest-file: File name which the downloaded file is to be saved as.
Description
Use the tftp get command to download a file from a TFTP server to the local switch.
Related command: tftp put.
Example
# Download the file named abc.txt from the TFTP server whose IP address is 1.1.1.1
and save it as efg.txt.
<Quidway> tftp 1.1.1.1 get abc.txt efg.txt
Downloading file from remote tftp server, please wait......
TFTP: 35 bytes received in 0 second(s).
1.3.4 tftp put
Syntax
tftp tftp-server put source-file [ dest-file ]
View
User view
Parameter
tftp-server: IP address or the host name of a TFTP server.

source-file: Name of the file to be uploaded to the TFTP server.
dest-file: File name which the uploaded file is to be saved as.
Description
Use the tftp put command to upload a file to a specified directory on a TFTP server.
Related command: tftp get.
Example
# Upload the file named vrpcfg.txt to the TFTP server whose IP address is 1.1.1.1 and
save it as temp.txt.
<Quidway>tftp 1.1.1.1 put vrpcfg.cfg temp.cfg
Copying file to remote tftp server. Please wait... /
1-33
1.3.5 tftp tftp-server source-interface
Syntax
tftp tftp-server source-interface interface-type interface-number { get source-file

[ dest-file ] | put source-file-url [ dest-file ] }
View
User view
Parameter
tftp-server: IP address or host name of the TFTP server to be connected to.

get: Specifies to download a file from the TFTP server.
source-file: Name of the file to be downloaded.
dest-file: Name of the new file to be saved locally.
put: Specifies to upload a file to the TFTP server.
source-file-url: Path and name of the file to be uploaded.
dest-file: Name of the new file to be saved on the TFTP server.
Description
Use the tftp tftp-server source-interface command to connect to a TFTP server

through the specified source interface, and perform download or upload operations. If
the specified source interface does not exist, a prompt appears to show the command
fails to be executed.
Example
# Connect to the remote TFTP server whose IP address is 192.168.8.8 through the
source interface Vlan-interface1, and download the file named 3900.bin from it.
<Quidway> tftp 192.168.8.8 source-interface Vlan-interface 1 get 3900.bin
1.3.6 tftp tftp-server source-ip
Syntax
tftp tftp-server source-ip ip-address { get source-file [ dest-file ] | put source-file-url

[ dest-file ] }
View
User view
1-34
Parameter
tftp-server: IP address or host name of the TFTP server to be connected to.

ip-address: IP address to be set as the source IP address.
get: Specifies to download a file from the TFTP server.
source-file: Name of the file to be downloaded.
dest-file: Name of the new file to be saved locally.
put: Specifies to upload a file to the TFTP server.
source-file-url: Path and name of the file to be uploaded.
dest-file: Name of the new file to be saved on the TFTP server.
Description
Use the tftp tftp-server source-ip command to connect to a TFTP server through the
specified source IP address, and perform download or upload operations. If the
specified source IP address does not exist, a prompt appears to show the command
fails to be executed.
Example
# Connect to the remote TFTP server whose IP address is 192.168.8.8 through the
source IP address 192.168.0.1, and download the file named 3900.bin from it.
<Quidway> tftp 192.168.8.8 source-ip 192.168.0.1 get 3900.bin
1.3.7 tftp source-interface
Syntax
tftp source-interface interface-type interface-number

undo tftp source-interface
View
System view
Parameter

Description
Use the tftp source-interface command to specify the source interface of a TFTP
client, so that the TFTP client always uses it to connect with a TFTP server. This
command will fail to be executed if the specified interface does not exist.
1-35
Use the undo tftp source-interface command to cancel the source interface setting.
After you execute this command, the TFTP client system decides which interface will
be used for accessing TFTP servers.
Example
# Specify Vlan-interface1 as the source interface, so that the TFTP client always uses it
to connect with a TFTP server.
[Quidway] tftp source-interface Vlan-interface 1
1.3.8 tftp source-ip
Syntax
tftp source-ip ip-address

undo tftp source-ip
View
System view
Parameter
Description
Use the tftp source-ip command to specify the source IP address of a TFTP client, so
that the TFTP client always uses it to connect with a TFTP server. The value of
argument ip-address must be an IP address on the device where the configuration is
performed, and otherwise a prompt appears to show the configuration fails.
Use the undo tftp source-ip command to cancel the source IP address setting. After
you execute this command, the TFTP client system decides which IP address on it will
be used for accessing TFTP servers.
Example
# Specify 192.168.0.1 as the source IP address, so that the TFTP client always uses it
to connect with a TFTP server
Specify the source IP address for the FTP client.
[Quidway] tftp source-ip 192.168.0.1
1-36
1.3.9 tftp-server acl
Syntax
tftp-server acl acl-number

undo tftp-server acl
View
System view
Parameter
acl-number: Basic ACL number ranging from 2000 to 2999.
Description
Use the tftp-server acl command to specify the ACL adopted for the connection
between a TFTP client and a TFTP server.
Use the undo tftp-server acl command to cancel all ACLs adopted.
Example
# Specify to adopt ACL 2000 on the TFTP client.

[Quidway] tftp-server acl 2000
1-37
Command Manual – Information Center
Table of Contents
Chapter 1 Information Center Configuration Commands ......................................................... 1-1

1.1 Information Center Configuration Commands ................................................................... 1-1
1.1.1 display channel........................................................................................................ 1-1
1.1.2 display info-center ................................................................................................... 1-1
1.1.3 display logbuffer ...................................................................................................... 1-3
1.1.4 display logbuffer summary ...................................................................................... 1-5
1.1.5 display trapbuffer..................................................................................................... 1-5
1.1.6 info-center channel name........................................................................................ 1-6
1.1.7 info-center console channel .................................................................................... 1-7
1.1.8 info-center enable ................................................................................................... 1-8
1.1.9 info-center logbuffer ................................................................................................ 1-8
1.1.10 info-center loghost................................................................................................. 1-9
1.1.11 info-center loghost source................................................................................... 1-10
1.1.12 info-center monitor channel................................................................................. 1-11
1.1.13 info-center snmp channel.................................................................................... 1-12
1.1.14 info-center source ............................................................................................... 1-13
1.1.15 info-center synchronous...................................................................................... 1-17
1.1.16 info-center switch-on ........................................................................................... 1-18
1.1.17 info-center timestamp.......................................................................................... 1-19
1.1.18 info-center timestamp loghost ............................................................................. 1-20
1.1.19 info-center trapbuffer........................................................................................... 1-21
1.1.20 reset logbuffer ..................................................................................................... 1-22
1.1.21 reset trapbuffer .................................................................................................... 1-22
1.1.22 terminal debugging.............................................................................................. 1-23
1.1.23 terminal logging ................................................................................................... 1-23
1.1.24 terminal monitor .................................................................................................. 1-24
1.1.25 terminal trapping ................................................................................................. 1-24
i
Command Manual – Information Center Chapter 1 Information Center Configuration
Chapter 1 Information Center Configuration

Commands
1.1 Information Center Configuration Commands

1.1.1 display channel
Syntax
display channel [ channel-number | channel-name ]
View
Any view
Parameter
channel-number: Channel number, ranging from 0 to 9, corresponding to the 10

channels of the system.
channel-name: Channel name, by default, the name of channel 0 to channel 9 is (in
turn) console, monitor, loghost, trapbuffer, logbuffer, snmpagent, channel6,
channel7, channel8, channel9.
Description
Use the display channel command to display the settings of an information channel.
If no argument is specified, the settings of all channels are displayed.
Example
# Display the settings of information channel 0.

<Quidway> display channel 0
channel number:0, channel name:console
MODU_ID NAME ENABLE LOG LEVEL ENABLE TRAP LEVEL ENABLE DEBUG LEVEL
ffff0000 default Y warning Y debugging Y debugging
1.1.2 display info-center
Syntax
display info-center [ unit unit-id ]
View
Any view
1-1
Parameter
unit-id: Unit ID.
Description
Use the display info-center command to display the operation status of information
center, the configuration of information channels, the format of time stamp and the
information output in case of fabric.
Related command: info-center enable, info-center loghost, info-center logbuffer,
info-center console channel, info-center monitor channel, info-center trapbuffer,
info-center snmp channel, and info-center timestamp
Example
# Display the operation status of information center, the configuration of information

channels, the format of time stamp of the current system and the information output
status in the IRF system.
<Quidway> display info-center
Information Center:enabled
Log host:
the interface name of the source address : Vlan-interface1
192.168.0.2, channel number : 2, channel name : loghost
language : english, host facility local : 7
Console:
channel number : 0, channel name : console
Monitor:
channel number : 1, channel name : monitor
SNMP Agent:
channel number : 5, channel name : snmpagent
Log buffer:
enabled, max buffer size : 1024, current buffer size : 512
current messages : 512, channel number : 4, channel name : logbuffer
dropped messages : 0, overwrote messages : 586
Trap buffer:
enabled, max buffer size : 1024, current buffer size : 256
current messages : 5, channel number : 3, channel name : trapbuffer
dropped messages : 0, overwrote messages : 0
Information timestamp setting:
log - date, trap - date, debug – boot
IRF SWITCH OF Device--Unit>1: LOG = enable; TRAP = enable; DEBUG = enable
1-2
Table 1-1 Description on the fields of the display info-center command
Field Description
Information Center: Information center is enabled.
Information about the log host, including its IP address,
Log host: name and number of information channel, language
and level of the log host
Information about the console port, including name and
Console:
channel of its information channel
Information about the monitor port, including name and
Monitor:
channel of its information channel
Information about SNMP Agent, including name and
SNMP Agent:
number of its information channel
Information about the log buffer, including its state

(enabled or disabled), its maximum size, current size,
Log buffer: current messages, information channel name and
number, dropped messages, and overwritten
messages
Information about the trap buffer, including its state
(enabled or disabled), maximum size, current size,
Trap buffer:
current messages, channel number and name,
dropped messages, and overwritten messages
Information about time stamp setting, describing log
Information timestamp
information, trap information, and the time stamp format
setting
of the debugging information
Information about the state of the device (enabled or
IRF SWITCH OF
disabled), describing whether the log, trap and
Device--Unit>1
debugging information are enabled on the device.
1.1.3 display logbuffer
Syntax
display logbuffer [ unit unit-id ] [ level severity | size buffersize ]* [ | { begin | exclude
| include } regular-expression ]
View
Any view
Parameter
unit-id: Unit ID.

level severity: Specifies an information severity level. The severity argument ranges
from 1 to 8.
1-3
Table 1-2 Severity definitions made on the information center
Severity Value Description

emergencies 1 Emergent errors
Errors that need to be corrected
alerts 2
immediately
critical 3 Critical errors
Errors that need to be considered but
errors 4
are not critical
warnings 5 Warnings that prompt possible errors
notifications 6 Information that needs to be noticed
informational 7 Normal prompting information
debugging 8 Debugging information
size buffersize: Specifies the size of the log buffer (number of messages the log buffer
holds) you want to display. The buffersize argument ranges from 1 to 1024 and defaults
to 256.
|: Filters output log information with a regular expression.
begin: Displays the log information beginning with the specified characters.
exclude: Displays the log information excluding the specified characters.
include: Displays the log information including the specified characters.
regular-expression: Regular expression.
Description
Use the display logbuffer command to display the status of the log buffer and the
records in the log buffer.
Example
# Display the status of the log buffer and the records in the log buffer.
<Quidway> display logbuffer
Logging buffer configuration and contents:enabled
Allowed max buffer size : 1024
Actual buffer size : 512
Channel number : 4 , Channel name : logbuffer
Dropped messages : 0
Overwritten messages : 0
Current messages : 91
1-4
1.1.4 display logbuffer summary
Syntax
display logbuffer summary [ level severity ]
View
Any view
Parameter
level severity: Specifies an information severity level. The severity argument ranges
from 1 to 8.
Description
Use the display logbuffer summary command to display the statistics of the log
buffer.
Example
# Display the summary of the log buffer.

<Quidway> display logbuffer summary
EMERG ALERT CRIT ERROR WARN NOTIF INFO DEBUG
0 0 0 0 94 0 1 0
1.1.5 display trapbuffer
Syntax
display trapbuffer [ unit unit-id ] [ size buffersize ]
View
Any view
Parameter
unit-id: Unit ID.

size buffersize: Specifies the size of the trap buffer (number of messages the buffer
to 256.
Description
Use the display trapbuffer command to display the status of the trap buffer and the
records in the trap buffer.
Executing the command with the size buffersize parameters will display the latest trap
records, with the number of the records being the specified size at most.
1-5
Example
# Display the status of the trap buffer and the records in the trap buffer.
<Quidway> display trapbuffer
Trapping Buffer Configuration and contents:
enabled
allowed max buffer size : 1024
actual buffer size : 256
channel number : 3 , channel name : trapbuffer
dropped messages : 0
overwrote messages : 0
current messages : 6
#Dec 31 14:01:25 2004 Quidway DEV/2/LOAD FINISHED:

Trap 1.3.6.1.4.1.2011.2.23.1.12.1.20: frameIndex is 0, slotIndex 0.4
#Dec 31 14:01:33 2004 Quidway DEV/2/BOARD STATE CHANGE TO NORMAL:

Trap 1.3.6.1.4.1.2011.2.23.1.12.1.11: frameIndex is 0, slotIndex 0.2
#Dec 31 14:01:40 2004 Quidway DEV/2/BOARD STATE CHANGE TO NORMAL:

Trap 1.3.6.1.4.1.2011.2.23.1.12.1.11: frameIndex is 0, slotIndex 0.
……
1.1.6 info-center channel name
Syntax
info-center channel channel-number name channel-name

undo info-center channel channel-number
View
System view
Parameter

channel-name: Channel name, up to 30 characters in length. The name must start with
an English letter, containing no special character but numbers and English letters only..
Description
Use the info-center channel name command to name the channel of the specified
number.
1-6
Use the undo info-center channel command to restore the default name of the
channel of the specified number.
By default, the name of channel 0 to channel 9 is (in turn) console, monitor, loghost,
trapbuffer, logbuffer, snmpagent, channel6, channel7, channel8, channel9.
Note that, you cannot configure two different channel numbers with the same name.
Example
# Name channel 0 as “execconsole”.

[Quidway] info-center channel 0 name execconsole
1.1.7 info-center console channel
Syntax
info-center console channel { channel-number | channel-name }

undo info-center console channel
View
System view
Parameter

Description
Use the info-center console channel command to set the channel through which
information is output to the console.
By default, the switch outputs information to the console.
This command works only when the information center is enabled for the system.
Related command: info-center enable and display info-center.
Example
# Configure channel 0 to output information to the console.

[Quidway] info-center console channel 0
1-7
1.1.8 info-center enable
Syntax
info-center enable
undo info-center enable
View
System view
Parameter
None
Description
Use the info-center enable command to enable the information center.

Use the info-center enable command to disable the information center.
The switch can output system information to the log host, the console, and other
destinations only when the information center is enabled.
By default, the information center is enabled.
Related command: display info-center, info-center loghost, info-center logbuffer,
info-center console channel, info-center monitor channel, info-center trapbuffer,
info-center snmp channel.
Example
# Enable the information center.

[Quidway] info-center enable
1.1.9 info-center logbuffer
Syntax
info-center logbuffer [ channel { channel-number | channel-name } | size buffersize ]*

undo info-center logbuffer [ channel | size ]
View
System view
Parameter
channel: Sets the channel through which output information goes to the log buffer.
1-8

size buffersize: Specifies the size of the log buffer (number of messages the buffer
to 512.
Description
Use the info-center logbuffer command to enable information output to the log buffer..
Use the undo info-center logbuffer command to disable the information output.
By default, the switch outputs information to the log buffer, which can hold 512 records
by default.
Example
# Configure the switch to output information to the log buffer with the size of 50.
[Quidway] info-center logbuffer size 50
1.1.10 info-center loghost
Syntax
info-center loghost host-ip-addr [ channel { channel-number | channel-name } |

facility local-number | language { chinese | english } ]*
undo info-center loghost host-ip-addr
View
System view
Parameter
host-ip-addr: IP address of a log host.

channel: Sets the information channel for the log host.
1-9

facility: Configures the recording process of the log host.
local-number: Recording tool of the log host, ranging from local0 to local7.
language: Configures the log recording language.
chinese, english: Switches the log recording language between Chinese and English.
Description
Use the info-center loghost command to enable information output to a log host
through setting the IP address of the log host.
Use the undo info-center loghost command to disable the information output.
By default, the switch does not output information to the log host.
Note:
Be sure to set the correct IP address in the info-center loghost command. A loopback
IP address will cause an error message, prompting invalid address.
Example
# Configure the Ethernet switch to send information to the Unix workstation whose IP
address is 202.38.160.1.
[Quidway] info-center loghost 202.38.160.1
1.1.11 info-center loghost source
Syntax
info-center loghost source interface-type interface-number

undo info-center loghost source
View
System view
1-10
Parameter

Description
Use the info-center loghost source command to configure the source interface
through which information is sent to the log host.
Use the undo info-center loghost source command to cancel the source interface
configuration.
Example
# Configure Vlan-interface 1 as the source interface through which information is sent

to the log host.
[Quidway] info-center loghost source Vlan-interface 1
1.1.12 info-center monitor channel
Syntax
info-center monitor channel { channel-number | channel-name }

undo info-center monitor channel
View
System view
Parameter

Description
Use the info-center monitor channel command to set the channel through which
information is output to user terminals.
Use the undo info-center monitor channel command to disable the information
output.
By default, the switch outputs information to user terminal.
1-11
Example
# Set channel 0 to send information to user terminal.

[Quidway] info-center monitor channel 0
1.1.13 info-center snmp channel
Syntax
info-center snmp channel { channel-number | channel-name }

undo info-center snmp channel
View
System view
Parameter

Description
Use the info-center snmp channel command to set the channel through which
information is output to the SNMP.
Use the undo info-center snmp channel command to restore the default channel
through which information is output to the SNMP, that is, channel 5.
Related command: snmp-agent and display info-center.
Example
# Set the switch to output information to the SNMP agent through channel 6.
[Quidway] info-center snmp channel 6
1-12
1.1.14 info-center source
Syntax
info-center source { modu-name | default } channel { channel-number |

channel-name } [ { log | trap | debug } { level severity | state state } ]*
undo info-center source { modu-name | default } channel { channel-number |
channel-name }
View
System view
Parameter
modu-name: Module name. Refer to Table 1-3 for the detail.
Table 1-3 Modules generating the information
Module name Description

8021X 802.1x module
ACL Access control list module
ADBM Address base module
AM Access management module

ARP Address resolution protocol module
CFAX Configuration agent module
CFG Configuration management plane module

CFM Configuration file management module
CLST Cluster management module
CMD Command line module
COMMONSY Common system MIB module
DEV Device management module
DHCC DHCP client module
DHCP Dynamic host configuration protocol module
DHCPS DHCP server module
DLDP Device link detection protocol module
DNS Domain name system module
DRV Drive module
DRV_MNT Drive management module
DTCT IP network auto-detect module
1-13

ENTEXMIB Entity extended MIB module
ESP End-station polling module
ETH Ethernet module
FIB Forwarding module
FTM Fabric topology management module
FTMCMD Fabric topology management command module
FTPS FTP server module
HA High availability module
HABP Huawei authentication bypass protocol module
HTTPD HTTP server module
HWCM Huawei Configuration Management private MIB module
HWP HWPing module
IFNET Interface management module
IGSP IGMP snooping module

IP Internet protocol module
IPC Inter-processes communication module
IPMC IP multicast module

L2INF Layer 2 interface management module
L4RDT Layer 4 redirect module
LACL Lanswitch access control list module
LAGG link aggregation module
LINE Terminal line module
LQOS Lanswitch quality of service module
LS Local server module
MACAUTH Centralized MAC authentication module
MPM Multicast port management module
MSDP Multicast source discovery protocol module
MSTP Multiple spanning tree protocol module
MTRACE Multicast traceroute query module
MULTICAS MULTICAS module
NAT Network address translation module
NDP Neighbor discovery protocol module
1-14

NTDP Network topology discovery protocol module
NTP Network time protocol module
OSPF Open shortest path first module
PKI Public key infrastructure module
POE Power over Ethernet module
PORTSEC Port Security module
PPRDT Protocol packet redirect module
PTVL VLAN (Port VLAN) module
QACL Quality of service / access control list module
QOSF Traffic management module
RDS Radius module
RESIL Resilient ARP module
RM Routing management module
RMON Remote monitor module

RSA Revest, Shamir and Adleman encryption module
RTPRO Routing protocol module
SC Server control module

SHELL User interface module
SNMP Simple network management protocol module
SOCKET Socket module
SSH Secure shell module
SYSMIB System MIB module
TAC Terminal access controller module
TELNET Telnet module
TFTPC TFTP client module
UDPH UDP helper module
VFS Virtual file system module
VLAN Virtual local area network module
VRRP VRRP (virtual router redundancy protocol) module
VTY VTY (virtual type terminal) module
WCN Web management module
XM Xmodem module
1-15
default: Defaults the settings of all modules.

channel-number: Number of information channel to be used.
log: Specifies to output log information.
trap: Specifies to output trap information.
debug: Specifies to output debugging information.
level: Specifies an information severity level.
severity: Information severity level. The information with severity level greater than this
level will not be output.
state: Sets the information state.
state: Can be on or off.
Description
Use the info-center source command to specify the information source in the
information center and the output direction.
Use the undo info-center source command to cancel the configuration of information
source and output direction.
This command can be used for filtering of log, trap or debugging information. For
example, it can control information output from the IP module to any direction. You can
configure to output information with severity higher than “warning” to the log host, and
information with severity higher than “informational” to the log buffer. You can also
configure to output trap information to the log host at the same time.
The info-center source command determines the output direction according to
channel name or channel number. Each output direction is assigned with a default
information channel at present, as shown in Table 1-4.
Table 1-4 Default information channel
Output direction Information channel name

Console console
Monitor terminal monitor
Log host loghost

Log buffer logbuffer
Trap buffer trapbuffer
SNMP snmpagent
1-16
Each information channel is configured with a default record, whose module name is
default and module number is 0xffff0000. In the record, the default settings for log, trap
and debugging information may differ with channels. If no record is configured for a
channel, this default record is adopted.
Example
# Configure to output the log information of the VLAN module on the SNMP channel,
and only output the log information above the “emergencies” severity.
[Quidway] info-center source vlan channel snmpagent log level emergencies
1.1.15 info-center synchronous
Syntax
info-center synchronous
undo info-center synchronous
View
System view
Parameter
None
Description
Use the info-center synchronous command to enable synchronous terminal output,

so that if system information (such as log information) is output when the user is
inputting information, the command prompt and input information are echoed after the
output (note that, the command prompt is echoed in command edit state but is not
echoed in interactive state).
Use the undo info-center synchronous command to disable synchronous terminal
output.
By default, the synchronous terminal output function is disabled.
1-17
Note:
z By enabling the synchronous terminal output function with the info-center
synchronous command, you can avoid users’ input from being interrupted by
system information output.
z Running the info-center synchronous command during debugging information
collection may result in a command prompt echoed after each item of debugging
information. To avoid unnecessary output, it is recommended that you disable
synchronous terminal output in such cases.
Example
# Enable synchronous terminal output.

[Quidway]info-center synchronous
Current IC terminal output sync is on
1.1.16 info-center switch-on
Syntax
info-center switch-on { unit unit-id | master | all } [ debugging | logging | trapping ]*

undo info-center switch-on { unit unit-id | master | all } [ debugging | logging |
trapping ]*
View
System view
Parameter
unit unit-id: Specifies a switch on which information output function is to be

enabled/disabled.
master: Controls the switch that serves as master.
all: Controls all switches within the fabric.
debugging: Enables the debugging information output source.
logging: Enables the log information output source.
trapping: Enables the trap information output source.
Description
Use the info-center switch-on command to enable information output function for a
specified switch in a fabric.
1-18
Use the undo info-center switch-on command to disable the corresponding

information output function for a switch.
By default, enable debugging information output and disable log and trap information
output for the master switch in the fabric; disable debugging, log and trap information
output for other switches in the fabric.
After the switches supporting IRF form a fabric, the log, debugging and trap information
of each switch in the fabric can be synchronous. Each switch sends its own information
to other switches in the fabric and receives information sent by other switches at the
same time to update the information on itself. In this way, the switch ensures the
synchronization of log, debugging and trap information in the whole fabric.
The switch provides command lines to enable or disable information output for each
switch. If you disable information output for a switch, the switch will no longer send
information to other switches, but still receive information sent by other switches.
You can enable or disable a specified type of information output for a specified switch
on demand.
Example
# Enable trap information output for the switch whose Unit ID is 2 in the fabric.
[Quidway] info-center switch-on unit 2 trapping
1.1.17 info-center timestamp
Syntax
info-center timestamp { log | trap | debugging } { boot | date | none }

undo info-center timestamp { log | trap | debugging }
View
System view
Parameter
log: Specifies log information.

trap: Specifies trap information.
debugging: Specifies debugging information.
boot: Specifies to adopt the time elapsed since system boot, which is in the format of
“xxxxxx.yyyyyy”, where xxxxxx is the high 32 bits and yyyyyy the low 32 bits of the
elapsed milliseconds.
1-19
date: Specifies to adopt the current system date and time, which is in format
“yyyy/mm/dd-hh:mm:ss:ms” for Chinese environment and “Mmm dd hh:mm:ss:ms
yyyy” for English environment.
none: Specifies not to include time stamp in specified output information.
Description
Use the info-center timestamp command to set the format of time stamp included in
the log/trap/debugging information or specify not to include time stamp in the
information.
Use the undo info-center timestamp command to restore the default time stamp
format.
By default, the date time stamp is adopted for all types of information.
Example
# Set the boot time stamp for debugging information.

[Quidway] info-center timestamp debugging boot
1.1.18 info-center timestamp loghost
Syntax
info-center timestamp loghost { date | no-year-date | none }

undo info-center timestamp loghost
View
System view
Parameter
date: Specifies to adopt the current system date and time, which is in format
“yyyy/mm/dd-hh:mm:ss:ms” for Chinese environment and “Mmm dd hh:mm:ss:ms
yyyy” for English environment.
no-year-date: Specifies to adopt the current system date and time excluding the year,
which is in format “mm/dd-hh:mm:ss:ms” for Chinese environment and “Mmm dd
hh:mm:ss:ms” for English environment.
none: Specifies not to include time stamp in output information.
Description
Use the info-center timestamp loghost command to set the format of time stamp to
be sent to the log host.
1-20
Use the undo info-center timestamp loghost command to restore the default time
stamp format.
By default, the date time stamp is adopted.
Example
# Set the no-year-date time stamp for output information sent to the log host.
[Quidway] info-center timestamp loghost no-year-date
1.1.19 info-center trapbuffer
Syntax
info-center trapbuffer [ channel { channel-number | channel-name } | size

buffersize ]*
undo info-center trapbuffer [ channel | size ]
View
System view
Parameter
size: Sets the size of the trap buffer.

buffersize: Size of the trap buffer, represented by the number of messages it holds,
ranging from 0 to 1024 and defaulting to 256.
channel: Sets the channel through which information is sent to the trap buffer.
channel-name: Channel name. By default, the name of channel 0 to channel 9 is (in
Description
Use the info-center trapbuffer command to enable information output to the trap
buffer.
Use the undo info-center trapbuffer command to disable information output to the
trap buffer.
This command takes effect only after the information center function is enabled.
1-21
Example
# Enable the switch to send information to the trap buffer, whose size is set to 30.
[Quidway] info-center trapbuffer size 30
1.1.20 reset logbuffer
Syntax
reset logbuffer [ unit unit-id ]
View
User view
Parameter
unit-id: Unit ID.
Description
Use the reset logbuffer command to clear information in the log buffer.
Example
# Clear information in the log buffer.

<Quidway> reset logbuffer
1.1.21 reset trapbuffer
Syntax
reset trapbuffer [ unit unit-id ]
View
User view
Parameter
unit-id: Unit ID.
Description
Use the reset trapbuffer command to clear information in the trap buffer.
Example
# Clear information in the trap buffer.

<Quidway> reset trapbuffer
1-22
1.1.22 terminal debugging
Syntax
terminal debugging
undo terminal debugging
View
User view
Parameter
None
Description
Use the terminal debugging command to enable debugging terminal display.

Use the undo terminal debugging command to disable debugging terminal display.
By default, debugging terminal display is disabled.
You can run the terminal debugging command to display debugging information on a
user terminal.
Related command: debugging commands in the System Maintaining and Debugging
part of the manual.
Example
# Enable debugging terminal display.

<Quidway> terminal debugging
1.1.23 terminal logging
Syntax
terminal logging
undo terminal logging
View
User view
Parameter
None
Description
Use the terminal logging command to enable log terminal display.

Use the undo terminal logging command to disable log terminal display.
1-23
By default, log terminal display is enabled for console users and terminal users.
Example
# Disable log terminal display.

<Quidway> undo terminal logging
1.1.24 terminal monitor
Syntax
terminal monitor
undo terminal monitor
View
User view
Parameter
None
Description
Use the terminal monitor command to enable the debugging/log/trap terminal display
function.
Use the undo terminal monitor command to disable the function.
By default, this function is enabled for console users and terminal users.
This command works only on the current terminal. Only after the command has been
executed in user view, can the debugging/log/trap information be output on the current
terminal. Disabling the function has the same effect as executing the following three
commands: undo terminal debugging, undo terminal logging and undo terminal
trapping. That is, no debugging/log/trap information will be displayed on the current
terminal. If the function is enabled, you can run the terminal debugging/undo
terminal debugging, terminal logging/undo terminal logging or terminal
trapping/undo terminal trapping command to enable or disable debug/log/trap
terminal output respectively.
Example
# Disable terminal display.

<Quidway> undo terminal monitor
1.1.25 terminal trapping
Syntax
terminal trapping
1-24
undo terminal trapping
View
User view
Parameter
None
Description
Use the terminal trapping command to enable trap terminal display.

Use the undo terminal trapping command to disable trap terminal display.
By default, trap terminal display is enabled.
Example
# Enable trap terminal display.

<Quidway> terminal trapping
1-25
Command Manual – System Maintenance and Debugging
Table of Contents
Chapter 1 Basic System Configuration & Debugging Commands .......................................... 1-1

1.1 Basic System Configuration Commands ........................................................................... 1-1
1.1.1 clock datetime ......................................................................................................... 1-1
1.1.2 clock summer-time .................................................................................................. 1-1
1.1.3 clock timezone......................................................................................................... 1-2
1.1.4 language-mode ....................................................................................................... 1-3
1.1.5 quit........................................................................................................................... 1-4
1.1.6 return ....................................................................................................................... 1-4
1.1.7 sysname .................................................................................................................. 1-5
1.1.8 system-view............................................................................................................. 1-6
1.2 System Status/Information Display Commands ................................................................ 1-6
1.2.1 display clock ............................................................................................................ 1-6
1.2.2 display debugging ................................................................................................... 1-7
1.2.3 display users ........................................................................................................... 1-8
1.2.4 display version......................................................................................................... 1-9
1.3 System Debugging Commands ....................................................................................... 1-10
1.3.1 debugging.............................................................................................................. 1-10
1.3.2 display diagnostic-information............................................................................... 1-10
1.3.3 terminal debugging................................................................................................ 1-12
Chapter 2 Network Connectivity Test Commands..................................................................... 2-1

2.1.1 ping.......................................................................................................................... 2-1
2.1.2 tracert ...................................................................................................................... 2-3
Chapter 3 Device Management Commands ............................................................................... 3-1

3.1 Device Management Commands ...................................................................................... 3-1
3.1.1 boot boot-loader ...................................................................................................... 3-1
3.1.2 boot bootrom ........................................................................................................... 3-1
3.1.3 display boot-loader.................................................................................................. 3-2
3.1.4 display cpu .............................................................................................................. 3-3
3.1.5 display device.......................................................................................................... 3-3
3.1.6 display fan ............................................................................................................... 3-4
3.1.7 display memory ....................................................................................................... 3-5
3.1.8 display power .......................................................................................................... 3-6
3.1.9 display schedule reboot .......................................................................................... 3-6
3.1.10 reboot .................................................................................................................... 3-7
3.1.11 schedule reboot at................................................................................................. 3-8
3.1.12 schedule reboot delay ........................................................................................... 3-9
3.1.13 schedule reboot regularity................................................................................... 3-10
i
3.1.14 update fabric........................................................................................................ 3-11
ii
Command Manual – System Maintenance and Debugging Chapter 1 Basic System Configuration & De
Quidway S3900 Series Ethernet Switches-Release 1510 bugging Commands
Chapter 1 Basic System Configuration &

Debugging Commands
1.1 Basic System Configuration Commands

1.1.1 clock datetime
Syntax
clock datetime HH:MM:SS { YYYY/MM/DD | MM/DD/YYYY }
View
User view
Parameter
HH:MM:SS: Current time, where HH ranges from 0 to 23, MM and SS range from 0 to
59.
YYYY/MM/DD or MM/DD/YYYY: Current date, where YYYY is the year ranging from
2000 to 2099, MM is the month ranging from 1 to 12, and DD is the day ranging from 1
to 31.
Description
Use the clock datetime command to set the current date and time of the Ethernet
switch.
By default, it is 23:55:00 04/01/2000 when the system starts up.
In an environment that needs to obtain exact absolute time, it is required to use this
command to set the current date and time of the Ethernet switch.
Related command: display clock.
Example
# Set the current date and time of the Ethernet switch to 0:0:0 2001/01/01.
<Quidway> clock datetime 0:0:0 2001/01/01
1.1.2 clock summer-time
Syntax
clock summer-time zone-name { one-off | repeating } start-time start-date end-time

end-date offset-time
1-1
undo clock summer-time
View
User view
Parameter
zone-name: Name of the summer time, a string of 1 to 32 characters.

one-off: Sets the summer time for only one year (the specified year).
repeating: Sets the summer time for every year starting from the specified year.
start-time: Start time of the summer time, in the form of HH:MM:SS.
start-date: Start date of the summer time, in the form of YYYY/MM/DD or
MM/DD/YYYY.
end-time: End time of the summer time, in the form of HH:MM:SS.
end-date: end date of the summer time, in the form of YYYY/MM/DD or MM/DD/YYYY.
offset-time: Offset of the summer time relative to the standard time, in the form of
HH:MM:SS.
Description
Use the clock summer-time command to set the name, time range and time offset of
the summer time.
After the setting, you can use the display clock command to check the results.
Example
# Set the summer time named abc1, which starts from 06:00:00 2005/08/01, ends until
06:00:00 2005/09/01, and is one hour ahead of the standard time.
<Quidway> clock summer-time abc1 one-off 06:00:00 08/01/2005 06:00:00
09/01/2005 01:00:00
# Set the summer time named abc2, which starts from 06:00:00 08/01, ends until
06:00:00 09/01, and is one hour ahead of the standard time every year from 2005 on.
<Quidway> clock summer-time abc2 repeating 06:00:00 08/01/2005 06:00:00
09/01/2005 01:00:00
1.1.3 clock timezone
Syntax
clock timezone zone-name { add | minus } HH:MM:SS

undo clock timezone
1-2
View
User view
Parameter
zone-name: Name of the time zone, in length of 1 to 32 characters.

add: Sets the time zone to a time before the UTC time.
minus: Sets the time zone to a time behind the UTC time.
HH:MM:SS: Time to be subtracted from the UTC time, in the form of HH:MM:SS.
Description
Use the clock timezone command to set the local time zone.
Use the undo clock timezone command to restore the local time zone to the default
UTC (universal time coordinated) time zone.
After the setting, you can use the display clock command to check the results. The log
information time and the debug information time adopts the local time that has been
adjusted by the time zone and the summer time.
Related command: clock summer-time and display clock.
Example
# Set the local time zone named z5, which is five hours ahead of the UTC time.
<Quidway> clock timezone z5 add 05:00:00
1.1.4 language-mode
Syntax
language-mode { chinese | english }
View
User view
Parameter
chinese: Sets the CLI language environment to Chinese.

English: Sets the CLI language environment to English.
Description
Use the language-mode command to toggle between the language modes (that is,
language environments) of the command line interface (CLI) to meet your requirement.
By default, the CLI language mode is english.
1-3
Example
# Toggle from the english mode to the chinese mode.

<Quidway> language-mode chinese
1.1.5 quit
Syntax
quit
View
Any view
Parameter
None
Description
Use the quit command to return from current view to lower level view, or exit the system
if current view is user view.
The following lists the three levels of views available (from lower level to higher level):
z User view
z System view
z VLAN view, Ethernet port view, and so on
Related command: return and system-view.
Example
# Return from system view to user view.

[Quidway] quit
<Quidway>
1.1.6 return
Syntax
return
View
System view and higher level views
1-4
Parameter
None
Description
Use the return command to return from current view to user view. The composite key
<Ctrl+Z> has the same effect with the return command.
Related command: quit.
Example
# Return from interface view to user view.

[Quidway-Ethernet1/0/1] return
<Quidway>
1.1.7 sysname
Syntax
sysname sysname
undo sysname
View
System view
Parameter
sysname: System name of the Ethernet switch. It is a character string in length of 1 to

30 characters. By default, it is Quidway.
Description
Use the sysname command to set the system name of the Ethernet switch. Changing
the system name will affect the CLI prompt. For example, if the system name of the
switch is Quidway, the prompt for user view is <Quidway>.
Use the undo sysname command to restore the default system view of the Ethernet
switch.
Example
# Set the system name of the Ethernet switch to QuidwayLANSwitch.

1-5
[Quidway] sysname QuidwayLANSwitch

[QuidwayLANSwitch]
1.1.8 system-view
Syntax
system-view
View
User view
Parameter
None
Description
Use the system-view command to enter system view from user view.
Related command: quit and return.
Example
# Enter system view from user view.

[Quidway]
1.2 System Status/Information Display Commands

1.2.1 display clock
Syntax
display clock
View
Any view
Parameter
None
Description
Use the display clock command to display the current date and time of the system, so
that you can adjust them if they are wrong.
The maximum date and time that can be displayed by this command is 23:59:59
9999/12/31.
1-6
Related command: clock datetime.
Example
# Display the current date and time of the system.

<Quidway> display clock
18:36:31 beijing Sat 2002/02/02
Time Zone : beijing add 01:00:00
Summer-Time : bj one-off 01:00:00 2003/01/01 01:00:00 2003/08/08 01:00:00
Table 1-1 Description on the fields of the display clock command
Field Description
18:36:31 beijing Sat 2002/02/02 Current date and time of the system
Time Zone Configured time zone information
Summer-Time Configured summer time information
1.2.2 display debugging
Syntax
display debugging [ fabric | unit unit-id ] [ interface interface-type interface-number ]

[ module-name ]
View
Any view
Parameter
fabric: Displays the enabled debugging of the switches in the Fabric.

module-name: Functional module name.
Description
Use the display debugging command to display enabled debugging on a specified

device. Executing this command without any parameter will display all enabled
debugging.
Related command: debugging.
Example
# Display enabled debugging on unit 1.
1-7
<Quidway> display debugging unit 1

IP icmp debugging is on
Rip packet debugging switch is on
Rip receive debugging switch is on
Rip send debugging switch is on
1.2.3 display users
Syntax
display users [ all ]
View
Any view
Parameter
all: Displays the information about all user terminal interfaces.
Description
Use the display users command to display the status and configuration information
about user terminal interfaces.
Example
# Display the status and configuration information about user terminal interfaces.
<Quidway> display users
UI Delay Type Ipaddress Username Userlevel
0 AUX 0 00:00:17 3
8 VTY 0 01:37:55 TEL 192.168.0.200 3
+ 9 VTY 1 00:00:00 TEL 192.168.0.3 3
12 VTY 4 00:00:00 TEL 192.168.0.115 3
+ : Current operation user.

F : Current operation user work in async mode.
Table 1-2 Description on the output user terminal interface information
Item Description
UI User interface
Delay time when no interaction occurs
Delay
between user and device
Type User login type
IP address used when login using telnet
Ipaddress
program
1-8
Item Description
Username User name
User level User level
1.2.4 display version
Syntax
display version
View
Any view
Parameter
None
Description
Use the display version command to display the information (such as the version
information) about the switch system.
Specifically, you can use this command to check the software version and issue time,
the basic hardware configuration, and some other information about the switch.
Example
# Display the version of the system.

<Quidway> display version
Huawei Versatile Routing Platform Software.
VRP software, Version 3.10, ESS 1508
Copyright(c) 1998-2006 Huawei Technologies Co., Ltd. All rights reserved.
Quidway S3928P-EI uptime is 0 week, 0 day, 22 hours, 55 minutes
Quidway S3928P-EI with 1 MIPS Processor

64M bytes DRAM
16384K bytes Flash Memory
Config Register points to FLASH
Hardware Version is REV.C

CPLD Version is CPLD 001
Bootrom Version is 312
[Subslot 0] 24 FE Hardware Version is REV.C
[Subslot 1] 4 GE Hardware Version is REV.C
1-9
1.3 System Debugging Commands

1.3.1 debugging
Syntax
debugging module-name [ debugging-option ]

undo debugging { all | module-name [ debugging-option ] }
View
User view
Parameter
module-name: Module name.

debugging-option: Debugging option.
all: Used to disable all debugging.
Description
Use the debugging command to enable system debugging.

Use the undo debugging command to disable system debugging.
By default, all debugging is disabled for the system.
Enabling debugging will generate a great deal of debugging information and thus will
affect the efficiency of the system. Therefore, it is recommended not to enable
debugging for multiple functional modules at the same time. The undo debugging all
command brings great convenience for you to disable all debugging at a time instead of
disabling them one by one.
Related command: display debugging.
Example
# Enable IP packet debugging.

<Quidway> debugging ip packet
IP packet debugging switch is on.
The above command output indicates that the IP packet debugging is enabled.
1.3.2 display diagnostic-information
Syntax
display diagnostic-information
View
Any view
1-10
Parameter
None
Description
Use the display diagnostic-information command to display system diagnostic

information, or save system diagnostic information to a file suffixed with diag in the
Flash memory.
Example
# Save system diagnostic information to the file default.diag..

<Quidway> display diagnostic-information
This operation may take a few minutes, continue?[Y/N]y
Diagnostic-information is saved to Flash or displayed(Y=save
N=display)?[Y/N]y
Please input the file name(*.diag)[flash:/default.diag]:
The file is already existing, overwrite it? [Y/N]y
% Output information to file: flash:/default.diag.

Please wait......
# Display the current diagnostic information of the system.

<Quidway> display diagnostic-information
This operation may take a few minutes, continue?[Y/N]y
Diagnostic-information is saved to Flash or displayed(Y=save
N=display)?[Y/N]n
-------------------- display version --------------------

VRP Lanswitch Platform Software Version COMWAREV300R002B15D001
Quidway S3928P-EI Software Version V100R002B03D001SP01-EI
Quidway S3928P-EI Product Version 3900-EI-1505
Web Network Manager Version WNMV300R001B05D024
Copyright(c) 1998-2006 Huawei Tech. Co.,Ltd. All rights reserved.

Compiled Feb 18 2006 20:55:30, RELEASE SOFTWARE
Quidway S3928P-EI uptime is 1 week, 1 day, 2 hours, 55 minutes

Quidway S3928P-EI with 1 MIPS Processor
64M bytes DRAM
16384K bytes Flash Memory
Config Register points to FLASH
1-11
Hardware Version is REV.C

CPLD Version is CPLD 001
Bootrom Version is 225
[Subslot 0] 24 FE Hardware Version is REV.C
[Subslot 1] 4 GE Hardware Version is REV.C
-------------------- display devices --------------------
Unit 1
SlotNo SubSNo PortNum PCBVer FPGAVer CPLDVer BootRomVer AddrLM Type State
0 0 24 REV.C NULL 001 225 IVL MAIN Normal
0 1 4 REV.C NULL 001 NULL IVL 4 GE Normal
-------------------- display current configuration --------------------
• • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • • •
1.3.3 terminal debugging
Syntax
terminal debugging
undo terminal debugging
View
User view
Parameter
None
Description
Use the terminal debugging command to enable terminal display for debugging
information.
Use the undo terminal debugging command to disable terminal display for debugging
information.
By default, terminal display for debugging information is disabled.
Related command: debugging.
Example
# Enable terminal display for debugging information.

<Quidway> terminal debugging
1-12
Command Manual – System Maintenance and Debugging Chapter 2 Network Connectivity Test Comm
Quidway S3900 Series Ethernet Switches-Release 1510 ands
Chapter 2 Network Connectivity Test Commands
2.1.1 ping
Syntax
ping [ -a ip-address ] [-c count ] [ -d ] [ -f ] [ -h ttl ] [ -i [ NULL null-interface-number ] |

[ Vlan-interface vlan-id ] ] [ ip ] [ -n ] [ - p pattern ] [ -q ] [ -s packetsize ] [ -t timeout ]
[ -tos tos ] [ -v ] host
View
Any view
Parameter
-a ip-address: Sets the source IP address to send the ICMP ECHO-REQUEST packets.
-c count: Specifies how many times the ICMP ECHO-REQUEST packet will be sent.
The count argument is the times, which ranges from 1 to 4,294,967,295 and defaults to
5.
-d: Sets the socket to DEBUGGING mode. By default, it is non-DEBUGGING mode.
-f: Specifies to discard a packet directly instead of fragmenting it if its length is greater
than the MTU (maximum transmission unit) of the interface.
-h ttl: Sets the TTL (time to live) value of the ICMP ECHO-REQUEST packets in the
range of 1 to 255. By default, the TTL value is 255.
-i: Selects the port to send the packets.
null-interface-number: Null port number.
ip: Selects the IP ICMP packet.
-n: Specifies to regard the host argument as an IP address without performing domain
name resolution. By default, the host argument is first regarded as an IP address; if it is
not an IP address, domain name resolution is performed.
-p pattern: Specifies the padding byte pattern of the ICMP ECHO-REQUEST packets.
The pattern argument is a byte in hexadecimal. For example, -p ff fills a packet with only
ff. By default, the system fills a packet with 0x01, 0x02, and so on, until 0x09; then it
repeats this procedure from 0x01 again.
-q: Specifies to display only the statistics and not to display the details. By default, all
the information including the details and statistics will be displayed.
2-1
-s packetize: Specifies the size (in bytes) of each ICMP ECHO-REQUEST packet
(excluding the IP and ICMP headers). The packetize argument ranges from 20 to
32,000 and defaults to 56 bytes.
-t timeout: Sets the timeout time (in ms) waiting for an ICMP ECHO-REPLY packet after
an ICMP ECHO-REQUEST packet is sent. The timeout argument ranges from 0 to
65535 and defaults to 2,000 ms.
-tos tos: Sets the ToS value of the ICMP ECHO-REQUEST packets in the range of 0 to
255. By default, this value is 0.
-v: Specifies to display other ICMP packets received (that is, non-ECHO-REPLY
packets) as well as the ECHO-REPLY packets. By default, except for the
ECHO-REPLY packets, other ICMP packets are not displayed.
host: Domain name or IP address of the destination host.
Description
Use the ping command to check the IP network connectivity and the reachability of a
host.
The executing procedure of the ping command is as follows: First, the source host
sends an ICMP ECHO-REQUEST packet to the destination host. If the connection to
the destination network is normal, the destination host receives this packet and
responds with an ICMP ECHO-REPLY packet.
You can use the ping command to check the network connectivity and the quality of a
network line. This command can output the following information:
z Response status of the destination to each ICMP ECHO-REQUEST packet. If no
response packet is received within the timeout time, including the number of bytes,
packet sequence number, TTL and response time of the response packet. If no
response packet is received within the timeout time, the message "Request time
out" is displayed instead.
z Final statistics, including the numbers of sent packets and received response
packets, the irresponsive packet percentage, and the minimum, average and
maximum values of response time.
You can set a relatively long timeout time waiting for response packet if the network
transmission is slow.
Related command: tracert.
Example
# Check the reachability of the host with IP address 202.38.160.244.

<Quidway> ping 202.38.160.244
ping 202.38.160.244 : 56 data bytes
Reply from 202.38.160.244 : bytes=56 sequence=1 ttl=255 time = 1ms
2-2

--202.38.160.244 ping statistics--
5 packet transmitted
5 packet received
0% packet loss
round-trip min/avg/max = 1/2/3 ms
2.1.2 tracert
Syntax
tracert [ -a source-ip ] [ -f first-ttl ] [ -m max-ttl ] [ -p port ] [ -q num-packet ] [ -w timeout ]

string
View
Any view
Parameter
-a source-ip: Sets the source IP address used by this command.

-f first-ttl: Sets the initial TTL of the packets to be sent, so that this command displays
the addresses of only those gateways on the path whose hop counts are not smaller
than the hop count specified by the first-ttl argument. For example, if the first-ttl
argument is three, the command displays the addresses of the gateways from the third
hop The first-ttl argument ranges from 1 to 255 and defaults to 1.
-m max-ttl: Sets the maximum TTL value of the packets to be sent. After the command
sends a packet with the maximum TTL, it will not send any more packets. With this
argument, this command displays the addresses of only those gateways from the
source destination to the hop count specified by the argument. For example, if the
max-ttl argument is 5, the command displays the addresses of the gateways from the
source to the fifth count. The max-ttl argument ranges from 1 to 255 and defaults to 30.
-p port: Sets the destination port of the packets to be sent. The port argument ranges
from 0 to 65535 and defaults to 33434. Generally, you need not change the argument.
-q num-packet: Sets the number of packets to be sent every time. The nqueries
argument ranges from 0 to 65,535 and defaults to 3.
-w timeout: Sets the timeout time to wait for ICMP error packets. The timeout argument
ranges from 0 to 65,535 and defaults to 5,000 (in milliseconds).
string: IP address of the destination host, or host name of the remote system with 1 to
20 characters.
2-3
Description
Use the tracert command to trace the gateways the test packets passes through during
its journey from the source to the destination. This command is mainly used to check
the network connectivity. It can help you locate the trouble spot of the network.
The executing procedure of the tracert command is as follows: First, the source sends
a packet with the TTL of 1, and the first hop device returns an ICMP error message
indicating that it cannot forward this packet because of TTL timeout. Then, the source
resends a packet with the TTL of 2, and the second hop device also returns an ICMP
TTL timeout message. This procedure goes on and on until a packet gets to the
destination or the maximum TTL is reached. During the procedure, the system records
the source address of each ICMP TTL timeout message in order to offer the path that
the packets pass through to the destination.
If you find that the network is in trouble by using the ping command, you can use the
tracert command to find where the trouble is in the network.
The tracert command can output the IP addresses of all the gateways the packets pass
through to the destination. It output the string "***" if a gateway times out.
Example
# Trace the gateways the packets pass through during its journey to the destination with
IP address 18.26.0.115.
<Quidway> tracert 18.26.0.115
tracert to allspice.lcs.mit.edu (18.26.0.115), 30 hops max
1 helios.ee.lbl.gov (128.3.112.1) 0 ms 0 ms 0 ms
2 lilac-dmc.Berkeley.EDU (128.32.216.1) 19 ms 19 ms 19 ms
3 lilac-dmc.Berkeley.EDU (128.32.216.1) 39 ms 19 ms 19 ms
4 ccngw-ner-cc.Berkeley.EDU (128.32.136.23) 19 ms 39 ms 39 ms
5 ccn-nerif22.Berkeley.EDU (128.32.168.22) 20 ms 39 ms 39 ms
6 128.32.197.4 (128.32.197.4) 59 ms 119 ms 39 ms
7 131.119.2.5 (131.119.2.5) 59 ms 59 ms 39 ms
8 129.140.70.13 (129.140.70.13) 80 ms 79 ms 99 ms
9 129.140.71.6 (129.140.71.6) 139 ms 139 ms 159 ms
10 129.140.81.7 (129.140.81.7) 199 ms 180 ms 300 ms
11 129.140.72.17 (129.140.72.17) 300 ms 239 ms 239 ms
12 * * *
13 128.121.54.72 (128.121.54.72) 259 ms 499 ms 279 ms
14 * * *
15 * * *
16 * * *
17 * * *
18 ALLSPICE.LCS.MIT.EDU (18.26.0.115) 339 ms 279 ms 279 ms
2-4
Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 3 Device Management Commands
Chapter 3 Device Management Commands
3.1 Device Management Commands

3.1.1 boot boot-loader
Syntax
boot boot-loader [ backup-attribute ] { file-url [ fabric ] | device-name }
View
User view
Parameter
backup-attribute: Sets the specified file to a backup file.

file-url: Path + name of an host software file in the Flash memory.
fabric: File path in fabric mode.
device-name: File name, in the form of unit[NO.]>flash:, which is used to save the
specified file to the Flash memory of a specified switch.
Description
Use the boot boot-loader command to specify the host software that will be adopted
when the switch reboots next time.
You can use this command to specify a .bin file in the Flash memory as the host
software to be adopted at reboot.
Example
# Specify the host software that will be adopted when the current switch reboots next
time.
<Quidway> boot boot-loader S3900.BIN
3.1.2 boot bootrom
Syntax
boot bootrom { file-url | device-name }
View
User view
3-1
Parameter
file-ulr: Path + name of a BootROM file (that is, a .btm file) in the Flash memory.
device-name: File name, beginning with a device name in the form of unit[NO.]>flash,
used to save the specified file to the Flash memory of a specified switch.
Description
Use the boot bootrom command to update the BootROM.
Example
# Update the BootROM of the switch using the file named S3900.btm.
<Quidway> boot bootrom S3900.btm
3.1.3 display boot-loader
Syntax
display boot-loader
View
Any view
Parameter
None
Description
Use the display boot-loader command to display the host software (.bin file) that will
be adopted when the switch reboots.
Example
# Display the host software that will be adopted when the switch reboots.
<Quidway>display boot-loader
Unit 1:
The current boot app is: s3900.bin
The main boot app is: s3900.bin
The backup boot app is:
Table 3-1 Description on the fields of the display boot-loader command
Field Description
The current boot app is Current boot file of the system
Main boot file of the system (default boot
The main boot app is
file)
3-2
Field Description
The backup boot app is Backup boot file of the system
3.1.4 display cpu
Syntax
display cpu [ unit unit-id ]
View
Any view
Parameter
Description
Use the display cpu command to display the CPU usage of a specified switch.
Example
# Display the CPU usage of this switch.

<Quidway> display cpu
Unit 1
Board 0 CPU busy status:
12% in last 5 seconds
12% in last 1 minute
12% in last 5 minutes
Table 3-2 Description on the fields of the display cpu command
Field Description
Indicates that the following lines describe the CPU
CPU busy status
occupancies in different time periods.
12% in last 5 seconds The CPU usage in the last five seconds is 12%.
12% in last 1 minute The CPU usage in the last one minute is 12%.
12% in last 5 minutes The CPU usage in the last five minutes is 12%.
3.1.5 display device
Syntax
display device [ manuinfo [ unit unit-id ] | unit unit-id ]
3-3
View
Any view
Parameter
manuinfo: Displays the manufacture information of the specified switch.

Description
Use the display device command to display the information, such as the module type
and operating status, about each board (main board and sub board) of a specified
switch.
You can use this command to display the following information about each board: slot
number, sub slot number, number of ports, versions of PCB, FPGA, CPLD and
BootROM software, address learning mode, interface board type, and so on.
Example
# Display board information of this switch.

<Quidway>display device
Unit 1
SlotNo SubSNo PortNum PCBVer FPGAVer CPLDVer BootRomVer AddrLM Type State
0 0 24 REV.C NULL 001 312 IVL MAIN Normal
0 1 4 REV.C NULL 001 NULL IVL 4 GE Normal
3.1.6 display fan
Syntax
display fan [ unit unit-id [ fan-id ] ]
View
Any view
Parameter

fan-id: ID number of a fan.
Description
Use the display fan command to view the working state of the built-in fans.
Example
# Display the working state of the fans.
3-4
<Quidway> display fan

Unit 1
Fan 1 State: Normal
The above information indicates that fan work normally.
3.1.7 display memory
Syntax
display memory [ unit unit-id | limit ]
View
Any view
Parameter

limit: Displays the memory configuration information of the device.
Description
Use the display memory command to display the memory usage of a specified switch.
Example
# Display the memory usage of this switch.

<Quidway>display memory
Unit 1
System Available Memory(bytes): 37238784
System Used Memory(bytes): 8201352
Used Rate: 22%
Table 3-3 Description on the fields of the display memory command
Field Description
System Available Available memory size of the system, in unit of
Memory(bytes) bytes
System Used Memory(bytes) Used memory size of the system, in unit of bytes
Used Rate Percentage of the used memory
# Display the current memory configuration information of this switch.

<Quidway> display memory limit
Current memory limit configuration information:
System memory safety: 5 (Mbytes)
System memory limit: 4 (MByts)
3-5
Auto-establish enabled
Free Memory: 17067424 (Bytes)
The state information about connection:

The current state: Normal
3.1.8 display power
Syntax
display power [ unit unit-id [ power-id ] ]
View
Any view
Parameter

power-id: Power ID.
Description
Use the display power command to view the working state of the power supply of the
switch.
Example
# Display the working state of the power supply.

<Quidway> display power
Unit 1
power 1
State : Normal
Type : AC
The above information indicates that the type of the power is AC, and the power
supplies normally.
3.1.9 display schedule reboot
Syntax
display schedule reboot
3-6
View
Any view
Parameter
None
Description
Use the display schedule reboot command to display information about scheduled
reboot.
Related command: reboot, schedule reboot at.
Example
# Display the information about scheduled reboot.

<Quidway> display schedule reboot
System will reboot at 16:00:00 2002/11/1 (in 2 hours and 5 minutes).
3.1.10 reboot
Syntax
reboot [ unit unit-id ]
View
User view
Parameter
Description
Use the reboot command to restart a specified Ethernet switch.
Note:
When rebooting, the system checks whether there is any configuration change. If there
is, it prompts you to indicate whether or not to proceed. This prevents you from losing
your original configuration due to oblivion after system reboot.
Example
# Directly restart this switch without saving the current configuration.

<Quidway> reboot
3-7
This will reboot device. Continue? [Y/N] y

Start to check configuration with next startup configuration file,
please wait......
This command will reboot the device. Current configuration may be lost in next
starup if you continue. Continue? [Y/N] y
<Quidway>
%Apr 2 00:06:01:148 2000 Quidway DEV/5/DEV_LOG:- 1 -
Switch is rebooted.
Starting......
3.1.11 schedule reboot at
Syntax
schedule reboot at hh:mm [ mm/dd/yyyy | yyyy/mm/dd ]

undo schedule reboot
View
User view
Parameter
hh:mm: Reboot time, where hh (hour) ranges from 0 to 23, and mm (minute) ranges
from 0 to 59.
mm/dd/yyyy or yyyy/mm/dd: Reboot date, where yyyy (year) ranges from 2,000 to
2,099, mm (month) ranges from 1 to 12, and the range of dd (day) depends on the
specific month. You cannot set the date later than 30 days than the system current
date.
Description
Use the schedule reboot at command to schedule a reboot on the current switch and
set the reboot date and time.
Use the undo schedule reboot command to cancel the scheduled reboot.
By default, no scheduled reboot is set on the switch.
Note:
There is at most one minute defer for scheduled reboot, that is, the switch will reboot
within one minute after reaching the specified reboot date and time.
3-8
After you execute the schedule reboot at command with a future date specified, the
switch will reboot at the specified time with at most one minute delay.
After you execute the schedule reboot at command without specifying a date, the
switch will:
z Reboot at the specified time on the current day if the specified time is later than the
current time.
z Reboot at the specified time on the next day if the specified time is earlier than the
current time.
After you execute the command, the system will prompt you to confirm. Enter "Y" or "y"
for your setting to take effect, and your setting will overwrite the old one (if available).
If you adjust the system time by the clock command after executing the schedule
reboot at command, the schedule reboot at command will be invalid and the
scheduled reboot will not happen.
Related command: reboot, display schedule reboot.
Example
# Suppose the current time is 05:06, schedule a reboot so that the switch reboots at
22:00 on the current day.
<Quidway> schedule reboot at 22:00
Reboot system at 22:00 2000/04/02(in 16 hours and 53 minutes)
confirm?[Y/N]:y
<Quidway>
3.1.12 schedule reboot delay
Syntax
schedule reboot delay { hh:mm | mm }

undo schedule reboot
View
User view
Parameter
hh:mm: Reboot waiting delay, where hh ranges from 0 to 720, and mm ranges from 0 to
59.
mm: Reboot waiting delay, ranging from 0 to 43,200 minutes.
Description
Use the schedule reboot delay command to schedule a reboot on the switch, and set
the reboot waiting delay.
3-9
Use the undo schedule reboot command to cancel the scheduled reboot.
By default, no scheduled reboot is set on the switch.
Note:
within one minute after waiting for the specified delay.
You can set the reboot waiting delay in two formats: the hours:minutes format and the
absolute minutes format, and both must be less than or equal to 30 × 24 × 60 (that is, 30
days).
for your setting to take effect. Your setting will overwrite the old one (if available).
reboot delay command, the schedule reboot delay command will be invalid and the
scheduled reboot will not happen.
Related command: reboot, schedule reboot at, undo schedule reboot, and display
schedule reboot.
Example
# Suppose the current time is 05:02, schedule a reboot so that the switch reboots after
70 minutes.
<Quidway> schedule reboot delay 70
Reboot system at 06:12 2000/04/02(in 1 hours and 10 minutes)
confirm?[Y/N]:y
<Quidway>
3.1.13 schedule reboot regularity
Syntax
schedule reboot regularity at hh:mm period

undo schedule reboot regularity
View
System view
Parameter
hh:mm: Reboot time of the switch, in the hours:minutes format, where hh ranges from 0
to 24, and mm ranges from 0 to 59.
3-10
period: Reboot period of the switch, in the format period = { daily | { monday | tuesday
| wednesday | thursday | friday | saturday | sunday }* }. daily indicates the reboot
period is one day, that is, the switch reboots at a specified time each day. { monday |
tuesday | wednesday | thursday | friday | saturday | sunday }* indicates the day
when the switch reboots.
Description
Use the schedule reboot regularity command to enable the periodical reboot function
of the switch and set the reboot time.
Use the undo schedule reboot regularity command to cancel the configured reboot
period.
By default, the reboot period of the switch is not configured.
Note:
within one minute after reaching the specified reboot date and time.
for your setting to take effect. Your setting will overwrite the old one (if available).
reboot regularity command, the schedule reboot regularity command will be
invalid.
Related command: reboot, schedule reboot at, undo schedule reboot, and display
schedule reboot.
Example
# Schedule a reboot so that the switch reboots at 10:00 every Thursday.

[Quidway] tcp window 3schedule reboot regularity at 10:00 Thursday
Schedule reboot regularity, are you sure?[Y/N]:y
[Quidway]
3.1.14 update fabric
Syntax
update fabric { file-url [ fabric ] | device-name }
3-11
View
User view
Parameter
file-url: Path + name of an host software file in the Flash memory.

device-name: File name, in the form of unit[NO.]>flash: which is used to save the
specified file to the Flash memory of a specified switch.
Description
Use the update fabric command to upgrade the host software of the devices in a
Fabric.
Example
# Use the file named 3900.bin in the Flash memory of Unit2 to upgrade the host
software of the devices in a Fabric.
<Quidway> update fabric unit2>flash:/s3900.bin
This will update the Fabric. Continue? [Y/N] y
The software is verifying ...
The result of verification is :
Unit ID Free space(bytes) Enough Version comparison
1 15281873 Y Y
2 15409873 Y Y
warning: the verification is completed, start the file transmission? [Y/N]
y
The fabric is being updated, 100%
The s3900.bin is stored on unit 1 successfully!
The s3900.bin is stored on unit 2 successfully!
Do you want to set s3900.bin to be running agent next time to boot?[Y/N] y
The s3900.bin is configured successfully!
3-12
Command Manual – VLAN VPN
Table of Contents
Chapter 1 VLAN-VPN Commands................................................................................................ 1-1

1.1 VLAN-VPN Commands ..................................................................................................... 1-1
1.1.1 display port vlan-vpn ............................................................................................... 1-1
1.1.2 vlan-vpn enable ....................................................................................................... 1-2
1.1.3 vlan-vpn inner-cos-trust........................................................................................... 1-3
1.1.4 vlan-vpn tpid ............................................................................................................ 1-3
Chapter 2 BPDU Tunnel Configuration Commands .................................................................. 2-1

2.1 BPDU Tunnel Configuration Commands........................................................................... 2-1
2.1.1 bpdu-tunnel ............................................................................................................. 2-1
2.1.2 bpdu-tunnel uplink................................................................................................... 2-2
i
Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 VLAN-VPN Commands
Chapter 1 VLAN-VPN Commands
1.1 VLAN-VPN Commands

1.1.1 display port vlan-vpn
Syntax
display port vlan-vpn
View
Any view
Parameter
None
Description
Use the display port vlan-vpn command to display the information about VLAN VPN
configuration of the current system, including current TPID value, VLAN-VPN ports,
and VLAN-VPN uplink ports.
Example
# Display the VLAN-VPN configuration of the current system.

<Quidway> display port vlan-vpn
Ethernet1/0/1
VLAN-VPN TPID: 8100
Ethernet1/0/2
VLAN-VPN status: enabled
VLAN-VPN VLAN: 1
VLAN-VPN inner-cos-trust status: disable
VLAN-VPN TPID: 8100
Ethernet1/0/3
VLAN-VPN TPID: 8100
Ethernet1/0/4
VLAN-VPN TPID: 8100
…………………………(Omitted)
1-1
1.1.2 vlan-vpn enable
Syntax
vlan-vpn enable
undo vlan-vpn
View
Ethernet port view
Parameter
None
Description
Use the vlan-vpn enable command to enable the VLAN-VPN function for a port.
Use the undo vlan-vpn command to disable the VLAN-VPN function for a port.
By default, the VLAN-VPN function is disabled for port.
With the VLAN VPN function enabled, a received packet is tagged with the default
VLAN tag of the receiving port no matter whether or not the packet already carries a
VLAN tag. If the packet already carries a VLAN tag, the packet becomes a dual-tagged
packet. Otherwise, the packet becomes a packet carrying the default VLAN tag of the
port.
Caution:
z The VLAN-VPN function is unavailable if the port has any of the protocols among
GVRP, GMRP, STP, IRF, NTDP and 802.1x enabled.
z After you enable the VLAN-VPN function for a port, you cannot change the attribute
of the port to trunk or hybrid, or enable GVRP, GMRP, IRF, NTDP, or STP function
for the port.
z If there is a port enabled with fabric function on a device, you cannot enable
VLAN-VPN function for this port or for any other port on this device.
Example
# Enable the VLAN-VPN function for Ethernet1/0/1 port.

[Quidway-Ethernet1/0/1] vlan-vpn enable
1-2
1.1.3 vlan-vpn inner-cos-trust
Syntax
vlan-vpn inner-cos-trust enable

undo vlan-vpn inner-cos-trust
View
Ethernet port view
Parameter
None
Description
Use the vlan-vpn inner-cos-trust enable command to enable the function of

replicating inner tag priority.
Use the undo vlan-vpn inner-cos-trust command to disable the function of replicating
inner tag priority.
By default, the function of replicating inner tag priority is disabled.
Example
# Enable the inner tag priority replication function for the Ethernet 1/0/2 port.
[Quidway-Ethernet1/0/2] vlan-vpn inner-cos-trust enable
1.1.4 vlan-vpn tpid
Syntax
vlan-vpn tpid value

undo vlan-vpn tpid
View
Ethernet port view
Parameter
value: User-defined TPID value (in hexadecimal format)in the range of 1 to 0xFFFF.
Description
Use the vlan-vpn tpid command to set a TPID value for a port.
Use the undo vlan-vpn tpid command to restore the default TPID value.
1-3
The default TPID value is 0x8100.

The position of the TPID field in an Ethernet packet is the same as the position of the
protocol type field in a packet without VLAN Tag. Thus, to avoid confusion happening
when the switch forwards or receives a packet, you must not configure the following
protocol type values listed in Table 1-1 as the TPID value.
Table 1-1 Common Ethernet frame protocol type values
Protocol type Value

ARP 0x0806
IP 0x0800
MPLS 0x8847/0x8848
IPX 0x8137
IS-IS 0x8000
LACP 0x8809
802.1x 0x888E
Example
# Set the TPID value to 0x12 for Ethernet1/0/2 port.

[Quidway-Ethernet1/0/2] vlan-vpn tpid 12
1-4
Chapter 2 BPDU Tunnel Configuration Commands
2.1 BPDU Tunnel Configuration Commands

2.1.1 bpdu-tunnel
Syntax
bpdu-tunnel { lacp | ndp | cdp | vtp }

undo bpdu-tunnel { lacp | ndp | cdp | vtp | all }
View
Ethernet port view
Parameter
lacp: Enables/Disables the BPDU tunnel function for LACP packets.

ndp: Enables/Disables the BPDU tunnel function for NDP packets.
cdp: Enables/Disables the BPDU tunnel function for CDP packets.
vtp: Enables/Disables the BPDU tunnel function for VTP packets.
all: Disables the BPDU tunnel function for the packets of all the protocols.
Description
Use the bpdu-tunnel command to enable the BPDU Tunnel function for the packets of
a specific protocol. You can enable the function for the packets of these protocols:
LACP, NDP, CDP, and VTP.
Use the undo bpdu-tunnel command to disable the BPDU Tunnel function for the
packets of a specific protocol.
2-1
Caution:
z If you enable the BPDU Tunnel function for packets of a protocol on a port, don’t
enable the protocol on port. For example, with the bpdu-tunnel lacp command
executed, do not execute the lacp enable command on the same port.
z To ensure BPDU packet can travel across a tunnel properly, specify the same
keyword for the bpdu-tunnel command when executing the command on the both
sides of the tunnel.
z The BPDU Tunnel function is unavailable to all the ports of a device if a port of the
device has the fabric function enabled.
Example
# Enable the BPDU Tunnel function for LACP packets.

[Quidway-Ethernet1/0/1] bpdu-tunnel lacp
2.1.2 bpdu-tunnel uplink
Syntax
bpdu-tunnel uplink [ interface interface-list ]
View
Parameter
interface interface-list: Specifies a list of Ethernet ports. To specify multiple Ethernet

ports, you need to provide the interface-list argument in the form of interface-list =
{ interface-type interface-number [ to interface-type interface-number ] }&<1-10>,
where &<1-10> means that you can specify up to ten port indexes/port index lists at one
time. This argument is unavailable in Ethernet port view.
Description
Use the bpdu-tunnel uplink command to configure an Ethernet port or multiple

Ethernet ports as uplink BPDU Tunnel ports. A device listens to its uplink BPDU Tunnel
ports and picks out the Layer 2 protocol packets that reach the ports.
2-2
Example
# Configure Ethernet1/0/1 through Ethernet1/0/5 ports as uplink BPDU Tunnel ports.

[Quidway] bpdu-tunnel uplink Ethernet 1/0/1 to Ethernet 1/0/5
2-3
Command Manual - HWPing
Table of Contents
Chapter 1 HWPing Commands .................................................................................................... 1-1

1.1 HWPing Commands .......................................................................................................... 1-1
1.1.1 count........................................................................................................................ 1-1
1.1.2 destination-ip ........................................................................................................... 1-1
1.1.3 display hwping......................................................................................................... 1-2
1.1.4 frequency................................................................................................................. 1-5
1.1.5 hwping ..................................................................................................................... 1-6
1.1.6 hwping-agent enable............................................................................................... 1-7
1.1.7 test-enable............................................................................................................... 1-7
1.1.8 test-type................................................................................................................... 1-8
1.1.9 timeout..................................................................................................................... 1-9
i
Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 HWPing Commands
Chapter 1 HWPing Commands
1.1 HWPing Commands

1.1.1 count
Syntax
count times
undo count
View
HWPing test group view
Parameter
times: Number of the test packets to be transmitted. It is in the range 1 to 15 and

defaults to 1.
Description
Use the count command to configure the number of packets to be sent for each test.
Use the undo count command to restore the default.
A test timer is started when the system sends the first test packet. In the event that the
times argument is set greater than one, the system continues to send the second one
upon receipt of the reply to the first one. If receiving no reply upon expiry of the timer,
the system sends the second and all the remaining packets likewise.
Related command: frequency.
Example
# Set that the “administrator-icmp” test group sends ten packets for each test.
[Quidway] hwping administrator icmp
[Quidway-hwping-administrator-icmp] count 10
1.1.2 destination-ip
Syntax
destination-ip ip-address
undo destination-ip
1-1
View
Parameter
ip-address: Destination IP address in a test.
Description
Use the destination-ip command to configure the destination IP address in the test.
Use the undo destination-ip command to delete the configured destination IP
address.
By default, no destination IP address is configured for any test.
Example
# Set the destination IP address in the test of the “administrator-icmp” test group to
1.1.1.99.
[Quidway-hwping-administrator-icmp] destination-ip 1.1.1.99
1.1.3 display hwping
Syntax
display hwping { results | history } [ administrator-name operation-tag ]
View
Any view
Parameter
results: Displays the test result.

history: Displays the test history.
administrator-name: Name of the administrator creating the test.
operation-tag: Test operation tag.
Description
Use the display hwping command to view test result(s).

If a test group is specified using the arguments of administrator-name and
test-operation-tag, the system displays only the test result of the group; if not, it
displays the test results of all the test groups.
Related command: test-enable.
1-2
Example
# Use the display hwping results command to display the test result of the test group
whose administrator name is “administrator” and operation tag is “icmp”.
<Quidway> display hwping results administrator icmp
HWPing entry(admin administrator, tag icmp) test result:
Destination ip address:1.1.1.99
Send operation times: 10 Receive response times: 10
Min/Max/Average Round Trip Time: 2/5/2
Square-Sum of Round Trip Time: 66
Last complete test time: 2000-4-2 7:59:54.7
Extend result:
SD Maximal delay: 0 DS Maximal delay: 0
Packet lost in test: 0%
Disconnect operation number: 0 Operation timeout number: 0
System busy operation number: 0 Connection fail number: 0
Operation sequence errors: 0 Drop operation number: 0
Other operation errors: 0
Table 1-1 Description on the fields of the display hwping results command
Field Description
Destination ip address Destination IP address
Send operation times Number of times the operation is sent
Number of times of the successful test

Receive response times
operations
Min/Max/Average Round Trip Time Smallest/biggest/average round-trip time
Square-Sum of Round Trip Time The square sum of the round trip time
Last complete test time Time of the last successful test
Maximal delay from the source to the

SD Maximal delay
destination
Maximal delay from the destination to the

DS Maximal delay
source
Packet lost in test Packet lost ratio in the test.
Number of times of disconnections by the

Disconnect operation number
opposite side
1-3
Field Description
Number of times of timeouts in the test

Operation timeout number
operation
Number of times the test fails because

System busy operation number
the system is busy
Connection fail number Number of connection failures
Number of received sequence error

Operation sequence errors
packets
Number of system resource allocation

Drop operation number
errors
Other operation errors Number of other errors
# Use the display hwping history command to display test results.

<Quidway> display hwping history administrator icmp
HWPing entry(admin administrator, tag icmp) history record:
Index Response Status LastRC Time
1 1 1 0 2004-11-25 16:28:55.0
2 1 1 0 2004-11-25 16:28:55.0
3 1 1 0 2004-11-25 16:28:55.0
4 1 1 0 2004-11-25 16:28:55.0
5 1 1 0 2004-11-25 16:28:55.0
6 2 1 0 2004-11-25 16:28:55.0
7 1 1 0 2004-11-25 16:28:55.0
8 1 1 0 2004-11-25 16:28:55.0
9 1 1 0 2004-11-25 16:28:55.9
10 1 1 0 2004-11-25 16:28:55.9
Table 1-2 Description on the fields of the display hwping history command
Field Description
Index Index of the displayed information
Round trip test time, in milliseconds, or the timeout time.

Response
0 means the test fails.
1-4
Field Description
Value of the test result. See the following detailed

description:
1: responceReceived. It means response is received.
2: unknown. It means unknown error.
3: internalError. It means system internal error.
4: requestTimeOut. It means timeout waiting for
response.
5: unknownDestinationAddress. It means the destination
address is unknown.
6: noRouteToTarget. It means there is no route to the
Status
7: interfaceInactiveToTarget. It means the interface of
destination address is not activated.
8: arpFailure. It means ARP operation fails.
9: maxConcurrentLimitReached. It means the maximum
limit of concurrent accesses is reached.
10: unableToResolveDnsName. It means it is unable to
resolve the DNS name.
11: invalidHostAddress. It means the invalid host
address.
Receive the last response code based on the

implementation ways. With ICMP echo enabled, if the
LastRC system receives ICMP response which includes
ICMP_ECHOREPLY(0), the probe has succeeds. ICMP
response often defined in the file including ip_icmp.
Time Test time
1.1.4 frequency
Syntax
frequency interval
undo frequency
View
1-5
Parameter
interval: Automatic test interval. It ranges from 0 to 65535 seconds and defaults to 0
meaning no automatic test.
Description
Use the frequency command to configure an automatic test interval.

Use the undo frequency command to disable automatic test.
The system automatically tests at intervals specified by this command, where the
argument interval is greater than 0.
Related command: count.
Example
# Set the automatic test interval of the “administrator-icmp” test group to 10 seconds.
[Quidway-hwping-administrator-icmp] frequency 10
1.1.5 hwping
Syntax
hwping administrator-name operation-tag

undo hwping administrator-name operation-tag
View
System view
Parameter
administrator-name: Name of the administrator creating an HWPing test group, a

operation-tag: Test operation tag, a string of 1 to 32 characters long.
Description
Use the hwping command to create an HWPing test group and enter HWPing test
group view..
Use the undo hwping command to delete the HWPing test group.
Example
# Create an HWPing test group, where the administrator name is “administrator” and
the test operation tag is “icmp”.
1-6
[Quidway-hwping-administrator-icmp]
1.1.6 hwping-agent enable
Syntax
hwping-agent enable
undo hwping-agent enable
View
System view
Parameter
None
Description
Use the hwping-agent enable command to enable the HWPing client function.
Use the undo hwping-agent enable command to disable the HWPing client function.
Before you can perform a test, you must enable the HWPing client function.
Example
# Enable HWPing client.

[Quidway] hwping-agent enable
1.1.7 test-enable
Syntax
test-enable
undo test-enable
View
Parameter
None
1-7
Description
Use the test-enable command to execute an HWPing test.

Use the undo test-enable command to disable an HWPing test.
Note:
After you execute the test-enable command, the system does not display the test
result. You may view the test result information by executing the display hwping
command.
Related command: display hwping.
Example
# Execute the HWPing test defined by the test group “administrator-icmp”.

[Quidway-hwping-administrator-icmp] test-enable
1.1.8 test-type
Syntax
test-type type
View
Parameter
type: Test type.
Description
Use the test-type command to configure the type of the test.

Currently the system only supports ICMP test.
Example
# Set the test type of the “administrator-icmp” test group to ICMP.

1-8
[Quidway-hwping-administrator-icmp] test-type icmp
1.1.9 timeout
Syntax
timeout time
undo timeout
View
Parameter
time: Timeout time. It ranges from 1 to 60 seconds and defaults to 3 seconds.
Description
Use the timeout command to configure a timeout time for a test.

Use the undo timeout command to restore the default.
Example
# Set the timeout time of the “administrator-icmp” test group to 10 seconds.

[Quidway-hwping-administrator-icmp] timeout 10
1-9
Command Manual - DNS
Table of Contents
Chapter 1 DNS Configuration Commands .................................................................................. 1-1

1.1 DNS Configuration Commands ......................................................................................... 1-1
1.1.1 display dns domain ................................................................................................. 1-1
1.1.2 display dns dynamic-host........................................................................................ 1-1
1.1.3 display dns server ................................................................................................... 1-2
1.1.4 display ip host.......................................................................................................... 1-3
1.1.5 dns domain.............................................................................................................. 1-4
1.1.6 dns resolve .............................................................................................................. 1-5
1.1.7 dns server................................................................................................................ 1-6
1.1.8 ip host...................................................................................................................... 1-6
1.1.9 nslookup type .......................................................................................................... 1-7
1.1.10 reset dns dynamic-host ......................................................................................... 1-8
i
Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 1 DNS Configuration Commands
Chapter 1 DNS Configuration Commands
1.1 DNS Configuration Commands

1.1.1 display dns domain
Syntax
display dns domain [ dynamic ]
View
Any view
Parameter
dynamic: Display the DNS suffixes dynamically configured by DHCP or other

protocols.
Description
Use the display dns domain command to display the DNS suffixes.
Related command: dns domain.
Example
# Display DNS suffixes

<Quidway> display dns domain
No Domain-name
0 aaa.com
Table 1-1 Description on the fields of the display dns domain command
Field Description
No —
Domain-name Domain name suffix
1.1.2 display dns dynamic-host
Syntax
display dns dynamic-host
1-1
View
Any view
Parameter
None
Description
Use the display dns dynamic-host command to display the dynamic domain name
resolution cache information.
The dynamic domain name resolution caches resent mappings between names and IP
addresses. For the same domain name query, the DNS Client would not send to the
DNS Server if it is stored in the cache.
Example
# Display the information in the dynamic domain name resolution cache.

<Quidway> display dns dynamic-host
No Domain-name IpAddress TTL Alias
0 www.baidu.com 202.108.249.134 63000
1 www.yahoo.akadns.net 66.94.230.39 24
2 www.hotmail.com 207.68.172.239 3585
3 www.eyou.com 61.136.62.70 3591
Table 1-2 Description on the field of the display dns dynamic-host command
Field Description
No —
Domain-name —
IP address for the corresponding domain

IpAddress
name
TTL Time for storing in the cache memory (s).

Alias Alias for the domain name, maximum 4
1.1.3 display dns server
Syntax
display dns server [ dynamic ]
View
Any view
1-2
Parameter
Dynamic: Display the DNS Server information configured by DHCP or other protocols
Description
Use the display dns server command to display the DNS Server information.
Related command: dns server.
Example
# Display the DNS Server information.

<Quidway> display dns server
Domain-server IpAddress
0 169.254.65.125
1 169.254.66.15
Table 1-3 Description on fields of the display dns server command
Field Description
Number of the DNS Server. Configured automatically
by the device, starts from 0.
Domain-server
Servers with IPv4 or IPv6 addresses are numbered
respectively.
IpAddress IPv4 address of the DNS Server
Ipv6Address IPv6 address of the DNS Server

Only available when the DNS Server is configured
Interface Name
with an IPv6 address.
1.1.4 display ip host
Syntax
display ip host
View
Any view
Parameter
None
Description
Use the display ip host command to display the host names and corresponding IP
addresses in the static domain name resolution resolving list.
1-3
Example
# Display the host names and corresponding IP addresses in the static domain name
resolution resolving list.
<Quidway> display ip host
Host Age Flags Address
My 0 static 1.1.1.1
Aa 0 static 2.2.2.4
Table 1-4 Description on fields of the display ip host command
Field Description
Host Host name
Time to live. 0 means the static list is never outdated.

Age You can only manually remove the mappings between
host names and IP addresses.
Mapping types between host names and IP addresses.
Flags
Static is the type for static domain name resolution
Address Host IP addresses
1.1.5 dns domain
Syntax
dns domain domain-name

undo dns domain [ domain-name ]
View
System view
Parameter
domain-name: DNS suffixes, comprises 1 to 60 characters, including letters, numbers,

hyphens (-), underscores (_), and dots (.).
Description
Use the dns domain command to configure the DNS suffixes.

Use the undo dns domain command to delete the DNS suffixes.
No DNS suffixes are configured by default.
You can configure maximum 10 DNS suffixes. You must input the suffix name to delete
it, otherwise, all the statically configured suffixes are deleted.
Related command: display dns domain.
1-4
Note:
The domain name resolution function supported by S3900 switches should be used
together with a domain name server. Different domain name server may have
differences in DNS implementation. For example, the S3900 supports a domain name
which includes “_”, while a Windows 2000 Server may not able to resolve the “_”.
Example
# Configure com as a DNS suffix.

[Quidway] dns domain com
1.1.6 dns resolve
Syntax
dns resolve
undo dns resolve
View
System view
Parameter
None
Description
Use the dns resolve command to enable dynamic domain name resolution.
Use the undo dns resolve command to disable dynamic domain name resolution.
Dynamic domain name resolution is disabled by default.
Example
# Enable dynamic domain name resolution.

[Quidway] dns resolve
1-5
1.1.7 dns server
Syntax
dns server ip-address

undo dns server [ ip-address ]
View
System view
Parameter
ip-address: IP address of the DNS Server.
Description
Use the dns server command to configure an IP address to the DNS Server.
Use the undo dns server to remove IP addresses.
No IP address is configured to the DNS Server by default.
You can configure maximum 6 DNS Servers.
Related command: display dns server.
Example
# Configure a DNS Server address to 172.16.1.1.

[Quidway] dns server 172.16.1.1
1.1.8 ip host
Syntax
ip host hostname ip-address

undo ip host hostname [ ip-address ]
View
System view
Parameter
Hostname: Host name, comprises 1 to 20 characters, including letters, numbers,

hyphens (-), or dots (.). The host name must include at least one letter.
ip-address: IP address of the specified host in dotted decimal notation.
1-6
Description
Use the ip host command to create a mapping between host name and IP address in
the static resolving list.
Use the undo ip host command to remove the mapping.
No mappings are created by default.
You can configure only one mapping between IP address to host name. For example, a
new mapping configured will overwrite the old one if there is any.
Related command: display ip host.
Example
# Configure IP address 10.110.0.1 to a host named aaa.

[Quidway] ip host aaa 10.110.0.1
1.1.9 nslookup type
Syntax
nslookup type { ptr ip-address | a domain-name }
View
Any view
Parameter
ptr ip-address: Resolves the corresponding DNS domain name for an IP address.
a domain-name: Resolves the corresponding IP address for a DNS domain name. The
domain name which is a string up to 30 characters supports automatic domain name
completing.
Description
Use the nslookup type command to display the results of DNS resolution. It can
resolve the corresponding IP address for a specified domain name or resolve the
corresponding domain name for a specified IP address.
Example
# Display the corresponding domain name for 192.168.3.2.

<Quidway> nslookup type ptr 192.168.3.2
Trying DNS server (10.72.66.36)
Name: www.huawei.com
Address: 192.168.3.2
1-7
# Display the corresponding IP address for www.huawei.com.

<Quidway> nslookup type a www.huawei.com
Trying DNS server (10.72.66.36)
Name: www.huawei.com
Address: 192.168.3.2
1.1.10 reset dns dynamic-host
Syntax
reset dns dynamic-host
View
User view
Parameter
None
Description
Use the reset dns dynamic-host command to clear the cache.

Related command: display dns dynamic-host.
Example
# Clear the cache.

<Quidway> reset dns dynamic-host
1-8
Command Manual - Command Index
Quidway S3900 Series Ethernet Switches-Release 1510 Appendix A Command Index
Appendix A Command Index
The command index includes all the commands in the VRP Command Manual, which are arranged
alphabetically.
ABCDEFGHIJKLMNOPQRSTUVWXYZ
A
abr-summary Routing Protocol 3-1
access-limit AAA&RADIUS&HWTA 1-1

CACS&EAD
accounting AAA&RADIUS&HWTA 1-3

CACS&EAD
accounting domain DHCP 4-1
accounting optional AAA&RADIUS&HWTA 1-4

CACS&EAD
accounting optional AAA&RADIUS&HWTA 1-27

CACS&EAD
accounting-on enable AAA&RADIUS&HWTA 1-28

CACS&EAD
acl Login 2-1
acl ACL 1-1
active region-configuration MSTP 1-1
add-member Cluster 1-15
address-check DHCP 2-1
administrator-address Cluster 1-16
am user-bind Port Security&Port 2-2

Binding
am user-bind interface Port Security&Port 2-1

Binding
apply cost Routing Protocol 4-1
apply poe-profile PoE&Poe Profile 2-1
apply qos-profile QoS&QoS Profile 2-1
apply qos-profile interface QoS&QoS Profile 2-2
apply tag Routing Protocol 4-2
area Routing Protocol 3-2
arp check enable ARP 1-1
A-1
arp static ARP 1-1
arp timer aging ARP 1-2
asbr-summary Routing Protocol 3-3
ascii FTP and TFTP 1-6
attribute AAA&RADIUS&HWTA 1-2

CACS&EAD
authentication AAA&RADIUS&HWTA 1-5

CACS&EAD
authentication-mode Login 1-1
authentication-mode Routing Protocol 3-4
authorization AAA&RADIUS&HWTA 1-6

CACS&EAD
auto-build Cluster 1-17
auto-execute command Login 1-2
B
backup current-configuration to File System 1-21
Management
bims-server DHCP 1-1
binary FTP and TFTP 1-7
boot attribute-switch File System 1-1

Management
boot boot-loader File System 1-2

Management
boot boot-loader System Maintenance 3-1

and Debugging
boot boot-loader backup-attribute File System 1-3

Management
boot bootrom System Maintenance 3-1

and Debugging
boot web-package File System 1-4

Management
bpdu-drop any MSTP 1-2
bpdu-tunnel VLAN VPN 2-1
bpdu-tunnel uplink VLAN VPN 2-2
broadcast-suppression Port Basic 1-1

Configuration
bsr-policy Multicast 6-1
build Cluster 1-18
bye SSH Terminal Service 1-30
bye FTP and TFTP 1-8
A-2
C
cache-sa-enable Multicast 7-1
c-bsr Multicast 6-2
cd SSH Terminal Service 1-31
cd File System 1-6

Management
cd FTP and TFTP 1-9
cdup SSH Terminal Service 1-31
cdup FTP and TFTP 1-9
change self-unit IRF Fabric 1-1
change unit-id IRF Fabric 1-1
check region-configuration MSTP 1-2
checkzero Routing Protocol 2-1
clock datetime System Maintenance 1-1

and Debugging
clock summer-time System Maintenance 1-1

and Debugging
clock timezone System Maintenance 1-2

and Debugging
close FTP and TFTP 1-10
cluster Cluster 1-20
cluster enable Cluster 1-21
cluster switch-to Cluster 1-22
cluster-mac Cluster 1-23
cluster-mac syn-interval Cluster 1-23
command-privilege level CLI 1-1
copy File System 1-7

Management
copy configuration Port Basic 1-2

Configuration
count HWPing 1-1
c-rp Multicast 6-3
crp-policy Multicast 6-4
cut connection AAA&RADIUS&HWTA 1-7

CACS&EAD
D
databits Login 1-3
A-3
data-flow-format AAA&RADIUS&HWTA 1-30

CACS&EAD
data-flow-format AAA&RADIUS&HWTA 1-61

CACS&EAD
debugging FTP and TFTP 1-11
debugging System Maintenance 1-10

and Debugging
debugging dhcp client Management VLAN 2-1
debugging dhcp irf xha Management VLAN 2-2
default cost Routing Protocol 2-2
default cost Routing Protocol 3-5
default interval Routing Protocol 3-5
default limit Routing Protocol 3-6
default tag Routing Protocol 3-7
default type Routing Protocol 3-8
default-cost Routing Protocol 3-8
default-route-advertise Routing Protocol 3-9
delete SSH Terminal Service 1-32
delete File System 1-8

Management
delete FTP and TFTP 1-12
delete static-routes all Routing Protocol 1-14
delete-member Cluster 1-24
description VLAN 1-1
description Management VLAN 1-1
description Port Basic 1-4

Configuration
description ACL 1-2
destination-ip HWPing 1-1
detect-group Auto Detect 1-1
detect-list Auto Detect 1-1
dhcp enable DHCP 1-2
dhcp relay information enable DHCP 2-2
dhcp relay information strategy DHCP 2-3
dhcp select global DHCP 1-3
dhcp select interface DHCP 1-4
dhcp server bims-server DHCP 1-6
dhcp server detect DHCP 1-7
A-4
dhcp server dns-list DHCP 1-7
dhcp server domain-name DHCP 1-9
dhcp server expired DHCP 1-10
dhcp server forbidden-ip DHCP 1-11
dhcp server ip-pool DHCP 1-12
dhcp server nbns-list DHCP 1-13
dhcp server netbios-type DHCP 1-14
dhcp server option DHCP 1-16
dhcp server ping DHCP 1-17
dhcp server relay information enable DHCP 1-18
dhcp server static-bind DHCP 1-18
dhcp server voice-config DHCP 1-20
dhcp server voice-config interface DHCP 1-21
dhcp-relay hand DHCP 2-2
dhcp-security static DHCP 2-4
dhcp-security tracker DHCP 2-5
dhcp-server DHCP 2-6
dhcp-server detect DHCP 2-7
dhcp-server ip DHCP 2-8
dhcp-snooping DHCP 3-1
dhcp-snooping trust DHCP 3-1
dir SSH Terminal Service 1-32
dir File System 1-9

Management
dir FTP and TFTP 1-13
disconnect FTP and TFTP 1-14
display acl ACL 1-3
display am user-bind Port Security&Port 2-3

Binding
display arp ARP 1-3
display arp | ARP 1-5
display arp count ARP 1-6
display arp timer aging ARP 1-6
display boot-loader File System 1-5

Management
display boot-loader System Maintenance 3-2

and Debugging
display bootp client Management VLAN 2-4
A-5
display brief interface Port Basic 1-5

Configuration
display channel Information Center 1-1
display clock System Maintenance 1-6

and Debugging
display cluster Cluster 1-25
display cluster candidates Cluster 1-26
display cluster members Cluster 1-28
display connection AAA&RADIUS&HWTA 1-8

CACS&EAD
display cpu System Maintenance 3-3

and Debugging
display current-configuration Configuration File 1-1

Management
display debugging System Maintenance 1-7

and Debugging
display debugging ospf Routing Protocol 3-11
display detect-group Auto Detect 1-2
display device System Maintenance 3-3

and Debugging
display dhcp client Management VLAN 2-2
display dhcp server conflict DHCP 1-23
display dhcp server expired DHCP 1-23
display dhcp server free-ip DHCP 1-25
display dhcp server ip-in-use DHCP 1-25
display dhcp server statistics DHCP 1-27
display dhcp server tree DHCP 1-28
display dhcp-security DHCP 2-8
display dhcp-server DHCP 2-9
display dhcp-server interface DHCP 2-11
display dhcp-snooping DHCP 3-2
display dhcp-snooping trust DHCP 3-3
display diagnostic-information System Maintenance 1-10

and Debugging
display dldp DLDP 1-1
display dns domain DNS 1-1
display dns dynamic-host DNS 1-1
display dns server DNS 1-2
display domain AAA&RADIUS&HWTA 1-10

CACS&EAD
A-6
display dot1x 802.1x 1-1
display fan System Maintenance 3-4

and Debugging
display fib IP Address and 2-1

Performance
Confiugration
display fib | IP Address and 2-4

Performance
Confiugration
display fib acl IP Address and 2-3

Performance
Confiugration
display fib ip-address IP Address and 2-2

Performance
Confiugration
display fib ip-prefix IP Address and 2-5

Performance
Confiugration
display fib statistics IP Address and 2-6

Performance
Confiugration
display ftm IRF Fabric 1-3
display ftp source-ip FTP and TFTP 1-15
display ftp-server FTP and TFTP 1-1
display ftp-server source-ip FTP and TFTP 1-2
display ftp-user FTP and TFTP 1-2
display garp statistics GVRP 1-1
display garp timer GVRP 1-2
display gvrp statistics GVRP 1-6
display gvrp status GVRP 1-7
display habp 802.1x 2-1
display habp table 802.1x 2-2
display habp traffic 802.1x 2-2
display history-command CLI 1-2
display hwping HWPing 1-2
display hwtacacs AAA&RADIUS&HWTA 1-62

CACS&EAD
display icmp statistics IP Address and 2-7

Performance
Confiugration
display igmp group Multicast 5-1
display igmp interface Multicast 5-2
display igmp-snooping configuration Multicast 1-1
A-7
display igmp-snooping group Multicast 1-2
display igmp-snooping statistics Multicast 1-3
display info-center Information Center 1-1
display interface Port Basic 1-6

Configuration
display interface Vlan-interface VLAN 1-1
display interface Vlan-interface Management VLAN 1-2
display ip host Management VLAN 1-3
display ip host DNS 1-3
display ip interface IP Address and 1-1

Performance
Confiugration
display ip interface Vlan-interface Management VLAN 1-3
display ip ip-prefix Routing Protocol 4-2
display ip routing-table Management VLAN 1-5
display ip routing-table Routing Protocol 1-1
display ip routing-table acl Management VLAN 1-6
display ip routing-table acl Routing Protocol 1-2
display ip routing-table ip-address Management VLAN 1-10
display ip routing-table ip-address Routing Protocol 1-5
display ip routing-table ip-address1 ip-address2 Management VLAN 1-12
display ip routing-table ip-address1 ip-address2 Routing Protocol 1-7
display ip routing-table ip-prefix Management VLAN 1-13
display ip routing-table ip-prefix Routing Protocol 1-8
display ip routing-table protocol Management VLAN 1-14
display ip routing-table protocol Routing Protocol 1-10
display ip routing-table radix Management VLAN 1-15
display ip routing-table radix Routing Protocol 1-11
display ip routing-table statistics Management VLAN 1-16
display ip routing-table statistics Routing Protocol 1-12
display ip routing-table verbose Management VLAN 1-17
display ip routing-table verbose Routing Protocol 1-13
display ip socket IP Address and 2-8

Performance
Confiugration
display ip statistics IP Address and 2-10

Performance
Confiugration
display irf-fabric IRF Fabric 1-4
A-8
display isolate port Port Isolation 1-1
display lacp system-id Link Aggregation 1-5
display link-aggregation interface Link Aggregation 1-1
display link-aggregation summary Link Aggregation 1-2
display link-aggregation verbose Link Aggregation 1-4
display local-server statistics AAA&RADIUS&HWTA 1-31

CACS&EAD
display local-user AAA&RADIUS&HWTA 1-12

CACS&EAD
display logbuffer Information Center 1-3
display logbuffer summary Information Center 1-5
display loopback-detection Port Basic 1-9

Configuration
display mac-address MAC Address Table 1-2
display mac-address aging-time MAC Address Table 1-1
display mac-address multicast static Multicast 3-2
display mac-address security Port Security&Port 1-1

Binding
display mac-authentication Centralized MAC 1-1

Address Authentication
display memory Routing Protocol 5-1
display memory System Maintenance 3-5

and Debugging
display memory limit Routing Protocol 5-2
display mirror Mirroring 1-10
display mirroring-group Mirroring 1-1
display msdp brief Multicast 7-1
display msdp peer-status Multicast 7-2
display msdp sa-cache Multicast 7-3
display msdp sa-count Multicast 7-5
display multicast forwarding-table Multicast 2-1
display multicast routing-table Multicast 2-2
display multicast-source-deny Multicast 2-4
display ndp Cluster 1-1
display ntdp Cluster 1-7
display ntdp device-list Cluster 1-8
display ntp-service sessions NTP 1-1
display ntp-service status NTP 1-2
A-9
display ntp-service trace NTP 1-4
display ospf abr-asbr Routing Protocol 3-11
display ospf asbr-summary Routing Protocol 3-12
display ospf brief Routing Protocol 3-13
display ospf cumulative Routing Protocol 3-15
display ospf error Routing Protocol 3-17
display ospf interface Routing Protocol 3-19
display ospf lsdb Routing Protocol 3-21
display ospf nexthop Routing Protocol 3-23
display ospf peer Routing Protocol 3-24
display ospf request-queue Routing Protocol 3-27
display ospf retrans-queue Routing Protocol 3-28
display ospf routing Routing Protocol 3-30
display ospf vlink Routing Protocol 3-31
display packet-filter ACL 1-4
display pim bsr-info Multicast 6-5
display pim interface Multicast 6-6
display pim neighbor Multicast 6-7
display pim routing-table Multicast 6-8
display pim rp-info Multicast 6-9
display poe interface PoE&Poe Profile 1-1
display poe interface power PoE&Poe Profile 1-4
display poe powersupply PoE&Poe Profile 1-5
display poe temperature-protection PoE&Poe Profile 1-6
display poe-profile PoE&Poe Profile 2-2
display port Port Basic 1-11

Configuration
display port-security Port Security&Port 1-1

Binding
display port vlan-vpn VLAN VPN 1-1
display power System Maintenance 3-6

and Debugging
display protocol priority QoS&QoS Profile 1-1
display protocol-vlan interface VLAN 1-10
display protocol-vlan vlan VLAN 1-11
display qos cos-local-precedence-map QoS&QoS Profile 1-1
display qos-interface all QoS&QoS Profile 1-2
A-10
display qos-interface line-rate QoS&QoS Profile 1-3
display qos-interface mirrored-to Mirroring 1-2
display qos-interface mirrored-to Mirroring 1-11
display qos-interface traffic-limit QoS&QoS Profile 1-4
display qos-interface traffic-priority QoS&QoS Profile 1-5
display qos-interface traffic-redirect QoS&QoS Profile 1-5
display qos-interface traffic-statistic QoS&QoS Profile 1-6
display qos-profile QoS&QoS Profile 2-2
display queue-scheduler QoS&QoS Profile 1-7
display radius scheme AAA&RADIUS&HWTA 1-32

CACS&EAD
display radius statistics AAA&RADIUS&HWTA 1-34

CACS&EAD
display resilient-arp ARP 2-1
display rip Routing Protocol 2-2
display rip interface Routing Protocol 2-3
display rip routing Routing Protocol 2-4
display rmon alarm SNMP&RMON 2-1
display rmon event SNMP&RMON 2-2
display rmon eventlog SNMP&RMON 2-3
display rmon history SNMP&RMON 2-4
display rmon history unit IRF Fabric 1-5
display rmon prialarm SNMP&RMON 2-5
display rmon statistics SNMP&RMON 2-7
display rmon statistics unit IRF Fabric 1-6
display route-policy Routing Protocol 4-3
display rsa local-key-pair public SSH Terminal Service 1-1
display rsa peer-public-key SSH Terminal Service 1-3
display saved-configuration Configuration File 1-7

Management
display schedule reboot System Maintenance 3-6

and Debugging
display sftp source-ip SSH Terminal Service 1-33
display snmp-agent SNMP&RMON 1-1
display snmp-agent community SNMP&RMON 1-1
display snmp-agent group SNMP&RMON 1-2
display snmp-agent mib-view SNMP&RMON 1-3
display snmp-agent statistics SNMP&RMON 1-5
A-11
display snmp-agent sys-info SNMP&RMON 1-6
display snmp-agent trap-list SNMP&RMON 1-6
display snmp-agent usm-user SNMP&RMON 1-7
display ssh server SSH Terminal Service 1-4
display ssh server-info SSH Terminal Service 1-20
display ssh user-information SSH Terminal Service 1-5
display ssh2 source-ip SSH Terminal Service 1-20
display ssh-server source-ip SSH Terminal Service 1-5
display startup Configuration File 1-10

Management
display stop-accounting-buffer AAA&RADIUS&HWTA 1-35

CACS&EAD
display stop-accounting-buffer AAA&RADIUS&HWTA 1-63

CACS&EAD
display stp MSTP 1-4
display stp region-configuration MSTP 1-5
display tcp statistics IP Address and 2-11

Performance
Confiugration
display tcp status IP Address and 2-14

Performance
Confiugration
display telnet source-ip Login 1-4
display telnet-server source-ip Login 1-4
display tftp source-ip FTP and TFTP 1-31
display this Configuration File 1-10

Management
display time-range ACL 1-4
display transceiver-information interface Port Basic 1-10

Configuration
display trapbuffer Information Center 1-5
display udp statistics IP Address and 2-15

Performance
Confiugration
display udp-helper server UDP Helper 1-1
display unit Port Basic 1-11

Configuration
display user-interface Login 1-5
display users Login 1-6
display users System Maintenance 1-8

and Debugging
A-12
display version System Maintenance 1-9

and Debugging
display vlan VLAN 1-3
display vlan Volice VLAN 1-3
display voice vlan error-info Volice VLAN 1-1
display voice vlan oui Volice VLAN 1-1
display voice vlan status Volice VLAN 1-2
display vrrp VRRP 1-1
display webcache Web Cache Redirection 1-1
dldp DLDP 1-2
dldp authentication-mode DLDP 1-3
dldp delaydown-timer DLDP 1-7
dldp interval DLDP 1-4
dldp reset DLDP 1-5
dldp unidirectional-shutdown DLDP 1-5
dldp work-mode DLDP 1-6
dns domain DNS 1-4
dns resolve DNS 1-5
dns server DNS 1-6
dns-list DHCP 1-31
domain AAA&RADIUS&HWTA 1-13

CACS&EAD
domain-name DHCP 1-32
dot1x 802.1x 1-5
dot1x authentication-method 802.1x 1-6
dot1x dhcp-launch 802.1x 1-7
dot1x guest-vlan 802.1x 1-8
dot1x max-user 802.1x 1-9
dot1x port-control 802.1x 1-10
dot1x port-method 802.1x 1-12
dot1x quiet-period 802.1x 1-13
dot1x retry 802.1x 1-14
dot1x retry-version-max 802.1x 1-14
dot1x supp-proxy-check 802.1x 1-15
dot1x timer 802.1x 1-17
dot1x version-check 802.1x 1-19
duplex Port Basic 1-13
A-13
Configuration
E
enable snmp trap updown SNMP&RMON 1-8
execute File System 1-11

Management
exit SSH Terminal Service 1-34
expired DHCP 1-32
F
fabric save-unit-id IRF Fabric 1-6
fabric-port enable IRF Fabric 1-8
file prompt File System 1-12

Management
filter-policy export Routing Protocol 2-5
filter-policy export Routing Protocol 3-32
filter-policy import Routing Protocol 2-6
filter-policy import Routing Protocol 3-33
fixdisk File System 1-13

Management
flow interval Port Basic 1-14

Configuration
flow-control Port Basic 1-14

Configuration
format File System 1-13

Management
free user-interface Login 1-8
free web-users Login 2-1
frequency HWPing 1-5
ftm fabric-vlan IRF Fabric 1-9
ftp File System 2-4

Management
ftp FTP and TFTP 1-15
ftp { cluster | remote-server } source-interface FTP and TFTP 1-16
ftp { cluster | remote-server } source-ip FTP and TFTP 1-17
ftp cluster Cluster 1-31
ftp disconnect FTP and TFTP 1-3
ftp server enable File System 2-1

Management
ftp server enable FTP and TFTP 1-4
A-14
ftp source-interface FTP and TFTP 1-17
ftp source-ip FTP and TFTP 1-18
ftp timeout FTP and TFTP 1-4
ftp-server Cluster 1-31
ftp-server source-interface FTP and TFTP 1-5
ftp-server source-ip FTP and TFTP 1-6
G
garp timer GVRP 1-2
garp timer leaveall GVRP 1-4
gateway-list DHCP 1-33
get SSH Terminal Service 1-34
get File System 2-5

Management
get FTP and TFTP 1-19
giant-frame statistics enable Port Basic 1-15

Configuration
gratuitous-arp-learning enable ARP 1-7
gvrp GVRP 1-7
gvrp registration GVRP 1-8
H
habp enable 802.1x 2-3
habp server vlan 802.1x 2-4
habp timer 802.1x 2-5
header Login 1-8
help SSH Terminal Service 1-35
history-command max-size Login 1-11
holdtime Cluster 1-32
host-route Routing Protocol 2-8
hwping HWPing 1-6
hwping-agent enable HWPing 1-7
hwtacacs nas-ip AAA&RADIUS&HWTA 1-64

CACS&EAD
hwtacacs scheme AAA&RADIUS&HWTA 1-65

CACS&EAD
I
A-15
idle-cut AAA&RADIUS&HWTA 1-14

CACS&EAD
idle-timeout Login 1-11
if-match acl Routing Protocol 4-4
if-match cost Routing Protocol 4-5
if-match interface Routing Protocol 4-6
if-match ip next-hop Routing Protocol 4-7
if-match tag Routing Protocol 4-8
igmp enable Multicast 5-3
igmp group-limit Multicast 5-4
igmp group-policy Multicast 5-5
igmp group-policy vlan Multicast 5-6
igmp host-join port Multicast 5-7
igmp host-join vlan Multicast 5-8
igmp lastmember-queryinterval Multicast 5-9
igmp max-response-time Multicast 5-10
igmp proxy Multicast 5-11
igmp robust-count Multicast 5-12
igmp timer other-querier-present Multicast 5-13
igmp timer query Multicast 5-14
igmp version Multicast 5-15
igmp-snooping Multicast 1-4
igmp-snooping fast-leave Multicast 1-4
igmp-snooping general-query source-ip Multicast 1-5
igmp-snooping group-limit Multicast 1-6
igmp-snooping group-policy Multicast 1-7
igmp-snooping host-aging-time Multicast 1-9
igmp-snooping max-response-time Multicast 1-10
igmp-snooping querier Multicast 1-10
igmp-snooping query-interval Multicast 1-11
igmp-snooping router-aging-time Multicast 1-12
import-route Routing Protocol 2-8
import-route Routing Protocol 3-34
import-source Multicast 7-6
info-center channel name Information Center 1-6
info-center console channel Information Center 1-7
A-16
info-center enable Information Center 1-8
info-center logbuffer Information Center 1-8
info-center loghost Information Center 1-9
info-center loghost source Information Center 1-10
info-center monitor channel Information Center 1-11
info-center snmp channel Information Center 1-12
info-center source Information Center 1-13
info-center switch-on Information Center 1-18
info-center synchronous Information Center 1-17
info-center timestamp Information Center 1-19
info-center timestamp loghost Information Center 1-20
info-center trapbuffer Information Center 1-21
instance MSTP 1-6
interface Port Basic 1-16

Configuration
interface Vlan-interface VLAN 1-5
interface Vlan-interface Management VLAN 1-19
ip address IP Address and 1-3

Performance
Confiugration
ip address Management VLAN 1-19
ip address bootp-alloc Management VLAN 2-5
ip address dhcp-alloc Management VLAN 2-4
ip forward-broadcast IP Address and 2-17

Performance
Confiugration
ip host Management VLAN 1-20
ip host DNS 1-6
ip http acl Login 2-2
ip http shutdown Login 1-12
ip ip-prefix Routing Protocol 4-8
ip route-static Management VLAN 1-21
ip route-static Auto Detect 2-1
ip route-static Routing Protocol 1-15
ip-pool Cluster 1-33
irf-fabric authentication-mode IRF Fabric 1-10
J
A-17
jumboframe enable Port Basic 1-17

Configuration
K
key AAA&RADIUS&HWTA 1-37
CACS&EAD
key AAA&RADIUS&HWTA 1-66

CACS&EAD
L
lacp enable Link Aggregation 1-6
lacp port-priority Link Aggregation 1-7
lacp system-priority Link Aggregation 1-7
language-mode System Maintenance 1-3

and Debugging
lcd FTP and TFTP 1-20
level AAA&RADIUS&HWTA 1-15

CACS&EAD
line-rate QoS&QoS Profile 1-7
link-aggregation group agg-id description Link Aggregation 1-8
link-aggregation group agg-id mode Link Aggregation 1-9
local-server AAA&RADIUS&HWTA 1-38

CACS&EAD
local-server nas-ip AAA&RADIUS&HWTA 1-38

CACS&EAD
local-user AAA&RADIUS&HWTA 1-16

CACS&EAD
local-user File System 2-1

Management
local-user password-display-mode AAA&RADIUS&HWTA 1-17

CACS&EAD
local-user password-display-mode File System 2-2

Management
lock Login 1-13
logging-host Cluster 1-34
log-peer-change Routing Protocol 3-35
loopback Port Basic 1-18

Configuration
loopback-detection control enable Port Basic 1-19

Configuration
loopback-detection enable Port Basic 1-20

Configuration
A-18
loopback-detection interval-time Port Basic 1-20

Configuration
loopback-detection per-vlan enable Port Basic 1-21

Configuration
ls SSH Terminal Service 1-35
ls FTP and TFTP 1-21
M
mac-address MAC Address Table 1-4
mac-address max-mac-count MAC Address Table 1-5
mac-address multicast interface Multicast 3-1
mac-address multicast vlan Multicast 3-2
mac-address security Port Security&Port 1-4

Binding
mac-address timer MAC Address Table 1-6
mac-authentication Centralized MAC 1-3

mac-authentication authmode usernameasmacaddress Centralized MAC 1-5

mac-authentication authmode usernamefixed Centralized MAC 1-6

mac-authentication authpassword Centralized MAC 1-7

mac-authentication authusername Centralized MAC 1-7

mac-authentication domain Centralized MAC 1-8

mac-authentication interface Centralized MAC 1-4

mac-authentication timer Centralized MAC 1-9

management-vlan Management VLAN 1-22
management-vlan Cluster 1-34
mdi Port Basic 1-22

Configuration
memory safety | limit Routing Protocol 5-5
memory auto-establish disable Routing Protocol 5-3
memory auto-establish enable Routing Protocol 5-4
messenger AAA&RADIUS&HWTA 1-18

CACS&EAD
mirrored-to Mirroring 1-3
mirrored-to Mirroring 1-12
A-19
mirroring-group Mirroring 1-4
mirroring-group mirroring-port Mirroring 1-5
mirroring-group monitor-port Mirroring 1-6
mirroring-group reflector-port Mirroring 1-7
mirroring-group remote-probe vlan Mirroring 1-7
mirroring-port Mirroring 1-8
mirroring-port Mirroring 1-13
mkdir SSH Terminal Service 1-36
mkdir File System 1-14

Management
mkdir FTP and TFTP 1-22
monitor-port Mirroring 1-9
monitor-port Mirroring 1-14
more File System 1-15

Management
move File System 1-15

Management
msdp Multicast 7-6
msdp-tracert Multicast 7-7
multicast route-limit Multicast 2-5
multicast routing-enable Multicast 2-5
multicast-source-deny Multicast 2-6
multicast-suppression Port Basic 1-23

Configuration
multi-path-number Routing Protocol 3-36
N
name VLAN 1-5
name AAA&RADIUS&HWTA 1-19

CACS&EAD
nas-ip AAA&RADIUS&HWTA 1-40

CACS&EAD
nas-ip AAA&RADIUS&HWTA 1-66

CACS&EAD
nbns-list DHCP 1-34
ndp enable Cluster 1-4
ndp timer aging Cluster 1-4
ndp timer hello Cluster 1-5
netbios-type DHCP 1-35
A-20
network Routing Protocol 2-9
network Routing Protocol 3-36
network DHCP 1-36
nm-interface Vlan-interface Cluster 1-35
nslookup type DNS 1-7
nssa Routing Protocol 3-37
ntdp enable Cluster 1-10
ntdp explore Cluster 1-11
ntdp hop Cluster 1-12
ntdp timer Cluster 1-12
ntdp timer hop-delay Cluster 1-13
ntdp timer port-delay Cluster 1-14
ntp-service access NTP 1-4
ntp-service authentication enable NTP 1-5
ntp-service authentication-keyid NTP 1-6
ntp-service broadcast-client NTP 1-7
ntp-service broadcast-server NTP 1-7
ntp-service in-interface disable NTP 1-8
ntp-service max-dynamic-sessions NTP 1-9
ntp-service multicast-client NTP 1-9
ntp-service multicast-server NTP 1-10
ntp-service reliable authentication-keyid NTP 1-11
ntp-service source-interface NTP 1-12
ntp-service unicast-peer NTP 1-13
ntp-service unicast-server NTP 1-14
O
open FTP and TFTP 1-23
option Auto Detect 1-4
option DHCP 1-37
originating-rp Multicast 7-9
ospf Routing Protocol 3-38
ospf authentication-mode Routing Protocol 3-39
ospf cost Routing Protocol 3-40
ospf dr-priority Routing Protocol 3-40
ospf mib-binding Routing Protocol 3-41
A-21
ospf mtu-enable Routing Protocol 3-42
ospf network-type Routing Protocol 3-43
ospf timer dead Routing Protocol 3-44
ospf timer hello Routing Protocol 3-45
ospf timer poll Routing Protocol 3-45
ospf timer retransmit Routing Protocol 3-46
ospf trans-delay Routing Protocol 3-47
P
packet-filter ACL 1-6
packet-filter QoS&QoS Profile 2-3
parity Login 1-14
passive FTP and TFTP 1-23
password AAA&RADIUS&HWTA 1-19

CACS&EAD
password File System 2-3

Management
peer Routing Protocol 2-10
peer Routing Protocol 3-48
peer connect-interface Multicast 7-14
peer description Multicast 7-10
peer mesh-group Multicast 7-11
peer minimum-ttl Multicast 7-11
peer request-sa-enable Multicast 7-12
peer sa-cache-maximum Multicast 7-13
peer sa-policy Multicast 7-14
peer sa-request-policy Multicast 7-15
peer-public-key end SSH Terminal Service 1-6
pim Multicast 6-10
pim bsr-boundary Multicast 6-11
pim dm Multicast 6-12
pim neighbor-limit Multicast 6-13
pim neighbor-policy Multicast 6-13
pim sm Multicast 6-14
pim timer hello Multicast 6-15
ping System Maintenance 2-1

and Debugging
A-22
poe enable PoE&Poe Profile 1-7
poe legacy enable PoE&Poe Profile 1-8
poe max-power PoE&Poe Profile 1-8
poe mode PoE&Poe Profile 1-9
poe power-management PoE&Poe Profile 1-10
poe priority PoE&Poe Profile 1-11
poe temperature-protection PoE&Poe Profile 1-12
poe update PoE&Poe Profile 1-12
poe-profile PoE&Poe Profile 2-3
port VLAN 1-9
port access vlan Port Basic 1-24

Configuration
Port Basic Configuration Commands Port Basic 1-1

Configuration
port hybrid protocol-vlan vlan VLAN 1-12
port hybrid pvid vlan Port Basic 1-25

Configuration
port hybrid vlan Port Basic 1-25

Configuration
port isolate Port Isolation 1-1
port link-aggregation group Link Aggregation 1-9
port link-type Port Basic 1-26

Configuration
port trunk permit vlan Port Basic 1-27

Configuration
port trunk pvid vlan Port Basic 1-28

Configuration
port-security authorization ignore Port Security&Port 1-8

Binding
port-security enable Port Security&Port 1-5

Binding
port-security intrusion-mode Port Security&Port 1-6

Binding
port-security max-mac-count Port Security&Port 1-9

Binding
port-security ntk-mode Port Security&Port 1-9

Binding
port-security oui Port Security&Port 1-11

Binding
port-security port-mode Port Security&Port 1-12

Binding
port-security timer disableport Port Security&Port 1-14
A-23
Binding
port-security trap Port Security&Port 1-15

Binding
preference Routing Protocol 2-11
preference Routing Protocol 3-48
primary accounting AAA&RADIUS&HWTA 1-41

CACS&EAD
primary accounting AAA&RADIUS&HWTA 1-67

CACS&EAD
primary authentication AAA&RADIUS&HWTA 1-42

CACS&EAD
primary authentication AAA&RADIUS&HWTA 1-68

CACS&EAD
primary authorization AAA&RADIUS&HWTA 1-69

CACS&EAD
priority QoS&QoS Profile 1-8
priority trust QoS&QoS Profile 1-9
protocol inbound Login 1-15
protocol inbound SSH Terminal Service 1-7
protocol-priority protocol-type QoS&QoS Profile 1-10
protocol-vlan VLAN 1-13
public-key-code begin SSH Terminal Service 1-8
public-key-code begin SSH Terminal Service 1-21
public-key-code end SSH Terminal Service 1-8
public-key-code end SSH Terminal Service 1-22
put SSH Terminal Service 1-36
put FTP and TFTP 1-24
pwd SSH Terminal Service 1-37
pwd File System 1-16

Management
pwd FTP and TFTP 1-25
Q
qos cos-local-precedence-map QoS&QoS Profile 1-12
qos-profile QoS&QoS Profile 2-4
qos-profile port-based QoS&QoS Profile 2-5
queue-scheduler QoS&QoS Profile 1-14
quit SSH Terminal Service 1-23
quit SSH Terminal Service 1-37
A-24
quit FTP and TFTP 1-26
quit System Maintenance 1-4

and Debugging
R
radius client AAA&RADIUS&HWTA 1-43
CACS&EAD
radius nas-ip AAA&RADIUS&HWTA 1-43

CACS&EAD
radius scheme AAA&RADIUS&HWTA 1-45

CACS&EAD
radius trap AAA&RADIUS&HWTA 1-46

CACS&EAD
radius-scheme AAA&RADIUS&HWTA 1-20

CACS&EAD
reboot System Maintenance 3-7

and Debugging
reboot member Cluster 1-36
region-name MSTP 1-8
register-policy Multicast 6-16
remotehelp FTP and TFTP 1-27
remote-probe vlan Mirroring 1-9
remove SSH Terminal Service 1-38
rename SSH Terminal Service 1-39
rename File System 1-16

Management
rename FTP and TFTP 1-28
reset Routing Protocol 2-12
reset arp ARP 1-8
reset counters interface Port Basic 1-29

Configuration
reset dhcp server conflict DHCP 1-38
reset dhcp server ip-in-use DHCP 1-38
reset dhcp server statistics DHCP 1-39
reset dhcp-server DHCP 2-12
reset dns dynamic-host DNS 1-8
reset dot1x statistics 802.1x 1-20
reset ftm statistics IRF Fabric 1-10
reset garp statistics GVRP 1-5
reset hwtacacs statistics AAA&RADIUS&HWTA 1-70
A-25
CACS&EAD
reset igmp group Multicast 5-16
reset igmp-snooping statistics Multicast 1-13
reset ip statistics IP Address and 2-17

Performance
Confiugration
reset lacp statistics Link Aggregation 1-10
reset logbuffer Information Center 1-22
reset mac-authentication Centralized MAC 1-9

reset msdp peer Multicast 7-16
reset msdp sa-cache Multicast 7-17
reset msdp statistics Multicast 7-17
reset multicast forwarding-table Multicast 2-7
reset multicast routing-table Multicast 2-8
reset ndp statistics Cluster 1-6
reset ospf Routing Protocol 3-49
reset pim neighbor Multicast 6-16
reset pim routing-table Multicast 6-17
reset radius statistics AAA&RADIUS&HWTA 1-47

CACS&EAD
reset recycle-bin File System 1-17

Management
reset saved-configuration Configuration File 1-11

Management
reset stop-accounting-buffer AAA&RADIUS&HWTA 1-47

CACS&EAD
reset stop-accounting-buffer AAA&RADIUS&HWTA 1-71

CACS&EAD
reset stp MSTP 1-8
reset tcp statistics IP Address and 2-18

Performance
Confiugration
reset traffic-statistic QoS&QoS Profile 1-16
reset trapbuffer Information Center 1-22
reset udp statistics IP Address and 2-18

Performance
Confiugration
reset udp-helper packet UDP Helper 1-1
reset vrrp statistics VRRP 1-3
resilient-arp enable ARP 2-1
A-26
resilient-arp interface vlan-interface ARP 2-2
restore startup-configuration from File System 1-22

Management
retry Auto Detect 1-5
retry AAA&RADIUS&HWTA 1-48

CACS&EAD
retry realtime-accounting AAA&RADIUS&HWTA 1-49

CACS&EAD
retry stop-accounting AAA&RADIUS&HWTA 1-50

CACS&EAD
retry stop-accounting AAA&RADIUS&HWTA 1-72

CACS&EAD
return System Maintenance 1-4

and Debugging
revision-level MSTP 1-9
rip Routing Protocol 2-12
rip authentication-mode Routing Protocol 2-13
rip input Routing Protocol 2-15
rip metricin Routing Protocol 2-15
rip metricout Routing Protocol 2-16
rip output Routing Protocol 2-17
rip split-horizon Routing Protocol 2-18
rip version Routing Protocol 2-19
rip work Routing Protocol 2-20
rmdir SSH Terminal Service 1-39
rmdir File System 1-18

Management
rmdir FTP and TFTP 1-29
rmon alarm SNMP&RMON 2-9
rmon event SNMP&RMON 2-11
rmon history SNMP&RMON 2-12
rmon prialarm SNMP&RMON 2-13
rmon statistics SNMP&RMON 2-15
route-policy Routing Protocol 4-10
router id Routing Protocol 3-50
rsa local-key-pair create SSH Terminal Service 1-9
rsa local-key-pair destroy SSH Terminal Service 1-11
rsa peer-public-key SSH Terminal Service 1-11
rsa peer-public-key SSH Terminal Service 1-23
A-27
rsa peer-public-key import sshkey SSH Terminal Service 1-12
rule (Advanced ACL) ACL 1-8
rule (Basic ACL) ACL 1-7
rule (Layer 2 ACL) ACL 1-14
rule (user-defined ACL) ACL 1-17
rule comment ACL 1-18
S
save Configuration File 1-13
Management
schedule reboot at System Maintenance 3-8

and Debugging
schedule reboot delay System Maintenance 3-9

and Debugging
schedule reboot regularity System Maintenance 3-10

and Debugging
scheme AAA&RADIUS&HWTA 1-21

CACS&EAD
screen-length Login 1-16
secondary accounting AAA&RADIUS&HWTA 1-51

CACS&EAD
secondary accounting AAA&RADIUS&HWTA 1-72

CACS&EAD
secondary authentication AAA&RADIUS&HWTA 1-52

CACS&EAD
secondary authentication AAA&RADIUS&HWTA 1-73

CACS&EAD
secondary authorization AAA&RADIUS&HWTA 1-74

CACS&EAD
security-policy-server AAA&RADIUS&HWTA 2-1

CACS&EAD
self-service-url AAA&RADIUS&HWTA 1-22

CACS&EAD
send Login 1-16
server-type AAA&RADIUS&HWTA 1-53

CACS&EAD
service-type Login 1-17
service-type AAA&RADIUS&HWTA 1-24

CACS&EAD
service-type multicast Multicast 1-13
set authentication password Login 1-19
set unit name IRF Fabric 1-11
A-28
sftp SSH Terminal Service 1-40
sftp server enable SSH Terminal Service 1-28
sftp source-interface SSH Terminal Service 1-41
sftp source-ip SSH Terminal Service 1-42
sftp timeout SSH Terminal Service 1-29
shell Login 1-20
shutdown VLAN 1-6
shutdown Management VLAN 1-23
shutdown Port Basic 1-30

Configuration
shutdown Multicast 7-18
silent-interface Routing Protocol 3-51
snmp-agent SNMP&RMON 1-9
snmp-agent community Login 2-3
snmp-agent community SNMP&RMON 1-10
snmp-agent group Login 2-3
snmp-agent group SNMP&RMON 1-11
snmp-agent local-engineid SNMP&RMON 1-12
snmp-agent log SNMP&RMON 1-13
snmp-agent mib-view SNMP&RMON 1-14
snmp-agent packet max-size SNMP&RMON 1-14
snmp-agent sys-info SNMP&RMON 1-15
snmp-agent target-host SNMP&RMON 1-16
snmp-agent trap enable SNMP&RMON 1-17
snmp-agent trap enable ospf Routing Protocol 3-52
snmp-agent trap life SNMP&RMON 1-19
snmp-agent trap queue-size SNMP&RMON 1-19
snmp-agent trap source SNMP&RMON 1-20
snmp-agent usm-user SNMP&RMON 1-21
snmp-host Cluster 1-37
source-policy Multicast 6-19
speed Login 1-20
speed Port Basic 1-30

Configuration
spf-schedule-interval Routing Protocol 3-53
spt-switch-threshold Multicast 6-18
ssh authentication-type default SSH Terminal Service 1-13
A-29
ssh client assign rsa-key SSH Terminal Service 1-24
ssh client first-time enable SSH Terminal Service 1-24
ssh server authentication-retries SSH Terminal Service 1-13
ssh server compatible-ssh1x enable SSH Terminal Service 1-14
ssh server rekey-interval SSH Terminal Service 1-15
ssh server timeout SSH Terminal Service 1-16
ssh user assign rsa-key SSH Terminal Service 1-17
ssh user authentication-type SSH Terminal Service 1-17
ssh user service-type SSH Terminal Service 1-29
ssh2 SSH Terminal Service 1-25
ssh2 source-interface SSH Terminal Service 1-27
ssh2 source-ip SSH Terminal Service 1-27
ssh-server source-interface SSH Terminal Service 1-19
ssh-server source-ip SSH Terminal Service 1-19
standby detect-group Auto Detect 2-2
startup bootrom-access enable File System 1-6

Management
startup saved-configuration Configuration File 1-15

Management
state AAA&RADIUS&HWTA 1-25

CACS&EAD
state AAA&RADIUS&HWTA 1-54

CACS&EAD
static-bind client-identifier DHCP 1-40
static-bind ip-address DHCP 1-40
static-bind mac-address DHCP 1-41
static-rp Multicast 6-20
static-rpf-peer Multicast 7-19
stop-accounting-buffer enable AAA&RADIUS&HWTA 1-55

CACS&EAD
stopbits Login 1-21
stp MSTP 1-10
stp bpdu-protection MSTP 1-11
stp bridge-diameter MSTP 1-12
stp compliance MSTP 1-13
stp config-digest-snooping MSTP 1-14
stp cost MSTP 1-15
stp edged-port MSTP 1-16
A-30
stp interface MSTP 1-17
stp interface config-digest-snooping MSTP 1-18
stp interface cost MSTP 1-20
stp interface edged-port MSTP 1-21
stp interface loop-protection MSTP 1-22
stp interface mcheck MSTP 1-23
stp interface no-agreement-check MSTP 1-24
stp interface point-to-point MSTP 1-25
stp interface port priority MSTP 1-27
stp interface root-protection MSTP 1-28
stp interface transmit-limit MSTP 1-29
stp loop-protection MSTP 1-30
stp max-hops MSTP 1-31
stp mcheck MSTP 1-32
stp mode MSTP 1-32
stp no-agreement-check MSTP 1-33
stp pathcost-standard MSTP 1-34
stp point-to-point MSTP 1-36
stp port priority MSTP 1-37
stp priority MSTP 1-38
stp region-configuration MSTP 1-39
stp root primary MSTP 1-40
stp root secondary MSTP 1-41
stp root-protection MSTP 1-42
stp tc-protection MSTP 1-43
stp timer forward-delay MSTP 1-44
stp timer hello MSTP 1-45
stp timer max-age MSTP 1-46
stp timer-factor MSTP 1-47
stp transmit-limit MSTP 1-48
stub Routing Protocol 3-54
summary Routing Protocol 2-20
super CLI 1-2
super password CLI 1-3
sysname Login 1-22
sysname IRF Fabric 1-12
A-31
sysname System Maintenance 1-5

and Debugging
system-view System Maintenance 1-6

and Debugging
T
tcp timer fin-timeout IP Address and 2-19
Performance
Confiugration
tcp timer syn-timeout IP Address and 2-19

Performance
Confiugration
tcp window IP Address and 2-20

Performance
Confiugration
telnet Login 1-23
telnet source-interface Login 1-25
telnet source-ip Login 1-25
telnet-server source-interface Login 1-23
telnet-server source-ip Login 1-24
terminal debugging Information Center 1-23
terminal debugging System Maintenance 1-12

and Debugging
terminal logging Information Center 1-23
terminal monitor Information Center 1-24
terminal trapping Information Center 1-24
test-enable HWPing 1-7
test-type HWPing 1-8
tftp FTP and TFTP 1-32
tftp cluster get Cluster 1-38
tftp cluster put Cluster 1-38
tftp get File System 2-5

Management
tftp get FTP and TFTP 1-32
tftp put FTP and TFTP 1-33
tftp source-interface FTP and TFTP 1-35
tftp source-ip FTP and TFTP 1-36
tftp tftp-server source-interface FTP and TFTP 1-34
tftp tftp-server source-ip FTP and TFTP 1-34
tftp-server Cluster 1-39
A-32
tftp-server acl FTP and TFTP 1-37
timeout HWPing 1-9
timer AAA&RADIUS&HWTA 1-56

CACS&EAD
timer Cluster 1-40
timer loop Auto Detect 1-5
timer quiet AAA&RADIUS&HWTA 1-57

CACS&EAD
timer quiet AAA&RADIUS&HWTA 1-75

CACS&EAD
timer realtime-accounting AAA&RADIUS&HWTA 1-58

CACS&EAD
timer realtime-accounting AAA&RADIUS&HWTA 1-76

CACS&EAD
timer response-timeout AAA&RADIUS&HWTA 1-59

CACS&EAD
timer response-timeout AAA&RADIUS&HWTA 1-77

CACS&EAD
timer retry Multicast 7-20
timer wait Auto Detect 1-6
time-range ACL 1-19
timers Routing Protocol 2-21
tracert System Maintenance 2-3

and Debugging
traffic-limit QoS&QoS Profile 1-17
traffic-limit QoS&QoS Profile 2-6
traffic-priority QoS&QoS Profile 1-18
traffic-priority QoS&QoS Profile 2-7
traffic-redirect QoS&QoS Profile 1-20
traffic-share-across-interface Routing Protocol 2-22
traffic-statistic QoS&QoS Profile 1-21
U
udp-helper enable UDP Helper 1-2
udp-helper port UDP Helper 1-2
udp-helper server UDP Helper 1-3
undelete File System 1-18

Management
unicast-suppression Port Basic 1-31

Configuration
A-33
unknown-multicast drop enable Multicast 4-1
update fabric File System 1-19

Management
update fabric System Maintenance 3-11

and Debugging
user FTP and TFTP 1-29
user privilege level Login 1-27
user-interface Login 1-26
user-name-format AAA&RADIUS&HWTA 1-60

CACS&EAD
user-name-format AAA&RADIUS&HWTA 1-78

CACS&EAD
V
verbose FTP and TFTP 1-30
virtual-cable-test Port Basic 1-32

Configuration
vlan VLAN 1-7
vlan to VLAN 1-8
vlan-assignment-mode AAA&RADIUS&HWTA 1-26

CACS&EAD
vlan-mapping modulo MSTP 1-49
vlan-vpn enable VLAN VPN 1-2
vlan-vpn inner-cos-trust VLAN VPN 1-3
vlan-vpn tpid VLAN VPN 1-3
vlan-vpn tunnel MSTP 2-1
vlink-peer Routing Protocol 3-54
voice vlan Volice VLAN 1-4
voice vlan aging Volice VLAN 1-5
voice vlan enable Volice VLAN 1-6
voice vlan mac-address Volice VLAN 1-7
voice vlan mode Volice VLAN 1-8
voice vlan security enable Volice VLAN 1-8
voice-config DHCP 1-42
vrrp authentication-mode VRRP 1-3
vrrp method VRRP 1-4
vrrp ping-enable VRRP 1-5
vrrp vlan-interface vrid track VRRP 1-6
A-34
vrrp vrid preempt-mode VRRP 1-7
vrrp vrid priority VRRP 1-8
vrrp vrid timer advertise VRRP 1-9
vrrp vrid track VRRP 1-10
vrrp vrid track detect-group Auto Detect 2-3
vrrp vrid track detect-group VRRP 1-11
vrrp vrid virtual-ip VRRP 1-12
W
webcache address Web Cache Redirection 1-2
webcache redirect-vlan Web Cache Redirection 1-3
wred QoS&QoS Profile 1-22
X
Y
Z
A-35

S3900 Command Manual PDF

Uploaded by

Copyright:

Available Formats

S3900 Command Manual PDF

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

S3900 Command Manual PDF

Uploaded by

Copyright:

Available Formats

HUAWEI

Quidway S3900 Series Ethernet Switches

Huawei Technologies Proprietary

Manual Version T2-081950-20060626C-1.00

Product Version Release 1510

Huawei Technologies Co., Ltd.

Address: Administration Building, Huawei Technologies Co., Ltd.,

Bantian, Longgang District, Shenzhen, P. R. China

Postal Code: 518129

Huawei Technologies Proprietary

All Rights Reserved

No part of this manual may be reproduced or transmitted in any form or by any

, HUAWEI, C&C08, EAST8000, HONET, , ViewPoint, INtess, ETS, DMC,

Huawei Technologies Proprietary

The product version that corresponds to the manual is VRP 3.10.

The related manuals are listed in the following table.

Quidway S3900 Series Ethernet Switches Command Manual consists of the

Huawei Technologies Proprietary

Huawei Technologies Proprietary

Huawei Technologies Proprietary

The manual is intended for the following readers:

The manual uses the following conventions:

Boldface Headings are in Boldface.

II. Command conventions

Boldface The keywords of a command line are in Boldface.

italic Command arguments are in italic.

Huawei Technologies Proprietary

III. GUI conventions

IV. Keyboard operation

Huawei Technologies Proprietary

Caution, Warning, Danger: Means reader be extremely careful during the

Note, Comment, Tip, Knowhow, Thought: Means a complementary

Huawei Technologies Proprietary

Chapter 1 CLI Configuration Commands.................................................................................... 1-1

Huawei Technologies Proprietary

Chapter 1 CLI Configuration Commands

1.1 CLI Configuration Commands

command-privilege level level view view command

level: Command Level. This argument ranges from 0 to 3.

# Specify the interface command in system view to be of level 0.

Huawei Technologies Proprietary

1.1.2 display history-command

# Display history commands.

Huawei Technologies Proprietary

# Switch to user level 3.

1.1.4 super password

super password [ level level ] { simple | cipher } password

Huawei Technologies Proprietary

Huawei Technologies Proprietary

Chapter 1 Login Commands ........................................................................................................ 1-1

Chapter 2 Commands for User Control....................................................................................... 2-1

Huawei Technologies Proprietary

2.1.4 snmp-agent community........................................................................................... 2-3

Huawei Technologies Proprietary

Chapter 1 Login Commands

1.1 Login Commands

authentication-mode { password | scheme [ command-authorization ] | none }

User interface view

password: Authenticates users using the local password.